HP Open Source Security for OpenVMS Volume 1: Common Data Security Architecture > CDSA API Functions

CSSM_GetKeyAcl

 » Table of Contents

 » Glossary

 » Index

NAME

CSSM_GetKeyAcl — Get ACL entries by key (CDSA)

SYNOPSIS

# include <cssm.h>
CSSM_RETURN CSSMAPI CSSM_GetKeyAcl
(CSSM_CSP_HANDLE CSPHandle,
const CSSM_KEY *Key,
const CSSM_STRING *SelectionTag,
uint32 *NumberOfAclInfos,
CSSM_ACL_ENTRY_INFO_PTR *AclInfos)

LIBRARY

Common Security Services Manager library (cdsa$incssm300_shr.exe)

PARAMETERS

CSPHandle (input)
  

The module handle that identifies the Cryptographic Service Provider to perform this operation.

Key (input) 

A pointer to the target key whose associated ACL entries are scanned and returned.

SelectionTag (input/optional)
  

A CSSM_STRING value matching the user-defined tag value associated with one or more ACL entries for the target Key. To retrieve a description of all ACL entries for the target Key, this parameter must be NULL.

NumberOfAclInfos (output)
  

The number of entries in the AclInfos array. If no ACL entry descriptions are returned, this value is zero.

AclInfos (output)
  

An array of CSSM_ACL_ENTRY_INFO structures. The unique handle contained in this structure can be used during the current attach session to reference specific ACL entries for editing. The structure is allocated by the service provider and must be released by the caller when the structure is no longer needed. If no ACL entry descriptions are returned, this value is NULL.

DESCRIPTION

This function returns a description of zero or more ACL entries managed by the CSP and associated with the target key. The optional input SelectionTag restricts the returned descriptions to those ACL entries with a matching EntryTag value. If a SelectionTag value is specified and no matches are found, zero descriptions are returned. If no SelectionTag is specified, a description of all ACL entries associated with the key is returned by this function.

Each AclInfo structure contains:

  • Public contents of an ACL entry

  • ACL EntryHandle, which is a unique value defined and managed by the service provider

The public ACL entry information returned by this function includes:

Subject type and value
  

A CSSM_LIST structure containing one element identifying the type of subject stored in the ACL entry.

Delegation flag 

A CSSM_BOOL value indicating whether the subject can delegate the permissions recorded in the authorization array.

Authorization array
  

A CSSM_AUTHORIZATIONGROUP structure defining the set of operations for which permission is granted to the subject.

Validity period 

A CSSM_ACL_VALIDITY_PERIOD structure containing two elements, the start time and the stop time for which the ACL entry is valid.

ACL entry tag 

A CSSM_STRING containing a user-defined value associated with the ACL entry.

RETURN VALUE

A CSSM_RETURN value indicating success or specifying a particular error condition. The value CSSM_OK indicates success. All other values represent an error condition.

ERRORS

Errors are described in the CDSA Technical Standard.

None specific to this call.

SEE ALSO

Books

Intel CDSA Application Developer's Guide

Online Help

Functions: CSSM_ChangeKeyAcl