This commit adds two new functions, krb5_server_decrypt_ticket_keyblock

  (private) and krb5_server_decrypt_ticket_keytab (public).  These
  functions take a krb5_ticket as input and decrypt it using the provided
  key data.  The public function is useful for higher level application
  protocols such a TLS-KRB5 and AFS RX-KRB5 which exchange a service 
  but do not use the AP-REQ/AP-REP messages.  

  This commit also adds new functionality to kvno which permits kvno 
  when provided a keytab as input to verify whether or not the keytab
  contains a key that can successfully decrypt the obtains service ticket.

ticket: 5349
tags: pullup

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19062 dc483132-0cff-0310-8789-dd5450dbe970

1 files changed, 12 insertions, 0 deletions

diff --git a/src/include/krb5/krb5.hin b/src/include/krb5/krb5.hin
index 13ab3fcfe8..d6f186c1be 100644
--- a/src/include/krb5/krb5.hin
+++ b/src/include/krb5/krb5.hin
@@ -1469,8 +1469,20 @@ krb5_error_code krb5_get_cred_from_kdc_renew
 		krb5_creds *,
 		krb5_creds **,
 		krb5_creds *** );
+
+krb5_error_code KRB5_CALLCONV
+krb5_server_decrypt_ticket_keyblock
+  	(krb5_context context,
+                const krb5_keyblock key,
+                krb5_ticket  *ticket);
 #endif
 
+krb5_error_code KRB5_CALLCONV
+krb5_server_decrypt_ticket_keytab
+  	(krb5_context context,
+                const krb5_keytab kt,
+                krb5_ticket  *ticket);
+
 void KRB5_CALLCONV krb5_free_tgt_creds
 	(krb5_context,
 	 krb5_creds **); /* XXX too hard to do with const */