Mercurial > hg > nginx
annotate src/imap/ngx_imap_auth_http_module.c @ 854:1673f197bc62
fix segfault when many auth failures occurred
author | Igor Sysoev <igor@sysoev.ru> |
---|---|
date | Fri, 17 Nov 2006 08:46:34 +0000 |
parents | da9c1521319d |
children | 0197d6aae54e |
rev | line source |
---|---|
521 | 1 |
2 /* | |
3 * Copyright (C) Igor Sysoev | |
4 */ | |
5 | |
6 | |
7 #include <ngx_config.h> | |
8 #include <ngx_core.h> | |
9 #include <ngx_event.h> | |
10 #include <ngx_event_connect.h> | |
11 #include <ngx_imap.h> | |
12 | |
13 | |
14 typedef struct { | |
527 | 15 ngx_peers_t *peers; |
521 | 16 |
527 | 17 ngx_msec_t timeout; |
521 | 18 |
527 | 19 ngx_str_t host_header; |
20 ngx_str_t uri; | |
573 | 21 ngx_str_t header; |
22 | |
23 ngx_array_t *headers; | |
521 | 24 } ngx_imap_auth_http_conf_t; |
25 | |
26 | |
527 | 27 typedef struct ngx_imap_auth_http_ctx_s ngx_imap_auth_http_ctx_t; |
28 | |
29 typedef void (*ngx_imap_auth_http_handler_pt)(ngx_imap_session_t *s, | |
30 ngx_imap_auth_http_ctx_t *ctx); | |
31 | |
32 struct ngx_imap_auth_http_ctx_s { | |
33 ngx_buf_t *request; | |
34 ngx_buf_t *response; | |
35 ngx_peer_connection_t peer; | |
36 | |
37 ngx_imap_auth_http_handler_pt handler; | |
38 | |
39 ngx_uint_t state; | |
40 ngx_uint_t hash; /* no needed ? */ | |
41 | |
42 u_char *header_name_start; | |
43 u_char *header_name_end; | |
44 u_char *header_start; | |
45 u_char *header_end; | |
46 | |
47 ngx_str_t addr; | |
48 ngx_str_t port; | |
49 ngx_str_t err; | |
567 | 50 ngx_str_t errmsg; |
527 | 51 |
547 | 52 time_t sleep; |
527 | 53 |
547 | 54 ngx_pool_t *pool; |
527 | 55 }; |
521 | 56 |
57 | |
58 static void ngx_imap_auth_http_write_handler(ngx_event_t *wev); | |
59 static void ngx_imap_auth_http_read_handler(ngx_event_t *rev); | |
527 | 60 static void ngx_imap_auth_http_ignore_status_line(ngx_imap_session_t *s, |
61 ngx_imap_auth_http_ctx_t *ctx); | |
62 static void ngx_imap_auth_http_process_headers(ngx_imap_session_t *s, | |
63 ngx_imap_auth_http_ctx_t *ctx); | |
64 static void ngx_imap_auth_sleep_handler(ngx_event_t *rev); | |
65 static ngx_int_t ngx_imap_auth_http_parse_header_line(ngx_imap_session_t *s, | |
66 ngx_imap_auth_http_ctx_t *ctx); | |
521 | 67 static void ngx_imap_auth_http_block_read(ngx_event_t *rev); |
68 static void ngx_imap_auth_http_dummy_handler(ngx_event_t *ev); | |
69 static ngx_buf_t *ngx_imap_auth_http_create_request(ngx_imap_session_t *s, | |
547 | 70 ngx_pool_t *pool, ngx_imap_auth_http_conf_t *ahcf); |
633 | 71 static ngx_int_t ngx_imap_auth_http_escape(ngx_pool_t *pool, ngx_str_t *text, |
72 ngx_str_t *escaped); | |
521 | 73 |
74 static void *ngx_imap_auth_http_create_conf(ngx_conf_t *cf); | |
75 static char *ngx_imap_auth_http_merge_conf(ngx_conf_t *cf, void *parent, | |
76 void *child); | |
77 static char *ngx_imap_auth_http(ngx_conf_t *cf, ngx_command_t *cmd, void *conf); | |
573 | 78 static char *ngx_imap_auth_http_header(ngx_conf_t *cf, ngx_command_t *cmd, |
79 void *conf); | |
521 | 80 |
81 | |
82 static ngx_command_t ngx_imap_auth_http_commands[] = { | |
83 | |
84 { ngx_string("auth_http"), | |
85 NGX_IMAP_MAIN_CONF|NGX_IMAP_SRV_CONF|NGX_CONF_TAKE1, | |
86 ngx_imap_auth_http, | |
87 NGX_IMAP_SRV_CONF_OFFSET, | |
88 0, | |
89 NULL }, | |
90 | |
91 { ngx_string("auth_http_timeout"), | |
92 NGX_IMAP_MAIN_CONF|NGX_IMAP_SRV_CONF|NGX_CONF_TAKE1, | |
93 ngx_conf_set_msec_slot, | |
94 NGX_IMAP_SRV_CONF_OFFSET, | |
95 offsetof(ngx_imap_auth_http_conf_t, timeout), | |
96 NULL }, | |
97 | |
573 | 98 { ngx_string("auth_http_header"), |
99 NGX_IMAP_MAIN_CONF|NGX_IMAP_SRV_CONF|NGX_CONF_TAKE2, | |
100 ngx_imap_auth_http_header, | |
101 NGX_IMAP_SRV_CONF_OFFSET, | |
102 0, | |
103 NULL }, | |
104 | |
521 | 105 ngx_null_command |
106 }; | |
107 | |
108 | |
109 static ngx_imap_module_t ngx_imap_auth_http_module_ctx = { | |
110 NULL, /* create main configuration */ | |
111 NULL, /* init main configuration */ | |
112 | |
113 ngx_imap_auth_http_create_conf, /* create server configuration */ | |
114 ngx_imap_auth_http_merge_conf /* merge server configuration */ | |
115 }; | |
116 | |
117 | |
118 ngx_module_t ngx_imap_auth_http_module = { | |
119 NGX_MODULE_V1, | |
120 &ngx_imap_auth_http_module_ctx, /* module context */ | |
121 ngx_imap_auth_http_commands, /* module directives */ | |
122 NGX_IMAP_MODULE, /* module type */ | |
541 | 123 NULL, /* init master */ |
521 | 124 NULL, /* init module */ |
541 | 125 NULL, /* init process */ |
126 NULL, /* init thread */ | |
127 NULL, /* exit thread */ | |
128 NULL, /* exit process */ | |
129 NULL, /* exit master */ | |
130 NGX_MODULE_V1_PADDING | |
521 | 131 }; |
132 | |
133 | |
800 | 134 static char *ngx_imap_auth_http_protocol[] = { "pop3", "imap" }; |
135 static ngx_str_t ngx_imap_auth_http_method[] = { | |
809 | 136 ngx_string("plain"), |
137 ngx_string("apop"), | |
138 ngx_string("cram-md5") | |
800 | 139 }; |
521 | 140 |
141 | |
142 void | |
143 ngx_imap_auth_http_init(ngx_imap_session_t *s) | |
144 { | |
145 ngx_int_t rc; | |
547 | 146 ngx_pool_t *pool; |
521 | 147 ngx_imap_auth_http_ctx_t *ctx; |
148 ngx_imap_auth_http_conf_t *ahcf; | |
149 | |
541 | 150 s->connection->log->action = "in http auth state"; |
151 | |
547 | 152 pool = ngx_create_pool(2048, s->connection->log); |
153 if (pool == NULL) { | |
525 | 154 ngx_imap_session_internal_server_error(s); |
521 | 155 return; |
156 } | |
157 | |
547 | 158 ctx = ngx_pcalloc(pool, sizeof(ngx_imap_auth_http_ctx_t)); |
159 if (ctx == NULL) { | |
160 ngx_destroy_pool(pool); | |
161 ngx_imap_session_internal_server_error(s); | |
162 return; | |
163 } | |
164 | |
165 ctx->pool = pool; | |
166 | |
521 | 167 ahcf = ngx_imap_get_module_srv_conf(s, ngx_imap_auth_http_module); |
168 | |
547 | 169 ctx->request = ngx_imap_auth_http_create_request(s, pool, ahcf); |
521 | 170 if (ctx->request == NULL) { |
547 | 171 ngx_destroy_pool(ctx->pool); |
525 | 172 ngx_imap_session_internal_server_error(s); |
521 | 173 return; |
174 } | |
175 | |
176 ngx_imap_set_ctx(s, ctx, ngx_imap_auth_http_module); | |
177 | |
178 ctx->peer.peers = ahcf->peers; | |
179 ctx->peer.log = s->connection->log; | |
180 ctx->peer.log_error = NGX_ERROR_ERR; | |
181 | |
182 rc = ngx_event_connect_peer(&ctx->peer); | |
183 | |
543 | 184 if (rc == NGX_ERROR || rc == NGX_BUSY || rc == NGX_DECLINED) { |
185 ngx_close_connection(ctx->peer.connection); | |
547 | 186 ngx_destroy_pool(ctx->pool); |
525 | 187 ngx_imap_session_internal_server_error(s); |
521 | 188 return; |
189 } | |
190 | |
191 ctx->peer.connection->data = s; | |
192 ctx->peer.connection->pool = s->connection->pool; | |
193 | |
194 s->connection->read->handler = ngx_imap_auth_http_block_read; | |
195 ctx->peer.connection->read->handler = ngx_imap_auth_http_read_handler; | |
196 ctx->peer.connection->write->handler = ngx_imap_auth_http_write_handler; | |
197 | |
527 | 198 ctx->handler = ngx_imap_auth_http_ignore_status_line; |
199 | |
541 | 200 ngx_add_timer(ctx->peer.connection->read, ahcf->timeout); |
201 ngx_add_timer(ctx->peer.connection->write, ahcf->timeout); | |
202 | |
521 | 203 if (rc == NGX_OK) { |
204 ngx_imap_auth_http_write_handler(ctx->peer.connection->write); | |
205 return; | |
206 } | |
207 } | |
208 | |
209 | |
210 static void | |
211 ngx_imap_auth_http_write_handler(ngx_event_t *wev) | |
212 { | |
213 ssize_t n, size; | |
214 ngx_connection_t *c; | |
215 ngx_imap_session_t *s; | |
216 ngx_imap_auth_http_ctx_t *ctx; | |
217 ngx_imap_auth_http_conf_t *ahcf; | |
218 | |
219 c = wev->data; | |
220 s = c->data; | |
221 | |
222 ctx = ngx_imap_get_module_ctx(s, ngx_imap_auth_http_module); | |
223 | |
224 ngx_log_debug0(NGX_LOG_DEBUG_IMAP, wev->log, 0, | |
225 "imap auth http write handler"); | |
226 | |
577 | 227 if (wev->timedout) { |
521 | 228 ngx_log_error(NGX_LOG_ERR, wev->log, NGX_ETIMEDOUT, |
541 | 229 "auth http server %V timed out", |
230 &ctx->peer.peers->peer[0].name); | |
525 | 231 ngx_close_connection(ctx->peer.connection); |
547 | 232 ngx_destroy_pool(ctx->pool); |
525 | 233 ngx_imap_session_internal_server_error(s); |
521 | 234 return; |
235 } | |
236 | |
237 size = ctx->request->last - ctx->request->pos; | |
238 | |
239 n = ngx_send(c, ctx->request->pos, size); | |
240 | |
241 if (n == NGX_ERROR) { | |
525 | 242 ngx_close_connection(ctx->peer.connection); |
547 | 243 ngx_destroy_pool(ctx->pool); |
525 | 244 ngx_imap_session_internal_server_error(s); |
521 | 245 return; |
246 } | |
247 | |
248 if (n > 0) { | |
249 ctx->request->pos += n; | |
250 | |
251 if (n == size) { | |
252 wev->handler = ngx_imap_auth_http_dummy_handler; | |
253 | |
254 if (wev->timer_set) { | |
255 ngx_del_timer(wev); | |
256 } | |
257 | |
799
9737d6fb1ac6
disable write level event while waiting auth server response
Igor Sysoev <igor@sysoev.ru>
parents:
633
diff
changeset
|
258 if (ngx_handle_write_event(wev, 0) == NGX_ERROR) { |
9737d6fb1ac6
disable write level event while waiting auth server response
Igor Sysoev <igor@sysoev.ru>
parents:
633
diff
changeset
|
259 ngx_close_connection(ctx->peer.connection); |
9737d6fb1ac6
disable write level event while waiting auth server response
Igor Sysoev <igor@sysoev.ru>
parents:
633
diff
changeset
|
260 ngx_destroy_pool(ctx->pool); |
9737d6fb1ac6
disable write level event while waiting auth server response
Igor Sysoev <igor@sysoev.ru>
parents:
633
diff
changeset
|
261 ngx_imap_session_internal_server_error(s); |
9737d6fb1ac6
disable write level event while waiting auth server response
Igor Sysoev <igor@sysoev.ru>
parents:
633
diff
changeset
|
262 } |
9737d6fb1ac6
disable write level event while waiting auth server response
Igor Sysoev <igor@sysoev.ru>
parents:
633
diff
changeset
|
263 |
521 | 264 return; |
265 } | |
266 } | |
267 | |
268 if (!wev->timer_set) { | |
269 ahcf = ngx_imap_get_module_srv_conf(s, ngx_imap_auth_http_module); | |
270 ngx_add_timer(wev, ahcf->timeout); | |
271 } | |
272 } | |
273 | |
274 | |
275 static void | |
276 ngx_imap_auth_http_read_handler(ngx_event_t *rev) | |
277 { | |
525 | 278 ssize_t n, size; |
521 | 279 ngx_connection_t *c; |
280 ngx_imap_session_t *s; | |
281 ngx_imap_auth_http_ctx_t *ctx; | |
282 | |
283 c = rev->data; | |
284 s = c->data; | |
285 | |
286 ngx_log_debug0(NGX_LOG_DEBUG_IMAP, rev->log, 0, | |
287 "imap auth http read handler"); | |
288 | |
525 | 289 ctx = ngx_imap_get_module_ctx(s, ngx_imap_auth_http_module); |
290 | |
577 | 291 if (rev->timedout) { |
525 | 292 ngx_log_error(NGX_LOG_ERR, rev->log, NGX_ETIMEDOUT, |
541 | 293 "auth http server %V timed out", |
294 &ctx->peer.peers->peer[0].name); | |
525 | 295 ngx_close_connection(ctx->peer.connection); |
547 | 296 ngx_destroy_pool(ctx->pool); |
525 | 297 ngx_imap_session_internal_server_error(s); |
298 return; | |
299 } | |
300 | |
301 if (ctx->response == NULL) { | |
547 | 302 ctx->response = ngx_create_temp_buf(ctx->pool, 1024); |
525 | 303 if (ctx->response == NULL) { |
304 ngx_close_connection(ctx->peer.connection); | |
547 | 305 ngx_destroy_pool(ctx->pool); |
525 | 306 ngx_imap_session_internal_server_error(s); |
307 return; | |
308 } | |
309 } | |
310 | |
527 | 311 size = ctx->response->end - ctx->response->last; |
525 | 312 |
313 n = ngx_recv(c, ctx->response->pos, size); | |
314 | |
527 | 315 if (n > 0) { |
316 ctx->response->last += n; | |
317 | |
318 ctx->handler(s, ctx); | |
319 return; | |
320 } | |
321 | |
322 if (n == NGX_AGAIN) { | |
525 | 323 return; |
324 } | |
325 | |
527 | 326 ngx_close_connection(ctx->peer.connection); |
547 | 327 ngx_destroy_pool(ctx->pool); |
527 | 328 ngx_imap_session_internal_server_error(s); |
329 } | |
525 | 330 |
331 | |
527 | 332 static void |
333 ngx_imap_auth_http_ignore_status_line(ngx_imap_session_t *s, | |
334 ngx_imap_auth_http_ctx_t *ctx) | |
335 { | |
336 u_char *p, ch; | |
337 enum { | |
338 sw_start = 0, | |
339 sw_H, | |
340 sw_HT, | |
341 sw_HTT, | |
342 sw_HTTP, | |
343 sw_skip, | |
344 sw_almost_done | |
345 } state; | |
346 | |
347 ngx_log_debug0(NGX_LOG_DEBUG_IMAP, s->connection->log, 0, | |
348 "imap auth http process status line"); | |
349 | |
350 state = ctx->state; | |
351 | |
352 for (p = ctx->response->pos; p < ctx->response->last; p++) { | |
353 ch = *p; | |
354 | |
355 switch (state) { | |
356 | |
357 /* "HTTP/" */ | |
358 case sw_start: | |
359 if (ch == 'H') { | |
360 state = sw_H; | |
361 break; | |
362 } | |
363 goto next; | |
364 | |
365 case sw_H: | |
366 if (ch == 'T') { | |
367 state = sw_HT; | |
368 break; | |
369 } | |
370 goto next; | |
371 | |
372 case sw_HT: | |
373 if (ch == 'T') { | |
374 state = sw_HTT; | |
375 break; | |
376 } | |
377 goto next; | |
378 | |
379 case sw_HTT: | |
380 if (ch == 'P') { | |
381 state = sw_HTTP; | |
382 break; | |
383 } | |
384 goto next; | |
385 | |
386 case sw_HTTP: | |
387 if (ch == '/') { | |
388 state = sw_skip; | |
389 break; | |
390 } | |
391 goto next; | |
392 | |
393 /* any text until end of line */ | |
394 case sw_skip: | |
395 switch (ch) { | |
396 case CR: | |
397 state = sw_almost_done; | |
398 | |
399 break; | |
577 | 400 case LF: |
527 | 401 goto done; |
402 } | |
403 break; | |
404 | |
405 /* end of status line */ | |
406 case sw_almost_done: | |
407 if (ch == LF) { | |
408 goto done; | |
409 } | |
410 | |
411 ngx_log_error(NGX_LOG_ERR, s->connection->log, 0, | |
541 | 412 "auth http server &V sent invalid response", |
413 &ctx->peer.peers->peer[0].name); | |
527 | 414 ngx_close_connection(ctx->peer.connection); |
547 | 415 ngx_destroy_pool(ctx->pool); |
527 | 416 ngx_imap_session_internal_server_error(s); |
417 return; | |
418 } | |
419 } | |
420 | |
421 ctx->response->pos = p; | |
422 ctx->state = state; | |
423 | |
424 return; | |
425 | |
426 next: | |
427 | |
428 p = ctx->response->start - 1; | |
429 | |
430 done: | |
431 | |
432 ctx->response->pos = p + 1; | |
433 ctx->state = 0; | |
434 ctx->handler = ngx_imap_auth_http_process_headers; | |
435 ctx->handler(s, ctx); | |
436 } | |
525 | 437 |
438 | |
527 | 439 static void |
440 ngx_imap_auth_http_process_headers(ngx_imap_session_t *s, | |
441 ngx_imap_auth_http_ctx_t *ctx) | |
442 { | |
443 u_char *p; | |
547 | 444 time_t timer; |
527 | 445 size_t len, size; |
446 ngx_int_t rc, port, n; | |
547 | 447 ngx_peers_t *peers; |
527 | 448 struct sockaddr_in *sin; |
525 | 449 |
527 | 450 ngx_log_debug0(NGX_LOG_DEBUG_IMAP, s->connection->log, 0, |
451 "imap auth http process headers"); | |
452 | |
453 for ( ;; ) { | |
454 rc = ngx_imap_auth_http_parse_header_line(s, ctx); | |
455 | |
456 if (rc == NGX_OK) { | |
457 | |
458 #if (NGX_DEBUG) | |
459 { | |
460 ngx_str_t key, value; | |
461 | |
462 key.len = ctx->header_name_end - ctx->header_name_start; | |
463 key.data = ctx->header_name_start; | |
464 value.len = ctx->header_end - ctx->header_start; | |
465 value.data = ctx->header_start; | |
466 | |
467 ngx_log_debug2(NGX_LOG_DEBUG_IMAP, s->connection->log, 0, | |
468 "auth http header: \"%V: %V\"", | |
469 &key, &value); | |
470 } | |
471 #endif | |
472 | |
473 len = ctx->header_name_end - ctx->header_name_start; | |
474 | |
475 if (len == sizeof("Auth-Status") - 1 | |
476 && ngx_strncasecmp(ctx->header_name_start, "Auth-Status", | |
477 sizeof("Auth-Status") - 1) == 0) | |
478 { | |
479 len = ctx->header_end - ctx->header_start; | |
480 | |
481 if (len == 2 | |
482 && ctx->header_start[0] == 'O' | |
483 && ctx->header_start[1] == 'K') | |
484 { | |
485 continue; | |
486 } | |
487 | |
567 | 488 ctx->errmsg.len = len; |
489 ctx->errmsg.data = ctx->header_start; | |
490 | |
527 | 491 if (s->protocol == NGX_IMAP_POP3_PROTOCOL) { |
854
1673f197bc62
fix segfault when many auth failures occurred
Igor Sysoev <igor@sysoev.ru>
parents:
809
diff
changeset
|
492 size = sizeof("-ERR ") - 1 + len + sizeof(CRLF) - 1; |
527 | 493 |
494 } else { | |
854
1673f197bc62
fix segfault when many auth failures occurred
Igor Sysoev <igor@sysoev.ru>
parents:
809
diff
changeset
|
495 size = s->tag.len + sizeof("NO ") - 1 + len |
527 | 496 + sizeof(CRLF) - 1; |
497 } | |
498 | |
499 p = ngx_pcalloc(s->connection->pool, size); | |
500 if (p == NULL) { | |
543 | 501 ngx_close_connection(ctx->peer.connection); |
547 | 502 ngx_destroy_pool(ctx->pool); |
527 | 503 ngx_imap_session_internal_server_error(s); |
504 return; | |
505 } | |
506 | |
507 ctx->err.data = p; | |
508 | |
509 if (s->protocol == NGX_IMAP_POP3_PROTOCOL) { | |
510 *p++ = '-'; *p++ = 'E'; *p++ = 'R'; *p++ = 'R'; | |
511 | |
512 } else { | |
513 p = ngx_cpymem(p, s->tag.data, s->tag.len); | |
514 *p++ = 'N'; *p++ = 'O'; | |
515 } | |
516 | |
517 *p++ = ' '; | |
567 | 518 |
527 | 519 p = ngx_cpymem(p, ctx->header_start, len); |
520 *p++ = CR; *p++ = LF; | |
521 | |
522 ctx->err.len = p - ctx->err.data; | |
523 | |
524 continue; | |
525 } | |
526 | |
527 if (len == sizeof("Auth-Server") - 1 | |
528 && ngx_strncasecmp(ctx->header_name_start, "Auth-Server", | |
529 sizeof("Auth-Server") - 1) == 0) | |
530 { | |
531 ctx->addr.len = ctx->header_end - ctx->header_start; | |
532 ctx->addr.data = ctx->header_start; | |
533 | |
534 continue; | |
535 } | |
536 | |
537 if (len == sizeof("Auth-Port") - 1 | |
538 && ngx_strncasecmp(ctx->header_name_start, "Auth-Port", | |
539 sizeof("Auth-Port") - 1) == 0) | |
540 { | |
541 ctx->port.len = ctx->header_end - ctx->header_start; | |
542 ctx->port.data = ctx->header_start; | |
543 | |
544 continue; | |
545 } | |
546 | |
547 if (len == sizeof("Auth-User") - 1 | |
548 && ngx_strncasecmp(ctx->header_name_start, "Auth-User", | |
549 sizeof("Auth-User") - 1) == 0) | |
550 { | |
551 s->login.len = ctx->header_end - ctx->header_start; | |
567 | 552 |
553 s->login.data = ngx_palloc(s->connection->pool, s->login.len); | |
554 if (s->login.data == NULL) { | |
555 ngx_close_connection(ctx->peer.connection); | |
556 ngx_destroy_pool(ctx->pool); | |
557 ngx_imap_session_internal_server_error(s); | |
558 return; | |
559 } | |
560 | |
561 ngx_memcpy(s->login.data, ctx->header_start, s->login.len); | |
527 | 562 |
563 continue; | |
564 } | |
565 | |
800 | 566 if (len == sizeof("Auth-Pass") - 1 |
567 && ngx_strncasecmp(ctx->header_name_start, "Auth-Pass", | |
568 sizeof("Auth-Pass") - 1) == 0) | |
569 { | |
570 s->passwd.len = ctx->header_end - ctx->header_start; | |
571 | |
572 s->passwd.data = ngx_palloc(s->connection->pool, s->passwd.len); | |
573 if (s->passwd.data == NULL) { | |
574 ngx_close_connection(ctx->peer.connection); | |
575 ngx_destroy_pool(ctx->pool); | |
576 ngx_imap_session_internal_server_error(s); | |
577 return; | |
578 } | |
579 | |
580 ngx_memcpy(s->passwd.data, ctx->header_start, s->passwd.len); | |
581 | |
582 continue; | |
583 } | |
584 | |
527 | 585 if (len == sizeof("Auth-Wait") - 1 |
586 && ngx_strncasecmp(ctx->header_name_start, "Auth-Wait", | |
587 sizeof("Auth-Wait") - 1) == 0) | |
588 { | |
589 n = ngx_atoi(ctx->header_start, | |
590 ctx->header_end - ctx->header_start); | |
591 | |
592 if (n != NGX_ERROR) { | |
593 ctx->sleep = n; | |
594 } | |
595 | |
596 continue; | |
597 } | |
598 | |
599 /* ignore other headers */ | |
600 | |
601 continue; | |
602 } | |
603 | |
604 if (rc == NGX_DONE) { | |
605 ngx_log_debug0(NGX_LOG_DEBUG_IMAP, s->connection->log, 0, | |
606 "auth http header done"); | |
607 | |
608 ngx_close_connection(ctx->peer.connection); | |
609 | |
610 if (ctx->err.len) { | |
567 | 611 ngx_log_error(NGX_LOG_INFO, s->connection->log, 0, |
612 "client login failed: \"%V\"", &ctx->errmsg); | |
613 | |
539 | 614 s->out = ctx->err; |
547 | 615 timer = ctx->sleep; |
527 | 616 |
547 | 617 ngx_destroy_pool(ctx->pool); |
618 | |
619 if (timer == 0) { | |
539 | 620 s->quit = 1; |
541 | 621 ngx_imap_send(s->connection->write); |
622 return; | |
623 } | |
539 | 624 |
547 | 625 ngx_add_timer(s->connection->read, timer * 1000); |
527 | 626 |
627 s->connection->read->handler = ngx_imap_auth_sleep_handler; | |
628 | |
629 return; | |
630 } | |
631 | |
632 if (ctx->addr.len == 0 || ctx->port.len == 0) { | |
633 ngx_log_error(NGX_LOG_ERR, s->connection->log, 0, | |
541 | 634 "auth http server %V did not send server or port", |
635 &ctx->peer.peers->peer[0].name); | |
547 | 636 ngx_destroy_pool(ctx->pool); |
527 | 637 ngx_imap_session_internal_server_error(s); |
638 return; | |
639 } | |
640 | |
800 | 641 if (s->passwd.data == NULL) { |
642 ngx_log_error(NGX_LOG_ERR, s->connection->log, 0, | |
643 "auth http server %V did not send password", | |
644 &ctx->peer.peers->peer[0].name); | |
645 ngx_destroy_pool(ctx->pool); | |
646 ngx_imap_session_internal_server_error(s); | |
647 return; | |
648 } | |
649 | |
547 | 650 peers = ngx_pcalloc(s->connection->pool, sizeof(ngx_peers_t)); |
651 if (peers == NULL) { | |
652 ngx_destroy_pool(ctx->pool); | |
527 | 653 ngx_imap_session_internal_server_error(s); |
654 return; | |
655 } | |
656 | |
657 sin = ngx_pcalloc(s->connection->pool, sizeof(struct sockaddr_in)); | |
658 if (sin == NULL) { | |
547 | 659 ngx_destroy_pool(ctx->pool); |
527 | 660 ngx_imap_session_internal_server_error(s); |
661 return; | |
662 } | |
663 | |
664 sin->sin_family = AF_INET; | |
665 | |
666 port = ngx_atoi(ctx->port.data, ctx->port.len); | |
667 if (port == NGX_ERROR || port < 1 || port > 65536) { | |
668 ngx_log_error(NGX_LOG_ERR, s->connection->log, 0, | |
541 | 669 "auth http server %V sent invalid server " |
670 "port:\"%V\"", | |
671 &ctx->peer.peers->peer[0].name, &ctx->port); | |
547 | 672 ngx_destroy_pool(ctx->pool); |
527 | 673 ngx_imap_session_internal_server_error(s); |
674 return; | |
675 } | |
676 | |
677 sin->sin_port = htons((in_port_t) port); | |
678 | |
679 ctx->addr.data[ctx->addr.len] = '\0'; | |
680 sin->sin_addr.s_addr = inet_addr((char *) ctx->addr.data); | |
681 if (sin->sin_addr.s_addr == INADDR_NONE) { | |
682 ngx_log_error(NGX_LOG_ERR, s->connection->log, 0, | |
541 | 683 "auth http server %V sent invalid server " |
684 "address:\"%V\"", | |
685 &ctx->peer.peers->peer[0].name, &ctx->addr); | |
547 | 686 ngx_destroy_pool(ctx->pool); |
527 | 687 ngx_imap_session_internal_server_error(s); |
688 return; | |
689 } | |
690 | |
547 | 691 peers->number = 1; |
527 | 692 |
547 | 693 peers->peer[0].sockaddr = (struct sockaddr *) sin; |
694 peers->peer[0].socklen = sizeof(struct sockaddr_in); | |
527 | 695 |
696 len = ctx->addr.len + 1 + ctx->port.len; | |
697 | |
547 | 698 peers->peer[0].name.len = len; |
527 | 699 |
547 | 700 peers->peer[0].name.data = ngx_palloc(s->connection->pool, len); |
701 if (peers->peer[0].name.data == NULL) { | |
702 ngx_destroy_pool(ctx->pool); | |
527 | 703 ngx_imap_session_internal_server_error(s); |
704 return; | |
705 } | |
706 | |
707 len = ctx->addr.len; | |
708 | |
547 | 709 ngx_memcpy(peers->peer[0].name.data, ctx->addr.data, len); |
527 | 710 |
547 | 711 peers->peer[0].name.data[len++] = ':'; |
527 | 712 |
547 | 713 ngx_memcpy(peers->peer[0].name.data + len, |
527 | 714 ctx->port.data, ctx->port.len); |
715 | |
547 | 716 peers->peer[0].uri_separator = ""; |
527 | 717 |
547 | 718 ngx_destroy_pool(ctx->pool); |
719 ngx_imap_proxy_init(s, peers); | |
527 | 720 |
721 return; | |
722 } | |
723 | |
724 if (rc == NGX_AGAIN ) { | |
725 return; | |
726 } | |
727 | |
728 /* rc == NGX_ERROR */ | |
729 | |
730 ngx_log_error(NGX_LOG_ERR, s->connection->log, 0, | |
541 | 731 "auth http server %V sent invalid header in response", |
732 &ctx->peer.peers->peer[0].name); | |
527 | 733 ngx_close_connection(ctx->peer.connection); |
547 | 734 ngx_destroy_pool(ctx->pool); |
527 | 735 ngx_imap_session_internal_server_error(s); |
736 | |
737 return; | |
738 } | |
739 } | |
740 | |
521 | 741 |
527 | 742 static void |
743 ngx_imap_auth_sleep_handler(ngx_event_t *rev) | |
744 { | |
543 | 745 ngx_connection_t *c; |
746 ngx_imap_session_t *s; | |
747 ngx_imap_core_srv_conf_t *cscf; | |
527 | 748 |
749 ngx_log_debug0(NGX_LOG_DEBUG_IMAP, rev->log, 0, "imap auth sleep handler"); | |
750 | |
751 c = rev->data; | |
752 s = c->data; | |
753 | |
754 if (rev->timedout) { | |
755 | |
756 rev->timedout = 0; | |
757 | |
758 if (s->protocol == NGX_IMAP_POP3_PROTOCOL) { | |
759 s->imap_state = ngx_pop3_start; | |
760 s->connection->read->handler = ngx_pop3_auth_state; | |
761 | |
762 } else { | |
763 s->imap_state = ngx_imap_start; | |
764 s->connection->read->handler = ngx_imap_auth_state; | |
765 } | |
766 | |
800 | 767 s->auth_method = NGX_IMAP_AUTH_PLAIN; |
768 | |
543 | 769 c->log->action = "in auth state"; |
770 | |
771 ngx_imap_send(s->connection->write); | |
772 | |
583 | 773 if (c->destroyed) { |
543 | 774 return; |
775 } | |
776 | |
777 cscf = ngx_imap_get_module_srv_conf(s, ngx_imap_core_module); | |
778 | |
779 ngx_add_timer(rev, cscf->timeout); | |
780 | |
527 | 781 if (rev->ready) { |
782 s->connection->read->handler(rev); | |
783 return; | |
784 } | |
785 | |
786 if (ngx_handle_read_event(rev, 0) == NGX_ERROR) { | |
787 ngx_imap_close_connection(s->connection); | |
788 } | |
789 | |
790 return; | |
791 } | |
792 | |
793 if (rev->active) { | |
794 if (ngx_handle_read_event(rev, 0) == NGX_ERROR) { | |
795 ngx_imap_close_connection(s->connection); | |
796 } | |
797 } | |
798 } | |
799 | |
800 | |
801 static ngx_int_t | |
802 ngx_imap_auth_http_parse_header_line(ngx_imap_session_t *s, | |
803 ngx_imap_auth_http_ctx_t *ctx) | |
804 { | |
805 u_char c, ch, *p; | |
806 ngx_uint_t hash; | |
807 enum { | |
808 sw_start = 0, | |
809 sw_name, | |
810 sw_space_before_value, | |
811 sw_value, | |
812 sw_space_after_value, | |
577 | 813 sw_almost_done, |
527 | 814 sw_header_almost_done |
815 } state; | |
816 | |
577 | 817 state = ctx->state; |
527 | 818 hash = ctx->hash; |
819 | |
820 for (p = ctx->response->pos; p < ctx->response->last; p++) { | |
821 ch = *p; | |
822 | |
823 switch (state) { | |
824 | |
825 /* first char */ | |
826 case sw_start: | |
827 | |
828 switch (ch) { | |
829 case CR: | |
577 | 830 ctx->header_end = p; |
527 | 831 state = sw_header_almost_done; |
832 break; | |
577 | 833 case LF: |
527 | 834 ctx->header_end = p; |
835 goto header_done; | |
836 default: | |
837 state = sw_name; | |
838 ctx->header_name_start = p; | |
839 | |
840 c = (u_char) (ch | 0x20); | |
841 if (c >= 'a' && c <= 'z') { | |
842 hash = c; | |
843 break; | |
844 } | |
845 | |
846 if (ch >= '0' && ch <= '9') { | |
847 hash = ch; | |
848 break; | |
849 } | |
850 | |
851 return NGX_ERROR; | |
852 } | |
853 break; | |
854 | |
855 /* header name */ | |
856 case sw_name: | |
857 c = (u_char) (ch | 0x20); | |
858 if (c >= 'a' && c <= 'z') { | |
859 hash += c; | |
860 break; | |
861 } | |
862 | |
863 if (ch == ':') { | |
864 ctx->header_name_end = p; | |
865 state = sw_space_before_value; | |
866 break; | |
867 } | |
868 | |
869 if (ch == '-') { | |
870 hash += ch; | |
871 break; | |
872 } | |
873 | |
874 if (ch >= '0' && ch <= '9') { | |
875 hash += ch; | |
876 break; | |
877 } | |
878 | |
879 if (ch == CR) { | |
880 ctx->header_name_end = p; | |
881 ctx->header_start = p; | |
882 ctx->header_end = p; | |
883 state = sw_almost_done; | |
884 break; | |
885 } | |
886 | |
887 if (ch == LF) { | |
888 ctx->header_name_end = p; | |
889 ctx->header_start = p; | |
890 ctx->header_end = p; | |
891 goto done; | |
892 } | |
893 | |
894 return NGX_ERROR; | |
895 | |
896 /* space* before header value */ | |
897 case sw_space_before_value: | |
898 switch (ch) { | |
899 case ' ': | |
900 break; | |
901 case CR: | |
902 ctx->header_start = p; | |
903 ctx->header_end = p; | |
904 state = sw_almost_done; | |
905 break; | |
906 case LF: | |
907 ctx->header_start = p; | |
908 ctx->header_end = p; | |
909 goto done; | |
910 default: | |
911 ctx->header_start = p; | |
912 state = sw_value; | |
913 break; | |
914 } | |
915 break; | |
916 | |
917 /* header value */ | |
918 case sw_value: | |
919 switch (ch) { | |
920 case ' ': | |
921 ctx->header_end = p; | |
922 state = sw_space_after_value; | |
923 break; | |
924 case CR: | |
925 ctx->header_end = p; | |
926 state = sw_almost_done; | |
927 break; | |
928 case LF: | |
929 ctx->header_end = p; | |
930 goto done; | |
931 } | |
932 break; | |
933 | |
934 /* space* before end of header line */ | |
935 case sw_space_after_value: | |
936 switch (ch) { | |
937 case ' ': | |
938 break; | |
939 case CR: | |
940 state = sw_almost_done; | |
941 break; | |
942 case LF: | |
943 goto done; | |
944 default: | |
945 state = sw_value; | |
946 break; | |
947 } | |
948 break; | |
949 | |
950 /* end of header line */ | |
951 case sw_almost_done: | |
952 switch (ch) { | |
953 case LF: | |
954 goto done; | |
955 default: | |
956 return NGX_ERROR; | |
957 } | |
958 | |
959 /* end of header */ | |
960 case sw_header_almost_done: | |
961 switch (ch) { | |
962 case LF: | |
963 goto header_done; | |
964 default: | |
965 return NGX_ERROR; | |
966 } | |
967 } | |
968 } | |
969 | |
970 ctx->response->pos = p; | |
971 ctx->state = state; | |
972 ctx->hash = hash; | |
973 | |
974 return NGX_AGAIN; | |
975 | |
976 done: | |
977 | |
978 ctx->response->pos = p + 1; | |
979 ctx->state = sw_start; | |
980 ctx->hash = hash; | |
981 | |
982 return NGX_OK; | |
983 | |
984 header_done: | |
985 | |
986 ctx->response->pos = p + 1; | |
987 ctx->state = sw_start; | |
988 | |
989 return NGX_DONE; | |
521 | 990 } |
991 | |
992 | |
993 static void | |
994 ngx_imap_auth_http_block_read(ngx_event_t *rev) | |
995 { | |
996 ngx_connection_t *c; | |
997 ngx_imap_session_t *s; | |
998 ngx_imap_auth_http_ctx_t *ctx; | |
999 | |
1000 ngx_log_debug0(NGX_LOG_DEBUG_IMAP, rev->log, 0, | |
1001 "imap auth http block read"); | |
1002 | |
1003 if (ngx_handle_read_event(rev, 0) == NGX_ERROR) { | |
1004 c = rev->data; | |
1005 s = c->data; | |
1006 | |
1007 ctx = ngx_imap_get_module_ctx(s, ngx_imap_auth_http_module); | |
1008 | |
525 | 1009 ngx_close_connection(ctx->peer.connection); |
547 | 1010 ngx_destroy_pool(ctx->pool); |
525 | 1011 ngx_imap_session_internal_server_error(s); |
521 | 1012 } |
1013 } | |
1014 | |
1015 | |
1016 static void | |
1017 ngx_imap_auth_http_dummy_handler(ngx_event_t *ev) | |
1018 { | |
1019 ngx_log_debug0(NGX_LOG_DEBUG_IMAP, ev->log, 0, | |
1020 "imap auth http dummy handler"); | |
1021 } | |
1022 | |
1023 | |
1024 static ngx_buf_t * | |
547 | 1025 ngx_imap_auth_http_create_request(ngx_imap_session_t *s, ngx_pool_t *pool, |
521 | 1026 ngx_imap_auth_http_conf_t *ahcf) |
1027 { | |
1028 size_t len; | |
1029 ngx_buf_t *b; | |
633 | 1030 ngx_str_t login, passwd; |
1031 | |
1032 if (ngx_imap_auth_http_escape(pool, &s->login, &login) != NGX_OK) { | |
1033 return NULL; | |
1034 } | |
1035 | |
1036 if (ngx_imap_auth_http_escape(pool, &s->passwd, &passwd) != NGX_OK) { | |
1037 return NULL; | |
1038 } | |
521 | 1039 |
1040 len = sizeof("GET ") - 1 + ahcf->uri.len + sizeof(" HTTP/1.0" CRLF) - 1 | |
1041 + sizeof("Host: ") - 1 + ahcf->host_header.len + sizeof(CRLF) - 1 | |
1042 + sizeof("Auth-Method: plain" CRLF) - 1 | |
633 | 1043 + sizeof("Auth-User: ") - 1 + login.len + sizeof(CRLF) - 1 |
1044 + sizeof("Auth-Pass: ") - 1 + passwd.len + sizeof(CRLF) - 1 | |
800 | 1045 + sizeof("Auth-Salt: ") - 1 + s->salt.len |
521 | 1046 + sizeof("Auth-Protocol: imap" CRLF) - 1 |
527 | 1047 + sizeof("Auth-Login-Attempt: ") - 1 + NGX_INT_T_LEN |
1048 + sizeof(CRLF) - 1 | |
521 | 1049 + sizeof("Client-IP: ") - 1 + s->connection->addr_text.len |
1050 + sizeof(CRLF) - 1 | |
1051 + sizeof(CRLF) - 1; | |
1052 | |
547 | 1053 b = ngx_create_temp_buf(pool, len); |
521 | 1054 if (b == NULL) { |
1055 return NULL; | |
1056 } | |
1057 | |
1058 b->last = ngx_cpymem(b->last, "GET ", sizeof("GET ") - 1); | |
573 | 1059 b->last = ngx_copy(b->last, ahcf->uri.data, ahcf->uri.len); |
521 | 1060 b->last = ngx_cpymem(b->last, " HTTP/1.0" CRLF, |
1061 sizeof(" HTTP/1.0" CRLF) - 1); | |
1062 | |
1063 b->last = ngx_cpymem(b->last, "Host: ", sizeof("Host: ") - 1); | |
573 | 1064 b->last = ngx_copy(b->last, ahcf->host_header.data, |
521 | 1065 ahcf->host_header.len); |
1066 *b->last++ = CR; *b->last++ = LF; | |
1067 | |
800 | 1068 b->last = ngx_cpymem(b->last, "Auth-Method: ", |
1069 sizeof("Auth-Method: ") - 1); | |
1070 b->last = ngx_cpymem(b->last, | |
1071 ngx_imap_auth_http_method[s->auth_method].data, | |
1072 ngx_imap_auth_http_method[s->auth_method].len); | |
1073 *b->last++ = CR; *b->last++ = LF; | |
521 | 1074 |
1075 b->last = ngx_cpymem(b->last, "Auth-User: ", sizeof("Auth-User: ") - 1); | |
633 | 1076 b->last = ngx_copy(b->last, login.data, login.len); |
521 | 1077 *b->last++ = CR; *b->last++ = LF; |
1078 | |
1079 b->last = ngx_cpymem(b->last, "Auth-Pass: ", sizeof("Auth-Pass: ") - 1); | |
633 | 1080 b->last = ngx_copy(b->last, passwd.data, passwd.len); |
521 | 1081 *b->last++ = CR; *b->last++ = LF; |
1082 | |
809 | 1083 if (s->auth_method != NGX_IMAP_AUTH_PLAIN && s->salt.len) { |
800 | 1084 b->last = ngx_cpymem(b->last, "Auth-Salt: ", sizeof("Auth-Salt: ") - 1); |
1085 b->last = ngx_copy(b->last, s->salt.data, s->salt.len); | |
1086 | |
1087 s->passwd.data = NULL; | |
1088 } | |
1089 | |
521 | 1090 b->last = ngx_cpymem(b->last, "Auth-Protocol: ", |
1091 sizeof("Auth-Protocol: ") - 1); | |
1092 b->last = ngx_cpymem(b->last, ngx_imap_auth_http_protocol[s->protocol], | |
1093 sizeof("imap") - 1); | |
1094 *b->last++ = CR; *b->last++ = LF; | |
1095 | |
527 | 1096 b->last = ngx_sprintf(b->last, "Auth-Login-Attempt: %ui" CRLF, |
1097 s->login_attempt); | |
1098 | |
521 | 1099 b->last = ngx_cpymem(b->last, "Client-IP: ", sizeof("Client-IP: ") - 1); |
573 | 1100 b->last = ngx_copy(b->last, s->connection->addr_text.data, |
521 | 1101 s->connection->addr_text.len); |
1102 *b->last++ = CR; *b->last++ = LF; | |
1103 | |
573 | 1104 if (ahcf->header.len) { |
1105 b->last = ngx_copy(b->last, ahcf->header.data, ahcf->header.len); | |
1106 } | |
1107 | |
521 | 1108 /* add "\r\n" at the header end */ |
1109 *b->last++ = CR; *b->last++ = LF; | |
1110 | |
547 | 1111 #if (NGX_DEBUG_IMAP_PASSWD) |
521 | 1112 { |
1113 ngx_str_t l; | |
1114 | |
1115 l.len = b->last - b->pos; | |
1116 l.data = b->pos; | |
527 | 1117 ngx_log_debug1(NGX_LOG_DEBUG_IMAP, s->connection->log, 0, |
521 | 1118 "imap auth http header:\n\"%V\"", &l); |
1119 } | |
1120 #endif | |
1121 | |
1122 return b; | |
1123 } | |
1124 | |
1125 | |
633 | 1126 static ngx_int_t |
1127 ngx_imap_auth_http_escape(ngx_pool_t *pool, ngx_str_t *text, ngx_str_t *escaped) | |
1128 { | |
1129 u_char ch, *p; | |
1130 ngx_uint_t i, n; | |
1131 | |
1132 n = 0; | |
1133 | |
1134 for (i = 0; i < text->len; i++) { | |
1135 ch = text->data[i]; | |
1136 | |
1137 if (ch == CR || ch == LF) { | |
1138 n++; | |
1139 } | |
1140 } | |
1141 | |
1142 if (n == 0) { | |
1143 *escaped = *text; | |
1144 return NGX_OK; | |
1145 } | |
1146 | |
1147 escaped->len = text->len + n * 2; | |
1148 | |
1149 p = ngx_palloc(pool, escaped->len); | |
1150 if (p == NULL) { | |
1151 return NGX_ERROR; | |
1152 } | |
1153 | |
1154 escaped->data = p; | |
1155 | |
1156 for (i = 0; i < text->len; i++) { | |
1157 ch = text->data[i]; | |
1158 | |
1159 if (ch == CR) { | |
1160 *p++ = '%'; | |
1161 *p++ = '0'; | |
1162 *p++ = 'D'; | |
1163 continue; | |
1164 } | |
1165 | |
1166 if (ch == LF) { | |
1167 *p++ = '%'; | |
1168 *p++ = '0'; | |
1169 *p++ = 'A'; | |
1170 continue; | |
1171 } | |
1172 | |
1173 *p++ = ch; | |
1174 } | |
1175 | |
1176 return NGX_OK; | |
1177 } | |
1178 | |
1179 | |
521 | 1180 static void * |
1181 ngx_imap_auth_http_create_conf(ngx_conf_t *cf) | |
577 | 1182 { |
521 | 1183 ngx_imap_auth_http_conf_t *ahcf; |
577 | 1184 |
521 | 1185 ahcf = ngx_pcalloc(cf->pool, sizeof(ngx_imap_auth_http_conf_t)); |
1186 if (ahcf == NULL) { | |
1187 return NGX_CONF_ERROR; | |
1188 } | |
1189 | |
1190 ahcf->timeout = NGX_CONF_UNSET_MSEC; | |
1191 | |
1192 return ahcf; | |
1193 } | |
1194 | |
1195 | |
1196 static char * | |
1197 ngx_imap_auth_http_merge_conf(ngx_conf_t *cf, void *parent, void *child) | |
1198 { | |
1199 ngx_imap_auth_http_conf_t *prev = parent; | |
1200 ngx_imap_auth_http_conf_t *conf = child; | |
1201 | |
573 | 1202 u_char *p; |
1203 size_t len; | |
1204 ngx_uint_t i; | |
1205 ngx_table_elt_t *header; | |
1206 | |
521 | 1207 if (conf->peers == NULL) { |
1208 conf->peers = prev->peers; | |
1209 conf->host_header = prev->host_header; | |
1210 conf->uri = prev->uri; | |
1211 } | |
1212 | |
1213 ngx_conf_merge_msec_value(conf->timeout, prev->timeout, 60000); | |
1214 | |
573 | 1215 if (conf->headers == NULL) { |
1216 conf->headers = prev->headers; | |
1217 conf->header = prev->header; | |
1218 } | |
1219 | |
1220 if (conf->headers && conf->header.len == 0) { | |
1221 len = 0; | |
1222 header = conf->headers->elts; | |
1223 for (i = 0; i < conf->headers->nelts; i++) { | |
1224 len += header[i].key.len + 2 + header[i].value.len + 2; | |
1225 } | |
1226 | |
1227 p = ngx_palloc(cf->pool, len); | |
1228 if (p == NULL) { | |
1229 return NGX_CONF_ERROR; | |
1230 } | |
1231 | |
1232 conf->header.len = len; | |
1233 conf->header.data = p; | |
1234 | |
1235 for (i = 0; i < conf->headers->nelts; i++) { | |
1236 p = ngx_cpymem(p, header[i].key.data, header[i].key.len); | |
1237 *p++ = ':'; *p++ = ' '; | |
1238 p = ngx_cpymem(p, header[i].value.data, header[i].value.len); | |
1239 *p++ = CR; *p++ = LF; | |
1240 } | |
1241 } | |
1242 | |
521 | 1243 return NGX_CONF_OK; |
1244 } | |
1245 | |
1246 | |
1247 static char * | |
1248 ngx_imap_auth_http(ngx_conf_t *cf, ngx_command_t *cmd, void *conf) | |
577 | 1249 { |
521 | 1250 ngx_imap_auth_http_conf_t *ahcf = conf; |
1251 | |
805
8ee450f30c25
now the "auth_http" directive uses ngx_parse_url()
Igor Sysoev <igor@sysoev.ru>
parents:
800
diff
changeset
|
1252 ngx_str_t *value; |
8ee450f30c25
now the "auth_http" directive uses ngx_parse_url()
Igor Sysoev <igor@sysoev.ru>
parents:
800
diff
changeset
|
1253 ngx_url_t u; |
573 | 1254 |
521 | 1255 value = cf->args->elts; |
1256 | |
805
8ee450f30c25
now the "auth_http" directive uses ngx_parse_url()
Igor Sysoev <igor@sysoev.ru>
parents:
800
diff
changeset
|
1257 ngx_memzero(&u, sizeof(ngx_url_t)); |
521 | 1258 |
805
8ee450f30c25
now the "auth_http" directive uses ngx_parse_url()
Igor Sysoev <igor@sysoev.ru>
parents:
800
diff
changeset
|
1259 u.url = value[1]; |
8ee450f30c25
now the "auth_http" directive uses ngx_parse_url()
Igor Sysoev <igor@sysoev.ru>
parents:
800
diff
changeset
|
1260 u.default_portn = 80; |
8ee450f30c25
now the "auth_http" directive uses ngx_parse_url()
Igor Sysoev <igor@sysoev.ru>
parents:
800
diff
changeset
|
1261 u.uri_part = 1; |
577 | 1262 |
805
8ee450f30c25
now the "auth_http" directive uses ngx_parse_url()
Igor Sysoev <igor@sysoev.ru>
parents:
800
diff
changeset
|
1263 if (ngx_parse_url(cf, &u) != NGX_OK) { |
8ee450f30c25
now the "auth_http" directive uses ngx_parse_url()
Igor Sysoev <igor@sysoev.ru>
parents:
800
diff
changeset
|
1264 if (u.err) { |
8ee450f30c25
now the "auth_http" directive uses ngx_parse_url()
Igor Sysoev <igor@sysoev.ru>
parents:
800
diff
changeset
|
1265 ngx_conf_log_error(NGX_LOG_EMERG, cf, 0, |
8ee450f30c25
now the "auth_http" directive uses ngx_parse_url()
Igor Sysoev <igor@sysoev.ru>
parents:
800
diff
changeset
|
1266 "%s in auth_http \"%V\"", u.err, &u.url); |
8ee450f30c25
now the "auth_http" directive uses ngx_parse_url()
Igor Sysoev <igor@sysoev.ru>
parents:
800
diff
changeset
|
1267 } |
8ee450f30c25
now the "auth_http" directive uses ngx_parse_url()
Igor Sysoev <igor@sysoev.ru>
parents:
800
diff
changeset
|
1268 } |
521 | 1269 |
805
8ee450f30c25
now the "auth_http" directive uses ngx_parse_url()
Igor Sysoev <igor@sysoev.ru>
parents:
800
diff
changeset
|
1270 ahcf->peers = u.peers; |
8ee450f30c25
now the "auth_http" directive uses ngx_parse_url()
Igor Sysoev <igor@sysoev.ru>
parents:
800
diff
changeset
|
1271 ahcf->peers->number = 1; |
521 | 1272 |
805
8ee450f30c25
now the "auth_http" directive uses ngx_parse_url()
Igor Sysoev <igor@sysoev.ru>
parents:
800
diff
changeset
|
1273 ahcf->host_header = u.host_header; |
8ee450f30c25
now the "auth_http" directive uses ngx_parse_url()
Igor Sysoev <igor@sysoev.ru>
parents:
800
diff
changeset
|
1274 ahcf->uri = u.uri; |
521 | 1275 |
559 | 1276 if (ahcf->uri.len == 0) { |
555 | 1277 ahcf->uri.len = sizeof("/") - 1; |
1278 ahcf->uri.data = (u_char *) "/"; | |
1279 } | |
1280 | |
521 | 1281 return NGX_CONF_OK; |
1282 } | |
573 | 1283 |
1284 | |
1285 static char * | |
1286 ngx_imap_auth_http_header(ngx_conf_t *cf, ngx_command_t *cmd, void *conf) | |
577 | 1287 { |
573 | 1288 ngx_imap_auth_http_conf_t *ahcf = conf; |
1289 | |
1290 ngx_str_t *value; | |
1291 ngx_table_elt_t *header; | |
1292 | |
1293 if (ahcf->headers == NULL) { | |
1294 ahcf->headers = ngx_array_create(cf->pool, 1, sizeof(ngx_table_elt_t)); | |
1295 if (ahcf->headers == NULL) { | |
1296 return NGX_CONF_ERROR; | |
1297 } | |
1298 } | |
1299 | |
1300 header = ngx_array_push(ahcf->headers); | |
1301 if (header == NULL) { | |
1302 return NGX_CONF_ERROR; | |
1303 } | |
1304 | |
1305 value = cf->args->elts; | |
1306 | |
1307 header->key = value[1]; | |
1308 header->value = value[2]; | |
1309 | |
1310 return NGX_CONF_OK; | |
1311 } |