NSSSReadSecret
Reads the secrets from the SecretStore service for an authenticated user of a SecretStore-enabled application.
#include <nssscl.h> SS_EXTERN_LIBCALL(int) NSSSReadSecret ( SSS_CONTEXT_T callerContext, SS_OBJECT_DN_T *targetObject, unsigned long ssFlags, SS_PWORD_T epPassword SSS_READEXT_T readInfo, SS_SECRET_ID_T *secretID, SS_SECRET_T *secretValue, SS_EXT_T *ext );
These are common return values for this function (see Section 4.0, Return Values for more information):
This SecretStore call accesses the service on behalf of a logged in and authenticated user. It returns to the client component of the application a clear copy of the application's secrets stored in SecretStore.
The unique secretID that was chosen for this application when the user’s SecretStore was being populated is passed in as input. As a result, the object is located in the tree and the SecretStore is read until the secretID is located. When the proper secret is located in the SecretStore, it is decrypted and returned in the secretValue buffer allocated for the purpose. Since the actual required size of the secret buffer is returned regardless of the success or failure of this call, the client can make a second call with the proper buffer size if the original request failed due to insufficient buffer size.
If the targetObject is of the "User" type in eDirectory, then the callerContext and the targetObject should match. In other words, only the owner of the SecretStore can read the secrets. If the targetObject is not a User, the call that has proper access rights can read SecretStore on a non-User object type in eDirectory.
The SecretCount field can return the count of secrets in the SecretStore if the client is talking to a Version 2.0 SecretStore on the server.
NOTE:sssinit.exe enables an administrator to extend the schema on a non-user object for SecretStore. This tool and the SecretStore product installation by default extends schema on a non-user object.