KHMEXP khm_int32 KHMAPI
kcdb_credset_flush(khm_handle vcredset)
{
int i;
kcdb_credset * cs;
if(!kcdb_credset_is_credset(vcredset))
return KHM_ERROR_INVALID_PARAM;
cs = (kcdb_credset *) vcredset;
if (kcdb_credset_is_sealed(cs))
return KHM_ERROR_INVALID_OPERATION;
EnterCriticalSection(&(cs->cs));
#ifdef DEBUG
assert(!(cs->flags & KCDB_CREDSET_FLAG_ENUM));
#endif
for(i=0;i<cs->nclist;i++) {
if(cs->clist[i].cred) {
kcdb_cred_release((khm_handle) cs->clist[i].cred);
}
}
cs->nclist = 0;
LeaveCriticalSection(&(cs->cs));
return KHM_ERROR_SUCCESS;
}
KHMEXP khm_int32 KHMAPI
kcdb_credset_del_cred_ref(khm_handle credset,
khm_handle cred)
{
kcdb_credset * cs;
khm_int32 code = KHM_ERROR_SUCCESS;
int i;
if(!kcdb_credset_is_credset(credset))
return KHM_ERROR_INVALID_PARAM;
cs = (kcdb_credset *) credset;
if (kcdb_credset_is_sealed(cs))
return KHM_ERROR_INVALID_OPERATION;
EnterCriticalSection(&(cs->cs));
for(i=0; i<cs->nclist; i++) {
if(cs->clist[i].cred == cred)
break;
}
if(i<cs->nclist) {
code = kcdb_credset_del_cred(credset, i);
} else {
code = KHM_ERROR_NOT_FOUND;
}
LeaveCriticalSection(&(cs->cs));
return code;
}
KHMEXP khm_int32 KHMAPI
kcdb_credset_sort(khm_handle credset,
kcdb_cred_comp_func comp,
void * rock)
{
khm_int32 code = KHM_ERROR_SUCCESS;
kcdb_credset * cs;
if(!kcdb_credset_is_credset(credset))
return KHM_ERROR_INVALID_PARAM;
cs = (kcdb_credset *) credset;
if (kcdb_credset_is_sealed(cs))
return KHM_ERROR_INVALID_OPERATION;
EnterCriticalSection(&(cs->cs));
#ifdef DEBUG
assert(!(cs->flags & KCDB_CREDSET_FLAG_ENUM));
#endif
EnterCriticalSection(&cs_credset);
kcdb_creds_comp_wrapper(rock, NULL);
kcdb_creds_comp_wrapper(NULL, (void *) comp);
qsort(cs->clist, cs->nclist,
sizeof(kcdb_credset_credref), kcdb_creds_comp_wrapper);
LeaveCriticalSection(&cs_credset);
LeaveCriticalSection(&(cs->cs));
return code;
}
KHMEXP khm_int32 KHMAPI
kcdb_credset_del_cred(khm_handle vcredset,
khm_int32 idx)
{
kcdb_credset * cs;
khm_int32 code = KHM_ERROR_SUCCESS;
if(!kcdb_credset_is_credset(vcredset))
return KHM_ERROR_INVALID_PARAM;
cs = (kcdb_credset *) vcredset;
if (kcdb_credset_is_sealed(cs))
return KHM_ERROR_INVALID_OPERATION;
EnterCriticalSection(&(cs->cs));
if(idx < 0 || idx >= cs->nclist) {
code = KHM_ERROR_INVALID_PARAM;
goto _exit;
}
if(cs->clist[idx].cred)
kcdb_cred_release((khm_handle) cs->clist[idx].cred);
if (!(cs->flags & KCDB_CREDSET_FLAG_ENUM)) {
if(idx + 1 < cs->nclist)
memmove(&(cs->clist[idx]),
&(cs->clist[idx+1]),
sizeof(kcdb_credset_credref) *
(cs->nclist - (idx + 1)));
cs->nclist--;
} else {
cs->clist[idx].cred = NULL;
}
_exit:
LeaveCriticalSection(&(cs->cs));
return code;
}
KHMEXP khm_int32 KHMAPI
kcdb_credset_add_cred(khm_handle credset,
khm_handle cred,
khm_int32 idx)
{
int new_idx;
kcdb_credset * cs;
khm_int32 code = KHM_ERROR_SUCCESS;
if(!kcdb_credset_is_credset(credset))
return KHM_ERROR_INVALID_PARAM;
cs = (kcdb_credset *) credset;
if (kcdb_credset_is_sealed(cs))
return KHM_ERROR_INVALID_OPERATION;
EnterCriticalSection(&(cs->cs));
kcdb_credset_buf_assert_size(cs, cs->nclist + 1);
if(idx < 0 || idx > cs->nclist)
new_idx = cs->nclist;
else if(idx < cs->nclist){
#ifdef DEBUG
assert(!(cs->flags & KCDB_CREDSET_FLAG_ENUM));
#endif
memmove(&(cs->clist[idx+1]), &(cs->clist[idx]), (cs->nclist - idx)*sizeof(cs->clist[0]));
new_idx = idx;
} else
new_idx = idx;
kcdb_cred_hold(cred);
cs->clist[new_idx].cred = (kcdb_cred *) cred;
cs->clist[new_idx].version = cs->version;
cs->nclist++;
LeaveCriticalSection(&(cs->cs));
return code;
}
KHMEXP khm_int32 KHMAPI
kcdb_credset_purge(khm_handle credset)
{
khm_int32 code = KHM_ERROR_SUCCESS;
kcdb_credset * cs;
int i,j;
if(!kcdb_credset_is_credset(credset))
return KHM_ERROR_INVALID_PARAM;
cs = (kcdb_credset *) credset;
if (kcdb_credset_is_sealed(cs))
return KHM_ERROR_INVALID_OPERATION;
EnterCriticalSection(&(cs->cs));
/* we can't purge a credset while an enumeration operation is in
progress. */
if (cs->flags & KCDB_CREDSET_FLAG_ENUM) {
code = KHM_ERROR_INVALID_OPERATION;
goto _exit;
}
for(i=0,j=0; i < cs->nclist; i++) {
if(cs->clist[i].cred) {
if(!kcdb_cred_is_active_cred((khm_handle) cs->clist[i].cred)) {
kcdb_cred_release((khm_handle) cs->clist[i].cred);
} else if(i != j) {
cs->clist[j++] = cs->clist[i];
} else
j++;
}
}
cs->nclist = j;
_exit:
LeaveCriticalSection(&(cs->cs));
return code;
}
KHMEXP khm_int32 KHMAPI
kcdb_credset_extract_filtered(khm_handle destcredset,
khm_handle sourcecredset,
kcdb_cred_filter_func filter,
void * rock)
{
khm_int32 code = KHM_ERROR_SUCCESS;
kcdb_credset * dest;
kcdb_credset * src;
int isRoot = 0;
khm_size srcSize = 0;
int i;
if(!kcdb_credset_is_credset(destcredset))
return KHM_ERROR_INVALID_PARAM;
if(sourcecredset) {
if(!kcdb_credset_is_credset(sourcecredset))
return KHM_ERROR_INVALID_PARAM;
} else {
sourcecredset = kcdb_root_credset;
isRoot = 1;
}
src = (kcdb_credset *) sourcecredset;
dest = (kcdb_credset *) destcredset;
if (kcdb_credset_is_sealed(dest))
return KHM_ERROR_INVALID_OPERATION;
EnterCriticalSection(&(src->cs));
EnterCriticalSection(&(dest->cs));
#ifdef DEBUG
assert(!(dest->flags & KCDB_CREDSET_FLAG_ENUM));
#endif
if(KHM_FAILED(kcdb_credset_get_size(sourcecredset, &srcSize))) {
code = KHM_ERROR_UNKNOWN;
goto _exit;
}
kcdb_cred_lock_read();
dest->flags |= KCDB_CREDSET_FLAG_ENUM;
for(i=0; i < (int) srcSize; i++) {
kcdb_cred * c;
c = src->clist[i].cred;
if(kcdb_cred_is_active_cred((khm_handle) c) &&
filter(c, 0, rock))
{
if(isRoot) {
khm_handle newcred;
kcdb_cred_unlock_read();
kcdb_cred_dup((khm_handle) c, &newcred);
kcdb_credset_add_cred(destcredset, newcred, -1);
kcdb_cred_release(newcred);
kcdb_cred_lock_read();
} else {
kcdb_cred_unlock_read();
kcdb_credset_add_cred(destcredset, (khm_handle) c, -1);
kcdb_cred_lock_read();
}
}
}
dest->flags &= ~KCDB_CREDSET_FLAG_ENUM;
kcdb_cred_unlock_read();
_exit:
LeaveCriticalSection(&(dest->cs));
LeaveCriticalSection(&(src->cs));
return code;
}
KHMEXP khm_int32 KHMAPI
kcdb_credset_collect_filtered(khm_handle cs_dest,
khm_handle cs_src,
kcdb_cred_filter_func filter,
void * rock,
khm_int32 * delta)
{
kcdb_credset * cs;
kcdb_credset * rcs;
khm_int32 code = KHM_ERROR_SUCCESS;
kcdb_cred ** r_sel = NULL;
kcdb_cred ** c_sel = NULL;
int nr_sel, nc_sel;
int i;
khm_int32 cs_f = 0;
khm_int32 rcs_f = 0;
if((cs_src && !kcdb_credset_is_credset(cs_src)) ||
(cs_dest && !kcdb_credset_is_credset(cs_dest)) ||
(cs_src == cs_dest)) /* works because credsets use shared
handles */
return KHM_ERROR_INVALID_PARAM;
if(cs_src)
cs = (kcdb_credset *) cs_src;
else {
cs = kcdb_root_credset;
cs_f = KCDB_CREDCOLL_FILTER_ROOT;
}
if(cs_dest)
rcs = (kcdb_credset *) cs_dest;
else {
rcs = kcdb_root_credset;
rcs_f = KCDB_CREDCOLL_FILTER_ROOT;
}
if (kcdb_credset_is_sealed(rcs))
return KHM_ERROR_INVALID_OPERATION;
EnterCriticalSection(&(cs->cs));
EnterCriticalSection(&(rcs->cs));
#ifdef DEBUG
assert(!(rcs->flags & KCDB_CREDSET_FLAG_ENUM));
assert(!(cs->flags & KCDB_CREDSET_FLAG_ENUM));
#endif
if(rcs->nclist)
r_sel = PMALLOC(sizeof(kcdb_cred *) * rcs->nclist);
if(cs->nclist)
c_sel = PMALLOC(sizeof(kcdb_cred *) * cs->nclist);
nr_sel = 0;
nc_sel = 0;
rcs->flags |= KCDB_CREDSET_FLAG_ENUM;
for(i=0; i<rcs->nclist; i++) {
if(rcs->clist[i].cred &&
(*filter)((khm_handle)rcs->clist[i].cred,
KCDB_CREDCOLL_FILTER_DEST | rcs_f,
rock))
{
r_sel[nr_sel++] = rcs->clist[i].cred;
}
}
rcs->flags &= ~KCDB_CREDSET_FLAG_ENUM;
cs->flags |= KCDB_CREDSET_FLAG_ENUM;
for(i=0; i<cs->nclist; i++) {
if(cs->clist[i].cred && filter((khm_handle)rcs->clist[i].cred, KCDB_CREDCOLL_FILTER_SRC | cs_f, rock))
{
c_sel[nc_sel++] = cs->clist[i].cred;
}
}
cs->flags &= ~KCDB_CREDSET_FLAG_ENUM;
rcs->version++;
code = kcdb_credset_collect_core(
rcs,
r_sel,
nr_sel,
cs,
c_sel,
nc_sel,
delta);
LeaveCriticalSection(&(rcs->cs));
LeaveCriticalSection(&(cs->cs));
if(r_sel)
PFREE(r_sel);
if(c_sel)
PFREE(c_sel);
if (cs_dest == NULL) {
kcdb_identity_refresh_all();
}
return code;
}
KHMEXP khm_int32 KHMAPI
kcdb_credset_collect(khm_handle cs_dest,
khm_handle cs_src,
khm_handle identity,
khm_int32 type,
khm_int32 * delta)
{
kcdb_credset * cs;
kcdb_credset * rcs;
khm_int32 code = KHM_ERROR_SUCCESS;
kcdb_cred ** r_sel = NULL;
kcdb_cred ** c_sel = NULL;
int nr_sel, nc_sel;
int i;
if((cs_src && !kcdb_credset_is_credset(cs_src)) ||
(cs_dest && !kcdb_credset_is_credset(cs_dest)) ||
(cs_src == cs_dest)) /* works because credsets use shared
handles */
return KHM_ERROR_INVALID_PARAM;
if(identity && !kcdb_is_active_identity(identity))
return KHM_ERROR_INVALID_PARAM;
if(cs_src)
cs = (kcdb_credset *) cs_src;
else
cs = kcdb_root_credset;
if(cs_dest)
rcs = (kcdb_credset *) cs_dest;
else
rcs = kcdb_root_credset;
if (kcdb_credset_is_sealed(rcs))
return KHM_ERROR_INVALID_OPERATION;
EnterCriticalSection(&(cs->cs));
EnterCriticalSection(&(rcs->cs));
/* enumerate through the root and given credential sets and select
the ones we want */
if(rcs->nclist > 0)
r_sel = PMALLOC(sizeof(kcdb_cred *) * rcs->nclist);
if(cs->nclist > 0)
c_sel = PMALLOC(sizeof(kcdb_cred *) * cs->nclist);
nr_sel = 0;
nc_sel = 0;
for(i=0; i<rcs->nclist; i++) {
if(rcs->clist[i].cred &&
(!identity || rcs->clist[i].cred->identity == identity) &&
(type==KCDB_CREDTYPE_ALL || rcs->clist[i].cred->type == type))
{
r_sel[nr_sel++] = rcs->clist[i].cred;
}
}
for(i=0; i<cs->nclist; i++) {
if(cs->clist[i].cred &&
(!identity || cs->clist[i].cred->identity == identity) &&
(type==KCDB_CREDTYPE_ALL || cs->clist[i].cred->type == type))
{
c_sel[nc_sel++] = cs->clist[i].cred;
}
}
rcs->version++;
code = kcdb_credset_collect_core(
rcs,
r_sel,
nr_sel,
cs,
c_sel,
nc_sel,
delta);
LeaveCriticalSection(&(rcs->cs));
LeaveCriticalSection(&(cs->cs));
if(r_sel)
PFREE(r_sel);
if(c_sel)
PFREE(c_sel);
if (cs_dest == NULL) {
kcdb_identity_refresh_all();
}
return code;
}
KHMEXP khm_int32 KHMAPI
kcdb_credset_collect_filtered(khm_handle h_cs_dest,
khm_handle h_cs_src,
kcdb_cred_filter_func filter,
void * rock,
khm_int32 * delta)
{
kcdb_credset * cs_src;
kcdb_credset * cs_dest;
khm_int32 code = KHM_ERROR_SUCCESS;
kcdb_cred ** clist_dest = NULL;
kcdb_cred ** clist_src = NULL;
int nclist_dest, nclist_src;
int i;
khm_int32 cs_src_f = 0;
khm_int32 cs_dest_f = 0;
if((h_cs_src && !kcdb_credset_is_credset(h_cs_src)) ||
(h_cs_dest && !kcdb_credset_is_credset(h_cs_dest)) ||
(h_cs_src == h_cs_dest)) /* works because credsets use shared
handles */
return KHM_ERROR_INVALID_PARAM;
if(h_cs_src)
cs_src = (kcdb_credset *) h_cs_src;
else {
cs_src = kcdb_root_credset;
cs_src_f = KCDB_CREDCOLL_FILTER_ROOT;
}
if(h_cs_dest)
cs_dest = (kcdb_credset *) h_cs_dest;
else {
cs_dest = kcdb_root_credset;
cs_dest_f = KCDB_CREDCOLL_FILTER_ROOT;
}
if (kcdb_credset_is_sealed(cs_dest))
return KHM_ERROR_INVALID_OPERATION;
if (cs_src < cs_dest) {
EnterCriticalSection(&(cs_src->cs));
EnterCriticalSection(&(cs_dest->cs));
} else {
EnterCriticalSection(&(cs_dest->cs));
EnterCriticalSection(&(cs_src->cs));
}
#ifdef DEBUG
assert(!(cs_dest->flags & KCDB_CREDSET_FLAG_ENUM));
assert(!(cs_src->flags & KCDB_CREDSET_FLAG_ENUM));
#endif
if (cs_dest->nclist)
clist_dest = PMALLOC(sizeof(kcdb_cred *) * cs_dest->nclist);
if (cs_src->nclist)
clist_src = PMALLOC(sizeof(kcdb_cred *) * cs_src->nclist);
nclist_dest = 0;
nclist_src = 0;
cs_dest->flags |= KCDB_CREDSET_FLAG_ENUM;
for (i=0; i < cs_dest->nclist; i++) {
if (cs_dest->clist[i].cred &&
(*filter)((khm_handle)cs_dest->clist[i].cred,
KCDB_CREDCOLL_FILTER_DEST | cs_dest_f,
rock)) {
clist_dest[nclist_dest++] = cs_dest->clist[i].cred;
}
}
cs_dest->flags &= ~KCDB_CREDSET_FLAG_ENUM;
cs_src->flags |= KCDB_CREDSET_FLAG_ENUM;
for (i=0; i < cs_src->nclist; i++) {
if (cs_src->clist[i].cred &&
(*filter)((khm_handle)cs_src->clist[i].cred,
KCDB_CREDCOLL_FILTER_SRC | cs_src_f,
rock)) {
clist_src[nclist_src++] = cs_src->clist[i].cred;
}
}
cs_src->flags &= ~KCDB_CREDSET_FLAG_ENUM;
cs_dest->version++;
code = kcdb_credset_collect_core(cs_dest, clist_dest, nclist_dest,
cs_src, clist_src, nclist_src,
delta);
LeaveCriticalSection(&(cs_dest->cs));
LeaveCriticalSection(&(cs_src->cs));
if(clist_dest)
PFREE(clist_dest);
if(clist_src)
PFREE(clist_src);
if (h_cs_dest == NULL) {
kcdb_identity_refresh_all();
}
return code;
}
KHMEXP khm_int32 KHMAPI
kcdb_credset_collect(khm_handle h_cs_dest,
khm_handle h_cs_src,
khm_handle identity,
khm_int32 type_id,
khm_int32 * delta)
{
kcdb_credset * cs_source;
kcdb_credset * cs_dest;
khm_int32 code = KHM_ERROR_SUCCESS;
kcdb_cred ** clist_dest = NULL;
kcdb_cred ** clist_src = NULL;
int nclist_dest, nclist_src;
int i;
if ((h_cs_src && !kcdb_credset_is_credset(h_cs_src)) ||
(h_cs_dest && !kcdb_credset_is_credset(h_cs_dest)) ||
(h_cs_src == h_cs_dest)) /* works because credsets use shared
handles */
return KHM_ERROR_INVALID_PARAM;
if(identity && !kcdb_is_active_identity(identity))
return KHM_ERROR_INVALID_PARAM;
if(h_cs_src)
cs_source = (kcdb_credset *) h_cs_src;
else
cs_source = kcdb_root_credset;
if(h_cs_dest)
cs_dest = (kcdb_credset *) h_cs_dest;
else
cs_dest = kcdb_root_credset;
if (kcdb_credset_is_sealed(cs_dest))
return KHM_ERROR_INVALID_OPERATION;
if (cs_source < cs_dest) {
EnterCriticalSection(&(cs_source->cs));
EnterCriticalSection(&(cs_dest->cs));
} else {
EnterCriticalSection(&(cs_dest->cs));
EnterCriticalSection(&(cs_source->cs));
}
/* enumerate through the root and given credential sets and select
the ones we want */
if(cs_dest->nclist > 0)
clist_dest = PMALLOC(sizeof(kcdb_cred *) * cs_dest->nclist);
if(cs_source->nclist > 0)
clist_src = PMALLOC(sizeof(kcdb_cred *) * cs_source->nclist);
nclist_dest = 0;
nclist_src = 0;
for(i=0; i < cs_dest->nclist; i++) {
if(cs_dest->clist[i].cred &&
(!identity || cs_dest->clist[i].cred->identity == identity) &&
(type_id==KCDB_CREDTYPE_ALL || cs_dest->clist[i].cred->type == type_id)) {
clist_dest[nclist_dest++] = cs_dest->clist[i].cred;
}
}
for(i=0; i < cs_source->nclist; i++) {
if(cs_source->clist[i].cred &&
(!identity || cs_source->clist[i].cred->identity == identity) &&
(type_id==KCDB_CREDTYPE_ALL || cs_source->clist[i].cred->type == type_id)) {
clist_src[nclist_src++] = cs_source->clist[i].cred;
}
}
cs_dest->version++;
code = kcdb_credset_collect_core(cs_dest, clist_dest, nclist_dest,
cs_source, clist_src, nclist_src,
delta);
LeaveCriticalSection(&(cs_dest->cs));
LeaveCriticalSection(&(cs_source->cs));
if(clist_dest)
PFREE(clist_dest);
if(clist_src)
PFREE(clist_src);
if (h_cs_dest == NULL) {
kcdb_identity_refresh_all();
}
return code;
}
