resolve: add negative trust anchors to DNSConfiguration

This is one of several commits to expand the DNSConfiguration varlink
type to include the necessary information for resolvectl status output.

diff --git a/src/resolve/resolved-manager.c b/src/resolve/resolved-manager.c
index d88102ac83304d1a9946ca59e682726f3c935d90..f6147b595c80a371fda15f54971b338469e182f4 100644 (file)
--- a/src/resolve/resolved-manager.c
+++ b/src/resolve/resolved-manager.c
@@ -2048,6 +2048,7 @@ static int dns_configuration_json_append(
                 DnsServer *current_dns_server,
                 DnsServer *dns_servers,
                 DnsSearchDomain *search_domains,
+                Set *negative_trust_anchors,
                 sd_json_variant **configuration) {
 
         _cleanup_(sd_json_variant_unrefp) sd_json_variant *dns_servers_json = NULL,
@@ -2113,7 +2114,10 @@ static int dns_configuration_json_append(
                                                           default_route > 0),
                         JSON_BUILD_PAIR_VARIANT_NON_NULL("currentServer", current_dns_server_json),
                         JSON_BUILD_PAIR_VARIANT_NON_NULL("servers", dns_servers_json),
-                        JSON_BUILD_PAIR_VARIANT_NON_NULL("searchDomains", search_domains_json));
+                        JSON_BUILD_PAIR_VARIANT_NON_NULL("searchDomains", search_domains_json),
+                        SD_JSON_BUILD_PAIR_CONDITION(!set_isempty(negative_trust_anchors),
+                                                     "negativeTrustAnchors",
+                                                     JSON_BUILD_STRING_SET(negative_trust_anchors)));
 }
 
 static int global_dns_configuration_json_append(Manager *m, sd_json_variant **configuration) {
@@ -2128,6 +2132,7 @@ static int global_dns_configuration_json_append(Manager *m, sd_json_variant **co
                         manager_get_dns_server(m),
                         m->dns_servers,
                         m->search_domains,
+                        m->trust_anchor.negative_by_name,
                         configuration);
 }
 
@@ -2143,6 +2148,7 @@ static int link_dns_configuration_json_append(Link *l, sd_json_variant **configu
                         link_get_dns_server(l),
                         l->dns_servers,
                         l->search_domains,
+                        l->dnssec_negative_trust_anchors,
                         configuration);
 }
 
@@ -2158,6 +2164,7 @@ static int delegate_dns_configuration_json_append(DnsDelegate *d, sd_json_varian
                         dns_delegate_get_dns_server(d),
                         d->dns_servers,
                         d->search_domains,
+                        /* negative_trust_anchors = */ NULL,
                         configuration);
 }
 

diff --git a/src/shared/varlink-io.systemd.Resolve.Monitor.c b/src/shared/varlink-io.systemd.Resolve.Monitor.c
index d78ea7bb9725577c6c05feda8a9bd69e57e5639d..bbca42a9e758fe5617fa0fbf26ff09e6dbde160e 100644 (file)
--- a/src/shared/varlink-io.systemd.Resolve.Monitor.c
+++ b/src/shared/varlink-io.systemd.Resolve.Monitor.c
@@ -153,7 +153,9 @@ static SD_VARLINK_DEFINE_STRUCT_TYPE(
                 SD_VARLINK_FIELD_COMMENT("Array of configured DNS servers."),
                 SD_VARLINK_DEFINE_FIELD_BY_TYPE(servers, DNSServer, SD_VARLINK_ARRAY|SD_VARLINK_NULLABLE),
                 SD_VARLINK_FIELD_COMMENT("Array of configured search domains."),
-                SD_VARLINK_DEFINE_FIELD_BY_TYPE(searchDomains, SearchDomain, SD_VARLINK_ARRAY|SD_VARLINK_NULLABLE));
+                SD_VARLINK_DEFINE_FIELD_BY_TYPE(searchDomains, SearchDomain, SD_VARLINK_ARRAY|SD_VARLINK_NULLABLE),
+                SD_VARLINK_FIELD_COMMENT("Array of configured DNSSEC negative trust anchors."),
+                SD_VARLINK_DEFINE_FIELD(negativeTrustAnchors, SD_VARLINK_STRING, SD_VARLINK_ARRAY|SD_VARLINK_NULLABLE));
 
 static SD_VARLINK_DEFINE_METHOD_FULL(
                 SubscribeDNSConfiguration,