File: krb5_rd_safe.html

package info (click to toggle)
krb5 1.12.1%2Bdfsg-19
  • links: PTS, VCS
  • area: main
  • in suites: jessie-kfreebsd
  • size: 66,488 kB
  • sloc: ansic: 308,664; cpp: 15,753; exp: 13,257; makefile: 7,652; python: 7,226; sh: 6,457; perl: 3,514; asm: 1,544; yacc: 1,187; awk: 396; xml: 368; csh: 147; lisp: 104; sed: 43
file content (181 lines) | stat: -rw-r--r-- 10,768 bytes parent folder | download | duplicates (2) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
 


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
  "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">


<html xmlns="http://www.w3.org/1999/xhtml">
  <head>
    <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
    
    <title>krb5_rd_safe - Process KRB-SAFE message. &mdash; MIT Kerberos Documentation</title>
    
    <link rel="stylesheet" href="../../../_static/agogo.css" type="text/css" />
    <link rel="stylesheet" href="../../../_static/pygments.css" type="text/css" />
    <link rel="stylesheet" href="../../../_static/kerb.css" type="text/css" />
    
    <script type="text/javascript">
      var DOCUMENTATION_OPTIONS = {
        URL_ROOT:    '../../../',
        VERSION:     '1.12.1',
        COLLAPSE_INDEX: false,
        FILE_SUFFIX: '.html',
        HAS_SOURCE:  true
      };
    </script>
    <script type="text/javascript" src="../../../_static/jquery.js"></script>
    <script type="text/javascript" src="../../../_static/underscore.js"></script>
    <script type="text/javascript" src="../../../_static/doctools.js"></script>
    <link rel="author" title="About these documents" href="../../../about.html" />
    <link rel="copyright" title="Copyright" href="../../../copyright.html" />
    <link rel="top" title="MIT Kerberos Documentation" href="../../../index.html" />
    <link rel="up" title="krb5 API" href="index.html" />
    <link rel="next" title="krb5_read_password - Read a password from keyboard input." href="krb5_read_password.html" />
    <link rel="prev" title="krb5_rd_req - Parse and decrypt a KRB_AP_REQ message." href="krb5_rd_req.html" /> 
  </head>
  <body>
    <div class="header-wrapper">
        <div class="header">
            
            
            <h1><a href="../../../index.html">MIT Kerberos Documentation</a></h1>
            
            <div class="rel">
                
        <a href="../../../index.html" title="Full Table of Contents"
            accesskey="C">Contents</a> |
        <a href="krb5_rd_req.html" title="krb5_rd_req - Parse and decrypt a KRB_AP_REQ message."
            accesskey="P">previous</a> |
        <a href="krb5_read_password.html" title="krb5_read_password - Read a password from keyboard input."
            accesskey="N">next</a> |
        <a href="../../../genindex.html" title="General Index"
            accesskey="I">index</a> |
        <a href="../../../search.html" title="Enter search criteria"
            accesskey="S">Search</a> |
    <a href="mailto:krb5-bugs@mit.edu?subject=Documentation__krb5_rd_safe -  Process KRB-SAFE message.">feedback</a>
            </div>
        </div>
    </div>

    <div class="content-wrapper">
      <div class="content">
        <div class="document">
            
      <div class="documentwrapper">
        <div class="bodywrapper">
          <div class="body">
            
  <div class="section" id="krb5-rd-safe-process-krb-safe-message">
<h1>krb5_rd_safe -  Process KRB-SAFE message.<a class="headerlink" href="#krb5-rd-safe-process-krb-safe-message" title="Permalink to this headline">¶</a></h1>
<dl class="function">
<dt id="krb5_rd_safe">
<a class="reference internal" href="../types/krb5_error_code.html#krb5_error_code" title="krb5_error_code">krb5_error_code</a> <tt class="descname">krb5_rd_safe</tt><big>(</big><a class="reference internal" href="../types/krb5_context.html#krb5_context" title="krb5_context">krb5_context</a><em>&nbsp;context</em>, <a class="reference internal" href="../types/krb5_auth_context.html#krb5_auth_context" title="krb5_auth_context">krb5_auth_context</a><em>&nbsp;auth_context</em>, const <a class="reference internal" href="../types/krb5_data.html#krb5_data" title="krb5_data">krb5_data</a> *<em>&nbsp;inbuf</em>, <a class="reference internal" href="../types/krb5_data.html#krb5_data" title="krb5_data">krb5_data</a> *<em>&nbsp;outbuf</em>, <a class="reference internal" href="../types/krb5_replay_data.html#krb5_replay_data" title="krb5_replay_data">krb5_replay_data</a> *<em>&nbsp;outdata</em><big>)</big><a class="headerlink" href="#krb5_rd_safe" title="Permalink to this definition">¶</a></dt>
<dd></dd></dl>

<table class="docutils field-list" frame="void" rules="none">
<col class="field-name" />
<col class="field-body" />
<tbody valign="top">
<tr class="field-odd field"><th class="field-name">param:</th><td class="field-body"><p class="first"><strong>[in]</strong> <strong>context</strong> - Library context</p>
<p><strong>[in]</strong> <strong>auth_context</strong> - Authentication context</p>
<p><strong>[in]</strong> <strong>inbuf</strong> - <strong>KRB-SAFE</strong> message to be parsed</p>
<p><strong>[out]</strong> <strong>outbuf</strong> - Data parsed from <strong>KRB-SAFE</strong> message</p>
<p class="last"><strong>[out]</strong> <strong>outdata</strong> - Replay data. Specify NULL if not needed</p>
</td>
</tr>
</tbody>
</table>
<table class="docutils field-list" frame="void" rules="none">
<col class="field-name" />
<col class="field-body" />
<tbody valign="top">
<tr class="field-odd field"><th class="field-name">retval:</th><td class="field-body"><ul class="first last simple">
<li>0   Success; otherwise - Kerberos error codes</li>
</ul>
</td>
</tr>
</tbody>
</table>
<p>This function parses a <strong>KRB-SAFE</strong> message, verifies its integrity, and stores its data into <em>outbuf</em> .</p>
<p>If the <a class="reference internal" href="../macros/KRB5_AUTH_CONTEXT_DO_SEQUENCE.html#KRB5_AUTH_CONTEXT_DO_SEQUENCE" title="KRB5_AUTH_CONTEXT_DO_SEQUENCE"><tt class="xref py py-data docutils literal"><span class="pre">KRB5_AUTH_CONTEXT_DO_SEQUENCE</span></tt></a> flag is set in <em>auth_context</em> , the sequence number of the KRB-SAFE message is checked against the remote sequence number field of <em>auth_context</em> . Otherwise, the sequence number is not used.</p>
<p>If the <a class="reference internal" href="../macros/KRB5_AUTH_CONTEXT_DO_TIME.html#KRB5_AUTH_CONTEXT_DO_TIME" title="KRB5_AUTH_CONTEXT_DO_TIME"><tt class="xref py py-data docutils literal"><span class="pre">KRB5_AUTH_CONTEXT_DO_TIME</span></tt></a> flag is set in <em>auth_context</em> , then two additional checks are performed:</p>
<blockquote>
<div><blockquote>
<div><ul class="simple">
<li>The timestamp in the message must be within the permitted clock skew (which is usually five minutes).</li>
<li>The message must not be a replayed message field in <em>auth_context</em> .</li>
</ul>
</div></blockquote>
<p>Use <a class="reference internal" href="krb5_free_data_contents.html#krb5_free_data_contents" title="krb5_free_data_contents"><tt class="xref c c-func docutils literal"><span class="pre">krb5_free_data_contents()</span></tt></a> to free <em>outbuf</em> when it is no longer needed.</p>
</div></blockquote>
<div class="admonition note">
<p class="first admonition-title">Note</p>
<p>The <em>outdata</em> argument is required if <a class="reference internal" href="../macros/KRB5_AUTH_CONTEXT_RET_TIME.html#KRB5_AUTH_CONTEXT_RET_TIME" title="KRB5_AUTH_CONTEXT_RET_TIME"><tt class="xref py py-data docutils literal"><span class="pre">KRB5_AUTH_CONTEXT_RET_TIME</span></tt></a> or <a class="reference internal" href="../macros/KRB5_AUTH_CONTEXT_RET_SEQUENCE.html#KRB5_AUTH_CONTEXT_RET_SEQUENCE" title="KRB5_AUTH_CONTEXT_RET_SEQUENCE"><tt class="xref py py-data docutils literal"><span class="pre">KRB5_AUTH_CONTEXT_RET_SEQUENCE</span></tt></a> flag is set in the <em>auth_context</em> .</p>
<p class="last"><em>auth_context</em> must have a remote address set. This address will be used to verify the sender address in the KRB-SAFE message. If <em>auth_context</em> has a local address set, it will be used to verify the receiver address in the KRB-SAFE message if the message contains one. Both addresses must use type <strong>ADDRTYPE_ADDRPORT</strong> .</p>
</div>
</div>


          </div>
        </div>
      </div>
        </div>
        <div class="sidebar">
    <h2>On this page</h2>
    <ul>
<li><a class="reference internal" href="#">krb5_rd_safe -  Process KRB-SAFE message.</a></li>
</ul>

    <br/>
    <h2>Table of contents</h2>
    <ul>
<li class="toctree-l1"><a class="reference internal" href="../../../user/index.html">For users</a></li>
<li class="toctree-l1"><a class="reference internal" href="../../../admin/index.html">For administrators</a></li>
<li class="toctree-l1"><a class="reference internal" href="../../index.html">For application developers</a></li>
<li class="toctree-l1"><a class="reference internal" href="../../../plugindev/index.html">For plugin module developers</a></li>
<li class="toctree-l1"><a class="reference internal" href="../../../build/index.html">Building Kerberos V5</a></li>
<li class="toctree-l1"><a class="reference internal" href="../../../basic/index.html">Kerberos V5 concepts</a></li>
<li class="toctree-l1"><a class="reference internal" href="../../../mitK5features.html">MIT Kerberos features</a></li>
<li class="toctree-l1"><a class="reference internal" href="../../../build_this.html">How to build this documentation from the source</a></li>
<li class="toctree-l1"><a class="reference internal" href="../../../about.html">Contributing to the MIT Kerberos Documentation</a></li>
<li class="toctree-l1"><a class="reference internal" href="../../../resources.html">Resources</a></li>
</ul>

    <br/>
    <h4><a href="../../../index.html">Full Table of Contents</a></h4>
    <h4>Search</h4>
    <form class="search" action="../../../search.html" method="get">
      <input type="text" name="q" size="18" />
      <input type="submit" value="Go" />
      <input type="hidden" name="check_keywords" value="yes" />
      <input type="hidden" name="area" value="default" />
    </form>
        </div>
        <div class="clearer"></div>
      </div>
    </div>

    <div class="footer-wrapper">
        <div class="footer" >
            <div class="right" ><i>Release: 1.12.1</i><br />
                &copy; <a href="../../../copyright.html">Copyright</a> 1985-2013, MIT.
            </div>
            <div class="left">
                
        <a href="../../../index.html" title="Full Table of Contents"
            >Contents</a> |
        <a href="krb5_rd_req.html" title="krb5_rd_req - Parse and decrypt a KRB_AP_REQ message."
            >previous</a> |
        <a href="krb5_read_password.html" title="krb5_read_password - Read a password from keyboard input."
            >next</a> |
        <a href="../../../genindex.html" title="General Index"
            >index</a> |
        <a href="../../../search.html" title="Enter search criteria"
            >Search</a> |
    <a href="mailto:krb5-bugs@mit.edu?subject=Documentation__krb5_rd_safe -  Process KRB-SAFE message.">feedback</a>
            </div>
        </div>
    </div>

  </body>
</html>