Leaked source code of windows server 2003
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

688 lines
18 KiB

  1. /*++
  2. Copyright (c) 1997-1999 Microsoft Corporation
  3. Module Name:
  4. httpfilt.h
  5. Abstract:
  6. This module contains the Microsoft HTTP filter extension info
  7. Revision History:
  8. --*/
  9. #ifndef _HTTPFILT_H_
  10. #define _HTTPFILT_H_
  11. #ifdef __cplusplus
  12. extern "C" {
  13. #endif
  14. //
  15. // Define ULONG_PTR if necessary
  16. //
  17. #if !defined(__midl) && defined(_X86_) && _MSC_VER >= 1300
  18. #define _W64 __w64
  19. #else
  20. #define _W64
  21. #endif
  22. //
  23. // The INT_PTR is guaranteed to be the same size as a pointer. Its
  24. // size with change with pointer size (32/64). It should be used
  25. // anywhere that a pointer is cast to an integer type. UINT_PTR is
  26. // the unsigned variation.
  27. //
  28. // __int3264 is intrinsic to 64b MIDL but not to old MIDL or to C compiler.
  29. //
  30. #if ( 501 < __midl )
  31. typedef unsigned __int3264 ULONG_PTR, *PULONG_PTR;
  32. #else // midl64
  33. // old midl and C++ compiler
  34. #if defined(_WIN64)
  35. typedef unsigned __int64 ULONG_PTR, *PULONG_PTR;
  36. #else
  37. typedef _W64 unsigned long ULONG_PTR, *PULONG_PTR;
  38. #endif
  39. #endif // midl64
  40. //
  41. // Current version of the filter spec is 6.0
  42. //
  43. #define HTTP_FILTER_REVISION MAKELONG( 0, 6 )
  44. #define SF_MAX_USERNAME (256+1)
  45. #define SF_MAX_PASSWORD (256+1)
  46. #define SF_MAX_AUTH_TYPE (32+1)
  47. #define SF_MAX_FILTER_DESC_LEN (256+1)
  48. //
  49. // These values can be used with the pfnSFCallback function supplied in
  50. // the filter context structure
  51. //
  52. enum SF_REQ_TYPE
  53. {
  54. //
  55. // Sends a complete HTTP server response header including
  56. // the status, server version, message time and MIME version.
  57. //
  58. // Server extensions should append other information at the end,
  59. // such as Content-type, Content-length etc followed by an extra
  60. // '\r\n'.
  61. //
  62. // pData - Zero terminated string pointing to optional
  63. // status string (i.e., "401 Access Denied") or NULL for
  64. // the default response of "200 OK".
  65. //
  66. // ul1 - Zero terminated string pointing to optional data to be
  67. // appended and set with the header. If NULL, the header will
  68. // be terminated with an empty line.
  69. //
  70. SF_REQ_SEND_RESPONSE_HEADER,
  71. //
  72. // If the server denies the HTTP request, add the specified headers
  73. // to the server error response.
  74. //
  75. // This allows an authentication filter to advertise its services
  76. // w/o filtering every request. Generally the headers will be
  77. // WWW-Authenticate headers with custom authentication schemes but
  78. // no restriction is placed on what headers may be specified.
  79. //
  80. // pData - Zero terminated string pointing to one or more header lines
  81. // with terminating '\r\n'.
  82. //
  83. SF_REQ_ADD_HEADERS_ON_DENIAL,
  84. //
  85. // Only used by raw data filters that return SF_STATUS_READ_NEXT
  86. //
  87. // ul1 - size in bytes for the next read
  88. //
  89. SF_REQ_SET_NEXT_READ_SIZE,
  90. //
  91. // Used to indicate this request is a proxy request
  92. //
  93. // ul1 - The proxy flags to set
  94. // 0x00000001 - This is a HTTP proxy request
  95. //
  96. //
  97. SF_REQ_SET_PROXY_INFO,
  98. //
  99. // Returns the connection ID contained in the ConnID field of an
  100. // ISAPI Application's Extension Control Block. This value can be used
  101. // as a key to cooridinate shared data between Filters and Applications.
  102. //
  103. // pData - Pointer to DWORD that receives the connection ID.
  104. //
  105. SF_REQ_GET_CONNID,
  106. //
  107. // Used to set a SSPI security context + impersonation token
  108. // derived from a client certificate.
  109. //
  110. // pData - certificate info ( PHTTP_FILTER_CERTIFICATE_INFO )
  111. // ul1 - CtxtHandle*
  112. // ul2 - impersonation handle
  113. //
  114. SF_REQ_SET_CERTIFICATE_INFO,
  115. //
  116. // Used to get an IIS property
  117. // as defined in SF_PROPERTY_IIS
  118. //
  119. // ul1 - Property ID
  120. //
  121. SF_REQ_GET_PROPERTY,
  122. //
  123. // Used to normalize an URL
  124. //
  125. // pData - URL to normalize
  126. //
  127. SF_REQ_NORMALIZE_URL,
  128. //
  129. // Disable Notifications
  130. //
  131. // ul1 - notifications to disable
  132. //
  133. SF_REQ_DISABLE_NOTIFICATIONS,
  134. } ;
  135. enum SF_PROPERTY_IIS
  136. {
  137. SF_PROPERTY_SSL_CTXT,
  138. SF_PROPERTY_INSTANCE_NUM_ID
  139. } ;
  140. //
  141. // These values are returned by the filter entry point when a new request is
  142. // received indicating their interest in this particular request
  143. //
  144. enum SF_STATUS_TYPE
  145. {
  146. //
  147. // The filter has handled the HTTP request. The server should disconnect
  148. // the session.
  149. //
  150. SF_STATUS_REQ_FINISHED = 0x8000000,
  151. //
  152. // Same as SF_STATUS_FINISHED except the server should keep the TCP
  153. // session open if the option was negotiated
  154. //
  155. SF_STATUS_REQ_FINISHED_KEEP_CONN,
  156. //
  157. // The next filter in the notification chain should be called
  158. //
  159. SF_STATUS_REQ_NEXT_NOTIFICATION,
  160. //
  161. // This filter handled the notification. No other handles should be
  162. // called for this particular notification type
  163. //
  164. SF_STATUS_REQ_HANDLED_NOTIFICATION,
  165. //
  166. // An error occurred. The server should use GetLastError() and indicate
  167. // the error to the client
  168. //
  169. SF_STATUS_REQ_ERROR,
  170. //
  171. // The filter is an opaque stream filter and we're negotiating the
  172. // session parameters. Only valid for raw read notification.
  173. //
  174. SF_STATUS_REQ_READ_NEXT
  175. };
  176. //
  177. // pvNotification points to this structure for all request notification types
  178. //
  179. typedef struct _HTTP_FILTER_CONTEXT
  180. {
  181. DWORD cbSize;
  182. //
  183. // This is the structure revision level.
  184. //
  185. DWORD Revision;
  186. //
  187. // Private context information for the server.
  188. //
  189. PVOID ServerContext;
  190. DWORD ulReserved;
  191. //
  192. // TRUE if this request is coming over a secure port
  193. //
  194. BOOL fIsSecurePort;
  195. //
  196. // A context that can be used by the filter
  197. //
  198. PVOID pFilterContext;
  199. //
  200. // Server callbacks
  201. //
  202. BOOL (WINAPI * GetServerVariable) (
  203. struct _HTTP_FILTER_CONTEXT * pfc,
  204. LPSTR lpszVariableName,
  205. LPVOID lpvBuffer,
  206. LPDWORD lpdwSize
  207. );
  208. BOOL (WINAPI * AddResponseHeaders) (
  209. struct _HTTP_FILTER_CONTEXT * pfc,
  210. LPSTR lpszHeaders,
  211. DWORD dwReserved
  212. );
  213. BOOL (WINAPI * WriteClient) (
  214. struct _HTTP_FILTER_CONTEXT * pfc,
  215. LPVOID Buffer,
  216. LPDWORD lpdwBytes,
  217. DWORD dwReserved
  218. );
  219. VOID * (WINAPI * AllocMem) (
  220. struct _HTTP_FILTER_CONTEXT * pfc,
  221. DWORD cbSize,
  222. DWORD dwReserved
  223. );
  224. BOOL (WINAPI * ServerSupportFunction) (
  225. struct _HTTP_FILTER_CONTEXT * pfc,
  226. enum SF_REQ_TYPE sfReq,
  227. PVOID pData,
  228. ULONG_PTR ul1,
  229. ULONG_PTR ul2
  230. );
  231. } HTTP_FILTER_CONTEXT, *PHTTP_FILTER_CONTEXT;
  232. //
  233. // This structure is the notification info for the read and send raw data
  234. // notification types
  235. //
  236. typedef struct _HTTP_FILTER_RAW_DATA
  237. {
  238. //
  239. // This is a pointer to the data for the filter to process.
  240. //
  241. PVOID pvInData;
  242. DWORD cbInData; // Number of valid data bytes
  243. DWORD cbInBuffer; // Total size of buffer
  244. DWORD dwReserved;
  245. } HTTP_FILTER_RAW_DATA, *PHTTP_FILTER_RAW_DATA;
  246. //
  247. // This structure is the notification info for when the server is about to
  248. // process the client headers
  249. //
  250. typedef struct _HTTP_FILTER_PREPROC_HEADERS
  251. {
  252. //
  253. // For SF_NOTIFY_PREPROC_HEADERS, retrieves the specified header value.
  254. // Header names should include the trailing ':'. The special values
  255. // 'method', 'url' and 'version' can be used to retrieve the individual
  256. // portions of the request line
  257. //
  258. BOOL (WINAPI * GetHeader) (
  259. struct _HTTP_FILTER_CONTEXT * pfc,
  260. LPSTR lpszName,
  261. LPVOID lpvBuffer,
  262. LPDWORD lpdwSize
  263. );
  264. //
  265. // Replaces this header value to the specified value. To delete a header,
  266. // specified a value of '\0'.
  267. //
  268. BOOL (WINAPI * SetHeader) (
  269. struct _HTTP_FILTER_CONTEXT * pfc,
  270. LPSTR lpszName,
  271. LPSTR lpszValue
  272. );
  273. //
  274. // Adds the specified header and value
  275. //
  276. BOOL (WINAPI * AddHeader) (
  277. struct _HTTP_FILTER_CONTEXT * pfc,
  278. LPSTR lpszName,
  279. LPSTR lpszValue
  280. );
  281. DWORD HttpStatus; // New in 4.0, status for SEND_RESPONSE
  282. DWORD dwReserved; // New in 4.0
  283. } HTTP_FILTER_PREPROC_HEADERS, *PHTTP_FILTER_PREPROC_HEADERS;
  284. typedef HTTP_FILTER_PREPROC_HEADERS HTTP_FILTER_SEND_RESPONSE;
  285. typedef HTTP_FILTER_PREPROC_HEADERS *PHTTP_FILTER_SEND_RESPONSE;
  286. //
  287. // Authentication information for this request.
  288. //
  289. typedef struct _HTTP_FILTER_AUTHENT
  290. {
  291. //
  292. // Pointer to username and password, empty strings for the anonymous user
  293. //
  294. // Client's can overwrite these buffers which are guaranteed to be at
  295. // least SF_MAX_USERNAME and SF_MAX_PASSWORD bytes large.
  296. //
  297. CHAR * pszUser;
  298. DWORD cbUserBuff;
  299. CHAR * pszPassword;
  300. DWORD cbPasswordBuff;
  301. } HTTP_FILTER_AUTHENT, *PHTTP_FILTER_AUTHENT;
  302. //
  303. // Indicates the server is going to use the specific physical mapping for
  304. // the specified URL. Filters can modify the physical path in place.
  305. //
  306. typedef struct _HTTP_FILTER_URL_MAP
  307. {
  308. const CHAR * pszURL;
  309. CHAR * pszPhysicalPath;
  310. DWORD cbPathBuff;
  311. } HTTP_FILTER_URL_MAP, *PHTTP_FILTER_URL_MAP;
  312. //
  313. // Indicates the server is going to use the specific physical mapping for
  314. // the specified URL. Filters can modify the physical path in place.
  315. //
  316. // Additional members beyond those from HTTP_FILTER_URL_MAP are
  317. // informational.
  318. //
  319. typedef struct _HTTP_FILTER_URL_MAP_EX
  320. {
  321. const CHAR * pszURL;
  322. CHAR * pszPhysicalPath;
  323. DWORD cbPathBuff;
  324. //
  325. // The AccessPerm metabase property that applies to this URL
  326. //
  327. DWORD dwFlags;
  328. //
  329. // Number of matching characters in physical path corresponding
  330. // to the metabase node that applies.
  331. //
  332. DWORD cchMatchingPath;
  333. //
  334. // Number of matching characters in the URL corresponding
  335. // to the metabase node that applies.
  336. //
  337. DWORD cchMatchingURL;
  338. //
  339. // The physical path of the dll or exe that to which this
  340. // URL is script mapped. This member will be NULL if no
  341. // script map applies.
  342. //
  343. const CHAR * pszScriptMapEntry;
  344. } HTTP_FILTER_URL_MAP_EX, *PHTTP_FILTER_URL_MAP_EX;
  345. //
  346. // Bitfield indicating the requested resource has been denied by the server due
  347. // to a logon failure, an ACL on a resource, an ISAPI Filter or an
  348. // ISAPI Application/CGI Application.
  349. //
  350. // SF_DENIED_BY_CONFIG can appear with SF_DENIED_LOGON if the server
  351. // configuration did not allow the user to logon.
  352. //
  353. #define SF_DENIED_LOGON 0x00000001
  354. #define SF_DENIED_RESOURCE 0x00000002
  355. #define SF_DENIED_FILTER 0x00000004
  356. #define SF_DENIED_APPLICATION 0x00000008
  357. #define SF_DENIED_BY_CONFIG 0x00010000
  358. typedef struct _HTTP_FILTER_ACCESS_DENIED
  359. {
  360. const CHAR * pszURL; // Requesting URL
  361. const CHAR * pszPhysicalPath; // Physical path of resource
  362. DWORD dwReason; // Bitfield of SF_DENIED flags
  363. } HTTP_FILTER_ACCESS_DENIED, *PHTTP_FILTER_ACCESS_DENIED;
  364. //
  365. // The log information about to be written to the server log file. The
  366. // string pointers can be replaced but the memory must remain valid until
  367. // the next notification
  368. //
  369. typedef struct _HTTP_FILTER_LOG
  370. {
  371. const CHAR * pszClientHostName;
  372. const CHAR * pszClientUserName;
  373. const CHAR * pszServerName;
  374. const CHAR * pszOperation;
  375. const CHAR * pszTarget;
  376. const CHAR * pszParameters;
  377. DWORD dwHttpStatus;
  378. DWORD dwWin32Status;
  379. DWORD dwBytesSent; // IIS 4.0 and later
  380. DWORD dwBytesRecvd; // IIS 4.0 and later
  381. DWORD msTimeForProcessing; // IIS 4.0 and later
  382. } HTTP_FILTER_LOG, *PHTTP_FILTER_LOG;
  383. //
  384. // Called once the client request has been authenticated.
  385. //
  386. typedef struct _HTTP_FILTER_AUTH_COMPLETE_INFO
  387. {
  388. //
  389. // For SF_NOTIFY_AUTH_COMPLETE, retrieves the specified header value.
  390. // Header names should include the trailing ':'. The special values
  391. // 'method', 'url' and 'version' can be used to retrieve the individual
  392. // portions of the request line
  393. //
  394. BOOL (WINAPI * GetHeader) (
  395. struct _HTTP_FILTER_CONTEXT * pfc,
  396. LPSTR lpszName,
  397. LPVOID lpvBuffer,
  398. LPDWORD lpdwSize
  399. );
  400. //
  401. // Replaces this header value to the specified value. To delete a header,
  402. // specified a value of '\0'.
  403. //
  404. BOOL (WINAPI * SetHeader) (
  405. struct _HTTP_FILTER_CONTEXT * pfc,
  406. LPSTR lpszName,
  407. LPSTR lpszValue
  408. );
  409. //
  410. // Adds the specified header and value
  411. //
  412. BOOL (WINAPI * AddHeader) (
  413. struct _HTTP_FILTER_CONTEXT * pfc,
  414. LPSTR lpszName,
  415. LPSTR lpszValue
  416. );
  417. //
  418. // Get the authenticated user impersonation token
  419. //
  420. BOOL (WINAPI * GetUserToken) (
  421. struct _HTTP_FILTER_CONTEXT * pfc,
  422. HANDLE * phToken
  423. );
  424. //
  425. // Status code to use when sending response
  426. //
  427. DWORD HttpStatus;
  428. //
  429. // Determines whether to reset auth if URL changed
  430. //
  431. BOOL fResetAuth;
  432. //
  433. // Reserved
  434. //
  435. DWORD dwReserved;
  436. } HTTP_FILTER_AUTH_COMPLETE_INFO, *PHTTP_FILTER_AUTH_COMPLETE_INFO;
  437. //
  438. // Notification Flags
  439. //
  440. // SF_NOTIFY_SECURE_PORT
  441. // SF_NOTIFY_NONSECURE_PORT
  442. //
  443. // Indicates whether the application wants to be notified for transactions
  444. // that are happenning on the server port(s) that support data encryption
  445. // (such as PCT and SSL), on only the non-secure port(s) or both.
  446. //
  447. // SF_NOTIFY_READ_RAW_DATA
  448. //
  449. // Applications are notified after the server reads a block of memory
  450. // from the client but before the server does any processing on the
  451. // block. The data block may contain HTTP headers and entity data.
  452. //
  453. //
  454. //
  455. #define SF_NOTIFY_SECURE_PORT 0x00000001
  456. #define SF_NOTIFY_NONSECURE_PORT 0x00000002
  457. #define SF_NOTIFY_READ_RAW_DATA 0x00008000
  458. #define SF_NOTIFY_PREPROC_HEADERS 0x00004000
  459. #define SF_NOTIFY_AUTHENTICATION 0x00002000
  460. #define SF_NOTIFY_URL_MAP 0x00001000
  461. #define SF_NOTIFY_ACCESS_DENIED 0x00000800
  462. #define SF_NOTIFY_SEND_RESPONSE 0x00000040
  463. #define SF_NOTIFY_SEND_RAW_DATA 0x00000400
  464. #define SF_NOTIFY_LOG 0x00000200
  465. #define SF_NOTIFY_END_OF_REQUEST 0x00000080
  466. #define SF_NOTIFY_END_OF_NET_SESSION 0x00000100
  467. #define SF_NOTIFY_AUTH_COMPLETE 0x04000000
  468. //
  469. // Filter ordering flags
  470. //
  471. // Filters will tend to be notified by their specified
  472. // ordering. For ties, notification order is determined by load order.
  473. //
  474. // SF_NOTIFY_ORDER_HIGH - Authentication or data transformation filters
  475. // SF_NOTIFY_ORDER_MEDIUM
  476. // SF_NOTIFY_ORDER_LOW - Logging filters that want the results of any other
  477. // filters might specify this order.
  478. //
  479. #define SF_NOTIFY_ORDER_HIGH 0x00080000
  480. #define SF_NOTIFY_ORDER_MEDIUM 0x00040000
  481. #define SF_NOTIFY_ORDER_LOW 0x00020000
  482. #define SF_NOTIFY_ORDER_DEFAULT SF_NOTIFY_ORDER_LOW
  483. #define SF_NOTIFY_ORDER_MASK (SF_NOTIFY_ORDER_HIGH | \
  484. SF_NOTIFY_ORDER_MEDIUM | \
  485. SF_NOTIFY_ORDER_LOW)
  486. //
  487. // Filter version information, passed to GetFilterVersion
  488. //
  489. typedef struct _HTTP_FILTER_VERSION
  490. {
  491. //
  492. // Version of the spec the server is using
  493. //
  494. DWORD dwServerFilterVersion;
  495. //
  496. // Fields specified by the client
  497. //
  498. DWORD dwFilterVersion;
  499. CHAR lpszFilterDesc[SF_MAX_FILTER_DESC_LEN];
  500. DWORD dwFlags;
  501. } HTTP_FILTER_VERSION, *PHTTP_FILTER_VERSION;
  502. //
  503. // A filter DLL's entry point looks like this. The return code should be
  504. // an SF_STATUS_TYPE
  505. //
  506. // NotificationType - Type of notification
  507. // pvNotification - Pointer to notification specific data
  508. //
  509. DWORD
  510. WINAPI
  511. HttpFilterProc(
  512. HTTP_FILTER_CONTEXT * pfc,
  513. DWORD NotificationType,
  514. VOID * pvNotification
  515. );
  516. BOOL
  517. WINAPI
  518. GetFilterVersion(
  519. HTTP_FILTER_VERSION * pVer
  520. );
  521. BOOL
  522. WINAPI
  523. TerminateFilter(
  524. DWORD dwFlags
  525. );
  526. #ifdef __cplusplus
  527. }
  528. #endif
  529. #endif //_HTTPFILT_H_