NSSSGetServiceInformation

Returns service information from the SecretStore for authenticated users of a Single Sign-on enabled application.

Syntax

    #include <nssscl.h> 
     
    SS_EXTERN_LIBCALL(int) NSSSGetServiceInfomaion 
    (
     SSS_CONTEXT_T     *callerContext, 
     SS_OBJECT_DN_T    *targetObjDN, 
     unsigned long      ssFlags, 
     SSS_GSINFOEXT_T   *gsInfo,          //mandatory
     SS_EXT_T          *ext);

Parameters

callerContext
(IN) This handle can be initialized by making calls to eDirectory prior to SecretStore or requesting NSSSGetServiceInformation to initialize it. The flags field can take on these values to indicate the type of context used:

Value

Description

NSSS_NCP_CTX_F

Sets the NCP context indicator flag.

NSSS_LDAP_CTX_F

Sets the LDAP context indicator flag.

NSSS_INIT_LDAP_SS_HANDLE_F

Set when init is passed into the handle without bind. This is done when you do the bind for contexts initialized outside of SecretStore client.

NSSS_DEINIT_LDAP_HANDLE_F

Deinitializes the passed in handle when you want to perform the unbind later (for contexts initialized outside of SecretStore client).

NSSS_REINIT_TARGET_DN_F

Reinitializes the handle to a new target DN. Set when the administrator plans to switch from one target DN to another.
targetObjDN
(IN) This is the optional RDN (relative distinguished name or "short name") of the target object that contains the user's secrets. The caller should have at least READ/WRITE privileges over the target object.

NOTE:For binding to server over LDAP/SSL this parameter is mandatory and it should be in fully qualified LDAP form ("cn=user, ou=users, o=novell").

ssFlags
(IN) This is a set of flags for initializing secrets:

NSSS_ALL_STRINGS_UNICODE_F as defined by Section 5.4.4, Input Only Flags for All APIs. NSSS_SET_TREE_NAME_F as defined by Section 5.4.4, Input Only Flags for All APIs. NSSS_GET_CONTEXT_F as defined by Section 5.4.5, Input Only Flag for GetServiceInfo API.

NSSS_DESTROY_CONTEXT_F

(OUT)

NSSS_ENHANCED_PROTECT_INFO_F—Secret is marked for enhanced protection.

NSSS_EP_MASTER_PWORD_PRESENT_F—There is a master password on the SecretStore (Admin configurable option on the server).

NSSS_MP_NOT_ALLOWED_F— The use of master password has been disabled by the service.

ext
(OUT) If present, this structure can return a set of applicable future extensions for the secrets.

Return Values

These are common return values for this function; see Section 4.0, Return Values for more information.

NSSS_SUCCESS

The operation succeeded.

NSSS_E_SYSTEM_FAILURE

Some internal operation failed due to some failure such as memory allocation.

NSSS_E_CORRUPTED_STORE

This indicates data corruption in SecretStore.

NSSS_E_NICI_FAILURE

NICI failure detected.

NSSS_E_INVALID_SECRET_ID

Secret ID is not in the SecretStore.

NSSS_E_ACCESS_DENIED

eDirectory denied access to an object or attributed related to the SecretStore.

NSSS_E_STORE_NOT_FOUND

Client does not have a SecretStore or the schema is not extended to begin with.

NSSS_E_NDS_INTERNAL_FAILURE

Some eDirectory operation has failed internally.

NSSS_E_INCOMPATIBLE_VERSION

Client SecretStore is not compatible with server SecretStore.

NSSS_E_INVALID_TARGET_OBJECT

Target object is not the type designated for SecretStore attachment.

Remarks

This can authenticate and connect the SecretStore client to the target SecretStore server. The initialized context (NCP/LDAP) can be utilized across other calls to have an ongoing session with SecretStore. This allows considerable performance enhancement by reusing credentials across multiple calls and avoiding reinitialization per call. These new SecretStore calls can still perform per-call initialization and operations for connectors.

IMPORTANT:Because the (*) character is reserved, when using SecretStore, no names in secrets should contain (*).

See Also