/*! \internal
Collect credentials from cs2 to cs1 which have already been selected into
cl1 and cl2.
- Credentials in cl2 that are not in cl1 will get added to cs1
- Credentials in cl1 that are not in cl2 will get removed from cs1
- Credentials in cl1 and cl2 will be updated in cs1
cl1 and cl2 will be modified.
*/
khm_int32
kcdb_credset_collect_core(kcdb_credset * cs1,
kcdb_cred ** cl1,
khm_int32 ncl1,
kcdb_credset * cs2,
kcdb_cred ** cl2,
khm_int32 ncl2,
khm_int32 * delta)
{
int i, j;
int ldelta = 0;
khm_int32 rv;
/* find matching creds and update them */
for(i=0; i<ncl1; i++)
if(cl1[i]) {
for(j=0; j<ncl2; j++)
if(cl2[j] && kcdb_creds_is_equal((khm_handle) cl1[i], (khm_handle) cl2[j])) {
/* they are equivalent. make them equal */
/* depending on whether any changes were made,
update ldelta with the proper bit flag */
rv = kcdb_cred_update(cl1[i], cl2[j]);
if (rv == KHM_ERROR_SUCCESS) {
kcdb_credset_update_cred_ref((khm_handle) cs1, (khm_handle) cl1[i]);
ldelta |= KCDB_DELTA_MODIFY;
}
cl2[j] = NULL;
cl1[i] = NULL;
break;
}
}
/* all the creds that are left in cl1 need to be removed */
for(i=0; i<ncl1; i++)
if(cl1[i]) {
kcdb_credset_del_cred_ref((khm_handle) cs1, (khm_handle) cl1[i]);
cl1[i] = NULL;
ldelta |= KCDB_DELTA_DEL;
}
/* all the creds in cl2 need to be added to cs1 */
for(j=0; j<ncl2; j++)
if(cl2[j]) {
/* duplicate the credential and add it if we are adding it to the
root credential store. */
if(cs1 == kcdb_root_credset) {
khm_handle h;
if(KHM_SUCCEEDED(kcdb_cred_dup((khm_handle) cl2[j], &h))) {
kcdb_credset_add_cred((khm_handle) cs1, h, -1);
kcdb_cred_release(h);
}
} else
kcdb_credset_add_cred((khm_handle) cs1, cl2[j], -1);
cl2[j] = NULL;
ldelta |= KCDB_DELTA_ADD;
}
if(delta)
*delta = ldelta;
if((cs1 == kcdb_root_credset) && ldelta) {
/* something changed in the root credential set */
kmq_post_message(KMSG_CRED,KMSG_CRED_ROOTDELTA,ldelta,NULL);
}
return KHM_ERROR_SUCCESS;
}
KHMEXP khm_int32 KHMAPI
kcdb_credset_extract_filtered(khm_handle destcredset,
khm_handle sourcecredset,
kcdb_cred_filter_func filter,
void * rock)
{
khm_int32 code = KHM_ERROR_SUCCESS;
kcdb_credset * dest;
kcdb_credset * src;
int isRoot = 0;
khm_size srcSize = 0;
int i;
if(!kcdb_credset_is_credset(destcredset))
return KHM_ERROR_INVALID_PARAM;
if(sourcecredset) {
if(!kcdb_credset_is_credset(sourcecredset))
return KHM_ERROR_INVALID_PARAM;
} else {
sourcecredset = kcdb_root_credset;
isRoot = 1;
}
src = (kcdb_credset *) sourcecredset;
dest = (kcdb_credset *) destcredset;
if (kcdb_credset_is_sealed(dest))
return KHM_ERROR_INVALID_OPERATION;
EnterCriticalSection(&(src->cs));
EnterCriticalSection(&(dest->cs));
#ifdef DEBUG
assert(!(dest->flags & KCDB_CREDSET_FLAG_ENUM));
#endif
if(KHM_FAILED(kcdb_credset_get_size(sourcecredset, &srcSize))) {
code = KHM_ERROR_UNKNOWN;
goto _exit;
}
kcdb_cred_lock_read();
dest->flags |= KCDB_CREDSET_FLAG_ENUM;
for(i=0; i < (int) srcSize; i++) {
kcdb_cred * c;
c = src->clist[i].cred;
if(kcdb_cred_is_active_cred((khm_handle) c) &&
filter(c, 0, rock))
{
if(isRoot) {
khm_handle newcred;
kcdb_cred_unlock_read();
kcdb_cred_dup((khm_handle) c, &newcred);
kcdb_credset_add_cred(destcredset, newcred, -1);
kcdb_cred_release(newcred);
kcdb_cred_lock_read();
} else {
kcdb_cred_unlock_read();
kcdb_credset_add_cred(destcredset, (khm_handle) c, -1);
kcdb_cred_lock_read();
}
}
}
dest->flags &= ~KCDB_CREDSET_FLAG_ENUM;
kcdb_cred_unlock_read();
_exit:
LeaveCriticalSection(&(dest->cs));
LeaveCriticalSection(&(src->cs));
return code;
}
/*! \internal
Collect credentials from cs_src to cs_dest which have already been
selected into cl_dest and cl_src.
- Credentials in cl_src that are not in cl_dest will get added to
cs_dest
- Credentials in cl_dest that are not in cl_src will get removed
from cs_dest
- Credentials in cl_dest and cl_src will be updated in cs_dest
cl_dest and cl_src will be modified.
*/
khm_int32
kcdb_credset_collect_core(kcdb_credset * cs_dest,
kcdb_cred ** cl_dest,
khm_int32 ncl_dest,
kcdb_credset * cs_src,
kcdb_cred ** cl_src,
khm_int32 ncl_src,
khm_int32 * delta)
{
int i, j;
int ldelta = 0;
khm_int32 rv;
khm_boolean dest_is_root;
khm_handle last_identity = NULL;
dest_is_root = (cs_dest == kcdb_root_credset);
/* find matching credentials and update them */
for (i=0; i < ncl_dest; i++) {
if (cl_dest[i]) {
for (j=0; j < ncl_src; j++) {
if (cl_src[j] &&
kcdb_creds_is_equal((khm_handle) cl_dest[i], (khm_handle) cl_src[j])) {
/* depending on whether any changes were made,
update ldelta with the proper bit flag */
rv = kcdb_cred_update(cl_dest[i], cl_src[j]);
if (rv == KHM_ERROR_SUCCESS) {
kcdb_credset_update_cred_ref((khm_handle) cs_dest,
(khm_handle) cl_dest[i]);
ldelta |= KCDB_DELTA_MODIFY;
if (dest_is_root)
check_and_set_refresh_bit_for_identity(cl_dest[i],
&last_identity);
}
cl_src[j] = NULL;
cl_dest[i] = NULL;
break;
}
}
}
}
/* all the creds that are left in cl_dest need to be removed */
for (i=0; i < ncl_dest; i++) {
if (cl_dest[i]) {
if (dest_is_root)
check_and_set_refresh_bit_for_identity(cl_dest[i],
&last_identity);
kcdb_credset_del_cred_ref((khm_handle) cs_dest, (khm_handle) cl_dest[i]);
ldelta |= KCDB_DELTA_DEL;
cl_dest[i] = NULL;
}
}
/* all the creds in cl_src need to be added to cs_dest */
for (j=0; j < ncl_src; j++) {
if (cl_src[j]) {
/* duplicate the credential and add it if we are adding it
to or from the root credential store. */
if (cs_dest == kcdb_root_credset ||
cs_src == kcdb_root_credset) {
khm_handle h;
if (KHM_SUCCEEDED(kcdb_cred_dup((khm_handle) cl_src[j], &h))) {
kcdb_credset_add_cred((khm_handle) cs_dest, h, -1);
kcdb_cred_release(h);
}
} else {
kcdb_credset_add_cred((khm_handle) cs_dest, cl_src[j], -1);
}
if (dest_is_root)
check_and_set_refresh_bit_for_identity(cl_src[j],
&last_identity);
cl_src[j] = NULL;
ldelta |= KCDB_DELTA_ADD;
}
}
if (last_identity) {
kcdb_identity_release(last_identity);
last_identity = NULL;
}
if (delta)
*delta = ldelta;
if (dest_is_root && ldelta) {
/* something changed in the root credential set */
kmq_post_message(KMSG_CRED,KMSG_CRED_ROOTDELTA,ldelta,NULL);
}
return KHM_ERROR_SUCCESS;
}
