*nix Documentation Project
·  Home
 +   man pages
·  Linux HOWTOs
·  FreeBSD Tips
·  *niX Forums

  man pages->Tru64 Unix man pages -> CSSM_DL_DbCreate (3)              
Title
Content
Arch
Section
 

DL_DbCreate(3)

Contents


NAME    [Toc]    [Back]

       DL_DbCreate,  CSSM_DL_DbCreate  - Create and open new data
       store (CDSA)

SYNOPSIS    [Toc]    [Back]

       # include <cdsa/cssm.h>

       API: CSSM_RETURN CSSMAPI CSSM_DL_DbCreate  (CSSM_DL_HANDLE
       DLHandle,   const  char  *DbName,  const  CSSM_NET_ADDRESS
       *DbLocation,       const       CSSM_DBINFO        *DBInfo,
       CSSM_DB_ACCESS_TYPE          AccessRequest,          const
       CSSM_RESOURCE_CONTROL_CONTEXT *CredAndAclEntry, const void
       *OpenParameters,     CSSM_DB_HANDLE     *DbHandle)    SPI:
       CSSM_RETURN CSSMDLI DL_DbCreate (CSSM_DL_HANDLE  DLHandle,
       const  char  *DbName,  const CSSM_NET_ADDRESS *DbLocation,
       const CSSM_DBINFO *DBInfo,  CSSM_DB_ACCESS_TYPE  AccessRequest,
  const CSSM_RESOURCE_CONTROL_CONTEXT *CredAndAclEntry,
 const void *OpenParameters, CSSM_DB_HANDLE *DbHandle)

LIBRARY    [Toc]    [Back]

       Common Security Services Manager library (libcssm.so)

PARAMETERS    [Toc]    [Back]

       The  handle that describes the add-in data storage library
       module used to perform this function.   The  logical  name
       for  the  new  data store.  A pointer to a network address
       directly or indirectly identifying  the  location  of  the
       storage  service process. If the input is NULL, the module
       can assume a default storage service process location.  If
       the  DbName  does not distinguish the storage service process,
 the service cannot be performed  and  the  operation
       fails.   A  pointer  to  a  structure  describing the format/schema
 of each record type that will be stored in  the
       new data store.  An indicator of the requested access mode
       for the data store, such as read-only  or  read-write.   A
       structure  containing  one  or more credentials authorized
       for creating a data base and the prototype ACL entry  that
       will control future use of the newly created key. The credentials
 and ACL entry prototype can be presented as immediate
 values or callback functions can be provided for use
       by the DL to acquire the credentials and/or the ACL  entry
       interactively. If the DL provides public access for creating
 a data base, then the credentials can be NULL.  If the
       DL  defines  a  default initial ACL entry for the new data
       base, then the ACL entry prototype can be an  empty  list.
       A  pointer to a module-specific set of parameters required
       to open the data store.  The handle to the  newly  created
       and   open   data   store.   The  value  will  be  set  to
       CSSM_INVALID_HANDLE if the function fails.

DESCRIPTION    [Toc]    [Back]

       This function creates and opens a new data store. The name
       of  the new data store is specified by the input parameter
       DbName.  The record schema for the data store is specified
       in the DBINFO structure.  If any RecordType defined in the
       DBINFO structure does not have an associated parsing  module,
  then  the  ModuleSubserviceUid  specified  for  that
       record type must be zero.

       The newly created data store is opened under the specified
       access  mode.   If  user  authentication  credentials  are
       required, they must be  provided.  Also,  additional  open
       parameters may be required and are supplied in OpenParameters.
 If user  authentication  credentials  are  required,
       they must be provided.

       Authorization  policy  can restrict the set of callers who
       can create a new resource. In this case, the  caller  must
       present  a  set  of  access credentials for authorization.
       Upon successfully authenticating the credentials, the template
  that  verified the presented samples identifies the
       ACL entry that will be used in the authorization  computation.
  If  the  caller  is authorized, the new resource is
       created.

       The caller must provide an initial ACL entry to be associated
  with  the newly created resource. This entry is used
       to control future access to the new  resource  and  (since
       the  subject is deemed to be the "Owner") exercise control
       over its associated ACL. The caller can specify  the  following
  items  for  initializing an ACL entry: A CSSM_LIST
       structure, containing the type of the subject and  a  template
  value  that  can be used to verify samples that are
       presented  in  credentials   when   resource   access   is
       requested.   A  value  indicating  whether the Subject can
       delegate the permissions recorded in the AuthorizationTag.
       (This  item only applies to public key subjects).  The set
       of permissions that are granted to the Subject.  The start
       time  and  the stop time for which the ACL entry is valid.
       A user-defined string value associated with the ACL entry.

              The service provider can modify the caller-provided
              initial  ACL  entry  to  conform  to   any   innate
              resource-access  policy  that  the service provider
              may be required to  enforce.  If  the  initial  ACL
              entry  provided  by  the  caller contains values or
              permissions that are not supported by  the  service
              provider,  then the service provider can modify the
              initial ACL appropriately or can fail  the  request
              to  create the new resource. Service providers list
              their supported AuthorizationTag  values  in  their
              Module Directory Services primary record.

RETURN VALUE    [Toc]    [Back]

       A  CSSM_RETURN  value  indicating  success or specifying a
       particular error condition. The  value  CSSM_OK  indicates
       success. All other values represent an error condition.

ERRORS    [Toc]    [Back]

       Errors  are described in the CDSA technical standard.  See
       CDSA_intro(3).   CSSMERR_DL_DATASTORE_ALREADY_EXISTS  CSSMERR_DL_FIELD_SPECIFIED_MULTIPLE
     CSSMERR_DL_INCOMPATIBLE_FIELD_FORMAT
  CSSMERR_DL_INVALID_ACCESS_REQUEST   CSSMERR_DL_INVALID_DB_LOCATION
     CSSMERR_DL_INVALID_DB_NAME
       CSSMERR_DL_INVALID_FIELD_NAME                         CSSMERR_DL_INVALID_OPEN_PARAMETERS
   CSSMERR_DL_INVALID_PARSING_MODULE
       CSSMERR_DL_INVALID_RECORDTYPE        CSSMERR_DL_INVALID_RECORD_INDEX
             CSSMERR_DL_UNSUPPORTED_FIELD_FORMAT
 CSSMERR_DL_UNSUPPORTED_INDEX_INFO CSSMERR_DL_UNSUPPORTED_LOCALITY
             CSSMERR_DL_UNSUPPORTED_NUM_ATTRIBUTES
   CSSMERR_DL_UNSUPPORTED_NUM_INDEXES
       CSSMERR_DL_UNSUPPORTED_NUM_RECORDTYPES   CSSMERR_DL_UNSUPPORTED_RECORDTYPE





SEE ALSO    [Toc]    [Back]

      
      
       Books

       Intel   CDSA   Application    Developer's    Guide    (see
       CDSA_intro(3))

       Reference Pages    [Toc]    [Back]

       Functions for the CSSM API:

       CSSM_DL_DbOpen(3), CSSM_DL_DbClose(3), CSSM_DL_DbDelete(3)

       Functions for the DL SPI:

       DL_DbOpen(3), DL_DbClose(3), DL_DbDelete(3)



                                                   DL_DbCreate(3)
[ Back ]
 Similar pages
Name OS Title
CSSM_DL_DbOpen Tru64 Open a data store (CDSA)
DL_DbOpen Tru64 Open a data store (CDSA)
DL_DbClose Tru64 Close open data store (CDSA)
CSSM_DL_DbClose Tru64 Close open data store (CDSA)
CSSM_DL_FreeUniqueRecord Tru64 Free data store memory (CDSA)
DL_FreeUniqueRecord Tru64 Free data store memory (CDSA)
DL_GetDbNames Tru64 Get list of logical data store names (CDSA)
CSSM_DL_GetDbNames Tru64 Get list of logical data store names (CDSA)
CSSM_DL_FreeNameList Tru64 Free the list of the logical data store names (CDSA)
DL_FreeNameList Tru64 Free the list of the logical data store names (CDSA)
Copyright © 2004-2005 DeniX Solutions SRL
newsletter delivery service