diff options
author | Lennart Poettering <lennart@poettering.net> | 2016-01-19 21:48:01 +0100 |
---|---|---|
committer | Lennart Poettering <lennart@poettering.net> | 2016-01-19 21:56:54 +0100 |
commit | c69fa7e3c44240bedc0ee1bd89fecf954783ac85 (patch) | |
tree | 42c7490e0639a76a2a56227ea56a928c2a3bca58 /src/resolve/resolved-manager.c | |
parent | resolved: add SetLinkXYZ() method counterparts on the Link object (diff) | |
download | systemd-c69fa7e3c44240bedc0ee1bd89fecf954783ac85.tar.xz systemd-c69fa7e3c44240bedc0ee1bd89fecf954783ac85.zip |
resolved: rework DNSSECSupported property
Not only report whether the server actually supports DNSSEC, but also first check whether DNSSEC is actually enabled
for it in our local configuration.
Also, export a per-link DNSSECSupported property in addition to the existing manager-wide property.
Diffstat (limited to 'src/resolve/resolved-manager.c')
-rw-r--r-- | src/resolve/resolved-manager.c | 30 |
1 files changed, 30 insertions, 0 deletions
diff --git a/src/resolve/resolved-manager.c b/src/resolve/resolved-manager.c index b17a19d331..d6d75a3f78 100644 --- a/src/resolve/resolved-manager.c +++ b/src/resolve/resolved-manager.c @@ -1173,3 +1173,33 @@ int manager_compile_search_domains(Manager *m, OrderedSet **domains) { return 0; } + +DnssecMode manager_get_dnssec_mode(Manager *m) { + assert(m); + + if (m->dnssec_mode != _DNSSEC_MODE_INVALID) + return m->dnssec_mode; + + return DNSSEC_NO; +} + +bool manager_dnssec_supported(Manager *m) { + DnsServer *server; + Iterator i; + Link *l; + + assert(m); + + if (manager_get_dnssec_mode(m) == DNSSEC_NO) + return false; + + server = manager_get_dns_server(m); + if (server && !dns_server_dnssec_supported(server)) + return false; + + HASHMAP_FOREACH(l, m->links, i) + if (!link_dnssec_supported(l)) + return false; + + return true; +} |