static void
ngx_mail_smtp_greeting(ngx_mail_session_t *s, ngx_connection_t *c)
{
ngx_msec_t timeout;
ngx_mail_core_srv_conf_t *cscf;
ngx_mail_smtp_srv_conf_t *sscf;
ngx_log_debug1(NGX_LOG_DEBUG_MAIL, c->log, 0,
"smtp greeting for \"%V\"", &s->host);
cscf = ngx_mail_get_module_srv_conf(s, ngx_mail_core_module);
sscf = ngx_mail_get_module_srv_conf(s, ngx_mail_smtp_module);
timeout = sscf->greeting_delay ? sscf->greeting_delay : cscf->timeout;
ngx_add_timer(c->read, timeout);
if (ngx_handle_read_event(c->read, 0) == NGX_ERROR) {
ngx_mail_close_connection(c);
}
if (sscf->greeting_delay) {
c->read->handler = ngx_mail_smtp_invalid_pipelining;
return;
}
c->read->handler = ngx_mail_smtp_init_protocol;
s->out = sscf->greeting;
ngx_mail_send(c->write);
}
void
ngx_mail_smtp_init_session(ngx_mail_session_t *s, ngx_connection_t *c)
{
ngx_msec_t timeout;
ngx_mail_core_srv_conf_t *cscf;
ngx_mail_smtp_srv_conf_t *sscf;
cscf = ngx_mail_get_module_srv_conf(s, ngx_mail_core_module);
sscf = ngx_mail_get_module_srv_conf(s, ngx_mail_smtp_module);
timeout = sscf->greeting_delay ? sscf->greeting_delay : cscf->timeout;
ngx_add_timer(c->read, timeout);
if (ngx_handle_read_event(c->read, 0) == NGX_ERROR) {
ngx_mail_close_connection(c);
}
if (sscf->greeting_delay) {
c->read->handler = ngx_mail_smtp_invalid_pipelining;
return;
}
c->read->handler = ngx_mail_smtp_init_protocol;
s->out = sscf->greeting;
ngx_mail_send(c->write);
}
static ngx_int_t
ngx_mail_pop3_capa(ngx_mail_session_t *s, ngx_connection_t *c, ngx_int_t stls)
{
ngx_mail_pop3_srv_conf_t *pscf;
pscf = ngx_mail_get_module_srv_conf(s, ngx_mail_pop3_module);
#if (NGX_MAIL_SSL)
if (stls && c->ssl == NULL) {
ngx_mail_ssl_conf_t *sslcf;
sslcf = ngx_mail_get_module_srv_conf(s, ngx_mail_ssl_module);
if (sslcf->starttls == NGX_MAIL_STARTTLS_ON) {
s->out = pscf->starttls_capability;
return NGX_OK;
}
if (sslcf->starttls == NGX_MAIL_STARTTLS_ONLY) {
s->out = pscf->starttls_only_capability;
return NGX_OK;
}
}
#endif
s->out = pscf->capability;
return NGX_OK;
}
void
ngx_mail_imap_init_session(ngx_mail_session_t *s, ngx_connection_t *c)
{
ngx_mail_core_srv_conf_t *cscf;
ngx_mail_imap_srv_conf_t *iscf;
cscf = ngx_mail_get_module_srv_conf(s, ngx_mail_core_module);
iscf = ngx_mail_get_module_srv_conf(s, ngx_mail_imap_module);
s->out = iscf->greeting;
if (iscf->auth_methods & NGX_MAIL_AUTH_CRAM_MD5_ENABLED) {
if (ngx_mail_salt(s, c, cscf) != NGX_OK) {
ngx_mail_session_internal_server_error(s);
return;
}
}
c->read->handler = ngx_mail_imap_init_protocol;
/*ngx_add_timer(c->read, cscf->timeout);
if (ngx_handle_read_event(c->read, 0) != NGX_OK) {
ngx_mail_close_connection(c);
}
ngx_mail_send(c->write);*/
}
static ngx_int_t
ngx_mail_imap_capability(ngx_mail_session_t *s, ngx_connection_t *c)
{
ngx_mail_imap_srv_conf_t *iscf;
iscf = ngx_mail_get_module_srv_conf(s, ngx_mail_imap_module);
#if (NGX_MAIL_SSL)
if (c->ssl == NULL) {
ngx_mail_ssl_conf_t *sslcf;
sslcf = ngx_mail_get_module_srv_conf(s, ngx_mail_ssl_module);
if (sslcf->starttls == NGX_MAIL_STARTTLS_ON) {
s->text = iscf->starttls_capability;
return NGX_OK;
}
if (sslcf->starttls == NGX_MAIL_STARTTLS_ONLY) {
s->text = iscf->starttls_only_capability;
return NGX_OK;
}
}
#endif
s->text = iscf->capability;
return NGX_OK;
}
static ngx_int_t
ngx_mail_imap_authenticate(ngx_mail_session_t *s, ngx_connection_t *c)
{
ngx_int_t rc;
ngx_mail_core_srv_conf_t *cscf;
ngx_mail_imap_srv_conf_t *iscf;
#if (NGX_MAIL_SSL)
if (ngx_mail_starttls_only(s, c)) {
return NGX_MAIL_PARSE_INVALID_COMMAND;
}
#endif
rc = ngx_mail_auth_parse(s, c);
switch (rc) {
case NGX_MAIL_AUTH_LOGIN:
s->out.len = sizeof(imap_username) - 1;
s->out.data = imap_username;
s->mail_state = ngx_imap_auth_login_username;
return NGX_OK;
case NGX_MAIL_AUTH_PLAIN:
s->out.len = sizeof(imap_plain_next) - 1;
s->out.data = imap_plain_next;
s->mail_state = ngx_imap_auth_plain;
return NGX_OK;
case NGX_MAIL_AUTH_CRAM_MD5:
iscf = ngx_mail_get_module_srv_conf(s, ngx_mail_imap_module);
if (!(iscf->auth_methods & NGX_MAIL_AUTH_CRAM_MD5_ENABLED)) {
return NGX_MAIL_PARSE_INVALID_COMMAND;
}
if (s->salt.data == NULL) {
cscf = ngx_mail_get_module_srv_conf(s, ngx_mail_core_module);
if (ngx_mail_salt(s, c, cscf) != NGX_OK) {
return NGX_ERROR;
}
}
if (ngx_mail_auth_cram_md5_salt(s, c, "+ ", 2) == NGX_OK) {
s->mail_state = ngx_imap_auth_cram_md5;
return NGX_OK;
}
return NGX_ERROR;
}
return rc;
}
static ngx_int_t
ngx_mail_smtp_helo(ngx_mail_session_t *s, ngx_connection_t *c)
{
ngx_str_t *arg;
ngx_mail_smtp_srv_conf_t *sscf;
if (s->args.nelts != 1) {
ngx_str_set(&s->out, smtp_invalid_argument);
s->state = 0;
return NGX_OK;
}
arg = s->args.elts;
s->smtp_helo.len = arg[0].len;
s->smtp_helo.data = ngx_pnalloc(c->pool, arg[0].len);
if (s->smtp_helo.data == NULL) {
return NGX_ERROR;
}
ngx_memcpy(s->smtp_helo.data, arg[0].data, arg[0].len);
ngx_str_null(&s->smtp_from);
ngx_str_null(&s->smtp_to);
sscf = ngx_mail_get_module_srv_conf(s, ngx_mail_smtp_module);
if (s->command == NGX_SMTP_HELO) {
s->out = sscf->server_name;
} else {
s->esmtp = 1;
#if (NGX_MAIL_SSL)
if (c->ssl == NULL) {
ngx_mail_ssl_conf_t *sslcf;
sslcf = ngx_mail_get_module_srv_conf(s, ngx_mail_ssl_module);
if (sslcf->starttls == NGX_MAIL_STARTTLS_ON) {
s->out = sscf->starttls_capability;
return NGX_OK;
}
if (sslcf->starttls == NGX_MAIL_STARTTLS_ONLY) {
s->out = sscf->starttls_only_capability;
return NGX_OK;
}
}
#endif
s->out = sscf->capability;
}
return NGX_OK;
}
static void
ngx_mail_smtp_invalid_pipelining(ngx_event_t *rev)
{
ngx_connection_t *c;
ngx_mail_session_t *s;
ngx_mail_core_srv_conf_t *cscf;
ngx_mail_smtp_srv_conf_t *sscf;
c = rev->data;
s = c->data;
c->log->action = "in delay pipelining state";
if (rev->timedout) {
ngx_log_debug0(NGX_LOG_DEBUG_MAIL, c->log, 0, "delay greeting");
rev->timedout = 0;
cscf = ngx_mail_get_module_srv_conf(s, ngx_mail_core_module);
c->read->handler = ngx_mail_smtp_init_protocol;
ngx_add_timer(c->read, cscf->timeout);
if (ngx_handle_read_event(c->read, 0) == NGX_ERROR) {
ngx_mail_close_connection(c);
return;
}
sscf = ngx_mail_get_module_srv_conf(s, ngx_mail_smtp_module);
s->out = sscf->greeting;
} else {
ngx_log_debug0(NGX_LOG_DEBUG_MAIL, c->log, 0, "invalid pipelining");
if (s->buffer == NULL) {
if (ngx_mail_smtp_create_buffer(s, c) != NGX_OK) {
return;
}
}
if (ngx_mail_smtp_discard_command(s, c,
"client was rejected before greeting: \"%V\"")
!= NGX_OK)
{
return;
}
s->out.len = sizeof(smtp_invalid_pipelining) - 1;
s->out.data = smtp_invalid_pipelining;
}
ngx_mail_send(c->write);
}
static ngx_int_t
ngx_mail_smtp_auth(ngx_mail_session_t *s, ngx_connection_t *c)
{
ngx_int_t rc;
ngx_mail_core_srv_conf_t *cscf;
ngx_mail_smtp_srv_conf_t *sscf;
#if (NGX_MAIL_SSL)
if (ngx_mail_starttls_only(s, c))
{
return NGX_MAIL_PARSE_INVALID_COMMAND;
}
#endif
if (s->args.nelts == 0)
{
ngx_str_set(&s->out, smtp_invalid_argument);
s->state = 0;
return NGX_OK;
}
rc = ngx_mail_auth_parse(s, c);
switch (rc)
{
case NGX_MAIL_AUTH_LOGIN:
ngx_str_set(&s->out, smtp_username);
s->mail_state = ngx_smtp_auth_login_username;
return NGX_OK;
case NGX_MAIL_AUTH_LOGIN_USERNAME:
ngx_str_set(&s->out, smtp_password);
s->mail_state = ngx_smtp_auth_login_password;
return ngx_mail_auth_login_username(s, c, 1);
case NGX_MAIL_AUTH_PLAIN:
ngx_str_set(&s->out, smtp_next);
s->mail_state = ngx_smtp_auth_plain;
return NGX_OK;
case NGX_MAIL_AUTH_CRAM_MD5:
sscf = ngx_mail_get_module_srv_conf(s, ngx_mail_smtp_module);
if (!(sscf->auth_methods & NGX_MAIL_AUTH_CRAM_MD5_ENABLED))
{
return NGX_MAIL_PARSE_INVALID_COMMAND;
}
if (s->salt.data == NULL)
{
cscf = ngx_mail_get_module_srv_conf(s, ngx_mail_core_module);
if (ngx_mail_salt(s, c, cscf) != NGX_OK)
{
return NGX_ERROR;
}
}
if (ngx_mail_auth_cram_md5_salt(s, c, "334 ", 4) == NGX_OK)
{
s->mail_state = ngx_smtp_auth_cram_md5;
return NGX_OK;
}
return NGX_ERROR;
}
return rc;
}
static void
ngx_mail_ssl_init_connection(ngx_ssl_t *ssl, ngx_connection_t *c)
{
ngx_mail_session_t *s;
ngx_mail_core_srv_conf_t *cscf;
if (ngx_ssl_create_connection(ssl, c, 0) == NGX_ERROR) {
ngx_mail_close_connection(c);
return;
}
if (ngx_ssl_handshake(c) == NGX_AGAIN) {
s = c->data;
cscf = ngx_mail_get_module_srv_conf(s, ngx_mail_core_module);
ngx_add_timer(c->read, cscf->timeout);
c->ssl->handler = ngx_mail_ssl_handshake_handler;
return;
}
ngx_mail_ssl_handshake_handler(c);
}
static ngx_int_t
ngx_mail_smtp_starttls(ngx_mail_session_t *s, ngx_connection_t *c)
{
#if (NGX_MAIL_SSL)
ngx_mail_ssl_conf_t *sslcf;
if (c->ssl == NULL) {
sslcf = ngx_mail_get_module_srv_conf(s, ngx_mail_ssl_module);
if (sslcf->starttls) {
/*
* RFC3207 requires us to discard any knowledge
* obtained from client before STARTTLS.
*/
s->smtp_helo.len = 0;
s->smtp_helo.data = NULL;
c->read->handler = ngx_mail_starttls_handler;
return NGX_OK;
}
}
#endif
return NGX_MAIL_PARSE_INVALID_COMMAND;
}
static ngx_int_t
ngx_mail_imap_id(ngx_mail_session_t *s, ngx_connection_t * c)
{
size_t i;
ngx_mail_imap_srv_conf_t *iscf;
iscf = ngx_mail_get_module_srv_conf(s, ngx_mail_imap_module);
ngx_log_debug1 (NGX_LOG_DEBUG_MAIL,s->connection->log,0,
"imap id received %d parameters from client", s->args.nelts);
if (s->args.nelts) {
ngx_log_debug1 (NGX_LOG_DEBUG_MAIL, s->connection->log, 0,
"client ID params [%d pair(s)]",
s->args.nelts/2);
for (i = 0; i < s->args.nelts / 2; ++i) {
ngx_log_debug3 (NGX_LOG_DEBUG_MAIL,
s->connection->log, 0,
"[pair %d] field:'%V' value:'%V'",
i+1,
(ngx_str_t*)s->args.elts + 2 * i,
(ngx_str_t*)s->args.elts + 2 * i + 1
);
}
}
s->text = iscf->id;
return NGX_OK;
}
static void
ngx_mail_smtp_resolve_name(ngx_event_t *rev)
{
ngx_connection_t *c;
ngx_mail_session_t *s;
ngx_resolver_ctx_t *ctx;
ngx_mail_core_srv_conf_t *cscf;
c = rev->data;
s = c->data;
cscf = ngx_mail_get_module_srv_conf(s, ngx_mail_core_module);
ctx = ngx_resolve_start(cscf->resolver, NULL);
if (ctx == NULL) {
ngx_mail_close_connection(c);
return;
}
ctx->name = s->host;
ctx->type = NGX_RESOLVE_A;
ctx->handler = ngx_mail_smtp_resolve_name_handler;
ctx->data = s;
ctx->timeout = cscf->resolver_timeout;
if (ngx_resolve_name(ctx) != NGX_OK) {
ngx_mail_close_connection(c);
}
}
static void
ngx_mail_ssl_handshake_handler(ngx_connection_t *c)
{
ngx_mail_session_t *s;
ngx_mail_core_srv_conf_t *cscf;
if (c->ssl->handshaked) {
s = c->data;
if (s->starttls) {
cscf = ngx_mail_get_module_srv_conf(s, ngx_mail_core_module);
c->read->handler = cscf->protocol->init_protocol;
c->write->handler = ngx_mail_send;
cscf->protocol->init_protocol(c->read);
return;
}
ngx_mail_init_session(c);
return;
}
ngx_mail_close_connection(c);
}
static void
ngx_mail_ssl_handshake_handler(ngx_connection_t *c)
{
ngx_mail_session_t *s;
ngx_mail_core_srv_conf_t *cscf;
s = c->data;
if (c->ssl->handshaked) {
if (s->starttls) {
cscf = ngx_mail_get_module_srv_conf(s, ngx_mail_core_module);
c->read->handler = cscf->protocol->init_protocol;
c->write->handler = ngx_mail_send;
cscf->protocol->init_protocol(c->read);
return;
}
/* temporary: differ client from server via buffer check */
if (!c->ssl->buffer) {
c->read->ready = 0;
ngx_mail_init_session(c);
} else {
ngx_mail_proxy_start(c);
}
return;
}
(c->ssl->buffer == 0) ? ngx_mail_close_connection(c) :
ngx_mail_proxy_internal_server_error(s);
}
ngx_int_t
ngx_mail_read_command(ngx_mail_session_t *s, ngx_connection_t *c)
{
ssize_t n;
ngx_int_t rc;
ngx_str_t l;
ngx_mail_core_srv_conf_t *cscf;
n = c->recv(c, s->buffer->last, s->buffer->end - s->buffer->last);
if (n == NGX_ERROR || n == 0) {
ngx_mail_close_connection(c);
return NGX_ERROR;
}
if (n > 0) {
s->buffer->last += n;
}
if (n == NGX_AGAIN) {
if (ngx_handle_read_event(c->read, 0) == NGX_ERROR) {
ngx_mail_session_internal_server_error(s);
return NGX_ERROR;
}
return NGX_AGAIN;
}
cscf = ngx_mail_get_module_srv_conf(s, ngx_mail_core_module);
rc = cscf->protocol->parse_command(s);
if (rc == NGX_AGAIN) {
if (s->buffer->last < s->buffer->end) {
return rc;
}
l.len = s->buffer->last - s->buffer->start;
l.data = s->buffer->start;
ngx_log_error(NGX_LOG_INFO, c->log, 0,
"client sent too long command \"%V\"", &l);
s->quit = 1;
return NGX_MAIL_PARSE_INVALID_COMMAND;
}
if (rc == NGX_IMAP_NEXT || rc == NGX_MAIL_PARSE_INVALID_COMMAND) {
return rc;
}
if (rc == NGX_ERROR) {
ngx_mail_close_connection(c);
return NGX_ERROR;
}
return NGX_OK;
}
/* add a throttle counter for a user, here user might be an alias or a fqn */
static void ngx_mail_throttle_user_add
(ngx_str_t *user, throttle_callback_t *callback)
{
ngx_pool_t *pool = callback->pool;
ngx_log_t *log = callback->log;
ngx_mail_session_t *s = callback->session;
ngx_mail_throttle_srv_conf_t *tscf;
mc_work_t w;
ngx_str_t k;
ngx_str_t *value, *key;
ngx_log_error (NGX_LOG_INFO, log, 0, "create a throttle counter for user %V", user);
w.ctx = callback;
w.request_code = mcreq_add;
w.response_code = mcres_unknown;
w.on_success = ngx_mail_throttle_user_add_success_handler;
w.on_failure = ngx_mail_throttle_user_add_failure_handler;
k = ngx_mail_throttle_get_user_throttle_key(pool, log, *user);
if (k.len == 0) {
ngx_log_error (NGX_LOG_ERR, log, 0,
"allowing user %V login because of internal error "
"in user throttle control (generate key for add)", user);
callback->on_allow(callback);
return;
}
key = ngx_pstrcpy (pool, &k);
if (key == NULL) {
ngx_log_error (NGX_LOG_ERR, log, 0,
"allowing user %V login because of internal error "
"in user throttle control (deep copy key for add)", user);
callback->on_allow(callback);
return;
}
tscf = ngx_mail_get_module_srv_conf (s, ngx_mail_throttle_module);
value = ngx_palloc (pool, sizeof(ngx_str_t));
if (value == NULL) {
ngx_log_error (NGX_LOG_ERR, log, 0,
"allowing user %V login because of internal error"
"in user throttle control (alloc mem for add value)", user);
callback->on_allow(callback);
return;
}
ngx_str_set(value, "1");
callback->key = key;
callback->value = value;
callback->user = user;
callback->ttl = &tscf->mail_login_user_ttl_text;
ngx_memcache_post_with_ttl(&w, *key, *value, tscf->mail_login_user_ttl_text,
/* pool */ NULL, log);
return;
}
static void
ngx_mail_auth_sleep_handler(ngx_event_t *rev)
{
ngx_connection_t *c;
ngx_mail_session_t *s;
ngx_mail_core_srv_conf_t *cscf;
ngx_log_debug0(NGX_LOG_DEBUG_MAIL, rev->log, 0, "mail auth sleep handler");
c = rev->data;
s = c->data;
if (rev->timedout) {
rev->timedout = 0;
if (s->auth_wait) {
s->auth_wait = 0;
ngx_mail_auth_http_init(s);
return;
}
cscf = ngx_mail_get_module_srv_conf(s, ngx_mail_core_module);
rev->handler = cscf->protocol->auth_state;
s->mail_state = 0;
s->auth_method = NGX_MAIL_AUTH_PLAIN;
c->log->action = "in auth state";
ngx_mail_send(c->write);
if (c->destroyed) {
return;
}
ngx_add_timer(rev, cscf->timeout);
if (rev->ready) {
rev->handler(rev);
return;
}
if (ngx_handle_read_event(rev, 0) == NGX_ERROR) {
ngx_mail_close_connection(c);
}
return;
}
if (rev->active) {
if (ngx_handle_read_event(rev, 0) == NGX_ERROR) {
ngx_mail_close_connection(c);
}
}
}
void
ngx_mail_pop3_init_session(ngx_mail_session_t *s, ngx_connection_t *c)
{
u_char *p;
ngx_mail_core_srv_conf_t *cscf;
ngx_mail_pop3_srv_conf_t *pscf;
pscf = ngx_mail_get_module_srv_conf(s, ngx_mail_pop3_module);
cscf = ngx_mail_get_module_srv_conf(s, ngx_mail_core_module);
if (pscf->auth_methods
& (NGX_MAIL_AUTH_APOP_ENABLED|NGX_MAIL_AUTH_CRAM_MD5_ENABLED))
{
if (ngx_mail_salt(s, c, cscf) != NGX_OK) {
ngx_mail_session_internal_server_error(s);
return;
}
s->out.data = ngx_pnalloc(c->pool, sizeof(pop3_greeting) + s->salt.len);
if (s->out.data == NULL) {
ngx_mail_session_internal_server_error(s);
return;
}
p = ngx_cpymem(s->out.data, pop3_greeting, sizeof(pop3_greeting) - 3);
*p++ = ' ';
p = ngx_cpymem(p, s->salt.data, s->salt.len);
s->out.len = p - s->out.data;
} else {
ngx_str_set(&s->out, pop3_greeting);
}
c->read->handler = ngx_mail_pop3_init_protocol;
ngx_add_timer(c->read, cscf->timeout);
if (ngx_handle_read_event(c->read, 0) != NGX_OK) {
ngx_mail_close_connection(c);
}
ngx_mail_send(c->write);
}
void
ngx_mail_imap_init_session(ngx_mail_session_t *s, ngx_connection_t *c)
{
ngx_mail_core_srv_conf_t *cscf;
ngx_mail_imap_srv_conf_t *iscf;
cscf = ngx_mail_get_module_srv_conf(s, ngx_mail_core_module);
iscf = ngx_mail_get_module_srv_conf(s, ngx_mail_imap_module);
s->out = iscf->greeting;
c->read->handler = ngx_mail_imap_init_protocol;
ngx_add_timer(c->read, cscf->timeout);
if (ngx_handle_read_event(c->read, 0) != NGX_OK) {
ngx_mail_close_connection(c);
}
ngx_mail_send(c->write);
}
static void ngx_mail_throttle_ip_add
(ngx_str_t *ip, throttle_callback_t *callback)
{
ngx_pool_t *pool = callback->pool;
ngx_log_t *log = callback->log;
ngx_mail_session_t *s = callback->session;
ngx_mail_throttle_srv_conf_t * tscf;
mc_work_t w;
ngx_str_t k, value;
ngx_str_t *key;
ngx_log_error (NGX_LOG_INFO, log, 0, "counter for %V not found, "
"create ip throttle counter", ip);
w.ctx = callback;
w.request_code = mcreq_add;
w.response_code = mcres_unknown;
w.on_success = ngx_mail_throttle_ip_add_success_handler;
w.on_failure = ngx_mail_throttle_ip_add_failure_handler;
/* use ttl for discrete time sampling of ip login hits */
tscf = ngx_mail_get_module_srv_conf(s, ngx_mail_throttle_module);
k = ngx_mail_throttle_get_ip_throttle_key(pool, log, *ip);
if (k.len == 0) {
ngx_log_error (NGX_LOG_ERR, log, 0,
"allowing ip %V login because of internal error "
"in ip throttle control (generate key for add)", ip);
callback->on_allow(callback);
return;
}
key = ngx_pstrcpy (pool, &k);
if (key == NULL) {
ngx_log_error (NGX_LOG_ERR, log, 0,
"allowing ip %V login because of internal error "
"in ip throttle control (deep copy key for add)", ip);
}
ngx_str_set(&value, "1");
callback->value = ngx_pstrcpy (pool, &value);
if (key == NULL) {
ngx_log_error (NGX_LOG_ERR, log, 0,
"allowing ip %V login because of internal error "
"in ip throttle control (deep copy key for add)", ip);
}
callback->key = key;
callback->ip = ip;
callback->ttl = &tscf->mail_login_ip_ttl_text;
ngx_memcache_post_with_ttl(&w, *key, value, tscf->mail_login_ip_ttl_text,/* pool */ NULL, log);
}
void
ngx_mail_session_internal_server_error(ngx_mail_session_t *s)
{
ngx_mail_core_srv_conf_t *cscf;
cscf = ngx_mail_get_module_srv_conf(s, ngx_mail_core_module);
s->out = cscf->protocol->internal_server_error;
s->quit = 1;
ngx_mail_send(s->connection->write);
}
static ngx_int_t
ngx_mail_smtp_mail(ngx_mail_session_t *s, ngx_connection_t *c)
{
ngx_str_t *arg, cmd;
ngx_mail_smtp_srv_conf_t *sscf;
sscf = ngx_mail_get_module_srv_conf(s, ngx_mail_smtp_module);
if (!(sscf->auth_methods & NGX_MAIL_AUTH_NONE_ENABLED)) {
ngx_mail_smtp_log_rejected_command(s, c, "client was rejected: \"%V\"");
ngx_str_set(&s->out, smtp_auth_required);
return NGX_OK;
}
/* auth none */
if (s->smtp_from.len) {
ngx_str_set(&s->out, smtp_bad_sequence);
return NGX_OK;
}
if (s->args.nelts == 0) {
ngx_str_set(&s->out, smtp_invalid_argument);
return NGX_OK;
}
arg = s->args.elts;
arg += s->args.nelts - 1;
cmd.len = arg->data + arg->len - s->cmd.data;
cmd.data = s->cmd.data;
s->smtp_from.len = cmd.len;
s->smtp_from.data = ngx_pnalloc(c->pool, cmd.len);
if (s->smtp_from.data == NULL) {
return NGX_ERROR;
}
ngx_memcpy(s->smtp_from.data, cmd.data, cmd.len);
ngx_log_debug1(NGX_LOG_DEBUG_MAIL, c->log, 0,
"smtp mail from:\"%V\"", &s->smtp_from);
ngx_str_set(&s->out, smtp_ok);
return NGX_OK;
}
static ngx_int_t
ngx_mail_pop3_apop(ngx_mail_session_t *s, ngx_connection_t *c)
{
ngx_str_t *arg;
ngx_mail_pop3_srv_conf_t *pscf;
#if (NGX_MAIL_SSL)
if (ngx_mail_starttls_only(s, c)) {
return NGX_MAIL_PARSE_INVALID_COMMAND;
}
#endif
if (s->args.nelts != 2) {
return NGX_MAIL_PARSE_INVALID_COMMAND;
}
pscf = ngx_mail_get_module_srv_conf(s, ngx_mail_pop3_module);
if (!(pscf->auth_methods & NGX_MAIL_AUTH_APOP_ENABLED)) {
return NGX_MAIL_PARSE_INVALID_COMMAND;
}
arg = s->args.elts;
s->login.len = arg[0].len;
s->login.data = ngx_pnalloc(c->pool, s->login.len);
if (s->login.data == NULL) {
return NGX_ERROR;
}
ngx_memcpy(s->login.data, arg[0].data, s->login.len);
s->passwd.len = arg[1].len;
s->passwd.data = ngx_pnalloc(c->pool, s->passwd.len);
if (s->passwd.data == NULL) {
return NGX_ERROR;
}
ngx_memcpy(s->passwd.data, arg[1].data, s->passwd.len);
ngx_log_debug2(NGX_LOG_DEBUG_MAIL, c->log, 0,
"pop3 apop: \"%V\" \"%V\"", &s->login, &s->passwd);
s->auth_method = NGX_MAIL_AUTH_APOP;
return NGX_DONE;
}
ngx_int_t
ngx_mail_starttls_only(ngx_mail_session_t *s, ngx_connection_t *c)
{
ngx_mail_ssl_conf_t *sslcf;
if (c->ssl) {
return 0;
}
sslcf = ngx_mail_get_module_srv_conf(s, ngx_mail_ssl_module);
if (sslcf->starttls == NGX_MAIL_STARTTLS_ONLY) {
return 1;
}
return 0;
}
void
ngx_mail_starttls_handler(ngx_event_t *rev)
{
ngx_connection_t *c;
ngx_mail_session_t *s;
ngx_mail_ssl_conf_t *sslcf;
c = rev->data;
s = c->data;
s->starttls = 1;
c->log->action = "in starttls state";
sslcf = ngx_mail_get_module_srv_conf(s, ngx_mail_ssl_module);
ngx_mail_ssl_init_connection(&sslcf->ssl, c);
}
/* memcache handler (return counter for the specified ip or NOT_FOUND) */
static void ngx_mail_throttle_ip_success_handler (mc_work_t *w)
{
ngx_mail_throttle_srv_conf_t * tscf;
throttle_callback_t *callback = w->ctx;
ngx_str_t ip = *callback->ip;
ngx_mail_session_t *s = callback->session;
size_t hits;
ngx_str_t counter;
/* the increment was successful - deep copy w->payload to counter */
counter.data = ngx_pstrdup (callback->pool, &w->payload);
if (counter.data == NULL) {
/* enomem */
counter = throttle_zero; /* "0" */
} else {
counter.len = w->payload.len;
}
/* check if the limit has exceeded */
ngx_log_debug2(NGX_LOG_DEBUG_MAIL, callback->log, 0,
"ip throttle:%V is %V", &ip, &counter);
hits = 0;
deserialize_number (counter.data, counter.len, &hits);
tscf = ngx_mail_get_module_srv_conf(s, ngx_mail_throttle_module);
if (tscf->mail_login_ip_max == 0) {
//should never reach here because mail handler won't
//start throttle control if it's unlimited.
ngx_log_error (NGX_LOG_INFO, callback->log, 0,
"ip throttle:%V allow [usage:%d,limit:infinity]",
&ip, hits);
callback->on_allow(callback);
} else if (hits <= tscf->mail_login_ip_max) {
ngx_log_error (NGX_LOG_INFO, callback->log, 0,
"ip throttle:%V allow [usage:%d,limit:%d]",
&ip, hits, tscf->mail_login_ip_max);
callback->on_allow(callback);
} else {
ngx_log_error (NGX_LOG_NOTICE, callback->log, 0,
"ip throttle:%V deny [usage:%d,limit:%d]",
&ip, hits, tscf->mail_login_ip_max);
callback->on_deny(callback);
}
}
static ngx_int_t
ngx_mail_smtp_create_buffer(ngx_mail_session_t *s, ngx_connection_t *c)
{
ngx_mail_smtp_srv_conf_t *sscf;
if (ngx_array_init(&s->args, c->pool, 2, sizeof(ngx_str_t)) == NGX_ERROR)
{
ngx_mail_session_internal_server_error(s);
return NGX_ERROR;
}
sscf = ngx_mail_get_module_srv_conf(s, ngx_mail_smtp_module);
s->buffer = ngx_create_temp_buf(c->pool, sscf->client_buffer_size);
if (s->buffer == NULL)
{
ngx_mail_session_internal_server_error(s);
return NGX_ERROR;
}
return NGX_OK;
}
static ngx_int_t
ngx_mail_imap_starttls(ngx_mail_session_t *s, ngx_connection_t *c)
{
#if (NGX_MAIL_SSL)
ngx_mail_ssl_conf_t *sslcf;
if (c->ssl == NULL) {
sslcf = ngx_mail_get_module_srv_conf(s, ngx_mail_ssl_module);
if (sslcf->starttls) {
c->read->handler = ngx_mail_starttls_handler;
return NGX_OK;
}
}
#endif
return NGX_MAIL_PARSE_INVALID_COMMAND;
}
void
ngx_mail_imap_init_protocol(ngx_event_t *rev)
{
ngx_connection_t *c;
ngx_mail_session_t *s;
ngx_mail_imap_srv_conf_t *iscf;
c = rev->data;
c->log->action = "in auth state";
if (rev->timedout) {
ngx_log_error(NGX_LOG_INFO, c->log, NGX_ETIMEDOUT, "client timed out");
c->timedout = 1;
ngx_mail_close_connection(c);
return;
}
s = c->data;
if (s->buffer == NULL) {
if (ngx_array_init(&s->args, c->pool, 2, sizeof(ngx_str_t))
== NGX_ERROR)
{
ngx_mail_session_internal_server_error(s);
return;
}
iscf = ngx_mail_get_module_srv_conf(s, ngx_mail_imap_module);
s->buffer = ngx_create_temp_buf(c->pool, iscf->client_buffer_size);
if (s->buffer == NULL) {
ngx_mail_session_internal_server_error(s);
return;
}
}
ngx_mail_set_imap_parse_state_start(s);
s->mail_state = ngx_imap_start;
c->read->handler = ngx_mail_imap_auth_state;
ngx_mail_imap_auth_state(rev);
}
