diff options
Diffstat (limited to 'doc/html/appdev/refs/api/krb5_mk_priv.html')
| -rw-r--r-- | doc/html/appdev/refs/api/krb5_mk_priv.html | 46 |
1 files changed, 19 insertions, 27 deletions
diff --git a/doc/html/appdev/refs/api/krb5_mk_priv.html b/doc/html/appdev/refs/api/krb5_mk_priv.html index 43b7cb7fdb6e..cb145c7a9885 100644 --- a/doc/html/appdev/refs/api/krb5_mk_priv.html +++ b/doc/html/appdev/refs/api/krb5_mk_priv.html @@ -1,33 +1,31 @@ + <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> - <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> - - <title>krb5_mk_priv - Format a KRB-PRIV message. — MIT Kerberos Documentation</title> - + <title>krb5_mk_priv - Format a KRB-PRIV message. — MIT Kerberos Documentation</title> <link rel="stylesheet" href="../../../_static/agogo.css" type="text/css" /> <link rel="stylesheet" href="../../../_static/pygments.css" type="text/css" /> <link rel="stylesheet" href="../../../_static/kerb.css" type="text/css" /> - <script type="text/javascript"> var DOCUMENTATION_OPTIONS = { URL_ROOT: '../../../', - VERSION: '1.16', + VERSION: '1.21.1', COLLAPSE_INDEX: false, FILE_SUFFIX: '.html', - HAS_SOURCE: true + HAS_SOURCE: true, + SOURCELINK_SUFFIX: '.txt' }; </script> <script type="text/javascript" src="../../../_static/jquery.js"></script> <script type="text/javascript" src="../../../_static/underscore.js"></script> <script type="text/javascript" src="../../../_static/doctools.js"></script> <link rel="author" title="About these documents" href="../../../about.html" /> + <link rel="index" title="Index" href="../../../genindex.html" /> + <link rel="search" title="Search" href="../../../search.html" /> <link rel="copyright" title="Copyright" href="../../../copyright.html" /> - <link rel="top" title="MIT Kerberos Documentation" href="../../../index.html" /> - <link rel="up" title="krb5 API" href="index.html" /> <link rel="next" title="krb5_mk_rep - Format and encrypt a KRB_AP_REP message." href="krb5_mk_rep.html" /> <link rel="prev" title="krb5_mk_ncred - Format a KRB-CRED message for an array of credentials." href="krb5_mk_ncred.html" /> </head> @@ -61,13 +59,13 @@ <div class="documentwrapper"> <div class="bodywrapper"> - <div class="body"> + <div class="body" role="main"> <div class="section" id="krb5-mk-priv-format-a-krb-priv-message"> <h1>krb5_mk_priv - Format a KRB-PRIV message.<a class="headerlink" href="#krb5-mk-priv-format-a-krb-priv-message" title="Permalink to this headline">¶</a></h1> <dl class="function"> <dt id="c.krb5_mk_priv"> -<a class="reference internal" href="../types/krb5_error_code.html#c.krb5_error_code" title="krb5_error_code">krb5_error_code</a> <tt class="descname">krb5_mk_priv</tt><big>(</big><a class="reference internal" href="../types/krb5_context.html#c.krb5_context" title="krb5_context">krb5_context</a><em> context</em>, <a class="reference internal" href="../types/krb5_auth_context.html#c.krb5_auth_context" title="krb5_auth_context">krb5_auth_context</a><em> auth_context</em>, const <a class="reference internal" href="../types/krb5_data.html#c.krb5_data" title="krb5_data">krb5_data</a> *<em> userdata</em>, <a class="reference internal" href="../types/krb5_data.html#c.krb5_data" title="krb5_data">krb5_data</a> *<em> outbuf</em>, <a class="reference internal" href="../types/krb5_replay_data.html#c.krb5_replay_data" title="krb5_replay_data">krb5_replay_data</a> *<em> outdata</em><big>)</big><a class="headerlink" href="#c.krb5_mk_priv" title="Permalink to this definition">¶</a></dt> +<a class="reference internal" href="../types/krb5_error_code.html#c.krb5_error_code" title="krb5_error_code">krb5_error_code</a> <code class="descname">krb5_mk_priv</code><span class="sig-paren">(</span><a class="reference internal" href="../types/krb5_context.html#c.krb5_context" title="krb5_context">krb5_context</a><em> context</em>, <a class="reference internal" href="../types/krb5_auth_context.html#c.krb5_auth_context" title="krb5_auth_context">krb5_auth_context</a><em> auth_context</em>, const <a class="reference internal" href="../types/krb5_data.html#c.krb5_data" title="krb5_data">krb5_data</a> *<em> userdata</em>, <a class="reference internal" href="../types/krb5_data.html#c.krb5_data" title="krb5_data">krb5_data</a> *<em> der_out</em>, <a class="reference internal" href="../types/krb5_replay_data.html#c.krb5_replay_data" title="krb5_replay_data">krb5_replay_data</a> *<em> rdata_out</em><span class="sig-paren">)</span><a class="headerlink" href="#c.krb5_mk_priv" title="Permalink to this definition">¶</a></dt> <dd></dd></dl> <table class="docutils field-list" frame="void" rules="none"> @@ -77,8 +75,8 @@ <tr class="field-odd field"><th class="field-name">param:</th><td class="field-body"><p class="first"><strong>[in]</strong> <strong>context</strong> - Library context</p> <p><strong>[in]</strong> <strong>auth_context</strong> - Authentication context</p> <p><strong>[in]</strong> <strong>userdata</strong> - User data for <strong>KRB-PRIV</strong> message</p> -<p><strong>[out]</strong> <strong>outbuf</strong> - Formatted <strong>KRB-PRIV</strong> message</p> -<p class="last"><strong>[out]</strong> <strong>outdata</strong> - Replay cache handle (NULL if not needed)</p> +<p><strong>[out]</strong> <strong>der_out</strong> - Formatted <strong>KRB-PRIV</strong> message</p> +<p class="last"><strong>[out]</strong> <strong>rdata_out</strong> - Replay data (NULL if not needed)</p> </td> </tr> </tbody> @@ -94,20 +92,14 @@ </tr> </tbody> </table> -<p>This function is similar to <a class="reference internal" href="krb5_mk_safe.html#c.krb5_mk_safe" title="krb5_mk_safe"><tt class="xref c c-func docutils literal"><span class="pre">krb5_mk_safe()</span></tt></a> , but the message is encrypted and integrity-protected, not just integrity-protected.</p> -<p>The local address in <em>auth_context</em> must be set, and is used to form the sender address used in the KRB-SAFE message. The remote address is optional; if specified, it will be used to form the receiver address used in the message.</p> -<blockquote> -<div><ul class="simple"> -<li><a class="reference internal" href="../macros/KRB5_AUTH_CONTEXT_DO_TIME.html#KRB5_AUTH_CONTEXT_DO_TIME" title="KRB5_AUTH_CONTEXT_DO_TIME"><tt class="xref py py-data docutils literal"><span class="pre">KRB5_AUTH_CONTEXT_DO_TIME</span></tt></a> - Use timestamps in <em>outdata</em></li> -<li><a class="reference internal" href="../macros/KRB5_AUTH_CONTEXT_RET_TIME.html#KRB5_AUTH_CONTEXT_RET_TIME" title="KRB5_AUTH_CONTEXT_RET_TIME"><tt class="xref py py-data docutils literal"><span class="pre">KRB5_AUTH_CONTEXT_RET_TIME</span></tt></a> - Copy timestamp to <em>outdata</em> .</li> -<li><a class="reference internal" href="../macros/KRB5_AUTH_CONTEXT_DO_SEQUENCE.html#KRB5_AUTH_CONTEXT_DO_SEQUENCE" title="KRB5_AUTH_CONTEXT_DO_SEQUENCE"><tt class="xref py py-data docutils literal"><span class="pre">KRB5_AUTH_CONTEXT_DO_SEQUENCE</span></tt></a> - Use local sequence numbers from <em>auth_context</em> in replay cache.</li> -<li><a class="reference internal" href="../macros/KRB5_AUTH_CONTEXT_RET_SEQUENCE.html#KRB5_AUTH_CONTEXT_RET_SEQUENCE" title="KRB5_AUTH_CONTEXT_RET_SEQUENCE"><tt class="xref py py-data docutils literal"><span class="pre">KRB5_AUTH_CONTEXT_RET_SEQUENCE</span></tt></a> - Use local sequence numbers from <em>auth_context</em> as a sequence number in the encrypted message <em>outbuf</em> .</li> -</ul> -</div></blockquote> +<p>This function is similar to <a class="reference internal" href="krb5_mk_safe.html#c.krb5_mk_safe" title="krb5_mk_safe"><code class="xref c c-func docutils literal"><span class="pre">krb5_mk_safe()</span></code></a> , but the message is encrypted and integrity-protected, not just integrity-protected.</p> +<p>The local address in <em>auth_context</em> must be set, and is used to form the sender address used in the KRB-PRIV message. The remote address is optional; if specified, it will be used to form the receiver address used in the message.</p> +<p>If the <a class="reference internal" href="../macros/KRB5_AUTH_CONTEXT_DO_TIME.html#KRB5_AUTH_CONTEXT_DO_TIME" title="KRB5_AUTH_CONTEXT_DO_TIME"><code class="xref py py-data docutils literal"><span class="pre">KRB5_AUTH_CONTEXT_DO_TIME</span></code></a> flag is set in <em>auth_context</em> , a timestamp is included in the KRB-PRIV message, and an entry for the message is entered in an in-memory replay cache to detect if the message is reflected by an attacker. If <a class="reference internal" href="../macros/KRB5_AUTH_CONTEXT_DO_TIME.html#KRB5_AUTH_CONTEXT_DO_TIME" title="KRB5_AUTH_CONTEXT_DO_TIME"><code class="xref py py-data docutils literal"><span class="pre">KRB5_AUTH_CONTEXT_DO_TIME</span></code></a> is not set, no replay cache is used. If <a class="reference internal" href="../macros/KRB5_AUTH_CONTEXT_RET_TIME.html#KRB5_AUTH_CONTEXT_RET_TIME" title="KRB5_AUTH_CONTEXT_RET_TIME"><code class="xref py py-data docutils literal"><span class="pre">KRB5_AUTH_CONTEXT_RET_TIME</span></code></a> is set in <em>auth_context</em> , a timestamp is included in the KRB-PRIV message and is stored in <em>rdata_out</em> .</p> +<p>If either <a class="reference internal" href="../macros/KRB5_AUTH_CONTEXT_DO_SEQUENCE.html#KRB5_AUTH_CONTEXT_DO_SEQUENCE" title="KRB5_AUTH_CONTEXT_DO_SEQUENCE"><code class="xref py py-data docutils literal"><span class="pre">KRB5_AUTH_CONTEXT_DO_SEQUENCE</span></code></a> or <a class="reference internal" href="../macros/KRB5_AUTH_CONTEXT_RET_SEQUENCE.html#KRB5_AUTH_CONTEXT_RET_SEQUENCE" title="KRB5_AUTH_CONTEXT_RET_SEQUENCE"><code class="xref py py-data docutils literal"><span class="pre">KRB5_AUTH_CONTEXT_RET_SEQUENCE</span></code></a> is set, the <em>auth_context</em> local sequence number is included in the KRB-PRIV message and then incremented. If <a class="reference internal" href="../macros/KRB5_AUTH_CONTEXT_RET_SEQUENCE.html#KRB5_AUTH_CONTEXT_RET_SEQUENCE" title="KRB5_AUTH_CONTEXT_RET_SEQUENCE"><code class="xref py py-data docutils literal"><span class="pre">KRB5_AUTH_CONTEXT_RET_SEQUENCE</span></code></a> is set, the sequence number used is stored in <em>rdata_out</em> .</p> +<p>Use <a class="reference internal" href="krb5_free_data_contents.html#c.krb5_free_data_contents" title="krb5_free_data_contents"><code class="xref c c-func docutils literal"><span class="pre">krb5_free_data_contents()</span></code></a> to free <em>der_out</em> when it is no longer needed.</p> <div class="admonition note"> <p class="first admonition-title">Note</p> -<p>If the <a class="reference internal" href="../macros/KRB5_AUTH_CONTEXT_RET_TIME.html#KRB5_AUTH_CONTEXT_RET_TIME" title="KRB5_AUTH_CONTEXT_RET_TIME"><tt class="xref py py-data docutils literal"><span class="pre">KRB5_AUTH_CONTEXT_RET_TIME</span></tt></a> or <a class="reference internal" href="../macros/KRB5_AUTH_CONTEXT_RET_SEQUENCE.html#KRB5_AUTH_CONTEXT_RET_SEQUENCE" title="KRB5_AUTH_CONTEXT_RET_SEQUENCE"><tt class="xref py py-data docutils literal"><span class="pre">KRB5_AUTH_CONTEXT_RET_SEQUENCE</span></tt></a> flag is set in <em>auth_context</em> , the <em>outdata</em> is required.</p> -<p class="last">The flags from <em>auth_context</em> specify whether sequence numbers or timestamps will be used to identify the message. Valid values are:</p> +<p class="last">The <em>rdata_out</em> argument is required if the <a class="reference internal" href="../macros/KRB5_AUTH_CONTEXT_RET_TIME.html#KRB5_AUTH_CONTEXT_RET_TIME" title="KRB5_AUTH_CONTEXT_RET_TIME"><code class="xref py py-data docutils literal"><span class="pre">KRB5_AUTH_CONTEXT_RET_TIME</span></code></a> or <a class="reference internal" href="../macros/KRB5_AUTH_CONTEXT_RET_SEQUENCE.html#KRB5_AUTH_CONTEXT_RET_SEQUENCE" title="KRB5_AUTH_CONTEXT_RET_SEQUENCE"><code class="xref py py-data docutils literal"><span class="pre">KRB5_AUTH_CONTEXT_RET_SEQUENCE</span></code></a> flag is set in <em>auth_context</em> .</p> </div> </div> @@ -167,8 +159,8 @@ <div class="footer-wrapper"> <div class="footer" > - <div class="right" ><i>Release: 1.16</i><br /> - © <a href="../../../copyright.html">Copyright</a> 1985-2017, MIT. + <div class="right" ><i>Release: 1.21.1</i><br /> + © <a href="../../../copyright.html">Copyright</a> 1985-2023, MIT. </div> <div class="left"> |