Provided by: libglobus-gssapi-gsi-doc_14.10-2_all bug

NAME

       globus_gsi_gssapi - GSI Implementation Details.

SYNOPSIS

   Modules
       Constants
           Implementation-specific Constants.
       Activation
           Module Activation.
       Request Flags
           Request Flags.
       Return Flags
           Return Flags.
       GSSAPI Extensions
           Extensions.

   Functions
       OM_uint32 GSS_CALLCONV gss_accept_sec_context (OM_uint32 *minor_status, gss_ctx_id_t
           *context_handle_P, const gss_cred_id_t acceptor_cred_handle, const gss_buffer_t
           input_token, const gss_channel_bindings_t input_chan_bindings, gss_name_t *src_name_P,
           gss_OID *mech_type, gss_buffer_t output_token, OM_uint32 *ret_flags, OM_uint32
           *time_rec, gss_cred_id_t *delegated_cred_handle_P)
           GSS Accept Security Context.
       OM_uint32 GSS_CALLCONV gss_acquire_cred (OM_uint32 *minor_status, const gss_name_t
           desired_name_P, OM_uint32 time_req, const gss_OID_set desired_mechs, gss_cred_usage_t
           cred_usage, gss_cred_id_t *output_cred_handle_P, gss_OID_set *actual_mechs, OM_uint32
           *time_rec)
           Acquire Credential.
       OM_uint32 GSS_CALLCONV gss_compare_name (OM_uint32 *minor_status, const gss_name_t
           name1_P, const gss_name_t name2_P, int *name_equal)
           Compare Name.
       OM_uint32 GSS_CALLCONV gss_delete_sec_context (OM_uint32 *minor_status, gss_ctx_id_t
           *context_handle_P, gss_buffer_t output_token)
           Delete Security Context.
       OM_uint32 GSS_CALLCONV gss_display_name (OM_uint32 *minor_status, const gss_name_t
           input_name_P, gss_buffer_t output_name, gss_OID *output_name_type)
           Display Name.
       OM_uint32 GSS_CALLCONV gss_display_status (OM_uint32 *minor_status, OM_uint32
           status_value, int status_type, const gss_OID mech_type, OM_uint32 *message_context,
           gss_buffer_t status_string)
           Display Status

       Calls the OpenSSL error print routines to produce a printable message. This may need some
       work, as the OpenSSL error messages are more of a trace, and my not be the best for the
       user. Also don't take advantage of being called in a loop. "
   OM_uint32 GSS_CALLCONV gss_duplicate_name (OM_uint32 *minor_status, const gss_name_t src_name,
       gss_name_t *dest_name)
       Duplicate Name.
   OM_uint32 GSS_CALLCONV gss_export_name (OM_uint32 *minor_status, const gss_name_t
       input_name_P, gss_buffer_t exported_name)
       Export Name.
   OM_uint32 GSS_CALLCONV gss_get_mic (OM_uint32 *minor_status, const gss_ctx_id_t
       context_handle, gss_qop_t qop_req, const gss_buffer_t message_buffer, gss_buffer_t
       message_token)
       Get MIC

       Calculates a cryptographic MIC (message integrity check) over an application message, and
       returns that MIC in the token. The token and message can then be passed to the peer
       application which calls gss_verify_mic to verify the MIC. "
   OM_uint32 GSS_CALLCONV gss_sign (OM_uint32 *minor_status, gss_ctx_id_t context_handle, int
       qop_req, gss_buffer_t message_buffer, gss_buffer_t message_token)
       Sign.
   OM_uint32 GSS_CALLCONV gss_import_name (OM_uint32 *minor_status, const gss_buffer_t
       input_name_buffer, const gss_OID input_name_type, gss_name_t *output_name_P)
   OM_uint32 GSS_CALLCONV gss_init_sec_context (OM_uint32 *minor_status, const gss_cred_id_t
       initiator_cred_handle, gss_ctx_id_t *context_handle_P, const gss_name_t target_name, const
       gss_OID mech_type, OM_uint32 req_flags, OM_uint32 time_req, const gss_channel_bindings_t
       input_chan_bindings, const gss_buffer_t input_token, gss_OID *actual_mech_type,
       gss_buffer_t output_token, OM_uint32 *ret_flags, OM_uint32 *time_rec)
       Init Sec Context.
   OM_uint32 GSS_CALLCONV gss_inquire_context (OM_uint32 *minor_status, const gss_ctx_id_t
       context_handle_P, gss_name_t *src_name_P, gss_name_t *targ_name_P, OM_uint32
       *lifetime_rec, gss_OID *mech_type, OM_uint32 *ctx_flags, int *locally_initiated, int
       *open)
       Inquire Context.
   OM_uint32 GSS_CALLCONV gss_context_time (OM_uint32 *minor_status, const gss_ctx_id_t
       context_handle, OM_uint32 *time_rec)
       Context Time.
   OM_uint32 GSS_CALLCONV gss_inquire_cred (OM_uint32 *minor_status, const gss_cred_id_t
       cred_handle_P, gss_name_t *name, OM_uint32 *lifetime, gss_cred_usage_t *cred_usage,
       gss_OID_set *mechanisms)
       Inquire Cred.
   OM_uint32 GSS_CALLCONV gss_add_oid_set_member (OM_uint32 *minor_status, const gss_OID
       member_oid, gss_OID_set *oid_set)
       Add OID Set Member.
   OM_uint32 GSS_CALLCONV gss_create_empty_oid_set (OM_uint32 *minor_status, gss_OID_set
       *oid_set)
       Create Empty OID Set

       Creates an object identifier set containing no object identifiers, to which members may be
       subsequently added using the GSS_Add_OID_set_member() routine. These routines are intended
       to be used to construct sets of mechanism object identifiers, for input to
       GSS_Acquire_cred(). "
   OM_uint32 GSS_CALLCONV gss_indicate_mechs (OM_uint32 *minor_status, gss_OID_set *mech_set)
       Indicate Mechs.
   OM_uint32 GSS_CALLCONV gss_release_oid_set (OM_uint32 *minor_status, gss_OID_set *mech_set)
       Release OID Set.
   OM_uint32 GSS_CALLCONV gss_test_oid_set_member (OM_uint32 *minor_status, const gss_OID member,
       const gss_OID_set set, int *present)
       Test OID Set Member.
   OM_uint32 GSS_CALLCONV gss_release_buffer (OM_uint32 *minor_status, gss_buffer_t buffer)
       Release Buffer.
   OM_uint32 GSS_CALLCONV gss_release_cred (OM_uint32 *minor_status, gss_cred_id_t
       *cred_handle_P)
       Release Credential.
   OM_uint32 GSS_CALLCONV gss_release_name (OM_uint32 *minor_status, gss_name_t *name_P)
       GSS Release Name.
   OM_uint32 GSS_CALLCONV gss_unwrap (OM_uint32 *minor_status, const gss_ctx_id_t context_handle,
       const gss_buffer_t input_message_buffer, gss_buffer_t output_message_buffer, int
       *conf_state, gss_qop_t *qop_state)
       Unwrap.
   OM_uint32 GSS_CALLCONV gss_unseal (OM_uint32 *minor_status, gss_ctx_id_t context_handle,
       gss_buffer_t input_message_buffer, gss_buffer_t output_message_buffer, int *conf_state,
       int *qop_state)
       Unseal.
   OM_uint32 GSS_CALLCONV gss_verify_mic (OM_uint32 *minor_status, const gss_ctx_id_t
       context_handle, const gss_buffer_t message_buffer, const gss_buffer_t token_buffer,
       gss_qop_t *qop_state)
       Verify MIC.
   OM_uint32 GSS_CALLCONV gss_verify (OM_uint32 *minor_status, gss_ctx_id_t context_handle,
       gss_buffer_t message_buffer, gss_buffer_t token_buffer, int *qop_state)
       Verify.
   OM_uint32 GSS_CALLCONV gss_wrap_size_limit (OM_uint32 *minor_status, const gss_ctx_id_t
       context_handle, int conf_req_flag, gss_qop_t qop_req, OM_uint32 req_output_size, OM_uint32
       *max_input_size)
       Wrap Size Limit.
   OM_uint32 GSS_CALLCONV gss_wrap (OM_uint32 *minor_status, const gss_ctx_id_t context_handle,
       int conf_req_flag, gss_qop_t qop_req, const gss_buffer_t input_message_buffer, int
       *conf_state, gss_buffer_t output_message_buffer)
       Wrap.
   OM_uint32 GSS_CALLCONV gss_seal (OM_uint32 *minor_status, gss_ctx_id_t context_handle, int
       conf_req_flag, int qop_req, gss_buffer_t input_message_buffer, int *conf_state,
       gss_buffer_t output_message_buffer)
       Seal.

Detailed Description

       GSI Implementation Details.

       The Globus GSI GSSAPI is an implementation of GSS API C Bindings using OpenSSL. This API
       documentation is intended to explain implementation-specific behavior of this GSSAPI
       implementation, as well as GSSAPI extensions.

       The API documentation is divided into sections covering:

       · Globus GSSAPI

       · Activation

       · Constants

       · Request Flags

       · Return Flags

       · GSSAPI Extensions

       · Delegation

Function Documentation

   OM_uint32 GSS_CALLCONV gss_accept_sec_context (OM_uint32 * minor_status, gss_ctx_id_t *
       context_handle_P, const gss_cred_id_t acceptor_cred_handle, const gss_buffer_t
       input_token, const gss_channel_bindings_t input_chan_bindings, gss_name_t * src_name_P,
       gss_OID * mech_type, gss_buffer_t output_token, OM_uint32 * ret_flags, OM_uint32 *
       time_rec, gss_cred_id_t * delegated_cred_handle_P)
       GSS Accept Security Context.

       Parameters:
           minor_status
           context_handle_P
           acceptor_cred_handle
           input_token
           input_chan_bindings
           src_name_P
           mech_type
           output_token
           ret_flags Also used as req_flags for other functions
           time_rec
           delegated_cred_handle_P

       Returns:

   OM_uint32 GSS_CALLCONV gss_acquire_cred (OM_uint32 * minor_status, const gss_name_t
       desired_name_P, OM_uint32 time_req, const gss_OID_set desired_mechs, gss_cred_usage_t
       cred_usage, gss_cred_id_t * output_cred_handle_P, gss_OID_set * actual_mechs, OM_uint32 *
       time_rec)
       Acquire Credential. GSSAPI routine to acquire the local credential. See the latest IETF
       draft/RFC on the GSSAPI C bindings.

       Gets the local credentials. The proxy_init_cred does most of the work of setting up the
       SSL_ctx, getting the user's cert, key, etc.

       The globusid will be obtained from the certificate. (Minus and /CN=proxy entries.)

       Parameters:
           minor_status Mechanism specific status code. In this implementation, the minor_status
           is a cast from a globus_result_t value, which is either GLOBUS_SUCCESS or a globus
           error object ID if an error occurred.
           desired_name_P Name of principle whose credentials should be acquired This parameter
           maps to the desired subject of the cert to be acquired as the credential. Possible
           values are:

           · For a service cert: service name@fqdn

           · For a host cert: fqdn

           · For a proxy cert: subject name

           · For a user cert: subject name This parameter can be NULL, in which case the cert is
             chosen using a default search order of: host, proxy, user, service

           time_req Number of seconds that credentials should remain valid. This value can be
           GSS_C_INDEFINITE for an unlimited lifetime. NOTE: in the current implementation, this
           parameter is ignored, since you can't change the expiration of a signed cert.
           desired_mechs
           cred_usage
           output_cred_handle_P
           actual_mechs
           time_rec

   OM_uint32 GSS_CALLCONV gss_add_oid_set_member (OM_uint32 * minor_status, const gss_OID
       member_oid, gss_OID_set * oid_set)
       Add OID Set Member. Adds an Object Identifier to an Object Identifier set. This routine is
       intended for use in conjunction with GSS_Create_empty_OID_set() when constructing a set of
       mechanism OIDs for input to GSS_Acquire_cred().

       Parameters:
           minor_status
           member_oid
           oid_set

       Return values:
           GSS_S_COMPLETE Success
           GSS_S_FAILURE Operation failed

   OM_uint32 GSS_CALLCONV gss_compare_name (OM_uint32 * minor_status, const gss_name_t name1_P,
       const gss_name_t name2_P, int * name_equal)
       Compare Name. Compare two names. GSSAPI names in this implementation are pointers to X.509
       names.

       Parameters:
           minor_status currently is always set to GLOBUS_SUCCESS
           name1_P
           name2_P
           name_equal

       Returns:
           currently always returns GSS_S_COMPLETE

   OM_uint32 GSS_CALLCONV gss_context_time (OM_uint32 * minor_status, const gss_ctx_id_t
       context_handle, OM_uint32 * time_rec)
       Context Time.

       Parameters:
           minor_status
           context_handle
           time_rec

       Returns:

   OM_uint32 GSS_CALLCONV gss_create_empty_oid_set (OM_uint32 * minor_status, gss_OID_set *
       oid_set)
       Create Empty OID Set

       Creates an object identifier set containing no object identifiers, to which members may be
       subsequently added using the GSS_Add_OID_set_member() routine. These routines are intended
       to be used to construct sets of mechanism object identifiers, for input to
       GSS_Acquire_cred().

       Parameters:
           minor_status
           oid_set

       Return values:
           GSS_S_COMPLETE Success
           GSS_S_FAILURE Operation failed

   OM_uint32 GSS_CALLCONV gss_delete_sec_context (OM_uint32 * minor_status, gss_ctx_id_t *
       context_handle_P, gss_buffer_t output_token)
       Delete Security Context. Delete the GSS Security Context

       Parameters:
           minor_status The minor status result - this is a globus_result_t cast to a OM_uint32.
           context_handle_P The context handle to be deleted
           output_token A token created upon destroying the context. If non-empty, this should be
           sent to the peer of the context to indicate that the context is closed.

       Returns:
           This function always returns GSS_S_COMPLETE

   OM_uint32 GSS_CALLCONV gss_display_name (OM_uint32 * minor_status, const gss_name_t
       input_name_P, gss_buffer_t output_name, gss_OID * output_name_type)
       Display Name. Produces a single line version of the internal X.509 name

       Parameters:
           minor_status
           input_name_P
           output_name
           output_name_type

       Returns:

   OM_uint32 GSS_CALLCONV gss_display_status (OM_uint32 * minor_status, OM_uint32 status_value,
       int status_type, const gss_OID mech_type, OM_uint32 * message_context, gss_buffer_t
       status_string)
       Display Status

       Calls the OpenSSL error print routines to produce a printable message. This may need some
       work, as the OpenSSL error messages are more of a trace, and my not be the best for the
       user. Also don't take advantage of being called in a loop.

       Parameters:
           minor_status
           status_value
           status_type
           mech_type
           message_context
           status_string

       Returns:

   OM_uint32 GSS_CALLCONV gss_duplicate_name (OM_uint32 * minor_status, const gss_name_t
       src_name, gss_name_t * dest_name)
       Duplicate Name. Copy a GSSAPI name.

       Parameters:
           minor_status
           src_name
           dest_name

       Returns:

   OM_uint32 GSS_CALLCONV gss_export_name (OM_uint32 * minor_status, const gss_name_t
       input_name_P, gss_buffer_t exported_name)
       Export Name. Produces a mechanism-independent exported name object. See section 3.2 of RFC
       2743.

   OM_uint32 GSS_CALLCONV gss_get_mic (OM_uint32 * minor_status, const gss_ctx_id_t
       context_handle, gss_qop_t qop_req, const gss_buffer_t message_buffer, gss_buffer_t
       message_token)
       Get MIC

       Calculates a cryptographic MIC (message integrity check) over an application message, and
       returns that MIC in the token. The token and message can then be passed to the peer
       application which calls gss_verify_mic to verify the MIC.

       Parameters:
           minor_status
           context_handle
           qop_req
           message_buffer
           message_token

       Returns:

   OM_uint32 GSS_CALLCONV gss_import_name (OM_uint32 * minor_status, const gss_buffer_t
       input_name_buffer, const gss_OID input_name_type, gss_name_t * output_name_P)
       Import a name into a gss_name_t

       Creates a new gss_name_t which contains a mechanism-specific representation of the input
       name. GSSAPI OpenSSL implements the following name types, based on the input_name_type
       OID:

       · GSS_C_NT_ANONYMOUS (input_name_buffer is ignored)

       · GSS_C_NT_HOSTBASED_SERVICE (input_name_buffer contains a string 'service@FQN' which will
         match /CN=service/FQDN)

       · GSS_C_NT_EXPORT_NAME (input_name_buffer contains a string with the X509_oneline
         representation of a name) like '/X=Y/Z=A...')

       · GSS_C_NO_OID or GSS_C_NT_USER_NAME (input_name_buffer contains an X.500 name formatted
         like '/X=Y/Z=A...')

       · GLOBUS_GSS_C_NT_HOST_IP (input_name_buffer contains a string 'FQDN/ip-address' which
         will match names with the FQDN or the IP address)

       · GLOBUS_SSS_C_NT_X509 (input buffer is an X509 struct from OpenSSL)

       Parameters:
           minor_status Minor status
           input_name_buffer Input name buffer which is interpreted based on the input_name_type
           input_name_type OID of the name
           output_name_P New gss_name_t value containing the name

       Return values:
           GSS_S_COMPLETE indicates that a valid name representation is output in output_name and
           described by the type value in output_name_type.
           GSS_S_BAD_NAMETYPE indicates that the input_name_type is unsupported by the applicable
           underlying GSS-API mechanism(s), so the import operation could not be completed.
           GSS_S_BAD_NAME indicates that the provided input_name_string is ill-formed in terms of
           the input_name_type, so the import operation could not be completed.
           GSS_S_BAD_MECH indicates that the input presented for import was an exported name
           object and that its enclosed mechanism type was not recognized or was unsupported by
           the GSS-API implementation.
           GSS_S_FAILURE indicates that the requested operation could not be performed for
           reasons unspecified at the GSS-API level.

   OM_uint32 GSS_CALLCONV gss_indicate_mechs (OM_uint32 * minor_status, gss_OID_set * mech_set)
       Indicate Mechs. Passes back the mech set of available mechs. We only have one for now.

       Parameters:
           minor_status
           mech_set

   OM_uint32 GSS_CALLCONV gss_inquire_context (OM_uint32 * minor_status, const gss_ctx_id_t
       context_handle_P, gss_name_t * src_name_P, gss_name_t * targ_name_P, OM_uint32 *
       lifetime_rec, gss_OID * mech_type, OM_uint32 * ctx_flags, int * locally_initiated, int *
       open)
       Inquire Context.

       Parameters:
           minor_status
           context_handle_P
           src_name_P
           targ_name_P
           lifetime_rec
           mech_type
           ctx_flags
           locally_initiated
           open

       Returns:

   OM_uint32 GSS_CALLCONV gss_inquire_cred (OM_uint32 * minor_status, const gss_cred_id_t
       cred_handle_P, gss_name_t * name, OM_uint32 * lifetime, gss_cred_usage_t * cred_usage,
       gss_OID_set * mechanisms)
       Inquire Cred. We will also allow the return of the proxy file name, if the minor_status is
       set to a value of 57056 0xdee0 This is done since there is no way to pass back the
       delegated credential file name.

       When 57056 is seen, this will cause a new copy of this credential to be written, and it is
       the user's responsibility to free the file when done. The name will be a pointer to a char
       * of the file name which must be freeed. The minor_status will be set to 57057 0xdee1 to
       indicate this.

       DEE - this is a kludge, till the GSSAPI get a better way to return the name.

       If the minor status is not changed from 57056 to 57057 assume it is not this gssapi, and a
       gss name was returned.

       Parameters:
           minor_status
           cred_handle_P
           name
           lifetime
           cred_usage
           mechanisms

       Returns:

   OM_uint32 GSS_CALLCONV gss_release_buffer (OM_uint32 * minor_status, gss_buffer_t buffer)
       Release Buffer.

       Parameters:
           minor_status
           buffer

       Return values:
           GSS_S_COMPLETE Success

   OM_uint32 GSS_CALLCONV gss_release_cred (OM_uint32 * minor_status, gss_cred_id_t *
       cred_handle_P)
       Release Credential. Release the GSSAPI credential handle

       Parameters:
           minor_status The minor status result - this is a globus_result_t cast to a OM_uint32.
           To access the globus error object use: globus_error_get((globus_result_t)
           *minor_status)
           cred_handle_P The gss cred handle to be released

       Return values:
           GSS_S_COMPLETE Success

   OM_uint32 GSS_CALLCONV gss_release_name (OM_uint32 * minor_status, gss_name_t * name_P)
       GSS Release Name. Release the GSS Name

       Parameters:
           minor_status The minor status result - this is a globus_result_t cast to a (OM_uint32
           *).
           name_P The GSSAPI name to be released

       Return values:
           GSS_S_COMPLETE Success
           GSS_S_FAILURE Failure

   OM_uint32 GSS_CALLCONV gss_release_oid_set (OM_uint32 * minor_status, gss_OID_set * mech_set)
       Release OID Set. Release the OID set.

       Parameters:
           minor_status
           mech_set

       Return values:
           GSS_S_COMPLETE Success

   OM_uint32 GSS_CALLCONV gss_seal (OM_uint32 * minor_status, gss_ctx_id_t context_handle, int
       conf_req_flag, int qop_req, gss_buffer_t input_message_buffer, int * conf_state,
       gss_buffer_t output_message_buffer)
       Seal. Obsolete variant of gss_wrap for V1 compatibility

       Parameters:
           minor_status
           context_handle
           conf_req_flag
           qop_req
           input_message_buffer
           conf_state
           output_message_buffer

       Returns:

   OM_uint32 GSS_CALLCONV gss_sign (OM_uint32 * minor_status, gss_ctx_id_t context_handle, int
       qop_req, gss_buffer_t message_buffer, gss_buffer_t message_token)
       Sign. Deprecated. Does the same thing as gss_get_mic for V1 compatibility.

       Parameters:
           minor_status
           context_handle
           qop_req
           message_buffer
           message_token

       Returns:

   OM_uint32 GSS_CALLCONV gss_test_oid_set_member (OM_uint32 * minor_status, const gss_OID
       member, const gss_OID_set set, int * present)
       Test OID Set Member. Interrogates an Object Identifier set to determine whether a
       specified Object Identifier is a member. This routine is intended to be used with OID sets
       returned by GSS_Indicate_mechs(), GSS_Acquire_cred(), and GSS_Inquire_cred().

       Parameters:
           minor_status
           member
           set
           present

       Return values:
           GSS_S_COMPLETE Success
           GSS_S_FAILURE Operation failed

   OM_uint32 GSS_CALLCONV gss_unseal (OM_uint32 * minor_status, gss_ctx_id_t context_handle,
       gss_buffer_t input_message_buffer, gss_buffer_t output_message_buffer, int * conf_state,
       int * qop_state)
       Unseal. Obsolete variant of gss_wrap for V1 compatibility allow for non 32 bit integer in
       qop_state.

       Return the data from the wrapped buffer. There may also be errors, such as integrity
       errors. Since we can not communicate directly with our peer, we can not do everything SSL
       could, i.e. return a token for example.

       Parameters:
           minor_status
           context_handle
           input_message_buffer
           output_message_buffer
           conf_state
           qop_state

   OM_uint32 GSS_CALLCONV gss_unwrap (OM_uint32 * minor_status, const gss_ctx_id_t
       context_handle, const gss_buffer_t input_message_buffer, gss_buffer_t
       output_message_buffer, int * conf_state, gss_qop_t * qop_state)
       Unwrap. GSSAPI routine to unwrap a buffer which may have been received and wraped by
       wrap.c

       Return the data from the wrapped buffer. There may also be errors, such as integrity
       errors. Since we can not communicate directly with our peer, we can not do everything SSL
       could, i.e. return a token for example.

       Parameters:
           minor_status
           context_handle
           input_message_buffer
           output_message_buffer
           conf_state
           qop_state

   OM_uint32 GSS_CALLCONV gss_verify (OM_uint32 * minor_status, gss_ctx_id_t context_handle,
       gss_buffer_t message_buffer, gss_buffer_t token_buffer, int * qop_state)
       Verify. Obsolete variant of gss_verify for V1 compatibility Check a MIC of the date

       Parameters:
           minor_status
           context_handle
           message_buffer
           token_buffer
           qop_state

       Returns:

   OM_uint32 GSS_CALLCONV gss_verify_mic (OM_uint32 * minor_status, const gss_ctx_id_t
       context_handle, const gss_buffer_t message_buffer, const gss_buffer_t token_buffer,
       gss_qop_t * qop_state)
       Verify MIC. Check a MIC of the data

       Parameters:
           minor_status
           context_handle
           message_buffer
           token_buffer
           qop_state

       Returns:

   OM_uint32 GSS_CALLCONV gss_wrap (OM_uint32 * minor_status, const gss_ctx_id_t context_handle,
       int conf_req_flag, gss_qop_t qop_req, const gss_buffer_t input_message_buffer, int *
       conf_state, gss_buffer_t output_message_buffer)
       Wrap. Wrap a message for integrity and protection. We do this using the SSLv3 routines, by
       writing to the SSL bio, and pulling off the buffer from the back of the write BIO. But we
       can't do everything SSL might want, such as control messages, or segment the messages
       here, since we are forced to using the GSSAPI tokens, and can not communicate directly
       with our peer. So there maybe some failures which would work with true SSL.

       Parameters:
           minor_status
           context_handle
           conf_req_flag
           qop_req
           input_message_buffer
           conf_state
           output_message_buffer

       Returns:

   OM_uint32 GSS_CALLCONV gss_wrap_size_limit (OM_uint32 * minor_status, const gss_ctx_id_t
       context_handle, int conf_req_flag, gss_qop_t qop_req, OM_uint32 req_output_size, OM_uint32
       * max_input_size)
       Wrap Size Limit. GSSAPI routine to take a buffer, calculate a MIC which is returned as a
       token. We will use the SSL protocol here.

       Parameters:
           minor_status
           context_handle
           conf_req_flag
           qop_req
           req_output_size
           max_input_size

Author

       Generated automatically by Doxygen for globus_gssapi_gsi from the source code.