[thirdparty/systemd.git] / src / shared / resolve-util.h

/*-*- Mode: C; c-basic-offset: 8; indent-tabs-mode: nil -*-*/

#pragma once

/***
  This file is part of systemd.

  Copyright 2016 Lennart Poettering

  systemd is free software; you can redistribute it and/or modify it
  under the terms of the GNU Lesser General Public License as published by
  the Free Software Foundation; either version 2.1 of the License, or
  (at your option) any later version.

  systemd is distributed in the hope that it will be useful, but
  WITHOUT ANY WARRANTY; without even the implied warranty of
  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
  Lesser General Public License for more details.

  You should have received a copy of the GNU Lesser General Public License
  along with systemd; If not, see <http://www.gnu.org/licenses/>.
***/

#include "macro.h"

typedef enum ResolveSupport ResolveSupport;
typedef enum DnssecMode DnssecMode;

enum ResolveSupport {
        RESOLVE_SUPPORT_NO,
        RESOLVE_SUPPORT_YES,
        RESOLVE_SUPPORT_RESOLVE,
        _RESOLVE_SUPPORT_MAX,
        _RESOLVE_SUPPORT_INVALID = -1
};

enum DnssecMode {
        /* No DNSSEC validation is done */
        DNSSEC_NO,

        /* Validate locally, if the server knows DO, but if not,
         * don't. Don't trust the AD bit. If the server doesn't do
         * DNSSEC properly, downgrade to non-DNSSEC operation. Of
         * course, we then are vulnerable to a downgrade attack, but
         * that's life and what is configured. */
        DNSSEC_ALLOW_DOWNGRADE,

        /* Insist on DNSSEC server support, and rather fail than downgrading. */
        DNSSEC_YES,

        _DNSSEC_MODE_MAX,
        _DNSSEC_MODE_INVALID = -1
};

int config_parse_resolve_support(const char *unit, const char *filename, unsigned line, const char *section, unsigned section_line, const char *lvalue, int ltype, const char *rvalue, void *data, void *userdata);
int config_parse_dnssec_mode(const char *unit, const char *filename, unsigned line, const char *section, unsigned section_line, const char *lvalue, int ltype, const char *rvalue, void *data, void *userdata);

const char* resolve_support_to_string(ResolveSupport p) _const_;
ResolveSupport resolve_support_from_string(const char *s) _pure_;

const char* dnssec_mode_to_string(DnssecMode p) _const_;
DnssecMode dnssec_mode_from_string(const char *s) _pure_;
Commit	Line	Data
af49ca27 LP	1	/-- Mode: C; c-basic-offset: 8; indent-tabs-mode: nil --/
	2
	3	#pragma once
	4
	5	/***
	6	This file is part of systemd.
	7
	8	Copyright 2016 Lennart Poettering
	9
	10	systemd is free software; you can redistribute it and/or modify it
	11	under the terms of the GNU Lesser General Public License as published by
	12	the Free Software Foundation; either version 2.1 of the License, or
	13	(at your option) any later version.
	14
	15	systemd is distributed in the hope that it will be useful, but
	16	WITHOUT ANY WARRANTY; without even the implied warranty of
	17	MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
	18	Lesser General Public License for more details.
	19
	20	You should have received a copy of the GNU Lesser General Public License
	21	along with systemd; If not, see <http://www.gnu.org/licenses/>.
	22	***/
	23
	24	#include "macro.h"
	25
	26	typedef enum ResolveSupport ResolveSupport;
ad6c0475	27	typedef enum DnssecMode DnssecMode;
af49ca27 LP	28
	29	enum ResolveSupport {
	30	RESOLVE_SUPPORT_NO,
	31	RESOLVE_SUPPORT_YES,
	32	RESOLVE_SUPPORT_RESOLVE,
	33	_RESOLVE_SUPPORT_MAX,
	34	_RESOLVE_SUPPORT_INVALID = -1
	35	};
	36
ad6c0475 LP	37	enum DnssecMode {
	38	/* No DNSSEC validation is done */
	39	DNSSEC_NO,
	40
	41	/* Validate locally, if the server knows DO, but if not,
	42	* don't. Don't trust the AD bit. If the server doesn't do
	43	* DNSSEC properly, downgrade to non-DNSSEC operation. Of
	44	* course, we then are vulnerable to a downgrade attack, but
	45	* that's life and what is configured. */
	46	DNSSEC_ALLOW_DOWNGRADE,
	47
	48	/* Insist on DNSSEC server support, and rather fail than downgrading. */
	49	DNSSEC_YES,
	50
	51	_DNSSEC_MODE_MAX,
	52	_DNSSEC_MODE_INVALID = -1
	53	};
	54
af49ca27	55	int config_parse_resolve_support(const char unit, const char filename, unsigned line, const char section, unsigned section_line, const char lvalue, int ltype, const char rvalue, void data, void *userdata);
ad6c0475	56	int config_parse_dnssec_mode(const char unit, const char filename, unsigned line, const char section, unsigned section_line, const char lvalue, int ltype, const char rvalue, void data, void *userdata);
af49ca27 LP	57
	58	const char* resolve_support_to_string(ResolveSupport p) _const_;
	59	ResolveSupport resolve_support_from_string(const char *s) _pure_;
ad6c0475 LP	60
	61	const char* dnssec_mode_to_string(DnssecMode p) _const_;
	62	DnssecMode dnssec_mode_from_string(const char *s) _pure_;