Mercurial > hg > nginx-mail

comparison src/mail/ngx_mail_handler.c @ 409:52b28d322d76

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Merge with nginx 0.6.12.
author Maxim Dounin <mdounin@mdounin.ru>
date Mon, 11 Aug 2008 21:22:47 +0400
parents 481e8f936572 1c519aff5c0c
children cd9cb7a3ff9e
comparison
equal deleted inserted replaced
408:4243eecbd594 409:52b28d322d76
9 #include <ngx_event.h> 9 #include <ngx_event.h>
10 #include <ngx_mail.h> 10 #include <ngx_mail.h>
11 11
12 12
13 static void ngx_mail_init_session(ngx_connection_t *c); 13 static void ngx_mail_init_session(ngx_connection_t *c);
14 static void ngx_mail_init_protocol(ngx_event_t *rev);
15 static ngx_int_t ngx_mail_decode_auth_plain(ngx_mail_session_t *s,
16 ngx_str_t *encoded);
17 static void ngx_mail_do_auth(ngx_mail_session_t *s);
18 static u_char *ngx_mail_log_error(ngx_log_t *log, u_char *buf, size_t len);
19 14
20 #if (NGX_MAIL_SSL) 15 #if (NGX_MAIL_SSL)
21 static void ngx_mail_ssl_init_connection(ngx_ssl_t *ssl, ngx_connection_t *c); 16 static void ngx_mail_ssl_init_connection(ngx_ssl_t *ssl, ngx_connection_t *c);
22 static void ngx_mail_ssl_handshake_handler(ngx_connection_t *c); 17 static void ngx_mail_ssl_handshake_handler(ngx_connection_t *c);
23 #endif 18 #endif
24
25
26 static ngx_str_t greetings[] = {
27 ngx_string("+OK POP3 ready" CRLF),
28 ngx_string("* OK IMAP4 ready" CRLF)
29 /* SMTP greeting */
30 };
31
32 static ngx_str_t internal_server_errors[] = {
33 ngx_string("-ERR internal server error" CRLF),
34 ngx_string("* BAD internal server error" CRLF),
35 ngx_string("451 4.3.2 Internal server error" CRLF),
36 };
37
38 static u_char pop3_ok[] = "+OK" CRLF;
39 static u_char pop3_next[] = "+ " CRLF;
40 static u_char pop3_username[] = "+ VXNlcm5hbWU6" CRLF;
41 static u_char pop3_password[] = "+ UGFzc3dvcmQ6" CRLF;
42 static u_char pop3_invalid_command[] = "-ERR invalid command" CRLF;
43
44 static u_char imap_star[] = "* ";
45 static u_char imap_ok[] = "OK completed" CRLF;
46 static u_char imap_next[] = "+ OK" CRLF;
47 static u_char imap_bye[] = "* BYE" CRLF;
48 static u_char imap_invalid_command[] = "BAD invalid command" CRLF;
49
50 static u_char smtp_ok[] = "250 2.0.0 OK" CRLF;
51 static u_char smtp_bye[] = "221 2.0.0 Bye" CRLF;
52 static u_char smtp_next[] = "334 " CRLF;
53 static u_char smtp_username[] = "334 VXNlcm5hbWU6" CRLF;
54 static u_char smtp_password[] = "334 UGFzc3dvcmQ6" CRLF;
55 static u_char smtp_invalid_command[] = "500 5.5.1 Invalid command" CRLF;
56 static u_char smtp_invalid_argument[] = "501 5.5.4 Invalid argument" CRLF;
57 static u_char smtp_auth_required[] = "530 5.7.1 Authentication required" CRLF;
58 static u_char smtp_bad_sequence[] = "503 5.5.1 Bad sequence of commands" CRLF;
59 19
60 20
61 void 21 void
62 ngx_mail_init_connection(ngx_connection_t *c) 22 ngx_mail_init_connection(ngx_connection_t *c)
63 { 23 {
220 180
221 181
222 static void 182 static void
223 ngx_mail_ssl_handshake_handler(ngx_connection_t *c) 183 ngx_mail_ssl_handshake_handler(ngx_connection_t *c)
224 { 184 {
225 ngx_mail_session_t *s; 185 ngx_mail_session_t *s;
186 ngx_mail_core_srv_conf_t *cscf;
226 187
227 if (c->ssl->handshaked) { 188 if (c->ssl->handshaked) {
228 189
229 s = c->data; 190 s = c->data;
230 191
231 if (s->starttls) { 192 if (s->starttls) {
232 c->read->handler = ngx_mail_init_protocol; 193 cscf = ngx_mail_get_module_srv_conf(s, ngx_mail_core_module);
194
195 c->read->handler = cscf->protocol->init_protocol;
233 c->write->handler = ngx_mail_send; 196 c->write->handler = ngx_mail_send;
234 197
235 ngx_mail_init_protocol(c->read); 198 cscf->protocol->init_protocol(c->read);
236 199
237 return; 200 return;
238 } 201 }
239 202
240 ngx_mail_init_session(c); 203 ngx_mail_init_session(c);
248 211
249 212
250 static void 213 static void
251 ngx_mail_init_session(ngx_connection_t *c) 214 ngx_mail_init_session(ngx_connection_t *c)
252 { 215 {
253 u_char *p;
254 ngx_mail_session_t *s; 216 ngx_mail_session_t *s;
255 ngx_mail_core_srv_conf_t *cscf; 217 ngx_mail_core_srv_conf_t *cscf;
256 218
257 c->read->handler = ngx_mail_init_protocol;
258 c->write->handler = ngx_mail_send;
259
260 s = c->data; 219 s = c->data;
261 220
262 cscf = ngx_mail_get_module_srv_conf(s, ngx_mail_core_module); 221 cscf = ngx_mail_get_module_srv_conf(s, ngx_mail_core_module);
263 222
264 s->protocol = cscf->protocol; 223 s->protocol = cscf->protocol->type;
265 224
266 s->ctx = ngx_pcalloc(c->pool, sizeof(void *) * ngx_mail_max_module); 225 s->ctx = ngx_pcalloc(c->pool, sizeof(void *) * ngx_mail_max_module);
267 if (s->ctx == NULL) { 226 if (s->ctx == NULL) {
268 ngx_mail_session_internal_server_error(s); 227 ngx_mail_session_internal_server_error(s);
269 return; 228 return;
270 } 229 }
271 230
272 if (cscf->handler_init_session) { 231 c->write->handler = ngx_mail_send;
273 cscf->handler_init_session(c); 232
274 return; 233 cscf->protocol->init_session(s, c);
275 } 234 }
276 235
277 if (s->protocol == NGX_MAIL_SMTP_PROTOCOL) { 236
278 s->out = cscf->smtp_greeting; 237 ngx_int_t
279 238 ngx_mail_salt(ngx_mail_session_t *s, ngx_connection_t *c,
280 } else { 239 ngx_mail_core_srv_conf_t *cscf)
281 s->out = greetings[s->protocol]; 240 {
282 } 241 s->salt.data = ngx_palloc(c->pool,
283 242 sizeof(" <18446744073709551616.@>" CRLF) - 1
284 if ((s->protocol == NGX_MAIL_POP3_PROTOCOL 243 + NGX_TIME_T_LEN
285 && (cscf->pop3_auth_methods 244 + cscf->server_name.len);
286 & (NGX_MAIL_AUTH_APOP_ENABLED|NGX_MAIL_AUTH_CRAM_MD5_ENABLED))) 245 if (s->salt.data == NULL) {
287 246 return NGX_ERROR;
288 || (s->protocol == NGX_MAIL_IMAP_PROTOCOL 247 }
289 && (cscf->imap_auth_methods & NGX_MAIL_AUTH_CRAM_MD5_ENABLED)) 248
290 249 s->salt.len = ngx_sprintf(s->salt.data, "<%ul.%T@%V>" CRLF,
291 || (s->protocol == NGX_MAIL_SMTP_PROTOCOL 250 ngx_random(), ngx_time(), &cscf->server_name)
292 && (cscf->smtp_auth_methods & NGX_MAIL_AUTH_CRAM_MD5_ENABLED))) 251 - s->salt.data;
293 { 252
294 s->salt.data = ngx_palloc(c->pool, 253 return NGX_OK;
295 sizeof(" <18446744073709551616.@>" CRLF) - 1 254 }
296 + NGX_TIME_T_LEN 255
297 + cscf->server_name.len); 256
298 if (s->salt.data == NULL) { 257 #if (NGX_MAIL_SSL)
299 ngx_mail_session_internal_server_error(s); 258
300 return; 259 ngx_int_t
301 } 260 ngx_mail_starttls_only(ngx_mail_session_t *s, ngx_connection_t *c)
302 261 {
303 s->salt.len = ngx_sprintf(s->salt.data, "<%ul.%T@%V>" CRLF, 262 ngx_mail_ssl_conf_t *sslcf;
304 ngx_random(), ngx_time(), &cscf->server_name) 263
305 - s->salt.data; 264 if (c->ssl) {
306 265 return 0;
307 if (s->protocol == NGX_MAIL_POP3_PROTOCOL) { 266 }
308 s->out.data = ngx_palloc(c->pool, 267
309 greetings[0].len + 1 + s->salt.len); 268 sslcf = ngx_mail_get_module_srv_conf(s, ngx_mail_ssl_module);
310 if (s->out.data == NULL) { 269
311 ngx_mail_session_internal_server_error(s); 270 if (sslcf->starttls == NGX_MAIL_STARTTLS_ONLY) {
312 return; 271 return 1;
313 } 272 }
314 273
315 p = ngx_cpymem(s->out.data, 274 return 0;
316 greetings[0].data, greetings[0].len - 2); 275 }
317 *p++ = ' '; 276
318 p = ngx_cpymem(p, s->salt.data, s->salt.len); 277 #endif
319 278
320 s->out.len = p - s->out.data; 279
321 } 280 ngx_int_t
322 } 281 ngx_mail_auth_plain(ngx_mail_session_t *s, ngx_connection_t *c, ngx_uint_t n)
323 282 {
324 ngx_add_timer(c->read, cscf->timeout); 283 u_char *p, *last;
325 284 ngx_str_t *arg, plain;
326 if (ngx_handle_read_event(c->read, 0) == NGX_ERROR) { 285
327 ngx_mail_close_connection(c); 286 arg = s->args.elts;
328 } 287
329 288 #if (NGX_DEBUG_MAIL_PASSWD)
330 ngx_mail_send(c->write); 289 ngx_log_debug1(NGX_LOG_DEBUG_MAIL, c->log, 0,
290 "mail auth plain: \"%V\"", &arg[n]);
291 #endif
292
293 plain.data = ngx_palloc(c->pool, ngx_base64_decoded_length(arg[n].len));
294 if (plain.data == NULL){
295 return NGX_ERROR;
296 }
297
298 if (ngx_decode_base64(&plain, &arg[n]) != NGX_OK) {
299 ngx_log_error(NGX_LOG_INFO, c->log, 0,
300 "client sent invalid base64 encoding in AUTH PLAIN command");
301 return NGX_MAIL_PARSE_INVALID_COMMAND;
302 }
303
304 p = plain.data;
305 last = p + plain.len;
306
307 while (p < last && *p++) { /* void */ }
308
309 if (p == last) {
310 ngx_log_error(NGX_LOG_INFO, c->log, 0,
311 "client sent invalid login in AUTH PLAIN command");
312 return NGX_MAIL_PARSE_INVALID_COMMAND;
313 }
314
315 s->login.data = p;
316
317 while (p < last && *p) { p++; }
318
319 if (p == last) {
320 ngx_log_error(NGX_LOG_INFO, c->log, 0,
321 "client sent invalid password in AUTH PLAIN command");
322 return NGX_MAIL_PARSE_INVALID_COMMAND;
323 }
324
325 s->login.len = p++ - s->login.data;
326
327 s->passwd.len = last - p;
328 s->passwd.data = p;
329
330 #if (NGX_DEBUG_MAIL_PASSWD)
331 ngx_log_debug2(NGX_LOG_DEBUG_MAIL, c->log, 0,
332 "mail auth plain: \"%V\" \"%V\"", &s->login, &s->passwd);
333 #endif
334
335 return NGX_DONE;
336 }
337
338
339 ngx_int_t
340 ngx_mail_auth_login_username(ngx_mail_session_t *s, ngx_connection_t *c)
341 {
342 ngx_str_t *arg;
343
344 arg = s->args.elts;
345
346 ngx_log_debug1(NGX_LOG_DEBUG_MAIL, c->log, 0,
347 "mail auth login username: \"%V\"", &arg[0]);
348
349 s->login.data = ngx_palloc(c->pool, ngx_base64_decoded_length(arg[0].len));
350 if (s->login.data == NULL){
351 return NGX_ERROR;
352 }
353
354 if (ngx_decode_base64(&s->login, &arg[0]) != NGX_OK) {
355 ngx_log_error(NGX_LOG_INFO, c->log, 0,
356 "client sent invalid base64 encoding in AUTH LOGIN command");
357 return NGX_MAIL_PARSE_INVALID_COMMAND;
358 }
359
360 ngx_log_debug1(NGX_LOG_DEBUG_MAIL, c->log, 0,
361 "mail auth login username: \"%V\"", &s->login);
362
363 return NGX_OK;
364 }
365
366
367 ngx_int_t
368 ngx_mail_auth_login_password(ngx_mail_session_t *s, ngx_connection_t *c)
369 {
370 ngx_str_t *arg;
371
372 arg = s->args.elts;
373
374 #if (NGX_DEBUG_MAIL_PASSWD)
375 ngx_log_debug1(NGX_LOG_DEBUG_MAIL, c->log, 0,
376 "mail auth login password: \"%V\"", &arg[0]);
377 #endif
378
379 s->passwd.data = ngx_palloc(c->pool, ngx_base64_decoded_length(arg[0].len));
380 if (s->passwd.data == NULL){
381 return NGX_ERROR;
382 }
383
384 if (ngx_decode_base64(&s->passwd, &arg[0]) != NGX_OK) {
385 ngx_log_error(NGX_LOG_INFO, c->log, 0,
386 "client sent invalid base64 encoding in AUTH LOGIN command");
387 return NGX_MAIL_PARSE_INVALID_COMMAND;
388 }
389
390 #if (NGX_DEBUG_MAIL_PASSWD)
391 ngx_log_debug1(NGX_LOG_DEBUG_MAIL, c->log, 0,
392 "mail auth login password: \"%V\"", &s->passwd);
393 #endif
394
395 return NGX_DONE;
396 }
397
398
399 ngx_int_t
400 ngx_mail_auth_cram_md5_salt(ngx_mail_session_t *s, ngx_connection_t *c,
401 char *prefix, size_t len)
402 {
403 u_char *p;
404 ngx_str_t salt;
405 ngx_uint_t n;
406
407 p = ngx_palloc(c->pool, len + ngx_base64_encoded_length(s->salt.len) + 2);
408 if (p == NULL) {
409 return NGX_ERROR;
410 }
411
412 salt.data = ngx_cpymem(p, prefix, len);
413 s->salt.len -= 2;
414
415 ngx_encode_base64(&salt, &s->salt);
416
417 s->salt.len += 2;
418 n = len + salt.len;
419 p[n++] = CR; p[n++] = LF;
420
421 s->out.len = n;
422 s->out.data = p;
423
424 return NGX_OK;
425 }
426
427
428 ngx_int_t
429 ngx_mail_auth_cram_md5(ngx_mail_session_t *s, ngx_connection_t *c)
430 {
431 u_char *p, *last;
432 ngx_str_t *arg;
433
434 arg = s->args.elts;
435
436 ngx_log_debug1(NGX_LOG_DEBUG_MAIL, c->log, 0,
437 "mail auth cram-md5: \"%V\"", &arg[0]);
438
439 s->login.data = ngx_palloc(c->pool, ngx_base64_decoded_length(arg[0].len));
440 if (s->login.data == NULL){
441 return NGX_ERROR;
442 }
443
444 if (ngx_decode_base64(&s->login, &arg[0]) != NGX_OK) {
445 ngx_log_error(NGX_LOG_INFO, c->log, 0,
446 "client sent invalid base64 encoding in AUTH CRAM-MD5 command");
447 return NGX_MAIL_PARSE_INVALID_COMMAND;
448 }
449
450 p = s->login.data;
451 last = p + s->login.len;
452
453 while (p < last) {
454 if (*p++ == ' ') {
455 s->login.len = p - s->login.data - 1;
456 s->passwd.len = last - p;
457 s->passwd.data = p;
458 break;
459 }
460 }
461
462 if (s->passwd.len != 32) {
463 ngx_log_error(NGX_LOG_INFO, c->log, 0,
464 "client sent invalid CRAM-MD5 hash in AUTH CRAM-MD5 command");
465 return NGX_MAIL_PARSE_INVALID_COMMAND;
466 }
467
468 ngx_log_debug2(NGX_LOG_DEBUG_MAIL, c->log, 0,
469 "mail auth cram-md5: \"%V\" \"%V\"", &s->login, &s->passwd);
470
471 s->auth_method = NGX_MAIL_AUTH_CRAM_MD5;
472
473 return NGX_DONE;
331 } 474 }
332 475
333 476
334 void 477 void
335 ngx_mail_send(ngx_event_t *wev) 478 ngx_mail_send(ngx_event_t *wev)
394 return; 537 return;
395 } 538 }
396 } 539 }
397 540
398 541
399 static void 542 ngx_int_t
400 ngx_mail_init_protocol(ngx_event_t *rev) 543 ngx_mail_read_command(ngx_mail_session_t *s, ngx_connection_t *c)
401 { 544 {
402 size_t size; 545 ssize_t n;
403 ngx_connection_t *c; 546 ngx_int_t rc;
404 ngx_mail_session_t *s; 547 ngx_str_t l;
405 ngx_mail_core_srv_conf_t *cscf; 548 ngx_mail_core_srv_conf_t *cscf;
406 549
407 c = rev->data; 550 n = c->recv(c, s->buffer->last, s->buffer->end - s->buffer->last);
408 551
409 c->log->action = "in auth state"; 552 if (n == NGX_ERROR || n == 0) {
410
411 if (rev->timedout) {
412 ngx_log_error(NGX_LOG_INFO, c->log, NGX_ETIMEDOUT, "client timed out");
413 c->timedout = 1;
414 ngx_mail_close_connection(c); 553 ngx_mail_close_connection(c);
415 return; 554 return NGX_ERROR;
416 } 555 }
417 556
418 s = c->data; 557 if (n > 0) {
558 s->buffer->last += n;
559 }
560
561 if (n == NGX_AGAIN) {
562 if (ngx_handle_read_event(c->read, 0) == NGX_ERROR) {
563 ngx_mail_session_internal_server_error(s);
564 return NGX_ERROR;
565 }
566
567 return NGX_AGAIN;
568 }
569
419 cscf = ngx_mail_get_module_srv_conf(s, ngx_mail_core_module); 570 cscf = ngx_mail_get_module_srv_conf(s, ngx_mail_core_module);
420 571
421 if (cscf->handler_init_protocol) { 572 rc = cscf->protocol->parse_command(s);
422 cscf->handler_init_protocol(rev); 573
423 return; 574 if (rc == NGX_AGAIN) {
424 } 575
425 576 if (s->buffer->last < s->buffer->end) {
426 switch (s->protocol) { 577 return rc;
427 578 }
428 case NGX_MAIL_POP3_PROTOCOL: 579
429 size = 128; 580 l.len = s->buffer->last - s->buffer->start;
430 s->mail_state = ngx_pop3_start; 581 l.data = s->buffer->start;
431 c->read->handler = ngx_pop3_auth_state; 582
432 break; 583 ngx_log_error(NGX_LOG_INFO, c->log, 0,
433 584 "client sent too long command \"%V\"", &l);
434 case NGX_MAIL_IMAP_PROTOCOL: 585
435 size = cscf->imap_client_buffer_size; 586 s->quit = 1;
436 s->mail_state = ngx_imap_start; 587
437 c->read->handler = ngx_imap_auth_state; 588 return NGX_MAIL_PARSE_INVALID_COMMAND;
438 break; 589 }
439 590
440 default: /* NGX_MAIL_SMTP_PROTOCOL */ 591 if (rc == NGX_IMAP_NEXT || rc == NGX_MAIL_PARSE_INVALID_COMMAND) {
441 size = 512; 592 return rc;
442 s->mail_state = ngx_smtp_start; 593 }
443 c->read->handler = ngx_smtp_auth_state; 594
444 break; 595 if (rc == NGX_ERROR) {
445 } 596 ngx_mail_close_connection(c);
446 597 return NGX_ERROR;
447 if (s->buffer == NULL) { 598 }
448 if (ngx_array_init(&s->args, c->pool, 2, sizeof(ngx_str_t)) 599
449 == NGX_ERROR) 600 return NGX_OK;
450 {
451 ngx_mail_session_internal_server_error(s);
452 return;
453 }
454
455 s->buffer = ngx_create_temp_buf(c->pool, size);
456 if (s->buffer == NULL) {
457 ngx_mail_session_internal_server_error(s);
458 return;
459 }
460 }
461
462 if (cscf->handler_read) {
463 c->read->handler = cscf->handler_read;
464 }
465
466 c->read->handler(rev);
467 } 601 }
468 602
469 603
470 void 604 void
471 ngx_pop3_auth_state(ngx_event_t *rev) 605 ngx_mail_auth(ngx_mail_session_t *s, ngx_connection_t *c)
472 {
473 u_char *p, *last, *text;
474 ssize_t size;
475 ngx_int_t rc;
476 ngx_str_t *arg, salt;
477 ngx_connection_t *c;
478 ngx_mail_session_t *s;
479 ngx_mail_core_srv_conf_t *cscf;
480 #if (NGX_MAIL_SSL)
481 ngx_mail_ssl_conf_t *sslcf;
482 #endif
483
484 c = rev->data;
485 s = c->data;
486
487 ngx_log_debug0(NGX_LOG_DEBUG_MAIL, c->log, 0, "pop3 auth state");
488
489 if (rev->timedout) {
490 ngx_log_error(NGX_LOG_INFO, c->log, NGX_ETIMEDOUT, "client timed out");
491 c->timedout = 1;
492 ngx_mail_close_connection(c);
493 return;
494 }
495
496 if (s->out.len) {
497 ngx_log_debug0(NGX_LOG_DEBUG_MAIL, c->log, 0, "pop3 send handler busy");
498 s->blocked = 1;
499 return;
500 }
501
502 s->blocked = 0;
503
504 rc = ngx_mail_read_command(s);
505
506 if (rc == NGX_AGAIN || rc == NGX_ERROR) {
507 return;
508 }
509
510 text = pop3_ok;
511 size = sizeof(pop3_ok) - 1;
512
513 if (rc == NGX_OK) {
514 switch (s->mail_state) {
515
516 case ngx_pop3_start:
517
518 switch (s->command) {
519
520 case NGX_POP3_USER:
521
522 #if (NGX_MAIL_SSL)
523
524 if (c->ssl == NULL) {
525 sslcf = ngx_mail_get_module_srv_conf(s,
526 ngx_mail_ssl_module);
527
528 if (sslcf->starttls == NGX_MAIL_STARTTLS_ONLY) {
529 rc = NGX_MAIL_PARSE_INVALID_COMMAND;
530 break;
531 }
532 }
533 #endif
534
535 if (s->args.nelts == 1) {
536 s->mail_state = ngx_pop3_user;
537
538 arg = s->args.elts;
539 s->login.len = arg[0].len;
540 s->login.data = ngx_palloc(c->pool, s->login.len);
541 if (s->login.data == NULL) {
542 ngx_mail_session_internal_server_error(s);
543 return;
544 }
545
546 ngx_memcpy(s->login.data, arg[0].data, s->login.len);
547
548 ngx_log_debug1(NGX_LOG_DEBUG_MAIL, c->log, 0,
549 "pop3 login: \"%V\"", &s->login);
550
551 break;
552 }
553
554 rc = NGX_MAIL_PARSE_INVALID_COMMAND;
555 break;
556
557 case NGX_POP3_CAPA:
558 cscf = ngx_mail_get_module_srv_conf(s, ngx_mail_core_module);
559
560 #if (NGX_MAIL_SSL)
561
562 if (c->ssl == NULL) {
563 sslcf = ngx_mail_get_module_srv_conf(s,
564 ngx_mail_ssl_module);
565
566 if (sslcf->starttls == NGX_MAIL_STARTTLS_ON) {
567 size = cscf->pop3_starttls_capability.len;
568 text = cscf->pop3_starttls_capability.data;
569 break;
570 }
571
572 if (sslcf->starttls == NGX_MAIL_STARTTLS_ONLY) {
573 size = cscf->pop3_starttls_only_capability.len;
574 text = cscf->pop3_starttls_only_capability.data;
575 break;
576 }
577 }
578 #endif
579
580 size = cscf->pop3_capability.len;
581 text = cscf->pop3_capability.data;
582 break;
583
584 case NGX_POP3_APOP:
585
586 #if (NGX_MAIL_SSL)
587
588 if (c->ssl == NULL) {
589 sslcf = ngx_mail_get_module_srv_conf(s,
590 ngx_mail_ssl_module);
591
592 if (sslcf->starttls == NGX_MAIL_STARTTLS_ONLY) {
593 rc = NGX_MAIL_PARSE_INVALID_COMMAND;
594 break;
595 }
596 }
597 #endif
598
599 cscf = ngx_mail_get_module_srv_conf(s, ngx_mail_core_module);
600
601 if ((cscf->pop3_auth_methods & NGX_MAIL_AUTH_APOP_ENABLED)
602 && s->args.nelts == 2)
603 {
604 arg = s->args.elts;
605
606 s->login.len = arg[0].len;
607 s->login.data = ngx_palloc(c->pool, s->login.len);
608 if (s->login.data == NULL) {
609 ngx_mail_session_internal_server_error(s);
610 return;
611 }
612
613 ngx_memcpy(s->login.data, arg[0].data, s->login.len);
614
615 s->passwd.len = arg[1].len;
616 s->passwd.data = ngx_palloc(c->pool, s->passwd.len);
617 if (s->passwd.data == NULL) {
618 ngx_mail_session_internal_server_error(s);
619 return;
620 }
621
622 ngx_memcpy(s->passwd.data, arg[1].data, s->passwd.len);
623
624 ngx_log_debug2(NGX_LOG_DEBUG_MAIL, c->log, 0,
625 "pop3 apop: \"%V\" \"%V\"",
626 &s->login, &s->passwd);
627
628 s->auth_method = NGX_MAIL_AUTH_APOP;
629
630 ngx_mail_do_auth(s);
631 return;
632 }
633
634 rc = NGX_MAIL_PARSE_INVALID_COMMAND;
635 break;
636
637 case NGX_POP3_AUTH:
638
639 #if (NGX_MAIL_SSL)
640
641 if (c->ssl == NULL) {
642 sslcf = ngx_mail_get_module_srv_conf(s,
643 ngx_mail_ssl_module);
644
645 if (sslcf->starttls == NGX_MAIL_STARTTLS_ONLY) {
646 rc = NGX_MAIL_PARSE_INVALID_COMMAND;
647 break;
648 }
649 }
650 #endif
651
652 cscf = ngx_mail_get_module_srv_conf(s, ngx_mail_core_module);
653
654 if (s->args.nelts == 0) {
655 size = cscf->pop3_auth_capability.len;
656 text = cscf->pop3_auth_capability.data;
657 s->state = 0;
658 break;
659 }
660
661 arg = s->args.elts;
662
663 if (arg[0].len == 5) {
664
665 if (ngx_strncasecmp(arg[0].data, (u_char *) "LOGIN", 5)
666 == 0)
667 {
668
669 if (s->args.nelts != 1) {
670 rc = NGX_MAIL_PARSE_INVALID_COMMAND;
671 break;
672 }
673
674 s->mail_state = ngx_pop3_auth_login_username;
675
676 size = sizeof(pop3_username) - 1;
677 text = pop3_username;
678
679 break;
680
681 } else if (ngx_strncasecmp(arg[0].data, (u_char *) "PLAIN",
682 5)
683 == 0)
684 {
685
686 if (s->args.nelts == 1) {
687 s->mail_state = ngx_pop3_auth_plain;
688
689 size = sizeof(pop3_next) - 1;
690 text = pop3_next;
691
692 break;
693 }
694
695 if (s->args.nelts == 2) {
696
697 /*
698 * workaround for Eudora for Mac: it sends
699 * AUTH PLAIN [base64 encoded]
700 */
701
702 rc = ngx_mail_decode_auth_plain(s, &arg[1]);
703
704 if (rc == NGX_OK) {
705 ngx_mail_do_auth(s);
706 return;
707 }
708
709 if (rc == NGX_ERROR) {
710 ngx_mail_session_internal_server_error(s);
711 return;
712 }
713
714 /* rc == NGX_MAIL_PARSE_INVALID_COMMAND */
715
716 break;
717 }
718
719 rc = NGX_MAIL_PARSE_INVALID_COMMAND;
720 break;
721 }
722
723 } else if (arg[0].len == 8
724 && ngx_strncasecmp(arg[0].data,
725 (u_char *) "CRAM-MD5", 8)
726 == 0)
727 {
728 if (!(cscf->pop3_auth_methods
729 & NGX_MAIL_AUTH_CRAM_MD5_ENABLED)
730 || s->args.nelts != 1)
731 {
732 rc = NGX_MAIL_PARSE_INVALID_COMMAND;
733 break;
734 }
735
736 s->mail_state = ngx_pop3_auth_cram_md5;
737
738 text = ngx_palloc(c->pool,
739 sizeof("+ " CRLF) - 1
740 + ngx_base64_encoded_length(s->salt.len));
741 if (text == NULL) {
742 ngx_mail_session_internal_server_error(s);
743 return;
744 }
745
746 text[0] = '+'; text[1]= ' ';
747 salt.data = &text[2];
748 s->salt.len -= 2;
749
750 ngx_encode_base64(&salt, &s->salt);
751
752 s->salt.len += 2;
753 size = 2 + salt.len;
754 text[size++] = CR; text[size++] = LF;
755
756 break;
757 }
758
759 rc = NGX_MAIL_PARSE_INVALID_COMMAND;
760 break;
761
762 case NGX_POP3_QUIT:
763 s->quit = 1;
764 break;
765
766 case NGX_POP3_NOOP:
767 break;
768
769 #if (NGX_MAIL_SSL)
770
771 case NGX_POP3_STLS:
772 if (c->ssl == NULL) {
773 sslcf = ngx_mail_get_module_srv_conf(s,
774 ngx_mail_ssl_module);
775 if (sslcf->starttls) {
776 c->read->handler = ngx_mail_starttls_handler;
777 break;
778 }
779 }
780
781 rc = NGX_MAIL_PARSE_INVALID_COMMAND;
782 break;
783 #endif
784
785 default:
786 s->mail_state = ngx_pop3_start;
787 rc = NGX_MAIL_PARSE_INVALID_COMMAND;
788 break;
789 }
790
791 break;
792
793 case ngx_pop3_user:
794
795 switch (s->command) {
796
797 case NGX_POP3_PASS:
798 if (s->args.nelts == 1) {
799 arg = s->args.elts;
800 s->passwd.len = arg[0].len;
801 s->passwd.data = ngx_palloc(c->pool, s->passwd.len);
802 if (s->passwd.data == NULL) {
803 ngx_mail_session_internal_server_error(s);
804 return;
805 }
806
807 ngx_memcpy(s->passwd.data, arg[0].data, s->passwd.len);
808
809 #if (NGX_DEBUG_MAIL_PASSWD)
810 ngx_log_debug1(NGX_LOG_DEBUG_MAIL, c->log, 0,
811 "pop3 passwd: \"%V\"", &s->passwd);
812 #endif
813
814 ngx_mail_do_auth(s);
815 return;
816 }
817
818 rc = NGX_MAIL_PARSE_INVALID_COMMAND;
819 break;
820
821 case NGX_POP3_CAPA:
822 cscf = ngx_mail_get_module_srv_conf(s, ngx_mail_core_module);
823 size = cscf->pop3_capability.len;
824 text = cscf->pop3_capability.data;
825 break;
826
827 case NGX_POP3_QUIT:
828 s->quit = 1;
829 break;
830
831 case NGX_POP3_NOOP:
832 break;
833
834 default:
835 s->mail_state = ngx_pop3_start;
836 rc = NGX_MAIL_PARSE_INVALID_COMMAND;
837 break;
838 }
839
840 break;
841
842 /* suppress warinings */
843 case ngx_pop3_passwd:
844 break;
845
846 case ngx_pop3_auth_login_username:
847 arg = s->args.elts;
848 s->mail_state = ngx_pop3_auth_login_password;
849
850 ngx_log_debug1(NGX_LOG_DEBUG_MAIL, c->log, 0,
851 "pop3 auth login username: \"%V\"", &arg[0]);
852
853 s->login.data = ngx_palloc(c->pool,
854 ngx_base64_decoded_length(arg[0].len));
855 if (s->login.data == NULL){
856 ngx_mail_session_internal_server_error(s);
857 return;
858 }
859
860 if (ngx_decode_base64(&s->login, &arg[0]) != NGX_OK) {
861 ngx_log_error(NGX_LOG_INFO, c->log, 0,
862 "client sent invalid base64 encoding "
863 "in AUTH LOGIN command");
864 rc = NGX_MAIL_PARSE_INVALID_COMMAND;
865 break;
866 }
867
868 ngx_log_debug1(NGX_LOG_DEBUG_MAIL, c->log, 0,
869 "pop3 auth login username: \"%V\"", &s->login);
870
871 size = sizeof(pop3_password) - 1;
872 text = pop3_password;
873
874 break;
875
876 case ngx_pop3_auth_login_password:
877 arg = s->args.elts;
878
879 #if (NGX_DEBUG_MAIL_PASSWD)
880 ngx_log_debug1(NGX_LOG_DEBUG_MAIL, c->log, 0,
881 "pop3 auth login password: \"%V\"", &arg[0]);
882 #endif
883
884 s->passwd.data = ngx_palloc(c->pool,
885 ngx_base64_decoded_length(arg[0].len));
886 if (s->passwd.data == NULL){
887 ngx_mail_session_internal_server_error(s);
888 return;
889 }
890
891 if (ngx_decode_base64(&s->passwd, &arg[0]) != NGX_OK) {
892 ngx_log_error(NGX_LOG_INFO, c->log, 0,
893 "client sent invalid base64 encoding "
894 "in AUTH LOGIN command");
895 rc = NGX_MAIL_PARSE_INVALID_COMMAND;
896 break;
897 }
898
899 #if (NGX_DEBUG_MAIL_PASSWD)
900 ngx_log_debug1(NGX_LOG_DEBUG_MAIL, c->log, 0,
901 "pop3 auth login password: \"%V\"", &s->passwd);
902 #endif
903
904 ngx_mail_do_auth(s);
905 return;
906
907 case ngx_pop3_auth_plain:
908 arg = s->args.elts;
909
910 rc = ngx_mail_decode_auth_plain(s, &arg[0]);
911
912 if (rc == NGX_OK) {
913 ngx_mail_do_auth(s);
914 return;
915 }
916
917 if (rc == NGX_ERROR) {
918 ngx_mail_session_internal_server_error(s);
919 return;
920 }
921
922 /* rc == NGX_MAIL_PARSE_INVALID_COMMAND */
923
924 break;
925
926 case ngx_pop3_auth_cram_md5:
927 arg = s->args.elts;
928
929 ngx_log_debug1(NGX_LOG_DEBUG_MAIL, c->log, 0,
930 "pop3 auth cram-md5: \"%V\"", &arg[0]);
931
932 s->login.data = ngx_palloc(c->pool,
933 ngx_base64_decoded_length(arg[0].len));
934 if (s->login.data == NULL){
935 ngx_mail_session_internal_server_error(s);
936 return;
937 }
938
939 if (ngx_decode_base64(&s->login, &arg[0]) != NGX_OK) {
940 ngx_log_error(NGX_LOG_INFO, c->log, 0,
941 "client sent invalid base64 encoding "
942 "in AUTH CRAM-MD5 command");
943 rc = NGX_MAIL_PARSE_INVALID_COMMAND;
944 break;
945 }
946
947 p = s->login.data;
948 last = p + s->login.len;
949
950 while (p < last) {
951 if (*p++ == ' ') {
952 s->login.len = p - s->login.data - 1;
953 s->passwd.len = last - p;
954 s->passwd.data = p;
955 break;
956 }
957 }
958
959 if (s->passwd.len != 32) {
960 ngx_log_error(NGX_LOG_INFO, c->log, 0,
961 "client sent invalid CRAM-MD5 hash "
962 "in AUTH CRAM-MD5 command");
963 rc = NGX_MAIL_PARSE_INVALID_COMMAND;
964 break;
965 }
966
967 ngx_log_debug2(NGX_LOG_DEBUG_MAIL, c->log, 0,
968 "pop3 auth cram-md5: \"%V\" \"%V\"",
969 &s->login, &s->passwd);
970
971 s->auth_method = NGX_MAIL_AUTH_CRAM_MD5;
972
973 ngx_mail_do_auth(s);
974 return;
975 }
976 }
977
978 if (rc == NGX_MAIL_PARSE_INVALID_COMMAND) {
979 s->mail_state = ngx_pop3_start;
980 s->state = 0;
981 text = pop3_invalid_command;
982 size = sizeof(pop3_invalid_command) - 1;
983 }
984
985 s->args.nelts = 0;
986 s->buffer->pos = s->buffer->start;
987 s->buffer->last = s->buffer->start;
988
989 if (s->state) {
990 s->arg_start = s->buffer->start;
991 }
992
993 s->out.data = text;
994 s->out.len = size;
995
996 ngx_mail_send(c->write);
997 }
998
999
1000 void
1001 ngx_imap_auth_state(ngx_event_t *rev)
1002 {
1003 u_char *p, *last, *text, *dst, *src, *end;
1004 ssize_t text_len, last_len;
1005 ngx_str_t *arg, salt;
1006 ngx_int_t rc;
1007 ngx_uint_t tag, i;
1008 ngx_connection_t *c;
1009 ngx_mail_session_t *s;
1010 ngx_mail_core_srv_conf_t *cscf;
1011 #if (NGX_MAIL_SSL)
1012 ngx_mail_ssl_conf_t *sslcf;
1013 #endif
1014
1015 c = rev->data;
1016 s = c->data;
1017
1018 ngx_log_debug0(NGX_LOG_DEBUG_MAIL, c->log, 0, "imap auth state");
1019
1020 if (rev->timedout) {
1021 ngx_log_error(NGX_LOG_INFO, c->log, NGX_ETIMEDOUT, "client timed out");
1022 c->timedout = 1;
1023 ngx_mail_close_connection(c);
1024 return;
1025 }
1026
1027 if (s->out.len) {
1028 ngx_log_debug0(NGX_LOG_DEBUG_MAIL, c->log, 0, "imap send handler busy");
1029 s->blocked = 1;
1030 return;
1031 }
1032
1033 s->blocked = 0;
1034
1035 rc = ngx_mail_read_command(s);
1036
1037 if (rc == NGX_AGAIN || rc == NGX_ERROR) {
1038 return;
1039 }
1040
1041 tag = 1;
1042
1043 text = NULL;
1044 text_len = 0;
1045
1046 last = imap_ok;
1047 last_len = sizeof(imap_ok) - 1;
1048
1049 if (rc == NGX_OK) {
1050
1051 ngx_log_debug1(NGX_LOG_DEBUG_MAIL, c->log, 0, "imap auth command: %i",
1052 s->command);
1053
1054 if (s->backslash) {
1055
1056 arg = s->args.elts;
1057
1058 for (i = 0; i < s->args.nelts; i++) {
1059 dst = arg[i].data;
1060 end = dst + arg[i].len;
1061
1062 for (src = dst; src < end; dst++) {
1063 *dst = *src;
1064 if (*src++ == '\\') {
1065 *dst = *src++;
1066 }
1067 }
1068
1069 arg[i].len = dst - arg[i].data;
1070 }
1071
1072 s->backslash = 0;
1073 }
1074
1075 switch (s->mail_state) {
1076
1077 case ngx_imap_start:
1078
1079 switch (s->command) {
1080
1081 case NGX_IMAP_LOGIN:
1082
1083 #if (NGX_MAIL_SSL)
1084
1085 if (c->ssl == NULL) {
1086 sslcf = ngx_mail_get_module_srv_conf(s, ngx_mail_ssl_module);
1087
1088 if (sslcf->starttls == NGX_MAIL_STARTTLS_ONLY) {
1089 rc = NGX_MAIL_PARSE_INVALID_COMMAND;
1090 break;
1091 }
1092 }
1093 #endif
1094
1095 arg = s->args.elts;
1096
1097 if (s->args.nelts == 2 && arg[0].len) {
1098
1099 s->login.len = arg[0].len;
1100 s->login.data = ngx_palloc(c->pool, s->login.len);
1101 if (s->login.data == NULL) {
1102 ngx_mail_session_internal_server_error(s);
1103 return;
1104 }
1105
1106 ngx_memcpy(s->login.data, arg[0].data, s->login.len);
1107
1108 s->passwd.len = arg[1].len;
1109 s->passwd.data = ngx_palloc(c->pool, s->passwd.len);
1110 if (s->passwd.data == NULL) {
1111 ngx_mail_session_internal_server_error(s);
1112 return;
1113 }
1114
1115 ngx_memcpy(s->passwd.data, arg[1].data, s->passwd.len);
1116
1117 #if (NGX_DEBUG_MAIL_PASSWD)
1118 ngx_log_debug2(NGX_LOG_DEBUG_MAIL, c->log, 0,
1119 "imap login:\"%V\" passwd:\"%V\"",
1120 &s->login, &s->passwd);
1121 #else
1122 ngx_log_debug1(NGX_LOG_DEBUG_MAIL, c->log, 0,
1123 "imap login:\"%V\"", &s->login);
1124 #endif
1125
1126 ngx_mail_do_auth(s);
1127 return;
1128 }
1129
1130 rc = NGX_MAIL_PARSE_INVALID_COMMAND;
1131 break;
1132
1133 case NGX_IMAP_AUTHENTICATE:
1134
1135 #if (NGX_MAIL_SSL)
1136
1137 if (c->ssl == NULL) {
1138 sslcf = ngx_mail_get_module_srv_conf(s, ngx_mail_ssl_module);
1139
1140 if (sslcf->starttls == NGX_MAIL_STARTTLS_ONLY) {
1141 rc = NGX_MAIL_PARSE_INVALID_COMMAND;
1142 break;
1143 }
1144 }
1145 #endif
1146
1147 if (s->args.nelts != 1) {
1148 rc = NGX_MAIL_PARSE_INVALID_COMMAND;
1149 break;
1150 }
1151
1152 arg = s->args.elts;
1153
1154 if (arg[0].len == 5) {
1155
1156 if (ngx_strncasecmp(arg[0].data, (u_char *) "LOGIN", 5)
1157 == 0)
1158 {
1159
1160 s->mail_state = ngx_imap_auth_login_username;
1161
1162 last_len = sizeof(pop3_username) - 1;
1163 last = pop3_username;
1164 tag = 0;
1165
1166 break;
1167
1168 } else if (ngx_strncasecmp(arg[0].data, (u_char *) "PLAIN",
1169 5)
1170 == 0)
1171 {
1172
1173 s->mail_state = ngx_imap_auth_plain;
1174
1175 last_len = sizeof(pop3_next) - 1;
1176 last = pop3_next;
1177 tag = 0;
1178
1179 break;
1180 }
1181
1182 } else if (arg[0].len == 8
1183 && ngx_strncasecmp(arg[0].data,
1184 (u_char *) "CRAM-MD5", 8)
1185 == 0)
1186 {
1187 cscf = ngx_mail_get_module_srv_conf(s, ngx_mail_core_module);
1188
1189 if (!(cscf->imap_auth_methods
1190 & NGX_MAIL_AUTH_CRAM_MD5_ENABLED)
1191 || s->args.nelts != 1)
1192 {
1193 rc = NGX_MAIL_PARSE_INVALID_COMMAND;
1194 break;
1195 }
1196
1197 s->mail_state = ngx_imap_auth_cram_md5;
1198
1199 last = ngx_palloc(c->pool,
1200 sizeof("+ " CRLF) - 1
1201 + ngx_base64_encoded_length(s->salt.len));
1202 if (last == NULL) {
1203 ngx_mail_session_internal_server_error(s);
1204 return;
1205 }
1206
1207 last[0] = '+'; last[1]= ' ';
1208 salt.data = &last[2];
1209 s->salt.len -= 2;
1210
1211 ngx_encode_base64(&salt, &s->salt);
1212
1213 s->salt.len += 2;
1214 last_len = 2 + salt.len;
1215 last[last_len++] = CR; last[last_len++] = LF;
1216 tag = 0;
1217
1218 break;
1219 }
1220
1221 rc = NGX_MAIL_PARSE_INVALID_COMMAND;
1222 break;
1223
1224 case NGX_IMAP_CAPABILITY:
1225 cscf = ngx_mail_get_module_srv_conf(s, ngx_mail_core_module);
1226
1227 #if (NGX_MAIL_SSL)
1228
1229 if (c->ssl == NULL) {
1230 sslcf = ngx_mail_get_module_srv_conf(s, ngx_mail_ssl_module);
1231
1232 if (sslcf->starttls == NGX_MAIL_STARTTLS_ON) {
1233 text_len = cscf->imap_starttls_capability.len;
1234 text = cscf->imap_starttls_capability.data;
1235 break;
1236 }
1237
1238 if (sslcf->starttls == NGX_MAIL_STARTTLS_ONLY) {
1239 text_len = cscf->imap_starttls_only_capability.len;
1240 text = cscf->imap_starttls_only_capability.data;
1241 break;
1242 }
1243 }
1244 #endif
1245
1246 text_len = cscf->imap_capability.len;
1247 text = cscf->imap_capability.data;
1248 break;
1249
1250 case NGX_IMAP_LOGOUT:
1251 s->quit = 1;
1252 text = imap_bye;
1253 text_len = sizeof(imap_bye) - 1;
1254 break;
1255
1256 case NGX_IMAP_NOOP:
1257 break;
1258
1259 #if (NGX_MAIL_SSL)
1260
1261 case NGX_IMAP_STARTTLS:
1262 if (c->ssl == NULL) {
1263 sslcf = ngx_mail_get_module_srv_conf(s, ngx_mail_ssl_module);
1264 if (sslcf->starttls) {
1265 c->read->handler = ngx_mail_starttls_handler;
1266 break;
1267 }
1268 }
1269
1270 rc = NGX_MAIL_PARSE_INVALID_COMMAND;
1271 break;
1272 #endif
1273
1274 default:
1275 rc = NGX_MAIL_PARSE_INVALID_COMMAND;
1276 break;
1277 }
1278
1279 break;
1280
1281 case ngx_imap_auth_login_username:
1282 arg = s->args.elts;
1283 s->mail_state = ngx_imap_auth_login_password;
1284
1285 ngx_log_debug1(NGX_LOG_DEBUG_MAIL, c->log, 0,
1286 "imap auth login username: \"%V\"", &arg[0]);
1287
1288 s->login.data = ngx_palloc(c->pool,
1289 ngx_base64_decoded_length(arg[0].len));
1290 if (s->login.data == NULL){
1291 ngx_mail_session_internal_server_error(s);
1292 return;
1293 }
1294
1295 if (ngx_decode_base64(&s->login, &arg[0]) != NGX_OK) {
1296 ngx_log_error(NGX_LOG_INFO, c->log, 0,
1297 "client sent invalid base64 encoding "
1298 "in AUTH LOGIN command");
1299 rc = NGX_MAIL_PARSE_INVALID_COMMAND;
1300 break;
1301 }
1302
1303 ngx_log_debug1(NGX_LOG_DEBUG_MAIL, c->log, 0,
1304 "imap auth login username: \"%V\"", &s->login);
1305
1306 last_len = sizeof(pop3_password) - 1;
1307 last = pop3_password;
1308 tag = 0;
1309
1310 break;
1311
1312 case ngx_imap_auth_login_password:
1313 arg = s->args.elts;
1314
1315 #if (NGX_DEBUG_MAIL_PASSWD)
1316 ngx_log_debug1(NGX_LOG_DEBUG_MAIL, c->log, 0,
1317 "imap auth login password: \"%V\"", &arg[0]);
1318 #endif
1319
1320 s->passwd.data = ngx_palloc(c->pool,
1321 ngx_base64_decoded_length(arg[0].len));
1322 if (s->passwd.data == NULL){
1323 ngx_mail_session_internal_server_error(s);
1324 return;
1325 }
1326
1327 if (ngx_decode_base64(&s->passwd, &arg[0]) != NGX_OK) {
1328 ngx_log_error(NGX_LOG_INFO, c->log, 0,
1329 "client sent invalid base64 encoding "
1330 "in AUTH LOGIN command");
1331 rc = NGX_MAIL_PARSE_INVALID_COMMAND;
1332 break;
1333 }
1334
1335 #if (NGX_DEBUG_MAIL_PASSWD)
1336 ngx_log_debug1(NGX_LOG_DEBUG_MAIL, c->log, 0,
1337 "imap auth login password: \"%V\"", &s->passwd);
1338 #endif
1339
1340 ngx_mail_do_auth(s);
1341 return;
1342
1343 case ngx_imap_auth_plain:
1344 arg = s->args.elts;
1345
1346 rc = ngx_mail_decode_auth_plain(s, &arg[0]);
1347
1348 if (rc == NGX_OK) {
1349 ngx_mail_do_auth(s);
1350 return;
1351 }
1352
1353 if (rc == NGX_ERROR) {
1354 ngx_mail_session_internal_server_error(s);
1355 return;
1356 }
1357
1358 /* rc == NGX_MAIL_PARSE_INVALID_COMMAND */
1359
1360 break;
1361
1362 case ngx_imap_auth_cram_md5:
1363 arg = s->args.elts;
1364
1365 ngx_log_debug1(NGX_LOG_DEBUG_MAIL, c->log, 0,
1366 "imap auth cram-md5: \"%V\"", &arg[0]);
1367
1368 s->login.data = ngx_palloc(c->pool,
1369 ngx_base64_decoded_length(arg[0].len));
1370 if (s->login.data == NULL){
1371 ngx_mail_session_internal_server_error(s);
1372 return;
1373 }
1374
1375 if (ngx_decode_base64(&s->login, &arg[0]) != NGX_OK) {
1376 ngx_log_error(NGX_LOG_INFO, c->log, 0,
1377 "client sent invalid base64 encoding "
1378 "in AUTH CRAM-MD5 command");
1379 rc = NGX_MAIL_PARSE_INVALID_COMMAND;
1380 break;
1381 }
1382
1383 p = s->login.data;
1384 last = p + s->login.len;
1385
1386 while (p < last) {
1387 if (*p++ == ' ') {
1388 s->login.len = p - s->login.data - 1;
1389 s->passwd.len = last - p;
1390 s->passwd.data = p;
1391 break;
1392 }
1393 }
1394
1395 if (s->passwd.len != 32) {
1396 ngx_log_error(NGX_LOG_INFO, c->log, 0,
1397 "client sent invalid CRAM-MD5 hash "
1398 "in AUTH CRAM-MD5 command");
1399 rc = NGX_MAIL_PARSE_INVALID_COMMAND;
1400 break;
1401 }
1402
1403 ngx_log_debug2(NGX_LOG_DEBUG_MAIL, c->log, 0,
1404 "imap auth cram-md5: \"%V\" \"%V\"",
1405 &s->login, &s->passwd);
1406
1407 s->auth_method = NGX_MAIL_AUTH_CRAM_MD5;
1408
1409 ngx_mail_do_auth(s);
1410 return;
1411 }
1412
1413 } else if (rc == NGX_IMAP_NEXT) {
1414 last = imap_next;
1415 last_len = sizeof(imap_next) - 1;
1416 tag = 0;
1417 }
1418
1419 if (rc == NGX_MAIL_PARSE_INVALID_COMMAND) {
1420 s->mail_state = ngx_imap_start;
1421 s->state = 0;
1422 last = imap_invalid_command;
1423 last_len = sizeof(imap_invalid_command) - 1;
1424 }
1425
1426 if (tag) {
1427 if (s->tag.len == 0) {
1428 s->tag.len = sizeof(imap_star) - 1;
1429 s->tag.data = (u_char *) imap_star;
1430 }
1431
1432 if (s->tagged_line.len < s->tag.len + text_len + last_len) {
1433 s->tagged_line.len = s->tag.len + text_len + last_len;
1434 s->tagged_line.data = ngx_palloc(c->pool, s->tagged_line.len);
1435 if (s->tagged_line.data == NULL) {
1436 ngx_mail_close_connection(c);
1437 return;
1438 }
1439 }
1440
1441 s->out.data = s->tagged_line.data;
1442 s->out.len = s->tag.len + text_len + last_len;
1443
1444 p = s->out.data;
1445
1446 if (text) {
1447 p = ngx_cpymem(p, text, text_len);
1448 }
1449 p = ngx_cpymem(p, s->tag.data, s->tag.len);
1450 ngx_memcpy(p, last, last_len);
1451
1452
1453 } else {
1454 s->out.data = last;
1455 s->out.len = last_len;
1456 }
1457
1458 if (rc != NGX_IMAP_NEXT) {
1459 s->args.nelts = 0;
1460
1461 if (s->state) {
1462 /* preserve tag */
1463 s->arg_start = s->buffer->start + s->tag.len;
1464 s->buffer->pos = s->arg_start;
1465 s->buffer->last = s->arg_start;
1466
1467 } else {
1468 s->buffer->pos = s->buffer->start;
1469 s->buffer->last = s->buffer->start;
1470 s->tag.len = 0;
1471 }
1472 }
1473
1474 ngx_mail_send(c->write);
1475 }
1476
1477
1478 void
1479 ngx_smtp_auth_state(ngx_event_t *rev)
1480 {
1481 u_char *p, *last, *text, ch;
1482 ssize_t size;
1483 ngx_int_t rc;
1484 ngx_str_t *arg, salt, l;
1485 ngx_uint_t i;
1486 ngx_connection_t *c;
1487 ngx_mail_session_t *s;
1488 ngx_mail_core_srv_conf_t *cscf;
1489 #if (NGX_MAIL_SSL)
1490 ngx_mail_ssl_conf_t *sslcf;
1491 #endif
1492
1493 c = rev->data;
1494 s = c->data;
1495
1496 ngx_log_debug0(NGX_LOG_DEBUG_MAIL, c->log, 0, "smtp auth state");
1497
1498 if (rev->timedout) {
1499 ngx_log_error(NGX_LOG_INFO, c->log, NGX_ETIMEDOUT, "client timed out");
1500 c->timedout = 1;
1501 ngx_mail_close_connection(c);
1502 return;
1503 }
1504
1505 if (s->out.len) {
1506 ngx_log_debug0(NGX_LOG_DEBUG_MAIL, c->log, 0, "smtp send handler busy");
1507 s->blocked = 1;
1508 return;
1509 }
1510
1511 s->blocked = 0;
1512
1513 rc = ngx_mail_read_command(s);
1514
1515 if (rc == NGX_AGAIN || rc == NGX_ERROR) {
1516 return;
1517 }
1518
1519 text = NULL;
1520 size = 0;
1521
1522 if (rc == NGX_OK) {
1523 switch (s->mail_state) {
1524
1525 case ngx_smtp_start:
1526
1527 switch (s->command) {
1528
1529 case NGX_SMTP_HELO:
1530 case NGX_SMTP_EHLO:
1531 cscf = ngx_mail_get_module_srv_conf(s, ngx_mail_core_module);
1532
1533 if (s->args.nelts != 1) {
1534 text = smtp_invalid_argument;
1535 size = sizeof(smtp_invalid_argument) - 1;
1536 s->state = 0;
1537 break;
1538 }
1539
1540 arg = s->args.elts;
1541
1542 s->smtp_helo.len = arg[0].len;
1543
1544 s->smtp_helo.data = ngx_palloc(c->pool, arg[0].len);
1545 if (s->smtp_helo.data == NULL) {
1546 ngx_mail_session_internal_server_error(s);
1547 return;
1548 }
1549
1550 ngx_memcpy(s->smtp_helo.data, arg[0].data, arg[0].len);
1551
1552 s->smtp_from.len = 0;
1553 s->smtp_from.data = NULL;
1554 s->smtp_to.len = 0;
1555 s->smtp_to.data = NULL;
1556
1557 if (s->command == NGX_SMTP_HELO) {
1558 size = cscf->smtp_server_name.len;
1559 text = cscf->smtp_server_name.data;
1560
1561 } else {
1562 s->esmtp = 1;
1563
1564 #if (NGX_MAIL_SSL)
1565
1566 if (c->ssl == NULL) {
1567 sslcf = ngx_mail_get_module_srv_conf(s, ngx_mail_ssl_module);
1568
1569 if (sslcf->starttls == NGX_MAIL_STARTTLS_ON) {
1570 size = cscf->smtp_starttls_capability.len;
1571 text = cscf->smtp_starttls_capability.data;
1572 break;
1573 }
1574
1575 if (sslcf->starttls == NGX_MAIL_STARTTLS_ONLY) {
1576 size = cscf->smtp_starttls_only_capability.len;
1577 text = cscf->smtp_starttls_only_capability.data;
1578 break;
1579 }
1580 }
1581 #endif
1582
1583 size = cscf->smtp_capability.len;
1584 text = cscf->smtp_capability.data;
1585 }
1586
1587 break;
1588
1589 case NGX_SMTP_RSET:
1590
1591 s->smtp_from.len = 0;
1592 s->smtp_from.data = NULL;
1593 s->smtp_to.len = 0;
1594 s->smtp_to.data = NULL;
1595
1596 text = smtp_ok;
1597 size = sizeof(smtp_ok) - 1;
1598 break;
1599
1600 case NGX_SMTP_AUTH:
1601
1602 #if (NGX_MAIL_SSL)
1603
1604 if (c->ssl == NULL) {
1605 sslcf = ngx_mail_get_module_srv_conf(s, ngx_mail_ssl_module);
1606
1607 if (sslcf->starttls == NGX_MAIL_STARTTLS_ONLY) {
1608 rc = NGX_MAIL_PARSE_INVALID_COMMAND;
1609 break;
1610 }
1611 }
1612 #endif
1613
1614 if (s->args.nelts == 0) {
1615 text = smtp_invalid_argument;
1616 size = sizeof(smtp_invalid_argument) - 1;
1617 s->state = 0;
1618 break;
1619 }
1620
1621 arg = s->args.elts;
1622
1623 if (arg[0].len == 5) {
1624
1625 if (ngx_strncasecmp(arg[0].data, (u_char *) "LOGIN", 5)
1626 == 0)
1627 {
1628
1629 if (s->args.nelts != 1) {
1630 rc = NGX_MAIL_PARSE_INVALID_COMMAND;
1631 break;
1632 }
1633
1634 s->mail_state = ngx_smtp_auth_login_username;
1635
1636 size = sizeof(smtp_username) - 1;
1637 text = smtp_username;
1638
1639 break;
1640
1641 } else if (ngx_strncasecmp(arg[0].data, (u_char *) "PLAIN",
1642 5)
1643 == 0)
1644 {
1645 if (s->args.nelts == 1) {
1646 s->mail_state = ngx_smtp_auth_plain;
1647
1648 size = sizeof(smtp_next) - 1;
1649 text = smtp_next;
1650
1651 break;
1652 }
1653
1654 if (s->args.nelts == 2) {
1655
1656 rc = ngx_mail_decode_auth_plain(s, &arg[1]);
1657
1658 if (rc == NGX_OK) {
1659 ngx_mail_do_auth(s);
1660 return;
1661 }
1662
1663 if (rc == NGX_ERROR) {
1664 ngx_mail_session_internal_server_error(s);
1665 return;
1666 }
1667
1668 /* rc == NGX_MAIL_PARSE_INVALID_COMMAND */
1669
1670 break;
1671 }
1672
1673 rc = NGX_MAIL_PARSE_INVALID_COMMAND;
1674 break;
1675 }
1676
1677 } else if (arg[0].len == 8
1678 && ngx_strncasecmp(arg[0].data,
1679 (u_char *) "CRAM-MD5", 8)
1680 == 0)
1681 {
1682 cscf = ngx_mail_get_module_srv_conf(s,
1683 ngx_mail_core_module);
1684
1685 if (!(cscf->smtp_auth_methods
1686 & NGX_MAIL_AUTH_CRAM_MD5_ENABLED)
1687 || s->args.nelts != 1)
1688 {
1689 rc = NGX_MAIL_PARSE_INVALID_COMMAND;
1690 break;
1691 }
1692
1693 s->mail_state = ngx_smtp_auth_cram_md5;
1694
1695 text = ngx_palloc(c->pool,
1696 sizeof("334 " CRLF) - 1
1697 + ngx_base64_encoded_length(s->salt.len));
1698 if (text == NULL) {
1699 ngx_mail_session_internal_server_error(s);
1700 return;
1701 }
1702
1703 text[0] = '3'; text[1]= '3'; text[2] = '4'; text[3]= ' ';
1704 salt.data = &text[4];
1705 s->salt.len -= 2;
1706
1707 ngx_encode_base64(&salt, &s->salt);
1708
1709 s->salt.len += 2;
1710 size = 4 + salt.len;
1711 text[size++] = CR; text[size++] = LF;
1712
1713 break;
1714 }
1715
1716 rc = NGX_MAIL_PARSE_INVALID_COMMAND;
1717 break;
1718
1719 case NGX_SMTP_QUIT:
1720 s->quit = 1;
1721 text = smtp_bye;
1722 size = sizeof(smtp_bye) - 1;
1723 break;
1724
1725 case NGX_SMTP_MAIL:
1726 cscf = ngx_mail_get_module_srv_conf(s, ngx_mail_core_module);
1727
1728 if (s->connection->log->log_level >= NGX_LOG_INFO
1729 || (cscf->smtp_auth_methods
1730 & NGX_MAIL_AUTH_NONE_ENABLED))
1731 {
1732 l.len = s->buffer->last - s->buffer->start;
1733 l.data = s->buffer->start;
1734
1735 for (i = 0; i < l.len; i++) {
1736 ch = l.data[i];
1737
1738 if (ch != CR && ch != LF) {
1739 continue;
1740 }
1741
1742 l.data[i] = ' ';
1743 }
1744
1745 while (i) {
1746 if (l.data[i - 1] != ' ') {
1747 break;
1748 }
1749
1750 i--;
1751 }
1752
1753 l.len = i;
1754
1755 if (!(cscf->smtp_auth_methods
1756 & NGX_MAIL_AUTH_NONE_ENABLED))
1757 {
1758 ngx_log_error(NGX_LOG_INFO, s->connection->log, 0,
1759 "client was rejected: \"%V\"", &l);
1760 }
1761
1762 }
1763
1764 if (!(cscf->smtp_auth_methods & NGX_MAIL_AUTH_NONE_ENABLED))
1765 {
1766 text = smtp_auth_required;
1767 size = sizeof(smtp_auth_required) - 1;
1768 break;
1769 }
1770
1771 /* auth none */
1772
1773 if (s->smtp_from.len) {
1774 text = smtp_bad_sequence;
1775 size = sizeof(smtp_bad_sequence) - 1;
1776 break;
1777 }
1778
1779 s->smtp_from.len = l.len;
1780
1781 s->smtp_from.data = ngx_palloc(c->pool, l.len);
1782 if (s->smtp_from.data == NULL) {
1783 ngx_mail_session_internal_server_error(s);
1784 return;
1785 }
1786
1787 ngx_memcpy(s->smtp_from.data, l.data, l.len);
1788
1789 text = smtp_ok;
1790 size = sizeof(smtp_ok) - 1;
1791 break;
1792
1793 case NGX_SMTP_RCPT:
1794
1795 if (s->smtp_from.len == 0) {
1796 text = smtp_bad_sequence;
1797 size = sizeof(smtp_bad_sequence) - 1;
1798 break;
1799 }
1800
1801 l.len = s->buffer->last - s->buffer->start;
1802 l.data = s->buffer->start;
1803
1804 for (i = 0; i < l.len; i++) {
1805 ch = l.data[i];
1806
1807 if (ch != CR && ch != LF) {
1808 continue;
1809 }
1810
1811 l.data[i] = ' ';
1812 }
1813
1814 while (i) {
1815 if (l.data[i - 1] != ' ') {
1816 break;
1817 }
1818
1819 i--;
1820 }
1821
1822 l.len = i;
1823
1824 s->smtp_to.len = l.len;
1825
1826 s->smtp_to.data = ngx_palloc(c->pool, l.len);
1827 if (s->smtp_to.data == NULL) {
1828 ngx_mail_session_internal_server_error(s);
1829 return;
1830 }
1831
1832 ngx_memcpy(s->smtp_to.data, l.data, l.len);
1833
1834 s->auth_method = NGX_MAIL_AUTH_NONE;
1835
1836 ngx_mail_do_auth(s);
1837 return;
1838
1839 case NGX_SMTP_NOOP:
1840 text = smtp_ok;
1841 size = sizeof(smtp_ok) - 1;
1842 break;
1843
1844 #if (NGX_MAIL_SSL)
1845
1846 case NGX_SMTP_STARTTLS:
1847 if (c->ssl == NULL) {
1848 sslcf = ngx_mail_get_module_srv_conf(s,
1849 ngx_mail_ssl_module);
1850 if (sslcf->starttls) {
1851 c->read->handler = ngx_mail_starttls_handler;
1852
1853 /*
1854 * RFC3207 requires us to discard any knowledge
1855 * obtained from client before STARTTLS.
1856 */
1857
1858 s->smtp_helo.len = 0;
1859 s->smtp_helo.data = NULL;
1860 s->smtp_from.len = 0;
1861 s->smtp_from.data = NULL;
1862 s->smtp_to.len = 0;
1863 s->smtp_to.data = NULL;
1864
1865 text = smtp_ok;
1866 size = sizeof(smtp_ok) - 1;
1867
1868 break;
1869 }
1870 }
1871
1872 rc = NGX_MAIL_PARSE_INVALID_COMMAND;
1873 break;
1874 #endif
1875
1876 default:
1877 rc = NGX_MAIL_PARSE_INVALID_COMMAND;
1878 break;
1879 }
1880
1881 break;
1882
1883 case ngx_smtp_auth_login_username:
1884 arg = s->args.elts;
1885 s->mail_state = ngx_smtp_auth_login_password;
1886
1887 ngx_log_debug1(NGX_LOG_DEBUG_MAIL, c->log, 0,
1888 "smtp auth login username: \"%V\"", &arg[0]);
1889
1890 s->login.data = ngx_palloc(c->pool,
1891 ngx_base64_decoded_length(arg[0].len));
1892 if (s->login.data == NULL){
1893 ngx_mail_session_internal_server_error(s);
1894 return;
1895 }
1896
1897 if (ngx_decode_base64(&s->login, &arg[0]) != NGX_OK) {
1898 ngx_log_error(NGX_LOG_INFO, c->log, 0,
1899 "client sent invalid base64 encoding "
1900 "in AUTH LOGIN command");
1901 rc = NGX_MAIL_PARSE_INVALID_COMMAND;
1902 break;
1903 }
1904
1905 ngx_log_debug1(NGX_LOG_DEBUG_MAIL, c->log, 0,
1906 "smtp auth login username: \"%V\"", &s->login);
1907
1908 size = sizeof(smtp_password) - 1;
1909 text = smtp_password;
1910
1911 break;
1912
1913 case ngx_smtp_auth_login_password:
1914 arg = s->args.elts;
1915
1916 #if (NGX_DEBUG_MAIL_PASSWD)
1917 ngx_log_debug1(NGX_LOG_DEBUG_MAIL, c->log, 0,
1918 "smtp auth login password: \"%V\"", &arg[0]);
1919 #endif
1920
1921 s->passwd.data = ngx_palloc(c->pool,
1922 ngx_base64_decoded_length(arg[0].len));
1923 if (s->passwd.data == NULL){
1924 ngx_mail_session_internal_server_error(s);
1925 return;
1926 }
1927
1928 if (ngx_decode_base64(&s->passwd, &arg[0]) != NGX_OK) {
1929 ngx_log_error(NGX_LOG_INFO, c->log, 0,
1930 "client sent invalid base64 encoding "
1931 "in AUTH LOGIN command");
1932 rc = NGX_MAIL_PARSE_INVALID_COMMAND;
1933 break;
1934 }
1935
1936 #if (NGX_DEBUG_MAIL_PASSWD)
1937 ngx_log_debug1(NGX_LOG_DEBUG_MAIL, c->log, 0,
1938 "smtp auth login password: \"%V\"", &s->passwd);
1939 #endif
1940
1941 ngx_mail_do_auth(s);
1942 return;
1943
1944 case ngx_smtp_auth_plain:
1945 arg = s->args.elts;
1946
1947 rc = ngx_mail_decode_auth_plain(s, &arg[0]);
1948
1949 if (rc == NGX_OK) {
1950 ngx_mail_do_auth(s);
1951 return;
1952 }
1953
1954 if (rc == NGX_ERROR) {
1955 ngx_mail_session_internal_server_error(s);
1956 return;
1957 }
1958
1959 /* rc == NGX_MAIL_PARSE_INVALID_COMMAND */
1960
1961 break;
1962
1963 case ngx_smtp_auth_cram_md5:
1964 arg = s->args.elts;
1965
1966 ngx_log_debug1(NGX_LOG_DEBUG_MAIL, c->log, 0,
1967 "smtp auth cram-md5: \"%V\"", &arg[0]);
1968
1969 s->login.data = ngx_palloc(c->pool,
1970 ngx_base64_decoded_length(arg[0].len));
1971 if (s->login.data == NULL){
1972 ngx_mail_session_internal_server_error(s);
1973 return;
1974 }
1975
1976 if (ngx_decode_base64(&s->login, &arg[0]) != NGX_OK) {
1977 ngx_log_error(NGX_LOG_INFO, c->log, 0,
1978 "client sent invalid base64 encoding "
1979 "in AUTH CRAM-MD5 command");
1980 rc = NGX_MAIL_PARSE_INVALID_COMMAND;
1981 break;
1982 }
1983
1984 p = s->login.data;
1985 last = p + s->login.len;
1986
1987 while (p < last) {
1988 if (*p++ == ' ') {
1989 s->login.len = p - s->login.data - 1;
1990 s->passwd.len = last - p;
1991 s->passwd.data = p;
1992 break;
1993 }
1994 }
1995
1996 if (s->passwd.len != 32) {
1997 ngx_log_error(NGX_LOG_INFO, c->log, 0,
1998 "client sent invalid CRAM-MD5 hash "
1999 "in AUTH CRAM-MD5 command");
2000 rc = NGX_MAIL_PARSE_INVALID_COMMAND;
2001 break;
2002 }
2003
2004 ngx_log_debug2(NGX_LOG_DEBUG_MAIL, c->log, 0,
2005 "smtp auth cram-md5: \"%V\" \"%V\"",
2006 &s->login, &s->passwd);
2007
2008 s->auth_method = NGX_MAIL_AUTH_CRAM_MD5;
2009
2010 ngx_mail_do_auth(s);
2011 return;
2012 }
2013 }
2014
2015 if (rc == NGX_MAIL_PARSE_INVALID_COMMAND) {
2016 s->mail_state = ngx_smtp_start;
2017 s->state = 0;
2018 text = smtp_invalid_command;
2019 size = sizeof(smtp_invalid_command) - 1;
2020 }
2021
2022 s->args.nelts = 0;
2023 s->buffer->pos = s->buffer->start;
2024 s->buffer->last = s->buffer->start;
2025
2026 if (s->state) {
2027 s->arg_start = s->buffer->start;
2028 }
2029
2030 s->out.data = text;
2031 s->out.len = size;
2032
2033 ngx_mail_send(c->write);
2034 }
2035
2036
2037 static ngx_int_t
2038 ngx_mail_decode_auth_plain(ngx_mail_session_t *s, ngx_str_t *encoded)
2039 {
2040 u_char *p, *last;
2041 ngx_str_t plain;
2042
2043 #if (NGX_DEBUG_MAIL_PASSWD)
2044 ngx_log_debug1(NGX_LOG_DEBUG_MAIL, s->connection->log, 0,
2045 "mail auth plain: \"%V\"", encoded);
2046 #endif
2047
2048 plain.data = ngx_palloc(s->connection->pool,
2049 ngx_base64_decoded_length(encoded->len));
2050 if (plain.data == NULL){
2051 return NGX_ERROR;
2052 }
2053
2054 if (ngx_decode_base64(&plain, encoded) != NGX_OK) {
2055 ngx_log_error(NGX_LOG_INFO, s->connection->log, 0,
2056 "client sent invalid base64 encoding "
2057 "in AUTH PLAIN command");
2058 return NGX_MAIL_PARSE_INVALID_COMMAND;
2059 }
2060
2061 p = plain.data;
2062 last = p + plain.len;
2063
2064 while (p < last && *p++) { /* void */ }
2065
2066 if (p == last) {
2067 ngx_log_error(NGX_LOG_INFO, s->connection->log, 0,
2068 "client sent invalid login in AUTH PLAIN command");
2069 return NGX_MAIL_PARSE_INVALID_COMMAND;
2070 }
2071
2072 s->login.data = p;
2073
2074 while (p < last && *p) { p++; }
2075
2076 if (p == last) {
2077 ngx_log_error(NGX_LOG_INFO, s->connection->log, 0,
2078 "client sent invalid password in AUTH PLAIN command");
2079 return NGX_MAIL_PARSE_INVALID_COMMAND;
2080 }
2081
2082 s->login.len = p++ - s->login.data;
2083
2084 s->passwd.len = last - p;
2085 s->passwd.data = p;
2086
2087 #if (NGX_DEBUG_MAIL_PASSWD)
2088 ngx_log_debug2(NGX_LOG_DEBUG_MAIL, s->connection->log, 0,
2089 "mail auth plain: \"%V\" \"%V\"",
2090 &s->login, &s->passwd);
2091 #endif
2092
2093 return NGX_OK;
2094 }
2095
2096
2097 static void
2098 ngx_mail_do_auth(ngx_mail_session_t *s)
2099 { 606 {
2100 s->args.nelts = 0; 607 s->args.nelts = 0;
2101 s->buffer->pos = s->buffer->start; 608 s->buffer->pos = s->buffer->start;
2102 s->buffer->last = s->buffer->start; 609 s->buffer->last = s->buffer->start;
2103 s->state = 0; 610 s->state = 0;
2104 611
2105 if (s->connection->read->timer_set) { 612 if (c->read->timer_set) {
2106 ngx_del_timer(s->connection->read); 613 ngx_del_timer(c->read);
2107 } 614 }
2108 615
2109 s->login_attempt++; 616 s->login_attempt++;
2110 617
2111 ngx_mail_auth_http_init(s); 618 ngx_mail_auth_http_init(s);
2112 }
2113
2114
2115 ngx_int_t
2116 ngx_mail_read_command(ngx_mail_session_t *s)
2117 {
2118 ssize_t n;
2119 ngx_int_t rc;
2120 ngx_str_t l;
2121
2122 n = s->connection->recv(s->connection, s->buffer->last,
2123 s->buffer->end - s->buffer->last);
2124
2125 if (n == NGX_ERROR || n == 0) {
2126 ngx_mail_close_connection(s->connection);
2127 return NGX_ERROR;
2128 }
2129
2130 if (n > 0) {
2131 s->buffer->last += n;
2132 }
2133
2134 if (n == NGX_AGAIN) {
2135 if (ngx_handle_read_event(s->connection->read, 0) == NGX_ERROR) {
2136 ngx_mail_session_internal_server_error(s);
2137 return NGX_ERROR;
2138 }
2139
2140 return NGX_AGAIN;
2141 }
2142
2143 switch (s->protocol) {
2144 case NGX_MAIL_POP3_PROTOCOL:
2145 rc = ngx_pop3_parse_command(s);
2146 break;
2147
2148 case NGX_MAIL_IMAP_PROTOCOL:
2149 rc = ngx_imap_parse_command(s);
2150 break;
2151
2152 default: /* NGX_MAIL_SMTP_PROTOCOL */
2153 rc = ngx_smtp_parse_command(s);
2154 break;
2155 }
2156
2157 if (rc == NGX_AGAIN) {
2158
2159 if (s->buffer->last < s->buffer->end) {
2160 return rc;
2161 }
2162
2163 l.len = s->buffer->last - s->buffer->start;
2164 l.data = s->buffer->start;
2165
2166 ngx_log_error(NGX_LOG_INFO, s->connection->log, 0,
2167 "client sent too long command \"%V\"", &l);
2168
2169 s->quit = 1;
2170
2171 return NGX_MAIL_PARSE_INVALID_COMMAND;
2172 }
2173
2174 if (rc == NGX_IMAP_NEXT || rc == NGX_MAIL_PARSE_INVALID_COMMAND) {
2175 return rc;
2176 }
2177
2178 if (rc == NGX_ERROR) {
2179 ngx_mail_close_connection(s->connection);
2180 return NGX_ERROR;
2181 }
2182
2183 return NGX_OK;
2184 } 619 }
2185 620
2186 621
2187 void 622 void
2188 ngx_mail_session_internal_server_error(ngx_mail_session_t *s) 623 ngx_mail_session_internal_server_error(ngx_mail_session_t *s)
2189 { 624 {
2190 s->out = internal_server_errors[s->protocol]; 625 ngx_mail_core_srv_conf_t *cscf;
626
627 cscf = ngx_mail_get_module_srv_conf(s, ngx_mail_core_module);
628
629 s->out = cscf->protocol->internal_server_error;
2191 s->quit = 1; 630 s->quit = 1;
2192 631
2193 ngx_mail_send(s->connection->write); 632 ngx_mail_send(s->connection->write);
2194 } 633 }
2195 634
2211 } 650 }
2212 } 651 }
2213 652
2214 #endif 653 #endif
2215 654
655 #if (NGX_STAT_STUB)
656 ngx_atomic_fetch_add(ngx_stat_active, -1);
657 #endif
658
2216 c->destroyed = 1; 659 c->destroyed = 1;
2217 660
2218 pool = c->pool; 661 pool = c->pool;
2219 662
2220 ngx_close_connection(c); 663 ngx_close_connection(c);
2221 664
2222 ngx_destroy_pool(pool); 665 ngx_destroy_pool(pool);
2223 } 666 }
2224 667
2225 668
2226 static u_char * 669 u_char *
2227 ngx_mail_log_error(ngx_log_t *log, u_char *buf, size_t len) 670 ngx_mail_log_error(ngx_log_t *log, u_char *buf, size_t len)
2228 { 671 {
2229 u_char *p; 672 u_char *p;
2230 ngx_mail_session_t *s; 673 ngx_mail_session_t *s;
2231 ngx_mail_log_ctx_t *ctx; 674 ngx_mail_log_ctx_t *ctx;
2246 689
2247 if (s == NULL) { 690 if (s == NULL) {
2248 return p; 691 return p;
2249 } 692 }
2250 693
2251 p = ngx_snprintf(buf, len, ", server: %V", s->addr_text); 694 p = ngx_snprintf(buf, len, "%s, server: %V",
695 s->starttls ? " using starttls" : "",
696 s->addr_text);
2252 len -= p - buf; 697 len -= p - buf;
2253 buf = p; 698 buf = p;
2254 699
2255 if (s->login.len == 0) { 700 if (s->login.len == 0) {
2256 return p; 701 return p;