Memory Use and Buffers (Windows CE 5.0)
Memory is handled through a list of descriptors for the buffers being passed to the functions. Because certain protocols require access to an entire message, the entire message is available. To ensure application integrity, however, you can prohibit a package from modifying an area of a message.
The context functions use the SecBuffer and SecBufferDesc structures to pass memory buffers. The client creates an array of Sec Buffer structures that reference only the buffers that the application will be passing to the package. The security package may indicate that it looks at only the security portion of a message, and that the SSPI client need not provide the other portions of the message. Performance improves when portions of the message are passed instead of the entire message.
SecBufferDesc is a structure that includes a pointer to the array of SecBuffer structures. The following code example shows how the server initializes an array of buffers when it calls the AcceptSecurityContext function. The last buffer in this sample code contains the opaque security token received by the client; it also sets the SECBUFFER_READONLY flag.
SecBuffer Buffers[3];
SecBufferDesc BufferDesc;
// Set up the buffer descriptors.
BufferDesc.ulVersion = SECBUFFER_VERSION;
BufferDesc.cBuffers = 3;
BufferDesc.pBuffers = &Buffers[0];
Buffers[0].cbBuffer = sizeof (Protocol_Header);
Buffers[0].BufferType = SECBUFFER_READONLY | SECBUFFER_DATA;
Buffers[0].pvBuffer = pHeader;
Buffers[1].cbBuffer = pHeader->MessageSize;
Buffers[1].BufferType = SECBUFFER_DATA;
Buffers[1].pvBuffer = pMessage;
Buffers[2].cbBuffer = pHeader->TrailerSize;
Buffers[2].BufferType = SECBUFFER_READONLY | SECBUFFER_TOKEN;
Buffers[2].pvBuffer = pSecurityTrailer;
See Also
Authentication Services | Security Support Provider Interface Architecture | Security Packages | Authentication Services Security | Authentication Services Registry Settings | Authentication Services Reference
Send Feedback on this topic to the authors