27
28
/*! \page cred_msgs Handling credentials provider messages
29
A credentials provider plugin receives a number of messages during the
30
A credentials provider plug-in receives a number of messages during the
30
31
course of execution. This section describes the appropriate ways of
31
32
handling these messages.
34
- \ref pi_credmsg_system
35
- \ref pi_credmsg_cred
36
- \ref pi_credmsg_list
37
- \ref pi_credmsg_credacq
38
- \ref pi_credmsg_destroy
39
- \ref pi_credmsg_import
40
- \ref pi_credmsg_prop
33
42
\section pi_credmsg_system System mesages
35
44
There are only two system messages that a credentials provider needs
36
45
to handle. Both of these are explained elsewhere as they deal with
37
initialization and uninitialization of the plugin. See the following
46
initialization and uninitialization of the plug-in. See the following
38
47
two sections for details on handling these messages.
40
49
- <::KMSG_SYSTEM,::KMSG_SYSTEM_INIT> \ref pi_pt_cred_init
43
52
\section pi_credmsg_cred Credential messages
54
\subsection pi_credmsg_list Listing Credentials
56
When the Network Identity Manager application needs to refresh the
57
list of credentials that credentials providers are aware of, it sends
58
out a <::KMSG_CRED, ::KMSG_CRED_REFRESH> message.
60
Each credentials provider is expected to populate a credential set
61
with the credentials that it is aware of and call
62
kcdb_credset_collect() or kcdb_credset_collect_filtered() to merge the
63
credentials into the root credentials set.
65
In addition to responding to <::KMSG_CRED, ::KMSG_CRED_REFRESH>, each
66
credentials provider is expected to list and merge their credentials
67
during the following events:
69
- When the plug-in is initialized, during <::KMSG_SYSTEM, ::KMSG_SYSTEM_INIT>
71
- When the plug-in obtains new credentials during the new credentials
72
acquisition sequence and whenever the plug-in becomes aware of new
75
\subsection pi_credmsg_credacq Credential Acquisition Message Sequence
77
The aquisition of new or renewed credentials is conducted via a
78
sequence of messages. Details of handling this sequence is explained
79
in the section \ref cred_acq .
81
\subsection pi_credmsg_destroy Destroying Credentials
83
When a request is received to destroy credentials, Network Identity
84
Manager sends out a <::KMSG_CRED, ::KMSG_CRED_DESTROY_CRED> message.
85
The \c vparam member of the message will point to a
86
::khui_action_context structure that describes which credentials are
87
being destroyed. The plug-in is expected to destroy any credentials
88
that were provided by the plug-in which are included in the user
91
\see \ref khui_context_using
93
\subsection pi_credmsg_import Importing Credentials
95
The import action is typically used to request that plug-ins import
96
any relevant credentials from the Windows LSA cache. This typically
97
only applies to plug-ins that provide Kerberos credentials and is not
100
\subsection pi_credmsg_prop Property Pages
102
Credentials providers are also expected to participate in the user
103
interface when the user makes a request to view the properties of a
104
credential or identity.
106
- <::KMSG_CRED, ::KMSG_CRED_PP_BEGIN>
107
- <::KMSG_CRED, ::KMSG_CRED_PP_PRECREATE>
108
- <::KMSG_CRED, ::KMSG_CRED_PP_END>
109
- <::KMSG_CRED, ::KMSG_CRED_PP_DESTROY>
111
Details about handling this sequence of messages is discussed in \ref
114
\subsection pi_credmsg_addrchange Address Change Notification
116
When the Network Identity Manager detects that that IP address of the
117
machine has changed, it will issue a <::KMSG_CRED,
118
::KMSG_CRED_ADDR_CHANGE>. Handling this notification is optional and
119
is only necessary for credentials providers which are affected by IP
120
address changes. This is just a notification and the plug-in is not
121
expected to take any special action.