Mercurial > hg > nginx
annotate src/mail/ngx_mail_auth_http_module.c @ 1478:d0cce8369848
small optimizations
author | Igor Sysoev <igor@sysoev.ru> |
---|---|
date | Thu, 13 Sep 2007 20:32:52 +0000 |
parents | 59e1caf2be94 |
children | f69493e8faab |
rev | line source |
---|---|
521 | 1 |
2 /* | |
3 * Copyright (C) Igor Sysoev | |
4 */ | |
5 | |
6 | |
7 #include <ngx_config.h> | |
8 #include <ngx_core.h> | |
9 #include <ngx_event.h> | |
10 #include <ngx_event_connect.h> | |
1136 | 11 #include <ngx_mail.h> |
521 | 12 |
13 | |
14 typedef struct { | |
884 | 15 ngx_peer_addr_t *peer; |
521 | 16 |
527 | 17 ngx_msec_t timeout; |
521 | 18 |
527 | 19 ngx_str_t host_header; |
20 ngx_str_t uri; | |
573 | 21 ngx_str_t header; |
22 | |
23 ngx_array_t *headers; | |
1392 | 24 |
25 u_char *file; | |
26 ngx_uint_t line; | |
1136 | 27 } ngx_mail_auth_http_conf_t; |
521 | 28 |
29 | |
1136 | 30 typedef struct ngx_mail_auth_http_ctx_s ngx_mail_auth_http_ctx_t; |
527 | 31 |
1136 | 32 typedef void (*ngx_mail_auth_http_handler_pt)(ngx_mail_session_t *s, |
33 ngx_mail_auth_http_ctx_t *ctx); | |
527 | 34 |
1136 | 35 struct ngx_mail_auth_http_ctx_s { |
527 | 36 ngx_buf_t *request; |
37 ngx_buf_t *response; | |
38 ngx_peer_connection_t peer; | |
39 | |
1136 | 40 ngx_mail_auth_http_handler_pt handler; |
527 | 41 |
42 ngx_uint_t state; | |
43 ngx_uint_t hash; /* no needed ? */ | |
44 | |
45 u_char *header_name_start; | |
46 u_char *header_name_end; | |
47 u_char *header_start; | |
48 u_char *header_end; | |
49 | |
50 ngx_str_t addr; | |
51 ngx_str_t port; | |
52 ngx_str_t err; | |
567 | 53 ngx_str_t errmsg; |
1136 | 54 ngx_str_t errcode; |
527 | 55 |
547 | 56 time_t sleep; |
527 | 57 |
547 | 58 ngx_pool_t *pool; |
527 | 59 }; |
521 | 60 |
61 | |
1136 | 62 static void ngx_mail_auth_http_write_handler(ngx_event_t *wev); |
63 static void ngx_mail_auth_http_read_handler(ngx_event_t *rev); | |
64 static void ngx_mail_auth_http_ignore_status_line(ngx_mail_session_t *s, | |
65 ngx_mail_auth_http_ctx_t *ctx); | |
66 static void ngx_mail_auth_http_process_headers(ngx_mail_session_t *s, | |
67 ngx_mail_auth_http_ctx_t *ctx); | |
68 static void ngx_mail_auth_sleep_handler(ngx_event_t *rev); | |
69 static ngx_int_t ngx_mail_auth_http_parse_header_line(ngx_mail_session_t *s, | |
70 ngx_mail_auth_http_ctx_t *ctx); | |
71 static void ngx_mail_auth_http_block_read(ngx_event_t *rev); | |
72 static void ngx_mail_auth_http_dummy_handler(ngx_event_t *ev); | |
73 static ngx_buf_t *ngx_mail_auth_http_create_request(ngx_mail_session_t *s, | |
74 ngx_pool_t *pool, ngx_mail_auth_http_conf_t *ahcf); | |
75 static ngx_int_t ngx_mail_auth_http_escape(ngx_pool_t *pool, ngx_str_t *text, | |
633 | 76 ngx_str_t *escaped); |
521 | 77 |
1136 | 78 static void *ngx_mail_auth_http_create_conf(ngx_conf_t *cf); |
79 static char *ngx_mail_auth_http_merge_conf(ngx_conf_t *cf, void *parent, | |
521 | 80 void *child); |
1136 | 81 static char *ngx_mail_auth_http(ngx_conf_t *cf, ngx_command_t *cmd, void *conf); |
82 static char *ngx_mail_auth_http_header(ngx_conf_t *cf, ngx_command_t *cmd, | |
573 | 83 void *conf); |
521 | 84 |
85 | |
1136 | 86 static ngx_command_t ngx_mail_auth_http_commands[] = { |
521 | 87 |
88 { ngx_string("auth_http"), | |
1136 | 89 NGX_MAIL_MAIN_CONF|NGX_MAIL_SRV_CONF|NGX_CONF_TAKE1, |
90 ngx_mail_auth_http, | |
91 NGX_MAIL_SRV_CONF_OFFSET, | |
521 | 92 0, |
93 NULL }, | |
94 | |
95 { ngx_string("auth_http_timeout"), | |
1136 | 96 NGX_MAIL_MAIN_CONF|NGX_MAIL_SRV_CONF|NGX_CONF_TAKE1, |
521 | 97 ngx_conf_set_msec_slot, |
1136 | 98 NGX_MAIL_SRV_CONF_OFFSET, |
99 offsetof(ngx_mail_auth_http_conf_t, timeout), | |
521 | 100 NULL }, |
101 | |
573 | 102 { ngx_string("auth_http_header"), |
1136 | 103 NGX_MAIL_MAIN_CONF|NGX_MAIL_SRV_CONF|NGX_CONF_TAKE2, |
104 ngx_mail_auth_http_header, | |
105 NGX_MAIL_SRV_CONF_OFFSET, | |
573 | 106 0, |
107 NULL }, | |
108 | |
521 | 109 ngx_null_command |
110 }; | |
111 | |
112 | |
1136 | 113 static ngx_mail_module_t ngx_mail_auth_http_module_ctx = { |
521 | 114 NULL, /* create main configuration */ |
115 NULL, /* init main configuration */ | |
116 | |
1136 | 117 ngx_mail_auth_http_create_conf, /* create server configuration */ |
118 ngx_mail_auth_http_merge_conf /* merge server configuration */ | |
521 | 119 }; |
120 | |
121 | |
1136 | 122 ngx_module_t ngx_mail_auth_http_module = { |
521 | 123 NGX_MODULE_V1, |
1136 | 124 &ngx_mail_auth_http_module_ctx, /* module context */ |
125 ngx_mail_auth_http_commands, /* module directives */ | |
126 NGX_MAIL_MODULE, /* module type */ | |
541 | 127 NULL, /* init master */ |
521 | 128 NULL, /* init module */ |
541 | 129 NULL, /* init process */ |
130 NULL, /* init thread */ | |
131 NULL, /* exit thread */ | |
132 NULL, /* exit process */ | |
133 NULL, /* exit master */ | |
134 NGX_MODULE_V1_PADDING | |
521 | 135 }; |
136 | |
137 | |
1136 | 138 static char *ngx_mail_auth_http_protocol[] = { "pop3", "imap", "smtp" }; |
139 static ngx_str_t ngx_mail_auth_http_method[] = { | |
140 ngx_string("plain"), | |
809 | 141 ngx_string("plain"), |
142 ngx_string("apop"), | |
143 ngx_string("cram-md5") | |
800 | 144 }; |
521 | 145 |
1136 | 146 static ngx_str_t ngx_mail_smtp_errcode = ngx_string("535 5.7.0"); |
521 | 147 |
1477 | 148 static ngx_uint_t ngx_mail_start_states[] = { |
149 ngx_pop3_start, | |
150 ngx_imap_start, | |
151 ngx_smtp_start | |
152 }; | |
153 | |
154 static ngx_mail_auth_state_pt ngx_mail_auth_states[] = { | |
155 ngx_mail_pop3_auth_state, | |
156 ngx_mail_imap_auth_state, | |
157 ngx_mail_smtp_auth_state | |
158 }; | |
159 | |
160 | |
521 | 161 void |
1136 | 162 ngx_mail_auth_http_init(ngx_mail_session_t *s) |
521 | 163 { |
164 ngx_int_t rc; | |
547 | 165 ngx_pool_t *pool; |
1136 | 166 ngx_mail_auth_http_ctx_t *ctx; |
167 ngx_mail_auth_http_conf_t *ahcf; | |
521 | 168 |
541 | 169 s->connection->log->action = "in http auth state"; |
170 | |
547 | 171 pool = ngx_create_pool(2048, s->connection->log); |
172 if (pool == NULL) { | |
1136 | 173 ngx_mail_session_internal_server_error(s); |
521 | 174 return; |
175 } | |
176 | |
1136 | 177 ctx = ngx_pcalloc(pool, sizeof(ngx_mail_auth_http_ctx_t)); |
547 | 178 if (ctx == NULL) { |
179 ngx_destroy_pool(pool); | |
1136 | 180 ngx_mail_session_internal_server_error(s); |
547 | 181 return; |
182 } | |
183 | |
184 ctx->pool = pool; | |
185 | |
1136 | 186 ahcf = ngx_mail_get_module_srv_conf(s, ngx_mail_auth_http_module); |
521 | 187 |
1136 | 188 ctx->request = ngx_mail_auth_http_create_request(s, pool, ahcf); |
521 | 189 if (ctx->request == NULL) { |
547 | 190 ngx_destroy_pool(ctx->pool); |
1136 | 191 ngx_mail_session_internal_server_error(s); |
521 | 192 return; |
193 } | |
194 | |
1136 | 195 ngx_mail_set_ctx(s, ctx, ngx_mail_auth_http_module); |
521 | 196 |
884 | 197 ctx->peer.sockaddr = ahcf->peer->sockaddr; |
198 ctx->peer.socklen = ahcf->peer->socklen; | |
199 ctx->peer.name = &ahcf->peer->name; | |
200 ctx->peer.get = ngx_event_get_peer; | |
521 | 201 ctx->peer.log = s->connection->log; |
202 ctx->peer.log_error = NGX_ERROR_ERR; | |
203 | |
204 rc = ngx_event_connect_peer(&ctx->peer); | |
205 | |
543 | 206 if (rc == NGX_ERROR || rc == NGX_BUSY || rc == NGX_DECLINED) { |
862
6044cea025fa
fix segfault when connect() failed
Igor Sysoev <igor@sysoev.ru>
parents:
856
diff
changeset
|
207 if (ctx->peer.connection) { |
6044cea025fa
fix segfault when connect() failed
Igor Sysoev <igor@sysoev.ru>
parents:
856
diff
changeset
|
208 ngx_close_connection(ctx->peer.connection); |
6044cea025fa
fix segfault when connect() failed
Igor Sysoev <igor@sysoev.ru>
parents:
856
diff
changeset
|
209 } |
6044cea025fa
fix segfault when connect() failed
Igor Sysoev <igor@sysoev.ru>
parents:
856
diff
changeset
|
210 |
547 | 211 ngx_destroy_pool(ctx->pool); |
1136 | 212 ngx_mail_session_internal_server_error(s); |
521 | 213 return; |
214 } | |
215 | |
216 ctx->peer.connection->data = s; | |
217 ctx->peer.connection->pool = s->connection->pool; | |
218 | |
1136 | 219 s->connection->read->handler = ngx_mail_auth_http_block_read; |
220 ctx->peer.connection->read->handler = ngx_mail_auth_http_read_handler; | |
221 ctx->peer.connection->write->handler = ngx_mail_auth_http_write_handler; | |
521 | 222 |
1136 | 223 ctx->handler = ngx_mail_auth_http_ignore_status_line; |
527 | 224 |
541 | 225 ngx_add_timer(ctx->peer.connection->read, ahcf->timeout); |
226 ngx_add_timer(ctx->peer.connection->write, ahcf->timeout); | |
227 | |
521 | 228 if (rc == NGX_OK) { |
1136 | 229 ngx_mail_auth_http_write_handler(ctx->peer.connection->write); |
521 | 230 return; |
231 } | |
232 } | |
233 | |
234 | |
235 static void | |
1136 | 236 ngx_mail_auth_http_write_handler(ngx_event_t *wev) |
521 | 237 { |
238 ssize_t n, size; | |
239 ngx_connection_t *c; | |
1136 | 240 ngx_mail_session_t *s; |
241 ngx_mail_auth_http_ctx_t *ctx; | |
242 ngx_mail_auth_http_conf_t *ahcf; | |
521 | 243 |
244 c = wev->data; | |
245 s = c->data; | |
246 | |
1136 | 247 ctx = ngx_mail_get_module_ctx(s, ngx_mail_auth_http_module); |
521 | 248 |
1136 | 249 ngx_log_debug0(NGX_LOG_DEBUG_MAIL, wev->log, 0, |
250 "mail auth http write handler"); | |
521 | 251 |
577 | 252 if (wev->timedout) { |
521 | 253 ngx_log_error(NGX_LOG_ERR, wev->log, NGX_ETIMEDOUT, |
884 | 254 "auth http server %V timed out", ctx->peer.name); |
1478 | 255 ngx_close_connection(c); |
547 | 256 ngx_destroy_pool(ctx->pool); |
1136 | 257 ngx_mail_session_internal_server_error(s); |
521 | 258 return; |
259 } | |
260 | |
261 size = ctx->request->last - ctx->request->pos; | |
262 | |
263 n = ngx_send(c, ctx->request->pos, size); | |
264 | |
265 if (n == NGX_ERROR) { | |
1478 | 266 ngx_close_connection(c); |
547 | 267 ngx_destroy_pool(ctx->pool); |
1136 | 268 ngx_mail_session_internal_server_error(s); |
521 | 269 return; |
270 } | |
271 | |
272 if (n > 0) { | |
273 ctx->request->pos += n; | |
274 | |
275 if (n == size) { | |
1136 | 276 wev->handler = ngx_mail_auth_http_dummy_handler; |
521 | 277 |
278 if (wev->timer_set) { | |
279 ngx_del_timer(wev); | |
280 } | |
281 | |
799
9737d6fb1ac6
disable write level event while waiting auth server response
Igor Sysoev <igor@sysoev.ru>
parents:
633
diff
changeset
|
282 if (ngx_handle_write_event(wev, 0) == NGX_ERROR) { |
1478 | 283 ngx_close_connection(c); |
799
9737d6fb1ac6
disable write level event while waiting auth server response
Igor Sysoev <igor@sysoev.ru>
parents:
633
diff
changeset
|
284 ngx_destroy_pool(ctx->pool); |
1136 | 285 ngx_mail_session_internal_server_error(s); |
799
9737d6fb1ac6
disable write level event while waiting auth server response
Igor Sysoev <igor@sysoev.ru>
parents:
633
diff
changeset
|
286 } |
9737d6fb1ac6
disable write level event while waiting auth server response
Igor Sysoev <igor@sysoev.ru>
parents:
633
diff
changeset
|
287 |
521 | 288 return; |
289 } | |
290 } | |
291 | |
292 if (!wev->timer_set) { | |
1136 | 293 ahcf = ngx_mail_get_module_srv_conf(s, ngx_mail_auth_http_module); |
521 | 294 ngx_add_timer(wev, ahcf->timeout); |
295 } | |
296 } | |
297 | |
298 | |
299 static void | |
1136 | 300 ngx_mail_auth_http_read_handler(ngx_event_t *rev) |
521 | 301 { |
525 | 302 ssize_t n, size; |
521 | 303 ngx_connection_t *c; |
1136 | 304 ngx_mail_session_t *s; |
305 ngx_mail_auth_http_ctx_t *ctx; | |
521 | 306 |
307 c = rev->data; | |
308 s = c->data; | |
309 | |
1136 | 310 ngx_log_debug0(NGX_LOG_DEBUG_MAIL, rev->log, 0, |
311 "mail auth http read handler"); | |
521 | 312 |
1136 | 313 ctx = ngx_mail_get_module_ctx(s, ngx_mail_auth_http_module); |
525 | 314 |
577 | 315 if (rev->timedout) { |
525 | 316 ngx_log_error(NGX_LOG_ERR, rev->log, NGX_ETIMEDOUT, |
884 | 317 "auth http server %V timed out", ctx->peer.name); |
1478 | 318 ngx_close_connection(c); |
547 | 319 ngx_destroy_pool(ctx->pool); |
1136 | 320 ngx_mail_session_internal_server_error(s); |
525 | 321 return; |
322 } | |
323 | |
324 if (ctx->response == NULL) { | |
547 | 325 ctx->response = ngx_create_temp_buf(ctx->pool, 1024); |
525 | 326 if (ctx->response == NULL) { |
1478 | 327 ngx_close_connection(c); |
547 | 328 ngx_destroy_pool(ctx->pool); |
1136 | 329 ngx_mail_session_internal_server_error(s); |
525 | 330 return; |
331 } | |
332 } | |
333 | |
527 | 334 size = ctx->response->end - ctx->response->last; |
525 | 335 |
336 n = ngx_recv(c, ctx->response->pos, size); | |
337 | |
527 | 338 if (n > 0) { |
339 ctx->response->last += n; | |
340 | |
341 ctx->handler(s, ctx); | |
342 return; | |
343 } | |
344 | |
345 if (n == NGX_AGAIN) { | |
525 | 346 return; |
347 } | |
348 | |
1478 | 349 ngx_close_connection(c); |
547 | 350 ngx_destroy_pool(ctx->pool); |
1136 | 351 ngx_mail_session_internal_server_error(s); |
527 | 352 } |
525 | 353 |
354 | |
527 | 355 static void |
1136 | 356 ngx_mail_auth_http_ignore_status_line(ngx_mail_session_t *s, |
357 ngx_mail_auth_http_ctx_t *ctx) | |
527 | 358 { |
359 u_char *p, ch; | |
360 enum { | |
361 sw_start = 0, | |
362 sw_H, | |
363 sw_HT, | |
364 sw_HTT, | |
365 sw_HTTP, | |
366 sw_skip, | |
367 sw_almost_done | |
368 } state; | |
369 | |
1136 | 370 ngx_log_debug0(NGX_LOG_DEBUG_MAIL, s->connection->log, 0, |
371 "mail auth http process status line"); | |
527 | 372 |
373 state = ctx->state; | |
374 | |
375 for (p = ctx->response->pos; p < ctx->response->last; p++) { | |
376 ch = *p; | |
377 | |
378 switch (state) { | |
379 | |
380 /* "HTTP/" */ | |
381 case sw_start: | |
382 if (ch == 'H') { | |
383 state = sw_H; | |
384 break; | |
385 } | |
386 goto next; | |
387 | |
388 case sw_H: | |
389 if (ch == 'T') { | |
390 state = sw_HT; | |
391 break; | |
392 } | |
393 goto next; | |
394 | |
395 case sw_HT: | |
396 if (ch == 'T') { | |
397 state = sw_HTT; | |
398 break; | |
399 } | |
400 goto next; | |
401 | |
402 case sw_HTT: | |
403 if (ch == 'P') { | |
404 state = sw_HTTP; | |
405 break; | |
406 } | |
407 goto next; | |
408 | |
409 case sw_HTTP: | |
410 if (ch == '/') { | |
411 state = sw_skip; | |
412 break; | |
413 } | |
414 goto next; | |
415 | |
416 /* any text until end of line */ | |
417 case sw_skip: | |
418 switch (ch) { | |
419 case CR: | |
420 state = sw_almost_done; | |
421 | |
422 break; | |
577 | 423 case LF: |
527 | 424 goto done; |
425 } | |
426 break; | |
427 | |
428 /* end of status line */ | |
429 case sw_almost_done: | |
430 if (ch == LF) { | |
431 goto done; | |
432 } | |
433 | |
434 ngx_log_error(NGX_LOG_ERR, s->connection->log, 0, | |
541 | 435 "auth http server &V sent invalid response", |
884 | 436 ctx->peer.name); |
527 | 437 ngx_close_connection(ctx->peer.connection); |
547 | 438 ngx_destroy_pool(ctx->pool); |
1136 | 439 ngx_mail_session_internal_server_error(s); |
527 | 440 return; |
441 } | |
442 } | |
443 | |
444 ctx->response->pos = p; | |
445 ctx->state = state; | |
446 | |
447 return; | |
448 | |
449 next: | |
450 | |
451 p = ctx->response->start - 1; | |
452 | |
453 done: | |
454 | |
455 ctx->response->pos = p + 1; | |
456 ctx->state = 0; | |
1136 | 457 ctx->handler = ngx_mail_auth_http_process_headers; |
527 | 458 ctx->handler(s, ctx); |
459 } | |
525 | 460 |
461 | |
527 | 462 static void |
1136 | 463 ngx_mail_auth_http_process_headers(ngx_mail_session_t *s, |
464 ngx_mail_auth_http_ctx_t *ctx) | |
527 | 465 { |
466 u_char *p; | |
547 | 467 time_t timer; |
527 | 468 size_t len, size; |
469 ngx_int_t rc, port, n; | |
884 | 470 ngx_peer_addr_t *peer; |
527 | 471 struct sockaddr_in *sin; |
525 | 472 |
1136 | 473 ngx_log_debug0(NGX_LOG_DEBUG_MAIL, s->connection->log, 0, |
474 "mail auth http process headers"); | |
527 | 475 |
476 for ( ;; ) { | |
1136 | 477 rc = ngx_mail_auth_http_parse_header_line(s, ctx); |
527 | 478 |
479 if (rc == NGX_OK) { | |
480 | |
481 #if (NGX_DEBUG) | |
482 { | |
483 ngx_str_t key, value; | |
484 | |
485 key.len = ctx->header_name_end - ctx->header_name_start; | |
486 key.data = ctx->header_name_start; | |
487 value.len = ctx->header_end - ctx->header_start; | |
488 value.data = ctx->header_start; | |
489 | |
1136 | 490 ngx_log_debug2(NGX_LOG_DEBUG_MAIL, s->connection->log, 0, |
491 "mail auth http header: \"%V: %V\"", | |
527 | 492 &key, &value); |
493 } | |
494 #endif | |
495 | |
496 len = ctx->header_name_end - ctx->header_name_start; | |
497 | |
498 if (len == sizeof("Auth-Status") - 1 | |
1107
db7c468c447d
ngx_strcasecmp()/ngx_strncasecmp()
Igor Sysoev <igor@sysoev.ru>
parents:
906
diff
changeset
|
499 && ngx_strncasecmp(ctx->header_name_start, |
db7c468c447d
ngx_strcasecmp()/ngx_strncasecmp()
Igor Sysoev <igor@sysoev.ru>
parents:
906
diff
changeset
|
500 (u_char *) "Auth-Status", |
db7c468c447d
ngx_strcasecmp()/ngx_strncasecmp()
Igor Sysoev <igor@sysoev.ru>
parents:
906
diff
changeset
|
501 sizeof("Auth-Status") - 1) |
db7c468c447d
ngx_strcasecmp()/ngx_strncasecmp()
Igor Sysoev <igor@sysoev.ru>
parents:
906
diff
changeset
|
502 == 0) |
527 | 503 { |
504 len = ctx->header_end - ctx->header_start; | |
505 | |
506 if (len == 2 | |
507 && ctx->header_start[0] == 'O' | |
508 && ctx->header_start[1] == 'K') | |
509 { | |
510 continue; | |
511 } | |
512 | |
883 | 513 if (len == 4 |
514 && ctx->header_start[0] == 'W' | |
515 && ctx->header_start[1] == 'A' | |
516 && ctx->header_start[2] == 'I' | |
517 && ctx->header_start[3] == 'T') | |
518 { | |
519 s->auth_wait = 1; | |
520 continue; | |
521 } | |
522 | |
567 | 523 ctx->errmsg.len = len; |
524 ctx->errmsg.data = ctx->header_start; | |
525 | |
1136 | 526 switch (s->protocol) { |
527 | |
528 case NGX_MAIL_POP3_PROTOCOL: | |
854
1673f197bc62
fix segfault when many auth failures occurred
Igor Sysoev <igor@sysoev.ru>
parents:
809
diff
changeset
|
529 size = sizeof("-ERR ") - 1 + len + sizeof(CRLF) - 1; |
1136 | 530 break; |
527 | 531 |
1136 | 532 case NGX_MAIL_IMAP_PROTOCOL: |
854
1673f197bc62
fix segfault when many auth failures occurred
Igor Sysoev <igor@sysoev.ru>
parents:
809
diff
changeset
|
533 size = s->tag.len + sizeof("NO ") - 1 + len |
527 | 534 + sizeof(CRLF) - 1; |
1136 | 535 break; |
536 | |
537 default: /* NGX_MAIL_SMTP_PROTOCOL */ | |
538 ctx->err = ctx->errmsg; | |
539 continue; | |
527 | 540 } |
541 | |
542 p = ngx_pcalloc(s->connection->pool, size); | |
543 if (p == NULL) { | |
543 | 544 ngx_close_connection(ctx->peer.connection); |
547 | 545 ngx_destroy_pool(ctx->pool); |
1136 | 546 ngx_mail_session_internal_server_error(s); |
527 | 547 return; |
548 } | |
549 | |
550 ctx->err.data = p; | |
551 | |
1136 | 552 switch (s->protocol) { |
527 | 553 |
1136 | 554 case NGX_MAIL_POP3_PROTOCOL: |
555 *p++ = '-'; *p++ = 'E'; *p++ = 'R'; *p++ = 'R'; *p++ = ' '; | |
556 break; | |
557 | |
558 case NGX_MAIL_IMAP_PROTOCOL: | |
527 | 559 p = ngx_cpymem(p, s->tag.data, s->tag.len); |
1136 | 560 *p++ = 'N'; *p++ = 'O'; *p++ = ' '; |
561 break; | |
562 | |
563 default: /* NGX_MAIL_SMTP_PROTOCOL */ | |
564 break; | |
527 | 565 } |
566 | |
567 p = ngx_cpymem(p, ctx->header_start, len); | |
568 *p++ = CR; *p++ = LF; | |
569 | |
570 ctx->err.len = p - ctx->err.data; | |
571 | |
572 continue; | |
573 } | |
574 | |
575 if (len == sizeof("Auth-Server") - 1 | |
1107
db7c468c447d
ngx_strcasecmp()/ngx_strncasecmp()
Igor Sysoev <igor@sysoev.ru>
parents:
906
diff
changeset
|
576 && ngx_strncasecmp(ctx->header_name_start, |
db7c468c447d
ngx_strcasecmp()/ngx_strncasecmp()
Igor Sysoev <igor@sysoev.ru>
parents:
906
diff
changeset
|
577 (u_char *) "Auth-Server", |
db7c468c447d
ngx_strcasecmp()/ngx_strncasecmp()
Igor Sysoev <igor@sysoev.ru>
parents:
906
diff
changeset
|
578 sizeof("Auth-Server") - 1) |
db7c468c447d
ngx_strcasecmp()/ngx_strncasecmp()
Igor Sysoev <igor@sysoev.ru>
parents:
906
diff
changeset
|
579 == 0) |
527 | 580 { |
581 ctx->addr.len = ctx->header_end - ctx->header_start; | |
582 ctx->addr.data = ctx->header_start; | |
583 | |
584 continue; | |
585 } | |
586 | |
587 if (len == sizeof("Auth-Port") - 1 | |
1107
db7c468c447d
ngx_strcasecmp()/ngx_strncasecmp()
Igor Sysoev <igor@sysoev.ru>
parents:
906
diff
changeset
|
588 && ngx_strncasecmp(ctx->header_name_start, |
db7c468c447d
ngx_strcasecmp()/ngx_strncasecmp()
Igor Sysoev <igor@sysoev.ru>
parents:
906
diff
changeset
|
589 (u_char *) "Auth-Port", |
db7c468c447d
ngx_strcasecmp()/ngx_strncasecmp()
Igor Sysoev <igor@sysoev.ru>
parents:
906
diff
changeset
|
590 sizeof("Auth-Port") - 1) |
db7c468c447d
ngx_strcasecmp()/ngx_strncasecmp()
Igor Sysoev <igor@sysoev.ru>
parents:
906
diff
changeset
|
591 == 0) |
527 | 592 { |
593 ctx->port.len = ctx->header_end - ctx->header_start; | |
594 ctx->port.data = ctx->header_start; | |
595 | |
596 continue; | |
597 } | |
598 | |
599 if (len == sizeof("Auth-User") - 1 | |
1107
db7c468c447d
ngx_strcasecmp()/ngx_strncasecmp()
Igor Sysoev <igor@sysoev.ru>
parents:
906
diff
changeset
|
600 && ngx_strncasecmp(ctx->header_name_start, |
db7c468c447d
ngx_strcasecmp()/ngx_strncasecmp()
Igor Sysoev <igor@sysoev.ru>
parents:
906
diff
changeset
|
601 (u_char *) "Auth-User", |
db7c468c447d
ngx_strcasecmp()/ngx_strncasecmp()
Igor Sysoev <igor@sysoev.ru>
parents:
906
diff
changeset
|
602 sizeof("Auth-User") - 1) |
db7c468c447d
ngx_strcasecmp()/ngx_strncasecmp()
Igor Sysoev <igor@sysoev.ru>
parents:
906
diff
changeset
|
603 == 0) |
527 | 604 { |
605 s->login.len = ctx->header_end - ctx->header_start; | |
567 | 606 |
607 s->login.data = ngx_palloc(s->connection->pool, s->login.len); | |
608 if (s->login.data == NULL) { | |
609 ngx_close_connection(ctx->peer.connection); | |
610 ngx_destroy_pool(ctx->pool); | |
1136 | 611 ngx_mail_session_internal_server_error(s); |
567 | 612 return; |
613 } | |
614 | |
615 ngx_memcpy(s->login.data, ctx->header_start, s->login.len); | |
527 | 616 |
617 continue; | |
618 } | |
619 | |
800 | 620 if (len == sizeof("Auth-Pass") - 1 |
1107
db7c468c447d
ngx_strcasecmp()/ngx_strncasecmp()
Igor Sysoev <igor@sysoev.ru>
parents:
906
diff
changeset
|
621 && ngx_strncasecmp(ctx->header_name_start, |
db7c468c447d
ngx_strcasecmp()/ngx_strncasecmp()
Igor Sysoev <igor@sysoev.ru>
parents:
906
diff
changeset
|
622 (u_char *) "Auth-Pass", |
db7c468c447d
ngx_strcasecmp()/ngx_strncasecmp()
Igor Sysoev <igor@sysoev.ru>
parents:
906
diff
changeset
|
623 sizeof("Auth-Pass") - 1) |
db7c468c447d
ngx_strcasecmp()/ngx_strncasecmp()
Igor Sysoev <igor@sysoev.ru>
parents:
906
diff
changeset
|
624 == 0) |
800 | 625 { |
626 s->passwd.len = ctx->header_end - ctx->header_start; | |
627 | |
628 s->passwd.data = ngx_palloc(s->connection->pool, s->passwd.len); | |
629 if (s->passwd.data == NULL) { | |
630 ngx_close_connection(ctx->peer.connection); | |
631 ngx_destroy_pool(ctx->pool); | |
1136 | 632 ngx_mail_session_internal_server_error(s); |
800 | 633 return; |
634 } | |
635 | |
636 ngx_memcpy(s->passwd.data, ctx->header_start, s->passwd.len); | |
637 | |
638 continue; | |
639 } | |
640 | |
527 | 641 if (len == sizeof("Auth-Wait") - 1 |
1107
db7c468c447d
ngx_strcasecmp()/ngx_strncasecmp()
Igor Sysoev <igor@sysoev.ru>
parents:
906
diff
changeset
|
642 && ngx_strncasecmp(ctx->header_name_start, |
db7c468c447d
ngx_strcasecmp()/ngx_strncasecmp()
Igor Sysoev <igor@sysoev.ru>
parents:
906
diff
changeset
|
643 (u_char *) "Auth-Wait", |
db7c468c447d
ngx_strcasecmp()/ngx_strncasecmp()
Igor Sysoev <igor@sysoev.ru>
parents:
906
diff
changeset
|
644 sizeof("Auth-Wait") - 1) |
db7c468c447d
ngx_strcasecmp()/ngx_strncasecmp()
Igor Sysoev <igor@sysoev.ru>
parents:
906
diff
changeset
|
645 == 0) |
527 | 646 { |
647 n = ngx_atoi(ctx->header_start, | |
648 ctx->header_end - ctx->header_start); | |
649 | |
650 if (n != NGX_ERROR) { | |
651 ctx->sleep = n; | |
652 } | |
653 | |
654 continue; | |
655 } | |
656 | |
1136 | 657 if (len == sizeof("Auth-Error-Code") - 1 |
658 && ngx_strncasecmp(ctx->header_name_start, | |
659 (u_char *) "Auth-Error-Code", | |
660 sizeof("Auth-Error-Code") - 1) | |
661 == 0) | |
662 { | |
663 ctx->errcode.len = ctx->header_end - ctx->header_start; | |
664 | |
665 ctx->errcode.data = ngx_palloc(s->connection->pool, | |
666 ctx->errcode.len); | |
667 if (ctx->errcode.data == NULL) { | |
668 ngx_close_connection(ctx->peer.connection); | |
669 ngx_destroy_pool(ctx->pool); | |
670 ngx_mail_session_internal_server_error(s); | |
671 return; | |
672 } | |
673 | |
674 ngx_memcpy(ctx->errcode.data, ctx->header_start, | |
675 ctx->errcode.len); | |
676 | |
677 continue; | |
678 } | |
679 | |
527 | 680 /* ignore other headers */ |
681 | |
682 continue; | |
683 } | |
684 | |
685 if (rc == NGX_DONE) { | |
1136 | 686 ngx_log_debug0(NGX_LOG_DEBUG_MAIL, s->connection->log, 0, |
687 "mail auth http header done"); | |
527 | 688 |
689 ngx_close_connection(ctx->peer.connection); | |
690 | |
691 if (ctx->err.len) { | |
1136 | 692 |
567 | 693 ngx_log_error(NGX_LOG_INFO, s->connection->log, 0, |
694 "client login failed: \"%V\"", &ctx->errmsg); | |
695 | |
1136 | 696 if (s->protocol == NGX_MAIL_SMTP_PROTOCOL) { |
697 | |
698 if (ctx->errcode.len == 0) { | |
699 ctx->errcode = ngx_mail_smtp_errcode; | |
700 } | |
701 | |
702 ctx->err.len = ctx->errcode.len + ctx->errmsg.len | |
703 + sizeof(" " CRLF) - 1; | |
704 | |
1166 | 705 p = ngx_palloc(s->connection->pool, ctx->err.len); |
706 if (p == NULL) { | |
707 ngx_close_connection(ctx->peer.connection); | |
708 ngx_destroy_pool(ctx->pool); | |
709 ngx_mail_session_internal_server_error(s); | |
710 return; | |
711 } | |
1136 | 712 |
1166 | 713 ctx->err.data = p; |
1136 | 714 |
1166 | 715 p = ngx_cpymem(p, ctx->errcode.data, ctx->errcode.len); |
1136 | 716 *p++ = ' '; |
1166 | 717 p = ngx_cpymem(p, ctx->errmsg.data, ctx->errmsg.len); |
1136 | 718 *p++ = CR; *p = LF; |
719 } | |
720 | |
539 | 721 s->out = ctx->err; |
547 | 722 timer = ctx->sleep; |
527 | 723 |
547 | 724 ngx_destroy_pool(ctx->pool); |
725 | |
726 if (timer == 0) { | |
539 | 727 s->quit = 1; |
1136 | 728 ngx_mail_send(s->connection->write); |
541 | 729 return; |
730 } | |
539 | 731 |
547 | 732 ngx_add_timer(s->connection->read, timer * 1000); |
527 | 733 |
1136 | 734 s->connection->read->handler = ngx_mail_auth_sleep_handler; |
527 | 735 |
736 return; | |
737 } | |
738 | |
883 | 739 if (s->auth_wait) { |
740 timer = ctx->sleep; | |
741 | |
742 ngx_destroy_pool(ctx->pool); | |
743 | |
744 if (timer == 0) { | |
1136 | 745 ngx_mail_auth_http_init(s); |
883 | 746 return; |
747 } | |
748 | |
749 ngx_add_timer(s->connection->read, timer * 1000); | |
750 | |
1136 | 751 s->connection->read->handler = ngx_mail_auth_sleep_handler; |
883 | 752 |
753 return; | |
754 } | |
755 | |
527 | 756 if (ctx->addr.len == 0 || ctx->port.len == 0) { |
757 ngx_log_error(NGX_LOG_ERR, s->connection->log, 0, | |
541 | 758 "auth http server %V did not send server or port", |
884 | 759 ctx->peer.name); |
547 | 760 ngx_destroy_pool(ctx->pool); |
1136 | 761 ngx_mail_session_internal_server_error(s); |
527 | 762 return; |
763 } | |
764 | |
1136 | 765 if (s->passwd.data == NULL && s->protocol != NGX_MAIL_SMTP_PROTOCOL) |
766 { | |
800 | 767 ngx_log_error(NGX_LOG_ERR, s->connection->log, 0, |
768 "auth http server %V did not send password", | |
884 | 769 ctx->peer.name); |
800 | 770 ngx_destroy_pool(ctx->pool); |
1136 | 771 ngx_mail_session_internal_server_error(s); |
800 | 772 return; |
773 } | |
774 | |
884 | 775 peer = ngx_pcalloc(s->connection->pool, sizeof(ngx_peer_addr_t)); |
776 if (peer == NULL) { | |
547 | 777 ngx_destroy_pool(ctx->pool); |
1136 | 778 ngx_mail_session_internal_server_error(s); |
527 | 779 return; |
780 } | |
781 | |
782 sin = ngx_pcalloc(s->connection->pool, sizeof(struct sockaddr_in)); | |
783 if (sin == NULL) { | |
547 | 784 ngx_destroy_pool(ctx->pool); |
1136 | 785 ngx_mail_session_internal_server_error(s); |
527 | 786 return; |
787 } | |
788 | |
789 sin->sin_family = AF_INET; | |
790 | |
791 port = ngx_atoi(ctx->port.data, ctx->port.len); | |
792 if (port == NGX_ERROR || port < 1 || port > 65536) { | |
793 ngx_log_error(NGX_LOG_ERR, s->connection->log, 0, | |
541 | 794 "auth http server %V sent invalid server " |
795 "port:\"%V\"", | |
884 | 796 ctx->peer.name, &ctx->port); |
547 | 797 ngx_destroy_pool(ctx->pool); |
1136 | 798 ngx_mail_session_internal_server_error(s); |
527 | 799 return; |
800 } | |
801 | |
802 sin->sin_port = htons((in_port_t) port); | |
803 | |
804 ctx->addr.data[ctx->addr.len] = '\0'; | |
805 sin->sin_addr.s_addr = inet_addr((char *) ctx->addr.data); | |
806 if (sin->sin_addr.s_addr == INADDR_NONE) { | |
807 ngx_log_error(NGX_LOG_ERR, s->connection->log, 0, | |
541 | 808 "auth http server %V sent invalid server " |
809 "address:\"%V\"", | |
884 | 810 ctx->peer.name, &ctx->addr); |
547 | 811 ngx_destroy_pool(ctx->pool); |
1136 | 812 ngx_mail_session_internal_server_error(s); |
527 | 813 return; |
814 } | |
815 | |
884 | 816 peer->sockaddr = (struct sockaddr *) sin; |
817 peer->socklen = sizeof(struct sockaddr_in); | |
527 | 818 |
819 len = ctx->addr.len + 1 + ctx->port.len; | |
820 | |
884 | 821 peer->name.len = len; |
527 | 822 |
884 | 823 peer->name.data = ngx_palloc(s->connection->pool, len); |
824 if (peer->name.data == NULL) { | |
547 | 825 ngx_destroy_pool(ctx->pool); |
1136 | 826 ngx_mail_session_internal_server_error(s); |
527 | 827 return; |
828 } | |
829 | |
830 len = ctx->addr.len; | |
831 | |
884 | 832 ngx_memcpy(peer->name.data, ctx->addr.data, len); |
527 | 833 |
884 | 834 peer->name.data[len++] = ':'; |
527 | 835 |
884 | 836 ngx_memcpy(peer->name.data + len, ctx->port.data, ctx->port.len); |
527 | 837 |
547 | 838 ngx_destroy_pool(ctx->pool); |
1136 | 839 ngx_mail_proxy_init(s, peer); |
527 | 840 |
841 return; | |
842 } | |
843 | |
844 if (rc == NGX_AGAIN ) { | |
845 return; | |
846 } | |
847 | |
848 /* rc == NGX_ERROR */ | |
849 | |
850 ngx_log_error(NGX_LOG_ERR, s->connection->log, 0, | |
541 | 851 "auth http server %V sent invalid header in response", |
884 | 852 ctx->peer.name); |
527 | 853 ngx_close_connection(ctx->peer.connection); |
547 | 854 ngx_destroy_pool(ctx->pool); |
1136 | 855 ngx_mail_session_internal_server_error(s); |
527 | 856 |
857 return; | |
858 } | |
859 } | |
860 | |
521 | 861 |
527 | 862 static void |
1136 | 863 ngx_mail_auth_sleep_handler(ngx_event_t *rev) |
527 | 864 { |
543 | 865 ngx_connection_t *c; |
1136 | 866 ngx_mail_session_t *s; |
867 ngx_mail_core_srv_conf_t *cscf; | |
527 | 868 |
1136 | 869 ngx_log_debug0(NGX_LOG_DEBUG_MAIL, rev->log, 0, "mail auth sleep handler"); |
527 | 870 |
871 c = rev->data; | |
872 s = c->data; | |
873 | |
874 if (rev->timedout) { | |
875 | |
876 rev->timedout = 0; | |
877 | |
883 | 878 if (s->auth_wait) { |
879 s->auth_wait = 0; | |
1136 | 880 ngx_mail_auth_http_init(s); |
883 | 881 return; |
882 } | |
883 | |
1477 | 884 s->mail_state = ngx_mail_start_states[s->protocol]; |
885 rev->handler = ngx_mail_auth_states[s->protocol]; | |
527 | 886 |
1136 | 887 s->auth_method = NGX_MAIL_AUTH_PLAIN; |
800 | 888 |
543 | 889 c->log->action = "in auth state"; |
890 | |
1477 | 891 ngx_mail_send(c->write); |
543 | 892 |
583 | 893 if (c->destroyed) { |
543 | 894 return; |
895 } | |
896 | |
1136 | 897 cscf = ngx_mail_get_module_srv_conf(s, ngx_mail_core_module); |
543 | 898 |
899 ngx_add_timer(rev, cscf->timeout); | |
900 | |
527 | 901 if (rev->ready) { |
1477 | 902 rev->handler(rev); |
527 | 903 return; |
904 } | |
905 | |
906 if (ngx_handle_read_event(rev, 0) == NGX_ERROR) { | |
1477 | 907 ngx_mail_close_connection(c); |
527 | 908 } |
909 | |
910 return; | |
911 } | |
912 | |
913 if (rev->active) { | |
914 if (ngx_handle_read_event(rev, 0) == NGX_ERROR) { | |
1477 | 915 ngx_mail_close_connection(c); |
527 | 916 } |
917 } | |
918 } | |
919 | |
920 | |
921 static ngx_int_t | |
1136 | 922 ngx_mail_auth_http_parse_header_line(ngx_mail_session_t *s, |
923 ngx_mail_auth_http_ctx_t *ctx) | |
527 | 924 { |
925 u_char c, ch, *p; | |
926 ngx_uint_t hash; | |
927 enum { | |
928 sw_start = 0, | |
929 sw_name, | |
930 sw_space_before_value, | |
931 sw_value, | |
932 sw_space_after_value, | |
577 | 933 sw_almost_done, |
527 | 934 sw_header_almost_done |
935 } state; | |
936 | |
577 | 937 state = ctx->state; |
527 | 938 hash = ctx->hash; |
939 | |
940 for (p = ctx->response->pos; p < ctx->response->last; p++) { | |
941 ch = *p; | |
942 | |
943 switch (state) { | |
944 | |
945 /* first char */ | |
946 case sw_start: | |
947 | |
948 switch (ch) { | |
949 case CR: | |
577 | 950 ctx->header_end = p; |
527 | 951 state = sw_header_almost_done; |
952 break; | |
577 | 953 case LF: |
527 | 954 ctx->header_end = p; |
955 goto header_done; | |
956 default: | |
957 state = sw_name; | |
958 ctx->header_name_start = p; | |
959 | |
960 c = (u_char) (ch | 0x20); | |
961 if (c >= 'a' && c <= 'z') { | |
962 hash = c; | |
963 break; | |
964 } | |
965 | |
966 if (ch >= '0' && ch <= '9') { | |
967 hash = ch; | |
968 break; | |
969 } | |
970 | |
971 return NGX_ERROR; | |
972 } | |
973 break; | |
974 | |
975 /* header name */ | |
976 case sw_name: | |
977 c = (u_char) (ch | 0x20); | |
978 if (c >= 'a' && c <= 'z') { | |
979 hash += c; | |
980 break; | |
981 } | |
982 | |
983 if (ch == ':') { | |
984 ctx->header_name_end = p; | |
985 state = sw_space_before_value; | |
986 break; | |
987 } | |
988 | |
989 if (ch == '-') { | |
990 hash += ch; | |
991 break; | |
992 } | |
993 | |
994 if (ch >= '0' && ch <= '9') { | |
995 hash += ch; | |
996 break; | |
997 } | |
998 | |
999 if (ch == CR) { | |
1000 ctx->header_name_end = p; | |
1001 ctx->header_start = p; | |
1002 ctx->header_end = p; | |
1003 state = sw_almost_done; | |
1004 break; | |
1005 } | |
1006 | |
1007 if (ch == LF) { | |
1008 ctx->header_name_end = p; | |
1009 ctx->header_start = p; | |
1010 ctx->header_end = p; | |
1011 goto done; | |
1012 } | |
1013 | |
1014 return NGX_ERROR; | |
1015 | |
1016 /* space* before header value */ | |
1017 case sw_space_before_value: | |
1018 switch (ch) { | |
1019 case ' ': | |
1020 break; | |
1021 case CR: | |
1022 ctx->header_start = p; | |
1023 ctx->header_end = p; | |
1024 state = sw_almost_done; | |
1025 break; | |
1026 case LF: | |
1027 ctx->header_start = p; | |
1028 ctx->header_end = p; | |
1029 goto done; | |
1030 default: | |
1031 ctx->header_start = p; | |
1032 state = sw_value; | |
1033 break; | |
1034 } | |
1035 break; | |
1036 | |
1037 /* header value */ | |
1038 case sw_value: | |
1039 switch (ch) { | |
1040 case ' ': | |
1041 ctx->header_end = p; | |
1042 state = sw_space_after_value; | |
1043 break; | |
1044 case CR: | |
1045 ctx->header_end = p; | |
1046 state = sw_almost_done; | |
1047 break; | |
1048 case LF: | |
1049 ctx->header_end = p; | |
1050 goto done; | |
1051 } | |
1052 break; | |
1053 | |
1054 /* space* before end of header line */ | |
1055 case sw_space_after_value: | |
1056 switch (ch) { | |
1057 case ' ': | |
1058 break; | |
1059 case CR: | |
1060 state = sw_almost_done; | |
1061 break; | |
1062 case LF: | |
1063 goto done; | |
1064 default: | |
1065 state = sw_value; | |
1066 break; | |
1067 } | |
1068 break; | |
1069 | |
1070 /* end of header line */ | |
1071 case sw_almost_done: | |
1072 switch (ch) { | |
1073 case LF: | |
1074 goto done; | |
1075 default: | |
1076 return NGX_ERROR; | |
1077 } | |
1078 | |
1079 /* end of header */ | |
1080 case sw_header_almost_done: | |
1081 switch (ch) { | |
1082 case LF: | |
1083 goto header_done; | |
1084 default: | |
1085 return NGX_ERROR; | |
1086 } | |
1087 } | |
1088 } | |
1089 | |
1090 ctx->response->pos = p; | |
1091 ctx->state = state; | |
1092 ctx->hash = hash; | |
1093 | |
1094 return NGX_AGAIN; | |
1095 | |
1096 done: | |
1097 | |
1098 ctx->response->pos = p + 1; | |
1099 ctx->state = sw_start; | |
1100 ctx->hash = hash; | |
1101 | |
1102 return NGX_OK; | |
1103 | |
1104 header_done: | |
1105 | |
1106 ctx->response->pos = p + 1; | |
1107 ctx->state = sw_start; | |
1108 | |
1109 return NGX_DONE; | |
521 | 1110 } |
1111 | |
1112 | |
1113 static void | |
1136 | 1114 ngx_mail_auth_http_block_read(ngx_event_t *rev) |
521 | 1115 { |
1116 ngx_connection_t *c; | |
1136 | 1117 ngx_mail_session_t *s; |
1118 ngx_mail_auth_http_ctx_t *ctx; | |
521 | 1119 |
1136 | 1120 ngx_log_debug0(NGX_LOG_DEBUG_MAIL, rev->log, 0, |
1121 "mail auth http block read"); | |
521 | 1122 |
1123 if (ngx_handle_read_event(rev, 0) == NGX_ERROR) { | |
1124 c = rev->data; | |
1125 s = c->data; | |
1126 | |
1136 | 1127 ctx = ngx_mail_get_module_ctx(s, ngx_mail_auth_http_module); |
521 | 1128 |
525 | 1129 ngx_close_connection(ctx->peer.connection); |
547 | 1130 ngx_destroy_pool(ctx->pool); |
1136 | 1131 ngx_mail_session_internal_server_error(s); |
521 | 1132 } |
1133 } | |
1134 | |
1135 | |
1136 static void | |
1136 | 1137 ngx_mail_auth_http_dummy_handler(ngx_event_t *ev) |
521 | 1138 { |
1136 | 1139 ngx_log_debug0(NGX_LOG_DEBUG_MAIL, ev->log, 0, |
1140 "mail auth http dummy handler"); | |
521 | 1141 } |
1142 | |
1143 | |
1144 static ngx_buf_t * | |
1136 | 1145 ngx_mail_auth_http_create_request(ngx_mail_session_t *s, ngx_pool_t *pool, |
1146 ngx_mail_auth_http_conf_t *ahcf) | |
521 | 1147 { |
1148 size_t len; | |
1149 ngx_buf_t *b; | |
633 | 1150 ngx_str_t login, passwd; |
1151 | |
1136 | 1152 if (ngx_mail_auth_http_escape(pool, &s->login, &login) != NGX_OK) { |
633 | 1153 return NULL; |
1154 } | |
1155 | |
1136 | 1156 if (ngx_mail_auth_http_escape(pool, &s->passwd, &passwd) != NGX_OK) { |
633 | 1157 return NULL; |
1158 } | |
521 | 1159 |
1160 len = sizeof("GET ") - 1 + ahcf->uri.len + sizeof(" HTTP/1.0" CRLF) - 1 | |
1161 + sizeof("Host: ") - 1 + ahcf->host_header.len + sizeof(CRLF) - 1 | |
856
0197d6aae54e
use correct auth method length
Igor Sysoev <igor@sysoev.ru>
parents:
854
diff
changeset
|
1162 + sizeof("Auth-Method: ") - 1 |
1136 | 1163 + ngx_mail_auth_http_method[s->auth_method].len |
856
0197d6aae54e
use correct auth method length
Igor Sysoev <igor@sysoev.ru>
parents:
854
diff
changeset
|
1164 + sizeof(CRLF) - 1 |
633 | 1165 + sizeof("Auth-User: ") - 1 + login.len + sizeof(CRLF) - 1 |
1166 + sizeof("Auth-Pass: ") - 1 + passwd.len + sizeof(CRLF) - 1 | |
800 | 1167 + sizeof("Auth-Salt: ") - 1 + s->salt.len |
521 | 1168 + sizeof("Auth-Protocol: imap" CRLF) - 1 |
527 | 1169 + sizeof("Auth-Login-Attempt: ") - 1 + NGX_INT_T_LEN |
1170 + sizeof(CRLF) - 1 | |
521 | 1171 + sizeof("Client-IP: ") - 1 + s->connection->addr_text.len |
1172 + sizeof(CRLF) - 1 | |
1285
0c10dc6a8e74
fix memory allocation for auth_http_header
Igor Sysoev <igor@sysoev.ru>
parents:
1166
diff
changeset
|
1173 + ahcf->header.len |
521 | 1174 + sizeof(CRLF) - 1; |
1175 | |
547 | 1176 b = ngx_create_temp_buf(pool, len); |
521 | 1177 if (b == NULL) { |
1178 return NULL; | |
1179 } | |
1180 | |
1181 b->last = ngx_cpymem(b->last, "GET ", sizeof("GET ") - 1); | |
573 | 1182 b->last = ngx_copy(b->last, ahcf->uri.data, ahcf->uri.len); |
521 | 1183 b->last = ngx_cpymem(b->last, " HTTP/1.0" CRLF, |
1184 sizeof(" HTTP/1.0" CRLF) - 1); | |
1185 | |
1186 b->last = ngx_cpymem(b->last, "Host: ", sizeof("Host: ") - 1); | |
573 | 1187 b->last = ngx_copy(b->last, ahcf->host_header.data, |
521 | 1188 ahcf->host_header.len); |
1189 *b->last++ = CR; *b->last++ = LF; | |
1190 | |
800 | 1191 b->last = ngx_cpymem(b->last, "Auth-Method: ", |
1192 sizeof("Auth-Method: ") - 1); | |
1193 b->last = ngx_cpymem(b->last, | |
1136 | 1194 ngx_mail_auth_http_method[s->auth_method].data, |
1195 ngx_mail_auth_http_method[s->auth_method].len); | |
800 | 1196 *b->last++ = CR; *b->last++ = LF; |
521 | 1197 |
1198 b->last = ngx_cpymem(b->last, "Auth-User: ", sizeof("Auth-User: ") - 1); | |
633 | 1199 b->last = ngx_copy(b->last, login.data, login.len); |
521 | 1200 *b->last++ = CR; *b->last++ = LF; |
1201 | |
1202 b->last = ngx_cpymem(b->last, "Auth-Pass: ", sizeof("Auth-Pass: ") - 1); | |
633 | 1203 b->last = ngx_copy(b->last, passwd.data, passwd.len); |
521 | 1204 *b->last++ = CR; *b->last++ = LF; |
1205 | |
1136 | 1206 if (s->auth_method != NGX_MAIL_AUTH_PLAIN && s->salt.len) { |
800 | 1207 b->last = ngx_cpymem(b->last, "Auth-Salt: ", sizeof("Auth-Salt: ") - 1); |
1208 b->last = ngx_copy(b->last, s->salt.data, s->salt.len); | |
1209 | |
1210 s->passwd.data = NULL; | |
1211 } | |
1212 | |
521 | 1213 b->last = ngx_cpymem(b->last, "Auth-Protocol: ", |
1214 sizeof("Auth-Protocol: ") - 1); | |
1136 | 1215 b->last = ngx_cpymem(b->last, ngx_mail_auth_http_protocol[s->protocol], |
521 | 1216 sizeof("imap") - 1); |
1217 *b->last++ = CR; *b->last++ = LF; | |
1218 | |
527 | 1219 b->last = ngx_sprintf(b->last, "Auth-Login-Attempt: %ui" CRLF, |
1220 s->login_attempt); | |
1221 | |
521 | 1222 b->last = ngx_cpymem(b->last, "Client-IP: ", sizeof("Client-IP: ") - 1); |
573 | 1223 b->last = ngx_copy(b->last, s->connection->addr_text.data, |
521 | 1224 s->connection->addr_text.len); |
1225 *b->last++ = CR; *b->last++ = LF; | |
1226 | |
573 | 1227 if (ahcf->header.len) { |
1228 b->last = ngx_copy(b->last, ahcf->header.data, ahcf->header.len); | |
1229 } | |
1230 | |
521 | 1231 /* add "\r\n" at the header end */ |
1232 *b->last++ = CR; *b->last++ = LF; | |
1233 | |
1136 | 1234 #if (NGX_DEBUG_MAIL_PASSWD) |
521 | 1235 { |
1236 ngx_str_t l; | |
1237 | |
1238 l.len = b->last - b->pos; | |
1239 l.data = b->pos; | |
1136 | 1240 ngx_log_debug1(NGX_LOG_DEBUG_MAIL, s->connection->log, 0, |
1241 "mail auth http header:\n\"%V\"", &l); | |
521 | 1242 } |
1243 #endif | |
1244 | |
1245 return b; | |
1246 } | |
1247 | |
1248 | |
633 | 1249 static ngx_int_t |
1136 | 1250 ngx_mail_auth_http_escape(ngx_pool_t *pool, ngx_str_t *text, ngx_str_t *escaped) |
633 | 1251 { |
1405
fdd064faf26a
escape " ", "%", and %00-%1F in login and password
Igor Sysoev <igor@sysoev.ru>
parents:
1392
diff
changeset
|
1252 u_char *p; |
fdd064faf26a
escape " ", "%", and %00-%1F in login and password
Igor Sysoev <igor@sysoev.ru>
parents:
1392
diff
changeset
|
1253 uintptr_t n; |
633 | 1254 |
1405
fdd064faf26a
escape " ", "%", and %00-%1F in login and password
Igor Sysoev <igor@sysoev.ru>
parents:
1392
diff
changeset
|
1255 n = ngx_escape_uri(NULL, text->data, text->len, NGX_ESCAPE_MAIL_AUTH); |
633 | 1256 |
1257 if (n == 0) { | |
1258 *escaped = *text; | |
1259 return NGX_OK; | |
1260 } | |
1261 | |
1262 escaped->len = text->len + n * 2; | |
1263 | |
1264 p = ngx_palloc(pool, escaped->len); | |
1265 if (p == NULL) { | |
1266 return NGX_ERROR; | |
1267 } | |
1268 | |
1405
fdd064faf26a
escape " ", "%", and %00-%1F in login and password
Igor Sysoev <igor@sysoev.ru>
parents:
1392
diff
changeset
|
1269 (void) ngx_escape_uri(p, text->data, text->len, NGX_ESCAPE_MAIL_AUTH); |
633 | 1270 |
1405
fdd064faf26a
escape " ", "%", and %00-%1F in login and password
Igor Sysoev <igor@sysoev.ru>
parents:
1392
diff
changeset
|
1271 escaped->data = p; |
633 | 1272 |
1273 return NGX_OK; | |
1274 } | |
1275 | |
1276 | |
521 | 1277 static void * |
1136 | 1278 ngx_mail_auth_http_create_conf(ngx_conf_t *cf) |
577 | 1279 { |
1136 | 1280 ngx_mail_auth_http_conf_t *ahcf; |
577 | 1281 |
1136 | 1282 ahcf = ngx_pcalloc(cf->pool, sizeof(ngx_mail_auth_http_conf_t)); |
521 | 1283 if (ahcf == NULL) { |
1284 return NGX_CONF_ERROR; | |
1285 } | |
1286 | |
1287 ahcf->timeout = NGX_CONF_UNSET_MSEC; | |
1288 | |
1392 | 1289 ahcf->file = cf->conf_file->file.name.data; |
1290 ahcf->line = cf->conf_file->line; | |
1291 | |
521 | 1292 return ahcf; |
1293 } | |
1294 | |
1295 | |
1296 static char * | |
1136 | 1297 ngx_mail_auth_http_merge_conf(ngx_conf_t *cf, void *parent, void *child) |
521 | 1298 { |
1136 | 1299 ngx_mail_auth_http_conf_t *prev = parent; |
1300 ngx_mail_auth_http_conf_t *conf = child; | |
521 | 1301 |
573 | 1302 u_char *p; |
1303 size_t len; | |
1304 ngx_uint_t i; | |
1305 ngx_table_elt_t *header; | |
1306 | |
884 | 1307 if (conf->peer == NULL) { |
1308 conf->peer = prev->peer; | |
521 | 1309 conf->host_header = prev->host_header; |
1310 conf->uri = prev->uri; | |
1392 | 1311 |
1312 if (conf->peer == NULL) { | |
1313 ngx_log_error(NGX_LOG_EMERG, cf->log, 0, | |
1314 "no \"http_auth\" is defined for server in %s:%ui", | |
1315 conf->file, conf->line); | |
1316 | |
1317 return NGX_CONF_ERROR; | |
1318 } | |
521 | 1319 } |
1320 | |
1321 ngx_conf_merge_msec_value(conf->timeout, prev->timeout, 60000); | |
1322 | |
573 | 1323 if (conf->headers == NULL) { |
1324 conf->headers = prev->headers; | |
1325 conf->header = prev->header; | |
1326 } | |
1327 | |
1328 if (conf->headers && conf->header.len == 0) { | |
1329 len = 0; | |
1330 header = conf->headers->elts; | |
1331 for (i = 0; i < conf->headers->nelts; i++) { | |
1332 len += header[i].key.len + 2 + header[i].value.len + 2; | |
1333 } | |
1334 | |
1335 p = ngx_palloc(cf->pool, len); | |
1336 if (p == NULL) { | |
1337 return NGX_CONF_ERROR; | |
1338 } | |
1339 | |
1340 conf->header.len = len; | |
1341 conf->header.data = p; | |
1342 | |
1343 for (i = 0; i < conf->headers->nelts; i++) { | |
1344 p = ngx_cpymem(p, header[i].key.data, header[i].key.len); | |
1345 *p++ = ':'; *p++ = ' '; | |
1346 p = ngx_cpymem(p, header[i].value.data, header[i].value.len); | |
1347 *p++ = CR; *p++ = LF; | |
1348 } | |
1349 } | |
1350 | |
521 | 1351 return NGX_CONF_OK; |
1352 } | |
1353 | |
1354 | |
1355 static char * | |
1136 | 1356 ngx_mail_auth_http(ngx_conf_t *cf, ngx_command_t *cmd, void *conf) |
577 | 1357 { |
1136 | 1358 ngx_mail_auth_http_conf_t *ahcf = conf; |
521 | 1359 |
805
8ee450f30c25
now the "auth_http" directive uses ngx_parse_url()
Igor Sysoev <igor@sysoev.ru>
parents:
800
diff
changeset
|
1360 ngx_str_t *value; |
8ee450f30c25
now the "auth_http" directive uses ngx_parse_url()
Igor Sysoev <igor@sysoev.ru>
parents:
800
diff
changeset
|
1361 ngx_url_t u; |
573 | 1362 |
521 | 1363 value = cf->args->elts; |
1364 | |
805
8ee450f30c25
now the "auth_http" directive uses ngx_parse_url()
Igor Sysoev <igor@sysoev.ru>
parents:
800
diff
changeset
|
1365 ngx_memzero(&u, sizeof(ngx_url_t)); |
521 | 1366 |
805
8ee450f30c25
now the "auth_http" directive uses ngx_parse_url()
Igor Sysoev <igor@sysoev.ru>
parents:
800
diff
changeset
|
1367 u.url = value[1]; |
906 | 1368 u.default_port = 80; |
805
8ee450f30c25
now the "auth_http" directive uses ngx_parse_url()
Igor Sysoev <igor@sysoev.ru>
parents:
800
diff
changeset
|
1369 u.uri_part = 1; |
884 | 1370 u.one_addr = 1; |
577 | 1371 |
1391
4eed21047e4d
allow "http://" in auth_http URL
Igor Sysoev <igor@sysoev.ru>
parents:
1390
diff
changeset
|
1372 if (ngx_strncmp(u.url.data, "http://", 7) == 0) { |
4eed21047e4d
allow "http://" in auth_http URL
Igor Sysoev <igor@sysoev.ru>
parents:
1390
diff
changeset
|
1373 u.url.len -= 7; |
4eed21047e4d
allow "http://" in auth_http URL
Igor Sysoev <igor@sysoev.ru>
parents:
1390
diff
changeset
|
1374 u.url.data += 7; |
4eed21047e4d
allow "http://" in auth_http URL
Igor Sysoev <igor@sysoev.ru>
parents:
1390
diff
changeset
|
1375 } |
4eed21047e4d
allow "http://" in auth_http URL
Igor Sysoev <igor@sysoev.ru>
parents:
1390
diff
changeset
|
1376 |
805
8ee450f30c25
now the "auth_http" directive uses ngx_parse_url()
Igor Sysoev <igor@sysoev.ru>
parents:
800
diff
changeset
|
1377 if (ngx_parse_url(cf, &u) != NGX_OK) { |
8ee450f30c25
now the "auth_http" directive uses ngx_parse_url()
Igor Sysoev <igor@sysoev.ru>
parents:
800
diff
changeset
|
1378 if (u.err) { |
8ee450f30c25
now the "auth_http" directive uses ngx_parse_url()
Igor Sysoev <igor@sysoev.ru>
parents:
800
diff
changeset
|
1379 ngx_conf_log_error(NGX_LOG_EMERG, cf, 0, |
8ee450f30c25
now the "auth_http" directive uses ngx_parse_url()
Igor Sysoev <igor@sysoev.ru>
parents:
800
diff
changeset
|
1380 "%s in auth_http \"%V\"", u.err, &u.url); |
8ee450f30c25
now the "auth_http" directive uses ngx_parse_url()
Igor Sysoev <igor@sysoev.ru>
parents:
800
diff
changeset
|
1381 } |
1390 | 1382 |
1383 return NGX_CONF_ERROR; | |
805
8ee450f30c25
now the "auth_http" directive uses ngx_parse_url()
Igor Sysoev <igor@sysoev.ru>
parents:
800
diff
changeset
|
1384 } |
521 | 1385 |
884 | 1386 ahcf->peer = u.addrs; |
521 | 1387 |
906 | 1388 ahcf->host_header = u.host; |
805
8ee450f30c25
now the "auth_http" directive uses ngx_parse_url()
Igor Sysoev <igor@sysoev.ru>
parents:
800
diff
changeset
|
1389 ahcf->uri = u.uri; |
521 | 1390 |
559 | 1391 if (ahcf->uri.len == 0) { |
555 | 1392 ahcf->uri.len = sizeof("/") - 1; |
1393 ahcf->uri.data = (u_char *) "/"; | |
1394 } | |
1395 | |
521 | 1396 return NGX_CONF_OK; |
1397 } | |
573 | 1398 |
1399 | |
1400 static char * | |
1136 | 1401 ngx_mail_auth_http_header(ngx_conf_t *cf, ngx_command_t *cmd, void *conf) |
577 | 1402 { |
1136 | 1403 ngx_mail_auth_http_conf_t *ahcf = conf; |
573 | 1404 |
1405 ngx_str_t *value; | |
1406 ngx_table_elt_t *header; | |
1407 | |
1408 if (ahcf->headers == NULL) { | |
1409 ahcf->headers = ngx_array_create(cf->pool, 1, sizeof(ngx_table_elt_t)); | |
1410 if (ahcf->headers == NULL) { | |
1411 return NGX_CONF_ERROR; | |
1412 } | |
1413 } | |
1414 | |
1415 header = ngx_array_push(ahcf->headers); | |
1416 if (header == NULL) { | |
1417 return NGX_CONF_ERROR; | |
1418 } | |
1419 | |
1420 value = cf->args->elts; | |
1421 | |
1422 header->key = value[1]; | |
1423 header->value = value[2]; | |
1424 | |
1425 return NGX_CONF_OK; | |
1426 } |