Imported Upstream version 1.20.1

[platform/upstream/krb5.git] / doc / html / appdev / refs / api / krb5_mk_priv.html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
  "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml">
  <head>
    <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
    <title>krb5_mk_priv - Format a KRB-PRIV message. &#8212; MIT Kerberos Documentation</title>
    <link rel="stylesheet" href="../../../_static/agogo.css" type="text/css" />
    <link rel="stylesheet" href="../../../_static/pygments.css" type="text/css" />
    <link rel="stylesheet" href="../../../_static/kerb.css" type="text/css" />
    <script type="text/javascript">
      var DOCUMENTATION_OPTIONS = {
        URL_ROOT:    '../../../',
        VERSION:     '1.20.1',
        COLLAPSE_INDEX: false,
        FILE_SUFFIX: '.html',
        HAS_SOURCE:  true,
        SOURCELINK_SUFFIX: '.txt'
      };
    </script>
    <script type="text/javascript" src="../../../_static/jquery.js"></script>
    <script type="text/javascript" src="../../../_static/underscore.js"></script>
    <script type="text/javascript" src="../../../_static/doctools.js"></script>
    <link rel="author" title="About these documents" href="../../../about.html" />
    <link rel="index" title="Index" href="../../../genindex.html" />
    <link rel="search" title="Search" href="../../../search.html" />
    <link rel="copyright" title="Copyright" href="../../../copyright.html" />
    <link rel="next" title="krb5_mk_rep - Format and encrypt a KRB_AP_REP message." href="krb5_mk_rep.html" />
    <link rel="prev" title="krb5_mk_ncred - Format a KRB-CRED message for an array of credentials." href="krb5_mk_ncred.html" /> 
  </head>
  <body>
    <div class="header-wrapper">
        <div class="header">
            
            
            <h1><a href="../../../index.html">MIT Kerberos Documentation</a></h1>
            
            <div class="rel">
                
        <a href="../../../index.html" title="Full Table of Contents"
            accesskey="C">Contents</a> |
        <a href="krb5_mk_ncred.html" title="krb5_mk_ncred - Format a KRB-CRED message for an array of credentials."
            accesskey="P">previous</a> |
        <a href="krb5_mk_rep.html" title="krb5_mk_rep - Format and encrypt a KRB_AP_REP message."
            accesskey="N">next</a> |
        <a href="../../../genindex.html" title="General Index"
            accesskey="I">index</a> |
        <a href="../../../search.html" title="Enter search criteria"
            accesskey="S">Search</a> |
    <a href="mailto:krb5-bugs@mit.edu?subject=Documentation__krb5_mk_priv -  Format a KRB-PRIV message.">feedback</a>
            </div>
        </div>
    </div>

    <div class="content-wrapper">
      <div class="content">
        <div class="document">
            
      <div class="documentwrapper">
        <div class="bodywrapper">
          <div class="body" role="main">
            
  <div class="section" id="krb5-mk-priv-format-a-krb-priv-message">
<h1>krb5_mk_priv -  Format a KRB-PRIV message.<a class="headerlink" href="#krb5-mk-priv-format-a-krb-priv-message" title="Permalink to this headline">¶</a></h1>
<dl class="function">
<dt id="c.krb5_mk_priv">
<a class="reference internal" href="../types/krb5_error_code.html#c.krb5_error_code" title="krb5_error_code">krb5_error_code</a> <code class="descname">krb5_mk_priv</code><span class="sig-paren">(</span><a class="reference internal" href="../types/krb5_context.html#c.krb5_context" title="krb5_context">krb5_context</a><em>&nbsp;context</em>, <a class="reference internal" href="../types/krb5_auth_context.html#c.krb5_auth_context" title="krb5_auth_context">krb5_auth_context</a><em>&nbsp;auth_context</em>, const <a class="reference internal" href="../types/krb5_data.html#c.krb5_data" title="krb5_data">krb5_data</a> *<em>&nbsp;userdata</em>, <a class="reference internal" href="../types/krb5_data.html#c.krb5_data" title="krb5_data">krb5_data</a> *<em>&nbsp;der_out</em>, <a class="reference internal" href="../types/krb5_replay_data.html#c.krb5_replay_data" title="krb5_replay_data">krb5_replay_data</a> *<em>&nbsp;rdata_out</em><span class="sig-paren">)</span><a class="headerlink" href="#c.krb5_mk_priv" title="Permalink to this definition">¶</a></dt>
<dd></dd></dl>

<table class="docutils field-list" frame="void" rules="none">
<col class="field-name" />
<col class="field-body" />
<tbody valign="top">
<tr class="field-odd field"><th class="field-name">param:</th><td class="field-body"><p class="first"><strong>[in]</strong> <strong>context</strong> - Library context</p>
<p><strong>[in]</strong> <strong>auth_context</strong> - Authentication context</p>
<p><strong>[in]</strong> <strong>userdata</strong> - User data for <strong>KRB-PRIV</strong> message</p>
<p><strong>[out]</strong> <strong>der_out</strong> - Formatted <strong>KRB-PRIV</strong> message</p>
<p class="last"><strong>[out]</strong> <strong>rdata_out</strong> - Replay data (NULL if not needed)</p>
</td>
</tr>
</tbody>
</table>
<table class="docutils field-list" frame="void" rules="none">
<col class="field-name" />
<col class="field-body" />
<tbody valign="top">
<tr class="field-odd field"><th class="field-name">retval:</th><td class="field-body"><ul class="first last simple">
<li>0   Success; otherwise - Kerberos error codes</li>
</ul>
</td>
</tr>
</tbody>
</table>
<p>This function is similar to <a class="reference internal" href="krb5_mk_safe.html#c.krb5_mk_safe" title="krb5_mk_safe"><code class="xref c c-func docutils literal"><span class="pre">krb5_mk_safe()</span></code></a> , but the message is encrypted and integrity-protected, not just integrity-protected.</p>
<p>The local address in <em>auth_context</em> must be set, and is used to form the sender address used in the KRB-PRIV message. The remote address is optional; if specified, it will be used to form the receiver address used in the message.</p>
<p>If the <a class="reference internal" href="../macros/KRB5_AUTH_CONTEXT_DO_TIME.html#KRB5_AUTH_CONTEXT_DO_TIME" title="KRB5_AUTH_CONTEXT_DO_TIME"><code class="xref py py-data docutils literal"><span class="pre">KRB5_AUTH_CONTEXT_DO_TIME</span></code></a> flag is set in <em>auth_context</em> , a timestamp is included in the KRB-PRIV message, and an entry for the message is entered in an in-memory replay cache to detect if the message is reflected by an attacker. If <a class="reference internal" href="../macros/KRB5_AUTH_CONTEXT_DO_TIME.html#KRB5_AUTH_CONTEXT_DO_TIME" title="KRB5_AUTH_CONTEXT_DO_TIME"><code class="xref py py-data docutils literal"><span class="pre">KRB5_AUTH_CONTEXT_DO_TIME</span></code></a> is not set, no replay cache is used. If <a class="reference internal" href="../macros/KRB5_AUTH_CONTEXT_RET_TIME.html#KRB5_AUTH_CONTEXT_RET_TIME" title="KRB5_AUTH_CONTEXT_RET_TIME"><code class="xref py py-data docutils literal"><span class="pre">KRB5_AUTH_CONTEXT_RET_TIME</span></code></a> is set in <em>auth_context</em> , a timestamp is included in the KRB-PRIV message and is stored in <em>rdata_out</em> .</p>
<p>If either <a class="reference internal" href="../macros/KRB5_AUTH_CONTEXT_DO_SEQUENCE.html#KRB5_AUTH_CONTEXT_DO_SEQUENCE" title="KRB5_AUTH_CONTEXT_DO_SEQUENCE"><code class="xref py py-data docutils literal"><span class="pre">KRB5_AUTH_CONTEXT_DO_SEQUENCE</span></code></a> or <a class="reference internal" href="../macros/KRB5_AUTH_CONTEXT_RET_SEQUENCE.html#KRB5_AUTH_CONTEXT_RET_SEQUENCE" title="KRB5_AUTH_CONTEXT_RET_SEQUENCE"><code class="xref py py-data docutils literal"><span class="pre">KRB5_AUTH_CONTEXT_RET_SEQUENCE</span></code></a> is set, the <em>auth_context</em> local sequence number is included in the KRB-PRIV message and then incremented. If <a class="reference internal" href="../macros/KRB5_AUTH_CONTEXT_RET_SEQUENCE.html#KRB5_AUTH_CONTEXT_RET_SEQUENCE" title="KRB5_AUTH_CONTEXT_RET_SEQUENCE"><code class="xref py py-data docutils literal"><span class="pre">KRB5_AUTH_CONTEXT_RET_SEQUENCE</span></code></a> is set, the sequence number used is stored in <em>rdata_out</em> .</p>
<p>Use <a class="reference internal" href="krb5_free_data_contents.html#c.krb5_free_data_contents" title="krb5_free_data_contents"><code class="xref c c-func docutils literal"><span class="pre">krb5_free_data_contents()</span></code></a> to free <em>der_out</em> when it is no longer needed.</p>
<div class="admonition note">
<p class="first admonition-title">Note</p>
<p class="last">The <em>rdata_out</em> argument is required if the <a class="reference internal" href="../macros/KRB5_AUTH_CONTEXT_RET_TIME.html#KRB5_AUTH_CONTEXT_RET_TIME" title="KRB5_AUTH_CONTEXT_RET_TIME"><code class="xref py py-data docutils literal"><span class="pre">KRB5_AUTH_CONTEXT_RET_TIME</span></code></a> or <a class="reference internal" href="../macros/KRB5_AUTH_CONTEXT_RET_SEQUENCE.html#KRB5_AUTH_CONTEXT_RET_SEQUENCE" title="KRB5_AUTH_CONTEXT_RET_SEQUENCE"><code class="xref py py-data docutils literal"><span class="pre">KRB5_AUTH_CONTEXT_RET_SEQUENCE</span></code></a> flag is set in <em>auth_context</em> .</p>
</div>
</div>


          </div>
        </div>
      </div>
        </div>
        <div class="sidebar">
    <h2>On this page</h2>
    <ul>
<li><a class="reference internal" href="#">krb5_mk_priv -  Format a KRB-PRIV message.</a></li>
</ul>

    <br/>
    <h2>Table of contents</h2>
    <ul class="current">
<li class="toctree-l1"><a class="reference internal" href="../../../user/index.html">For users</a></li>
<li class="toctree-l1"><a class="reference internal" href="../../../admin/index.html">For administrators</a></li>
<li class="toctree-l1 current"><a class="reference internal" href="../../index.html">For application developers</a><ul class="current">
<li class="toctree-l2"><a class="reference internal" href="../../gssapi.html">Developing with GSSAPI</a></li>
<li class="toctree-l2"><a class="reference internal" href="../../y2038.html">Year 2038 considerations for uses of krb5_timestamp</a></li>
<li class="toctree-l2"><a class="reference internal" href="../../h5l_mit_apidiff.html">Differences between Heimdal and MIT Kerberos API</a></li>
<li class="toctree-l2"><a class="reference internal" href="../../init_creds.html">Initial credentials</a></li>
<li class="toctree-l2"><a class="reference internal" href="../../princ_handle.html">Principal manipulation and parsing</a></li>
<li class="toctree-l2 current"><a class="reference internal" href="../index.html">Complete reference - API and datatypes</a><ul class="current">
<li class="toctree-l3 current"><a class="reference internal" href="index.html">krb5 API</a></li>
<li class="toctree-l3"><a class="reference internal" href="../types/index.html">krb5 types and structures</a></li>
<li class="toctree-l3"><a class="reference internal" href="../macros/index.html">krb5 simple macros</a></li>
</ul>
</li>
</ul>
</li>
<li class="toctree-l1"><a class="reference internal" href="../../../plugindev/index.html">For plugin module developers</a></li>
<li class="toctree-l1"><a class="reference internal" href="../../../build/index.html">Building Kerberos V5</a></li>
<li class="toctree-l1"><a class="reference internal" href="../../../basic/index.html">Kerberos V5 concepts</a></li>
<li class="toctree-l1"><a class="reference internal" href="../../../formats/index.html">Protocols and file formats</a></li>
<li class="toctree-l1"><a class="reference internal" href="../../../mitK5features.html">MIT Kerberos features</a></li>
<li class="toctree-l1"><a class="reference internal" href="../../../build_this.html">How to build this documentation from the source</a></li>
<li class="toctree-l1"><a class="reference internal" href="../../../about.html">Contributing to the MIT Kerberos Documentation</a></li>
<li class="toctree-l1"><a class="reference internal" href="../../../resources.html">Resources</a></li>
</ul>

    <br/>
    <h4><a href="../../../index.html">Full Table of Contents</a></h4>
    <h4>Search</h4>
    <form class="search" action="../../../search.html" method="get">
      <input type="text" name="q" size="18" />
      <input type="submit" value="Go" />
      <input type="hidden" name="check_keywords" value="yes" />
      <input type="hidden" name="area" value="default" />
    </form>
        </div>
        <div class="clearer"></div>
      </div>
    </div>

    <div class="footer-wrapper">
        <div class="footer" >
            <div class="right" ><i>Release: 1.20.1</i><br />
                &copy; <a href="../../../copyright.html">Copyright</a> 1985-2022, MIT.
            </div>
            <div class="left">
                
        <a href="../../../index.html" title="Full Table of Contents"
            >Contents</a> |
        <a href="krb5_mk_ncred.html" title="krb5_mk_ncred - Format a KRB-CRED message for an array of credentials."
            >previous</a> |
        <a href="krb5_mk_rep.html" title="krb5_mk_rep - Format and encrypt a KRB_AP_REP message."
            >next</a> |
        <a href="../../../genindex.html" title="General Index"
            >index</a> |
        <a href="../../../search.html" title="Enter search criteria"
            >Search</a> |
    <a href="mailto:krb5-bugs@mit.edu?subject=Documentation__krb5_mk_priv -  Format a KRB-PRIV message.">feedback</a>
            </div>
        </div>
    </div>

  </body>
</html>