IIS's ISAPI interface introduction
The ISAPI (Internet Server Application Programming Interface) is an API standard that can be used to replace CGIs, which is the API standard on the web server proposed by Microsoft and Process Software. ISAPI is combined with a web server, powerful, and can obtain a lot of information, so it can develop a flexible and efficient web server enhancement program using ISAPI. Due to the ISAPI program and the Web server, it has a certain research value in terms of security. This article mainly discusses the implementation of ISAPI in IIS and VC 6.0. ISAPI interface and the CGI interface. The ISAPI program and the CGI program complete a similar feature, but the implementation method is different. 1. The ISAPI program is loaded into its own process space in DLL, so the same address space is shared with the server, and can uninstall it from memory when there is no customer request; each of the clients Request for the CGI program requires a server to start a process separately, which takes a lot of time and memory. When the number of concurrency requests is large, the use of CGI is not as efficient as ISAPI. 2, the CGI program communicates with the web server via the environment block and standard input, and the ISAPI program is more closely coupled, and the server sharing the same process context, mainly through a parameter block and the server, can be from the server there Get a lot of information about the current HTTP connection. ISAPI is mainly divided into ISA and ISAPI Filter. The ISA method is relatively traditional, using some special links, pointing to the server's job, for procedure developers design some extension features; the ISAPI filter tends to construct a module that the server is directly called, providing a seamless link component Used to monitor HTTP requests directly from the server. Second, ISA ISA (Internet Server Application) can also be referred to as ISAPI DLL, its functionality and CGI program functionality directly, using methods and CGIs are similar, and the client specifies its name in the URL. For example, the following request will call the function.dll under the virtual executable scripts of the server (ISAPI DLL must be placed in the server's virtual executable): http://www.abc.com/scripts/function.dll? ISA There are two main interfaces between the servers: getExtentionVersion () and httpextionproc (). Any ISA must define these two extraction functions in the extraction table of its PE file header for the web server to call when appropriate. 1. When the server just loads ISA, it calls the getExtentionVersion () provided by ISA to get the version of the server required to be required and compared to its own version to ensure that the version is compatible. The following function prototype: BOOL WINAPI GetExtentionVersion (HSE_VERSION_INFO * version); typedef struct _HSE_VERSION_INFO 2, the ISA true entry; {DWORD dwExtensionVersion; // version number CHAR lpszExtensionDesc [HSE_MAX_EXT_DLL_NAME_LEN]; // string description of the ISA} HSE_VERSION_INFO, * LPHSE_VERSION_INFO Yes httpextionProc (), which is equivalent to the main () function of the normal C program, in which different processes are processed according to different customer requests.
Server and HTTPEXTENTIONPROC () are communicated by Extension Control Block, that is, the ECB is stored in port parameters and export parameters, including the entry address of several callback functions provided by the server. The following function prototype: DWORD HttpExtensionProc (EXTENSION_CONTROL_BLOCK * pECB); ECB structure is defined as follows (IN parameter indicates the inlet, outlet OUT indicates parameters): typedef struct _EXTENSION_CONTROL_BLOCK {DWORD cbSize; // IN, the size of this structure, a read-only DWORD dwVersion / / In, version number, high 16 bits of the main version number, low 16 bits are secondary version number hconn connid; // in, connect handles, by server allocation, ISA can only read this value dWord dwhttpstatuscode; // out, current Completed transaction status char lpszlogdata [hse_log_buffer_len]; // OUT, you need to write content in the log file LPSTR LPSZMETHOD; // IN, equivalent to the environment variable of CGI Request_Method LPSTR LPSZQUERYSTRING; // IN, equivalent to environment variables Query_String LPSTR LPSZPATHINFO; // IN, equivalent to environmental variable Path_info lpstr lpszpathtranslated; // in, equivalent to environment variable Path_Translated DWORD CBTOTES; // IN, equivalent to environmental variables Content_length DWord Cbavailable; // in, buffer The available bytes LPBYTE LPBDATA; // IN, the buffer pointer, points to the client's data LPSTR LPSZCONTENTTYPE; // IN, equivalent to the environment variable content_type // callback function, used to return to the server connection information or specific the details of the server BOOL (WINAPI * GetServerVariable) (HCONN hConn, LPSTR lpszVariableName, LPVOID lpvBuffer, LPDWORD lpdwSize); BOOL (WINAPI * WriteClient) // callback function reads data (HCONN ConnID, LPVOID Buffer HTTP request from the client , LPDWORD LPDWBYTES, DWORD DWRESERVED); BOOL (Win API * READCLIENT // Tune function, send data to the client (HCONN CONNID, LPVOID LPVBUFFER, LPDWORD LPDWSID); BOOL (WinAPI * ServerSupportFunction) // callback function, access server's general and specific features (HCONN HCONN, DWORD DWHSERREQUEST, LPVOID LPVBUFFER, LPDWORD LPDWSIZE, LPDWORD LPDWDATATYPE);} extension_control_block, * lpextension_control_block; in the above ECB, the server not only provides the current HTTP connection handle and some variables, but also provides 4 callback functions to ISA calls, so that ISA can get More detailed information.
Third, ISAPI FILTER ISAPI Filter is located between the server and the client, can preach and post-processing on the communication between the server and the client, such as encrypting / decrypting communication, providing new ways to authenticate customers, Custom logging, etc., there is no part corresponding to the ISAPI Filter in the CGI. There are two interfaces between the ISAPI Filter and the server: getFilterverse () and httpfilterproc (). Any ISAPI Filter must lead these two functions for server calls. 1. The file name of all ISAPI Filter is stored in the following key values of the registry, and the IIS server gets the file name of the Filter from this key value when the IIS server starts. HKEY_LOCAL_MACHINE / SYSTEM / CurrentControlSet / Services / W3SVC / Parameters / FilterDLL 2, the server then calls each GetFilterVersion provided Filter () function, to obtain the version number, and the event processing Filter desired, i.e. informs the ISAPI Filter through lead GetFilterVersion () function The server you want to handle what type of event because ISAPI FILTER is activated by an event. When the event is met, the server calls the main function httpfilterProc () to process the event. GetFilterVersion () has the following prototype: BOOL WINAPI GetFilterVersion (DWORD dwServerFilterVersion; // IN, the server version specification DWORD dwFilterVersion used; // OUT, filters used version specification CHAR lpszFilterDesc [SF_MAX_FILTER_DESC_LEN 1]; // OUT, the Description of the filter DWORD DWFLAGS // OUT, events and priority flags); the value of events and priority flags DWFlasg explained in the MSDN, including the priority of the Filter, generally should generally use the default Low priority, otherwise it may have a great impact on the performance of the system. 3, httpfilterProc () is the main entrance function of ISAPI Filter, which makes different processing depending on the current event. The server interacts with the following parameter blocks and filters, and this parameter block is similar to the ECB in ISA.
Typedef struct _http_filter_context {dword CBSIZE; // IN, the size of this parameter DWord Revision; // in PVOID ServerContext; // in, use this parameter DWORD ULRESERVED; // IN, by Server Bool Fissecureport; / / In, whether the event occurs on the security port PVOID PFILTERCONTEXT; // IN / OUT, the context // callback function related to this request, obtain information about the server and this connection (WinAPI * getServerVariable) (Struct_http_filter_context * pfc, LPSTR lpszVariableName, LPVOID lpvBuffer, LPDWORD lpdwSize); BOOL (WINAPI * AddResponseHeaders) (// callback function to add a HTTP response header struct _HTTP_FILTER_CONTEXT * pfc, LPSTR lpszHeaders, DWORD dwReserved); BOOL (WINAPI * WriteClient) ( // callback function, the original data will be sent to the client struct _HTTP_FILTER_CONTEXT * pfc, LPVOID Buffer, LPDWORD lpdwBytes, DWORD dwReserved);. VOID * (WINAPI * AllocMem) (// callback function, memory allocation struct _HTTP_FILTER_CONTEXT * pfc, DWORD cbSize , DWORD dwReserved); BOOL (WINAPI * ServerSupportFunction) (// callback function, general and specific access server functions struct _HTTP_FILTER_CONTEXT * pfc, enum SF_REQ_TYPE sfReq, PVOID pData, DWORD ul1, DWORD ul2);} HTTP_FILTER_CONTEXT, * PHTTP_FILTER_CONTEXT; four , VC 5 related classes are defined in ISAPI's support VC 6.0 in 6.0 to simplify the ISAPI programming: Chttpserver, ChttpserverContext, Chttpfilter, ChttpFilterContext, Chtmlstream, these 5 classes have no parent class. The chttpserver and chttpserverContext are primarily used to write ISA, ChttpFilter and ChttpFilterContext, which are used to write ISAPI filters, while ChtmlStream is used to operate HTML files in memory, providing services for other four classes. Chttpserver can only have an instance in each ISA, a chttpserver can correspond to multiple ChttpserverContext instances, each chttpserverContext processes a customer request, which can handle concurrent HTTP requests; the relationship between chttpfilter and chttpfilterContext is similar, in each There is only one chttpfilter instance in an Isapi Filter, but there are multiple ChttpFilterContext to process concurrent events. Chttpserver and ChttpFilter are independent classes that can be coepled in a DLL or in different DLLs, respectively.
An ISA can provide multiple commands, each command corresponds to a member function of Chttpserver (or its subclats), and the client can specify the command name and its parameters in the URL. This corresponds to the Parse Map in VC 6.0. PARSE MAP Similar to the Windows message distribution mechanism in the MFC, the processing of different commands can be implemented by using the VC supplied DECLARE_PARSE_MAP, Begin_PARSE_MAP, ON_PARSE_COMMAND, ON_PARSE_COMMAND_PARS, DEFAULT_PARSE_COMMAND_PARAMS, DEFAULT_PARSE_COMMAND, END_PARSE_MAP, etc. A PARSE MAP can only be created in each Chttpserver. When the client sent commands to the ISA, Parse Map can analyze the command name and its parameters in the HTTP request, and associate the command with the corresponding member function, that is, Member function processing the command.
Take the example program in MSDN as an example. In this example, there is a form below:
