Thegss-client application needs to wrap, that is,encrypt the data before the data can be sent. The application goes throughthe following steps to wrap the message:
Determines the wrap size limit. This process ensures thatthe wrapped message can be accommodated by the protocol.
Obtains the source and destination names. Translates the namesfrom object identifiers to strings.
Gets the list of mechanism names. Translates the names fromobject identifiers to strings.
Inserts the message into a buffer and wraps the message.
Sends the message to the server.
The following source code wraps a message.
Example 17 GSSAPI Clientcall_server() Function to Wrap Message/* Test gss_wrap_size_limit */maj_stat = gss_wrap_size_limit(&min_stat, context, conf_req_flag, GSS_C_QOP_DEFAULT, req_output_size, &max_input_size);if (maj_stat != GSS_S_COMPLETE) { display_status("wrap_size_limit call", maj_stat, min_stat);} else fprintf (stderr, "gss_wrap_size_limit returned " "max input size = %d \n" "for req_output_size = %d with Integrity only\n", max_input_size, req_output_size, conf_req_flag);conf_req_flag = 1;maj_stat = gss_wrap_size_limit(&min_stat, context, conf_req_flag, GSS_C_QOP_DEFAULT, req_output_size, &max_input_size);if (maj_stat != GSS_S_COMPLETE) { display_status("wrap_size_limit call", maj_stat, min_stat);} else fprintf (stderr, "gss_wrap_size_limit returned " " max input size = %d \n" "for req_output_size = %d with " "Integrity & Privacy \n", max_input_size, req_output_size );maj_stat = gss_display_name(&min_stat, src_name, &sname, &name_type);if (maj_stat != GSS_S_COMPLETE) { display_status("displaying source name", maj_stat, min_stat); return -1;}maj_stat = gss_display_name(&min_stat, targ_name, &tname, (gss_OID *) NULL);if (maj_stat != GSS_S_COMPLETE) { display_status("displaying target name", maj_stat, min_stat); return -1; }fprintf(stderr, "\"%.*s\" to \"%.*s\", lifetime %u, flags %x, %s, %s\n", (int) sname.length, (char *) sname.value, (int) tname.length, (char *) tname.value, lifetime, context_flags, (is_local) ? "locally initiated" : "remotely initiated", (is_open) ? "open" : "closed");(void) gss_release_name(&min_stat, &src_name);(void) gss_release_name(&min_stat, &targ_name);(void) gss_release_buffer(&min_stat, &sname);(void) gss_release_buffer(&min_stat, &tname);maj_stat = gss_oid_to_str(&min_stat, name_type, &oid_name);if (maj_stat != GSS_S_COMPLETE) { display_status("converting oid->string", maj_stat, min_stat); return -1;}fprintf(stderr, "Name type of source name is %.*s.\n", (int) oid_name.length, (char *) oid_name.value);(void) gss_release_buffer(&min_stat, &oid_name);/* Now get the names supported by the mechanism */maj_stat = gss_inquire_names_for_mech(&min_stat, mechanism, &mech_names);if (maj_stat != GSS_S_COMPLETE) { display_status("inquiring mech names", maj_stat, min_stat); return -1;}maj_stat = gss_oid_to_str(&min_stat, mechanism, &oid_name);if (maj_stat != GSS_S_COMPLETE) { display_status("converting oid->string", maj_stat, min_stat); return -1;}mechStr = (char *)__gss_oid_to_mech(mechanism);fprintf(stderr, "Mechanism %.*s (%s) supports %d names\n", (int) oid_name.length, (char *) oid_name.value, (mechStr == NULL ? "NULL" : mechStr), mech_names->count);(void) gss_release_buffer(&min_stat, &oid_name);for (i=0; i < mech_names->count; i++) { maj_stat = gss_oid_to_str(&min_stat, &mech_names->elements[i], &oid_name); if (maj_stat != GSS_S_COMPLETE) { display_status("converting oid->string", maj_stat, min_stat); return -1; } fprintf(stderr, " %d: %.*s\n", i, (int) oid_name.length, ( char *) oid_name.value); (void) gss_release_buffer(&min_stat, &oid_name); }(void) gss_release_oid_set(&min_stat, &mech_names);if (use_file) { read_file(msg, &in_buf);} else { /* Wrap the message */ in_buf.value = msg; in_buf.length = strlen(msg) + 1;}if (ret_flag & GSS_C_CONF_FLAG) { state = 1;else state = 0;}maj_stat = gss_wrap(&min_stat, context, 1, GSS_C_QOP_DEFAULT, &in_buf, &state, &out_buf);if (maj_stat != GSS_S_COMPLETE) { display_status("wrapping message", maj_stat, min_stat); (void) close(s); (void) gss_delete_sec_context(&min_stat, &context, GSS_C_NO_BUFFER); return -1;} else if (! state) { fprintf(stderr, "Warning! Message not encrypted.\n");}/* Send to server */if (send_token(s, &out_buf) < 0) { (void) close(s); (void) gss_delete_sec_context(&min_stat, &context, GSS_C_NO_BUFFER); return -1;}(void) gss_release_buffer(&min_stat, &out_buf);