*nix Documentation Project
·  Home
 +   man pages
·  Linux HOWTOs
·  FreeBSD Tips
·  *niX Forums

  man pages->Tru64 Unix man pages -> CSSM_CSP_ChangeLoginAcl (3)              



NAME    [Toc]    [Back]

       CSSM_CSP_ChangeLoginAcl - Edit a stored CSP ACL login session

SYNOPSIS    [Toc]    [Back]

       # include <cdsa/cssm.h>

  CSPHandle, const CSSM_ACCESS_CREDENTIALS *AccessCred,
       const CSSM_ACL_EDIT *AclEdit)

LIBRARY    [Toc]    [Back]

       Common Security Services Manager library (libcssm.so)

PARAMETERS    [Toc]    [Back]

       The module handle that identifies the  cryptographic  service
  provider  to perform this operation A pointer to the
       set of one or more credentials used  to  authenticate  and
       validate the caller's authorization to modify the ACL controlling
 login sessions with the CSP. Required credentials
       can include zero or more certificates, zero or more caller
       names, and one or more  samples.  Traditionally  a  caller
       name  has  been  used  to establish the context of a login
       session. Certificates can be used for the same purpose. If
       certificates  and/or  caller  names are provided as input,
       these must be provided as immediate values in this  structure.
   The samples can be provided as immediate values or
       can be obtained through a callback  function  included  in
       the AccessCred structure.  A structure containing information
 that defines the edit  operation.   Valid  operations
       include  adding, replacing, and deleting entries in an ACL
       managed by the service provider. The AclEdit parameter can
       contain  information  for  a  new  ACL  entry and a handle
       uniquely identifying an existing ACL entry.  The  information
 controls the edit operation as follows:

              Value of AclEdit.EditMode    Use    of    AclEdit.NewEntry   and
              CSSM_ACL_EDIT_MODE_ADD       Adds a new ACL entry to the set  of
                                           ACL  entries controlling login sessions
 with the  CSP.  The  new  ACL
                                           entry is created from the ACL entry
                                           prototype  contained  in  NewEntry.
                                           OldEntryHandle  is ignored for this
              CSSM_ACL_EDIT_MODE_DELETE    Deletes the ACL entry identified by
                                           OldEntryHandle  and associated with
                                           login  sessions   with   the   CSP.
                                           NewEntry  is ignored for this EditMode.

              CSSM_ACL_EDIT_MODE_REPLACE   Replaces the ACL  entry  identified
                                           by  OldEntryHandle  and controlling
                                           login sessions with  the  CSP.  The
                                           existing  ACL  is replaced based on
                                           the ACL entry  prototype  contained
                                           in the NewEntry.

              When  replacing  an  existing ACL entry, the caller
              must  replace  all  items  in  an  ACL  entry.  The
              replacement  prototype  includes:  Subject type and
              value - A CSSM_LIST structure  containing  a  typed
              subject.  The  subject identifies the entity authorized
 by this  ACL  entry.   Delegation  flag  -  A
              CSSM_BOOL  value indicating whether the subject can
              delegate the permissions recorded in the authorization
  array.   Authorization  array - A CSSM_AUTHORIZATIONGROUP
 structure defining the set of  operations
  for  which permission is granted to the subject.
  Validity period - A CSSM_ACL_VALIDITY_PERIOD
              structure  containing  two elements, the start time
              and the stop time for which the ACL entry is valid.
              ACL  entry  tag  - A CSSM_STRING containing a userdefined
 value associated with the ACL entry.

DESCRIPTION    [Toc]    [Back]

       This function edits the stored ACL controlling login  sessions
  for a cryptographic service provider (CSP). The ACL
       is modified according to the  edit  mode  and  information
       provided in AclEdit.

       The  caller  must have a login session in process and must
       be authorized to modify the target ACL. Caller authentication
 and authorization to edit the ACL is determined based
       on the caller-provided AccessCred.

       The caller must be authorized to add, delete,  or  replace
       the  ACL entries controlling login to the CSP. When adding
       or replacing an  ACL  entry,  the  service  provider  must
       reject the creation of duplicate ACL entries.

       When  adding  a  new  ACL entry to an ACL, the caller must
       provide a complete ACL  entry  prototype.  All  ACL  entry
       items,  except  the ACL entry Subject, must be provided as
       an immediate value in  AclEdit.NewEntry.   The  ACL  entry
       Subject can be provided as an immediate value, from a verifier
 with a protected data path, from an external authentication
  or  authorization service, or through a callback
       function specified in AclEdit.NewEntry.Callback.

RETURN VALUE    [Toc]    [Back]

       A CSSM_RETURN value indicating  success  or  specifying  a
       particular  error  condition.  The value CSSM_OK indicates
       success. All other values represent an error condition.

ERRORS    [Toc]    [Back]

       Errors are described in the CDSA technical standard.   See

       None specific to this call.

SEE ALSO    [Toc]    [Back]


       Intel    CDSA    Application    Developer's   Guide   (see

       Reference Pages    [Toc]    [Back]

       Functions:   CSSM_CSP_GetLoginACL(3)    CSSM_CSP_Login(3),

[ Back ]
 Similar pages
Name OS Title
CSSM_DL_ChangeDbAcl Tru64 Edit stored ACL (CDSA)
DL_ChangeDbAcl Tru64 Edit stored ACL (CDSA)
CSSM_ChangeKeyAcl Tru64 Edit a stored ACL associated with the target key (CDSA)
CSSM_CSP_Logout Tru64 Terminate the login session (CDSA)
tt_session_prop_count HP-UX return the number of values stored under a property of a session
tt_session_bprop_set HP-UX replace current values stored under the named property of a session
reaper IRIX manages a login session
login_tty FreeBSD prepare a tty for a new login session
endsession IRIX terminates a login session
CL_CertGetAllTemplateFields Tru64 Extract and return values stored in CertTemplate (CDSA)
Copyright © 2004-2005 DeniX Solutions SRL
newsletter delivery service