ProFTPD module mod_digest



The mod_digest module offers functionality for calculating the hash (or digest) value of files. This is particularly useful when verifying the integrity of files. This functionality is used by the following custom FTP commands:

In addition, mod_digest supports the more modern HASH command.

Depending on the file size and the hash function, it takes a fair amount of CPU and IO resources to calculate the result. Therefore decide wisely where to enable the features and set the DigestMaxSize configuration directive appropriately.

This module was compiled and tested against ProFTPD 1.3.3 Installation instructions are discussed here.

The most current version of mod_digest is distributed with the ProFTPD source code.

Author

Please contact TJ Saunders <tj at castaglia.org> with any questions, concerns, or suggestions regarding this module.

Thanks

2016-01-09: Thanks to Mathias Berchtold <mb at smartftp.com> for his original mod_digest, upon which this version is based.

Directives


DigestAlgorithms

Syntax: DigestAlgorithms ["crc32"|"md5"|"sha1"|"sha256"|"sha512"|"all"]
Default: DigestAlgorithms all
Context: server config, <VirtualHost>, <Global>, <Anonymous>
Module: mod_digest
Compatibility: 1.3.6rc2 or later

The DigestAlgorithms directive configures the enabled digest algorithms. If no DigestAlgorithms directive is configured, then all supported digest algorithms are enabled.

Enabled digest algorithms are announced/discovered via the FEAT response. The following algorithms are currently supported by mod_digest:


DigestCache

Syntax: DigestCache on|off|"size" count ["maxAge" secs]
Default: DigestCache size 10000 maxAge 30s
Context: server config, <VirtualHost>, <Global>, <Anonymous>
Module: mod_digest
Compatibility: 1.3.6rc2 or later

The mod_digest module will cache the results of any checksum command, on a per-file basis. This improves performance, and reduces computational overhead. To disable this caching for any reason, use this directive:

  # Disable checksum caching
  DigestCache off
This is not recommended.

The DigestCache directive can also be used to configure/tune the max-size of the in-memory cache. Note that once the maximum cache size is reached, any checksum FTP commands will be temporarily refused:

  # Use a smaller cache size
  DigestCache size 100
Cached digests will be expired/ignored after 30 seconds, by default. To change the expiration, you would use:
  # Retain cached entries longer
  DigestCache maxAge 60s

If on is used, mod_digest will use the default max-size of 10000:

  DigestCache on


DigestEnable

Syntax: DigestEnable on|off
Default: Non
Context: <Directory>, .ftpaccess
Module: mod_digest
Compatibility: 1.3.6rc2 or later

The DigestEnable directive can be used to block or prevent checksumming/digests on files in the configured <Directory>. This can be very useful for preventing checksumming of files located on network-mounted filesystems, for example.


DigestEngine

Syntax: DigestEngine on|off
Default: DigestEngine on
Context: server config, <VirtualHost>, <Global>, <Anonymous>
Module: mod_digest
Compatibility: 1.3.6rc2 or later

The DigestEngine directive enables or disables the handling of the checksum-related FTP commands by mod_digest, i.e.:

If the parameter is off, then these commands will be ignored.


DigestMaxSize

Syntax: DigestMaxSize number [units]
Default: None
Context: server config, <VirtualHost>, <Global>, <Anonymous>
Module: mod_digest
Compatibility: 1.3.6rc2 or later

The DigestMaxSize directive configures the maximum number of bytes a single hash command is allowed to read from a file. If the number of bytes to be read from the file is greater than the configured number the server will refuse that command.

If no DigestMaxSize directive is configured, then there is no limit. It is highly recommended to set an upper limit.

Example:

  # Limit hashing to 1GB of data
  DigestMaxSize 1 GB


DigestOptions

Syntax: DigestOptions opt1 ...
Default: None
Context: server config, <VirtualHost>, <Global>
Module: mod_digest
Compatibility: 1.3.6rc2 and later

The DigestOptions directive is used to configure various optional behavior of mod_digest.

The currently implemented options are:


Installation

To install mod_digest, unpack the latest proftpd-1.3.x source code, and copy the mod_digest.c file into that directory:
  $ cp mod_digest.c /path/to/proftpd-1.3.x/contrib/
Then follow the normal steps for using third-party modules in proftpd:
  $ ./configure --enable-openssl --with-modules=mod_digest
To build mod_digest as a shared/DSO module:
  $ ./configure --enable-dso --enable-openssl --with-shared=mod_digest
Then follow the usual steps:
  $ make
  $ make install

Alternatively, if your proftpd was compiled with DSO support, you can use the prxs tool to build mod_digest as a shared module:

  $ prxs -c -i -d mod_digest.c


Usage

Example Configuration
  <IfModule mod_digest.c>
    # Set a limit on file sizes that can be digested
    DigestMaxSize 1GB
  </IfModule>


© Copyright 2016 TJ Saunders
All Rights Reserved