diff options
author | Lennart Poettering <lennart@poettering.net> | 2016-01-06 18:36:32 +0100 |
---|---|---|
committer | Lennart Poettering <lennart@poettering.net> | 2016-01-06 18:36:32 +0100 |
commit | 8a516214c4412e8a40544bd725a6d499a30cbbbf (patch) | |
tree | d8e7504d9da15641f03f7b4ca82dd3fc612544ed /src/network/networkd-network.c | |
parent | bec690501ed544199e72a292fbd6d28bc1e1727e (diff) |
resolved: introduce support for per-interface negative trust anchors
Diffstat (limited to 'src/network/networkd-network.c')
-rw-r--r-- | src/network/networkd-network.c | 55 |
1 files changed, 55 insertions, 0 deletions
diff --git a/src/network/networkd-network.c b/src/network/networkd-network.c index c91531ca69..c11cb3dcb3 100644 --- a/src/network/networkd-network.c +++ b/src/network/networkd-network.c @@ -32,6 +32,7 @@ #include "networkd-network.h" #include "networkd.h" #include "parse-util.h" +#include "set.h" #include "stat-util.h" #include "string-table.h" #include "string-util.h" @@ -277,6 +278,8 @@ void network_free(Network *network) { free(network->dhcp_server_dns); free(network->dhcp_server_ntp); + set_free_free(network->dnssec_negative_trust_anchors); + free(network); } @@ -910,3 +913,55 @@ int config_parse_dhcp_server_ntp( n->dhcp_server_ntp = m; } } + +int config_parse_dnssec_negative_trust_anchors( + const char *unit, + const char *filename, + unsigned line, + const char *section, + unsigned section_line, + const char *lvalue, + int ltype, + const char *rvalue, + void *data, + void *userdata) { + + const char *p = rvalue; + Network *n = data; + int r; + + assert(filename); + assert(lvalue); + assert(rvalue); + + if (isempty(rvalue)) { + n->dnssec_negative_trust_anchors = set_free_free(n->dnssec_negative_trust_anchors); + return 0; + } + + for (;;) { + _cleanup_free_ char *w = NULL; + + r = extract_first_word(&p, &w, NULL, 0); + if (r < 0) { + log_syntax(unit, LOG_ERR, filename, line, r, "Failed to extract negative trust anchor domain, ignoring: %s", rvalue); + break; + } + if (r == 0) + break; + + r = dns_name_is_valid(w); + if (r <= 0) { + log_syntax(unit, LOG_ERR, filename, line, r, "%s is not a valid domain name, ignoring.", w); + continue; + } + + r = set_put(n->dnssec_negative_trust_anchors, w); + if (r < 0) + return log_oom(); + if (r > 0) + w = NULL; + } + + return 0; +} |