static void
ngx_mail_auth_http_write_handler(ngx_event_t *wev)
{
ssize_t n, size;
ngx_connection_t *c;
ngx_mail_session_t *s;
ngx_mail_auth_http_ctx_t *ctx;
ngx_mail_auth_http_conf_t *ahcf;
c = wev->data;
s = c->data;
ctx = ngx_mail_get_module_ctx(s, ngx_mail_auth_http_module);
ngx_log_debug0(NGX_LOG_DEBUG_MAIL, wev->log, 0,
"mail auth http write handler");
if (wev->timedout) {
ngx_log_error(NGX_LOG_ERR, wev->log, NGX_ETIMEDOUT,
"auth http server %V timed out", ctx->peer.name);
ngx_close_connection(c);
ngx_destroy_pool(ctx->pool);
ngx_mail_session_internal_server_error(s);
return;
}
size = ctx->request->last - ctx->request->pos;
n = ngx_send(c, ctx->request->pos, size);
if (n == NGX_ERROR) {
ngx_close_connection(c);
ngx_destroy_pool(ctx->pool);
ngx_mail_session_internal_server_error(s);
return;
}
if (n > 0) {
ctx->request->pos += n;
if (n == size) {
wev->handler = ngx_mail_auth_http_dummy_handler;
if (wev->timer_set) {
ngx_del_timer(wev);
}
if (ngx_handle_write_event(wev, 0) != NGX_OK) {
ngx_close_connection(c);
ngx_destroy_pool(ctx->pool);
ngx_mail_session_internal_server_error(s);
}
return;
}
}
if (!wev->timer_set) {
ahcf = ngx_mail_get_module_srv_conf(s, ngx_mail_auth_http_module);
ngx_add_timer(wev, ahcf->timeout);
}
}
static void
ngx_mail_auth_http_ignore_status_line(ngx_mail_session_t *s,
ngx_mail_auth_http_ctx_t *ctx)
{
u_char *p, ch;
enum {
sw_start = 0,
sw_H,
sw_HT,
sw_HTT,
sw_HTTP,
sw_skip,
sw_almost_done
} state;
ngx_log_debug0(NGX_LOG_DEBUG_MAIL, s->connection->log, 0,
"mail auth http process status line");
state = ctx->state;
for (p = ctx->response->pos; p < ctx->response->last; p++) {
ch = *p;
switch (state) {
/* "HTTP/" */
case sw_start:
if (ch == 'H') {
state = sw_H;
break;
}
goto next;
case sw_H:
if (ch == 'T') {
state = sw_HT;
break;
}
goto next;
case sw_HT:
if (ch == 'T') {
state = sw_HTT;
break;
}
goto next;
case sw_HTT:
if (ch == 'P') {
state = sw_HTTP;
break;
}
goto next;
case sw_HTTP:
if (ch == '/') {
state = sw_skip;
break;
}
goto next;
/* any text until end of line */
case sw_skip:
switch (ch) {
case CR:
state = sw_almost_done;
break;
case LF:
goto done;
}
break;
/* end of status line */
case sw_almost_done:
if (ch == LF) {
goto done;
}
ngx_log_error(NGX_LOG_ERR, s->connection->log, 0,
"auth http server &V sent invalid response",
ctx->peer.name);
ngx_close_connection(ctx->peer.connection);
ngx_destroy_pool(ctx->pool);
ngx_mail_session_internal_server_error(s);
return;
}
}
ctx->response->pos = p;
ctx->state = state;
return;
next:
p = ctx->response->start - 1;
done:
ctx->response->pos = p + 1;
ctx->state = 0;
ctx->handler = ngx_mail_auth_http_process_headers;
ctx->handler(s, ctx);
}
void
ngx_mail_proxy_init(ngx_mail_session_t *s, ngx_addr_t *peer)
{
int keepalive;
ngx_int_t rc;
ngx_mail_proxy_ctx_t *p;
ngx_mail_proxy_conf_t *pcf;
ngx_mail_core_srv_conf_t *cscf;
s->connection->log->action = "connecting to upstream";
cscf = ngx_mail_get_module_srv_conf(s, ngx_mail_core_module);
if (cscf->so_keepalive) {
keepalive = 1;
if (setsockopt(s->connection->fd, SOL_SOCKET, SO_KEEPALIVE,
(const void *) &keepalive, sizeof(int))
== -1)
{
ngx_log_error(NGX_LOG_ALERT, s->connection->log, ngx_socket_errno,
"setsockopt(SO_KEEPALIVE) failed");
}
}
p = ngx_pcalloc(s->connection->pool, sizeof(ngx_mail_proxy_ctx_t));
if (p == NULL) {
ngx_mail_session_internal_server_error(s);
return;
}
s->proxy = p;
p->upstream.sockaddr = peer->sockaddr;
p->upstream.socklen = peer->socklen;
p->upstream.name = &peer->name;
p->upstream.get = ngx_event_get_peer;
p->upstream.log = s->connection->log;
p->upstream.log_error = NGX_ERROR_ERR;
rc = ngx_event_connect_peer(&p->upstream);
if (rc == NGX_ERROR || rc == NGX_BUSY || rc == NGX_DECLINED) {
ngx_mail_proxy_internal_server_error(s);
return;
}
ngx_add_timer(p->upstream.connection->read, cscf->timeout);
p->upstream.connection->data = s;
p->upstream.connection->pool = s->connection->pool;
s->connection->read->handler = ngx_mail_proxy_block_read;
p->upstream.connection->write->handler = ngx_mail_proxy_dummy_handler;
pcf = ngx_mail_get_module_srv_conf(s, ngx_mail_proxy_module);
s->proxy->buffer = ngx_create_temp_buf(s->connection->pool,
pcf->buffer_size);
if (s->proxy->buffer == NULL) {
ngx_mail_proxy_internal_server_error(s);
return;
}
s->out.len = 0;
switch (s->protocol) {
case NGX_MAIL_POP3_PROTOCOL:
p->upstream.connection->read->handler = ngx_mail_proxy_pop3_handler;
s->mail_state = ngx_pop3_start;
break;
case NGX_MAIL_IMAP_PROTOCOL:
p->upstream.connection->read->handler = ngx_mail_proxy_imap_handler;
s->mail_state = ngx_imap_start;
break;
default: /* NGX_MAIL_SMTP_PROTOCOL */
p->upstream.connection->read->handler = ngx_mail_proxy_smtp_handler;
s->mail_state = ngx_smtp_start;
break;
}
}
void
ngx_mail_auth_http_init(ngx_mail_session_t *s)
{
ngx_int_t rc;
ngx_pool_t *pool;
ngx_mail_auth_http_ctx_t *ctx;
ngx_mail_auth_http_conf_t *ahcf;
s->connection->log->action = "in http auth state";
pool = ngx_create_pool(2048, s->connection->log);
if (pool == NULL) {
ngx_mail_session_internal_server_error(s);
return;
}
ctx = ngx_pcalloc(pool, sizeof(ngx_mail_auth_http_ctx_t));
if (ctx == NULL) {
ngx_destroy_pool(pool);
ngx_mail_session_internal_server_error(s);
return;
}
ctx->pool = pool;
ahcf = ngx_mail_get_module_srv_conf(s, ngx_mail_auth_http_module);
ctx->request = ngx_mail_auth_http_create_request(s, pool, ahcf);
if (ctx->request == NULL) {
ngx_destroy_pool(ctx->pool);
ngx_mail_session_internal_server_error(s);
return;
}
ngx_mail_set_ctx(s, ctx, ngx_mail_auth_http_module);
ctx->peer.sockaddr = ahcf->peer->sockaddr;
ctx->peer.socklen = ahcf->peer->socklen;
ctx->peer.name = &ahcf->peer->name;
ctx->peer.get = ngx_event_get_peer;
ctx->peer.log = s->connection->log;
ctx->peer.log_error = NGX_ERROR_ERR;
rc = ngx_event_connect_peer(&ctx->peer);
if (rc == NGX_ERROR || rc == NGX_BUSY || rc == NGX_DECLINED) {
if (ctx->peer.connection) {
ngx_close_connection(ctx->peer.connection);
}
ngx_destroy_pool(ctx->pool);
ngx_mail_session_internal_server_error(s);
return;
}
ctx->peer.connection->data = s;
ctx->peer.connection->pool = s->connection->pool;
s->connection->read->handler = ngx_mail_auth_http_block_read;
ctx->peer.connection->read->handler = ngx_mail_auth_http_read_handler;
ctx->peer.connection->write->handler = ngx_mail_auth_http_write_handler;
ctx->handler = ngx_mail_auth_http_ignore_status_line;
ngx_add_timer(ctx->peer.connection->read, ahcf->timeout);
ngx_add_timer(ctx->peer.connection->write, ahcf->timeout);
if (rc == NGX_OK) {
ngx_mail_auth_http_write_handler(ctx->peer.connection->write);
return;
}
}
void
ngx_mail_imap_auth_state(ngx_event_t *rev)
{
u_char *p, *dst, *src, *end;
ngx_str_t *arg;
ngx_int_t rc;
ngx_uint_t tag, i;
ngx_connection_t *c;
ngx_mail_session_t *s;
c = rev->data;
s = c->data;
ngx_log_debug0(NGX_LOG_DEBUG_MAIL, c->log, 0, "imap auth state");
if (rev->timedout) {
ngx_log_error(NGX_LOG_INFO, c->log, NGX_ETIMEDOUT, "client timed out");
c->timedout = 1;
ngx_mail_close_connection(c);
return;
}
if (s->out.len) {
ngx_log_debug0(NGX_LOG_DEBUG_MAIL, c->log, 0, "imap send handler busy");
s->blocked = 1;
return;
}
s->blocked = 0;
rc = ngx_mail_read_command(s, c);
if (rc == NGX_AGAIN || rc == NGX_ERROR) {
return;
}
tag = 1;
s->text.len = 0;
s->out.len = sizeof(imap_ok) - 1;
s->out.data = imap_ok;
if (rc == NGX_OK) {
ngx_log_debug1(NGX_LOG_DEBUG_MAIL, c->log, 0, "imap auth command: %i",
s->command);
if (s->backslash) {
arg = s->args.elts;
for (i = 0; i < s->args.nelts; i++) {
dst = arg[i].data;
end = dst + arg[i].len;
for (src = dst; src < end; dst++) {
*dst = *src;
if (*src++ == '\\') {
*dst = *src++;
}
}
arg[i].len = dst - arg[i].data;
}
s->backslash = 0;
}
switch (s->mail_state) {
case ngx_imap_start:
switch (s->command) {
case NGX_IMAP_LOGIN:
rc = ngx_mail_imap_login(s, c);
break;
case NGX_IMAP_AUTHENTICATE:
rc = ngx_mail_imap_authenticate(s, c);
tag = (rc != NGX_OK);
break;
case NGX_IMAP_CAPABILITY:
rc = ngx_mail_imap_capability(s, c);
break;
case NGX_IMAP_LOGOUT:
s->quit = 1;
s->text.len = sizeof(imap_bye) - 1;
s->text.data = imap_bye;
break;
case NGX_IMAP_NOOP:
break;
case NGX_IMAP_STARTTLS:
rc = ngx_mail_imap_starttls(s, c);
break;
default:
rc = NGX_MAIL_PARSE_INVALID_COMMAND;
break;
}
break;
case ngx_imap_auth_login_username:
rc = ngx_mail_auth_login_username(s, c, 0);
tag = 0;
s->out.len = sizeof(imap_password) - 1;
s->out.data = imap_password;
s->mail_state = ngx_imap_auth_login_password;
break;
case ngx_imap_auth_login_password:
rc = ngx_mail_auth_login_password(s, c);
break;
case ngx_imap_auth_plain:
rc = ngx_mail_auth_plain(s, c, 0);
break;
case ngx_imap_auth_cram_md5:
rc = ngx_mail_auth_cram_md5(s, c);
break;
}
} else if (rc == NGX_IMAP_NEXT) {
tag = 0;
s->out.len = sizeof(imap_next) - 1;
s->out.data = imap_next;
}
switch (rc) {
case NGX_DONE:
ngx_mail_auth(s, c);
return;
case NGX_ERROR:
ngx_mail_session_internal_server_error(s);
return;
case NGX_MAIL_PARSE_INVALID_COMMAND:
s->state = 0;
s->out.len = sizeof(imap_invalid_command) - 1;
s->out.data = imap_invalid_command;
s->mail_state = ngx_imap_start;
break;
}
if (tag) {
if (s->tag.len == 0) {
s->tag.len = sizeof(imap_star) - 1;
s->tag.data = (u_char *) imap_star;
}
if (s->tagged_line.len < s->tag.len + s->text.len + s->out.len) {
s->tagged_line.len = s->tag.len + s->text.len + s->out.len;
s->tagged_line.data = ngx_pnalloc(c->pool, s->tagged_line.len);
if (s->tagged_line.data == NULL) {
ngx_mail_close_connection(c);
return;
}
}
p = s->tagged_line.data;
if (s->text.len) {
p = ngx_cpymem(p, s->text.data, s->text.len);
}
p = ngx_cpymem(p, s->tag.data, s->tag.len);
ngx_memcpy(p, s->out.data, s->out.len);
s->out.len = s->text.len + s->tag.len + s->out.len;
s->out.data = s->tagged_line.data;
}
if (rc != NGX_IMAP_NEXT) {
s->args.nelts = 0;
if (s->state) {
/* preserve tag */
s->arg_start = s->buffer->start + s->tag.len;
s->buffer->pos = s->arg_start;
s->buffer->last = s->arg_start;
} else {
s->buffer->pos = s->buffer->start;
s->buffer->last = s->buffer->start;
s->tag.len = 0;
}
}
ngx_mail_send(c->write);
}
void
ngx_mail_smtp_auth_state(ngx_event_t *rev)
{
ngx_int_t rc;
ngx_connection_t *c;
ngx_mail_session_t *s;
c = rev->data;
s = c->data;
ngx_log_debug0(NGX_LOG_DEBUG_MAIL, c->log, 0, "smtp auth state");
if (rev->timedout) {
ngx_log_error(NGX_LOG_INFO, c->log, NGX_ETIMEDOUT, "client timed out");
c->timedout = 1;
ngx_mail_close_connection(c);
return;
}
if (s->out.len) {
ngx_log_debug0(NGX_LOG_DEBUG_MAIL, c->log, 0, "smtp send handler busy");
s->blocked = 1;
return;
}
s->blocked = 0;
rc = ngx_mail_read_command(s, c);
if (rc == NGX_AGAIN || rc == NGX_ERROR) {
return;
}
s->out.len = sizeof(smtp_ok) - 1;
s->out.data = smtp_ok;
if (rc == NGX_OK) {
switch (s->mail_state) {
case ngx_smtp_start:
switch (s->command) {
case NGX_SMTP_HELO:
case NGX_SMTP_EHLO:
rc = ngx_mail_smtp_helo(s, c);
break;
case NGX_SMTP_AUTH:
rc = ngx_mail_smtp_auth(s, c);
break;
case NGX_SMTP_QUIT:
s->quit = 1;
s->out.len = sizeof(smtp_bye) - 1;
s->out.data = smtp_bye;
break;
case NGX_SMTP_MAIL:
rc = ngx_mail_smtp_mail(s, c);
break;
case NGX_SMTP_NOOP:
case NGX_SMTP_RSET:
break;
case NGX_SMTP_STARTTLS:
rc = ngx_mail_smtp_starttls(s, c);
s->out.len = sizeof(smtp_starttls) - 1;
s->out.data = smtp_starttls;
break;
default:
rc = NGX_MAIL_PARSE_INVALID_COMMAND;
break;
}
break;
case ngx_smtp_auth_login_username:
rc = ngx_mail_auth_login_username(s, c, 0);
s->out.len = sizeof(smtp_password) - 1;
s->out.data = smtp_password;
s->mail_state = ngx_smtp_auth_login_password;
break;
case ngx_smtp_auth_login_password:
rc = ngx_mail_auth_login_password(s, c);
break;
case ngx_smtp_auth_plain:
rc = ngx_mail_auth_plain(s, c, 0);
break;
case ngx_smtp_auth_cram_md5:
rc = ngx_mail_auth_cram_md5(s, c);
break;
}
}
switch (rc) {
case NGX_DONE:
ngx_mail_auth(s, c);
return;
case NGX_ERROR:
ngx_mail_session_internal_server_error(s);
return;
case NGX_MAIL_PARSE_INVALID_COMMAND:
s->mail_state = ngx_smtp_start;
s->state = 0;
s->out.len = sizeof(smtp_invalid_command) - 1;
s->out.data = smtp_invalid_command;
/* fall through */
case NGX_OK:
s->args.nelts = 0;
s->buffer->pos = s->buffer->start;
s->buffer->last = s->buffer->start;
if (s->state) {
s->arg_start = s->buffer->start;
}
ngx_mail_send(c->write);
}
}
void
ngx_mail_imap_auth_state(ngx_event_t *rev)
{
u_char *p, *dst, *src, *end;
ngx_str_t *arg;
ngx_int_t rc;
ngx_uint_t tag, i;
ngx_connection_t *c;
ngx_mail_session_t *s;
c = rev->data;
s = c->data;
ngx_log_debug0(NGX_LOG_DEBUG_MAIL, c->log, 0, "imap auth state");
if (rev->timedout) {
ngx_log_error(NGX_LOG_INFO, c->log, NGX_ETIMEDOUT, "client timed out");
c->timedout = 1;
ngx_mail_end_session(s); /* send IMAP BYE on timeout */
return;
}
if (s->out.len) {
ngx_log_debug0(NGX_LOG_DEBUG_MAIL, c->log, 0, "imap send handler busy");
s->blocked = 1;
return;
}
s->blocked = 0;
rc = ngx_mail_read_command(s, c);
if (rc == NGX_AGAIN || rc == NGX_ERROR) {
return;
}
if (rc == NGX_IMAP_NEXT) {
tag = 0;
ngx_str_set(&s->out, imap_next);
} else {
tag = 1;
ngx_str_set(&s->out, imap_ok);
s->text.len = 0;
ngx_log_debug1(NGX_LOG_DEBUG_MAIL, c->log, 0, "imap auth command: %i",
s->command);
if (s->backslash) {
arg = s->args.elts;
for (i = 0; i < s->args.nelts; i++) {
dst = arg[i].data;
end = dst + arg[i].len;
for (src = dst; src < end; dst++) {
*dst = *src;
if (*src++ == '\\') {
*dst = *src++;
}
}
arg[i].len = dst - arg[i].data;
}
s->backslash = 0;
}
if (rc == NGX_OK) {
switch (s->mail_state) {
case ngx_imap_start:
switch (s->command) {
case NGX_IMAP_LOGIN:
rc = ngx_mail_imap_login(s, c);
break;
case NGX_IMAP_AUTHENTICATE:
rc = ngx_mail_imap_authenticate(s, c);
break;
case NGX_IMAP_CAPABILITY:
rc = ngx_mail_imap_capability(s, c);
break;
case NGX_IMAP_LOGOUT:
s->quit = 1;
ngx_str_set(&s->text, imap_bye);
break;
case NGX_IMAP_NOOP:
break;
case NGX_IMAP_STARTTLS:
rc = ngx_mail_imap_starttls(s, c);
break;
case NGX_IMAP_ID:
rc = ngx_mail_imap_id(s, c);
break;
default:
rc = NGX_MAIL_PARSE_INVALID_COMMAND;
break;
}
break;
case ngx_imap_auth_login_username:
rc = ngx_mail_auth_login_username(s, c, 0);
if (rc == NGX_MAIL_AUTH_ARGUMENT) {
ngx_str_set(&s->out, imap_password);
s->mail_state = ngx_imap_auth_login_password;
}
break;
case ngx_imap_auth_login_password:
rc = ngx_mail_auth_login_password(s, c);
break;
case ngx_imap_auth_plain:
rc = ngx_mail_auth_plain(s, c, 0);
break;
case ngx_imap_auth_gssapi:
{
ngx_str_t output;
ngx_str_set(&output, "");
rc = ngx_mail_auth_gssapi(s, c, &output);
if (rc == NGX_MAIL_AUTH_ARGUMENT) {
s->mail_state = ngx_imap_auth_gssapi;
s->out = output;
}
break;
}
case ngx_imap_auth_cram_md5:
rc = ngx_mail_auth_cram_md5(s, c);
break;
}
}
}
switch (rc) {
case NGX_DONE:
ngx_mail_do_auth(s, c);
return;
case NGX_OK:
ngx_mail_set_imap_parse_state_start(s);
s->arg_start = NULL;
ngx_mail_reset_parse_buffer(s);
break;
case NGX_MAIL_AUTH_ABORT:
ngx_str_set(&s->out, imap_authaborted);
s->mail_state = ngx_imap_start;
ngx_mail_set_imap_parse_state_start(s);
s->arg_start = NULL;
ngx_mail_reset_parse_buffer(s);
break;
case NGX_ERROR:
ngx_mail_session_internal_server_error(s);
return;
case NGX_MAIL_AUTH_FAILED:
ngx_str_set(&s->out, imap_authenticate_failed);
s->mail_state = ngx_imap_start;
ngx_mail_set_imap_parse_state_start(s);
s->arg_start = NULL;
ngx_mail_reset_parse_buffer(s);
break;
case NGX_MAIL_LOGIN_FAILED:
ngx_str_set(&s->out, imap_login_failed);
s->mail_state = ngx_imap_start;
ngx_mail_set_imap_parse_state_start(s);
s->arg_start = NULL;
ngx_mail_reset_parse_buffer(s);
break;
case NGX_MAIL_PARSE_INVALID_AUTH_MECH:
ngx_log_debug0 (NGX_LOG_DEBUG_MAIL, c->log, 0,
"unsupported IMAP auth mechanism");
ngx_str_set(&s->out, imap_unsupported_mech);
s->mail_state = ngx_imap_start;
ngx_mail_set_imap_parse_state_start(s);
s->arg_start = NULL;
ngx_mail_reset_parse_buffer(s);
break;
case NGX_MAIL_PARSE_INVALID_COMMAND:
ngx_str_set(&s->out, imap_invalid_command);
s->mail_state = ngx_imap_start;
ngx_mail_set_imap_parse_state_start(s);
s->arg_start = NULL;
ngx_mail_reset_parse_buffer(s);
break;
case NGX_MAIL_AUTH_ARGUMENT:
ngx_mail_set_imap_parse_state_argument(s);
/* preserve tag, since tag's memory is allocated in buffer, need to set the
* buffer pos after tag */
s->arg_start = s->buffer->start + s->tag.len;
s->buffer->pos = s->arg_start;
s->buffer->last = s->arg_start;
tag = 0; // just output s->out
break;
case NGX_IMAP_NEXT:
/* do nothing, preserve all the state, including s->state, s->mail_state,
* , s->buffer, s->arg_start
*/
break;
}
//clear args
if(rc != NGX_IMAP_NEXT) {
s->args.nelts = 0;
}
// process the output
if (tag) { //text tag out --> out
if (s->tag.len == 0) {
ngx_str_set(&s->tag, imap_star);
}
if (s->tagged_line.len < s->tag.len + s->text.len + s->out.len + 1) {
s->tagged_line.len = s->tag.len + s->text.len + s->out.len + 1;
s->tagged_line.data = ngx_pnalloc(c->pool, s->tagged_line.len);
if (s->tagged_line.data == NULL) {
ngx_mail_close_connection(c);
return;
}
}
p = s->tagged_line.data;
if (s->text.len) {
p = ngx_cpymem(p, s->text.data, s->text.len);
}
p = ngx_cpymem(p, s->tag.data, s->tag.len);
*p++ = ' '; /* the space between tag and out */
ngx_memcpy(p, s->out.data, s->out.len);
s->out.len = s->text.len + s->tag.len + 1 /*for space*/+ s->out.len;
s->out.data = s->tagged_line.data;
}
ngx_mail_send(c->write);
}
void
ngx_mail_pop3_auth_state(ngx_event_t *rev)
{
ngx_int_t rc;
ngx_connection_t *c;
ngx_mail_session_t *s;
c = rev->data;
s = c->data;
ngx_log_debug0(NGX_LOG_DEBUG_MAIL, c->log, 0, "pop3 auth state");
if (rev->timedout) {
ngx_log_error(NGX_LOG_INFO, c->log, NGX_ETIMEDOUT, "client timed out");
c->timedout = 1;
ngx_mail_close_connection(c);
return;
}
if (s->out.len) {
ngx_log_debug0(NGX_LOG_DEBUG_MAIL, c->log, 0, "pop3 send handler busy");
s->blocked = 1;
return;
}
s->blocked = 0;
rc = ngx_mail_read_command(s, c);
if (rc == NGX_AGAIN || rc == NGX_ERROR) {
return;
}
ngx_str_set(&s->out, pop3_ok);
if (rc == NGX_OK) {
switch (s->mail_state) {
case ngx_pop3_start:
switch (s->command) {
case NGX_POP3_USER:
rc = ngx_mail_pop3_user(s, c);
break;
case NGX_POP3_CAPA:
rc = ngx_mail_pop3_capa(s, c, 1);
break;
case NGX_POP3_APOP:
rc = ngx_mail_pop3_apop(s, c);
break;
case NGX_POP3_AUTH:
rc = ngx_mail_pop3_auth(s, c);
break;
case NGX_POP3_QUIT:
s->quit = 1;
break;
case NGX_POP3_NOOP:
break;
case NGX_POP3_STLS:
rc = ngx_mail_pop3_stls(s, c);
break;
default:
rc = NGX_MAIL_PARSE_INVALID_COMMAND;
break;
}
break;
case ngx_pop3_user:
switch (s->command) {
case NGX_POP3_PASS:
rc = ngx_mail_pop3_pass(s, c);
break;
case NGX_POP3_CAPA:
rc = ngx_mail_pop3_capa(s, c, 0);
break;
case NGX_POP3_QUIT:
s->quit = 1;
break;
case NGX_POP3_NOOP:
break;
default:
rc = NGX_MAIL_PARSE_INVALID_COMMAND;
break;
}
break;
/* suppress warinings */
case ngx_pop3_passwd:
break;
case ngx_pop3_auth_login_username:
rc = ngx_mail_auth_login_username(s, c, 0);
ngx_str_set(&s->out, pop3_password);
s->mail_state = ngx_pop3_auth_login_password;
break;
case ngx_pop3_auth_login_password:
rc = ngx_mail_auth_login_password(s, c);
break;
case ngx_pop3_auth_plain:
rc = ngx_mail_auth_plain(s, c, 0);
break;
case ngx_pop3_auth_cram_md5:
rc = ngx_mail_auth_cram_md5(s, c);
break;
}
}
switch (rc) {
case NGX_DONE:
ngx_mail_auth(s, c);
return;
case NGX_ERROR:
ngx_mail_session_internal_server_error(s);
return;
case NGX_MAIL_PARSE_INVALID_COMMAND:
s->mail_state = ngx_pop3_start;
s->state = 0;
ngx_str_set(&s->out, pop3_invalid_command);
/* fall through */
case NGX_OK:
s->args.nelts = 0;
s->buffer->pos = s->buffer->start;
s->buffer->last = s->buffer->start;
if (s->state) {
s->arg_start = s->buffer->start;
}
ngx_mail_send(c->write);
}
}
ngx_int_t
ngx_mail_read_command(ngx_mail_session_t *s, ngx_connection_t *c)
{
ssize_t n;
ngx_int_t rc;
ngx_str_t l;
ngx_mail_core_srv_conf_t *cscf;
n = c->recv(c, s->buffer->last, s->buffer->end - s->buffer->last);
if (n == NGX_ERROR || n == 0) {
ngx_mail_close_connection(c);
return NGX_ERROR;
}
if (n > 0) {
s->buffer->last += n;
}
if (n == NGX_AGAIN) {
if (ngx_handle_read_event(c->read, 0) != NGX_OK) {
ngx_mail_session_internal_server_error(s);
return NGX_ERROR;
}
if (s->buffer->pos == s->buffer->last) {
return NGX_AGAIN;
}
}
cscf = ngx_mail_get_module_srv_conf(s, ngx_mail_core_module);
rc = cscf->protocol->parse_command(s);
if (rc == NGX_AGAIN) {
if (s->buffer->last < s->buffer->end) {
return rc;
}
l.len = s->buffer->last - s->buffer->start;
l.data = s->buffer->start;
ngx_log_error(NGX_LOG_INFO, c->log, 0,
"client sent too long command \"%V\"", &l);
s->quit = 1;
return NGX_MAIL_PARSE_INVALID_COMMAND;
}
if (rc == NGX_IMAP_NEXT || rc == NGX_MAIL_PARSE_INVALID_COMMAND) {
return rc;
}
if (rc == NGX_ERROR) {
ngx_mail_close_connection(c);
return NGX_ERROR;
}
return NGX_OK;
}
static void
ngx_mail_auth_http_process_headers(ngx_mail_session_t *s,
ngx_mail_auth_http_ctx_t *ctx)
{
u_char *p;
time_t timer;
size_t len, size;
ngx_int_t rc, port, n;
ngx_addr_t *peer;
ngx_log_debug0(NGX_LOG_DEBUG_MAIL, s->connection->log, 0,
"mail auth http process headers");
for ( ;; ) {
rc = ngx_mail_auth_http_parse_header_line(s, ctx);
if (rc == NGX_OK) {
#if (NGX_DEBUG)
{
ngx_str_t key, value;
key.len = ctx->header_name_end - ctx->header_name_start;
key.data = ctx->header_name_start;
value.len = ctx->header_end - ctx->header_start;
value.data = ctx->header_start;
ngx_log_debug2(NGX_LOG_DEBUG_MAIL, s->connection->log, 0,
"mail auth http header: \"%V: %V\"",
&key, &value);
}
#endif
len = ctx->header_name_end - ctx->header_name_start;
if (len == sizeof("Auth-Status") - 1
&& ngx_strncasecmp(ctx->header_name_start,
(u_char *) "Auth-Status",
sizeof("Auth-Status") - 1)
== 0)
{
len = ctx->header_end - ctx->header_start;
if (len == 2
&& ctx->header_start[0] == 'O'
&& ctx->header_start[1] == 'K')
{
continue;
}
if (len == 4
&& ctx->header_start[0] == 'W'
&& ctx->header_start[1] == 'A'
&& ctx->header_start[2] == 'I'
&& ctx->header_start[3] == 'T')
{
s->auth_wait = 1;
continue;
}
ctx->errmsg.len = len;
ctx->errmsg.data = ctx->header_start;
switch (s->protocol) {
case NGX_MAIL_POP3_PROTOCOL:
size = sizeof("-ERR ") - 1 + len + sizeof(CRLF) - 1;
break;
case NGX_MAIL_IMAP_PROTOCOL:
size = s->tag.len + sizeof("NO ") - 1 + len
+ sizeof(CRLF) - 1;
break;
default: /* NGX_MAIL_SMTP_PROTOCOL */
ctx->err = ctx->errmsg;
continue;
}
p = ngx_pnalloc(s->connection->pool, size);
if (p == NULL) {
ngx_close_connection(ctx->peer.connection);
ngx_destroy_pool(ctx->pool);
ngx_mail_session_internal_server_error(s);
return;
}
ctx->err.data = p;
switch (s->protocol) {
case NGX_MAIL_POP3_PROTOCOL:
*p++ = '-'; *p++ = 'E'; *p++ = 'R'; *p++ = 'R'; *p++ = ' ';
break;
case NGX_MAIL_IMAP_PROTOCOL:
p = ngx_cpymem(p, s->tag.data, s->tag.len);
*p++ = 'N'; *p++ = 'O'; *p++ = ' ';
break;
default: /* NGX_MAIL_SMTP_PROTOCOL */
break;
}
p = ngx_cpymem(p, ctx->header_start, len);
*p++ = CR; *p++ = LF;
ctx->err.len = p - ctx->err.data;
continue;
}
if (len == sizeof("Auth-Server") - 1
&& ngx_strncasecmp(ctx->header_name_start,
(u_char *) "Auth-Server",
sizeof("Auth-Server") - 1)
== 0)
{
ctx->addr.len = ctx->header_end - ctx->header_start;
ctx->addr.data = ctx->header_start;
continue;
}
if (len == sizeof("Auth-Port") - 1
&& ngx_strncasecmp(ctx->header_name_start,
(u_char *) "Auth-Port",
sizeof("Auth-Port") - 1)
== 0)
{
ctx->port.len = ctx->header_end - ctx->header_start;
ctx->port.data = ctx->header_start;
continue;
}
if (len == sizeof("Auth-User") - 1
&& ngx_strncasecmp(ctx->header_name_start,
(u_char *) "Auth-User",
sizeof("Auth-User") - 1)
== 0)
{
s->login.len = ctx->header_end - ctx->header_start;
s->login.data = ngx_pnalloc(s->connection->pool, s->login.len);
if (s->login.data == NULL) {
ngx_close_connection(ctx->peer.connection);
ngx_destroy_pool(ctx->pool);
ngx_mail_session_internal_server_error(s);
return;
}
ngx_memcpy(s->login.data, ctx->header_start, s->login.len);
continue;
}
if (len == sizeof("Auth-Pass") - 1
&& ngx_strncasecmp(ctx->header_name_start,
(u_char *) "Auth-Pass",
sizeof("Auth-Pass") - 1)
== 0)
{
s->passwd.len = ctx->header_end - ctx->header_start;
s->passwd.data = ngx_pnalloc(s->connection->pool,
s->passwd.len);
if (s->passwd.data == NULL) {
ngx_close_connection(ctx->peer.connection);
ngx_destroy_pool(ctx->pool);
ngx_mail_session_internal_server_error(s);
return;
}
ngx_memcpy(s->passwd.data, ctx->header_start, s->passwd.len);
continue;
}
if (len == sizeof("Auth-Wait") - 1
&& ngx_strncasecmp(ctx->header_name_start,
(u_char *) "Auth-Wait",
sizeof("Auth-Wait") - 1)
== 0)
{
n = ngx_atoi(ctx->header_start,
ctx->header_end - ctx->header_start);
if (n != NGX_ERROR) {
ctx->sleep = n;
}
continue;
}
if (len == sizeof("Auth-Error-Code") - 1
&& ngx_strncasecmp(ctx->header_name_start,
(u_char *) "Auth-Error-Code",
sizeof("Auth-Error-Code") - 1)
== 0)
{
ctx->errcode.len = ctx->header_end - ctx->header_start;
ctx->errcode.data = ngx_pnalloc(s->connection->pool,
ctx->errcode.len);
if (ctx->errcode.data == NULL) {
ngx_close_connection(ctx->peer.connection);
ngx_destroy_pool(ctx->pool);
ngx_mail_session_internal_server_error(s);
return;
}
ngx_memcpy(ctx->errcode.data, ctx->header_start,
ctx->errcode.len);
continue;
}
/* ignore other headers */
continue;
}
if (rc == NGX_DONE) {
ngx_log_debug0(NGX_LOG_DEBUG_MAIL, s->connection->log, 0,
"mail auth http header done");
ngx_close_connection(ctx->peer.connection);
if (ctx->err.len) {
ngx_log_error(NGX_LOG_INFO, s->connection->log, 0,
"client login failed: \"%V\"", &ctx->errmsg);
if (s->protocol == NGX_MAIL_SMTP_PROTOCOL) {
if (ctx->errcode.len == 0) {
ctx->errcode = ngx_mail_smtp_errcode;
}
ctx->err.len = ctx->errcode.len + ctx->errmsg.len
+ sizeof(" " CRLF) - 1;
p = ngx_pnalloc(s->connection->pool, ctx->err.len);
if (p == NULL) {
ngx_destroy_pool(ctx->pool);
ngx_mail_session_internal_server_error(s);
return;
}
ctx->err.data = p;
p = ngx_cpymem(p, ctx->errcode.data, ctx->errcode.len);
*p++ = ' ';
p = ngx_cpymem(p, ctx->errmsg.data, ctx->errmsg.len);
*p++ = CR; *p = LF;
}
s->out = ctx->err;
timer = ctx->sleep;
ngx_destroy_pool(ctx->pool);
if (timer == 0) {
s->quit = 1;
ngx_mail_send(s->connection->write);
return;
}
ngx_add_timer(s->connection->read, (ngx_msec_t) (timer * 1000));
s->connection->read->handler = ngx_mail_auth_sleep_handler;
return;
}
if (s->auth_wait) {
timer = ctx->sleep;
ngx_destroy_pool(ctx->pool);
if (timer == 0) {
ngx_mail_auth_http_init(s);
return;
}
ngx_add_timer(s->connection->read, (ngx_msec_t) (timer * 1000));
s->connection->read->handler = ngx_mail_auth_sleep_handler;
return;
}
if (ctx->addr.len == 0 || ctx->port.len == 0) {
ngx_log_error(NGX_LOG_ERR, s->connection->log, 0,
"auth http server %V did not send server or port",
ctx->peer.name);
ngx_destroy_pool(ctx->pool);
ngx_mail_session_internal_server_error(s);
return;
}
if (s->passwd.data == NULL
&& s->protocol != NGX_MAIL_SMTP_PROTOCOL)
{
ngx_log_error(NGX_LOG_ERR, s->connection->log, 0,
"auth http server %V did not send password",
ctx->peer.name);
ngx_destroy_pool(ctx->pool);
ngx_mail_session_internal_server_error(s);
return;
}
peer = ngx_pcalloc(s->connection->pool, sizeof(ngx_addr_t));
if (peer == NULL) {
ngx_destroy_pool(ctx->pool);
ngx_mail_session_internal_server_error(s);
return;
}
rc = ngx_parse_addr(s->connection->pool, peer,
ctx->addr.data, ctx->addr.len);
switch (rc) {
case NGX_OK:
break;
case NGX_DECLINED:
ngx_log_error(NGX_LOG_ERR, s->connection->log, 0,
"auth http server %V sent invalid server "
"address:\"%V\"",
ctx->peer.name, &ctx->addr);
/* fall through */
default:
ngx_destroy_pool(ctx->pool);
ngx_mail_session_internal_server_error(s);
return;
}
port = ngx_atoi(ctx->port.data, ctx->port.len);
if (port == NGX_ERROR || port < 1 || port > 65535) {
ngx_log_error(NGX_LOG_ERR, s->connection->log, 0,
"auth http server %V sent invalid server "
"port:\"%V\"",
ctx->peer.name, &ctx->port);
ngx_destroy_pool(ctx->pool);
ngx_mail_session_internal_server_error(s);
return;
}
ngx_inet_set_port(peer->sockaddr, (in_port_t) port);
len = ctx->addr.len + 1 + ctx->port.len;
peer->name.len = len;
peer->name.data = ngx_pnalloc(s->connection->pool, len);
if (peer->name.data == NULL) {
ngx_destroy_pool(ctx->pool);
ngx_mail_session_internal_server_error(s);
return;
}
len = ctx->addr.len;
ngx_memcpy(peer->name.data, ctx->addr.data, len);
peer->name.data[len++] = ':';
ngx_memcpy(peer->name.data + len, ctx->port.data, ctx->port.len);
ngx_destroy_pool(ctx->pool);
ngx_mail_proxy_init(s, peer);
return;
}
if (rc == NGX_AGAIN ) {
return;
}
/* rc == NGX_ERROR */
ngx_log_error(NGX_LOG_ERR, s->connection->log, 0,
"auth http server %V sent invalid header in response",
ctx->peer.name);
ngx_close_connection(ctx->peer.connection);
ngx_destroy_pool(ctx->pool);
ngx_mail_session_internal_server_error(s);
return;
}
}
void
ngx_mail_proxy_init(ngx_mail_session_t *s, ngx_addr_t *peer)
{
int keepalive;
ngx_int_t rc;
ngx_int_t secured = 0;
ngx_mail_proxy_ctx_t *p;
ngx_mail_proxy_conf_t *pcf;
ngx_mail_core_srv_conf_t *cscf;
ngx_mail_ssl_conf_t *sslcf;
s->connection->log->action = "connecting to upstream";
cscf = ngx_mail_get_module_srv_conf(s, ngx_mail_core_module);
if (cscf->so_keepalive) {
keepalive = 1;
if (setsockopt(s->connection->fd, SOL_SOCKET, SO_KEEPALIVE,
(const void *) &keepalive, sizeof(int))
== -1)
{
ngx_log_error(NGX_LOG_ALERT, s->connection->log, ngx_socket_errno,
"setsockopt(SO_KEEPALIVE) failed");
}
}
p = ngx_pcalloc(s->connection->pool, sizeof(ngx_mail_proxy_ctx_t));
if (p == NULL) {
ngx_mail_session_internal_server_error(s);
return;
}
s->proxy = p;
p->upstream.sockaddr = peer->sockaddr;
p->upstream.socklen = peer->socklen;
p->upstream.name = &peer->name;
p->upstream.get = ngx_event_get_peer;
p->upstream.log = s->connection->log;
p->upstream.log_error = NGX_ERROR_ERR;
rc = ngx_event_connect_peer(&p->upstream);
if (rc == NGX_ERROR || rc == NGX_BUSY || rc == NGX_DECLINED) {
ngx_mail_proxy_internal_server_error(s);
return;
}
ngx_add_timer(p->upstream.connection->read, cscf->timeout);
p->upstream.connection->data = s;
p->upstream.connection->pool = s->connection->pool;
s->connection->read->handler = ngx_mail_proxy_block_read;
p->upstream.connection->write->handler = ngx_mail_proxy_dummy_handler;
#if (NGX_MAIL_SSL)
if (s->auth_security) {
sslcf = ngx_mail_get_module_srv_conf(s, ngx_mail_ssl_module);
if (sslcf->ssl.ctx) {
s->connection->log->action = "SSL handshaking";
ngx_mail_ssl_init_connection(&sslcf->ssl,
p->upstream.connection,
NGX_MAIL_SECURE_DIR_OUT);
secured = 1;
} else {
ngx_log_error(NGX_LOG_ERR, s->connection->log, 0,
"failed to get SSL context;");
ngx_mail_proxy_internal_server_error(s);
return;
}
}
#endif
pcf = ngx_mail_get_module_srv_conf(s, ngx_mail_proxy_module);
s->proxy->buffer = ngx_create_temp_buf(s->connection->pool,
pcf->buffer_size);
if (s->proxy->buffer == NULL) {
ngx_mail_proxy_internal_server_error(s);
return;
}
s->out.len = 0;
/* state will be changed in the ssl init routine */
if (!secured)
ngx_mail_proxy_start(p->upstream.connection);
}
void
ngx_mail_zmauth_init(ngx_mail_session_t *s) {
ngx_pool_t *pool;
ngx_mail_zmauth_ctx_t *ctx;
ngx_zm_lookup_work_t *work;
ngx_str_t escaped_login, escaped_account_name;
ngx_mail_cleanup_t *cln;
ngx_flag_t proxy_ssl;
s->connection->log->action = "in mail zmauth state";
/* create pool and module context */
pool = ngx_create_pool(2048, s->connection->log);
if (pool == NULL) {
ngx_mail_session_internal_server_error(s);
return;
}
ctx = ngx_pcalloc(pool, sizeof(ngx_mail_zmauth_ctx_t));
if (ctx == NULL) {
ngx_destroy_pool(pool);
ngx_mail_session_internal_server_error(s);
return;
}
ctx->pool = pool;
ngx_mail_set_ctx(s, ctx, ngx_mail_zmauth_module);
/* init clean up */
cln = ngx_mail_cleanup_add(s, 0);
cln->data = s;
cln->handler = ngx_mail_zmauth_cleanup;
/* init wait event */
ctx->wait_ev = ngx_palloc(pool, sizeof(ngx_event_t));
if (ctx->wait_ev == NULL) {
ngx_destroy_pool(pool);
ngx_mail_session_internal_server_error(s);
return;
}
ngx_memzero (ctx->wait_ev, sizeof (ngx_event_t));
ctx->wait_ev->handler = ngx_mail_zmauth_wait_handler;
ctx->wait_ev->log = s->connection->log;
ctx->wait_ev->data = s->connection;
work = ngx_pcalloc(pool, sizeof(ngx_zm_lookup_work_t));
if (work == NULL) {
ngx_destroy_pool(pool);
ngx_mail_session_internal_server_error(s);
return;
}
if (s->auth_method == NGX_MAIL_AUTH_PASSWD ||
s->auth_method == NGX_MAIL_AUTH_PLAIN ||
s->auth_method == NGX_MAIL_AUTH_PLAIN_IR ||
s->auth_method == NGX_MAIL_AUTH_LOGIN ||
s->auth_method == NGX_MAIL_AUTH_LOGIN_USERNAME) {
work->auth_method = ZM_AUTHMETH_USERNAME;
} else if (s->auth_method == NGX_MAIL_AUTH_GSSAPI ||
s->auth_method == NGX_MAIL_AUTH_GSSAPI_IR) {
work->auth_method = ZM_AUTHMETH_GSSAPI;
work->auth_id = s->authid;
} else {
ngx_log_error(NGX_LOG_ERR, s->connection->log, 0,
"unsupported auth method %V",
&ngx_mail_zmauth_method[s->auth_method]);
ngx_destroy_pool(pool);
ngx_mail_session_internal_server_error(s);
return;
}
proxy_ssl = ngx_mail_get_proxy_ssl(s);
switch (s->protocol) {
case NGX_MAIL_POP3_PROTOCOL:
work->protocol = proxy_ssl?ZM_PROTO_POP3S:ZM_PROTO_POP3;
break;
case NGX_MAIL_IMAP_PROTOCOL:
work->protocol = proxy_ssl?ZM_PROTO_IMAPS:ZM_PROTO_IMAP;
break;
default:
ngx_log_error(NGX_LOG_ERR, s->connection->log, 0,
"unsupported auth protocol %V",
&ngx_mail_zmauth_proto[s->protocol]);
ngx_destroy_pool(pool);
ngx_mail_session_internal_server_error(s);
return;
}
if (ngx_mail_zmauth_escape(pool, &s->login, &escaped_login) != NGX_OK) {
ngx_destroy_pool(pool);
ngx_mail_session_internal_server_error(s);
return;
}
work->username = escaped_login;
work->connection = s->connection;
work->login_attempts = s->login_attempt;
work->log = s->connection->log;
work->pool = s->connection->pool;
work->data = s;
work->on_success = ngx_mail_zmauth_lookup_result_handler;
work->on_failure = ngx_mail_zmauth_lookup_result_handler;
switch (s->vlogin) {
case 0:
work->alias_check_stat = ZM_ALIAS_NOT_CHECKED;
break;
case 1:
work->alias_check_stat = ZM_ALIAS_NOT_FOUND;
work->account_name = work->username;
work->alias_key = s->key_alias;
break;
case 2:
work->alias_check_stat = ZM_ALIAS_FOUND;
if (ngx_mail_zmauth_escape(pool, &s->qlogin,
&escaped_account_name) != NGX_OK) {
ngx_destroy_pool(pool);
ngx_mail_session_internal_server_error(s);
return;
}
work->account_name = escaped_account_name;
work->alias_key = s->key_alias;
break;
default:
ngx_log_error(NGX_LOG_ERR, s->connection->log, 0,
"Should never reach here");
return;
}
ctx->work = work;
s->connection->read->handler = ngx_mail_zmauth_block_read;
ngx_zm_lookup(work);
}
static void
ngx_mail_zmauth_lookup_result_handler(ngx_zm_lookup_work_t * work) {
ngx_mail_session_t *s;
ngx_mail_zmauth_ctx_t *ctx;
size_t size;
u_char *p;
ngx_addr_t *peer;
ngx_str_t errmsg;
s = (ngx_mail_session_t *) work->data;
ctx = (ngx_mail_zmauth_ctx_t *)ngx_mail_get_module_ctx(s, ngx_mail_zmauth_module);
if (work->result == ZM_LOOKUP_SUCCESS) {
ngx_mail_zmauth_unescape(&work->account_name);
/* copy the lookup result from zmauth pool to s->connection pool */
s->qlogin = *(ngx_pstrcpy(s->connection->pool, &work->account_name));
s->key_alias = *(ngx_pstrcpy(s->connection->pool, &work->alias_key));
s->key_route = *(ngx_pstrcpy(s->connection->pool, &work->route_key));
if (s->auth_method == NGX_MAIL_AUTH_GSSAPI ||
s->auth_method == NGX_MAIL_AUTH_GSSAPI_IR) {
s->dusr = *(ngx_pstrcpy(s->connection->pool, &work->auth_id));
s->dpasswd = *(ngx_pstrcpy(s->connection->pool, &work->zm_auth_token));
}
peer = ngx_palloc(s->connection->pool, sizeof(ngx_addr_t));
peer->name = *(ngx_pstrcpy(s->connection->pool, &work->route->name));
peer->socklen = work->route->socklen;
peer->sockaddr = ngx_palloc(s->connection->pool, peer->socklen);
if(peer->sockaddr == NULL) {
return; /* NO MEM */
}
ngx_memcpy(peer->sockaddr, work->route->sockaddr, peer->socklen);
switch (work->alias_check_stat) {
case ZM_ALIAS_NOT_FOUND:
s->vlogin = 1;
break;
case ZM_ALIAS_FOUND:
s->vlogin = 2;
break;
default:
break;
/* do nothing */
}
ngx_destroy_pool(ctx->pool);
ngx_mail_set_ctx(s, NULL, ngx_mail_zmauth_module);
ngx_mail_proxy_init(s, peer);
return;
} else {
ngx_log_error(NGX_LOG_ERR, s->connection->log, 0,
"An error occurred in mail zmauth: %V",
&work->err);
/* construct error msg */
if (work->result != ZM_LOOKUP_LOGIN_FAILED) {
/* zmauth clean up will destroy the ctx->pool */
ngx_mail_session_internal_server_error(s);
return;
}
errmsg = LOGIN_FAILED; /* should we return the real err msg to user? */
switch (s->protocol) {
case NGX_MAIL_POP3_PROTOCOL:
size = sizeof("-ERR ") - 1 + errmsg.len + sizeof(CRLF) - 1;
if (s->command == NGX_POP3_AUTH) {
size += AUTHENTICATION_FAILED.len;
}
break;
case NGX_MAIL_IMAP_PROTOCOL:
if (s->command == NGX_IMAP_AUTHENTICATE) {
errmsg = AUTHENTICATE_FAILED;
}
size = s->tag.len + 1 /*for space*/+ sizeof("NO ") - 1 + errmsg.len
+ sizeof(CRLF) - 1;
break;
default: /* NGX_MAIL_SMTP_PROTOCOL */
ngx_log_error(NGX_LOG_CRIT, s->connection->log, 0, "smtp is not supported!!");
return;
}
p = ngx_pnalloc(s->connection->pool, size);
if (p == NULL) {
ngx_destroy_pool(ctx->pool);
ngx_mail_session_internal_server_error(s);
return;
}
ctx->errmsg.data = p;
switch (s->protocol) {
case NGX_MAIL_POP3_PROTOCOL:
*p++ = '-'; *p++ = 'E'; *p++ = 'R'; *p++ = 'R'; *p++ = ' ';
if (s->command == NGX_POP3_AUTH) {
p = ngx_cpymem(p, AUTHENTICATION_FAILED.data, AUTHENTICATION_FAILED.len);
}
break;
case NGX_MAIL_IMAP_PROTOCOL:
p = ngx_cpymem(p, s->tag.data, s->tag.len);
*p++ = ' '; *p++ = 'N'; *p++ = 'O'; *p++ = ' ';
break;
default: /* NGX_MAIL_SMTP_PROTOCOL */
break;
}
p = ngx_cpymem(p, errmsg.data, errmsg.len);
*p++ = CR; *p++ = LF;
ctx->errmsg.len = p - ctx->errmsg.data;
s->out = ctx->errmsg;
if (work->result == ZM_LOOKUP_LOGIN_FAILED && work->wait_time > 0) {
ngx_add_timer(ctx->wait_ev, (ngx_msec_t) (work->wait_time * 1000));
s->connection->read->handler = ngx_mail_zmauth_block_read;
} else {
s->quit = 1;
ngx_mail_send(s->connection->write);
ngx_mail_set_ctx(s, NULL, ngx_mail_zmauth_module);
ngx_destroy_pool(ctx->pool);
}
return;
}
}
void
ngx_mail_proxy_init(ngx_mail_session_t *s, ngx_addr_t *peer)
{
ngx_int_t rc;
ngx_mail_proxy_ctx_t *p;
ngx_mail_proxy_conf_t *pcf;
ngx_mail_core_srv_conf_t *cscf;
s->connection->log->action = "connecting to upstream";
cscf = ngx_mail_get_module_srv_conf(s, ngx_mail_core_module);
p = ngx_pcalloc(s->connection->pool, sizeof(ngx_mail_proxy_ctx_t));
if (p == NULL) {
ngx_mail_session_internal_server_error(s);
return;
}
s->proxy = p;
p->upstream.sockaddr = peer->sockaddr;
p->upstream.socklen = peer->socklen;
p->upstream.name = &peer->name;
p->upstream.get = ngx_event_get_peer;
p->upstream.log = s->connection->log;
p->upstream.log_error = NGX_ERROR_ERR;
rc = ngx_event_connect_peer(&p->upstream);
if (rc == NGX_ERROR || rc == NGX_BUSY || rc == NGX_DECLINED) {
ngx_mail_proxy_internal_server_error(s);
return;
}
ngx_add_timer(p->upstream.connection->read, cscf->timeout, NGX_FUNC_LINE);
p->upstream.connection->data = s;
p->upstream.connection->pool = s->connection->pool;
s->connection->read->handler = ngx_mail_proxy_block_read;
p->upstream.connection->write->handler = ngx_mail_proxy_dummy_handler;
pcf = ngx_mail_get_module_srv_conf(s, ngx_mail_proxy_module);
s->proxy->buffer = ngx_create_temp_buf(s->connection->pool,
pcf->buffer_size);
if (s->proxy->buffer == NULL) {
ngx_mail_proxy_internal_server_error(s);
return;
}
s->out.len = 0;
switch (s->protocol) {
case NGX_MAIL_POP3_PROTOCOL:
p->upstream.connection->read->handler = ngx_mail_proxy_pop3_handler;
s->mail_state = ngx_pop3_start;
break;
case NGX_MAIL_IMAP_PROTOCOL:
p->upstream.connection->read->handler = ngx_mail_proxy_imap_handler;
s->mail_state = ngx_imap_start;
break;
default: /* NGX_MAIL_SMTP_PROTOCOL */
p->upstream.connection->read->handler = ngx_mail_proxy_smtp_handler;
s->mail_state = ngx_smtp_start;
break;
}
}
/* 启动nginx与上游邮件服务器间的交互 */
void ngx_mail_proxy_init(ngx_mail_session_t *s, ngx_addr_t *peer)
{
int keepalive;
ngx_int_t rc;
ngx_mail_proxy_ctx_t *p;
ngx_mail_proxy_conf_t *pcf;
ngx_mail_core_srv_conf_t *cscf;
s->connection->log->action = "connecting to upstream";
cscf = ngx_mail_get_module_srv_conf(s, ngx_mail_core_module);
if (cscf->so_keepalive) {
keepalive = 1;
if (setsockopt(s->connection->fd, SOL_SOCKET, SO_KEEPALIVE,
(const void *) &keepalive, sizeof(int))
== -1)
{
ngx_log_error(NGX_LOG_ALERT, s->connection->log, ngx_socket_errno,
"setsockopt(SO_KEEPALIVE) failed");
}
}
p = ngx_pcalloc(s->connection->pool, sizeof(ngx_mail_proxy_ctx_t));//创建ngx_mail_proxy_t结构体
if (p == NULL) {
ngx_mail_session_internal_server_error(s);
return;
}
s->proxy = p;
p->upstream.sockaddr = peer->sockaddr;
p->upstream.socklen = peer->socklen;
p->upstream.name = &peer->name;
p->upstream.get = ngx_event_get_peer;
p->upstream.log = s->connection->log;
p->upstream.log_error = NGX_ERROR_ERR;
rc = ngx_event_connect_peer(&p->upstream);//向上游邮件服务器发起无阻塞的TCP连接
if (rc == NGX_ERROR || rc == NGX_BUSY || rc == NGX_DECLINED) {
ngx_mail_proxy_internal_server_error(s);
return;
}
/* 需要监控接收邮件服务器的响应是否超时,于是把与上游连接的读事件添加到定时器中 */
ngx_add_timer(p->upstream.connection->read, cscf->timeout);
p->upstream.connection->data = s;//设置连接的data成员指向ngx_mail_session_t结构体
p->upstream.connection->pool = s->connection->pool;
/* 设置nginx于客户端间连接读事件的回调方法为不会读取内容的ngx_mail_proxy_block_read方法,因为当前阶段nginx不会与客户端交互 */
s->connection->read->handler = ngx_mail_proxy_block_read;
/* 设置nginx与上游间的连接写事件回调方法为什么都不做的ngx_mail_proxy_dummy_handler方法,这意味着
接下来向上游发送TCP流时,将不再通过epoll这个事件框架来调度*/
p->upstream.connection->write->handler = ngx_mail_proxy_dummy_handler;
pcf = ngx_mail_get_module_srv_conf(s, ngx_mail_proxy_module);
/* 建立nginx与邮件服务器间的内存缓冲区 */
s->proxy->buffer = ngx_create_temp_buf(s->connection->pool,pcf->buffer_size);
if (s->proxy->buffer == NULL) {
ngx_mail_proxy_internal_server_error(s);
return;
}
s->out.len = 0;//设置out为空,表示不会通过out向客户端发送响应
/* 根据用户请求的协议设置实际的邮件认证方法 */
switch (s->protocol)
{
case NGX_MAIL_POP3_PROTOCOL://设置POP3协议进行邮件交互认证的方法
p->upstream.connection->read->handler = ngx_mail_proxy_pop3_handler;
s->mail_state = ngx_pop3_start;
break;
case NGX_MAIL_IMAP_PROTOCOL:
p->upstream.connection->read->handler = ngx_mail_proxy_imap_handler;
s->mail_state = ngx_imap_start;
break;
default: /* NGX_MAIL_SMTP_PROTOCOL */
p->upstream.connection->read->handler = ngx_mail_proxy_smtp_handler;
s->mail_state = ngx_smtp_start;
break;
}
}
