#include "namespaces.hh"
#include "statbag.hh"
#include "stubresolver.hh"
+#include "secpoll.hh"
#include "dnsrecords.hh"
#include <stdint.h>
#ifndef PACKAGEVERSION
struct timeval now;
gettimeofday(&now, 0);
+ string pkgv(PACKAGEVERSION);
- string version = "auth-" + string(PACKAGEVERSION);
+ string version = "auth-" + pkgv;
string query = version.substr(0, 63) +".security-status."+::arg()["security-poll-suffix"];
if(*query.rbegin()!='.')
boost::replace_all(query, "+", "_");
boost::replace_all(query, "~", "_");
- vector<DNSZoneRecord> ret;
+ int security_status = std::stoi(S.getValueStr("security-status"));
- int res=stubDoResolve(DNSName(query), QType::TXT, ret);
+ vector<DNSRecord> ret;
+ int res = stubDoResolve(DNSName(query), QType::TXT, ret);
- int security_status=0;
+ if (res == RCode::NXDomain && !isReleaseVersion(pkgv)) {
+ g_log<<Logger::Warning<<"Not validating response for security status update, this is a non-release version"<<endl;
+ return;
+ }
- if(!res && !ret.empty()) {
- string content=getRR<TXTRecordContent>(ret.begin()->dr)->d_text;
+ string security_message;
- pair<string, string> split = splitField(unquotify(content), ' ');
+ try {
+ processSecPoll(res, ret, security_status, security_message);
+ } catch(const PDNSException &pe) {
+ S.set("security-status", security_status);
+ g_log<<Logger::Warning<<"Could not retrieve security status update for '" + pkgv + "' on '"+ query + "': "<<pe.reason<<endl;
+ return;
+ }
- security_status = std::stoi(split.first);
- g_security_message = split.second;
- }
- else {
- string pkgv(PACKAGEVERSION);
- if(pkgv.find("0.0.") != 0)
- L<<Logger::Warning<<"Could not retrieve security status update for '" + pkgv + "' on '"+query+"', RCODE = "<< RCode::to_s(res)<<endl;
- else
- L<<Logger::Warning<<"Not validating response for security status update, this is a non-release version."<<endl;
- }
+ S.set("security-status", security_status);
+ g_security_message = security_message;
if(security_status == 1 && first) {
- L<<Logger::Warning << "Polled security status of version "<<PACKAGEVERSION<<" at startup, no known issues reported: " <<g_security_message<<endl;
+ g_log<<Logger::Warning << "Polled security status of version "<<PACKAGEVERSION<<" at startup, no known issues reported: " <<g_security_message<<endl;
}
if(security_status == 2) {
- L<<Logger::Error<<"PowerDNS Security Update Recommended: "<<g_security_message<<endl;
+ g_log<<Logger::Error<<"PowerDNS Security Update Recommended: "<<g_security_message<<endl;
}
- else if(security_status == 3) {
- L<<Logger::Error<<"PowerDNS Security Update Mandatory: "<<g_security_message<<endl;
+ if(security_status == 3) {
+ g_log<<Logger::Error<<"PowerDNS Security Update Mandatory: "<<g_security_message<<endl;
}
-
- S.set("security-status",security_status);
-
}