mod_digest
The mod_digest
module offers functionality for calculating the hash
(or digest) value of files. This is particularly useful when verifying
the integrity of files. This functionality is used by the following custom
FTP commands:
XCRC
(requests CRC32 digest/checksum)
MD5/XMD5
(requests MD5 digest/checksum)
XSHA
/XSHA1
(requests SHA1 digest/checksum)
XSHA256
(requests SHA256 digest/checksum)
XSHA512
(requests SHA512 digest/checksum)
mod_digest
supports the more modern HASH
command.
Depending on the file size and the hash function, it takes a fair amount of CPU and IO resources to calculate the result. Therefore decide wisely where to enable the features and set the DigestMaxSize configuration directive appropriately.
This module was compiled and tested against ProFTPD 1.3.3 Installation instructions are discussed here.
The most current version of mod_digest
is distributed with the
ProFTPD source code.
Please contact TJ Saunders <tj at castaglia.org> with any questions, concerns, or suggestions regarding this module.
2016-01-09: Thanks to Mathias Berchtold <mb at
smartftp.com> for his original mod_digest
, upon which this
version is based.
The DigestAlgorithms
directive configures the enabled digest
algorithms. If no DigestAlgorithms
directive is configured, then
all supported digest algorithms are enabled.
Enabled digest algorithms are announced/discovered via the FEAT
response.
The following algorithms are currently supported by mod_digest
:
crc32
(e.g. for the XCRC
command)
md5
(e.g. for the XMD5
command)
sha1
(e.g. for the XSHA
/XSHA1
commands)
sha256
(e.g. for the XSHA256
command)
sha512
(e.g. for the XSHA512
command)
The mod_digest
module will cache the results of any checksum
command, on a per-file basis. This improves performance, and reduces
computational overhead. To disable this caching for any reason, use this
directive:
# Disable checksum caching DigestCache offThis is not recommended.
The DigestCache
directive can also be used to configure/tune the
max-size of the in-memory cache. Note that once the maximum cache
size is reached, any checksum FTP commands will be temporarily refused:
# Use a smaller cache size DigestCache size 100Cached digests will be expired/ignored after 30 seconds, by default. To change the expiration, you would use:
# Retain cached entries longer DigestCache maxAge 60s
If on is used, mod_digest
will use the default
max-size of 10000:
DigestCache on
<Directory>
, .ftpaccess
The DigestEnable
directive can be used to block or prevent
checksumming/digests on files in the configured <Directory>
.
This can be very useful for preventing checksumming of files located
on network-mounted filesystems, for example.
The DigestEngine
directive enables or disables the handling of
the checksum-related FTP commands by mod_digest
, i.e.:
XCRC
XMD5
XSHA
XSHA1
XSHA256
XSHA512
The DigestMaxSize
directive configures the maximum number of bytes
a single hash command is allowed to read from a file. If the number of bytes
to be read from the file is greater than the configured number the
server will refuse that command.
If no DigestMaxSize
directive is configured, then there is no
limit. It is highly recommended to set an upper limit.
Example:
# Limit hashing to 1GB of data DigestMaxSize 1 GB
<VirtualHost>
, <Global>
The DigestOptions
directive is used to configure various optional
behavior of mod_digest
.
The currently implemented options are:
NoTransferCache
The mod_digest
module will automatically calculate and
cache the results of any transferred file, on a per-file basis. This is
done assuming that many FTP clients will want to verify the integrity of
the file just uploaded/downloaded. This improves performance, and
reduces computational overhead. To disable this caching for any reason,
use this option. Not recommended.
Note: The NoTransferCache
option is
automatically enabled when using ProFTPD versions before
1.3.6rc2, due to bugs/missing support in the older versions.
mod_digest
, unpack the latest proftpd-1.3.x
source code, and copy the mod_digest.c
file into that directory:
$ cp mod_digest.c /path/to/proftpd-1.3.x/contrib/Then follow the normal steps for using third-party modules in proftpd:
$ ./configure --enable-openssl --with-modules=mod_digestTo build
mod_digest
as a shared/DSO module:
$ ./configure --enable-dso --enable-openssl --with-shared=mod_digestThen follow the usual steps:
$ make $ make install
Alternatively, if your proftpd was compiled with DSO support, you can
use the prxs
tool to build mod_digest
as a shared
module:
$ prxs -c -i -d mod_digest.c
<IfModule mod_digest.c> # Set a limit on file sizes that can be digested DigestMaxSize 1GB </IfModule>