CSSM_DL_ChangeDbAcl man page on DigitalUNIX

Man page or keyword search:  
man Server   12896 pages
apropos Keyword Search (all sections)
Output format
DigitalUNIX logo
[printable version]

DL_ChangeDbAcl(3)					     DL_ChangeDbAcl(3)

       DL_ChangeDbAcl, CSSM_DL_ChangeDbAcl - Edit stored ACL (CDSA)

       # include <cdsa/cssm.h>

       Handle, const CSSM_ACCESS_CREDENTIALS *AccessCred, const	 CSSM_ACL_EDIT
       DLDBHandle,   const    CSSM_ACCESS_CREDENTIALS	 *AccessCred,	 const
       CSSM_ACL_EDIT *AclEdit)

       Common Security Services Manager library (libcssm.so)

       The  handle  pair  that describes the data storage library module to be
       used to perform this function, and the open data store whose associated
       ACL  entries  are  to  be updated.  A pointer to the set of one or more
       credentials used to authenticate and validate the  caller's  authoriza‐
       tion  to	 modify the ACL associated with the target data base. Required
       credentials can include zero or more certificates, zero or more	caller
       names, and one or more samples. If certificates and/or caller names are
       provided as input these must be provided as immediate  values  in  this
       structure.  The	samples	 can be provided as immediate values or can be
       obtained through a callback function included in the AccessCred	struc‐
       ture.   A structure containing information that defines the edit opera‐
       tion.  Valid operations include adding, replacing and deleting  entries
       in  the set of ACL entries managed by the service provider. The AclEdit
       can contain information for a new ACL entry and a unique handle identi‐
       fying  an  existing ACL entry. The information controls the edit opera‐
       tion as follows:

	      Value of AclEdit.EditMode	   Use	 of   AclEdit.NewEntry	  and
	      CSSM_ACL_EDIT_MODE_ADD	   Adds a new ACL entry to the set of
					   ACL entries	associated  with  the
					   specified  data  base. The new ACL
					   entry is created from  the  proto‐
					   type ACL entry contained in NewEn‐
					   try.	  OldEntryHandle  is  ignored
					   for this EditMode.
	      CSSM_ACL_EDIT_MODE_DELETE	   Deletes  the	 ACL entry identified
					   by OldEntryHandle  and  associated
					   with	  the  specified  data	base.
					   NewEntry is ignored for this Edit‐
	      CSSM_ACL_EDIT_MODE_REPLACE   Replaces  the ACL entry identified
					   by OldEntryHandle  and  associated
					   with	 the specified data base. The
					   existing ACL is replaced based  on
					   the	ACL entry prototype contained
					   in NewEntry.

	      When replacing an existing ACL entry, the	 caller	 must  replace
	      all  of  the  items  in  an ACL entry. The replacement prototype
	      includes: A CSSM_LIST structure containing a typed Subject.  The
	      Subject  identifies  the entity authorized by this ACL entry.  A
	      CSSM_BOOL value indicating whether the subject can delegate  the
	      permissions  recorded in the authorization array.	 A CSSM_AUTHO‐
	      RIZATIONGROUP structure defining the set of operations for which
	      permission   is  granted	to  the	 Subject.   A  CSSM_ACL_VALID‐
	      ITY_PERIOD structure containing two elements, the start time and
	      the  stop	 time for which the ACL entry is valid.	 A CSSM_STRING
	      containing a user-defined value associated with the ACL entry.

       This function edits the stored ACL associated with the target data base
       identified by DLDBHandle.DBHandle. The ACL is modified according to the
       edit mode and information provided in AclEdit.

       The caller must be authorized to modify the target ACL. Caller  authen‐
       tication	 and  authorization to edit the ACL is determined based on the
       caller-provided AccessCred.

       The caller must be authorized to add, delete or replace the ACL entries
       associated  with	 the target data base. When adding or replacing an ACL
       entry, the service provider must reject the creation of	duplicate  ACL

       When  adding  a new ACL entry to an ACL, the caller must provide a com‐
       plete ACL entry prototype. All ACL entry items, except  the  ACL	 entry
       TypedSubject  must be provided as an immediate value in AclEdit->NewEn‐
       try. The ACL entry Subject can be provided as an immediate value,  from
       a  verifier with a protected data path, from an external authentication
       or authorization service, or through a callback function	 specified  in

       A CSSM_RETURN value indicating success or specifying a particular error
       condition. The value CSSM_OK indicates success. All other values repre‐
       sent an error condition.

       Errors	are   described	  in   the   CDSA   technical  standard.   See


       Intel CDSA Application Developer's Guide (see CDSA_intro(3))

       Reference Pages

       Functions for the CSSM API:


       Functions for the DL SPI:



List of man pages available for DigitalUNIX

Copyright (c) for man pages and the logo by the respective OS vendor.

For those who want to learn more, the polarhome community provides shell access and support.

[legal] [privacy] [GNU] [policy] [cookies] [netiquette] [sponsors] [FAQ]
Polarhome, production since 1999.
Member of Polarhome portal.
Based on Fawad Halim's script.
Vote for polarhome
Free Shell Accounts :: the biggest list on the net