I tried usual Windows way, I passed nullptr as output buffer pointer and size 0. AcceptSecurityContext fails with error SEC_E_INSUFFICIENT_MEMORY. I was expecting to get needed size in OutSecBuff.cbBuffer but it is 0. I call it again with huge buffer. Call succeeds but context is invalid an later calls fail.
// Query needed buffer size
secStatus = AcceptSecurityContext(&hcred,&hctxt, &InBuffDesc,attr,SECURITY_NATIVE_DREP,
&hctxt,&OutBuffDesc,&attr,nullptr);
if(SEC_E_INSUFFICIENT_MEMORY == ss)
{
// Allocate buffer of needed size, big enough
OutSecBuff.cbBuffer = *pcbOut;
OutSecBuff.pvBuffer = pOut;
// Call with buffer of required size
secStatus = AcceptSecurityContext(&hcred,&hctxt, InBuffDesc,
attr,SECURITY_NATIVE_DREP,&hctxt,&OutBuffDesc,&attr,nullptr);
}
If I preallocate huge buffer, everything works fine.
I would like to dynamically allocate buffer of needed size.
SSAPI takes different approcah. When querying security package
QuerySecurityPackageInfo, max size of output buffer is returned in fieldcbMaxToken. You allocate buffer once and you can be assured that buffer size will be enough for all requests.