skip book previous and next navigation links
go up to top of book: HP Open Source Security for OpenVMS Volume 3:... HP Open Source Security for OpenVMS Volume 3:...
go to beginning of chapter: KRB5 (Kerberos V5) Application Programming Interface KRB5 (Kerberos V5) Application Programming Interface
go to previous page: krb5_mk_req_extended Format a KRB_AP_REQ message with additional options krb5_mk_req_extended Format a KRB_AP_REQ message with additional...
go to next page: krb5_os_localaddr Return all protocol addresses of this hostkrb5_os_localaddr Return all protocol addresses of this host
end of book navigation links

krb5_mk_safe -- Format a KRB_SAFE message 



C Prototype 

krb5_error_code krb5_mk_safe(
         krb5_context          context,
         krb5_auth_context     *auth_context,
         const krb5_data       *userdata,
         krb5_data             *outbuf,
         krb5_replay_data      *outdata );

Arguments 

context
(input/output)		 The context structure.
auth_context (input/output)
 Authentication context. The auth_context->auth_context_flags select whether sequence numbers or timestamps should be used to identify the message. Valid flags are:

KRB5_AUTH_CONTEXT_DO_TIME -- Use timestamps and replay cache.

KRB5_AUTH_CONTEXT_RET_TIME -- Copy timestamp to *outdata.

KRB5_AUTH_CONTEXT_DO_SEQUENCE -- Use sequence numbers.

KRB5_AUTH_CONTEXT_RET_SEQUENCE -- Copy sequence numbers to *outdata.
userdata (input) The user data in the message.
outbuf (output) The formatted KRB_SAFE buffer.
outdata (input/output) Contains the sequence numbers if KRB5_AUTH_CONTEXT_RET_SEQUENCE was specified in auth_context.

Description 

This routine formats a KRB_SAFE message into outbuf.

The userdata argument is formatted as the user data in the message. Portions of auth_context specify the checksum type, the keyblock that might be used to seed the checksum, and full addresses (host and port) for the sender and receiver. The local_addr portion of *auth_context is used to form the addresses used in the KRB_SAFE message. The remote_addr is optional; if the receiver's address is not known, it may be replaced by NULL. The local_addr argument, however, is mandatory.

If timestamps are to be used (that is, if KRB5_AUTH_CONTEXT_DO_TIME is set), an entry describing the message will be entered in the replay cache so that the caller may detect if this message is sent back by an attacker. If KRB5_AUTH_CONTEXT_DO_TIME is not set, the auth_context replay cache is not used.

If sequence numbers are to be used (if either KRB5_AUTH_CONTEXT_DO_SEQUENCE or KRB5_AUTH_CONTEXT_RET_SEQUENCE is set), then auth_context local sequence number will be placed in the protected message as its sequence number.

The outbuf buffer storage (outbuf->data) is allocated, and should be freed by the caller when finished.

Return Values 

This routine returns one of the following KRB5 status codes:

0
 Successful completion.

go to previous page: krb5_mk_req_extended Format a KRB_AP_REQ message with additional options krb5_mk_req_extended Format a KRB_AP_REQ message with additional...
go to next page: krb5_os_localaddr Return all protocol addresses of this hostkrb5_os_localaddr Return all protocol addresses of this host