|
CSSM_GetKeyAcl(3)
Contents |
CSSM_GetKeyAcl - Get ACL entries by key (CDSA)
# include <cdsa/cssm.h>
CSSM_RETURN CSSMAPI CSSM_GetKeyAcl (CSSM_CSP_HANDLE
CSPHandle, const CSSM_KEY *Key, const CSSM_STRING *SelectionTag,
uint32 *NumberOfAclInfos, CSSM_ACL_ENTRY_INFO_PTR
*AclInfos)
Common Security Services Manager library (libcssm.so)
The module handle that identifies the cryptographic service
provider to perform this operation. A pointer to the
target key whose associated ACL entries are scanned and
returned. A CSSM_STRING value matching the user-defined
tag value associated with one or more ACL entries for the
target Key. To retrieve a description of all ACL entries
for the target Key, this parameter must be NULL. The number
of entries in the AclInfos array. If no ACL entry
descriptions are returned, this value is zero. An array
of CSSM_ACL_ENTRY_INFO structures. The unique handle contained
in this structure can be used during the current
attach session to reference specific ACL entries for editing.
The structure is allocated by the service provider
and must be released by the caller when the structure is
no longer needed. If no ACL entry descriptions are
returned, this value is NULL.
This function returns a description of zero or more ACL
entries managed by the CSP and associated with the target
key. The optional input SelectionTag restricts the
returned descriptions to those ACL entries with a matching
EntryTag value. If a SelectionTag value is specified and
no matches are found, zero descriptions are returned. If
no SelectionTag is specified, a description of all ACL
entries associated with the key is returned by this function.
Each AclInfo structure contains: Public contents of an ACL
entry ACL EntryHandle, which is a unique value defined and
managed by the service provider
The public ACL entry information returned by this function
includes: A CSSM_LIST structure containing one element
identifying the type of subject stored in the ACL entry.
A CSSM_BOOL value indicating whether the subject can delegate
the permissions recorded in the authorization array.
A CSSM_AUTHORIZATIONGROUP structure defining the set of
operations for which permission is granted to the subject.
A CSSM_ACL_VALIDITY_PERIOD structure containing two elements,
the start time and the stop time for which the ACL
entry is valid. A CSSM_STRING containing a user-defined
value associated with the ACL entry.
A CSSM_RETURN value indicating success or specifying a
particular error condition. The value CSSM_OK indicates
success. All other values represent an error condition.
Errors are described in the CDSA technical standard. See
CDSA_intro(3).
None specific to this call.
Books
Intel CDSA Application Developer's Guide (see
CDSA_intro(3))
Reference Pages [Toc] [Back]
Functions: CSSM_ChangeKeyAcl(3)
CSSM_GetKeyAcl(3)
[ Back ] |