Академический Документы
Профессиональный Документы
Культура Документы
Design Specification
Revision 1.4
July 6, 2019
2. INTERNET APIS
3. GATEWAY SERVER
4. REVISION HISTORY
Gateway server is a service that runs on Windows NT 3.5 server that has access to Internet and
to local “corporate” network. Clients requests and responses are transported across client
desktop and gateway server using RPC mechanism which provides transport transparency and
user level security. Gateway server processes the client requests by calling WIN32 Internet APIs.
In order to effectively use the available Internet resources and to enhance the client Internet
access performance, the gateway server caches the Internet information in its local storage so
that if any corporate client needs the information that is already in the cache, it will be fetched
from there and returned to client. This retrieval not only reduces the Internet traffic, also the
client gets back the information much quicker. Administrators have control over the cached
information such as disk usage, cached information Time-out and Refresh Interval.
Gateway server multiplexes the users requests and effectively uses the Internet resources, so
that a moderate sized corporation can provide Internet access to all its employees using few
gateway servers. These servers could be the same Internet servers (such as microsoft.com)
where the corporation places its public information for access to Internet users.
The layout of the Internet and Gateway service DLLs is given in the figure 1.
2. Internet APIs
WIN32 Internet APIs are set of APIs that provide ways for the Internet application writer to
access the Internet. These APIs are remotable to gateway servers or they can directly talk to
Internet. Also they encapsulate the protocol information to make the application writers life easy.
The application written using these APIs can talk to Internet either directly or through the
gateway server. APIs will determines the path automatically.
Wininet.dll
Thunk Layer
Worker
RPC Stub To Internet
Functions
Gateway Server
RPC STUB
Wininet.dll
Thunk Layer
Gateway Service
Admin Tool
Worker
RPC Stub Function
s
To Internet
1
This session will be modified soon.
Microsoft Confidential 7/6/2019 7/6/20197/6/2019 4
services they serve. When the client code decides to remote the Internet APIs, it talks to the
locator service to get the list of RPC gateway servers and selects the gateway server that
support the transport the client can talk to and the Internet services that the client wants.
Data Definitions :
2.2.1 OpenInternet
OpenInternet API opens the Internet dll and sets up the gateway session if the access is through
gateway server. It locates the gateway server with the required Internet services enabled. It
returns a handle which can be used to call other Internet service APIs. If the AccessMethod
specified is PER_CONFIG_INTERNET_ACCESS, the API reads registry for the default
configuration.
HINET
OpenInternet(
DWORD AccessMethod,
LPCTSTR GroupName
);
Parameters :
AccessMethod : Type of access method preferred. It should be one among the followings :
Microsoft Confidential 7/6/2019 7/6/20197/6/2019 5
LOCAL_INTERNET_ACCESS
GATEWAY_INTERNET_ACCESS
PRE_CONFIG_INTERNET_ACCESS
GroupName : This is a reserved parameter. In future this parameter can be used to pick a
gateway server from selected group of servers.
Return Value :
2.2.2 CloseInternet
CloseInternet API call closes any pending RPC connection to Gateway server, frees up the
handle resources and invalidates the handle. The caller should not use the Internet handle after
this call returns.
BOOL
CloseInternet(
HINET InternetHandle,
);
Parameters :
Return Value :
If this function is successful, it returns TRUE otherwise FALSE. GetLastError() function will
return extended error information.
3. Gateway Server
Apart from serving the remote client calls, gateway server performs :
4. Gateway Configuration
The admin configures the cache storage, the storage can be spread at multiple locations either
on a same volume or across different volumes. The cache mangement system optimally uses
this store to cache different size of URLs. When the allocate storage becomes full, the system
will apply a complex score system to phase out previously cached files.
The cache mangement system updates the URL as required. The admin can configure cache
manager with URL update interval (ex. 24hrs) to control the freshness of the URLs. However
some WEB servers specify the expire date of the URL files, in such cases cache manger uses it.
Cache manager does not cache files that are changing frequently such as URL files with less
than 15mins freshness interval.
Each above factor is given a weighing, a score is computed for each of the above factors and all
scores are added to make phase out score. The URL with highest score will be phased out first.
An example of this score system is given in the following spread sheet.
File1 20 4/1/95 20:00 3 4/7/95 11:50 24 4.00 20.00 6.00 20.00 50.00
File2 1 4/7/95 13:00 8 4/7/95 13:00 3 0.20 7.78 16.00 20.00 43.98
File3 100 4/4/95 17:00 2 4/1/95 10:00 4 20.00 20.00 4.00 20.00 64.00
File4 15 4/8/95 13:00 8 4/8/95 10:00 1 3.00 1.11 16.00 20.00 40.11
File5 0.5 4/8/95 1:00 5 4/8/95 1:00 24 0.10 4.44 10.00 13.33 27.88
CacheSize 200 in MB
Phaseout 3 in days
Frequency 10 times
TimeNow 4/8/95 17:00
Score1 Fac. 40 %
Score2 Fac. 20 %
Score3 Fac. 20 %
Score4 Fac. 20 %
URL Cache manager cleans up the cache storage periodically to get rid of unused files and
makes room for the new URLs. Cache cleanup is also invoked whenever the cache storage is
full and cache space is required for the new URL. Admin can also flush the cache from admin
tool and also specify to flush the cache periodically or when the service is shut down.
3.1.3.1 UrlCacheInit
URLCacheInit API initializes the cache manager and makes cache manager to accept other
APIs. Internet service that uses the URL caching should call this API during service startup.
DWORD
UrlCacheInit(
VOID
);
Parameters :
None.
Parameters :
DWORD
CacheUrlFile(
IN LPCSTR UrlName,
IN LPCWSTR LocalFileName,
LONGLONG ExpireTime
);
Parameters :
UrlName : Name of the file in URL format. This must be an unique name. The name string
should not contain any escape character.
LocalFileName : Name of the local file that is being cached. The file will be moved to the cache
storage if the stoage is in the same volume of the local file otherwise the file is copied to
the cache storage and then the local file is deleted.
Expire Time : Expire date and time (GMT) of the URL file that is being cached. If it is unknown
set it to zero.
3.1.3.3 RetrieveUrlFile
RetrieveUrlFile API retrieves an URL file from cache. If the file is not available in cache it
returns ERROR_FILE_NOT_FOUND, otherwise it returns the name of the local file. The caller is
given only read permission to the local file, so the caller should not attempt to write or delete the
file. The file is locked for the caller when it is retrieved, the caller should unlock the file after it
has been used up. Cache manager will automatically unlock the locked files after certain
interval. While the file is locked cache manager will not remove the file from cache.
DWORD
RetrieveUrlFile(
Parameters:
UrlName : Name of the file in URL format. This must be an unique name.The name string should
not contain any escape characters.
LocalFileName : Pointer to a location where the name of the local file of the specified URL file is
returned.
IsExpired : pointer to a bool which will be set if the specified file is found and the file time has
expired. The caller can decide to retrieve this file from the internet server. Note: the file
is locked even if the time has expired, so the caller should unlock it before it updates the
file.
3.1.3.4 UnlockUrlFile
UnlockUrlFile API unlocks the cache file which was locked while the file was retrieved for use
from cache. The caller should not access the file after it calls this API. The cache manager is
now free to delete the file if it wants.
DWORD
UnlockUrlFile(
LPCSTR UrlName
);
Parameters:
UrlName : name of the Url File that is being unlocked.The name string should not contain any
escape characters.
DWORD
CreateUrlFile(
LPCSTR UrlName,
DWORD ExpectedFileSize,
LPWSTR FileName
);
Parameters:
UrlName : Name of the URL. The name string should not contain any escape character.
ExectedFileSize : Expected size of the URL. If the expected size is unknown then set this value
to zero.
FileName : Pointer to a file name buffer. The buffer should be large enough to store the file path
name of the create file.
3.1.3.5 GetUrlInfo
GetUrlInfo API retrieves the information of the specified URL.
DWORD
GetUrlInfo(
LPCSTR UrlName,
LPURL_INFO UrlInfo
);
Data Definition:
Parameters:
UrlName : Name of the URL. The name string should not contain any escape character.
UrlInfo : Pointer to a URL_INFO structure.
3.1.3.5 SetUrlInfo
SetUrlInfo API retrieves the information of the specified URL.
DWORD
SetUrlInfo(
LPCSTR UrlName,
LPURL_INFO UrlInfo
);
Data Definition:
Parameters:
UrlName : Name of the URL. The name string should not contain any escape character.
UrlInfo : Pointer to a URL_INFO structure.
Data Definitions:
2
These APIs are defined as part of internet mangement APIs in some other doc.
Microsoft Confidential 7/6/2019 7/6/20197/6/2019 13
the service is installed all users (the world) will have all access to all services. The administrator
needs to setup appropriate access to users if the gateways server has to be secured.
Data Definitions :
3.2.1.1 GatewayAddUserAccess
GatewayAddUserAccess API gives the specified access rights to the specified user or group to
access the specified service. The call will return ERROR_ACCESS_DENIED if the caller does
not have enough privilege to perform this operation. If the specified user or group has already
had an entry in the access control list of the specified service, it will replace the old access
rights. The order of access control entries in the list is also important, since a user can be
member of a group that does not have access to a service, will not receive access to that service
even if another entry in the access control list specified beyond the group entry that gives the
user access.
DWORD
GatewayAddUserAccess(
IN LPCWSTR ServerAddress,
IN LPCWSTR ServiceName,
IN LPACCESS_LIST AccessList
);
Parameters :
3
Currently only these access mask are defined here, in future new access types can be defined. The system allows us to
define upto 16 access types.
Microsoft Confidential 7/6/2019 7/6/20197/6/2019 14
ServerAddress : Address of the Gateway server.
ServiceName : Name of the Internet service that requires this access protection.
AccessList : Pointer to a list of aces to be added/modified in the service ACL.
ERROR_ACCESS_DENIED : if the caller does not have enough access privilege to perform this
operation.
ERROR_INVALID_PARAMETER : if any of the specified parameter is invalid.
3.2.1.2 GatewayDeleteUserAccess
GatewayDeleteUserAccess deletes the specified user aces from the ACL of the specified
service. If the access list becomes empty, no one can access the service.
DWORD
GatewayDeleteUserAccess(
IN LPCWSTR ServerAddress,
IN LPCWSTR ServiceName,
IN LPACCESS_LIST AccessList
);
Parameters :
ERROR_NO_SUCH_USER : if the specified user is not found in the user control list of the
specified service.
ERROR_INVALID_PARAMETER : if any of the specified parameter is invalid.
3.2.1.3 GatewayEnumUserAccess
GatewayEnumUserAccess enumerates the list of users and their corresponding access rights.
DWORD
GatewayEnumUserAccess(
IN LPCWSTR ServerAddress,
IN LPCWSTR ServiceName,
OUT LPACCESS_LIST *AccessList
);
Data Definitions :
3.2.2.1 GatewayServerQueryMIBInfo
GatewayServerQueryMIBInfo returns the server statistic information.
Parameters :
None.
Server Audit Log APIs allow you to configure the server audit logging.
Data Definitions :
typedef _GATEWAY_CONFIG_PERIODIC_FILE_INFO {
LPWSTR FileName;
GATEWAY_LOG_PERIOD Period;
} GATEWAY_CONFIG_PERIODIC_FILE_INFO,
*LPGATEWAY_CONFIG_PERIODIC_FILE_INFO;
3.2.3.1 GatewaySetAuditLogConfigInfo
GatewaySetAuditLogConfigInfo API allows administrators to set the gateway server audit log
configuration.
DWORD
GatewaySetAuditLogConfigInfo(
IN LPCWSTR ServerAddress,
IN GATEWAY_LOG_CONFIG *AuditLogConfig
);
Parameters :
3.2.3.1 GatewayGetAuditLogConfigInfo
GatewayGetAuditLogConfigInfo API allows administrators to get the current gateway server
audit log configuration.
DWORD
GatewayGetAuditLogConfigInfo(
IN LPCWSTR ServerAddress,
IN LPGATEWAY_LOG_CONFIG *AuditLogConfig
);
Parameters :
Whenever a RPC returns a block memory as return data, the caller should free up that memory
after the data is used or copied to another buffer, otherwise the system will lose its virtual
memory for that application.
3.2.4.1 GatewayFreeMemory
GatewayFreeMemory API call frees up the memory block that was returned as data block to
caller.
DWORD
GatewayFreeMemory(
IN LPCWSTR ServerAddress,
IN PVOID MemoryBlock
);
Parameters :
None.
3.2.1 GatewayAccessValidate
GatewayAccessValidate checks user permission to perform specified access.
Microsoft Confidential 7/6/2019 7/6/20197/6/2019 20
DWORD
GatewayAccessValidate( 4
IN LPWSTR ServiceName,
IN ACCESS_MASK DesiredAccess
);
Parameters:
ServiceName : pointer to the name of the external service that is performing this access check.
DesiredAccess : desired access required to perform the required service.
4
Local API
Microsoft Confidential 7/6/2019 7/6/20197/6/2019 21
4. Revision History
1.2 01/31/95 madana Updated for match implementation and MSN requirements