NAME    [Toc]    [Back]

       CSSM_CSP_GetLoginAcl  - Get description of CSP ACL entries

SYNOPSIS    [Toc]    [Back]

       # include <cdsa/cssm.h>

       CSPHandle,  const  CSSM_STRING *SelectionTag, uint32 *NumberOfAclInfos,

LIBRARY    [Toc]    [Back]

       Common Security Services Manager library (libcssm.so)

PARAMETERS    [Toc]    [Back]

       The module handle that identifies the  cryptographic  service
  provider  to  perform this operation.  A CSSM_STRING
       value matching the user-defined tag value associated  with
       one  or  more  ACL  entries controlling login sessions. To
       retrieve a description  of  all  ACL  entries  controlling
       login  sessions,  this parameter must be NULL.  The number
       of entries in the AclInfos array. If no ACL entry descriptions
  are  returned,  this  value  is  zero.  An array of
       CSSM_ACL_ENTRY_INFO structures.  The  unique  handle  contained
  in  this  structure can be used during the current
       attach session and the current login session to  reference
       specific  ACL entries for editing.  The structure is allocated
 by the service provider and must be released by  the
       caller  when  the structure is no longer needed. If no ACL
       entry descriptions are returned, this value is NULL.

DESCRIPTION    [Toc]    [Back]

       This function returns a description of zero  or  more  ACL
       entries  managed by the CSP and used to control login sessions
 with the CSP. The optional input SelectionTag parameter
  restricts  the  returned  descriptions  to those ACL
       entries with a matching EntryTag value. If a  SelectionTag
       value is specified and no matches are found, zero descriptions
 are returned. If no  SelectionTag  is  specified,  a
       description  of all ACL entries used to control login sessions
 are returned by this function.

       Each AclInfo structure contains: Public contents of an ACL
       entry ACL EntryHandle, which is a unique value defined and
       managed by the service provider

       The public ACL entry information returned by this function
       includes: Subject type -- A CSSM_LIST structure containing
       one element identifying the type of subject stored in  the
       ACL  entry.  Delegation flag -- A CSSM_BOOL value indicating
 whether  the  subject  can  delegate  the  permissions
       recorded  in the authorization array.  Authorization array
       -- A CSSM_AUTHORIZATIONGROUP structure defining the set of
       operations for which permission is granted to the subject.
       Validity period --  A  CSSM_ACL_VALIDITY_PERIOD  structure
       containing  two elements, the start time and the stop time
       for which the ACL entry is valid.   ACL  entry  tag  --  A
       CSSM_STRING  containing  a  user-defined  value associated
       with the ACL entry.

RETURN VALUE    [Toc]    [Back]

       A CSSM_RETURN value indicating  success  or  specifying  a
       particular  error  condition.  The value CSSM_OK indicates
       success. All other values represent an error condition.

ERRORS    [Toc]    [Back]

       Errors are described in the CDSA technical standard.   See

       None specific to this call.

SEE ALSO    [Toc]    [Back]


       Intel    CDSA    Application    Developer's   Guide   (see

       Reference Pages    [Toc]    [Back]

       Functions:     CSSM_CSP_Login(3),     CSSM_CSP_LoginAcl(3)

