HP OpenVMS Systems Documentation

Content starts here
HP Open Source Security for OpenVMS Volume 1: Common Data Security Architecture > CDSA API Functions


  Table of Contents




CSSM_CSP_GetLoginAcl — Get description of CSP ACL entries (CDSA)


# include <cssm.h>
const CSSM_STRING *SelectionTag,
uint32 *NumberOfAclInfos,


Common Security Services Manager library (cdsa$incssm300_shr.exe)


CSPHandle (input)

The module handle that identifies the Cryptographic Service Provider to perform this operation.

SelectionTag (input/optional)

A CSSM_STRING value matching the user-defined tag value associated with one or more ACL entries controlling login sessions. To retrieve a description of all ACL entries controlling login sessions, this parameter must be NULL.

NumberOfAclInfos (output)

The number of entries in the AclInfos array. If no ACL entry descriptions are returned, this value is zero.

AclInfos (output)

An array of CSSM_ACL_ENTRY_INFO structures. The unique handle contained in this structure can be used during the current attach session and the current login session to reference specific ACL entries for editing. The structure is allocated by the service provider and must be released by the caller when the structure is no longer needed. If no ACL entry descriptions are returned, this value is NULL.


This function returns a description of zero or more ACL entries managed by the CSP and used to control login sessions with the CSP. The optional input SelectionTag parameter restricts the returned descriptions to those ACL entries with a matching EntryTag value. If a SelectionTag value is specified and no matches are found, zero descriptions are returned. If no SelectionTag is specified, a description of all ACL entries used to control login sessions are returned by this function.

Each AclInfo structure contains:

  • Public contents of an ACL entry

  • ACL EntryHandle, which is a unique value defined and managed by the service provider

The public ACL entry information returned by this function includes:

  • Subject type — A CSSM_LIST structure containing one element identifying the type of subject stored in the ACL entry.

  • Delegation flag — A CSSM_BOOL value indicating whether the subject can delegate the permissions recorded in the authorization array.

  • Authorization array — A CSSM_AUTHORIZATIONGROUP structure defining the set of operations for which permission is granted to the subject.

  • Validity period — A CSSM_ACL_VALIDITY_PERIOD structure containing two elements, the start time and the stop time for which the ACL entry is valid.

  • ACL entry tag — A CSSM_STRING containing a user-defined value associated with the ACL entry.


A CSSM_RETURN value indicating success or specifying a particular error condition. The value CSSM_OK indicates success. All other values represent an error condition.


Errors are described in the CDSA Technical Standard.

None specific to this call.



Intel CDSA Application Developer's Guide

Online Help

Functions: CSSM_CSP_Login, CSSM_CSP_LoginAclCSSM_CSP_Logout