Misplaced Pages

Security Support Provider Interface

Article snapshot taken from Wikipedia with creative commons attribution-sharealike license. Give it a read and then ask your questions in the chat. We can research this topic together.

Security Support Provider Interface ( SSPI ) is a component of Windows API that performs security-related operations such as authentication .

#122877

57-525: SSPI functions as a common interface to several Security Support Providers (SSPs): A Security Support Provider is a dynamic-link library (DLL) that makes one or more security packages available to apps. The following SSPs are included in Windows: SSPI is a proprietary variant of Generic Security Services Application Program Interface (GSSAPI) with extensions and very Windows-specific data types. It shipped with Windows NT 3.51 and Windows 95 with

114-480: A binary search can be used to find a function. The index of the found name is then used to look up the ordinal in the Export Ordinal table. In 16-bit Windows, the name table was not sorted, so the name lookup overhead was much more noticeable. It is also possible to bind an executable to a specific version of a DLL, that is, to resolve the addresses of imported functions at compile-time. For bound imports,

171-434: A memory cell or other logical or physical entity. For software programs to save and retrieve stored data, each datum must have an address where it can be located. The number of address spaces available depends on the underlying address structure, which is usually limited by the computer architecture being used. Often an address space in a system with virtual memory corresponds to a highest level translation table, e.g.,

228-465: A segment table in IBM System/370 . Address spaces are created by combining enough uniquely identified qualifiers to make an address unambiguous within the address space. For a person's physical address, the address space would be a combination of locations, such as a neighborhood, town, city, or country. Some elements of a data address space may be the same, but if any element in the address

285-537: A .DRV extension that provided custom implementations of the same drawing API through a unified device driver interface (DDI), and the Drawing (GDI) and GUI (USER) APIs were merely the function calls exported by the GDI and USER, system DLLs with .EXE extension. This notion of building up the operating system from a collection of dynamically loaded libraries is a core concept of Windows that persists as of 2015 . DLLs provide

342-489: A DLL at compile-time. Delphi C 'Example.lib' file must be included (assuming that Example.dll is generated) in the project before static linking. The file 'Example.lib' is automatically generated by the compiler when compiling the DLL. Not executing the above statement would cause linking error as the linker would not know where to find the definition of AddNumbers . The DLL file 'Example.dll' may also have to be copied to

399-437: A DLL is more lightweight and allows them to share resources with the client process. This allows COM objects to implement powerful back-ends to simple GUI front ends such as Visual Basic and ASP. They can also be programmed from scripting languages. Address space In computing , an address space defines a range of discrete addresses, each of which may correspond to a network host , peripheral device , disk sector ,

456-406: A DLL is usually shared among all the processes that use the DLL; that is, they occupy a single place in physical memory, and do not take up space in the page file . Windows does not use position-independent code for its DLLs; instead, the code undergoes relocation as it is loaded, fixing addresses for all its entry points at locations which are free in the memory space of the first process to load

513-412: A DLL runs in the memory space of the calling process and with the same access permissions, which means there is little overhead in their use, but also that there is no protection for the calling program if the DLL has any sort of bug. The DLL technology allows for an application to be modified without requiring consuming components to be re-compiled or re-linked. A DLL can be replaced so that the next time

570-466: A GSS-API server on Unix depending on the specific circumstances. One significant shortcoming of SSPI is its lack of channel bindings , which makes some GSSAPI interoperability impossible. Another fundamental difference between the IETF -defined GSSAPI and Microsoft's SSPI is the concept of " impersonation ". In this model, a server can operate with the full privileges of the authenticated client, so that

627-548: A legacy (16-bit) device driver . A DLL that contains only resources can be called a resource DLL . Examples include the icon library , sometimes having extension .icl , and font library having extensions .fon and .fot . The file format of a DLL is the same as for an executable (a.k.a. EXE ), but different versions of Windows use different formats. 32-bit and 64-bit Windows versions use Portable Executable (PE), and 16-bit Windows versions use New Executable (NE). The main difference between DLL and EXE

SECTION 10

#1732802493123

684-673: A process running under a guest account can in this way corrupt another process running under a privileged account. This is an important reason to avoid the use of shared sections in DLLs. If a DLL is compressed by certain executable packers (e.g. UPX ), all of its code sections are marked as read and write, and will be unshared. Read-and-write code sections, much like private data sections, are private to each process. Thus DLLs with shared data sections should not be compressed if they are intended to be used simultaneously by multiple programs, since each program instance would have to carry its own copy of

741-545: A run-time error if the DLL file cannot be found. The developer can catch the error and handle it appropriately. When creating DLLs in VB, the IDE will only allow creation of ActiveX DLLs, however methods have been created to allow the user to explicitly tell the linker to include a .DEF file which defines the ordinal position and name of each exported function. This allows the user to create

798-477: A single address space . Every program was meant to co-operate by yielding the CPU to other programs so that the graphical user interface (GUI) could multitask and be maximally responsive. All operating-system level operations were provided by the underlying operating system: MS-DOS . All higher-level services were provided by Windows Libraries "Dynamic Link Library". The Drawing API , Graphics Device Interface (GDI),

855-452: A standard Windows DLL using Visual Basic (Version 6 or lower) which can be referenced through a "Declare" statement. Microsoft Visual C++ (MSVC) provides several extensions to standard C++ which allow functions to be specified as imported or exported directly in the C++ code; these have been adopted by other Windows C and C++ compilers, including Windows versions of GCC . These extensions use

912-468: Is a shared library in the Microsoft Windows or OS/2 operating system . A DLL can contain executable code (functions), data , and resources , in any combination. A DLL file often has file extension .dll , but can have any file extension. Developers can choose to use a file extension that describes the content of the file such as .ocx for ActiveX controls and .drv for

969-406: Is called. If the DLL cannot be found or loaded, or the called function does not exist, the application will generate an exception , which may be caught and handled appropriately. If the application does not handle the exception, it will be caught by the operating system, which will terminate the program with an error message. The delayed loading mechanism also provides notification hooks , allowing

1026-419: Is common for internal functions to be exported by ordinal only. For most Windows API functions only the names are preserved across different Windows releases; the ordinals are subject to change. Thus, one cannot reliably import Windows API functions by their ordinals. Importing functions by ordinal provides only slightly better performance than importing them by name: export tables of DLLs are ordered by name, so

1083-457: Is decreasing. DLL files may be explicitly loaded at run-time, a process referred to simply as run-time dynamic linking by Microsoft, by using the LoadLibrary (or LoadLibraryEx ) API function. The GetProcAddress API function is used to look up exported symbols by name, and FreeLibrary – to unload the DLL. These functions are analogous to dlopen , dlsym , and dlclose in

1140-476: Is different, addresses in said space will reference different entities. For example, there could be multiple buildings at the same address of "32 Main Street" but in different towns, demonstrating that different towns have different, although similarly arranged, street address spaces. An address space usually provides (or allows) a partitioning to several regions according to the mathematical structure it has. In

1197-541: Is faster to link to the DLL directly. An experimental tool in MinGW called genlib can be used to generate import libs with MSVC-style symbols. Each function exported by a DLL is identified by a numeric ordinal and optionally a name. Likewise, functions can be imported from a DLL either by ordinal or by name. The ordinal represents the position of the function's address pointer in the DLL Export Address table. It

SECTION 20

#1732802493123

1254-455: Is much smaller as it only contains symbols referring to the actual DLL, to be processed at link-time. Both nevertheless are Unix ar format files. Linking to dynamic libraries is usually handled by linking to an import library when building or linking to create an executable file. The created executable then contains an import address table (IAT) by which all DLL function calls are referenced (each referenced DLL function contains its own entry in

1311-402: Is processed by the linker, rather than the compiler, and thus it is not specific to C++. DLL compilation will produce both DLL and LIB files. The LIB file (import library) is used to link against a DLL at compile-time; it is not necessary for run-time linking. Unless the DLL is a Component Object Model (COM) server, the DLL file must be placed in one of the directories listed in

1368-415: Is that a DLL cannot be run directly since the operating system requires an entry point to start execution. Windows provides a utility program (RUNDLL.EXE/RUNDLL32.EXE) to execute a function exposed by a DLL. Since they have the same format, an EXE can be used as a DLL. Consuming code can load an EXE via the same mechanism as loading a DLL. The first versions of Microsoft Windows ran programs together in

1425-411: Is used in the function declaration to signal the DLL name, followed by name to name the symbol (if different) or index to identify the index. In Visual Basic (VB), only run-time linking is supported; but in addition to using LoadLibrary and GetProcAddress API functions, declarations of imported functions are allowed. When importing DLL functions through declarations, VB will generate

1482-586: The NTLMSSP . For Windows 2000, an implementation of Kerberos 5 was added, using token formats conforming to the official protocol standard RFC 1964 (The Kerberos 5 GSSAPI mechanism) and providing wire-level interoperability with Kerberos 5 implementations from other vendors. The tokens generated and accepted by the SSPI are mostly compatible with the GSS-API so an SSPI client on Windows may be able to authenticate with

1539-510: The POSIX standard API. The procedure for explicit run-time linking is the same in any language that supports pointers to functions , since it depends on the Windows API rather than language constructs. Normally, an application that is linked against a DLL’s import library will fail to start if the DLL cannot be found, because Windows will not run the application unless it can find all of

1596-458: The Windows shell to load different Windows programs, and for these programs to invoke API calls from the shared USER and GDI libraries. That concept was "dynamic linking". In a conventional non-shared static library , sections of code are simply added to the calling program when its executable is built at the "linking" phase; if two programs call the same routine, the routine is included in both

1653-460: The linker saves the timestamp and checksum of the DLL to which the import is bound. At run-time, Windows checks to see if the same version of library is being used, and if so, Windows bypasses processing the imports. Otherwise, if the library is different from the one which was bound to, Windows processes the imports in a normal way. Bound executables load somewhat faster if they are run in the same environment that they were compiled for, and exactly

1710-428: The DLL's code. If some programs (or their combination of already-loaded DLLs) do not have those addresses free, then an additional physical copy of the DLL's code will need to be created, using a different set of relocated entry points. If the physical memory occupied by a code section is to be reclaimed, its contents are discarded, and later reloaded directly from the DLL file as necessary. In contrast to code sections,

1767-407: The DLL, resulting in increased memory consumption. Like static libraries, import libraries for DLLs are noted by the .lib file extension. For example, kernel32.dll , the primary dynamic library for Windows's base functions such as file creation and memory management, is linked via kernel32.lib . The usual way to tell an import library from a proper static library is by size: the import library

Security Support Provider Interface - Misplaced Pages Continue

1824-431: The DLL. In older versions of Windows, in which all running processes occupied a single common address space, a single copy of the DLL's code would always be sufficient for all the processes. However, in newer versions of Windows which use separate address spaces for each program, it is only possible to use the same relocated copy of the DLL in multiple programs if each program has the same virtual addresses free to accommodate

1881-427: The DLLs that the application may need. However an application may be linked against an import library to allow delayed loading of the dynamic library. In this case, the operating system will not try to find or load the DLL when the application starts; instead, a stub is included in the application by the linker which will try to find and load the DLL through LoadLibrary and GetProcAddress when one of its functions

1938-721: The IAT). At run-time, the IAT is filled with appropriate addresses that point directly to a function in the separately loaded DLL. In Cygwin/MSYS and MinGW, import libraries are conventionally given the suffix .dll.a , combining both the Windows DLL suffix and the Unix ar suffix. The file format is similar, but the symbols used to mark the imports are different ( _head_foo_dll vs __IMPORT_DESCRIPTOR_foo ). Although its GNU Binutils toolchain can generate import libraries and link to them, it

1995-651: The PATH environment variable, in the default system directory, or in the same directory as the program using it. COM server DLLs are registered using regsvr32.exe, which places the DLL's location and its globally unique ID ( GUID ) in the registry. Programs can then use the DLL by looking up its GUID in the registry to find its location or create an instance of the COM object indirectly using its class identifier and interface identifier. The following examples show how to use language-specific bindings to import symbols for linking against

2052-491: The application itself. This concept of dynamic extensibility is taken to the extreme with the Component Object Model , the underpinnings of ActiveX . In Windows 1.x, 2.x and 3.x, all Windows applications shared the same address space as well as the same memory. A DLL was only loaded once into this address space; from then on, all programs using the library accessed it. The library's data was shared across all

2109-541: The application runs it uses the new DLL version. To work correctly, the DLL changes must maintain backward compatibility . Even the operating system can be upgraded since it is exposed to the applications via DLLs. System DLLs can be replaced so that the next time the applications run, they use the new system DLLs. In Windows API , DLL files are organized into sections . Each section has its own set of attributes, such as being writable or read-only, executable (for code) or non-executable (for data), and so on. The code in

2166-402: The application to perform additional processing or error handling when the DLL is loaded and/or any DLL function is called. In a source file, the keyword library is used instead of program . At the end of the file, the functions to be exported are listed in exports clause. Delphi does not need LIB files to import functions from DLLs; to link to a DLL, the external keyword

2223-517: The attribute __declspec before a function declaration. Note that when C functions are accessed from C++, they must also be declared as extern "C" in C++ code, to inform the compiler that the C linkage should be used. Besides specifying imported or exported functions using __declspec attributes, they may be listed in IMPORT or EXPORTS section of the DEF file used by the project. The DEF file

2280-639: The case of total order , as for memory addresses , these are simply chunks . Like the hierarchical design of postal addresses , some nested domain hierarchies appear as a directed ordered tree , such as with the Domain Name System or a directory structure . In the Internet , the Internet Assigned Numbers Authority (IANA) allocates ranges of IP addresses to various registries so each can manage their parts of

2337-404: The checksum of the executable, so it is not something that can be done with signed programs, or programs that are managed by a configuration management tool that uses checksums (such as MD5 checksums) to manage file versions. As more recent Windows versions have moved away from having fixed addresses for every loaded library (for security reasons), the opportunity and value of binding an executable

Security Support Provider Interface - Misplaced Pages Continue

2394-411: The current working directory from the DLL search path. The Python ctypes binding will use POSIX API on POSIX systems. The Component Object Model (COM) defines a binary standard to host the implementation of objects in DLL and EXE files. It provides mechanisms to locate and version those files as well as a language-independent and machine-readable description of the interface. Hosting COM objects in

2451-413: The current working directory is looked up before the system library directories), and thus to a malicious version of the library. See the reference for Microsoft's guidance on safe library loading: one should use SetDefaultDllDirectories in kernel32 to remove both the application directory and the current working directory from the DLL search path, or use SetDllDirectoryW in kernel32 to remove

2508-487: The data sections of a DLL are usually private; that is, each process using the DLL has its own copy of all the DLL's data. Optionally, data sections can be made shared, allowing inter-process communication via this shared memory area. However, because user restrictions do not apply to the use of shared DLL memory, this creates a security hole ; namely, one process can corrupt the shared data, which will likely cause all other sharing processes to behave undesirably. For example,

2565-459: The edge of different IP spaces, such as a local area network and the Internet. An iconic example of virtual-to-physical address translation is virtual memory , where different pages of virtual address space map either to page file or to main memory physical address space. It is possible that several numerically different virtual addresses all refer to one physical address and hence to

2622-761: The frame buffer. When drawing to a printer, the API calls had to be transformed into requests to a printer. Although it could have been possible to provide hard-coded support for a limited set of devices (like the Color Graphics Adapter display, the HP LaserJet Printer Command Language ), Microsoft chose a different approach. GDI would work by loading different pieces of code, called " device drivers ", to work with different output devices. The same architectural concept that allowed GDI to load different device drivers also allowed

2679-502: The global Internet address space. Uses of addresses include, but are not limited to the following: Another common feature of address spaces are mappings and translations , often forming numerous layers. This usually means that some higher-level address must be translated to lower-level ones in some way. For example, a file system on a logical disk operates using linear sector numbers, which have to be translated to absolute LBA sector addresses, in simple cases, via addition of

2736-536: The impersonation concept are prevented in Windows Vista by restricting impersonation to selected service accounts. Impersonation can be implemented in a Unix/Linux model using the seteuid or related system calls. While this means an unprivileged process cannot elevate its privileges, it also means that to take advantage of impersonation the process must run in the context of the root user account . Dynamic-link library A dynamic-link library ( DLL )

2793-649: The location where the .exe file would be generated by the following code: The following examples show how to use the run-time loading and linking facilities using language-specific Windows API bindings. Note that all of the four samples are vulnerable to DLL preloading attacks , since example.dll can be resolved to a place unintended by the author (unless explicitly excluded the application directory goes before system library locations, and without HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\SafeDllSearchMode or HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\CWDIllegalInDLLSearch

2850-462: The operating system performs all access control checks, e.g. when opening new files. Whether these are less privileges or more privileges than that of the original service account depends entirely on the client. In the traditional (GSSAPI) model, when a server runs under a service account, it cannot elevate its privileges, and has to perform access control in a client-specific and application-specific fashion. The obvious negative security implications of

2907-645: The partition's first sector address. Then, for a disk drive connected via Parallel ATA , each of them must be converted to logical cylinder-head-sector address due to the interface historical shortcomings. It is converted back to LBA by the disk controller , then, finally, to physical cylinder , head and sector numbers. The Domain Name System maps its names to and from network-specific addresses (usually IP addresses), which in turn may be mapped to link layer network addresses via Address Resolution Protocol . Network address translation may also occur on

SECTION 50

#1732802493123

2964-573: The performance of the Pentium Pro microprocessor when launched, and ultimately limited the stability and scalability of the DOS-based versions of Windows. Although the DLL technology is core to the Windows architecture, it has drawbacks. DLL hell describes the bad behavior of an application when the wrong version of a DLL is consumed. Mitigation strategies include: The executable code of

3021-515: The programs during the linking stage of the two. With dynamic linking, shared code is placed into a single, separate file. The programs that call this file are connected to it at run time, with the operating system (or, in the case of early versions of Windows, the OS-extension), performing the binding. For those early versions of Windows (1.0 to 3.11), the DLLs were the foundation for the entire GUI. As such, display drivers were merely DLLs with

3078-487: The programs. This could be used as an indirect form of inter-process communication , or it could accidentally corrupt the different programs. With the introduction of 32-bit libraries in Windows 95 , every process ran in its own address space. While the DLL code may be shared, the data is private except where shared data is explicitly requested by the library. That said, large swathes of Windows 95 , Windows 98 and Windows Me were built from 16-bit libraries, which limited

3135-427: The same time if they are run in a different environment, so there is no drawback for binding the imports. For example, all the standard Windows applications are bound to the system DLLs of their respective Windows release. A good opportunity to bind an application's imports to its target environment is during the application's installation. This keeps the libraries "bound" until the next OS update. It does, however, change

3192-488: The standard benefits of shared libraries , such as modularity . Modularity allows changes to be made to code and data in a single self-contained DLL shared by several applications without any change to the applications themselves. Another benefit of modularity is the use of generic interfaces for plug-ins. A single interface may be developed which allows old as well as new modules to be integrated seamlessly at run-time into pre-existing applications, without any modification to

3249-490: Was implemented in a DLL called GDI.EXE , the user interface in USER.EXE . These extra layers on top of DOS had to be shared across all running Windows programs, not just to enable Windows to work in a machine with less than a megabyte of RAM, but to enable the programs to co-operate with each other. The code in GDI needed to translate drawing commands to operations on specific devices. On the display, it had to manipulate pixels in

#122877