Add License Compliance Workflow

.github/workflows/license-check.yml

@@ -0,0 +1,29 @@
+name: License Compliance Check
+# UNCOMMENT TO ENABLE THE WORKFLOW
+# on:
+#   push:
+#     branches:
+#     - "**"
+#     paths-ignore:
+#     - "k8s/**"
+#     - "**/*.md"
+jobs:
+  license-check:
+    runs-on: ubuntu-latest
+    steps:
+
+# SETUP DEVELOPMENT ENVIRONMENT FOR THE LANGUAGE OF THE REPOSITORY
+# this should be similar to the setup for tests
+
+###############################################################
+#    - name: Checkout and setup go for private repositories
+#      uses: whalebone/github-actions-go/checkout-setup@v1
+#      with:
+#        go-version-file: "go.mod"
+#        GH_USERNAME: ${{ secrets.GH_USERNAME }}
+#        GH_TOKEN: ${{ secrets.GH_TOKEN }}
+###############################################################
+    - name: Run License Compliance Check
+      uses: whalebone/license-compliance@v1
+      with:
+        licenses_group: 'cloud' # 'cloud' or 'onprem' at the moment

configure.ac

@@ -156,7 +156,7 @@ if test "$with_ldns_libraries" != "no"; then
     LDFLAGS="${LDFLAGS} -L${with_ldns_libraries}"
 fi
 
-LDFLAGS="${LDFLAGS} -lldns"
+LDFLAGS="${LDFLAGS} -lldns -lssl -lcrypto"
 
 # Check or ldns headers
 AC_CHECK_HEADER(ldns/ldns.h,,LIBLDNS_H="no")

src/dns.c

@@ -31,6 +31,9 @@
 #include "passivedns.h"
 #include "dns.h"
 
+#include <openssl/sha.h>
+#include <math.h>
+
 #ifdef HAVE_JSON
 #include <jansson.h>
 #endif /* HAVE_JSON */
@@ -42,6 +45,8 @@ extern globalconfig config;
 #define DBUCKET_SIZE  3967   /* Carol that is primes */
 
 pdns_record *dbucket[DBUCKET_SIZE];
+char hash_datestamp[200];
+char hash_datesha256[65];
 
 uint64_t hash(unsigned char *str)
 {
@@ -644,6 +649,44 @@ const char *u_ntop(const struct in6_addr ip_addr, int af, char *dest)
     return dest;
 }
 
+void sha256(char *string, char salt[65], char outputBuffer[65]) 
+{
+    unsigned char hash[SHA256_DIGEST_LENGTH];
+    SHA256_CTX sha256;
+    SHA256_Init(&sha256);
+    if (strlen(salt) > 0) 
+    {
+        SHA256_Update(&sha256, salt, strlen(salt));
+    }
+    SHA256_Update(&sha256, string, strlen(string));
+    SHA256_Final(hash, &sha256);
+    int i = 0;
+    for(i = 0; i < SHA256_DIGEST_LENGTH; i++)
+    {
+        sprintf(outputBuffer + (i * 2), "%02x", hash[i]);
+    }
+    outputBuffer[64] = 0;
+}
+
+void sha256_string(pdns_record *l, char *string, char outputBuffer[65])
+{
+    struct tm *tmpTime;
+    char timestr[200];
+    char timebuf[200];
+    tmpTime = localtime(&l->last_seen.tv_sec);
+    strftime(timestr, sizeof(timestr), "%Y-%U", tmpTime);
+    if (strcmp(timestr, hash_datestamp) != 0)
+    {
+        strcpy(hash_datestamp, timestr);
+        strftime(timebuf, sizeof(timestr), "%U %Y-%m-%d %H:%M:%S", tmpTime);
+        sprintf(timestr, "%s.%03d\n", timebuf, l->last_seen.tv_usec);
+        sha256(timestr, "", hash_datesha256);
+        //printf("** %s -- %s\n", timestr, hash_datesha256);
+    }
+
+    sha256(string, hash_datesha256, outputBuffer);
+}
+
 void print_passet(pdns_record *l, pdns_asset *p, ldns_rr *rr,
                   ldns_rdf *lname, uint16_t rcode)
 {
@@ -1067,7 +1110,10 @@ void print_passet(pdns_record *l, pdns_asset *p, ldns_rr *rr,
         if (config.fieldsf & FIELD_CLIENT) {
             if (offset != 0)
                 offset += snprintf(output+offset, sizeof(buffer) - offset, "%s", d);
-            offset += snprintf(output+offset, sizeof(buffer) - offset, "%s", ip_addr_c);
+
+            unsigned char shahash[65];
+            sha256_string(l, ip_addr_c, shahash);
+            offset += snprintf(output+offset, sizeof(buffer) - offset, "%s", shahash);
         }
 
         /* Print client hardware address  */