NSSSRemoveSharedSecret

Removes a Shared Secret from a user’s SecretStore on eDirectory.

Syntax

    #include <nssscl.h> 
     
    SS_EXTERN_LIBCALL(int) NSSSRemoveSharedSecret 
    (
     SS_SH_SECRET_ID_T   *pSharedSecret, 
     SSS_CONTEXT_T       *context, 
     SS_OBJECT_DN_T      *targetObjDN, 
     unsigned long        ssFlags, 
     SS_EXT_T            *ext
    );

Parameters

pSharedSecret
(IN) Points to the user-populated SS_SH_SECRET_ID_T struct containing the shared secret type, name, and length.
context
(IN) Specifies an optional structure that can be initialized by making a call to NSSSGetServiceInformation prior to use here. The flags field of the structure can take on the following values to indicate the type of context used.

NSSS_NCP_CTX_F—Directory Service API context indicator flag

NSSS_LDAP_CTX_F—LDAP context indicator flag <reserved>

targetObjDN
(IN) Points to the optional relative distinguished name (RDN or “short name”) of the target object that contains the user's secrets. You should have at least READ/WRITE privileges over the target object.

NOTE:For binding to server over LDAP/SSL this parameter is mandatory and it should be in fully qualified LDAP form ("cn=user, ou=users, o=novell").

ssFlags
(IN) Specifies the flags passed to NSSSRemoveSecret.

Value

Description

NSSS_ALL_STRINGS_UNICODE_F

Indicates that all applicable char strings such as targetObject, secretID etc., are already in Unicode and the API does not need to perform conversion from local code page to Unicode. This flag instructs the API not to convert the return char strings to local code page as well. This is a feature of SSO client v1.1 and will not work on the older versions.

NSSS_SET_TREE_NAME_F

Sets the tree name.

NSSS_DESTROY_CONTEXT_F

Internally destroys the DS context passed in. This flag can be used on the last call to SecretStore to destroy the context that was used.
ext
(IN) Points to the extensions used for the secrets.

Return Values

Value

Description

NSSS_SUCCESS

The operation succeeded.

NSSS_E_SYSTEM_FAILURE

Some internal operation failed due to some failure such as memory allocation.

NSSS_E_CORRUPTED_STORE

This indicates data corruption in SecretStore.

NSSS_E_NICI_FAILURE

A NICI failure was detected.

NSSS_E_INVALID_SECRET_ID

Secret ID is not in the SecretStore.

NSSS_E_ACCESS_DENIED

eDirectory denied access to an object or attribute related to the SecretStore.

NSSS_E_STORE_NOT_FOUND

The client does not have a SecretStore or the schema is not extended to begin with.

NSSS_E_NDS_INTERNAL_FAILURE

Some eDirectory operation has failed internally.

NSSS_E_INCOMPATIBLE_VERSION

The client SecretStore is not compatible with the server SecretStore.

NSSS_E_INVALID_TARGET_OBJECT

The target object is not the type designated for the SecretStore attachment.

NSSS_E_SECRET_ID_TOO_SHORT

The length of the Secret ID should be greater than zero.

NSSS_E_INVALID_PARAM

The API parameter is not initialized.

Remarks

This function passes a user-populated SS_SH_SECRET_ID_T structure that contains the shared secret type, name, and length. It also passes the populated SSS_CONTEXT_T and SS_OBJECT_DN_T structures, ssFlags, and the SS_EXT_T structures that are normally passed into the call to NSSSRemoveSecret. Consequently, this function provides flexibility in making calls to trees and user DNs other than the primary connection.

See Also