Mercurial > hg > nginx-mail
annotate src/mail/ngx_mail_auth_http_module.c @ 400:f1e2fab7a46c
Mail: smtp proxy without authentication.
Activated by auth method "unauth" in smtp_auth directive.
Waits for MAIL FROM and first RCPT TO from client, asks auth_http for
backend with additional headers Auth-SMTP-Helo, Auth-SMTP-From,
Auth-SMTP-To, and establishes connection to backend.
Auth-SMTP-From/To currently contain full command (e.g. "mail from: <>"),
this may change in future.
The functionality was designed to take off load from real smtp servers.
Additionally it may be used to implement pop-before-smtp authentication
(but dont do it unless you really need it - use real auth instead).
Current bug-features:
- If only "unauth" method activated in config, other methods (e.g. plain,
login) not advertised but accepted. Make sure your auth server handles
this gracefully.
- If backend server returns error on MAIL FROM / RCPT TO command while
proxy tunnel setup, nginx will close connection to client with 4xx
error. One may use proxy_pass_error_message directive to pass original
error message to client.
- Syntax of MAIL FROM / RCPT TO commands from client isn't checked.
author | Maxim Dounin <mdounin@mdounin.ru> |
---|---|
date | Sun, 22 Jul 2007 23:55:12 +0000 |
parents | a96157df5186 |
children | 481e8f936572 |
rev | line source |
---|---|
290 | 1 |
2 /* | |
3 * Copyright (C) Igor Sysoev | |
4 */ | |
5 | |
6 | |
7 #include <ngx_config.h> | |
8 #include <ngx_core.h> | |
9 #include <ngx_event.h> | |
10 #include <ngx_event_connect.h> | |
11 #include <ngx_mail.h> | |
12 | |
13 | |
14 typedef struct { | |
15 ngx_peer_addr_t *peer; | |
16 | |
17 ngx_msec_t timeout; | |
18 | |
19 ngx_str_t host_header; | |
20 ngx_str_t uri; | |
21 ngx_str_t header; | |
22 | |
23 ngx_array_t *headers; | |
24 } ngx_mail_auth_http_conf_t; | |
25 | |
26 | |
27 typedef struct ngx_mail_auth_http_ctx_s ngx_mail_auth_http_ctx_t; | |
28 | |
29 typedef void (*ngx_mail_auth_http_handler_pt)(ngx_mail_session_t *s, | |
30 ngx_mail_auth_http_ctx_t *ctx); | |
31 | |
32 struct ngx_mail_auth_http_ctx_s { | |
33 ngx_buf_t *request; | |
34 ngx_buf_t *response; | |
35 ngx_peer_connection_t peer; | |
36 | |
37 ngx_mail_auth_http_handler_pt handler; | |
38 | |
39 ngx_uint_t state; | |
40 ngx_uint_t hash; /* no needed ? */ | |
41 | |
42 u_char *header_name_start; | |
43 u_char *header_name_end; | |
44 u_char *header_start; | |
45 u_char *header_end; | |
46 | |
47 ngx_str_t addr; | |
48 ngx_str_t port; | |
49 ngx_str_t err; | |
50 ngx_str_t errmsg; | |
51 ngx_str_t errcode; | |
52 | |
53 time_t sleep; | |
54 | |
55 ngx_pool_t *pool; | |
56 }; | |
57 | |
58 | |
59 static void ngx_mail_auth_http_write_handler(ngx_event_t *wev); | |
60 static void ngx_mail_auth_http_read_handler(ngx_event_t *rev); | |
61 static void ngx_mail_auth_http_ignore_status_line(ngx_mail_session_t *s, | |
62 ngx_mail_auth_http_ctx_t *ctx); | |
63 static void ngx_mail_auth_http_process_headers(ngx_mail_session_t *s, | |
64 ngx_mail_auth_http_ctx_t *ctx); | |
65 static void ngx_mail_auth_sleep_handler(ngx_event_t *rev); | |
66 static ngx_int_t ngx_mail_auth_http_parse_header_line(ngx_mail_session_t *s, | |
67 ngx_mail_auth_http_ctx_t *ctx); | |
68 static void ngx_mail_auth_http_block_read(ngx_event_t *rev); | |
69 static void ngx_mail_auth_http_dummy_handler(ngx_event_t *ev); | |
70 static ngx_buf_t *ngx_mail_auth_http_create_request(ngx_mail_session_t *s, | |
71 ngx_pool_t *pool, ngx_mail_auth_http_conf_t *ahcf); | |
72 static ngx_int_t ngx_mail_auth_http_escape(ngx_pool_t *pool, ngx_str_t *text, | |
73 ngx_str_t *escaped); | |
74 | |
75 static void *ngx_mail_auth_http_create_conf(ngx_conf_t *cf); | |
76 static char *ngx_mail_auth_http_merge_conf(ngx_conf_t *cf, void *parent, | |
77 void *child); | |
78 static char *ngx_mail_auth_http(ngx_conf_t *cf, ngx_command_t *cmd, void *conf); | |
79 static char *ngx_mail_auth_http_header(ngx_conf_t *cf, ngx_command_t *cmd, | |
80 void *conf); | |
81 | |
82 | |
83 static ngx_command_t ngx_mail_auth_http_commands[] = { | |
84 | |
85 { ngx_string("auth_http"), | |
86 NGX_MAIL_MAIN_CONF|NGX_MAIL_SRV_CONF|NGX_CONF_TAKE1, | |
87 ngx_mail_auth_http, | |
88 NGX_MAIL_SRV_CONF_OFFSET, | |
89 0, | |
90 NULL }, | |
91 | |
92 { ngx_string("auth_http_timeout"), | |
93 NGX_MAIL_MAIN_CONF|NGX_MAIL_SRV_CONF|NGX_CONF_TAKE1, | |
94 ngx_conf_set_msec_slot, | |
95 NGX_MAIL_SRV_CONF_OFFSET, | |
96 offsetof(ngx_mail_auth_http_conf_t, timeout), | |
97 NULL }, | |
98 | |
99 { ngx_string("auth_http_header"), | |
100 NGX_MAIL_MAIN_CONF|NGX_MAIL_SRV_CONF|NGX_CONF_TAKE2, | |
101 ngx_mail_auth_http_header, | |
102 NGX_MAIL_SRV_CONF_OFFSET, | |
103 0, | |
104 NULL }, | |
105 | |
106 ngx_null_command | |
107 }; | |
108 | |
109 | |
110 static ngx_mail_module_t ngx_mail_auth_http_module_ctx = { | |
111 NULL, /* create main configuration */ | |
112 NULL, /* init main configuration */ | |
113 | |
114 ngx_mail_auth_http_create_conf, /* create server configuration */ | |
115 ngx_mail_auth_http_merge_conf /* merge server configuration */ | |
116 }; | |
117 | |
118 | |
119 ngx_module_t ngx_mail_auth_http_module = { | |
120 NGX_MODULE_V1, | |
121 &ngx_mail_auth_http_module_ctx, /* module context */ | |
122 ngx_mail_auth_http_commands, /* module directives */ | |
123 NGX_MAIL_MODULE, /* module type */ | |
124 NULL, /* init master */ | |
125 NULL, /* init module */ | |
126 NULL, /* init process */ | |
127 NULL, /* init thread */ | |
128 NULL, /* exit thread */ | |
129 NULL, /* exit process */ | |
130 NULL, /* exit master */ | |
131 NGX_MODULE_V1_PADDING | |
132 }; | |
133 | |
134 | |
135 static char *ngx_mail_auth_http_protocol[] = { "pop3", "imap", "smtp" }; | |
136 static ngx_str_t ngx_mail_auth_http_method[] = { | |
137 ngx_string("plain"), | |
138 ngx_string("plain"), | |
139 ngx_string("apop"), | |
400
f1e2fab7a46c
Mail: smtp proxy without authentication.
Maxim Dounin <mdounin@mdounin.ru>
parents:
394
diff
changeset
|
140 ngx_string("cram-md5"), |
f1e2fab7a46c
Mail: smtp proxy without authentication.
Maxim Dounin <mdounin@mdounin.ru>
parents:
394
diff
changeset
|
141 ngx_string("unauth") |
290 | 142 }; |
143 | |
144 static ngx_str_t ngx_mail_smtp_errcode = ngx_string("535 5.7.0"); | |
145 | |
146 void | |
147 ngx_mail_auth_http_init(ngx_mail_session_t *s) | |
148 { | |
149 ngx_int_t rc; | |
150 ngx_pool_t *pool; | |
151 ngx_mail_auth_http_ctx_t *ctx; | |
152 ngx_mail_auth_http_conf_t *ahcf; | |
153 | |
154 s->connection->log->action = "in http auth state"; | |
155 | |
156 pool = ngx_create_pool(2048, s->connection->log); | |
157 if (pool == NULL) { | |
158 ngx_mail_session_internal_server_error(s); | |
159 return; | |
160 } | |
161 | |
162 ctx = ngx_pcalloc(pool, sizeof(ngx_mail_auth_http_ctx_t)); | |
163 if (ctx == NULL) { | |
164 ngx_destroy_pool(pool); | |
165 ngx_mail_session_internal_server_error(s); | |
166 return; | |
167 } | |
168 | |
169 ctx->pool = pool; | |
170 | |
171 ahcf = ngx_mail_get_module_srv_conf(s, ngx_mail_auth_http_module); | |
172 | |
173 ctx->request = ngx_mail_auth_http_create_request(s, pool, ahcf); | |
174 if (ctx->request == NULL) { | |
175 ngx_destroy_pool(ctx->pool); | |
176 ngx_mail_session_internal_server_error(s); | |
177 return; | |
178 } | |
179 | |
180 ngx_mail_set_ctx(s, ctx, ngx_mail_auth_http_module); | |
181 | |
182 ctx->peer.sockaddr = ahcf->peer->sockaddr; | |
183 ctx->peer.socklen = ahcf->peer->socklen; | |
184 ctx->peer.name = &ahcf->peer->name; | |
185 ctx->peer.get = ngx_event_get_peer; | |
186 ctx->peer.log = s->connection->log; | |
187 ctx->peer.log_error = NGX_ERROR_ERR; | |
188 | |
189 rc = ngx_event_connect_peer(&ctx->peer); | |
190 | |
191 if (rc == NGX_ERROR || rc == NGX_BUSY || rc == NGX_DECLINED) { | |
192 if (ctx->peer.connection) { | |
193 ngx_close_connection(ctx->peer.connection); | |
194 } | |
195 | |
196 ngx_destroy_pool(ctx->pool); | |
197 ngx_mail_session_internal_server_error(s); | |
198 return; | |
199 } | |
200 | |
201 ctx->peer.connection->data = s; | |
202 ctx->peer.connection->pool = s->connection->pool; | |
203 | |
204 s->connection->read->handler = ngx_mail_auth_http_block_read; | |
205 ctx->peer.connection->read->handler = ngx_mail_auth_http_read_handler; | |
206 ctx->peer.connection->write->handler = ngx_mail_auth_http_write_handler; | |
207 | |
208 ctx->handler = ngx_mail_auth_http_ignore_status_line; | |
209 | |
210 ngx_add_timer(ctx->peer.connection->read, ahcf->timeout); | |
211 ngx_add_timer(ctx->peer.connection->write, ahcf->timeout); | |
212 | |
213 if (rc == NGX_OK) { | |
214 ngx_mail_auth_http_write_handler(ctx->peer.connection->write); | |
215 return; | |
216 } | |
217 } | |
218 | |
219 | |
220 static void | |
221 ngx_mail_auth_http_write_handler(ngx_event_t *wev) | |
222 { | |
223 ssize_t n, size; | |
224 ngx_connection_t *c; | |
225 ngx_mail_session_t *s; | |
226 ngx_mail_auth_http_ctx_t *ctx; | |
227 ngx_mail_auth_http_conf_t *ahcf; | |
228 | |
229 c = wev->data; | |
230 s = c->data; | |
231 | |
232 ctx = ngx_mail_get_module_ctx(s, ngx_mail_auth_http_module); | |
233 | |
234 ngx_log_debug0(NGX_LOG_DEBUG_MAIL, wev->log, 0, | |
235 "mail auth http write handler"); | |
236 | |
237 if (wev->timedout) { | |
238 ngx_log_error(NGX_LOG_ERR, wev->log, NGX_ETIMEDOUT, | |
239 "auth http server %V timed out", ctx->peer.name); | |
240 ngx_close_connection(ctx->peer.connection); | |
241 ngx_destroy_pool(ctx->pool); | |
242 ngx_mail_session_internal_server_error(s); | |
243 return; | |
244 } | |
245 | |
246 size = ctx->request->last - ctx->request->pos; | |
247 | |
248 n = ngx_send(c, ctx->request->pos, size); | |
249 | |
250 if (n == NGX_ERROR) { | |
251 ngx_close_connection(ctx->peer.connection); | |
252 ngx_destroy_pool(ctx->pool); | |
253 ngx_mail_session_internal_server_error(s); | |
254 return; | |
255 } | |
256 | |
257 if (n > 0) { | |
258 ctx->request->pos += n; | |
259 | |
260 if (n == size) { | |
261 wev->handler = ngx_mail_auth_http_dummy_handler; | |
262 | |
263 if (wev->timer_set) { | |
264 ngx_del_timer(wev); | |
265 } | |
266 | |
267 if (ngx_handle_write_event(wev, 0) == NGX_ERROR) { | |
268 ngx_close_connection(ctx->peer.connection); | |
269 ngx_destroy_pool(ctx->pool); | |
270 ngx_mail_session_internal_server_error(s); | |
271 } | |
272 | |
273 return; | |
274 } | |
275 } | |
276 | |
277 if (!wev->timer_set) { | |
278 ahcf = ngx_mail_get_module_srv_conf(s, ngx_mail_auth_http_module); | |
279 ngx_add_timer(wev, ahcf->timeout); | |
280 } | |
281 } | |
282 | |
283 | |
284 static void | |
285 ngx_mail_auth_http_read_handler(ngx_event_t *rev) | |
286 { | |
287 ssize_t n, size; | |
288 ngx_connection_t *c; | |
289 ngx_mail_session_t *s; | |
290 ngx_mail_auth_http_ctx_t *ctx; | |
291 | |
292 c = rev->data; | |
293 s = c->data; | |
294 | |
295 ngx_log_debug0(NGX_LOG_DEBUG_MAIL, rev->log, 0, | |
296 "mail auth http read handler"); | |
297 | |
298 ctx = ngx_mail_get_module_ctx(s, ngx_mail_auth_http_module); | |
299 | |
300 if (rev->timedout) { | |
301 ngx_log_error(NGX_LOG_ERR, rev->log, NGX_ETIMEDOUT, | |
302 "auth http server %V timed out", ctx->peer.name); | |
303 ngx_close_connection(ctx->peer.connection); | |
304 ngx_destroy_pool(ctx->pool); | |
305 ngx_mail_session_internal_server_error(s); | |
306 return; | |
307 } | |
308 | |
309 if (ctx->response == NULL) { | |
310 ctx->response = ngx_create_temp_buf(ctx->pool, 1024); | |
311 if (ctx->response == NULL) { | |
312 ngx_close_connection(ctx->peer.connection); | |
313 ngx_destroy_pool(ctx->pool); | |
314 ngx_mail_session_internal_server_error(s); | |
315 return; | |
316 } | |
317 } | |
318 | |
319 size = ctx->response->end - ctx->response->last; | |
320 | |
321 n = ngx_recv(c, ctx->response->pos, size); | |
322 | |
323 if (n > 0) { | |
324 ctx->response->last += n; | |
325 | |
326 ctx->handler(s, ctx); | |
327 return; | |
328 } | |
329 | |
330 if (n == NGX_AGAIN) { | |
331 return; | |
332 } | |
333 | |
334 ngx_close_connection(ctx->peer.connection); | |
335 ngx_destroy_pool(ctx->pool); | |
336 ngx_mail_session_internal_server_error(s); | |
337 } | |
338 | |
339 | |
340 static void | |
341 ngx_mail_auth_http_ignore_status_line(ngx_mail_session_t *s, | |
342 ngx_mail_auth_http_ctx_t *ctx) | |
343 { | |
344 u_char *p, ch; | |
345 enum { | |
346 sw_start = 0, | |
347 sw_H, | |
348 sw_HT, | |
349 sw_HTT, | |
350 sw_HTTP, | |
351 sw_skip, | |
352 sw_almost_done | |
353 } state; | |
354 | |
355 ngx_log_debug0(NGX_LOG_DEBUG_MAIL, s->connection->log, 0, | |
356 "mail auth http process status line"); | |
357 | |
358 state = ctx->state; | |
359 | |
360 for (p = ctx->response->pos; p < ctx->response->last; p++) { | |
361 ch = *p; | |
362 | |
363 switch (state) { | |
364 | |
365 /* "HTTP/" */ | |
366 case sw_start: | |
367 if (ch == 'H') { | |
368 state = sw_H; | |
369 break; | |
370 } | |
371 goto next; | |
372 | |
373 case sw_H: | |
374 if (ch == 'T') { | |
375 state = sw_HT; | |
376 break; | |
377 } | |
378 goto next; | |
379 | |
380 case sw_HT: | |
381 if (ch == 'T') { | |
382 state = sw_HTT; | |
383 break; | |
384 } | |
385 goto next; | |
386 | |
387 case sw_HTT: | |
388 if (ch == 'P') { | |
389 state = sw_HTTP; | |
390 break; | |
391 } | |
392 goto next; | |
393 | |
394 case sw_HTTP: | |
395 if (ch == '/') { | |
396 state = sw_skip; | |
397 break; | |
398 } | |
399 goto next; | |
400 | |
401 /* any text until end of line */ | |
402 case sw_skip: | |
403 switch (ch) { | |
404 case CR: | |
405 state = sw_almost_done; | |
406 | |
407 break; | |
408 case LF: | |
409 goto done; | |
410 } | |
411 break; | |
412 | |
413 /* end of status line */ | |
414 case sw_almost_done: | |
415 if (ch == LF) { | |
416 goto done; | |
417 } | |
418 | |
419 ngx_log_error(NGX_LOG_ERR, s->connection->log, 0, | |
420 "auth http server &V sent invalid response", | |
421 ctx->peer.name); | |
422 ngx_close_connection(ctx->peer.connection); | |
423 ngx_destroy_pool(ctx->pool); | |
424 ngx_mail_session_internal_server_error(s); | |
425 return; | |
426 } | |
427 } | |
428 | |
429 ctx->response->pos = p; | |
430 ctx->state = state; | |
431 | |
432 return; | |
433 | |
434 next: | |
435 | |
436 p = ctx->response->start - 1; | |
437 | |
438 done: | |
439 | |
440 ctx->response->pos = p + 1; | |
441 ctx->state = 0; | |
442 ctx->handler = ngx_mail_auth_http_process_headers; | |
443 ctx->handler(s, ctx); | |
444 } | |
445 | |
446 | |
447 static void | |
448 ngx_mail_auth_http_process_headers(ngx_mail_session_t *s, | |
449 ngx_mail_auth_http_ctx_t *ctx) | |
450 { | |
451 u_char *p; | |
452 time_t timer; | |
453 size_t len, size; | |
454 ngx_int_t rc, port, n; | |
455 ngx_peer_addr_t *peer; | |
456 struct sockaddr_in *sin; | |
457 | |
458 ngx_log_debug0(NGX_LOG_DEBUG_MAIL, s->connection->log, 0, | |
459 "mail auth http process headers"); | |
460 | |
461 for ( ;; ) { | |
462 rc = ngx_mail_auth_http_parse_header_line(s, ctx); | |
463 | |
464 if (rc == NGX_OK) { | |
465 | |
466 #if (NGX_DEBUG) | |
467 { | |
468 ngx_str_t key, value; | |
469 | |
470 key.len = ctx->header_name_end - ctx->header_name_start; | |
471 key.data = ctx->header_name_start; | |
472 value.len = ctx->header_end - ctx->header_start; | |
473 value.data = ctx->header_start; | |
474 | |
475 ngx_log_debug2(NGX_LOG_DEBUG_MAIL, s->connection->log, 0, | |
476 "mail auth http header: \"%V: %V\"", | |
477 &key, &value); | |
478 } | |
479 #endif | |
480 | |
481 len = ctx->header_name_end - ctx->header_name_start; | |
482 | |
483 if (len == sizeof("Auth-Status") - 1 | |
484 && ngx_strncasecmp(ctx->header_name_start, | |
485 (u_char *) "Auth-Status", | |
486 sizeof("Auth-Status") - 1) | |
487 == 0) | |
488 { | |
489 len = ctx->header_end - ctx->header_start; | |
490 | |
491 if (len == 2 | |
492 && ctx->header_start[0] == 'O' | |
493 && ctx->header_start[1] == 'K') | |
494 { | |
495 continue; | |
496 } | |
497 | |
498 if (len == 4 | |
499 && ctx->header_start[0] == 'W' | |
500 && ctx->header_start[1] == 'A' | |
501 && ctx->header_start[2] == 'I' | |
502 && ctx->header_start[3] == 'T') | |
503 { | |
504 s->auth_wait = 1; | |
505 continue; | |
506 } | |
507 | |
508 ctx->errmsg.len = len; | |
509 ctx->errmsg.data = ctx->header_start; | |
510 | |
511 switch (s->protocol) { | |
512 | |
513 case NGX_MAIL_POP3_PROTOCOL: | |
514 size = sizeof("-ERR ") - 1 + len + sizeof(CRLF) - 1; | |
515 break; | |
516 | |
517 case NGX_MAIL_IMAP_PROTOCOL: | |
518 size = s->tag.len + sizeof("NO ") - 1 + len | |
519 + sizeof(CRLF) - 1; | |
520 break; | |
521 | |
522 default: /* NGX_MAIL_SMTP_PROTOCOL */ | |
523 ctx->err = ctx->errmsg; | |
524 continue; | |
525 } | |
526 | |
527 p = ngx_pcalloc(s->connection->pool, size); | |
528 if (p == NULL) { | |
529 ngx_close_connection(ctx->peer.connection); | |
530 ngx_destroy_pool(ctx->pool); | |
531 ngx_mail_session_internal_server_error(s); | |
532 return; | |
533 } | |
534 | |
535 ctx->err.data = p; | |
536 | |
537 switch (s->protocol) { | |
538 | |
539 case NGX_MAIL_POP3_PROTOCOL: | |
540 *p++ = '-'; *p++ = 'E'; *p++ = 'R'; *p++ = 'R'; *p++ = ' '; | |
541 break; | |
542 | |
543 case NGX_MAIL_IMAP_PROTOCOL: | |
544 p = ngx_cpymem(p, s->tag.data, s->tag.len); | |
545 *p++ = 'N'; *p++ = 'O'; *p++ = ' '; | |
546 break; | |
547 | |
548 default: /* NGX_MAIL_SMTP_PROTOCOL */ | |
549 break; | |
550 } | |
551 | |
552 p = ngx_cpymem(p, ctx->header_start, len); | |
553 *p++ = CR; *p++ = LF; | |
554 | |
555 ctx->err.len = p - ctx->err.data; | |
556 | |
557 continue; | |
558 } | |
559 | |
560 if (len == sizeof("Auth-Server") - 1 | |
561 && ngx_strncasecmp(ctx->header_name_start, | |
562 (u_char *) "Auth-Server", | |
563 sizeof("Auth-Server") - 1) | |
564 == 0) | |
565 { | |
566 ctx->addr.len = ctx->header_end - ctx->header_start; | |
567 ctx->addr.data = ctx->header_start; | |
568 | |
569 continue; | |
570 } | |
571 | |
572 if (len == sizeof("Auth-Port") - 1 | |
573 && ngx_strncasecmp(ctx->header_name_start, | |
574 (u_char *) "Auth-Port", | |
575 sizeof("Auth-Port") - 1) | |
576 == 0) | |
577 { | |
578 ctx->port.len = ctx->header_end - ctx->header_start; | |
579 ctx->port.data = ctx->header_start; | |
580 | |
581 continue; | |
582 } | |
583 | |
584 if (len == sizeof("Auth-User") - 1 | |
585 && ngx_strncasecmp(ctx->header_name_start, | |
586 (u_char *) "Auth-User", | |
587 sizeof("Auth-User") - 1) | |
588 == 0) | |
589 { | |
590 s->login.len = ctx->header_end - ctx->header_start; | |
591 | |
592 s->login.data = ngx_palloc(s->connection->pool, s->login.len); | |
593 if (s->login.data == NULL) { | |
594 ngx_close_connection(ctx->peer.connection); | |
595 ngx_destroy_pool(ctx->pool); | |
596 ngx_mail_session_internal_server_error(s); | |
597 return; | |
598 } | |
599 | |
600 ngx_memcpy(s->login.data, ctx->header_start, s->login.len); | |
601 | |
602 continue; | |
603 } | |
604 | |
605 if (len == sizeof("Auth-Pass") - 1 | |
606 && ngx_strncasecmp(ctx->header_name_start, | |
607 (u_char *) "Auth-Pass", | |
608 sizeof("Auth-Pass") - 1) | |
609 == 0) | |
610 { | |
611 s->passwd.len = ctx->header_end - ctx->header_start; | |
612 | |
613 s->passwd.data = ngx_palloc(s->connection->pool, s->passwd.len); | |
614 if (s->passwd.data == NULL) { | |
615 ngx_close_connection(ctx->peer.connection); | |
616 ngx_destroy_pool(ctx->pool); | |
617 ngx_mail_session_internal_server_error(s); | |
618 return; | |
619 } | |
620 | |
621 ngx_memcpy(s->passwd.data, ctx->header_start, s->passwd.len); | |
622 | |
623 continue; | |
624 } | |
625 | |
626 if (len == sizeof("Auth-Wait") - 1 | |
627 && ngx_strncasecmp(ctx->header_name_start, | |
628 (u_char *) "Auth-Wait", | |
629 sizeof("Auth-Wait") - 1) | |
630 == 0) | |
631 { | |
632 n = ngx_atoi(ctx->header_start, | |
633 ctx->header_end - ctx->header_start); | |
634 | |
635 if (n != NGX_ERROR) { | |
636 ctx->sleep = n; | |
637 } | |
638 | |
639 continue; | |
640 } | |
641 | |
642 if (len == sizeof("Auth-Error-Code") - 1 | |
643 && ngx_strncasecmp(ctx->header_name_start, | |
644 (u_char *) "Auth-Error-Code", | |
645 sizeof("Auth-Error-Code") - 1) | |
646 == 0) | |
647 { | |
648 ctx->errcode.len = ctx->header_end - ctx->header_start; | |
649 | |
650 ctx->errcode.data = ngx_palloc(s->connection->pool, | |
651 ctx->errcode.len); | |
652 if (ctx->errcode.data == NULL) { | |
653 ngx_close_connection(ctx->peer.connection); | |
654 ngx_destroy_pool(ctx->pool); | |
655 ngx_mail_session_internal_server_error(s); | |
656 return; | |
657 } | |
658 | |
659 ngx_memcpy(ctx->errcode.data, ctx->header_start, | |
660 ctx->errcode.len); | |
661 | |
662 continue; | |
663 } | |
664 | |
665 /* ignore other headers */ | |
666 | |
667 continue; | |
668 } | |
669 | |
670 if (rc == NGX_DONE) { | |
671 ngx_log_debug0(NGX_LOG_DEBUG_MAIL, s->connection->log, 0, | |
672 "mail auth http header done"); | |
673 | |
674 ngx_close_connection(ctx->peer.connection); | |
675 | |
676 if (ctx->err.len) { | |
677 | |
678 ngx_log_error(NGX_LOG_INFO, s->connection->log, 0, | |
679 "client login failed: \"%V\"", &ctx->errmsg); | |
680 | |
681 if (s->protocol == NGX_MAIL_SMTP_PROTOCOL) { | |
682 | |
683 if (ctx->errcode.len == 0) { | |
684 ctx->errcode = ngx_mail_smtp_errcode; | |
685 } | |
686 | |
687 ctx->err.len = ctx->errcode.len + ctx->errmsg.len | |
688 + sizeof(" " CRLF) - 1; | |
689 | |
296 | 690 p = ngx_palloc(s->connection->pool, ctx->err.len); |
691 if (p == NULL) { | |
692 ngx_close_connection(ctx->peer.connection); | |
693 ngx_destroy_pool(ctx->pool); | |
694 ngx_mail_session_internal_server_error(s); | |
695 return; | |
696 } | |
290 | 697 |
296 | 698 ctx->err.data = p; |
290 | 699 |
296 | 700 p = ngx_cpymem(p, ctx->errcode.data, ctx->errcode.len); |
290 | 701 *p++ = ' '; |
296 | 702 p = ngx_cpymem(p, ctx->errmsg.data, ctx->errmsg.len); |
290 | 703 *p++ = CR; *p = LF; |
704 } | |
705 | |
706 s->out = ctx->err; | |
707 timer = ctx->sleep; | |
708 | |
709 ngx_destroy_pool(ctx->pool); | |
710 | |
711 if (timer == 0) { | |
712 s->quit = 1; | |
713 ngx_mail_send(s->connection->write); | |
714 return; | |
715 } | |
716 | |
717 ngx_add_timer(s->connection->read, timer * 1000); | |
718 | |
719 s->connection->read->handler = ngx_mail_auth_sleep_handler; | |
720 | |
721 return; | |
722 } | |
723 | |
724 if (s->auth_wait) { | |
725 timer = ctx->sleep; | |
726 | |
727 ngx_destroy_pool(ctx->pool); | |
728 | |
729 if (timer == 0) { | |
730 ngx_mail_auth_http_init(s); | |
731 return; | |
732 } | |
733 | |
734 ngx_add_timer(s->connection->read, timer * 1000); | |
735 | |
736 s->connection->read->handler = ngx_mail_auth_sleep_handler; | |
737 | |
738 return; | |
739 } | |
740 | |
741 if (ctx->addr.len == 0 || ctx->port.len == 0) { | |
742 ngx_log_error(NGX_LOG_ERR, s->connection->log, 0, | |
743 "auth http server %V did not send server or port", | |
744 ctx->peer.name); | |
745 ngx_destroy_pool(ctx->pool); | |
746 ngx_mail_session_internal_server_error(s); | |
747 return; | |
748 } | |
749 | |
750 if (s->passwd.data == NULL && s->protocol != NGX_MAIL_SMTP_PROTOCOL) | |
751 { | |
752 ngx_log_error(NGX_LOG_ERR, s->connection->log, 0, | |
753 "auth http server %V did not send password", | |
754 ctx->peer.name); | |
755 ngx_destroy_pool(ctx->pool); | |
756 ngx_mail_session_internal_server_error(s); | |
757 return; | |
758 } | |
759 | |
760 peer = ngx_pcalloc(s->connection->pool, sizeof(ngx_peer_addr_t)); | |
761 if (peer == NULL) { | |
762 ngx_destroy_pool(ctx->pool); | |
763 ngx_mail_session_internal_server_error(s); | |
764 return; | |
765 } | |
766 | |
767 sin = ngx_pcalloc(s->connection->pool, sizeof(struct sockaddr_in)); | |
768 if (sin == NULL) { | |
769 ngx_destroy_pool(ctx->pool); | |
770 ngx_mail_session_internal_server_error(s); | |
771 return; | |
772 } | |
773 | |
774 sin->sin_family = AF_INET; | |
775 | |
776 port = ngx_atoi(ctx->port.data, ctx->port.len); | |
777 if (port == NGX_ERROR || port < 1 || port > 65536) { | |
778 ngx_log_error(NGX_LOG_ERR, s->connection->log, 0, | |
779 "auth http server %V sent invalid server " | |
780 "port:\"%V\"", | |
781 ctx->peer.name, &ctx->port); | |
782 ngx_destroy_pool(ctx->pool); | |
783 ngx_mail_session_internal_server_error(s); | |
784 return; | |
785 } | |
786 | |
787 sin->sin_port = htons((in_port_t) port); | |
788 | |
789 ctx->addr.data[ctx->addr.len] = '\0'; | |
790 sin->sin_addr.s_addr = inet_addr((char *) ctx->addr.data); | |
791 if (sin->sin_addr.s_addr == INADDR_NONE) { | |
792 ngx_log_error(NGX_LOG_ERR, s->connection->log, 0, | |
793 "auth http server %V sent invalid server " | |
794 "address:\"%V\"", | |
795 ctx->peer.name, &ctx->addr); | |
796 ngx_destroy_pool(ctx->pool); | |
797 ngx_mail_session_internal_server_error(s); | |
798 return; | |
799 } | |
800 | |
801 peer->sockaddr = (struct sockaddr *) sin; | |
802 peer->socklen = sizeof(struct sockaddr_in); | |
803 | |
804 len = ctx->addr.len + 1 + ctx->port.len; | |
805 | |
806 peer->name.len = len; | |
807 | |
808 peer->name.data = ngx_palloc(s->connection->pool, len); | |
809 if (peer->name.data == NULL) { | |
810 ngx_destroy_pool(ctx->pool); | |
811 ngx_mail_session_internal_server_error(s); | |
812 return; | |
813 } | |
814 | |
815 len = ctx->addr.len; | |
816 | |
817 ngx_memcpy(peer->name.data, ctx->addr.data, len); | |
818 | |
819 peer->name.data[len++] = ':'; | |
820 | |
821 ngx_memcpy(peer->name.data + len, ctx->port.data, ctx->port.len); | |
822 | |
823 ngx_destroy_pool(ctx->pool); | |
824 ngx_mail_proxy_init(s, peer); | |
825 | |
826 return; | |
827 } | |
828 | |
829 if (rc == NGX_AGAIN ) { | |
830 return; | |
831 } | |
832 | |
833 /* rc == NGX_ERROR */ | |
834 | |
835 ngx_log_error(NGX_LOG_ERR, s->connection->log, 0, | |
836 "auth http server %V sent invalid header in response", | |
837 ctx->peer.name); | |
838 ngx_close_connection(ctx->peer.connection); | |
839 ngx_destroy_pool(ctx->pool); | |
840 ngx_mail_session_internal_server_error(s); | |
841 | |
842 return; | |
843 } | |
844 } | |
845 | |
846 | |
847 static void | |
848 ngx_mail_auth_sleep_handler(ngx_event_t *rev) | |
849 { | |
850 ngx_connection_t *c; | |
851 ngx_mail_session_t *s; | |
852 ngx_mail_core_srv_conf_t *cscf; | |
853 | |
854 ngx_log_debug0(NGX_LOG_DEBUG_MAIL, rev->log, 0, "mail auth sleep handler"); | |
855 | |
856 c = rev->data; | |
857 s = c->data; | |
858 | |
859 if (rev->timedout) { | |
860 | |
861 rev->timedout = 0; | |
862 | |
863 if (s->auth_wait) { | |
864 s->auth_wait = 0; | |
865 ngx_mail_auth_http_init(s); | |
866 return; | |
867 } | |
868 | |
869 switch (s->protocol) { | |
870 | |
871 case NGX_MAIL_POP3_PROTOCOL: | |
872 s->mail_state = ngx_pop3_start; | |
873 s->connection->read->handler = ngx_pop3_auth_state; | |
874 break; | |
875 | |
876 case NGX_MAIL_IMAP_PROTOCOL: | |
877 s->mail_state = ngx_imap_start; | |
878 s->connection->read->handler = ngx_imap_auth_state; | |
879 break; | |
880 | |
881 default: /* NGX_MAIL_SMTP_PROTOCOL */ | |
882 s->mail_state = ngx_smtp_start; | |
883 s->connection->read->handler = ngx_smtp_auth_state; | |
884 break; | |
885 } | |
886 | |
887 s->auth_method = NGX_MAIL_AUTH_PLAIN; | |
888 | |
889 c->log->action = "in auth state"; | |
890 | |
891 ngx_mail_send(s->connection->write); | |
892 | |
893 if (c->destroyed) { | |
894 return; | |
895 } | |
896 | |
897 cscf = ngx_mail_get_module_srv_conf(s, ngx_mail_core_module); | |
898 | |
899 ngx_add_timer(rev, cscf->timeout); | |
900 | |
394 | 901 if (cscf->handler_read) { |
902 s->connection->read->handler = cscf->handler_read; | |
903 } | |
904 | |
290 | 905 if (rev->ready) { |
906 s->connection->read->handler(rev); | |
907 return; | |
908 } | |
909 | |
910 if (ngx_handle_read_event(rev, 0) == NGX_ERROR) { | |
911 ngx_mail_close_connection(s->connection); | |
912 } | |
913 | |
914 return; | |
915 } | |
916 | |
917 if (rev->active) { | |
918 if (ngx_handle_read_event(rev, 0) == NGX_ERROR) { | |
919 ngx_mail_close_connection(s->connection); | |
920 } | |
921 } | |
922 } | |
923 | |
924 | |
925 static ngx_int_t | |
926 ngx_mail_auth_http_parse_header_line(ngx_mail_session_t *s, | |
927 ngx_mail_auth_http_ctx_t *ctx) | |
928 { | |
929 u_char c, ch, *p; | |
930 ngx_uint_t hash; | |
931 enum { | |
932 sw_start = 0, | |
933 sw_name, | |
934 sw_space_before_value, | |
935 sw_value, | |
936 sw_space_after_value, | |
937 sw_almost_done, | |
938 sw_header_almost_done | |
939 } state; | |
940 | |
941 state = ctx->state; | |
942 hash = ctx->hash; | |
943 | |
944 for (p = ctx->response->pos; p < ctx->response->last; p++) { | |
945 ch = *p; | |
946 | |
947 switch (state) { | |
948 | |
949 /* first char */ | |
950 case sw_start: | |
951 | |
952 switch (ch) { | |
953 case CR: | |
954 ctx->header_end = p; | |
955 state = sw_header_almost_done; | |
956 break; | |
957 case LF: | |
958 ctx->header_end = p; | |
959 goto header_done; | |
960 default: | |
961 state = sw_name; | |
962 ctx->header_name_start = p; | |
963 | |
964 c = (u_char) (ch | 0x20); | |
965 if (c >= 'a' && c <= 'z') { | |
966 hash = c; | |
967 break; | |
968 } | |
969 | |
970 if (ch >= '0' && ch <= '9') { | |
971 hash = ch; | |
972 break; | |
973 } | |
974 | |
975 return NGX_ERROR; | |
976 } | |
977 break; | |
978 | |
979 /* header name */ | |
980 case sw_name: | |
981 c = (u_char) (ch | 0x20); | |
982 if (c >= 'a' && c <= 'z') { | |
983 hash += c; | |
984 break; | |
985 } | |
986 | |
987 if (ch == ':') { | |
988 ctx->header_name_end = p; | |
989 state = sw_space_before_value; | |
990 break; | |
991 } | |
992 | |
993 if (ch == '-') { | |
994 hash += ch; | |
995 break; | |
996 } | |
997 | |
998 if (ch >= '0' && ch <= '9') { | |
999 hash += ch; | |
1000 break; | |
1001 } | |
1002 | |
1003 if (ch == CR) { | |
1004 ctx->header_name_end = p; | |
1005 ctx->header_start = p; | |
1006 ctx->header_end = p; | |
1007 state = sw_almost_done; | |
1008 break; | |
1009 } | |
1010 | |
1011 if (ch == LF) { | |
1012 ctx->header_name_end = p; | |
1013 ctx->header_start = p; | |
1014 ctx->header_end = p; | |
1015 goto done; | |
1016 } | |
1017 | |
1018 return NGX_ERROR; | |
1019 | |
1020 /* space* before header value */ | |
1021 case sw_space_before_value: | |
1022 switch (ch) { | |
1023 case ' ': | |
1024 break; | |
1025 case CR: | |
1026 ctx->header_start = p; | |
1027 ctx->header_end = p; | |
1028 state = sw_almost_done; | |
1029 break; | |
1030 case LF: | |
1031 ctx->header_start = p; | |
1032 ctx->header_end = p; | |
1033 goto done; | |
1034 default: | |
1035 ctx->header_start = p; | |
1036 state = sw_value; | |
1037 break; | |
1038 } | |
1039 break; | |
1040 | |
1041 /* header value */ | |
1042 case sw_value: | |
1043 switch (ch) { | |
1044 case ' ': | |
1045 ctx->header_end = p; | |
1046 state = sw_space_after_value; | |
1047 break; | |
1048 case CR: | |
1049 ctx->header_end = p; | |
1050 state = sw_almost_done; | |
1051 break; | |
1052 case LF: | |
1053 ctx->header_end = p; | |
1054 goto done; | |
1055 } | |
1056 break; | |
1057 | |
1058 /* space* before end of header line */ | |
1059 case sw_space_after_value: | |
1060 switch (ch) { | |
1061 case ' ': | |
1062 break; | |
1063 case CR: | |
1064 state = sw_almost_done; | |
1065 break; | |
1066 case LF: | |
1067 goto done; | |
1068 default: | |
1069 state = sw_value; | |
1070 break; | |
1071 } | |
1072 break; | |
1073 | |
1074 /* end of header line */ | |
1075 case sw_almost_done: | |
1076 switch (ch) { | |
1077 case LF: | |
1078 goto done; | |
1079 default: | |
1080 return NGX_ERROR; | |
1081 } | |
1082 | |
1083 /* end of header */ | |
1084 case sw_header_almost_done: | |
1085 switch (ch) { | |
1086 case LF: | |
1087 goto header_done; | |
1088 default: | |
1089 return NGX_ERROR; | |
1090 } | |
1091 } | |
1092 } | |
1093 | |
1094 ctx->response->pos = p; | |
1095 ctx->state = state; | |
1096 ctx->hash = hash; | |
1097 | |
1098 return NGX_AGAIN; | |
1099 | |
1100 done: | |
1101 | |
1102 ctx->response->pos = p + 1; | |
1103 ctx->state = sw_start; | |
1104 ctx->hash = hash; | |
1105 | |
1106 return NGX_OK; | |
1107 | |
1108 header_done: | |
1109 | |
1110 ctx->response->pos = p + 1; | |
1111 ctx->state = sw_start; | |
1112 | |
1113 return NGX_DONE; | |
1114 } | |
1115 | |
1116 | |
1117 static void | |
1118 ngx_mail_auth_http_block_read(ngx_event_t *rev) | |
1119 { | |
1120 ngx_connection_t *c; | |
1121 ngx_mail_session_t *s; | |
1122 ngx_mail_auth_http_ctx_t *ctx; | |
1123 | |
1124 ngx_log_debug0(NGX_LOG_DEBUG_MAIL, rev->log, 0, | |
1125 "mail auth http block read"); | |
1126 | |
1127 if (ngx_handle_read_event(rev, 0) == NGX_ERROR) { | |
1128 c = rev->data; | |
1129 s = c->data; | |
1130 | |
1131 ctx = ngx_mail_get_module_ctx(s, ngx_mail_auth_http_module); | |
1132 | |
1133 ngx_close_connection(ctx->peer.connection); | |
1134 ngx_destroy_pool(ctx->pool); | |
1135 ngx_mail_session_internal_server_error(s); | |
1136 } | |
1137 } | |
1138 | |
1139 | |
1140 static void | |
1141 ngx_mail_auth_http_dummy_handler(ngx_event_t *ev) | |
1142 { | |
1143 ngx_log_debug0(NGX_LOG_DEBUG_MAIL, ev->log, 0, | |
1144 "mail auth http dummy handler"); | |
1145 } | |
1146 | |
1147 | |
1148 static ngx_buf_t * | |
1149 ngx_mail_auth_http_create_request(ngx_mail_session_t *s, ngx_pool_t *pool, | |
1150 ngx_mail_auth_http_conf_t *ahcf) | |
1151 { | |
1152 size_t len; | |
1153 ngx_buf_t *b; | |
1154 ngx_str_t login, passwd; | |
1155 | |
1156 if (ngx_mail_auth_http_escape(pool, &s->login, &login) != NGX_OK) { | |
1157 return NULL; | |
1158 } | |
1159 | |
1160 if (ngx_mail_auth_http_escape(pool, &s->passwd, &passwd) != NGX_OK) { | |
1161 return NULL; | |
1162 } | |
1163 | |
1164 len = sizeof("GET ") - 1 + ahcf->uri.len + sizeof(" HTTP/1.0" CRLF) - 1 | |
1165 + sizeof("Host: ") - 1 + ahcf->host_header.len + sizeof(CRLF) - 1 | |
1166 + sizeof("Auth-Method: ") - 1 | |
1167 + ngx_mail_auth_http_method[s->auth_method].len | |
1168 + sizeof(CRLF) - 1 | |
1169 + sizeof("Auth-User: ") - 1 + login.len + sizeof(CRLF) - 1 | |
1170 + sizeof("Auth-Pass: ") - 1 + passwd.len + sizeof(CRLF) - 1 | |
1171 + sizeof("Auth-Salt: ") - 1 + s->salt.len | |
1172 + sizeof("Auth-Protocol: imap" CRLF) - 1 | |
1173 + sizeof("Auth-Login-Attempt: ") - 1 + NGX_INT_T_LEN | |
1174 + sizeof(CRLF) - 1 | |
1175 + sizeof("Client-IP: ") - 1 + s->connection->addr_text.len | |
1176 + sizeof(CRLF) - 1 | |
400
f1e2fab7a46c
Mail: smtp proxy without authentication.
Maxim Dounin <mdounin@mdounin.ru>
parents:
394
diff
changeset
|
1177 + sizeof("Auth-SMTP-Helo: ") - 1 + s->smtp_helo.len |
f1e2fab7a46c
Mail: smtp proxy without authentication.
Maxim Dounin <mdounin@mdounin.ru>
parents:
394
diff
changeset
|
1178 + sizeof("Auth-SMTP-From: ") - 1 + s->smtp_from.len |
f1e2fab7a46c
Mail: smtp proxy without authentication.
Maxim Dounin <mdounin@mdounin.ru>
parents:
394
diff
changeset
|
1179 + sizeof("Auth-SMTP-To: ") - 1 + s->smtp_to.len |
318 | 1180 + ahcf->header.len |
290 | 1181 + sizeof(CRLF) - 1; |
1182 | |
1183 b = ngx_create_temp_buf(pool, len); | |
1184 if (b == NULL) { | |
1185 return NULL; | |
1186 } | |
1187 | |
1188 b->last = ngx_cpymem(b->last, "GET ", sizeof("GET ") - 1); | |
1189 b->last = ngx_copy(b->last, ahcf->uri.data, ahcf->uri.len); | |
1190 b->last = ngx_cpymem(b->last, " HTTP/1.0" CRLF, | |
1191 sizeof(" HTTP/1.0" CRLF) - 1); | |
1192 | |
1193 b->last = ngx_cpymem(b->last, "Host: ", sizeof("Host: ") - 1); | |
1194 b->last = ngx_copy(b->last, ahcf->host_header.data, | |
1195 ahcf->host_header.len); | |
1196 *b->last++ = CR; *b->last++ = LF; | |
1197 | |
1198 b->last = ngx_cpymem(b->last, "Auth-Method: ", | |
1199 sizeof("Auth-Method: ") - 1); | |
1200 b->last = ngx_cpymem(b->last, | |
1201 ngx_mail_auth_http_method[s->auth_method].data, | |
1202 ngx_mail_auth_http_method[s->auth_method].len); | |
1203 *b->last++ = CR; *b->last++ = LF; | |
1204 | |
1205 b->last = ngx_cpymem(b->last, "Auth-User: ", sizeof("Auth-User: ") - 1); | |
1206 b->last = ngx_copy(b->last, login.data, login.len); | |
1207 *b->last++ = CR; *b->last++ = LF; | |
1208 | |
1209 b->last = ngx_cpymem(b->last, "Auth-Pass: ", sizeof("Auth-Pass: ") - 1); | |
1210 b->last = ngx_copy(b->last, passwd.data, passwd.len); | |
1211 *b->last++ = CR; *b->last++ = LF; | |
1212 | |
1213 if (s->auth_method != NGX_MAIL_AUTH_PLAIN && s->salt.len) { | |
1214 b->last = ngx_cpymem(b->last, "Auth-Salt: ", sizeof("Auth-Salt: ") - 1); | |
1215 b->last = ngx_copy(b->last, s->salt.data, s->salt.len); | |
1216 | |
1217 s->passwd.data = NULL; | |
1218 } | |
1219 | |
1220 b->last = ngx_cpymem(b->last, "Auth-Protocol: ", | |
1221 sizeof("Auth-Protocol: ") - 1); | |
1222 b->last = ngx_cpymem(b->last, ngx_mail_auth_http_protocol[s->protocol], | |
1223 sizeof("imap") - 1); | |
1224 *b->last++ = CR; *b->last++ = LF; | |
1225 | |
1226 b->last = ngx_sprintf(b->last, "Auth-Login-Attempt: %ui" CRLF, | |
1227 s->login_attempt); | |
1228 | |
1229 b->last = ngx_cpymem(b->last, "Client-IP: ", sizeof("Client-IP: ") - 1); | |
1230 b->last = ngx_copy(b->last, s->connection->addr_text.data, | |
1231 s->connection->addr_text.len); | |
1232 *b->last++ = CR; *b->last++ = LF; | |
1233 | |
400
f1e2fab7a46c
Mail: smtp proxy without authentication.
Maxim Dounin <mdounin@mdounin.ru>
parents:
394
diff
changeset
|
1234 if (s->auth_method == NGX_MAIL_AUTH_UNAUTH) { |
f1e2fab7a46c
Mail: smtp proxy without authentication.
Maxim Dounin <mdounin@mdounin.ru>
parents:
394
diff
changeset
|
1235 |
f1e2fab7a46c
Mail: smtp proxy without authentication.
Maxim Dounin <mdounin@mdounin.ru>
parents:
394
diff
changeset
|
1236 /* HELO / MAIL FROM / RCPT TO can't contain CRLF, no need to escape */ |
f1e2fab7a46c
Mail: smtp proxy without authentication.
Maxim Dounin <mdounin@mdounin.ru>
parents:
394
diff
changeset
|
1237 |
f1e2fab7a46c
Mail: smtp proxy without authentication.
Maxim Dounin <mdounin@mdounin.ru>
parents:
394
diff
changeset
|
1238 b->last = ngx_cpymem(b->last, "Auth-SMTP-Helo: ", |
f1e2fab7a46c
Mail: smtp proxy without authentication.
Maxim Dounin <mdounin@mdounin.ru>
parents:
394
diff
changeset
|
1239 sizeof("Auth-SMTP-Helo: ") - 1); |
f1e2fab7a46c
Mail: smtp proxy without authentication.
Maxim Dounin <mdounin@mdounin.ru>
parents:
394
diff
changeset
|
1240 b->last = ngx_copy(b->last, s->smtp_helo.data, s->smtp_helo.len); |
f1e2fab7a46c
Mail: smtp proxy without authentication.
Maxim Dounin <mdounin@mdounin.ru>
parents:
394
diff
changeset
|
1241 *b->last++ = CR; *b->last++ = LF; |
f1e2fab7a46c
Mail: smtp proxy without authentication.
Maxim Dounin <mdounin@mdounin.ru>
parents:
394
diff
changeset
|
1242 |
f1e2fab7a46c
Mail: smtp proxy without authentication.
Maxim Dounin <mdounin@mdounin.ru>
parents:
394
diff
changeset
|
1243 b->last = ngx_cpymem(b->last, "Auth-SMTP-From: ", |
f1e2fab7a46c
Mail: smtp proxy without authentication.
Maxim Dounin <mdounin@mdounin.ru>
parents:
394
diff
changeset
|
1244 sizeof("Auth-SMTP-From: ") - 1); |
f1e2fab7a46c
Mail: smtp proxy without authentication.
Maxim Dounin <mdounin@mdounin.ru>
parents:
394
diff
changeset
|
1245 b->last = ngx_copy(b->last, s->smtp_from.data, s->smtp_from.len); |
f1e2fab7a46c
Mail: smtp proxy without authentication.
Maxim Dounin <mdounin@mdounin.ru>
parents:
394
diff
changeset
|
1246 *b->last++ = CR; *b->last++ = LF; |
f1e2fab7a46c
Mail: smtp proxy without authentication.
Maxim Dounin <mdounin@mdounin.ru>
parents:
394
diff
changeset
|
1247 |
f1e2fab7a46c
Mail: smtp proxy without authentication.
Maxim Dounin <mdounin@mdounin.ru>
parents:
394
diff
changeset
|
1248 b->last = ngx_cpymem(b->last, "Auth-SMTP-To: ", |
f1e2fab7a46c
Mail: smtp proxy without authentication.
Maxim Dounin <mdounin@mdounin.ru>
parents:
394
diff
changeset
|
1249 sizeof("Auth-SMTP-To: ") - 1); |
f1e2fab7a46c
Mail: smtp proxy without authentication.
Maxim Dounin <mdounin@mdounin.ru>
parents:
394
diff
changeset
|
1250 b->last = ngx_copy(b->last, s->smtp_to.data, s->smtp_to.len); |
f1e2fab7a46c
Mail: smtp proxy without authentication.
Maxim Dounin <mdounin@mdounin.ru>
parents:
394
diff
changeset
|
1251 *b->last++ = CR; *b->last++ = LF; |
f1e2fab7a46c
Mail: smtp proxy without authentication.
Maxim Dounin <mdounin@mdounin.ru>
parents:
394
diff
changeset
|
1252 |
f1e2fab7a46c
Mail: smtp proxy without authentication.
Maxim Dounin <mdounin@mdounin.ru>
parents:
394
diff
changeset
|
1253 } |
f1e2fab7a46c
Mail: smtp proxy without authentication.
Maxim Dounin <mdounin@mdounin.ru>
parents:
394
diff
changeset
|
1254 |
290 | 1255 if (ahcf->header.len) { |
1256 b->last = ngx_copy(b->last, ahcf->header.data, ahcf->header.len); | |
1257 } | |
1258 | |
1259 /* add "\r\n" at the header end */ | |
1260 *b->last++ = CR; *b->last++ = LF; | |
1261 | |
1262 #if (NGX_DEBUG_MAIL_PASSWD) | |
1263 { | |
1264 ngx_str_t l; | |
1265 | |
1266 l.len = b->last - b->pos; | |
1267 l.data = b->pos; | |
1268 ngx_log_debug1(NGX_LOG_DEBUG_MAIL, s->connection->log, 0, | |
1269 "mail auth http header:\n\"%V\"", &l); | |
1270 } | |
1271 #endif | |
1272 | |
1273 return b; | |
1274 } | |
1275 | |
1276 | |
1277 static ngx_int_t | |
1278 ngx_mail_auth_http_escape(ngx_pool_t *pool, ngx_str_t *text, ngx_str_t *escaped) | |
1279 { | |
1280 u_char ch, *p; | |
1281 ngx_uint_t i, n; | |
1282 | |
1283 n = 0; | |
1284 | |
1285 for (i = 0; i < text->len; i++) { | |
1286 ch = text->data[i]; | |
1287 | |
1288 if (ch == CR || ch == LF) { | |
1289 n++; | |
1290 } | |
1291 } | |
1292 | |
1293 if (n == 0) { | |
1294 *escaped = *text; | |
1295 return NGX_OK; | |
1296 } | |
1297 | |
1298 escaped->len = text->len + n * 2; | |
1299 | |
1300 p = ngx_palloc(pool, escaped->len); | |
1301 if (p == NULL) { | |
1302 return NGX_ERROR; | |
1303 } | |
1304 | |
1305 escaped->data = p; | |
1306 | |
1307 for (i = 0; i < text->len; i++) { | |
1308 ch = text->data[i]; | |
1309 | |
1310 if (ch == CR) { | |
1311 *p++ = '%'; | |
1312 *p++ = '0'; | |
1313 *p++ = 'D'; | |
1314 continue; | |
1315 } | |
1316 | |
1317 if (ch == LF) { | |
1318 *p++ = '%'; | |
1319 *p++ = '0'; | |
1320 *p++ = 'A'; | |
1321 continue; | |
1322 } | |
1323 | |
1324 *p++ = ch; | |
1325 } | |
1326 | |
1327 return NGX_OK; | |
1328 } | |
1329 | |
1330 | |
1331 static void * | |
1332 ngx_mail_auth_http_create_conf(ngx_conf_t *cf) | |
1333 { | |
1334 ngx_mail_auth_http_conf_t *ahcf; | |
1335 | |
1336 ahcf = ngx_pcalloc(cf->pool, sizeof(ngx_mail_auth_http_conf_t)); | |
1337 if (ahcf == NULL) { | |
1338 return NGX_CONF_ERROR; | |
1339 } | |
1340 | |
1341 ahcf->timeout = NGX_CONF_UNSET_MSEC; | |
1342 | |
1343 return ahcf; | |
1344 } | |
1345 | |
1346 | |
1347 static char * | |
1348 ngx_mail_auth_http_merge_conf(ngx_conf_t *cf, void *parent, void *child) | |
1349 { | |
1350 ngx_mail_auth_http_conf_t *prev = parent; | |
1351 ngx_mail_auth_http_conf_t *conf = child; | |
1352 | |
1353 u_char *p; | |
1354 size_t len; | |
1355 ngx_uint_t i; | |
1356 ngx_table_elt_t *header; | |
1357 | |
1358 if (conf->peer == NULL) { | |
1359 conf->peer = prev->peer; | |
1360 conf->host_header = prev->host_header; | |
1361 conf->uri = prev->uri; | |
1362 } | |
1363 | |
1364 ngx_conf_merge_msec_value(conf->timeout, prev->timeout, 60000); | |
1365 | |
1366 if (conf->headers == NULL) { | |
1367 conf->headers = prev->headers; | |
1368 conf->header = prev->header; | |
1369 } | |
1370 | |
1371 if (conf->headers && conf->header.len == 0) { | |
1372 len = 0; | |
1373 header = conf->headers->elts; | |
1374 for (i = 0; i < conf->headers->nelts; i++) { | |
1375 len += header[i].key.len + 2 + header[i].value.len + 2; | |
1376 } | |
1377 | |
1378 p = ngx_palloc(cf->pool, len); | |
1379 if (p == NULL) { | |
1380 return NGX_CONF_ERROR; | |
1381 } | |
1382 | |
1383 conf->header.len = len; | |
1384 conf->header.data = p; | |
1385 | |
1386 for (i = 0; i < conf->headers->nelts; i++) { | |
1387 p = ngx_cpymem(p, header[i].key.data, header[i].key.len); | |
1388 *p++ = ':'; *p++ = ' '; | |
1389 p = ngx_cpymem(p, header[i].value.data, header[i].value.len); | |
1390 *p++ = CR; *p++ = LF; | |
1391 } | |
1392 } | |
1393 | |
1394 return NGX_CONF_OK; | |
1395 } | |
1396 | |
1397 | |
1398 static char * | |
1399 ngx_mail_auth_http(ngx_conf_t *cf, ngx_command_t *cmd, void *conf) | |
1400 { | |
1401 ngx_mail_auth_http_conf_t *ahcf = conf; | |
1402 | |
1403 ngx_str_t *value; | |
1404 ngx_url_t u; | |
1405 | |
1406 value = cf->args->elts; | |
1407 | |
1408 ngx_memzero(&u, sizeof(ngx_url_t)); | |
1409 | |
1410 u.url = value[1]; | |
1411 u.default_port = 80; | |
1412 u.uri_part = 1; | |
1413 u.one_addr = 1; | |
1414 | |
1415 if (ngx_parse_url(cf, &u) != NGX_OK) { | |
1416 if (u.err) { | |
1417 ngx_conf_log_error(NGX_LOG_EMERG, cf, 0, | |
1418 "%s in auth_http \"%V\"", u.err, &u.url); | |
1419 } | |
1420 } | |
1421 | |
1422 ahcf->peer = u.addrs; | |
1423 | |
1424 ahcf->host_header = u.host; | |
1425 ahcf->uri = u.uri; | |
1426 | |
1427 if (ahcf->uri.len == 0) { | |
1428 ahcf->uri.len = sizeof("/") - 1; | |
1429 ahcf->uri.data = (u_char *) "/"; | |
1430 } | |
1431 | |
1432 return NGX_CONF_OK; | |
1433 } | |
1434 | |
1435 | |
1436 static char * | |
1437 ngx_mail_auth_http_header(ngx_conf_t *cf, ngx_command_t *cmd, void *conf) | |
1438 { | |
1439 ngx_mail_auth_http_conf_t *ahcf = conf; | |
1440 | |
1441 ngx_str_t *value; | |
1442 ngx_table_elt_t *header; | |
1443 | |
1444 if (ahcf->headers == NULL) { | |
1445 ahcf->headers = ngx_array_create(cf->pool, 1, sizeof(ngx_table_elt_t)); | |
1446 if (ahcf->headers == NULL) { | |
1447 return NGX_CONF_ERROR; | |
1448 } | |
1449 } | |
1450 | |
1451 header = ngx_array_push(ahcf->headers); | |
1452 if (header == NULL) { | |
1453 return NGX_CONF_ERROR; | |
1454 } | |
1455 | |
1456 value = cf->args->elts; | |
1457 | |
1458 header->key = value[1]; | |
1459 header->value = value[2]; | |
1460 | |
1461 return NGX_CONF_OK; | |
1462 } |