mohd/hsmod_original
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Initial commit

Browse Source
This commit is contained in:
WatermelonModders
2022-05-31 12:35:46 -04:00
commit fc5cb0c32c
4097 changed files with 447075 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
hm_nginx/src/mail/ngx_mail.c
+567
View File
@@ -0,0 +1,567 @@
/*
* Copyright (C) Igor Sysoev
* Copyright (C) Nginx, Inc.
*/
#include <ngx_config.h>
#include <ngx_core.h>
#include <ngx_event.h>
#include <ngx_mail.h>
static char *ngx_mail_block(ngx_conf_t *cf, ngx_command_t *cmd, void *conf);
static ngx_int_t ngx_mail_add_ports(ngx_conf_t *cf, ngx_array_t *ports,
ngx_mail_listen_t *listen);
static char *ngx_mail_optimize_servers(ngx_conf_t *cf, ngx_array_t *ports);
static ngx_int_t ngx_mail_add_addrs(ngx_conf_t *cf, ngx_mail_port_t *mport,
ngx_mail_conf_addr_t *addr);
#if (NGX_HAVE_INET6)
static ngx_int_t ngx_mail_add_addrs6(ngx_conf_t *cf, ngx_mail_port_t *mport,
ngx_mail_conf_addr_t *addr);
#endif
static ngx_int_t ngx_mail_cmp_conf_addrs(const void *one, const void *two);
ngx_uint_t ngx_mail_max_module;
static ngx_command_t ngx_mail_commands[] = {
{ ngx_string("mail"),
NGX_MAIN_CONF|NGX_CONF_BLOCK|NGX_CONF_NOARGS,
ngx_mail_block,
0,
0,
NULL },
{ ngx_string("imap"),
NGX_MAIN_CONF|NGX_CONF_BLOCK|NGX_CONF_NOARGS,
ngx_mail_block,
0,
0,
NULL },
ngx_null_command
};
static ngx_core_module_t ngx_mail_module_ctx = {
ngx_string("mail"),
NULL,
NULL
};
ngx_module_t ngx_mail_module = {
NGX_MODULE_V1,
&ngx_mail_module_ctx, /* module context */
ngx_mail_commands, /* module directives */
NGX_CORE_MODULE, /* module type */
NULL, /* init master */
NULL, /* init module */
NULL, /* init process */
NULL, /* init thread */
NULL, /* exit thread */
NULL, /* exit process */
NULL, /* exit master */
NGX_MODULE_V1_PADDING
};
static char *
ngx_mail_block(ngx_conf_t *cf, ngx_command_t *cmd, void *conf)
{
char *rv;
ngx_uint_t i, m, mi, s;
ngx_conf_t pcf;
ngx_array_t ports;
ngx_mail_listen_t *listen;
ngx_mail_module_t *module;
ngx_mail_conf_ctx_t *ctx;
ngx_mail_core_srv_conf_t **cscfp;
ngx_mail_core_main_conf_t *cmcf;
if (cmd->name.data[0] == 'i') {
ngx_conf_log_error(NGX_LOG_WARN, cf, 0,
"the \"imap\" directive is deprecated, "
"use the \"mail\" directive instead");
}
/* the main mail context */
ctx = ngx_pcalloc(cf->pool, sizeof(ngx_mail_conf_ctx_t));
if (ctx == NULL) {
return NGX_CONF_ERROR;
}
*(ngx_mail_conf_ctx_t **) conf = ctx;
/* count the number of the mail modules and set up their indices */
ngx_mail_max_module = 0;
for (m = 0; ngx_modules[m]; m++) {
if (ngx_modules[m]->type != NGX_MAIL_MODULE) {
continue;
}
ngx_modules[m]->ctx_index = ngx_mail_max_module++;
}
/* the mail main_conf context, it is the same in the all mail contexts */
ctx->main_conf = ngx_pcalloc(cf->pool,
sizeof(void *) * ngx_mail_max_module);
if (ctx->main_conf == NULL) {
return NGX_CONF_ERROR;
}
/*
* the mail null srv_conf context, it is used to merge
* the server{}s' srv_conf's
*/
ctx->srv_conf = ngx_pcalloc(cf->pool, sizeof(void *) * ngx_mail_max_module);
if (ctx->srv_conf == NULL) {
return NGX_CONF_ERROR;
}
/*
* create the main_conf's and the null srv_conf's of the all mail modules
*/
for (m = 0; ngx_modules[m]; m++) {
if (ngx_modules[m]->type != NGX_MAIL_MODULE) {
continue;
}
module = ngx_modules[m]->ctx;
mi = ngx_modules[m]->ctx_index;
if (module->create_main_conf) {
ctx->main_conf[mi] = module->create_main_conf(cf);
if (ctx->main_conf[mi] == NULL) {
return NGX_CONF_ERROR;
}
}
if (module->create_srv_conf) {
ctx->srv_conf[mi] = module->create_srv_conf(cf);
if (ctx->srv_conf[mi] == NULL) {
return NGX_CONF_ERROR;
}
}
}
/* parse inside the mail{} block */
pcf = *cf;
cf->ctx = ctx;
cf->module_type = NGX_MAIL_MODULE;
cf->cmd_type = NGX_MAIL_MAIN_CONF;
rv = ngx_conf_parse(cf, NULL);
if (rv != NGX_CONF_OK) {
*cf = pcf;
return rv;
}
/* init mail{} main_conf's, merge the server{}s' srv_conf's */
cmcf = ctx->main_conf[ngx_mail_core_module.ctx_index];
cscfp = cmcf->servers.elts;
for (m = 0; ngx_modules[m]; m++) {
if (ngx_modules[m]->type != NGX_MAIL_MODULE) {
continue;
}
module = ngx_modules[m]->ctx;
mi = ngx_modules[m]->ctx_index;
/* init mail{} main_conf's */
cf->ctx = ctx;
if (module->init_main_conf) {
rv = module->init_main_conf(cf, ctx->main_conf[mi]);
if (rv != NGX_CONF_OK) {
*cf = pcf;
return rv;
}
}
for (s = 0; s < cmcf->servers.nelts; s++) {
/* merge the server{}s' srv_conf's */
cf->ctx = cscfp[s]->ctx;
if (module->merge_srv_conf) {
rv = module->merge_srv_conf(cf,
ctx->srv_conf[mi],
cscfp[s]->ctx->srv_conf[mi]);
if (rv != NGX_CONF_OK) {
*cf = pcf;
return rv;
}
}
}
}
*cf = pcf;
if (ngx_array_init(&ports, cf->temp_pool, 4, sizeof(ngx_mail_conf_port_t))
!= NGX_OK)
{
return NGX_CONF_ERROR;
}
listen = cmcf->listen.elts;
for (i = 0; i < cmcf->listen.nelts; i++) {
if (ngx_mail_add_ports(cf, &ports, &listen[i]) != NGX_OK) {
return NGX_CONF_ERROR;
}
}
return ngx_mail_optimize_servers(cf, &ports);
}
static ngx_int_t
ngx_mail_add_ports(ngx_conf_t *cf, ngx_array_t *ports,
ngx_mail_listen_t *listen)
{
in_port_t p;
ngx_uint_t i;
struct sockaddr *sa;
struct sockaddr_in *sin;
ngx_mail_conf_port_t *port;
ngx_mail_conf_addr_t *addr;
#if (NGX_HAVE_INET6)
struct sockaddr_in6 *sin6;
#endif
sa = (struct sockaddr *) &listen->sockaddr;
switch (sa->sa_family) {
#if (NGX_HAVE_INET6)
case AF_INET6:
sin6 = (struct sockaddr_in6 *) sa;
p = sin6->sin6_port;
break;
#endif
#if (NGX_HAVE_UNIX_DOMAIN)
case AF_UNIX:
p = 0;
break;
#endif
default: /* AF_INET */
sin = (struct sockaddr_in *) sa;
p = sin->sin_port;
break;
}
port = ports->elts;
for (i = 0; i < ports->nelts; i++) {
if (p == port[i].port && sa->sa_family == port[i].family) {
/* a port is already in the port list */
port = &port[i];
goto found;
}
}
/* add a port to the port list */
port = ngx_array_push(ports);
if (port == NULL) {
return NGX_ERROR;
}
port->family = sa->sa_family;
port->port = p;
if (ngx_array_init(&port->addrs, cf->temp_pool, 2,
sizeof(ngx_mail_conf_addr_t))
!= NGX_OK)
{
return NGX_ERROR;
}
found:
addr = ngx_array_push(&port->addrs);
if (addr == NULL) {
return NGX_ERROR;
}
addr->sockaddr = (struct sockaddr *) &listen->sockaddr;
addr->socklen = listen->socklen;
addr->ctx = listen->ctx;
addr->bind = listen->bind;
addr->wildcard = listen->wildcard;
addr->so_keepalive = listen->so_keepalive;
#if (NGX_HAVE_KEEPALIVE_TUNABLE)
addr->tcp_keepidle = listen->tcp_keepidle;
addr->tcp_keepintvl = listen->tcp_keepintvl;
addr->tcp_keepcnt = listen->tcp_keepcnt;
#endif
#if (NGX_MAIL_SSL)
addr->ssl = listen->ssl;
#endif
#if (NGX_HAVE_INET6 && defined IPV6_V6ONLY)
addr->ipv6only = listen->ipv6only;
#endif
return NGX_OK;
}
static char *
ngx_mail_optimize_servers(ngx_conf_t *cf, ngx_array_t *ports)
{
ngx_uint_t i, p, last, bind_wildcard;
ngx_listening_t *ls;
ngx_mail_port_t *mport;
ngx_mail_conf_port_t *port;
ngx_mail_conf_addr_t *addr;
port = ports->elts;
for (p = 0; p < ports->nelts; p++) {
ngx_sort(port[p].addrs.elts, (size_t) port[p].addrs.nelts,
sizeof(ngx_mail_conf_addr_t), ngx_mail_cmp_conf_addrs);
addr = port[p].addrs.elts;
last = port[p].addrs.nelts;
/*
* if there is the binding to the "*:port" then we need to bind()
* to the "*:port" only and ignore the other bindings
*/
if (addr[last - 1].wildcard) {
addr[last - 1].bind = 1;
bind_wildcard = 1;
} else {
bind_wildcard = 0;
}
i = 0;
while (i < last) {
if (bind_wildcard && !addr[i].bind) {
i++;
continue;
}
ls = ngx_create_listening(cf, addr[i].sockaddr, addr[i].socklen);
if (ls == NULL) {
return NGX_CONF_ERROR;
}
ls->addr_ntop = 1;
ls->handler = ngx_mail_init_connection;
ls->pool_size = 256;
/* TODO: error_log directive */
ls->logp = &cf->cycle->new_log;
ls->log.data = &ls->addr_text;
ls->log.handler = ngx_accept_log_error;
ls->keepalive = addr[i].so_keepalive;
#if (NGX_HAVE_KEEPALIVE_TUNABLE)
ls->keepidle = addr[i].tcp_keepidle;
ls->keepintvl = addr[i].tcp_keepintvl;
ls->keepcnt = addr[i].tcp_keepcnt;
#endif
#if (NGX_HAVE_INET6 && defined IPV6_V6ONLY)
ls->ipv6only = addr[i].ipv6only;
#endif
mport = ngx_palloc(cf->pool, sizeof(ngx_mail_port_t));
if (mport == NULL) {
return NGX_CONF_ERROR;
}
ls->servers = mport;
if (i == last - 1) {
mport->naddrs = last;
} else {
mport->naddrs = 1;
i = 0;
}
switch (ls->sockaddr->sa_family) {
#if (NGX_HAVE_INET6)
case AF_INET6:
if (ngx_mail_add_addrs6(cf, mport, addr) != NGX_OK) {
return NGX_CONF_ERROR;
}
break;
#endif
default: /* AF_INET */
if (ngx_mail_add_addrs(cf, mport, addr) != NGX_OK) {
return NGX_CONF_ERROR;
}
break;
}
addr++;
last--;
}
}
return NGX_CONF_OK;
}
static ngx_int_t
ngx_mail_add_addrs(ngx_conf_t *cf, ngx_mail_port_t *mport,
ngx_mail_conf_addr_t *addr)
{
u_char *p;
size_t len;
ngx_uint_t i;
ngx_mail_in_addr_t *addrs;
struct sockaddr_in *sin;
u_char buf[NGX_SOCKADDR_STRLEN];
mport->addrs = ngx_pcalloc(cf->pool,
mport->naddrs * sizeof(ngx_mail_in_addr_t));
if (mport->addrs == NULL) {
return NGX_ERROR;
}
addrs = mport->addrs;
for (i = 0; i < mport->naddrs; i++) {
sin = (struct sockaddr_in *) addr[i].sockaddr;
addrs[i].addr = sin->sin_addr.s_addr;
addrs[i].conf.ctx = addr[i].ctx;
#if (NGX_MAIL_SSL)
addrs[i].conf.ssl = addr[i].ssl;
#endif
len = ngx_sock_ntop(addr[i].sockaddr, addr[i].socklen, buf,
NGX_SOCKADDR_STRLEN, 1);
p = ngx_pnalloc(cf->pool, len);
if (p == NULL) {
return NGX_ERROR;
}
ngx_memcpy(p, buf, len);
addrs[i].conf.addr_text.len = len;
addrs[i].conf.addr_text.data = p;
}
return NGX_OK;
}
#if (NGX_HAVE_INET6)
static ngx_int_t
ngx_mail_add_addrs6(ngx_conf_t *cf, ngx_mail_port_t *mport,
ngx_mail_conf_addr_t *addr)
{
u_char *p;
size_t len;
ngx_uint_t i;
ngx_mail_in6_addr_t *addrs6;
struct sockaddr_in6 *sin6;
u_char buf[NGX_SOCKADDR_STRLEN];
mport->addrs = ngx_pcalloc(cf->pool,
mport->naddrs * sizeof(ngx_mail_in6_addr_t));
if (mport->addrs == NULL) {
return NGX_ERROR;
}
addrs6 = mport->addrs;
for (i = 0; i < mport->naddrs; i++) {
sin6 = (struct sockaddr_in6 *) addr[i].sockaddr;
addrs6[i].addr6 = sin6->sin6_addr;
addrs6[i].conf.ctx = addr[i].ctx;
#if (NGX_MAIL_SSL)
addrs6[i].conf.ssl = addr[i].ssl;
#endif
len = ngx_sock_ntop(addr[i].sockaddr, addr[i].socklen, buf,
NGX_SOCKADDR_STRLEN, 1);
p = ngx_pnalloc(cf->pool, len);
if (p == NULL) {
return NGX_ERROR;
}
ngx_memcpy(p, buf, len);
addrs6[i].conf.addr_text.len = len;
addrs6[i].conf.addr_text.data = p;
}
return NGX_OK;
}
#endif
static ngx_int_t
ngx_mail_cmp_conf_addrs(const void *one, const void *two)
{
ngx_mail_conf_addr_t *first, *second;
first = (ngx_mail_conf_addr_t *) one;
second = (ngx_mail_conf_addr_t *) two;
if (first->wildcard) {
/* a wildcard must be the last resort, shift it to the end */
return 1;
}
if (second->wildcard) {
/* a wildcard must be the last resort, shift it to the end */
return -1;
}
if (first->bind && !second->bind) {
/* shift explicit bind()ed addresses to the start */
return -1;
}
if (!first->bind && second->bind) {
/* shift explicit bind()ed addresses to the start */
return 1;
}
/* do not sort by default */
return 0;
}
hm_nginx/src/mail/ngx_mail.h
+423
View File
@@ -0,0 +1,423 @@
/*
* Copyright (C) Igor Sysoev
* Copyright (C) Nginx, Inc.
*/
#ifndef _NGX_MAIL_H_INCLUDED_
#define _NGX_MAIL_H_INCLUDED_
#include <ngx_config.h>
#include <ngx_core.h>
#include <ngx_event.h>
#include <ngx_event_connect.h>
#if (NGX_MAIL_SSL)
#include <ngx_mail_ssl_module.h>
#endif
typedef struct {
void **main_conf;
void **srv_conf;
} ngx_mail_conf_ctx_t;
typedef struct {
u_char sockaddr[NGX_SOCKADDRLEN];
socklen_t socklen;
/* server ctx */
ngx_mail_conf_ctx_t *ctx;
unsigned bind:1;
unsigned wildcard:1;
#if (NGX_MAIL_SSL)
unsigned ssl:1;
#endif
#if (NGX_HAVE_INET6 && defined IPV6_V6ONLY)
unsigned ipv6only:1;
#endif
unsigned so_keepalive:2;
#if (NGX_HAVE_KEEPALIVE_TUNABLE)
int tcp_keepidle;
int tcp_keepintvl;
int tcp_keepcnt;
#endif
} ngx_mail_listen_t;
typedef struct {
ngx_mail_conf_ctx_t *ctx;
ngx_str_t addr_text;
#if (NGX_MAIL_SSL)
ngx_uint_t ssl; /* unsigned ssl:1; */
#endif
} ngx_mail_addr_conf_t;
typedef struct {
in_addr_t addr;
ngx_mail_addr_conf_t conf;
} ngx_mail_in_addr_t;
#if (NGX_HAVE_INET6)
typedef struct {
struct in6_addr addr6;
ngx_mail_addr_conf_t conf;
} ngx_mail_in6_addr_t;
#endif
typedef struct {
/* ngx_mail_in_addr_t or ngx_mail_in6_addr_t */
void *addrs;
ngx_uint_t naddrs;
} ngx_mail_port_t;
typedef struct {
int family;
in_port_t port;
ngx_array_t addrs; /* array of ngx_mail_conf_addr_t */
} ngx_mail_conf_port_t;
typedef struct {
struct sockaddr *sockaddr;
socklen_t socklen;
ngx_mail_conf_ctx_t *ctx;
unsigned bind:1;
unsigned wildcard:1;
#if (NGX_MAIL_SSL)
unsigned ssl:1;
#endif
#if (NGX_HAVE_INET6 && defined IPV6_V6ONLY)
unsigned ipv6only:1;
#endif
unsigned so_keepalive:2;
#if (NGX_HAVE_KEEPALIVE_TUNABLE)
int tcp_keepidle;
int tcp_keepintvl;
int tcp_keepcnt;
#endif
} ngx_mail_conf_addr_t;
typedef struct {
ngx_array_t servers; /* ngx_mail_core_srv_conf_t */
ngx_array_t listen; /* ngx_mail_listen_t */
} ngx_mail_core_main_conf_t;
#define NGX_MAIL_POP3_PROTOCOL 0
#define NGX_MAIL_IMAP_PROTOCOL 1
#define NGX_MAIL_SMTP_PROTOCOL 2
typedef struct ngx_mail_protocol_s ngx_mail_protocol_t;
typedef struct {
ngx_mail_protocol_t *protocol;
ngx_msec_t timeout;
ngx_msec_t resolver_timeout;
ngx_flag_t so_keepalive;
ngx_str_t server_name;
u_char *file_name;
ngx_int_t line;
ngx_resolver_t *resolver;
/* server ctx */
ngx_mail_conf_ctx_t *ctx;
} ngx_mail_core_srv_conf_t;
typedef enum {
ngx_pop3_start = 0,
ngx_pop3_user,
ngx_pop3_passwd,
ngx_pop3_auth_login_username,
ngx_pop3_auth_login_password,
ngx_pop3_auth_plain,
ngx_pop3_auth_cram_md5
} ngx_pop3_state_e;
typedef enum {
ngx_imap_start = 0,
ngx_imap_auth_login_username,
ngx_imap_auth_login_password,
ngx_imap_auth_plain,
ngx_imap_auth_cram_md5,
ngx_imap_login,
ngx_imap_user,
ngx_imap_passwd
} ngx_imap_state_e;
typedef enum {
ngx_smtp_start = 0,
ngx_smtp_auth_login_username,
ngx_smtp_auth_login_password,
ngx_smtp_auth_plain,
ngx_smtp_auth_cram_md5,
ngx_smtp_helo,
ngx_smtp_helo_xclient,
ngx_smtp_helo_from,
ngx_smtp_xclient,
ngx_smtp_xclient_from,
ngx_smtp_xclient_helo,
ngx_smtp_from,
ngx_smtp_to
} ngx_smtp_state_e;
typedef struct {
ngx_peer_connection_t upstream;
ngx_buf_t *buffer;
} ngx_mail_proxy_ctx_t;
typedef struct {
uint32_t signature; /* "MAIL" */
ngx_connection_t *connection;
ngx_str_t out;
ngx_buf_t *buffer;
void **ctx;
void **main_conf;
void **srv_conf;
ngx_resolver_ctx_t *resolver_ctx;
ngx_mail_proxy_ctx_t *proxy;
ngx_uint_t mail_state;
unsigned protocol:3;
unsigned blocked:1;
unsigned quit:1;
unsigned quoted:1;
unsigned backslash:1;
unsigned no_sync_literal:1;
unsigned starttls:1;
unsigned esmtp:1;
unsigned auth_method:3;
unsigned auth_wait:1;
ngx_str_t login;
ngx_str_t passwd;
ngx_str_t salt;
ngx_str_t tag;
ngx_str_t tagged_line;
ngx_str_t text;
ngx_str_t *addr_text;
ngx_str_t host;
ngx_str_t smtp_helo;
ngx_str_t smtp_from;
ngx_str_t smtp_to;
ngx_str_t cmd;
ngx_uint_t command;
ngx_array_t args;
ngx_uint_t login_attempt;
/* used to parse POP3/IMAP/SMTP command */
ngx_uint_t state;
u_char *cmd_start;
u_char *arg_start;
u_char *arg_end;
ngx_uint_t literal_len;
} ngx_mail_session_t;
typedef struct {
ngx_str_t *client;
ngx_mail_session_t *session;
} ngx_mail_log_ctx_t;
#define NGX_POP3_USER 1
#define NGX_POP3_PASS 2
#define NGX_POP3_CAPA 3
#define NGX_POP3_QUIT 4
#define NGX_POP3_NOOP 5
#define NGX_POP3_STLS 6
#define NGX_POP3_APOP 7
#define NGX_POP3_AUTH 8
#define NGX_POP3_STAT 9
#define NGX_POP3_LIST 10
#define NGX_POP3_RETR 11
#define NGX_POP3_DELE 12
#define NGX_POP3_RSET 13
#define NGX_POP3_TOP 14
#define NGX_POP3_UIDL 15
#define NGX_IMAP_LOGIN 1
#define NGX_IMAP_LOGOUT 2
#define NGX_IMAP_CAPABILITY 3
#define NGX_IMAP_NOOP 4
#define NGX_IMAP_STARTTLS 5
#define NGX_IMAP_NEXT 6
#define NGX_IMAP_AUTHENTICATE 7
#define NGX_SMTP_HELO 1
#define NGX_SMTP_EHLO 2
#define NGX_SMTP_AUTH 3
#define NGX_SMTP_QUIT 4
#define NGX_SMTP_NOOP 5
#define NGX_SMTP_MAIL 6
#define NGX_SMTP_RSET 7
#define NGX_SMTP_RCPT 8
#define NGX_SMTP_DATA 9
#define NGX_SMTP_VRFY 10
#define NGX_SMTP_EXPN 11
#define NGX_SMTP_HELP 12
#define NGX_SMTP_STARTTLS 13
#define NGX_MAIL_AUTH_PLAIN 0
#define NGX_MAIL_AUTH_LOGIN 1
#define NGX_MAIL_AUTH_LOGIN_USERNAME 2
#define NGX_MAIL_AUTH_APOP 3
#define NGX_MAIL_AUTH_CRAM_MD5 4
#define NGX_MAIL_AUTH_NONE 5
#define NGX_MAIL_AUTH_PLAIN_ENABLED 0x0002
#define NGX_MAIL_AUTH_LOGIN_ENABLED 0x0004
#define NGX_MAIL_AUTH_APOP_ENABLED 0x0008
#define NGX_MAIL_AUTH_CRAM_MD5_ENABLED 0x0010
#define NGX_MAIL_AUTH_NONE_ENABLED 0x0020
#define NGX_MAIL_PARSE_INVALID_COMMAND 20
typedef void (*ngx_mail_init_session_pt)(ngx_mail_session_t *s,
ngx_connection_t *c);
typedef void (*ngx_mail_init_protocol_pt)(ngx_event_t *rev);
typedef void (*ngx_mail_auth_state_pt)(ngx_event_t *rev);
typedef ngx_int_t (*ngx_mail_parse_command_pt)(ngx_mail_session_t *s);
struct ngx_mail_protocol_s {
ngx_str_t name;
in_port_t port[4];
ngx_uint_t type;
ngx_mail_init_session_pt init_session;
ngx_mail_init_protocol_pt init_protocol;
ngx_mail_parse_command_pt parse_command;
ngx_mail_auth_state_pt auth_state;
ngx_str_t internal_server_error;
ngx_str_t cert_error;
ngx_str_t no_cert;
};
typedef struct {
ngx_mail_protocol_t *protocol;
void *(*create_main_conf)(ngx_conf_t *cf);
char *(*init_main_conf)(ngx_conf_t *cf, void *conf);
void *(*create_srv_conf)(ngx_conf_t *cf);
char *(*merge_srv_conf)(ngx_conf_t *cf, void *prev,
void *conf);
} ngx_mail_module_t;
#define NGX_MAIL_MODULE 0x4C49414D /* "MAIL" */
#define NGX_MAIL_MAIN_CONF 0x02000000
#define NGX_MAIL_SRV_CONF 0x04000000
#define NGX_MAIL_MAIN_CONF_OFFSET offsetof(ngx_mail_conf_ctx_t, main_conf)
#define NGX_MAIL_SRV_CONF_OFFSET offsetof(ngx_mail_conf_ctx_t, srv_conf)
#define ngx_mail_get_module_ctx(s, module) (s)->ctx[module.ctx_index]
#define ngx_mail_set_ctx(s, c, module) s->ctx[module.ctx_index] = c;
#define ngx_mail_delete_ctx(s, module) s->ctx[module.ctx_index] = NULL;
#define ngx_mail_get_module_main_conf(s, module) \
(s)->main_conf[module.ctx_index]
#define ngx_mail_get_module_srv_conf(s, module) (s)->srv_conf[module.ctx_index]
#define ngx_mail_conf_get_module_main_conf(cf, module) \
((ngx_mail_conf_ctx_t *) cf->ctx)->main_conf[module.ctx_index]
#define ngx_mail_conf_get_module_srv_conf(cf, module) \
((ngx_mail_conf_ctx_t *) cf->ctx)->srv_conf[module.ctx_index]
#if (NGX_MAIL_SSL)
void ngx_mail_starttls_handler(ngx_event_t *rev);
ngx_int_t ngx_mail_starttls_only(ngx_mail_session_t *s, ngx_connection_t *c);
#endif
void ngx_mail_init_connection(ngx_connection_t *c);
ngx_int_t ngx_mail_salt(ngx_mail_session_t *s, ngx_connection_t *c,
ngx_mail_core_srv_conf_t *cscf);
ngx_int_t ngx_mail_auth_plain(ngx_mail_session_t *s, ngx_connection_t *c,
ngx_uint_t n);
ngx_int_t ngx_mail_auth_login_username(ngx_mail_session_t *s,
ngx_connection_t *c, ngx_uint_t n);
ngx_int_t ngx_mail_auth_login_password(ngx_mail_session_t *s,
ngx_connection_t *c);
ngx_int_t ngx_mail_auth_cram_md5_salt(ngx_mail_session_t *s,
ngx_connection_t *c, char *prefix, size_t len);
ngx_int_t ngx_mail_auth_cram_md5(ngx_mail_session_t *s, ngx_connection_t *c);
ngx_int_t ngx_mail_auth_parse(ngx_mail_session_t *s, ngx_connection_t *c);
void ngx_mail_send(ngx_event_t *wev);
ngx_int_t ngx_mail_read_command(ngx_mail_session_t *s, ngx_connection_t *c);
void ngx_mail_auth(ngx_mail_session_t *s, ngx_connection_t *c);
void ngx_mail_close_connection(ngx_connection_t *c);
void ngx_mail_session_internal_server_error(ngx_mail_session_t *s);
u_char *ngx_mail_log_error(ngx_log_t *log, u_char *buf, size_t len);
char *ngx_mail_capabilities(ngx_conf_t *cf, ngx_command_t *cmd, void *conf);
/* STUB */
void ngx_mail_proxy_init(ngx_mail_session_t *s, ngx_addr_t *peer);
void ngx_mail_auth_http_init(ngx_mail_session_t *s);
/**/
extern ngx_uint_t ngx_mail_max_module;
extern ngx_module_t ngx_mail_core_module;
#endif /* _NGX_MAIL_H_INCLUDED_ */
hm_nginx/src/mail/ngx_mail_auth_http_module.c
+1590
View File
File diff suppressed because it is too large Load Diff
hm_nginx/src/mail/ngx_mail_core_module.c
+653
View File
@@ -0,0 +1,653 @@
/*
* Copyright (C) Igor Sysoev
* Copyright (C) Nginx, Inc.
*/
#include <ngx_config.h>
#include <ngx_core.h>
#include <ngx_event.h>
#include <ngx_mail.h>
static void *ngx_mail_core_create_main_conf(ngx_conf_t *cf);
static void *ngx_mail_core_create_srv_conf(ngx_conf_t *cf);
static char *ngx_mail_core_merge_srv_conf(ngx_conf_t *cf, void *parent,
void *child);
static char *ngx_mail_core_server(ngx_conf_t *cf, ngx_command_t *cmd,
void *conf);
static char *ngx_mail_core_listen(ngx_conf_t *cf, ngx_command_t *cmd,
void *conf);
static char *ngx_mail_core_protocol(ngx_conf_t *cf, ngx_command_t *cmd,
void *conf);
static char *ngx_mail_core_resolver(ngx_conf_t *cf, ngx_command_t *cmd,
void *conf);
static ngx_conf_deprecated_t ngx_conf_deprecated_so_keepalive = {
ngx_conf_deprecated, "so_keepalive",
"so_keepalive\" parameter of the \"listen"
};
static ngx_command_t ngx_mail_core_commands[] = {
{ ngx_string("server"),
NGX_MAIL_MAIN_CONF|NGX_CONF_BLOCK|NGX_CONF_NOARGS,
ngx_mail_core_server,
0,
0,
NULL },
{ ngx_string("listen"),
NGX_MAIL_SRV_CONF|NGX_CONF_1MORE,
ngx_mail_core_listen,
NGX_MAIL_SRV_CONF_OFFSET,
0,
NULL },
{ ngx_string("protocol"),
NGX_MAIL_SRV_CONF|NGX_CONF_TAKE1,
ngx_mail_core_protocol,
NGX_MAIL_SRV_CONF_OFFSET,
0,
NULL },
{ ngx_string("so_keepalive"),
NGX_MAIL_MAIN_CONF|NGX_MAIL_SRV_CONF|NGX_CONF_FLAG,
ngx_conf_set_flag_slot,
NGX_MAIL_SRV_CONF_OFFSET,
offsetof(ngx_mail_core_srv_conf_t, so_keepalive),
&ngx_conf_deprecated_so_keepalive },
{ ngx_string("timeout"),
NGX_MAIL_MAIN_CONF|NGX_MAIL_SRV_CONF|NGX_CONF_TAKE1,
ngx_conf_set_msec_slot,
NGX_MAIL_SRV_CONF_OFFSET,
offsetof(ngx_mail_core_srv_conf_t, timeout),
NULL },
{ ngx_string("server_name"),
NGX_MAIL_MAIN_CONF|NGX_MAIL_SRV_CONF|NGX_CONF_TAKE1,
ngx_conf_set_str_slot,
NGX_MAIL_SRV_CONF_OFFSET,
offsetof(ngx_mail_core_srv_conf_t, server_name),
NULL },
{ ngx_string("resolver"),
NGX_MAIL_MAIN_CONF|NGX_MAIL_SRV_CONF|NGX_CONF_1MORE,
ngx_mail_core_resolver,
NGX_MAIL_SRV_CONF_OFFSET,
0,
NULL },
{ ngx_string("resolver_timeout"),
NGX_MAIL_MAIN_CONF|NGX_MAIL_SRV_CONF|NGX_CONF_TAKE1,
ngx_conf_set_msec_slot,
NGX_MAIL_SRV_CONF_OFFSET,
offsetof(ngx_mail_core_srv_conf_t, resolver_timeout),
NULL },
ngx_null_command
};
static ngx_mail_module_t ngx_mail_core_module_ctx = {
NULL, /* protocol */
ngx_mail_core_create_main_conf, /* create main configuration */
NULL, /* init main configuration */
ngx_mail_core_create_srv_conf, /* create server configuration */
ngx_mail_core_merge_srv_conf /* merge server configuration */
};
ngx_module_t ngx_mail_core_module = {
NGX_MODULE_V1,
&ngx_mail_core_module_ctx, /* module context */
ngx_mail_core_commands, /* module directives */
NGX_MAIL_MODULE, /* module type */
NULL, /* init master */
NULL, /* init module */
NULL, /* init process */
NULL, /* init thread */
NULL, /* exit thread */
NULL, /* exit process */
NULL, /* exit master */
NGX_MODULE_V1_PADDING
};
static void *
ngx_mail_core_create_main_conf(ngx_conf_t *cf)
{
ngx_mail_core_main_conf_t *cmcf;
cmcf = ngx_pcalloc(cf->pool, sizeof(ngx_mail_core_main_conf_t));
if (cmcf == NULL) {
return NULL;
}
if (ngx_array_init(&cmcf->servers, cf->pool, 4,
sizeof(ngx_mail_core_srv_conf_t *))
!= NGX_OK)
{
return NULL;
}
if (ngx_array_init(&cmcf->listen, cf->pool, 4, sizeof(ngx_mail_listen_t))
!= NGX_OK)
{
return NULL;
}
return cmcf;
}
static void *
ngx_mail_core_create_srv_conf(ngx_conf_t *cf)
{
ngx_mail_core_srv_conf_t *cscf;
cscf = ngx_pcalloc(cf->pool, sizeof(ngx_mail_core_srv_conf_t));
if (cscf == NULL) {
return NULL;
}
/*
* set by ngx_pcalloc():
*
* cscf->protocol = NULL;
*/
cscf->timeout = NGX_CONF_UNSET_MSEC;
cscf->resolver_timeout = NGX_CONF_UNSET_MSEC;
cscf->so_keepalive = NGX_CONF_UNSET;
cscf->resolver = NGX_CONF_UNSET_PTR;
cscf->file_name = cf->conf_file->file.name.data;
cscf->line = cf->conf_file->line;
return cscf;
}
static char *
ngx_mail_core_merge_srv_conf(ngx_conf_t *cf, void *parent, void *child)
{
ngx_mail_core_srv_conf_t *prev = parent;
ngx_mail_core_srv_conf_t *conf = child;
ngx_conf_merge_msec_value(conf->timeout, prev->timeout, 60000);
ngx_conf_merge_msec_value(conf->resolver_timeout, prev->resolver_timeout,
30000);
ngx_conf_merge_value(conf->so_keepalive, prev->so_keepalive, 0);
ngx_conf_merge_str_value(conf->server_name, prev->server_name, "");
if (conf->server_name.len == 0) {
conf->server_name = cf->cycle->hostname;
}
if (conf->protocol == NULL) {
ngx_log_error(NGX_LOG_EMERG, cf->log, 0,
"unknown mail protocol for server in %s:%ui",
conf->file_name, conf->line);
return NGX_CONF_ERROR;
}
ngx_conf_merge_ptr_value(conf->resolver, prev->resolver, NULL);
return NGX_CONF_OK;
}
static char *
ngx_mail_core_server(ngx_conf_t *cf, ngx_command_t *cmd, void *conf)
{
char *rv;
void *mconf;
ngx_uint_t m;
ngx_conf_t pcf;
ngx_mail_module_t *module;
ngx_mail_conf_ctx_t *ctx, *mail_ctx;
ngx_mail_core_srv_conf_t *cscf, **cscfp;
ngx_mail_core_main_conf_t *cmcf;
ctx = ngx_pcalloc(cf->pool, sizeof(ngx_mail_conf_ctx_t));
if (ctx == NULL) {
return NGX_CONF_ERROR;
}
mail_ctx = cf->ctx;
ctx->main_conf = mail_ctx->main_conf;
/* the server{}'s srv_conf */
ctx->srv_conf = ngx_pcalloc(cf->pool, sizeof(void *) * ngx_mail_max_module);
if (ctx->srv_conf == NULL) {
return NGX_CONF_ERROR;
}
for (m = 0; ngx_modules[m]; m++) {
if (ngx_modules[m]->type != NGX_MAIL_MODULE) {
continue;
}
module = ngx_modules[m]->ctx;
if (module->create_srv_conf) {
mconf = module->create_srv_conf(cf);
if (mconf == NULL) {
return NGX_CONF_ERROR;
}
ctx->srv_conf[ngx_modules[m]->ctx_index] = mconf;
}
}
/* the server configuration context */
cscf = ctx->srv_conf[ngx_mail_core_module.ctx_index];
cscf->ctx = ctx;
cmcf = ctx->main_conf[ngx_mail_core_module.ctx_index];
cscfp = ngx_array_push(&cmcf->servers);
if (cscfp == NULL) {
return NGX_CONF_ERROR;
}
*cscfp = cscf;
/* parse inside server{} */
pcf = *cf;
cf->ctx = ctx;
cf->cmd_type = NGX_MAIL_SRV_CONF;
rv = ngx_conf_parse(cf, NULL);
*cf = pcf;
return rv;
}
static char *
ngx_mail_core_listen(ngx_conf_t *cf, ngx_command_t *cmd, void *conf)
{
ngx_mail_core_srv_conf_t *cscf = conf;
size_t len, off;
in_port_t port;
ngx_str_t *value;
ngx_url_t u;
ngx_uint_t i, m;
struct sockaddr *sa;
ngx_mail_listen_t *ls;
ngx_mail_module_t *module;
struct sockaddr_in *sin;
ngx_mail_core_main_conf_t *cmcf;
#if (NGX_HAVE_INET6)
struct sockaddr_in6 *sin6;
#endif
value = cf->args->elts;
ngx_memzero(&u, sizeof(ngx_url_t));
u.url = value[1];
u.listen = 1;
if (ngx_parse_url(cf->pool, &u) != NGX_OK) {
if (u.err) {
ngx_conf_log_error(NGX_LOG_EMERG, cf, 0,
"%s in \"%V\" of the \"listen\" directive",
u.err, &u.url);
}
return NGX_CONF_ERROR;
}
cmcf = ngx_mail_conf_get_module_main_conf(cf, ngx_mail_core_module);
ls = cmcf->listen.elts;
for (i = 0; i < cmcf->listen.nelts; i++) {
sa = (struct sockaddr *) ls[i].sockaddr;
if (sa->sa_family != u.family) {
continue;
}
switch (sa->sa_family) {
#if (NGX_HAVE_INET6)
case AF_INET6:
off = offsetof(struct sockaddr_in6, sin6_addr);
len = 16;
sin6 = (struct sockaddr_in6 *) sa;
port = ntohs(sin6->sin6_port);
break;
#endif
#if (NGX_HAVE_UNIX_DOMAIN)
case AF_UNIX:
off = offsetof(struct sockaddr_un, sun_path);
len = sizeof(((struct sockaddr_un *) sa)->sun_path);
port = 0;
break;
#endif
default: /* AF_INET */
off = offsetof(struct sockaddr_in, sin_addr);
len = 4;
sin = (struct sockaddr_in *) sa;
port = ntohs(sin->sin_port);
break;
}
if (ngx_memcmp(ls[i].sockaddr + off, u.sockaddr + off, len) != 0) {
continue;
}
if (port != u.port) {
continue;
}
ngx_conf_log_error(NGX_LOG_EMERG, cf, 0,
"duplicate \"%V\" address and port pair", &u.url);
return NGX_CONF_ERROR;
}
ls = ngx_array_push(&cmcf->listen);
if (ls == NULL) {
return NGX_CONF_ERROR;
}
ngx_memzero(ls, sizeof(ngx_mail_listen_t));
ngx_memcpy(ls->sockaddr, u.sockaddr, u.socklen);
ls->socklen = u.socklen;
ls->wildcard = u.wildcard;
ls->ctx = cf->ctx;
#if (NGX_HAVE_INET6 && defined IPV6_V6ONLY)
ls->ipv6only = 1;
#endif
if (cscf->protocol == NULL) {
for (m = 0; ngx_modules[m]; m++) {
if (ngx_modules[m]->type != NGX_MAIL_MODULE) {
continue;
}
module = ngx_modules[m]->ctx;
if (module->protocol == NULL) {
continue;
}
for (i = 0; module->protocol->port[i]; i++) {
if (module->protocol->port[i] == u.port) {
cscf->protocol = module->protocol;
break;
}
}
}
}
for (i = 2; i < cf->args->nelts; i++) {
if (ngx_strcmp(value[i].data, "bind") == 0) {
ls->bind = 1;
continue;
}
if (ngx_strncmp(value[i].data, "ipv6only=o", 10) == 0) {
#if (NGX_HAVE_INET6 && defined IPV6_V6ONLY)
struct sockaddr *sa;
u_char buf[NGX_SOCKADDR_STRLEN];
sa = (struct sockaddr *) ls->sockaddr;
if (sa->sa_family == AF_INET6) {
if (ngx_strcmp(&value[i].data[10], "n") == 0) {
ls->ipv6only = 1;
} else if (ngx_strcmp(&value[i].data[10], "ff") == 0) {
ls->ipv6only = 0;
} else {
ngx_conf_log_error(NGX_LOG_EMERG, cf, 0,
"invalid ipv6only flags \"%s\"",
&value[i].data[9]);
return NGX_CONF_ERROR;
}
ls->bind = 1;
} else {
len = ngx_sock_ntop(sa, ls->socklen, buf,
NGX_SOCKADDR_STRLEN, 1);
ngx_conf_log_error(NGX_LOG_EMERG, cf, 0,
"ipv6only is not supported "
"on addr \"%*s\", ignored", len, buf);
}
continue;
#else
ngx_conf_log_error(NGX_LOG_EMERG, cf, 0,
"bind ipv6only is not supported "
"on this platform");
return NGX_CONF_ERROR;
#endif
}
if (ngx_strcmp(value[i].data, "ssl") == 0) {
#if (NGX_MAIL_SSL)
ls->ssl = 1;
continue;
#else
ngx_conf_log_error(NGX_LOG_EMERG, cf, 0,
"the \"ssl\" parameter requires "
"ngx_mail_ssl_module");
return NGX_CONF_ERROR;
#endif
}
if (ngx_strncmp(value[i].data, "so_keepalive=", 13) == 0) {
if (ngx_strcmp(&value[i].data[13], "on") == 0) {
ls->so_keepalive = 1;
} else if (ngx_strcmp(&value[i].data[13], "off") == 0) {
ls->so_keepalive = 2;
} else {
#if (NGX_HAVE_KEEPALIVE_TUNABLE)
u_char *p, *end;
ngx_str_t s;
end = value[i].data + value[i].len;
s.data = value[i].data + 13;
p = ngx_strlchr(s.data, end, ':');
if (p == NULL) {
p = end;
}
if (p > s.data) {
s.len = p - s.data;
ls->tcp_keepidle = ngx_parse_time(&s, 1);
if (ls->tcp_keepidle == (time_t) NGX_ERROR) {
goto invalid_so_keepalive;
}
}
s.data = (p < end) ? (p + 1) : end;
p = ngx_strlchr(s.data, end, ':');
if (p == NULL) {
p = end;
}
if (p > s.data) {
s.len = p - s.data;
ls->tcp_keepintvl = ngx_parse_time(&s, 1);
if (ls->tcp_keepintvl == (time_t) NGX_ERROR) {
goto invalid_so_keepalive;
}
}
s.data = (p < end) ? (p + 1) : end;
if (s.data < end) {
s.len = end - s.data;
ls->tcp_keepcnt = ngx_atoi(s.data, s.len);
if (ls->tcp_keepcnt == NGX_ERROR) {
goto invalid_so_keepalive;
}
}
if (ls->tcp_keepidle == 0 && ls->tcp_keepintvl == 0
&& ls->tcp_keepcnt == 0)
{
goto invalid_so_keepalive;
}
ls->so_keepalive = 1;
#else
ngx_conf_log_error(NGX_LOG_EMERG, cf, 0,
"the \"so_keepalive\" parameter accepts "
"only \"on\" or \"off\" on this platform");
return NGX_CONF_ERROR;
#endif
}
ls->bind = 1;
continue;
#if (NGX_HAVE_KEEPALIVE_TUNABLE)
invalid_so_keepalive:
ngx_conf_log_error(NGX_LOG_EMERG, cf, 0,
"invalid so_keepalive value: \"%s\"",
&value[i].data[13]);
return NGX_CONF_ERROR;
#endif
}
ngx_conf_log_error(NGX_LOG_EMERG, cf, 0,
"the invalid \"%V\" parameter", &value[i]);
return NGX_CONF_ERROR;
}
return NGX_CONF_OK;
}
static char *
ngx_mail_core_protocol(ngx_conf_t *cf, ngx_command_t *cmd, void *conf)
{
ngx_mail_core_srv_conf_t *cscf = conf;
ngx_str_t *value;
ngx_uint_t m;
ngx_mail_module_t *module;
value = cf->args->elts;
for (m = 0; ngx_modules[m]; m++) {
if (ngx_modules[m]->type != NGX_MAIL_MODULE) {
continue;
}
module = ngx_modules[m]->ctx;
if (module->protocol
&& ngx_strcmp(module->protocol->name.data, value[1].data) == 0)
{
cscf->protocol = module->protocol;
return NGX_CONF_OK;
}
}
ngx_conf_log_error(NGX_LOG_EMERG, cf, 0,
"unknown protocol \"%V\"", &value[1]);
return NGX_CONF_ERROR;
}
static char *
ngx_mail_core_resolver(ngx_conf_t *cf, ngx_command_t *cmd, void *conf)
{
ngx_mail_core_srv_conf_t *cscf = conf;
ngx_str_t *value;
value = cf->args->elts;
if (cscf->resolver != NGX_CONF_UNSET_PTR) {
return "is duplicate";
}
if (ngx_strcmp(value[1].data, "off") == 0) {
cscf->resolver = NULL;
return NGX_CONF_OK;
}
cscf->resolver = ngx_resolver_create(cf, &value[1], cf->args->nelts - 1);
if (cscf->resolver == NULL) {
return NGX_CONF_ERROR;
}
return NGX_CONF_OK;
}
char *
ngx_mail_capabilities(ngx_conf_t *cf, ngx_command_t *cmd, void *conf)
{
char *p = conf;
ngx_str_t *c, *value;
ngx_uint_t i;
ngx_array_t *a;
a = (ngx_array_t *) (p + cmd->offset);
value = cf->args->elts;
for (i = 1; i < cf->args->nelts; i++) {
c = ngx_array_push(a);
if (c == NULL) {
return NGX_CONF_ERROR;
}
*c = value[i];
}
return NGX_CONF_OK;
}
hm_nginx/src/mail/ngx_mail_handler.c
+861
View File
@@ -0,0 +1,861 @@
/*
* Copyright (C) Igor Sysoev
* Copyright (C) Nginx, Inc.
*/
#include <ngx_config.h>
#include <ngx_core.h>
#include <ngx_event.h>
#include <ngx_mail.h>
static void ngx_mail_init_session(ngx_connection_t *c);
#if (NGX_MAIL_SSL)
static void ngx_mail_ssl_init_connection(ngx_ssl_t *ssl, ngx_connection_t *c);
static void ngx_mail_ssl_handshake_handler(ngx_connection_t *c);
static ngx_int_t ngx_mail_verify_cert(ngx_mail_session_t *s,
ngx_connection_t *c);
#endif
void
ngx_mail_init_connection(ngx_connection_t *c)
{
size_t len;
ngx_uint_t i;
ngx_mail_port_t *port;
struct sockaddr *sa;
struct sockaddr_in *sin;
ngx_mail_log_ctx_t *ctx;
ngx_mail_in_addr_t *addr;
ngx_mail_session_t *s;
ngx_mail_addr_conf_t *addr_conf;
u_char text[NGX_SOCKADDR_STRLEN];
#if (NGX_HAVE_INET6)
struct sockaddr_in6 *sin6;
ngx_mail_in6_addr_t *addr6;
#endif
/* find the server configuration for the address:port */
port = c->listening->servers;
if (port->naddrs > 1) {
/*
* There are several addresses on this port and one of them
* is the "*:port" wildcard so getsockname() is needed to determine
* the server address.
*
* AcceptEx() already gave this address.
*/
if (ngx_connection_local_sockaddr(c, NULL, 0) != NGX_OK) {
ngx_mail_close_connection(c);
return;
}
sa = c->local_sockaddr;
switch (sa->sa_family) {
#if (NGX_HAVE_INET6)
case AF_INET6:
sin6 = (struct sockaddr_in6 *) sa;
addr6 = port->addrs;
/* the last address is "*" */
for (i = 0; i < port->naddrs - 1; i++) {
if (ngx_memcmp(&addr6[i].addr6, &sin6->sin6_addr, 16) == 0) {
break;
}
}
addr_conf = &addr6[i].conf;
break;
#endif
default: /* AF_INET */
sin = (struct sockaddr_in *) sa;
addr = port->addrs;
/* the last address is "*" */
for (i = 0; i < port->naddrs - 1; i++) {
if (addr[i].addr == sin->sin_addr.s_addr) {
break;
}
}
addr_conf = &addr[i].conf;
break;
}
} else {
switch (c->local_sockaddr->sa_family) {
#if (NGX_HAVE_INET6)
case AF_INET6:
addr6 = port->addrs;
addr_conf = &addr6[0].conf;
break;
#endif
default: /* AF_INET */
addr = port->addrs;
addr_conf = &addr[0].conf;
break;
}
}
s = ngx_pcalloc(c->pool, sizeof(ngx_mail_session_t));
if (s == NULL) {
ngx_mail_close_connection(c);
return;
}
s->signature = NGX_MAIL_MODULE;
s->main_conf = addr_conf->ctx->main_conf;
s->srv_conf = addr_conf->ctx->srv_conf;
s->addr_text = &addr_conf->addr_text;
c->data = s;
s->connection = c;
len = ngx_sock_ntop(c->sockaddr, c->socklen, text, NGX_SOCKADDR_STRLEN, 1);
ngx_log_error(NGX_LOG_INFO, c->log, 0, "*%uA client %*s connected to %V",
c->number, len, text, s->addr_text);
ctx = ngx_palloc(c->pool, sizeof(ngx_mail_log_ctx_t));
if (ctx == NULL) {
ngx_mail_close_connection(c);
return;
}
ctx->client = &c->addr_text;
ctx->session = s;
c->log->connection = c->number;
c->log->handler = ngx_mail_log_error;
c->log->data = ctx;
c->log->action = "sending client greeting line";
c->log_error = NGX_ERROR_INFO;
#if (NGX_MAIL_SSL)
{
ngx_mail_ssl_conf_t *sslcf;
sslcf = ngx_mail_get_module_srv_conf(s, ngx_mail_ssl_module);
if (sslcf->enable) {
c->log->action = "SSL handshaking";
ngx_mail_ssl_init_connection(&sslcf->ssl, c);
return;
}
if (addr_conf->ssl) {
c->log->action = "SSL handshaking";
if (sslcf->ssl.ctx == NULL) {
ngx_log_error(NGX_LOG_ERR, c->log, 0,
"no \"ssl_certificate\" is defined "
"in server listening on SSL port");
ngx_mail_close_connection(c);
return;
}
ngx_mail_ssl_init_connection(&sslcf->ssl, c);
return;
}
}
#endif
ngx_mail_init_session(c);
}
#if (NGX_MAIL_SSL)
void
ngx_mail_starttls_handler(ngx_event_t *rev)
{
ngx_connection_t *c;
ngx_mail_session_t *s;
ngx_mail_ssl_conf_t *sslcf;
c = rev->data;
s = c->data;
s->starttls = 1;
c->log->action = "in starttls state";
sslcf = ngx_mail_get_module_srv_conf(s, ngx_mail_ssl_module);
ngx_mail_ssl_init_connection(&sslcf->ssl, c);
}
static void
ngx_mail_ssl_init_connection(ngx_ssl_t *ssl, ngx_connection_t *c)
{
ngx_mail_session_t *s;
ngx_mail_core_srv_conf_t *cscf;
if (ngx_ssl_create_connection(ssl, c, 0) == NGX_ERROR) {
ngx_mail_close_connection(c);
return;
}
if (ngx_ssl_handshake(c) == NGX_AGAIN) {
s = c->data;
cscf = ngx_mail_get_module_srv_conf(s, ngx_mail_core_module);
ngx_add_timer(c->read, cscf->timeout);
c->ssl->handler = ngx_mail_ssl_handshake_handler;
return;
}
ngx_mail_ssl_handshake_handler(c);
}
static void
ngx_mail_ssl_handshake_handler(ngx_connection_t *c)
{
ngx_mail_session_t *s;
ngx_mail_core_srv_conf_t *cscf;
if (c->ssl->handshaked) {
s = c->data;
if (ngx_mail_verify_cert(s, c) != NGX_OK) {
return;
}
if (s->starttls) {
cscf = ngx_mail_get_module_srv_conf(s, ngx_mail_core_module);
c->read->handler = cscf->protocol->init_protocol;
c->write->handler = ngx_mail_send;
cscf->protocol->init_protocol(c->read);
return;
}
c->read->ready = 0;
ngx_mail_init_session(c);
return;
}
ngx_mail_close_connection(c);
}
static ngx_int_t
ngx_mail_verify_cert(ngx_mail_session_t *s, ngx_connection_t *c)
{
long rc;
X509 *cert;
ngx_mail_ssl_conf_t *sslcf;
ngx_mail_core_srv_conf_t *cscf;
sslcf = ngx_mail_get_module_srv_conf(s, ngx_mail_ssl_module);
if (!sslcf->verify) {
return NGX_OK;
}
rc = SSL_get_verify_result(c->ssl->connection);
if (rc != X509_V_OK
&& (sslcf->verify != 3 || !ngx_ssl_verify_error_optional(rc)))
{
ngx_log_error(NGX_LOG_INFO, c->log, 0,
"client SSL certificate verify error: (%l:%s)",
rc, X509_verify_cert_error_string(rc));
ngx_ssl_remove_cached_session(sslcf->ssl.ctx,
(SSL_get0_session(c->ssl->connection)));
cscf = ngx_mail_get_module_srv_conf(s, ngx_mail_core_module);
s->out = cscf->protocol->cert_error;
s->quit = 1;
c->write->handler = ngx_mail_send;
ngx_mail_send(s->connection->write);
return NGX_ERROR;
}
if (sslcf->verify == 1) {
cert = SSL_get_peer_certificate(c->ssl->connection);
if (cert == NULL) {
ngx_log_error(NGX_LOG_INFO, c->log, 0,
"client sent no required SSL certificate");
ngx_ssl_remove_cached_session(sslcf->ssl.ctx,
(SSL_get0_session(c->ssl->connection)));
cscf = ngx_mail_get_module_srv_conf(s, ngx_mail_core_module);
s->out = cscf->protocol->no_cert;
s->quit = 1;
c->write->handler = ngx_mail_send;
ngx_mail_send(s->connection->write);
return NGX_ERROR;
}
X509_free(cert);
}
return NGX_OK;
}
#endif
static void
ngx_mail_init_session(ngx_connection_t *c)
{
ngx_mail_session_t *s;
ngx_mail_core_srv_conf_t *cscf;
s = c->data;
cscf = ngx_mail_get_module_srv_conf(s, ngx_mail_core_module);
s->protocol = cscf->protocol->type;
s->ctx = ngx_pcalloc(c->pool, sizeof(void *) * ngx_mail_max_module);
if (s->ctx == NULL) {
ngx_mail_session_internal_server_error(s);
return;
}
c->write->handler = ngx_mail_send;
cscf->protocol->init_session(s, c);
}
ngx_int_t
ngx_mail_salt(ngx_mail_session_t *s, ngx_connection_t *c,
ngx_mail_core_srv_conf_t *cscf)
{
s->salt.data = ngx_pnalloc(c->pool,
sizeof(" <18446744073709551616.@>" CRLF) - 1
+ NGX_TIME_T_LEN
+ cscf->server_name.len);
if (s->salt.data == NULL) {
return NGX_ERROR;
}
s->salt.len = ngx_sprintf(s->salt.data, "<%ul.%T@%V>" CRLF,
ngx_random(), ngx_time(), &cscf->server_name)
- s->salt.data;
return NGX_OK;
}
#if (NGX_MAIL_SSL)
ngx_int_t
ngx_mail_starttls_only(ngx_mail_session_t *s, ngx_connection_t *c)
{
ngx_mail_ssl_conf_t *sslcf;
if (c->ssl) {
return 0;
}
sslcf = ngx_mail_get_module_srv_conf(s, ngx_mail_ssl_module);
if (sslcf->starttls == NGX_MAIL_STARTTLS_ONLY) {
return 1;
}
return 0;
}
#endif
ngx_int_t
ngx_mail_auth_plain(ngx_mail_session_t *s, ngx_connection_t *c, ngx_uint_t n)
{
u_char *p, *last;
ngx_str_t *arg, plain;
arg = s->args.elts;
#if (NGX_DEBUG_MAIL_PASSWD)
ngx_log_debug1(NGX_LOG_DEBUG_MAIL, c->log, 0,
"mail auth plain: \"%V\"", &arg[n]);
#endif
plain.data = ngx_pnalloc(c->pool, ngx_base64_decoded_length(arg[n].len));
if (plain.data == NULL) {
return NGX_ERROR;
}
if (ngx_decode_base64(&plain, &arg[n]) != NGX_OK) {
ngx_log_error(NGX_LOG_INFO, c->log, 0,
"client sent invalid base64 encoding in AUTH PLAIN command");
return NGX_MAIL_PARSE_INVALID_COMMAND;
}
p = plain.data;
last = p + plain.len;
while (p < last && *p++) { /* void */ }
if (p == last) {
ngx_log_error(NGX_LOG_INFO, c->log, 0,
"client sent invalid login in AUTH PLAIN command");
return NGX_MAIL_PARSE_INVALID_COMMAND;
}
s->login.data = p;
while (p < last && *p) { p++; }
if (p == last) {
ngx_log_error(NGX_LOG_INFO, c->log, 0,
"client sent invalid password in AUTH PLAIN command");
return NGX_MAIL_PARSE_INVALID_COMMAND;
}
s->login.len = p++ - s->login.data;
s->passwd.len = last - p;
s->passwd.data = p;
#if (NGX_DEBUG_MAIL_PASSWD)
ngx_log_debug2(NGX_LOG_DEBUG_MAIL, c->log, 0,
"mail auth plain: \"%V\" \"%V\"", &s->login, &s->passwd);
#endif
return NGX_DONE;
}
ngx_int_t
ngx_mail_auth_login_username(ngx_mail_session_t *s, ngx_connection_t *c,
ngx_uint_t n)
{
ngx_str_t *arg;
arg = s->args.elts;
ngx_log_debug1(NGX_LOG_DEBUG_MAIL, c->log, 0,
"mail auth login username: \"%V\"", &arg[n]);
s->login.data = ngx_pnalloc(c->pool, ngx_base64_decoded_length(arg[n].len));
if (s->login.data == NULL) {
return NGX_ERROR;
}
if (ngx_decode_base64(&s->login, &arg[n]) != NGX_OK) {
ngx_log_error(NGX_LOG_INFO, c->log, 0,
"client sent invalid base64 encoding in AUTH LOGIN command");
return NGX_MAIL_PARSE_INVALID_COMMAND;
}
ngx_log_debug1(NGX_LOG_DEBUG_MAIL, c->log, 0,
"mail auth login username: \"%V\"", &s->login);
return NGX_OK;
}
ngx_int_t
ngx_mail_auth_login_password(ngx_mail_session_t *s, ngx_connection_t *c)
{
ngx_str_t *arg;
arg = s->args.elts;
#if (NGX_DEBUG_MAIL_PASSWD)
ngx_log_debug1(NGX_LOG_DEBUG_MAIL, c->log, 0,
"mail auth login password: \"%V\"", &arg[0]);
#endif
s->passwd.data = ngx_pnalloc(c->pool,
ngx_base64_decoded_length(arg[0].len));
if (s->passwd.data == NULL) {
return NGX_ERROR;
}
if (ngx_decode_base64(&s->passwd, &arg[0]) != NGX_OK) {
ngx_log_error(NGX_LOG_INFO, c->log, 0,
"client sent invalid base64 encoding in AUTH LOGIN command");
return NGX_MAIL_PARSE_INVALID_COMMAND;
}
#if (NGX_DEBUG_MAIL_PASSWD)
ngx_log_debug1(NGX_LOG_DEBUG_MAIL, c->log, 0,
"mail auth login password: \"%V\"", &s->passwd);
#endif
return NGX_DONE;
}
ngx_int_t
ngx_mail_auth_cram_md5_salt(ngx_mail_session_t *s, ngx_connection_t *c,
char *prefix, size_t len)
{
u_char *p;
ngx_str_t salt;
ngx_uint_t n;
p = ngx_pnalloc(c->pool, len + ngx_base64_encoded_length(s->salt.len) + 2);
if (p == NULL) {
return NGX_ERROR;
}
salt.data = ngx_cpymem(p, prefix, len);
s->salt.len -= 2;
ngx_encode_base64(&salt, &s->salt);
s->salt.len += 2;
n = len + salt.len;
p[n++] = CR; p[n++] = LF;
s->out.len = n;
s->out.data = p;
return NGX_OK;
}
ngx_int_t
ngx_mail_auth_cram_md5(ngx_mail_session_t *s, ngx_connection_t *c)
{
u_char *p, *last;
ngx_str_t *arg;
arg = s->args.elts;
ngx_log_debug1(NGX_LOG_DEBUG_MAIL, c->log, 0,
"mail auth cram-md5: \"%V\"", &arg[0]);
s->login.data = ngx_pnalloc(c->pool, ngx_base64_decoded_length(arg[0].len));
if (s->login.data == NULL) {
return NGX_ERROR;
}
if (ngx_decode_base64(&s->login, &arg[0]) != NGX_OK) {
ngx_log_error(NGX_LOG_INFO, c->log, 0,
"client sent invalid base64 encoding in AUTH CRAM-MD5 command");
return NGX_MAIL_PARSE_INVALID_COMMAND;
}
p = s->login.data;
last = p + s->login.len;
while (p < last) {
if (*p++ == ' ') {
s->login.len = p - s->login.data - 1;
s->passwd.len = last - p;
s->passwd.data = p;
break;
}
}
if (s->passwd.len != 32) {
ngx_log_error(NGX_LOG_INFO, c->log, 0,
"client sent invalid CRAM-MD5 hash in AUTH CRAM-MD5 command");
return NGX_MAIL_PARSE_INVALID_COMMAND;
}
ngx_log_debug2(NGX_LOG_DEBUG_MAIL, c->log, 0,
"mail auth cram-md5: \"%V\" \"%V\"", &s->login, &s->passwd);
s->auth_method = NGX_MAIL_AUTH_CRAM_MD5;
return NGX_DONE;
}
void
ngx_mail_send(ngx_event_t *wev)
{
ngx_int_t n;
ngx_connection_t *c;
ngx_mail_session_t *s;
ngx_mail_core_srv_conf_t *cscf;
c = wev->data;
s = c->data;
if (wev->timedout) {
ngx_log_error(NGX_LOG_INFO, c->log, NGX_ETIMEDOUT, "client timed out");
c->timedout = 1;
ngx_mail_close_connection(c);
return;
}
if (s->out.len == 0) {
if (ngx_handle_write_event(c->write, 0) != NGX_OK) {
ngx_mail_close_connection(c);
}
return;
}
n = c->send(c, s->out.data, s->out.len);
if (n > 0) {
s->out.data += n;
s->out.len -= n;
if (s->out.len != 0) {
goto again;
}
if (wev->timer_set) {
ngx_del_timer(wev);
}
if (s->quit) {
ngx_mail_close_connection(c);
return;
}
if (s->blocked) {
c->read->handler(c->read);
}
return;
}
if (n == NGX_ERROR) {
ngx_mail_close_connection(c);
return;
}
/* n == NGX_AGAIN */
again:
cscf = ngx_mail_get_module_srv_conf(s, ngx_mail_core_module);
ngx_add_timer(c->write, cscf->timeout);
if (ngx_handle_write_event(c->write, 0) != NGX_OK) {
ngx_mail_close_connection(c);
return;
}
}
ngx_int_t
ngx_mail_read_command(ngx_mail_session_t *s, ngx_connection_t *c)
{
ssize_t n;
ngx_int_t rc;
ngx_str_t l;
ngx_mail_core_srv_conf_t *cscf;
n = c->recv(c, s->buffer->last, s->buffer->end - s->buffer->last);
if (n == NGX_ERROR || n == 0) {
ngx_mail_close_connection(c);
return NGX_ERROR;
}
if (n > 0) {
s->buffer->last += n;
}
if (n == NGX_AGAIN) {
if (ngx_handle_read_event(c->read, 0) != NGX_OK) {
ngx_mail_session_internal_server_error(s);
return NGX_ERROR;
}
if (s->buffer->pos == s->buffer->last) {
return NGX_AGAIN;
}
}
cscf = ngx_mail_get_module_srv_conf(s, ngx_mail_core_module);
rc = cscf->protocol->parse_command(s);
if (rc == NGX_AGAIN) {
if (s->buffer->last < s->buffer->end) {
return rc;
}
l.len = s->buffer->last - s->buffer->start;
l.data = s->buffer->start;
ngx_log_error(NGX_LOG_INFO, c->log, 0,
"client sent too long command \"%V\"", &l);
s->quit = 1;
return NGX_MAIL_PARSE_INVALID_COMMAND;
}
if (rc == NGX_IMAP_NEXT || rc == NGX_MAIL_PARSE_INVALID_COMMAND) {
return rc;
}
if (rc == NGX_ERROR) {
ngx_mail_close_connection(c);
return NGX_ERROR;
}
return NGX_OK;
}
void
ngx_mail_auth(ngx_mail_session_t *s, ngx_connection_t *c)
{
s->args.nelts = 0;
if (s->buffer->pos == s->buffer->last) {
s->buffer->pos = s->buffer->start;
s->buffer->last = s->buffer->start;
}
s->state = 0;
if (c->read->timer_set) {
ngx_del_timer(c->read);
}
s->login_attempt++;
ngx_mail_auth_http_init(s);
}
void
ngx_mail_session_internal_server_error(ngx_mail_session_t *s)
{
ngx_mail_core_srv_conf_t *cscf;
cscf = ngx_mail_get_module_srv_conf(s, ngx_mail_core_module);
s->out = cscf->protocol->internal_server_error;
s->quit = 1;
ngx_mail_send(s->connection->write);
}
void
ngx_mail_close_connection(ngx_connection_t *c)
{
ngx_pool_t *pool;
ngx_log_debug1(NGX_LOG_DEBUG_MAIL, c->log, 0,
"close mail connection: %d", c->fd);
#if (NGX_MAIL_SSL)
if (c->ssl) {
if (ngx_ssl_shutdown(c) == NGX_AGAIN) {
c->ssl->handler = ngx_mail_close_connection;
return;
}
}
#endif
#if (NGX_STAT_STUB)
(void) ngx_atomic_fetch_add(ngx_stat_active, -1);
#endif
c->destroyed = 1;
pool = c->pool;
ngx_close_connection(c);
ngx_destroy_pool(pool);
}
u_char *
ngx_mail_log_error(ngx_log_t *log, u_char *buf, size_t len)
{
u_char *p;
ngx_mail_session_t *s;
ngx_mail_log_ctx_t *ctx;
if (log->action) {
p = ngx_snprintf(buf, len, " while %s", log->action);
len -= p - buf;
buf = p;
}
ctx = log->data;
p = ngx_snprintf(buf, len, ", client: %V", ctx->client);
len -= p - buf;
buf = p;
s = ctx->session;
if (s == NULL) {
return p;
}
p = ngx_snprintf(buf, len, "%s, server: %V",
s->starttls ? " using starttls" : "",
s->addr_text);
len -= p - buf;
buf = p;
if (s->login.len == 0) {
return p;
}
p = ngx_snprintf(buf, len, ", login: \"%V\"", &s->login);
len -= p - buf;
buf = p;
if (s->proxy == NULL) {
return p;
}
p = ngx_snprintf(buf, len, ", upstream: %V", s->proxy->upstream.name);
return p;
}
hm_nginx/src/mail/ngx_mail_imap_handler.c
+457
View File
@@ -0,0 +1,457 @@
/*
* Copyright (C) Igor Sysoev
* Copyright (C) Nginx, Inc.
*/
#include <ngx_config.h>
#include <ngx_core.h>
#include <ngx_event.h>
#include <ngx_mail.h>
#include <ngx_mail_imap_module.h>
static ngx_int_t ngx_mail_imap_login(ngx_mail_session_t *s,
ngx_connection_t *c);
static ngx_int_t ngx_mail_imap_authenticate(ngx_mail_session_t *s,
ngx_connection_t *c);
static ngx_int_t ngx_mail_imap_capability(ngx_mail_session_t *s,
ngx_connection_t *c);
static ngx_int_t ngx_mail_imap_starttls(ngx_mail_session_t *s,
ngx_connection_t *c);
static u_char imap_greeting[] = "* OK IMAP4 ready" CRLF;
static u_char imap_star[] = "* ";
static u_char imap_ok[] = "OK completed" CRLF;
static u_char imap_next[] = "+ OK" CRLF;
static u_char imap_plain_next[] = "+ " CRLF;
static u_char imap_username[] = "+ VXNlcm5hbWU6" CRLF;
static u_char imap_password[] = "+ UGFzc3dvcmQ6" CRLF;
static u_char imap_bye[] = "* BYE" CRLF;
static u_char imap_invalid_command[] = "BAD invalid command" CRLF;
void
ngx_mail_imap_init_session(ngx_mail_session_t *s, ngx_connection_t *c)
{
ngx_mail_core_srv_conf_t *cscf;
cscf = ngx_mail_get_module_srv_conf(s, ngx_mail_core_module);
ngx_str_set(&s->out, imap_greeting);
c->read->handler = ngx_mail_imap_init_protocol;
ngx_add_timer(c->read, cscf->timeout);
if (ngx_handle_read_event(c->read, 0) != NGX_OK) {
ngx_mail_close_connection(c);
}
ngx_mail_send(c->write);
}
void
ngx_mail_imap_init_protocol(ngx_event_t *rev)
{
ngx_connection_t *c;
ngx_mail_session_t *s;
ngx_mail_imap_srv_conf_t *iscf;
c = rev->data;
c->log->action = "in auth state";
if (rev->timedout) {
ngx_log_error(NGX_LOG_INFO, c->log, NGX_ETIMEDOUT, "client timed out");
c->timedout = 1;
ngx_mail_close_connection(c);
return;
}
s = c->data;
if (s->buffer == NULL) {
if (ngx_array_init(&s->args, c->pool, 2, sizeof(ngx_str_t))
== NGX_ERROR)
{
ngx_mail_session_internal_server_error(s);
return;
}
iscf = ngx_mail_get_module_srv_conf(s, ngx_mail_imap_module);
s->buffer = ngx_create_temp_buf(c->pool, iscf->client_buffer_size);
if (s->buffer == NULL) {
ngx_mail_session_internal_server_error(s);
return;
}
}
s->mail_state = ngx_imap_start;
c->read->handler = ngx_mail_imap_auth_state;
ngx_mail_imap_auth_state(rev);
}
void
ngx_mail_imap_auth_state(ngx_event_t *rev)
{
u_char *p, *dst, *src, *end;
ngx_str_t *arg;
ngx_int_t rc;
ngx_uint_t tag, i;
ngx_connection_t *c;
ngx_mail_session_t *s;
c = rev->data;
s = c->data;
ngx_log_debug0(NGX_LOG_DEBUG_MAIL, c->log, 0, "imap auth state");
if (rev->timedout) {
ngx_log_error(NGX_LOG_INFO, c->log, NGX_ETIMEDOUT, "client timed out");
c->timedout = 1;
ngx_mail_close_connection(c);
return;
}
if (s->out.len) {
ngx_log_debug0(NGX_LOG_DEBUG_MAIL, c->log, 0, "imap send handler busy");
s->blocked = 1;
return;
}
s->blocked = 0;
rc = ngx_mail_read_command(s, c);
if (rc == NGX_AGAIN || rc == NGX_ERROR) {
return;
}
tag = 1;
s->text.len = 0;
ngx_str_set(&s->out, imap_ok);
if (rc == NGX_OK) {
ngx_log_debug1(NGX_LOG_DEBUG_MAIL, c->log, 0, "imap auth command: %i",
s->command);
if (s->backslash) {
arg = s->args.elts;
for (i = 0; i < s->args.nelts; i++) {
dst = arg[i].data;
end = dst + arg[i].len;
for (src = dst; src < end; dst++) {
*dst = *src;
if (*src++ == '\\') {
*dst = *src++;
}
}
arg[i].len = dst - arg[i].data;
}
s->backslash = 0;
}
switch (s->mail_state) {
case ngx_imap_start:
switch (s->command) {
case NGX_IMAP_LOGIN:
rc = ngx_mail_imap_login(s, c);
break;
case NGX_IMAP_AUTHENTICATE:
rc = ngx_mail_imap_authenticate(s, c);
tag = (rc != NGX_OK);
break;
case NGX_IMAP_CAPABILITY:
rc = ngx_mail_imap_capability(s, c);
break;
case NGX_IMAP_LOGOUT:
s->quit = 1;
ngx_str_set(&s->text, imap_bye);
break;
case NGX_IMAP_NOOP:
break;
case NGX_IMAP_STARTTLS:
rc = ngx_mail_imap_starttls(s, c);
break;
default:
rc = NGX_MAIL_PARSE_INVALID_COMMAND;
break;
}
break;
case ngx_imap_auth_login_username:
rc = ngx_mail_auth_login_username(s, c, 0);
tag = 0;
ngx_str_set(&s->out, imap_password);
s->mail_state = ngx_imap_auth_login_password;
break;
case ngx_imap_auth_login_password:
rc = ngx_mail_auth_login_password(s, c);
break;
case ngx_imap_auth_plain:
rc = ngx_mail_auth_plain(s, c, 0);
break;
case ngx_imap_auth_cram_md5:
rc = ngx_mail_auth_cram_md5(s, c);
break;
}
} else if (rc == NGX_IMAP_NEXT) {
tag = 0;
ngx_str_set(&s->out, imap_next);
}
switch (rc) {
case NGX_DONE:
ngx_mail_auth(s, c);
return;
case NGX_ERROR:
ngx_mail_session_internal_server_error(s);
return;
case NGX_MAIL_PARSE_INVALID_COMMAND:
s->state = 0;
ngx_str_set(&s->out, imap_invalid_command);
s->mail_state = ngx_imap_start;
break;
}
if (tag) {
if (s->tag.len == 0) {
ngx_str_set(&s->tag, imap_star);
}
if (s->tagged_line.len < s->tag.len + s->text.len + s->out.len) {
s->tagged_line.len = s->tag.len + s->text.len + s->out.len;
s->tagged_line.data = ngx_pnalloc(c->pool, s->tagged_line.len);
if (s->tagged_line.data == NULL) {
ngx_mail_close_connection(c);
return;
}
}
p = s->tagged_line.data;
if (s->text.len) {
p = ngx_cpymem(p, s->text.data, s->text.len);
}
p = ngx_cpymem(p, s->tag.data, s->tag.len);
ngx_memcpy(p, s->out.data, s->out.len);
s->out.len = s->text.len + s->tag.len + s->out.len;
s->out.data = s->tagged_line.data;
}
if (rc != NGX_IMAP_NEXT) {
s->args.nelts = 0;
if (s->state) {
/* preserve tag */
s->arg_start = s->buffer->start + s->tag.len;
s->buffer->pos = s->arg_start;
s->buffer->last = s->arg_start;
} else {
s->buffer->pos = s->buffer->start;
s->buffer->last = s->buffer->start;
s->tag.len = 0;
}
}
ngx_mail_send(c->write);
}
static ngx_int_t
ngx_mail_imap_login(ngx_mail_session_t *s, ngx_connection_t *c)
{
ngx_str_t *arg;
#if (NGX_MAIL_SSL)
if (ngx_mail_starttls_only(s, c)) {
return NGX_MAIL_PARSE_INVALID_COMMAND;
}
#endif
arg = s->args.elts;
if (s->args.nelts != 2 || arg[0].len == 0) {
return NGX_MAIL_PARSE_INVALID_COMMAND;
}
s->login.len = arg[0].len;
s->login.data = ngx_pnalloc(c->pool, s->login.len);
if (s->login.data == NULL) {
return NGX_ERROR;
}
ngx_memcpy(s->login.data, arg[0].data, s->login.len);
s->passwd.len = arg[1].len;
s->passwd.data = ngx_pnalloc(c->pool, s->passwd.len);
if (s->passwd.data == NULL) {
return NGX_ERROR;
}
ngx_memcpy(s->passwd.data, arg[1].data, s->passwd.len);
#if (NGX_DEBUG_MAIL_PASSWD)
ngx_log_debug2(NGX_LOG_DEBUG_MAIL, c->log, 0,
"imap login:\"%V\" passwd:\"%V\"",
&s->login, &s->passwd);
#else
ngx_log_debug1(NGX_LOG_DEBUG_MAIL, c->log, 0,
"imap login:\"%V\"", &s->login);
#endif
return NGX_DONE;
}
static ngx_int_t
ngx_mail_imap_authenticate(ngx_mail_session_t *s, ngx_connection_t *c)
{
ngx_int_t rc;
ngx_mail_core_srv_conf_t *cscf;
ngx_mail_imap_srv_conf_t *iscf;
#if (NGX_MAIL_SSL)
if (ngx_mail_starttls_only(s, c)) {
return NGX_MAIL_PARSE_INVALID_COMMAND;
}
#endif
rc = ngx_mail_auth_parse(s, c);
switch (rc) {
case NGX_MAIL_AUTH_LOGIN:
ngx_str_set(&s->out, imap_username);
s->mail_state = ngx_imap_auth_login_username;
return NGX_OK;
case NGX_MAIL_AUTH_LOGIN_USERNAME:
ngx_str_set(&s->out, imap_password);
s->mail_state = ngx_imap_auth_login_password;
return ngx_mail_auth_login_username(s, c, 1);
case NGX_MAIL_AUTH_PLAIN:
ngx_str_set(&s->out, imap_plain_next);
s->mail_state = ngx_imap_auth_plain;
return NGX_OK;
case NGX_MAIL_AUTH_CRAM_MD5:
iscf = ngx_mail_get_module_srv_conf(s, ngx_mail_imap_module);
if (!(iscf->auth_methods & NGX_MAIL_AUTH_CRAM_MD5_ENABLED)) {
return NGX_MAIL_PARSE_INVALID_COMMAND;
}
if (s->salt.data == NULL) {
cscf = ngx_mail_get_module_srv_conf(s, ngx_mail_core_module);
if (ngx_mail_salt(s, c, cscf) != NGX_OK) {
return NGX_ERROR;
}
}
if (ngx_mail_auth_cram_md5_salt(s, c, "+ ", 2) == NGX_OK) {
s->mail_state = ngx_imap_auth_cram_md5;
return NGX_OK;
}
return NGX_ERROR;
}
return rc;
}
static ngx_int_t
ngx_mail_imap_capability(ngx_mail_session_t *s, ngx_connection_t *c)
{
ngx_mail_imap_srv_conf_t *iscf;
iscf = ngx_mail_get_module_srv_conf(s, ngx_mail_imap_module);
#if (NGX_MAIL_SSL)
if (c->ssl == NULL) {
ngx_mail_ssl_conf_t *sslcf;
sslcf = ngx_mail_get_module_srv_conf(s, ngx_mail_ssl_module);
if (sslcf->starttls == NGX_MAIL_STARTTLS_ON) {
s->text = iscf->starttls_capability;
return NGX_OK;
}
if (sslcf->starttls == NGX_MAIL_STARTTLS_ONLY) {
s->text = iscf->starttls_only_capability;
return NGX_OK;
}
}
#endif
s->text = iscf->capability;
return NGX_OK;
}
static ngx_int_t
ngx_mail_imap_starttls(ngx_mail_session_t *s, ngx_connection_t *c)
{
#if (NGX_MAIL_SSL)
ngx_mail_ssl_conf_t *sslcf;
if (c->ssl == NULL) {
sslcf = ngx_mail_get_module_srv_conf(s, ngx_mail_ssl_module);
if (sslcf->starttls) {
c->read->handler = ngx_mail_starttls_handler;
return NGX_OK;
}
}
#endif
return NGX_MAIL_PARSE_INVALID_COMMAND;
}
hm_nginx/src/mail/ngx_mail_imap_module.c
+255
View File
@@ -0,0 +1,255 @@
/*
* Copyright (C) Igor Sysoev
* Copyright (C) Nginx, Inc.
*/
#include <ngx_config.h>
#include <ngx_core.h>
#include <ngx_event.h>
#include <ngx_mail.h>
#include <ngx_mail_imap_module.h>
static void *ngx_mail_imap_create_srv_conf(ngx_conf_t *cf);
static char *ngx_mail_imap_merge_srv_conf(ngx_conf_t *cf, void *parent,
void *child);
static ngx_str_t ngx_mail_imap_default_capabilities[] = {
ngx_string("IMAP4"),
ngx_string("IMAP4rev1"),
ngx_string("UIDPLUS"),
ngx_null_string
};
static ngx_conf_bitmask_t ngx_mail_imap_auth_methods[] = {
{ ngx_string("plain"), NGX_MAIL_AUTH_PLAIN_ENABLED },
{ ngx_string("login"), NGX_MAIL_AUTH_LOGIN_ENABLED },
{ ngx_string("cram-md5"), NGX_MAIL_AUTH_CRAM_MD5_ENABLED },
{ ngx_null_string, 0 }
};
static ngx_str_t ngx_mail_imap_auth_methods_names[] = {
ngx_string("AUTH=PLAIN"),
ngx_string("AUTH=LOGIN"),
ngx_null_string, /* APOP */
ngx_string("AUTH=CRAM-MD5"),
ngx_null_string /* NONE */
};
static ngx_mail_protocol_t ngx_mail_imap_protocol = {
ngx_string("imap"),
{ 143, 993, 0, 0 },
NGX_MAIL_IMAP_PROTOCOL,
ngx_mail_imap_init_session,
ngx_mail_imap_init_protocol,
ngx_mail_imap_parse_command,
ngx_mail_imap_auth_state,
ngx_string("* BAD internal server error" CRLF),
ngx_string("* BYE SSL certificate error" CRLF),
ngx_string("* BYE No required SSL certificate" CRLF)
};
static ngx_command_t ngx_mail_imap_commands[] = {
{ ngx_string("imap_client_buffer"),
NGX_MAIL_MAIN_CONF|NGX_MAIL_SRV_CONF|NGX_CONF_TAKE1,
ngx_conf_set_size_slot,
NGX_MAIL_SRV_CONF_OFFSET,
offsetof(ngx_mail_imap_srv_conf_t, client_buffer_size),
NULL },
{ ngx_string("imap_capabilities"),
NGX_MAIL_MAIN_CONF|NGX_MAIL_SRV_CONF|NGX_CONF_1MORE,
ngx_mail_capabilities,
NGX_MAIL_SRV_CONF_OFFSET,
offsetof(ngx_mail_imap_srv_conf_t, capabilities),
NULL },
{ ngx_string("imap_auth"),
NGX_MAIL_MAIN_CONF|NGX_MAIL_SRV_CONF|NGX_CONF_1MORE,
ngx_conf_set_bitmask_slot,
NGX_MAIL_SRV_CONF_OFFSET,
offsetof(ngx_mail_imap_srv_conf_t, auth_methods),
&ngx_mail_imap_auth_methods },
ngx_null_command
};
static ngx_mail_module_t ngx_mail_imap_module_ctx = {
&ngx_mail_imap_protocol, /* protocol */
NULL, /* create main configuration */
NULL, /* init main configuration */
ngx_mail_imap_create_srv_conf, /* create server configuration */
ngx_mail_imap_merge_srv_conf /* merge server configuration */
};
ngx_module_t ngx_mail_imap_module = {
NGX_MODULE_V1,
&ngx_mail_imap_module_ctx, /* module context */
ngx_mail_imap_commands, /* module directives */
NGX_MAIL_MODULE, /* module type */
NULL, /* init master */
NULL, /* init module */
NULL, /* init process */
NULL, /* init thread */
NULL, /* exit thread */
NULL, /* exit process */
NULL, /* exit master */
NGX_MODULE_V1_PADDING
};
static void *
ngx_mail_imap_create_srv_conf(ngx_conf_t *cf)
{
ngx_mail_imap_srv_conf_t *iscf;
iscf = ngx_pcalloc(cf->pool, sizeof(ngx_mail_imap_srv_conf_t));
if (iscf == NULL) {
return NULL;
}
iscf->client_buffer_size = NGX_CONF_UNSET_SIZE;
if (ngx_array_init(&iscf->capabilities, cf->pool, 4, sizeof(ngx_str_t))
!= NGX_OK)
{
return NULL;
}
return iscf;
}
static char *
ngx_mail_imap_merge_srv_conf(ngx_conf_t *cf, void *parent, void *child)
{
ngx_mail_imap_srv_conf_t *prev = parent;
ngx_mail_imap_srv_conf_t *conf = child;
u_char *p, *auth;
size_t size;
ngx_str_t *c, *d;
ngx_uint_t i, m;
ngx_conf_merge_size_value(conf->client_buffer_size,
prev->client_buffer_size,
(size_t) ngx_pagesize);
ngx_conf_merge_bitmask_value(conf->auth_methods,
prev->auth_methods,
(NGX_CONF_BITMASK_SET
|NGX_MAIL_AUTH_PLAIN_ENABLED));
if (conf->capabilities.nelts == 0) {
conf->capabilities = prev->capabilities;
}
if (conf->capabilities.nelts == 0) {
for (d = ngx_mail_imap_default_capabilities; d->len; d++) {
c = ngx_array_push(&conf->capabilities);
if (c == NULL) {
return NGX_CONF_ERROR;
}
*c = *d;
}
}
size = sizeof("* CAPABILITY" CRLF) - 1;
c = conf->capabilities.elts;
for (i = 0; i < conf->capabilities.nelts; i++) {
size += 1 + c[i].len;
}
for (m = NGX_MAIL_AUTH_PLAIN_ENABLED, i = 0;
m <= NGX_MAIL_AUTH_CRAM_MD5_ENABLED;
m <<= 1, i++)
{
if (m & conf->auth_methods) {
size += 1 + ngx_mail_imap_auth_methods_names[i].len;
}
}
p = ngx_pnalloc(cf->pool, size);
if (p == NULL) {
return NGX_CONF_ERROR;
}
conf->capability.len = size;
conf->capability.data = p;
p = ngx_cpymem(p, "* CAPABILITY", sizeof("* CAPABILITY") - 1);
for (i = 0; i < conf->capabilities.nelts; i++) {
*p++ = ' ';
p = ngx_cpymem(p, c[i].data, c[i].len);
}
auth = p;
for (m = NGX_MAIL_AUTH_PLAIN_ENABLED, i = 0;
m <= NGX_MAIL_AUTH_CRAM_MD5_ENABLED;
m <<= 1, i++)
{
if (m & conf->auth_methods) {
*p++ = ' ';
p = ngx_cpymem(p, ngx_mail_imap_auth_methods_names[i].data,
ngx_mail_imap_auth_methods_names[i].len);
}
}
*p++ = CR; *p = LF;
size += sizeof(" STARTTLS") - 1;
p = ngx_pnalloc(cf->pool, size);
if (p == NULL) {
return NGX_CONF_ERROR;
}
conf->starttls_capability.len = size;
conf->starttls_capability.data = p;
p = ngx_cpymem(p, conf->capability.data,
conf->capability.len - (sizeof(CRLF) - 1));
p = ngx_cpymem(p, " STARTTLS", sizeof(" STARTTLS") - 1);
*p++ = CR; *p = LF;
size = (auth - conf->capability.data) + sizeof(CRLF) - 1
+ sizeof(" STARTTLS LOGINDISABLED") - 1;
p = ngx_pnalloc(cf->pool, size);
if (p == NULL) {
return NGX_CONF_ERROR;
}
conf->starttls_only_capability.len = size;
conf->starttls_only_capability.data = p;
p = ngx_cpymem(p, conf->capability.data,
auth - conf->capability.data);
p = ngx_cpymem(p, " STARTTLS LOGINDISABLED",
sizeof(" STARTTLS LOGINDISABLED") - 1);
*p++ = CR; *p = LF;
return NGX_CONF_OK;
}
hm_nginx/src/mail/ngx_mail_imap_module.h
+39
View File
@@ -0,0 +1,39 @@
/*
* Copyright (C) Igor Sysoev
* Copyright (C) Nginx, Inc.
*/
#ifndef _NGX_MAIL_IMAP_MODULE_H_INCLUDED_
#define _NGX_MAIL_IMAP_MODULE_H_INCLUDED_
#include <ngx_config.h>
#include <ngx_core.h>
#include <ngx_mail.h>
typedef struct {
size_t client_buffer_size;
ngx_str_t capability;
ngx_str_t starttls_capability;
ngx_str_t starttls_only_capability;
ngx_uint_t auth_methods;
ngx_array_t capabilities;
} ngx_mail_imap_srv_conf_t;
void ngx_mail_imap_init_session(ngx_mail_session_t *s, ngx_connection_t *c);
void ngx_mail_imap_init_protocol(ngx_event_t *rev);
void ngx_mail_imap_auth_state(ngx_event_t *rev);
ngx_int_t ngx_mail_imap_parse_command(ngx_mail_session_t *s);
extern ngx_module_t ngx_mail_imap_module;
#endif /* _NGX_MAIL_IMAP_MODULE_H_INCLUDED_ */
hm_nginx/src/mail/ngx_mail_parse.c
+918
View File
@@ -0,0 +1,918 @@
/*
* Copyright (C) Igor Sysoev
* Copyright (C) Nginx, Inc.
*/
#include <ngx_config.h>
#include <ngx_core.h>
#include <ngx_event.h>
#include <ngx_mail.h>
#include <ngx_mail_pop3_module.h>
#include <ngx_mail_imap_module.h>
#include <ngx_mail_smtp_module.h>
ngx_int_t
ngx_mail_pop3_parse_command(ngx_mail_session_t *s)
{
u_char ch, *p, *c, c0, c1, c2, c3;
ngx_str_t *arg;
enum {
sw_start = 0,
sw_spaces_before_argument,
sw_argument,
sw_almost_done
} state;
state = s->state;
for (p = s->buffer->pos; p < s->buffer->last; p++) {
ch = *p;
switch (state) {
/* POP3 command */
case sw_start:
if (ch == ' ' || ch == CR || ch == LF) {
c = s->buffer->start;
if (p - c == 4) {
c0 = ngx_toupper(c[0]);
c1 = ngx_toupper(c[1]);
c2 = ngx_toupper(c[2]);
c3 = ngx_toupper(c[3]);
if (c0 == 'U' && c1 == 'S' && c2 == 'E' && c3 == 'R')
{
s->command = NGX_POP3_USER;
} else if (c0 == 'P' && c1 == 'A' && c2 == 'S' && c3 == 'S')
{
s->command = NGX_POP3_PASS;
} else if (c0 == 'A' && c1 == 'P' && c2 == 'O' && c3 == 'P')
{
s->command = NGX_POP3_APOP;
} else if (c0 == 'Q' && c1 == 'U' && c2 == 'I' && c3 == 'T')
{
s->command = NGX_POP3_QUIT;
} else if (c0 == 'C' && c1 == 'A' && c2 == 'P' && c3 == 'A')
{
s->command = NGX_POP3_CAPA;
} else if (c0 == 'A' && c1 == 'U' && c2 == 'T' && c3 == 'H')
{
s->command = NGX_POP3_AUTH;
} else if (c0 == 'N' && c1 == 'O' && c2 == 'O' && c3 == 'P')
{
s->command = NGX_POP3_NOOP;
#if (NGX_MAIL_SSL)
} else if (c0 == 'S' && c1 == 'T' && c2 == 'L' && c3 == 'S')
{
s->command = NGX_POP3_STLS;
#endif
} else {
goto invalid;
}
} else {
goto invalid;
}
switch (ch) {
case ' ':
state = sw_spaces_before_argument;
break;
case CR:
state = sw_almost_done;
break;
case LF:
goto done;
}
break;
}
if ((ch < 'A' || ch > 'Z') && (ch < 'a' || ch > 'z')) {
goto invalid;
}
break;
case sw_spaces_before_argument:
switch (ch) {
case ' ':
break;
case CR:
state = sw_almost_done;
s->arg_end = p;
break;
case LF:
s->arg_end = p;
goto done;
default:
if (s->args.nelts <= 2) {
state = sw_argument;
s->arg_start = p;
break;
}
goto invalid;
}
break;
case sw_argument:
switch (ch) {
case ' ':
/*
* the space should be considered as part of the at username
* or password, but not of argument in other commands
*/
if (s->command == NGX_POP3_USER
|| s->command == NGX_POP3_PASS)
{
break;
}
/* fall through */
case CR:
case LF:
arg = ngx_array_push(&s->args);
if (arg == NULL) {
return NGX_ERROR;
}
arg->len = p - s->arg_start;
arg->data = s->arg_start;
s->arg_start = NULL;
switch (ch) {
case ' ':
state = sw_spaces_before_argument;
break;
case CR:
state = sw_almost_done;
break;
case LF:
goto done;
}
break;
default:
break;
}
break;
case sw_almost_done:
switch (ch) {
case LF:
goto done;
default:
goto invalid;
}
}
}
s->buffer->pos = p;
s->state = state;
return NGX_AGAIN;
done:
s->buffer->pos = p + 1;
if (s->arg_start) {
arg = ngx_array_push(&s->args);
if (arg == NULL) {
return NGX_ERROR;
}
arg->len = s->arg_end - s->arg_start;
arg->data = s->arg_start;
s->arg_start = NULL;
}
s->state = (s->command != NGX_POP3_AUTH) ? sw_start : sw_argument;
return NGX_OK;
invalid:
s->state = sw_start;
s->arg_start = NULL;
return NGX_MAIL_PARSE_INVALID_COMMAND;
}
ngx_int_t
ngx_mail_imap_parse_command(ngx_mail_session_t *s)
{
u_char ch, *p, *c;
ngx_str_t *arg;
enum {
sw_start = 0,
sw_spaces_before_command,
sw_command,
sw_spaces_before_argument,
sw_argument,
sw_backslash,
sw_literal,
sw_no_sync_literal_argument,
sw_start_literal_argument,
sw_literal_argument,
sw_end_literal_argument,
sw_almost_done
} state;
state = s->state;
for (p = s->buffer->pos; p < s->buffer->last; p++) {
ch = *p;
switch (state) {
/* IMAP tag */
case sw_start:
switch (ch) {
case ' ':
s->tag.len = p - s->buffer->start + 1;
s->tag.data = s->buffer->start;
state = sw_spaces_before_command;
break;
case CR:
s->state = sw_start;
return NGX_MAIL_PARSE_INVALID_COMMAND;
case LF:
s->state = sw_start;
return NGX_MAIL_PARSE_INVALID_COMMAND;
}
break;
case sw_spaces_before_command:
switch (ch) {
case ' ':
break;
case CR:
s->state = sw_start;
return NGX_MAIL_PARSE_INVALID_COMMAND;
case LF:
s->state = sw_start;
return NGX_MAIL_PARSE_INVALID_COMMAND;
default:
s->cmd_start = p;
state = sw_command;
break;
}
break;
case sw_command:
if (ch == ' ' || ch == CR || ch == LF) {
c = s->cmd_start;
switch (p - c) {
case 4:
if ((c[0] == 'N' || c[0] == 'n')
&& (c[1] == 'O'|| c[1] == 'o')
&& (c[2] == 'O'|| c[2] == 'o')
&& (c[3] == 'P'|| c[3] == 'p'))
{
s->command = NGX_IMAP_NOOP;
} else {
goto invalid;
}
break;
case 5:
if ((c[0] == 'L'|| c[0] == 'l')
&& (c[1] == 'O'|| c[1] == 'o')
&& (c[2] == 'G'|| c[2] == 'g')
&& (c[3] == 'I'|| c[3] == 'i')
&& (c[4] == 'N'|| c[4] == 'n'))
{
s->command = NGX_IMAP_LOGIN;
} else {
goto invalid;
}
break;
case 6:
if ((c[0] == 'L'|| c[0] == 'l')
&& (c[1] == 'O'|| c[1] == 'o')
&& (c[2] == 'G'|| c[2] == 'g')
&& (c[3] == 'O'|| c[3] == 'o')
&& (c[4] == 'U'|| c[4] == 'u')
&& (c[5] == 'T'|| c[5] == 't'))
{
s->command = NGX_IMAP_LOGOUT;
} else {
goto invalid;
}
break;
#if (NGX_MAIL_SSL)
case 8:
if ((c[0] == 'S'|| c[0] == 's')
&& (c[1] == 'T'|| c[1] == 't')
&& (c[2] == 'A'|| c[2] == 'a')
&& (c[3] == 'R'|| c[3] == 'r')
&& (c[4] == 'T'|| c[4] == 't')
&& (c[5] == 'T'|| c[5] == 't')
&& (c[6] == 'L'|| c[6] == 'l')
&& (c[7] == 'S'|| c[7] == 's'))
{
s->command = NGX_IMAP_STARTTLS;
} else {
goto invalid;
}
break;
#endif
case 10:
if ((c[0] == 'C'|| c[0] == 'c')
&& (c[1] == 'A'|| c[1] == 'a')
&& (c[2] == 'P'|| c[2] == 'p')
&& (c[3] == 'A'|| c[3] == 'a')
&& (c[4] == 'B'|| c[4] == 'b')
&& (c[5] == 'I'|| c[5] == 'i')
&& (c[6] == 'L'|| c[6] == 'l')
&& (c[7] == 'I'|| c[7] == 'i')
&& (c[8] == 'T'|| c[8] == 't')
&& (c[9] == 'Y'|| c[9] == 'y'))
{
s->command = NGX_IMAP_CAPABILITY;
} else {
goto invalid;
}
break;
case 12:
if ((c[0] == 'A'|| c[0] == 'a')
&& (c[1] == 'U'|| c[1] == 'u')
&& (c[2] == 'T'|| c[2] == 't')
&& (c[3] == 'H'|| c[3] == 'h')
&& (c[4] == 'E'|| c[4] == 'e')
&& (c[5] == 'N'|| c[5] == 'n')
&& (c[6] == 'T'|| c[6] == 't')
&& (c[7] == 'I'|| c[7] == 'i')
&& (c[8] == 'C'|| c[8] == 'c')
&& (c[9] == 'A'|| c[9] == 'a')
&& (c[10] == 'T'|| c[10] == 't')
&& (c[11] == 'E'|| c[11] == 'e'))
{
s->command = NGX_IMAP_AUTHENTICATE;
} else {
goto invalid;
}
break;
default:
goto invalid;
}
switch (ch) {
case ' ':
state = sw_spaces_before_argument;
break;
case CR:
state = sw_almost_done;
break;
case LF:
goto done;
}
break;
}
if ((ch < 'A' || ch > 'Z') && (ch < 'a' || ch > 'z')) {
goto invalid;
}
break;
case sw_spaces_before_argument:
switch (ch) {
case ' ':
break;
case CR:
state = sw_almost_done;
s->arg_end = p;
break;
case LF:
s->arg_end = p;
goto done;
case '"':
if (s->args.nelts <= 2) {
s->quoted = 1;
s->arg_start = p + 1;
state = sw_argument;
break;
}
goto invalid;
case '{':
if (s->args.nelts <= 2) {
state = sw_literal;
break;
}
goto invalid;
default:
if (s->args.nelts <= 2) {
s->arg_start = p;
state = sw_argument;
break;
}
goto invalid;
}
break;
case sw_argument:
if (ch == ' ' && s->quoted) {
break;
}
switch (ch) {
case '"':
if (!s->quoted) {
break;
}
s->quoted = 0;
/* fall through */
case ' ':
case CR:
case LF:
arg = ngx_array_push(&s->args);
if (arg == NULL) {
return NGX_ERROR;
}
arg->len = p - s->arg_start;
arg->data = s->arg_start;
s->arg_start = NULL;
switch (ch) {
case '"':
case ' ':
state = sw_spaces_before_argument;
break;
case CR:
state = sw_almost_done;
break;
case LF:
goto done;
}
break;
case '\\':
if (s->quoted) {
s->backslash = 1;
state = sw_backslash;
}
break;
}
break;
case sw_backslash:
switch (ch) {
case CR:
case LF:
goto invalid;
default:
state = sw_argument;
}
break;
case sw_literal:
if (ch >= '0' && ch <= '9') {
s->literal_len = s->literal_len * 10 + (ch - '0');
break;
}
if (ch == '}') {
state = sw_start_literal_argument;
break;
}
if (ch == '+') {
state = sw_no_sync_literal_argument;
break;
}
goto invalid;
case sw_no_sync_literal_argument:
if (ch == '}') {
s->no_sync_literal = 1;
state = sw_start_literal_argument;
break;
}
goto invalid;
case sw_start_literal_argument:
switch (ch) {
case CR:
break;
case LF:
s->buffer->pos = p + 1;
s->arg_start = p + 1;
if (s->no_sync_literal == 0) {
s->state = sw_literal_argument;
return NGX_IMAP_NEXT;
}
state = sw_literal_argument;
s->no_sync_literal = 0;
break;
default:
goto invalid;
}
break;
case sw_literal_argument:
if (s->literal_len && --s->literal_len) {
break;
}
arg = ngx_array_push(&s->args);
if (arg == NULL) {
return NGX_ERROR;
}
arg->len = p + 1 - s->arg_start;
arg->data = s->arg_start;
s->arg_start = NULL;
state = sw_end_literal_argument;
break;
case sw_end_literal_argument:
switch (ch) {
case '{':
if (s->args.nelts <= 2) {
state = sw_literal;
break;
}
goto invalid;
case CR:
state = sw_almost_done;
break;
case LF:
goto done;
default:
state = sw_spaces_before_argument;
break;
}
break;
case sw_almost_done:
switch (ch) {
case LF:
goto done;
default:
goto invalid;
}
}
}
s->buffer->pos = p;
s->state = state;
return NGX_AGAIN;
done:
s->buffer->pos = p + 1;
if (s->arg_start) {
arg = ngx_array_push(&s->args);
if (arg == NULL) {
return NGX_ERROR;
}
arg->len = s->arg_end - s->arg_start;
arg->data = s->arg_start;
s->arg_start = NULL;
s->cmd_start = NULL;
s->quoted = 0;
s->no_sync_literal = 0;
s->literal_len = 0;
}
s->state = (s->command != NGX_IMAP_AUTHENTICATE) ? sw_start : sw_argument;
return NGX_OK;
invalid:
s->state = sw_start;
s->quoted = 0;
s->no_sync_literal = 0;
s->literal_len = 0;
return NGX_MAIL_PARSE_INVALID_COMMAND;
}
ngx_int_t
ngx_mail_smtp_parse_command(ngx_mail_session_t *s)
{
u_char ch, *p, *c, c0, c1, c2, c3;
ngx_str_t *arg;
enum {
sw_start = 0,
sw_command,
sw_invalid,
sw_spaces_before_argument,
sw_argument,
sw_almost_done
} state;
state = s->state;
for (p = s->buffer->pos; p < s->buffer->last; p++) {
ch = *p;
switch (state) {
/* SMTP command */
case sw_start:
s->cmd_start = p;
state = sw_command;
/* fall through */
case sw_command:
if (ch == ' ' || ch == CR || ch == LF) {
c = s->cmd_start;
if (p - c == 4) {
c0 = ngx_toupper(c[0]);
c1 = ngx_toupper(c[1]);
c2 = ngx_toupper(c[2]);
c3 = ngx_toupper(c[3]);
if (c0 == 'H' && c1 == 'E' && c2 == 'L' && c3 == 'O')
{
s->command = NGX_SMTP_HELO;
} else if (c0 == 'E' && c1 == 'H' && c2 == 'L' && c3 == 'O')
{
s->command = NGX_SMTP_EHLO;
} else if (c0 == 'Q' && c1 == 'U' && c2 == 'I' && c3 == 'T')
{
s->command = NGX_SMTP_QUIT;
} else if (c0 == 'A' && c1 == 'U' && c2 == 'T' && c3 == 'H')
{
s->command = NGX_SMTP_AUTH;
} else if (c0 == 'N' && c1 == 'O' && c2 == 'O' && c3 == 'P')
{
s->command = NGX_SMTP_NOOP;
} else if (c0 == 'M' && c1 == 'A' && c2 == 'I' && c3 == 'L')
{
s->command = NGX_SMTP_MAIL;
} else if (c0 == 'R' && c1 == 'S' && c2 == 'E' && c3 == 'T')
{
s->command = NGX_SMTP_RSET;
} else if (c0 == 'R' && c1 == 'C' && c2 == 'P' && c3 == 'T')
{
s->command = NGX_SMTP_RCPT;
} else if (c0 == 'V' && c1 == 'R' && c2 == 'F' && c3 == 'Y')
{
s->command = NGX_SMTP_VRFY;
} else if (c0 == 'E' && c1 == 'X' && c2 == 'P' && c3 == 'N')
{
s->command = NGX_SMTP_EXPN;
} else if (c0 == 'H' && c1 == 'E' && c2 == 'L' && c3 == 'P')
{
s->command = NGX_SMTP_HELP;
} else {
goto invalid;
}
#if (NGX_MAIL_SSL)
} else if (p - c == 8) {
if ((c[0] == 'S'|| c[0] == 's')
&& (c[1] == 'T'|| c[1] == 't')
&& (c[2] == 'A'|| c[2] == 'a')
&& (c[3] == 'R'|| c[3] == 'r')
&& (c[4] == 'T'|| c[4] == 't')
&& (c[5] == 'T'|| c[5] == 't')
&& (c[6] == 'L'|| c[6] == 'l')
&& (c[7] == 'S'|| c[7] == 's'))
{
s->command = NGX_SMTP_STARTTLS;
} else {
goto invalid;
}
#endif
} else {
goto invalid;
}
s->cmd.data = s->cmd_start;
s->cmd.len = p - s->cmd_start;
switch (ch) {
case ' ':
state = sw_spaces_before_argument;
break;
case CR:
state = sw_almost_done;
break;
case LF:
goto done;
}
break;
}
if ((ch < 'A' || ch > 'Z') && (ch < 'a' || ch > 'z')) {
goto invalid;
}
break;
case sw_invalid:
goto invalid;
case sw_spaces_before_argument:
switch (ch) {
case ' ':
break;
case CR:
state = sw_almost_done;
s->arg_end = p;
break;
case LF:
s->arg_end = p;
goto done;
default:
if (s->args.nelts <= 10) {
state = sw_argument;
s->arg_start = p;
break;
}
goto invalid;
}
break;
case sw_argument:
switch (ch) {
case ' ':
case CR:
case LF:
arg = ngx_array_push(&s->args);
if (arg == NULL) {
return NGX_ERROR;
}
arg->len = p - s->arg_start;
arg->data = s->arg_start;
s->arg_start = NULL;
switch (ch) {
case ' ':
state = sw_spaces_before_argument;
break;
case CR:
state = sw_almost_done;
break;
case LF:
goto done;
}
break;
default:
break;
}
break;
case sw_almost_done:
switch (ch) {
case LF:
goto done;
default:
goto invalid;
}
}
}
s->buffer->pos = p;
s->state = state;
return NGX_AGAIN;
done:
s->buffer->pos = p + 1;
if (s->arg_start) {
arg = ngx_array_push(&s->args);
if (arg == NULL) {
return NGX_ERROR;
}
arg->len = s->arg_end - s->arg_start;
arg->data = s->arg_start;
s->arg_start = NULL;
}
s->state = (s->command != NGX_SMTP_AUTH) ? sw_start : sw_argument;
return NGX_OK;
invalid:
s->state = sw_invalid;
s->arg_start = NULL;
/* skip invalid command till LF */
for (p = s->buffer->pos; p < s->buffer->last; p++) {
if (*p == LF) {
s->state = sw_start;
p++;
break;
}
}
s->buffer->pos = p;
return NGX_MAIL_PARSE_INVALID_COMMAND;
}
ngx_int_t
ngx_mail_auth_parse(ngx_mail_session_t *s, ngx_connection_t *c)
{
ngx_str_t *arg;
#if (NGX_MAIL_SSL)
if (ngx_mail_starttls_only(s, c)) {
return NGX_MAIL_PARSE_INVALID_COMMAND;
}
#endif
if (s->args.nelts == 0) {
return NGX_MAIL_PARSE_INVALID_COMMAND;
}
arg = s->args.elts;
if (arg[0].len == 5) {
if (ngx_strncasecmp(arg[0].data, (u_char *) "LOGIN", 5) == 0) {
if (s->args.nelts == 1) {
return NGX_MAIL_AUTH_LOGIN;
}
if (s->args.nelts == 2) {
return NGX_MAIL_AUTH_LOGIN_USERNAME;
}
return NGX_MAIL_PARSE_INVALID_COMMAND;
}
if (ngx_strncasecmp(arg[0].data, (u_char *) "PLAIN", 5) == 0) {
if (s->args.nelts == 1) {
return NGX_MAIL_AUTH_PLAIN;
}
if (s->args.nelts == 2) {
return ngx_mail_auth_plain(s, c, 1);
}
}
return NGX_MAIL_PARSE_INVALID_COMMAND;
}
if (arg[0].len == 8) {
if (s->args.nelts != 1) {
return NGX_MAIL_PARSE_INVALID_COMMAND;
}
if (ngx_strncasecmp(arg[0].data, (u_char *) "CRAM-MD5", 8) == 0) {
return NGX_MAIL_AUTH_CRAM_MD5;
}
}
return NGX_MAIL_PARSE_INVALID_COMMAND;
}
hm_nginx/src/mail/ngx_mail_pop3_handler.c
+500
View File
@@ -0,0 +1,500 @@
/*
* Copyright (C) Igor Sysoev
* Copyright (C) Nginx, Inc.
*/
#include <ngx_config.h>
#include <ngx_core.h>
#include <ngx_event.h>
#include <ngx_mail.h>
#include <ngx_mail_pop3_module.h>
static ngx_int_t ngx_mail_pop3_user(ngx_mail_session_t *s, ngx_connection_t *c);
static ngx_int_t ngx_mail_pop3_pass(ngx_mail_session_t *s, ngx_connection_t *c);
static ngx_int_t ngx_mail_pop3_capa(ngx_mail_session_t *s, ngx_connection_t *c,
ngx_int_t stls);
static ngx_int_t ngx_mail_pop3_stls(ngx_mail_session_t *s, ngx_connection_t *c);
static ngx_int_t ngx_mail_pop3_apop(ngx_mail_session_t *s, ngx_connection_t *c);
static ngx_int_t ngx_mail_pop3_auth(ngx_mail_session_t *s, ngx_connection_t *c);
static u_char pop3_greeting[] = "+OK POP3 ready" CRLF;
static u_char pop3_ok[] = "+OK" CRLF;
static u_char pop3_next[] = "+ " CRLF;
static u_char pop3_username[] = "+ VXNlcm5hbWU6" CRLF;
static u_char pop3_password[] = "+ UGFzc3dvcmQ6" CRLF;
static u_char pop3_invalid_command[] = "-ERR invalid command" CRLF;
void
ngx_mail_pop3_init_session(ngx_mail_session_t *s, ngx_connection_t *c)
{
u_char *p;
ngx_mail_core_srv_conf_t *cscf;
ngx_mail_pop3_srv_conf_t *pscf;
pscf = ngx_mail_get_module_srv_conf(s, ngx_mail_pop3_module);
cscf = ngx_mail_get_module_srv_conf(s, ngx_mail_core_module);
if (pscf->auth_methods
& (NGX_MAIL_AUTH_APOP_ENABLED|NGX_MAIL_AUTH_CRAM_MD5_ENABLED))
{
if (ngx_mail_salt(s, c, cscf) != NGX_OK) {
ngx_mail_session_internal_server_error(s);
return;
}
s->out.data = ngx_pnalloc(c->pool, sizeof(pop3_greeting) + s->salt.len);
if (s->out.data == NULL) {
ngx_mail_session_internal_server_error(s);
return;
}
p = ngx_cpymem(s->out.data, pop3_greeting, sizeof(pop3_greeting) - 3);
*p++ = ' ';
p = ngx_cpymem(p, s->salt.data, s->salt.len);
s->out.len = p - s->out.data;
} else {
ngx_str_set(&s->out, pop3_greeting);
}
c->read->handler = ngx_mail_pop3_init_protocol;
ngx_add_timer(c->read, cscf->timeout);
if (ngx_handle_read_event(c->read, 0) != NGX_OK) {
ngx_mail_close_connection(c);
}
ngx_mail_send(c->write);
}
void
ngx_mail_pop3_init_protocol(ngx_event_t *rev)
{
ngx_connection_t *c;
ngx_mail_session_t *s;
c = rev->data;
c->log->action = "in auth state";
if (rev->timedout) {
ngx_log_error(NGX_LOG_INFO, c->log, NGX_ETIMEDOUT, "client timed out");
c->timedout = 1;
ngx_mail_close_connection(c);
return;
}
s = c->data;
if (s->buffer == NULL) {
if (ngx_array_init(&s->args, c->pool, 2, sizeof(ngx_str_t))
== NGX_ERROR)
{
ngx_mail_session_internal_server_error(s);
return;
}
s->buffer = ngx_create_temp_buf(c->pool, 128);
if (s->buffer == NULL) {
ngx_mail_session_internal_server_error(s);
return;
}
}
s->mail_state = ngx_pop3_start;
c->read->handler = ngx_mail_pop3_auth_state;
ngx_mail_pop3_auth_state(rev);
}
void
ngx_mail_pop3_auth_state(ngx_event_t *rev)
{
ngx_int_t rc;
ngx_connection_t *c;
ngx_mail_session_t *s;
c = rev->data;
s = c->data;
ngx_log_debug0(NGX_LOG_DEBUG_MAIL, c->log, 0, "pop3 auth state");
if (rev->timedout) {
ngx_log_error(NGX_LOG_INFO, c->log, NGX_ETIMEDOUT, "client timed out");
c->timedout = 1;
ngx_mail_close_connection(c);
return;
}
if (s->out.len) {
ngx_log_debug0(NGX_LOG_DEBUG_MAIL, c->log, 0, "pop3 send handler busy");
s->blocked = 1;
return;
}
s->blocked = 0;
rc = ngx_mail_read_command(s, c);
if (rc == NGX_AGAIN || rc == NGX_ERROR) {
return;
}
ngx_str_set(&s->out, pop3_ok);
if (rc == NGX_OK) {
switch (s->mail_state) {
case ngx_pop3_start:
switch (s->command) {
case NGX_POP3_USER:
rc = ngx_mail_pop3_user(s, c);
break;
case NGX_POP3_CAPA:
rc = ngx_mail_pop3_capa(s, c, 1);
break;
case NGX_POP3_APOP:
rc = ngx_mail_pop3_apop(s, c);
break;
case NGX_POP3_AUTH:
rc = ngx_mail_pop3_auth(s, c);
break;
case NGX_POP3_QUIT:
s->quit = 1;
break;
case NGX_POP3_NOOP:
break;
case NGX_POP3_STLS:
rc = ngx_mail_pop3_stls(s, c);
break;
default:
rc = NGX_MAIL_PARSE_INVALID_COMMAND;
break;
}
break;
case ngx_pop3_user:
switch (s->command) {
case NGX_POP3_PASS:
rc = ngx_mail_pop3_pass(s, c);
break;
case NGX_POP3_CAPA:
rc = ngx_mail_pop3_capa(s, c, 0);
break;
case NGX_POP3_QUIT:
s->quit = 1;
break;
case NGX_POP3_NOOP:
break;
default:
rc = NGX_MAIL_PARSE_INVALID_COMMAND;
break;
}
break;
/* suppress warnings */
case ngx_pop3_passwd:
break;
case ngx_pop3_auth_login_username:
rc = ngx_mail_auth_login_username(s, c, 0);
ngx_str_set(&s->out, pop3_password);
s->mail_state = ngx_pop3_auth_login_password;
break;
case ngx_pop3_auth_login_password:
rc = ngx_mail_auth_login_password(s, c);
break;
case ngx_pop3_auth_plain:
rc = ngx_mail_auth_plain(s, c, 0);
break;
case ngx_pop3_auth_cram_md5:
rc = ngx_mail_auth_cram_md5(s, c);
break;
}
}
switch (rc) {
case NGX_DONE:
ngx_mail_auth(s, c);
return;
case NGX_ERROR:
ngx_mail_session_internal_server_error(s);
return;
case NGX_MAIL_PARSE_INVALID_COMMAND:
s->mail_state = ngx_pop3_start;
s->state = 0;
ngx_str_set(&s->out, pop3_invalid_command);
/* fall through */
case NGX_OK:
s->args.nelts = 0;
s->buffer->pos = s->buffer->start;
s->buffer->last = s->buffer->start;
if (s->state) {
s->arg_start = s->buffer->start;
}
ngx_mail_send(c->write);
}
}
static ngx_int_t
ngx_mail_pop3_user(ngx_mail_session_t *s, ngx_connection_t *c)
{
ngx_str_t *arg;
#if (NGX_MAIL_SSL)
if (ngx_mail_starttls_only(s, c)) {
return NGX_MAIL_PARSE_INVALID_COMMAND;
}
#endif
if (s->args.nelts != 1) {
return NGX_MAIL_PARSE_INVALID_COMMAND;
}
arg = s->args.elts;
s->login.len = arg[0].len;
s->login.data = ngx_pnalloc(c->pool, s->login.len);
if (s->login.data == NULL) {
return NGX_ERROR;
}
ngx_memcpy(s->login.data, arg[0].data, s->login.len);
ngx_log_debug1(NGX_LOG_DEBUG_MAIL, c->log, 0,
"pop3 login: \"%V\"", &s->login);
s->mail_state = ngx_pop3_user;
return NGX_OK;
}
static ngx_int_t
ngx_mail_pop3_pass(ngx_mail_session_t *s, ngx_connection_t *c)
{
ngx_str_t *arg;
if (s->args.nelts != 1) {
return NGX_MAIL_PARSE_INVALID_COMMAND;
}
arg = s->args.elts;
s->passwd.len = arg[0].len;
s->passwd.data = ngx_pnalloc(c->pool, s->passwd.len);
if (s->passwd.data == NULL) {
return NGX_ERROR;
}
ngx_memcpy(s->passwd.data, arg[0].data, s->passwd.len);
#if (NGX_DEBUG_MAIL_PASSWD)
ngx_log_debug1(NGX_LOG_DEBUG_MAIL, c->log, 0,
"pop3 passwd: \"%V\"", &s->passwd);
#endif
return NGX_DONE;
}
static ngx_int_t
ngx_mail_pop3_capa(ngx_mail_session_t *s, ngx_connection_t *c, ngx_int_t stls)
{
ngx_mail_pop3_srv_conf_t *pscf;
pscf = ngx_mail_get_module_srv_conf(s, ngx_mail_pop3_module);
#if (NGX_MAIL_SSL)
if (stls && c->ssl == NULL) {
ngx_mail_ssl_conf_t *sslcf;
sslcf = ngx_mail_get_module_srv_conf(s, ngx_mail_ssl_module);
if (sslcf->starttls == NGX_MAIL_STARTTLS_ON) {
s->out = pscf->starttls_capability;
return NGX_OK;
}
if (sslcf->starttls == NGX_MAIL_STARTTLS_ONLY) {
s->out = pscf->starttls_only_capability;
return NGX_OK;
}
}
#endif
s->out = pscf->capability;
return NGX_OK;
}
static ngx_int_t
ngx_mail_pop3_stls(ngx_mail_session_t *s, ngx_connection_t *c)
{
#if (NGX_MAIL_SSL)
ngx_mail_ssl_conf_t *sslcf;
if (c->ssl == NULL) {
sslcf = ngx_mail_get_module_srv_conf(s, ngx_mail_ssl_module);
if (sslcf->starttls) {
c->read->handler = ngx_mail_starttls_handler;
return NGX_OK;
}
}
#endif
return NGX_MAIL_PARSE_INVALID_COMMAND;
}
static ngx_int_t
ngx_mail_pop3_apop(ngx_mail_session_t *s, ngx_connection_t *c)
{
ngx_str_t *arg;
ngx_mail_pop3_srv_conf_t *pscf;
#if (NGX_MAIL_SSL)
if (ngx_mail_starttls_only(s, c)) {
return NGX_MAIL_PARSE_INVALID_COMMAND;
}
#endif
if (s->args.nelts != 2) {
return NGX_MAIL_PARSE_INVALID_COMMAND;
}
pscf = ngx_mail_get_module_srv_conf(s, ngx_mail_pop3_module);
if (!(pscf->auth_methods & NGX_MAIL_AUTH_APOP_ENABLED)) {
return NGX_MAIL_PARSE_INVALID_COMMAND;
}
arg = s->args.elts;
s->login.len = arg[0].len;
s->login.data = ngx_pnalloc(c->pool, s->login.len);
if (s->login.data == NULL) {
return NGX_ERROR;
}
ngx_memcpy(s->login.data, arg[0].data, s->login.len);
s->passwd.len = arg[1].len;
s->passwd.data = ngx_pnalloc(c->pool, s->passwd.len);
if (s->passwd.data == NULL) {
return NGX_ERROR;
}
ngx_memcpy(s->passwd.data, arg[1].data, s->passwd.len);
ngx_log_debug2(NGX_LOG_DEBUG_MAIL, c->log, 0,
"pop3 apop: \"%V\" \"%V\"", &s->login, &s->passwd);
s->auth_method = NGX_MAIL_AUTH_APOP;
return NGX_DONE;
}
static ngx_int_t
ngx_mail_pop3_auth(ngx_mail_session_t *s, ngx_connection_t *c)
{
ngx_int_t rc;
ngx_mail_pop3_srv_conf_t *pscf;
#if (NGX_MAIL_SSL)
if (ngx_mail_starttls_only(s, c)) {
return NGX_MAIL_PARSE_INVALID_COMMAND;
}
#endif
pscf = ngx_mail_get_module_srv_conf(s, ngx_mail_pop3_module);
if (s->args.nelts == 0) {
s->out = pscf->auth_capability;
s->state = 0;
return NGX_OK;
}
rc = ngx_mail_auth_parse(s, c);
switch (rc) {
case NGX_MAIL_AUTH_LOGIN:
ngx_str_set(&s->out, pop3_username);
s->mail_state = ngx_pop3_auth_login_username;
return NGX_OK;
case NGX_MAIL_AUTH_LOGIN_USERNAME:
ngx_str_set(&s->out, pop3_password);
s->mail_state = ngx_pop3_auth_login_password;
return ngx_mail_auth_login_username(s, c, 1);
case NGX_MAIL_AUTH_PLAIN:
ngx_str_set(&s->out, pop3_next);
s->mail_state = ngx_pop3_auth_plain;
return NGX_OK;
case NGX_MAIL_AUTH_CRAM_MD5:
if (!(pscf->auth_methods & NGX_MAIL_AUTH_CRAM_MD5_ENABLED)) {
return NGX_MAIL_PARSE_INVALID_COMMAND;
}
if (ngx_mail_auth_cram_md5_salt(s, c, "+ ", 2) == NGX_OK) {
s->mail_state = ngx_pop3_auth_cram_md5;
return NGX_OK;
}
return NGX_ERROR;
}
return rc;
}
hm_nginx/src/mail/ngx_mail_pop3_module.c
+266
View File
@@ -0,0 +1,266 @@
/*
* Copyright (C) Igor Sysoev
* Copyright (C) Nginx, Inc.
*/
#include <ngx_config.h>
#include <ngx_core.h>
#include <ngx_event.h>
#include <ngx_mail.h>
#include <ngx_mail_pop3_module.h>
static void *ngx_mail_pop3_create_srv_conf(ngx_conf_t *cf);
static char *ngx_mail_pop3_merge_srv_conf(ngx_conf_t *cf, void *parent,
void *child);
static ngx_str_t ngx_mail_pop3_default_capabilities[] = {
ngx_string("TOP"),
ngx_string("USER"),
ngx_string("UIDL"),
ngx_null_string
};
static ngx_conf_bitmask_t ngx_mail_pop3_auth_methods[] = {
{ ngx_string("plain"), NGX_MAIL_AUTH_PLAIN_ENABLED },
{ ngx_string("apop"), NGX_MAIL_AUTH_APOP_ENABLED },
{ ngx_string("cram-md5"), NGX_MAIL_AUTH_CRAM_MD5_ENABLED },
{ ngx_null_string, 0 }
};
static ngx_str_t ngx_mail_pop3_auth_plain_capability =
ngx_string("+OK methods supported:" CRLF
"LOGIN" CRLF
"PLAIN" CRLF
"." CRLF);
static ngx_str_t ngx_mail_pop3_auth_cram_md5_capability =
ngx_string("+OK methods supported:" CRLF
"LOGIN" CRLF
"PLAIN" CRLF
"CRAM-MD5" CRLF
"." CRLF);
static ngx_mail_protocol_t ngx_mail_pop3_protocol = {
ngx_string("pop3"),
{ 110, 995, 0, 0 },
NGX_MAIL_POP3_PROTOCOL,
ngx_mail_pop3_init_session,
ngx_mail_pop3_init_protocol,
ngx_mail_pop3_parse_command,
ngx_mail_pop3_auth_state,
ngx_string("-ERR internal server error" CRLF),
ngx_string("-ERR SSL certificate error" CRLF),
ngx_string("-ERR No required SSL certificate" CRLF)
};
static ngx_command_t ngx_mail_pop3_commands[] = {
{ ngx_string("pop3_capabilities"),
NGX_MAIL_MAIN_CONF|NGX_MAIL_SRV_CONF|NGX_CONF_1MORE,
ngx_mail_capabilities,
NGX_MAIL_SRV_CONF_OFFSET,
offsetof(ngx_mail_pop3_srv_conf_t, capabilities),
NULL },
{ ngx_string("pop3_auth"),
NGX_MAIL_MAIN_CONF|NGX_MAIL_SRV_CONF|NGX_CONF_1MORE,
ngx_conf_set_bitmask_slot,
NGX_MAIL_SRV_CONF_OFFSET,
offsetof(ngx_mail_pop3_srv_conf_t, auth_methods),
&ngx_mail_pop3_auth_methods },
ngx_null_command
};
static ngx_mail_module_t ngx_mail_pop3_module_ctx = {
&ngx_mail_pop3_protocol, /* protocol */
NULL, /* create main configuration */
NULL, /* init main configuration */
ngx_mail_pop3_create_srv_conf, /* create server configuration */
ngx_mail_pop3_merge_srv_conf /* merge server configuration */
};
ngx_module_t ngx_mail_pop3_module = {
NGX_MODULE_V1,
&ngx_mail_pop3_module_ctx, /* module context */
ngx_mail_pop3_commands, /* module directives */
NGX_MAIL_MODULE, /* module type */
NULL, /* init master */
NULL, /* init module */
NULL, /* init process */
NULL, /* init thread */
NULL, /* exit thread */
NULL, /* exit process */
NULL, /* exit master */
NGX_MODULE_V1_PADDING
};
static void *
ngx_mail_pop3_create_srv_conf(ngx_conf_t *cf)
{
ngx_mail_pop3_srv_conf_t *pscf;
pscf = ngx_pcalloc(cf->pool, sizeof(ngx_mail_pop3_srv_conf_t));
if (pscf == NULL) {
return NULL;
}
if (ngx_array_init(&pscf->capabilities, cf->pool, 4, sizeof(ngx_str_t))
!= NGX_OK)
{
return NULL;
}
return pscf;
}
static char *
ngx_mail_pop3_merge_srv_conf(ngx_conf_t *cf, void *parent, void *child)
{
ngx_mail_pop3_srv_conf_t *prev = parent;
ngx_mail_pop3_srv_conf_t *conf = child;
u_char *p;
size_t size, stls_only_size;
ngx_str_t *c, *d;
ngx_uint_t i;
ngx_conf_merge_bitmask_value(conf->auth_methods,
prev->auth_methods,
(NGX_CONF_BITMASK_SET
|NGX_MAIL_AUTH_PLAIN_ENABLED));
if (conf->capabilities.nelts == 0) {
conf->capabilities = prev->capabilities;
}
if (conf->capabilities.nelts == 0) {
for (d = ngx_mail_pop3_default_capabilities; d->len; d++) {
c = ngx_array_push(&conf->capabilities);
if (c == NULL) {
return NGX_CONF_ERROR;
}
*c = *d;
}
}
size = sizeof("+OK Capability list follows" CRLF) - 1
+ sizeof("." CRLF) - 1;
stls_only_size = size + sizeof("STLS" CRLF) - 1;
c = conf->capabilities.elts;
for (i = 0; i < conf->capabilities.nelts; i++) {
size += c[i].len + sizeof(CRLF) - 1;
if (ngx_strcasecmp(c[i].data, (u_char *) "USER") == 0) {
continue;
}
stls_only_size += c[i].len + sizeof(CRLF) - 1;
}
if (conf->auth_methods & NGX_MAIL_AUTH_CRAM_MD5_ENABLED) {
size += sizeof("SASL LOGIN PLAIN CRAM-MD5" CRLF) - 1;
} else {
size += sizeof("SASL LOGIN PLAIN" CRLF) - 1;
}
p = ngx_pnalloc(cf->pool, size);
if (p == NULL) {
return NGX_CONF_ERROR;
}
conf->capability.len = size;
conf->capability.data = p;
p = ngx_cpymem(p, "+OK Capability list follows" CRLF,
sizeof("+OK Capability list follows" CRLF) - 1);
for (i = 0; i < conf->capabilities.nelts; i++) {
p = ngx_cpymem(p, c[i].data, c[i].len);
*p++ = CR; *p++ = LF;
}
if (conf->auth_methods & NGX_MAIL_AUTH_CRAM_MD5_ENABLED) {
p = ngx_cpymem(p, "SASL LOGIN PLAIN CRAM-MD5" CRLF,
sizeof("SASL LOGIN PLAIN CRAM-MD5" CRLF) - 1);
} else {
p = ngx_cpymem(p, "SASL LOGIN PLAIN" CRLF,
sizeof("SASL LOGIN PLAIN" CRLF) - 1);
}
*p++ = '.'; *p++ = CR; *p = LF;
size += sizeof("STLS" CRLF) - 1;
p = ngx_pnalloc(cf->pool, size);
if (p == NULL) {
return NGX_CONF_ERROR;
}
conf->starttls_capability.len = size;
conf->starttls_capability.data = p;
p = ngx_cpymem(p, conf->capability.data,
conf->capability.len - (sizeof("." CRLF) - 1));
p = ngx_cpymem(p, "STLS" CRLF, sizeof("STLS" CRLF) - 1);
*p++ = '.'; *p++ = CR; *p = LF;
if (conf->auth_methods & NGX_MAIL_AUTH_CRAM_MD5_ENABLED) {
conf->auth_capability = ngx_mail_pop3_auth_cram_md5_capability;
} else {
conf->auth_capability = ngx_mail_pop3_auth_plain_capability;
}
p = ngx_pnalloc(cf->pool, stls_only_size);
if (p == NULL) {
return NGX_CONF_ERROR;
}
conf->starttls_only_capability.len = stls_only_size;
conf->starttls_only_capability.data = p;
p = ngx_cpymem(p, "+OK Capability list follows" CRLF,
sizeof("+OK Capability list follows" CRLF) - 1);
for (i = 0; i < conf->capabilities.nelts; i++) {
if (ngx_strcasecmp(c[i].data, (u_char *) "USER") == 0) {
continue;
}
p = ngx_cpymem(p, c[i].data, c[i].len);
*p++ = CR; *p++ = LF;
}
p = ngx_cpymem(p, "STLS" CRLF, sizeof("STLS" CRLF) - 1);
*p++ = '.'; *p++ = CR; *p = LF;
return NGX_CONF_OK;
}
hm_nginx/src/mail/ngx_mail_pop3_module.h
+38
View File
@@ -0,0 +1,38 @@
/*
* Copyright (C) Igor Sysoev
* Copyright (C) Nginx, Inc.
*/
#ifndef _NGX_MAIL_POP3_MODULE_H_INCLUDED_
#define _NGX_MAIL_POP3_MODULE_H_INCLUDED_
#include <ngx_config.h>
#include <ngx_core.h>
#include <ngx_mail.h>
typedef struct {
ngx_str_t capability;
ngx_str_t starttls_capability;
ngx_str_t starttls_only_capability;
ngx_str_t auth_capability;
ngx_uint_t auth_methods;
ngx_array_t capabilities;
} ngx_mail_pop3_srv_conf_t;
void ngx_mail_pop3_init_session(ngx_mail_session_t *s, ngx_connection_t *c);
void ngx_mail_pop3_init_protocol(ngx_event_t *rev);
void ngx_mail_pop3_auth_state(ngx_event_t *rev);
ngx_int_t ngx_mail_pop3_parse_command(ngx_mail_session_t *s);
extern ngx_module_t ngx_mail_pop3_module;
#endif /* _NGX_MAIL_POP3_MODULE_H_INCLUDED_ */
hm_nginx/src/mail/ngx_mail_proxy_module.c
+1136
View File
File diff suppressed because it is too large Load Diff
hm_nginx/src/mail/ngx_mail_smtp_handler.c
+857
View File
@@ -0,0 +1,857 @@
/*
* Copyright (C) Igor Sysoev
* Copyright (C) Nginx, Inc.
*/
#include <ngx_config.h>
#include <ngx_core.h>
#include <ngx_event.h>
#include <ngx_mail.h>
#include <ngx_mail_smtp_module.h>
static void ngx_mail_smtp_resolve_addr_handler(ngx_resolver_ctx_t *ctx);
static void ngx_mail_smtp_resolve_name(ngx_event_t *rev);
static void ngx_mail_smtp_resolve_name_handler(ngx_resolver_ctx_t *ctx);
static void ngx_mail_smtp_greeting(ngx_mail_session_t *s, ngx_connection_t *c);
static void ngx_mail_smtp_invalid_pipelining(ngx_event_t *rev);
static ngx_int_t ngx_mail_smtp_create_buffer(ngx_mail_session_t *s,
ngx_connection_t *c);
static ngx_int_t ngx_mail_smtp_helo(ngx_mail_session_t *s, ngx_connection_t *c);
static ngx_int_t ngx_mail_smtp_auth(ngx_mail_session_t *s, ngx_connection_t *c);
static ngx_int_t ngx_mail_smtp_mail(ngx_mail_session_t *s, ngx_connection_t *c);
static ngx_int_t ngx_mail_smtp_starttls(ngx_mail_session_t *s,
ngx_connection_t *c);
static ngx_int_t ngx_mail_smtp_rset(ngx_mail_session_t *s, ngx_connection_t *c);
static ngx_int_t ngx_mail_smtp_rcpt(ngx_mail_session_t *s, ngx_connection_t *c);
static ngx_int_t ngx_mail_smtp_discard_command(ngx_mail_session_t *s,
ngx_connection_t *c, char *err);
static void ngx_mail_smtp_log_rejected_command(ngx_mail_session_t *s,
ngx_connection_t *c, char *err);
static u_char smtp_ok[] = "250 2.0.0 OK" CRLF;
static u_char smtp_bye[] = "221 2.0.0 Bye" CRLF;
static u_char smtp_starttls[] = "220 2.0.0 Start TLS" CRLF;
static u_char smtp_next[] = "334 " CRLF;
static u_char smtp_username[] = "334 VXNlcm5hbWU6" CRLF;
static u_char smtp_password[] = "334 UGFzc3dvcmQ6" CRLF;
static u_char smtp_invalid_command[] = "500 5.5.1 Invalid command" CRLF;
static u_char smtp_invalid_pipelining[] =
"503 5.5.0 Improper use of SMTP command pipelining" CRLF;
static u_char smtp_invalid_argument[] = "501 5.5.4 Invalid argument" CRLF;
static u_char smtp_auth_required[] = "530 5.7.1 Authentication required" CRLF;
static u_char smtp_bad_sequence[] = "503 5.5.1 Bad sequence of commands" CRLF;
static ngx_str_t smtp_unavailable = ngx_string("[UNAVAILABLE]");
static ngx_str_t smtp_tempunavail = ngx_string("[TEMPUNAVAIL]");
void
ngx_mail_smtp_init_session(ngx_mail_session_t *s, ngx_connection_t *c)
{
ngx_resolver_ctx_t *ctx;
ngx_mail_core_srv_conf_t *cscf;
cscf = ngx_mail_get_module_srv_conf(s, ngx_mail_core_module);
if (cscf->resolver == NULL) {
s->host = smtp_unavailable;
ngx_mail_smtp_greeting(s, c);
return;
}
#if (NGX_HAVE_UNIX_DOMAIN)
if (c->sockaddr->sa_family == AF_UNIX) {
s->host = smtp_tempunavail;
ngx_mail_smtp_greeting(s, c);
return;
}
#endif
c->log->action = "in resolving client address";
ctx = ngx_resolve_start(cscf->resolver, NULL);
if (ctx == NULL) {
ngx_mail_close_connection(c);
return;
}
ctx->addr.sockaddr = c->sockaddr;
ctx->addr.socklen = c->socklen;
ctx->handler = ngx_mail_smtp_resolve_addr_handler;
ctx->data = s;
ctx->timeout = cscf->resolver_timeout;
if (ngx_resolve_addr(ctx) != NGX_OK) {
ngx_mail_close_connection(c);
}
}
static void
ngx_mail_smtp_resolve_addr_handler(ngx_resolver_ctx_t *ctx)
{
ngx_connection_t *c;
ngx_mail_session_t *s;
s = ctx->data;
c = s->connection;
if (ctx->state) {
ngx_log_error(NGX_LOG_ERR, c->log, 0,
"%V could not be resolved (%i: %s)",
&c->addr_text, ctx->state,
ngx_resolver_strerror(ctx->state));
if (ctx->state == NGX_RESOLVE_NXDOMAIN) {
s->host = smtp_unavailable;
} else {
s->host = smtp_tempunavail;
}
ngx_resolve_addr_done(ctx);
ngx_mail_smtp_greeting(s, s->connection);
return;
}
c->log->action = "in resolving client hostname";
s->host.data = ngx_pstrdup(c->pool, &ctx->name);
if (s->host.data == NULL) {
ngx_resolve_addr_done(ctx);
ngx_mail_close_connection(c);
return;
}
s->host.len = ctx->name.len;
ngx_resolve_addr_done(ctx);
ngx_log_debug1(NGX_LOG_DEBUG_MAIL, c->log, 0,
"address resolved: %V", &s->host);
c->read->handler = ngx_mail_smtp_resolve_name;
ngx_post_event(c->read, &ngx_posted_events);
}
static void
ngx_mail_smtp_resolve_name(ngx_event_t *rev)
{
ngx_connection_t *c;
ngx_mail_session_t *s;
ngx_resolver_ctx_t *ctx;
ngx_mail_core_srv_conf_t *cscf;
c = rev->data;
s = c->data;
cscf = ngx_mail_get_module_srv_conf(s, ngx_mail_core_module);
ctx = ngx_resolve_start(cscf->resolver, NULL);
if (ctx == NULL) {
ngx_mail_close_connection(c);
return;
}
ctx->name = s->host;
ctx->handler = ngx_mail_smtp_resolve_name_handler;
ctx->data = s;
ctx->timeout = cscf->resolver_timeout;
if (ngx_resolve_name(ctx) != NGX_OK) {
ngx_mail_close_connection(c);
}
}
static void
ngx_mail_smtp_resolve_name_handler(ngx_resolver_ctx_t *ctx)
{
ngx_uint_t i;
ngx_connection_t *c;
ngx_mail_session_t *s;
s = ctx->data;
c = s->connection;
if (ctx->state) {
ngx_log_error(NGX_LOG_ERR, c->log, 0,
"\"%V\" could not be resolved (%i: %s)",
&ctx->name, ctx->state,
ngx_resolver_strerror(ctx->state));
if (ctx->state == NGX_RESOLVE_NXDOMAIN) {
s->host = smtp_unavailable;
} else {
s->host = smtp_tempunavail;
}
} else {
#if (NGX_DEBUG)
{
u_char text[NGX_SOCKADDR_STRLEN];
ngx_str_t addr;
addr.data = text;
for (i = 0; i < ctx->naddrs; i++) {
addr.len = ngx_sock_ntop(ctx->addrs[i].sockaddr,
ctx->addrs[i].socklen,
text, NGX_SOCKADDR_STRLEN, 0);
ngx_log_debug1(NGX_LOG_DEBUG_MAIL, c->log, 0,
"name was resolved to %V", &addr);
}
}
#endif
for (i = 0; i < ctx->naddrs; i++) {
if (ngx_cmp_sockaddr(ctx->addrs[i].sockaddr, ctx->addrs[i].socklen,
c->sockaddr, c->socklen, 0)
== NGX_OK)
{
goto found;
}
}
s->host = smtp_unavailable;
}
found:
ngx_resolve_name_done(ctx);
ngx_mail_smtp_greeting(s, c);
}
static void
ngx_mail_smtp_greeting(ngx_mail_session_t *s, ngx_connection_t *c)
{
ngx_msec_t timeout;
ngx_mail_core_srv_conf_t *cscf;
ngx_mail_smtp_srv_conf_t *sscf;
ngx_log_debug1(NGX_LOG_DEBUG_MAIL, c->log, 0,
"smtp greeting for \"%V\"", &s->host);
cscf = ngx_mail_get_module_srv_conf(s, ngx_mail_core_module);
sscf = ngx_mail_get_module_srv_conf(s, ngx_mail_smtp_module);
timeout = sscf->greeting_delay ? sscf->greeting_delay : cscf->timeout;
ngx_add_timer(c->read, timeout);
if (ngx_handle_read_event(c->read, 0) != NGX_OK) {
ngx_mail_close_connection(c);
}
if (sscf->greeting_delay) {
c->read->handler = ngx_mail_smtp_invalid_pipelining;
return;
}
c->read->handler = ngx_mail_smtp_init_protocol;
s->out = sscf->greeting;
ngx_mail_send(c->write);
}
static void
ngx_mail_smtp_invalid_pipelining(ngx_event_t *rev)
{
ngx_connection_t *c;
ngx_mail_session_t *s;
ngx_mail_core_srv_conf_t *cscf;
ngx_mail_smtp_srv_conf_t *sscf;
c = rev->data;
s = c->data;
c->log->action = "in delay pipelining state";
if (rev->timedout) {
ngx_log_debug0(NGX_LOG_DEBUG_MAIL, c->log, 0, "delay greeting");
rev->timedout = 0;
cscf = ngx_mail_get_module_srv_conf(s, ngx_mail_core_module);
c->read->handler = ngx_mail_smtp_init_protocol;
ngx_add_timer(c->read, cscf->timeout);
if (ngx_handle_read_event(c->read, 0) != NGX_OK) {
ngx_mail_close_connection(c);
return;
}
sscf = ngx_mail_get_module_srv_conf(s, ngx_mail_smtp_module);
s->out = sscf->greeting;
} else {
ngx_log_debug0(NGX_LOG_DEBUG_MAIL, c->log, 0, "invalid pipelining");
if (s->buffer == NULL) {
if (ngx_mail_smtp_create_buffer(s, c) != NGX_OK) {
return;
}
}
if (ngx_mail_smtp_discard_command(s, c,
"client was rejected before greeting: \"%V\"")
!= NGX_OK)
{
return;
}
ngx_str_set(&s->out, smtp_invalid_pipelining);
s->quit = 1;
}
ngx_mail_send(c->write);
}
void
ngx_mail_smtp_init_protocol(ngx_event_t *rev)
{
ngx_connection_t *c;
ngx_mail_session_t *s;
c = rev->data;
c->log->action = "in auth state";
if (rev->timedout) {
ngx_log_error(NGX_LOG_INFO, c->log, NGX_ETIMEDOUT, "client timed out");
c->timedout = 1;
ngx_mail_close_connection(c);
return;
}
s = c->data;
if (s->buffer == NULL) {
if (ngx_mail_smtp_create_buffer(s, c) != NGX_OK) {
return;
}
}
s->mail_state = ngx_smtp_start;
c->read->handler = ngx_mail_smtp_auth_state;
ngx_mail_smtp_auth_state(rev);
}
static ngx_int_t
ngx_mail_smtp_create_buffer(ngx_mail_session_t *s, ngx_connection_t *c)
{
ngx_mail_smtp_srv_conf_t *sscf;
if (ngx_array_init(&s->args, c->pool, 2, sizeof(ngx_str_t)) == NGX_ERROR) {
ngx_mail_session_internal_server_error(s);
return NGX_ERROR;
}
sscf = ngx_mail_get_module_srv_conf(s, ngx_mail_smtp_module);
s->buffer = ngx_create_temp_buf(c->pool, sscf->client_buffer_size);
if (s->buffer == NULL) {
ngx_mail_session_internal_server_error(s);
return NGX_ERROR;
}
return NGX_OK;
}
void
ngx_mail_smtp_auth_state(ngx_event_t *rev)
{
ngx_int_t rc;
ngx_connection_t *c;
ngx_mail_session_t *s;
c = rev->data;
s = c->data;
ngx_log_debug0(NGX_LOG_DEBUG_MAIL, c->log, 0, "smtp auth state");
if (rev->timedout) {
ngx_log_error(NGX_LOG_INFO, c->log, NGX_ETIMEDOUT, "client timed out");
c->timedout = 1;
ngx_mail_close_connection(c);
return;
}
if (s->out.len) {
ngx_log_debug0(NGX_LOG_DEBUG_MAIL, c->log, 0, "smtp send handler busy");
s->blocked = 1;
return;
}
s->blocked = 0;
rc = ngx_mail_read_command(s, c);
if (rc == NGX_AGAIN || rc == NGX_ERROR) {
return;
}
ngx_str_set(&s->out, smtp_ok);
if (rc == NGX_OK) {
switch (s->mail_state) {
case ngx_smtp_start:
switch (s->command) {
case NGX_SMTP_HELO:
case NGX_SMTP_EHLO:
rc = ngx_mail_smtp_helo(s, c);
break;
case NGX_SMTP_AUTH:
rc = ngx_mail_smtp_auth(s, c);
break;
case NGX_SMTP_QUIT:
s->quit = 1;
ngx_str_set(&s->out, smtp_bye);
break;
case NGX_SMTP_MAIL:
rc = ngx_mail_smtp_mail(s, c);
break;
case NGX_SMTP_RCPT:
rc = ngx_mail_smtp_rcpt(s, c);
break;
case NGX_SMTP_RSET:
rc = ngx_mail_smtp_rset(s, c);
break;
case NGX_SMTP_NOOP:
break;
case NGX_SMTP_STARTTLS:
rc = ngx_mail_smtp_starttls(s, c);
ngx_str_set(&s->out, smtp_starttls);
break;
default:
rc = NGX_MAIL_PARSE_INVALID_COMMAND;
break;
}
break;
case ngx_smtp_auth_login_username:
rc = ngx_mail_auth_login_username(s, c, 0);
ngx_str_set(&s->out, smtp_password);
s->mail_state = ngx_smtp_auth_login_password;
break;
case ngx_smtp_auth_login_password:
rc = ngx_mail_auth_login_password(s, c);
break;
case ngx_smtp_auth_plain:
rc = ngx_mail_auth_plain(s, c, 0);
break;
case ngx_smtp_auth_cram_md5:
rc = ngx_mail_auth_cram_md5(s, c);
break;
}
}
if (s->buffer->pos < s->buffer->last) {
s->blocked = 1;
}
switch (rc) {
case NGX_DONE:
ngx_mail_auth(s, c);
return;
case NGX_ERROR:
ngx_mail_session_internal_server_error(s);
return;
case NGX_MAIL_PARSE_INVALID_COMMAND:
s->mail_state = ngx_smtp_start;
s->state = 0;
ngx_str_set(&s->out, smtp_invalid_command);
/* fall through */
case NGX_OK:
s->args.nelts = 0;
if (s->buffer->pos == s->buffer->last) {
s->buffer->pos = s->buffer->start;
s->buffer->last = s->buffer->start;
}
if (s->state) {
s->arg_start = s->buffer->pos;
}
ngx_mail_send(c->write);
}
}
static ngx_int_t
ngx_mail_smtp_helo(ngx_mail_session_t *s, ngx_connection_t *c)
{
ngx_str_t *arg;
ngx_mail_smtp_srv_conf_t *sscf;
if (s->args.nelts != 1) {
ngx_str_set(&s->out, smtp_invalid_argument);
s->state = 0;
return NGX_OK;
}
arg = s->args.elts;
s->smtp_helo.len = arg[0].len;
s->smtp_helo.data = ngx_pnalloc(c->pool, arg[0].len);
if (s->smtp_helo.data == NULL) {
return NGX_ERROR;
}
ngx_memcpy(s->smtp_helo.data, arg[0].data, arg[0].len);
ngx_str_null(&s->smtp_from);
ngx_str_null(&s->smtp_to);
sscf = ngx_mail_get_module_srv_conf(s, ngx_mail_smtp_module);
if (s->command == NGX_SMTP_HELO) {
s->out = sscf->server_name;
} else {
s->esmtp = 1;
#if (NGX_MAIL_SSL)
if (c->ssl == NULL) {
ngx_mail_ssl_conf_t *sslcf;
sslcf = ngx_mail_get_module_srv_conf(s, ngx_mail_ssl_module);
if (sslcf->starttls == NGX_MAIL_STARTTLS_ON) {
s->out = sscf->starttls_capability;
return NGX_OK;
}
if (sslcf->starttls == NGX_MAIL_STARTTLS_ONLY) {
s->out = sscf->starttls_only_capability;
return NGX_OK;
}
}
#endif
s->out = sscf->capability;
}
return NGX_OK;
}
static ngx_int_t
ngx_mail_smtp_auth(ngx_mail_session_t *s, ngx_connection_t *c)
{
ngx_int_t rc;
ngx_mail_core_srv_conf_t *cscf;
ngx_mail_smtp_srv_conf_t *sscf;
#if (NGX_MAIL_SSL)
if (ngx_mail_starttls_only(s, c)) {
return NGX_MAIL_PARSE_INVALID_COMMAND;
}
#endif
if (s->args.nelts == 0) {
ngx_str_set(&s->out, smtp_invalid_argument);
s->state = 0;
return NGX_OK;
}
rc = ngx_mail_auth_parse(s, c);
switch (rc) {
case NGX_MAIL_AUTH_LOGIN:
ngx_str_set(&s->out, smtp_username);
s->mail_state = ngx_smtp_auth_login_username;
return NGX_OK;
case NGX_MAIL_AUTH_LOGIN_USERNAME:
ngx_str_set(&s->out, smtp_password);
s->mail_state = ngx_smtp_auth_login_password;
return ngx_mail_auth_login_username(s, c, 1);
case NGX_MAIL_AUTH_PLAIN:
ngx_str_set(&s->out, smtp_next);
s->mail_state = ngx_smtp_auth_plain;
return NGX_OK;
case NGX_MAIL_AUTH_CRAM_MD5:
sscf = ngx_mail_get_module_srv_conf(s, ngx_mail_smtp_module);
if (!(sscf->auth_methods & NGX_MAIL_AUTH_CRAM_MD5_ENABLED)) {
return NGX_MAIL_PARSE_INVALID_COMMAND;
}
if (s->salt.data == NULL) {
cscf = ngx_mail_get_module_srv_conf(s, ngx_mail_core_module);
if (ngx_mail_salt(s, c, cscf) != NGX_OK) {
return NGX_ERROR;
}
}
if (ngx_mail_auth_cram_md5_salt(s, c, "334 ", 4) == NGX_OK) {
s->mail_state = ngx_smtp_auth_cram_md5;
return NGX_OK;
}
return NGX_ERROR;
}
return rc;
}
static ngx_int_t
ngx_mail_smtp_mail(ngx_mail_session_t *s, ngx_connection_t *c)
{
ngx_str_t *arg, cmd;
ngx_mail_smtp_srv_conf_t *sscf;
sscf = ngx_mail_get_module_srv_conf(s, ngx_mail_smtp_module);
if (!(sscf->auth_methods & NGX_MAIL_AUTH_NONE_ENABLED)) {
ngx_mail_smtp_log_rejected_command(s, c, "client was rejected: \"%V\"");
ngx_str_set(&s->out, smtp_auth_required);
return NGX_OK;
}
/* auth none */
if (s->smtp_from.len) {
ngx_str_set(&s->out, smtp_bad_sequence);
return NGX_OK;
}
if (s->args.nelts == 0) {
ngx_str_set(&s->out, smtp_invalid_argument);
return NGX_OK;
}
arg = s->args.elts;
arg += s->args.nelts - 1;
cmd.len = arg->data + arg->len - s->cmd.data;
cmd.data = s->cmd.data;
s->smtp_from.len = cmd.len;
s->smtp_from.data = ngx_pnalloc(c->pool, cmd.len);
if (s->smtp_from.data == NULL) {
return NGX_ERROR;
}
ngx_memcpy(s->smtp_from.data, cmd.data, cmd.len);
ngx_log_debug1(NGX_LOG_DEBUG_MAIL, c->log, 0,
"smtp mail from:\"%V\"", &s->smtp_from);
ngx_str_set(&s->out, smtp_ok);
return NGX_OK;
}
static ngx_int_t
ngx_mail_smtp_rcpt(ngx_mail_session_t *s, ngx_connection_t *c)
{
ngx_str_t *arg, cmd;
if (s->smtp_from.len == 0) {
ngx_str_set(&s->out, smtp_bad_sequence);
return NGX_OK;
}
if (s->args.nelts == 0) {
ngx_str_set(&s->out, smtp_invalid_argument);
return NGX_OK;
}
arg = s->args.elts;
arg += s->args.nelts - 1;
cmd.len = arg->data + arg->len - s->cmd.data;
cmd.data = s->cmd.data;
s->smtp_to.len = cmd.len;
s->smtp_to.data = ngx_pnalloc(c->pool, cmd.len);
if (s->smtp_to.data == NULL) {
return NGX_ERROR;
}
ngx_memcpy(s->smtp_to.data, cmd.data, cmd.len);
ngx_log_debug1(NGX_LOG_DEBUG_MAIL, c->log, 0,
"smtp rcpt to:\"%V\"", &s->smtp_to);
s->auth_method = NGX_MAIL_AUTH_NONE;
return NGX_DONE;
}
static ngx_int_t
ngx_mail_smtp_rset(ngx_mail_session_t *s, ngx_connection_t *c)
{
ngx_str_null(&s->smtp_from);
ngx_str_null(&s->smtp_to);
ngx_str_set(&s->out, smtp_ok);
return NGX_OK;
}
static ngx_int_t
ngx_mail_smtp_starttls(ngx_mail_session_t *s, ngx_connection_t *c)
{
#if (NGX_MAIL_SSL)
ngx_mail_ssl_conf_t *sslcf;
if (c->ssl == NULL) {
sslcf = ngx_mail_get_module_srv_conf(s, ngx_mail_ssl_module);
if (sslcf->starttls) {
/*
* RFC3207 requires us to discard any knowledge
* obtained from client before STARTTLS.
*/
ngx_str_null(&s->smtp_helo);
ngx_str_null(&s->smtp_from);
ngx_str_null(&s->smtp_to);
s->buffer->pos = s->buffer->start;
s->buffer->last = s->buffer->start;
c->read->handler = ngx_mail_starttls_handler;
return NGX_OK;
}
}
#endif
return NGX_MAIL_PARSE_INVALID_COMMAND;
}
static ngx_int_t
ngx_mail_smtp_discard_command(ngx_mail_session_t *s, ngx_connection_t *c,
char *err)
{
ssize_t n;
n = c->recv(c, s->buffer->last, s->buffer->end - s->buffer->last);
if (n == NGX_ERROR || n == 0) {
ngx_mail_close_connection(c);
return NGX_ERROR;
}
if (n > 0) {
s->buffer->last += n;
}
if (n == NGX_AGAIN) {
if (ngx_handle_read_event(c->read, 0) != NGX_OK) {
ngx_mail_session_internal_server_error(s);
return NGX_ERROR;
}
return NGX_AGAIN;
}
ngx_mail_smtp_log_rejected_command(s, c, err);
s->buffer->pos = s->buffer->start;
s->buffer->last = s->buffer->start;
return NGX_OK;
}
static void
ngx_mail_smtp_log_rejected_command(ngx_mail_session_t *s, ngx_connection_t *c,
char *err)
{
u_char ch;
ngx_str_t cmd;
ngx_uint_t i;
if (c->log->log_level < NGX_LOG_INFO) {
return;
}
cmd.len = s->buffer->last - s->buffer->start;
cmd.data = s->buffer->start;
for (i = 0; i < cmd.len; i++) {
ch = cmd.data[i];
if (ch != CR && ch != LF) {
continue;
}
cmd.data[i] = '_';
}
cmd.len = i;
ngx_log_error(NGX_LOG_INFO, c->log, 0, err, &cmd);
}
hm_nginx/src/mail/ngx_mail_smtp_module.c
+309
View File
@@ -0,0 +1,309 @@
/*
* Copyright (C) Igor Sysoev
* Copyright (C) Nginx, Inc.
*/
#include <ngx_config.h>
#include <ngx_core.h>
#include <ngx_event.h>
#include <ngx_mail.h>
#include <ngx_mail_smtp_module.h>
static void *ngx_mail_smtp_create_srv_conf(ngx_conf_t *cf);
static char *ngx_mail_smtp_merge_srv_conf(ngx_conf_t *cf, void *parent,
void *child);
static ngx_conf_bitmask_t ngx_mail_smtp_auth_methods[] = {
{ ngx_string("plain"), NGX_MAIL_AUTH_PLAIN_ENABLED },
{ ngx_string("login"), NGX_MAIL_AUTH_LOGIN_ENABLED },
{ ngx_string("cram-md5"), NGX_MAIL_AUTH_CRAM_MD5_ENABLED },
{ ngx_string("none"), NGX_MAIL_AUTH_NONE_ENABLED },
{ ngx_null_string, 0 }
};
static ngx_str_t ngx_mail_smtp_auth_methods_names[] = {
ngx_string("PLAIN"),
ngx_string("LOGIN"),
ngx_null_string, /* APOP */
ngx_string("CRAM-MD5"),
ngx_null_string /* NONE */
};
static ngx_mail_protocol_t ngx_mail_smtp_protocol = {
ngx_string("smtp"),
{ 25, 465, 587, 0 },
NGX_MAIL_SMTP_PROTOCOL,
ngx_mail_smtp_init_session,
ngx_mail_smtp_init_protocol,
ngx_mail_smtp_parse_command,
ngx_mail_smtp_auth_state,
ngx_string("451 4.3.2 Internal server error" CRLF),
ngx_string("421 4.7.1 SSL certificate error" CRLF),
ngx_string("421 4.7.1 No required SSL certificate" CRLF)
};
static ngx_command_t ngx_mail_smtp_commands[] = {
{ ngx_string("smtp_client_buffer"),
NGX_MAIL_MAIN_CONF|NGX_MAIL_SRV_CONF|NGX_CONF_TAKE1,
ngx_conf_set_size_slot,
NGX_MAIL_SRV_CONF_OFFSET,
offsetof(ngx_mail_smtp_srv_conf_t, client_buffer_size),
NULL },
{ ngx_string("smtp_greeting_delay"),
NGX_MAIL_MAIN_CONF|NGX_MAIL_SRV_CONF|NGX_CONF_TAKE1,
ngx_conf_set_msec_slot,
NGX_MAIL_SRV_CONF_OFFSET,
offsetof(ngx_mail_smtp_srv_conf_t, greeting_delay),
NULL },
{ ngx_string("smtp_capabilities"),
NGX_MAIL_MAIN_CONF|NGX_MAIL_SRV_CONF|NGX_CONF_1MORE,
ngx_mail_capabilities,
NGX_MAIL_SRV_CONF_OFFSET,
offsetof(ngx_mail_smtp_srv_conf_t, capabilities),
NULL },
{ ngx_string("smtp_auth"),
NGX_MAIL_MAIN_CONF|NGX_MAIL_SRV_CONF|NGX_CONF_1MORE,
ngx_conf_set_bitmask_slot,
NGX_MAIL_SRV_CONF_OFFSET,
offsetof(ngx_mail_smtp_srv_conf_t, auth_methods),
&ngx_mail_smtp_auth_methods },
ngx_null_command
};
static ngx_mail_module_t ngx_mail_smtp_module_ctx = {
&ngx_mail_smtp_protocol, /* protocol */
NULL, /* create main configuration */
NULL, /* init main configuration */
ngx_mail_smtp_create_srv_conf, /* create server configuration */
ngx_mail_smtp_merge_srv_conf /* merge server configuration */
};
ngx_module_t ngx_mail_smtp_module = {
NGX_MODULE_V1,
&ngx_mail_smtp_module_ctx, /* module context */
ngx_mail_smtp_commands, /* module directives */
NGX_MAIL_MODULE, /* module type */
NULL, /* init master */
NULL, /* init module */
NULL, /* init process */
NULL, /* init thread */
NULL, /* exit thread */
NULL, /* exit process */
NULL, /* exit master */
NGX_MODULE_V1_PADDING
};
static void *
ngx_mail_smtp_create_srv_conf(ngx_conf_t *cf)
{
ngx_mail_smtp_srv_conf_t *sscf;
sscf = ngx_pcalloc(cf->pool, sizeof(ngx_mail_smtp_srv_conf_t));
if (sscf == NULL) {
return NULL;
}
sscf->client_buffer_size = NGX_CONF_UNSET_SIZE;
sscf->greeting_delay = NGX_CONF_UNSET_MSEC;
if (ngx_array_init(&sscf->capabilities, cf->pool, 4, sizeof(ngx_str_t))
!= NGX_OK)
{
return NULL;
}
return sscf;
}
static char *
ngx_mail_smtp_merge_srv_conf(ngx_conf_t *cf, void *parent, void *child)
{
ngx_mail_smtp_srv_conf_t *prev = parent;
ngx_mail_smtp_srv_conf_t *conf = child;
u_char *p, *auth, *last;
size_t size;
ngx_str_t *c;
ngx_uint_t i, m, auth_enabled;
ngx_mail_core_srv_conf_t *cscf;
ngx_conf_merge_size_value(conf->client_buffer_size,
prev->client_buffer_size,
(size_t) ngx_pagesize);
ngx_conf_merge_msec_value(conf->greeting_delay,
prev->greeting_delay, 0);
ngx_conf_merge_bitmask_value(conf->auth_methods,
prev->auth_methods,
(NGX_CONF_BITMASK_SET
|NGX_MAIL_AUTH_PLAIN_ENABLED
|NGX_MAIL_AUTH_LOGIN_ENABLED));
cscf = ngx_mail_conf_get_module_srv_conf(cf, ngx_mail_core_module);
size = sizeof("220 ESMTP ready" CRLF) - 1 + cscf->server_name.len;
p = ngx_pnalloc(cf->pool, size);
if (p == NULL) {
return NGX_CONF_ERROR;
}
conf->greeting.len = size;
conf->greeting.data = p;
*p++ = '2'; *p++ = '2'; *p++ = '0'; *p++ = ' ';
p = ngx_cpymem(p, cscf->server_name.data, cscf->server_name.len);
ngx_memcpy(p, " ESMTP ready" CRLF, sizeof(" ESMTP ready" CRLF) - 1);
size = sizeof("250 " CRLF) - 1 + cscf->server_name.len;
p = ngx_pnalloc(cf->pool, size);
if (p == NULL) {
return NGX_CONF_ERROR;
}
conf->server_name.len = size;
conf->server_name.data = p;
*p++ = '2'; *p++ = '5'; *p++ = '0'; *p++ = ' ';
p = ngx_cpymem(p, cscf->server_name.data, cscf->server_name.len);
*p++ = CR; *p = LF;
if (conf->capabilities.nelts == 0) {
conf->capabilities = prev->capabilities;
}
size = sizeof("250-") - 1 + cscf->server_name.len + sizeof(CRLF) - 1;
c = conf->capabilities.elts;
for (i = 0; i < conf->capabilities.nelts; i++) {
size += sizeof("250 ") - 1 + c[i].len + sizeof(CRLF) - 1;
}
auth_enabled = 0;
for (m = NGX_MAIL_AUTH_PLAIN_ENABLED, i = 0;
m <= NGX_MAIL_AUTH_CRAM_MD5_ENABLED;
m <<= 1, i++)
{
if (m & conf->auth_methods) {
size += 1 + ngx_mail_smtp_auth_methods_names[i].len;
auth_enabled = 1;
}
}
if (auth_enabled) {
size += sizeof("250 AUTH") - 1 + sizeof(CRLF) - 1;
}
p = ngx_pnalloc(cf->pool, size);
if (p == NULL) {
return NGX_CONF_ERROR;
}
conf->capability.len = size;
conf->capability.data = p;
last = p;
*p++ = '2'; *p++ = '5'; *p++ = '0'; *p++ = '-';
p = ngx_cpymem(p, cscf->server_name.data, cscf->server_name.len);
*p++ = CR; *p++ = LF;
for (i = 0; i < conf->capabilities.nelts; i++) {
last = p;
*p++ = '2'; *p++ = '5'; *p++ = '0'; *p++ = '-';
p = ngx_cpymem(p, c[i].data, c[i].len);
*p++ = CR; *p++ = LF;
}
auth = p;
if (auth_enabled) {
last = p;
*p++ = '2'; *p++ = '5'; *p++ = '0'; *p++ = ' ';
*p++ = 'A'; *p++ = 'U'; *p++ = 'T'; *p++ = 'H';
for (m = NGX_MAIL_AUTH_PLAIN_ENABLED, i = 0;
m <= NGX_MAIL_AUTH_CRAM_MD5_ENABLED;
m <<= 1, i++)
{
if (m & conf->auth_methods) {
*p++ = ' ';
p = ngx_cpymem(p, ngx_mail_smtp_auth_methods_names[i].data,
ngx_mail_smtp_auth_methods_names[i].len);
}
}
*p++ = CR; *p = LF;
} else {
last[3] = ' ';
}
size += sizeof("250 STARTTLS" CRLF) - 1;
p = ngx_pnalloc(cf->pool, size);
if (p == NULL) {
return NGX_CONF_ERROR;
}
conf->starttls_capability.len = size;
conf->starttls_capability.data = p;
p = ngx_cpymem(p, conf->capability.data, conf->capability.len);
p = ngx_cpymem(p, "250 STARTTLS" CRLF, sizeof("250 STARTTLS" CRLF) - 1);
p = conf->starttls_capability.data
+ (last - conf->capability.data) + 3;
*p = '-';
size = (auth - conf->capability.data)
+ sizeof("250 STARTTLS" CRLF) - 1;
p = ngx_pnalloc(cf->pool, size);
if (p == NULL) {
return NGX_CONF_ERROR;
}
conf->starttls_only_capability.len = size;
conf->starttls_only_capability.data = p;
p = ngx_cpymem(p, conf->capability.data, auth - conf->capability.data);
ngx_memcpy(p, "250 STARTTLS" CRLF, sizeof("250 STARTTLS" CRLF) - 1);
if (last < auth) {
p = conf->starttls_only_capability.data
+ (last - conf->capability.data) + 3;
*p = '-';
}
return NGX_CONF_OK;
}
hm_nginx/src/mail/ngx_mail_smtp_module.h
+45
View File
@@ -0,0 +1,45 @@
/*
* Copyright (C) Igor Sysoev
* Copyright (C) Nginx, Inc.
*/
#ifndef _NGX_MAIL_SMTP_MODULE_H_INCLUDED_
#define _NGX_MAIL_SMTP_MODULE_H_INCLUDED_
#include <ngx_config.h>
#include <ngx_core.h>
#include <ngx_mail.h>
#include <ngx_mail_smtp_module.h>
typedef struct {
ngx_msec_t greeting_delay;
size_t client_buffer_size;
ngx_str_t capability;
ngx_str_t starttls_capability;
ngx_str_t starttls_only_capability;
ngx_str_t server_name;
ngx_str_t greeting;
ngx_uint_t auth_methods;
ngx_array_t capabilities;
} ngx_mail_smtp_srv_conf_t;
void ngx_mail_smtp_init_session(ngx_mail_session_t *s, ngx_connection_t *c);
void ngx_mail_smtp_init_protocol(ngx_event_t *rev);
void ngx_mail_smtp_auth_state(ngx_event_t *rev);
ngx_int_t ngx_mail_smtp_parse_command(ngx_mail_session_t *s);
extern ngx_module_t ngx_mail_smtp_module;
#endif /* _NGX_MAIL_SMTP_MODULE_H_INCLUDED_ */
hm_nginx/src/mail/ngx_mail_ssl_module.c
+657
View File
@@ -0,0 +1,657 @@
/*
* Copyright (C) Igor Sysoev
* Copyright (C) Nginx, Inc.
*/
#include <ngx_config.h>
#include <ngx_core.h>
#include <ngx_mail.h>
#define NGX_DEFAULT_CIPHERS "HIGH:!aNULL:!MD5"
#define NGX_DEFAULT_ECDH_CURVE "prime256v1"
static void *ngx_mail_ssl_create_conf(ngx_conf_t *cf);
static char *ngx_mail_ssl_merge_conf(ngx_conf_t *cf, void *parent, void *child);
static char *ngx_mail_ssl_enable(ngx_conf_t *cf, ngx_command_t *cmd,
void *conf);
static char *ngx_mail_ssl_starttls(ngx_conf_t *cf, ngx_command_t *cmd,
void *conf);
static char *ngx_mail_ssl_password_file(ngx_conf_t *cf, ngx_command_t *cmd,
void *conf);
static char *ngx_mail_ssl_session_cache(ngx_conf_t *cf, ngx_command_t *cmd,
void *conf);
static ngx_conf_enum_t ngx_mail_starttls_state[] = {
{ ngx_string("off"), NGX_MAIL_STARTTLS_OFF },
{ ngx_string("on"), NGX_MAIL_STARTTLS_ON },
{ ngx_string("only"), NGX_MAIL_STARTTLS_ONLY },
{ ngx_null_string, 0 }
};
static ngx_conf_bitmask_t ngx_mail_ssl_protocols[] = {
{ ngx_string("SSLv2"), NGX_SSL_SSLv2 },
{ ngx_string("SSLv3"), NGX_SSL_SSLv3 },
{ ngx_string("TLSv1"), NGX_SSL_TLSv1 },
{ ngx_string("TLSv1.1"), NGX_SSL_TLSv1_1 },
{ ngx_string("TLSv1.2"), NGX_SSL_TLSv1_2 },
{ ngx_null_string, 0 }
};
static ngx_conf_enum_t ngx_mail_ssl_verify[] = {
{ ngx_string("off"), 0 },
{ ngx_string("on"), 1 },
{ ngx_string("optional"), 2 },
{ ngx_string("optional_no_ca"), 3 },
{ ngx_null_string, 0 }
};
static ngx_command_t ngx_mail_ssl_commands[] = {
{ ngx_string("ssl"),
NGX_MAIL_MAIN_CONF|NGX_MAIL_SRV_CONF|NGX_CONF_FLAG,
ngx_mail_ssl_enable,
NGX_MAIL_SRV_CONF_OFFSET,
offsetof(ngx_mail_ssl_conf_t, enable),
NULL },
{ ngx_string("starttls"),
NGX_MAIL_MAIN_CONF|NGX_MAIL_SRV_CONF|NGX_CONF_TAKE1,
ngx_mail_ssl_starttls,
NGX_MAIL_SRV_CONF_OFFSET,
offsetof(ngx_mail_ssl_conf_t, starttls),
ngx_mail_starttls_state },
{ ngx_string("ssl_certificate"),
NGX_MAIL_MAIN_CONF|NGX_MAIL_SRV_CONF|NGX_CONF_TAKE1,
ngx_conf_set_str_slot,
NGX_MAIL_SRV_CONF_OFFSET,
offsetof(ngx_mail_ssl_conf_t, certificate),
NULL },
{ ngx_string("ssl_certificate_key"),
NGX_MAIL_MAIN_CONF|NGX_MAIL_SRV_CONF|NGX_CONF_TAKE1,
ngx_conf_set_str_slot,
NGX_MAIL_SRV_CONF_OFFSET,
offsetof(ngx_mail_ssl_conf_t, certificate_key),
NULL },
{ ngx_string("ssl_password_file"),
NGX_MAIL_MAIN_CONF|NGX_MAIL_SRV_CONF|NGX_CONF_TAKE1,
ngx_mail_ssl_password_file,
NGX_MAIL_SRV_CONF_OFFSET,
0,
NULL },
{ ngx_string("ssl_dhparam"),
NGX_MAIL_MAIN_CONF|NGX_MAIL_SRV_CONF|NGX_CONF_TAKE1,
ngx_conf_set_str_slot,
NGX_MAIL_SRV_CONF_OFFSET,
offsetof(ngx_mail_ssl_conf_t, dhparam),
NULL },
{ ngx_string("ssl_ecdh_curve"),
NGX_MAIL_MAIN_CONF|NGX_MAIL_SRV_CONF|NGX_CONF_TAKE1,
ngx_conf_set_str_slot,
NGX_MAIL_SRV_CONF_OFFSET,
offsetof(ngx_mail_ssl_conf_t, ecdh_curve),
NULL },
{ ngx_string("ssl_protocols"),
NGX_MAIL_MAIN_CONF|NGX_MAIL_SRV_CONF|NGX_CONF_1MORE,
ngx_conf_set_bitmask_slot,
NGX_MAIL_SRV_CONF_OFFSET,
offsetof(ngx_mail_ssl_conf_t, protocols),
&ngx_mail_ssl_protocols },
{ ngx_string("ssl_ciphers"),
NGX_MAIL_MAIN_CONF|NGX_MAIL_SRV_CONF|NGX_CONF_TAKE1,
ngx_conf_set_str_slot,
NGX_MAIL_SRV_CONF_OFFSET,
offsetof(ngx_mail_ssl_conf_t, ciphers),
NULL },
{ ngx_string("ssl_prefer_server_ciphers"),
NGX_MAIL_MAIN_CONF|NGX_MAIL_SRV_CONF|NGX_CONF_FLAG,
ngx_conf_set_flag_slot,
NGX_MAIL_SRV_CONF_OFFSET,
offsetof(ngx_mail_ssl_conf_t, prefer_server_ciphers),
NULL },
{ ngx_string("ssl_session_cache"),
NGX_MAIL_MAIN_CONF|NGX_MAIL_SRV_CONF|NGX_CONF_TAKE12,
ngx_mail_ssl_session_cache,
NGX_MAIL_SRV_CONF_OFFSET,
0,
NULL },
{ ngx_string("ssl_session_tickets"),
NGX_MAIL_MAIN_CONF|NGX_MAIL_SRV_CONF|NGX_CONF_FLAG,
ngx_conf_set_flag_slot,
NGX_MAIL_SRV_CONF_OFFSET,
offsetof(ngx_mail_ssl_conf_t, session_tickets),
NULL },
{ ngx_string("ssl_session_ticket_key"),
NGX_MAIL_MAIN_CONF|NGX_MAIL_SRV_CONF|NGX_CONF_TAKE1,
ngx_conf_set_str_array_slot,
NGX_MAIL_SRV_CONF_OFFSET,
offsetof(ngx_mail_ssl_conf_t, session_ticket_keys),
NULL },
{ ngx_string("ssl_session_timeout"),
NGX_MAIL_MAIN_CONF|NGX_MAIL_SRV_CONF|NGX_CONF_TAKE1,
ngx_conf_set_sec_slot,
NGX_MAIL_SRV_CONF_OFFSET,
offsetof(ngx_mail_ssl_conf_t, session_timeout),
NULL },
{ ngx_string("ssl_verify_client"),
NGX_MAIL_MAIN_CONF|NGX_MAIL_SRV_CONF|NGX_CONF_TAKE1,
ngx_conf_set_enum_slot,
NGX_MAIL_SRV_CONF_OFFSET,
offsetof(ngx_mail_ssl_conf_t, verify),
&ngx_mail_ssl_verify },
{ ngx_string("ssl_verify_depth"),
NGX_MAIL_MAIN_CONF|NGX_MAIL_SRV_CONF|NGX_CONF_TAKE1,
ngx_conf_set_num_slot,
NGX_MAIL_SRV_CONF_OFFSET,
offsetof(ngx_mail_ssl_conf_t, verify_depth),
NULL },
{ ngx_string("ssl_client_certificate"),
NGX_MAIL_MAIN_CONF|NGX_MAIL_SRV_CONF|NGX_CONF_TAKE1,
ngx_conf_set_str_slot,
NGX_MAIL_SRV_CONF_OFFSET,
offsetof(ngx_mail_ssl_conf_t, client_certificate),
NULL },
{ ngx_string("ssl_trusted_certificate"),
NGX_MAIL_MAIN_CONF|NGX_MAIL_SRV_CONF|NGX_CONF_TAKE1,
ngx_conf_set_str_slot,
NGX_MAIL_SRV_CONF_OFFSET,
offsetof(ngx_mail_ssl_conf_t, trusted_certificate),
NULL },
{ ngx_string("ssl_crl"),
NGX_MAIL_MAIN_CONF|NGX_MAIL_SRV_CONF|NGX_CONF_TAKE1,
ngx_conf_set_str_slot,
NGX_MAIL_SRV_CONF_OFFSET,
offsetof(ngx_mail_ssl_conf_t, crl),
NULL },
ngx_null_command
};
static ngx_mail_module_t ngx_mail_ssl_module_ctx = {
NULL, /* protocol */
NULL, /* create main configuration */
NULL, /* init main configuration */
ngx_mail_ssl_create_conf, /* create server configuration */
ngx_mail_ssl_merge_conf /* merge server configuration */
};
ngx_module_t ngx_mail_ssl_module = {
NGX_MODULE_V1,
&ngx_mail_ssl_module_ctx, /* module context */
ngx_mail_ssl_commands, /* module directives */
NGX_MAIL_MODULE, /* module type */
NULL, /* init master */
NULL, /* init module */
NULL, /* init process */
NULL, /* init thread */
NULL, /* exit thread */
NULL, /* exit process */
NULL, /* exit master */
NGX_MODULE_V1_PADDING
};
static ngx_str_t ngx_mail_ssl_sess_id_ctx = ngx_string("MAIL");
static void *
ngx_mail_ssl_create_conf(ngx_conf_t *cf)
{
ngx_mail_ssl_conf_t *scf;
scf = ngx_pcalloc(cf->pool, sizeof(ngx_mail_ssl_conf_t));
if (scf == NULL) {
return NULL;
}
/*
* set by ngx_pcalloc():
*
* scf->protocols = 0;
* scf->certificate = { 0, NULL };
* scf->certificate_key = { 0, NULL };
* scf->dhparam = { 0, NULL };
* scf->ecdh_curve = { 0, NULL };
* scf->client_certificate = { 0, NULL };
* scf->trusted_certificate = { 0, NULL };
* scf->crl = { 0, NULL };
* scf->ciphers = { 0, NULL };
* scf->shm_zone = NULL;
*/
scf->enable = NGX_CONF_UNSET;
scf->starttls = NGX_CONF_UNSET_UINT;
scf->passwords = NGX_CONF_UNSET_PTR;
scf->prefer_server_ciphers = NGX_CONF_UNSET;
scf->verify = NGX_CONF_UNSET_UINT;
scf->verify_depth = NGX_CONF_UNSET_UINT;
scf->builtin_session_cache = NGX_CONF_UNSET;
scf->session_timeout = NGX_CONF_UNSET;
scf->session_tickets = NGX_CONF_UNSET;
scf->session_ticket_keys = NGX_CONF_UNSET_PTR;
return scf;
}
static char *
ngx_mail_ssl_merge_conf(ngx_conf_t *cf, void *parent, void *child)
{
ngx_mail_ssl_conf_t *prev = parent;
ngx_mail_ssl_conf_t *conf = child;
char *mode;
ngx_pool_cleanup_t *cln;
ngx_conf_merge_value(conf->enable, prev->enable, 0);
ngx_conf_merge_uint_value(conf->starttls, prev->starttls,
NGX_MAIL_STARTTLS_OFF);
ngx_conf_merge_value(conf->session_timeout,
prev->session_timeout, 300);
ngx_conf_merge_value(conf->prefer_server_ciphers,
prev->prefer_server_ciphers, 0);
ngx_conf_merge_bitmask_value(conf->protocols, prev->protocols,
(NGX_CONF_BITMASK_SET|NGX_SSL_SSLv3|NGX_SSL_TLSv1
|NGX_SSL_TLSv1_1|NGX_SSL_TLSv1_2));
ngx_conf_merge_uint_value(conf->verify, prev->verify, 0);
ngx_conf_merge_uint_value(conf->verify_depth, prev->verify_depth, 1);
ngx_conf_merge_str_value(conf->certificate, prev->certificate, "");
ngx_conf_merge_str_value(conf->certificate_key, prev->certificate_key, "");
ngx_conf_merge_ptr_value(conf->passwords, prev->passwords, NULL);
ngx_conf_merge_str_value(conf->dhparam, prev->dhparam, "");
ngx_conf_merge_str_value(conf->ecdh_curve, prev->ecdh_curve,
NGX_DEFAULT_ECDH_CURVE);
ngx_conf_merge_str_value(conf->client_certificate,
prev->client_certificate, "");
ngx_conf_merge_str_value(conf->trusted_certificate,
prev->trusted_certificate, "");
ngx_conf_merge_str_value(conf->crl, prev->crl, "");
ngx_conf_merge_str_value(conf->ciphers, prev->ciphers, NGX_DEFAULT_CIPHERS);
conf->ssl.log = cf->log;
if (conf->enable) {
mode = "ssl";
} else if (conf->starttls != NGX_MAIL_STARTTLS_OFF) {
mode = "starttls";
} else {
mode = "";
}
if (conf->file == NULL) {
conf->file = prev->file;
conf->line = prev->line;
}
if (*mode) {
if (conf->certificate.len == 0) {
ngx_log_error(NGX_LOG_EMERG, cf->log, 0,
"no \"ssl_certificate\" is defined for "
"the \"%s\" directive in %s:%ui",
mode, conf->file, conf->line);
return NGX_CONF_ERROR;
}
if (conf->certificate_key.len == 0) {
ngx_log_error(NGX_LOG_EMERG, cf->log, 0,
"no \"ssl_certificate_key\" is defined for "
"the \"%s\" directive in %s:%ui",
mode, conf->file, conf->line);
return NGX_CONF_ERROR;
}
} else {
if (conf->certificate.len == 0) {
return NGX_CONF_OK;
}
if (conf->certificate_key.len == 0) {
ngx_log_error(NGX_LOG_EMERG, cf->log, 0,
"no \"ssl_certificate_key\" is defined "
"for certificate \"%V\"",
&conf->certificate);
return NGX_CONF_ERROR;
}
}
if (ngx_ssl_create(&conf->ssl, conf->protocols, NULL) != NGX_OK) {
return NGX_CONF_ERROR;
}
cln = ngx_pool_cleanup_add(cf->pool, 0);
if (cln == NULL) {
return NGX_CONF_ERROR;
}
cln->handler = ngx_ssl_cleanup_ctx;
cln->data = &conf->ssl;
if (ngx_ssl_certificate(cf, &conf->ssl, &conf->certificate,
&conf->certificate_key, conf->passwords)
!= NGX_OK)
{
return NGX_CONF_ERROR;
}
if (conf->verify) {
if (conf->client_certificate.len == 0 && conf->verify != 3) {
ngx_log_error(NGX_LOG_EMERG, cf->log, 0,
"no ssl_client_certificate for ssl_client_verify");
return NGX_CONF_ERROR;
}
if (ngx_ssl_client_certificate(cf, &conf->ssl,
&conf->client_certificate,
conf->verify_depth)
!= NGX_OK)
{
return NGX_CONF_ERROR;
}
if (ngx_ssl_trusted_certificate(cf, &conf->ssl,
&conf->trusted_certificate,
conf->verify_depth)
!= NGX_OK)
{
return NGX_CONF_ERROR;
}
if (ngx_ssl_crl(cf, &conf->ssl, &conf->crl) != NGX_OK) {
return NGX_CONF_ERROR;
}
}
if (SSL_CTX_set_cipher_list(conf->ssl.ctx,
(const char *) conf->ciphers.data)
== 0)
{
ngx_ssl_error(NGX_LOG_EMERG, cf->log, 0,
"SSL_CTX_set_cipher_list(\"%V\") failed",
&conf->ciphers);
return NGX_CONF_ERROR;
}
if (conf->prefer_server_ciphers) {
SSL_CTX_set_options(conf->ssl.ctx, SSL_OP_CIPHER_SERVER_PREFERENCE);
}
#ifndef LIBRESSL_VERSION_NUMBER
SSL_CTX_set_tmp_rsa_callback(conf->ssl.ctx, ngx_ssl_rsa512_key_callback);
#endif
if (ngx_ssl_dhparam(cf, &conf->ssl, &conf->dhparam) != NGX_OK) {
return NGX_CONF_ERROR;
}
if (ngx_ssl_ecdh_curve(cf, &conf->ssl, &conf->ecdh_curve) != NGX_OK) {
return NGX_CONF_ERROR;
}
ngx_conf_merge_value(conf->builtin_session_cache,
prev->builtin_session_cache, NGX_SSL_NONE_SCACHE);
if (conf->shm_zone == NULL) {
conf->shm_zone = prev->shm_zone;
}
if (ngx_ssl_session_cache(&conf->ssl, &ngx_mail_ssl_sess_id_ctx,
conf->builtin_session_cache,
conf->shm_zone, conf->session_timeout)
!= NGX_OK)
{
return NGX_CONF_ERROR;
}
ngx_conf_merge_value(conf->session_tickets,
prev->session_tickets, 1);
#ifdef SSL_OP_NO_TICKET
if (!conf->session_tickets) {
SSL_CTX_set_options(conf->ssl.ctx, SSL_OP_NO_TICKET);
}
#endif
ngx_conf_merge_ptr_value(conf->session_ticket_keys,
prev->session_ticket_keys, NULL);
if (ngx_ssl_session_ticket_keys(cf, &conf->ssl, conf->session_ticket_keys)
!= NGX_OK)
{
return NGX_CONF_ERROR;
}
return NGX_CONF_OK;
}
static char *
ngx_mail_ssl_enable(ngx_conf_t *cf, ngx_command_t *cmd, void *conf)
{
ngx_mail_ssl_conf_t *scf = conf;
char *rv;
rv = ngx_conf_set_flag_slot(cf, cmd, conf);
if (rv != NGX_CONF_OK) {
return rv;
}
if (scf->enable && (ngx_int_t) scf->starttls > NGX_MAIL_STARTTLS_OFF) {
ngx_conf_log_error(NGX_LOG_WARN, cf, 0,
"\"starttls\" directive conflicts with \"ssl on\"");
return NGX_CONF_ERROR;
}
scf->file = cf->conf_file->file.name.data;
scf->line = cf->conf_file->line;
return NGX_CONF_OK;
}
static char *
ngx_mail_ssl_starttls(ngx_conf_t *cf, ngx_command_t *cmd, void *conf)
{
ngx_mail_ssl_conf_t *scf = conf;
char *rv;
rv = ngx_conf_set_enum_slot(cf, cmd, conf);
if (rv != NGX_CONF_OK) {
return rv;
}
if (scf->enable == 1 && (ngx_int_t) scf->starttls > NGX_MAIL_STARTTLS_OFF) {
ngx_conf_log_error(NGX_LOG_WARN, cf, 0,
"\"ssl\" directive conflicts with \"starttls\"");
return NGX_CONF_ERROR;
}
scf->file = cf->conf_file->file.name.data;
scf->line = cf->conf_file->line;
return NGX_CONF_OK;
}
static char *
ngx_mail_ssl_password_file(ngx_conf_t *cf, ngx_command_t *cmd, void *conf)
{
ngx_mail_ssl_conf_t *scf = conf;
ngx_str_t *value;
if (scf->passwords != NGX_CONF_UNSET_PTR) {
return "is duplicate";
}
value = cf->args->elts;
scf->passwords = ngx_ssl_read_password_file(cf, &value[1]);
if (scf->passwords == NULL) {
return NGX_CONF_ERROR;
}
return NGX_CONF_OK;
}
static char *
ngx_mail_ssl_session_cache(ngx_conf_t *cf, ngx_command_t *cmd, void *conf)
{
ngx_mail_ssl_conf_t *scf = conf;
size_t len;
ngx_str_t *value, name, size;
ngx_int_t n;
ngx_uint_t i, j;
value = cf->args->elts;
for (i = 1; i < cf->args->nelts; i++) {
if (ngx_strcmp(value[i].data, "off") == 0) {
scf->builtin_session_cache = NGX_SSL_NO_SCACHE;
continue;
}
if (ngx_strcmp(value[i].data, "none") == 0) {
scf->builtin_session_cache = NGX_SSL_NONE_SCACHE;
continue;
}
if (ngx_strcmp(value[i].data, "builtin") == 0) {
scf->builtin_session_cache = NGX_SSL_DFLT_BUILTIN_SCACHE;
continue;
}
if (value[i].len > sizeof("builtin:") - 1
&& ngx_strncmp(value[i].data, "builtin:", sizeof("builtin:") - 1)
== 0)
{
n = ngx_atoi(value[i].data + sizeof("builtin:") - 1,
value[i].len - (sizeof("builtin:") - 1));
if (n == NGX_ERROR) {
goto invalid;
}
scf->builtin_session_cache = n;
continue;
}
if (value[i].len > sizeof("shared:") - 1
&& ngx_strncmp(value[i].data, "shared:", sizeof("shared:") - 1)
== 0)
{
len = 0;
for (j = sizeof("shared:") - 1; j < value[i].len; j++) {
if (value[i].data[j] == ':') {
break;
}
len++;
}
if (len == 0) {
goto invalid;
}
name.len = len;
name.data = value[i].data + sizeof("shared:") - 1;
size.len = value[i].len - j - 1;
size.data = name.data + len + 1;
n = ngx_parse_size(&size);
if (n == NGX_ERROR) {
goto invalid;
}
if (n < (ngx_int_t) (8 * ngx_pagesize)) {
ngx_conf_log_error(NGX_LOG_EMERG, cf, 0,
"session cache \"%V\" is too small",
&value[i]);
return NGX_CONF_ERROR;
}
scf->shm_zone = ngx_shared_memory_add(cf, &name, n,
&ngx_mail_ssl_module);
if (scf->shm_zone == NULL) {
return NGX_CONF_ERROR;
}
scf->shm_zone->init = ngx_ssl_session_cache_init;
continue;
}
goto invalid;
}
if (scf->shm_zone && scf->builtin_session_cache == NGX_CONF_UNSET) {
scf->builtin_session_cache = NGX_SSL_NO_BUILTIN_SCACHE;
}
return NGX_CONF_OK;
invalid:
ngx_conf_log_error(NGX_LOG_EMERG, cf, 0,
"invalid session cache \"%V\"", &value[i]);
return NGX_CONF_ERROR;
}
hm_nginx/src/mail/ngx_mail_ssl_module.h
+63
View File
@@ -0,0 +1,63 @@
/*
* Copyright (C) Igor Sysoev
* Copyright (C) Nginx, Inc.
*/
#ifndef _NGX_MAIL_SSL_H_INCLUDED_
#define _NGX_MAIL_SSL_H_INCLUDED_
#include <ngx_config.h>
#include <ngx_core.h>
#include <ngx_mail.h>
#define NGX_MAIL_STARTTLS_OFF 0
#define NGX_MAIL_STARTTLS_ON 1
#define NGX_MAIL_STARTTLS_ONLY 2
typedef struct {
ngx_flag_t enable;
ngx_flag_t prefer_server_ciphers;
ngx_ssl_t ssl;
ngx_uint_t starttls;
ngx_uint_t protocols;
ngx_uint_t verify;
ngx_uint_t verify_depth;
ssize_t builtin_session_cache;
time_t session_timeout;
ngx_str_t certificate;
ngx_str_t certificate_key;
ngx_str_t dhparam;
ngx_str_t ecdh_curve;
ngx_str_t client_certificate;
ngx_str_t trusted_certificate;
ngx_str_t crl;
ngx_str_t ciphers;
ngx_array_t *passwords;
ngx_shm_zone_t *shm_zone;
ngx_flag_t session_tickets;
ngx_array_t *session_ticket_keys;
u_char *file;
ngx_uint_t line;
} ngx_mail_ssl_conf_t;
extern ngx_module_t ngx_mail_ssl_module;
#endif /* _NGX_MAIL_SSL_H_INCLUDED_ */