static ngx_int_t
ngx_mail_imap_authenticate(ngx_mail_session_t *s, ngx_connection_t *c)
{
ngx_int_t rc;
ngx_mail_core_srv_conf_t *cscf;
ngx_mail_imap_srv_conf_t *iscf;
#if (NGX_MAIL_SSL)
if (ngx_mail_starttls_only(s, c)) {
return NGX_MAIL_PARSE_INVALID_COMMAND;
}
#endif
rc = ngx_mail_auth_parse(s, c);
switch (rc) {
case NGX_MAIL_AUTH_LOGIN:
s->out.len = sizeof(imap_username) - 1;
s->out.data = imap_username;
s->mail_state = ngx_imap_auth_login_username;
return NGX_OK;
case NGX_MAIL_AUTH_PLAIN:
s->out.len = sizeof(imap_plain_next) - 1;
s->out.data = imap_plain_next;
s->mail_state = ngx_imap_auth_plain;
return NGX_OK;
case NGX_MAIL_AUTH_CRAM_MD5:
iscf = ngx_mail_get_module_srv_conf(s, ngx_mail_imap_module);
if (!(iscf->auth_methods & NGX_MAIL_AUTH_CRAM_MD5_ENABLED)) {
return NGX_MAIL_PARSE_INVALID_COMMAND;
}
if (s->salt.data == NULL) {
cscf = ngx_mail_get_module_srv_conf(s, ngx_mail_core_module);
if (ngx_mail_salt(s, c, cscf) != NGX_OK) {
return NGX_ERROR;
}
}
if (ngx_mail_auth_cram_md5_salt(s, c, "+ ", 2) == NGX_OK) {
s->mail_state = ngx_imap_auth_cram_md5;
return NGX_OK;
}
return NGX_ERROR;
}
return rc;
}
static ngx_int_t
ngx_mail_smtp_auth(ngx_mail_session_t *s, ngx_connection_t *c)
{
ngx_int_t rc;
ngx_mail_core_srv_conf_t *cscf;
ngx_mail_smtp_srv_conf_t *sscf;
#if (NGX_MAIL_SSL)
if (ngx_mail_starttls_only(s, c))
{
return NGX_MAIL_PARSE_INVALID_COMMAND;
}
#endif
if (s->args.nelts == 0)
{
ngx_str_set(&s->out, smtp_invalid_argument);
s->state = 0;
return NGX_OK;
}
rc = ngx_mail_auth_parse(s, c);
switch (rc)
{
case NGX_MAIL_AUTH_LOGIN:
ngx_str_set(&s->out, smtp_username);
s->mail_state = ngx_smtp_auth_login_username;
return NGX_OK;
case NGX_MAIL_AUTH_LOGIN_USERNAME:
ngx_str_set(&s->out, smtp_password);
s->mail_state = ngx_smtp_auth_login_password;
return ngx_mail_auth_login_username(s, c, 1);
case NGX_MAIL_AUTH_PLAIN:
ngx_str_set(&s->out, smtp_next);
s->mail_state = ngx_smtp_auth_plain;
return NGX_OK;
case NGX_MAIL_AUTH_CRAM_MD5:
sscf = ngx_mail_get_module_srv_conf(s, ngx_mail_smtp_module);
if (!(sscf->auth_methods & NGX_MAIL_AUTH_CRAM_MD5_ENABLED))
{
return NGX_MAIL_PARSE_INVALID_COMMAND;
}
if (s->salt.data == NULL)
{
cscf = ngx_mail_get_module_srv_conf(s, ngx_mail_core_module);
if (ngx_mail_salt(s, c, cscf) != NGX_OK)
{
return NGX_ERROR;
}
}
if (ngx_mail_auth_cram_md5_salt(s, c, "334 ", 4) == NGX_OK)
{
s->mail_state = ngx_smtp_auth_cram_md5;
return NGX_OK;
}
return NGX_ERROR;
}
return rc;
}
static ngx_int_t
ngx_mail_imap_authenticate(ngx_mail_session_t *s, ngx_connection_t *c)
{
ngx_int_t rc, res;
ngx_mail_core_srv_conf_t *cscf;
ngx_mail_imap_srv_conf_t *iscf;
rc = ngx_mail_auth_parse(s, c);
iscf = ngx_mail_get_module_srv_conf(s, ngx_mail_imap_module);
switch (rc) {
case NGX_MAIL_AUTH_LOGIN:
if (!(iscf->auth_methods & NGX_MAIL_AUTH_LOGIN_ENABLED)) {
return NGX_MAIL_PARSE_INVALID_AUTH_MECH;
}
ngx_str_set(&s->out, imap_username);
s->mail_state = ngx_imap_auth_login_username;
return NGX_MAIL_AUTH_ARGUMENT;
case NGX_MAIL_AUTH_LOGIN_USERNAME:
if (!(iscf->auth_methods & NGX_MAIL_AUTH_LOGIN_ENABLED)) {
return NGX_MAIL_PARSE_INVALID_AUTH_MECH;
}
res = ngx_mail_auth_login_username(s, c, 1);
if (res == NGX_MAIL_AUTH_ARGUMENT) {
ngx_str_set(&s->out, imap_password);
s->mail_state = ngx_imap_auth_login_password;
return NGX_MAIL_AUTH_ARGUMENT;
} else {
return res;
}
case NGX_MAIL_AUTH_PLAIN:
if (!(iscf->auth_methods & NGX_MAIL_AUTH_PLAIN_ENABLED)) {
return NGX_MAIL_PARSE_INVALID_AUTH_MECH;
}
ngx_str_set(&s->out, imap_plain_next);
s->mail_state = ngx_imap_auth_plain;
return NGX_MAIL_AUTH_ARGUMENT;
case NGX_MAIL_AUTH_PLAIN_IR:
if (!(iscf->auth_methods & NGX_MAIL_AUTH_PLAIN_ENABLED)) {
return NGX_MAIL_PARSE_INVALID_AUTH_MECH;
}
return ngx_mail_auth_plain(s, c, 1);
case NGX_MAIL_AUTH_GSSAPI:
if (!(iscf->auth_methods & NGX_MAIL_AUTH_GSSAPI_ENABLED)) {
return NGX_MAIL_PARSE_INVALID_AUTH_MECH;
}
ngx_str_set(&s->out, imap_gssapi_next);
s->mail_state = ngx_imap_auth_gssapi;
return NGX_MAIL_AUTH_ARGUMENT;
case NGX_MAIL_AUTH_GSSAPI_IR:
if (!(iscf->auth_methods & NGX_MAIL_AUTH_GSSAPI_ENABLED)) {
return NGX_MAIL_PARSE_INVALID_AUTH_MECH;
}
s->mail_state = ngx_imap_auth_gssapi;
ngx_str_t output;
ngx_str_set(&output, "");
res = ngx_mail_auth_gssapi(s, c, &output);
if(res == NGX_MAIL_AUTH_ARGUMENT) {
s->out = output;
return NGX_MAIL_AUTH_ARGUMENT;
} else {
return res;
}
case NGX_MAIL_AUTH_CRAM_MD5:
if (!(iscf->auth_methods & NGX_MAIL_AUTH_CRAM_MD5_ENABLED)) {
return NGX_MAIL_PARSE_INVALID_AUTH_MECH;
}
if (s->salt.data == NULL) {
cscf = ngx_mail_get_module_srv_conf(s, ngx_mail_core_module);
if (ngx_mail_salt(s, c, cscf) != NGX_OK) {
return NGX_ERROR;
}
}
if (ngx_mail_auth_cram_md5_salt(s, c, "+ ", 2) == NGX_OK) {
s->mail_state = ngx_imap_auth_cram_md5;
return NGX_MAIL_AUTH_ARGUMENT;
}
return NGX_ERROR;
}
return rc;
}
static ngx_int_t
ngx_mail_pop3_auth(ngx_mail_session_t *s, ngx_connection_t *c)
{
ngx_int_t rc;
ngx_mail_pop3_srv_conf_t *pscf;
#if (NGX_MAIL_SSL)
if (ngx_mail_starttls_only(s, c)) {
return NGX_MAIL_PARSE_INVALID_COMMAND;
}
#endif
pscf = ngx_mail_get_module_srv_conf(s, ngx_mail_pop3_module);
if (s->args.nelts == 0) {
s->out = pscf->auth_capability;
s->state = 0;
return NGX_OK;
}
rc = ngx_mail_auth_parse(s, c);
switch (rc) {
case NGX_MAIL_AUTH_LOGIN:
ngx_str_set(&s->out, pop3_username);
s->mail_state = ngx_pop3_auth_login_username;
return NGX_OK;
case NGX_MAIL_AUTH_LOGIN_USERNAME:
ngx_str_set(&s->out, pop3_password);
s->mail_state = ngx_pop3_auth_login_password;
return ngx_mail_auth_login_username(s, c, 1);
case NGX_MAIL_AUTH_PLAIN:
ngx_str_set(&s->out, pop3_next);
s->mail_state = ngx_pop3_auth_plain;
return NGX_OK;
case NGX_MAIL_AUTH_CRAM_MD5:
if (!(pscf->auth_methods & NGX_MAIL_AUTH_CRAM_MD5_ENABLED)) {
return NGX_MAIL_PARSE_INVALID_COMMAND;
}
if (ngx_mail_auth_cram_md5_salt(s, c, "+ ", 2) == NGX_OK) {
s->mail_state = ngx_pop3_auth_cram_md5;
return NGX_OK;
}
return NGX_ERROR;
}
return rc;
}