4 #include "secpoll-auth.hh"
7 #include "arguments.hh"
9 #include "dnsparser.hh"
13 #include "dnswriter.hh"
14 #include "dns_random.hh"
15 #include "namespaces.hh"
17 #include "stubresolver.hh"
19 #include "dnsrecords.hh"
21 #ifndef PACKAGEVERSION
22 #define PACKAGEVERSION getPDNSVersion()
25 string g_security_message
;
29 /** Do an actual secpoll for the current version
30 * @param first bool that tells if this is the first secpoll run since startup
32 void doSecPoll(bool first
)
34 if(::arg()["security-poll-suffix"].empty())
38 gettimeofday(&now
, 0);
39 string
pkgv(PACKAGEVERSION
);
41 string version
= "auth-" + pkgv
;
42 string query
= version
.substr(0, 63) +".security-status."+::arg()["security-poll-suffix"];
44 if(*query
.rbegin()!='.')
47 boost::replace_all(query
, "+", "_");
48 boost::replace_all(query
, "~", "_");
50 int security_status
= std::stoi(S
.getValueStr("security-status"));
52 vector
<DNSRecord
> ret
;
53 int res
= stubDoResolve(DNSName(query
), QType::TXT
, ret
);
55 if (res
== RCode::NXDomain
&& !isReleaseVersion(pkgv
)) {
56 g_log
<<Logger::Warning
<<"Not validating response for security status update, this is a non-release version"<<endl
;
60 string security_message
;
63 processSecPoll(res
, ret
, security_status
, security_message
);
64 } catch(const PDNSException
&pe
) {
65 S
.set("security-status", security_status
);
66 g_log
<<Logger::Warning
<<"Could not retrieve security status update for '" + pkgv
+ "' on '"+ query
+ "': "<<pe
.reason
<<endl
;
71 S
.set("security-status", security_status
);
72 g_security_message
= security_message
;
74 if(security_status
== 1 && first
) {
75 g_log
<<Logger::Warning
<< "Polled security status of version "<<PACKAGEVERSION
<<" at startup, no known issues reported: " <<g_security_message
<<endl
;
77 if(security_status
== 2) {
78 g_log
<<Logger::Error
<<"PowerDNS Security Update Recommended: "<<g_security_message
<<endl
;
80 if(security_status
== 3) {
81 g_log
<<Logger::Error
<<"PowerDNS Security Update Mandatory: "<<g_security_message
<<endl
;