KHMEXP khm_int32 KHMAPI kcdb_buf_release(khm_handle record)
{
if(kcdb_cred_is_active_cred(record))
return kcdb_cred_release(record);
else if(kcdb_is_active_identity(record))
return kcdb_identity_release(record);
else
return KHM_ERROR_INVALID_PARAM;
}
KHMEXP khm_int32 KHMAPI kcdb_buf_set_attrib(
khm_handle record,
const wchar_t * attr_name,
void * buffer,
khm_size cbbuf)
{
if(kcdb_cred_is_active_cred(record))
return kcdb_cred_set_attrib(record, attr_name, buffer, cbbuf);
else if(kcdb_is_active_identity(record))
return kcdb_identity_set_attrib(record, attr_name, buffer, cbbuf);
else
return KHM_ERROR_INVALID_PARAM;
}
KHMEXP khm_int32 KHMAPI kcdb_buf_get_attrib_string(
khm_handle record,
const wchar_t * attr_name,
wchar_t * buffer,
khm_size * pcbbuf,
khm_int32 flags)
{
if(kcdb_cred_is_active_cred(record))
return kcdb_cred_get_attrib_string(record, attr_name, buffer, pcbbuf, flags);
else if(kcdb_is_active_identity(record))
return kcdb_identity_get_attrib_string(record, attr_name, buffer, pcbbuf, flags);
else
return KHM_ERROR_INVALID_PARAM;
}
KHMEXP khm_int32 KHMAPI kcdb_buf_get_attr(
khm_handle record,
khm_int32 attr_id,
khm_int32 * attr_type,
void * buffer,
khm_size * pcb_buf)
{
if(kcdb_cred_is_active_cred(record))
return kcdb_cred_get_attr(record, attr_id, attr_type, buffer, pcb_buf);
else if(kcdb_is_active_identity(record))
return kcdb_identity_get_attr(record, attr_id, attr_type, buffer, pcb_buf);
else
return KHM_ERROR_INVALID_PARAM;
}
KHMEXP khm_int32 KHMAPI
kcdb_identpro_validate_identity(khm_handle videntity)
{
khm_int32 rv = KHM_ERROR_SUCCESS;
khm_handle sub;
if(!kcdb_is_active_identity(videntity))
return KHM_ERROR_INVALID_PARAM;
sub = identpro_get_sub_for_identity(videntity);
if(sub != NULL) {
rv = kmq_send_sub_msg(sub,
KMSG_IDENT,
KMSG_IDENT_VALIDATE_IDENTITY,
0,
(void *) identity);
} else {
rv = KHM_ERROR_NO_PROVIDER;
}
return rv;
}
KHMEXP khm_int32 KHMAPI
kcdb_credset_collect(khm_handle cs_dest,
khm_handle cs_src,
khm_handle identity,
khm_int32 type,
khm_int32 * delta)
{
kcdb_credset * cs;
kcdb_credset * rcs;
khm_int32 code = KHM_ERROR_SUCCESS;
kcdb_cred ** r_sel = NULL;
kcdb_cred ** c_sel = NULL;
int nr_sel, nc_sel;
int i;
if((cs_src && !kcdb_credset_is_credset(cs_src)) ||
(cs_dest && !kcdb_credset_is_credset(cs_dest)) ||
(cs_src == cs_dest)) /* works because credsets use shared
handles */
return KHM_ERROR_INVALID_PARAM;
if(identity && !kcdb_is_active_identity(identity))
return KHM_ERROR_INVALID_PARAM;
if(cs_src)
cs = (kcdb_credset *) cs_src;
else
cs = kcdb_root_credset;
if(cs_dest)
rcs = (kcdb_credset *) cs_dest;
else
rcs = kcdb_root_credset;
if (kcdb_credset_is_sealed(rcs))
return KHM_ERROR_INVALID_OPERATION;
EnterCriticalSection(&(cs->cs));
EnterCriticalSection(&(rcs->cs));
/* enumerate through the root and given credential sets and select
the ones we want */
if(rcs->nclist > 0)
r_sel = PMALLOC(sizeof(kcdb_cred *) * rcs->nclist);
if(cs->nclist > 0)
c_sel = PMALLOC(sizeof(kcdb_cred *) * cs->nclist);
nr_sel = 0;
nc_sel = 0;
for(i=0; i<rcs->nclist; i++) {
if(rcs->clist[i].cred &&
(!identity || rcs->clist[i].cred->identity == identity) &&
(type==KCDB_CREDTYPE_ALL || rcs->clist[i].cred->type == type))
{
r_sel[nr_sel++] = rcs->clist[i].cred;
}
}
for(i=0; i<cs->nclist; i++) {
if(cs->clist[i].cred &&
(!identity || cs->clist[i].cred->identity == identity) &&
(type==KCDB_CREDTYPE_ALL || cs->clist[i].cred->type == type))
{
c_sel[nc_sel++] = cs->clist[i].cred;
}
}
rcs->version++;
code = kcdb_credset_collect_core(
rcs,
r_sel,
nr_sel,
cs,
c_sel,
nc_sel,
delta);
LeaveCriticalSection(&(rcs->cs));
LeaveCriticalSection(&(cs->cs));
if(r_sel)
PFREE(r_sel);
if(c_sel)
PFREE(c_sel);
if (cs_dest == NULL) {
kcdb_identity_refresh_all();
}
return code;
}
KHMEXP khm_int32 KHMAPI
kcdb_credset_collect(khm_handle h_cs_dest,
khm_handle h_cs_src,
khm_handle identity,
khm_int32 type_id,
khm_int32 * delta)
{
kcdb_credset * cs_source;
kcdb_credset * cs_dest;
khm_int32 code = KHM_ERROR_SUCCESS;
kcdb_cred ** clist_dest = NULL;
kcdb_cred ** clist_src = NULL;
int nclist_dest, nclist_src;
int i;
if ((h_cs_src && !kcdb_credset_is_credset(h_cs_src)) ||
(h_cs_dest && !kcdb_credset_is_credset(h_cs_dest)) ||
(h_cs_src == h_cs_dest)) /* works because credsets use shared
handles */
return KHM_ERROR_INVALID_PARAM;
if(identity && !kcdb_is_active_identity(identity))
return KHM_ERROR_INVALID_PARAM;
if(h_cs_src)
cs_source = (kcdb_credset *) h_cs_src;
else
cs_source = kcdb_root_credset;
if(h_cs_dest)
cs_dest = (kcdb_credset *) h_cs_dest;
else
cs_dest = kcdb_root_credset;
if (kcdb_credset_is_sealed(cs_dest))
return KHM_ERROR_INVALID_OPERATION;
if (cs_source < cs_dest) {
EnterCriticalSection(&(cs_source->cs));
EnterCriticalSection(&(cs_dest->cs));
} else {
EnterCriticalSection(&(cs_dest->cs));
EnterCriticalSection(&(cs_source->cs));
}
/* enumerate through the root and given credential sets and select
the ones we want */
if(cs_dest->nclist > 0)
clist_dest = PMALLOC(sizeof(kcdb_cred *) * cs_dest->nclist);
if(cs_source->nclist > 0)
clist_src = PMALLOC(sizeof(kcdb_cred *) * cs_source->nclist);
nclist_dest = 0;
nclist_src = 0;
for(i=0; i < cs_dest->nclist; i++) {
if(cs_dest->clist[i].cred &&
(!identity || cs_dest->clist[i].cred->identity == identity) &&
(type_id==KCDB_CREDTYPE_ALL || cs_dest->clist[i].cred->type == type_id)) {
clist_dest[nclist_dest++] = cs_dest->clist[i].cred;
}
}
for(i=0; i < cs_source->nclist; i++) {
if(cs_source->clist[i].cred &&
(!identity || cs_source->clist[i].cred->identity == identity) &&
(type_id==KCDB_CREDTYPE_ALL || cs_source->clist[i].cred->type == type_id)) {
clist_src[nclist_src++] = cs_source->clist[i].cred;
}
}
cs_dest->version++;
code = kcdb_credset_collect_core(cs_dest, clist_dest, nclist_dest,
cs_source, clist_src, nclist_src,
delta);
LeaveCriticalSection(&(cs_dest->cs));
LeaveCriticalSection(&(cs_source->cs));
if(clist_dest)
PFREE(clist_dest);
if(clist_src)
PFREE(clist_src);
if (h_cs_dest == NULL) {
kcdb_identity_refresh_all();
}
return code;
}
