Mercurial > hg > nginx
view src/mail/ngx_mail.h @ 8122:106328a70f4e
Added warning about redefinition of listen socket protocol options.
The "listen" directive in the http module can be used multiple times
in different server blocks. Originally, it was supposed to be specified
once with various socket options, and without any parameters in virtual
server blocks. For example:
server { listen 80 backlog=1024; server_name foo; ... }
server { listen 80; server_name bar; ... }
server { listen 80; server_name bazz; ... }
The address part of the syntax ("address[:port]" / "port" / "unix:path")
uniquely identifies the listening socket, and therefore is enough for
name-based virtual servers (to let nginx know that the virtual server
accepts requests on the listening socket in question).
To ensure that listening options do not conflict between virtual servers,
they were allowed only once. For example, the following configuration
will be rejected ("duplicate listen options for 0.0.0.0:80 in ..."):
server { listen 80 backlog=1024; server_name foo; ... }
server { listen 80 backlog=512; server_name bar; ... }
At some point it was, however, noticed, that it is sometimes convenient
to repeat some options for clarity. In nginx 0.8.51 the "ssl" parameter
was allowed to be specified multiple times, e.g.:
server { listen 443 ssl backlog=1024; server_name foo; ... }
server { listen 443 ssl; server_name bar; ... }
server { listen 443 ssl; server_name bazz; ... }
This approach makes configuration more readable, since SSL sockets are
immediately visible in the configuration. If this is not needed, just the
address can still be used.
Later, additional protocol-specific options similar to "ssl" were
introduced, notably "http2" and "proxy_protocol". With these options,
one can write:
server { listen 443 ssl backlog=1024; server_name foo; ... }
server { listen 443 http2; server_name bar; ... }
server { listen 443 proxy_protocol; server_name bazz; ... }
The resulting socket will use ssl, http2, and proxy_protocol, but this
is not really obvious from the configuration.
To emphasize such misleading configurations are discouraged, nginx now
warns as long as the "listen" directive is used with options different
from the options previously used if this is potentially confusing.
In particular, the following configurations are allowed:
server { listen 8401 ssl backlog=1024; server_name foo; }
server { listen 8401 ssl; server_name bar; }
server { listen 8401 ssl; server_name bazz; }
server { listen 8402 ssl http2 backlog=1024; server_name foo; }
server { listen 8402 ssl; server_name bar; }
server { listen 8402 ssl; server_name bazz; }
server { listen 8403 ssl; server_name bar; }
server { listen 8403 ssl; server_name bazz; }
server { listen 8403 ssl http2; server_name foo; }
server { listen 8404 ssl http2 backlog=1024; server_name foo; }
server { listen 8404 http2; server_name bar; }
server { listen 8404 http2; server_name bazz; }
server { listen 8405 ssl http2 backlog=1024; server_name foo; }
server { listen 8405 ssl http2; server_name bar; }
server { listen 8405 ssl http2; server_name bazz; }
server { listen 8406 ssl; server_name foo; }
server { listen 8406; server_name bar; }
server { listen 8406; server_name bazz; }
And the following configurations will generate warnings:
server { listen 8501 ssl http2 backlog=1024; server_name foo; }
server { listen 8501 http2; server_name bar; }
server { listen 8501 ssl; server_name bazz; }
server { listen 8502 backlog=1024; server_name foo; }
server { listen 8502 ssl; server_name bar; }
server { listen 8503 ssl; server_name foo; }
server { listen 8503 http2; server_name bar; }
server { listen 8504 ssl; server_name foo; }
server { listen 8504 http2; server_name bar; }
server { listen 8504 proxy_protocol; server_name bazz; }
server { listen 8505 ssl http2 proxy_protocol; server_name foo; }
server { listen 8505 ssl http2; server_name bar; }
server { listen 8505 ssl; server_name bazz; }
server { listen 8506 ssl http2; server_name foo; }
server { listen 8506 ssl; server_name bar; }
server { listen 8506; server_name bazz; }
server { listen 8507 ssl; server_name bar; }
server { listen 8507; server_name bazz; }
server { listen 8507 ssl http2; server_name foo; }
server { listen 8508 ssl; server_name bar; }
server { listen 8508; server_name bazz; }
server { listen 8508 ssl backlog=1024; server_name foo; }
server { listen 8509; server_name bazz; }
server { listen 8509 ssl; server_name bar; }
server { listen 8509 ssl backlog=1024; server_name foo; }
The basic idea is that at most two sets of protocol options are allowed:
the main one (with socket options, if any), and a shorter one, with options
being a subset of the main options, repeated for clarity. As long as the
shorter set of protocol options is used, all listen directives except the
main one should use it.
| author | Maxim Dounin <mdounin@mdounin.ru> |
|---|---|
| date | Sat, 28 Jan 2023 01:29:45 +0300 |
| parents | dc955d274130 |
| children | d9a52ebb9b00 |
line wrap: on
line source
/* * Copyright (C) Igor Sysoev * Copyright (C) Nginx, Inc. */ #ifndef _NGX_MAIL_H_INCLUDED_ #define _NGX_MAIL_H_INCLUDED_ #include <ngx_config.h> #include <ngx_core.h> #include <ngx_event.h> #include <ngx_event_connect.h> #if (NGX_MAIL_SSL) #include <ngx_mail_ssl_module.h> #endif typedef struct { void **main_conf; void **srv_conf; } ngx_mail_conf_ctx_t; typedef struct { struct sockaddr *sockaddr; socklen_t socklen; ngx_str_t addr_text; /* server ctx */ ngx_mail_conf_ctx_t *ctx; unsigned bind:1; unsigned wildcard:1; unsigned ssl:1; #if (NGX_HAVE_INET6) unsigned ipv6only:1; #endif unsigned so_keepalive:2; unsigned proxy_protocol:1; #if (NGX_HAVE_KEEPALIVE_TUNABLE) int tcp_keepidle; int tcp_keepintvl; int tcp_keepcnt; #endif int backlog; int rcvbuf; int sndbuf; } ngx_mail_listen_t; typedef struct { ngx_mail_conf_ctx_t *ctx; ngx_str_t addr_text; unsigned ssl:1; unsigned proxy_protocol:1; } ngx_mail_addr_conf_t; typedef struct { in_addr_t addr; ngx_mail_addr_conf_t conf; } ngx_mail_in_addr_t; #if (NGX_HAVE_INET6) typedef struct { struct in6_addr addr6; ngx_mail_addr_conf_t conf; } ngx_mail_in6_addr_t; #endif typedef struct { /* ngx_mail_in_addr_t or ngx_mail_in6_addr_t */ void *addrs; ngx_uint_t naddrs; } ngx_mail_port_t; typedef struct { int family; in_port_t port; ngx_array_t addrs; /* array of ngx_mail_conf_addr_t */ } ngx_mail_conf_port_t; typedef struct { ngx_mail_listen_t opt; } ngx_mail_conf_addr_t; typedef struct { ngx_array_t servers; /* ngx_mail_core_srv_conf_t */ ngx_array_t listen; /* ngx_mail_listen_t */ } ngx_mail_core_main_conf_t; #define NGX_MAIL_POP3_PROTOCOL 0 #define NGX_MAIL_IMAP_PROTOCOL 1 #define NGX_MAIL_SMTP_PROTOCOL 2 typedef struct ngx_mail_protocol_s ngx_mail_protocol_t; typedef struct { ngx_mail_protocol_t *protocol; ngx_msec_t timeout; ngx_msec_t resolver_timeout; ngx_uint_t max_errors; ngx_str_t server_name; u_char *file_name; ngx_uint_t line; ngx_resolver_t *resolver; ngx_log_t *error_log; /* server ctx */ ngx_mail_conf_ctx_t *ctx; ngx_uint_t listen; /* unsigned listen:1; */ } ngx_mail_core_srv_conf_t; typedef enum { ngx_pop3_start = 0, ngx_pop3_user, ngx_pop3_passwd, ngx_pop3_auth_login_username, ngx_pop3_auth_login_password, ngx_pop3_auth_plain, ngx_pop3_auth_cram_md5, ngx_pop3_auth_external } ngx_pop3_state_e; typedef enum { ngx_imap_start = 0, ngx_imap_auth_login_username, ngx_imap_auth_login_password, ngx_imap_auth_plain, ngx_imap_auth_cram_md5, ngx_imap_auth_external, ngx_imap_login, ngx_imap_user, ngx_imap_passwd } ngx_imap_state_e; typedef enum { ngx_smtp_start = 0, ngx_smtp_auth_login_username, ngx_smtp_auth_login_password, ngx_smtp_auth_plain, ngx_smtp_auth_cram_md5, ngx_smtp_auth_external, ngx_smtp_helo, ngx_smtp_helo_xclient, ngx_smtp_helo_auth, ngx_smtp_helo_from, ngx_smtp_xclient, ngx_smtp_xclient_from, ngx_smtp_xclient_helo, ngx_smtp_xclient_auth, ngx_smtp_from, ngx_smtp_to } ngx_smtp_state_e; typedef struct { ngx_peer_connection_t upstream; ngx_buf_t *buffer; ngx_uint_t proxy_protocol; /* unsigned proxy_protocol:1; */ } ngx_mail_proxy_ctx_t; typedef struct { uint32_t signature; /* "MAIL" */ ngx_connection_t *connection; ngx_str_t out; ngx_buf_t *buffer; void **ctx; void **main_conf; void **srv_conf; ngx_resolver_ctx_t *resolver_ctx; ngx_mail_proxy_ctx_t *proxy; ngx_uint_t mail_state; unsigned ssl:1; unsigned protocol:3; unsigned blocked:1; unsigned quit:1; unsigned quoted:1; unsigned backslash:1; unsigned no_sync_literal:1; unsigned starttls:1; unsigned esmtp:1; unsigned auth_method:3; unsigned auth_wait:1; ngx_str_t login; ngx_str_t passwd; ngx_str_t salt; ngx_str_t tag; ngx_str_t tagged_line; ngx_str_t text; ngx_str_t *addr_text; ngx_str_t host; ngx_str_t smtp_helo; ngx_str_t smtp_from; ngx_str_t smtp_to; ngx_str_t cmd; ngx_uint_t command; ngx_array_t args; ngx_uint_t errors; ngx_uint_t login_attempt; /* used to parse POP3/IMAP/SMTP command */ ngx_uint_t state; u_char *tag_start; u_char *cmd_start; u_char *arg_start; ngx_uint_t literal_len; } ngx_mail_session_t; typedef struct { ngx_str_t *client; ngx_mail_session_t *session; } ngx_mail_log_ctx_t; #define NGX_POP3_USER 1 #define NGX_POP3_PASS 2 #define NGX_POP3_CAPA 3 #define NGX_POP3_QUIT 4 #define NGX_POP3_NOOP 5 #define NGX_POP3_STLS 6 #define NGX_POP3_APOP 7 #define NGX_POP3_AUTH 8 #define NGX_POP3_STAT 9 #define NGX_POP3_LIST 10 #define NGX_POP3_RETR 11 #define NGX_POP3_DELE 12 #define NGX_POP3_RSET 13 #define NGX_POP3_TOP 14 #define NGX_POP3_UIDL 15 #define NGX_IMAP_LOGIN 1 #define NGX_IMAP_LOGOUT 2 #define NGX_IMAP_CAPABILITY 3 #define NGX_IMAP_NOOP 4 #define NGX_IMAP_STARTTLS 5 #define NGX_IMAP_NEXT 6 #define NGX_IMAP_AUTHENTICATE 7 #define NGX_SMTP_HELO 1 #define NGX_SMTP_EHLO 2 #define NGX_SMTP_AUTH 3 #define NGX_SMTP_QUIT 4 #define NGX_SMTP_NOOP 5 #define NGX_SMTP_MAIL 6 #define NGX_SMTP_RSET 7 #define NGX_SMTP_RCPT 8 #define NGX_SMTP_DATA 9 #define NGX_SMTP_VRFY 10 #define NGX_SMTP_EXPN 11 #define NGX_SMTP_HELP 12 #define NGX_SMTP_STARTTLS 13 #define NGX_MAIL_AUTH_PLAIN 0 #define NGX_MAIL_AUTH_LOGIN 1 #define NGX_MAIL_AUTH_LOGIN_USERNAME 2 #define NGX_MAIL_AUTH_APOP 3 #define NGX_MAIL_AUTH_CRAM_MD5 4 #define NGX_MAIL_AUTH_EXTERNAL 5 #define NGX_MAIL_AUTH_NONE 6 #define NGX_MAIL_AUTH_PLAIN_ENABLED 0x0002 #define NGX_MAIL_AUTH_LOGIN_ENABLED 0x0004 #define NGX_MAIL_AUTH_APOP_ENABLED 0x0008 #define NGX_MAIL_AUTH_CRAM_MD5_ENABLED 0x0010 #define NGX_MAIL_AUTH_EXTERNAL_ENABLED 0x0020 #define NGX_MAIL_AUTH_NONE_ENABLED 0x0040 #define NGX_MAIL_PARSE_INVALID_COMMAND 20 typedef void (*ngx_mail_init_session_pt)(ngx_mail_session_t *s, ngx_connection_t *c); typedef void (*ngx_mail_init_protocol_pt)(ngx_event_t *rev); typedef void (*ngx_mail_auth_state_pt)(ngx_event_t *rev); typedef ngx_int_t (*ngx_mail_parse_command_pt)(ngx_mail_session_t *s); struct ngx_mail_protocol_s { ngx_str_t name; ngx_str_t alpn; in_port_t port[4]; ngx_uint_t type; ngx_mail_init_session_pt init_session; ngx_mail_init_protocol_pt init_protocol; ngx_mail_parse_command_pt parse_command; ngx_mail_auth_state_pt auth_state; ngx_str_t internal_server_error; ngx_str_t cert_error; ngx_str_t no_cert; }; typedef struct { ngx_mail_protocol_t *protocol; void *(*create_main_conf)(ngx_conf_t *cf); char *(*init_main_conf)(ngx_conf_t *cf, void *conf); void *(*create_srv_conf)(ngx_conf_t *cf); char *(*merge_srv_conf)(ngx_conf_t *cf, void *prev, void *conf); } ngx_mail_module_t; #define NGX_MAIL_MODULE 0x4C49414D /* "MAIL" */ #define NGX_MAIL_MAIN_CONF 0x02000000 #define NGX_MAIL_SRV_CONF 0x04000000 #define NGX_MAIL_MAIN_CONF_OFFSET offsetof(ngx_mail_conf_ctx_t, main_conf) #define NGX_MAIL_SRV_CONF_OFFSET offsetof(ngx_mail_conf_ctx_t, srv_conf) #define ngx_mail_get_module_ctx(s, module) (s)->ctx[module.ctx_index] #define ngx_mail_set_ctx(s, c, module) s->ctx[module.ctx_index] = c; #define ngx_mail_delete_ctx(s, module) s->ctx[module.ctx_index] = NULL; #define ngx_mail_get_module_main_conf(s, module) \ (s)->main_conf[module.ctx_index] #define ngx_mail_get_module_srv_conf(s, module) (s)->srv_conf[module.ctx_index] #define ngx_mail_conf_get_module_main_conf(cf, module) \ ((ngx_mail_conf_ctx_t *) cf->ctx)->main_conf[module.ctx_index] #define ngx_mail_conf_get_module_srv_conf(cf, module) \ ((ngx_mail_conf_ctx_t *) cf->ctx)->srv_conf[module.ctx_index] #if (NGX_MAIL_SSL) void ngx_mail_starttls_handler(ngx_event_t *rev); ngx_int_t ngx_mail_starttls_only(ngx_mail_session_t *s, ngx_connection_t *c); #endif void ngx_mail_init_connection(ngx_connection_t *c); ngx_int_t ngx_mail_salt(ngx_mail_session_t *s, ngx_connection_t *c, ngx_mail_core_srv_conf_t *cscf); ngx_int_t ngx_mail_auth_plain(ngx_mail_session_t *s, ngx_connection_t *c, ngx_uint_t n); ngx_int_t ngx_mail_auth_login_username(ngx_mail_session_t *s, ngx_connection_t *c, ngx_uint_t n); ngx_int_t ngx_mail_auth_login_password(ngx_mail_session_t *s, ngx_connection_t *c); ngx_int_t ngx_mail_auth_cram_md5_salt(ngx_mail_session_t *s, ngx_connection_t *c, char *prefix, size_t len); ngx_int_t ngx_mail_auth_cram_md5(ngx_mail_session_t *s, ngx_connection_t *c); ngx_int_t ngx_mail_auth_external(ngx_mail_session_t *s, ngx_connection_t *c, ngx_uint_t n); ngx_int_t ngx_mail_auth_parse(ngx_mail_session_t *s, ngx_connection_t *c); void ngx_mail_send(ngx_event_t *wev); ngx_int_t ngx_mail_read_command(ngx_mail_session_t *s, ngx_connection_t *c); void ngx_mail_auth(ngx_mail_session_t *s, ngx_connection_t *c); void ngx_mail_close_connection(ngx_connection_t *c); void ngx_mail_session_internal_server_error(ngx_mail_session_t *s); u_char *ngx_mail_log_error(ngx_log_t *log, u_char *buf, size_t len); char *ngx_mail_capabilities(ngx_conf_t *cf, ngx_command_t *cmd, void *conf); /* STUB */ void ngx_mail_proxy_init(ngx_mail_session_t *s, ngx_addr_t *peer); void ngx_mail_auth_http_init(ngx_mail_session_t *s); ngx_int_t ngx_mail_realip_handler(ngx_mail_session_t *s); /**/ extern ngx_uint_t ngx_mail_max_module; extern ngx_module_t ngx_mail_core_module; #endif /* _NGX_MAIL_H_INCLUDED_ */