Welcome to mirror list, hosted at ThFree Co, Russian Federation.

github.com/nginx/nginx.git - Unnamed repository; edit this file 'description' to name the repository.
summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--auto/sources3
-rw-r--r--src/mail/ngx_mail.h37
-rw-r--r--src/mail/ngx_mail_handler.c1857
-rw-r--r--src/mail/ngx_mail_imap_handler.c492
-rw-r--r--src/mail/ngx_mail_pop3_handler.c553
-rw-r--r--src/mail/ngx_mail_smtp_handler.c449
6 files changed, 1724 insertions, 1667 deletions
diff --git a/auto/sources b/auto/sources
index 383214dfc..901cddabf 100644
--- a/auto/sources
+++ b/auto/sources
@@ -423,6 +423,9 @@ MAIL_MODULES="ngx_mail_module ngx_mail_core_module"
MAIL_SRCS="src/mail/ngx_mail.c \
src/mail/ngx_mail_core_module.c \
src/mail/ngx_mail_handler.c \
+ src/mail/ngx_mail_pop3_handler.c \
+ src/mail/ngx_mail_imap_handler.c \
+ src/mail/ngx_mail_smtp_handler.c \
src/mail/ngx_mail_parse.c"
MAIL_SSL_MODULE="ngx_mail_ssl_module"
diff --git a/src/mail/ngx_mail.h b/src/mail/ngx_mail.h
index a00f306a3..1171f78ce 100644
--- a/src/mail/ngx_mail.h
+++ b/src/mail/ngx_mail.h
@@ -196,6 +196,7 @@ typedef struct {
ngx_str_t salt;
ngx_str_t tag;
ngx_str_t tagged_line;
+ ngx_str_t text;
ngx_str_t *addr_text;
ngx_str_t smtp_helo;
@@ -303,14 +304,48 @@ typedef struct {
#define ngx_mail_conf_get_module_srv_conf(cf, module) \
((ngx_mail_conf_ctx_t *) cf->ctx)->srv_conf[module.ctx_index]
+typedef void (*ngx_mail_init_session_pt)(ngx_mail_session_t *s,
+ ngx_connection_t *c);
+typedef void (*ngx_mail_init_protocol_pt)(ngx_event_t *rev);
+typedef ngx_int_t (*ngx_mail_parse_pt)(ngx_mail_session_t *s);
+
+
+#if (NGX_MAIL_SSL)
+void ngx_mail_starttls_handler(ngx_event_t *rev);
+#endif
+
void ngx_mail_init_connection(ngx_connection_t *c);
-void ngx_mail_send(ngx_event_t *wev);
+
void ngx_pop3_auth_state(ngx_event_t *rev);
void ngx_imap_auth_state(ngx_event_t *rev);
void ngx_smtp_auth_state(ngx_event_t *rev);
+
+ngx_int_t ngx_mail_salt(ngx_mail_session_t *s, ngx_connection_t *c,
+ ngx_mail_core_srv_conf_t *cscf);
+ngx_int_t ngx_mail_auth_plain(ngx_mail_session_t *s, ngx_connection_t *c,
+ ngx_uint_t n);
+ngx_int_t ngx_mail_auth_login_username(ngx_mail_session_t *s,
+ ngx_connection_t *c);
+ngx_int_t ngx_mail_auth_login_password(ngx_mail_session_t *s,
+ ngx_connection_t *c);
+ngx_int_t ngx_mail_auth_cram_md5(ngx_mail_session_t *s, ngx_connection_t *c);
+
+void ngx_mail_send(ngx_event_t *wev);
+ngx_int_t ngx_mail_read_command(ngx_mail_session_t *s);
+void ngx_mail_auth(ngx_mail_session_t *s);
void ngx_mail_close_connection(ngx_connection_t *c);
void ngx_mail_session_internal_server_error(ngx_mail_session_t *s);
+u_char *ngx_mail_log_error(ngx_log_t *log, u_char *buf, size_t len);
+
+
+void ngx_mail_pop3_init_session(ngx_mail_session_t *s, ngx_connection_t *c);
+void ngx_mail_imap_init_session(ngx_mail_session_t *s, ngx_connection_t *c);
+void ngx_mail_smtp_init_session(ngx_mail_session_t *s, ngx_connection_t *c);
+
+void ngx_mail_pop3_init_protocol(ngx_event_t *rev);
+void ngx_mail_imap_init_protocol(ngx_event_t *rev);
+void ngx_mail_smtp_init_protocol(ngx_event_t *rev);
ngx_int_t ngx_pop3_parse_command(ngx_mail_session_t *s);
ngx_int_t ngx_imap_parse_command(ngx_mail_session_t *s);
diff --git a/src/mail/ngx_mail_handler.c b/src/mail/ngx_mail_handler.c
index 9c83bdbc8..1eadbb986 100644
--- a/src/mail/ngx_mail_handler.c
+++ b/src/mail/ngx_mail_handler.c
@@ -11,12 +11,6 @@
static void ngx_mail_init_session(ngx_connection_t *c);
-static void ngx_mail_init_protocol(ngx_event_t *rev);
-static ngx_int_t ngx_mail_decode_auth_plain(ngx_mail_session_t *s,
- ngx_str_t *encoded);
-static void ngx_mail_do_auth(ngx_mail_session_t *s);
-static ngx_int_t ngx_mail_read_command(ngx_mail_session_t *s);
-static u_char *ngx_mail_log_error(ngx_log_t *log, u_char *buf, size_t len);
#if (NGX_MAIL_SSL)
static void ngx_mail_ssl_init_connection(ngx_ssl_t *ssl, ngx_connection_t *c);
@@ -24,39 +18,33 @@ static void ngx_mail_ssl_handshake_handler(ngx_connection_t *c);
#endif
-static ngx_str_t greetings[] = {
- ngx_string("+OK POP3 ready" CRLF),
- ngx_string("* OK IMAP4 ready" CRLF)
- /* SMTP greeting */
+static ngx_mail_init_session_pt ngx_mail_init_sessions[] = {
+ ngx_mail_pop3_init_session,
+ ngx_mail_imap_init_session,
+ ngx_mail_smtp_init_session
};
+
+static ngx_mail_init_protocol_pt ngx_mail_init_protocols[] = {
+ ngx_mail_pop3_init_protocol,
+ ngx_mail_imap_init_protocol,
+ ngx_mail_smtp_init_protocol
+};
+
+
+static ngx_mail_parse_pt ngx_mail_parse[] = {
+ ngx_pop3_parse_command,
+ ngx_imap_parse_command,
+ ngx_smtp_parse_command
+};
+
+
static ngx_str_t internal_server_errors[] = {
ngx_string("-ERR internal server error" CRLF),
ngx_string("* BAD internal server error" CRLF),
ngx_string("451 4.3.2 Internal server error" CRLF),
};
-static u_char pop3_ok[] = "+OK" CRLF;
-static u_char pop3_next[] = "+ " CRLF;
-static u_char pop3_username[] = "+ VXNlcm5hbWU6" CRLF;
-static u_char pop3_password[] = "+ UGFzc3dvcmQ6" CRLF;
-static u_char pop3_invalid_command[] = "-ERR invalid command" CRLF;
-
-static u_char imap_star[] = "* ";
-static u_char imap_ok[] = "OK completed" CRLF;
-static u_char imap_next[] = "+ OK" CRLF;
-static u_char imap_bye[] = "* BYE" CRLF;
-static u_char imap_invalid_command[] = "BAD invalid command" CRLF;
-
-static u_char smtp_ok[] = "250 2.0.0 OK" CRLF;
-static u_char smtp_bye[] = "221 2.0.0 Bye" CRLF;
-static u_char smtp_next[] = "334 " CRLF;
-static u_char smtp_username[] = "334 VXNlcm5hbWU6" CRLF;
-static u_char smtp_password[] = "334 UGFzc3dvcmQ6" CRLF;
-static u_char smtp_invalid_command[] = "500 5.5.1 Invalid command" CRLF;
-static u_char smtp_invalid_argument[] = "501 5.5.4 Invalid argument" CRLF;
-static u_char smtp_auth_required[] = "530 5.7.1 Authentication required" CRLF;
-
void
ngx_mail_init_connection(ngx_connection_t *c)
@@ -172,7 +160,7 @@ ngx_mail_init_connection(ngx_connection_t *c)
#if (NGX_MAIL_SSL)
-static void
+void
ngx_mail_starttls_handler(ngx_event_t *rev)
{
ngx_connection_t *c;
@@ -229,10 +217,10 @@ ngx_mail_ssl_handshake_handler(ngx_connection_t *c)
s = c->data;
if (s->starttls) {
- c->read->handler = ngx_mail_init_protocol;
+ c->read->handler = ngx_mail_init_protocols[s->protocol];
c->write->handler = ngx_mail_send;
- ngx_mail_init_protocol(c->read);
+ ngx_mail_init_protocols[s->protocol](c->read);
return;
}
@@ -250,13 +238,9 @@ ngx_mail_ssl_handshake_handler(ngx_connection_t *c)
static void
ngx_mail_init_session(ngx_connection_t *c)
{
- u_char *p;
ngx_mail_session_t *s;
ngx_mail_core_srv_conf_t *cscf;
- c->read->handler = ngx_mail_init_protocol;
- c->write->handler = ngx_mail_send;
-
s = c->data;
cscf = ngx_mail_get_module_srv_conf(s, ngx_mail_core_module);
@@ -269,1737 +253,272 @@ ngx_mail_init_session(ngx_connection_t *c)
return;
}
- if (s->protocol == NGX_MAIL_SMTP_PROTOCOL) {
- s->out = cscf->smtp_greeting;
-
- } else {
- s->out = greetings[s->protocol];
- }
-
- if ((s->protocol == NGX_MAIL_POP3_PROTOCOL
- && (cscf->pop3_auth_methods
- & (NGX_MAIL_AUTH_APOP_ENABLED|NGX_MAIL_AUTH_CRAM_MD5_ENABLED)))
-
- || (s->protocol == NGX_MAIL_IMAP_PROTOCOL
- && (cscf->imap_auth_methods & NGX_MAIL_AUTH_CRAM_MD5_ENABLED))
-
- || (s->protocol == NGX_MAIL_SMTP_PROTOCOL
- && (cscf->smtp_auth_methods & NGX_MAIL_AUTH_CRAM_MD5_ENABLED)))
- {
- s->salt.data = ngx_palloc(c->pool,
- sizeof(" <18446744073709551616.@>" CRLF) - 1
- + NGX_TIME_T_LEN
- + cscf->server_name.len);
- if (s->salt.data == NULL) {
- ngx_mail_session_internal_server_error(s);
- return;
- }
-
- s->salt.len = ngx_sprintf(s->salt.data, "<%ul.%T@%V>" CRLF,
- ngx_random(), ngx_time(), &cscf->server_name)
- - s->salt.data;
-
- if (s->protocol == NGX_MAIL_POP3_PROTOCOL) {
- s->out.data = ngx_palloc(c->pool,
- greetings[0].len + 1 + s->salt.len);
- if (s->out.data == NULL) {
- ngx_mail_session_internal_server_error(s);
- return;
- }
-
- p = ngx_cpymem(s->out.data,
- greetings[0].data, greetings[0].len - 2);
- *p++ = ' ';
- p = ngx_cpymem(p, s->salt.data, s->salt.len);
-
- s->out.len = p - s->out.data;
- }
- }
-
ngx_add_timer(c->read, cscf->timeout);
if (ngx_handle_read_event(c->read, 0) == NGX_ERROR) {
ngx_mail_close_connection(c);
}
- ngx_mail_send(c->write);
+ c->write->handler = ngx_mail_send;
+
+ ngx_mail_init_sessions[s->protocol](s, c);
}
-void
-ngx_mail_send(ngx_event_t *wev)
+ngx_int_t
+ngx_mail_salt(ngx_mail_session_t *s, ngx_connection_t *c,
+ ngx_mail_core_srv_conf_t *cscf)
{
- ngx_int_t n;
- ngx_connection_t *c;
- ngx_mail_session_t *s;
- ngx_mail_core_srv_conf_t *cscf;
-
- c = wev->data;
- s = c->data;
-
- if (wev->timedout) {
- ngx_log_error(NGX_LOG_INFO, c->log, NGX_ETIMEDOUT, "client timed out");
- c->timedout = 1;
- ngx_mail_close_connection(c);
- return;
+ s->salt.data = ngx_palloc(c->pool,
+ sizeof(" <18446744073709551616.@>" CRLF) - 1
+ + NGX_TIME_T_LEN
+ + cscf->server_name.len);
+ if (s->salt.data == NULL) {
+ return NGX_ERROR;
}
- if (s->out.len == 0) {
- if (ngx_handle_write_event(c->write, 0) == NGX_ERROR) {
- ngx_mail_close_connection(c);
- }
-
- return;
- }
+ s->salt.len = ngx_sprintf(s->salt.data, "<%ul.%T@%V>" CRLF,
+ ngx_random(), ngx_time(), &cscf->server_name)
+ - s->salt.data;
- n = c->send(c, s->out.data, s->out.len);
+ return NGX_OK;
+}
- if (n > 0) {
- s->out.len -= n;
- if (wev->timer_set) {
- ngx_del_timer(wev);
- }
+ngx_int_t
+ngx_mail_auth_plain(ngx_mail_session_t *s, ngx_connection_t *c, ngx_uint_t n)
+{
+ u_char *p, *last;
+ ngx_str_t *arg, plain;
- if (s->quit) {
- ngx_mail_close_connection(c);
- return;
- }
+ arg = s->args.elts;
- if (s->blocked) {
- c->read->handler(c->read);
- }
+#if (NGX_DEBUG_MAIL_PASSWD)
+ ngx_log_debug1(NGX_LOG_DEBUG_MAIL, c->log, 0,
+ "mail auth plain: \"%V\"", &arg[n]);
+#endif
- return;
+ plain.data = ngx_palloc(c->pool, ngx_base64_decoded_length(arg[n].len));
+ if (plain.data == NULL){
+ return NGX_ERROR;
}
- if (n == NGX_ERROR) {
- ngx_mail_close_connection(c);
- return;
+ if (ngx_decode_base64(&plain, &arg[0]) != NGX_OK) {
+ ngx_log_error(NGX_LOG_INFO, c->log, 0,
+ "client sent invalid base64 encoding in AUTH PLAIN command");
+ return NGX_MAIL_PARSE_INVALID_COMMAND;
}
- /* n == NGX_AGAIN */
-
- cscf = ngx_mail_get_module_srv_conf(s, ngx_mail_core_module);
+ p = plain.data;
+ last = p + plain.len;
- ngx_add_timer(c->write, cscf->timeout);
+ while (p < last && *p++) { /* void */ }
- if (ngx_handle_write_event(c->write, 0) == NGX_ERROR) {
- ngx_mail_close_connection(c);
- return;
+ if (p == last) {
+ ngx_log_error(NGX_LOG_INFO, c->log, 0,
+ "client sent invalid login in AUTH PLAIN command");
+ return NGX_MAIL_PARSE_INVALID_COMMAND;
}
-}
-
-static void
-ngx_mail_init_protocol(ngx_event_t *rev)
-{
- size_t size;
- ngx_connection_t *c;
- ngx_mail_session_t *s;
- ngx_mail_core_srv_conf_t *cscf;
-
- c = rev->data;
+ s->login.data = p;
- c->log->action = "in auth state";
+ while (p < last && *p) { p++; }
- if (rev->timedout) {
- ngx_log_error(NGX_LOG_INFO, c->log, NGX_ETIMEDOUT, "client timed out");
- c->timedout = 1;
- ngx_mail_close_connection(c);
- return;
+ if (p == last) {
+ ngx_log_error(NGX_LOG_INFO, c->log, 0,
+ "client sent invalid password in AUTH PLAIN command");
+ return NGX_MAIL_PARSE_INVALID_COMMAND;
}
- s = c->data;
-
- switch (s->protocol) {
-
- case NGX_MAIL_POP3_PROTOCOL:
- size = 128;
- s->mail_state = ngx_pop3_start;
- c->read->handler = ngx_pop3_auth_state;
- break;
-
- case NGX_MAIL_IMAP_PROTOCOL:
- cscf = ngx_mail_get_module_srv_conf(s, ngx_mail_core_module);
- size = cscf->imap_client_buffer_size;
- s->mail_state = ngx_imap_start;
- c->read->handler = ngx_imap_auth_state;
- break;
-
- default: /* NGX_MAIL_SMTP_PROTOCOL */
- size = 512;
- s->mail_state = ngx_smtp_start;
- c->read->handler = ngx_smtp_auth_state;
- break;
- }
+ s->login.len = p++ - s->login.data;
- if (s->buffer == NULL) {
- if (ngx_array_init(&s->args, c->pool, 2, sizeof(ngx_str_t))
- == NGX_ERROR)
- {
- ngx_mail_session_internal_server_error(s);
- return;
- }
+ s->passwd.len = last - p;
+ s->passwd.data = p;
- s->buffer = ngx_create_temp_buf(c->pool, size);
- if (s->buffer == NULL) {
- ngx_mail_session_internal_server_error(s);
- return;
- }
- }
+#if (NGX_DEBUG_MAIL_PASSWD)
+ ngx_log_debug2(NGX_LOG_DEBUG_MAIL, c->log, 0,
+ "mail auth plain: \"%V\" \"%V\"", &s->login, &s->passwd);
+#endif
- c->read->handler(rev);
+ return NGX_DONE;
}
-void
-ngx_pop3_auth_state(ngx_event_t *rev)
+ngx_int_t
+ngx_mail_auth_login_username(ngx_mail_session_t *s, ngx_connection_t *c)
{
- u_char *p, *last, *text;
- ssize_t size;
- ngx_int_t rc;
- ngx_str_t *arg, salt;
- ngx_connection_t *c;
- ngx_mail_session_t *s;
- ngx_mail_core_srv_conf_t *cscf;
-#if (NGX_MAIL_SSL)
- ngx_mail_ssl_conf_t *sslcf;
-#endif
-
- c = rev->data;
- s = c->data;
+ ngx_str_t *arg;
- ngx_log_debug0(NGX_LOG_DEBUG_MAIL, c->log, 0, "pop3 auth state");
+ arg = s->args.elts;
- if (rev->timedout) {
- ngx_log_error(NGX_LOG_INFO, c->log, NGX_ETIMEDOUT, "client timed out");
- c->timedout = 1;
- ngx_mail_close_connection(c);
- return;
- }
+ ngx_log_debug1(NGX_LOG_DEBUG_MAIL, c->log, 0,
+ "mail auth login username: \"%V\"", &arg[0]);
- if (s->out.len) {
- ngx_log_debug0(NGX_LOG_DEBUG_MAIL, c->log, 0, "pop3 send handler busy");
- s->blocked = 1;
- return;
+ s->login.data = ngx_palloc(c->pool, ngx_base64_decoded_length(arg[0].len));
+ if (s->login.data == NULL){
+ return NGX_ERROR;
}
- s->blocked = 0;
-
- rc = ngx_mail_read_command(s);
-
- if (rc == NGX_AGAIN || rc == NGX_ERROR) {
- return;
+ if (ngx_decode_base64(&s->login, &arg[0]) != NGX_OK) {
+ ngx_log_error(NGX_LOG_INFO, c->log, 0,
+ "client sent invalid base64 encoding in AUTH LOGIN command");
+ return NGX_MAIL_PARSE_INVALID_COMMAND;
}
- text = pop3_ok;
- size = sizeof(pop3_ok) - 1;
-
- if (rc == NGX_OK) {
- switch (s->mail_state) {
-
- case ngx_pop3_start:
-
- switch (s->command) {
-
- case NGX_POP3_USER:
-
-#if (NGX_MAIL_SSL)
-
- if (c->ssl == NULL) {
- sslcf = ngx_mail_get_module_srv_conf(s,
- ngx_mail_ssl_module);
-
- if (sslcf->starttls == NGX_MAIL_STARTTLS_ONLY) {
- rc = NGX_MAIL_PARSE_INVALID_COMMAND;
- break;
- }
- }
-#endif
-
- if (s->args.nelts == 1) {
- s->mail_state = ngx_pop3_user;
-
- arg = s->args.elts;
- s->login.len = arg[0].len;
- s->login.data = ngx_palloc(c->pool, s->login.len);
- if (s->login.data == NULL) {
- ngx_mail_session_internal_server_error(s);
- return;
- }
-
- ngx_memcpy(s->login.data, arg[0].data, s->login.len);
-
- ngx_log_debug1(NGX_LOG_DEBUG_MAIL, c->log, 0,
- "pop3 login: \"%V\"", &s->login);
-
- break;
- }
-
- rc = NGX_MAIL_PARSE_INVALID_COMMAND;
- break;
-
- case NGX_POP3_CAPA:
- cscf = ngx_mail_get_module_srv_conf(s, ngx_mail_core_module);
-
-#if (NGX_MAIL_SSL)
-
- if (c->ssl == NULL) {
- sslcf = ngx_mail_get_module_srv_conf(s,
- ngx_mail_ssl_module);
-
- if (sslcf->starttls == NGX_MAIL_STARTTLS_ON) {
- size = cscf->pop3_starttls_capability.len;
- text = cscf->pop3_starttls_capability.data;
- break;
- }
-
- if (sslcf->starttls == NGX_MAIL_STARTTLS_ONLY) {
- size = cscf->pop3_starttls_only_capability.len;
- text = cscf->pop3_starttls_only_capability.data;
- break;
- }
- }
-#endif
-
- size = cscf->pop3_capability.len;
- text = cscf->pop3_capability.data;
- break;
-
- case NGX_POP3_APOP:
-
-#if (NGX_MAIL_SSL)
-
- if (c->ssl == NULL) {
- sslcf = ngx_mail_get_module_srv_conf(s,
- ngx_mail_ssl_module);
-
- if (sslcf->starttls == NGX_MAIL_STARTTLS_ONLY) {
- rc = NGX_MAIL_PARSE_INVALID_COMMAND;
- break;
- }
- }
-#endif
-
- cscf = ngx_mail_get_module_srv_conf(s, ngx_mail_core_module);
-
- if ((cscf->pop3_auth_methods & NGX_MAIL_AUTH_APOP_ENABLED)
- && s->args.nelts == 2)
- {
- arg = s->args.elts;
-
- s->login.len = arg[0].len;
- s->login.data = ngx_palloc(c->pool, s->login.len);
- if (s->login.data == NULL) {
- ngx_mail_session_internal_server_error(s);
- return;
- }
-
- ngx_memcpy(s->login.data, arg[0].data, s->login.len);
-
- s->passwd.len = arg[1].len;
- s->passwd.data = ngx_palloc(c->pool, s->passwd.len);
- if (s->passwd.data == NULL) {
- ngx_mail_session_internal_server_error(s);
- return;
- }
-
- ngx_memcpy(s->passwd.data, arg[1].data, s->passwd.len);
-
- ngx_log_debug2(NGX_LOG_DEBUG_MAIL, c->log, 0,
- "pop3 apop: \"%V\" \"%V\"",
- &s->login, &s->passwd);
-
- s->auth_method = NGX_MAIL_AUTH_APOP;
-
- ngx_mail_do_auth(s);
- return;
- }
-
- rc = NGX_MAIL_PARSE_INVALID_COMMAND;
- break;
-
- case NGX_POP3_AUTH:
-
-#if (NGX_MAIL_SSL)
-
- if (c->ssl == NULL) {
- sslcf = ngx_mail_get_module_srv_conf(s,
- ngx_mail_ssl_module);
-
- if (sslcf->starttls == NGX_MAIL_STARTTLS_ONLY) {
- rc = NGX_MAIL_PARSE_INVALID_COMMAND;
- break;
- }
- }
-#endif
-
- cscf = ngx_mail_get_module_srv_conf(s, ngx_mail_core_module);
-
- if (s->args.nelts == 0) {
- size = cscf->pop3_auth_capability.len;
- text = cscf->pop3_auth_capability.data;
- s->state = 0;
- break;
- }
-
- arg = s->args.elts;
-
- if (arg[0].len == 5) {
-
- if (ngx_strncasecmp(arg[0].data, (u_char *) "LOGIN", 5)
- == 0)
- {
-
- if (s->args.nelts != 1) {
- rc = NGX_MAIL_PARSE_INVALID_COMMAND;
- break;
- }
-
- s->mail_state = ngx_pop3_auth_login_username;
-
- size = sizeof(pop3_username) - 1;
- text = pop3_username;
-
- break;
-
- } else if (ngx_strncasecmp(arg[0].data, (u_char *) "PLAIN",
- 5)
- == 0)
- {
-
- if (s->args.nelts == 1) {
- s->mail_state = ngx_pop3_auth_plain;
-
- size = sizeof(pop3_next) - 1;
- text = pop3_next;
-
- break;
- }
-
- if (s->args.nelts == 2) {
-
- /*
- * workaround for Eudora for Mac: it sends
- * AUTH PLAIN [base64 encoded]
- */
-
- rc = ngx_mail_decode_auth_plain(s, &arg[1]);
-
- if (rc == NGX_OK) {
- ngx_mail_do_auth(s);
- return;
- }
-
- if (rc == NGX_ERROR) {
- ngx_mail_session_internal_server_error(s);
- return;
- }
-
- /* rc == NGX_MAIL_PARSE_INVALID_COMMAND */
-
- break;
- }
-
- rc = NGX_MAIL_PARSE_INVALID_COMMAND;
- break;
- }
-
- } else if (arg[0].len == 8
- && ngx_strncasecmp(arg[0].data,
- (u_char *) "CRAM-MD5", 8)
- == 0)
- {
- if (!(cscf->pop3_auth_methods
- & NGX_MAIL_AUTH_CRAM_MD5_ENABLED)
- || s->args.nelts != 1)
- {
- rc = NGX_MAIL_PARSE_INVALID_COMMAND;
- break;
- }
-
- s->mail_state = ngx_pop3_auth_cram_md5;
-
- text = ngx_palloc(c->pool,
- sizeof("+ " CRLF) - 1
- + ngx_base64_encoded_length(s->salt.len));
- if (text == NULL) {
- ngx_mail_session_internal_server_error(s);
- return;
- }
-
- text[0] = '+'; text[1]= ' ';
- salt.data = &text[2];
- s->salt.len -= 2;
-
- ngx_encode_base64(&salt, &s->salt);
-
- s->salt.len += 2;
- size = 2 + salt.len;
- text[size++] = CR; text[size++] = LF;
-
- break;
- }
-
- rc = NGX_MAIL_PARSE_INVALID_COMMAND;
- break;
-
- case NGX_POP3_QUIT:
- s->quit = 1;
- break;
-
- case NGX_POP3_NOOP:
- break;
-
-#if (NGX_MAIL_SSL)
-
- case NGX_POP3_STLS:
- if (c->ssl == NULL) {
- sslcf = ngx_mail_get_module_srv_conf(s,
- ngx_mail_ssl_module);
- if (sslcf->starttls) {
- c->read->handler = ngx_mail_starttls_handler;
- break;
- }
- }
-
- rc = NGX_MAIL_PARSE_INVALID_COMMAND;
- break;
-#endif
-
- default:
- s->mail_state = ngx_pop3_start;
- rc = NGX_MAIL_PARSE_INVALID_COMMAND;
- break;
- }
-
- break;
+ ngx_log_debug1(NGX_LOG_DEBUG_MAIL, c->log, 0,
+ "mail auth login username: \"%V\"", &s->login);
- case ngx_pop3_user:
+ return NGX_OK;
+}
- switch (s->command) {
- case NGX_POP3_PASS:
- if (s->args.nelts == 1) {
- arg = s->args.elts;
- s->passwd.len = arg[0].len;
- s->passwd.data = ngx_palloc(c->pool, s->passwd.len);
- if (s->passwd.data == NULL) {
- ngx_mail_session_internal_server_error(s);
- return;
- }
+ngx_int_t
+ngx_mail_auth_login_password(ngx_mail_session_t *s, ngx_connection_t *c)
+{
+ ngx_str_t *arg;
- ngx_memcpy(s->passwd.data, arg[0].data, s->passwd.len);
+ arg = s->args.elts;
#if (NGX_DEBUG_MAIL_PASSWD)
- ngx_log_debug1(NGX_LOG_DEBUG_MAIL, c->log, 0,
- "pop3 passwd: \"%V\"", &s->passwd);
+ ngx_log_debug1(NGX_LOG_DEBUG_MAIL, c->log, 0,
+ "mail auth login password: \"%V\"", &arg[0]);
#endif
- ngx_mail_do_auth(s);
- return;
- }
-
- rc = NGX_MAIL_PARSE_INVALID_COMMAND;
- break;
-
- case NGX_POP3_CAPA:
- cscf = ngx_mail_get_module_srv_conf(s, ngx_mail_core_module);
- size = cscf->pop3_capability.len;
- text = cscf->pop3_capability.data;
- break;
-
- case NGX_POP3_QUIT:
- s->quit = 1;
- break;
-
- case NGX_POP3_NOOP:
- break;
-
- default:
- s->mail_state = ngx_pop3_start;
- rc = NGX_MAIL_PARSE_INVALID_COMMAND;
- break;
- }
-
- break;
-
- /* suppress warinings */
- case ngx_pop3_passwd:
- break;
-
- case ngx_pop3_auth_login_username:
- arg = s->args.elts;
- s->mail_state = ngx_pop3_auth_login_password;
-
- ngx_log_debug1(NGX_LOG_DEBUG_MAIL, c->log, 0,
- "pop3 auth login username: \"%V\"", &arg[0]);
-
- s->login.data = ngx_palloc(c->pool,
- ngx_base64_decoded_length(arg[0].len));
- if (s->login.data == NULL){
- ngx_mail_session_internal_server_error(s);
- return;
- }
-
- if (ngx_decode_base64(&s->login, &arg[0]) != NGX_OK) {
- ngx_log_error(NGX_LOG_INFO, c->log, 0,
- "client sent invalid base64 encoding "
- "in AUTH LOGIN command");
- rc = NGX_MAIL_PARSE_INVALID_COMMAND;
- break;
- }
-
- ngx_log_debug1(NGX_LOG_DEBUG_MAIL, c->log, 0,
- "pop3 auth login username: \"%V\"", &s->login);
-
- size = sizeof(pop3_password) - 1;
- text = pop3_password;
-
- break;
+ s->passwd.data = ngx_palloc(c->pool, ngx_base64_decoded_length(arg[0].len));
+ if (s->passwd.data == NULL){
+ return NGX_ERROR;
+ }
- case ngx_pop3_auth_login_password:
- arg = s->args.elts;
+ if (ngx_decode_base64(&s->passwd, &arg[0]) != NGX_OK) {
+ ngx_log_error(NGX_LOG_INFO, c->log, 0,
+ "client sent invalid base64 encoding in AUTH LOGIN command");
+ return NGX_MAIL_PARSE_INVALID_COMMAND;
+ }
#if (NGX_DEBUG_MAIL_PASSWD)
- ngx_log_debug1(NGX_LOG_DEBUG_MAIL, c->log, 0,
- "pop3 auth login password: \"%V\"", &arg[0]);
+ ngx_log_debug1(NGX_LOG_DEBUG_MAIL, c->log, 0,
+ "mail auth login password: \"%V\"", &s->passwd);
#endif
- s->passwd.data = ngx_palloc(c->pool,
- ngx_base64_decoded_length(arg[0].len));
- if (s->passwd.data == NULL){
- ngx_mail_session_internal_server_error(s);
- return;
- }
-
- if (ngx_decode_base64(&s->passwd, &arg[0]) != NGX_OK) {
- ngx_log_error(NGX_LOG_INFO, c->log, 0,
- "client sent invalid base64 encoding "
- "in AUTH LOGIN command");
- rc = NGX_MAIL_PARSE_INVALID_COMMAND;
- break;
- }
+ return NGX_DONE;
+}
-#if (NGX_DEBUG_MAIL_PASSWD)
- ngx_log_debug1(NGX_LOG_DEBUG_MAIL, c->log, 0,
- "pop3 auth login password: \"%V\"", &s->passwd);
-#endif
- ngx_mail_do_auth(s);
- return;
+ngx_int_t
+ngx_mail_auth_cram_md5(ngx_mail_session_t *s, ngx_connection_t *c)
+{
+ u_char *p, *last;
+ ngx_str_t *arg;
- case ngx_pop3_auth_plain:
- arg = s->args.elts;
+ arg = s->args.elts;
- rc = ngx_mail_decode_auth_plain(s, &arg[0]);
+ ngx_log_debug1(NGX_LOG_DEBUG_MAIL, c->log, 0,
+ "mail auth cram-md5: \"%V\"", &arg[0]);
- if (rc == NGX_OK) {
- ngx_mail_do_auth(s);
- return;
- }
+ s->login.data = ngx_palloc(c->pool, ngx_base64_decoded_length(arg[0].len));
+ if (s->login.data == NULL){
+ return NGX_ERROR;
+ }
- if (rc == NGX_ERROR) {
- ngx_mail_session_internal_server_error(s);
- return;
- }
+ if (ngx_decode_base64(&s->login, &arg[0]) != NGX_OK) {
+ ngx_log_error(NGX_LOG_INFO, c->log, 0,
+ "client sent invalid base64 encoding in AUTH CRAM-MD5 command");
+ return NGX_MAIL_PARSE_INVALID_COMMAND;
+ }
- /* rc == NGX_MAIL_PARSE_INVALID_COMMAND */
+ p = s->login.data;
+ last = p + s->login.len;
+ while (p < last) {
+ if (*p++ == ' ') {
+ s->login.len = p - s->login.data - 1;
+ s->passwd.len = last - p;
+ s->passwd.data = p;
break;
-
- case ngx_pop3_auth_cram_md5:
- arg = s->args.elts;
-
- ngx_log_debug1(NGX_LOG_DEBUG_MAIL, c->log, 0,
- "pop3 auth cram-md5: \"%V\"", &arg[0]);
-
- s->login.data = ngx_palloc(c->pool,
- ngx_base64_decoded_length(arg[0].len));
- if (s->login.data == NULL){
- ngx_mail_session_internal_server_error(s);
- return;
- }
-
- if (ngx_decode_base64(&s->login, &arg[0]) != NGX_OK) {
- ngx_log_error(NGX_LOG_INFO, c->log, 0,
- "client sent invalid base64 encoding "
- "in AUTH CRAM-MD5 command");
- rc = NGX_MAIL_PARSE_INVALID_COMMAND;
- break;
- }
-
- p = s->login.data;
- last = p + s->login.len;
-
- while (p < last) {
- if (*p++ == ' ') {
- s->login.len = p - s->login.data - 1;
- s->passwd.len = last - p;
- s->passwd.data = p;
- break;
- }
- }
-
- if (s->passwd.len != 32) {
- ngx_log_error(NGX_LOG_INFO, c->log, 0,
- "client sent invalid CRAM-MD5 hash "
- "in AUTH CRAM-MD5 command");
- rc = NGX_MAIL_PARSE_INVALID_COMMAND;
- break;
- }
-
- ngx_log_debug2(NGX_LOG_DEBUG_MAIL, c->log, 0,
- "pop3 auth cram-md5: \"%V\" \"%V\"",
- &s->login, &s->passwd);
-
- s->auth_method = NGX_MAIL_AUTH_CRAM_MD5;
-
- ngx_mail_do_auth(s);
- return;
}
}
- if (rc == NGX_MAIL_PARSE_INVALID_COMMAND) {
- s->mail_state = ngx_pop3_start;
- s->state = 0;
- text = pop3_invalid_command;
- size = sizeof(pop3_invalid_command) - 1;
+ if (s->passwd.len != 32) {
+ ngx_log_error(NGX_LOG_INFO, c->log, 0,
+ "client sent invalid CRAM-MD5 hash in AUTH CRAM-MD5 command");
+ return NGX_MAIL_PARSE_INVALID_COMMAND;
}
- s->args.nelts = 0;
- s->buffer->pos = s->buffer->start;
- s->buffer->last = s->buffer->start;
-
- if (s->state) {
- s->arg_start = s->buffer->start;
- }
+ ngx_log_debug2(NGX_LOG_DEBUG_MAIL, c->log, 0,
+ "mail auth cram-md5: \"%V\" \"%V\"", &s->login, &s->passwd);
- s->out.data = text;
- s->out.len = size;
+ s->auth_method = NGX_MAIL_AUTH_CRAM_MD5;
- ngx_mail_send(c->write);
+ return NGX_DONE;
}
void
-ngx_imap_auth_state(ngx_event_t *rev)
+ngx_mail_send(ngx_event_t *wev)
{
- u_char *p, *last, *text, *dst, *src, *end;
- ssize_t text_len, last_len;
- ngx_str_t *arg, salt;
- ngx_int_t rc;
- ngx_uint_t tag, i;
+ ngx_int_t n;
ngx_connection_t *c;
ngx_mail_session_t *s;
ngx_mail_core_srv_conf_t *cscf;
-#if (NGX_MAIL_SSL)
- ngx_mail_ssl_conf_t *sslcf;
-#endif
- c = rev->data;
+ c = wev->data;
s = c->data;
- ngx_log_debug0(NGX_LOG_DEBUG_MAIL, c->log, 0, "imap auth state");
-
- if (rev->timedout) {
+ if (wev->timedout) {
ngx_log_error(NGX_LOG_INFO, c->log, NGX_ETIMEDOUT, "client timed out");
c->timedout = 1;
ngx_mail_close_connection(c);
return;
}
- if (s->out.len) {
- ngx_log_debug0(NGX_LOG_DEBUG_MAIL, c->log, 0, "imap send handler busy");
- s->blocked = 1;
- return;
- }
-
- s->blocked = 0;
-
- rc = ngx_mail_read_command(s);
+ if (s->out.len == 0) {
+ if (ngx_handle_write_event(c->write, 0) == NGX_ERROR) {
+ ngx_mail_close_connection(c);
+ }
- if (rc == NGX_AGAIN || rc == NGX_ERROR) {
return;
}
- tag = 1;
-
- text = NULL;
- text_len = 0;
-
- last = imap_ok;
- last_len = sizeof(imap_ok) - 1;
-
- if (rc == NGX_OK) {
-
- ngx_log_debug1(NGX_LOG_DEBUG_MAIL, c->log, 0, "imap auth command: %i",
- s->command);
-
- if (s->backslash) {
-
- arg = s->args.elts;
-
- for (i = 0; i < s->args.nelts; i++) {
- dst = arg[i].data;
- end = dst + arg[i].len;
-
- for (src = dst; src < end; dst++) {
- *dst = *src;
- if (*src++ == '\\') {
- *dst = *src++;
- }
- }
+ n = c->send(c, s->out.data, s->out.len);
- arg[i].len = dst - arg[i].data;
- }
+ if (n > 0) {
+ s->out.len -= n;
- s->backslash = 0;
+ if (wev->timer_set) {
+ ngx_del_timer(wev);
}
- switch (s->mail_state) {
-
- case ngx_imap_start:
-
- switch (s->command) {
-
- case NGX_IMAP_LOGIN:
-
-#if (NGX_MAIL_SSL)
-
- if (c->ssl == NULL) {
- sslcf = ngx_mail_get_module_srv_conf(s, ngx_mail_ssl_module);
-
- if (sslcf->starttls == NGX_MAIL_STARTTLS_ONLY) {
- rc = NGX_MAIL_PARSE_INVALID_COMMAND;
- break;
- }
- }
-#endif
-
- arg = s->args.elts;
-
- if (s->args.nelts == 2 && arg[0].len) {
-
- s->login.len = arg[0].len;
- s->login.data = ngx_palloc(c->pool, s->login.len);
- if (s->login.data == NULL) {
- ngx_mail_session_internal_server_error(s);
- return;
- }
-
- ngx_memcpy(s->login.data, arg[0].data, s->login.len);
-
- s->passwd.len = arg[1].len;
- s->passwd.data = ngx_palloc(c->pool, s->passwd.len);
- if (s->passwd.data == NULL) {
- ngx_mail_session_internal_server_error(s);
- return;
- }
-
- ngx_memcpy(s->passwd.data, arg[1].data, s->passwd.len);
-
-#if (NGX_DEBUG_MAIL_PASSWD)
- ngx_log_debug2(NGX_LOG_DEBUG_MAIL, c->log, 0,
- "imap login:\"%V\" passwd:\"%V\"",
- &s->login, &s->passwd);
-#else
- ngx_log_debug1(NGX_LOG_DEBUG_MAIL, c->log, 0,
- "imap login:\"%V\"", &s->login);
-#endif
-
- ngx_mail_do_auth(s);
- return;
- }
-
- rc = NGX_MAIL_PARSE_INVALID_COMMAND;
- break;
-
- case NGX_IMAP_AUTHENTICATE:
-
-#if (NGX_MAIL_SSL)
-
- if (c->ssl == NULL) {
- sslcf = ngx_mail_get_module_srv_conf(s, ngx_mail_ssl_module);
-
- if (sslcf->starttls == NGX_MAIL_STARTTLS_ONLY) {
- rc = NGX_MAIL_PARSE_INVALID_COMMAND;
- break;
- }
- }
-#endif
-
- if (s->args.nelts != 1) {
- rc = NGX_MAIL_PARSE_INVALID_COMMAND;
- break;
- }
-
- arg = s->args.elts;
-
- if (arg[0].len == 5) {
-
- if (ngx_strncasecmp(arg[0].data, (u_char *) "LOGIN", 5)
- == 0)
- {
-
- s->mail_state = ngx_imap_auth_login_username;
-
- last_len = sizeof(pop3_username) - 1;
- last = pop3_username;
- tag = 0;
-
- break;
-
- } else if (ngx_strncasecmp(arg[0].data, (u_char *) "PLAIN",
- 5)
- == 0)
- {
-
- s->mail_state = ngx_imap_auth_plain;
-
- last_len = sizeof(pop3_next) - 1;
- last = pop3_next;
- tag = 0;
-
- break;
- }
-
- } else if (arg[0].len == 8
- && ngx_strncasecmp(arg[0].data,
- (u_char *) "CRAM-MD5", 8)
- == 0)
- {
- cscf = ngx_mail_get_module_srv_conf(s, ngx_mail_core_module);
-
- if (!(cscf->imap_auth_methods
- & NGX_MAIL_AUTH_CRAM_MD5_ENABLED)
- || s->args.nelts != 1)
- {
- rc = NGX_MAIL_PARSE_INVALID_COMMAND;
- break;
- }
-
- s->mail_state = ngx_imap_auth_cram_md5;
-
- last = ngx_palloc(c->pool,
- sizeof("+ " CRLF) - 1
- + ngx_base64_encoded_length(s->salt.len));
- if (last == NULL) {
- ngx_mail_session_internal_server_error(s);
- return;
- }
-
- last[0] = '+'; last[1]= ' ';
- salt.data = &last[2];
- s->salt.len -= 2;
-
- ngx_encode_base64(&salt, &s->salt);
-
- s->salt.len += 2;
- last_len = 2 + salt.len;
- last[last_len++] = CR; last[last_len++] = LF;
- tag = 0;
-
- break;
- }
-
- rc = NGX_MAIL_PARSE_INVALID_COMMAND;
- break;
-
- case NGX_IMAP_CAPABILITY:
- cscf = ngx_mail_get_module_srv_conf(s, ngx_mail_core_module);
-
-#if (NGX_MAIL_SSL)
-
- if (c->ssl == NULL) {
- sslcf = ngx_mail_get_module_srv_conf(s, ngx_mail_ssl_module);
-
- if (sslcf->starttls == NGX_MAIL_STARTTLS_ON) {
- text_len = cscf->imap_starttls_capability.len;
- text = cscf->imap_starttls_capability.data;
- break;
- }
-
- if (sslcf->starttls == NGX_MAIL_STARTTLS_ONLY) {
- text_len = cscf->imap_starttls_only_capability.len;
- text = cscf->imap_starttls_only_capability.data;
- break;
- }
- }
-#endif
-
- text_len = cscf->imap_capability.len;
- text = cscf->imap_capability.data;
- break;
-
- case NGX_IMAP_LOGOUT:
- s->quit = 1;
- text = imap_bye;
- text_len = sizeof(imap_bye) - 1;
- break;
-
- case NGX_IMAP_NOOP:
- break;
-
-#if (NGX_MAIL_SSL)
-
- case NGX_IMAP_STARTTLS:
- if (c->ssl == NULL) {
- sslcf = ngx_mail_get_module_srv_conf(s, ngx_mail_ssl_module);
- if (sslcf->starttls) {
- c->read->handler = ngx_mail_starttls_handler;
- break;
- }
- }
-
- rc = NGX_MAIL_PARSE_INVALID_COMMAND;
- break;
-#endif
-
- default:
- rc = NGX_MAIL_PARSE_INVALID_COMMAND;
- break;
- }
-
- break;
-
- case ngx_imap_auth_login_username:
- arg = s->args.elts;
- s->mail_state = ngx_imap_auth_login_password;
-
- ngx_log_debug1(NGX_LOG_DEBUG_MAIL, c->log, 0,
- "imap auth login username: \"%V\"", &arg[0]);
-
- s->login.data = ngx_palloc(c->pool,
- ngx_base64_decoded_length(arg[0].len));
- if (s->login.data == NULL){
- ngx_mail_session_internal_server_error(s);
- return;
- }
-
- if (ngx_decode_base64(&s->login, &arg[0]) != NGX_OK) {
- ngx_log_error(NGX_LOG_INFO, c->log, 0,
- "client sent invalid base64 encoding "
- "in AUTH LOGIN command");
- rc = NGX_MAIL_PARSE_INVALID_COMMAND;
- break;
- }
-
- ngx_log_debug1(NGX_LOG_DEBUG_MAIL, c->log, 0,
- "imap auth login username: \"%V\"", &s->login);
-
- last_len = sizeof(pop3_password) - 1;
- last = pop3_password;
- tag = 0;
-
- break;
-
- case ngx_imap_auth_login_password:
- arg = s->args.elts;
-
-#if (NGX_DEBUG_MAIL_PASSWD)
- ngx_log_debug1(NGX_LOG_DEBUG_MAIL, c->log, 0,
- "imap auth login password: \"%V\"", &arg[0]);
-#endif
-
- s->passwd.data = ngx_palloc(c->pool,
- ngx_base64_decoded_length(arg[0].len));
- if (s->passwd.data == NULL){
- ngx_mail_session_internal_server_error(s);
- return;
- }
-
- if (ngx_decode_base64(&s->passwd, &arg[0]) != NGX_OK) {
- ngx_log_error(NGX_LOG_INFO, c->log, 0,
- "client sent invalid base64 encoding "
- "in AUTH LOGIN command");
- rc = NGX_MAIL_PARSE_INVALID_COMMAND;
- break;
- }
-
-#if (NGX_DEBUG_MAIL_PASSWD)
- ngx_log_debug1(NGX_LOG_DEBUG_MAIL, c->log, 0,
- "imap auth login password: \"%V\"", &s->passwd);
-#endif
-
- ngx_mail_do_auth(s);
- return;
-
- case ngx_imap_auth_plain:
- arg = s->args.elts;
-
- rc = ngx_mail_decode_auth_plain(s, &arg[0]);
-
- if (rc == NGX_OK) {
- ngx_mail_do_auth(s);
- return;
- }
-
- if (rc == NGX_ERROR) {
- ngx_mail_session_internal_server_error(s);
- return;
- }
-
- /* rc == NGX_MAIL_PARSE_INVALID_COMMAND */
-
- break;
-
- case ngx_imap_auth_cram_md5:
- arg = s->args.elts;
-
- ngx_log_debug1(NGX_LOG_DEBUG_MAIL, c->log, 0,
- "imap auth cram-md5: \"%V\"", &arg[0]);
-
- s->login.data = ngx_palloc(c->pool,
- ngx_base64_decoded_length(arg[0].len));
- if (s->login.data == NULL){
- ngx_mail_session_internal_server_error(s);
- return;
- }
-
- if (ngx_decode_base64(&s->login, &arg[0]) != NGX_OK) {
- ngx_log_error(NGX_LOG_INFO, c->log, 0,
- "client sent invalid base64 encoding "
- "in AUTH CRAM-MD5 command");
- rc = NGX_MAIL_PARSE_INVALID_COMMAND;
- break;
- }
-
- p = s->login.data;
- last = p + s->login.len;
-
- while (p < last) {
- if (*p++ == ' ') {
- s->login.len = p - s->login.data - 1;
- s->passwd.len = last - p;
- s->passwd.data = p;
- break;
- }
- }
-
- if (s->passwd.len != 32) {
- ngx_log_error(NGX_LOG_INFO, c->log, 0,
- "client sent invalid CRAM-MD5 hash "
- "in AUTH CRAM-MD5 command");
- rc = NGX_MAIL_PARSE_INVALID_COMMAND;
- break;
- }
-
- ngx_log_debug2(NGX_LOG_DEBUG_MAIL, c->log, 0,
- "imap auth cram-md5: \"%V\" \"%V\"",
- &s->login, &s->passwd);
-
- s->auth_method = NGX_MAIL_AUTH_CRAM_MD5;
-
- ngx_mail_do_auth(s);
+ if (s->quit) {
+ ngx_mail_close_connection(c);
return;
}
- } else if (rc == NGX_IMAP_NEXT) {
- last = imap_next;
- last_len = sizeof(imap_next) - 1;
- tag = 0;
- }
-
- if (rc == NGX_MAIL_PARSE_INVALID_COMMAND) {
- s->mail_state = ngx_imap_start;
- s->state = 0;
- last = imap_invalid_command;
- last_len = sizeof(imap_invalid_command) - 1;
- }
-
- if (tag) {
- if (s->tag.len == 0) {
- s->tag.len = sizeof(imap_star) - 1;
- s->tag.data = (u_char *) imap_star;
- }
-
- if (s->tagged_line.len < s->tag.len + text_len + last_len) {
- s->tagged_line.len = s->tag.len + text_len + last_len;
- s->tagged_line.data = ngx_palloc(c->pool, s->tagged_line.len);
- if (s->tagged_line.data == NULL) {
- ngx_mail_close_connection(c);
- return;
- }
- }
-
- s->out.data = s->tagged_line.data;
- s->out.len = s->tag.len + text_len + last_len;
-
- p = s->out.data;
-
- if (text) {
- p = ngx_cpymem(p, text, text_len);
+ if (s->blocked) {
+ c->read->handler(c->read);
}
- p = ngx_cpymem(p, s->tag.data, s->tag.len);
- ngx_memcpy(p, last, last_len);
-
- } else {
- s->out.data = last;
- s->out.len = last_len;
- }
-
- if (rc != NGX_IMAP_NEXT) {
- s->args.nelts = 0;
-
- if (s->state) {
- /* preserve tag */
- s->arg_start = s->buffer->start + s->tag.len;
- s->buffer->pos = s->arg_start;
- s->buffer->last = s->arg_start;
-
- } else {
- s->buffer->pos = s->buffer->start;
- s->buffer->last = s->buffer->start;
- s->tag.len = 0;
- }
+ return;
}
- ngx_mail_send(c->write);
-}
-
-
-void
-ngx_smtp_auth_state(ngx_event_t *rev)
-{
- u_char *p, *last, *text, ch;
- ssize_t size;
- ngx_int_t rc;
- ngx_str_t *arg, salt, l;
- ngx_uint_t i;
- ngx_connection_t *c;
- ngx_mail_session_t *s;
- ngx_mail_core_srv_conf_t *cscf;
-#if (NGX_MAIL_SSL)
- ngx_mail_ssl_conf_t *sslcf;
-#endif
-
- c = rev->data;
- s = c->data;
-
- ngx_log_debug0(NGX_LOG_DEBUG_MAIL, c->log, 0, "smtp auth state");
-
- if (rev->timedout) {
- ngx_log_error(NGX_LOG_INFO, c->log, NGX_ETIMEDOUT, "client timed out");
- c->timedout = 1;
+ if (n == NGX_ERROR) {
ngx_mail_close_connection(c);
return;
}
- if (s->out.len) {
- ngx_log_debug0(NGX_LOG_DEBUG_MAIL, c->log, 0, "smtp send handler busy");
- s->blocked = 1;
- return;
- }
+ /* n == NGX_AGAIN */
- s->blocked = 0;
+ cscf = ngx_mail_get_module_srv_conf(s, ngx_mail_core_module);
- rc = ngx_mail_read_command(s);
+ ngx_add_timer(c->write, cscf->timeout);
- if (rc == NGX_AGAIN || rc == NGX_ERROR) {
+ if (ngx_handle_write_event(c->write, 0) == NGX_ERROR) {
+ ngx_mail_close_connection(c);
return;
}
-
- text = NULL;
- size = 0;
-
- if (rc == NGX_OK) {
- switch (s->mail_state) {
-
- case ngx_smtp_start:
-
- switch (s->command) {
-
- case NGX_SMTP_HELO:
- case NGX_SMTP_EHLO:
- cscf = ngx_mail_get_module_srv_conf(s, ngx_mail_core_module);
-
- if (s->args.nelts != 1) {
- text = smtp_invalid_argument;
- size = sizeof(smtp_invalid_argument) - 1;
- s->state = 0;
- break;
- }
-
- arg = s->args.elts;
-
- s->smtp_helo.len = arg[0].len;
-
- s->smtp_helo.data = ngx_palloc(c->pool, arg[0].len);
- if (s->smtp_helo.data == NULL) {
- ngx_mail_session_internal_server_error(s);
- return;
- }
-
- ngx_memcpy(s->smtp_helo.data, arg[0].data, arg[0].len);
-
- if (s->command == NGX_SMTP_HELO) {
- size = cscf->smtp_server_name.len;
- text = cscf->smtp_server_name.data;
-
- } else {
- s->esmtp = 1;
-
-#if (NGX_MAIL_SSL)
-
- if (c->ssl == NULL) {
- sslcf = ngx_mail_get_module_srv_conf(s, ngx_mail_ssl_module);
-
- if (sslcf->starttls == NGX_MAIL_STARTTLS_ON) {
- size = cscf->smtp_starttls_capability.len;
- text = cscf->smtp_starttls_capability.data;
- break;
- }
-
- if (sslcf->starttls == NGX_MAIL_STARTTLS_ONLY) {
- size = cscf->smtp_starttls_only_capability.len;
- text = cscf->smtp_starttls_only_capability.data;
- break;
- }
- }
-#endif
-
- size = cscf->smtp_capability.len;
- text = cscf->smtp_capability.data;
- }
-
- break;
-
- case NGX_SMTP_AUTH:
-
-#if (NGX_MAIL_SSL)
-
- if (c->ssl == NULL) {
- sslcf = ngx_mail_get_module_srv_conf(s, ngx_mail_ssl_module);
-
- if (sslcf->starttls == NGX_MAIL_STARTTLS_ONLY) {
- rc = NGX_MAIL_PARSE_INVALID_COMMAND;
- break;
- }
- }
-#endif
-
- if (s->args.nelts == 0) {
- text = smtp_invalid_argument;
- size = sizeof(smtp_invalid_argument) - 1;
- s->state = 0;
- break;
- }
-
- arg = s->args.elts;
-
- if (arg[0].len == 5) {
-
- if (ngx_strncasecmp(arg[0].data, (u_char *) "LOGIN", 5)
- == 0)
- {
-
- if (s->args.nelts != 1) {
- rc = NGX_MAIL_PARSE_INVALID_COMMAND;
- break;
- }
-
- s->mail_state = ngx_smtp_auth_login_username;
-
- size = sizeof(smtp_username) - 1;
- text = smtp_username;
-
- break;
-
- } else if (ngx_strncasecmp(arg[0].data, (u_char *) "PLAIN",
- 5)
- == 0)
- {
- if (s->args.nelts == 1) {
- s->mail_state = ngx_smtp_auth_plain;
-
- size = sizeof(smtp_next) - 1;
- text = smtp_next;
-
- break;
- }
-
- if (s->args.nelts == 2) {
-
- rc = ngx_mail_decode_auth_plain(s, &arg[1]);
-
- if (rc == NGX_OK) {
- ngx_mail_do_auth(s);
- return;
- }
-
- if (rc == NGX_ERROR) {
- ngx_mail_session_internal_server_error(s);
- return;
- }
-
- /* rc == NGX_MAIL_PARSE_INVALID_COMMAND */
-
- break;
- }
-
- rc = NGX_MAIL_PARSE_INVALID_COMMAND;
- break;
- }
-
- } else if (arg[0].len == 8
- && ngx_strncasecmp(arg[0].data,
- (u_char *) "CRAM-MD5", 8)
- == 0)
- {
- cscf = ngx_mail_get_module_srv_conf(s,
- ngx_mail_core_module);
-
- if (!(cscf->smtp_auth_methods
- & NGX_MAIL_AUTH_CRAM_MD5_ENABLED)
- || s->args.nelts != 1)
- {
- rc = NGX_MAIL_PARSE_INVALID_COMMAND;
- break;
- }
-
- s->mail_state = ngx_smtp_auth_cram_md5;
-
- text = ngx_palloc(c->pool,
- sizeof("334 " CRLF) - 1
- + ngx_base64_encoded_length(s->salt.len));
- if (text == NULL) {
- ngx_mail_session_internal_server_error(s);
- return;
- }
-
- text[0] = '3'; text[1]= '3'; text[2] = '4'; text[3]= ' ';
- salt.data = &text[4];
- s->salt.len -= 2;
-
- ngx_encode_base64(&salt, &s->salt);
-
- s->salt.len += 2;
- size = 4 + salt.len;
- text[size++] = CR; text[size++] = LF;
-
- break;
- }
-
- rc = NGX_MAIL_PARSE_INVALID_COMMAND;
- break;
-
- case NGX_SMTP_QUIT:
- s->quit = 1;
- text = smtp_bye;
- size = sizeof(smtp_bye) - 1;
- break;
-
- case NGX_SMTP_MAIL:
-
- if (s->connection->log->log_level >= NGX_LOG_INFO) {
- l.len = s->buffer->last - s->buffer->start;
- l.data = s->buffer->start;
-
- for (i = 0; i < l.len; i++) {
- ch = l.data[i];
-
- if (ch != CR && ch != LF) {
- continue;
- }
-
- l.data[i] = ' ';
- }
-
- while (i) {
- if (l.data[i - 1] != ' ') {
- break;
- }
-
- i--;
- }
-
- l.len = i;
-
- ngx_log_error(NGX_LOG_INFO, s->connection->log, 0,
- "client was rejected: \"%V\"", &l);
- }
-
- text = smtp_auth_required;
- size = sizeof(smtp_auth_required) - 1;
- break;
-
- case NGX_SMTP_NOOP:
- case NGX_SMTP_RSET:
- text = smtp_ok;
- size = sizeof(smtp_ok) - 1;
- break;
-
-#if (NGX_MAIL_SSL)
-
- case NGX_SMTP_STARTTLS:
- if (c->ssl == NULL) {
- sslcf = ngx_mail_get_module_srv_conf(s,
- ngx_mail_ssl_module);
- if (sslcf->starttls) {
- c->read->handler = ngx_mail_starttls_handler;
-
- /*
- * RFC3207 requires us to discard any knowledge
- * obtained from client before STARTTLS.
- */
-
- s->smtp_helo.len = 0;
- s->smtp_helo.data = NULL;
-
- text = smtp_ok;
- size = sizeof(smtp_ok) - 1;
-
- break;
- }
- }
-
- rc = NGX_MAIL_PARSE_INVALID_COMMAND;
- break;
-#endif
-
- default:
- rc = NGX_MAIL_PARSE_INVALID_COMMAND;
- break;
- }
-
- break;
-
- case ngx_smtp_auth_login_username:
- arg = s->args.elts;
- s->mail_state = ngx_smtp_auth_login_password;
-
- ngx_log_debug1(NGX_LOG_DEBUG_MAIL, c->log, 0,
- "smtp auth login username: \"%V\"", &arg[0]);
-
- s->login.data = ngx_palloc(c->pool,
- ngx_base64_decoded_length(arg[0].len));
- if (s->login.data == NULL){
- ngx_mail_session_internal_server_error(s);
- return;
- }
-
- if (ngx_decode_base64(&s->login, &arg[0]) != NGX_OK) {
- ngx_log_error(NGX_LOG_INFO, c->log, 0,
- "client sent invalid base64 encoding "
- "in AUTH LOGIN command");
- rc = NGX_MAIL_PARSE_INVALID_COMMAND;
- break;
- }
-
- ngx_log_debug1(NGX_LOG_DEBUG_MAIL, c->log, 0,
- "smtp auth login username: \"%V\"", &s->login);
-
- size = sizeof(smtp_password) - 1;
- text = smtp_password;
-
- break;
-
- case ngx_smtp_auth_login_password:
- arg = s->args.elts;
-
-#if (NGX_DEBUG_MAIL_PASSWD)
- ngx_log_debug1(NGX_LOG_DEBUG_MAIL, c->log, 0,
- "smtp auth login password: \"%V\"", &arg[0]);
-#endif
-
- s->passwd.data = ngx_palloc(c->pool,
- ngx_base64_decoded_length(arg[0].len));
- if (s->passwd.data == NULL){
- ngx_mail_session_internal_server_error(s);
- return;
- }
-
- if (ngx_decode_base64(&s->passwd, &arg[0]) != NGX_OK) {
- ngx_log_error(NGX_LOG_INFO, c->log, 0,
- "client sent invalid base64 encoding "
- "in AUTH LOGIN command");
- rc = NGX_MAIL_PARSE_INVALID_COMMAND;
- break;
- }
-
-#if (NGX_DEBUG_MAIL_PASSWD)
- ngx_log_debug1(NGX_LOG_DEBUG_MAIL, c->log, 0,
- "smtp auth login password: \"%V\"", &s->passwd);
-#endif
-
- ngx_mail_do_auth(s);
- return;
-
- case ngx_smtp_auth_plain:
- arg = s->args.elts;
-
- rc = ngx_mail_decode_auth_plain(s, &arg[0]);
-
- if (rc == NGX_OK) {
- ngx_mail_do_auth(s);
- return;
- }
-
- if (rc == NGX_ERROR) {
- ngx_mail_session_internal_server_error(s);
- return;
- }
-
- /* rc == NGX_MAIL_PARSE_INVALID_COMMAND */
-
- break;
-
- case ngx_smtp_auth_cram_md5:
- arg = s->args.elts;
-
- ngx_log_debug1(NGX_LOG_DEBUG_MAIL, c->log, 0,
- "smtp auth cram-md5: \"%V\"", &arg[0]);
-
- s->login.data = ngx_palloc(c->pool,
- ngx_base64_decoded_length(arg[0].len));
- if (s->login.data == NULL){
- ngx_mail_session_internal_server_error(s);
- return;
- }
-
- if (ngx_decode_base64(&s->login, &arg[0]) != NGX_OK) {
- ngx_log_error(NGX_LOG_INFO, c->log, 0,
- "client sent invalid base64 encoding "
- "in AUTH CRAM-MD5 command");
- rc = NGX_MAIL_PARSE_INVALID_COMMAND;
- break;
- }
-
- p = s->login.data;
- last = p + s->login.len;
-
- while (p < last) {
- if (*p++ == ' ') {
- s->login.len = p - s->login.data - 1;
- s->passwd.len = last - p;
- s->passwd.data = p;
- break;
- }
- }
-
- if (s->passwd.len != 32) {
- ngx_log_error(NGX_LOG_INFO, c->log, 0,
- "client sent invalid CRAM-MD5 hash "
- "in AUTH CRAM-MD5 command");
- rc = NGX_MAIL_PARSE_INVALID_COMMAND;
- break;
- }
-
- ngx_log_debug2(NGX_LOG_DEBUG_MAIL, c->log, 0,
- "smtp auth cram-md5: \"%V\" \"%V\"",
- &s->login, &s->passwd);
-
- s->auth_method = NGX_MAIL_AUTH_CRAM_MD5;
-
- ngx_mail_do_auth(s);
- return;
- }
- }
-
- if (rc == NGX_MAIL_PARSE_INVALID_COMMAND) {
- s->mail_state = ngx_smtp_start;
- s->state = 0;
- text = smtp_invalid_command;
- size = sizeof(smtp_invalid_command) - 1;
- }
-
- s->args.nelts = 0;
- s->buffer->pos = s->buffer->start;
- s->buffer->last = s->buffer->start;
-
- if (s->state) {
- s->arg_start = s->buffer->start;
- }
-
- s->out.data = text;
- s->out.len = size;
-
- ngx_mail_send(c->write);
}
-static ngx_int_t
-ngx_mail_decode_auth_plain(ngx_mail_session_t *s, ngx_str_t *encoded)
-{
- u_char *p, *last;
- ngx_str_t plain;
-
-#if (NGX_DEBUG_MAIL_PASSWD)
- ngx_log_debug1(NGX_LOG_DEBUG_MAIL, s->connection->log, 0,
- "mail auth plain: \"%V\"", encoded);
-#endif
-
- plain.data = ngx_palloc(s->connection->pool,
- ngx_base64_decoded_length(encoded->len));
- if (plain.data == NULL){
- return NGX_ERROR;
- }
-
- if (ngx_decode_base64(&plain, encoded) != NGX_OK) {
- ngx_log_error(NGX_LOG_INFO, s->connection->log, 0,
- "client sent invalid base64 encoding "
- "in AUTH PLAIN command");
- return NGX_MAIL_PARSE_INVALID_COMMAND;
- }
-
- p = plain.data;
- last = p + plain.len;
-
- while (p < last && *p++) { /* void */ }
-
- if (p == last) {
- ngx_log_error(NGX_LOG_INFO, s->connection->log, 0,
- "client sent invalid login in AUTH PLAIN command");
- return NGX_MAIL_PARSE_INVALID_COMMAND;
- }
-
- s->login.data = p;
-
- while (p < last && *p) { p++; }
-
- if (p == last) {
- ngx_log_error(NGX_LOG_INFO, s->connection->log, 0,
- "client sent invalid password in AUTH PLAIN command");
- return NGX_MAIL_PARSE_INVALID_COMMAND;
- }
-
- s->login.len = p++ - s->login.data;
-
- s->passwd.len = last - p;
- s->passwd.data = p;
-
-#if (NGX_DEBUG_MAIL_PASSWD)
- ngx_log_debug2(NGX_LOG_DEBUG_MAIL, s->connection->log, 0,
- "mail auth plain: \"%V\" \"%V\"",
- &s->login, &s->passwd);
-#endif
-
- return NGX_OK;
-}
-
-
-static void
-ngx_mail_do_auth(ngx_mail_session_t *s)
-{
- s->args.nelts = 0;
- s->buffer->pos = s->buffer->start;
- s->buffer->last = s->buffer->start;
- s->state = 0;
-
- if (s->connection->read->timer_set) {
- ngx_del_timer(s->connection->read);
- }
-
- s->login_attempt++;
-
- ngx_mail_auth_http_init(s);
-}
-
-
-static ngx_int_t
+ngx_int_t
ngx_mail_read_command(ngx_mail_session_t *s)
{
ssize_t n;
@@ -2027,19 +546,7 @@ ngx_mail_read_command(ngx_mail_session_t *s)
return NGX_AGAIN;
}
- switch (s->protocol) {
- case NGX_MAIL_POP3_PROTOCOL:
- rc = ngx_pop3_parse_command(s);
- break;
-
- case NGX_MAIL_IMAP_PROTOCOL:
- rc = ngx_imap_parse_command(s);
- break;
-
- default: /* NGX_MAIL_SMTP_PROTOCOL */
- rc = ngx_smtp_parse_command(s);
- break;
- }
+ rc = ngx_mail_parse[s->protocol](s);
if (rc == NGX_AGAIN) {
@@ -2072,6 +579,24 @@ ngx_mail_read_command(ngx_mail_session_t *s)
void
+ngx_mail_auth(ngx_mail_session_t *s)
+{
+ s->args.nelts = 0;
+ s->buffer->pos = s->buffer->start;
+ s->buffer->last = s->buffer->start;
+ s->state = 0;
+
+ if (s->connection->read->timer_set) {
+ ngx_del_timer(s->connection->read);
+ }
+
+ s->login_attempt++;
+
+ ngx_mail_auth_http_init(s);
+}
+
+
+void
ngx_mail_session_internal_server_error(ngx_mail_session_t *s)
{
s->out = internal_server_errors[s->protocol];
@@ -2114,7 +639,7 @@ ngx_mail_close_connection(ngx_connection_t *c)
}
-static u_char *
+u_char *
ngx_mail_log_error(ngx_log_t *log, u_char *buf, size_t len)
{
u_char *p;
diff --git a/src/mail/ngx_mail_imap_handler.c b/src/mail/ngx_mail_imap_handler.c
new file mode 100644
index 000000000..bf3468273
--- /dev/null
+++ b/src/mail/ngx_mail_imap_handler.c
@@ -0,0 +1,492 @@
+
+/*
+ * Copyright (C) Igor Sysoev
+ */
+
+
+#include <ngx_config.h>
+#include <ngx_core.h>
+#include <ngx_event.h>
+#include <ngx_mail.h>
+
+
+static ngx_int_t ngx_mail_imap_login(ngx_mail_session_t *s,
+ ngx_connection_t *c);
+static ngx_int_t ngx_mail_imap_authenticate(ngx_mail_session_t *s,
+ ngx_connection_t *c);
+static ngx_int_t ngx_mail_imap_capability(ngx_mail_session_t *s,
+ ngx_connection_t *c);
+static ngx_int_t ngx_mail_imap_starttls(ngx_mail_session_t *s,
+ ngx_connection_t *c);
+
+
+static u_char imap_greeting[] = "* OK IMAP4 ready" CRLF;
+static u_char imap_star[] = "* ";
+static u_char imap_ok[] = "OK completed" CRLF;
+static u_char imap_next[] = "+ OK" CRLF;
+static u_char imap_plain_next[] = "+ " CRLF;
+static u_char imap_username[] = "+ VXNlcm5hbWU6" CRLF;
+static u_char imap_password[] = "+ UGFzc3dvcmQ6" CRLF;
+static u_char imap_bye[] = "* BYE" CRLF;
+static u_char imap_invalid_command[] = "BAD invalid command" CRLF;
+
+
+void
+ngx_mail_imap_init_session(ngx_mail_session_t *s, ngx_connection_t *c)
+{
+ ngx_mail_core_srv_conf_t *cscf;
+
+ cscf = ngx_mail_get_module_srv_conf(s, ngx_mail_core_module);
+
+ if (cscf->imap_auth_methods & NGX_MAIL_AUTH_CRAM_MD5_ENABLED) {
+ if (ngx_mail_salt(s, c, cscf) != NGX_OK) {
+ ngx_mail_session_internal_server_error(s);
+ return;
+ }
+ }
+
+ c->read->handler = ngx_mail_imap_init_protocol;
+
+ s->out.len = sizeof(imap_greeting) - 1;
+ s->out.data = imap_greeting;
+
+ ngx_mail_send(c->write);
+}
+
+
+void
+ngx_mail_imap_init_protocol(ngx_event_t *rev)
+{
+ ngx_connection_t *c;
+ ngx_mail_session_t *s;
+ ngx_mail_core_srv_conf_t *cscf;
+
+ c = rev->data;
+
+ c->log->action = "in auth state";
+
+ if (rev->timedout) {
+ ngx_log_error(NGX_LOG_INFO, c->log, NGX_ETIMEDOUT, "client timed out");
+ c->timedout = 1;
+ ngx_mail_close_connection(c);
+ return;
+ }
+
+ s = c->data;
+
+ if (s->buffer == NULL) {
+ if (ngx_array_init(&s->args, c->pool, 2, sizeof(ngx_str_t))
+ == NGX_ERROR)
+ {
+ ngx_mail_session_internal_server_error(s);
+ return;
+ }
+
+ cscf = ngx_mail_get_module_srv_conf(s, ngx_mail_core_module);
+
+ s->buffer = ngx_create_temp_buf(c->pool, cscf->imap_client_buffer_size);
+ if (s->buffer == NULL) {
+ ngx_mail_session_internal_server_error(s);
+ return;
+ }
+ }
+
+ s->mail_state = ngx_imap_start;
+ c->read->handler = ngx_imap_auth_state;
+
+ ngx_imap_auth_state(rev);
+}
+
+
+void
+ngx_imap_auth_state(ngx_event_t *rev)
+{
+ u_char *p, *dst, *src, *end;
+ ngx_str_t *arg;
+ ngx_int_t rc;
+ ngx_uint_t tag, i;
+ ngx_connection_t *c;
+ ngx_mail_session_t *s;
+
+ c = rev->data;
+ s = c->data;
+
+ ngx_log_debug0(NGX_LOG_DEBUG_MAIL, c->log, 0, "imap auth state");
+
+ if (rev->timedout) {
+ ngx_log_error(NGX_LOG_INFO, c->log, NGX_ETIMEDOUT, "client timed out");
+ c->timedout = 1;
+ ngx_mail_close_connection(c);
+ return;
+ }
+
+ if (s->out.len) {
+ ngx_log_debug0(NGX_LOG_DEBUG_MAIL, c->log, 0, "imap send handler busy");
+ s->blocked = 1;
+ return;
+ }
+
+ s->blocked = 0;
+
+ rc = ngx_mail_read_command(s);
+
+ if (rc == NGX_AGAIN || rc == NGX_ERROR) {
+ return;
+ }
+
+ tag = 1;
+ s->text.len = 0;
+ s->out.len = sizeof(imap_ok) - 1;
+ s->out.data = imap_ok;
+
+ if (rc == NGX_OK) {
+
+ ngx_log_debug1(NGX_LOG_DEBUG_MAIL, c->log, 0, "imap auth command: %i",
+ s->command);
+
+ if (s->backslash) {
+
+ arg = s->args.elts;
+
+ for (i = 0; i < s->args.nelts; i++) {
+ dst = arg[i].data;
+ end = dst + arg[i].len;
+
+ for (src = dst; src < end; dst++) {
+ *dst = *src;
+ if (*src++ == '\\') {
+ *dst = *src++;
+ }
+ }
+
+ arg[i].len = dst - arg[i].data;
+ }
+
+ s->backslash = 0;
+ }
+
+ switch (s->mail_state) {
+
+ case ngx_imap_start:
+
+ switch (s->command) {
+
+ case NGX_IMAP_LOGIN:
+ rc = ngx_mail_imap_login(s, c);
+ break;
+
+ case NGX_IMAP_AUTHENTICATE:
+ rc = ngx_mail_imap_authenticate(s, c);
+
+ if (rc == NGX_OK) {
+ tag = 0;
+ }
+
+ break;
+
+ case NGX_IMAP_CAPABILITY:
+ rc = ngx_mail_imap_capability(s, c);
+ break;
+
+ case NGX_IMAP_LOGOUT:
+ s->quit = 1;
+ s->text.len = sizeof(imap_bye) - 1;
+ s->text.data = imap_bye;
+ break;
+
+ case NGX_IMAP_NOOP:
+ break;
+
+ case NGX_IMAP_STARTTLS:
+ rc = ngx_mail_imap_starttls(s, c);
+ break;
+
+ default:
+ rc = NGX_MAIL_PARSE_INVALID_COMMAND;
+ break;
+ }
+
+ break;
+
+ case ngx_imap_auth_login_username:
+ rc = ngx_mail_auth_login_username(s, c);
+
+ tag = 0;
+ s->out.len = sizeof(imap_password) - 1;
+ s->out.data = imap_password;
+ s->mail_state = ngx_imap_auth_login_password;
+
+ break;
+
+ case ngx_imap_auth_login_password:
+ rc = ngx_mail_auth_login_password(s, c);
+ break;
+
+ case ngx_imap_auth_plain:
+ rc = ngx_mail_auth_plain(s, c, 0);
+ break;
+
+ case ngx_imap_auth_cram_md5:
+ rc = ngx_mail_auth_cram_md5(s, c);
+ break;
+ }
+
+ } else if (rc == NGX_IMAP_NEXT) {
+ tag = 0;
+ s->out.len = sizeof(imap_next) - 1;
+ s->out.data = imap_next;
+ }
+
+ switch (rc) {
+
+ case NGX_DONE:
+ ngx_mail_auth(s);
+ return;
+
+ case NGX_ERROR:
+ ngx_mail_session_internal_server_error(s);
+ return;
+
+ case NGX_MAIL_PARSE_INVALID_COMMAND:
+ s->state = 0;
+ s->out.len = sizeof(imap_invalid_command) - 1;
+ s->out.data = imap_invalid_command;
+ s->mail_state = ngx_imap_start;
+ break;
+ }
+
+ if (tag) {
+ if (s->tag.len == 0) {
+ s->tag.len = sizeof(imap_star) - 1;
+ s->tag.data = (u_char *) imap_star;
+ }
+
+ if (s->tagged_line.len < s->tag.len + s->text.len + s->out.len) {
+ s->tagged_line.len = s->tag.len + s->text.len + s->out.len;
+ s->tagged_line.data = ngx_palloc(c->pool, s->tagged_line.len);
+ if (s->tagged_line.data == NULL) {
+ ngx_mail_close_connection(c);
+ return;
+ }
+ }
+
+ p = s->tagged_line.data;
+
+ if (s->text.len) {
+ p = ngx_cpymem(p, s->text.data, s->text.len);
+ }
+
+ p = ngx_cpymem(p, s->tag.data, s->tag.len);
+ ngx_memcpy(p, s->out.data, s->out.len);
+
+ s->out.len = s->text.len + s->tag.len + s->out.len;
+ s->out.data = s->tagged_line.data;
+ }
+
+ if (rc != NGX_IMAP_NEXT) {
+ s->args.nelts = 0;
+
+ if (s->state) {
+ /* preserve tag */
+ s->arg_start = s->buffer->start + s->tag.len;
+ s->buffer->pos = s->arg_start;
+ s->buffer->last = s->arg_start;
+
+ } else {
+ s->buffer->pos = s->buffer->start;
+ s->buffer->last = s->buffer->start;
+ s->tag.len = 0;
+ }
+ }
+
+ ngx_mail_send(c->write);
+}
+
+
+static ngx_int_t
+ngx_mail_imap_login(ngx_mail_session_t *s, ngx_connection_t *c)
+{
+ ngx_str_t *arg;
+#if (NGX_MAIL_SSL)
+ ngx_mail_ssl_conf_t *sslcf;
+
+ if (c->ssl == NULL) {
+ sslcf = ngx_mail_get_module_srv_conf(s, ngx_mail_ssl_module);
+
+ if (sslcf->starttls == NGX_MAIL_STARTTLS_ONLY) {
+ return NGX_MAIL_PARSE_INVALID_COMMAND;
+ }
+ }
+#endif
+
+ arg = s->args.elts;
+
+ if (s->args.nelts != 2 || arg[0].len == 0) {
+ return NGX_MAIL_PARSE_INVALID_COMMAND;
+ }
+
+ s->login.len = arg[0].len;
+ s->login.data = ngx_palloc(c->pool, s->login.len);
+ if (s->login.data == NULL) {
+ return NGX_ERROR;
+ }
+
+ ngx_memcpy(s->login.data, arg[0].data, s->login.len);
+
+ s->passwd.len = arg[1].len;
+ s->passwd.data = ngx_palloc(c->pool, s->passwd.len);
+ if (s->passwd.data == NULL) {
+ return NGX_ERROR;
+ }
+
+ ngx_memcpy(s->passwd.data, arg[1].data, s->passwd.len);
+
+#if (NGX_DEBUG_MAIL_PASSWD)
+ ngx_log_debug2(NGX_LOG_DEBUG_MAIL, c->log, 0,
+ "imap login:\"%V\" passwd:\"%V\"",
+ &s->login, &s->passwd);
+#else
+ ngx_log_debug1(NGX_LOG_DEBUG_MAIL, c->log, 0,
+ "imap login:\"%V\"", &s->login);
+#endif
+
+ return NGX_DONE;
+}
+
+
+static ngx_int_t
+ngx_mail_imap_authenticate(ngx_mail_session_t *s, ngx_connection_t *c)
+{
+ u_char *p;
+ ngx_str_t *arg, salt;
+ ngx_uint_t n;
+ ngx_mail_core_srv_conf_t *cscf;
+#if (NGX_MAIL_SSL)
+ ngx_mail_ssl_conf_t *sslcf;
+
+ if (c->ssl == NULL) {
+ sslcf = ngx_mail_get_module_srv_conf(s, ngx_mail_ssl_module);
+
+ if (sslcf->starttls == NGX_MAIL_STARTTLS_ONLY) {
+ return NGX_MAIL_PARSE_INVALID_COMMAND;
+ }
+ }
+#endif
+
+ if (s->args.nelts != 1) {
+ return NGX_MAIL_PARSE_INVALID_COMMAND;
+ }
+
+ arg = s->args.elts;
+
+ if (arg[0].len == 5) {
+
+ if (ngx_strncasecmp(arg[0].data, (u_char *) "LOGIN", 5) == 0) {
+
+ s->out.len = sizeof(imap_username) - 1;
+ s->out.data = imap_username;
+ s->mail_state = ngx_imap_auth_login_username;
+
+ return NGX_OK;
+
+ } else if (ngx_strncasecmp(arg[0].data, (u_char *) "PLAIN", 5) == 0) {
+
+ s->out.len = sizeof(imap_plain_next) - 1;
+ s->out.data = imap_plain_next;
+ s->mail_state = ngx_imap_auth_plain;
+
+ return NGX_OK;
+ }
+
+ } else if (arg[0].len == 8
+ && ngx_strncasecmp(arg[0].data, (u_char *) "CRAM-MD5", 8) == 0)
+ {
+ if (s->args.nelts != 1) {
+ return NGX_MAIL_PARSE_INVALID_COMMAND;
+ }
+
+ cscf = ngx_mail_get_module_srv_conf(s, ngx_mail_core_module);
+
+ if (!(cscf->imap_auth_methods & NGX_MAIL_AUTH_CRAM_MD5_ENABLED)) {
+ return NGX_MAIL_PARSE_INVALID_COMMAND;
+ }
+
+ p = ngx_palloc(c->pool,
+ sizeof("+ " CRLF) - 1
+ + ngx_base64_encoded_length(s->salt.len));
+ if (p == NULL) {
+ return NGX_ERROR;
+ }
+
+ p[0] = '+'; p[1]= ' ';
+ salt.data = &p[2];
+ s->salt.len -= 2;
+
+ ngx_encode_base64(&salt, &s->salt);
+
+ s->salt.len += 2;
+ n = 2 + salt.len;
+ p[n++] = CR; p[n++] = LF;
+
+ s->out.len = n;
+ s->out.data = p;
+ s->mail_state = ngx_imap_auth_cram_md5;
+
+ return NGX_OK;
+ }
+
+ return NGX_MAIL_PARSE_INVALID_COMMAND;
+}
+
+
+static ngx_int_t
+ngx_mail_imap_capability(ngx_mail_session_t *s, ngx_connection_t *c)
+{
+ ngx_mail_core_srv_conf_t *cscf;
+#if (NGX_MAIL_SSL)
+ ngx_mail_ssl_conf_t *sslcf;
+#endif
+
+ cscf = ngx_mail_get_module_srv_conf(s, ngx_mail_core_module);
+
+#if (NGX_MAIL_SSL)
+
+ if (c->ssl == NULL) {
+ sslcf = ngx_mail_get_module_srv_conf(s, ngx_mail_ssl_module);
+
+ if (sslcf->starttls == NGX_MAIL_STARTTLS_ON) {
+ s->text = cscf->imap_starttls_capability;
+ return NGX_OK;
+ }
+
+ if (sslcf->starttls == NGX_MAIL_STARTTLS_ONLY) {
+ s->text = cscf->imap_starttls_only_capability;
+ return NGX_OK;
+ }
+ }
+#endif
+
+ s->text = cscf->imap_capability;
+
+ return NGX_OK;
+}
+
+
+static ngx_int_t
+ngx_mail_imap_starttls(ngx_mail_session_t *s, ngx_connection_t *c)
+{
+#if (NGX_MAIL_SSL)
+ ngx_mail_ssl_conf_t *sslcf;
+
+ if (c->ssl == NULL) {
+ sslcf = ngx_mail_get_module_srv_conf(s, ngx_mail_ssl_module);
+ if (sslcf->starttls) {
+ c->read->handler = ngx_mail_starttls_handler;
+ return NGX_OK;
+ }
+ }
+
+#endif
+
+ return NGX_MAIL_PARSE_INVALID_COMMAND;
+}
diff --git a/src/mail/ngx_mail_pop3_handler.c b/src/mail/ngx_mail_pop3_handler.c
new file mode 100644
index 000000000..735f9f222
--- /dev/null
+++ b/src/mail/ngx_mail_pop3_handler.c
@@ -0,0 +1,553 @@
+
+/*
+ * Copyright (C) Igor Sysoev
+ */
+
+
+#include <ngx_config.h>
+#include <ngx_core.h>
+#include <ngx_event.h>
+#include <ngx_mail.h>
+
+
+static ngx_int_t ngx_mail_pop3_user(ngx_mail_session_t *s, ngx_connection_t *c);
+static ngx_int_t ngx_mail_pop3_pass(ngx_mail_session_t *s, ngx_connection_t *c);
+static ngx_int_t ngx_mail_pop3_capa(ngx_mail_session_t *s, ngx_connection_t *c,
+ ngx_int_t stls);
+static ngx_int_t ngx_mail_pop3_stls(ngx_mail_session_t *s, ngx_connection_t *c);
+static ngx_int_t ngx_mail_pop3_apop(ngx_mail_session_t *s, ngx_connection_t *c);
+static ngx_int_t ngx_mail_pop3_auth(ngx_mail_session_t *s, ngx_connection_t *c);
+
+
+static u_char pop3_greeting[] = "+OK POP3 ready" CRLF;
+static u_char pop3_ok[] = "+OK" CRLF;
+static u_char pop3_next[] = "+ " CRLF;
+static u_char pop3_username[] = "+ VXNlcm5hbWU6" CRLF;
+static u_char pop3_password[] = "+ UGFzc3dvcmQ6" CRLF;
+static u_char pop3_invalid_command[] = "-ERR invalid command" CRLF;
+
+
+void
+ngx_mail_pop3_init_session(ngx_mail_session_t *s, ngx_connection_t *c)
+{
+ u_char *p;
+ ngx_mail_core_srv_conf_t *cscf;
+
+ cscf = ngx_mail_get_module_srv_conf(s, ngx_mail_core_module);
+
+ if (cscf->pop3_auth_methods
+ & (NGX_MAIL_AUTH_APOP_ENABLED|NGX_MAIL_AUTH_CRAM_MD5_ENABLED))
+ {
+ if (ngx_mail_salt(s, c, cscf) != NGX_OK) {
+ ngx_mail_session_internal_server_error(s);
+ return;
+ }
+
+ s->out.data = ngx_palloc(c->pool, sizeof(pop3_greeting) + s->salt.len);
+ if (s->out.data == NULL) {
+ ngx_mail_session_internal_server_error(s);
+ return;
+ }
+
+ p = ngx_cpymem(s->out.data, pop3_greeting, sizeof(pop3_greeting) - 3);
+ *p++ = ' ';
+ p = ngx_cpymem(p, s->salt.data, s->salt.len);
+
+ s->out.len = p - s->out.data;
+
+ } else {
+ s->out.len = sizeof(pop3_greeting) - 1;
+ s->out.data = pop3_greeting;
+ }
+
+ c->read->handler = ngx_mail_pop3_init_protocol;
+
+ ngx_mail_send(c->write);
+}
+
+
+void
+ngx_mail_pop3_init_protocol(ngx_event_t *rev)
+{
+ ngx_connection_t *c;
+ ngx_mail_session_t *s;
+
+ c = rev->data;
+
+ c->log->action = "in auth state";
+
+ if (rev->timedout) {
+ ngx_log_error(NGX_LOG_INFO, c->log, NGX_ETIMEDOUT, "client timed out");
+ c->timedout = 1;
+ ngx_mail_close_connection(c);
+ return;
+ }
+
+ s = c->data;
+
+ if (s->buffer == NULL) {
+ if (ngx_array_init(&s->args, c->pool, 2, sizeof(ngx_str_t))
+ == NGX_ERROR)
+ {
+ ngx_mail_session_internal_server_error(s);
+ return;
+ }
+
+ s->buffer = ngx_create_temp_buf(c->pool, 128);
+ if (s->buffer == NULL) {
+ ngx_mail_session_internal_server_error(s);
+ return;
+ }
+ }
+
+ s->mail_state = ngx_pop3_start;
+ c->read->handler = ngx_pop3_auth_state;
+
+ ngx_pop3_auth_state(rev);
+}
+
+
+void
+ngx_pop3_auth_state(ngx_event_t *rev)
+{
+ ngx_int_t rc;
+ ngx_connection_t *c;
+ ngx_mail_session_t *s;
+
+ c = rev->data;
+ s = c->data;
+
+ ngx_log_debug0(NGX_LOG_DEBUG_MAIL, c->log, 0, "pop3 auth state");
+
+ if (rev->timedout) {
+ ngx_log_error(NGX_LOG_INFO, c->log, NGX_ETIMEDOUT, "client timed out");
+ c->timedout = 1;
+ ngx_mail_close_connection(c);
+ return;
+ }
+
+ if (s->out.len) {
+ ngx_log_debug0(NGX_LOG_DEBUG_MAIL, c->log, 0, "pop3 send handler busy");
+ s->blocked = 1;
+ return;
+ }
+
+ s->blocked = 0;
+
+ rc = ngx_mail_read_command(s);
+
+ if (rc == NGX_AGAIN || rc == NGX_ERROR) {
+ return;
+ }
+
+ s->out.len = sizeof(pop3_ok) - 1;
+ s->out.data = pop3_ok;
+
+ if (rc == NGX_OK) {
+ switch (s->mail_state) {
+
+ case ngx_pop3_start:
+
+ switch (s->command) {
+
+ case NGX_POP3_USER:
+ rc = ngx_mail_pop3_user(s, c);
+ break;
+
+ case NGX_POP3_CAPA:
+ rc = ngx_mail_pop3_capa(s, c, 1);
+ break;
+
+ case NGX_POP3_APOP:
+ rc = ngx_mail_pop3_apop(s, c);
+ break;
+
+ case NGX_POP3_AUTH:
+ rc = ngx_mail_pop3_auth(s, c);
+ break;
+
+ case NGX_POP3_QUIT:
+ s->quit = 1;
+ break;
+
+ case NGX_POP3_NOOP:
+ break;
+
+ case NGX_POP3_STLS:
+ rc = ngx_mail_pop3_stls(s, c);
+ break;
+
+ default:
+ rc = NGX_MAIL_PARSE_INVALID_COMMAND;
+ s->mail_state = ngx_pop3_start;
+ break;
+ }
+
+ break;
+
+ case ngx_pop3_user:
+
+ switch (s->command) {
+
+ case NGX_POP3_PASS:
+ rc = ngx_mail_pop3_pass(s, c);
+ break;
+
+ case NGX_POP3_CAPA:
+ rc = ngx_mail_pop3_capa(s, c, 0);
+ break;
+
+ case NGX_POP3_QUIT:
+ s->quit = 1;
+ break;
+
+ case NGX_POP3_NOOP:
+ break;
+
+ default:
+ rc = NGX_MAIL_PARSE_INVALID_COMMAND;
+ s->mail_state = ngx_pop3_start;
+ break;
+ }
+
+ break;
+
+ /* suppress warinings */
+ case ngx_pop3_passwd:
+ break;
+
+ case ngx_pop3_auth_login_username:
+ rc = ngx_mail_auth_login_username(s, c);
+
+ s->out.len = sizeof(pop3_password) - 1;
+ s->out.data = pop3_password;
+ s->mail_state = ngx_pop3_auth_login_password;
+ break;
+
+ case ngx_pop3_auth_login_password:
+ rc = ngx_mail_auth_login_password(s, c);
+ break;
+
+ case ngx_pop3_auth_plain:
+ rc = ngx_mail_auth_plain(s, c, 0);
+ break;
+
+ case ngx_pop3_auth_cram_md5:
+ rc = ngx_mail_auth_cram_md5(s, c);
+ break;
+ }
+ }
+
+ switch (rc) {
+
+ case NGX_DONE:
+ ngx_mail_auth(s);
+ return;
+
+ case NGX_ERROR:
+ ngx_mail_session_internal_server_error(s);
+ return;
+
+ case NGX_MAIL_PARSE_INVALID_COMMAND:
+ s->mail_state = ngx_pop3_start;
+ s->state = 0;
+
+ s->out.len = sizeof(pop3_invalid_command) - 1;
+ s->out.data = pop3_invalid_command;
+
+ /* fall through */
+
+ case NGX_OK:
+
+ s->args.nelts = 0;
+ s->buffer->pos = s->buffer->start;
+ s->buffer->last = s->buffer->start;
+
+ if (s->state) {
+ s->arg_start = s->buffer->start;
+ }
+
+ ngx_mail_send(c->write);
+ }
+}
+
+static ngx_int_t
+ngx_mail_pop3_user(ngx_mail_session_t *s, ngx_connection_t *c)
+{
+ ngx_str_t *arg;
+#if (NGX_MAIL_SSL)
+ ngx_mail_ssl_conf_t *sslcf;
+
+ if (c->ssl == NULL) {
+ sslcf = ngx_mail_get_module_srv_conf(s, ngx_mail_ssl_module);
+
+ if (sslcf->starttls == NGX_MAIL_STARTTLS_ONLY) {
+ return NGX_MAIL_PARSE_INVALID_COMMAND;
+ }
+ }
+
+#endif
+
+ if (s->args.nelts != 1) {
+ return NGX_MAIL_PARSE_INVALID_COMMAND;
+ }
+
+ arg = s->args.elts;
+ s->login.len = arg[0].len;
+ s->login.data = ngx_palloc(c->pool, s->login.len);
+ if (s->login.data == NULL) {
+ return NGX_ERROR;
+ }
+
+ ngx_memcpy(s->login.data, arg[0].data, s->login.len);
+
+ ngx_log_debug1(NGX_LOG_DEBUG_MAIL, c->log, 0,
+ "pop3 login: \"%V\"", &s->login);
+
+ s->mail_state = ngx_pop3_user;
+
+ return NGX_OK;
+}
+
+
+static ngx_int_t
+ngx_mail_pop3_pass(ngx_mail_session_t *s, ngx_connection_t *c)
+{
+ ngx_str_t *arg;
+
+ if (s->args.nelts != 1) {
+ return NGX_MAIL_PARSE_INVALID_COMMAND;
+ }
+
+ arg = s->args.elts;
+ s->passwd.len = arg[0].len;
+ s->passwd.data = ngx_palloc(c->pool, s->passwd.len);
+ if (s->passwd.data == NULL) {
+ return NGX_ERROR;
+ }
+
+ ngx_memcpy(s->passwd.data, arg[0].data, s->passwd.len);
+
+#if (NGX_DEBUG_MAIL_PASSWD)
+ ngx_log_debug1(NGX_LOG_DEBUG_MAIL, c->log, 0,
+ "pop3 passwd: \"%V\"", &s->passwd);
+#endif
+
+ return NGX_DONE;
+}
+
+
+static ngx_int_t
+ngx_mail_pop3_capa(ngx_mail_session_t *s, ngx_connection_t *c, ngx_int_t stls)
+{
+ ngx_mail_core_srv_conf_t *cscf;
+#if (NGX_MAIL_SSL)
+ ngx_mail_ssl_conf_t *sslcf;
+#endif
+
+ cscf = ngx_mail_get_module_srv_conf(s, ngx_mail_core_module);
+
+#if (NGX_MAIL_SSL)
+
+ if (stls && c->ssl == NULL) {
+ sslcf = ngx_mail_get_module_srv_conf(s, ngx_mail_ssl_module);
+
+ if (sslcf->starttls == NGX_MAIL_STARTTLS_ON) {
+ s->out = cscf->pop3_starttls_capability;
+ return NGX_OK;
+ }
+
+ if (sslcf->starttls == NGX_MAIL_STARTTLS_ONLY) {
+ s->out = cscf->pop3_starttls_only_capability;
+ return NGX_OK;
+ }
+ }
+
+#endif
+
+ s->out = cscf->pop3_capability;
+ return NGX_OK;
+}
+
+
+static ngx_int_t
+ngx_mail_pop3_stls(ngx_mail_session_t *s, ngx_connection_t *c)
+{
+#if (NGX_MAIL_SSL)
+ ngx_mail_ssl_conf_t *sslcf;
+
+ if (c->ssl == NULL) {
+ sslcf = ngx_mail_get_module_srv_conf(s, ngx_mail_ssl_module);
+ if (sslcf->starttls) {
+ c->read->handler = ngx_mail_starttls_handler;
+ return NGX_OK;
+ }
+ }
+
+#endif
+
+ return NGX_MAIL_PARSE_INVALID_COMMAND;
+}
+
+
+static ngx_int_t
+ngx_mail_pop3_apop(ngx_mail_session_t *s, ngx_connection_t *c)
+{
+ ngx_str_t *arg;
+ ngx_mail_core_srv_conf_t *cscf;
+#if (NGX_MAIL_SSL)
+ ngx_mail_ssl_conf_t *sslcf;
+
+ if (c->ssl == NULL) {
+ sslcf = ngx_mail_get_module_srv_conf(s, ngx_mail_ssl_module);
+
+ if (sslcf->starttls == NGX_MAIL_STARTTLS_ONLY) {
+ return NGX_MAIL_PARSE_INVALID_COMMAND;
+ }
+ }
+
+#endif
+
+ if (s->args.nelts != 2) {
+ return NGX_MAIL_PARSE_INVALID_COMMAND;
+ }
+
+ cscf = ngx_mail_get_module_srv_conf(s, ngx_mail_core_module);
+
+ if (!(cscf->pop3_auth_methods & NGX_MAIL_AUTH_APOP_ENABLED)) {
+ return NGX_MAIL_PARSE_INVALID_COMMAND;
+ }
+
+ arg = s->args.elts;
+
+ s->login.len = arg[0].len;
+ s->login.data = ngx_palloc(c->pool, s->login.len);
+ if (s->login.data == NULL) {
+ return NGX_ERROR;
+ }
+
+ ngx_memcpy(s->login.data, arg[0].data, s->login.len);
+
+ s->passwd.len = arg[1].len;
+ s->passwd.data = ngx_palloc(c->pool, s->passwd.len);
+ if (s->passwd.data == NULL) {
+ return NGX_ERROR;
+ }
+
+ ngx_memcpy(s->passwd.data, arg[1].data, s->passwd.len);
+
+ ngx_log_debug2(NGX_LOG_DEBUG_MAIL, c->log, 0,
+ "pop3 apop: \"%V\" \"%V\"", &s->login, &s->passwd);
+
+ s->auth_method = NGX_MAIL_AUTH_APOP;
+
+ return NGX_DONE;
+}
+
+
+static ngx_int_t
+ngx_mail_pop3_auth(ngx_mail_session_t *s, ngx_connection_t *c)
+{
+ size_t n;
+ u_char *p;
+ ngx_str_t *arg, salt;
+ ngx_mail_core_srv_conf_t *cscf;
+#if (NGX_MAIL_SSL)
+ ngx_mail_ssl_conf_t *sslcf;
+
+ if (c->ssl == NULL) {
+ sslcf = ngx_mail_get_module_srv_conf(s, ngx_mail_ssl_module);
+
+ if (sslcf->starttls == NGX_MAIL_STARTTLS_ONLY) {
+ return NGX_MAIL_PARSE_INVALID_COMMAND;
+ }
+ }
+
+#endif
+
+ cscf = ngx_mail_get_module_srv_conf(s, ngx_mail_core_module);
+
+ if (s->args.nelts == 0) {
+ s->out = cscf->pop3_auth_capability;
+ s->state = 0;
+
+ return NGX_OK;
+ }
+
+ arg = s->args.elts;
+
+ if (arg[0].len == 5) {
+
+ if (ngx_strncasecmp(arg[0].data, (u_char *) "LOGIN", 5) == 0) {
+
+ if (s->args.nelts != 1) {
+ return NGX_MAIL_PARSE_INVALID_COMMAND;
+ }
+
+ s->out.len = sizeof(pop3_username) - 1;
+ s->out.data = pop3_username;
+ s->mail_state = ngx_pop3_auth_login_username;
+
+ return NGX_OK;
+
+ } else if (ngx_strncasecmp(arg[0].data, (u_char *) "PLAIN", 5) == 0) {
+
+ if (s->args.nelts == 1) {
+
+ s->out.len = sizeof(pop3_next) - 1;
+ s->out.data = pop3_next;
+ s->mail_state = ngx_pop3_auth_plain;
+
+ return NGX_OK;
+ }
+
+ if (s->args.nelts == 2) {
+
+ /*
+ * workaround for Eudora for Mac: it sends
+ * AUTH PLAIN [base64 encoded]
+ */
+
+ return ngx_mail_auth_plain(s, c, 1);
+ }
+
+ return NGX_MAIL_PARSE_INVALID_COMMAND;
+ }
+
+ } else if (arg[0].len == 8
+ && ngx_strncasecmp(arg[0].data, (u_char *) "CRAM-MD5", 8) == 0)
+ {
+ if (s->args.nelts != 1) {
+ return NGX_MAIL_PARSE_INVALID_COMMAND;
+ }
+
+ if (!(cscf->pop3_auth_methods & NGX_MAIL_AUTH_CRAM_MD5_ENABLED)) {
+ return NGX_MAIL_PARSE_INVALID_COMMAND;
+ }
+
+ p = ngx_palloc(c->pool,
+ sizeof("+ " CRLF) - 1
+ + ngx_base64_encoded_length(s->salt.len));
+ if (p == NULL) {
+ return NGX_ERROR;
+ }
+
+ p[0] = '+'; p[1]= ' ';
+ salt.data = &p[2];
+ s->salt.len -= 2;
+
+ ngx_encode_base64(&salt, &s->salt);
+
+ s->salt.len += 2;
+ n = 2 + salt.len;
+ p[n++] = CR; p[n++] = LF;
+
+ s->out.len = n;
+ s->out.data = p;
+ s->mail_state = ngx_pop3_auth_cram_md5;
+
+ return NGX_OK;
+ }
+
+ return NGX_MAIL_PARSE_INVALID_COMMAND;
+}
diff --git a/src/mail/ngx_mail_smtp_handler.c b/src/mail/ngx_mail_smtp_handler.c
new file mode 100644
index 000000000..e0018bd26
--- /dev/null
+++ b/src/mail/ngx_mail_smtp_handler.c
@@ -0,0 +1,449 @@
+
+/*
+ * Copyright (C) Igor Sysoev
+ */
+
+
+#include <ngx_config.h>
+#include <ngx_core.h>
+#include <ngx_event.h>
+#include <ngx_mail.h>
+
+
+static ngx_int_t ngx_mail_smtp_helo(ngx_mail_session_t *s, ngx_connection_t *c);
+static ngx_int_t ngx_mail_smtp_auth(ngx_mail_session_t *s, ngx_connection_t *c);
+static ngx_int_t ngx_mail_smtp_mail(ngx_mail_session_t *s, ngx_connection_t *c);
+static ngx_int_t ngx_mail_smtp_starttls(ngx_mail_session_t *s,
+ ngx_connection_t *c);
+
+
+static u_char smtp_ok[] = "250 2.0.0 OK" CRLF;
+static u_char smtp_bye[] = "221 2.0.0 Bye" CRLF;
+static u_char smtp_next[] = "334 " CRLF;
+static u_char smtp_username[] = "334 VXNlcm5hbWU6" CRLF;
+static u_char smtp_password[] = "334 UGFzc3dvcmQ6" CRLF;
+static u_char smtp_invalid_command[] = "500 5.5.1 Invalid command" CRLF;
+static u_char smtp_invalid_argument[] = "501 5.5.4 Invalid argument" CRLF;
+static u_char smtp_auth_required[] = "530 5.7.1 Authentication required" CRLF;
+
+
+void
+ngx_mail_smtp_init_session(ngx_mail_session_t *s, ngx_connection_t *c)
+{
+ ngx_mail_core_srv_conf_t *cscf;
+
+ cscf = ngx_mail_get_module_srv_conf(s, ngx_mail_core_module);
+
+ if (cscf->smtp_auth_methods & NGX_MAIL_AUTH_CRAM_MD5_ENABLED) {
+ if (ngx_mail_salt(s, c, cscf) != NGX_OK) {
+ ngx_mail_session_internal_server_error(s);
+ return;
+ }
+ }
+
+ c->read->handler = ngx_mail_smtp_init_protocol;
+
+ s->out = cscf->smtp_greeting;
+
+ ngx_mail_send(c->write);
+}
+
+
+void
+ngx_mail_smtp_init_protocol(ngx_event_t *rev)
+{
+ ngx_connection_t *c;
+ ngx_mail_session_t *s;
+
+ c = rev->data;
+
+ c->log->action = "in auth state";
+
+ if (rev->timedout) {
+ ngx_log_error(NGX_LOG_INFO, c->log, NGX_ETIMEDOUT, "client timed out");
+ c->timedout = 1;
+ ngx_mail_close_connection(c);
+ return;
+ }
+
+ s = c->data;
+
+ if (s->buffer == NULL) {
+ if (ngx_array_init(&s->args, c->pool, 2, sizeof(ngx_str_t))
+ == NGX_ERROR)
+ {
+ ngx_mail_session_internal_server_error(s);
+ return;
+ }
+
+ s->buffer = ngx_create_temp_buf(c->pool, 512);
+ if (s->buffer == NULL) {
+ ngx_mail_session_internal_server_error(s);
+ return;
+ }
+ }
+
+ s->mail_state = ngx_smtp_start;
+ c->read->handler = ngx_smtp_auth_state;
+
+ ngx_smtp_auth_state(rev);
+}
+
+
+void
+ngx_smtp_auth_state(ngx_event_t *rev)
+{
+ ngx_int_t rc;
+ ngx_connection_t *c;
+ ngx_mail_session_t *s;
+
+ c = rev->data;
+ s = c->data;
+
+ ngx_log_debug0(NGX_LOG_DEBUG_MAIL, c->log, 0, "smtp auth state");
+
+ if (rev->timedout) {
+ ngx_log_error(NGX_LOG_INFO, c->log, NGX_ETIMEDOUT, "client timed out");
+ c->timedout = 1;
+ ngx_mail_close_connection(c);
+ return;
+ }
+
+ if (s->out.len) {
+ ngx_log_debug0(NGX_LOG_DEBUG_MAIL, c->log, 0, "smtp send handler busy");
+ s->blocked = 1;
+ return;
+ }
+
+ s->blocked = 0;
+
+ rc = ngx_mail_read_command(s);
+
+ if (rc == NGX_AGAIN || rc == NGX_ERROR) {
+ return;
+ }
+
+ s->out.len = sizeof(smtp_ok) - 1;
+ s->out.data = smtp_ok;
+
+ if (rc == NGX_OK) {
+ switch (s->mail_state) {
+
+ case ngx_smtp_start:
+
+ switch (s->command) {
+
+ case NGX_SMTP_HELO:
+ case NGX_SMTP_EHLO:
+ rc = ngx_mail_smtp_helo(s, c);
+ break;
+
+ case NGX_SMTP_AUTH:
+ rc = ngx_mail_smtp_auth(s, c);
+ break;
+
+ case NGX_SMTP_QUIT:
+ s->quit = 1;
+ s->out.len = sizeof(smtp_bye) - 1;
+ s->out.data = smtp_bye;
+ break;
+
+ case NGX_SMTP_MAIL:
+ rc = ngx_mail_smtp_mail(s, c);
+ break;
+
+ case NGX_SMTP_NOOP:
+ case NGX_SMTP_RSET:
+ break;
+
+ case NGX_SMTP_STARTTLS:
+ rc = ngx_mail_smtp_starttls(s, c);
+ break;
+
+ default:
+ rc = NGX_MAIL_PARSE_INVALID_COMMAND;
+ break;
+ }
+
+ break;
+
+ case ngx_smtp_auth_login_username:
+ rc = ngx_mail_auth_login_username(s, c);
+
+ s->out.len = sizeof(smtp_password) - 1;
+ s->out.data = smtp_password;
+ s->mail_state = ngx_smtp_auth_login_password;
+ break;
+
+ case ngx_smtp_auth_login_password:
+ rc = ngx_mail_auth_login_password(s, c);
+ break;
+
+ case ngx_smtp_auth_plain:
+ rc = ngx_mail_auth_plain(s, c, 0);
+ break;
+
+ case ngx_smtp_auth_cram_md5:
+ rc = ngx_mail_auth_cram_md5(s, c);
+ break;
+ }
+ }
+
+ switch (rc) {
+
+ case NGX_DONE:
+ ngx_mail_auth(s);
+ return;
+
+ case NGX_ERROR:
+ ngx_mail_session_internal_server_error(s);
+ return;
+
+ case NGX_MAIL_PARSE_INVALID_COMMAND:
+ s->mail_state = ngx_smtp_start;
+ s->state = 0;
+
+ s->out.len = sizeof(smtp_invalid_command) - 1;
+ s->out.data = smtp_invalid_command;
+
+ /* fall through */
+
+ case NGX_OK:
+ s->args.nelts = 0;
+ s->buffer->pos = s->buffer->start;
+ s->buffer->last = s->buffer->start;
+
+ if (s->state) {
+ s->arg_start = s->buffer->start;
+ }
+
+ ngx_mail_send(c->write);
+ }
+}
+
+
+static ngx_int_t
+ngx_mail_smtp_helo(ngx_mail_session_t *s, ngx_connection_t *c)
+{
+ ngx_str_t *arg;
+ ngx_mail_core_srv_conf_t *cscf;
+#if (NGX_MAIL_SSL)
+ ngx_mail_ssl_conf_t *sslcf;
+#endif
+
+ cscf = ngx_mail_get_module_srv_conf(s, ngx_mail_core_module);
+
+ if (s->args.nelts != 1) {
+ s->out.len = sizeof(smtp_invalid_argument) - 1;
+ s->out.data = smtp_invalid_argument;
+ s->state = 0;
+ return NGX_OK;
+ }
+
+ arg = s->args.elts;
+
+ s->smtp_helo.len = arg[0].len;
+
+ s->smtp_helo.data = ngx_palloc(c->pool, arg[0].len);
+ if (s->smtp_helo.data == NULL) {
+ return NGX_ERROR;
+ }
+
+ ngx_memcpy(s->smtp_helo.data, arg[0].data, arg[0].len);
+
+ if (s->command == NGX_SMTP_HELO) {
+ s->out = cscf->smtp_server_name;
+
+ } else {
+ s->esmtp = 1;
+
+#if (NGX_MAIL_SSL)
+
+ if (c->ssl == NULL) {
+ sslcf = ngx_mail_get_module_srv_conf(s, ngx_mail_ssl_module);
+
+ if (sslcf->starttls == NGX_MAIL_STARTTLS_ON) {
+ s->out = cscf->smtp_starttls_capability;
+ return NGX_OK;
+ }
+
+ if (sslcf->starttls == NGX_MAIL_STARTTLS_ONLY) {
+ s->out = cscf->smtp_starttls_only_capability;
+ return NGX_OK;
+ }
+ }
+#endif
+
+ s->out = cscf->smtp_capability;
+ }
+
+ return NGX_OK;
+}
+
+
+static ngx_int_t
+ngx_mail_smtp_auth(ngx_mail_session_t *s, ngx_connection_t *c)
+{
+ u_char *p;
+ ngx_str_t *arg, salt;
+ ngx_uint_t n;
+ ngx_mail_core_srv_conf_t *cscf;
+#if (NGX_MAIL_SSL)
+ ngx_mail_ssl_conf_t *sslcf;
+
+ if (c->ssl == NULL) {
+ sslcf = ngx_mail_get_module_srv_conf(s, ngx_mail_ssl_module);
+
+ if (sslcf->starttls == NGX_MAIL_STARTTLS_ONLY) {
+ return NGX_MAIL_PARSE_INVALID_COMMAND;
+ }
+ }
+
+#endif
+
+ if (s->args.nelts == 0) {
+ s->out.len = sizeof(smtp_invalid_argument) - 1;
+ s->out.data = smtp_invalid_argument;
+ s->state = 0;
+ return NGX_OK;
+ }
+
+ if (s->args.nelts != 1) {
+ return NGX_MAIL_PARSE_INVALID_COMMAND;
+ }
+
+ arg = s->args.elts;
+
+ if (arg[0].len == 5) {
+
+ if (ngx_strncasecmp(arg[0].data, (u_char *) "LOGIN", 5) == 0) {
+
+ if (s->args.nelts != 1) {
+ return NGX_MAIL_PARSE_INVALID_COMMAND;
+ }
+
+ s->out.len = sizeof(smtp_username) - 1;
+ s->out.data = smtp_username;
+ s->mail_state = ngx_smtp_auth_login_username;
+
+ return NGX_OK;
+
+ } else if (ngx_strncasecmp(arg[0].data, (u_char *) "PLAIN", 5) == 0) {
+
+ s->out.len = sizeof(smtp_next) - 1;
+ s->out.data = smtp_next;
+ s->mail_state = ngx_smtp_auth_plain;
+
+ return NGX_OK;
+ }
+
+ } else if (arg[0].len == 8
+ && ngx_strncasecmp(arg[0].data, (u_char *) "CRAM-MD5", 8) == 0)
+ {
+ if (s->args.nelts != 1) {
+ return NGX_MAIL_PARSE_INVALID_COMMAND;
+ }
+
+ cscf = ngx_mail_get_module_srv_conf(s, ngx_mail_core_module);
+
+ if (!(cscf->smtp_auth_methods & NGX_MAIL_AUTH_CRAM_MD5_ENABLED)) {
+ return NGX_MAIL_PARSE_INVALID_COMMAND;
+ }
+
+ p = ngx_palloc(c->pool,
+ sizeof("334 " CRLF) - 1
+ + ngx_base64_encoded_length(s->salt.len));
+ if (p == NULL) {
+ return NGX_ERROR;
+ }
+
+ p[0] = '3'; p[1]= '3'; p[2] = '4'; p[3]= ' ';
+ salt.data = &p[4];
+ s->salt.len -= 2;
+
+ ngx_encode_base64(&salt, &s->salt);
+
+ s->salt.len += 2;
+ n = 4 + salt.len;
+ p[n++] = CR; p[n++] = LF;
+
+ s->out.len = n;
+ s->out.data = p;
+ s->mail_state = ngx_smtp_auth_cram_md5;
+
+ return NGX_OK;
+ }
+
+ return NGX_MAIL_PARSE_INVALID_COMMAND;
+}
+
+
+static ngx_int_t
+ngx_mail_smtp_mail(ngx_mail_session_t *s, ngx_connection_t *c)
+{
+ u_char ch;
+ ngx_str_t mail;
+ ngx_uint_t i;
+
+ if (c->log->log_level >= NGX_LOG_INFO) {
+ mail.len = s->buffer->last - s->buffer->start;
+ mail.data = s->buffer->start;
+
+ for (i = 0; i < mail.len; i++) {
+ ch = mail.data[i];
+
+ if (ch != CR && ch != LF) {
+ continue;
+ }
+
+ mail.data[i] = ' ';
+ }
+
+ while (i) {
+ if (mail.data[i - 1] != ' ') {
+ break;
+ }
+
+ i--;
+ }
+
+ mail.len = i;
+
+ ngx_log_error(NGX_LOG_INFO, s->connection->log, 0,
+ "client was rejected: \"%V\"", &mail);
+ }
+
+ s->out.len = sizeof(smtp_auth_required) - 1;
+ s->out.data = smtp_auth_required;
+
+ return NGX_OK;
+}
+
+
+static ngx_int_t
+ngx_mail_smtp_starttls(ngx_mail_session_t *s, ngx_connection_t *c)
+{
+#if (NGX_MAIL_SSL)
+ ngx_mail_ssl_conf_t *sslcf;
+
+ if (c->ssl == NULL) {
+ sslcf = ngx_mail_get_module_srv_conf(s, ngx_mail_ssl_module);
+ if (sslcf->starttls) {
+
+ /*
+ * RFC3207 requires us to discard any knowledge
+ * obtained from client before STARTTLS.
+ */
+
+ s->smtp_helo.len = 0;
+ s->smtp_helo.data = NULL;
+
+ c->read->handler = ngx_mail_starttls_handler;
+ return NGX_OK;
+ }
+ }
+
+#endif
+
+ return NGX_MAIL_PARSE_INVALID_COMMAND;
+}
generated by cgit v1.2.3 (git 2.25.1) at 2024-07-15 18:23:17 +0300