[thirdparty/systemd.git] / src / shared / resolve-util.h

/* SPDX-License-Identifier: LGPL-2.1+ */
#pragma once

/***
  This file is part of systemd.

  Copyright 2016 Lennart Poettering
***/

#include "macro.h"

typedef enum ResolveSupport ResolveSupport;
typedef enum DnssecMode DnssecMode;

enum ResolveSupport {
        RESOLVE_SUPPORT_NO,
        RESOLVE_SUPPORT_YES,
        RESOLVE_SUPPORT_RESOLVE,
        _RESOLVE_SUPPORT_MAX,
        _RESOLVE_SUPPORT_INVALID = -1
};

enum DnssecMode {
        /* No DNSSEC validation is done */
        DNSSEC_NO,

        /* Validate locally, if the server knows DO, but if not,
         * don't. Don't trust the AD bit. If the server doesn't do
         * DNSSEC properly, downgrade to non-DNSSEC operation. Of
         * course, we then are vulnerable to a downgrade attack, but
         * that's life and what is configured. */
        DNSSEC_ALLOW_DOWNGRADE,

        /* Insist on DNSSEC server support, and rather fail than downgrading. */
        DNSSEC_YES,

        _DNSSEC_MODE_MAX,
        _DNSSEC_MODE_INVALID = -1
};

int config_parse_resolve_support(const char *unit, const char *filename, unsigned line, const char *section, unsigned section_line, const char *lvalue, int ltype, const char *rvalue, void *data, void *userdata);
int config_parse_dnssec_mode(const char *unit, const char *filename, unsigned line, const char *section, unsigned section_line, const char *lvalue, int ltype, const char *rvalue, void *data, void *userdata);

const char* resolve_support_to_string(ResolveSupport p) _const_;
ResolveSupport resolve_support_from_string(const char *s) _pure_;

const char* dnssec_mode_to_string(DnssecMode p) _const_;
DnssecMode dnssec_mode_from_string(const char *s) _pure_;
Commit	Line	Data
53e1b683	1	/* SPDX-License-Identifier: LGPL-2.1+ */
af49ca27 LP	2	#pragma once
	3
	4	/***
	5	This file is part of systemd.
	6
	7	Copyright 2016 Lennart Poettering
af49ca27 LP	8	***/
	9
	10	#include "macro.h"
	11
	12	typedef enum ResolveSupport ResolveSupport;
ad6c0475	13	typedef enum DnssecMode DnssecMode;
af49ca27 LP	14
	15	enum ResolveSupport {
	16	RESOLVE_SUPPORT_NO,
	17	RESOLVE_SUPPORT_YES,
	18	RESOLVE_SUPPORT_RESOLVE,
	19	_RESOLVE_SUPPORT_MAX,
	20	_RESOLVE_SUPPORT_INVALID = -1
	21	};
	22
ad6c0475 LP	23	enum DnssecMode {
	24	/* No DNSSEC validation is done */
	25	DNSSEC_NO,
	26
	27	/* Validate locally, if the server knows DO, but if not,
	28	* don't. Don't trust the AD bit. If the server doesn't do
	29	* DNSSEC properly, downgrade to non-DNSSEC operation. Of
	30	* course, we then are vulnerable to a downgrade attack, but
	31	* that's life and what is configured. */
	32	DNSSEC_ALLOW_DOWNGRADE,
	33
	34	/* Insist on DNSSEC server support, and rather fail than downgrading. */
	35	DNSSEC_YES,
	36
	37	_DNSSEC_MODE_MAX,
	38	_DNSSEC_MODE_INVALID = -1
	39	};
	40
af49ca27	41	int config_parse_resolve_support(const char unit, const char filename, unsigned line, const char section, unsigned section_line, const char lvalue, int ltype, const char rvalue, void data, void *userdata);
ad6c0475	42	int config_parse_dnssec_mode(const char unit, const char filename, unsigned line, const char section, unsigned section_line, const char lvalue, int ltype, const char rvalue, void data, void *userdata);
af49ca27 LP	43
	44	const char* resolve_support_to_string(ResolveSupport p) _const_;
	45	ResolveSupport resolve_support_from_string(const char *s) _pure_;
ad6c0475 LP	46
	47	const char* dnssec_mode_to_string(DnssecMode p) _const_;
	48	DnssecMode dnssec_mode_from_string(const char *s) _pure_;