2N/A/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ 2N/A * COPYRIGHT (C) 2007 2N/A * THE REGENTS OF THE UNIVERSITY OF MICHIGAN 2N/A * ALL RIGHTS RESERVED 2N/A * Permission is granted to use, copy, create derivative works 2N/A * and redistribute this software and such derivative works 2N/A * for any purpose, so long as the name of The University of 2N/A * Michigan is not used in any advertising or publicity 2N/A * pertaining to the use of distribution of this software 2N/A * without specific, written prior authorization. If the 2N/A * above copyright notice or any other identification of the 2N/A * University of Michigan is included in any copy of any 2N/A * portion of this software, then the disclaimer below must 2N/A * THIS SOFTWARE IS PROVIDED AS IS, WITHOUT REPRESENTATION 2N/A * FROM THE UNIVERSITY OF MICHIGAN AS TO ITS FITNESS FOR ANY 2N/A * PURPOSE, AND WITHOUT WARRANTY BY THE UNIVERSITY OF 2N/A * MICHIGAN OF ANY KIND, EITHER EXPRESS OR IMPLIED, INCLUDING 2N/A * WITHOUT LIMITATION THE IMPLIED WARRANTIES OF 2N/A * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE 2N/A * REGENTS OF THE UNIVERSITY OF MICHIGAN SHALL NOT BE LIABLE 2N/A * FOR ANY DAMAGES, INCLUDING SPECIAL, INDIRECT, INCIDENTAL, OR 2N/A * CONSEQUENTIAL DAMAGES, WITH RESPECT TO ANY CLAIM ARISING 2N/A * OUT OF OR IN CONNECTION WITH THE USE OF THE SOFTWARE, EVEN 2N/A * IF IT HAS BEEN OR IS HEREAFTER ADVISED OF THE POSSIBILITY OF 2N/A default:
return "INVALID";
break;
2N/A default:
return "INVALID";
break;
2N/A default:
return "INVALID";
break;
2N/A char *
regsrc;
/* The regular expression source (for debugging) */ 2N/A/* Set rule components */ 2N/A pkiDebug(
"%s: Missing or empty value for list keyword type %d\n",
2N/A pkiDebug(
"%s: Found value '%s', bitfield is now 0x%x\n",
2N/A pkiDebug(
"%s: Missing or invalid keyword in rule '%s'\n",
2N/A * Before procesing the value for this keyword, 2N/A * (compiling the regular expression or processing the list) 2N/A * we need to find the end of it. That means parsing for the 2N/A * beginning of the next keyword (or the end of the rule). 2N/A /* Possibly another keyword, check it out */ 2N/A /* Found a keyword, nk points to the beginning */ 2N/A break;
/* Need to break out of the while! */ 2N/A pkiDebug(
"%s: Error %d, parsing list values for keyword %s\n",
2N/A pkiDebug(
"%s: Assuming AND relation for multiple components in rule '%s'\n",
2N/A pkiDebug(
"%s: After parse_rule_component, remaining %d, rule '%s'\n",
2N/A * Chain the new component on the end (order matters since 2N/A * we can short-circuit an OR or an AND relation if an 2N/A * earlier check passes 2N/A pkiDebug(
"%s: checking %s rule '%s' with value '%s'\n",
2N/A pkiDebug(
"%s: keyword %s, keyword value %s mismatch\n",
2N/A pkiDebug(
"%s: checking %s: rule 0x%08x, cert 0x%08x\n",
2N/A pkiDebug(
"%s: checking %s: rule 0x%08x, cert 0x%08x\n",
2N/A pkiDebug(
"%s: keyword %s, keyword value %s mismatch\n",
2N/A * Returns match_found == 1 only if exactly one certificate matches 2N/A pkiDebug(
"%s: matching rule relation is %s with %d components\n",
2N/A * Loop through all the certs available and count 2N/A * how many match the rule 2N/A pkiDebug(
"%s: cert does not match rule (AND relation)\n",
2N/A pkiDebug(
"%s: After checking %d certs, we found %d matches\n",
2N/A pkiDebug(
"%s: crypto_cert_free_matching_data error %d, %s\n",
2N/A pkiDebug(
"%s: crypto_cert_get_count says there are %d certs\n",
2N/A pkiDebug(
"%s: crypto_cert_iteration_begin returned %d, %s\n",
2N/A "crypto_cert_iteration_next stopped after %d?\n",
2N/A pkiDebug(
"%s: crypto_cert_iteration_next error %d, %s\n",
2N/A pkiDebug(
"%s: crypto_cert_get_matching_data error %d, %s\n",
2N/A /* If no matching rules, select the default cert and we're done */ 2N/A /* parse each rule line one at a time and check all the certs against it */ 2N/A /* Free rules from previous time through... */ 2N/A pkiDebug(
"%s: Ignoring invalid rule pkinit_cert_match = '%s'\n",
2N/A * Optimize so that we do not get cert info unless we have 2N/A * valid rules to check. Once obtained, keep it around 2N/A * until we are done. 2N/A pkiDebug(
"%s: Error %d obtaining certificate information\n",
2N/A pkiDebug(
"%s: Error %d, checking certs against rule '%s'\n",
2N/A pkiDebug(
"%s: We have an exact match with rule '%s'\n",