Copyright Digital Equipment Corp. All rights reserved.

CSSM_GetKeyAcl

NAME
  CSSM_GetKeyAcl - Get ACL entries by key (CDSA)

SYNOPSIS
  # include <cssm.h>

       CSSM_RETURN CSSMAPI CSSM_GetKeyAcl
       (CSSM_CSP_HANDLE CSPHandle,
       const CSSM_KEY *Key,
       const CSSM_STRING *SelectionTag,
       uint32 *NumberOfAclInfos,
       CSSM_ACL_ENTRY_INFO_PTR *AclInfos)

LIBRARY
  Common Security Services Manager library (CDSA$INCSSM300_SHR.EXE)

PARAMETERS
  CSPHandle (input)
          The module handle that identifies the cryptographic service
          provider to perform this operation.

  Key (input)
          A pointer to the target key whose associated ACL entries are
          scanned and returned.

  SelectionTag (input/optional)
          A CSSM_STRING value matching the user-defined tag value
          associated with one or more ACL entries for the target Key.
          To retrieve a description of all ACL entries for the target
          Key, this parameter must be NULL.

  NumberOfAclInfos (output)
          The number of entries in the AclInfos array. If no ACL entry
          descriptions are returned, this value is zero.

  AclInfos (output)
          An array of CSSM_ACL_ENTRY_INFO structures. The unique handle
          contained in this structure can be used during the current
          attach session to reference specific ACL entries for editing.
          The structure is allocated by the service provider and must be
          released by the caller when the structure is no longer needed.
          If no ACL entry descriptions are returned, this value is NULL.

DESCRIPTION
  This function returns a description of zero or more ACL entries managed
  by the CSP and associated with the target key. The optional input
  SelectionTag restricts the returned descriptions to those ACL entries
  with a matching EntryTag value. If a SelectionTag value is specified and
  no matches are found, zero descriptions are returned. If no SelectionTag
  is specified, a description of all ACL entries associated with the key
  is returned by this function.

  Each AclInfo structure contains:

    ·  Public contents of an ACL entry

    ·  ACL EntryHandle, which is a unique value defined and managed by
       the service provider

  The public ACL entry information returned by this function includes:

  Subject type and value
          A CSSM_LIST structure containing one element identifying the
          type of subject stored in the ACL entry.

  Delegation flag
          A CSSM_BOOL value indicating whether the subject can delegate
          the permissions recorded in the authorization array.

  Authorization array
          A CSSM_AUTHORIZATIONGROUP structure defining the set of
          operations for which permission is granted to the subject.

  Validity period
          A CSSM_ACL_VALIDITY_PERIOD structure containing two elements,
          the start time and the stop time for which the ACL entry is
          valid.

  ACL entry tag
          A CSSM_STRING containing a user-defined value associated with
          the ACL entry.

RETURN VALUE
  A CSSM_RETURN value indicating success or specifying a particular
  error condition. The value CSSM_OK indicates success. All other
  values represent an error condition.

ERRORS
  Errors are described in the CDSA technical standard.  See CDSA.

  None specific to this call.

SEE ALSO
  Books

  Intel CDSA Application Developer's Guide (see CDSA)

  Other Help Topics

  Functions: CSSM_ChangeKeyAcl