Mercurial > hg > nginx-vendor-0-7
comparison src/mail/ngx_mail_handler.c @ 290:f745bf973510 NGINX_0_5_15
nginx 0.5.15
*) Feature: the mail proxy supports authenticated SMTP proxying and the
"smtp_auth", "smtp_capablities", and "xclient" directives.
Thanks to Anton Yuzhaninov and Maxim Dounin.
*) Feature: now the keep-alive connections are closed just after
receiving the reconfiguration signal.
*) Change: the "imap" and "auth" directives were renamed to the "mail"
and "pop3_auth" directives.
*) Bugfix: a segmentation fault occurred in worker process if the
CRAM-MD5 authentication method was used and the APOP method was
disabled.
*) Bugfix: if the "starttls only" directive was used in POP3 protocol,
then nginx allowed authentication without switching to the SSL mode.
*) Bugfix: worker processes did not exit after reconfiguration and did
not rotate logs if the eventport method was used.
*) Bugfix: a worker process may got caught in an endless loop, if the
"ip_hash" directive was used.
*) Bugfix: now nginx does not log some alerts if eventport or /dev/poll
methods are used.
author | Igor Sysoev <http://sysoev.ru> |
---|---|
date | Mon, 19 Mar 2007 00:00:00 +0300 |
parents | |
children | 2ceaee987f37 |
comparison
equal
deleted
inserted
replaced
289:a9323c9433a7 | 290:f745bf973510 |
---|---|
1 | |
2 /* | |
3 * Copyright (C) Igor Sysoev | |
4 */ | |
5 | |
6 | |
7 #include <ngx_config.h> | |
8 #include <ngx_core.h> | |
9 #include <ngx_event.h> | |
10 #include <ngx_mail.h> | |
11 | |
12 | |
13 static void ngx_mail_init_session(ngx_connection_t *c); | |
14 static void ngx_mail_init_protocol(ngx_event_t *rev); | |
15 static ngx_int_t ngx_mail_decode_auth_plain(ngx_mail_session_t *s, | |
16 ngx_str_t *encoded); | |
17 static void ngx_mail_do_auth(ngx_mail_session_t *s); | |
18 static ngx_int_t ngx_mail_read_command(ngx_mail_session_t *s); | |
19 static u_char *ngx_mail_log_error(ngx_log_t *log, u_char *buf, size_t len); | |
20 | |
21 #if (NGX_MAIL_SSL) | |
22 static void ngx_mail_ssl_init_connection(ngx_ssl_t *ssl, ngx_connection_t *c); | |
23 static void ngx_mail_ssl_handshake_handler(ngx_connection_t *c); | |
24 #endif | |
25 | |
26 | |
27 static ngx_str_t greetings[] = { | |
28 ngx_string("+OK POP3 ready" CRLF), | |
29 ngx_string("* OK IMAP4 ready" CRLF) | |
30 /* SMTP greeting */ | |
31 }; | |
32 | |
33 static ngx_str_t internal_server_errors[] = { | |
34 ngx_string("-ERR internal server error" CRLF), | |
35 ngx_string("* BAD internal server error" CRLF), | |
36 ngx_string("451 4.3.2 Internal server error" CRLF), | |
37 }; | |
38 | |
39 static u_char pop3_ok[] = "+OK" CRLF; | |
40 static u_char pop3_next[] = "+ " CRLF; | |
41 static u_char pop3_username[] = "+ VXNlcm5hbWU6" CRLF; | |
42 static u_char pop3_password[] = "+ UGFzc3dvcmQ6" CRLF; | |
43 static u_char pop3_invalid_command[] = "-ERR invalid command" CRLF; | |
44 | |
45 static u_char imap_star[] = "* "; | |
46 static u_char imap_ok[] = "OK completed" CRLF; | |
47 static u_char imap_next[] = "+ OK" CRLF; | |
48 static u_char imap_bye[] = "* BYE" CRLF; | |
49 static u_char imap_invalid_command[] = "BAD invalid command" CRLF; | |
50 | |
51 static u_char smtp_ok[] = "250 2.0.0 OK" CRLF; | |
52 static u_char smtp_bye[] = "221 2.0.0 Bye" CRLF; | |
53 static u_char smtp_next[] = "334 " CRLF; | |
54 static u_char smtp_username[] = "334 VXNlcm5hbWU6" CRLF; | |
55 static u_char smtp_password[] = "334 UGFzc3dvcmQ6" CRLF; | |
56 static u_char smtp_invalid_command[] = "500 5.5.1 Invalid command" CRLF; | |
57 static u_char smtp_invalid_argument[] = "501 5.5.4 Invalid argument" CRLF; | |
58 static u_char smtp_auth_required[] = "530 5.7.1 Authentication required" CRLF; | |
59 | |
60 | |
61 void | |
62 ngx_mail_init_connection(ngx_connection_t *c) | |
63 { | |
64 in_addr_t in_addr; | |
65 socklen_t len; | |
66 ngx_uint_t i; | |
67 struct sockaddr_in sin; | |
68 ngx_mail_log_ctx_t *ctx; | |
69 ngx_mail_in_port_t *imip; | |
70 ngx_mail_in_addr_t *imia; | |
71 ngx_mail_session_t *s; | |
72 #if (NGX_MAIL_SSL) | |
73 ngx_mail_ssl_conf_t *sslcf; | |
74 #endif | |
75 | |
76 | |
77 /* find the server configuration for the address:port */ | |
78 | |
79 /* AF_INET only */ | |
80 | |
81 imip = c->listening->servers; | |
82 imia = imip->addrs; | |
83 | |
84 i = 0; | |
85 | |
86 if (imip->naddrs > 1) { | |
87 | |
88 /* | |
89 * There are several addresses on this port and one of them | |
90 * is the "*:port" wildcard so getsockname() is needed to determine | |
91 * the server address. | |
92 * | |
93 * AcceptEx() already gave this address. | |
94 */ | |
95 | |
96 #if (NGX_WIN32) | |
97 if (c->local_sockaddr) { | |
98 in_addr = | |
99 ((struct sockaddr_in *) c->local_sockaddr)->sin_addr.s_addr; | |
100 | |
101 } else | |
102 #endif | |
103 { | |
104 len = sizeof(struct sockaddr_in); | |
105 if (getsockname(c->fd, (struct sockaddr *) &sin, &len) == -1) { | |
106 ngx_connection_error(c, ngx_socket_errno, | |
107 "getsockname() failed"); | |
108 ngx_mail_close_connection(c); | |
109 return; | |
110 } | |
111 | |
112 in_addr = sin.sin_addr.s_addr; | |
113 } | |
114 | |
115 /* the last address is "*" */ | |
116 | |
117 for ( /* void */ ; i < imip->naddrs - 1; i++) { | |
118 if (in_addr == imia[i].addr) { | |
119 break; | |
120 } | |
121 } | |
122 } | |
123 | |
124 | |
125 s = ngx_pcalloc(c->pool, sizeof(ngx_mail_session_t)); | |
126 if (s == NULL) { | |
127 ngx_mail_close_connection(c); | |
128 return; | |
129 } | |
130 | |
131 s->main_conf = imia[i].ctx->main_conf; | |
132 s->srv_conf = imia[i].ctx->srv_conf; | |
133 | |
134 s->addr_text = &imia[i].addr_text; | |
135 | |
136 c->data = s; | |
137 s->connection = c; | |
138 | |
139 ngx_log_error(NGX_LOG_INFO, c->log, 0, "*%ui client %V connected to %V", | |
140 c->number, &c->addr_text, s->addr_text); | |
141 | |
142 ctx = ngx_palloc(c->pool, sizeof(ngx_mail_log_ctx_t)); | |
143 if (ctx == NULL) { | |
144 ngx_mail_close_connection(c); | |
145 return; | |
146 } | |
147 | |
148 ctx->client = &c->addr_text; | |
149 ctx->session = s; | |
150 | |
151 c->log->connection = c->number; | |
152 c->log->handler = ngx_mail_log_error; | |
153 c->log->data = ctx; | |
154 c->log->action = "sending client greeting line"; | |
155 | |
156 c->log_error = NGX_ERROR_INFO; | |
157 | |
158 #if (NGX_MAIL_SSL) | |
159 | |
160 sslcf = ngx_mail_get_module_srv_conf(s, ngx_mail_ssl_module); | |
161 | |
162 if (sslcf->enable) { | |
163 ngx_mail_ssl_init_connection(&sslcf->ssl, c); | |
164 return; | |
165 } | |
166 | |
167 #endif | |
168 | |
169 ngx_mail_init_session(c); | |
170 } | |
171 | |
172 | |
173 #if (NGX_MAIL_SSL) | |
174 | |
175 static void | |
176 ngx_mail_starttls_handler(ngx_event_t *rev) | |
177 { | |
178 ngx_connection_t *c; | |
179 ngx_mail_session_t *s; | |
180 ngx_mail_ssl_conf_t *sslcf; | |
181 | |
182 c = rev->data; | |
183 s = c->data; | |
184 s->starttls = 1; | |
185 | |
186 c->log->action = "in starttls state"; | |
187 | |
188 sslcf = ngx_mail_get_module_srv_conf(s, ngx_mail_ssl_module); | |
189 | |
190 ngx_mail_ssl_init_connection(&sslcf->ssl, c); | |
191 } | |
192 | |
193 | |
194 static void | |
195 ngx_mail_ssl_init_connection(ngx_ssl_t *ssl, ngx_connection_t *c) | |
196 { | |
197 ngx_mail_session_t *s; | |
198 ngx_mail_core_srv_conf_t *cscf; | |
199 | |
200 if (ngx_ssl_create_connection(ssl, c, 0) == NGX_ERROR) { | |
201 ngx_mail_close_connection(c); | |
202 return; | |
203 } | |
204 | |
205 if (ngx_ssl_handshake(c) == NGX_AGAIN) { | |
206 | |
207 s = c->data; | |
208 | |
209 cscf = ngx_mail_get_module_srv_conf(s, ngx_mail_core_module); | |
210 | |
211 ngx_add_timer(c->read, cscf->timeout); | |
212 | |
213 c->ssl->handler = ngx_mail_ssl_handshake_handler; | |
214 | |
215 return; | |
216 } | |
217 | |
218 ngx_mail_ssl_handshake_handler(c); | |
219 } | |
220 | |
221 | |
222 static void | |
223 ngx_mail_ssl_handshake_handler(ngx_connection_t *c) | |
224 { | |
225 ngx_mail_session_t *s; | |
226 | |
227 if (c->ssl->handshaked) { | |
228 | |
229 s = c->data; | |
230 | |
231 if (s->starttls) { | |
232 c->read->handler = ngx_mail_init_protocol; | |
233 c->write->handler = ngx_mail_send; | |
234 | |
235 ngx_mail_init_protocol(c->read); | |
236 | |
237 return; | |
238 } | |
239 | |
240 ngx_mail_init_session(c); | |
241 return; | |
242 } | |
243 | |
244 ngx_mail_close_connection(c); | |
245 } | |
246 | |
247 #endif | |
248 | |
249 | |
250 static void | |
251 ngx_mail_init_session(ngx_connection_t *c) | |
252 { | |
253 u_char *p; | |
254 ngx_mail_session_t *s; | |
255 ngx_mail_core_srv_conf_t *cscf; | |
256 | |
257 c->read->handler = ngx_mail_init_protocol; | |
258 c->write->handler = ngx_mail_send; | |
259 | |
260 s = c->data; | |
261 | |
262 cscf = ngx_mail_get_module_srv_conf(s, ngx_mail_core_module); | |
263 | |
264 s->protocol = cscf->protocol; | |
265 | |
266 s->ctx = ngx_pcalloc(c->pool, sizeof(void *) * ngx_mail_max_module); | |
267 if (s->ctx == NULL) { | |
268 ngx_mail_session_internal_server_error(s); | |
269 return; | |
270 } | |
271 | |
272 if (s->protocol == NGX_MAIL_SMTP_PROTOCOL) { | |
273 s->out = cscf->smtp_greeting; | |
274 | |
275 } else { | |
276 s->out = greetings[s->protocol]; | |
277 } | |
278 | |
279 if ((s->protocol == NGX_MAIL_POP3_PROTOCOL | |
280 && (cscf->pop3_auth_methods | |
281 & (NGX_MAIL_AUTH_APOP_ENABLED|NGX_MAIL_AUTH_CRAM_MD5_ENABLED))) | |
282 | |
283 || (s->protocol == NGX_MAIL_SMTP_PROTOCOL | |
284 && (cscf->smtp_auth_methods & NGX_MAIL_AUTH_CRAM_MD5_ENABLED))) | |
285 { | |
286 s->salt.data = ngx_palloc(c->pool, | |
287 sizeof(" <18446744073709551616.@>" CRLF) - 1 | |
288 + NGX_TIME_T_LEN | |
289 + cscf->server_name.len); | |
290 if (s->salt.data == NULL) { | |
291 ngx_mail_session_internal_server_error(s); | |
292 return; | |
293 } | |
294 | |
295 s->salt.len = ngx_sprintf(s->salt.data, "<%ul.%T@%V>" CRLF, | |
296 ngx_random(), ngx_time(), &cscf->server_name) | |
297 - s->salt.data; | |
298 | |
299 if (s->protocol == NGX_MAIL_POP3_PROTOCOL) { | |
300 s->out.data = ngx_palloc(c->pool, | |
301 greetings[0].len + 1 + s->salt.len); | |
302 if (s->out.data == NULL) { | |
303 ngx_mail_session_internal_server_error(s); | |
304 return; | |
305 } | |
306 | |
307 p = ngx_cpymem(s->out.data, | |
308 greetings[0].data, greetings[0].len - 2); | |
309 *p++ = ' '; | |
310 p = ngx_cpymem(p, s->salt.data, s->salt.len); | |
311 | |
312 s->out.len = p - s->out.data; | |
313 } | |
314 } | |
315 | |
316 ngx_add_timer(c->read, cscf->timeout); | |
317 | |
318 if (ngx_handle_read_event(c->read, 0) == NGX_ERROR) { | |
319 ngx_mail_close_connection(c); | |
320 } | |
321 | |
322 ngx_mail_send(c->write); | |
323 } | |
324 | |
325 | |
326 void | |
327 ngx_mail_send(ngx_event_t *wev) | |
328 { | |
329 ngx_int_t n; | |
330 ngx_connection_t *c; | |
331 ngx_mail_session_t *s; | |
332 ngx_mail_core_srv_conf_t *cscf; | |
333 | |
334 c = wev->data; | |
335 s = c->data; | |
336 | |
337 if (wev->timedout) { | |
338 ngx_log_error(NGX_LOG_INFO, c->log, NGX_ETIMEDOUT, "client timed out"); | |
339 c->timedout = 1; | |
340 ngx_mail_close_connection(c); | |
341 return; | |
342 } | |
343 | |
344 if (s->out.len == 0) { | |
345 if (ngx_handle_write_event(c->write, 0) == NGX_ERROR) { | |
346 ngx_mail_close_connection(c); | |
347 } | |
348 | |
349 return; | |
350 } | |
351 | |
352 n = c->send(c, s->out.data, s->out.len); | |
353 | |
354 if (n > 0) { | |
355 s->out.len -= n; | |
356 | |
357 if (wev->timer_set) { | |
358 ngx_del_timer(wev); | |
359 } | |
360 | |
361 if (s->quit) { | |
362 ngx_mail_close_connection(c); | |
363 return; | |
364 } | |
365 | |
366 if (s->blocked) { | |
367 c->read->handler(c->read); | |
368 } | |
369 | |
370 return; | |
371 } | |
372 | |
373 if (n == NGX_ERROR) { | |
374 ngx_mail_close_connection(c); | |
375 return; | |
376 } | |
377 | |
378 /* n == NGX_AGAIN */ | |
379 | |
380 cscf = ngx_mail_get_module_srv_conf(s, ngx_mail_core_module); | |
381 | |
382 ngx_add_timer(c->write, cscf->timeout); | |
383 | |
384 if (ngx_handle_write_event(c->write, 0) == NGX_ERROR) { | |
385 ngx_mail_close_connection(c); | |
386 return; | |
387 } | |
388 } | |
389 | |
390 | |
391 static void | |
392 ngx_mail_init_protocol(ngx_event_t *rev) | |
393 { | |
394 size_t size; | |
395 ngx_connection_t *c; | |
396 ngx_mail_session_t *s; | |
397 ngx_mail_core_srv_conf_t *cscf; | |
398 | |
399 c = rev->data; | |
400 | |
401 c->log->action = "in auth state"; | |
402 | |
403 if (rev->timedout) { | |
404 ngx_log_error(NGX_LOG_INFO, c->log, NGX_ETIMEDOUT, "client timed out"); | |
405 c->timedout = 1; | |
406 ngx_mail_close_connection(c); | |
407 return; | |
408 } | |
409 | |
410 s = c->data; | |
411 | |
412 switch (s->protocol) { | |
413 | |
414 case NGX_MAIL_POP3_PROTOCOL: | |
415 size = 128; | |
416 s->mail_state = ngx_pop3_start; | |
417 c->read->handler = ngx_pop3_auth_state; | |
418 break; | |
419 | |
420 case NGX_MAIL_IMAP_PROTOCOL: | |
421 cscf = ngx_mail_get_module_srv_conf(s, ngx_mail_core_module); | |
422 size = cscf->imap_client_buffer_size; | |
423 s->mail_state = ngx_imap_start; | |
424 c->read->handler = ngx_imap_auth_state; | |
425 break; | |
426 | |
427 default: /* NGX_MAIL_SMTP_PROTOCOL */ | |
428 size = 512; | |
429 s->mail_state = ngx_smtp_start; | |
430 c->read->handler = ngx_smtp_auth_state; | |
431 break; | |
432 } | |
433 | |
434 if (s->buffer == NULL) { | |
435 if (ngx_array_init(&s->args, c->pool, 2, sizeof(ngx_str_t)) | |
436 == NGX_ERROR) | |
437 { | |
438 ngx_mail_session_internal_server_error(s); | |
439 return; | |
440 } | |
441 | |
442 s->buffer = ngx_create_temp_buf(c->pool, size); | |
443 if (s->buffer == NULL) { | |
444 ngx_mail_session_internal_server_error(s); | |
445 return; | |
446 } | |
447 } | |
448 | |
449 c->read->handler(rev); | |
450 } | |
451 | |
452 | |
453 void | |
454 ngx_pop3_auth_state(ngx_event_t *rev) | |
455 { | |
456 u_char *p, *last, *text; | |
457 ssize_t size; | |
458 ngx_int_t rc; | |
459 ngx_str_t *arg, salt; | |
460 ngx_connection_t *c; | |
461 ngx_mail_session_t *s; | |
462 ngx_mail_core_srv_conf_t *cscf; | |
463 #if (NGX_MAIL_SSL) | |
464 ngx_mail_ssl_conf_t *sslcf; | |
465 #endif | |
466 | |
467 c = rev->data; | |
468 s = c->data; | |
469 | |
470 ngx_log_debug0(NGX_LOG_DEBUG_MAIL, c->log, 0, "pop3 auth state"); | |
471 | |
472 if (rev->timedout) { | |
473 ngx_log_error(NGX_LOG_INFO, c->log, NGX_ETIMEDOUT, "client timed out"); | |
474 c->timedout = 1; | |
475 ngx_mail_close_connection(c); | |
476 return; | |
477 } | |
478 | |
479 if (s->out.len) { | |
480 ngx_log_debug0(NGX_LOG_DEBUG_MAIL, c->log, 0, "pop3 send handler busy"); | |
481 s->blocked = 1; | |
482 return; | |
483 } | |
484 | |
485 s->blocked = 0; | |
486 | |
487 rc = ngx_mail_read_command(s); | |
488 | |
489 if (rc == NGX_AGAIN || rc == NGX_ERROR) { | |
490 return; | |
491 } | |
492 | |
493 text = pop3_ok; | |
494 size = sizeof(pop3_ok) - 1; | |
495 | |
496 if (rc == NGX_OK) { | |
497 switch (s->mail_state) { | |
498 | |
499 case ngx_pop3_start: | |
500 | |
501 switch (s->command) { | |
502 | |
503 case NGX_POP3_USER: | |
504 | |
505 #if (NGX_MAIL_SSL) | |
506 | |
507 if (c->ssl == NULL) { | |
508 sslcf = ngx_mail_get_module_srv_conf(s, | |
509 ngx_mail_ssl_module); | |
510 | |
511 if (sslcf->starttls == NGX_MAIL_STARTTLS_ONLY) { | |
512 rc = NGX_MAIL_PARSE_INVALID_COMMAND; | |
513 break; | |
514 } | |
515 } | |
516 #endif | |
517 | |
518 if (s->args.nelts == 1) { | |
519 s->mail_state = ngx_pop3_user; | |
520 | |
521 arg = s->args.elts; | |
522 s->login.len = arg[0].len; | |
523 s->login.data = ngx_palloc(c->pool, s->login.len); | |
524 if (s->login.data == NULL) { | |
525 ngx_mail_session_internal_server_error(s); | |
526 return; | |
527 } | |
528 | |
529 ngx_memcpy(s->login.data, arg[0].data, s->login.len); | |
530 | |
531 ngx_log_debug1(NGX_LOG_DEBUG_MAIL, c->log, 0, | |
532 "pop3 login: \"%V\"", &s->login); | |
533 | |
534 break; | |
535 } | |
536 | |
537 rc = NGX_MAIL_PARSE_INVALID_COMMAND; | |
538 break; | |
539 | |
540 case NGX_POP3_CAPA: | |
541 cscf = ngx_mail_get_module_srv_conf(s, ngx_mail_core_module); | |
542 | |
543 #if (NGX_MAIL_SSL) | |
544 | |
545 if (c->ssl == NULL) { | |
546 sslcf = ngx_mail_get_module_srv_conf(s, | |
547 ngx_mail_ssl_module); | |
548 | |
549 if (sslcf->starttls == NGX_MAIL_STARTTLS_ON) { | |
550 size = cscf->pop3_starttls_capability.len; | |
551 text = cscf->pop3_starttls_capability.data; | |
552 break; | |
553 } | |
554 | |
555 if (sslcf->starttls == NGX_MAIL_STARTTLS_ONLY) { | |
556 size = cscf->pop3_starttls_only_capability.len; | |
557 text = cscf->pop3_starttls_only_capability.data; | |
558 break; | |
559 } | |
560 } | |
561 #endif | |
562 | |
563 size = cscf->pop3_capability.len; | |
564 text = cscf->pop3_capability.data; | |
565 break; | |
566 | |
567 case NGX_POP3_APOP: | |
568 | |
569 #if (NGX_MAIL_SSL) | |
570 | |
571 if (c->ssl == NULL) { | |
572 sslcf = ngx_mail_get_module_srv_conf(s, | |
573 ngx_mail_ssl_module); | |
574 | |
575 if (sslcf->starttls == NGX_MAIL_STARTTLS_ONLY) { | |
576 rc = NGX_MAIL_PARSE_INVALID_COMMAND; | |
577 break; | |
578 } | |
579 } | |
580 #endif | |
581 | |
582 cscf = ngx_mail_get_module_srv_conf(s, ngx_mail_core_module); | |
583 | |
584 if ((cscf->pop3_auth_methods & NGX_MAIL_AUTH_APOP_ENABLED) | |
585 && s->args.nelts == 2) | |
586 { | |
587 arg = s->args.elts; | |
588 | |
589 s->login.len = arg[0].len; | |
590 s->login.data = ngx_palloc(c->pool, s->login.len); | |
591 if (s->login.data == NULL) { | |
592 ngx_mail_session_internal_server_error(s); | |
593 return; | |
594 } | |
595 | |
596 ngx_memcpy(s->login.data, arg[0].data, s->login.len); | |
597 | |
598 s->passwd.len = arg[1].len; | |
599 s->passwd.data = ngx_palloc(c->pool, s->passwd.len); | |
600 if (s->passwd.data == NULL) { | |
601 ngx_mail_session_internal_server_error(s); | |
602 return; | |
603 } | |
604 | |
605 ngx_memcpy(s->passwd.data, arg[1].data, s->passwd.len); | |
606 | |
607 ngx_log_debug2(NGX_LOG_DEBUG_MAIL, c->log, 0, | |
608 "pop3 apop: \"%V\" \"%V\"", | |
609 &s->login, &s->passwd); | |
610 | |
611 s->auth_method = NGX_MAIL_AUTH_APOP; | |
612 | |
613 ngx_mail_do_auth(s); | |
614 return; | |
615 } | |
616 | |
617 rc = NGX_MAIL_PARSE_INVALID_COMMAND; | |
618 break; | |
619 | |
620 case NGX_POP3_AUTH: | |
621 | |
622 #if (NGX_MAIL_SSL) | |
623 | |
624 if (c->ssl == NULL) { | |
625 sslcf = ngx_mail_get_module_srv_conf(s, | |
626 ngx_mail_ssl_module); | |
627 | |
628 if (sslcf->starttls == NGX_MAIL_STARTTLS_ONLY) { | |
629 rc = NGX_MAIL_PARSE_INVALID_COMMAND; | |
630 break; | |
631 } | |
632 } | |
633 #endif | |
634 | |
635 cscf = ngx_mail_get_module_srv_conf(s, ngx_mail_core_module); | |
636 | |
637 if (s->args.nelts == 0) { | |
638 size = cscf->pop3_auth_capability.len; | |
639 text = cscf->pop3_auth_capability.data; | |
640 s->state = 0; | |
641 break; | |
642 } | |
643 | |
644 arg = s->args.elts; | |
645 | |
646 if (arg[0].len == 5) { | |
647 | |
648 if (ngx_strncasecmp(arg[0].data, (u_char *) "LOGIN", 5) | |
649 == 0) | |
650 { | |
651 | |
652 if (s->args.nelts != 1) { | |
653 rc = NGX_MAIL_PARSE_INVALID_COMMAND; | |
654 break; | |
655 } | |
656 | |
657 s->mail_state = ngx_pop3_auth_login_username; | |
658 | |
659 size = sizeof(pop3_username) - 1; | |
660 text = pop3_username; | |
661 | |
662 break; | |
663 | |
664 } else if (ngx_strncasecmp(arg[0].data, (u_char *) "PLAIN", | |
665 5) | |
666 == 0) | |
667 { | |
668 | |
669 if (s->args.nelts == 1) { | |
670 s->mail_state = ngx_pop3_auth_plain; | |
671 | |
672 size = sizeof(pop3_next) - 1; | |
673 text = pop3_next; | |
674 | |
675 break; | |
676 } | |
677 | |
678 if (s->args.nelts == 2) { | |
679 | |
680 /* | |
681 * workaround for Eudora for Mac: it sends | |
682 * AUTH PLAIN [base64 encoded] | |
683 */ | |
684 | |
685 rc = ngx_mail_decode_auth_plain(s, &arg[1]); | |
686 | |
687 if (rc == NGX_OK) { | |
688 ngx_mail_do_auth(s); | |
689 return; | |
690 } | |
691 | |
692 if (rc == NGX_ERROR) { | |
693 ngx_mail_session_internal_server_error(s); | |
694 return; | |
695 } | |
696 | |
697 /* rc == NGX_MAIL_PARSE_INVALID_COMMAND */ | |
698 | |
699 break; | |
700 } | |
701 | |
702 rc = NGX_MAIL_PARSE_INVALID_COMMAND; | |
703 break; | |
704 } | |
705 | |
706 } else if (arg[0].len == 8 | |
707 && ngx_strncasecmp(arg[0].data, | |
708 (u_char *) "CRAM-MD5", 8) | |
709 == 0) | |
710 { | |
711 if (s->args.nelts != 1) { | |
712 rc = NGX_MAIL_PARSE_INVALID_COMMAND; | |
713 break; | |
714 } | |
715 | |
716 s->mail_state = ngx_pop3_auth_cram_md5; | |
717 | |
718 text = ngx_palloc(c->pool, | |
719 sizeof("+ " CRLF) - 1 | |
720 + ngx_base64_encoded_length(s->salt.len)); | |
721 if (text == NULL) { | |
722 ngx_mail_session_internal_server_error(s); | |
723 return; | |
724 } | |
725 | |
726 text[0] = '+'; text[1]= ' '; | |
727 salt.data = &text[2]; | |
728 s->salt.len -= 2; | |
729 | |
730 ngx_encode_base64(&salt, &s->salt); | |
731 | |
732 s->salt.len += 2; | |
733 size = 2 + salt.len; | |
734 text[size++] = CR; text[size++] = LF; | |
735 | |
736 break; | |
737 } | |
738 | |
739 rc = NGX_MAIL_PARSE_INVALID_COMMAND; | |
740 break; | |
741 | |
742 case NGX_POP3_QUIT: | |
743 s->quit = 1; | |
744 break; | |
745 | |
746 case NGX_POP3_NOOP: | |
747 break; | |
748 | |
749 #if (NGX_MAIL_SSL) | |
750 | |
751 case NGX_POP3_STLS: | |
752 if (c->ssl == NULL) { | |
753 sslcf = ngx_mail_get_module_srv_conf(s, | |
754 ngx_mail_ssl_module); | |
755 if (sslcf->starttls) { | |
756 c->read->handler = ngx_mail_starttls_handler; | |
757 break; | |
758 } | |
759 } | |
760 | |
761 rc = NGX_MAIL_PARSE_INVALID_COMMAND; | |
762 break; | |
763 #endif | |
764 | |
765 default: | |
766 s->mail_state = ngx_pop3_start; | |
767 rc = NGX_MAIL_PARSE_INVALID_COMMAND; | |
768 break; | |
769 } | |
770 | |
771 break; | |
772 | |
773 case ngx_pop3_user: | |
774 | |
775 switch (s->command) { | |
776 | |
777 case NGX_POP3_PASS: | |
778 if (s->args.nelts == 1) { | |
779 arg = s->args.elts; | |
780 s->passwd.len = arg[0].len; | |
781 s->passwd.data = ngx_palloc(c->pool, s->passwd.len); | |
782 if (s->passwd.data == NULL) { | |
783 ngx_mail_session_internal_server_error(s); | |
784 return; | |
785 } | |
786 | |
787 ngx_memcpy(s->passwd.data, arg[0].data, s->passwd.len); | |
788 | |
789 #if (NGX_DEBUG_MAIL_PASSWD) | |
790 ngx_log_debug1(NGX_LOG_DEBUG_MAIL, c->log, 0, | |
791 "pop3 passwd: \"%V\"", &s->passwd); | |
792 #endif | |
793 | |
794 ngx_mail_do_auth(s); | |
795 return; | |
796 } | |
797 | |
798 rc = NGX_MAIL_PARSE_INVALID_COMMAND; | |
799 break; | |
800 | |
801 case NGX_POP3_CAPA: | |
802 cscf = ngx_mail_get_module_srv_conf(s, ngx_mail_core_module); | |
803 size = cscf->pop3_capability.len; | |
804 text = cscf->pop3_capability.data; | |
805 break; | |
806 | |
807 case NGX_POP3_QUIT: | |
808 s->quit = 1; | |
809 break; | |
810 | |
811 case NGX_POP3_NOOP: | |
812 break; | |
813 | |
814 default: | |
815 s->mail_state = ngx_pop3_start; | |
816 rc = NGX_MAIL_PARSE_INVALID_COMMAND; | |
817 break; | |
818 } | |
819 | |
820 break; | |
821 | |
822 /* suppress warinings */ | |
823 case ngx_pop3_passwd: | |
824 break; | |
825 | |
826 case ngx_pop3_auth_login_username: | |
827 arg = s->args.elts; | |
828 s->mail_state = ngx_pop3_auth_login_password; | |
829 | |
830 ngx_log_debug1(NGX_LOG_DEBUG_MAIL, c->log, 0, | |
831 "pop3 auth login username: \"%V\"", &arg[0]); | |
832 | |
833 s->login.data = ngx_palloc(c->pool, | |
834 ngx_base64_decoded_length(arg[0].len)); | |
835 if (s->login.data == NULL){ | |
836 ngx_mail_session_internal_server_error(s); | |
837 return; | |
838 } | |
839 | |
840 if (ngx_decode_base64(&s->login, &arg[0]) != NGX_OK) { | |
841 ngx_log_error(NGX_LOG_INFO, c->log, 0, | |
842 "client sent invalid base64 encoding " | |
843 "in AUTH LOGIN command"); | |
844 rc = NGX_MAIL_PARSE_INVALID_COMMAND; | |
845 break; | |
846 } | |
847 | |
848 ngx_log_debug1(NGX_LOG_DEBUG_MAIL, c->log, 0, | |
849 "pop3 auth login username: \"%V\"", &s->login); | |
850 | |
851 size = sizeof(pop3_password) - 1; | |
852 text = pop3_password; | |
853 | |
854 break; | |
855 | |
856 case ngx_pop3_auth_login_password: | |
857 arg = s->args.elts; | |
858 | |
859 #if (NGX_DEBUG_MAIL_PASSWD) | |
860 ngx_log_debug1(NGX_LOG_DEBUG_MAIL, c->log, 0, | |
861 "pop3 auth login password: \"%V\"", &arg[0]); | |
862 #endif | |
863 | |
864 s->passwd.data = ngx_palloc(c->pool, | |
865 ngx_base64_decoded_length(arg[0].len)); | |
866 if (s->passwd.data == NULL){ | |
867 ngx_mail_session_internal_server_error(s); | |
868 return; | |
869 } | |
870 | |
871 if (ngx_decode_base64(&s->passwd, &arg[0]) != NGX_OK) { | |
872 ngx_log_error(NGX_LOG_INFO, c->log, 0, | |
873 "client sent invalid base64 encoding " | |
874 "in AUTH LOGIN command"); | |
875 rc = NGX_MAIL_PARSE_INVALID_COMMAND; | |
876 break; | |
877 } | |
878 | |
879 #if (NGX_DEBUG_MAIL_PASSWD) | |
880 ngx_log_debug1(NGX_LOG_DEBUG_MAIL, c->log, 0, | |
881 "pop3 auth login password: \"%V\"", &s->passwd); | |
882 #endif | |
883 | |
884 ngx_mail_do_auth(s); | |
885 return; | |
886 | |
887 case ngx_pop3_auth_plain: | |
888 arg = s->args.elts; | |
889 | |
890 rc = ngx_mail_decode_auth_plain(s, &arg[0]); | |
891 | |
892 if (rc == NGX_OK) { | |
893 ngx_mail_do_auth(s); | |
894 return; | |
895 } | |
896 | |
897 if (rc == NGX_ERROR) { | |
898 ngx_mail_session_internal_server_error(s); | |
899 return; | |
900 } | |
901 | |
902 /* rc == NGX_MAIL_PARSE_INVALID_COMMAND */ | |
903 | |
904 break; | |
905 | |
906 case ngx_pop3_auth_cram_md5: | |
907 arg = s->args.elts; | |
908 | |
909 ngx_log_debug1(NGX_LOG_DEBUG_MAIL, c->log, 0, | |
910 "pop3 auth cram-md5: \"%V\"", &arg[0]); | |
911 | |
912 s->login.data = ngx_palloc(c->pool, | |
913 ngx_base64_decoded_length(arg[0].len)); | |
914 if (s->login.data == NULL){ | |
915 ngx_mail_session_internal_server_error(s); | |
916 return; | |
917 } | |
918 | |
919 if (ngx_decode_base64(&s->login, &arg[0]) != NGX_OK) { | |
920 ngx_log_error(NGX_LOG_INFO, c->log, 0, | |
921 "client sent invalid base64 encoding " | |
922 "in AUTH CRAM-MD5 command"); | |
923 rc = NGX_MAIL_PARSE_INVALID_COMMAND; | |
924 break; | |
925 } | |
926 | |
927 p = s->login.data; | |
928 last = p + s->login.len; | |
929 | |
930 while (p < last) { | |
931 if (*p++ == ' ') { | |
932 s->login.len = p - s->login.data - 1; | |
933 s->passwd.len = last - p; | |
934 s->passwd.data = p; | |
935 break; | |
936 } | |
937 } | |
938 | |
939 if (s->passwd.len != 32) { | |
940 ngx_log_error(NGX_LOG_INFO, c->log, 0, | |
941 "client sent invalid CRAM-MD5 hash " | |
942 "in AUTH CRAM-MD5 command"); | |
943 rc = NGX_MAIL_PARSE_INVALID_COMMAND; | |
944 break; | |
945 } | |
946 | |
947 ngx_log_debug2(NGX_LOG_DEBUG_MAIL, c->log, 0, | |
948 "pop3 auth cram-md5: \"%V\" \"%V\"", | |
949 &s->login, &s->passwd); | |
950 | |
951 s->auth_method = NGX_MAIL_AUTH_CRAM_MD5; | |
952 | |
953 ngx_mail_do_auth(s); | |
954 return; | |
955 } | |
956 } | |
957 | |
958 if (rc == NGX_MAIL_PARSE_INVALID_COMMAND) { | |
959 s->mail_state = ngx_pop3_start; | |
960 s->state = 0; | |
961 text = pop3_invalid_command; | |
962 size = sizeof(pop3_invalid_command) - 1; | |
963 } | |
964 | |
965 s->args.nelts = 0; | |
966 s->buffer->pos = s->buffer->start; | |
967 s->buffer->last = s->buffer->start; | |
968 | |
969 if (s->state) { | |
970 s->arg_start = s->buffer->start; | |
971 } | |
972 | |
973 s->out.data = text; | |
974 s->out.len = size; | |
975 | |
976 ngx_mail_send(c->write); | |
977 } | |
978 | |
979 | |
980 void | |
981 ngx_imap_auth_state(ngx_event_t *rev) | |
982 { | |
983 u_char *p, *last, *text, *dst, *src, *end; | |
984 ssize_t text_len, last_len; | |
985 ngx_str_t *arg; | |
986 ngx_int_t rc; | |
987 ngx_uint_t tag, i; | |
988 ngx_connection_t *c; | |
989 ngx_mail_session_t *s; | |
990 ngx_mail_core_srv_conf_t *cscf; | |
991 #if (NGX_MAIL_SSL) | |
992 ngx_mail_ssl_conf_t *sslcf; | |
993 #endif | |
994 | |
995 c = rev->data; | |
996 s = c->data; | |
997 | |
998 ngx_log_debug0(NGX_LOG_DEBUG_MAIL, c->log, 0, "imap auth state"); | |
999 | |
1000 if (rev->timedout) { | |
1001 ngx_log_error(NGX_LOG_INFO, c->log, NGX_ETIMEDOUT, "client timed out"); | |
1002 c->timedout = 1; | |
1003 ngx_mail_close_connection(c); | |
1004 return; | |
1005 } | |
1006 | |
1007 if (s->out.len) { | |
1008 ngx_log_debug0(NGX_LOG_DEBUG_MAIL, c->log, 0, "imap send handler busy"); | |
1009 s->blocked = 1; | |
1010 return; | |
1011 } | |
1012 | |
1013 s->blocked = 0; | |
1014 | |
1015 rc = ngx_mail_read_command(s); | |
1016 | |
1017 if (rc == NGX_AGAIN || rc == NGX_ERROR) { | |
1018 return; | |
1019 } | |
1020 | |
1021 tag = 1; | |
1022 | |
1023 text = NULL; | |
1024 text_len = 0; | |
1025 | |
1026 last = imap_ok; | |
1027 last_len = sizeof(imap_ok) - 1; | |
1028 | |
1029 if (rc == NGX_OK) { | |
1030 | |
1031 ngx_log_debug1(NGX_LOG_DEBUG_MAIL, c->log, 0, "imap auth command: %i", | |
1032 s->command); | |
1033 | |
1034 if (s->backslash) { | |
1035 | |
1036 arg = s->args.elts; | |
1037 | |
1038 for (i = 0; i < s->args.nelts; i++) { | |
1039 dst = arg[i].data; | |
1040 end = dst + arg[i].len; | |
1041 | |
1042 for (src = dst; src < end; dst++) { | |
1043 *dst = *src; | |
1044 if (*src++ == '\\') { | |
1045 *dst = *src++; | |
1046 } | |
1047 } | |
1048 | |
1049 arg[i].len = dst - arg[i].data; | |
1050 } | |
1051 | |
1052 s->backslash = 0; | |
1053 } | |
1054 | |
1055 switch (s->command) { | |
1056 | |
1057 case NGX_IMAP_LOGIN: | |
1058 | |
1059 #if (NGX_MAIL_SSL) | |
1060 | |
1061 if (c->ssl == NULL) { | |
1062 sslcf = ngx_mail_get_module_srv_conf(s, ngx_mail_ssl_module); | |
1063 | |
1064 if (sslcf->starttls == NGX_MAIL_STARTTLS_ONLY) { | |
1065 rc = NGX_MAIL_PARSE_INVALID_COMMAND; | |
1066 break; | |
1067 } | |
1068 } | |
1069 #endif | |
1070 | |
1071 arg = s->args.elts; | |
1072 | |
1073 if (s->args.nelts == 2 && arg[0].len) { | |
1074 | |
1075 s->login.len = arg[0].len; | |
1076 s->login.data = ngx_palloc(c->pool, s->login.len); | |
1077 if (s->login.data == NULL) { | |
1078 ngx_mail_session_internal_server_error(s); | |
1079 return; | |
1080 } | |
1081 | |
1082 ngx_memcpy(s->login.data, arg[0].data, s->login.len); | |
1083 | |
1084 s->passwd.len = arg[1].len; | |
1085 s->passwd.data = ngx_palloc(c->pool, s->passwd.len); | |
1086 if (s->passwd.data == NULL) { | |
1087 ngx_mail_session_internal_server_error(s); | |
1088 return; | |
1089 } | |
1090 | |
1091 ngx_memcpy(s->passwd.data, arg[1].data, s->passwd.len); | |
1092 | |
1093 #if (NGX_DEBUG_MAIL_PASSWD) | |
1094 ngx_log_debug2(NGX_LOG_DEBUG_MAIL, c->log, 0, | |
1095 "imap login:\"%V\" passwd:\"%V\"", | |
1096 &s->login, &s->passwd); | |
1097 #else | |
1098 ngx_log_debug1(NGX_LOG_DEBUG_MAIL, c->log, 0, | |
1099 "imap login:\"%V\"", &s->login); | |
1100 #endif | |
1101 | |
1102 ngx_mail_do_auth(s); | |
1103 return; | |
1104 } | |
1105 | |
1106 rc = NGX_MAIL_PARSE_INVALID_COMMAND; | |
1107 break; | |
1108 | |
1109 case NGX_IMAP_CAPABILITY: | |
1110 cscf = ngx_mail_get_module_srv_conf(s, ngx_mail_core_module); | |
1111 | |
1112 #if (NGX_MAIL_SSL) | |
1113 | |
1114 if (c->ssl == NULL) { | |
1115 sslcf = ngx_mail_get_module_srv_conf(s, ngx_mail_ssl_module); | |
1116 | |
1117 if (sslcf->starttls == NGX_MAIL_STARTTLS_ON) { | |
1118 text_len = cscf->imap_starttls_capability.len; | |
1119 text = cscf->imap_starttls_capability.data; | |
1120 break; | |
1121 } | |
1122 | |
1123 if (sslcf->starttls == NGX_MAIL_STARTTLS_ONLY) { | |
1124 text_len = cscf->imap_starttls_only_capability.len; | |
1125 text = cscf->imap_starttls_only_capability.data; | |
1126 break; | |
1127 } | |
1128 } | |
1129 #endif | |
1130 | |
1131 text_len = cscf->imap_capability.len; | |
1132 text = cscf->imap_capability.data; | |
1133 break; | |
1134 | |
1135 case NGX_IMAP_LOGOUT: | |
1136 s->quit = 1; | |
1137 text = imap_bye; | |
1138 text_len = sizeof(imap_bye) - 1; | |
1139 break; | |
1140 | |
1141 case NGX_IMAP_NOOP: | |
1142 break; | |
1143 | |
1144 #if (NGX_MAIL_SSL) | |
1145 | |
1146 case NGX_IMAP_STARTTLS: | |
1147 if (c->ssl == NULL) { | |
1148 sslcf = ngx_mail_get_module_srv_conf(s, ngx_mail_ssl_module); | |
1149 if (sslcf->starttls) { | |
1150 c->read->handler = ngx_mail_starttls_handler; | |
1151 break; | |
1152 } | |
1153 } | |
1154 | |
1155 rc = NGX_MAIL_PARSE_INVALID_COMMAND; | |
1156 break; | |
1157 #endif | |
1158 | |
1159 default: | |
1160 rc = NGX_MAIL_PARSE_INVALID_COMMAND; | |
1161 break; | |
1162 } | |
1163 | |
1164 } else if (rc == NGX_IMAP_NEXT) { | |
1165 last = imap_next; | |
1166 last_len = sizeof(imap_next) - 1; | |
1167 tag = 0; | |
1168 } | |
1169 | |
1170 if (rc == NGX_MAIL_PARSE_INVALID_COMMAND) { | |
1171 last = imap_invalid_command; | |
1172 last_len = sizeof(imap_invalid_command) - 1; | |
1173 } | |
1174 | |
1175 if (tag) { | |
1176 if (s->tag.len == 0) { | |
1177 s->tag.len = sizeof(imap_star) - 1; | |
1178 s->tag.data = (u_char *) imap_star; | |
1179 } | |
1180 | |
1181 if (s->tagged_line.len < s->tag.len + text_len + last_len) { | |
1182 s->tagged_line.len = s->tag.len + text_len + last_len; | |
1183 s->tagged_line.data = ngx_palloc(c->pool, s->tagged_line.len); | |
1184 if (s->tagged_line.data == NULL) { | |
1185 ngx_mail_close_connection(c); | |
1186 return; | |
1187 } | |
1188 } | |
1189 | |
1190 s->out.data = s->tagged_line.data; | |
1191 s->out.len = s->tag.len + text_len + last_len; | |
1192 | |
1193 p = s->out.data; | |
1194 | |
1195 if (text) { | |
1196 p = ngx_cpymem(p, text, text_len); | |
1197 } | |
1198 p = ngx_cpymem(p, s->tag.data, s->tag.len); | |
1199 ngx_memcpy(p, last, last_len); | |
1200 | |
1201 | |
1202 } else { | |
1203 s->out.data = last; | |
1204 s->out.len = last_len; | |
1205 } | |
1206 | |
1207 if (rc != NGX_IMAP_NEXT) { | |
1208 s->args.nelts = 0; | |
1209 s->buffer->pos = s->buffer->start; | |
1210 s->buffer->last = s->buffer->start; | |
1211 s->tag.len = 0; | |
1212 } | |
1213 | |
1214 ngx_mail_send(c->write); | |
1215 } | |
1216 | |
1217 | |
1218 void | |
1219 ngx_smtp_auth_state(ngx_event_t *rev) | |
1220 { | |
1221 u_char *p, *last, *text, ch; | |
1222 ssize_t size; | |
1223 ngx_int_t rc; | |
1224 ngx_str_t *arg, salt, l; | |
1225 ngx_uint_t i; | |
1226 ngx_connection_t *c; | |
1227 ngx_mail_session_t *s; | |
1228 ngx_mail_core_srv_conf_t *cscf; | |
1229 | |
1230 c = rev->data; | |
1231 s = c->data; | |
1232 | |
1233 ngx_log_debug0(NGX_LOG_DEBUG_MAIL, c->log, 0, "smtp auth state"); | |
1234 | |
1235 if (rev->timedout) { | |
1236 ngx_log_error(NGX_LOG_INFO, c->log, NGX_ETIMEDOUT, "client timed out"); | |
1237 c->timedout = 1; | |
1238 ngx_mail_close_connection(c); | |
1239 return; | |
1240 } | |
1241 | |
1242 if (s->out.len) { | |
1243 ngx_log_debug0(NGX_LOG_DEBUG_MAIL, c->log, 0, "smtp send handler busy"); | |
1244 s->blocked = 1; | |
1245 return; | |
1246 } | |
1247 | |
1248 s->blocked = 0; | |
1249 | |
1250 rc = ngx_mail_read_command(s); | |
1251 | |
1252 if (rc == NGX_AGAIN || rc == NGX_ERROR) { | |
1253 return; | |
1254 } | |
1255 | |
1256 text = NULL; | |
1257 size = 0; | |
1258 | |
1259 if (rc == NGX_OK) { | |
1260 switch (s->mail_state) { | |
1261 | |
1262 case ngx_smtp_start: | |
1263 | |
1264 switch (s->command) { | |
1265 | |
1266 case NGX_SMTP_HELO: | |
1267 case NGX_SMTP_EHLO: | |
1268 cscf = ngx_mail_get_module_srv_conf(s, ngx_mail_core_module); | |
1269 | |
1270 if (s->args.nelts != 1) { | |
1271 text = smtp_invalid_argument; | |
1272 size = sizeof(smtp_invalid_argument) - 1; | |
1273 s->state = 0; | |
1274 break; | |
1275 } | |
1276 | |
1277 arg = s->args.elts; | |
1278 | |
1279 s->smtp_helo.len = arg[0].len; | |
1280 | |
1281 s->smtp_helo.data = ngx_palloc(c->pool, arg[0].len); | |
1282 if (s->smtp_helo.data == NULL) { | |
1283 ngx_mail_session_internal_server_error(s); | |
1284 return; | |
1285 } | |
1286 | |
1287 ngx_memcpy(s->smtp_helo.data, arg[0].data, arg[0].len); | |
1288 | |
1289 if (s->command == NGX_SMTP_HELO) { | |
1290 size = cscf->smtp_server_name.len; | |
1291 text = cscf->smtp_server_name.data; | |
1292 | |
1293 } else { | |
1294 s->esmtp = 1; | |
1295 size = cscf->smtp_capability.len; | |
1296 text = cscf->smtp_capability.data; | |
1297 } | |
1298 | |
1299 break; | |
1300 | |
1301 case NGX_SMTP_AUTH: | |
1302 | |
1303 if (s->args.nelts == 0) { | |
1304 text = smtp_invalid_argument; | |
1305 size = sizeof(smtp_invalid_argument) - 1; | |
1306 s->state = 0; | |
1307 break; | |
1308 } | |
1309 | |
1310 arg = s->args.elts; | |
1311 | |
1312 if (arg[0].len == 5) { | |
1313 | |
1314 if (ngx_strncasecmp(arg[0].data, (u_char *) "LOGIN", 5) | |
1315 == 0) | |
1316 { | |
1317 | |
1318 if (s->args.nelts != 1) { | |
1319 rc = NGX_MAIL_PARSE_INVALID_COMMAND; | |
1320 break; | |
1321 } | |
1322 | |
1323 s->mail_state = ngx_smtp_auth_login_username; | |
1324 | |
1325 size = sizeof(smtp_username) - 1; | |
1326 text = smtp_username; | |
1327 | |
1328 break; | |
1329 | |
1330 } else if (ngx_strncasecmp(arg[0].data, (u_char *) "PLAIN", | |
1331 5) | |
1332 == 0) | |
1333 { | |
1334 if (s->args.nelts == 1) { | |
1335 s->mail_state = ngx_smtp_auth_plain; | |
1336 | |
1337 size = sizeof(smtp_next) - 1; | |
1338 text = smtp_next; | |
1339 | |
1340 break; | |
1341 } | |
1342 | |
1343 if (s->args.nelts == 2) { | |
1344 | |
1345 rc = ngx_mail_decode_auth_plain(s, &arg[1]); | |
1346 | |
1347 if (rc == NGX_OK) { | |
1348 ngx_mail_do_auth(s); | |
1349 return; | |
1350 } | |
1351 | |
1352 if (rc == NGX_ERROR) { | |
1353 ngx_mail_session_internal_server_error(s); | |
1354 return; | |
1355 } | |
1356 | |
1357 /* rc == NGX_MAIL_PARSE_INVALID_COMMAND */ | |
1358 | |
1359 break; | |
1360 } | |
1361 | |
1362 rc = NGX_MAIL_PARSE_INVALID_COMMAND; | |
1363 break; | |
1364 } | |
1365 | |
1366 } else if (arg[0].len == 8 | |
1367 && ngx_strncasecmp(arg[0].data, | |
1368 (u_char *) "CRAM-MD5", 8) | |
1369 == 0) | |
1370 { | |
1371 if (s->args.nelts != 1) { | |
1372 rc = NGX_MAIL_PARSE_INVALID_COMMAND; | |
1373 break; | |
1374 } | |
1375 | |
1376 s->mail_state = ngx_smtp_auth_cram_md5; | |
1377 | |
1378 text = ngx_palloc(c->pool, | |
1379 sizeof("334 " CRLF) - 1 | |
1380 + ngx_base64_encoded_length(s->salt.len)); | |
1381 if (text == NULL) { | |
1382 ngx_mail_session_internal_server_error(s); | |
1383 return; | |
1384 } | |
1385 | |
1386 text[0] = '3'; text[1]= '3'; text[2] = '4'; text[3]= ' '; | |
1387 salt.data = &text[4]; | |
1388 s->salt.len -= 2; | |
1389 | |
1390 ngx_encode_base64(&salt, &s->salt); | |
1391 | |
1392 s->salt.len += 2; | |
1393 size = 4 + salt.len; | |
1394 text[size++] = CR; text[size++] = LF; | |
1395 | |
1396 break; | |
1397 } | |
1398 | |
1399 rc = NGX_MAIL_PARSE_INVALID_COMMAND; | |
1400 break; | |
1401 | |
1402 case NGX_SMTP_QUIT: | |
1403 s->quit = 1; | |
1404 text = smtp_bye; | |
1405 size = sizeof(smtp_bye) - 1; | |
1406 break; | |
1407 | |
1408 case NGX_SMTP_MAIL: | |
1409 | |
1410 if (s->connection->log->log_level >= NGX_LOG_INFO) { | |
1411 l.len = s->buffer->last - s->buffer->start; | |
1412 l.data = s->buffer->start; | |
1413 | |
1414 for (i = 0; i < l.len; i++) { | |
1415 ch = l.data[i]; | |
1416 | |
1417 if (ch != CR && ch != LF) { | |
1418 continue; | |
1419 } | |
1420 | |
1421 l.data[i] = ' '; | |
1422 } | |
1423 | |
1424 while (i) { | |
1425 if (l.data[i - 1] != ' ') { | |
1426 break; | |
1427 } | |
1428 | |
1429 i--; | |
1430 } | |
1431 | |
1432 l.len = i; | |
1433 | |
1434 ngx_log_error(NGX_LOG_INFO, s->connection->log, 0, | |
1435 "client was rejected: \"%V\"", &l); | |
1436 } | |
1437 | |
1438 text = smtp_auth_required; | |
1439 size = sizeof(smtp_auth_required) - 1; | |
1440 break; | |
1441 | |
1442 case NGX_SMTP_NOOP: | |
1443 case NGX_SMTP_RSET: | |
1444 text = smtp_ok; | |
1445 size = sizeof(smtp_ok) - 1; | |
1446 break; | |
1447 } | |
1448 | |
1449 break; | |
1450 | |
1451 case ngx_smtp_auth_login_username: | |
1452 arg = s->args.elts; | |
1453 s->mail_state = ngx_smtp_auth_login_password; | |
1454 | |
1455 ngx_log_debug1(NGX_LOG_DEBUG_MAIL, c->log, 0, | |
1456 "smtp auth login username: \"%V\"", &arg[0]); | |
1457 | |
1458 s->login.data = ngx_palloc(c->pool, | |
1459 ngx_base64_decoded_length(arg[0].len)); | |
1460 if (s->login.data == NULL){ | |
1461 ngx_mail_session_internal_server_error(s); | |
1462 return; | |
1463 } | |
1464 | |
1465 if (ngx_decode_base64(&s->login, &arg[0]) != NGX_OK) { | |
1466 ngx_log_error(NGX_LOG_INFO, c->log, 0, | |
1467 "client sent invalid base64 encoding " | |
1468 "in AUTH LOGIN command"); | |
1469 rc = NGX_MAIL_PARSE_INVALID_COMMAND; | |
1470 break; | |
1471 } | |
1472 | |
1473 ngx_log_debug1(NGX_LOG_DEBUG_MAIL, c->log, 0, | |
1474 "smtp auth login username: \"%V\"", &s->login); | |
1475 | |
1476 size = sizeof(smtp_password) - 1; | |
1477 text = smtp_password; | |
1478 | |
1479 break; | |
1480 | |
1481 case ngx_smtp_auth_login_password: | |
1482 arg = s->args.elts; | |
1483 | |
1484 #if (NGX_DEBUG_MAIL_PASSWD) | |
1485 ngx_log_debug1(NGX_LOG_DEBUG_MAIL, c->log, 0, | |
1486 "smtp auth login password: \"%V\"", &arg[0]); | |
1487 #endif | |
1488 | |
1489 s->passwd.data = ngx_palloc(c->pool, | |
1490 ngx_base64_decoded_length(arg[0].len)); | |
1491 if (s->passwd.data == NULL){ | |
1492 ngx_mail_session_internal_server_error(s); | |
1493 return; | |
1494 } | |
1495 | |
1496 if (ngx_decode_base64(&s->passwd, &arg[0]) != NGX_OK) { | |
1497 ngx_log_error(NGX_LOG_INFO, c->log, 0, | |
1498 "client sent invalid base64 encoding " | |
1499 "in AUTH LOGIN command"); | |
1500 rc = NGX_MAIL_PARSE_INVALID_COMMAND; | |
1501 break; | |
1502 } | |
1503 | |
1504 #if (NGX_DEBUG_MAIL_PASSWD) | |
1505 ngx_log_debug1(NGX_LOG_DEBUG_MAIL, c->log, 0, | |
1506 "smtp auth login password: \"%V\"", &s->passwd); | |
1507 #endif | |
1508 | |
1509 ngx_mail_do_auth(s); | |
1510 return; | |
1511 | |
1512 case ngx_smtp_auth_plain: | |
1513 arg = s->args.elts; | |
1514 | |
1515 rc = ngx_mail_decode_auth_plain(s, &arg[0]); | |
1516 | |
1517 if (rc == NGX_OK) { | |
1518 ngx_mail_do_auth(s); | |
1519 return; | |
1520 } | |
1521 | |
1522 if (rc == NGX_ERROR) { | |
1523 ngx_mail_session_internal_server_error(s); | |
1524 return; | |
1525 } | |
1526 | |
1527 /* rc == NGX_MAIL_PARSE_INVALID_COMMAND */ | |
1528 | |
1529 break; | |
1530 | |
1531 case ngx_smtp_auth_cram_md5: | |
1532 arg = s->args.elts; | |
1533 | |
1534 ngx_log_debug1(NGX_LOG_DEBUG_MAIL, c->log, 0, | |
1535 "smtp auth cram-md5: \"%V\"", &arg[0]); | |
1536 | |
1537 s->login.data = ngx_palloc(c->pool, | |
1538 ngx_base64_decoded_length(arg[0].len)); | |
1539 if (s->login.data == NULL){ | |
1540 ngx_mail_session_internal_server_error(s); | |
1541 return; | |
1542 } | |
1543 | |
1544 if (ngx_decode_base64(&s->login, &arg[0]) != NGX_OK) { | |
1545 ngx_log_error(NGX_LOG_INFO, c->log, 0, | |
1546 "client sent invalid base64 encoding " | |
1547 "in AUTH CRAM-MD5 command"); | |
1548 rc = NGX_MAIL_PARSE_INVALID_COMMAND; | |
1549 break; | |
1550 } | |
1551 | |
1552 p = s->login.data; | |
1553 last = p + s->login.len; | |
1554 | |
1555 while (p < last) { | |
1556 if (*p++ == ' ') { | |
1557 s->login.len = p - s->login.data - 1; | |
1558 s->passwd.len = last - p; | |
1559 s->passwd.data = p; | |
1560 break; | |
1561 } | |
1562 } | |
1563 | |
1564 if (s->passwd.len != 32) { | |
1565 ngx_log_error(NGX_LOG_INFO, c->log, 0, | |
1566 "client sent invalid CRAM-MD5 hash " | |
1567 "in AUTH CRAM-MD5 command"); | |
1568 rc = NGX_MAIL_PARSE_INVALID_COMMAND; | |
1569 break; | |
1570 } | |
1571 | |
1572 ngx_log_debug2(NGX_LOG_DEBUG_MAIL, c->log, 0, | |
1573 "smtp auth cram-md5: \"%V\" \"%V\"", | |
1574 &s->login, &s->passwd); | |
1575 | |
1576 s->auth_method = NGX_MAIL_AUTH_CRAM_MD5; | |
1577 | |
1578 ngx_mail_do_auth(s); | |
1579 return; | |
1580 } | |
1581 } | |
1582 | |
1583 if (rc == NGX_MAIL_PARSE_INVALID_COMMAND) { | |
1584 s->mail_state = ngx_smtp_start; | |
1585 s->state = 0; | |
1586 text = smtp_invalid_command; | |
1587 size = sizeof(smtp_invalid_command) - 1; | |
1588 } | |
1589 | |
1590 s->args.nelts = 0; | |
1591 s->buffer->pos = s->buffer->start; | |
1592 s->buffer->last = s->buffer->start; | |
1593 | |
1594 if (s->state) { | |
1595 s->arg_start = s->buffer->start; | |
1596 } | |
1597 | |
1598 s->out.data = text; | |
1599 s->out.len = size; | |
1600 | |
1601 ngx_mail_send(c->write); | |
1602 } | |
1603 | |
1604 | |
1605 static ngx_int_t | |
1606 ngx_mail_decode_auth_plain(ngx_mail_session_t *s, ngx_str_t *encoded) | |
1607 { | |
1608 u_char *p, *last; | |
1609 ngx_str_t plain; | |
1610 | |
1611 #if (NGX_DEBUG_MAIL_PASSWD) | |
1612 ngx_log_debug1(NGX_LOG_DEBUG_MAIL, s->connection->log, 0, | |
1613 "mail auth plain: \"%V\"", encoded); | |
1614 #endif | |
1615 | |
1616 plain.data = ngx_palloc(s->connection->pool, | |
1617 ngx_base64_decoded_length(encoded->len)); | |
1618 if (plain.data == NULL){ | |
1619 return NGX_ERROR; | |
1620 } | |
1621 | |
1622 if (ngx_decode_base64(&plain, encoded) != NGX_OK) { | |
1623 ngx_log_error(NGX_LOG_INFO, s->connection->log, 0, | |
1624 "client sent invalid base64 encoding " | |
1625 "in AUTH PLAIN command"); | |
1626 return NGX_MAIL_PARSE_INVALID_COMMAND; | |
1627 } | |
1628 | |
1629 p = plain.data; | |
1630 last = p + plain.len; | |
1631 | |
1632 while (p < last && *p++) { /* void */ } | |
1633 | |
1634 if (p == last) { | |
1635 ngx_log_error(NGX_LOG_INFO, s->connection->log, 0, | |
1636 "client sent invalid login in AUTH PLAIN command"); | |
1637 return NGX_MAIL_PARSE_INVALID_COMMAND; | |
1638 } | |
1639 | |
1640 s->login.data = p; | |
1641 | |
1642 while (p < last && *p) { p++; } | |
1643 | |
1644 if (p == last) { | |
1645 ngx_log_error(NGX_LOG_INFO, s->connection->log, 0, | |
1646 "client sent invalid password in AUTH PLAIN command"); | |
1647 return NGX_MAIL_PARSE_INVALID_COMMAND; | |
1648 } | |
1649 | |
1650 s->login.len = p++ - s->login.data; | |
1651 | |
1652 s->passwd.len = last - p; | |
1653 s->passwd.data = p; | |
1654 | |
1655 #if (NGX_DEBUG_MAIL_PASSWD) | |
1656 ngx_log_debug2(NGX_LOG_DEBUG_MAIL, s->connection->log, 0, | |
1657 "mail auth plain: \"%V\" \"%V\"", | |
1658 &s->login, &s->passwd); | |
1659 #endif | |
1660 | |
1661 return NGX_OK; | |
1662 } | |
1663 | |
1664 | |
1665 static void | |
1666 ngx_mail_do_auth(ngx_mail_session_t *s) | |
1667 { | |
1668 s->args.nelts = 0; | |
1669 s->buffer->pos = s->buffer->start; | |
1670 s->buffer->last = s->buffer->start; | |
1671 s->state = 0; | |
1672 | |
1673 if (s->connection->read->timer_set) { | |
1674 ngx_del_timer(s->connection->read); | |
1675 } | |
1676 | |
1677 s->login_attempt++; | |
1678 | |
1679 ngx_mail_auth_http_init(s); | |
1680 } | |
1681 | |
1682 | |
1683 static ngx_int_t | |
1684 ngx_mail_read_command(ngx_mail_session_t *s) | |
1685 { | |
1686 ssize_t n; | |
1687 ngx_int_t rc; | |
1688 ngx_str_t l; | |
1689 | |
1690 n = s->connection->recv(s->connection, s->buffer->last, | |
1691 s->buffer->end - s->buffer->last); | |
1692 | |
1693 if (n == NGX_ERROR || n == 0) { | |
1694 ngx_mail_close_connection(s->connection); | |
1695 return NGX_ERROR; | |
1696 } | |
1697 | |
1698 if (n > 0) { | |
1699 s->buffer->last += n; | |
1700 } | |
1701 | |
1702 if (n == NGX_AGAIN) { | |
1703 if (ngx_handle_read_event(s->connection->read, 0) == NGX_ERROR) { | |
1704 ngx_mail_session_internal_server_error(s); | |
1705 return NGX_ERROR; | |
1706 } | |
1707 | |
1708 return NGX_AGAIN; | |
1709 } | |
1710 | |
1711 switch (s->protocol) { | |
1712 case NGX_MAIL_POP3_PROTOCOL: | |
1713 rc = ngx_pop3_parse_command(s); | |
1714 break; | |
1715 | |
1716 case NGX_MAIL_IMAP_PROTOCOL: | |
1717 rc = ngx_imap_parse_command(s); | |
1718 break; | |
1719 | |
1720 default: /* NGX_MAIL_SMTP_PROTOCOL */ | |
1721 rc = ngx_smtp_parse_command(s); | |
1722 break; | |
1723 } | |
1724 | |
1725 if (rc == NGX_AGAIN) { | |
1726 | |
1727 if (s->buffer->last < s->buffer->end) { | |
1728 return rc; | |
1729 } | |
1730 | |
1731 l.len = s->buffer->last - s->buffer->start; | |
1732 l.data = s->buffer->start; | |
1733 | |
1734 ngx_log_error(NGX_LOG_INFO, s->connection->log, 0, | |
1735 "client sent too long command \"%V\"", &l); | |
1736 | |
1737 s->quit = 1; | |
1738 | |
1739 return NGX_MAIL_PARSE_INVALID_COMMAND; | |
1740 } | |
1741 | |
1742 if (rc == NGX_IMAP_NEXT || rc == NGX_MAIL_PARSE_INVALID_COMMAND) { | |
1743 return rc; | |
1744 } | |
1745 | |
1746 if (rc == NGX_ERROR) { | |
1747 ngx_mail_close_connection(s->connection); | |
1748 return NGX_ERROR; | |
1749 } | |
1750 | |
1751 return NGX_OK; | |
1752 } | |
1753 | |
1754 | |
1755 void | |
1756 ngx_mail_session_internal_server_error(ngx_mail_session_t *s) | |
1757 { | |
1758 s->out = internal_server_errors[s->protocol]; | |
1759 s->quit = 1; | |
1760 | |
1761 ngx_mail_send(s->connection->write); | |
1762 } | |
1763 | |
1764 | |
1765 void | |
1766 ngx_mail_close_connection(ngx_connection_t *c) | |
1767 { | |
1768 ngx_pool_t *pool; | |
1769 | |
1770 ngx_log_debug1(NGX_LOG_DEBUG_MAIL, c->log, 0, | |
1771 "close mail connection: %d", c->fd); | |
1772 | |
1773 #if (NGX_MAIL_SSL) | |
1774 | |
1775 if (c->ssl) { | |
1776 if (ngx_ssl_shutdown(c) == NGX_AGAIN) { | |
1777 c->ssl->handler = ngx_mail_close_connection; | |
1778 return; | |
1779 } | |
1780 } | |
1781 | |
1782 #endif | |
1783 | |
1784 c->destroyed = 1; | |
1785 | |
1786 pool = c->pool; | |
1787 | |
1788 ngx_close_connection(c); | |
1789 | |
1790 ngx_destroy_pool(pool); | |
1791 } | |
1792 | |
1793 | |
1794 static u_char * | |
1795 ngx_mail_log_error(ngx_log_t *log, u_char *buf, size_t len) | |
1796 { | |
1797 u_char *p; | |
1798 ngx_mail_session_t *s; | |
1799 ngx_mail_log_ctx_t *ctx; | |
1800 | |
1801 if (log->action) { | |
1802 p = ngx_snprintf(buf, len, " while %s", log->action); | |
1803 len -= p - buf; | |
1804 buf = p; | |
1805 } | |
1806 | |
1807 ctx = log->data; | |
1808 | |
1809 p = ngx_snprintf(buf, len, ", client: %V", ctx->client); | |
1810 len -= p - buf; | |
1811 buf = p; | |
1812 | |
1813 s = ctx->session; | |
1814 | |
1815 if (s == NULL) { | |
1816 return p; | |
1817 } | |
1818 | |
1819 p = ngx_snprintf(buf, len, ", server: %V", s->addr_text); | |
1820 len -= p - buf; | |
1821 buf = p; | |
1822 | |
1823 if (s->login.len == 0) { | |
1824 return p; | |
1825 } | |
1826 | |
1827 p = ngx_snprintf(buf, len, ", login: \"%V\"", &s->login); | |
1828 len -= p - buf; | |
1829 buf = p; | |
1830 | |
1831 if (s->proxy == NULL) { | |
1832 return p; | |
1833 } | |
1834 | |
1835 p = ngx_snprintf(buf, len, ", upstream: %V", s->proxy->upstream.name); | |
1836 | |
1837 return p; | |
1838 } |