with-authinfo-kludge.1: Fix the various lies in the manual.

[with-authinfo-kludge] / with-authinfo-kludge.1

.\" -*-nroff-*-
.\"
.\" Manual page for `with-authinfo-kludge'.
.\"
.\" (c) 2016 Mark Wooding
.\"
.
.\"----- Licensing notice ---------------------------------------------------
.\"
.\" This program is free software; you can redistribute it and/or modify
.\" it under the terms of the GNU General Public License as published by
.\" the Free Software Foundation; either version 2 of the License, or
.\" (at your option) any later version.
.\"
.\" This program is distributed in the hope that it will be useful,
.\" but WITHOUT ANY WARRANTY; without even the implied warranty of
.\" MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
.\" GNU General Public License for more details.
.\"
.\" You should have received a copy of the GNU General Public License
.\" along with this program; if not, write to the Free Software Foundation,
.\" Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
.
.ie t \{\
.  ds o \(bu
.\}
.el \{\
.  ds o o
.\}
.
.de hP
.IP
\h'-\w'\fB\\$1\ \fP'u'\fB\\$1\ \fP\c
..
.
.de VS
.sp 1
.RS
.nf
.ft B
..
.de VE
.ft R
.fi
.RE
.sp 1
..
.
.TH with-authinfo-kludge 1 "23 April 2016"
.
.\"--------------------------------------------------------------------------
.SH NAME
with-authinfo-kludge \- run a newsreader with AUTHINFO GENERIC support
.
.SH SYNOPSIS
with-authinfo-kludge
.RB [ \-v ]
.RB [ \-d
.IR dir ]
.RB [ \-f
.IR conf ]
.RB [ \-t
.IR tag ]
.br
\h'5m'\c
[
.BI + server
.RI [ param \fR= value
\&...] \&...]
.RB [ + ]
.br
\h'5m'\c
.I command
.RI [ args
\&...]
.
.\"--------------------------------------------------------------------------
.SH DESCRIPTION
.
The
.B with-authinfo-kludge
program is an
.I adverbial modifier
which runs another command
(typically a newsreader)
in an environment in which it can,
transparently to it,
make connections to certain NNTP servers
which usually require
.B AUTHINFO GENERIC
authentication before they'll permit clients to read or post.
This is useful because support for
.B AUTHINFO GENERIC
has never been especially widely implemented by newsreaders
and now seems to be being withdrawn from those newsreaders
which used to support it.
.PP
In the simple case, you say something like
.VS
with-authinfo-kludge slrn
.VE
and then
.B slrn
will start up,
connect to your default NNTP server
(as named in the
.B NNTPSERVER
environment variable),
authenticate to it as needed,
and let you read and post news.
In more complicated cases,
.B with-authinfo-kludge
can handle multiple NNTP servers,
set up SSH forwarding for them,
offer different authentication credentials to them,
and hide the fact that they might be running on nonstandard ports.
.PP
The
.B with-authinfo-kludge
program doesn't do all of this itself:
it depends on some other tools existing on the system in which it runs.
(It doesn't need anything special running on the server system.)
The external dependencies are as follows.
.hP \*o
The
.B authinfo-kludge
program, by Richard Kettlewell,
is a simple proxy which relays commands and responses
between the client (on stdin/stdout) and server (over TCP),
and responds transparently to authentication requests from the server.
.hP \*o
The
.B noip
hack, by Mark Wooding,
is an
.B LD_PRELOAD
library which selectively uses Unix-domain sockets
in place of IPv4 or IPv6 sockets.
.
.SS "Command line"
The
.B with-authinfo-kludge
program accepts a small number of options
before its main command-line arguments.
.TP
.B \-h
Write help about the command-line syntax to standard output,
and exit with status zero.
.TP
.BI "\-d " dir
Use
.I dir
as the `runtime directory',
which is used to store sockets and other working files
while
.B with-authinfo-kludge
is running.
By default, it will choose an appropriate place
in a moderately complicated manner described below;
this option lets you override its choice
in order to achieve special effects.
.TP
.BI "\-f " conf
Read configuration from
.IR conf .
The default is somewhat complicated;
see below.
.TP
.BI "\-t " tag
Use
.I tag
to distinguish this usage of
.B with-authinfo-kludge
from others.
The tag is used to select default configuration files
and runtime directories.
By default, the basename of the
.I command
is used.
.TP
.B "\-v"
Print messages explaining what
.B with-authinfo-kludge
is doing to standard error.
By default,
.B with-authinfo-kludge
does its thing silently unless there are problems.
.PP
The
.I command
argument names the command which should be run
with the various proxy arrangements which it is the task of
.B with-authinfo-kludge
to arrange; it will be passed the
.IR args ,
if any.
The command name and arguments are not subject to
interpretation by the shell;
if, for some reason, you wanted to make use of shell features,
you should specify a command of the form
.B /bin/sh
.B \-c
.IR shell-fragment .
.PP
Between the options (if any) and the
.I command
name,
there may be a number of server configurations.
If any are present, they take the place of any configuration file:
an error is reported if a
.B \-f
option was passed.
A server configuration starts with
an argument consisting of a server name prefixed by a
.RB ` + '
character:
.IP
.BI + server
.PP
This may be followed by assignments
.IP
.IB param = value
.PP
which set configuration parameters
for the previously-named server.
Such a server configuration on the command line
is treated exactly the same as a configuration-file section
.IP
.BI [ server ]
.br
.IB param = value
.br
\&...
.PP
See below for details about the configuration file.
.PP
To hedge against the
.IR command 's
name containing an
.RB ` = '
or, less plausibly, beginning with
.RB ` + ',
an argument consisting of a
.RB ` + '
sign on its own marks the end of the server configurations:
the following argument will be interpreted as the command name
regardless of its syntactic form.
If there is a
.RB ` + '
marker, but no server configurations,
then the configuration file is read,
or the default configuration is used,
as usual.
.
.SS "Configuration file"
The
.B with-authinfo-kludge
program reads configuration from a standard-ish
.RB ` .ini '-format
file.
The file consists of parameter settings of the form
.IP
.I param
.B =
.I value
.PP
divided into sections by headers of the form
.IP
.BI [ name ]
.PP
Whitespace around the
.IR name ,
.I param
and
.I value
strings is discarded.
A section
.I name
may itself contain square brackets,
and they need not be properly nested.
There is no syntax for continuing values over more than one line.
.PP
The file may also contain blank lines,
and comment lines whose first non-whitespace character is either
.RB ` # '
or
.RB ` ; '.
All such lines are ignored.
.PP
Parameter settings apply to the section named in the most recent
setion header.
Settings appearing before the first section header apply to
the special section named
.BR @GLOBAL ,
just as if a line
.IP
.B [@GLOBAL]
.PP
appeared at the very top of the file.
It is permitted (though not usually expected)
for several section headers to have the same name;
in this case,
all of the settings following any of the occurrences are gathered together,
just as if they'd all appeared under a single header,
in the same order.
If the same parameter is assigned more than once,
then only the
.I last
assignment has any effect.
.PP
With the exception of the
.B @GLOBAL
section,
each section header should name an NNTP server.
.PP
The following server parameters are recognized.
.TP
.BI local= host\fR[ : port \fR]
Sets the NNTP server address which the newsreader command
expects to connect to.
This does
.I not
have to be an address local to the machine on which
.B with-authinfo-kludge
runs.
It defaults to the
.I server
name from the section heading
(which must therefore be in the appropriate format),
and may be equal to the
.I remote
address (below) without causing difficulty.
Note that
.B with-authinfo-kludge
will not do anything to encourage the client
to connect to the right address;
its caller must arrange to configure the client correctly,
e.g., by setting the
.B NNTPSERVER
environment variable appropriately.
.TP
.BI nntpauth= "parameter arguments\fR..."
Set the AUTHINFO GENERIC authentication parameter and arguments
to use for this server.
The default is to use the settings from the
.B NNTPAUTH
environment variable.
.TP
.BI remote= host\fR[ : port \fR]
Sets the real address of the NNTP server which
.BR with-authinfo-kludge 's
proxy (or the SSH tunnel) should connect to.
It defaults to the
.I server
name from the section heading
(which must therefore be in the appropriate format).
.TP
.BI sshbind= host\fR[ : port\fR]
Change the address and port number
of the local end of the SSH tunnel
set up by the
.B via
parameter.
The default is to use
127.1.0.1:1119,
because OpenSSH refuses to try to listen on low-numbered ports
rather than trying it and seeing whether it would work
(which it would, in this case).
It is
.I not
a problem for multiple servers to use the same address:
.B with-authinfo-kludge
uses the
.BR noip (1)
library to keep them
separate.
.TP
.BI via= gateway
Use SSH connection forwarding to reach the server.
The
.I gateway
is passed to
.BR ssh (1)
as its hostname parameter,
so may be a hostname or IP address,
possibly prefixed by
.IB user @
to choose a different login name;
or it may name a
.BR ssh_config (1)
stanza providing detailed configuration.
Note that the local end of the tunnel will
.I not
be exposed to other users of the local machine,
since this instance of SSH is run under the control of
.BR noip (1).
.PP
The various parameters which take network addresses
accept a common syntax:
.IP
.IR host \c
.RB [ : \c
.IR port ]
.PP
The
.I host
may be a hostname;
an IPv4 address in dotted-quad notation; or
an IPv6 address in hex-and-colons notation,
which must contain at least
.I two
colons to be valid.
Raw IP addresses may be surrounded by square brackets;
this is necessary to disambiguate a trailing
.BI : port
following an IPv6 address because the IPv6 address syntax is stupid.
.PP
The
.B @GLOBAL
section may set the following parameters.
.TP
.BI rundir= dir
Set the runtime directory to be
.IR dir .
This directory (but not its parent directories)
will be created automatically if necessary.
The default runtime directory is chosen in a complicated way;
see below.
.PP
The configuration file is found as follows.
.hP 1.
If server configurations are provided on the command line,
then they are used instead of any configuration file.
.hP 2.
If a
.B \-f
option is given, then it is read as a configuration file.
A fatal error is reported if the file does not exist,
or cannot be read for some other reason.
.hP 3.
Let
.I home
be the value of the environment variable
.BR HOME ;
if this variable is not set, then
.I home
is not defined.
.hP 4.
A `configuration path' is built, as follows.
If the environment variable
.B XDG_CONFIG_HOME
is set, then its value is the first entry in the path;
otherwise the first entry is
.IB home /.config \fR;
a fatal error is reported at this point
if no home directory was determined.
If the environment variable
.B XDG_CONFIG_DIRS
is defined,
then the
.RB ` : '-separated
entries in its value are appended to the path;
otherwise, the single entry
.B /etc/xdg
is appended.
.hP 5.
A `tag' is chosen, as follows.
If the
.B \-t
option is given, then its value is used;
otherwise the tag is the basename of the
.I command
(i.e., the part following the last
.RB ` / ',
if any).
Let
.I tag
denote the tag so chosen.
.hP 6.
A search is made for a file
.IB dir /with-authinfo-kludge/ tag .conf
for each directory
.I dir
in the configuration path established in step 4,
in order.
If such a file exists exists,
then it is read as a configuration file.
(If it can't be read, then a fatal error is reported.)
.hP 7.
A similar search is made for
.IB dir /with-authinfo-kludge/@default.conf \fR.
If such a file exists,
then it is read as a configuration file.
(If it can't be read, then a fatal error is reported.)
.hP 8.
No configuration file could be found,
so a default configuration is constructed, as follows.
Let
.I nntp-server
be the value of the
.B NNTPSERVER
environment variable;
if it is not set, then a fatal error is reported.
The default configuration is as follows.
.RS
.IP
.BI [ nntp-server ]
.RE
.
.SS "The runtime directory"
(This section is technical, and can safely be skipped by most users.
It may be useful to know this stuff if
.B with-authinfo-kludge
is behaving confusingly and you're trying to understand why.)
.PP
The runtime directory is chosen as follows.
.hP 1.
If the
.B \-d
option is present, then its value is used.
Otherwise, if the configuration file specifies
a value for the global
.B rundir
parameter then that it used.
.hP 2.
If the environment variable
.B XDG_RUNTIME_DIR
is set, then let
.I run
denote its value;
then
.IB run /with-authinfo-kludge
is used as the runtime directory.
.hP 3
If the environment variable
.B TMPDIR
is set, then let
.I tmp
be its value;
otherwise, let
.I tmp
be
.BR /tmp .
Let
.I uid
be the current effective uid, in decimal,
without leading zeroes
(if the superuser is foolish enough to run this program then
.I uid
is
.BR 0 ).
If
.IB tmp/ with-authinfo-kludge- uid
exists,
is a directory (and not a symbolic link),
is owned by the current effective uid,
and has no permissions for group or others;
or if it does not exist but can be created with the above properties;
then it is used as the runtime directory.
.hP 4.
Let
.I home
be the value of the environment variable
.BR HOME ;
if this variable is not set, then
.I home
is not defined.
.hP 5.
A `cache home' directory is determined, as follows.
If the environment variable
.B XDG_CACHE_HOME
is set, then its value is used.
Otherwise, the configuration home is
.IB home /.cache \fR;
a fatal error is reported at this point
if no home directory was determined.
Let
.I cache-home
denote the cache home directory so determined.
If the cache home directory does not exist,
then it is created with mode 0777 (as modified by the umask).
.hP 6.
Let
.I hostname
be the local machine's hostname,
as reported by
.BR gethostname (2).
Then
.IB cache-home /with-authinfo-kludge. hostname
is used as the runtime directory.
.PP
If the directory chosen by the above procedure does not exist,
then it is created as a directory,
with mode 0700 (and modified by the umask).
(If it exists, but is not in fact a directory,
then later operations will fail.)
.PP
The runtime directory contains a number of other directories.
There are a small number of shared directories,
and zero or more
.I session
directories,
each one corresponding to a running
(or failed)
instance of
.BR with-authinfo-kludge .
.PP
The shared directories are as follows.
.TP
.B new/
This is the `nursery' directory:
new session directories are created and populated in here.
Subdirectories have names of the form
.BI n. time . pid . rand /
where
.I time
is the time
(seconds since the POSIX epoch)
at which the directory was created;
.I pid
is the creator's process id; and
.I rand
is a random number chosen to minimize conflicts.
Directories in the nursery older than 300 seconds
may be deleted.
The creation protocol is to
create a directory with an appropriate name;
create a file within it named
.BR lock ;
take out a
.BR fcntl (2)-style
exclusive lock on this file;
and then move the directory to be a direct child
of the runtime directory.
.TP
.B junk/
Session and nursery directories are deleted in two stages:
the first stage is to make them be subdirectories of
.BR junk/ .
Once there, any process may delete them.
Note that nursery directories can be junked
even if they're locked:
moving them to
.B junk/
prevents them from being promoted to proper sessions.
.PP
Session directories are named
.BI s. tag . pid /
where the
.I tag
is the tag summarizing its purpose
(as determined in step 5 of the procedure
for finding a configuration file), and
the
.I pid
is the creator's process-id,
which distinguishes this session from others with the same tag.
.PP
The contents of a session directory are as follows.
.TP
.B client.pid
The process-id of the client command run by
.BR with-authinfo-kludge .
.TP
.B lock
An empty file.
A
running
.B with-authinfo-kludge
process holds a
.BR fcntl (2)-style
lock on this file.
It is used simply to tell other processes that
the directory is still in use and shouldn't be cleaned up.
.TP
.B noip-client/
A directory containing Unix-domain sockets created by
.BR with-authinfo-kludge ;
the
.B noip
library arranges for the client program
to connect to these Unix-domain sockets
rather than to the real remote NNTP servers.
.TP
.BR noip-ssh. server /
This directory also contains Unix-domain sockets ;
they are created by
.BR ssh (1)
and
.B authinfo-kludge
connects to them,
both under the influence of
.BR noip .
.TP
.BI ssh- server .pid
The process-id of the SSH process started to satisfy a
.B via
server parameter.
.
.\"--------------------------------------------------------------------------
.SH BUGS
.
The program is probably too complicated for many uses,
but the author finds the various bells and whistles useful.
.PP
There isn't a good way to get two or more NNTP clients
to share the same proxy machinery.
This is somewhat wasteful.
Fixing this would necessitate some other way of
orchestrating the setup and teardown of runtime directories.
.
.\"--------------------------------------------------------------------------
.SH SEE ALSO
.
.BR authinfo-kludge (1),
.BR noip (1).
.PP
S. Barber,
.IR "RFC2980, Common NNTP Extensions",
.if !t \{\
.br
\h'5m'\c
.\}
.BR "https://www.ietf.org/rfc/rfc2980.txt" .
.
.SH AUTHOR
Mark Wooding,
<mdw@distorted.org.uk>
.
.\"----- That's all, folks --------------------------------------------------