# HG changeset patch # User Igor Sysoev # Date 1189714398 0 # Node ID 67578e966dcc880ecb716fb117442d5b2317fc12 # Parent 732fe8258857844b5bc496e0b889ac3e72506550 split pop3, imap, and smtp handlers diff --git a/auto/sources b/auto/sources --- a/auto/sources +++ b/auto/sources @@ -423,6 +423,9 @@ MAIL_MODULES="ngx_mail_module ngx_mail_c MAIL_SRCS="src/mail/ngx_mail.c \ src/mail/ngx_mail_core_module.c \ src/mail/ngx_mail_handler.c \ + src/mail/ngx_mail_pop3_handler.c \ + src/mail/ngx_mail_imap_handler.c \ + src/mail/ngx_mail_smtp_handler.c \ src/mail/ngx_mail_parse.c" MAIL_SSL_MODULE="ngx_mail_ssl_module" diff --git a/src/mail/ngx_mail.h b/src/mail/ngx_mail.h --- a/src/mail/ngx_mail.h +++ b/src/mail/ngx_mail.h @@ -196,6 +196,7 @@ typedef struct { ngx_str_t salt; ngx_str_t tag; ngx_str_t tagged_line; + ngx_str_t text; ngx_str_t *addr_text; ngx_str_t smtp_helo; @@ -303,14 +304,48 @@ typedef struct { #define ngx_mail_conf_get_module_srv_conf(cf, module) \ ((ngx_mail_conf_ctx_t *) cf->ctx)->srv_conf[module.ctx_index] +typedef void (*ngx_mail_init_session_pt)(ngx_mail_session_t *s, + ngx_connection_t *c); +typedef void (*ngx_mail_init_protocol_pt)(ngx_event_t *rev); +typedef ngx_int_t (*ngx_mail_parse_pt)(ngx_mail_session_t *s); + + +#if (NGX_MAIL_SSL) +void ngx_mail_starttls_handler(ngx_event_t *rev); +#endif + void ngx_mail_init_connection(ngx_connection_t *c); -void ngx_mail_send(ngx_event_t *wev); + void ngx_pop3_auth_state(ngx_event_t *rev); void ngx_imap_auth_state(ngx_event_t *rev); void ngx_smtp_auth_state(ngx_event_t *rev); + +ngx_int_t ngx_mail_salt(ngx_mail_session_t *s, ngx_connection_t *c, + ngx_mail_core_srv_conf_t *cscf); +ngx_int_t ngx_mail_auth_plain(ngx_mail_session_t *s, ngx_connection_t *c, + ngx_uint_t n); +ngx_int_t ngx_mail_auth_login_username(ngx_mail_session_t *s, + ngx_connection_t *c); +ngx_int_t ngx_mail_auth_login_password(ngx_mail_session_t *s, + ngx_connection_t *c); +ngx_int_t ngx_mail_auth_cram_md5(ngx_mail_session_t *s, ngx_connection_t *c); + +void ngx_mail_send(ngx_event_t *wev); +ngx_int_t ngx_mail_read_command(ngx_mail_session_t *s); +void ngx_mail_auth(ngx_mail_session_t *s); void ngx_mail_close_connection(ngx_connection_t *c); void ngx_mail_session_internal_server_error(ngx_mail_session_t *s); +u_char *ngx_mail_log_error(ngx_log_t *log, u_char *buf, size_t len); + + +void ngx_mail_pop3_init_session(ngx_mail_session_t *s, ngx_connection_t *c); +void ngx_mail_imap_init_session(ngx_mail_session_t *s, ngx_connection_t *c); +void ngx_mail_smtp_init_session(ngx_mail_session_t *s, ngx_connection_t *c); + +void ngx_mail_pop3_init_protocol(ngx_event_t *rev); +void ngx_mail_imap_init_protocol(ngx_event_t *rev); +void ngx_mail_smtp_init_protocol(ngx_event_t *rev); ngx_int_t ngx_pop3_parse_command(ngx_mail_session_t *s); ngx_int_t ngx_imap_parse_command(ngx_mail_session_t *s); diff --git a/src/mail/ngx_mail_handler.c b/src/mail/ngx_mail_handler.c --- a/src/mail/ngx_mail_handler.c +++ b/src/mail/ngx_mail_handler.c @@ -11,12 +11,6 @@ static void ngx_mail_init_session(ngx_connection_t *c); -static void ngx_mail_init_protocol(ngx_event_t *rev); -static ngx_int_t ngx_mail_decode_auth_plain(ngx_mail_session_t *s, - ngx_str_t *encoded); -static void ngx_mail_do_auth(ngx_mail_session_t *s); -static ngx_int_t ngx_mail_read_command(ngx_mail_session_t *s); -static u_char *ngx_mail_log_error(ngx_log_t *log, u_char *buf, size_t len); #if (NGX_MAIL_SSL) static void ngx_mail_ssl_init_connection(ngx_ssl_t *ssl, ngx_connection_t *c); @@ -24,39 +18,33 @@ static void ngx_mail_ssl_handshake_handl #endif -static ngx_str_t greetings[] = { - ngx_string("+OK POP3 ready" CRLF), - ngx_string("* OK IMAP4 ready" CRLF) - /* SMTP greeting */ +static ngx_mail_init_session_pt ngx_mail_init_sessions[] = { + ngx_mail_pop3_init_session, + ngx_mail_imap_init_session, + ngx_mail_smtp_init_session }; + +static ngx_mail_init_protocol_pt ngx_mail_init_protocols[] = { + ngx_mail_pop3_init_protocol, + ngx_mail_imap_init_protocol, + ngx_mail_smtp_init_protocol +}; + + +static ngx_mail_parse_pt ngx_mail_parse[] = { + ngx_pop3_parse_command, + ngx_imap_parse_command, + ngx_smtp_parse_command +}; + + static ngx_str_t internal_server_errors[] = { ngx_string("-ERR internal server error" CRLF), ngx_string("* BAD internal server error" CRLF), ngx_string("451 4.3.2 Internal server error" CRLF), }; -static u_char pop3_ok[] = "+OK" CRLF; -static u_char pop3_next[] = "+ " CRLF; -static u_char pop3_username[] = "+ VXNlcm5hbWU6" CRLF; -static u_char pop3_password[] = "+ UGFzc3dvcmQ6" CRLF; -static u_char pop3_invalid_command[] = "-ERR invalid command" CRLF; - -static u_char imap_star[] = "* "; -static u_char imap_ok[] = "OK completed" CRLF; -static u_char imap_next[] = "+ OK" CRLF; -static u_char imap_bye[] = "* BYE" CRLF; -static u_char imap_invalid_command[] = "BAD invalid command" CRLF; - -static u_char smtp_ok[] = "250 2.0.0 OK" CRLF; -static u_char smtp_bye[] = "221 2.0.0 Bye" CRLF; -static u_char smtp_next[] = "334 " CRLF; -static u_char smtp_username[] = "334 VXNlcm5hbWU6" CRLF; -static u_char smtp_password[] = "334 UGFzc3dvcmQ6" CRLF; -static u_char smtp_invalid_command[] = "500 5.5.1 Invalid command" CRLF; -static u_char smtp_invalid_argument[] = "501 5.5.4 Invalid argument" CRLF; -static u_char smtp_auth_required[] = "530 5.7.1 Authentication required" CRLF; - void ngx_mail_init_connection(ngx_connection_t *c) @@ -172,7 +160,7 @@ ngx_mail_init_connection(ngx_connection_ #if (NGX_MAIL_SSL) -static void +void ngx_mail_starttls_handler(ngx_event_t *rev) { ngx_connection_t *c; @@ -229,10 +217,10 @@ ngx_mail_ssl_handshake_handler(ngx_conne s = c->data; if (s->starttls) { - c->read->handler = ngx_mail_init_protocol; + c->read->handler = ngx_mail_init_protocols[s->protocol]; c->write->handler = ngx_mail_send; - ngx_mail_init_protocol(c->read); + ngx_mail_init_protocols[s->protocol](c->read); return; } @@ -250,13 +238,9 @@ ngx_mail_ssl_handshake_handler(ngx_conne static void ngx_mail_init_session(ngx_connection_t *c) { - u_char *p; ngx_mail_session_t *s; ngx_mail_core_srv_conf_t *cscf; - c->read->handler = ngx_mail_init_protocol; - c->write->handler = ngx_mail_send; - s = c->data; cscf = ngx_mail_get_module_srv_conf(s, ngx_mail_core_module); @@ -269,60 +253,203 @@ ngx_mail_init_session(ngx_connection_t * return; } - if (s->protocol == NGX_MAIL_SMTP_PROTOCOL) { - s->out = cscf->smtp_greeting; - - } else { - s->out = greetings[s->protocol]; - } - - if ((s->protocol == NGX_MAIL_POP3_PROTOCOL - && (cscf->pop3_auth_methods - & (NGX_MAIL_AUTH_APOP_ENABLED|NGX_MAIL_AUTH_CRAM_MD5_ENABLED))) - - || (s->protocol == NGX_MAIL_IMAP_PROTOCOL - && (cscf->imap_auth_methods & NGX_MAIL_AUTH_CRAM_MD5_ENABLED)) - - || (s->protocol == NGX_MAIL_SMTP_PROTOCOL - && (cscf->smtp_auth_methods & NGX_MAIL_AUTH_CRAM_MD5_ENABLED))) - { - s->salt.data = ngx_palloc(c->pool, - sizeof(" <18446744073709551616.@>" CRLF) - 1 - + NGX_TIME_T_LEN - + cscf->server_name.len); - if (s->salt.data == NULL) { - ngx_mail_session_internal_server_error(s); - return; - } - - s->salt.len = ngx_sprintf(s->salt.data, "<%ul.%T@%V>" CRLF, - ngx_random(), ngx_time(), &cscf->server_name) - - s->salt.data; - - if (s->protocol == NGX_MAIL_POP3_PROTOCOL) { - s->out.data = ngx_palloc(c->pool, - greetings[0].len + 1 + s->salt.len); - if (s->out.data == NULL) { - ngx_mail_session_internal_server_error(s); - return; - } - - p = ngx_cpymem(s->out.data, - greetings[0].data, greetings[0].len - 2); - *p++ = ' '; - p = ngx_cpymem(p, s->salt.data, s->salt.len); - - s->out.len = p - s->out.data; - } - } - ngx_add_timer(c->read, cscf->timeout); if (ngx_handle_read_event(c->read, 0) == NGX_ERROR) { ngx_mail_close_connection(c); } - ngx_mail_send(c->write); + c->write->handler = ngx_mail_send; + + ngx_mail_init_sessions[s->protocol](s, c); +} + + +ngx_int_t +ngx_mail_salt(ngx_mail_session_t *s, ngx_connection_t *c, + ngx_mail_core_srv_conf_t *cscf) +{ + s->salt.data = ngx_palloc(c->pool, + sizeof(" <18446744073709551616.@>" CRLF) - 1 + + NGX_TIME_T_LEN + + cscf->server_name.len); + if (s->salt.data == NULL) { + return NGX_ERROR; + } + + s->salt.len = ngx_sprintf(s->salt.data, "<%ul.%T@%V>" CRLF, + ngx_random(), ngx_time(), &cscf->server_name) + - s->salt.data; + + return NGX_OK; +} + + +ngx_int_t +ngx_mail_auth_plain(ngx_mail_session_t *s, ngx_connection_t *c, ngx_uint_t n) +{ + u_char *p, *last; + ngx_str_t *arg, plain; + + arg = s->args.elts; + +#if (NGX_DEBUG_MAIL_PASSWD) + ngx_log_debug1(NGX_LOG_DEBUG_MAIL, c->log, 0, + "mail auth plain: \"%V\"", &arg[n]); +#endif + + plain.data = ngx_palloc(c->pool, ngx_base64_decoded_length(arg[n].len)); + if (plain.data == NULL){ + return NGX_ERROR; + } + + if (ngx_decode_base64(&plain, &arg[0]) != NGX_OK) { + ngx_log_error(NGX_LOG_INFO, c->log, 0, + "client sent invalid base64 encoding in AUTH PLAIN command"); + return NGX_MAIL_PARSE_INVALID_COMMAND; + } + + p = plain.data; + last = p + plain.len; + + while (p < last && *p++) { /* void */ } + + if (p == last) { + ngx_log_error(NGX_LOG_INFO, c->log, 0, + "client sent invalid login in AUTH PLAIN command"); + return NGX_MAIL_PARSE_INVALID_COMMAND; + } + + s->login.data = p; + + while (p < last && *p) { p++; } + + if (p == last) { + ngx_log_error(NGX_LOG_INFO, c->log, 0, + "client sent invalid password in AUTH PLAIN command"); + return NGX_MAIL_PARSE_INVALID_COMMAND; + } + + s->login.len = p++ - s->login.data; + + s->passwd.len = last - p; + s->passwd.data = p; + +#if (NGX_DEBUG_MAIL_PASSWD) + ngx_log_debug2(NGX_LOG_DEBUG_MAIL, c->log, 0, + "mail auth plain: \"%V\" \"%V\"", &s->login, &s->passwd); +#endif + + return NGX_DONE; +} + + +ngx_int_t +ngx_mail_auth_login_username(ngx_mail_session_t *s, ngx_connection_t *c) +{ + ngx_str_t *arg; + + arg = s->args.elts; + + ngx_log_debug1(NGX_LOG_DEBUG_MAIL, c->log, 0, + "mail auth login username: \"%V\"", &arg[0]); + + s->login.data = ngx_palloc(c->pool, ngx_base64_decoded_length(arg[0].len)); + if (s->login.data == NULL){ + return NGX_ERROR; + } + + if (ngx_decode_base64(&s->login, &arg[0]) != NGX_OK) { + ngx_log_error(NGX_LOG_INFO, c->log, 0, + "client sent invalid base64 encoding in AUTH LOGIN command"); + return NGX_MAIL_PARSE_INVALID_COMMAND; + } + + ngx_log_debug1(NGX_LOG_DEBUG_MAIL, c->log, 0, + "mail auth login username: \"%V\"", &s->login); + + return NGX_OK; +} + + +ngx_int_t +ngx_mail_auth_login_password(ngx_mail_session_t *s, ngx_connection_t *c) +{ + ngx_str_t *arg; + + arg = s->args.elts; + +#if (NGX_DEBUG_MAIL_PASSWD) + ngx_log_debug1(NGX_LOG_DEBUG_MAIL, c->log, 0, + "mail auth login password: \"%V\"", &arg[0]); +#endif + + s->passwd.data = ngx_palloc(c->pool, ngx_base64_decoded_length(arg[0].len)); + if (s->passwd.data == NULL){ + return NGX_ERROR; + } + + if (ngx_decode_base64(&s->passwd, &arg[0]) != NGX_OK) { + ngx_log_error(NGX_LOG_INFO, c->log, 0, + "client sent invalid base64 encoding in AUTH LOGIN command"); + return NGX_MAIL_PARSE_INVALID_COMMAND; + } + +#if (NGX_DEBUG_MAIL_PASSWD) + ngx_log_debug1(NGX_LOG_DEBUG_MAIL, c->log, 0, + "mail auth login password: \"%V\"", &s->passwd); +#endif + + return NGX_DONE; +} + + +ngx_int_t +ngx_mail_auth_cram_md5(ngx_mail_session_t *s, ngx_connection_t *c) +{ + u_char *p, *last; + ngx_str_t *arg; + + arg = s->args.elts; + + ngx_log_debug1(NGX_LOG_DEBUG_MAIL, c->log, 0, + "mail auth cram-md5: \"%V\"", &arg[0]); + + s->login.data = ngx_palloc(c->pool, ngx_base64_decoded_length(arg[0].len)); + if (s->login.data == NULL){ + return NGX_ERROR; + } + + if (ngx_decode_base64(&s->login, &arg[0]) != NGX_OK) { + ngx_log_error(NGX_LOG_INFO, c->log, 0, + "client sent invalid base64 encoding in AUTH CRAM-MD5 command"); + return NGX_MAIL_PARSE_INVALID_COMMAND; + } + + p = s->login.data; + last = p + s->login.len; + + while (p < last) { + if (*p++ == ' ') { + s->login.len = p - s->login.data - 1; + s->passwd.len = last - p; + s->passwd.data = p; + break; + } + } + + if (s->passwd.len != 32) { + ngx_log_error(NGX_LOG_INFO, c->log, 0, + "client sent invalid CRAM-MD5 hash in AUTH CRAM-MD5 command"); + return NGX_MAIL_PARSE_INVALID_COMMAND; + } + + ngx_log_debug2(NGX_LOG_DEBUG_MAIL, c->log, 0, + "mail auth cram-md5: \"%V\" \"%V\"", &s->login, &s->passwd); + + s->auth_method = NGX_MAIL_AUTH_CRAM_MD5; + + return NGX_DONE; } @@ -391,1615 +518,7 @@ ngx_mail_send(ngx_event_t *wev) } -static void -ngx_mail_init_protocol(ngx_event_t *rev) -{ - size_t size; - ngx_connection_t *c; - ngx_mail_session_t *s; - ngx_mail_core_srv_conf_t *cscf; - - c = rev->data; - - c->log->action = "in auth state"; - - if (rev->timedout) { - ngx_log_error(NGX_LOG_INFO, c->log, NGX_ETIMEDOUT, "client timed out"); - c->timedout = 1; - ngx_mail_close_connection(c); - return; - } - - s = c->data; - - switch (s->protocol) { - - case NGX_MAIL_POP3_PROTOCOL: - size = 128; - s->mail_state = ngx_pop3_start; - c->read->handler = ngx_pop3_auth_state; - break; - - case NGX_MAIL_IMAP_PROTOCOL: - cscf = ngx_mail_get_module_srv_conf(s, ngx_mail_core_module); - size = cscf->imap_client_buffer_size; - s->mail_state = ngx_imap_start; - c->read->handler = ngx_imap_auth_state; - break; - - default: /* NGX_MAIL_SMTP_PROTOCOL */ - size = 512; - s->mail_state = ngx_smtp_start; - c->read->handler = ngx_smtp_auth_state; - break; - } - - if (s->buffer == NULL) { - if (ngx_array_init(&s->args, c->pool, 2, sizeof(ngx_str_t)) - == NGX_ERROR) - { - ngx_mail_session_internal_server_error(s); - return; - } - - s->buffer = ngx_create_temp_buf(c->pool, size); - if (s->buffer == NULL) { - ngx_mail_session_internal_server_error(s); - return; - } - } - - c->read->handler(rev); -} - - -void -ngx_pop3_auth_state(ngx_event_t *rev) -{ - u_char *p, *last, *text; - ssize_t size; - ngx_int_t rc; - ngx_str_t *arg, salt; - ngx_connection_t *c; - ngx_mail_session_t *s; - ngx_mail_core_srv_conf_t *cscf; -#if (NGX_MAIL_SSL) - ngx_mail_ssl_conf_t *sslcf; -#endif - - c = rev->data; - s = c->data; - - ngx_log_debug0(NGX_LOG_DEBUG_MAIL, c->log, 0, "pop3 auth state"); - - if (rev->timedout) { - ngx_log_error(NGX_LOG_INFO, c->log, NGX_ETIMEDOUT, "client timed out"); - c->timedout = 1; - ngx_mail_close_connection(c); - return; - } - - if (s->out.len) { - ngx_log_debug0(NGX_LOG_DEBUG_MAIL, c->log, 0, "pop3 send handler busy"); - s->blocked = 1; - return; - } - - s->blocked = 0; - - rc = ngx_mail_read_command(s); - - if (rc == NGX_AGAIN || rc == NGX_ERROR) { - return; - } - - text = pop3_ok; - size = sizeof(pop3_ok) - 1; - - if (rc == NGX_OK) { - switch (s->mail_state) { - - case ngx_pop3_start: - - switch (s->command) { - - case NGX_POP3_USER: - -#if (NGX_MAIL_SSL) - - if (c->ssl == NULL) { - sslcf = ngx_mail_get_module_srv_conf(s, - ngx_mail_ssl_module); - - if (sslcf->starttls == NGX_MAIL_STARTTLS_ONLY) { - rc = NGX_MAIL_PARSE_INVALID_COMMAND; - break; - } - } -#endif - - if (s->args.nelts == 1) { - s->mail_state = ngx_pop3_user; - - arg = s->args.elts; - s->login.len = arg[0].len; - s->login.data = ngx_palloc(c->pool, s->login.len); - if (s->login.data == NULL) { - ngx_mail_session_internal_server_error(s); - return; - } - - ngx_memcpy(s->login.data, arg[0].data, s->login.len); - - ngx_log_debug1(NGX_LOG_DEBUG_MAIL, c->log, 0, - "pop3 login: \"%V\"", &s->login); - - break; - } - - rc = NGX_MAIL_PARSE_INVALID_COMMAND; - break; - - case NGX_POP3_CAPA: - cscf = ngx_mail_get_module_srv_conf(s, ngx_mail_core_module); - -#if (NGX_MAIL_SSL) - - if (c->ssl == NULL) { - sslcf = ngx_mail_get_module_srv_conf(s, - ngx_mail_ssl_module); - - if (sslcf->starttls == NGX_MAIL_STARTTLS_ON) { - size = cscf->pop3_starttls_capability.len; - text = cscf->pop3_starttls_capability.data; - break; - } - - if (sslcf->starttls == NGX_MAIL_STARTTLS_ONLY) { - size = cscf->pop3_starttls_only_capability.len; - text = cscf->pop3_starttls_only_capability.data; - break; - } - } -#endif - - size = cscf->pop3_capability.len; - text = cscf->pop3_capability.data; - break; - - case NGX_POP3_APOP: - -#if (NGX_MAIL_SSL) - - if (c->ssl == NULL) { - sslcf = ngx_mail_get_module_srv_conf(s, - ngx_mail_ssl_module); - - if (sslcf->starttls == NGX_MAIL_STARTTLS_ONLY) { - rc = NGX_MAIL_PARSE_INVALID_COMMAND; - break; - } - } -#endif - - cscf = ngx_mail_get_module_srv_conf(s, ngx_mail_core_module); - - if ((cscf->pop3_auth_methods & NGX_MAIL_AUTH_APOP_ENABLED) - && s->args.nelts == 2) - { - arg = s->args.elts; - - s->login.len = arg[0].len; - s->login.data = ngx_palloc(c->pool, s->login.len); - if (s->login.data == NULL) { - ngx_mail_session_internal_server_error(s); - return; - } - - ngx_memcpy(s->login.data, arg[0].data, s->login.len); - - s->passwd.len = arg[1].len; - s->passwd.data = ngx_palloc(c->pool, s->passwd.len); - if (s->passwd.data == NULL) { - ngx_mail_session_internal_server_error(s); - return; - } - - ngx_memcpy(s->passwd.data, arg[1].data, s->passwd.len); - - ngx_log_debug2(NGX_LOG_DEBUG_MAIL, c->log, 0, - "pop3 apop: \"%V\" \"%V\"", - &s->login, &s->passwd); - - s->auth_method = NGX_MAIL_AUTH_APOP; - - ngx_mail_do_auth(s); - return; - } - - rc = NGX_MAIL_PARSE_INVALID_COMMAND; - break; - - case NGX_POP3_AUTH: - -#if (NGX_MAIL_SSL) - - if (c->ssl == NULL) { - sslcf = ngx_mail_get_module_srv_conf(s, - ngx_mail_ssl_module); - - if (sslcf->starttls == NGX_MAIL_STARTTLS_ONLY) { - rc = NGX_MAIL_PARSE_INVALID_COMMAND; - break; - } - } -#endif - - cscf = ngx_mail_get_module_srv_conf(s, ngx_mail_core_module); - - if (s->args.nelts == 0) { - size = cscf->pop3_auth_capability.len; - text = cscf->pop3_auth_capability.data; - s->state = 0; - break; - } - - arg = s->args.elts; - - if (arg[0].len == 5) { - - if (ngx_strncasecmp(arg[0].data, (u_char *) "LOGIN", 5) - == 0) - { - - if (s->args.nelts != 1) { - rc = NGX_MAIL_PARSE_INVALID_COMMAND; - break; - } - - s->mail_state = ngx_pop3_auth_login_username; - - size = sizeof(pop3_username) - 1; - text = pop3_username; - - break; - - } else if (ngx_strncasecmp(arg[0].data, (u_char *) "PLAIN", - 5) - == 0) - { - - if (s->args.nelts == 1) { - s->mail_state = ngx_pop3_auth_plain; - - size = sizeof(pop3_next) - 1; - text = pop3_next; - - break; - } - - if (s->args.nelts == 2) { - - /* - * workaround for Eudora for Mac: it sends - * AUTH PLAIN [base64 encoded] - */ - - rc = ngx_mail_decode_auth_plain(s, &arg[1]); - - if (rc == NGX_OK) { - ngx_mail_do_auth(s); - return; - } - - if (rc == NGX_ERROR) { - ngx_mail_session_internal_server_error(s); - return; - } - - /* rc == NGX_MAIL_PARSE_INVALID_COMMAND */ - - break; - } - - rc = NGX_MAIL_PARSE_INVALID_COMMAND; - break; - } - - } else if (arg[0].len == 8 - && ngx_strncasecmp(arg[0].data, - (u_char *) "CRAM-MD5", 8) - == 0) - { - if (!(cscf->pop3_auth_methods - & NGX_MAIL_AUTH_CRAM_MD5_ENABLED) - || s->args.nelts != 1) - { - rc = NGX_MAIL_PARSE_INVALID_COMMAND; - break; - } - - s->mail_state = ngx_pop3_auth_cram_md5; - - text = ngx_palloc(c->pool, - sizeof("+ " CRLF) - 1 - + ngx_base64_encoded_length(s->salt.len)); - if (text == NULL) { - ngx_mail_session_internal_server_error(s); - return; - } - - text[0] = '+'; text[1]= ' '; - salt.data = &text[2]; - s->salt.len -= 2; - - ngx_encode_base64(&salt, &s->salt); - - s->salt.len += 2; - size = 2 + salt.len; - text[size++] = CR; text[size++] = LF; - - break; - } - - rc = NGX_MAIL_PARSE_INVALID_COMMAND; - break; - - case NGX_POP3_QUIT: - s->quit = 1; - break; - - case NGX_POP3_NOOP: - break; - -#if (NGX_MAIL_SSL) - - case NGX_POP3_STLS: - if (c->ssl == NULL) { - sslcf = ngx_mail_get_module_srv_conf(s, - ngx_mail_ssl_module); - if (sslcf->starttls) { - c->read->handler = ngx_mail_starttls_handler; - break; - } - } - - rc = NGX_MAIL_PARSE_INVALID_COMMAND; - break; -#endif - - default: - s->mail_state = ngx_pop3_start; - rc = NGX_MAIL_PARSE_INVALID_COMMAND; - break; - } - - break; - - case ngx_pop3_user: - - switch (s->command) { - - case NGX_POP3_PASS: - if (s->args.nelts == 1) { - arg = s->args.elts; - s->passwd.len = arg[0].len; - s->passwd.data = ngx_palloc(c->pool, s->passwd.len); - if (s->passwd.data == NULL) { - ngx_mail_session_internal_server_error(s); - return; - } - - ngx_memcpy(s->passwd.data, arg[0].data, s->passwd.len); - -#if (NGX_DEBUG_MAIL_PASSWD) - ngx_log_debug1(NGX_LOG_DEBUG_MAIL, c->log, 0, - "pop3 passwd: \"%V\"", &s->passwd); -#endif - - ngx_mail_do_auth(s); - return; - } - - rc = NGX_MAIL_PARSE_INVALID_COMMAND; - break; - - case NGX_POP3_CAPA: - cscf = ngx_mail_get_module_srv_conf(s, ngx_mail_core_module); - size = cscf->pop3_capability.len; - text = cscf->pop3_capability.data; - break; - - case NGX_POP3_QUIT: - s->quit = 1; - break; - - case NGX_POP3_NOOP: - break; - - default: - s->mail_state = ngx_pop3_start; - rc = NGX_MAIL_PARSE_INVALID_COMMAND; - break; - } - - break; - - /* suppress warinings */ - case ngx_pop3_passwd: - break; - - case ngx_pop3_auth_login_username: - arg = s->args.elts; - s->mail_state = ngx_pop3_auth_login_password; - - ngx_log_debug1(NGX_LOG_DEBUG_MAIL, c->log, 0, - "pop3 auth login username: \"%V\"", &arg[0]); - - s->login.data = ngx_palloc(c->pool, - ngx_base64_decoded_length(arg[0].len)); - if (s->login.data == NULL){ - ngx_mail_session_internal_server_error(s); - return; - } - - if (ngx_decode_base64(&s->login, &arg[0]) != NGX_OK) { - ngx_log_error(NGX_LOG_INFO, c->log, 0, - "client sent invalid base64 encoding " - "in AUTH LOGIN command"); - rc = NGX_MAIL_PARSE_INVALID_COMMAND; - break; - } - - ngx_log_debug1(NGX_LOG_DEBUG_MAIL, c->log, 0, - "pop3 auth login username: \"%V\"", &s->login); - - size = sizeof(pop3_password) - 1; - text = pop3_password; - - break; - - case ngx_pop3_auth_login_password: - arg = s->args.elts; - -#if (NGX_DEBUG_MAIL_PASSWD) - ngx_log_debug1(NGX_LOG_DEBUG_MAIL, c->log, 0, - "pop3 auth login password: \"%V\"", &arg[0]); -#endif - - s->passwd.data = ngx_palloc(c->pool, - ngx_base64_decoded_length(arg[0].len)); - if (s->passwd.data == NULL){ - ngx_mail_session_internal_server_error(s); - return; - } - - if (ngx_decode_base64(&s->passwd, &arg[0]) != NGX_OK) { - ngx_log_error(NGX_LOG_INFO, c->log, 0, - "client sent invalid base64 encoding " - "in AUTH LOGIN command"); - rc = NGX_MAIL_PARSE_INVALID_COMMAND; - break; - } - -#if (NGX_DEBUG_MAIL_PASSWD) - ngx_log_debug1(NGX_LOG_DEBUG_MAIL, c->log, 0, - "pop3 auth login password: \"%V\"", &s->passwd); -#endif - - ngx_mail_do_auth(s); - return; - - case ngx_pop3_auth_plain: - arg = s->args.elts; - - rc = ngx_mail_decode_auth_plain(s, &arg[0]); - - if (rc == NGX_OK) { - ngx_mail_do_auth(s); - return; - } - - if (rc == NGX_ERROR) { - ngx_mail_session_internal_server_error(s); - return; - } - - /* rc == NGX_MAIL_PARSE_INVALID_COMMAND */ - - break; - - case ngx_pop3_auth_cram_md5: - arg = s->args.elts; - - ngx_log_debug1(NGX_LOG_DEBUG_MAIL, c->log, 0, - "pop3 auth cram-md5: \"%V\"", &arg[0]); - - s->login.data = ngx_palloc(c->pool, - ngx_base64_decoded_length(arg[0].len)); - if (s->login.data == NULL){ - ngx_mail_session_internal_server_error(s); - return; - } - - if (ngx_decode_base64(&s->login, &arg[0]) != NGX_OK) { - ngx_log_error(NGX_LOG_INFO, c->log, 0, - "client sent invalid base64 encoding " - "in AUTH CRAM-MD5 command"); - rc = NGX_MAIL_PARSE_INVALID_COMMAND; - break; - } - - p = s->login.data; - last = p + s->login.len; - - while (p < last) { - if (*p++ == ' ') { - s->login.len = p - s->login.data - 1; - s->passwd.len = last - p; - s->passwd.data = p; - break; - } - } - - if (s->passwd.len != 32) { - ngx_log_error(NGX_LOG_INFO, c->log, 0, - "client sent invalid CRAM-MD5 hash " - "in AUTH CRAM-MD5 command"); - rc = NGX_MAIL_PARSE_INVALID_COMMAND; - break; - } - - ngx_log_debug2(NGX_LOG_DEBUG_MAIL, c->log, 0, - "pop3 auth cram-md5: \"%V\" \"%V\"", - &s->login, &s->passwd); - - s->auth_method = NGX_MAIL_AUTH_CRAM_MD5; - - ngx_mail_do_auth(s); - return; - } - } - - if (rc == NGX_MAIL_PARSE_INVALID_COMMAND) { - s->mail_state = ngx_pop3_start; - s->state = 0; - text = pop3_invalid_command; - size = sizeof(pop3_invalid_command) - 1; - } - - s->args.nelts = 0; - s->buffer->pos = s->buffer->start; - s->buffer->last = s->buffer->start; - - if (s->state) { - s->arg_start = s->buffer->start; - } - - s->out.data = text; - s->out.len = size; - - ngx_mail_send(c->write); -} - - -void -ngx_imap_auth_state(ngx_event_t *rev) -{ - u_char *p, *last, *text, *dst, *src, *end; - ssize_t text_len, last_len; - ngx_str_t *arg, salt; - ngx_int_t rc; - ngx_uint_t tag, i; - ngx_connection_t *c; - ngx_mail_session_t *s; - ngx_mail_core_srv_conf_t *cscf; -#if (NGX_MAIL_SSL) - ngx_mail_ssl_conf_t *sslcf; -#endif - - c = rev->data; - s = c->data; - - ngx_log_debug0(NGX_LOG_DEBUG_MAIL, c->log, 0, "imap auth state"); - - if (rev->timedout) { - ngx_log_error(NGX_LOG_INFO, c->log, NGX_ETIMEDOUT, "client timed out"); - c->timedout = 1; - ngx_mail_close_connection(c); - return; - } - - if (s->out.len) { - ngx_log_debug0(NGX_LOG_DEBUG_MAIL, c->log, 0, "imap send handler busy"); - s->blocked = 1; - return; - } - - s->blocked = 0; - - rc = ngx_mail_read_command(s); - - if (rc == NGX_AGAIN || rc == NGX_ERROR) { - return; - } - - tag = 1; - - text = NULL; - text_len = 0; - - last = imap_ok; - last_len = sizeof(imap_ok) - 1; - - if (rc == NGX_OK) { - - ngx_log_debug1(NGX_LOG_DEBUG_MAIL, c->log, 0, "imap auth command: %i", - s->command); - - if (s->backslash) { - - arg = s->args.elts; - - for (i = 0; i < s->args.nelts; i++) { - dst = arg[i].data; - end = dst + arg[i].len; - - for (src = dst; src < end; dst++) { - *dst = *src; - if (*src++ == '\\') { - *dst = *src++; - } - } - - arg[i].len = dst - arg[i].data; - } - - s->backslash = 0; - } - - switch (s->mail_state) { - - case ngx_imap_start: - - switch (s->command) { - - case NGX_IMAP_LOGIN: - -#if (NGX_MAIL_SSL) - - if (c->ssl == NULL) { - sslcf = ngx_mail_get_module_srv_conf(s, ngx_mail_ssl_module); - - if (sslcf->starttls == NGX_MAIL_STARTTLS_ONLY) { - rc = NGX_MAIL_PARSE_INVALID_COMMAND; - break; - } - } -#endif - - arg = s->args.elts; - - if (s->args.nelts == 2 && arg[0].len) { - - s->login.len = arg[0].len; - s->login.data = ngx_palloc(c->pool, s->login.len); - if (s->login.data == NULL) { - ngx_mail_session_internal_server_error(s); - return; - } - - ngx_memcpy(s->login.data, arg[0].data, s->login.len); - - s->passwd.len = arg[1].len; - s->passwd.data = ngx_palloc(c->pool, s->passwd.len); - if (s->passwd.data == NULL) { - ngx_mail_session_internal_server_error(s); - return; - } - - ngx_memcpy(s->passwd.data, arg[1].data, s->passwd.len); - -#if (NGX_DEBUG_MAIL_PASSWD) - ngx_log_debug2(NGX_LOG_DEBUG_MAIL, c->log, 0, - "imap login:\"%V\" passwd:\"%V\"", - &s->login, &s->passwd); -#else - ngx_log_debug1(NGX_LOG_DEBUG_MAIL, c->log, 0, - "imap login:\"%V\"", &s->login); -#endif - - ngx_mail_do_auth(s); - return; - } - - rc = NGX_MAIL_PARSE_INVALID_COMMAND; - break; - - case NGX_IMAP_AUTHENTICATE: - -#if (NGX_MAIL_SSL) - - if (c->ssl == NULL) { - sslcf = ngx_mail_get_module_srv_conf(s, ngx_mail_ssl_module); - - if (sslcf->starttls == NGX_MAIL_STARTTLS_ONLY) { - rc = NGX_MAIL_PARSE_INVALID_COMMAND; - break; - } - } -#endif - - if (s->args.nelts != 1) { - rc = NGX_MAIL_PARSE_INVALID_COMMAND; - break; - } - - arg = s->args.elts; - - if (arg[0].len == 5) { - - if (ngx_strncasecmp(arg[0].data, (u_char *) "LOGIN", 5) - == 0) - { - - s->mail_state = ngx_imap_auth_login_username; - - last_len = sizeof(pop3_username) - 1; - last = pop3_username; - tag = 0; - - break; - - } else if (ngx_strncasecmp(arg[0].data, (u_char *) "PLAIN", - 5) - == 0) - { - - s->mail_state = ngx_imap_auth_plain; - - last_len = sizeof(pop3_next) - 1; - last = pop3_next; - tag = 0; - - break; - } - - } else if (arg[0].len == 8 - && ngx_strncasecmp(arg[0].data, - (u_char *) "CRAM-MD5", 8) - == 0) - { - cscf = ngx_mail_get_module_srv_conf(s, ngx_mail_core_module); - - if (!(cscf->imap_auth_methods - & NGX_MAIL_AUTH_CRAM_MD5_ENABLED) - || s->args.nelts != 1) - { - rc = NGX_MAIL_PARSE_INVALID_COMMAND; - break; - } - - s->mail_state = ngx_imap_auth_cram_md5; - - last = ngx_palloc(c->pool, - sizeof("+ " CRLF) - 1 - + ngx_base64_encoded_length(s->salt.len)); - if (last == NULL) { - ngx_mail_session_internal_server_error(s); - return; - } - - last[0] = '+'; last[1]= ' '; - salt.data = &last[2]; - s->salt.len -= 2; - - ngx_encode_base64(&salt, &s->salt); - - s->salt.len += 2; - last_len = 2 + salt.len; - last[last_len++] = CR; last[last_len++] = LF; - tag = 0; - - break; - } - - rc = NGX_MAIL_PARSE_INVALID_COMMAND; - break; - - case NGX_IMAP_CAPABILITY: - cscf = ngx_mail_get_module_srv_conf(s, ngx_mail_core_module); - -#if (NGX_MAIL_SSL) - - if (c->ssl == NULL) { - sslcf = ngx_mail_get_module_srv_conf(s, ngx_mail_ssl_module); - - if (sslcf->starttls == NGX_MAIL_STARTTLS_ON) { - text_len = cscf->imap_starttls_capability.len; - text = cscf->imap_starttls_capability.data; - break; - } - - if (sslcf->starttls == NGX_MAIL_STARTTLS_ONLY) { - text_len = cscf->imap_starttls_only_capability.len; - text = cscf->imap_starttls_only_capability.data; - break; - } - } -#endif - - text_len = cscf->imap_capability.len; - text = cscf->imap_capability.data; - break; - - case NGX_IMAP_LOGOUT: - s->quit = 1; - text = imap_bye; - text_len = sizeof(imap_bye) - 1; - break; - - case NGX_IMAP_NOOP: - break; - -#if (NGX_MAIL_SSL) - - case NGX_IMAP_STARTTLS: - if (c->ssl == NULL) { - sslcf = ngx_mail_get_module_srv_conf(s, ngx_mail_ssl_module); - if (sslcf->starttls) { - c->read->handler = ngx_mail_starttls_handler; - break; - } - } - - rc = NGX_MAIL_PARSE_INVALID_COMMAND; - break; -#endif - - default: - rc = NGX_MAIL_PARSE_INVALID_COMMAND; - break; - } - - break; - - case ngx_imap_auth_login_username: - arg = s->args.elts; - s->mail_state = ngx_imap_auth_login_password; - - ngx_log_debug1(NGX_LOG_DEBUG_MAIL, c->log, 0, - "imap auth login username: \"%V\"", &arg[0]); - - s->login.data = ngx_palloc(c->pool, - ngx_base64_decoded_length(arg[0].len)); - if (s->login.data == NULL){ - ngx_mail_session_internal_server_error(s); - return; - } - - if (ngx_decode_base64(&s->login, &arg[0]) != NGX_OK) { - ngx_log_error(NGX_LOG_INFO, c->log, 0, - "client sent invalid base64 encoding " - "in AUTH LOGIN command"); - rc = NGX_MAIL_PARSE_INVALID_COMMAND; - break; - } - - ngx_log_debug1(NGX_LOG_DEBUG_MAIL, c->log, 0, - "imap auth login username: \"%V\"", &s->login); - - last_len = sizeof(pop3_password) - 1; - last = pop3_password; - tag = 0; - - break; - - case ngx_imap_auth_login_password: - arg = s->args.elts; - -#if (NGX_DEBUG_MAIL_PASSWD) - ngx_log_debug1(NGX_LOG_DEBUG_MAIL, c->log, 0, - "imap auth login password: \"%V\"", &arg[0]); -#endif - - s->passwd.data = ngx_palloc(c->pool, - ngx_base64_decoded_length(arg[0].len)); - if (s->passwd.data == NULL){ - ngx_mail_session_internal_server_error(s); - return; - } - - if (ngx_decode_base64(&s->passwd, &arg[0]) != NGX_OK) { - ngx_log_error(NGX_LOG_INFO, c->log, 0, - "client sent invalid base64 encoding " - "in AUTH LOGIN command"); - rc = NGX_MAIL_PARSE_INVALID_COMMAND; - break; - } - -#if (NGX_DEBUG_MAIL_PASSWD) - ngx_log_debug1(NGX_LOG_DEBUG_MAIL, c->log, 0, - "imap auth login password: \"%V\"", &s->passwd); -#endif - - ngx_mail_do_auth(s); - return; - - case ngx_imap_auth_plain: - arg = s->args.elts; - - rc = ngx_mail_decode_auth_plain(s, &arg[0]); - - if (rc == NGX_OK) { - ngx_mail_do_auth(s); - return; - } - - if (rc == NGX_ERROR) { - ngx_mail_session_internal_server_error(s); - return; - } - - /* rc == NGX_MAIL_PARSE_INVALID_COMMAND */ - - break; - - case ngx_imap_auth_cram_md5: - arg = s->args.elts; - - ngx_log_debug1(NGX_LOG_DEBUG_MAIL, c->log, 0, - "imap auth cram-md5: \"%V\"", &arg[0]); - - s->login.data = ngx_palloc(c->pool, - ngx_base64_decoded_length(arg[0].len)); - if (s->login.data == NULL){ - ngx_mail_session_internal_server_error(s); - return; - } - - if (ngx_decode_base64(&s->login, &arg[0]) != NGX_OK) { - ngx_log_error(NGX_LOG_INFO, c->log, 0, - "client sent invalid base64 encoding " - "in AUTH CRAM-MD5 command"); - rc = NGX_MAIL_PARSE_INVALID_COMMAND; - break; - } - - p = s->login.data; - last = p + s->login.len; - - while (p < last) { - if (*p++ == ' ') { - s->login.len = p - s->login.data - 1; - s->passwd.len = last - p; - s->passwd.data = p; - break; - } - } - - if (s->passwd.len != 32) { - ngx_log_error(NGX_LOG_INFO, c->log, 0, - "client sent invalid CRAM-MD5 hash " - "in AUTH CRAM-MD5 command"); - rc = NGX_MAIL_PARSE_INVALID_COMMAND; - break; - } - - ngx_log_debug2(NGX_LOG_DEBUG_MAIL, c->log, 0, - "imap auth cram-md5: \"%V\" \"%V\"", - &s->login, &s->passwd); - - s->auth_method = NGX_MAIL_AUTH_CRAM_MD5; - - ngx_mail_do_auth(s); - return; - } - - } else if (rc == NGX_IMAP_NEXT) { - last = imap_next; - last_len = sizeof(imap_next) - 1; - tag = 0; - } - - if (rc == NGX_MAIL_PARSE_INVALID_COMMAND) { - s->mail_state = ngx_imap_start; - s->state = 0; - last = imap_invalid_command; - last_len = sizeof(imap_invalid_command) - 1; - } - - if (tag) { - if (s->tag.len == 0) { - s->tag.len = sizeof(imap_star) - 1; - s->tag.data = (u_char *) imap_star; - } - - if (s->tagged_line.len < s->tag.len + text_len + last_len) { - s->tagged_line.len = s->tag.len + text_len + last_len; - s->tagged_line.data = ngx_palloc(c->pool, s->tagged_line.len); - if (s->tagged_line.data == NULL) { - ngx_mail_close_connection(c); - return; - } - } - - s->out.data = s->tagged_line.data; - s->out.len = s->tag.len + text_len + last_len; - - p = s->out.data; - - if (text) { - p = ngx_cpymem(p, text, text_len); - } - p = ngx_cpymem(p, s->tag.data, s->tag.len); - ngx_memcpy(p, last, last_len); - - - } else { - s->out.data = last; - s->out.len = last_len; - } - - if (rc != NGX_IMAP_NEXT) { - s->args.nelts = 0; - - if (s->state) { - /* preserve tag */ - s->arg_start = s->buffer->start + s->tag.len; - s->buffer->pos = s->arg_start; - s->buffer->last = s->arg_start; - - } else { - s->buffer->pos = s->buffer->start; - s->buffer->last = s->buffer->start; - s->tag.len = 0; - } - } - - ngx_mail_send(c->write); -} - - -void -ngx_smtp_auth_state(ngx_event_t *rev) -{ - u_char *p, *last, *text, ch; - ssize_t size; - ngx_int_t rc; - ngx_str_t *arg, salt, l; - ngx_uint_t i; - ngx_connection_t *c; - ngx_mail_session_t *s; - ngx_mail_core_srv_conf_t *cscf; -#if (NGX_MAIL_SSL) - ngx_mail_ssl_conf_t *sslcf; -#endif - - c = rev->data; - s = c->data; - - ngx_log_debug0(NGX_LOG_DEBUG_MAIL, c->log, 0, "smtp auth state"); - - if (rev->timedout) { - ngx_log_error(NGX_LOG_INFO, c->log, NGX_ETIMEDOUT, "client timed out"); - c->timedout = 1; - ngx_mail_close_connection(c); - return; - } - - if (s->out.len) { - ngx_log_debug0(NGX_LOG_DEBUG_MAIL, c->log, 0, "smtp send handler busy"); - s->blocked = 1; - return; - } - - s->blocked = 0; - - rc = ngx_mail_read_command(s); - - if (rc == NGX_AGAIN || rc == NGX_ERROR) { - return; - } - - text = NULL; - size = 0; - - if (rc == NGX_OK) { - switch (s->mail_state) { - - case ngx_smtp_start: - - switch (s->command) { - - case NGX_SMTP_HELO: - case NGX_SMTP_EHLO: - cscf = ngx_mail_get_module_srv_conf(s, ngx_mail_core_module); - - if (s->args.nelts != 1) { - text = smtp_invalid_argument; - size = sizeof(smtp_invalid_argument) - 1; - s->state = 0; - break; - } - - arg = s->args.elts; - - s->smtp_helo.len = arg[0].len; - - s->smtp_helo.data = ngx_palloc(c->pool, arg[0].len); - if (s->smtp_helo.data == NULL) { - ngx_mail_session_internal_server_error(s); - return; - } - - ngx_memcpy(s->smtp_helo.data, arg[0].data, arg[0].len); - - if (s->command == NGX_SMTP_HELO) { - size = cscf->smtp_server_name.len; - text = cscf->smtp_server_name.data; - - } else { - s->esmtp = 1; - -#if (NGX_MAIL_SSL) - - if (c->ssl == NULL) { - sslcf = ngx_mail_get_module_srv_conf(s, ngx_mail_ssl_module); - - if (sslcf->starttls == NGX_MAIL_STARTTLS_ON) { - size = cscf->smtp_starttls_capability.len; - text = cscf->smtp_starttls_capability.data; - break; - } - - if (sslcf->starttls == NGX_MAIL_STARTTLS_ONLY) { - size = cscf->smtp_starttls_only_capability.len; - text = cscf->smtp_starttls_only_capability.data; - break; - } - } -#endif - - size = cscf->smtp_capability.len; - text = cscf->smtp_capability.data; - } - - break; - - case NGX_SMTP_AUTH: - -#if (NGX_MAIL_SSL) - - if (c->ssl == NULL) { - sslcf = ngx_mail_get_module_srv_conf(s, ngx_mail_ssl_module); - - if (sslcf->starttls == NGX_MAIL_STARTTLS_ONLY) { - rc = NGX_MAIL_PARSE_INVALID_COMMAND; - break; - } - } -#endif - - if (s->args.nelts == 0) { - text = smtp_invalid_argument; - size = sizeof(smtp_invalid_argument) - 1; - s->state = 0; - break; - } - - arg = s->args.elts; - - if (arg[0].len == 5) { - - if (ngx_strncasecmp(arg[0].data, (u_char *) "LOGIN", 5) - == 0) - { - - if (s->args.nelts != 1) { - rc = NGX_MAIL_PARSE_INVALID_COMMAND; - break; - } - - s->mail_state = ngx_smtp_auth_login_username; - - size = sizeof(smtp_username) - 1; - text = smtp_username; - - break; - - } else if (ngx_strncasecmp(arg[0].data, (u_char *) "PLAIN", - 5) - == 0) - { - if (s->args.nelts == 1) { - s->mail_state = ngx_smtp_auth_plain; - - size = sizeof(smtp_next) - 1; - text = smtp_next; - - break; - } - - if (s->args.nelts == 2) { - - rc = ngx_mail_decode_auth_plain(s, &arg[1]); - - if (rc == NGX_OK) { - ngx_mail_do_auth(s); - return; - } - - if (rc == NGX_ERROR) { - ngx_mail_session_internal_server_error(s); - return; - } - - /* rc == NGX_MAIL_PARSE_INVALID_COMMAND */ - - break; - } - - rc = NGX_MAIL_PARSE_INVALID_COMMAND; - break; - } - - } else if (arg[0].len == 8 - && ngx_strncasecmp(arg[0].data, - (u_char *) "CRAM-MD5", 8) - == 0) - { - cscf = ngx_mail_get_module_srv_conf(s, - ngx_mail_core_module); - - if (!(cscf->smtp_auth_methods - & NGX_MAIL_AUTH_CRAM_MD5_ENABLED) - || s->args.nelts != 1) - { - rc = NGX_MAIL_PARSE_INVALID_COMMAND; - break; - } - - s->mail_state = ngx_smtp_auth_cram_md5; - - text = ngx_palloc(c->pool, - sizeof("334 " CRLF) - 1 - + ngx_base64_encoded_length(s->salt.len)); - if (text == NULL) { - ngx_mail_session_internal_server_error(s); - return; - } - - text[0] = '3'; text[1]= '3'; text[2] = '4'; text[3]= ' '; - salt.data = &text[4]; - s->salt.len -= 2; - - ngx_encode_base64(&salt, &s->salt); - - s->salt.len += 2; - size = 4 + salt.len; - text[size++] = CR; text[size++] = LF; - - break; - } - - rc = NGX_MAIL_PARSE_INVALID_COMMAND; - break; - - case NGX_SMTP_QUIT: - s->quit = 1; - text = smtp_bye; - size = sizeof(smtp_bye) - 1; - break; - - case NGX_SMTP_MAIL: - - if (s->connection->log->log_level >= NGX_LOG_INFO) { - l.len = s->buffer->last - s->buffer->start; - l.data = s->buffer->start; - - for (i = 0; i < l.len; i++) { - ch = l.data[i]; - - if (ch != CR && ch != LF) { - continue; - } - - l.data[i] = ' '; - } - - while (i) { - if (l.data[i - 1] != ' ') { - break; - } - - i--; - } - - l.len = i; - - ngx_log_error(NGX_LOG_INFO, s->connection->log, 0, - "client was rejected: \"%V\"", &l); - } - - text = smtp_auth_required; - size = sizeof(smtp_auth_required) - 1; - break; - - case NGX_SMTP_NOOP: - case NGX_SMTP_RSET: - text = smtp_ok; - size = sizeof(smtp_ok) - 1; - break; - -#if (NGX_MAIL_SSL) - - case NGX_SMTP_STARTTLS: - if (c->ssl == NULL) { - sslcf = ngx_mail_get_module_srv_conf(s, - ngx_mail_ssl_module); - if (sslcf->starttls) { - c->read->handler = ngx_mail_starttls_handler; - - /* - * RFC3207 requires us to discard any knowledge - * obtained from client before STARTTLS. - */ - - s->smtp_helo.len = 0; - s->smtp_helo.data = NULL; - - text = smtp_ok; - size = sizeof(smtp_ok) - 1; - - break; - } - } - - rc = NGX_MAIL_PARSE_INVALID_COMMAND; - break; -#endif - - default: - rc = NGX_MAIL_PARSE_INVALID_COMMAND; - break; - } - - break; - - case ngx_smtp_auth_login_username: - arg = s->args.elts; - s->mail_state = ngx_smtp_auth_login_password; - - ngx_log_debug1(NGX_LOG_DEBUG_MAIL, c->log, 0, - "smtp auth login username: \"%V\"", &arg[0]); - - s->login.data = ngx_palloc(c->pool, - ngx_base64_decoded_length(arg[0].len)); - if (s->login.data == NULL){ - ngx_mail_session_internal_server_error(s); - return; - } - - if (ngx_decode_base64(&s->login, &arg[0]) != NGX_OK) { - ngx_log_error(NGX_LOG_INFO, c->log, 0, - "client sent invalid base64 encoding " - "in AUTH LOGIN command"); - rc = NGX_MAIL_PARSE_INVALID_COMMAND; - break; - } - - ngx_log_debug1(NGX_LOG_DEBUG_MAIL, c->log, 0, - "smtp auth login username: \"%V\"", &s->login); - - size = sizeof(smtp_password) - 1; - text = smtp_password; - - break; - - case ngx_smtp_auth_login_password: - arg = s->args.elts; - -#if (NGX_DEBUG_MAIL_PASSWD) - ngx_log_debug1(NGX_LOG_DEBUG_MAIL, c->log, 0, - "smtp auth login password: \"%V\"", &arg[0]); -#endif - - s->passwd.data = ngx_palloc(c->pool, - ngx_base64_decoded_length(arg[0].len)); - if (s->passwd.data == NULL){ - ngx_mail_session_internal_server_error(s); - return; - } - - if (ngx_decode_base64(&s->passwd, &arg[0]) != NGX_OK) { - ngx_log_error(NGX_LOG_INFO, c->log, 0, - "client sent invalid base64 encoding " - "in AUTH LOGIN command"); - rc = NGX_MAIL_PARSE_INVALID_COMMAND; - break; - } - -#if (NGX_DEBUG_MAIL_PASSWD) - ngx_log_debug1(NGX_LOG_DEBUG_MAIL, c->log, 0, - "smtp auth login password: \"%V\"", &s->passwd); -#endif - - ngx_mail_do_auth(s); - return; - - case ngx_smtp_auth_plain: - arg = s->args.elts; - - rc = ngx_mail_decode_auth_plain(s, &arg[0]); - - if (rc == NGX_OK) { - ngx_mail_do_auth(s); - return; - } - - if (rc == NGX_ERROR) { - ngx_mail_session_internal_server_error(s); - return; - } - - /* rc == NGX_MAIL_PARSE_INVALID_COMMAND */ - - break; - - case ngx_smtp_auth_cram_md5: - arg = s->args.elts; - - ngx_log_debug1(NGX_LOG_DEBUG_MAIL, c->log, 0, - "smtp auth cram-md5: \"%V\"", &arg[0]); - - s->login.data = ngx_palloc(c->pool, - ngx_base64_decoded_length(arg[0].len)); - if (s->login.data == NULL){ - ngx_mail_session_internal_server_error(s); - return; - } - - if (ngx_decode_base64(&s->login, &arg[0]) != NGX_OK) { - ngx_log_error(NGX_LOG_INFO, c->log, 0, - "client sent invalid base64 encoding " - "in AUTH CRAM-MD5 command"); - rc = NGX_MAIL_PARSE_INVALID_COMMAND; - break; - } - - p = s->login.data; - last = p + s->login.len; - - while (p < last) { - if (*p++ == ' ') { - s->login.len = p - s->login.data - 1; - s->passwd.len = last - p; - s->passwd.data = p; - break; - } - } - - if (s->passwd.len != 32) { - ngx_log_error(NGX_LOG_INFO, c->log, 0, - "client sent invalid CRAM-MD5 hash " - "in AUTH CRAM-MD5 command"); - rc = NGX_MAIL_PARSE_INVALID_COMMAND; - break; - } - - ngx_log_debug2(NGX_LOG_DEBUG_MAIL, c->log, 0, - "smtp auth cram-md5: \"%V\" \"%V\"", - &s->login, &s->passwd); - - s->auth_method = NGX_MAIL_AUTH_CRAM_MD5; - - ngx_mail_do_auth(s); - return; - } - } - - if (rc == NGX_MAIL_PARSE_INVALID_COMMAND) { - s->mail_state = ngx_smtp_start; - s->state = 0; - text = smtp_invalid_command; - size = sizeof(smtp_invalid_command) - 1; - } - - s->args.nelts = 0; - s->buffer->pos = s->buffer->start; - s->buffer->last = s->buffer->start; - - if (s->state) { - s->arg_start = s->buffer->start; - } - - s->out.data = text; - s->out.len = size; - - ngx_mail_send(c->write); -} - - -static ngx_int_t -ngx_mail_decode_auth_plain(ngx_mail_session_t *s, ngx_str_t *encoded) -{ - u_char *p, *last; - ngx_str_t plain; - -#if (NGX_DEBUG_MAIL_PASSWD) - ngx_log_debug1(NGX_LOG_DEBUG_MAIL, s->connection->log, 0, - "mail auth plain: \"%V\"", encoded); -#endif - - plain.data = ngx_palloc(s->connection->pool, - ngx_base64_decoded_length(encoded->len)); - if (plain.data == NULL){ - return NGX_ERROR; - } - - if (ngx_decode_base64(&plain, encoded) != NGX_OK) { - ngx_log_error(NGX_LOG_INFO, s->connection->log, 0, - "client sent invalid base64 encoding " - "in AUTH PLAIN command"); - return NGX_MAIL_PARSE_INVALID_COMMAND; - } - - p = plain.data; - last = p + plain.len; - - while (p < last && *p++) { /* void */ } - - if (p == last) { - ngx_log_error(NGX_LOG_INFO, s->connection->log, 0, - "client sent invalid login in AUTH PLAIN command"); - return NGX_MAIL_PARSE_INVALID_COMMAND; - } - - s->login.data = p; - - while (p < last && *p) { p++; } - - if (p == last) { - ngx_log_error(NGX_LOG_INFO, s->connection->log, 0, - "client sent invalid password in AUTH PLAIN command"); - return NGX_MAIL_PARSE_INVALID_COMMAND; - } - - s->login.len = p++ - s->login.data; - - s->passwd.len = last - p; - s->passwd.data = p; - -#if (NGX_DEBUG_MAIL_PASSWD) - ngx_log_debug2(NGX_LOG_DEBUG_MAIL, s->connection->log, 0, - "mail auth plain: \"%V\" \"%V\"", - &s->login, &s->passwd); -#endif - - return NGX_OK; -} - - -static void -ngx_mail_do_auth(ngx_mail_session_t *s) -{ - s->args.nelts = 0; - s->buffer->pos = s->buffer->start; - s->buffer->last = s->buffer->start; - s->state = 0; - - if (s->connection->read->timer_set) { - ngx_del_timer(s->connection->read); - } - - s->login_attempt++; - - ngx_mail_auth_http_init(s); -} - - -static ngx_int_t +ngx_int_t ngx_mail_read_command(ngx_mail_session_t *s) { ssize_t n; @@ -2027,19 +546,7 @@ ngx_mail_read_command(ngx_mail_session_t return NGX_AGAIN; } - switch (s->protocol) { - case NGX_MAIL_POP3_PROTOCOL: - rc = ngx_pop3_parse_command(s); - break; - - case NGX_MAIL_IMAP_PROTOCOL: - rc = ngx_imap_parse_command(s); - break; - - default: /* NGX_MAIL_SMTP_PROTOCOL */ - rc = ngx_smtp_parse_command(s); - break; - } + rc = ngx_mail_parse[s->protocol](s); if (rc == NGX_AGAIN) { @@ -2072,6 +579,24 @@ ngx_mail_read_command(ngx_mail_session_t void +ngx_mail_auth(ngx_mail_session_t *s) +{ + s->args.nelts = 0; + s->buffer->pos = s->buffer->start; + s->buffer->last = s->buffer->start; + s->state = 0; + + if (s->connection->read->timer_set) { + ngx_del_timer(s->connection->read); + } + + s->login_attempt++; + + ngx_mail_auth_http_init(s); +} + + +void ngx_mail_session_internal_server_error(ngx_mail_session_t *s) { s->out = internal_server_errors[s->protocol]; @@ -2114,7 +639,7 @@ ngx_mail_close_connection(ngx_connection } -static u_char * +u_char * ngx_mail_log_error(ngx_log_t *log, u_char *buf, size_t len) { u_char *p; diff --git a/src/mail/ngx_mail_handler.c b/src/mail/ngx_mail_imap_handler.c copy from src/mail/ngx_mail_handler.c copy to src/mail/ngx_mail_imap_handler.c --- a/src/mail/ngx_mail_handler.c +++ b/src/mail/ngx_mail_imap_handler.c @@ -10,391 +10,53 @@ #include -static void ngx_mail_init_session(ngx_connection_t *c); -static void ngx_mail_init_protocol(ngx_event_t *rev); -static ngx_int_t ngx_mail_decode_auth_plain(ngx_mail_session_t *s, - ngx_str_t *encoded); -static void ngx_mail_do_auth(ngx_mail_session_t *s); -static ngx_int_t ngx_mail_read_command(ngx_mail_session_t *s); -static u_char *ngx_mail_log_error(ngx_log_t *log, u_char *buf, size_t len); - -#if (NGX_MAIL_SSL) -static void ngx_mail_ssl_init_connection(ngx_ssl_t *ssl, ngx_connection_t *c); -static void ngx_mail_ssl_handshake_handler(ngx_connection_t *c); -#endif +static ngx_int_t ngx_mail_imap_login(ngx_mail_session_t *s, + ngx_connection_t *c); +static ngx_int_t ngx_mail_imap_authenticate(ngx_mail_session_t *s, + ngx_connection_t *c); +static ngx_int_t ngx_mail_imap_capability(ngx_mail_session_t *s, + ngx_connection_t *c); +static ngx_int_t ngx_mail_imap_starttls(ngx_mail_session_t *s, + ngx_connection_t *c); -static ngx_str_t greetings[] = { - ngx_string("+OK POP3 ready" CRLF), - ngx_string("* OK IMAP4 ready" CRLF) - /* SMTP greeting */ -}; - -static ngx_str_t internal_server_errors[] = { - ngx_string("-ERR internal server error" CRLF), - ngx_string("* BAD internal server error" CRLF), - ngx_string("451 4.3.2 Internal server error" CRLF), -}; - -static u_char pop3_ok[] = "+OK" CRLF; -static u_char pop3_next[] = "+ " CRLF; -static u_char pop3_username[] = "+ VXNlcm5hbWU6" CRLF; -static u_char pop3_password[] = "+ UGFzc3dvcmQ6" CRLF; -static u_char pop3_invalid_command[] = "-ERR invalid command" CRLF; - +static u_char imap_greeting[] = "* OK IMAP4 ready" CRLF; static u_char imap_star[] = "* "; static u_char imap_ok[] = "OK completed" CRLF; static u_char imap_next[] = "+ OK" CRLF; +static u_char imap_plain_next[] = "+ " CRLF; +static u_char imap_username[] = "+ VXNlcm5hbWU6" CRLF; +static u_char imap_password[] = "+ UGFzc3dvcmQ6" CRLF; static u_char imap_bye[] = "* BYE" CRLF; static u_char imap_invalid_command[] = "BAD invalid command" CRLF; -static u_char smtp_ok[] = "250 2.0.0 OK" CRLF; -static u_char smtp_bye[] = "221 2.0.0 Bye" CRLF; -static u_char smtp_next[] = "334 " CRLF; -static u_char smtp_username[] = "334 VXNlcm5hbWU6" CRLF; -static u_char smtp_password[] = "334 UGFzc3dvcmQ6" CRLF; -static u_char smtp_invalid_command[] = "500 5.5.1 Invalid command" CRLF; -static u_char smtp_invalid_argument[] = "501 5.5.4 Invalid argument" CRLF; -static u_char smtp_auth_required[] = "530 5.7.1 Authentication required" CRLF; - void -ngx_mail_init_connection(ngx_connection_t *c) +ngx_mail_imap_init_session(ngx_mail_session_t *s, ngx_connection_t *c) { - in_addr_t in_addr; - socklen_t len; - ngx_uint_t i; - struct sockaddr_in sin; - ngx_mail_log_ctx_t *ctx; - ngx_mail_in_port_t *imip; - ngx_mail_in_addr_t *imia; - ngx_mail_session_t *s; -#if (NGX_MAIL_SSL) - ngx_mail_ssl_conf_t *sslcf; -#endif - - - /* find the server configuration for the address:port */ - - /* AF_INET only */ - - imip = c->listening->servers; - imia = imip->addrs; - - i = 0; - - if (imip->naddrs > 1) { + ngx_mail_core_srv_conf_t *cscf; - /* - * There are several addresses on this port and one of them - * is the "*:port" wildcard so getsockname() is needed to determine - * the server address. - * - * AcceptEx() already gave this address. - */ - -#if (NGX_WIN32) - if (c->local_sockaddr) { - in_addr = - ((struct sockaddr_in *) c->local_sockaddr)->sin_addr.s_addr; + cscf = ngx_mail_get_module_srv_conf(s, ngx_mail_core_module); - } else -#endif - { - len = sizeof(struct sockaddr_in); - if (getsockname(c->fd, (struct sockaddr *) &sin, &len) == -1) { - ngx_connection_error(c, ngx_socket_errno, - "getsockname() failed"); - ngx_mail_close_connection(c); - return; - } - - in_addr = sin.sin_addr.s_addr; - } - - /* the last address is "*" */ - - for ( /* void */ ; i < imip->naddrs - 1; i++) { - if (in_addr == imia[i].addr) { - break; - } + if (cscf->imap_auth_methods & NGX_MAIL_AUTH_CRAM_MD5_ENABLED) { + if (ngx_mail_salt(s, c, cscf) != NGX_OK) { + ngx_mail_session_internal_server_error(s); + return; } } - - s = ngx_pcalloc(c->pool, sizeof(ngx_mail_session_t)); - if (s == NULL) { - ngx_mail_close_connection(c); - return; - } - - s->main_conf = imia[i].ctx->main_conf; - s->srv_conf = imia[i].ctx->srv_conf; - - s->addr_text = &imia[i].addr_text; - - c->data = s; - s->connection = c; - - ngx_log_error(NGX_LOG_INFO, c->log, 0, "*%ui client %V connected to %V", - c->number, &c->addr_text, s->addr_text); - - ctx = ngx_palloc(c->pool, sizeof(ngx_mail_log_ctx_t)); - if (ctx == NULL) { - ngx_mail_close_connection(c); - return; - } - - ctx->client = &c->addr_text; - ctx->session = s; - - c->log->connection = c->number; - c->log->handler = ngx_mail_log_error; - c->log->data = ctx; - c->log->action = "sending client greeting line"; - - c->log_error = NGX_ERROR_INFO; - -#if (NGX_MAIL_SSL) - - sslcf = ngx_mail_get_module_srv_conf(s, ngx_mail_ssl_module); - - if (sslcf->enable) { - ngx_mail_ssl_init_connection(&sslcf->ssl, c); - return; - } - -#endif - - ngx_mail_init_session(c); -} - - -#if (NGX_MAIL_SSL) - -static void -ngx_mail_starttls_handler(ngx_event_t *rev) -{ - ngx_connection_t *c; - ngx_mail_session_t *s; - ngx_mail_ssl_conf_t *sslcf; - - c = rev->data; - s = c->data; - s->starttls = 1; - - c->log->action = "in starttls state"; - - sslcf = ngx_mail_get_module_srv_conf(s, ngx_mail_ssl_module); - - ngx_mail_ssl_init_connection(&sslcf->ssl, c); -} - - -static void -ngx_mail_ssl_init_connection(ngx_ssl_t *ssl, ngx_connection_t *c) -{ - ngx_mail_session_t *s; - ngx_mail_core_srv_conf_t *cscf; - - if (ngx_ssl_create_connection(ssl, c, 0) == NGX_ERROR) { - ngx_mail_close_connection(c); - return; - } - - if (ngx_ssl_handshake(c) == NGX_AGAIN) { - - s = c->data; - - cscf = ngx_mail_get_module_srv_conf(s, ngx_mail_core_module); - - ngx_add_timer(c->read, cscf->timeout); - - c->ssl->handler = ngx_mail_ssl_handshake_handler; - - return; - } - - ngx_mail_ssl_handshake_handler(c); -} - + c->read->handler = ngx_mail_imap_init_protocol; -static void -ngx_mail_ssl_handshake_handler(ngx_connection_t *c) -{ - ngx_mail_session_t *s; - - if (c->ssl->handshaked) { - - s = c->data; - - if (s->starttls) { - c->read->handler = ngx_mail_init_protocol; - c->write->handler = ngx_mail_send; - - ngx_mail_init_protocol(c->read); - - return; - } - - ngx_mail_init_session(c); - return; - } - - ngx_mail_close_connection(c); -} - -#endif - - -static void -ngx_mail_init_session(ngx_connection_t *c) -{ - u_char *p; - ngx_mail_session_t *s; - ngx_mail_core_srv_conf_t *cscf; - - c->read->handler = ngx_mail_init_protocol; - c->write->handler = ngx_mail_send; - - s = c->data; - - cscf = ngx_mail_get_module_srv_conf(s, ngx_mail_core_module); - - s->protocol = cscf->protocol; - - s->ctx = ngx_pcalloc(c->pool, sizeof(void *) * ngx_mail_max_module); - if (s->ctx == NULL) { - ngx_mail_session_internal_server_error(s); - return; - } - - if (s->protocol == NGX_MAIL_SMTP_PROTOCOL) { - s->out = cscf->smtp_greeting; - - } else { - s->out = greetings[s->protocol]; - } - - if ((s->protocol == NGX_MAIL_POP3_PROTOCOL - && (cscf->pop3_auth_methods - & (NGX_MAIL_AUTH_APOP_ENABLED|NGX_MAIL_AUTH_CRAM_MD5_ENABLED))) - - || (s->protocol == NGX_MAIL_IMAP_PROTOCOL - && (cscf->imap_auth_methods & NGX_MAIL_AUTH_CRAM_MD5_ENABLED)) - - || (s->protocol == NGX_MAIL_SMTP_PROTOCOL - && (cscf->smtp_auth_methods & NGX_MAIL_AUTH_CRAM_MD5_ENABLED))) - { - s->salt.data = ngx_palloc(c->pool, - sizeof(" <18446744073709551616.@>" CRLF) - 1 - + NGX_TIME_T_LEN - + cscf->server_name.len); - if (s->salt.data == NULL) { - ngx_mail_session_internal_server_error(s); - return; - } - - s->salt.len = ngx_sprintf(s->salt.data, "<%ul.%T@%V>" CRLF, - ngx_random(), ngx_time(), &cscf->server_name) - - s->salt.data; - - if (s->protocol == NGX_MAIL_POP3_PROTOCOL) { - s->out.data = ngx_palloc(c->pool, - greetings[0].len + 1 + s->salt.len); - if (s->out.data == NULL) { - ngx_mail_session_internal_server_error(s); - return; - } - - p = ngx_cpymem(s->out.data, - greetings[0].data, greetings[0].len - 2); - *p++ = ' '; - p = ngx_cpymem(p, s->salt.data, s->salt.len); - - s->out.len = p - s->out.data; - } - } - - ngx_add_timer(c->read, cscf->timeout); - - if (ngx_handle_read_event(c->read, 0) == NGX_ERROR) { - ngx_mail_close_connection(c); - } + s->out.len = sizeof(imap_greeting) - 1; + s->out.data = imap_greeting; ngx_mail_send(c->write); } void -ngx_mail_send(ngx_event_t *wev) +ngx_mail_imap_init_protocol(ngx_event_t *rev) { - ngx_int_t n; - ngx_connection_t *c; - ngx_mail_session_t *s; - ngx_mail_core_srv_conf_t *cscf; - - c = wev->data; - s = c->data; - - if (wev->timedout) { - ngx_log_error(NGX_LOG_INFO, c->log, NGX_ETIMEDOUT, "client timed out"); - c->timedout = 1; - ngx_mail_close_connection(c); - return; - } - - if (s->out.len == 0) { - if (ngx_handle_write_event(c->write, 0) == NGX_ERROR) { - ngx_mail_close_connection(c); - } - - return; - } - - n = c->send(c, s->out.data, s->out.len); - - if (n > 0) { - s->out.len -= n; - - if (wev->timer_set) { - ngx_del_timer(wev); - } - - if (s->quit) { - ngx_mail_close_connection(c); - return; - } - - if (s->blocked) { - c->read->handler(c->read); - } - - return; - } - - if (n == NGX_ERROR) { - ngx_mail_close_connection(c); - return; - } - - /* n == NGX_AGAIN */ - - cscf = ngx_mail_get_module_srv_conf(s, ngx_mail_core_module); - - ngx_add_timer(c->write, cscf->timeout); - - if (ngx_handle_write_event(c->write, 0) == NGX_ERROR) { - ngx_mail_close_connection(c); - return; - } -} - - -static void -ngx_mail_init_protocol(ngx_event_t *rev) -{ - size_t size; ngx_connection_t *c; ngx_mail_session_t *s; ngx_mail_core_srv_conf_t *cscf; @@ -412,28 +74,6 @@ ngx_mail_init_protocol(ngx_event_t *rev) s = c->data; - switch (s->protocol) { - - case NGX_MAIL_POP3_PROTOCOL: - size = 128; - s->mail_state = ngx_pop3_start; - c->read->handler = ngx_pop3_auth_state; - break; - - case NGX_MAIL_IMAP_PROTOCOL: - cscf = ngx_mail_get_module_srv_conf(s, ngx_mail_core_module); - size = cscf->imap_client_buffer_size; - s->mail_state = ngx_imap_start; - c->read->handler = ngx_imap_auth_state; - break; - - default: /* NGX_MAIL_SMTP_PROTOCOL */ - size = 512; - s->mail_state = ngx_smtp_start; - c->read->handler = ngx_smtp_auth_state; - break; - } - if (s->buffer == NULL) { if (ngx_array_init(&s->args, c->pool, 2, sizeof(ngx_str_t)) == NGX_ERROR) @@ -442,561 +82,31 @@ ngx_mail_init_protocol(ngx_event_t *rev) return; } - s->buffer = ngx_create_temp_buf(c->pool, size); + cscf = ngx_mail_get_module_srv_conf(s, ngx_mail_core_module); + + s->buffer = ngx_create_temp_buf(c->pool, cscf->imap_client_buffer_size); if (s->buffer == NULL) { ngx_mail_session_internal_server_error(s); return; } } - c->read->handler(rev); -} - - -void -ngx_pop3_auth_state(ngx_event_t *rev) -{ - u_char *p, *last, *text; - ssize_t size; - ngx_int_t rc; - ngx_str_t *arg, salt; - ngx_connection_t *c; - ngx_mail_session_t *s; - ngx_mail_core_srv_conf_t *cscf; -#if (NGX_MAIL_SSL) - ngx_mail_ssl_conf_t *sslcf; -#endif - - c = rev->data; - s = c->data; - - ngx_log_debug0(NGX_LOG_DEBUG_MAIL, c->log, 0, "pop3 auth state"); - - if (rev->timedout) { - ngx_log_error(NGX_LOG_INFO, c->log, NGX_ETIMEDOUT, "client timed out"); - c->timedout = 1; - ngx_mail_close_connection(c); - return; - } - - if (s->out.len) { - ngx_log_debug0(NGX_LOG_DEBUG_MAIL, c->log, 0, "pop3 send handler busy"); - s->blocked = 1; - return; - } - - s->blocked = 0; - - rc = ngx_mail_read_command(s); - - if (rc == NGX_AGAIN || rc == NGX_ERROR) { - return; - } - - text = pop3_ok; - size = sizeof(pop3_ok) - 1; - - if (rc == NGX_OK) { - switch (s->mail_state) { - - case ngx_pop3_start: - - switch (s->command) { - - case NGX_POP3_USER: - -#if (NGX_MAIL_SSL) - - if (c->ssl == NULL) { - sslcf = ngx_mail_get_module_srv_conf(s, - ngx_mail_ssl_module); - - if (sslcf->starttls == NGX_MAIL_STARTTLS_ONLY) { - rc = NGX_MAIL_PARSE_INVALID_COMMAND; - break; - } - } -#endif - - if (s->args.nelts == 1) { - s->mail_state = ngx_pop3_user; - - arg = s->args.elts; - s->login.len = arg[0].len; - s->login.data = ngx_palloc(c->pool, s->login.len); - if (s->login.data == NULL) { - ngx_mail_session_internal_server_error(s); - return; - } - - ngx_memcpy(s->login.data, arg[0].data, s->login.len); - - ngx_log_debug1(NGX_LOG_DEBUG_MAIL, c->log, 0, - "pop3 login: \"%V\"", &s->login); - - break; - } - - rc = NGX_MAIL_PARSE_INVALID_COMMAND; - break; - - case NGX_POP3_CAPA: - cscf = ngx_mail_get_module_srv_conf(s, ngx_mail_core_module); - -#if (NGX_MAIL_SSL) - - if (c->ssl == NULL) { - sslcf = ngx_mail_get_module_srv_conf(s, - ngx_mail_ssl_module); - - if (sslcf->starttls == NGX_MAIL_STARTTLS_ON) { - size = cscf->pop3_starttls_capability.len; - text = cscf->pop3_starttls_capability.data; - break; - } - - if (sslcf->starttls == NGX_MAIL_STARTTLS_ONLY) { - size = cscf->pop3_starttls_only_capability.len; - text = cscf->pop3_starttls_only_capability.data; - break; - } - } -#endif - - size = cscf->pop3_capability.len; - text = cscf->pop3_capability.data; - break; - - case NGX_POP3_APOP: - -#if (NGX_MAIL_SSL) - - if (c->ssl == NULL) { - sslcf = ngx_mail_get_module_srv_conf(s, - ngx_mail_ssl_module); - - if (sslcf->starttls == NGX_MAIL_STARTTLS_ONLY) { - rc = NGX_MAIL_PARSE_INVALID_COMMAND; - break; - } - } -#endif - - cscf = ngx_mail_get_module_srv_conf(s, ngx_mail_core_module); - - if ((cscf->pop3_auth_methods & NGX_MAIL_AUTH_APOP_ENABLED) - && s->args.nelts == 2) - { - arg = s->args.elts; - - s->login.len = arg[0].len; - s->login.data = ngx_palloc(c->pool, s->login.len); - if (s->login.data == NULL) { - ngx_mail_session_internal_server_error(s); - return; - } - - ngx_memcpy(s->login.data, arg[0].data, s->login.len); - - s->passwd.len = arg[1].len; - s->passwd.data = ngx_palloc(c->pool, s->passwd.len); - if (s->passwd.data == NULL) { - ngx_mail_session_internal_server_error(s); - return; - } - - ngx_memcpy(s->passwd.data, arg[1].data, s->passwd.len); - - ngx_log_debug2(NGX_LOG_DEBUG_MAIL, c->log, 0, - "pop3 apop: \"%V\" \"%V\"", - &s->login, &s->passwd); - - s->auth_method = NGX_MAIL_AUTH_APOP; - - ngx_mail_do_auth(s); - return; - } - - rc = NGX_MAIL_PARSE_INVALID_COMMAND; - break; - - case NGX_POP3_AUTH: - -#if (NGX_MAIL_SSL) - - if (c->ssl == NULL) { - sslcf = ngx_mail_get_module_srv_conf(s, - ngx_mail_ssl_module); - - if (sslcf->starttls == NGX_MAIL_STARTTLS_ONLY) { - rc = NGX_MAIL_PARSE_INVALID_COMMAND; - break; - } - } -#endif - - cscf = ngx_mail_get_module_srv_conf(s, ngx_mail_core_module); - - if (s->args.nelts == 0) { - size = cscf->pop3_auth_capability.len; - text = cscf->pop3_auth_capability.data; - s->state = 0; - break; - } - - arg = s->args.elts; - - if (arg[0].len == 5) { - - if (ngx_strncasecmp(arg[0].data, (u_char *) "LOGIN", 5) - == 0) - { - - if (s->args.nelts != 1) { - rc = NGX_MAIL_PARSE_INVALID_COMMAND; - break; - } - - s->mail_state = ngx_pop3_auth_login_username; - - size = sizeof(pop3_username) - 1; - text = pop3_username; - - break; - - } else if (ngx_strncasecmp(arg[0].data, (u_char *) "PLAIN", - 5) - == 0) - { - - if (s->args.nelts == 1) { - s->mail_state = ngx_pop3_auth_plain; - - size = sizeof(pop3_next) - 1; - text = pop3_next; - - break; - } - - if (s->args.nelts == 2) { - - /* - * workaround for Eudora for Mac: it sends - * AUTH PLAIN [base64 encoded] - */ - - rc = ngx_mail_decode_auth_plain(s, &arg[1]); - - if (rc == NGX_OK) { - ngx_mail_do_auth(s); - return; - } - - if (rc == NGX_ERROR) { - ngx_mail_session_internal_server_error(s); - return; - } - - /* rc == NGX_MAIL_PARSE_INVALID_COMMAND */ - - break; - } - - rc = NGX_MAIL_PARSE_INVALID_COMMAND; - break; - } + s->mail_state = ngx_imap_start; + c->read->handler = ngx_imap_auth_state; - } else if (arg[0].len == 8 - && ngx_strncasecmp(arg[0].data, - (u_char *) "CRAM-MD5", 8) - == 0) - { - if (!(cscf->pop3_auth_methods - & NGX_MAIL_AUTH_CRAM_MD5_ENABLED) - || s->args.nelts != 1) - { - rc = NGX_MAIL_PARSE_INVALID_COMMAND; - break; - } - - s->mail_state = ngx_pop3_auth_cram_md5; - - text = ngx_palloc(c->pool, - sizeof("+ " CRLF) - 1 - + ngx_base64_encoded_length(s->salt.len)); - if (text == NULL) { - ngx_mail_session_internal_server_error(s); - return; - } - - text[0] = '+'; text[1]= ' '; - salt.data = &text[2]; - s->salt.len -= 2; - - ngx_encode_base64(&salt, &s->salt); - - s->salt.len += 2; - size = 2 + salt.len; - text[size++] = CR; text[size++] = LF; - - break; - } - - rc = NGX_MAIL_PARSE_INVALID_COMMAND; - break; - - case NGX_POP3_QUIT: - s->quit = 1; - break; - - case NGX_POP3_NOOP: - break; - -#if (NGX_MAIL_SSL) - - case NGX_POP3_STLS: - if (c->ssl == NULL) { - sslcf = ngx_mail_get_module_srv_conf(s, - ngx_mail_ssl_module); - if (sslcf->starttls) { - c->read->handler = ngx_mail_starttls_handler; - break; - } - } - - rc = NGX_MAIL_PARSE_INVALID_COMMAND; - break; -#endif - - default: - s->mail_state = ngx_pop3_start; - rc = NGX_MAIL_PARSE_INVALID_COMMAND; - break; - } - - break; - - case ngx_pop3_user: - - switch (s->command) { - - case NGX_POP3_PASS: - if (s->args.nelts == 1) { - arg = s->args.elts; - s->passwd.len = arg[0].len; - s->passwd.data = ngx_palloc(c->pool, s->passwd.len); - if (s->passwd.data == NULL) { - ngx_mail_session_internal_server_error(s); - return; - } - - ngx_memcpy(s->passwd.data, arg[0].data, s->passwd.len); - -#if (NGX_DEBUG_MAIL_PASSWD) - ngx_log_debug1(NGX_LOG_DEBUG_MAIL, c->log, 0, - "pop3 passwd: \"%V\"", &s->passwd); -#endif - - ngx_mail_do_auth(s); - return; - } - - rc = NGX_MAIL_PARSE_INVALID_COMMAND; - break; - - case NGX_POP3_CAPA: - cscf = ngx_mail_get_module_srv_conf(s, ngx_mail_core_module); - size = cscf->pop3_capability.len; - text = cscf->pop3_capability.data; - break; - - case NGX_POP3_QUIT: - s->quit = 1; - break; - - case NGX_POP3_NOOP: - break; - - default: - s->mail_state = ngx_pop3_start; - rc = NGX_MAIL_PARSE_INVALID_COMMAND; - break; - } - - break; - - /* suppress warinings */ - case ngx_pop3_passwd: - break; - - case ngx_pop3_auth_login_username: - arg = s->args.elts; - s->mail_state = ngx_pop3_auth_login_password; - - ngx_log_debug1(NGX_LOG_DEBUG_MAIL, c->log, 0, - "pop3 auth login username: \"%V\"", &arg[0]); - - s->login.data = ngx_palloc(c->pool, - ngx_base64_decoded_length(arg[0].len)); - if (s->login.data == NULL){ - ngx_mail_session_internal_server_error(s); - return; - } - - if (ngx_decode_base64(&s->login, &arg[0]) != NGX_OK) { - ngx_log_error(NGX_LOG_INFO, c->log, 0, - "client sent invalid base64 encoding " - "in AUTH LOGIN command"); - rc = NGX_MAIL_PARSE_INVALID_COMMAND; - break; - } - - ngx_log_debug1(NGX_LOG_DEBUG_MAIL, c->log, 0, - "pop3 auth login username: \"%V\"", &s->login); - - size = sizeof(pop3_password) - 1; - text = pop3_password; - - break; - - case ngx_pop3_auth_login_password: - arg = s->args.elts; - -#if (NGX_DEBUG_MAIL_PASSWD) - ngx_log_debug1(NGX_LOG_DEBUG_MAIL, c->log, 0, - "pop3 auth login password: \"%V\"", &arg[0]); -#endif - - s->passwd.data = ngx_palloc(c->pool, - ngx_base64_decoded_length(arg[0].len)); - if (s->passwd.data == NULL){ - ngx_mail_session_internal_server_error(s); - return; - } - - if (ngx_decode_base64(&s->passwd, &arg[0]) != NGX_OK) { - ngx_log_error(NGX_LOG_INFO, c->log, 0, - "client sent invalid base64 encoding " - "in AUTH LOGIN command"); - rc = NGX_MAIL_PARSE_INVALID_COMMAND; - break; - } - -#if (NGX_DEBUG_MAIL_PASSWD) - ngx_log_debug1(NGX_LOG_DEBUG_MAIL, c->log, 0, - "pop3 auth login password: \"%V\"", &s->passwd); -#endif - - ngx_mail_do_auth(s); - return; - - case ngx_pop3_auth_plain: - arg = s->args.elts; - - rc = ngx_mail_decode_auth_plain(s, &arg[0]); - - if (rc == NGX_OK) { - ngx_mail_do_auth(s); - return; - } - - if (rc == NGX_ERROR) { - ngx_mail_session_internal_server_error(s); - return; - } - - /* rc == NGX_MAIL_PARSE_INVALID_COMMAND */ - - break; - - case ngx_pop3_auth_cram_md5: - arg = s->args.elts; - - ngx_log_debug1(NGX_LOG_DEBUG_MAIL, c->log, 0, - "pop3 auth cram-md5: \"%V\"", &arg[0]); - - s->login.data = ngx_palloc(c->pool, - ngx_base64_decoded_length(arg[0].len)); - if (s->login.data == NULL){ - ngx_mail_session_internal_server_error(s); - return; - } - - if (ngx_decode_base64(&s->login, &arg[0]) != NGX_OK) { - ngx_log_error(NGX_LOG_INFO, c->log, 0, - "client sent invalid base64 encoding " - "in AUTH CRAM-MD5 command"); - rc = NGX_MAIL_PARSE_INVALID_COMMAND; - break; - } - - p = s->login.data; - last = p + s->login.len; - - while (p < last) { - if (*p++ == ' ') { - s->login.len = p - s->login.data - 1; - s->passwd.len = last - p; - s->passwd.data = p; - break; - } - } - - if (s->passwd.len != 32) { - ngx_log_error(NGX_LOG_INFO, c->log, 0, - "client sent invalid CRAM-MD5 hash " - "in AUTH CRAM-MD5 command"); - rc = NGX_MAIL_PARSE_INVALID_COMMAND; - break; - } - - ngx_log_debug2(NGX_LOG_DEBUG_MAIL, c->log, 0, - "pop3 auth cram-md5: \"%V\" \"%V\"", - &s->login, &s->passwd); - - s->auth_method = NGX_MAIL_AUTH_CRAM_MD5; - - ngx_mail_do_auth(s); - return; - } - } - - if (rc == NGX_MAIL_PARSE_INVALID_COMMAND) { - s->mail_state = ngx_pop3_start; - s->state = 0; - text = pop3_invalid_command; - size = sizeof(pop3_invalid_command) - 1; - } - - s->args.nelts = 0; - s->buffer->pos = s->buffer->start; - s->buffer->last = s->buffer->start; - - if (s->state) { - s->arg_start = s->buffer->start; - } - - s->out.data = text; - s->out.len = size; - - ngx_mail_send(c->write); + ngx_imap_auth_state(rev); } void ngx_imap_auth_state(ngx_event_t *rev) { - u_char *p, *last, *text, *dst, *src, *end; - ssize_t text_len, last_len; - ngx_str_t *arg, salt; - ngx_int_t rc; - ngx_uint_t tag, i; - ngx_connection_t *c; - ngx_mail_session_t *s; - ngx_mail_core_srv_conf_t *cscf; -#if (NGX_MAIL_SSL) - ngx_mail_ssl_conf_t *sslcf; -#endif + u_char *p, *dst, *src, *end; + ngx_str_t *arg; + ngx_int_t rc; + ngx_uint_t tag, i; + ngx_connection_t *c; + ngx_mail_session_t *s; c = rev->data; s = c->data; @@ -1025,12 +135,9 @@ ngx_imap_auth_state(ngx_event_t *rev) } tag = 1; - - text = NULL; - text_len = 0; - - last = imap_ok; - last_len = sizeof(imap_ok) - 1; + s->text.len = 0; + s->out.len = sizeof(imap_ok) - 1; + s->out.data = imap_ok; if (rc == NGX_OK) { @@ -1065,197 +172,34 @@ ngx_imap_auth_state(ngx_event_t *rev) switch (s->command) { case NGX_IMAP_LOGIN: - -#if (NGX_MAIL_SSL) - - if (c->ssl == NULL) { - sslcf = ngx_mail_get_module_srv_conf(s, ngx_mail_ssl_module); - - if (sslcf->starttls == NGX_MAIL_STARTTLS_ONLY) { - rc = NGX_MAIL_PARSE_INVALID_COMMAND; - break; - } - } -#endif - - arg = s->args.elts; - - if (s->args.nelts == 2 && arg[0].len) { - - s->login.len = arg[0].len; - s->login.data = ngx_palloc(c->pool, s->login.len); - if (s->login.data == NULL) { - ngx_mail_session_internal_server_error(s); - return; - } - - ngx_memcpy(s->login.data, arg[0].data, s->login.len); - - s->passwd.len = arg[1].len; - s->passwd.data = ngx_palloc(c->pool, s->passwd.len); - if (s->passwd.data == NULL) { - ngx_mail_session_internal_server_error(s); - return; - } - - ngx_memcpy(s->passwd.data, arg[1].data, s->passwd.len); - -#if (NGX_DEBUG_MAIL_PASSWD) - ngx_log_debug2(NGX_LOG_DEBUG_MAIL, c->log, 0, - "imap login:\"%V\" passwd:\"%V\"", - &s->login, &s->passwd); -#else - ngx_log_debug1(NGX_LOG_DEBUG_MAIL, c->log, 0, - "imap login:\"%V\"", &s->login); -#endif - - ngx_mail_do_auth(s); - return; - } - - rc = NGX_MAIL_PARSE_INVALID_COMMAND; + rc = ngx_mail_imap_login(s, c); break; case NGX_IMAP_AUTHENTICATE: - -#if (NGX_MAIL_SSL) - - if (c->ssl == NULL) { - sslcf = ngx_mail_get_module_srv_conf(s, ngx_mail_ssl_module); + rc = ngx_mail_imap_authenticate(s, c); - if (sslcf->starttls == NGX_MAIL_STARTTLS_ONLY) { - rc = NGX_MAIL_PARSE_INVALID_COMMAND; - break; - } - } -#endif - - if (s->args.nelts != 1) { - rc = NGX_MAIL_PARSE_INVALID_COMMAND; - break; + if (rc == NGX_OK) { + tag = 0; } - arg = s->args.elts; - - if (arg[0].len == 5) { - - if (ngx_strncasecmp(arg[0].data, (u_char *) "LOGIN", 5) - == 0) - { - - s->mail_state = ngx_imap_auth_login_username; - - last_len = sizeof(pop3_username) - 1; - last = pop3_username; - tag = 0; - - break; - - } else if (ngx_strncasecmp(arg[0].data, (u_char *) "PLAIN", - 5) - == 0) - { - - s->mail_state = ngx_imap_auth_plain; - - last_len = sizeof(pop3_next) - 1; - last = pop3_next; - tag = 0; - - break; - } - - } else if (arg[0].len == 8 - && ngx_strncasecmp(arg[0].data, - (u_char *) "CRAM-MD5", 8) - == 0) - { - cscf = ngx_mail_get_module_srv_conf(s, ngx_mail_core_module); - - if (!(cscf->imap_auth_methods - & NGX_MAIL_AUTH_CRAM_MD5_ENABLED) - || s->args.nelts != 1) - { - rc = NGX_MAIL_PARSE_INVALID_COMMAND; - break; - } - - s->mail_state = ngx_imap_auth_cram_md5; - - last = ngx_palloc(c->pool, - sizeof("+ " CRLF) - 1 - + ngx_base64_encoded_length(s->salt.len)); - if (last == NULL) { - ngx_mail_session_internal_server_error(s); - return; - } - - last[0] = '+'; last[1]= ' '; - salt.data = &last[2]; - s->salt.len -= 2; - - ngx_encode_base64(&salt, &s->salt); - - s->salt.len += 2; - last_len = 2 + salt.len; - last[last_len++] = CR; last[last_len++] = LF; - tag = 0; - - break; - } - - rc = NGX_MAIL_PARSE_INVALID_COMMAND; break; case NGX_IMAP_CAPABILITY: - cscf = ngx_mail_get_module_srv_conf(s, ngx_mail_core_module); - -#if (NGX_MAIL_SSL) - - if (c->ssl == NULL) { - sslcf = ngx_mail_get_module_srv_conf(s, ngx_mail_ssl_module); - - if (sslcf->starttls == NGX_MAIL_STARTTLS_ON) { - text_len = cscf->imap_starttls_capability.len; - text = cscf->imap_starttls_capability.data; - break; - } - - if (sslcf->starttls == NGX_MAIL_STARTTLS_ONLY) { - text_len = cscf->imap_starttls_only_capability.len; - text = cscf->imap_starttls_only_capability.data; - break; - } - } -#endif - - text_len = cscf->imap_capability.len; - text = cscf->imap_capability.data; + rc = ngx_mail_imap_capability(s, c); break; case NGX_IMAP_LOGOUT: s->quit = 1; - text = imap_bye; - text_len = sizeof(imap_bye) - 1; + s->text.len = sizeof(imap_bye) - 1; + s->text.data = imap_bye; break; case NGX_IMAP_NOOP: break; -#if (NGX_MAIL_SSL) - case NGX_IMAP_STARTTLS: - if (c->ssl == NULL) { - sslcf = ngx_mail_get_module_srv_conf(s, ngx_mail_ssl_module); - if (sslcf->starttls) { - c->read->handler = ngx_mail_starttls_handler; - break; - } - } - - rc = NGX_MAIL_PARSE_INVALID_COMMAND; + rc = ngx_mail_imap_starttls(s, c); break; -#endif default: rc = NGX_MAIL_PARSE_INVALID_COMMAND; @@ -1265,148 +209,50 @@ ngx_imap_auth_state(ngx_event_t *rev) break; case ngx_imap_auth_login_username: - arg = s->args.elts; - s->mail_state = ngx_imap_auth_login_password; - - ngx_log_debug1(NGX_LOG_DEBUG_MAIL, c->log, 0, - "imap auth login username: \"%V\"", &arg[0]); - - s->login.data = ngx_palloc(c->pool, - ngx_base64_decoded_length(arg[0].len)); - if (s->login.data == NULL){ - ngx_mail_session_internal_server_error(s); - return; - } + rc = ngx_mail_auth_login_username(s, c); - if (ngx_decode_base64(&s->login, &arg[0]) != NGX_OK) { - ngx_log_error(NGX_LOG_INFO, c->log, 0, - "client sent invalid base64 encoding " - "in AUTH LOGIN command"); - rc = NGX_MAIL_PARSE_INVALID_COMMAND; - break; - } - - ngx_log_debug1(NGX_LOG_DEBUG_MAIL, c->log, 0, - "imap auth login username: \"%V\"", &s->login); - - last_len = sizeof(pop3_password) - 1; - last = pop3_password; tag = 0; + s->out.len = sizeof(imap_password) - 1; + s->out.data = imap_password; + s->mail_state = ngx_imap_auth_login_password; break; case ngx_imap_auth_login_password: - arg = s->args.elts; - -#if (NGX_DEBUG_MAIL_PASSWD) - ngx_log_debug1(NGX_LOG_DEBUG_MAIL, c->log, 0, - "imap auth login password: \"%V\"", &arg[0]); -#endif - - s->passwd.data = ngx_palloc(c->pool, - ngx_base64_decoded_length(arg[0].len)); - if (s->passwd.data == NULL){ - ngx_mail_session_internal_server_error(s); - return; - } - - if (ngx_decode_base64(&s->passwd, &arg[0]) != NGX_OK) { - ngx_log_error(NGX_LOG_INFO, c->log, 0, - "client sent invalid base64 encoding " - "in AUTH LOGIN command"); - rc = NGX_MAIL_PARSE_INVALID_COMMAND; - break; - } - -#if (NGX_DEBUG_MAIL_PASSWD) - ngx_log_debug1(NGX_LOG_DEBUG_MAIL, c->log, 0, - "imap auth login password: \"%V\"", &s->passwd); -#endif - - ngx_mail_do_auth(s); - return; + rc = ngx_mail_auth_login_password(s, c); + break; case ngx_imap_auth_plain: - arg = s->args.elts; - - rc = ngx_mail_decode_auth_plain(s, &arg[0]); - - if (rc == NGX_OK) { - ngx_mail_do_auth(s); - return; - } - - if (rc == NGX_ERROR) { - ngx_mail_session_internal_server_error(s); - return; - } - - /* rc == NGX_MAIL_PARSE_INVALID_COMMAND */ - + rc = ngx_mail_auth_plain(s, c, 0); break; case ngx_imap_auth_cram_md5: - arg = s->args.elts; - - ngx_log_debug1(NGX_LOG_DEBUG_MAIL, c->log, 0, - "imap auth cram-md5: \"%V\"", &arg[0]); - - s->login.data = ngx_palloc(c->pool, - ngx_base64_decoded_length(arg[0].len)); - if (s->login.data == NULL){ - ngx_mail_session_internal_server_error(s); - return; - } - - if (ngx_decode_base64(&s->login, &arg[0]) != NGX_OK) { - ngx_log_error(NGX_LOG_INFO, c->log, 0, - "client sent invalid base64 encoding " - "in AUTH CRAM-MD5 command"); - rc = NGX_MAIL_PARSE_INVALID_COMMAND; - break; - } - - p = s->login.data; - last = p + s->login.len; - - while (p < last) { - if (*p++ == ' ') { - s->login.len = p - s->login.data - 1; - s->passwd.len = last - p; - s->passwd.data = p; - break; - } - } - - if (s->passwd.len != 32) { - ngx_log_error(NGX_LOG_INFO, c->log, 0, - "client sent invalid CRAM-MD5 hash " - "in AUTH CRAM-MD5 command"); - rc = NGX_MAIL_PARSE_INVALID_COMMAND; - break; - } - - ngx_log_debug2(NGX_LOG_DEBUG_MAIL, c->log, 0, - "imap auth cram-md5: \"%V\" \"%V\"", - &s->login, &s->passwd); - - s->auth_method = NGX_MAIL_AUTH_CRAM_MD5; - - ngx_mail_do_auth(s); - return; + rc = ngx_mail_auth_cram_md5(s, c); + break; } } else if (rc == NGX_IMAP_NEXT) { - last = imap_next; - last_len = sizeof(imap_next) - 1; tag = 0; + s->out.len = sizeof(imap_next) - 1; + s->out.data = imap_next; } - if (rc == NGX_MAIL_PARSE_INVALID_COMMAND) { - s->mail_state = ngx_imap_start; + switch (rc) { + + case NGX_DONE: + ngx_mail_auth(s); + return; + + case NGX_ERROR: + ngx_mail_session_internal_server_error(s); + return; + + case NGX_MAIL_PARSE_INVALID_COMMAND: s->state = 0; - last = imap_invalid_command; - last_len = sizeof(imap_invalid_command) - 1; + s->out.len = sizeof(imap_invalid_command) - 1; + s->out.data = imap_invalid_command; + s->mail_state = ngx_imap_start; + break; } if (tag) { @@ -1415,8 +261,8 @@ ngx_imap_auth_state(ngx_event_t *rev) s->tag.data = (u_char *) imap_star; } - if (s->tagged_line.len < s->tag.len + text_len + last_len) { - s->tagged_line.len = s->tag.len + text_len + last_len; + if (s->tagged_line.len < s->tag.len + s->text.len + s->out.len) { + s->tagged_line.len = s->tag.len + s->text.len + s->out.len; s->tagged_line.data = ngx_palloc(c->pool, s->tagged_line.len); if (s->tagged_line.data == NULL) { ngx_mail_close_connection(c); @@ -1424,21 +270,17 @@ ngx_imap_auth_state(ngx_event_t *rev) } } - s->out.data = s->tagged_line.data; - s->out.len = s->tag.len + text_len + last_len; + p = s->tagged_line.data; - p = s->out.data; - - if (text) { - p = ngx_cpymem(p, text, text_len); + if (s->text.len) { + p = ngx_cpymem(p, s->text.data, s->text.len); } - p = ngx_cpymem(p, s->tag.data, s->tag.len); - ngx_memcpy(p, last, last_len); - - } else { - s->out.data = last; - s->out.len = last_len; + p = ngx_cpymem(p, s->tag.data, s->tag.len); + ngx_memcpy(p, s->out.data, s->out.len); + + s->out.len = s->text.len + s->tag.len + s->out.len; + s->out.data = s->tagged_line.data; } if (rc != NGX_IMAP_NEXT) { @@ -1461,701 +303,190 @@ ngx_imap_auth_state(ngx_event_t *rev) } -void -ngx_smtp_auth_state(ngx_event_t *rev) +static ngx_int_t +ngx_mail_imap_login(ngx_mail_session_t *s, ngx_connection_t *c) +{ + ngx_str_t *arg; +#if (NGX_MAIL_SSL) + ngx_mail_ssl_conf_t *sslcf; + + if (c->ssl == NULL) { + sslcf = ngx_mail_get_module_srv_conf(s, ngx_mail_ssl_module); + + if (sslcf->starttls == NGX_MAIL_STARTTLS_ONLY) { + return NGX_MAIL_PARSE_INVALID_COMMAND; + } + } +#endif + + arg = s->args.elts; + + if (s->args.nelts != 2 || arg[0].len == 0) { + return NGX_MAIL_PARSE_INVALID_COMMAND; + } + + s->login.len = arg[0].len; + s->login.data = ngx_palloc(c->pool, s->login.len); + if (s->login.data == NULL) { + return NGX_ERROR; + } + + ngx_memcpy(s->login.data, arg[0].data, s->login.len); + + s->passwd.len = arg[1].len; + s->passwd.data = ngx_palloc(c->pool, s->passwd.len); + if (s->passwd.data == NULL) { + return NGX_ERROR; + } + + ngx_memcpy(s->passwd.data, arg[1].data, s->passwd.len); + +#if (NGX_DEBUG_MAIL_PASSWD) + ngx_log_debug2(NGX_LOG_DEBUG_MAIL, c->log, 0, + "imap login:\"%V\" passwd:\"%V\"", + &s->login, &s->passwd); +#else + ngx_log_debug1(NGX_LOG_DEBUG_MAIL, c->log, 0, + "imap login:\"%V\"", &s->login); +#endif + + return NGX_DONE; +} + + +static ngx_int_t +ngx_mail_imap_authenticate(ngx_mail_session_t *s, ngx_connection_t *c) { - u_char *p, *last, *text, ch; - ssize_t size; - ngx_int_t rc; - ngx_str_t *arg, salt, l; - ngx_uint_t i; - ngx_connection_t *c; - ngx_mail_session_t *s; + u_char *p; + ngx_str_t *arg, salt; + ngx_uint_t n; + ngx_mail_core_srv_conf_t *cscf; +#if (NGX_MAIL_SSL) + ngx_mail_ssl_conf_t *sslcf; + + if (c->ssl == NULL) { + sslcf = ngx_mail_get_module_srv_conf(s, ngx_mail_ssl_module); + + if (sslcf->starttls == NGX_MAIL_STARTTLS_ONLY) { + return NGX_MAIL_PARSE_INVALID_COMMAND; + } + } +#endif + + if (s->args.nelts != 1) { + return NGX_MAIL_PARSE_INVALID_COMMAND; + } + + arg = s->args.elts; + + if (arg[0].len == 5) { + + if (ngx_strncasecmp(arg[0].data, (u_char *) "LOGIN", 5) == 0) { + + s->out.len = sizeof(imap_username) - 1; + s->out.data = imap_username; + s->mail_state = ngx_imap_auth_login_username; + + return NGX_OK; + + } else if (ngx_strncasecmp(arg[0].data, (u_char *) "PLAIN", 5) == 0) { + + s->out.len = sizeof(imap_plain_next) - 1; + s->out.data = imap_plain_next; + s->mail_state = ngx_imap_auth_plain; + + return NGX_OK; + } + + } else if (arg[0].len == 8 + && ngx_strncasecmp(arg[0].data, (u_char *) "CRAM-MD5", 8) == 0) + { + if (s->args.nelts != 1) { + return NGX_MAIL_PARSE_INVALID_COMMAND; + } + + cscf = ngx_mail_get_module_srv_conf(s, ngx_mail_core_module); + + if (!(cscf->imap_auth_methods & NGX_MAIL_AUTH_CRAM_MD5_ENABLED)) { + return NGX_MAIL_PARSE_INVALID_COMMAND; + } + + p = ngx_palloc(c->pool, + sizeof("+ " CRLF) - 1 + + ngx_base64_encoded_length(s->salt.len)); + if (p == NULL) { + return NGX_ERROR; + } + + p[0] = '+'; p[1]= ' '; + salt.data = &p[2]; + s->salt.len -= 2; + + ngx_encode_base64(&salt, &s->salt); + + s->salt.len += 2; + n = 2 + salt.len; + p[n++] = CR; p[n++] = LF; + + s->out.len = n; + s->out.data = p; + s->mail_state = ngx_imap_auth_cram_md5; + + return NGX_OK; + } + + return NGX_MAIL_PARSE_INVALID_COMMAND; +} + + +static ngx_int_t +ngx_mail_imap_capability(ngx_mail_session_t *s, ngx_connection_t *c) +{ ngx_mail_core_srv_conf_t *cscf; #if (NGX_MAIL_SSL) ngx_mail_ssl_conf_t *sslcf; #endif - c = rev->data; - s = c->data; - - ngx_log_debug0(NGX_LOG_DEBUG_MAIL, c->log, 0, "smtp auth state"); - - if (rev->timedout) { - ngx_log_error(NGX_LOG_INFO, c->log, NGX_ETIMEDOUT, "client timed out"); - c->timedout = 1; - ngx_mail_close_connection(c); - return; - } - - if (s->out.len) { - ngx_log_debug0(NGX_LOG_DEBUG_MAIL, c->log, 0, "smtp send handler busy"); - s->blocked = 1; - return; - } - - s->blocked = 0; - - rc = ngx_mail_read_command(s); - - if (rc == NGX_AGAIN || rc == NGX_ERROR) { - return; - } - - text = NULL; - size = 0; - - if (rc == NGX_OK) { - switch (s->mail_state) { - - case ngx_smtp_start: - - switch (s->command) { - - case NGX_SMTP_HELO: - case NGX_SMTP_EHLO: - cscf = ngx_mail_get_module_srv_conf(s, ngx_mail_core_module); - - if (s->args.nelts != 1) { - text = smtp_invalid_argument; - size = sizeof(smtp_invalid_argument) - 1; - s->state = 0; - break; - } - - arg = s->args.elts; - - s->smtp_helo.len = arg[0].len; - - s->smtp_helo.data = ngx_palloc(c->pool, arg[0].len); - if (s->smtp_helo.data == NULL) { - ngx_mail_session_internal_server_error(s); - return; - } - - ngx_memcpy(s->smtp_helo.data, arg[0].data, arg[0].len); - - if (s->command == NGX_SMTP_HELO) { - size = cscf->smtp_server_name.len; - text = cscf->smtp_server_name.data; - - } else { - s->esmtp = 1; - -#if (NGX_MAIL_SSL) - - if (c->ssl == NULL) { - sslcf = ngx_mail_get_module_srv_conf(s, ngx_mail_ssl_module); - - if (sslcf->starttls == NGX_MAIL_STARTTLS_ON) { - size = cscf->smtp_starttls_capability.len; - text = cscf->smtp_starttls_capability.data; - break; - } - - if (sslcf->starttls == NGX_MAIL_STARTTLS_ONLY) { - size = cscf->smtp_starttls_only_capability.len; - text = cscf->smtp_starttls_only_capability.data; - break; - } - } -#endif - - size = cscf->smtp_capability.len; - text = cscf->smtp_capability.data; - } - - break; - - case NGX_SMTP_AUTH: + cscf = ngx_mail_get_module_srv_conf(s, ngx_mail_core_module); #if (NGX_MAIL_SSL) - if (c->ssl == NULL) { - sslcf = ngx_mail_get_module_srv_conf(s, ngx_mail_ssl_module); - - if (sslcf->starttls == NGX_MAIL_STARTTLS_ONLY) { - rc = NGX_MAIL_PARSE_INVALID_COMMAND; - break; - } - } -#endif - - if (s->args.nelts == 0) { - text = smtp_invalid_argument; - size = sizeof(smtp_invalid_argument) - 1; - s->state = 0; - break; - } - - arg = s->args.elts; - - if (arg[0].len == 5) { - - if (ngx_strncasecmp(arg[0].data, (u_char *) "LOGIN", 5) - == 0) - { - - if (s->args.nelts != 1) { - rc = NGX_MAIL_PARSE_INVALID_COMMAND; - break; - } - - s->mail_state = ngx_smtp_auth_login_username; - - size = sizeof(smtp_username) - 1; - text = smtp_username; - - break; - - } else if (ngx_strncasecmp(arg[0].data, (u_char *) "PLAIN", - 5) - == 0) - { - if (s->args.nelts == 1) { - s->mail_state = ngx_smtp_auth_plain; - - size = sizeof(smtp_next) - 1; - text = smtp_next; - - break; - } - - if (s->args.nelts == 2) { - - rc = ngx_mail_decode_auth_plain(s, &arg[1]); - - if (rc == NGX_OK) { - ngx_mail_do_auth(s); - return; - } - - if (rc == NGX_ERROR) { - ngx_mail_session_internal_server_error(s); - return; - } - - /* rc == NGX_MAIL_PARSE_INVALID_COMMAND */ - - break; - } - - rc = NGX_MAIL_PARSE_INVALID_COMMAND; - break; - } - - } else if (arg[0].len == 8 - && ngx_strncasecmp(arg[0].data, - (u_char *) "CRAM-MD5", 8) - == 0) - { - cscf = ngx_mail_get_module_srv_conf(s, - ngx_mail_core_module); - - if (!(cscf->smtp_auth_methods - & NGX_MAIL_AUTH_CRAM_MD5_ENABLED) - || s->args.nelts != 1) - { - rc = NGX_MAIL_PARSE_INVALID_COMMAND; - break; - } - - s->mail_state = ngx_smtp_auth_cram_md5; + if (c->ssl == NULL) { + sslcf = ngx_mail_get_module_srv_conf(s, ngx_mail_ssl_module); - text = ngx_palloc(c->pool, - sizeof("334 " CRLF) - 1 - + ngx_base64_encoded_length(s->salt.len)); - if (text == NULL) { - ngx_mail_session_internal_server_error(s); - return; - } - - text[0] = '3'; text[1]= '3'; text[2] = '4'; text[3]= ' '; - salt.data = &text[4]; - s->salt.len -= 2; - - ngx_encode_base64(&salt, &s->salt); - - s->salt.len += 2; - size = 4 + salt.len; - text[size++] = CR; text[size++] = LF; - - break; - } - - rc = NGX_MAIL_PARSE_INVALID_COMMAND; - break; - - case NGX_SMTP_QUIT: - s->quit = 1; - text = smtp_bye; - size = sizeof(smtp_bye) - 1; - break; - - case NGX_SMTP_MAIL: - - if (s->connection->log->log_level >= NGX_LOG_INFO) { - l.len = s->buffer->last - s->buffer->start; - l.data = s->buffer->start; - - for (i = 0; i < l.len; i++) { - ch = l.data[i]; - - if (ch != CR && ch != LF) { - continue; - } - - l.data[i] = ' '; - } + if (sslcf->starttls == NGX_MAIL_STARTTLS_ON) { + s->text = cscf->imap_starttls_capability; + return NGX_OK; + } - while (i) { - if (l.data[i - 1] != ' ') { - break; - } - - i--; - } - - l.len = i; - - ngx_log_error(NGX_LOG_INFO, s->connection->log, 0, - "client was rejected: \"%V\"", &l); - } - - text = smtp_auth_required; - size = sizeof(smtp_auth_required) - 1; - break; - - case NGX_SMTP_NOOP: - case NGX_SMTP_RSET: - text = smtp_ok; - size = sizeof(smtp_ok) - 1; - break; - -#if (NGX_MAIL_SSL) - - case NGX_SMTP_STARTTLS: - if (c->ssl == NULL) { - sslcf = ngx_mail_get_module_srv_conf(s, - ngx_mail_ssl_module); - if (sslcf->starttls) { - c->read->handler = ngx_mail_starttls_handler; - - /* - * RFC3207 requires us to discard any knowledge - * obtained from client before STARTTLS. - */ - - s->smtp_helo.len = 0; - s->smtp_helo.data = NULL; - - text = smtp_ok; - size = sizeof(smtp_ok) - 1; - - break; - } - } - - rc = NGX_MAIL_PARSE_INVALID_COMMAND; - break; + if (sslcf->starttls == NGX_MAIL_STARTTLS_ONLY) { + s->text = cscf->imap_starttls_only_capability; + return NGX_OK; + } + } #endif - default: - rc = NGX_MAIL_PARSE_INVALID_COMMAND; - break; - } - - break; - - case ngx_smtp_auth_login_username: - arg = s->args.elts; - s->mail_state = ngx_smtp_auth_login_password; - - ngx_log_debug1(NGX_LOG_DEBUG_MAIL, c->log, 0, - "smtp auth login username: \"%V\"", &arg[0]); - - s->login.data = ngx_palloc(c->pool, - ngx_base64_decoded_length(arg[0].len)); - if (s->login.data == NULL){ - ngx_mail_session_internal_server_error(s); - return; - } - - if (ngx_decode_base64(&s->login, &arg[0]) != NGX_OK) { - ngx_log_error(NGX_LOG_INFO, c->log, 0, - "client sent invalid base64 encoding " - "in AUTH LOGIN command"); - rc = NGX_MAIL_PARSE_INVALID_COMMAND; - break; - } - - ngx_log_debug1(NGX_LOG_DEBUG_MAIL, c->log, 0, - "smtp auth login username: \"%V\"", &s->login); - - size = sizeof(smtp_password) - 1; - text = smtp_password; - - break; - - case ngx_smtp_auth_login_password: - arg = s->args.elts; - -#if (NGX_DEBUG_MAIL_PASSWD) - ngx_log_debug1(NGX_LOG_DEBUG_MAIL, c->log, 0, - "smtp auth login password: \"%V\"", &arg[0]); -#endif - - s->passwd.data = ngx_palloc(c->pool, - ngx_base64_decoded_length(arg[0].len)); - if (s->passwd.data == NULL){ - ngx_mail_session_internal_server_error(s); - return; - } - - if (ngx_decode_base64(&s->passwd, &arg[0]) != NGX_OK) { - ngx_log_error(NGX_LOG_INFO, c->log, 0, - "client sent invalid base64 encoding " - "in AUTH LOGIN command"); - rc = NGX_MAIL_PARSE_INVALID_COMMAND; - break; - } - -#if (NGX_DEBUG_MAIL_PASSWD) - ngx_log_debug1(NGX_LOG_DEBUG_MAIL, c->log, 0, - "smtp auth login password: \"%V\"", &s->passwd); -#endif - - ngx_mail_do_auth(s); - return; - - case ngx_smtp_auth_plain: - arg = s->args.elts; - - rc = ngx_mail_decode_auth_plain(s, &arg[0]); - - if (rc == NGX_OK) { - ngx_mail_do_auth(s); - return; - } - - if (rc == NGX_ERROR) { - ngx_mail_session_internal_server_error(s); - return; - } - - /* rc == NGX_MAIL_PARSE_INVALID_COMMAND */ - - break; - - case ngx_smtp_auth_cram_md5: - arg = s->args.elts; - - ngx_log_debug1(NGX_LOG_DEBUG_MAIL, c->log, 0, - "smtp auth cram-md5: \"%V\"", &arg[0]); - - s->login.data = ngx_palloc(c->pool, - ngx_base64_decoded_length(arg[0].len)); - if (s->login.data == NULL){ - ngx_mail_session_internal_server_error(s); - return; - } - - if (ngx_decode_base64(&s->login, &arg[0]) != NGX_OK) { - ngx_log_error(NGX_LOG_INFO, c->log, 0, - "client sent invalid base64 encoding " - "in AUTH CRAM-MD5 command"); - rc = NGX_MAIL_PARSE_INVALID_COMMAND; - break; - } - - p = s->login.data; - last = p + s->login.len; - - while (p < last) { - if (*p++ == ' ') { - s->login.len = p - s->login.data - 1; - s->passwd.len = last - p; - s->passwd.data = p; - break; - } - } - - if (s->passwd.len != 32) { - ngx_log_error(NGX_LOG_INFO, c->log, 0, - "client sent invalid CRAM-MD5 hash " - "in AUTH CRAM-MD5 command"); - rc = NGX_MAIL_PARSE_INVALID_COMMAND; - break; - } - - ngx_log_debug2(NGX_LOG_DEBUG_MAIL, c->log, 0, - "smtp auth cram-md5: \"%V\" \"%V\"", - &s->login, &s->passwd); - - s->auth_method = NGX_MAIL_AUTH_CRAM_MD5; - - ngx_mail_do_auth(s); - return; - } - } - - if (rc == NGX_MAIL_PARSE_INVALID_COMMAND) { - s->mail_state = ngx_smtp_start; - s->state = 0; - text = smtp_invalid_command; - size = sizeof(smtp_invalid_command) - 1; - } - - s->args.nelts = 0; - s->buffer->pos = s->buffer->start; - s->buffer->last = s->buffer->start; - - if (s->state) { - s->arg_start = s->buffer->start; - } - - s->out.data = text; - s->out.len = size; - - ngx_mail_send(c->write); -} - - -static ngx_int_t -ngx_mail_decode_auth_plain(ngx_mail_session_t *s, ngx_str_t *encoded) -{ - u_char *p, *last; - ngx_str_t plain; - -#if (NGX_DEBUG_MAIL_PASSWD) - ngx_log_debug1(NGX_LOG_DEBUG_MAIL, s->connection->log, 0, - "mail auth plain: \"%V\"", encoded); -#endif - - plain.data = ngx_palloc(s->connection->pool, - ngx_base64_decoded_length(encoded->len)); - if (plain.data == NULL){ - return NGX_ERROR; - } - - if (ngx_decode_base64(&plain, encoded) != NGX_OK) { - ngx_log_error(NGX_LOG_INFO, s->connection->log, 0, - "client sent invalid base64 encoding " - "in AUTH PLAIN command"); - return NGX_MAIL_PARSE_INVALID_COMMAND; - } - - p = plain.data; - last = p + plain.len; - - while (p < last && *p++) { /* void */ } - - if (p == last) { - ngx_log_error(NGX_LOG_INFO, s->connection->log, 0, - "client sent invalid login in AUTH PLAIN command"); - return NGX_MAIL_PARSE_INVALID_COMMAND; - } - - s->login.data = p; - - while (p < last && *p) { p++; } - - if (p == last) { - ngx_log_error(NGX_LOG_INFO, s->connection->log, 0, - "client sent invalid password in AUTH PLAIN command"); - return NGX_MAIL_PARSE_INVALID_COMMAND; - } - - s->login.len = p++ - s->login.data; - - s->passwd.len = last - p; - s->passwd.data = p; - -#if (NGX_DEBUG_MAIL_PASSWD) - ngx_log_debug2(NGX_LOG_DEBUG_MAIL, s->connection->log, 0, - "mail auth plain: \"%V\" \"%V\"", - &s->login, &s->passwd); -#endif + s->text = cscf->imap_capability; return NGX_OK; } -static void -ngx_mail_do_auth(ngx_mail_session_t *s) -{ - s->args.nelts = 0; - s->buffer->pos = s->buffer->start; - s->buffer->last = s->buffer->start; - s->state = 0; - - if (s->connection->read->timer_set) { - ngx_del_timer(s->connection->read); - } - - s->login_attempt++; - - ngx_mail_auth_http_init(s); -} - - static ngx_int_t -ngx_mail_read_command(ngx_mail_session_t *s) +ngx_mail_imap_starttls(ngx_mail_session_t *s, ngx_connection_t *c) { - ssize_t n; - ngx_int_t rc; - ngx_str_t l; - - n = s->connection->recv(s->connection, s->buffer->last, - s->buffer->end - s->buffer->last); - - if (n == NGX_ERROR || n == 0) { - ngx_mail_close_connection(s->connection); - return NGX_ERROR; - } - - if (n > 0) { - s->buffer->last += n; - } - - if (n == NGX_AGAIN) { - if (ngx_handle_read_event(s->connection->read, 0) == NGX_ERROR) { - ngx_mail_session_internal_server_error(s); - return NGX_ERROR; - } - - return NGX_AGAIN; - } - - switch (s->protocol) { - case NGX_MAIL_POP3_PROTOCOL: - rc = ngx_pop3_parse_command(s); - break; - - case NGX_MAIL_IMAP_PROTOCOL: - rc = ngx_imap_parse_command(s); - break; +#if (NGX_MAIL_SSL) + ngx_mail_ssl_conf_t *sslcf; - default: /* NGX_MAIL_SMTP_PROTOCOL */ - rc = ngx_smtp_parse_command(s); - break; - } - - if (rc == NGX_AGAIN) { - - if (s->buffer->last < s->buffer->end) { - return rc; - } - - l.len = s->buffer->last - s->buffer->start; - l.data = s->buffer->start; - - ngx_log_error(NGX_LOG_INFO, s->connection->log, 0, - "client sent too long command \"%V\"", &l); - - s->quit = 1; - - return NGX_MAIL_PARSE_INVALID_COMMAND; - } - - if (rc == NGX_IMAP_NEXT || rc == NGX_MAIL_PARSE_INVALID_COMMAND) { - return rc; - } - - if (rc == NGX_ERROR) { - ngx_mail_close_connection(s->connection); - return NGX_ERROR; - } - - return NGX_OK; -} - - -void -ngx_mail_session_internal_server_error(ngx_mail_session_t *s) -{ - s->out = internal_server_errors[s->protocol]; - s->quit = 1; - - ngx_mail_send(s->connection->write); -} - - -void -ngx_mail_close_connection(ngx_connection_t *c) -{ - ngx_pool_t *pool; - - ngx_log_debug1(NGX_LOG_DEBUG_MAIL, c->log, 0, - "close mail connection: %d", c->fd); - -#if (NGX_MAIL_SSL) - - if (c->ssl) { - if (ngx_ssl_shutdown(c) == NGX_AGAIN) { - c->ssl->handler = ngx_mail_close_connection; - return; + if (c->ssl == NULL) { + sslcf = ngx_mail_get_module_srv_conf(s, ngx_mail_ssl_module); + if (sslcf->starttls) { + c->read->handler = ngx_mail_starttls_handler; + return NGX_OK; } } #endif -#if (NGX_STAT_STUB) - ngx_atomic_fetch_add(ngx_stat_active, -1); -#endif - - c->destroyed = 1; - - pool = c->pool; - - ngx_close_connection(c); - - ngx_destroy_pool(pool); + return NGX_MAIL_PARSE_INVALID_COMMAND; } - - -static u_char * -ngx_mail_log_error(ngx_log_t *log, u_char *buf, size_t len) -{ - u_char *p; - ngx_mail_session_t *s; - ngx_mail_log_ctx_t *ctx; - - if (log->action) { - p = ngx_snprintf(buf, len, " while %s", log->action); - len -= p - buf; - buf = p; - } - - ctx = log->data; - - p = ngx_snprintf(buf, len, ", client: %V", ctx->client); - len -= p - buf; - buf = p; - - s = ctx->session; - - if (s == NULL) { - return p; - } - - p = ngx_snprintf(buf, len, ", server: %V", s->addr_text); - len -= p - buf; - buf = p; - - if (s->login.len == 0) { - return p; - } - - p = ngx_snprintf(buf, len, ", login: \"%V\"", &s->login); - len -= p - buf; - buf = p; - - if (s->proxy == NULL) { - return p; - } - - p = ngx_snprintf(buf, len, ", upstream: %V", s->proxy->upstream.name); - - return p; -} diff --git a/src/mail/ngx_mail_handler.c b/src/mail/ngx_mail_pop3_handler.c copy from src/mail/ngx_mail_handler.c copy to src/mail/ngx_mail_pop3_handler.c --- a/src/mail/ngx_mail_handler.c +++ b/src/mail/ngx_mail_pop3_handler.c @@ -10,394 +10,67 @@ #include -static void ngx_mail_init_session(ngx_connection_t *c); -static void ngx_mail_init_protocol(ngx_event_t *rev); -static ngx_int_t ngx_mail_decode_auth_plain(ngx_mail_session_t *s, - ngx_str_t *encoded); -static void ngx_mail_do_auth(ngx_mail_session_t *s); -static ngx_int_t ngx_mail_read_command(ngx_mail_session_t *s); -static u_char *ngx_mail_log_error(ngx_log_t *log, u_char *buf, size_t len); - -#if (NGX_MAIL_SSL) -static void ngx_mail_ssl_init_connection(ngx_ssl_t *ssl, ngx_connection_t *c); -static void ngx_mail_ssl_handshake_handler(ngx_connection_t *c); -#endif +static ngx_int_t ngx_mail_pop3_user(ngx_mail_session_t *s, ngx_connection_t *c); +static ngx_int_t ngx_mail_pop3_pass(ngx_mail_session_t *s, ngx_connection_t *c); +static ngx_int_t ngx_mail_pop3_capa(ngx_mail_session_t *s, ngx_connection_t *c, + ngx_int_t stls); +static ngx_int_t ngx_mail_pop3_stls(ngx_mail_session_t *s, ngx_connection_t *c); +static ngx_int_t ngx_mail_pop3_apop(ngx_mail_session_t *s, ngx_connection_t *c); +static ngx_int_t ngx_mail_pop3_auth(ngx_mail_session_t *s, ngx_connection_t *c); -static ngx_str_t greetings[] = { - ngx_string("+OK POP3 ready" CRLF), - ngx_string("* OK IMAP4 ready" CRLF) - /* SMTP greeting */ -}; - -static ngx_str_t internal_server_errors[] = { - ngx_string("-ERR internal server error" CRLF), - ngx_string("* BAD internal server error" CRLF), - ngx_string("451 4.3.2 Internal server error" CRLF), -}; - +static u_char pop3_greeting[] = "+OK POP3 ready" CRLF; static u_char pop3_ok[] = "+OK" CRLF; static u_char pop3_next[] = "+ " CRLF; static u_char pop3_username[] = "+ VXNlcm5hbWU6" CRLF; static u_char pop3_password[] = "+ UGFzc3dvcmQ6" CRLF; static u_char pop3_invalid_command[] = "-ERR invalid command" CRLF; -static u_char imap_star[] = "* "; -static u_char imap_ok[] = "OK completed" CRLF; -static u_char imap_next[] = "+ OK" CRLF; -static u_char imap_bye[] = "* BYE" CRLF; -static u_char imap_invalid_command[] = "BAD invalid command" CRLF; - -static u_char smtp_ok[] = "250 2.0.0 OK" CRLF; -static u_char smtp_bye[] = "221 2.0.0 Bye" CRLF; -static u_char smtp_next[] = "334 " CRLF; -static u_char smtp_username[] = "334 VXNlcm5hbWU6" CRLF; -static u_char smtp_password[] = "334 UGFzc3dvcmQ6" CRLF; -static u_char smtp_invalid_command[] = "500 5.5.1 Invalid command" CRLF; -static u_char smtp_invalid_argument[] = "501 5.5.4 Invalid argument" CRLF; -static u_char smtp_auth_required[] = "530 5.7.1 Authentication required" CRLF; - void -ngx_mail_init_connection(ngx_connection_t *c) -{ - in_addr_t in_addr; - socklen_t len; - ngx_uint_t i; - struct sockaddr_in sin; - ngx_mail_log_ctx_t *ctx; - ngx_mail_in_port_t *imip; - ngx_mail_in_addr_t *imia; - ngx_mail_session_t *s; -#if (NGX_MAIL_SSL) - ngx_mail_ssl_conf_t *sslcf; -#endif - - - /* find the server configuration for the address:port */ - - /* AF_INET only */ - - imip = c->listening->servers; - imia = imip->addrs; - - i = 0; - - if (imip->naddrs > 1) { - - /* - * There are several addresses on this port and one of them - * is the "*:port" wildcard so getsockname() is needed to determine - * the server address. - * - * AcceptEx() already gave this address. - */ - -#if (NGX_WIN32) - if (c->local_sockaddr) { - in_addr = - ((struct sockaddr_in *) c->local_sockaddr)->sin_addr.s_addr; - - } else -#endif - { - len = sizeof(struct sockaddr_in); - if (getsockname(c->fd, (struct sockaddr *) &sin, &len) == -1) { - ngx_connection_error(c, ngx_socket_errno, - "getsockname() failed"); - ngx_mail_close_connection(c); - return; - } - - in_addr = sin.sin_addr.s_addr; - } - - /* the last address is "*" */ - - for ( /* void */ ; i < imip->naddrs - 1; i++) { - if (in_addr == imia[i].addr) { - break; - } - } - } - - - s = ngx_pcalloc(c->pool, sizeof(ngx_mail_session_t)); - if (s == NULL) { - ngx_mail_close_connection(c); - return; - } - - s->main_conf = imia[i].ctx->main_conf; - s->srv_conf = imia[i].ctx->srv_conf; - - s->addr_text = &imia[i].addr_text; - - c->data = s; - s->connection = c; - - ngx_log_error(NGX_LOG_INFO, c->log, 0, "*%ui client %V connected to %V", - c->number, &c->addr_text, s->addr_text); - - ctx = ngx_palloc(c->pool, sizeof(ngx_mail_log_ctx_t)); - if (ctx == NULL) { - ngx_mail_close_connection(c); - return; - } - - ctx->client = &c->addr_text; - ctx->session = s; - - c->log->connection = c->number; - c->log->handler = ngx_mail_log_error; - c->log->data = ctx; - c->log->action = "sending client greeting line"; - - c->log_error = NGX_ERROR_INFO; - -#if (NGX_MAIL_SSL) - - sslcf = ngx_mail_get_module_srv_conf(s, ngx_mail_ssl_module); - - if (sslcf->enable) { - ngx_mail_ssl_init_connection(&sslcf->ssl, c); - return; - } - -#endif - - ngx_mail_init_session(c); -} - - -#if (NGX_MAIL_SSL) - -static void -ngx_mail_starttls_handler(ngx_event_t *rev) -{ - ngx_connection_t *c; - ngx_mail_session_t *s; - ngx_mail_ssl_conf_t *sslcf; - - c = rev->data; - s = c->data; - s->starttls = 1; - - c->log->action = "in starttls state"; - - sslcf = ngx_mail_get_module_srv_conf(s, ngx_mail_ssl_module); - - ngx_mail_ssl_init_connection(&sslcf->ssl, c); -} - - -static void -ngx_mail_ssl_init_connection(ngx_ssl_t *ssl, ngx_connection_t *c) -{ - ngx_mail_session_t *s; - ngx_mail_core_srv_conf_t *cscf; - - if (ngx_ssl_create_connection(ssl, c, 0) == NGX_ERROR) { - ngx_mail_close_connection(c); - return; - } - - if (ngx_ssl_handshake(c) == NGX_AGAIN) { - - s = c->data; - - cscf = ngx_mail_get_module_srv_conf(s, ngx_mail_core_module); - - ngx_add_timer(c->read, cscf->timeout); - - c->ssl->handler = ngx_mail_ssl_handshake_handler; - - return; - } - - ngx_mail_ssl_handshake_handler(c); -} - - -static void -ngx_mail_ssl_handshake_handler(ngx_connection_t *c) -{ - ngx_mail_session_t *s; - - if (c->ssl->handshaked) { - - s = c->data; - - if (s->starttls) { - c->read->handler = ngx_mail_init_protocol; - c->write->handler = ngx_mail_send; - - ngx_mail_init_protocol(c->read); - - return; - } - - ngx_mail_init_session(c); - return; - } - - ngx_mail_close_connection(c); -} - -#endif - - -static void -ngx_mail_init_session(ngx_connection_t *c) +ngx_mail_pop3_init_session(ngx_mail_session_t *s, ngx_connection_t *c) { u_char *p; - ngx_mail_session_t *s; ngx_mail_core_srv_conf_t *cscf; - c->read->handler = ngx_mail_init_protocol; - c->write->handler = ngx_mail_send; - - s = c->data; - cscf = ngx_mail_get_module_srv_conf(s, ngx_mail_core_module); - s->protocol = cscf->protocol; - - s->ctx = ngx_pcalloc(c->pool, sizeof(void *) * ngx_mail_max_module); - if (s->ctx == NULL) { - ngx_mail_session_internal_server_error(s); - return; - } - - if (s->protocol == NGX_MAIL_SMTP_PROTOCOL) { - s->out = cscf->smtp_greeting; - - } else { - s->out = greetings[s->protocol]; - } - - if ((s->protocol == NGX_MAIL_POP3_PROTOCOL - && (cscf->pop3_auth_methods - & (NGX_MAIL_AUTH_APOP_ENABLED|NGX_MAIL_AUTH_CRAM_MD5_ENABLED))) - - || (s->protocol == NGX_MAIL_IMAP_PROTOCOL - && (cscf->imap_auth_methods & NGX_MAIL_AUTH_CRAM_MD5_ENABLED)) - - || (s->protocol == NGX_MAIL_SMTP_PROTOCOL - && (cscf->smtp_auth_methods & NGX_MAIL_AUTH_CRAM_MD5_ENABLED))) + if (cscf->pop3_auth_methods + & (NGX_MAIL_AUTH_APOP_ENABLED|NGX_MAIL_AUTH_CRAM_MD5_ENABLED)) { - s->salt.data = ngx_palloc(c->pool, - sizeof(" <18446744073709551616.@>" CRLF) - 1 - + NGX_TIME_T_LEN - + cscf->server_name.len); - if (s->salt.data == NULL) { + if (ngx_mail_salt(s, c, cscf) != NGX_OK) { ngx_mail_session_internal_server_error(s); return; } - s->salt.len = ngx_sprintf(s->salt.data, "<%ul.%T@%V>" CRLF, - ngx_random(), ngx_time(), &cscf->server_name) - - s->salt.data; + s->out.data = ngx_palloc(c->pool, sizeof(pop3_greeting) + s->salt.len); + if (s->out.data == NULL) { + ngx_mail_session_internal_server_error(s); + return; + } - if (s->protocol == NGX_MAIL_POP3_PROTOCOL) { - s->out.data = ngx_palloc(c->pool, - greetings[0].len + 1 + s->salt.len); - if (s->out.data == NULL) { - ngx_mail_session_internal_server_error(s); - return; - } + p = ngx_cpymem(s->out.data, pop3_greeting, sizeof(pop3_greeting) - 3); + *p++ = ' '; + p = ngx_cpymem(p, s->salt.data, s->salt.len); - p = ngx_cpymem(s->out.data, - greetings[0].data, greetings[0].len - 2); - *p++ = ' '; - p = ngx_cpymem(p, s->salt.data, s->salt.len); + s->out.len = p - s->out.data; - s->out.len = p - s->out.data; - } + } else { + s->out.len = sizeof(pop3_greeting) - 1; + s->out.data = pop3_greeting; } - ngx_add_timer(c->read, cscf->timeout); - - if (ngx_handle_read_event(c->read, 0) == NGX_ERROR) { - ngx_mail_close_connection(c); - } + c->read->handler = ngx_mail_pop3_init_protocol; ngx_mail_send(c->write); } void -ngx_mail_send(ngx_event_t *wev) +ngx_mail_pop3_init_protocol(ngx_event_t *rev) { - ngx_int_t n; - ngx_connection_t *c; - ngx_mail_session_t *s; - ngx_mail_core_srv_conf_t *cscf; - - c = wev->data; - s = c->data; - - if (wev->timedout) { - ngx_log_error(NGX_LOG_INFO, c->log, NGX_ETIMEDOUT, "client timed out"); - c->timedout = 1; - ngx_mail_close_connection(c); - return; - } - - if (s->out.len == 0) { - if (ngx_handle_write_event(c->write, 0) == NGX_ERROR) { - ngx_mail_close_connection(c); - } - - return; - } - - n = c->send(c, s->out.data, s->out.len); - - if (n > 0) { - s->out.len -= n; - - if (wev->timer_set) { - ngx_del_timer(wev); - } - - if (s->quit) { - ngx_mail_close_connection(c); - return; - } - - if (s->blocked) { - c->read->handler(c->read); - } - - return; - } - - if (n == NGX_ERROR) { - ngx_mail_close_connection(c); - return; - } - - /* n == NGX_AGAIN */ - - cscf = ngx_mail_get_module_srv_conf(s, ngx_mail_core_module); - - ngx_add_timer(c->write, cscf->timeout); - - if (ngx_handle_write_event(c->write, 0) == NGX_ERROR) { - ngx_mail_close_connection(c); - return; - } -} - - -static void -ngx_mail_init_protocol(ngx_event_t *rev) -{ - size_t size; - ngx_connection_t *c; - ngx_mail_session_t *s; - ngx_mail_core_srv_conf_t *cscf; + ngx_connection_t *c; + ngx_mail_session_t *s; c = rev->data; @@ -412,28 +85,6 @@ ngx_mail_init_protocol(ngx_event_t *rev) s = c->data; - switch (s->protocol) { - - case NGX_MAIL_POP3_PROTOCOL: - size = 128; - s->mail_state = ngx_pop3_start; - c->read->handler = ngx_pop3_auth_state; - break; - - case NGX_MAIL_IMAP_PROTOCOL: - cscf = ngx_mail_get_module_srv_conf(s, ngx_mail_core_module); - size = cscf->imap_client_buffer_size; - s->mail_state = ngx_imap_start; - c->read->handler = ngx_imap_auth_state; - break; - - default: /* NGX_MAIL_SMTP_PROTOCOL */ - size = 512; - s->mail_state = ngx_smtp_start; - c->read->handler = ngx_smtp_auth_state; - break; - } - if (s->buffer == NULL) { if (ngx_array_init(&s->args, c->pool, 2, sizeof(ngx_str_t)) == NGX_ERROR) @@ -442,30 +93,26 @@ ngx_mail_init_protocol(ngx_event_t *rev) return; } - s->buffer = ngx_create_temp_buf(c->pool, size); + s->buffer = ngx_create_temp_buf(c->pool, 128); if (s->buffer == NULL) { ngx_mail_session_internal_server_error(s); return; } } - c->read->handler(rev); + s->mail_state = ngx_pop3_start; + c->read->handler = ngx_pop3_auth_state; + + ngx_pop3_auth_state(rev); } void ngx_pop3_auth_state(ngx_event_t *rev) { - u_char *p, *last, *text; - ssize_t size; - ngx_int_t rc; - ngx_str_t *arg, salt; - ngx_connection_t *c; - ngx_mail_session_t *s; - ngx_mail_core_srv_conf_t *cscf; -#if (NGX_MAIL_SSL) - ngx_mail_ssl_conf_t *sslcf; -#endif + ngx_int_t rc; + ngx_connection_t *c; + ngx_mail_session_t *s; c = rev->data; s = c->data; @@ -493,8 +140,8 @@ ngx_pop3_auth_state(ngx_event_t *rev) return; } - text = pop3_ok; - size = sizeof(pop3_ok) - 1; + s->out.len = sizeof(pop3_ok) - 1; + s->out.data = pop3_ok; if (rc == NGX_OK) { switch (s->mail_state) { @@ -504,245 +151,19 @@ ngx_pop3_auth_state(ngx_event_t *rev) switch (s->command) { case NGX_POP3_USER: - -#if (NGX_MAIL_SSL) - - if (c->ssl == NULL) { - sslcf = ngx_mail_get_module_srv_conf(s, - ngx_mail_ssl_module); - - if (sslcf->starttls == NGX_MAIL_STARTTLS_ONLY) { - rc = NGX_MAIL_PARSE_INVALID_COMMAND; - break; - } - } -#endif - - if (s->args.nelts == 1) { - s->mail_state = ngx_pop3_user; - - arg = s->args.elts; - s->login.len = arg[0].len; - s->login.data = ngx_palloc(c->pool, s->login.len); - if (s->login.data == NULL) { - ngx_mail_session_internal_server_error(s); - return; - } - - ngx_memcpy(s->login.data, arg[0].data, s->login.len); - - ngx_log_debug1(NGX_LOG_DEBUG_MAIL, c->log, 0, - "pop3 login: \"%V\"", &s->login); - - break; - } - - rc = NGX_MAIL_PARSE_INVALID_COMMAND; + rc = ngx_mail_pop3_user(s, c); break; case NGX_POP3_CAPA: - cscf = ngx_mail_get_module_srv_conf(s, ngx_mail_core_module); - -#if (NGX_MAIL_SSL) - - if (c->ssl == NULL) { - sslcf = ngx_mail_get_module_srv_conf(s, - ngx_mail_ssl_module); - - if (sslcf->starttls == NGX_MAIL_STARTTLS_ON) { - size = cscf->pop3_starttls_capability.len; - text = cscf->pop3_starttls_capability.data; - break; - } - - if (sslcf->starttls == NGX_MAIL_STARTTLS_ONLY) { - size = cscf->pop3_starttls_only_capability.len; - text = cscf->pop3_starttls_only_capability.data; - break; - } - } -#endif - - size = cscf->pop3_capability.len; - text = cscf->pop3_capability.data; + rc = ngx_mail_pop3_capa(s, c, 1); break; case NGX_POP3_APOP: - -#if (NGX_MAIL_SSL) - - if (c->ssl == NULL) { - sslcf = ngx_mail_get_module_srv_conf(s, - ngx_mail_ssl_module); - - if (sslcf->starttls == NGX_MAIL_STARTTLS_ONLY) { - rc = NGX_MAIL_PARSE_INVALID_COMMAND; - break; - } - } -#endif - - cscf = ngx_mail_get_module_srv_conf(s, ngx_mail_core_module); - - if ((cscf->pop3_auth_methods & NGX_MAIL_AUTH_APOP_ENABLED) - && s->args.nelts == 2) - { - arg = s->args.elts; - - s->login.len = arg[0].len; - s->login.data = ngx_palloc(c->pool, s->login.len); - if (s->login.data == NULL) { - ngx_mail_session_internal_server_error(s); - return; - } - - ngx_memcpy(s->login.data, arg[0].data, s->login.len); - - s->passwd.len = arg[1].len; - s->passwd.data = ngx_palloc(c->pool, s->passwd.len); - if (s->passwd.data == NULL) { - ngx_mail_session_internal_server_error(s); - return; - } - - ngx_memcpy(s->passwd.data, arg[1].data, s->passwd.len); - - ngx_log_debug2(NGX_LOG_DEBUG_MAIL, c->log, 0, - "pop3 apop: \"%V\" \"%V\"", - &s->login, &s->passwd); - - s->auth_method = NGX_MAIL_AUTH_APOP; - - ngx_mail_do_auth(s); - return; - } - - rc = NGX_MAIL_PARSE_INVALID_COMMAND; + rc = ngx_mail_pop3_apop(s, c); break; case NGX_POP3_AUTH: - -#if (NGX_MAIL_SSL) - - if (c->ssl == NULL) { - sslcf = ngx_mail_get_module_srv_conf(s, - ngx_mail_ssl_module); - - if (sslcf->starttls == NGX_MAIL_STARTTLS_ONLY) { - rc = NGX_MAIL_PARSE_INVALID_COMMAND; - break; - } - } -#endif - - cscf = ngx_mail_get_module_srv_conf(s, ngx_mail_core_module); - - if (s->args.nelts == 0) { - size = cscf->pop3_auth_capability.len; - text = cscf->pop3_auth_capability.data; - s->state = 0; - break; - } - - arg = s->args.elts; - - if (arg[0].len == 5) { - - if (ngx_strncasecmp(arg[0].data, (u_char *) "LOGIN", 5) - == 0) - { - - if (s->args.nelts != 1) { - rc = NGX_MAIL_PARSE_INVALID_COMMAND; - break; - } - - s->mail_state = ngx_pop3_auth_login_username; - - size = sizeof(pop3_username) - 1; - text = pop3_username; - - break; - - } else if (ngx_strncasecmp(arg[0].data, (u_char *) "PLAIN", - 5) - == 0) - { - - if (s->args.nelts == 1) { - s->mail_state = ngx_pop3_auth_plain; - - size = sizeof(pop3_next) - 1; - text = pop3_next; - - break; - } - - if (s->args.nelts == 2) { - - /* - * workaround for Eudora for Mac: it sends - * AUTH PLAIN [base64 encoded] - */ - - rc = ngx_mail_decode_auth_plain(s, &arg[1]); - - if (rc == NGX_OK) { - ngx_mail_do_auth(s); - return; - } - - if (rc == NGX_ERROR) { - ngx_mail_session_internal_server_error(s); - return; - } - - /* rc == NGX_MAIL_PARSE_INVALID_COMMAND */ - - break; - } - - rc = NGX_MAIL_PARSE_INVALID_COMMAND; - break; - } - - } else if (arg[0].len == 8 - && ngx_strncasecmp(arg[0].data, - (u_char *) "CRAM-MD5", 8) - == 0) - { - if (!(cscf->pop3_auth_methods - & NGX_MAIL_AUTH_CRAM_MD5_ENABLED) - || s->args.nelts != 1) - { - rc = NGX_MAIL_PARSE_INVALID_COMMAND; - break; - } - - s->mail_state = ngx_pop3_auth_cram_md5; - - text = ngx_palloc(c->pool, - sizeof("+ " CRLF) - 1 - + ngx_base64_encoded_length(s->salt.len)); - if (text == NULL) { - ngx_mail_session_internal_server_error(s); - return; - } - - text[0] = '+'; text[1]= ' '; - salt.data = &text[2]; - s->salt.len -= 2; - - ngx_encode_base64(&salt, &s->salt); - - s->salt.len += 2; - size = 2 + salt.len; - text[size++] = CR; text[size++] = LF; - - break; - } - - rc = NGX_MAIL_PARSE_INVALID_COMMAND; + rc = ngx_mail_pop3_auth(s, c); break; case NGX_POP3_QUIT: @@ -752,25 +173,13 @@ ngx_pop3_auth_state(ngx_event_t *rev) case NGX_POP3_NOOP: break; -#if (NGX_MAIL_SSL) - case NGX_POP3_STLS: - if (c->ssl == NULL) { - sslcf = ngx_mail_get_module_srv_conf(s, - ngx_mail_ssl_module); - if (sslcf->starttls) { - c->read->handler = ngx_mail_starttls_handler; - break; - } - } - - rc = NGX_MAIL_PARSE_INVALID_COMMAND; + rc = ngx_mail_pop3_stls(s, c); break; -#endif default: + rc = NGX_MAIL_PARSE_INVALID_COMMAND; s->mail_state = ngx_pop3_start; - rc = NGX_MAIL_PARSE_INVALID_COMMAND; break; } @@ -781,33 +190,11 @@ ngx_pop3_auth_state(ngx_event_t *rev) switch (s->command) { case NGX_POP3_PASS: - if (s->args.nelts == 1) { - arg = s->args.elts; - s->passwd.len = arg[0].len; - s->passwd.data = ngx_palloc(c->pool, s->passwd.len); - if (s->passwd.data == NULL) { - ngx_mail_session_internal_server_error(s); - return; - } - - ngx_memcpy(s->passwd.data, arg[0].data, s->passwd.len); - -#if (NGX_DEBUG_MAIL_PASSWD) - ngx_log_debug1(NGX_LOG_DEBUG_MAIL, c->log, 0, - "pop3 passwd: \"%V\"", &s->passwd); -#endif - - ngx_mail_do_auth(s); - return; - } - - rc = NGX_MAIL_PARSE_INVALID_COMMAND; + rc = ngx_mail_pop3_pass(s, c); break; case NGX_POP3_CAPA: - cscf = ngx_mail_get_module_srv_conf(s, ngx_mail_core_module); - size = cscf->pop3_capability.len; - text = cscf->pop3_capability.data; + rc = ngx_mail_pop3_capa(s, c, 0); break; case NGX_POP3_QUIT: @@ -818,8 +205,8 @@ ngx_pop3_auth_state(ngx_event_t *rev) break; default: + rc = NGX_MAIL_PARSE_INVALID_COMMAND; s->mail_state = ngx_pop3_start; - rc = NGX_MAIL_PARSE_INVALID_COMMAND; break; } @@ -830,1332 +217,337 @@ ngx_pop3_auth_state(ngx_event_t *rev) break; case ngx_pop3_auth_login_username: - arg = s->args.elts; - s->mail_state = ngx_pop3_auth_login_password; - - ngx_log_debug1(NGX_LOG_DEBUG_MAIL, c->log, 0, - "pop3 auth login username: \"%V\"", &arg[0]); - - s->login.data = ngx_palloc(c->pool, - ngx_base64_decoded_length(arg[0].len)); - if (s->login.data == NULL){ - ngx_mail_session_internal_server_error(s); - return; - } + rc = ngx_mail_auth_login_username(s, c); - if (ngx_decode_base64(&s->login, &arg[0]) != NGX_OK) { - ngx_log_error(NGX_LOG_INFO, c->log, 0, - "client sent invalid base64 encoding " - "in AUTH LOGIN command"); - rc = NGX_MAIL_PARSE_INVALID_COMMAND; - break; - } - - ngx_log_debug1(NGX_LOG_DEBUG_MAIL, c->log, 0, - "pop3 auth login username: \"%V\"", &s->login); - - size = sizeof(pop3_password) - 1; - text = pop3_password; - + s->out.len = sizeof(pop3_password) - 1; + s->out.data = pop3_password; + s->mail_state = ngx_pop3_auth_login_password; break; case ngx_pop3_auth_login_password: - arg = s->args.elts; - -#if (NGX_DEBUG_MAIL_PASSWD) - ngx_log_debug1(NGX_LOG_DEBUG_MAIL, c->log, 0, - "pop3 auth login password: \"%V\"", &arg[0]); -#endif - - s->passwd.data = ngx_palloc(c->pool, - ngx_base64_decoded_length(arg[0].len)); - if (s->passwd.data == NULL){ - ngx_mail_session_internal_server_error(s); - return; - } - - if (ngx_decode_base64(&s->passwd, &arg[0]) != NGX_OK) { - ngx_log_error(NGX_LOG_INFO, c->log, 0, - "client sent invalid base64 encoding " - "in AUTH LOGIN command"); - rc = NGX_MAIL_PARSE_INVALID_COMMAND; - break; - } - -#if (NGX_DEBUG_MAIL_PASSWD) - ngx_log_debug1(NGX_LOG_DEBUG_MAIL, c->log, 0, - "pop3 auth login password: \"%V\"", &s->passwd); -#endif - - ngx_mail_do_auth(s); - return; + rc = ngx_mail_auth_login_password(s, c); + break; case ngx_pop3_auth_plain: - arg = s->args.elts; - - rc = ngx_mail_decode_auth_plain(s, &arg[0]); - - if (rc == NGX_OK) { - ngx_mail_do_auth(s); - return; - } - - if (rc == NGX_ERROR) { - ngx_mail_session_internal_server_error(s); - return; - } - - /* rc == NGX_MAIL_PARSE_INVALID_COMMAND */ - + rc = ngx_mail_auth_plain(s, c, 0); break; case ngx_pop3_auth_cram_md5: - arg = s->args.elts; - - ngx_log_debug1(NGX_LOG_DEBUG_MAIL, c->log, 0, - "pop3 auth cram-md5: \"%V\"", &arg[0]); - - s->login.data = ngx_palloc(c->pool, - ngx_base64_decoded_length(arg[0].len)); - if (s->login.data == NULL){ - ngx_mail_session_internal_server_error(s); - return; - } - - if (ngx_decode_base64(&s->login, &arg[0]) != NGX_OK) { - ngx_log_error(NGX_LOG_INFO, c->log, 0, - "client sent invalid base64 encoding " - "in AUTH CRAM-MD5 command"); - rc = NGX_MAIL_PARSE_INVALID_COMMAND; - break; - } - - p = s->login.data; - last = p + s->login.len; - - while (p < last) { - if (*p++ == ' ') { - s->login.len = p - s->login.data - 1; - s->passwd.len = last - p; - s->passwd.data = p; - break; - } - } - - if (s->passwd.len != 32) { - ngx_log_error(NGX_LOG_INFO, c->log, 0, - "client sent invalid CRAM-MD5 hash " - "in AUTH CRAM-MD5 command"); - rc = NGX_MAIL_PARSE_INVALID_COMMAND; - break; - } - - ngx_log_debug2(NGX_LOG_DEBUG_MAIL, c->log, 0, - "pop3 auth cram-md5: \"%V\" \"%V\"", - &s->login, &s->passwd); - - s->auth_method = NGX_MAIL_AUTH_CRAM_MD5; - - ngx_mail_do_auth(s); - return; + rc = ngx_mail_auth_cram_md5(s, c); + break; } } - if (rc == NGX_MAIL_PARSE_INVALID_COMMAND) { + switch (rc) { + + case NGX_DONE: + ngx_mail_auth(s); + return; + + case NGX_ERROR: + ngx_mail_session_internal_server_error(s); + return; + + case NGX_MAIL_PARSE_INVALID_COMMAND: s->mail_state = ngx_pop3_start; s->state = 0; - text = pop3_invalid_command; - size = sizeof(pop3_invalid_command) - 1; + + s->out.len = sizeof(pop3_invalid_command) - 1; + s->out.data = pop3_invalid_command; + + /* fall through */ + + case NGX_OK: + + s->args.nelts = 0; + s->buffer->pos = s->buffer->start; + s->buffer->last = s->buffer->start; + + if (s->state) { + s->arg_start = s->buffer->start; + } + + ngx_mail_send(c->write); + } +} + +static ngx_int_t +ngx_mail_pop3_user(ngx_mail_session_t *s, ngx_connection_t *c) +{ + ngx_str_t *arg; +#if (NGX_MAIL_SSL) + ngx_mail_ssl_conf_t *sslcf; + + if (c->ssl == NULL) { + sslcf = ngx_mail_get_module_srv_conf(s, ngx_mail_ssl_module); + + if (sslcf->starttls == NGX_MAIL_STARTTLS_ONLY) { + return NGX_MAIL_PARSE_INVALID_COMMAND; + } } - s->args.nelts = 0; - s->buffer->pos = s->buffer->start; - s->buffer->last = s->buffer->start; +#endif - if (s->state) { - s->arg_start = s->buffer->start; + if (s->args.nelts != 1) { + return NGX_MAIL_PARSE_INVALID_COMMAND; } - s->out.data = text; - s->out.len = size; + arg = s->args.elts; + s->login.len = arg[0].len; + s->login.data = ngx_palloc(c->pool, s->login.len); + if (s->login.data == NULL) { + return NGX_ERROR; + } - ngx_mail_send(c->write); + ngx_memcpy(s->login.data, arg[0].data, s->login.len); + + ngx_log_debug1(NGX_LOG_DEBUG_MAIL, c->log, 0, + "pop3 login: \"%V\"", &s->login); + + s->mail_state = ngx_pop3_user; + + return NGX_OK; } -void -ngx_imap_auth_state(ngx_event_t *rev) +static ngx_int_t +ngx_mail_pop3_pass(ngx_mail_session_t *s, ngx_connection_t *c) { - u_char *p, *last, *text, *dst, *src, *end; - ssize_t text_len, last_len; - ngx_str_t *arg, salt; - ngx_int_t rc; - ngx_uint_t tag, i; - ngx_connection_t *c; - ngx_mail_session_t *s; - ngx_mail_core_srv_conf_t *cscf; -#if (NGX_MAIL_SSL) - ngx_mail_ssl_conf_t *sslcf; -#endif - - c = rev->data; - s = c->data; - - ngx_log_debug0(NGX_LOG_DEBUG_MAIL, c->log, 0, "imap auth state"); + ngx_str_t *arg; - if (rev->timedout) { - ngx_log_error(NGX_LOG_INFO, c->log, NGX_ETIMEDOUT, "client timed out"); - c->timedout = 1; - ngx_mail_close_connection(c); - return; - } - - if (s->out.len) { - ngx_log_debug0(NGX_LOG_DEBUG_MAIL, c->log, 0, "imap send handler busy"); - s->blocked = 1; - return; - } - - s->blocked = 0; - - rc = ngx_mail_read_command(s); - - if (rc == NGX_AGAIN || rc == NGX_ERROR) { - return; + if (s->args.nelts != 1) { + return NGX_MAIL_PARSE_INVALID_COMMAND; } - tag = 1; - - text = NULL; - text_len = 0; - - last = imap_ok; - last_len = sizeof(imap_ok) - 1; - - if (rc == NGX_OK) { - - ngx_log_debug1(NGX_LOG_DEBUG_MAIL, c->log, 0, "imap auth command: %i", - s->command); - - if (s->backslash) { - - arg = s->args.elts; - - for (i = 0; i < s->args.nelts; i++) { - dst = arg[i].data; - end = dst + arg[i].len; - - for (src = dst; src < end; dst++) { - *dst = *src; - if (*src++ == '\\') { - *dst = *src++; - } - } - - arg[i].len = dst - arg[i].data; - } - - s->backslash = 0; - } - - switch (s->mail_state) { - - case ngx_imap_start: + arg = s->args.elts; + s->passwd.len = arg[0].len; + s->passwd.data = ngx_palloc(c->pool, s->passwd.len); + if (s->passwd.data == NULL) { + return NGX_ERROR; + } - switch (s->command) { - - case NGX_IMAP_LOGIN: - -#if (NGX_MAIL_SSL) - - if (c->ssl == NULL) { - sslcf = ngx_mail_get_module_srv_conf(s, ngx_mail_ssl_module); - - if (sslcf->starttls == NGX_MAIL_STARTTLS_ONLY) { - rc = NGX_MAIL_PARSE_INVALID_COMMAND; - break; - } - } -#endif - - arg = s->args.elts; - - if (s->args.nelts == 2 && arg[0].len) { - - s->login.len = arg[0].len; - s->login.data = ngx_palloc(c->pool, s->login.len); - if (s->login.data == NULL) { - ngx_mail_session_internal_server_error(s); - return; - } - - ngx_memcpy(s->login.data, arg[0].data, s->login.len); - - s->passwd.len = arg[1].len; - s->passwd.data = ngx_palloc(c->pool, s->passwd.len); - if (s->passwd.data == NULL) { - ngx_mail_session_internal_server_error(s); - return; - } - - ngx_memcpy(s->passwd.data, arg[1].data, s->passwd.len); + ngx_memcpy(s->passwd.data, arg[0].data, s->passwd.len); #if (NGX_DEBUG_MAIL_PASSWD) - ngx_log_debug2(NGX_LOG_DEBUG_MAIL, c->log, 0, - "imap login:\"%V\" passwd:\"%V\"", - &s->login, &s->passwd); -#else - ngx_log_debug1(NGX_LOG_DEBUG_MAIL, c->log, 0, - "imap login:\"%V\"", &s->login); -#endif - - ngx_mail_do_auth(s); - return; - } - - rc = NGX_MAIL_PARSE_INVALID_COMMAND; - break; - - case NGX_IMAP_AUTHENTICATE: - -#if (NGX_MAIL_SSL) - - if (c->ssl == NULL) { - sslcf = ngx_mail_get_module_srv_conf(s, ngx_mail_ssl_module); - - if (sslcf->starttls == NGX_MAIL_STARTTLS_ONLY) { - rc = NGX_MAIL_PARSE_INVALID_COMMAND; - break; - } - } + ngx_log_debug1(NGX_LOG_DEBUG_MAIL, c->log, 0, + "pop3 passwd: \"%V\"", &s->passwd); #endif - if (s->args.nelts != 1) { - rc = NGX_MAIL_PARSE_INVALID_COMMAND; - break; - } - - arg = s->args.elts; - - if (arg[0].len == 5) { - - if (ngx_strncasecmp(arg[0].data, (u_char *) "LOGIN", 5) - == 0) - { - - s->mail_state = ngx_imap_auth_login_username; - - last_len = sizeof(pop3_username) - 1; - last = pop3_username; - tag = 0; - - break; - - } else if (ngx_strncasecmp(arg[0].data, (u_char *) "PLAIN", - 5) - == 0) - { - - s->mail_state = ngx_imap_auth_plain; - - last_len = sizeof(pop3_next) - 1; - last = pop3_next; - tag = 0; - - break; - } - - } else if (arg[0].len == 8 - && ngx_strncasecmp(arg[0].data, - (u_char *) "CRAM-MD5", 8) - == 0) - { - cscf = ngx_mail_get_module_srv_conf(s, ngx_mail_core_module); - - if (!(cscf->imap_auth_methods - & NGX_MAIL_AUTH_CRAM_MD5_ENABLED) - || s->args.nelts != 1) - { - rc = NGX_MAIL_PARSE_INVALID_COMMAND; - break; - } - - s->mail_state = ngx_imap_auth_cram_md5; - - last = ngx_palloc(c->pool, - sizeof("+ " CRLF) - 1 - + ngx_base64_encoded_length(s->salt.len)); - if (last == NULL) { - ngx_mail_session_internal_server_error(s); - return; - } - - last[0] = '+'; last[1]= ' '; - salt.data = &last[2]; - s->salt.len -= 2; - - ngx_encode_base64(&salt, &s->salt); - - s->salt.len += 2; - last_len = 2 + salt.len; - last[last_len++] = CR; last[last_len++] = LF; - tag = 0; - - break; - } - - rc = NGX_MAIL_PARSE_INVALID_COMMAND; - break; - - case NGX_IMAP_CAPABILITY: - cscf = ngx_mail_get_module_srv_conf(s, ngx_mail_core_module); - -#if (NGX_MAIL_SSL) - - if (c->ssl == NULL) { - sslcf = ngx_mail_get_module_srv_conf(s, ngx_mail_ssl_module); - - if (sslcf->starttls == NGX_MAIL_STARTTLS_ON) { - text_len = cscf->imap_starttls_capability.len; - text = cscf->imap_starttls_capability.data; - break; - } - - if (sslcf->starttls == NGX_MAIL_STARTTLS_ONLY) { - text_len = cscf->imap_starttls_only_capability.len; - text = cscf->imap_starttls_only_capability.data; - break; - } - } -#endif - - text_len = cscf->imap_capability.len; - text = cscf->imap_capability.data; - break; - - case NGX_IMAP_LOGOUT: - s->quit = 1; - text = imap_bye; - text_len = sizeof(imap_bye) - 1; - break; - - case NGX_IMAP_NOOP: - break; - -#if (NGX_MAIL_SSL) - - case NGX_IMAP_STARTTLS: - if (c->ssl == NULL) { - sslcf = ngx_mail_get_module_srv_conf(s, ngx_mail_ssl_module); - if (sslcf->starttls) { - c->read->handler = ngx_mail_starttls_handler; - break; - } - } - - rc = NGX_MAIL_PARSE_INVALID_COMMAND; - break; -#endif - - default: - rc = NGX_MAIL_PARSE_INVALID_COMMAND; - break; - } - - break; - - case ngx_imap_auth_login_username: - arg = s->args.elts; - s->mail_state = ngx_imap_auth_login_password; - - ngx_log_debug1(NGX_LOG_DEBUG_MAIL, c->log, 0, - "imap auth login username: \"%V\"", &arg[0]); - - s->login.data = ngx_palloc(c->pool, - ngx_base64_decoded_length(arg[0].len)); - if (s->login.data == NULL){ - ngx_mail_session_internal_server_error(s); - return; - } - - if (ngx_decode_base64(&s->login, &arg[0]) != NGX_OK) { - ngx_log_error(NGX_LOG_INFO, c->log, 0, - "client sent invalid base64 encoding " - "in AUTH LOGIN command"); - rc = NGX_MAIL_PARSE_INVALID_COMMAND; - break; - } - - ngx_log_debug1(NGX_LOG_DEBUG_MAIL, c->log, 0, - "imap auth login username: \"%V\"", &s->login); - - last_len = sizeof(pop3_password) - 1; - last = pop3_password; - tag = 0; - - break; - - case ngx_imap_auth_login_password: - arg = s->args.elts; - -#if (NGX_DEBUG_MAIL_PASSWD) - ngx_log_debug1(NGX_LOG_DEBUG_MAIL, c->log, 0, - "imap auth login password: \"%V\"", &arg[0]); -#endif - - s->passwd.data = ngx_palloc(c->pool, - ngx_base64_decoded_length(arg[0].len)); - if (s->passwd.data == NULL){ - ngx_mail_session_internal_server_error(s); - return; - } - - if (ngx_decode_base64(&s->passwd, &arg[0]) != NGX_OK) { - ngx_log_error(NGX_LOG_INFO, c->log, 0, - "client sent invalid base64 encoding " - "in AUTH LOGIN command"); - rc = NGX_MAIL_PARSE_INVALID_COMMAND; - break; - } - -#if (NGX_DEBUG_MAIL_PASSWD) - ngx_log_debug1(NGX_LOG_DEBUG_MAIL, c->log, 0, - "imap auth login password: \"%V\"", &s->passwd); -#endif - - ngx_mail_do_auth(s); - return; - - case ngx_imap_auth_plain: - arg = s->args.elts; - - rc = ngx_mail_decode_auth_plain(s, &arg[0]); - - if (rc == NGX_OK) { - ngx_mail_do_auth(s); - return; - } - - if (rc == NGX_ERROR) { - ngx_mail_session_internal_server_error(s); - return; - } - - /* rc == NGX_MAIL_PARSE_INVALID_COMMAND */ - - break; - - case ngx_imap_auth_cram_md5: - arg = s->args.elts; - - ngx_log_debug1(NGX_LOG_DEBUG_MAIL, c->log, 0, - "imap auth cram-md5: \"%V\"", &arg[0]); - - s->login.data = ngx_palloc(c->pool, - ngx_base64_decoded_length(arg[0].len)); - if (s->login.data == NULL){ - ngx_mail_session_internal_server_error(s); - return; - } - - if (ngx_decode_base64(&s->login, &arg[0]) != NGX_OK) { - ngx_log_error(NGX_LOG_INFO, c->log, 0, - "client sent invalid base64 encoding " - "in AUTH CRAM-MD5 command"); - rc = NGX_MAIL_PARSE_INVALID_COMMAND; - break; - } - - p = s->login.data; - last = p + s->login.len; - - while (p < last) { - if (*p++ == ' ') { - s->login.len = p - s->login.data - 1; - s->passwd.len = last - p; - s->passwd.data = p; - break; - } - } - - if (s->passwd.len != 32) { - ngx_log_error(NGX_LOG_INFO, c->log, 0, - "client sent invalid CRAM-MD5 hash " - "in AUTH CRAM-MD5 command"); - rc = NGX_MAIL_PARSE_INVALID_COMMAND; - break; - } - - ngx_log_debug2(NGX_LOG_DEBUG_MAIL, c->log, 0, - "imap auth cram-md5: \"%V\" \"%V\"", - &s->login, &s->passwd); - - s->auth_method = NGX_MAIL_AUTH_CRAM_MD5; - - ngx_mail_do_auth(s); - return; - } - - } else if (rc == NGX_IMAP_NEXT) { - last = imap_next; - last_len = sizeof(imap_next) - 1; - tag = 0; - } - - if (rc == NGX_MAIL_PARSE_INVALID_COMMAND) { - s->mail_state = ngx_imap_start; - s->state = 0; - last = imap_invalid_command; - last_len = sizeof(imap_invalid_command) - 1; - } - - if (tag) { - if (s->tag.len == 0) { - s->tag.len = sizeof(imap_star) - 1; - s->tag.data = (u_char *) imap_star; - } - - if (s->tagged_line.len < s->tag.len + text_len + last_len) { - s->tagged_line.len = s->tag.len + text_len + last_len; - s->tagged_line.data = ngx_palloc(c->pool, s->tagged_line.len); - if (s->tagged_line.data == NULL) { - ngx_mail_close_connection(c); - return; - } - } - - s->out.data = s->tagged_line.data; - s->out.len = s->tag.len + text_len + last_len; - - p = s->out.data; - - if (text) { - p = ngx_cpymem(p, text, text_len); - } - p = ngx_cpymem(p, s->tag.data, s->tag.len); - ngx_memcpy(p, last, last_len); - - - } else { - s->out.data = last; - s->out.len = last_len; - } - - if (rc != NGX_IMAP_NEXT) { - s->args.nelts = 0; - - if (s->state) { - /* preserve tag */ - s->arg_start = s->buffer->start + s->tag.len; - s->buffer->pos = s->arg_start; - s->buffer->last = s->arg_start; - - } else { - s->buffer->pos = s->buffer->start; - s->buffer->last = s->buffer->start; - s->tag.len = 0; - } - } - - ngx_mail_send(c->write); + return NGX_DONE; } -void -ngx_smtp_auth_state(ngx_event_t *rev) +static ngx_int_t +ngx_mail_pop3_capa(ngx_mail_session_t *s, ngx_connection_t *c, ngx_int_t stls) { - u_char *p, *last, *text, ch; - ssize_t size; - ngx_int_t rc; - ngx_str_t *arg, salt, l; - ngx_uint_t i; - ngx_connection_t *c; - ngx_mail_session_t *s; ngx_mail_core_srv_conf_t *cscf; #if (NGX_MAIL_SSL) ngx_mail_ssl_conf_t *sslcf; #endif - c = rev->data; - s = c->data; - - ngx_log_debug0(NGX_LOG_DEBUG_MAIL, c->log, 0, "smtp auth state"); - - if (rev->timedout) { - ngx_log_error(NGX_LOG_INFO, c->log, NGX_ETIMEDOUT, "client timed out"); - c->timedout = 1; - ngx_mail_close_connection(c); - return; - } - - if (s->out.len) { - ngx_log_debug0(NGX_LOG_DEBUG_MAIL, c->log, 0, "smtp send handler busy"); - s->blocked = 1; - return; - } - - s->blocked = 0; - - rc = ngx_mail_read_command(s); - - if (rc == NGX_AGAIN || rc == NGX_ERROR) { - return; - } - - text = NULL; - size = 0; - - if (rc == NGX_OK) { - switch (s->mail_state) { - - case ngx_smtp_start: - - switch (s->command) { - - case NGX_SMTP_HELO: - case NGX_SMTP_EHLO: - cscf = ngx_mail_get_module_srv_conf(s, ngx_mail_core_module); - - if (s->args.nelts != 1) { - text = smtp_invalid_argument; - size = sizeof(smtp_invalid_argument) - 1; - s->state = 0; - break; - } - - arg = s->args.elts; - - s->smtp_helo.len = arg[0].len; - - s->smtp_helo.data = ngx_palloc(c->pool, arg[0].len); - if (s->smtp_helo.data == NULL) { - ngx_mail_session_internal_server_error(s); - return; - } - - ngx_memcpy(s->smtp_helo.data, arg[0].data, arg[0].len); - - if (s->command == NGX_SMTP_HELO) { - size = cscf->smtp_server_name.len; - text = cscf->smtp_server_name.data; - - } else { - s->esmtp = 1; - -#if (NGX_MAIL_SSL) - - if (c->ssl == NULL) { - sslcf = ngx_mail_get_module_srv_conf(s, ngx_mail_ssl_module); - - if (sslcf->starttls == NGX_MAIL_STARTTLS_ON) { - size = cscf->smtp_starttls_capability.len; - text = cscf->smtp_starttls_capability.data; - break; - } - - if (sslcf->starttls == NGX_MAIL_STARTTLS_ONLY) { - size = cscf->smtp_starttls_only_capability.len; - text = cscf->smtp_starttls_only_capability.data; - break; - } - } -#endif - - size = cscf->smtp_capability.len; - text = cscf->smtp_capability.data; - } - - break; - - case NGX_SMTP_AUTH: + cscf = ngx_mail_get_module_srv_conf(s, ngx_mail_core_module); #if (NGX_MAIL_SSL) - if (c->ssl == NULL) { - sslcf = ngx_mail_get_module_srv_conf(s, ngx_mail_ssl_module); - - if (sslcf->starttls == NGX_MAIL_STARTTLS_ONLY) { - rc = NGX_MAIL_PARSE_INVALID_COMMAND; - break; - } - } -#endif - - if (s->args.nelts == 0) { - text = smtp_invalid_argument; - size = sizeof(smtp_invalid_argument) - 1; - s->state = 0; - break; - } - - arg = s->args.elts; - - if (arg[0].len == 5) { - - if (ngx_strncasecmp(arg[0].data, (u_char *) "LOGIN", 5) - == 0) - { - - if (s->args.nelts != 1) { - rc = NGX_MAIL_PARSE_INVALID_COMMAND; - break; - } - - s->mail_state = ngx_smtp_auth_login_username; - - size = sizeof(smtp_username) - 1; - text = smtp_username; - - break; - - } else if (ngx_strncasecmp(arg[0].data, (u_char *) "PLAIN", - 5) - == 0) - { - if (s->args.nelts == 1) { - s->mail_state = ngx_smtp_auth_plain; - - size = sizeof(smtp_next) - 1; - text = smtp_next; - - break; - } - - if (s->args.nelts == 2) { - - rc = ngx_mail_decode_auth_plain(s, &arg[1]); - - if (rc == NGX_OK) { - ngx_mail_do_auth(s); - return; - } - - if (rc == NGX_ERROR) { - ngx_mail_session_internal_server_error(s); - return; - } - - /* rc == NGX_MAIL_PARSE_INVALID_COMMAND */ - - break; - } - - rc = NGX_MAIL_PARSE_INVALID_COMMAND; - break; - } - - } else if (arg[0].len == 8 - && ngx_strncasecmp(arg[0].data, - (u_char *) "CRAM-MD5", 8) - == 0) - { - cscf = ngx_mail_get_module_srv_conf(s, - ngx_mail_core_module); - - if (!(cscf->smtp_auth_methods - & NGX_MAIL_AUTH_CRAM_MD5_ENABLED) - || s->args.nelts != 1) - { - rc = NGX_MAIL_PARSE_INVALID_COMMAND; - break; - } - - s->mail_state = ngx_smtp_auth_cram_md5; - - text = ngx_palloc(c->pool, - sizeof("334 " CRLF) - 1 - + ngx_base64_encoded_length(s->salt.len)); - if (text == NULL) { - ngx_mail_session_internal_server_error(s); - return; - } - - text[0] = '3'; text[1]= '3'; text[2] = '4'; text[3]= ' '; - salt.data = &text[4]; - s->salt.len -= 2; - - ngx_encode_base64(&salt, &s->salt); - - s->salt.len += 2; - size = 4 + salt.len; - text[size++] = CR; text[size++] = LF; - - break; - } - - rc = NGX_MAIL_PARSE_INVALID_COMMAND; - break; - - case NGX_SMTP_QUIT: - s->quit = 1; - text = smtp_bye; - size = sizeof(smtp_bye) - 1; - break; - - case NGX_SMTP_MAIL: - - if (s->connection->log->log_level >= NGX_LOG_INFO) { - l.len = s->buffer->last - s->buffer->start; - l.data = s->buffer->start; - - for (i = 0; i < l.len; i++) { - ch = l.data[i]; - - if (ch != CR && ch != LF) { - continue; - } - - l.data[i] = ' '; - } - - while (i) { - if (l.data[i - 1] != ' ') { - break; - } - - i--; - } - - l.len = i; - - ngx_log_error(NGX_LOG_INFO, s->connection->log, 0, - "client was rejected: \"%V\"", &l); - } - - text = smtp_auth_required; - size = sizeof(smtp_auth_required) - 1; - break; - - case NGX_SMTP_NOOP: - case NGX_SMTP_RSET: - text = smtp_ok; - size = sizeof(smtp_ok) - 1; - break; - -#if (NGX_MAIL_SSL) + if (stls && c->ssl == NULL) { + sslcf = ngx_mail_get_module_srv_conf(s, ngx_mail_ssl_module); - case NGX_SMTP_STARTTLS: - if (c->ssl == NULL) { - sslcf = ngx_mail_get_module_srv_conf(s, - ngx_mail_ssl_module); - if (sslcf->starttls) { - c->read->handler = ngx_mail_starttls_handler; - - /* - * RFC3207 requires us to discard any knowledge - * obtained from client before STARTTLS. - */ - - s->smtp_helo.len = 0; - s->smtp_helo.data = NULL; - - text = smtp_ok; - size = sizeof(smtp_ok) - 1; - - break; - } - } - - rc = NGX_MAIL_PARSE_INVALID_COMMAND; - break; -#endif - - default: - rc = NGX_MAIL_PARSE_INVALID_COMMAND; - break; - } - - break; - - case ngx_smtp_auth_login_username: - arg = s->args.elts; - s->mail_state = ngx_smtp_auth_login_password; - - ngx_log_debug1(NGX_LOG_DEBUG_MAIL, c->log, 0, - "smtp auth login username: \"%V\"", &arg[0]); - - s->login.data = ngx_palloc(c->pool, - ngx_base64_decoded_length(arg[0].len)); - if (s->login.data == NULL){ - ngx_mail_session_internal_server_error(s); - return; - } - - if (ngx_decode_base64(&s->login, &arg[0]) != NGX_OK) { - ngx_log_error(NGX_LOG_INFO, c->log, 0, - "client sent invalid base64 encoding " - "in AUTH LOGIN command"); - rc = NGX_MAIL_PARSE_INVALID_COMMAND; - break; - } - - ngx_log_debug1(NGX_LOG_DEBUG_MAIL, c->log, 0, - "smtp auth login username: \"%V\"", &s->login); - - size = sizeof(smtp_password) - 1; - text = smtp_password; - - break; - - case ngx_smtp_auth_login_password: - arg = s->args.elts; - -#if (NGX_DEBUG_MAIL_PASSWD) - ngx_log_debug1(NGX_LOG_DEBUG_MAIL, c->log, 0, - "smtp auth login password: \"%V\"", &arg[0]); -#endif - - s->passwd.data = ngx_palloc(c->pool, - ngx_base64_decoded_length(arg[0].len)); - if (s->passwd.data == NULL){ - ngx_mail_session_internal_server_error(s); - return; - } + if (sslcf->starttls == NGX_MAIL_STARTTLS_ON) { + s->out = cscf->pop3_starttls_capability; + return NGX_OK; + } - if (ngx_decode_base64(&s->passwd, &arg[0]) != NGX_OK) { - ngx_log_error(NGX_LOG_INFO, c->log, 0, - "client sent invalid base64 encoding " - "in AUTH LOGIN command"); - rc = NGX_MAIL_PARSE_INVALID_COMMAND; - break; - } - -#if (NGX_DEBUG_MAIL_PASSWD) - ngx_log_debug1(NGX_LOG_DEBUG_MAIL, c->log, 0, - "smtp auth login password: \"%V\"", &s->passwd); -#endif - - ngx_mail_do_auth(s); - return; - - case ngx_smtp_auth_plain: - arg = s->args.elts; - - rc = ngx_mail_decode_auth_plain(s, &arg[0]); - - if (rc == NGX_OK) { - ngx_mail_do_auth(s); - return; - } - - if (rc == NGX_ERROR) { - ngx_mail_session_internal_server_error(s); - return; - } - - /* rc == NGX_MAIL_PARSE_INVALID_COMMAND */ - - break; - - case ngx_smtp_auth_cram_md5: - arg = s->args.elts; - - ngx_log_debug1(NGX_LOG_DEBUG_MAIL, c->log, 0, - "smtp auth cram-md5: \"%V\"", &arg[0]); - - s->login.data = ngx_palloc(c->pool, - ngx_base64_decoded_length(arg[0].len)); - if (s->login.data == NULL){ - ngx_mail_session_internal_server_error(s); - return; - } - - if (ngx_decode_base64(&s->login, &arg[0]) != NGX_OK) { - ngx_log_error(NGX_LOG_INFO, c->log, 0, - "client sent invalid base64 encoding " - "in AUTH CRAM-MD5 command"); - rc = NGX_MAIL_PARSE_INVALID_COMMAND; - break; - } - - p = s->login.data; - last = p + s->login.len; - - while (p < last) { - if (*p++ == ' ') { - s->login.len = p - s->login.data - 1; - s->passwd.len = last - p; - s->passwd.data = p; - break; - } - } - - if (s->passwd.len != 32) { - ngx_log_error(NGX_LOG_INFO, c->log, 0, - "client sent invalid CRAM-MD5 hash " - "in AUTH CRAM-MD5 command"); - rc = NGX_MAIL_PARSE_INVALID_COMMAND; - break; - } - - ngx_log_debug2(NGX_LOG_DEBUG_MAIL, c->log, 0, - "smtp auth cram-md5: \"%V\" \"%V\"", - &s->login, &s->passwd); - - s->auth_method = NGX_MAIL_AUTH_CRAM_MD5; - - ngx_mail_do_auth(s); - return; + if (sslcf->starttls == NGX_MAIL_STARTTLS_ONLY) { + s->out = cscf->pop3_starttls_only_capability; + return NGX_OK; } } - if (rc == NGX_MAIL_PARSE_INVALID_COMMAND) { - s->mail_state = ngx_smtp_start; - s->state = 0; - text = smtp_invalid_command; - size = sizeof(smtp_invalid_command) - 1; - } +#endif - s->args.nelts = 0; - s->buffer->pos = s->buffer->start; - s->buffer->last = s->buffer->start; - - if (s->state) { - s->arg_start = s->buffer->start; - } - - s->out.data = text; - s->out.len = size; - - ngx_mail_send(c->write); + s->out = cscf->pop3_capability; + return NGX_OK; } static ngx_int_t -ngx_mail_decode_auth_plain(ngx_mail_session_t *s, ngx_str_t *encoded) +ngx_mail_pop3_stls(ngx_mail_session_t *s, ngx_connection_t *c) { - u_char *p, *last; - ngx_str_t plain; - -#if (NGX_DEBUG_MAIL_PASSWD) - ngx_log_debug1(NGX_LOG_DEBUG_MAIL, s->connection->log, 0, - "mail auth plain: \"%V\"", encoded); -#endif - - plain.data = ngx_palloc(s->connection->pool, - ngx_base64_decoded_length(encoded->len)); - if (plain.data == NULL){ - return NGX_ERROR; - } +#if (NGX_MAIL_SSL) + ngx_mail_ssl_conf_t *sslcf; - if (ngx_decode_base64(&plain, encoded) != NGX_OK) { - ngx_log_error(NGX_LOG_INFO, s->connection->log, 0, - "client sent invalid base64 encoding " - "in AUTH PLAIN command"); - return NGX_MAIL_PARSE_INVALID_COMMAND; - } - - p = plain.data; - last = p + plain.len; - - while (p < last && *p++) { /* void */ } - - if (p == last) { - ngx_log_error(NGX_LOG_INFO, s->connection->log, 0, - "client sent invalid login in AUTH PLAIN command"); - return NGX_MAIL_PARSE_INVALID_COMMAND; + if (c->ssl == NULL) { + sslcf = ngx_mail_get_module_srv_conf(s, ngx_mail_ssl_module); + if (sslcf->starttls) { + c->read->handler = ngx_mail_starttls_handler; + return NGX_OK; + } } - s->login.data = p; - - while (p < last && *p) { p++; } - - if (p == last) { - ngx_log_error(NGX_LOG_INFO, s->connection->log, 0, - "client sent invalid password in AUTH PLAIN command"); - return NGX_MAIL_PARSE_INVALID_COMMAND; - } - - s->login.len = p++ - s->login.data; - - s->passwd.len = last - p; - s->passwd.data = p; - -#if (NGX_DEBUG_MAIL_PASSWD) - ngx_log_debug2(NGX_LOG_DEBUG_MAIL, s->connection->log, 0, - "mail auth plain: \"%V\" \"%V\"", - &s->login, &s->passwd); #endif - return NGX_OK; -} - - -static void -ngx_mail_do_auth(ngx_mail_session_t *s) -{ - s->args.nelts = 0; - s->buffer->pos = s->buffer->start; - s->buffer->last = s->buffer->start; - s->state = 0; - - if (s->connection->read->timer_set) { - ngx_del_timer(s->connection->read); - } - - s->login_attempt++; - - ngx_mail_auth_http_init(s); + return NGX_MAIL_PARSE_INVALID_COMMAND; } static ngx_int_t -ngx_mail_read_command(ngx_mail_session_t *s) +ngx_mail_pop3_apop(ngx_mail_session_t *s, ngx_connection_t *c) { - ssize_t n; - ngx_int_t rc; - ngx_str_t l; - - n = s->connection->recv(s->connection, s->buffer->last, - s->buffer->end - s->buffer->last); - - if (n == NGX_ERROR || n == 0) { - ngx_mail_close_connection(s->connection); - return NGX_ERROR; - } - - if (n > 0) { - s->buffer->last += n; - } - - if (n == NGX_AGAIN) { - if (ngx_handle_read_event(s->connection->read, 0) == NGX_ERROR) { - ngx_mail_session_internal_server_error(s); - return NGX_ERROR; - } - - return NGX_AGAIN; - } - - switch (s->protocol) { - case NGX_MAIL_POP3_PROTOCOL: - rc = ngx_pop3_parse_command(s); - break; - - case NGX_MAIL_IMAP_PROTOCOL: - rc = ngx_imap_parse_command(s); - break; - - default: /* NGX_MAIL_SMTP_PROTOCOL */ - rc = ngx_smtp_parse_command(s); - break; - } - - if (rc == NGX_AGAIN) { - - if (s->buffer->last < s->buffer->end) { - return rc; - } + ngx_str_t *arg; + ngx_mail_core_srv_conf_t *cscf; +#if (NGX_MAIL_SSL) + ngx_mail_ssl_conf_t *sslcf; - l.len = s->buffer->last - s->buffer->start; - l.data = s->buffer->start; - - ngx_log_error(NGX_LOG_INFO, s->connection->log, 0, - "client sent too long command \"%V\"", &l); - - s->quit = 1; - - return NGX_MAIL_PARSE_INVALID_COMMAND; - } - - if (rc == NGX_IMAP_NEXT || rc == NGX_MAIL_PARSE_INVALID_COMMAND) { - return rc; - } - - if (rc == NGX_ERROR) { - ngx_mail_close_connection(s->connection); - return NGX_ERROR; - } - - return NGX_OK; -} - + if (c->ssl == NULL) { + sslcf = ngx_mail_get_module_srv_conf(s, ngx_mail_ssl_module); -void -ngx_mail_session_internal_server_error(ngx_mail_session_t *s) -{ - s->out = internal_server_errors[s->protocol]; - s->quit = 1; - - ngx_mail_send(s->connection->write); -} - - -void -ngx_mail_close_connection(ngx_connection_t *c) -{ - ngx_pool_t *pool; - - ngx_log_debug1(NGX_LOG_DEBUG_MAIL, c->log, 0, - "close mail connection: %d", c->fd); - -#if (NGX_MAIL_SSL) - - if (c->ssl) { - if (ngx_ssl_shutdown(c) == NGX_AGAIN) { - c->ssl->handler = ngx_mail_close_connection; - return; + if (sslcf->starttls == NGX_MAIL_STARTTLS_ONLY) { + return NGX_MAIL_PARSE_INVALID_COMMAND; } } #endif -#if (NGX_STAT_STUB) - ngx_atomic_fetch_add(ngx_stat_active, -1); -#endif + if (s->args.nelts != 2) { + return NGX_MAIL_PARSE_INVALID_COMMAND; + } + + cscf = ngx_mail_get_module_srv_conf(s, ngx_mail_core_module); - c->destroyed = 1; + if (!(cscf->pop3_auth_methods & NGX_MAIL_AUTH_APOP_ENABLED)) { + return NGX_MAIL_PARSE_INVALID_COMMAND; + } + + arg = s->args.elts; - pool = c->pool; + s->login.len = arg[0].len; + s->login.data = ngx_palloc(c->pool, s->login.len); + if (s->login.data == NULL) { + return NGX_ERROR; + } + + ngx_memcpy(s->login.data, arg[0].data, s->login.len); - ngx_close_connection(c); + s->passwd.len = arg[1].len; + s->passwd.data = ngx_palloc(c->pool, s->passwd.len); + if (s->passwd.data == NULL) { + return NGX_ERROR; + } - ngx_destroy_pool(pool); + ngx_memcpy(s->passwd.data, arg[1].data, s->passwd.len); + + ngx_log_debug2(NGX_LOG_DEBUG_MAIL, c->log, 0, + "pop3 apop: \"%V\" \"%V\"", &s->login, &s->passwd); + + s->auth_method = NGX_MAIL_AUTH_APOP; + + return NGX_DONE; } -static u_char * -ngx_mail_log_error(ngx_log_t *log, u_char *buf, size_t len) +static ngx_int_t +ngx_mail_pop3_auth(ngx_mail_session_t *s, ngx_connection_t *c) { - u_char *p; - ngx_mail_session_t *s; - ngx_mail_log_ctx_t *ctx; + size_t n; + u_char *p; + ngx_str_t *arg, salt; + ngx_mail_core_srv_conf_t *cscf; +#if (NGX_MAIL_SSL) + ngx_mail_ssl_conf_t *sslcf; + + if (c->ssl == NULL) { + sslcf = ngx_mail_get_module_srv_conf(s, ngx_mail_ssl_module); - if (log->action) { - p = ngx_snprintf(buf, len, " while %s", log->action); - len -= p - buf; - buf = p; + if (sslcf->starttls == NGX_MAIL_STARTTLS_ONLY) { + return NGX_MAIL_PARSE_INVALID_COMMAND; + } + } + +#endif + + cscf = ngx_mail_get_module_srv_conf(s, ngx_mail_core_module); + + if (s->args.nelts == 0) { + s->out = cscf->pop3_auth_capability; + s->state = 0; + + return NGX_OK; } - ctx = log->data; + arg = s->args.elts; + + if (arg[0].len == 5) { + + if (ngx_strncasecmp(arg[0].data, (u_char *) "LOGIN", 5) == 0) { + + if (s->args.nelts != 1) { + return NGX_MAIL_PARSE_INVALID_COMMAND; + } + + s->out.len = sizeof(pop3_username) - 1; + s->out.data = pop3_username; + s->mail_state = ngx_pop3_auth_login_username; + + return NGX_OK; + + } else if (ngx_strncasecmp(arg[0].data, (u_char *) "PLAIN", 5) == 0) { + + if (s->args.nelts == 1) { + + s->out.len = sizeof(pop3_next) - 1; + s->out.data = pop3_next; + s->mail_state = ngx_pop3_auth_plain; + + return NGX_OK; + } + + if (s->args.nelts == 2) { + + /* + * workaround for Eudora for Mac: it sends + * AUTH PLAIN [base64 encoded] + */ + + return ngx_mail_auth_plain(s, c, 1); + } - p = ngx_snprintf(buf, len, ", client: %V", ctx->client); - len -= p - buf; - buf = p; + return NGX_MAIL_PARSE_INVALID_COMMAND; + } + + } else if (arg[0].len == 8 + && ngx_strncasecmp(arg[0].data, (u_char *) "CRAM-MD5", 8) == 0) + { + if (s->args.nelts != 1) { + return NGX_MAIL_PARSE_INVALID_COMMAND; + } + + if (!(cscf->pop3_auth_methods & NGX_MAIL_AUTH_CRAM_MD5_ENABLED)) { + return NGX_MAIL_PARSE_INVALID_COMMAND; + } - s = ctx->session; + p = ngx_palloc(c->pool, + sizeof("+ " CRLF) - 1 + + ngx_base64_encoded_length(s->salt.len)); + if (p == NULL) { + return NGX_ERROR; + } + + p[0] = '+'; p[1]= ' '; + salt.data = &p[2]; + s->salt.len -= 2; - if (s == NULL) { - return p; + ngx_encode_base64(&salt, &s->salt); + + s->salt.len += 2; + n = 2 + salt.len; + p[n++] = CR; p[n++] = LF; + + s->out.len = n; + s->out.data = p; + s->mail_state = ngx_pop3_auth_cram_md5; + + return NGX_OK; } - p = ngx_snprintf(buf, len, ", server: %V", s->addr_text); - len -= p - buf; - buf = p; - - if (s->login.len == 0) { - return p; - } - - p = ngx_snprintf(buf, len, ", login: \"%V\"", &s->login); - len -= p - buf; - buf = p; - - if (s->proxy == NULL) { - return p; - } - - p = ngx_snprintf(buf, len, ", upstream: %V", s->proxy->upstream.name); - - return p; + return NGX_MAIL_PARSE_INVALID_COMMAND; } diff --git a/src/mail/ngx_mail_handler.c b/src/mail/ngx_mail_smtp_handler.c copy from src/mail/ngx_mail_handler.c copy to src/mail/ngx_mail_smtp_handler.c --- a/src/mail/ngx_mail_handler.c +++ b/src/mail/ngx_mail_smtp_handler.c @@ -10,43 +10,12 @@ #include -static void ngx_mail_init_session(ngx_connection_t *c); -static void ngx_mail_init_protocol(ngx_event_t *rev); -static ngx_int_t ngx_mail_decode_auth_plain(ngx_mail_session_t *s, - ngx_str_t *encoded); -static void ngx_mail_do_auth(ngx_mail_session_t *s); -static ngx_int_t ngx_mail_read_command(ngx_mail_session_t *s); -static u_char *ngx_mail_log_error(ngx_log_t *log, u_char *buf, size_t len); - -#if (NGX_MAIL_SSL) -static void ngx_mail_ssl_init_connection(ngx_ssl_t *ssl, ngx_connection_t *c); -static void ngx_mail_ssl_handshake_handler(ngx_connection_t *c); -#endif - +static ngx_int_t ngx_mail_smtp_helo(ngx_mail_session_t *s, ngx_connection_t *c); +static ngx_int_t ngx_mail_smtp_auth(ngx_mail_session_t *s, ngx_connection_t *c); +static ngx_int_t ngx_mail_smtp_mail(ngx_mail_session_t *s, ngx_connection_t *c); +static ngx_int_t ngx_mail_smtp_starttls(ngx_mail_session_t *s, + ngx_connection_t *c); -static ngx_str_t greetings[] = { - ngx_string("+OK POP3 ready" CRLF), - ngx_string("* OK IMAP4 ready" CRLF) - /* SMTP greeting */ -}; - -static ngx_str_t internal_server_errors[] = { - ngx_string("-ERR internal server error" CRLF), - ngx_string("* BAD internal server error" CRLF), - ngx_string("451 4.3.2 Internal server error" CRLF), -}; - -static u_char pop3_ok[] = "+OK" CRLF; -static u_char pop3_next[] = "+ " CRLF; -static u_char pop3_username[] = "+ VXNlcm5hbWU6" CRLF; -static u_char pop3_password[] = "+ UGFzc3dvcmQ6" CRLF; -static u_char pop3_invalid_command[] = "-ERR invalid command" CRLF; - -static u_char imap_star[] = "* "; -static u_char imap_ok[] = "OK completed" CRLF; -static u_char imap_next[] = "+ OK" CRLF; -static u_char imap_bye[] = "* BYE" CRLF; -static u_char imap_invalid_command[] = "BAD invalid command" CRLF; static u_char smtp_ok[] = "250 2.0.0 OK" CRLF; static u_char smtp_bye[] = "221 2.0.0 Bye" CRLF; @@ -59,345 +28,32 @@ static u_char smtp_auth_required[] = "5 void -ngx_mail_init_connection(ngx_connection_t *c) +ngx_mail_smtp_init_session(ngx_mail_session_t *s, ngx_connection_t *c) { - in_addr_t in_addr; - socklen_t len; - ngx_uint_t i; - struct sockaddr_in sin; - ngx_mail_log_ctx_t *ctx; - ngx_mail_in_port_t *imip; - ngx_mail_in_addr_t *imia; - ngx_mail_session_t *s; -#if (NGX_MAIL_SSL) - ngx_mail_ssl_conf_t *sslcf; -#endif - - - /* find the server configuration for the address:port */ - - /* AF_INET only */ - - imip = c->listening->servers; - imia = imip->addrs; - - i = 0; - - if (imip->naddrs > 1) { + ngx_mail_core_srv_conf_t *cscf; - /* - * There are several addresses on this port and one of them - * is the "*:port" wildcard so getsockname() is needed to determine - * the server address. - * - * AcceptEx() already gave this address. - */ - -#if (NGX_WIN32) - if (c->local_sockaddr) { - in_addr = - ((struct sockaddr_in *) c->local_sockaddr)->sin_addr.s_addr; + cscf = ngx_mail_get_module_srv_conf(s, ngx_mail_core_module); - } else -#endif - { - len = sizeof(struct sockaddr_in); - if (getsockname(c->fd, (struct sockaddr *) &sin, &len) == -1) { - ngx_connection_error(c, ngx_socket_errno, - "getsockname() failed"); - ngx_mail_close_connection(c); - return; - } - - in_addr = sin.sin_addr.s_addr; - } - - /* the last address is "*" */ - - for ( /* void */ ; i < imip->naddrs - 1; i++) { - if (in_addr == imia[i].addr) { - break; - } + if (cscf->smtp_auth_methods & NGX_MAIL_AUTH_CRAM_MD5_ENABLED) { + if (ngx_mail_salt(s, c, cscf) != NGX_OK) { + ngx_mail_session_internal_server_error(s); + return; } } - - s = ngx_pcalloc(c->pool, sizeof(ngx_mail_session_t)); - if (s == NULL) { - ngx_mail_close_connection(c); - return; - } - - s->main_conf = imia[i].ctx->main_conf; - s->srv_conf = imia[i].ctx->srv_conf; - - s->addr_text = &imia[i].addr_text; - - c->data = s; - s->connection = c; - - ngx_log_error(NGX_LOG_INFO, c->log, 0, "*%ui client %V connected to %V", - c->number, &c->addr_text, s->addr_text); - - ctx = ngx_palloc(c->pool, sizeof(ngx_mail_log_ctx_t)); - if (ctx == NULL) { - ngx_mail_close_connection(c); - return; - } - - ctx->client = &c->addr_text; - ctx->session = s; - - c->log->connection = c->number; - c->log->handler = ngx_mail_log_error; - c->log->data = ctx; - c->log->action = "sending client greeting line"; - - c->log_error = NGX_ERROR_INFO; - -#if (NGX_MAIL_SSL) - - sslcf = ngx_mail_get_module_srv_conf(s, ngx_mail_ssl_module); - - if (sslcf->enable) { - ngx_mail_ssl_init_connection(&sslcf->ssl, c); - return; - } - -#endif - - ngx_mail_init_session(c); -} - - -#if (NGX_MAIL_SSL) - -static void -ngx_mail_starttls_handler(ngx_event_t *rev) -{ - ngx_connection_t *c; - ngx_mail_session_t *s; - ngx_mail_ssl_conf_t *sslcf; - - c = rev->data; - s = c->data; - s->starttls = 1; - - c->log->action = "in starttls state"; - - sslcf = ngx_mail_get_module_srv_conf(s, ngx_mail_ssl_module); - - ngx_mail_ssl_init_connection(&sslcf->ssl, c); -} - - -static void -ngx_mail_ssl_init_connection(ngx_ssl_t *ssl, ngx_connection_t *c) -{ - ngx_mail_session_t *s; - ngx_mail_core_srv_conf_t *cscf; - - if (ngx_ssl_create_connection(ssl, c, 0) == NGX_ERROR) { - ngx_mail_close_connection(c); - return; - } - - if (ngx_ssl_handshake(c) == NGX_AGAIN) { - - s = c->data; - - cscf = ngx_mail_get_module_srv_conf(s, ngx_mail_core_module); - - ngx_add_timer(c->read, cscf->timeout); - - c->ssl->handler = ngx_mail_ssl_handshake_handler; - - return; - } - - ngx_mail_ssl_handshake_handler(c); -} - + c->read->handler = ngx_mail_smtp_init_protocol; -static void -ngx_mail_ssl_handshake_handler(ngx_connection_t *c) -{ - ngx_mail_session_t *s; - - if (c->ssl->handshaked) { - - s = c->data; - - if (s->starttls) { - c->read->handler = ngx_mail_init_protocol; - c->write->handler = ngx_mail_send; - - ngx_mail_init_protocol(c->read); - - return; - } - - ngx_mail_init_session(c); - return; - } - - ngx_mail_close_connection(c); -} - -#endif - - -static void -ngx_mail_init_session(ngx_connection_t *c) -{ - u_char *p; - ngx_mail_session_t *s; - ngx_mail_core_srv_conf_t *cscf; - - c->read->handler = ngx_mail_init_protocol; - c->write->handler = ngx_mail_send; - - s = c->data; - - cscf = ngx_mail_get_module_srv_conf(s, ngx_mail_core_module); - - s->protocol = cscf->protocol; - - s->ctx = ngx_pcalloc(c->pool, sizeof(void *) * ngx_mail_max_module); - if (s->ctx == NULL) { - ngx_mail_session_internal_server_error(s); - return; - } - - if (s->protocol == NGX_MAIL_SMTP_PROTOCOL) { - s->out = cscf->smtp_greeting; - - } else { - s->out = greetings[s->protocol]; - } - - if ((s->protocol == NGX_MAIL_POP3_PROTOCOL - && (cscf->pop3_auth_methods - & (NGX_MAIL_AUTH_APOP_ENABLED|NGX_MAIL_AUTH_CRAM_MD5_ENABLED))) - - || (s->protocol == NGX_MAIL_IMAP_PROTOCOL - && (cscf->imap_auth_methods & NGX_MAIL_AUTH_CRAM_MD5_ENABLED)) - - || (s->protocol == NGX_MAIL_SMTP_PROTOCOL - && (cscf->smtp_auth_methods & NGX_MAIL_AUTH_CRAM_MD5_ENABLED))) - { - s->salt.data = ngx_palloc(c->pool, - sizeof(" <18446744073709551616.@>" CRLF) - 1 - + NGX_TIME_T_LEN - + cscf->server_name.len); - if (s->salt.data == NULL) { - ngx_mail_session_internal_server_error(s); - return; - } - - s->salt.len = ngx_sprintf(s->salt.data, "<%ul.%T@%V>" CRLF, - ngx_random(), ngx_time(), &cscf->server_name) - - s->salt.data; - - if (s->protocol == NGX_MAIL_POP3_PROTOCOL) { - s->out.data = ngx_palloc(c->pool, - greetings[0].len + 1 + s->salt.len); - if (s->out.data == NULL) { - ngx_mail_session_internal_server_error(s); - return; - } - - p = ngx_cpymem(s->out.data, - greetings[0].data, greetings[0].len - 2); - *p++ = ' '; - p = ngx_cpymem(p, s->salt.data, s->salt.len); - - s->out.len = p - s->out.data; - } - } - - ngx_add_timer(c->read, cscf->timeout); - - if (ngx_handle_read_event(c->read, 0) == NGX_ERROR) { - ngx_mail_close_connection(c); - } + s->out = cscf->smtp_greeting; ngx_mail_send(c->write); } void -ngx_mail_send(ngx_event_t *wev) +ngx_mail_smtp_init_protocol(ngx_event_t *rev) { - ngx_int_t n; - ngx_connection_t *c; - ngx_mail_session_t *s; - ngx_mail_core_srv_conf_t *cscf; - - c = wev->data; - s = c->data; - - if (wev->timedout) { - ngx_log_error(NGX_LOG_INFO, c->log, NGX_ETIMEDOUT, "client timed out"); - c->timedout = 1; - ngx_mail_close_connection(c); - return; - } - - if (s->out.len == 0) { - if (ngx_handle_write_event(c->write, 0) == NGX_ERROR) { - ngx_mail_close_connection(c); - } - - return; - } - - n = c->send(c, s->out.data, s->out.len); - - if (n > 0) { - s->out.len -= n; - - if (wev->timer_set) { - ngx_del_timer(wev); - } - - if (s->quit) { - ngx_mail_close_connection(c); - return; - } - - if (s->blocked) { - c->read->handler(c->read); - } - - return; - } - - if (n == NGX_ERROR) { - ngx_mail_close_connection(c); - return; - } - - /* n == NGX_AGAIN */ - - cscf = ngx_mail_get_module_srv_conf(s, ngx_mail_core_module); - - ngx_add_timer(c->write, cscf->timeout); - - if (ngx_handle_write_event(c->write, 0) == NGX_ERROR) { - ngx_mail_close_connection(c); - return; - } -} - - -static void -ngx_mail_init_protocol(ngx_event_t *rev) -{ - size_t size; - ngx_connection_t *c; - ngx_mail_session_t *s; - ngx_mail_core_srv_conf_t *cscf; + ngx_connection_t *c; + ngx_mail_session_t *s; c = rev->data; @@ -412,28 +68,6 @@ ngx_mail_init_protocol(ngx_event_t *rev) s = c->data; - switch (s->protocol) { - - case NGX_MAIL_POP3_PROTOCOL: - size = 128; - s->mail_state = ngx_pop3_start; - c->read->handler = ngx_pop3_auth_state; - break; - - case NGX_MAIL_IMAP_PROTOCOL: - cscf = ngx_mail_get_module_srv_conf(s, ngx_mail_core_module); - size = cscf->imap_client_buffer_size; - s->mail_state = ngx_imap_start; - c->read->handler = ngx_imap_auth_state; - break; - - default: /* NGX_MAIL_SMTP_PROTOCOL */ - size = 512; - s->mail_state = ngx_smtp_start; - c->read->handler = ngx_smtp_auth_state; - break; - } - if (s->buffer == NULL) { if (ngx_array_init(&s->args, c->pool, 2, sizeof(ngx_str_t)) == NGX_ERROR) @@ -442,1039 +76,26 @@ ngx_mail_init_protocol(ngx_event_t *rev) return; } - s->buffer = ngx_create_temp_buf(c->pool, size); + s->buffer = ngx_create_temp_buf(c->pool, 512); if (s->buffer == NULL) { ngx_mail_session_internal_server_error(s); return; } } - c->read->handler(rev); -} - - -void -ngx_pop3_auth_state(ngx_event_t *rev) -{ - u_char *p, *last, *text; - ssize_t size; - ngx_int_t rc; - ngx_str_t *arg, salt; - ngx_connection_t *c; - ngx_mail_session_t *s; - ngx_mail_core_srv_conf_t *cscf; -#if (NGX_MAIL_SSL) - ngx_mail_ssl_conf_t *sslcf; -#endif - - c = rev->data; - s = c->data; - - ngx_log_debug0(NGX_LOG_DEBUG_MAIL, c->log, 0, "pop3 auth state"); - - if (rev->timedout) { - ngx_log_error(NGX_LOG_INFO, c->log, NGX_ETIMEDOUT, "client timed out"); - c->timedout = 1; - ngx_mail_close_connection(c); - return; - } - - if (s->out.len) { - ngx_log_debug0(NGX_LOG_DEBUG_MAIL, c->log, 0, "pop3 send handler busy"); - s->blocked = 1; - return; - } - - s->blocked = 0; - - rc = ngx_mail_read_command(s); - - if (rc == NGX_AGAIN || rc == NGX_ERROR) { - return; - } - - text = pop3_ok; - size = sizeof(pop3_ok) - 1; - - if (rc == NGX_OK) { - switch (s->mail_state) { - - case ngx_pop3_start: - - switch (s->command) { - - case NGX_POP3_USER: - -#if (NGX_MAIL_SSL) - - if (c->ssl == NULL) { - sslcf = ngx_mail_get_module_srv_conf(s, - ngx_mail_ssl_module); - - if (sslcf->starttls == NGX_MAIL_STARTTLS_ONLY) { - rc = NGX_MAIL_PARSE_INVALID_COMMAND; - break; - } - } -#endif - - if (s->args.nelts == 1) { - s->mail_state = ngx_pop3_user; - - arg = s->args.elts; - s->login.len = arg[0].len; - s->login.data = ngx_palloc(c->pool, s->login.len); - if (s->login.data == NULL) { - ngx_mail_session_internal_server_error(s); - return; - } - - ngx_memcpy(s->login.data, arg[0].data, s->login.len); - - ngx_log_debug1(NGX_LOG_DEBUG_MAIL, c->log, 0, - "pop3 login: \"%V\"", &s->login); - - break; - } - - rc = NGX_MAIL_PARSE_INVALID_COMMAND; - break; - - case NGX_POP3_CAPA: - cscf = ngx_mail_get_module_srv_conf(s, ngx_mail_core_module); - -#if (NGX_MAIL_SSL) - - if (c->ssl == NULL) { - sslcf = ngx_mail_get_module_srv_conf(s, - ngx_mail_ssl_module); - - if (sslcf->starttls == NGX_MAIL_STARTTLS_ON) { - size = cscf->pop3_starttls_capability.len; - text = cscf->pop3_starttls_capability.data; - break; - } - - if (sslcf->starttls == NGX_MAIL_STARTTLS_ONLY) { - size = cscf->pop3_starttls_only_capability.len; - text = cscf->pop3_starttls_only_capability.data; - break; - } - } -#endif - - size = cscf->pop3_capability.len; - text = cscf->pop3_capability.data; - break; - - case NGX_POP3_APOP: - -#if (NGX_MAIL_SSL) - - if (c->ssl == NULL) { - sslcf = ngx_mail_get_module_srv_conf(s, - ngx_mail_ssl_module); - - if (sslcf->starttls == NGX_MAIL_STARTTLS_ONLY) { - rc = NGX_MAIL_PARSE_INVALID_COMMAND; - break; - } - } -#endif - - cscf = ngx_mail_get_module_srv_conf(s, ngx_mail_core_module); - - if ((cscf->pop3_auth_methods & NGX_MAIL_AUTH_APOP_ENABLED) - && s->args.nelts == 2) - { - arg = s->args.elts; - - s->login.len = arg[0].len; - s->login.data = ngx_palloc(c->pool, s->login.len); - if (s->login.data == NULL) { - ngx_mail_session_internal_server_error(s); - return; - } - - ngx_memcpy(s->login.data, arg[0].data, s->login.len); - - s->passwd.len = arg[1].len; - s->passwd.data = ngx_palloc(c->pool, s->passwd.len); - if (s->passwd.data == NULL) { - ngx_mail_session_internal_server_error(s); - return; - } - - ngx_memcpy(s->passwd.data, arg[1].data, s->passwd.len); - - ngx_log_debug2(NGX_LOG_DEBUG_MAIL, c->log, 0, - "pop3 apop: \"%V\" \"%V\"", - &s->login, &s->passwd); - - s->auth_method = NGX_MAIL_AUTH_APOP; - - ngx_mail_do_auth(s); - return; - } - - rc = NGX_MAIL_PARSE_INVALID_COMMAND; - break; - - case NGX_POP3_AUTH: - -#if (NGX_MAIL_SSL) - - if (c->ssl == NULL) { - sslcf = ngx_mail_get_module_srv_conf(s, - ngx_mail_ssl_module); - - if (sslcf->starttls == NGX_MAIL_STARTTLS_ONLY) { - rc = NGX_MAIL_PARSE_INVALID_COMMAND; - break; - } - } -#endif - - cscf = ngx_mail_get_module_srv_conf(s, ngx_mail_core_module); - - if (s->args.nelts == 0) { - size = cscf->pop3_auth_capability.len; - text = cscf->pop3_auth_capability.data; - s->state = 0; - break; - } - - arg = s->args.elts; - - if (arg[0].len == 5) { - - if (ngx_strncasecmp(arg[0].data, (u_char *) "LOGIN", 5) - == 0) - { - - if (s->args.nelts != 1) { - rc = NGX_MAIL_PARSE_INVALID_COMMAND; - break; - } - - s->mail_state = ngx_pop3_auth_login_username; - - size = sizeof(pop3_username) - 1; - text = pop3_username; - - break; - - } else if (ngx_strncasecmp(arg[0].data, (u_char *) "PLAIN", - 5) - == 0) - { - - if (s->args.nelts == 1) { - s->mail_state = ngx_pop3_auth_plain; - - size = sizeof(pop3_next) - 1; - text = pop3_next; - - break; - } - - if (s->args.nelts == 2) { - - /* - * workaround for Eudora for Mac: it sends - * AUTH PLAIN [base64 encoded] - */ - - rc = ngx_mail_decode_auth_plain(s, &arg[1]); - - if (rc == NGX_OK) { - ngx_mail_do_auth(s); - return; - } - - if (rc == NGX_ERROR) { - ngx_mail_session_internal_server_error(s); - return; - } - - /* rc == NGX_MAIL_PARSE_INVALID_COMMAND */ - - break; - } - - rc = NGX_MAIL_PARSE_INVALID_COMMAND; - break; - } - - } else if (arg[0].len == 8 - && ngx_strncasecmp(arg[0].data, - (u_char *) "CRAM-MD5", 8) - == 0) - { - if (!(cscf->pop3_auth_methods - & NGX_MAIL_AUTH_CRAM_MD5_ENABLED) - || s->args.nelts != 1) - { - rc = NGX_MAIL_PARSE_INVALID_COMMAND; - break; - } - - s->mail_state = ngx_pop3_auth_cram_md5; - - text = ngx_palloc(c->pool, - sizeof("+ " CRLF) - 1 - + ngx_base64_encoded_length(s->salt.len)); - if (text == NULL) { - ngx_mail_session_internal_server_error(s); - return; - } - - text[0] = '+'; text[1]= ' '; - salt.data = &text[2]; - s->salt.len -= 2; - - ngx_encode_base64(&salt, &s->salt); - - s->salt.len += 2; - size = 2 + salt.len; - text[size++] = CR; text[size++] = LF; - - break; - } - - rc = NGX_MAIL_PARSE_INVALID_COMMAND; - break; - - case NGX_POP3_QUIT: - s->quit = 1; - break; - - case NGX_POP3_NOOP: - break; - -#if (NGX_MAIL_SSL) - - case NGX_POP3_STLS: - if (c->ssl == NULL) { - sslcf = ngx_mail_get_module_srv_conf(s, - ngx_mail_ssl_module); - if (sslcf->starttls) { - c->read->handler = ngx_mail_starttls_handler; - break; - } - } - - rc = NGX_MAIL_PARSE_INVALID_COMMAND; - break; -#endif - - default: - s->mail_state = ngx_pop3_start; - rc = NGX_MAIL_PARSE_INVALID_COMMAND; - break; - } - - break; - - case ngx_pop3_user: - - switch (s->command) { - - case NGX_POP3_PASS: - if (s->args.nelts == 1) { - arg = s->args.elts; - s->passwd.len = arg[0].len; - s->passwd.data = ngx_palloc(c->pool, s->passwd.len); - if (s->passwd.data == NULL) { - ngx_mail_session_internal_server_error(s); - return; - } - - ngx_memcpy(s->passwd.data, arg[0].data, s->passwd.len); - -#if (NGX_DEBUG_MAIL_PASSWD) - ngx_log_debug1(NGX_LOG_DEBUG_MAIL, c->log, 0, - "pop3 passwd: \"%V\"", &s->passwd); -#endif - - ngx_mail_do_auth(s); - return; - } - - rc = NGX_MAIL_PARSE_INVALID_COMMAND; - break; - - case NGX_POP3_CAPA: - cscf = ngx_mail_get_module_srv_conf(s, ngx_mail_core_module); - size = cscf->pop3_capability.len; - text = cscf->pop3_capability.data; - break; - - case NGX_POP3_QUIT: - s->quit = 1; - break; - - case NGX_POP3_NOOP: - break; - - default: - s->mail_state = ngx_pop3_start; - rc = NGX_MAIL_PARSE_INVALID_COMMAND; - break; - } - - break; - - /* suppress warinings */ - case ngx_pop3_passwd: - break; - - case ngx_pop3_auth_login_username: - arg = s->args.elts; - s->mail_state = ngx_pop3_auth_login_password; - - ngx_log_debug1(NGX_LOG_DEBUG_MAIL, c->log, 0, - "pop3 auth login username: \"%V\"", &arg[0]); - - s->login.data = ngx_palloc(c->pool, - ngx_base64_decoded_length(arg[0].len)); - if (s->login.data == NULL){ - ngx_mail_session_internal_server_error(s); - return; - } - - if (ngx_decode_base64(&s->login, &arg[0]) != NGX_OK) { - ngx_log_error(NGX_LOG_INFO, c->log, 0, - "client sent invalid base64 encoding " - "in AUTH LOGIN command"); - rc = NGX_MAIL_PARSE_INVALID_COMMAND; - break; - } - - ngx_log_debug1(NGX_LOG_DEBUG_MAIL, c->log, 0, - "pop3 auth login username: \"%V\"", &s->login); - - size = sizeof(pop3_password) - 1; - text = pop3_password; - - break; - - case ngx_pop3_auth_login_password: - arg = s->args.elts; - -#if (NGX_DEBUG_MAIL_PASSWD) - ngx_log_debug1(NGX_LOG_DEBUG_MAIL, c->log, 0, - "pop3 auth login password: \"%V\"", &arg[0]); -#endif - - s->passwd.data = ngx_palloc(c->pool, - ngx_base64_decoded_length(arg[0].len)); - if (s->passwd.data == NULL){ - ngx_mail_session_internal_server_error(s); - return; - } - - if (ngx_decode_base64(&s->passwd, &arg[0]) != NGX_OK) { - ngx_log_error(NGX_LOG_INFO, c->log, 0, - "client sent invalid base64 encoding " - "in AUTH LOGIN command"); - rc = NGX_MAIL_PARSE_INVALID_COMMAND; - break; - } - -#if (NGX_DEBUG_MAIL_PASSWD) - ngx_log_debug1(NGX_LOG_DEBUG_MAIL, c->log, 0, - "pop3 auth login password: \"%V\"", &s->passwd); -#endif - - ngx_mail_do_auth(s); - return; - - case ngx_pop3_auth_plain: - arg = s->args.elts; - - rc = ngx_mail_decode_auth_plain(s, &arg[0]); - - if (rc == NGX_OK) { - ngx_mail_do_auth(s); - return; - } - - if (rc == NGX_ERROR) { - ngx_mail_session_internal_server_error(s); - return; - } - - /* rc == NGX_MAIL_PARSE_INVALID_COMMAND */ - - break; - - case ngx_pop3_auth_cram_md5: - arg = s->args.elts; - - ngx_log_debug1(NGX_LOG_DEBUG_MAIL, c->log, 0, - "pop3 auth cram-md5: \"%V\"", &arg[0]); - - s->login.data = ngx_palloc(c->pool, - ngx_base64_decoded_length(arg[0].len)); - if (s->login.data == NULL){ - ngx_mail_session_internal_server_error(s); - return; - } - - if (ngx_decode_base64(&s->login, &arg[0]) != NGX_OK) { - ngx_log_error(NGX_LOG_INFO, c->log, 0, - "client sent invalid base64 encoding " - "in AUTH CRAM-MD5 command"); - rc = NGX_MAIL_PARSE_INVALID_COMMAND; - break; - } - - p = s->login.data; - last = p + s->login.len; - - while (p < last) { - if (*p++ == ' ') { - s->login.len = p - s->login.data - 1; - s->passwd.len = last - p; - s->passwd.data = p; - break; - } - } - - if (s->passwd.len != 32) { - ngx_log_error(NGX_LOG_INFO, c->log, 0, - "client sent invalid CRAM-MD5 hash " - "in AUTH CRAM-MD5 command"); - rc = NGX_MAIL_PARSE_INVALID_COMMAND; - break; - } - - ngx_log_debug2(NGX_LOG_DEBUG_MAIL, c->log, 0, - "pop3 auth cram-md5: \"%V\" \"%V\"", - &s->login, &s->passwd); + s->mail_state = ngx_smtp_start; + c->read->handler = ngx_smtp_auth_state; - s->auth_method = NGX_MAIL_AUTH_CRAM_MD5; - - ngx_mail_do_auth(s); - return; - } - } - - if (rc == NGX_MAIL_PARSE_INVALID_COMMAND) { - s->mail_state = ngx_pop3_start; - s->state = 0; - text = pop3_invalid_command; - size = sizeof(pop3_invalid_command) - 1; - } - - s->args.nelts = 0; - s->buffer->pos = s->buffer->start; - s->buffer->last = s->buffer->start; - - if (s->state) { - s->arg_start = s->buffer->start; - } - - s->out.data = text; - s->out.len = size; - - ngx_mail_send(c->write); -} - - -void -ngx_imap_auth_state(ngx_event_t *rev) -{ - u_char *p, *last, *text, *dst, *src, *end; - ssize_t text_len, last_len; - ngx_str_t *arg, salt; - ngx_int_t rc; - ngx_uint_t tag, i; - ngx_connection_t *c; - ngx_mail_session_t *s; - ngx_mail_core_srv_conf_t *cscf; -#if (NGX_MAIL_SSL) - ngx_mail_ssl_conf_t *sslcf; -#endif - - c = rev->data; - s = c->data; - - ngx_log_debug0(NGX_LOG_DEBUG_MAIL, c->log, 0, "imap auth state"); - - if (rev->timedout) { - ngx_log_error(NGX_LOG_INFO, c->log, NGX_ETIMEDOUT, "client timed out"); - c->timedout = 1; - ngx_mail_close_connection(c); - return; - } - - if (s->out.len) { - ngx_log_debug0(NGX_LOG_DEBUG_MAIL, c->log, 0, "imap send handler busy"); - s->blocked = 1; - return; - } - - s->blocked = 0; - - rc = ngx_mail_read_command(s); - - if (rc == NGX_AGAIN || rc == NGX_ERROR) { - return; - } - - tag = 1; - - text = NULL; - text_len = 0; - - last = imap_ok; - last_len = sizeof(imap_ok) - 1; - - if (rc == NGX_OK) { - - ngx_log_debug1(NGX_LOG_DEBUG_MAIL, c->log, 0, "imap auth command: %i", - s->command); - - if (s->backslash) { - - arg = s->args.elts; - - for (i = 0; i < s->args.nelts; i++) { - dst = arg[i].data; - end = dst + arg[i].len; - - for (src = dst; src < end; dst++) { - *dst = *src; - if (*src++ == '\\') { - *dst = *src++; - } - } - - arg[i].len = dst - arg[i].data; - } - - s->backslash = 0; - } - - switch (s->mail_state) { - - case ngx_imap_start: - - switch (s->command) { - - case NGX_IMAP_LOGIN: - -#if (NGX_MAIL_SSL) - - if (c->ssl == NULL) { - sslcf = ngx_mail_get_module_srv_conf(s, ngx_mail_ssl_module); - - if (sslcf->starttls == NGX_MAIL_STARTTLS_ONLY) { - rc = NGX_MAIL_PARSE_INVALID_COMMAND; - break; - } - } -#endif - - arg = s->args.elts; - - if (s->args.nelts == 2 && arg[0].len) { - - s->login.len = arg[0].len; - s->login.data = ngx_palloc(c->pool, s->login.len); - if (s->login.data == NULL) { - ngx_mail_session_internal_server_error(s); - return; - } - - ngx_memcpy(s->login.data, arg[0].data, s->login.len); - - s->passwd.len = arg[1].len; - s->passwd.data = ngx_palloc(c->pool, s->passwd.len); - if (s->passwd.data == NULL) { - ngx_mail_session_internal_server_error(s); - return; - } - - ngx_memcpy(s->passwd.data, arg[1].data, s->passwd.len); - -#if (NGX_DEBUG_MAIL_PASSWD) - ngx_log_debug2(NGX_LOG_DEBUG_MAIL, c->log, 0, - "imap login:\"%V\" passwd:\"%V\"", - &s->login, &s->passwd); -#else - ngx_log_debug1(NGX_LOG_DEBUG_MAIL, c->log, 0, - "imap login:\"%V\"", &s->login); -#endif - - ngx_mail_do_auth(s); - return; - } - - rc = NGX_MAIL_PARSE_INVALID_COMMAND; - break; - - case NGX_IMAP_AUTHENTICATE: - -#if (NGX_MAIL_SSL) - - if (c->ssl == NULL) { - sslcf = ngx_mail_get_module_srv_conf(s, ngx_mail_ssl_module); - - if (sslcf->starttls == NGX_MAIL_STARTTLS_ONLY) { - rc = NGX_MAIL_PARSE_INVALID_COMMAND; - break; - } - } -#endif - - if (s->args.nelts != 1) { - rc = NGX_MAIL_PARSE_INVALID_COMMAND; - break; - } - - arg = s->args.elts; - - if (arg[0].len == 5) { - - if (ngx_strncasecmp(arg[0].data, (u_char *) "LOGIN", 5) - == 0) - { - - s->mail_state = ngx_imap_auth_login_username; - - last_len = sizeof(pop3_username) - 1; - last = pop3_username; - tag = 0; - - break; - - } else if (ngx_strncasecmp(arg[0].data, (u_char *) "PLAIN", - 5) - == 0) - { - - s->mail_state = ngx_imap_auth_plain; - - last_len = sizeof(pop3_next) - 1; - last = pop3_next; - tag = 0; - - break; - } - - } else if (arg[0].len == 8 - && ngx_strncasecmp(arg[0].data, - (u_char *) "CRAM-MD5", 8) - == 0) - { - cscf = ngx_mail_get_module_srv_conf(s, ngx_mail_core_module); - - if (!(cscf->imap_auth_methods - & NGX_MAIL_AUTH_CRAM_MD5_ENABLED) - || s->args.nelts != 1) - { - rc = NGX_MAIL_PARSE_INVALID_COMMAND; - break; - } - - s->mail_state = ngx_imap_auth_cram_md5; - - last = ngx_palloc(c->pool, - sizeof("+ " CRLF) - 1 - + ngx_base64_encoded_length(s->salt.len)); - if (last == NULL) { - ngx_mail_session_internal_server_error(s); - return; - } - - last[0] = '+'; last[1]= ' '; - salt.data = &last[2]; - s->salt.len -= 2; - - ngx_encode_base64(&salt, &s->salt); - - s->salt.len += 2; - last_len = 2 + salt.len; - last[last_len++] = CR; last[last_len++] = LF; - tag = 0; - - break; - } - - rc = NGX_MAIL_PARSE_INVALID_COMMAND; - break; - - case NGX_IMAP_CAPABILITY: - cscf = ngx_mail_get_module_srv_conf(s, ngx_mail_core_module); - -#if (NGX_MAIL_SSL) - - if (c->ssl == NULL) { - sslcf = ngx_mail_get_module_srv_conf(s, ngx_mail_ssl_module); - - if (sslcf->starttls == NGX_MAIL_STARTTLS_ON) { - text_len = cscf->imap_starttls_capability.len; - text = cscf->imap_starttls_capability.data; - break; - } - - if (sslcf->starttls == NGX_MAIL_STARTTLS_ONLY) { - text_len = cscf->imap_starttls_only_capability.len; - text = cscf->imap_starttls_only_capability.data; - break; - } - } -#endif - - text_len = cscf->imap_capability.len; - text = cscf->imap_capability.data; - break; - - case NGX_IMAP_LOGOUT: - s->quit = 1; - text = imap_bye; - text_len = sizeof(imap_bye) - 1; - break; - - case NGX_IMAP_NOOP: - break; - -#if (NGX_MAIL_SSL) - - case NGX_IMAP_STARTTLS: - if (c->ssl == NULL) { - sslcf = ngx_mail_get_module_srv_conf(s, ngx_mail_ssl_module); - if (sslcf->starttls) { - c->read->handler = ngx_mail_starttls_handler; - break; - } - } - - rc = NGX_MAIL_PARSE_INVALID_COMMAND; - break; -#endif - - default: - rc = NGX_MAIL_PARSE_INVALID_COMMAND; - break; - } - - break; - - case ngx_imap_auth_login_username: - arg = s->args.elts; - s->mail_state = ngx_imap_auth_login_password; - - ngx_log_debug1(NGX_LOG_DEBUG_MAIL, c->log, 0, - "imap auth login username: \"%V\"", &arg[0]); - - s->login.data = ngx_palloc(c->pool, - ngx_base64_decoded_length(arg[0].len)); - if (s->login.data == NULL){ - ngx_mail_session_internal_server_error(s); - return; - } - - if (ngx_decode_base64(&s->login, &arg[0]) != NGX_OK) { - ngx_log_error(NGX_LOG_INFO, c->log, 0, - "client sent invalid base64 encoding " - "in AUTH LOGIN command"); - rc = NGX_MAIL_PARSE_INVALID_COMMAND; - break; - } - - ngx_log_debug1(NGX_LOG_DEBUG_MAIL, c->log, 0, - "imap auth login username: \"%V\"", &s->login); - - last_len = sizeof(pop3_password) - 1; - last = pop3_password; - tag = 0; - - break; - - case ngx_imap_auth_login_password: - arg = s->args.elts; - -#if (NGX_DEBUG_MAIL_PASSWD) - ngx_log_debug1(NGX_LOG_DEBUG_MAIL, c->log, 0, - "imap auth login password: \"%V\"", &arg[0]); -#endif - - s->passwd.data = ngx_palloc(c->pool, - ngx_base64_decoded_length(arg[0].len)); - if (s->passwd.data == NULL){ - ngx_mail_session_internal_server_error(s); - return; - } - - if (ngx_decode_base64(&s->passwd, &arg[0]) != NGX_OK) { - ngx_log_error(NGX_LOG_INFO, c->log, 0, - "client sent invalid base64 encoding " - "in AUTH LOGIN command"); - rc = NGX_MAIL_PARSE_INVALID_COMMAND; - break; - } - -#if (NGX_DEBUG_MAIL_PASSWD) - ngx_log_debug1(NGX_LOG_DEBUG_MAIL, c->log, 0, - "imap auth login password: \"%V\"", &s->passwd); -#endif - - ngx_mail_do_auth(s); - return; - - case ngx_imap_auth_plain: - arg = s->args.elts; - - rc = ngx_mail_decode_auth_plain(s, &arg[0]); - - if (rc == NGX_OK) { - ngx_mail_do_auth(s); - return; - } - - if (rc == NGX_ERROR) { - ngx_mail_session_internal_server_error(s); - return; - } - - /* rc == NGX_MAIL_PARSE_INVALID_COMMAND */ - - break; - - case ngx_imap_auth_cram_md5: - arg = s->args.elts; - - ngx_log_debug1(NGX_LOG_DEBUG_MAIL, c->log, 0, - "imap auth cram-md5: \"%V\"", &arg[0]); - - s->login.data = ngx_palloc(c->pool, - ngx_base64_decoded_length(arg[0].len)); - if (s->login.data == NULL){ - ngx_mail_session_internal_server_error(s); - return; - } - - if (ngx_decode_base64(&s->login, &arg[0]) != NGX_OK) { - ngx_log_error(NGX_LOG_INFO, c->log, 0, - "client sent invalid base64 encoding " - "in AUTH CRAM-MD5 command"); - rc = NGX_MAIL_PARSE_INVALID_COMMAND; - break; - } - - p = s->login.data; - last = p + s->login.len; - - while (p < last) { - if (*p++ == ' ') { - s->login.len = p - s->login.data - 1; - s->passwd.len = last - p; - s->passwd.data = p; - break; - } - } - - if (s->passwd.len != 32) { - ngx_log_error(NGX_LOG_INFO, c->log, 0, - "client sent invalid CRAM-MD5 hash " - "in AUTH CRAM-MD5 command"); - rc = NGX_MAIL_PARSE_INVALID_COMMAND; - break; - } - - ngx_log_debug2(NGX_LOG_DEBUG_MAIL, c->log, 0, - "imap auth cram-md5: \"%V\" \"%V\"", - &s->login, &s->passwd); - - s->auth_method = NGX_MAIL_AUTH_CRAM_MD5; - - ngx_mail_do_auth(s); - return; - } - - } else if (rc == NGX_IMAP_NEXT) { - last = imap_next; - last_len = sizeof(imap_next) - 1; - tag = 0; - } - - if (rc == NGX_MAIL_PARSE_INVALID_COMMAND) { - s->mail_state = ngx_imap_start; - s->state = 0; - last = imap_invalid_command; - last_len = sizeof(imap_invalid_command) - 1; - } - - if (tag) { - if (s->tag.len == 0) { - s->tag.len = sizeof(imap_star) - 1; - s->tag.data = (u_char *) imap_star; - } - - if (s->tagged_line.len < s->tag.len + text_len + last_len) { - s->tagged_line.len = s->tag.len + text_len + last_len; - s->tagged_line.data = ngx_palloc(c->pool, s->tagged_line.len); - if (s->tagged_line.data == NULL) { - ngx_mail_close_connection(c); - return; - } - } - - s->out.data = s->tagged_line.data; - s->out.len = s->tag.len + text_len + last_len; - - p = s->out.data; - - if (text) { - p = ngx_cpymem(p, text, text_len); - } - p = ngx_cpymem(p, s->tag.data, s->tag.len); - ngx_memcpy(p, last, last_len); - - - } else { - s->out.data = last; - s->out.len = last_len; - } - - if (rc != NGX_IMAP_NEXT) { - s->args.nelts = 0; - - if (s->state) { - /* preserve tag */ - s->arg_start = s->buffer->start + s->tag.len; - s->buffer->pos = s->arg_start; - s->buffer->last = s->arg_start; - - } else { - s->buffer->pos = s->buffer->start; - s->buffer->last = s->buffer->start; - s->tag.len = 0; - } - } - - ngx_mail_send(c->write); + ngx_smtp_auth_state(rev); } void ngx_smtp_auth_state(ngx_event_t *rev) { - u_char *p, *last, *text, ch; - ssize_t size; - ngx_int_t rc; - ngx_str_t *arg, salt, l; - ngx_uint_t i; - ngx_connection_t *c; - ngx_mail_session_t *s; - ngx_mail_core_srv_conf_t *cscf; -#if (NGX_MAIL_SSL) - ngx_mail_ssl_conf_t *sslcf; -#endif + ngx_int_t rc; + ngx_connection_t *c; + ngx_mail_session_t *s; c = rev->data; s = c->data; @@ -1502,8 +123,8 @@ ngx_smtp_auth_state(ngx_event_t *rev) return; } - text = NULL; - size = 0; + s->out.len = sizeof(smtp_ok) - 1; + s->out.data = smtp_ok; if (rc == NGX_OK) { switch (s->mail_state) { @@ -1514,251 +135,30 @@ ngx_smtp_auth_state(ngx_event_t *rev) case NGX_SMTP_HELO: case NGX_SMTP_EHLO: - cscf = ngx_mail_get_module_srv_conf(s, ngx_mail_core_module); - - if (s->args.nelts != 1) { - text = smtp_invalid_argument; - size = sizeof(smtp_invalid_argument) - 1; - s->state = 0; - break; - } - - arg = s->args.elts; - - s->smtp_helo.len = arg[0].len; - - s->smtp_helo.data = ngx_palloc(c->pool, arg[0].len); - if (s->smtp_helo.data == NULL) { - ngx_mail_session_internal_server_error(s); - return; - } - - ngx_memcpy(s->smtp_helo.data, arg[0].data, arg[0].len); - - if (s->command == NGX_SMTP_HELO) { - size = cscf->smtp_server_name.len; - text = cscf->smtp_server_name.data; - - } else { - s->esmtp = 1; - -#if (NGX_MAIL_SSL) - - if (c->ssl == NULL) { - sslcf = ngx_mail_get_module_srv_conf(s, ngx_mail_ssl_module); - - if (sslcf->starttls == NGX_MAIL_STARTTLS_ON) { - size = cscf->smtp_starttls_capability.len; - text = cscf->smtp_starttls_capability.data; - break; - } - - if (sslcf->starttls == NGX_MAIL_STARTTLS_ONLY) { - size = cscf->smtp_starttls_only_capability.len; - text = cscf->smtp_starttls_only_capability.data; - break; - } - } -#endif - - size = cscf->smtp_capability.len; - text = cscf->smtp_capability.data; - } - + rc = ngx_mail_smtp_helo(s, c); break; case NGX_SMTP_AUTH: - -#if (NGX_MAIL_SSL) - - if (c->ssl == NULL) { - sslcf = ngx_mail_get_module_srv_conf(s, ngx_mail_ssl_module); - - if (sslcf->starttls == NGX_MAIL_STARTTLS_ONLY) { - rc = NGX_MAIL_PARSE_INVALID_COMMAND; - break; - } - } -#endif - - if (s->args.nelts == 0) { - text = smtp_invalid_argument; - size = sizeof(smtp_invalid_argument) - 1; - s->state = 0; - break; - } - - arg = s->args.elts; - - if (arg[0].len == 5) { - - if (ngx_strncasecmp(arg[0].data, (u_char *) "LOGIN", 5) - == 0) - { - - if (s->args.nelts != 1) { - rc = NGX_MAIL_PARSE_INVALID_COMMAND; - break; - } - - s->mail_state = ngx_smtp_auth_login_username; - - size = sizeof(smtp_username) - 1; - text = smtp_username; - - break; - - } else if (ngx_strncasecmp(arg[0].data, (u_char *) "PLAIN", - 5) - == 0) - { - if (s->args.nelts == 1) { - s->mail_state = ngx_smtp_auth_plain; - - size = sizeof(smtp_next) - 1; - text = smtp_next; - - break; - } - - if (s->args.nelts == 2) { - - rc = ngx_mail_decode_auth_plain(s, &arg[1]); - - if (rc == NGX_OK) { - ngx_mail_do_auth(s); - return; - } - - if (rc == NGX_ERROR) { - ngx_mail_session_internal_server_error(s); - return; - } - - /* rc == NGX_MAIL_PARSE_INVALID_COMMAND */ - - break; - } - - rc = NGX_MAIL_PARSE_INVALID_COMMAND; - break; - } - - } else if (arg[0].len == 8 - && ngx_strncasecmp(arg[0].data, - (u_char *) "CRAM-MD5", 8) - == 0) - { - cscf = ngx_mail_get_module_srv_conf(s, - ngx_mail_core_module); - - if (!(cscf->smtp_auth_methods - & NGX_MAIL_AUTH_CRAM_MD5_ENABLED) - || s->args.nelts != 1) - { - rc = NGX_MAIL_PARSE_INVALID_COMMAND; - break; - } - - s->mail_state = ngx_smtp_auth_cram_md5; - - text = ngx_palloc(c->pool, - sizeof("334 " CRLF) - 1 - + ngx_base64_encoded_length(s->salt.len)); - if (text == NULL) { - ngx_mail_session_internal_server_error(s); - return; - } - - text[0] = '3'; text[1]= '3'; text[2] = '4'; text[3]= ' '; - salt.data = &text[4]; - s->salt.len -= 2; - - ngx_encode_base64(&salt, &s->salt); - - s->salt.len += 2; - size = 4 + salt.len; - text[size++] = CR; text[size++] = LF; - - break; - } - - rc = NGX_MAIL_PARSE_INVALID_COMMAND; + rc = ngx_mail_smtp_auth(s, c); break; case NGX_SMTP_QUIT: s->quit = 1; - text = smtp_bye; - size = sizeof(smtp_bye) - 1; + s->out.len = sizeof(smtp_bye) - 1; + s->out.data = smtp_bye; break; case NGX_SMTP_MAIL: - - if (s->connection->log->log_level >= NGX_LOG_INFO) { - l.len = s->buffer->last - s->buffer->start; - l.data = s->buffer->start; - - for (i = 0; i < l.len; i++) { - ch = l.data[i]; - - if (ch != CR && ch != LF) { - continue; - } - - l.data[i] = ' '; - } - - while (i) { - if (l.data[i - 1] != ' ') { - break; - } - - i--; - } - - l.len = i; - - ngx_log_error(NGX_LOG_INFO, s->connection->log, 0, - "client was rejected: \"%V\"", &l); - } - - text = smtp_auth_required; - size = sizeof(smtp_auth_required) - 1; + rc = ngx_mail_smtp_mail(s, c); break; case NGX_SMTP_NOOP: case NGX_SMTP_RSET: - text = smtp_ok; - size = sizeof(smtp_ok) - 1; break; -#if (NGX_MAIL_SSL) - case NGX_SMTP_STARTTLS: - if (c->ssl == NULL) { - sslcf = ngx_mail_get_module_srv_conf(s, - ngx_mail_ssl_module); - if (sslcf->starttls) { - c->read->handler = ngx_mail_starttls_handler; - - /* - * RFC3207 requires us to discard any knowledge - * obtained from client before STARTTLS. - */ - - s->smtp_helo.len = 0; - s->smtp_helo.data = NULL; - - text = smtp_ok; - size = sizeof(smtp_ok) - 1; - - break; - } - } - - rc = NGX_MAIL_PARSE_INVALID_COMMAND; + rc = ngx_mail_smtp_starttls(s, c); break; -#endif default: rc = NGX_MAIL_PARSE_INVALID_COMMAND; @@ -1768,394 +168,282 @@ ngx_smtp_auth_state(ngx_event_t *rev) break; case ngx_smtp_auth_login_username: - arg = s->args.elts; - s->mail_state = ngx_smtp_auth_login_password; - - ngx_log_debug1(NGX_LOG_DEBUG_MAIL, c->log, 0, - "smtp auth login username: \"%V\"", &arg[0]); - - s->login.data = ngx_palloc(c->pool, - ngx_base64_decoded_length(arg[0].len)); - if (s->login.data == NULL){ - ngx_mail_session_internal_server_error(s); - return; - } + rc = ngx_mail_auth_login_username(s, c); - if (ngx_decode_base64(&s->login, &arg[0]) != NGX_OK) { - ngx_log_error(NGX_LOG_INFO, c->log, 0, - "client sent invalid base64 encoding " - "in AUTH LOGIN command"); - rc = NGX_MAIL_PARSE_INVALID_COMMAND; - break; - } - - ngx_log_debug1(NGX_LOG_DEBUG_MAIL, c->log, 0, - "smtp auth login username: \"%V\"", &s->login); - - size = sizeof(smtp_password) - 1; - text = smtp_password; - + s->out.len = sizeof(smtp_password) - 1; + s->out.data = smtp_password; + s->mail_state = ngx_smtp_auth_login_password; break; case ngx_smtp_auth_login_password: - arg = s->args.elts; - -#if (NGX_DEBUG_MAIL_PASSWD) - ngx_log_debug1(NGX_LOG_DEBUG_MAIL, c->log, 0, - "smtp auth login password: \"%V\"", &arg[0]); -#endif - - s->passwd.data = ngx_palloc(c->pool, - ngx_base64_decoded_length(arg[0].len)); - if (s->passwd.data == NULL){ - ngx_mail_session_internal_server_error(s); - return; - } - - if (ngx_decode_base64(&s->passwd, &arg[0]) != NGX_OK) { - ngx_log_error(NGX_LOG_INFO, c->log, 0, - "client sent invalid base64 encoding " - "in AUTH LOGIN command"); - rc = NGX_MAIL_PARSE_INVALID_COMMAND; - break; - } - -#if (NGX_DEBUG_MAIL_PASSWD) - ngx_log_debug1(NGX_LOG_DEBUG_MAIL, c->log, 0, - "smtp auth login password: \"%V\"", &s->passwd); -#endif - - ngx_mail_do_auth(s); - return; + rc = ngx_mail_auth_login_password(s, c); + break; case ngx_smtp_auth_plain: - arg = s->args.elts; - - rc = ngx_mail_decode_auth_plain(s, &arg[0]); - - if (rc == NGX_OK) { - ngx_mail_do_auth(s); - return; - } - - if (rc == NGX_ERROR) { - ngx_mail_session_internal_server_error(s); - return; - } - - /* rc == NGX_MAIL_PARSE_INVALID_COMMAND */ - + rc = ngx_mail_auth_plain(s, c, 0); break; case ngx_smtp_auth_cram_md5: - arg = s->args.elts; - - ngx_log_debug1(NGX_LOG_DEBUG_MAIL, c->log, 0, - "smtp auth cram-md5: \"%V\"", &arg[0]); - - s->login.data = ngx_palloc(c->pool, - ngx_base64_decoded_length(arg[0].len)); - if (s->login.data == NULL){ - ngx_mail_session_internal_server_error(s); - return; - } - - if (ngx_decode_base64(&s->login, &arg[0]) != NGX_OK) { - ngx_log_error(NGX_LOG_INFO, c->log, 0, - "client sent invalid base64 encoding " - "in AUTH CRAM-MD5 command"); - rc = NGX_MAIL_PARSE_INVALID_COMMAND; - break; - } - - p = s->login.data; - last = p + s->login.len; - - while (p < last) { - if (*p++ == ' ') { - s->login.len = p - s->login.data - 1; - s->passwd.len = last - p; - s->passwd.data = p; - break; - } - } - - if (s->passwd.len != 32) { - ngx_log_error(NGX_LOG_INFO, c->log, 0, - "client sent invalid CRAM-MD5 hash " - "in AUTH CRAM-MD5 command"); - rc = NGX_MAIL_PARSE_INVALID_COMMAND; - break; - } - - ngx_log_debug2(NGX_LOG_DEBUG_MAIL, c->log, 0, - "smtp auth cram-md5: \"%V\" \"%V\"", - &s->login, &s->passwd); - - s->auth_method = NGX_MAIL_AUTH_CRAM_MD5; - - ngx_mail_do_auth(s); - return; + rc = ngx_mail_auth_cram_md5(s, c); + break; } } - if (rc == NGX_MAIL_PARSE_INVALID_COMMAND) { + switch (rc) { + + case NGX_DONE: + ngx_mail_auth(s); + return; + + case NGX_ERROR: + ngx_mail_session_internal_server_error(s); + return; + + case NGX_MAIL_PARSE_INVALID_COMMAND: s->mail_state = ngx_smtp_start; - s->state = 0; - text = smtp_invalid_command; - size = sizeof(smtp_invalid_command) - 1; - } + s->state = 0; - s->args.nelts = 0; - s->buffer->pos = s->buffer->start; - s->buffer->last = s->buffer->start; + s->out.len = sizeof(smtp_invalid_command) - 1; + s->out.data = smtp_invalid_command; + + /* fall through */ - if (s->state) { - s->arg_start = s->buffer->start; - } + case NGX_OK: + s->args.nelts = 0; + s->buffer->pos = s->buffer->start; + s->buffer->last = s->buffer->start; - s->out.data = text; - s->out.len = size; + if (s->state) { + s->arg_start = s->buffer->start; + } - ngx_mail_send(c->write); + ngx_mail_send(c->write); + } } static ngx_int_t -ngx_mail_decode_auth_plain(ngx_mail_session_t *s, ngx_str_t *encoded) +ngx_mail_smtp_helo(ngx_mail_session_t *s, ngx_connection_t *c) { - u_char *p, *last; - ngx_str_t plain; - -#if (NGX_DEBUG_MAIL_PASSWD) - ngx_log_debug1(NGX_LOG_DEBUG_MAIL, s->connection->log, 0, - "mail auth plain: \"%V\"", encoded); + ngx_str_t *arg; + ngx_mail_core_srv_conf_t *cscf; +#if (NGX_MAIL_SSL) + ngx_mail_ssl_conf_t *sslcf; #endif - plain.data = ngx_palloc(s->connection->pool, - ngx_base64_decoded_length(encoded->len)); - if (plain.data == NULL){ + cscf = ngx_mail_get_module_srv_conf(s, ngx_mail_core_module); + + if (s->args.nelts != 1) { + s->out.len = sizeof(smtp_invalid_argument) - 1; + s->out.data = smtp_invalid_argument; + s->state = 0; + return NGX_OK; + } + + arg = s->args.elts; + + s->smtp_helo.len = arg[0].len; + + s->smtp_helo.data = ngx_palloc(c->pool, arg[0].len); + if (s->smtp_helo.data == NULL) { return NGX_ERROR; } - if (ngx_decode_base64(&plain, encoded) != NGX_OK) { - ngx_log_error(NGX_LOG_INFO, s->connection->log, 0, - "client sent invalid base64 encoding " - "in AUTH PLAIN command"); - return NGX_MAIL_PARSE_INVALID_COMMAND; - } + ngx_memcpy(s->smtp_helo.data, arg[0].data, arg[0].len); + + if (s->command == NGX_SMTP_HELO) { + s->out = cscf->smtp_server_name; - p = plain.data; - last = p + plain.len; - - while (p < last && *p++) { /* void */ } + } else { + s->esmtp = 1; - if (p == last) { - ngx_log_error(NGX_LOG_INFO, s->connection->log, 0, - "client sent invalid login in AUTH PLAIN command"); - return NGX_MAIL_PARSE_INVALID_COMMAND; - } +#if (NGX_MAIL_SSL) - s->login.data = p; - - while (p < last && *p) { p++; } - - if (p == last) { - ngx_log_error(NGX_LOG_INFO, s->connection->log, 0, - "client sent invalid password in AUTH PLAIN command"); - return NGX_MAIL_PARSE_INVALID_COMMAND; - } + if (c->ssl == NULL) { + sslcf = ngx_mail_get_module_srv_conf(s, ngx_mail_ssl_module); - s->login.len = p++ - s->login.data; - - s->passwd.len = last - p; - s->passwd.data = p; + if (sslcf->starttls == NGX_MAIL_STARTTLS_ON) { + s->out = cscf->smtp_starttls_capability; + return NGX_OK; + } -#if (NGX_DEBUG_MAIL_PASSWD) - ngx_log_debug2(NGX_LOG_DEBUG_MAIL, s->connection->log, 0, - "mail auth plain: \"%V\" \"%V\"", - &s->login, &s->passwd); + if (sslcf->starttls == NGX_MAIL_STARTTLS_ONLY) { + s->out = cscf->smtp_starttls_only_capability; + return NGX_OK; + } + } #endif - return NGX_OK; -} - - -static void -ngx_mail_do_auth(ngx_mail_session_t *s) -{ - s->args.nelts = 0; - s->buffer->pos = s->buffer->start; - s->buffer->last = s->buffer->start; - s->state = 0; - - if (s->connection->read->timer_set) { - ngx_del_timer(s->connection->read); - } - - s->login_attempt++; - - ngx_mail_auth_http_init(s); -} - - -static ngx_int_t -ngx_mail_read_command(ngx_mail_session_t *s) -{ - ssize_t n; - ngx_int_t rc; - ngx_str_t l; - - n = s->connection->recv(s->connection, s->buffer->last, - s->buffer->end - s->buffer->last); - - if (n == NGX_ERROR || n == 0) { - ngx_mail_close_connection(s->connection); - return NGX_ERROR; - } - - if (n > 0) { - s->buffer->last += n; - } - - if (n == NGX_AGAIN) { - if (ngx_handle_read_event(s->connection->read, 0) == NGX_ERROR) { - ngx_mail_session_internal_server_error(s); - return NGX_ERROR; - } - - return NGX_AGAIN; - } - - switch (s->protocol) { - case NGX_MAIL_POP3_PROTOCOL: - rc = ngx_pop3_parse_command(s); - break; - - case NGX_MAIL_IMAP_PROTOCOL: - rc = ngx_imap_parse_command(s); - break; - - default: /* NGX_MAIL_SMTP_PROTOCOL */ - rc = ngx_smtp_parse_command(s); - break; - } - - if (rc == NGX_AGAIN) { - - if (s->buffer->last < s->buffer->end) { - return rc; - } - - l.len = s->buffer->last - s->buffer->start; - l.data = s->buffer->start; - - ngx_log_error(NGX_LOG_INFO, s->connection->log, 0, - "client sent too long command \"%V\"", &l); - - s->quit = 1; - - return NGX_MAIL_PARSE_INVALID_COMMAND; - } - - if (rc == NGX_IMAP_NEXT || rc == NGX_MAIL_PARSE_INVALID_COMMAND) { - return rc; - } - - if (rc == NGX_ERROR) { - ngx_mail_close_connection(s->connection); - return NGX_ERROR; + s->out = cscf->smtp_capability; } return NGX_OK; } -void -ngx_mail_session_internal_server_error(ngx_mail_session_t *s) +static ngx_int_t +ngx_mail_smtp_auth(ngx_mail_session_t *s, ngx_connection_t *c) { - s->out = internal_server_errors[s->protocol]; - s->quit = 1; - - ngx_mail_send(s->connection->write); -} - + u_char *p; + ngx_str_t *arg, salt; + ngx_uint_t n; + ngx_mail_core_srv_conf_t *cscf; +#if (NGX_MAIL_SSL) + ngx_mail_ssl_conf_t *sslcf; -void -ngx_mail_close_connection(ngx_connection_t *c) -{ - ngx_pool_t *pool; + if (c->ssl == NULL) { + sslcf = ngx_mail_get_module_srv_conf(s, ngx_mail_ssl_module); - ngx_log_debug1(NGX_LOG_DEBUG_MAIL, c->log, 0, - "close mail connection: %d", c->fd); - -#if (NGX_MAIL_SSL) - - if (c->ssl) { - if (ngx_ssl_shutdown(c) == NGX_AGAIN) { - c->ssl->handler = ngx_mail_close_connection; - return; + if (sslcf->starttls == NGX_MAIL_STARTTLS_ONLY) { + return NGX_MAIL_PARSE_INVALID_COMMAND; } } #endif -#if (NGX_STAT_STUB) - ngx_atomic_fetch_add(ngx_stat_active, -1); -#endif + if (s->args.nelts == 0) { + s->out.len = sizeof(smtp_invalid_argument) - 1; + s->out.data = smtp_invalid_argument; + s->state = 0; + return NGX_OK; + } + + if (s->args.nelts != 1) { + return NGX_MAIL_PARSE_INVALID_COMMAND; + } + + arg = s->args.elts; + + if (arg[0].len == 5) { + + if (ngx_strncasecmp(arg[0].data, (u_char *) "LOGIN", 5) == 0) { - c->destroyed = 1; + if (s->args.nelts != 1) { + return NGX_MAIL_PARSE_INVALID_COMMAND; + } + + s->out.len = sizeof(smtp_username) - 1; + s->out.data = smtp_username; + s->mail_state = ngx_smtp_auth_login_username; + + return NGX_OK; + + } else if (ngx_strncasecmp(arg[0].data, (u_char *) "PLAIN", 5) == 0) { + + s->out.len = sizeof(smtp_next) - 1; + s->out.data = smtp_next; + s->mail_state = ngx_smtp_auth_plain; + + return NGX_OK; + } - pool = c->pool; + } else if (arg[0].len == 8 + && ngx_strncasecmp(arg[0].data, (u_char *) "CRAM-MD5", 8) == 0) + { + if (s->args.nelts != 1) { + return NGX_MAIL_PARSE_INVALID_COMMAND; + } + + cscf = ngx_mail_get_module_srv_conf(s, ngx_mail_core_module); + + if (!(cscf->smtp_auth_methods & NGX_MAIL_AUTH_CRAM_MD5_ENABLED)) { + return NGX_MAIL_PARSE_INVALID_COMMAND; + } - ngx_close_connection(c); + p = ngx_palloc(c->pool, + sizeof("334 " CRLF) - 1 + + ngx_base64_encoded_length(s->salt.len)); + if (p == NULL) { + return NGX_ERROR; + } + + p[0] = '3'; p[1]= '3'; p[2] = '4'; p[3]= ' '; + salt.data = &p[4]; + s->salt.len -= 2; + + ngx_encode_base64(&salt, &s->salt); - ngx_destroy_pool(pool); + s->salt.len += 2; + n = 4 + salt.len; + p[n++] = CR; p[n++] = LF; + + s->out.len = n; + s->out.data = p; + s->mail_state = ngx_smtp_auth_cram_md5; + + return NGX_OK; + } + + return NGX_MAIL_PARSE_INVALID_COMMAND; } -static u_char * -ngx_mail_log_error(ngx_log_t *log, u_char *buf, size_t len) +static ngx_int_t +ngx_mail_smtp_mail(ngx_mail_session_t *s, ngx_connection_t *c) { - u_char *p; - ngx_mail_session_t *s; - ngx_mail_log_ctx_t *ctx; + u_char ch; + ngx_str_t mail; + ngx_uint_t i; + + if (c->log->log_level >= NGX_LOG_INFO) { + mail.len = s->buffer->last - s->buffer->start; + mail.data = s->buffer->start; + + for (i = 0; i < mail.len; i++) { + ch = mail.data[i]; + + if (ch != CR && ch != LF) { + continue; + } - if (log->action) { - p = ngx_snprintf(buf, len, " while %s", log->action); - len -= p - buf; - buf = p; + mail.data[i] = ' '; + } + + while (i) { + if (mail.data[i - 1] != ' ') { + break; + } + + i--; + } + + mail.len = i; + + ngx_log_error(NGX_LOG_INFO, s->connection->log, 0, + "client was rejected: \"%V\"", &mail); } - ctx = log->data; + s->out.len = sizeof(smtp_auth_required) - 1; + s->out.data = smtp_auth_required; + + return NGX_OK; +} + + +static ngx_int_t +ngx_mail_smtp_starttls(ngx_mail_session_t *s, ngx_connection_t *c) +{ +#if (NGX_MAIL_SSL) + ngx_mail_ssl_conf_t *sslcf; - p = ngx_snprintf(buf, len, ", client: %V", ctx->client); - len -= p - buf; - buf = p; + if (c->ssl == NULL) { + sslcf = ngx_mail_get_module_srv_conf(s, ngx_mail_ssl_module); + if (sslcf->starttls) { - s = ctx->session; + /* + * RFC3207 requires us to discard any knowledge + * obtained from client before STARTTLS. + */ - if (s == NULL) { - return p; + s->smtp_helo.len = 0; + s->smtp_helo.data = NULL; + + c->read->handler = ngx_mail_starttls_handler; + return NGX_OK; + } } - p = ngx_snprintf(buf, len, ", server: %V", s->addr_text); - len -= p - buf; - buf = p; - - if (s->login.len == 0) { - return p; - } +#endif - p = ngx_snprintf(buf, len, ", login: \"%V\"", &s->login); - len -= p - buf; - buf = p; - - if (s->proxy == NULL) { - return p; - } - - p = ngx_snprintf(buf, len, ", upstream: %V", s->proxy->upstream.name); - - return p; + return NGX_MAIL_PARSE_INVALID_COMMAND; }