/*\r
* Copyright (c) 2005 Massachusetts Institute of Technology\r
+ * Copyright (c) 2007 Secure Endpoints Inc.\r
*\r
* Permission is hereby granted, free of charge, to any person\r
* obtaining a copy of this software and associated documentation\r
\r
/*! \page cred_acq Managed credential acquisition\r
\r
- Credential providers and the identity provider must participate in\r
+ Credential providers and identity providers must participate in\r
managed credential acquisition in order to respond to the user's\r
- requests to obtain new credentials for an identity or to obtain\r
- new credentials for an existing identity.\r
+ requests to obtain new credentials for an identity or to renew\r
+ credentials for an existing identity.\r
\r
There are two major processes that result in managed credential\r
- acuqisition. One is the acquisition of initial credentials, while\r
- the other is the acquisition of new crednetials. Both processes\r
- acquire new credentials (or replace existing credentials with new\r
- ones). The difference between the two processes lie in the way the\r
- new credentials are obtained. Initial credentials are obtained\r
- using user supplied username and password while new credentials\r
- are obtained using other existing credentials.\r
+ acuqisition. One is the acquisition of credentials, while the\r
+ other is credential renewal. During a renewal, existing\r
+ credentials are used to obtain new credentials which expire later\r
+ than the existing credential. Typically, the identity provider\r
+ performs the task of obtaining renewed initial credentials while\r
+ the other credential providers obtain new credentials based on\r
+ these initial credentials.\r
\r
- \section cred_acq_init Initial Credentials\r
+ \section cred_acq_new New Credentials\r
\r
When a user initiates the process of initial credential\r
- acquisition, NetIDMgr broadcasts a\r
- <::KMSG_CRED,::KMSG_CRED_INITIAL_CREDS> message. Credential\r
- providers which need to participate in the initial credential\r
- acquisition should respond to this message as detailed in \r
- \ref cred_acq_handle.\r
+ acquisition, Network Identity Manager broadcasts a\r
+ <::KMSG_CRED,::KMSG_CRED_NEW_CREDS> message. Credential providers\r
+ which need to participate in the credential acquisition should\r
+ respond to this message as detailed in \ref cred_acq_handle.\r
\r
- \section cred_acq_new New Credentials\r
+ \section cred_acq_renew Renew Credentials\r
\r
- When a user initiates the process of obtaining new credentials\r
- based on existing credentials, NetIDMgr broadcasts a\r
- <::KMSG_CRED,::KMSG_CRED_NEW_CREDS> message. Credential providers\r
- which need to participate in the initial credential acquisition\r
- should respond to this message as detailed in \ref cred_acq_handle.\r
+ Network Identity Manager broadcasts a\r
+ <::KMSG_CRED,::KMSG_CRED_RENEW_CREDS> message to initiate the\r
+ process of renewing credentials. This may be triggered\r
+ automatically or by a user action. Credential providers which\r
+ need to participate in the renewal should respond to this message\r
+ as detailed in \ref cred_acq_handle.\r
\r
The following pages provide detailed information:\r
\r
\r
/*! \page cred_acq_new_resp Handling new credentials acquisition\r
\r
- The process of acquiring new credentials whether they are initial\r
- credentials or not, happen as follows :\r
+ The process of acquiring credentials happens as follows:\r
\r
- - NetIDMgr creates a ::khui_new_creds object and a credentials\r
- acquisition window.\r
+ - Network Identity Manager creates a ::khui_new_creds object and a\r
+ credentials acquisition window.\r
\r
- - <::KMSG_CRED,::KMSG_CRED_INITIAL_CREDS> or\r
+ - <::KMSG_CRED,::KMSG_CRED_RENEW_CREDS> or\r
<::KMSG_CRED,::KMSG_CRED_NEW_CREDS> is sent to all the\r
credentials providers.\r
\r
for customizing their respective credential types. The type,\r
panel and any dependency information is populated into a\r
::khui_new_creds_by_type structure and added to the\r
- ::khui_new_creds structure.\r
+ ::khui_new_creds structure. (See khui_cw_add_type()).\r
\r
- <::KMSG_CRED, ::KMSG_CRED_DIALOG_PRESTART> is sent to all the\r
credentials providers. Credentials providers should use this\r
are done through ::KHUI_WM_NC_NOTIFY messages to the dialog\r
procedures.\r
\r
- - Once the dialog completes, NetIDMgr sends\r
- <::KMSG_CRED,::KMSG_CRED_DIALOG_END> message to all the\r
- credentials providers. The UI portion ends here. The\r
- individual dialog controls are destroyed as a result of the main\r
- credentials acquisition window being destroyed.\r
-\r
- - NetIDMgr posts <::KMSG_CRED,::KMSG_CRED_DIALOG_PROCESS> message\r
- to all the credentials providers. Each provider should check if\r
- the user cancelled the dialog or indicated that the new\r
- credentials should be obtained and act accordingly. The\r
- credentials provider is responsible for removing the\r
- ::khui_new_creds_by_type structre from the ::khui_new_creds\r
- structure and freeing up any resources it allocated earlier in\r
- preparation for obtaining new credentials.\r
+ - Once the dialog processing is done, a ::WMNC_DIALOG_PREPROCESS\r
+ message is sent to the dialog procedure.\r
+\r
+ - Network Identity Manager posts\r
+ <::KMSG_CRED,::KMSG_CRED_DIALOG_PROCESS> message to all the\r
+ credentials providers. Each provider should check if the user\r
+ cancelled the dialog or indicated that the new credentials\r
+ should be obtained and act accordingly. The \a result field of\r
+ the ::khui_new_creds structure will be set to either\r
+ ::KHUI_NC_RESULT_PROCESS or ::KHUI_NC_RESULT_CANCEL to indicate\r
+ whether the user wishes to acquire credentials or cancel the\r
+ operation.\r
+\r
+ - A <::KMSG_CRED, ::KMSG_CRED_END> message signals the end of the\r
+ credentials acquisition process. Each credentials provider is\r
+ responsible for removing the ::khui_new_creds_by_type structre\r
+ from the ::khui_new_creds structure and freeing up any resources\r
+ it allocated earlier in preparation for obtaining new\r
+ credentials.\r
\r
\section cred_acq_handle Responding to credential acquisition messages\r
\r
The credential acquisition messages are\r
- <::KMSG_CRED,::KMSG_CRED_INITIAL_CREDS> and <::KMSG_CRED,\r
- ::KMSG_CRED_NEW_CREDS>. They are structured as follows :\r
+ <::KMSG_CRED,::KMSG_CRED_NEW_CREDS> and <::KMSG_CRED,\r
+ ::KMSG_CRED_RENEW_CREDS>. They are structured as follows:\r
\r
- \b type : ::KMSG_CRED\r
- - \b subtype: ::KMSG_CRED_INITIAL_CREDS or ::KMSG_CRED_NEW_CREDS\r
+ - \b subtype: ::KMSG_CRED_NEW_CREDS or ::KMSG_CRED_RENEW_CREDS\r
- \b uparam : 0 (unused)\r
- \b vparam : a pointer to a ::khui_new_creds structure.\r
\r
The \a vparam parameter of the message, as shown above, is a\r
pointer to a ::khui_new_creds structure. You can use the \a\r
- subtype field of this structure to determine whether this is an\r
- initial credentials acquisition or a new credentials acquisition\r
- at any point.\r
+ subtype field of this structure to determine whether this is a new\r
+ credentials acquisition or a renewal.\r
\r
In response to this message, a credentials provider is expected to\r
provide a configuration panel which the user can use to customize\r
how the credentials of this type are to be obtained. The panel is\r
- described by the ::khui_new_cred_panel structure.\r
+ described by the ::khui_new_creds_by_type structure.\r
\r
\subsection cred_acq_panel_spec Specifying the credentials type panel\r
\r
The credentials type panel is used by the user to customize how\r
credentials of the specified type are to be obtained. The\r
- ::khui_new_cred_panel structure that describes the panel can be\r
+ ::khui_new_creds_by_type structure that describes the panel can be\r
used to specify a number of parameters that guide how the panel is\r
to be displayed in the new credentials acquisition dialog.\r
\r
The \a name field defines a localized string that will be\r
- displayed in the tab control that houses the panel. Optionally,\r
+ displayed in the tab control that houses the panel. If it is \a\r
+ NULL, then the name of the credentials type is used. Optionally,\r
an icon can be specified in the \a icon field which will appear\r
alongside the name. A tooltip may be provided in the \a tooltip\r
field which will be displayed when the user hovers the mouse over\r
name). Then the panels without a positive ordianl are arranged\r
behind these in increasing order of \a name.\r
\r
- The \a hwnd_panel field is used to specify the handle to the\r
- dialog or window of the panel. The parent of this window should\r
- be set to the \a hwnd parameter of the ::khui_new_creds structure\r
- which is passed in to the message handler.\r
+ Currently, the credentials provider must specify a dialog template\r
+ that will be used to create the embedded dialog for configuring\r
+ new credentials for the type. This is done by setting the\r
+ khui_new_creds_by_type::h_module, khui_new_creds_by_type::dlg_proc\r
+ and khui_new_creds_by_type::dlg_template fields.\r
\r
- Following is a code snippet which suggests how this could be done:\r
+ Following is example code which suggests how this could be done:\r
\r
\code\r
// Message handling code for KMSG_CRED_NEW_CREDS or\r
t->icon = LoadIcon(my_hInstance, MAKEINTRESOURCE(IDI_PANEL_ICON));\r
t->tooltip = L"Configure credentials of my type";\r
\r
- t->hwnd_panel = CreateDialog(\r
- my_hInstance, \r
- MAKEINTRESOURCE(IDD_MY_PANEL),\r
- c->hwnd,\r
- my_dialog_proc);\r
+ // specify the dialog template to use\r
+ t->h_module = my_hInstance;\r
+ t->dlg_proc = my_dialog_procedure;\r
+ t->dlg_template = MAKEINTRESOURCE(IDD_NEW_CREDS);\r
\r
if(KHM_FAILED(khui_cw_add_type(c,t))) {\r
// handle error\r
It is important to note that the ::khui_new_creds_by_type pointer\r
that is passed into khui_cw_add_type() points to an allocated\r
block of memory which should remain in memory until\r
- <::KMSG_CRED,::KMSG_CRED_DIALOG_PROCESS> message is received.\r
+ <::KMSG_CRED,::KMSG_CRED_END> message is received.\r
\r
For information on how the dialog procedure should be written, see\r
\ref cred_acq_dlgproc .\r
/*\r
* Copyright (c) 2005 Massachusetts Institute of Technology\r
+ * Copyright (c) 2007 Secure Endpoints Inc.\r
*\r
* Permission is hereby granted, free of charge, to any person\r
* obtaining a copy of this software and associated documentation\r
\r
/* $Id$ */\r
\r
-/*! \page cred_data_types Data types in NetIDMgr\r
+/*! \page cred_data_types Data types in Network Identity Manager\r
\r
- NetIDMgr's Credentials Database supports several useful data types. In\r
- addition, plug-ins can define custom data types. Only a few operations\r
- are expected of these data types since the core KCDB delegates fine grained\r
- operations to other entities that understand the underlying format.\r
+ Network Identity Manager's Credentials Database supports several\r
+ useful data types. In addition, plug-ins can define custom data\r
+ types. Only a few operations are expected of these data types\r
+ since the core KCDB delegates fine grained operations to other\r
+ entities that understand the underlying format.\r
\r
- A field in a credential can have any one of these data types, but it must\r
- have some data type. Each value can be at most \a KCDB_TYPE_MAXCB bytes\r
- in length regardless of the data type.\r
+ A field in a credential can have any one of these data types, but\r
+ it must have some data type. Each value can be at most \a\r
+ KCDB_TYPE_MAXCB bytes in length regardless of the data type.\r
\r
- Some data types have a fixed size (such as \a Int32), while others are\r
- variable size. The required memory for each field in a credential is\r
- allocated as needed.\r
+ Some data types have a fixed size (such as \a Int32), while others\r
+ are variable size. The required memory for each field in a\r
+ credential is allocated as needed.\r
\r
\section kcdb_pg_dt Data types\r
\r
\r
\subsubsection kcdb_pg_idt_v Void\r
\r
- Pretty useless. This data type is used to indicate that the associated\r
- object doesn't actually contain any data.\r
+ Type identifier : ::KCDB_TYPE_VOID\r
+\r
+ The Void data type is used to indicate that the associated object\r
+ does not contain any data.\r
\r
\subsubsection kcdb_pg_idt_s String\r
\r
- A unicode string that is terminated with a unicode NULL (L'\\0'). By\r
- default, the type has the following flags :\r
+ Type identifier : ::KCDB_TYPE_STRING\r
+\r
+ A unicode string that is terminated with a unicode NULL (L'\\0').\r
+ By default, the type has the following flags:\r
\r
\a KCDB_TYPE_FLAG_CB_AUTO\r
\r
\r
\subsubsection kcdb_pg_idt_d Date\r
\r
- Dates and times in NetIDMgr are stored as \a FILETIME structures. Utility\r
- functions are provided for converting from other formats such as \a time_t.\r
+ Type identifier : ::KCDB_TYPE_DATE\r
+\r
+ Dates and times in Network Identity Manager are stored in \a\r
+ FILETIME structures. Utility functions are provided for\r
+ converting from other formats such as \a time_t.\r
\r
\subsubsection kcdb_pg_idt_i Interval\r
\r
- Stores an interval of time. Stored as a 64 bit signed integer. The\r
+ Type identifier : ::KCDB_TYPE_INTERVAL\r
+\r
+ Stores an interval of time. Stored as a 64-bit signed integer. The\r
string representation of this data type is different from the \a\r
- Date data type and designate an interval of time.\r
+ Date data type and designates an interval of time.\r
\r
The special value _I64_MAX (which is defined in limits.h as\r
- 0x7fffffffffffffff, or in otherwords, the largest positive value\r
- that can be stored in a 64 bit signed integer) is used to\r
+ 0x7fffffffffffffff, or in other words, the largest positive value\r
+ that can be stored in a 64-bit signed integer) is used to\r
represent an interval of unknown length.\r
\r
The string representations of a data value of Interval type are\r
\r
\subsubsection kcdb_pg_idt_i32 Int32\r
\r
- A signed 32 bit integer.\r
+ Type identifier : ::KCDB_TYPE_INT32\r
+\r
+ A signed 32-bit integer.\r
\r
\subsubsection kcdb_pg_idt_i64 Int64\r
\r
- A signed 64 bit integer.\r
+ Type identifier : ::KCDB_TYPE_INT64\r
+\r
+ A signed 64-bit integer.\r
\r
\subsubsection kcdb_pg_idt_da Data\r
\r
- Raw data. Can contain a byte stream. This data type can be used by\r
- plug-ins to associate raw data with a credential. However, there is no\r
- built in string representation for this data type. As such, this is not\r
- meant to be used for storing anything that has to be displayed to the user\r
- verbatim.\r
+ Type identifier : ::KCDB_TYPE_DATA\r
+\r
+ Raw data. Can contain a byte stream. This data type can be used\r
+ by plug-ins to associate raw data with a credential. However,\r
+ there is no built-in string representation for this data type. As\r
+ such, this is not meant to be used for storing anything that has\r
+ to be displayed to the user verbatim.\r
\r
\section kcdb_pg_cust Custom data types\r
\r
\subsection kcdb_pg_cb Custom data type call backs\r
\r
- Custom data types in the NetIDMgr Credentials Database are defined using\r
- \a kcdb_type structures which must include several callback functions.\r
- The expected behavior of these callback functions is documented below.\r
+ Custom data types in the Network Identity Manager Credentials\r
+ Database are defined using \a kcdb_type structures that must\r
+ include several callback functions. The expected behavior of\r
+ these callback functions is documented below.\r
\r
\subsubsection kcdb_pg_cb_ts toString\r
\r
definition of what a relative ordering is. It is left up to each data\r
type callback to interpret what 'ascending' and 'descending' mean.\r
\r
- The return value \a r should be as follows :\r
+ The return value \a r should be as follows:\r
\r
\a r < 0 : if \a data1 < \a data2\r
\r
/*\r
* Copyright (c) 2005 Massachusetts Institute of Technology\r
+ * Copyright (c) 2007 Secure Endpoints Inc.\r
*\r
* Permission is hereby granted, free of charge, to any person\r
* obtaining a copy of this software and associated documentation\r
/*\r
* Copyright (c) 2005 Massachusetts Institute of Technology\r
+ * Copyright (c) 2007 Secure Endpoints Inc.\r
*\r
* Permission is hereby granted, free of charge, to any person\r
* obtaining a copy of this software and associated documentation\r
\r
/*! \page cred_msgs Handling credentials provider messages\r
\r
-A credentials provider plugin receives a number of messages during the\r
+A credentials provider plug-in receives a number of messages during the\r
course of execution. This section describes the appropriate ways of\r
handling these messages.\r
\r
\r
There are only two system messages that a credentials provider needs\r
to handle. Both of these are explained elsewhere as they deal with\r
-initialization and uninitialization of the plugin. See the following\r
+initialization and uninitialization of the plug-in. See the following\r
two sections for details on handling these messages.\r
\r
- <::KMSG_SYSTEM,::KMSG_SYSTEM_INIT> \ref pi_pt_cred_init\r
/*\r
* Copyright (c) 2005 Massachusetts Institute of Technology\r
+ * Copyright (c) 2007 Secure Endpoints Inc.\r
*\r
* Permission is hereby granted, free of charge, to any person\r
* obtaining a copy of this software and associated documentation\r
- The property sheet is created and made visible with a call to\r
khui_ps_show_sheet().\r
\r
- - The NetIDMgr message loop takes over. Further interaction\r
+ - The Network Identity Manager message loop takes over. Further interaction\r
including notifications of 'Ok','Cancel','Apply' and other\r
property sheet related actions are handled through WIN32\r
messages.\r
# The PROJECT_NAME tag is a single word (or a sequence of words surrounded \r
# by quotes) that should identify the project.\r
\r
-PROJECT_NAME = NetIDMgr\r
+PROJECT_NAME = "Network Identity Manager"\r
\r
# The PROJECT_NUMBER tag can be used to enter a project or revision number. \r
# This could be handy for archiving the generated documentation or \r
# Netscape 6.0+, Internet explorer 5.0+, or Konqueror). Windows users are \r
# probably better off using the HTML help feature.\r
\r
-GENERATE_TREEVIEW = NO\r
+GENERATE_TREEVIEW = YES\r
\r
# If the treeview is enabled (see GENERATE_TREEVIEW) then this tag can be \r
# used to set the initial width (in pixels) of the frame in which the tree \r
<td>\r
<address style="align:right;">\r
<small>Generated on $datetime for $projectname $projectnumber by <a href="http://www.doxygen.org/index.html">Doxygen</a> $doxygenversion<br>\r
- © 2004-2007 Massachusetts Institute of Technology. Contact <a href="mailto:khimaira@mit.edu">khimaira@mit.edu</a><br>\r
+ © 2004-2007 Massachusetts Institute of Technology.<br>\r
+ © 2005-2007 Secure Endpoints Inc.<br>\r
+ Contact <a href="mailto:khimaira@mit.edu">khimaira@mit.edu</a><br>\r
</small>\r
</address>\r
</td>\r
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">\r
-<html><head><meta http-equiv="Content-Type" content="text/html;charset=iso-8859-1">\r
+<html><head><meta http-equiv="Content-Type" content="text/html;charset=UTF-8">\r
<title>$title</title>\r
<link href="$relpath$stylesheet.css" rel="stylesheet" type="text/css">\r
+<link href="$relpath$tabs.css" rel="stylesheet" type="text/css">\r
</head><body>\r
\r
/* $Id$ */\r
\r
-/*! \mainpage NetIDMgr\r
+/*! \mainpage Network Identity Manager\r
\r
\image html khimaira_logo.png\r
\r
\section main_dev Documentation for Developers\r
\r
- NetIDMgr is a credentials manager, which currently manages\r
- Kerberos IV, Kerberos V and AFS credentials. This document\r
- describes the API that is implemented by the NetIDMgr system.\r
+ Network Identity Manager is a credentials manager, which is\r
+ capable of managing Kerberos v5, Kerberos v4, Andrew File System,\r
+ and Kerberized Certificate Authority credentials. This document\r
+ describes the API that is implemented by the Khimaira framework\r
+ upon which Network Identity Manager is based.\r
\r
See the following sections for more information :\r
- \subpage license\r
- \subpage releases\r
\r
© 2004-2007 Massachusetts Institute of Technology\r
+\r
+ © 2005-2007 Secure Endpoints Inc.\r
*/\r
\r
/*!\r
\page license License agreement and credits\r
\r
- NetIDMgr is distributed under the MIT License.\r
+ Network Identity Manager is distributed under the MIT License.\r
\r
\section license_l MIT License\r
\r
Copyright © 2004,2005,2006,2007 Massachusetts Institute of Technology\r
+\r
+ Copyright © 2005,2006,2007 Secure Endpoints Inc.\r
\r
Permission is hereby granted, free of charge, to any person\r
obtaining a copy of this software and associated documentation\r
\r
\section license_credits Credits\r
\r
- NetIDMgr was developed at the Massachusetts Institute of\r
- Technology.\r
+ Network Identity Manager was developed at the Massachusetts Institute of\r
+ Technology in partnership with Secure Endpoints Inc.\r
\r
<a href="http://web.mit.edu/is">Information Services and\r
Technology</a> at <a href="http://web.mit.edu">Massachusetts\r
Institute of Technology</a>\r
+\r
+ <a href="http://www.secure-endpoints.com">Secure Endpoints Inc.</a>\r
*/\r
\r
/*! \page bugs Reporting bugs\r
\r
- NetIDMgr bugs can be reported to \r
- <a href="mailto:kfw-bugs@mit.edu">kfw-bugs@mit.edu</a> for now.\r
-\r
- In the future, there will actually be a place to track NetIDMgr bugs.\r
+ Network Identity Manager bugs can be reported to \r
+ <a href="mailto:kfw-bugs@mit.edu">kfw-bugs@mit.edu</a> or \r
+ <a href="mailto:netidmgr@secure-endpoints.com">netidmgr@secure-endpoints.com</a>\r
\r
When reporting bugs, please include as much information as\r
- possible to help diagnose the problem. More guidelines about\r
- reporting bugs will appear here at some point in time.\r
+ possible to help reproduce the problem.\r
\r
\image html khimaira_logo_small.png\r
*/\r
\r
/*! \page releases Prior releases\r
\r
+ The following is a list of releases of Network Identity Manager.\r
+ Whenever there is an addition to the API or a significant change\r
+ in behavior, the API version is incremented. A plug-in that is\r
+ developed against a particular version of the API will be\r
+ compatible with any release of Network Identity Manager that\r
+ implements that version of the API.\r
+\r
+ The Network Identity Manager version number is set as the file and\r
+ product version of <tt>nidmgr32.dll</tt>.\r
+\r
+ - <b>1.2.0.2</b> Kerberos for Windows 3.2 Beta 2 <em>Apr 11, 2007</em>\n\r
+ API version : <b>8</b>\r
+\r
+ - <b>1.2.0.1</b> <em>Apr 06, 2007</em>\n\r
+ API version : <b>8</b>\r
+\r
+ - <b>1.2.0.0</b> Kerberos for Windows 3.2 Beta 1 <em>Mar 29, 2007</em>\n\r
+ API version : <b>8</b>\r
+\r
+ - <b>1.1.11.0</b> <em>Mar 20, 2007</em>\n\r
+ API version : <b>8</b>\r
+\r
+ - <b>1.1.10.0</b> <em>Feb 28, 2007</em>\n\r
+ API version : <b>8</b>\r
+\r
+ - <b>1.1.9.0</b> <em>Jan 20, 2007</em>\n\r
+ API version : <b>7</b>\r
+\r
+ - <b>1.1.8.0</b> Kerberos for Windows 3.1 Final <em>Nov 22, 2006</em>\n\r
+ API version : <b>6</b>\r
+\r
+ - <b>1.1.6.0</b> Kerberos for Windows 3.1 Beta 4 <em>Nov 17, 2006</em>\n\r
+ API version : <b>6</b>\r
+\r
+ - <b>1.1.4.0</b> Kerberos for Windows 3.1 Beta 3 <em>Nov 08, 2006</em>\n\r
+ API version : <b>6</b>\r
+\r
+ - <b>1.1.2.0</b> <em>Oct 09, 2006</em>\n\r
+ API version : <b>6</b>\r
+\r
+ - <b>1.1.0.2</b> <em>Sep 21, 2006</em>\n\r
+ API version : <b>6</b>\r
+\r
+ - <b>1.1.0.1</b> <em>Jul 19, 2006</em>\n\r
+ API version : <b>5</b>\r
+\r
+ - <b>1.1.0.0</b> <em>Mar 08, 2006</em>\n\r
+ API version : <b>5</b>\r
+\r
+ - <b>1.0.0.0</b> Kerberos for Windows 3.0 <em>Dec 05, 2005</em>\n\r
+ API version : <b>4</b>\r
+\r
+ - <b>0.1.2.0</b> Second Alpha release <em>Nov 30, 2005</em>\n\r
+ API version : <b>3</b>\n\r
+ Released along with Kerberos for Windows 3.0 beta 2.\r
+\r
- <b>0.1.1</b> First Alpha release <em>Nov 01, 2005</em>\n\r
- Released along with Kerberos for Windows 3.0.0 beta.\r
+ Released along with Kerberos for Windows 3.0 beta.\r
\r
- - <b>0.1.2</b> Second Alpha release <em>Nov 30, 2005</em>\n\r
- Released along with Kerberos for Windows 3.0.0 beta 2.\r
*/\r
/*\r
* Copyright (c) 2005 Massachusetts Institute of Technology\r
+ * Copyright (c) 2007 Secure Endpoints Inc.\r
*\r
* Permission is hereby granted, free of charge, to any person\r
* obtaining a copy of this software and associated documentation\r
/* $Id$ */\r
\r
/*!\r
-\page pi_framework Plugin Framework\r
+\page pi_framework Plug-in Framework\r
\r
-\section pi_fw_pnm Plugins and Modules\r
+\section pi_fw_pnm Plug-ins and Modules\r
\r
-\subsection pi_fw_pnm_p Plugins\r
+\subsection pi_fw_pnm_p Plug-ins\r
\r
-A NetIDMgr plugin is a package that implements a defined API that will\r
-perform credentials management or related tasks on behalf of NetIDMgr.\r
-The core NetIDMgr codebase does not interact directly with Kerberos of\r
-AFS or any other external entity directly. Instead, plugins are used\r
-to abstract out this task.\r
+A Network Identity Manager plug-in is a package that implements a defined API that will\r
+perform credentials management or related tasks on behalf of Network Identity Manager.\r
+The core Network Identity Manager codebase does not interact directly with Kerberos v5 or\r
+AFS or any other external entity directly. Instead, plug-ins are used.\r
\r
-Each plugin has a name. The name should be unique among the loaded\r
-plugins, or the plugin will fail to load.\r
+Each plug-in has a name. The name should be unique among the loaded\r
+plug-ins, or the plug-in will fail to load.\r
\r
-The method in which NetIDMgr communicates with a plugin depends on the\r
-plugin type. For more information on each plugin type, please refer\r
+The method in which Network Identity Manager communicates with a plug-in depends on the\r
+plug-in type. For more information on each plug-in type, please refer\r
to \ref pi_pt.\r
\r
-Most plugin types rely on a message processor for communication.\r
-During plugin registration, the module specifies the message processor\r
-for the plugin, which acts as the only point of contact between the\r
-NetIDMgr core and the plugin. Some other plugins require exporting\r
+Most plug-in types rely on a message processor for communication.\r
+During plug-in registration, the module specifies the message processor\r
+for the plug-in, which acts as the only point of contact between the\r
+Network Identity Manager core and the plug-in. Some other plug-ins require exporting\r
specific functions.\r
\r
\subsection pi_fw_pnw_m Modules\r
\r
-One or more plugins can be bundled together into a module. A module\r
-is essentially a dynamically loadable library which contain a specific\r
+One or more plug-ins can be bundled together into a module. A module\r
+is a dynamically loadable library which exports a specific\r
set of callbacks. Currently, the only two required callbacks for a\r
module are :\r
\r
- init_module(), and\r
- exit_module()\r
\r
-\section pi_fw_pm Plugin/Module Manager\r
+\section pi_fw_pm Plug-in/Module Manager\r
\r
-The plugin manager maintains a separate thread for loading and\r
+The plug-in manager maintains a separate thread for loading and\r
registering modules. When a module is successfully loaded and it\r
-registers one or more plugins, a new thread is created for each\r
-plugin. Plugin specific initialization and other callback functions\r
-are called from within this new thread. This is to prevent one plugin\r
-from "hanging" other plugins and the main NetIDMgr UI threads.\r
+registers one or more plug-ins, a new thread is created for each\r
+plug-in. Plug-in specific initialization and other callback functions\r
+are called from within this new thread. This is to prevent one plug-in\r
+from "hanging" other plug-ins and the main Network Identity Manager \r
+user interface threads.\r
\r
Read more :\r
- \ref pi_structure\r
\subsection pi_fw_pm_load Load sequence\r
\r
When kmm_load_module() is called, the following sequence of events\r
-happen.\r
+occur:\r
\r
- The standard system search path is used to locate the binary.\r
\r
-- The binary is loaded into the address space of NetIDMgr along with\r
+- The binary is loaded into the address space of Network Identity Manager along with\r
any dependencies not already loaded.\r
\r
-- If the NetIDMgr core binary is signed, then the signature is checked\r
+- If the Network Identity Manager core binary is signed, then the signature is checked\r
against the system and user certificate stores. If this fails, the\r
module is unloaded. See \ref pi_fw_pm_unload.\r
\r
- init_module() for the loaded module is called. If this function\r
- returns an error or if no plugins are registered, then the module is\r
+ returns an error or if no plug-ins are registered, then the module is\r
unloaded. See \ref pi_fw_pm_unload.\r
\r
- During processing of init_module(), if any localized resource\r
localized libraries will be loaded. See \ref pi_localization\r
\r
- During processing of init_module(), the module registers all the\r
- plugins that it is implementing by calling kmm_register_plugin() for\r
+ plug-ins that it is implementing by calling kmm_register_plug-in() for\r
each.\r
\r
-- Once init_module() returns, each plugin is initialized. The method\r
- by which a plugin is initialized depends on the plugin type. The\r
- initialization code for the plugin may indicate that it didn't\r
- initialize properly, in which case the plugin is immediately\r
- unregistered. No further calls are made to the plugin.\r
+- Once init_module() returns, each plug-in is initialized. The method\r
+ by which a plug-in is initialized depends on the plug-in type. The\r
+ initialization code for the plug-in may indicate that it didn't\r
+ initialize properly, in which case the plug-in is immediately\r
+ unregistered. No further calls are made to the plug-in.\r
\r
-- If no plugin is successfully loaded, the module is unloaded. See\r
+- If no plug-in is successfully loaded, the module is unloaded. See\r
\ref pi_fw_pm_unload.\r
\r
-- During normal operation, any registered plugins for a module can be\r
- unloaded explicitly, or the plugin itself may signal that it should\r
- be unloaded. If at anytime, all the plugins for the module are\r
- unloaded, then the module itself is also unloaded.\r
+- During normal operation, any registered plug-ins for a module can be\r
+ unloaded explicitly, or the plug-in itself may signal that it should\r
+ be unloaded. If at anytime, all the plug-ins for the module are\r
+ unloaded, then the module itself is also unloaded unless the NoUnload\r
+ registry value is set in the module key.\r
\r
\subsection pi_fw_pm_unload Unload sequence\r
\r
-- For each of the plugins that are registered for a module, the exit\r
+- For each of the plug-ins that are registered for a module, the exit\r
code is invoked. The method by which this happens depends on the\r
- plugin type. The plugin is not given a chance to object to the\r
- decision to unload. Each plugin is responsible for performing\r
+ plug-in type. The plug-in is not given a chance to object to the\r
+ decision to unload. Each plug-in is responsible for performing\r
cleanup tasks, freeing resources and unsubscribing from any message\r
classes that it has subscribed to.\r
\r
/*\r
* Copyright (c) 2005 Massachusetts Institute of Technology\r
+ * Copyright (c) 2007 Secure Endpoints Inc.\r
*\r
* Permission is hereby granted, free of charge, to any person\r
* obtaining a copy of this software and associated documentation\r
the init_module() callback. Note that you can only register localized\r
resource libraries during init_module().\r
\r
-The localized resource library is global to a module. Each plugin is\r
+The localized resource library is global to a module. Each plug-in is\r
not allowed to define its own localization library, although it is\r
free to load and use any library as it sees fit. The module manager\r
-does not manage these libraries for the plugin.\r
+does not manage these libraries for the plug-in.\r
\r
\section pi_loc_spec Specification of localized resources\r
\r
\r
*/\r
\r
+\r
/*\r
* Copyright (c) 2005 Massachusetts Institute of Technology\r
+ * Copyright (c) 2007 Secure Endpoints Inc.\r
*\r
* Permission is hereby granted, free of charge, to any person\r
* obtaining a copy of this software and associated documentation\r
\r
/*!\r
\r
-\page plugins NetIDMgr Modules and Plugins\r
+\page plug-ins Network Identity Manager Modules and Plug-ins\r
\r
-Plugins and localization are handled by the NetIDMgr Module Manager\r
-API. Each plugin consists of a dynamically loadable library and zero\r
+Plug-ins and localization are handled by the Network Identity Manager Module Manager\r
+API. Each plug-in consists of a dynamically loadable library and zero\r
or more associated resource libraries.\r
\r
-For more information about NetIDMgr Plugins, see the following\r
+For more information about Network Identity Manager Plug-ins, see the following\r
sections:\r
\r
- \subpage pi_framework\r
- \subpage pi_localization\r
*/\r
\r
-/*! \page pi_pt Plugin Types\r
+/*! \page pi_pt Plug-in Types\r
\r
-The types of plugins that are currently supported by NetIDMgr are :\r
+The types of plug-ins that are currently supported by Network Identity Manager are :\r
\r
\section pi_pt_cred Credential Provider\r
\r
-A credential provider plugin essentially acts as an interface between\r
-NetIDMgr and some entity which defines the credentials for the purpose\r
+A credential provider plug-in essentially acts as an interface between\r
+Network Identity Manager and some entity which defines the credentials for the purpose\r
of managing those credentials.\r
\r
There can be more than one credential provider in a module.\r
\r
\subsection pi_pt_cred_comm Communication\r
\r
-Communication between NetIDMgr and a credential provider occurs\r
+Communication between Network Identity Manager and a credential provider occurs\r
through a message processor. When registering a credential provider,\r
the module initialization code in init_module() specifies\r
::KHM_PITYPE_CRED as the \a type member and sets \a msg_proc member to\r
-a valid message processor in the ::khm_plugin record.\r
+a valid message processor in the ::khm_plug-in record.\r
\r
\subsection pi_pt_cred_init Initialization\r
\r
Once init_module() has completed, the module manager sends a\r
<::KMSG_SYSTEM,::KMSG_SYSTEM_INIT> message to the message processor.\r
\r
-For credential provider plugins, <::KMSG_SYSTEM,::KMSG_SYSTEM_INIT> is\r
+For credential provider plug-ins, <::KMSG_SYSTEM,::KMSG_SYSTEM_INIT> is\r
guaranteed to be the first message it receives.\r
\r
The callback function should return KHM_ERROR_SUCCESS if it\r
initializes properly or some other value otherwise. If the return\r
-value signals an error, then the plugin is assume to not be loaded and\r
+value signals an error, then the plug-in is assume to not be loaded and\r
immediately unregistered.\r
\r
The message processor is automatically subscribed to the following\r
- ::KMSG_SYSTEM\r
- ::KMSG_KCDB\r
\r
-Although a plugin can use the <::KMSG_SYSTEM,::KMSG_SYSTEM_INIT>\r
+Although a plug-in can use the <::KMSG_SYSTEM,::KMSG_SYSTEM_INIT>\r
message enumerate existing credentials in the system, it should not\r
-obtain new credentials. This is because other plugins that may depend\r
+obtain new credentials. This is because other plug-ins that may depend\r
on the new credential messages may not be loaded at this time. See the\r
section on \ref cred_msgs for more information.\r
\r
\r
\subsection pi_pt_cred_exit Uninitialization\r
\r
-When the plugin is to be removed, the module manager sends a\r
+When the plug-in is to be removed, the module manager sends a\r
<::KMSG_SYSTEM,::KMSG_SYSTEM_EXIT> to the message processor. The\r
-plugin must perform any necessary shutdown operations, free up\r
+plug-in must perform any necessary shutdown operations, free up\r
resources and unsubscribe from any messages that it has subscribed to.\r
\r
This message is guaranteed to be the last message received by a\r
-credentials manager plugin if the plugin unsubsribes from all\r
+credentials manager plug-in if the plug-in unsubsribes from all\r
additional message classes that it subsribed to.\r
\r
The message types that the message processor is automatically\r
\r
*/\r
\r
+\r
/*\r
* Copyright (c) 2005 Massachusetts Institute of Technology\r
+ * Copyright (c) 2007 Secure Endpoints Inc.\r
*\r
* Permission is hereby granted, free of charge, to any person\r
* obtaining a copy of this software and associated documentation\r
\r
\page pi_structure Structure of a module\r
\r
-A NetIDMgr module is essentially a dynamically loadable library with a\r
+A Network Identity Manager module is a dynamically loadable library with a\r
specific set of exported symbols. Each export symbol and general\r
-notes about writing a plugin module are documented below.\r
+notes about writing a plug-in module are documented below.\r
\r
\section pi_str_init Initialization\r
\r
Do not use DllMain or other system specific callback routines to\r
perform intilization tasks other than creating mutexes, initializing\r
thread local storage and other tasks that must be performed at that\r
-stage. Specifically, do not call any NetIDMgr API functions from\r
+stage. Specifically, do not call any Network Identity Manager API functions from\r
within DllMain.\r
\r
\section pi_str_cb Callbacks\r
BODY,H1,H2,H3,H4,H5,H6,P,CENTER,TD,TH,UL,DL,DIV {\r
font-family: Geneva, Arial, Helvetica, sans-serif;\r
}\r
+BODY,TD {\r
+ font-size: 90%;\r
+}\r
H1 {\r
text-align: center;\r
+ font-size: 160%;\r
+}\r
+H2 {\r
+ font-size: 120%;\r
+}\r
+H3 {\r
+ font-size: 100%;\r
}\r
CAPTION { font-weight: bold }\r
DIV.qindex {\r
width: 100%;\r
- background-color: #000000;\r
- border: 1px solid #000000;\r
+ background-color: #e8eef2;\r
+ border: 1px solid #84b0c7;\r
+ text-align: center;\r
margin: 2px;\r
padding: 2px;\r
- line-height: 100%;\r
- color: #ffffff\r
+ line-height: 140%;\r
}\r
DIV.nav {\r
width: 100%;\r
- background-color: #000000;\r
- border: 1px solid #000000;\r
+ background-color: #e8eef2;\r
+ border: 1px solid #84b0c7;\r
text-align: center;\r
margin: 2px;\r
padding: 2px;\r
- line-height: 100%;\r
- color: #ffffff;\r
+ line-height: 140%;\r
+}\r
+DIV.navtab {\r
+ background-color: #e8eef2;\r
+ border: 1px solid #84b0c7;\r
+ text-align: center;\r
+ margin: 2px;\r
+ margin-right: 15px;\r
+ padding: 2px;\r
+}\r
+TD.navtab {\r
+ font-size: 70%;\r
}\r
A.qindex {\r
text-decoration: none;\r
- color: #ffffff;\r
+ font-weight: bold;\r
+ color: #1A419D;\r
}\r
A.qindex:visited {\r
text-decoration: none;\r
- color: #ffffff;\r
+ font-weight: bold;\r
+ color: #1A419D\r
}\r
A.qindex:hover {\r
text-decoration: none;\r
- background-color: #ffffff;\r
- color: #000000\r
+ background-color: #ddddff;\r
}\r
A.qindexHL {\r
text-decoration: none;\r
font-weight: bold;\r
+ background-color: #6666cc;\r
+ color: #ffffff;\r
+ border: 1px double #9295C2;\r
}\r
A.qindexHL:hover {\r
text-decoration: none;\r
- background-color: #333333;\r
+ background-color: #6666cc;\r
color: #ffffff;\r
}\r
-A.qindexHL:visited { text-decoration: none; background-color: #333333; color: #ffffff }\r
-A.el { text-decoration: none; }\r
-A.elRef { }\r
+A.qindexHL:visited { text-decoration: none; background-color: #6666cc; color: #ffffff }\r
+A.el { text-decoration: none; font-weight: bold }\r
+A.elRef { font-weight: bold }\r
A.code:link { text-decoration: none; font-weight: normal; color: #0000FF}\r
A.code:visited { text-decoration: none; font-weight: normal; color: #0000FF}\r
A.codeRef:link { font-weight: normal; color: #0000FF}\r
A.codeRef:visited { font-weight: normal; color: #0000FF}\r
-A:hover { text-decoration: none; background-color: #cccccc }\r
+A:hover { text-decoration: none; background-color: #f2f2ff }\r
DL.el { margin-left: -1cm }\r
.fragment {\r
- font-family: monospace\r
+ font-family: monospace, fixed;\r
+ font-size: 95%;\r
}\r
PRE.fragment {\r
border: 1px solid #CCCCCC;\r
padding-bottom: 4px;\r
}\r
DIV.ah { background-color: black; font-weight: bold; color: #ffffff; margin-bottom: 3px; margin-top: 3px }\r
-TD.md { background-color: #cccccc; font-weight: bold; }\r
-TD.mdname1 { background-color: #cccccc; font-weight: bold; color: #000000; }\r
-TD.mdname { background-color: #cccccc; font-weight: bold; color: #000000; width: 600px; }\r
+\r
DIV.groupHeader {\r
margin-left: 16px;\r
margin-top: 12px;\r
margin-bottom: 6px;\r
font-weight: bold;\r
}\r
-DIV.groupText { margin-left: 16px; font-style: italic; font-size: 14px }\r
+DIV.groupText { margin-left: 16px; font-style: italic; font-size: 90% }\r
BODY {\r
background: white;\r
color: black;\r
margin-left: 20px;\r
}\r
TD.indexkey {\r
- background-color: #cccccc;\r
+ background-color: #e8eef2;\r
font-weight: bold;\r
padding-right : 10px;\r
padding-top : 2px;\r
border: 1px solid #CCCCCC;\r
}\r
TD.indexvalue {\r
- background-color: #cccccc;\r
+ background-color: #e8eef2;\r
font-style: italic;\r
padding-right : 10px;\r
padding-top : 2px;\r
border: 1px solid #CCCCCC;\r
}\r
TR.memlist {\r
- background-color: #f0f0f0;\r
+ background-color: #f0f0f0; \r
}\r
P.formulaDsp { text-align: center; }\r
IMG.formulaDsp { }\r
SPAN.preprocessor { color: #806020 }\r
SPAN.stringliteral { color: #002080 }\r
SPAN.charliteral { color: #008080 }\r
-.mdTable {\r
- border: 1px solid #cccccc;\r
- background-color: #cccccc;\r
-}\r
-.mdRow {\r
- padding: 8px 10px;\r
-}\r
.mdescLeft {\r
padding: 0px 8px 4px 8px;\r
- font-size: 12px;\r
+ font-size: 80%;\r
font-style: italic;\r
background-color: #FAFAFA;\r
border-top: 1px none #E0E0E0;\r
}\r
.mdescRight {\r
padding: 0px 8px 4px 8px;\r
- font-size: 12px;\r
+ font-size: 80%;\r
font-style: italic;\r
background-color: #FAFAFA;\r
border-top: 1px none #E0E0E0;\r
border-bottom-style: none;\r
border-left-style: none;\r
background-color: #FAFAFA;\r
- font-size: 12px;\r
+ font-size: 80%;\r
}\r
.memItemRight {\r
padding: 1px 8px 0px 8px;\r
border-bottom-style: none;\r
border-left-style: none;\r
background-color: #FAFAFA;\r
- font-size: 13px;\r
+ font-size: 80%;\r
}\r
.memTemplItemLeft {\r
padding: 1px 0px 0px 8px;\r
border-bottom-style: none;\r
border-left-style: none;\r
background-color: #FAFAFA;\r
- font-size: 12px;\r
+ font-size: 80%;\r
}\r
.memTemplItemRight {\r
padding: 1px 8px 0px 8px;\r
border-bottom-style: none;\r
border-left-style: none;\r
background-color: #FAFAFA;\r
- font-size: 13px;\r
+ font-size: 80%;\r
}\r
.memTemplParams {\r
padding: 1px 0px 0px 8px;\r
border-left-style: none;\r
color: #606060;\r
background-color: #FAFAFA;\r
- font-size: 12px;\r
+ font-size: 80%;\r
}\r
.search { color: #003399;\r
font-weight: bold;\r
INPUT.search { font-size: 75%;\r
color: #000080;\r
font-weight: normal;\r
- background-color: #ffcc99;\r
+ background-color: #e8eef2;\r
}\r
TD.tiny { font-size: 75%;\r
}\r
a {\r
- color: #0000ff;\r
+ color: #1A41A8;\r
}\r
a:visited {\r
- color: #0000ff;\r
+ color: #2A3798;\r
+}\r
+.dirtab { padding: 4px;\r
+ border-collapse: collapse;\r
+ border: 1px solid #84b0c7;\r
+}\r
+TH.dirtab { background: #e8eef2;\r
+ font-weight: bold;\r
+}\r
+HR { height: 1px;\r
+ border: none;\r
+ border-top: 1px solid black;\r
+ border-color: #88b7c8;\r
+}\r
+\r
+/* Style for detailed member documentation */\r
+.memtemplate {\r
+ font-size: 80%;\r
+ color: #606060;\r
+ font-weight: normal;\r
+} \r
+.memnav { \r
+ background-color: #e8eef2;\r
+ border: 1px solid #84b0c7;\r
+ text-align: center;\r
+ margin: 2px;\r
+ margin-right: 15px;\r
+ padding: 2px;\r
+}\r
+.memitem {\r
+ padding: 4px;\r
+ background-color: #eef3f5;\r
+ border-width: 1px;\r
+ border-style: solid;\r
+ border-color: #dedeee;\r
+ -moz-border-radius: 8px 8px 8px 8px;\r
+}\r
+.memname {\r
+ white-space: nowrap;\r
+ font-weight: bold;\r
+}\r
+.memdoc{\r
+ padding-left: 10px;\r
+}\r
+.memproto {\r
+ background-color: #d5e1e8;\r
+ width: 100%;\r
+ border-width: 1px;\r
+ border-style: solid;\r
+ border-color: #84b0c7;\r
+ font-weight: bold;\r
+ -moz-border-radius: 8px 8px 8px 8px;\r
+}\r
+.paramkey {\r
+ text-align: right;\r
+}\r
+.paramtype {\r
+ white-space: nowrap;\r
+}\r
+.paramname {\r
+ color: #602020;\r
+ font-style: italic;\r
+ white-space: nowrap;\r
+}\r
+/* End Styling for detailed member documentation */\r
+\r
+/* for the tree view */\r
+.ftvtree {\r
+ font-family: sans-serif;\r
+ margin:0.5em;\r
}\r
-.anchor {\r
- color: #000000;\r
-}
\ No newline at end of file
+.directory { font-size: 9pt; font-weight: bold; }\r
+.directory h3 { margin: 0px; margin-top: 1em; font-size: 11pt; }\r
+.directory > h3 { margin-top: 0; }\r
+.directory p { margin: 0px; white-space: nowrap; }\r
+.directory div { display: none; margin: 0px; }\r
+.directory img { vertical-align: -30%; }\r
/*\r
* Copyright (c) 2005 Massachusetts Institute of Technology\r
+ * Copyright (c) 2007 Secure Endpoints Inc.\r
*\r
* Permission is hereby granted, free of charge, to any person\r
* obtaining a copy of this software and associated documentation\r
/*\r
* Copyright (c) 2005 Massachusetts Institute of Technology\r
+ * Copyright (c) 2007 Secure Endpoints Inc.\r
*\r
* Permission is hereby granted, free of charge, to any person\r
* obtaining a copy of this software and associated documentation\r
context functions and data structures provide access to this\r
information.\r
\r
- The NetIDMgr user interface presents an outline view of all the\r
+ The Network Identity Manager user interface presents an outline view of all the\r
credentials that were provided by credentials providers. This\r
view consists of headers representing the outline levels and rows\r
representing individual credentials.\r
obtain and store the context in a location that is accessible to\r
the handlers of the message.\r
\r
- If a plugin needs to obtain the UI context, it should do so by\r
+ If a plug-in needs to obtain the UI context, it should do so by\r
calling khui_context_get() and passing in a pointer to a\r
::khui_action_context structure.\r
\r
Once obtained, the contents of the ::khui_action_context structure\r
- should be considered read-only. When the plugin is done with the\r
+ should be considered read-only. When the plug-in is done with the\r
structure, it should call ::khui_context_release(). This cleans\r
up any additional memory allocated for storing the context as well\r
as releasing all the objects that were referenced from the\r
/*\r
* Copyright (c) 2005 Massachusetts Institute of Technology\r
+ * Copyright (c) 2007 Secure Endpoints Inc.\r
*\r
* Permission is hereby granted, free of charge, to any person\r
* obtaining a copy of this software and associated documentation\r
/*\r
* Copyright (c) 2005 Massachusetts Institute of Technology\r
+ * Copyright (c) 2007 Secure Endpoints Inc.\r
*\r
* Permission is hereby granted, free of charge, to any person\r
* obtaining a copy of this software and associated documentation\r