ngx_int_t
ngx_mail_auth_login_password(ngx_mail_session_t *s, ngx_connection_t *c)
{
ngx_str_t *arg;
arg = s->args.elts;
#if (NGX_DEBUG_MAIL_PASSWD)
ngx_log_debug1(NGX_LOG_DEBUG_MAIL, c->log, 0,
"mail auth login password: \"%V\"", &arg[0]);
#endif
s->passwd.data = ngx_palloc(c->pool, ngx_base64_decoded_length(arg[0].len));
if (s->passwd.data == NULL){
return NGX_ERROR;
}
if (ngx_decode_base64(&s->passwd, &arg[0]) != NGX_OK) {
ngx_log_error(NGX_LOG_INFO, c->log, 0,
"client sent invalid base64 encoding in AUTH LOGIN command");
return NGX_MAIL_PARSE_INVALID_COMMAND;
}
#if (NGX_DEBUG_MAIL_PASSWD)
ngx_log_debug1(NGX_LOG_DEBUG_MAIL, c->log, 0,
"mail auth login password: \"%V\"", &s->passwd);
#endif
return NGX_DONE;
}
static int
ngx_http_lua_ngx_decode_base64(lua_State *L)
{
ngx_str_t p, src;
if (lua_gettop(L) != 1) {
return luaL_error(L, "expecting one argument");
}
if (lua_isnil(L, 1)) {
src.data = (u_char *) "";
src.len = 0;
} else {
src.data = (u_char *) luaL_checklstring(L, 1, &src.len);
}
p.len = ngx_base64_decoded_length(src.len);
p.data = lua_newuserdata(L, p.len);
if (ngx_decode_base64(&p, &src) == NGX_OK) {
lua_pushlstring(L, (char *) p.data, p.len);
} else {
lua_pushnil(L);
}
return 1;
}
ngx_int_t
ngx_mail_auth_login_username(ngx_mail_session_t *s, ngx_connection_t *c,
ngx_uint_t n)
{
ngx_str_t *arg;
arg = s->args.elts;
ngx_log_debug1(NGX_LOG_DEBUG_MAIL, c->log, 0,
"mail auth login username: \"%V\"", &arg[n]);
s->login.data = ngx_palloc(c->pool, ngx_base64_decoded_length(arg[n].len));
if (s->login.data == NULL){
return NGX_ERROR;
}
if (ngx_decode_base64(&s->login, &arg[n]) != NGX_OK) {
ngx_log_error(NGX_LOG_INFO, c->log, 0,
"client sent invalid base64 encoding in AUTH LOGIN command");
return NGX_MAIL_PARSE_INVALID_COMMAND;
}
ngx_log_debug1(NGX_LOG_DEBUG_MAIL, c->log, 0,
"mail auth login username: \"%V\"", &s->login);
return NGX_OK;
}
int main(int argc, char* argv[]) {
/* str to lower */
ngx_str_t str = ngx_string("Hello World!");
u_char* strlow = (u_char*)malloc(str.len);
ngx_strlow(strlow, str.data, str.len);
fprintf(stdout, "strlow %.*s\n", str.len, strlow);
free(strlow);
/* base64 encode and decode */
ngx_str_t raw_str = ngx_string("123abc");
ngx_str_t base64_encoded_str = ngx_null_string;
ngx_str_t base64_decoded_str = ngx_null_string;
base64_encoded_str.len = ngx_base64_encoded_length(raw_str.len);
base64_encoded_str.data = (u_char*)malloc(base64_encoded_str.len);
ngx_encode_base64(&base64_encoded_str, &raw_str);
fprintf(stdout, "%.*s\n", base64_encoded_str.len, base64_encoded_str.data);
base64_decoded_str.len = ngx_base64_decoded_length(base64_encoded_str.len);
base64_decoded_str.data = (u_char*)malloc(base64_decoded_str.len);
ngx_decode_base64(&base64_decoded_str, &base64_encoded_str);
fprintf(stdout, "%.*s\n", base64_decoded_str.len, base64_decoded_str.data);
free(base64_encoded_str.data);
free(base64_decoded_str.data);
return 0;
}
ngx_int_t
oc_smtp_cmd_auth_plain(oc_smtp_session_t *s, ngx_connection_t *c, ngx_uint_t n)
{
u_char *p, *last;
ngx_str_t *arg, plain;
arg = s->args.elts;
#if (NGX_DEBUG_MAIL_PASSWD)
ngx_log_debug1(NGX_LOG_DEBUG_MAIL, c->log, 0,
"mail auth plain: \"%V\"", &arg[n]);
#endif
plain.data = ngx_pnalloc(c->pool, ngx_base64_decoded_length(arg[n].len));
if (plain.data == NULL) {
return NGX_ERROR;
}
if (ngx_decode_base64(&plain, &arg[n]) != NGX_OK) {
ngx_log_error(NGX_LOG_INFO, c->log, 0,
"client sent invalid base64 encoding in AUTH PLAIN command");
return OC_SMTP_PARSE_INVALID_COMMAND;
}
p = plain.data;
last = p + plain.len;
while (p < last && *p++) { /* void */ }
if (p == last) {
ngx_log_error(NGX_LOG_INFO, c->log, 0,
"client sent invalid login in AUTH PLAIN command");
return OC_SMTP_PARSE_INVALID_COMMAND;
}
s->login.data = p;
while (p < last && *p) { p++; }
if (p == last) {
ngx_log_error(NGX_LOG_INFO, c->log, 0,
"client sent invalid password in AUTH PLAIN command");
return OC_SMTP_PARSE_INVALID_COMMAND;
}
s->login.len = p++ - s->login.data;
s->passwd.len = last - p;
s->passwd.data = p;
#if (NGX_DEBUG_MAIL_PASSWD)
ngx_log_debug2(NGX_LOG_DEBUG_MAIL, c->log, 0,
"mail auth plain: \"%V\" \"%V\"", &s->login, &s->passwd);
#endif
return NGX_DONE;
}
ngx_int_t
ngx_http_auth_spnego_token(
ngx_http_request_t *r,
ngx_http_auth_spnego_ctx_t *ctx)
{
ngx_str_t token;
ngx_str_t decoded;
size_t nego_sz = sizeof("Negotiate");
if (NULL == r->headers_in.authorization) {
return NGX_DECLINED;
}
/* but don't decode second time? */
if (ctx->token.len)
return NGX_OK;
token = r->headers_in.authorization->value;
if (token.len < nego_sz ||
ngx_strncasecmp(token.data, (u_char *) "Negotiate ", nego_sz) != 0) {
if (ngx_strncasecmp(
token.data, (u_char *) "NTLM", sizeof("NTLM")) == 0) {
spnego_log_error("Detected unsupported mechanism: NTLM");
}
return NGX_DECLINED;
}
token.len -= nego_sz;
token.data += nego_sz;
while (token.len && token.data[0] == ' ') {
token.len--;
token.data++;
}
if (token.len == 0) {
return NGX_DECLINED;
}
decoded.len = ngx_base64_decoded_length(token.len);
decoded.data = ngx_pnalloc(r->pool, decoded.len);
if (NULL == decoded.data) {
return NGX_ERROR;
}
if (ngx_decode_base64(&decoded, &token) != NGX_OK) {
return NGX_DECLINED;
}
ctx->token.len = decoded.len;
ctx->token.data = decoded.data;
spnego_debug2("Token decoded: %*s", token.len, token.data);
return NGX_OK;
}
ngx_int_t
oc_smtp_cmd_auth_cram_md5(oc_smtp_session_t *s, ngx_connection_t *c)
{
u_char *p, *last;
ngx_str_t *arg;
arg = s->args.elts;
ngx_log_debug1(NGX_LOG_DEBUG_MAIL, c->log, 0,
"mail auth cram-md5: \"%V\"", &arg[0]);
s->login.data = ngx_pnalloc(c->pool, ngx_base64_decoded_length(arg[0].len));
if (s->login.data == NULL) {
return NGX_ERROR;
}
if (ngx_decode_base64(&s->login, &arg[0]) != NGX_OK) {
ngx_log_error(NGX_LOG_INFO, c->log, 0,
"client sent invalid base64 encoding in AUTH CRAM-MD5 command");
return OC_SMTP_PARSE_INVALID_COMMAND;
}
p = s->login.data;
last = p + s->login.len;
while (p < last) {
if (*p++ == ' ') {
s->login.len = p - s->login.data - 1;
s->passwd.len = last - p;
s->passwd.data = p;
break;
}
}
if (s->passwd.len != 32) {
ngx_log_error(NGX_LOG_INFO, c->log, 0,
"client sent invalid CRAM-MD5 hash in AUTH CRAM-MD5 command");
return OC_SMTP_PARSE_INVALID_COMMAND;
}
ngx_log_debug2(NGX_LOG_DEBUG_MAIL, c->log, 0,
"mail auth cram-md5: \"%V\" \"%V\"", &s->login, &s->passwd);
s->auth_method = OC_SMTP_AUTH_CRAM_MD5;
return NGX_DONE;
}
static int
ngx_http_lua_ngx_decode_base64(lua_State *L)
{
ngx_http_request_t *r;
ngx_str_t p, src;
lua_pushlightuserdata(L, &ngx_http_lua_request_key);
lua_rawget(L, LUA_GLOBALSINDEX);
r = lua_touserdata(L, -1);
lua_pop(L, 1);
if (r == NULL) {
return luaL_error(L, "no request object found");
}
if (lua_gettop(L) != 1) {
return luaL_error(L, "expecting one argument");
}
if (strcmp(luaL_typename(L, 1), (char *) "nil") == 0) {
src.data = (u_char *) "";
src.len = 0;
} else {
src.data = (u_char *) luaL_checklstring(L, 1, &src.len);
}
p.len = ngx_base64_decoded_length(src.len);
p.data = ngx_palloc(r->pool, p.len);
if (p.data == NULL) {
return NGX_ERROR;
}
if (ngx_decode_base64(&p, &src) == NGX_OK) {
lua_pushlstring(L, (char *) p.data, p.len);
} else {
lua_pushnil(L);
}
ngx_pfree(r->pool, p.data);
return 1;
}
static mrb_value ngx_http_mruby_base64_decode(mrb_state *mrb, mrb_value self)
{
mrb_value mrb_src;
ngx_str_t src, dst;
mrb_get_args(mrb, "o", &mrb_src);
mrb_src = mrb_obj_as_string(mrb, mrb_src);
src.data = (u_char *)RSTRING_PTR(mrb_src);
src.len = RSTRING_LEN(mrb_src);
dst.len = ngx_base64_decoded_length(src.len);
dst.data = mrb_malloc(mrb, dst.len + 1);
if (ngx_decode_base64(&dst, &src) == NGX_ERROR) {
return mrb_nil_value();
}
return mrb_str_new(mrb, (char *)dst.data, dst.len);
}
static ngx_int_t
ngx_rtmp_authen_http_response_decode(ngx_rtmp_session_t *s,
ngx_rtmp_authen_ctx_t *ctx)
{
ngx_http_request_t r;
ngx_str_t val;
u_char val_buf[NGX_RTMP_AUTHEN_MAX_RESPONSE];
u_char status;
ngx_log_debug1(NGX_LOG_DEBUG_RTMP, s->connection->log, 0,
"connect (authen): response: %s", ctx->resp.data);
val.len = 0;
val.data = val_buf;
r.args.len = ctx->resp.len;
r.args.data = ctx->resp.data;
ctx->conn_desc.len = 0;
if (ngx_http_arg(&r, (u_char *)"desc", sizeof("desc") - 1, &val) == NGX_OK
&& val.len > 0) {
ctx->conn_desc.len = ngx_base64_decoded_length(val.len);
ctx->conn_desc.data = ngx_pcalloc(s->connection->pool,
ctx->conn_desc.len + 1);
if (ctx->conn_desc.data != NULL &&
ngx_decode_base64(&ctx->conn_desc, &val) == NGX_OK) {
ngx_log_debug1(NGX_LOG_DEBUG_RTMP, s->connection->log, 0,
"connect (authen): description: %s", ctx->conn_desc.data);
} else {
ctx->conn_desc.len = 0;
}
}
val.len = 0;
if (ngx_http_arg(&r, (u_char *)"status", sizeof ("status") - 1,
&val) != NGX_OK || val.len == 0) {
return NGX_ERROR;
} else {
status = val.data[0];
ctx->user.len = 0;
val.len = 0;
if (ngx_http_arg(&r, (u_char *)"user", sizeof("user") - 1,
&val) == NGX_OK && val.len > 0) {
ctx->user.data = ngx_pcalloc(s->connection->pool, val.len + 1);
if (ctx->user.data != NULL) {
u_char *dst = ctx->user.data;
ngx_unescape_uri(&dst, &val.data, val.len, 0);
*dst = '\0';
ctx->user.len = ngx_strlen(ctx->user.data);
}
}
ctx->authmod.len = 0;
val.len = 0;
if (ngx_http_arg(&r, (u_char *)"authmod", sizeof("authmod") - 1,
&val) == NGX_OK && val.len > 0) {
ctx->authmod.data = ngx_pcalloc(s->connection->pool, val.len + 1);
if (ctx->authmod.data != NULL) {
u_char *dst = ctx->authmod.data;
ngx_unescape_uri(&dst, &val.data, val.len, 0);
*dst = '\0';
ctx->authmod.len = ngx_strlen(ctx->authmod.data);
}
}
}
switch (status) {
/* Allow */
case (u_char)'a':
case (u_char)'A':
if (ctx->user.len > 0) {
ngx_log_error(NGX_LOG_INFO, s->connection->log, 0,
"connect (authen): Allow, user: %s", ctx->user.data);
} else {
ngx_log_error(NGX_LOG_INFO, s->connection->log, 0,
"connect (authen): Allow");
}
ctx->conn_status = NGX_RTMP_CONN_ALLOW;
return NGX_OK;
/* Reject */
case (u_char)'r':
case (u_char)'R':
if (ctx->user.len > 0) {
ngx_log_error(NGX_LOG_INFO, s->connection->log, 0,
"connect (authen): Reject, user: %s", ctx->user.data);
} else {
ngx_log_error(NGX_LOG_INFO, s->connection->log, 0,
"connect (authen): Reject");
}
if (ctx->conn_desc.len > 0) {
ngx_log_error(NGX_LOG_INFO, s->connection->log, 0,
"connect (authen): Reject, reason: %s",
ctx->conn_desc.data);
}
ctx->conn_status = NGX_RTMP_CONN_REJECT;
return NGX_OK;
/* Deny */
case (u_char)'d':
case (u_char)'D':
default:
if (ctx->user.len > 0) {
ngx_log_error(NGX_LOG_INFO, s->connection->log, 0,
"connect (authen): Deny, user: %s", ctx->user.data);
} else {
ngx_log_error(NGX_LOG_INFO, s->connection->log, 0,
"connect (authen): Deny");
}
ctx->conn_status = NGX_RTMP_CONN_DENY;
return NGX_ERROR;
}
}
