|
 HP Open Source Security for OpenVMS Volume 1:... |
 API Functions |
|
|
| |
| Library Description Errors | Parameters Return Value See Also |
API:CSSM_RETURN CSSMAPI CSSM_DL_DbCreate(CSSM_DL_HANDLE DLHandle,const char *DbName,const CSSM_NET_ADDRESS *DbLocation,const CSSM_DBINFO *DBInfo,CSSM_DB_ACCESS_TYPE AccessRequest,const CSSM_RESOURCE_CONTROL_CONTEXT *CredAndAclEntry,const void *OpenParameters,CSSM_DB_HANDLE *DbHandle)SPI:CSSM_RETURN CSSMDLI DL_DbCreate(CSSM_DL_HANDLE DLHandle,const char *DbName,const CSSM_NET_ADDRESS *DbLocation,const CSSM_DBINFO *DBInfo,CSSM_DB_ACCESS_TYPE AccessRequest,const CSSM_RESOURCE_CONTROL_CONTEXT *CredAndAclEntry,const void *OpenParameters,CSSM_DB_HANDLE *DbHandle)
LIBRARY Common Security Services Manager library (
cdsa$incssm300_shr.exe) PARAMETERS DLHandle (input) | ||
| The handle that describes the add-in data storagelibrary module used to perform this function. | |
DbName (input) | ||
| The logical name for the new data store. | |
DbLocation (input/optional) | ||
| A pointer to a network address directly or indirectlyidentifying the location of the storage service process. If theinput is NULL, the module can assume a default storage service processlocation. If the DbName does not distinguishthe storage service process, the service cannot be performed andthe operation fails. | |
DBInfo (input) | ||
| A pointer to a structure describing the format/schemaof each record type that will be stored in the new data store. | |
AccessRequest (input) | ||
| An indicator of the requested access mode for thedata store, such as read-only or read-write. | |
CredAndAclEntry (input/optional) | ||
| A structure containing one or more credentials authorizedfor creating a data base and the prototype ACL entry that will controlfuture use of the newly created key. The credentials and ACL entryprototype can be presented as immediate values or callback functionscan be provided for use by the DL to acquire the credentials and/orthe ACL entry interactively. If the DL provides public access forcreating a data base, then the credentials can be NULL. If the DLdefines a default initial ACL entry for the new data base, thenthe ACL entry prototype can be an empty list. | |
OpenParameters (input/optional) | ||
| A pointer to a module-specific set of parametersrequired to open the data store. | |
DbHandle (output) | ||
| The handle to the newly created and open data store.The value will be set to CSSM_INVALID_HANDLE if the function fails. | |
DESCRIPTION This function creates and opens a new data store. The nameof the new data store is specified by the input parameter DbName.The record schema for the data store is specified in the DBINFOstructure. If any RecordType defined in the DBINFOstructure does not have an associated parsing module, then the ModuleSubserviceUid specifiedfor that record type must be zero.The newly created data store is opened under the specifiedaccess mode. If user authentication credentials are required, theymust be provided. Also, additional open parameters may be requiredand are supplied in OpenParameters. If user authenticationcredentials are required, they must be provided.
Authorization policy can restrict the set of callers who cancreate a new resource. In this case, the caller must present a setof access credentials for authorization. Upon successfully authenticatingthe credentials, the template that verified the presented samplesidentifies the ACL entry that will be used in the authorization computation.If the caller is authorized, the new resource is created.
The caller must provide an initial ACL entry to be associatedwith the newly created resource. This entry is used to control futureaccess to the new resource and (since the subject is deemed to bethe "Owner") exercise control over its associated ACL. The callercan specify the following items for initializing an ACL entry:
| Subject | A CSSM_LIST structure, containing the type of thesubject and a template value that can be used to verify samplesthat are presented in credentials when resource access is requested. | |
| Delegation flag | ||
| A value indicating whether the Subject can delegatethe permissions recorded in the AuthorizationTag.(This item only applies to public key subjects). | |
| Authorization tag | ||
| The set of permissions that are granted to the Subject. | |
| Validity period | ||
| The start time and the stop time for which the ACLentry is valid. | |
| ACL entry tag | ||
| A user-defined string value associated with theACL entry. The service provider can modify the caller-provided initialACL entry to conform to any innate resource-access policy that theservice provider may be required to enforce. If the initial ACLentry provided by the caller contains values or permissions thatare not supported by the service provider, then the service providercan modify the initial ACL appropriately or can fail the requestto create the new resource. Service providers list their supported AuthorizationTag valuesin their Module Directory Services primary record. | |
RETURN VALUE A CSSM_RETURN value indicating success or specifying a particularerror condition. The value CSSM_OK indicates success. All othervalues represent an error condition. ERRORS Errors are described in the CDSA Technical Standard. CSSMERR_DL_DATASTORE_ALREADY_EXISTSCSSMERR_DL_FIELD_SPECIFIED_MULTIPLECSSMERR_DL_INCOMPATIBLE_FIELD_FORMATCSSMERR_DL_INVALID_ACCESS_REQUESTCSSMERR_DL_INVALID_DB_LOCATIONCSSMERR_DL_INVALID_DB_NAMECSSMERR_DL_INVALID_FIELD_NAMECSSMERR_DL_INVALID_OPEN_PARAMETERSCSSMERR_DL_INVALID_PARSING_MODULECSSMERR_DL_INVALID_RECORDTYPECSSMERR_DL_INVALID_RECORD_INDEXCSSMERR_DL_UNSUPPORTED_FIELD_FORMATCSSMERR_DL_UNSUPPORTED_INDEX_INFOCSSMERR_DL_UNSUPPORTED_LOCALITYCSSMERR_DL_UNSUPPORTED_NUM_ATTRIBUTESCSSMERR_DL_UNSUPPORTED_NUM_INDEXESCSSMERR_DL_UNSUPPORTED_NUM_RECORDTYPESCSSMERR_DL_UNSUPPORTED_RECORDTYPE
SEE ALSO BooksIntel CDSA Application Developer's Guide
Functions for the CSSM API:
CSSM_DL_DbOpen, CSSM_DL_DbClose, CSSM_DL_DbDelete
Functions for the DL SPI:
DL_DbOpen, DL_DbClose, DL_DbDelete
|
|