This routine parses a KRB_SAFE message from inbuf,
placing the data in outbuf after verifying
The keyblock used for verifying the integrity of the message
is taken from the auth_context local_subkey, remote_subkey,
or keyblock. The keyblock is chosen in
the preceding order by the first one that is not NULL.
The remote_addr and localaddr portions
of the *auth_context specify the full addresses
(host and port) of the sender and receiver, and must be of type
The remote_addr argument is mandatory;
it specifies the address of the sender. If the address of the sender in
the message does not match remote_addr,
the error KRB5KRB_AP_ERR_BADADDR will be returned.
If local_addr is nonNULL, then the
address of the receiver in the message much match it. If it is
NULL, the receiver address in the message will be checked against
the list of local addresses as returned by krb5_os_localaddr.
If the check fails, KRB5KRB_AP_ERR_BADARRD is returned.
The outbuf buffer storage (outbuf->data) is
allocated storage which the caller should free when it is no longer
If auth_context_flags portion of auth_context indicates
that sequence numbers are to be used (if KRB5_AUTH_CONTEXT_DOSEQUENCE
is set in it), the remote_seq_number portion
of auth_context is compared to the sequence
number for the message, and KRB5_KRB_AP_ERR_BADORDER is returned
if it does not match. Otherwise, the sequence number is not used.
If timestamps are to be used (if KRB5_AUTH_CONTEXT_DO_TIME
is set in auth_context), then two additional
checks are performed:
timestamp in the message must be within the permitted clock skew
(which is usually five minutes), or KRB5KRB_AP_ERR_SKEW is returned.
The message must not be a
replayed message, according to rcache.