Mercurial > hg > nginx

comparison src/mail/ngx_mail_handler.c @ 1476:67578e966dcc

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
split pop3, imap, and smtp handlers
author Igor Sysoev <igor@sysoev.ru>
date Thu, 13 Sep 2007 20:13:18 +0000
parents 32450a2bbdf4
children 59e1caf2be94
comparison
equal deleted inserted replaced
1475:732fe8258857 1476:67578e966dcc
9 #include <ngx_event.h> 9 #include <ngx_event.h>
10 #include <ngx_mail.h> 10 #include <ngx_mail.h>
11 11
12 12
13 static void ngx_mail_init_session(ngx_connection_t *c); 13 static void ngx_mail_init_session(ngx_connection_t *c);
14 static void ngx_mail_init_protocol(ngx_event_t *rev);
15 static ngx_int_t ngx_mail_decode_auth_plain(ngx_mail_session_t *s,
16 ngx_str_t *encoded);
17 static void ngx_mail_do_auth(ngx_mail_session_t *s);
18 static ngx_int_t ngx_mail_read_command(ngx_mail_session_t *s);
19 static u_char *ngx_mail_log_error(ngx_log_t *log, u_char *buf, size_t len);
20 14
21 #if (NGX_MAIL_SSL) 15 #if (NGX_MAIL_SSL)
22 static void ngx_mail_ssl_init_connection(ngx_ssl_t *ssl, ngx_connection_t *c); 16 static void ngx_mail_ssl_init_connection(ngx_ssl_t *ssl, ngx_connection_t *c);
23 static void ngx_mail_ssl_handshake_handler(ngx_connection_t *c); 17 static void ngx_mail_ssl_handshake_handler(ngx_connection_t *c);
24 #endif 18 #endif
25 19
26 20
27 static ngx_str_t greetings[] = { 21 static ngx_mail_init_session_pt ngx_mail_init_sessions[] = {
28 ngx_string("+OK POP3 ready" CRLF), 22 ngx_mail_pop3_init_session,
29 ngx_string("* OK IMAP4 ready" CRLF) 23 ngx_mail_imap_init_session,
30 /* SMTP greeting */ 24 ngx_mail_smtp_init_session
31 }; 25 };
26
27
28 static ngx_mail_init_protocol_pt ngx_mail_init_protocols[] = {
29 ngx_mail_pop3_init_protocol,
30 ngx_mail_imap_init_protocol,
31 ngx_mail_smtp_init_protocol
32 };
33
34
35 static ngx_mail_parse_pt ngx_mail_parse[] = {
36 ngx_pop3_parse_command,
37 ngx_imap_parse_command,
38 ngx_smtp_parse_command
39 };
40
32 41
33 static ngx_str_t internal_server_errors[] = { 42 static ngx_str_t internal_server_errors[] = {
34 ngx_string("-ERR internal server error" CRLF), 43 ngx_string("-ERR internal server error" CRLF),
35 ngx_string("* BAD internal server error" CRLF), 44 ngx_string("* BAD internal server error" CRLF),
36 ngx_string("451 4.3.2 Internal server error" CRLF), 45 ngx_string("451 4.3.2 Internal server error" CRLF),
37 }; 46 };
38
39 static u_char pop3_ok[] = "+OK" CRLF;
40 static u_char pop3_next[] = "+ " CRLF;
41 static u_char pop3_username[] = "+ VXNlcm5hbWU6" CRLF;
42 static u_char pop3_password[] = "+ UGFzc3dvcmQ6" CRLF;
43 static u_char pop3_invalid_command[] = "-ERR invalid command" CRLF;
44
45 static u_char imap_star[] = "* ";
46 static u_char imap_ok[] = "OK completed" CRLF;
47 static u_char imap_next[] = "+ OK" CRLF;
48 static u_char imap_bye[] = "* BYE" CRLF;
49 static u_char imap_invalid_command[] = "BAD invalid command" CRLF;
50
51 static u_char smtp_ok[] = "250 2.0.0 OK" CRLF;
52 static u_char smtp_bye[] = "221 2.0.0 Bye" CRLF;
53 static u_char smtp_next[] = "334 " CRLF;
54 static u_char smtp_username[] = "334 VXNlcm5hbWU6" CRLF;
55 static u_char smtp_password[] = "334 UGFzc3dvcmQ6" CRLF;
56 static u_char smtp_invalid_command[] = "500 5.5.1 Invalid command" CRLF;
57 static u_char smtp_invalid_argument[] = "501 5.5.4 Invalid argument" CRLF;
58 static u_char smtp_auth_required[] = "530 5.7.1 Authentication required" CRLF;
59 47
60 48
61 void 49 void
62 ngx_mail_init_connection(ngx_connection_t *c) 50 ngx_mail_init_connection(ngx_connection_t *c)
63 { 51 {
170 } 158 }
171 159
172 160
173 #if (NGX_MAIL_SSL) 161 #if (NGX_MAIL_SSL)
174 162
175 static void 163 void
176 ngx_mail_starttls_handler(ngx_event_t *rev) 164 ngx_mail_starttls_handler(ngx_event_t *rev)
177 { 165 {
178 ngx_connection_t *c; 166 ngx_connection_t *c;
179 ngx_mail_session_t *s; 167 ngx_mail_session_t *s;
180 ngx_mail_ssl_conf_t *sslcf; 168 ngx_mail_ssl_conf_t *sslcf;
227 if (c->ssl->handshaked) { 215 if (c->ssl->handshaked) {
228 216
229 s = c->data; 217 s = c->data;
230 218
231 if (s->starttls) { 219 if (s->starttls) {
232 c->read->handler = ngx_mail_init_protocol; 220 c->read->handler = ngx_mail_init_protocols[s->protocol];
233 c->write->handler = ngx_mail_send; 221 c->write->handler = ngx_mail_send;
234 222
235 ngx_mail_init_protocol(c->read); 223 ngx_mail_init_protocols[s->protocol](c->read);
236 224
237 return; 225 return;
238 } 226 }
239 227
240 ngx_mail_init_session(c); 228 ngx_mail_init_session(c);
248 236
249 237
250 static void 238 static void
251 ngx_mail_init_session(ngx_connection_t *c) 239 ngx_mail_init_session(ngx_connection_t *c)
252 { 240 {
253 u_char *p;
254 ngx_mail_session_t *s; 241 ngx_mail_session_t *s;
255 ngx_mail_core_srv_conf_t *cscf; 242 ngx_mail_core_srv_conf_t *cscf;
256
257 c->read->handler = ngx_mail_init_protocol;
258 c->write->handler = ngx_mail_send;
259 243
260 s = c->data; 244 s = c->data;
261 245
262 cscf = ngx_mail_get_module_srv_conf(s, ngx_mail_core_module); 246 cscf = ngx_mail_get_module_srv_conf(s, ngx_mail_core_module);
263 247
267 if (s->ctx == NULL) { 251 if (s->ctx == NULL) {
268 ngx_mail_session_internal_server_error(s); 252 ngx_mail_session_internal_server_error(s);
269 return; 253 return;
270 } 254 }
271 255
272 if (s->protocol == NGX_MAIL_SMTP_PROTOCOL) {
273 s->out = cscf->smtp_greeting;
274
275 } else {
276 s->out = greetings[s->protocol];
277 }
278
279 if ((s->protocol == NGX_MAIL_POP3_PROTOCOL
280 && (cscf->pop3_auth_methods
281 & (NGX_MAIL_AUTH_APOP_ENABLED|NGX_MAIL_AUTH_CRAM_MD5_ENABLED)))
282
283 || (s->protocol == NGX_MAIL_IMAP_PROTOCOL
284 && (cscf->imap_auth_methods & NGX_MAIL_AUTH_CRAM_MD5_ENABLED))
285
286 || (s->protocol == NGX_MAIL_SMTP_PROTOCOL
287 && (cscf->smtp_auth_methods & NGX_MAIL_AUTH_CRAM_MD5_ENABLED)))
288 {
289 s->salt.data = ngx_palloc(c->pool,
290 sizeof(" <18446744073709551616.@>" CRLF) - 1
291 + NGX_TIME_T_LEN
292 + cscf->server_name.len);
293 if (s->salt.data == NULL) {
294 ngx_mail_session_internal_server_error(s);
295 return;
296 }
297
298 s->salt.len = ngx_sprintf(s->salt.data, "<%ul.%T@%V>" CRLF,
299 ngx_random(), ngx_time(), &cscf->server_name)
300 - s->salt.data;
301
302 if (s->protocol == NGX_MAIL_POP3_PROTOCOL) {
303 s->out.data = ngx_palloc(c->pool,
304 greetings[0].len + 1 + s->salt.len);
305 if (s->out.data == NULL) {
306 ngx_mail_session_internal_server_error(s);
307 return;
308 }
309
310 p = ngx_cpymem(s->out.data,
311 greetings[0].data, greetings[0].len - 2);
312 *p++ = ' ';
313 p = ngx_cpymem(p, s->salt.data, s->salt.len);
314
315 s->out.len = p - s->out.data;
316 }
317 }
318
319 ngx_add_timer(c->read, cscf->timeout); 256 ngx_add_timer(c->read, cscf->timeout);
320 257
321 if (ngx_handle_read_event(c->read, 0) == NGX_ERROR) { 258 if (ngx_handle_read_event(c->read, 0) == NGX_ERROR) {
322 ngx_mail_close_connection(c); 259 ngx_mail_close_connection(c);
323 } 260 }
324 261
325 ngx_mail_send(c->write); 262 c->write->handler = ngx_mail_send;
263
264 ngx_mail_init_sessions[s->protocol](s, c);
265 }
266
267
268 ngx_int_t
269 ngx_mail_salt(ngx_mail_session_t *s, ngx_connection_t *c,
270 ngx_mail_core_srv_conf_t *cscf)
271 {
272 s->salt.data = ngx_palloc(c->pool,
273 sizeof(" <18446744073709551616.@>" CRLF) - 1
274 + NGX_TIME_T_LEN
275 + cscf->server_name.len);
276 if (s->salt.data == NULL) {
277 return NGX_ERROR;
278 }
279
280 s->salt.len = ngx_sprintf(s->salt.data, "<%ul.%T@%V>" CRLF,
281 ngx_random(), ngx_time(), &cscf->server_name)
282 - s->salt.data;
283
284 return NGX_OK;
285 }
286
287
288 ngx_int_t
289 ngx_mail_auth_plain(ngx_mail_session_t *s, ngx_connection_t *c, ngx_uint_t n)
290 {
291 u_char *p, *last;
292 ngx_str_t *arg, plain;
293
294 arg = s->args.elts;
295
296 #if (NGX_DEBUG_MAIL_PASSWD)
297 ngx_log_debug1(NGX_LOG_DEBUG_MAIL, c->log, 0,
298 "mail auth plain: \"%V\"", &arg[n]);
299 #endif
300
301 plain.data = ngx_palloc(c->pool, ngx_base64_decoded_length(arg[n].len));
302 if (plain.data == NULL){
303 return NGX_ERROR;
304 }
305
306 if (ngx_decode_base64(&plain, &arg[0]) != NGX_OK) {
307 ngx_log_error(NGX_LOG_INFO, c->log, 0,
308 "client sent invalid base64 encoding in AUTH PLAIN command");
309 return NGX_MAIL_PARSE_INVALID_COMMAND;
310 }
311
312 p = plain.data;
313 last = p + plain.len;
314
315 while (p < last && *p++) { /* void */ }
316
317 if (p == last) {
318 ngx_log_error(NGX_LOG_INFO, c->log, 0,
319 "client sent invalid login in AUTH PLAIN command");
320 return NGX_MAIL_PARSE_INVALID_COMMAND;
321 }
322
323 s->login.data = p;
324
325 while (p < last && *p) { p++; }
326
327 if (p == last) {
328 ngx_log_error(NGX_LOG_INFO, c->log, 0,
329 "client sent invalid password in AUTH PLAIN command");
330 return NGX_MAIL_PARSE_INVALID_COMMAND;
331 }
332
333 s->login.len = p++ - s->login.data;
334
335 s->passwd.len = last - p;
336 s->passwd.data = p;
337
338 #if (NGX_DEBUG_MAIL_PASSWD)
339 ngx_log_debug2(NGX_LOG_DEBUG_MAIL, c->log, 0,
340 "mail auth plain: \"%V\" \"%V\"", &s->login, &s->passwd);
341 #endif
342
343 return NGX_DONE;
344 }
345
346
347 ngx_int_t
348 ngx_mail_auth_login_username(ngx_mail_session_t *s, ngx_connection_t *c)
349 {
350 ngx_str_t *arg;
351
352 arg = s->args.elts;
353
354 ngx_log_debug1(NGX_LOG_DEBUG_MAIL, c->log, 0,
355 "mail auth login username: \"%V\"", &arg[0]);
356
357 s->login.data = ngx_palloc(c->pool, ngx_base64_decoded_length(arg[0].len));
358 if (s->login.data == NULL){
359 return NGX_ERROR;
360 }
361
362 if (ngx_decode_base64(&s->login, &arg[0]) != NGX_OK) {
363 ngx_log_error(NGX_LOG_INFO, c->log, 0,
364 "client sent invalid base64 encoding in AUTH LOGIN command");
365 return NGX_MAIL_PARSE_INVALID_COMMAND;
366 }
367
368 ngx_log_debug1(NGX_LOG_DEBUG_MAIL, c->log, 0,
369 "mail auth login username: \"%V\"", &s->login);
370
371 return NGX_OK;
372 }
373
374
375 ngx_int_t
376 ngx_mail_auth_login_password(ngx_mail_session_t *s, ngx_connection_t *c)
377 {
378 ngx_str_t *arg;
379
380 arg = s->args.elts;
381
382 #if (NGX_DEBUG_MAIL_PASSWD)
383 ngx_log_debug1(NGX_LOG_DEBUG_MAIL, c->log, 0,
384 "mail auth login password: \"%V\"", &arg[0]);
385 #endif
386
387 s->passwd.data = ngx_palloc(c->pool, ngx_base64_decoded_length(arg[0].len));
388 if (s->passwd.data == NULL){
389 return NGX_ERROR;
390 }
391
392 if (ngx_decode_base64(&s->passwd, &arg[0]) != NGX_OK) {
393 ngx_log_error(NGX_LOG_INFO, c->log, 0,
394 "client sent invalid base64 encoding in AUTH LOGIN command");
395 return NGX_MAIL_PARSE_INVALID_COMMAND;
396 }
397
398 #if (NGX_DEBUG_MAIL_PASSWD)
399 ngx_log_debug1(NGX_LOG_DEBUG_MAIL, c->log, 0,
400 "mail auth login password: \"%V\"", &s->passwd);
401 #endif
402
403 return NGX_DONE;
404 }
405
406
407 ngx_int_t
408 ngx_mail_auth_cram_md5(ngx_mail_session_t *s, ngx_connection_t *c)
409 {
410 u_char *p, *last;
411 ngx_str_t *arg;
412
413 arg = s->args.elts;
414
415 ngx_log_debug1(NGX_LOG_DEBUG_MAIL, c->log, 0,
416 "mail auth cram-md5: \"%V\"", &arg[0]);
417
418 s->login.data = ngx_palloc(c->pool, ngx_base64_decoded_length(arg[0].len));
419 if (s->login.data == NULL){
420 return NGX_ERROR;
421 }
422
423 if (ngx_decode_base64(&s->login, &arg[0]) != NGX_OK) {
424 ngx_log_error(NGX_LOG_INFO, c->log, 0,
425 "client sent invalid base64 encoding in AUTH CRAM-MD5 command");
426 return NGX_MAIL_PARSE_INVALID_COMMAND;
427 }
428
429 p = s->login.data;
430 last = p + s->login.len;
431
432 while (p < last) {
433 if (*p++ == ' ') {
434 s->login.len = p - s->login.data - 1;
435 s->passwd.len = last - p;
436 s->passwd.data = p;
437 break;
438 }
439 }
440
441 if (s->passwd.len != 32) {
442 ngx_log_error(NGX_LOG_INFO, c->log, 0,
443 "client sent invalid CRAM-MD5 hash in AUTH CRAM-MD5 command");
444 return NGX_MAIL_PARSE_INVALID_COMMAND;
445 }
446
447 ngx_log_debug2(NGX_LOG_DEBUG_MAIL, c->log, 0,
448 "mail auth cram-md5: \"%V\" \"%V\"", &s->login, &s->passwd);
449
450 s->auth_method = NGX_MAIL_AUTH_CRAM_MD5;
451
452 return NGX_DONE;
326 } 453 }
327 454
328 455
329 void 456 void
330 ngx_mail_send(ngx_event_t *wev) 457 ngx_mail_send(ngx_event_t *wev)
389 return; 516 return;
390 } 517 }
391 } 518 }
392 519
393 520
394 static void 521 ngx_int_t
395 ngx_mail_init_protocol(ngx_event_t *rev) 522 ngx_mail_read_command(ngx_mail_session_t *s)
396 { 523 {
397 size_t size; 524 ssize_t n;
398 ngx_connection_t *c; 525 ngx_int_t rc;
399 ngx_mail_session_t *s; 526 ngx_str_t l;
400 ngx_mail_core_srv_conf_t *cscf; 527
401 528 n = s->connection->recv(s->connection, s->buffer->last,
402 c = rev->data; 529 s->buffer->end - s->buffer->last);
403 530
404 c->log->action = "in auth state"; 531 if (n == NGX_ERROR || n == 0) {
405 532 ngx_mail_close_connection(s->connection);
406 if (rev->timedout) { 533 return NGX_ERROR;
407 ngx_log_error(NGX_LOG_INFO, c->log, NGX_ETIMEDOUT, "client timed out"); 534 }
408 c->timedout = 1; 535
409 ngx_mail_close_connection(c); 536 if (n > 0) {
410 return; 537 s->buffer->last += n;
411 } 538 }
412 539
413 s = c->data; 540 if (n == NGX_AGAIN) {
414 541 if (ngx_handle_read_event(s->connection->read, 0) == NGX_ERROR) {
415 switch (s->protocol) {
416
417 case NGX_MAIL_POP3_PROTOCOL:
418 size = 128;
419 s->mail_state = ngx_pop3_start;
420 c->read->handler = ngx_pop3_auth_state;
421 break;
422
423 case NGX_MAIL_IMAP_PROTOCOL:
424 cscf = ngx_mail_get_module_srv_conf(s, ngx_mail_core_module);
425 size = cscf->imap_client_buffer_size;
426 s->mail_state = ngx_imap_start;
427 c->read->handler = ngx_imap_auth_state;
428 break;
429
430 default: /* NGX_MAIL_SMTP_PROTOCOL */
431 size = 512;
432 s->mail_state = ngx_smtp_start;
433 c->read->handler = ngx_smtp_auth_state;
434 break;
435 }
436
437 if (s->buffer == NULL) {
438 if (ngx_array_init(&s->args, c->pool, 2, sizeof(ngx_str_t))
439 == NGX_ERROR)
440 {
441 ngx_mail_session_internal_server_error(s); 542 ngx_mail_session_internal_server_error(s);
442 return; 543 return NGX_ERROR;
443 } 544 }
444 545
445 s->buffer = ngx_create_temp_buf(c->pool, size); 546 return NGX_AGAIN;
446 if (s->buffer == NULL) { 547 }
447 ngx_mail_session_internal_server_error(s); 548
448 return; 549 rc = ngx_mail_parse[s->protocol](s);
449 } 550
450 } 551 if (rc == NGX_AGAIN) {
451 552
452 c->read->handler(rev); 553 if (s->buffer->last < s->buffer->end) {
554 return rc;
555 }
556
557 l.len = s->buffer->last - s->buffer->start;
558 l.data = s->buffer->start;
559
560 ngx_log_error(NGX_LOG_INFO, s->connection->log, 0,
561 "client sent too long command \"%V\"", &l);
562
563 s->quit = 1;
564
565 return NGX_MAIL_PARSE_INVALID_COMMAND;
566 }
567
568 if (rc == NGX_IMAP_NEXT || rc == NGX_MAIL_PARSE_INVALID_COMMAND) {
569 return rc;
570 }
571
572 if (rc == NGX_ERROR) {
573 ngx_mail_close_connection(s->connection);
574 return NGX_ERROR;
575 }
576
577 return NGX_OK;
453 } 578 }
454 579
455 580
456 void 581 void
457 ngx_pop3_auth_state(ngx_event_t *rev) 582 ngx_mail_auth(ngx_mail_session_t *s)
458 {
459 u_char *p, *last, *text;
460 ssize_t size;
461 ngx_int_t rc;
462 ngx_str_t *arg, salt;
463 ngx_connection_t *c;
464 ngx_mail_session_t *s;
465 ngx_mail_core_srv_conf_t *cscf;
466 #if (NGX_MAIL_SSL)
467 ngx_mail_ssl_conf_t *sslcf;
468 #endif
469
470 c = rev->data;
471 s = c->data;
472
473 ngx_log_debug0(NGX_LOG_DEBUG_MAIL, c->log, 0, "pop3 auth state");
474
475 if (rev->timedout) {
476 ngx_log_error(NGX_LOG_INFO, c->log, NGX_ETIMEDOUT, "client timed out");
477 c->timedout = 1;
478 ngx_mail_close_connection(c);
479 return;
480 }
481
482 if (s->out.len) {
483 ngx_log_debug0(NGX_LOG_DEBUG_MAIL, c->log, 0, "pop3 send handler busy");
484 s->blocked = 1;
485 return;
486 }
487
488 s->blocked = 0;
489
490 rc = ngx_mail_read_command(s);
491
492 if (rc == NGX_AGAIN || rc == NGX_ERROR) {
493 return;
494 }
495
496 text = pop3_ok;
497 size = sizeof(pop3_ok) - 1;
498
499 if (rc == NGX_OK) {
500 switch (s->mail_state) {
501
502 case ngx_pop3_start:
503
504 switch (s->command) {
505
506 case NGX_POP3_USER:
507
508 #if (NGX_MAIL_SSL)
509
510 if (c->ssl == NULL) {
511 sslcf = ngx_mail_get_module_srv_conf(s,
512 ngx_mail_ssl_module);
513
514 if (sslcf->starttls == NGX_MAIL_STARTTLS_ONLY) {
515 rc = NGX_MAIL_PARSE_INVALID_COMMAND;
516 break;
517 }
518 }
519 #endif
520
521 if (s->args.nelts == 1) {
522 s->mail_state = ngx_pop3_user;
523
524 arg = s->args.elts;
525 s->login.len = arg[0].len;
526 s->login.data = ngx_palloc(c->pool, s->login.len);
527 if (s->login.data == NULL) {
528 ngx_mail_session_internal_server_error(s);
529 return;
530 }
531
532 ngx_memcpy(s->login.data, arg[0].data, s->login.len);
533
534 ngx_log_debug1(NGX_LOG_DEBUG_MAIL, c->log, 0,
535 "pop3 login: \"%V\"", &s->login);
536
537 break;
538 }
539
540 rc = NGX_MAIL_PARSE_INVALID_COMMAND;
541 break;
542
543 case NGX_POP3_CAPA:
544 cscf = ngx_mail_get_module_srv_conf(s, ngx_mail_core_module);
545
546 #if (NGX_MAIL_SSL)
547
548 if (c->ssl == NULL) {
549 sslcf = ngx_mail_get_module_srv_conf(s,
550 ngx_mail_ssl_module);
551
552 if (sslcf->starttls == NGX_MAIL_STARTTLS_ON) {
553 size = cscf->pop3_starttls_capability.len;
554 text = cscf->pop3_starttls_capability.data;
555 break;
556 }
557
558 if (sslcf->starttls == NGX_MAIL_STARTTLS_ONLY) {
559 size = cscf->pop3_starttls_only_capability.len;
560 text = cscf->pop3_starttls_only_capability.data;
561 break;
562 }
563 }
564 #endif
565
566 size = cscf->pop3_capability.len;
567 text = cscf->pop3_capability.data;
568 break;
569
570 case NGX_POP3_APOP:
571
572 #if (NGX_MAIL_SSL)
573
574 if (c->ssl == NULL) {
575 sslcf = ngx_mail_get_module_srv_conf(s,
576 ngx_mail_ssl_module);
577
578 if (sslcf->starttls == NGX_MAIL_STARTTLS_ONLY) {
579 rc = NGX_MAIL_PARSE_INVALID_COMMAND;
580 break;
581 }
582 }
583 #endif
584
585 cscf = ngx_mail_get_module_srv_conf(s, ngx_mail_core_module);
586
587 if ((cscf->pop3_auth_methods & NGX_MAIL_AUTH_APOP_ENABLED)
588 && s->args.nelts == 2)
589 {
590 arg = s->args.elts;
591
592 s->login.len = arg[0].len;
593 s->login.data = ngx_palloc(c->pool, s->login.len);
594 if (s->login.data == NULL) {
595 ngx_mail_session_internal_server_error(s);
596 return;
597 }
598
599 ngx_memcpy(s->login.data, arg[0].data, s->login.len);
600
601 s->passwd.len = arg[1].len;
602 s->passwd.data = ngx_palloc(c->pool, s->passwd.len);
603 if (s->passwd.data == NULL) {
604 ngx_mail_session_internal_server_error(s);
605 return;
606 }
607
608 ngx_memcpy(s->passwd.data, arg[1].data, s->passwd.len);
609
610 ngx_log_debug2(NGX_LOG_DEBUG_MAIL, c->log, 0,
611 "pop3 apop: \"%V\" \"%V\"",
612 &s->login, &s->passwd);
613
614 s->auth_method = NGX_MAIL_AUTH_APOP;
615
616 ngx_mail_do_auth(s);
617 return;
618 }
619
620 rc = NGX_MAIL_PARSE_INVALID_COMMAND;
621 break;
622
623 case NGX_POP3_AUTH:
624
625 #if (NGX_MAIL_SSL)
626
627 if (c->ssl == NULL) {
628 sslcf = ngx_mail_get_module_srv_conf(s,
629 ngx_mail_ssl_module);
630
631 if (sslcf->starttls == NGX_MAIL_STARTTLS_ONLY) {
632 rc = NGX_MAIL_PARSE_INVALID_COMMAND;
633 break;
634 }
635 }
636 #endif
637
638 cscf = ngx_mail_get_module_srv_conf(s, ngx_mail_core_module);
639
640 if (s->args.nelts == 0) {
641 size = cscf->pop3_auth_capability.len;
642 text = cscf->pop3_auth_capability.data;
643 s->state = 0;
644 break;
645 }
646
647 arg = s->args.elts;
648
649 if (arg[0].len == 5) {
650
651 if (ngx_strncasecmp(arg[0].data, (u_char *) "LOGIN", 5)
652 == 0)
653 {
654
655 if (s->args.nelts != 1) {
656 rc = NGX_MAIL_PARSE_INVALID_COMMAND;
657 break;
658 }
659
660 s->mail_state = ngx_pop3_auth_login_username;
661
662 size = sizeof(pop3_username) - 1;
663 text = pop3_username;
664
665 break;
666
667 } else if (ngx_strncasecmp(arg[0].data, (u_char *) "PLAIN",
668 5)
669 == 0)
670 {
671
672 if (s->args.nelts == 1) {
673 s->mail_state = ngx_pop3_auth_plain;
674
675 size = sizeof(pop3_next) - 1;
676 text = pop3_next;
677
678 break;
679 }
680
681 if (s->args.nelts == 2) {
682
683 /*
684 * workaround for Eudora for Mac: it sends
685 * AUTH PLAIN [base64 encoded]
686 */
687
688 rc = ngx_mail_decode_auth_plain(s, &arg[1]);
689
690 if (rc == NGX_OK) {
691 ngx_mail_do_auth(s);
692 return;
693 }
694
695 if (rc == NGX_ERROR) {
696 ngx_mail_session_internal_server_error(s);
697 return;
698 }
699
700 /* rc == NGX_MAIL_PARSE_INVALID_COMMAND */
701
702 break;
703 }
704
705 rc = NGX_MAIL_PARSE_INVALID_COMMAND;
706 break;
707 }
708
709 } else if (arg[0].len == 8
710 && ngx_strncasecmp(arg[0].data,
711 (u_char *) "CRAM-MD5", 8)
712 == 0)
713 {
714 if (!(cscf->pop3_auth_methods
715 & NGX_MAIL_AUTH_CRAM_MD5_ENABLED)
716 || s->args.nelts != 1)
717 {
718 rc = NGX_MAIL_PARSE_INVALID_COMMAND;
719 break;
720 }
721
722 s->mail_state = ngx_pop3_auth_cram_md5;
723
724 text = ngx_palloc(c->pool,
725 sizeof("+ " CRLF) - 1
726 + ngx_base64_encoded_length(s->salt.len));
727 if (text == NULL) {
728 ngx_mail_session_internal_server_error(s);
729 return;
730 }
731
732 text[0] = '+'; text[1]= ' ';
733 salt.data = &text[2];
734 s->salt.len -= 2;
735
736 ngx_encode_base64(&salt, &s->salt);
737
738 s->salt.len += 2;
739 size = 2 + salt.len;
740 text[size++] = CR; text[size++] = LF;
741
742 break;
743 }
744
745 rc = NGX_MAIL_PARSE_INVALID_COMMAND;
746 break;
747
748 case NGX_POP3_QUIT:
749 s->quit = 1;
750 break;
751
752 case NGX_POP3_NOOP:
753 break;
754
755 #if (NGX_MAIL_SSL)
756
757 case NGX_POP3_STLS:
758 if (c->ssl == NULL) {
759 sslcf = ngx_mail_get_module_srv_conf(s,
760 ngx_mail_ssl_module);
761 if (sslcf->starttls) {
762 c->read->handler = ngx_mail_starttls_handler;
763 break;
764 }
765 }
766
767 rc = NGX_MAIL_PARSE_INVALID_COMMAND;
768 break;
769 #endif
770
771 default:
772 s->mail_state = ngx_pop3_start;
773 rc = NGX_MAIL_PARSE_INVALID_COMMAND;
774 break;
775 }
776
777 break;
778
779 case ngx_pop3_user:
780
781 switch (s->command) {
782
783 case NGX_POP3_PASS:
784 if (s->args.nelts == 1) {
785 arg = s->args.elts;
786 s->passwd.len = arg[0].len;
787 s->passwd.data = ngx_palloc(c->pool, s->passwd.len);
788 if (s->passwd.data == NULL) {
789 ngx_mail_session_internal_server_error(s);
790 return;
791 }
792
793 ngx_memcpy(s->passwd.data, arg[0].data, s->passwd.len);
794
795 #if (NGX_DEBUG_MAIL_PASSWD)
796 ngx_log_debug1(NGX_LOG_DEBUG_MAIL, c->log, 0,
797 "pop3 passwd: \"%V\"", &s->passwd);
798 #endif
799
800 ngx_mail_do_auth(s);
801 return;
802 }
803
804 rc = NGX_MAIL_PARSE_INVALID_COMMAND;
805 break;
806
807 case NGX_POP3_CAPA:
808 cscf = ngx_mail_get_module_srv_conf(s, ngx_mail_core_module);
809 size = cscf->pop3_capability.len;
810 text = cscf->pop3_capability.data;
811 break;
812
813 case NGX_POP3_QUIT:
814 s->quit = 1;
815 break;
816
817 case NGX_POP3_NOOP:
818 break;
819
820 default:
821 s->mail_state = ngx_pop3_start;
822 rc = NGX_MAIL_PARSE_INVALID_COMMAND;
823 break;
824 }
825
826 break;
827
828 /* suppress warinings */
829 case ngx_pop3_passwd:
830 break;
831
832 case ngx_pop3_auth_login_username:
833 arg = s->args.elts;
834 s->mail_state = ngx_pop3_auth_login_password;
835
836 ngx_log_debug1(NGX_LOG_DEBUG_MAIL, c->log, 0,
837 "pop3 auth login username: \"%V\"", &arg[0]);
838
839 s->login.data = ngx_palloc(c->pool,
840 ngx_base64_decoded_length(arg[0].len));
841 if (s->login.data == NULL){
842 ngx_mail_session_internal_server_error(s);
843 return;
844 }
845
846 if (ngx_decode_base64(&s->login, &arg[0]) != NGX_OK) {
847 ngx_log_error(NGX_LOG_INFO, c->log, 0,
848 "client sent invalid base64 encoding "
849 "in AUTH LOGIN command");
850 rc = NGX_MAIL_PARSE_INVALID_COMMAND;
851 break;
852 }
853
854 ngx_log_debug1(NGX_LOG_DEBUG_MAIL, c->log, 0,
855 "pop3 auth login username: \"%V\"", &s->login);
856
857 size = sizeof(pop3_password) - 1;
858 text = pop3_password;
859
860 break;
861
862 case ngx_pop3_auth_login_password:
863 arg = s->args.elts;
864
865 #if (NGX_DEBUG_MAIL_PASSWD)
866 ngx_log_debug1(NGX_LOG_DEBUG_MAIL, c->log, 0,
867 "pop3 auth login password: \"%V\"", &arg[0]);
868 #endif
869
870 s->passwd.data = ngx_palloc(c->pool,
871 ngx_base64_decoded_length(arg[0].len));
872 if (s->passwd.data == NULL){
873 ngx_mail_session_internal_server_error(s);
874 return;
875 }
876
877 if (ngx_decode_base64(&s->passwd, &arg[0]) != NGX_OK) {
878 ngx_log_error(NGX_LOG_INFO, c->log, 0,
879 "client sent invalid base64 encoding "
880 "in AUTH LOGIN command");
881 rc = NGX_MAIL_PARSE_INVALID_COMMAND;
882 break;
883 }
884
885 #if (NGX_DEBUG_MAIL_PASSWD)
886 ngx_log_debug1(NGX_LOG_DEBUG_MAIL, c->log, 0,
887 "pop3 auth login password: \"%V\"", &s->passwd);
888 #endif
889
890 ngx_mail_do_auth(s);
891 return;
892
893 case ngx_pop3_auth_plain:
894 arg = s->args.elts;
895
896 rc = ngx_mail_decode_auth_plain(s, &arg[0]);
897
898 if (rc == NGX_OK) {
899 ngx_mail_do_auth(s);
900 return;
901 }
902
903 if (rc == NGX_ERROR) {
904 ngx_mail_session_internal_server_error(s);
905 return;
906 }
907
908 /* rc == NGX_MAIL_PARSE_INVALID_COMMAND */
909
910 break;
911
912 case ngx_pop3_auth_cram_md5:
913 arg = s->args.elts;
914
915 ngx_log_debug1(NGX_LOG_DEBUG_MAIL, c->log, 0,
916 "pop3 auth cram-md5: \"%V\"", &arg[0]);
917
918 s->login.data = ngx_palloc(c->pool,
919 ngx_base64_decoded_length(arg[0].len));
920 if (s->login.data == NULL){
921 ngx_mail_session_internal_server_error(s);
922 return;
923 }
924
925 if (ngx_decode_base64(&s->login, &arg[0]) != NGX_OK) {
926 ngx_log_error(NGX_LOG_INFO, c->log, 0,
927 "client sent invalid base64 encoding "
928 "in AUTH CRAM-MD5 command");
929 rc = NGX_MAIL_PARSE_INVALID_COMMAND;
930 break;
931 }
932
933 p = s->login.data;
934 last = p + s->login.len;
935
936 while (p < last) {
937 if (*p++ == ' ') {
938 s->login.len = p - s->login.data - 1;
939 s->passwd.len = last - p;
940 s->passwd.data = p;
941 break;
942 }
943 }
944
945 if (s->passwd.len != 32) {
946 ngx_log_error(NGX_LOG_INFO, c->log, 0,
947 "client sent invalid CRAM-MD5 hash "
948 "in AUTH CRAM-MD5 command");
949 rc = NGX_MAIL_PARSE_INVALID_COMMAND;
950 break;
951 }
952
953 ngx_log_debug2(NGX_LOG_DEBUG_MAIL, c->log, 0,
954 "pop3 auth cram-md5: \"%V\" \"%V\"",
955 &s->login, &s->passwd);
956
957 s->auth_method = NGX_MAIL_AUTH_CRAM_MD5;
958
959 ngx_mail_do_auth(s);
960 return;
961 }
962 }
963
964 if (rc == NGX_MAIL_PARSE_INVALID_COMMAND) {
965 s->mail_state = ngx_pop3_start;
966 s->state = 0;
967 text = pop3_invalid_command;
968 size = sizeof(pop3_invalid_command) - 1;
969 }
970
971 s->args.nelts = 0;
972 s->buffer->pos = s->buffer->start;
973 s->buffer->last = s->buffer->start;
974
975 if (s->state) {
976 s->arg_start = s->buffer->start;
977 }
978
979 s->out.data = text;
980 s->out.len = size;
981
982 ngx_mail_send(c->write);
983 }
984
985
986 void
987 ngx_imap_auth_state(ngx_event_t *rev)
988 {
989 u_char *p, *last, *text, *dst, *src, *end;
990 ssize_t text_len, last_len;
991 ngx_str_t *arg, salt;
992 ngx_int_t rc;
993 ngx_uint_t tag, i;
994 ngx_connection_t *c;
995 ngx_mail_session_t *s;
996 ngx_mail_core_srv_conf_t *cscf;
997 #if (NGX_MAIL_SSL)
998 ngx_mail_ssl_conf_t *sslcf;
999 #endif
1000
1001 c = rev->data;
1002 s = c->data;
1003
1004 ngx_log_debug0(NGX_LOG_DEBUG_MAIL, c->log, 0, "imap auth state");
1005
1006 if (rev->timedout) {
1007 ngx_log_error(NGX_LOG_INFO, c->log, NGX_ETIMEDOUT, "client timed out");
1008 c->timedout = 1;
1009 ngx_mail_close_connection(c);
1010 return;
1011 }
1012
1013 if (s->out.len) {
1014 ngx_log_debug0(NGX_LOG_DEBUG_MAIL, c->log, 0, "imap send handler busy");
1015 s->blocked = 1;
1016 return;
1017 }
1018
1019 s->blocked = 0;
1020
1021 rc = ngx_mail_read_command(s);
1022
1023 if (rc == NGX_AGAIN || rc == NGX_ERROR) {
1024 return;
1025 }
1026
1027 tag = 1;
1028
1029 text = NULL;
1030 text_len = 0;
1031
1032 last = imap_ok;
1033 last_len = sizeof(imap_ok) - 1;
1034
1035 if (rc == NGX_OK) {
1036
1037 ngx_log_debug1(NGX_LOG_DEBUG_MAIL, c->log, 0, "imap auth command: %i",
1038 s->command);
1039
1040 if (s->backslash) {
1041
1042 arg = s->args.elts;
1043
1044 for (i = 0; i < s->args.nelts; i++) {
1045 dst = arg[i].data;
1046 end = dst + arg[i].len;
1047
1048 for (src = dst; src < end; dst++) {
1049 *dst = *src;
1050 if (*src++ == '\\') {
1051 *dst = *src++;
1052 }
1053 }
1054
1055 arg[i].len = dst - arg[i].data;
1056 }
1057
1058 s->backslash = 0;
1059 }
1060
1061 switch (s->mail_state) {
1062
1063 case ngx_imap_start:
1064
1065 switch (s->command) {
1066
1067 case NGX_IMAP_LOGIN:
1068
1069 #if (NGX_MAIL_SSL)
1070
1071 if (c->ssl == NULL) {
1072 sslcf = ngx_mail_get_module_srv_conf(s, ngx_mail_ssl_module);
1073
1074 if (sslcf->starttls == NGX_MAIL_STARTTLS_ONLY) {
1075 rc = NGX_MAIL_PARSE_INVALID_COMMAND;
1076 break;
1077 }
1078 }
1079 #endif
1080
1081 arg = s->args.elts;
1082
1083 if (s->args.nelts == 2 && arg[0].len) {
1084
1085 s->login.len = arg[0].len;
1086 s->login.data = ngx_palloc(c->pool, s->login.len);
1087 if (s->login.data == NULL) {
1088 ngx_mail_session_internal_server_error(s);
1089 return;
1090 }
1091
1092 ngx_memcpy(s->login.data, arg[0].data, s->login.len);
1093
1094 s->passwd.len = arg[1].len;
1095 s->passwd.data = ngx_palloc(c->pool, s->passwd.len);
1096 if (s->passwd.data == NULL) {
1097 ngx_mail_session_internal_server_error(s);
1098 return;
1099 }
1100
1101 ngx_memcpy(s->passwd.data, arg[1].data, s->passwd.len);
1102
1103 #if (NGX_DEBUG_MAIL_PASSWD)
1104 ngx_log_debug2(NGX_LOG_DEBUG_MAIL, c->log, 0,
1105 "imap login:\"%V\" passwd:\"%V\"",
1106 &s->login, &s->passwd);
1107 #else
1108 ngx_log_debug1(NGX_LOG_DEBUG_MAIL, c->log, 0,
1109 "imap login:\"%V\"", &s->login);
1110 #endif
1111
1112 ngx_mail_do_auth(s);
1113 return;
1114 }
1115
1116 rc = NGX_MAIL_PARSE_INVALID_COMMAND;
1117 break;
1118
1119 case NGX_IMAP_AUTHENTICATE:
1120
1121 #if (NGX_MAIL_SSL)
1122
1123 if (c->ssl == NULL) {
1124 sslcf = ngx_mail_get_module_srv_conf(s, ngx_mail_ssl_module);
1125
1126 if (sslcf->starttls == NGX_MAIL_STARTTLS_ONLY) {
1127 rc = NGX_MAIL_PARSE_INVALID_COMMAND;
1128 break;
1129 }
1130 }
1131 #endif
1132
1133 if (s->args.nelts != 1) {
1134 rc = NGX_MAIL_PARSE_INVALID_COMMAND;
1135 break;
1136 }
1137
1138 arg = s->args.elts;
1139
1140 if (arg[0].len == 5) {
1141
1142 if (ngx_strncasecmp(arg[0].data, (u_char *) "LOGIN", 5)
1143 == 0)
1144 {
1145
1146 s->mail_state = ngx_imap_auth_login_username;
1147
1148 last_len = sizeof(pop3_username) - 1;
1149 last = pop3_username;
1150 tag = 0;
1151
1152 break;
1153
1154 } else if (ngx_strncasecmp(arg[0].data, (u_char *) "PLAIN",
1155 5)
1156 == 0)
1157 {
1158
1159 s->mail_state = ngx_imap_auth_plain;
1160
1161 last_len = sizeof(pop3_next) - 1;
1162 last = pop3_next;
1163 tag = 0;
1164
1165 break;
1166 }
1167
1168 } else if (arg[0].len == 8
1169 && ngx_strncasecmp(arg[0].data,
1170 (u_char *) "CRAM-MD5", 8)
1171 == 0)
1172 {
1173 cscf = ngx_mail_get_module_srv_conf(s, ngx_mail_core_module);
1174
1175 if (!(cscf->imap_auth_methods
1176 & NGX_MAIL_AUTH_CRAM_MD5_ENABLED)
1177 || s->args.nelts != 1)
1178 {
1179 rc = NGX_MAIL_PARSE_INVALID_COMMAND;
1180 break;
1181 }
1182
1183 s->mail_state = ngx_imap_auth_cram_md5;
1184
1185 last = ngx_palloc(c->pool,
1186 sizeof("+ " CRLF) - 1
1187 + ngx_base64_encoded_length(s->salt.len));
1188 if (last == NULL) {
1189 ngx_mail_session_internal_server_error(s);
1190 return;
1191 }
1192
1193 last[0] = '+'; last[1]= ' ';
1194 salt.data = &last[2];
1195 s->salt.len -= 2;
1196
1197 ngx_encode_base64(&salt, &s->salt);
1198
1199 s->salt.len += 2;
1200 last_len = 2 + salt.len;
1201 last[last_len++] = CR; last[last_len++] = LF;
1202 tag = 0;
1203
1204 break;
1205 }
1206
1207 rc = NGX_MAIL_PARSE_INVALID_COMMAND;
1208 break;
1209
1210 case NGX_IMAP_CAPABILITY:
1211 cscf = ngx_mail_get_module_srv_conf(s, ngx_mail_core_module);
1212
1213 #if (NGX_MAIL_SSL)
1214
1215 if (c->ssl == NULL) {
1216 sslcf = ngx_mail_get_module_srv_conf(s, ngx_mail_ssl_module);
1217
1218 if (sslcf->starttls == NGX_MAIL_STARTTLS_ON) {
1219 text_len = cscf->imap_starttls_capability.len;
1220 text = cscf->imap_starttls_capability.data;
1221 break;
1222 }
1223
1224 if (sslcf->starttls == NGX_MAIL_STARTTLS_ONLY) {
1225 text_len = cscf->imap_starttls_only_capability.len;
1226 text = cscf->imap_starttls_only_capability.data;
1227 break;
1228 }
1229 }
1230 #endif
1231
1232 text_len = cscf->imap_capability.len;
1233 text = cscf->imap_capability.data;
1234 break;
1235
1236 case NGX_IMAP_LOGOUT:
1237 s->quit = 1;
1238 text = imap_bye;
1239 text_len = sizeof(imap_bye) - 1;
1240 break;
1241
1242 case NGX_IMAP_NOOP:
1243 break;
1244
1245 #if (NGX_MAIL_SSL)
1246
1247 case NGX_IMAP_STARTTLS:
1248 if (c->ssl == NULL) {
1249 sslcf = ngx_mail_get_module_srv_conf(s, ngx_mail_ssl_module);
1250 if (sslcf->starttls) {
1251 c->read->handler = ngx_mail_starttls_handler;
1252 break;
1253 }
1254 }
1255
1256 rc = NGX_MAIL_PARSE_INVALID_COMMAND;
1257 break;
1258 #endif
1259
1260 default:
1261 rc = NGX_MAIL_PARSE_INVALID_COMMAND;
1262 break;
1263 }
1264
1265 break;
1266
1267 case ngx_imap_auth_login_username:
1268 arg = s->args.elts;
1269 s->mail_state = ngx_imap_auth_login_password;
1270
1271 ngx_log_debug1(NGX_LOG_DEBUG_MAIL, c->log, 0,
1272 "imap auth login username: \"%V\"", &arg[0]);
1273
1274 s->login.data = ngx_palloc(c->pool,
1275 ngx_base64_decoded_length(arg[0].len));
1276 if (s->login.data == NULL){
1277 ngx_mail_session_internal_server_error(s);
1278 return;
1279 }
1280
1281 if (ngx_decode_base64(&s->login, &arg[0]) != NGX_OK) {
1282 ngx_log_error(NGX_LOG_INFO, c->log, 0,
1283 "client sent invalid base64 encoding "
1284 "in AUTH LOGIN command");
1285 rc = NGX_MAIL_PARSE_INVALID_COMMAND;
1286 break;
1287 }
1288
1289 ngx_log_debug1(NGX_LOG_DEBUG_MAIL, c->log, 0,
1290 "imap auth login username: \"%V\"", &s->login);
1291
1292 last_len = sizeof(pop3_password) - 1;
1293 last = pop3_password;
1294 tag = 0;
1295
1296 break;
1297
1298 case ngx_imap_auth_login_password:
1299 arg = s->args.elts;
1300
1301 #if (NGX_DEBUG_MAIL_PASSWD)
1302 ngx_log_debug1(NGX_LOG_DEBUG_MAIL, c->log, 0,
1303 "imap auth login password: \"%V\"", &arg[0]);
1304 #endif
1305
1306 s->passwd.data = ngx_palloc(c->pool,
1307 ngx_base64_decoded_length(arg[0].len));
1308 if (s->passwd.data == NULL){
1309 ngx_mail_session_internal_server_error(s);
1310 return;
1311 }
1312
1313 if (ngx_decode_base64(&s->passwd, &arg[0]) != NGX_OK) {
1314 ngx_log_error(NGX_LOG_INFO, c->log, 0,
1315 "client sent invalid base64 encoding "
1316 "in AUTH LOGIN command");
1317 rc = NGX_MAIL_PARSE_INVALID_COMMAND;
1318 break;
1319 }
1320
1321 #if (NGX_DEBUG_MAIL_PASSWD)
1322 ngx_log_debug1(NGX_LOG_DEBUG_MAIL, c->log, 0,
1323 "imap auth login password: \"%V\"", &s->passwd);
1324 #endif
1325
1326 ngx_mail_do_auth(s);
1327 return;
1328
1329 case ngx_imap_auth_plain:
1330 arg = s->args.elts;
1331
1332 rc = ngx_mail_decode_auth_plain(s, &arg[0]);
1333
1334 if (rc == NGX_OK) {
1335 ngx_mail_do_auth(s);
1336 return;
1337 }
1338
1339 if (rc == NGX_ERROR) {
1340 ngx_mail_session_internal_server_error(s);
1341 return;
1342 }
1343
1344 /* rc == NGX_MAIL_PARSE_INVALID_COMMAND */
1345
1346 break;
1347
1348 case ngx_imap_auth_cram_md5:
1349 arg = s->args.elts;
1350
1351 ngx_log_debug1(NGX_LOG_DEBUG_MAIL, c->log, 0,
1352 "imap auth cram-md5: \"%V\"", &arg[0]);
1353
1354 s->login.data = ngx_palloc(c->pool,
1355 ngx_base64_decoded_length(arg[0].len));
1356 if (s->login.data == NULL){
1357 ngx_mail_session_internal_server_error(s);
1358 return;
1359 }
1360
1361 if (ngx_decode_base64(&s->login, &arg[0]) != NGX_OK) {
1362 ngx_log_error(NGX_LOG_INFO, c->log, 0,
1363 "client sent invalid base64 encoding "
1364 "in AUTH CRAM-MD5 command");
1365 rc = NGX_MAIL_PARSE_INVALID_COMMAND;
1366 break;
1367 }
1368
1369 p = s->login.data;
1370 last = p + s->login.len;
1371
1372 while (p < last) {
1373 if (*p++ == ' ') {
1374 s->login.len = p - s->login.data - 1;
1375 s->passwd.len = last - p;
1376 s->passwd.data = p;
1377 break;
1378 }
1379 }
1380
1381 if (s->passwd.len != 32) {
1382 ngx_log_error(NGX_LOG_INFO, c->log, 0,
1383 "client sent invalid CRAM-MD5 hash "
1384 "in AUTH CRAM-MD5 command");
1385 rc = NGX_MAIL_PARSE_INVALID_COMMAND;
1386 break;
1387 }
1388
1389 ngx_log_debug2(NGX_LOG_DEBUG_MAIL, c->log, 0,
1390 "imap auth cram-md5: \"%V\" \"%V\"",
1391 &s->login, &s->passwd);
1392
1393 s->auth_method = NGX_MAIL_AUTH_CRAM_MD5;
1394
1395 ngx_mail_do_auth(s);
1396 return;
1397 }
1398
1399 } else if (rc == NGX_IMAP_NEXT) {
1400 last = imap_next;
1401 last_len = sizeof(imap_next) - 1;
1402 tag = 0;
1403 }
1404
1405 if (rc == NGX_MAIL_PARSE_INVALID_COMMAND) {
1406 s->mail_state = ngx_imap_start;
1407 s->state = 0;
1408 last = imap_invalid_command;
1409 last_len = sizeof(imap_invalid_command) - 1;
1410 }
1411
1412 if (tag) {
1413 if (s->tag.len == 0) {
1414 s->tag.len = sizeof(imap_star) - 1;
1415 s->tag.data = (u_char *) imap_star;
1416 }
1417
1418 if (s->tagged_line.len < s->tag.len + text_len + last_len) {
1419 s->tagged_line.len = s->tag.len + text_len + last_len;
1420 s->tagged_line.data = ngx_palloc(c->pool, s->tagged_line.len);
1421 if (s->tagged_line.data == NULL) {
1422 ngx_mail_close_connection(c);
1423 return;
1424 }
1425 }
1426
1427 s->out.data = s->tagged_line.data;
1428 s->out.len = s->tag.len + text_len + last_len;
1429
1430 p = s->out.data;
1431
1432 if (text) {
1433 p = ngx_cpymem(p, text, text_len);
1434 }
1435 p = ngx_cpymem(p, s->tag.data, s->tag.len);
1436 ngx_memcpy(p, last, last_len);
1437
1438
1439 } else {
1440 s->out.data = last;
1441 s->out.len = last_len;
1442 }
1443
1444 if (rc != NGX_IMAP_NEXT) {
1445 s->args.nelts = 0;
1446
1447 if (s->state) {
1448 /* preserve tag */
1449 s->arg_start = s->buffer->start + s->tag.len;
1450 s->buffer->pos = s->arg_start;
1451 s->buffer->last = s->arg_start;
1452
1453 } else {
1454 s->buffer->pos = s->buffer->start;
1455 s->buffer->last = s->buffer->start;
1456 s->tag.len = 0;
1457 }
1458 }
1459
1460 ngx_mail_send(c->write);
1461 }
1462
1463
1464 void
1465 ngx_smtp_auth_state(ngx_event_t *rev)
1466 {
1467 u_char *p, *last, *text, ch;
1468 ssize_t size;
1469 ngx_int_t rc;
1470 ngx_str_t *arg, salt, l;
1471 ngx_uint_t i;
1472 ngx_connection_t *c;
1473 ngx_mail_session_t *s;
1474 ngx_mail_core_srv_conf_t *cscf;
1475 #if (NGX_MAIL_SSL)
1476 ngx_mail_ssl_conf_t *sslcf;
1477 #endif
1478
1479 c = rev->data;
1480 s = c->data;
1481
1482 ngx_log_debug0(NGX_LOG_DEBUG_MAIL, c->log, 0, "smtp auth state");
1483
1484 if (rev->timedout) {
1485 ngx_log_error(NGX_LOG_INFO, c->log, NGX_ETIMEDOUT, "client timed out");
1486 c->timedout = 1;
1487 ngx_mail_close_connection(c);
1488 return;
1489 }
1490
1491 if (s->out.len) {
1492 ngx_log_debug0(NGX_LOG_DEBUG_MAIL, c->log, 0, "smtp send handler busy");
1493 s->blocked = 1;
1494 return;
1495 }
1496
1497 s->blocked = 0;
1498
1499 rc = ngx_mail_read_command(s);
1500
1501 if (rc == NGX_AGAIN || rc == NGX_ERROR) {
1502 return;
1503 }
1504
1505 text = NULL;
1506 size = 0;
1507
1508 if (rc == NGX_OK) {
1509 switch (s->mail_state) {
1510
1511 case ngx_smtp_start:
1512
1513 switch (s->command) {
1514
1515 case NGX_SMTP_HELO:
1516 case NGX_SMTP_EHLO:
1517 cscf = ngx_mail_get_module_srv_conf(s, ngx_mail_core_module);
1518
1519 if (s->args.nelts != 1) {
1520 text = smtp_invalid_argument;
1521 size = sizeof(smtp_invalid_argument) - 1;
1522 s->state = 0;
1523 break;
1524 }
1525
1526 arg = s->args.elts;
1527
1528 s->smtp_helo.len = arg[0].len;
1529
1530 s->smtp_helo.data = ngx_palloc(c->pool, arg[0].len);
1531 if (s->smtp_helo.data == NULL) {
1532 ngx_mail_session_internal_server_error(s);
1533 return;
1534 }
1535
1536 ngx_memcpy(s->smtp_helo.data, arg[0].data, arg[0].len);
1537
1538 if (s->command == NGX_SMTP_HELO) {
1539 size = cscf->smtp_server_name.len;
1540 text = cscf->smtp_server_name.data;
1541
1542 } else {
1543 s->esmtp = 1;
1544
1545 #if (NGX_MAIL_SSL)
1546
1547 if (c->ssl == NULL) {
1548 sslcf = ngx_mail_get_module_srv_conf(s, ngx_mail_ssl_module);
1549
1550 if (sslcf->starttls == NGX_MAIL_STARTTLS_ON) {
1551 size = cscf->smtp_starttls_capability.len;
1552 text = cscf->smtp_starttls_capability.data;
1553 break;
1554 }
1555
1556 if (sslcf->starttls == NGX_MAIL_STARTTLS_ONLY) {
1557 size = cscf->smtp_starttls_only_capability.len;
1558 text = cscf->smtp_starttls_only_capability.data;
1559 break;
1560 }
1561 }
1562 #endif
1563
1564 size = cscf->smtp_capability.len;
1565 text = cscf->smtp_capability.data;
1566 }
1567
1568 break;
1569
1570 case NGX_SMTP_AUTH:
1571
1572 #if (NGX_MAIL_SSL)
1573
1574 if (c->ssl == NULL) {
1575 sslcf = ngx_mail_get_module_srv_conf(s, ngx_mail_ssl_module);
1576
1577 if (sslcf->starttls == NGX_MAIL_STARTTLS_ONLY) {
1578 rc = NGX_MAIL_PARSE_INVALID_COMMAND;
1579 break;
1580 }
1581 }
1582 #endif
1583
1584 if (s->args.nelts == 0) {
1585 text = smtp_invalid_argument;
1586 size = sizeof(smtp_invalid_argument) - 1;
1587 s->state = 0;
1588 break;
1589 }
1590
1591 arg = s->args.elts;
1592
1593 if (arg[0].len == 5) {
1594
1595 if (ngx_strncasecmp(arg[0].data, (u_char *) "LOGIN", 5)
1596 == 0)
1597 {
1598
1599 if (s->args.nelts != 1) {
1600 rc = NGX_MAIL_PARSE_INVALID_COMMAND;
1601 break;
1602 }
1603
1604 s->mail_state = ngx_smtp_auth_login_username;
1605
1606 size = sizeof(smtp_username) - 1;
1607 text = smtp_username;
1608
1609 break;
1610
1611 } else if (ngx_strncasecmp(arg[0].data, (u_char *) "PLAIN",
1612 5)
1613 == 0)
1614 {
1615 if (s->args.nelts == 1) {
1616 s->mail_state = ngx_smtp_auth_plain;
1617
1618 size = sizeof(smtp_next) - 1;
1619 text = smtp_next;
1620
1621 break;
1622 }
1623
1624 if (s->args.nelts == 2) {
1625
1626 rc = ngx_mail_decode_auth_plain(s, &arg[1]);
1627
1628 if (rc == NGX_OK) {
1629 ngx_mail_do_auth(s);
1630 return;
1631 }
1632
1633 if (rc == NGX_ERROR) {
1634 ngx_mail_session_internal_server_error(s);
1635 return;
1636 }
1637
1638 /* rc == NGX_MAIL_PARSE_INVALID_COMMAND */
1639
1640 break;
1641 }
1642
1643 rc = NGX_MAIL_PARSE_INVALID_COMMAND;
1644 break;
1645 }
1646
1647 } else if (arg[0].len == 8
1648 && ngx_strncasecmp(arg[0].data,
1649 (u_char *) "CRAM-MD5", 8)
1650 == 0)
1651 {
1652 cscf = ngx_mail_get_module_srv_conf(s,
1653 ngx_mail_core_module);
1654
1655 if (!(cscf->smtp_auth_methods
1656 & NGX_MAIL_AUTH_CRAM_MD5_ENABLED)
1657 || s->args.nelts != 1)
1658 {
1659 rc = NGX_MAIL_PARSE_INVALID_COMMAND;
1660 break;
1661 }
1662
1663 s->mail_state = ngx_smtp_auth_cram_md5;
1664
1665 text = ngx_palloc(c->pool,
1666 sizeof("334 " CRLF) - 1
1667 + ngx_base64_encoded_length(s->salt.len));
1668 if (text == NULL) {
1669 ngx_mail_session_internal_server_error(s);
1670 return;
1671 }
1672
1673 text[0] = '3'; text[1]= '3'; text[2] = '4'; text[3]= ' ';
1674 salt.data = &text[4];
1675 s->salt.len -= 2;
1676
1677 ngx_encode_base64(&salt, &s->salt);
1678
1679 s->salt.len += 2;
1680 size = 4 + salt.len;
1681 text[size++] = CR; text[size++] = LF;
1682
1683 break;
1684 }
1685
1686 rc = NGX_MAIL_PARSE_INVALID_COMMAND;
1687 break;
1688
1689 case NGX_SMTP_QUIT:
1690 s->quit = 1;
1691 text = smtp_bye;
1692 size = sizeof(smtp_bye) - 1;
1693 break;
1694
1695 case NGX_SMTP_MAIL:
1696
1697 if (s->connection->log->log_level >= NGX_LOG_INFO) {
1698 l.len = s->buffer->last - s->buffer->start;
1699 l.data = s->buffer->start;
1700
1701 for (i = 0; i < l.len; i++) {
1702 ch = l.data[i];
1703
1704 if (ch != CR && ch != LF) {
1705 continue;
1706 }
1707
1708 l.data[i] = ' ';
1709 }
1710
1711 while (i) {
1712 if (l.data[i - 1] != ' ') {
1713 break;
1714 }
1715
1716 i--;
1717 }
1718
1719 l.len = i;
1720
1721 ngx_log_error(NGX_LOG_INFO, s->connection->log, 0,
1722 "client was rejected: \"%V\"", &l);
1723 }
1724
1725 text = smtp_auth_required;
1726 size = sizeof(smtp_auth_required) - 1;
1727 break;
1728
1729 case NGX_SMTP_NOOP:
1730 case NGX_SMTP_RSET:
1731 text = smtp_ok;
1732 size = sizeof(smtp_ok) - 1;
1733 break;
1734
1735 #if (NGX_MAIL_SSL)
1736
1737 case NGX_SMTP_STARTTLS:
1738 if (c->ssl == NULL) {
1739 sslcf = ngx_mail_get_module_srv_conf(s,
1740 ngx_mail_ssl_module);
1741 if (sslcf->starttls) {
1742 c->read->handler = ngx_mail_starttls_handler;
1743
1744 /*
1745 * RFC3207 requires us to discard any knowledge
1746 * obtained from client before STARTTLS.
1747 */
1748
1749 s->smtp_helo.len = 0;
1750 s->smtp_helo.data = NULL;
1751
1752 text = smtp_ok;
1753 size = sizeof(smtp_ok) - 1;
1754
1755 break;
1756 }
1757 }
1758
1759 rc = NGX_MAIL_PARSE_INVALID_COMMAND;
1760 break;
1761 #endif
1762
1763 default:
1764 rc = NGX_MAIL_PARSE_INVALID_COMMAND;
1765 break;
1766 }
1767
1768 break;
1769
1770 case ngx_smtp_auth_login_username:
1771 arg = s->args.elts;
1772 s->mail_state = ngx_smtp_auth_login_password;
1773
1774 ngx_log_debug1(NGX_LOG_DEBUG_MAIL, c->log, 0,
1775 "smtp auth login username: \"%V\"", &arg[0]);
1776
1777 s->login.data = ngx_palloc(c->pool,
1778 ngx_base64_decoded_length(arg[0].len));
1779 if (s->login.data == NULL){
1780 ngx_mail_session_internal_server_error(s);
1781 return;
1782 }
1783
1784 if (ngx_decode_base64(&s->login, &arg[0]) != NGX_OK) {
1785 ngx_log_error(NGX_LOG_INFO, c->log, 0,
1786 "client sent invalid base64 encoding "
1787 "in AUTH LOGIN command");
1788 rc = NGX_MAIL_PARSE_INVALID_COMMAND;
1789 break;
1790 }
1791
1792 ngx_log_debug1(NGX_LOG_DEBUG_MAIL, c->log, 0,
1793 "smtp auth login username: \"%V\"", &s->login);
1794
1795 size = sizeof(smtp_password) - 1;
1796 text = smtp_password;
1797
1798 break;
1799
1800 case ngx_smtp_auth_login_password:
1801 arg = s->args.elts;
1802
1803 #if (NGX_DEBUG_MAIL_PASSWD)
1804 ngx_log_debug1(NGX_LOG_DEBUG_MAIL, c->log, 0,
1805 "smtp auth login password: \"%V\"", &arg[0]);
1806 #endif
1807
1808 s->passwd.data = ngx_palloc(c->pool,
1809 ngx_base64_decoded_length(arg[0].len));
1810 if (s->passwd.data == NULL){
1811 ngx_mail_session_internal_server_error(s);
1812 return;
1813 }
1814
1815 if (ngx_decode_base64(&s->passwd, &arg[0]) != NGX_OK) {
1816 ngx_log_error(NGX_LOG_INFO, c->log, 0,
1817 "client sent invalid base64 encoding "
1818 "in AUTH LOGIN command");
1819 rc = NGX_MAIL_PARSE_INVALID_COMMAND;
1820 break;
1821 }
1822
1823 #if (NGX_DEBUG_MAIL_PASSWD)
1824 ngx_log_debug1(NGX_LOG_DEBUG_MAIL, c->log, 0,
1825 "smtp auth login password: \"%V\"", &s->passwd);
1826 #endif
1827
1828 ngx_mail_do_auth(s);
1829 return;
1830
1831 case ngx_smtp_auth_plain:
1832 arg = s->args.elts;
1833
1834 rc = ngx_mail_decode_auth_plain(s, &arg[0]);
1835
1836 if (rc == NGX_OK) {
1837 ngx_mail_do_auth(s);
1838 return;
1839 }
1840
1841 if (rc == NGX_ERROR) {
1842 ngx_mail_session_internal_server_error(s);
1843 return;
1844 }
1845
1846 /* rc == NGX_MAIL_PARSE_INVALID_COMMAND */
1847
1848 break;
1849
1850 case ngx_smtp_auth_cram_md5:
1851 arg = s->args.elts;
1852
1853 ngx_log_debug1(NGX_LOG_DEBUG_MAIL, c->log, 0,
1854 "smtp auth cram-md5: \"%V\"", &arg[0]);
1855
1856 s->login.data = ngx_palloc(c->pool,
1857 ngx_base64_decoded_length(arg[0].len));
1858 if (s->login.data == NULL){
1859 ngx_mail_session_internal_server_error(s);
1860 return;
1861 }
1862
1863 if (ngx_decode_base64(&s->login, &arg[0]) != NGX_OK) {
1864 ngx_log_error(NGX_LOG_INFO, c->log, 0,
1865 "client sent invalid base64 encoding "
1866 "in AUTH CRAM-MD5 command");
1867 rc = NGX_MAIL_PARSE_INVALID_COMMAND;
1868 break;
1869 }
1870
1871 p = s->login.data;
1872 last = p + s->login.len;
1873
1874 while (p < last) {
1875 if (*p++ == ' ') {
1876 s->login.len = p - s->login.data - 1;
1877 s->passwd.len = last - p;
1878 s->passwd.data = p;
1879 break;
1880 }
1881 }
1882
1883 if (s->passwd.len != 32) {
1884 ngx_log_error(NGX_LOG_INFO, c->log, 0,
1885 "client sent invalid CRAM-MD5 hash "
1886 "in AUTH CRAM-MD5 command");
1887 rc = NGX_MAIL_PARSE_INVALID_COMMAND;
1888 break;
1889 }
1890
1891 ngx_log_debug2(NGX_LOG_DEBUG_MAIL, c->log, 0,
1892 "smtp auth cram-md5: \"%V\" \"%V\"",
1893 &s->login, &s->passwd);
1894
1895 s->auth_method = NGX_MAIL_AUTH_CRAM_MD5;
1896
1897 ngx_mail_do_auth(s);
1898 return;
1899 }
1900 }
1901
1902 if (rc == NGX_MAIL_PARSE_INVALID_COMMAND) {
1903 s->mail_state = ngx_smtp_start;
1904 s->state = 0;
1905 text = smtp_invalid_command;
1906 size = sizeof(smtp_invalid_command) - 1;
1907 }
1908
1909 s->args.nelts = 0;
1910 s->buffer->pos = s->buffer->start;
1911 s->buffer->last = s->buffer->start;
1912
1913 if (s->state) {
1914 s->arg_start = s->buffer->start;
1915 }
1916
1917 s->out.data = text;
1918 s->out.len = size;
1919
1920 ngx_mail_send(c->write);
1921 }
1922
1923
1924 static ngx_int_t
1925 ngx_mail_decode_auth_plain(ngx_mail_session_t *s, ngx_str_t *encoded)
1926 {
1927 u_char *p, *last;
1928 ngx_str_t plain;
1929
1930 #if (NGX_DEBUG_MAIL_PASSWD)
1931 ngx_log_debug1(NGX_LOG_DEBUG_MAIL, s->connection->log, 0,
1932 "mail auth plain: \"%V\"", encoded);
1933 #endif
1934
1935 plain.data = ngx_palloc(s->connection->pool,
1936 ngx_base64_decoded_length(encoded->len));
1937 if (plain.data == NULL){
1938 return NGX_ERROR;
1939 }
1940
1941 if (ngx_decode_base64(&plain, encoded) != NGX_OK) {
1942 ngx_log_error(NGX_LOG_INFO, s->connection->log, 0,
1943 "client sent invalid base64 encoding "
1944 "in AUTH PLAIN command");
1945 return NGX_MAIL_PARSE_INVALID_COMMAND;
1946 }
1947
1948 p = plain.data;
1949 last = p + plain.len;
1950
1951 while (p < last && *p++) { /* void */ }
1952
1953 if (p == last) {
1954 ngx_log_error(NGX_LOG_INFO, s->connection->log, 0,
1955 "client sent invalid login in AUTH PLAIN command");
1956 return NGX_MAIL_PARSE_INVALID_COMMAND;
1957 }
1958
1959 s->login.data = p;
1960
1961 while (p < last && *p) { p++; }
1962
1963 if (p == last) {
1964 ngx_log_error(NGX_LOG_INFO, s->connection->log, 0,
1965 "client sent invalid password in AUTH PLAIN command");
1966 return NGX_MAIL_PARSE_INVALID_COMMAND;
1967 }
1968
1969 s->login.len = p++ - s->login.data;
1970
1971 s->passwd.len = last - p;
1972 s->passwd.data = p;
1973
1974 #if (NGX_DEBUG_MAIL_PASSWD)
1975 ngx_log_debug2(NGX_LOG_DEBUG_MAIL, s->connection->log, 0,
1976 "mail auth plain: \"%V\" \"%V\"",
1977 &s->login, &s->passwd);
1978 #endif
1979
1980 return NGX_OK;
1981 }
1982
1983
1984 static void
1985 ngx_mail_do_auth(ngx_mail_session_t *s)
1986 { 583 {
1987 s->args.nelts = 0; 584 s->args.nelts = 0;
1988 s->buffer->pos = s->buffer->start; 585 s->buffer->pos = s->buffer->start;
1989 s->buffer->last = s->buffer->start; 586 s->buffer->last = s->buffer->start;
1990 s->state = 0; 587 s->state = 0;
1997 594
1998 ngx_mail_auth_http_init(s); 595 ngx_mail_auth_http_init(s);
1999 } 596 }
2000 597
2001 598
2002 static ngx_int_t
2003 ngx_mail_read_command(ngx_mail_session_t *s)
2004 {
2005 ssize_t n;
2006 ngx_int_t rc;
2007 ngx_str_t l;
2008
2009 n = s->connection->recv(s->connection, s->buffer->last,
2010 s->buffer->end - s->buffer->last);
2011
2012 if (n == NGX_ERROR || n == 0) {
2013 ngx_mail_close_connection(s->connection);
2014 return NGX_ERROR;
2015 }
2016
2017 if (n > 0) {
2018 s->buffer->last += n;
2019 }
2020
2021 if (n == NGX_AGAIN) {
2022 if (ngx_handle_read_event(s->connection->read, 0) == NGX_ERROR) {
2023 ngx_mail_session_internal_server_error(s);
2024 return NGX_ERROR;
2025 }
2026
2027 return NGX_AGAIN;
2028 }
2029
2030 switch (s->protocol) {
2031 case NGX_MAIL_POP3_PROTOCOL:
2032 rc = ngx_pop3_parse_command(s);
2033 break;
2034
2035 case NGX_MAIL_IMAP_PROTOCOL:
2036 rc = ngx_imap_parse_command(s);
2037 break;
2038
2039 default: /* NGX_MAIL_SMTP_PROTOCOL */
2040 rc = ngx_smtp_parse_command(s);
2041 break;
2042 }
2043
2044 if (rc == NGX_AGAIN) {
2045
2046 if (s->buffer->last < s->buffer->end) {
2047 return rc;
2048 }
2049
2050 l.len = s->buffer->last - s->buffer->start;
2051 l.data = s->buffer->start;
2052
2053 ngx_log_error(NGX_LOG_INFO, s->connection->log, 0,
2054 "client sent too long command \"%V\"", &l);
2055
2056 s->quit = 1;
2057
2058 return NGX_MAIL_PARSE_INVALID_COMMAND;
2059 }
2060
2061 if (rc == NGX_IMAP_NEXT || rc == NGX_MAIL_PARSE_INVALID_COMMAND) {
2062 return rc;
2063 }
2064
2065 if (rc == NGX_ERROR) {
2066 ngx_mail_close_connection(s->connection);
2067 return NGX_ERROR;
2068 }
2069
2070 return NGX_OK;
2071 }
2072
2073
2074 void 599 void
2075 ngx_mail_session_internal_server_error(ngx_mail_session_t *s) 600 ngx_mail_session_internal_server_error(ngx_mail_session_t *s)
2076 { 601 {
2077 s->out = internal_server_errors[s->protocol]; 602 s->out = internal_server_errors[s->protocol];
2078 s->quit = 1; 603 s->quit = 1;
2112 637
2113 ngx_destroy_pool(pool); 638 ngx_destroy_pool(pool);
2114 } 639 }
2115 640
2116 641
2117 static u_char * 642 u_char *
2118 ngx_mail_log_error(ngx_log_t *log, u_char *buf, size_t len) 643 ngx_mail_log_error(ngx_log_t *log, u_char *buf, size_t len)
2119 { 644 {
2120 u_char *p; 645 u_char *p;
2121 ngx_mail_session_t *s; 646 ngx_mail_session_t *s;
2122 ngx_mail_log_ctx_t *ctx; 647 ngx_mail_log_ctx_t *ctx;