]>
Commit | Line | Data |
---|---|---|
53e1b683 | 1 | /* SPDX-License-Identifier: LGPL-2.1+ */ |
af49ca27 LP |
2 | #pragma once |
3 | ||
4 | /*** | |
5 | This file is part of systemd. | |
6 | ||
7 | Copyright 2016 Lennart Poettering | |
af49ca27 LP |
8 | ***/ |
9 | ||
10 | #include "macro.h" | |
11 | ||
12 | typedef enum ResolveSupport ResolveSupport; | |
ad6c0475 | 13 | typedef enum DnssecMode DnssecMode; |
af49ca27 LP |
14 | |
15 | enum ResolveSupport { | |
16 | RESOLVE_SUPPORT_NO, | |
17 | RESOLVE_SUPPORT_YES, | |
18 | RESOLVE_SUPPORT_RESOLVE, | |
19 | _RESOLVE_SUPPORT_MAX, | |
20 | _RESOLVE_SUPPORT_INVALID = -1 | |
21 | }; | |
22 | ||
ad6c0475 LP |
23 | enum DnssecMode { |
24 | /* No DNSSEC validation is done */ | |
25 | DNSSEC_NO, | |
26 | ||
27 | /* Validate locally, if the server knows DO, but if not, | |
28 | * don't. Don't trust the AD bit. If the server doesn't do | |
29 | * DNSSEC properly, downgrade to non-DNSSEC operation. Of | |
30 | * course, we then are vulnerable to a downgrade attack, but | |
31 | * that's life and what is configured. */ | |
32 | DNSSEC_ALLOW_DOWNGRADE, | |
33 | ||
34 | /* Insist on DNSSEC server support, and rather fail than downgrading. */ | |
35 | DNSSEC_YES, | |
36 | ||
37 | _DNSSEC_MODE_MAX, | |
38 | _DNSSEC_MODE_INVALID = -1 | |
39 | }; | |
40 | ||
af49ca27 | 41 | int config_parse_resolve_support(const char *unit, const char *filename, unsigned line, const char *section, unsigned section_line, const char *lvalue, int ltype, const char *rvalue, void *data, void *userdata); |
ad6c0475 | 42 | int config_parse_dnssec_mode(const char *unit, const char *filename, unsigned line, const char *section, unsigned section_line, const char *lvalue, int ltype, const char *rvalue, void *data, void *userdata); |
af49ca27 LP |
43 | |
44 | const char* resolve_support_to_string(ResolveSupport p) _const_; | |
45 | ResolveSupport resolve_support_from_string(const char *s) _pure_; | |
ad6c0475 LP |
46 | |
47 | const char* dnssec_mode_to_string(DnssecMode p) _const_; | |
48 | DnssecMode dnssec_mode_from_string(const char *s) _pure_; |