|
|
Library Description Errors | Parameters Return Value See Also |
CSSM_RETURN CSSMAPI CSSM_ChangeKeyAcl(CSSM_CSP_HANDLE CSPHandle,const CSSM_ACCESS_CREDENTIALS *AccessCred,const CSSM_ACL_EDIT *AclEdit,const CSSM_KEY *Key)
cdsa$incssm300_shr.exe
)CSPHandle (input) | ||||||||||||||||||||||||||||||||||||||||
The module handle that identifies the CryptographicService Provider to perform this operation | ||||||||||||||||||||||||||||||||||||||||
AccessCred (input) | ||||||||||||||||||||||||||||||||||||||||
A pointer to the set of one or more credentialsused to authenticate and validate the caller's authorization tomodify the ACL associated with the key. Required credentials caninclude zero or more certificates, zero or more caller names, andone or more samples. If certificates and/or caller names are providedas input, these must be provided as immediate values in this structure.The samples can be provided as immediate values or can be obtainedthrough a callback function included in the AccessCred structure. | ||||||||||||||||||||||||||||||||||||||||
AclEdit (input) | ||||||||||||||||||||||||||||||||||||||||
A structure containing information that definesthe edit operation. Valid operations include: adding, replacing,and deleting entries in an ACL managed by the service provider.The AclEdit can contain information for a newACL entry and a handle uniquely identifying an existing ACL entry.The information controls the edit operation as follows:
| ||||||||||||||||||||||||||||||||||||||||
Key (input) | A pointer to the target key whose associated ACLis being modified. |
AclEdit
.The caller must be authorized to modify the target ACL. Callerauthentication and authorization to edit the ACL is determined basedon the caller-provided AccessCred
.
The caller must be authorized to add, delete, or replace theACL entries associated with the target key. When adding or replacingan ACL entry, the service provider must reject the creation of duplicateACL entries.
When adding a new ACL entry to an ACL, the caller must providea complete ACL entry prototype. All ACL entry items, except theACL entry Subject
must be provided as an immediatevalue in AclEdit->NewEntry
. The ACLentry Subject
can be provided as an immediatevalue, from a verifier with a protected data path, from an externalauthentication or authorization service, or through a callback functionspecified in AclEdit->NewEntry->Callback
.
None specific to this call.
Intel CDSA Application Developer's Guide
Functions: CSSM_GetKeyAcl
|
|