GSS_WRAP_SIZE_LIMIT(3GSS) Generic Security Services API Library Functions
NAME
gss_wrap_size_limit - allow application to determine maximum message
size with resulting output token of a specified maximum size
SYNOPSIS
cc [
flag... ]
file...
-lgss [
library... ]
#include <gssapi/gssapi.h>
OM_uint32 gss_process_context_token(
OM_uint32 *minor_status,
const gss_ctx_id_t context_handle,
int conf_req_flag,
gss_qop_t qop_req,
OM_uint32 req_output_size,
OM_uint32 *max_input_size);
DESCRIPTION
The
gss_wrap_size_limit() function allows an application to determine
the maximum message size that, if presented to
gss_wrap() with the
same
conf_req_flag and
qop_req parameters, results in an output token
containing no more than
req_output_size bytes. This call is intended
for use by applications that communicate over protocols that impose a
maximum message size. It enables the application to fragment messages
prior to applying protection. The
GSS-API detects invalid
QOP values
when
gss_wrap_size_limit() is called. This routine guarantees only a
maximum message size, not the availability of specific
QOP values for
message protection.
Successful completion of
gss_wrap_size_limit() does not guarantee
that
gss_wrap() will be able to protect a message of length
max_input_size bytes, since this ability might depend on the
availability of system resources at the time that
gss_wrap() is
called.
PARAMETERS
The parameter descriptions for
gss_wrap_size_limit() are as follows:
minor_status A mechanism-specific status code.
context_handle A handle that refers to the security over which
the messages will be sent.
conf_req_flag Indicates whether
gss_wrap() will be asked to
apply confidential protection in addition to
integrity protection. See
gss_wrap(3GSS) for more
details.
qop_req Indicates the level of protection that
gss_wrap() will be asked to provide. See
gss_wrap(3GSS) for
more details.
req_output_size The desired maximum size for tokens emitted by
gss_wrap().
max_input_size The maximum input message size that can be
presented to
gss_wrap() to guarantee that the
emitted token will be no larger than
req_output_size bytes.
ERRORS
gss_wrap_size_limit() returns one of the following status codes:
GSS_S_COMPLETE Successful completion.
GSS_S_NO_CONTEXT The referenced context could not be
accessed.
GSS_S_CONTEXT_EXPIRED The context has expired.
GSS_S_BAD_QOP The specified
QOP is not supported by the
mechanism.
GSS_S_FAILURE The underlying mechanism detected an error
for which no specific
GSS status code is
defined. The mechanism-specific status code
reported by means of the
minor_status parameter details the error condition.
ATTRIBUTES
See
attributes(7) for descriptions of the following attributes:
+---------------+-----------------+
|ATTRIBUTE TYPE | ATTRIBUTE VALUE |
+---------------+-----------------+
|MT Level | Safe |
+---------------+-----------------+
SEE ALSO
gss_wrap(3GSS),
attributes(7) Solaris Security for Developers Guide January 15, 2003 GSS_WRAP_SIZE_LIMIT(3GSS)
