What if you run an email service with a user base and want to authenticate such users to access a private resource served by your httpd instance? I do know that nowadays there are sophisticated ways to do such things, but e.g. ZNC uses a simple approach with its imapauth module. httpd doesn't come with an IMAP provider.
Well, libcurl abstracts implementation
details of a wide range of protocols, possibly encrypted with
GnuTLS or
OpenSSL. Resource fetching is done by
libcurl with a URL that follows the rules for a certain protocol,
e.g. https://example.com:8443/private
or imap://localhost:143/
.
To successfully retrieve such resources, it is sometimes required to authenticate according to the methods provided for each protocol, e.g. basic authentication for http and plain for imap.
So, here's an httpd authentication module that is not just an IMAP provider, but a more general provider that relies on any resource could be accessed by libcurl using the credentials provided by the httpd users.
Security and performance considerations are left to yourself...
Tested on Arch Linux and Debian bullseye.
Download the latest release from this repository.
You'll need APR and httpd headers in order to build this module. Consult your distro documentation to get this things up.
The standard GNU INSTALL
file is provided, but tipically it's just a
matter of:
cd $YOUR_UNPACKED_TARBALL
mkdir build && cd build
../configure && make && sudo make install
The module is installed into /usr/local/lib/mod_authn_curl/
.
Load the module using an httpd directive like:
LoadModule authn_curl_module /usr/local/lib/mod_authn_curl/mod_authn_curl.so
Module specific directives are AuthCurlURL
and optional
AuthCurlVerifyPeer
(defaults to Off
).
An example conf could be:
...
<IfModule mod_authn_curl.c>
<Location "/">
AuthType basic
AuthName "suca"
AuthBasicProvider curl
AuthCurlURL "imap://localhost:143/"
Require valid-user
</Location>
</IfModule>
...
You could do some nice self-DoSsing by specifying an AuthCurlURL
handled by the module itself.
Maybe find someone on #scroc.co
on irc.libera.chat
to complain.