src/daemon/db/gsignond-db-credentials-database.c

   1 /* vi: set et sw=4 ts=4 cino=t0,(0: */
   2 /* -*- Mode: C; indent-tabs-mode: nil; c-basic-offset: 4 -*- */
   3 /*
   4  * This file is part of gsignond
   5  *
   6  * Copyright (C) 2012 Intel Corporation.
   7  *
   8  * Contact: Imran Zaman <imran.zaman@linux.intel.com>
   9  *
  10  * This library is free software; you can redistribute it and/or
  11  * modify it under the terms of the GNU Lesser General Public
  12  * License as published by the Free Software Foundation; either
  13  * version 2.1 of the License, or (at your option) any later version.
  14  *
  15  * This library is distributed in the hope that it will be useful, but
  16  * WITHOUT ANY WARRANTY; without even the implied warranty of
  17  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
  18  * Lesser General Public License for more details.
  19  *
  20  * You should have received a copy of the GNU Lesser General Public
  21  * License along with this library; if not, write to the Free Software
  22  * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
  23  * 02110-1301 USA
  24  */
  25 #include <string.h>
  26
  27 #include "gsignond/gsignond-log.h"
  28 #include "gsignond/gsignond-credentials.h"
  29 #include "common/db/gsignond-db-error.h"
  30 #include "common/gsignond-identity-info-internal.h"
  31 #include "gsignond-db-credentials-database.h"
  32
  33 #define GSIGNOND_DB_CREDENTIALS_DATABASE_GET_PRIVATE(obj) \
  34                                        (G_TYPE_INSTANCE_GET_PRIVATE ((obj),\
  35                                         GSIGNOND_DB_TYPE_CREDENTIALS_DATABASE, \
  36                                         GSignondDbCredentialsDatabasePrivate))
  37
  38 G_DEFINE_TYPE (GSignondDbCredentialsDatabase, gsignond_db_credentials_database,
  39         G_TYPE_OBJECT);
  40
  41 struct _GSignondDbCredentialsDatabasePrivate
  42 {
  43     GSignondDbMetadataDatabase *metadata_db;
  44 };
  45
  46 enum
  47 {
  48     PROP_0,
  49     PROP_CONFIG,
  50     PROP_STORAGE,
  51     N_PROPERTIES
  52 };
  53
  54 static GParamSpec *properties[N_PROPERTIES] = { NULL, };
  55
  56 static void
  57 _set_property (GObject *object, guint prop_id, const GValue *value,
  58                GParamSpec *pspec)
  59 {
  60     GSignondDbCredentialsDatabase *self =
  61             GSIGNOND_DB_CREDENTIALS_DATABASE (object);
  62
  63     switch (prop_id) {
  64         case PROP_CONFIG:
  65             g_assert (self->config == NULL);
  66             self->config = g_value_dup_object (value);
  67             break;
  68         case PROP_STORAGE:
  69             g_assert (self->secret_storage == NULL);
  70             self->secret_storage = g_value_dup_object (value);
  71             break;
  72         default:
  73             G_OBJECT_WARN_INVALID_PROPERTY_ID (object, prop_id, pspec);
  74     }
  75 }
  76
  77 static void
  78 _get_property (GObject *object, guint prop_id, GValue *value, GParamSpec *pspec)
  79 {
  80     GSignondDbCredentialsDatabase *self =
  81             GSIGNOND_DB_CREDENTIALS_DATABASE (object);
  82
  83     switch (prop_id) {
  84         case PROP_CONFIG:
  85             g_value_set_object (value, self->config);
  86             break;
  87         case PROP_STORAGE:
  88             g_value_set_object (value, self->secret_storage);
  89             break;
  90         default:
  91             G_OBJECT_WARN_INVALID_PROPERTY_ID (object, prop_id, pspec);
  92     }
  93 }
  94
  95 static void
  96 _gsignond_db_credentials_database_dispose (GObject *gobject)
  97 {
  98     g_return_if_fail (GSIGNOND_DB_IS_CREDENTIALS_DATABASE (gobject));
  99     GSignondDbCredentialsDatabase *self =
 100             GSIGNOND_DB_CREDENTIALS_DATABASE (gobject);
 101
 102     if (self->config) {
 103         g_object_unref (self->config);
 104         self->config = NULL;
 105     }
 106     if (self->secret_storage) {
 107         g_object_unref (self->secret_storage);
 108         self->secret_storage = NULL;
 109     }
 110     if (self->priv->metadata_db) {
 111         g_object_unref (self->priv->metadata_db);
 112         self->priv->metadata_db = NULL;
 113     }
 114     G_OBJECT_CLASS (gsignond_db_credentials_database_parent_class)->dispose (
 115             gobject);
 116 }
 117
 118 static void
 119 gsignond_db_credentials_database_class_init (
 120         GSignondDbCredentialsDatabaseClass *klass)
 121 {
 122     GObjectClass *gobject_class = G_OBJECT_CLASS (klass);
 123
 124     gobject_class->set_property = _set_property;
 125     gobject_class->get_property = _get_property;
 126     gobject_class->dispose = _gsignond_db_credentials_database_dispose;
 127
 128     properties[PROP_CONFIG] = g_param_spec_object (
 129             "config",
 130             "config",
 131             "Configuration object",
 132             GSIGNOND_TYPE_CONFIG,
 133             G_PARAM_CONSTRUCT_ONLY |
 134             G_PARAM_READWRITE |
 135             G_PARAM_STATIC_STRINGS);
 136     properties[PROP_STORAGE] = g_param_spec_object (
 137             "storage",
 138             "storage",
 139             "Secure Storage object",
 140             GSIGNOND_TYPE_SECRET_STORAGE,
 141             G_PARAM_CONSTRUCT_ONLY |
 142             G_PARAM_READWRITE |
 143             G_PARAM_STATIC_STRINGS);
 144     g_object_class_install_properties (gobject_class, N_PROPERTIES, properties);
 145
 146     g_type_class_add_private (klass,
 147             sizeof (GSignondDbCredentialsDatabasePrivate));
 148 }
 149
 150 static void
 151 gsignond_db_credentials_database_init (
 152         GSignondDbCredentialsDatabase *self)
 153 {
 154     self->priv = GSIGNOND_DB_CREDENTIALS_DATABASE_GET_PRIVATE (self);
 155     self->config = NULL;
 156     self->secret_storage = NULL;
 157     self->priv->metadata_db = NULL;
 158 }
 159
 160 /**
 161  * gsignond_db_credentials_database_new:
 162  *
 163  * @config: (transfer none) the #GSignondConfig object
 164  * @storage: (transfer none) the #GSignondSecretStorage object
 165  *
 166  * Creates new #GSignondDbCredentialsDatabase object
 167  *
 168  * Returns: (transfer full) the #GSignondDbCredentialsDatabase object
 169  */
 170 GSignondDbCredentialsDatabase *
 171 gsignond_db_credentials_database_new (
 172         GSignondConfig *config,
 173         GSignondSecretStorage *storage)
 174 {
 175
 176         GSignondDbCredentialsDatabase *self = NULL;
 177         self = GSIGNOND_DB_CREDENTIALS_DATABASE (
 178             g_object_new (GSIGNOND_DB_TYPE_CREDENTIALS_DATABASE,
 179                     "config",
 180                     config,
 181                     "storage",
 182                     storage,
 183                     NULL));
 184         if (self) {
 185             self->priv->metadata_db = gsignond_db_metadata_database_new (
 186                     self->config);
 187             if (self->priv->metadata_db) {
 188                 gsignond_db_metadata_database_open (self->priv->metadata_db);
 189             }
 190         }
 191         return self;
 192 }
 193
 194 /**
 195  * gsignond_db_credentials_database_open_secret_storage:
 196  *
 197  * @self: instance of #GSignondDbCredentialsDatabase
 198  *
 199  * Opens (and initializes) secret storage.
 200  *
 201  * Returns: TRUE if successful, FALSE otherwise.
 202  */
 203 gboolean
 204 gsignond_db_credentials_database_open_secret_storage (
 205         GSignondDbCredentialsDatabase *self)
 206 {
 207     g_return_val_if_fail (GSIGNOND_DB_IS_CREDENTIALS_DATABASE (self), FALSE);
 208     g_return_val_if_fail (self->secret_storage != NULL, FALSE);
 209
 210         return gsignond_secret_storage_open_db (self->secret_storage);
 211 }
 212
 213 /**
 214  * gsignond_db_credentials_database_close_secret_storage:
 215  *
 216  * @self: instance of #GSignondDbCredentialsDatabase
 217  *
 218  * Closes the secret storage.
 219  *
 220  * Returns: TRUE if successful, FALSE otherwise.
 221  */
 222 gboolean
 223 gsignond_db_credentials_database_close_secret_storage (
 224         GSignondDbCredentialsDatabase *self)
 225 {
 226     g_return_val_if_fail (GSIGNOND_DB_IS_CREDENTIALS_DATABASE (self), FALSE);
 227     g_return_val_if_fail (self->secret_storage != NULL, FALSE);
 228
 229         return gsignond_secret_storage_close_db (self->secret_storage);
 230 }
 231
 232 /**
 233  * gsignond_db_credentials_database_is_open_secret_storage:
 234  *
 235  * @self: instance of #GSignondDbCredentialsDatabase
 236  *
 237  * Checks if secret storage is open or not.
 238  *
 239  * Returns: TRUE if secret storage is open, FALSE otherwise.
 240  */
 241 gboolean
 242 gsignond_db_credentials_database_is_open_secret_storage (
 243         GSignondDbCredentialsDatabase *self)
 244 {
 245     g_return_val_if_fail (GSIGNOND_DB_IS_CREDENTIALS_DATABASE (self), FALSE);
 246     g_return_val_if_fail (self->secret_storage != NULL, FALSE);
 247
 248         return gsignond_secret_storage_is_open_db (self->secret_storage);
 249 }
 250
 251 /**
 252  * gsignond_db_credentials_database_clear:
 253  *
 254  * @self: instance of #GSignondDbCredentialsDatabase
 255  *
 256  * Clears the credentials database.
 257  *
 258  * Returns: TRUE if secret storage is open, FALSE otherwise.
 259  */
 260 gboolean
 261 gsignond_db_credentials_database_clear (GSignondDbCredentialsDatabase *self)
 262 {
 263     g_return_val_if_fail (GSIGNOND_DB_IS_CREDENTIALS_DATABASE (self), FALSE);
 264     g_return_val_if_fail (self->secret_storage != NULL, FALSE);
 265
 266         return gsignond_secret_storage_clear_db (self->secret_storage) &&
 267                         gsignond_db_sql_database_clear (
 268                                         GSIGNOND_DB_SQL_DATABASE (self->priv->metadata_db));
 269 }
 270
 271 /**
 272  * gsignond_db_credentials_database_load_identity:
 273  *
 274  * @self: instance of #GSignondDbCredentialsDatabase
 275  * @identity_id: the id of the identity
 276  * @query_secret: whether to query the password or not
 277  *
 278  * Fetches the info associated with the specified identity id.
 279  *
 280  * Returns: (transfer full) the info #GSignondIdentityInfo if successful,
 281  * NULL otherwise. When done, it should be freed with
 282  * gsignond_identity_info_unref (identity)
 283  */
 284 GSignondIdentityInfo *
 285 gsignond_db_credentials_database_load_identity (
 286         GSignondDbCredentialsDatabase *self,
 287         const guint32 identity_id,
 288         gboolean query_secret)
 289 {
 290         GSignondIdentityInfo *identity = NULL;
 291     gboolean is_un_sec = FALSE;
 292     gboolean is_pwd_sec =  FALSE;
 293
 294         g_return_val_if_fail (GSIGNOND_DB_IS_CREDENTIALS_DATABASE (self), NULL);
 295
 296     identity = gsignond_db_metadata_database_get_identity (
 297                 self->priv->metadata_db, identity_id);
 298     if (!identity)
 299         return identity;
 300
 301     if (query_secret &&
 302         !gsignond_identity_info_get_is_identity_new (identity) &&
 303         gsignond_db_credentials_database_is_open_secret_storage (self)) {
 304
 305         is_un_sec = gsignond_identity_info_get_is_username_secret (identity);
 306         is_pwd_sec = gsignond_identity_info_get_store_secret (identity);
 307         if (is_un_sec || is_pwd_sec) {
 308             GSignondCredentials * creds;
 309             creds = gsignond_secret_storage_load_credentials (
 310                     self->secret_storage, identity_id);
 311             if (creds) {
 312                 if (is_un_sec)
 313                     gsignond_identity_info_set_username (identity,
 314                             gsignond_credentials_get_username (creds));
 315                 if (is_pwd_sec)
 316                     gsignond_identity_info_set_secret (identity,
 317                             gsignond_credentials_get_password (creds));
 318                 g_object_unref (creds);
 319             }
 320         }
 321     }
 322     /* Reseting the edit state to NONE as its newly loaded identity */
 323     gsignond_identity_info_reset_edit_flags (identity, IDENTITY_INFO_PROP_NONE);
 324
 325         return identity;
 326 }
 327
 328 /**
 329  * gsignond_db_credentials_database_load_identities:
 330  *
 331  * @self: instance of #GSignondDbCredentialsDatabase
 332  * @filter: (transfer none) filter to apply. Currently supported filters:
 333  *   ("Owner":GSignondSecurtityContext *context) - Identities matched with this 'context'
 334  *   ("Type":guint32 type) - Identities matched with 'type'
 335  *   ("Caption":gchar *caption) - Identties matched/start with 'caption'
 336  *
 337  * Fetches the list of the identities.
 338  *
 339  * Returns: (transfer full) the list if successful, NULL otherwise.
 340  * When done list should be freed with gsignond_identity_info_list_free (list)
 341  */
 342 GSignondIdentityInfoList *
 343 gsignond_db_credentials_database_load_identities (
 344         GSignondDbCredentialsDatabase *self,
 345         GSignondDictionary *filter)
 346 {
 347     g_return_val_if_fail (GSIGNOND_DB_IS_CREDENTIALS_DATABASE (self), NULL);
 348
 349         return gsignond_db_metadata_database_get_identities (
 350                         self->priv->metadata_db, filter);
 351 }
 352
 353 /**
 354  * gsignond_db_credentials_database_update_identity:
 355  *
 356  * @self: instance of #GSignondDbCredentialsDatabase
 357  * @identity: the identity info which needs to be inserted to db
 358  * @store_secret: flag to indicate whether to store the secret or not
 359  *
 360  * Updates the identity info in the credentials database.
 361  *
 362  * Returns: the id of the updated identity, 0 otherwise.
 363  */
 364 guint32
 365 gsignond_db_credentials_database_update_identity (
 366         GSignondDbCredentialsDatabase *self,
 367         GSignondIdentityInfo* identity)
 368 {
 369         guint32 id = 0;
 370
 371     g_return_val_if_fail (GSIGNOND_DB_IS_CREDENTIALS_DATABASE (self), FALSE);
 372
 373     id = gsignond_db_metadata_database_update_identity (self->priv->metadata_db,
 374                 identity);
 375
 376     if (!id) return 0;
 377
 378     /* Reseting the edit state to NONE as all the changes are stored in db. */
 379     gsignond_identity_info_reset_edit_flags (identity, IDENTITY_INFO_PROP_NONE);
 380
 381     if (gsignond_db_credentials_database_is_open_secret_storage (self)) {
 382         GSignondCredentials *creds = NULL;
 383         gboolean un_sec, pwd_sec;
 384         const gchar *tmp_str = NULL;
 385
 386         creds = gsignond_credentials_new ();
 387         gsignond_credentials_set_id (creds, id);
 388
 389         pwd_sec = gsignond_identity_info_get_store_secret (identity) &&
 390                   (tmp_str = gsignond_identity_info_get_secret (identity));
 391         if (pwd_sec) {
 392                 gsignond_credentials_set_password (creds, tmp_str);
 393         }
 394
 395         un_sec = gsignond_identity_info_get_is_username_secret (identity) &&
 396                  (tmp_str = gsignond_identity_info_get_username (identity));
 397         if (un_sec) {
 398                 gsignond_credentials_set_username (creds, tmp_str);
 399         }
 400
 401         if (un_sec || pwd_sec) {
 402             DBG ("Add credentials to secret storage");
 403                 gsignond_secret_storage_update_credentials (
 404                         self->secret_storage, creds);
 405         }
 406         g_object_unref (creds);
 407     }
 408
 409     return id;
 410 }
 411
 412 /**
 413  * gsignond_db_credentials_database_remove_identity:
 414  *
 415  * @self: instance of #GSignondDbCredentialsDatabase
 416  * @identity: the identity info which needs to be removed
 417  *
 418  * Removes the identity info from the credentials database.
 419  *
 420  * Returns: TRUE if successful, FALSE otherwise.
 421  */
 422 gboolean
 423 gsignond_db_credentials_database_remove_identity (
 424         GSignondDbCredentialsDatabase *self,
 425         const guint32 identity_id)
 426 {
 427     g_return_val_if_fail (GSIGNOND_DB_IS_CREDENTIALS_DATABASE (self), FALSE);
 428
 429     if (!gsignond_db_credentials_database_is_open_secret_storage (self)) {
 430         DBG ("Remove failed as DB is not open");
 431         return FALSE;
 432     }
 433         return gsignond_secret_storage_remove_credentials (
 434                                         self->secret_storage,
 435                                         identity_id) &&
 436                    gsignond_db_metadata_database_remove_identity (
 437                                         self->priv->metadata_db,
 438                                         identity_id);
 439 }
 440
 441 /**
 442  * gsignond_db_credentials_database_check_secret:
 443  *
 444  * @self: instance of #GSignondDbCredentialsDatabase
 445  * @identity_id: the id of the identity
 446  * @username: the username of the identity
 447  * @secret: the secret of the identity
 448  *
 449  * Checks the identity info from the credentials database.
 450  *
 451  * Returns: TRUE if successful, FALSE otherwise.
 452  */
 453 gboolean
 454 gsignond_db_credentials_database_check_secret (
 455         GSignondDbCredentialsDatabase *self,
 456         const guint32 identity_id,
 457         const gchar *username,
 458         const gchar *secret)
 459 {
 460         GSignondIdentityInfo *identity = NULL;
 461         gboolean check = FALSE;
 462
 463     g_return_val_if_fail (GSIGNOND_DB_IS_CREDENTIALS_DATABASE (self), FALSE);
 464
 465     if (!gsignond_db_credentials_database_is_open_secret_storage (self)) {
 466         DBG ("Check failed as DB is not open");
 467         return FALSE;
 468     }
 469
 470     identity = gsignond_db_metadata_database_get_identity (
 471                 self->priv->metadata_db, identity_id);
 472     if (identity) {
 473         GSignondCredentials *creds = NULL;
 474
 475                 creds = gsignond_credentials_new ();
 476                 gsignond_credentials_set_id (creds, identity_id);
 477                 gsignond_credentials_set_password (creds, secret);
 478                 if (gsignond_identity_info_get_is_username_secret (identity)) {
 479                 DBG ("Check credentials from storage");
 480                         gsignond_credentials_set_username (creds, username);
 481                         check = gsignond_secret_storage_check_credentials (
 482                                         self->secret_storage, creds);
 483                 } else {
 484                         gsignond_credentials_set_username (creds, "");
 485                         check = g_strcmp0 (username,
 486                                                 gsignond_identity_info_get_username (identity)) == 0 &&
 487                                         gsignond_secret_storage_check_credentials (
 488                                                 self->secret_storage, creds);
 489                 }
 490                 g_object_unref (creds);
 491         gsignond_identity_info_unref (identity);
 492     }
 493         return check;
 494 }
 495
 496 /**
 497  * gsignond_db_credentials_database_load_data:
 498  *
 499  * @self: instance of #GSignondDbCredentialsDatabase
 500  * @identity_id: the id of the identity
 501  * @method: the name of the method
 502  *
 503  * Fetches the data associated with the identity id and method.
 504  *
 505  * Returns: (transfer full) the data if successful, NULL otherwise.
 506  * When done data should be freed with g_hash_table_unref (data)
 507  */
 508 GHashTable*
 509 gsignond_db_credentials_database_load_data (
 510         GSignondDbCredentialsDatabase *self,
 511         const guint32 identity_id,
 512         const gchar *method)
 513 {
 514         guint32 method_id = 0;
 515
 516     g_return_val_if_fail (GSIGNOND_DB_IS_CREDENTIALS_DATABASE (self), NULL);
 517     g_return_val_if_fail (method != NULL, NULL);
 518
 519     if (identity_id == 0 ||
 520         !gsignond_db_credentials_database_is_open_secret_storage (self)) {
 521         DBG ("Load data failed - invalid id (%d)/secret storage not opened",
 522                 identity_id);
 523         return NULL;
 524     }
 525
 526     method_id = gsignond_db_metadata_database_get_method_id (
 527                                 self->priv->metadata_db,
 528                                 method);
 529     if (method_id == 0) {
 530         DBG ("Load data failed - invalid method id");
 531         return NULL;
 532     }
 533         return gsignond_secret_storage_load_data (self->secret_storage,
 534                         identity_id, method_id);
 535 }
 536
 537 /**
 538  * gsignond_db_credentials_database_update_data:
 539  *
 540  * @self: instance of #GSignondDbCredentialsDatabase
 541  * @identity_id: the id of the identity
 542  * @method: the name of the method
 543  * @data: the data to be stored
 544  *
 545  * Stores/updates the data associated with the identity id and method.
 546  *
 547  * Returns: (transfer full) the data if successful, NULL otherwise.
 548  * When done data should be freed with g_hash_table_unref (data)
 549  */
 550 gboolean
 551 gsignond_db_credentials_database_update_data (
 552         GSignondDbCredentialsDatabase *self,
 553         const guint32 identity_id,
 554         const gchar *method,
 555         GHashTable *data)
 556 {
 557         guint32 method_id = 0;
 558
 559     g_return_val_if_fail (GSIGNOND_DB_IS_CREDENTIALS_DATABASE (self), FALSE);
 560     g_return_val_if_fail (method != NULL && data != NULL, FALSE);
 561
 562     if (identity_id == 0 ||
 563         !gsignond_db_credentials_database_is_open_secret_storage (self)) {
 564         DBG ("Update data failed - invalid id(%d)/secret storage not opened",
 565                 identity_id);
 566         return FALSE;
 567     }
 568
 569     method_id = gsignond_db_metadata_database_get_method_id (
 570                                 self->priv->metadata_db,
 571                                 method);
 572     if (method_id == 0) {
 573         if (!gsignond_db_metadata_database_insert_method (
 574                                         self->priv->metadata_db,
 575                                         method,
 576                                         &method_id)) {
 577             DBG ("Update data failed - insertion of method to DB failed");
 578                 return FALSE;
 579         }
 580     }
 581         return gsignond_secret_storage_update_data (self->secret_storage,
 582                         identity_id, method_id, data);
 583 }
 584
 585 /**
 586  * gsignond_db_credentials_database_remove_data:
 587  *
 588  * @self: instance of #GSignondDbCredentialsDatabase
 589  * @identity_id: the id of the identity
 590  * @method: the name of the method
 591  *
 592  * Fetches the data associated with the identity id and method.
 593  *
 594  * Returns: (transfer full) the data if successful, NULL otherwise.
 595  * When done data should be freed with g_hash_table_unref (data)
 596  */
 597 gboolean
 598 gsignond_db_credentials_database_remove_data (
 599         GSignondDbCredentialsDatabase *self,
 600         const guint32 identity_id,
 601         const gchar *method)
 602 {
 603         guint32 method_id = 0;
 604
 605     g_return_val_if_fail (GSIGNOND_DB_IS_CREDENTIALS_DATABASE (self), FALSE);
 606
 607     if (identity_id == 0 ||
 608         !gsignond_db_credentials_database_is_open_secret_storage (self)) {
 609         DBG ("Remove data failed - invalid id (%d)/secret storage not opened",
 610                 identity_id);
 611         return FALSE;
 612     }
 613
 614     if (method && strlen (method) > 0) {
 615         method_id = gsignond_db_metadata_database_get_method_id (
 616                                         self->priv->metadata_db,
 617                                         method);
 618         if (method_id == 0) {
 619             DBG ("Remove data failed - method not found");
 620                 return FALSE;
 621         }
 622     }
 623         return gsignond_secret_storage_remove_data (self->secret_storage,
 624                         identity_id, method_id);
 625 }
 626
 627 /**
 628  * gsignond_db_credentials_database_get_methods:
 629  *
 630  * @self: instance of #GSignondDbCredentialsDatabase
 631  * @identity_id: the id of the identity
 632  * @sec_ctx: the security context
 633  *
 634  * Fetches the list of the methods associated with the specified identity id.
 635  *
 636  * Returns: (transfer full) the list if successful, NULL otherwise.
 637  * When done list should be freed with g_list_free_full (list, g_free)
 638  */
 639 GList *
 640 gsignond_db_credentials_database_get_methods (
 641         GSignondDbCredentialsDatabase *self,
 642         const guint32 identity_id,
 643         GSignondSecurityContext* sec_ctx)
 644 {
 645     g_return_val_if_fail (GSIGNOND_DB_IS_CREDENTIALS_DATABASE (self), NULL);
 646
 647     return gsignond_db_metadata_database_get_methods (self->priv->metadata_db,
 648                 identity_id, sec_ctx);
 649 }
 650
 651 /**
 652  * gsignond_db_credentials_database_insert_reference:
 653  *
 654  * @self: instance of #GSignondDbCredentialsDatabase
 655  * @identity_id: the id of the identity
 656  * @ref_owner: the owner security context
 657  * @reference: reference for the given identity
 658  *
 659  * Insert reference into the database for the given identity id.
 660  *
 661  * Returns: TRUE if successful,FALSE otherwise.
 662  */
 663 gboolean
 664 gsignond_db_credentials_database_insert_reference (
 665         GSignondDbCredentialsDatabase *self,
 666         const guint32 identity_id,
 667         const GSignondSecurityContext *ref_owner,
 668         const gchar *reference)
 669 {
 670     g_return_val_if_fail (GSIGNOND_DB_IS_CREDENTIALS_DATABASE (self), FALSE);
 671
 672     return gsignond_db_metadata_database_insert_reference (
 673                 self->priv->metadata_db, identity_id, ref_owner,reference);
 674 }
 675
 676 /**
 677  * gsignond_db_credentials_database_remove_reference:
 678  *
 679  * @self: instance of #GSignondDbCredentialsDatabase
 680  * @identity_id: the id of the identity
 681  * @ref_owner: the owner security context
 682  * @reference: reference for the given identity
 683  *
 684  * Removes reference from the database for the given identity id.
 685  *
 686  * Returns: TRUE if successful,FALSE otherwise.
 687  */
 688 gboolean
 689 gsignond_db_credentials_database_remove_reference (
 690         GSignondDbCredentialsDatabase *self,
 691         const guint32 identity_id,
 692         const GSignondSecurityContext *ref_owner,
 693         const gchar *reference)
 694 {
 695     g_return_val_if_fail (GSIGNOND_DB_IS_CREDENTIALS_DATABASE (self), FALSE);
 696
 697     return gsignond_db_metadata_database_remove_reference (
 698             self->priv->metadata_db, identity_id, ref_owner, reference);
 699 }
 700
 701 /**
 702  * gsignond_db_credentials_database_get_references:
 703  *
 704  * @self: instance of #GSignondDbCredentialsDatabase
 705  * @identity_id: the id of the identity
 706  * @ref_owner: the owner security context
 707  *
 708  * Gets references from the database for the given identity id.
 709  *
 710  * Returns: (transfer full) the list #GList if successful,
 711  * NULL otherwise. When done the list should be freed with
 712  * g_list_free_full (list, g_free)
 713  */
 714 GList *
 715 gsignond_db_credentials_database_get_references (
 716         GSignondDbCredentialsDatabase *self,
 717         const guint32 identity_id,
 718         const GSignondSecurityContext* ref_owner)
 719 {
 720     g_return_val_if_fail (GSIGNOND_DB_IS_CREDENTIALS_DATABASE (self), NULL);
 721
 722     return gsignond_db_metadata_database_get_references (
 723                 self->priv->metadata_db, identity_id, ref_owner);
 724 }
 725
 726 /**
 727  * gsignond_db_credentials_database_get_accesscontrol_list:
 728  *
 729  * @self: instance of #GSignondDbCredentialsDatabase
 730  * @identity_id: the id of the identity whose access control list is needed
 731  *
 732  * Gets all the access control list from the database into a list.
 733  *
 734  * Returns: (transfer full) the list #GSignondSecurityContextList if successful,
 735  * NULL otherwise. When done the list should be freed with
 736  * gsignond_identity_info_list_free
 737  */
 738 GSignondSecurityContextList *
 739 gsignond_db_credentials_database_get_accesscontrol_list(
 740         GSignondDbCredentialsDatabase *self,
 741         const guint32 identity_id)
 742 {
 743     g_return_val_if_fail (GSIGNOND_DB_IS_CREDENTIALS_DATABASE (self), NULL);
 744
 745     return gsignond_db_metadata_database_get_accesscontrol_list (
 746                 self->priv->metadata_db, identity_id);
 747 }
 748
 749 /**
 750  * gsignond_db_credentials_database_get_owner:
 751  *
 752  * @self: instance of #GSignondDbCredentialsDatabase
 753  * @identity_id: the id of the identity whose owner list is needed
 754  *
 755  * Gets the onwer of the identity referred by @identity_id from the database.
 756  *
 757  * Returns: (transfer full) the list #GSignondSecurityContext if successful,
 758  * NULL otherwise. When done the list should be freed with
 759  * gsignond_identity_info_unref
 760  */
 761 GSignondSecurityContext *
 762 gsignond_db_credentials_database_get_owner(
 763         GSignondDbCredentialsDatabase *self,
 764         const guint32 identity_id)
 765 {
 766     g_return_val_if_fail (GSIGNOND_DB_IS_CREDENTIALS_DATABASE (self), NULL);
 767
 768     return gsignond_db_metadata_database_get_owner (
 769                 self->priv->metadata_db, identity_id);
 770 }
 771
 772 /**
 773  * gsignond_db_credentials_database_get_identity_owner:
 774  *
 775  * @self: instance of #GSignondDbCredentialsDatabase
 776  * @identity_id: the id of the identity whose owner is needed
 777  *
 778  * Gets the owner from the database for the given identity id.
 779  *
 780  * Returns: (transfer full) the #GSignondSecurityContext if successful,
 781  * NULL otherwise. When done the context, it should be freed with
 782  * gsignond_identity_info_unref
 783  */
 784 GSignondSecurityContext *
 785 gsignond_db_credentials_database_get_identity_owner (
 786                 GSignondDbCredentialsDatabase *self,
 787         const guint32 identity_id)
 788 {
 789         GSignondSecurityContext *ctx = NULL;
 790
 791     g_return_val_if_fail (GSIGNOND_DB_IS_CREDENTIALS_DATABASE (self), NULL);
 792
 793     ctx = gsignond_db_metadata_database_get_owner (
 794                         self->priv->metadata_db, identity_id);
 795     return ctx;
 796 }
 797
 798 const GError *
 799 gsignond_db_credentials_database_get_last_error (
 800     GSignondDbCredentialsDatabase *self)
 801 {
 802     g_return_val_if_fail (self && GSIGNOND_DB_IS_CREDENTIALS_DATABASE (self), NULL);
 803
 804     return gsignond_db_sql_database_get_last_error (
 805         GSIGNOND_DB_SQL_DATABASE (self->priv->metadata_db));
 806 }
 807