Memory is handled through a list of descriptors for the buffers being passed to the functions. Because certain protocols, such as OSF DCE, require access to the entire message, the entire message is available. For integrity of the transport application, however, the packages can be prohibited from modifying some areas of the message.
The context functions use the SecBuffer and SecBufferDesc structures to pass memory buffers.
The transport application or client of this interface creates an array of SecBuffer structures that reference the buffers the transport application will be passing in to the package. Note that the security package may indicate that it will be looking at only the security portion of a message, and the client of this interface need not provide the other sections. This can increase performance.
The SecBufferDesc structure is a header that includes a pointer to the array of SecBuffer structures. This enables the client to allocate the header and buffers on the stack, as shown in the following example:
SecBuffer Buffers[3];
SecBufferDesc BufferDesc;
...
BufferDesc.ulVersion = SECBUFFER_VERSION;
BufferDesc.cBuffers = 3;
BufferDesc.pBuffers = &Buffers;
The application can then initialize the pointers and sizes in the buffer description to indicate where things may be found:
Buffers[0].cbBuffer = sizeof(Protocol_Header);
Buffers[0].BufferType = SECBUFFER_READONLY | SECBUFFER_DATA;
Buffers[0].pvBuffer = pHeader;
Buffers[1].cbBuffer = pHeader->MessageSize;
Buffers[1].BufferType = SECBUFFER_DATA;
Buffers[1].pvBuffer = pMessage;
Buffers[2].cbBuffer = pHeader->TrailerSize;
Buffers[2].BufferType = SECBUFFER_READONLY | SECBUFFER_TOKEN;
Buffers[2].pvBuffer = pSecurityTrailer;
For a description of the different buffer types, see SecBuffer.