diff options
Diffstat (limited to 'lib/libgssapi/gss_wrap_size_limit.3')
-rw-r--r-- | lib/libgssapi/gss_wrap_size_limit.3 | 163 |
1 files changed, 163 insertions, 0 deletions
diff --git a/lib/libgssapi/gss_wrap_size_limit.3 b/lib/libgssapi/gss_wrap_size_limit.3 new file mode 100644 index 0000000..63017e2 --- /dev/null +++ b/lib/libgssapi/gss_wrap_size_limit.3 @@ -0,0 +1,163 @@ +.\" -*- nroff -*- +.\" +.\" Copyright (c) 2005 Doug Rabson +.\" All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND +.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE +.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +.\" SUCH DAMAGE. +.\" +.\" $FreeBSD$ +.\" +.\" Copyright (C) The Internet Society (2000). All Rights Reserved. +.\" +.\" This document and translations of it may be copied and furnished to +.\" others, and derivative works that comment on or otherwise explain it +.\" or assist in its implementation may be prepared, copied, published +.\" and distributed, in whole or in part, without restriction of any +.\" kind, provided that the above copyright notice and this paragraph are +.\" included on all such copies and derivative works. However, this +.\" document itself may not be modified in any way, such as by removing +.\" the copyright notice or references to the Internet Society or other +.\" Internet organizations, except as needed for the purpose of +.\" developing Internet standards in which case the procedures for +.\" copyrights defined in the Internet Standards process must be +.\" followed, or as required to translate it into languages other than +.\" English. +.\" +.\" The limited permissions granted above are perpetual and will not be +.\" revoked by the Internet Society or its successors or assigns. +.\" +.\" This document and the information contained herein is provided on an +.\" "AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING +.\" TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING +.\" BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION +.\" HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF +.\" MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. +.\" +.\" The following commands are required for all man pages. +.Dd November 12, 2005 +.Os +.Dt GSS_WRAP_SIZE_LIMIT 3 PRM +.Sh NAME +.Nm gss_wrap_size_limit +.Nd Determine maximum message sizes +.\" This next command is for sections 2 and 3 only. +.\" .Sh LIBRARY +.Sh SYNOPSIS +.In "gssapi/gssapi.h" +.Ft OM_uint32 +.Fo gss_wrap_size_limit +.Fa "OM_uint32 *minor_status" +.Fa "const gss_ctx_id_t context_handle" +.Fa "int conf_req_flag" +.Fa "gss_qop_t qop_req" +.Fa "OM_uint32 req_output_size" +.Fa "OM_uint32 *max_input_size" +.Fc +.Sh DESCRIPTION +Allows an application to determine the maximum message size that, +if presented to +.Xr gss_wrap 3 +with the same +.Dv conf_req_flag +and +.Dv qop_req +parameters, +will result in an output token containing no more than +.Dv req_output_size +bytes. +.Pp +This call is intended for use by applications that +communicate over protocols that impose a maximum message size. +It enables the application to fragment messages prior to applying protection. +.Pp +GSS-API implementations are recommended but not required to detect +invalid QOP values when +.Fn gss_wrap_size_limit +is called. +This routine guarantees only a maximum message size, +not the availability of specific QOP values for message protection. +.Pp +Successful completion of this call does not guarantee that +.Xr gss_wrap 3 +will be able to protect a message of length max_input_size bytes, +since this ability may depend on the availability of system resources +at the time that +.Xr gss_wrap 3 +is called. +However, if the implementation itself imposes an upper limit on +the length of messages that may be processed by gss_wrap, +the implementation should not return a value via +.Dv max_input_bytes +that is greater than this length. +.Sh PARAMETERS +.Bl -tag +.It minor_status +Mechanism specific status code. +.It context_handle +A handle that refers to the security over which the messages will be sent. +.It conf_req_flag +Indicates whether +.Xr gss_wrap 3 +will be asked to apply confidentiality protection +in addition to integrity protection. +.It qop_req +Indicates the level of protection that +.Xr gss_wrap 3 +will be asked to provide. +.It req_output_size +The desired maximum size for tokens emitted by +.Xr gss_wrap 3 . +.It max_input_size +The maximum input message size that may be presented to +.Xr gss_wrap 3 +in order to guarantee that the emitted token shall +be no larger than +.Dv req_output_size +bytes. +.El +.Sh RETURN VALUES +.Bl -tag +.It GSS_S_COMPLETE +Successful completion. +.It GSS_S_NO_CONTEXT +The referenced context could not be accessed. +.It GSS_S_CONTEXT_EXPIRED +The context has expired. +.It GSS_S_BAD_QOP +The specified QOP is not supported by the mechanism. +.El +.Sh SEE ALSO +.Xr gss_wrap 3 +.Sh STANDARDS +.Bl -tag +.It RFC 2743 +Generic Security Service Application Program Interface Version 2, Update 1 +.It RFC 2744 +Generic Security Service API Version 2 : C-bindings +.\" .Sh HISTORY +.Sh HISTORY +The +.Nm +manual page example first appeared in +.Fx 7.0 . +.Sh AUTHORS +John Wray, Iris Associates |