Skip to content

cplrossi/mod_authn_curl

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

2 Commits
.gitignore
.gitignore
 
 
AUTHORS
AUTHORS
 
 
COPYING
COPYING
 
 
ChangeLog
ChangeLog
 
 
INSTALL
INSTALL
 
 
Makefile.am
Makefile.am
 
 
NEWS
NEWS
 
 
README
README
 
 
README.md
README.md
 
 
confdefs.h
confdefs.h
 
 
configure.ac
configure.ac
 
 
find_apr.m4
find_apr.m4
 
 
libcurl.m4
libcurl.m4
 
 
mod_authn_curl.c
mod_authn_curl.c
 
 

Repository files navigation

Apache Module mod_authn_curl

Every curlable resource can be a source of authentication

What if you run an email service with a user base and want to authenticate such users to access a private resource served by your httpd instance? I do know that nowadays there are sophisticated ways to do such things, but e.g. ZNC uses a simple approach with its imapauth module. httpd doesn't come with an IMAP provider.

Well, libcurl abstracts implementation details of a wide range of protocols, possibly encrypted with GnuTLS or OpenSSL. Resource fetching is done by libcurl with a URL that follows the rules for a certain protocol, e.g. https://example.com:8443/private or imap://localhost:143/.

To successfully retrieve such resources, it is sometimes required to authenticate according to the methods provided for each protocol, e.g. basic authentication for http and plain for imap.

So, here's an httpd authentication module that is not just an IMAP provider, but a more general provider that relies on any resource could be accessed by libcurl using the credentials provided by the httpd users.

Security and performance considerations are left to yourself...

Tested on Arch Linux and Debian bullseye.

Install

Download the latest release from this repository.

You'll need APR and httpd headers in order to build this module. Consult your distro documentation to get this things up.

The standard GNU INSTALL file is provided, but tipically it's just a matter of:

cd $YOUR_UNPACKED_TARBALL
mkdir build && cd build
../configure && make && sudo make install

The module is installed into /usr/local/lib/mod_authn_curl/.

Configuration

Load the module using an httpd directive like:

LoadModule authn_curl_module  /usr/local/lib/mod_authn_curl/mod_authn_curl.so

Module specific directives are AuthCurlURL and optional AuthCurlVerifyPeer (defaults to Off).

An example conf could be:

...

<IfModule mod_authn_curl.c>
	<Location "/">
		AuthType basic
		AuthName "suca"
		AuthBasicProvider curl
		AuthCurlURL "imap://localhost:143/"
		Require valid-user
	</Location>
</IfModule>

...

You could do some nice self-DoSsing by specifying an AuthCurlURL handled by the module itself.

(Non) Community

Maybe find someone on #scroc.co on irc.libera.chat to complain.

About

Apache Module mod_authn_curl

Topics

module authentication curl ftp imap apache libcurl httpd apache2

Resources

Readme

License

GPL-3.0 license
Activity

Stars

0 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

1 tags

Languages