Description |
 |
This routine parses a KRB_PRIV message from inbuf,
placing the data in *outbuf after decrypting
it. It behaves similarly to krb5_rd_safe,
but the message is decrypted rather than integrity checked.
The inbuf, auth_context, outdata and outbuf arguments
function as in krb5_rd_safe.
The remote_addr part of the auth_context as
set by krb5_auth_con_setaddrs is mandatory;
it specifies the address of the sender. If the address of the sender
in the message does not match the remote_addr,
the error KRB5KRB_AP_ERR_BADADDR will be returned.
If local_addr portion of the auth_context is
nonNULL, then the address of the receiver in the message must match
it.If it is NULL, the receiver address in the message will be checked
against the list of local addresses as returned by krb5_os_localaddr.
The keyblock portion of auth_context specifies
the key to be used for decryption of the message. If the i_vector element
is nonNULL, it is used as an initialization vector for the decryption
(if the encryption type of the message supports initialization vectors)
and its contents are replaced with the last block of encrypted data
in the message.
The auth_context flags specify whether
timestamps (KRB5_AUTH_CONTEXT_DO_TIME) and sequence numbers (KRB5_AUTH_CONTEXT_DO_SEQUENCE)
are to be used.
