Mercurial > hg > nginx-ranges

comparison src/mail/ngx_mail_handler.c @ 336:1c519aff5c0c NGINX_0_6_12

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
nginx 0.6.12 *) Change: mail proxy was split on three modules: pop3, imap and smtp. *) Feature: the --without-mail_pop3_module, --without-mail_imap_module, and --without-mail_smtp_module configuration parameters. *) Feature: the "smtp_greeting_delay" and "smtp_client_buffer" directives of the ngx_mail_smtp_module. *) Bugfix: the trailing wildcards did not work; bug appeared in 0.6.9. *) Bugfix: nginx could not start on Solaris if the shared PCRE library located in non-standard place was used. *) Bugfix: the "proxy_hide_header" and "fastcgi_hide_header" directives did not hide response header lines whose name was longer than 32 characters. Thanks to Manlio Perillo.
author Igor Sysoev <http://sysoev.ru>
date Fri, 21 Sep 2007 00:00:00 +0400
parents d16d691432c9
children b743d290eb3b
comparison
equal deleted inserted replaced
335:9a32ae248b7a 336:1c519aff5c0c
9 #include <ngx_event.h> 9 #include <ngx_event.h>
10 #include <ngx_mail.h> 10 #include <ngx_mail.h>
11 11
12 12
13 static void ngx_mail_init_session(ngx_connection_t *c); 13 static void ngx_mail_init_session(ngx_connection_t *c);
14 static void ngx_mail_init_protocol(ngx_event_t *rev);
15 static ngx_int_t ngx_mail_decode_auth_plain(ngx_mail_session_t *s,
16 ngx_str_t *encoded);
17 static void ngx_mail_do_auth(ngx_mail_session_t *s);
18 static ngx_int_t ngx_mail_read_command(ngx_mail_session_t *s);
19 static u_char *ngx_mail_log_error(ngx_log_t *log, u_char *buf, size_t len);
20 14
21 #if (NGX_MAIL_SSL) 15 #if (NGX_MAIL_SSL)
22 static void ngx_mail_ssl_init_connection(ngx_ssl_t *ssl, ngx_connection_t *c); 16 static void ngx_mail_ssl_init_connection(ngx_ssl_t *ssl, ngx_connection_t *c);
23 static void ngx_mail_ssl_handshake_handler(ngx_connection_t *c); 17 static void ngx_mail_ssl_handshake_handler(ngx_connection_t *c);
24 #endif 18 #endif
25
26
27 static ngx_str_t greetings[] = {
28 ngx_string("+OK POP3 ready" CRLF),
29 ngx_string("* OK IMAP4 ready" CRLF)
30 /* SMTP greeting */
31 };
32
33 static ngx_str_t internal_server_errors[] = {
34 ngx_string("-ERR internal server error" CRLF),
35 ngx_string("* BAD internal server error" CRLF),
36 ngx_string("451 4.3.2 Internal server error" CRLF),
37 };
38
39 static u_char pop3_ok[] = "+OK" CRLF;
40 static u_char pop3_next[] = "+ " CRLF;
41 static u_char pop3_username[] = "+ VXNlcm5hbWU6" CRLF;
42 static u_char pop3_password[] = "+ UGFzc3dvcmQ6" CRLF;
43 static u_char pop3_invalid_command[] = "-ERR invalid command" CRLF;
44
45 static u_char imap_star[] = "* ";
46 static u_char imap_ok[] = "OK completed" CRLF;
47 static u_char imap_next[] = "+ OK" CRLF;
48 static u_char imap_bye[] = "* BYE" CRLF;
49 static u_char imap_invalid_command[] = "BAD invalid command" CRLF;
50
51 static u_char smtp_ok[] = "250 2.0.0 OK" CRLF;
52 static u_char smtp_bye[] = "221 2.0.0 Bye" CRLF;
53 static u_char smtp_next[] = "334 " CRLF;
54 static u_char smtp_username[] = "334 VXNlcm5hbWU6" CRLF;
55 static u_char smtp_password[] = "334 UGFzc3dvcmQ6" CRLF;
56 static u_char smtp_invalid_command[] = "500 5.5.1 Invalid command" CRLF;
57 static u_char smtp_invalid_argument[] = "501 5.5.4 Invalid argument" CRLF;
58 static u_char smtp_auth_required[] = "530 5.7.1 Authentication required" CRLF;
59 19
60 20
61 void 21 void
62 ngx_mail_init_connection(ngx_connection_t *c) 22 ngx_mail_init_connection(ngx_connection_t *c)
63 { 23 {
170 } 130 }
171 131
172 132
173 #if (NGX_MAIL_SSL) 133 #if (NGX_MAIL_SSL)
174 134
175 static void 135 void
176 ngx_mail_starttls_handler(ngx_event_t *rev) 136 ngx_mail_starttls_handler(ngx_event_t *rev)
177 { 137 {
178 ngx_connection_t *c; 138 ngx_connection_t *c;
179 ngx_mail_session_t *s; 139 ngx_mail_session_t *s;
180 ngx_mail_ssl_conf_t *sslcf; 140 ngx_mail_ssl_conf_t *sslcf;
220 180
221 181
222 static void 182 static void
223 ngx_mail_ssl_handshake_handler(ngx_connection_t *c) 183 ngx_mail_ssl_handshake_handler(ngx_connection_t *c)
224 { 184 {
225 ngx_mail_session_t *s; 185 ngx_mail_session_t *s;
186 ngx_mail_core_srv_conf_t *cscf;
226 187
227 if (c->ssl->handshaked) { 188 if (c->ssl->handshaked) {
228 189
229 s = c->data; 190 s = c->data;
230 191
231 if (s->starttls) { 192 if (s->starttls) {
232 c->read->handler = ngx_mail_init_protocol; 193 cscf = ngx_mail_get_module_srv_conf(s, ngx_mail_core_module);
194
195 c->read->handler = cscf->protocol->init_protocol;
233 c->write->handler = ngx_mail_send; 196 c->write->handler = ngx_mail_send;
234 197
235 ngx_mail_init_protocol(c->read); 198 cscf->protocol->init_protocol(c->read);
236 199
237 return; 200 return;
238 } 201 }
239 202
240 ngx_mail_init_session(c); 203 ngx_mail_init_session(c);
248 211
249 212
250 static void 213 static void
251 ngx_mail_init_session(ngx_connection_t *c) 214 ngx_mail_init_session(ngx_connection_t *c)
252 { 215 {
253 u_char *p;
254 ngx_mail_session_t *s; 216 ngx_mail_session_t *s;
255 ngx_mail_core_srv_conf_t *cscf; 217 ngx_mail_core_srv_conf_t *cscf;
256 218
257 c->read->handler = ngx_mail_init_protocol;
258 c->write->handler = ngx_mail_send;
259
260 s = c->data; 219 s = c->data;
261 220
262 cscf = ngx_mail_get_module_srv_conf(s, ngx_mail_core_module); 221 cscf = ngx_mail_get_module_srv_conf(s, ngx_mail_core_module);
263 222
264 s->protocol = cscf->protocol; 223 s->protocol = cscf->protocol->type;
265 224
266 s->ctx = ngx_pcalloc(c->pool, sizeof(void *) * ngx_mail_max_module); 225 s->ctx = ngx_pcalloc(c->pool, sizeof(void *) * ngx_mail_max_module);
267 if (s->ctx == NULL) { 226 if (s->ctx == NULL) {
268 ngx_mail_session_internal_server_error(s); 227 ngx_mail_session_internal_server_error(s);
269 return; 228 return;
270 } 229 }
271 230
272 if (s->protocol == NGX_MAIL_SMTP_PROTOCOL) { 231 c->write->handler = ngx_mail_send;
273 s->out = cscf->smtp_greeting; 232
274 233 cscf->protocol->init_session(s, c);
275 } else { 234 }
276 s->out = greetings[s->protocol]; 235
277 } 236
278 237 ngx_int_t
279 if ((s->protocol == NGX_MAIL_POP3_PROTOCOL 238 ngx_mail_salt(ngx_mail_session_t *s, ngx_connection_t *c,
280 && (cscf->pop3_auth_methods 239 ngx_mail_core_srv_conf_t *cscf)
281 & (NGX_MAIL_AUTH_APOP_ENABLED|NGX_MAIL_AUTH_CRAM_MD5_ENABLED))) 240 {
282 241 s->salt.data = ngx_palloc(c->pool,
283 || (s->protocol == NGX_MAIL_IMAP_PROTOCOL 242 sizeof(" <18446744073709551616.@>" CRLF) - 1
284 && (cscf->imap_auth_methods & NGX_MAIL_AUTH_CRAM_MD5_ENABLED)) 243 + NGX_TIME_T_LEN
285 244 + cscf->server_name.len);
286 || (s->protocol == NGX_MAIL_SMTP_PROTOCOL 245 if (s->salt.data == NULL) {
287 && (cscf->smtp_auth_methods & NGX_MAIL_AUTH_CRAM_MD5_ENABLED))) 246 return NGX_ERROR;
288 { 247 }
289 s->salt.data = ngx_palloc(c->pool, 248
290 sizeof(" <18446744073709551616.@>" CRLF) - 1 249 s->salt.len = ngx_sprintf(s->salt.data, "<%ul.%T@%V>" CRLF,
291 + NGX_TIME_T_LEN 250 ngx_random(), ngx_time(), &cscf->server_name)
292 + cscf->server_name.len); 251 - s->salt.data;
293 if (s->salt.data == NULL) { 252
294 ngx_mail_session_internal_server_error(s); 253 return NGX_OK;
295 return; 254 }
296 } 255
297 256
298 s->salt.len = ngx_sprintf(s->salt.data, "<%ul.%T@%V>" CRLF, 257 #if (NGX_MAIL_SSL)
299 ngx_random(), ngx_time(), &cscf->server_name) 258
300 - s->salt.data; 259 ngx_int_t
301 260 ngx_mail_starttls_only(ngx_mail_session_t *s, ngx_connection_t *c)
302 if (s->protocol == NGX_MAIL_POP3_PROTOCOL) { 261 {
303 s->out.data = ngx_palloc(c->pool, 262 ngx_mail_ssl_conf_t *sslcf;
304 greetings[0].len + 1 + s->salt.len); 263
305 if (s->out.data == NULL) { 264 if (c->ssl) {
306 ngx_mail_session_internal_server_error(s); 265 return 0;
307 return; 266 }
308 } 267
309 268 sslcf = ngx_mail_get_module_srv_conf(s, ngx_mail_ssl_module);
310 p = ngx_cpymem(s->out.data, 269
311 greetings[0].data, greetings[0].len - 2); 270 if (sslcf->starttls == NGX_MAIL_STARTTLS_ONLY) {
312 *p++ = ' '; 271 return 1;
313 p = ngx_cpymem(p, s->salt.data, s->salt.len); 272 }
314 273
315 s->out.len = p - s->out.data; 274 return 0;
316 } 275 }
317 } 276
318 277 #endif
319 ngx_add_timer(c->read, cscf->timeout); 278
320 279
321 if (ngx_handle_read_event(c->read, 0) == NGX_ERROR) { 280 ngx_int_t
322 ngx_mail_close_connection(c); 281 ngx_mail_auth_plain(ngx_mail_session_t *s, ngx_connection_t *c, ngx_uint_t n)
323 } 282 {
324 283 u_char *p, *last;
325 ngx_mail_send(c->write); 284 ngx_str_t *arg, plain;
285
286 arg = s->args.elts;
287
288 #if (NGX_DEBUG_MAIL_PASSWD)
289 ngx_log_debug1(NGX_LOG_DEBUG_MAIL, c->log, 0,
290 "mail auth plain: \"%V\"", &arg[n]);
291 #endif
292
293 plain.data = ngx_palloc(c->pool, ngx_base64_decoded_length(arg[n].len));
294 if (plain.data == NULL){
295 return NGX_ERROR;
296 }
297
298 if (ngx_decode_base64(&plain, &arg[n]) != NGX_OK) {
299 ngx_log_error(NGX_LOG_INFO, c->log, 0,
300 "client sent invalid base64 encoding in AUTH PLAIN command");
301 return NGX_MAIL_PARSE_INVALID_COMMAND;
302 }
303
304 p = plain.data;
305 last = p + plain.len;
306
307 while (p < last && *p++) { /* void */ }
308
309 if (p == last) {
310 ngx_log_error(NGX_LOG_INFO, c->log, 0,
311 "client sent invalid login in AUTH PLAIN command");
312 return NGX_MAIL_PARSE_INVALID_COMMAND;
313 }
314
315 s->login.data = p;
316
317 while (p < last && *p) { p++; }
318
319 if (p == last) {
320 ngx_log_error(NGX_LOG_INFO, c->log, 0,
321 "client sent invalid password in AUTH PLAIN command");
322 return NGX_MAIL_PARSE_INVALID_COMMAND;
323 }
324
325 s->login.len = p++ - s->login.data;
326
327 s->passwd.len = last - p;
328 s->passwd.data = p;
329
330 #if (NGX_DEBUG_MAIL_PASSWD)
331 ngx_log_debug2(NGX_LOG_DEBUG_MAIL, c->log, 0,
332 "mail auth plain: \"%V\" \"%V\"", &s->login, &s->passwd);
333 #endif
334
335 return NGX_DONE;
336 }
337
338
339 ngx_int_t
340 ngx_mail_auth_login_username(ngx_mail_session_t *s, ngx_connection_t *c)
341 {
342 ngx_str_t *arg;
343
344 arg = s->args.elts;
345
346 ngx_log_debug1(NGX_LOG_DEBUG_MAIL, c->log, 0,
347 "mail auth login username: \"%V\"", &arg[0]);
348
349 s->login.data = ngx_palloc(c->pool, ngx_base64_decoded_length(arg[0].len));
350 if (s->login.data == NULL){
351 return NGX_ERROR;
352 }
353
354 if (ngx_decode_base64(&s->login, &arg[0]) != NGX_OK) {
355 ngx_log_error(NGX_LOG_INFO, c->log, 0,
356 "client sent invalid base64 encoding in AUTH LOGIN command");
357 return NGX_MAIL_PARSE_INVALID_COMMAND;
358 }
359
360 ngx_log_debug1(NGX_LOG_DEBUG_MAIL, c->log, 0,
361 "mail auth login username: \"%V\"", &s->login);
362
363 return NGX_OK;
364 }
365
366
367 ngx_int_t
368 ngx_mail_auth_login_password(ngx_mail_session_t *s, ngx_connection_t *c)
369 {
370 ngx_str_t *arg;
371
372 arg = s->args.elts;
373
374 #if (NGX_DEBUG_MAIL_PASSWD)
375 ngx_log_debug1(NGX_LOG_DEBUG_MAIL, c->log, 0,
376 "mail auth login password: \"%V\"", &arg[0]);
377 #endif
378
379 s->passwd.data = ngx_palloc(c->pool, ngx_base64_decoded_length(arg[0].len));
380 if (s->passwd.data == NULL){
381 return NGX_ERROR;
382 }
383
384 if (ngx_decode_base64(&s->passwd, &arg[0]) != NGX_OK) {
385 ngx_log_error(NGX_LOG_INFO, c->log, 0,
386 "client sent invalid base64 encoding in AUTH LOGIN command");
387 return NGX_MAIL_PARSE_INVALID_COMMAND;
388 }
389
390 #if (NGX_DEBUG_MAIL_PASSWD)
391 ngx_log_debug1(NGX_LOG_DEBUG_MAIL, c->log, 0,
392 "mail auth login password: \"%V\"", &s->passwd);
393 #endif
394
395 return NGX_DONE;
396 }
397
398
399 ngx_int_t
400 ngx_mail_auth_cram_md5_salt(ngx_mail_session_t *s, ngx_connection_t *c,
401 char *prefix, size_t len)
402 {
403 u_char *p;
404 ngx_str_t salt;
405 ngx_uint_t n;
406
407 p = ngx_palloc(c->pool, len + ngx_base64_encoded_length(s->salt.len) + 2);
408 if (p == NULL) {
409 return NGX_ERROR;
410 }
411
412 salt.data = ngx_cpymem(p, prefix, len);
413 s->salt.len -= 2;
414
415 ngx_encode_base64(&salt, &s->salt);
416
417 s->salt.len += 2;
418 n = len + salt.len;
419 p[n++] = CR; p[n++] = LF;
420
421 s->out.len = n;
422 s->out.data = p;
423
424 return NGX_OK;
425 }
426
427
428 ngx_int_t
429 ngx_mail_auth_cram_md5(ngx_mail_session_t *s, ngx_connection_t *c)
430 {
431 u_char *p, *last;
432 ngx_str_t *arg;
433
434 arg = s->args.elts;
435
436 ngx_log_debug1(NGX_LOG_DEBUG_MAIL, c->log, 0,
437 "mail auth cram-md5: \"%V\"", &arg[0]);
438
439 s->login.data = ngx_palloc(c->pool, ngx_base64_decoded_length(arg[0].len));
440 if (s->login.data == NULL){
441 return NGX_ERROR;
442 }
443
444 if (ngx_decode_base64(&s->login, &arg[0]) != NGX_OK) {
445 ngx_log_error(NGX_LOG_INFO, c->log, 0,
446 "client sent invalid base64 encoding in AUTH CRAM-MD5 command");
447 return NGX_MAIL_PARSE_INVALID_COMMAND;
448 }
449
450 p = s->login.data;
451 last = p + s->login.len;
452
453 while (p < last) {
454 if (*p++ == ' ') {
455 s->login.len = p - s->login.data - 1;
456 s->passwd.len = last - p;
457 s->passwd.data = p;
458 break;
459 }
460 }
461
462 if (s->passwd.len != 32) {
463 ngx_log_error(NGX_LOG_INFO, c->log, 0,
464 "client sent invalid CRAM-MD5 hash in AUTH CRAM-MD5 command");
465 return NGX_MAIL_PARSE_INVALID_COMMAND;
466 }
467
468 ngx_log_debug2(NGX_LOG_DEBUG_MAIL, c->log, 0,
469 "mail auth cram-md5: \"%V\" \"%V\"", &s->login, &s->passwd);
470
471 s->auth_method = NGX_MAIL_AUTH_CRAM_MD5;
472
473 return NGX_DONE;
326 } 474 }
327 475
328 476
329 void 477 void
330 ngx_mail_send(ngx_event_t *wev) 478 ngx_mail_send(ngx_event_t *wev)
389 return; 537 return;
390 } 538 }
391 } 539 }
392 540
393 541
394 static void 542 ngx_int_t
395 ngx_mail_init_protocol(ngx_event_t *rev) 543 ngx_mail_read_command(ngx_mail_session_t *s, ngx_connection_t *c)
396 { 544 {
397 size_t size; 545 ssize_t n;
398 ngx_connection_t *c; 546 ngx_int_t rc;
399 ngx_mail_session_t *s; 547 ngx_str_t l;
400 ngx_mail_core_srv_conf_t *cscf; 548 ngx_mail_core_srv_conf_t *cscf;
401 549
402 c = rev->data; 550 n = c->recv(c, s->buffer->last, s->buffer->end - s->buffer->last);
403 551
404 c->log->action = "in auth state"; 552 if (n == NGX_ERROR || n == 0) {
405
406 if (rev->timedout) {
407 ngx_log_error(NGX_LOG_INFO, c->log, NGX_ETIMEDOUT, "client timed out");
408 c->timedout = 1;
409 ngx_mail_close_connection(c); 553 ngx_mail_close_connection(c);
410 return; 554 return NGX_ERROR;
411 } 555 }
412 556
413 s = c->data; 557 if (n > 0) {
414 558 s->buffer->last += n;
415 switch (s->protocol) { 559 }
416 560
417 case NGX_MAIL_POP3_PROTOCOL: 561 if (n == NGX_AGAIN) {
418 size = 128; 562 if (ngx_handle_read_event(c->read, 0) == NGX_ERROR) {
419 s->mail_state = ngx_pop3_start;
420 c->read->handler = ngx_pop3_auth_state;
421 break;
422
423 case NGX_MAIL_IMAP_PROTOCOL:
424 cscf = ngx_mail_get_module_srv_conf(s, ngx_mail_core_module);
425 size = cscf->imap_client_buffer_size;
426 s->mail_state = ngx_imap_start;
427 c->read->handler = ngx_imap_auth_state;
428 break;
429
430 default: /* NGX_MAIL_SMTP_PROTOCOL */
431 size = 512;
432 s->mail_state = ngx_smtp_start;
433 c->read->handler = ngx_smtp_auth_state;
434 break;
435 }
436
437 if (s->buffer == NULL) {
438 if (ngx_array_init(&s->args, c->pool, 2, sizeof(ngx_str_t))
439 == NGX_ERROR)
440 {
441 ngx_mail_session_internal_server_error(s); 563 ngx_mail_session_internal_server_error(s);
442 return; 564 return NGX_ERROR;
443 } 565 }
444 566
445 s->buffer = ngx_create_temp_buf(c->pool, size); 567 return NGX_AGAIN;
446 if (s->buffer == NULL) { 568 }
447 ngx_mail_session_internal_server_error(s); 569
448 return; 570 cscf = ngx_mail_get_module_srv_conf(s, ngx_mail_core_module);
449 } 571
450 } 572 rc = cscf->protocol->parse_command(s);
451 573
452 c->read->handler(rev); 574 if (rc == NGX_AGAIN) {
575
576 if (s->buffer->last < s->buffer->end) {
577 return rc;
578 }
579
580 l.len = s->buffer->last - s->buffer->start;
581 l.data = s->buffer->start;
582
583 ngx_log_error(NGX_LOG_INFO, c->log, 0,
584 "client sent too long command \"%V\"", &l);
585
586 s->quit = 1;
587
588 return NGX_MAIL_PARSE_INVALID_COMMAND;
589 }
590
591 if (rc == NGX_IMAP_NEXT || rc == NGX_MAIL_PARSE_INVALID_COMMAND) {
592 return rc;
593 }
594
595 if (rc == NGX_ERROR) {
596 ngx_mail_close_connection(c);
597 return NGX_ERROR;
598 }
599
600 return NGX_OK;
453 } 601 }
454 602
455 603
456 void 604 void
457 ngx_pop3_auth_state(ngx_event_t *rev) 605 ngx_mail_auth(ngx_mail_session_t *s, ngx_connection_t *c)
458 {
459 u_char *p, *last, *text;
460 ssize_t size;
461 ngx_int_t rc;
462 ngx_str_t *arg, salt;
463 ngx_connection_t *c;
464 ngx_mail_session_t *s;
465 ngx_mail_core_srv_conf_t *cscf;
466 #if (NGX_MAIL_SSL)
467 ngx_mail_ssl_conf_t *sslcf;
468 #endif
469
470 c = rev->data;
471 s = c->data;
472
473 ngx_log_debug0(NGX_LOG_DEBUG_MAIL, c->log, 0, "pop3 auth state");
474
475 if (rev->timedout) {
476 ngx_log_error(NGX_LOG_INFO, c->log, NGX_ETIMEDOUT, "client timed out");
477 c->timedout = 1;
478 ngx_mail_close_connection(c);
479 return;
480 }
481
482 if (s->out.len) {
483 ngx_log_debug0(NGX_LOG_DEBUG_MAIL, c->log, 0, "pop3 send handler busy");
484 s->blocked = 1;
485 return;
486 }
487
488 s->blocked = 0;
489
490 rc = ngx_mail_read_command(s);
491
492 if (rc == NGX_AGAIN || rc == NGX_ERROR) {
493 return;
494 }
495
496 text = pop3_ok;
497 size = sizeof(pop3_ok) - 1;
498
499 if (rc == NGX_OK) {
500 switch (s->mail_state) {
501
502 case ngx_pop3_start:
503
504 switch (s->command) {
505
506 case NGX_POP3_USER:
507
508 #if (NGX_MAIL_SSL)
509
510 if (c->ssl == NULL) {
511 sslcf = ngx_mail_get_module_srv_conf(s,
512 ngx_mail_ssl_module);
513
514 if (sslcf->starttls == NGX_MAIL_STARTTLS_ONLY) {
515 rc = NGX_MAIL_PARSE_INVALID_COMMAND;
516 break;
517 }
518 }
519 #endif
520
521 if (s->args.nelts == 1) {
522 s->mail_state = ngx_pop3_user;
523
524 arg = s->args.elts;
525 s->login.len = arg[0].len;
526 s->login.data = ngx_palloc(c->pool, s->login.len);
527 if (s->login.data == NULL) {
528 ngx_mail_session_internal_server_error(s);
529 return;
530 }
531
532 ngx_memcpy(s->login.data, arg[0].data, s->login.len);
533
534 ngx_log_debug1(NGX_LOG_DEBUG_MAIL, c->log, 0,
535 "pop3 login: \"%V\"", &s->login);
536
537 break;
538 }
539
540 rc = NGX_MAIL_PARSE_INVALID_COMMAND;
541 break;
542
543 case NGX_POP3_CAPA:
544 cscf = ngx_mail_get_module_srv_conf(s, ngx_mail_core_module);
545
546 #if (NGX_MAIL_SSL)
547
548 if (c->ssl == NULL) {
549 sslcf = ngx_mail_get_module_srv_conf(s,
550 ngx_mail_ssl_module);
551
552 if (sslcf->starttls == NGX_MAIL_STARTTLS_ON) {
553 size = cscf->pop3_starttls_capability.len;
554 text = cscf->pop3_starttls_capability.data;
555 break;
556 }
557
558 if (sslcf->starttls == NGX_MAIL_STARTTLS_ONLY) {
559 size = cscf->pop3_starttls_only_capability.len;
560 text = cscf->pop3_starttls_only_capability.data;
561 break;
562 }
563 }
564 #endif
565
566 size = cscf->pop3_capability.len;
567 text = cscf->pop3_capability.data;
568 break;
569
570 case NGX_POP3_APOP:
571
572 #if (NGX_MAIL_SSL)
573
574 if (c->ssl == NULL) {
575 sslcf = ngx_mail_get_module_srv_conf(s,
576 ngx_mail_ssl_module);
577
578 if (sslcf->starttls == NGX_MAIL_STARTTLS_ONLY) {
579 rc = NGX_MAIL_PARSE_INVALID_COMMAND;
580 break;
581 }
582 }
583 #endif
584
585 cscf = ngx_mail_get_module_srv_conf(s, ngx_mail_core_module);
586
587 if ((cscf->pop3_auth_methods & NGX_MAIL_AUTH_APOP_ENABLED)
588 && s->args.nelts == 2)
589 {
590 arg = s->args.elts;
591
592 s->login.len = arg[0].len;
593 s->login.data = ngx_palloc(c->pool, s->login.len);
594 if (s->login.data == NULL) {
595 ngx_mail_session_internal_server_error(s);
596 return;
597 }
598
599 ngx_memcpy(s->login.data, arg[0].data, s->login.len);
600
601 s->passwd.len = arg[1].len;
602 s->passwd.data = ngx_palloc(c->pool, s->passwd.len);
603 if (s->passwd.data == NULL) {
604 ngx_mail_session_internal_server_error(s);
605 return;
606 }
607
608 ngx_memcpy(s->passwd.data, arg[1].data, s->passwd.len);
609
610 ngx_log_debug2(NGX_LOG_DEBUG_MAIL, c->log, 0,
611 "pop3 apop: \"%V\" \"%V\"",
612 &s->login, &s->passwd);
613
614 s->auth_method = NGX_MAIL_AUTH_APOP;
615
616 ngx_mail_do_auth(s);
617 return;
618 }
619
620 rc = NGX_MAIL_PARSE_INVALID_COMMAND;
621 break;
622
623 case NGX_POP3_AUTH:
624
625 #if (NGX_MAIL_SSL)
626
627 if (c->ssl == NULL) {
628 sslcf = ngx_mail_get_module_srv_conf(s,
629 ngx_mail_ssl_module);
630
631 if (sslcf->starttls == NGX_MAIL_STARTTLS_ONLY) {
632 rc = NGX_MAIL_PARSE_INVALID_COMMAND;
633 break;
634 }
635 }
636 #endif
637
638 cscf = ngx_mail_get_module_srv_conf(s, ngx_mail_core_module);
639
640 if (s->args.nelts == 0) {
641 size = cscf->pop3_auth_capability.len;
642 text = cscf->pop3_auth_capability.data;
643 s->state = 0;
644 break;
645 }
646
647 arg = s->args.elts;
648
649 if (arg[0].len == 5) {
650
651 if (ngx_strncasecmp(arg[0].data, (u_char *) "LOGIN", 5)
652 == 0)
653 {
654
655 if (s->args.nelts != 1) {
656 rc = NGX_MAIL_PARSE_INVALID_COMMAND;
657 break;
658 }
659
660 s->mail_state = ngx_pop3_auth_login_username;
661
662 size = sizeof(pop3_username) - 1;
663 text = pop3_username;
664
665 break;
666
667 } else if (ngx_strncasecmp(arg[0].data, (u_char *) "PLAIN",
668 5)
669 == 0)
670 {
671
672 if (s->args.nelts == 1) {
673 s->mail_state = ngx_pop3_auth_plain;
674
675 size = sizeof(pop3_next) - 1;
676 text = pop3_next;
677
678 break;
679 }
680
681 if (s->args.nelts == 2) {
682
683 /*
684 * workaround for Eudora for Mac: it sends
685 * AUTH PLAIN [base64 encoded]
686 */
687
688 rc = ngx_mail_decode_auth_plain(s, &arg[1]);
689
690 if (rc == NGX_OK) {
691 ngx_mail_do_auth(s);
692 return;
693 }
694
695 if (rc == NGX_ERROR) {
696 ngx_mail_session_internal_server_error(s);
697 return;
698 }
699
700 /* rc == NGX_MAIL_PARSE_INVALID_COMMAND */
701
702 break;
703 }
704
705 rc = NGX_MAIL_PARSE_INVALID_COMMAND;
706 break;
707 }
708
709 } else if (arg[0].len == 8
710 && ngx_strncasecmp(arg[0].data,
711 (u_char *) "CRAM-MD5", 8)
712 == 0)
713 {
714 if (!(cscf->pop3_auth_methods
715 & NGX_MAIL_AUTH_CRAM_MD5_ENABLED)
716 || s->args.nelts != 1)
717 {
718 rc = NGX_MAIL_PARSE_INVALID_COMMAND;
719 break;
720 }
721
722 s->mail_state = ngx_pop3_auth_cram_md5;
723
724 text = ngx_palloc(c->pool,
725 sizeof("+ " CRLF) - 1
726 + ngx_base64_encoded_length(s->salt.len));
727 if (text == NULL) {
728 ngx_mail_session_internal_server_error(s);
729 return;
730 }
731
732 text[0] = '+'; text[1]= ' ';
733 salt.data = &text[2];
734 s->salt.len -= 2;
735
736 ngx_encode_base64(&salt, &s->salt);
737
738 s->salt.len += 2;
739 size = 2 + salt.len;
740 text[size++] = CR; text[size++] = LF;
741
742 break;
743 }
744
745 rc = NGX_MAIL_PARSE_INVALID_COMMAND;
746 break;
747
748 case NGX_POP3_QUIT:
749 s->quit = 1;
750 break;
751
752 case NGX_POP3_NOOP:
753 break;
754
755 #if (NGX_MAIL_SSL)
756
757 case NGX_POP3_STLS:
758 if (c->ssl == NULL) {
759 sslcf = ngx_mail_get_module_srv_conf(s,
760 ngx_mail_ssl_module);
761 if (sslcf->starttls) {
762 c->read->handler = ngx_mail_starttls_handler;
763 break;
764 }
765 }
766
767 rc = NGX_MAIL_PARSE_INVALID_COMMAND;
768 break;
769 #endif
770
771 default:
772 s->mail_state = ngx_pop3_start;
773 rc = NGX_MAIL_PARSE_INVALID_COMMAND;
774 break;
775 }
776
777 break;
778
779 case ngx_pop3_user:
780
781 switch (s->command) {
782
783 case NGX_POP3_PASS:
784 if (s->args.nelts == 1) {
785 arg = s->args.elts;
786 s->passwd.len = arg[0].len;
787 s->passwd.data = ngx_palloc(c->pool, s->passwd.len);
788 if (s->passwd.data == NULL) {
789 ngx_mail_session_internal_server_error(s);
790 return;
791 }
792
793 ngx_memcpy(s->passwd.data, arg[0].data, s->passwd.len);
794
795 #if (NGX_DEBUG_MAIL_PASSWD)
796 ngx_log_debug1(NGX_LOG_DEBUG_MAIL, c->log, 0,
797 "pop3 passwd: \"%V\"", &s->passwd);
798 #endif
799
800 ngx_mail_do_auth(s);
801 return;
802 }
803
804 rc = NGX_MAIL_PARSE_INVALID_COMMAND;
805 break;
806
807 case NGX_POP3_CAPA:
808 cscf = ngx_mail_get_module_srv_conf(s, ngx_mail_core_module);
809 size = cscf->pop3_capability.len;
810 text = cscf->pop3_capability.data;
811 break;
812
813 case NGX_POP3_QUIT:
814 s->quit = 1;
815 break;
816
817 case NGX_POP3_NOOP:
818 break;
819
820 default:
821 s->mail_state = ngx_pop3_start;
822 rc = NGX_MAIL_PARSE_INVALID_COMMAND;
823 break;
824 }
825
826 break;
827
828 /* suppress warinings */
829 case ngx_pop3_passwd:
830 break;
831
832 case ngx_pop3_auth_login_username:
833 arg = s->args.elts;
834 s->mail_state = ngx_pop3_auth_login_password;
835
836 ngx_log_debug1(NGX_LOG_DEBUG_MAIL, c->log, 0,
837 "pop3 auth login username: \"%V\"", &arg[0]);
838
839 s->login.data = ngx_palloc(c->pool,
840 ngx_base64_decoded_length(arg[0].len));
841 if (s->login.data == NULL){
842 ngx_mail_session_internal_server_error(s);
843 return;
844 }
845
846 if (ngx_decode_base64(&s->login, &arg[0]) != NGX_OK) {
847 ngx_log_error(NGX_LOG_INFO, c->log, 0,
848 "client sent invalid base64 encoding "
849 "in AUTH LOGIN command");
850 rc = NGX_MAIL_PARSE_INVALID_COMMAND;
851 break;
852 }
853
854 ngx_log_debug1(NGX_LOG_DEBUG_MAIL, c->log, 0,
855 "pop3 auth login username: \"%V\"", &s->login);
856
857 size = sizeof(pop3_password) - 1;
858 text = pop3_password;
859
860 break;
861
862 case ngx_pop3_auth_login_password:
863 arg = s->args.elts;
864
865 #if (NGX_DEBUG_MAIL_PASSWD)
866 ngx_log_debug1(NGX_LOG_DEBUG_MAIL, c->log, 0,
867 "pop3 auth login password: \"%V\"", &arg[0]);
868 #endif
869
870 s->passwd.data = ngx_palloc(c->pool,
871 ngx_base64_decoded_length(arg[0].len));
872 if (s->passwd.data == NULL){
873 ngx_mail_session_internal_server_error(s);
874 return;
875 }
876
877 if (ngx_decode_base64(&s->passwd, &arg[0]) != NGX_OK) {
878 ngx_log_error(NGX_LOG_INFO, c->log, 0,
879 "client sent invalid base64 encoding "
880 "in AUTH LOGIN command");
881 rc = NGX_MAIL_PARSE_INVALID_COMMAND;
882 break;
883 }
884
885 #if (NGX_DEBUG_MAIL_PASSWD)
886 ngx_log_debug1(NGX_LOG_DEBUG_MAIL, c->log, 0,
887 "pop3 auth login password: \"%V\"", &s->passwd);
888 #endif
889
890 ngx_mail_do_auth(s);
891 return;
892
893 case ngx_pop3_auth_plain:
894 arg = s->args.elts;
895
896 rc = ngx_mail_decode_auth_plain(s, &arg[0]);
897
898 if (rc == NGX_OK) {
899 ngx_mail_do_auth(s);
900 return;
901 }
902
903 if (rc == NGX_ERROR) {
904 ngx_mail_session_internal_server_error(s);
905 return;
906 }
907
908 /* rc == NGX_MAIL_PARSE_INVALID_COMMAND */
909
910 break;
911
912 case ngx_pop3_auth_cram_md5:
913 arg = s->args.elts;
914
915 ngx_log_debug1(NGX_LOG_DEBUG_MAIL, c->log, 0,
916 "pop3 auth cram-md5: \"%V\"", &arg[0]);
917
918 s->login.data = ngx_palloc(c->pool,
919 ngx_base64_decoded_length(arg[0].len));
920 if (s->login.data == NULL){
921 ngx_mail_session_internal_server_error(s);
922 return;
923 }
924
925 if (ngx_decode_base64(&s->login, &arg[0]) != NGX_OK) {
926 ngx_log_error(NGX_LOG_INFO, c->log, 0,
927 "client sent invalid base64 encoding "
928 "in AUTH CRAM-MD5 command");
929 rc = NGX_MAIL_PARSE_INVALID_COMMAND;
930 break;
931 }
932
933 p = s->login.data;
934 last = p + s->login.len;
935
936 while (p < last) {
937 if (*p++ == ' ') {
938 s->login.len = p - s->login.data - 1;
939 s->passwd.len = last - p;
940 s->passwd.data = p;
941 break;
942 }
943 }
944
945 if (s->passwd.len != 32) {
946 ngx_log_error(NGX_LOG_INFO, c->log, 0,
947 "client sent invalid CRAM-MD5 hash "
948 "in AUTH CRAM-MD5 command");
949 rc = NGX_MAIL_PARSE_INVALID_COMMAND;
950 break;
951 }
952
953 ngx_log_debug2(NGX_LOG_DEBUG_MAIL, c->log, 0,
954 "pop3 auth cram-md5: \"%V\" \"%V\"",
955 &s->login, &s->passwd);
956
957 s->auth_method = NGX_MAIL_AUTH_CRAM_MD5;
958
959 ngx_mail_do_auth(s);
960 return;
961 }
962 }
963
964 if (rc == NGX_MAIL_PARSE_INVALID_COMMAND) {
965 s->mail_state = ngx_pop3_start;
966 s->state = 0;
967 text = pop3_invalid_command;
968 size = sizeof(pop3_invalid_command) - 1;
969 }
970
971 s->args.nelts = 0;
972 s->buffer->pos = s->buffer->start;
973 s->buffer->last = s->buffer->start;
974
975 if (s->state) {
976 s->arg_start = s->buffer->start;
977 }
978
979 s->out.data = text;
980 s->out.len = size;
981
982 ngx_mail_send(c->write);
983 }
984
985
986 void
987 ngx_imap_auth_state(ngx_event_t *rev)
988 {
989 u_char *p, *last, *text, *dst, *src, *end;
990 ssize_t text_len, last_len;
991 ngx_str_t *arg, salt;
992 ngx_int_t rc;
993 ngx_uint_t tag, i;
994 ngx_connection_t *c;
995 ngx_mail_session_t *s;
996 ngx_mail_core_srv_conf_t *cscf;
997 #if (NGX_MAIL_SSL)
998 ngx_mail_ssl_conf_t *sslcf;
999 #endif
1000
1001 c = rev->data;
1002 s = c->data;
1003
1004 ngx_log_debug0(NGX_LOG_DEBUG_MAIL, c->log, 0, "imap auth state");
1005
1006 if (rev->timedout) {
1007 ngx_log_error(NGX_LOG_INFO, c->log, NGX_ETIMEDOUT, "client timed out");
1008 c->timedout = 1;
1009 ngx_mail_close_connection(c);
1010 return;
1011 }
1012
1013 if (s->out.len) {
1014 ngx_log_debug0(NGX_LOG_DEBUG_MAIL, c->log, 0, "imap send handler busy");
1015 s->blocked = 1;
1016 return;
1017 }
1018
1019 s->blocked = 0;
1020
1021 rc = ngx_mail_read_command(s);
1022
1023 if (rc == NGX_AGAIN || rc == NGX_ERROR) {
1024 return;
1025 }
1026
1027 tag = 1;
1028
1029 text = NULL;
1030 text_len = 0;
1031
1032 last = imap_ok;
1033 last_len = sizeof(imap_ok) - 1;
1034
1035 if (rc == NGX_OK) {
1036
1037 ngx_log_debug1(NGX_LOG_DEBUG_MAIL, c->log, 0, "imap auth command: %i",
1038 s->command);
1039
1040 if (s->backslash) {
1041
1042 arg = s->args.elts;
1043
1044 for (i = 0; i < s->args.nelts; i++) {
1045 dst = arg[i].data;
1046 end = dst + arg[i].len;
1047
1048 for (src = dst; src < end; dst++) {
1049 *dst = *src;
1050 if (*src++ == '\\') {
1051 *dst = *src++;
1052 }
1053 }
1054
1055 arg[i].len = dst - arg[i].data;
1056 }
1057
1058 s->backslash = 0;
1059 }
1060
1061 switch (s->mail_state) {
1062
1063 case ngx_imap_start:
1064
1065 switch (s->command) {
1066
1067 case NGX_IMAP_LOGIN:
1068
1069 #if (NGX_MAIL_SSL)
1070
1071 if (c->ssl == NULL) {
1072 sslcf = ngx_mail_get_module_srv_conf(s, ngx_mail_ssl_module);
1073
1074 if (sslcf->starttls == NGX_MAIL_STARTTLS_ONLY) {
1075 rc = NGX_MAIL_PARSE_INVALID_COMMAND;
1076 break;
1077 }
1078 }
1079 #endif
1080
1081 arg = s->args.elts;
1082
1083 if (s->args.nelts == 2 && arg[0].len) {
1084
1085 s->login.len = arg[0].len;
1086 s->login.data = ngx_palloc(c->pool, s->login.len);
1087 if (s->login.data == NULL) {
1088 ngx_mail_session_internal_server_error(s);
1089 return;
1090 }
1091
1092 ngx_memcpy(s->login.data, arg[0].data, s->login.len);
1093
1094 s->passwd.len = arg[1].len;
1095 s->passwd.data = ngx_palloc(c->pool, s->passwd.len);
1096 if (s->passwd.data == NULL) {
1097 ngx_mail_session_internal_server_error(s);
1098 return;
1099 }
1100
1101 ngx_memcpy(s->passwd.data, arg[1].data, s->passwd.len);
1102
1103 #if (NGX_DEBUG_MAIL_PASSWD)
1104 ngx_log_debug2(NGX_LOG_DEBUG_MAIL, c->log, 0,
1105 "imap login:\"%V\" passwd:\"%V\"",
1106 &s->login, &s->passwd);
1107 #else
1108 ngx_log_debug1(NGX_LOG_DEBUG_MAIL, c->log, 0,
1109 "imap login:\"%V\"", &s->login);
1110 #endif
1111
1112 ngx_mail_do_auth(s);
1113 return;
1114 }
1115
1116 rc = NGX_MAIL_PARSE_INVALID_COMMAND;
1117 break;
1118
1119 case NGX_IMAP_AUTHENTICATE:
1120
1121 #if (NGX_MAIL_SSL)
1122
1123 if (c->ssl == NULL) {
1124 sslcf = ngx_mail_get_module_srv_conf(s, ngx_mail_ssl_module);
1125
1126 if (sslcf->starttls == NGX_MAIL_STARTTLS_ONLY) {
1127 rc = NGX_MAIL_PARSE_INVALID_COMMAND;
1128 break;
1129 }
1130 }
1131 #endif
1132
1133 if (s->args.nelts != 1) {
1134 rc = NGX_MAIL_PARSE_INVALID_COMMAND;
1135 break;
1136 }
1137
1138 arg = s->args.elts;
1139
1140 if (arg[0].len == 5) {
1141
1142 if (ngx_strncasecmp(arg[0].data, (u_char *) "LOGIN", 5)
1143 == 0)
1144 {
1145
1146 s->mail_state = ngx_imap_auth_login_username;
1147
1148 last_len = sizeof(pop3_username) - 1;
1149 last = pop3_username;
1150 tag = 0;
1151
1152 break;
1153
1154 } else if (ngx_strncasecmp(arg[0].data, (u_char *) "PLAIN",
1155 5)
1156 == 0)
1157 {
1158
1159 s->mail_state = ngx_imap_auth_plain;
1160
1161 last_len = sizeof(pop3_next) - 1;
1162 last = pop3_next;
1163 tag = 0;
1164
1165 break;
1166 }
1167
1168 } else if (arg[0].len == 8
1169 && ngx_strncasecmp(arg[0].data,
1170 (u_char *) "CRAM-MD5", 8)
1171 == 0)
1172 {
1173 cscf = ngx_mail_get_module_srv_conf(s, ngx_mail_core_module);
1174
1175 if (!(cscf->imap_auth_methods
1176 & NGX_MAIL_AUTH_CRAM_MD5_ENABLED)
1177 || s->args.nelts != 1)
1178 {
1179 rc = NGX_MAIL_PARSE_INVALID_COMMAND;
1180 break;
1181 }
1182
1183 s->mail_state = ngx_imap_auth_cram_md5;
1184
1185 last = ngx_palloc(c->pool,
1186 sizeof("+ " CRLF) - 1
1187 + ngx_base64_encoded_length(s->salt.len));
1188 if (last == NULL) {
1189 ngx_mail_session_internal_server_error(s);
1190 return;
1191 }
1192
1193 last[0] = '+'; last[1]= ' ';
1194 salt.data = &last[2];
1195 s->salt.len -= 2;
1196
1197 ngx_encode_base64(&salt, &s->salt);
1198
1199 s->salt.len += 2;
1200 last_len = 2 + salt.len;
1201 last[last_len++] = CR; last[last_len++] = LF;
1202 tag = 0;
1203
1204 break;
1205 }
1206
1207 rc = NGX_MAIL_PARSE_INVALID_COMMAND;
1208 break;
1209
1210 case NGX_IMAP_CAPABILITY:
1211 cscf = ngx_mail_get_module_srv_conf(s, ngx_mail_core_module);
1212
1213 #if (NGX_MAIL_SSL)
1214
1215 if (c->ssl == NULL) {
1216 sslcf = ngx_mail_get_module_srv_conf(s, ngx_mail_ssl_module);
1217
1218 if (sslcf->starttls == NGX_MAIL_STARTTLS_ON) {
1219 text_len = cscf->imap_starttls_capability.len;
1220 text = cscf->imap_starttls_capability.data;
1221 break;
1222 }
1223
1224 if (sslcf->starttls == NGX_MAIL_STARTTLS_ONLY) {
1225 text_len = cscf->imap_starttls_only_capability.len;
1226 text = cscf->imap_starttls_only_capability.data;
1227 break;
1228 }
1229 }
1230 #endif
1231
1232 text_len = cscf->imap_capability.len;
1233 text = cscf->imap_capability.data;
1234 break;
1235
1236 case NGX_IMAP_LOGOUT:
1237 s->quit = 1;
1238 text = imap_bye;
1239 text_len = sizeof(imap_bye) - 1;
1240 break;
1241
1242 case NGX_IMAP_NOOP:
1243 break;
1244
1245 #if (NGX_MAIL_SSL)
1246
1247 case NGX_IMAP_STARTTLS:
1248 if (c->ssl == NULL) {
1249 sslcf = ngx_mail_get_module_srv_conf(s, ngx_mail_ssl_module);
1250 if (sslcf->starttls) {
1251 c->read->handler = ngx_mail_starttls_handler;
1252 break;
1253 }
1254 }
1255
1256 rc = NGX_MAIL_PARSE_INVALID_COMMAND;
1257 break;
1258 #endif
1259
1260 default:
1261 rc = NGX_MAIL_PARSE_INVALID_COMMAND;
1262 break;
1263 }
1264
1265 break;
1266
1267 case ngx_imap_auth_login_username:
1268 arg = s->args.elts;
1269 s->mail_state = ngx_imap_auth_login_password;
1270
1271 ngx_log_debug1(NGX_LOG_DEBUG_MAIL, c->log, 0,
1272 "imap auth login username: \"%V\"", &arg[0]);
1273
1274 s->login.data = ngx_palloc(c->pool,
1275 ngx_base64_decoded_length(arg[0].len));
1276 if (s->login.data == NULL){
1277 ngx_mail_session_internal_server_error(s);
1278 return;
1279 }
1280
1281 if (ngx_decode_base64(&s->login, &arg[0]) != NGX_OK) {
1282 ngx_log_error(NGX_LOG_INFO, c->log, 0,
1283 "client sent invalid base64 encoding "
1284 "in AUTH LOGIN command");
1285 rc = NGX_MAIL_PARSE_INVALID_COMMAND;
1286 break;
1287 }
1288
1289 ngx_log_debug1(NGX_LOG_DEBUG_MAIL, c->log, 0,
1290 "imap auth login username: \"%V\"", &s->login);
1291
1292 last_len = sizeof(pop3_password) - 1;
1293 last = pop3_password;
1294 tag = 0;
1295
1296 break;
1297
1298 case ngx_imap_auth_login_password:
1299 arg = s->args.elts;
1300
1301 #if (NGX_DEBUG_MAIL_PASSWD)
1302 ngx_log_debug1(NGX_LOG_DEBUG_MAIL, c->log, 0,
1303 "imap auth login password: \"%V\"", &arg[0]);
1304 #endif
1305
1306 s->passwd.data = ngx_palloc(c->pool,
1307 ngx_base64_decoded_length(arg[0].len));
1308 if (s->passwd.data == NULL){
1309 ngx_mail_session_internal_server_error(s);
1310 return;
1311 }
1312
1313 if (ngx_decode_base64(&s->passwd, &arg[0]) != NGX_OK) {
1314 ngx_log_error(NGX_LOG_INFO, c->log, 0,
1315 "client sent invalid base64 encoding "
1316 "in AUTH LOGIN command");
1317 rc = NGX_MAIL_PARSE_INVALID_COMMAND;
1318 break;
1319 }
1320
1321 #if (NGX_DEBUG_MAIL_PASSWD)
1322 ngx_log_debug1(NGX_LOG_DEBUG_MAIL, c->log, 0,
1323 "imap auth login password: \"%V\"", &s->passwd);
1324 #endif
1325
1326 ngx_mail_do_auth(s);
1327 return;
1328
1329 case ngx_imap_auth_plain:
1330 arg = s->args.elts;
1331
1332 rc = ngx_mail_decode_auth_plain(s, &arg[0]);
1333
1334 if (rc == NGX_OK) {
1335 ngx_mail_do_auth(s);
1336 return;
1337 }
1338
1339 if (rc == NGX_ERROR) {
1340 ngx_mail_session_internal_server_error(s);
1341 return;
1342 }
1343
1344 /* rc == NGX_MAIL_PARSE_INVALID_COMMAND */
1345
1346 break;
1347
1348 case ngx_imap_auth_cram_md5:
1349 arg = s->args.elts;
1350
1351 ngx_log_debug1(NGX_LOG_DEBUG_MAIL, c->log, 0,
1352 "imap auth cram-md5: \"%V\"", &arg[0]);
1353
1354 s->login.data = ngx_palloc(c->pool,
1355 ngx_base64_decoded_length(arg[0].len));
1356 if (s->login.data == NULL){
1357 ngx_mail_session_internal_server_error(s);
1358 return;
1359 }
1360
1361 if (ngx_decode_base64(&s->login, &arg[0]) != NGX_OK) {
1362 ngx_log_error(NGX_LOG_INFO, c->log, 0,
1363 "client sent invalid base64 encoding "
1364 "in AUTH CRAM-MD5 command");
1365 rc = NGX_MAIL_PARSE_INVALID_COMMAND;
1366 break;
1367 }
1368
1369 p = s->login.data;
1370 last = p + s->login.len;
1371
1372 while (p < last) {
1373 if (*p++ == ' ') {
1374 s->login.len = p - s->login.data - 1;
1375 s->passwd.len = last - p;
1376 s->passwd.data = p;
1377 break;
1378 }
1379 }
1380
1381 if (s->passwd.len != 32) {
1382 ngx_log_error(NGX_LOG_INFO, c->log, 0,
1383 "client sent invalid CRAM-MD5 hash "
1384 "in AUTH CRAM-MD5 command");
1385 rc = NGX_MAIL_PARSE_INVALID_COMMAND;
1386 break;
1387 }
1388
1389 ngx_log_debug2(NGX_LOG_DEBUG_MAIL, c->log, 0,
1390 "imap auth cram-md5: \"%V\" \"%V\"",
1391 &s->login, &s->passwd);
1392
1393 s->auth_method = NGX_MAIL_AUTH_CRAM_MD5;
1394
1395 ngx_mail_do_auth(s);
1396 return;
1397 }
1398
1399 } else if (rc == NGX_IMAP_NEXT) {
1400 last = imap_next;
1401 last_len = sizeof(imap_next) - 1;
1402 tag = 0;
1403 }
1404
1405 if (rc == NGX_MAIL_PARSE_INVALID_COMMAND) {
1406 s->mail_state = ngx_imap_start;
1407 s->state = 0;
1408 last = imap_invalid_command;
1409 last_len = sizeof(imap_invalid_command) - 1;
1410 }
1411
1412 if (tag) {
1413 if (s->tag.len == 0) {
1414 s->tag.len = sizeof(imap_star) - 1;
1415 s->tag.data = (u_char *) imap_star;
1416 }
1417
1418 if (s->tagged_line.len < s->tag.len + text_len + last_len) {
1419 s->tagged_line.len = s->tag.len + text_len + last_len;
1420 s->tagged_line.data = ngx_palloc(c->pool, s->tagged_line.len);
1421 if (s->tagged_line.data == NULL) {
1422 ngx_mail_close_connection(c);
1423 return;
1424 }
1425 }
1426
1427 s->out.data = s->tagged_line.data;
1428 s->out.len = s->tag.len + text_len + last_len;
1429
1430 p = s->out.data;
1431
1432 if (text) {
1433 p = ngx_cpymem(p, text, text_len);
1434 }
1435 p = ngx_cpymem(p, s->tag.data, s->tag.len);
1436 ngx_memcpy(p, last, last_len);
1437
1438
1439 } else {
1440 s->out.data = last;
1441 s->out.len = last_len;
1442 }
1443
1444 if (rc != NGX_IMAP_NEXT) {
1445 s->args.nelts = 0;
1446
1447 if (s->state) {
1448 /* preserve tag */
1449 s->arg_start = s->buffer->start + s->tag.len;
1450 s->buffer->pos = s->arg_start;
1451 s->buffer->last = s->arg_start;
1452
1453 } else {
1454 s->buffer->pos = s->buffer->start;
1455 s->buffer->last = s->buffer->start;
1456 s->tag.len = 0;
1457 }
1458 }
1459
1460 ngx_mail_send(c->write);
1461 }
1462
1463
1464 void
1465 ngx_smtp_auth_state(ngx_event_t *rev)
1466 {
1467 u_char *p, *last, *text, ch;
1468 ssize_t size;
1469 ngx_int_t rc;
1470 ngx_str_t *arg, salt, l;
1471 ngx_uint_t i;
1472 ngx_connection_t *c;
1473 ngx_mail_session_t *s;
1474 ngx_mail_core_srv_conf_t *cscf;
1475 #if (NGX_MAIL_SSL)
1476 ngx_mail_ssl_conf_t *sslcf;
1477 #endif
1478
1479 c = rev->data;
1480 s = c->data;
1481
1482 ngx_log_debug0(NGX_LOG_DEBUG_MAIL, c->log, 0, "smtp auth state");
1483
1484 if (rev->timedout) {
1485 ngx_log_error(NGX_LOG_INFO, c->log, NGX_ETIMEDOUT, "client timed out");
1486 c->timedout = 1;
1487 ngx_mail_close_connection(c);
1488 return;
1489 }
1490
1491 if (s->out.len) {
1492 ngx_log_debug0(NGX_LOG_DEBUG_MAIL, c->log, 0, "smtp send handler busy");
1493 s->blocked = 1;
1494 return;
1495 }
1496
1497 s->blocked = 0;
1498
1499 rc = ngx_mail_read_command(s);
1500
1501 if (rc == NGX_AGAIN || rc == NGX_ERROR) {
1502 return;
1503 }
1504
1505 text = NULL;
1506 size = 0;
1507
1508 if (rc == NGX_OK) {
1509 switch (s->mail_state) {
1510
1511 case ngx_smtp_start:
1512
1513 switch (s->command) {
1514
1515 case NGX_SMTP_HELO:
1516 case NGX_SMTP_EHLO:
1517 cscf = ngx_mail_get_module_srv_conf(s, ngx_mail_core_module);
1518
1519 if (s->args.nelts != 1) {
1520 text = smtp_invalid_argument;
1521 size = sizeof(smtp_invalid_argument) - 1;
1522 s->state = 0;
1523 break;
1524 }
1525
1526 arg = s->args.elts;
1527
1528 s->smtp_helo.len = arg[0].len;
1529
1530 s->smtp_helo.data = ngx_palloc(c->pool, arg[0].len);
1531 if (s->smtp_helo.data == NULL) {
1532 ngx_mail_session_internal_server_error(s);
1533 return;
1534 }
1535
1536 ngx_memcpy(s->smtp_helo.data, arg[0].data, arg[0].len);
1537
1538 if (s->command == NGX_SMTP_HELO) {
1539 size = cscf->smtp_server_name.len;
1540 text = cscf->smtp_server_name.data;
1541
1542 } else {
1543 s->esmtp = 1;
1544
1545 #if (NGX_MAIL_SSL)
1546
1547 if (c->ssl == NULL) {
1548 sslcf = ngx_mail_get_module_srv_conf(s, ngx_mail_ssl_module);
1549
1550 if (sslcf->starttls == NGX_MAIL_STARTTLS_ON) {
1551 size = cscf->smtp_starttls_capability.len;
1552 text = cscf->smtp_starttls_capability.data;
1553 break;
1554 }
1555
1556 if (sslcf->starttls == NGX_MAIL_STARTTLS_ONLY) {
1557 size = cscf->smtp_starttls_only_capability.len;
1558 text = cscf->smtp_starttls_only_capability.data;
1559 break;
1560 }
1561 }
1562 #endif
1563
1564 size = cscf->smtp_capability.len;
1565 text = cscf->smtp_capability.data;
1566 }
1567
1568 break;
1569
1570 case NGX_SMTP_AUTH:
1571
1572 #if (NGX_MAIL_SSL)
1573
1574 if (c->ssl == NULL) {
1575 sslcf = ngx_mail_get_module_srv_conf(s, ngx_mail_ssl_module);
1576
1577 if (sslcf->starttls == NGX_MAIL_STARTTLS_ONLY) {
1578 rc = NGX_MAIL_PARSE_INVALID_COMMAND;
1579 break;
1580 }
1581 }
1582 #endif
1583
1584 if (s->args.nelts == 0) {
1585 text = smtp_invalid_argument;
1586 size = sizeof(smtp_invalid_argument) - 1;
1587 s->state = 0;
1588 break;
1589 }
1590
1591 arg = s->args.elts;
1592
1593 if (arg[0].len == 5) {
1594
1595 if (ngx_strncasecmp(arg[0].data, (u_char *) "LOGIN", 5)
1596 == 0)
1597 {
1598
1599 if (s->args.nelts != 1) {
1600 rc = NGX_MAIL_PARSE_INVALID_COMMAND;
1601 break;
1602 }
1603
1604 s->mail_state = ngx_smtp_auth_login_username;
1605
1606 size = sizeof(smtp_username) - 1;
1607 text = smtp_username;
1608
1609 break;
1610
1611 } else if (ngx_strncasecmp(arg[0].data, (u_char *) "PLAIN",
1612 5)
1613 == 0)
1614 {
1615 if (s->args.nelts == 1) {
1616 s->mail_state = ngx_smtp_auth_plain;
1617
1618 size = sizeof(smtp_next) - 1;
1619 text = smtp_next;
1620
1621 break;
1622 }
1623
1624 if (s->args.nelts == 2) {
1625
1626 rc = ngx_mail_decode_auth_plain(s, &arg[1]);
1627
1628 if (rc == NGX_OK) {
1629 ngx_mail_do_auth(s);
1630 return;
1631 }
1632
1633 if (rc == NGX_ERROR) {
1634 ngx_mail_session_internal_server_error(s);
1635 return;
1636 }
1637
1638 /* rc == NGX_MAIL_PARSE_INVALID_COMMAND */
1639
1640 break;
1641 }
1642
1643 rc = NGX_MAIL_PARSE_INVALID_COMMAND;
1644 break;
1645 }
1646
1647 } else if (arg[0].len == 8
1648 && ngx_strncasecmp(arg[0].data,
1649 (u_char *) "CRAM-MD5", 8)
1650 == 0)
1651 {
1652 cscf = ngx_mail_get_module_srv_conf(s,
1653 ngx_mail_core_module);
1654
1655 if (!(cscf->smtp_auth_methods
1656 & NGX_MAIL_AUTH_CRAM_MD5_ENABLED)
1657 || s->args.nelts != 1)
1658 {
1659 rc = NGX_MAIL_PARSE_INVALID_COMMAND;
1660 break;
1661 }
1662
1663 s->mail_state = ngx_smtp_auth_cram_md5;
1664
1665 text = ngx_palloc(c->pool,
1666 sizeof("334 " CRLF) - 1
1667 + ngx_base64_encoded_length(s->salt.len));
1668 if (text == NULL) {
1669 ngx_mail_session_internal_server_error(s);
1670 return;
1671 }
1672
1673 text[0] = '3'; text[1]= '3'; text[2] = '4'; text[3]= ' ';
1674 salt.data = &text[4];
1675 s->salt.len -= 2;
1676
1677 ngx_encode_base64(&salt, &s->salt);
1678
1679 s->salt.len += 2;
1680 size = 4 + salt.len;
1681 text[size++] = CR; text[size++] = LF;
1682
1683 break;
1684 }
1685
1686 rc = NGX_MAIL_PARSE_INVALID_COMMAND;
1687 break;
1688
1689 case NGX_SMTP_QUIT:
1690 s->quit = 1;
1691 text = smtp_bye;
1692 size = sizeof(smtp_bye) - 1;
1693 break;
1694
1695 case NGX_SMTP_MAIL:
1696
1697 if (s->connection->log->log_level >= NGX_LOG_INFO) {
1698 l.len = s->buffer->last - s->buffer->start;
1699 l.data = s->buffer->start;
1700
1701 for (i = 0; i < l.len; i++) {
1702 ch = l.data[i];
1703
1704 if (ch != CR && ch != LF) {
1705 continue;
1706 }
1707
1708 l.data[i] = ' ';
1709 }
1710
1711 while (i) {
1712 if (l.data[i - 1] != ' ') {
1713 break;
1714 }
1715
1716 i--;
1717 }
1718
1719 l.len = i;
1720
1721 ngx_log_error(NGX_LOG_INFO, s->connection->log, 0,
1722 "client was rejected: \"%V\"", &l);
1723 }
1724
1725 text = smtp_auth_required;
1726 size = sizeof(smtp_auth_required) - 1;
1727 break;
1728
1729 case NGX_SMTP_NOOP:
1730 case NGX_SMTP_RSET:
1731 text = smtp_ok;
1732 size = sizeof(smtp_ok) - 1;
1733 break;
1734
1735 #if (NGX_MAIL_SSL)
1736
1737 case NGX_SMTP_STARTTLS:
1738 if (c->ssl == NULL) {
1739 sslcf = ngx_mail_get_module_srv_conf(s,
1740 ngx_mail_ssl_module);
1741 if (sslcf->starttls) {
1742 c->read->handler = ngx_mail_starttls_handler;
1743
1744 /*
1745 * RFC3207 requires us to discard any knowledge
1746 * obtained from client before STARTTLS.
1747 */
1748
1749 s->smtp_helo.len = 0;
1750 s->smtp_helo.data = NULL;
1751
1752 text = smtp_ok;
1753 size = sizeof(smtp_ok) - 1;
1754
1755 break;
1756 }
1757 }
1758
1759 rc = NGX_MAIL_PARSE_INVALID_COMMAND;
1760 break;
1761 #endif
1762
1763 default:
1764 rc = NGX_MAIL_PARSE_INVALID_COMMAND;
1765 break;
1766 }
1767
1768 break;
1769
1770 case ngx_smtp_auth_login_username:
1771 arg = s->args.elts;
1772 s->mail_state = ngx_smtp_auth_login_password;
1773
1774 ngx_log_debug1(NGX_LOG_DEBUG_MAIL, c->log, 0,
1775 "smtp auth login username: \"%V\"", &arg[0]);
1776
1777 s->login.data = ngx_palloc(c->pool,
1778 ngx_base64_decoded_length(arg[0].len));
1779 if (s->login.data == NULL){
1780 ngx_mail_session_internal_server_error(s);
1781 return;
1782 }
1783
1784 if (ngx_decode_base64(&s->login, &arg[0]) != NGX_OK) {
1785 ngx_log_error(NGX_LOG_INFO, c->log, 0,
1786 "client sent invalid base64 encoding "
1787 "in AUTH LOGIN command");
1788 rc = NGX_MAIL_PARSE_INVALID_COMMAND;
1789 break;
1790 }
1791
1792 ngx_log_debug1(NGX_LOG_DEBUG_MAIL, c->log, 0,
1793 "smtp auth login username: \"%V\"", &s->login);
1794
1795 size = sizeof(smtp_password) - 1;
1796 text = smtp_password;
1797
1798 break;
1799
1800 case ngx_smtp_auth_login_password:
1801 arg = s->args.elts;
1802
1803 #if (NGX_DEBUG_MAIL_PASSWD)
1804 ngx_log_debug1(NGX_LOG_DEBUG_MAIL, c->log, 0,
1805 "smtp auth login password: \"%V\"", &arg[0]);
1806 #endif
1807
1808 s->passwd.data = ngx_palloc(c->pool,
1809 ngx_base64_decoded_length(arg[0].len));
1810 if (s->passwd.data == NULL){
1811 ngx_mail_session_internal_server_error(s);
1812 return;
1813 }
1814
1815 if (ngx_decode_base64(&s->passwd, &arg[0]) != NGX_OK) {
1816 ngx_log_error(NGX_LOG_INFO, c->log, 0,
1817 "client sent invalid base64 encoding "
1818 "in AUTH LOGIN command");
1819 rc = NGX_MAIL_PARSE_INVALID_COMMAND;
1820 break;
1821 }
1822
1823 #if (NGX_DEBUG_MAIL_PASSWD)
1824 ngx_log_debug1(NGX_LOG_DEBUG_MAIL, c->log, 0,
1825 "smtp auth login password: \"%V\"", &s->passwd);
1826 #endif
1827
1828 ngx_mail_do_auth(s);
1829 return;
1830
1831 case ngx_smtp_auth_plain:
1832 arg = s->args.elts;
1833
1834 rc = ngx_mail_decode_auth_plain(s, &arg[0]);
1835
1836 if (rc == NGX_OK) {
1837 ngx_mail_do_auth(s);
1838 return;
1839 }
1840
1841 if (rc == NGX_ERROR) {
1842 ngx_mail_session_internal_server_error(s);
1843 return;
1844 }
1845
1846 /* rc == NGX_MAIL_PARSE_INVALID_COMMAND */
1847
1848 break;
1849
1850 case ngx_smtp_auth_cram_md5:
1851 arg = s->args.elts;
1852
1853 ngx_log_debug1(NGX_LOG_DEBUG_MAIL, c->log, 0,
1854 "smtp auth cram-md5: \"%V\"", &arg[0]);
1855
1856 s->login.data = ngx_palloc(c->pool,
1857 ngx_base64_decoded_length(arg[0].len));
1858 if (s->login.data == NULL){
1859 ngx_mail_session_internal_server_error(s);
1860 return;
1861 }
1862
1863 if (ngx_decode_base64(&s->login, &arg[0]) != NGX_OK) {
1864 ngx_log_error(NGX_LOG_INFO, c->log, 0,
1865 "client sent invalid base64 encoding "
1866 "in AUTH CRAM-MD5 command");
1867 rc = NGX_MAIL_PARSE_INVALID_COMMAND;
1868 break;
1869 }
1870
1871 p = s->login.data;
1872 last = p + s->login.len;
1873
1874 while (p < last) {
1875 if (*p++ == ' ') {
1876 s->login.len = p - s->login.data - 1;
1877 s->passwd.len = last - p;
1878 s->passwd.data = p;
1879 break;
1880 }
1881 }
1882
1883 if (s->passwd.len != 32) {
1884 ngx_log_error(NGX_LOG_INFO, c->log, 0,
1885 "client sent invalid CRAM-MD5 hash "
1886 "in AUTH CRAM-MD5 command");
1887 rc = NGX_MAIL_PARSE_INVALID_COMMAND;
1888 break;
1889 }
1890
1891 ngx_log_debug2(NGX_LOG_DEBUG_MAIL, c->log, 0,
1892 "smtp auth cram-md5: \"%V\" \"%V\"",
1893 &s->login, &s->passwd);
1894
1895 s->auth_method = NGX_MAIL_AUTH_CRAM_MD5;
1896
1897 ngx_mail_do_auth(s);
1898 return;
1899 }
1900 }
1901
1902 if (rc == NGX_MAIL_PARSE_INVALID_COMMAND) {
1903 s->mail_state = ngx_smtp_start;
1904 s->state = 0;
1905 text = smtp_invalid_command;
1906 size = sizeof(smtp_invalid_command) - 1;
1907 }
1908
1909 s->args.nelts = 0;
1910 s->buffer->pos = s->buffer->start;
1911 s->buffer->last = s->buffer->start;
1912
1913 if (s->state) {
1914 s->arg_start = s->buffer->start;
1915 }
1916
1917 s->out.data = text;
1918 s->out.len = size;
1919
1920 ngx_mail_send(c->write);
1921 }
1922
1923
1924 static ngx_int_t
1925 ngx_mail_decode_auth_plain(ngx_mail_session_t *s, ngx_str_t *encoded)
1926 {
1927 u_char *p, *last;
1928 ngx_str_t plain;
1929
1930 #if (NGX_DEBUG_MAIL_PASSWD)
1931 ngx_log_debug1(NGX_LOG_DEBUG_MAIL, s->connection->log, 0,
1932 "mail auth plain: \"%V\"", encoded);
1933 #endif
1934
1935 plain.data = ngx_palloc(s->connection->pool,
1936 ngx_base64_decoded_length(encoded->len));
1937 if (plain.data == NULL){
1938 return NGX_ERROR;
1939 }
1940
1941 if (ngx_decode_base64(&plain, encoded) != NGX_OK) {
1942 ngx_log_error(NGX_LOG_INFO, s->connection->log, 0,
1943 "client sent invalid base64 encoding "
1944 "in AUTH PLAIN command");
1945 return NGX_MAIL_PARSE_INVALID_COMMAND;
1946 }
1947
1948 p = plain.data;
1949 last = p + plain.len;
1950
1951 while (p < last && *p++) { /* void */ }
1952
1953 if (p == last) {
1954 ngx_log_error(NGX_LOG_INFO, s->connection->log, 0,
1955 "client sent invalid login in AUTH PLAIN command");
1956 return NGX_MAIL_PARSE_INVALID_COMMAND;
1957 }
1958
1959 s->login.data = p;
1960
1961 while (p < last && *p) { p++; }
1962
1963 if (p == last) {
1964 ngx_log_error(NGX_LOG_INFO, s->connection->log, 0,
1965 "client sent invalid password in AUTH PLAIN command");
1966 return NGX_MAIL_PARSE_INVALID_COMMAND;
1967 }
1968
1969 s->login.len = p++ - s->login.data;
1970
1971 s->passwd.len = last - p;
1972 s->passwd.data = p;
1973
1974 #if (NGX_DEBUG_MAIL_PASSWD)
1975 ngx_log_debug2(NGX_LOG_DEBUG_MAIL, s->connection->log, 0,
1976 "mail auth plain: \"%V\" \"%V\"",
1977 &s->login, &s->passwd);
1978 #endif
1979
1980 return NGX_OK;
1981 }
1982
1983
1984 static void
1985 ngx_mail_do_auth(ngx_mail_session_t *s)
1986 { 606 {
1987 s->args.nelts = 0; 607 s->args.nelts = 0;
1988 s->buffer->pos = s->buffer->start; 608 s->buffer->pos = s->buffer->start;
1989 s->buffer->last = s->buffer->start; 609 s->buffer->last = s->buffer->start;
1990 s->state = 0; 610 s->state = 0;
1991 611
1992 if (s->connection->read->timer_set) { 612 if (c->read->timer_set) {
1993 ngx_del_timer(s->connection->read); 613 ngx_del_timer(c->read);
1994 } 614 }
1995 615
1996 s->login_attempt++; 616 s->login_attempt++;
1997 617
1998 ngx_mail_auth_http_init(s); 618 ngx_mail_auth_http_init(s);
1999 }
2000
2001
2002 static ngx_int_t
2003 ngx_mail_read_command(ngx_mail_session_t *s)
2004 {
2005 ssize_t n;
2006 ngx_int_t rc;
2007 ngx_str_t l;
2008
2009 n = s->connection->recv(s->connection, s->buffer->last,
2010 s->buffer->end - s->buffer->last);
2011
2012 if (n == NGX_ERROR || n == 0) {
2013 ngx_mail_close_connection(s->connection);
2014 return NGX_ERROR;
2015 }
2016
2017 if (n > 0) {
2018 s->buffer->last += n;
2019 }
2020
2021 if (n == NGX_AGAIN) {
2022 if (ngx_handle_read_event(s->connection->read, 0) == NGX_ERROR) {
2023 ngx_mail_session_internal_server_error(s);
2024 return NGX_ERROR;
2025 }
2026
2027 return NGX_AGAIN;
2028 }
2029
2030 switch (s->protocol) {
2031 case NGX_MAIL_POP3_PROTOCOL:
2032 rc = ngx_pop3_parse_command(s);
2033 break;
2034
2035 case NGX_MAIL_IMAP_PROTOCOL:
2036 rc = ngx_imap_parse_command(s);
2037 break;
2038
2039 default: /* NGX_MAIL_SMTP_PROTOCOL */
2040 rc = ngx_smtp_parse_command(s);
2041 break;
2042 }
2043
2044 if (rc == NGX_AGAIN) {
2045
2046 if (s->buffer->last < s->buffer->end) {
2047 return rc;
2048 }
2049
2050 l.len = s->buffer->last - s->buffer->start;
2051 l.data = s->buffer->start;
2052
2053 ngx_log_error(NGX_LOG_INFO, s->connection->log, 0,
2054 "client sent too long command \"%V\"", &l);
2055
2056 s->quit = 1;
2057
2058 return NGX_MAIL_PARSE_INVALID_COMMAND;
2059 }
2060
2061 if (rc == NGX_IMAP_NEXT || rc == NGX_MAIL_PARSE_INVALID_COMMAND) {
2062 return rc;
2063 }
2064
2065 if (rc == NGX_ERROR) {
2066 ngx_mail_close_connection(s->connection);
2067 return NGX_ERROR;
2068 }
2069
2070 return NGX_OK;
2071 } 619 }
2072 620
2073 621
2074 void 622 void
2075 ngx_mail_session_internal_server_error(ngx_mail_session_t *s) 623 ngx_mail_session_internal_server_error(ngx_mail_session_t *s)
2076 { 624 {
2077 s->out = internal_server_errors[s->protocol]; 625 ngx_mail_core_srv_conf_t *cscf;
626
627 cscf = ngx_mail_get_module_srv_conf(s, ngx_mail_core_module);
628
629 s->out = cscf->protocol->internal_server_error;
2078 s->quit = 1; 630 s->quit = 1;
2079 631
2080 ngx_mail_send(s->connection->write); 632 ngx_mail_send(s->connection->write);
2081 } 633 }
2082 634
2098 } 650 }
2099 } 651 }
2100 652
2101 #endif 653 #endif
2102 654
655 #if (NGX_STAT_STUB)
656 ngx_atomic_fetch_add(ngx_stat_active, -1);
657 #endif
658
2103 c->destroyed = 1; 659 c->destroyed = 1;
2104 660
2105 pool = c->pool; 661 pool = c->pool;
2106 662
2107 ngx_close_connection(c); 663 ngx_close_connection(c);
2108 664
2109 ngx_destroy_pool(pool); 665 ngx_destroy_pool(pool);
2110 } 666 }
2111 667
2112 668
2113 static u_char * 669 u_char *
2114 ngx_mail_log_error(ngx_log_t *log, u_char *buf, size_t len) 670 ngx_mail_log_error(ngx_log_t *log, u_char *buf, size_t len)
2115 { 671 {
2116 u_char *p; 672 u_char *p;
2117 ngx_mail_session_t *s; 673 ngx_mail_session_t *s;
2118 ngx_mail_log_ctx_t *ctx; 674 ngx_mail_log_ctx_t *ctx;
2133 689
2134 if (s == NULL) { 690 if (s == NULL) {
2135 return p; 691 return p;
2136 } 692 }
2137 693
2138 p = ngx_snprintf(buf, len, ", server: %V", s->addr_text); 694 p = ngx_snprintf(buf, len, "%s, server: %V",
695 s->starttls ? " using starttls" : "",
696 s->addr_text);
2139 len -= p - buf; 697 len -= p - buf;
2140 buf = p; 698 buf = p;
2141 699
2142 if (s->login.len == 0) { 700 if (s->login.len == 0) {
2143 return p; 701 return p;