Mercurial > hg > nginx
annotate src/mail/ngx_mail_auth_http_module.c @ 8794:ba5977b38b2e quic
HTTP/3: reordered H3_MISSING_SETTINGS and H3_FRAME_UNEXPECTED.
The quic-http-34 is ambiguous as to what error should be generated for the
first frame in control stream:
Each side MUST initiate a single control stream at the beginning of
the connection and send its SETTINGS frame as the first frame on this
stream. If the first frame of the control stream is any other frame
type, this MUST be treated as a connection error of type
H3_MISSING_SETTINGS.
If a DATA frame is received on a control stream, the recipient MUST
respond with a connection error of type H3_FRAME_UNEXPECTED.
If a HEADERS frame is received on a control stream, the recipient MUST
respond with a connection error of type H3_FRAME_UNEXPECTED.
Previously, H3_FRAME_UNEXPECTED had priority, but now H3_MISSING_SETTINGS has.
The arguments in the spec sound more compelling for H3_MISSING_SETTINGS.
author | Roman Arutyunyan <arut@nginx.com> |
---|---|
date | Fri, 11 Jun 2021 10:56:51 +0300 |
parents | 777373b5a169 |
children | 13d0c1d26d47 |
rev | line source |
---|---|
521 | 1 |
2 /* | |
3 * Copyright (C) Igor Sysoev | |
4412 | 4 * Copyright (C) Nginx, Inc. |
521 | 5 */ |
6 | |
7 | |
8 #include <ngx_config.h> | |
9 #include <ngx_core.h> | |
10 #include <ngx_event.h> | |
11 #include <ngx_event_connect.h> | |
1136 | 12 #include <ngx_mail.h> |
521 | 13 |
14 | |
15 typedef struct { | |
3269
f0d596e84634
rename ngx_peer_addr_t to ngx_addr_t
Igor Sysoev <igor@sysoev.ru>
parents:
3267
diff
changeset
|
16 ngx_addr_t *peer; |
521 | 17 |
527 | 18 ngx_msec_t timeout; |
5989
ec01b1d1fff1
Mail: client SSL certificates support.
Maxim Dounin <mdounin@mdounin.ru>
parents:
5988
diff
changeset
|
19 ngx_flag_t pass_client_cert; |
521 | 20 |
527 | 21 ngx_str_t host_header; |
22 ngx_str_t uri; | |
573 | 23 ngx_str_t header; |
24 | |
25 ngx_array_t *headers; | |
1392 | 26 |
27 u_char *file; | |
28 ngx_uint_t line; | |
1136 | 29 } ngx_mail_auth_http_conf_t; |
521 | 30 |
31 | |
1136 | 32 typedef struct ngx_mail_auth_http_ctx_s ngx_mail_auth_http_ctx_t; |
527 | 33 |
1136 | 34 typedef void (*ngx_mail_auth_http_handler_pt)(ngx_mail_session_t *s, |
35 ngx_mail_auth_http_ctx_t *ctx); | |
527 | 36 |
1136 | 37 struct ngx_mail_auth_http_ctx_s { |
527 | 38 ngx_buf_t *request; |
39 ngx_buf_t *response; | |
40 ngx_peer_connection_t peer; | |
41 | |
1136 | 42 ngx_mail_auth_http_handler_pt handler; |
527 | 43 |
44 ngx_uint_t state; | |
45 | |
46 u_char *header_name_start; | |
47 u_char *header_name_end; | |
48 u_char *header_start; | |
49 u_char *header_end; | |
50 | |
51 ngx_str_t addr; | |
52 ngx_str_t port; | |
53 ngx_str_t err; | |
567 | 54 ngx_str_t errmsg; |
1136 | 55 ngx_str_t errcode; |
527 | 56 |
547 | 57 time_t sleep; |
527 | 58 |
547 | 59 ngx_pool_t *pool; |
527 | 60 }; |
521 | 61 |
62 | |
1136 | 63 static void ngx_mail_auth_http_write_handler(ngx_event_t *wev); |
64 static void ngx_mail_auth_http_read_handler(ngx_event_t *rev); | |
65 static void ngx_mail_auth_http_ignore_status_line(ngx_mail_session_t *s, | |
66 ngx_mail_auth_http_ctx_t *ctx); | |
67 static void ngx_mail_auth_http_process_headers(ngx_mail_session_t *s, | |
68 ngx_mail_auth_http_ctx_t *ctx); | |
69 static void ngx_mail_auth_sleep_handler(ngx_event_t *rev); | |
70 static ngx_int_t ngx_mail_auth_http_parse_header_line(ngx_mail_session_t *s, | |
71 ngx_mail_auth_http_ctx_t *ctx); | |
72 static void ngx_mail_auth_http_block_read(ngx_event_t *rev); | |
73 static void ngx_mail_auth_http_dummy_handler(ngx_event_t *ev); | |
74 static ngx_buf_t *ngx_mail_auth_http_create_request(ngx_mail_session_t *s, | |
75 ngx_pool_t *pool, ngx_mail_auth_http_conf_t *ahcf); | |
76 static ngx_int_t ngx_mail_auth_http_escape(ngx_pool_t *pool, ngx_str_t *text, | |
633 | 77 ngx_str_t *escaped); |
521 | 78 |
1136 | 79 static void *ngx_mail_auth_http_create_conf(ngx_conf_t *cf); |
80 static char *ngx_mail_auth_http_merge_conf(ngx_conf_t *cf, void *parent, | |
521 | 81 void *child); |
1136 | 82 static char *ngx_mail_auth_http(ngx_conf_t *cf, ngx_command_t *cmd, void *conf); |
83 static char *ngx_mail_auth_http_header(ngx_conf_t *cf, ngx_command_t *cmd, | |
573 | 84 void *conf); |
521 | 85 |
86 | |
1136 | 87 static ngx_command_t ngx_mail_auth_http_commands[] = { |
521 | 88 |
89 { ngx_string("auth_http"), | |
1136 | 90 NGX_MAIL_MAIN_CONF|NGX_MAIL_SRV_CONF|NGX_CONF_TAKE1, |
91 ngx_mail_auth_http, | |
92 NGX_MAIL_SRV_CONF_OFFSET, | |
521 | 93 0, |
94 NULL }, | |
95 | |
96 { ngx_string("auth_http_timeout"), | |
1136 | 97 NGX_MAIL_MAIN_CONF|NGX_MAIL_SRV_CONF|NGX_CONF_TAKE1, |
521 | 98 ngx_conf_set_msec_slot, |
1136 | 99 NGX_MAIL_SRV_CONF_OFFSET, |
100 offsetof(ngx_mail_auth_http_conf_t, timeout), | |
521 | 101 NULL }, |
102 | |
573 | 103 { ngx_string("auth_http_header"), |
1136 | 104 NGX_MAIL_MAIN_CONF|NGX_MAIL_SRV_CONF|NGX_CONF_TAKE2, |
105 ngx_mail_auth_http_header, | |
106 NGX_MAIL_SRV_CONF_OFFSET, | |
573 | 107 0, |
108 NULL }, | |
109 | |
5989
ec01b1d1fff1
Mail: client SSL certificates support.
Maxim Dounin <mdounin@mdounin.ru>
parents:
5988
diff
changeset
|
110 { ngx_string("auth_http_pass_client_cert"), |
ec01b1d1fff1
Mail: client SSL certificates support.
Maxim Dounin <mdounin@mdounin.ru>
parents:
5988
diff
changeset
|
111 NGX_MAIL_MAIN_CONF|NGX_MAIL_SRV_CONF|NGX_CONF_FLAG, |
ec01b1d1fff1
Mail: client SSL certificates support.
Maxim Dounin <mdounin@mdounin.ru>
parents:
5988
diff
changeset
|
112 ngx_conf_set_flag_slot, |
ec01b1d1fff1
Mail: client SSL certificates support.
Maxim Dounin <mdounin@mdounin.ru>
parents:
5988
diff
changeset
|
113 NGX_MAIL_SRV_CONF_OFFSET, |
ec01b1d1fff1
Mail: client SSL certificates support.
Maxim Dounin <mdounin@mdounin.ru>
parents:
5988
diff
changeset
|
114 offsetof(ngx_mail_auth_http_conf_t, pass_client_cert), |
ec01b1d1fff1
Mail: client SSL certificates support.
Maxim Dounin <mdounin@mdounin.ru>
parents:
5988
diff
changeset
|
115 NULL }, |
ec01b1d1fff1
Mail: client SSL certificates support.
Maxim Dounin <mdounin@mdounin.ru>
parents:
5988
diff
changeset
|
116 |
521 | 117 ngx_null_command |
118 }; | |
119 | |
120 | |
1136 | 121 static ngx_mail_module_t ngx_mail_auth_http_module_ctx = { |
1487
f69493e8faab
ngx_mail_pop3_module, ngx_mail_imap_module, and ngx_mail_smtp_module
Igor Sysoev <igor@sysoev.ru>
parents:
1478
diff
changeset
|
122 NULL, /* protocol */ |
f69493e8faab
ngx_mail_pop3_module, ngx_mail_imap_module, and ngx_mail_smtp_module
Igor Sysoev <igor@sysoev.ru>
parents:
1478
diff
changeset
|
123 |
521 | 124 NULL, /* create main configuration */ |
125 NULL, /* init main configuration */ | |
126 | |
1136 | 127 ngx_mail_auth_http_create_conf, /* create server configuration */ |
128 ngx_mail_auth_http_merge_conf /* merge server configuration */ | |
521 | 129 }; |
130 | |
131 | |
1136 | 132 ngx_module_t ngx_mail_auth_http_module = { |
521 | 133 NGX_MODULE_V1, |
1136 | 134 &ngx_mail_auth_http_module_ctx, /* module context */ |
135 ngx_mail_auth_http_commands, /* module directives */ | |
136 NGX_MAIL_MODULE, /* module type */ | |
541 | 137 NULL, /* init master */ |
521 | 138 NULL, /* init module */ |
541 | 139 NULL, /* init process */ |
140 NULL, /* init thread */ | |
141 NULL, /* exit thread */ | |
142 NULL, /* exit process */ | |
143 NULL, /* exit master */ | |
144 NGX_MODULE_V1_PADDING | |
521 | 145 }; |
146 | |
147 | |
1136 | 148 static ngx_str_t ngx_mail_auth_http_method[] = { |
149 ngx_string("plain"), | |
809 | 150 ngx_string("plain"), |
2748
2477b28eaccb
fix Auth-Method, the bug has been introduced in r2496
Igor Sysoev <igor@sysoev.ru>
parents:
2388
diff
changeset
|
151 ngx_string("plain"), |
809 | 152 ngx_string("apop"), |
2309 | 153 ngx_string("cram-md5"), |
6774
bcb107bb89cd
Mail: support SASL EXTERNAL (RFC 4422).
Rob N ★ <robn@fastmail.com>
parents:
6597
diff
changeset
|
154 ngx_string("external"), |
2309 | 155 ngx_string("none") |
800 | 156 }; |
521 | 157 |
1136 | 158 static ngx_str_t ngx_mail_smtp_errcode = ngx_string("535 5.7.0"); |
521 | 159 |
1477 | 160 |
521 | 161 void |
1136 | 162 ngx_mail_auth_http_init(ngx_mail_session_t *s) |
521 | 163 { |
164 ngx_int_t rc; | |
547 | 165 ngx_pool_t *pool; |
1136 | 166 ngx_mail_auth_http_ctx_t *ctx; |
167 ngx_mail_auth_http_conf_t *ahcf; | |
521 | 168 |
541 | 169 s->connection->log->action = "in http auth state"; |
170 | |
547 | 171 pool = ngx_create_pool(2048, s->connection->log); |
172 if (pool == NULL) { | |
1136 | 173 ngx_mail_session_internal_server_error(s); |
521 | 174 return; |
175 } | |
176 | |
1136 | 177 ctx = ngx_pcalloc(pool, sizeof(ngx_mail_auth_http_ctx_t)); |
547 | 178 if (ctx == NULL) { |
179 ngx_destroy_pool(pool); | |
1136 | 180 ngx_mail_session_internal_server_error(s); |
547 | 181 return; |
182 } | |
183 | |
184 ctx->pool = pool; | |
185 | |
1136 | 186 ahcf = ngx_mail_get_module_srv_conf(s, ngx_mail_auth_http_module); |
521 | 187 |
1136 | 188 ctx->request = ngx_mail_auth_http_create_request(s, pool, ahcf); |
521 | 189 if (ctx->request == NULL) { |
547 | 190 ngx_destroy_pool(ctx->pool); |
1136 | 191 ngx_mail_session_internal_server_error(s); |
521 | 192 return; |
193 } | |
194 | |
1136 | 195 ngx_mail_set_ctx(s, ctx, ngx_mail_auth_http_module); |
521 | 196 |
884 | 197 ctx->peer.sockaddr = ahcf->peer->sockaddr; |
198 ctx->peer.socklen = ahcf->peer->socklen; | |
199 ctx->peer.name = &ahcf->peer->name; | |
200 ctx->peer.get = ngx_event_get_peer; | |
521 | 201 ctx->peer.log = s->connection->log; |
202 ctx->peer.log_error = NGX_ERROR_ERR; | |
203 | |
204 rc = ngx_event_connect_peer(&ctx->peer); | |
205 | |
543 | 206 if (rc == NGX_ERROR || rc == NGX_BUSY || rc == NGX_DECLINED) { |
862
6044cea025fa
fix segfault when connect() failed
Igor Sysoev <igor@sysoev.ru>
parents:
856
diff
changeset
|
207 if (ctx->peer.connection) { |
6044cea025fa
fix segfault when connect() failed
Igor Sysoev <igor@sysoev.ru>
parents:
856
diff
changeset
|
208 ngx_close_connection(ctx->peer.connection); |
6044cea025fa
fix segfault when connect() failed
Igor Sysoev <igor@sysoev.ru>
parents:
856
diff
changeset
|
209 } |
6044cea025fa
fix segfault when connect() failed
Igor Sysoev <igor@sysoev.ru>
parents:
856
diff
changeset
|
210 |
547 | 211 ngx_destroy_pool(ctx->pool); |
1136 | 212 ngx_mail_session_internal_server_error(s); |
521 | 213 return; |
214 } | |
215 | |
216 ctx->peer.connection->data = s; | |
217 ctx->peer.connection->pool = s->connection->pool; | |
218 | |
1136 | 219 s->connection->read->handler = ngx_mail_auth_http_block_read; |
220 ctx->peer.connection->read->handler = ngx_mail_auth_http_read_handler; | |
221 ctx->peer.connection->write->handler = ngx_mail_auth_http_write_handler; | |
521 | 222 |
1136 | 223 ctx->handler = ngx_mail_auth_http_ignore_status_line; |
527 | 224 |
541 | 225 ngx_add_timer(ctx->peer.connection->read, ahcf->timeout); |
226 ngx_add_timer(ctx->peer.connection->write, ahcf->timeout); | |
227 | |
521 | 228 if (rc == NGX_OK) { |
1136 | 229 ngx_mail_auth_http_write_handler(ctx->peer.connection->write); |
521 | 230 return; |
231 } | |
232 } | |
233 | |
234 | |
235 static void | |
1136 | 236 ngx_mail_auth_http_write_handler(ngx_event_t *wev) |
521 | 237 { |
238 ssize_t n, size; | |
239 ngx_connection_t *c; | |
1136 | 240 ngx_mail_session_t *s; |
241 ngx_mail_auth_http_ctx_t *ctx; | |
242 ngx_mail_auth_http_conf_t *ahcf; | |
521 | 243 |
244 c = wev->data; | |
245 s = c->data; | |
246 | |
1136 | 247 ctx = ngx_mail_get_module_ctx(s, ngx_mail_auth_http_module); |
521 | 248 |
1136 | 249 ngx_log_debug0(NGX_LOG_DEBUG_MAIL, wev->log, 0, |
250 "mail auth http write handler"); | |
521 | 251 |
577 | 252 if (wev->timedout) { |
521 | 253 ngx_log_error(NGX_LOG_ERR, wev->log, NGX_ETIMEDOUT, |
884 | 254 "auth http server %V timed out", ctx->peer.name); |
1478 | 255 ngx_close_connection(c); |
547 | 256 ngx_destroy_pool(ctx->pool); |
1136 | 257 ngx_mail_session_internal_server_error(s); |
521 | 258 return; |
259 } | |
260 | |
261 size = ctx->request->last - ctx->request->pos; | |
262 | |
263 n = ngx_send(c, ctx->request->pos, size); | |
264 | |
265 if (n == NGX_ERROR) { | |
1478 | 266 ngx_close_connection(c); |
547 | 267 ngx_destroy_pool(ctx->pool); |
1136 | 268 ngx_mail_session_internal_server_error(s); |
521 | 269 return; |
270 } | |
271 | |
272 if (n > 0) { | |
273 ctx->request->pos += n; | |
274 | |
275 if (n == size) { | |
1136 | 276 wev->handler = ngx_mail_auth_http_dummy_handler; |
521 | 277 |
278 if (wev->timer_set) { | |
279 ngx_del_timer(wev); | |
280 } | |
281 | |
2388
722b5aff05ae
use "!= NGX_OK" instead of "== NGX_ERROR"
Igor Sysoev <igor@sysoev.ru>
parents:
2310
diff
changeset
|
282 if (ngx_handle_write_event(wev, 0) != NGX_OK) { |
1478 | 283 ngx_close_connection(c); |
799
9737d6fb1ac6
disable write level event while waiting auth server response
Igor Sysoev <igor@sysoev.ru>
parents:
633
diff
changeset
|
284 ngx_destroy_pool(ctx->pool); |
1136 | 285 ngx_mail_session_internal_server_error(s); |
799
9737d6fb1ac6
disable write level event while waiting auth server response
Igor Sysoev <igor@sysoev.ru>
parents:
633
diff
changeset
|
286 } |
9737d6fb1ac6
disable write level event while waiting auth server response
Igor Sysoev <igor@sysoev.ru>
parents:
633
diff
changeset
|
287 |
521 | 288 return; |
289 } | |
290 } | |
291 | |
292 if (!wev->timer_set) { | |
1136 | 293 ahcf = ngx_mail_get_module_srv_conf(s, ngx_mail_auth_http_module); |
521 | 294 ngx_add_timer(wev, ahcf->timeout); |
295 } | |
296 } | |
297 | |
298 | |
299 static void | |
1136 | 300 ngx_mail_auth_http_read_handler(ngx_event_t *rev) |
521 | 301 { |
525 | 302 ssize_t n, size; |
521 | 303 ngx_connection_t *c; |
1136 | 304 ngx_mail_session_t *s; |
305 ngx_mail_auth_http_ctx_t *ctx; | |
521 | 306 |
307 c = rev->data; | |
308 s = c->data; | |
309 | |
1136 | 310 ngx_log_debug0(NGX_LOG_DEBUG_MAIL, rev->log, 0, |
311 "mail auth http read handler"); | |
521 | 312 |
1136 | 313 ctx = ngx_mail_get_module_ctx(s, ngx_mail_auth_http_module); |
525 | 314 |
577 | 315 if (rev->timedout) { |
525 | 316 ngx_log_error(NGX_LOG_ERR, rev->log, NGX_ETIMEDOUT, |
884 | 317 "auth http server %V timed out", ctx->peer.name); |
1478 | 318 ngx_close_connection(c); |
547 | 319 ngx_destroy_pool(ctx->pool); |
1136 | 320 ngx_mail_session_internal_server_error(s); |
525 | 321 return; |
322 } | |
323 | |
324 if (ctx->response == NULL) { | |
547 | 325 ctx->response = ngx_create_temp_buf(ctx->pool, 1024); |
525 | 326 if (ctx->response == NULL) { |
1478 | 327 ngx_close_connection(c); |
547 | 328 ngx_destroy_pool(ctx->pool); |
1136 | 329 ngx_mail_session_internal_server_error(s); |
525 | 330 return; |
331 } | |
332 } | |
333 | |
527 | 334 size = ctx->response->end - ctx->response->last; |
525 | 335 |
336 n = ngx_recv(c, ctx->response->pos, size); | |
337 | |
527 | 338 if (n > 0) { |
339 ctx->response->last += n; | |
340 | |
341 ctx->handler(s, ctx); | |
342 return; | |
343 } | |
344 | |
345 if (n == NGX_AGAIN) { | |
525 | 346 return; |
347 } | |
348 | |
1478 | 349 ngx_close_connection(c); |
547 | 350 ngx_destroy_pool(ctx->pool); |
1136 | 351 ngx_mail_session_internal_server_error(s); |
527 | 352 } |
525 | 353 |
354 | |
527 | 355 static void |
1136 | 356 ngx_mail_auth_http_ignore_status_line(ngx_mail_session_t *s, |
357 ngx_mail_auth_http_ctx_t *ctx) | |
527 | 358 { |
359 u_char *p, ch; | |
360 enum { | |
361 sw_start = 0, | |
362 sw_H, | |
363 sw_HT, | |
364 sw_HTT, | |
365 sw_HTTP, | |
366 sw_skip, | |
367 sw_almost_done | |
368 } state; | |
369 | |
1136 | 370 ngx_log_debug0(NGX_LOG_DEBUG_MAIL, s->connection->log, 0, |
371 "mail auth http process status line"); | |
527 | 372 |
373 state = ctx->state; | |
374 | |
375 for (p = ctx->response->pos; p < ctx->response->last; p++) { | |
376 ch = *p; | |
377 | |
378 switch (state) { | |
379 | |
380 /* "HTTP/" */ | |
381 case sw_start: | |
382 if (ch == 'H') { | |
383 state = sw_H; | |
384 break; | |
385 } | |
386 goto next; | |
387 | |
388 case sw_H: | |
389 if (ch == 'T') { | |
390 state = sw_HT; | |
391 break; | |
392 } | |
393 goto next; | |
394 | |
395 case sw_HT: | |
396 if (ch == 'T') { | |
397 state = sw_HTT; | |
398 break; | |
399 } | |
400 goto next; | |
401 | |
402 case sw_HTT: | |
403 if (ch == 'P') { | |
404 state = sw_HTTP; | |
405 break; | |
406 } | |
407 goto next; | |
408 | |
409 case sw_HTTP: | |
410 if (ch == '/') { | |
411 state = sw_skip; | |
412 break; | |
413 } | |
414 goto next; | |
415 | |
416 /* any text until end of line */ | |
417 case sw_skip: | |
418 switch (ch) { | |
419 case CR: | |
420 state = sw_almost_done; | |
421 | |
422 break; | |
577 | 423 case LF: |
527 | 424 goto done; |
425 } | |
426 break; | |
427 | |
428 /* end of status line */ | |
429 case sw_almost_done: | |
430 if (ch == LF) { | |
431 goto done; | |
432 } | |
433 | |
434 ngx_log_error(NGX_LOG_ERR, s->connection->log, 0, | |
6480 | 435 "auth http server %V sent invalid response", |
884 | 436 ctx->peer.name); |
527 | 437 ngx_close_connection(ctx->peer.connection); |
547 | 438 ngx_destroy_pool(ctx->pool); |
1136 | 439 ngx_mail_session_internal_server_error(s); |
527 | 440 return; |
441 } | |
442 } | |
443 | |
444 ctx->response->pos = p; | |
445 ctx->state = state; | |
446 | |
447 return; | |
448 | |
449 next: | |
450 | |
451 p = ctx->response->start - 1; | |
452 | |
453 done: | |
454 | |
455 ctx->response->pos = p + 1; | |
456 ctx->state = 0; | |
1136 | 457 ctx->handler = ngx_mail_auth_http_process_headers; |
527 | 458 ctx->handler(s, ctx); |
459 } | |
525 | 460 |
461 | |
527 | 462 static void |
1136 | 463 ngx_mail_auth_http_process_headers(ngx_mail_session_t *s, |
464 ngx_mail_auth_http_ctx_t *ctx) | |
527 | 465 { |
6593
b3b7e33083ac
Introduced ngx_inet_get_port() and ngx_inet_set_port() functions.
Roman Arutyunyan <arut@nginx.com>
parents:
6480
diff
changeset
|
466 u_char *p; |
b3b7e33083ac
Introduced ngx_inet_get_port() and ngx_inet_set_port() functions.
Roman Arutyunyan <arut@nginx.com>
parents:
6480
diff
changeset
|
467 time_t timer; |
b3b7e33083ac
Introduced ngx_inet_get_port() and ngx_inet_set_port() functions.
Roman Arutyunyan <arut@nginx.com>
parents:
6480
diff
changeset
|
468 size_t len, size; |
b3b7e33083ac
Introduced ngx_inet_get_port() and ngx_inet_set_port() functions.
Roman Arutyunyan <arut@nginx.com>
parents:
6480
diff
changeset
|
469 ngx_int_t rc, port, n; |
b3b7e33083ac
Introduced ngx_inet_get_port() and ngx_inet_set_port() functions.
Roman Arutyunyan <arut@nginx.com>
parents:
6480
diff
changeset
|
470 ngx_addr_t *peer; |
525 | 471 |
1136 | 472 ngx_log_debug0(NGX_LOG_DEBUG_MAIL, s->connection->log, 0, |
473 "mail auth http process headers"); | |
527 | 474 |
475 for ( ;; ) { | |
1136 | 476 rc = ngx_mail_auth_http_parse_header_line(s, ctx); |
527 | 477 |
478 if (rc == NGX_OK) { | |
479 | |
480 #if (NGX_DEBUG) | |
481 { | |
482 ngx_str_t key, value; | |
483 | |
484 key.len = ctx->header_name_end - ctx->header_name_start; | |
485 key.data = ctx->header_name_start; | |
486 value.len = ctx->header_end - ctx->header_start; | |
487 value.data = ctx->header_start; | |
488 | |
1136 | 489 ngx_log_debug2(NGX_LOG_DEBUG_MAIL, s->connection->log, 0, |
490 "mail auth http header: \"%V: %V\"", | |
527 | 491 &key, &value); |
492 } | |
493 #endif | |
494 | |
495 len = ctx->header_name_end - ctx->header_name_start; | |
496 | |
497 if (len == sizeof("Auth-Status") - 1 | |
1107
db7c468c447d
ngx_strcasecmp()/ngx_strncasecmp()
Igor Sysoev <igor@sysoev.ru>
parents:
906
diff
changeset
|
498 && ngx_strncasecmp(ctx->header_name_start, |
db7c468c447d
ngx_strcasecmp()/ngx_strncasecmp()
Igor Sysoev <igor@sysoev.ru>
parents:
906
diff
changeset
|
499 (u_char *) "Auth-Status", |
db7c468c447d
ngx_strcasecmp()/ngx_strncasecmp()
Igor Sysoev <igor@sysoev.ru>
parents:
906
diff
changeset
|
500 sizeof("Auth-Status") - 1) |
db7c468c447d
ngx_strcasecmp()/ngx_strncasecmp()
Igor Sysoev <igor@sysoev.ru>
parents:
906
diff
changeset
|
501 == 0) |
527 | 502 { |
503 len = ctx->header_end - ctx->header_start; | |
504 | |
505 if (len == 2 | |
506 && ctx->header_start[0] == 'O' | |
507 && ctx->header_start[1] == 'K') | |
508 { | |
509 continue; | |
510 } | |
511 | |
883 | 512 if (len == 4 |
513 && ctx->header_start[0] == 'W' | |
514 && ctx->header_start[1] == 'A' | |
515 && ctx->header_start[2] == 'I' | |
516 && ctx->header_start[3] == 'T') | |
517 { | |
518 s->auth_wait = 1; | |
519 continue; | |
520 } | |
521 | |
567 | 522 ctx->errmsg.len = len; |
523 ctx->errmsg.data = ctx->header_start; | |
524 | |
1136 | 525 switch (s->protocol) { |
526 | |
527 case NGX_MAIL_POP3_PROTOCOL: | |
854
1673f197bc62
fix segfault when many auth failures occurred
Igor Sysoev <igor@sysoev.ru>
parents:
809
diff
changeset
|
528 size = sizeof("-ERR ") - 1 + len + sizeof(CRLF) - 1; |
1136 | 529 break; |
527 | 530 |
1136 | 531 case NGX_MAIL_IMAP_PROTOCOL: |
854
1673f197bc62
fix segfault when many auth failures occurred
Igor Sysoev <igor@sysoev.ru>
parents:
809
diff
changeset
|
532 size = s->tag.len + sizeof("NO ") - 1 + len |
527 | 533 + sizeof(CRLF) - 1; |
1136 | 534 break; |
535 | |
536 default: /* NGX_MAIL_SMTP_PROTOCOL */ | |
537 ctx->err = ctx->errmsg; | |
538 continue; | |
527 | 539 } |
540 | |
2061
b0a1c84725cf
change useless ngx_pcalloc() to ngx_pnalloc()
Igor Sysoev <igor@sysoev.ru>
parents:
2049
diff
changeset
|
541 p = ngx_pnalloc(s->connection->pool, size); |
527 | 542 if (p == NULL) { |
543 | 543 ngx_close_connection(ctx->peer.connection); |
547 | 544 ngx_destroy_pool(ctx->pool); |
1136 | 545 ngx_mail_session_internal_server_error(s); |
527 | 546 return; |
547 } | |
548 | |
549 ctx->err.data = p; | |
550 | |
1136 | 551 switch (s->protocol) { |
527 | 552 |
1136 | 553 case NGX_MAIL_POP3_PROTOCOL: |
554 *p++ = '-'; *p++ = 'E'; *p++ = 'R'; *p++ = 'R'; *p++ = ' '; | |
555 break; | |
556 | |
557 case NGX_MAIL_IMAP_PROTOCOL: | |
527 | 558 p = ngx_cpymem(p, s->tag.data, s->tag.len); |
1136 | 559 *p++ = 'N'; *p++ = 'O'; *p++ = ' '; |
560 break; | |
561 | |
562 default: /* NGX_MAIL_SMTP_PROTOCOL */ | |
563 break; | |
527 | 564 } |
565 | |
566 p = ngx_cpymem(p, ctx->header_start, len); | |
567 *p++ = CR; *p++ = LF; | |
568 | |
569 ctx->err.len = p - ctx->err.data; | |
570 | |
571 continue; | |
572 } | |
573 | |
574 if (len == sizeof("Auth-Server") - 1 | |
1107
db7c468c447d
ngx_strcasecmp()/ngx_strncasecmp()
Igor Sysoev <igor@sysoev.ru>
parents:
906
diff
changeset
|
575 && ngx_strncasecmp(ctx->header_name_start, |
db7c468c447d
ngx_strcasecmp()/ngx_strncasecmp()
Igor Sysoev <igor@sysoev.ru>
parents:
906
diff
changeset
|
576 (u_char *) "Auth-Server", |
db7c468c447d
ngx_strcasecmp()/ngx_strncasecmp()
Igor Sysoev <igor@sysoev.ru>
parents:
906
diff
changeset
|
577 sizeof("Auth-Server") - 1) |
db7c468c447d
ngx_strcasecmp()/ngx_strncasecmp()
Igor Sysoev <igor@sysoev.ru>
parents:
906
diff
changeset
|
578 == 0) |
527 | 579 { |
580 ctx->addr.len = ctx->header_end - ctx->header_start; | |
581 ctx->addr.data = ctx->header_start; | |
582 | |
583 continue; | |
584 } | |
585 | |
586 if (len == sizeof("Auth-Port") - 1 | |
1107
db7c468c447d
ngx_strcasecmp()/ngx_strncasecmp()
Igor Sysoev <igor@sysoev.ru>
parents:
906
diff
changeset
|
587 && ngx_strncasecmp(ctx->header_name_start, |
db7c468c447d
ngx_strcasecmp()/ngx_strncasecmp()
Igor Sysoev <igor@sysoev.ru>
parents:
906
diff
changeset
|
588 (u_char *) "Auth-Port", |
db7c468c447d
ngx_strcasecmp()/ngx_strncasecmp()
Igor Sysoev <igor@sysoev.ru>
parents:
906
diff
changeset
|
589 sizeof("Auth-Port") - 1) |
db7c468c447d
ngx_strcasecmp()/ngx_strncasecmp()
Igor Sysoev <igor@sysoev.ru>
parents:
906
diff
changeset
|
590 == 0) |
527 | 591 { |
592 ctx->port.len = ctx->header_end - ctx->header_start; | |
593 ctx->port.data = ctx->header_start; | |
594 | |
595 continue; | |
596 } | |
597 | |
598 if (len == sizeof("Auth-User") - 1 | |
1107
db7c468c447d
ngx_strcasecmp()/ngx_strncasecmp()
Igor Sysoev <igor@sysoev.ru>
parents:
906
diff
changeset
|
599 && ngx_strncasecmp(ctx->header_name_start, |
db7c468c447d
ngx_strcasecmp()/ngx_strncasecmp()
Igor Sysoev <igor@sysoev.ru>
parents:
906
diff
changeset
|
600 (u_char *) "Auth-User", |
db7c468c447d
ngx_strcasecmp()/ngx_strncasecmp()
Igor Sysoev <igor@sysoev.ru>
parents:
906
diff
changeset
|
601 sizeof("Auth-User") - 1) |
db7c468c447d
ngx_strcasecmp()/ngx_strncasecmp()
Igor Sysoev <igor@sysoev.ru>
parents:
906
diff
changeset
|
602 == 0) |
527 | 603 { |
604 s->login.len = ctx->header_end - ctx->header_start; | |
567 | 605 |
2049 | 606 s->login.data = ngx_pnalloc(s->connection->pool, s->login.len); |
567 | 607 if (s->login.data == NULL) { |
608 ngx_close_connection(ctx->peer.connection); | |
609 ngx_destroy_pool(ctx->pool); | |
1136 | 610 ngx_mail_session_internal_server_error(s); |
567 | 611 return; |
612 } | |
613 | |
614 ngx_memcpy(s->login.data, ctx->header_start, s->login.len); | |
527 | 615 |
616 continue; | |
617 } | |
618 | |
800 | 619 if (len == sizeof("Auth-Pass") - 1 |
1107
db7c468c447d
ngx_strcasecmp()/ngx_strncasecmp()
Igor Sysoev <igor@sysoev.ru>
parents:
906
diff
changeset
|
620 && ngx_strncasecmp(ctx->header_name_start, |
db7c468c447d
ngx_strcasecmp()/ngx_strncasecmp()
Igor Sysoev <igor@sysoev.ru>
parents:
906
diff
changeset
|
621 (u_char *) "Auth-Pass", |
db7c468c447d
ngx_strcasecmp()/ngx_strncasecmp()
Igor Sysoev <igor@sysoev.ru>
parents:
906
diff
changeset
|
622 sizeof("Auth-Pass") - 1) |
db7c468c447d
ngx_strcasecmp()/ngx_strncasecmp()
Igor Sysoev <igor@sysoev.ru>
parents:
906
diff
changeset
|
623 == 0) |
800 | 624 { |
625 s->passwd.len = ctx->header_end - ctx->header_start; | |
626 | |
2049 | 627 s->passwd.data = ngx_pnalloc(s->connection->pool, |
628 s->passwd.len); | |
800 | 629 if (s->passwd.data == NULL) { |
630 ngx_close_connection(ctx->peer.connection); | |
631 ngx_destroy_pool(ctx->pool); | |
1136 | 632 ngx_mail_session_internal_server_error(s); |
800 | 633 return; |
634 } | |
635 | |
636 ngx_memcpy(s->passwd.data, ctx->header_start, s->passwd.len); | |
637 | |
638 continue; | |
639 } | |
640 | |
527 | 641 if (len == sizeof("Auth-Wait") - 1 |
1107
db7c468c447d
ngx_strcasecmp()/ngx_strncasecmp()
Igor Sysoev <igor@sysoev.ru>
parents:
906
diff
changeset
|
642 && ngx_strncasecmp(ctx->header_name_start, |
db7c468c447d
ngx_strcasecmp()/ngx_strncasecmp()
Igor Sysoev <igor@sysoev.ru>
parents:
906
diff
changeset
|
643 (u_char *) "Auth-Wait", |
db7c468c447d
ngx_strcasecmp()/ngx_strncasecmp()
Igor Sysoev <igor@sysoev.ru>
parents:
906
diff
changeset
|
644 sizeof("Auth-Wait") - 1) |
db7c468c447d
ngx_strcasecmp()/ngx_strncasecmp()
Igor Sysoev <igor@sysoev.ru>
parents:
906
diff
changeset
|
645 == 0) |
527 | 646 { |
647 n = ngx_atoi(ctx->header_start, | |
648 ctx->header_end - ctx->header_start); | |
649 | |
650 if (n != NGX_ERROR) { | |
651 ctx->sleep = n; | |
652 } | |
653 | |
654 continue; | |
655 } | |
656 | |
1136 | 657 if (len == sizeof("Auth-Error-Code") - 1 |
658 && ngx_strncasecmp(ctx->header_name_start, | |
659 (u_char *) "Auth-Error-Code", | |
660 sizeof("Auth-Error-Code") - 1) | |
661 == 0) | |
662 { | |
663 ctx->errcode.len = ctx->header_end - ctx->header_start; | |
664 | |
2049 | 665 ctx->errcode.data = ngx_pnalloc(s->connection->pool, |
666 ctx->errcode.len); | |
1136 | 667 if (ctx->errcode.data == NULL) { |
668 ngx_close_connection(ctx->peer.connection); | |
669 ngx_destroy_pool(ctx->pool); | |
670 ngx_mail_session_internal_server_error(s); | |
671 return; | |
672 } | |
673 | |
674 ngx_memcpy(ctx->errcode.data, ctx->header_start, | |
675 ctx->errcode.len); | |
676 | |
677 continue; | |
678 } | |
679 | |
527 | 680 /* ignore other headers */ |
681 | |
682 continue; | |
683 } | |
684 | |
685 if (rc == NGX_DONE) { | |
1136 | 686 ngx_log_debug0(NGX_LOG_DEBUG_MAIL, s->connection->log, 0, |
687 "mail auth http header done"); | |
527 | 688 |
689 ngx_close_connection(ctx->peer.connection); | |
690 | |
691 if (ctx->err.len) { | |
1136 | 692 |
567 | 693 ngx_log_error(NGX_LOG_INFO, s->connection->log, 0, |
694 "client login failed: \"%V\"", &ctx->errmsg); | |
695 | |
1136 | 696 if (s->protocol == NGX_MAIL_SMTP_PROTOCOL) { |
697 | |
698 if (ctx->errcode.len == 0) { | |
699 ctx->errcode = ngx_mail_smtp_errcode; | |
700 } | |
701 | |
702 ctx->err.len = ctx->errcode.len + ctx->errmsg.len | |
703 + sizeof(" " CRLF) - 1; | |
704 | |
2049 | 705 p = ngx_pnalloc(s->connection->pool, ctx->err.len); |
1166 | 706 if (p == NULL) { |
707 ngx_destroy_pool(ctx->pool); | |
708 ngx_mail_session_internal_server_error(s); | |
709 return; | |
710 } | |
1136 | 711 |
1166 | 712 ctx->err.data = p; |
1136 | 713 |
1166 | 714 p = ngx_cpymem(p, ctx->errcode.data, ctx->errcode.len); |
1136 | 715 *p++ = ' '; |
1166 | 716 p = ngx_cpymem(p, ctx->errmsg.data, ctx->errmsg.len); |
1136 | 717 *p++ = CR; *p = LF; |
718 } | |
719 | |
539 | 720 s->out = ctx->err; |
547 | 721 timer = ctx->sleep; |
527 | 722 |
547 | 723 ngx_destroy_pool(ctx->pool); |
724 | |
725 if (timer == 0) { | |
539 | 726 s->quit = 1; |
1136 | 727 ngx_mail_send(s->connection->write); |
541 | 728 return; |
729 } | |
539 | 730 |
1640 | 731 ngx_add_timer(s->connection->read, (ngx_msec_t) (timer * 1000)); |
527 | 732 |
1136 | 733 s->connection->read->handler = ngx_mail_auth_sleep_handler; |
527 | 734 |
735 return; | |
736 } | |
737 | |
883 | 738 if (s->auth_wait) { |
739 timer = ctx->sleep; | |
740 | |
741 ngx_destroy_pool(ctx->pool); | |
742 | |
743 if (timer == 0) { | |
1136 | 744 ngx_mail_auth_http_init(s); |
883 | 745 return; |
746 } | |
747 | |
1640 | 748 ngx_add_timer(s->connection->read, (ngx_msec_t) (timer * 1000)); |
883 | 749 |
1136 | 750 s->connection->read->handler = ngx_mail_auth_sleep_handler; |
883 | 751 |
752 return; | |
753 } | |
754 | |
527 | 755 if (ctx->addr.len == 0 || ctx->port.len == 0) { |
756 ngx_log_error(NGX_LOG_ERR, s->connection->log, 0, | |
541 | 757 "auth http server %V did not send server or port", |
884 | 758 ctx->peer.name); |
547 | 759 ngx_destroy_pool(ctx->pool); |
1136 | 760 ngx_mail_session_internal_server_error(s); |
527 | 761 return; |
762 } | |
763 | |
1487
f69493e8faab
ngx_mail_pop3_module, ngx_mail_imap_module, and ngx_mail_smtp_module
Igor Sysoev <igor@sysoev.ru>
parents:
1478
diff
changeset
|
764 if (s->passwd.data == NULL |
f69493e8faab
ngx_mail_pop3_module, ngx_mail_imap_module, and ngx_mail_smtp_module
Igor Sysoev <igor@sysoev.ru>
parents:
1478
diff
changeset
|
765 && s->protocol != NGX_MAIL_SMTP_PROTOCOL) |
1136 | 766 { |
800 | 767 ngx_log_error(NGX_LOG_ERR, s->connection->log, 0, |
768 "auth http server %V did not send password", | |
884 | 769 ctx->peer.name); |
800 | 770 ngx_destroy_pool(ctx->pool); |
1136 | 771 ngx_mail_session_internal_server_error(s); |
800 | 772 return; |
773 } | |
774 | |
3269
f0d596e84634
rename ngx_peer_addr_t to ngx_addr_t
Igor Sysoev <igor@sysoev.ru>
parents:
3267
diff
changeset
|
775 peer = ngx_pcalloc(s->connection->pool, sizeof(ngx_addr_t)); |
884 | 776 if (peer == NULL) { |
547 | 777 ngx_destroy_pool(ctx->pool); |
1136 | 778 ngx_mail_session_internal_server_error(s); |
527 | 779 return; |
780 } | |
781 | |
5134
c788e54090de
Mail: IPv6 backends (ticket #323).
Ruslan Ermilov <ru@nginx.com>
parents:
4971
diff
changeset
|
782 rc = ngx_parse_addr(s->connection->pool, peer, |
c788e54090de
Mail: IPv6 backends (ticket #323).
Ruslan Ermilov <ru@nginx.com>
parents:
4971
diff
changeset
|
783 ctx->addr.data, ctx->addr.len); |
c788e54090de
Mail: IPv6 backends (ticket #323).
Ruslan Ermilov <ru@nginx.com>
parents:
4971
diff
changeset
|
784 |
c788e54090de
Mail: IPv6 backends (ticket #323).
Ruslan Ermilov <ru@nginx.com>
parents:
4971
diff
changeset
|
785 switch (rc) { |
c788e54090de
Mail: IPv6 backends (ticket #323).
Ruslan Ermilov <ru@nginx.com>
parents:
4971
diff
changeset
|
786 case NGX_OK: |
c788e54090de
Mail: IPv6 backends (ticket #323).
Ruslan Ermilov <ru@nginx.com>
parents:
4971
diff
changeset
|
787 break; |
2855
a96a8c916b0c
mail proxy listen IPv6 support
Igor Sysoev <igor@sysoev.ru>
parents:
2748
diff
changeset
|
788 |
5134
c788e54090de
Mail: IPv6 backends (ticket #323).
Ruslan Ermilov <ru@nginx.com>
parents:
4971
diff
changeset
|
789 case NGX_DECLINED: |
c788e54090de
Mail: IPv6 backends (ticket #323).
Ruslan Ermilov <ru@nginx.com>
parents:
4971
diff
changeset
|
790 ngx_log_error(NGX_LOG_ERR, s->connection->log, 0, |
c788e54090de
Mail: IPv6 backends (ticket #323).
Ruslan Ermilov <ru@nginx.com>
parents:
4971
diff
changeset
|
791 "auth http server %V sent invalid server " |
c788e54090de
Mail: IPv6 backends (ticket #323).
Ruslan Ermilov <ru@nginx.com>
parents:
4971
diff
changeset
|
792 "address:\"%V\"", |
c788e54090de
Mail: IPv6 backends (ticket #323).
Ruslan Ermilov <ru@nginx.com>
parents:
4971
diff
changeset
|
793 ctx->peer.name, &ctx->addr); |
c788e54090de
Mail: IPv6 backends (ticket #323).
Ruslan Ermilov <ru@nginx.com>
parents:
4971
diff
changeset
|
794 /* fall through */ |
c788e54090de
Mail: IPv6 backends (ticket #323).
Ruslan Ermilov <ru@nginx.com>
parents:
4971
diff
changeset
|
795 |
c788e54090de
Mail: IPv6 backends (ticket #323).
Ruslan Ermilov <ru@nginx.com>
parents:
4971
diff
changeset
|
796 default: |
547 | 797 ngx_destroy_pool(ctx->pool); |
1136 | 798 ngx_mail_session_internal_server_error(s); |
527 | 799 return; |
800 } | |
801 | |
802 port = ngx_atoi(ctx->port.data, ctx->port.len); | |
4227 | 803 if (port == NGX_ERROR || port < 1 || port > 65535) { |
527 | 804 ngx_log_error(NGX_LOG_ERR, s->connection->log, 0, |
541 | 805 "auth http server %V sent invalid server " |
806 "port:\"%V\"", | |
884 | 807 ctx->peer.name, &ctx->port); |
547 | 808 ngx_destroy_pool(ctx->pool); |
1136 | 809 ngx_mail_session_internal_server_error(s); |
527 | 810 return; |
811 } | |
812 | |
6597 | 813 ngx_inet_set_port(peer->sockaddr, (in_port_t) port); |
527 | 814 |
815 len = ctx->addr.len + 1 + ctx->port.len; | |
816 | |
884 | 817 peer->name.len = len; |
527 | 818 |
2049 | 819 peer->name.data = ngx_pnalloc(s->connection->pool, len); |
884 | 820 if (peer->name.data == NULL) { |
547 | 821 ngx_destroy_pool(ctx->pool); |
1136 | 822 ngx_mail_session_internal_server_error(s); |
527 | 823 return; |
824 } | |
825 | |
826 len = ctx->addr.len; | |
827 | |
884 | 828 ngx_memcpy(peer->name.data, ctx->addr.data, len); |
527 | 829 |
884 | 830 peer->name.data[len++] = ':'; |
527 | 831 |
884 | 832 ngx_memcpy(peer->name.data + len, ctx->port.data, ctx->port.len); |
527 | 833 |
547 | 834 ngx_destroy_pool(ctx->pool); |
1136 | 835 ngx_mail_proxy_init(s, peer); |
527 | 836 |
837 return; | |
838 } | |
839 | |
840 if (rc == NGX_AGAIN ) { | |
841 return; | |
842 } | |
843 | |
844 /* rc == NGX_ERROR */ | |
845 | |
846 ngx_log_error(NGX_LOG_ERR, s->connection->log, 0, | |
541 | 847 "auth http server %V sent invalid header in response", |
884 | 848 ctx->peer.name); |
527 | 849 ngx_close_connection(ctx->peer.connection); |
547 | 850 ngx_destroy_pool(ctx->pool); |
1136 | 851 ngx_mail_session_internal_server_error(s); |
527 | 852 |
853 return; | |
854 } | |
855 } | |
856 | |
521 | 857 |
527 | 858 static void |
1136 | 859 ngx_mail_auth_sleep_handler(ngx_event_t *rev) |
527 | 860 { |
543 | 861 ngx_connection_t *c; |
1136 | 862 ngx_mail_session_t *s; |
863 ngx_mail_core_srv_conf_t *cscf; | |
527 | 864 |
1136 | 865 ngx_log_debug0(NGX_LOG_DEBUG_MAIL, rev->log, 0, "mail auth sleep handler"); |
527 | 866 |
867 c = rev->data; | |
868 s = c->data; | |
869 | |
870 if (rev->timedout) { | |
871 | |
872 rev->timedout = 0; | |
873 | |
883 | 874 if (s->auth_wait) { |
875 s->auth_wait = 0; | |
1136 | 876 ngx_mail_auth_http_init(s); |
883 | 877 return; |
878 } | |
879 | |
1487
f69493e8faab
ngx_mail_pop3_module, ngx_mail_imap_module, and ngx_mail_smtp_module
Igor Sysoev <igor@sysoev.ru>
parents:
1478
diff
changeset
|
880 cscf = ngx_mail_get_module_srv_conf(s, ngx_mail_core_module); |
527 | 881 |
1487
f69493e8faab
ngx_mail_pop3_module, ngx_mail_imap_module, and ngx_mail_smtp_module
Igor Sysoev <igor@sysoev.ru>
parents:
1478
diff
changeset
|
882 rev->handler = cscf->protocol->auth_state; |
f69493e8faab
ngx_mail_pop3_module, ngx_mail_imap_module, and ngx_mail_smtp_module
Igor Sysoev <igor@sysoev.ru>
parents:
1478
diff
changeset
|
883 |
f69493e8faab
ngx_mail_pop3_module, ngx_mail_imap_module, and ngx_mail_smtp_module
Igor Sysoev <igor@sysoev.ru>
parents:
1478
diff
changeset
|
884 s->mail_state = 0; |
1136 | 885 s->auth_method = NGX_MAIL_AUTH_PLAIN; |
800 | 886 |
543 | 887 c->log->action = "in auth state"; |
888 | |
1477 | 889 ngx_mail_send(c->write); |
543 | 890 |
583 | 891 if (c->destroyed) { |
543 | 892 return; |
893 } | |
894 | |
895 ngx_add_timer(rev, cscf->timeout); | |
896 | |
527 | 897 if (rev->ready) { |
1477 | 898 rev->handler(rev); |
527 | 899 return; |
900 } | |
901 | |
2388
722b5aff05ae
use "!= NGX_OK" instead of "== NGX_ERROR"
Igor Sysoev <igor@sysoev.ru>
parents:
2310
diff
changeset
|
902 if (ngx_handle_read_event(rev, 0) != NGX_OK) { |
1477 | 903 ngx_mail_close_connection(c); |
527 | 904 } |
905 | |
906 return; | |
907 } | |
908 | |
909 if (rev->active) { | |
2388
722b5aff05ae
use "!= NGX_OK" instead of "== NGX_ERROR"
Igor Sysoev <igor@sysoev.ru>
parents:
2310
diff
changeset
|
910 if (ngx_handle_read_event(rev, 0) != NGX_OK) { |
1477 | 911 ngx_mail_close_connection(c); |
527 | 912 } |
913 } | |
914 } | |
915 | |
916 | |
917 static ngx_int_t | |
1136 | 918 ngx_mail_auth_http_parse_header_line(ngx_mail_session_t *s, |
919 ngx_mail_auth_http_ctx_t *ctx) | |
527 | 920 { |
921 u_char c, ch, *p; | |
922 enum { | |
923 sw_start = 0, | |
924 sw_name, | |
925 sw_space_before_value, | |
926 sw_value, | |
927 sw_space_after_value, | |
577 | 928 sw_almost_done, |
527 | 929 sw_header_almost_done |
930 } state; | |
931 | |
577 | 932 state = ctx->state; |
527 | 933 |
934 for (p = ctx->response->pos; p < ctx->response->last; p++) { | |
935 ch = *p; | |
936 | |
937 switch (state) { | |
938 | |
939 /* first char */ | |
940 case sw_start: | |
941 | |
942 switch (ch) { | |
943 case CR: | |
577 | 944 ctx->header_end = p; |
527 | 945 state = sw_header_almost_done; |
946 break; | |
577 | 947 case LF: |
527 | 948 ctx->header_end = p; |
949 goto header_done; | |
950 default: | |
951 state = sw_name; | |
952 ctx->header_name_start = p; | |
953 | |
954 c = (u_char) (ch | 0x20); | |
955 if (c >= 'a' && c <= 'z') { | |
956 break; | |
957 } | |
958 | |
959 if (ch >= '0' && ch <= '9') { | |
960 break; | |
961 } | |
962 | |
963 return NGX_ERROR; | |
964 } | |
965 break; | |
966 | |
967 /* header name */ | |
968 case sw_name: | |
969 c = (u_char) (ch | 0x20); | |
970 if (c >= 'a' && c <= 'z') { | |
971 break; | |
972 } | |
973 | |
974 if (ch == ':') { | |
975 ctx->header_name_end = p; | |
976 state = sw_space_before_value; | |
977 break; | |
978 } | |
979 | |
980 if (ch == '-') { | |
981 break; | |
982 } | |
983 | |
984 if (ch >= '0' && ch <= '9') { | |
985 break; | |
986 } | |
987 | |
988 if (ch == CR) { | |
989 ctx->header_name_end = p; | |
990 ctx->header_start = p; | |
991 ctx->header_end = p; | |
992 state = sw_almost_done; | |
993 break; | |
994 } | |
995 | |
996 if (ch == LF) { | |
997 ctx->header_name_end = p; | |
998 ctx->header_start = p; | |
999 ctx->header_end = p; | |
1000 goto done; | |
1001 } | |
1002 | |
1003 return NGX_ERROR; | |
1004 | |
1005 /* space* before header value */ | |
1006 case sw_space_before_value: | |
1007 switch (ch) { | |
1008 case ' ': | |
1009 break; | |
1010 case CR: | |
1011 ctx->header_start = p; | |
1012 ctx->header_end = p; | |
1013 state = sw_almost_done; | |
1014 break; | |
1015 case LF: | |
1016 ctx->header_start = p; | |
1017 ctx->header_end = p; | |
1018 goto done; | |
1019 default: | |
1020 ctx->header_start = p; | |
1021 state = sw_value; | |
1022 break; | |
1023 } | |
1024 break; | |
1025 | |
1026 /* header value */ | |
1027 case sw_value: | |
1028 switch (ch) { | |
1029 case ' ': | |
1030 ctx->header_end = p; | |
1031 state = sw_space_after_value; | |
1032 break; | |
1033 case CR: | |
1034 ctx->header_end = p; | |
1035 state = sw_almost_done; | |
1036 break; | |
1037 case LF: | |
1038 ctx->header_end = p; | |
1039 goto done; | |
1040 } | |
1041 break; | |
1042 | |
1043 /* space* before end of header line */ | |
1044 case sw_space_after_value: | |
1045 switch (ch) { | |
1046 case ' ': | |
1047 break; | |
1048 case CR: | |
1049 state = sw_almost_done; | |
1050 break; | |
1051 case LF: | |
1052 goto done; | |
1053 default: | |
1054 state = sw_value; | |
1055 break; | |
1056 } | |
1057 break; | |
1058 | |
1059 /* end of header line */ | |
1060 case sw_almost_done: | |
1061 switch (ch) { | |
1062 case LF: | |
1063 goto done; | |
1064 default: | |
1065 return NGX_ERROR; | |
1066 } | |
1067 | |
1068 /* end of header */ | |
1069 case sw_header_almost_done: | |
1070 switch (ch) { | |
1071 case LF: | |
1072 goto header_done; | |
1073 default: | |
1074 return NGX_ERROR; | |
1075 } | |
1076 } | |
1077 } | |
1078 | |
1079 ctx->response->pos = p; | |
1080 ctx->state = state; | |
1081 | |
1082 return NGX_AGAIN; | |
1083 | |
1084 done: | |
1085 | |
1086 ctx->response->pos = p + 1; | |
1087 ctx->state = sw_start; | |
1088 | |
1089 return NGX_OK; | |
1090 | |
1091 header_done: | |
1092 | |
1093 ctx->response->pos = p + 1; | |
1094 ctx->state = sw_start; | |
1095 | |
1096 return NGX_DONE; | |
521 | 1097 } |
1098 | |
1099 | |
1100 static void | |
1136 | 1101 ngx_mail_auth_http_block_read(ngx_event_t *rev) |
521 | 1102 { |
1103 ngx_connection_t *c; | |
1136 | 1104 ngx_mail_session_t *s; |
1105 ngx_mail_auth_http_ctx_t *ctx; | |
521 | 1106 |
1136 | 1107 ngx_log_debug0(NGX_LOG_DEBUG_MAIL, rev->log, 0, |
1108 "mail auth http block read"); | |
521 | 1109 |
2388
722b5aff05ae
use "!= NGX_OK" instead of "== NGX_ERROR"
Igor Sysoev <igor@sysoev.ru>
parents:
2310
diff
changeset
|
1110 if (ngx_handle_read_event(rev, 0) != NGX_OK) { |
521 | 1111 c = rev->data; |
1112 s = c->data; | |
1113 | |
1136 | 1114 ctx = ngx_mail_get_module_ctx(s, ngx_mail_auth_http_module); |
521 | 1115 |
525 | 1116 ngx_close_connection(ctx->peer.connection); |
547 | 1117 ngx_destroy_pool(ctx->pool); |
1136 | 1118 ngx_mail_session_internal_server_error(s); |
521 | 1119 } |
1120 } | |
1121 | |
1122 | |
1123 static void | |
1136 | 1124 ngx_mail_auth_http_dummy_handler(ngx_event_t *ev) |
521 | 1125 { |
1136 | 1126 ngx_log_debug0(NGX_LOG_DEBUG_MAIL, ev->log, 0, |
1127 "mail auth http dummy handler"); | |
521 | 1128 } |
1129 | |
1130 | |
1131 static ngx_buf_t * | |
1136 | 1132 ngx_mail_auth_http_create_request(ngx_mail_session_t *s, ngx_pool_t *pool, |
1133 ngx_mail_auth_http_conf_t *ahcf) | |
521 | 1134 { |
1487
f69493e8faab
ngx_mail_pop3_module, ngx_mail_imap_module, and ngx_mail_smtp_module
Igor Sysoev <igor@sysoev.ru>
parents:
1478
diff
changeset
|
1135 size_t len; |
f69493e8faab
ngx_mail_pop3_module, ngx_mail_imap_module, and ngx_mail_smtp_module
Igor Sysoev <igor@sysoev.ru>
parents:
1478
diff
changeset
|
1136 ngx_buf_t *b; |
f69493e8faab
ngx_mail_pop3_module, ngx_mail_imap_module, and ngx_mail_smtp_module
Igor Sysoev <igor@sysoev.ru>
parents:
1478
diff
changeset
|
1137 ngx_str_t login, passwd; |
7801
777373b5a169
Mail: fixed build without SSL.
Maxim Dounin <mdounin@mdounin.ru>
parents:
7794
diff
changeset
|
1138 ngx_connection_t *c; |
5989
ec01b1d1fff1
Mail: client SSL certificates support.
Maxim Dounin <mdounin@mdounin.ru>
parents:
5988
diff
changeset
|
1139 #if (NGX_MAIL_SSL) |
ec01b1d1fff1
Mail: client SSL certificates support.
Maxim Dounin <mdounin@mdounin.ru>
parents:
5988
diff
changeset
|
1140 ngx_str_t verify, subject, issuer, serial, fingerprint, |
ec01b1d1fff1
Mail: client SSL certificates support.
Maxim Dounin <mdounin@mdounin.ru>
parents:
5988
diff
changeset
|
1141 raw_cert, cert; |
5990
6a7c6973d6fc
Mail: don't emit Auth-SSL-Verify with disabled ssl_verify_client.
Sergey Kandaurov <pluknet@nginx.com>
parents:
5989
diff
changeset
|
1142 ngx_mail_ssl_conf_t *sslcf; |
5989
ec01b1d1fff1
Mail: client SSL certificates support.
Maxim Dounin <mdounin@mdounin.ru>
parents:
5988
diff
changeset
|
1143 #endif |
1487
f69493e8faab
ngx_mail_pop3_module, ngx_mail_imap_module, and ngx_mail_smtp_module
Igor Sysoev <igor@sysoev.ru>
parents:
1478
diff
changeset
|
1144 ngx_mail_core_srv_conf_t *cscf; |
633 | 1145 |
1136 | 1146 if (ngx_mail_auth_http_escape(pool, &s->login, &login) != NGX_OK) { |
633 | 1147 return NULL; |
1148 } | |
1149 | |
1136 | 1150 if (ngx_mail_auth_http_escape(pool, &s->passwd, &passwd) != NGX_OK) { |
633 | 1151 return NULL; |
1152 } | |
521 | 1153 |
7801
777373b5a169
Mail: fixed build without SSL.
Maxim Dounin <mdounin@mdounin.ru>
parents:
7794
diff
changeset
|
1154 c = s->connection; |
777373b5a169
Mail: fixed build without SSL.
Maxim Dounin <mdounin@mdounin.ru>
parents:
7794
diff
changeset
|
1155 |
5989
ec01b1d1fff1
Mail: client SSL certificates support.
Maxim Dounin <mdounin@mdounin.ru>
parents:
5988
diff
changeset
|
1156 #if (NGX_MAIL_SSL) |
ec01b1d1fff1
Mail: client SSL certificates support.
Maxim Dounin <mdounin@mdounin.ru>
parents:
5988
diff
changeset
|
1157 |
5990
6a7c6973d6fc
Mail: don't emit Auth-SSL-Verify with disabled ssl_verify_client.
Sergey Kandaurov <pluknet@nginx.com>
parents:
5989
diff
changeset
|
1158 sslcf = ngx_mail_get_module_srv_conf(s, ngx_mail_ssl_module); |
5989
ec01b1d1fff1
Mail: client SSL certificates support.
Maxim Dounin <mdounin@mdounin.ru>
parents:
5988
diff
changeset
|
1159 |
5990
6a7c6973d6fc
Mail: don't emit Auth-SSL-Verify with disabled ssl_verify_client.
Sergey Kandaurov <pluknet@nginx.com>
parents:
5989
diff
changeset
|
1160 if (c->ssl && sslcf->verify) { |
5989
ec01b1d1fff1
Mail: client SSL certificates support.
Maxim Dounin <mdounin@mdounin.ru>
parents:
5988
diff
changeset
|
1161 |
ec01b1d1fff1
Mail: client SSL certificates support.
Maxim Dounin <mdounin@mdounin.ru>
parents:
5988
diff
changeset
|
1162 /* certificate details */ |
ec01b1d1fff1
Mail: client SSL certificates support.
Maxim Dounin <mdounin@mdounin.ru>
parents:
5988
diff
changeset
|
1163 |
ec01b1d1fff1
Mail: client SSL certificates support.
Maxim Dounin <mdounin@mdounin.ru>
parents:
5988
diff
changeset
|
1164 if (ngx_ssl_get_client_verify(c, pool, &verify) != NGX_OK) { |
ec01b1d1fff1
Mail: client SSL certificates support.
Maxim Dounin <mdounin@mdounin.ru>
parents:
5988
diff
changeset
|
1165 return NULL; |
ec01b1d1fff1
Mail: client SSL certificates support.
Maxim Dounin <mdounin@mdounin.ru>
parents:
5988
diff
changeset
|
1166 } |
ec01b1d1fff1
Mail: client SSL certificates support.
Maxim Dounin <mdounin@mdounin.ru>
parents:
5988
diff
changeset
|
1167 |
ec01b1d1fff1
Mail: client SSL certificates support.
Maxim Dounin <mdounin@mdounin.ru>
parents:
5988
diff
changeset
|
1168 if (ngx_ssl_get_subject_dn(c, pool, &subject) != NGX_OK) { |
ec01b1d1fff1
Mail: client SSL certificates support.
Maxim Dounin <mdounin@mdounin.ru>
parents:
5988
diff
changeset
|
1169 return NULL; |
ec01b1d1fff1
Mail: client SSL certificates support.
Maxim Dounin <mdounin@mdounin.ru>
parents:
5988
diff
changeset
|
1170 } |
ec01b1d1fff1
Mail: client SSL certificates support.
Maxim Dounin <mdounin@mdounin.ru>
parents:
5988
diff
changeset
|
1171 |
ec01b1d1fff1
Mail: client SSL certificates support.
Maxim Dounin <mdounin@mdounin.ru>
parents:
5988
diff
changeset
|
1172 if (ngx_ssl_get_issuer_dn(c, pool, &issuer) != NGX_OK) { |
ec01b1d1fff1
Mail: client SSL certificates support.
Maxim Dounin <mdounin@mdounin.ru>
parents:
5988
diff
changeset
|
1173 return NULL; |
ec01b1d1fff1
Mail: client SSL certificates support.
Maxim Dounin <mdounin@mdounin.ru>
parents:
5988
diff
changeset
|
1174 } |
ec01b1d1fff1
Mail: client SSL certificates support.
Maxim Dounin <mdounin@mdounin.ru>
parents:
5988
diff
changeset
|
1175 |
ec01b1d1fff1
Mail: client SSL certificates support.
Maxim Dounin <mdounin@mdounin.ru>
parents:
5988
diff
changeset
|
1176 if (ngx_ssl_get_serial_number(c, pool, &serial) != NGX_OK) { |
ec01b1d1fff1
Mail: client SSL certificates support.
Maxim Dounin <mdounin@mdounin.ru>
parents:
5988
diff
changeset
|
1177 return NULL; |
ec01b1d1fff1
Mail: client SSL certificates support.
Maxim Dounin <mdounin@mdounin.ru>
parents:
5988
diff
changeset
|
1178 } |
ec01b1d1fff1
Mail: client SSL certificates support.
Maxim Dounin <mdounin@mdounin.ru>
parents:
5988
diff
changeset
|
1179 |
ec01b1d1fff1
Mail: client SSL certificates support.
Maxim Dounin <mdounin@mdounin.ru>
parents:
5988
diff
changeset
|
1180 if (ngx_ssl_get_fingerprint(c, pool, &fingerprint) != NGX_OK) { |
ec01b1d1fff1
Mail: client SSL certificates support.
Maxim Dounin <mdounin@mdounin.ru>
parents:
5988
diff
changeset
|
1181 return NULL; |
ec01b1d1fff1
Mail: client SSL certificates support.
Maxim Dounin <mdounin@mdounin.ru>
parents:
5988
diff
changeset
|
1182 } |
ec01b1d1fff1
Mail: client SSL certificates support.
Maxim Dounin <mdounin@mdounin.ru>
parents:
5988
diff
changeset
|
1183 |
ec01b1d1fff1
Mail: client SSL certificates support.
Maxim Dounin <mdounin@mdounin.ru>
parents:
5988
diff
changeset
|
1184 if (ahcf->pass_client_cert) { |
ec01b1d1fff1
Mail: client SSL certificates support.
Maxim Dounin <mdounin@mdounin.ru>
parents:
5988
diff
changeset
|
1185 |
ec01b1d1fff1
Mail: client SSL certificates support.
Maxim Dounin <mdounin@mdounin.ru>
parents:
5988
diff
changeset
|
1186 /* certificate itself, if configured */ |
ec01b1d1fff1
Mail: client SSL certificates support.
Maxim Dounin <mdounin@mdounin.ru>
parents:
5988
diff
changeset
|
1187 |
ec01b1d1fff1
Mail: client SSL certificates support.
Maxim Dounin <mdounin@mdounin.ru>
parents:
5988
diff
changeset
|
1188 if (ngx_ssl_get_raw_certificate(c, pool, &raw_cert) != NGX_OK) { |
ec01b1d1fff1
Mail: client SSL certificates support.
Maxim Dounin <mdounin@mdounin.ru>
parents:
5988
diff
changeset
|
1189 return NULL; |
ec01b1d1fff1
Mail: client SSL certificates support.
Maxim Dounin <mdounin@mdounin.ru>
parents:
5988
diff
changeset
|
1190 } |
ec01b1d1fff1
Mail: client SSL certificates support.
Maxim Dounin <mdounin@mdounin.ru>
parents:
5988
diff
changeset
|
1191 |
ec01b1d1fff1
Mail: client SSL certificates support.
Maxim Dounin <mdounin@mdounin.ru>
parents:
5988
diff
changeset
|
1192 if (ngx_mail_auth_http_escape(pool, &raw_cert, &cert) != NGX_OK) { |
ec01b1d1fff1
Mail: client SSL certificates support.
Maxim Dounin <mdounin@mdounin.ru>
parents:
5988
diff
changeset
|
1193 return NULL; |
ec01b1d1fff1
Mail: client SSL certificates support.
Maxim Dounin <mdounin@mdounin.ru>
parents:
5988
diff
changeset
|
1194 } |
ec01b1d1fff1
Mail: client SSL certificates support.
Maxim Dounin <mdounin@mdounin.ru>
parents:
5988
diff
changeset
|
1195 |
ec01b1d1fff1
Mail: client SSL certificates support.
Maxim Dounin <mdounin@mdounin.ru>
parents:
5988
diff
changeset
|
1196 } else { |
ec01b1d1fff1
Mail: client SSL certificates support.
Maxim Dounin <mdounin@mdounin.ru>
parents:
5988
diff
changeset
|
1197 ngx_str_null(&cert); |
ec01b1d1fff1
Mail: client SSL certificates support.
Maxim Dounin <mdounin@mdounin.ru>
parents:
5988
diff
changeset
|
1198 } |
ec01b1d1fff1
Mail: client SSL certificates support.
Maxim Dounin <mdounin@mdounin.ru>
parents:
5988
diff
changeset
|
1199 |
ec01b1d1fff1
Mail: client SSL certificates support.
Maxim Dounin <mdounin@mdounin.ru>
parents:
5988
diff
changeset
|
1200 } else { |
ec01b1d1fff1
Mail: client SSL certificates support.
Maxim Dounin <mdounin@mdounin.ru>
parents:
5988
diff
changeset
|
1201 ngx_str_null(&verify); |
ec01b1d1fff1
Mail: client SSL certificates support.
Maxim Dounin <mdounin@mdounin.ru>
parents:
5988
diff
changeset
|
1202 ngx_str_null(&subject); |
ec01b1d1fff1
Mail: client SSL certificates support.
Maxim Dounin <mdounin@mdounin.ru>
parents:
5988
diff
changeset
|
1203 ngx_str_null(&issuer); |
ec01b1d1fff1
Mail: client SSL certificates support.
Maxim Dounin <mdounin@mdounin.ru>
parents:
5988
diff
changeset
|
1204 ngx_str_null(&serial); |
ec01b1d1fff1
Mail: client SSL certificates support.
Maxim Dounin <mdounin@mdounin.ru>
parents:
5988
diff
changeset
|
1205 ngx_str_null(&fingerprint); |
ec01b1d1fff1
Mail: client SSL certificates support.
Maxim Dounin <mdounin@mdounin.ru>
parents:
5988
diff
changeset
|
1206 ngx_str_null(&cert); |
ec01b1d1fff1
Mail: client SSL certificates support.
Maxim Dounin <mdounin@mdounin.ru>
parents:
5988
diff
changeset
|
1207 } |
ec01b1d1fff1
Mail: client SSL certificates support.
Maxim Dounin <mdounin@mdounin.ru>
parents:
5988
diff
changeset
|
1208 |
ec01b1d1fff1
Mail: client SSL certificates support.
Maxim Dounin <mdounin@mdounin.ru>
parents:
5988
diff
changeset
|
1209 #endif |
ec01b1d1fff1
Mail: client SSL certificates support.
Maxim Dounin <mdounin@mdounin.ru>
parents:
5988
diff
changeset
|
1210 |
1487
f69493e8faab
ngx_mail_pop3_module, ngx_mail_imap_module, and ngx_mail_smtp_module
Igor Sysoev <igor@sysoev.ru>
parents:
1478
diff
changeset
|
1211 cscf = ngx_mail_get_module_srv_conf(s, ngx_mail_core_module); |
f69493e8faab
ngx_mail_pop3_module, ngx_mail_imap_module, and ngx_mail_smtp_module
Igor Sysoev <igor@sysoev.ru>
parents:
1478
diff
changeset
|
1212 |
521 | 1213 len = sizeof("GET ") - 1 + ahcf->uri.len + sizeof(" HTTP/1.0" CRLF) - 1 |
1214 + sizeof("Host: ") - 1 + ahcf->host_header.len + sizeof(CRLF) - 1 | |
856
0197d6aae54e
use correct auth method length
Igor Sysoev <igor@sysoev.ru>
parents:
854
diff
changeset
|
1215 + sizeof("Auth-Method: ") - 1 |
1136 | 1216 + ngx_mail_auth_http_method[s->auth_method].len |
856
0197d6aae54e
use correct auth method length
Igor Sysoev <igor@sysoev.ru>
parents:
854
diff
changeset
|
1217 + sizeof(CRLF) - 1 |
633 | 1218 + sizeof("Auth-User: ") - 1 + login.len + sizeof(CRLF) - 1 |
1219 + sizeof("Auth-Pass: ") - 1 + passwd.len + sizeof(CRLF) - 1 | |
800 | 1220 + sizeof("Auth-Salt: ") - 1 + s->salt.len |
1487
f69493e8faab
ngx_mail_pop3_module, ngx_mail_imap_module, and ngx_mail_smtp_module
Igor Sysoev <igor@sysoev.ru>
parents:
1478
diff
changeset
|
1221 + sizeof("Auth-Protocol: ") - 1 + cscf->protocol->name.len |
f69493e8faab
ngx_mail_pop3_module, ngx_mail_imap_module, and ngx_mail_smtp_module
Igor Sysoev <igor@sysoev.ru>
parents:
1478
diff
changeset
|
1222 + sizeof(CRLF) - 1 |
527 | 1223 + sizeof("Auth-Login-Attempt: ") - 1 + NGX_INT_T_LEN |
1224 + sizeof(CRLF) - 1 | |
521 | 1225 + sizeof("Client-IP: ") - 1 + s->connection->addr_text.len |
1226 + sizeof(CRLF) - 1 | |
2309 | 1227 + sizeof("Client-Host: ") - 1 + s->host.len + sizeof(CRLF) - 1 |
1285
0c10dc6a8e74
fix memory allocation for auth_http_header
Igor Sysoev <igor@sysoev.ru>
parents:
1166
diff
changeset
|
1228 + ahcf->header.len |
521 | 1229 + sizeof(CRLF) - 1; |
1230 | |
7794
12ea1de7d87c
Mail: parsing of the PROXY protocol from clients.
Maxim Dounin <mdounin@mdounin.ru>
parents:
7793
diff
changeset
|
1231 if (c->proxy_protocol) { |
12ea1de7d87c
Mail: parsing of the PROXY protocol from clients.
Maxim Dounin <mdounin@mdounin.ru>
parents:
7793
diff
changeset
|
1232 len += sizeof("Proxy-Protocol-Addr: ") - 1 |
12ea1de7d87c
Mail: parsing of the PROXY protocol from clients.
Maxim Dounin <mdounin@mdounin.ru>
parents:
7793
diff
changeset
|
1233 + c->proxy_protocol->src_addr.len + sizeof(CRLF) - 1 |
12ea1de7d87c
Mail: parsing of the PROXY protocol from clients.
Maxim Dounin <mdounin@mdounin.ru>
parents:
7793
diff
changeset
|
1234 + sizeof("Proxy-Protocol-Port: ") - 1 |
12ea1de7d87c
Mail: parsing of the PROXY protocol from clients.
Maxim Dounin <mdounin@mdounin.ru>
parents:
7793
diff
changeset
|
1235 + sizeof("65535") - 1 + sizeof(CRLF) - 1 |
12ea1de7d87c
Mail: parsing of the PROXY protocol from clients.
Maxim Dounin <mdounin@mdounin.ru>
parents:
7793
diff
changeset
|
1236 + sizeof("Proxy-Protocol-Server-Addr: ") - 1 |
12ea1de7d87c
Mail: parsing of the PROXY protocol from clients.
Maxim Dounin <mdounin@mdounin.ru>
parents:
7793
diff
changeset
|
1237 + c->proxy_protocol->dst_addr.len + sizeof(CRLF) - 1 |
12ea1de7d87c
Mail: parsing of the PROXY protocol from clients.
Maxim Dounin <mdounin@mdounin.ru>
parents:
7793
diff
changeset
|
1238 + sizeof("Proxy-Protocol-Server-Port: ") - 1 |
12ea1de7d87c
Mail: parsing of the PROXY protocol from clients.
Maxim Dounin <mdounin@mdounin.ru>
parents:
7793
diff
changeset
|
1239 + sizeof("65535") - 1 + sizeof(CRLF) - 1; |
12ea1de7d87c
Mail: parsing of the PROXY protocol from clients.
Maxim Dounin <mdounin@mdounin.ru>
parents:
7793
diff
changeset
|
1240 } |
12ea1de7d87c
Mail: parsing of the PROXY protocol from clients.
Maxim Dounin <mdounin@mdounin.ru>
parents:
7793
diff
changeset
|
1241 |
7793
44ebeeceb70e
Mail: made auth http creating request easier to extend.
Maxim Dounin <mdounin@mdounin.ru>
parents:
6774
diff
changeset
|
1242 if (s->auth_method == NGX_MAIL_AUTH_NONE) { |
44ebeeceb70e
Mail: made auth http creating request easier to extend.
Maxim Dounin <mdounin@mdounin.ru>
parents:
6774
diff
changeset
|
1243 len += sizeof("Auth-SMTP-Helo: ") - 1 + s->smtp_helo.len |
44ebeeceb70e
Mail: made auth http creating request easier to extend.
Maxim Dounin <mdounin@mdounin.ru>
parents:
6774
diff
changeset
|
1244 + sizeof(CRLF) - 1 |
44ebeeceb70e
Mail: made auth http creating request easier to extend.
Maxim Dounin <mdounin@mdounin.ru>
parents:
6774
diff
changeset
|
1245 + sizeof("Auth-SMTP-From: ") - 1 + s->smtp_from.len |
44ebeeceb70e
Mail: made auth http creating request easier to extend.
Maxim Dounin <mdounin@mdounin.ru>
parents:
6774
diff
changeset
|
1246 + sizeof(CRLF) - 1 |
44ebeeceb70e
Mail: made auth http creating request easier to extend.
Maxim Dounin <mdounin@mdounin.ru>
parents:
6774
diff
changeset
|
1247 + sizeof("Auth-SMTP-To: ") - 1 + s->smtp_to.len |
44ebeeceb70e
Mail: made auth http creating request easier to extend.
Maxim Dounin <mdounin@mdounin.ru>
parents:
6774
diff
changeset
|
1248 + sizeof(CRLF) - 1; |
44ebeeceb70e
Mail: made auth http creating request easier to extend.
Maxim Dounin <mdounin@mdounin.ru>
parents:
6774
diff
changeset
|
1249 } |
44ebeeceb70e
Mail: made auth http creating request easier to extend.
Maxim Dounin <mdounin@mdounin.ru>
parents:
6774
diff
changeset
|
1250 |
44ebeeceb70e
Mail: made auth http creating request easier to extend.
Maxim Dounin <mdounin@mdounin.ru>
parents:
6774
diff
changeset
|
1251 #if (NGX_MAIL_SSL) |
44ebeeceb70e
Mail: made auth http creating request easier to extend.
Maxim Dounin <mdounin@mdounin.ru>
parents:
6774
diff
changeset
|
1252 |
44ebeeceb70e
Mail: made auth http creating request easier to extend.
Maxim Dounin <mdounin@mdounin.ru>
parents:
6774
diff
changeset
|
1253 if (c->ssl) { |
44ebeeceb70e
Mail: made auth http creating request easier to extend.
Maxim Dounin <mdounin@mdounin.ru>
parents:
6774
diff
changeset
|
1254 len += sizeof("Auth-SSL: on" CRLF) - 1 |
44ebeeceb70e
Mail: made auth http creating request easier to extend.
Maxim Dounin <mdounin@mdounin.ru>
parents:
6774
diff
changeset
|
1255 + sizeof("Auth-SSL-Verify: ") - 1 + verify.len |
44ebeeceb70e
Mail: made auth http creating request easier to extend.
Maxim Dounin <mdounin@mdounin.ru>
parents:
6774
diff
changeset
|
1256 + sizeof(CRLF) - 1 |
44ebeeceb70e
Mail: made auth http creating request easier to extend.
Maxim Dounin <mdounin@mdounin.ru>
parents:
6774
diff
changeset
|
1257 + sizeof("Auth-SSL-Subject: ") - 1 + subject.len |
44ebeeceb70e
Mail: made auth http creating request easier to extend.
Maxim Dounin <mdounin@mdounin.ru>
parents:
6774
diff
changeset
|
1258 + sizeof(CRLF) - 1 |
44ebeeceb70e
Mail: made auth http creating request easier to extend.
Maxim Dounin <mdounin@mdounin.ru>
parents:
6774
diff
changeset
|
1259 + sizeof("Auth-SSL-Issuer: ") - 1 + issuer.len |
44ebeeceb70e
Mail: made auth http creating request easier to extend.
Maxim Dounin <mdounin@mdounin.ru>
parents:
6774
diff
changeset
|
1260 + sizeof(CRLF) - 1 |
44ebeeceb70e
Mail: made auth http creating request easier to extend.
Maxim Dounin <mdounin@mdounin.ru>
parents:
6774
diff
changeset
|
1261 + sizeof("Auth-SSL-Serial: ") - 1 + serial.len |
44ebeeceb70e
Mail: made auth http creating request easier to extend.
Maxim Dounin <mdounin@mdounin.ru>
parents:
6774
diff
changeset
|
1262 + sizeof(CRLF) - 1 |
44ebeeceb70e
Mail: made auth http creating request easier to extend.
Maxim Dounin <mdounin@mdounin.ru>
parents:
6774
diff
changeset
|
1263 + sizeof("Auth-SSL-Fingerprint: ") - 1 + fingerprint.len |
44ebeeceb70e
Mail: made auth http creating request easier to extend.
Maxim Dounin <mdounin@mdounin.ru>
parents:
6774
diff
changeset
|
1264 + sizeof(CRLF) - 1 |
44ebeeceb70e
Mail: made auth http creating request easier to extend.
Maxim Dounin <mdounin@mdounin.ru>
parents:
6774
diff
changeset
|
1265 + sizeof("Auth-SSL-Cert: ") - 1 + cert.len |
44ebeeceb70e
Mail: made auth http creating request easier to extend.
Maxim Dounin <mdounin@mdounin.ru>
parents:
6774
diff
changeset
|
1266 + sizeof(CRLF) - 1; |
44ebeeceb70e
Mail: made auth http creating request easier to extend.
Maxim Dounin <mdounin@mdounin.ru>
parents:
6774
diff
changeset
|
1267 } |
44ebeeceb70e
Mail: made auth http creating request easier to extend.
Maxim Dounin <mdounin@mdounin.ru>
parents:
6774
diff
changeset
|
1268 |
44ebeeceb70e
Mail: made auth http creating request easier to extend.
Maxim Dounin <mdounin@mdounin.ru>
parents:
6774
diff
changeset
|
1269 #endif |
44ebeeceb70e
Mail: made auth http creating request easier to extend.
Maxim Dounin <mdounin@mdounin.ru>
parents:
6774
diff
changeset
|
1270 |
547 | 1271 b = ngx_create_temp_buf(pool, len); |
521 | 1272 if (b == NULL) { |
1273 return NULL; | |
1274 } | |
1275 | |
1276 b->last = ngx_cpymem(b->last, "GET ", sizeof("GET ") - 1); | |
573 | 1277 b->last = ngx_copy(b->last, ahcf->uri.data, ahcf->uri.len); |
521 | 1278 b->last = ngx_cpymem(b->last, " HTTP/1.0" CRLF, |
1279 sizeof(" HTTP/1.0" CRLF) - 1); | |
1280 | |
1281 b->last = ngx_cpymem(b->last, "Host: ", sizeof("Host: ") - 1); | |
573 | 1282 b->last = ngx_copy(b->last, ahcf->host_header.data, |
521 | 1283 ahcf->host_header.len); |
1284 *b->last++ = CR; *b->last++ = LF; | |
1285 | |
800 | 1286 b->last = ngx_cpymem(b->last, "Auth-Method: ", |
1287 sizeof("Auth-Method: ") - 1); | |
1288 b->last = ngx_cpymem(b->last, | |
1136 | 1289 ngx_mail_auth_http_method[s->auth_method].data, |
1290 ngx_mail_auth_http_method[s->auth_method].len); | |
800 | 1291 *b->last++ = CR; *b->last++ = LF; |
521 | 1292 |
1293 b->last = ngx_cpymem(b->last, "Auth-User: ", sizeof("Auth-User: ") - 1); | |
633 | 1294 b->last = ngx_copy(b->last, login.data, login.len); |
521 | 1295 *b->last++ = CR; *b->last++ = LF; |
1296 | |
1297 b->last = ngx_cpymem(b->last, "Auth-Pass: ", sizeof("Auth-Pass: ") - 1); | |
633 | 1298 b->last = ngx_copy(b->last, passwd.data, passwd.len); |
521 | 1299 *b->last++ = CR; *b->last++ = LF; |
1300 | |
1136 | 1301 if (s->auth_method != NGX_MAIL_AUTH_PLAIN && s->salt.len) { |
800 | 1302 b->last = ngx_cpymem(b->last, "Auth-Salt: ", sizeof("Auth-Salt: ") - 1); |
1303 b->last = ngx_copy(b->last, s->salt.data, s->salt.len); | |
1304 | |
1305 s->passwd.data = NULL; | |
1306 } | |
1307 | |
521 | 1308 b->last = ngx_cpymem(b->last, "Auth-Protocol: ", |
1309 sizeof("Auth-Protocol: ") - 1); | |
1487
f69493e8faab
ngx_mail_pop3_module, ngx_mail_imap_module, and ngx_mail_smtp_module
Igor Sysoev <igor@sysoev.ru>
parents:
1478
diff
changeset
|
1310 b->last = ngx_cpymem(b->last, cscf->protocol->name.data, |
f69493e8faab
ngx_mail_pop3_module, ngx_mail_imap_module, and ngx_mail_smtp_module
Igor Sysoev <igor@sysoev.ru>
parents:
1478
diff
changeset
|
1311 cscf->protocol->name.len); |
521 | 1312 *b->last++ = CR; *b->last++ = LF; |
1313 | |
527 | 1314 b->last = ngx_sprintf(b->last, "Auth-Login-Attempt: %ui" CRLF, |
1315 s->login_attempt); | |
1316 | |
521 | 1317 b->last = ngx_cpymem(b->last, "Client-IP: ", sizeof("Client-IP: ") - 1); |
573 | 1318 b->last = ngx_copy(b->last, s->connection->addr_text.data, |
2309 | 1319 s->connection->addr_text.len); |
521 | 1320 *b->last++ = CR; *b->last++ = LF; |
1321 | |
2309 | 1322 if (s->host.len) { |
1323 b->last = ngx_cpymem(b->last, "Client-Host: ", | |
1324 sizeof("Client-Host: ") - 1); | |
1325 b->last = ngx_copy(b->last, s->host.data, s->host.len); | |
1326 *b->last++ = CR; *b->last++ = LF; | |
1327 } | |
1328 | |
7794
12ea1de7d87c
Mail: parsing of the PROXY protocol from clients.
Maxim Dounin <mdounin@mdounin.ru>
parents:
7793
diff
changeset
|
1329 if (c->proxy_protocol) { |
12ea1de7d87c
Mail: parsing of the PROXY protocol from clients.
Maxim Dounin <mdounin@mdounin.ru>
parents:
7793
diff
changeset
|
1330 b->last = ngx_cpymem(b->last, "Proxy-Protocol-Addr: ", |
12ea1de7d87c
Mail: parsing of the PROXY protocol from clients.
Maxim Dounin <mdounin@mdounin.ru>
parents:
7793
diff
changeset
|
1331 sizeof("Proxy-Protocol-Addr: ") - 1); |
12ea1de7d87c
Mail: parsing of the PROXY protocol from clients.
Maxim Dounin <mdounin@mdounin.ru>
parents:
7793
diff
changeset
|
1332 b->last = ngx_copy(b->last, c->proxy_protocol->src_addr.data, |
12ea1de7d87c
Mail: parsing of the PROXY protocol from clients.
Maxim Dounin <mdounin@mdounin.ru>
parents:
7793
diff
changeset
|
1333 c->proxy_protocol->src_addr.len); |
12ea1de7d87c
Mail: parsing of the PROXY protocol from clients.
Maxim Dounin <mdounin@mdounin.ru>
parents:
7793
diff
changeset
|
1334 *b->last++ = CR; *b->last++ = LF; |
12ea1de7d87c
Mail: parsing of the PROXY protocol from clients.
Maxim Dounin <mdounin@mdounin.ru>
parents:
7793
diff
changeset
|
1335 |
12ea1de7d87c
Mail: parsing of the PROXY protocol from clients.
Maxim Dounin <mdounin@mdounin.ru>
parents:
7793
diff
changeset
|
1336 b->last = ngx_sprintf(b->last, "Proxy-Protocol-Port: %d" CRLF, |
12ea1de7d87c
Mail: parsing of the PROXY protocol from clients.
Maxim Dounin <mdounin@mdounin.ru>
parents:
7793
diff
changeset
|
1337 c->proxy_protocol->src_port); |
12ea1de7d87c
Mail: parsing of the PROXY protocol from clients.
Maxim Dounin <mdounin@mdounin.ru>
parents:
7793
diff
changeset
|
1338 |
12ea1de7d87c
Mail: parsing of the PROXY protocol from clients.
Maxim Dounin <mdounin@mdounin.ru>
parents:
7793
diff
changeset
|
1339 b->last = ngx_cpymem(b->last, "Proxy-Protocol-Server-Addr: ", |
12ea1de7d87c
Mail: parsing of the PROXY protocol from clients.
Maxim Dounin <mdounin@mdounin.ru>
parents:
7793
diff
changeset
|
1340 sizeof("Proxy-Protocol-Server-Addr: ") - 1); |
12ea1de7d87c
Mail: parsing of the PROXY protocol from clients.
Maxim Dounin <mdounin@mdounin.ru>
parents:
7793
diff
changeset
|
1341 b->last = ngx_copy(b->last, c->proxy_protocol->dst_addr.data, |
12ea1de7d87c
Mail: parsing of the PROXY protocol from clients.
Maxim Dounin <mdounin@mdounin.ru>
parents:
7793
diff
changeset
|
1342 c->proxy_protocol->dst_addr.len); |
12ea1de7d87c
Mail: parsing of the PROXY protocol from clients.
Maxim Dounin <mdounin@mdounin.ru>
parents:
7793
diff
changeset
|
1343 *b->last++ = CR; *b->last++ = LF; |
12ea1de7d87c
Mail: parsing of the PROXY protocol from clients.
Maxim Dounin <mdounin@mdounin.ru>
parents:
7793
diff
changeset
|
1344 |
12ea1de7d87c
Mail: parsing of the PROXY protocol from clients.
Maxim Dounin <mdounin@mdounin.ru>
parents:
7793
diff
changeset
|
1345 b->last = ngx_sprintf(b->last, "Proxy-Protocol-Server-Port: %d" CRLF, |
12ea1de7d87c
Mail: parsing of the PROXY protocol from clients.
Maxim Dounin <mdounin@mdounin.ru>
parents:
7793
diff
changeset
|
1346 c->proxy_protocol->dst_port); |
12ea1de7d87c
Mail: parsing of the PROXY protocol from clients.
Maxim Dounin <mdounin@mdounin.ru>
parents:
7793
diff
changeset
|
1347 } |
12ea1de7d87c
Mail: parsing of the PROXY protocol from clients.
Maxim Dounin <mdounin@mdounin.ru>
parents:
7793
diff
changeset
|
1348 |
2309 | 1349 if (s->auth_method == NGX_MAIL_AUTH_NONE) { |
1350 | |
1351 /* HELO, MAIL FROM, and RCPT TO can't contain CRLF, no need to escape */ | |
1352 | |
1353 b->last = ngx_cpymem(b->last, "Auth-SMTP-Helo: ", | |
1354 sizeof("Auth-SMTP-Helo: ") - 1); | |
1355 b->last = ngx_copy(b->last, s->smtp_helo.data, s->smtp_helo.len); | |
1356 *b->last++ = CR; *b->last++ = LF; | |
1357 | |
1358 b->last = ngx_cpymem(b->last, "Auth-SMTP-From: ", | |
1359 sizeof("Auth-SMTP-From: ") - 1); | |
1360 b->last = ngx_copy(b->last, s->smtp_from.data, s->smtp_from.len); | |
1361 *b->last++ = CR; *b->last++ = LF; | |
1362 | |
1363 b->last = ngx_cpymem(b->last, "Auth-SMTP-To: ", | |
1364 sizeof("Auth-SMTP-To: ") - 1); | |
1365 b->last = ngx_copy(b->last, s->smtp_to.data, s->smtp_to.len); | |
1366 *b->last++ = CR; *b->last++ = LF; | |
1367 | |
1368 } | |
1369 | |
5988
3b3f789655dc
Mail: added Auth-SSL header to indicate SSL.
Maxim Dounin <mdounin@mdounin.ru>
parents:
5987
diff
changeset
|
1370 #if (NGX_MAIL_SSL) |
3b3f789655dc
Mail: added Auth-SSL header to indicate SSL.
Maxim Dounin <mdounin@mdounin.ru>
parents:
5987
diff
changeset
|
1371 |
5989
ec01b1d1fff1
Mail: client SSL certificates support.
Maxim Dounin <mdounin@mdounin.ru>
parents:
5988
diff
changeset
|
1372 if (c->ssl) { |
5988
3b3f789655dc
Mail: added Auth-SSL header to indicate SSL.
Maxim Dounin <mdounin@mdounin.ru>
parents:
5987
diff
changeset
|
1373 b->last = ngx_cpymem(b->last, "Auth-SSL: on" CRLF, |
3b3f789655dc
Mail: added Auth-SSL header to indicate SSL.
Maxim Dounin <mdounin@mdounin.ru>
parents:
5987
diff
changeset
|
1374 sizeof("Auth-SSL: on" CRLF) - 1); |
5989
ec01b1d1fff1
Mail: client SSL certificates support.
Maxim Dounin <mdounin@mdounin.ru>
parents:
5988
diff
changeset
|
1375 |
5990
6a7c6973d6fc
Mail: don't emit Auth-SSL-Verify with disabled ssl_verify_client.
Sergey Kandaurov <pluknet@nginx.com>
parents:
5989
diff
changeset
|
1376 if (verify.len) { |
6a7c6973d6fc
Mail: don't emit Auth-SSL-Verify with disabled ssl_verify_client.
Sergey Kandaurov <pluknet@nginx.com>
parents:
5989
diff
changeset
|
1377 b->last = ngx_cpymem(b->last, "Auth-SSL-Verify: ", |
6a7c6973d6fc
Mail: don't emit Auth-SSL-Verify with disabled ssl_verify_client.
Sergey Kandaurov <pluknet@nginx.com>
parents:
5989
diff
changeset
|
1378 sizeof("Auth-SSL-Verify: ") - 1); |
6a7c6973d6fc
Mail: don't emit Auth-SSL-Verify with disabled ssl_verify_client.
Sergey Kandaurov <pluknet@nginx.com>
parents:
5989
diff
changeset
|
1379 b->last = ngx_copy(b->last, verify.data, verify.len); |
6a7c6973d6fc
Mail: don't emit Auth-SSL-Verify with disabled ssl_verify_client.
Sergey Kandaurov <pluknet@nginx.com>
parents:
5989
diff
changeset
|
1380 *b->last++ = CR; *b->last++ = LF; |
6a7c6973d6fc
Mail: don't emit Auth-SSL-Verify with disabled ssl_verify_client.
Sergey Kandaurov <pluknet@nginx.com>
parents:
5989
diff
changeset
|
1381 } |
5989
ec01b1d1fff1
Mail: client SSL certificates support.
Maxim Dounin <mdounin@mdounin.ru>
parents:
5988
diff
changeset
|
1382 |
ec01b1d1fff1
Mail: client SSL certificates support.
Maxim Dounin <mdounin@mdounin.ru>
parents:
5988
diff
changeset
|
1383 if (subject.len) { |
ec01b1d1fff1
Mail: client SSL certificates support.
Maxim Dounin <mdounin@mdounin.ru>
parents:
5988
diff
changeset
|
1384 b->last = ngx_cpymem(b->last, "Auth-SSL-Subject: ", |
ec01b1d1fff1
Mail: client SSL certificates support.
Maxim Dounin <mdounin@mdounin.ru>
parents:
5988
diff
changeset
|
1385 sizeof("Auth-SSL-Subject: ") - 1); |
ec01b1d1fff1
Mail: client SSL certificates support.
Maxim Dounin <mdounin@mdounin.ru>
parents:
5988
diff
changeset
|
1386 b->last = ngx_copy(b->last, subject.data, subject.len); |
ec01b1d1fff1
Mail: client SSL certificates support.
Maxim Dounin <mdounin@mdounin.ru>
parents:
5988
diff
changeset
|
1387 *b->last++ = CR; *b->last++ = LF; |
ec01b1d1fff1
Mail: client SSL certificates support.
Maxim Dounin <mdounin@mdounin.ru>
parents:
5988
diff
changeset
|
1388 } |
ec01b1d1fff1
Mail: client SSL certificates support.
Maxim Dounin <mdounin@mdounin.ru>
parents:
5988
diff
changeset
|
1389 |
ec01b1d1fff1
Mail: client SSL certificates support.
Maxim Dounin <mdounin@mdounin.ru>
parents:
5988
diff
changeset
|
1390 if (issuer.len) { |
ec01b1d1fff1
Mail: client SSL certificates support.
Maxim Dounin <mdounin@mdounin.ru>
parents:
5988
diff
changeset
|
1391 b->last = ngx_cpymem(b->last, "Auth-SSL-Issuer: ", |
ec01b1d1fff1
Mail: client SSL certificates support.
Maxim Dounin <mdounin@mdounin.ru>
parents:
5988
diff
changeset
|
1392 sizeof("Auth-SSL-Issuer: ") - 1); |
ec01b1d1fff1
Mail: client SSL certificates support.
Maxim Dounin <mdounin@mdounin.ru>
parents:
5988
diff
changeset
|
1393 b->last = ngx_copy(b->last, issuer.data, issuer.len); |
ec01b1d1fff1
Mail: client SSL certificates support.
Maxim Dounin <mdounin@mdounin.ru>
parents:
5988
diff
changeset
|
1394 *b->last++ = CR; *b->last++ = LF; |
ec01b1d1fff1
Mail: client SSL certificates support.
Maxim Dounin <mdounin@mdounin.ru>
parents:
5988
diff
changeset
|
1395 } |
ec01b1d1fff1
Mail: client SSL certificates support.
Maxim Dounin <mdounin@mdounin.ru>
parents:
5988
diff
changeset
|
1396 |
ec01b1d1fff1
Mail: client SSL certificates support.
Maxim Dounin <mdounin@mdounin.ru>
parents:
5988
diff
changeset
|
1397 if (serial.len) { |
ec01b1d1fff1
Mail: client SSL certificates support.
Maxim Dounin <mdounin@mdounin.ru>
parents:
5988
diff
changeset
|
1398 b->last = ngx_cpymem(b->last, "Auth-SSL-Serial: ", |
ec01b1d1fff1
Mail: client SSL certificates support.
Maxim Dounin <mdounin@mdounin.ru>
parents:
5988
diff
changeset
|
1399 sizeof("Auth-SSL-Serial: ") - 1); |
ec01b1d1fff1
Mail: client SSL certificates support.
Maxim Dounin <mdounin@mdounin.ru>
parents:
5988
diff
changeset
|
1400 b->last = ngx_copy(b->last, serial.data, serial.len); |
ec01b1d1fff1
Mail: client SSL certificates support.
Maxim Dounin <mdounin@mdounin.ru>
parents:
5988
diff
changeset
|
1401 *b->last++ = CR; *b->last++ = LF; |
ec01b1d1fff1
Mail: client SSL certificates support.
Maxim Dounin <mdounin@mdounin.ru>
parents:
5988
diff
changeset
|
1402 } |
ec01b1d1fff1
Mail: client SSL certificates support.
Maxim Dounin <mdounin@mdounin.ru>
parents:
5988
diff
changeset
|
1403 |
ec01b1d1fff1
Mail: client SSL certificates support.
Maxim Dounin <mdounin@mdounin.ru>
parents:
5988
diff
changeset
|
1404 if (fingerprint.len) { |
ec01b1d1fff1
Mail: client SSL certificates support.
Maxim Dounin <mdounin@mdounin.ru>
parents:
5988
diff
changeset
|
1405 b->last = ngx_cpymem(b->last, "Auth-SSL-Fingerprint: ", |
ec01b1d1fff1
Mail: client SSL certificates support.
Maxim Dounin <mdounin@mdounin.ru>
parents:
5988
diff
changeset
|
1406 sizeof("Auth-SSL-Fingerprint: ") - 1); |
ec01b1d1fff1
Mail: client SSL certificates support.
Maxim Dounin <mdounin@mdounin.ru>
parents:
5988
diff
changeset
|
1407 b->last = ngx_copy(b->last, fingerprint.data, fingerprint.len); |
ec01b1d1fff1
Mail: client SSL certificates support.
Maxim Dounin <mdounin@mdounin.ru>
parents:
5988
diff
changeset
|
1408 *b->last++ = CR; *b->last++ = LF; |
ec01b1d1fff1
Mail: client SSL certificates support.
Maxim Dounin <mdounin@mdounin.ru>
parents:
5988
diff
changeset
|
1409 } |
ec01b1d1fff1
Mail: client SSL certificates support.
Maxim Dounin <mdounin@mdounin.ru>
parents:
5988
diff
changeset
|
1410 |
ec01b1d1fff1
Mail: client SSL certificates support.
Maxim Dounin <mdounin@mdounin.ru>
parents:
5988
diff
changeset
|
1411 if (cert.len) { |
ec01b1d1fff1
Mail: client SSL certificates support.
Maxim Dounin <mdounin@mdounin.ru>
parents:
5988
diff
changeset
|
1412 b->last = ngx_cpymem(b->last, "Auth-SSL-Cert: ", |
ec01b1d1fff1
Mail: client SSL certificates support.
Maxim Dounin <mdounin@mdounin.ru>
parents:
5988
diff
changeset
|
1413 sizeof("Auth-SSL-Cert: ") - 1); |
ec01b1d1fff1
Mail: client SSL certificates support.
Maxim Dounin <mdounin@mdounin.ru>
parents:
5988
diff
changeset
|
1414 b->last = ngx_copy(b->last, cert.data, cert.len); |
ec01b1d1fff1
Mail: client SSL certificates support.
Maxim Dounin <mdounin@mdounin.ru>
parents:
5988
diff
changeset
|
1415 *b->last++ = CR; *b->last++ = LF; |
ec01b1d1fff1
Mail: client SSL certificates support.
Maxim Dounin <mdounin@mdounin.ru>
parents:
5988
diff
changeset
|
1416 } |
5988
3b3f789655dc
Mail: added Auth-SSL header to indicate SSL.
Maxim Dounin <mdounin@mdounin.ru>
parents:
5987
diff
changeset
|
1417 } |
3b3f789655dc
Mail: added Auth-SSL header to indicate SSL.
Maxim Dounin <mdounin@mdounin.ru>
parents:
5987
diff
changeset
|
1418 |
3b3f789655dc
Mail: added Auth-SSL header to indicate SSL.
Maxim Dounin <mdounin@mdounin.ru>
parents:
5987
diff
changeset
|
1419 #endif |
3b3f789655dc
Mail: added Auth-SSL header to indicate SSL.
Maxim Dounin <mdounin@mdounin.ru>
parents:
5987
diff
changeset
|
1420 |
573 | 1421 if (ahcf->header.len) { |
1422 b->last = ngx_copy(b->last, ahcf->header.data, ahcf->header.len); | |
1423 } | |
1424 | |
521 | 1425 /* add "\r\n" at the header end */ |
1426 *b->last++ = CR; *b->last++ = LF; | |
1427 | |
1136 | 1428 #if (NGX_DEBUG_MAIL_PASSWD) |
6001
add12ee1d01c
Style: use %*s format, as in 68d21fd1dc64.
Ruslan Ermilov <ru@nginx.com>
parents:
5990
diff
changeset
|
1429 ngx_log_debug2(NGX_LOG_DEBUG_MAIL, s->connection->log, 0, |
add12ee1d01c
Style: use %*s format, as in 68d21fd1dc64.
Ruslan Ermilov <ru@nginx.com>
parents:
5990
diff
changeset
|
1430 "mail auth http header:%N\"%*s\"", |
add12ee1d01c
Style: use %*s format, as in 68d21fd1dc64.
Ruslan Ermilov <ru@nginx.com>
parents:
5990
diff
changeset
|
1431 (size_t) (b->last - b->pos), b->pos); |
521 | 1432 #endif |
1433 | |
1434 return b; | |
1435 } | |
1436 | |
1437 | |
633 | 1438 static ngx_int_t |
1136 | 1439 ngx_mail_auth_http_escape(ngx_pool_t *pool, ngx_str_t *text, ngx_str_t *escaped) |
633 | 1440 { |
1405
fdd064faf26a
escape " ", "%", and %00-%1F in login and password
Igor Sysoev <igor@sysoev.ru>
parents:
1392
diff
changeset
|
1441 u_char *p; |
fdd064faf26a
escape " ", "%", and %00-%1F in login and password
Igor Sysoev <igor@sysoev.ru>
parents:
1392
diff
changeset
|
1442 uintptr_t n; |
633 | 1443 |
1405
fdd064faf26a
escape " ", "%", and %00-%1F in login and password
Igor Sysoev <igor@sysoev.ru>
parents:
1392
diff
changeset
|
1444 n = ngx_escape_uri(NULL, text->data, text->len, NGX_ESCAPE_MAIL_AUTH); |
633 | 1445 |
1446 if (n == 0) { | |
1447 *escaped = *text; | |
1448 return NGX_OK; | |
1449 } | |
1450 | |
1451 escaped->len = text->len + n * 2; | |
1452 | |
2049 | 1453 p = ngx_pnalloc(pool, escaped->len); |
633 | 1454 if (p == NULL) { |
1455 return NGX_ERROR; | |
1456 } | |
1457 | |
1405
fdd064faf26a
escape " ", "%", and %00-%1F in login and password
Igor Sysoev <igor@sysoev.ru>
parents:
1392
diff
changeset
|
1458 (void) ngx_escape_uri(p, text->data, text->len, NGX_ESCAPE_MAIL_AUTH); |
633 | 1459 |
1405
fdd064faf26a
escape " ", "%", and %00-%1F in login and password
Igor Sysoev <igor@sysoev.ru>
parents:
1392
diff
changeset
|
1460 escaped->data = p; |
633 | 1461 |
1462 return NGX_OK; | |
1463 } | |
1464 | |
1465 | |
521 | 1466 static void * |
1136 | 1467 ngx_mail_auth_http_create_conf(ngx_conf_t *cf) |
577 | 1468 { |
1136 | 1469 ngx_mail_auth_http_conf_t *ahcf; |
577 | 1470 |
1136 | 1471 ahcf = ngx_pcalloc(cf->pool, sizeof(ngx_mail_auth_http_conf_t)); |
521 | 1472 if (ahcf == NULL) { |
2912
c7d57b539248
return NULL instead of NGX_CONF_ERROR on a create conf failure
Igor Sysoev <igor@sysoev.ru>
parents:
2855
diff
changeset
|
1473 return NULL; |
521 | 1474 } |
1475 | |
1476 ahcf->timeout = NGX_CONF_UNSET_MSEC; | |
5989
ec01b1d1fff1
Mail: client SSL certificates support.
Maxim Dounin <mdounin@mdounin.ru>
parents:
5988
diff
changeset
|
1477 ahcf->pass_client_cert = NGX_CONF_UNSET; |
521 | 1478 |
1392 | 1479 ahcf->file = cf->conf_file->file.name.data; |
1480 ahcf->line = cf->conf_file->line; | |
1481 | |
521 | 1482 return ahcf; |
1483 } | |
1484 | |
1485 | |
1486 static char * | |
1136 | 1487 ngx_mail_auth_http_merge_conf(ngx_conf_t *cf, void *parent, void *child) |
521 | 1488 { |
1136 | 1489 ngx_mail_auth_http_conf_t *prev = parent; |
1490 ngx_mail_auth_http_conf_t *conf = child; | |
521 | 1491 |
573 | 1492 u_char *p; |
1493 size_t len; | |
1494 ngx_uint_t i; | |
1495 ngx_table_elt_t *header; | |
1496 | |
884 | 1497 if (conf->peer == NULL) { |
1498 conf->peer = prev->peer; | |
521 | 1499 conf->host_header = prev->host_header; |
1500 conf->uri = prev->uri; | |
1392 | 1501 |
1502 if (conf->peer == NULL) { | |
1503 ngx_log_error(NGX_LOG_EMERG, cf->log, 0, | |
4812
785ae4de268b
Corrected the directive name in the ngx_mail_auth_http_module error message.
Ruslan Ermilov <ru@nginx.com>
parents:
4412
diff
changeset
|
1504 "no \"auth_http\" is defined for server in %s:%ui", |
1392 | 1505 conf->file, conf->line); |
1506 | |
1507 return NGX_CONF_ERROR; | |
1508 } | |
521 | 1509 } |
1510 | |
1511 ngx_conf_merge_msec_value(conf->timeout, prev->timeout, 60000); | |
1512 | |
5989
ec01b1d1fff1
Mail: client SSL certificates support.
Maxim Dounin <mdounin@mdounin.ru>
parents:
5988
diff
changeset
|
1513 ngx_conf_merge_value(conf->pass_client_cert, prev->pass_client_cert, 0); |
ec01b1d1fff1
Mail: client SSL certificates support.
Maxim Dounin <mdounin@mdounin.ru>
parents:
5988
diff
changeset
|
1514 |
573 | 1515 if (conf->headers == NULL) { |
1516 conf->headers = prev->headers; | |
1517 conf->header = prev->header; | |
1518 } | |
1519 | |
1520 if (conf->headers && conf->header.len == 0) { | |
1521 len = 0; | |
1522 header = conf->headers->elts; | |
1523 for (i = 0; i < conf->headers->nelts; i++) { | |
1524 len += header[i].key.len + 2 + header[i].value.len + 2; | |
1525 } | |
1526 | |
2049 | 1527 p = ngx_pnalloc(cf->pool, len); |
573 | 1528 if (p == NULL) { |
1529 return NGX_CONF_ERROR; | |
1530 } | |
1531 | |
1532 conf->header.len = len; | |
1533 conf->header.data = p; | |
1534 | |
1535 for (i = 0; i < conf->headers->nelts; i++) { | |
1536 p = ngx_cpymem(p, header[i].key.data, header[i].key.len); | |
1537 *p++ = ':'; *p++ = ' '; | |
1538 p = ngx_cpymem(p, header[i].value.data, header[i].value.len); | |
1539 *p++ = CR; *p++ = LF; | |
1540 } | |
1541 } | |
1542 | |
521 | 1543 return NGX_CONF_OK; |
1544 } | |
1545 | |
1546 | |
1547 static char * | |
1136 | 1548 ngx_mail_auth_http(ngx_conf_t *cf, ngx_command_t *cmd, void *conf) |
577 | 1549 { |
1136 | 1550 ngx_mail_auth_http_conf_t *ahcf = conf; |
521 | 1551 |
805
8ee450f30c25
now the "auth_http" directive uses ngx_parse_url()
Igor Sysoev <igor@sysoev.ru>
parents:
800
diff
changeset
|
1552 ngx_str_t *value; |
8ee450f30c25
now the "auth_http" directive uses ngx_parse_url()
Igor Sysoev <igor@sysoev.ru>
parents:
800
diff
changeset
|
1553 ngx_url_t u; |
573 | 1554 |
521 | 1555 value = cf->args->elts; |
1556 | |
805
8ee450f30c25
now the "auth_http" directive uses ngx_parse_url()
Igor Sysoev <igor@sysoev.ru>
parents:
800
diff
changeset
|
1557 ngx_memzero(&u, sizeof(ngx_url_t)); |
521 | 1558 |
805
8ee450f30c25
now the "auth_http" directive uses ngx_parse_url()
Igor Sysoev <igor@sysoev.ru>
parents:
800
diff
changeset
|
1559 u.url = value[1]; |
906 | 1560 u.default_port = 80; |
805
8ee450f30c25
now the "auth_http" directive uses ngx_parse_url()
Igor Sysoev <igor@sysoev.ru>
parents:
800
diff
changeset
|
1561 u.uri_part = 1; |
577 | 1562 |
1391
4eed21047e4d
allow "http://" in auth_http URL
Igor Sysoev <igor@sysoev.ru>
parents:
1390
diff
changeset
|
1563 if (ngx_strncmp(u.url.data, "http://", 7) == 0) { |
4eed21047e4d
allow "http://" in auth_http URL
Igor Sysoev <igor@sysoev.ru>
parents:
1390
diff
changeset
|
1564 u.url.len -= 7; |
4eed21047e4d
allow "http://" in auth_http URL
Igor Sysoev <igor@sysoev.ru>
parents:
1390
diff
changeset
|
1565 u.url.data += 7; |
4eed21047e4d
allow "http://" in auth_http URL
Igor Sysoev <igor@sysoev.ru>
parents:
1390
diff
changeset
|
1566 } |
4eed21047e4d
allow "http://" in auth_http URL
Igor Sysoev <igor@sysoev.ru>
parents:
1390
diff
changeset
|
1567 |
1559
fe11e2a3946d
use pool instead of ngx_conf_t
Igor Sysoev <igor@sysoev.ru>
parents:
1487
diff
changeset
|
1568 if (ngx_parse_url(cf->pool, &u) != NGX_OK) { |
805
8ee450f30c25
now the "auth_http" directive uses ngx_parse_url()
Igor Sysoev <igor@sysoev.ru>
parents:
800
diff
changeset
|
1569 if (u.err) { |
8ee450f30c25
now the "auth_http" directive uses ngx_parse_url()
Igor Sysoev <igor@sysoev.ru>
parents:
800
diff
changeset
|
1570 ngx_conf_log_error(NGX_LOG_EMERG, cf, 0, |
8ee450f30c25
now the "auth_http" directive uses ngx_parse_url()
Igor Sysoev <igor@sysoev.ru>
parents:
800
diff
changeset
|
1571 "%s in auth_http \"%V\"", u.err, &u.url); |
8ee450f30c25
now the "auth_http" directive uses ngx_parse_url()
Igor Sysoev <igor@sysoev.ru>
parents:
800
diff
changeset
|
1572 } |
1390 | 1573 |
1574 return NGX_CONF_ERROR; | |
805
8ee450f30c25
now the "auth_http" directive uses ngx_parse_url()
Igor Sysoev <igor@sysoev.ru>
parents:
800
diff
changeset
|
1575 } |
521 | 1576 |
884 | 1577 ahcf->peer = u.addrs; |
521 | 1578 |
3406
a2a5812cf4f4
use "localhost" in "Host" header line, if unix socket is used in "auth_http"
Igor Sysoev <igor@sysoev.ru>
parents:
3269
diff
changeset
|
1579 if (u.family != AF_UNIX) { |
a2a5812cf4f4
use "localhost" in "Host" header line, if unix socket is used in "auth_http"
Igor Sysoev <igor@sysoev.ru>
parents:
3269
diff
changeset
|
1580 ahcf->host_header = u.host; |
a2a5812cf4f4
use "localhost" in "Host" header line, if unix socket is used in "auth_http"
Igor Sysoev <igor@sysoev.ru>
parents:
3269
diff
changeset
|
1581 |
a2a5812cf4f4
use "localhost" in "Host" header line, if unix socket is used in "auth_http"
Igor Sysoev <igor@sysoev.ru>
parents:
3269
diff
changeset
|
1582 } else { |
3516
dd1570b6f237
ngx_str_set() and ngx_str_null()
Igor Sysoev <igor@sysoev.ru>
parents:
3406
diff
changeset
|
1583 ngx_str_set(&ahcf->host_header, "localhost"); |
3406
a2a5812cf4f4
use "localhost" in "Host" header line, if unix socket is used in "auth_http"
Igor Sysoev <igor@sysoev.ru>
parents:
3269
diff
changeset
|
1584 } |
a2a5812cf4f4
use "localhost" in "Host" header line, if unix socket is used in "auth_http"
Igor Sysoev <igor@sysoev.ru>
parents:
3269
diff
changeset
|
1585 |
805
8ee450f30c25
now the "auth_http" directive uses ngx_parse_url()
Igor Sysoev <igor@sysoev.ru>
parents:
800
diff
changeset
|
1586 ahcf->uri = u.uri; |
521 | 1587 |
559 | 1588 if (ahcf->uri.len == 0) { |
3516
dd1570b6f237
ngx_str_set() and ngx_str_null()
Igor Sysoev <igor@sysoev.ru>
parents:
3406
diff
changeset
|
1589 ngx_str_set(&ahcf->uri, "/"); |
555 | 1590 } |
1591 | |
521 | 1592 return NGX_CONF_OK; |
1593 } | |
573 | 1594 |
1595 | |
1596 static char * | |
1136 | 1597 ngx_mail_auth_http_header(ngx_conf_t *cf, ngx_command_t *cmd, void *conf) |
577 | 1598 { |
1136 | 1599 ngx_mail_auth_http_conf_t *ahcf = conf; |
573 | 1600 |
1601 ngx_str_t *value; | |
1602 ngx_table_elt_t *header; | |
1603 | |
1604 if (ahcf->headers == NULL) { | |
1605 ahcf->headers = ngx_array_create(cf->pool, 1, sizeof(ngx_table_elt_t)); | |
1606 if (ahcf->headers == NULL) { | |
1607 return NGX_CONF_ERROR; | |
1608 } | |
1609 } | |
1610 | |
1611 header = ngx_array_push(ahcf->headers); | |
1612 if (header == NULL) { | |
1613 return NGX_CONF_ERROR; | |
1614 } | |
1615 | |
1616 value = cf->args->elts; | |
1617 | |
1618 header->key = value[1]; | |
1619 header->value = value[2]; | |
1620 | |
1621 return NGX_CONF_OK; | |
1622 } |