[thirdparty/systemd.git] / src / shared / resolve-util.h

#pragma once

/***
  This file is part of systemd.

  Copyright 2016 Lennart Poettering

  systemd is free software; you can redistribute it and/or modify it
  under the terms of the GNU Lesser General Public License as published by
  the Free Software Foundation; either version 2.1 of the License, or
  (at your option) any later version.

  systemd is distributed in the hope that it will be useful, but
  WITHOUT ANY WARRANTY; without even the implied warranty of
  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
  Lesser General Public License for more details.

  You should have received a copy of the GNU Lesser General Public License
  along with systemd; If not, see <http://www.gnu.org/licenses/>.
***/

#include "macro.h"

typedef enum ResolveSupport ResolveSupport;
typedef enum DnssecMode DnssecMode;

enum ResolveSupport {
        RESOLVE_SUPPORT_NO,
        RESOLVE_SUPPORT_YES,
        RESOLVE_SUPPORT_RESOLVE,
        _RESOLVE_SUPPORT_MAX,
        _RESOLVE_SUPPORT_INVALID = -1
};

enum DnssecMode {
        /* No DNSSEC validation is done */
        DNSSEC_NO,

        /* Validate locally, if the server knows DO, but if not,
         * don't. Don't trust the AD bit. If the server doesn't do
         * DNSSEC properly, downgrade to non-DNSSEC operation. Of
         * course, we then are vulnerable to a downgrade attack, but
         * that's life and what is configured. */
        DNSSEC_ALLOW_DOWNGRADE,

        /* Insist on DNSSEC server support, and rather fail than downgrading. */
        DNSSEC_YES,

        _DNSSEC_MODE_MAX,
        _DNSSEC_MODE_INVALID = -1
};

int config_parse_resolve_support(const char *unit, const char *filename, unsigned line, const char *section, unsigned section_line, const char *lvalue, int ltype, const char *rvalue, void *data, void *userdata);
int config_parse_dnssec_mode(const char *unit, const char *filename, unsigned line, const char *section, unsigned section_line, const char *lvalue, int ltype, const char *rvalue, void *data, void *userdata);

const char* resolve_support_to_string(ResolveSupport p) _const_;
ResolveSupport resolve_support_from_string(const char *s) _pure_;

const char* dnssec_mode_to_string(DnssecMode p) _const_;
DnssecMode dnssec_mode_from_string(const char *s) _pure_;
Commit	Line	Data
af49ca27 LP	1	#pragma once
	2
	3	/***
	4	This file is part of systemd.
	5
	6	Copyright 2016 Lennart Poettering
	7
	8	systemd is free software; you can redistribute it and/or modify it
	9	under the terms of the GNU Lesser General Public License as published by
	10	the Free Software Foundation; either version 2.1 of the License, or
	11	(at your option) any later version.
	12
	13	systemd is distributed in the hope that it will be useful, but
	14	WITHOUT ANY WARRANTY; without even the implied warranty of
	15	MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
	16	Lesser General Public License for more details.
	17
	18	You should have received a copy of the GNU Lesser General Public License
	19	along with systemd; If not, see <http://www.gnu.org/licenses/>.
	20	***/
	21
	22	#include "macro.h"
	23
	24	typedef enum ResolveSupport ResolveSupport;
ad6c0475	25	typedef enum DnssecMode DnssecMode;
af49ca27 LP	26
	27	enum ResolveSupport {
	28	RESOLVE_SUPPORT_NO,
	29	RESOLVE_SUPPORT_YES,
	30	RESOLVE_SUPPORT_RESOLVE,
	31	_RESOLVE_SUPPORT_MAX,
	32	_RESOLVE_SUPPORT_INVALID = -1
	33	};
	34
ad6c0475 LP	35	enum DnssecMode {
	36	/* No DNSSEC validation is done */
	37	DNSSEC_NO,
	38
	39	/* Validate locally, if the server knows DO, but if not,
	40	* don't. Don't trust the AD bit. If the server doesn't do
	41	* DNSSEC properly, downgrade to non-DNSSEC operation. Of
	42	* course, we then are vulnerable to a downgrade attack, but
	43	* that's life and what is configured. */
	44	DNSSEC_ALLOW_DOWNGRADE,
	45
	46	/* Insist on DNSSEC server support, and rather fail than downgrading. */
	47	DNSSEC_YES,
	48
	49	_DNSSEC_MODE_MAX,
	50	_DNSSEC_MODE_INVALID = -1
	51	};
	52
af49ca27	53	int config_parse_resolve_support(const char unit, const char filename, unsigned line, const char section, unsigned section_line, const char lvalue, int ltype, const char rvalue, void data, void *userdata);
ad6c0475	54	int config_parse_dnssec_mode(const char unit, const char filename, unsigned line, const char section, unsigned section_line, const char lvalue, int ltype, const char rvalue, void data, void *userdata);
af49ca27 LP	55
	56	const char* resolve_support_to_string(ResolveSupport p) _const_;
	57	ResolveSupport resolve_support_from_string(const char *s) _pure_;
ad6c0475 LP	58
	59	const char* dnssec_mode_to_string(DnssecMode p) _const_;
	60	DnssecMode dnssec_mode_from_string(const char *s) _pure_;