KHMEXP khm_int32 KHMAPI kcdb_credset_flush(khm_handle vcredset) { int i; kcdb_credset * cs; if(!kcdb_credset_is_credset(vcredset)) return KHM_ERROR_INVALID_PARAM; cs = (kcdb_credset *) vcredset; if (kcdb_credset_is_sealed(cs)) return KHM_ERROR_INVALID_OPERATION; EnterCriticalSection(&(cs->cs)); #ifdef DEBUG assert(!(cs->flags & KCDB_CREDSET_FLAG_ENUM)); #endif for(i=0;i<cs->nclist;i++) { if(cs->clist[i].cred) { kcdb_cred_release((khm_handle) cs->clist[i].cred); } } cs->nclist = 0; LeaveCriticalSection(&(cs->cs)); return KHM_ERROR_SUCCESS; }
KHMEXP khm_int32 KHMAPI kcdb_credset_del_cred_ref(khm_handle credset, khm_handle cred) { kcdb_credset * cs; khm_int32 code = KHM_ERROR_SUCCESS; int i; if(!kcdb_credset_is_credset(credset)) return KHM_ERROR_INVALID_PARAM; cs = (kcdb_credset *) credset; if (kcdb_credset_is_sealed(cs)) return KHM_ERROR_INVALID_OPERATION; EnterCriticalSection(&(cs->cs)); for(i=0; i<cs->nclist; i++) { if(cs->clist[i].cred == cred) break; } if(i<cs->nclist) { code = kcdb_credset_del_cred(credset, i); } else { code = KHM_ERROR_NOT_FOUND; } LeaveCriticalSection(&(cs->cs)); return code; }
KHMEXP khm_int32 KHMAPI kcdb_credset_sort(khm_handle credset, kcdb_cred_comp_func comp, void * rock) { khm_int32 code = KHM_ERROR_SUCCESS; kcdb_credset * cs; if(!kcdb_credset_is_credset(credset)) return KHM_ERROR_INVALID_PARAM; cs = (kcdb_credset *) credset; if (kcdb_credset_is_sealed(cs)) return KHM_ERROR_INVALID_OPERATION; EnterCriticalSection(&(cs->cs)); #ifdef DEBUG assert(!(cs->flags & KCDB_CREDSET_FLAG_ENUM)); #endif EnterCriticalSection(&cs_credset); kcdb_creds_comp_wrapper(rock, NULL); kcdb_creds_comp_wrapper(NULL, (void *) comp); qsort(cs->clist, cs->nclist, sizeof(kcdb_credset_credref), kcdb_creds_comp_wrapper); LeaveCriticalSection(&cs_credset); LeaveCriticalSection(&(cs->cs)); return code; }
KHMEXP khm_int32 KHMAPI kcdb_credset_del_cred(khm_handle vcredset, khm_int32 idx) { kcdb_credset * cs; khm_int32 code = KHM_ERROR_SUCCESS; if(!kcdb_credset_is_credset(vcredset)) return KHM_ERROR_INVALID_PARAM; cs = (kcdb_credset *) vcredset; if (kcdb_credset_is_sealed(cs)) return KHM_ERROR_INVALID_OPERATION; EnterCriticalSection(&(cs->cs)); if(idx < 0 || idx >= cs->nclist) { code = KHM_ERROR_INVALID_PARAM; goto _exit; } if(cs->clist[idx].cred) kcdb_cred_release((khm_handle) cs->clist[idx].cred); if (!(cs->flags & KCDB_CREDSET_FLAG_ENUM)) { if(idx + 1 < cs->nclist) memmove(&(cs->clist[idx]), &(cs->clist[idx+1]), sizeof(kcdb_credset_credref) * (cs->nclist - (idx + 1))); cs->nclist--; } else { cs->clist[idx].cred = NULL; } _exit: LeaveCriticalSection(&(cs->cs)); return code; }
KHMEXP khm_int32 KHMAPI kcdb_credset_add_cred(khm_handle credset, khm_handle cred, khm_int32 idx) { int new_idx; kcdb_credset * cs; khm_int32 code = KHM_ERROR_SUCCESS; if(!kcdb_credset_is_credset(credset)) return KHM_ERROR_INVALID_PARAM; cs = (kcdb_credset *) credset; if (kcdb_credset_is_sealed(cs)) return KHM_ERROR_INVALID_OPERATION; EnterCriticalSection(&(cs->cs)); kcdb_credset_buf_assert_size(cs, cs->nclist + 1); if(idx < 0 || idx > cs->nclist) new_idx = cs->nclist; else if(idx < cs->nclist){ #ifdef DEBUG assert(!(cs->flags & KCDB_CREDSET_FLAG_ENUM)); #endif memmove(&(cs->clist[idx+1]), &(cs->clist[idx]), (cs->nclist - idx)*sizeof(cs->clist[0])); new_idx = idx; } else new_idx = idx; kcdb_cred_hold(cred); cs->clist[new_idx].cred = (kcdb_cred *) cred; cs->clist[new_idx].version = cs->version; cs->nclist++; LeaveCriticalSection(&(cs->cs)); return code; }
KHMEXP khm_int32 KHMAPI kcdb_credset_purge(khm_handle credset) { khm_int32 code = KHM_ERROR_SUCCESS; kcdb_credset * cs; int i,j; if(!kcdb_credset_is_credset(credset)) return KHM_ERROR_INVALID_PARAM; cs = (kcdb_credset *) credset; if (kcdb_credset_is_sealed(cs)) return KHM_ERROR_INVALID_OPERATION; EnterCriticalSection(&(cs->cs)); /* we can't purge a credset while an enumeration operation is in progress. */ if (cs->flags & KCDB_CREDSET_FLAG_ENUM) { code = KHM_ERROR_INVALID_OPERATION; goto _exit; } for(i=0,j=0; i < cs->nclist; i++) { if(cs->clist[i].cred) { if(!kcdb_cred_is_active_cred((khm_handle) cs->clist[i].cred)) { kcdb_cred_release((khm_handle) cs->clist[i].cred); } else if(i != j) { cs->clist[j++] = cs->clist[i]; } else j++; } } cs->nclist = j; _exit: LeaveCriticalSection(&(cs->cs)); return code; }
KHMEXP khm_int32 KHMAPI kcdb_credset_extract_filtered(khm_handle destcredset, khm_handle sourcecredset, kcdb_cred_filter_func filter, void * rock) { khm_int32 code = KHM_ERROR_SUCCESS; kcdb_credset * dest; kcdb_credset * src; int isRoot = 0; khm_size srcSize = 0; int i; if(!kcdb_credset_is_credset(destcredset)) return KHM_ERROR_INVALID_PARAM; if(sourcecredset) { if(!kcdb_credset_is_credset(sourcecredset)) return KHM_ERROR_INVALID_PARAM; } else { sourcecredset = kcdb_root_credset; isRoot = 1; } src = (kcdb_credset *) sourcecredset; dest = (kcdb_credset *) destcredset; if (kcdb_credset_is_sealed(dest)) return KHM_ERROR_INVALID_OPERATION; EnterCriticalSection(&(src->cs)); EnterCriticalSection(&(dest->cs)); #ifdef DEBUG assert(!(dest->flags & KCDB_CREDSET_FLAG_ENUM)); #endif if(KHM_FAILED(kcdb_credset_get_size(sourcecredset, &srcSize))) { code = KHM_ERROR_UNKNOWN; goto _exit; } kcdb_cred_lock_read(); dest->flags |= KCDB_CREDSET_FLAG_ENUM; for(i=0; i < (int) srcSize; i++) { kcdb_cred * c; c = src->clist[i].cred; if(kcdb_cred_is_active_cred((khm_handle) c) && filter(c, 0, rock)) { if(isRoot) { khm_handle newcred; kcdb_cred_unlock_read(); kcdb_cred_dup((khm_handle) c, &newcred); kcdb_credset_add_cred(destcredset, newcred, -1); kcdb_cred_release(newcred); kcdb_cred_lock_read(); } else { kcdb_cred_unlock_read(); kcdb_credset_add_cred(destcredset, (khm_handle) c, -1); kcdb_cred_lock_read(); } } } dest->flags &= ~KCDB_CREDSET_FLAG_ENUM; kcdb_cred_unlock_read(); _exit: LeaveCriticalSection(&(dest->cs)); LeaveCriticalSection(&(src->cs)); return code; }
KHMEXP khm_int32 KHMAPI kcdb_credset_collect_filtered(khm_handle cs_dest, khm_handle cs_src, kcdb_cred_filter_func filter, void * rock, khm_int32 * delta) { kcdb_credset * cs; kcdb_credset * rcs; khm_int32 code = KHM_ERROR_SUCCESS; kcdb_cred ** r_sel = NULL; kcdb_cred ** c_sel = NULL; int nr_sel, nc_sel; int i; khm_int32 cs_f = 0; khm_int32 rcs_f = 0; if((cs_src && !kcdb_credset_is_credset(cs_src)) || (cs_dest && !kcdb_credset_is_credset(cs_dest)) || (cs_src == cs_dest)) /* works because credsets use shared handles */ return KHM_ERROR_INVALID_PARAM; if(cs_src) cs = (kcdb_credset *) cs_src; else { cs = kcdb_root_credset; cs_f = KCDB_CREDCOLL_FILTER_ROOT; } if(cs_dest) rcs = (kcdb_credset *) cs_dest; else { rcs = kcdb_root_credset; rcs_f = KCDB_CREDCOLL_FILTER_ROOT; } if (kcdb_credset_is_sealed(rcs)) return KHM_ERROR_INVALID_OPERATION; EnterCriticalSection(&(cs->cs)); EnterCriticalSection(&(rcs->cs)); #ifdef DEBUG assert(!(rcs->flags & KCDB_CREDSET_FLAG_ENUM)); assert(!(cs->flags & KCDB_CREDSET_FLAG_ENUM)); #endif if(rcs->nclist) r_sel = PMALLOC(sizeof(kcdb_cred *) * rcs->nclist); if(cs->nclist) c_sel = PMALLOC(sizeof(kcdb_cred *) * cs->nclist); nr_sel = 0; nc_sel = 0; rcs->flags |= KCDB_CREDSET_FLAG_ENUM; for(i=0; i<rcs->nclist; i++) { if(rcs->clist[i].cred && (*filter)((khm_handle)rcs->clist[i].cred, KCDB_CREDCOLL_FILTER_DEST | rcs_f, rock)) { r_sel[nr_sel++] = rcs->clist[i].cred; } } rcs->flags &= ~KCDB_CREDSET_FLAG_ENUM; cs->flags |= KCDB_CREDSET_FLAG_ENUM; for(i=0; i<cs->nclist; i++) { if(cs->clist[i].cred && filter((khm_handle)rcs->clist[i].cred, KCDB_CREDCOLL_FILTER_SRC | cs_f, rock)) { c_sel[nc_sel++] = cs->clist[i].cred; } } cs->flags &= ~KCDB_CREDSET_FLAG_ENUM; rcs->version++; code = kcdb_credset_collect_core( rcs, r_sel, nr_sel, cs, c_sel, nc_sel, delta); LeaveCriticalSection(&(rcs->cs)); LeaveCriticalSection(&(cs->cs)); if(r_sel) PFREE(r_sel); if(c_sel) PFREE(c_sel); if (cs_dest == NULL) { kcdb_identity_refresh_all(); } return code; }
KHMEXP khm_int32 KHMAPI kcdb_credset_collect(khm_handle cs_dest, khm_handle cs_src, khm_handle identity, khm_int32 type, khm_int32 * delta) { kcdb_credset * cs; kcdb_credset * rcs; khm_int32 code = KHM_ERROR_SUCCESS; kcdb_cred ** r_sel = NULL; kcdb_cred ** c_sel = NULL; int nr_sel, nc_sel; int i; if((cs_src && !kcdb_credset_is_credset(cs_src)) || (cs_dest && !kcdb_credset_is_credset(cs_dest)) || (cs_src == cs_dest)) /* works because credsets use shared handles */ return KHM_ERROR_INVALID_PARAM; if(identity && !kcdb_is_active_identity(identity)) return KHM_ERROR_INVALID_PARAM; if(cs_src) cs = (kcdb_credset *) cs_src; else cs = kcdb_root_credset; if(cs_dest) rcs = (kcdb_credset *) cs_dest; else rcs = kcdb_root_credset; if (kcdb_credset_is_sealed(rcs)) return KHM_ERROR_INVALID_OPERATION; EnterCriticalSection(&(cs->cs)); EnterCriticalSection(&(rcs->cs)); /* enumerate through the root and given credential sets and select the ones we want */ if(rcs->nclist > 0) r_sel = PMALLOC(sizeof(kcdb_cred *) * rcs->nclist); if(cs->nclist > 0) c_sel = PMALLOC(sizeof(kcdb_cred *) * cs->nclist); nr_sel = 0; nc_sel = 0; for(i=0; i<rcs->nclist; i++) { if(rcs->clist[i].cred && (!identity || rcs->clist[i].cred->identity == identity) && (type==KCDB_CREDTYPE_ALL || rcs->clist[i].cred->type == type)) { r_sel[nr_sel++] = rcs->clist[i].cred; } } for(i=0; i<cs->nclist; i++) { if(cs->clist[i].cred && (!identity || cs->clist[i].cred->identity == identity) && (type==KCDB_CREDTYPE_ALL || cs->clist[i].cred->type == type)) { c_sel[nc_sel++] = cs->clist[i].cred; } } rcs->version++; code = kcdb_credset_collect_core( rcs, r_sel, nr_sel, cs, c_sel, nc_sel, delta); LeaveCriticalSection(&(rcs->cs)); LeaveCriticalSection(&(cs->cs)); if(r_sel) PFREE(r_sel); if(c_sel) PFREE(c_sel); if (cs_dest == NULL) { kcdb_identity_refresh_all(); } return code; }
KHMEXP khm_int32 KHMAPI kcdb_credset_collect_filtered(khm_handle h_cs_dest, khm_handle h_cs_src, kcdb_cred_filter_func filter, void * rock, khm_int32 * delta) { kcdb_credset * cs_src; kcdb_credset * cs_dest; khm_int32 code = KHM_ERROR_SUCCESS; kcdb_cred ** clist_dest = NULL; kcdb_cred ** clist_src = NULL; int nclist_dest, nclist_src; int i; khm_int32 cs_src_f = 0; khm_int32 cs_dest_f = 0; if((h_cs_src && !kcdb_credset_is_credset(h_cs_src)) || (h_cs_dest && !kcdb_credset_is_credset(h_cs_dest)) || (h_cs_src == h_cs_dest)) /* works because credsets use shared handles */ return KHM_ERROR_INVALID_PARAM; if(h_cs_src) cs_src = (kcdb_credset *) h_cs_src; else { cs_src = kcdb_root_credset; cs_src_f = KCDB_CREDCOLL_FILTER_ROOT; } if(h_cs_dest) cs_dest = (kcdb_credset *) h_cs_dest; else { cs_dest = kcdb_root_credset; cs_dest_f = KCDB_CREDCOLL_FILTER_ROOT; } if (kcdb_credset_is_sealed(cs_dest)) return KHM_ERROR_INVALID_OPERATION; if (cs_src < cs_dest) { EnterCriticalSection(&(cs_src->cs)); EnterCriticalSection(&(cs_dest->cs)); } else { EnterCriticalSection(&(cs_dest->cs)); EnterCriticalSection(&(cs_src->cs)); } #ifdef DEBUG assert(!(cs_dest->flags & KCDB_CREDSET_FLAG_ENUM)); assert(!(cs_src->flags & KCDB_CREDSET_FLAG_ENUM)); #endif if (cs_dest->nclist) clist_dest = PMALLOC(sizeof(kcdb_cred *) * cs_dest->nclist); if (cs_src->nclist) clist_src = PMALLOC(sizeof(kcdb_cred *) * cs_src->nclist); nclist_dest = 0; nclist_src = 0; cs_dest->flags |= KCDB_CREDSET_FLAG_ENUM; for (i=0; i < cs_dest->nclist; i++) { if (cs_dest->clist[i].cred && (*filter)((khm_handle)cs_dest->clist[i].cred, KCDB_CREDCOLL_FILTER_DEST | cs_dest_f, rock)) { clist_dest[nclist_dest++] = cs_dest->clist[i].cred; } } cs_dest->flags &= ~KCDB_CREDSET_FLAG_ENUM; cs_src->flags |= KCDB_CREDSET_FLAG_ENUM; for (i=0; i < cs_src->nclist; i++) { if (cs_src->clist[i].cred && (*filter)((khm_handle)cs_src->clist[i].cred, KCDB_CREDCOLL_FILTER_SRC | cs_src_f, rock)) { clist_src[nclist_src++] = cs_src->clist[i].cred; } } cs_src->flags &= ~KCDB_CREDSET_FLAG_ENUM; cs_dest->version++; code = kcdb_credset_collect_core(cs_dest, clist_dest, nclist_dest, cs_src, clist_src, nclist_src, delta); LeaveCriticalSection(&(cs_dest->cs)); LeaveCriticalSection(&(cs_src->cs)); if(clist_dest) PFREE(clist_dest); if(clist_src) PFREE(clist_src); if (h_cs_dest == NULL) { kcdb_identity_refresh_all(); } return code; }
KHMEXP khm_int32 KHMAPI kcdb_credset_collect(khm_handle h_cs_dest, khm_handle h_cs_src, khm_handle identity, khm_int32 type_id, khm_int32 * delta) { kcdb_credset * cs_source; kcdb_credset * cs_dest; khm_int32 code = KHM_ERROR_SUCCESS; kcdb_cred ** clist_dest = NULL; kcdb_cred ** clist_src = NULL; int nclist_dest, nclist_src; int i; if ((h_cs_src && !kcdb_credset_is_credset(h_cs_src)) || (h_cs_dest && !kcdb_credset_is_credset(h_cs_dest)) || (h_cs_src == h_cs_dest)) /* works because credsets use shared handles */ return KHM_ERROR_INVALID_PARAM; if(identity && !kcdb_is_active_identity(identity)) return KHM_ERROR_INVALID_PARAM; if(h_cs_src) cs_source = (kcdb_credset *) h_cs_src; else cs_source = kcdb_root_credset; if(h_cs_dest) cs_dest = (kcdb_credset *) h_cs_dest; else cs_dest = kcdb_root_credset; if (kcdb_credset_is_sealed(cs_dest)) return KHM_ERROR_INVALID_OPERATION; if (cs_source < cs_dest) { EnterCriticalSection(&(cs_source->cs)); EnterCriticalSection(&(cs_dest->cs)); } else { EnterCriticalSection(&(cs_dest->cs)); EnterCriticalSection(&(cs_source->cs)); } /* enumerate through the root and given credential sets and select the ones we want */ if(cs_dest->nclist > 0) clist_dest = PMALLOC(sizeof(kcdb_cred *) * cs_dest->nclist); if(cs_source->nclist > 0) clist_src = PMALLOC(sizeof(kcdb_cred *) * cs_source->nclist); nclist_dest = 0; nclist_src = 0; for(i=0; i < cs_dest->nclist; i++) { if(cs_dest->clist[i].cred && (!identity || cs_dest->clist[i].cred->identity == identity) && (type_id==KCDB_CREDTYPE_ALL || cs_dest->clist[i].cred->type == type_id)) { clist_dest[nclist_dest++] = cs_dest->clist[i].cred; } } for(i=0; i < cs_source->nclist; i++) { if(cs_source->clist[i].cred && (!identity || cs_source->clist[i].cred->identity == identity) && (type_id==KCDB_CREDTYPE_ALL || cs_source->clist[i].cred->type == type_id)) { clist_src[nclist_src++] = cs_source->clist[i].cred; } } cs_dest->version++; code = kcdb_credset_collect_core(cs_dest, clist_dest, nclist_dest, cs_source, clist_src, nclist_src, delta); LeaveCriticalSection(&(cs_dest->cs)); LeaveCriticalSection(&(cs_source->cs)); if(clist_dest) PFREE(clist_dest); if(clist_src) PFREE(clist_src); if (h_cs_dest == NULL) { kcdb_identity_refresh_all(); } return code; }