ports/165565: New port: www/mod_auth_token Token-based
authentication similar to mod_secdownload in LIGHTTPD
Filip Valder
filip.valder at vsb.cz
Wed Feb 29 22:10:13 UTC 2012
The following reply was made to PR ports/165565; it has been noted by GNATS.
From: Filip Valder <filip.valder at vsb.cz>
To: bug-followup at FreeBSD.org, filip at valder.cz
Cc:
Subject: Re: ports/165565: New port: www/mod_auth_token Token-based authentication
similar to mod_secdownload in LIGHTTPD
Date: Wed, 29 Feb 2012 23:10:00 +0100
This is a multi-part message in MIME format.
--------------020109090804050307090101
Content-Type: text/plain; charset=ISO-8859-2; format=flowed
Content-Transfer-Encoding: 7bit
Hi.
I've got some problem with my public PTR record (maintained by my ISP).
FreeBSD.org MXs don't accept mail from me, so I re-sent it using another
mailbox, but the message was corrupted (as I expected :-)). I've
attached the original message to his mail. It has got the right headers,
consistent shar file etc...
Sorry for the inconvenience... My first porting...
Cheers,
Filip
--------------020109090804050307090101
Content-Type: message/rfc822;
name="mod_auth_token Token-based authentication similar to mod_secdownload in LIGHTTPD.eml"
Content-Transfer-Encoding: 7bit
Content-Disposition: attachment;
filename*0="mod_auth_token Token-based authentication similar to mod_sec";
filename*1="download in LIGHTTPD.eml"
Received: from postak.ulice (postak.ulice [192.168.1.252])
by smtp.svetdoma.cz (Postfix) with ESMTP id D18D5427DDD;
Wed, 29 Feb 2012 22:21:43 +0100 (CET)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=valder.cz; h=
reply-to:from:from:subject:subject:message-id:date:date:received
:received:received:received; s=dkim; t=1330550497; x=1332364898;
bh=f4lCZ3DyUYs4Us0dcUkba9qvnplo7UrY78hvd5yv7is=; b=bzhlDJeBmvYI
JrT7C9DnDlQkxoMq0sZetM5Q1Zre5Wxapi2jFggxKi3srybdZ0BDcIAmq/gbdWy9
gqf0ICh5Rsut2W+w9UeG2U6lWioguGRXhd1ZIZxaGXqhok7VUTL8vctI5HzGEWrM
us+Nz32T3O4crEQrPs/lNeiEu1ika/Q=
Received: from smtp.svetdoma.cz ([192.168.1.252])
by postak.ulice (smtp.svetdoma.cz [192.168.1.252]) (amavisd-new, port 10026)
with ESMTP id Rj-eZQlkXKlA; Wed, 29 Feb 2012 22:21:37 +0100 (CET)
Received: from ulicnik.ulice (ulicnik.ulice [192.168.1.253])
by smtp.svetdoma.cz (Postfix) with ESMTPS id C62D8427D54;
Wed, 29 Feb 2012 22:21:37 +0100 (CET)
Received: from ulicnik.ulice (ulicnik.ulice [192.168.1.253])
by ulicnik.ulice (8.14.3/8.14.3) with ESMTP id q1TLLbw1023075;
Wed, 29 Feb 2012 22:21:37 +0100 (CET)
(envelope-from root at ulicnik.ulice)
Received: (from root at localhost)
by ulicnik.ulice (8.14.3/8.14.3/Submit) id q1TLLbHc023074;
Wed, 29 Feb 2012 22:21:37 +0100 (CET)
(envelope-from root)
Date: Wed, 29 Feb 2012 22:21:37 +0100 (CET)
Message-Id: <201202292121.q1TLLbHc023074 at ulicnik.ulice>
To: FreeBSD-gnats-submit at freebsd.org
Subject: New port: www/mod_auth_token Token-based authentication similar to mod_secdownload in LIGHTTPD
From: Filip Valder <filip at valder.cz>
Reply-To: Filip Valder <filip at valder.cz>
Cc: Filip Valder <filip at valder.cz>
X-send-pr-version: 3.113
X-GNATS-Notify:
>Submitter-Id: fv
>Originator: Filip Valder
>Organization: ULICE.SvetDoma.cz
>Confidential: no
>Synopsis: New port: www/mod_auth_token Token-based authentication similar to mod_secdownload in LIGHTTPD
>Severity: non-critical
>Priority: medium
>Category: ports
>Class: change-request
>Release: FreeBSD 8.2-RELEASE i386
>Environment:
System: FreeBSD ulicnik.ulice 8.2-RELEASE FreeBSD 8.2-RELEASE #1: Sat Dec 3 23:35:47 CET 2011 root at hlidac-ha-2.ulice:/usr/obj/usr/src/sys/MYKERNEL i386
>Description:
Token-based authentication similar to mod_secdownload in LIGHTTPD.
Have your script generate a token and let Apache handle the file
transfer without having to pipe it through a script for security.
>How-To-Repeat:
>Fix:
--- mod_auth_token.shar begins here ---
# This is a shell archive. Save it in a file, remove anything before
# this line, and then unpack it by entering "sh file". Note, it may
# create directories; files and directories will be owned by you and
# have default permissions.
#
# This archive contains:
#
# mod_auth_token
# mod_auth_token/Makefile
# mod_auth_token/pkg-descr
# mod_auth_token/distinfo
# mod_auth_token/pkg-deinstall
# mod_auth_token/pkg-message
#
echo c - mod_auth_token
mkdir -p mod_auth_token > /dev/null 2>&1
echo x - mod_auth_token/Makefile
sed 's/^X//' >mod_auth_token/Makefile << '9f12235b8a9ec0e6dd5b3158e829e2fc'
X# New ports collection makefile for: mod_auth_token
X# Date created: 29 February 2012
X# Whom: fv
X#
X# $FreeBSD$
X#
X
XPORTNAME= mod_auth_token
XPORTVERSION= 1.0.5
XCATEGORIES= www
XMASTER_SITES= http://mod-auth-token.googlecode.com/files/
XMASTER_SITES+= http://ports.valder.cz/${PORTNAME:L}/
X
XMAINTAINER= filip at valder.cz
XCOMMENT= Token-based authentication similar to mod_secdownload in LIGHTTPD
X
XBUILD_DEPENDS= automake>=1.10:${PORTSDIR}/devel/automake
X
XUSE_APACHE= 22+
XAP_GENPLIST= yes
XPLIST_FILES+= %%APACHEMODDIR%%/mod_auth_token.so
X
XUSE_AUTOTOOLS= aclocal:env automake:env libtool
X
Xpost-patch:
X @${LN} -f -s ${PREFIX}/share/automake-${AUTOMAKE_VERSION}/COPYING ${WRKSRC}/COPYING
X @${LN} -f -s ${PREFIX}/share/automake-${AUTOMAKE_VERSION}/config.guess ${WRKSRC}/config.guess
X @${LN} -f -s ${PREFIX}/share/automake-${AUTOMAKE_VERSION}/config.sub ${WRKSRC}/config.sub
X @${LN} -f -s ${PREFIX}/share/automake-${AUTOMAKE_VERSION}/install-sh ${WRKSRC}/install-sh
X @${LN} -f -s ${PREFIX}/share/automake-${AUTOMAKE_VERSION}/missing ${WRKSRC}/missing
X
Xpost-install:
X @${CAT} ${WRKSRC}/README
X
X.include <bsd.port.mk>
9f12235b8a9ec0e6dd5b3158e829e2fc
echo x - mod_auth_token/pkg-descr
sed 's/^X//' >mod_auth_token/pkg-descr << '91039b76901d21b2a9e74a3142652e82'
XToken-based authentication similar to mod_secdownload in LIGHTTPD.
XHave your script generate a token and let Apache handle the file
Xtransfer without having to pipe it through a script for security.
X
XWWW: http://code.google.com/p/mod-auth-token/
91039b76901d21b2a9e74a3142652e82
echo x - mod_auth_token/distinfo
sed 's/^X//' >mod_auth_token/distinfo << '4f40ad080ecb2bad0a7130d84dcd78d7'
XSHA256 (mod_auth_token-1.0.5.tar.gz) = 85af5d3d9bf5fb01d1ba04c814de3b43660cb0bb54122517429113cdb2b198fe
XSIZE (mod_auth_token-1.0.5.tar.gz) = 340355
4f40ad080ecb2bad0a7130d84dcd78d7
echo x - mod_auth_token/pkg-deinstall
sed 's/^X//' >mod_auth_token/pkg-deinstall << 'cfd8bb91d9a91d905ba285ce084053e0'
X#!/bin/sh
X#
X# $FreeBSD$
X#
X
Xsed -i.bak '/LoadModule.*mod_auth_token.so/d' /usr/local/etc/apache[0-9]*/httpd.conf
cfd8bb91d9a91d905ba285ce084053e0
echo x - mod_auth_token/pkg-message
sed 's/^X//' >mod_auth_token/pkg-message << '887de36e5961a0b4aa13e29fd511a720'
X
X This module uses token based authentication to secure downloads
X and prevent deep-linking.
X
X Have your script or servlet generate a token to authenticate the
X download and let Apache handle the file transfer without having
X to pipe it through a script for security.
X
X You can find downloads, daily snapshots and support information at
X http://www.synd.info/
X
XUSAGE
X
X The token is an hex-encoded MD5 hash of the
X secret password, relative file path and the timestamp. It is
X encoded onto the URI as:
X
X <uri-prefix><token>/<timestamp-in-hex><rel-path>
X
X For example
X
X /protected/dee0ed6174a894113d5e8f6c98f0e92b/43eaf9c5/path/to/file.txt
X
X where the token is generated as
X
X md5("secret" + "/path/to/file.txt" + dechex(time_now()))
X
X with the following configuration in httpd.conf
X
X <Location /protected/>
X AuthTokenSecret "secret"
X AuthTokenPrefix /protected/
X AuthTokenTimeout 60
X </Location
X
X The actual file would be located in
X
X /protected/path/to/file.txt
X
XCREDITS
X
X Implementation ideas were taken from mod_secdownload for LIGHTTPD
X - http://trac.lighttpd.net/trac/wiki/Docs%3AModSecDownload
887de36e5961a0b4aa13e29fd511a720
exit
--- mod_auth_token.shar ends here ---
--------------020109090804050307090101--
More information about the freebsd-apache
mailing list