Coming from Slashdot?

You are very welcome, but I advise you to first check the main page.

Here I discuss some technical details only. It's a pity the Slashdot submitter mentioned this page, instead of the main page, which has information interesting for a greater audience.

Setting up a Pseudo www.mac.com Web Server

For my experiment, I used an OpenBSD machine using Apache. In theory any web server server can be used, as long as it supports https. I also set up a MacOS X based web server and it worked OK for .Mac account checks. Note that MacOS X Apache does have problems serving WebDAV disks.

Setting up an https enabled web server was easy for me, since OpenBSD comes with a https enabled Apache. Configuring this server is explained in the OpenBSD FAQ. A self signed certificate will do, since Backup does not check the certificate.

Please do not ask me for more detailed info than I give here. If you are a web server admin, the instructions should be sufficient for you. If not, educate yourself using books, google, friends, or whatever.

Next this is to make sure that when the Backup tool connects to idisk.mac.com or www.mac.com , it actually connects to my own web server. This can easily be done by adding the IP address of the web server to the file /etc/hosts on your Mac, using the following line:

x.x.x.x	idisk.mac.com www.mac.com
Where x.x.x.x is the IP address of your web server.

Contrary to what is said in the comment lines, MacOS X does check this file before going to other sources, like DNS. I also configured the web server as a WebDAV server.

In this document you will find more detailed information on how to set up a WebDAV server in an iDisk compatible way.

The .Mac account check

Setup your web server to return:
{
	payload = {iToolsBackupActivated = Y; trialAccountDaysLeft = -1; };    
	statusCode = success;
}
when this URL is accessed:
	https://www.mac.com/WebObjects/Info.woa/wa/Query/accountInfo
That's all!

Making iDisk control panel work

It is possible to make the iDisk control panel work, although this is not needed to use iDisk or Backup. The first thing you'll have to to is add your server certificate to the list of trusted certificates on your client machine:
	openssl x509 -in server.crt -inform pem -out server.der -outform der
	cp /System/Library/Keychains/X509Anchors ~/Library/Keychains
	/usr/bin/certtool i server.der d k=X509Anchors
	sudo cp ~/Library/Keychains/X509Anchors /System/Library/Keychains
The first command converts the server certificate in PEM format to the same in DER format. The last three commands add the certificate to your personal keychain and the system keychain. You can take a look at X509Anchors by using the Keychain application and opening the Keychains list by using the View menu.

Next thing to do is to setup your webserver to return something like:

{
	payload = {iDiskQuotaInBytes = 1048576000; iDiskUsedBytes = 39096640; }; 
	statusCode = success; 
} 
when this URL is accessed:
	https://www.mac.com/WebObjects/Info.woa/wa/Query/retrieveDiskConfiguration

Some quick hints

The following shows how to setup a cgi script to return the accountInfo information.
  1. Make the subdirectory tree WebObjects/Info.woa/wa/Query under your DocumentRoot.
  2. Setup server like this:
    #  General setup for the virtual host
    DocumentRoot /someDir
    ServerName www.mac.com
    ServerAdmin joe@domain.com
    ErrorLog /someOtherDir/error_log
    TransferLog /someOtherDir/access_log
    
    <Directory /someDir/WebObjects/Info.woa/wa/Query >
    	SetHandler cgi-script
    	Options +ExecCGI
    </Directory>
    
  3. Make a script like this with the name accountInfo (this one also logs full details of requests into /tmp/log):
    #!/bin/sh
    
    # Disable filename globbing
    set -f
    (echo SERVER_SOFTWARE = $SERVER_SOFTWARE
    echo SERVER_NAME = $SERVER_NAME
    echo GATEWAY_INTERFACE = $GATEWAY_INTERFACE
    echo SERVER_PROTOCOL = $SERVER_PROTOCOL
    echo SERVER_PORT = $SERVER_PORT
    echo REQUEST_METHOD = $REQUEST_METHOD
    echo HTTP_ACCEPT = "$HTTP_ACCEPT"
    echo PATH_INFO = "$PATH_INFO"
    echo PATH_TRANSLATED = "$PATH_TRANSLATED"
    echo SCRIPT_NAME = "$SCRIPT_NAME"
    echo QUERY_STRING = "$QUERY_STRING"
    echo REMOTE_HOST = $REMOTE_HOST
    echo REMOTE_ADDR = $REMOTE_ADDR
    echo REMOTE_USER = $REMOTE_USER
    echo AUTH_TYPE = $AUTH_TYPE
    echo CONTENT_TYPE = $CONTENT_TYPE
    echo CONTENT_LENGTH = $CONTENT_LENGTH
    echo) >> /tmp/log
    
    # Cat the POST body to the log
    cat >> /tmp/log
    
    # Return the requested info
    echo Content-type: text/plain
    echo
    
    cat << EOT
    {
    	payload = {iToolsBackupActivated = Y; trialAccountDaysLeft = -1; };
    	statusCode = success;
    }
    EOT
    
  4. Do not forget to make the script executable.

To main page

Copyright © 2002 Otto Moerbeek
Last modified $Date: 2007/03/31 09:56:59 $.