|
|
Library Description Errors | Parameters Return Value See Also |
CSSM_RETURN CSSMAPI CSSM_CSP_ChangeLoginAcl(CSSM_CSP_HANDLE CSPHandle,const CSSM_ACCESS_CREDENTIALS *AccessCred,const CSSM_ACL_EDIT *AclEdit)
cdsa$incssm300_shr.exe
)CSPHandle (input) | ||||||||||
The module handle that identifies the CryptographicService Provider to perform this operation | ||||||||||
AccessCred (input) | ||||||||||
A pointer to the set of one or more credentialsused to authenticate and validate the caller's authorization tomodify the ACL controlling login sessions with the CSP. Required credentialscan include zero or more certificates, zero or more caller names,and one or more samples. Traditionally a caller name has been usedto establish the context of a login session. Certificates can beused for the same purpose. If certificates and/or caller names are providedas input, these must be provided as immediate values in this structure.The samples can be provided as immediate values or can be obtainedthrough a callback function included in the AccessCred structure. | ||||||||||
AclEdit (input) | ||||||||||
A structure containing information that definesthe edit operation. Valid operations include adding, replacing,and deleting entries in an ACL managed by the service provider.The AclEdit parameter can contain informationfor a new ACL entry and a handle uniquely identifying an existingACL entry. The information controls the edit operation as follows:
|
AclEdit
.The caller must have a login session in process and must beauthorized to modify the target ACL. Caller authentication and authorizationto edit the ACL is determined based on the caller-provided AccessCred
.
The caller must be authorized to add, delete, or replace theACL entries controlling login to the CSP. When adding or replacingan ACL entry, the service provider must reject the creation of duplicateACL entries.
When adding a new ACL entry to an ACL, the caller must providea complete ACL entry prototype. All ACL entry items, except theACL entry Subject, must be provided as an immediate value in AclEdit.NewEntry
. TheACL entry Subject can be provided as an immediate value, from averifier with a protected data path, from an external authenticationor authorization service, or through a callback function specifiedin AclEdit.NewEntry.Callback
.
None specific to this call.
Intel CDSA Application Developer's Guide
Functions: CSSM_CSP_GetLoginACLCSSM_CSP_Login, CSSM_CSP_Logout
|
|