Mercurial > hg > nginx-quic
annotate src/mail/ngx_mail_auth_http_module.c @ 6682:db422604ceb0
Stream: allow using the session context inside handlers.
Previously, it was not possible to use the stream context
inside ngx_stream_init_connection() handlers. Now, limit_conn,
access handlers, as well as those added later, can create
their own contexts.
author | Dmitry Volyntsev <xeioex@nginx.com> |
---|---|
date | Tue, 06 Sep 2016 21:28:17 +0300 |
parents | 0a820872dd4c |
children | bcb107bb89cd |
rev | line source |
---|---|
521 | 1 |
2 /* | |
3 * Copyright (C) Igor Sysoev | |
4412 | 4 * Copyright (C) Nginx, Inc. |
521 | 5 */ |
6 | |
7 | |
8 #include <ngx_config.h> | |
9 #include <ngx_core.h> | |
10 #include <ngx_event.h> | |
11 #include <ngx_event_connect.h> | |
1136 | 12 #include <ngx_mail.h> |
521 | 13 |
14 | |
15 typedef struct { | |
3269
f0d596e84634
rename ngx_peer_addr_t to ngx_addr_t
Igor Sysoev <igor@sysoev.ru>
parents:
3267
diff
changeset
|
16 ngx_addr_t *peer; |
521 | 17 |
527 | 18 ngx_msec_t timeout; |
5989
ec01b1d1fff1
Mail: client SSL certificates support.
Maxim Dounin <mdounin@mdounin.ru>
parents:
5988
diff
changeset
|
19 ngx_flag_t pass_client_cert; |
521 | 20 |
527 | 21 ngx_str_t host_header; |
22 ngx_str_t uri; | |
573 | 23 ngx_str_t header; |
24 | |
25 ngx_array_t *headers; | |
1392 | 26 |
27 u_char *file; | |
28 ngx_uint_t line; | |
1136 | 29 } ngx_mail_auth_http_conf_t; |
521 | 30 |
31 | |
1136 | 32 typedef struct ngx_mail_auth_http_ctx_s ngx_mail_auth_http_ctx_t; |
527 | 33 |
1136 | 34 typedef void (*ngx_mail_auth_http_handler_pt)(ngx_mail_session_t *s, |
35 ngx_mail_auth_http_ctx_t *ctx); | |
527 | 36 |
1136 | 37 struct ngx_mail_auth_http_ctx_s { |
527 | 38 ngx_buf_t *request; |
39 ngx_buf_t *response; | |
40 ngx_peer_connection_t peer; | |
41 | |
1136 | 42 ngx_mail_auth_http_handler_pt handler; |
527 | 43 |
44 ngx_uint_t state; | |
45 | |
46 u_char *header_name_start; | |
47 u_char *header_name_end; | |
48 u_char *header_start; | |
49 u_char *header_end; | |
50 | |
51 ngx_str_t addr; | |
52 ngx_str_t port; | |
53 ngx_str_t err; | |
567 | 54 ngx_str_t errmsg; |
1136 | 55 ngx_str_t errcode; |
527 | 56 |
547 | 57 time_t sleep; |
527 | 58 |
547 | 59 ngx_pool_t *pool; |
527 | 60 }; |
521 | 61 |
62 | |
1136 | 63 static void ngx_mail_auth_http_write_handler(ngx_event_t *wev); |
64 static void ngx_mail_auth_http_read_handler(ngx_event_t *rev); | |
65 static void ngx_mail_auth_http_ignore_status_line(ngx_mail_session_t *s, | |
66 ngx_mail_auth_http_ctx_t *ctx); | |
67 static void ngx_mail_auth_http_process_headers(ngx_mail_session_t *s, | |
68 ngx_mail_auth_http_ctx_t *ctx); | |
69 static void ngx_mail_auth_sleep_handler(ngx_event_t *rev); | |
70 static ngx_int_t ngx_mail_auth_http_parse_header_line(ngx_mail_session_t *s, | |
71 ngx_mail_auth_http_ctx_t *ctx); | |
72 static void ngx_mail_auth_http_block_read(ngx_event_t *rev); | |
73 static void ngx_mail_auth_http_dummy_handler(ngx_event_t *ev); | |
74 static ngx_buf_t *ngx_mail_auth_http_create_request(ngx_mail_session_t *s, | |
75 ngx_pool_t *pool, ngx_mail_auth_http_conf_t *ahcf); | |
76 static ngx_int_t ngx_mail_auth_http_escape(ngx_pool_t *pool, ngx_str_t *text, | |
633 | 77 ngx_str_t *escaped); |
521 | 78 |
1136 | 79 static void *ngx_mail_auth_http_create_conf(ngx_conf_t *cf); |
80 static char *ngx_mail_auth_http_merge_conf(ngx_conf_t *cf, void *parent, | |
521 | 81 void *child); |
1136 | 82 static char *ngx_mail_auth_http(ngx_conf_t *cf, ngx_command_t *cmd, void *conf); |
83 static char *ngx_mail_auth_http_header(ngx_conf_t *cf, ngx_command_t *cmd, | |
573 | 84 void *conf); |
521 | 85 |
86 | |
1136 | 87 static ngx_command_t ngx_mail_auth_http_commands[] = { |
521 | 88 |
89 { ngx_string("auth_http"), | |
1136 | 90 NGX_MAIL_MAIN_CONF|NGX_MAIL_SRV_CONF|NGX_CONF_TAKE1, |
91 ngx_mail_auth_http, | |
92 NGX_MAIL_SRV_CONF_OFFSET, | |
521 | 93 0, |
94 NULL }, | |
95 | |
96 { ngx_string("auth_http_timeout"), | |
1136 | 97 NGX_MAIL_MAIN_CONF|NGX_MAIL_SRV_CONF|NGX_CONF_TAKE1, |
521 | 98 ngx_conf_set_msec_slot, |
1136 | 99 NGX_MAIL_SRV_CONF_OFFSET, |
100 offsetof(ngx_mail_auth_http_conf_t, timeout), | |
521 | 101 NULL }, |
102 | |
573 | 103 { ngx_string("auth_http_header"), |
1136 | 104 NGX_MAIL_MAIN_CONF|NGX_MAIL_SRV_CONF|NGX_CONF_TAKE2, |
105 ngx_mail_auth_http_header, | |
106 NGX_MAIL_SRV_CONF_OFFSET, | |
573 | 107 0, |
108 NULL }, | |
109 | |
5989
ec01b1d1fff1
Mail: client SSL certificates support.
Maxim Dounin <mdounin@mdounin.ru>
parents:
5988
diff
changeset
|
110 { ngx_string("auth_http_pass_client_cert"), |
ec01b1d1fff1
Mail: client SSL certificates support.
Maxim Dounin <mdounin@mdounin.ru>
parents:
5988
diff
changeset
|
111 NGX_MAIL_MAIN_CONF|NGX_MAIL_SRV_CONF|NGX_CONF_FLAG, |
ec01b1d1fff1
Mail: client SSL certificates support.
Maxim Dounin <mdounin@mdounin.ru>
parents:
5988
diff
changeset
|
112 ngx_conf_set_flag_slot, |
ec01b1d1fff1
Mail: client SSL certificates support.
Maxim Dounin <mdounin@mdounin.ru>
parents:
5988
diff
changeset
|
113 NGX_MAIL_SRV_CONF_OFFSET, |
ec01b1d1fff1
Mail: client SSL certificates support.
Maxim Dounin <mdounin@mdounin.ru>
parents:
5988
diff
changeset
|
114 offsetof(ngx_mail_auth_http_conf_t, pass_client_cert), |
ec01b1d1fff1
Mail: client SSL certificates support.
Maxim Dounin <mdounin@mdounin.ru>
parents:
5988
diff
changeset
|
115 NULL }, |
ec01b1d1fff1
Mail: client SSL certificates support.
Maxim Dounin <mdounin@mdounin.ru>
parents:
5988
diff
changeset
|
116 |
521 | 117 ngx_null_command |
118 }; | |
119 | |
120 | |
1136 | 121 static ngx_mail_module_t ngx_mail_auth_http_module_ctx = { |
1487
f69493e8faab
ngx_mail_pop3_module, ngx_mail_imap_module, and ngx_mail_smtp_module
Igor Sysoev <igor@sysoev.ru>
parents:
1478
diff
changeset
|
122 NULL, /* protocol */ |
f69493e8faab
ngx_mail_pop3_module, ngx_mail_imap_module, and ngx_mail_smtp_module
Igor Sysoev <igor@sysoev.ru>
parents:
1478
diff
changeset
|
123 |
521 | 124 NULL, /* create main configuration */ |
125 NULL, /* init main configuration */ | |
126 | |
1136 | 127 ngx_mail_auth_http_create_conf, /* create server configuration */ |
128 ngx_mail_auth_http_merge_conf /* merge server configuration */ | |
521 | 129 }; |
130 | |
131 | |
1136 | 132 ngx_module_t ngx_mail_auth_http_module = { |
521 | 133 NGX_MODULE_V1, |
1136 | 134 &ngx_mail_auth_http_module_ctx, /* module context */ |
135 ngx_mail_auth_http_commands, /* module directives */ | |
136 NGX_MAIL_MODULE, /* module type */ | |
541 | 137 NULL, /* init master */ |
521 | 138 NULL, /* init module */ |
541 | 139 NULL, /* init process */ |
140 NULL, /* init thread */ | |
141 NULL, /* exit thread */ | |
142 NULL, /* exit process */ | |
143 NULL, /* exit master */ | |
144 NGX_MODULE_V1_PADDING | |
521 | 145 }; |
146 | |
147 | |
1136 | 148 static ngx_str_t ngx_mail_auth_http_method[] = { |
149 ngx_string("plain"), | |
809 | 150 ngx_string("plain"), |
2748
2477b28eaccb
fix Auth-Method, the bug has been introduced in r2496
Igor Sysoev <igor@sysoev.ru>
parents:
2388
diff
changeset
|
151 ngx_string("plain"), |
809 | 152 ngx_string("apop"), |
2309 | 153 ngx_string("cram-md5"), |
154 ngx_string("none") | |
800 | 155 }; |
521 | 156 |
1136 | 157 static ngx_str_t ngx_mail_smtp_errcode = ngx_string("535 5.7.0"); |
521 | 158 |
1477 | 159 |
521 | 160 void |
1136 | 161 ngx_mail_auth_http_init(ngx_mail_session_t *s) |
521 | 162 { |
163 ngx_int_t rc; | |
547 | 164 ngx_pool_t *pool; |
1136 | 165 ngx_mail_auth_http_ctx_t *ctx; |
166 ngx_mail_auth_http_conf_t *ahcf; | |
521 | 167 |
541 | 168 s->connection->log->action = "in http auth state"; |
169 | |
547 | 170 pool = ngx_create_pool(2048, s->connection->log); |
171 if (pool == NULL) { | |
1136 | 172 ngx_mail_session_internal_server_error(s); |
521 | 173 return; |
174 } | |
175 | |
1136 | 176 ctx = ngx_pcalloc(pool, sizeof(ngx_mail_auth_http_ctx_t)); |
547 | 177 if (ctx == NULL) { |
178 ngx_destroy_pool(pool); | |
1136 | 179 ngx_mail_session_internal_server_error(s); |
547 | 180 return; |
181 } | |
182 | |
183 ctx->pool = pool; | |
184 | |
1136 | 185 ahcf = ngx_mail_get_module_srv_conf(s, ngx_mail_auth_http_module); |
521 | 186 |
1136 | 187 ctx->request = ngx_mail_auth_http_create_request(s, pool, ahcf); |
521 | 188 if (ctx->request == NULL) { |
547 | 189 ngx_destroy_pool(ctx->pool); |
1136 | 190 ngx_mail_session_internal_server_error(s); |
521 | 191 return; |
192 } | |
193 | |
1136 | 194 ngx_mail_set_ctx(s, ctx, ngx_mail_auth_http_module); |
521 | 195 |
884 | 196 ctx->peer.sockaddr = ahcf->peer->sockaddr; |
197 ctx->peer.socklen = ahcf->peer->socklen; | |
198 ctx->peer.name = &ahcf->peer->name; | |
199 ctx->peer.get = ngx_event_get_peer; | |
521 | 200 ctx->peer.log = s->connection->log; |
201 ctx->peer.log_error = NGX_ERROR_ERR; | |
202 | |
203 rc = ngx_event_connect_peer(&ctx->peer); | |
204 | |
543 | 205 if (rc == NGX_ERROR || rc == NGX_BUSY || rc == NGX_DECLINED) { |
862
6044cea025fa
fix segfault when connect() failed
Igor Sysoev <igor@sysoev.ru>
parents:
856
diff
changeset
|
206 if (ctx->peer.connection) { |
6044cea025fa
fix segfault when connect() failed
Igor Sysoev <igor@sysoev.ru>
parents:
856
diff
changeset
|
207 ngx_close_connection(ctx->peer.connection); |
6044cea025fa
fix segfault when connect() failed
Igor Sysoev <igor@sysoev.ru>
parents:
856
diff
changeset
|
208 } |
6044cea025fa
fix segfault when connect() failed
Igor Sysoev <igor@sysoev.ru>
parents:
856
diff
changeset
|
209 |
547 | 210 ngx_destroy_pool(ctx->pool); |
1136 | 211 ngx_mail_session_internal_server_error(s); |
521 | 212 return; |
213 } | |
214 | |
215 ctx->peer.connection->data = s; | |
216 ctx->peer.connection->pool = s->connection->pool; | |
217 | |
1136 | 218 s->connection->read->handler = ngx_mail_auth_http_block_read; |
219 ctx->peer.connection->read->handler = ngx_mail_auth_http_read_handler; | |
220 ctx->peer.connection->write->handler = ngx_mail_auth_http_write_handler; | |
521 | 221 |
1136 | 222 ctx->handler = ngx_mail_auth_http_ignore_status_line; |
527 | 223 |
541 | 224 ngx_add_timer(ctx->peer.connection->read, ahcf->timeout); |
225 ngx_add_timer(ctx->peer.connection->write, ahcf->timeout); | |
226 | |
521 | 227 if (rc == NGX_OK) { |
1136 | 228 ngx_mail_auth_http_write_handler(ctx->peer.connection->write); |
521 | 229 return; |
230 } | |
231 } | |
232 | |
233 | |
234 static void | |
1136 | 235 ngx_mail_auth_http_write_handler(ngx_event_t *wev) |
521 | 236 { |
237 ssize_t n, size; | |
238 ngx_connection_t *c; | |
1136 | 239 ngx_mail_session_t *s; |
240 ngx_mail_auth_http_ctx_t *ctx; | |
241 ngx_mail_auth_http_conf_t *ahcf; | |
521 | 242 |
243 c = wev->data; | |
244 s = c->data; | |
245 | |
1136 | 246 ctx = ngx_mail_get_module_ctx(s, ngx_mail_auth_http_module); |
521 | 247 |
1136 | 248 ngx_log_debug0(NGX_LOG_DEBUG_MAIL, wev->log, 0, |
249 "mail auth http write handler"); | |
521 | 250 |
577 | 251 if (wev->timedout) { |
521 | 252 ngx_log_error(NGX_LOG_ERR, wev->log, NGX_ETIMEDOUT, |
884 | 253 "auth http server %V timed out", ctx->peer.name); |
1478 | 254 ngx_close_connection(c); |
547 | 255 ngx_destroy_pool(ctx->pool); |
1136 | 256 ngx_mail_session_internal_server_error(s); |
521 | 257 return; |
258 } | |
259 | |
260 size = ctx->request->last - ctx->request->pos; | |
261 | |
262 n = ngx_send(c, ctx->request->pos, size); | |
263 | |
264 if (n == NGX_ERROR) { | |
1478 | 265 ngx_close_connection(c); |
547 | 266 ngx_destroy_pool(ctx->pool); |
1136 | 267 ngx_mail_session_internal_server_error(s); |
521 | 268 return; |
269 } | |
270 | |
271 if (n > 0) { | |
272 ctx->request->pos += n; | |
273 | |
274 if (n == size) { | |
1136 | 275 wev->handler = ngx_mail_auth_http_dummy_handler; |
521 | 276 |
277 if (wev->timer_set) { | |
278 ngx_del_timer(wev); | |
279 } | |
280 | |
2388
722b5aff05ae
use "!= NGX_OK" instead of "== NGX_ERROR"
Igor Sysoev <igor@sysoev.ru>
parents:
2310
diff
changeset
|
281 if (ngx_handle_write_event(wev, 0) != NGX_OK) { |
1478 | 282 ngx_close_connection(c); |
799
9737d6fb1ac6
disable write level event while waiting auth server response
Igor Sysoev <igor@sysoev.ru>
parents:
633
diff
changeset
|
283 ngx_destroy_pool(ctx->pool); |
1136 | 284 ngx_mail_session_internal_server_error(s); |
799
9737d6fb1ac6
disable write level event while waiting auth server response
Igor Sysoev <igor@sysoev.ru>
parents:
633
diff
changeset
|
285 } |
9737d6fb1ac6
disable write level event while waiting auth server response
Igor Sysoev <igor@sysoev.ru>
parents:
633
diff
changeset
|
286 |
521 | 287 return; |
288 } | |
289 } | |
290 | |
291 if (!wev->timer_set) { | |
1136 | 292 ahcf = ngx_mail_get_module_srv_conf(s, ngx_mail_auth_http_module); |
521 | 293 ngx_add_timer(wev, ahcf->timeout); |
294 } | |
295 } | |
296 | |
297 | |
298 static void | |
1136 | 299 ngx_mail_auth_http_read_handler(ngx_event_t *rev) |
521 | 300 { |
525 | 301 ssize_t n, size; |
521 | 302 ngx_connection_t *c; |
1136 | 303 ngx_mail_session_t *s; |
304 ngx_mail_auth_http_ctx_t *ctx; | |
521 | 305 |
306 c = rev->data; | |
307 s = c->data; | |
308 | |
1136 | 309 ngx_log_debug0(NGX_LOG_DEBUG_MAIL, rev->log, 0, |
310 "mail auth http read handler"); | |
521 | 311 |
1136 | 312 ctx = ngx_mail_get_module_ctx(s, ngx_mail_auth_http_module); |
525 | 313 |
577 | 314 if (rev->timedout) { |
525 | 315 ngx_log_error(NGX_LOG_ERR, rev->log, NGX_ETIMEDOUT, |
884 | 316 "auth http server %V timed out", ctx->peer.name); |
1478 | 317 ngx_close_connection(c); |
547 | 318 ngx_destroy_pool(ctx->pool); |
1136 | 319 ngx_mail_session_internal_server_error(s); |
525 | 320 return; |
321 } | |
322 | |
323 if (ctx->response == NULL) { | |
547 | 324 ctx->response = ngx_create_temp_buf(ctx->pool, 1024); |
525 | 325 if (ctx->response == NULL) { |
1478 | 326 ngx_close_connection(c); |
547 | 327 ngx_destroy_pool(ctx->pool); |
1136 | 328 ngx_mail_session_internal_server_error(s); |
525 | 329 return; |
330 } | |
331 } | |
332 | |
527 | 333 size = ctx->response->end - ctx->response->last; |
525 | 334 |
335 n = ngx_recv(c, ctx->response->pos, size); | |
336 | |
527 | 337 if (n > 0) { |
338 ctx->response->last += n; | |
339 | |
340 ctx->handler(s, ctx); | |
341 return; | |
342 } | |
343 | |
344 if (n == NGX_AGAIN) { | |
525 | 345 return; |
346 } | |
347 | |
1478 | 348 ngx_close_connection(c); |
547 | 349 ngx_destroy_pool(ctx->pool); |
1136 | 350 ngx_mail_session_internal_server_error(s); |
527 | 351 } |
525 | 352 |
353 | |
527 | 354 static void |
1136 | 355 ngx_mail_auth_http_ignore_status_line(ngx_mail_session_t *s, |
356 ngx_mail_auth_http_ctx_t *ctx) | |
527 | 357 { |
358 u_char *p, ch; | |
359 enum { | |
360 sw_start = 0, | |
361 sw_H, | |
362 sw_HT, | |
363 sw_HTT, | |
364 sw_HTTP, | |
365 sw_skip, | |
366 sw_almost_done | |
367 } state; | |
368 | |
1136 | 369 ngx_log_debug0(NGX_LOG_DEBUG_MAIL, s->connection->log, 0, |
370 "mail auth http process status line"); | |
527 | 371 |
372 state = ctx->state; | |
373 | |
374 for (p = ctx->response->pos; p < ctx->response->last; p++) { | |
375 ch = *p; | |
376 | |
377 switch (state) { | |
378 | |
379 /* "HTTP/" */ | |
380 case sw_start: | |
381 if (ch == 'H') { | |
382 state = sw_H; | |
383 break; | |
384 } | |
385 goto next; | |
386 | |
387 case sw_H: | |
388 if (ch == 'T') { | |
389 state = sw_HT; | |
390 break; | |
391 } | |
392 goto next; | |
393 | |
394 case sw_HT: | |
395 if (ch == 'T') { | |
396 state = sw_HTT; | |
397 break; | |
398 } | |
399 goto next; | |
400 | |
401 case sw_HTT: | |
402 if (ch == 'P') { | |
403 state = sw_HTTP; | |
404 break; | |
405 } | |
406 goto next; | |
407 | |
408 case sw_HTTP: | |
409 if (ch == '/') { | |
410 state = sw_skip; | |
411 break; | |
412 } | |
413 goto next; | |
414 | |
415 /* any text until end of line */ | |
416 case sw_skip: | |
417 switch (ch) { | |
418 case CR: | |
419 state = sw_almost_done; | |
420 | |
421 break; | |
577 | 422 case LF: |
527 | 423 goto done; |
424 } | |
425 break; | |
426 | |
427 /* end of status line */ | |
428 case sw_almost_done: | |
429 if (ch == LF) { | |
430 goto done; | |
431 } | |
432 | |
433 ngx_log_error(NGX_LOG_ERR, s->connection->log, 0, | |
6480 | 434 "auth http server %V sent invalid response", |
884 | 435 ctx->peer.name); |
527 | 436 ngx_close_connection(ctx->peer.connection); |
547 | 437 ngx_destroy_pool(ctx->pool); |
1136 | 438 ngx_mail_session_internal_server_error(s); |
527 | 439 return; |
440 } | |
441 } | |
442 | |
443 ctx->response->pos = p; | |
444 ctx->state = state; | |
445 | |
446 return; | |
447 | |
448 next: | |
449 | |
450 p = ctx->response->start - 1; | |
451 | |
452 done: | |
453 | |
454 ctx->response->pos = p + 1; | |
455 ctx->state = 0; | |
1136 | 456 ctx->handler = ngx_mail_auth_http_process_headers; |
527 | 457 ctx->handler(s, ctx); |
458 } | |
525 | 459 |
460 | |
527 | 461 static void |
1136 | 462 ngx_mail_auth_http_process_headers(ngx_mail_session_t *s, |
463 ngx_mail_auth_http_ctx_t *ctx) | |
527 | 464 { |
6593
b3b7e33083ac
Introduced ngx_inet_get_port() and ngx_inet_set_port() functions.
Roman Arutyunyan <arut@nginx.com>
parents:
6480
diff
changeset
|
465 u_char *p; |
b3b7e33083ac
Introduced ngx_inet_get_port() and ngx_inet_set_port() functions.
Roman Arutyunyan <arut@nginx.com>
parents:
6480
diff
changeset
|
466 time_t timer; |
b3b7e33083ac
Introduced ngx_inet_get_port() and ngx_inet_set_port() functions.
Roman Arutyunyan <arut@nginx.com>
parents:
6480
diff
changeset
|
467 size_t len, size; |
b3b7e33083ac
Introduced ngx_inet_get_port() and ngx_inet_set_port() functions.
Roman Arutyunyan <arut@nginx.com>
parents:
6480
diff
changeset
|
468 ngx_int_t rc, port, n; |
b3b7e33083ac
Introduced ngx_inet_get_port() and ngx_inet_set_port() functions.
Roman Arutyunyan <arut@nginx.com>
parents:
6480
diff
changeset
|
469 ngx_addr_t *peer; |
525 | 470 |
1136 | 471 ngx_log_debug0(NGX_LOG_DEBUG_MAIL, s->connection->log, 0, |
472 "mail auth http process headers"); | |
527 | 473 |
474 for ( ;; ) { | |
1136 | 475 rc = ngx_mail_auth_http_parse_header_line(s, ctx); |
527 | 476 |
477 if (rc == NGX_OK) { | |
478 | |
479 #if (NGX_DEBUG) | |
480 { | |
481 ngx_str_t key, value; | |
482 | |
483 key.len = ctx->header_name_end - ctx->header_name_start; | |
484 key.data = ctx->header_name_start; | |
485 value.len = ctx->header_end - ctx->header_start; | |
486 value.data = ctx->header_start; | |
487 | |
1136 | 488 ngx_log_debug2(NGX_LOG_DEBUG_MAIL, s->connection->log, 0, |
489 "mail auth http header: \"%V: %V\"", | |
527 | 490 &key, &value); |
491 } | |
492 #endif | |
493 | |
494 len = ctx->header_name_end - ctx->header_name_start; | |
495 | |
496 if (len == sizeof("Auth-Status") - 1 | |
1107
db7c468c447d
ngx_strcasecmp()/ngx_strncasecmp()
Igor Sysoev <igor@sysoev.ru>
parents:
906
diff
changeset
|
497 && ngx_strncasecmp(ctx->header_name_start, |
db7c468c447d
ngx_strcasecmp()/ngx_strncasecmp()
Igor Sysoev <igor@sysoev.ru>
parents:
906
diff
changeset
|
498 (u_char *) "Auth-Status", |
db7c468c447d
ngx_strcasecmp()/ngx_strncasecmp()
Igor Sysoev <igor@sysoev.ru>
parents:
906
diff
changeset
|
499 sizeof("Auth-Status") - 1) |
db7c468c447d
ngx_strcasecmp()/ngx_strncasecmp()
Igor Sysoev <igor@sysoev.ru>
parents:
906
diff
changeset
|
500 == 0) |
527 | 501 { |
502 len = ctx->header_end - ctx->header_start; | |
503 | |
504 if (len == 2 | |
505 && ctx->header_start[0] == 'O' | |
506 && ctx->header_start[1] == 'K') | |
507 { | |
508 continue; | |
509 } | |
510 | |
883 | 511 if (len == 4 |
512 && ctx->header_start[0] == 'W' | |
513 && ctx->header_start[1] == 'A' | |
514 && ctx->header_start[2] == 'I' | |
515 && ctx->header_start[3] == 'T') | |
516 { | |
517 s->auth_wait = 1; | |
518 continue; | |
519 } | |
520 | |
567 | 521 ctx->errmsg.len = len; |
522 ctx->errmsg.data = ctx->header_start; | |
523 | |
1136 | 524 switch (s->protocol) { |
525 | |
526 case NGX_MAIL_POP3_PROTOCOL: | |
854
1673f197bc62
fix segfault when many auth failures occurred
Igor Sysoev <igor@sysoev.ru>
parents:
809
diff
changeset
|
527 size = sizeof("-ERR ") - 1 + len + sizeof(CRLF) - 1; |
1136 | 528 break; |
527 | 529 |
1136 | 530 case NGX_MAIL_IMAP_PROTOCOL: |
854
1673f197bc62
fix segfault when many auth failures occurred
Igor Sysoev <igor@sysoev.ru>
parents:
809
diff
changeset
|
531 size = s->tag.len + sizeof("NO ") - 1 + len |
527 | 532 + sizeof(CRLF) - 1; |
1136 | 533 break; |
534 | |
535 default: /* NGX_MAIL_SMTP_PROTOCOL */ | |
536 ctx->err = ctx->errmsg; | |
537 continue; | |
527 | 538 } |
539 | |
2061
b0a1c84725cf
change useless ngx_pcalloc() to ngx_pnalloc()
Igor Sysoev <igor@sysoev.ru>
parents:
2049
diff
changeset
|
540 p = ngx_pnalloc(s->connection->pool, size); |
527 | 541 if (p == NULL) { |
543 | 542 ngx_close_connection(ctx->peer.connection); |
547 | 543 ngx_destroy_pool(ctx->pool); |
1136 | 544 ngx_mail_session_internal_server_error(s); |
527 | 545 return; |
546 } | |
547 | |
548 ctx->err.data = p; | |
549 | |
1136 | 550 switch (s->protocol) { |
527 | 551 |
1136 | 552 case NGX_MAIL_POP3_PROTOCOL: |
553 *p++ = '-'; *p++ = 'E'; *p++ = 'R'; *p++ = 'R'; *p++ = ' '; | |
554 break; | |
555 | |
556 case NGX_MAIL_IMAP_PROTOCOL: | |
527 | 557 p = ngx_cpymem(p, s->tag.data, s->tag.len); |
1136 | 558 *p++ = 'N'; *p++ = 'O'; *p++ = ' '; |
559 break; | |
560 | |
561 default: /* NGX_MAIL_SMTP_PROTOCOL */ | |
562 break; | |
527 | 563 } |
564 | |
565 p = ngx_cpymem(p, ctx->header_start, len); | |
566 *p++ = CR; *p++ = LF; | |
567 | |
568 ctx->err.len = p - ctx->err.data; | |
569 | |
570 continue; | |
571 } | |
572 | |
573 if (len == sizeof("Auth-Server") - 1 | |
1107
db7c468c447d
ngx_strcasecmp()/ngx_strncasecmp()
Igor Sysoev <igor@sysoev.ru>
parents:
906
diff
changeset
|
574 && ngx_strncasecmp(ctx->header_name_start, |
db7c468c447d
ngx_strcasecmp()/ngx_strncasecmp()
Igor Sysoev <igor@sysoev.ru>
parents:
906
diff
changeset
|
575 (u_char *) "Auth-Server", |
db7c468c447d
ngx_strcasecmp()/ngx_strncasecmp()
Igor Sysoev <igor@sysoev.ru>
parents:
906
diff
changeset
|
576 sizeof("Auth-Server") - 1) |
db7c468c447d
ngx_strcasecmp()/ngx_strncasecmp()
Igor Sysoev <igor@sysoev.ru>
parents:
906
diff
changeset
|
577 == 0) |
527 | 578 { |
579 ctx->addr.len = ctx->header_end - ctx->header_start; | |
580 ctx->addr.data = ctx->header_start; | |
581 | |
582 continue; | |
583 } | |
584 | |
585 if (len == sizeof("Auth-Port") - 1 | |
1107
db7c468c447d
ngx_strcasecmp()/ngx_strncasecmp()
Igor Sysoev <igor@sysoev.ru>
parents:
906
diff
changeset
|
586 && ngx_strncasecmp(ctx->header_name_start, |
db7c468c447d
ngx_strcasecmp()/ngx_strncasecmp()
Igor Sysoev <igor@sysoev.ru>
parents:
906
diff
changeset
|
587 (u_char *) "Auth-Port", |
db7c468c447d
ngx_strcasecmp()/ngx_strncasecmp()
Igor Sysoev <igor@sysoev.ru>
parents:
906
diff
changeset
|
588 sizeof("Auth-Port") - 1) |
db7c468c447d
ngx_strcasecmp()/ngx_strncasecmp()
Igor Sysoev <igor@sysoev.ru>
parents:
906
diff
changeset
|
589 == 0) |
527 | 590 { |
591 ctx->port.len = ctx->header_end - ctx->header_start; | |
592 ctx->port.data = ctx->header_start; | |
593 | |
594 continue; | |
595 } | |
596 | |
597 if (len == sizeof("Auth-User") - 1 | |
1107
db7c468c447d
ngx_strcasecmp()/ngx_strncasecmp()
Igor Sysoev <igor@sysoev.ru>
parents:
906
diff
changeset
|
598 && ngx_strncasecmp(ctx->header_name_start, |
db7c468c447d
ngx_strcasecmp()/ngx_strncasecmp()
Igor Sysoev <igor@sysoev.ru>
parents:
906
diff
changeset
|
599 (u_char *) "Auth-User", |
db7c468c447d
ngx_strcasecmp()/ngx_strncasecmp()
Igor Sysoev <igor@sysoev.ru>
parents:
906
diff
changeset
|
600 sizeof("Auth-User") - 1) |
db7c468c447d
ngx_strcasecmp()/ngx_strncasecmp()
Igor Sysoev <igor@sysoev.ru>
parents:
906
diff
changeset
|
601 == 0) |
527 | 602 { |
603 s->login.len = ctx->header_end - ctx->header_start; | |
567 | 604 |
2049 | 605 s->login.data = ngx_pnalloc(s->connection->pool, s->login.len); |
567 | 606 if (s->login.data == NULL) { |
607 ngx_close_connection(ctx->peer.connection); | |
608 ngx_destroy_pool(ctx->pool); | |
1136 | 609 ngx_mail_session_internal_server_error(s); |
567 | 610 return; |
611 } | |
612 | |
613 ngx_memcpy(s->login.data, ctx->header_start, s->login.len); | |
527 | 614 |
615 continue; | |
616 } | |
617 | |
800 | 618 if (len == sizeof("Auth-Pass") - 1 |
1107
db7c468c447d
ngx_strcasecmp()/ngx_strncasecmp()
Igor Sysoev <igor@sysoev.ru>
parents:
906
diff
changeset
|
619 && ngx_strncasecmp(ctx->header_name_start, |
db7c468c447d
ngx_strcasecmp()/ngx_strncasecmp()
Igor Sysoev <igor@sysoev.ru>
parents:
906
diff
changeset
|
620 (u_char *) "Auth-Pass", |
db7c468c447d
ngx_strcasecmp()/ngx_strncasecmp()
Igor Sysoev <igor@sysoev.ru>
parents:
906
diff
changeset
|
621 sizeof("Auth-Pass") - 1) |
db7c468c447d
ngx_strcasecmp()/ngx_strncasecmp()
Igor Sysoev <igor@sysoev.ru>
parents:
906
diff
changeset
|
622 == 0) |
800 | 623 { |
624 s->passwd.len = ctx->header_end - ctx->header_start; | |
625 | |
2049 | 626 s->passwd.data = ngx_pnalloc(s->connection->pool, |
627 s->passwd.len); | |
800 | 628 if (s->passwd.data == NULL) { |
629 ngx_close_connection(ctx->peer.connection); | |
630 ngx_destroy_pool(ctx->pool); | |
1136 | 631 ngx_mail_session_internal_server_error(s); |
800 | 632 return; |
633 } | |
634 | |
635 ngx_memcpy(s->passwd.data, ctx->header_start, s->passwd.len); | |
636 | |
637 continue; | |
638 } | |
639 | |
527 | 640 if (len == sizeof("Auth-Wait") - 1 |
1107
db7c468c447d
ngx_strcasecmp()/ngx_strncasecmp()
Igor Sysoev <igor@sysoev.ru>
parents:
906
diff
changeset
|
641 && ngx_strncasecmp(ctx->header_name_start, |
db7c468c447d
ngx_strcasecmp()/ngx_strncasecmp()
Igor Sysoev <igor@sysoev.ru>
parents:
906
diff
changeset
|
642 (u_char *) "Auth-Wait", |
db7c468c447d
ngx_strcasecmp()/ngx_strncasecmp()
Igor Sysoev <igor@sysoev.ru>
parents:
906
diff
changeset
|
643 sizeof("Auth-Wait") - 1) |
db7c468c447d
ngx_strcasecmp()/ngx_strncasecmp()
Igor Sysoev <igor@sysoev.ru>
parents:
906
diff
changeset
|
644 == 0) |
527 | 645 { |
646 n = ngx_atoi(ctx->header_start, | |
647 ctx->header_end - ctx->header_start); | |
648 | |
649 if (n != NGX_ERROR) { | |
650 ctx->sleep = n; | |
651 } | |
652 | |
653 continue; | |
654 } | |
655 | |
1136 | 656 if (len == sizeof("Auth-Error-Code") - 1 |
657 && ngx_strncasecmp(ctx->header_name_start, | |
658 (u_char *) "Auth-Error-Code", | |
659 sizeof("Auth-Error-Code") - 1) | |
660 == 0) | |
661 { | |
662 ctx->errcode.len = ctx->header_end - ctx->header_start; | |
663 | |
2049 | 664 ctx->errcode.data = ngx_pnalloc(s->connection->pool, |
665 ctx->errcode.len); | |
1136 | 666 if (ctx->errcode.data == NULL) { |
667 ngx_close_connection(ctx->peer.connection); | |
668 ngx_destroy_pool(ctx->pool); | |
669 ngx_mail_session_internal_server_error(s); | |
670 return; | |
671 } | |
672 | |
673 ngx_memcpy(ctx->errcode.data, ctx->header_start, | |
674 ctx->errcode.len); | |
675 | |
676 continue; | |
677 } | |
678 | |
527 | 679 /* ignore other headers */ |
680 | |
681 continue; | |
682 } | |
683 | |
684 if (rc == NGX_DONE) { | |
1136 | 685 ngx_log_debug0(NGX_LOG_DEBUG_MAIL, s->connection->log, 0, |
686 "mail auth http header done"); | |
527 | 687 |
688 ngx_close_connection(ctx->peer.connection); | |
689 | |
690 if (ctx->err.len) { | |
1136 | 691 |
567 | 692 ngx_log_error(NGX_LOG_INFO, s->connection->log, 0, |
693 "client login failed: \"%V\"", &ctx->errmsg); | |
694 | |
1136 | 695 if (s->protocol == NGX_MAIL_SMTP_PROTOCOL) { |
696 | |
697 if (ctx->errcode.len == 0) { | |
698 ctx->errcode = ngx_mail_smtp_errcode; | |
699 } | |
700 | |
701 ctx->err.len = ctx->errcode.len + ctx->errmsg.len | |
702 + sizeof(" " CRLF) - 1; | |
703 | |
2049 | 704 p = ngx_pnalloc(s->connection->pool, ctx->err.len); |
1166 | 705 if (p == NULL) { |
706 ngx_destroy_pool(ctx->pool); | |
707 ngx_mail_session_internal_server_error(s); | |
708 return; | |
709 } | |
1136 | 710 |
1166 | 711 ctx->err.data = p; |
1136 | 712 |
1166 | 713 p = ngx_cpymem(p, ctx->errcode.data, ctx->errcode.len); |
1136 | 714 *p++ = ' '; |
1166 | 715 p = ngx_cpymem(p, ctx->errmsg.data, ctx->errmsg.len); |
1136 | 716 *p++ = CR; *p = LF; |
717 } | |
718 | |
539 | 719 s->out = ctx->err; |
547 | 720 timer = ctx->sleep; |
527 | 721 |
547 | 722 ngx_destroy_pool(ctx->pool); |
723 | |
724 if (timer == 0) { | |
539 | 725 s->quit = 1; |
1136 | 726 ngx_mail_send(s->connection->write); |
541 | 727 return; |
728 } | |
539 | 729 |
1640 | 730 ngx_add_timer(s->connection->read, (ngx_msec_t) (timer * 1000)); |
527 | 731 |
1136 | 732 s->connection->read->handler = ngx_mail_auth_sleep_handler; |
527 | 733 |
734 return; | |
735 } | |
736 | |
883 | 737 if (s->auth_wait) { |
738 timer = ctx->sleep; | |
739 | |
740 ngx_destroy_pool(ctx->pool); | |
741 | |
742 if (timer == 0) { | |
1136 | 743 ngx_mail_auth_http_init(s); |
883 | 744 return; |
745 } | |
746 | |
1640 | 747 ngx_add_timer(s->connection->read, (ngx_msec_t) (timer * 1000)); |
883 | 748 |
1136 | 749 s->connection->read->handler = ngx_mail_auth_sleep_handler; |
883 | 750 |
751 return; | |
752 } | |
753 | |
527 | 754 if (ctx->addr.len == 0 || ctx->port.len == 0) { |
755 ngx_log_error(NGX_LOG_ERR, s->connection->log, 0, | |
541 | 756 "auth http server %V did not send server or port", |
884 | 757 ctx->peer.name); |
547 | 758 ngx_destroy_pool(ctx->pool); |
1136 | 759 ngx_mail_session_internal_server_error(s); |
527 | 760 return; |
761 } | |
762 | |
1487
f69493e8faab
ngx_mail_pop3_module, ngx_mail_imap_module, and ngx_mail_smtp_module
Igor Sysoev <igor@sysoev.ru>
parents:
1478
diff
changeset
|
763 if (s->passwd.data == NULL |
f69493e8faab
ngx_mail_pop3_module, ngx_mail_imap_module, and ngx_mail_smtp_module
Igor Sysoev <igor@sysoev.ru>
parents:
1478
diff
changeset
|
764 && s->protocol != NGX_MAIL_SMTP_PROTOCOL) |
1136 | 765 { |
800 | 766 ngx_log_error(NGX_LOG_ERR, s->connection->log, 0, |
767 "auth http server %V did not send password", | |
884 | 768 ctx->peer.name); |
800 | 769 ngx_destroy_pool(ctx->pool); |
1136 | 770 ngx_mail_session_internal_server_error(s); |
800 | 771 return; |
772 } | |
773 | |
3269
f0d596e84634
rename ngx_peer_addr_t to ngx_addr_t
Igor Sysoev <igor@sysoev.ru>
parents:
3267
diff
changeset
|
774 peer = ngx_pcalloc(s->connection->pool, sizeof(ngx_addr_t)); |
884 | 775 if (peer == NULL) { |
547 | 776 ngx_destroy_pool(ctx->pool); |
1136 | 777 ngx_mail_session_internal_server_error(s); |
527 | 778 return; |
779 } | |
780 | |
5134
c788e54090de
Mail: IPv6 backends (ticket #323).
Ruslan Ermilov <ru@nginx.com>
parents:
4971
diff
changeset
|
781 rc = ngx_parse_addr(s->connection->pool, peer, |
c788e54090de
Mail: IPv6 backends (ticket #323).
Ruslan Ermilov <ru@nginx.com>
parents:
4971
diff
changeset
|
782 ctx->addr.data, ctx->addr.len); |
c788e54090de
Mail: IPv6 backends (ticket #323).
Ruslan Ermilov <ru@nginx.com>
parents:
4971
diff
changeset
|
783 |
c788e54090de
Mail: IPv6 backends (ticket #323).
Ruslan Ermilov <ru@nginx.com>
parents:
4971
diff
changeset
|
784 switch (rc) { |
c788e54090de
Mail: IPv6 backends (ticket #323).
Ruslan Ermilov <ru@nginx.com>
parents:
4971
diff
changeset
|
785 case NGX_OK: |
c788e54090de
Mail: IPv6 backends (ticket #323).
Ruslan Ermilov <ru@nginx.com>
parents:
4971
diff
changeset
|
786 break; |
2855
a96a8c916b0c
mail proxy listen IPv6 support
Igor Sysoev <igor@sysoev.ru>
parents:
2748
diff
changeset
|
787 |
5134
c788e54090de
Mail: IPv6 backends (ticket #323).
Ruslan Ermilov <ru@nginx.com>
parents:
4971
diff
changeset
|
788 case NGX_DECLINED: |
c788e54090de
Mail: IPv6 backends (ticket #323).
Ruslan Ermilov <ru@nginx.com>
parents:
4971
diff
changeset
|
789 ngx_log_error(NGX_LOG_ERR, s->connection->log, 0, |
c788e54090de
Mail: IPv6 backends (ticket #323).
Ruslan Ermilov <ru@nginx.com>
parents:
4971
diff
changeset
|
790 "auth http server %V sent invalid server " |
c788e54090de
Mail: IPv6 backends (ticket #323).
Ruslan Ermilov <ru@nginx.com>
parents:
4971
diff
changeset
|
791 "address:\"%V\"", |
c788e54090de
Mail: IPv6 backends (ticket #323).
Ruslan Ermilov <ru@nginx.com>
parents:
4971
diff
changeset
|
792 ctx->peer.name, &ctx->addr); |
c788e54090de
Mail: IPv6 backends (ticket #323).
Ruslan Ermilov <ru@nginx.com>
parents:
4971
diff
changeset
|
793 /* fall through */ |
c788e54090de
Mail: IPv6 backends (ticket #323).
Ruslan Ermilov <ru@nginx.com>
parents:
4971
diff
changeset
|
794 |
c788e54090de
Mail: IPv6 backends (ticket #323).
Ruslan Ermilov <ru@nginx.com>
parents:
4971
diff
changeset
|
795 default: |
547 | 796 ngx_destroy_pool(ctx->pool); |
1136 | 797 ngx_mail_session_internal_server_error(s); |
527 | 798 return; |
799 } | |
800 | |
801 port = ngx_atoi(ctx->port.data, ctx->port.len); | |
4227 | 802 if (port == NGX_ERROR || port < 1 || port > 65535) { |
527 | 803 ngx_log_error(NGX_LOG_ERR, s->connection->log, 0, |
541 | 804 "auth http server %V sent invalid server " |
805 "port:\"%V\"", | |
884 | 806 ctx->peer.name, &ctx->port); |
547 | 807 ngx_destroy_pool(ctx->pool); |
1136 | 808 ngx_mail_session_internal_server_error(s); |
527 | 809 return; |
810 } | |
811 | |
6597 | 812 ngx_inet_set_port(peer->sockaddr, (in_port_t) port); |
527 | 813 |
814 len = ctx->addr.len + 1 + ctx->port.len; | |
815 | |
884 | 816 peer->name.len = len; |
527 | 817 |
2049 | 818 peer->name.data = ngx_pnalloc(s->connection->pool, len); |
884 | 819 if (peer->name.data == NULL) { |
547 | 820 ngx_destroy_pool(ctx->pool); |
1136 | 821 ngx_mail_session_internal_server_error(s); |
527 | 822 return; |
823 } | |
824 | |
825 len = ctx->addr.len; | |
826 | |
884 | 827 ngx_memcpy(peer->name.data, ctx->addr.data, len); |
527 | 828 |
884 | 829 peer->name.data[len++] = ':'; |
527 | 830 |
884 | 831 ngx_memcpy(peer->name.data + len, ctx->port.data, ctx->port.len); |
527 | 832 |
547 | 833 ngx_destroy_pool(ctx->pool); |
1136 | 834 ngx_mail_proxy_init(s, peer); |
527 | 835 |
836 return; | |
837 } | |
838 | |
839 if (rc == NGX_AGAIN ) { | |
840 return; | |
841 } | |
842 | |
843 /* rc == NGX_ERROR */ | |
844 | |
845 ngx_log_error(NGX_LOG_ERR, s->connection->log, 0, | |
541 | 846 "auth http server %V sent invalid header in response", |
884 | 847 ctx->peer.name); |
527 | 848 ngx_close_connection(ctx->peer.connection); |
547 | 849 ngx_destroy_pool(ctx->pool); |
1136 | 850 ngx_mail_session_internal_server_error(s); |
527 | 851 |
852 return; | |
853 } | |
854 } | |
855 | |
521 | 856 |
527 | 857 static void |
1136 | 858 ngx_mail_auth_sleep_handler(ngx_event_t *rev) |
527 | 859 { |
543 | 860 ngx_connection_t *c; |
1136 | 861 ngx_mail_session_t *s; |
862 ngx_mail_core_srv_conf_t *cscf; | |
527 | 863 |
1136 | 864 ngx_log_debug0(NGX_LOG_DEBUG_MAIL, rev->log, 0, "mail auth sleep handler"); |
527 | 865 |
866 c = rev->data; | |
867 s = c->data; | |
868 | |
869 if (rev->timedout) { | |
870 | |
871 rev->timedout = 0; | |
872 | |
883 | 873 if (s->auth_wait) { |
874 s->auth_wait = 0; | |
1136 | 875 ngx_mail_auth_http_init(s); |
883 | 876 return; |
877 } | |
878 | |
1487
f69493e8faab
ngx_mail_pop3_module, ngx_mail_imap_module, and ngx_mail_smtp_module
Igor Sysoev <igor@sysoev.ru>
parents:
1478
diff
changeset
|
879 cscf = ngx_mail_get_module_srv_conf(s, ngx_mail_core_module); |
527 | 880 |
1487
f69493e8faab
ngx_mail_pop3_module, ngx_mail_imap_module, and ngx_mail_smtp_module
Igor Sysoev <igor@sysoev.ru>
parents:
1478
diff
changeset
|
881 rev->handler = cscf->protocol->auth_state; |
f69493e8faab
ngx_mail_pop3_module, ngx_mail_imap_module, and ngx_mail_smtp_module
Igor Sysoev <igor@sysoev.ru>
parents:
1478
diff
changeset
|
882 |
f69493e8faab
ngx_mail_pop3_module, ngx_mail_imap_module, and ngx_mail_smtp_module
Igor Sysoev <igor@sysoev.ru>
parents:
1478
diff
changeset
|
883 s->mail_state = 0; |
1136 | 884 s->auth_method = NGX_MAIL_AUTH_PLAIN; |
800 | 885 |
543 | 886 c->log->action = "in auth state"; |
887 | |
1477 | 888 ngx_mail_send(c->write); |
543 | 889 |
583 | 890 if (c->destroyed) { |
543 | 891 return; |
892 } | |
893 | |
894 ngx_add_timer(rev, cscf->timeout); | |
895 | |
527 | 896 if (rev->ready) { |
1477 | 897 rev->handler(rev); |
527 | 898 return; |
899 } | |
900 | |
2388
722b5aff05ae
use "!= NGX_OK" instead of "== NGX_ERROR"
Igor Sysoev <igor@sysoev.ru>
parents:
2310
diff
changeset
|
901 if (ngx_handle_read_event(rev, 0) != NGX_OK) { |
1477 | 902 ngx_mail_close_connection(c); |
527 | 903 } |
904 | |
905 return; | |
906 } | |
907 | |
908 if (rev->active) { | |
2388
722b5aff05ae
use "!= NGX_OK" instead of "== NGX_ERROR"
Igor Sysoev <igor@sysoev.ru>
parents:
2310
diff
changeset
|
909 if (ngx_handle_read_event(rev, 0) != NGX_OK) { |
1477 | 910 ngx_mail_close_connection(c); |
527 | 911 } |
912 } | |
913 } | |
914 | |
915 | |
916 static ngx_int_t | |
1136 | 917 ngx_mail_auth_http_parse_header_line(ngx_mail_session_t *s, |
918 ngx_mail_auth_http_ctx_t *ctx) | |
527 | 919 { |
920 u_char c, ch, *p; | |
921 enum { | |
922 sw_start = 0, | |
923 sw_name, | |
924 sw_space_before_value, | |
925 sw_value, | |
926 sw_space_after_value, | |
577 | 927 sw_almost_done, |
527 | 928 sw_header_almost_done |
929 } state; | |
930 | |
577 | 931 state = ctx->state; |
527 | 932 |
933 for (p = ctx->response->pos; p < ctx->response->last; p++) { | |
934 ch = *p; | |
935 | |
936 switch (state) { | |
937 | |
938 /* first char */ | |
939 case sw_start: | |
940 | |
941 switch (ch) { | |
942 case CR: | |
577 | 943 ctx->header_end = p; |
527 | 944 state = sw_header_almost_done; |
945 break; | |
577 | 946 case LF: |
527 | 947 ctx->header_end = p; |
948 goto header_done; | |
949 default: | |
950 state = sw_name; | |
951 ctx->header_name_start = p; | |
952 | |
953 c = (u_char) (ch | 0x20); | |
954 if (c >= 'a' && c <= 'z') { | |
955 break; | |
956 } | |
957 | |
958 if (ch >= '0' && ch <= '9') { | |
959 break; | |
960 } | |
961 | |
962 return NGX_ERROR; | |
963 } | |
964 break; | |
965 | |
966 /* header name */ | |
967 case sw_name: | |
968 c = (u_char) (ch | 0x20); | |
969 if (c >= 'a' && c <= 'z') { | |
970 break; | |
971 } | |
972 | |
973 if (ch == ':') { | |
974 ctx->header_name_end = p; | |
975 state = sw_space_before_value; | |
976 break; | |
977 } | |
978 | |
979 if (ch == '-') { | |
980 break; | |
981 } | |
982 | |
983 if (ch >= '0' && ch <= '9') { | |
984 break; | |
985 } | |
986 | |
987 if (ch == CR) { | |
988 ctx->header_name_end = p; | |
989 ctx->header_start = p; | |
990 ctx->header_end = p; | |
991 state = sw_almost_done; | |
992 break; | |
993 } | |
994 | |
995 if (ch == LF) { | |
996 ctx->header_name_end = p; | |
997 ctx->header_start = p; | |
998 ctx->header_end = p; | |
999 goto done; | |
1000 } | |
1001 | |
1002 return NGX_ERROR; | |
1003 | |
1004 /* space* before header value */ | |
1005 case sw_space_before_value: | |
1006 switch (ch) { | |
1007 case ' ': | |
1008 break; | |
1009 case CR: | |
1010 ctx->header_start = p; | |
1011 ctx->header_end = p; | |
1012 state = sw_almost_done; | |
1013 break; | |
1014 case LF: | |
1015 ctx->header_start = p; | |
1016 ctx->header_end = p; | |
1017 goto done; | |
1018 default: | |
1019 ctx->header_start = p; | |
1020 state = sw_value; | |
1021 break; | |
1022 } | |
1023 break; | |
1024 | |
1025 /* header value */ | |
1026 case sw_value: | |
1027 switch (ch) { | |
1028 case ' ': | |
1029 ctx->header_end = p; | |
1030 state = sw_space_after_value; | |
1031 break; | |
1032 case CR: | |
1033 ctx->header_end = p; | |
1034 state = sw_almost_done; | |
1035 break; | |
1036 case LF: | |
1037 ctx->header_end = p; | |
1038 goto done; | |
1039 } | |
1040 break; | |
1041 | |
1042 /* space* before end of header line */ | |
1043 case sw_space_after_value: | |
1044 switch (ch) { | |
1045 case ' ': | |
1046 break; | |
1047 case CR: | |
1048 state = sw_almost_done; | |
1049 break; | |
1050 case LF: | |
1051 goto done; | |
1052 default: | |
1053 state = sw_value; | |
1054 break; | |
1055 } | |
1056 break; | |
1057 | |
1058 /* end of header line */ | |
1059 case sw_almost_done: | |
1060 switch (ch) { | |
1061 case LF: | |
1062 goto done; | |
1063 default: | |
1064 return NGX_ERROR; | |
1065 } | |
1066 | |
1067 /* end of header */ | |
1068 case sw_header_almost_done: | |
1069 switch (ch) { | |
1070 case LF: | |
1071 goto header_done; | |
1072 default: | |
1073 return NGX_ERROR; | |
1074 } | |
1075 } | |
1076 } | |
1077 | |
1078 ctx->response->pos = p; | |
1079 ctx->state = state; | |
1080 | |
1081 return NGX_AGAIN; | |
1082 | |
1083 done: | |
1084 | |
1085 ctx->response->pos = p + 1; | |
1086 ctx->state = sw_start; | |
1087 | |
1088 return NGX_OK; | |
1089 | |
1090 header_done: | |
1091 | |
1092 ctx->response->pos = p + 1; | |
1093 ctx->state = sw_start; | |
1094 | |
1095 return NGX_DONE; | |
521 | 1096 } |
1097 | |
1098 | |
1099 static void | |
1136 | 1100 ngx_mail_auth_http_block_read(ngx_event_t *rev) |
521 | 1101 { |
1102 ngx_connection_t *c; | |
1136 | 1103 ngx_mail_session_t *s; |
1104 ngx_mail_auth_http_ctx_t *ctx; | |
521 | 1105 |
1136 | 1106 ngx_log_debug0(NGX_LOG_DEBUG_MAIL, rev->log, 0, |
1107 "mail auth http block read"); | |
521 | 1108 |
2388
722b5aff05ae
use "!= NGX_OK" instead of "== NGX_ERROR"
Igor Sysoev <igor@sysoev.ru>
parents:
2310
diff
changeset
|
1109 if (ngx_handle_read_event(rev, 0) != NGX_OK) { |
521 | 1110 c = rev->data; |
1111 s = c->data; | |
1112 | |
1136 | 1113 ctx = ngx_mail_get_module_ctx(s, ngx_mail_auth_http_module); |
521 | 1114 |
525 | 1115 ngx_close_connection(ctx->peer.connection); |
547 | 1116 ngx_destroy_pool(ctx->pool); |
1136 | 1117 ngx_mail_session_internal_server_error(s); |
521 | 1118 } |
1119 } | |
1120 | |
1121 | |
1122 static void | |
1136 | 1123 ngx_mail_auth_http_dummy_handler(ngx_event_t *ev) |
521 | 1124 { |
1136 | 1125 ngx_log_debug0(NGX_LOG_DEBUG_MAIL, ev->log, 0, |
1126 "mail auth http dummy handler"); | |
521 | 1127 } |
1128 | |
1129 | |
1130 static ngx_buf_t * | |
1136 | 1131 ngx_mail_auth_http_create_request(ngx_mail_session_t *s, ngx_pool_t *pool, |
1132 ngx_mail_auth_http_conf_t *ahcf) | |
521 | 1133 { |
1487
f69493e8faab
ngx_mail_pop3_module, ngx_mail_imap_module, and ngx_mail_smtp_module
Igor Sysoev <igor@sysoev.ru>
parents:
1478
diff
changeset
|
1134 size_t len; |
f69493e8faab
ngx_mail_pop3_module, ngx_mail_imap_module, and ngx_mail_smtp_module
Igor Sysoev <igor@sysoev.ru>
parents:
1478
diff
changeset
|
1135 ngx_buf_t *b; |
f69493e8faab
ngx_mail_pop3_module, ngx_mail_imap_module, and ngx_mail_smtp_module
Igor Sysoev <igor@sysoev.ru>
parents:
1478
diff
changeset
|
1136 ngx_str_t login, passwd; |
5989
ec01b1d1fff1
Mail: client SSL certificates support.
Maxim Dounin <mdounin@mdounin.ru>
parents:
5988
diff
changeset
|
1137 #if (NGX_MAIL_SSL) |
ec01b1d1fff1
Mail: client SSL certificates support.
Maxim Dounin <mdounin@mdounin.ru>
parents:
5988
diff
changeset
|
1138 ngx_str_t verify, subject, issuer, serial, fingerprint, |
ec01b1d1fff1
Mail: client SSL certificates support.
Maxim Dounin <mdounin@mdounin.ru>
parents:
5988
diff
changeset
|
1139 raw_cert, cert; |
ec01b1d1fff1
Mail: client SSL certificates support.
Maxim Dounin <mdounin@mdounin.ru>
parents:
5988
diff
changeset
|
1140 ngx_connection_t *c; |
5990
6a7c6973d6fc
Mail: don't emit Auth-SSL-Verify with disabled ssl_verify_client.
Sergey Kandaurov <pluknet@nginx.com>
parents:
5989
diff
changeset
|
1141 ngx_mail_ssl_conf_t *sslcf; |
5989
ec01b1d1fff1
Mail: client SSL certificates support.
Maxim Dounin <mdounin@mdounin.ru>
parents:
5988
diff
changeset
|
1142 #endif |
1487
f69493e8faab
ngx_mail_pop3_module, ngx_mail_imap_module, and ngx_mail_smtp_module
Igor Sysoev <igor@sysoev.ru>
parents:
1478
diff
changeset
|
1143 ngx_mail_core_srv_conf_t *cscf; |
633 | 1144 |
1136 | 1145 if (ngx_mail_auth_http_escape(pool, &s->login, &login) != NGX_OK) { |
633 | 1146 return NULL; |
1147 } | |
1148 | |
1136 | 1149 if (ngx_mail_auth_http_escape(pool, &s->passwd, &passwd) != NGX_OK) { |
633 | 1150 return NULL; |
1151 } | |
521 | 1152 |
5989
ec01b1d1fff1
Mail: client SSL certificates support.
Maxim Dounin <mdounin@mdounin.ru>
parents:
5988
diff
changeset
|
1153 #if (NGX_MAIL_SSL) |
ec01b1d1fff1
Mail: client SSL certificates support.
Maxim Dounin <mdounin@mdounin.ru>
parents:
5988
diff
changeset
|
1154 |
ec01b1d1fff1
Mail: client SSL certificates support.
Maxim Dounin <mdounin@mdounin.ru>
parents:
5988
diff
changeset
|
1155 c = s->connection; |
5990
6a7c6973d6fc
Mail: don't emit Auth-SSL-Verify with disabled ssl_verify_client.
Sergey Kandaurov <pluknet@nginx.com>
parents:
5989
diff
changeset
|
1156 sslcf = ngx_mail_get_module_srv_conf(s, ngx_mail_ssl_module); |
5989
ec01b1d1fff1
Mail: client SSL certificates support.
Maxim Dounin <mdounin@mdounin.ru>
parents:
5988
diff
changeset
|
1157 |
5990
6a7c6973d6fc
Mail: don't emit Auth-SSL-Verify with disabled ssl_verify_client.
Sergey Kandaurov <pluknet@nginx.com>
parents:
5989
diff
changeset
|
1158 if (c->ssl && sslcf->verify) { |
5989
ec01b1d1fff1
Mail: client SSL certificates support.
Maxim Dounin <mdounin@mdounin.ru>
parents:
5988
diff
changeset
|
1159 |
ec01b1d1fff1
Mail: client SSL certificates support.
Maxim Dounin <mdounin@mdounin.ru>
parents:
5988
diff
changeset
|
1160 /* certificate details */ |
ec01b1d1fff1
Mail: client SSL certificates support.
Maxim Dounin <mdounin@mdounin.ru>
parents:
5988
diff
changeset
|
1161 |
ec01b1d1fff1
Mail: client SSL certificates support.
Maxim Dounin <mdounin@mdounin.ru>
parents:
5988
diff
changeset
|
1162 if (ngx_ssl_get_client_verify(c, pool, &verify) != NGX_OK) { |
ec01b1d1fff1
Mail: client SSL certificates support.
Maxim Dounin <mdounin@mdounin.ru>
parents:
5988
diff
changeset
|
1163 return NULL; |
ec01b1d1fff1
Mail: client SSL certificates support.
Maxim Dounin <mdounin@mdounin.ru>
parents:
5988
diff
changeset
|
1164 } |
ec01b1d1fff1
Mail: client SSL certificates support.
Maxim Dounin <mdounin@mdounin.ru>
parents:
5988
diff
changeset
|
1165 |
ec01b1d1fff1
Mail: client SSL certificates support.
Maxim Dounin <mdounin@mdounin.ru>
parents:
5988
diff
changeset
|
1166 if (ngx_ssl_get_subject_dn(c, pool, &subject) != NGX_OK) { |
ec01b1d1fff1
Mail: client SSL certificates support.
Maxim Dounin <mdounin@mdounin.ru>
parents:
5988
diff
changeset
|
1167 return NULL; |
ec01b1d1fff1
Mail: client SSL certificates support.
Maxim Dounin <mdounin@mdounin.ru>
parents:
5988
diff
changeset
|
1168 } |
ec01b1d1fff1
Mail: client SSL certificates support.
Maxim Dounin <mdounin@mdounin.ru>
parents:
5988
diff
changeset
|
1169 |
ec01b1d1fff1
Mail: client SSL certificates support.
Maxim Dounin <mdounin@mdounin.ru>
parents:
5988
diff
changeset
|
1170 if (ngx_ssl_get_issuer_dn(c, pool, &issuer) != NGX_OK) { |
ec01b1d1fff1
Mail: client SSL certificates support.
Maxim Dounin <mdounin@mdounin.ru>
parents:
5988
diff
changeset
|
1171 return NULL; |
ec01b1d1fff1
Mail: client SSL certificates support.
Maxim Dounin <mdounin@mdounin.ru>
parents:
5988
diff
changeset
|
1172 } |
ec01b1d1fff1
Mail: client SSL certificates support.
Maxim Dounin <mdounin@mdounin.ru>
parents:
5988
diff
changeset
|
1173 |
ec01b1d1fff1
Mail: client SSL certificates support.
Maxim Dounin <mdounin@mdounin.ru>
parents:
5988
diff
changeset
|
1174 if (ngx_ssl_get_serial_number(c, pool, &serial) != NGX_OK) { |
ec01b1d1fff1
Mail: client SSL certificates support.
Maxim Dounin <mdounin@mdounin.ru>
parents:
5988
diff
changeset
|
1175 return NULL; |
ec01b1d1fff1
Mail: client SSL certificates support.
Maxim Dounin <mdounin@mdounin.ru>
parents:
5988
diff
changeset
|
1176 } |
ec01b1d1fff1
Mail: client SSL certificates support.
Maxim Dounin <mdounin@mdounin.ru>
parents:
5988
diff
changeset
|
1177 |
ec01b1d1fff1
Mail: client SSL certificates support.
Maxim Dounin <mdounin@mdounin.ru>
parents:
5988
diff
changeset
|
1178 if (ngx_ssl_get_fingerprint(c, pool, &fingerprint) != NGX_OK) { |
ec01b1d1fff1
Mail: client SSL certificates support.
Maxim Dounin <mdounin@mdounin.ru>
parents:
5988
diff
changeset
|
1179 return NULL; |
ec01b1d1fff1
Mail: client SSL certificates support.
Maxim Dounin <mdounin@mdounin.ru>
parents:
5988
diff
changeset
|
1180 } |
ec01b1d1fff1
Mail: client SSL certificates support.
Maxim Dounin <mdounin@mdounin.ru>
parents:
5988
diff
changeset
|
1181 |
ec01b1d1fff1
Mail: client SSL certificates support.
Maxim Dounin <mdounin@mdounin.ru>
parents:
5988
diff
changeset
|
1182 if (ahcf->pass_client_cert) { |
ec01b1d1fff1
Mail: client SSL certificates support.
Maxim Dounin <mdounin@mdounin.ru>
parents:
5988
diff
changeset
|
1183 |
ec01b1d1fff1
Mail: client SSL certificates support.
Maxim Dounin <mdounin@mdounin.ru>
parents:
5988
diff
changeset
|
1184 /* certificate itself, if configured */ |
ec01b1d1fff1
Mail: client SSL certificates support.
Maxim Dounin <mdounin@mdounin.ru>
parents:
5988
diff
changeset
|
1185 |
ec01b1d1fff1
Mail: client SSL certificates support.
Maxim Dounin <mdounin@mdounin.ru>
parents:
5988
diff
changeset
|
1186 if (ngx_ssl_get_raw_certificate(c, pool, &raw_cert) != NGX_OK) { |
ec01b1d1fff1
Mail: client SSL certificates support.
Maxim Dounin <mdounin@mdounin.ru>
parents:
5988
diff
changeset
|
1187 return NULL; |
ec01b1d1fff1
Mail: client SSL certificates support.
Maxim Dounin <mdounin@mdounin.ru>
parents:
5988
diff
changeset
|
1188 } |
ec01b1d1fff1
Mail: client SSL certificates support.
Maxim Dounin <mdounin@mdounin.ru>
parents:
5988
diff
changeset
|
1189 |
ec01b1d1fff1
Mail: client SSL certificates support.
Maxim Dounin <mdounin@mdounin.ru>
parents:
5988
diff
changeset
|
1190 if (ngx_mail_auth_http_escape(pool, &raw_cert, &cert) != NGX_OK) { |
ec01b1d1fff1
Mail: client SSL certificates support.
Maxim Dounin <mdounin@mdounin.ru>
parents:
5988
diff
changeset
|
1191 return NULL; |
ec01b1d1fff1
Mail: client SSL certificates support.
Maxim Dounin <mdounin@mdounin.ru>
parents:
5988
diff
changeset
|
1192 } |
ec01b1d1fff1
Mail: client SSL certificates support.
Maxim Dounin <mdounin@mdounin.ru>
parents:
5988
diff
changeset
|
1193 |
ec01b1d1fff1
Mail: client SSL certificates support.
Maxim Dounin <mdounin@mdounin.ru>
parents:
5988
diff
changeset
|
1194 } else { |
ec01b1d1fff1
Mail: client SSL certificates support.
Maxim Dounin <mdounin@mdounin.ru>
parents:
5988
diff
changeset
|
1195 ngx_str_null(&cert); |
ec01b1d1fff1
Mail: client SSL certificates support.
Maxim Dounin <mdounin@mdounin.ru>
parents:
5988
diff
changeset
|
1196 } |
ec01b1d1fff1
Mail: client SSL certificates support.
Maxim Dounin <mdounin@mdounin.ru>
parents:
5988
diff
changeset
|
1197 |
ec01b1d1fff1
Mail: client SSL certificates support.
Maxim Dounin <mdounin@mdounin.ru>
parents:
5988
diff
changeset
|
1198 } else { |
ec01b1d1fff1
Mail: client SSL certificates support.
Maxim Dounin <mdounin@mdounin.ru>
parents:
5988
diff
changeset
|
1199 ngx_str_null(&verify); |
ec01b1d1fff1
Mail: client SSL certificates support.
Maxim Dounin <mdounin@mdounin.ru>
parents:
5988
diff
changeset
|
1200 ngx_str_null(&subject); |
ec01b1d1fff1
Mail: client SSL certificates support.
Maxim Dounin <mdounin@mdounin.ru>
parents:
5988
diff
changeset
|
1201 ngx_str_null(&issuer); |
ec01b1d1fff1
Mail: client SSL certificates support.
Maxim Dounin <mdounin@mdounin.ru>
parents:
5988
diff
changeset
|
1202 ngx_str_null(&serial); |
ec01b1d1fff1
Mail: client SSL certificates support.
Maxim Dounin <mdounin@mdounin.ru>
parents:
5988
diff
changeset
|
1203 ngx_str_null(&fingerprint); |
ec01b1d1fff1
Mail: client SSL certificates support.
Maxim Dounin <mdounin@mdounin.ru>
parents:
5988
diff
changeset
|
1204 ngx_str_null(&cert); |
ec01b1d1fff1
Mail: client SSL certificates support.
Maxim Dounin <mdounin@mdounin.ru>
parents:
5988
diff
changeset
|
1205 } |
ec01b1d1fff1
Mail: client SSL certificates support.
Maxim Dounin <mdounin@mdounin.ru>
parents:
5988
diff
changeset
|
1206 |
ec01b1d1fff1
Mail: client SSL certificates support.
Maxim Dounin <mdounin@mdounin.ru>
parents:
5988
diff
changeset
|
1207 #endif |
ec01b1d1fff1
Mail: client SSL certificates support.
Maxim Dounin <mdounin@mdounin.ru>
parents:
5988
diff
changeset
|
1208 |
1487
f69493e8faab
ngx_mail_pop3_module, ngx_mail_imap_module, and ngx_mail_smtp_module
Igor Sysoev <igor@sysoev.ru>
parents:
1478
diff
changeset
|
1209 cscf = ngx_mail_get_module_srv_conf(s, ngx_mail_core_module); |
f69493e8faab
ngx_mail_pop3_module, ngx_mail_imap_module, and ngx_mail_smtp_module
Igor Sysoev <igor@sysoev.ru>
parents:
1478
diff
changeset
|
1210 |
521 | 1211 len = sizeof("GET ") - 1 + ahcf->uri.len + sizeof(" HTTP/1.0" CRLF) - 1 |
1212 + sizeof("Host: ") - 1 + ahcf->host_header.len + sizeof(CRLF) - 1 | |
856
0197d6aae54e
use correct auth method length
Igor Sysoev <igor@sysoev.ru>
parents:
854
diff
changeset
|
1213 + sizeof("Auth-Method: ") - 1 |
1136 | 1214 + ngx_mail_auth_http_method[s->auth_method].len |
856
0197d6aae54e
use correct auth method length
Igor Sysoev <igor@sysoev.ru>
parents:
854
diff
changeset
|
1215 + sizeof(CRLF) - 1 |
633 | 1216 + sizeof("Auth-User: ") - 1 + login.len + sizeof(CRLF) - 1 |
1217 + sizeof("Auth-Pass: ") - 1 + passwd.len + sizeof(CRLF) - 1 | |
800 | 1218 + sizeof("Auth-Salt: ") - 1 + s->salt.len |
1487
f69493e8faab
ngx_mail_pop3_module, ngx_mail_imap_module, and ngx_mail_smtp_module
Igor Sysoev <igor@sysoev.ru>
parents:
1478
diff
changeset
|
1219 + sizeof("Auth-Protocol: ") - 1 + cscf->protocol->name.len |
f69493e8faab
ngx_mail_pop3_module, ngx_mail_imap_module, and ngx_mail_smtp_module
Igor Sysoev <igor@sysoev.ru>
parents:
1478
diff
changeset
|
1220 + sizeof(CRLF) - 1 |
527 | 1221 + sizeof("Auth-Login-Attempt: ") - 1 + NGX_INT_T_LEN |
1222 + sizeof(CRLF) - 1 | |
521 | 1223 + sizeof("Client-IP: ") - 1 + s->connection->addr_text.len |
1224 + sizeof(CRLF) - 1 | |
2309 | 1225 + sizeof("Client-Host: ") - 1 + s->host.len + sizeof(CRLF) - 1 |
5987
62c098eb4509
Mail: fixed buffer allocation for CRLF after Auth-SMTP-* headers.
Maxim Dounin <mdounin@mdounin.ru>
parents:
5685
diff
changeset
|
1226 + sizeof("Auth-SMTP-Helo: ") - 1 + s->smtp_helo.len + sizeof(CRLF) - 1 |
62c098eb4509
Mail: fixed buffer allocation for CRLF after Auth-SMTP-* headers.
Maxim Dounin <mdounin@mdounin.ru>
parents:
5685
diff
changeset
|
1227 + sizeof("Auth-SMTP-From: ") - 1 + s->smtp_from.len + sizeof(CRLF) - 1 |
62c098eb4509
Mail: fixed buffer allocation for CRLF after Auth-SMTP-* headers.
Maxim Dounin <mdounin@mdounin.ru>
parents:
5685
diff
changeset
|
1228 + sizeof("Auth-SMTP-To: ") - 1 + s->smtp_to.len + sizeof(CRLF) - 1 |
5988
3b3f789655dc
Mail: added Auth-SSL header to indicate SSL.
Maxim Dounin <mdounin@mdounin.ru>
parents:
5987
diff
changeset
|
1229 #if (NGX_MAIL_SSL) |
3b3f789655dc
Mail: added Auth-SSL header to indicate SSL.
Maxim Dounin <mdounin@mdounin.ru>
parents:
5987
diff
changeset
|
1230 + sizeof("Auth-SSL: on" CRLF) - 1 |
5989
ec01b1d1fff1
Mail: client SSL certificates support.
Maxim Dounin <mdounin@mdounin.ru>
parents:
5988
diff
changeset
|
1231 + sizeof("Auth-SSL-Verify: ") - 1 + verify.len + sizeof(CRLF) - 1 |
ec01b1d1fff1
Mail: client SSL certificates support.
Maxim Dounin <mdounin@mdounin.ru>
parents:
5988
diff
changeset
|
1232 + sizeof("Auth-SSL-Subject: ") - 1 + subject.len + sizeof(CRLF) - 1 |
ec01b1d1fff1
Mail: client SSL certificates support.
Maxim Dounin <mdounin@mdounin.ru>
parents:
5988
diff
changeset
|
1233 + sizeof("Auth-SSL-Issuer: ") - 1 + issuer.len + sizeof(CRLF) - 1 |
ec01b1d1fff1
Mail: client SSL certificates support.
Maxim Dounin <mdounin@mdounin.ru>
parents:
5988
diff
changeset
|
1234 + sizeof("Auth-SSL-Serial: ") - 1 + serial.len + sizeof(CRLF) - 1 |
ec01b1d1fff1
Mail: client SSL certificates support.
Maxim Dounin <mdounin@mdounin.ru>
parents:
5988
diff
changeset
|
1235 + sizeof("Auth-SSL-Fingerprint: ") - 1 + fingerprint.len |
ec01b1d1fff1
Mail: client SSL certificates support.
Maxim Dounin <mdounin@mdounin.ru>
parents:
5988
diff
changeset
|
1236 + sizeof(CRLF) - 1 |
ec01b1d1fff1
Mail: client SSL certificates support.
Maxim Dounin <mdounin@mdounin.ru>
parents:
5988
diff
changeset
|
1237 + sizeof("Auth-SSL-Cert: ") - 1 + cert.len + sizeof(CRLF) - 1 |
5988
3b3f789655dc
Mail: added Auth-SSL header to indicate SSL.
Maxim Dounin <mdounin@mdounin.ru>
parents:
5987
diff
changeset
|
1238 #endif |
1285
0c10dc6a8e74
fix memory allocation for auth_http_header
Igor Sysoev <igor@sysoev.ru>
parents:
1166
diff
changeset
|
1239 + ahcf->header.len |
521 | 1240 + sizeof(CRLF) - 1; |
1241 | |
547 | 1242 b = ngx_create_temp_buf(pool, len); |
521 | 1243 if (b == NULL) { |
1244 return NULL; | |
1245 } | |
1246 | |
1247 b->last = ngx_cpymem(b->last, "GET ", sizeof("GET ") - 1); | |
573 | 1248 b->last = ngx_copy(b->last, ahcf->uri.data, ahcf->uri.len); |
521 | 1249 b->last = ngx_cpymem(b->last, " HTTP/1.0" CRLF, |
1250 sizeof(" HTTP/1.0" CRLF) - 1); | |
1251 | |
1252 b->last = ngx_cpymem(b->last, "Host: ", sizeof("Host: ") - 1); | |
573 | 1253 b->last = ngx_copy(b->last, ahcf->host_header.data, |
521 | 1254 ahcf->host_header.len); |
1255 *b->last++ = CR; *b->last++ = LF; | |
1256 | |
800 | 1257 b->last = ngx_cpymem(b->last, "Auth-Method: ", |
1258 sizeof("Auth-Method: ") - 1); | |
1259 b->last = ngx_cpymem(b->last, | |
1136 | 1260 ngx_mail_auth_http_method[s->auth_method].data, |
1261 ngx_mail_auth_http_method[s->auth_method].len); | |
800 | 1262 *b->last++ = CR; *b->last++ = LF; |
521 | 1263 |
1264 b->last = ngx_cpymem(b->last, "Auth-User: ", sizeof("Auth-User: ") - 1); | |
633 | 1265 b->last = ngx_copy(b->last, login.data, login.len); |
521 | 1266 *b->last++ = CR; *b->last++ = LF; |
1267 | |
1268 b->last = ngx_cpymem(b->last, "Auth-Pass: ", sizeof("Auth-Pass: ") - 1); | |
633 | 1269 b->last = ngx_copy(b->last, passwd.data, passwd.len); |
521 | 1270 *b->last++ = CR; *b->last++ = LF; |
1271 | |
1136 | 1272 if (s->auth_method != NGX_MAIL_AUTH_PLAIN && s->salt.len) { |
800 | 1273 b->last = ngx_cpymem(b->last, "Auth-Salt: ", sizeof("Auth-Salt: ") - 1); |
1274 b->last = ngx_copy(b->last, s->salt.data, s->salt.len); | |
1275 | |
1276 s->passwd.data = NULL; | |
1277 } | |
1278 | |
521 | 1279 b->last = ngx_cpymem(b->last, "Auth-Protocol: ", |
1280 sizeof("Auth-Protocol: ") - 1); | |
1487
f69493e8faab
ngx_mail_pop3_module, ngx_mail_imap_module, and ngx_mail_smtp_module
Igor Sysoev <igor@sysoev.ru>
parents:
1478
diff
changeset
|
1281 b->last = ngx_cpymem(b->last, cscf->protocol->name.data, |
f69493e8faab
ngx_mail_pop3_module, ngx_mail_imap_module, and ngx_mail_smtp_module
Igor Sysoev <igor@sysoev.ru>
parents:
1478
diff
changeset
|
1282 cscf->protocol->name.len); |
521 | 1283 *b->last++ = CR; *b->last++ = LF; |
1284 | |
527 | 1285 b->last = ngx_sprintf(b->last, "Auth-Login-Attempt: %ui" CRLF, |
1286 s->login_attempt); | |
1287 | |
521 | 1288 b->last = ngx_cpymem(b->last, "Client-IP: ", sizeof("Client-IP: ") - 1); |
573 | 1289 b->last = ngx_copy(b->last, s->connection->addr_text.data, |
2309 | 1290 s->connection->addr_text.len); |
521 | 1291 *b->last++ = CR; *b->last++ = LF; |
1292 | |
2309 | 1293 if (s->host.len) { |
1294 b->last = ngx_cpymem(b->last, "Client-Host: ", | |
1295 sizeof("Client-Host: ") - 1); | |
1296 b->last = ngx_copy(b->last, s->host.data, s->host.len); | |
1297 *b->last++ = CR; *b->last++ = LF; | |
1298 } | |
1299 | |
1300 if (s->auth_method == NGX_MAIL_AUTH_NONE) { | |
1301 | |
1302 /* HELO, MAIL FROM, and RCPT TO can't contain CRLF, no need to escape */ | |
1303 | |
1304 b->last = ngx_cpymem(b->last, "Auth-SMTP-Helo: ", | |
1305 sizeof("Auth-SMTP-Helo: ") - 1); | |
1306 b->last = ngx_copy(b->last, s->smtp_helo.data, s->smtp_helo.len); | |
1307 *b->last++ = CR; *b->last++ = LF; | |
1308 | |
1309 b->last = ngx_cpymem(b->last, "Auth-SMTP-From: ", | |
1310 sizeof("Auth-SMTP-From: ") - 1); | |
1311 b->last = ngx_copy(b->last, s->smtp_from.data, s->smtp_from.len); | |
1312 *b->last++ = CR; *b->last++ = LF; | |
1313 | |
1314 b->last = ngx_cpymem(b->last, "Auth-SMTP-To: ", | |
1315 sizeof("Auth-SMTP-To: ") - 1); | |
1316 b->last = ngx_copy(b->last, s->smtp_to.data, s->smtp_to.len); | |
1317 *b->last++ = CR; *b->last++ = LF; | |
1318 | |
1319 } | |
1320 | |
5988
3b3f789655dc
Mail: added Auth-SSL header to indicate SSL.
Maxim Dounin <mdounin@mdounin.ru>
parents:
5987
diff
changeset
|
1321 #if (NGX_MAIL_SSL) |
3b3f789655dc
Mail: added Auth-SSL header to indicate SSL.
Maxim Dounin <mdounin@mdounin.ru>
parents:
5987
diff
changeset
|
1322 |
5989
ec01b1d1fff1
Mail: client SSL certificates support.
Maxim Dounin <mdounin@mdounin.ru>
parents:
5988
diff
changeset
|
1323 if (c->ssl) { |
5988
3b3f789655dc
Mail: added Auth-SSL header to indicate SSL.
Maxim Dounin <mdounin@mdounin.ru>
parents:
5987
diff
changeset
|
1324 b->last = ngx_cpymem(b->last, "Auth-SSL: on" CRLF, |
3b3f789655dc
Mail: added Auth-SSL header to indicate SSL.
Maxim Dounin <mdounin@mdounin.ru>
parents:
5987
diff
changeset
|
1325 sizeof("Auth-SSL: on" CRLF) - 1); |
5989
ec01b1d1fff1
Mail: client SSL certificates support.
Maxim Dounin <mdounin@mdounin.ru>
parents:
5988
diff
changeset
|
1326 |
5990
6a7c6973d6fc
Mail: don't emit Auth-SSL-Verify with disabled ssl_verify_client.
Sergey Kandaurov <pluknet@nginx.com>
parents:
5989
diff
changeset
|
1327 if (verify.len) { |
6a7c6973d6fc
Mail: don't emit Auth-SSL-Verify with disabled ssl_verify_client.
Sergey Kandaurov <pluknet@nginx.com>
parents:
5989
diff
changeset
|
1328 b->last = ngx_cpymem(b->last, "Auth-SSL-Verify: ", |
6a7c6973d6fc
Mail: don't emit Auth-SSL-Verify with disabled ssl_verify_client.
Sergey Kandaurov <pluknet@nginx.com>
parents:
5989
diff
changeset
|
1329 sizeof("Auth-SSL-Verify: ") - 1); |
6a7c6973d6fc
Mail: don't emit Auth-SSL-Verify with disabled ssl_verify_client.
Sergey Kandaurov <pluknet@nginx.com>
parents:
5989
diff
changeset
|
1330 b->last = ngx_copy(b->last, verify.data, verify.len); |
6a7c6973d6fc
Mail: don't emit Auth-SSL-Verify with disabled ssl_verify_client.
Sergey Kandaurov <pluknet@nginx.com>
parents:
5989
diff
changeset
|
1331 *b->last++ = CR; *b->last++ = LF; |
6a7c6973d6fc
Mail: don't emit Auth-SSL-Verify with disabled ssl_verify_client.
Sergey Kandaurov <pluknet@nginx.com>
parents:
5989
diff
changeset
|
1332 } |
5989
ec01b1d1fff1
Mail: client SSL certificates support.
Maxim Dounin <mdounin@mdounin.ru>
parents:
5988
diff
changeset
|
1333 |
ec01b1d1fff1
Mail: client SSL certificates support.
Maxim Dounin <mdounin@mdounin.ru>
parents:
5988
diff
changeset
|
1334 if (subject.len) { |
ec01b1d1fff1
Mail: client SSL certificates support.
Maxim Dounin <mdounin@mdounin.ru>
parents:
5988
diff
changeset
|
1335 b->last = ngx_cpymem(b->last, "Auth-SSL-Subject: ", |
ec01b1d1fff1
Mail: client SSL certificates support.
Maxim Dounin <mdounin@mdounin.ru>
parents:
5988
diff
changeset
|
1336 sizeof("Auth-SSL-Subject: ") - 1); |
ec01b1d1fff1
Mail: client SSL certificates support.
Maxim Dounin <mdounin@mdounin.ru>
parents:
5988
diff
changeset
|
1337 b->last = ngx_copy(b->last, subject.data, subject.len); |
ec01b1d1fff1
Mail: client SSL certificates support.
Maxim Dounin <mdounin@mdounin.ru>
parents:
5988
diff
changeset
|
1338 *b->last++ = CR; *b->last++ = LF; |
ec01b1d1fff1
Mail: client SSL certificates support.
Maxim Dounin <mdounin@mdounin.ru>
parents:
5988
diff
changeset
|
1339 } |
ec01b1d1fff1
Mail: client SSL certificates support.
Maxim Dounin <mdounin@mdounin.ru>
parents:
5988
diff
changeset
|
1340 |
ec01b1d1fff1
Mail: client SSL certificates support.
Maxim Dounin <mdounin@mdounin.ru>
parents:
5988
diff
changeset
|
1341 if (issuer.len) { |
ec01b1d1fff1
Mail: client SSL certificates support.
Maxim Dounin <mdounin@mdounin.ru>
parents:
5988
diff
changeset
|
1342 b->last = ngx_cpymem(b->last, "Auth-SSL-Issuer: ", |
ec01b1d1fff1
Mail: client SSL certificates support.
Maxim Dounin <mdounin@mdounin.ru>
parents:
5988
diff
changeset
|
1343 sizeof("Auth-SSL-Issuer: ") - 1); |
ec01b1d1fff1
Mail: client SSL certificates support.
Maxim Dounin <mdounin@mdounin.ru>
parents:
5988
diff
changeset
|
1344 b->last = ngx_copy(b->last, issuer.data, issuer.len); |
ec01b1d1fff1
Mail: client SSL certificates support.
Maxim Dounin <mdounin@mdounin.ru>
parents:
5988
diff
changeset
|
1345 *b->last++ = CR; *b->last++ = LF; |
ec01b1d1fff1
Mail: client SSL certificates support.
Maxim Dounin <mdounin@mdounin.ru>
parents:
5988
diff
changeset
|
1346 } |
ec01b1d1fff1
Mail: client SSL certificates support.
Maxim Dounin <mdounin@mdounin.ru>
parents:
5988
diff
changeset
|
1347 |
ec01b1d1fff1
Mail: client SSL certificates support.
Maxim Dounin <mdounin@mdounin.ru>
parents:
5988
diff
changeset
|
1348 if (serial.len) { |
ec01b1d1fff1
Mail: client SSL certificates support.
Maxim Dounin <mdounin@mdounin.ru>
parents:
5988
diff
changeset
|
1349 b->last = ngx_cpymem(b->last, "Auth-SSL-Serial: ", |
ec01b1d1fff1
Mail: client SSL certificates support.
Maxim Dounin <mdounin@mdounin.ru>
parents:
5988
diff
changeset
|
1350 sizeof("Auth-SSL-Serial: ") - 1); |
ec01b1d1fff1
Mail: client SSL certificates support.
Maxim Dounin <mdounin@mdounin.ru>
parents:
5988
diff
changeset
|
1351 b->last = ngx_copy(b->last, serial.data, serial.len); |
ec01b1d1fff1
Mail: client SSL certificates support.
Maxim Dounin <mdounin@mdounin.ru>
parents:
5988
diff
changeset
|
1352 *b->last++ = CR; *b->last++ = LF; |
ec01b1d1fff1
Mail: client SSL certificates support.
Maxim Dounin <mdounin@mdounin.ru>
parents:
5988
diff
changeset
|
1353 } |
ec01b1d1fff1
Mail: client SSL certificates support.
Maxim Dounin <mdounin@mdounin.ru>
parents:
5988
diff
changeset
|
1354 |
ec01b1d1fff1
Mail: client SSL certificates support.
Maxim Dounin <mdounin@mdounin.ru>
parents:
5988
diff
changeset
|
1355 if (fingerprint.len) { |
ec01b1d1fff1
Mail: client SSL certificates support.
Maxim Dounin <mdounin@mdounin.ru>
parents:
5988
diff
changeset
|
1356 b->last = ngx_cpymem(b->last, "Auth-SSL-Fingerprint: ", |
ec01b1d1fff1
Mail: client SSL certificates support.
Maxim Dounin <mdounin@mdounin.ru>
parents:
5988
diff
changeset
|
1357 sizeof("Auth-SSL-Fingerprint: ") - 1); |
ec01b1d1fff1
Mail: client SSL certificates support.
Maxim Dounin <mdounin@mdounin.ru>
parents:
5988
diff
changeset
|
1358 b->last = ngx_copy(b->last, fingerprint.data, fingerprint.len); |
ec01b1d1fff1
Mail: client SSL certificates support.
Maxim Dounin <mdounin@mdounin.ru>
parents:
5988
diff
changeset
|
1359 *b->last++ = CR; *b->last++ = LF; |
ec01b1d1fff1
Mail: client SSL certificates support.
Maxim Dounin <mdounin@mdounin.ru>
parents:
5988
diff
changeset
|
1360 } |
ec01b1d1fff1
Mail: client SSL certificates support.
Maxim Dounin <mdounin@mdounin.ru>
parents:
5988
diff
changeset
|
1361 |
ec01b1d1fff1
Mail: client SSL certificates support.
Maxim Dounin <mdounin@mdounin.ru>
parents:
5988
diff
changeset
|
1362 if (cert.len) { |
ec01b1d1fff1
Mail: client SSL certificates support.
Maxim Dounin <mdounin@mdounin.ru>
parents:
5988
diff
changeset
|
1363 b->last = ngx_cpymem(b->last, "Auth-SSL-Cert: ", |
ec01b1d1fff1
Mail: client SSL certificates support.
Maxim Dounin <mdounin@mdounin.ru>
parents:
5988
diff
changeset
|
1364 sizeof("Auth-SSL-Cert: ") - 1); |
ec01b1d1fff1
Mail: client SSL certificates support.
Maxim Dounin <mdounin@mdounin.ru>
parents:
5988
diff
changeset
|
1365 b->last = ngx_copy(b->last, cert.data, cert.len); |
ec01b1d1fff1
Mail: client SSL certificates support.
Maxim Dounin <mdounin@mdounin.ru>
parents:
5988
diff
changeset
|
1366 *b->last++ = CR; *b->last++ = LF; |
ec01b1d1fff1
Mail: client SSL certificates support.
Maxim Dounin <mdounin@mdounin.ru>
parents:
5988
diff
changeset
|
1367 } |
5988
3b3f789655dc
Mail: added Auth-SSL header to indicate SSL.
Maxim Dounin <mdounin@mdounin.ru>
parents:
5987
diff
changeset
|
1368 } |
3b3f789655dc
Mail: added Auth-SSL header to indicate SSL.
Maxim Dounin <mdounin@mdounin.ru>
parents:
5987
diff
changeset
|
1369 |
3b3f789655dc
Mail: added Auth-SSL header to indicate SSL.
Maxim Dounin <mdounin@mdounin.ru>
parents:
5987
diff
changeset
|
1370 #endif |
3b3f789655dc
Mail: added Auth-SSL header to indicate SSL.
Maxim Dounin <mdounin@mdounin.ru>
parents:
5987
diff
changeset
|
1371 |
573 | 1372 if (ahcf->header.len) { |
1373 b->last = ngx_copy(b->last, ahcf->header.data, ahcf->header.len); | |
1374 } | |
1375 | |
521 | 1376 /* add "\r\n" at the header end */ |
1377 *b->last++ = CR; *b->last++ = LF; | |
1378 | |
1136 | 1379 #if (NGX_DEBUG_MAIL_PASSWD) |
6001
add12ee1d01c
Style: use %*s format, as in 68d21fd1dc64.
Ruslan Ermilov <ru@nginx.com>
parents:
5990
diff
changeset
|
1380 ngx_log_debug2(NGX_LOG_DEBUG_MAIL, s->connection->log, 0, |
add12ee1d01c
Style: use %*s format, as in 68d21fd1dc64.
Ruslan Ermilov <ru@nginx.com>
parents:
5990
diff
changeset
|
1381 "mail auth http header:%N\"%*s\"", |
add12ee1d01c
Style: use %*s format, as in 68d21fd1dc64.
Ruslan Ermilov <ru@nginx.com>
parents:
5990
diff
changeset
|
1382 (size_t) (b->last - b->pos), b->pos); |
521 | 1383 #endif |
1384 | |
1385 return b; | |
1386 } | |
1387 | |
1388 | |
633 | 1389 static ngx_int_t |
1136 | 1390 ngx_mail_auth_http_escape(ngx_pool_t *pool, ngx_str_t *text, ngx_str_t *escaped) |
633 | 1391 { |
1405
fdd064faf26a
escape " ", "%", and %00-%1F in login and password
Igor Sysoev <igor@sysoev.ru>
parents:
1392
diff
changeset
|
1392 u_char *p; |
fdd064faf26a
escape " ", "%", and %00-%1F in login and password
Igor Sysoev <igor@sysoev.ru>
parents:
1392
diff
changeset
|
1393 uintptr_t n; |
633 | 1394 |
1405
fdd064faf26a
escape " ", "%", and %00-%1F in login and password
Igor Sysoev <igor@sysoev.ru>
parents:
1392
diff
changeset
|
1395 n = ngx_escape_uri(NULL, text->data, text->len, NGX_ESCAPE_MAIL_AUTH); |
633 | 1396 |
1397 if (n == 0) { | |
1398 *escaped = *text; | |
1399 return NGX_OK; | |
1400 } | |
1401 | |
1402 escaped->len = text->len + n * 2; | |
1403 | |
2049 | 1404 p = ngx_pnalloc(pool, escaped->len); |
633 | 1405 if (p == NULL) { |
1406 return NGX_ERROR; | |
1407 } | |
1408 | |
1405
fdd064faf26a
escape " ", "%", and %00-%1F in login and password
Igor Sysoev <igor@sysoev.ru>
parents:
1392
diff
changeset
|
1409 (void) ngx_escape_uri(p, text->data, text->len, NGX_ESCAPE_MAIL_AUTH); |
633 | 1410 |
1405
fdd064faf26a
escape " ", "%", and %00-%1F in login and password
Igor Sysoev <igor@sysoev.ru>
parents:
1392
diff
changeset
|
1411 escaped->data = p; |
633 | 1412 |
1413 return NGX_OK; | |
1414 } | |
1415 | |
1416 | |
521 | 1417 static void * |
1136 | 1418 ngx_mail_auth_http_create_conf(ngx_conf_t *cf) |
577 | 1419 { |
1136 | 1420 ngx_mail_auth_http_conf_t *ahcf; |
577 | 1421 |
1136 | 1422 ahcf = ngx_pcalloc(cf->pool, sizeof(ngx_mail_auth_http_conf_t)); |
521 | 1423 if (ahcf == NULL) { |
2912
c7d57b539248
return NULL instead of NGX_CONF_ERROR on a create conf failure
Igor Sysoev <igor@sysoev.ru>
parents:
2855
diff
changeset
|
1424 return NULL; |
521 | 1425 } |
1426 | |
1427 ahcf->timeout = NGX_CONF_UNSET_MSEC; | |
5989
ec01b1d1fff1
Mail: client SSL certificates support.
Maxim Dounin <mdounin@mdounin.ru>
parents:
5988
diff
changeset
|
1428 ahcf->pass_client_cert = NGX_CONF_UNSET; |
521 | 1429 |
1392 | 1430 ahcf->file = cf->conf_file->file.name.data; |
1431 ahcf->line = cf->conf_file->line; | |
1432 | |
521 | 1433 return ahcf; |
1434 } | |
1435 | |
1436 | |
1437 static char * | |
1136 | 1438 ngx_mail_auth_http_merge_conf(ngx_conf_t *cf, void *parent, void *child) |
521 | 1439 { |
1136 | 1440 ngx_mail_auth_http_conf_t *prev = parent; |
1441 ngx_mail_auth_http_conf_t *conf = child; | |
521 | 1442 |
573 | 1443 u_char *p; |
1444 size_t len; | |
1445 ngx_uint_t i; | |
1446 ngx_table_elt_t *header; | |
1447 | |
884 | 1448 if (conf->peer == NULL) { |
1449 conf->peer = prev->peer; | |
521 | 1450 conf->host_header = prev->host_header; |
1451 conf->uri = prev->uri; | |
1392 | 1452 |
1453 if (conf->peer == NULL) { | |
1454 ngx_log_error(NGX_LOG_EMERG, cf->log, 0, | |
4812
785ae4de268b
Corrected the directive name in the ngx_mail_auth_http_module error message.
Ruslan Ermilov <ru@nginx.com>
parents:
4412
diff
changeset
|
1455 "no \"auth_http\" is defined for server in %s:%ui", |
1392 | 1456 conf->file, conf->line); |
1457 | |
1458 return NGX_CONF_ERROR; | |
1459 } | |
521 | 1460 } |
1461 | |
1462 ngx_conf_merge_msec_value(conf->timeout, prev->timeout, 60000); | |
1463 | |
5989
ec01b1d1fff1
Mail: client SSL certificates support.
Maxim Dounin <mdounin@mdounin.ru>
parents:
5988
diff
changeset
|
1464 ngx_conf_merge_value(conf->pass_client_cert, prev->pass_client_cert, 0); |
ec01b1d1fff1
Mail: client SSL certificates support.
Maxim Dounin <mdounin@mdounin.ru>
parents:
5988
diff
changeset
|
1465 |
573 | 1466 if (conf->headers == NULL) { |
1467 conf->headers = prev->headers; | |
1468 conf->header = prev->header; | |
1469 } | |
1470 | |
1471 if (conf->headers && conf->header.len == 0) { | |
1472 len = 0; | |
1473 header = conf->headers->elts; | |
1474 for (i = 0; i < conf->headers->nelts; i++) { | |
1475 len += header[i].key.len + 2 + header[i].value.len + 2; | |
1476 } | |
1477 | |
2049 | 1478 p = ngx_pnalloc(cf->pool, len); |
573 | 1479 if (p == NULL) { |
1480 return NGX_CONF_ERROR; | |
1481 } | |
1482 | |
1483 conf->header.len = len; | |
1484 conf->header.data = p; | |
1485 | |
1486 for (i = 0; i < conf->headers->nelts; i++) { | |
1487 p = ngx_cpymem(p, header[i].key.data, header[i].key.len); | |
1488 *p++ = ':'; *p++ = ' '; | |
1489 p = ngx_cpymem(p, header[i].value.data, header[i].value.len); | |
1490 *p++ = CR; *p++ = LF; | |
1491 } | |
1492 } | |
1493 | |
521 | 1494 return NGX_CONF_OK; |
1495 } | |
1496 | |
1497 | |
1498 static char * | |
1136 | 1499 ngx_mail_auth_http(ngx_conf_t *cf, ngx_command_t *cmd, void *conf) |
577 | 1500 { |
1136 | 1501 ngx_mail_auth_http_conf_t *ahcf = conf; |
521 | 1502 |
805
8ee450f30c25
now the "auth_http" directive uses ngx_parse_url()
Igor Sysoev <igor@sysoev.ru>
parents:
800
diff
changeset
|
1503 ngx_str_t *value; |
8ee450f30c25
now the "auth_http" directive uses ngx_parse_url()
Igor Sysoev <igor@sysoev.ru>
parents:
800
diff
changeset
|
1504 ngx_url_t u; |
573 | 1505 |
521 | 1506 value = cf->args->elts; |
1507 | |
805
8ee450f30c25
now the "auth_http" directive uses ngx_parse_url()
Igor Sysoev <igor@sysoev.ru>
parents:
800
diff
changeset
|
1508 ngx_memzero(&u, sizeof(ngx_url_t)); |
521 | 1509 |
805
8ee450f30c25
now the "auth_http" directive uses ngx_parse_url()
Igor Sysoev <igor@sysoev.ru>
parents:
800
diff
changeset
|
1510 u.url = value[1]; |
906 | 1511 u.default_port = 80; |
805
8ee450f30c25
now the "auth_http" directive uses ngx_parse_url()
Igor Sysoev <igor@sysoev.ru>
parents:
800
diff
changeset
|
1512 u.uri_part = 1; |
577 | 1513 |
1391
4eed21047e4d
allow "http://" in auth_http URL
Igor Sysoev <igor@sysoev.ru>
parents:
1390
diff
changeset
|
1514 if (ngx_strncmp(u.url.data, "http://", 7) == 0) { |
4eed21047e4d
allow "http://" in auth_http URL
Igor Sysoev <igor@sysoev.ru>
parents:
1390
diff
changeset
|
1515 u.url.len -= 7; |
4eed21047e4d
allow "http://" in auth_http URL
Igor Sysoev <igor@sysoev.ru>
parents:
1390
diff
changeset
|
1516 u.url.data += 7; |
4eed21047e4d
allow "http://" in auth_http URL
Igor Sysoev <igor@sysoev.ru>
parents:
1390
diff
changeset
|
1517 } |
4eed21047e4d
allow "http://" in auth_http URL
Igor Sysoev <igor@sysoev.ru>
parents:
1390
diff
changeset
|
1518 |
1559
fe11e2a3946d
use pool instead of ngx_conf_t
Igor Sysoev <igor@sysoev.ru>
parents:
1487
diff
changeset
|
1519 if (ngx_parse_url(cf->pool, &u) != NGX_OK) { |
805
8ee450f30c25
now the "auth_http" directive uses ngx_parse_url()
Igor Sysoev <igor@sysoev.ru>
parents:
800
diff
changeset
|
1520 if (u.err) { |
8ee450f30c25
now the "auth_http" directive uses ngx_parse_url()
Igor Sysoev <igor@sysoev.ru>
parents:
800
diff
changeset
|
1521 ngx_conf_log_error(NGX_LOG_EMERG, cf, 0, |
8ee450f30c25
now the "auth_http" directive uses ngx_parse_url()
Igor Sysoev <igor@sysoev.ru>
parents:
800
diff
changeset
|
1522 "%s in auth_http \"%V\"", u.err, &u.url); |
8ee450f30c25
now the "auth_http" directive uses ngx_parse_url()
Igor Sysoev <igor@sysoev.ru>
parents:
800
diff
changeset
|
1523 } |
1390 | 1524 |
1525 return NGX_CONF_ERROR; | |
805
8ee450f30c25
now the "auth_http" directive uses ngx_parse_url()
Igor Sysoev <igor@sysoev.ru>
parents:
800
diff
changeset
|
1526 } |
521 | 1527 |
884 | 1528 ahcf->peer = u.addrs; |
521 | 1529 |
3406
a2a5812cf4f4
use "localhost" in "Host" header line, if unix socket is used in "auth_http"
Igor Sysoev <igor@sysoev.ru>
parents:
3269
diff
changeset
|
1530 if (u.family != AF_UNIX) { |
a2a5812cf4f4
use "localhost" in "Host" header line, if unix socket is used in "auth_http"
Igor Sysoev <igor@sysoev.ru>
parents:
3269
diff
changeset
|
1531 ahcf->host_header = u.host; |
a2a5812cf4f4
use "localhost" in "Host" header line, if unix socket is used in "auth_http"
Igor Sysoev <igor@sysoev.ru>
parents:
3269
diff
changeset
|
1532 |
a2a5812cf4f4
use "localhost" in "Host" header line, if unix socket is used in "auth_http"
Igor Sysoev <igor@sysoev.ru>
parents:
3269
diff
changeset
|
1533 } else { |
3516
dd1570b6f237
ngx_str_set() and ngx_str_null()
Igor Sysoev <igor@sysoev.ru>
parents:
3406
diff
changeset
|
1534 ngx_str_set(&ahcf->host_header, "localhost"); |
3406
a2a5812cf4f4
use "localhost" in "Host" header line, if unix socket is used in "auth_http"
Igor Sysoev <igor@sysoev.ru>
parents:
3269
diff
changeset
|
1535 } |
a2a5812cf4f4
use "localhost" in "Host" header line, if unix socket is used in "auth_http"
Igor Sysoev <igor@sysoev.ru>
parents:
3269
diff
changeset
|
1536 |
805
8ee450f30c25
now the "auth_http" directive uses ngx_parse_url()
Igor Sysoev <igor@sysoev.ru>
parents:
800
diff
changeset
|
1537 ahcf->uri = u.uri; |
521 | 1538 |
559 | 1539 if (ahcf->uri.len == 0) { |
3516
dd1570b6f237
ngx_str_set() and ngx_str_null()
Igor Sysoev <igor@sysoev.ru>
parents:
3406
diff
changeset
|
1540 ngx_str_set(&ahcf->uri, "/"); |
555 | 1541 } |
1542 | |
521 | 1543 return NGX_CONF_OK; |
1544 } | |
573 | 1545 |
1546 | |
1547 static char * | |
1136 | 1548 ngx_mail_auth_http_header(ngx_conf_t *cf, ngx_command_t *cmd, void *conf) |
577 | 1549 { |
1136 | 1550 ngx_mail_auth_http_conf_t *ahcf = conf; |
573 | 1551 |
1552 ngx_str_t *value; | |
1553 ngx_table_elt_t *header; | |
1554 | |
1555 if (ahcf->headers == NULL) { | |
1556 ahcf->headers = ngx_array_create(cf->pool, 1, sizeof(ngx_table_elt_t)); | |
1557 if (ahcf->headers == NULL) { | |
1558 return NGX_CONF_ERROR; | |
1559 } | |
1560 } | |
1561 | |
1562 header = ngx_array_push(ahcf->headers); | |
1563 if (header == NULL) { | |
1564 return NGX_CONF_ERROR; | |
1565 } | |
1566 | |
1567 value = cf->args->elts; | |
1568 | |
1569 header->key = value[1]; | |
1570 header->value = value[2]; | |
1571 | |
1572 return NGX_CONF_OK; | |
1573 } |