4 #include "secpoll-auth.hh"
7 #include "arguments.hh"
9 #include "dnsparser.hh"
13 #include "dnswriter.hh"
14 #include "dns_random.hh"
15 #include "namespaces.hh"
17 #include "stubresolver.hh"
18 #include "dnsrecords.hh"
20 #ifndef PACKAGEVERSION
21 #define PACKAGEVERSION getPDNSVersion()
24 string g_security_message
;
28 /** Do an actual secpoll for the current version
29 * @param first bool that tells if this is the first secpoll run since startup
31 void doSecPoll(bool first
)
33 if(::arg()["security-poll-suffix"].empty())
37 gettimeofday(&now
, 0);
39 string version
= "auth-" + string(PACKAGEVERSION
);
40 string query
= version
.substr(0, 63) +".security-status."+::arg()["security-poll-suffix"];
42 if(*query
.rbegin()!='.')
45 boost::replace_all(query
, "+", "_");
46 boost::replace_all(query
, "~", "_");
48 vector
<DNSZoneRecord
> ret
;
50 int res
=stubDoResolve(DNSName(query
), QType::TXT
, ret
);
52 int security_status
=0;
54 if(!res
&& !ret
.empty()) {
55 string content
=getRR
<TXTRecordContent
>(ret
.begin()->dr
)->d_text
;
57 pair
<string
, string
> split
= splitField(unquotify(content
), ' ');
59 security_status
= std::stoi(split
.first
);
60 g_security_message
= split
.second
;
64 string
pkgv(PACKAGEVERSION
);
65 if(pkgv
.find("0.0.") != 0)
66 g_log
<<Logger::Warning
<<"Could not retrieve security status update for '" + pkgv
+ "' on '"+query
+"', RCODE = "<< RCode::to_s(res
)<<endl
;
68 g_log
<<Logger::Warning
<<"Not validating response for security status update, this is a non-release version."<<endl
;
71 if(security_status
== 1 && first
) {
72 g_log
<<Logger::Warning
<< "Polled security status of version "<<PACKAGEVERSION
<<" at startup, no known issues reported: " <<g_security_message
<<endl
;
74 if(security_status
== 2) {
75 g_log
<<Logger::Error
<<"PowerDNS Security Update Recommended: "<<g_security_message
<<endl
;
77 else if(security_status
== 3) {
78 g_log
<<Logger::Error
<<"PowerDNS Security Update Mandatory: "<<g_security_message
<<endl
;
81 S
.set("security-status",security_status
);