Man page or keyword search:   man All Sections 1 - General Commands 2 - System Calls 3 - Subroutines, Functions 4 - Special Files 5 - File Formats 6 - Games and Screensavers 7 - Macros and Conventions 8 - Maintenence Commands 9 - Kernel Interface New Commands Server 4.4BSD AIX Alpinelinux Archlinux Aros BSDOS BSDi Bifrost CentOS Cygwin Darwin Debian DigitalUNIX DragonFly ElementaryOS Fedora FreeBSD Gentoo GhostBSD HP-UX Haiku Hurd IRIX Inferno JazzOS Kali Knoppix LinuxMint MacOSX Mageia Mandriva Manjaro Minix MirBSD NeXTSTEP NetBSD OPENSTEP OSF1 OpenBSD OpenDarwin OpenIndiana OpenMandriva OpenServer OpenSuSE OpenVMS Oracle PC-BSD Peanut Pidora Plan9 QNX Raspbian RedHat Scientific Slackware SmartOS Solaris SuSE SunOS Syllable Tru64 UNIXv7 Ubuntu Ultrix UnixWare Xenix YellowDog aLinux   12896 pages apropos Keyword Search (all sections) Output format html ascii pdf view pdf save postscript

CSSM_ChangeKeyAcl(3)					  CSSM_ChangeKeyAcl(3)

NAME
       CSSM_ChangeKeyAcl  -  Edit  a stored ACL associated with the target key
       (CDSA)

SYNOPSIS
       # include <cdsa/cssm.h>

       CSSM_RETURN CSSMAPI CSSM_ChangeKeyAcl (CSSM_CSP_HANDLE CSPHandle, const
       CSSM_ACCESS_CREDENTIALS	 *AccessCred,  const  CSSM_ACL_EDIT  *AclEdit,
       const CSSM_KEY *Key)

LIBRARY
       Common Security Services Manager library (libcssm.so)

PARAMETERS
       The module handle that identifies the cryptographic service provider to
       perform	this operation A pointer to the set of one or more credentials
       used to authenticate and validate the caller's authorization to	modify
       the  ACL associated with the key. Required credentials can include zero
       or more certificates, zero or more caller names, and one or  more  sam‐
       ples.  If certificates and/or caller names are provided as input, these
       must be provided as immediate values in this structure. The samples can
       be  provided  as immediate values or can be obtained through a callback
       function included in the AccessCred structure.  A structure  containing
       information that defines the edit operation.  Valid operations include:
       adding, replacing, and deleting entries in an ACL managed by  the  ser‐
       vice  provider. The AclEdit can contain information for a new ACL entry
       and a handle uniquely identifying an existing ACL entry.	 The  informa‐
       tion controls the edit operation as follows:

	      ───────────────────────────────────────────────────────────────
	      Value of AclEdit.EditMode	   Use	 of   AclEdit.NewEntry	 and
					   AclEdit.OldEntryHandle
	      ───────────────────────────────────────────────────────────────
	      CSSM_ACL_EDIT_MODE_ADD	   Adds a new ACL entry to  the	 set
					   of  ACL  entries  associated with
					   the specified Key.  The  new	 ACL
					   entry  is  created  from  the ACL
					   entry  prototype   contained	  in
					   NewEntry.	 OldEntryHandle	  is
					   ignored for this edit mode.
	      CSSM_ACL_EDIT_MODE_DELETE	   Deletes the ACL entry  identified
					   by  OldEntryHandle and associated
					   with the specified Key.  NewEntry
					   is ignored for this edit mode.
	      CSSM_ACL_EDIT_MODE_REPLACE   Replaces the ACL entry identified
					   by OldEntryHandle and  associated
					   with	  the	specified  Key.	 The
					   existing ACL is replaced based on
					   the ACL entry prototype contained
					   in the NewEntry.
	      ───────────────────────────────────────────────────────────────

	      When replacing an existing ACL entry, the	 caller	 must  replace
	      all  of  the  items  in  an ACL entry. The replacement prototype
	      includes: A CSSM_LIST structure containing a typed Subject.  The
	      Subject  identifies  the entity authorized by this ACL entry.  A
	      CSSM_BOOL value indicating whether the subject can delegate  the
	      permissions  recorded in the authorization array.	 A CSSM_AUTHO‐
	      RIZATIONGROUP structure defining the set of operations for which
	      permission   is  granted	to  the	 Subject.   A  CSSM_ACL_VALID‐
	      ITY_PERIOD structure containing two elements, the start time and
	      the  stop	 time for which the ACL entry is valid.	 A CSSM_STRING
	      containing a user-defined value associated with the  ACL	entry.
	      A	 pointer to the target key whose associated ACL is being modi‐
	      fied.

DESCRIPTION
       This function edits the stored ACL associated with the target key.  The
       ACL  is modified according to the edit mode and information provided in
       AclEdit.

       The caller must be authorized to modify the target ACL. Caller  authen‐
       tication	 and  authorization to edit the ACL is determined based on the
       caller-provided AccessCred.

       The caller must be authorized  to  add,	delete,	 or  replace  the  ACL
       entries associated with the target key. When adding or replacing an ACL
       entry, the service provider must reject the creation of	duplicate  ACL
       entries.

       When  adding  a new ACL entry to an ACL, the caller must provide a com‐
       plete ACL entry prototype. All ACL entry items, except  the  ACL	 entry
       Subject	must  be  provided as an immediate value in AclEdit->NewEntry.
       The ACL entry Subject can be provided as an  immediate  value,  from  a
       verifier with a protected data path, from an external authentication or
       authorization service, or through  a  callback  function	 specified  in
       AclEdit->NewEntry->Callback.

RETURN VALUE
       A CSSM_RETURN value indicating success or specifying a particular error
       condition. The value CSSM_OK indicates success. All other values repre‐
       sent an error condition.

ERRORS
       Errors	are   described	  in   the   CDSA   technical  standard.   See
       CDSA_intro(3).

       None specific to this call.

SEE ALSO
       Books

       Intel CDSA Application Developer's Guide (see CDSA_intro(3))

       Reference Pages

       Functions: CSSM_GetKeyAcl(3)

							  CSSM_ChangeKeyAcl(3)

Vote for polarhome