policy.c revision 269e59f9a28bf47e0f463e64fc5af4a408b73b21
181e56d8b348d301d615ccf5465ae600fee2867berikabele * CDDL HEADER START
c8e71fab0ea4bc3f8cb07693d6917f6b4644fbdcerikabele * The contents of this file are subject to the terms of the
c8e71fab0ea4bc3f8cb07693d6917f6b4644fbdcerikabele * Common Development and Distribution License (the "License").
c8e71fab0ea4bc3f8cb07693d6917f6b4644fbdcerikabele * You may not use this file except in compliance with the License.
5a58787efeb02a1c3f06569d019ad81fd2efa06end * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
7add1372edb1ee95a2c4d1314df4c7567bda7c62jim * See the License for the specific language governing permissions
7add1372edb1ee95a2c4d1314df4c7567bda7c62jim * and limitations under the License.
5a58787efeb02a1c3f06569d019ad81fd2efa06end * When distributing Covered Code, include this CDDL HEADER in each
7add1372edb1ee95a2c4d1314df4c7567bda7c62jim * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
52fff662005b1866a3ff09bb6c902800c5cc6dedjerenkrantz * If applicable, add the following below this CDDL HEADER, with the
7add1372edb1ee95a2c4d1314df4c7567bda7c62jim * fields enclosed by brackets "[]" replaced with your own identifying
7add1372edb1ee95a2c4d1314df4c7567bda7c62jim * information: Portions Copyright [yyyy] [name of copyright owner]
7add1372edb1ee95a2c4d1314df4c7567bda7c62jim * CDDL HEADER END
7add1372edb1ee95a2c4d1314df4c7567bda7c62jim * Copyright (c) 2006, 2010, Oracle and/or its affiliates. All rights reserved.
c8e71fab0ea4bc3f8cb07693d6917f6b4644fbdcerikabeletypedef struct {
c8e71fab0ea4bc3f8cb07693d6917f6b4644fbdcerikabele {"serverAuth", (KMF_OID *)&KMFOID_PKIX_KP_ServerAuth},
c8e71fab0ea4bc3f8cb07693d6917f6b4644fbdcerikabele {"clientAuth", (KMF_OID *)&KMFOID_PKIX_KP_ClientAuth},
7add1372edb1ee95a2c4d1314df4c7567bda7c62jim {"codeSigning", (KMF_OID *)&KMFOID_PKIX_KP_CodeSigning},
c8e71fab0ea4bc3f8cb07693d6917f6b4644fbdcerikabele {"emailProtection", (KMF_OID *)&KMFOID_PKIX_KP_EmailProtection},
c8e71fab0ea4bc3f8cb07693d6917f6b4644fbdcerikabele {"ipsecEndSystem", (KMF_OID *)&KMFOID_PKIX_KP_IPSecEndSystem},
7add1372edb1ee95a2c4d1314df4c7567bda7c62jim {"ipsecTunnel", (KMF_OID *)&KMFOID_PKIX_KP_IPSecTunnel},
7add1372edb1ee95a2c4d1314df4c7567bda7c62jim {"timeStamping", (KMF_OID *)&KMFOID_PKIX_KP_TimeStamping},
c8e71fab0ea4bc3f8cb07693d6917f6b4644fbdcerikabele {"OCSPSigning", (KMF_OID *)&KMFOID_PKIX_KP_OCSPSigning},
c8e71fab0ea4bc3f8cb07693d6917f6b4644fbdcerikabele {"KPClientAuth", (KMF_OID *)&KMFOID_PKINIT_ClientAuth},
7add1372edb1ee95a2c4d1314df4c7567bda7c62jimstatic int num_ekus = sizeof (EKUList) / sizeof (EKUName2OID);
5a58787efeb02a1c3f06569d019ad81fd2efa06endstatic void
5a58787efeb02a1c3f06569d019ad81fd2efa06endstatic void
c8e71fab0ea4bc3f8cb07693d6917f6b4644fbdcerikabeleparseOCSPValidation(xmlNodePtr node, KMF_VALIDATION_POLICY *vinfo)
c8e71fab0ea4bc3f8cb07693d6917f6b4644fbdcerikabele while (n != NULL) {
c8e71fab0ea4bc3f8cb07693d6917f6b4644fbdcerikabele vinfo->ocsp_info.basic.proxy = (char *)xmlGetProp(n,
7add1372edb1ee95a2c4d1314df4c7567bda7c62jim c = (char *)xmlGetProp(n,
c = (char *)xmlGetProp(n,
xmlFree(c);
(char *)xmlGetProp(n,
(char *)xmlGetProp(n,
n = n->next;
xmlNodePtr n;
while (n != NULL) {
c = (char *)xmlGetProp(n,
xmlFree(c);
c = (char *)xmlGetProp(n,
xmlFree(c);
c = (char *)xmlGetProp(n,
xmlFree(c);
n = n->next;
return (NULL);
return (KMF_digitalSignature);
return (KMF_nonRepudiation);
return (KMF_keyEncipherment);
return (KMF_dataEncipherment);
return (KMF_keyAgreement);
return (KMF_keyCertSign);
return (KMF_cRLSign);
return (KMF_encipherOnly);
return (KMF_decipherOnly);
xmlNodePtr n;
while (n != NULL) {
c = (char *)xmlGetProp(n,
xmlFree(c);
n = n->next;
static KMF_OID *
return (NULL);
return (NULL);
return (oid);
KMF_OID *
return (NULL);
for (i = 0; i < num_ekus; i++) {
return (oid);
return (NULL);
for (i = 0; i < num_ekus; i++) {
return (NULL);
static KMF_RETURN
xmlNodePtr n;
c = (char *)xmlGetProp(n,
if (c != NULL) {
xmlFree(c);
c = (char *)xmlGetProp(n,
if (c != NULL) {
xmlFree(c);
n = n->next;
n = n->next;
return (ret);
static KMF_RETURN
xmlNodePtr n;
n = node;
return (KMF_OK);
int ret = 0;
xmlFree(c);
xmlFree(c);
while (n != NULL) {
policy);
return (ret);
return (ret);
n = n->next;
return (ret);
xmlNodePtr n;
if (n == NULL)
int ret = 0;
NULL);
return (ret);
int ret = 0;
goto end;
goto end;
end:
if (ret != 0) {
return (ret);
static KMF_RETURN
return (KMF_ERR_POLICY_ENGINE);
goto end;
goto end;
goto end;
end:
return (ret);
static KMF_RETURN
if (kubits == 0)
return (KMF_ERR_POLICY_ENGINE);
if (s != NULL) {
return (ret);
static KMF_RETURN
if (n == NULL)
return (KMF_ERR_POLICY_ENGINE);
if (s != NULL) {
NULL);
free(s);
xmlUnlinkNode(n);
xmlFreeNode(n);
return (ret);
int found = 0;
return (KMF_ERR_BAD_PARAMETER);
return (KMF_ERR_POLICY_DB_FORMAT);
goto out;
goto out;
if (c != NULL) {
xmlFree(c);
if (!found) {
goto out;
out:
return (ret);
return (ret);
return (KMF_ERR_MEMORY);
goto out;
goto out;
out:
return (ret);
static KMF_RETURN
int found = 0;
if (c != NULL) {
xmlFree(c);
if (!found)
return (ret);
static KMF_RETURN
return (KMF_ERR_POLICY_DB_FILE);
return (KMF_ERR_POLICY_DB_FILE);
if (p == NULL) {
return (KMF_ERR_INTERNAL);
sizeof (TMPFILE_TEMPLATE));
return (KMF_ERR_POLICY_DB_FILE);
return (KMF_ERR_POLICY_DB_FILE);
return (KMF_ERR_POLICY_ENGINE);
return (KMF_ERR_POLICY_DB_FILE);
return (KMF_ERR_POLICY_DB_FILE);
return (ret);
return (KMF_ERR_BAD_PARAMETER);
* default policy database (/etc/security/kmfpolicy.xml).
return (KMF_ERR_BAD_PARAMETER);
return (KMF_ERR_BAD_PARAMETER);
return (KMF_ERR_POLICY_DB_FORMAT);
goto end;
return (KMF_ERR_POLICY_DB_FORMAT);
end:
return (ret);
static KMF_RETURN
goto out;
goto out;
goto out;
goto out;
goto out;
goto out;
goto out;
goto out;
goto out;
goto out;
goto out;
out:
return (ret);
return (KMF_ERR_POLICY_NAME);
return (KMF_ERR_TA_POLICY);
return (KMF_ERR_TA_POLICY);
return (KMF_ERR_OCSP_POLICY);
return (KMF_ERR_OCSP_POLICY);
return (ret);
return (KMF_ERR_BAD_PARAMETER);
return (ret);
return (KMF_ERR_POLICY_DB_FORMAT);
goto out;
goto out;
return (KMF_ERR_POLICY_ENGINE);
out:
return (ret);