CSSM_CSP_ChangeLoginAcl man page on OSF1

Man page or keyword search:  
man Server   12896 pages
apropos Keyword Search (all sections)
Output format
OSF1 logo
[printable version]

CSSM_CSP_ChangeLoginAcl(3)			    CSSM_CSP_ChangeLoginAcl(3)

NAME
       CSSM_CSP_ChangeLoginAcl - Edit a stored CSP ACL login session (CDSA)

SYNOPSIS
       # include <cdsa/cssm.h>

       CSSM_RETURN CSSMAPI CSSM_CSP_ChangeLoginAcl (CSSM_CSP_HANDLE CSPHandle,
       const   CSSM_ACCESS_CREDENTIALS	 *AccessCred,	const	 CSSM_ACL_EDIT
       *AclEdit)

LIBRARY
       Common Security Services Manager library (libcssm.so)

PARAMETERS
       The module handle that identifies the cryptographic service provider to
       perform this operation A pointer to the set of one or more  credentials
       used  to authenticate and validate the caller's authorization to modify
       the ACL controlling login sessions with the CSP.	 Required  credentials
       can  include  zero or more certificates, zero or more caller names, and
       one or more samples. Traditionally a  caller  name  has	been  used  to
       establish  the context of a login session. Certificates can be used for
       the same purpose. If certificates and/or caller names are  provided  as
       input,  these  must  be provided as immediate values in this structure.
       The samples can be provided as immediate	 values	 or  can  be  obtained
       through	a  callback  function included in the AccessCred structure.  A
       structure containing  information  that	defines	 the  edit  operation.
       Valid  operations include adding, replacing, and deleting entries in an
       ACL managed by the service provider. The AclEdit parameter can  contain
       information  for	 a  new ACL entry and a handle uniquely identifying an
       existing ACL entry. The information controls the edit operation as fol‐
       lows:

	      ─────────────────────────────────────────────────────────────────
	      Value of AclEdit.EditMode	   Use	  of	AclEdit.NewEntry   and
					   AclEdit.OldEntryHandle
	      ─────────────────────────────────────────────────────────────────
	      CSSM_ACL_EDIT_MODE_ADD	   Adds a new ACL entry to the set  of
					   ACL	entries controlling login ses‐
					   sions with the  CSP.	 The  new  ACL
					   entry is created from the ACL entry
					   prototype  contained	 in  NewEntry.
					   OldEntryHandle  is ignored for this
					   EditMode.
	      CSSM_ACL_EDIT_MODE_DELETE	   Deletes the ACL entry identified by
					   OldEntryHandle  and associated with
					   login  sessions   with   the	  CSP.
					   NewEntry  is ignored for this Edit‐
					   Mode.
	      CSSM_ACL_EDIT_MODE_REPLACE   Replaces the ACL  entry  identified
					   by  OldEntryHandle  and controlling
					   login sessions with	the  CSP.  The
					   existing  ACL  is replaced based on
					   the ACL entry  prototype  contained
					   in the NewEntry.
	      ─────────────────────────────────────────────────────────────────

	      When  replacing  an  existing ACL entry, the caller must replace
	      all items in an ACL entry. The replacement  prototype  includes:
	      Subject  type  and  value	 -  A CSSM_LIST structure containing a
	      typed subject. The subject identifies the entity	authorized  by
	      this  ACL entry.	Delegation flag - A CSSM_BOOL value indicating
	      whether the subject can delegate the permissions recorded in the
	      authorization  array.   Authorization  array - A CSSM_AUTHORIZA‐
	      TIONGROUP structure defining the set  of	operations  for	 which
	      permission  is  granted  to  the	subject.   Validity period - A
	      CSSM_ACL_VALIDITY_PERIOD structure containing two elements,  the
	      start  time  and the stop time for which the ACL entry is valid.
	      ACL entry tag - A CSSM_STRING containing	a  user-defined	 value
	      associated with the ACL entry.

DESCRIPTION
       This  function  edits  the  stored ACL controlling login sessions for a
       cryptographic service provider (CSP). The ACL is modified according  to
       the edit mode and information provided in AclEdit.

       The  caller must have a login session in process and must be authorized
       to modify the target ACL. Caller authentication	and  authorization  to
       edit the ACL is determined based on the caller-provided AccessCred.

       The  caller  must  be  authorized  to  add,  delete, or replace the ACL
       entries controlling login to the CSP. When adding or replacing  an  ACL
       entry,  the  service provider must reject the creation of duplicate ACL
       entries.

       When adding a new ACL entry to an ACL, the caller must provide  a  com‐
       plete  ACL  entry  prototype. All ACL entry items, except the ACL entry
       Subject, must be provided as an immediate  value	 in  AclEdit.NewEntry.
       The  ACL	 entry	Subject	 can be provided as an immediate value, from a
       verifier with a protected data path, from an external authentication or
       authorization  service,	or  through  a	callback function specified in
       AclEdit.NewEntry.Callback.

RETURN VALUE
       A CSSM_RETURN value indicating success or specifying a particular error
       condition. The value CSSM_OK indicates success. All other values repre‐
       sent an error condition.

ERRORS
       Errors  are  described	in   the   CDSA	  technical   standard.	   See
       CDSA_intro(3).

       None specific to this call.

SEE ALSO
       Books

       Intel CDSA Application Developer's Guide (see CDSA_intro(3))

       Reference Pages

       Functions:	   CSSM_CSP_GetLoginACL(3)	    CSSM_CSP_Login(3),
       CSSM_CSP_Logout(3)

						    CSSM_CSP_ChangeLoginAcl(3)
[top]
                             _         _         _ 
                            | |       | |       | |     
                            | |       | |       | |     
                         __ | | __ __ | | __ __ | | __  
                         \ \| |/ / \ \| |/ / \ \| |/ /  
                          \ \ / /   \ \ / /   \ \ / /   
                           \   /     \   /     \   /    
                            \_/       \_/       \_/ 
More information is available in HTML format for server OSF1

List of man pages available for OSF1

Copyright (c) for man pages and the logo by the respective OS vendor.

For those who want to learn more, the polarhome community provides shell access and support.

[legal] [privacy] [GNU] [policy] [cookies] [netiquette] [sponsors] [FAQ]
Tweet
Polarhome, production since 1999.
Member of Polarhome portal.
Based on Fawad Halim's script.
....................................................................
Vote for polarhome
Free Shell Accounts :: the biggest list on the net