Mercurial > hg > nginx
annotate src/imap/ngx_imap_auth_http_module.c @ 1107:db7c468c447d
ngx_strcasecmp()/ngx_strncasecmp()
author | Igor Sysoev <igor@sysoev.ru> |
---|---|
date | Wed, 14 Feb 2007 18:51:19 +0000 |
parents | a0310ac2814f |
children |
rev | line source |
---|---|
521 | 1 |
2 /* | |
3 * Copyright (C) Igor Sysoev | |
4 */ | |
5 | |
6 | |
7 #include <ngx_config.h> | |
8 #include <ngx_core.h> | |
9 #include <ngx_event.h> | |
10 #include <ngx_event_connect.h> | |
11 #include <ngx_imap.h> | |
12 | |
13 | |
14 typedef struct { | |
884 | 15 ngx_peer_addr_t *peer; |
521 | 16 |
527 | 17 ngx_msec_t timeout; |
521 | 18 |
527 | 19 ngx_str_t host_header; |
20 ngx_str_t uri; | |
573 | 21 ngx_str_t header; |
22 | |
23 ngx_array_t *headers; | |
521 | 24 } ngx_imap_auth_http_conf_t; |
25 | |
26 | |
527 | 27 typedef struct ngx_imap_auth_http_ctx_s ngx_imap_auth_http_ctx_t; |
28 | |
29 typedef void (*ngx_imap_auth_http_handler_pt)(ngx_imap_session_t *s, | |
30 ngx_imap_auth_http_ctx_t *ctx); | |
31 | |
32 struct ngx_imap_auth_http_ctx_s { | |
33 ngx_buf_t *request; | |
34 ngx_buf_t *response; | |
35 ngx_peer_connection_t peer; | |
36 | |
37 ngx_imap_auth_http_handler_pt handler; | |
38 | |
39 ngx_uint_t state; | |
40 ngx_uint_t hash; /* no needed ? */ | |
41 | |
42 u_char *header_name_start; | |
43 u_char *header_name_end; | |
44 u_char *header_start; | |
45 u_char *header_end; | |
46 | |
47 ngx_str_t addr; | |
48 ngx_str_t port; | |
49 ngx_str_t err; | |
567 | 50 ngx_str_t errmsg; |
527 | 51 |
547 | 52 time_t sleep; |
527 | 53 |
547 | 54 ngx_pool_t *pool; |
527 | 55 }; |
521 | 56 |
57 | |
58 static void ngx_imap_auth_http_write_handler(ngx_event_t *wev); | |
59 static void ngx_imap_auth_http_read_handler(ngx_event_t *rev); | |
527 | 60 static void ngx_imap_auth_http_ignore_status_line(ngx_imap_session_t *s, |
61 ngx_imap_auth_http_ctx_t *ctx); | |
62 static void ngx_imap_auth_http_process_headers(ngx_imap_session_t *s, | |
63 ngx_imap_auth_http_ctx_t *ctx); | |
64 static void ngx_imap_auth_sleep_handler(ngx_event_t *rev); | |
65 static ngx_int_t ngx_imap_auth_http_parse_header_line(ngx_imap_session_t *s, | |
66 ngx_imap_auth_http_ctx_t *ctx); | |
521 | 67 static void ngx_imap_auth_http_block_read(ngx_event_t *rev); |
68 static void ngx_imap_auth_http_dummy_handler(ngx_event_t *ev); | |
69 static ngx_buf_t *ngx_imap_auth_http_create_request(ngx_imap_session_t *s, | |
547 | 70 ngx_pool_t *pool, ngx_imap_auth_http_conf_t *ahcf); |
633 | 71 static ngx_int_t ngx_imap_auth_http_escape(ngx_pool_t *pool, ngx_str_t *text, |
72 ngx_str_t *escaped); | |
521 | 73 |
74 static void *ngx_imap_auth_http_create_conf(ngx_conf_t *cf); | |
75 static char *ngx_imap_auth_http_merge_conf(ngx_conf_t *cf, void *parent, | |
76 void *child); | |
77 static char *ngx_imap_auth_http(ngx_conf_t *cf, ngx_command_t *cmd, void *conf); | |
573 | 78 static char *ngx_imap_auth_http_header(ngx_conf_t *cf, ngx_command_t *cmd, |
79 void *conf); | |
521 | 80 |
81 | |
82 static ngx_command_t ngx_imap_auth_http_commands[] = { | |
83 | |
84 { ngx_string("auth_http"), | |
85 NGX_IMAP_MAIN_CONF|NGX_IMAP_SRV_CONF|NGX_CONF_TAKE1, | |
86 ngx_imap_auth_http, | |
87 NGX_IMAP_SRV_CONF_OFFSET, | |
88 0, | |
89 NULL }, | |
90 | |
91 { ngx_string("auth_http_timeout"), | |
92 NGX_IMAP_MAIN_CONF|NGX_IMAP_SRV_CONF|NGX_CONF_TAKE1, | |
93 ngx_conf_set_msec_slot, | |
94 NGX_IMAP_SRV_CONF_OFFSET, | |
95 offsetof(ngx_imap_auth_http_conf_t, timeout), | |
96 NULL }, | |
97 | |
573 | 98 { ngx_string("auth_http_header"), |
99 NGX_IMAP_MAIN_CONF|NGX_IMAP_SRV_CONF|NGX_CONF_TAKE2, | |
100 ngx_imap_auth_http_header, | |
101 NGX_IMAP_SRV_CONF_OFFSET, | |
102 0, | |
103 NULL }, | |
104 | |
521 | 105 ngx_null_command |
106 }; | |
107 | |
108 | |
109 static ngx_imap_module_t ngx_imap_auth_http_module_ctx = { | |
110 NULL, /* create main configuration */ | |
111 NULL, /* init main configuration */ | |
112 | |
113 ngx_imap_auth_http_create_conf, /* create server configuration */ | |
114 ngx_imap_auth_http_merge_conf /* merge server configuration */ | |
115 }; | |
116 | |
117 | |
118 ngx_module_t ngx_imap_auth_http_module = { | |
119 NGX_MODULE_V1, | |
120 &ngx_imap_auth_http_module_ctx, /* module context */ | |
121 ngx_imap_auth_http_commands, /* module directives */ | |
122 NGX_IMAP_MODULE, /* module type */ | |
541 | 123 NULL, /* init master */ |
521 | 124 NULL, /* init module */ |
541 | 125 NULL, /* init process */ |
126 NULL, /* init thread */ | |
127 NULL, /* exit thread */ | |
128 NULL, /* exit process */ | |
129 NULL, /* exit master */ | |
130 NGX_MODULE_V1_PADDING | |
521 | 131 }; |
132 | |
133 | |
800 | 134 static char *ngx_imap_auth_http_protocol[] = { "pop3", "imap" }; |
135 static ngx_str_t ngx_imap_auth_http_method[] = { | |
809 | 136 ngx_string("plain"), |
137 ngx_string("apop"), | |
138 ngx_string("cram-md5") | |
800 | 139 }; |
521 | 140 |
141 | |
142 void | |
143 ngx_imap_auth_http_init(ngx_imap_session_t *s) | |
144 { | |
145 ngx_int_t rc; | |
547 | 146 ngx_pool_t *pool; |
521 | 147 ngx_imap_auth_http_ctx_t *ctx; |
148 ngx_imap_auth_http_conf_t *ahcf; | |
149 | |
541 | 150 s->connection->log->action = "in http auth state"; |
151 | |
547 | 152 pool = ngx_create_pool(2048, s->connection->log); |
153 if (pool == NULL) { | |
525 | 154 ngx_imap_session_internal_server_error(s); |
521 | 155 return; |
156 } | |
157 | |
547 | 158 ctx = ngx_pcalloc(pool, sizeof(ngx_imap_auth_http_ctx_t)); |
159 if (ctx == NULL) { | |
160 ngx_destroy_pool(pool); | |
161 ngx_imap_session_internal_server_error(s); | |
162 return; | |
163 } | |
164 | |
165 ctx->pool = pool; | |
166 | |
521 | 167 ahcf = ngx_imap_get_module_srv_conf(s, ngx_imap_auth_http_module); |
168 | |
547 | 169 ctx->request = ngx_imap_auth_http_create_request(s, pool, ahcf); |
521 | 170 if (ctx->request == NULL) { |
547 | 171 ngx_destroy_pool(ctx->pool); |
525 | 172 ngx_imap_session_internal_server_error(s); |
521 | 173 return; |
174 } | |
175 | |
176 ngx_imap_set_ctx(s, ctx, ngx_imap_auth_http_module); | |
177 | |
884 | 178 ctx->peer.sockaddr = ahcf->peer->sockaddr; |
179 ctx->peer.socklen = ahcf->peer->socklen; | |
180 ctx->peer.name = &ahcf->peer->name; | |
181 ctx->peer.get = ngx_event_get_peer; | |
521 | 182 ctx->peer.log = s->connection->log; |
183 ctx->peer.log_error = NGX_ERROR_ERR; | |
184 | |
185 rc = ngx_event_connect_peer(&ctx->peer); | |
186 | |
543 | 187 if (rc == NGX_ERROR || rc == NGX_BUSY || rc == NGX_DECLINED) { |
862
6044cea025fa
fix segfault when connect() failed
Igor Sysoev <igor@sysoev.ru>
parents:
856
diff
changeset
|
188 if (ctx->peer.connection) { |
6044cea025fa
fix segfault when connect() failed
Igor Sysoev <igor@sysoev.ru>
parents:
856
diff
changeset
|
189 ngx_close_connection(ctx->peer.connection); |
6044cea025fa
fix segfault when connect() failed
Igor Sysoev <igor@sysoev.ru>
parents:
856
diff
changeset
|
190 } |
6044cea025fa
fix segfault when connect() failed
Igor Sysoev <igor@sysoev.ru>
parents:
856
diff
changeset
|
191 |
547 | 192 ngx_destroy_pool(ctx->pool); |
525 | 193 ngx_imap_session_internal_server_error(s); |
521 | 194 return; |
195 } | |
196 | |
197 ctx->peer.connection->data = s; | |
198 ctx->peer.connection->pool = s->connection->pool; | |
199 | |
200 s->connection->read->handler = ngx_imap_auth_http_block_read; | |
201 ctx->peer.connection->read->handler = ngx_imap_auth_http_read_handler; | |
202 ctx->peer.connection->write->handler = ngx_imap_auth_http_write_handler; | |
203 | |
527 | 204 ctx->handler = ngx_imap_auth_http_ignore_status_line; |
205 | |
541 | 206 ngx_add_timer(ctx->peer.connection->read, ahcf->timeout); |
207 ngx_add_timer(ctx->peer.connection->write, ahcf->timeout); | |
208 | |
521 | 209 if (rc == NGX_OK) { |
210 ngx_imap_auth_http_write_handler(ctx->peer.connection->write); | |
211 return; | |
212 } | |
213 } | |
214 | |
215 | |
216 static void | |
217 ngx_imap_auth_http_write_handler(ngx_event_t *wev) | |
218 { | |
219 ssize_t n, size; | |
220 ngx_connection_t *c; | |
221 ngx_imap_session_t *s; | |
222 ngx_imap_auth_http_ctx_t *ctx; | |
223 ngx_imap_auth_http_conf_t *ahcf; | |
224 | |
225 c = wev->data; | |
226 s = c->data; | |
227 | |
228 ctx = ngx_imap_get_module_ctx(s, ngx_imap_auth_http_module); | |
229 | |
230 ngx_log_debug0(NGX_LOG_DEBUG_IMAP, wev->log, 0, | |
231 "imap auth http write handler"); | |
232 | |
577 | 233 if (wev->timedout) { |
521 | 234 ngx_log_error(NGX_LOG_ERR, wev->log, NGX_ETIMEDOUT, |
884 | 235 "auth http server %V timed out", ctx->peer.name); |
525 | 236 ngx_close_connection(ctx->peer.connection); |
547 | 237 ngx_destroy_pool(ctx->pool); |
525 | 238 ngx_imap_session_internal_server_error(s); |
521 | 239 return; |
240 } | |
241 | |
242 size = ctx->request->last - ctx->request->pos; | |
243 | |
244 n = ngx_send(c, ctx->request->pos, size); | |
245 | |
246 if (n == NGX_ERROR) { | |
525 | 247 ngx_close_connection(ctx->peer.connection); |
547 | 248 ngx_destroy_pool(ctx->pool); |
525 | 249 ngx_imap_session_internal_server_error(s); |
521 | 250 return; |
251 } | |
252 | |
253 if (n > 0) { | |
254 ctx->request->pos += n; | |
255 | |
256 if (n == size) { | |
257 wev->handler = ngx_imap_auth_http_dummy_handler; | |
258 | |
259 if (wev->timer_set) { | |
260 ngx_del_timer(wev); | |
261 } | |
262 | |
799
9737d6fb1ac6
disable write level event while waiting auth server response
Igor Sysoev <igor@sysoev.ru>
parents:
633
diff
changeset
|
263 if (ngx_handle_write_event(wev, 0) == NGX_ERROR) { |
9737d6fb1ac6
disable write level event while waiting auth server response
Igor Sysoev <igor@sysoev.ru>
parents:
633
diff
changeset
|
264 ngx_close_connection(ctx->peer.connection); |
9737d6fb1ac6
disable write level event while waiting auth server response
Igor Sysoev <igor@sysoev.ru>
parents:
633
diff
changeset
|
265 ngx_destroy_pool(ctx->pool); |
9737d6fb1ac6
disable write level event while waiting auth server response
Igor Sysoev <igor@sysoev.ru>
parents:
633
diff
changeset
|
266 ngx_imap_session_internal_server_error(s); |
9737d6fb1ac6
disable write level event while waiting auth server response
Igor Sysoev <igor@sysoev.ru>
parents:
633
diff
changeset
|
267 } |
9737d6fb1ac6
disable write level event while waiting auth server response
Igor Sysoev <igor@sysoev.ru>
parents:
633
diff
changeset
|
268 |
521 | 269 return; |
270 } | |
271 } | |
272 | |
273 if (!wev->timer_set) { | |
274 ahcf = ngx_imap_get_module_srv_conf(s, ngx_imap_auth_http_module); | |
275 ngx_add_timer(wev, ahcf->timeout); | |
276 } | |
277 } | |
278 | |
279 | |
280 static void | |
281 ngx_imap_auth_http_read_handler(ngx_event_t *rev) | |
282 { | |
525 | 283 ssize_t n, size; |
521 | 284 ngx_connection_t *c; |
285 ngx_imap_session_t *s; | |
286 ngx_imap_auth_http_ctx_t *ctx; | |
287 | |
288 c = rev->data; | |
289 s = c->data; | |
290 | |
291 ngx_log_debug0(NGX_LOG_DEBUG_IMAP, rev->log, 0, | |
292 "imap auth http read handler"); | |
293 | |
525 | 294 ctx = ngx_imap_get_module_ctx(s, ngx_imap_auth_http_module); |
295 | |
577 | 296 if (rev->timedout) { |
525 | 297 ngx_log_error(NGX_LOG_ERR, rev->log, NGX_ETIMEDOUT, |
884 | 298 "auth http server %V timed out", ctx->peer.name); |
525 | 299 ngx_close_connection(ctx->peer.connection); |
547 | 300 ngx_destroy_pool(ctx->pool); |
525 | 301 ngx_imap_session_internal_server_error(s); |
302 return; | |
303 } | |
304 | |
305 if (ctx->response == NULL) { | |
547 | 306 ctx->response = ngx_create_temp_buf(ctx->pool, 1024); |
525 | 307 if (ctx->response == NULL) { |
308 ngx_close_connection(ctx->peer.connection); | |
547 | 309 ngx_destroy_pool(ctx->pool); |
525 | 310 ngx_imap_session_internal_server_error(s); |
311 return; | |
312 } | |
313 } | |
314 | |
527 | 315 size = ctx->response->end - ctx->response->last; |
525 | 316 |
317 n = ngx_recv(c, ctx->response->pos, size); | |
318 | |
527 | 319 if (n > 0) { |
320 ctx->response->last += n; | |
321 | |
322 ctx->handler(s, ctx); | |
323 return; | |
324 } | |
325 | |
326 if (n == NGX_AGAIN) { | |
525 | 327 return; |
328 } | |
329 | |
527 | 330 ngx_close_connection(ctx->peer.connection); |
547 | 331 ngx_destroy_pool(ctx->pool); |
527 | 332 ngx_imap_session_internal_server_error(s); |
333 } | |
525 | 334 |
335 | |
527 | 336 static void |
337 ngx_imap_auth_http_ignore_status_line(ngx_imap_session_t *s, | |
338 ngx_imap_auth_http_ctx_t *ctx) | |
339 { | |
340 u_char *p, ch; | |
341 enum { | |
342 sw_start = 0, | |
343 sw_H, | |
344 sw_HT, | |
345 sw_HTT, | |
346 sw_HTTP, | |
347 sw_skip, | |
348 sw_almost_done | |
349 } state; | |
350 | |
351 ngx_log_debug0(NGX_LOG_DEBUG_IMAP, s->connection->log, 0, | |
352 "imap auth http process status line"); | |
353 | |
354 state = ctx->state; | |
355 | |
356 for (p = ctx->response->pos; p < ctx->response->last; p++) { | |
357 ch = *p; | |
358 | |
359 switch (state) { | |
360 | |
361 /* "HTTP/" */ | |
362 case sw_start: | |
363 if (ch == 'H') { | |
364 state = sw_H; | |
365 break; | |
366 } | |
367 goto next; | |
368 | |
369 case sw_H: | |
370 if (ch == 'T') { | |
371 state = sw_HT; | |
372 break; | |
373 } | |
374 goto next; | |
375 | |
376 case sw_HT: | |
377 if (ch == 'T') { | |
378 state = sw_HTT; | |
379 break; | |
380 } | |
381 goto next; | |
382 | |
383 case sw_HTT: | |
384 if (ch == 'P') { | |
385 state = sw_HTTP; | |
386 break; | |
387 } | |
388 goto next; | |
389 | |
390 case sw_HTTP: | |
391 if (ch == '/') { | |
392 state = sw_skip; | |
393 break; | |
394 } | |
395 goto next; | |
396 | |
397 /* any text until end of line */ | |
398 case sw_skip: | |
399 switch (ch) { | |
400 case CR: | |
401 state = sw_almost_done; | |
402 | |
403 break; | |
577 | 404 case LF: |
527 | 405 goto done; |
406 } | |
407 break; | |
408 | |
409 /* end of status line */ | |
410 case sw_almost_done: | |
411 if (ch == LF) { | |
412 goto done; | |
413 } | |
414 | |
415 ngx_log_error(NGX_LOG_ERR, s->connection->log, 0, | |
541 | 416 "auth http server &V sent invalid response", |
884 | 417 ctx->peer.name); |
527 | 418 ngx_close_connection(ctx->peer.connection); |
547 | 419 ngx_destroy_pool(ctx->pool); |
527 | 420 ngx_imap_session_internal_server_error(s); |
421 return; | |
422 } | |
423 } | |
424 | |
425 ctx->response->pos = p; | |
426 ctx->state = state; | |
427 | |
428 return; | |
429 | |
430 next: | |
431 | |
432 p = ctx->response->start - 1; | |
433 | |
434 done: | |
435 | |
436 ctx->response->pos = p + 1; | |
437 ctx->state = 0; | |
438 ctx->handler = ngx_imap_auth_http_process_headers; | |
439 ctx->handler(s, ctx); | |
440 } | |
525 | 441 |
442 | |
527 | 443 static void |
444 ngx_imap_auth_http_process_headers(ngx_imap_session_t *s, | |
445 ngx_imap_auth_http_ctx_t *ctx) | |
446 { | |
447 u_char *p; | |
547 | 448 time_t timer; |
527 | 449 size_t len, size; |
450 ngx_int_t rc, port, n; | |
884 | 451 ngx_peer_addr_t *peer; |
527 | 452 struct sockaddr_in *sin; |
525 | 453 |
527 | 454 ngx_log_debug0(NGX_LOG_DEBUG_IMAP, s->connection->log, 0, |
455 "imap auth http process headers"); | |
456 | |
457 for ( ;; ) { | |
458 rc = ngx_imap_auth_http_parse_header_line(s, ctx); | |
459 | |
460 if (rc == NGX_OK) { | |
461 | |
462 #if (NGX_DEBUG) | |
463 { | |
464 ngx_str_t key, value; | |
465 | |
466 key.len = ctx->header_name_end - ctx->header_name_start; | |
467 key.data = ctx->header_name_start; | |
468 value.len = ctx->header_end - ctx->header_start; | |
469 value.data = ctx->header_start; | |
470 | |
471 ngx_log_debug2(NGX_LOG_DEBUG_IMAP, s->connection->log, 0, | |
472 "auth http header: \"%V: %V\"", | |
473 &key, &value); | |
474 } | |
475 #endif | |
476 | |
477 len = ctx->header_name_end - ctx->header_name_start; | |
478 | |
479 if (len == sizeof("Auth-Status") - 1 | |
1107
db7c468c447d
ngx_strcasecmp()/ngx_strncasecmp()
Igor Sysoev <igor@sysoev.ru>
parents:
906
diff
changeset
|
480 && ngx_strncasecmp(ctx->header_name_start, |
db7c468c447d
ngx_strcasecmp()/ngx_strncasecmp()
Igor Sysoev <igor@sysoev.ru>
parents:
906
diff
changeset
|
481 (u_char *) "Auth-Status", |
db7c468c447d
ngx_strcasecmp()/ngx_strncasecmp()
Igor Sysoev <igor@sysoev.ru>
parents:
906
diff
changeset
|
482 sizeof("Auth-Status") - 1) |
db7c468c447d
ngx_strcasecmp()/ngx_strncasecmp()
Igor Sysoev <igor@sysoev.ru>
parents:
906
diff
changeset
|
483 == 0) |
527 | 484 { |
485 len = ctx->header_end - ctx->header_start; | |
486 | |
487 if (len == 2 | |
488 && ctx->header_start[0] == 'O' | |
489 && ctx->header_start[1] == 'K') | |
490 { | |
491 continue; | |
492 } | |
493 | |
883 | 494 if (len == 4 |
495 && ctx->header_start[0] == 'W' | |
496 && ctx->header_start[1] == 'A' | |
497 && ctx->header_start[2] == 'I' | |
498 && ctx->header_start[3] == 'T') | |
499 { | |
500 s->auth_wait = 1; | |
501 continue; | |
502 } | |
503 | |
567 | 504 ctx->errmsg.len = len; |
505 ctx->errmsg.data = ctx->header_start; | |
506 | |
527 | 507 if (s->protocol == NGX_IMAP_POP3_PROTOCOL) { |
854
1673f197bc62
fix segfault when many auth failures occurred
Igor Sysoev <igor@sysoev.ru>
parents:
809
diff
changeset
|
508 size = sizeof("-ERR ") - 1 + len + sizeof(CRLF) - 1; |
527 | 509 |
510 } else { | |
854
1673f197bc62
fix segfault when many auth failures occurred
Igor Sysoev <igor@sysoev.ru>
parents:
809
diff
changeset
|
511 size = s->tag.len + sizeof("NO ") - 1 + len |
527 | 512 + sizeof(CRLF) - 1; |
513 } | |
514 | |
515 p = ngx_pcalloc(s->connection->pool, size); | |
516 if (p == NULL) { | |
543 | 517 ngx_close_connection(ctx->peer.connection); |
547 | 518 ngx_destroy_pool(ctx->pool); |
527 | 519 ngx_imap_session_internal_server_error(s); |
520 return; | |
521 } | |
522 | |
523 ctx->err.data = p; | |
524 | |
525 if (s->protocol == NGX_IMAP_POP3_PROTOCOL) { | |
526 *p++ = '-'; *p++ = 'E'; *p++ = 'R'; *p++ = 'R'; | |
527 | |
528 } else { | |
529 p = ngx_cpymem(p, s->tag.data, s->tag.len); | |
530 *p++ = 'N'; *p++ = 'O'; | |
531 } | |
532 | |
533 *p++ = ' '; | |
567 | 534 |
527 | 535 p = ngx_cpymem(p, ctx->header_start, len); |
536 *p++ = CR; *p++ = LF; | |
537 | |
538 ctx->err.len = p - ctx->err.data; | |
539 | |
540 continue; | |
541 } | |
542 | |
543 if (len == sizeof("Auth-Server") - 1 | |
1107
db7c468c447d
ngx_strcasecmp()/ngx_strncasecmp()
Igor Sysoev <igor@sysoev.ru>
parents:
906
diff
changeset
|
544 && ngx_strncasecmp(ctx->header_name_start, |
db7c468c447d
ngx_strcasecmp()/ngx_strncasecmp()
Igor Sysoev <igor@sysoev.ru>
parents:
906
diff
changeset
|
545 (u_char *) "Auth-Server", |
db7c468c447d
ngx_strcasecmp()/ngx_strncasecmp()
Igor Sysoev <igor@sysoev.ru>
parents:
906
diff
changeset
|
546 sizeof("Auth-Server") - 1) |
db7c468c447d
ngx_strcasecmp()/ngx_strncasecmp()
Igor Sysoev <igor@sysoev.ru>
parents:
906
diff
changeset
|
547 == 0) |
527 | 548 { |
549 ctx->addr.len = ctx->header_end - ctx->header_start; | |
550 ctx->addr.data = ctx->header_start; | |
551 | |
552 continue; | |
553 } | |
554 | |
555 if (len == sizeof("Auth-Port") - 1 | |
1107
db7c468c447d
ngx_strcasecmp()/ngx_strncasecmp()
Igor Sysoev <igor@sysoev.ru>
parents:
906
diff
changeset
|
556 && ngx_strncasecmp(ctx->header_name_start, |
db7c468c447d
ngx_strcasecmp()/ngx_strncasecmp()
Igor Sysoev <igor@sysoev.ru>
parents:
906
diff
changeset
|
557 (u_char *) "Auth-Port", |
db7c468c447d
ngx_strcasecmp()/ngx_strncasecmp()
Igor Sysoev <igor@sysoev.ru>
parents:
906
diff
changeset
|
558 sizeof("Auth-Port") - 1) |
db7c468c447d
ngx_strcasecmp()/ngx_strncasecmp()
Igor Sysoev <igor@sysoev.ru>
parents:
906
diff
changeset
|
559 == 0) |
527 | 560 { |
561 ctx->port.len = ctx->header_end - ctx->header_start; | |
562 ctx->port.data = ctx->header_start; | |
563 | |
564 continue; | |
565 } | |
566 | |
567 if (len == sizeof("Auth-User") - 1 | |
1107
db7c468c447d
ngx_strcasecmp()/ngx_strncasecmp()
Igor Sysoev <igor@sysoev.ru>
parents:
906
diff
changeset
|
568 && ngx_strncasecmp(ctx->header_name_start, |
db7c468c447d
ngx_strcasecmp()/ngx_strncasecmp()
Igor Sysoev <igor@sysoev.ru>
parents:
906
diff
changeset
|
569 (u_char *) "Auth-User", |
db7c468c447d
ngx_strcasecmp()/ngx_strncasecmp()
Igor Sysoev <igor@sysoev.ru>
parents:
906
diff
changeset
|
570 sizeof("Auth-User") - 1) |
db7c468c447d
ngx_strcasecmp()/ngx_strncasecmp()
Igor Sysoev <igor@sysoev.ru>
parents:
906
diff
changeset
|
571 == 0) |
527 | 572 { |
573 s->login.len = ctx->header_end - ctx->header_start; | |
567 | 574 |
575 s->login.data = ngx_palloc(s->connection->pool, s->login.len); | |
576 if (s->login.data == NULL) { | |
577 ngx_close_connection(ctx->peer.connection); | |
578 ngx_destroy_pool(ctx->pool); | |
579 ngx_imap_session_internal_server_error(s); | |
580 return; | |
581 } | |
582 | |
583 ngx_memcpy(s->login.data, ctx->header_start, s->login.len); | |
527 | 584 |
585 continue; | |
586 } | |
587 | |
800 | 588 if (len == sizeof("Auth-Pass") - 1 |
1107
db7c468c447d
ngx_strcasecmp()/ngx_strncasecmp()
Igor Sysoev <igor@sysoev.ru>
parents:
906
diff
changeset
|
589 && ngx_strncasecmp(ctx->header_name_start, |
db7c468c447d
ngx_strcasecmp()/ngx_strncasecmp()
Igor Sysoev <igor@sysoev.ru>
parents:
906
diff
changeset
|
590 (u_char *) "Auth-Pass", |
db7c468c447d
ngx_strcasecmp()/ngx_strncasecmp()
Igor Sysoev <igor@sysoev.ru>
parents:
906
diff
changeset
|
591 sizeof("Auth-Pass") - 1) |
db7c468c447d
ngx_strcasecmp()/ngx_strncasecmp()
Igor Sysoev <igor@sysoev.ru>
parents:
906
diff
changeset
|
592 == 0) |
800 | 593 { |
594 s->passwd.len = ctx->header_end - ctx->header_start; | |
595 | |
596 s->passwd.data = ngx_palloc(s->connection->pool, s->passwd.len); | |
597 if (s->passwd.data == NULL) { | |
598 ngx_close_connection(ctx->peer.connection); | |
599 ngx_destroy_pool(ctx->pool); | |
600 ngx_imap_session_internal_server_error(s); | |
601 return; | |
602 } | |
603 | |
604 ngx_memcpy(s->passwd.data, ctx->header_start, s->passwd.len); | |
605 | |
606 continue; | |
607 } | |
608 | |
527 | 609 if (len == sizeof("Auth-Wait") - 1 |
1107
db7c468c447d
ngx_strcasecmp()/ngx_strncasecmp()
Igor Sysoev <igor@sysoev.ru>
parents:
906
diff
changeset
|
610 && ngx_strncasecmp(ctx->header_name_start, |
db7c468c447d
ngx_strcasecmp()/ngx_strncasecmp()
Igor Sysoev <igor@sysoev.ru>
parents:
906
diff
changeset
|
611 (u_char *) "Auth-Wait", |
db7c468c447d
ngx_strcasecmp()/ngx_strncasecmp()
Igor Sysoev <igor@sysoev.ru>
parents:
906
diff
changeset
|
612 sizeof("Auth-Wait") - 1) |
db7c468c447d
ngx_strcasecmp()/ngx_strncasecmp()
Igor Sysoev <igor@sysoev.ru>
parents:
906
diff
changeset
|
613 == 0) |
527 | 614 { |
615 n = ngx_atoi(ctx->header_start, | |
616 ctx->header_end - ctx->header_start); | |
617 | |
618 if (n != NGX_ERROR) { | |
619 ctx->sleep = n; | |
620 } | |
621 | |
622 continue; | |
623 } | |
624 | |
625 /* ignore other headers */ | |
626 | |
627 continue; | |
628 } | |
629 | |
630 if (rc == NGX_DONE) { | |
631 ngx_log_debug0(NGX_LOG_DEBUG_IMAP, s->connection->log, 0, | |
632 "auth http header done"); | |
633 | |
634 ngx_close_connection(ctx->peer.connection); | |
635 | |
636 if (ctx->err.len) { | |
567 | 637 ngx_log_error(NGX_LOG_INFO, s->connection->log, 0, |
638 "client login failed: \"%V\"", &ctx->errmsg); | |
639 | |
539 | 640 s->out = ctx->err; |
547 | 641 timer = ctx->sleep; |
527 | 642 |
547 | 643 ngx_destroy_pool(ctx->pool); |
644 | |
645 if (timer == 0) { | |
539 | 646 s->quit = 1; |
541 | 647 ngx_imap_send(s->connection->write); |
648 return; | |
649 } | |
539 | 650 |
547 | 651 ngx_add_timer(s->connection->read, timer * 1000); |
527 | 652 |
653 s->connection->read->handler = ngx_imap_auth_sleep_handler; | |
654 | |
655 return; | |
656 } | |
657 | |
883 | 658 if (s->auth_wait) { |
659 timer = ctx->sleep; | |
660 | |
661 ngx_destroy_pool(ctx->pool); | |
662 | |
663 if (timer == 0) { | |
664 ngx_imap_auth_http_init(s); | |
665 return; | |
666 } | |
667 | |
668 ngx_add_timer(s->connection->read, timer * 1000); | |
669 | |
670 s->connection->read->handler = ngx_imap_auth_sleep_handler; | |
671 | |
672 return; | |
673 } | |
674 | |
527 | 675 if (ctx->addr.len == 0 || ctx->port.len == 0) { |
676 ngx_log_error(NGX_LOG_ERR, s->connection->log, 0, | |
541 | 677 "auth http server %V did not send server or port", |
884 | 678 ctx->peer.name); |
547 | 679 ngx_destroy_pool(ctx->pool); |
527 | 680 ngx_imap_session_internal_server_error(s); |
681 return; | |
682 } | |
683 | |
800 | 684 if (s->passwd.data == NULL) { |
685 ngx_log_error(NGX_LOG_ERR, s->connection->log, 0, | |
686 "auth http server %V did not send password", | |
884 | 687 ctx->peer.name); |
800 | 688 ngx_destroy_pool(ctx->pool); |
689 ngx_imap_session_internal_server_error(s); | |
690 return; | |
691 } | |
692 | |
884 | 693 peer = ngx_pcalloc(s->connection->pool, sizeof(ngx_peer_addr_t)); |
694 if (peer == NULL) { | |
547 | 695 ngx_destroy_pool(ctx->pool); |
527 | 696 ngx_imap_session_internal_server_error(s); |
697 return; | |
698 } | |
699 | |
700 sin = ngx_pcalloc(s->connection->pool, sizeof(struct sockaddr_in)); | |
701 if (sin == NULL) { | |
547 | 702 ngx_destroy_pool(ctx->pool); |
527 | 703 ngx_imap_session_internal_server_error(s); |
704 return; | |
705 } | |
706 | |
707 sin->sin_family = AF_INET; | |
708 | |
709 port = ngx_atoi(ctx->port.data, ctx->port.len); | |
710 if (port == NGX_ERROR || port < 1 || port > 65536) { | |
711 ngx_log_error(NGX_LOG_ERR, s->connection->log, 0, | |
541 | 712 "auth http server %V sent invalid server " |
713 "port:\"%V\"", | |
884 | 714 ctx->peer.name, &ctx->port); |
547 | 715 ngx_destroy_pool(ctx->pool); |
527 | 716 ngx_imap_session_internal_server_error(s); |
717 return; | |
718 } | |
719 | |
720 sin->sin_port = htons((in_port_t) port); | |
721 | |
722 ctx->addr.data[ctx->addr.len] = '\0'; | |
723 sin->sin_addr.s_addr = inet_addr((char *) ctx->addr.data); | |
724 if (sin->sin_addr.s_addr == INADDR_NONE) { | |
725 ngx_log_error(NGX_LOG_ERR, s->connection->log, 0, | |
541 | 726 "auth http server %V sent invalid server " |
727 "address:\"%V\"", | |
884 | 728 ctx->peer.name, &ctx->addr); |
547 | 729 ngx_destroy_pool(ctx->pool); |
527 | 730 ngx_imap_session_internal_server_error(s); |
731 return; | |
732 } | |
733 | |
884 | 734 peer->sockaddr = (struct sockaddr *) sin; |
735 peer->socklen = sizeof(struct sockaddr_in); | |
527 | 736 |
737 len = ctx->addr.len + 1 + ctx->port.len; | |
738 | |
884 | 739 peer->name.len = len; |
527 | 740 |
884 | 741 peer->name.data = ngx_palloc(s->connection->pool, len); |
742 if (peer->name.data == NULL) { | |
547 | 743 ngx_destroy_pool(ctx->pool); |
527 | 744 ngx_imap_session_internal_server_error(s); |
745 return; | |
746 } | |
747 | |
748 len = ctx->addr.len; | |
749 | |
884 | 750 ngx_memcpy(peer->name.data, ctx->addr.data, len); |
527 | 751 |
884 | 752 peer->name.data[len++] = ':'; |
527 | 753 |
884 | 754 ngx_memcpy(peer->name.data + len, ctx->port.data, ctx->port.len); |
527 | 755 |
547 | 756 ngx_destroy_pool(ctx->pool); |
884 | 757 ngx_imap_proxy_init(s, peer); |
527 | 758 |
759 return; | |
760 } | |
761 | |
762 if (rc == NGX_AGAIN ) { | |
763 return; | |
764 } | |
765 | |
766 /* rc == NGX_ERROR */ | |
767 | |
768 ngx_log_error(NGX_LOG_ERR, s->connection->log, 0, | |
541 | 769 "auth http server %V sent invalid header in response", |
884 | 770 ctx->peer.name); |
527 | 771 ngx_close_connection(ctx->peer.connection); |
547 | 772 ngx_destroy_pool(ctx->pool); |
527 | 773 ngx_imap_session_internal_server_error(s); |
774 | |
775 return; | |
776 } | |
777 } | |
778 | |
521 | 779 |
527 | 780 static void |
781 ngx_imap_auth_sleep_handler(ngx_event_t *rev) | |
782 { | |
543 | 783 ngx_connection_t *c; |
784 ngx_imap_session_t *s; | |
785 ngx_imap_core_srv_conf_t *cscf; | |
527 | 786 |
787 ngx_log_debug0(NGX_LOG_DEBUG_IMAP, rev->log, 0, "imap auth sleep handler"); | |
788 | |
789 c = rev->data; | |
790 s = c->data; | |
791 | |
792 if (rev->timedout) { | |
793 | |
794 rev->timedout = 0; | |
795 | |
883 | 796 if (s->auth_wait) { |
797 s->auth_wait = 0; | |
798 ngx_imap_auth_http_init(s); | |
799 return; | |
800 } | |
801 | |
527 | 802 if (s->protocol == NGX_IMAP_POP3_PROTOCOL) { |
803 s->imap_state = ngx_pop3_start; | |
804 s->connection->read->handler = ngx_pop3_auth_state; | |
805 | |
806 } else { | |
807 s->imap_state = ngx_imap_start; | |
808 s->connection->read->handler = ngx_imap_auth_state; | |
809 } | |
810 | |
800 | 811 s->auth_method = NGX_IMAP_AUTH_PLAIN; |
812 | |
543 | 813 c->log->action = "in auth state"; |
814 | |
815 ngx_imap_send(s->connection->write); | |
816 | |
583 | 817 if (c->destroyed) { |
543 | 818 return; |
819 } | |
820 | |
821 cscf = ngx_imap_get_module_srv_conf(s, ngx_imap_core_module); | |
822 | |
823 ngx_add_timer(rev, cscf->timeout); | |
824 | |
527 | 825 if (rev->ready) { |
826 s->connection->read->handler(rev); | |
827 return; | |
828 } | |
829 | |
830 if (ngx_handle_read_event(rev, 0) == NGX_ERROR) { | |
831 ngx_imap_close_connection(s->connection); | |
832 } | |
833 | |
834 return; | |
835 } | |
836 | |
837 if (rev->active) { | |
838 if (ngx_handle_read_event(rev, 0) == NGX_ERROR) { | |
839 ngx_imap_close_connection(s->connection); | |
840 } | |
841 } | |
842 } | |
843 | |
844 | |
845 static ngx_int_t | |
846 ngx_imap_auth_http_parse_header_line(ngx_imap_session_t *s, | |
847 ngx_imap_auth_http_ctx_t *ctx) | |
848 { | |
849 u_char c, ch, *p; | |
850 ngx_uint_t hash; | |
851 enum { | |
852 sw_start = 0, | |
853 sw_name, | |
854 sw_space_before_value, | |
855 sw_value, | |
856 sw_space_after_value, | |
577 | 857 sw_almost_done, |
527 | 858 sw_header_almost_done |
859 } state; | |
860 | |
577 | 861 state = ctx->state; |
527 | 862 hash = ctx->hash; |
863 | |
864 for (p = ctx->response->pos; p < ctx->response->last; p++) { | |
865 ch = *p; | |
866 | |
867 switch (state) { | |
868 | |
869 /* first char */ | |
870 case sw_start: | |
871 | |
872 switch (ch) { | |
873 case CR: | |
577 | 874 ctx->header_end = p; |
527 | 875 state = sw_header_almost_done; |
876 break; | |
577 | 877 case LF: |
527 | 878 ctx->header_end = p; |
879 goto header_done; | |
880 default: | |
881 state = sw_name; | |
882 ctx->header_name_start = p; | |
883 | |
884 c = (u_char) (ch | 0x20); | |
885 if (c >= 'a' && c <= 'z') { | |
886 hash = c; | |
887 break; | |
888 } | |
889 | |
890 if (ch >= '0' && ch <= '9') { | |
891 hash = ch; | |
892 break; | |
893 } | |
894 | |
895 return NGX_ERROR; | |
896 } | |
897 break; | |
898 | |
899 /* header name */ | |
900 case sw_name: | |
901 c = (u_char) (ch | 0x20); | |
902 if (c >= 'a' && c <= 'z') { | |
903 hash += c; | |
904 break; | |
905 } | |
906 | |
907 if (ch == ':') { | |
908 ctx->header_name_end = p; | |
909 state = sw_space_before_value; | |
910 break; | |
911 } | |
912 | |
913 if (ch == '-') { | |
914 hash += ch; | |
915 break; | |
916 } | |
917 | |
918 if (ch >= '0' && ch <= '9') { | |
919 hash += ch; | |
920 break; | |
921 } | |
922 | |
923 if (ch == CR) { | |
924 ctx->header_name_end = p; | |
925 ctx->header_start = p; | |
926 ctx->header_end = p; | |
927 state = sw_almost_done; | |
928 break; | |
929 } | |
930 | |
931 if (ch == LF) { | |
932 ctx->header_name_end = p; | |
933 ctx->header_start = p; | |
934 ctx->header_end = p; | |
935 goto done; | |
936 } | |
937 | |
938 return NGX_ERROR; | |
939 | |
940 /* space* before header value */ | |
941 case sw_space_before_value: | |
942 switch (ch) { | |
943 case ' ': | |
944 break; | |
945 case CR: | |
946 ctx->header_start = p; | |
947 ctx->header_end = p; | |
948 state = sw_almost_done; | |
949 break; | |
950 case LF: | |
951 ctx->header_start = p; | |
952 ctx->header_end = p; | |
953 goto done; | |
954 default: | |
955 ctx->header_start = p; | |
956 state = sw_value; | |
957 break; | |
958 } | |
959 break; | |
960 | |
961 /* header value */ | |
962 case sw_value: | |
963 switch (ch) { | |
964 case ' ': | |
965 ctx->header_end = p; | |
966 state = sw_space_after_value; | |
967 break; | |
968 case CR: | |
969 ctx->header_end = p; | |
970 state = sw_almost_done; | |
971 break; | |
972 case LF: | |
973 ctx->header_end = p; | |
974 goto done; | |
975 } | |
976 break; | |
977 | |
978 /* space* before end of header line */ | |
979 case sw_space_after_value: | |
980 switch (ch) { | |
981 case ' ': | |
982 break; | |
983 case CR: | |
984 state = sw_almost_done; | |
985 break; | |
986 case LF: | |
987 goto done; | |
988 default: | |
989 state = sw_value; | |
990 break; | |
991 } | |
992 break; | |
993 | |
994 /* end of header line */ | |
995 case sw_almost_done: | |
996 switch (ch) { | |
997 case LF: | |
998 goto done; | |
999 default: | |
1000 return NGX_ERROR; | |
1001 } | |
1002 | |
1003 /* end of header */ | |
1004 case sw_header_almost_done: | |
1005 switch (ch) { | |
1006 case LF: | |
1007 goto header_done; | |
1008 default: | |
1009 return NGX_ERROR; | |
1010 } | |
1011 } | |
1012 } | |
1013 | |
1014 ctx->response->pos = p; | |
1015 ctx->state = state; | |
1016 ctx->hash = hash; | |
1017 | |
1018 return NGX_AGAIN; | |
1019 | |
1020 done: | |
1021 | |
1022 ctx->response->pos = p + 1; | |
1023 ctx->state = sw_start; | |
1024 ctx->hash = hash; | |
1025 | |
1026 return NGX_OK; | |
1027 | |
1028 header_done: | |
1029 | |
1030 ctx->response->pos = p + 1; | |
1031 ctx->state = sw_start; | |
1032 | |
1033 return NGX_DONE; | |
521 | 1034 } |
1035 | |
1036 | |
1037 static void | |
1038 ngx_imap_auth_http_block_read(ngx_event_t *rev) | |
1039 { | |
1040 ngx_connection_t *c; | |
1041 ngx_imap_session_t *s; | |
1042 ngx_imap_auth_http_ctx_t *ctx; | |
1043 | |
1044 ngx_log_debug0(NGX_LOG_DEBUG_IMAP, rev->log, 0, | |
1045 "imap auth http block read"); | |
1046 | |
1047 if (ngx_handle_read_event(rev, 0) == NGX_ERROR) { | |
1048 c = rev->data; | |
1049 s = c->data; | |
1050 | |
1051 ctx = ngx_imap_get_module_ctx(s, ngx_imap_auth_http_module); | |
1052 | |
525 | 1053 ngx_close_connection(ctx->peer.connection); |
547 | 1054 ngx_destroy_pool(ctx->pool); |
525 | 1055 ngx_imap_session_internal_server_error(s); |
521 | 1056 } |
1057 } | |
1058 | |
1059 | |
1060 static void | |
1061 ngx_imap_auth_http_dummy_handler(ngx_event_t *ev) | |
1062 { | |
1063 ngx_log_debug0(NGX_LOG_DEBUG_IMAP, ev->log, 0, | |
1064 "imap auth http dummy handler"); | |
1065 } | |
1066 | |
1067 | |
1068 static ngx_buf_t * | |
547 | 1069 ngx_imap_auth_http_create_request(ngx_imap_session_t *s, ngx_pool_t *pool, |
521 | 1070 ngx_imap_auth_http_conf_t *ahcf) |
1071 { | |
1072 size_t len; | |
1073 ngx_buf_t *b; | |
633 | 1074 ngx_str_t login, passwd; |
1075 | |
1076 if (ngx_imap_auth_http_escape(pool, &s->login, &login) != NGX_OK) { | |
1077 return NULL; | |
1078 } | |
1079 | |
1080 if (ngx_imap_auth_http_escape(pool, &s->passwd, &passwd) != NGX_OK) { | |
1081 return NULL; | |
1082 } | |
521 | 1083 |
1084 len = sizeof("GET ") - 1 + ahcf->uri.len + sizeof(" HTTP/1.0" CRLF) - 1 | |
1085 + sizeof("Host: ") - 1 + ahcf->host_header.len + sizeof(CRLF) - 1 | |
856
0197d6aae54e
use correct auth method length
Igor Sysoev <igor@sysoev.ru>
parents:
854
diff
changeset
|
1086 + sizeof("Auth-Method: ") - 1 |
0197d6aae54e
use correct auth method length
Igor Sysoev <igor@sysoev.ru>
parents:
854
diff
changeset
|
1087 + ngx_imap_auth_http_method[s->auth_method].len |
0197d6aae54e
use correct auth method length
Igor Sysoev <igor@sysoev.ru>
parents:
854
diff
changeset
|
1088 + sizeof(CRLF) - 1 |
633 | 1089 + sizeof("Auth-User: ") - 1 + login.len + sizeof(CRLF) - 1 |
1090 + sizeof("Auth-Pass: ") - 1 + passwd.len + sizeof(CRLF) - 1 | |
800 | 1091 + sizeof("Auth-Salt: ") - 1 + s->salt.len |
521 | 1092 + sizeof("Auth-Protocol: imap" CRLF) - 1 |
527 | 1093 + sizeof("Auth-Login-Attempt: ") - 1 + NGX_INT_T_LEN |
1094 + sizeof(CRLF) - 1 | |
521 | 1095 + sizeof("Client-IP: ") - 1 + s->connection->addr_text.len |
1096 + sizeof(CRLF) - 1 | |
1097 + sizeof(CRLF) - 1; | |
1098 | |
547 | 1099 b = ngx_create_temp_buf(pool, len); |
521 | 1100 if (b == NULL) { |
1101 return NULL; | |
1102 } | |
1103 | |
1104 b->last = ngx_cpymem(b->last, "GET ", sizeof("GET ") - 1); | |
573 | 1105 b->last = ngx_copy(b->last, ahcf->uri.data, ahcf->uri.len); |
521 | 1106 b->last = ngx_cpymem(b->last, " HTTP/1.0" CRLF, |
1107 sizeof(" HTTP/1.0" CRLF) - 1); | |
1108 | |
1109 b->last = ngx_cpymem(b->last, "Host: ", sizeof("Host: ") - 1); | |
573 | 1110 b->last = ngx_copy(b->last, ahcf->host_header.data, |
521 | 1111 ahcf->host_header.len); |
1112 *b->last++ = CR; *b->last++ = LF; | |
1113 | |
800 | 1114 b->last = ngx_cpymem(b->last, "Auth-Method: ", |
1115 sizeof("Auth-Method: ") - 1); | |
1116 b->last = ngx_cpymem(b->last, | |
1117 ngx_imap_auth_http_method[s->auth_method].data, | |
1118 ngx_imap_auth_http_method[s->auth_method].len); | |
1119 *b->last++ = CR; *b->last++ = LF; | |
521 | 1120 |
1121 b->last = ngx_cpymem(b->last, "Auth-User: ", sizeof("Auth-User: ") - 1); | |
633 | 1122 b->last = ngx_copy(b->last, login.data, login.len); |
521 | 1123 *b->last++ = CR; *b->last++ = LF; |
1124 | |
1125 b->last = ngx_cpymem(b->last, "Auth-Pass: ", sizeof("Auth-Pass: ") - 1); | |
633 | 1126 b->last = ngx_copy(b->last, passwd.data, passwd.len); |
521 | 1127 *b->last++ = CR; *b->last++ = LF; |
1128 | |
809 | 1129 if (s->auth_method != NGX_IMAP_AUTH_PLAIN && s->salt.len) { |
800 | 1130 b->last = ngx_cpymem(b->last, "Auth-Salt: ", sizeof("Auth-Salt: ") - 1); |
1131 b->last = ngx_copy(b->last, s->salt.data, s->salt.len); | |
1132 | |
1133 s->passwd.data = NULL; | |
1134 } | |
1135 | |
521 | 1136 b->last = ngx_cpymem(b->last, "Auth-Protocol: ", |
1137 sizeof("Auth-Protocol: ") - 1); | |
1138 b->last = ngx_cpymem(b->last, ngx_imap_auth_http_protocol[s->protocol], | |
1139 sizeof("imap") - 1); | |
1140 *b->last++ = CR; *b->last++ = LF; | |
1141 | |
527 | 1142 b->last = ngx_sprintf(b->last, "Auth-Login-Attempt: %ui" CRLF, |
1143 s->login_attempt); | |
1144 | |
521 | 1145 b->last = ngx_cpymem(b->last, "Client-IP: ", sizeof("Client-IP: ") - 1); |
573 | 1146 b->last = ngx_copy(b->last, s->connection->addr_text.data, |
521 | 1147 s->connection->addr_text.len); |
1148 *b->last++ = CR; *b->last++ = LF; | |
1149 | |
573 | 1150 if (ahcf->header.len) { |
1151 b->last = ngx_copy(b->last, ahcf->header.data, ahcf->header.len); | |
1152 } | |
1153 | |
521 | 1154 /* add "\r\n" at the header end */ |
1155 *b->last++ = CR; *b->last++ = LF; | |
1156 | |
547 | 1157 #if (NGX_DEBUG_IMAP_PASSWD) |
521 | 1158 { |
1159 ngx_str_t l; | |
1160 | |
1161 l.len = b->last - b->pos; | |
1162 l.data = b->pos; | |
527 | 1163 ngx_log_debug1(NGX_LOG_DEBUG_IMAP, s->connection->log, 0, |
521 | 1164 "imap auth http header:\n\"%V\"", &l); |
1165 } | |
1166 #endif | |
1167 | |
1168 return b; | |
1169 } | |
1170 | |
1171 | |
633 | 1172 static ngx_int_t |
1173 ngx_imap_auth_http_escape(ngx_pool_t *pool, ngx_str_t *text, ngx_str_t *escaped) | |
1174 { | |
1175 u_char ch, *p; | |
1176 ngx_uint_t i, n; | |
1177 | |
1178 n = 0; | |
1179 | |
1180 for (i = 0; i < text->len; i++) { | |
1181 ch = text->data[i]; | |
1182 | |
1183 if (ch == CR || ch == LF) { | |
1184 n++; | |
1185 } | |
1186 } | |
1187 | |
1188 if (n == 0) { | |
1189 *escaped = *text; | |
1190 return NGX_OK; | |
1191 } | |
1192 | |
1193 escaped->len = text->len + n * 2; | |
1194 | |
1195 p = ngx_palloc(pool, escaped->len); | |
1196 if (p == NULL) { | |
1197 return NGX_ERROR; | |
1198 } | |
1199 | |
1200 escaped->data = p; | |
1201 | |
1202 for (i = 0; i < text->len; i++) { | |
1203 ch = text->data[i]; | |
1204 | |
1205 if (ch == CR) { | |
1206 *p++ = '%'; | |
1207 *p++ = '0'; | |
1208 *p++ = 'D'; | |
1209 continue; | |
1210 } | |
1211 | |
1212 if (ch == LF) { | |
1213 *p++ = '%'; | |
1214 *p++ = '0'; | |
1215 *p++ = 'A'; | |
1216 continue; | |
1217 } | |
1218 | |
1219 *p++ = ch; | |
1220 } | |
1221 | |
1222 return NGX_OK; | |
1223 } | |
1224 | |
1225 | |
521 | 1226 static void * |
1227 ngx_imap_auth_http_create_conf(ngx_conf_t *cf) | |
577 | 1228 { |
521 | 1229 ngx_imap_auth_http_conf_t *ahcf; |
577 | 1230 |
521 | 1231 ahcf = ngx_pcalloc(cf->pool, sizeof(ngx_imap_auth_http_conf_t)); |
1232 if (ahcf == NULL) { | |
1233 return NGX_CONF_ERROR; | |
1234 } | |
1235 | |
1236 ahcf->timeout = NGX_CONF_UNSET_MSEC; | |
1237 | |
1238 return ahcf; | |
1239 } | |
1240 | |
1241 | |
1242 static char * | |
1243 ngx_imap_auth_http_merge_conf(ngx_conf_t *cf, void *parent, void *child) | |
1244 { | |
1245 ngx_imap_auth_http_conf_t *prev = parent; | |
1246 ngx_imap_auth_http_conf_t *conf = child; | |
1247 | |
573 | 1248 u_char *p; |
1249 size_t len; | |
1250 ngx_uint_t i; | |
1251 ngx_table_elt_t *header; | |
1252 | |
884 | 1253 if (conf->peer == NULL) { |
1254 conf->peer = prev->peer; | |
521 | 1255 conf->host_header = prev->host_header; |
1256 conf->uri = prev->uri; | |
1257 } | |
1258 | |
1259 ngx_conf_merge_msec_value(conf->timeout, prev->timeout, 60000); | |
1260 | |
573 | 1261 if (conf->headers == NULL) { |
1262 conf->headers = prev->headers; | |
1263 conf->header = prev->header; | |
1264 } | |
1265 | |
1266 if (conf->headers && conf->header.len == 0) { | |
1267 len = 0; | |
1268 header = conf->headers->elts; | |
1269 for (i = 0; i < conf->headers->nelts; i++) { | |
1270 len += header[i].key.len + 2 + header[i].value.len + 2; | |
1271 } | |
1272 | |
1273 p = ngx_palloc(cf->pool, len); | |
1274 if (p == NULL) { | |
1275 return NGX_CONF_ERROR; | |
1276 } | |
1277 | |
1278 conf->header.len = len; | |
1279 conf->header.data = p; | |
1280 | |
1281 for (i = 0; i < conf->headers->nelts; i++) { | |
1282 p = ngx_cpymem(p, header[i].key.data, header[i].key.len); | |
1283 *p++ = ':'; *p++ = ' '; | |
1284 p = ngx_cpymem(p, header[i].value.data, header[i].value.len); | |
1285 *p++ = CR; *p++ = LF; | |
1286 } | |
1287 } | |
1288 | |
521 | 1289 return NGX_CONF_OK; |
1290 } | |
1291 | |
1292 | |
1293 static char * | |
1294 ngx_imap_auth_http(ngx_conf_t *cf, ngx_command_t *cmd, void *conf) | |
577 | 1295 { |
521 | 1296 ngx_imap_auth_http_conf_t *ahcf = conf; |
1297 | |
805
8ee450f30c25
now the "auth_http" directive uses ngx_parse_url()
Igor Sysoev <igor@sysoev.ru>
parents:
800
diff
changeset
|
1298 ngx_str_t *value; |
8ee450f30c25
now the "auth_http" directive uses ngx_parse_url()
Igor Sysoev <igor@sysoev.ru>
parents:
800
diff
changeset
|
1299 ngx_url_t u; |
573 | 1300 |
521 | 1301 value = cf->args->elts; |
1302 | |
805
8ee450f30c25
now the "auth_http" directive uses ngx_parse_url()
Igor Sysoev <igor@sysoev.ru>
parents:
800
diff
changeset
|
1303 ngx_memzero(&u, sizeof(ngx_url_t)); |
521 | 1304 |
805
8ee450f30c25
now the "auth_http" directive uses ngx_parse_url()
Igor Sysoev <igor@sysoev.ru>
parents:
800
diff
changeset
|
1305 u.url = value[1]; |
906 | 1306 u.default_port = 80; |
805
8ee450f30c25
now the "auth_http" directive uses ngx_parse_url()
Igor Sysoev <igor@sysoev.ru>
parents:
800
diff
changeset
|
1307 u.uri_part = 1; |
884 | 1308 u.one_addr = 1; |
577 | 1309 |
805
8ee450f30c25
now the "auth_http" directive uses ngx_parse_url()
Igor Sysoev <igor@sysoev.ru>
parents:
800
diff
changeset
|
1310 if (ngx_parse_url(cf, &u) != NGX_OK) { |
8ee450f30c25
now the "auth_http" directive uses ngx_parse_url()
Igor Sysoev <igor@sysoev.ru>
parents:
800
diff
changeset
|
1311 if (u.err) { |
8ee450f30c25
now the "auth_http" directive uses ngx_parse_url()
Igor Sysoev <igor@sysoev.ru>
parents:
800
diff
changeset
|
1312 ngx_conf_log_error(NGX_LOG_EMERG, cf, 0, |
8ee450f30c25
now the "auth_http" directive uses ngx_parse_url()
Igor Sysoev <igor@sysoev.ru>
parents:
800
diff
changeset
|
1313 "%s in auth_http \"%V\"", u.err, &u.url); |
8ee450f30c25
now the "auth_http" directive uses ngx_parse_url()
Igor Sysoev <igor@sysoev.ru>
parents:
800
diff
changeset
|
1314 } |
8ee450f30c25
now the "auth_http" directive uses ngx_parse_url()
Igor Sysoev <igor@sysoev.ru>
parents:
800
diff
changeset
|
1315 } |
521 | 1316 |
884 | 1317 ahcf->peer = u.addrs; |
521 | 1318 |
906 | 1319 ahcf->host_header = u.host; |
805
8ee450f30c25
now the "auth_http" directive uses ngx_parse_url()
Igor Sysoev <igor@sysoev.ru>
parents:
800
diff
changeset
|
1320 ahcf->uri = u.uri; |
521 | 1321 |
559 | 1322 if (ahcf->uri.len == 0) { |
555 | 1323 ahcf->uri.len = sizeof("/") - 1; |
1324 ahcf->uri.data = (u_char *) "/"; | |
1325 } | |
1326 | |
521 | 1327 return NGX_CONF_OK; |
1328 } | |
573 | 1329 |
1330 | |
1331 static char * | |
1332 ngx_imap_auth_http_header(ngx_conf_t *cf, ngx_command_t *cmd, void *conf) | |
577 | 1333 { |
573 | 1334 ngx_imap_auth_http_conf_t *ahcf = conf; |
1335 | |
1336 ngx_str_t *value; | |
1337 ngx_table_elt_t *header; | |
1338 | |
1339 if (ahcf->headers == NULL) { | |
1340 ahcf->headers = ngx_array_create(cf->pool, 1, sizeof(ngx_table_elt_t)); | |
1341 if (ahcf->headers == NULL) { | |
1342 return NGX_CONF_ERROR; | |
1343 } | |
1344 } | |
1345 | |
1346 header = ngx_array_push(ahcf->headers); | |
1347 if (header == NULL) { | |
1348 return NGX_CONF_ERROR; | |
1349 } | |
1350 | |
1351 value = cf->args->elts; | |
1352 | |
1353 header->key = value[1]; | |
1354 header->value = value[2]; | |
1355 | |
1356 return NGX_CONF_OK; | |
1357 } |