Mercurial > hg > nginx
annotate src/mail/ngx_mail_auth_http_module.c @ 1503:fa67e7914b70 stable-0.5
r1391, r1392, r1393 merge:
auth_http related changes:
*) stop configuration on error
*) allow "http://" in auth_http URL
*) test http_auth absence
author | Igor Sysoev <igor@sysoev.ru> |
---|---|
date | Sat, 22 Sep 2007 18:41:35 +0000 |
parents | 65cebdc99554 |
children | b19709ee1f52 |
rev | line source |
---|---|
521 | 1 |
2 /* | |
3 * Copyright (C) Igor Sysoev | |
4 */ | |
5 | |
6 | |
7 #include <ngx_config.h> | |
8 #include <ngx_core.h> | |
9 #include <ngx_event.h> | |
10 #include <ngx_event_connect.h> | |
1136 | 11 #include <ngx_mail.h> |
521 | 12 |
13 | |
14 typedef struct { | |
884 | 15 ngx_peer_addr_t *peer; |
521 | 16 |
527 | 17 ngx_msec_t timeout; |
521 | 18 |
527 | 19 ngx_str_t host_header; |
20 ngx_str_t uri; | |
573 | 21 ngx_str_t header; |
22 | |
23 ngx_array_t *headers; | |
1503 | 24 |
25 u_char *file; | |
26 ngx_uint_t line; | |
1136 | 27 } ngx_mail_auth_http_conf_t; |
521 | 28 |
29 | |
1136 | 30 typedef struct ngx_mail_auth_http_ctx_s ngx_mail_auth_http_ctx_t; |
527 | 31 |
1136 | 32 typedef void (*ngx_mail_auth_http_handler_pt)(ngx_mail_session_t *s, |
33 ngx_mail_auth_http_ctx_t *ctx); | |
527 | 34 |
1136 | 35 struct ngx_mail_auth_http_ctx_s { |
527 | 36 ngx_buf_t *request; |
37 ngx_buf_t *response; | |
38 ngx_peer_connection_t peer; | |
39 | |
1136 | 40 ngx_mail_auth_http_handler_pt handler; |
527 | 41 |
42 ngx_uint_t state; | |
43 ngx_uint_t hash; /* no needed ? */ | |
44 | |
45 u_char *header_name_start; | |
46 u_char *header_name_end; | |
47 u_char *header_start; | |
48 u_char *header_end; | |
49 | |
50 ngx_str_t addr; | |
51 ngx_str_t port; | |
52 ngx_str_t err; | |
567 | 53 ngx_str_t errmsg; |
1136 | 54 ngx_str_t errcode; |
527 | 55 |
547 | 56 time_t sleep; |
527 | 57 |
547 | 58 ngx_pool_t *pool; |
527 | 59 }; |
521 | 60 |
61 | |
1136 | 62 static void ngx_mail_auth_http_write_handler(ngx_event_t *wev); |
63 static void ngx_mail_auth_http_read_handler(ngx_event_t *rev); | |
64 static void ngx_mail_auth_http_ignore_status_line(ngx_mail_session_t *s, | |
65 ngx_mail_auth_http_ctx_t *ctx); | |
66 static void ngx_mail_auth_http_process_headers(ngx_mail_session_t *s, | |
67 ngx_mail_auth_http_ctx_t *ctx); | |
68 static void ngx_mail_auth_sleep_handler(ngx_event_t *rev); | |
69 static ngx_int_t ngx_mail_auth_http_parse_header_line(ngx_mail_session_t *s, | |
70 ngx_mail_auth_http_ctx_t *ctx); | |
71 static void ngx_mail_auth_http_block_read(ngx_event_t *rev); | |
72 static void ngx_mail_auth_http_dummy_handler(ngx_event_t *ev); | |
73 static ngx_buf_t *ngx_mail_auth_http_create_request(ngx_mail_session_t *s, | |
74 ngx_pool_t *pool, ngx_mail_auth_http_conf_t *ahcf); | |
75 static ngx_int_t ngx_mail_auth_http_escape(ngx_pool_t *pool, ngx_str_t *text, | |
633 | 76 ngx_str_t *escaped); |
521 | 77 |
1136 | 78 static void *ngx_mail_auth_http_create_conf(ngx_conf_t *cf); |
79 static char *ngx_mail_auth_http_merge_conf(ngx_conf_t *cf, void *parent, | |
521 | 80 void *child); |
1136 | 81 static char *ngx_mail_auth_http(ngx_conf_t *cf, ngx_command_t *cmd, void *conf); |
82 static char *ngx_mail_auth_http_header(ngx_conf_t *cf, ngx_command_t *cmd, | |
573 | 83 void *conf); |
521 | 84 |
85 | |
1136 | 86 static ngx_command_t ngx_mail_auth_http_commands[] = { |
521 | 87 |
88 { ngx_string("auth_http"), | |
1136 | 89 NGX_MAIL_MAIN_CONF|NGX_MAIL_SRV_CONF|NGX_CONF_TAKE1, |
90 ngx_mail_auth_http, | |
91 NGX_MAIL_SRV_CONF_OFFSET, | |
521 | 92 0, |
93 NULL }, | |
94 | |
95 { ngx_string("auth_http_timeout"), | |
1136 | 96 NGX_MAIL_MAIN_CONF|NGX_MAIL_SRV_CONF|NGX_CONF_TAKE1, |
521 | 97 ngx_conf_set_msec_slot, |
1136 | 98 NGX_MAIL_SRV_CONF_OFFSET, |
99 offsetof(ngx_mail_auth_http_conf_t, timeout), | |
521 | 100 NULL }, |
101 | |
573 | 102 { ngx_string("auth_http_header"), |
1136 | 103 NGX_MAIL_MAIN_CONF|NGX_MAIL_SRV_CONF|NGX_CONF_TAKE2, |
104 ngx_mail_auth_http_header, | |
105 NGX_MAIL_SRV_CONF_OFFSET, | |
573 | 106 0, |
107 NULL }, | |
108 | |
521 | 109 ngx_null_command |
110 }; | |
111 | |
112 | |
1136 | 113 static ngx_mail_module_t ngx_mail_auth_http_module_ctx = { |
521 | 114 NULL, /* create main configuration */ |
115 NULL, /* init main configuration */ | |
116 | |
1136 | 117 ngx_mail_auth_http_create_conf, /* create server configuration */ |
118 ngx_mail_auth_http_merge_conf /* merge server configuration */ | |
521 | 119 }; |
120 | |
121 | |
1136 | 122 ngx_module_t ngx_mail_auth_http_module = { |
521 | 123 NGX_MODULE_V1, |
1136 | 124 &ngx_mail_auth_http_module_ctx, /* module context */ |
125 ngx_mail_auth_http_commands, /* module directives */ | |
126 NGX_MAIL_MODULE, /* module type */ | |
541 | 127 NULL, /* init master */ |
521 | 128 NULL, /* init module */ |
541 | 129 NULL, /* init process */ |
130 NULL, /* init thread */ | |
131 NULL, /* exit thread */ | |
132 NULL, /* exit process */ | |
133 NULL, /* exit master */ | |
134 NGX_MODULE_V1_PADDING | |
521 | 135 }; |
136 | |
137 | |
1136 | 138 static char *ngx_mail_auth_http_protocol[] = { "pop3", "imap", "smtp" }; |
139 static ngx_str_t ngx_mail_auth_http_method[] = { | |
140 ngx_string("plain"), | |
809 | 141 ngx_string("plain"), |
142 ngx_string("apop"), | |
143 ngx_string("cram-md5") | |
800 | 144 }; |
521 | 145 |
1136 | 146 static ngx_str_t ngx_mail_smtp_errcode = ngx_string("535 5.7.0"); |
521 | 147 |
148 void | |
1136 | 149 ngx_mail_auth_http_init(ngx_mail_session_t *s) |
521 | 150 { |
151 ngx_int_t rc; | |
547 | 152 ngx_pool_t *pool; |
1136 | 153 ngx_mail_auth_http_ctx_t *ctx; |
154 ngx_mail_auth_http_conf_t *ahcf; | |
521 | 155 |
541 | 156 s->connection->log->action = "in http auth state"; |
157 | |
547 | 158 pool = ngx_create_pool(2048, s->connection->log); |
159 if (pool == NULL) { | |
1136 | 160 ngx_mail_session_internal_server_error(s); |
521 | 161 return; |
162 } | |
163 | |
1136 | 164 ctx = ngx_pcalloc(pool, sizeof(ngx_mail_auth_http_ctx_t)); |
547 | 165 if (ctx == NULL) { |
166 ngx_destroy_pool(pool); | |
1136 | 167 ngx_mail_session_internal_server_error(s); |
547 | 168 return; |
169 } | |
170 | |
171 ctx->pool = pool; | |
172 | |
1136 | 173 ahcf = ngx_mail_get_module_srv_conf(s, ngx_mail_auth_http_module); |
521 | 174 |
1136 | 175 ctx->request = ngx_mail_auth_http_create_request(s, pool, ahcf); |
521 | 176 if (ctx->request == NULL) { |
547 | 177 ngx_destroy_pool(ctx->pool); |
1136 | 178 ngx_mail_session_internal_server_error(s); |
521 | 179 return; |
180 } | |
181 | |
1136 | 182 ngx_mail_set_ctx(s, ctx, ngx_mail_auth_http_module); |
521 | 183 |
884 | 184 ctx->peer.sockaddr = ahcf->peer->sockaddr; |
185 ctx->peer.socklen = ahcf->peer->socklen; | |
186 ctx->peer.name = &ahcf->peer->name; | |
187 ctx->peer.get = ngx_event_get_peer; | |
521 | 188 ctx->peer.log = s->connection->log; |
189 ctx->peer.log_error = NGX_ERROR_ERR; | |
190 | |
191 rc = ngx_event_connect_peer(&ctx->peer); | |
192 | |
543 | 193 if (rc == NGX_ERROR || rc == NGX_BUSY || rc == NGX_DECLINED) { |
862
6044cea025fa
fix segfault when connect() failed
Igor Sysoev <igor@sysoev.ru>
parents:
856
diff
changeset
|
194 if (ctx->peer.connection) { |
6044cea025fa
fix segfault when connect() failed
Igor Sysoev <igor@sysoev.ru>
parents:
856
diff
changeset
|
195 ngx_close_connection(ctx->peer.connection); |
6044cea025fa
fix segfault when connect() failed
Igor Sysoev <igor@sysoev.ru>
parents:
856
diff
changeset
|
196 } |
6044cea025fa
fix segfault when connect() failed
Igor Sysoev <igor@sysoev.ru>
parents:
856
diff
changeset
|
197 |
547 | 198 ngx_destroy_pool(ctx->pool); |
1136 | 199 ngx_mail_session_internal_server_error(s); |
521 | 200 return; |
201 } | |
202 | |
203 ctx->peer.connection->data = s; | |
204 ctx->peer.connection->pool = s->connection->pool; | |
205 | |
1136 | 206 s->connection->read->handler = ngx_mail_auth_http_block_read; |
207 ctx->peer.connection->read->handler = ngx_mail_auth_http_read_handler; | |
208 ctx->peer.connection->write->handler = ngx_mail_auth_http_write_handler; | |
521 | 209 |
1136 | 210 ctx->handler = ngx_mail_auth_http_ignore_status_line; |
527 | 211 |
541 | 212 ngx_add_timer(ctx->peer.connection->read, ahcf->timeout); |
213 ngx_add_timer(ctx->peer.connection->write, ahcf->timeout); | |
214 | |
521 | 215 if (rc == NGX_OK) { |
1136 | 216 ngx_mail_auth_http_write_handler(ctx->peer.connection->write); |
521 | 217 return; |
218 } | |
219 } | |
220 | |
221 | |
222 static void | |
1136 | 223 ngx_mail_auth_http_write_handler(ngx_event_t *wev) |
521 | 224 { |
225 ssize_t n, size; | |
226 ngx_connection_t *c; | |
1136 | 227 ngx_mail_session_t *s; |
228 ngx_mail_auth_http_ctx_t *ctx; | |
229 ngx_mail_auth_http_conf_t *ahcf; | |
521 | 230 |
231 c = wev->data; | |
232 s = c->data; | |
233 | |
1136 | 234 ctx = ngx_mail_get_module_ctx(s, ngx_mail_auth_http_module); |
521 | 235 |
1136 | 236 ngx_log_debug0(NGX_LOG_DEBUG_MAIL, wev->log, 0, |
237 "mail auth http write handler"); | |
521 | 238 |
577 | 239 if (wev->timedout) { |
521 | 240 ngx_log_error(NGX_LOG_ERR, wev->log, NGX_ETIMEDOUT, |
884 | 241 "auth http server %V timed out", ctx->peer.name); |
525 | 242 ngx_close_connection(ctx->peer.connection); |
547 | 243 ngx_destroy_pool(ctx->pool); |
1136 | 244 ngx_mail_session_internal_server_error(s); |
521 | 245 return; |
246 } | |
247 | |
248 size = ctx->request->last - ctx->request->pos; | |
249 | |
250 n = ngx_send(c, ctx->request->pos, size); | |
251 | |
252 if (n == NGX_ERROR) { | |
525 | 253 ngx_close_connection(ctx->peer.connection); |
547 | 254 ngx_destroy_pool(ctx->pool); |
1136 | 255 ngx_mail_session_internal_server_error(s); |
521 | 256 return; |
257 } | |
258 | |
259 if (n > 0) { | |
260 ctx->request->pos += n; | |
261 | |
262 if (n == size) { | |
1136 | 263 wev->handler = ngx_mail_auth_http_dummy_handler; |
521 | 264 |
265 if (wev->timer_set) { | |
266 ngx_del_timer(wev); | |
267 } | |
268 | |
799
9737d6fb1ac6
disable write level event while waiting auth server response
Igor Sysoev <igor@sysoev.ru>
parents:
633
diff
changeset
|
269 if (ngx_handle_write_event(wev, 0) == NGX_ERROR) { |
9737d6fb1ac6
disable write level event while waiting auth server response
Igor Sysoev <igor@sysoev.ru>
parents:
633
diff
changeset
|
270 ngx_close_connection(ctx->peer.connection); |
9737d6fb1ac6
disable write level event while waiting auth server response
Igor Sysoev <igor@sysoev.ru>
parents:
633
diff
changeset
|
271 ngx_destroy_pool(ctx->pool); |
1136 | 272 ngx_mail_session_internal_server_error(s); |
799
9737d6fb1ac6
disable write level event while waiting auth server response
Igor Sysoev <igor@sysoev.ru>
parents:
633
diff
changeset
|
273 } |
9737d6fb1ac6
disable write level event while waiting auth server response
Igor Sysoev <igor@sysoev.ru>
parents:
633
diff
changeset
|
274 |
521 | 275 return; |
276 } | |
277 } | |
278 | |
279 if (!wev->timer_set) { | |
1136 | 280 ahcf = ngx_mail_get_module_srv_conf(s, ngx_mail_auth_http_module); |
521 | 281 ngx_add_timer(wev, ahcf->timeout); |
282 } | |
283 } | |
284 | |
285 | |
286 static void | |
1136 | 287 ngx_mail_auth_http_read_handler(ngx_event_t *rev) |
521 | 288 { |
525 | 289 ssize_t n, size; |
521 | 290 ngx_connection_t *c; |
1136 | 291 ngx_mail_session_t *s; |
292 ngx_mail_auth_http_ctx_t *ctx; | |
521 | 293 |
294 c = rev->data; | |
295 s = c->data; | |
296 | |
1136 | 297 ngx_log_debug0(NGX_LOG_DEBUG_MAIL, rev->log, 0, |
298 "mail auth http read handler"); | |
521 | 299 |
1136 | 300 ctx = ngx_mail_get_module_ctx(s, ngx_mail_auth_http_module); |
525 | 301 |
577 | 302 if (rev->timedout) { |
525 | 303 ngx_log_error(NGX_LOG_ERR, rev->log, NGX_ETIMEDOUT, |
884 | 304 "auth http server %V timed out", ctx->peer.name); |
525 | 305 ngx_close_connection(ctx->peer.connection); |
547 | 306 ngx_destroy_pool(ctx->pool); |
1136 | 307 ngx_mail_session_internal_server_error(s); |
525 | 308 return; |
309 } | |
310 | |
311 if (ctx->response == NULL) { | |
547 | 312 ctx->response = ngx_create_temp_buf(ctx->pool, 1024); |
525 | 313 if (ctx->response == NULL) { |
314 ngx_close_connection(ctx->peer.connection); | |
547 | 315 ngx_destroy_pool(ctx->pool); |
1136 | 316 ngx_mail_session_internal_server_error(s); |
525 | 317 return; |
318 } | |
319 } | |
320 | |
527 | 321 size = ctx->response->end - ctx->response->last; |
525 | 322 |
323 n = ngx_recv(c, ctx->response->pos, size); | |
324 | |
527 | 325 if (n > 0) { |
326 ctx->response->last += n; | |
327 | |
328 ctx->handler(s, ctx); | |
329 return; | |
330 } | |
331 | |
332 if (n == NGX_AGAIN) { | |
525 | 333 return; |
334 } | |
335 | |
527 | 336 ngx_close_connection(ctx->peer.connection); |
547 | 337 ngx_destroy_pool(ctx->pool); |
1136 | 338 ngx_mail_session_internal_server_error(s); |
527 | 339 } |
525 | 340 |
341 | |
527 | 342 static void |
1136 | 343 ngx_mail_auth_http_ignore_status_line(ngx_mail_session_t *s, |
344 ngx_mail_auth_http_ctx_t *ctx) | |
527 | 345 { |
346 u_char *p, ch; | |
347 enum { | |
348 sw_start = 0, | |
349 sw_H, | |
350 sw_HT, | |
351 sw_HTT, | |
352 sw_HTTP, | |
353 sw_skip, | |
354 sw_almost_done | |
355 } state; | |
356 | |
1136 | 357 ngx_log_debug0(NGX_LOG_DEBUG_MAIL, s->connection->log, 0, |
358 "mail auth http process status line"); | |
527 | 359 |
360 state = ctx->state; | |
361 | |
362 for (p = ctx->response->pos; p < ctx->response->last; p++) { | |
363 ch = *p; | |
364 | |
365 switch (state) { | |
366 | |
367 /* "HTTP/" */ | |
368 case sw_start: | |
369 if (ch == 'H') { | |
370 state = sw_H; | |
371 break; | |
372 } | |
373 goto next; | |
374 | |
375 case sw_H: | |
376 if (ch == 'T') { | |
377 state = sw_HT; | |
378 break; | |
379 } | |
380 goto next; | |
381 | |
382 case sw_HT: | |
383 if (ch == 'T') { | |
384 state = sw_HTT; | |
385 break; | |
386 } | |
387 goto next; | |
388 | |
389 case sw_HTT: | |
390 if (ch == 'P') { | |
391 state = sw_HTTP; | |
392 break; | |
393 } | |
394 goto next; | |
395 | |
396 case sw_HTTP: | |
397 if (ch == '/') { | |
398 state = sw_skip; | |
399 break; | |
400 } | |
401 goto next; | |
402 | |
403 /* any text until end of line */ | |
404 case sw_skip: | |
405 switch (ch) { | |
406 case CR: | |
407 state = sw_almost_done; | |
408 | |
409 break; | |
577 | 410 case LF: |
527 | 411 goto done; |
412 } | |
413 break; | |
414 | |
415 /* end of status line */ | |
416 case sw_almost_done: | |
417 if (ch == LF) { | |
418 goto done; | |
419 } | |
420 | |
421 ngx_log_error(NGX_LOG_ERR, s->connection->log, 0, | |
541 | 422 "auth http server &V sent invalid response", |
884 | 423 ctx->peer.name); |
527 | 424 ngx_close_connection(ctx->peer.connection); |
547 | 425 ngx_destroy_pool(ctx->pool); |
1136 | 426 ngx_mail_session_internal_server_error(s); |
527 | 427 return; |
428 } | |
429 } | |
430 | |
431 ctx->response->pos = p; | |
432 ctx->state = state; | |
433 | |
434 return; | |
435 | |
436 next: | |
437 | |
438 p = ctx->response->start - 1; | |
439 | |
440 done: | |
441 | |
442 ctx->response->pos = p + 1; | |
443 ctx->state = 0; | |
1136 | 444 ctx->handler = ngx_mail_auth_http_process_headers; |
527 | 445 ctx->handler(s, ctx); |
446 } | |
525 | 447 |
448 | |
527 | 449 static void |
1136 | 450 ngx_mail_auth_http_process_headers(ngx_mail_session_t *s, |
451 ngx_mail_auth_http_ctx_t *ctx) | |
527 | 452 { |
453 u_char *p; | |
547 | 454 time_t timer; |
527 | 455 size_t len, size; |
456 ngx_int_t rc, port, n; | |
884 | 457 ngx_peer_addr_t *peer; |
527 | 458 struct sockaddr_in *sin; |
525 | 459 |
1136 | 460 ngx_log_debug0(NGX_LOG_DEBUG_MAIL, s->connection->log, 0, |
461 "mail auth http process headers"); | |
527 | 462 |
463 for ( ;; ) { | |
1136 | 464 rc = ngx_mail_auth_http_parse_header_line(s, ctx); |
527 | 465 |
466 if (rc == NGX_OK) { | |
467 | |
468 #if (NGX_DEBUG) | |
469 { | |
470 ngx_str_t key, value; | |
471 | |
472 key.len = ctx->header_name_end - ctx->header_name_start; | |
473 key.data = ctx->header_name_start; | |
474 value.len = ctx->header_end - ctx->header_start; | |
475 value.data = ctx->header_start; | |
476 | |
1136 | 477 ngx_log_debug2(NGX_LOG_DEBUG_MAIL, s->connection->log, 0, |
478 "mail auth http header: \"%V: %V\"", | |
527 | 479 &key, &value); |
480 } | |
481 #endif | |
482 | |
483 len = ctx->header_name_end - ctx->header_name_start; | |
484 | |
485 if (len == sizeof("Auth-Status") - 1 | |
1107
db7c468c447d
ngx_strcasecmp()/ngx_strncasecmp()
Igor Sysoev <igor@sysoev.ru>
parents:
906
diff
changeset
|
486 && ngx_strncasecmp(ctx->header_name_start, |
db7c468c447d
ngx_strcasecmp()/ngx_strncasecmp()
Igor Sysoev <igor@sysoev.ru>
parents:
906
diff
changeset
|
487 (u_char *) "Auth-Status", |
db7c468c447d
ngx_strcasecmp()/ngx_strncasecmp()
Igor Sysoev <igor@sysoev.ru>
parents:
906
diff
changeset
|
488 sizeof("Auth-Status") - 1) |
db7c468c447d
ngx_strcasecmp()/ngx_strncasecmp()
Igor Sysoev <igor@sysoev.ru>
parents:
906
diff
changeset
|
489 == 0) |
527 | 490 { |
491 len = ctx->header_end - ctx->header_start; | |
492 | |
493 if (len == 2 | |
494 && ctx->header_start[0] == 'O' | |
495 && ctx->header_start[1] == 'K') | |
496 { | |
497 continue; | |
498 } | |
499 | |
883 | 500 if (len == 4 |
501 && ctx->header_start[0] == 'W' | |
502 && ctx->header_start[1] == 'A' | |
503 && ctx->header_start[2] == 'I' | |
504 && ctx->header_start[3] == 'T') | |
505 { | |
506 s->auth_wait = 1; | |
507 continue; | |
508 } | |
509 | |
567 | 510 ctx->errmsg.len = len; |
511 ctx->errmsg.data = ctx->header_start; | |
512 | |
1136 | 513 switch (s->protocol) { |
514 | |
515 case NGX_MAIL_POP3_PROTOCOL: | |
854
1673f197bc62
fix segfault when many auth failures occurred
Igor Sysoev <igor@sysoev.ru>
parents:
809
diff
changeset
|
516 size = sizeof("-ERR ") - 1 + len + sizeof(CRLF) - 1; |
1136 | 517 break; |
527 | 518 |
1136 | 519 case NGX_MAIL_IMAP_PROTOCOL: |
854
1673f197bc62
fix segfault when many auth failures occurred
Igor Sysoev <igor@sysoev.ru>
parents:
809
diff
changeset
|
520 size = s->tag.len + sizeof("NO ") - 1 + len |
527 | 521 + sizeof(CRLF) - 1; |
1136 | 522 break; |
523 | |
524 default: /* NGX_MAIL_SMTP_PROTOCOL */ | |
525 ctx->err = ctx->errmsg; | |
526 continue; | |
527 | 527 } |
528 | |
529 p = ngx_pcalloc(s->connection->pool, size); | |
530 if (p == NULL) { | |
543 | 531 ngx_close_connection(ctx->peer.connection); |
547 | 532 ngx_destroy_pool(ctx->pool); |
1136 | 533 ngx_mail_session_internal_server_error(s); |
527 | 534 return; |
535 } | |
536 | |
537 ctx->err.data = p; | |
538 | |
1136 | 539 switch (s->protocol) { |
527 | 540 |
1136 | 541 case NGX_MAIL_POP3_PROTOCOL: |
542 *p++ = '-'; *p++ = 'E'; *p++ = 'R'; *p++ = 'R'; *p++ = ' '; | |
543 break; | |
544 | |
545 case NGX_MAIL_IMAP_PROTOCOL: | |
527 | 546 p = ngx_cpymem(p, s->tag.data, s->tag.len); |
1136 | 547 *p++ = 'N'; *p++ = 'O'; *p++ = ' '; |
548 break; | |
549 | |
550 default: /* NGX_MAIL_SMTP_PROTOCOL */ | |
551 break; | |
527 | 552 } |
553 | |
554 p = ngx_cpymem(p, ctx->header_start, len); | |
555 *p++ = CR; *p++ = LF; | |
556 | |
557 ctx->err.len = p - ctx->err.data; | |
558 | |
559 continue; | |
560 } | |
561 | |
562 if (len == sizeof("Auth-Server") - 1 | |
1107
db7c468c447d
ngx_strcasecmp()/ngx_strncasecmp()
Igor Sysoev <igor@sysoev.ru>
parents:
906
diff
changeset
|
563 && ngx_strncasecmp(ctx->header_name_start, |
db7c468c447d
ngx_strcasecmp()/ngx_strncasecmp()
Igor Sysoev <igor@sysoev.ru>
parents:
906
diff
changeset
|
564 (u_char *) "Auth-Server", |
db7c468c447d
ngx_strcasecmp()/ngx_strncasecmp()
Igor Sysoev <igor@sysoev.ru>
parents:
906
diff
changeset
|
565 sizeof("Auth-Server") - 1) |
db7c468c447d
ngx_strcasecmp()/ngx_strncasecmp()
Igor Sysoev <igor@sysoev.ru>
parents:
906
diff
changeset
|
566 == 0) |
527 | 567 { |
568 ctx->addr.len = ctx->header_end - ctx->header_start; | |
569 ctx->addr.data = ctx->header_start; | |
570 | |
571 continue; | |
572 } | |
573 | |
574 if (len == sizeof("Auth-Port") - 1 | |
1107
db7c468c447d
ngx_strcasecmp()/ngx_strncasecmp()
Igor Sysoev <igor@sysoev.ru>
parents:
906
diff
changeset
|
575 && ngx_strncasecmp(ctx->header_name_start, |
db7c468c447d
ngx_strcasecmp()/ngx_strncasecmp()
Igor Sysoev <igor@sysoev.ru>
parents:
906
diff
changeset
|
576 (u_char *) "Auth-Port", |
db7c468c447d
ngx_strcasecmp()/ngx_strncasecmp()
Igor Sysoev <igor@sysoev.ru>
parents:
906
diff
changeset
|
577 sizeof("Auth-Port") - 1) |
db7c468c447d
ngx_strcasecmp()/ngx_strncasecmp()
Igor Sysoev <igor@sysoev.ru>
parents:
906
diff
changeset
|
578 == 0) |
527 | 579 { |
580 ctx->port.len = ctx->header_end - ctx->header_start; | |
581 ctx->port.data = ctx->header_start; | |
582 | |
583 continue; | |
584 } | |
585 | |
586 if (len == sizeof("Auth-User") - 1 | |
1107
db7c468c447d
ngx_strcasecmp()/ngx_strncasecmp()
Igor Sysoev <igor@sysoev.ru>
parents:
906
diff
changeset
|
587 && ngx_strncasecmp(ctx->header_name_start, |
db7c468c447d
ngx_strcasecmp()/ngx_strncasecmp()
Igor Sysoev <igor@sysoev.ru>
parents:
906
diff
changeset
|
588 (u_char *) "Auth-User", |
db7c468c447d
ngx_strcasecmp()/ngx_strncasecmp()
Igor Sysoev <igor@sysoev.ru>
parents:
906
diff
changeset
|
589 sizeof("Auth-User") - 1) |
db7c468c447d
ngx_strcasecmp()/ngx_strncasecmp()
Igor Sysoev <igor@sysoev.ru>
parents:
906
diff
changeset
|
590 == 0) |
527 | 591 { |
592 s->login.len = ctx->header_end - ctx->header_start; | |
567 | 593 |
594 s->login.data = ngx_palloc(s->connection->pool, s->login.len); | |
595 if (s->login.data == NULL) { | |
596 ngx_close_connection(ctx->peer.connection); | |
597 ngx_destroy_pool(ctx->pool); | |
1136 | 598 ngx_mail_session_internal_server_error(s); |
567 | 599 return; |
600 } | |
601 | |
602 ngx_memcpy(s->login.data, ctx->header_start, s->login.len); | |
527 | 603 |
604 continue; | |
605 } | |
606 | |
800 | 607 if (len == sizeof("Auth-Pass") - 1 |
1107
db7c468c447d
ngx_strcasecmp()/ngx_strncasecmp()
Igor Sysoev <igor@sysoev.ru>
parents:
906
diff
changeset
|
608 && ngx_strncasecmp(ctx->header_name_start, |
db7c468c447d
ngx_strcasecmp()/ngx_strncasecmp()
Igor Sysoev <igor@sysoev.ru>
parents:
906
diff
changeset
|
609 (u_char *) "Auth-Pass", |
db7c468c447d
ngx_strcasecmp()/ngx_strncasecmp()
Igor Sysoev <igor@sysoev.ru>
parents:
906
diff
changeset
|
610 sizeof("Auth-Pass") - 1) |
db7c468c447d
ngx_strcasecmp()/ngx_strncasecmp()
Igor Sysoev <igor@sysoev.ru>
parents:
906
diff
changeset
|
611 == 0) |
800 | 612 { |
613 s->passwd.len = ctx->header_end - ctx->header_start; | |
614 | |
615 s->passwd.data = ngx_palloc(s->connection->pool, s->passwd.len); | |
616 if (s->passwd.data == NULL) { | |
617 ngx_close_connection(ctx->peer.connection); | |
618 ngx_destroy_pool(ctx->pool); | |
1136 | 619 ngx_mail_session_internal_server_error(s); |
800 | 620 return; |
621 } | |
622 | |
623 ngx_memcpy(s->passwd.data, ctx->header_start, s->passwd.len); | |
624 | |
625 continue; | |
626 } | |
627 | |
527 | 628 if (len == sizeof("Auth-Wait") - 1 |
1107
db7c468c447d
ngx_strcasecmp()/ngx_strncasecmp()
Igor Sysoev <igor@sysoev.ru>
parents:
906
diff
changeset
|
629 && ngx_strncasecmp(ctx->header_name_start, |
db7c468c447d
ngx_strcasecmp()/ngx_strncasecmp()
Igor Sysoev <igor@sysoev.ru>
parents:
906
diff
changeset
|
630 (u_char *) "Auth-Wait", |
db7c468c447d
ngx_strcasecmp()/ngx_strncasecmp()
Igor Sysoev <igor@sysoev.ru>
parents:
906
diff
changeset
|
631 sizeof("Auth-Wait") - 1) |
db7c468c447d
ngx_strcasecmp()/ngx_strncasecmp()
Igor Sysoev <igor@sysoev.ru>
parents:
906
diff
changeset
|
632 == 0) |
527 | 633 { |
634 n = ngx_atoi(ctx->header_start, | |
635 ctx->header_end - ctx->header_start); | |
636 | |
637 if (n != NGX_ERROR) { | |
638 ctx->sleep = n; | |
639 } | |
640 | |
641 continue; | |
642 } | |
643 | |
1136 | 644 if (len == sizeof("Auth-Error-Code") - 1 |
645 && ngx_strncasecmp(ctx->header_name_start, | |
646 (u_char *) "Auth-Error-Code", | |
647 sizeof("Auth-Error-Code") - 1) | |
648 == 0) | |
649 { | |
650 ctx->errcode.len = ctx->header_end - ctx->header_start; | |
651 | |
652 ctx->errcode.data = ngx_palloc(s->connection->pool, | |
653 ctx->errcode.len); | |
654 if (ctx->errcode.data == NULL) { | |
655 ngx_close_connection(ctx->peer.connection); | |
656 ngx_destroy_pool(ctx->pool); | |
657 ngx_mail_session_internal_server_error(s); | |
658 return; | |
659 } | |
660 | |
661 ngx_memcpy(ctx->errcode.data, ctx->header_start, | |
662 ctx->errcode.len); | |
663 | |
664 continue; | |
665 } | |
666 | |
527 | 667 /* ignore other headers */ |
668 | |
669 continue; | |
670 } | |
671 | |
672 if (rc == NGX_DONE) { | |
1136 | 673 ngx_log_debug0(NGX_LOG_DEBUG_MAIL, s->connection->log, 0, |
674 "mail auth http header done"); | |
527 | 675 |
676 ngx_close_connection(ctx->peer.connection); | |
677 | |
678 if (ctx->err.len) { | |
1136 | 679 |
567 | 680 ngx_log_error(NGX_LOG_INFO, s->connection->log, 0, |
681 "client login failed: \"%V\"", &ctx->errmsg); | |
682 | |
1136 | 683 if (s->protocol == NGX_MAIL_SMTP_PROTOCOL) { |
684 | |
685 if (ctx->errcode.len == 0) { | |
686 ctx->errcode = ngx_mail_smtp_errcode; | |
687 } | |
688 | |
689 ctx->err.len = ctx->errcode.len + ctx->errmsg.len | |
690 + sizeof(" " CRLF) - 1; | |
691 | |
1166 | 692 p = ngx_palloc(s->connection->pool, ctx->err.len); |
693 if (p == NULL) { | |
694 ngx_close_connection(ctx->peer.connection); | |
695 ngx_destroy_pool(ctx->pool); | |
696 ngx_mail_session_internal_server_error(s); | |
697 return; | |
698 } | |
1136 | 699 |
1166 | 700 ctx->err.data = p; |
1136 | 701 |
1166 | 702 p = ngx_cpymem(p, ctx->errcode.data, ctx->errcode.len); |
1136 | 703 *p++ = ' '; |
1166 | 704 p = ngx_cpymem(p, ctx->errmsg.data, ctx->errmsg.len); |
1136 | 705 *p++ = CR; *p = LF; |
706 } | |
707 | |
539 | 708 s->out = ctx->err; |
547 | 709 timer = ctx->sleep; |
527 | 710 |
547 | 711 ngx_destroy_pool(ctx->pool); |
712 | |
713 if (timer == 0) { | |
539 | 714 s->quit = 1; |
1136 | 715 ngx_mail_send(s->connection->write); |
541 | 716 return; |
717 } | |
539 | 718 |
547 | 719 ngx_add_timer(s->connection->read, timer * 1000); |
527 | 720 |
1136 | 721 s->connection->read->handler = ngx_mail_auth_sleep_handler; |
527 | 722 |
723 return; | |
724 } | |
725 | |
883 | 726 if (s->auth_wait) { |
727 timer = ctx->sleep; | |
728 | |
729 ngx_destroy_pool(ctx->pool); | |
730 | |
731 if (timer == 0) { | |
1136 | 732 ngx_mail_auth_http_init(s); |
883 | 733 return; |
734 } | |
735 | |
736 ngx_add_timer(s->connection->read, timer * 1000); | |
737 | |
1136 | 738 s->connection->read->handler = ngx_mail_auth_sleep_handler; |
883 | 739 |
740 return; | |
741 } | |
742 | |
527 | 743 if (ctx->addr.len == 0 || ctx->port.len == 0) { |
744 ngx_log_error(NGX_LOG_ERR, s->connection->log, 0, | |
541 | 745 "auth http server %V did not send server or port", |
884 | 746 ctx->peer.name); |
547 | 747 ngx_destroy_pool(ctx->pool); |
1136 | 748 ngx_mail_session_internal_server_error(s); |
527 | 749 return; |
750 } | |
751 | |
1136 | 752 if (s->passwd.data == NULL && s->protocol != NGX_MAIL_SMTP_PROTOCOL) |
753 { | |
800 | 754 ngx_log_error(NGX_LOG_ERR, s->connection->log, 0, |
755 "auth http server %V did not send password", | |
884 | 756 ctx->peer.name); |
800 | 757 ngx_destroy_pool(ctx->pool); |
1136 | 758 ngx_mail_session_internal_server_error(s); |
800 | 759 return; |
760 } | |
761 | |
884 | 762 peer = ngx_pcalloc(s->connection->pool, sizeof(ngx_peer_addr_t)); |
763 if (peer == NULL) { | |
547 | 764 ngx_destroy_pool(ctx->pool); |
1136 | 765 ngx_mail_session_internal_server_error(s); |
527 | 766 return; |
767 } | |
768 | |
769 sin = ngx_pcalloc(s->connection->pool, sizeof(struct sockaddr_in)); | |
770 if (sin == NULL) { | |
547 | 771 ngx_destroy_pool(ctx->pool); |
1136 | 772 ngx_mail_session_internal_server_error(s); |
527 | 773 return; |
774 } | |
775 | |
776 sin->sin_family = AF_INET; | |
777 | |
778 port = ngx_atoi(ctx->port.data, ctx->port.len); | |
779 if (port == NGX_ERROR || port < 1 || port > 65536) { | |
780 ngx_log_error(NGX_LOG_ERR, s->connection->log, 0, | |
541 | 781 "auth http server %V sent invalid server " |
782 "port:\"%V\"", | |
884 | 783 ctx->peer.name, &ctx->port); |
547 | 784 ngx_destroy_pool(ctx->pool); |
1136 | 785 ngx_mail_session_internal_server_error(s); |
527 | 786 return; |
787 } | |
788 | |
789 sin->sin_port = htons((in_port_t) port); | |
790 | |
791 ctx->addr.data[ctx->addr.len] = '\0'; | |
792 sin->sin_addr.s_addr = inet_addr((char *) ctx->addr.data); | |
793 if (sin->sin_addr.s_addr == INADDR_NONE) { | |
794 ngx_log_error(NGX_LOG_ERR, s->connection->log, 0, | |
541 | 795 "auth http server %V sent invalid server " |
796 "address:\"%V\"", | |
884 | 797 ctx->peer.name, &ctx->addr); |
547 | 798 ngx_destroy_pool(ctx->pool); |
1136 | 799 ngx_mail_session_internal_server_error(s); |
527 | 800 return; |
801 } | |
802 | |
884 | 803 peer->sockaddr = (struct sockaddr *) sin; |
804 peer->socklen = sizeof(struct sockaddr_in); | |
527 | 805 |
806 len = ctx->addr.len + 1 + ctx->port.len; | |
807 | |
884 | 808 peer->name.len = len; |
527 | 809 |
884 | 810 peer->name.data = ngx_palloc(s->connection->pool, len); |
811 if (peer->name.data == NULL) { | |
547 | 812 ngx_destroy_pool(ctx->pool); |
1136 | 813 ngx_mail_session_internal_server_error(s); |
527 | 814 return; |
815 } | |
816 | |
817 len = ctx->addr.len; | |
818 | |
884 | 819 ngx_memcpy(peer->name.data, ctx->addr.data, len); |
527 | 820 |
884 | 821 peer->name.data[len++] = ':'; |
527 | 822 |
884 | 823 ngx_memcpy(peer->name.data + len, ctx->port.data, ctx->port.len); |
527 | 824 |
547 | 825 ngx_destroy_pool(ctx->pool); |
1136 | 826 ngx_mail_proxy_init(s, peer); |
527 | 827 |
828 return; | |
829 } | |
830 | |
831 if (rc == NGX_AGAIN ) { | |
832 return; | |
833 } | |
834 | |
835 /* rc == NGX_ERROR */ | |
836 | |
837 ngx_log_error(NGX_LOG_ERR, s->connection->log, 0, | |
541 | 838 "auth http server %V sent invalid header in response", |
884 | 839 ctx->peer.name); |
527 | 840 ngx_close_connection(ctx->peer.connection); |
547 | 841 ngx_destroy_pool(ctx->pool); |
1136 | 842 ngx_mail_session_internal_server_error(s); |
527 | 843 |
844 return; | |
845 } | |
846 } | |
847 | |
521 | 848 |
527 | 849 static void |
1136 | 850 ngx_mail_auth_sleep_handler(ngx_event_t *rev) |
527 | 851 { |
543 | 852 ngx_connection_t *c; |
1136 | 853 ngx_mail_session_t *s; |
854 ngx_mail_core_srv_conf_t *cscf; | |
527 | 855 |
1136 | 856 ngx_log_debug0(NGX_LOG_DEBUG_MAIL, rev->log, 0, "mail auth sleep handler"); |
527 | 857 |
858 c = rev->data; | |
859 s = c->data; | |
860 | |
861 if (rev->timedout) { | |
862 | |
863 rev->timedout = 0; | |
864 | |
883 | 865 if (s->auth_wait) { |
866 s->auth_wait = 0; | |
1136 | 867 ngx_mail_auth_http_init(s); |
883 | 868 return; |
869 } | |
870 | |
1136 | 871 switch (s->protocol) { |
872 | |
873 case NGX_MAIL_POP3_PROTOCOL: | |
874 s->mail_state = ngx_pop3_start; | |
527 | 875 s->connection->read->handler = ngx_pop3_auth_state; |
1136 | 876 break; |
527 | 877 |
1136 | 878 case NGX_MAIL_IMAP_PROTOCOL: |
879 s->mail_state = ngx_imap_start; | |
527 | 880 s->connection->read->handler = ngx_imap_auth_state; |
1136 | 881 break; |
882 | |
883 default: /* NGX_MAIL_SMTP_PROTOCOL */ | |
884 s->mail_state = ngx_smtp_start; | |
885 s->connection->read->handler = ngx_smtp_auth_state; | |
886 break; | |
527 | 887 } |
888 | |
1136 | 889 s->auth_method = NGX_MAIL_AUTH_PLAIN; |
800 | 890 |
543 | 891 c->log->action = "in auth state"; |
892 | |
1136 | 893 ngx_mail_send(s->connection->write); |
543 | 894 |
583 | 895 if (c->destroyed) { |
543 | 896 return; |
897 } | |
898 | |
1136 | 899 cscf = ngx_mail_get_module_srv_conf(s, ngx_mail_core_module); |
543 | 900 |
901 ngx_add_timer(rev, cscf->timeout); | |
902 | |
527 | 903 if (rev->ready) { |
904 s->connection->read->handler(rev); | |
905 return; | |
906 } | |
907 | |
908 if (ngx_handle_read_event(rev, 0) == NGX_ERROR) { | |
1136 | 909 ngx_mail_close_connection(s->connection); |
527 | 910 } |
911 | |
912 return; | |
913 } | |
914 | |
915 if (rev->active) { | |
916 if (ngx_handle_read_event(rev, 0) == NGX_ERROR) { | |
1136 | 917 ngx_mail_close_connection(s->connection); |
527 | 918 } |
919 } | |
920 } | |
921 | |
922 | |
923 static ngx_int_t | |
1136 | 924 ngx_mail_auth_http_parse_header_line(ngx_mail_session_t *s, |
925 ngx_mail_auth_http_ctx_t *ctx) | |
527 | 926 { |
927 u_char c, ch, *p; | |
928 ngx_uint_t hash; | |
929 enum { | |
930 sw_start = 0, | |
931 sw_name, | |
932 sw_space_before_value, | |
933 sw_value, | |
934 sw_space_after_value, | |
577 | 935 sw_almost_done, |
527 | 936 sw_header_almost_done |
937 } state; | |
938 | |
577 | 939 state = ctx->state; |
527 | 940 hash = ctx->hash; |
941 | |
942 for (p = ctx->response->pos; p < ctx->response->last; p++) { | |
943 ch = *p; | |
944 | |
945 switch (state) { | |
946 | |
947 /* first char */ | |
948 case sw_start: | |
949 | |
950 switch (ch) { | |
951 case CR: | |
577 | 952 ctx->header_end = p; |
527 | 953 state = sw_header_almost_done; |
954 break; | |
577 | 955 case LF: |
527 | 956 ctx->header_end = p; |
957 goto header_done; | |
958 default: | |
959 state = sw_name; | |
960 ctx->header_name_start = p; | |
961 | |
962 c = (u_char) (ch | 0x20); | |
963 if (c >= 'a' && c <= 'z') { | |
964 hash = c; | |
965 break; | |
966 } | |
967 | |
968 if (ch >= '0' && ch <= '9') { | |
969 hash = ch; | |
970 break; | |
971 } | |
972 | |
973 return NGX_ERROR; | |
974 } | |
975 break; | |
976 | |
977 /* header name */ | |
978 case sw_name: | |
979 c = (u_char) (ch | 0x20); | |
980 if (c >= 'a' && c <= 'z') { | |
981 hash += c; | |
982 break; | |
983 } | |
984 | |
985 if (ch == ':') { | |
986 ctx->header_name_end = p; | |
987 state = sw_space_before_value; | |
988 break; | |
989 } | |
990 | |
991 if (ch == '-') { | |
992 hash += ch; | |
993 break; | |
994 } | |
995 | |
996 if (ch >= '0' && ch <= '9') { | |
997 hash += ch; | |
998 break; | |
999 } | |
1000 | |
1001 if (ch == CR) { | |
1002 ctx->header_name_end = p; | |
1003 ctx->header_start = p; | |
1004 ctx->header_end = p; | |
1005 state = sw_almost_done; | |
1006 break; | |
1007 } | |
1008 | |
1009 if (ch == LF) { | |
1010 ctx->header_name_end = p; | |
1011 ctx->header_start = p; | |
1012 ctx->header_end = p; | |
1013 goto done; | |
1014 } | |
1015 | |
1016 return NGX_ERROR; | |
1017 | |
1018 /* space* before header value */ | |
1019 case sw_space_before_value: | |
1020 switch (ch) { | |
1021 case ' ': | |
1022 break; | |
1023 case CR: | |
1024 ctx->header_start = p; | |
1025 ctx->header_end = p; | |
1026 state = sw_almost_done; | |
1027 break; | |
1028 case LF: | |
1029 ctx->header_start = p; | |
1030 ctx->header_end = p; | |
1031 goto done; | |
1032 default: | |
1033 ctx->header_start = p; | |
1034 state = sw_value; | |
1035 break; | |
1036 } | |
1037 break; | |
1038 | |
1039 /* header value */ | |
1040 case sw_value: | |
1041 switch (ch) { | |
1042 case ' ': | |
1043 ctx->header_end = p; | |
1044 state = sw_space_after_value; | |
1045 break; | |
1046 case CR: | |
1047 ctx->header_end = p; | |
1048 state = sw_almost_done; | |
1049 break; | |
1050 case LF: | |
1051 ctx->header_end = p; | |
1052 goto done; | |
1053 } | |
1054 break; | |
1055 | |
1056 /* space* before end of header line */ | |
1057 case sw_space_after_value: | |
1058 switch (ch) { | |
1059 case ' ': | |
1060 break; | |
1061 case CR: | |
1062 state = sw_almost_done; | |
1063 break; | |
1064 case LF: | |
1065 goto done; | |
1066 default: | |
1067 state = sw_value; | |
1068 break; | |
1069 } | |
1070 break; | |
1071 | |
1072 /* end of header line */ | |
1073 case sw_almost_done: | |
1074 switch (ch) { | |
1075 case LF: | |
1076 goto done; | |
1077 default: | |
1078 return NGX_ERROR; | |
1079 } | |
1080 | |
1081 /* end of header */ | |
1082 case sw_header_almost_done: | |
1083 switch (ch) { | |
1084 case LF: | |
1085 goto header_done; | |
1086 default: | |
1087 return NGX_ERROR; | |
1088 } | |
1089 } | |
1090 } | |
1091 | |
1092 ctx->response->pos = p; | |
1093 ctx->state = state; | |
1094 ctx->hash = hash; | |
1095 | |
1096 return NGX_AGAIN; | |
1097 | |
1098 done: | |
1099 | |
1100 ctx->response->pos = p + 1; | |
1101 ctx->state = sw_start; | |
1102 ctx->hash = hash; | |
1103 | |
1104 return NGX_OK; | |
1105 | |
1106 header_done: | |
1107 | |
1108 ctx->response->pos = p + 1; | |
1109 ctx->state = sw_start; | |
1110 | |
1111 return NGX_DONE; | |
521 | 1112 } |
1113 | |
1114 | |
1115 static void | |
1136 | 1116 ngx_mail_auth_http_block_read(ngx_event_t *rev) |
521 | 1117 { |
1118 ngx_connection_t *c; | |
1136 | 1119 ngx_mail_session_t *s; |
1120 ngx_mail_auth_http_ctx_t *ctx; | |
521 | 1121 |
1136 | 1122 ngx_log_debug0(NGX_LOG_DEBUG_MAIL, rev->log, 0, |
1123 "mail auth http block read"); | |
521 | 1124 |
1125 if (ngx_handle_read_event(rev, 0) == NGX_ERROR) { | |
1126 c = rev->data; | |
1127 s = c->data; | |
1128 | |
1136 | 1129 ctx = ngx_mail_get_module_ctx(s, ngx_mail_auth_http_module); |
521 | 1130 |
525 | 1131 ngx_close_connection(ctx->peer.connection); |
547 | 1132 ngx_destroy_pool(ctx->pool); |
1136 | 1133 ngx_mail_session_internal_server_error(s); |
521 | 1134 } |
1135 } | |
1136 | |
1137 | |
1138 static void | |
1136 | 1139 ngx_mail_auth_http_dummy_handler(ngx_event_t *ev) |
521 | 1140 { |
1136 | 1141 ngx_log_debug0(NGX_LOG_DEBUG_MAIL, ev->log, 0, |
1142 "mail auth http dummy handler"); | |
521 | 1143 } |
1144 | |
1145 | |
1146 static ngx_buf_t * | |
1136 | 1147 ngx_mail_auth_http_create_request(ngx_mail_session_t *s, ngx_pool_t *pool, |
1148 ngx_mail_auth_http_conf_t *ahcf) | |
521 | 1149 { |
1150 size_t len; | |
1151 ngx_buf_t *b; | |
633 | 1152 ngx_str_t login, passwd; |
1153 | |
1136 | 1154 if (ngx_mail_auth_http_escape(pool, &s->login, &login) != NGX_OK) { |
633 | 1155 return NULL; |
1156 } | |
1157 | |
1136 | 1158 if (ngx_mail_auth_http_escape(pool, &s->passwd, &passwd) != NGX_OK) { |
633 | 1159 return NULL; |
1160 } | |
521 | 1161 |
1162 len = sizeof("GET ") - 1 + ahcf->uri.len + sizeof(" HTTP/1.0" CRLF) - 1 | |
1163 + sizeof("Host: ") - 1 + ahcf->host_header.len + sizeof(CRLF) - 1 | |
856
0197d6aae54e
use correct auth method length
Igor Sysoev <igor@sysoev.ru>
parents:
854
diff
changeset
|
1164 + sizeof("Auth-Method: ") - 1 |
1136 | 1165 + ngx_mail_auth_http_method[s->auth_method].len |
856
0197d6aae54e
use correct auth method length
Igor Sysoev <igor@sysoev.ru>
parents:
854
diff
changeset
|
1166 + sizeof(CRLF) - 1 |
633 | 1167 + sizeof("Auth-User: ") - 1 + login.len + sizeof(CRLF) - 1 |
1168 + sizeof("Auth-Pass: ") - 1 + passwd.len + sizeof(CRLF) - 1 | |
800 | 1169 + sizeof("Auth-Salt: ") - 1 + s->salt.len |
521 | 1170 + sizeof("Auth-Protocol: imap" CRLF) - 1 |
527 | 1171 + sizeof("Auth-Login-Attempt: ") - 1 + NGX_INT_T_LEN |
1172 + sizeof(CRLF) - 1 | |
521 | 1173 + sizeof("Client-IP: ") - 1 + s->connection->addr_text.len |
1174 + sizeof(CRLF) - 1 | |
1299 | 1175 + ahcf->header.len |
521 | 1176 + sizeof(CRLF) - 1; |
1177 | |
547 | 1178 b = ngx_create_temp_buf(pool, len); |
521 | 1179 if (b == NULL) { |
1180 return NULL; | |
1181 } | |
1182 | |
1183 b->last = ngx_cpymem(b->last, "GET ", sizeof("GET ") - 1); | |
573 | 1184 b->last = ngx_copy(b->last, ahcf->uri.data, ahcf->uri.len); |
521 | 1185 b->last = ngx_cpymem(b->last, " HTTP/1.0" CRLF, |
1186 sizeof(" HTTP/1.0" CRLF) - 1); | |
1187 | |
1188 b->last = ngx_cpymem(b->last, "Host: ", sizeof("Host: ") - 1); | |
573 | 1189 b->last = ngx_copy(b->last, ahcf->host_header.data, |
521 | 1190 ahcf->host_header.len); |
1191 *b->last++ = CR; *b->last++ = LF; | |
1192 | |
800 | 1193 b->last = ngx_cpymem(b->last, "Auth-Method: ", |
1194 sizeof("Auth-Method: ") - 1); | |
1195 b->last = ngx_cpymem(b->last, | |
1136 | 1196 ngx_mail_auth_http_method[s->auth_method].data, |
1197 ngx_mail_auth_http_method[s->auth_method].len); | |
800 | 1198 *b->last++ = CR; *b->last++ = LF; |
521 | 1199 |
1200 b->last = ngx_cpymem(b->last, "Auth-User: ", sizeof("Auth-User: ") - 1); | |
633 | 1201 b->last = ngx_copy(b->last, login.data, login.len); |
521 | 1202 *b->last++ = CR; *b->last++ = LF; |
1203 | |
1204 b->last = ngx_cpymem(b->last, "Auth-Pass: ", sizeof("Auth-Pass: ") - 1); | |
633 | 1205 b->last = ngx_copy(b->last, passwd.data, passwd.len); |
521 | 1206 *b->last++ = CR; *b->last++ = LF; |
1207 | |
1136 | 1208 if (s->auth_method != NGX_MAIL_AUTH_PLAIN && s->salt.len) { |
800 | 1209 b->last = ngx_cpymem(b->last, "Auth-Salt: ", sizeof("Auth-Salt: ") - 1); |
1210 b->last = ngx_copy(b->last, s->salt.data, s->salt.len); | |
1211 | |
1212 s->passwd.data = NULL; | |
1213 } | |
1214 | |
521 | 1215 b->last = ngx_cpymem(b->last, "Auth-Protocol: ", |
1216 sizeof("Auth-Protocol: ") - 1); | |
1136 | 1217 b->last = ngx_cpymem(b->last, ngx_mail_auth_http_protocol[s->protocol], |
521 | 1218 sizeof("imap") - 1); |
1219 *b->last++ = CR; *b->last++ = LF; | |
1220 | |
527 | 1221 b->last = ngx_sprintf(b->last, "Auth-Login-Attempt: %ui" CRLF, |
1222 s->login_attempt); | |
1223 | |
521 | 1224 b->last = ngx_cpymem(b->last, "Client-IP: ", sizeof("Client-IP: ") - 1); |
573 | 1225 b->last = ngx_copy(b->last, s->connection->addr_text.data, |
521 | 1226 s->connection->addr_text.len); |
1227 *b->last++ = CR; *b->last++ = LF; | |
1228 | |
573 | 1229 if (ahcf->header.len) { |
1230 b->last = ngx_copy(b->last, ahcf->header.data, ahcf->header.len); | |
1231 } | |
1232 | |
521 | 1233 /* add "\r\n" at the header end */ |
1234 *b->last++ = CR; *b->last++ = LF; | |
1235 | |
1136 | 1236 #if (NGX_DEBUG_MAIL_PASSWD) |
521 | 1237 { |
1238 ngx_str_t l; | |
1239 | |
1240 l.len = b->last - b->pos; | |
1241 l.data = b->pos; | |
1136 | 1242 ngx_log_debug1(NGX_LOG_DEBUG_MAIL, s->connection->log, 0, |
1243 "mail auth http header:\n\"%V\"", &l); | |
521 | 1244 } |
1245 #endif | |
1246 | |
1247 return b; | |
1248 } | |
1249 | |
1250 | |
633 | 1251 static ngx_int_t |
1136 | 1252 ngx_mail_auth_http_escape(ngx_pool_t *pool, ngx_str_t *text, ngx_str_t *escaped) |
633 | 1253 { |
1254 u_char ch, *p; | |
1255 ngx_uint_t i, n; | |
1256 | |
1257 n = 0; | |
1258 | |
1259 for (i = 0; i < text->len; i++) { | |
1260 ch = text->data[i]; | |
1261 | |
1262 if (ch == CR || ch == LF) { | |
1263 n++; | |
1264 } | |
1265 } | |
1266 | |
1267 if (n == 0) { | |
1268 *escaped = *text; | |
1269 return NGX_OK; | |
1270 } | |
1271 | |
1272 escaped->len = text->len + n * 2; | |
1273 | |
1274 p = ngx_palloc(pool, escaped->len); | |
1275 if (p == NULL) { | |
1276 return NGX_ERROR; | |
1277 } | |
1278 | |
1279 escaped->data = p; | |
1280 | |
1281 for (i = 0; i < text->len; i++) { | |
1282 ch = text->data[i]; | |
1283 | |
1284 if (ch == CR) { | |
1285 *p++ = '%'; | |
1286 *p++ = '0'; | |
1287 *p++ = 'D'; | |
1288 continue; | |
1289 } | |
1290 | |
1291 if (ch == LF) { | |
1292 *p++ = '%'; | |
1293 *p++ = '0'; | |
1294 *p++ = 'A'; | |
1295 continue; | |
1296 } | |
1297 | |
1298 *p++ = ch; | |
1299 } | |
1300 | |
1301 return NGX_OK; | |
1302 } | |
1303 | |
1304 | |
521 | 1305 static void * |
1136 | 1306 ngx_mail_auth_http_create_conf(ngx_conf_t *cf) |
577 | 1307 { |
1136 | 1308 ngx_mail_auth_http_conf_t *ahcf; |
577 | 1309 |
1136 | 1310 ahcf = ngx_pcalloc(cf->pool, sizeof(ngx_mail_auth_http_conf_t)); |
521 | 1311 if (ahcf == NULL) { |
1312 return NGX_CONF_ERROR; | |
1313 } | |
1314 | |
1315 ahcf->timeout = NGX_CONF_UNSET_MSEC; | |
1316 | |
1503 | 1317 ahcf->file = cf->conf_file->file.name.data; |
1318 ahcf->line = cf->conf_file->line; | |
1319 | |
521 | 1320 return ahcf; |
1321 } | |
1322 | |
1323 | |
1324 static char * | |
1136 | 1325 ngx_mail_auth_http_merge_conf(ngx_conf_t *cf, void *parent, void *child) |
521 | 1326 { |
1136 | 1327 ngx_mail_auth_http_conf_t *prev = parent; |
1328 ngx_mail_auth_http_conf_t *conf = child; | |
521 | 1329 |
573 | 1330 u_char *p; |
1331 size_t len; | |
1332 ngx_uint_t i; | |
1333 ngx_table_elt_t *header; | |
1334 | |
884 | 1335 if (conf->peer == NULL) { |
1336 conf->peer = prev->peer; | |
521 | 1337 conf->host_header = prev->host_header; |
1338 conf->uri = prev->uri; | |
1503 | 1339 |
1340 if (conf->peer == NULL) { | |
1341 ngx_log_error(NGX_LOG_EMERG, cf->log, 0, | |
1342 "no \"http_auth\" is defined for server in %s:%ui", | |
1343 conf->file, conf->line); | |
1344 | |
1345 return NGX_CONF_ERROR; | |
1346 } | |
521 | 1347 } |
1348 | |
1349 ngx_conf_merge_msec_value(conf->timeout, prev->timeout, 60000); | |
1350 | |
573 | 1351 if (conf->headers == NULL) { |
1352 conf->headers = prev->headers; | |
1353 conf->header = prev->header; | |
1354 } | |
1355 | |
1356 if (conf->headers && conf->header.len == 0) { | |
1357 len = 0; | |
1358 header = conf->headers->elts; | |
1359 for (i = 0; i < conf->headers->nelts; i++) { | |
1360 len += header[i].key.len + 2 + header[i].value.len + 2; | |
1361 } | |
1362 | |
1363 p = ngx_palloc(cf->pool, len); | |
1364 if (p == NULL) { | |
1365 return NGX_CONF_ERROR; | |
1366 } | |
1367 | |
1368 conf->header.len = len; | |
1369 conf->header.data = p; | |
1370 | |
1371 for (i = 0; i < conf->headers->nelts; i++) { | |
1372 p = ngx_cpymem(p, header[i].key.data, header[i].key.len); | |
1373 *p++ = ':'; *p++ = ' '; | |
1374 p = ngx_cpymem(p, header[i].value.data, header[i].value.len); | |
1375 *p++ = CR; *p++ = LF; | |
1376 } | |
1377 } | |
1378 | |
521 | 1379 return NGX_CONF_OK; |
1380 } | |
1381 | |
1382 | |
1383 static char * | |
1136 | 1384 ngx_mail_auth_http(ngx_conf_t *cf, ngx_command_t *cmd, void *conf) |
577 | 1385 { |
1136 | 1386 ngx_mail_auth_http_conf_t *ahcf = conf; |
521 | 1387 |
805
8ee450f30c25
now the "auth_http" directive uses ngx_parse_url()
Igor Sysoev <igor@sysoev.ru>
parents:
800
diff
changeset
|
1388 ngx_str_t *value; |
8ee450f30c25
now the "auth_http" directive uses ngx_parse_url()
Igor Sysoev <igor@sysoev.ru>
parents:
800
diff
changeset
|
1389 ngx_url_t u; |
573 | 1390 |
521 | 1391 value = cf->args->elts; |
1392 | |
805
8ee450f30c25
now the "auth_http" directive uses ngx_parse_url()
Igor Sysoev <igor@sysoev.ru>
parents:
800
diff
changeset
|
1393 ngx_memzero(&u, sizeof(ngx_url_t)); |
521 | 1394 |
805
8ee450f30c25
now the "auth_http" directive uses ngx_parse_url()
Igor Sysoev <igor@sysoev.ru>
parents:
800
diff
changeset
|
1395 u.url = value[1]; |
906 | 1396 u.default_port = 80; |
805
8ee450f30c25
now the "auth_http" directive uses ngx_parse_url()
Igor Sysoev <igor@sysoev.ru>
parents:
800
diff
changeset
|
1397 u.uri_part = 1; |
884 | 1398 u.one_addr = 1; |
577 | 1399 |
1503 | 1400 if (ngx_strncmp(u.url.data, "http://", 7) == 0) { |
1401 u.url.len -= 7; | |
1402 u.url.data += 7; | |
1403 } | |
1404 | |
805
8ee450f30c25
now the "auth_http" directive uses ngx_parse_url()
Igor Sysoev <igor@sysoev.ru>
parents:
800
diff
changeset
|
1405 if (ngx_parse_url(cf, &u) != NGX_OK) { |
8ee450f30c25
now the "auth_http" directive uses ngx_parse_url()
Igor Sysoev <igor@sysoev.ru>
parents:
800
diff
changeset
|
1406 if (u.err) { |
8ee450f30c25
now the "auth_http" directive uses ngx_parse_url()
Igor Sysoev <igor@sysoev.ru>
parents:
800
diff
changeset
|
1407 ngx_conf_log_error(NGX_LOG_EMERG, cf, 0, |
8ee450f30c25
now the "auth_http" directive uses ngx_parse_url()
Igor Sysoev <igor@sysoev.ru>
parents:
800
diff
changeset
|
1408 "%s in auth_http \"%V\"", u.err, &u.url); |
8ee450f30c25
now the "auth_http" directive uses ngx_parse_url()
Igor Sysoev <igor@sysoev.ru>
parents:
800
diff
changeset
|
1409 } |
1503 | 1410 |
1411 return NGX_CONF_ERROR; | |
805
8ee450f30c25
now the "auth_http" directive uses ngx_parse_url()
Igor Sysoev <igor@sysoev.ru>
parents:
800
diff
changeset
|
1412 } |
521 | 1413 |
884 | 1414 ahcf->peer = u.addrs; |
521 | 1415 |
906 | 1416 ahcf->host_header = u.host; |
805
8ee450f30c25
now the "auth_http" directive uses ngx_parse_url()
Igor Sysoev <igor@sysoev.ru>
parents:
800
diff
changeset
|
1417 ahcf->uri = u.uri; |
521 | 1418 |
559 | 1419 if (ahcf->uri.len == 0) { |
555 | 1420 ahcf->uri.len = sizeof("/") - 1; |
1421 ahcf->uri.data = (u_char *) "/"; | |
1422 } | |
1423 | |
521 | 1424 return NGX_CONF_OK; |
1425 } | |
573 | 1426 |
1427 | |
1428 static char * | |
1136 | 1429 ngx_mail_auth_http_header(ngx_conf_t *cf, ngx_command_t *cmd, void *conf) |
577 | 1430 { |
1136 | 1431 ngx_mail_auth_http_conf_t *ahcf = conf; |
573 | 1432 |
1433 ngx_str_t *value; | |
1434 ngx_table_elt_t *header; | |
1435 | |
1436 if (ahcf->headers == NULL) { | |
1437 ahcf->headers = ngx_array_create(cf->pool, 1, sizeof(ngx_table_elt_t)); | |
1438 if (ahcf->headers == NULL) { | |
1439 return NGX_CONF_ERROR; | |
1440 } | |
1441 } | |
1442 | |
1443 header = ngx_array_push(ahcf->headers); | |
1444 if (header == NULL) { | |
1445 return NGX_CONF_ERROR; | |
1446 } | |
1447 | |
1448 value = cf->args->elts; | |
1449 | |
1450 header->key = value[1]; | |
1451 header->value = value[2]; | |
1452 | |
1453 return NGX_CONF_OK; | |
1454 } |