"Fossies" - the Fresh Open Source Software Archive

Member "pdns-auth-4.2.0/pdns/secpoll-recursor.cc" (27 Aug 2019, 2728 Bytes) of package /linux/misc/dns/pdns-auth-4.2.0.tar.gz:


As a special service "Fossies" has tried to format the requested source page into HTML format using (guessed) C and C++ source code syntax highlighting (style: standard) with prefixed line numbers and code folding option. Alternatively you can here view or download the uninterpreted source code file. For more information about "secpoll-recursor.cc" see the Fossies "Dox" file reference documentation and the latest Fossies "Diffs" side-by-side code changes report: 4.1.13_vs_4.2.0.

    1 #ifdef HAVE_CONFIG_H
    2 #include "config.h"
    3 #endif
    4 #include "secpoll-recursor.hh"
    5 #include "syncres.hh"
    6 #include "logger.hh"
    7 #include "arguments.hh"
    8 #include "version.hh"
    9 #include "validate-recursor.hh"
   10 
   11 #include <stdint.h>
   12 #ifndef PACKAGEVERSION 
   13 #define PACKAGEVERSION getPDNSVersion()
   14 #endif
   15 
   16 uint32_t g_security_status;
   17 string g_security_message;
   18 
   19 void doSecPoll(time_t* last_secpoll)
   20 {
   21   if(::arg()["security-poll-suffix"].empty())
   22     return;
   23 
   24   string pkgv(PACKAGEVERSION);
   25   struct timeval now;
   26   gettimeofday(&now, 0);
   27 
   28   /* update last_secpoll right now, even if it fails
   29      we don't want to retry right away and hammer the server */
   30   *last_secpoll=now.tv_sec;
   31 
   32   SyncRes sr(now);
   33   if (g_dnssecmode != DNSSECMode::Off) {
   34     sr.setDoDNSSEC(true);
   35     sr.setDNSSECValidationRequested(true);
   36   }
   37 
   38   vector<DNSRecord> ret;
   39   
   40   string version = "recursor-" +pkgv;
   41   string qstring(version.substr(0, 63)+ ".security-status."+::arg()["security-poll-suffix"]);
   42 
   43   if(*qstring.rbegin()!='.')
   44     qstring+='.';
   45 
   46   boost::replace_all(qstring, "+", "_");
   47   boost::replace_all(qstring, "~", "_");
   48 
   49   vState state = Indeterminate;
   50   DNSName query(qstring);
   51   int res=sr.beginResolve(query, QType(QType::TXT), 1, ret);
   52 
   53   if (g_dnssecmode != DNSSECMode::Off && res) {
   54     state = sr.getValidationState();
   55   }
   56 
   57   if(state == Bogus) {
   58     g_log<<Logger::Error<<"Could not retrieve security status update for '" +pkgv+ "' on '"<<query<<"', DNSSEC validation result was Bogus!"<<endl;
   59     if(g_security_status == 1) // If we were OK, go to unknown
   60       g_security_status = 0;
   61     return;
   62   }
   63 
   64   if(!res && !ret.empty()) {
   65     string content;
   66     for(const auto&r : ret) {
   67       if(r.d_type == QType::TXT)
   68         content = r.d_content->getZoneRepresentation();
   69     }
   70 
   71     if(!content.empty() && content[0]=='"' && content[content.size()-1]=='"') {
   72       content=content.substr(1, content.length()-2);
   73     }
   74 
   75     pair<string, string> split = splitField(content, ' ');
   76     
   77     g_security_status = std::stoi(split.first);
   78     g_security_message = split.second;
   79   }
   80   else {
   81     if(pkgv.find("0.0.") != 0)
   82       g_log<<Logger::Warning<<"Could not retrieve security status update for '" +pkgv+ "' on '"<<query<<"', RCODE = "<< RCode::to_s(res)<<endl;
   83     else
   84       g_log<<Logger::Warning<<"Ignoring response for security status update, this is a non-release version."<<endl;
   85 
   86     if(g_security_status == 1) // it was ok, now it is unknown
   87       g_security_status = 0;
   88   }
   89 
   90   if(g_security_status == 2) {
   91     g_log<<Logger::Error<<"PowerDNS Security Update Recommended: "<<g_security_message<<endl;
   92   }
   93   else if(g_security_status == 3) {
   94     g_log<<Logger::Error<<"PowerDNS Security Update Mandatory: "<<g_security_message<<endl;
   95   }
   96 }