Mercurial > hg > nginx
annotate src/mail/ngx_mail_auth_http_module.c @ 9274:46ecad404a29
Mail: reset imap tag to empty after authentication attempt.
We need to reset the imap tag to empty after an authentication attempt
completes, otherwise if the next line parsed is incomplete with no tag
(e.g. empty line) then we use the "tag" from the previous buffer which
is now definitely wrong and has been partially overwritten with the most
recently read data (e.g. CRLF).
An example before this patch:
S: * OK IMAP4 ready
C: foobar login a b
S: foobar NO Incorrect username or password.
C:
S:
S: obar BAD invalid command
Then with this patch:
S: * OK IMAP4 ready
C: foobar login a b
S: foobar NO Incorrect username or password.
C:
S: * BAD invalid command
author | Rob Mueller <robm@fastmailteam.com> |
---|---|
date | Wed, 15 May 2024 10:06:00 +0300 |
parents | 13d0c1d26d47 |
children | 4538c1ffb0f8 |
rev | line source |
---|---|
521 | 1 |
2 /* | |
3 * Copyright (C) Igor Sysoev | |
4412 | 4 * Copyright (C) Nginx, Inc. |
521 | 5 */ |
6 | |
7 | |
8 #include <ngx_config.h> | |
9 #include <ngx_core.h> | |
10 #include <ngx_event.h> | |
11 #include <ngx_event_connect.h> | |
1136 | 12 #include <ngx_mail.h> |
521 | 13 |
14 | |
15 typedef struct { | |
3269
f0d596e84634
rename ngx_peer_addr_t to ngx_addr_t
Igor Sysoev <igor@sysoev.ru>
parents:
3267
diff
changeset
|
16 ngx_addr_t *peer; |
521 | 17 |
527 | 18 ngx_msec_t timeout; |
5989
ec01b1d1fff1
Mail: client SSL certificates support.
Maxim Dounin <mdounin@mdounin.ru>
parents:
5988
diff
changeset
|
19 ngx_flag_t pass_client_cert; |
521 | 20 |
527 | 21 ngx_str_t host_header; |
22 ngx_str_t uri; | |
573 | 23 ngx_str_t header; |
24 | |
25 ngx_array_t *headers; | |
1392 | 26 |
27 u_char *file; | |
28 ngx_uint_t line; | |
1136 | 29 } ngx_mail_auth_http_conf_t; |
521 | 30 |
31 | |
1136 | 32 typedef struct ngx_mail_auth_http_ctx_s ngx_mail_auth_http_ctx_t; |
527 | 33 |
1136 | 34 typedef void (*ngx_mail_auth_http_handler_pt)(ngx_mail_session_t *s, |
35 ngx_mail_auth_http_ctx_t *ctx); | |
527 | 36 |
1136 | 37 struct ngx_mail_auth_http_ctx_s { |
527 | 38 ngx_buf_t *request; |
39 ngx_buf_t *response; | |
40 ngx_peer_connection_t peer; | |
41 | |
1136 | 42 ngx_mail_auth_http_handler_pt handler; |
527 | 43 |
44 ngx_uint_t state; | |
45 | |
46 u_char *header_name_start; | |
47 u_char *header_name_end; | |
48 u_char *header_start; | |
49 u_char *header_end; | |
50 | |
51 ngx_str_t addr; | |
52 ngx_str_t port; | |
53 ngx_str_t err; | |
567 | 54 ngx_str_t errmsg; |
1136 | 55 ngx_str_t errcode; |
527 | 56 |
547 | 57 time_t sleep; |
527 | 58 |
547 | 59 ngx_pool_t *pool; |
527 | 60 }; |
521 | 61 |
62 | |
1136 | 63 static void ngx_mail_auth_http_write_handler(ngx_event_t *wev); |
64 static void ngx_mail_auth_http_read_handler(ngx_event_t *rev); | |
65 static void ngx_mail_auth_http_ignore_status_line(ngx_mail_session_t *s, | |
66 ngx_mail_auth_http_ctx_t *ctx); | |
67 static void ngx_mail_auth_http_process_headers(ngx_mail_session_t *s, | |
68 ngx_mail_auth_http_ctx_t *ctx); | |
69 static void ngx_mail_auth_sleep_handler(ngx_event_t *rev); | |
70 static ngx_int_t ngx_mail_auth_http_parse_header_line(ngx_mail_session_t *s, | |
71 ngx_mail_auth_http_ctx_t *ctx); | |
72 static void ngx_mail_auth_http_block_read(ngx_event_t *rev); | |
73 static void ngx_mail_auth_http_dummy_handler(ngx_event_t *ev); | |
74 static ngx_buf_t *ngx_mail_auth_http_create_request(ngx_mail_session_t *s, | |
75 ngx_pool_t *pool, ngx_mail_auth_http_conf_t *ahcf); | |
76 static ngx_int_t ngx_mail_auth_http_escape(ngx_pool_t *pool, ngx_str_t *text, | |
633 | 77 ngx_str_t *escaped); |
521 | 78 |
1136 | 79 static void *ngx_mail_auth_http_create_conf(ngx_conf_t *cf); |
80 static char *ngx_mail_auth_http_merge_conf(ngx_conf_t *cf, void *parent, | |
521 | 81 void *child); |
1136 | 82 static char *ngx_mail_auth_http(ngx_conf_t *cf, ngx_command_t *cmd, void *conf); |
83 static char *ngx_mail_auth_http_header(ngx_conf_t *cf, ngx_command_t *cmd, | |
573 | 84 void *conf); |
521 | 85 |
86 | |
1136 | 87 static ngx_command_t ngx_mail_auth_http_commands[] = { |
521 | 88 |
89 { ngx_string("auth_http"), | |
1136 | 90 NGX_MAIL_MAIN_CONF|NGX_MAIL_SRV_CONF|NGX_CONF_TAKE1, |
91 ngx_mail_auth_http, | |
92 NGX_MAIL_SRV_CONF_OFFSET, | |
521 | 93 0, |
94 NULL }, | |
95 | |
96 { ngx_string("auth_http_timeout"), | |
1136 | 97 NGX_MAIL_MAIN_CONF|NGX_MAIL_SRV_CONF|NGX_CONF_TAKE1, |
521 | 98 ngx_conf_set_msec_slot, |
1136 | 99 NGX_MAIL_SRV_CONF_OFFSET, |
100 offsetof(ngx_mail_auth_http_conf_t, timeout), | |
521 | 101 NULL }, |
102 | |
573 | 103 { ngx_string("auth_http_header"), |
1136 | 104 NGX_MAIL_MAIN_CONF|NGX_MAIL_SRV_CONF|NGX_CONF_TAKE2, |
105 ngx_mail_auth_http_header, | |
106 NGX_MAIL_SRV_CONF_OFFSET, | |
573 | 107 0, |
108 NULL }, | |
109 | |
5989
ec01b1d1fff1
Mail: client SSL certificates support.
Maxim Dounin <mdounin@mdounin.ru>
parents:
5988
diff
changeset
|
110 { ngx_string("auth_http_pass_client_cert"), |
ec01b1d1fff1
Mail: client SSL certificates support.
Maxim Dounin <mdounin@mdounin.ru>
parents:
5988
diff
changeset
|
111 NGX_MAIL_MAIN_CONF|NGX_MAIL_SRV_CONF|NGX_CONF_FLAG, |
ec01b1d1fff1
Mail: client SSL certificates support.
Maxim Dounin <mdounin@mdounin.ru>
parents:
5988
diff
changeset
|
112 ngx_conf_set_flag_slot, |
ec01b1d1fff1
Mail: client SSL certificates support.
Maxim Dounin <mdounin@mdounin.ru>
parents:
5988
diff
changeset
|
113 NGX_MAIL_SRV_CONF_OFFSET, |
ec01b1d1fff1
Mail: client SSL certificates support.
Maxim Dounin <mdounin@mdounin.ru>
parents:
5988
diff
changeset
|
114 offsetof(ngx_mail_auth_http_conf_t, pass_client_cert), |
ec01b1d1fff1
Mail: client SSL certificates support.
Maxim Dounin <mdounin@mdounin.ru>
parents:
5988
diff
changeset
|
115 NULL }, |
ec01b1d1fff1
Mail: client SSL certificates support.
Maxim Dounin <mdounin@mdounin.ru>
parents:
5988
diff
changeset
|
116 |
521 | 117 ngx_null_command |
118 }; | |
119 | |
120 | |
1136 | 121 static ngx_mail_module_t ngx_mail_auth_http_module_ctx = { |
1487
f69493e8faab
ngx_mail_pop3_module, ngx_mail_imap_module, and ngx_mail_smtp_module
Igor Sysoev <igor@sysoev.ru>
parents:
1478
diff
changeset
|
122 NULL, /* protocol */ |
f69493e8faab
ngx_mail_pop3_module, ngx_mail_imap_module, and ngx_mail_smtp_module
Igor Sysoev <igor@sysoev.ru>
parents:
1478
diff
changeset
|
123 |
521 | 124 NULL, /* create main configuration */ |
125 NULL, /* init main configuration */ | |
126 | |
1136 | 127 ngx_mail_auth_http_create_conf, /* create server configuration */ |
128 ngx_mail_auth_http_merge_conf /* merge server configuration */ | |
521 | 129 }; |
130 | |
131 | |
1136 | 132 ngx_module_t ngx_mail_auth_http_module = { |
521 | 133 NGX_MODULE_V1, |
1136 | 134 &ngx_mail_auth_http_module_ctx, /* module context */ |
135 ngx_mail_auth_http_commands, /* module directives */ | |
136 NGX_MAIL_MODULE, /* module type */ | |
541 | 137 NULL, /* init master */ |
521 | 138 NULL, /* init module */ |
541 | 139 NULL, /* init process */ |
140 NULL, /* init thread */ | |
141 NULL, /* exit thread */ | |
142 NULL, /* exit process */ | |
143 NULL, /* exit master */ | |
144 NGX_MODULE_V1_PADDING | |
521 | 145 }; |
146 | |
147 | |
1136 | 148 static ngx_str_t ngx_mail_auth_http_method[] = { |
149 ngx_string("plain"), | |
809 | 150 ngx_string("plain"), |
2748
2477b28eaccb
fix Auth-Method, the bug has been introduced in r2496
Igor Sysoev <igor@sysoev.ru>
parents:
2388
diff
changeset
|
151 ngx_string("plain"), |
809 | 152 ngx_string("apop"), |
2309 | 153 ngx_string("cram-md5"), |
6774
bcb107bb89cd
Mail: support SASL EXTERNAL (RFC 4422).
Rob N ★ <robn@fastmail.com>
parents:
6597
diff
changeset
|
154 ngx_string("external"), |
2309 | 155 ngx_string("none") |
800 | 156 }; |
521 | 157 |
1136 | 158 static ngx_str_t ngx_mail_smtp_errcode = ngx_string("535 5.7.0"); |
521 | 159 |
1477 | 160 |
521 | 161 void |
1136 | 162 ngx_mail_auth_http_init(ngx_mail_session_t *s) |
521 | 163 { |
164 ngx_int_t rc; | |
547 | 165 ngx_pool_t *pool; |
1136 | 166 ngx_mail_auth_http_ctx_t *ctx; |
167 ngx_mail_auth_http_conf_t *ahcf; | |
521 | 168 |
541 | 169 s->connection->log->action = "in http auth state"; |
170 | |
547 | 171 pool = ngx_create_pool(2048, s->connection->log); |
172 if (pool == NULL) { | |
1136 | 173 ngx_mail_session_internal_server_error(s); |
521 | 174 return; |
175 } | |
176 | |
1136 | 177 ctx = ngx_pcalloc(pool, sizeof(ngx_mail_auth_http_ctx_t)); |
547 | 178 if (ctx == NULL) { |
179 ngx_destroy_pool(pool); | |
1136 | 180 ngx_mail_session_internal_server_error(s); |
547 | 181 return; |
182 } | |
183 | |
184 ctx->pool = pool; | |
185 | |
1136 | 186 ahcf = ngx_mail_get_module_srv_conf(s, ngx_mail_auth_http_module); |
521 | 187 |
1136 | 188 ctx->request = ngx_mail_auth_http_create_request(s, pool, ahcf); |
521 | 189 if (ctx->request == NULL) { |
547 | 190 ngx_destroy_pool(ctx->pool); |
1136 | 191 ngx_mail_session_internal_server_error(s); |
521 | 192 return; |
193 } | |
194 | |
1136 | 195 ngx_mail_set_ctx(s, ctx, ngx_mail_auth_http_module); |
521 | 196 |
884 | 197 ctx->peer.sockaddr = ahcf->peer->sockaddr; |
198 ctx->peer.socklen = ahcf->peer->socklen; | |
199 ctx->peer.name = &ahcf->peer->name; | |
200 ctx->peer.get = ngx_event_get_peer; | |
521 | 201 ctx->peer.log = s->connection->log; |
202 ctx->peer.log_error = NGX_ERROR_ERR; | |
203 | |
204 rc = ngx_event_connect_peer(&ctx->peer); | |
205 | |
543 | 206 if (rc == NGX_ERROR || rc == NGX_BUSY || rc == NGX_DECLINED) { |
862
6044cea025fa
fix segfault when connect() failed
Igor Sysoev <igor@sysoev.ru>
parents:
856
diff
changeset
|
207 if (ctx->peer.connection) { |
6044cea025fa
fix segfault when connect() failed
Igor Sysoev <igor@sysoev.ru>
parents:
856
diff
changeset
|
208 ngx_close_connection(ctx->peer.connection); |
6044cea025fa
fix segfault when connect() failed
Igor Sysoev <igor@sysoev.ru>
parents:
856
diff
changeset
|
209 } |
6044cea025fa
fix segfault when connect() failed
Igor Sysoev <igor@sysoev.ru>
parents:
856
diff
changeset
|
210 |
547 | 211 ngx_destroy_pool(ctx->pool); |
1136 | 212 ngx_mail_session_internal_server_error(s); |
521 | 213 return; |
214 } | |
215 | |
216 ctx->peer.connection->data = s; | |
217 ctx->peer.connection->pool = s->connection->pool; | |
218 | |
1136 | 219 s->connection->read->handler = ngx_mail_auth_http_block_read; |
220 ctx->peer.connection->read->handler = ngx_mail_auth_http_read_handler; | |
221 ctx->peer.connection->write->handler = ngx_mail_auth_http_write_handler; | |
521 | 222 |
1136 | 223 ctx->handler = ngx_mail_auth_http_ignore_status_line; |
527 | 224 |
541 | 225 ngx_add_timer(ctx->peer.connection->read, ahcf->timeout); |
226 ngx_add_timer(ctx->peer.connection->write, ahcf->timeout); | |
227 | |
521 | 228 if (rc == NGX_OK) { |
1136 | 229 ngx_mail_auth_http_write_handler(ctx->peer.connection->write); |
521 | 230 return; |
231 } | |
232 } | |
233 | |
234 | |
235 static void | |
1136 | 236 ngx_mail_auth_http_write_handler(ngx_event_t *wev) |
521 | 237 { |
238 ssize_t n, size; | |
239 ngx_connection_t *c; | |
1136 | 240 ngx_mail_session_t *s; |
241 ngx_mail_auth_http_ctx_t *ctx; | |
242 ngx_mail_auth_http_conf_t *ahcf; | |
521 | 243 |
244 c = wev->data; | |
245 s = c->data; | |
246 | |
1136 | 247 ctx = ngx_mail_get_module_ctx(s, ngx_mail_auth_http_module); |
521 | 248 |
1136 | 249 ngx_log_debug0(NGX_LOG_DEBUG_MAIL, wev->log, 0, |
250 "mail auth http write handler"); | |
521 | 251 |
577 | 252 if (wev->timedout) { |
521 | 253 ngx_log_error(NGX_LOG_ERR, wev->log, NGX_ETIMEDOUT, |
884 | 254 "auth http server %V timed out", ctx->peer.name); |
1478 | 255 ngx_close_connection(c); |
547 | 256 ngx_destroy_pool(ctx->pool); |
1136 | 257 ngx_mail_session_internal_server_error(s); |
521 | 258 return; |
259 } | |
260 | |
261 size = ctx->request->last - ctx->request->pos; | |
262 | |
263 n = ngx_send(c, ctx->request->pos, size); | |
264 | |
265 if (n == NGX_ERROR) { | |
1478 | 266 ngx_close_connection(c); |
547 | 267 ngx_destroy_pool(ctx->pool); |
1136 | 268 ngx_mail_session_internal_server_error(s); |
521 | 269 return; |
270 } | |
271 | |
272 if (n > 0) { | |
273 ctx->request->pos += n; | |
274 | |
275 if (n == size) { | |
1136 | 276 wev->handler = ngx_mail_auth_http_dummy_handler; |
521 | 277 |
278 if (wev->timer_set) { | |
279 ngx_del_timer(wev); | |
280 } | |
281 | |
2388
722b5aff05ae
use "!= NGX_OK" instead of "== NGX_ERROR"
Igor Sysoev <igor@sysoev.ru>
parents:
2310
diff
changeset
|
282 if (ngx_handle_write_event(wev, 0) != NGX_OK) { |
1478 | 283 ngx_close_connection(c); |
799
9737d6fb1ac6
disable write level event while waiting auth server response
Igor Sysoev <igor@sysoev.ru>
parents:
633
diff
changeset
|
284 ngx_destroy_pool(ctx->pool); |
1136 | 285 ngx_mail_session_internal_server_error(s); |
799
9737d6fb1ac6
disable write level event while waiting auth server response
Igor Sysoev <igor@sysoev.ru>
parents:
633
diff
changeset
|
286 } |
9737d6fb1ac6
disable write level event while waiting auth server response
Igor Sysoev <igor@sysoev.ru>
parents:
633
diff
changeset
|
287 |
521 | 288 return; |
289 } | |
290 } | |
291 | |
292 if (!wev->timer_set) { | |
1136 | 293 ahcf = ngx_mail_get_module_srv_conf(s, ngx_mail_auth_http_module); |
521 | 294 ngx_add_timer(wev, ahcf->timeout); |
295 } | |
296 } | |
297 | |
298 | |
299 static void | |
1136 | 300 ngx_mail_auth_http_read_handler(ngx_event_t *rev) |
521 | 301 { |
525 | 302 ssize_t n, size; |
521 | 303 ngx_connection_t *c; |
1136 | 304 ngx_mail_session_t *s; |
305 ngx_mail_auth_http_ctx_t *ctx; | |
521 | 306 |
307 c = rev->data; | |
308 s = c->data; | |
309 | |
1136 | 310 ngx_log_debug0(NGX_LOG_DEBUG_MAIL, rev->log, 0, |
311 "mail auth http read handler"); | |
521 | 312 |
1136 | 313 ctx = ngx_mail_get_module_ctx(s, ngx_mail_auth_http_module); |
525 | 314 |
577 | 315 if (rev->timedout) { |
525 | 316 ngx_log_error(NGX_LOG_ERR, rev->log, NGX_ETIMEDOUT, |
884 | 317 "auth http server %V timed out", ctx->peer.name); |
1478 | 318 ngx_close_connection(c); |
547 | 319 ngx_destroy_pool(ctx->pool); |
1136 | 320 ngx_mail_session_internal_server_error(s); |
525 | 321 return; |
322 } | |
323 | |
324 if (ctx->response == NULL) { | |
547 | 325 ctx->response = ngx_create_temp_buf(ctx->pool, 1024); |
525 | 326 if (ctx->response == NULL) { |
1478 | 327 ngx_close_connection(c); |
547 | 328 ngx_destroy_pool(ctx->pool); |
1136 | 329 ngx_mail_session_internal_server_error(s); |
525 | 330 return; |
331 } | |
332 } | |
333 | |
527 | 334 size = ctx->response->end - ctx->response->last; |
525 | 335 |
336 n = ngx_recv(c, ctx->response->pos, size); | |
337 | |
527 | 338 if (n > 0) { |
339 ctx->response->last += n; | |
340 | |
341 ctx->handler(s, ctx); | |
342 return; | |
343 } | |
344 | |
345 if (n == NGX_AGAIN) { | |
525 | 346 return; |
347 } | |
348 | |
1478 | 349 ngx_close_connection(c); |
547 | 350 ngx_destroy_pool(ctx->pool); |
1136 | 351 ngx_mail_session_internal_server_error(s); |
527 | 352 } |
525 | 353 |
354 | |
527 | 355 static void |
1136 | 356 ngx_mail_auth_http_ignore_status_line(ngx_mail_session_t *s, |
357 ngx_mail_auth_http_ctx_t *ctx) | |
527 | 358 { |
359 u_char *p, ch; | |
360 enum { | |
361 sw_start = 0, | |
362 sw_H, | |
363 sw_HT, | |
364 sw_HTT, | |
365 sw_HTTP, | |
366 sw_skip, | |
367 sw_almost_done | |
368 } state; | |
369 | |
1136 | 370 ngx_log_debug0(NGX_LOG_DEBUG_MAIL, s->connection->log, 0, |
371 "mail auth http process status line"); | |
527 | 372 |
373 state = ctx->state; | |
374 | |
375 for (p = ctx->response->pos; p < ctx->response->last; p++) { | |
376 ch = *p; | |
377 | |
378 switch (state) { | |
379 | |
380 /* "HTTP/" */ | |
381 case sw_start: | |
382 if (ch == 'H') { | |
383 state = sw_H; | |
384 break; | |
385 } | |
386 goto next; | |
387 | |
388 case sw_H: | |
389 if (ch == 'T') { | |
390 state = sw_HT; | |
391 break; | |
392 } | |
393 goto next; | |
394 | |
395 case sw_HT: | |
396 if (ch == 'T') { | |
397 state = sw_HTT; | |
398 break; | |
399 } | |
400 goto next; | |
401 | |
402 case sw_HTT: | |
403 if (ch == 'P') { | |
404 state = sw_HTTP; | |
405 break; | |
406 } | |
407 goto next; | |
408 | |
409 case sw_HTTP: | |
410 if (ch == '/') { | |
411 state = sw_skip; | |
412 break; | |
413 } | |
414 goto next; | |
415 | |
416 /* any text until end of line */ | |
417 case sw_skip: | |
418 switch (ch) { | |
419 case CR: | |
420 state = sw_almost_done; | |
421 | |
422 break; | |
577 | 423 case LF: |
527 | 424 goto done; |
425 } | |
426 break; | |
427 | |
428 /* end of status line */ | |
429 case sw_almost_done: | |
430 if (ch == LF) { | |
431 goto done; | |
432 } | |
433 | |
434 ngx_log_error(NGX_LOG_ERR, s->connection->log, 0, | |
6480 | 435 "auth http server %V sent invalid response", |
884 | 436 ctx->peer.name); |
527 | 437 ngx_close_connection(ctx->peer.connection); |
547 | 438 ngx_destroy_pool(ctx->pool); |
1136 | 439 ngx_mail_session_internal_server_error(s); |
527 | 440 return; |
441 } | |
442 } | |
443 | |
444 ctx->response->pos = p; | |
445 ctx->state = state; | |
446 | |
447 return; | |
448 | |
449 next: | |
450 | |
451 p = ctx->response->start - 1; | |
452 | |
453 done: | |
454 | |
455 ctx->response->pos = p + 1; | |
456 ctx->state = 0; | |
1136 | 457 ctx->handler = ngx_mail_auth_http_process_headers; |
527 | 458 ctx->handler(s, ctx); |
459 } | |
525 | 460 |
461 | |
527 | 462 static void |
1136 | 463 ngx_mail_auth_http_process_headers(ngx_mail_session_t *s, |
464 ngx_mail_auth_http_ctx_t *ctx) | |
527 | 465 { |
6593
b3b7e33083ac
Introduced ngx_inet_get_port() and ngx_inet_set_port() functions.
Roman Arutyunyan <arut@nginx.com>
parents:
6480
diff
changeset
|
466 u_char *p; |
b3b7e33083ac
Introduced ngx_inet_get_port() and ngx_inet_set_port() functions.
Roman Arutyunyan <arut@nginx.com>
parents:
6480
diff
changeset
|
467 time_t timer; |
b3b7e33083ac
Introduced ngx_inet_get_port() and ngx_inet_set_port() functions.
Roman Arutyunyan <arut@nginx.com>
parents:
6480
diff
changeset
|
468 size_t len, size; |
b3b7e33083ac
Introduced ngx_inet_get_port() and ngx_inet_set_port() functions.
Roman Arutyunyan <arut@nginx.com>
parents:
6480
diff
changeset
|
469 ngx_int_t rc, port, n; |
b3b7e33083ac
Introduced ngx_inet_get_port() and ngx_inet_set_port() functions.
Roman Arutyunyan <arut@nginx.com>
parents:
6480
diff
changeset
|
470 ngx_addr_t *peer; |
525 | 471 |
1136 | 472 ngx_log_debug0(NGX_LOG_DEBUG_MAIL, s->connection->log, 0, |
473 "mail auth http process headers"); | |
527 | 474 |
475 for ( ;; ) { | |
1136 | 476 rc = ngx_mail_auth_http_parse_header_line(s, ctx); |
527 | 477 |
478 if (rc == NGX_OK) { | |
479 | |
480 #if (NGX_DEBUG) | |
481 { | |
482 ngx_str_t key, value; | |
483 | |
484 key.len = ctx->header_name_end - ctx->header_name_start; | |
485 key.data = ctx->header_name_start; | |
486 value.len = ctx->header_end - ctx->header_start; | |
487 value.data = ctx->header_start; | |
488 | |
1136 | 489 ngx_log_debug2(NGX_LOG_DEBUG_MAIL, s->connection->log, 0, |
490 "mail auth http header: \"%V: %V\"", | |
527 | 491 &key, &value); |
492 } | |
493 #endif | |
494 | |
495 len = ctx->header_name_end - ctx->header_name_start; | |
496 | |
497 if (len == sizeof("Auth-Status") - 1 | |
1107
db7c468c447d
ngx_strcasecmp()/ngx_strncasecmp()
Igor Sysoev <igor@sysoev.ru>
parents:
906
diff
changeset
|
498 && ngx_strncasecmp(ctx->header_name_start, |
db7c468c447d
ngx_strcasecmp()/ngx_strncasecmp()
Igor Sysoev <igor@sysoev.ru>
parents:
906
diff
changeset
|
499 (u_char *) "Auth-Status", |
db7c468c447d
ngx_strcasecmp()/ngx_strncasecmp()
Igor Sysoev <igor@sysoev.ru>
parents:
906
diff
changeset
|
500 sizeof("Auth-Status") - 1) |
db7c468c447d
ngx_strcasecmp()/ngx_strncasecmp()
Igor Sysoev <igor@sysoev.ru>
parents:
906
diff
changeset
|
501 == 0) |
527 | 502 { |
503 len = ctx->header_end - ctx->header_start; | |
504 | |
505 if (len == 2 | |
506 && ctx->header_start[0] == 'O' | |
507 && ctx->header_start[1] == 'K') | |
508 { | |
509 continue; | |
510 } | |
511 | |
883 | 512 if (len == 4 |
513 && ctx->header_start[0] == 'W' | |
514 && ctx->header_start[1] == 'A' | |
515 && ctx->header_start[2] == 'I' | |
516 && ctx->header_start[3] == 'T') | |
517 { | |
518 s->auth_wait = 1; | |
519 continue; | |
520 } | |
521 | |
567 | 522 ctx->errmsg.len = len; |
523 ctx->errmsg.data = ctx->header_start; | |
524 | |
1136 | 525 switch (s->protocol) { |
526 | |
527 case NGX_MAIL_POP3_PROTOCOL: | |
854
1673f197bc62
fix segfault when many auth failures occurred
Igor Sysoev <igor@sysoev.ru>
parents:
809
diff
changeset
|
528 size = sizeof("-ERR ") - 1 + len + sizeof(CRLF) - 1; |
1136 | 529 break; |
527 | 530 |
1136 | 531 case NGX_MAIL_IMAP_PROTOCOL: |
854
1673f197bc62
fix segfault when many auth failures occurred
Igor Sysoev <igor@sysoev.ru>
parents:
809
diff
changeset
|
532 size = s->tag.len + sizeof("NO ") - 1 + len |
527 | 533 + sizeof(CRLF) - 1; |
1136 | 534 break; |
535 | |
536 default: /* NGX_MAIL_SMTP_PROTOCOL */ | |
537 ctx->err = ctx->errmsg; | |
538 continue; | |
527 | 539 } |
540 | |
2061
b0a1c84725cf
change useless ngx_pcalloc() to ngx_pnalloc()
Igor Sysoev <igor@sysoev.ru>
parents:
2049
diff
changeset
|
541 p = ngx_pnalloc(s->connection->pool, size); |
527 | 542 if (p == NULL) { |
543 | 543 ngx_close_connection(ctx->peer.connection); |
547 | 544 ngx_destroy_pool(ctx->pool); |
1136 | 545 ngx_mail_session_internal_server_error(s); |
527 | 546 return; |
547 } | |
548 | |
549 ctx->err.data = p; | |
550 | |
1136 | 551 switch (s->protocol) { |
527 | 552 |
1136 | 553 case NGX_MAIL_POP3_PROTOCOL: |
554 *p++ = '-'; *p++ = 'E'; *p++ = 'R'; *p++ = 'R'; *p++ = ' '; | |
555 break; | |
556 | |
557 case NGX_MAIL_IMAP_PROTOCOL: | |
527 | 558 p = ngx_cpymem(p, s->tag.data, s->tag.len); |
1136 | 559 *p++ = 'N'; *p++ = 'O'; *p++ = ' '; |
560 break; | |
561 | |
562 default: /* NGX_MAIL_SMTP_PROTOCOL */ | |
563 break; | |
527 | 564 } |
565 | |
566 p = ngx_cpymem(p, ctx->header_start, len); | |
567 *p++ = CR; *p++ = LF; | |
568 | |
569 ctx->err.len = p - ctx->err.data; | |
570 | |
571 continue; | |
572 } | |
573 | |
574 if (len == sizeof("Auth-Server") - 1 | |
1107
db7c468c447d
ngx_strcasecmp()/ngx_strncasecmp()
Igor Sysoev <igor@sysoev.ru>
parents:
906
diff
changeset
|
575 && ngx_strncasecmp(ctx->header_name_start, |
db7c468c447d
ngx_strcasecmp()/ngx_strncasecmp()
Igor Sysoev <igor@sysoev.ru>
parents:
906
diff
changeset
|
576 (u_char *) "Auth-Server", |
db7c468c447d
ngx_strcasecmp()/ngx_strncasecmp()
Igor Sysoev <igor@sysoev.ru>
parents:
906
diff
changeset
|
577 sizeof("Auth-Server") - 1) |
db7c468c447d
ngx_strcasecmp()/ngx_strncasecmp()
Igor Sysoev <igor@sysoev.ru>
parents:
906
diff
changeset
|
578 == 0) |
527 | 579 { |
580 ctx->addr.len = ctx->header_end - ctx->header_start; | |
581 ctx->addr.data = ctx->header_start; | |
582 | |
583 continue; | |
584 } | |
585 | |
586 if (len == sizeof("Auth-Port") - 1 | |
1107
db7c468c447d
ngx_strcasecmp()/ngx_strncasecmp()
Igor Sysoev <igor@sysoev.ru>
parents:
906
diff
changeset
|
587 && ngx_strncasecmp(ctx->header_name_start, |
db7c468c447d
ngx_strcasecmp()/ngx_strncasecmp()
Igor Sysoev <igor@sysoev.ru>
parents:
906
diff
changeset
|
588 (u_char *) "Auth-Port", |
db7c468c447d
ngx_strcasecmp()/ngx_strncasecmp()
Igor Sysoev <igor@sysoev.ru>
parents:
906
diff
changeset
|
589 sizeof("Auth-Port") - 1) |
db7c468c447d
ngx_strcasecmp()/ngx_strncasecmp()
Igor Sysoev <igor@sysoev.ru>
parents:
906
diff
changeset
|
590 == 0) |
527 | 591 { |
592 ctx->port.len = ctx->header_end - ctx->header_start; | |
593 ctx->port.data = ctx->header_start; | |
594 | |
595 continue; | |
596 } | |
597 | |
598 if (len == sizeof("Auth-User") - 1 | |
1107
db7c468c447d
ngx_strcasecmp()/ngx_strncasecmp()
Igor Sysoev <igor@sysoev.ru>
parents:
906
diff
changeset
|
599 && ngx_strncasecmp(ctx->header_name_start, |
db7c468c447d
ngx_strcasecmp()/ngx_strncasecmp()
Igor Sysoev <igor@sysoev.ru>
parents:
906
diff
changeset
|
600 (u_char *) "Auth-User", |
db7c468c447d
ngx_strcasecmp()/ngx_strncasecmp()
Igor Sysoev <igor@sysoev.ru>
parents:
906
diff
changeset
|
601 sizeof("Auth-User") - 1) |
db7c468c447d
ngx_strcasecmp()/ngx_strncasecmp()
Igor Sysoev <igor@sysoev.ru>
parents:
906
diff
changeset
|
602 == 0) |
527 | 603 { |
604 s->login.len = ctx->header_end - ctx->header_start; | |
567 | 605 |
2049 | 606 s->login.data = ngx_pnalloc(s->connection->pool, s->login.len); |
567 | 607 if (s->login.data == NULL) { |
608 ngx_close_connection(ctx->peer.connection); | |
609 ngx_destroy_pool(ctx->pool); | |
1136 | 610 ngx_mail_session_internal_server_error(s); |
567 | 611 return; |
612 } | |
613 | |
614 ngx_memcpy(s->login.data, ctx->header_start, s->login.len); | |
527 | 615 |
616 continue; | |
617 } | |
618 | |
800 | 619 if (len == sizeof("Auth-Pass") - 1 |
1107
db7c468c447d
ngx_strcasecmp()/ngx_strncasecmp()
Igor Sysoev <igor@sysoev.ru>
parents:
906
diff
changeset
|
620 && ngx_strncasecmp(ctx->header_name_start, |
db7c468c447d
ngx_strcasecmp()/ngx_strncasecmp()
Igor Sysoev <igor@sysoev.ru>
parents:
906
diff
changeset
|
621 (u_char *) "Auth-Pass", |
db7c468c447d
ngx_strcasecmp()/ngx_strncasecmp()
Igor Sysoev <igor@sysoev.ru>
parents:
906
diff
changeset
|
622 sizeof("Auth-Pass") - 1) |
db7c468c447d
ngx_strcasecmp()/ngx_strncasecmp()
Igor Sysoev <igor@sysoev.ru>
parents:
906
diff
changeset
|
623 == 0) |
800 | 624 { |
625 s->passwd.len = ctx->header_end - ctx->header_start; | |
626 | |
2049 | 627 s->passwd.data = ngx_pnalloc(s->connection->pool, |
628 s->passwd.len); | |
800 | 629 if (s->passwd.data == NULL) { |
630 ngx_close_connection(ctx->peer.connection); | |
631 ngx_destroy_pool(ctx->pool); | |
1136 | 632 ngx_mail_session_internal_server_error(s); |
800 | 633 return; |
634 } | |
635 | |
636 ngx_memcpy(s->passwd.data, ctx->header_start, s->passwd.len); | |
637 | |
638 continue; | |
639 } | |
640 | |
527 | 641 if (len == sizeof("Auth-Wait") - 1 |
1107
db7c468c447d
ngx_strcasecmp()/ngx_strncasecmp()
Igor Sysoev <igor@sysoev.ru>
parents:
906
diff
changeset
|
642 && ngx_strncasecmp(ctx->header_name_start, |
db7c468c447d
ngx_strcasecmp()/ngx_strncasecmp()
Igor Sysoev <igor@sysoev.ru>
parents:
906
diff
changeset
|
643 (u_char *) "Auth-Wait", |
db7c468c447d
ngx_strcasecmp()/ngx_strncasecmp()
Igor Sysoev <igor@sysoev.ru>
parents:
906
diff
changeset
|
644 sizeof("Auth-Wait") - 1) |
db7c468c447d
ngx_strcasecmp()/ngx_strncasecmp()
Igor Sysoev <igor@sysoev.ru>
parents:
906
diff
changeset
|
645 == 0) |
527 | 646 { |
647 n = ngx_atoi(ctx->header_start, | |
648 ctx->header_end - ctx->header_start); | |
649 | |
650 if (n != NGX_ERROR) { | |
651 ctx->sleep = n; | |
652 } | |
653 | |
654 continue; | |
655 } | |
656 | |
1136 | 657 if (len == sizeof("Auth-Error-Code") - 1 |
658 && ngx_strncasecmp(ctx->header_name_start, | |
659 (u_char *) "Auth-Error-Code", | |
660 sizeof("Auth-Error-Code") - 1) | |
661 == 0) | |
662 { | |
663 ctx->errcode.len = ctx->header_end - ctx->header_start; | |
664 | |
2049 | 665 ctx->errcode.data = ngx_pnalloc(s->connection->pool, |
666 ctx->errcode.len); | |
1136 | 667 if (ctx->errcode.data == NULL) { |
668 ngx_close_connection(ctx->peer.connection); | |
669 ngx_destroy_pool(ctx->pool); | |
670 ngx_mail_session_internal_server_error(s); | |
671 return; | |
672 } | |
673 | |
674 ngx_memcpy(ctx->errcode.data, ctx->header_start, | |
675 ctx->errcode.len); | |
676 | |
677 continue; | |
678 } | |
679 | |
527 | 680 /* ignore other headers */ |
681 | |
682 continue; | |
683 } | |
684 | |
685 if (rc == NGX_DONE) { | |
1136 | 686 ngx_log_debug0(NGX_LOG_DEBUG_MAIL, s->connection->log, 0, |
687 "mail auth http header done"); | |
527 | 688 |
689 ngx_close_connection(ctx->peer.connection); | |
690 | |
691 if (ctx->err.len) { | |
1136 | 692 |
567 | 693 ngx_log_error(NGX_LOG_INFO, s->connection->log, 0, |
694 "client login failed: \"%V\"", &ctx->errmsg); | |
695 | |
1136 | 696 if (s->protocol == NGX_MAIL_SMTP_PROTOCOL) { |
697 | |
698 if (ctx->errcode.len == 0) { | |
699 ctx->errcode = ngx_mail_smtp_errcode; | |
700 } | |
701 | |
702 ctx->err.len = ctx->errcode.len + ctx->errmsg.len | |
703 + sizeof(" " CRLF) - 1; | |
704 | |
2049 | 705 p = ngx_pnalloc(s->connection->pool, ctx->err.len); |
1166 | 706 if (p == NULL) { |
707 ngx_destroy_pool(ctx->pool); | |
708 ngx_mail_session_internal_server_error(s); | |
709 return; | |
710 } | |
1136 | 711 |
1166 | 712 ctx->err.data = p; |
1136 | 713 |
1166 | 714 p = ngx_cpymem(p, ctx->errcode.data, ctx->errcode.len); |
1136 | 715 *p++ = ' '; |
1166 | 716 p = ngx_cpymem(p, ctx->errmsg.data, ctx->errmsg.len); |
1136 | 717 *p++ = CR; *p = LF; |
718 } | |
719 | |
539 | 720 s->out = ctx->err; |
547 | 721 timer = ctx->sleep; |
527 | 722 |
547 | 723 ngx_destroy_pool(ctx->pool); |
724 | |
725 if (timer == 0) { | |
539 | 726 s->quit = 1; |
1136 | 727 ngx_mail_send(s->connection->write); |
541 | 728 return; |
729 } | |
539 | 730 |
1640 | 731 ngx_add_timer(s->connection->read, (ngx_msec_t) (timer * 1000)); |
527 | 732 |
1136 | 733 s->connection->read->handler = ngx_mail_auth_sleep_handler; |
527 | 734 |
735 return; | |
736 } | |
737 | |
883 | 738 if (s->auth_wait) { |
739 timer = ctx->sleep; | |
740 | |
741 ngx_destroy_pool(ctx->pool); | |
742 | |
743 if (timer == 0) { | |
1136 | 744 ngx_mail_auth_http_init(s); |
883 | 745 return; |
746 } | |
747 | |
1640 | 748 ngx_add_timer(s->connection->read, (ngx_msec_t) (timer * 1000)); |
883 | 749 |
1136 | 750 s->connection->read->handler = ngx_mail_auth_sleep_handler; |
883 | 751 |
752 return; | |
753 } | |
754 | |
527 | 755 if (ctx->addr.len == 0 || ctx->port.len == 0) { |
756 ngx_log_error(NGX_LOG_ERR, s->connection->log, 0, | |
541 | 757 "auth http server %V did not send server or port", |
884 | 758 ctx->peer.name); |
547 | 759 ngx_destroy_pool(ctx->pool); |
1136 | 760 ngx_mail_session_internal_server_error(s); |
527 | 761 return; |
762 } | |
763 | |
1487
f69493e8faab
ngx_mail_pop3_module, ngx_mail_imap_module, and ngx_mail_smtp_module
Igor Sysoev <igor@sysoev.ru>
parents:
1478
diff
changeset
|
764 if (s->passwd.data == NULL |
f69493e8faab
ngx_mail_pop3_module, ngx_mail_imap_module, and ngx_mail_smtp_module
Igor Sysoev <igor@sysoev.ru>
parents:
1478
diff
changeset
|
765 && s->protocol != NGX_MAIL_SMTP_PROTOCOL) |
1136 | 766 { |
800 | 767 ngx_log_error(NGX_LOG_ERR, s->connection->log, 0, |
768 "auth http server %V did not send password", | |
884 | 769 ctx->peer.name); |
800 | 770 ngx_destroy_pool(ctx->pool); |
1136 | 771 ngx_mail_session_internal_server_error(s); |
800 | 772 return; |
773 } | |
774 | |
3269
f0d596e84634
rename ngx_peer_addr_t to ngx_addr_t
Igor Sysoev <igor@sysoev.ru>
parents:
3267
diff
changeset
|
775 peer = ngx_pcalloc(s->connection->pool, sizeof(ngx_addr_t)); |
884 | 776 if (peer == NULL) { |
547 | 777 ngx_destroy_pool(ctx->pool); |
1136 | 778 ngx_mail_session_internal_server_error(s); |
527 | 779 return; |
780 } | |
781 | |
5134
c788e54090de
Mail: IPv6 backends (ticket #323).
Ruslan Ermilov <ru@nginx.com>
parents:
4971
diff
changeset
|
782 rc = ngx_parse_addr(s->connection->pool, peer, |
c788e54090de
Mail: IPv6 backends (ticket #323).
Ruslan Ermilov <ru@nginx.com>
parents:
4971
diff
changeset
|
783 ctx->addr.data, ctx->addr.len); |
c788e54090de
Mail: IPv6 backends (ticket #323).
Ruslan Ermilov <ru@nginx.com>
parents:
4971
diff
changeset
|
784 |
c788e54090de
Mail: IPv6 backends (ticket #323).
Ruslan Ermilov <ru@nginx.com>
parents:
4971
diff
changeset
|
785 switch (rc) { |
c788e54090de
Mail: IPv6 backends (ticket #323).
Ruslan Ermilov <ru@nginx.com>
parents:
4971
diff
changeset
|
786 case NGX_OK: |
c788e54090de
Mail: IPv6 backends (ticket #323).
Ruslan Ermilov <ru@nginx.com>
parents:
4971
diff
changeset
|
787 break; |
2855
a96a8c916b0c
mail proxy listen IPv6 support
Igor Sysoev <igor@sysoev.ru>
parents:
2748
diff
changeset
|
788 |
5134
c788e54090de
Mail: IPv6 backends (ticket #323).
Ruslan Ermilov <ru@nginx.com>
parents:
4971
diff
changeset
|
789 case NGX_DECLINED: |
c788e54090de
Mail: IPv6 backends (ticket #323).
Ruslan Ermilov <ru@nginx.com>
parents:
4971
diff
changeset
|
790 ngx_log_error(NGX_LOG_ERR, s->connection->log, 0, |
c788e54090de
Mail: IPv6 backends (ticket #323).
Ruslan Ermilov <ru@nginx.com>
parents:
4971
diff
changeset
|
791 "auth http server %V sent invalid server " |
c788e54090de
Mail: IPv6 backends (ticket #323).
Ruslan Ermilov <ru@nginx.com>
parents:
4971
diff
changeset
|
792 "address:\"%V\"", |
c788e54090de
Mail: IPv6 backends (ticket #323).
Ruslan Ermilov <ru@nginx.com>
parents:
4971
diff
changeset
|
793 ctx->peer.name, &ctx->addr); |
c788e54090de
Mail: IPv6 backends (ticket #323).
Ruslan Ermilov <ru@nginx.com>
parents:
4971
diff
changeset
|
794 /* fall through */ |
c788e54090de
Mail: IPv6 backends (ticket #323).
Ruslan Ermilov <ru@nginx.com>
parents:
4971
diff
changeset
|
795 |
c788e54090de
Mail: IPv6 backends (ticket #323).
Ruslan Ermilov <ru@nginx.com>
parents:
4971
diff
changeset
|
796 default: |
547 | 797 ngx_destroy_pool(ctx->pool); |
1136 | 798 ngx_mail_session_internal_server_error(s); |
527 | 799 return; |
800 } | |
801 | |
802 port = ngx_atoi(ctx->port.data, ctx->port.len); | |
4227 | 803 if (port == NGX_ERROR || port < 1 || port > 65535) { |
527 | 804 ngx_log_error(NGX_LOG_ERR, s->connection->log, 0, |
541 | 805 "auth http server %V sent invalid server " |
806 "port:\"%V\"", | |
884 | 807 ctx->peer.name, &ctx->port); |
547 | 808 ngx_destroy_pool(ctx->pool); |
1136 | 809 ngx_mail_session_internal_server_error(s); |
527 | 810 return; |
811 } | |
812 | |
6597 | 813 ngx_inet_set_port(peer->sockaddr, (in_port_t) port); |
527 | 814 |
815 len = ctx->addr.len + 1 + ctx->port.len; | |
816 | |
884 | 817 peer->name.len = len; |
527 | 818 |
2049 | 819 peer->name.data = ngx_pnalloc(s->connection->pool, len); |
884 | 820 if (peer->name.data == NULL) { |
547 | 821 ngx_destroy_pool(ctx->pool); |
1136 | 822 ngx_mail_session_internal_server_error(s); |
527 | 823 return; |
824 } | |
825 | |
826 len = ctx->addr.len; | |
827 | |
884 | 828 ngx_memcpy(peer->name.data, ctx->addr.data, len); |
527 | 829 |
884 | 830 peer->name.data[len++] = ':'; |
527 | 831 |
884 | 832 ngx_memcpy(peer->name.data + len, ctx->port.data, ctx->port.len); |
527 | 833 |
547 | 834 ngx_destroy_pool(ctx->pool); |
1136 | 835 ngx_mail_proxy_init(s, peer); |
527 | 836 |
837 return; | |
838 } | |
839 | |
840 if (rc == NGX_AGAIN ) { | |
841 return; | |
842 } | |
843 | |
844 /* rc == NGX_ERROR */ | |
845 | |
846 ngx_log_error(NGX_LOG_ERR, s->connection->log, 0, | |
541 | 847 "auth http server %V sent invalid header in response", |
884 | 848 ctx->peer.name); |
527 | 849 ngx_close_connection(ctx->peer.connection); |
547 | 850 ngx_destroy_pool(ctx->pool); |
1136 | 851 ngx_mail_session_internal_server_error(s); |
527 | 852 |
853 return; | |
854 } | |
855 } | |
856 | |
521 | 857 |
527 | 858 static void |
1136 | 859 ngx_mail_auth_sleep_handler(ngx_event_t *rev) |
527 | 860 { |
543 | 861 ngx_connection_t *c; |
1136 | 862 ngx_mail_session_t *s; |
863 ngx_mail_core_srv_conf_t *cscf; | |
527 | 864 |
1136 | 865 ngx_log_debug0(NGX_LOG_DEBUG_MAIL, rev->log, 0, "mail auth sleep handler"); |
527 | 866 |
867 c = rev->data; | |
868 s = c->data; | |
869 | |
870 if (rev->timedout) { | |
871 | |
872 rev->timedout = 0; | |
873 | |
883 | 874 if (s->auth_wait) { |
875 s->auth_wait = 0; | |
1136 | 876 ngx_mail_auth_http_init(s); |
883 | 877 return; |
878 } | |
879 | |
1487
f69493e8faab
ngx_mail_pop3_module, ngx_mail_imap_module, and ngx_mail_smtp_module
Igor Sysoev <igor@sysoev.ru>
parents:
1478
diff
changeset
|
880 cscf = ngx_mail_get_module_srv_conf(s, ngx_mail_core_module); |
527 | 881 |
1487
f69493e8faab
ngx_mail_pop3_module, ngx_mail_imap_module, and ngx_mail_smtp_module
Igor Sysoev <igor@sysoev.ru>
parents:
1478
diff
changeset
|
882 rev->handler = cscf->protocol->auth_state; |
f69493e8faab
ngx_mail_pop3_module, ngx_mail_imap_module, and ngx_mail_smtp_module
Igor Sysoev <igor@sysoev.ru>
parents:
1478
diff
changeset
|
883 |
f69493e8faab
ngx_mail_pop3_module, ngx_mail_imap_module, and ngx_mail_smtp_module
Igor Sysoev <igor@sysoev.ru>
parents:
1478
diff
changeset
|
884 s->mail_state = 0; |
1136 | 885 s->auth_method = NGX_MAIL_AUTH_PLAIN; |
9274
46ecad404a29
Mail: reset imap tag to empty after authentication attempt.
Rob Mueller <robm@fastmailteam.com>
parents:
7905
diff
changeset
|
886 s->tag.len = 0; |
800 | 887 |
543 | 888 c->log->action = "in auth state"; |
889 | |
1477 | 890 ngx_mail_send(c->write); |
543 | 891 |
583 | 892 if (c->destroyed) { |
543 | 893 return; |
894 } | |
895 | |
896 ngx_add_timer(rev, cscf->timeout); | |
897 | |
527 | 898 if (rev->ready) { |
1477 | 899 rev->handler(rev); |
527 | 900 return; |
901 } | |
902 | |
2388
722b5aff05ae
use "!= NGX_OK" instead of "== NGX_ERROR"
Igor Sysoev <igor@sysoev.ru>
parents:
2310
diff
changeset
|
903 if (ngx_handle_read_event(rev, 0) != NGX_OK) { |
1477 | 904 ngx_mail_close_connection(c); |
527 | 905 } |
906 | |
907 return; | |
908 } | |
909 | |
910 if (rev->active) { | |
2388
722b5aff05ae
use "!= NGX_OK" instead of "== NGX_ERROR"
Igor Sysoev <igor@sysoev.ru>
parents:
2310
diff
changeset
|
911 if (ngx_handle_read_event(rev, 0) != NGX_OK) { |
1477 | 912 ngx_mail_close_connection(c); |
527 | 913 } |
914 } | |
915 } | |
916 | |
917 | |
918 static ngx_int_t | |
1136 | 919 ngx_mail_auth_http_parse_header_line(ngx_mail_session_t *s, |
920 ngx_mail_auth_http_ctx_t *ctx) | |
527 | 921 { |
922 u_char c, ch, *p; | |
923 enum { | |
924 sw_start = 0, | |
925 sw_name, | |
926 sw_space_before_value, | |
927 sw_value, | |
928 sw_space_after_value, | |
577 | 929 sw_almost_done, |
527 | 930 sw_header_almost_done |
931 } state; | |
932 | |
577 | 933 state = ctx->state; |
527 | 934 |
935 for (p = ctx->response->pos; p < ctx->response->last; p++) { | |
936 ch = *p; | |
937 | |
938 switch (state) { | |
939 | |
940 /* first char */ | |
941 case sw_start: | |
942 | |
943 switch (ch) { | |
944 case CR: | |
577 | 945 ctx->header_end = p; |
527 | 946 state = sw_header_almost_done; |
947 break; | |
577 | 948 case LF: |
527 | 949 ctx->header_end = p; |
950 goto header_done; | |
951 default: | |
952 state = sw_name; | |
953 ctx->header_name_start = p; | |
954 | |
955 c = (u_char) (ch | 0x20); | |
956 if (c >= 'a' && c <= 'z') { | |
957 break; | |
958 } | |
959 | |
960 if (ch >= '0' && ch <= '9') { | |
961 break; | |
962 } | |
963 | |
964 return NGX_ERROR; | |
965 } | |
966 break; | |
967 | |
968 /* header name */ | |
969 case sw_name: | |
970 c = (u_char) (ch | 0x20); | |
971 if (c >= 'a' && c <= 'z') { | |
972 break; | |
973 } | |
974 | |
975 if (ch == ':') { | |
976 ctx->header_name_end = p; | |
977 state = sw_space_before_value; | |
978 break; | |
979 } | |
980 | |
981 if (ch == '-') { | |
982 break; | |
983 } | |
984 | |
985 if (ch >= '0' && ch <= '9') { | |
986 break; | |
987 } | |
988 | |
989 if (ch == CR) { | |
990 ctx->header_name_end = p; | |
991 ctx->header_start = p; | |
992 ctx->header_end = p; | |
993 state = sw_almost_done; | |
994 break; | |
995 } | |
996 | |
997 if (ch == LF) { | |
998 ctx->header_name_end = p; | |
999 ctx->header_start = p; | |
1000 ctx->header_end = p; | |
1001 goto done; | |
1002 } | |
1003 | |
1004 return NGX_ERROR; | |
1005 | |
1006 /* space* before header value */ | |
1007 case sw_space_before_value: | |
1008 switch (ch) { | |
1009 case ' ': | |
1010 break; | |
1011 case CR: | |
1012 ctx->header_start = p; | |
1013 ctx->header_end = p; | |
1014 state = sw_almost_done; | |
1015 break; | |
1016 case LF: | |
1017 ctx->header_start = p; | |
1018 ctx->header_end = p; | |
1019 goto done; | |
1020 default: | |
1021 ctx->header_start = p; | |
1022 state = sw_value; | |
1023 break; | |
1024 } | |
1025 break; | |
1026 | |
1027 /* header value */ | |
1028 case sw_value: | |
1029 switch (ch) { | |
1030 case ' ': | |
1031 ctx->header_end = p; | |
1032 state = sw_space_after_value; | |
1033 break; | |
1034 case CR: | |
1035 ctx->header_end = p; | |
1036 state = sw_almost_done; | |
1037 break; | |
1038 case LF: | |
1039 ctx->header_end = p; | |
1040 goto done; | |
1041 } | |
1042 break; | |
1043 | |
1044 /* space* before end of header line */ | |
1045 case sw_space_after_value: | |
1046 switch (ch) { | |
1047 case ' ': | |
1048 break; | |
1049 case CR: | |
1050 state = sw_almost_done; | |
1051 break; | |
1052 case LF: | |
1053 goto done; | |
1054 default: | |
1055 state = sw_value; | |
1056 break; | |
1057 } | |
1058 break; | |
1059 | |
1060 /* end of header line */ | |
1061 case sw_almost_done: | |
1062 switch (ch) { | |
1063 case LF: | |
1064 goto done; | |
1065 default: | |
1066 return NGX_ERROR; | |
1067 } | |
1068 | |
1069 /* end of header */ | |
1070 case sw_header_almost_done: | |
1071 switch (ch) { | |
1072 case LF: | |
1073 goto header_done; | |
1074 default: | |
1075 return NGX_ERROR; | |
1076 } | |
1077 } | |
1078 } | |
1079 | |
1080 ctx->response->pos = p; | |
1081 ctx->state = state; | |
1082 | |
1083 return NGX_AGAIN; | |
1084 | |
1085 done: | |
1086 | |
1087 ctx->response->pos = p + 1; | |
1088 ctx->state = sw_start; | |
1089 | |
1090 return NGX_OK; | |
1091 | |
1092 header_done: | |
1093 | |
1094 ctx->response->pos = p + 1; | |
1095 ctx->state = sw_start; | |
1096 | |
1097 return NGX_DONE; | |
521 | 1098 } |
1099 | |
1100 | |
1101 static void | |
1136 | 1102 ngx_mail_auth_http_block_read(ngx_event_t *rev) |
521 | 1103 { |
1104 ngx_connection_t *c; | |
1136 | 1105 ngx_mail_session_t *s; |
1106 ngx_mail_auth_http_ctx_t *ctx; | |
521 | 1107 |
1136 | 1108 ngx_log_debug0(NGX_LOG_DEBUG_MAIL, rev->log, 0, |
1109 "mail auth http block read"); | |
521 | 1110 |
2388
722b5aff05ae
use "!= NGX_OK" instead of "== NGX_ERROR"
Igor Sysoev <igor@sysoev.ru>
parents:
2310
diff
changeset
|
1111 if (ngx_handle_read_event(rev, 0) != NGX_OK) { |
521 | 1112 c = rev->data; |
1113 s = c->data; | |
1114 | |
1136 | 1115 ctx = ngx_mail_get_module_ctx(s, ngx_mail_auth_http_module); |
521 | 1116 |
525 | 1117 ngx_close_connection(ctx->peer.connection); |
547 | 1118 ngx_destroy_pool(ctx->pool); |
1136 | 1119 ngx_mail_session_internal_server_error(s); |
521 | 1120 } |
1121 } | |
1122 | |
1123 | |
1124 static void | |
1136 | 1125 ngx_mail_auth_http_dummy_handler(ngx_event_t *ev) |
521 | 1126 { |
1136 | 1127 ngx_log_debug0(NGX_LOG_DEBUG_MAIL, ev->log, 0, |
1128 "mail auth http dummy handler"); | |
521 | 1129 } |
1130 | |
1131 | |
1132 static ngx_buf_t * | |
1136 | 1133 ngx_mail_auth_http_create_request(ngx_mail_session_t *s, ngx_pool_t *pool, |
1134 ngx_mail_auth_http_conf_t *ahcf) | |
521 | 1135 { |
1487
f69493e8faab
ngx_mail_pop3_module, ngx_mail_imap_module, and ngx_mail_smtp_module
Igor Sysoev <igor@sysoev.ru>
parents:
1478
diff
changeset
|
1136 size_t len; |
f69493e8faab
ngx_mail_pop3_module, ngx_mail_imap_module, and ngx_mail_smtp_module
Igor Sysoev <igor@sysoev.ru>
parents:
1478
diff
changeset
|
1137 ngx_buf_t *b; |
f69493e8faab
ngx_mail_pop3_module, ngx_mail_imap_module, and ngx_mail_smtp_module
Igor Sysoev <igor@sysoev.ru>
parents:
1478
diff
changeset
|
1138 ngx_str_t login, passwd; |
7801
777373b5a169
Mail: fixed build without SSL.
Maxim Dounin <mdounin@mdounin.ru>
parents:
7794
diff
changeset
|
1139 ngx_connection_t *c; |
5989
ec01b1d1fff1
Mail: client SSL certificates support.
Maxim Dounin <mdounin@mdounin.ru>
parents:
5988
diff
changeset
|
1140 #if (NGX_MAIL_SSL) |
7905
13d0c1d26d47
Mail: Auth-SSL-Protocol and Auth-SSL-Cipher headers (ticket #2134).
Rob Mueller <robm@fastmail.fm>
parents:
7801
diff
changeset
|
1141 ngx_str_t protocol, cipher, verify, subject, issuer, |
13d0c1d26d47
Mail: Auth-SSL-Protocol and Auth-SSL-Cipher headers (ticket #2134).
Rob Mueller <robm@fastmail.fm>
parents:
7801
diff
changeset
|
1142 serial, fingerprint, raw_cert, cert; |
5990
6a7c6973d6fc
Mail: don't emit Auth-SSL-Verify with disabled ssl_verify_client.
Sergey Kandaurov <pluknet@nginx.com>
parents:
5989
diff
changeset
|
1143 ngx_mail_ssl_conf_t *sslcf; |
5989
ec01b1d1fff1
Mail: client SSL certificates support.
Maxim Dounin <mdounin@mdounin.ru>
parents:
5988
diff
changeset
|
1144 #endif |
1487
f69493e8faab
ngx_mail_pop3_module, ngx_mail_imap_module, and ngx_mail_smtp_module
Igor Sysoev <igor@sysoev.ru>
parents:
1478
diff
changeset
|
1145 ngx_mail_core_srv_conf_t *cscf; |
633 | 1146 |
1136 | 1147 if (ngx_mail_auth_http_escape(pool, &s->login, &login) != NGX_OK) { |
633 | 1148 return NULL; |
1149 } | |
1150 | |
1136 | 1151 if (ngx_mail_auth_http_escape(pool, &s->passwd, &passwd) != NGX_OK) { |
633 | 1152 return NULL; |
1153 } | |
521 | 1154 |
7801
777373b5a169
Mail: fixed build without SSL.
Maxim Dounin <mdounin@mdounin.ru>
parents:
7794
diff
changeset
|
1155 c = s->connection; |
777373b5a169
Mail: fixed build without SSL.
Maxim Dounin <mdounin@mdounin.ru>
parents:
7794
diff
changeset
|
1156 |
5989
ec01b1d1fff1
Mail: client SSL certificates support.
Maxim Dounin <mdounin@mdounin.ru>
parents:
5988
diff
changeset
|
1157 #if (NGX_MAIL_SSL) |
ec01b1d1fff1
Mail: client SSL certificates support.
Maxim Dounin <mdounin@mdounin.ru>
parents:
5988
diff
changeset
|
1158 |
7905
13d0c1d26d47
Mail: Auth-SSL-Protocol and Auth-SSL-Cipher headers (ticket #2134).
Rob Mueller <robm@fastmail.fm>
parents:
7801
diff
changeset
|
1159 if (c->ssl) { |
13d0c1d26d47
Mail: Auth-SSL-Protocol and Auth-SSL-Cipher headers (ticket #2134).
Rob Mueller <robm@fastmail.fm>
parents:
7801
diff
changeset
|
1160 |
13d0c1d26d47
Mail: Auth-SSL-Protocol and Auth-SSL-Cipher headers (ticket #2134).
Rob Mueller <robm@fastmail.fm>
parents:
7801
diff
changeset
|
1161 if (ngx_ssl_get_protocol(c, pool, &protocol) != NGX_OK) { |
13d0c1d26d47
Mail: Auth-SSL-Protocol and Auth-SSL-Cipher headers (ticket #2134).
Rob Mueller <robm@fastmail.fm>
parents:
7801
diff
changeset
|
1162 return NULL; |
13d0c1d26d47
Mail: Auth-SSL-Protocol and Auth-SSL-Cipher headers (ticket #2134).
Rob Mueller <robm@fastmail.fm>
parents:
7801
diff
changeset
|
1163 } |
13d0c1d26d47
Mail: Auth-SSL-Protocol and Auth-SSL-Cipher headers (ticket #2134).
Rob Mueller <robm@fastmail.fm>
parents:
7801
diff
changeset
|
1164 |
13d0c1d26d47
Mail: Auth-SSL-Protocol and Auth-SSL-Cipher headers (ticket #2134).
Rob Mueller <robm@fastmail.fm>
parents:
7801
diff
changeset
|
1165 protocol.len = ngx_strlen(protocol.data); |
13d0c1d26d47
Mail: Auth-SSL-Protocol and Auth-SSL-Cipher headers (ticket #2134).
Rob Mueller <robm@fastmail.fm>
parents:
7801
diff
changeset
|
1166 |
13d0c1d26d47
Mail: Auth-SSL-Protocol and Auth-SSL-Cipher headers (ticket #2134).
Rob Mueller <robm@fastmail.fm>
parents:
7801
diff
changeset
|
1167 if (ngx_ssl_get_cipher_name(c, pool, &cipher) != NGX_OK) { |
13d0c1d26d47
Mail: Auth-SSL-Protocol and Auth-SSL-Cipher headers (ticket #2134).
Rob Mueller <robm@fastmail.fm>
parents:
7801
diff
changeset
|
1168 return NULL; |
13d0c1d26d47
Mail: Auth-SSL-Protocol and Auth-SSL-Cipher headers (ticket #2134).
Rob Mueller <robm@fastmail.fm>
parents:
7801
diff
changeset
|
1169 } |
13d0c1d26d47
Mail: Auth-SSL-Protocol and Auth-SSL-Cipher headers (ticket #2134).
Rob Mueller <robm@fastmail.fm>
parents:
7801
diff
changeset
|
1170 |
13d0c1d26d47
Mail: Auth-SSL-Protocol and Auth-SSL-Cipher headers (ticket #2134).
Rob Mueller <robm@fastmail.fm>
parents:
7801
diff
changeset
|
1171 cipher.len = ngx_strlen(cipher.data); |
13d0c1d26d47
Mail: Auth-SSL-Protocol and Auth-SSL-Cipher headers (ticket #2134).
Rob Mueller <robm@fastmail.fm>
parents:
7801
diff
changeset
|
1172 |
13d0c1d26d47
Mail: Auth-SSL-Protocol and Auth-SSL-Cipher headers (ticket #2134).
Rob Mueller <robm@fastmail.fm>
parents:
7801
diff
changeset
|
1173 } else { |
13d0c1d26d47
Mail: Auth-SSL-Protocol and Auth-SSL-Cipher headers (ticket #2134).
Rob Mueller <robm@fastmail.fm>
parents:
7801
diff
changeset
|
1174 ngx_str_null(&protocol); |
13d0c1d26d47
Mail: Auth-SSL-Protocol and Auth-SSL-Cipher headers (ticket #2134).
Rob Mueller <robm@fastmail.fm>
parents:
7801
diff
changeset
|
1175 ngx_str_null(&cipher); |
13d0c1d26d47
Mail: Auth-SSL-Protocol and Auth-SSL-Cipher headers (ticket #2134).
Rob Mueller <robm@fastmail.fm>
parents:
7801
diff
changeset
|
1176 } |
13d0c1d26d47
Mail: Auth-SSL-Protocol and Auth-SSL-Cipher headers (ticket #2134).
Rob Mueller <robm@fastmail.fm>
parents:
7801
diff
changeset
|
1177 |
5990
6a7c6973d6fc
Mail: don't emit Auth-SSL-Verify with disabled ssl_verify_client.
Sergey Kandaurov <pluknet@nginx.com>
parents:
5989
diff
changeset
|
1178 sslcf = ngx_mail_get_module_srv_conf(s, ngx_mail_ssl_module); |
5989
ec01b1d1fff1
Mail: client SSL certificates support.
Maxim Dounin <mdounin@mdounin.ru>
parents:
5988
diff
changeset
|
1179 |
5990
6a7c6973d6fc
Mail: don't emit Auth-SSL-Verify with disabled ssl_verify_client.
Sergey Kandaurov <pluknet@nginx.com>
parents:
5989
diff
changeset
|
1180 if (c->ssl && sslcf->verify) { |
5989
ec01b1d1fff1
Mail: client SSL certificates support.
Maxim Dounin <mdounin@mdounin.ru>
parents:
5988
diff
changeset
|
1181 |
ec01b1d1fff1
Mail: client SSL certificates support.
Maxim Dounin <mdounin@mdounin.ru>
parents:
5988
diff
changeset
|
1182 /* certificate details */ |
ec01b1d1fff1
Mail: client SSL certificates support.
Maxim Dounin <mdounin@mdounin.ru>
parents:
5988
diff
changeset
|
1183 |
ec01b1d1fff1
Mail: client SSL certificates support.
Maxim Dounin <mdounin@mdounin.ru>
parents:
5988
diff
changeset
|
1184 if (ngx_ssl_get_client_verify(c, pool, &verify) != NGX_OK) { |
ec01b1d1fff1
Mail: client SSL certificates support.
Maxim Dounin <mdounin@mdounin.ru>
parents:
5988
diff
changeset
|
1185 return NULL; |
ec01b1d1fff1
Mail: client SSL certificates support.
Maxim Dounin <mdounin@mdounin.ru>
parents:
5988
diff
changeset
|
1186 } |
ec01b1d1fff1
Mail: client SSL certificates support.
Maxim Dounin <mdounin@mdounin.ru>
parents:
5988
diff
changeset
|
1187 |
ec01b1d1fff1
Mail: client SSL certificates support.
Maxim Dounin <mdounin@mdounin.ru>
parents:
5988
diff
changeset
|
1188 if (ngx_ssl_get_subject_dn(c, pool, &subject) != NGX_OK) { |
ec01b1d1fff1
Mail: client SSL certificates support.
Maxim Dounin <mdounin@mdounin.ru>
parents:
5988
diff
changeset
|
1189 return NULL; |
ec01b1d1fff1
Mail: client SSL certificates support.
Maxim Dounin <mdounin@mdounin.ru>
parents:
5988
diff
changeset
|
1190 } |
ec01b1d1fff1
Mail: client SSL certificates support.
Maxim Dounin <mdounin@mdounin.ru>
parents:
5988
diff
changeset
|
1191 |
ec01b1d1fff1
Mail: client SSL certificates support.
Maxim Dounin <mdounin@mdounin.ru>
parents:
5988
diff
changeset
|
1192 if (ngx_ssl_get_issuer_dn(c, pool, &issuer) != NGX_OK) { |
ec01b1d1fff1
Mail: client SSL certificates support.
Maxim Dounin <mdounin@mdounin.ru>
parents:
5988
diff
changeset
|
1193 return NULL; |
ec01b1d1fff1
Mail: client SSL certificates support.
Maxim Dounin <mdounin@mdounin.ru>
parents:
5988
diff
changeset
|
1194 } |
ec01b1d1fff1
Mail: client SSL certificates support.
Maxim Dounin <mdounin@mdounin.ru>
parents:
5988
diff
changeset
|
1195 |
ec01b1d1fff1
Mail: client SSL certificates support.
Maxim Dounin <mdounin@mdounin.ru>
parents:
5988
diff
changeset
|
1196 if (ngx_ssl_get_serial_number(c, pool, &serial) != NGX_OK) { |
ec01b1d1fff1
Mail: client SSL certificates support.
Maxim Dounin <mdounin@mdounin.ru>
parents:
5988
diff
changeset
|
1197 return NULL; |
ec01b1d1fff1
Mail: client SSL certificates support.
Maxim Dounin <mdounin@mdounin.ru>
parents:
5988
diff
changeset
|
1198 } |
ec01b1d1fff1
Mail: client SSL certificates support.
Maxim Dounin <mdounin@mdounin.ru>
parents:
5988
diff
changeset
|
1199 |
ec01b1d1fff1
Mail: client SSL certificates support.
Maxim Dounin <mdounin@mdounin.ru>
parents:
5988
diff
changeset
|
1200 if (ngx_ssl_get_fingerprint(c, pool, &fingerprint) != NGX_OK) { |
ec01b1d1fff1
Mail: client SSL certificates support.
Maxim Dounin <mdounin@mdounin.ru>
parents:
5988
diff
changeset
|
1201 return NULL; |
ec01b1d1fff1
Mail: client SSL certificates support.
Maxim Dounin <mdounin@mdounin.ru>
parents:
5988
diff
changeset
|
1202 } |
ec01b1d1fff1
Mail: client SSL certificates support.
Maxim Dounin <mdounin@mdounin.ru>
parents:
5988
diff
changeset
|
1203 |
ec01b1d1fff1
Mail: client SSL certificates support.
Maxim Dounin <mdounin@mdounin.ru>
parents:
5988
diff
changeset
|
1204 if (ahcf->pass_client_cert) { |
ec01b1d1fff1
Mail: client SSL certificates support.
Maxim Dounin <mdounin@mdounin.ru>
parents:
5988
diff
changeset
|
1205 |
ec01b1d1fff1
Mail: client SSL certificates support.
Maxim Dounin <mdounin@mdounin.ru>
parents:
5988
diff
changeset
|
1206 /* certificate itself, if configured */ |
ec01b1d1fff1
Mail: client SSL certificates support.
Maxim Dounin <mdounin@mdounin.ru>
parents:
5988
diff
changeset
|
1207 |
ec01b1d1fff1
Mail: client SSL certificates support.
Maxim Dounin <mdounin@mdounin.ru>
parents:
5988
diff
changeset
|
1208 if (ngx_ssl_get_raw_certificate(c, pool, &raw_cert) != NGX_OK) { |
ec01b1d1fff1
Mail: client SSL certificates support.
Maxim Dounin <mdounin@mdounin.ru>
parents:
5988
diff
changeset
|
1209 return NULL; |
ec01b1d1fff1
Mail: client SSL certificates support.
Maxim Dounin <mdounin@mdounin.ru>
parents:
5988
diff
changeset
|
1210 } |
ec01b1d1fff1
Mail: client SSL certificates support.
Maxim Dounin <mdounin@mdounin.ru>
parents:
5988
diff
changeset
|
1211 |
ec01b1d1fff1
Mail: client SSL certificates support.
Maxim Dounin <mdounin@mdounin.ru>
parents:
5988
diff
changeset
|
1212 if (ngx_mail_auth_http_escape(pool, &raw_cert, &cert) != NGX_OK) { |
ec01b1d1fff1
Mail: client SSL certificates support.
Maxim Dounin <mdounin@mdounin.ru>
parents:
5988
diff
changeset
|
1213 return NULL; |
ec01b1d1fff1
Mail: client SSL certificates support.
Maxim Dounin <mdounin@mdounin.ru>
parents:
5988
diff
changeset
|
1214 } |
ec01b1d1fff1
Mail: client SSL certificates support.
Maxim Dounin <mdounin@mdounin.ru>
parents:
5988
diff
changeset
|
1215 |
ec01b1d1fff1
Mail: client SSL certificates support.
Maxim Dounin <mdounin@mdounin.ru>
parents:
5988
diff
changeset
|
1216 } else { |
ec01b1d1fff1
Mail: client SSL certificates support.
Maxim Dounin <mdounin@mdounin.ru>
parents:
5988
diff
changeset
|
1217 ngx_str_null(&cert); |
ec01b1d1fff1
Mail: client SSL certificates support.
Maxim Dounin <mdounin@mdounin.ru>
parents:
5988
diff
changeset
|
1218 } |
ec01b1d1fff1
Mail: client SSL certificates support.
Maxim Dounin <mdounin@mdounin.ru>
parents:
5988
diff
changeset
|
1219 |
ec01b1d1fff1
Mail: client SSL certificates support.
Maxim Dounin <mdounin@mdounin.ru>
parents:
5988
diff
changeset
|
1220 } else { |
ec01b1d1fff1
Mail: client SSL certificates support.
Maxim Dounin <mdounin@mdounin.ru>
parents:
5988
diff
changeset
|
1221 ngx_str_null(&verify); |
ec01b1d1fff1
Mail: client SSL certificates support.
Maxim Dounin <mdounin@mdounin.ru>
parents:
5988
diff
changeset
|
1222 ngx_str_null(&subject); |
ec01b1d1fff1
Mail: client SSL certificates support.
Maxim Dounin <mdounin@mdounin.ru>
parents:
5988
diff
changeset
|
1223 ngx_str_null(&issuer); |
ec01b1d1fff1
Mail: client SSL certificates support.
Maxim Dounin <mdounin@mdounin.ru>
parents:
5988
diff
changeset
|
1224 ngx_str_null(&serial); |
ec01b1d1fff1
Mail: client SSL certificates support.
Maxim Dounin <mdounin@mdounin.ru>
parents:
5988
diff
changeset
|
1225 ngx_str_null(&fingerprint); |
ec01b1d1fff1
Mail: client SSL certificates support.
Maxim Dounin <mdounin@mdounin.ru>
parents:
5988
diff
changeset
|
1226 ngx_str_null(&cert); |
ec01b1d1fff1
Mail: client SSL certificates support.
Maxim Dounin <mdounin@mdounin.ru>
parents:
5988
diff
changeset
|
1227 } |
ec01b1d1fff1
Mail: client SSL certificates support.
Maxim Dounin <mdounin@mdounin.ru>
parents:
5988
diff
changeset
|
1228 |
ec01b1d1fff1
Mail: client SSL certificates support.
Maxim Dounin <mdounin@mdounin.ru>
parents:
5988
diff
changeset
|
1229 #endif |
ec01b1d1fff1
Mail: client SSL certificates support.
Maxim Dounin <mdounin@mdounin.ru>
parents:
5988
diff
changeset
|
1230 |
1487
f69493e8faab
ngx_mail_pop3_module, ngx_mail_imap_module, and ngx_mail_smtp_module
Igor Sysoev <igor@sysoev.ru>
parents:
1478
diff
changeset
|
1231 cscf = ngx_mail_get_module_srv_conf(s, ngx_mail_core_module); |
f69493e8faab
ngx_mail_pop3_module, ngx_mail_imap_module, and ngx_mail_smtp_module
Igor Sysoev <igor@sysoev.ru>
parents:
1478
diff
changeset
|
1232 |
521 | 1233 len = sizeof("GET ") - 1 + ahcf->uri.len + sizeof(" HTTP/1.0" CRLF) - 1 |
1234 + sizeof("Host: ") - 1 + ahcf->host_header.len + sizeof(CRLF) - 1 | |
856
0197d6aae54e
use correct auth method length
Igor Sysoev <igor@sysoev.ru>
parents:
854
diff
changeset
|
1235 + sizeof("Auth-Method: ") - 1 |
1136 | 1236 + ngx_mail_auth_http_method[s->auth_method].len |
856
0197d6aae54e
use correct auth method length
Igor Sysoev <igor@sysoev.ru>
parents:
854
diff
changeset
|
1237 + sizeof(CRLF) - 1 |
633 | 1238 + sizeof("Auth-User: ") - 1 + login.len + sizeof(CRLF) - 1 |
1239 + sizeof("Auth-Pass: ") - 1 + passwd.len + sizeof(CRLF) - 1 | |
800 | 1240 + sizeof("Auth-Salt: ") - 1 + s->salt.len |
1487
f69493e8faab
ngx_mail_pop3_module, ngx_mail_imap_module, and ngx_mail_smtp_module
Igor Sysoev <igor@sysoev.ru>
parents:
1478
diff
changeset
|
1241 + sizeof("Auth-Protocol: ") - 1 + cscf->protocol->name.len |
f69493e8faab
ngx_mail_pop3_module, ngx_mail_imap_module, and ngx_mail_smtp_module
Igor Sysoev <igor@sysoev.ru>
parents:
1478
diff
changeset
|
1242 + sizeof(CRLF) - 1 |
527 | 1243 + sizeof("Auth-Login-Attempt: ") - 1 + NGX_INT_T_LEN |
1244 + sizeof(CRLF) - 1 | |
521 | 1245 + sizeof("Client-IP: ") - 1 + s->connection->addr_text.len |
1246 + sizeof(CRLF) - 1 | |
2309 | 1247 + sizeof("Client-Host: ") - 1 + s->host.len + sizeof(CRLF) - 1 |
1285
0c10dc6a8e74
fix memory allocation for auth_http_header
Igor Sysoev <igor@sysoev.ru>
parents:
1166
diff
changeset
|
1248 + ahcf->header.len |
521 | 1249 + sizeof(CRLF) - 1; |
1250 | |
7794
12ea1de7d87c
Mail: parsing of the PROXY protocol from clients.
Maxim Dounin <mdounin@mdounin.ru>
parents:
7793
diff
changeset
|
1251 if (c->proxy_protocol) { |
12ea1de7d87c
Mail: parsing of the PROXY protocol from clients.
Maxim Dounin <mdounin@mdounin.ru>
parents:
7793
diff
changeset
|
1252 len += sizeof("Proxy-Protocol-Addr: ") - 1 |
12ea1de7d87c
Mail: parsing of the PROXY protocol from clients.
Maxim Dounin <mdounin@mdounin.ru>
parents:
7793
diff
changeset
|
1253 + c->proxy_protocol->src_addr.len + sizeof(CRLF) - 1 |
12ea1de7d87c
Mail: parsing of the PROXY protocol from clients.
Maxim Dounin <mdounin@mdounin.ru>
parents:
7793
diff
changeset
|
1254 + sizeof("Proxy-Protocol-Port: ") - 1 |
12ea1de7d87c
Mail: parsing of the PROXY protocol from clients.
Maxim Dounin <mdounin@mdounin.ru>
parents:
7793
diff
changeset
|
1255 + sizeof("65535") - 1 + sizeof(CRLF) - 1 |
12ea1de7d87c
Mail: parsing of the PROXY protocol from clients.
Maxim Dounin <mdounin@mdounin.ru>
parents:
7793
diff
changeset
|
1256 + sizeof("Proxy-Protocol-Server-Addr: ") - 1 |
12ea1de7d87c
Mail: parsing of the PROXY protocol from clients.
Maxim Dounin <mdounin@mdounin.ru>
parents:
7793
diff
changeset
|
1257 + c->proxy_protocol->dst_addr.len + sizeof(CRLF) - 1 |
12ea1de7d87c
Mail: parsing of the PROXY protocol from clients.
Maxim Dounin <mdounin@mdounin.ru>
parents:
7793
diff
changeset
|
1258 + sizeof("Proxy-Protocol-Server-Port: ") - 1 |
12ea1de7d87c
Mail: parsing of the PROXY protocol from clients.
Maxim Dounin <mdounin@mdounin.ru>
parents:
7793
diff
changeset
|
1259 + sizeof("65535") - 1 + sizeof(CRLF) - 1; |
12ea1de7d87c
Mail: parsing of the PROXY protocol from clients.
Maxim Dounin <mdounin@mdounin.ru>
parents:
7793
diff
changeset
|
1260 } |
12ea1de7d87c
Mail: parsing of the PROXY protocol from clients.
Maxim Dounin <mdounin@mdounin.ru>
parents:
7793
diff
changeset
|
1261 |
7793
44ebeeceb70e
Mail: made auth http creating request easier to extend.
Maxim Dounin <mdounin@mdounin.ru>
parents:
6774
diff
changeset
|
1262 if (s->auth_method == NGX_MAIL_AUTH_NONE) { |
44ebeeceb70e
Mail: made auth http creating request easier to extend.
Maxim Dounin <mdounin@mdounin.ru>
parents:
6774
diff
changeset
|
1263 len += sizeof("Auth-SMTP-Helo: ") - 1 + s->smtp_helo.len |
44ebeeceb70e
Mail: made auth http creating request easier to extend.
Maxim Dounin <mdounin@mdounin.ru>
parents:
6774
diff
changeset
|
1264 + sizeof(CRLF) - 1 |
44ebeeceb70e
Mail: made auth http creating request easier to extend.
Maxim Dounin <mdounin@mdounin.ru>
parents:
6774
diff
changeset
|
1265 + sizeof("Auth-SMTP-From: ") - 1 + s->smtp_from.len |
44ebeeceb70e
Mail: made auth http creating request easier to extend.
Maxim Dounin <mdounin@mdounin.ru>
parents:
6774
diff
changeset
|
1266 + sizeof(CRLF) - 1 |
44ebeeceb70e
Mail: made auth http creating request easier to extend.
Maxim Dounin <mdounin@mdounin.ru>
parents:
6774
diff
changeset
|
1267 + sizeof("Auth-SMTP-To: ") - 1 + s->smtp_to.len |
44ebeeceb70e
Mail: made auth http creating request easier to extend.
Maxim Dounin <mdounin@mdounin.ru>
parents:
6774
diff
changeset
|
1268 + sizeof(CRLF) - 1; |
44ebeeceb70e
Mail: made auth http creating request easier to extend.
Maxim Dounin <mdounin@mdounin.ru>
parents:
6774
diff
changeset
|
1269 } |
44ebeeceb70e
Mail: made auth http creating request easier to extend.
Maxim Dounin <mdounin@mdounin.ru>
parents:
6774
diff
changeset
|
1270 |
44ebeeceb70e
Mail: made auth http creating request easier to extend.
Maxim Dounin <mdounin@mdounin.ru>
parents:
6774
diff
changeset
|
1271 #if (NGX_MAIL_SSL) |
44ebeeceb70e
Mail: made auth http creating request easier to extend.
Maxim Dounin <mdounin@mdounin.ru>
parents:
6774
diff
changeset
|
1272 |
44ebeeceb70e
Mail: made auth http creating request easier to extend.
Maxim Dounin <mdounin@mdounin.ru>
parents:
6774
diff
changeset
|
1273 if (c->ssl) { |
44ebeeceb70e
Mail: made auth http creating request easier to extend.
Maxim Dounin <mdounin@mdounin.ru>
parents:
6774
diff
changeset
|
1274 len += sizeof("Auth-SSL: on" CRLF) - 1 |
7905
13d0c1d26d47
Mail: Auth-SSL-Protocol and Auth-SSL-Cipher headers (ticket #2134).
Rob Mueller <robm@fastmail.fm>
parents:
7801
diff
changeset
|
1275 + sizeof("Auth-SSL-Protocol: ") - 1 + protocol.len |
13d0c1d26d47
Mail: Auth-SSL-Protocol and Auth-SSL-Cipher headers (ticket #2134).
Rob Mueller <robm@fastmail.fm>
parents:
7801
diff
changeset
|
1276 + sizeof(CRLF) - 1 |
13d0c1d26d47
Mail: Auth-SSL-Protocol and Auth-SSL-Cipher headers (ticket #2134).
Rob Mueller <robm@fastmail.fm>
parents:
7801
diff
changeset
|
1277 + sizeof("Auth-SSL-Cipher: ") - 1 + cipher.len |
13d0c1d26d47
Mail: Auth-SSL-Protocol and Auth-SSL-Cipher headers (ticket #2134).
Rob Mueller <robm@fastmail.fm>
parents:
7801
diff
changeset
|
1278 + sizeof(CRLF) - 1 |
7793
44ebeeceb70e
Mail: made auth http creating request easier to extend.
Maxim Dounin <mdounin@mdounin.ru>
parents:
6774
diff
changeset
|
1279 + sizeof("Auth-SSL-Verify: ") - 1 + verify.len |
44ebeeceb70e
Mail: made auth http creating request easier to extend.
Maxim Dounin <mdounin@mdounin.ru>
parents:
6774
diff
changeset
|
1280 + sizeof(CRLF) - 1 |
44ebeeceb70e
Mail: made auth http creating request easier to extend.
Maxim Dounin <mdounin@mdounin.ru>
parents:
6774
diff
changeset
|
1281 + sizeof("Auth-SSL-Subject: ") - 1 + subject.len |
44ebeeceb70e
Mail: made auth http creating request easier to extend.
Maxim Dounin <mdounin@mdounin.ru>
parents:
6774
diff
changeset
|
1282 + sizeof(CRLF) - 1 |
44ebeeceb70e
Mail: made auth http creating request easier to extend.
Maxim Dounin <mdounin@mdounin.ru>
parents:
6774
diff
changeset
|
1283 + sizeof("Auth-SSL-Issuer: ") - 1 + issuer.len |
44ebeeceb70e
Mail: made auth http creating request easier to extend.
Maxim Dounin <mdounin@mdounin.ru>
parents:
6774
diff
changeset
|
1284 + sizeof(CRLF) - 1 |
44ebeeceb70e
Mail: made auth http creating request easier to extend.
Maxim Dounin <mdounin@mdounin.ru>
parents:
6774
diff
changeset
|
1285 + sizeof("Auth-SSL-Serial: ") - 1 + serial.len |
44ebeeceb70e
Mail: made auth http creating request easier to extend.
Maxim Dounin <mdounin@mdounin.ru>
parents:
6774
diff
changeset
|
1286 + sizeof(CRLF) - 1 |
44ebeeceb70e
Mail: made auth http creating request easier to extend.
Maxim Dounin <mdounin@mdounin.ru>
parents:
6774
diff
changeset
|
1287 + sizeof("Auth-SSL-Fingerprint: ") - 1 + fingerprint.len |
44ebeeceb70e
Mail: made auth http creating request easier to extend.
Maxim Dounin <mdounin@mdounin.ru>
parents:
6774
diff
changeset
|
1288 + sizeof(CRLF) - 1 |
44ebeeceb70e
Mail: made auth http creating request easier to extend.
Maxim Dounin <mdounin@mdounin.ru>
parents:
6774
diff
changeset
|
1289 + sizeof("Auth-SSL-Cert: ") - 1 + cert.len |
44ebeeceb70e
Mail: made auth http creating request easier to extend.
Maxim Dounin <mdounin@mdounin.ru>
parents:
6774
diff
changeset
|
1290 + sizeof(CRLF) - 1; |
44ebeeceb70e
Mail: made auth http creating request easier to extend.
Maxim Dounin <mdounin@mdounin.ru>
parents:
6774
diff
changeset
|
1291 } |
44ebeeceb70e
Mail: made auth http creating request easier to extend.
Maxim Dounin <mdounin@mdounin.ru>
parents:
6774
diff
changeset
|
1292 |
44ebeeceb70e
Mail: made auth http creating request easier to extend.
Maxim Dounin <mdounin@mdounin.ru>
parents:
6774
diff
changeset
|
1293 #endif |
44ebeeceb70e
Mail: made auth http creating request easier to extend.
Maxim Dounin <mdounin@mdounin.ru>
parents:
6774
diff
changeset
|
1294 |
547 | 1295 b = ngx_create_temp_buf(pool, len); |
521 | 1296 if (b == NULL) { |
1297 return NULL; | |
1298 } | |
1299 | |
1300 b->last = ngx_cpymem(b->last, "GET ", sizeof("GET ") - 1); | |
573 | 1301 b->last = ngx_copy(b->last, ahcf->uri.data, ahcf->uri.len); |
521 | 1302 b->last = ngx_cpymem(b->last, " HTTP/1.0" CRLF, |
1303 sizeof(" HTTP/1.0" CRLF) - 1); | |
1304 | |
1305 b->last = ngx_cpymem(b->last, "Host: ", sizeof("Host: ") - 1); | |
573 | 1306 b->last = ngx_copy(b->last, ahcf->host_header.data, |
521 | 1307 ahcf->host_header.len); |
1308 *b->last++ = CR; *b->last++ = LF; | |
1309 | |
800 | 1310 b->last = ngx_cpymem(b->last, "Auth-Method: ", |
1311 sizeof("Auth-Method: ") - 1); | |
1312 b->last = ngx_cpymem(b->last, | |
1136 | 1313 ngx_mail_auth_http_method[s->auth_method].data, |
1314 ngx_mail_auth_http_method[s->auth_method].len); | |
800 | 1315 *b->last++ = CR; *b->last++ = LF; |
521 | 1316 |
1317 b->last = ngx_cpymem(b->last, "Auth-User: ", sizeof("Auth-User: ") - 1); | |
633 | 1318 b->last = ngx_copy(b->last, login.data, login.len); |
521 | 1319 *b->last++ = CR; *b->last++ = LF; |
1320 | |
1321 b->last = ngx_cpymem(b->last, "Auth-Pass: ", sizeof("Auth-Pass: ") - 1); | |
633 | 1322 b->last = ngx_copy(b->last, passwd.data, passwd.len); |
521 | 1323 *b->last++ = CR; *b->last++ = LF; |
1324 | |
1136 | 1325 if (s->auth_method != NGX_MAIL_AUTH_PLAIN && s->salt.len) { |
800 | 1326 b->last = ngx_cpymem(b->last, "Auth-Salt: ", sizeof("Auth-Salt: ") - 1); |
1327 b->last = ngx_copy(b->last, s->salt.data, s->salt.len); | |
1328 | |
1329 s->passwd.data = NULL; | |
1330 } | |
1331 | |
521 | 1332 b->last = ngx_cpymem(b->last, "Auth-Protocol: ", |
1333 sizeof("Auth-Protocol: ") - 1); | |
1487
f69493e8faab
ngx_mail_pop3_module, ngx_mail_imap_module, and ngx_mail_smtp_module
Igor Sysoev <igor@sysoev.ru>
parents:
1478
diff
changeset
|
1334 b->last = ngx_cpymem(b->last, cscf->protocol->name.data, |
f69493e8faab
ngx_mail_pop3_module, ngx_mail_imap_module, and ngx_mail_smtp_module
Igor Sysoev <igor@sysoev.ru>
parents:
1478
diff
changeset
|
1335 cscf->protocol->name.len); |
521 | 1336 *b->last++ = CR; *b->last++ = LF; |
1337 | |
527 | 1338 b->last = ngx_sprintf(b->last, "Auth-Login-Attempt: %ui" CRLF, |
1339 s->login_attempt); | |
1340 | |
521 | 1341 b->last = ngx_cpymem(b->last, "Client-IP: ", sizeof("Client-IP: ") - 1); |
573 | 1342 b->last = ngx_copy(b->last, s->connection->addr_text.data, |
2309 | 1343 s->connection->addr_text.len); |
521 | 1344 *b->last++ = CR; *b->last++ = LF; |
1345 | |
2309 | 1346 if (s->host.len) { |
1347 b->last = ngx_cpymem(b->last, "Client-Host: ", | |
1348 sizeof("Client-Host: ") - 1); | |
1349 b->last = ngx_copy(b->last, s->host.data, s->host.len); | |
1350 *b->last++ = CR; *b->last++ = LF; | |
1351 } | |
1352 | |
7794
12ea1de7d87c
Mail: parsing of the PROXY protocol from clients.
Maxim Dounin <mdounin@mdounin.ru>
parents:
7793
diff
changeset
|
1353 if (c->proxy_protocol) { |
12ea1de7d87c
Mail: parsing of the PROXY protocol from clients.
Maxim Dounin <mdounin@mdounin.ru>
parents:
7793
diff
changeset
|
1354 b->last = ngx_cpymem(b->last, "Proxy-Protocol-Addr: ", |
12ea1de7d87c
Mail: parsing of the PROXY protocol from clients.
Maxim Dounin <mdounin@mdounin.ru>
parents:
7793
diff
changeset
|
1355 sizeof("Proxy-Protocol-Addr: ") - 1); |
12ea1de7d87c
Mail: parsing of the PROXY protocol from clients.
Maxim Dounin <mdounin@mdounin.ru>
parents:
7793
diff
changeset
|
1356 b->last = ngx_copy(b->last, c->proxy_protocol->src_addr.data, |
12ea1de7d87c
Mail: parsing of the PROXY protocol from clients.
Maxim Dounin <mdounin@mdounin.ru>
parents:
7793
diff
changeset
|
1357 c->proxy_protocol->src_addr.len); |
12ea1de7d87c
Mail: parsing of the PROXY protocol from clients.
Maxim Dounin <mdounin@mdounin.ru>
parents:
7793
diff
changeset
|
1358 *b->last++ = CR; *b->last++ = LF; |
12ea1de7d87c
Mail: parsing of the PROXY protocol from clients.
Maxim Dounin <mdounin@mdounin.ru>
parents:
7793
diff
changeset
|
1359 |
12ea1de7d87c
Mail: parsing of the PROXY protocol from clients.
Maxim Dounin <mdounin@mdounin.ru>
parents:
7793
diff
changeset
|
1360 b->last = ngx_sprintf(b->last, "Proxy-Protocol-Port: %d" CRLF, |
12ea1de7d87c
Mail: parsing of the PROXY protocol from clients.
Maxim Dounin <mdounin@mdounin.ru>
parents:
7793
diff
changeset
|
1361 c->proxy_protocol->src_port); |
12ea1de7d87c
Mail: parsing of the PROXY protocol from clients.
Maxim Dounin <mdounin@mdounin.ru>
parents:
7793
diff
changeset
|
1362 |
12ea1de7d87c
Mail: parsing of the PROXY protocol from clients.
Maxim Dounin <mdounin@mdounin.ru>
parents:
7793
diff
changeset
|
1363 b->last = ngx_cpymem(b->last, "Proxy-Protocol-Server-Addr: ", |
12ea1de7d87c
Mail: parsing of the PROXY protocol from clients.
Maxim Dounin <mdounin@mdounin.ru>
parents:
7793
diff
changeset
|
1364 sizeof("Proxy-Protocol-Server-Addr: ") - 1); |
12ea1de7d87c
Mail: parsing of the PROXY protocol from clients.
Maxim Dounin <mdounin@mdounin.ru>
parents:
7793
diff
changeset
|
1365 b->last = ngx_copy(b->last, c->proxy_protocol->dst_addr.data, |
12ea1de7d87c
Mail: parsing of the PROXY protocol from clients.
Maxim Dounin <mdounin@mdounin.ru>
parents:
7793
diff
changeset
|
1366 c->proxy_protocol->dst_addr.len); |
12ea1de7d87c
Mail: parsing of the PROXY protocol from clients.
Maxim Dounin <mdounin@mdounin.ru>
parents:
7793
diff
changeset
|
1367 *b->last++ = CR; *b->last++ = LF; |
12ea1de7d87c
Mail: parsing of the PROXY protocol from clients.
Maxim Dounin <mdounin@mdounin.ru>
parents:
7793
diff
changeset
|
1368 |
12ea1de7d87c
Mail: parsing of the PROXY protocol from clients.
Maxim Dounin <mdounin@mdounin.ru>
parents:
7793
diff
changeset
|
1369 b->last = ngx_sprintf(b->last, "Proxy-Protocol-Server-Port: %d" CRLF, |
12ea1de7d87c
Mail: parsing of the PROXY protocol from clients.
Maxim Dounin <mdounin@mdounin.ru>
parents:
7793
diff
changeset
|
1370 c->proxy_protocol->dst_port); |
12ea1de7d87c
Mail: parsing of the PROXY protocol from clients.
Maxim Dounin <mdounin@mdounin.ru>
parents:
7793
diff
changeset
|
1371 } |
12ea1de7d87c
Mail: parsing of the PROXY protocol from clients.
Maxim Dounin <mdounin@mdounin.ru>
parents:
7793
diff
changeset
|
1372 |
2309 | 1373 if (s->auth_method == NGX_MAIL_AUTH_NONE) { |
1374 | |
1375 /* HELO, MAIL FROM, and RCPT TO can't contain CRLF, no need to escape */ | |
1376 | |
1377 b->last = ngx_cpymem(b->last, "Auth-SMTP-Helo: ", | |
1378 sizeof("Auth-SMTP-Helo: ") - 1); | |
1379 b->last = ngx_copy(b->last, s->smtp_helo.data, s->smtp_helo.len); | |
1380 *b->last++ = CR; *b->last++ = LF; | |
1381 | |
1382 b->last = ngx_cpymem(b->last, "Auth-SMTP-From: ", | |
1383 sizeof("Auth-SMTP-From: ") - 1); | |
1384 b->last = ngx_copy(b->last, s->smtp_from.data, s->smtp_from.len); | |
1385 *b->last++ = CR; *b->last++ = LF; | |
1386 | |
1387 b->last = ngx_cpymem(b->last, "Auth-SMTP-To: ", | |
1388 sizeof("Auth-SMTP-To: ") - 1); | |
1389 b->last = ngx_copy(b->last, s->smtp_to.data, s->smtp_to.len); | |
1390 *b->last++ = CR; *b->last++ = LF; | |
1391 | |
1392 } | |
1393 | |
5988
3b3f789655dc
Mail: added Auth-SSL header to indicate SSL.
Maxim Dounin <mdounin@mdounin.ru>
parents:
5987
diff
changeset
|
1394 #if (NGX_MAIL_SSL) |
3b3f789655dc
Mail: added Auth-SSL header to indicate SSL.
Maxim Dounin <mdounin@mdounin.ru>
parents:
5987
diff
changeset
|
1395 |
5989
ec01b1d1fff1
Mail: client SSL certificates support.
Maxim Dounin <mdounin@mdounin.ru>
parents:
5988
diff
changeset
|
1396 if (c->ssl) { |
5988
3b3f789655dc
Mail: added Auth-SSL header to indicate SSL.
Maxim Dounin <mdounin@mdounin.ru>
parents:
5987
diff
changeset
|
1397 b->last = ngx_cpymem(b->last, "Auth-SSL: on" CRLF, |
3b3f789655dc
Mail: added Auth-SSL header to indicate SSL.
Maxim Dounin <mdounin@mdounin.ru>
parents:
5987
diff
changeset
|
1398 sizeof("Auth-SSL: on" CRLF) - 1); |
5989
ec01b1d1fff1
Mail: client SSL certificates support.
Maxim Dounin <mdounin@mdounin.ru>
parents:
5988
diff
changeset
|
1399 |
7905
13d0c1d26d47
Mail: Auth-SSL-Protocol and Auth-SSL-Cipher headers (ticket #2134).
Rob Mueller <robm@fastmail.fm>
parents:
7801
diff
changeset
|
1400 if (protocol.len) { |
13d0c1d26d47
Mail: Auth-SSL-Protocol and Auth-SSL-Cipher headers (ticket #2134).
Rob Mueller <robm@fastmail.fm>
parents:
7801
diff
changeset
|
1401 b->last = ngx_cpymem(b->last, "Auth-SSL-Protocol: ", |
13d0c1d26d47
Mail: Auth-SSL-Protocol and Auth-SSL-Cipher headers (ticket #2134).
Rob Mueller <robm@fastmail.fm>
parents:
7801
diff
changeset
|
1402 sizeof("Auth-SSL-Protocol: ") - 1); |
13d0c1d26d47
Mail: Auth-SSL-Protocol and Auth-SSL-Cipher headers (ticket #2134).
Rob Mueller <robm@fastmail.fm>
parents:
7801
diff
changeset
|
1403 b->last = ngx_copy(b->last, protocol.data, protocol.len); |
13d0c1d26d47
Mail: Auth-SSL-Protocol and Auth-SSL-Cipher headers (ticket #2134).
Rob Mueller <robm@fastmail.fm>
parents:
7801
diff
changeset
|
1404 *b->last++ = CR; *b->last++ = LF; |
13d0c1d26d47
Mail: Auth-SSL-Protocol and Auth-SSL-Cipher headers (ticket #2134).
Rob Mueller <robm@fastmail.fm>
parents:
7801
diff
changeset
|
1405 } |
13d0c1d26d47
Mail: Auth-SSL-Protocol and Auth-SSL-Cipher headers (ticket #2134).
Rob Mueller <robm@fastmail.fm>
parents:
7801
diff
changeset
|
1406 |
13d0c1d26d47
Mail: Auth-SSL-Protocol and Auth-SSL-Cipher headers (ticket #2134).
Rob Mueller <robm@fastmail.fm>
parents:
7801
diff
changeset
|
1407 if (cipher.len) { |
13d0c1d26d47
Mail: Auth-SSL-Protocol and Auth-SSL-Cipher headers (ticket #2134).
Rob Mueller <robm@fastmail.fm>
parents:
7801
diff
changeset
|
1408 b->last = ngx_cpymem(b->last, "Auth-SSL-Cipher: ", |
13d0c1d26d47
Mail: Auth-SSL-Protocol and Auth-SSL-Cipher headers (ticket #2134).
Rob Mueller <robm@fastmail.fm>
parents:
7801
diff
changeset
|
1409 sizeof("Auth-SSL-Cipher: ") - 1); |
13d0c1d26d47
Mail: Auth-SSL-Protocol and Auth-SSL-Cipher headers (ticket #2134).
Rob Mueller <robm@fastmail.fm>
parents:
7801
diff
changeset
|
1410 b->last = ngx_copy(b->last, cipher.data, cipher.len); |
13d0c1d26d47
Mail: Auth-SSL-Protocol and Auth-SSL-Cipher headers (ticket #2134).
Rob Mueller <robm@fastmail.fm>
parents:
7801
diff
changeset
|
1411 *b->last++ = CR; *b->last++ = LF; |
13d0c1d26d47
Mail: Auth-SSL-Protocol and Auth-SSL-Cipher headers (ticket #2134).
Rob Mueller <robm@fastmail.fm>
parents:
7801
diff
changeset
|
1412 } |
13d0c1d26d47
Mail: Auth-SSL-Protocol and Auth-SSL-Cipher headers (ticket #2134).
Rob Mueller <robm@fastmail.fm>
parents:
7801
diff
changeset
|
1413 |
5990
6a7c6973d6fc
Mail: don't emit Auth-SSL-Verify with disabled ssl_verify_client.
Sergey Kandaurov <pluknet@nginx.com>
parents:
5989
diff
changeset
|
1414 if (verify.len) { |
6a7c6973d6fc
Mail: don't emit Auth-SSL-Verify with disabled ssl_verify_client.
Sergey Kandaurov <pluknet@nginx.com>
parents:
5989
diff
changeset
|
1415 b->last = ngx_cpymem(b->last, "Auth-SSL-Verify: ", |
6a7c6973d6fc
Mail: don't emit Auth-SSL-Verify with disabled ssl_verify_client.
Sergey Kandaurov <pluknet@nginx.com>
parents:
5989
diff
changeset
|
1416 sizeof("Auth-SSL-Verify: ") - 1); |
6a7c6973d6fc
Mail: don't emit Auth-SSL-Verify with disabled ssl_verify_client.
Sergey Kandaurov <pluknet@nginx.com>
parents:
5989
diff
changeset
|
1417 b->last = ngx_copy(b->last, verify.data, verify.len); |
6a7c6973d6fc
Mail: don't emit Auth-SSL-Verify with disabled ssl_verify_client.
Sergey Kandaurov <pluknet@nginx.com>
parents:
5989
diff
changeset
|
1418 *b->last++ = CR; *b->last++ = LF; |
6a7c6973d6fc
Mail: don't emit Auth-SSL-Verify with disabled ssl_verify_client.
Sergey Kandaurov <pluknet@nginx.com>
parents:
5989
diff
changeset
|
1419 } |
5989
ec01b1d1fff1
Mail: client SSL certificates support.
Maxim Dounin <mdounin@mdounin.ru>
parents:
5988
diff
changeset
|
1420 |
ec01b1d1fff1
Mail: client SSL certificates support.
Maxim Dounin <mdounin@mdounin.ru>
parents:
5988
diff
changeset
|
1421 if (subject.len) { |
ec01b1d1fff1
Mail: client SSL certificates support.
Maxim Dounin <mdounin@mdounin.ru>
parents:
5988
diff
changeset
|
1422 b->last = ngx_cpymem(b->last, "Auth-SSL-Subject: ", |
ec01b1d1fff1
Mail: client SSL certificates support.
Maxim Dounin <mdounin@mdounin.ru>
parents:
5988
diff
changeset
|
1423 sizeof("Auth-SSL-Subject: ") - 1); |
ec01b1d1fff1
Mail: client SSL certificates support.
Maxim Dounin <mdounin@mdounin.ru>
parents:
5988
diff
changeset
|
1424 b->last = ngx_copy(b->last, subject.data, subject.len); |
ec01b1d1fff1
Mail: client SSL certificates support.
Maxim Dounin <mdounin@mdounin.ru>
parents:
5988
diff
changeset
|
1425 *b->last++ = CR; *b->last++ = LF; |
ec01b1d1fff1
Mail: client SSL certificates support.
Maxim Dounin <mdounin@mdounin.ru>
parents:
5988
diff
changeset
|
1426 } |
ec01b1d1fff1
Mail: client SSL certificates support.
Maxim Dounin <mdounin@mdounin.ru>
parents:
5988
diff
changeset
|
1427 |
ec01b1d1fff1
Mail: client SSL certificates support.
Maxim Dounin <mdounin@mdounin.ru>
parents:
5988
diff
changeset
|
1428 if (issuer.len) { |
ec01b1d1fff1
Mail: client SSL certificates support.
Maxim Dounin <mdounin@mdounin.ru>
parents:
5988
diff
changeset
|
1429 b->last = ngx_cpymem(b->last, "Auth-SSL-Issuer: ", |
ec01b1d1fff1
Mail: client SSL certificates support.
Maxim Dounin <mdounin@mdounin.ru>
parents:
5988
diff
changeset
|
1430 sizeof("Auth-SSL-Issuer: ") - 1); |
ec01b1d1fff1
Mail: client SSL certificates support.
Maxim Dounin <mdounin@mdounin.ru>
parents:
5988
diff
changeset
|
1431 b->last = ngx_copy(b->last, issuer.data, issuer.len); |
ec01b1d1fff1
Mail: client SSL certificates support.
Maxim Dounin <mdounin@mdounin.ru>
parents:
5988
diff
changeset
|
1432 *b->last++ = CR; *b->last++ = LF; |
ec01b1d1fff1
Mail: client SSL certificates support.
Maxim Dounin <mdounin@mdounin.ru>
parents:
5988
diff
changeset
|
1433 } |
ec01b1d1fff1
Mail: client SSL certificates support.
Maxim Dounin <mdounin@mdounin.ru>
parents:
5988
diff
changeset
|
1434 |
ec01b1d1fff1
Mail: client SSL certificates support.
Maxim Dounin <mdounin@mdounin.ru>
parents:
5988
diff
changeset
|
1435 if (serial.len) { |
ec01b1d1fff1
Mail: client SSL certificates support.
Maxim Dounin <mdounin@mdounin.ru>
parents:
5988
diff
changeset
|
1436 b->last = ngx_cpymem(b->last, "Auth-SSL-Serial: ", |
ec01b1d1fff1
Mail: client SSL certificates support.
Maxim Dounin <mdounin@mdounin.ru>
parents:
5988
diff
changeset
|
1437 sizeof("Auth-SSL-Serial: ") - 1); |
ec01b1d1fff1
Mail: client SSL certificates support.
Maxim Dounin <mdounin@mdounin.ru>
parents:
5988
diff
changeset
|
1438 b->last = ngx_copy(b->last, serial.data, serial.len); |
ec01b1d1fff1
Mail: client SSL certificates support.
Maxim Dounin <mdounin@mdounin.ru>
parents:
5988
diff
changeset
|
1439 *b->last++ = CR; *b->last++ = LF; |
ec01b1d1fff1
Mail: client SSL certificates support.
Maxim Dounin <mdounin@mdounin.ru>
parents:
5988
diff
changeset
|
1440 } |
ec01b1d1fff1
Mail: client SSL certificates support.
Maxim Dounin <mdounin@mdounin.ru>
parents:
5988
diff
changeset
|
1441 |
ec01b1d1fff1
Mail: client SSL certificates support.
Maxim Dounin <mdounin@mdounin.ru>
parents:
5988
diff
changeset
|
1442 if (fingerprint.len) { |
ec01b1d1fff1
Mail: client SSL certificates support.
Maxim Dounin <mdounin@mdounin.ru>
parents:
5988
diff
changeset
|
1443 b->last = ngx_cpymem(b->last, "Auth-SSL-Fingerprint: ", |
ec01b1d1fff1
Mail: client SSL certificates support.
Maxim Dounin <mdounin@mdounin.ru>
parents:
5988
diff
changeset
|
1444 sizeof("Auth-SSL-Fingerprint: ") - 1); |
ec01b1d1fff1
Mail: client SSL certificates support.
Maxim Dounin <mdounin@mdounin.ru>
parents:
5988
diff
changeset
|
1445 b->last = ngx_copy(b->last, fingerprint.data, fingerprint.len); |
ec01b1d1fff1
Mail: client SSL certificates support.
Maxim Dounin <mdounin@mdounin.ru>
parents:
5988
diff
changeset
|
1446 *b->last++ = CR; *b->last++ = LF; |
ec01b1d1fff1
Mail: client SSL certificates support.
Maxim Dounin <mdounin@mdounin.ru>
parents:
5988
diff
changeset
|
1447 } |
ec01b1d1fff1
Mail: client SSL certificates support.
Maxim Dounin <mdounin@mdounin.ru>
parents:
5988
diff
changeset
|
1448 |
ec01b1d1fff1
Mail: client SSL certificates support.
Maxim Dounin <mdounin@mdounin.ru>
parents:
5988
diff
changeset
|
1449 if (cert.len) { |
ec01b1d1fff1
Mail: client SSL certificates support.
Maxim Dounin <mdounin@mdounin.ru>
parents:
5988
diff
changeset
|
1450 b->last = ngx_cpymem(b->last, "Auth-SSL-Cert: ", |
ec01b1d1fff1
Mail: client SSL certificates support.
Maxim Dounin <mdounin@mdounin.ru>
parents:
5988
diff
changeset
|
1451 sizeof("Auth-SSL-Cert: ") - 1); |
ec01b1d1fff1
Mail: client SSL certificates support.
Maxim Dounin <mdounin@mdounin.ru>
parents:
5988
diff
changeset
|
1452 b->last = ngx_copy(b->last, cert.data, cert.len); |
ec01b1d1fff1
Mail: client SSL certificates support.
Maxim Dounin <mdounin@mdounin.ru>
parents:
5988
diff
changeset
|
1453 *b->last++ = CR; *b->last++ = LF; |
ec01b1d1fff1
Mail: client SSL certificates support.
Maxim Dounin <mdounin@mdounin.ru>
parents:
5988
diff
changeset
|
1454 } |
5988
3b3f789655dc
Mail: added Auth-SSL header to indicate SSL.
Maxim Dounin <mdounin@mdounin.ru>
parents:
5987
diff
changeset
|
1455 } |
3b3f789655dc
Mail: added Auth-SSL header to indicate SSL.
Maxim Dounin <mdounin@mdounin.ru>
parents:
5987
diff
changeset
|
1456 |
3b3f789655dc
Mail: added Auth-SSL header to indicate SSL.
Maxim Dounin <mdounin@mdounin.ru>
parents:
5987
diff
changeset
|
1457 #endif |
3b3f789655dc
Mail: added Auth-SSL header to indicate SSL.
Maxim Dounin <mdounin@mdounin.ru>
parents:
5987
diff
changeset
|
1458 |
573 | 1459 if (ahcf->header.len) { |
1460 b->last = ngx_copy(b->last, ahcf->header.data, ahcf->header.len); | |
1461 } | |
1462 | |
521 | 1463 /* add "\r\n" at the header end */ |
1464 *b->last++ = CR; *b->last++ = LF; | |
1465 | |
1136 | 1466 #if (NGX_DEBUG_MAIL_PASSWD) |
6001
add12ee1d01c
Style: use %*s format, as in 68d21fd1dc64.
Ruslan Ermilov <ru@nginx.com>
parents:
5990
diff
changeset
|
1467 ngx_log_debug2(NGX_LOG_DEBUG_MAIL, s->connection->log, 0, |
add12ee1d01c
Style: use %*s format, as in 68d21fd1dc64.
Ruslan Ermilov <ru@nginx.com>
parents:
5990
diff
changeset
|
1468 "mail auth http header:%N\"%*s\"", |
add12ee1d01c
Style: use %*s format, as in 68d21fd1dc64.
Ruslan Ermilov <ru@nginx.com>
parents:
5990
diff
changeset
|
1469 (size_t) (b->last - b->pos), b->pos); |
521 | 1470 #endif |
1471 | |
1472 return b; | |
1473 } | |
1474 | |
1475 | |
633 | 1476 static ngx_int_t |
1136 | 1477 ngx_mail_auth_http_escape(ngx_pool_t *pool, ngx_str_t *text, ngx_str_t *escaped) |
633 | 1478 { |
1405
fdd064faf26a
escape " ", "%", and %00-%1F in login and password
Igor Sysoev <igor@sysoev.ru>
parents:
1392
diff
changeset
|
1479 u_char *p; |
fdd064faf26a
escape " ", "%", and %00-%1F in login and password
Igor Sysoev <igor@sysoev.ru>
parents:
1392
diff
changeset
|
1480 uintptr_t n; |
633 | 1481 |
1405
fdd064faf26a
escape " ", "%", and %00-%1F in login and password
Igor Sysoev <igor@sysoev.ru>
parents:
1392
diff
changeset
|
1482 n = ngx_escape_uri(NULL, text->data, text->len, NGX_ESCAPE_MAIL_AUTH); |
633 | 1483 |
1484 if (n == 0) { | |
1485 *escaped = *text; | |
1486 return NGX_OK; | |
1487 } | |
1488 | |
1489 escaped->len = text->len + n * 2; | |
1490 | |
2049 | 1491 p = ngx_pnalloc(pool, escaped->len); |
633 | 1492 if (p == NULL) { |
1493 return NGX_ERROR; | |
1494 } | |
1495 | |
1405
fdd064faf26a
escape " ", "%", and %00-%1F in login and password
Igor Sysoev <igor@sysoev.ru>
parents:
1392
diff
changeset
|
1496 (void) ngx_escape_uri(p, text->data, text->len, NGX_ESCAPE_MAIL_AUTH); |
633 | 1497 |
1405
fdd064faf26a
escape " ", "%", and %00-%1F in login and password
Igor Sysoev <igor@sysoev.ru>
parents:
1392
diff
changeset
|
1498 escaped->data = p; |
633 | 1499 |
1500 return NGX_OK; | |
1501 } | |
1502 | |
1503 | |
521 | 1504 static void * |
1136 | 1505 ngx_mail_auth_http_create_conf(ngx_conf_t *cf) |
577 | 1506 { |
1136 | 1507 ngx_mail_auth_http_conf_t *ahcf; |
577 | 1508 |
1136 | 1509 ahcf = ngx_pcalloc(cf->pool, sizeof(ngx_mail_auth_http_conf_t)); |
521 | 1510 if (ahcf == NULL) { |
2912
c7d57b539248
return NULL instead of NGX_CONF_ERROR on a create conf failure
Igor Sysoev <igor@sysoev.ru>
parents:
2855
diff
changeset
|
1511 return NULL; |
521 | 1512 } |
1513 | |
1514 ahcf->timeout = NGX_CONF_UNSET_MSEC; | |
5989
ec01b1d1fff1
Mail: client SSL certificates support.
Maxim Dounin <mdounin@mdounin.ru>
parents:
5988
diff
changeset
|
1515 ahcf->pass_client_cert = NGX_CONF_UNSET; |
521 | 1516 |
1392 | 1517 ahcf->file = cf->conf_file->file.name.data; |
1518 ahcf->line = cf->conf_file->line; | |
1519 | |
521 | 1520 return ahcf; |
1521 } | |
1522 | |
1523 | |
1524 static char * | |
1136 | 1525 ngx_mail_auth_http_merge_conf(ngx_conf_t *cf, void *parent, void *child) |
521 | 1526 { |
1136 | 1527 ngx_mail_auth_http_conf_t *prev = parent; |
1528 ngx_mail_auth_http_conf_t *conf = child; | |
521 | 1529 |
573 | 1530 u_char *p; |
1531 size_t len; | |
1532 ngx_uint_t i; | |
1533 ngx_table_elt_t *header; | |
1534 | |
884 | 1535 if (conf->peer == NULL) { |
1536 conf->peer = prev->peer; | |
521 | 1537 conf->host_header = prev->host_header; |
1538 conf->uri = prev->uri; | |
1392 | 1539 |
1540 if (conf->peer == NULL) { | |
1541 ngx_log_error(NGX_LOG_EMERG, cf->log, 0, | |
4812
785ae4de268b
Corrected the directive name in the ngx_mail_auth_http_module error message.
Ruslan Ermilov <ru@nginx.com>
parents:
4412
diff
changeset
|
1542 "no \"auth_http\" is defined for server in %s:%ui", |
1392 | 1543 conf->file, conf->line); |
1544 | |
1545 return NGX_CONF_ERROR; | |
1546 } | |
521 | 1547 } |
1548 | |
1549 ngx_conf_merge_msec_value(conf->timeout, prev->timeout, 60000); | |
1550 | |
5989
ec01b1d1fff1
Mail: client SSL certificates support.
Maxim Dounin <mdounin@mdounin.ru>
parents:
5988
diff
changeset
|
1551 ngx_conf_merge_value(conf->pass_client_cert, prev->pass_client_cert, 0); |
ec01b1d1fff1
Mail: client SSL certificates support.
Maxim Dounin <mdounin@mdounin.ru>
parents:
5988
diff
changeset
|
1552 |
573 | 1553 if (conf->headers == NULL) { |
1554 conf->headers = prev->headers; | |
1555 conf->header = prev->header; | |
1556 } | |
1557 | |
1558 if (conf->headers && conf->header.len == 0) { | |
1559 len = 0; | |
1560 header = conf->headers->elts; | |
1561 for (i = 0; i < conf->headers->nelts; i++) { | |
1562 len += header[i].key.len + 2 + header[i].value.len + 2; | |
1563 } | |
1564 | |
2049 | 1565 p = ngx_pnalloc(cf->pool, len); |
573 | 1566 if (p == NULL) { |
1567 return NGX_CONF_ERROR; | |
1568 } | |
1569 | |
1570 conf->header.len = len; | |
1571 conf->header.data = p; | |
1572 | |
1573 for (i = 0; i < conf->headers->nelts; i++) { | |
1574 p = ngx_cpymem(p, header[i].key.data, header[i].key.len); | |
1575 *p++ = ':'; *p++ = ' '; | |
1576 p = ngx_cpymem(p, header[i].value.data, header[i].value.len); | |
1577 *p++ = CR; *p++ = LF; | |
1578 } | |
1579 } | |
1580 | |
521 | 1581 return NGX_CONF_OK; |
1582 } | |
1583 | |
1584 | |
1585 static char * | |
1136 | 1586 ngx_mail_auth_http(ngx_conf_t *cf, ngx_command_t *cmd, void *conf) |
577 | 1587 { |
1136 | 1588 ngx_mail_auth_http_conf_t *ahcf = conf; |
521 | 1589 |
805
8ee450f30c25
now the "auth_http" directive uses ngx_parse_url()
Igor Sysoev <igor@sysoev.ru>
parents:
800
diff
changeset
|
1590 ngx_str_t *value; |
8ee450f30c25
now the "auth_http" directive uses ngx_parse_url()
Igor Sysoev <igor@sysoev.ru>
parents:
800
diff
changeset
|
1591 ngx_url_t u; |
573 | 1592 |
521 | 1593 value = cf->args->elts; |
1594 | |
805
8ee450f30c25
now the "auth_http" directive uses ngx_parse_url()
Igor Sysoev <igor@sysoev.ru>
parents:
800
diff
changeset
|
1595 ngx_memzero(&u, sizeof(ngx_url_t)); |
521 | 1596 |
805
8ee450f30c25
now the "auth_http" directive uses ngx_parse_url()
Igor Sysoev <igor@sysoev.ru>
parents:
800
diff
changeset
|
1597 u.url = value[1]; |
906 | 1598 u.default_port = 80; |
805
8ee450f30c25
now the "auth_http" directive uses ngx_parse_url()
Igor Sysoev <igor@sysoev.ru>
parents:
800
diff
changeset
|
1599 u.uri_part = 1; |
577 | 1600 |
1391
4eed21047e4d
allow "http://" in auth_http URL
Igor Sysoev <igor@sysoev.ru>
parents:
1390
diff
changeset
|
1601 if (ngx_strncmp(u.url.data, "http://", 7) == 0) { |
4eed21047e4d
allow "http://" in auth_http URL
Igor Sysoev <igor@sysoev.ru>
parents:
1390
diff
changeset
|
1602 u.url.len -= 7; |
4eed21047e4d
allow "http://" in auth_http URL
Igor Sysoev <igor@sysoev.ru>
parents:
1390
diff
changeset
|
1603 u.url.data += 7; |
4eed21047e4d
allow "http://" in auth_http URL
Igor Sysoev <igor@sysoev.ru>
parents:
1390
diff
changeset
|
1604 } |
4eed21047e4d
allow "http://" in auth_http URL
Igor Sysoev <igor@sysoev.ru>
parents:
1390
diff
changeset
|
1605 |
1559
fe11e2a3946d
use pool instead of ngx_conf_t
Igor Sysoev <igor@sysoev.ru>
parents:
1487
diff
changeset
|
1606 if (ngx_parse_url(cf->pool, &u) != NGX_OK) { |
805
8ee450f30c25
now the "auth_http" directive uses ngx_parse_url()
Igor Sysoev <igor@sysoev.ru>
parents:
800
diff
changeset
|
1607 if (u.err) { |
8ee450f30c25
now the "auth_http" directive uses ngx_parse_url()
Igor Sysoev <igor@sysoev.ru>
parents:
800
diff
changeset
|
1608 ngx_conf_log_error(NGX_LOG_EMERG, cf, 0, |
8ee450f30c25
now the "auth_http" directive uses ngx_parse_url()
Igor Sysoev <igor@sysoev.ru>
parents:
800
diff
changeset
|
1609 "%s in auth_http \"%V\"", u.err, &u.url); |
8ee450f30c25
now the "auth_http" directive uses ngx_parse_url()
Igor Sysoev <igor@sysoev.ru>
parents:
800
diff
changeset
|
1610 } |
1390 | 1611 |
1612 return NGX_CONF_ERROR; | |
805
8ee450f30c25
now the "auth_http" directive uses ngx_parse_url()
Igor Sysoev <igor@sysoev.ru>
parents:
800
diff
changeset
|
1613 } |
521 | 1614 |
884 | 1615 ahcf->peer = u.addrs; |
521 | 1616 |
3406
a2a5812cf4f4
use "localhost" in "Host" header line, if unix socket is used in "auth_http"
Igor Sysoev <igor@sysoev.ru>
parents:
3269
diff
changeset
|
1617 if (u.family != AF_UNIX) { |
a2a5812cf4f4
use "localhost" in "Host" header line, if unix socket is used in "auth_http"
Igor Sysoev <igor@sysoev.ru>
parents:
3269
diff
changeset
|
1618 ahcf->host_header = u.host; |
a2a5812cf4f4
use "localhost" in "Host" header line, if unix socket is used in "auth_http"
Igor Sysoev <igor@sysoev.ru>
parents:
3269
diff
changeset
|
1619 |
a2a5812cf4f4
use "localhost" in "Host" header line, if unix socket is used in "auth_http"
Igor Sysoev <igor@sysoev.ru>
parents:
3269
diff
changeset
|
1620 } else { |
3516
dd1570b6f237
ngx_str_set() and ngx_str_null()
Igor Sysoev <igor@sysoev.ru>
parents:
3406
diff
changeset
|
1621 ngx_str_set(&ahcf->host_header, "localhost"); |
3406
a2a5812cf4f4
use "localhost" in "Host" header line, if unix socket is used in "auth_http"
Igor Sysoev <igor@sysoev.ru>
parents:
3269
diff
changeset
|
1622 } |
a2a5812cf4f4
use "localhost" in "Host" header line, if unix socket is used in "auth_http"
Igor Sysoev <igor@sysoev.ru>
parents:
3269
diff
changeset
|
1623 |
805
8ee450f30c25
now the "auth_http" directive uses ngx_parse_url()
Igor Sysoev <igor@sysoev.ru>
parents:
800
diff
changeset
|
1624 ahcf->uri = u.uri; |
521 | 1625 |
559 | 1626 if (ahcf->uri.len == 0) { |
3516
dd1570b6f237
ngx_str_set() and ngx_str_null()
Igor Sysoev <igor@sysoev.ru>
parents:
3406
diff
changeset
|
1627 ngx_str_set(&ahcf->uri, "/"); |
555 | 1628 } |
1629 | |
521 | 1630 return NGX_CONF_OK; |
1631 } | |
573 | 1632 |
1633 | |
1634 static char * | |
1136 | 1635 ngx_mail_auth_http_header(ngx_conf_t *cf, ngx_command_t *cmd, void *conf) |
577 | 1636 { |
1136 | 1637 ngx_mail_auth_http_conf_t *ahcf = conf; |
573 | 1638 |
1639 ngx_str_t *value; | |
1640 ngx_table_elt_t *header; | |
1641 | |
1642 if (ahcf->headers == NULL) { | |
1643 ahcf->headers = ngx_array_create(cf->pool, 1, sizeof(ngx_table_elt_t)); | |
1644 if (ahcf->headers == NULL) { | |
1645 return NGX_CONF_ERROR; | |
1646 } | |
1647 } | |
1648 | |
1649 header = ngx_array_push(ahcf->headers); | |
1650 if (header == NULL) { | |
1651 return NGX_CONF_ERROR; | |
1652 } | |
1653 | |
1654 value = cf->args->elts; | |
1655 | |
1656 header->key = value[1]; | |
1657 header->value = value[2]; | |
1658 | |
1659 return NGX_CONF_OK; | |
1660 } |