Mercurial > hg > nginx
diff src/mail/ngx_mail_handler.c @ 1476:67578e966dcc
split pop3, imap, and smtp handlers
| author | Igor Sysoev <igor@sysoev.ru> |
|---|---|
| date | Thu, 13 Sep 2007 20:13:18 +0000 |
| parents | 32450a2bbdf4 |
| children | 59e1caf2be94 |
line wrap: on
line diff
--- a/src/mail/ngx_mail_handler.c +++ b/src/mail/ngx_mail_handler.c @@ -11,12 +11,6 @@ static void ngx_mail_init_session(ngx_connection_t *c); -static void ngx_mail_init_protocol(ngx_event_t *rev); -static ngx_int_t ngx_mail_decode_auth_plain(ngx_mail_session_t *s, - ngx_str_t *encoded); -static void ngx_mail_do_auth(ngx_mail_session_t *s); -static ngx_int_t ngx_mail_read_command(ngx_mail_session_t *s); -static u_char *ngx_mail_log_error(ngx_log_t *log, u_char *buf, size_t len); #if (NGX_MAIL_SSL) static void ngx_mail_ssl_init_connection(ngx_ssl_t *ssl, ngx_connection_t *c); @@ -24,39 +18,33 @@ static void ngx_mail_ssl_handshake_handl #endif -static ngx_str_t greetings[] = { - ngx_string("+OK POP3 ready" CRLF), - ngx_string("* OK IMAP4 ready" CRLF) - /* SMTP greeting */ +static ngx_mail_init_session_pt ngx_mail_init_sessions[] = { + ngx_mail_pop3_init_session, + ngx_mail_imap_init_session, + ngx_mail_smtp_init_session }; + +static ngx_mail_init_protocol_pt ngx_mail_init_protocols[] = { + ngx_mail_pop3_init_protocol, + ngx_mail_imap_init_protocol, + ngx_mail_smtp_init_protocol +}; + + +static ngx_mail_parse_pt ngx_mail_parse[] = { + ngx_pop3_parse_command, + ngx_imap_parse_command, + ngx_smtp_parse_command +}; + + static ngx_str_t internal_server_errors[] = { ngx_string("-ERR internal server error" CRLF), ngx_string("* BAD internal server error" CRLF), ngx_string("451 4.3.2 Internal server error" CRLF), }; -static u_char pop3_ok[] = "+OK" CRLF; -static u_char pop3_next[] = "+ " CRLF; -static u_char pop3_username[] = "+ VXNlcm5hbWU6" CRLF; -static u_char pop3_password[] = "+ UGFzc3dvcmQ6" CRLF; -static u_char pop3_invalid_command[] = "-ERR invalid command" CRLF; - -static u_char imap_star[] = "* "; -static u_char imap_ok[] = "OK completed" CRLF; -static u_char imap_next[] = "+ OK" CRLF; -static u_char imap_bye[] = "* BYE" CRLF; -static u_char imap_invalid_command[] = "BAD invalid command" CRLF; - -static u_char smtp_ok[] = "250 2.0.0 OK" CRLF; -static u_char smtp_bye[] = "221 2.0.0 Bye" CRLF; -static u_char smtp_next[] = "334 " CRLF; -static u_char smtp_username[] = "334 VXNlcm5hbWU6" CRLF; -static u_char smtp_password[] = "334 UGFzc3dvcmQ6" CRLF; -static u_char smtp_invalid_command[] = "500 5.5.1 Invalid command" CRLF; -static u_char smtp_invalid_argument[] = "501 5.5.4 Invalid argument" CRLF; -static u_char smtp_auth_required[] = "530 5.7.1 Authentication required" CRLF; - void ngx_mail_init_connection(ngx_connection_t *c) @@ -172,7 +160,7 @@ ngx_mail_init_connection(ngx_connection_ #if (NGX_MAIL_SSL) -static void +void ngx_mail_starttls_handler(ngx_event_t *rev) { ngx_connection_t *c; @@ -229,10 +217,10 @@ ngx_mail_ssl_handshake_handler(ngx_conne s = c->data; if (s->starttls) { - c->read->handler = ngx_mail_init_protocol; + c->read->handler = ngx_mail_init_protocols[s->protocol]; c->write->handler = ngx_mail_send; - ngx_mail_init_protocol(c->read); + ngx_mail_init_protocols[s->protocol](c->read); return; } @@ -250,13 +238,9 @@ ngx_mail_ssl_handshake_handler(ngx_conne static void ngx_mail_init_session(ngx_connection_t *c) { - u_char *p; ngx_mail_session_t *s; ngx_mail_core_srv_conf_t *cscf; - c->read->handler = ngx_mail_init_protocol; - c->write->handler = ngx_mail_send; - s = c->data; cscf = ngx_mail_get_module_srv_conf(s, ngx_mail_core_module); @@ -269,60 +253,203 @@ ngx_mail_init_session(ngx_connection_t * return; } - if (s->protocol == NGX_MAIL_SMTP_PROTOCOL) { - s->out = cscf->smtp_greeting; - - } else { - s->out = greetings[s->protocol]; - } - - if ((s->protocol == NGX_MAIL_POP3_PROTOCOL - && (cscf->pop3_auth_methods - & (NGX_MAIL_AUTH_APOP_ENABLED|NGX_MAIL_AUTH_CRAM_MD5_ENABLED))) - - || (s->protocol == NGX_MAIL_IMAP_PROTOCOL - && (cscf->imap_auth_methods & NGX_MAIL_AUTH_CRAM_MD5_ENABLED)) - - || (s->protocol == NGX_MAIL_SMTP_PROTOCOL - && (cscf->smtp_auth_methods & NGX_MAIL_AUTH_CRAM_MD5_ENABLED))) - { - s->salt.data = ngx_palloc(c->pool, - sizeof(" <18446744073709551616.@>" CRLF) - 1 - + NGX_TIME_T_LEN - + cscf->server_name.len); - if (s->salt.data == NULL) { - ngx_mail_session_internal_server_error(s); - return; - } - - s->salt.len = ngx_sprintf(s->salt.data, "<%ul.%T@%V>" CRLF, - ngx_random(), ngx_time(), &cscf->server_name) - - s->salt.data; - - if (s->protocol == NGX_MAIL_POP3_PROTOCOL) { - s->out.data = ngx_palloc(c->pool, - greetings[0].len + 1 + s->salt.len); - if (s->out.data == NULL) { - ngx_mail_session_internal_server_error(s); - return; - } - - p = ngx_cpymem(s->out.data, - greetings[0].data, greetings[0].len - 2); - *p++ = ' '; - p = ngx_cpymem(p, s->salt.data, s->salt.len); - - s->out.len = p - s->out.data; - } - } - ngx_add_timer(c->read, cscf->timeout); if (ngx_handle_read_event(c->read, 0) == NGX_ERROR) { ngx_mail_close_connection(c); } - ngx_mail_send(c->write); + c->write->handler = ngx_mail_send; + + ngx_mail_init_sessions[s->protocol](s, c); +} + + +ngx_int_t +ngx_mail_salt(ngx_mail_session_t *s, ngx_connection_t *c, + ngx_mail_core_srv_conf_t *cscf) +{ + s->salt.data = ngx_palloc(c->pool, + sizeof(" <18446744073709551616.@>" CRLF) - 1 + + NGX_TIME_T_LEN + + cscf->server_name.len); + if (s->salt.data == NULL) { + return NGX_ERROR; + } + + s->salt.len = ngx_sprintf(s->salt.data, "<%ul.%T@%V>" CRLF, + ngx_random(), ngx_time(), &cscf->server_name) + - s->salt.data; + + return NGX_OK; +} + + +ngx_int_t +ngx_mail_auth_plain(ngx_mail_session_t *s, ngx_connection_t *c, ngx_uint_t n) +{ + u_char *p, *last; + ngx_str_t *arg, plain; + + arg = s->args.elts; + +#if (NGX_DEBUG_MAIL_PASSWD) + ngx_log_debug1(NGX_LOG_DEBUG_MAIL, c->log, 0, + "mail auth plain: \"%V\"", &arg[n]); +#endif + + plain.data = ngx_palloc(c->pool, ngx_base64_decoded_length(arg[n].len)); + if (plain.data == NULL){ + return NGX_ERROR; + } + + if (ngx_decode_base64(&plain, &arg[0]) != NGX_OK) { + ngx_log_error(NGX_LOG_INFO, c->log, 0, + "client sent invalid base64 encoding in AUTH PLAIN command"); + return NGX_MAIL_PARSE_INVALID_COMMAND; + } + + p = plain.data; + last = p + plain.len; + + while (p < last && *p++) { /* void */ } + + if (p == last) { + ngx_log_error(NGX_LOG_INFO, c->log, 0, + "client sent invalid login in AUTH PLAIN command"); + return NGX_MAIL_PARSE_INVALID_COMMAND; + } + + s->login.data = p; + + while (p < last && *p) { p++; } + + if (p == last) { + ngx_log_error(NGX_LOG_INFO, c->log, 0, + "client sent invalid password in AUTH PLAIN command"); + return NGX_MAIL_PARSE_INVALID_COMMAND; + } + + s->login.len = p++ - s->login.data; + + s->passwd.len = last - p; + s->passwd.data = p; + +#if (NGX_DEBUG_MAIL_PASSWD) + ngx_log_debug2(NGX_LOG_DEBUG_MAIL, c->log, 0, + "mail auth plain: \"%V\" \"%V\"", &s->login, &s->passwd); +#endif + + return NGX_DONE; +} + + +ngx_int_t +ngx_mail_auth_login_username(ngx_mail_session_t *s, ngx_connection_t *c) +{ + ngx_str_t *arg; + + arg = s->args.elts; + + ngx_log_debug1(NGX_LOG_DEBUG_MAIL, c->log, 0, + "mail auth login username: \"%V\"", &arg[0]); + + s->login.data = ngx_palloc(c->pool, ngx_base64_decoded_length(arg[0].len)); + if (s->login.data == NULL){ + return NGX_ERROR; + } + + if (ngx_decode_base64(&s->login, &arg[0]) != NGX_OK) { + ngx_log_error(NGX_LOG_INFO, c->log, 0, + "client sent invalid base64 encoding in AUTH LOGIN command"); + return NGX_MAIL_PARSE_INVALID_COMMAND; + } + + ngx_log_debug1(NGX_LOG_DEBUG_MAIL, c->log, 0, + "mail auth login username: \"%V\"", &s->login); + + return NGX_OK; +} + + +ngx_int_t +ngx_mail_auth_login_password(ngx_mail_session_t *s, ngx_connection_t *c) +{ + ngx_str_t *arg; + + arg = s->args.elts; + +#if (NGX_DEBUG_MAIL_PASSWD) + ngx_log_debug1(NGX_LOG_DEBUG_MAIL, c->log, 0, + "mail auth login password: \"%V\"", &arg[0]); +#endif + + s->passwd.data = ngx_palloc(c->pool, ngx_base64_decoded_length(arg[0].len)); + if (s->passwd.data == NULL){ + return NGX_ERROR; + } + + if (ngx_decode_base64(&s->passwd, &arg[0]) != NGX_OK) { + ngx_log_error(NGX_LOG_INFO, c->log, 0, + "client sent invalid base64 encoding in AUTH LOGIN command"); + return NGX_MAIL_PARSE_INVALID_COMMAND; + } + +#if (NGX_DEBUG_MAIL_PASSWD) + ngx_log_debug1(NGX_LOG_DEBUG_MAIL, c->log, 0, + "mail auth login password: \"%V\"", &s->passwd); +#endif + + return NGX_DONE; +} + + +ngx_int_t +ngx_mail_auth_cram_md5(ngx_mail_session_t *s, ngx_connection_t *c) +{ + u_char *p, *last; + ngx_str_t *arg; + + arg = s->args.elts; + + ngx_log_debug1(NGX_LOG_DEBUG_MAIL, c->log, 0, + "mail auth cram-md5: \"%V\"", &arg[0]); + + s->login.data = ngx_palloc(c->pool, ngx_base64_decoded_length(arg[0].len)); + if (s->login.data == NULL){ + return NGX_ERROR; + } + + if (ngx_decode_base64(&s->login, &arg[0]) != NGX_OK) { + ngx_log_error(NGX_LOG_INFO, c->log, 0, + "client sent invalid base64 encoding in AUTH CRAM-MD5 command"); + return NGX_MAIL_PARSE_INVALID_COMMAND; + } + + p = s->login.data; + last = p + s->login.len; + + while (p < last) { + if (*p++ == ' ') { + s->login.len = p - s->login.data - 1; + s->passwd.len = last - p; + s->passwd.data = p; + break; + } + } + + if (s->passwd.len != 32) { + ngx_log_error(NGX_LOG_INFO, c->log, 0, + "client sent invalid CRAM-MD5 hash in AUTH CRAM-MD5 command"); + return NGX_MAIL_PARSE_INVALID_COMMAND; + } + + ngx_log_debug2(NGX_LOG_DEBUG_MAIL, c->log, 0, + "mail auth cram-md5: \"%V\" \"%V\"", &s->login, &s->passwd); + + s->auth_method = NGX_MAIL_AUTH_CRAM_MD5; + + return NGX_DONE; } @@ -391,1615 +518,7 @@ ngx_mail_send(ngx_event_t *wev) } -static void -ngx_mail_init_protocol(ngx_event_t *rev) -{ - size_t size; - ngx_connection_t *c; - ngx_mail_session_t *s; - ngx_mail_core_srv_conf_t *cscf; - - c = rev->data; - - c->log->action = "in auth state"; - - if (rev->timedout) { - ngx_log_error(NGX_LOG_INFO, c->log, NGX_ETIMEDOUT, "client timed out"); - c->timedout = 1; - ngx_mail_close_connection(c); - return; - } - - s = c->data; - - switch (s->protocol) { - - case NGX_MAIL_POP3_PROTOCOL: - size = 128; - s->mail_state = ngx_pop3_start; - c->read->handler = ngx_pop3_auth_state; - break; - - case NGX_MAIL_IMAP_PROTOCOL: - cscf = ngx_mail_get_module_srv_conf(s, ngx_mail_core_module); - size = cscf->imap_client_buffer_size; - s->mail_state = ngx_imap_start; - c->read->handler = ngx_imap_auth_state; - break; - - default: /* NGX_MAIL_SMTP_PROTOCOL */ - size = 512; - s->mail_state = ngx_smtp_start; - c->read->handler = ngx_smtp_auth_state; - break; - } - - if (s->buffer == NULL) { - if (ngx_array_init(&s->args, c->pool, 2, sizeof(ngx_str_t)) - == NGX_ERROR) - { - ngx_mail_session_internal_server_error(s); - return; - } - - s->buffer = ngx_create_temp_buf(c->pool, size); - if (s->buffer == NULL) { - ngx_mail_session_internal_server_error(s); - return; - } - } - - c->read->handler(rev); -} - - -void -ngx_pop3_auth_state(ngx_event_t *rev) -{ - u_char *p, *last, *text; - ssize_t size; - ngx_int_t rc; - ngx_str_t *arg, salt; - ngx_connection_t *c; - ngx_mail_session_t *s; - ngx_mail_core_srv_conf_t *cscf; -#if (NGX_MAIL_SSL) - ngx_mail_ssl_conf_t *sslcf; -#endif - - c = rev->data; - s = c->data; - - ngx_log_debug0(NGX_LOG_DEBUG_MAIL, c->log, 0, "pop3 auth state"); - - if (rev->timedout) { - ngx_log_error(NGX_LOG_INFO, c->log, NGX_ETIMEDOUT, "client timed out"); - c->timedout = 1; - ngx_mail_close_connection(c); - return; - } - - if (s->out.len) { - ngx_log_debug0(NGX_LOG_DEBUG_MAIL, c->log, 0, "pop3 send handler busy"); - s->blocked = 1; - return; - } - - s->blocked = 0; - - rc = ngx_mail_read_command(s); - - if (rc == NGX_AGAIN || rc == NGX_ERROR) { - return; - } - - text = pop3_ok; - size = sizeof(pop3_ok) - 1; - - if (rc == NGX_OK) { - switch (s->mail_state) { - - case ngx_pop3_start: - - switch (s->command) { - - case NGX_POP3_USER: - -#if (NGX_MAIL_SSL) - - if (c->ssl == NULL) { - sslcf = ngx_mail_get_module_srv_conf(s, - ngx_mail_ssl_module); - - if (sslcf->starttls == NGX_MAIL_STARTTLS_ONLY) { - rc = NGX_MAIL_PARSE_INVALID_COMMAND; - break; - } - } -#endif - - if (s->args.nelts == 1) { - s->mail_state = ngx_pop3_user; - - arg = s->args.elts; - s->login.len = arg[0].len; - s->login.data = ngx_palloc(c->pool, s->login.len); - if (s->login.data == NULL) { - ngx_mail_session_internal_server_error(s); - return; - } - - ngx_memcpy(s->login.data, arg[0].data, s->login.len); - - ngx_log_debug1(NGX_LOG_DEBUG_MAIL, c->log, 0, - "pop3 login: \"%V\"", &s->login); - - break; - } - - rc = NGX_MAIL_PARSE_INVALID_COMMAND; - break; - - case NGX_POP3_CAPA: - cscf = ngx_mail_get_module_srv_conf(s, ngx_mail_core_module); - -#if (NGX_MAIL_SSL) - - if (c->ssl == NULL) { - sslcf = ngx_mail_get_module_srv_conf(s, - ngx_mail_ssl_module); - - if (sslcf->starttls == NGX_MAIL_STARTTLS_ON) { - size = cscf->pop3_starttls_capability.len; - text = cscf->pop3_starttls_capability.data; - break; - } - - if (sslcf->starttls == NGX_MAIL_STARTTLS_ONLY) { - size = cscf->pop3_starttls_only_capability.len; - text = cscf->pop3_starttls_only_capability.data; - break; - } - } -#endif - - size = cscf->pop3_capability.len; - text = cscf->pop3_capability.data; - break; - - case NGX_POP3_APOP: - -#if (NGX_MAIL_SSL) - - if (c->ssl == NULL) { - sslcf = ngx_mail_get_module_srv_conf(s, - ngx_mail_ssl_module); - - if (sslcf->starttls == NGX_MAIL_STARTTLS_ONLY) { - rc = NGX_MAIL_PARSE_INVALID_COMMAND; - break; - } - } -#endif - - cscf = ngx_mail_get_module_srv_conf(s, ngx_mail_core_module); - - if ((cscf->pop3_auth_methods & NGX_MAIL_AUTH_APOP_ENABLED) - && s->args.nelts == 2) - { - arg = s->args.elts; - - s->login.len = arg[0].len; - s->login.data = ngx_palloc(c->pool, s->login.len); - if (s->login.data == NULL) { - ngx_mail_session_internal_server_error(s); - return; - } - - ngx_memcpy(s->login.data, arg[0].data, s->login.len); - - s->passwd.len = arg[1].len; - s->passwd.data = ngx_palloc(c->pool, s->passwd.len); - if (s->passwd.data == NULL) { - ngx_mail_session_internal_server_error(s); - return; - } - - ngx_memcpy(s->passwd.data, arg[1].data, s->passwd.len); - - ngx_log_debug2(NGX_LOG_DEBUG_MAIL, c->log, 0, - "pop3 apop: \"%V\" \"%V\"", - &s->login, &s->passwd); - - s->auth_method = NGX_MAIL_AUTH_APOP; - - ngx_mail_do_auth(s); - return; - } - - rc = NGX_MAIL_PARSE_INVALID_COMMAND; - break; - - case NGX_POP3_AUTH: - -#if (NGX_MAIL_SSL) - - if (c->ssl == NULL) { - sslcf = ngx_mail_get_module_srv_conf(s, - ngx_mail_ssl_module); - - if (sslcf->starttls == NGX_MAIL_STARTTLS_ONLY) { - rc = NGX_MAIL_PARSE_INVALID_COMMAND; - break; - } - } -#endif - - cscf = ngx_mail_get_module_srv_conf(s, ngx_mail_core_module); - - if (s->args.nelts == 0) { - size = cscf->pop3_auth_capability.len; - text = cscf->pop3_auth_capability.data; - s->state = 0; - break; - } - - arg = s->args.elts; - - if (arg[0].len == 5) { - - if (ngx_strncasecmp(arg[0].data, (u_char *) "LOGIN", 5) - == 0) - { - - if (s->args.nelts != 1) { - rc = NGX_MAIL_PARSE_INVALID_COMMAND; - break; - } - - s->mail_state = ngx_pop3_auth_login_username; - - size = sizeof(pop3_username) - 1; - text = pop3_username; - - break; - - } else if (ngx_strncasecmp(arg[0].data, (u_char *) "PLAIN", - 5) - == 0) - { - - if (s->args.nelts == 1) { - s->mail_state = ngx_pop3_auth_plain; - - size = sizeof(pop3_next) - 1; - text = pop3_next; - - break; - } - - if (s->args.nelts == 2) { - - /* - * workaround for Eudora for Mac: it sends - * AUTH PLAIN [base64 encoded] - */ - - rc = ngx_mail_decode_auth_plain(s, &arg[1]); - - if (rc == NGX_OK) { - ngx_mail_do_auth(s); - return; - } - - if (rc == NGX_ERROR) { - ngx_mail_session_internal_server_error(s); - return; - } - - /* rc == NGX_MAIL_PARSE_INVALID_COMMAND */ - - break; - } - - rc = NGX_MAIL_PARSE_INVALID_COMMAND; - break; - } - - } else if (arg[0].len == 8 - && ngx_strncasecmp(arg[0].data, - (u_char *) "CRAM-MD5", 8) - == 0) - { - if (!(cscf->pop3_auth_methods - & NGX_MAIL_AUTH_CRAM_MD5_ENABLED) - || s->args.nelts != 1) - { - rc = NGX_MAIL_PARSE_INVALID_COMMAND; - break; - } - - s->mail_state = ngx_pop3_auth_cram_md5; - - text = ngx_palloc(c->pool, - sizeof("+ " CRLF) - 1 - + ngx_base64_encoded_length(s->salt.len)); - if (text == NULL) { - ngx_mail_session_internal_server_error(s); - return; - } - - text[0] = '+'; text[1]= ' '; - salt.data = &text[2]; - s->salt.len -= 2; - - ngx_encode_base64(&salt, &s->salt); - - s->salt.len += 2; - size = 2 + salt.len; - text[size++] = CR; text[size++] = LF; - - break; - } - - rc = NGX_MAIL_PARSE_INVALID_COMMAND; - break; - - case NGX_POP3_QUIT: - s->quit = 1; - break; - - case NGX_POP3_NOOP: - break; - -#if (NGX_MAIL_SSL) - - case NGX_POP3_STLS: - if (c->ssl == NULL) { - sslcf = ngx_mail_get_module_srv_conf(s, - ngx_mail_ssl_module); - if (sslcf->starttls) { - c->read->handler = ngx_mail_starttls_handler; - break; - } - } - - rc = NGX_MAIL_PARSE_INVALID_COMMAND; - break; -#endif - - default: - s->mail_state = ngx_pop3_start; - rc = NGX_MAIL_PARSE_INVALID_COMMAND; - break; - } - - break; - - case ngx_pop3_user: - - switch (s->command) { - - case NGX_POP3_PASS: - if (s->args.nelts == 1) { - arg = s->args.elts; - s->passwd.len = arg[0].len; - s->passwd.data = ngx_palloc(c->pool, s->passwd.len); - if (s->passwd.data == NULL) { - ngx_mail_session_internal_server_error(s); - return; - } - - ngx_memcpy(s->passwd.data, arg[0].data, s->passwd.len); - -#if (NGX_DEBUG_MAIL_PASSWD) - ngx_log_debug1(NGX_LOG_DEBUG_MAIL, c->log, 0, - "pop3 passwd: \"%V\"", &s->passwd); -#endif - - ngx_mail_do_auth(s); - return; - } - - rc = NGX_MAIL_PARSE_INVALID_COMMAND; - break; - - case NGX_POP3_CAPA: - cscf = ngx_mail_get_module_srv_conf(s, ngx_mail_core_module); - size = cscf->pop3_capability.len; - text = cscf->pop3_capability.data; - break; - - case NGX_POP3_QUIT: - s->quit = 1; - break; - - case NGX_POP3_NOOP: - break; - - default: - s->mail_state = ngx_pop3_start; - rc = NGX_MAIL_PARSE_INVALID_COMMAND; - break; - } - - break; - - /* suppress warinings */ - case ngx_pop3_passwd: - break; - - case ngx_pop3_auth_login_username: - arg = s->args.elts; - s->mail_state = ngx_pop3_auth_login_password; - - ngx_log_debug1(NGX_LOG_DEBUG_MAIL, c->log, 0, - "pop3 auth login username: \"%V\"", &arg[0]); - - s->login.data = ngx_palloc(c->pool, - ngx_base64_decoded_length(arg[0].len)); - if (s->login.data == NULL){ - ngx_mail_session_internal_server_error(s); - return; - } - - if (ngx_decode_base64(&s->login, &arg[0]) != NGX_OK) { - ngx_log_error(NGX_LOG_INFO, c->log, 0, - "client sent invalid base64 encoding " - "in AUTH LOGIN command"); - rc = NGX_MAIL_PARSE_INVALID_COMMAND; - break; - } - - ngx_log_debug1(NGX_LOG_DEBUG_MAIL, c->log, 0, - "pop3 auth login username: \"%V\"", &s->login); - - size = sizeof(pop3_password) - 1; - text = pop3_password; - - break; - - case ngx_pop3_auth_login_password: - arg = s->args.elts; - -#if (NGX_DEBUG_MAIL_PASSWD) - ngx_log_debug1(NGX_LOG_DEBUG_MAIL, c->log, 0, - "pop3 auth login password: \"%V\"", &arg[0]); -#endif - - s->passwd.data = ngx_palloc(c->pool, - ngx_base64_decoded_length(arg[0].len)); - if (s->passwd.data == NULL){ - ngx_mail_session_internal_server_error(s); - return; - } - - if (ngx_decode_base64(&s->passwd, &arg[0]) != NGX_OK) { - ngx_log_error(NGX_LOG_INFO, c->log, 0, - "client sent invalid base64 encoding " - "in AUTH LOGIN command"); - rc = NGX_MAIL_PARSE_INVALID_COMMAND; - break; - } - -#if (NGX_DEBUG_MAIL_PASSWD) - ngx_log_debug1(NGX_LOG_DEBUG_MAIL, c->log, 0, - "pop3 auth login password: \"%V\"", &s->passwd); -#endif - - ngx_mail_do_auth(s); - return; - - case ngx_pop3_auth_plain: - arg = s->args.elts; - - rc = ngx_mail_decode_auth_plain(s, &arg[0]); - - if (rc == NGX_OK) { - ngx_mail_do_auth(s); - return; - } - - if (rc == NGX_ERROR) { - ngx_mail_session_internal_server_error(s); - return; - } - - /* rc == NGX_MAIL_PARSE_INVALID_COMMAND */ - - break; - - case ngx_pop3_auth_cram_md5: - arg = s->args.elts; - - ngx_log_debug1(NGX_LOG_DEBUG_MAIL, c->log, 0, - "pop3 auth cram-md5: \"%V\"", &arg[0]); - - s->login.data = ngx_palloc(c->pool, - ngx_base64_decoded_length(arg[0].len)); - if (s->login.data == NULL){ - ngx_mail_session_internal_server_error(s); - return; - } - - if (ngx_decode_base64(&s->login, &arg[0]) != NGX_OK) { - ngx_log_error(NGX_LOG_INFO, c->log, 0, - "client sent invalid base64 encoding " - "in AUTH CRAM-MD5 command"); - rc = NGX_MAIL_PARSE_INVALID_COMMAND; - break; - } - - p = s->login.data; - last = p + s->login.len; - - while (p < last) { - if (*p++ == ' ') { - s->login.len = p - s->login.data - 1; - s->passwd.len = last - p; - s->passwd.data = p; - break; - } - } - - if (s->passwd.len != 32) { - ngx_log_error(NGX_LOG_INFO, c->log, 0, - "client sent invalid CRAM-MD5 hash " - "in AUTH CRAM-MD5 command"); - rc = NGX_MAIL_PARSE_INVALID_COMMAND; - break; - } - - ngx_log_debug2(NGX_LOG_DEBUG_MAIL, c->log, 0, - "pop3 auth cram-md5: \"%V\" \"%V\"", - &s->login, &s->passwd); - - s->auth_method = NGX_MAIL_AUTH_CRAM_MD5; - - ngx_mail_do_auth(s); - return; - } - } - - if (rc == NGX_MAIL_PARSE_INVALID_COMMAND) { - s->mail_state = ngx_pop3_start; - s->state = 0; - text = pop3_invalid_command; - size = sizeof(pop3_invalid_command) - 1; - } - - s->args.nelts = 0; - s->buffer->pos = s->buffer->start; - s->buffer->last = s->buffer->start; - - if (s->state) { - s->arg_start = s->buffer->start; - } - - s->out.data = text; - s->out.len = size; - - ngx_mail_send(c->write); -} - - -void -ngx_imap_auth_state(ngx_event_t *rev) -{ - u_char *p, *last, *text, *dst, *src, *end; - ssize_t text_len, last_len; - ngx_str_t *arg, salt; - ngx_int_t rc; - ngx_uint_t tag, i; - ngx_connection_t *c; - ngx_mail_session_t *s; - ngx_mail_core_srv_conf_t *cscf; -#if (NGX_MAIL_SSL) - ngx_mail_ssl_conf_t *sslcf; -#endif - - c = rev->data; - s = c->data; - - ngx_log_debug0(NGX_LOG_DEBUG_MAIL, c->log, 0, "imap auth state"); - - if (rev->timedout) { - ngx_log_error(NGX_LOG_INFO, c->log, NGX_ETIMEDOUT, "client timed out"); - c->timedout = 1; - ngx_mail_close_connection(c); - return; - } - - if (s->out.len) { - ngx_log_debug0(NGX_LOG_DEBUG_MAIL, c->log, 0, "imap send handler busy"); - s->blocked = 1; - return; - } - - s->blocked = 0; - - rc = ngx_mail_read_command(s); - - if (rc == NGX_AGAIN || rc == NGX_ERROR) { - return; - } - - tag = 1; - - text = NULL; - text_len = 0; - - last = imap_ok; - last_len = sizeof(imap_ok) - 1; - - if (rc == NGX_OK) { - - ngx_log_debug1(NGX_LOG_DEBUG_MAIL, c->log, 0, "imap auth command: %i", - s->command); - - if (s->backslash) { - - arg = s->args.elts; - - for (i = 0; i < s->args.nelts; i++) { - dst = arg[i].data; - end = dst + arg[i].len; - - for (src = dst; src < end; dst++) { - *dst = *src; - if (*src++ == '\\') { - *dst = *src++; - } - } - - arg[i].len = dst - arg[i].data; - } - - s->backslash = 0; - } - - switch (s->mail_state) { - - case ngx_imap_start: - - switch (s->command) { - - case NGX_IMAP_LOGIN: - -#if (NGX_MAIL_SSL) - - if (c->ssl == NULL) { - sslcf = ngx_mail_get_module_srv_conf(s, ngx_mail_ssl_module); - - if (sslcf->starttls == NGX_MAIL_STARTTLS_ONLY) { - rc = NGX_MAIL_PARSE_INVALID_COMMAND; - break; - } - } -#endif - - arg = s->args.elts; - - if (s->args.nelts == 2 && arg[0].len) { - - s->login.len = arg[0].len; - s->login.data = ngx_palloc(c->pool, s->login.len); - if (s->login.data == NULL) { - ngx_mail_session_internal_server_error(s); - return; - } - - ngx_memcpy(s->login.data, arg[0].data, s->login.len); - - s->passwd.len = arg[1].len; - s->passwd.data = ngx_palloc(c->pool, s->passwd.len); - if (s->passwd.data == NULL) { - ngx_mail_session_internal_server_error(s); - return; - } - - ngx_memcpy(s->passwd.data, arg[1].data, s->passwd.len); - -#if (NGX_DEBUG_MAIL_PASSWD) - ngx_log_debug2(NGX_LOG_DEBUG_MAIL, c->log, 0, - "imap login:\"%V\" passwd:\"%V\"", - &s->login, &s->passwd); -#else - ngx_log_debug1(NGX_LOG_DEBUG_MAIL, c->log, 0, - "imap login:\"%V\"", &s->login); -#endif - - ngx_mail_do_auth(s); - return; - } - - rc = NGX_MAIL_PARSE_INVALID_COMMAND; - break; - - case NGX_IMAP_AUTHENTICATE: - -#if (NGX_MAIL_SSL) - - if (c->ssl == NULL) { - sslcf = ngx_mail_get_module_srv_conf(s, ngx_mail_ssl_module); - - if (sslcf->starttls == NGX_MAIL_STARTTLS_ONLY) { - rc = NGX_MAIL_PARSE_INVALID_COMMAND; - break; - } - } -#endif - - if (s->args.nelts != 1) { - rc = NGX_MAIL_PARSE_INVALID_COMMAND; - break; - } - - arg = s->args.elts; - - if (arg[0].len == 5) { - - if (ngx_strncasecmp(arg[0].data, (u_char *) "LOGIN", 5) - == 0) - { - - s->mail_state = ngx_imap_auth_login_username; - - last_len = sizeof(pop3_username) - 1; - last = pop3_username; - tag = 0; - - break; - - } else if (ngx_strncasecmp(arg[0].data, (u_char *) "PLAIN", - 5) - == 0) - { - - s->mail_state = ngx_imap_auth_plain; - - last_len = sizeof(pop3_next) - 1; - last = pop3_next; - tag = 0; - - break; - } - - } else if (arg[0].len == 8 - && ngx_strncasecmp(arg[0].data, - (u_char *) "CRAM-MD5", 8) - == 0) - { - cscf = ngx_mail_get_module_srv_conf(s, ngx_mail_core_module); - - if (!(cscf->imap_auth_methods - & NGX_MAIL_AUTH_CRAM_MD5_ENABLED) - || s->args.nelts != 1) - { - rc = NGX_MAIL_PARSE_INVALID_COMMAND; - break; - } - - s->mail_state = ngx_imap_auth_cram_md5; - - last = ngx_palloc(c->pool, - sizeof("+ " CRLF) - 1 - + ngx_base64_encoded_length(s->salt.len)); - if (last == NULL) { - ngx_mail_session_internal_server_error(s); - return; - } - - last[0] = '+'; last[1]= ' '; - salt.data = &last[2]; - s->salt.len -= 2; - - ngx_encode_base64(&salt, &s->salt); - - s->salt.len += 2; - last_len = 2 + salt.len; - last[last_len++] = CR; last[last_len++] = LF; - tag = 0; - - break; - } - - rc = NGX_MAIL_PARSE_INVALID_COMMAND; - break; - - case NGX_IMAP_CAPABILITY: - cscf = ngx_mail_get_module_srv_conf(s, ngx_mail_core_module); - -#if (NGX_MAIL_SSL) - - if (c->ssl == NULL) { - sslcf = ngx_mail_get_module_srv_conf(s, ngx_mail_ssl_module); - - if (sslcf->starttls == NGX_MAIL_STARTTLS_ON) { - text_len = cscf->imap_starttls_capability.len; - text = cscf->imap_starttls_capability.data; - break; - } - - if (sslcf->starttls == NGX_MAIL_STARTTLS_ONLY) { - text_len = cscf->imap_starttls_only_capability.len; - text = cscf->imap_starttls_only_capability.data; - break; - } - } -#endif - - text_len = cscf->imap_capability.len; - text = cscf->imap_capability.data; - break; - - case NGX_IMAP_LOGOUT: - s->quit = 1; - text = imap_bye; - text_len = sizeof(imap_bye) - 1; - break; - - case NGX_IMAP_NOOP: - break; - -#if (NGX_MAIL_SSL) - - case NGX_IMAP_STARTTLS: - if (c->ssl == NULL) { - sslcf = ngx_mail_get_module_srv_conf(s, ngx_mail_ssl_module); - if (sslcf->starttls) { - c->read->handler = ngx_mail_starttls_handler; - break; - } - } - - rc = NGX_MAIL_PARSE_INVALID_COMMAND; - break; -#endif - - default: - rc = NGX_MAIL_PARSE_INVALID_COMMAND; - break; - } - - break; - - case ngx_imap_auth_login_username: - arg = s->args.elts; - s->mail_state = ngx_imap_auth_login_password; - - ngx_log_debug1(NGX_LOG_DEBUG_MAIL, c->log, 0, - "imap auth login username: \"%V\"", &arg[0]); - - s->login.data = ngx_palloc(c->pool, - ngx_base64_decoded_length(arg[0].len)); - if (s->login.data == NULL){ - ngx_mail_session_internal_server_error(s); - return; - } - - if (ngx_decode_base64(&s->login, &arg[0]) != NGX_OK) { - ngx_log_error(NGX_LOG_INFO, c->log, 0, - "client sent invalid base64 encoding " - "in AUTH LOGIN command"); - rc = NGX_MAIL_PARSE_INVALID_COMMAND; - break; - } - - ngx_log_debug1(NGX_LOG_DEBUG_MAIL, c->log, 0, - "imap auth login username: \"%V\"", &s->login); - - last_len = sizeof(pop3_password) - 1; - last = pop3_password; - tag = 0; - - break; - - case ngx_imap_auth_login_password: - arg = s->args.elts; - -#if (NGX_DEBUG_MAIL_PASSWD) - ngx_log_debug1(NGX_LOG_DEBUG_MAIL, c->log, 0, - "imap auth login password: \"%V\"", &arg[0]); -#endif - - s->passwd.data = ngx_palloc(c->pool, - ngx_base64_decoded_length(arg[0].len)); - if (s->passwd.data == NULL){ - ngx_mail_session_internal_server_error(s); - return; - } - - if (ngx_decode_base64(&s->passwd, &arg[0]) != NGX_OK) { - ngx_log_error(NGX_LOG_INFO, c->log, 0, - "client sent invalid base64 encoding " - "in AUTH LOGIN command"); - rc = NGX_MAIL_PARSE_INVALID_COMMAND; - break; - } - -#if (NGX_DEBUG_MAIL_PASSWD) - ngx_log_debug1(NGX_LOG_DEBUG_MAIL, c->log, 0, - "imap auth login password: \"%V\"", &s->passwd); -#endif - - ngx_mail_do_auth(s); - return; - - case ngx_imap_auth_plain: - arg = s->args.elts; - - rc = ngx_mail_decode_auth_plain(s, &arg[0]); - - if (rc == NGX_OK) { - ngx_mail_do_auth(s); - return; - } - - if (rc == NGX_ERROR) { - ngx_mail_session_internal_server_error(s); - return; - } - - /* rc == NGX_MAIL_PARSE_INVALID_COMMAND */ - - break; - - case ngx_imap_auth_cram_md5: - arg = s->args.elts; - - ngx_log_debug1(NGX_LOG_DEBUG_MAIL, c->log, 0, - "imap auth cram-md5: \"%V\"", &arg[0]); - - s->login.data = ngx_palloc(c->pool, - ngx_base64_decoded_length(arg[0].len)); - if (s->login.data == NULL){ - ngx_mail_session_internal_server_error(s); - return; - } - - if (ngx_decode_base64(&s->login, &arg[0]) != NGX_OK) { - ngx_log_error(NGX_LOG_INFO, c->log, 0, - "client sent invalid base64 encoding " - "in AUTH CRAM-MD5 command"); - rc = NGX_MAIL_PARSE_INVALID_COMMAND; - break; - } - - p = s->login.data; - last = p + s->login.len; - - while (p < last) { - if (*p++ == ' ') { - s->login.len = p - s->login.data - 1; - s->passwd.len = last - p; - s->passwd.data = p; - break; - } - } - - if (s->passwd.len != 32) { - ngx_log_error(NGX_LOG_INFO, c->log, 0, - "client sent invalid CRAM-MD5 hash " - "in AUTH CRAM-MD5 command"); - rc = NGX_MAIL_PARSE_INVALID_COMMAND; - break; - } - - ngx_log_debug2(NGX_LOG_DEBUG_MAIL, c->log, 0, - "imap auth cram-md5: \"%V\" \"%V\"", - &s->login, &s->passwd); - - s->auth_method = NGX_MAIL_AUTH_CRAM_MD5; - - ngx_mail_do_auth(s); - return; - } - - } else if (rc == NGX_IMAP_NEXT) { - last = imap_next; - last_len = sizeof(imap_next) - 1; - tag = 0; - } - - if (rc == NGX_MAIL_PARSE_INVALID_COMMAND) { - s->mail_state = ngx_imap_start; - s->state = 0; - last = imap_invalid_command; - last_len = sizeof(imap_invalid_command) - 1; - } - - if (tag) { - if (s->tag.len == 0) { - s->tag.len = sizeof(imap_star) - 1; - s->tag.data = (u_char *) imap_star; - } - - if (s->tagged_line.len < s->tag.len + text_len + last_len) { - s->tagged_line.len = s->tag.len + text_len + last_len; - s->tagged_line.data = ngx_palloc(c->pool, s->tagged_line.len); - if (s->tagged_line.data == NULL) { - ngx_mail_close_connection(c); - return; - } - } - - s->out.data = s->tagged_line.data; - s->out.len = s->tag.len + text_len + last_len; - - p = s->out.data; - - if (text) { - p = ngx_cpymem(p, text, text_len); - } - p = ngx_cpymem(p, s->tag.data, s->tag.len); - ngx_memcpy(p, last, last_len); - - - } else { - s->out.data = last; - s->out.len = last_len; - } - - if (rc != NGX_IMAP_NEXT) { - s->args.nelts = 0; - - if (s->state) { - /* preserve tag */ - s->arg_start = s->buffer->start + s->tag.len; - s->buffer->pos = s->arg_start; - s->buffer->last = s->arg_start; - - } else { - s->buffer->pos = s->buffer->start; - s->buffer->last = s->buffer->start; - s->tag.len = 0; - } - } - - ngx_mail_send(c->write); -} - - -void -ngx_smtp_auth_state(ngx_event_t *rev) -{ - u_char *p, *last, *text, ch; - ssize_t size; - ngx_int_t rc; - ngx_str_t *arg, salt, l; - ngx_uint_t i; - ngx_connection_t *c; - ngx_mail_session_t *s; - ngx_mail_core_srv_conf_t *cscf; -#if (NGX_MAIL_SSL) - ngx_mail_ssl_conf_t *sslcf; -#endif - - c = rev->data; - s = c->data; - - ngx_log_debug0(NGX_LOG_DEBUG_MAIL, c->log, 0, "smtp auth state"); - - if (rev->timedout) { - ngx_log_error(NGX_LOG_INFO, c->log, NGX_ETIMEDOUT, "client timed out"); - c->timedout = 1; - ngx_mail_close_connection(c); - return; - } - - if (s->out.len) { - ngx_log_debug0(NGX_LOG_DEBUG_MAIL, c->log, 0, "smtp send handler busy"); - s->blocked = 1; - return; - } - - s->blocked = 0; - - rc = ngx_mail_read_command(s); - - if (rc == NGX_AGAIN || rc == NGX_ERROR) { - return; - } - - text = NULL; - size = 0; - - if (rc == NGX_OK) { - switch (s->mail_state) { - - case ngx_smtp_start: - - switch (s->command) { - - case NGX_SMTP_HELO: - case NGX_SMTP_EHLO: - cscf = ngx_mail_get_module_srv_conf(s, ngx_mail_core_module); - - if (s->args.nelts != 1) { - text = smtp_invalid_argument; - size = sizeof(smtp_invalid_argument) - 1; - s->state = 0; - break; - } - - arg = s->args.elts; - - s->smtp_helo.len = arg[0].len; - - s->smtp_helo.data = ngx_palloc(c->pool, arg[0].len); - if (s->smtp_helo.data == NULL) { - ngx_mail_session_internal_server_error(s); - return; - } - - ngx_memcpy(s->smtp_helo.data, arg[0].data, arg[0].len); - - if (s->command == NGX_SMTP_HELO) { - size = cscf->smtp_server_name.len; - text = cscf->smtp_server_name.data; - - } else { - s->esmtp = 1; - -#if (NGX_MAIL_SSL) - - if (c->ssl == NULL) { - sslcf = ngx_mail_get_module_srv_conf(s, ngx_mail_ssl_module); - - if (sslcf->starttls == NGX_MAIL_STARTTLS_ON) { - size = cscf->smtp_starttls_capability.len; - text = cscf->smtp_starttls_capability.data; - break; - } - - if (sslcf->starttls == NGX_MAIL_STARTTLS_ONLY) { - size = cscf->smtp_starttls_only_capability.len; - text = cscf->smtp_starttls_only_capability.data; - break; - } - } -#endif - - size = cscf->smtp_capability.len; - text = cscf->smtp_capability.data; - } - - break; - - case NGX_SMTP_AUTH: - -#if (NGX_MAIL_SSL) - - if (c->ssl == NULL) { - sslcf = ngx_mail_get_module_srv_conf(s, ngx_mail_ssl_module); - - if (sslcf->starttls == NGX_MAIL_STARTTLS_ONLY) { - rc = NGX_MAIL_PARSE_INVALID_COMMAND; - break; - } - } -#endif - - if (s->args.nelts == 0) { - text = smtp_invalid_argument; - size = sizeof(smtp_invalid_argument) - 1; - s->state = 0; - break; - } - - arg = s->args.elts; - - if (arg[0].len == 5) { - - if (ngx_strncasecmp(arg[0].data, (u_char *) "LOGIN", 5) - == 0) - { - - if (s->args.nelts != 1) { - rc = NGX_MAIL_PARSE_INVALID_COMMAND; - break; - } - - s->mail_state = ngx_smtp_auth_login_username; - - size = sizeof(smtp_username) - 1; - text = smtp_username; - - break; - - } else if (ngx_strncasecmp(arg[0].data, (u_char *) "PLAIN", - 5) - == 0) - { - if (s->args.nelts == 1) { - s->mail_state = ngx_smtp_auth_plain; - - size = sizeof(smtp_next) - 1; - text = smtp_next; - - break; - } - - if (s->args.nelts == 2) { - - rc = ngx_mail_decode_auth_plain(s, &arg[1]); - - if (rc == NGX_OK) { - ngx_mail_do_auth(s); - return; - } - - if (rc == NGX_ERROR) { - ngx_mail_session_internal_server_error(s); - return; - } - - /* rc == NGX_MAIL_PARSE_INVALID_COMMAND */ - - break; - } - - rc = NGX_MAIL_PARSE_INVALID_COMMAND; - break; - } - - } else if (arg[0].len == 8 - && ngx_strncasecmp(arg[0].data, - (u_char *) "CRAM-MD5", 8) - == 0) - { - cscf = ngx_mail_get_module_srv_conf(s, - ngx_mail_core_module); - - if (!(cscf->smtp_auth_methods - & NGX_MAIL_AUTH_CRAM_MD5_ENABLED) - || s->args.nelts != 1) - { - rc = NGX_MAIL_PARSE_INVALID_COMMAND; - break; - } - - s->mail_state = ngx_smtp_auth_cram_md5; - - text = ngx_palloc(c->pool, - sizeof("334 " CRLF) - 1 - + ngx_base64_encoded_length(s->salt.len)); - if (text == NULL) { - ngx_mail_session_internal_server_error(s); - return; - } - - text[0] = '3'; text[1]= '3'; text[2] = '4'; text[3]= ' '; - salt.data = &text[4]; - s->salt.len -= 2; - - ngx_encode_base64(&salt, &s->salt); - - s->salt.len += 2; - size = 4 + salt.len; - text[size++] = CR; text[size++] = LF; - - break; - } - - rc = NGX_MAIL_PARSE_INVALID_COMMAND; - break; - - case NGX_SMTP_QUIT: - s->quit = 1; - text = smtp_bye; - size = sizeof(smtp_bye) - 1; - break; - - case NGX_SMTP_MAIL: - - if (s->connection->log->log_level >= NGX_LOG_INFO) { - l.len = s->buffer->last - s->buffer->start; - l.data = s->buffer->start; - - for (i = 0; i < l.len; i++) { - ch = l.data[i]; - - if (ch != CR && ch != LF) { - continue; - } - - l.data[i] = ' '; - } - - while (i) { - if (l.data[i - 1] != ' ') { - break; - } - - i--; - } - - l.len = i; - - ngx_log_error(NGX_LOG_INFO, s->connection->log, 0, - "client was rejected: \"%V\"", &l); - } - - text = smtp_auth_required; - size = sizeof(smtp_auth_required) - 1; - break; - - case NGX_SMTP_NOOP: - case NGX_SMTP_RSET: - text = smtp_ok; - size = sizeof(smtp_ok) - 1; - break; - -#if (NGX_MAIL_SSL) - - case NGX_SMTP_STARTTLS: - if (c->ssl == NULL) { - sslcf = ngx_mail_get_module_srv_conf(s, - ngx_mail_ssl_module); - if (sslcf->starttls) { - c->read->handler = ngx_mail_starttls_handler; - - /* - * RFC3207 requires us to discard any knowledge - * obtained from client before STARTTLS. - */ - - s->smtp_helo.len = 0; - s->smtp_helo.data = NULL; - - text = smtp_ok; - size = sizeof(smtp_ok) - 1; - - break; - } - } - - rc = NGX_MAIL_PARSE_INVALID_COMMAND; - break; -#endif - - default: - rc = NGX_MAIL_PARSE_INVALID_COMMAND; - break; - } - - break; - - case ngx_smtp_auth_login_username: - arg = s->args.elts; - s->mail_state = ngx_smtp_auth_login_password; - - ngx_log_debug1(NGX_LOG_DEBUG_MAIL, c->log, 0, - "smtp auth login username: \"%V\"", &arg[0]); - - s->login.data = ngx_palloc(c->pool, - ngx_base64_decoded_length(arg[0].len)); - if (s->login.data == NULL){ - ngx_mail_session_internal_server_error(s); - return; - } - - if (ngx_decode_base64(&s->login, &arg[0]) != NGX_OK) { - ngx_log_error(NGX_LOG_INFO, c->log, 0, - "client sent invalid base64 encoding " - "in AUTH LOGIN command"); - rc = NGX_MAIL_PARSE_INVALID_COMMAND; - break; - } - - ngx_log_debug1(NGX_LOG_DEBUG_MAIL, c->log, 0, - "smtp auth login username: \"%V\"", &s->login); - - size = sizeof(smtp_password) - 1; - text = smtp_password; - - break; - - case ngx_smtp_auth_login_password: - arg = s->args.elts; - -#if (NGX_DEBUG_MAIL_PASSWD) - ngx_log_debug1(NGX_LOG_DEBUG_MAIL, c->log, 0, - "smtp auth login password: \"%V\"", &arg[0]); -#endif - - s->passwd.data = ngx_palloc(c->pool, - ngx_base64_decoded_length(arg[0].len)); - if (s->passwd.data == NULL){ - ngx_mail_session_internal_server_error(s); - return; - } - - if (ngx_decode_base64(&s->passwd, &arg[0]) != NGX_OK) { - ngx_log_error(NGX_LOG_INFO, c->log, 0, - "client sent invalid base64 encoding " - "in AUTH LOGIN command"); - rc = NGX_MAIL_PARSE_INVALID_COMMAND; - break; - } - -#if (NGX_DEBUG_MAIL_PASSWD) - ngx_log_debug1(NGX_LOG_DEBUG_MAIL, c->log, 0, - "smtp auth login password: \"%V\"", &s->passwd); -#endif - - ngx_mail_do_auth(s); - return; - - case ngx_smtp_auth_plain: - arg = s->args.elts; - - rc = ngx_mail_decode_auth_plain(s, &arg[0]); - - if (rc == NGX_OK) { - ngx_mail_do_auth(s); - return; - } - - if (rc == NGX_ERROR) { - ngx_mail_session_internal_server_error(s); - return; - } - - /* rc == NGX_MAIL_PARSE_INVALID_COMMAND */ - - break; - - case ngx_smtp_auth_cram_md5: - arg = s->args.elts; - - ngx_log_debug1(NGX_LOG_DEBUG_MAIL, c->log, 0, - "smtp auth cram-md5: \"%V\"", &arg[0]); - - s->login.data = ngx_palloc(c->pool, - ngx_base64_decoded_length(arg[0].len)); - if (s->login.data == NULL){ - ngx_mail_session_internal_server_error(s); - return; - } - - if (ngx_decode_base64(&s->login, &arg[0]) != NGX_OK) { - ngx_log_error(NGX_LOG_INFO, c->log, 0, - "client sent invalid base64 encoding " - "in AUTH CRAM-MD5 command"); - rc = NGX_MAIL_PARSE_INVALID_COMMAND; - break; - } - - p = s->login.data; - last = p + s->login.len; - - while (p < last) { - if (*p++ == ' ') { - s->login.len = p - s->login.data - 1; - s->passwd.len = last - p; - s->passwd.data = p; - break; - } - } - - if (s->passwd.len != 32) { - ngx_log_error(NGX_LOG_INFO, c->log, 0, - "client sent invalid CRAM-MD5 hash " - "in AUTH CRAM-MD5 command"); - rc = NGX_MAIL_PARSE_INVALID_COMMAND; - break; - } - - ngx_log_debug2(NGX_LOG_DEBUG_MAIL, c->log, 0, - "smtp auth cram-md5: \"%V\" \"%V\"", - &s->login, &s->passwd); - - s->auth_method = NGX_MAIL_AUTH_CRAM_MD5; - - ngx_mail_do_auth(s); - return; - } - } - - if (rc == NGX_MAIL_PARSE_INVALID_COMMAND) { - s->mail_state = ngx_smtp_start; - s->state = 0; - text = smtp_invalid_command; - size = sizeof(smtp_invalid_command) - 1; - } - - s->args.nelts = 0; - s->buffer->pos = s->buffer->start; - s->buffer->last = s->buffer->start; - - if (s->state) { - s->arg_start = s->buffer->start; - } - - s->out.data = text; - s->out.len = size; - - ngx_mail_send(c->write); -} - - -static ngx_int_t -ngx_mail_decode_auth_plain(ngx_mail_session_t *s, ngx_str_t *encoded) -{ - u_char *p, *last; - ngx_str_t plain; - -#if (NGX_DEBUG_MAIL_PASSWD) - ngx_log_debug1(NGX_LOG_DEBUG_MAIL, s->connection->log, 0, - "mail auth plain: \"%V\"", encoded); -#endif - - plain.data = ngx_palloc(s->connection->pool, - ngx_base64_decoded_length(encoded->len)); - if (plain.data == NULL){ - return NGX_ERROR; - } - - if (ngx_decode_base64(&plain, encoded) != NGX_OK) { - ngx_log_error(NGX_LOG_INFO, s->connection->log, 0, - "client sent invalid base64 encoding " - "in AUTH PLAIN command"); - return NGX_MAIL_PARSE_INVALID_COMMAND; - } - - p = plain.data; - last = p + plain.len; - - while (p < last && *p++) { /* void */ } - - if (p == last) { - ngx_log_error(NGX_LOG_INFO, s->connection->log, 0, - "client sent invalid login in AUTH PLAIN command"); - return NGX_MAIL_PARSE_INVALID_COMMAND; - } - - s->login.data = p; - - while (p < last && *p) { p++; } - - if (p == last) { - ngx_log_error(NGX_LOG_INFO, s->connection->log, 0, - "client sent invalid password in AUTH PLAIN command"); - return NGX_MAIL_PARSE_INVALID_COMMAND; - } - - s->login.len = p++ - s->login.data; - - s->passwd.len = last - p; - s->passwd.data = p; - -#if (NGX_DEBUG_MAIL_PASSWD) - ngx_log_debug2(NGX_LOG_DEBUG_MAIL, s->connection->log, 0, - "mail auth plain: \"%V\" \"%V\"", - &s->login, &s->passwd); -#endif - - return NGX_OK; -} - - -static void -ngx_mail_do_auth(ngx_mail_session_t *s) -{ - s->args.nelts = 0; - s->buffer->pos = s->buffer->start; - s->buffer->last = s->buffer->start; - s->state = 0; - - if (s->connection->read->timer_set) { - ngx_del_timer(s->connection->read); - } - - s->login_attempt++; - - ngx_mail_auth_http_init(s); -} - - -static ngx_int_t +ngx_int_t ngx_mail_read_command(ngx_mail_session_t *s) { ssize_t n; @@ -2027,19 +546,7 @@ ngx_mail_read_command(ngx_mail_session_t return NGX_AGAIN; } - switch (s->protocol) { - case NGX_MAIL_POP3_PROTOCOL: - rc = ngx_pop3_parse_command(s); - break; - - case NGX_MAIL_IMAP_PROTOCOL: - rc = ngx_imap_parse_command(s); - break; - - default: /* NGX_MAIL_SMTP_PROTOCOL */ - rc = ngx_smtp_parse_command(s); - break; - } + rc = ngx_mail_parse[s->protocol](s); if (rc == NGX_AGAIN) { @@ -2072,6 +579,24 @@ ngx_mail_read_command(ngx_mail_session_t void +ngx_mail_auth(ngx_mail_session_t *s) +{ + s->args.nelts = 0; + s->buffer->pos = s->buffer->start; + s->buffer->last = s->buffer->start; + s->state = 0; + + if (s->connection->read->timer_set) { + ngx_del_timer(s->connection->read); + } + + s->login_attempt++; + + ngx_mail_auth_http_init(s); +} + + +void ngx_mail_session_internal_server_error(ngx_mail_session_t *s) { s->out = internal_server_errors[s->protocol]; @@ -2114,7 +639,7 @@ ngx_mail_close_connection(ngx_connection } -static u_char * +u_char * ngx_mail_log_error(ngx_log_t *log, u_char *buf, size_t len) { u_char *p;