gss_wrap_size_limit.3gss (revision a28480febf31f0e61debac062a55216a98a05a92) - OpenGrok cross reference for /illumos-gate/usr/src/man/man3gss/gss_wrap_size_limit.3gss

te
Copyright (C) 2003, Sun Microsystems, Inc. All Rights Reserved
The contents of this file are subject to the terms of the Common Development and Distribution License (the "License"). You may not use this file except in compliance with the License.
You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE or http://www.opensolaris.org/os/licensing. See the License for the specific language governing permissions and limitations under the License.
When distributing Covered Code, include this CDDL HEADER in each file and include the License file at usr/src/OPENSOLARIS.LICENSE. If applicable, add the following below this CDDL HEADER, with the fields enclosed by brackets "[]" replaced with your own identifying information: Portions Copyright [yyyy] [name of copyright owner]

GSS_WRAP_SIZE_LIMIT 3GSS "Jan 15, 2003"

NAME

gss_wrap_size_limit - allow application to determine maximum message size with resulting output token of a specified maximum size

SYNOPSIS

cc [ flag... ] file... -lgss [ library... ]
#include <gssapi/gssapi.h>

OM_uint32 gss_process_context_token(OM_uint32 *minor_status,
 const gss_ctx_id_t context_handle, int conf_req_flag,
 gss_qop_t qop_req, OM_uint32 req_output_size,
 OM_uint32 *max_input_size);

DESCRIPTION

The gss_wrap_size_limit() function allows an application to determine the maximum message size that, if presented to gss_wrap() with the same conf_req_flag and qop_req parameters, results in an output token containing no more than req_output_size bytes. This call is intended for use by applications that communicate over protocols that impose a maximum message size. It enables the application to fragment messages prior to applying protection. The GSS-API detects invalid QOP values when gss_wrap_size_limit() is called. This routine guarantees only a maximum message size, not the availability of specific QOP values for message protection.

Successful completion of gss_wrap_size_limit() does not guarantee that gss_wrap() will be able to protect a message of length max_input_size bytes, since this ability might depend on the availability of system resources at the time that gss_wrap() is called.

PARAMETERS

The parameter descriptions for gss_wrap_size_limit() are as follows: minor_status

A mechanism-specific status code.

context_handle

A handle that refers to the security over which the messages will be sent.

conf_req_flag

Indicates whether gss_wrap() will be asked to apply confidential protection in addition to integrity protection. See gss_wrap(3GSS) for more details.

qop_req

Indicates the level of protection that gss_wrap() will be asked to provide. See gss_wrap(3GSS) for more details.

req_output_size

The desired maximum size for tokens emitted by gss_wrap().

max_input_size

The maximum input message size that can be presented to gss_wrap() to guarantee that the emitted token will be no larger than req_output_size bytes.

ERRORS

gss_wrap_size_limit() returns one of the following status codes: GSS_S_COMPLETE

Successful completion.

GSS_S_NO_CONTEXT

The referenced context could not be accessed.

GSS_S_CONTEXT_EXPIRED

The context has expired.

GSS_S_BAD_QOP

The specified QOP is not supported by the mechanism.

GSS_S_FAILURE

The underlying mechanism detected an error for which no specific GSS status code is defined. The mechanism-specific status code reported by means of the minor_status parameter details the error condition.

ATTRIBUTES

See attributes(5) for descriptions of the following attributes:

ATTRIBUTE TYPE ATTRIBUTE VALUE

MT Level Safe

SEE ALSO

gss_wrap(3GSS), attributes(5)

Solaris Security for Developers Guide