resolved: introduce support for per-interface negative trust anchors

author: Lennart Poettering <lennart@poettering.net> 2016-01-06 18:36:32 +0100
committer: Lennart Poettering <lennart@poettering.net> 2016-01-06 18:36:32 +0100
commit: 8a516214c4412e8a40544bd725a6d499a30cbbbf (patch)
tree: d8e7504d9da15641f03f7b4ca82dd3fc612544ed /src/network/networkd-network.c
parent: bec690501ed544199e72a292fbd6d28bc1e1727e (diff)
1 files changed, 55 insertions, 0 deletions
diff --git a/src/network/networkd-network.c b/src/network/networkd-network.c
index c91531ca69..c11cb3dcb3 100644
--- a/src/network/networkd-network.c
+++ b/src/network/networkd-network.c
@@ -32,6 +32,7 @@
 #include "networkd-network.h"
 #include "networkd.h"
 #include "parse-util.h"
+#include "set.h"
 #include "stat-util.h"
 #include "string-table.h"
 #include "string-util.h"
@@ -277,6 +278,8 @@ void network_free(Network *network) {
         free(network->dhcp_server_dns);
         free(network->dhcp_server_ntp);
 
+        set_free_free(network->dnssec_negative_trust_anchors);
+
         free(network);
 }
 
@@ -910,3 +913,55 @@ int config_parse_dhcp_server_ntp(
                 n->dhcp_server_ntp = m;
         }
 }
+
+int config_parse_dnssec_negative_trust_anchors(
+                const char *unit,
+                const char *filename,
+                unsigned line,
+                const char *section,
+                unsigned section_line,
+                const char *lvalue,
+                int ltype,
+                const char *rvalue,
+                void *data,
+                void *userdata) {
+
+        const char *p = rvalue;
+        Network *n = data;
+        int r;
+
+        assert(filename);
+        assert(lvalue);
+        assert(rvalue);
+
+        if (isempty(rvalue)) {
+                n->dnssec_negative_trust_anchors = set_free_free(n->dnssec_negative_trust_anchors);
+                return 0;
+        }
+
+        for (;;) {
+                _cleanup_free_ char *w = NULL;
+
+                r = extract_first_word(&p, &w, NULL, 0);
+                if (r < 0) {
+                        log_syntax(unit, LOG_ERR, filename, line, r, "Failed to extract negative trust anchor domain, ignoring: %s", rvalue);
+                        break;
+                }
+                if (r == 0)
+                        break;
+
+                r = dns_name_is_valid(w);
+                if (r <= 0) {
+                        log_syntax(unit, LOG_ERR, filename, line, r, "%s is not a valid domain name, ignoring.", w);
+                        continue;
+                }
+
+                r = set_put(n->dnssec_negative_trust_anchors, w);
+                if (r < 0)
+                        return log_oom();
+                if (r > 0)
+                        w = NULL;
+        }
+
+        return 0;
+}
author	Lennart Poettering <lennart@poettering.net>	2016-01-06 18:36:32 +0100
committer	Lennart Poettering <lennart@poettering.net>	2016-01-06 18:36:32 +0100
commit	8a516214c4412e8a40544bd725a6d499a30cbbbf (patch)
tree	d8e7504d9da15641f03f7b4ca82dd3fc612544ed /src/network/networkd-network.c
parent	bec690501ed544199e72a292fbd6d28bc1e1727e (diff)