HP Open Source Security for OpenVMS Volume 3: Kerberos > Chapter 6 KRB5 (Kerberos V5) Application Programming Interface

krb5_rd_priv — Parse a KRB_PRIV message

 » Table of Contents

 » Glossary

 » Index

C Prototype

krb5_error_code krb5_rd_priv(
krb5_context context,
krb5_auth_context auth_context,
const krb5_data *inbuf,
krb5_data *outbuf,
krb5_data *outdata );

Arguments

context (input/output) 

The context structure.

auth_context (input/output) 

Authentication context.

inbuf (input) 

The KRB_PRIV message to be parsed.

outbuf (output) 

The data parsed from the KRB_PRIV message.

outdata (input/output) 

Contains the sequence numbers if KRB5_AUTH_CONTEXT_RET_SEQUENCE was specified in auth_context.

Description

This routine parses a KRB_PRIV message from inbuf, placing the data in *outbuf after decrypting it. It behaves similarly to krb5_rd_safe, but the message is decrypted rather than integrity checked.

The inbuf, auth_context, outdata and outbuf arguments function as in krb5_rd_safe.

The remote_addr part of the auth_context as set by krb5_auth_con_setaddrs is mandatory; it specifies the address of the sender. If the address of the sender in the message does not match the remote_addr, the error KRB5KRB_AP_ERR_BADADDR will be returned.

If local_addr portion of the auth_context is nonNULL, then the address of the receiver in the message must match it.If it is NULL, the receiver address in the message will be checked against the list of local addresses as returned by krb5_os_localaddr.

The keyblock portion of auth_context specifies the key to be used for decryption of the message. If the i_vector element is nonNULL, it is used as an initialization vector for the decryption (if the encryption type of the message supports initialization vectors) and its contents are replaced with the last block of encrypted data in the message.

The auth_context flags specify whether timestamps (KRB5_AUTH_CONTEXT_DO_TIME) and sequence numbers (KRB5_AUTH_CONTEXT_DO_SEQUENCE) are to be used.

Return Values

This routine returns one of the following KRB5 status codes:

0Successful completion.