1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
|
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>krb5_rd_priv - Process a KRB-PRIV message. — MIT Kerberos Documentation</title>
<link rel="stylesheet" href="../../../_static/agogo.css" type="text/css" />
<link rel="stylesheet" href="../../../_static/pygments.css" type="text/css" />
<link rel="stylesheet" href="../../../_static/kerb.css" type="text/css" />
<script type="text/javascript">
var DOCUMENTATION_OPTIONS = {
URL_ROOT: '../../../',
VERSION: '1.17',
COLLAPSE_INDEX: false,
FILE_SUFFIX: '.html',
HAS_SOURCE: true,
SOURCELINK_SUFFIX: '.txt'
};
</script>
<script type="text/javascript" src="../../../_static/jquery.js"></script>
<script type="text/javascript" src="../../../_static/underscore.js"></script>
<script type="text/javascript" src="../../../_static/doctools.js"></script>
<link rel="author" title="About these documents" href="../../../about.html" />
<link rel="index" title="Index" href="../../../genindex.html" />
<link rel="search" title="Search" href="../../../search.html" />
<link rel="copyright" title="Copyright" href="../../../copyright.html" />
<link rel="next" title="krb5_rd_rep - Parse and decrypt a KRB_AP_REP message." href="krb5_rd_rep.html" />
<link rel="prev" title="krb5_rd_error - Decode a KRB-ERROR message." href="krb5_rd_error.html" />
</head>
<body>
<div class="header-wrapper">
<div class="header">
<h1><a href="../../../index.html">MIT Kerberos Documentation</a></h1>
<div class="rel">
<a href="../../../index.html" title="Full Table of Contents"
accesskey="C">Contents</a> |
<a href="krb5_rd_error.html" title="krb5_rd_error - Decode a KRB-ERROR message."
accesskey="P">previous</a> |
<a href="krb5_rd_rep.html" title="krb5_rd_rep - Parse and decrypt a KRB_AP_REP message."
accesskey="N">next</a> |
<a href="../../../genindex.html" title="General Index"
accesskey="I">index</a> |
<a href="../../../search.html" title="Enter search criteria"
accesskey="S">Search</a> |
<a href="mailto:krb5-bugs@mit.edu?subject=Documentation__krb5_rd_priv - Process a KRB-PRIV message.">feedback</a>
</div>
</div>
</div>
<div class="content-wrapper">
<div class="content">
<div class="document">
<div class="documentwrapper">
<div class="bodywrapper">
<div class="body" role="main">
<div class="section" id="krb5-rd-priv-process-a-krb-priv-message">
<h1>krb5_rd_priv - Process a KRB-PRIV message.<a class="headerlink" href="#krb5-rd-priv-process-a-krb-priv-message" title="Permalink to this headline">¶</a></h1>
<dl class="function">
<dt id="c.krb5_rd_priv">
<a class="reference internal" href="../types/krb5_error_code.html#c.krb5_error_code" title="krb5_error_code">krb5_error_code</a> <code class="descname">krb5_rd_priv</code><span class="sig-paren">(</span><a class="reference internal" href="../types/krb5_context.html#c.krb5_context" title="krb5_context">krb5_context</a><em> context</em>, <a class="reference internal" href="../types/krb5_auth_context.html#c.krb5_auth_context" title="krb5_auth_context">krb5_auth_context</a><em> auth_context</em>, const <a class="reference internal" href="../types/krb5_data.html#c.krb5_data" title="krb5_data">krb5_data</a> *<em> inbuf</em>, <a class="reference internal" href="../types/krb5_data.html#c.krb5_data" title="krb5_data">krb5_data</a> *<em> outbuf</em>, <a class="reference internal" href="../types/krb5_replay_data.html#c.krb5_replay_data" title="krb5_replay_data">krb5_replay_data</a> *<em> outdata</em><span class="sig-paren">)</span><a class="headerlink" href="#c.krb5_rd_priv" title="Permalink to this definition">¶</a></dt>
<dd></dd></dl>
<table class="docutils field-list" frame="void" rules="none">
<col class="field-name" />
<col class="field-body" />
<tbody valign="top">
<tr class="field-odd field"><th class="field-name">param:</th><td class="field-body"><p class="first"><strong>[in]</strong> <strong>context</strong> - Library context</p>
<p><strong>[in]</strong> <strong>auth_context</strong> - Authentication structure</p>
<p><strong>[in]</strong> <strong>inbuf</strong> - <strong>KRB-PRIV</strong> message to be parsed</p>
<p><strong>[out]</strong> <strong>outbuf</strong> - Data parsed from <strong>KRB-PRIV</strong> message</p>
<p class="last"><strong>[out]</strong> <strong>outdata</strong> - Replay data. Specify NULL if not needed</p>
</td>
</tr>
</tbody>
</table>
<table class="docutils field-list" frame="void" rules="none">
<col class="field-name" />
<col class="field-body" />
<tbody valign="top">
<tr class="field-odd field"><th class="field-name">retval:</th><td class="field-body"><ul class="first last simple">
<li>0 Success; otherwise - Kerberos error codes</li>
</ul>
</td>
</tr>
</tbody>
</table>
<p>This function parses a <strong>KRB-PRIV</strong> message, verifies its integrity, and stores its unencrypted data into <em>outbuf</em> .</p>
<p>If the <a class="reference internal" href="../macros/KRB5_AUTH_CONTEXT_DO_SEQUENCE.html#KRB5_AUTH_CONTEXT_DO_SEQUENCE" title="KRB5_AUTH_CONTEXT_DO_SEQUENCE"><code class="xref py py-data docutils literal"><span class="pre">KRB5_AUTH_CONTEXT_DO_SEQUENCE</span></code></a> flag is set in <em>auth_context</em> , the sequence number of the KRB-SAFE message is checked against the remote sequence number field of <em>auth_context</em> . Otherwise, the sequence number is not used.</p>
<p>If the <a class="reference internal" href="../macros/KRB5_AUTH_CONTEXT_DO_TIME.html#KRB5_AUTH_CONTEXT_DO_TIME" title="KRB5_AUTH_CONTEXT_DO_TIME"><code class="xref py py-data docutils literal"><span class="pre">KRB5_AUTH_CONTEXT_DO_TIME</span></code></a> flag is set in <em>auth_context</em> , then two additional checks are performed:</p>
<blockquote>
<div><ul class="simple">
<li>The timestamp in the message must be within the permitted clock skew (which is usually five minutes).</li>
<li>The message must not be a replayed message field in <em>auth_context</em> .</li>
</ul>
</div></blockquote>
<div class="admonition note">
<p class="first admonition-title">Note</p>
<p class="last">If the <a class="reference internal" href="../macros/KRB5_AUTH_CONTEXT_RET_TIME.html#KRB5_AUTH_CONTEXT_RET_TIME" title="KRB5_AUTH_CONTEXT_RET_TIME"><code class="xref py py-data docutils literal"><span class="pre">KRB5_AUTH_CONTEXT_RET_TIME</span></code></a> or <a class="reference internal" href="../macros/KRB5_AUTH_CONTEXT_RET_SEQUENCE.html#KRB5_AUTH_CONTEXT_RET_SEQUENCE" title="KRB5_AUTH_CONTEXT_RET_SEQUENCE"><code class="xref py py-data docutils literal"><span class="pre">KRB5_AUTH_CONTEXT_RET_SEQUENCE</span></code></a> flag is set in <em>auth_context</em> , <em>outdata</em> is required.</p>
</div>
</div>
</div>
</div>
</div>
</div>
<div class="sidebar">
<h2>On this page</h2>
<ul>
<li><a class="reference internal" href="#">krb5_rd_priv - Process a KRB-PRIV message.</a></li>
</ul>
<br/>
<h2>Table of contents</h2>
<ul class="current">
<li class="toctree-l1"><a class="reference internal" href="../../../user/index.html">For users</a></li>
<li class="toctree-l1"><a class="reference internal" href="../../../admin/index.html">For administrators</a></li>
<li class="toctree-l1 current"><a class="reference internal" href="../../index.html">For application developers</a><ul class="current">
<li class="toctree-l2"><a class="reference internal" href="../../gssapi.html">Developing with GSSAPI</a></li>
<li class="toctree-l2"><a class="reference internal" href="../../y2038.html">Year 2038 considerations for uses of krb5_timestamp</a></li>
<li class="toctree-l2"><a class="reference internal" href="../../h5l_mit_apidiff.html">Differences between Heimdal and MIT Kerberos API</a></li>
<li class="toctree-l2"><a class="reference internal" href="../../init_creds.html">Initial credentials</a></li>
<li class="toctree-l2"><a class="reference internal" href="../../princ_handle.html">Principal manipulation and parsing</a></li>
<li class="toctree-l2 current"><a class="reference internal" href="../index.html">Complete reference - API and datatypes</a><ul class="current">
<li class="toctree-l3 current"><a class="reference internal" href="index.html">krb5 API</a></li>
<li class="toctree-l3"><a class="reference internal" href="../types/index.html">krb5 types and structures</a></li>
<li class="toctree-l3"><a class="reference internal" href="../macros/index.html">krb5 simple macros</a></li>
</ul>
</li>
</ul>
</li>
<li class="toctree-l1"><a class="reference internal" href="../../../plugindev/index.html">For plugin module developers</a></li>
<li class="toctree-l1"><a class="reference internal" href="../../../build/index.html">Building Kerberos V5</a></li>
<li class="toctree-l1"><a class="reference internal" href="../../../basic/index.html">Kerberos V5 concepts</a></li>
<li class="toctree-l1"><a class="reference internal" href="../../../formats/index.html">Protocols and file formats</a></li>
<li class="toctree-l1"><a class="reference internal" href="../../../mitK5features.html">MIT Kerberos features</a></li>
<li class="toctree-l1"><a class="reference internal" href="../../../build_this.html">How to build this documentation from the source</a></li>
<li class="toctree-l1"><a class="reference internal" href="../../../about.html">Contributing to the MIT Kerberos Documentation</a></li>
<li class="toctree-l1"><a class="reference internal" href="../../../resources.html">Resources</a></li>
</ul>
<br/>
<h4><a href="../../../index.html">Full Table of Contents</a></h4>
<h4>Search</h4>
<form class="search" action="../../../search.html" method="get">
<input type="text" name="q" size="18" />
<input type="submit" value="Go" />
<input type="hidden" name="check_keywords" value="yes" />
<input type="hidden" name="area" value="default" />
</form>
</div>
<div class="clearer"></div>
</div>
</div>
<div class="footer-wrapper">
<div class="footer" >
<div class="right" ><i>Release: 1.17</i><br />
© <a href="../../../copyright.html">Copyright</a> 1985-2019, MIT.
</div>
<div class="left">
<a href="../../../index.html" title="Full Table of Contents"
>Contents</a> |
<a href="krb5_rd_error.html" title="krb5_rd_error - Decode a KRB-ERROR message."
>previous</a> |
<a href="krb5_rd_rep.html" title="krb5_rd_rep - Parse and decrypt a KRB_AP_REP message."
>next</a> |
<a href="../../../genindex.html" title="General Index"
>index</a> |
<a href="../../../search.html" title="Enter search criteria"
>Search</a> |
<a href="mailto:krb5-bugs@mit.edu?subject=Documentation__krb5_rd_priv - Process a KRB-PRIV message.">feedback</a>
</div>
</div>
</div>
</body>
</html>
|
