| |
| /* |
| * Copyright (C) Igor Sysoev |
| * Copyright (C) Nginx, Inc. |
| */ |
| |
| |
| #include <ngx_config.h> |
| #include <ngx_core.h> |
| #include <ngx_event.h> |
| #include <ngx_mail.h> |
| |
| |
| static void ngx_mail_init_session(ngx_connection_t *c); |
| |
| #if (NGX_MAIL_SSL) |
| static void ngx_mail_ssl_init_connection(ngx_ssl_t *ssl, ngx_connection_t *c); |
| static void ngx_mail_ssl_handshake_handler(ngx_connection_t *c); |
| #endif |
| |
| |
| void |
| ngx_mail_init_connection(ngx_connection_t *c) |
| { |
| ngx_uint_t i; |
| ngx_mail_port_t *port; |
| struct sockaddr *sa; |
| struct sockaddr_in *sin; |
| ngx_mail_log_ctx_t *ctx; |
| ngx_mail_in_addr_t *addr; |
| ngx_mail_session_t *s; |
| ngx_mail_addr_conf_t *addr_conf; |
| #if (NGX_HAVE_INET6) |
| struct sockaddr_in6 *sin6; |
| ngx_mail_in6_addr_t *addr6; |
| #endif |
| |
| |
| /* find the server configuration for the address:port */ |
| |
| port = c->listening->servers; |
| |
| if (port->naddrs > 1) { |
| |
| /* |
| * There are several addresses on this port and one of them |
| * is the "*:port" wildcard so getsockname() is needed to determine |
| * the server address. |
| * |
| * AcceptEx() already gave this address. |
| */ |
| |
| if (ngx_connection_local_sockaddr(c, NULL, 0) != NGX_OK) { |
| ngx_mail_close_connection(c); |
| return; |
| } |
| |
| sa = c->local_sockaddr; |
| |
| switch (sa->sa_family) { |
| |
| #if (NGX_HAVE_INET6) |
| case AF_INET6: |
| sin6 = (struct sockaddr_in6 *) sa; |
| |
| addr6 = port->addrs; |
| |
| /* the last address is "*" */ |
| |
| for (i = 0; i < port->naddrs - 1; i++) { |
| if (ngx_memcmp(&addr6[i].addr6, &sin6->sin6_addr, 16) == 0) { |
| break; |
| } |
| } |
| |
| addr_conf = &addr6[i].conf; |
| |
| break; |
| #endif |
| |
| default: /* AF_INET */ |
| sin = (struct sockaddr_in *) sa; |
| |
| addr = port->addrs; |
| |
| /* the last address is "*" */ |
| |
| for (i = 0; i < port->naddrs - 1; i++) { |
| if (addr[i].addr == sin->sin_addr.s_addr) { |
| break; |
| } |
| } |
| |
| addr_conf = &addr[i].conf; |
| |
| break; |
| } |
| |
| } else { |
| switch (c->local_sockaddr->sa_family) { |
| |
| #if (NGX_HAVE_INET6) |
| case AF_INET6: |
| addr6 = port->addrs; |
| addr_conf = &addr6[0].conf; |
| break; |
| #endif |
| |
| default: /* AF_INET */ |
| addr = port->addrs; |
| addr_conf = &addr[0].conf; |
| break; |
| } |
| } |
| |
| s = ngx_pcalloc(c->pool, sizeof(ngx_mail_session_t)); |
| if (s == NULL) { |
| ngx_mail_close_connection(c); |
| return; |
| } |
| |
| s->main_conf = addr_conf->ctx->main_conf; |
| s->srv_conf = addr_conf->ctx->srv_conf; |
| |
| s->addr_text = &addr_conf->addr_text; |
| |
| c->data = s; |
| s->connection = c; |
| |
| ngx_log_error(NGX_LOG_INFO, c->log, 0, "*%ui client %V connected to %V", |
| c->number, &c->addr_text, s->addr_text); |
| |
| ctx = ngx_palloc(c->pool, sizeof(ngx_mail_log_ctx_t)); |
| if (ctx == NULL) { |
| ngx_mail_close_connection(c); |
| return; |
| } |
| |
| ctx->client = &c->addr_text; |
| ctx->session = s; |
| |
| c->log->connection = c->number; |
| c->log->handler = ngx_mail_log_error; |
| c->log->data = ctx; |
| c->log->action = "sending client greeting line"; |
| |
| c->log_error = NGX_ERROR_INFO; |
| |
| #if (NGX_MAIL_SSL) |
| { |
| ngx_mail_ssl_conf_t *sslcf; |
| |
| sslcf = ngx_mail_get_module_srv_conf(s, ngx_mail_ssl_module); |
| |
| if (sslcf->enable) { |
| c->log->action = "SSL handshaking"; |
| |
| ngx_mail_ssl_init_connection(&sslcf->ssl, c); |
| return; |
| } |
| |
| if (addr_conf->ssl) { |
| |
| c->log->action = "SSL handshaking"; |
| |
| if (sslcf->ssl.ctx == NULL) { |
| ngx_log_error(NGX_LOG_ERR, c->log, 0, |
| "no \"ssl_certificate\" is defined " |
| "in server listening on SSL port"); |
| ngx_mail_close_connection(c); |
| return; |
| } |
| |
| ngx_mail_ssl_init_connection(&sslcf->ssl, c); |
| return; |
| } |
| |
| } |
| #endif |
| |
| ngx_mail_init_session(c); |
| } |
| |
| |
| #if (NGX_MAIL_SSL) |
| |
| void |
| ngx_mail_starttls_handler(ngx_event_t *rev) |
| { |
| ngx_connection_t *c; |
| ngx_mail_session_t *s; |
| ngx_mail_ssl_conf_t *sslcf; |
| |
| c = rev->data; |
| s = c->data; |
| s->starttls = 1; |
| |
| c->log->action = "in starttls state"; |
| |
| sslcf = ngx_mail_get_module_srv_conf(s, ngx_mail_ssl_module); |
| |
| ngx_mail_ssl_init_connection(&sslcf->ssl, c); |
| } |
| |
| |
| static void |
| ngx_mail_ssl_init_connection(ngx_ssl_t *ssl, ngx_connection_t *c) |
| { |
| ngx_mail_session_t *s; |
| ngx_mail_core_srv_conf_t *cscf; |
| |
| if (ngx_ssl_create_connection(ssl, c, 0) == NGX_ERROR) { |
| ngx_mail_close_connection(c); |
| return; |
| } |
| |
| if (ngx_ssl_handshake(c) == NGX_AGAIN) { |
| |
| s = c->data; |
| |
| cscf = ngx_mail_get_module_srv_conf(s, ngx_mail_core_module); |
| |
| ngx_add_timer(c->read, cscf->timeout); |
| |
| c->ssl->handler = ngx_mail_ssl_handshake_handler; |
| |
| return; |
| } |
| |
| ngx_mail_ssl_handshake_handler(c); |
| } |
| |
| |
| static void |
| ngx_mail_ssl_handshake_handler(ngx_connection_t *c) |
| { |
| ngx_mail_session_t *s; |
| ngx_mail_core_srv_conf_t *cscf; |
| |
| if (c->ssl->handshaked) { |
| |
| s = c->data; |
| |
| if (s->starttls) { |
| cscf = ngx_mail_get_module_srv_conf(s, ngx_mail_core_module); |
| |
| c->read->handler = cscf->protocol->init_protocol; |
| c->write->handler = ngx_mail_send; |
| |
| cscf->protocol->init_protocol(c->read); |
| |
| return; |
| } |
| |
| c->read->ready = 0; |
| |
| ngx_mail_init_session(c); |
| return; |
| } |
| |
| ngx_mail_close_connection(c); |
| } |
| |
| #endif |
| |
| |
| static void |
| ngx_mail_init_session(ngx_connection_t *c) |
| { |
| ngx_mail_session_t *s; |
| ngx_mail_core_srv_conf_t *cscf; |
| |
| s = c->data; |
| |
| cscf = ngx_mail_get_module_srv_conf(s, ngx_mail_core_module); |
| |
| s->protocol = cscf->protocol->type; |
| |
| s->ctx = ngx_pcalloc(c->pool, sizeof(void *) * ngx_mail_max_module); |
| if (s->ctx == NULL) { |
| ngx_mail_session_internal_server_error(s); |
| return; |
| } |
| |
| c->write->handler = ngx_mail_send; |
| |
| cscf->protocol->init_session(s, c); |
| } |
| |
| |
| ngx_int_t |
| ngx_mail_salt(ngx_mail_session_t *s, ngx_connection_t *c, |
| ngx_mail_core_srv_conf_t *cscf) |
| { |
| s->salt.data = ngx_pnalloc(c->pool, |
| sizeof(" <18446744073709551616.@>" CRLF) - 1 |
| + NGX_TIME_T_LEN |
| + cscf->server_name.len); |
| if (s->salt.data == NULL) { |
| return NGX_ERROR; |
| } |
| |
| s->salt.len = ngx_sprintf(s->salt.data, "<%ul.%T@%V>" CRLF, |
| ngx_random(), ngx_time(), &cscf->server_name) |
| - s->salt.data; |
| |
| return NGX_OK; |
| } |
| |
| |
| #if (NGX_MAIL_SSL) |
| |
| ngx_int_t |
| ngx_mail_starttls_only(ngx_mail_session_t *s, ngx_connection_t *c) |
| { |
| ngx_mail_ssl_conf_t *sslcf; |
| |
| if (c->ssl) { |
| return 0; |
| } |
| |
| sslcf = ngx_mail_get_module_srv_conf(s, ngx_mail_ssl_module); |
| |
| if (sslcf->starttls == NGX_MAIL_STARTTLS_ONLY) { |
| return 1; |
| } |
| |
| return 0; |
| } |
| |
| #endif |
| |
| |
| ngx_int_t |
| ngx_mail_auth_plain(ngx_mail_session_t *s, ngx_connection_t *c, ngx_uint_t n) |
| { |
| u_char *p, *last; |
| ngx_str_t *arg, plain; |
| |
| arg = s->args.elts; |
| |
| #if (NGX_DEBUG_MAIL_PASSWD) |
| ngx_log_debug1(NGX_LOG_DEBUG_MAIL, c->log, 0, |
| "mail auth plain: \"%V\"", &arg[n]); |
| #endif |
| |
| plain.data = ngx_pnalloc(c->pool, ngx_base64_decoded_length(arg[n].len)); |
| if (plain.data == NULL) { |
| return NGX_ERROR; |
| } |
| |
| if (ngx_decode_base64(&plain, &arg[n]) != NGX_OK) { |
| ngx_log_error(NGX_LOG_INFO, c->log, 0, |
| "client sent invalid base64 encoding in AUTH PLAIN command"); |
| return NGX_MAIL_PARSE_INVALID_COMMAND; |
| } |
| |
| p = plain.data; |
| last = p + plain.len; |
| |
| while (p < last && *p++) { /* void */ } |
| |
| if (p == last) { |
| ngx_log_error(NGX_LOG_INFO, c->log, 0, |
| "client sent invalid login in AUTH PLAIN command"); |
| return NGX_MAIL_PARSE_INVALID_COMMAND; |
| } |
| |
| s->login.data = p; |
| |
| while (p < last && *p) { p++; } |
| |
| if (p == last) { |
| ngx_log_error(NGX_LOG_INFO, c->log, 0, |
| "client sent invalid password in AUTH PLAIN command"); |
| return NGX_MAIL_PARSE_INVALID_COMMAND; |
| } |
| |
| s->login.len = p++ - s->login.data; |
| |
| s->passwd.len = last - p; |
| s->passwd.data = p; |
| |
| #if (NGX_DEBUG_MAIL_PASSWD) |
| ngx_log_debug2(NGX_LOG_DEBUG_MAIL, c->log, 0, |
| "mail auth plain: \"%V\" \"%V\"", &s->login, &s->passwd); |
| #endif |
| |
| return NGX_DONE; |
| } |
| |
| |
| ngx_int_t |
| ngx_mail_auth_login_username(ngx_mail_session_t *s, ngx_connection_t *c, |
| ngx_uint_t n) |
| { |
| ngx_str_t *arg; |
| |
| arg = s->args.elts; |
| |
| ngx_log_debug1(NGX_LOG_DEBUG_MAIL, c->log, 0, |
| "mail auth login username: \"%V\"", &arg[n]); |
| |
| s->login.data = ngx_pnalloc(c->pool, ngx_base64_decoded_length(arg[n].len)); |
| if (s->login.data == NULL) { |
| return NGX_ERROR; |
| } |
| |
| if (ngx_decode_base64(&s->login, &arg[n]) != NGX_OK) { |
| ngx_log_error(NGX_LOG_INFO, c->log, 0, |
| "client sent invalid base64 encoding in AUTH LOGIN command"); |
| return NGX_MAIL_PARSE_INVALID_COMMAND; |
| } |
| |
| ngx_log_debug1(NGX_LOG_DEBUG_MAIL, c->log, 0, |
| "mail auth login username: \"%V\"", &s->login); |
| |
| return NGX_OK; |
| } |
| |
| |
| ngx_int_t |
| ngx_mail_auth_login_password(ngx_mail_session_t *s, ngx_connection_t *c) |
| { |
| ngx_str_t *arg; |
| |
| arg = s->args.elts; |
| |
| #if (NGX_DEBUG_MAIL_PASSWD) |
| ngx_log_debug1(NGX_LOG_DEBUG_MAIL, c->log, 0, |
| "mail auth login password: \"%V\"", &arg[0]); |
| #endif |
| |
| s->passwd.data = ngx_pnalloc(c->pool, |
| ngx_base64_decoded_length(arg[0].len)); |
| if (s->passwd.data == NULL) { |
| return NGX_ERROR; |
| } |
| |
| if (ngx_decode_base64(&s->passwd, &arg[0]) != NGX_OK) { |
| ngx_log_error(NGX_LOG_INFO, c->log, 0, |
| "client sent invalid base64 encoding in AUTH LOGIN command"); |
| return NGX_MAIL_PARSE_INVALID_COMMAND; |
| } |
| |
| #if (NGX_DEBUG_MAIL_PASSWD) |
| ngx_log_debug1(NGX_LOG_DEBUG_MAIL, c->log, 0, |
| "mail auth login password: \"%V\"", &s->passwd); |
| #endif |
| |
| return NGX_DONE; |
| } |
| |
| |
| ngx_int_t |
| ngx_mail_auth_cram_md5_salt(ngx_mail_session_t *s, ngx_connection_t *c, |
| char *prefix, size_t len) |
| { |
| u_char *p; |
| ngx_str_t salt; |
| ngx_uint_t n; |
| |
| p = ngx_pnalloc(c->pool, len + ngx_base64_encoded_length(s->salt.len) + 2); |
| if (p == NULL) { |
| return NGX_ERROR; |
| } |
| |
| salt.data = ngx_cpymem(p, prefix, len); |
| s->salt.len -= 2; |
| |
| ngx_encode_base64(&salt, &s->salt); |
| |
| s->salt.len += 2; |
| n = len + salt.len; |
| p[n++] = CR; p[n++] = LF; |
| |
| s->out.len = n; |
| s->out.data = p; |
| |
| return NGX_OK; |
| } |
| |
| |
| ngx_int_t |
| ngx_mail_auth_cram_md5(ngx_mail_session_t *s, ngx_connection_t *c) |
| { |
| u_char *p, *last; |
| ngx_str_t *arg; |
| |
| arg = s->args.elts; |
| |
| ngx_log_debug1(NGX_LOG_DEBUG_MAIL, c->log, 0, |
| "mail auth cram-md5: \"%V\"", &arg[0]); |
| |
| s->login.data = ngx_pnalloc(c->pool, ngx_base64_decoded_length(arg[0].len)); |
| if (s->login.data == NULL) { |
| return NGX_ERROR; |
| } |
| |
| if (ngx_decode_base64(&s->login, &arg[0]) != NGX_OK) { |
| ngx_log_error(NGX_LOG_INFO, c->log, 0, |
| "client sent invalid base64 encoding in AUTH CRAM-MD5 command"); |
| return NGX_MAIL_PARSE_INVALID_COMMAND; |
| } |
| |
| p = s->login.data; |
| last = p + s->login.len; |
| |
| while (p < last) { |
| if (*p++ == ' ') { |
| s->login.len = p - s->login.data - 1; |
| s->passwd.len = last - p; |
| s->passwd.data = p; |
| break; |
| } |
| } |
| |
| if (s->passwd.len != 32) { |
| ngx_log_error(NGX_LOG_INFO, c->log, 0, |
| "client sent invalid CRAM-MD5 hash in AUTH CRAM-MD5 command"); |
| return NGX_MAIL_PARSE_INVALID_COMMAND; |
| } |
| |
| ngx_log_debug2(NGX_LOG_DEBUG_MAIL, c->log, 0, |
| "mail auth cram-md5: \"%V\" \"%V\"", &s->login, &s->passwd); |
| |
| s->auth_method = NGX_MAIL_AUTH_CRAM_MD5; |
| |
| return NGX_DONE; |
| } |
| |
| |
| void |
| ngx_mail_send(ngx_event_t *wev) |
| { |
| ngx_int_t n; |
| ngx_connection_t *c; |
| ngx_mail_session_t *s; |
| ngx_mail_core_srv_conf_t *cscf; |
| |
| c = wev->data; |
| s = c->data; |
| |
| if (wev->timedout) { |
| ngx_log_error(NGX_LOG_INFO, c->log, NGX_ETIMEDOUT, "client timed out"); |
| c->timedout = 1; |
| ngx_mail_close_connection(c); |
| return; |
| } |
| |
| if (s->out.len == 0) { |
| if (ngx_handle_write_event(c->write, 0) != NGX_OK) { |
| ngx_mail_close_connection(c); |
| } |
| |
| return; |
| } |
| |
| n = c->send(c, s->out.data, s->out.len); |
| |
| if (n > 0) { |
| s->out.len -= n; |
| |
| if (wev->timer_set) { |
| ngx_del_timer(wev); |
| } |
| |
| if (s->quit) { |
| ngx_mail_close_connection(c); |
| return; |
| } |
| |
| if (s->blocked) { |
| c->read->handler(c->read); |
| } |
| |
| return; |
| } |
| |
| if (n == NGX_ERROR) { |
| ngx_mail_close_connection(c); |
| return; |
| } |
| |
| /* n == NGX_AGAIN */ |
| |
| cscf = ngx_mail_get_module_srv_conf(s, ngx_mail_core_module); |
| |
| ngx_add_timer(c->write, cscf->timeout); |
| |
| if (ngx_handle_write_event(c->write, 0) != NGX_OK) { |
| ngx_mail_close_connection(c); |
| return; |
| } |
| } |
| |
| |
| ngx_int_t |
| ngx_mail_read_command(ngx_mail_session_t *s, ngx_connection_t *c) |
| { |
| ssize_t n; |
| ngx_int_t rc; |
| ngx_str_t l; |
| ngx_mail_core_srv_conf_t *cscf; |
| |
| n = c->recv(c, s->buffer->last, s->buffer->end - s->buffer->last); |
| |
| if (n == NGX_ERROR || n == 0) { |
| ngx_mail_close_connection(c); |
| return NGX_ERROR; |
| } |
| |
| if (n > 0) { |
| s->buffer->last += n; |
| } |
| |
| if (n == NGX_AGAIN) { |
| if (ngx_handle_read_event(c->read, 0) != NGX_OK) { |
| ngx_mail_session_internal_server_error(s); |
| return NGX_ERROR; |
| } |
| |
| if (s->buffer->pos == s->buffer->last) { |
| return NGX_AGAIN; |
| } |
| } |
| |
| cscf = ngx_mail_get_module_srv_conf(s, ngx_mail_core_module); |
| |
| rc = cscf->protocol->parse_command(s); |
| |
| if (rc == NGX_AGAIN) { |
| |
| if (s->buffer->last < s->buffer->end) { |
| return rc; |
| } |
| |
| l.len = s->buffer->last - s->buffer->start; |
| l.data = s->buffer->start; |
| |
| ngx_log_error(NGX_LOG_INFO, c->log, 0, |
| "client sent too long command \"%V\"", &l); |
| |
| s->quit = 1; |
| |
| return NGX_MAIL_PARSE_INVALID_COMMAND; |
| } |
| |
| if (rc == NGX_IMAP_NEXT || rc == NGX_MAIL_PARSE_INVALID_COMMAND) { |
| return rc; |
| } |
| |
| if (rc == NGX_ERROR) { |
| ngx_mail_close_connection(c); |
| return NGX_ERROR; |
| } |
| |
| return NGX_OK; |
| } |
| |
| |
| void |
| ngx_mail_auth(ngx_mail_session_t *s, ngx_connection_t *c) |
| { |
| s->args.nelts = 0; |
| |
| if (s->buffer->pos == s->buffer->last) { |
| s->buffer->pos = s->buffer->start; |
| s->buffer->last = s->buffer->start; |
| } |
| |
| s->state = 0; |
| |
| if (c->read->timer_set) { |
| ngx_del_timer(c->read); |
| } |
| |
| s->login_attempt++; |
| |
| ngx_mail_auth_http_init(s); |
| } |
| |
| |
| void |
| ngx_mail_session_internal_server_error(ngx_mail_session_t *s) |
| { |
| ngx_mail_core_srv_conf_t *cscf; |
| |
| cscf = ngx_mail_get_module_srv_conf(s, ngx_mail_core_module); |
| |
| s->out = cscf->protocol->internal_server_error; |
| s->quit = 1; |
| |
| ngx_mail_send(s->connection->write); |
| } |
| |
| |
| void |
| ngx_mail_close_connection(ngx_connection_t *c) |
| { |
| ngx_pool_t *pool; |
| |
| ngx_log_debug1(NGX_LOG_DEBUG_MAIL, c->log, 0, |
| "close mail connection: %d", c->fd); |
| |
| #if (NGX_MAIL_SSL) |
| |
| if (c->ssl) { |
| if (ngx_ssl_shutdown(c) == NGX_AGAIN) { |
| c->ssl->handler = ngx_mail_close_connection; |
| return; |
| } |
| } |
| |
| #endif |
| |
| #if (NGX_STAT_STUB) |
| (void) ngx_atomic_fetch_add(ngx_stat_active, -1); |
| #endif |
| |
| c->destroyed = 1; |
| |
| pool = c->pool; |
| |
| ngx_close_connection(c); |
| |
| ngx_destroy_pool(pool); |
| } |
| |
| |
| u_char * |
| ngx_mail_log_error(ngx_log_t *log, u_char *buf, size_t len) |
| { |
| u_char *p; |
| ngx_mail_session_t *s; |
| ngx_mail_log_ctx_t *ctx; |
| |
| if (log->action) { |
| p = ngx_snprintf(buf, len, " while %s", log->action); |
| len -= p - buf; |
| buf = p; |
| } |
| |
| ctx = log->data; |
| |
| p = ngx_snprintf(buf, len, ", client: %V", ctx->client); |
| len -= p - buf; |
| buf = p; |
| |
| s = ctx->session; |
| |
| if (s == NULL) { |
| return p; |
| } |
| |
| p = ngx_snprintf(buf, len, "%s, server: %V", |
| s->starttls ? " using starttls" : "", |
| s->addr_text); |
| len -= p - buf; |
| buf = p; |
| |
| if (s->login.len == 0) { |
| return p; |
| } |
| |
| p = ngx_snprintf(buf, len, ", login: \"%V\"", &s->login); |
| len -= p - buf; |
| buf = p; |
| |
| if (s->proxy == NULL) { |
| return p; |
| } |
| |
| p = ngx_snprintf(buf, len, ", upstream: %V", s->proxy->upstream.name); |
| |
| return p; |
| } |