Mercurial > hg > nginx-ranges

comparison src/mail/ngx_mail_smtp_handler.c @ 336:1c519aff5c0c NGINX_0_6_12

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
nginx 0.6.12 *) Change: mail proxy was split on three modules: pop3, imap and smtp. *) Feature: the --without-mail_pop3_module, --without-mail_imap_module, and --without-mail_smtp_module configuration parameters. *) Feature: the "smtp_greeting_delay" and "smtp_client_buffer" directives of the ngx_mail_smtp_module. *) Bugfix: the trailing wildcards did not work; bug appeared in 0.6.9. *) Bugfix: nginx could not start on Solaris if the shared PCRE library located in non-standard place was used. *) Bugfix: the "proxy_hide_header" and "fastcgi_hide_header" directives did not hide response header lines whose name was longer than 32 characters. Thanks to Manlio Perillo.
author Igor Sysoev <http://sysoev.ru>
date Fri, 21 Sep 2007 00:00:00 +0400
parents
children b743d290eb3b
comparison
equal deleted inserted replaced
335:9a32ae248b7a 336:1c519aff5c0c
1
2 /*
3 * Copyright (C) Igor Sysoev
4 */
5
6
7 #include <ngx_config.h>
8 #include <ngx_core.h>
9 #include <ngx_event.h>
10 #include <ngx_mail.h>
11 #include <ngx_mail_smtp_module.h>
12
13
14 static void ngx_mail_smtp_invalid_pipelining(ngx_event_t *rev);
15 static ngx_int_t ngx_mail_smtp_create_buffer(ngx_mail_session_t *s,
16 ngx_connection_t *c);
17
18 static ngx_int_t ngx_mail_smtp_helo(ngx_mail_session_t *s, ngx_connection_t *c);
19 static ngx_int_t ngx_mail_smtp_auth(ngx_mail_session_t *s, ngx_connection_t *c);
20 static ngx_int_t ngx_mail_smtp_mail(ngx_mail_session_t *s, ngx_connection_t *c);
21 static ngx_int_t ngx_mail_smtp_starttls(ngx_mail_session_t *s,
22 ngx_connection_t *c);
23
24 static ngx_int_t ngx_mail_smtp_discard_command(ngx_mail_session_t *s,
25 ngx_connection_t *c, char *err);
26 static void ngx_mail_smtp_log_rejected_command(ngx_mail_session_t *s,
27 ngx_connection_t *c, char *err);
28
29
30 static u_char smtp_ok[] = "250 2.0.0 OK" CRLF;
31 static u_char smtp_bye[] = "221 2.0.0 Bye" CRLF;
32 static u_char smtp_next[] = "334 " CRLF;
33 static u_char smtp_username[] = "334 VXNlcm5hbWU6" CRLF;
34 static u_char smtp_password[] = "334 UGFzc3dvcmQ6" CRLF;
35 static u_char smtp_invalid_command[] = "500 5.5.1 Invalid command" CRLF;
36 static u_char smtp_invalid_pipelining[] =
37 "503 5.5.0 Improper use of SMTP command pipelining" CRLF;
38 static u_char smtp_invalid_argument[] = "501 5.5.4 Invalid argument" CRLF;
39 static u_char smtp_auth_required[] = "530 5.7.1 Authentication required" CRLF;
40
41
42 void
43 ngx_mail_smtp_init_session(ngx_mail_session_t *s, ngx_connection_t *c)
44 {
45 ngx_msec_t timeout;
46 ngx_mail_core_srv_conf_t *cscf;
47 ngx_mail_smtp_srv_conf_t *sscf;
48
49 cscf = ngx_mail_get_module_srv_conf(s, ngx_mail_core_module);
50 sscf = ngx_mail_get_module_srv_conf(s, ngx_mail_smtp_module);
51
52 timeout = sscf->greeting_delay ? sscf->greeting_delay : cscf->timeout;
53 ngx_add_timer(c->read, timeout);
54
55 if (ngx_handle_read_event(c->read, 0) == NGX_ERROR) {
56 ngx_mail_close_connection(c);
57 }
58
59 if (sscf->greeting_delay) {
60 c->read->handler = ngx_mail_smtp_invalid_pipelining;
61 return;
62 }
63
64 c->read->handler = ngx_mail_smtp_init_protocol;
65
66 s->out = sscf->greeting;
67
68 ngx_mail_send(c->write);
69 }
70
71
72 static void
73 ngx_mail_smtp_invalid_pipelining(ngx_event_t *rev)
74 {
75 ngx_connection_t *c;
76 ngx_mail_session_t *s;
77 ngx_mail_core_srv_conf_t *cscf;
78 ngx_mail_smtp_srv_conf_t *sscf;
79
80 c = rev->data;
81 s = c->data;
82
83 c->log->action = "in delay pipelining state";
84
85 if (rev->timedout) {
86
87 ngx_log_debug0(NGX_LOG_DEBUG_MAIL, c->log, 0, "delay greeting");
88
89 rev->timedout = 0;
90
91 cscf = ngx_mail_get_module_srv_conf(s, ngx_mail_core_module);
92
93 c->read->handler = ngx_mail_smtp_init_protocol;
94
95 ngx_add_timer(c->read, cscf->timeout);
96
97 if (ngx_handle_read_event(c->read, 0) == NGX_ERROR) {
98 ngx_mail_close_connection(c);
99 return;
100 }
101
102 sscf = ngx_mail_get_module_srv_conf(s, ngx_mail_smtp_module);
103
104 s->out = sscf->greeting;
105
106 } else {
107
108 ngx_log_debug0(NGX_LOG_DEBUG_MAIL, c->log, 0, "invalid pipelining");
109
110 if (s->buffer == NULL) {
111 if (ngx_mail_smtp_create_buffer(s, c) != NGX_OK) {
112 return;
113 }
114 }
115
116 if (ngx_mail_smtp_discard_command(s, c,
117 "client was rejected before greeting: \"%V\"")
118 != NGX_OK)
119 {
120 return;
121 }
122
123 s->out.len = sizeof(smtp_invalid_pipelining) - 1;
124 s->out.data = smtp_invalid_pipelining;
125 }
126
127 ngx_mail_send(c->write);
128 }
129
130
131 void
132 ngx_mail_smtp_init_protocol(ngx_event_t *rev)
133 {
134 ngx_connection_t *c;
135 ngx_mail_session_t *s;
136
137 c = rev->data;
138
139 c->log->action = "in auth state";
140
141 if (rev->timedout) {
142 ngx_log_error(NGX_LOG_INFO, c->log, NGX_ETIMEDOUT, "client timed out");
143 c->timedout = 1;
144 ngx_mail_close_connection(c);
145 return;
146 }
147
148 s = c->data;
149
150 if (s->buffer == NULL) {
151 if (ngx_mail_smtp_create_buffer(s, c) != NGX_OK) {
152 return;
153 }
154 }
155
156 s->mail_state = ngx_smtp_start;
157 c->read->handler = ngx_mail_smtp_auth_state;
158
159 ngx_mail_smtp_auth_state(rev);
160 }
161
162
163 static ngx_int_t
164 ngx_mail_smtp_create_buffer(ngx_mail_session_t *s, ngx_connection_t *c)
165 {
166 ngx_mail_smtp_srv_conf_t *sscf;
167
168 if (ngx_array_init(&s->args, c->pool, 2, sizeof(ngx_str_t)) == NGX_ERROR) {
169 ngx_mail_session_internal_server_error(s);
170 return NGX_ERROR;
171 }
172
173 sscf = ngx_mail_get_module_srv_conf(s, ngx_mail_smtp_module);
174
175 s->buffer = ngx_create_temp_buf(c->pool, sscf->client_buffer_size);
176 if (s->buffer == NULL) {
177 ngx_mail_session_internal_server_error(s);
178 return NGX_ERROR;
179 }
180
181 return NGX_OK;
182 }
183
184
185 void
186 ngx_mail_smtp_auth_state(ngx_event_t *rev)
187 {
188 ngx_int_t rc;
189 ngx_connection_t *c;
190 ngx_mail_session_t *s;
191
192 c = rev->data;
193 s = c->data;
194
195 ngx_log_debug0(NGX_LOG_DEBUG_MAIL, c->log, 0, "smtp auth state");
196
197 if (rev->timedout) {
198 ngx_log_error(NGX_LOG_INFO, c->log, NGX_ETIMEDOUT, "client timed out");
199 c->timedout = 1;
200 ngx_mail_close_connection(c);
201 return;
202 }
203
204 if (s->out.len) {
205 ngx_log_debug0(NGX_LOG_DEBUG_MAIL, c->log, 0, "smtp send handler busy");
206 s->blocked = 1;
207 return;
208 }
209
210 s->blocked = 0;
211
212 rc = ngx_mail_read_command(s, c);
213
214 if (rc == NGX_AGAIN || rc == NGX_ERROR) {
215 return;
216 }
217
218 s->out.len = sizeof(smtp_ok) - 1;
219 s->out.data = smtp_ok;
220
221 if (rc == NGX_OK) {
222 switch (s->mail_state) {
223
224 case ngx_smtp_start:
225
226 switch (s->command) {
227
228 case NGX_SMTP_HELO:
229 case NGX_SMTP_EHLO:
230 rc = ngx_mail_smtp_helo(s, c);
231 break;
232
233 case NGX_SMTP_AUTH:
234 rc = ngx_mail_smtp_auth(s, c);
235 break;
236
237 case NGX_SMTP_QUIT:
238 s->quit = 1;
239 s->out.len = sizeof(smtp_bye) - 1;
240 s->out.data = smtp_bye;
241 break;
242
243 case NGX_SMTP_MAIL:
244 rc = ngx_mail_smtp_mail(s, c);
245 break;
246
247 case NGX_SMTP_NOOP:
248 case NGX_SMTP_RSET:
249 break;
250
251 case NGX_SMTP_STARTTLS:
252 rc = ngx_mail_smtp_starttls(s, c);
253 break;
254
255 default:
256 rc = NGX_MAIL_PARSE_INVALID_COMMAND;
257 break;
258 }
259
260 break;
261
262 case ngx_smtp_auth_login_username:
263 rc = ngx_mail_auth_login_username(s, c);
264
265 s->out.len = sizeof(smtp_password) - 1;
266 s->out.data = smtp_password;
267 s->mail_state = ngx_smtp_auth_login_password;
268 break;
269
270 case ngx_smtp_auth_login_password:
271 rc = ngx_mail_auth_login_password(s, c);
272 break;
273
274 case ngx_smtp_auth_plain:
275 rc = ngx_mail_auth_plain(s, c, 0);
276 break;
277
278 case ngx_smtp_auth_cram_md5:
279 rc = ngx_mail_auth_cram_md5(s, c);
280 break;
281 }
282 }
283
284 switch (rc) {
285
286 case NGX_DONE:
287 ngx_mail_auth(s, c);
288 return;
289
290 case NGX_ERROR:
291 ngx_mail_session_internal_server_error(s);
292 return;
293
294 case NGX_MAIL_PARSE_INVALID_COMMAND:
295 s->mail_state = ngx_smtp_start;
296 s->state = 0;
297
298 s->out.len = sizeof(smtp_invalid_command) - 1;
299 s->out.data = smtp_invalid_command;
300
301 /* fall through */
302
303 case NGX_OK:
304 s->args.nelts = 0;
305 s->buffer->pos = s->buffer->start;
306 s->buffer->last = s->buffer->start;
307
308 if (s->state) {
309 s->arg_start = s->buffer->start;
310 }
311
312 ngx_mail_send(c->write);
313 }
314 }
315
316
317 static ngx_int_t
318 ngx_mail_smtp_helo(ngx_mail_session_t *s, ngx_connection_t *c)
319 {
320 ngx_str_t *arg;
321 ngx_mail_smtp_srv_conf_t *sscf;
322 #if (NGX_MAIL_SSL)
323 ngx_mail_ssl_conf_t *sslcf;
324 #endif
325
326 if (s->args.nelts != 1) {
327 s->out.len = sizeof(smtp_invalid_argument) - 1;
328 s->out.data = smtp_invalid_argument;
329 s->state = 0;
330 return NGX_OK;
331 }
332
333 arg = s->args.elts;
334
335 s->smtp_helo.len = arg[0].len;
336
337 s->smtp_helo.data = ngx_palloc(c->pool, arg[0].len);
338 if (s->smtp_helo.data == NULL) {
339 return NGX_ERROR;
340 }
341
342 ngx_memcpy(s->smtp_helo.data, arg[0].data, arg[0].len);
343
344 sscf = ngx_mail_get_module_srv_conf(s, ngx_mail_smtp_module);
345
346 if (s->command == NGX_SMTP_HELO) {
347 s->out = sscf->server_name;
348
349 } else {
350 s->esmtp = 1;
351
352 #if (NGX_MAIL_SSL)
353
354 if (c->ssl == NULL) {
355 sslcf = ngx_mail_get_module_srv_conf(s, ngx_mail_ssl_module);
356
357 if (sslcf->starttls == NGX_MAIL_STARTTLS_ON) {
358 s->out = sscf->starttls_capability;
359 return NGX_OK;
360 }
361
362 if (sslcf->starttls == NGX_MAIL_STARTTLS_ONLY) {
363 s->out = sscf->starttls_only_capability;
364 return NGX_OK;
365 }
366 }
367 #endif
368
369 s->out = sscf->capability;
370 }
371
372 return NGX_OK;
373 }
374
375
376 static ngx_int_t
377 ngx_mail_smtp_auth(ngx_mail_session_t *s, ngx_connection_t *c)
378 {
379 ngx_int_t rc;
380 ngx_mail_core_srv_conf_t *cscf;
381 ngx_mail_smtp_srv_conf_t *sscf;
382
383 #if (NGX_MAIL_SSL)
384 if (ngx_mail_starttls_only(s, c)) {
385 return NGX_MAIL_PARSE_INVALID_COMMAND;
386 }
387 #endif
388
389 if (s->args.nelts == 0) {
390 s->out.len = sizeof(smtp_invalid_argument) - 1;
391 s->out.data = smtp_invalid_argument;
392 s->state = 0;
393 return NGX_OK;
394 }
395
396 rc = ngx_mail_auth_parse(s, c);
397
398 switch (rc) {
399
400 case NGX_MAIL_AUTH_LOGIN:
401
402 s->out.len = sizeof(smtp_username) - 1;
403 s->out.data = smtp_username;
404 s->mail_state = ngx_smtp_auth_login_username;
405
406 return NGX_OK;
407
408 case NGX_MAIL_AUTH_PLAIN:
409
410 s->out.len = sizeof(smtp_next) - 1;
411 s->out.data = smtp_next;
412 s->mail_state = ngx_smtp_auth_plain;
413
414 return NGX_OK;
415
416 case NGX_MAIL_AUTH_CRAM_MD5:
417
418 sscf = ngx_mail_get_module_srv_conf(s, ngx_mail_smtp_module);
419
420 if (!(sscf->auth_methods & NGX_MAIL_AUTH_CRAM_MD5_ENABLED)) {
421 return NGX_MAIL_PARSE_INVALID_COMMAND;
422 }
423
424 if (s->salt.data == NULL) {
425 cscf = ngx_mail_get_module_srv_conf(s, ngx_mail_core_module);
426
427 if (ngx_mail_salt(s, c, cscf) != NGX_OK) {
428 return NGX_ERROR;
429 }
430 }
431
432 if (ngx_mail_auth_cram_md5_salt(s, c, "334 ", 4) == NGX_OK) {
433 s->mail_state = ngx_smtp_auth_cram_md5;
434 return NGX_OK;
435 }
436
437 return NGX_ERROR;
438 }
439
440 return rc;
441 }
442
443
444 static ngx_int_t
445 ngx_mail_smtp_mail(ngx_mail_session_t *s, ngx_connection_t *c)
446 {
447 ngx_mail_smtp_log_rejected_command(s, c, "client was rejected: \"%V\"");
448
449 s->out.len = sizeof(smtp_auth_required) - 1;
450 s->out.data = smtp_auth_required;
451
452 return NGX_OK;
453 }
454
455
456 static ngx_int_t
457 ngx_mail_smtp_starttls(ngx_mail_session_t *s, ngx_connection_t *c)
458 {
459 #if (NGX_MAIL_SSL)
460 ngx_mail_ssl_conf_t *sslcf;
461
462 if (c->ssl == NULL) {
463 sslcf = ngx_mail_get_module_srv_conf(s, ngx_mail_ssl_module);
464 if (sslcf->starttls) {
465
466 /*
467 * RFC3207 requires us to discard any knowledge
468 * obtained from client before STARTTLS.
469 */
470
471 s->smtp_helo.len = 0;
472 s->smtp_helo.data = NULL;
473
474 c->read->handler = ngx_mail_starttls_handler;
475 return NGX_OK;
476 }
477 }
478
479 #endif
480
481 return NGX_MAIL_PARSE_INVALID_COMMAND;
482 }
483
484
485 static ngx_int_t
486 ngx_mail_smtp_discard_command(ngx_mail_session_t *s, ngx_connection_t *c,
487 char *err)
488 {
489 ssize_t n;
490
491 n = c->recv(c, s->buffer->last, s->buffer->end - s->buffer->last);
492
493 if (n == NGX_ERROR || n == 0) {
494 ngx_mail_close_connection(c);
495 return NGX_ERROR;
496 }
497
498 if (n > 0) {
499 s->buffer->last += n;
500 }
501
502 if (n == NGX_AGAIN) {
503 if (ngx_handle_read_event(c->read, 0) == NGX_ERROR) {
504 ngx_mail_session_internal_server_error(s);
505 return NGX_ERROR;
506 }
507
508 return NGX_AGAIN;
509 }
510
511 ngx_mail_smtp_log_rejected_command(s, c, err);
512
513 s->buffer->pos = s->buffer->start;
514 s->buffer->last = s->buffer->start;
515
516 return NGX_OK;
517 }
518
519
520 static void
521 ngx_mail_smtp_log_rejected_command(ngx_mail_session_t *s, ngx_connection_t *c,
522 char *err)
523 {
524 u_char ch;
525 ngx_str_t cmd;
526 ngx_uint_t i;
527
528 if (c->log->log_level < NGX_LOG_INFO) {
529 return;
530 }
531
532 cmd.len = s->buffer->last - s->buffer->start;
533 cmd.data = s->buffer->start;
534
535 for (i = 0; i < cmd.len; i++) {
536 ch = cmd.data[i];
537
538 if (ch != CR && ch != LF) {
539 continue;
540 }
541
542 cmd.data[i] = '_';
543 }
544
545 cmd.len = i;
546
547 ngx_log_error(NGX_LOG_INFO, c->log, 0, err, &cmd);
548 }