summaryrefslogtreecommitdiff
path: root/src/network/networkd-network.c
diff options
context:
space:
mode:
authorLennart Poettering <lennart@poettering.net>2016-01-06 18:36:32 +0100
committerLennart Poettering <lennart@poettering.net>2016-01-06 18:36:32 +0100
commit8a516214c4412e8a40544bd725a6d499a30cbbbf (patch)
treed8e7504d9da15641f03f7b4ca82dd3fc612544ed /src/network/networkd-network.c
parentbec690501ed544199e72a292fbd6d28bc1e1727e (diff)
resolved: introduce support for per-interface negative trust anchors
Diffstat (limited to 'src/network/networkd-network.c')
-rw-r--r--src/network/networkd-network.c55
1 files changed, 55 insertions, 0 deletions
diff --git a/src/network/networkd-network.c b/src/network/networkd-network.c
index c91531ca69..c11cb3dcb3 100644
--- a/src/network/networkd-network.c
+++ b/src/network/networkd-network.c
@@ -32,6 +32,7 @@
#include "networkd-network.h"
#include "networkd.h"
#include "parse-util.h"
+#include "set.h"
#include "stat-util.h"
#include "string-table.h"
#include "string-util.h"
@@ -277,6 +278,8 @@ void network_free(Network *network) {
free(network->dhcp_server_dns);
free(network->dhcp_server_ntp);
+ set_free_free(network->dnssec_negative_trust_anchors);
+
free(network);
}
@@ -910,3 +913,55 @@ int config_parse_dhcp_server_ntp(
n->dhcp_server_ntp = m;
}
}
+
+int config_parse_dnssec_negative_trust_anchors(
+ const char *unit,
+ const char *filename,
+ unsigned line,
+ const char *section,
+ unsigned section_line,
+ const char *lvalue,
+ int ltype,
+ const char *rvalue,
+ void *data,
+ void *userdata) {
+
+ const char *p = rvalue;
+ Network *n = data;
+ int r;
+
+ assert(filename);
+ assert(lvalue);
+ assert(rvalue);
+
+ if (isempty(rvalue)) {
+ n->dnssec_negative_trust_anchors = set_free_free(n->dnssec_negative_trust_anchors);
+ return 0;
+ }
+
+ for (;;) {
+ _cleanup_free_ char *w = NULL;
+
+ r = extract_first_word(&p, &w, NULL, 0);
+ if (r < 0) {
+ log_syntax(unit, LOG_ERR, filename, line, r, "Failed to extract negative trust anchor domain, ignoring: %s", rvalue);
+ break;
+ }
+ if (r == 0)
+ break;
+
+ r = dns_name_is_valid(w);
+ if (r <= 0) {
+ log_syntax(unit, LOG_ERR, filename, line, r, "%s is not a valid domain name, ignoring.", w);
+ continue;
+ }
+
+ r = set_put(n->dnssec_negative_trust_anchors, w);
+ if (r < 0)
+ return log_oom();
+ if (r > 0)
+ w = NULL;
+ }
+
+ return 0;
+}