Partager via


Memory Use and Buffers

A version of this page is also available for

Windows Embedded CE 6.0 R3

4/8/2010

Memory is handled through a list of descriptors for the buffers being passed to the functions. Because certain protocols require access to an entire message, the entire message is available. To ensure application integrity, however, you can prohibit a package from modifying an area of a message.

The context functions use the SecBuffer and SecBufferDesc structures to pass memory buffers. The client creates an array of Sec Buffer structures that reference only the buffers that the application will be passing to the package. The security package may indicate that it looks at only the security portion of a message, and that the SSPI client need not provide the other portions of the message. Performance improves when portions of the message are passed instead of the entire message.

SecBufferDesc is a structure that includes a pointer to the array of SecBuffer structures. The following code example shows how the server initializes an array of buffers when it calls the AcceptSecurityContext function. The last buffer in this sample code contains the opaque security token received by the client; it also sets the SECBUFFER_READONLY flag.

SecBuffer Buffers[3];
SecBufferDesc BufferDesc;

// Set up the buffer descriptors.
BufferDesc.ulVersion = SECBUFFER_VERSION;
BufferDesc.cBuffers = 3;
BufferDesc.pBuffers = &Buffers[0];

Buffers[0].cbBuffer = sizeof (Protocol_Header);
Buffers[0].BufferType = SECBUFFER_READONLY | SECBUFFER_DATA;
Buffers[0].pvBuffer = pHeader;

Buffers[1].cbBuffer = pHeader->MessageSize;
Buffers[1].BufferType = SECBUFFER_DATA;
Buffers[1].pvBuffer = pMessage;

Buffers[2].cbBuffer = pHeader->TrailerSize;
Buffers[2].BufferType = SECBUFFER_READONLY | SECBUFFER_TOKEN;
Buffers[2].pvBuffer = pSecurityTrailer;

See Also

Reference

Authentication Services Reference

Concepts

Security Support Provider Interface Architecture
Security Packages
Authentication Services Security
Authentication Services Registry Settings

Other Resources

Authentication Services