HP Open Source Security for OpenVMS Volume 1: Common Data Security Architecture > CDSA API Functions

cssm_IsFuncCallValid

 » Table of Contents

 » Glossary

 » Index

spacerspacerspacer
spacer
spacer
  		 
 

NAME

cssm_IsFuncCallValid — Check secure linkage (CDSA)

SYNOPSIS

# include <cssm.h>
CSSM_RETURN CSSMAPI cssm_IsFuncCallValid
(CSSM_MODULE_HANDLE hAddin,
CSSM_PROC_ADDR SrcAddress, /* application */,
CSSM_PROC_ADDR DestAddress,
CSSM_PRIVILEGE InPriv,
CSSM_PRIVILEGE *OutPriv,
CSSM_BITMASK Hints,
CSSM_BOOL * IsOK)

LIBRARY

Common Security Services Manager library (cdsa$incssm300_shr.exe)

PARAMETERS

hAddIn (input) 

The handle identifying the attach-session whose caller and callee scope is being tested by this function.

SrcAddress (input/optional)
  

An address to be tested for containment within the application that requested and created the attach-session identified by the module handle.

DestAddress (input/optional)
  

An address within a service module. The destination address must be valid for the service provider associated with the attach-session identified by the module handle.

InPriv (input) 

The privilege value to be checked. Privilege checks apply to both SrcAddress and DestAddress.

OutPriv (output) 

If non-NULL, the global privilege will be checked and returned in OutPriv.

Hints (input) 

A flag providing search hints.

IsOK (output) 

CSSM_TRUE if success, CSSM_FALSE if fail.

DESCRIPTION

This function checks secure linkage between an application and a service module. Based on address scope of the application and the service module associated with the attach handle, CSSM determines whether the SrcAddress is within an associated application and DestAddress is within the associated service module. The scope of the application and the service module is determined by their respective signed manifest credentials, which attest to the integrity of each entity.

This function uses the input privilege value InPriv to compare against the privilege range associated with the ranges for SrcAddress and DestAddres. The privilege check is performed when the InPriv privilege value is non-NULL. If the EMM wants the global privilege value to be checked, InPriv is zero and OutPriv is non-NULL. CSSM will return the privilege value in OutPriv. If integrity only checks are to be performed, InPriv is zero and OutPriv is NULL.

Another parameter called Hints is used to help CSSM efficiently perform the integrity and privilege verification operations. Hints helps CSSM know where to look to find the desired state information. In the regular case, CSSM will look for SrcAddress in the CallerList and DestAddress in the AttachList. For callback functions, the SrcAddress and DestAddress are likely to be in AttachList.

RETURN VALUE

A CSSM_RETURN value indicating success or specifying a particular error condition. The value CSSM_OK indicates success. All other values represent an error condition.

ERRORS

Errors are described in the CDSA Technical Standard.

SEE ALSO

Books

Intel CDSA Application Developer's Guide



CSSM_Introduce
  		 


CSSM_ListAttachedModuleManagers