Mercurial > hg > nginx-quic
annotate src/mail/ngx_mail_auth_http_module.c @ 6230:2a621245f4cf
Win32: MSVC 2015 compatibility.
Resolved warnings about declarations that hide previous local declarations.
Warnings about WSASocketA() being deprecated resolved by explicit use of
WSASocketW() instead of WSASocket(). When compiling without IPv6 support,
WinSock deprecated warnings are disabled to allow use of gethostbyname().
author | Maxim Dounin <mdounin@mdounin.ru> |
---|---|
date | Mon, 17 Aug 2015 18:09:17 +0300 |
parents | add12ee1d01c |
children | f01ab2dbcfdc |
rev | line source |
---|---|
521 | 1 |
2 /* | |
3 * Copyright (C) Igor Sysoev | |
4412 | 4 * Copyright (C) Nginx, Inc. |
521 | 5 */ |
6 | |
7 | |
8 #include <ngx_config.h> | |
9 #include <ngx_core.h> | |
10 #include <ngx_event.h> | |
11 #include <ngx_event_connect.h> | |
1136 | 12 #include <ngx_mail.h> |
521 | 13 |
14 | |
15 typedef struct { | |
3269
f0d596e84634
rename ngx_peer_addr_t to ngx_addr_t
Igor Sysoev <igor@sysoev.ru>
parents:
3267
diff
changeset
|
16 ngx_addr_t *peer; |
521 | 17 |
527 | 18 ngx_msec_t timeout; |
5989
ec01b1d1fff1
Mail: client SSL certificates support.
Maxim Dounin <mdounin@mdounin.ru>
parents:
5988
diff
changeset
|
19 ngx_flag_t pass_client_cert; |
521 | 20 |
527 | 21 ngx_str_t host_header; |
22 ngx_str_t uri; | |
573 | 23 ngx_str_t header; |
24 | |
25 ngx_array_t *headers; | |
1392 | 26 |
27 u_char *file; | |
28 ngx_uint_t line; | |
1136 | 29 } ngx_mail_auth_http_conf_t; |
521 | 30 |
31 | |
1136 | 32 typedef struct ngx_mail_auth_http_ctx_s ngx_mail_auth_http_ctx_t; |
527 | 33 |
1136 | 34 typedef void (*ngx_mail_auth_http_handler_pt)(ngx_mail_session_t *s, |
35 ngx_mail_auth_http_ctx_t *ctx); | |
527 | 36 |
1136 | 37 struct ngx_mail_auth_http_ctx_s { |
527 | 38 ngx_buf_t *request; |
39 ngx_buf_t *response; | |
40 ngx_peer_connection_t peer; | |
41 | |
1136 | 42 ngx_mail_auth_http_handler_pt handler; |
527 | 43 |
44 ngx_uint_t state; | |
45 | |
46 u_char *header_name_start; | |
47 u_char *header_name_end; | |
48 u_char *header_start; | |
49 u_char *header_end; | |
50 | |
51 ngx_str_t addr; | |
52 ngx_str_t port; | |
53 ngx_str_t err; | |
567 | 54 ngx_str_t errmsg; |
1136 | 55 ngx_str_t errcode; |
527 | 56 |
547 | 57 time_t sleep; |
527 | 58 |
547 | 59 ngx_pool_t *pool; |
527 | 60 }; |
521 | 61 |
62 | |
1136 | 63 static void ngx_mail_auth_http_write_handler(ngx_event_t *wev); |
64 static void ngx_mail_auth_http_read_handler(ngx_event_t *rev); | |
65 static void ngx_mail_auth_http_ignore_status_line(ngx_mail_session_t *s, | |
66 ngx_mail_auth_http_ctx_t *ctx); | |
67 static void ngx_mail_auth_http_process_headers(ngx_mail_session_t *s, | |
68 ngx_mail_auth_http_ctx_t *ctx); | |
69 static void ngx_mail_auth_sleep_handler(ngx_event_t *rev); | |
70 static ngx_int_t ngx_mail_auth_http_parse_header_line(ngx_mail_session_t *s, | |
71 ngx_mail_auth_http_ctx_t *ctx); | |
72 static void ngx_mail_auth_http_block_read(ngx_event_t *rev); | |
73 static void ngx_mail_auth_http_dummy_handler(ngx_event_t *ev); | |
74 static ngx_buf_t *ngx_mail_auth_http_create_request(ngx_mail_session_t *s, | |
75 ngx_pool_t *pool, ngx_mail_auth_http_conf_t *ahcf); | |
76 static ngx_int_t ngx_mail_auth_http_escape(ngx_pool_t *pool, ngx_str_t *text, | |
633 | 77 ngx_str_t *escaped); |
521 | 78 |
1136 | 79 static void *ngx_mail_auth_http_create_conf(ngx_conf_t *cf); |
80 static char *ngx_mail_auth_http_merge_conf(ngx_conf_t *cf, void *parent, | |
521 | 81 void *child); |
1136 | 82 static char *ngx_mail_auth_http(ngx_conf_t *cf, ngx_command_t *cmd, void *conf); |
83 static char *ngx_mail_auth_http_header(ngx_conf_t *cf, ngx_command_t *cmd, | |
573 | 84 void *conf); |
521 | 85 |
86 | |
1136 | 87 static ngx_command_t ngx_mail_auth_http_commands[] = { |
521 | 88 |
89 { ngx_string("auth_http"), | |
1136 | 90 NGX_MAIL_MAIN_CONF|NGX_MAIL_SRV_CONF|NGX_CONF_TAKE1, |
91 ngx_mail_auth_http, | |
92 NGX_MAIL_SRV_CONF_OFFSET, | |
521 | 93 0, |
94 NULL }, | |
95 | |
96 { ngx_string("auth_http_timeout"), | |
1136 | 97 NGX_MAIL_MAIN_CONF|NGX_MAIL_SRV_CONF|NGX_CONF_TAKE1, |
521 | 98 ngx_conf_set_msec_slot, |
1136 | 99 NGX_MAIL_SRV_CONF_OFFSET, |
100 offsetof(ngx_mail_auth_http_conf_t, timeout), | |
521 | 101 NULL }, |
102 | |
573 | 103 { ngx_string("auth_http_header"), |
1136 | 104 NGX_MAIL_MAIN_CONF|NGX_MAIL_SRV_CONF|NGX_CONF_TAKE2, |
105 ngx_mail_auth_http_header, | |
106 NGX_MAIL_SRV_CONF_OFFSET, | |
573 | 107 0, |
108 NULL }, | |
109 | |
5989
ec01b1d1fff1
Mail: client SSL certificates support.
Maxim Dounin <mdounin@mdounin.ru>
parents:
5988
diff
changeset
|
110 { ngx_string("auth_http_pass_client_cert"), |
ec01b1d1fff1
Mail: client SSL certificates support.
Maxim Dounin <mdounin@mdounin.ru>
parents:
5988
diff
changeset
|
111 NGX_MAIL_MAIN_CONF|NGX_MAIL_SRV_CONF|NGX_CONF_FLAG, |
ec01b1d1fff1
Mail: client SSL certificates support.
Maxim Dounin <mdounin@mdounin.ru>
parents:
5988
diff
changeset
|
112 ngx_conf_set_flag_slot, |
ec01b1d1fff1
Mail: client SSL certificates support.
Maxim Dounin <mdounin@mdounin.ru>
parents:
5988
diff
changeset
|
113 NGX_MAIL_SRV_CONF_OFFSET, |
ec01b1d1fff1
Mail: client SSL certificates support.
Maxim Dounin <mdounin@mdounin.ru>
parents:
5988
diff
changeset
|
114 offsetof(ngx_mail_auth_http_conf_t, pass_client_cert), |
ec01b1d1fff1
Mail: client SSL certificates support.
Maxim Dounin <mdounin@mdounin.ru>
parents:
5988
diff
changeset
|
115 NULL }, |
ec01b1d1fff1
Mail: client SSL certificates support.
Maxim Dounin <mdounin@mdounin.ru>
parents:
5988
diff
changeset
|
116 |
521 | 117 ngx_null_command |
118 }; | |
119 | |
120 | |
1136 | 121 static ngx_mail_module_t ngx_mail_auth_http_module_ctx = { |
1487
f69493e8faab
ngx_mail_pop3_module, ngx_mail_imap_module, and ngx_mail_smtp_module
Igor Sysoev <igor@sysoev.ru>
parents:
1478
diff
changeset
|
122 NULL, /* protocol */ |
f69493e8faab
ngx_mail_pop3_module, ngx_mail_imap_module, and ngx_mail_smtp_module
Igor Sysoev <igor@sysoev.ru>
parents:
1478
diff
changeset
|
123 |
521 | 124 NULL, /* create main configuration */ |
125 NULL, /* init main configuration */ | |
126 | |
1136 | 127 ngx_mail_auth_http_create_conf, /* create server configuration */ |
128 ngx_mail_auth_http_merge_conf /* merge server configuration */ | |
521 | 129 }; |
130 | |
131 | |
1136 | 132 ngx_module_t ngx_mail_auth_http_module = { |
521 | 133 NGX_MODULE_V1, |
1136 | 134 &ngx_mail_auth_http_module_ctx, /* module context */ |
135 ngx_mail_auth_http_commands, /* module directives */ | |
136 NGX_MAIL_MODULE, /* module type */ | |
541 | 137 NULL, /* init master */ |
521 | 138 NULL, /* init module */ |
541 | 139 NULL, /* init process */ |
140 NULL, /* init thread */ | |
141 NULL, /* exit thread */ | |
142 NULL, /* exit process */ | |
143 NULL, /* exit master */ | |
144 NGX_MODULE_V1_PADDING | |
521 | 145 }; |
146 | |
147 | |
1136 | 148 static ngx_str_t ngx_mail_auth_http_method[] = { |
149 ngx_string("plain"), | |
809 | 150 ngx_string("plain"), |
2748
2477b28eaccb
fix Auth-Method, the bug has been introduced in r2496
Igor Sysoev <igor@sysoev.ru>
parents:
2388
diff
changeset
|
151 ngx_string("plain"), |
809 | 152 ngx_string("apop"), |
2309 | 153 ngx_string("cram-md5"), |
154 ngx_string("none") | |
800 | 155 }; |
521 | 156 |
1136 | 157 static ngx_str_t ngx_mail_smtp_errcode = ngx_string("535 5.7.0"); |
521 | 158 |
1477 | 159 |
521 | 160 void |
1136 | 161 ngx_mail_auth_http_init(ngx_mail_session_t *s) |
521 | 162 { |
163 ngx_int_t rc; | |
547 | 164 ngx_pool_t *pool; |
1136 | 165 ngx_mail_auth_http_ctx_t *ctx; |
166 ngx_mail_auth_http_conf_t *ahcf; | |
521 | 167 |
541 | 168 s->connection->log->action = "in http auth state"; |
169 | |
547 | 170 pool = ngx_create_pool(2048, s->connection->log); |
171 if (pool == NULL) { | |
1136 | 172 ngx_mail_session_internal_server_error(s); |
521 | 173 return; |
174 } | |
175 | |
1136 | 176 ctx = ngx_pcalloc(pool, sizeof(ngx_mail_auth_http_ctx_t)); |
547 | 177 if (ctx == NULL) { |
178 ngx_destroy_pool(pool); | |
1136 | 179 ngx_mail_session_internal_server_error(s); |
547 | 180 return; |
181 } | |
182 | |
183 ctx->pool = pool; | |
184 | |
1136 | 185 ahcf = ngx_mail_get_module_srv_conf(s, ngx_mail_auth_http_module); |
521 | 186 |
1136 | 187 ctx->request = ngx_mail_auth_http_create_request(s, pool, ahcf); |
521 | 188 if (ctx->request == NULL) { |
547 | 189 ngx_destroy_pool(ctx->pool); |
1136 | 190 ngx_mail_session_internal_server_error(s); |
521 | 191 return; |
192 } | |
193 | |
1136 | 194 ngx_mail_set_ctx(s, ctx, ngx_mail_auth_http_module); |
521 | 195 |
884 | 196 ctx->peer.sockaddr = ahcf->peer->sockaddr; |
197 ctx->peer.socklen = ahcf->peer->socklen; | |
198 ctx->peer.name = &ahcf->peer->name; | |
199 ctx->peer.get = ngx_event_get_peer; | |
521 | 200 ctx->peer.log = s->connection->log; |
201 ctx->peer.log_error = NGX_ERROR_ERR; | |
202 | |
203 rc = ngx_event_connect_peer(&ctx->peer); | |
204 | |
543 | 205 if (rc == NGX_ERROR || rc == NGX_BUSY || rc == NGX_DECLINED) { |
862
6044cea025fa
fix segfault when connect() failed
Igor Sysoev <igor@sysoev.ru>
parents:
856
diff
changeset
|
206 if (ctx->peer.connection) { |
6044cea025fa
fix segfault when connect() failed
Igor Sysoev <igor@sysoev.ru>
parents:
856
diff
changeset
|
207 ngx_close_connection(ctx->peer.connection); |
6044cea025fa
fix segfault when connect() failed
Igor Sysoev <igor@sysoev.ru>
parents:
856
diff
changeset
|
208 } |
6044cea025fa
fix segfault when connect() failed
Igor Sysoev <igor@sysoev.ru>
parents:
856
diff
changeset
|
209 |
547 | 210 ngx_destroy_pool(ctx->pool); |
1136 | 211 ngx_mail_session_internal_server_error(s); |
521 | 212 return; |
213 } | |
214 | |
215 ctx->peer.connection->data = s; | |
216 ctx->peer.connection->pool = s->connection->pool; | |
217 | |
1136 | 218 s->connection->read->handler = ngx_mail_auth_http_block_read; |
219 ctx->peer.connection->read->handler = ngx_mail_auth_http_read_handler; | |
220 ctx->peer.connection->write->handler = ngx_mail_auth_http_write_handler; | |
521 | 221 |
1136 | 222 ctx->handler = ngx_mail_auth_http_ignore_status_line; |
527 | 223 |
541 | 224 ngx_add_timer(ctx->peer.connection->read, ahcf->timeout); |
225 ngx_add_timer(ctx->peer.connection->write, ahcf->timeout); | |
226 | |
521 | 227 if (rc == NGX_OK) { |
1136 | 228 ngx_mail_auth_http_write_handler(ctx->peer.connection->write); |
521 | 229 return; |
230 } | |
231 } | |
232 | |
233 | |
234 static void | |
1136 | 235 ngx_mail_auth_http_write_handler(ngx_event_t *wev) |
521 | 236 { |
237 ssize_t n, size; | |
238 ngx_connection_t *c; | |
1136 | 239 ngx_mail_session_t *s; |
240 ngx_mail_auth_http_ctx_t *ctx; | |
241 ngx_mail_auth_http_conf_t *ahcf; | |
521 | 242 |
243 c = wev->data; | |
244 s = c->data; | |
245 | |
1136 | 246 ctx = ngx_mail_get_module_ctx(s, ngx_mail_auth_http_module); |
521 | 247 |
1136 | 248 ngx_log_debug0(NGX_LOG_DEBUG_MAIL, wev->log, 0, |
249 "mail auth http write handler"); | |
521 | 250 |
577 | 251 if (wev->timedout) { |
521 | 252 ngx_log_error(NGX_LOG_ERR, wev->log, NGX_ETIMEDOUT, |
884 | 253 "auth http server %V timed out", ctx->peer.name); |
1478 | 254 ngx_close_connection(c); |
547 | 255 ngx_destroy_pool(ctx->pool); |
1136 | 256 ngx_mail_session_internal_server_error(s); |
521 | 257 return; |
258 } | |
259 | |
260 size = ctx->request->last - ctx->request->pos; | |
261 | |
262 n = ngx_send(c, ctx->request->pos, size); | |
263 | |
264 if (n == NGX_ERROR) { | |
1478 | 265 ngx_close_connection(c); |
547 | 266 ngx_destroy_pool(ctx->pool); |
1136 | 267 ngx_mail_session_internal_server_error(s); |
521 | 268 return; |
269 } | |
270 | |
271 if (n > 0) { | |
272 ctx->request->pos += n; | |
273 | |
274 if (n == size) { | |
1136 | 275 wev->handler = ngx_mail_auth_http_dummy_handler; |
521 | 276 |
277 if (wev->timer_set) { | |
278 ngx_del_timer(wev); | |
279 } | |
280 | |
2388
722b5aff05ae
use "!= NGX_OK" instead of "== NGX_ERROR"
Igor Sysoev <igor@sysoev.ru>
parents:
2310
diff
changeset
|
281 if (ngx_handle_write_event(wev, 0) != NGX_OK) { |
1478 | 282 ngx_close_connection(c); |
799
9737d6fb1ac6
disable write level event while waiting auth server response
Igor Sysoev <igor@sysoev.ru>
parents:
633
diff
changeset
|
283 ngx_destroy_pool(ctx->pool); |
1136 | 284 ngx_mail_session_internal_server_error(s); |
799
9737d6fb1ac6
disable write level event while waiting auth server response
Igor Sysoev <igor@sysoev.ru>
parents:
633
diff
changeset
|
285 } |
9737d6fb1ac6
disable write level event while waiting auth server response
Igor Sysoev <igor@sysoev.ru>
parents:
633
diff
changeset
|
286 |
521 | 287 return; |
288 } | |
289 } | |
290 | |
291 if (!wev->timer_set) { | |
1136 | 292 ahcf = ngx_mail_get_module_srv_conf(s, ngx_mail_auth_http_module); |
521 | 293 ngx_add_timer(wev, ahcf->timeout); |
294 } | |
295 } | |
296 | |
297 | |
298 static void | |
1136 | 299 ngx_mail_auth_http_read_handler(ngx_event_t *rev) |
521 | 300 { |
525 | 301 ssize_t n, size; |
521 | 302 ngx_connection_t *c; |
1136 | 303 ngx_mail_session_t *s; |
304 ngx_mail_auth_http_ctx_t *ctx; | |
521 | 305 |
306 c = rev->data; | |
307 s = c->data; | |
308 | |
1136 | 309 ngx_log_debug0(NGX_LOG_DEBUG_MAIL, rev->log, 0, |
310 "mail auth http read handler"); | |
521 | 311 |
1136 | 312 ctx = ngx_mail_get_module_ctx(s, ngx_mail_auth_http_module); |
525 | 313 |
577 | 314 if (rev->timedout) { |
525 | 315 ngx_log_error(NGX_LOG_ERR, rev->log, NGX_ETIMEDOUT, |
884 | 316 "auth http server %V timed out", ctx->peer.name); |
1478 | 317 ngx_close_connection(c); |
547 | 318 ngx_destroy_pool(ctx->pool); |
1136 | 319 ngx_mail_session_internal_server_error(s); |
525 | 320 return; |
321 } | |
322 | |
323 if (ctx->response == NULL) { | |
547 | 324 ctx->response = ngx_create_temp_buf(ctx->pool, 1024); |
525 | 325 if (ctx->response == NULL) { |
1478 | 326 ngx_close_connection(c); |
547 | 327 ngx_destroy_pool(ctx->pool); |
1136 | 328 ngx_mail_session_internal_server_error(s); |
525 | 329 return; |
330 } | |
331 } | |
332 | |
527 | 333 size = ctx->response->end - ctx->response->last; |
525 | 334 |
335 n = ngx_recv(c, ctx->response->pos, size); | |
336 | |
527 | 337 if (n > 0) { |
338 ctx->response->last += n; | |
339 | |
340 ctx->handler(s, ctx); | |
341 return; | |
342 } | |
343 | |
344 if (n == NGX_AGAIN) { | |
525 | 345 return; |
346 } | |
347 | |
1478 | 348 ngx_close_connection(c); |
547 | 349 ngx_destroy_pool(ctx->pool); |
1136 | 350 ngx_mail_session_internal_server_error(s); |
527 | 351 } |
525 | 352 |
353 | |
527 | 354 static void |
1136 | 355 ngx_mail_auth_http_ignore_status_line(ngx_mail_session_t *s, |
356 ngx_mail_auth_http_ctx_t *ctx) | |
527 | 357 { |
358 u_char *p, ch; | |
359 enum { | |
360 sw_start = 0, | |
361 sw_H, | |
362 sw_HT, | |
363 sw_HTT, | |
364 sw_HTTP, | |
365 sw_skip, | |
366 sw_almost_done | |
367 } state; | |
368 | |
1136 | 369 ngx_log_debug0(NGX_LOG_DEBUG_MAIL, s->connection->log, 0, |
370 "mail auth http process status line"); | |
527 | 371 |
372 state = ctx->state; | |
373 | |
374 for (p = ctx->response->pos; p < ctx->response->last; p++) { | |
375 ch = *p; | |
376 | |
377 switch (state) { | |
378 | |
379 /* "HTTP/" */ | |
380 case sw_start: | |
381 if (ch == 'H') { | |
382 state = sw_H; | |
383 break; | |
384 } | |
385 goto next; | |
386 | |
387 case sw_H: | |
388 if (ch == 'T') { | |
389 state = sw_HT; | |
390 break; | |
391 } | |
392 goto next; | |
393 | |
394 case sw_HT: | |
395 if (ch == 'T') { | |
396 state = sw_HTT; | |
397 break; | |
398 } | |
399 goto next; | |
400 | |
401 case sw_HTT: | |
402 if (ch == 'P') { | |
403 state = sw_HTTP; | |
404 break; | |
405 } | |
406 goto next; | |
407 | |
408 case sw_HTTP: | |
409 if (ch == '/') { | |
410 state = sw_skip; | |
411 break; | |
412 } | |
413 goto next; | |
414 | |
415 /* any text until end of line */ | |
416 case sw_skip: | |
417 switch (ch) { | |
418 case CR: | |
419 state = sw_almost_done; | |
420 | |
421 break; | |
577 | 422 case LF: |
527 | 423 goto done; |
424 } | |
425 break; | |
426 | |
427 /* end of status line */ | |
428 case sw_almost_done: | |
429 if (ch == LF) { | |
430 goto done; | |
431 } | |
432 | |
433 ngx_log_error(NGX_LOG_ERR, s->connection->log, 0, | |
541 | 434 "auth http server &V sent invalid response", |
884 | 435 ctx->peer.name); |
527 | 436 ngx_close_connection(ctx->peer.connection); |
547 | 437 ngx_destroy_pool(ctx->pool); |
1136 | 438 ngx_mail_session_internal_server_error(s); |
527 | 439 return; |
440 } | |
441 } | |
442 | |
443 ctx->response->pos = p; | |
444 ctx->state = state; | |
445 | |
446 return; | |
447 | |
448 next: | |
449 | |
450 p = ctx->response->start - 1; | |
451 | |
452 done: | |
453 | |
454 ctx->response->pos = p + 1; | |
455 ctx->state = 0; | |
1136 | 456 ctx->handler = ngx_mail_auth_http_process_headers; |
527 | 457 ctx->handler(s, ctx); |
458 } | |
525 | 459 |
460 | |
527 | 461 static void |
1136 | 462 ngx_mail_auth_http_process_headers(ngx_mail_session_t *s, |
463 ngx_mail_auth_http_ctx_t *ctx) | |
527 | 464 { |
5134
c788e54090de
Mail: IPv6 backends (ticket #323).
Ruslan Ermilov <ru@nginx.com>
parents:
4971
diff
changeset
|
465 u_char *p; |
c788e54090de
Mail: IPv6 backends (ticket #323).
Ruslan Ermilov <ru@nginx.com>
parents:
4971
diff
changeset
|
466 time_t timer; |
c788e54090de
Mail: IPv6 backends (ticket #323).
Ruslan Ermilov <ru@nginx.com>
parents:
4971
diff
changeset
|
467 size_t len, size; |
c788e54090de
Mail: IPv6 backends (ticket #323).
Ruslan Ermilov <ru@nginx.com>
parents:
4971
diff
changeset
|
468 ngx_int_t rc, port, n; |
c788e54090de
Mail: IPv6 backends (ticket #323).
Ruslan Ermilov <ru@nginx.com>
parents:
4971
diff
changeset
|
469 ngx_addr_t *peer; |
c788e54090de
Mail: IPv6 backends (ticket #323).
Ruslan Ermilov <ru@nginx.com>
parents:
4971
diff
changeset
|
470 struct sockaddr_in *sin; |
c788e54090de
Mail: IPv6 backends (ticket #323).
Ruslan Ermilov <ru@nginx.com>
parents:
4971
diff
changeset
|
471 #if (NGX_HAVE_INET6) |
c788e54090de
Mail: IPv6 backends (ticket #323).
Ruslan Ermilov <ru@nginx.com>
parents:
4971
diff
changeset
|
472 struct sockaddr_in6 *sin6; |
c788e54090de
Mail: IPv6 backends (ticket #323).
Ruslan Ermilov <ru@nginx.com>
parents:
4971
diff
changeset
|
473 #endif |
525 | 474 |
1136 | 475 ngx_log_debug0(NGX_LOG_DEBUG_MAIL, s->connection->log, 0, |
476 "mail auth http process headers"); | |
527 | 477 |
478 for ( ;; ) { | |
1136 | 479 rc = ngx_mail_auth_http_parse_header_line(s, ctx); |
527 | 480 |
481 if (rc == NGX_OK) { | |
482 | |
483 #if (NGX_DEBUG) | |
484 { | |
485 ngx_str_t key, value; | |
486 | |
487 key.len = ctx->header_name_end - ctx->header_name_start; | |
488 key.data = ctx->header_name_start; | |
489 value.len = ctx->header_end - ctx->header_start; | |
490 value.data = ctx->header_start; | |
491 | |
1136 | 492 ngx_log_debug2(NGX_LOG_DEBUG_MAIL, s->connection->log, 0, |
493 "mail auth http header: \"%V: %V\"", | |
527 | 494 &key, &value); |
495 } | |
496 #endif | |
497 | |
498 len = ctx->header_name_end - ctx->header_name_start; | |
499 | |
500 if (len == sizeof("Auth-Status") - 1 | |
1107
db7c468c447d
ngx_strcasecmp()/ngx_strncasecmp()
Igor Sysoev <igor@sysoev.ru>
parents:
906
diff
changeset
|
501 && ngx_strncasecmp(ctx->header_name_start, |
db7c468c447d
ngx_strcasecmp()/ngx_strncasecmp()
Igor Sysoev <igor@sysoev.ru>
parents:
906
diff
changeset
|
502 (u_char *) "Auth-Status", |
db7c468c447d
ngx_strcasecmp()/ngx_strncasecmp()
Igor Sysoev <igor@sysoev.ru>
parents:
906
diff
changeset
|
503 sizeof("Auth-Status") - 1) |
db7c468c447d
ngx_strcasecmp()/ngx_strncasecmp()
Igor Sysoev <igor@sysoev.ru>
parents:
906
diff
changeset
|
504 == 0) |
527 | 505 { |
506 len = ctx->header_end - ctx->header_start; | |
507 | |
508 if (len == 2 | |
509 && ctx->header_start[0] == 'O' | |
510 && ctx->header_start[1] == 'K') | |
511 { | |
512 continue; | |
513 } | |
514 | |
883 | 515 if (len == 4 |
516 && ctx->header_start[0] == 'W' | |
517 && ctx->header_start[1] == 'A' | |
518 && ctx->header_start[2] == 'I' | |
519 && ctx->header_start[3] == 'T') | |
520 { | |
521 s->auth_wait = 1; | |
522 continue; | |
523 } | |
524 | |
567 | 525 ctx->errmsg.len = len; |
526 ctx->errmsg.data = ctx->header_start; | |
527 | |
1136 | 528 switch (s->protocol) { |
529 | |
530 case NGX_MAIL_POP3_PROTOCOL: | |
854
1673f197bc62
fix segfault when many auth failures occurred
Igor Sysoev <igor@sysoev.ru>
parents:
809
diff
changeset
|
531 size = sizeof("-ERR ") - 1 + len + sizeof(CRLF) - 1; |
1136 | 532 break; |
527 | 533 |
1136 | 534 case NGX_MAIL_IMAP_PROTOCOL: |
854
1673f197bc62
fix segfault when many auth failures occurred
Igor Sysoev <igor@sysoev.ru>
parents:
809
diff
changeset
|
535 size = s->tag.len + sizeof("NO ") - 1 + len |
527 | 536 + sizeof(CRLF) - 1; |
1136 | 537 break; |
538 | |
539 default: /* NGX_MAIL_SMTP_PROTOCOL */ | |
540 ctx->err = ctx->errmsg; | |
541 continue; | |
527 | 542 } |
543 | |
2061
b0a1c84725cf
change useless ngx_pcalloc() to ngx_pnalloc()
Igor Sysoev <igor@sysoev.ru>
parents:
2049
diff
changeset
|
544 p = ngx_pnalloc(s->connection->pool, size); |
527 | 545 if (p == NULL) { |
543 | 546 ngx_close_connection(ctx->peer.connection); |
547 | 547 ngx_destroy_pool(ctx->pool); |
1136 | 548 ngx_mail_session_internal_server_error(s); |
527 | 549 return; |
550 } | |
551 | |
552 ctx->err.data = p; | |
553 | |
1136 | 554 switch (s->protocol) { |
527 | 555 |
1136 | 556 case NGX_MAIL_POP3_PROTOCOL: |
557 *p++ = '-'; *p++ = 'E'; *p++ = 'R'; *p++ = 'R'; *p++ = ' '; | |
558 break; | |
559 | |
560 case NGX_MAIL_IMAP_PROTOCOL: | |
527 | 561 p = ngx_cpymem(p, s->tag.data, s->tag.len); |
1136 | 562 *p++ = 'N'; *p++ = 'O'; *p++ = ' '; |
563 break; | |
564 | |
565 default: /* NGX_MAIL_SMTP_PROTOCOL */ | |
566 break; | |
527 | 567 } |
568 | |
569 p = ngx_cpymem(p, ctx->header_start, len); | |
570 *p++ = CR; *p++ = LF; | |
571 | |
572 ctx->err.len = p - ctx->err.data; | |
573 | |
574 continue; | |
575 } | |
576 | |
577 if (len == sizeof("Auth-Server") - 1 | |
1107
db7c468c447d
ngx_strcasecmp()/ngx_strncasecmp()
Igor Sysoev <igor@sysoev.ru>
parents:
906
diff
changeset
|
578 && ngx_strncasecmp(ctx->header_name_start, |
db7c468c447d
ngx_strcasecmp()/ngx_strncasecmp()
Igor Sysoev <igor@sysoev.ru>
parents:
906
diff
changeset
|
579 (u_char *) "Auth-Server", |
db7c468c447d
ngx_strcasecmp()/ngx_strncasecmp()
Igor Sysoev <igor@sysoev.ru>
parents:
906
diff
changeset
|
580 sizeof("Auth-Server") - 1) |
db7c468c447d
ngx_strcasecmp()/ngx_strncasecmp()
Igor Sysoev <igor@sysoev.ru>
parents:
906
diff
changeset
|
581 == 0) |
527 | 582 { |
583 ctx->addr.len = ctx->header_end - ctx->header_start; | |
584 ctx->addr.data = ctx->header_start; | |
585 | |
586 continue; | |
587 } | |
588 | |
589 if (len == sizeof("Auth-Port") - 1 | |
1107
db7c468c447d
ngx_strcasecmp()/ngx_strncasecmp()
Igor Sysoev <igor@sysoev.ru>
parents:
906
diff
changeset
|
590 && ngx_strncasecmp(ctx->header_name_start, |
db7c468c447d
ngx_strcasecmp()/ngx_strncasecmp()
Igor Sysoev <igor@sysoev.ru>
parents:
906
diff
changeset
|
591 (u_char *) "Auth-Port", |
db7c468c447d
ngx_strcasecmp()/ngx_strncasecmp()
Igor Sysoev <igor@sysoev.ru>
parents:
906
diff
changeset
|
592 sizeof("Auth-Port") - 1) |
db7c468c447d
ngx_strcasecmp()/ngx_strncasecmp()
Igor Sysoev <igor@sysoev.ru>
parents:
906
diff
changeset
|
593 == 0) |
527 | 594 { |
595 ctx->port.len = ctx->header_end - ctx->header_start; | |
596 ctx->port.data = ctx->header_start; | |
597 | |
598 continue; | |
599 } | |
600 | |
601 if (len == sizeof("Auth-User") - 1 | |
1107
db7c468c447d
ngx_strcasecmp()/ngx_strncasecmp()
Igor Sysoev <igor@sysoev.ru>
parents:
906
diff
changeset
|
602 && ngx_strncasecmp(ctx->header_name_start, |
db7c468c447d
ngx_strcasecmp()/ngx_strncasecmp()
Igor Sysoev <igor@sysoev.ru>
parents:
906
diff
changeset
|
603 (u_char *) "Auth-User", |
db7c468c447d
ngx_strcasecmp()/ngx_strncasecmp()
Igor Sysoev <igor@sysoev.ru>
parents:
906
diff
changeset
|
604 sizeof("Auth-User") - 1) |
db7c468c447d
ngx_strcasecmp()/ngx_strncasecmp()
Igor Sysoev <igor@sysoev.ru>
parents:
906
diff
changeset
|
605 == 0) |
527 | 606 { |
607 s->login.len = ctx->header_end - ctx->header_start; | |
567 | 608 |
2049 | 609 s->login.data = ngx_pnalloc(s->connection->pool, s->login.len); |
567 | 610 if (s->login.data == NULL) { |
611 ngx_close_connection(ctx->peer.connection); | |
612 ngx_destroy_pool(ctx->pool); | |
1136 | 613 ngx_mail_session_internal_server_error(s); |
567 | 614 return; |
615 } | |
616 | |
617 ngx_memcpy(s->login.data, ctx->header_start, s->login.len); | |
527 | 618 |
619 continue; | |
620 } | |
621 | |
800 | 622 if (len == sizeof("Auth-Pass") - 1 |
1107
db7c468c447d
ngx_strcasecmp()/ngx_strncasecmp()
Igor Sysoev <igor@sysoev.ru>
parents:
906
diff
changeset
|
623 && ngx_strncasecmp(ctx->header_name_start, |
db7c468c447d
ngx_strcasecmp()/ngx_strncasecmp()
Igor Sysoev <igor@sysoev.ru>
parents:
906
diff
changeset
|
624 (u_char *) "Auth-Pass", |
db7c468c447d
ngx_strcasecmp()/ngx_strncasecmp()
Igor Sysoev <igor@sysoev.ru>
parents:
906
diff
changeset
|
625 sizeof("Auth-Pass") - 1) |
db7c468c447d
ngx_strcasecmp()/ngx_strncasecmp()
Igor Sysoev <igor@sysoev.ru>
parents:
906
diff
changeset
|
626 == 0) |
800 | 627 { |
628 s->passwd.len = ctx->header_end - ctx->header_start; | |
629 | |
2049 | 630 s->passwd.data = ngx_pnalloc(s->connection->pool, |
631 s->passwd.len); | |
800 | 632 if (s->passwd.data == NULL) { |
633 ngx_close_connection(ctx->peer.connection); | |
634 ngx_destroy_pool(ctx->pool); | |
1136 | 635 ngx_mail_session_internal_server_error(s); |
800 | 636 return; |
637 } | |
638 | |
639 ngx_memcpy(s->passwd.data, ctx->header_start, s->passwd.len); | |
640 | |
641 continue; | |
642 } | |
643 | |
527 | 644 if (len == sizeof("Auth-Wait") - 1 |
1107
db7c468c447d
ngx_strcasecmp()/ngx_strncasecmp()
Igor Sysoev <igor@sysoev.ru>
parents:
906
diff
changeset
|
645 && ngx_strncasecmp(ctx->header_name_start, |
db7c468c447d
ngx_strcasecmp()/ngx_strncasecmp()
Igor Sysoev <igor@sysoev.ru>
parents:
906
diff
changeset
|
646 (u_char *) "Auth-Wait", |
db7c468c447d
ngx_strcasecmp()/ngx_strncasecmp()
Igor Sysoev <igor@sysoev.ru>
parents:
906
diff
changeset
|
647 sizeof("Auth-Wait") - 1) |
db7c468c447d
ngx_strcasecmp()/ngx_strncasecmp()
Igor Sysoev <igor@sysoev.ru>
parents:
906
diff
changeset
|
648 == 0) |
527 | 649 { |
650 n = ngx_atoi(ctx->header_start, | |
651 ctx->header_end - ctx->header_start); | |
652 | |
653 if (n != NGX_ERROR) { | |
654 ctx->sleep = n; | |
655 } | |
656 | |
657 continue; | |
658 } | |
659 | |
1136 | 660 if (len == sizeof("Auth-Error-Code") - 1 |
661 && ngx_strncasecmp(ctx->header_name_start, | |
662 (u_char *) "Auth-Error-Code", | |
663 sizeof("Auth-Error-Code") - 1) | |
664 == 0) | |
665 { | |
666 ctx->errcode.len = ctx->header_end - ctx->header_start; | |
667 | |
2049 | 668 ctx->errcode.data = ngx_pnalloc(s->connection->pool, |
669 ctx->errcode.len); | |
1136 | 670 if (ctx->errcode.data == NULL) { |
671 ngx_close_connection(ctx->peer.connection); | |
672 ngx_destroy_pool(ctx->pool); | |
673 ngx_mail_session_internal_server_error(s); | |
674 return; | |
675 } | |
676 | |
677 ngx_memcpy(ctx->errcode.data, ctx->header_start, | |
678 ctx->errcode.len); | |
679 | |
680 continue; | |
681 } | |
682 | |
527 | 683 /* ignore other headers */ |
684 | |
685 continue; | |
686 } | |
687 | |
688 if (rc == NGX_DONE) { | |
1136 | 689 ngx_log_debug0(NGX_LOG_DEBUG_MAIL, s->connection->log, 0, |
690 "mail auth http header done"); | |
527 | 691 |
692 ngx_close_connection(ctx->peer.connection); | |
693 | |
694 if (ctx->err.len) { | |
1136 | 695 |
567 | 696 ngx_log_error(NGX_LOG_INFO, s->connection->log, 0, |
697 "client login failed: \"%V\"", &ctx->errmsg); | |
698 | |
1136 | 699 if (s->protocol == NGX_MAIL_SMTP_PROTOCOL) { |
700 | |
701 if (ctx->errcode.len == 0) { | |
702 ctx->errcode = ngx_mail_smtp_errcode; | |
703 } | |
704 | |
705 ctx->err.len = ctx->errcode.len + ctx->errmsg.len | |
706 + sizeof(" " CRLF) - 1; | |
707 | |
2049 | 708 p = ngx_pnalloc(s->connection->pool, ctx->err.len); |
1166 | 709 if (p == NULL) { |
710 ngx_destroy_pool(ctx->pool); | |
711 ngx_mail_session_internal_server_error(s); | |
712 return; | |
713 } | |
1136 | 714 |
1166 | 715 ctx->err.data = p; |
1136 | 716 |
1166 | 717 p = ngx_cpymem(p, ctx->errcode.data, ctx->errcode.len); |
1136 | 718 *p++ = ' '; |
1166 | 719 p = ngx_cpymem(p, ctx->errmsg.data, ctx->errmsg.len); |
1136 | 720 *p++ = CR; *p = LF; |
721 } | |
722 | |
539 | 723 s->out = ctx->err; |
547 | 724 timer = ctx->sleep; |
527 | 725 |
547 | 726 ngx_destroy_pool(ctx->pool); |
727 | |
728 if (timer == 0) { | |
539 | 729 s->quit = 1; |
1136 | 730 ngx_mail_send(s->connection->write); |
541 | 731 return; |
732 } | |
539 | 733 |
1640 | 734 ngx_add_timer(s->connection->read, (ngx_msec_t) (timer * 1000)); |
527 | 735 |
1136 | 736 s->connection->read->handler = ngx_mail_auth_sleep_handler; |
527 | 737 |
738 return; | |
739 } | |
740 | |
883 | 741 if (s->auth_wait) { |
742 timer = ctx->sleep; | |
743 | |
744 ngx_destroy_pool(ctx->pool); | |
745 | |
746 if (timer == 0) { | |
1136 | 747 ngx_mail_auth_http_init(s); |
883 | 748 return; |
749 } | |
750 | |
1640 | 751 ngx_add_timer(s->connection->read, (ngx_msec_t) (timer * 1000)); |
883 | 752 |
1136 | 753 s->connection->read->handler = ngx_mail_auth_sleep_handler; |
883 | 754 |
755 return; | |
756 } | |
757 | |
527 | 758 if (ctx->addr.len == 0 || ctx->port.len == 0) { |
759 ngx_log_error(NGX_LOG_ERR, s->connection->log, 0, | |
541 | 760 "auth http server %V did not send server or port", |
884 | 761 ctx->peer.name); |
547 | 762 ngx_destroy_pool(ctx->pool); |
1136 | 763 ngx_mail_session_internal_server_error(s); |
527 | 764 return; |
765 } | |
766 | |
1487
f69493e8faab
ngx_mail_pop3_module, ngx_mail_imap_module, and ngx_mail_smtp_module
Igor Sysoev <igor@sysoev.ru>
parents:
1478
diff
changeset
|
767 if (s->passwd.data == NULL |
f69493e8faab
ngx_mail_pop3_module, ngx_mail_imap_module, and ngx_mail_smtp_module
Igor Sysoev <igor@sysoev.ru>
parents:
1478
diff
changeset
|
768 && s->protocol != NGX_MAIL_SMTP_PROTOCOL) |
1136 | 769 { |
800 | 770 ngx_log_error(NGX_LOG_ERR, s->connection->log, 0, |
771 "auth http server %V did not send password", | |
884 | 772 ctx->peer.name); |
800 | 773 ngx_destroy_pool(ctx->pool); |
1136 | 774 ngx_mail_session_internal_server_error(s); |
800 | 775 return; |
776 } | |
777 | |
3269
f0d596e84634
rename ngx_peer_addr_t to ngx_addr_t
Igor Sysoev <igor@sysoev.ru>
parents:
3267
diff
changeset
|
778 peer = ngx_pcalloc(s->connection->pool, sizeof(ngx_addr_t)); |
884 | 779 if (peer == NULL) { |
547 | 780 ngx_destroy_pool(ctx->pool); |
1136 | 781 ngx_mail_session_internal_server_error(s); |
527 | 782 return; |
783 } | |
784 | |
5134
c788e54090de
Mail: IPv6 backends (ticket #323).
Ruslan Ermilov <ru@nginx.com>
parents:
4971
diff
changeset
|
785 rc = ngx_parse_addr(s->connection->pool, peer, |
c788e54090de
Mail: IPv6 backends (ticket #323).
Ruslan Ermilov <ru@nginx.com>
parents:
4971
diff
changeset
|
786 ctx->addr.data, ctx->addr.len); |
c788e54090de
Mail: IPv6 backends (ticket #323).
Ruslan Ermilov <ru@nginx.com>
parents:
4971
diff
changeset
|
787 |
c788e54090de
Mail: IPv6 backends (ticket #323).
Ruslan Ermilov <ru@nginx.com>
parents:
4971
diff
changeset
|
788 switch (rc) { |
c788e54090de
Mail: IPv6 backends (ticket #323).
Ruslan Ermilov <ru@nginx.com>
parents:
4971
diff
changeset
|
789 case NGX_OK: |
c788e54090de
Mail: IPv6 backends (ticket #323).
Ruslan Ermilov <ru@nginx.com>
parents:
4971
diff
changeset
|
790 break; |
2855
a96a8c916b0c
mail proxy listen IPv6 support
Igor Sysoev <igor@sysoev.ru>
parents:
2748
diff
changeset
|
791 |
5134
c788e54090de
Mail: IPv6 backends (ticket #323).
Ruslan Ermilov <ru@nginx.com>
parents:
4971
diff
changeset
|
792 case NGX_DECLINED: |
c788e54090de
Mail: IPv6 backends (ticket #323).
Ruslan Ermilov <ru@nginx.com>
parents:
4971
diff
changeset
|
793 ngx_log_error(NGX_LOG_ERR, s->connection->log, 0, |
c788e54090de
Mail: IPv6 backends (ticket #323).
Ruslan Ermilov <ru@nginx.com>
parents:
4971
diff
changeset
|
794 "auth http server %V sent invalid server " |
c788e54090de
Mail: IPv6 backends (ticket #323).
Ruslan Ermilov <ru@nginx.com>
parents:
4971
diff
changeset
|
795 "address:\"%V\"", |
c788e54090de
Mail: IPv6 backends (ticket #323).
Ruslan Ermilov <ru@nginx.com>
parents:
4971
diff
changeset
|
796 ctx->peer.name, &ctx->addr); |
c788e54090de
Mail: IPv6 backends (ticket #323).
Ruslan Ermilov <ru@nginx.com>
parents:
4971
diff
changeset
|
797 /* fall through */ |
c788e54090de
Mail: IPv6 backends (ticket #323).
Ruslan Ermilov <ru@nginx.com>
parents:
4971
diff
changeset
|
798 |
c788e54090de
Mail: IPv6 backends (ticket #323).
Ruslan Ermilov <ru@nginx.com>
parents:
4971
diff
changeset
|
799 default: |
547 | 800 ngx_destroy_pool(ctx->pool); |
1136 | 801 ngx_mail_session_internal_server_error(s); |
527 | 802 return; |
803 } | |
804 | |
805 port = ngx_atoi(ctx->port.data, ctx->port.len); | |
4227 | 806 if (port == NGX_ERROR || port < 1 || port > 65535) { |
527 | 807 ngx_log_error(NGX_LOG_ERR, s->connection->log, 0, |
541 | 808 "auth http server %V sent invalid server " |
809 "port:\"%V\"", | |
884 | 810 ctx->peer.name, &ctx->port); |
547 | 811 ngx_destroy_pool(ctx->pool); |
1136 | 812 ngx_mail_session_internal_server_error(s); |
527 | 813 return; |
814 } | |
815 | |
5134
c788e54090de
Mail: IPv6 backends (ticket #323).
Ruslan Ermilov <ru@nginx.com>
parents:
4971
diff
changeset
|
816 switch (peer->sockaddr->sa_family) { |
527 | 817 |
5134
c788e54090de
Mail: IPv6 backends (ticket #323).
Ruslan Ermilov <ru@nginx.com>
parents:
4971
diff
changeset
|
818 #if (NGX_HAVE_INET6) |
c788e54090de
Mail: IPv6 backends (ticket #323).
Ruslan Ermilov <ru@nginx.com>
parents:
4971
diff
changeset
|
819 case AF_INET6: |
c788e54090de
Mail: IPv6 backends (ticket #323).
Ruslan Ermilov <ru@nginx.com>
parents:
4971
diff
changeset
|
820 sin6 = (struct sockaddr_in6 *) peer->sockaddr; |
c788e54090de
Mail: IPv6 backends (ticket #323).
Ruslan Ermilov <ru@nginx.com>
parents:
4971
diff
changeset
|
821 sin6->sin6_port = htons((in_port_t) port); |
c788e54090de
Mail: IPv6 backends (ticket #323).
Ruslan Ermilov <ru@nginx.com>
parents:
4971
diff
changeset
|
822 break; |
c788e54090de
Mail: IPv6 backends (ticket #323).
Ruslan Ermilov <ru@nginx.com>
parents:
4971
diff
changeset
|
823 #endif |
c788e54090de
Mail: IPv6 backends (ticket #323).
Ruslan Ermilov <ru@nginx.com>
parents:
4971
diff
changeset
|
824 |
c788e54090de
Mail: IPv6 backends (ticket #323).
Ruslan Ermilov <ru@nginx.com>
parents:
4971
diff
changeset
|
825 default: /* AF_INET */ |
c788e54090de
Mail: IPv6 backends (ticket #323).
Ruslan Ermilov <ru@nginx.com>
parents:
4971
diff
changeset
|
826 sin = (struct sockaddr_in *) peer->sockaddr; |
c788e54090de
Mail: IPv6 backends (ticket #323).
Ruslan Ermilov <ru@nginx.com>
parents:
4971
diff
changeset
|
827 sin->sin_port = htons((in_port_t) port); |
c788e54090de
Mail: IPv6 backends (ticket #323).
Ruslan Ermilov <ru@nginx.com>
parents:
4971
diff
changeset
|
828 break; |
527 | 829 } |
830 | |
831 len = ctx->addr.len + 1 + ctx->port.len; | |
832 | |
884 | 833 peer->name.len = len; |
527 | 834 |
2049 | 835 peer->name.data = ngx_pnalloc(s->connection->pool, len); |
884 | 836 if (peer->name.data == NULL) { |
547 | 837 ngx_destroy_pool(ctx->pool); |
1136 | 838 ngx_mail_session_internal_server_error(s); |
527 | 839 return; |
840 } | |
841 | |
842 len = ctx->addr.len; | |
843 | |
884 | 844 ngx_memcpy(peer->name.data, ctx->addr.data, len); |
527 | 845 |
884 | 846 peer->name.data[len++] = ':'; |
527 | 847 |
884 | 848 ngx_memcpy(peer->name.data + len, ctx->port.data, ctx->port.len); |
527 | 849 |
547 | 850 ngx_destroy_pool(ctx->pool); |
1136 | 851 ngx_mail_proxy_init(s, peer); |
527 | 852 |
853 return; | |
854 } | |
855 | |
856 if (rc == NGX_AGAIN ) { | |
857 return; | |
858 } | |
859 | |
860 /* rc == NGX_ERROR */ | |
861 | |
862 ngx_log_error(NGX_LOG_ERR, s->connection->log, 0, | |
541 | 863 "auth http server %V sent invalid header in response", |
884 | 864 ctx->peer.name); |
527 | 865 ngx_close_connection(ctx->peer.connection); |
547 | 866 ngx_destroy_pool(ctx->pool); |
1136 | 867 ngx_mail_session_internal_server_error(s); |
527 | 868 |
869 return; | |
870 } | |
871 } | |
872 | |
521 | 873 |
527 | 874 static void |
1136 | 875 ngx_mail_auth_sleep_handler(ngx_event_t *rev) |
527 | 876 { |
543 | 877 ngx_connection_t *c; |
1136 | 878 ngx_mail_session_t *s; |
879 ngx_mail_core_srv_conf_t *cscf; | |
527 | 880 |
1136 | 881 ngx_log_debug0(NGX_LOG_DEBUG_MAIL, rev->log, 0, "mail auth sleep handler"); |
527 | 882 |
883 c = rev->data; | |
884 s = c->data; | |
885 | |
886 if (rev->timedout) { | |
887 | |
888 rev->timedout = 0; | |
889 | |
883 | 890 if (s->auth_wait) { |
891 s->auth_wait = 0; | |
1136 | 892 ngx_mail_auth_http_init(s); |
883 | 893 return; |
894 } | |
895 | |
1487
f69493e8faab
ngx_mail_pop3_module, ngx_mail_imap_module, and ngx_mail_smtp_module
Igor Sysoev <igor@sysoev.ru>
parents:
1478
diff
changeset
|
896 cscf = ngx_mail_get_module_srv_conf(s, ngx_mail_core_module); |
527 | 897 |
1487
f69493e8faab
ngx_mail_pop3_module, ngx_mail_imap_module, and ngx_mail_smtp_module
Igor Sysoev <igor@sysoev.ru>
parents:
1478
diff
changeset
|
898 rev->handler = cscf->protocol->auth_state; |
f69493e8faab
ngx_mail_pop3_module, ngx_mail_imap_module, and ngx_mail_smtp_module
Igor Sysoev <igor@sysoev.ru>
parents:
1478
diff
changeset
|
899 |
f69493e8faab
ngx_mail_pop3_module, ngx_mail_imap_module, and ngx_mail_smtp_module
Igor Sysoev <igor@sysoev.ru>
parents:
1478
diff
changeset
|
900 s->mail_state = 0; |
1136 | 901 s->auth_method = NGX_MAIL_AUTH_PLAIN; |
800 | 902 |
543 | 903 c->log->action = "in auth state"; |
904 | |
1477 | 905 ngx_mail_send(c->write); |
543 | 906 |
583 | 907 if (c->destroyed) { |
543 | 908 return; |
909 } | |
910 | |
911 ngx_add_timer(rev, cscf->timeout); | |
912 | |
527 | 913 if (rev->ready) { |
1477 | 914 rev->handler(rev); |
527 | 915 return; |
916 } | |
917 | |
2388
722b5aff05ae
use "!= NGX_OK" instead of "== NGX_ERROR"
Igor Sysoev <igor@sysoev.ru>
parents:
2310
diff
changeset
|
918 if (ngx_handle_read_event(rev, 0) != NGX_OK) { |
1477 | 919 ngx_mail_close_connection(c); |
527 | 920 } |
921 | |
922 return; | |
923 } | |
924 | |
925 if (rev->active) { | |
2388
722b5aff05ae
use "!= NGX_OK" instead of "== NGX_ERROR"
Igor Sysoev <igor@sysoev.ru>
parents:
2310
diff
changeset
|
926 if (ngx_handle_read_event(rev, 0) != NGX_OK) { |
1477 | 927 ngx_mail_close_connection(c); |
527 | 928 } |
929 } | |
930 } | |
931 | |
932 | |
933 static ngx_int_t | |
1136 | 934 ngx_mail_auth_http_parse_header_line(ngx_mail_session_t *s, |
935 ngx_mail_auth_http_ctx_t *ctx) | |
527 | 936 { |
937 u_char c, ch, *p; | |
938 enum { | |
939 sw_start = 0, | |
940 sw_name, | |
941 sw_space_before_value, | |
942 sw_value, | |
943 sw_space_after_value, | |
577 | 944 sw_almost_done, |
527 | 945 sw_header_almost_done |
946 } state; | |
947 | |
577 | 948 state = ctx->state; |
527 | 949 |
950 for (p = ctx->response->pos; p < ctx->response->last; p++) { | |
951 ch = *p; | |
952 | |
953 switch (state) { | |
954 | |
955 /* first char */ | |
956 case sw_start: | |
957 | |
958 switch (ch) { | |
959 case CR: | |
577 | 960 ctx->header_end = p; |
527 | 961 state = sw_header_almost_done; |
962 break; | |
577 | 963 case LF: |
527 | 964 ctx->header_end = p; |
965 goto header_done; | |
966 default: | |
967 state = sw_name; | |
968 ctx->header_name_start = p; | |
969 | |
970 c = (u_char) (ch | 0x20); | |
971 if (c >= 'a' && c <= 'z') { | |
972 break; | |
973 } | |
974 | |
975 if (ch >= '0' && ch <= '9') { | |
976 break; | |
977 } | |
978 | |
979 return NGX_ERROR; | |
980 } | |
981 break; | |
982 | |
983 /* header name */ | |
984 case sw_name: | |
985 c = (u_char) (ch | 0x20); | |
986 if (c >= 'a' && c <= 'z') { | |
987 break; | |
988 } | |
989 | |
990 if (ch == ':') { | |
991 ctx->header_name_end = p; | |
992 state = sw_space_before_value; | |
993 break; | |
994 } | |
995 | |
996 if (ch == '-') { | |
997 break; | |
998 } | |
999 | |
1000 if (ch >= '0' && ch <= '9') { | |
1001 break; | |
1002 } | |
1003 | |
1004 if (ch == CR) { | |
1005 ctx->header_name_end = p; | |
1006 ctx->header_start = p; | |
1007 ctx->header_end = p; | |
1008 state = sw_almost_done; | |
1009 break; | |
1010 } | |
1011 | |
1012 if (ch == LF) { | |
1013 ctx->header_name_end = p; | |
1014 ctx->header_start = p; | |
1015 ctx->header_end = p; | |
1016 goto done; | |
1017 } | |
1018 | |
1019 return NGX_ERROR; | |
1020 | |
1021 /* space* before header value */ | |
1022 case sw_space_before_value: | |
1023 switch (ch) { | |
1024 case ' ': | |
1025 break; | |
1026 case CR: | |
1027 ctx->header_start = p; | |
1028 ctx->header_end = p; | |
1029 state = sw_almost_done; | |
1030 break; | |
1031 case LF: | |
1032 ctx->header_start = p; | |
1033 ctx->header_end = p; | |
1034 goto done; | |
1035 default: | |
1036 ctx->header_start = p; | |
1037 state = sw_value; | |
1038 break; | |
1039 } | |
1040 break; | |
1041 | |
1042 /* header value */ | |
1043 case sw_value: | |
1044 switch (ch) { | |
1045 case ' ': | |
1046 ctx->header_end = p; | |
1047 state = sw_space_after_value; | |
1048 break; | |
1049 case CR: | |
1050 ctx->header_end = p; | |
1051 state = sw_almost_done; | |
1052 break; | |
1053 case LF: | |
1054 ctx->header_end = p; | |
1055 goto done; | |
1056 } | |
1057 break; | |
1058 | |
1059 /* space* before end of header line */ | |
1060 case sw_space_after_value: | |
1061 switch (ch) { | |
1062 case ' ': | |
1063 break; | |
1064 case CR: | |
1065 state = sw_almost_done; | |
1066 break; | |
1067 case LF: | |
1068 goto done; | |
1069 default: | |
1070 state = sw_value; | |
1071 break; | |
1072 } | |
1073 break; | |
1074 | |
1075 /* end of header line */ | |
1076 case sw_almost_done: | |
1077 switch (ch) { | |
1078 case LF: | |
1079 goto done; | |
1080 default: | |
1081 return NGX_ERROR; | |
1082 } | |
1083 | |
1084 /* end of header */ | |
1085 case sw_header_almost_done: | |
1086 switch (ch) { | |
1087 case LF: | |
1088 goto header_done; | |
1089 default: | |
1090 return NGX_ERROR; | |
1091 } | |
1092 } | |
1093 } | |
1094 | |
1095 ctx->response->pos = p; | |
1096 ctx->state = state; | |
1097 | |
1098 return NGX_AGAIN; | |
1099 | |
1100 done: | |
1101 | |
1102 ctx->response->pos = p + 1; | |
1103 ctx->state = sw_start; | |
1104 | |
1105 return NGX_OK; | |
1106 | |
1107 header_done: | |
1108 | |
1109 ctx->response->pos = p + 1; | |
1110 ctx->state = sw_start; | |
1111 | |
1112 return NGX_DONE; | |
521 | 1113 } |
1114 | |
1115 | |
1116 static void | |
1136 | 1117 ngx_mail_auth_http_block_read(ngx_event_t *rev) |
521 | 1118 { |
1119 ngx_connection_t *c; | |
1136 | 1120 ngx_mail_session_t *s; |
1121 ngx_mail_auth_http_ctx_t *ctx; | |
521 | 1122 |
1136 | 1123 ngx_log_debug0(NGX_LOG_DEBUG_MAIL, rev->log, 0, |
1124 "mail auth http block read"); | |
521 | 1125 |
2388
722b5aff05ae
use "!= NGX_OK" instead of "== NGX_ERROR"
Igor Sysoev <igor@sysoev.ru>
parents:
2310
diff
changeset
|
1126 if (ngx_handle_read_event(rev, 0) != NGX_OK) { |
521 | 1127 c = rev->data; |
1128 s = c->data; | |
1129 | |
1136 | 1130 ctx = ngx_mail_get_module_ctx(s, ngx_mail_auth_http_module); |
521 | 1131 |
525 | 1132 ngx_close_connection(ctx->peer.connection); |
547 | 1133 ngx_destroy_pool(ctx->pool); |
1136 | 1134 ngx_mail_session_internal_server_error(s); |
521 | 1135 } |
1136 } | |
1137 | |
1138 | |
1139 static void | |
1136 | 1140 ngx_mail_auth_http_dummy_handler(ngx_event_t *ev) |
521 | 1141 { |
1136 | 1142 ngx_log_debug0(NGX_LOG_DEBUG_MAIL, ev->log, 0, |
1143 "mail auth http dummy handler"); | |
521 | 1144 } |
1145 | |
1146 | |
1147 static ngx_buf_t * | |
1136 | 1148 ngx_mail_auth_http_create_request(ngx_mail_session_t *s, ngx_pool_t *pool, |
1149 ngx_mail_auth_http_conf_t *ahcf) | |
521 | 1150 { |
1487
f69493e8faab
ngx_mail_pop3_module, ngx_mail_imap_module, and ngx_mail_smtp_module
Igor Sysoev <igor@sysoev.ru>
parents:
1478
diff
changeset
|
1151 size_t len; |
f69493e8faab
ngx_mail_pop3_module, ngx_mail_imap_module, and ngx_mail_smtp_module
Igor Sysoev <igor@sysoev.ru>
parents:
1478
diff
changeset
|
1152 ngx_buf_t *b; |
f69493e8faab
ngx_mail_pop3_module, ngx_mail_imap_module, and ngx_mail_smtp_module
Igor Sysoev <igor@sysoev.ru>
parents:
1478
diff
changeset
|
1153 ngx_str_t login, passwd; |
5989
ec01b1d1fff1
Mail: client SSL certificates support.
Maxim Dounin <mdounin@mdounin.ru>
parents:
5988
diff
changeset
|
1154 #if (NGX_MAIL_SSL) |
ec01b1d1fff1
Mail: client SSL certificates support.
Maxim Dounin <mdounin@mdounin.ru>
parents:
5988
diff
changeset
|
1155 ngx_str_t verify, subject, issuer, serial, fingerprint, |
ec01b1d1fff1
Mail: client SSL certificates support.
Maxim Dounin <mdounin@mdounin.ru>
parents:
5988
diff
changeset
|
1156 raw_cert, cert; |
ec01b1d1fff1
Mail: client SSL certificates support.
Maxim Dounin <mdounin@mdounin.ru>
parents:
5988
diff
changeset
|
1157 ngx_connection_t *c; |
5990
6a7c6973d6fc
Mail: don't emit Auth-SSL-Verify with disabled ssl_verify_client.
Sergey Kandaurov <pluknet@nginx.com>
parents:
5989
diff
changeset
|
1158 ngx_mail_ssl_conf_t *sslcf; |
5989
ec01b1d1fff1
Mail: client SSL certificates support.
Maxim Dounin <mdounin@mdounin.ru>
parents:
5988
diff
changeset
|
1159 #endif |
1487
f69493e8faab
ngx_mail_pop3_module, ngx_mail_imap_module, and ngx_mail_smtp_module
Igor Sysoev <igor@sysoev.ru>
parents:
1478
diff
changeset
|
1160 ngx_mail_core_srv_conf_t *cscf; |
633 | 1161 |
1136 | 1162 if (ngx_mail_auth_http_escape(pool, &s->login, &login) != NGX_OK) { |
633 | 1163 return NULL; |
1164 } | |
1165 | |
1136 | 1166 if (ngx_mail_auth_http_escape(pool, &s->passwd, &passwd) != NGX_OK) { |
633 | 1167 return NULL; |
1168 } | |
521 | 1169 |
5989
ec01b1d1fff1
Mail: client SSL certificates support.
Maxim Dounin <mdounin@mdounin.ru>
parents:
5988
diff
changeset
|
1170 #if (NGX_MAIL_SSL) |
ec01b1d1fff1
Mail: client SSL certificates support.
Maxim Dounin <mdounin@mdounin.ru>
parents:
5988
diff
changeset
|
1171 |
ec01b1d1fff1
Mail: client SSL certificates support.
Maxim Dounin <mdounin@mdounin.ru>
parents:
5988
diff
changeset
|
1172 c = s->connection; |
5990
6a7c6973d6fc
Mail: don't emit Auth-SSL-Verify with disabled ssl_verify_client.
Sergey Kandaurov <pluknet@nginx.com>
parents:
5989
diff
changeset
|
1173 sslcf = ngx_mail_get_module_srv_conf(s, ngx_mail_ssl_module); |
5989
ec01b1d1fff1
Mail: client SSL certificates support.
Maxim Dounin <mdounin@mdounin.ru>
parents:
5988
diff
changeset
|
1174 |
5990
6a7c6973d6fc
Mail: don't emit Auth-SSL-Verify with disabled ssl_verify_client.
Sergey Kandaurov <pluknet@nginx.com>
parents:
5989
diff
changeset
|
1175 if (c->ssl && sslcf->verify) { |
5989
ec01b1d1fff1
Mail: client SSL certificates support.
Maxim Dounin <mdounin@mdounin.ru>
parents:
5988
diff
changeset
|
1176 |
ec01b1d1fff1
Mail: client SSL certificates support.
Maxim Dounin <mdounin@mdounin.ru>
parents:
5988
diff
changeset
|
1177 /* certificate details */ |
ec01b1d1fff1
Mail: client SSL certificates support.
Maxim Dounin <mdounin@mdounin.ru>
parents:
5988
diff
changeset
|
1178 |
ec01b1d1fff1
Mail: client SSL certificates support.
Maxim Dounin <mdounin@mdounin.ru>
parents:
5988
diff
changeset
|
1179 if (ngx_ssl_get_client_verify(c, pool, &verify) != NGX_OK) { |
ec01b1d1fff1
Mail: client SSL certificates support.
Maxim Dounin <mdounin@mdounin.ru>
parents:
5988
diff
changeset
|
1180 return NULL; |
ec01b1d1fff1
Mail: client SSL certificates support.
Maxim Dounin <mdounin@mdounin.ru>
parents:
5988
diff
changeset
|
1181 } |
ec01b1d1fff1
Mail: client SSL certificates support.
Maxim Dounin <mdounin@mdounin.ru>
parents:
5988
diff
changeset
|
1182 |
ec01b1d1fff1
Mail: client SSL certificates support.
Maxim Dounin <mdounin@mdounin.ru>
parents:
5988
diff
changeset
|
1183 if (ngx_ssl_get_subject_dn(c, pool, &subject) != NGX_OK) { |
ec01b1d1fff1
Mail: client SSL certificates support.
Maxim Dounin <mdounin@mdounin.ru>
parents:
5988
diff
changeset
|
1184 return NULL; |
ec01b1d1fff1
Mail: client SSL certificates support.
Maxim Dounin <mdounin@mdounin.ru>
parents:
5988
diff
changeset
|
1185 } |
ec01b1d1fff1
Mail: client SSL certificates support.
Maxim Dounin <mdounin@mdounin.ru>
parents:
5988
diff
changeset
|
1186 |
ec01b1d1fff1
Mail: client SSL certificates support.
Maxim Dounin <mdounin@mdounin.ru>
parents:
5988
diff
changeset
|
1187 if (ngx_ssl_get_issuer_dn(c, pool, &issuer) != NGX_OK) { |
ec01b1d1fff1
Mail: client SSL certificates support.
Maxim Dounin <mdounin@mdounin.ru>
parents:
5988
diff
changeset
|
1188 return NULL; |
ec01b1d1fff1
Mail: client SSL certificates support.
Maxim Dounin <mdounin@mdounin.ru>
parents:
5988
diff
changeset
|
1189 } |
ec01b1d1fff1
Mail: client SSL certificates support.
Maxim Dounin <mdounin@mdounin.ru>
parents:
5988
diff
changeset
|
1190 |
ec01b1d1fff1
Mail: client SSL certificates support.
Maxim Dounin <mdounin@mdounin.ru>
parents:
5988
diff
changeset
|
1191 if (ngx_ssl_get_serial_number(c, pool, &serial) != NGX_OK) { |
ec01b1d1fff1
Mail: client SSL certificates support.
Maxim Dounin <mdounin@mdounin.ru>
parents:
5988
diff
changeset
|
1192 return NULL; |
ec01b1d1fff1
Mail: client SSL certificates support.
Maxim Dounin <mdounin@mdounin.ru>
parents:
5988
diff
changeset
|
1193 } |
ec01b1d1fff1
Mail: client SSL certificates support.
Maxim Dounin <mdounin@mdounin.ru>
parents:
5988
diff
changeset
|
1194 |
ec01b1d1fff1
Mail: client SSL certificates support.
Maxim Dounin <mdounin@mdounin.ru>
parents:
5988
diff
changeset
|
1195 if (ngx_ssl_get_fingerprint(c, pool, &fingerprint) != NGX_OK) { |
ec01b1d1fff1
Mail: client SSL certificates support.
Maxim Dounin <mdounin@mdounin.ru>
parents:
5988
diff
changeset
|
1196 return NULL; |
ec01b1d1fff1
Mail: client SSL certificates support.
Maxim Dounin <mdounin@mdounin.ru>
parents:
5988
diff
changeset
|
1197 } |
ec01b1d1fff1
Mail: client SSL certificates support.
Maxim Dounin <mdounin@mdounin.ru>
parents:
5988
diff
changeset
|
1198 |
ec01b1d1fff1
Mail: client SSL certificates support.
Maxim Dounin <mdounin@mdounin.ru>
parents:
5988
diff
changeset
|
1199 if (ahcf->pass_client_cert) { |
ec01b1d1fff1
Mail: client SSL certificates support.
Maxim Dounin <mdounin@mdounin.ru>
parents:
5988
diff
changeset
|
1200 |
ec01b1d1fff1
Mail: client SSL certificates support.
Maxim Dounin <mdounin@mdounin.ru>
parents:
5988
diff
changeset
|
1201 /* certificate itself, if configured */ |
ec01b1d1fff1
Mail: client SSL certificates support.
Maxim Dounin <mdounin@mdounin.ru>
parents:
5988
diff
changeset
|
1202 |
ec01b1d1fff1
Mail: client SSL certificates support.
Maxim Dounin <mdounin@mdounin.ru>
parents:
5988
diff
changeset
|
1203 if (ngx_ssl_get_raw_certificate(c, pool, &raw_cert) != NGX_OK) { |
ec01b1d1fff1
Mail: client SSL certificates support.
Maxim Dounin <mdounin@mdounin.ru>
parents:
5988
diff
changeset
|
1204 return NULL; |
ec01b1d1fff1
Mail: client SSL certificates support.
Maxim Dounin <mdounin@mdounin.ru>
parents:
5988
diff
changeset
|
1205 } |
ec01b1d1fff1
Mail: client SSL certificates support.
Maxim Dounin <mdounin@mdounin.ru>
parents:
5988
diff
changeset
|
1206 |
ec01b1d1fff1
Mail: client SSL certificates support.
Maxim Dounin <mdounin@mdounin.ru>
parents:
5988
diff
changeset
|
1207 if (ngx_mail_auth_http_escape(pool, &raw_cert, &cert) != NGX_OK) { |
ec01b1d1fff1
Mail: client SSL certificates support.
Maxim Dounin <mdounin@mdounin.ru>
parents:
5988
diff
changeset
|
1208 return NULL; |
ec01b1d1fff1
Mail: client SSL certificates support.
Maxim Dounin <mdounin@mdounin.ru>
parents:
5988
diff
changeset
|
1209 } |
ec01b1d1fff1
Mail: client SSL certificates support.
Maxim Dounin <mdounin@mdounin.ru>
parents:
5988
diff
changeset
|
1210 |
ec01b1d1fff1
Mail: client SSL certificates support.
Maxim Dounin <mdounin@mdounin.ru>
parents:
5988
diff
changeset
|
1211 } else { |
ec01b1d1fff1
Mail: client SSL certificates support.
Maxim Dounin <mdounin@mdounin.ru>
parents:
5988
diff
changeset
|
1212 ngx_str_null(&cert); |
ec01b1d1fff1
Mail: client SSL certificates support.
Maxim Dounin <mdounin@mdounin.ru>
parents:
5988
diff
changeset
|
1213 } |
ec01b1d1fff1
Mail: client SSL certificates support.
Maxim Dounin <mdounin@mdounin.ru>
parents:
5988
diff
changeset
|
1214 |
ec01b1d1fff1
Mail: client SSL certificates support.
Maxim Dounin <mdounin@mdounin.ru>
parents:
5988
diff
changeset
|
1215 } else { |
ec01b1d1fff1
Mail: client SSL certificates support.
Maxim Dounin <mdounin@mdounin.ru>
parents:
5988
diff
changeset
|
1216 ngx_str_null(&verify); |
ec01b1d1fff1
Mail: client SSL certificates support.
Maxim Dounin <mdounin@mdounin.ru>
parents:
5988
diff
changeset
|
1217 ngx_str_null(&subject); |
ec01b1d1fff1
Mail: client SSL certificates support.
Maxim Dounin <mdounin@mdounin.ru>
parents:
5988
diff
changeset
|
1218 ngx_str_null(&issuer); |
ec01b1d1fff1
Mail: client SSL certificates support.
Maxim Dounin <mdounin@mdounin.ru>
parents:
5988
diff
changeset
|
1219 ngx_str_null(&serial); |
ec01b1d1fff1
Mail: client SSL certificates support.
Maxim Dounin <mdounin@mdounin.ru>
parents:
5988
diff
changeset
|
1220 ngx_str_null(&fingerprint); |
ec01b1d1fff1
Mail: client SSL certificates support.
Maxim Dounin <mdounin@mdounin.ru>
parents:
5988
diff
changeset
|
1221 ngx_str_null(&cert); |
ec01b1d1fff1
Mail: client SSL certificates support.
Maxim Dounin <mdounin@mdounin.ru>
parents:
5988
diff
changeset
|
1222 } |
ec01b1d1fff1
Mail: client SSL certificates support.
Maxim Dounin <mdounin@mdounin.ru>
parents:
5988
diff
changeset
|
1223 |
ec01b1d1fff1
Mail: client SSL certificates support.
Maxim Dounin <mdounin@mdounin.ru>
parents:
5988
diff
changeset
|
1224 #endif |
ec01b1d1fff1
Mail: client SSL certificates support.
Maxim Dounin <mdounin@mdounin.ru>
parents:
5988
diff
changeset
|
1225 |
1487
f69493e8faab
ngx_mail_pop3_module, ngx_mail_imap_module, and ngx_mail_smtp_module
Igor Sysoev <igor@sysoev.ru>
parents:
1478
diff
changeset
|
1226 cscf = ngx_mail_get_module_srv_conf(s, ngx_mail_core_module); |
f69493e8faab
ngx_mail_pop3_module, ngx_mail_imap_module, and ngx_mail_smtp_module
Igor Sysoev <igor@sysoev.ru>
parents:
1478
diff
changeset
|
1227 |
521 | 1228 len = sizeof("GET ") - 1 + ahcf->uri.len + sizeof(" HTTP/1.0" CRLF) - 1 |
1229 + sizeof("Host: ") - 1 + ahcf->host_header.len + sizeof(CRLF) - 1 | |
856
0197d6aae54e
use correct auth method length
Igor Sysoev <igor@sysoev.ru>
parents:
854
diff
changeset
|
1230 + sizeof("Auth-Method: ") - 1 |
1136 | 1231 + ngx_mail_auth_http_method[s->auth_method].len |
856
0197d6aae54e
use correct auth method length
Igor Sysoev <igor@sysoev.ru>
parents:
854
diff
changeset
|
1232 + sizeof(CRLF) - 1 |
633 | 1233 + sizeof("Auth-User: ") - 1 + login.len + sizeof(CRLF) - 1 |
1234 + sizeof("Auth-Pass: ") - 1 + passwd.len + sizeof(CRLF) - 1 | |
800 | 1235 + sizeof("Auth-Salt: ") - 1 + s->salt.len |
1487
f69493e8faab
ngx_mail_pop3_module, ngx_mail_imap_module, and ngx_mail_smtp_module
Igor Sysoev <igor@sysoev.ru>
parents:
1478
diff
changeset
|
1236 + sizeof("Auth-Protocol: ") - 1 + cscf->protocol->name.len |
f69493e8faab
ngx_mail_pop3_module, ngx_mail_imap_module, and ngx_mail_smtp_module
Igor Sysoev <igor@sysoev.ru>
parents:
1478
diff
changeset
|
1237 + sizeof(CRLF) - 1 |
527 | 1238 + sizeof("Auth-Login-Attempt: ") - 1 + NGX_INT_T_LEN |
1239 + sizeof(CRLF) - 1 | |
521 | 1240 + sizeof("Client-IP: ") - 1 + s->connection->addr_text.len |
1241 + sizeof(CRLF) - 1 | |
2309 | 1242 + sizeof("Client-Host: ") - 1 + s->host.len + sizeof(CRLF) - 1 |
5987
62c098eb4509
Mail: fixed buffer allocation for CRLF after Auth-SMTP-* headers.
Maxim Dounin <mdounin@mdounin.ru>
parents:
5685
diff
changeset
|
1243 + sizeof("Auth-SMTP-Helo: ") - 1 + s->smtp_helo.len + sizeof(CRLF) - 1 |
62c098eb4509
Mail: fixed buffer allocation for CRLF after Auth-SMTP-* headers.
Maxim Dounin <mdounin@mdounin.ru>
parents:
5685
diff
changeset
|
1244 + sizeof("Auth-SMTP-From: ") - 1 + s->smtp_from.len + sizeof(CRLF) - 1 |
62c098eb4509
Mail: fixed buffer allocation for CRLF after Auth-SMTP-* headers.
Maxim Dounin <mdounin@mdounin.ru>
parents:
5685
diff
changeset
|
1245 + sizeof("Auth-SMTP-To: ") - 1 + s->smtp_to.len + sizeof(CRLF) - 1 |
5988
3b3f789655dc
Mail: added Auth-SSL header to indicate SSL.
Maxim Dounin <mdounin@mdounin.ru>
parents:
5987
diff
changeset
|
1246 #if (NGX_MAIL_SSL) |
3b3f789655dc
Mail: added Auth-SSL header to indicate SSL.
Maxim Dounin <mdounin@mdounin.ru>
parents:
5987
diff
changeset
|
1247 + sizeof("Auth-SSL: on" CRLF) - 1 |
5989
ec01b1d1fff1
Mail: client SSL certificates support.
Maxim Dounin <mdounin@mdounin.ru>
parents:
5988
diff
changeset
|
1248 + sizeof("Auth-SSL-Verify: ") - 1 + verify.len + sizeof(CRLF) - 1 |
ec01b1d1fff1
Mail: client SSL certificates support.
Maxim Dounin <mdounin@mdounin.ru>
parents:
5988
diff
changeset
|
1249 + sizeof("Auth-SSL-Subject: ") - 1 + subject.len + sizeof(CRLF) - 1 |
ec01b1d1fff1
Mail: client SSL certificates support.
Maxim Dounin <mdounin@mdounin.ru>
parents:
5988
diff
changeset
|
1250 + sizeof("Auth-SSL-Issuer: ") - 1 + issuer.len + sizeof(CRLF) - 1 |
ec01b1d1fff1
Mail: client SSL certificates support.
Maxim Dounin <mdounin@mdounin.ru>
parents:
5988
diff
changeset
|
1251 + sizeof("Auth-SSL-Serial: ") - 1 + serial.len + sizeof(CRLF) - 1 |
ec01b1d1fff1
Mail: client SSL certificates support.
Maxim Dounin <mdounin@mdounin.ru>
parents:
5988
diff
changeset
|
1252 + sizeof("Auth-SSL-Fingerprint: ") - 1 + fingerprint.len |
ec01b1d1fff1
Mail: client SSL certificates support.
Maxim Dounin <mdounin@mdounin.ru>
parents:
5988
diff
changeset
|
1253 + sizeof(CRLF) - 1 |
ec01b1d1fff1
Mail: client SSL certificates support.
Maxim Dounin <mdounin@mdounin.ru>
parents:
5988
diff
changeset
|
1254 + sizeof("Auth-SSL-Cert: ") - 1 + cert.len + sizeof(CRLF) - 1 |
5988
3b3f789655dc
Mail: added Auth-SSL header to indicate SSL.
Maxim Dounin <mdounin@mdounin.ru>
parents:
5987
diff
changeset
|
1255 #endif |
1285
0c10dc6a8e74
fix memory allocation for auth_http_header
Igor Sysoev <igor@sysoev.ru>
parents:
1166
diff
changeset
|
1256 + ahcf->header.len |
521 | 1257 + sizeof(CRLF) - 1; |
1258 | |
547 | 1259 b = ngx_create_temp_buf(pool, len); |
521 | 1260 if (b == NULL) { |
1261 return NULL; | |
1262 } | |
1263 | |
1264 b->last = ngx_cpymem(b->last, "GET ", sizeof("GET ") - 1); | |
573 | 1265 b->last = ngx_copy(b->last, ahcf->uri.data, ahcf->uri.len); |
521 | 1266 b->last = ngx_cpymem(b->last, " HTTP/1.0" CRLF, |
1267 sizeof(" HTTP/1.0" CRLF) - 1); | |
1268 | |
1269 b->last = ngx_cpymem(b->last, "Host: ", sizeof("Host: ") - 1); | |
573 | 1270 b->last = ngx_copy(b->last, ahcf->host_header.data, |
521 | 1271 ahcf->host_header.len); |
1272 *b->last++ = CR; *b->last++ = LF; | |
1273 | |
800 | 1274 b->last = ngx_cpymem(b->last, "Auth-Method: ", |
1275 sizeof("Auth-Method: ") - 1); | |
1276 b->last = ngx_cpymem(b->last, | |
1136 | 1277 ngx_mail_auth_http_method[s->auth_method].data, |
1278 ngx_mail_auth_http_method[s->auth_method].len); | |
800 | 1279 *b->last++ = CR; *b->last++ = LF; |
521 | 1280 |
1281 b->last = ngx_cpymem(b->last, "Auth-User: ", sizeof("Auth-User: ") - 1); | |
633 | 1282 b->last = ngx_copy(b->last, login.data, login.len); |
521 | 1283 *b->last++ = CR; *b->last++ = LF; |
1284 | |
1285 b->last = ngx_cpymem(b->last, "Auth-Pass: ", sizeof("Auth-Pass: ") - 1); | |
633 | 1286 b->last = ngx_copy(b->last, passwd.data, passwd.len); |
521 | 1287 *b->last++ = CR; *b->last++ = LF; |
1288 | |
1136 | 1289 if (s->auth_method != NGX_MAIL_AUTH_PLAIN && s->salt.len) { |
800 | 1290 b->last = ngx_cpymem(b->last, "Auth-Salt: ", sizeof("Auth-Salt: ") - 1); |
1291 b->last = ngx_copy(b->last, s->salt.data, s->salt.len); | |
1292 | |
1293 s->passwd.data = NULL; | |
1294 } | |
1295 | |
521 | 1296 b->last = ngx_cpymem(b->last, "Auth-Protocol: ", |
1297 sizeof("Auth-Protocol: ") - 1); | |
1487
f69493e8faab
ngx_mail_pop3_module, ngx_mail_imap_module, and ngx_mail_smtp_module
Igor Sysoev <igor@sysoev.ru>
parents:
1478
diff
changeset
|
1298 b->last = ngx_cpymem(b->last, cscf->protocol->name.data, |
f69493e8faab
ngx_mail_pop3_module, ngx_mail_imap_module, and ngx_mail_smtp_module
Igor Sysoev <igor@sysoev.ru>
parents:
1478
diff
changeset
|
1299 cscf->protocol->name.len); |
521 | 1300 *b->last++ = CR; *b->last++ = LF; |
1301 | |
527 | 1302 b->last = ngx_sprintf(b->last, "Auth-Login-Attempt: %ui" CRLF, |
1303 s->login_attempt); | |
1304 | |
521 | 1305 b->last = ngx_cpymem(b->last, "Client-IP: ", sizeof("Client-IP: ") - 1); |
573 | 1306 b->last = ngx_copy(b->last, s->connection->addr_text.data, |
2309 | 1307 s->connection->addr_text.len); |
521 | 1308 *b->last++ = CR; *b->last++ = LF; |
1309 | |
2309 | 1310 if (s->host.len) { |
1311 b->last = ngx_cpymem(b->last, "Client-Host: ", | |
1312 sizeof("Client-Host: ") - 1); | |
1313 b->last = ngx_copy(b->last, s->host.data, s->host.len); | |
1314 *b->last++ = CR; *b->last++ = LF; | |
1315 } | |
1316 | |
1317 if (s->auth_method == NGX_MAIL_AUTH_NONE) { | |
1318 | |
1319 /* HELO, MAIL FROM, and RCPT TO can't contain CRLF, no need to escape */ | |
1320 | |
1321 b->last = ngx_cpymem(b->last, "Auth-SMTP-Helo: ", | |
1322 sizeof("Auth-SMTP-Helo: ") - 1); | |
1323 b->last = ngx_copy(b->last, s->smtp_helo.data, s->smtp_helo.len); | |
1324 *b->last++ = CR; *b->last++ = LF; | |
1325 | |
1326 b->last = ngx_cpymem(b->last, "Auth-SMTP-From: ", | |
1327 sizeof("Auth-SMTP-From: ") - 1); | |
1328 b->last = ngx_copy(b->last, s->smtp_from.data, s->smtp_from.len); | |
1329 *b->last++ = CR; *b->last++ = LF; | |
1330 | |
1331 b->last = ngx_cpymem(b->last, "Auth-SMTP-To: ", | |
1332 sizeof("Auth-SMTP-To: ") - 1); | |
1333 b->last = ngx_copy(b->last, s->smtp_to.data, s->smtp_to.len); | |
1334 *b->last++ = CR; *b->last++ = LF; | |
1335 | |
1336 } | |
1337 | |
5988
3b3f789655dc
Mail: added Auth-SSL header to indicate SSL.
Maxim Dounin <mdounin@mdounin.ru>
parents:
5987
diff
changeset
|
1338 #if (NGX_MAIL_SSL) |
3b3f789655dc
Mail: added Auth-SSL header to indicate SSL.
Maxim Dounin <mdounin@mdounin.ru>
parents:
5987
diff
changeset
|
1339 |
5989
ec01b1d1fff1
Mail: client SSL certificates support.
Maxim Dounin <mdounin@mdounin.ru>
parents:
5988
diff
changeset
|
1340 if (c->ssl) { |
5988
3b3f789655dc
Mail: added Auth-SSL header to indicate SSL.
Maxim Dounin <mdounin@mdounin.ru>
parents:
5987
diff
changeset
|
1341 b->last = ngx_cpymem(b->last, "Auth-SSL: on" CRLF, |
3b3f789655dc
Mail: added Auth-SSL header to indicate SSL.
Maxim Dounin <mdounin@mdounin.ru>
parents:
5987
diff
changeset
|
1342 sizeof("Auth-SSL: on" CRLF) - 1); |
5989
ec01b1d1fff1
Mail: client SSL certificates support.
Maxim Dounin <mdounin@mdounin.ru>
parents:
5988
diff
changeset
|
1343 |
5990
6a7c6973d6fc
Mail: don't emit Auth-SSL-Verify with disabled ssl_verify_client.
Sergey Kandaurov <pluknet@nginx.com>
parents:
5989
diff
changeset
|
1344 if (verify.len) { |
6a7c6973d6fc
Mail: don't emit Auth-SSL-Verify with disabled ssl_verify_client.
Sergey Kandaurov <pluknet@nginx.com>
parents:
5989
diff
changeset
|
1345 b->last = ngx_cpymem(b->last, "Auth-SSL-Verify: ", |
6a7c6973d6fc
Mail: don't emit Auth-SSL-Verify with disabled ssl_verify_client.
Sergey Kandaurov <pluknet@nginx.com>
parents:
5989
diff
changeset
|
1346 sizeof("Auth-SSL-Verify: ") - 1); |
6a7c6973d6fc
Mail: don't emit Auth-SSL-Verify with disabled ssl_verify_client.
Sergey Kandaurov <pluknet@nginx.com>
parents:
5989
diff
changeset
|
1347 b->last = ngx_copy(b->last, verify.data, verify.len); |
6a7c6973d6fc
Mail: don't emit Auth-SSL-Verify with disabled ssl_verify_client.
Sergey Kandaurov <pluknet@nginx.com>
parents:
5989
diff
changeset
|
1348 *b->last++ = CR; *b->last++ = LF; |
6a7c6973d6fc
Mail: don't emit Auth-SSL-Verify with disabled ssl_verify_client.
Sergey Kandaurov <pluknet@nginx.com>
parents:
5989
diff
changeset
|
1349 } |
5989
ec01b1d1fff1
Mail: client SSL certificates support.
Maxim Dounin <mdounin@mdounin.ru>
parents:
5988
diff
changeset
|
1350 |
ec01b1d1fff1
Mail: client SSL certificates support.
Maxim Dounin <mdounin@mdounin.ru>
parents:
5988
diff
changeset
|
1351 if (subject.len) { |
ec01b1d1fff1
Mail: client SSL certificates support.
Maxim Dounin <mdounin@mdounin.ru>
parents:
5988
diff
changeset
|
1352 b->last = ngx_cpymem(b->last, "Auth-SSL-Subject: ", |
ec01b1d1fff1
Mail: client SSL certificates support.
Maxim Dounin <mdounin@mdounin.ru>
parents:
5988
diff
changeset
|
1353 sizeof("Auth-SSL-Subject: ") - 1); |
ec01b1d1fff1
Mail: client SSL certificates support.
Maxim Dounin <mdounin@mdounin.ru>
parents:
5988
diff
changeset
|
1354 b->last = ngx_copy(b->last, subject.data, subject.len); |
ec01b1d1fff1
Mail: client SSL certificates support.
Maxim Dounin <mdounin@mdounin.ru>
parents:
5988
diff
changeset
|
1355 *b->last++ = CR; *b->last++ = LF; |
ec01b1d1fff1
Mail: client SSL certificates support.
Maxim Dounin <mdounin@mdounin.ru>
parents:
5988
diff
changeset
|
1356 } |
ec01b1d1fff1
Mail: client SSL certificates support.
Maxim Dounin <mdounin@mdounin.ru>
parents:
5988
diff
changeset
|
1357 |
ec01b1d1fff1
Mail: client SSL certificates support.
Maxim Dounin <mdounin@mdounin.ru>
parents:
5988
diff
changeset
|
1358 if (issuer.len) { |
ec01b1d1fff1
Mail: client SSL certificates support.
Maxim Dounin <mdounin@mdounin.ru>
parents:
5988
diff
changeset
|
1359 b->last = ngx_cpymem(b->last, "Auth-SSL-Issuer: ", |
ec01b1d1fff1
Mail: client SSL certificates support.
Maxim Dounin <mdounin@mdounin.ru>
parents:
5988
diff
changeset
|
1360 sizeof("Auth-SSL-Issuer: ") - 1); |
ec01b1d1fff1
Mail: client SSL certificates support.
Maxim Dounin <mdounin@mdounin.ru>
parents:
5988
diff
changeset
|
1361 b->last = ngx_copy(b->last, issuer.data, issuer.len); |
ec01b1d1fff1
Mail: client SSL certificates support.
Maxim Dounin <mdounin@mdounin.ru>
parents:
5988
diff
changeset
|
1362 *b->last++ = CR; *b->last++ = LF; |
ec01b1d1fff1
Mail: client SSL certificates support.
Maxim Dounin <mdounin@mdounin.ru>
parents:
5988
diff
changeset
|
1363 } |
ec01b1d1fff1
Mail: client SSL certificates support.
Maxim Dounin <mdounin@mdounin.ru>
parents:
5988
diff
changeset
|
1364 |
ec01b1d1fff1
Mail: client SSL certificates support.
Maxim Dounin <mdounin@mdounin.ru>
parents:
5988
diff
changeset
|
1365 if (serial.len) { |
ec01b1d1fff1
Mail: client SSL certificates support.
Maxim Dounin <mdounin@mdounin.ru>
parents:
5988
diff
changeset
|
1366 b->last = ngx_cpymem(b->last, "Auth-SSL-Serial: ", |
ec01b1d1fff1
Mail: client SSL certificates support.
Maxim Dounin <mdounin@mdounin.ru>
parents:
5988
diff
changeset
|
1367 sizeof("Auth-SSL-Serial: ") - 1); |
ec01b1d1fff1
Mail: client SSL certificates support.
Maxim Dounin <mdounin@mdounin.ru>
parents:
5988
diff
changeset
|
1368 b->last = ngx_copy(b->last, serial.data, serial.len); |
ec01b1d1fff1
Mail: client SSL certificates support.
Maxim Dounin <mdounin@mdounin.ru>
parents:
5988
diff
changeset
|
1369 *b->last++ = CR; *b->last++ = LF; |
ec01b1d1fff1
Mail: client SSL certificates support.
Maxim Dounin <mdounin@mdounin.ru>
parents:
5988
diff
changeset
|
1370 } |
ec01b1d1fff1
Mail: client SSL certificates support.
Maxim Dounin <mdounin@mdounin.ru>
parents:
5988
diff
changeset
|
1371 |
ec01b1d1fff1
Mail: client SSL certificates support.
Maxim Dounin <mdounin@mdounin.ru>
parents:
5988
diff
changeset
|
1372 if (fingerprint.len) { |
ec01b1d1fff1
Mail: client SSL certificates support.
Maxim Dounin <mdounin@mdounin.ru>
parents:
5988
diff
changeset
|
1373 b->last = ngx_cpymem(b->last, "Auth-SSL-Fingerprint: ", |
ec01b1d1fff1
Mail: client SSL certificates support.
Maxim Dounin <mdounin@mdounin.ru>
parents:
5988
diff
changeset
|
1374 sizeof("Auth-SSL-Fingerprint: ") - 1); |
ec01b1d1fff1
Mail: client SSL certificates support.
Maxim Dounin <mdounin@mdounin.ru>
parents:
5988
diff
changeset
|
1375 b->last = ngx_copy(b->last, fingerprint.data, fingerprint.len); |
ec01b1d1fff1
Mail: client SSL certificates support.
Maxim Dounin <mdounin@mdounin.ru>
parents:
5988
diff
changeset
|
1376 *b->last++ = CR; *b->last++ = LF; |
ec01b1d1fff1
Mail: client SSL certificates support.
Maxim Dounin <mdounin@mdounin.ru>
parents:
5988
diff
changeset
|
1377 } |
ec01b1d1fff1
Mail: client SSL certificates support.
Maxim Dounin <mdounin@mdounin.ru>
parents:
5988
diff
changeset
|
1378 |
ec01b1d1fff1
Mail: client SSL certificates support.
Maxim Dounin <mdounin@mdounin.ru>
parents:
5988
diff
changeset
|
1379 if (cert.len) { |
ec01b1d1fff1
Mail: client SSL certificates support.
Maxim Dounin <mdounin@mdounin.ru>
parents:
5988
diff
changeset
|
1380 b->last = ngx_cpymem(b->last, "Auth-SSL-Cert: ", |
ec01b1d1fff1
Mail: client SSL certificates support.
Maxim Dounin <mdounin@mdounin.ru>
parents:
5988
diff
changeset
|
1381 sizeof("Auth-SSL-Cert: ") - 1); |
ec01b1d1fff1
Mail: client SSL certificates support.
Maxim Dounin <mdounin@mdounin.ru>
parents:
5988
diff
changeset
|
1382 b->last = ngx_copy(b->last, cert.data, cert.len); |
ec01b1d1fff1
Mail: client SSL certificates support.
Maxim Dounin <mdounin@mdounin.ru>
parents:
5988
diff
changeset
|
1383 *b->last++ = CR; *b->last++ = LF; |
ec01b1d1fff1
Mail: client SSL certificates support.
Maxim Dounin <mdounin@mdounin.ru>
parents:
5988
diff
changeset
|
1384 } |
5988
3b3f789655dc
Mail: added Auth-SSL header to indicate SSL.
Maxim Dounin <mdounin@mdounin.ru>
parents:
5987
diff
changeset
|
1385 } |
3b3f789655dc
Mail: added Auth-SSL header to indicate SSL.
Maxim Dounin <mdounin@mdounin.ru>
parents:
5987
diff
changeset
|
1386 |
3b3f789655dc
Mail: added Auth-SSL header to indicate SSL.
Maxim Dounin <mdounin@mdounin.ru>
parents:
5987
diff
changeset
|
1387 #endif |
3b3f789655dc
Mail: added Auth-SSL header to indicate SSL.
Maxim Dounin <mdounin@mdounin.ru>
parents:
5987
diff
changeset
|
1388 |
573 | 1389 if (ahcf->header.len) { |
1390 b->last = ngx_copy(b->last, ahcf->header.data, ahcf->header.len); | |
1391 } | |
1392 | |
521 | 1393 /* add "\r\n" at the header end */ |
1394 *b->last++ = CR; *b->last++ = LF; | |
1395 | |
1136 | 1396 #if (NGX_DEBUG_MAIL_PASSWD) |
6001
add12ee1d01c
Style: use %*s format, as in 68d21fd1dc64.
Ruslan Ermilov <ru@nginx.com>
parents:
5990
diff
changeset
|
1397 ngx_log_debug2(NGX_LOG_DEBUG_MAIL, s->connection->log, 0, |
add12ee1d01c
Style: use %*s format, as in 68d21fd1dc64.
Ruslan Ermilov <ru@nginx.com>
parents:
5990
diff
changeset
|
1398 "mail auth http header:%N\"%*s\"", |
add12ee1d01c
Style: use %*s format, as in 68d21fd1dc64.
Ruslan Ermilov <ru@nginx.com>
parents:
5990
diff
changeset
|
1399 (size_t) (b->last - b->pos), b->pos); |
521 | 1400 #endif |
1401 | |
1402 return b; | |
1403 } | |
1404 | |
1405 | |
633 | 1406 static ngx_int_t |
1136 | 1407 ngx_mail_auth_http_escape(ngx_pool_t *pool, ngx_str_t *text, ngx_str_t *escaped) |
633 | 1408 { |
1405
fdd064faf26a
escape " ", "%", and %00-%1F in login and password
Igor Sysoev <igor@sysoev.ru>
parents:
1392
diff
changeset
|
1409 u_char *p; |
fdd064faf26a
escape " ", "%", and %00-%1F in login and password
Igor Sysoev <igor@sysoev.ru>
parents:
1392
diff
changeset
|
1410 uintptr_t n; |
633 | 1411 |
1405
fdd064faf26a
escape " ", "%", and %00-%1F in login and password
Igor Sysoev <igor@sysoev.ru>
parents:
1392
diff
changeset
|
1412 n = ngx_escape_uri(NULL, text->data, text->len, NGX_ESCAPE_MAIL_AUTH); |
633 | 1413 |
1414 if (n == 0) { | |
1415 *escaped = *text; | |
1416 return NGX_OK; | |
1417 } | |
1418 | |
1419 escaped->len = text->len + n * 2; | |
1420 | |
2049 | 1421 p = ngx_pnalloc(pool, escaped->len); |
633 | 1422 if (p == NULL) { |
1423 return NGX_ERROR; | |
1424 } | |
1425 | |
1405
fdd064faf26a
escape " ", "%", and %00-%1F in login and password
Igor Sysoev <igor@sysoev.ru>
parents:
1392
diff
changeset
|
1426 (void) ngx_escape_uri(p, text->data, text->len, NGX_ESCAPE_MAIL_AUTH); |
633 | 1427 |
1405
fdd064faf26a
escape " ", "%", and %00-%1F in login and password
Igor Sysoev <igor@sysoev.ru>
parents:
1392
diff
changeset
|
1428 escaped->data = p; |
633 | 1429 |
1430 return NGX_OK; | |
1431 } | |
1432 | |
1433 | |
521 | 1434 static void * |
1136 | 1435 ngx_mail_auth_http_create_conf(ngx_conf_t *cf) |
577 | 1436 { |
1136 | 1437 ngx_mail_auth_http_conf_t *ahcf; |
577 | 1438 |
1136 | 1439 ahcf = ngx_pcalloc(cf->pool, sizeof(ngx_mail_auth_http_conf_t)); |
521 | 1440 if (ahcf == NULL) { |
2912
c7d57b539248
return NULL instead of NGX_CONF_ERROR on a create conf failure
Igor Sysoev <igor@sysoev.ru>
parents:
2855
diff
changeset
|
1441 return NULL; |
521 | 1442 } |
1443 | |
1444 ahcf->timeout = NGX_CONF_UNSET_MSEC; | |
5989
ec01b1d1fff1
Mail: client SSL certificates support.
Maxim Dounin <mdounin@mdounin.ru>
parents:
5988
diff
changeset
|
1445 ahcf->pass_client_cert = NGX_CONF_UNSET; |
521 | 1446 |
1392 | 1447 ahcf->file = cf->conf_file->file.name.data; |
1448 ahcf->line = cf->conf_file->line; | |
1449 | |
521 | 1450 return ahcf; |
1451 } | |
1452 | |
1453 | |
1454 static char * | |
1136 | 1455 ngx_mail_auth_http_merge_conf(ngx_conf_t *cf, void *parent, void *child) |
521 | 1456 { |
1136 | 1457 ngx_mail_auth_http_conf_t *prev = parent; |
1458 ngx_mail_auth_http_conf_t *conf = child; | |
521 | 1459 |
573 | 1460 u_char *p; |
1461 size_t len; | |
1462 ngx_uint_t i; | |
1463 ngx_table_elt_t *header; | |
1464 | |
884 | 1465 if (conf->peer == NULL) { |
1466 conf->peer = prev->peer; | |
521 | 1467 conf->host_header = prev->host_header; |
1468 conf->uri = prev->uri; | |
1392 | 1469 |
1470 if (conf->peer == NULL) { | |
1471 ngx_log_error(NGX_LOG_EMERG, cf->log, 0, | |
4812
785ae4de268b
Corrected the directive name in the ngx_mail_auth_http_module error message.
Ruslan Ermilov <ru@nginx.com>
parents:
4412
diff
changeset
|
1472 "no \"auth_http\" is defined for server in %s:%ui", |
1392 | 1473 conf->file, conf->line); |
1474 | |
1475 return NGX_CONF_ERROR; | |
1476 } | |
521 | 1477 } |
1478 | |
1479 ngx_conf_merge_msec_value(conf->timeout, prev->timeout, 60000); | |
1480 | |
5989
ec01b1d1fff1
Mail: client SSL certificates support.
Maxim Dounin <mdounin@mdounin.ru>
parents:
5988
diff
changeset
|
1481 ngx_conf_merge_value(conf->pass_client_cert, prev->pass_client_cert, 0); |
ec01b1d1fff1
Mail: client SSL certificates support.
Maxim Dounin <mdounin@mdounin.ru>
parents:
5988
diff
changeset
|
1482 |
573 | 1483 if (conf->headers == NULL) { |
1484 conf->headers = prev->headers; | |
1485 conf->header = prev->header; | |
1486 } | |
1487 | |
1488 if (conf->headers && conf->header.len == 0) { | |
1489 len = 0; | |
1490 header = conf->headers->elts; | |
1491 for (i = 0; i < conf->headers->nelts; i++) { | |
1492 len += header[i].key.len + 2 + header[i].value.len + 2; | |
1493 } | |
1494 | |
2049 | 1495 p = ngx_pnalloc(cf->pool, len); |
573 | 1496 if (p == NULL) { |
1497 return NGX_CONF_ERROR; | |
1498 } | |
1499 | |
1500 conf->header.len = len; | |
1501 conf->header.data = p; | |
1502 | |
1503 for (i = 0; i < conf->headers->nelts; i++) { | |
1504 p = ngx_cpymem(p, header[i].key.data, header[i].key.len); | |
1505 *p++ = ':'; *p++ = ' '; | |
1506 p = ngx_cpymem(p, header[i].value.data, header[i].value.len); | |
1507 *p++ = CR; *p++ = LF; | |
1508 } | |
1509 } | |
1510 | |
521 | 1511 return NGX_CONF_OK; |
1512 } | |
1513 | |
1514 | |
1515 static char * | |
1136 | 1516 ngx_mail_auth_http(ngx_conf_t *cf, ngx_command_t *cmd, void *conf) |
577 | 1517 { |
1136 | 1518 ngx_mail_auth_http_conf_t *ahcf = conf; |
521 | 1519 |
805
8ee450f30c25
now the "auth_http" directive uses ngx_parse_url()
Igor Sysoev <igor@sysoev.ru>
parents:
800
diff
changeset
|
1520 ngx_str_t *value; |
8ee450f30c25
now the "auth_http" directive uses ngx_parse_url()
Igor Sysoev <igor@sysoev.ru>
parents:
800
diff
changeset
|
1521 ngx_url_t u; |
573 | 1522 |
521 | 1523 value = cf->args->elts; |
1524 | |
805
8ee450f30c25
now the "auth_http" directive uses ngx_parse_url()
Igor Sysoev <igor@sysoev.ru>
parents:
800
diff
changeset
|
1525 ngx_memzero(&u, sizeof(ngx_url_t)); |
521 | 1526 |
805
8ee450f30c25
now the "auth_http" directive uses ngx_parse_url()
Igor Sysoev <igor@sysoev.ru>
parents:
800
diff
changeset
|
1527 u.url = value[1]; |
906 | 1528 u.default_port = 80; |
805
8ee450f30c25
now the "auth_http" directive uses ngx_parse_url()
Igor Sysoev <igor@sysoev.ru>
parents:
800
diff
changeset
|
1529 u.uri_part = 1; |
577 | 1530 |
1391
4eed21047e4d
allow "http://" in auth_http URL
Igor Sysoev <igor@sysoev.ru>
parents:
1390
diff
changeset
|
1531 if (ngx_strncmp(u.url.data, "http://", 7) == 0) { |
4eed21047e4d
allow "http://" in auth_http URL
Igor Sysoev <igor@sysoev.ru>
parents:
1390
diff
changeset
|
1532 u.url.len -= 7; |
4eed21047e4d
allow "http://" in auth_http URL
Igor Sysoev <igor@sysoev.ru>
parents:
1390
diff
changeset
|
1533 u.url.data += 7; |
4eed21047e4d
allow "http://" in auth_http URL
Igor Sysoev <igor@sysoev.ru>
parents:
1390
diff
changeset
|
1534 } |
4eed21047e4d
allow "http://" in auth_http URL
Igor Sysoev <igor@sysoev.ru>
parents:
1390
diff
changeset
|
1535 |
1559
fe11e2a3946d
use pool instead of ngx_conf_t
Igor Sysoev <igor@sysoev.ru>
parents:
1487
diff
changeset
|
1536 if (ngx_parse_url(cf->pool, &u) != NGX_OK) { |
805
8ee450f30c25
now the "auth_http" directive uses ngx_parse_url()
Igor Sysoev <igor@sysoev.ru>
parents:
800
diff
changeset
|
1537 if (u.err) { |
8ee450f30c25
now the "auth_http" directive uses ngx_parse_url()
Igor Sysoev <igor@sysoev.ru>
parents:
800
diff
changeset
|
1538 ngx_conf_log_error(NGX_LOG_EMERG, cf, 0, |
8ee450f30c25
now the "auth_http" directive uses ngx_parse_url()
Igor Sysoev <igor@sysoev.ru>
parents:
800
diff
changeset
|
1539 "%s in auth_http \"%V\"", u.err, &u.url); |
8ee450f30c25
now the "auth_http" directive uses ngx_parse_url()
Igor Sysoev <igor@sysoev.ru>
parents:
800
diff
changeset
|
1540 } |
1390 | 1541 |
1542 return NGX_CONF_ERROR; | |
805
8ee450f30c25
now the "auth_http" directive uses ngx_parse_url()
Igor Sysoev <igor@sysoev.ru>
parents:
800
diff
changeset
|
1543 } |
521 | 1544 |
884 | 1545 ahcf->peer = u.addrs; |
521 | 1546 |
3406
a2a5812cf4f4
use "localhost" in "Host" header line, if unix socket is used in "auth_http"
Igor Sysoev <igor@sysoev.ru>
parents:
3269
diff
changeset
|
1547 if (u.family != AF_UNIX) { |
a2a5812cf4f4
use "localhost" in "Host" header line, if unix socket is used in "auth_http"
Igor Sysoev <igor@sysoev.ru>
parents:
3269
diff
changeset
|
1548 ahcf->host_header = u.host; |
a2a5812cf4f4
use "localhost" in "Host" header line, if unix socket is used in "auth_http"
Igor Sysoev <igor@sysoev.ru>
parents:
3269
diff
changeset
|
1549 |
a2a5812cf4f4
use "localhost" in "Host" header line, if unix socket is used in "auth_http"
Igor Sysoev <igor@sysoev.ru>
parents:
3269
diff
changeset
|
1550 } else { |
3516
dd1570b6f237
ngx_str_set() and ngx_str_null()
Igor Sysoev <igor@sysoev.ru>
parents:
3406
diff
changeset
|
1551 ngx_str_set(&ahcf->host_header, "localhost"); |
3406
a2a5812cf4f4
use "localhost" in "Host" header line, if unix socket is used in "auth_http"
Igor Sysoev <igor@sysoev.ru>
parents:
3269
diff
changeset
|
1552 } |
a2a5812cf4f4
use "localhost" in "Host" header line, if unix socket is used in "auth_http"
Igor Sysoev <igor@sysoev.ru>
parents:
3269
diff
changeset
|
1553 |
805
8ee450f30c25
now the "auth_http" directive uses ngx_parse_url()
Igor Sysoev <igor@sysoev.ru>
parents:
800
diff
changeset
|
1554 ahcf->uri = u.uri; |
521 | 1555 |
559 | 1556 if (ahcf->uri.len == 0) { |
3516
dd1570b6f237
ngx_str_set() and ngx_str_null()
Igor Sysoev <igor@sysoev.ru>
parents:
3406
diff
changeset
|
1557 ngx_str_set(&ahcf->uri, "/"); |
555 | 1558 } |
1559 | |
521 | 1560 return NGX_CONF_OK; |
1561 } | |
573 | 1562 |
1563 | |
1564 static char * | |
1136 | 1565 ngx_mail_auth_http_header(ngx_conf_t *cf, ngx_command_t *cmd, void *conf) |
577 | 1566 { |
1136 | 1567 ngx_mail_auth_http_conf_t *ahcf = conf; |
573 | 1568 |
1569 ngx_str_t *value; | |
1570 ngx_table_elt_t *header; | |
1571 | |
1572 if (ahcf->headers == NULL) { | |
1573 ahcf->headers = ngx_array_create(cf->pool, 1, sizeof(ngx_table_elt_t)); | |
1574 if (ahcf->headers == NULL) { | |
1575 return NGX_CONF_ERROR; | |
1576 } | |
1577 } | |
1578 | |
1579 header = ngx_array_push(ahcf->headers); | |
1580 if (header == NULL) { | |
1581 return NGX_CONF_ERROR; | |
1582 } | |
1583 | |
1584 value = cf->args->elts; | |
1585 | |
1586 header->key = value[1]; | |
1587 header->value = value[2]; | |
1588 | |
1589 return NGX_CONF_OK; | |
1590 } |