summaryrefslogtreecommitdiff
path: root/doc
diff options
context:
space:
mode:
authorStef Walter <stef@memberwebs.com>2004-04-28 20:59:48 +0000
committerStef Walter <stef@memberwebs.com>2004-04-28 20:59:48 +0000
commitdbbf162dc9be0aef47f2d1f1fcddb7ae4e074d47 (patch)
treec06b131bc9f249557d9891d07977c4f0f3d0f15b /doc
parent8368de7830f336533f9fe6369641070239bf739c (diff)
Tons of fixes, debugging, changes, added apache module
Diffstat (limited to 'doc')
-rw-r--r--doc/httpauth.conf.582
-rw-r--r--doc/httpauth.conf.sample0
-rw-r--r--doc/protocol.txt95
3 files changed, 158 insertions, 19 deletions
diff --git a/doc/httpauth.conf.5 b/doc/httpauth.conf.5
new file mode 100644
index 0000000..fd26c7b
--- /dev/null
+++ b/doc/httpauth.conf.5
@@ -0,0 +1,82 @@
+.Dd April, 2004
+.Dt HTTPAUTH.CONF 5
+.Os httpauth
+.Sh NAME
+.Nm httpauth.conf
+.Nd the configuration file for
+.Em httpauthd
+.Sh DESCRIPTION
+The XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXx
+.Nm
+scripting language is a regular expression language used for fine grained,
+buffer based search and replace. It is not limited to lines. A full description
+of what
+.Nm
+is capable of is outside the scope of this document.
+.Pp
+.Ar script
+is a text or compiled
+.Nm
+script. For details see the language documentation that came along with the distribution.
+.Pp
+When used with the
+.Fl f
+argument
+.Nm
+replaces files in place. Otherwise it reads from
+.Ar infile
+and writes to
+.Ar outfile
+\&. If either infile or outfile are missing or are equal to a dash
+.Sq Li -
+, then rep processes
+.Em stdin
+or
+.Em stdout
+respectively.
+.Sh OPTIONS
+The options are as follows:
+.Bl -tag -width Fl
+.It Fl b
+Backup files where replacements have occurred. The backup files have an
+.Sq x_r
+extension appended to their filename.
+.It Fl i
+Prompt for confirmation before each replacement.
+.It Fl p
+Only output replaced text. Can be used as a rudimentary parser.
+.It Fl q
+Supress status messages. Only errors will be sent to stderr.
+.It Fl z
+Set the replacement buffer size to
+.Ar buffsize .
+This speeds up execution as regular expressions only have to act on a small
+portion of the whole file at once. However the largest match will be limited to
+roughly
+.Ar buffsize
+, so use this option with care. The script loops over each buffer until no more
+matches are found within it. Care is taken to overlap the buffers as much as
+possible to ensure that any match smaller than
+.Ar buffsize
+can be matched.
+.Sh NOTE
+The
+.Nm
+command uses
+.Xr getopt 3
+to parse it's arguments, which allows it to accept
+the
+.Sq Li --
+option which will stop processing of flag options at that point. This allows
+the processing of files with names that begin with a dash
+.Pq Sq - .
+.Sh BUGS
+When reading from
+.Em stdin
+you must specify a buffer size.
+.Sh SEE ALSO
+.Xr repc 1 ,
+.Xr rlib 3 ,
+.Xr pcre 3
+.Sh AUTHOR
+.An Nate Nielsen Aq nielsen@memberwebs.com \ No newline at end of file
diff --git a/doc/httpauth.conf.sample b/doc/httpauth.conf.sample
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/doc/httpauth.conf.sample
diff --git a/doc/protocol.txt b/doc/protocol.txt
index 05e32f2..b6bc0ba 100644
--- a/doc/protocol.txt
+++ b/doc/protocol.txt
@@ -1,22 +1,39 @@
- HTTP/AUTH PROTOCOL
+ HTTPAUTH PROTOCOL
The protocol used between the stateful authenticator and the web servers
that wish to authenticate is described below. It's a simple text protocol,
-similar to HTTP. The web servers send commands and headers to the daemon,
+similar to HTTP. The web server sends commands and headers to the daemon,
which replies with HTTP codes and headers.
Multiple authentication requests can be processed on the same connection,
-although the connection is not stateful. A authentication request initially
-processed through one connection to the daemon can later be completed
-through another. The commands are described below.
+although the connection is not necessarily stateful. A authentication
+request initially processed through one connection to the daemon can
+later be completed through another. The commands are described below.
-AUTH method uri
+After connecting to the daemon, you'll need to retrieve the initial
+'ready' response before sending requests. See below. If the server
+responds with a 5xx message then something's gone wrong and no requests
+will be accepted on the connection.
+
+
+REQUESTS -------------------------------------------------------------------
+
+AUTH authmethod connid method uri
The AUTH command asks the daemon to perform authentication
- for a given set of headers.
+ for a given set of header from the client. None of the
+ arguments should contain spaces.
+
+ authmethod: is the authentication method. Methods are
+ defined by the daemon in it's config file.
+
+ connid: a unique string identifying the connection from
+ the client. This is only important when NTLM is
+ being used. If not, pass a random string.
+
+ method: The HTTP method employed. 'GET' or 'POST' etc...
- method: is the authentication type. It might be 'NTLM'.
uri: the URI being authenticated.
The AUTH command is followed by HTTP headers, one per line
@@ -24,23 +41,63 @@ AUTH method uri
authentication headers for the authentication protocol being
used. Extraneous headers are ignored.
- If multiple HTTP headers with the same name are received, then
- the last one is used. Note that this is somewhat different than
- the HTTP protocol.
+ Headers should be specified on one line, not 'wrapped' as is
+ permissible in HTTP.
QUIT
This closes the connection to the daemon.
-The response from the daemon consists of an HTTP code, followed by headers
-one per line. Note that only the headers to be added for authentication are
-returned. For example:
- 401
- Header: value
- Header2: value
+RESPONSES -------------------------------------------------------------------
+
+The response from the daemon consists of a code, followed by a detail
+message value or set of values. This is separated from the code by a
+space. The content of the detail message is described below.
+
+The codes are similar to HTTP:
+
+ 100 Ready
+ (detail is the list of available authmethods)
+
+ 200 Successful Request
+ (detail is described below)
+
+ 4xx Request Error
+ (detail is an error message)
+
+ 5xx Server Error
+ (detail is an error message)
+
+
+READY
+
+After opening a connection to the daemon, you should receive a response
+(outlined below) of 100 indicating ready. The 'detail' value is set
+to the list of authmethods that the daemon is configured to provide.
+These are separated by spaces:
+
+ 100 Domain Simple Test LDAP
+
+
+SUCCESS
+
+Successful processing of a request returns a 200. The detail constists of,
+an HTTP code to send to the client and the user name (when authentication is
+successful). These are separated by spaces.
+
+In addition the daemon might send a set of headers that must be sent to
+the client. These are ended by a blank line.
+
+A response after client authentication failed might look like this:
+
+ 200 401
+ WWW-Authenticate: realm="blah"
+
+... or a client authentication success response like this:
+
+ 200 200 testo
+ Authorization-Info: Digest rspauth="2034980294820398" nonce="2049823094328" ...
-Success returns a 200, just like normal HTTP. Note that success can contain
-headers that must also be sent to the client.