From dbbf162dc9be0aef47f2d1f1fcddb7ae4e074d47 Mon Sep 17 00:00:00 2001 From: Stef Walter Date: Wed, 28 Apr 2004 20:59:48 +0000 Subject: Tons of fixes, debugging, changes, added apache module --- doc/httpauth.conf.5 | 82 +++++++++++++++++++++++++++++++++++++++++ doc/httpauth.conf.sample | 0 doc/protocol.txt | 95 ++++++++++++++++++++++++++++++++++++++---------- 3 files changed, 158 insertions(+), 19 deletions(-) create mode 100644 doc/httpauth.conf.5 create mode 100644 doc/httpauth.conf.sample (limited to 'doc') diff --git a/doc/httpauth.conf.5 b/doc/httpauth.conf.5 new file mode 100644 index 0000000..fd26c7b --- /dev/null +++ b/doc/httpauth.conf.5 @@ -0,0 +1,82 @@ +.Dd April, 2004 +.Dt HTTPAUTH.CONF 5 +.Os httpauth +.Sh NAME +.Nm httpauth.conf +.Nd the configuration file for +.Em httpauthd +.Sh DESCRIPTION +The XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXx +.Nm +scripting language is a regular expression language used for fine grained, +buffer based search and replace. It is not limited to lines. A full description +of what +.Nm +is capable of is outside the scope of this document. +.Pp +.Ar script +is a text or compiled +.Nm +script. For details see the language documentation that came along with the distribution. +.Pp +When used with the +.Fl f +argument +.Nm +replaces files in place. Otherwise it reads from +.Ar infile +and writes to +.Ar outfile +\&. If either infile or outfile are missing or are equal to a dash +.Sq Li - +, then rep processes +.Em stdin +or +.Em stdout +respectively. +.Sh OPTIONS +The options are as follows: +.Bl -tag -width Fl +.It Fl b +Backup files where replacements have occurred. The backup files have an +.Sq x_r +extension appended to their filename. +.It Fl i +Prompt for confirmation before each replacement. +.It Fl p +Only output replaced text. Can be used as a rudimentary parser. +.It Fl q +Supress status messages. Only errors will be sent to stderr. +.It Fl z +Set the replacement buffer size to +.Ar buffsize . +This speeds up execution as regular expressions only have to act on a small +portion of the whole file at once. However the largest match will be limited to +roughly +.Ar buffsize +, so use this option with care. The script loops over each buffer until no more +matches are found within it. Care is taken to overlap the buffers as much as +possible to ensure that any match smaller than +.Ar buffsize +can be matched. +.Sh NOTE +The +.Nm +command uses +.Xr getopt 3 +to parse it's arguments, which allows it to accept +the +.Sq Li -- +option which will stop processing of flag options at that point. This allows +the processing of files with names that begin with a dash +.Pq Sq - . +.Sh BUGS +When reading from +.Em stdin +you must specify a buffer size. +.Sh SEE ALSO +.Xr repc 1 , +.Xr rlib 3 , +.Xr pcre 3 +.Sh AUTHOR +.An Nate Nielsen Aq nielsen@memberwebs.com \ No newline at end of file diff --git a/doc/httpauth.conf.sample b/doc/httpauth.conf.sample new file mode 100644 index 0000000..e69de29 diff --git a/doc/protocol.txt b/doc/protocol.txt index 05e32f2..b6bc0ba 100644 --- a/doc/protocol.txt +++ b/doc/protocol.txt @@ -1,22 +1,39 @@ - HTTP/AUTH PROTOCOL + HTTPAUTH PROTOCOL The protocol used between the stateful authenticator and the web servers that wish to authenticate is described below. It's a simple text protocol, -similar to HTTP. The web servers send commands and headers to the daemon, +similar to HTTP. The web server sends commands and headers to the daemon, which replies with HTTP codes and headers. Multiple authentication requests can be processed on the same connection, -although the connection is not stateful. A authentication request initially -processed through one connection to the daemon can later be completed -through another. The commands are described below. +although the connection is not necessarily stateful. A authentication +request initially processed through one connection to the daemon can +later be completed through another. The commands are described below. -AUTH method uri +After connecting to the daemon, you'll need to retrieve the initial +'ready' response before sending requests. See below. If the server +responds with a 5xx message then something's gone wrong and no requests +will be accepted on the connection. + + +REQUESTS ------------------------------------------------------------------- + +AUTH authmethod connid method uri The AUTH command asks the daemon to perform authentication - for a given set of headers. + for a given set of header from the client. None of the + arguments should contain spaces. + + authmethod: is the authentication method. Methods are + defined by the daemon in it's config file. + + connid: a unique string identifying the connection from + the client. This is only important when NTLM is + being used. If not, pass a random string. + + method: The HTTP method employed. 'GET' or 'POST' etc... - method: is the authentication type. It might be 'NTLM'. uri: the URI being authenticated. The AUTH command is followed by HTTP headers, one per line @@ -24,23 +41,63 @@ AUTH method uri authentication headers for the authentication protocol being used. Extraneous headers are ignored. - If multiple HTTP headers with the same name are received, then - the last one is used. Note that this is somewhat different than - the HTTP protocol. + Headers should be specified on one line, not 'wrapped' as is + permissible in HTTP. QUIT This closes the connection to the daemon. -The response from the daemon consists of an HTTP code, followed by headers -one per line. Note that only the headers to be added for authentication are -returned. For example: - 401 - Header: value - Header2: value +RESPONSES ------------------------------------------------------------------- + +The response from the daemon consists of a code, followed by a detail +message value or set of values. This is separated from the code by a +space. The content of the detail message is described below. + +The codes are similar to HTTP: + + 100 Ready + (detail is the list of available authmethods) + + 200 Successful Request + (detail is described below) + + 4xx Request Error + (detail is an error message) + + 5xx Server Error + (detail is an error message) + + +READY + +After opening a connection to the daemon, you should receive a response +(outlined below) of 100 indicating ready. The 'detail' value is set +to the list of authmethods that the daemon is configured to provide. +These are separated by spaces: + + 100 Domain Simple Test LDAP + + +SUCCESS + +Successful processing of a request returns a 200. The detail constists of, +an HTTP code to send to the client and the user name (when authentication is +successful). These are separated by spaces. + +In addition the daemon might send a set of headers that must be sent to +the client. These are ended by a blank line. + +A response after client authentication failed might look like this: + + 200 401 + WWW-Authenticate: realm="blah" + +... or a client authentication success response like this: + + 200 200 testo + Authorization-Info: Digest rspauth="2034980294820398" nonce="2049823094328" ... -Success returns a 200, just like normal HTTP. Note that success can contain -headers that must also be sent to the client. -- cgit v1.2.3