summaryrefslogtreecommitdiffstats
path: root/src/resolve/resolved-manager.c
diff options
context:
space:
mode:
authorLennart Poettering <lennart@poettering.net>2016-01-19 21:48:01 +0100
committerLennart Poettering <lennart@poettering.net>2016-01-19 21:56:54 +0100
commitc69fa7e3c44240bedc0ee1bd89fecf954783ac85 (patch)
tree42c7490e0639a76a2a56227ea56a928c2a3bca58 /src/resolve/resolved-manager.c
parentresolved: add SetLinkXYZ() method counterparts on the Link object (diff)
downloadsystemd-c69fa7e3c44240bedc0ee1bd89fecf954783ac85.tar.xz
systemd-c69fa7e3c44240bedc0ee1bd89fecf954783ac85.zip
resolved: rework DNSSECSupported property
Not only report whether the server actually supports DNSSEC, but also first check whether DNSSEC is actually enabled for it in our local configuration. Also, export a per-link DNSSECSupported property in addition to the existing manager-wide property.
Diffstat (limited to 'src/resolve/resolved-manager.c')
-rw-r--r--src/resolve/resolved-manager.c30
1 files changed, 30 insertions, 0 deletions
diff --git a/src/resolve/resolved-manager.c b/src/resolve/resolved-manager.c
index b17a19d331..d6d75a3f78 100644
--- a/src/resolve/resolved-manager.c
+++ b/src/resolve/resolved-manager.c
@@ -1173,3 +1173,33 @@ int manager_compile_search_domains(Manager *m, OrderedSet **domains) {
return 0;
}
+
+DnssecMode manager_get_dnssec_mode(Manager *m) {
+ assert(m);
+
+ if (m->dnssec_mode != _DNSSEC_MODE_INVALID)
+ return m->dnssec_mode;
+
+ return DNSSEC_NO;
+}
+
+bool manager_dnssec_supported(Manager *m) {
+ DnsServer *server;
+ Iterator i;
+ Link *l;
+
+ assert(m);
+
+ if (manager_get_dnssec_mode(m) == DNSSEC_NO)
+ return false;
+
+ server = manager_get_dns_server(m);
+ if (server && !dns_server_dnssec_supported(server))
+ return false;
+
+ HASHMAP_FOREACH(l, m->links, i)
+ if (!link_dnssec_supported(l))
+ return false;
+
+ return true;
+}