pdns/secpoll-auth.cc

   1 #ifdef HAVE_CONFIG_H
   2 #include "config.h"
   3 #endif
   4 #include "secpoll-auth.hh"
   5
   6 #include "logger.hh"
   7 #include "arguments.hh"
   8 #include "version.hh"
   9 #include "dnsparser.hh"
  10 #include "misc.hh"
  11
  12 #include "sstuff.hh"
  13 #include "dnswriter.hh"
  14 #include "dns_random.hh"
  15 #include "namespaces.hh"
  16 #include "statbag.hh"
  17 #include "stubresolver.hh"
  18 #include "dnsrecords.hh"
  19 #include <stdint.h>
  20 #ifndef PACKAGEVERSION
  21 #define PACKAGEVERSION getPDNSVersion()
  22 #endif
  23
  24 string g_security_message;
  25
  26 extern StatBag S;
  27
  28 /** Do an actual secpoll for the current version
  29  * @param first bool that tells if this is the first secpoll run since startup
  30  */
  31 void doSecPoll(bool first)
  32 {
  33   if(::arg()["security-poll-suffix"].empty())
  34     return;
  35
  36   struct timeval now;
  37   gettimeofday(&now, 0);
  38
  39   string version = "auth-" + string(PACKAGEVERSION);
  40   string query = version.substr(0, 63) +".security-status."+::arg()["security-poll-suffix"];
  41
  42   if(*query.rbegin()!='.')
  43     query+='.';
  44
  45   boost::replace_all(query, "+", "_");
  46   boost::replace_all(query, "~", "_");
  47
  48   vector<DNSZoneRecord> ret;
  49
  50   int res=stubDoResolve(DNSName(query), QType::TXT, ret);
  51
  52   int security_status=0;
  53
  54   if(!res && !ret.empty()) {
  55     string content=getRR<TXTRecordContent>(ret.begin()->dr)->d_text;
  56
  57     pair<string, string> split = splitField(unquotify(content), ' ');
  58
  59     security_status = std::stoi(split.first);
  60     g_security_message = split.second;
  61
  62   }
  63   else {
  64     string pkgv(PACKAGEVERSION);
  65     if(pkgv.find("0.0.") != 0)
  66       g_log<<Logger::Warning<<"Could not retrieve security status update for '" + pkgv + "' on '"+query+"', RCODE = "<< RCode::to_s(res)<<endl;
  67     else
  68       g_log<<Logger::Warning<<"Not validating response for security status update, this is a non-release version."<<endl;
  69   }
  70
  71   if(security_status == 1 && first) {
  72     g_log<<Logger::Warning << "Polled security status of version "<<PACKAGEVERSION<<" at startup, no known issues reported: " <<g_security_message<<endl;
  73   }
  74   if(security_status == 2) {
  75     g_log<<Logger::Error<<"PowerDNS Security Update Recommended: "<<g_security_message<<endl;
  76   }
  77   else if(security_status == 3) {
  78     g_log<<Logger::Error<<"PowerDNS Security Update Mandatory: "<<g_security_message<<endl;
  79   }
  80
  81   S.set("security-status",security_status);
  82
  83 }