diff options
Diffstat (limited to 'doc/html/appdev/refs/api/krb5_rd_req.html')
| -rw-r--r-- | doc/html/appdev/refs/api/krb5_rd_req.html | 193 |
1 files changed, 193 insertions, 0 deletions
diff --git a/doc/html/appdev/refs/api/krb5_rd_req.html b/doc/html/appdev/refs/api/krb5_rd_req.html new file mode 100644 index 000000000000..906727ad5313 --- /dev/null +++ b/doc/html/appdev/refs/api/krb5_rd_req.html @@ -0,0 +1,193 @@ +<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" + "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> + + +<html xmlns="http://www.w3.org/1999/xhtml"> + <head> + <meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> + + <title>krb5_rd_req - Parse and decrypt a KRB_AP_REQ message. — MIT Kerberos Documentation</title> + + <link rel="stylesheet" href="../../../_static/agogo.css" type="text/css" /> + <link rel="stylesheet" href="../../../_static/pygments.css" type="text/css" /> + <link rel="stylesheet" href="../../../_static/kerb.css" type="text/css" /> + + <script type="text/javascript"> + var DOCUMENTATION_OPTIONS = { + URL_ROOT: '../../../', + VERSION: '1.15.1', + COLLAPSE_INDEX: false, + FILE_SUFFIX: '.html', + HAS_SOURCE: true + }; + </script> + <script type="text/javascript" src="../../../_static/jquery.js"></script> + <script type="text/javascript" src="../../../_static/underscore.js"></script> + <script type="text/javascript" src="../../../_static/doctools.js"></script> + <link rel="author" title="About these documents" href="../../../about.html" /> + <link rel="copyright" title="Copyright" href="../../../copyright.html" /> + <link rel="top" title="MIT Kerberos Documentation" href="../../../index.html" /> + <link rel="up" title="krb5 API" href="index.html" /> + <link rel="next" title="krb5_rd_safe - Process KRB-SAFE message." href="krb5_rd_safe.html" /> + <link rel="prev" title="krb5_rd_rep_dce - Parse and decrypt a KRB_AP_REP message for DCE RPC." href="krb5_rd_rep_dce.html" /> + </head> + <body> + <div class="header-wrapper"> + <div class="header"> + + + <h1><a href="../../../index.html">MIT Kerberos Documentation</a></h1> + + <div class="rel"> + + <a href="../../../index.html" title="Full Table of Contents" + accesskey="C">Contents</a> | + <a href="krb5_rd_rep_dce.html" title="krb5_rd_rep_dce - Parse and decrypt a KRB_AP_REP message for DCE RPC." + accesskey="P">previous</a> | + <a href="krb5_rd_safe.html" title="krb5_rd_safe - Process KRB-SAFE message." + accesskey="N">next</a> | + <a href="../../../genindex.html" title="General Index" + accesskey="I">index</a> | + <a href="../../../search.html" title="Enter search criteria" + accesskey="S">Search</a> | + <a href="mailto:krb5-bugs@mit.edu?subject=Documentation__krb5_rd_req - Parse and decrypt a KRB_AP_REQ message.">feedback</a> + </div> + </div> + </div> + + <div class="content-wrapper"> + <div class="content"> + <div class="document"> + + <div class="documentwrapper"> + <div class="bodywrapper"> + <div class="body"> + + <div class="section" id="krb5-rd-req-parse-and-decrypt-a-krb-ap-req-message"> +<h1>krb5_rd_req - Parse and decrypt a KRB_AP_REQ message.<a class="headerlink" href="#krb5-rd-req-parse-and-decrypt-a-krb-ap-req-message" title="Permalink to this headline">¶</a></h1> +<dl class="function"> +<dt id="c.krb5_rd_req"> +<a class="reference internal" href="../types/krb5_error_code.html#c.krb5_error_code" title="krb5_error_code">krb5_error_code</a> <tt class="descname">krb5_rd_req</tt><big>(</big><a class="reference internal" href="../types/krb5_context.html#c.krb5_context" title="krb5_context">krb5_context</a><em> context</em>, <a class="reference internal" href="../types/krb5_auth_context.html#c.krb5_auth_context" title="krb5_auth_context">krb5_auth_context</a> *<em> auth_context</em>, const <a class="reference internal" href="../types/krb5_data.html#c.krb5_data" title="krb5_data">krb5_data</a> *<em> inbuf</em>, <a class="reference internal" href="../types/krb5_const_principal.html#c.krb5_const_principal" title="krb5_const_principal">krb5_const_principal</a><em> server</em>, <a class="reference internal" href="../types/krb5_keytab.html#c.krb5_keytab" title="krb5_keytab">krb5_keytab</a><em> keytab</em>, <a class="reference internal" href="../types/krb5_flags.html#c.krb5_flags" title="krb5_flags">krb5_flags</a> *<em> ap_req_options</em>, <a class="reference internal" href="../types/krb5_ticket.html#c.krb5_ticket" title="krb5_ticket">krb5_ticket</a> **<em> ticket</em><big>)</big><a class="headerlink" href="#c.krb5_rd_req" title="Permalink to this definition">¶</a></dt> +<dd></dd></dl> + +<table class="docutils field-list" frame="void" rules="none"> +<col class="field-name" /> +<col class="field-body" /> +<tbody valign="top"> +<tr class="field-odd field"><th class="field-name">param:</th><td class="field-body"><p class="first"><strong>[in]</strong> <strong>context</strong> - Library context</p> +<p><strong>[inout]</strong> <strong>auth_context</strong> - Pre-existing or newly created auth context</p> +<p><strong>[in]</strong> <strong>inbuf</strong> - AP-REQ message to be parsed</p> +<p><strong>[in]</strong> <strong>server</strong> - Matching principal for server, or NULL to allow any principal in keytab</p> +<p><strong>[in]</strong> <strong>keytab</strong> - Key table, or NULL to use the default</p> +<p><strong>[out]</strong> <strong>ap_req_options</strong> - If non-null, the AP-REQ flags on output</p> +<p class="last"><strong>[out]</strong> <strong>ticket</strong> - If non-null, ticket from the AP-REQ message</p> +</td> +</tr> +</tbody> +</table> +<table class="docutils field-list" frame="void" rules="none"> +<col class="field-name" /> +<col class="field-body" /> +<tbody valign="top"> +<tr class="field-odd field"><th class="field-name">retval:</th><td class="field-body"><ul class="first last simple"> +<li>0 Success; otherwise - Kerberos error codes</li> +</ul> +</td> +</tr> +</tbody> +</table> +<p>This function parses, decrypts and verifies a AP-REQ message from <em>inbuf</em> and stores the authenticator in <em>auth_context</em> .</p> +<p>If a keyblock was specified in <em>auth_context</em> using <a class="reference internal" href="krb5_auth_con_setuseruserkey.html#c.krb5_auth_con_setuseruserkey" title="krb5_auth_con_setuseruserkey"><tt class="xref c c-func docutils literal"><span class="pre">krb5_auth_con_setuseruserkey()</span></tt></a> , that key is used to decrypt the ticket in AP-REQ message and <em>keytab</em> is ignored. In this case, <em>server</em> should be specified as a complete principal name to allow for proper transited-path checking and replay cache selection.</p> +<p>Otherwise, the decryption key is obtained from <em>keytab</em> , or from the default keytab if it is NULL. In this case, <em>server</em> may be a complete principal name, a matching principal (see <a class="reference internal" href="krb5_sname_match.html#c.krb5_sname_match" title="krb5_sname_match"><tt class="xref c c-func docutils literal"><span class="pre">krb5_sname_match()</span></tt></a> ), or NULL to match any principal name. The keys tried against the encrypted part of the ticket are determined as follows:</p> +<blockquote> +<div><ul class="simple"> +<li>If <em>server</em> is a complete principal name, then its entry in <em>keytab</em> is tried.</li> +<li>Otherwise, if <em>keytab</em> is iterable, then all entries in <em>keytab</em> which match <em>server</em> are tried.</li> +<li>Otherwise, the server principal in the ticket must match <em>server</em> , and its entry in <em>keytab</em> is tried.</li> +</ul> +</div></blockquote> +<p>The client specified in the decrypted authenticator must match the client specified in the decrypted ticket.</p> +<p>If the <em>remote_addr</em> field of <em>auth_context</em> is set, the request must come from that address.</p> +<p>If a replay cache handle is provided in the <em>auth_context</em> , the authenticator and ticket are verified against it. If no conflict is found, the new authenticator is then stored in the replay cache of <em>auth_context</em> .</p> +<p>Various other checks are performed on the decoded data, including cross-realm policy, clockskew, and ticket validation times.</p> +<p>On success the authenticator, subkey, and remote sequence number of the request are stored in <em>auth_context</em> . If the <a class="reference internal" href="../macros/AP_OPTS_MUTUAL_REQUIRED.html#AP_OPTS_MUTUAL_REQUIRED" title="AP_OPTS_MUTUAL_REQUIRED"><tt class="xref py py-data docutils literal"><span class="pre">AP_OPTS_MUTUAL_REQUIRED</span></tt></a> bit is set, the local sequence number is XORed with the remote sequence number in the request.</p> +<p>Use <a class="reference internal" href="krb5_free_ticket.html#c.krb5_free_ticket" title="krb5_free_ticket"><tt class="xref c c-func docutils literal"><span class="pre">krb5_free_ticket()</span></tt></a> to free <em>ticket</em> when it is no longer needed.</p> +</div> + + + </div> + </div> + </div> + </div> + <div class="sidebar"> + <h2>On this page</h2> + <ul> +<li><a class="reference internal" href="#">krb5_rd_req - Parse and decrypt a KRB_AP_REQ message.</a></li> +</ul> + + <br/> + <h2>Table of contents</h2> + <ul class="current"> +<li class="toctree-l1"><a class="reference internal" href="../../../user/index.html">For users</a></li> +<li class="toctree-l1"><a class="reference internal" href="../../../admin/index.html">For administrators</a></li> +<li class="toctree-l1 current"><a class="reference internal" href="../../index.html">For application developers</a><ul class="current"> +<li class="toctree-l2"><a class="reference internal" href="../../gssapi.html">Developing with GSSAPI</a></li> +<li class="toctree-l2"><a class="reference internal" href="../../h5l_mit_apidiff.html">Differences between Heimdal and MIT Kerberos API</a></li> +<li class="toctree-l2"><a class="reference internal" href="../../init_creds.html">Initial credentials</a></li> +<li class="toctree-l2"><a class="reference internal" href="../../princ_handle.html">Principal manipulation and parsing</a></li> +<li class="toctree-l2 current"><a class="reference internal" href="../index.html">Complete reference - API and datatypes</a><ul class="current"> +<li class="toctree-l3 current"><a class="reference internal" href="index.html">krb5 API</a></li> +<li class="toctree-l3"><a class="reference internal" href="../types/index.html">krb5 types and structures</a></li> +<li class="toctree-l3"><a class="reference internal" href="../macros/index.html">krb5 simple macros</a></li> +</ul> +</li> +</ul> +</li> +<li class="toctree-l1"><a class="reference internal" href="../../../plugindev/index.html">For plugin module developers</a></li> +<li class="toctree-l1"><a class="reference internal" href="../../../build/index.html">Building Kerberos V5</a></li> +<li class="toctree-l1"><a class="reference internal" href="../../../basic/index.html">Kerberos V5 concepts</a></li> +<li class="toctree-l1"><a class="reference internal" href="../../../formats/index.html">Protocols and file formats</a></li> +<li class="toctree-l1"><a class="reference internal" href="../../../mitK5features.html">MIT Kerberos features</a></li> +<li class="toctree-l1"><a class="reference internal" href="../../../build_this.html">How to build this documentation from the source</a></li> +<li class="toctree-l1"><a class="reference internal" href="../../../about.html">Contributing to the MIT Kerberos Documentation</a></li> +<li class="toctree-l1"><a class="reference internal" href="../../../resources.html">Resources</a></li> +</ul> + + <br/> + <h4><a href="../../../index.html">Full Table of Contents</a></h4> + <h4>Search</h4> + <form class="search" action="../../../search.html" method="get"> + <input type="text" name="q" size="18" /> + <input type="submit" value="Go" /> + <input type="hidden" name="check_keywords" value="yes" /> + <input type="hidden" name="area" value="default" /> + </form> + </div> + <div class="clearer"></div> + </div> + </div> + + <div class="footer-wrapper"> + <div class="footer" > + <div class="right" ><i>Release: 1.15.1</i><br /> + © <a href="../../../copyright.html">Copyright</a> 1985-2017, MIT. + </div> + <div class="left"> + + <a href="../../../index.html" title="Full Table of Contents" + >Contents</a> | + <a href="krb5_rd_rep_dce.html" title="krb5_rd_rep_dce - Parse and decrypt a KRB_AP_REP message for DCE RPC." + >previous</a> | + <a href="krb5_rd_safe.html" title="krb5_rd_safe - Process KRB-SAFE message." + >next</a> | + <a href="../../../genindex.html" title="General Index" + >index</a> | + <a href="../../../search.html" title="Enter search criteria" + >Search</a> | + <a href="mailto:krb5-bugs@mit.edu?subject=Documentation__krb5_rd_req - Parse and decrypt a KRB_AP_REQ message.">feedback</a> + </div> + </div> + </div> + + </body> +</html>
\ No newline at end of file |