ProFTPD module mod_md5



When a file is uploaded into a specially configured directory, a MD5 digest of the uploaded file is automatically calculated. This MD5 digest is written automatically to a file in the same directory. For example, if a file called "file.txt" is uploaded into a MD5Path directory, then a file called "file.txt.md5" will also automatically be written. The contents of this .md5 file are identical to the output of the common md5sum command.

This .md5 file is useful for large uploads, where the sender wants to be certain that the file was received by the server intact. By comparing the autogenerated .md5 file's MD5 digest with an MD5 digest of the large file calculated by the client before sending, the sender can verify the upload.

The mod_md5 module is contained in the mod_md5.c file for ProFTPD 1.3.x, found here, and is not compiled by default. Installation instructions are discussed here.

The most current version of mod_md5 can be found at:

  http://www.castaglia.org/proftpd/

Author

Please contact TJ Saunders <tj at castaglia.org> with any questions, concerns, or suggestions regarding this module.

Thanks

2001-12-18: Thanks to Bill Fenner for the initial ideas for this module

2002-08-08: Thanks to Jonas Jensen for noting the problems when using SITE MD5 in a DefaultRoot login, and on non-regular files (e.g. directories).

Directives

SITE Commands


MD5Engine

Syntax: MD5Engine on|off
Default: off
Context: server config, <VirtualHost>, <Global>
Module: mod_md5
Compatibility: 1.3.1rc1 and later

The MD5Engine directive enables or disables the module's runtime MD5 engine. If it is set to off this module does no MD5 processing at all. Use this directive to disable the module instead of commenting out all mod_md5 directives.


MD5Path

Syntax: MD5Path path
Default: None
Context: server config, <VirtualHost>, <Global>, <Anonymous>
Module: mod_md5
Compatibility: 1.3.1rc1 and later

The MD5Path directive specifies a path to a directory. Files uploaded to that directory (and its subdirectories) will automatically have MD5 digests calculated and printed to a file.md5 file. Multiple such directories can be configured by using mulitple MD5Path directives.

Note that if the given path starts with a !, mod_md5 will treat the directory normally, and not generate .md5 files in that directory. This is primarily useful for disabling .md5 generation in directories whose parent directories may be MD5Path directories.

Example:

  # A path can use ~ notation
  MD5Path ~/public_ftp/md5

  # Calculate digests in the normal upload directory
  MD5Path /path/to/upload/dir

  # Disable generation of .md5 files in a subdirectory of the upload directory
  MD5Path !/path/to/upload/dir/subdir


SITE MD5

This SITE command accepts a single parameter, the path to the file of which to obtain the MD5 digest, and can only be used once the client has successfully logged in. When allowing this command to be used, it is best to limit its use to trusted clients, e.g.:
  <Limit SITE_MD5>
    Allow ...
    DenyAll
  </Limit>
for calculating the sum for large files can be CPU-intensive.

Example:

ftp> quote SITE MD5 HelloWorld.txt
200-9af2f8218b150c351ad802c6f3d66abe    HelloWorld.txt
200 Please contact root@familiar.castaglia.org if this digest is inaccurate

Use of this SITE can be controlled via <Limit>, e.g.:

  <Limit SITE_MD5>
    AllowUser stan
    DenyAll
  </Limit>


Installation

After unpacking and patching the latest proftpd-1.3 source code, copy the mod_md5.c file into:
  proftpd-dir/contrib/
Then follow the normal steps for using third-party modules in proftpd:
  ./configure --with-modules=mod_md5
  make
  make install


Usage

In addition to creating .md5 files for uploaded files, mod_md5 also automatically deletes the .md5 file when its file is deleted from a MD5Path directory.

Users of mod_md5 will notice that the configuration directives changed substantially with the 1.0rc1 release. These changes are necessary in order to support new functionality, such as ! MD5Path negation. The other new feature in 1.0rc1 is better integration with mod_ifsession. This means that now mod_md5's capabilities can be controlled to a finer degree by using mod_ifsession control contexts (demonstrated below).

This example shows a typical mod_md5 configuration:

  <IfModule mod_md5.c>
    MD5Engine on
    MD5Path /var/ftp/public/upload
  </IfModule>

Another example configuration which allows use of mod_md5 capabilities by users in a special group, using mod_ifsession:

  <IfModule mod_md5.c>
    MD5Engine on

    <IfGroup md5ftp>
      MD5Path ~
    </IfUser>
  </IfModule>

Note that for mod_md5 and mod_ifsession to be used properly together, mod_ifsession must come after mod_md5 in your --with-modules configure option.



Author: $Author: tj $
Last Updated: $Date: 2006/12/14 01:59:16 $


© Copyright 2000-2006 TJ Saunders
All Rights Reserved