1krb5_rd_safe - Process KRB-SAFE message. 2========================================== 3 4.. 5 6.. c:function:: krb5_error_code krb5_rd_safe(krb5_context context, krb5_auth_context auth_context, const krb5_data * inbuf, krb5_data * userdata_out, krb5_replay_data * rdata_out) 7 8.. 9 10 11:param: 12 13 **[in]** **context** - Library context 14 15 **[in]** **auth_context** - Authentication context 16 17 **[in]** **inbuf** - **KRB-SAFE** message to be parsed 18 19 **[out]** **userdata_out** - Data parsed from **KRB-SAFE** message 20 21 **[out]** **rdata_out** - Replay data. Specify NULL if not needed 22 23 24.. 25 26 27:retval: 28 - 0 Success; otherwise - Kerberos error codes 29 30 31.. 32 33 34 35 36 37 38 39This function parses a **KRB-SAFE** message, verifies its integrity, and stores its data into *userdata_out* . 40 41 42 43If *auth_context* has a remote address set, the address will be used to verify the sender address in the KRB-SAFE message. If *auth_context* has a local address set, it will be used to verify the receiver address in the KRB-SAFE message if the message contains one. 44 45 46 47If the #KRB5_AUTH_CONTEXT_DO_SEQUENCE flag is set in *auth_context* , the sequence number of the KRB-SAFE message is checked against the remote sequence number field of *auth_context* . Otherwise, the sequence number is not used. 48 49 50 51If the #KRB5_AUTH_CONTEXT_DO_TIME flag is set in *auth_context* , then the timestamp in the message is verified to be within the permitted clock skew of the current time, and the message is checked against an in-memory replay cache to detect reflections or replays. 52 53 54 55Use krb5_free_data_contents() to free *userdata_out* when it is no longer needed. 56 57 58 59 60 61 62 63 64 65 66.. 67 68 69 70 71 72 73.. note:: 74 75 The *rdata_out* argument is required if the #KRB5_AUTH_CONTEXT_RET_TIME or #KRB5_AUTH_CONTEXT_RET_SEQUENCE flag is set in *auth_context* . 76 77 78 79 80