CSSM_GetKeyAcl(3)CSSM_GetKeyAcl(3)NAMECSSM_GetKeyAcl - Get ACL entries by key (CDSA)
SYNOPSIS
# include <cdsa/cssm.h>
CSSM_RETURN CSSMAPI CSSM_GetKeyAcl (CSSM_CSP_HANDLE CSPHandle, const
CSSM_KEY *Key, const CSSM_STRING *SelectionTag, uint32 *NumberOfAclIn‐
fos, CSSM_ACL_ENTRY_INFO_PTR *AclInfos)
LIBRARY
Common Security Services Manager library (libcssm.so)
PARAMETERS
The module handle that identifies the cryptographic service provider to
perform this operation. A pointer to the target key whose associated
ACL entries are scanned and returned. A CSSM_STRING value matching the
user-defined tag value associated with one or more ACL entries for the
target Key. To retrieve a description of all ACL entries for the target
Key, this parameter must be NULL. The number of entries in the AclIn‐
fos array. If no ACL entry descriptions are returned, this value is
zero. An array of CSSM_ACL_ENTRY_INFO structures. The unique handle
contained in this structure can be used during the current attach ses‐
sion to reference specific ACL entries for editing. The structure is
allocated by the service provider and must be released by the caller
when the structure is no longer needed. If no ACL entry descriptions
are returned, this value is NULL.
DESCRIPTION
This function returns a description of zero or more ACL entries managed
by the CSP and associated with the target key. The optional input
SelectionTag restricts the returned descriptions to those ACL entries
with a matching EntryTag value. If a SelectionTag value is specified
and no matches are found, zero descriptions are returned. If no Selec‐
tionTag is specified, a description of all ACL entries associated with
the key is returned by this function.
Each AclInfo structure contains: Public contents of an ACL entry ACL
EntryHandle, which is a unique value defined and managed by the service
provider
The public ACL entry information returned by this function includes: A
CSSM_LIST structure containing one element identifying the type of sub‐
ject stored in the ACL entry. A CSSM_BOOL value indicating whether the
subject can delegate the permissions recorded in the authorization
array. A CSSM_AUTHORIZATIONGROUP structure defining the set of opera‐
tions for which permission is granted to the subject. A
CSSM_ACL_VALIDITY_PERIOD structure containing two elements, the start
time and the stop time for which the ACL entry is valid. A CSSM_STRING
containing a user-defined value associated with the ACL entry.
RETURN VALUE
A CSSM_RETURN value indicating success or specifying a particular error
condition. The value CSSM_OK indicates success. All other values repre‐
sent an error condition.
ERRORS
Errors are described in the CDSA technical standard. See
CDSA_intro(3).
None specific to this call.
SEE ALSO
Books
Intel CDSA Application Developer's Guide (see CDSA_intro(3))
Reference Pages
Functions: CSSM_ChangeKeyAcl(3)CSSM_GetKeyAcl(3)