src/daemon/db/gsignond-db-credentials-database.c

   1 /* vi: set et sw=4 ts=4 cino=t0,(0: */
   2 /* -*- Mode: C; indent-tabs-mode: nil; c-basic-offset: 4 -*- */
   3 /*
   4  * This file is part of gsignond
   5  *
   6  * Copyright (C) 2012 Intel Corporation.
   7  *
   8  * Contact: Imran Zaman <imran.zaman@linux.intel.com>
   9  *
  10  * This library is free software; you can redistribute it and/or
  11  * modify it under the terms of the GNU Lesser General Public
  12  * License as published by the Free Software Foundation; either
  13  * version 2.1 of the License, or (at your option) any later version.
  14  *
  15  * This library is distributed in the hope that it will be useful, but
  16  * WITHOUT ANY WARRANTY; without even the implied warranty of
  17  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
  18  * Lesser General Public License for more details.
  19  *
  20  * You should have received a copy of the GNU Lesser General Public
  21  * License along with this library; if not, write to the Free Software
  22  * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
  23  * 02110-1301 USA
  24  */
  25 #include <string.h>
  26
  27 #include "gsignond/gsignond-log.h"
  28 #include "gsignond/gsignond-credentials.h"
  29 #include "common/db/gsignond-db-error.h"
  30 #include "gsignond-db-credentials-database.h"
  31
  32 #define GSIGNOND_DB_CREDENTIALS_DATABASE_GET_PRIVATE(obj) \
  33                                        (G_TYPE_INSTANCE_GET_PRIVATE ((obj),\
  34                                         GSIGNOND_DB_TYPE_CREDENTIALS_DATABASE, \
  35                                         GSignondDbCredentialsDatabasePrivate))
  36
  37 G_DEFINE_TYPE (GSignondDbCredentialsDatabase, gsignond_db_credentials_database,
  38         G_TYPE_OBJECT);
  39
  40 struct _GSignondDbCredentialsDatabasePrivate
  41 {
  42     GSignondDbMetadataDatabase *metadata_db;
  43 };
  44
  45 enum
  46 {
  47     PROP_0,
  48     PROP_CONFIG,
  49     PROP_STORAGE,
  50     N_PROPERTIES
  51 };
  52
  53 static GParamSpec *properties[N_PROPERTIES] = { NULL, };
  54
  55 static void
  56 _set_property (GObject *object, guint prop_id, const GValue *value,
  57                GParamSpec *pspec)
  58 {
  59     GSignondDbCredentialsDatabase *self =
  60             GSIGNOND_DB_CREDENTIALS_DATABASE (object);
  61
  62     switch (prop_id) {
  63         case PROP_CONFIG:
  64             g_assert (self->config == NULL);
  65             self->config = g_value_dup_object (value);
  66             break;
  67         case PROP_STORAGE:
  68             g_assert (self->secret_storage == NULL);
  69             self->secret_storage = g_value_dup_object (value);
  70             break;
  71         default:
  72             G_OBJECT_WARN_INVALID_PROPERTY_ID (object, prop_id, pspec);
  73     }
  74 }
  75
  76 static void
  77 _get_property (GObject *object, guint prop_id, GValue *value, GParamSpec *pspec)
  78 {
  79     GSignondDbCredentialsDatabase *self =
  80             GSIGNOND_DB_CREDENTIALS_DATABASE (object);
  81
  82     switch (prop_id) {
  83         case PROP_CONFIG:
  84             g_value_set_object (value, self->config);
  85             break;
  86         case PROP_STORAGE:
  87             g_value_set_object (value, self->secret_storage);
  88             break;
  89         default:
  90             G_OBJECT_WARN_INVALID_PROPERTY_ID (object, prop_id, pspec);
  91     }
  92 }
  93
  94 static void
  95 _gsignond_db_credentials_database_dispose (GObject *gobject)
  96 {
  97     g_return_if_fail (GSIGNOND_DB_IS_CREDENTIALS_DATABASE (gobject));
  98     GSignondDbCredentialsDatabase *self =
  99             GSIGNOND_DB_CREDENTIALS_DATABASE (gobject);
 100
 101     if (self->config) {
 102         g_object_unref (self->config);
 103         self->config = NULL;
 104     }
 105     if (self->secret_storage) {
 106         g_object_unref (self->secret_storage);
 107         self->secret_storage = NULL;
 108     }
 109     if (self->priv->metadata_db) {
 110         g_object_unref (self->priv->metadata_db);
 111         self->priv->metadata_db = NULL;
 112     }
 113     G_OBJECT_CLASS (gsignond_db_credentials_database_parent_class)->dispose (
 114             gobject);
 115 }
 116
 117 static void
 118 gsignond_db_credentials_database_class_init (
 119         GSignondDbCredentialsDatabaseClass *klass)
 120 {
 121     GObjectClass *gobject_class = G_OBJECT_CLASS (klass);
 122
 123     gobject_class->set_property = _set_property;
 124     gobject_class->get_property = _get_property;
 125     gobject_class->dispose = _gsignond_db_credentials_database_dispose;
 126
 127     properties[PROP_CONFIG] = g_param_spec_object (
 128             "config",
 129             "config",
 130             "Configuration object",
 131             GSIGNOND_TYPE_CONFIG,
 132             G_PARAM_CONSTRUCT_ONLY |
 133             G_PARAM_READWRITE |
 134             G_PARAM_STATIC_STRINGS);
 135     properties[PROP_STORAGE] = g_param_spec_object (
 136             "storage",
 137             "storage",
 138             "Secure Storage object",
 139             GSIGNOND_TYPE_SECRET_STORAGE,
 140             G_PARAM_CONSTRUCT_ONLY |
 141             G_PARAM_READWRITE |
 142             G_PARAM_STATIC_STRINGS);
 143     g_object_class_install_properties (gobject_class, N_PROPERTIES, properties);
 144
 145     g_type_class_add_private (klass,
 146             sizeof (GSignondDbCredentialsDatabasePrivate));
 147 }
 148
 149 static void
 150 gsignond_db_credentials_database_init (
 151         GSignondDbCredentialsDatabase *self)
 152 {
 153     self->priv = GSIGNOND_DB_CREDENTIALS_DATABASE_GET_PRIVATE (self);
 154     self->config = NULL;
 155     self->secret_storage = NULL;
 156     self->priv->metadata_db = NULL;
 157 }
 158
 159 /**
 160  * gsignond_db_credentials_database_new:
 161  *
 162  * @config: (transfer none) the #GSignondConfig object
 163  * @storage: (transfer none) the #GSignondSecretStorage object
 164  *
 165  * Creates new #GSignondDbCredentialsDatabase object
 166  *
 167  * Returns: (transfer full) the #GSignondDbCredentialsDatabase object
 168  */
 169 GSignondDbCredentialsDatabase *
 170 gsignond_db_credentials_database_new (
 171         GSignondConfig *config,
 172         GSignondSecretStorage *storage)
 173 {
 174
 175         GSignondDbCredentialsDatabase *self = NULL;
 176         self = GSIGNOND_DB_CREDENTIALS_DATABASE (
 177             g_object_new (GSIGNOND_DB_TYPE_CREDENTIALS_DATABASE,
 178                     "config",
 179                     config,
 180                     "storage",
 181                     storage,
 182                     NULL));
 183         if (self) {
 184             self->priv->metadata_db = gsignond_db_metadata_database_new (
 185                     self->config);
 186             if (self->priv->metadata_db) {
 187                 gsignond_db_metadata_database_open (self->priv->metadata_db);
 188             }
 189         }
 190         return self;
 191 }
 192
 193 /**
 194  * gsignond_db_credentials_database_open_secret_storage:
 195  *
 196  * @self: instance of #GSignondDbCredentialsDatabase
 197  *
 198  * Opens (and initializes) secret storage.
 199  *
 200  * Returns: TRUE if successful, FALSE otherwise.
 201  */
 202 gboolean
 203 gsignond_db_credentials_database_open_secret_storage (
 204         GSignondDbCredentialsDatabase *self)
 205 {
 206     g_return_val_if_fail (GSIGNOND_DB_IS_CREDENTIALS_DATABASE (self), FALSE);
 207     g_return_val_if_fail (self->secret_storage != NULL, FALSE);
 208
 209         return gsignond_secret_storage_open_db (self->secret_storage);
 210 }
 211
 212 /**
 213  * gsignond_db_credentials_database_close_secret_storage:
 214  *
 215  * @self: instance of #GSignondDbCredentialsDatabase
 216  *
 217  * Closes the secret storage.
 218  *
 219  * Returns: TRUE if successful, FALSE otherwise.
 220  */
 221 gboolean
 222 gsignond_db_credentials_database_close_secret_storage (
 223         GSignondDbCredentialsDatabase *self)
 224 {
 225     g_return_val_if_fail (GSIGNOND_DB_IS_CREDENTIALS_DATABASE (self), FALSE);
 226     g_return_val_if_fail (self->secret_storage != NULL, FALSE);
 227
 228         return gsignond_secret_storage_close_db (self->secret_storage);
 229 }
 230
 231 /**
 232  * gsignond_db_credentials_database_is_open_secret_storage:
 233  *
 234  * @self: instance of #GSignondDbCredentialsDatabase
 235  *
 236  * Checks if secret storage is open or not.
 237  *
 238  * Returns: TRUE if secret storage is open, FALSE otherwise.
 239  */
 240 gboolean
 241 gsignond_db_credentials_database_is_open_secret_storage (
 242         GSignondDbCredentialsDatabase *self)
 243 {
 244     g_return_val_if_fail (GSIGNOND_DB_IS_CREDENTIALS_DATABASE (self), FALSE);
 245     g_return_val_if_fail (self->secret_storage != NULL, FALSE);
 246
 247         return gsignond_secret_storage_is_open_db (self->secret_storage);
 248 }
 249
 250 /**
 251  * gsignond_db_credentials_database_clear:
 252  *
 253  * @self: instance of #GSignondDbCredentialsDatabase
 254  *
 255  * Clears the credentials database.
 256  *
 257  * Returns: TRUE if secret storage is open, FALSE otherwise.
 258  */
 259 gboolean
 260 gsignond_db_credentials_database_clear (GSignondDbCredentialsDatabase *self)
 261 {
 262     g_return_val_if_fail (GSIGNOND_DB_IS_CREDENTIALS_DATABASE (self), FALSE);
 263     g_return_val_if_fail (self->secret_storage != NULL, FALSE);
 264
 265         return gsignond_secret_storage_clear_db (self->secret_storage) &&
 266                         gsignond_db_sql_database_clear (
 267                                         GSIGNOND_DB_SQL_DATABASE (self->priv->metadata_db));
 268 }
 269
 270 /**
 271  * gsignond_db_credentials_database_load_identity:
 272  *
 273  * @self: instance of #GSignondDbCredentialsDatabase
 274  * @identity_id: the id of the identity
 275  * @query_secret: whether to query the password or not
 276  *
 277  * Fetches the info associated with the specified identity id.
 278  *
 279  * Returns: (transfer full) the info #GSignondIdentityInfo if successful,
 280  * NULL otherwise. When done, it should be freed with
 281  * gsignond_identity_info_unref (identity)
 282  */
 283 GSignondIdentityInfo *
 284 gsignond_db_credentials_database_load_identity (
 285         GSignondDbCredentialsDatabase *self,
 286         const guint32 identity_id,
 287         gboolean query_secret)
 288 {
 289         GSignondIdentityInfo *identity = NULL;
 290     gboolean is_un_sec = FALSE;
 291     gboolean is_pwd_sec =  FALSE;
 292
 293         g_return_val_if_fail (GSIGNOND_DB_IS_CREDENTIALS_DATABASE (self), NULL);
 294
 295     identity = gsignond_db_metadata_database_get_identity (
 296                 self->priv->metadata_db, identity_id);
 297     if (identity && query_secret &&
 298         !gsignond_identity_info_get_is_identity_new (identity) &&
 299         gsignond_db_credentials_database_is_open_secret_storage (self)) {
 300
 301         is_un_sec = gsignond_identity_info_get_is_username_secret (identity);
 302         is_pwd_sec = gsignond_identity_info_get_store_secret (identity);
 303         if (is_un_sec || is_pwd_sec) {
 304             GSignondCredentials * creds;
 305             creds = gsignond_secret_storage_load_credentials (
 306                     self->secret_storage, identity_id);
 307             if (creds) {
 308                 if (is_un_sec)
 309                     gsignond_identity_info_set_username (identity,
 310                             gsignond_credentials_get_username (creds));
 311                 if (is_pwd_sec)
 312                     gsignond_identity_info_set_secret (identity,
 313                             gsignond_credentials_get_password (creds));
 314                 g_object_unref (creds);
 315             }
 316         }
 317     }
 318
 319         return identity;
 320 }
 321
 322 /**
 323  * gsignond_db_credentials_database_load_identities:
 324  *
 325  * @self: instance of #GSignondDbCredentialsDatabase
 326  * @filter: (transfer none) filter to apply. Currently supported filters:
 327  *   ("Owner":GSignondSecurtityContext *context) - Identities matched with this 'context'
 328  *   ("Type":guint32 type) - Identities matched with 'type'
 329  *   ("Caption":gchar *caption) - Identties matched/start with 'caption'
 330  *
 331  * Fetches the list of the identities.
 332  *
 333  * Returns: (transfer full) the list if successful, NULL otherwise.
 334  * When done list should be freed with gsignond_identity_info_list_free (list)
 335  */
 336 GSignondIdentityInfoList *
 337 gsignond_db_credentials_database_load_identities (
 338         GSignondDbCredentialsDatabase *self,
 339         GSignondDictionary *filter)
 340 {
 341     g_return_val_if_fail (GSIGNOND_DB_IS_CREDENTIALS_DATABASE (self), NULL);
 342
 343         return gsignond_db_metadata_database_get_identities (
 344                         self->priv->metadata_db, filter);
 345 }
 346
 347 /**
 348  * gsignond_db_credentials_database_update_identity:
 349  *
 350  * @self: instance of #GSignondDbCredentialsDatabase
 351  * @identity: the identity info which needs to be inserted to db
 352  * @store_secret: flag to indicate whether to store the secret or not
 353  *
 354  * Updates the identity info in the credentials database.
 355  *
 356  * Returns: the id of the updated identity, 0 otherwise.
 357  */
 358 guint32
 359 gsignond_db_credentials_database_update_identity (
 360         GSignondDbCredentialsDatabase *self,
 361         GSignondIdentityInfo* identity)
 362 {
 363         guint32 id = 0;
 364
 365     g_return_val_if_fail (GSIGNOND_DB_IS_CREDENTIALS_DATABASE (self), FALSE);
 366
 367     id = gsignond_db_metadata_database_update_identity (self->priv->metadata_db,
 368                 identity);
 369
 370     if (id != 0 &&
 371         gsignond_db_credentials_database_is_open_secret_storage (self)) {
 372         GSignondCredentials *creds = NULL;
 373         gboolean un_sec, pwd_sec;
 374         const gchar *tmp_str = NULL;
 375
 376         creds = gsignond_credentials_new ();
 377         gsignond_credentials_set_id (creds, id);
 378
 379         pwd_sec = gsignond_identity_info_get_store_secret (identity) &&
 380                   (tmp_str = gsignond_identity_info_get_secret (identity));
 381         if (pwd_sec) {
 382                 gsignond_credentials_set_password (creds, tmp_str);
 383         }
 384
 385         un_sec = gsignond_identity_info_get_is_username_secret (identity) &&
 386                  (tmp_str = gsignond_identity_info_get_username (identity));
 387         if (un_sec) {
 388                 gsignond_credentials_set_username (creds, tmp_str);
 389         }
 390
 391         if (un_sec || pwd_sec) {
 392             DBG ("Add credentials to secret storage");
 393                 gsignond_secret_storage_update_credentials (
 394                         self->secret_storage, creds);
 395         }
 396         g_object_unref (creds);
 397     }
 398
 399     return id;
 400 }
 401
 402 /**
 403  * gsignond_db_credentials_database_remove_identity:
 404  *
 405  * @self: instance of #GSignondDbCredentialsDatabase
 406  * @identity: the identity info which needs to be removed
 407  *
 408  * Removes the identity info from the credentials database.
 409  *
 410  * Returns: TRUE if successful, FALSE otherwise.
 411  */
 412 gboolean
 413 gsignond_db_credentials_database_remove_identity (
 414         GSignondDbCredentialsDatabase *self,
 415         const guint32 identity_id)
 416 {
 417     g_return_val_if_fail (GSIGNOND_DB_IS_CREDENTIALS_DATABASE (self), FALSE);
 418
 419     if (!gsignond_db_credentials_database_is_open_secret_storage (self)) {
 420         DBG ("Remove failed as DB is not open");
 421         return FALSE;
 422     }
 423         return gsignond_secret_storage_remove_credentials (
 424                                         self->secret_storage,
 425                                         identity_id) &&
 426                    gsignond_db_metadata_database_remove_identity (
 427                                         self->priv->metadata_db,
 428                                         identity_id);
 429 }
 430
 431 /**
 432  * gsignond_db_credentials_database_check_secret:
 433  *
 434  * @self: instance of #GSignondDbCredentialsDatabase
 435  * @identity_id: the id of the identity
 436  * @username: the username of the identity
 437  * @secret: the secret of the identity
 438  *
 439  * Checks the identity info from the credentials database.
 440  *
 441  * Returns: TRUE if successful, FALSE otherwise.
 442  */
 443 gboolean
 444 gsignond_db_credentials_database_check_secret (
 445         GSignondDbCredentialsDatabase *self,
 446         const guint32 identity_id,
 447         const gchar *username,
 448         const gchar *secret)
 449 {
 450         GSignondIdentityInfo *identity = NULL;
 451         gboolean check = FALSE;
 452
 453     g_return_val_if_fail (GSIGNOND_DB_IS_CREDENTIALS_DATABASE (self), FALSE);
 454
 455     if (!gsignond_db_credentials_database_is_open_secret_storage (self)) {
 456         DBG ("Check failed as DB is not open");
 457         return FALSE;
 458     }
 459
 460     identity = gsignond_db_metadata_database_get_identity (
 461                 self->priv->metadata_db, identity_id);
 462     if (identity) {
 463         GSignondCredentials *creds = NULL;
 464
 465                 creds = gsignond_credentials_new ();
 466                 gsignond_credentials_set_id (creds, identity_id);
 467                 gsignond_credentials_set_password (creds, secret);
 468                 if (gsignond_identity_info_get_is_username_secret (identity)) {
 469                 DBG ("Check credentials from storage");
 470                         gsignond_credentials_set_username (creds, username);
 471                         check = gsignond_secret_storage_check_credentials (
 472                                         self->secret_storage, creds);
 473                 } else {
 474                         gsignond_credentials_set_username (creds, "");
 475                         check = g_strcmp0 (username,
 476                                                 gsignond_identity_info_get_username (identity)) == 0 &&
 477                                         gsignond_secret_storage_check_credentials (
 478                                                 self->secret_storage, creds);
 479                 }
 480                 g_object_unref (creds);
 481         gsignond_identity_info_unref (identity);
 482     }
 483         return check;
 484 }
 485
 486 /**
 487  * gsignond_db_credentials_database_load_data:
 488  *
 489  * @self: instance of #GSignondDbCredentialsDatabase
 490  * @identity_id: the id of the identity
 491  * @method: the name of the method
 492  *
 493  * Fetches the data associated with the identity id and method.
 494  *
 495  * Returns: (transfer full) the data if successful, NULL otherwise.
 496  * When done data should be freed with g_hash_table_unref (data)
 497  */
 498 GHashTable*
 499 gsignond_db_credentials_database_load_data (
 500         GSignondDbCredentialsDatabase *self,
 501         const guint32 identity_id,
 502         const gchar *method)
 503 {
 504         guint32 method_id = 0;
 505
 506     g_return_val_if_fail (GSIGNOND_DB_IS_CREDENTIALS_DATABASE (self), NULL);
 507     g_return_val_if_fail (method != NULL, NULL);
 508
 509     if (identity_id == 0 ||
 510         !gsignond_db_credentials_database_is_open_secret_storage (self)) {
 511         DBG ("Load data failed - invalid id (%d)/secret storage not opened",
 512                 identity_id);
 513         return NULL;
 514     }
 515
 516     method_id = gsignond_db_metadata_database_get_method_id (
 517                                 self->priv->metadata_db,
 518                                 method);
 519     if (method_id == 0) {
 520         DBG ("Load data failed - invalid method id");
 521         return NULL;
 522     }
 523         return gsignond_secret_storage_load_data (self->secret_storage,
 524                         identity_id, method_id);
 525 }
 526
 527 /**
 528  * gsignond_db_credentials_database_update_data:
 529  *
 530  * @self: instance of #GSignondDbCredentialsDatabase
 531  * @identity_id: the id of the identity
 532  * @method: the name of the method
 533  * @data: the data to be stored
 534  *
 535  * Stores/updates the data associated with the identity id and method.
 536  *
 537  * Returns: (transfer full) the data if successful, NULL otherwise.
 538  * When done data should be freed with g_hash_table_unref (data)
 539  */
 540 gboolean
 541 gsignond_db_credentials_database_update_data (
 542         GSignondDbCredentialsDatabase *self,
 543         const guint32 identity_id,
 544         const gchar *method,
 545         GHashTable *data)
 546 {
 547         guint32 method_id = 0;
 548
 549     g_return_val_if_fail (GSIGNOND_DB_IS_CREDENTIALS_DATABASE (self), FALSE);
 550     g_return_val_if_fail (method != NULL && data != NULL, FALSE);
 551
 552     if (identity_id == 0 ||
 553         !gsignond_db_credentials_database_is_open_secret_storage (self)) {
 554         DBG ("Update data failed - invalid id(%d)/secret storage not opened",
 555                 identity_id);
 556         return FALSE;
 557     }
 558
 559     method_id = gsignond_db_metadata_database_get_method_id (
 560                                 self->priv->metadata_db,
 561                                 method);
 562     if (method_id == 0) {
 563         if (!gsignond_db_metadata_database_insert_method (
 564                                         self->priv->metadata_db,
 565                                         method,
 566                                         &method_id)) {
 567             DBG ("Update data failed - insertion of method to DB failed");
 568                 return FALSE;
 569         }
 570     }
 571         return gsignond_secret_storage_update_data (self->secret_storage,
 572                         identity_id, method_id, data);
 573 }
 574
 575 /**
 576  * gsignond_db_credentials_database_remove_data:
 577  *
 578  * @self: instance of #GSignondDbCredentialsDatabase
 579  * @identity_id: the id of the identity
 580  * @method: the name of the method
 581  *
 582  * Fetches the data associated with the identity id and method.
 583  *
 584  * Returns: (transfer full) the data if successful, NULL otherwise.
 585  * When done data should be freed with g_hash_table_unref (data)
 586  */
 587 gboolean
 588 gsignond_db_credentials_database_remove_data (
 589         GSignondDbCredentialsDatabase *self,
 590         const guint32 identity_id,
 591         const gchar *method)
 592 {
 593         guint32 method_id = 0;
 594
 595     g_return_val_if_fail (GSIGNOND_DB_IS_CREDENTIALS_DATABASE (self), FALSE);
 596
 597     if (identity_id == 0 ||
 598         !gsignond_db_credentials_database_is_open_secret_storage (self)) {
 599         DBG ("Remove data failed - invalid id (%d)/secret storage not opened",
 600                 identity_id);
 601         return FALSE;
 602     }
 603
 604     if (method && strlen (method) > 0) {
 605         method_id = gsignond_db_metadata_database_get_method_id (
 606                                         self->priv->metadata_db,
 607                                         method);
 608         if (method_id == 0) {
 609             DBG ("Remove data failed - method not found");
 610                 return FALSE;
 611         }
 612     }
 613         return gsignond_secret_storage_remove_data (self->secret_storage,
 614                         identity_id, method_id);
 615 }
 616
 617 /**
 618  * gsignond_db_credentials_database_get_methods:
 619  *
 620  * @self: instance of #GSignondDbCredentialsDatabase
 621  * @identity_id: the id of the identity
 622  * @sec_ctx: the security context
 623  *
 624  * Fetches the list of the methods associated with the specified identity id.
 625  *
 626  * Returns: (transfer full) the list if successful, NULL otherwise.
 627  * When done list should be freed with g_list_free_full (list, g_free)
 628  */
 629 GList *
 630 gsignond_db_credentials_database_get_methods (
 631         GSignondDbCredentialsDatabase *self,
 632         const guint32 identity_id,
 633         GSignondSecurityContext* sec_ctx)
 634 {
 635     g_return_val_if_fail (GSIGNOND_DB_IS_CREDENTIALS_DATABASE (self), NULL);
 636
 637     return gsignond_db_metadata_database_get_methods (self->priv->metadata_db,
 638                 identity_id, sec_ctx);
 639 }
 640
 641 /**
 642  * gsignond_db_credentials_database_insert_reference:
 643  *
 644  * @self: instance of #GSignondDbCredentialsDatabase
 645  * @identity_id: the id of the identity
 646  * @ref_owner: the owner security context
 647  * @reference: reference for the given identity
 648  *
 649  * Insert reference into the database for the given identity id.
 650  *
 651  * Returns: TRUE if successful,FALSE otherwise.
 652  */
 653 gboolean
 654 gsignond_db_credentials_database_insert_reference (
 655         GSignondDbCredentialsDatabase *self,
 656         const guint32 identity_id,
 657         const GSignondSecurityContext *ref_owner,
 658         const gchar *reference)
 659 {
 660     g_return_val_if_fail (GSIGNOND_DB_IS_CREDENTIALS_DATABASE (self), FALSE);
 661
 662     return gsignond_db_metadata_database_insert_reference (
 663                 self->priv->metadata_db, identity_id, ref_owner,reference);
 664 }
 665
 666 /**
 667  * gsignond_db_credentials_database_remove_reference:
 668  *
 669  * @self: instance of #GSignondDbCredentialsDatabase
 670  * @identity_id: the id of the identity
 671  * @ref_owner: the owner security context
 672  * @reference: reference for the given identity
 673  *
 674  * Removes reference from the database for the given identity id.
 675  *
 676  * Returns: TRUE if successful,FALSE otherwise.
 677  */
 678 gboolean
 679 gsignond_db_credentials_database_remove_reference (
 680         GSignondDbCredentialsDatabase *self,
 681         const guint32 identity_id,
 682         const GSignondSecurityContext *ref_owner,
 683         const gchar *reference)
 684 {
 685     g_return_val_if_fail (GSIGNOND_DB_IS_CREDENTIALS_DATABASE (self), FALSE);
 686
 687     return gsignond_db_metadata_database_remove_reference (
 688             self->priv->metadata_db, identity_id, ref_owner, reference);
 689 }
 690
 691 /**
 692  * gsignond_db_credentials_database_get_references:
 693  *
 694  * @self: instance of #GSignondDbCredentialsDatabase
 695  * @identity_id: the id of the identity
 696  * @ref_owner: the owner security context
 697  *
 698  * Gets references from the database for the given identity id.
 699  *
 700  * Returns: (transfer full) the list #GList if successful,
 701  * NULL otherwise. When done the list should be freed with
 702  * g_list_free_full (list, g_free)
 703  */
 704 GList *
 705 gsignond_db_credentials_database_get_references (
 706         GSignondDbCredentialsDatabase *self,
 707         const guint32 identity_id,
 708         const GSignondSecurityContext* ref_owner)
 709 {
 710     g_return_val_if_fail (GSIGNOND_DB_IS_CREDENTIALS_DATABASE (self), NULL);
 711
 712     return gsignond_db_metadata_database_get_references (
 713                 self->priv->metadata_db, identity_id, ref_owner);
 714 }
 715
 716 /**
 717  * gsignond_db_credentials_database_get_accesscontrol_list:
 718  *
 719  * @self: instance of #GSignondDbCredentialsDatabase
 720  * @identity_id: the id of the identity whose access control list is needed
 721  *
 722  * Gets all the access control list from the database into a list.
 723  *
 724  * Returns: (transfer full) the list #GSignondSecurityContextList if successful,
 725  * NULL otherwise. When done the list should be freed with
 726  * gsignond_identity_info_list_free
 727  */
 728 GSignondSecurityContextList *
 729 gsignond_db_credentials_database_get_accesscontrol_list(
 730         GSignondDbCredentialsDatabase *self,
 731         const guint32 identity_id)
 732 {
 733     g_return_val_if_fail (GSIGNOND_DB_IS_CREDENTIALS_DATABASE (self), NULL);
 734
 735     return gsignond_db_metadata_database_get_accesscontrol_list (
 736                 self->priv->metadata_db, identity_id);
 737 }
 738
 739 /**
 740  * gsignond_db_credentials_database_get_owner:
 741  *
 742  * @self: instance of #GSignondDbCredentialsDatabase
 743  * @identity_id: the id of the identity whose owner list is needed
 744  *
 745  * Gets the onwer of the identity referred by @identity_id from the database.
 746  *
 747  * Returns: (transfer full) the list #GSignondSecurityContext if successful,
 748  * NULL otherwise. When done the list should be freed with
 749  * gsignond_identity_info_unref
 750  */
 751 GSignondSecurityContext *
 752 gsignond_db_credentials_database_get_owner(
 753         GSignondDbCredentialsDatabase *self,
 754         const guint32 identity_id)
 755 {
 756     g_return_val_if_fail (GSIGNOND_DB_IS_CREDENTIALS_DATABASE (self), NULL);
 757
 758     return gsignond_db_metadata_database_get_owner (
 759                 self->priv->metadata_db, identity_id);
 760 }
 761
 762 /**
 763  * gsignond_db_credentials_database_get_identity_owner:
 764  *
 765  * @self: instance of #GSignondDbCredentialsDatabase
 766  * @identity_id: the id of the identity whose owner is needed
 767  *
 768  * Gets the owner from the database for the given identity id.
 769  *
 770  * Returns: (transfer full) the #GSignondSecurityContext if successful,
 771  * NULL otherwise. When done the context, it should be freed with
 772  * gsignond_identity_info_unref
 773  */
 774 GSignondSecurityContext *
 775 gsignond_db_credentials_database_get_identity_owner (
 776                 GSignondDbCredentialsDatabase *self,
 777         const guint32 identity_id)
 778 {
 779         GSignondSecurityContext *ctx = NULL;
 780
 781     g_return_val_if_fail (GSIGNOND_DB_IS_CREDENTIALS_DATABASE (self), NULL);
 782
 783     ctx = gsignond_db_metadata_database_get_owner (
 784                         self->priv->metadata_db, identity_id);
 785     return ctx;
 786 }
 787
 788 const GError *
 789 gsignond_db_credentials_database_get_last_error (
 790     GSignondDbCredentialsDatabase *self)
 791 {
 792     g_return_val_if_fail (self && GSIGNOND_DB_IS_CREDENTIALS_DATABASE (self), NULL);
 793
 794     return gsignond_db_sql_database_get_last_error (
 795         GSIGNOND_DB_SQL_DATABASE (self->priv->metadata_db));
 796 }
 797