static void ngx_mail_smtp_greeting(ngx_mail_session_t *s, ngx_connection_t *c) { ngx_msec_t timeout; ngx_mail_core_srv_conf_t *cscf; ngx_mail_smtp_srv_conf_t *sscf; ngx_log_debug1(NGX_LOG_DEBUG_MAIL, c->log, 0, "smtp greeting for \"%V\"", &s->host); cscf = ngx_mail_get_module_srv_conf(s, ngx_mail_core_module); sscf = ngx_mail_get_module_srv_conf(s, ngx_mail_smtp_module); timeout = sscf->greeting_delay ? sscf->greeting_delay : cscf->timeout; ngx_add_timer(c->read, timeout); if (ngx_handle_read_event(c->read, 0) == NGX_ERROR) { ngx_mail_close_connection(c); } if (sscf->greeting_delay) { c->read->handler = ngx_mail_smtp_invalid_pipelining; return; } c->read->handler = ngx_mail_smtp_init_protocol; s->out = sscf->greeting; ngx_mail_send(c->write); }
void ngx_mail_smtp_init_session(ngx_mail_session_t *s, ngx_connection_t *c) { ngx_msec_t timeout; ngx_mail_core_srv_conf_t *cscf; ngx_mail_smtp_srv_conf_t *sscf; cscf = ngx_mail_get_module_srv_conf(s, ngx_mail_core_module); sscf = ngx_mail_get_module_srv_conf(s, ngx_mail_smtp_module); timeout = sscf->greeting_delay ? sscf->greeting_delay : cscf->timeout; ngx_add_timer(c->read, timeout); if (ngx_handle_read_event(c->read, 0) == NGX_ERROR) { ngx_mail_close_connection(c); } if (sscf->greeting_delay) { c->read->handler = ngx_mail_smtp_invalid_pipelining; return; } c->read->handler = ngx_mail_smtp_init_protocol; s->out = sscf->greeting; ngx_mail_send(c->write); }
static void ngx_mail_zmauth_wait_handler(ngx_event_t *ev) { ngx_connection_t *c; ngx_mail_session_t *s; ngx_mail_zmauth_ctx_t *ctx; ngx_log_debug0(NGX_LOG_DEBUG_MAIL, ev->log, 0, "mail zmauth wait handler"); c = ev->data; s = c->data; ctx = ngx_mail_get_module_ctx(s, ngx_mail_zmauth_module); if (ev->timedout) { /* we need to close the connection immediately */ ngx_destroy_pool(ctx->pool); ngx_mail_set_ctx(s, NULL, ngx_mail_zmauth_module); s->quit = 1; ngx_mail_send(c->write); return; } if (ev->active) { if (ngx_handle_read_event(ev, 0) != NGX_OK) { ngx_mail_close_connection(c); } } }
static void ngx_mail_auth_sleep_handler(ngx_event_t *rev) { ngx_connection_t *c; ngx_mail_session_t *s; ngx_mail_core_srv_conf_t *cscf; ngx_log_debug0(NGX_LOG_DEBUG_MAIL, rev->log, 0, "mail auth sleep handler"); c = rev->data; s = c->data; if (rev->timedout) { rev->timedout = 0; if (s->auth_wait) { s->auth_wait = 0; ngx_mail_auth_http_init(s); return; } cscf = ngx_mail_get_module_srv_conf(s, ngx_mail_core_module); rev->handler = cscf->protocol->auth_state; s->mail_state = 0; s->auth_method = NGX_MAIL_AUTH_PLAIN; c->log->action = "in auth state"; ngx_mail_send(c->write); if (c->destroyed) { return; } ngx_add_timer(rev, cscf->timeout); if (rev->ready) { rev->handler(rev); return; } if (ngx_handle_read_event(rev, 0) == NGX_ERROR) { ngx_mail_close_connection(c); } return; } if (rev->active) { if (ngx_handle_read_event(rev, 0) == NGX_ERROR) { ngx_mail_close_connection(c); } } }
static void ngx_mail_smtp_invalid_pipelining(ngx_event_t *rev) { ngx_connection_t *c; ngx_mail_session_t *s; ngx_mail_core_srv_conf_t *cscf; ngx_mail_smtp_srv_conf_t *sscf; c = rev->data; s = c->data; c->log->action = "in delay pipelining state"; if (rev->timedout) { ngx_log_debug0(NGX_LOG_DEBUG_MAIL, c->log, 0, "delay greeting"); rev->timedout = 0; cscf = ngx_mail_get_module_srv_conf(s, ngx_mail_core_module); c->read->handler = ngx_mail_smtp_init_protocol; ngx_add_timer(c->read, cscf->timeout); if (ngx_handle_read_event(c->read, 0) == NGX_ERROR) { ngx_mail_close_connection(c); return; } sscf = ngx_mail_get_module_srv_conf(s, ngx_mail_smtp_module); s->out = sscf->greeting; } else { ngx_log_debug0(NGX_LOG_DEBUG_MAIL, c->log, 0, "invalid pipelining"); if (s->buffer == NULL) { if (ngx_mail_smtp_create_buffer(s, c) != NGX_OK) { return; } } if (ngx_mail_smtp_discard_command(s, c, "client was rejected before greeting: \"%V\"") != NGX_OK) { return; } s->out.len = sizeof(smtp_invalid_pipelining) - 1; s->out.data = smtp_invalid_pipelining; } ngx_mail_send(c->write); }
void ngx_mail_session_internal_server_error(ngx_mail_session_t *s) { ngx_mail_core_srv_conf_t *cscf; cscf = ngx_mail_get_module_srv_conf(s, ngx_mail_core_module); s->out = cscf->protocol->internal_server_error; s->quit = 1; ngx_mail_send(s->connection->write); }
void ngx_mail_pop3_init_session(ngx_mail_session_t *s, ngx_connection_t *c) { u_char *p; ngx_mail_core_srv_conf_t *cscf; ngx_mail_pop3_srv_conf_t *pscf; pscf = ngx_mail_get_module_srv_conf(s, ngx_mail_pop3_module); cscf = ngx_mail_get_module_srv_conf(s, ngx_mail_core_module); if (pscf->auth_methods & (NGX_MAIL_AUTH_APOP_ENABLED|NGX_MAIL_AUTH_CRAM_MD5_ENABLED)) { if (ngx_mail_salt(s, c, cscf) != NGX_OK) { ngx_mail_session_internal_server_error(s); return; } s->out.data = ngx_pnalloc(c->pool, sizeof(pop3_greeting) + s->salt.len); if (s->out.data == NULL) { ngx_mail_session_internal_server_error(s); return; } p = ngx_cpymem(s->out.data, pop3_greeting, sizeof(pop3_greeting) - 3); *p++ = ' '; p = ngx_cpymem(p, s->salt.data, s->salt.len); s->out.len = p - s->out.data; } else { ngx_str_set(&s->out, pop3_greeting); } c->read->handler = ngx_mail_pop3_init_protocol; ngx_add_timer(c->read, cscf->timeout); if (ngx_handle_read_event(c->read, 0) != NGX_OK) { ngx_mail_close_connection(c); } ngx_mail_send(c->write); }
static void ngx_mail_proxy_upstream_error(ngx_mail_session_t *s) { if (s->proxy->upstream.connection) { ngx_log_debug1(NGX_LOG_DEBUG_MAIL, s->connection->log, 0, "close mail proxy connection: %d", s->proxy->upstream.connection->fd); ngx_close_connection(s->proxy->upstream.connection); } if (s->out.len == 0) { ngx_mail_session_internal_server_error(s); return; } s->quit = 1; ngx_mail_send(s->connection->write); }
void ngx_mail_imap_init_session(ngx_mail_session_t *s, ngx_connection_t *c) { ngx_mail_core_srv_conf_t *cscf; ngx_mail_imap_srv_conf_t *iscf; cscf = ngx_mail_get_module_srv_conf(s, ngx_mail_core_module); iscf = ngx_mail_get_module_srv_conf(s, ngx_mail_imap_module); s->out = iscf->greeting; c->read->handler = ngx_mail_imap_init_protocol; ngx_add_timer(c->read, cscf->timeout); if (ngx_handle_read_event(c->read, 0) != NGX_OK) { ngx_mail_close_connection(c); } ngx_mail_send(c->write); }
void ngx_mail_imap_init_session(ngx_mail_session_t *s, ngx_connection_t *c) { ngx_mail_core_srv_conf_t *cscf; cscf = ngx_mail_get_module_srv_conf(s, ngx_mail_core_module); s->out.len = sizeof(imap_greeting) - 1; s->out.data = imap_greeting; c->read->handler = ngx_mail_imap_init_protocol; ngx_add_timer(c->read, cscf->timeout); if (ngx_handle_read_event(c->read, 0) == NGX_ERROR) { ngx_mail_close_connection(c); } ngx_mail_send(c->write); }
static void ngx_mail_auth_http_process_headers(ngx_mail_session_t *s, ngx_mail_auth_http_ctx_t *ctx) { u_char *p; time_t timer; size_t len, size; ngx_int_t rc, port, n; ngx_peer_addr_t *peer; struct sockaddr_in *sin; ngx_log_debug0(NGX_LOG_DEBUG_MAIL, s->connection->log, 0, "mail auth http process headers"); for ( ;; ) { rc = ngx_mail_auth_http_parse_header_line(s, ctx); if (rc == NGX_OK) { #if (NGX_DEBUG) { ngx_str_t key, value; key.len = ctx->header_name_end - ctx->header_name_start; key.data = ctx->header_name_start; value.len = ctx->header_end - ctx->header_start; value.data = ctx->header_start; ngx_log_debug2(NGX_LOG_DEBUG_MAIL, s->connection->log, 0, "mail auth http header: \"%V: %V\"", &key, &value); } #endif len = ctx->header_name_end - ctx->header_name_start; if (len == sizeof("Auth-Status") - 1 && ngx_strncasecmp(ctx->header_name_start, (u_char *) "Auth-Status", sizeof("Auth-Status") - 1) == 0) { len = ctx->header_end - ctx->header_start; if (len == 2 && ctx->header_start[0] == 'O' && ctx->header_start[1] == 'K') { continue; } if (len == 4 && ctx->header_start[0] == 'W' && ctx->header_start[1] == 'A' && ctx->header_start[2] == 'I' && ctx->header_start[3] == 'T') { s->auth_wait = 1; continue; } ctx->errmsg.len = len; ctx->errmsg.data = ctx->header_start; switch (s->protocol) { case NGX_MAIL_POP3_PROTOCOL: size = sizeof("-ERR ") - 1 + len + sizeof(CRLF) - 1; break; case NGX_MAIL_IMAP_PROTOCOL: size = s->tag.len + sizeof("NO ") - 1 + len + sizeof(CRLF) - 1; break; default: /* NGX_MAIL_SMTP_PROTOCOL */ ctx->err = ctx->errmsg; continue; } p = ngx_pcalloc(s->connection->pool, size); if (p == NULL) { ngx_close_connection(ctx->peer.connection); ngx_destroy_pool(ctx->pool); ngx_mail_session_internal_server_error(s); return; } ctx->err.data = p; switch (s->protocol) { case NGX_MAIL_POP3_PROTOCOL: *p++ = '-'; *p++ = 'E'; *p++ = 'R'; *p++ = 'R'; *p++ = ' '; break; case NGX_MAIL_IMAP_PROTOCOL: p = ngx_cpymem(p, s->tag.data, s->tag.len); *p++ = 'N'; *p++ = 'O'; *p++ = ' '; break; default: /* NGX_MAIL_SMTP_PROTOCOL */ break; } p = ngx_cpymem(p, ctx->header_start, len); *p++ = CR; *p++ = LF; ctx->err.len = p - ctx->err.data; continue; } if (len == sizeof("Auth-Server") - 1 && ngx_strncasecmp(ctx->header_name_start, (u_char *) "Auth-Server", sizeof("Auth-Server") - 1) == 0) { ctx->addr.len = ctx->header_end - ctx->header_start; ctx->addr.data = ctx->header_start; continue; } if (len == sizeof("Auth-Port") - 1 && ngx_strncasecmp(ctx->header_name_start, (u_char *) "Auth-Port", sizeof("Auth-Port") - 1) == 0) { ctx->port.len = ctx->header_end - ctx->header_start; ctx->port.data = ctx->header_start; continue; } if (len == sizeof("Auth-User") - 1 && ngx_strncasecmp(ctx->header_name_start, (u_char *) "Auth-User", sizeof("Auth-User") - 1) == 0) { s->login.len = ctx->header_end - ctx->header_start; s->login.data = ngx_palloc(s->connection->pool, s->login.len); if (s->login.data == NULL) { ngx_close_connection(ctx->peer.connection); ngx_destroy_pool(ctx->pool); ngx_mail_session_internal_server_error(s); return; } ngx_memcpy(s->login.data, ctx->header_start, s->login.len); continue; } if (len == sizeof("Auth-Pass") - 1 && ngx_strncasecmp(ctx->header_name_start, (u_char *) "Auth-Pass", sizeof("Auth-Pass") - 1) == 0) { s->passwd.len = ctx->header_end - ctx->header_start; s->passwd.data = ngx_palloc(s->connection->pool, s->passwd.len); if (s->passwd.data == NULL) { ngx_close_connection(ctx->peer.connection); ngx_destroy_pool(ctx->pool); ngx_mail_session_internal_server_error(s); return; } ngx_memcpy(s->passwd.data, ctx->header_start, s->passwd.len); continue; } if (len == sizeof("Auth-Wait") - 1 && ngx_strncasecmp(ctx->header_name_start, (u_char *) "Auth-Wait", sizeof("Auth-Wait") - 1) == 0) { n = ngx_atoi(ctx->header_start, ctx->header_end - ctx->header_start); if (n != NGX_ERROR) { ctx->sleep = n; } continue; } if (len == sizeof("Auth-Error-Code") - 1 && ngx_strncasecmp(ctx->header_name_start, (u_char *) "Auth-Error-Code", sizeof("Auth-Error-Code") - 1) == 0) { ctx->errcode.len = ctx->header_end - ctx->header_start; ctx->errcode.data = ngx_palloc(s->connection->pool, ctx->errcode.len); if (ctx->errcode.data == NULL) { ngx_close_connection(ctx->peer.connection); ngx_destroy_pool(ctx->pool); ngx_mail_session_internal_server_error(s); return; } ngx_memcpy(ctx->errcode.data, ctx->header_start, ctx->errcode.len); continue; } /* ignore other headers */ continue; } if (rc == NGX_DONE) { ngx_log_debug0(NGX_LOG_DEBUG_MAIL, s->connection->log, 0, "mail auth http header done"); ngx_close_connection(ctx->peer.connection); if (ctx->err.len) { ngx_log_error(NGX_LOG_INFO, s->connection->log, 0, "client login failed: \"%V\"", &ctx->errmsg); if (s->protocol == NGX_MAIL_SMTP_PROTOCOL) { if (ctx->errcode.len == 0) { ctx->errcode = ngx_mail_smtp_errcode; } ctx->err.len = ctx->errcode.len + ctx->errmsg.len + sizeof(" " CRLF) - 1; p = ngx_palloc(s->connection->pool, ctx->err.len); if (p == NULL) { ngx_close_connection(ctx->peer.connection); ngx_destroy_pool(ctx->pool); ngx_mail_session_internal_server_error(s); return; } ctx->err.data = p; p = ngx_cpymem(p, ctx->errcode.data, ctx->errcode.len); *p++ = ' '; p = ngx_cpymem(p, ctx->errmsg.data, ctx->errmsg.len); *p++ = CR; *p = LF; } s->out = ctx->err; timer = ctx->sleep; ngx_destroy_pool(ctx->pool); if (timer == 0) { s->quit = 1; ngx_mail_send(s->connection->write); return; } ngx_add_timer(s->connection->read, (ngx_msec_t) (timer * 1000)); s->connection->read->handler = ngx_mail_auth_sleep_handler; return; } if (s->auth_wait) { timer = ctx->sleep; ngx_destroy_pool(ctx->pool); if (timer == 0) { ngx_mail_auth_http_init(s); return; } ngx_add_timer(s->connection->read, (ngx_msec_t) (timer * 1000)); s->connection->read->handler = ngx_mail_auth_sleep_handler; return; } if (ctx->addr.len == 0 || ctx->port.len == 0) { ngx_log_error(NGX_LOG_ERR, s->connection->log, 0, "auth http server %V did not send server or port", ctx->peer.name); ngx_destroy_pool(ctx->pool); ngx_mail_session_internal_server_error(s); return; } if (s->passwd.data == NULL && s->protocol != NGX_MAIL_SMTP_PROTOCOL) { ngx_log_error(NGX_LOG_ERR, s->connection->log, 0, "auth http server %V did not send password", ctx->peer.name); ngx_destroy_pool(ctx->pool); ngx_mail_session_internal_server_error(s); return; } peer = ngx_pcalloc(s->connection->pool, sizeof(ngx_peer_addr_t)); if (peer == NULL) { ngx_destroy_pool(ctx->pool); ngx_mail_session_internal_server_error(s); return; } sin = ngx_pcalloc(s->connection->pool, sizeof(struct sockaddr_in)); if (sin == NULL) { ngx_destroy_pool(ctx->pool); ngx_mail_session_internal_server_error(s); return; } sin->sin_family = AF_INET; port = ngx_atoi(ctx->port.data, ctx->port.len); if (port == NGX_ERROR || port < 1 || port > 65536) { ngx_log_error(NGX_LOG_ERR, s->connection->log, 0, "auth http server %V sent invalid server " "port:\"%V\"", ctx->peer.name, &ctx->port); ngx_destroy_pool(ctx->pool); ngx_mail_session_internal_server_error(s); return; } sin->sin_port = htons((in_port_t) port); ctx->addr.data[ctx->addr.len] = '\0'; sin->sin_addr.s_addr = inet_addr((char *) ctx->addr.data); if (sin->sin_addr.s_addr == INADDR_NONE) { ngx_log_error(NGX_LOG_ERR, s->connection->log, 0, "auth http server %V sent invalid server " "address:\"%V\"", ctx->peer.name, &ctx->addr); ngx_destroy_pool(ctx->pool); ngx_mail_session_internal_server_error(s); return; } peer->sockaddr = (struct sockaddr *) sin; peer->socklen = sizeof(struct sockaddr_in); len = ctx->addr.len + 1 + ctx->port.len; peer->name.len = len; peer->name.data = ngx_palloc(s->connection->pool, len); if (peer->name.data == NULL) { ngx_destroy_pool(ctx->pool); ngx_mail_session_internal_server_error(s); return; } len = ctx->addr.len; ngx_memcpy(peer->name.data, ctx->addr.data, len); peer->name.data[len++] = ':'; ngx_memcpy(peer->name.data + len, ctx->port.data, ctx->port.len); ngx_destroy_pool(ctx->pool); ngx_mail_proxy_init(s, peer); return; } if (rc == NGX_AGAIN ) { return; } /* rc == NGX_ERROR */ ngx_log_error(NGX_LOG_ERR, s->connection->log, 0, "auth http server %V sent invalid header in response", ctx->peer.name); ngx_close_connection(ctx->peer.connection); ngx_destroy_pool(ctx->pool); ngx_mail_session_internal_server_error(s); return; } }
void ngx_mail_imap_auth_state(ngx_event_t *rev) { u_char *p, *dst, *src, *end; ngx_str_t *arg; ngx_int_t rc; ngx_uint_t tag, i; ngx_connection_t *c; ngx_mail_session_t *s; c = rev->data; s = c->data; ngx_log_debug0(NGX_LOG_DEBUG_MAIL, c->log, 0, "imap auth state"); if (rev->timedout) { ngx_log_error(NGX_LOG_INFO, c->log, NGX_ETIMEDOUT, "client timed out"); c->timedout = 1; ngx_mail_end_session(s); /* send IMAP BYE on timeout */ return; } if (s->out.len) { ngx_log_debug0(NGX_LOG_DEBUG_MAIL, c->log, 0, "imap send handler busy"); s->blocked = 1; return; } s->blocked = 0; rc = ngx_mail_read_command(s, c); if (rc == NGX_AGAIN || rc == NGX_ERROR) { return; } if (rc == NGX_IMAP_NEXT) { tag = 0; ngx_str_set(&s->out, imap_next); } else { tag = 1; ngx_str_set(&s->out, imap_ok); s->text.len = 0; ngx_log_debug1(NGX_LOG_DEBUG_MAIL, c->log, 0, "imap auth command: %i", s->command); if (s->backslash) { arg = s->args.elts; for (i = 0; i < s->args.nelts; i++) { dst = arg[i].data; end = dst + arg[i].len; for (src = dst; src < end; dst++) { *dst = *src; if (*src++ == '\\') { *dst = *src++; } } arg[i].len = dst - arg[i].data; } s->backslash = 0; } if (rc == NGX_OK) { switch (s->mail_state) { case ngx_imap_start: switch (s->command) { case NGX_IMAP_LOGIN: rc = ngx_mail_imap_login(s, c); break; case NGX_IMAP_AUTHENTICATE: rc = ngx_mail_imap_authenticate(s, c); break; case NGX_IMAP_CAPABILITY: rc = ngx_mail_imap_capability(s, c); break; case NGX_IMAP_LOGOUT: s->quit = 1; ngx_str_set(&s->text, imap_bye); break; case NGX_IMAP_NOOP: break; case NGX_IMAP_STARTTLS: rc = ngx_mail_imap_starttls(s, c); break; case NGX_IMAP_ID: rc = ngx_mail_imap_id(s, c); break; default: rc = NGX_MAIL_PARSE_INVALID_COMMAND; break; } break; case ngx_imap_auth_login_username: rc = ngx_mail_auth_login_username(s, c, 0); if (rc == NGX_MAIL_AUTH_ARGUMENT) { ngx_str_set(&s->out, imap_password); s->mail_state = ngx_imap_auth_login_password; } break; case ngx_imap_auth_login_password: rc = ngx_mail_auth_login_password(s, c); break; case ngx_imap_auth_plain: rc = ngx_mail_auth_plain(s, c, 0); break; case ngx_imap_auth_gssapi: { ngx_str_t output; ngx_str_set(&output, ""); rc = ngx_mail_auth_gssapi(s, c, &output); if (rc == NGX_MAIL_AUTH_ARGUMENT) { s->mail_state = ngx_imap_auth_gssapi; s->out = output; } break; } case ngx_imap_auth_cram_md5: rc = ngx_mail_auth_cram_md5(s, c); break; } } } switch (rc) { case NGX_DONE: ngx_mail_do_auth(s, c); return; case NGX_OK: ngx_mail_set_imap_parse_state_start(s); s->arg_start = NULL; ngx_mail_reset_parse_buffer(s); break; case NGX_MAIL_AUTH_ABORT: ngx_str_set(&s->out, imap_authaborted); s->mail_state = ngx_imap_start; ngx_mail_set_imap_parse_state_start(s); s->arg_start = NULL; ngx_mail_reset_parse_buffer(s); break; case NGX_ERROR: ngx_mail_session_internal_server_error(s); return; case NGX_MAIL_AUTH_FAILED: ngx_str_set(&s->out, imap_authenticate_failed); s->mail_state = ngx_imap_start; ngx_mail_set_imap_parse_state_start(s); s->arg_start = NULL; ngx_mail_reset_parse_buffer(s); break; case NGX_MAIL_LOGIN_FAILED: ngx_str_set(&s->out, imap_login_failed); s->mail_state = ngx_imap_start; ngx_mail_set_imap_parse_state_start(s); s->arg_start = NULL; ngx_mail_reset_parse_buffer(s); break; case NGX_MAIL_PARSE_INVALID_AUTH_MECH: ngx_log_debug0 (NGX_LOG_DEBUG_MAIL, c->log, 0, "unsupported IMAP auth mechanism"); ngx_str_set(&s->out, imap_unsupported_mech); s->mail_state = ngx_imap_start; ngx_mail_set_imap_parse_state_start(s); s->arg_start = NULL; ngx_mail_reset_parse_buffer(s); break; case NGX_MAIL_PARSE_INVALID_COMMAND: ngx_str_set(&s->out, imap_invalid_command); s->mail_state = ngx_imap_start; ngx_mail_set_imap_parse_state_start(s); s->arg_start = NULL; ngx_mail_reset_parse_buffer(s); break; case NGX_MAIL_AUTH_ARGUMENT: ngx_mail_set_imap_parse_state_argument(s); /* preserve tag, since tag's memory is allocated in buffer, need to set the * buffer pos after tag */ s->arg_start = s->buffer->start + s->tag.len; s->buffer->pos = s->arg_start; s->buffer->last = s->arg_start; tag = 0; // just output s->out break; case NGX_IMAP_NEXT: /* do nothing, preserve all the state, including s->state, s->mail_state, * , s->buffer, s->arg_start */ break; } //clear args if(rc != NGX_IMAP_NEXT) { s->args.nelts = 0; } // process the output if (tag) { //text tag out --> out if (s->tag.len == 0) { ngx_str_set(&s->tag, imap_star); } if (s->tagged_line.len < s->tag.len + s->text.len + s->out.len + 1) { s->tagged_line.len = s->tag.len + s->text.len + s->out.len + 1; s->tagged_line.data = ngx_pnalloc(c->pool, s->tagged_line.len); if (s->tagged_line.data == NULL) { ngx_mail_close_connection(c); return; } } p = s->tagged_line.data; if (s->text.len) { p = ngx_cpymem(p, s->text.data, s->text.len); } p = ngx_cpymem(p, s->tag.data, s->tag.len); *p++ = ' '; /* the space between tag and out */ ngx_memcpy(p, s->out.data, s->out.len); s->out.len = s->text.len + s->tag.len + 1 /*for space*/+ s->out.len; s->out.data = s->tagged_line.data; } ngx_mail_send(c->write); }
void ngx_mail_smtp_auth_state(ngx_event_t *rev) { ngx_int_t rc; ngx_connection_t *c; ngx_mail_session_t *s; c = rev->data; s = c->data; ngx_log_debug0(NGX_LOG_DEBUG_MAIL, c->log, 0, "smtp auth state"); if (rev->timedout) { ngx_log_error(NGX_LOG_INFO, c->log, NGX_ETIMEDOUT, "client timed out"); c->timedout = 1; ngx_mail_close_connection(c); return; } if (s->out.len) { ngx_log_debug0(NGX_LOG_DEBUG_MAIL, c->log, 0, "smtp send handler busy"); s->blocked = 1; return; } s->blocked = 0; rc = ngx_mail_read_command(s, c); if (rc == NGX_AGAIN || rc == NGX_ERROR) { return; } s->out.len = sizeof(smtp_ok) - 1; s->out.data = smtp_ok; if (rc == NGX_OK) { switch (s->mail_state) { case ngx_smtp_start: switch (s->command) { case NGX_SMTP_HELO: case NGX_SMTP_EHLO: rc = ngx_mail_smtp_helo(s, c); break; case NGX_SMTP_AUTH: rc = ngx_mail_smtp_auth(s, c); break; case NGX_SMTP_QUIT: s->quit = 1; s->out.len = sizeof(smtp_bye) - 1; s->out.data = smtp_bye; break; case NGX_SMTP_MAIL: rc = ngx_mail_smtp_mail(s, c); break; case NGX_SMTP_NOOP: case NGX_SMTP_RSET: break; case NGX_SMTP_STARTTLS: rc = ngx_mail_smtp_starttls(s, c); s->out.len = sizeof(smtp_starttls) - 1; s->out.data = smtp_starttls; break; default: rc = NGX_MAIL_PARSE_INVALID_COMMAND; break; } break; case ngx_smtp_auth_login_username: rc = ngx_mail_auth_login_username(s, c, 0); s->out.len = sizeof(smtp_password) - 1; s->out.data = smtp_password; s->mail_state = ngx_smtp_auth_login_password; break; case ngx_smtp_auth_login_password: rc = ngx_mail_auth_login_password(s, c); break; case ngx_smtp_auth_plain: rc = ngx_mail_auth_plain(s, c, 0); break; case ngx_smtp_auth_cram_md5: rc = ngx_mail_auth_cram_md5(s, c); break; } } switch (rc) { case NGX_DONE: ngx_mail_auth(s, c); return; case NGX_ERROR: ngx_mail_session_internal_server_error(s); return; case NGX_MAIL_PARSE_INVALID_COMMAND: s->mail_state = ngx_smtp_start; s->state = 0; s->out.len = sizeof(smtp_invalid_command) - 1; s->out.data = smtp_invalid_command; /* fall through */ case NGX_OK: s->args.nelts = 0; s->buffer->pos = s->buffer->start; s->buffer->last = s->buffer->start; if (s->state) { s->arg_start = s->buffer->start; } ngx_mail_send(c->write); } }
void ngx_mail_imap_auth_state(ngx_event_t *rev) { u_char *p, *dst, *src, *end; ngx_str_t *arg; ngx_int_t rc; ngx_uint_t tag, i; ngx_connection_t *c; ngx_mail_session_t *s; c = rev->data; s = c->data; ngx_log_debug0(NGX_LOG_DEBUG_MAIL, c->log, 0, "imap auth state"); if (rev->timedout) { ngx_log_error(NGX_LOG_INFO, c->log, NGX_ETIMEDOUT, "client timed out"); c->timedout = 1; ngx_mail_close_connection(c); return; } if (s->out.len) { ngx_log_debug0(NGX_LOG_DEBUG_MAIL, c->log, 0, "imap send handler busy"); s->blocked = 1; return; } s->blocked = 0; rc = ngx_mail_read_command(s, c); if (rc == NGX_AGAIN || rc == NGX_ERROR) { return; } tag = 1; s->text.len = 0; s->out.len = sizeof(imap_ok) - 1; s->out.data = imap_ok; if (rc == NGX_OK) { ngx_log_debug1(NGX_LOG_DEBUG_MAIL, c->log, 0, "imap auth command: %i", s->command); if (s->backslash) { arg = s->args.elts; for (i = 0; i < s->args.nelts; i++) { dst = arg[i].data; end = dst + arg[i].len; for (src = dst; src < end; dst++) { *dst = *src; if (*src++ == '\\') { *dst = *src++; } } arg[i].len = dst - arg[i].data; } s->backslash = 0; } switch (s->mail_state) { case ngx_imap_start: switch (s->command) { case NGX_IMAP_LOGIN: rc = ngx_mail_imap_login(s, c); break; case NGX_IMAP_AUTHENTICATE: rc = ngx_mail_imap_authenticate(s, c); tag = (rc != NGX_OK); break; case NGX_IMAP_CAPABILITY: rc = ngx_mail_imap_capability(s, c); break; case NGX_IMAP_LOGOUT: s->quit = 1; s->text.len = sizeof(imap_bye) - 1; s->text.data = imap_bye; break; case NGX_IMAP_NOOP: break; case NGX_IMAP_STARTTLS: rc = ngx_mail_imap_starttls(s, c); break; default: rc = NGX_MAIL_PARSE_INVALID_COMMAND; break; } break; case ngx_imap_auth_login_username: rc = ngx_mail_auth_login_username(s, c, 0); tag = 0; s->out.len = sizeof(imap_password) - 1; s->out.data = imap_password; s->mail_state = ngx_imap_auth_login_password; break; case ngx_imap_auth_login_password: rc = ngx_mail_auth_login_password(s, c); break; case ngx_imap_auth_plain: rc = ngx_mail_auth_plain(s, c, 0); break; case ngx_imap_auth_cram_md5: rc = ngx_mail_auth_cram_md5(s, c); break; } } else if (rc == NGX_IMAP_NEXT) { tag = 0; s->out.len = sizeof(imap_next) - 1; s->out.data = imap_next; } switch (rc) { case NGX_DONE: ngx_mail_auth(s, c); return; case NGX_ERROR: ngx_mail_session_internal_server_error(s); return; case NGX_MAIL_PARSE_INVALID_COMMAND: s->state = 0; s->out.len = sizeof(imap_invalid_command) - 1; s->out.data = imap_invalid_command; s->mail_state = ngx_imap_start; break; } if (tag) { if (s->tag.len == 0) { s->tag.len = sizeof(imap_star) - 1; s->tag.data = (u_char *) imap_star; } if (s->tagged_line.len < s->tag.len + s->text.len + s->out.len) { s->tagged_line.len = s->tag.len + s->text.len + s->out.len; s->tagged_line.data = ngx_pnalloc(c->pool, s->tagged_line.len); if (s->tagged_line.data == NULL) { ngx_mail_close_connection(c); return; } } p = s->tagged_line.data; if (s->text.len) { p = ngx_cpymem(p, s->text.data, s->text.len); } p = ngx_cpymem(p, s->tag.data, s->tag.len); ngx_memcpy(p, s->out.data, s->out.len); s->out.len = s->text.len + s->tag.len + s->out.len; s->out.data = s->tagged_line.data; } if (rc != NGX_IMAP_NEXT) { s->args.nelts = 0; if (s->state) { /* preserve tag */ s->arg_start = s->buffer->start + s->tag.len; s->buffer->pos = s->arg_start; s->buffer->last = s->arg_start; } else { s->buffer->pos = s->buffer->start; s->buffer->last = s->buffer->start; s->tag.len = 0; } } ngx_mail_send(c->write); }
void ngx_mail_pop3_auth_state(ngx_event_t *rev) { ngx_int_t rc; ngx_connection_t *c; ngx_mail_session_t *s; c = rev->data; s = c->data; ngx_log_debug0(NGX_LOG_DEBUG_MAIL, c->log, 0, "pop3 auth state"); if (rev->timedout) { ngx_log_error(NGX_LOG_INFO, c->log, NGX_ETIMEDOUT, "client timed out"); c->timedout = 1; ngx_mail_close_connection(c); return; } if (s->out.len) { ngx_log_debug0(NGX_LOG_DEBUG_MAIL, c->log, 0, "pop3 send handler busy"); s->blocked = 1; return; } s->blocked = 0; rc = ngx_mail_read_command(s, c); if (rc == NGX_AGAIN || rc == NGX_ERROR) { return; } ngx_str_set(&s->out, pop3_ok); if (rc == NGX_OK) { switch (s->mail_state) { case ngx_pop3_start: switch (s->command) { case NGX_POP3_USER: rc = ngx_mail_pop3_user(s, c); break; case NGX_POP3_CAPA: rc = ngx_mail_pop3_capa(s, c, 1); break; case NGX_POP3_APOP: rc = ngx_mail_pop3_apop(s, c); break; case NGX_POP3_AUTH: rc = ngx_mail_pop3_auth(s, c); break; case NGX_POP3_QUIT: s->quit = 1; break; case NGX_POP3_NOOP: break; case NGX_POP3_STLS: rc = ngx_mail_pop3_stls(s, c); break; default: rc = NGX_MAIL_PARSE_INVALID_COMMAND; break; } break; case ngx_pop3_user: switch (s->command) { case NGX_POP3_PASS: rc = ngx_mail_pop3_pass(s, c); break; case NGX_POP3_CAPA: rc = ngx_mail_pop3_capa(s, c, 0); break; case NGX_POP3_QUIT: s->quit = 1; break; case NGX_POP3_NOOP: break; default: rc = NGX_MAIL_PARSE_INVALID_COMMAND; break; } break; /* suppress warinings */ case ngx_pop3_passwd: break; case ngx_pop3_auth_login_username: rc = ngx_mail_auth_login_username(s, c, 0); ngx_str_set(&s->out, pop3_password); s->mail_state = ngx_pop3_auth_login_password; break; case ngx_pop3_auth_login_password: rc = ngx_mail_auth_login_password(s, c); break; case ngx_pop3_auth_plain: rc = ngx_mail_auth_plain(s, c, 0); break; case ngx_pop3_auth_cram_md5: rc = ngx_mail_auth_cram_md5(s, c); break; } } switch (rc) { case NGX_DONE: ngx_mail_auth(s, c); return; case NGX_ERROR: ngx_mail_session_internal_server_error(s); return; case NGX_MAIL_PARSE_INVALID_COMMAND: s->mail_state = ngx_pop3_start; s->state = 0; ngx_str_set(&s->out, pop3_invalid_command); /* fall through */ case NGX_OK: s->args.nelts = 0; s->buffer->pos = s->buffer->start; s->buffer->last = s->buffer->start; if (s->state) { s->arg_start = s->buffer->start; } ngx_mail_send(c->write); } }
static ngx_int_t ngx_mail_verify_cert(ngx_mail_session_t *s, ngx_connection_t *c) { long rc; X509 *cert; ngx_mail_ssl_conf_t *sslcf; ngx_mail_core_srv_conf_t *cscf; sslcf = ngx_mail_get_module_srv_conf(s, ngx_mail_ssl_module); if (!sslcf->verify) { return NGX_OK; } rc = SSL_get_verify_result(c->ssl->connection); if (rc != X509_V_OK && (sslcf->verify != 3 || !ngx_ssl_verify_error_optional(rc))) { ngx_log_error(NGX_LOG_INFO, c->log, 0, "client SSL certificate verify error: (%l:%s)", rc, X509_verify_cert_error_string(rc)); ngx_ssl_remove_cached_session(sslcf->ssl.ctx, (SSL_get0_session(c->ssl->connection))); cscf = ngx_mail_get_module_srv_conf(s, ngx_mail_core_module); s->out = cscf->protocol->cert_error; s->quit = 1; c->write->handler = ngx_mail_send; ngx_mail_send(s->connection->write); return NGX_ERROR; } if (sslcf->verify == 1) { cert = SSL_get_peer_certificate(c->ssl->connection); if (cert == NULL) { ngx_log_error(NGX_LOG_INFO, c->log, 0, "client sent no required SSL certificate"); ngx_ssl_remove_cached_session(sslcf->ssl.ctx, (SSL_get0_session(c->ssl->connection))); cscf = ngx_mail_get_module_srv_conf(s, ngx_mail_core_module); s->out = cscf->protocol->no_cert; s->quit = 1; c->write->handler = ngx_mail_send; ngx_mail_send(s->connection->write); return NGX_ERROR; } X509_free(cert); } return NGX_OK; }
static void ngx_mail_zmauth_lookup_result_handler(ngx_zm_lookup_work_t * work) { ngx_mail_session_t *s; ngx_mail_zmauth_ctx_t *ctx; size_t size; u_char *p; ngx_addr_t *peer; ngx_str_t errmsg; s = (ngx_mail_session_t *) work->data; ctx = (ngx_mail_zmauth_ctx_t *)ngx_mail_get_module_ctx(s, ngx_mail_zmauth_module); if (work->result == ZM_LOOKUP_SUCCESS) { ngx_mail_zmauth_unescape(&work->account_name); /* copy the lookup result from zmauth pool to s->connection pool */ s->qlogin = *(ngx_pstrcpy(s->connection->pool, &work->account_name)); s->key_alias = *(ngx_pstrcpy(s->connection->pool, &work->alias_key)); s->key_route = *(ngx_pstrcpy(s->connection->pool, &work->route_key)); if (s->auth_method == NGX_MAIL_AUTH_GSSAPI || s->auth_method == NGX_MAIL_AUTH_GSSAPI_IR) { s->dusr = *(ngx_pstrcpy(s->connection->pool, &work->auth_id)); s->dpasswd = *(ngx_pstrcpy(s->connection->pool, &work->zm_auth_token)); } peer = ngx_palloc(s->connection->pool, sizeof(ngx_addr_t)); peer->name = *(ngx_pstrcpy(s->connection->pool, &work->route->name)); peer->socklen = work->route->socklen; peer->sockaddr = ngx_palloc(s->connection->pool, peer->socklen); if(peer->sockaddr == NULL) { return; /* NO MEM */ } ngx_memcpy(peer->sockaddr, work->route->sockaddr, peer->socklen); switch (work->alias_check_stat) { case ZM_ALIAS_NOT_FOUND: s->vlogin = 1; break; case ZM_ALIAS_FOUND: s->vlogin = 2; break; default: break; /* do nothing */ } ngx_destroy_pool(ctx->pool); ngx_mail_set_ctx(s, NULL, ngx_mail_zmauth_module); ngx_mail_proxy_init(s, peer); return; } else { ngx_log_error(NGX_LOG_ERR, s->connection->log, 0, "An error occurred in mail zmauth: %V", &work->err); /* construct error msg */ if (work->result != ZM_LOOKUP_LOGIN_FAILED) { /* zmauth clean up will destroy the ctx->pool */ ngx_mail_session_internal_server_error(s); return; } errmsg = LOGIN_FAILED; /* should we return the real err msg to user? */ switch (s->protocol) { case NGX_MAIL_POP3_PROTOCOL: size = sizeof("-ERR ") - 1 + errmsg.len + sizeof(CRLF) - 1; if (s->command == NGX_POP3_AUTH) { size += AUTHENTICATION_FAILED.len; } break; case NGX_MAIL_IMAP_PROTOCOL: if (s->command == NGX_IMAP_AUTHENTICATE) { errmsg = AUTHENTICATE_FAILED; } size = s->tag.len + 1 /*for space*/+ sizeof("NO ") - 1 + errmsg.len + sizeof(CRLF) - 1; break; default: /* NGX_MAIL_SMTP_PROTOCOL */ ngx_log_error(NGX_LOG_CRIT, s->connection->log, 0, "smtp is not supported!!"); return; } p = ngx_pnalloc(s->connection->pool, size); if (p == NULL) { ngx_destroy_pool(ctx->pool); ngx_mail_session_internal_server_error(s); return; } ctx->errmsg.data = p; switch (s->protocol) { case NGX_MAIL_POP3_PROTOCOL: *p++ = '-'; *p++ = 'E'; *p++ = 'R'; *p++ = 'R'; *p++ = ' '; if (s->command == NGX_POP3_AUTH) { p = ngx_cpymem(p, AUTHENTICATION_FAILED.data, AUTHENTICATION_FAILED.len); } break; case NGX_MAIL_IMAP_PROTOCOL: p = ngx_cpymem(p, s->tag.data, s->tag.len); *p++ = ' '; *p++ = 'N'; *p++ = 'O'; *p++ = ' '; break; default: /* NGX_MAIL_SMTP_PROTOCOL */ break; } p = ngx_cpymem(p, errmsg.data, errmsg.len); *p++ = CR; *p++ = LF; ctx->errmsg.len = p - ctx->errmsg.data; s->out = ctx->errmsg; if (work->result == ZM_LOOKUP_LOGIN_FAILED && work->wait_time > 0) { ngx_add_timer(ctx->wait_ev, (ngx_msec_t) (work->wait_time * 1000)); s->connection->read->handler = ngx_mail_zmauth_block_read; } else { s->quit = 1; ngx_mail_send(s->connection->write); ngx_mail_set_ctx(s, NULL, ngx_mail_zmauth_module); ngx_destroy_pool(ctx->pool); } return; } }