krb5_rd_safe - Process KRB-SAFE message.¶
-
krb5_error_code
krb5_rd_safe
(krb5_context context, krb5_auth_context auth_context, const krb5_data *inbuf, krb5_data *outbuf, krb5_replay_data *outdata)¶
- param
[in] context - Library context
[in] auth_context - Authentication context
[in] inbuf - KRB-SAFE message to be parsed
[out] outbuf - Data parsed from KRB-SAFE message
[out] outdata - Replay data. Specify NULL if not needed
- retval
0 Success; otherwise - Kerberos error codes
This function parses a KRB-SAFE message, verifies its integrity, and stores its data into outbuf .
If the KRB5_AUTH_CONTEXT_DO_SEQUENCE
flag is set in auth_context , the sequence number of the KRB-SAFE message is checked against the remote sequence number field of auth_context . Otherwise, the sequence number is not used.
If the KRB5_AUTH_CONTEXT_DO_TIME
flag is set in auth_context , then two additional checks are performed:
The timestamp in the message must be within the permitted clock skew (which is usually five minutes).
The message must not be a replayed message field in auth_context .
Use
krb5_free_data_contents()
to free outbuf when it is no longer needed.
Note
The outdata argument is required if KRB5_AUTH_CONTEXT_RET_TIME
or KRB5_AUTH_CONTEXT_RET_SEQUENCE
flag is set in the auth_context .