1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
|
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>krb5_rd_priv - Process a KRB-PRIV message. — MIT Kerberos Documentation</title>
<link rel="stylesheet" href="../../../_static/agogo.css" type="text/css" />
<link rel="stylesheet" href="../../../_static/pygments.css" type="text/css" />
<link rel="stylesheet" href="../../../_static/kerb.css" type="text/css" />
<script type="text/javascript">
var DOCUMENTATION_OPTIONS = {
URL_ROOT: '../../../',
VERSION: '1.12.1',
COLLAPSE_INDEX: false,
FILE_SUFFIX: '.html',
HAS_SOURCE: true
};
</script>
<script type="text/javascript" src="../../../_static/jquery.js"></script>
<script type="text/javascript" src="../../../_static/underscore.js"></script>
<script type="text/javascript" src="../../../_static/doctools.js"></script>
<link rel="author" title="About these documents" href="../../../about.html" />
<link rel="copyright" title="Copyright" href="../../../copyright.html" />
<link rel="top" title="MIT Kerberos Documentation" href="../../../index.html" />
<link rel="up" title="krb5 API" href="index.html" />
<link rel="next" title="krb5_rd_rep - Parse and decrypt a KRB_AP_REP message." href="krb5_rd_rep.html" />
<link rel="prev" title="krb5_rd_error - Decode a KRB-ERROR message." href="krb5_rd_error.html" />
</head>
<body>
<div class="header-wrapper">
<div class="header">
<h1><a href="../../../index.html">MIT Kerberos Documentation</a></h1>
<div class="rel">
<a href="../../../index.html" title="Full Table of Contents"
accesskey="C">Contents</a> |
<a href="krb5_rd_error.html" title="krb5_rd_error - Decode a KRB-ERROR message."
accesskey="P">previous</a> |
<a href="krb5_rd_rep.html" title="krb5_rd_rep - Parse and decrypt a KRB_AP_REP message."
accesskey="N">next</a> |
<a href="../../../genindex.html" title="General Index"
accesskey="I">index</a> |
<a href="../../../search.html" title="Enter search criteria"
accesskey="S">Search</a> |
<a href="mailto:krb5-bugs@mit.edu?subject=Documentation__krb5_rd_priv - Process a KRB-PRIV message.">feedback</a>
</div>
</div>
</div>
<div class="content-wrapper">
<div class="content">
<div class="document">
<div class="documentwrapper">
<div class="bodywrapper">
<div class="body">
<div class="section" id="krb5-rd-priv-process-a-krb-priv-message">
<h1>krb5_rd_priv - Process a KRB-PRIV message.<a class="headerlink" href="#krb5-rd-priv-process-a-krb-priv-message" title="Permalink to this headline">¶</a></h1>
<dl class="function">
<dt id="krb5_rd_priv">
<a class="reference internal" href="../types/krb5_error_code.html#krb5_error_code" title="krb5_error_code">krb5_error_code</a> <tt class="descname">krb5_rd_priv</tt><big>(</big><a class="reference internal" href="../types/krb5_context.html#krb5_context" title="krb5_context">krb5_context</a><em> context</em>, <a class="reference internal" href="../types/krb5_auth_context.html#krb5_auth_context" title="krb5_auth_context">krb5_auth_context</a><em> auth_context</em>, const <a class="reference internal" href="../types/krb5_data.html#krb5_data" title="krb5_data">krb5_data</a> *<em> inbuf</em>, <a class="reference internal" href="../types/krb5_data.html#krb5_data" title="krb5_data">krb5_data</a> *<em> outbuf</em>, <a class="reference internal" href="../types/krb5_replay_data.html#krb5_replay_data" title="krb5_replay_data">krb5_replay_data</a> *<em> outdata</em><big>)</big><a class="headerlink" href="#krb5_rd_priv" title="Permalink to this definition">¶</a></dt>
<dd></dd></dl>
<table class="docutils field-list" frame="void" rules="none">
<col class="field-name" />
<col class="field-body" />
<tbody valign="top">
<tr class="field-odd field"><th class="field-name">param:</th><td class="field-body"><p class="first"><strong>[in]</strong> <strong>context</strong> - Library context</p>
<p><strong>[in]</strong> <strong>auth_context</strong> - Authentication structure</p>
<p><strong>[in]</strong> <strong>inbuf</strong> - <strong>KRB-PRIV</strong> message to be parsed</p>
<p><strong>[out]</strong> <strong>outbuf</strong> - Data parsed from <strong>KRB-PRIV</strong> message</p>
<p class="last"><strong>[out]</strong> <strong>outdata</strong> - Replay data. Specify NULL if not needed</p>
</td>
</tr>
</tbody>
</table>
<table class="docutils field-list" frame="void" rules="none">
<col class="field-name" />
<col class="field-body" />
<tbody valign="top">
<tr class="field-odd field"><th class="field-name">retval:</th><td class="field-body"><ul class="first last simple">
<li>0 Success; otherwise - Kerberos error codes</li>
</ul>
</td>
</tr>
</tbody>
</table>
<p>This function parses a <strong>KRB-PRIV</strong> message, verifies its integrity, and stores its unencrypted data into <em>outbuf</em> .</p>
<p>If the <a class="reference internal" href="../macros/KRB5_AUTH_CONTEXT_DO_SEQUENCE.html#KRB5_AUTH_CONTEXT_DO_SEQUENCE" title="KRB5_AUTH_CONTEXT_DO_SEQUENCE"><tt class="xref py py-data docutils literal"><span class="pre">KRB5_AUTH_CONTEXT_DO_SEQUENCE</span></tt></a> flag is set in <em>auth_context</em> , the sequence number of the KRB-SAFE message is checked against the remote sequence number field of <em>auth_context</em> . Otherwise, the sequence number is not used.</p>
<p>If the <a class="reference internal" href="../macros/KRB5_AUTH_CONTEXT_DO_TIME.html#KRB5_AUTH_CONTEXT_DO_TIME" title="KRB5_AUTH_CONTEXT_DO_TIME"><tt class="xref py py-data docutils literal"><span class="pre">KRB5_AUTH_CONTEXT_DO_TIME</span></tt></a> flag is set in <em>auth_context</em> , then two additional checks are performed:</p>
<blockquote>
<div><ul class="simple">
<li>The timestamp in the message must be within the permitted clock skew (which is usually five minutes).</li>
<li>The message must not be a replayed message field in <em>auth_context</em> .</li>
</ul>
</div></blockquote>
<div class="admonition note">
<p class="first admonition-title">Note</p>
<p>If the <a class="reference internal" href="../macros/KRB5_AUTH_CONTEXT_RET_TIME.html#KRB5_AUTH_CONTEXT_RET_TIME" title="KRB5_AUTH_CONTEXT_RET_TIME"><tt class="xref py py-data docutils literal"><span class="pre">KRB5_AUTH_CONTEXT_RET_TIME</span></tt></a> or <a class="reference internal" href="../macros/KRB5_AUTH_CONTEXT_RET_SEQUENCE.html#KRB5_AUTH_CONTEXT_RET_SEQUENCE" title="KRB5_AUTH_CONTEXT_RET_SEQUENCE"><tt class="xref py py-data docutils literal"><span class="pre">KRB5_AUTH_CONTEXT_RET_SEQUENCE</span></tt></a> flag is set in <em>auth_context</em> , <em>outdata</em> is required.</p>
<p class="last"><em>auth_context</em> must have a remote address set. This address will be used to verify the sender address in the KRB-PRIV message. If <em>auth_context</em> has a local address set, it will be used to verify the receiver address in the KRB-PRIV message if the message contains one. Both addresses must use type <strong>ADDRTYPE_ADDRPORT</strong> .</p>
</div>
</div>
</div>
</div>
</div>
</div>
<div class="sidebar">
<h2>On this page</h2>
<ul>
<li><a class="reference internal" href="#">krb5_rd_priv - Process a KRB-PRIV message.</a></li>
</ul>
<br/>
<h2>Table of contents</h2>
<ul>
<li class="toctree-l1"><a class="reference internal" href="../../../user/index.html">For users</a></li>
<li class="toctree-l1"><a class="reference internal" href="../../../admin/index.html">For administrators</a></li>
<li class="toctree-l1"><a class="reference internal" href="../../index.html">For application developers</a></li>
<li class="toctree-l1"><a class="reference internal" href="../../../plugindev/index.html">For plugin module developers</a></li>
<li class="toctree-l1"><a class="reference internal" href="../../../build/index.html">Building Kerberos V5</a></li>
<li class="toctree-l1"><a class="reference internal" href="../../../basic/index.html">Kerberos V5 concepts</a></li>
<li class="toctree-l1"><a class="reference internal" href="../../../mitK5features.html">MIT Kerberos features</a></li>
<li class="toctree-l1"><a class="reference internal" href="../../../build_this.html">How to build this documentation from the source</a></li>
<li class="toctree-l1"><a class="reference internal" href="../../../about.html">Contributing to the MIT Kerberos Documentation</a></li>
<li class="toctree-l1"><a class="reference internal" href="../../../resources.html">Resources</a></li>
</ul>
<br/>
<h4><a href="../../../index.html">Full Table of Contents</a></h4>
<h4>Search</h4>
<form class="search" action="../../../search.html" method="get">
<input type="text" name="q" size="18" />
<input type="submit" value="Go" />
<input type="hidden" name="check_keywords" value="yes" />
<input type="hidden" name="area" value="default" />
</form>
</div>
<div class="clearer"></div>
</div>
</div>
<div class="footer-wrapper">
<div class="footer" >
<div class="right" ><i>Release: 1.12.1</i><br />
© <a href="../../../copyright.html">Copyright</a> 1985-2013, MIT.
</div>
<div class="left">
<a href="../../../index.html" title="Full Table of Contents"
>Contents</a> |
<a href="krb5_rd_error.html" title="krb5_rd_error - Decode a KRB-ERROR message."
>previous</a> |
<a href="krb5_rd_rep.html" title="krb5_rd_rep - Parse and decrypt a KRB_AP_REP message."
>next</a> |
<a href="../../../genindex.html" title="General Index"
>index</a> |
<a href="../../../search.html" title="Enter search criteria"
>Search</a> |
<a href="mailto:krb5-bugs@mit.edu?subject=Documentation__krb5_rd_priv - Process a KRB-PRIV message.">feedback</a>
</div>
</div>
</div>
</body>
</html>
|
