|
76
|
1
|
|
|
2 /*
|
|
|
3 * Copyright (C) Igor Sysoev
|
|
|
4 */
|
|
|
5
|
|
|
6
|
|
|
7 #include <ngx_config.h>
|
|
|
8 #include <ngx_core.h>
|
|
|
9 #include <ngx_event.h>
|
|
|
10 #include <ngx_imap.h>
|
|
|
11
|
|
|
12
|
|
96
|
13 static void ngx_imap_init_session(ngx_connection_t *c);
|
|
90
|
14 static void ngx_imap_init_protocol(ngx_event_t *rev);
|
|
76
|
15 static ngx_int_t ngx_imap_read_command(ngx_imap_session_t *s);
|
|
90
|
16 static u_char *ngx_imap_log_error(ngx_log_t *log, u_char *buf, size_t len);
|
|
76
|
17
|
|
88
|
18 #if (NGX_IMAP_SSL)
|
|
132
|
19 static void ngx_imap_ssl_init_connection(ngx_ssl_t *ssl, ngx_connection_t *c);
|
|
96
|
20 static void ngx_imap_ssl_handshake_handler(ngx_connection_t *c);
|
|
88
|
21 #endif
|
|
|
22
|
|
76
|
23
|
|
|
24 static ngx_str_t greetings[] = {
|
|
|
25 ngx_string("+OK POP3 ready" CRLF),
|
|
78
|
26 ngx_string("* OK IMAP4 ready" CRLF)
|
|
76
|
27 };
|
|
|
28
|
|
|
29 static ngx_str_t internal_server_errors[] = {
|
|
|
30 ngx_string("-ERR internal server error" CRLF),
|
|
|
31 ngx_string("* BAD internal server error" CRLF),
|
|
|
32 };
|
|
|
33
|
|
|
34 static u_char pop3_ok[] = "+OK" CRLF;
|
|
252
|
35 static u_char pop3_next[] = "+ " CRLF;
|
|
|
36 static u_char pop3_username[] = "+ VXNlcm5hbWU6" CRLF;
|
|
|
37 static u_char pop3_password[] = "+ UGFzc3dvcmQ6" CRLF;
|
|
76
|
38 static u_char pop3_invalid_command[] = "-ERR invalid command" CRLF;
|
|
|
39
|
|
92
|
40 static u_char imap_star[] = "* ";
|
|
78
|
41 static u_char imap_ok[] = "OK completed" CRLF;
|
|
76
|
42 static u_char imap_next[] = "+ OK" CRLF;
|
|
|
43 static u_char imap_bye[] = "* BYE" CRLF;
|
|
|
44 static u_char imap_invalid_command[] = "BAD invalid command" CRLF;
|
|
|
45
|
|
|
46
|
|
|
47 void
|
|
|
48 ngx_imap_init_connection(ngx_connection_t *c)
|
|
|
49 {
|
|
190
|
50 in_addr_t in_addr;
|
|
|
51 socklen_t len;
|
|
|
52 ngx_uint_t i;
|
|
|
53 struct sockaddr_in sin;
|
|
|
54 ngx_imap_log_ctx_t *ctx;
|
|
|
55 ngx_imap_in_port_t *imip;
|
|
|
56 ngx_imap_in_addr_t *imia;
|
|
|
57 ngx_imap_session_t *s;
|
|
92
|
58 #if (NGX_IMAP_SSL)
|
|
132
|
59 ngx_imap_ssl_conf_t *sslcf;
|
|
92
|
60 #endif
|
|
90
|
61
|
|
190
|
62
|
|
|
63 /* find the server configuration for the address:port */
|
|
|
64
|
|
|
65 /* AF_INET only */
|
|
|
66
|
|
|
67 imip = c->listening->servers;
|
|
|
68 imia = imip->addrs;
|
|
|
69
|
|
|
70 i = 0;
|
|
|
71
|
|
|
72 if (imip->naddrs > 1) {
|
|
|
73
|
|
|
74 /*
|
|
|
75 * There are several addresses on this port and one of them
|
|
|
76 * is the "*:port" wildcard so getsockname() is needed to determine
|
|
|
77 * the server address.
|
|
|
78 *
|
|
|
79 * AcceptEx() already gave this address.
|
|
|
80 */
|
|
|
81
|
|
|
82 #if (NGX_WIN32)
|
|
|
83 if (c->local_sockaddr) {
|
|
|
84 in_addr =
|
|
|
85 ((struct sockaddr_in *) c->local_sockaddr)->sin_addr.s_addr;
|
|
90
|
86
|
|
190
|
87 } else
|
|
|
88 #endif
|
|
|
89 {
|
|
|
90 len = sizeof(struct sockaddr_in);
|
|
|
91 if (getsockname(c->fd, (struct sockaddr *) &sin, &len) == -1) {
|
|
|
92 ngx_connection_error(c, ngx_socket_errno,
|
|
|
93 "getsockname() failed");
|
|
|
94 ngx_imap_close_connection(c);
|
|
|
95 return;
|
|
|
96 }
|
|
|
97
|
|
|
98 in_addr = sin.sin_addr.s_addr;
|
|
|
99 }
|
|
|
100
|
|
|
101 /* the last address is "*" */
|
|
|
102
|
|
|
103 for ( /* void */ ; i < imip->naddrs - 1; i++) {
|
|
|
104 if (in_addr == imia[i].addr) {
|
|
|
105 break;
|
|
|
106 }
|
|
|
107 }
|
|
|
108 }
|
|
|
109
|
|
|
110
|
|
|
111 s = ngx_pcalloc(c->pool, sizeof(ngx_imap_session_t));
|
|
|
112 if (s == NULL) {
|
|
90
|
113 ngx_imap_close_connection(c);
|
|
|
114 return;
|
|
126
|
115 }
|
|
90
|
116
|
|
190
|
117 s->main_conf = imia[i].ctx->main_conf;
|
|
|
118 s->srv_conf = imia[i].ctx->srv_conf;
|
|
|
119
|
|
|
120 s->addr_text = &imia[i].addr_text;
|
|
|
121
|
|
|
122 c->data = s;
|
|
|
123 s->connection = c;
|
|
|
124
|
|
|
125 ngx_log_error(NGX_LOG_INFO, c->log, 0, "*%ui client %V connected to %V",
|
|
|
126 c->number, &c->addr_text, s->addr_text);
|
|
|
127
|
|
|
128 ctx = ngx_palloc(c->pool, sizeof(ngx_imap_log_ctx_t));
|
|
|
129 if (ctx == NULL) {
|
|
|
130 ngx_imap_close_connection(c);
|
|
|
131 return;
|
|
|
132 }
|
|
|
133
|
|
|
134 ctx->client = &c->addr_text;
|
|
|
135 ctx->session = s;
|
|
90
|
136
|
|
|
137 c->log->connection = c->number;
|
|
|
138 c->log->handler = ngx_imap_log_error;
|
|
190
|
139 c->log->data = ctx;
|
|
90
|
140 c->log->action = "sending client greeting line";
|
|
|
141
|
|
|
142 c->log_error = NGX_ERROR_INFO;
|
|
|
143
|
|
92
|
144 #if (NGX_IMAP_SSL)
|
|
|
145
|
|
190
|
146 sslcf = ngx_imap_get_module_srv_conf(s, ngx_imap_ssl_module);
|
|
92
|
147
|
|
|
148 if (sslcf->enable) {
|
|
132
|
149 ngx_imap_ssl_init_connection(&sslcf->ssl, c);
|
|
96
|
150 return;
|
|
92
|
151 }
|
|
|
152
|
|
|
153 #endif
|
|
|
154
|
|
96
|
155 ngx_imap_init_session(c);
|
|
90
|
156 }
|
|
|
157
|
|
|
158
|
|
96
|
159 #if (NGX_IMAP_SSL)
|
|
|
160
|
|
90
|
161 static void
|
|
132
|
162 ngx_imap_starttls_handler(ngx_event_t *rev)
|
|
|
163 {
|
|
|
164 ngx_connection_t *c;
|
|
|
165 ngx_imap_session_t *s;
|
|
|
166 ngx_imap_ssl_conf_t *sslcf;
|
|
|
167
|
|
|
168 c = rev->data;
|
|
|
169 s = c->data;
|
|
190
|
170 s->starttls = 1;
|
|
132
|
171
|
|
|
172 c->log->action = "in starttls state";
|
|
|
173
|
|
|
174 sslcf = ngx_imap_get_module_srv_conf(s, ngx_imap_ssl_module);
|
|
|
175
|
|
|
176 ngx_imap_ssl_init_connection(&sslcf->ssl, c);
|
|
|
177 }
|
|
|
178
|
|
|
179
|
|
|
180 static void
|
|
|
181 ngx_imap_ssl_init_connection(ngx_ssl_t *ssl, ngx_connection_t *c)
|
|
|
182 {
|
|
190
|
183 ngx_imap_session_t *s;
|
|
132
|
184 ngx_imap_core_srv_conf_t *cscf;
|
|
|
185
|
|
|
186 if (ngx_ssl_create_connection(ssl, c, 0) == NGX_ERROR) {
|
|
|
187 ngx_imap_close_connection(c);
|
|
|
188 return;
|
|
|
189 }
|
|
|
190
|
|
|
191 if (ngx_ssl_handshake(c) == NGX_AGAIN) {
|
|
|
192
|
|
190
|
193 s = c->data;
|
|
|
194
|
|
|
195 cscf = ngx_imap_get_module_srv_conf(s, ngx_imap_core_module);
|
|
132
|
196
|
|
|
197 ngx_add_timer(c->read, cscf->timeout);
|
|
|
198
|
|
|
199 c->ssl->handler = ngx_imap_ssl_handshake_handler;
|
|
|
200
|
|
|
201 return;
|
|
|
202 }
|
|
|
203
|
|
|
204 ngx_imap_ssl_handshake_handler(c);
|
|
|
205 }
|
|
|
206
|
|
|
207
|
|
|
208 static void
|
|
96
|
209 ngx_imap_ssl_handshake_handler(ngx_connection_t *c)
|
|
126
|
210 {
|
|
190
|
211 ngx_imap_session_t *s;
|
|
|
212
|
|
96
|
213 if (c->ssl->handshaked) {
|
|
132
|
214
|
|
190
|
215 s = c->data;
|
|
|
216
|
|
|
217 if (s->starttls) {
|
|
132
|
218 c->read->handler = ngx_imap_init_protocol;
|
|
|
219 c->write->handler = ngx_imap_send;
|
|
|
220
|
|
|
221 ngx_imap_init_protocol(c->read);
|
|
|
222
|
|
|
223 return;
|
|
|
224 }
|
|
|
225
|
|
96
|
226 ngx_imap_init_session(c);
|
|
|
227 return;
|
|
|
228 }
|
|
|
229
|
|
|
230 ngx_imap_close_connection(c);
|
|
|
231 }
|
|
|
232
|
|
|
233 #endif
|
|
|
234
|
|
|
235
|
|
|
236 static void
|
|
|
237 ngx_imap_init_session(ngx_connection_t *c)
|
|
90
|
238 {
|
|
250
|
239 u_char *p;
|
|
88
|
240 ngx_imap_session_t *s;
|
|
90
|
241 ngx_imap_core_srv_conf_t *cscf;
|
|
76
|
242
|
|
96
|
243 c->read->handler = ngx_imap_init_protocol;
|
|
|
244 c->write->handler = ngx_imap_send;
|
|
88
|
245
|
|
190
|
246 s = c->data;
|
|
76
|
247
|
|
190
|
248 cscf = ngx_imap_get_module_srv_conf(s, ngx_imap_core_module);
|
|
88
|
249
|
|
|
250 s->protocol = cscf->protocol;
|
|
|
251
|
|
|
252 s->ctx = ngx_pcalloc(c->pool, sizeof(void *) * ngx_imap_max_module);
|
|
|
253 if (s->ctx == NULL) {
|
|
|
254 ngx_imap_session_internal_server_error(s);
|
|
|
255 return;
|
|
|
256 }
|
|
|
257
|
|
|
258 s->out = greetings[s->protocol];
|
|
|
259
|
|
250
|
260 if ((cscf->auth_methods & NGX_IMAP_AUTH_APOP_ENABLED)
|
|
|
261 && s->protocol == NGX_IMAP_POP3_PROTOCOL)
|
|
|
262 {
|
|
|
263 s->salt.data = ngx_palloc(c->pool,
|
|
|
264 sizeof(" <18446744073709551616.@>" CRLF) - 1
|
|
|
265 + NGX_TIME_T_LEN
|
|
|
266 + cscf->server_name.len);
|
|
|
267 if (s->salt.data == NULL) {
|
|
|
268 ngx_imap_session_internal_server_error(s);
|
|
|
269 return;
|
|
|
270 }
|
|
|
271
|
|
|
272 s->salt.len = ngx_sprintf(s->salt.data, "<%ul.%T@%V>" CRLF,
|
|
|
273 ngx_random(), ngx_time(), &cscf->server_name)
|
|
|
274 - s->salt.data;
|
|
|
275
|
|
|
276 s->out.data = ngx_palloc(c->pool, greetings[0].len + 1 + s->salt.len);
|
|
|
277 if (s->out.data == NULL) {
|
|
|
278 ngx_imap_session_internal_server_error(s);
|
|
|
279 return;
|
|
|
280 }
|
|
|
281
|
|
|
282 p = ngx_cpymem(s->out.data, greetings[0].data, greetings[0].len - 2);
|
|
|
283 *p++ = ' ';
|
|
|
284 p = ngx_cpymem(p, s->salt.data, s->salt.len);
|
|
|
285
|
|
|
286 s->out.len = p - s->out.data;
|
|
|
287 }
|
|
|
288
|
|
96
|
289 ngx_add_timer(c->read, cscf->timeout);
|
|
76
|
290
|
|
96
|
291 if (ngx_handle_read_event(c->read, 0) == NGX_ERROR) {
|
|
76
|
292 ngx_imap_close_connection(c);
|
|
|
293 }
|
|
88
|
294
|
|
|
295 ngx_imap_send(c->write);
|
|
|
296 }
|
|
|
297
|
|
|
298
|
|
|
299 void
|
|
|
300 ngx_imap_send(ngx_event_t *wev)
|
|
|
301 {
|
|
90
|
302 ngx_int_t n;
|
|
|
303 ngx_connection_t *c;
|
|
|
304 ngx_imap_session_t *s;
|
|
|
305 ngx_imap_core_srv_conf_t *cscf;
|
|
88
|
306
|
|
|
307 c = wev->data;
|
|
|
308 s = c->data;
|
|
|
309
|
|
|
310 if (wev->timedout) {
|
|
|
311 ngx_log_error(NGX_LOG_INFO, c->log, NGX_ETIMEDOUT, "client timed out");
|
|
126
|
312 c->timedout = 1;
|
|
88
|
313 ngx_imap_close_connection(c);
|
|
|
314 return;
|
|
|
315 }
|
|
|
316
|
|
|
317 if (s->out.len == 0) {
|
|
|
318 if (ngx_handle_write_event(c->write, 0) == NGX_ERROR) {
|
|
|
319 ngx_imap_close_connection(c);
|
|
|
320 }
|
|
|
321
|
|
|
322 return;
|
|
|
323 }
|
|
|
324
|
|
|
325 n = c->send(c, s->out.data, s->out.len);
|
|
|
326
|
|
|
327 if (n > 0) {
|
|
|
328 s->out.len -= n;
|
|
|
329
|
|
90
|
330 if (wev->timer_set) {
|
|
|
331 ngx_del_timer(wev);
|
|
|
332 }
|
|
|
333
|
|
88
|
334 if (s->quit) {
|
|
|
335 ngx_imap_close_connection(c);
|
|
|
336 return;
|
|
|
337 }
|
|
|
338
|
|
|
339 if (s->blocked) {
|
|
|
340 c->read->handler(c->read);
|
|
|
341 }
|
|
|
342
|
|
|
343 return;
|
|
|
344 }
|
|
|
345
|
|
|
346 if (n == NGX_ERROR) {
|
|
|
347 ngx_imap_close_connection(c);
|
|
|
348 return;
|
|
|
349 }
|
|
|
350
|
|
|
351 /* n == NGX_AGAIN */
|
|
|
352
|
|
90
|
353 cscf = ngx_imap_get_module_srv_conf(s, ngx_imap_core_module);
|
|
|
354
|
|
|
355 ngx_add_timer(c->write, cscf->timeout);
|
|
|
356
|
|
88
|
357 if (ngx_handle_write_event(c->write, 0) == NGX_ERROR) {
|
|
|
358 ngx_imap_close_connection(c);
|
|
|
359 return;
|
|
|
360 }
|
|
76
|
361 }
|
|
|
362
|
|
|
363
|
|
|
364 static void
|
|
90
|
365 ngx_imap_init_protocol(ngx_event_t *rev)
|
|
76
|
366 {
|
|
|
367 size_t size;
|
|
|
368 ngx_connection_t *c;
|
|
|
369 ngx_imap_session_t *s;
|
|
|
370 ngx_imap_core_srv_conf_t *cscf;
|
|
|
371
|
|
|
372 c = rev->data;
|
|
|
373
|
|
90
|
374 c->log->action = "in auth state";
|
|
|
375
|
|
76
|
376 if (rev->timedout) {
|
|
|
377 ngx_log_error(NGX_LOG_INFO, c->log, NGX_ETIMEDOUT, "client timed out");
|
|
126
|
378 c->timedout = 1;
|
|
76
|
379 ngx_imap_close_connection(c);
|
|
|
380 return;
|
|
|
381 }
|
|
|
382
|
|
88
|
383 s = c->data;
|
|
76
|
384
|
|
88
|
385 if (s->protocol == NGX_IMAP_POP3_PROTOCOL) {
|
|
76
|
386 size = 128;
|
|
|
387 s->imap_state = ngx_pop3_start;
|
|
|
388 c->read->handler = ngx_pop3_auth_state;
|
|
|
389
|
|
|
390 } else {
|
|
88
|
391 cscf = ngx_imap_get_module_srv_conf(s, ngx_imap_core_module);
|
|
76
|
392 size = cscf->imap_client_buffer_size;
|
|
|
393 s->imap_state = ngx_imap_start;
|
|
|
394 c->read->handler = ngx_imap_auth_state;
|
|
|
395 }
|
|
|
396
|
|
|
397 if (s->buffer == NULL) {
|
|
132
|
398 if (ngx_array_init(&s->args, c->pool, 2, sizeof(ngx_str_t))
|
|
|
399 == NGX_ERROR)
|
|
|
400 {
|
|
|
401 ngx_imap_session_internal_server_error(s);
|
|
|
402 return;
|
|
|
403 }
|
|
|
404
|
|
|
405 s->buffer = ngx_create_temp_buf(c->pool, size);
|
|
|
406 if (s->buffer == NULL) {
|
|
|
407 ngx_imap_session_internal_server_error(s);
|
|
|
408 return;
|
|
|
409 }
|
|
76
|
410 }
|
|
|
411
|
|
|
412 c->read->handler(rev);
|
|
|
413 }
|
|
|
414
|
|
|
415
|
|
|
416 void
|
|
|
417 ngx_imap_auth_state(ngx_event_t *rev)
|
|
|
418 {
|
|
92
|
419 u_char *text, *last, *p, *dst, *src, *end;
|
|
88
|
420 ssize_t text_len, last_len;
|
|
76
|
421 ngx_str_t *arg;
|
|
|
422 ngx_int_t rc;
|
|
92
|
423 ngx_uint_t tag, i;
|
|
76
|
424 ngx_connection_t *c;
|
|
|
425 ngx_imap_session_t *s;
|
|
|
426 ngx_imap_core_srv_conf_t *cscf;
|
|
132
|
427 #if (NGX_IMAP_SSL)
|
|
|
428 ngx_imap_ssl_conf_t *sslcf;
|
|
|
429 #endif
|
|
76
|
430
|
|
|
431 c = rev->data;
|
|
|
432 s = c->data;
|
|
|
433
|
|
|
434 ngx_log_debug0(NGX_LOG_DEBUG_IMAP, c->log, 0, "imap auth state");
|
|
|
435
|
|
|
436 if (rev->timedout) {
|
|
|
437 ngx_log_error(NGX_LOG_INFO, c->log, NGX_ETIMEDOUT, "client timed out");
|
|
126
|
438 c->timedout = 1;
|
|
76
|
439 ngx_imap_close_connection(c);
|
|
|
440 return;
|
|
|
441 }
|
|
|
442
|
|
88
|
443 if (s->out.len) {
|
|
|
444 ngx_log_debug0(NGX_LOG_DEBUG_IMAP, c->log, 0, "imap send handler busy");
|
|
|
445 s->blocked = 1;
|
|
|
446 return;
|
|
|
447 }
|
|
|
448
|
|
|
449 s->blocked = 0;
|
|
|
450
|
|
76
|
451 rc = ngx_imap_read_command(s);
|
|
|
452
|
|
|
453 ngx_log_debug1(NGX_LOG_DEBUG_IMAP, c->log, 0, "imap auth: %i", rc);
|
|
|
454
|
|
|
455 if (rc == NGX_AGAIN || rc == NGX_ERROR) {
|
|
|
456 return;
|
|
|
457 }
|
|
|
458
|
|
|
459 tag = 1;
|
|
|
460
|
|
|
461 text = NULL;
|
|
|
462 text_len = 0;
|
|
|
463
|
|
|
464 last = imap_ok;
|
|
|
465 last_len = sizeof(imap_ok) - 1;
|
|
|
466
|
|
|
467 if (rc == NGX_OK) {
|
|
|
468
|
|
|
469 ngx_log_debug1(NGX_LOG_DEBUG_IMAP, c->log, 0, "imap auth command: %i",
|
|
|
470 s->command);
|
|
|
471
|
|
92
|
472 if (s->backslash) {
|
|
|
473
|
|
|
474 arg = s->args.elts;
|
|
|
475
|
|
|
476 for (i = 0; i < s->args.nelts; i++) {
|
|
|
477 dst = arg[i].data;
|
|
|
478 end = dst + arg[i].len;
|
|
|
479
|
|
|
480 for (src = dst; src < end; dst++) {
|
|
|
481 *dst = *src;
|
|
|
482 if (*src++ == '\\') {
|
|
|
483 *dst = *src++;
|
|
|
484 }
|
|
|
485 }
|
|
|
486
|
|
|
487 arg[i].len = dst - arg[i].data;
|
|
|
488 }
|
|
|
489
|
|
|
490 s->backslash = 0;
|
|
|
491 }
|
|
|
492
|
|
76
|
493 switch (s->command) {
|
|
|
494
|
|
|
495 case NGX_IMAP_LOGIN:
|
|
132
|
496
|
|
|
497 #if (NGX_IMAP_SSL)
|
|
|
498
|
|
|
499 if (c->ssl == NULL) {
|
|
|
500 sslcf = ngx_imap_get_module_srv_conf(s, ngx_imap_ssl_module);
|
|
|
501
|
|
|
502 if (sslcf->starttls == NGX_IMAP_STARTTLS_ONLY) {
|
|
|
503 rc = NGX_IMAP_PARSE_INVALID_COMMAND;
|
|
|
504 break;
|
|
|
505 }
|
|
|
506 }
|
|
|
507 #endif
|
|
|
508
|
|
118
|
509 arg = s->args.elts;
|
|
76
|
510
|
|
118
|
511 if (s->args.nelts == 2 && arg[0].len) {
|
|
76
|
512
|
|
|
513 s->login.len = arg[0].len;
|
|
|
514 s->login.data = ngx_palloc(c->pool, s->login.len);
|
|
|
515 if (s->login.data == NULL) {
|
|
|
516 ngx_imap_session_internal_server_error(s);
|
|
|
517 return;
|
|
|
518 }
|
|
|
519
|
|
|
520 ngx_memcpy(s->login.data, arg[0].data, s->login.len);
|
|
|
521
|
|
|
522 s->passwd.len = arg[1].len;
|
|
|
523 s->passwd.data = ngx_palloc(c->pool, s->passwd.len);
|
|
|
524 if (s->passwd.data == NULL) {
|
|
|
525 ngx_imap_session_internal_server_error(s);
|
|
|
526 return;
|
|
|
527 }
|
|
|
528
|
|
|
529 ngx_memcpy(s->passwd.data, arg[1].data, s->passwd.len);
|
|
|
530
|
|
96
|
531 #if (NGX_DEBUG_IMAP_PASSWD)
|
|
76
|
532 ngx_log_debug2(NGX_LOG_DEBUG_IMAP, c->log, 0,
|
|
|
533 "imap login:\"%V\" passwd:\"%V\"",
|
|
|
534 &s->login, &s->passwd);
|
|
96
|
535 #else
|
|
|
536 ngx_log_debug1(NGX_LOG_DEBUG_IMAP, c->log, 0,
|
|
|
537 "imap login:\"%V\"", &s->login);
|
|
|
538 #endif
|
|
76
|
539
|
|
|
540 s->args.nelts = 0;
|
|
|
541 s->buffer->pos = s->buffer->start;
|
|
|
542 s->buffer->last = s->buffer->start;
|
|
|
543
|
|
|
544 if (rev->timer_set) {
|
|
|
545 ngx_del_timer(rev);
|
|
|
546 }
|
|
|
547
|
|
|
548 s->login_attempt++;
|
|
|
549
|
|
|
550 ngx_imap_auth_http_init(s);
|
|
|
551
|
|
|
552 return;
|
|
|
553 }
|
|
|
554
|
|
252
|
555 rc = NGX_IMAP_PARSE_INVALID_COMMAND;
|
|
76
|
556 break;
|
|
|
557
|
|
|
558 case NGX_IMAP_CAPABILITY:
|
|
|
559 cscf = ngx_imap_get_module_srv_conf(s, ngx_imap_core_module);
|
|
132
|
560
|
|
|
561 #if (NGX_IMAP_SSL)
|
|
|
562
|
|
|
563 if (c->ssl == NULL) {
|
|
|
564 sslcf = ngx_imap_get_module_srv_conf(s, ngx_imap_ssl_module);
|
|
|
565
|
|
|
566 if (sslcf->starttls == NGX_IMAP_STARTTLS_ON) {
|
|
|
567 text_len = cscf->imap_starttls_capability.len;
|
|
|
568 text = cscf->imap_starttls_capability.data;
|
|
|
569 break;
|
|
|
570 }
|
|
|
571
|
|
|
572 if (sslcf->starttls == NGX_IMAP_STARTTLS_ONLY) {
|
|
|
573 text_len = cscf->imap_starttls_only_capability.len;
|
|
|
574 text = cscf->imap_starttls_only_capability.data;
|
|
|
575 break;
|
|
|
576 }
|
|
|
577 }
|
|
|
578 #endif
|
|
|
579
|
|
|
580 text_len = cscf->imap_capability.len;
|
|
|
581 text = cscf->imap_capability.data;
|
|
76
|
582 break;
|
|
|
583
|
|
|
584 case NGX_IMAP_LOGOUT:
|
|
88
|
585 s->quit = 1;
|
|
76
|
586 text = imap_bye;
|
|
|
587 text_len = sizeof(imap_bye) - 1;
|
|
|
588 break;
|
|
|
589
|
|
|
590 case NGX_IMAP_NOOP:
|
|
|
591 break;
|
|
|
592
|
|
132
|
593 #if (NGX_IMAP_SSL)
|
|
|
594
|
|
|
595 case NGX_IMAP_STARTTLS:
|
|
|
596 if (c->ssl == NULL) {
|
|
|
597 sslcf = ngx_imap_get_module_srv_conf(s, ngx_imap_ssl_module);
|
|
|
598 if (sslcf->starttls) {
|
|
|
599 c->read->handler = ngx_imap_starttls_handler;
|
|
|
600 break;
|
|
|
601 }
|
|
|
602 }
|
|
|
603
|
|
|
604 rc = NGX_IMAP_PARSE_INVALID_COMMAND;
|
|
|
605 break;
|
|
|
606 #endif
|
|
|
607
|
|
76
|
608 default:
|
|
|
609 rc = NGX_IMAP_PARSE_INVALID_COMMAND;
|
|
|
610 break;
|
|
|
611 }
|
|
|
612
|
|
|
613 } else if (rc == NGX_IMAP_NEXT) {
|
|
|
614 last = imap_next;
|
|
|
615 last_len = sizeof(imap_next) - 1;
|
|
|
616 tag = 0;
|
|
|
617 }
|
|
|
618
|
|
|
619 if (rc == NGX_IMAP_PARSE_INVALID_COMMAND) {
|
|
|
620 last = imap_invalid_command;
|
|
|
621 last_len = sizeof(imap_invalid_command) - 1;
|
|
|
622 }
|
|
|
623
|
|
|
624 if (tag) {
|
|
92
|
625 if (s->tag.len == 0) {
|
|
|
626 s->tag.len = sizeof(imap_star) - 1;
|
|
|
627 s->tag.data = (u_char *) imap_star;
|
|
|
628 }
|
|
|
629
|
|
88
|
630 if (s->tagged_line.len < s->tag.len + text_len + last_len) {
|
|
|
631 s->tagged_line.len = s->tag.len + text_len + last_len;
|
|
|
632 s->tagged_line.data = ngx_palloc(c->pool, s->tagged_line.len);
|
|
|
633 if (s->tagged_line.data == NULL) {
|
|
76
|
634 ngx_imap_close_connection(c);
|
|
|
635 return;
|
|
|
636 }
|
|
|
637 }
|
|
|
638
|
|
88
|
639 s->out.data = s->tagged_line.data;
|
|
|
640 s->out.len = s->tag.len + text_len + last_len;
|
|
|
641
|
|
|
642 p = s->out.data;
|
|
76
|
643
|
|
|
644 if (text) {
|
|
|
645 p = ngx_cpymem(p, text, text_len);
|
|
|
646 }
|
|
|
647 p = ngx_cpymem(p, s->tag.data, s->tag.len);
|
|
|
648 ngx_memcpy(p, last, last_len);
|
|
|
649
|
|
|
650
|
|
|
651 } else {
|
|
88
|
652 s->out.data = last;
|
|
|
653 s->out.len = last_len;
|
|
76
|
654 }
|
|
|
655
|
|
88
|
656 if (rc != NGX_IMAP_NEXT) {
|
|
|
657 s->args.nelts = 0;
|
|
|
658 s->buffer->pos = s->buffer->start;
|
|
|
659 s->buffer->last = s->buffer->start;
|
|
|
660 s->tag.len = 0;
|
|
76
|
661 }
|
|
|
662
|
|
88
|
663 ngx_imap_send(c->write);
|
|
76
|
664 }
|
|
|
665
|
|
|
666
|
|
|
667 void
|
|
|
668 ngx_pop3_auth_state(ngx_event_t *rev)
|
|
|
669 {
|
|
252
|
670 u_char *text, *p, *last;
|
|
76
|
671 ssize_t size;
|
|
|
672 ngx_int_t rc;
|
|
252
|
673 ngx_str_t *arg, salt, plain;
|
|
76
|
674 ngx_connection_t *c;
|
|
|
675 ngx_imap_session_t *s;
|
|
|
676 ngx_imap_core_srv_conf_t *cscf;
|
|
132
|
677 #if (NGX_IMAP_SSL)
|
|
|
678 ngx_imap_ssl_conf_t *sslcf;
|
|
|
679 #endif
|
|
76
|
680
|
|
|
681 c = rev->data;
|
|
|
682 s = c->data;
|
|
|
683
|
|
|
684 ngx_log_debug0(NGX_LOG_DEBUG_IMAP, c->log, 0, "pop3 auth state");
|
|
|
685
|
|
|
686 if (rev->timedout) {
|
|
|
687 ngx_log_error(NGX_LOG_INFO, c->log, NGX_ETIMEDOUT, "client timed out");
|
|
126
|
688 c->timedout = 1;
|
|
76
|
689 ngx_imap_close_connection(c);
|
|
|
690 return;
|
|
|
691 }
|
|
|
692
|
|
88
|
693 if (s->out.len) {
|
|
|
694 ngx_log_debug0(NGX_LOG_DEBUG_IMAP, c->log, 0, "imap send handler busy");
|
|
|
695 s->blocked = 1;
|
|
|
696 return;
|
|
|
697 }
|
|
|
698
|
|
|
699 s->blocked = 0;
|
|
|
700
|
|
76
|
701 rc = ngx_imap_read_command(s);
|
|
|
702
|
|
|
703 if (rc == NGX_AGAIN || rc == NGX_ERROR) {
|
|
|
704 return;
|
|
|
705 }
|
|
|
706
|
|
|
707 text = pop3_ok;
|
|
|
708 size = sizeof(pop3_ok) - 1;
|
|
|
709
|
|
|
710 if (rc == NGX_OK) {
|
|
|
711 switch (s->imap_state) {
|
|
|
712
|
|
|
713 case ngx_pop3_start:
|
|
|
714
|
|
|
715 switch (s->command) {
|
|
|
716
|
|
|
717 case NGX_POP3_USER:
|
|
|
718 if (s->args.nelts == 1) {
|
|
|
719 s->imap_state = ngx_pop3_user;
|
|
|
720
|
|
|
721 arg = s->args.elts;
|
|
|
722 s->login.len = arg[0].len;
|
|
|
723 s->login.data = ngx_palloc(c->pool, s->login.len);
|
|
|
724 if (s->login.data == NULL) {
|
|
|
725 ngx_imap_session_internal_server_error(s);
|
|
|
726 return;
|
|
|
727 }
|
|
|
728
|
|
|
729 ngx_memcpy(s->login.data, arg[0].data, s->login.len);
|
|
|
730
|
|
|
731 ngx_log_debug1(NGX_LOG_DEBUG_IMAP, c->log, 0,
|
|
|
732 "pop3 login: \"%V\"", &s->login);
|
|
|
733
|
|
252
|
734 break;
|
|
76
|
735 }
|
|
|
736
|
|
252
|
737 rc = NGX_IMAP_PARSE_INVALID_COMMAND;
|
|
76
|
738 break;
|
|
|
739
|
|
|
740 case NGX_POP3_CAPA:
|
|
|
741 cscf = ngx_imap_get_module_srv_conf(s, ngx_imap_core_module);
|
|
132
|
742
|
|
|
743 #if (NGX_IMAP_SSL)
|
|
|
744
|
|
|
745 if (c->ssl == NULL) {
|
|
|
746 sslcf = ngx_imap_get_module_srv_conf(s,
|
|
|
747 ngx_imap_ssl_module);
|
|
|
748 if (sslcf->starttls) {
|
|
|
749 size = cscf->pop3_starttls_capability.len;
|
|
|
750 text = cscf->pop3_starttls_capability.data;
|
|
|
751 break;
|
|
|
752 }
|
|
|
753 }
|
|
|
754 #endif
|
|
|
755
|
|
|
756 size = cscf->pop3_capability.len;
|
|
|
757 text = cscf->pop3_capability.data;
|
|
76
|
758 break;
|
|
|
759
|
|
250
|
760 case NGX_POP3_APOP:
|
|
|
761 cscf = ngx_imap_get_module_srv_conf(s, ngx_imap_core_module);
|
|
|
762
|
|
|
763 if ((cscf->auth_methods & NGX_IMAP_AUTH_APOP_ENABLED)
|
|
|
764 && s->args.nelts == 2)
|
|
|
765 {
|
|
|
766 arg = s->args.elts;
|
|
|
767
|
|
|
768 s->login.len = arg[0].len;
|
|
|
769 s->login.data = ngx_palloc(c->pool, s->login.len);
|
|
|
770 if (s->login.data == NULL) {
|
|
|
771 ngx_imap_session_internal_server_error(s);
|
|
|
772 return;
|
|
|
773 }
|
|
|
774
|
|
|
775 ngx_memcpy(s->login.data, arg[0].data, s->login.len);
|
|
|
776
|
|
|
777 s->passwd.len = arg[1].len;
|
|
|
778 s->passwd.data = ngx_palloc(c->pool, s->passwd.len);
|
|
|
779 if (s->passwd.data == NULL) {
|
|
|
780 ngx_imap_session_internal_server_error(s);
|
|
|
781 return;
|
|
|
782 }
|
|
|
783
|
|
|
784 ngx_memcpy(s->passwd.data, arg[1].data, s->passwd.len);
|
|
|
785
|
|
|
786 ngx_log_debug2(NGX_LOG_DEBUG_IMAP, c->log, 0,
|
|
|
787 "pop3 apop: \"%V\" \"%V\"",
|
|
|
788 &s->login, &s->passwd);
|
|
|
789
|
|
|
790 s->auth_method = NGX_IMAP_AUTH_APOP;
|
|
|
791
|
|
|
792 s->args.nelts = 0;
|
|
|
793 s->buffer->pos = s->buffer->start;
|
|
|
794 s->buffer->last = s->buffer->start;
|
|
|
795
|
|
|
796 if (rev->timer_set) {
|
|
|
797 ngx_del_timer(rev);
|
|
|
798 }
|
|
|
799
|
|
|
800 ngx_imap_auth_http_init(s);
|
|
|
801
|
|
|
802 return;
|
|
252
|
803 }
|
|
250
|
804
|
|
252
|
805 rc = NGX_IMAP_PARSE_INVALID_COMMAND;
|
|
|
806 break;
|
|
|
807
|
|
|
808 case NGX_POP3_AUTH:
|
|
|
809 cscf = ngx_imap_get_module_srv_conf(s, ngx_imap_core_module);
|
|
|
810
|
|
|
811 if (s->args.nelts == 0) {
|
|
|
812 size = cscf->pop3_auth_capability.len;
|
|
|
813 text = cscf->pop3_auth_capability.data;
|
|
|
814 s->state = 0;
|
|
|
815 break;
|
|
|
816 }
|
|
|
817
|
|
|
818 if (s->args.nelts != 1) {
|
|
250
|
819 rc = NGX_IMAP_PARSE_INVALID_COMMAND;
|
|
252
|
820 break;
|
|
250
|
821 }
|
|
|
822
|
|
252
|
823 arg = s->args.elts;
|
|
|
824
|
|
|
825 if (arg[0].len == 5) {
|
|
|
826
|
|
|
827 if (ngx_strncasecmp(arg[0].data, "LOGIN", 5) == 0) {
|
|
|
828 s->imap_state = ngx_pop3_auth_login_username;
|
|
|
829
|
|
|
830 size = sizeof(pop3_username) - 1;
|
|
|
831 text = pop3_username;
|
|
|
832
|
|
|
833 break;
|
|
|
834
|
|
|
835 } else if (ngx_strncasecmp(arg[0].data, "PLAIN", 5) == 0) {
|
|
|
836 s->imap_state = ngx_pop3_auth_plain;
|
|
|
837
|
|
|
838 size = sizeof(pop3_next) - 1;
|
|
|
839 text = pop3_next;
|
|
|
840
|
|
|
841 break;
|
|
|
842 }
|
|
|
843
|
|
|
844 } else if (arg[0].len == 8
|
|
|
845 && ngx_strncasecmp(arg[0].data, "CRAM-MD5", 8) == 0)
|
|
|
846 {
|
|
|
847 s->imap_state = ngx_pop3_auth_cram_md5;
|
|
|
848
|
|
|
849 text = ngx_palloc(c->pool,
|
|
|
850 sizeof("+ " CRLF) - 1
|
|
|
851 + ngx_base64_encoded_length(s->salt.len));
|
|
|
852 if (text == NULL) {
|
|
|
853 ngx_imap_session_internal_server_error(s);
|
|
|
854 return;
|
|
|
855 }
|
|
|
856
|
|
|
857 text[0] = '+'; text[1]= ' ';
|
|
|
858 salt.data = &text[2];
|
|
|
859 s->salt.len -= 2;
|
|
|
860
|
|
|
861 ngx_encode_base64(&salt, &s->salt);
|
|
|
862
|
|
|
863 s->salt.len += 2;
|
|
|
864 size = 2 + salt.len;
|
|
|
865 text[size++] = CR; text[size++] = LF;
|
|
|
866
|
|
|
867 break;
|
|
|
868 }
|
|
|
869
|
|
|
870 rc = NGX_IMAP_PARSE_INVALID_COMMAND;
|
|
250
|
871 break;
|
|
|
872
|
|
76
|
873 case NGX_POP3_QUIT:
|
|
88
|
874 s->quit = 1;
|
|
76
|
875 break;
|
|
|
876
|
|
|
877 case NGX_POP3_NOOP:
|
|
|
878 break;
|
|
|
879
|
|
132
|
880 #if (NGX_IMAP_SSL)
|
|
|
881
|
|
|
882 case NGX_POP3_STLS:
|
|
|
883 if (c->ssl == NULL) {
|
|
|
884 sslcf = ngx_imap_get_module_srv_conf(s,
|
|
|
885 ngx_imap_ssl_module);
|
|
|
886 if (sslcf->starttls) {
|
|
|
887 c->read->handler = ngx_imap_starttls_handler;
|
|
|
888 break;
|
|
|
889 }
|
|
|
890 }
|
|
|
891
|
|
|
892 rc = NGX_IMAP_PARSE_INVALID_COMMAND;
|
|
|
893 break;
|
|
|
894 #endif
|
|
|
895
|
|
76
|
896 default:
|
|
|
897 s->imap_state = ngx_pop3_start;
|
|
|
898 rc = NGX_IMAP_PARSE_INVALID_COMMAND;
|
|
|
899 break;
|
|
|
900 }
|
|
|
901
|
|
|
902 break;
|
|
|
903
|
|
|
904 case ngx_pop3_user:
|
|
|
905
|
|
|
906 switch (s->command) {
|
|
|
907
|
|
|
908 case NGX_POP3_PASS:
|
|
|
909 if (s->args.nelts == 1) {
|
|
|
910 arg = s->args.elts;
|
|
|
911 s->passwd.len = arg[0].len;
|
|
|
912 s->passwd.data = ngx_palloc(c->pool, s->passwd.len);
|
|
|
913 if (s->passwd.data == NULL) {
|
|
|
914 ngx_imap_session_internal_server_error(s);
|
|
|
915 return;
|
|
|
916 }
|
|
|
917
|
|
|
918 ngx_memcpy(s->passwd.data, arg[0].data, s->passwd.len);
|
|
|
919
|
|
96
|
920 #if (NGX_DEBUG_IMAP_PASSWD)
|
|
76
|
921 ngx_log_debug1(NGX_LOG_DEBUG_IMAP, c->log, 0,
|
|
|
922 "pop3 passwd: \"%V\"", &s->passwd);
|
|
96
|
923 #endif
|
|
76
|
924
|
|
|
925 s->args.nelts = 0;
|
|
|
926 s->buffer->pos = s->buffer->start;
|
|
|
927 s->buffer->last = s->buffer->start;
|
|
|
928
|
|
|
929 if (rev->timer_set) {
|
|
|
930 ngx_del_timer(rev);
|
|
|
931 }
|
|
|
932
|
|
|
933 ngx_imap_auth_http_init(s);
|
|
|
934
|
|
|
935 return;
|
|
|
936 }
|
|
|
937
|
|
252
|
938 rc = NGX_IMAP_PARSE_INVALID_COMMAND;
|
|
76
|
939 break;
|
|
|
940
|
|
|
941 case NGX_POP3_CAPA:
|
|
|
942 cscf = ngx_imap_get_module_srv_conf(s, ngx_imap_core_module);
|
|
132
|
943 size = cscf->pop3_capability.len;
|
|
|
944 text = cscf->pop3_capability.data;
|
|
76
|
945 break;
|
|
|
946
|
|
|
947 case NGX_POP3_QUIT:
|
|
88
|
948 s->quit = 1;
|
|
76
|
949 break;
|
|
|
950
|
|
|
951 case NGX_POP3_NOOP:
|
|
|
952 break;
|
|
|
953
|
|
|
954 default:
|
|
|
955 s->imap_state = ngx_pop3_start;
|
|
|
956 rc = NGX_IMAP_PARSE_INVALID_COMMAND;
|
|
|
957 break;
|
|
|
958 }
|
|
|
959
|
|
|
960 break;
|
|
|
961
|
|
|
962 /* suppress warinings */
|
|
|
963 case ngx_pop3_passwd:
|
|
|
964 break;
|
|
252
|
965
|
|
|
966 case ngx_pop3_auth_login_username:
|
|
|
967 arg = s->args.elts;
|
|
|
968 s->imap_state = ngx_pop3_auth_login_password;
|
|
|
969
|
|
|
970 ngx_log_debug1(NGX_LOG_DEBUG_IMAP, c->log, 0,
|
|
|
971 "pop3 auth login username: \"%V\"", &arg[0]);
|
|
|
972
|
|
|
973 s->login.data = ngx_palloc(c->pool,
|
|
|
974 ngx_base64_decoded_length(arg[0].len));
|
|
|
975 if (s->login.data == NULL){
|
|
|
976 ngx_imap_session_internal_server_error(s);
|
|
|
977 return;
|
|
|
978 }
|
|
|
979
|
|
|
980 if (ngx_decode_base64(&s->login, &arg[0]) != NGX_OK) {
|
|
|
981 ngx_log_error(NGX_LOG_INFO, c->log, 0,
|
|
|
982 "client sent invalid base64 encoding "
|
|
|
983 "in AUTH LOGIN command");
|
|
|
984 rc = NGX_IMAP_PARSE_INVALID_COMMAND;
|
|
|
985 break;
|
|
|
986 }
|
|
|
987
|
|
|
988 ngx_log_debug1(NGX_LOG_DEBUG_IMAP, c->log, 0,
|
|
|
989 "pop3 auth login username: \"%V\"", &s->login);
|
|
|
990
|
|
|
991 size = sizeof(pop3_password) - 1;
|
|
|
992 text = pop3_password;
|
|
|
993
|
|
|
994 break;
|
|
|
995
|
|
|
996 case ngx_pop3_auth_login_password:
|
|
|
997 arg = s->args.elts;
|
|
|
998
|
|
|
999 #if (NGX_DEBUG_IMAP_PASSWD)
|
|
|
1000 ngx_log_debug1(NGX_LOG_DEBUG_IMAP, c->log, 0,
|
|
|
1001 "pop3 auth login password: \"%V\"", &arg[0]);
|
|
|
1002 #endif
|
|
|
1003
|
|
|
1004 s->passwd.data = ngx_palloc(c->pool,
|
|
|
1005 ngx_base64_decoded_length(arg[0].len));
|
|
|
1006 if (s->passwd.data == NULL){
|
|
|
1007 ngx_imap_session_internal_server_error(s);
|
|
|
1008 return;
|
|
|
1009 }
|
|
|
1010
|
|
|
1011 if (ngx_decode_base64(&s->passwd, &arg[0]) != NGX_OK) {
|
|
|
1012 ngx_log_error(NGX_LOG_INFO, c->log, 0,
|
|
|
1013 "client sent invalid base64 encoding "
|
|
|
1014 "in AUTH LOGIN command");
|
|
|
1015 rc = NGX_IMAP_PARSE_INVALID_COMMAND;
|
|
|
1016 break;
|
|
|
1017 }
|
|
|
1018
|
|
|
1019 #if (NGX_DEBUG_IMAP_PASSWD)
|
|
|
1020 ngx_log_debug1(NGX_LOG_DEBUG_IMAP, c->log, 0,
|
|
|
1021 "pop3 auth login password: \"%V\"", &s->passwd);
|
|
|
1022 #endif
|
|
|
1023
|
|
|
1024 s->args.nelts = 0;
|
|
|
1025 s->buffer->pos = s->buffer->start;
|
|
|
1026 s->buffer->last = s->buffer->start;
|
|
|
1027
|
|
|
1028 if (rev->timer_set) {
|
|
|
1029 ngx_del_timer(rev);
|
|
|
1030 }
|
|
|
1031
|
|
|
1032 ngx_imap_auth_http_init(s);
|
|
|
1033
|
|
|
1034 return;
|
|
|
1035
|
|
|
1036 case ngx_pop3_auth_plain:
|
|
|
1037 arg = s->args.elts;
|
|
|
1038
|
|
|
1039 #if (NGX_DEBUG_IMAP_PASSWD)
|
|
|
1040 ngx_log_debug1(NGX_LOG_DEBUG_IMAP, c->log, 0,
|
|
|
1041 "pop3 auth plain: \"%V\"", &arg[0]);
|
|
|
1042 #endif
|
|
|
1043
|
|
|
1044 plain.data = ngx_palloc(c->pool,
|
|
|
1045 ngx_base64_decoded_length(arg[0].len));
|
|
|
1046 if (plain.data == NULL){
|
|
|
1047 ngx_imap_session_internal_server_error(s);
|
|
|
1048 return;
|
|
|
1049 }
|
|
|
1050
|
|
|
1051 if (ngx_decode_base64(&plain, &arg[0]) != NGX_OK) {
|
|
|
1052 ngx_log_error(NGX_LOG_INFO, c->log, 0,
|
|
|
1053 "client sent invalid base64 encoding "
|
|
|
1054 "in AUTH PLAIN command");
|
|
|
1055 rc = NGX_IMAP_PARSE_INVALID_COMMAND;
|
|
|
1056 break;
|
|
|
1057 }
|
|
|
1058
|
|
|
1059 p = plain.data;
|
|
|
1060 last = p + plain.len;
|
|
|
1061
|
|
|
1062 while (p < last && *p++) { /* void */ }
|
|
|
1063
|
|
|
1064 if (p == last) {
|
|
|
1065 ngx_log_error(NGX_LOG_INFO, c->log, 0,
|
|
|
1066 "client sent invalid login "
|
|
|
1067 "in AUTH PLAIN command");
|
|
|
1068 rc = NGX_IMAP_PARSE_INVALID_COMMAND;
|
|
|
1069 break;
|
|
|
1070 }
|
|
|
1071
|
|
|
1072 s->login.data = p;
|
|
|
1073
|
|
|
1074 while (p < last && *p) { p++; }
|
|
|
1075
|
|
|
1076 if (p == last) {
|
|
|
1077 ngx_log_error(NGX_LOG_INFO, c->log, 0,
|
|
|
1078 "client sent invalid password "
|
|
|
1079 "in AUTH PLAIN command");
|
|
|
1080 rc = NGX_IMAP_PARSE_INVALID_COMMAND;
|
|
|
1081 break;
|
|
|
1082 }
|
|
|
1083
|
|
|
1084 s->login.len = p++ - s->login.data;
|
|
|
1085
|
|
|
1086 s->passwd.len = last - p;
|
|
|
1087 s->passwd.data = p;
|
|
|
1088
|
|
|
1089 #if (NGX_DEBUG_IMAP_PASSWD)
|
|
|
1090 ngx_log_debug2(NGX_LOG_DEBUG_IMAP, c->log, 0,
|
|
|
1091 "pop3 auth plain: \"%V\" \"%V\"",
|
|
|
1092 &s->login, &s->passwd);
|
|
|
1093 #endif
|
|
|
1094
|
|
|
1095 s->args.nelts = 0;
|
|
|
1096 s->buffer->pos = s->buffer->start;
|
|
|
1097 s->buffer->last = s->buffer->start;
|
|
|
1098
|
|
|
1099 if (rev->timer_set) {
|
|
|
1100 ngx_del_timer(rev);
|
|
|
1101 }
|
|
|
1102
|
|
|
1103 ngx_imap_auth_http_init(s);
|
|
|
1104
|
|
|
1105 return;
|
|
|
1106
|
|
|
1107 case ngx_pop3_auth_cram_md5:
|
|
|
1108 arg = s->args.elts;
|
|
|
1109
|
|
|
1110 ngx_log_debug1(NGX_LOG_DEBUG_IMAP, c->log, 0,
|
|
|
1111 "pop3 auth cram-md5: \"%V\"", &arg[0]);
|
|
|
1112
|
|
|
1113 s->login.data = ngx_palloc(c->pool,
|
|
|
1114 ngx_base64_decoded_length(arg[0].len));
|
|
|
1115 if (s->login.data == NULL){
|
|
|
1116 ngx_imap_session_internal_server_error(s);
|
|
|
1117 return;
|
|
|
1118 }
|
|
|
1119
|
|
|
1120 if (ngx_decode_base64(&s->login, &arg[0]) != NGX_OK) {
|
|
|
1121 ngx_log_error(NGX_LOG_INFO, c->log, 0,
|
|
|
1122 "client sent invalid base64 encoding "
|
|
|
1123 "in AUTH CRAM-MD5 command");
|
|
|
1124 rc = NGX_IMAP_PARSE_INVALID_COMMAND;
|
|
|
1125 break;
|
|
|
1126 }
|
|
|
1127
|
|
|
1128 p = s->login.data;
|
|
|
1129 last = p + s->login.len;
|
|
|
1130
|
|
|
1131 while (p < last) {
|
|
|
1132 if (*p++ == ' ') {
|
|
|
1133 s->login.len = p - s->login.data - 1;
|
|
|
1134 s->passwd.len = last - p;
|
|
|
1135 s->passwd.data = p;
|
|
|
1136 break;
|
|
|
1137 }
|
|
|
1138 }
|
|
|
1139
|
|
|
1140 if (s->passwd.len != 32) {
|
|
|
1141 ngx_log_error(NGX_LOG_INFO, c->log, 0,
|
|
|
1142 "client sent invalid CRAM-MD5 hash "
|
|
|
1143 "in AUTH CRAM-MD5 command");
|
|
|
1144 rc = NGX_IMAP_PARSE_INVALID_COMMAND;
|
|
|
1145 break;
|
|
|
1146 }
|
|
|
1147
|
|
|
1148 ngx_log_debug2(NGX_LOG_DEBUG_IMAP, c->log, 0,
|
|
|
1149 "pop3 auth cram-md5: \"%V\" \"%V\"",
|
|
|
1150 &s->login, &s->passwd);
|
|
|
1151
|
|
|
1152 s->auth_method = NGX_IMAP_AUTH_CRAM_MD5;
|
|
|
1153
|
|
|
1154 s->args.nelts = 0;
|
|
|
1155 s->buffer->pos = s->buffer->start;
|
|
|
1156 s->buffer->last = s->buffer->start;
|
|
|
1157
|
|
|
1158 if (rev->timer_set) {
|
|
|
1159 ngx_del_timer(rev);
|
|
|
1160 }
|
|
|
1161
|
|
|
1162 ngx_imap_auth_http_init(s);
|
|
|
1163
|
|
|
1164 return;
|
|
76
|
1165 }
|
|
|
1166 }
|
|
|
1167
|
|
|
1168 if (rc == NGX_IMAP_PARSE_INVALID_COMMAND) {
|
|
252
|
1169 s->imap_state = ngx_pop3_start;
|
|
|
1170 s->state = 0;
|
|
76
|
1171 text = pop3_invalid_command;
|
|
|
1172 size = sizeof(pop3_invalid_command) - 1;
|
|
|
1173 }
|
|
|
1174
|
|
|
1175 s->args.nelts = 0;
|
|
|
1176 s->buffer->pos = s->buffer->start;
|
|
|
1177 s->buffer->last = s->buffer->start;
|
|
88
|
1178
|
|
252
|
1179 if (s->state) {
|
|
|
1180 s->arg_start = s->buffer->start;
|
|
|
1181 }
|
|
|
1182
|
|
88
|
1183 s->out.data = text;
|
|
|
1184 s->out.len = size;
|
|
|
1185
|
|
|
1186 ngx_imap_send(c->write);
|
|
76
|
1187 }
|
|
|
1188
|
|
|
1189
|
|
|
1190 static ngx_int_t
|
|
|
1191 ngx_imap_read_command(ngx_imap_session_t *s)
|
|
|
1192 {
|
|
|
1193 ssize_t n;
|
|
|
1194 ngx_int_t rc;
|
|
|
1195
|
|
88
|
1196 n = s->connection->recv(s->connection, s->buffer->last,
|
|
|
1197 s->buffer->end - s->buffer->last);
|
|
76
|
1198
|
|
|
1199 if (n == NGX_ERROR || n == 0) {
|
|
|
1200 ngx_imap_close_connection(s->connection);
|
|
|
1201 return NGX_ERROR;
|
|
|
1202 }
|
|
|
1203
|
|
|
1204 if (n > 0) {
|
|
|
1205 s->buffer->last += n;
|
|
|
1206 }
|
|
|
1207
|
|
|
1208 if (n == NGX_AGAIN) {
|
|
|
1209 if (ngx_handle_read_event(s->connection->read, 0) == NGX_ERROR) {
|
|
|
1210 ngx_imap_session_internal_server_error(s);
|
|
|
1211 return NGX_ERROR;
|
|
|
1212 }
|
|
|
1213
|
|
|
1214 return NGX_AGAIN;
|
|
|
1215 }
|
|
|
1216
|
|
|
1217 if (s->protocol == NGX_IMAP_POP3_PROTOCOL) {
|
|
|
1218 rc = ngx_pop3_parse_command(s);
|
|
|
1219 } else {
|
|
|
1220 rc = ngx_imap_parse_command(s);
|
|
|
1221 }
|
|
|
1222
|
|
|
1223 if (rc == NGX_AGAIN
|
|
|
1224 || rc == NGX_IMAP_NEXT
|
|
|
1225 || rc == NGX_IMAP_PARSE_INVALID_COMMAND)
|
|
|
1226 {
|
|
|
1227 return rc;
|
|
|
1228 }
|
|
|
1229
|
|
|
1230 if (rc == NGX_ERROR) {
|
|
|
1231 ngx_imap_close_connection(s->connection);
|
|
|
1232 return NGX_ERROR;
|
|
|
1233 }
|
|
|
1234
|
|
|
1235 return NGX_OK;
|
|
|
1236 }
|
|
|
1237
|
|
|
1238
|
|
|
1239 void
|
|
|
1240 ngx_imap_session_internal_server_error(ngx_imap_session_t *s)
|
|
|
1241 {
|
|
88
|
1242 s->out = internal_server_errors[s->protocol];
|
|
|
1243 s->quit = 1;
|
|
76
|
1244
|
|
88
|
1245 ngx_imap_send(s->connection->write);
|
|
76
|
1246 }
|
|
|
1247
|
|
|
1248
|
|
|
1249 void
|
|
|
1250 ngx_imap_close_connection(ngx_connection_t *c)
|
|
|
1251 {
|
|
|
1252 ngx_pool_t *pool;
|
|
|
1253
|
|
|
1254 ngx_log_debug1(NGX_LOG_DEBUG_IMAP, c->log, 0,
|
|
|
1255 "close imap connection: %d", c->fd);
|
|
|
1256
|
|
88
|
1257 #if (NGX_IMAP_SSL)
|
|
|
1258
|
|
|
1259 if (c->ssl) {
|
|
|
1260 if (ngx_ssl_shutdown(c) == NGX_AGAIN) {
|
|
126
|
1261 c->ssl->handler = ngx_imap_close_connection;
|
|
88
|
1262 return;
|
|
|
1263 }
|
|
|
1264 }
|
|
|
1265
|
|
|
1266 #endif
|
|
|
1267
|
|
132
|
1268 c->destroyed = 1;
|
|
92
|
1269
|
|
76
|
1270 pool = c->pool;
|
|
|
1271
|
|
|
1272 ngx_close_connection(c);
|
|
|
1273
|
|
|
1274 ngx_destroy_pool(pool);
|
|
|
1275 }
|
|
88
|
1276
|
|
|
1277
|
|
90
|
1278 static u_char *
|
|
|
1279 ngx_imap_log_error(ngx_log_t *log, u_char *buf, size_t len)
|
|
|
1280 {
|
|
116
|
1281 u_char *p;
|
|
|
1282 ngx_imap_session_t *s;
|
|
|
1283 ngx_imap_log_ctx_t *ctx;
|
|
90
|
1284
|
|
|
1285 if (log->action) {
|
|
|
1286 p = ngx_snprintf(buf, len, " while %s", log->action);
|
|
|
1287 len -= p - buf;
|
|
|
1288 buf = p;
|
|
|
1289 }
|
|
126
|
1290
|
|
90
|
1291 ctx = log->data;
|
|
|
1292
|
|
|
1293 p = ngx_snprintf(buf, len, ", client: %V", ctx->client);
|
|
|
1294 len -= p - buf;
|
|
|
1295 buf = p;
|
|
|
1296
|
|
|
1297 s = ctx->session;
|
|
|
1298
|
|
|
1299 if (s == NULL) {
|
|
|
1300 return p;
|
|
|
1301 }
|
|
|
1302
|
|
190
|
1303 p = ngx_snprintf(buf, len, ", server: %V", s->addr_text);
|
|
90
|
1304 len -= p - buf;
|
|
|
1305 buf = p;
|
|
|
1306
|
|
|
1307 if (s->login.len == 0) {
|
|
|
1308 return p;
|
|
|
1309 }
|
|
|
1310
|
|
|
1311 p = ngx_snprintf(buf, len, ", login: \"%V\"", &s->login);
|
|
|
1312 len -= p - buf;
|
|
|
1313 buf = p;
|
|
|
1314
|
|
|
1315 if (s->proxy == NULL) {
|
|
|
1316 return p;
|
|
|
1317 }
|
|
|
1318
|
|
|
1319 p = ngx_snprintf(buf, len, ", upstream: %V",
|
|
|
1320 &s->proxy->upstream.peers->peer[0].name);
|
|
|
1321
|
|
|
1322 return p;
|
|
|
1323 }
|
