File: krb5_mk_safe.txt

package info (click to toggle)
krb5 1.15-1%2Bdeb9u1
  • links: PTS, VCS
  • area: main
  • in suites: stretch
  • size: 54,220 kB
  • ctags: 32,381
  • sloc: ansic: 310,596; cpp: 16,220; exp: 13,350; python: 7,990; makefile: 7,223; sh: 6,185; perl: 3,518; asm: 1,460; yacc: 1,006; xml: 503; awk: 396; csh: 147; lisp: 104; sed: 43
file content (83 lines) | stat: -rw-r--r-- 2,020 bytes parent folder | download | duplicates (4) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
 
krb5_mk_safe -  Format a KRB-SAFE message. 
===========================================

..

.. c:function:: krb5_error_code krb5_mk_safe(krb5_context context, krb5_auth_context auth_context, const krb5_data * userdata, krb5_data * outbuf, krb5_replay_data * outdata)

..


:param:

	          **[in]** **context** - Library context

	          **[in]** **auth_context** - Authentication context

	          **[in]** **userdata** - User data in the message

	          **[out]** **outbuf** - Formatted **KRB-SAFE** buffer

	          **[out]** **outdata** - Replay data. Specify NULL if not needed


..


:retval:
         -   0   Success; otherwise - Kerberos error codes


..







This function creates an integrity protected **KRB-SAFE** message using data supplied by the application.



Fields in *auth_context* specify the checksum type, the keyblock that can be used to seed the checksum, full addresses (host and port) for the sender and receiver, and :data:`KRB5_AUTH_CONTEXT` flags.



The local address in *auth_context* must be set, and is used to form the sender address used in the KRB-SAFE message. The remote address is optional; if specified, it will be used to form the receiver address used in the message.



If :data:`KRB5_AUTH_CONTEXT_DO_TIME` flag is set in the *auth_context* , an entry describing the message is entered in the replay cache *auth_context->rcache* which enables the caller to detect if this message is reflected by an attacker. If :data:`KRB5_AUTH_CONTEXT_DO_TIME` is not set, the replay cache is not used.



If either :data:`KRB5_AUTH_CONTEXT_DO_SEQUENCE` or :data:`KRB5_AUTH_CONTEXT_RET_SEQUENCE` is set, the *auth_context* local sequence number will be placed in *outdata* as its sequence number.



Use :c:func:`krb5_free_data_contents()` to free *outbuf* when it is no longer needed.










..






.. note::

	 The *outdata* argument is required if :data:`KRB5_AUTH_CONTEXT_RET_TIME` or :data:`KRB5_AUTH_CONTEXT_RET_SEQUENCE` flag is set in the *auth_context* .