mod_auth_msfix - An Apache 2.0 module for fixing the authorization
		header coming from Microsoft Webdav agents.

		by Charles Gentry 
		email: (you have to put this together - reducing spam!)
			mod_auth_msfix
			     AT
			luluware.com
		Copyright 2003 - Charles Gentry

PROBLEM:

  When Microsoft Windows XP attempts to connect to a webdav server, it insanely 
  refuses to just send the user name and password. It insists that it send either 
  "url\username" or "username@domain". This is listed in the  Microsoft Knowledge
  Base as a problem affecting XP and 2000. They recommend as a 'workaround' that
  you use the NETBIOS name for the server or enter the username in the format of
  'url\username'.
  
  Most authentication/authorization modules that come with Apache don't want this
  extra information .It would be handy to strip it off - conditionally. This 
  helps to keep the Apache authentication processes available to even problematic 
  clients.
  
  NOTE: This problem does not affect Macromedia Dreamweaver MX. That 
  product works like a charm with Apache WebDAV. This problem affects MS IE and 
  MS WebFolders


SOLUTION:

	This module will re-write the Basic authorization header that
	comes from Microsoft's Webdav clients'. It has only been tested
	with Windows XP, but sufficient flexibility is available to make
	it work with most systems.

	When it is enabled and working in a 'AuthType BASIC' location
	it will check any client header against a pattern and see if this
	request	should be affected.

	If the header record from the client matches the pattern(s) it will
	iterates through a list of solutions until it finds a matching one.
	If none are found it will ignore the request and let it pass through
	unaltered.

	This module corrects the fact that MS won't fix a big ol' bug
	in their WEBDAV support. It took about 3 hours to write/test
	(but another 1.5 days to write it all up and test over and over.)
	SEE: Testing Notes at the end.

Configuration:

	Version 0.2 only has four configuration commands:

	AuthMSFix       on
		Turn this feature on. Only in a Directory/Location context.

	AuthMSFixDebug	ON
		This is debug. it will fill your logs with a whole bunch of
		ugly messages. However ... if you think the module isn't
		working and you can't figure out why ... go ahead and use it.
		It should give you a clue.

	AuthMSFixOnHeader 	HEADER     REGEX
		If the HEADER (for example "User-Agent") matches the REGEX
		then it will process the request against the list of solutions.

		A typical entry would be:
                	AuthMSFixOnHeader User-Agent    "Microsoft.*Webdav"

	AuthMSFixMatch  USER-PATTERN	SUBSTITUTION-PATTERN
		Match the username against the user-pattern and then apply the
		substitution-pattern. This is similar to what PERL does with
			s/USER-PATTERN/SUBSTITUTION-PATTERN/i

		There can be up to 10 subscripted matches in the USER-PATTERN.
		The one I use against MS-XP is:
                	AuthMSFixMatch  "^.*\\\\(.*)$"  "$1"

If you want to match a single backslash in a string ( ie domain\user ) you need
to escape it, and escape each of those (escape-backslash + escape-backslash ). This
is specified as four backslashes (\\\\).

All patterns are case-insensitive. Currently it is compiled this way and there is
no way to disable it.


EXAMPLES:

(1) Get rid of local domains in usernames, but let others pass through:

	AuthMSFix		ON
	AuthMSFixOnHeader	User-Agent	"Microsoft.*Webdav"
	AuthMSFixMatch		"www.yourdomain.com\\\\"	"$1"
	AuthMSFixMatch		"(.*)@(www\\.)*yourdomain.com"	"$1"

(2) Just check for the usual MS XP stuff:

	AuthMSFix		ON
	AuthMSFixOnHeader	User-Agent	"Microsoft.*Webdav"
	AuthMSFixMatch		".*\\\\(.*)"	"$1"



TESTING NOTES:
	Macromedia Dreamweaver MX works like a charm and does NOT need this
	module. Good work to Macromedia! You can safely bypass Macromedia's
	client (Dreamweaver).  It will be bypassed if you use the 'OnHeader' 
	setting to only affect MS.

	MS IE 6.0 and MS XP "Network Places" may or may not allow 'user@location',
	doesn't always try to authorize, doesn't always send passwords, 
	doesn't seem to remember passwords, and may not work the first time.
	In all tested cases I just ... retried. Over and over. Eventually it
	worked. Well...usually.

	I found that 'server\username' works the best. In order to find this
	out - since I thought it was THIS module screwing up - I added the
	AuthMSFixDebug option. Ddump, dump, dump.... . Aside from lots of
	cleanup and frustration it finally DID connect and I watched as MS
	clients didn't do what they were supposed to do.

	Microsoft - are you Xperienced? In What??

Contents:
    README      - this file
    INSTALL     - installation instructions
    CHANGES     - release notes
    makefile    - the makefile
    mod_auth_msfix.c - source for the module


Distribution:
	This software is distributed under the GNU License (GPL).
	You may redistribute or modify it under this license - and
	as it says you must include the author's name and copyright.

	No warranty is implied or expressed. If this module makes your
	life hell and eats your children you waive your right to legal
	action, spamming, threats, and overall unpleasant behaviour.

	If you find this helpful, good. If you find it a godsend you 
	need to get out more. Perhaps to buy me a beer.