The following lists several useful functions contained in the SREhttp/2 procedure library. This is not a complete list, there are other functions that are only meant to be used by the SREhttp/2 filter.
SREH2_CFG_READ | read several selector specific attribute files |
SREH2_CFG_BACKUP | read & backup a CFG file |
SREH2_AUTO_CHECK_PRIVS | check if access to resource is allowed |
SREH2_CHECK_PRIVS | check for required privileges |
SREH2_CURRENT_SECOND | Return the current time, as a fraction of a day, accurate to a second |
SREH2_DIGITS | create a graphical message, using digit-GIF files |
SREH2_DATETIME_CONVERT | Convert, using c strftime format,a time-date formatted string |
SREH2_DYNAMIC_PWD | provide "digest" style authentication to http/1.0 browsers. |
SREH2_DYNAMIC_PRIVS | read or write dynamic privileges |
SREH2_FIG_FILE_NAME | determine file name, given datadir or virtual dir |
SREH2_AUTO_FIG_FILE_NAME | simple version of SREH2_FIG_FILE_NAME |
SREH2_FILE_CACHE | work with the SREhttp/2 file cache |
SREH2_FILE_INTREE | search a directory tree for a file |
SREH2_FIND_SPECIAL | find a !special directive in the selector |
SREH2_FORCE_RESPONSE | invoke a forced-authorization request |
SREH2_GET_ATTRIBUTES | lookup selector specific attributes |
SREH2_GET_COOKIE | retrieve the value of a cookie |
SREH2_GET_MIMETYPE | Return the media type of a file, based on its extension. |
SREH2_GET_USERINFO | read privileges from the USERS.CFG file(s) |
SREH2_HOSTDATA | update hostdata info |
SREH2_HOMEDIR | check ~ replacement |
SREH2_HTML_COMMENT | return string embedded within <-- --> |
SREH2_MAILIT | send an e-mail message through an SMTP gateway |
SREH2_MULTI_SEND | send a multipart document, or send pieces of a document |
SREH2_QUERYFILE | return the name of a file, possibly relative to a supplied directory. |
SREH2_PRIVS_CHECK | Compare client-privileges to required privileges |
SREH2_RESET | Reset SREhttp/2 |
SREH2_TEXT2HTML | Converts text string to html-friendly text |
SREH2_SET_COOKIE | add a set-cookie header |
SREH2_VALUE | lookup a SREhttp/2 value |
SREH2_VERSION | lookup SREhttp/2 version number |
SREH2_XBITMAP | produce and XBITMAP image |
Syntax:
foo=sreh2_cfg_read()
where foo contains:
step 1 |
Syntax: stuff=sreh2_cfg_backup(cfg_type,host_nickname,nobackup)
where:
|
---|---|
Step 2 |
Syntax: status=sreh2_cfg_backup(,tempfile_name,cfgfile_name)
where: |
stuff=sreh2_cfg_backup('USER','DEFAULT') parse var stuff astatus stuff if astatus=0 then do ... return error message and exit end parse var stuff tempfile cfgfile backfile ',' contents ... parse contents, modify it, and write results to tempfile stuff=sreh2_cfg_backup(,tempfile,cfgfile) parse var stuff astatus amess if astatus=0 then ... return error message and exit else ... success!
This is a simple frontend to the SREH2_GET_ATTRIBUTES and SREH2_CHECK_PRIVS procedures.
Syntax:
astat=sreh2_auto_check_privs(seluse,privest,host_nick,id_info)
where:
seluse | the selector (to be compared against RULES in attribs.cfg) |
---|---|
privset | the client's privileges |
host_nick | optional -- host-nickname (will be looked up if not provided) |
id_info | optional, the id-info (will be looked up if not provided) |
astat | Return 1 if access is allowed, 0 if access is not allowed. |
Syntax:
astat=sreh2_check_privs(required_privs,privset)
where:
required_privs | a list of privileges to be checked for. Note that there are two kinds of privileges: |
---|---|
privset | the privileges granted to this user |
astat | Return: 0 for failure or 1 for success (where failure means that
the required privileges were not fulfilled by the privileges contained in the privset).
Note that two kinds of privileges can be specified in the required_privs: ONE_OF and MUST_HAVE.
|
If no argument, use current time. Otherwise, use a normal format: such as 24 Sep 2002 21:01:32.
Examples:
Syntax:
txtstring=sreh2_DIGITS(amess,digit_name,nd,useframe,nobr,opts,imgdir)
See COUNTER.TXT for the details.
Syntax:
timestr=sreh2_datetime_convert(cvt_string,adate,atime)
where:
cvt_string | a C style strftime format string |
---|---|
adate | date, in REXX B format (days since 1 January 0001) |
atime | time in hh:mm:ss |
Syntax:
res=sreh2_dynamic_pwd(appname,newloc,privset,duration,respfile,nonce,amess,id_info,this_flag,servername,username)
where:
appname | recommended. The "application" calling this. Used to identify a "shared secret". If not specified, a value of DYNPWD is used. Note that APPNAME is also used in responses. |
---|---|
newloc | optional. The uri to invoke when client hits the submit button. The default value is the Selector that invoked the call to this procedure (typically, the selector that lead to execution of the SREhttp/2 addon that uses dynamic passwords). |
privset | REQUIRED. The space delimited list of "secret" privileges. It should contain an entry of the form APPNAME:shared_secret |
duration | Optional. Duration of a timestamp, in days (and fractions of day) (default value is 1 day) |
respfile | Optional. The "response file" that contains javascript and HTML. The response file creates a session key, using the secret password, and sends it to NEWLOC. If not specified, will use DYNPWD.RSP in the filter directory (i.e.; in the SREHTTP2 directory). |
nonce | Optional Extra identifiacation information. This should be unique to a client. If not specified, SREH2_DYNAMIC_PWD will use the client's IP address. |
amess | Optional. A short text string. It will be
displayed in emphasized format (you can amess
for descriptive purposes). Since amess is used to report status information, in general we recommend leaving it undefined. |
id_info | Optional. If available, this will speed up processing a bit. |
this_flag | Optional. A flag value. this_flag is returned when a special action should be taken. The special action depends on the response file. For example, DYNPWD.RSP uses this_flag to signal client requested a relogon (when a checkbox is checked) |
servername | Optional. If not specified, it will be looked up (it is only used for informational purposes). |
username | Optional. If specified, it will be used for informational purposes. |
res |
|
Syntax:
stuff=sreh2_dynamic_privs(action,aname,avalue,lifespan,id_info)
where:
action | action: one of LIST, DELETE, WRITE, AUGMENT, READ, or RESET |
---|---|
aname | a case-insensitive username, or other identifier, identifiying the record where the dynamic privileges are stored. Several special values can also be used: !IP, !USER, and !COOKIE. |
avalue | the dynamic privileges to store. Used only by the WRITE and AUGMENT actions. |
lifespan | the lifespan, in minutes, of this record. If not specified, a default of 15 minutes is used. |
id_info | Optional, the ID_INFO |
stuff | : Either status information, or a list of dynamic privileges. |
For more details, see DYNPRIV.TXT.
Syntax:
nname=sreh2_fig_file_name(hname,ddir,asel,avirt,arule,vtype,max_repeats,id_info)
where:
hname | optional the host-nickname (or DEFAULT). If not provided, it will be determined. | |||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|
ddir | optional the default data directory. If not provided, it will be determined (host-specific value is used if available). This is used only if avirt is not available. | |||||||||||
asel | the selector to map to a file name | |||||||||||
avirt | optional virtual directory | |||||||||||
arule | optional the rule
If avirt='' and arule=1, then avirt and arule will be looked up
(in the possibly host-specific ATTRIBS.CFG).
|
attribs=sreh2_get_attributes(host_nickname,a_selector)
parse var attribs realm '01'x arule '01'x redirect '01'x .
parse var redirect redirect_type redirect_to
redirect_type=strip(translate(redirect_type))
avirt=''
if redirect_type='DIR' then avirt=redirect_to
Syntax:
fname=sreh2_auto_fig_file_name(asel,ahost,ddir,id_info)
where:
asel: | selector to map to a file; using possibly host-specific default data directories and virtual directories. |
---|---|
ahost: | Optional: the host-nickname. If not available, it will be looked up. |
ddir: | Optional, the default data directory. If not available, a possibly host-specific value will be looked up. |
id_info | Optional. The ID_INFO, if it is available. |
Limitations (use sreh2_fig_file_name if these are a problem):
Syntax:
where:
id_name | A string that identifies a cache entry. This is often
a selector, or a host_nickname:/selector, or a directory name.
Note that spaces are stripped from this string before it is used. |
---|---|
params | Parameters that control how to cache id_name |
msec_wait | Wait time, in milli seconds. Optional -- the default value is 30 seconds (30000). After this many seconds, the procedure gives up (it stops waiting on the cache daemon), and returns an error code. |
ownid | optional. The calling procedure's Own_ID. If you have it, supplying the OWN_ID can speed up processing a bit. |
action | An action to take.
Valid actions are:GET PUT INFO RESET REMOVE Note that if action is not specified, then:
|
Syntax:
full_file=sreh2_file_intree(filename,topdir,botdir)
where:
filename | the file name to search for (with NO path information) if filename not specified, check for existence of a subdirectory |
---|---|
topdir | fully qualified directory to start search in it topdir not specified, use current default |
bottom_dir | fully qualified directory to stop searching in. topdir should be a subdirectory of bottom_dir if bottom_dir not specified, search down to the root (x:\) directory |
filename='PERL.TXT' topdir='f:\www\sre2k\srehttp2\demos' botdir='f:\www' file_use=sreh2_file_intree(filename,topdir,botdir) /* File_use might be F:\WWW\SRE2K\SREHTTP2\PERL.TXT (assuming that PERL.TXT is not in f:\www\sre2k\srehttp2\demo). */
Syntax:
sp_val=sreh2_find_special(selector_original,lookfor)
where:
selector_original | a selector, typically as it is extracted from the request string. |
---|---|
lookfor | the !SPECIAL directive (or !special command) to lookfor. Note that you do not have to preface lookfor with a !.
Alternatively,
|
sp_val | the value of the lookfor !special directive. Returns a blank (a ' ') if there is no such lookfor special directive (or command). Alternatively, returns the selector, or the list of !special directives (and commands). |
Syntax:
newname=sreh2_force_response(seloriginal,servername,port,id_info)
where all parameters are optional. If not provided, they will be looked up...
seloriginal | the original selector. |
---|---|
servername | the servername to which this request was directed. |
port | the server port to which this request was directed |
id_info | supplying this can speed things up a bit |
As an alternative to SREH2_FORCE_RESPONSE, SREhttp/2 addons can return 'PRIVS'. This causes SREhttp/2 to immediately lookup privileges for this client, and then recall the addon.
REALM RULES REDIRECT OPTIONS FAILURE PERMISSIONS REQUIRESNote that fields may contain CRLFS.
Alternatively, you can ask for just one of the above fields; or you can get just the description of the field.
Syntax:
stuff=sreh2_get_attributes(ahost,asel,afield,id_info,attribs)
where...
ahost | The host-nickname to look under. If not specified, the DEFAULT host is used. |
---|---|
asel | The selector to look for. |
afield | The field to return (see above for valid fields). If not specified, then all fields (seperated
by a '01'x) are returned. |
id_info | Optional. If available, it can speed up lookups. |
attribs | If specified, should contain attribute information (say as supplied by a prior call to SREH2_GET_ATTRIBUTES). If attribs is supplied, then ahost and asel are not used. |
Special features: |
|
---|
Syntax:
cookie_value=sref_get_cookie(cookie_name,nth)
where:
Note that if nth is not included, the first matching cookie is used.
Example |
If the request headers contain: cookie: customer=wiley_coyote then sreh2_get_cookie('customer') will return wiley_coyote
Alternatively: |
Syntax:
mtype=sreh2_get_mimetype(asel,ahost,custfirst)
where:
asel | The selector, or file, to determine the mimetype of |
---|---|
ahost | optional host-nickname, for checking host-specific mimetype mappings. If not specified, check default mimetype mappings. |
custfirst | optional if 1, then check the custom mimetypes first. These are specified in the possibly host specific MIMETYPE.CFG files. |
For example ...
Given that an Authorization request header was provided by the
client, SREH2_GET_USERINFO can:
Syntax:
stuff=sreh2_get_userinfo(authh,host_nickname,id_info,useronly,chk401,lookfor)
where:
authh | authh is typically the value of the Authorization: request
header (say, as read using SRE_REQFIELD
procedure).
|
---|---|
host_nickname | The host-nickname. If not provided, the current host will be used. |
id_info | optional can speed things up a bit |
useronly | optional If useronly equals 1, SREH2_GET_USERINFO will compare the username to usernames stored in the USERS.CFG database. That is, this suppresses password checking. |
chk401 and lookfor |
optional
If included, SREH2_GET_USERINFO will first check to see that the client
does not have several recent access failures. This is meant to
impede hackers trying to discover usernames & passwords by
repetitively hitting your site.
Example: 5 300 Note: in general, lookfor can be any string that uniquely identifies the user, or the user and the resource. Basically, SREhttp/2 maintains a database using lookfor as the record identifier. Thus, if you use a value of lookfor that is liable to be used in conjunction with requests by other users (for this or for a similar resource), then CHK401 will be biased (it will accumulate failures over multiple resources and clients). |
stuff | what is returned depends on what happens, and on the value of CHK401: |
HOSTDATA information is stored in the HOSTDATA.CFG file (in the SREHTTP2\CFG directory). HOSTDATA info consists of definitions of hosts, and specifications for "host-specific" parameter files.
Syntax:
foo=sreh2_hostdata()
where...
foo= 1 : ok
foo= 0 error_message : a problem occurred
Syntax:
ares=sreh2_homedir(aselector,homedir,host_nickname)
where:
aselector | The string to perform ~ replacement on |
---|---|
homedir | The home directory. If not provided its value (possibly host-specific) will be looked up |
host-nickname | The host-nickname. Only used to lookup host-specific home directory (if homedir not provided) |
ares | The result, after replacing ~ with the home directory. Note that homedir replacement can involve subdirectories. |
Syntax:
newstring=sreh2_html_comment(a_comment)
newstring will contain a_comment bracketed by <!-- and -->
SREH2_HTML_COMMENT can be useful when used by INTERPRET SSI keyphrases -- it makes it easy to dynamically insert an HTML comment.
Syntax:
status=mailit(address_list,message,gateway,sender_address,verbose)
where:
address_list | A space delimited list of addresses |
---|---|
message | A message string, that may contain CRLFs (and may be rather long) |
gateway | The address of your SMTP gateway server |
sender_address | The sender's address (optional). If sender's address is not given, a name will be generated, using this sites IP address or domain name. |
verbose | Status message verbosity. 0=none, 1=some, 2=many |
status | If success: 1
If a problem: 0 error-message |
SMTP gateway address |
If you are using an INTERNET provider, use their POP or SMTP gateway address.
If no such address is available, you can try running the OS/2 SENDMAIL program, and
use your hostname as the SMTP gateway address.
For example, assuming that SENDMAIL.UML is in c:\mptn\etc,
before starting SRE2003 you should start sendmail with: Alternatively, you can AUTOSTART sendmail using the TCPCFG program. |
---|---|
recipient addresses |
The message will be sent to each address. Since the addresses are sent and then the message, this allows for fairly rapid mailing to multiple individuals. |
SENDER ADDRESS | Some SMTP gateways only accept messages from known users, or from other gateways. Often, they will examine the FROM: field to determine this. So, if you are having problems with message acceptance, you might need to adjust your SENDER_ADDRESS. |
SNDXMAIL.CMD | The SNDXMAIL.CMD program (located in the SREHTTP2\CGI-BIN directory) demonstrates how SREH2_MAILIT can be used in a standalone program. |
Syntax:
res=SREH2_multi_send(message,options,howsnd,fflag,verbose,opthdr,id_info,cprot)
where:
message | a message, or filename, to send |
---|---|
options | optional header and connection-close options |
howsnd | specifies whether this is a part, or a piece, of a document |
fflag | flag that means "message is a filename" |
verbose | optional verbose status messages |
opthdr | optional additional headers |
id_info | optional the transaction daemon-id, it's use can speed up processing a bit |
cprot | optional clientprotocol. Optional, using it can speed up processing a bit. |
res (the returned value) If blank, no error. Otherwise, a message that starts with 'ERROR '
| |
For greater details on how to use SREH2_MULTI_SEND, see MULTSEND.TXT
Syntax:
newname=sreh2_queryfile(adir,aname)
where:
adir | optional directory to search for file in. If not specified, search under the filter directory |
---|---|
aname | file name. If fully qualified, adir is ignored. Otherwise, look for a file of this name relative to adir (or to the filter directory if adir is not specified). |
newname | The fully qualified file name, or ' ' if such a file does not exist. |
Syntax:
astat=sreh2_check_privs(requires,client_privs)
where ...
Syntax:
astat=sreh2_check_privs(id_info,mode)
where both arguments are optional...
Syntax:
htm_string=sreh2_text2html(txt_string,dobr,docurly)
Where:
if dobr=1, add a <BR> after every line
if docurly=1, convert { and } to < and >
SREH2_Text2HTML will ...
Syntax:
astat=sreh2_set_cookie(cname,avalue,duration,path,domain,replaceit)
where ...
For the cookie spec, see http://wp.netscape.com/newsref/std/cookie_spec.html
Syntax:
retval=sreh2_value(varname,newval,hostname,id_info,force_host)
where ...
varname | the variable name (to be read or written) |
---|---|
newval | the value to write. If empty, then read the current value of varname |
hostname | Optional. look for host-specific value, using this host nickname |
id_info | Optional. id_info. id_info is used only if you do not specify hostname |
force_host | Optional. if 1, then force a lookup for a host-specific
parameter. If varname has not been defined, then return ' '. In a sense, FORCE_HOST means treat the host as if it were strictly-superceding |
retval | the current value (if newval specified, retval will equal newval) |
Syntax:
a_version=sreh2_version()
This returns the version number. Version numbers have the format:
Nmmbbb
where N is the major version number, mm is the minor version number,
and bbb is the build number.
Example: Major version 1, minor version 11, build 423: 112103
Or, to return the version name, you can use: version_name=sreh2_version('NAME').
This returns the same value as SRE_SERVER('F').
version_name will have the format:SREhttp/2 ver 1.12d.
Note that the d corresponds to the 4 in the build number (you
can think of it as the "major build number").
Syntax:
rcode=sreh2_XBITMAP(amess,digit_name,nd,useframe,nobr,opts,imgdir)
Note that rcode is a response code (as returned by SRE_COMMAND).
See COUNTER.TXT for the details.