How to query needed size for output buffer when calling AcceptSecurityContext?

Question

I tried usual Windows way, I passed nullptr as output buffer pointer and size 0. AcceptSecurityContext fails with error SEC_E_INSUFFICIENT_MEMORY. I was expecting to get needed size in OutSecBuff.cbBuffer but it is 0. I call it again with huge buffer. Call succeeds but context is invalid an later calls fail.

// Query needed buffer size
secStatus = AcceptSecurityContext(&hcred,&hctxt, &InBuffDesc,attr,SECURITY_NATIVE_DREP,
   &hctxt,&OutBuffDesc,&attr,nullptr);

if(SEC_E_INSUFFICIENT_MEMORY == ss)
{
    // Allocate buffer of needed size, big enough
    OutSecBuff.cbBuffer = *pcbOut;
    OutSecBuff.pvBuffer = pOut;
    // Call with buffer of required size
    secStatus = AcceptSecurityContext(&hcred,&hctxt, InBuffDesc,
       attr,SECURITY_NATIVE_DREP,&hctxt,&OutBuffDesc,&attr,nullptr);
}

If I preallocate huge buffer, everything works fine.
I would like to dynamically allocate buffer of needed size.

This is true but I wanted to *reuse buffer*. In first call, I would specify size of the existing buffer. If it is not enough, function would return `SEC_E_INSUFFICIENT_MEMORY` and needed buffer size. This is how other Windows API functions work. — zdenko.s, Apr 11 '22 at 08:01

score 0 · Accepted Answer · answered Apr 11 '22 at 08:05

0

SSAPI takes different approcah. When querying security package QuerySecurityPackageInfo, max size of output buffer is returned in field cbMaxToken. You allocate buffer once and you can be assured that buffer size will be enough for all requests.

answered Apr 11 '22 at 08:05

zdenko.s

931
1
12
29

How to query needed size for output buffer when calling AcceptSecurityContext?

1 Answers1