# HG changeset patch # User Igor Sysoev # Date 1185134400 -14400 # Node ID d16d691432c9044f8b26ffccbd6ae68c11d0cde9 # Parent a87830ef6fddeda64e54531de9a5b9055189d449 nginx 0.6.5 *) Feature: $nginx_version variable. Thanks to Nick S. Grechukh. *) Feature: the mail proxy supports AUTHENTICATE in IMAP mode. Thanks to Maxim Dounin. *) Feature: the mail proxy supports STARTTLS in SMTP mode. Thanks to Maxim Dounin. *) Bugfix: now nginx escapes space in $memcached_key variable. *) Bugfix: nginx was incorrectly built by Sun Studio on Solaris/amd64. Thanks to Jiang Hong. *) Bugfix: of minor potential bugs. Thanks to Coverity's Scan. diff --git a/CHANGES b/CHANGES --- a/CHANGES +++ b/CHANGES @@ -1,7 +1,29 @@ +Changes with nginx 0.6.5 23 Jul 2007 + + *) Feature: $nginx_version variable. + Thanks to Nick S. Grechukh. + + *) Feature: the mail proxy supports AUTHENTICATE in IMAP mode. + Thanks to Maxim Dounin. + + *) Feature: the mail proxy supports STARTTLS in SMTP mode. + Thanks to Maxim Dounin. + + *) Bugfix: now nginx escapes space in $memcached_key variable. + + *) Bugfix: nginx was incorrectly built by Sun Studio on + Solaris/amd64. + Thanks to Jiang Hong. + + *) Bugfix: of minor potential bugs. + Thanks to Coverity's Scan. + + Changes with nginx 0.6.4 17 Jul 2007 *) Security: the "msie_refresh" directive allowed XSS. + Thanks to Maxim Boguk. *) Change: the "proxy_store" and "fastcgi_store" directives were changed. diff --git a/CHANGES.ru b/CHANGES.ru --- a/CHANGES.ru +++ b/CHANGES.ru @@ -1,8 +1,33 @@ +Изменения в nginx 0.6.5 23.07.2007 + + *) Добавление: переменная $nginx_version. + Спасибо Николаю Гречуху. + + *) Добавление: почтовый прокси-сервер поддерживает AUTHENTICATE в + режиме IMAP. + Спасибо Максиму Дунину. + + *) Добавление: почтовый прокси-сервер поддерживает STARTTLS в режиме + SMTP. + Спасибо Максиму Дунину. + + *) Исправление: теперь nginx экранирует пробел в переменной + $memcached_key. + + *) Исправление: nginx неправильно собирался Sun Studio на + Solaris/amd64. + Спасибо Jiang Hong. + + *) Исправление: незначительных потенциальных ошибок. + Спасибо Coverity's Scan. + + Изменения в nginx 0.6.4 17.07.2007 *) Безопасность: при использовании директивы msie_refresh был возможен XSS. + Спасибо Максиму Богуку. *) Изменение: директивы proxy_store и fastcgi_store изменены. diff --git a/auto/cc/sunc b/auto/cc/sunc --- a/auto/cc/sunc +++ b/auto/cc/sunc @@ -74,6 +74,7 @@ esac IPO=-xipo CFLAGS="$CFLAGS -fast $IPO" +CORE_LINK="$CORE_LINK -fast $IPO" case $CPU in @@ -128,7 +129,7 @@ case $CPU in # build 64-bit amd64 binary CPU_OPT="$ngx_amd64" CORE_LINK="$CORE_LINK $ngx_amd64" - CC_AUX_FLAGS="$CC_AUX_FLAGS $ngx_amd4" + CC_AUX_FLAGS="$CC_AUX_FLAGS $ngx_amd64" NGX_AUX=" src/os/unix/ngx_sunpro_amd64.il" NGX_CPU_CACHE_LINE=64 ;; diff --git a/auto/lib/pcre/conf b/auto/lib/pcre/conf --- a/auto/lib/pcre/conf +++ b/auto/lib/pcre/conf @@ -29,7 +29,7 @@ if [ $PCRE != NONE ]; then ngx_pcre_ver=`grep PCRE_MAJOR $PCRE/pcre.h \ | sed -e 's/^.*PCRE_MAJOR.* \(.*\)$/\1/'` - else if [ -f $PCRE/configure.in.h ]; then + else if [ -f $PCRE/configure.in ]; then ngx_pcre_ver=`grep PCRE_MAJOR= $PCRE/configure.in \ | sed -e 's/^.*=\(.*\)$/\1/'` diff --git a/conf/fastcgi_params b/conf/fastcgi_params --- a/conf/fastcgi_params +++ b/conf/fastcgi_params @@ -11,7 +11,7 @@ fastcgi_param DOCUMENT_ROOT $docum fastcgi_param SERVER_PROTOCOL $server_protocol; fastcgi_param GATEWAY_INTERFACE CGI/1.1; -fastcgi_param SERVER_SOFTWARE nginx; +fastcgi_param SERVER_SOFTWARE nginx/$nginx_version; fastcgi_param REMOTE_ADDR $remote_addr; fastcgi_param REMOTE_PORT $remote_port; diff --git a/src/core/nginx.c b/src/core/nginx.c --- a/src/core/nginx.c +++ b/src/core/nginx.c @@ -438,6 +438,9 @@ ngx_set_environment(ngx_cycle_t *cycle, } var = ngx_array_push(&ccf->env); + if (var == NULL) { + return NULL; + } var->len = 2; var->data = (u_char *) "TZ"; diff --git a/src/core/nginx.h b/src/core/nginx.h --- a/src/core/nginx.h +++ b/src/core/nginx.h @@ -8,7 +8,7 @@ #define _NGINX_H_INCLUDED_ -#define NGINX_VERSION "0.6.4" +#define NGINX_VERSION "0.6.5" #define NGINX_VER "nginx/" NGINX_VERSION #define NGINX_VAR "NGINX" diff --git a/src/core/ngx_file.c b/src/core/ngx_file.c --- a/src/core/ngx_file.c +++ b/src/core/ngx_file.c @@ -518,6 +518,9 @@ ngx_walk_tree(ngx_tree_ctx_t *ctx, ngx_s } ctx->data = data; + + } else { + data = NULL; } for ( ;; ) { @@ -643,8 +646,8 @@ done: ngx_free(buf.data); } - if (ctx->alloc) { - ngx_free(ctx->data); + if (data) { + ngx_free(data); ctx->data = prev; } diff --git a/src/core/ngx_palloc.c b/src/core/ngx_palloc.c --- a/src/core/ngx_palloc.c +++ b/src/core/ngx_palloc.c @@ -163,6 +163,7 @@ ngx_palloc(ngx_pool_t *pool, size_t size large = ngx_palloc(pool, sizeof(ngx_pool_large_t)); if (large == NULL) { + ngx_free(p); return NULL; } diff --git a/src/core/ngx_string.c b/src/core/ngx_string.c --- a/src/core/ngx_string.c +++ b/src/core/ngx_string.c @@ -1059,7 +1059,27 @@ ngx_escape_uri(u_char *dst, u_char *src, 0xffffffff /* 1111 1111 1111 1111 1111 1111 1111 1111 */ }; - static uint32_t *map[] = { uri, args, html, refresh }; + /* " ", %00-%1F */ + + static uint32_t memcached[] = { + 0xffffffff, /* 1111 1111 1111 1111 1111 1111 1111 1111 */ + + /* ?>=< ;:98 7654 3210 /.-, +*)( '&%$ #"! */ + 0x00000001, /* 0000 0000 0000 0000 0000 0000 0000 0001 */ + + /* _^]\ [ZYX WVUT SRQP ONML KJIH GFED CBA@ */ + 0x00000000, /* 0000 0000 0000 0000 0000 0000 0000 0000 */ + + /* ~}| {zyx wvut srqp onml kjih gfed cba` */ + 0x00000000, /* 0000 0000 0000 0000 0000 0000 0000 0000 */ + + 0x00000000, /* 0000 0000 0000 0000 0000 0000 0000 0000 */ + 0x00000000, /* 0000 0000 0000 0000 0000 0000 0000 0000 */ + 0x00000000, /* 0000 0000 0000 0000 0000 0000 0000 0000 */ + 0x00000000, /* 0000 0000 0000 0000 0000 0000 0000 0000 */ + }; + + static uint32_t *map[] = { uri, args, html, refresh, memcached }; escape = map[type]; diff --git a/src/core/ngx_string.h b/src/core/ngx_string.h --- a/src/core/ngx_string.h +++ b/src/core/ngx_string.h @@ -150,12 +150,13 @@ size_t ngx_utf_length(u_char *p, size_t u_char *ngx_utf_cpystrn(u_char *dst, u_char *src, size_t n); -#define NGX_ESCAPE_URI 0 -#define NGX_ESCAPE_ARGS 1 -#define NGX_ESCAPE_HTML 2 -#define NGX_ESCAPE_REFRESH 3 +#define NGX_ESCAPE_URI 0 +#define NGX_ESCAPE_ARGS 1 +#define NGX_ESCAPE_HTML 2 +#define NGX_ESCAPE_REFRESH 3 +#define NGX_ESCAPE_MEMCACHED 4 -#define NGX_UNESCAPE_URI 1 +#define NGX_UNESCAPE_URI 1 uintptr_t ngx_escape_uri(u_char *dst, u_char *src, size_t size, ngx_uint_t type); @@ -164,11 +165,11 @@ void ngx_unescape_uri(u_char **dst, u_ch void ngx_sort(void *base, size_t n, size_t size, int (*cmp)(const void *, const void *)); -#define ngx_qsort qsort +#define ngx_qsort qsort -#define ngx_value_helper(n) #n -#define ngx_value(n) ngx_value_helper(n) +#define ngx_value_helper(n) #n +#define ngx_value(n) ngx_value_helper(n) #endif /* _NGX_STRING_H_INCLUDED_ */ diff --git a/src/http/modules/ngx_http_memcached_module.c b/src/http/modules/ngx_http_memcached_module.c --- a/src/http/modules/ngx_http_memcached_module.c +++ b/src/http/modules/ngx_http_memcached_module.c @@ -226,6 +226,7 @@ static ngx_int_t ngx_http_memcached_create_request(ngx_http_request_t *r) { size_t len; + uintptr_t escape; ngx_buf_t *b; ngx_chain_t *cl; ngx_http_memcached_ctx_t *ctx; @@ -242,10 +243,9 @@ ngx_http_memcached_create_request(ngx_ht return NGX_ERROR; } - len = sizeof("get ") - 1 + vv->len + sizeof(CRLF) - 1; - if (vv->len) { - len += 1 + vv->len; - } + escape = 2 * ngx_escape_uri(NULL, vv->data, vv->len, NGX_ESCAPE_MEMCACHED); + + len = sizeof("get ") - 1 + vv->len + escape + sizeof(CRLF) - 1; b = ngx_create_temp_buf(r->pool, len); if (b == NULL) { @@ -268,7 +268,13 @@ ngx_http_memcached_create_request(ngx_ht ctx->key.data = b->last; - b->last = ngx_copy(b->last, vv->data, vv->len); + if (escape == 0) { + b->last = ngx_copy(b->last, vv->data, vv->len); + + } else { + b->last = (u_char *) ngx_escape_uri(b->last, vv->data, vv->len, + NGX_ESCAPE_MEMCACHED); + } ctx->key.len = b->last - ctx->key.data; diff --git a/src/http/modules/ngx_http_ssi_filter_module.c b/src/http/modules/ngx_http_ssi_filter_module.c --- a/src/http/modules/ngx_http_ssi_filter_module.c +++ b/src/http/modules/ngx_http_ssi_filter_module.c @@ -439,6 +439,8 @@ ngx_http_ssi_body_filter(ngx_http_reques if (rc == NGX_ERROR || rc == NGX_AGAIN) { return rc; } + + break; } } diff --git a/src/http/modules/perl/nginx.pm b/src/http/modules/perl/nginx.pm --- a/src/http/modules/perl/nginx.pm +++ b/src/http/modules/perl/nginx.pm @@ -47,7 +47,7 @@ our @EXPORT = qw( HTTP_INSUFFICIENT_STORAGE ); -our $VERSION = '0.6.4'; +our $VERSION = '0.6.5'; require XSLoader; XSLoader::load('nginx', $VERSION); diff --git a/src/http/ngx_http_variables.c b/src/http/ngx_http_variables.c --- a/src/http/ngx_http_variables.c +++ b/src/http/ngx_http_variables.c @@ -8,6 +8,7 @@ #include #include #include +#include static ngx_int_t ngx_http_variable_request(ngx_http_request_t *r, @@ -66,6 +67,8 @@ static ngx_int_t ngx_http_variable_sent_ static ngx_int_t ngx_http_variable_sent_transfer_encoding(ngx_http_request_t *r, ngx_http_variable_value_t *v, uintptr_t data); +static ngx_int_t ngx_http_variable_nginx_version(ngx_http_request_t *r, + ngx_http_variable_value_t *v, uintptr_t data); /* * TODO: @@ -205,6 +208,9 @@ static ngx_http_variable_t ngx_http_cor offsetof(ngx_http_request_t, limit_rate), NGX_HTTP_VAR_CHANGABLE|NGX_HTTP_VAR_NOCACHABLE, 0 }, + { ngx_string("nginx_version"), NULL, ngx_http_variable_nginx_version, + 0, 0, 0 }, + { ngx_null_string, NULL, NULL, 0, 0, 0 } }; @@ -1205,6 +1211,20 @@ ngx_http_variable_request_body_file(ngx_ } +static ngx_int_t +ngx_http_variable_nginx_version(ngx_http_request_t *r, + ngx_http_variable_value_t *v, uintptr_t data) +{ + v->len = sizeof(NGINX_VERSION) - 1; + v->valid = 1; + v->no_cachable = 0; + v->not_found = 0; + v->data = (u_char *) NGINX_VERSION; + + return NGX_OK; +} + + ngx_int_t ngx_http_variables_add_core_vars(ngx_conf_t *cf) { diff --git a/src/mail/ngx_mail.h b/src/mail/ngx_mail.h --- a/src/mail/ngx_mail.h +++ b/src/mail/ngx_mail.h @@ -92,12 +92,15 @@ typedef struct { ngx_str_t imap_starttls_only_capability; ngx_str_t smtp_capability; + ngx_str_t smtp_starttls_capability; + ngx_str_t smtp_starttls_only_capability; ngx_str_t server_name; ngx_str_t smtp_server_name; ngx_str_t smtp_greeting; ngx_uint_t pop3_auth_methods; + ngx_uint_t imap_auth_methods; ngx_uint_t smtp_auth_methods; ngx_array_t pop3_capabilities; @@ -132,6 +135,10 @@ typedef enum { typedef enum { ngx_imap_start = 0, + ngx_imap_auth_login_username, + ngx_imap_auth_login_password, + ngx_imap_auth_plain, + ngx_imap_auth_cram_md5, ngx_imap_login, ngx_imap_user, ngx_imap_passwd @@ -214,39 +221,47 @@ typedef struct { } ngx_mail_log_ctx_t; -#define NGX_POP3_USER 1 -#define NGX_POP3_PASS 2 -#define NGX_POP3_CAPA 3 -#define NGX_POP3_QUIT 4 -#define NGX_POP3_NOOP 5 -#define NGX_POP3_STLS 6 -#define NGX_POP3_APOP 7 -#define NGX_POP3_AUTH 8 -#define NGX_POP3_STAT 9 -#define NGX_POP3_LIST 10 -#define NGX_POP3_RETR 11 -#define NGX_POP3_DELE 12 -#define NGX_POP3_RSET 13 -#define NGX_POP3_TOP 14 -#define NGX_POP3_UIDL 15 +#define NGX_POP3_USER 1 +#define NGX_POP3_PASS 2 +#define NGX_POP3_CAPA 3 +#define NGX_POP3_QUIT 4 +#define NGX_POP3_NOOP 5 +#define NGX_POP3_STLS 6 +#define NGX_POP3_APOP 7 +#define NGX_POP3_AUTH 8 +#define NGX_POP3_STAT 9 +#define NGX_POP3_LIST 10 +#define NGX_POP3_RETR 11 +#define NGX_POP3_DELE 12 +#define NGX_POP3_RSET 13 +#define NGX_POP3_TOP 14 +#define NGX_POP3_UIDL 15 -#define NGX_IMAP_LOGIN 1 -#define NGX_IMAP_LOGOUT 2 -#define NGX_IMAP_CAPABILITY 3 -#define NGX_IMAP_NOOP 4 -#define NGX_IMAP_STARTTLS 5 +#define NGX_IMAP_LOGIN 1 +#define NGX_IMAP_LOGOUT 2 +#define NGX_IMAP_CAPABILITY 3 +#define NGX_IMAP_NOOP 4 +#define NGX_IMAP_STARTTLS 5 -#define NGX_IMAP_NEXT 6 +#define NGX_IMAP_NEXT 6 + +#define NGX_IMAP_AUTHENTICATE 7 -#define NGX_SMTP_HELO 1 -#define NGX_SMTP_EHLO 2 -#define NGX_SMTP_AUTH 3 -#define NGX_SMTP_QUIT 4 -#define NGX_SMTP_NOOP 5 -#define NGX_SMTP_MAIL 6 -#define NGX_SMTP_RSET 7 +#define NGX_SMTP_HELO 1 +#define NGX_SMTP_EHLO 2 +#define NGX_SMTP_AUTH 3 +#define NGX_SMTP_QUIT 4 +#define NGX_SMTP_NOOP 5 +#define NGX_SMTP_MAIL 6 +#define NGX_SMTP_RSET 7 +#define NGX_SMTP_RCPT 8 +#define NGX_SMTP_DATA 9 +#define NGX_SMTP_VRFY 10 +#define NGX_SMTP_EXPN 11 +#define NGX_SMTP_HELP 12 +#define NGX_SMTP_STARTTLS 13 #define NGX_MAIL_AUTH_PLAIN 0 @@ -285,6 +300,8 @@ typedef struct { #define ngx_mail_conf_get_module_main_conf(cf, module) \ ((ngx_mail_conf_ctx_t *) cf->ctx)->main_conf[module.ctx_index] +#define ngx_mail_conf_get_module_srv_conf(cf, module) \ + ((ngx_mail_conf_ctx_t *) cf->ctx)->srv_conf[module.ctx_index] void ngx_mail_init_connection(ngx_connection_t *c); diff --git a/src/mail/ngx_mail_core_module.c b/src/mail/ngx_mail_core_module.c --- a/src/mail/ngx_mail_core_module.c +++ b/src/mail/ngx_mail_core_module.c @@ -54,6 +54,14 @@ static ngx_conf_bitmask_t ngx_pop3_auth }; +static ngx_conf_bitmask_t ngx_imap_auth_methods[] = { + { ngx_string("plain"), NGX_MAIL_AUTH_PLAIN_ENABLED }, + { ngx_string("login"), NGX_MAIL_AUTH_LOGIN_ENABLED }, + { ngx_string("cram-md5"), NGX_MAIL_AUTH_CRAM_MD5_ENABLED }, + { ngx_null_string, 0 } +}; + + static ngx_conf_bitmask_t ngx_smtp_auth_methods[] = { { ngx_string("plain"), NGX_MAIL_AUTH_PLAIN_ENABLED }, { ngx_string("login"), NGX_MAIL_AUTH_LOGIN_ENABLED }, @@ -62,6 +70,14 @@ static ngx_conf_bitmask_t ngx_smtp_auth }; +static ngx_str_t ngx_imap_auth_methods_names[] = { + ngx_string("AUTH=PLAIN"), + ngx_string("AUTH=LOGIN"), + ngx_null_string, /* APOP */ + ngx_string("AUTH=CRAM-MD5") +}; + + static ngx_str_t ngx_smtp_auth_methods_names[] = { ngx_string("PLAIN"), ngx_string("LOGIN"), @@ -172,6 +188,13 @@ static ngx_command_t ngx_mail_core_comm offsetof(ngx_mail_core_srv_conf_t, pop3_auth_methods), &ngx_pop3_auth_methods }, + { ngx_string("imap_auth"), + NGX_MAIL_MAIN_CONF|NGX_MAIL_SRV_CONF|NGX_CONF_1MORE, + ngx_conf_set_bitmask_slot, + NGX_MAIL_SRV_CONF_OFFSET, + offsetof(ngx_mail_core_srv_conf_t, imap_auth_methods), + &ngx_imap_auth_methods }, + { ngx_string("smtp_auth"), NGX_MAIL_MAIN_CONF|NGX_MAIL_SRV_CONF|NGX_CONF_1MORE, ngx_conf_set_bitmask_slot, @@ -278,7 +301,7 @@ ngx_mail_core_merge_srv_conf(ngx_conf_t ngx_mail_core_srv_conf_t *prev = parent; ngx_mail_core_srv_conf_t *conf = child; - u_char *p; + u_char *p, *auth; size_t size, stls_only_size; ngx_str_t *c, *d; ngx_uint_t i, m; @@ -297,6 +320,11 @@ ngx_mail_core_merge_srv_conf(ngx_conf_t (NGX_CONF_BITMASK_SET |NGX_MAIL_AUTH_PLAIN_ENABLED)); + ngx_conf_merge_bitmask_value(conf->imap_auth_methods, + prev->imap_auth_methods, + (NGX_CONF_BITMASK_SET + |NGX_MAIL_AUTH_PLAIN_ENABLED)); + ngx_conf_merge_bitmask_value(conf->smtp_auth_methods, prev->smtp_auth_methods, (NGX_CONF_BITMASK_SET @@ -463,6 +491,15 @@ ngx_mail_core_merge_srv_conf(ngx_conf_t size += 1 + c[i].len; } + for (m = NGX_MAIL_AUTH_PLAIN_ENABLED, i = 0; + m <= NGX_MAIL_AUTH_CRAM_MD5_ENABLED; + m <<= 1, i++) + { + if (m & conf->imap_auth_methods) { + size += 1 + ngx_imap_auth_methods_names[i].len; + } + } + p = ngx_palloc(cf->pool, size); if (p == NULL) { return NGX_CONF_ERROR; @@ -478,6 +515,19 @@ ngx_mail_core_merge_srv_conf(ngx_conf_t p = ngx_cpymem(p, c[i].data, c[i].len); } + auth = p; + + for (m = NGX_MAIL_AUTH_PLAIN_ENABLED, i = 0; + m <= NGX_MAIL_AUTH_CRAM_MD5_ENABLED; + m <<= 1, i++) + { + if (m & conf->imap_auth_methods) { + *p++ = ' '; + p = ngx_cpymem(p, ngx_imap_auth_methods_names[i].data, + ngx_imap_auth_methods_names[i].len); + } + } + *p++ = CR; *p = LF; @@ -497,7 +547,8 @@ ngx_mail_core_merge_srv_conf(ngx_conf_t *p++ = CR; *p = LF; - size += sizeof(" LOGINDISABLED") - 1; + size = (auth - conf->imap_capability.data) + sizeof(CRLF) - 1 + + sizeof(" STARTTLS LOGINDISABLED") - 1; p = ngx_palloc(cf->pool, size); if (p == NULL) { @@ -507,9 +558,10 @@ ngx_mail_core_merge_srv_conf(ngx_conf_t conf->imap_starttls_only_capability.len = size; conf->imap_starttls_only_capability.data = p; - p = ngx_cpymem(p, conf->imap_starttls_capability.data, - conf->imap_starttls_capability.len - (sizeof(CRLF) - 1)); - p = ngx_cpymem(p, " LOGINDISABLED", sizeof(" LOGINDISABLED") - 1); + p = ngx_cpymem(p, conf->imap_capability.data, + auth - conf->imap_capability.data); + p = ngx_cpymem(p, " STARTTLS LOGINDISABLED", + sizeof(" STARTTLS LOGINDISABLED") - 1); *p++ = CR; *p = LF; @@ -582,6 +634,8 @@ ngx_mail_core_merge_srv_conf(ngx_conf_t *p++ = CR; *p++ = LF; } + auth = p; + *p++ = '2'; *p++ = '5'; *p++ = '0'; *p++ = ' '; *p++ = 'A'; *p++ = 'U'; *p++ = 'T'; *p++ = 'H'; @@ -598,6 +652,42 @@ ngx_mail_core_merge_srv_conf(ngx_conf_t *p++ = CR; *p = LF; + size += sizeof("250 STARTTLS" CRLF) - 1; + + p = ngx_palloc(cf->pool, size); + if (p == NULL) { + return NGX_CONF_ERROR; + } + + conf->smtp_starttls_capability.len = size; + conf->smtp_starttls_capability.data = p; + + p = ngx_cpymem(p, conf->smtp_capability.data, + conf->smtp_capability.len); + + p = ngx_cpymem(p, "250 STARTTLS" CRLF, sizeof("250 STARTTLS" CRLF) - 1); + *p++ = CR; *p = LF; + + p = conf->smtp_starttls_capability.data + + (auth - conf->smtp_capability.data) + 3; + *p = '-'; + + size = (auth - conf->smtp_capability.data) + + sizeof("250 STARTTLS" CRLF) - 1; + + p = ngx_palloc(cf->pool, size); + if (p == NULL) { + return NGX_CONF_ERROR; + } + + conf->smtp_starttls_only_capability.len = size; + conf->smtp_starttls_only_capability.data = p; + + p = ngx_cpymem(p, conf->smtp_capability.data, + auth - conf->smtp_capability.data); + + ngx_memcpy(p, "250 STARTTLS" CRLF, sizeof("250 STARTTLS" CRLF) - 1); + return NGX_CONF_OK; } diff --git a/src/mail/ngx_mail_handler.c b/src/mail/ngx_mail_handler.c --- a/src/mail/ngx_mail_handler.c +++ b/src/mail/ngx_mail_handler.c @@ -280,6 +280,9 @@ ngx_mail_init_session(ngx_connection_t * && (cscf->pop3_auth_methods & (NGX_MAIL_AUTH_APOP_ENABLED|NGX_MAIL_AUTH_CRAM_MD5_ENABLED))) + || (s->protocol == NGX_MAIL_IMAP_PROTOCOL + && (cscf->imap_auth_methods & NGX_MAIL_AUTH_CRAM_MD5_ENABLED)) + || (s->protocol == NGX_MAIL_SMTP_PROTOCOL && (cscf->smtp_auth_methods & NGX_MAIL_AUTH_CRAM_MD5_ENABLED))) { @@ -985,7 +988,7 @@ ngx_imap_auth_state(ngx_event_t *rev) { u_char *p, *last, *text, *dst, *src, *end; ssize_t text_len, last_len; - ngx_str_t *arg; + ngx_str_t *arg, salt; ngx_int_t rc; ngx_uint_t tag, i; ngx_connection_t *c; @@ -1055,113 +1058,342 @@ ngx_imap_auth_state(ngx_event_t *rev) s->backslash = 0; } - switch (s->command) { - - case NGX_IMAP_LOGIN: + switch (s->mail_state) { + + case ngx_imap_start: + + switch (s->command) { + + case NGX_IMAP_LOGIN: #if (NGX_MAIL_SSL) - if (c->ssl == NULL) { - sslcf = ngx_mail_get_module_srv_conf(s, ngx_mail_ssl_module); - - if (sslcf->starttls == NGX_MAIL_STARTTLS_ONLY) { + if (c->ssl == NULL) { + sslcf = ngx_mail_get_module_srv_conf(s, ngx_mail_ssl_module); + + if (sslcf->starttls == NGX_MAIL_STARTTLS_ONLY) { + rc = NGX_MAIL_PARSE_INVALID_COMMAND; + break; + } + } +#endif + + arg = s->args.elts; + + if (s->args.nelts == 2 && arg[0].len) { + + s->login.len = arg[0].len; + s->login.data = ngx_palloc(c->pool, s->login.len); + if (s->login.data == NULL) { + ngx_mail_session_internal_server_error(s); + return; + } + + ngx_memcpy(s->login.data, arg[0].data, s->login.len); + + s->passwd.len = arg[1].len; + s->passwd.data = ngx_palloc(c->pool, s->passwd.len); + if (s->passwd.data == NULL) { + ngx_mail_session_internal_server_error(s); + return; + } + + ngx_memcpy(s->passwd.data, arg[1].data, s->passwd.len); + +#if (NGX_DEBUG_MAIL_PASSWD) + ngx_log_debug2(NGX_LOG_DEBUG_MAIL, c->log, 0, + "imap login:\"%V\" passwd:\"%V\"", + &s->login, &s->passwd); +#else + ngx_log_debug1(NGX_LOG_DEBUG_MAIL, c->log, 0, + "imap login:\"%V\"", &s->login); +#endif + + ngx_mail_do_auth(s); + return; + } + + rc = NGX_MAIL_PARSE_INVALID_COMMAND; + break; + + case NGX_IMAP_AUTHENTICATE: + +#if (NGX_MAIL_SSL) + + if (c->ssl == NULL) { + sslcf = ngx_mail_get_module_srv_conf(s, ngx_mail_ssl_module); + + if (sslcf->starttls == NGX_MAIL_STARTTLS_ONLY) { + rc = NGX_MAIL_PARSE_INVALID_COMMAND; + break; + } + } +#endif + + if (s->args.nelts != 1) { rc = NGX_MAIL_PARSE_INVALID_COMMAND; break; } - } + + arg = s->args.elts; + + if (arg[0].len == 5) { + + if (ngx_strncasecmp(arg[0].data, (u_char *) "LOGIN", 5) + == 0) + { + + s->mail_state = ngx_imap_auth_login_username; + + last_len = sizeof(pop3_username) - 1; + last = pop3_username; + tag = 0; + + break; + + } else if (ngx_strncasecmp(arg[0].data, (u_char *) "PLAIN", + 5) + == 0) + { + + s->mail_state = ngx_imap_auth_plain; + + last_len = sizeof(pop3_next) - 1; + last = pop3_next; + tag = 0; + + break; + } + + } else if (arg[0].len == 8 + && ngx_strncasecmp(arg[0].data, + (u_char *) "CRAM-MD5", 8) + == 0) + { + cscf = ngx_mail_get_module_srv_conf(s, ngx_mail_core_module); + + if (!(cscf->imap_auth_methods + & NGX_MAIL_AUTH_CRAM_MD5_ENABLED) + || s->args.nelts != 1) + { + rc = NGX_MAIL_PARSE_INVALID_COMMAND; + break; + } + + s->mail_state = ngx_imap_auth_cram_md5; + + last = ngx_palloc(c->pool, + sizeof("+ " CRLF) - 1 + + ngx_base64_encoded_length(s->salt.len)); + if (last == NULL) { + ngx_mail_session_internal_server_error(s); + return; + } + + last[0] = '+'; last[1]= ' '; + salt.data = &last[2]; + s->salt.len -= 2; + + ngx_encode_base64(&salt, &s->salt); + + s->salt.len += 2; + last_len = 2 + salt.len; + last[last_len++] = CR; last[last_len++] = LF; + tag = 0; + + break; + } + + rc = NGX_MAIL_PARSE_INVALID_COMMAND; + break; + + case NGX_IMAP_CAPABILITY: + cscf = ngx_mail_get_module_srv_conf(s, ngx_mail_core_module); + +#if (NGX_MAIL_SSL) + + if (c->ssl == NULL) { + sslcf = ngx_mail_get_module_srv_conf(s, ngx_mail_ssl_module); + + if (sslcf->starttls == NGX_MAIL_STARTTLS_ON) { + text_len = cscf->imap_starttls_capability.len; + text = cscf->imap_starttls_capability.data; + break; + } + + if (sslcf->starttls == NGX_MAIL_STARTTLS_ONLY) { + text_len = cscf->imap_starttls_only_capability.len; + text = cscf->imap_starttls_only_capability.data; + break; + } + } #endif + text_len = cscf->imap_capability.len; + text = cscf->imap_capability.data; + break; + + case NGX_IMAP_LOGOUT: + s->quit = 1; + text = imap_bye; + text_len = sizeof(imap_bye) - 1; + break; + + case NGX_IMAP_NOOP: + break; + +#if (NGX_MAIL_SSL) + + case NGX_IMAP_STARTTLS: + if (c->ssl == NULL) { + sslcf = ngx_mail_get_module_srv_conf(s, ngx_mail_ssl_module); + if (sslcf->starttls) { + c->read->handler = ngx_mail_starttls_handler; + break; + } + } + + rc = NGX_MAIL_PARSE_INVALID_COMMAND; + break; +#endif + + default: + rc = NGX_MAIL_PARSE_INVALID_COMMAND; + break; + } + + break; + + case ngx_imap_auth_login_username: arg = s->args.elts; - - if (s->args.nelts == 2 && arg[0].len) { - - s->login.len = arg[0].len; - s->login.data = ngx_palloc(c->pool, s->login.len); - if (s->login.data == NULL) { - ngx_mail_session_internal_server_error(s); - return; - } - - ngx_memcpy(s->login.data, arg[0].data, s->login.len); - - s->passwd.len = arg[1].len; - s->passwd.data = ngx_palloc(c->pool, s->passwd.len); - if (s->passwd.data == NULL) { - ngx_mail_session_internal_server_error(s); - return; - } - - ngx_memcpy(s->passwd.data, arg[1].data, s->passwd.len); + s->mail_state = ngx_imap_auth_login_password; + + ngx_log_debug1(NGX_LOG_DEBUG_MAIL, c->log, 0, + "imap auth login username: \"%V\"", &arg[0]); + + s->login.data = ngx_palloc(c->pool, + ngx_base64_decoded_length(arg[0].len)); + if (s->login.data == NULL){ + ngx_mail_session_internal_server_error(s); + return; + } + + if (ngx_decode_base64(&s->login, &arg[0]) != NGX_OK) { + ngx_log_error(NGX_LOG_INFO, c->log, 0, + "client sent invalid base64 encoding " + "in AUTH LOGIN command"); + rc = NGX_MAIL_PARSE_INVALID_COMMAND; + break; + } + + ngx_log_debug1(NGX_LOG_DEBUG_MAIL, c->log, 0, + "imap auth login username: \"%V\"", &s->login); + + last_len = sizeof(pop3_password) - 1; + last = pop3_password; + tag = 0; + + break; + + case ngx_imap_auth_login_password: + arg = s->args.elts; #if (NGX_DEBUG_MAIL_PASSWD) - ngx_log_debug2(NGX_LOG_DEBUG_MAIL, c->log, 0, - "imap login:\"%V\" passwd:\"%V\"", - &s->login, &s->passwd); -#else - ngx_log_debug1(NGX_LOG_DEBUG_MAIL, c->log, 0, - "imap login:\"%V\"", &s->login); + ngx_log_debug1(NGX_LOG_DEBUG_MAIL, c->log, 0, + "imap auth login password: \"%V\"", &arg[0]); #endif + s->passwd.data = ngx_palloc(c->pool, + ngx_base64_decoded_length(arg[0].len)); + if (s->passwd.data == NULL){ + ngx_mail_session_internal_server_error(s); + return; + } + + if (ngx_decode_base64(&s->passwd, &arg[0]) != NGX_OK) { + ngx_log_error(NGX_LOG_INFO, c->log, 0, + "client sent invalid base64 encoding " + "in AUTH LOGIN command"); + rc = NGX_MAIL_PARSE_INVALID_COMMAND; + break; + } + +#if (NGX_DEBUG_MAIL_PASSWD) + ngx_log_debug1(NGX_LOG_DEBUG_MAIL, c->log, 0, + "imap auth login password: \"%V\"", &s->passwd); +#endif + + ngx_mail_do_auth(s); + return; + + case ngx_imap_auth_plain: + arg = s->args.elts; + + rc = ngx_mail_decode_auth_plain(s, &arg[0]); + + if (rc == NGX_OK) { ngx_mail_do_auth(s); return; } - rc = NGX_MAIL_PARSE_INVALID_COMMAND; + if (rc == NGX_ERROR) { + ngx_mail_session_internal_server_error(s); + return; + } + + /* rc == NGX_MAIL_PARSE_INVALID_COMMAND */ + break; - case NGX_IMAP_CAPABILITY: - cscf = ngx_mail_get_module_srv_conf(s, ngx_mail_core_module); - -#if (NGX_MAIL_SSL) - - if (c->ssl == NULL) { - sslcf = ngx_mail_get_module_srv_conf(s, ngx_mail_ssl_module); - - if (sslcf->starttls == NGX_MAIL_STARTTLS_ON) { - text_len = cscf->imap_starttls_capability.len; - text = cscf->imap_starttls_capability.data; - break; - } - - if (sslcf->starttls == NGX_MAIL_STARTTLS_ONLY) { - text_len = cscf->imap_starttls_only_capability.len; - text = cscf->imap_starttls_only_capability.data; + case ngx_imap_auth_cram_md5: + arg = s->args.elts; + + ngx_log_debug1(NGX_LOG_DEBUG_MAIL, c->log, 0, + "imap auth cram-md5: \"%V\"", &arg[0]); + + s->login.data = ngx_palloc(c->pool, + ngx_base64_decoded_length(arg[0].len)); + if (s->login.data == NULL){ + ngx_mail_session_internal_server_error(s); + return; + } + + if (ngx_decode_base64(&s->login, &arg[0]) != NGX_OK) { + ngx_log_error(NGX_LOG_INFO, c->log, 0, + "client sent invalid base64 encoding " + "in AUTH CRAM-MD5 command"); + rc = NGX_MAIL_PARSE_INVALID_COMMAND; + break; + } + + p = s->login.data; + last = p + s->login.len; + + while (p < last) { + if (*p++ == ' ') { + s->login.len = p - s->login.data - 1; + s->passwd.len = last - p; + s->passwd.data = p; break; } } -#endif - - text_len = cscf->imap_capability.len; - text = cscf->imap_capability.data; - break; - - case NGX_IMAP_LOGOUT: - s->quit = 1; - text = imap_bye; - text_len = sizeof(imap_bye) - 1; - break; - - case NGX_IMAP_NOOP: - break; - -#if (NGX_MAIL_SSL) - - case NGX_IMAP_STARTTLS: - if (c->ssl == NULL) { - sslcf = ngx_mail_get_module_srv_conf(s, ngx_mail_ssl_module); - if (sslcf->starttls) { - c->read->handler = ngx_mail_starttls_handler; - break; - } + + if (s->passwd.len != 32) { + ngx_log_error(NGX_LOG_INFO, c->log, 0, + "client sent invalid CRAM-MD5 hash " + "in AUTH CRAM-MD5 command"); + rc = NGX_MAIL_PARSE_INVALID_COMMAND; + break; } - rc = NGX_MAIL_PARSE_INVALID_COMMAND; - break; -#endif - - default: - rc = NGX_MAIL_PARSE_INVALID_COMMAND; - break; + ngx_log_debug2(NGX_LOG_DEBUG_MAIL, c->log, 0, + "imap auth cram-md5: \"%V\" \"%V\"", + &s->login, &s->passwd); + + s->auth_method = NGX_MAIL_AUTH_CRAM_MD5; + + ngx_mail_do_auth(s); + return; } } else if (rc == NGX_IMAP_NEXT) { @@ -1171,6 +1403,8 @@ ngx_imap_auth_state(ngx_event_t *rev) } if (rc == NGX_MAIL_PARSE_INVALID_COMMAND) { + s->mail_state = ngx_imap_start; + s->state = 0; last = imap_invalid_command; last_len = sizeof(imap_invalid_command) - 1; } @@ -1209,9 +1443,18 @@ ngx_imap_auth_state(ngx_event_t *rev) if (rc != NGX_IMAP_NEXT) { s->args.nelts = 0; - s->buffer->pos = s->buffer->start; - s->buffer->last = s->buffer->start; - s->tag.len = 0; + + if (s->state) { + /* preserve tag */ + s->arg_start = s->buffer->start + s->tag.len; + s->buffer->pos = s->arg_start; + s->buffer->last = s->arg_start; + + } else { + s->buffer->pos = s->buffer->start; + s->buffer->last = s->buffer->start; + s->tag.len = 0; + } } ngx_mail_send(c->write); @@ -1229,6 +1472,9 @@ ngx_smtp_auth_state(ngx_event_t *rev) ngx_connection_t *c; ngx_mail_session_t *s; ngx_mail_core_srv_conf_t *cscf; +#if (NGX_MAIL_SSL) + ngx_mail_ssl_conf_t *sslcf; +#endif c = rev->data; s = c->data; @@ -1295,6 +1541,26 @@ ngx_smtp_auth_state(ngx_event_t *rev) } else { s->esmtp = 1; + +#if (NGX_MAIL_SSL) + + if (c->ssl == NULL) { + sslcf = ngx_mail_get_module_srv_conf(s, ngx_mail_ssl_module); + + if (sslcf->starttls == NGX_MAIL_STARTTLS_ON) { + size = cscf->smtp_starttls_capability.len; + text = cscf->smtp_starttls_capability.data; + break; + } + + if (sslcf->starttls == NGX_MAIL_STARTTLS_ONLY) { + size = cscf->smtp_starttls_only_capability.len; + text = cscf->smtp_starttls_only_capability.data; + break; + } + } +#endif + size = cscf->smtp_capability.len; text = cscf->smtp_capability.data; } @@ -1303,6 +1569,18 @@ ngx_smtp_auth_state(ngx_event_t *rev) case NGX_SMTP_AUTH: +#if (NGX_MAIL_SSL) + + if (c->ssl == NULL) { + sslcf = ngx_mail_get_module_srv_conf(s, ngx_mail_ssl_module); + + if (sslcf->starttls == NGX_MAIL_STARTTLS_ONLY) { + rc = NGX_MAIL_PARSE_INVALID_COMMAND; + break; + } + } +#endif + if (s->args.nelts == 0) { text = smtp_invalid_argument; size = sizeof(smtp_invalid_argument) - 1; @@ -1453,6 +1731,38 @@ ngx_smtp_auth_state(ngx_event_t *rev) text = smtp_ok; size = sizeof(smtp_ok) - 1; break; + +#if (NGX_MAIL_SSL) + + case NGX_SMTP_STARTTLS: + if (c->ssl == NULL) { + sslcf = ngx_mail_get_module_srv_conf(s, + ngx_mail_ssl_module); + if (sslcf->starttls) { + c->read->handler = ngx_mail_starttls_handler; + + /* + * RFC3207 requires us to discard any knowledge + * obtained from client before STARTTLS. + */ + + s->smtp_helo.len = 0; + s->smtp_helo.data = NULL; + + text = smtp_ok; + size = sizeof(smtp_ok) - 1; + + break; + } + } + + rc = NGX_MAIL_PARSE_INVALID_COMMAND; + break; +#endif + + default: + rc = NGX_MAIL_PARSE_INVALID_COMMAND; + break; } break; diff --git a/src/mail/ngx_mail_parse.c b/src/mail/ngx_mail_parse.c --- a/src/mail/ngx_mail_parse.c +++ b/src/mail/ngx_mail_parse.c @@ -354,6 +354,27 @@ ngx_int_t ngx_imap_parse_command(ngx_mai } break; + case 12: + if ((c[0] == 'A'|| c[0] == 'a') + && (c[1] == 'U'|| c[1] == 'u') + && (c[2] == 'T'|| c[2] == 't') + && (c[3] == 'H'|| c[3] == 'h') + && (c[4] == 'E'|| c[4] == 'e') + && (c[5] == 'N'|| c[5] == 'n') + && (c[6] == 'T'|| c[6] == 't') + && (c[7] == 'I'|| c[7] == 'i') + && (c[8] == 'C'|| c[8] == 'c') + && (c[9] == 'A'|| c[9] == 'a') + && (c[10] == 'T'|| c[10] == 't') + && (c[11] == 'E'|| c[11] == 'e')) + { + s->command = NGX_IMAP_AUTHENTICATE; + + } else { + goto invalid; + } + break; + default: goto invalid; } @@ -573,7 +594,7 @@ done: s->literal_len = 0; } - s->state = sw_start; + s->state = (s->command != NGX_IMAP_AUTHENTICATE) ? sw_start : sw_argument; return NGX_OK; @@ -646,10 +667,43 @@ ngx_int_t ngx_smtp_parse_command(ngx_mai { s->command = NGX_SMTP_RSET; + } else if (c0 == 'R' && c1 == 'C' && c2 == 'P' && c3 == 'T') + { + s->command = NGX_SMTP_RCPT; + + } else if (c0 == 'V' && c1 == 'R' && c2 == 'F' && c3 == 'Y') + { + s->command = NGX_SMTP_VRFY; + + } else if (c0 == 'E' && c1 == 'X' && c2 == 'P' && c3 == 'N') + { + s->command = NGX_SMTP_EXPN; + + } else if (c0 == 'H' && c1 == 'E' && c2 == 'L' && c3 == 'P') + { + s->command = NGX_SMTP_HELP; + } else { goto invalid; } +#if (NGX_MAIL_SSL) + } else if (p - c == 8) { + if ((c[0] == 'S'|| c[0] == 's') + && (c[1] == 'T'|| c[1] == 't') + && (c[2] == 'A'|| c[2] == 'a') + && (c[3] == 'R'|| c[3] == 'r') + && (c[4] == 'T'|| c[4] == 't') + && (c[5] == 'T'|| c[5] == 't') + && (c[6] == 'L'|| c[6] == 'l') + && (c[7] == 'S'|| c[7] == 's')) + { + s->command = NGX_SMTP_STARTTLS; + + } else { + goto invalid; + } +#endif } else { goto invalid; }