Google Git
Sign in
nginx / nginx / 65a7b8f988d8a766014d58e5d73d30b0199b1656 / . / src / imap / ngx_imap_handler.c
blob: dad0994da7b367f1461275a210ac9d294ec3ee31 [file] [log] [blame]
/*
* Copyright (C) Igor Sysoev
*/
#include <ngx_config.h>
#include <ngx_core.h>
#include <ngx_event.h>
#include <ngx_imap.h>
static void ngx_imap_init_session(ngx_connection_t *c);
static void ngx_imap_init_protocol(ngx_event_t *rev);
static ngx_int_t ngx_imap_decode_auth_plain(ngx_imap_session_t *s,
ngx_str_t *encoded);
static void ngx_imap_do_auth(ngx_imap_session_t *s);
static ngx_int_t ngx_imap_read_command(ngx_imap_session_t *s);
static u_char *ngx_imap_log_error(ngx_log_t *log, u_char *buf, size_t len);
#if (NGX_IMAP_SSL)
static void ngx_imap_ssl_init_connection(ngx_ssl_t *ssl, ngx_connection_t *c);
static void ngx_imap_ssl_handshake_handler(ngx_connection_t *c);
#endif
static ngx_str_t greetings[] = {
ngx_string("+OK POP3 ready" CRLF),
ngx_string("* OK IMAP4 ready" CRLF)
};
static ngx_str_t internal_server_errors[] = {
ngx_string("-ERR internal server error" CRLF),
ngx_string("* BAD internal server error" CRLF),
};
static u_char pop3_ok[] = "+OK" CRLF;
static u_char pop3_next[] = "+ " CRLF;
static u_char pop3_username[] = "+ VXNlcm5hbWU6" CRLF;
static u_char pop3_password[] = "+ UGFzc3dvcmQ6" CRLF;
static u_char pop3_invalid_command[] = "-ERR invalid command" CRLF;
static u_char imap_star[] = "* ";
static u_char imap_ok[] = "OK completed" CRLF;
static u_char imap_next[] = "+ OK" CRLF;
static u_char imap_bye[] = "* BYE" CRLF;
static u_char imap_invalid_command[] = "BAD invalid command" CRLF;
void
ngx_imap_init_connection(ngx_connection_t *c)
{
in_addr_t in_addr;
socklen_t len;
ngx_uint_t i;
struct sockaddr_in sin;
ngx_imap_log_ctx_t *ctx;
ngx_imap_in_port_t *imip;
ngx_imap_in_addr_t *imia;
ngx_imap_session_t *s;
#if (NGX_IMAP_SSL)
ngx_imap_ssl_conf_t *sslcf;
#endif
/* find the server configuration for the address:port */
/* AF_INET only */
imip = c->listening->servers;
imia = imip->addrs;
i = 0;
if (imip->naddrs > 1) {
/*
* There are several addresses on this port and one of them
* is the "*:port" wildcard so getsockname() is needed to determine
* the server address.
*
* AcceptEx() already gave this address.
*/
#if (NGX_WIN32)
if (c->local_sockaddr) {
in_addr =
((struct sockaddr_in *) c->local_sockaddr)->sin_addr.s_addr;
} else
#endif
{
len = sizeof(struct sockaddr_in);
if (getsockname(c->fd, (struct sockaddr *) &sin, &len) == -1) {
ngx_connection_error(c, ngx_socket_errno,
"getsockname() failed");
ngx_imap_close_connection(c);
return;
}
in_addr = sin.sin_addr.s_addr;
}
/* the last address is "*" */
for ( /* void */ ; i < imip->naddrs - 1; i++) {
if (in_addr == imia[i].addr) {
break;
}
}
}
s = ngx_pcalloc(c->pool, sizeof(ngx_imap_session_t));
if (s == NULL) {
ngx_imap_close_connection(c);
return;
}
s->main_conf = imia[i].ctx->main_conf;
s->srv_conf = imia[i].ctx->srv_conf;
s->addr_text = &imia[i].addr_text;
c->data = s;
s->connection = c;
ngx_log_error(NGX_LOG_INFO, c->log, 0, "*%ui client %V connected to %V",
c->number, &c->addr_text, s->addr_text);
ctx = ngx_palloc(c->pool, sizeof(ngx_imap_log_ctx_t));
if (ctx == NULL) {
ngx_imap_close_connection(c);
return;
}
ctx->client = &c->addr_text;
ctx->session = s;
c->log->connection = c->number;
c->log->handler = ngx_imap_log_error;
c->log->data = ctx;
c->log->action = "sending client greeting line";
c->log_error = NGX_ERROR_INFO;
#if (NGX_IMAP_SSL)
sslcf = ngx_imap_get_module_srv_conf(s, ngx_imap_ssl_module);
if (sslcf->enable) {
ngx_imap_ssl_init_connection(&sslcf->ssl, c);
return;
}
#endif
ngx_imap_init_session(c);
}
#if (NGX_IMAP_SSL)
static void
ngx_imap_starttls_handler(ngx_event_t *rev)
{
ngx_connection_t *c;
ngx_imap_session_t *s;
ngx_imap_ssl_conf_t *sslcf;
c = rev->data;
s = c->data;
s->starttls = 1;
c->log->action = "in starttls state";
sslcf = ngx_imap_get_module_srv_conf(s, ngx_imap_ssl_module);
ngx_imap_ssl_init_connection(&sslcf->ssl, c);
}
static void
ngx_imap_ssl_init_connection(ngx_ssl_t *ssl, ngx_connection_t *c)
{
ngx_imap_session_t *s;
ngx_imap_core_srv_conf_t *cscf;
if (ngx_ssl_create_connection(ssl, c, 0) == NGX_ERROR) {
ngx_imap_close_connection(c);
return;
}
if (ngx_ssl_handshake(c) == NGX_AGAIN) {
s = c->data;
cscf = ngx_imap_get_module_srv_conf(s, ngx_imap_core_module);
ngx_add_timer(c->read, cscf->timeout);
c->ssl->handler = ngx_imap_ssl_handshake_handler;
return;
}
ngx_imap_ssl_handshake_handler(c);
}
static void
ngx_imap_ssl_handshake_handler(ngx_connection_t *c)
{
ngx_imap_session_t *s;
if (c->ssl->handshaked) {
s = c->data;
if (s->starttls) {
c->read->handler = ngx_imap_init_protocol;
c->write->handler = ngx_imap_send;
ngx_imap_init_protocol(c->read);
return;
}
ngx_imap_init_session(c);
return;
}
ngx_imap_close_connection(c);
}
#endif
static void
ngx_imap_init_session(ngx_connection_t *c)
{
u_char *p;
ngx_imap_session_t *s;
ngx_imap_core_srv_conf_t *cscf;
c->read->handler = ngx_imap_init_protocol;
c->write->handler = ngx_imap_send;
s = c->data;
cscf = ngx_imap_get_module_srv_conf(s, ngx_imap_core_module);
s->protocol = cscf->protocol;
s->ctx = ngx_pcalloc(c->pool, sizeof(void *) * ngx_imap_max_module);
if (s->ctx == NULL) {
ngx_imap_session_internal_server_error(s);
return;
}
s->out = greetings[s->protocol];
if ((cscf->auth_methods & NGX_IMAP_AUTH_APOP_ENABLED)
&& s->protocol == NGX_IMAP_POP3_PROTOCOL)
{
s->salt.data = ngx_palloc(c->pool,
sizeof(" <18446744073709551616.@>" CRLF) - 1
+ NGX_TIME_T_LEN
+ cscf->server_name.len);
if (s->salt.data == NULL) {
ngx_imap_session_internal_server_error(s);
return;
}
s->salt.len = ngx_sprintf(s->salt.data, "<%ul.%T@%V>" CRLF,
ngx_random(), ngx_time(), &cscf->server_name)
- s->salt.data;
s->out.data = ngx_palloc(c->pool, greetings[0].len + 1 + s->salt.len);
if (s->out.data == NULL) {
ngx_imap_session_internal_server_error(s);
return;
}
p = ngx_cpymem(s->out.data, greetings[0].data, greetings[0].len - 2);
*p++ = ' ';
p = ngx_cpymem(p, s->salt.data, s->salt.len);
s->out.len = p - s->out.data;
}
ngx_add_timer(c->read, cscf->timeout);
if (ngx_handle_read_event(c->read, 0) == NGX_ERROR) {
ngx_imap_close_connection(c);
}
ngx_imap_send(c->write);
}
void
ngx_imap_send(ngx_event_t *wev)
{
ngx_int_t n;
ngx_connection_t *c;
ngx_imap_session_t *s;
ngx_imap_core_srv_conf_t *cscf;
c = wev->data;
s = c->data;
if (wev->timedout) {
ngx_log_error(NGX_LOG_INFO, c->log, NGX_ETIMEDOUT, "client timed out");
c->timedout = 1;
ngx_imap_close_connection(c);
return;
}
if (s->out.len == 0) {
if (ngx_handle_write_event(c->write, 0) == NGX_ERROR) {
ngx_imap_close_connection(c);
}
return;
}
n = c->send(c, s->out.data, s->out.len);
if (n > 0) {
s->out.len -= n;
if (wev->timer_set) {
ngx_del_timer(wev);
}
if (s->quit) {
ngx_imap_close_connection(c);
return;
}
if (s->blocked) {
c->read->handler(c->read);
}
return;
}
if (n == NGX_ERROR) {
ngx_imap_close_connection(c);
return;
}
/* n == NGX_AGAIN */
cscf = ngx_imap_get_module_srv_conf(s, ngx_imap_core_module);
ngx_add_timer(c->write, cscf->timeout);
if (ngx_handle_write_event(c->write, 0) == NGX_ERROR) {
ngx_imap_close_connection(c);
return;
}
}
static void
ngx_imap_init_protocol(ngx_event_t *rev)
{
size_t size;
ngx_connection_t *c;
ngx_imap_session_t *s;
ngx_imap_core_srv_conf_t *cscf;
c = rev->data;
c->log->action = "in auth state";
if (rev->timedout) {
ngx_log_error(NGX_LOG_INFO, c->log, NGX_ETIMEDOUT, "client timed out");
c->timedout = 1;
ngx_imap_close_connection(c);
return;
}
s = c->data;
if (s->protocol == NGX_IMAP_POP3_PROTOCOL) {
size = 128;
s->imap_state = ngx_pop3_start;
c->read->handler = ngx_pop3_auth_state;
} else {
cscf = ngx_imap_get_module_srv_conf(s, ngx_imap_core_module);
size = cscf->imap_client_buffer_size;
s->imap_state = ngx_imap_start;
c->read->handler = ngx_imap_auth_state;
}
if (s->buffer == NULL) {
if (ngx_array_init(&s->args, c->pool, 2, sizeof(ngx_str_t))
== NGX_ERROR)
{
ngx_imap_session_internal_server_error(s);
return;
}
s->buffer = ngx_create_temp_buf(c->pool, size);
if (s->buffer == NULL) {
ngx_imap_session_internal_server_error(s);
return;
}
}
c->read->handler(rev);
}
void
ngx_imap_auth_state(ngx_event_t *rev)
{
u_char *text, *last, *p, *dst, *src, *end;
ssize_t text_len, last_len;
ngx_str_t *arg;
ngx_int_t rc;
ngx_uint_t tag, i;
ngx_connection_t *c;
ngx_imap_session_t *s;
ngx_imap_core_srv_conf_t *cscf;
#if (NGX_IMAP_SSL)
ngx_imap_ssl_conf_t *sslcf;
#endif
c = rev->data;
s = c->data;
ngx_log_debug0(NGX_LOG_DEBUG_IMAP, c->log, 0, "imap auth state");
if (rev->timedout) {
ngx_log_error(NGX_LOG_INFO, c->log, NGX_ETIMEDOUT, "client timed out");
c->timedout = 1;
ngx_imap_close_connection(c);
return;
}
if (s->out.len) {
ngx_log_debug0(NGX_LOG_DEBUG_IMAP, c->log, 0, "imap send handler busy");
s->blocked = 1;
return;
}
s->blocked = 0;
rc = ngx_imap_read_command(s);
ngx_log_debug1(NGX_LOG_DEBUG_IMAP, c->log, 0, "imap auth: %i", rc);
if (rc == NGX_AGAIN || rc == NGX_ERROR) {
return;
}
tag = 1;
text = NULL;
text_len = 0;
last = imap_ok;
last_len = sizeof(imap_ok) - 1;
if (rc == NGX_OK) {
ngx_log_debug1(NGX_LOG_DEBUG_IMAP, c->log, 0, "imap auth command: %i",
s->command);
if (s->backslash) {
arg = s->args.elts;
for (i = 0; i < s->args.nelts; i++) {
dst = arg[i].data;
end = dst + arg[i].len;
for (src = dst; src < end; dst++) {
*dst = *src;
if (*src++ == '\\') {
*dst = *src++;
}
}
arg[i].len = dst - arg[i].data;
}
s->backslash = 0;
}
switch (s->command) {
case NGX_IMAP_LOGIN:
#if (NGX_IMAP_SSL)
if (c->ssl == NULL) {
sslcf = ngx_imap_get_module_srv_conf(s, ngx_imap_ssl_module);
if (sslcf->starttls == NGX_IMAP_STARTTLS_ONLY) {
rc = NGX_IMAP_PARSE_INVALID_COMMAND;
break;
}
}
#endif
arg = s->args.elts;
if (s->args.nelts == 2 && arg[0].len) {
s->login.len = arg[0].len;
s->login.data = ngx_palloc(c->pool, s->login.len);
if (s->login.data == NULL) {
ngx_imap_session_internal_server_error(s);
return;
}
ngx_memcpy(s->login.data, arg[0].data, s->login.len);
s->passwd.len = arg[1].len;
s->passwd.data = ngx_palloc(c->pool, s->passwd.len);
if (s->passwd.data == NULL) {
ngx_imap_session_internal_server_error(s);
return;
}
ngx_memcpy(s->passwd.data, arg[1].data, s->passwd.len);
#if (NGX_DEBUG_IMAP_PASSWD)
ngx_log_debug2(NGX_LOG_DEBUG_IMAP, c->log, 0,
"imap login:\"%V\" passwd:\"%V\"",
&s->login, &s->passwd);
#else
ngx_log_debug1(NGX_LOG_DEBUG_IMAP, c->log, 0,
"imap login:\"%V\"", &s->login);
#endif
ngx_imap_do_auth(s);
return;
}
rc = NGX_IMAP_PARSE_INVALID_COMMAND;
break;
case NGX_IMAP_CAPABILITY:
cscf = ngx_imap_get_module_srv_conf(s, ngx_imap_core_module);
#if (NGX_IMAP_SSL)
if (c->ssl == NULL) {
sslcf = ngx_imap_get_module_srv_conf(s, ngx_imap_ssl_module);
if (sslcf->starttls == NGX_IMAP_STARTTLS_ON) {
text_len = cscf->imap_starttls_capability.len;
text = cscf->imap_starttls_capability.data;
break;
}
if (sslcf->starttls == NGX_IMAP_STARTTLS_ONLY) {
text_len = cscf->imap_starttls_only_capability.len;
text = cscf->imap_starttls_only_capability.data;
break;
}
}
#endif
text_len = cscf->imap_capability.len;
text = cscf->imap_capability.data;
break;
case NGX_IMAP_LOGOUT:
s->quit = 1;
text = imap_bye;
text_len = sizeof(imap_bye) - 1;
break;
case NGX_IMAP_NOOP:
break;
#if (NGX_IMAP_SSL)
case NGX_IMAP_STARTTLS:
if (c->ssl == NULL) {
sslcf = ngx_imap_get_module_srv_conf(s, ngx_imap_ssl_module);
if (sslcf->starttls) {
c->read->handler = ngx_imap_starttls_handler;
break;
}
}
rc = NGX_IMAP_PARSE_INVALID_COMMAND;
break;
#endif
default:
rc = NGX_IMAP_PARSE_INVALID_COMMAND;
break;
}
} else if (rc == NGX_IMAP_NEXT) {
last = imap_next;
last_len = sizeof(imap_next) - 1;
tag = 0;
}
if (rc == NGX_IMAP_PARSE_INVALID_COMMAND) {
last = imap_invalid_command;
last_len = sizeof(imap_invalid_command) - 1;
}
if (tag) {
if (s->tag.len == 0) {
s->tag.len = sizeof(imap_star) - 1;
s->tag.data = (u_char *) imap_star;
}
if (s->tagged_line.len < s->tag.len + text_len + last_len) {
s->tagged_line.len = s->tag.len + text_len + last_len;
s->tagged_line.data = ngx_palloc(c->pool, s->tagged_line.len);
if (s->tagged_line.data == NULL) {
ngx_imap_close_connection(c);
return;
}
}
s->out.data = s->tagged_line.data;
s->out.len = s->tag.len + text_len + last_len;
p = s->out.data;
if (text) {
p = ngx_cpymem(p, text, text_len);
}
p = ngx_cpymem(p, s->tag.data, s->tag.len);
ngx_memcpy(p, last, last_len);
} else {
s->out.data = last;
s->out.len = last_len;
}
if (rc != NGX_IMAP_NEXT) {
s->args.nelts = 0;
s->buffer->pos = s->buffer->start;
s->buffer->last = s->buffer->start;
s->tag.len = 0;
}
ngx_imap_send(c->write);
}
void
ngx_pop3_auth_state(ngx_event_t *rev)
{
u_char *text, *p, *last;
ssize_t size;
ngx_int_t rc;
ngx_str_t *arg, salt;
ngx_connection_t *c;
ngx_imap_session_t *s;
ngx_imap_core_srv_conf_t *cscf;
#if (NGX_IMAP_SSL)
ngx_imap_ssl_conf_t *sslcf;
#endif
c = rev->data;
s = c->data;
ngx_log_debug0(NGX_LOG_DEBUG_IMAP, c->log, 0, "pop3 auth state");
if (rev->timedout) {
ngx_log_error(NGX_LOG_INFO, c->log, NGX_ETIMEDOUT, "client timed out");
c->timedout = 1;
ngx_imap_close_connection(c);
return;
}
if (s->out.len) {
ngx_log_debug0(NGX_LOG_DEBUG_IMAP, c->log, 0, "imap send handler busy");
s->blocked = 1;
return;
}
s->blocked = 0;
rc = ngx_imap_read_command(s);
if (rc == NGX_AGAIN || rc == NGX_ERROR) {
return;
}
text = pop3_ok;
size = sizeof(pop3_ok) - 1;
if (rc == NGX_OK) {
switch (s->imap_state) {
case ngx_pop3_start:
switch (s->command) {
case NGX_POP3_USER:
if (s->args.nelts == 1) {
s->imap_state = ngx_pop3_user;
arg = s->args.elts;
s->login.len = arg[0].len;
s->login.data = ngx_palloc(c->pool, s->login.len);
if (s->login.data == NULL) {
ngx_imap_session_internal_server_error(s);
return;
}
ngx_memcpy(s->login.data, arg[0].data, s->login.len);
ngx_log_debug1(NGX_LOG_DEBUG_IMAP, c->log, 0,
"pop3 login: \"%V\"", &s->login);
break;
}
rc = NGX_IMAP_PARSE_INVALID_COMMAND;
break;
case NGX_POP3_CAPA:
cscf = ngx_imap_get_module_srv_conf(s, ngx_imap_core_module);
#if (NGX_IMAP_SSL)
if (c->ssl == NULL) {
sslcf = ngx_imap_get_module_srv_conf(s,
ngx_imap_ssl_module);
if (sslcf->starttls) {
size = cscf->pop3_starttls_capability.len;
text = cscf->pop3_starttls_capability.data;
break;
}
}
#endif
size = cscf->pop3_capability.len;
text = cscf->pop3_capability.data;
break;
case NGX_POP3_APOP:
cscf = ngx_imap_get_module_srv_conf(s, ngx_imap_core_module);
if ((cscf->auth_methods & NGX_IMAP_AUTH_APOP_ENABLED)
&& s->args.nelts == 2)
{
arg = s->args.elts;
s->login.len = arg[0].len;
s->login.data = ngx_palloc(c->pool, s->login.len);
if (s->login.data == NULL) {
ngx_imap_session_internal_server_error(s);
return;
}
ngx_memcpy(s->login.data, arg[0].data, s->login.len);
s->passwd.len = arg[1].len;
s->passwd.data = ngx_palloc(c->pool, s->passwd.len);
if (s->passwd.data == NULL) {
ngx_imap_session_internal_server_error(s);
return;
}
ngx_memcpy(s->passwd.data, arg[1].data, s->passwd.len);
ngx_log_debug2(NGX_LOG_DEBUG_IMAP, c->log, 0,
"pop3 apop: \"%V\" \"%V\"",
&s->login, &s->passwd);
s->auth_method = NGX_IMAP_AUTH_APOP;
ngx_imap_do_auth(s);
return;
}
rc = NGX_IMAP_PARSE_INVALID_COMMAND;
break;
case NGX_POP3_AUTH:
cscf = ngx_imap_get_module_srv_conf(s, ngx_imap_core_module);
if (s->args.nelts == 0) {
size = cscf->pop3_auth_capability.len;
text = cscf->pop3_auth_capability.data;
s->state = 0;
break;
}
arg = s->args.elts;
if (arg[0].len == 5) {
if (ngx_strncasecmp(arg[0].data, (u_char *) "LOGIN", 5)
== 0)
{
if (s->args.nelts != 1) {
rc = NGX_IMAP_PARSE_INVALID_COMMAND;
break;
}
s->imap_state = ngx_pop3_auth_login_username;
size = sizeof(pop3_username) - 1;
text = pop3_username;
break;
} else if (ngx_strncasecmp(arg[0].data, (u_char *) "PLAIN",
5)
== 0)
{
if (s->args.nelts == 1) {
s->imap_state = ngx_pop3_auth_plain;
size = sizeof(pop3_next) - 1;
text = pop3_next;
break;
}
if (s->args.nelts == 2) {
/*
* workaround for Eudora for Mac: it sends
* AUTH PLAIN [base64 encoded]
*/
rc = ngx_imap_decode_auth_plain(s, &arg[1]);
if (rc == NGX_OK) {
ngx_imap_do_auth(s);
return;
}
if (rc == NGX_ERROR) {
ngx_imap_session_internal_server_error(s);
return;
}
/* rc == NGX_IMAP_PARSE_INVALID_COMMAND */
break;
}
rc = NGX_IMAP_PARSE_INVALID_COMMAND;
break;
}
} else if (arg[0].len == 8
&& ngx_strncasecmp(arg[0].data,
(u_char *) "CRAM-MD5", 8)
== 0)
{
s->imap_state = ngx_pop3_auth_cram_md5;
text = ngx_palloc(c->pool,
sizeof("+ " CRLF) - 1
+ ngx_base64_encoded_length(s->salt.len));
if (text == NULL) {
ngx_imap_session_internal_server_error(s);
return;
}
text[0] = '+'; text[1]= ' ';
salt.data = &text[2];
s->salt.len -= 2;
ngx_encode_base64(&salt, &s->salt);
s->salt.len += 2;
size = 2 + salt.len;
text[size++] = CR; text[size++] = LF;
break;
}
rc = NGX_IMAP_PARSE_INVALID_COMMAND;
break;
case NGX_POP3_QUIT:
s->quit = 1;
break;
case NGX_POP3_NOOP:
break;
#if (NGX_IMAP_SSL)
case NGX_POP3_STLS:
if (c->ssl == NULL) {
sslcf = ngx_imap_get_module_srv_conf(s,
ngx_imap_ssl_module);
if (sslcf->starttls) {
c->read->handler = ngx_imap_starttls_handler;
break;
}
}
rc = NGX_IMAP_PARSE_INVALID_COMMAND;
break;
#endif
default:
s->imap_state = ngx_pop3_start;
rc = NGX_IMAP_PARSE_INVALID_COMMAND;
break;
}
break;
case ngx_pop3_user:
switch (s->command) {
case NGX_POP3_PASS:
if (s->args.nelts == 1) {
arg = s->args.elts;
s->passwd.len = arg[0].len;
s->passwd.data = ngx_palloc(c->pool, s->passwd.len);
if (s->passwd.data == NULL) {
ngx_imap_session_internal_server_error(s);
return;
}
ngx_memcpy(s->passwd.data, arg[0].data, s->passwd.len);
#if (NGX_DEBUG_IMAP_PASSWD)
ngx_log_debug1(NGX_LOG_DEBUG_IMAP, c->log, 0,
"pop3 passwd: \"%V\"", &s->passwd);
#endif
ngx_imap_do_auth(s);
return;
}
rc = NGX_IMAP_PARSE_INVALID_COMMAND;
break;
case NGX_POP3_CAPA:
cscf = ngx_imap_get_module_srv_conf(s, ngx_imap_core_module);
size = cscf->pop3_capability.len;
text = cscf->pop3_capability.data;
break;
case NGX_POP3_QUIT:
s->quit = 1;
break;
case NGX_POP3_NOOP:
break;
default:
s->imap_state = ngx_pop3_start;
rc = NGX_IMAP_PARSE_INVALID_COMMAND;
break;
}
break;
/* suppress warinings */
case ngx_pop3_passwd:
break;
case ngx_pop3_auth_login_username:
arg = s->args.elts;
s->imap_state = ngx_pop3_auth_login_password;
ngx_log_debug1(NGX_LOG_DEBUG_IMAP, c->log, 0,
"pop3 auth login username: \"%V\"", &arg[0]);
s->login.data = ngx_palloc(c->pool,
ngx_base64_decoded_length(arg[0].len));
if (s->login.data == NULL){
ngx_imap_session_internal_server_error(s);
return;
}
if (ngx_decode_base64(&s->login, &arg[0]) != NGX_OK) {
ngx_log_error(NGX_LOG_INFO, c->log, 0,
"client sent invalid base64 encoding "
"in AUTH LOGIN command");
rc = NGX_IMAP_PARSE_INVALID_COMMAND;
break;
}
ngx_log_debug1(NGX_LOG_DEBUG_IMAP, c->log, 0,
"pop3 auth login username: \"%V\"", &s->login);
size = sizeof(pop3_password) - 1;
text = pop3_password;
break;
case ngx_pop3_auth_login_password:
arg = s->args.elts;
#if (NGX_DEBUG_IMAP_PASSWD)
ngx_log_debug1(NGX_LOG_DEBUG_IMAP, c->log, 0,
"pop3 auth login password: \"%V\"", &arg[0]);
#endif
s->passwd.data = ngx_palloc(c->pool,
ngx_base64_decoded_length(arg[0].len));
if (s->passwd.data == NULL){
ngx_imap_session_internal_server_error(s);
return;
}
if (ngx_decode_base64(&s->passwd, &arg[0]) != NGX_OK) {
ngx_log_error(NGX_LOG_INFO, c->log, 0,
"client sent invalid base64 encoding "
"in AUTH LOGIN command");
rc = NGX_IMAP_PARSE_INVALID_COMMAND;
break;
}
#if (NGX_DEBUG_IMAP_PASSWD)
ngx_log_debug1(NGX_LOG_DEBUG_IMAP, c->log, 0,
"pop3 auth login password: \"%V\"", &s->passwd);
#endif
ngx_imap_do_auth(s);
return;
case ngx_pop3_auth_plain:
arg = s->args.elts;
rc = ngx_imap_decode_auth_plain(s, &arg[0]);
if (rc == NGX_OK) {
ngx_imap_do_auth(s);
return;
}
if (rc == NGX_ERROR) {
ngx_imap_session_internal_server_error(s);
return;
}
/* rc == NGX_IMAP_PARSE_INVALID_COMMAND */
break;
case ngx_pop3_auth_cram_md5:
arg = s->args.elts;
ngx_log_debug1(NGX_LOG_DEBUG_IMAP, c->log, 0,
"pop3 auth cram-md5: \"%V\"", &arg[0]);
s->login.data = ngx_palloc(c->pool,
ngx_base64_decoded_length(arg[0].len));
if (s->login.data == NULL){
ngx_imap_session_internal_server_error(s);
return;
}
if (ngx_decode_base64(&s->login, &arg[0]) != NGX_OK) {
ngx_log_error(NGX_LOG_INFO, c->log, 0,
"client sent invalid base64 encoding "
"in AUTH CRAM-MD5 command");
rc = NGX_IMAP_PARSE_INVALID_COMMAND;
break;
}
p = s->login.data;
last = p + s->login.len;
while (p < last) {
if (*p++ == ' ') {
s->login.len = p - s->login.data - 1;
s->passwd.len = last - p;
s->passwd.data = p;
break;
}
}
if (s->passwd.len != 32) {
ngx_log_error(NGX_LOG_INFO, c->log, 0,
"client sent invalid CRAM-MD5 hash "
"in AUTH CRAM-MD5 command");
rc = NGX_IMAP_PARSE_INVALID_COMMAND;
break;
}
ngx_log_debug2(NGX_LOG_DEBUG_IMAP, c->log, 0,
"pop3 auth cram-md5: \"%V\" \"%V\"",
&s->login, &s->passwd);
s->auth_method = NGX_IMAP_AUTH_CRAM_MD5;
ngx_imap_do_auth(s);
return;
}
}
if (rc == NGX_IMAP_PARSE_INVALID_COMMAND) {
s->imap_state = ngx_pop3_start;
s->state = 0;
text = pop3_invalid_command;
size = sizeof(pop3_invalid_command) - 1;
}
s->args.nelts = 0;
s->buffer->pos = s->buffer->start;
s->buffer->last = s->buffer->start;
if (s->state) {
s->arg_start = s->buffer->start;
}
s->out.data = text;
s->out.len = size;
ngx_imap_send(c->write);
}
static ngx_int_t
ngx_imap_decode_auth_plain(ngx_imap_session_t *s, ngx_str_t *encoded)
{
u_char *p, *last;
ngx_str_t plain;
#if (NGX_DEBUG_IMAP_PASSWD)
ngx_log_debug1(NGX_LOG_DEBUG_IMAP, s->connection->log, 0,
"pop3 auth plain: \"%V\"", encoded);
#endif
plain.data = ngx_palloc(s->connection->pool,
ngx_base64_decoded_length(encoded->len));
if (plain.data == NULL){
return NGX_ERROR;
}
if (ngx_decode_base64(&plain, encoded) != NGX_OK) {
ngx_log_error(NGX_LOG_INFO, s->connection->log, 0,
"client sent invalid base64 encoding "
"in AUTH PLAIN command");
return NGX_IMAP_PARSE_INVALID_COMMAND;
}
p = plain.data;
last = p + plain.len;
while (p < last && *p++) { /* void */ }
if (p == last) {
ngx_log_error(NGX_LOG_INFO, s->connection->log, 0,
"client sent invalid login in AUTH PLAIN command");
return NGX_IMAP_PARSE_INVALID_COMMAND;
}
s->login.data = p;
while (p < last && *p) { p++; }
if (p == last) {
ngx_log_error(NGX_LOG_INFO, s->connection->log, 0,
"client sent invalid password in AUTH PLAIN command");
return NGX_IMAP_PARSE_INVALID_COMMAND;
}
s->login.len = p++ - s->login.data;
s->passwd.len = last - p;
s->passwd.data = p;
#if (NGX_DEBUG_IMAP_PASSWD)
ngx_log_debug2(NGX_LOG_DEBUG_IMAP, s->connection->log, 0,
"pop3 auth plain: \"%V\" \"%V\"",
&s->login, &s->passwd);
#endif
return NGX_OK;
}
static void
ngx_imap_do_auth(ngx_imap_session_t *s)
{
s->args.nelts = 0;
s->buffer->pos = s->buffer->start;
s->buffer->last = s->buffer->start;
s->state = 0;
if (s->connection->read->timer_set) {
ngx_del_timer(s->connection->read);
}
s->login_attempt++;
ngx_imap_auth_http_init(s);
}
static ngx_int_t
ngx_imap_read_command(ngx_imap_session_t *s)
{
ssize_t n;
ngx_int_t rc;
ngx_str_t l;
n = s->connection->recv(s->connection, s->buffer->last,
s->buffer->end - s->buffer->last);
if (n == NGX_ERROR || n == 0) {
ngx_imap_close_connection(s->connection);
return NGX_ERROR;
}
if (n > 0) {
s->buffer->last += n;
}
if (n == NGX_AGAIN) {
if (ngx_handle_read_event(s->connection->read, 0) == NGX_ERROR) {
ngx_imap_session_internal_server_error(s);
return NGX_ERROR;
}
return NGX_AGAIN;
}
if (s->protocol == NGX_IMAP_POP3_PROTOCOL) {
rc = ngx_pop3_parse_command(s);
} else {
rc = ngx_imap_parse_command(s);
}
if (rc == NGX_AGAIN) {
if (s->buffer->last < s->buffer->end) {
return rc;
}
l.len = s->buffer->last - s->buffer->start;
l.data = s->buffer->start;
ngx_log_error(NGX_LOG_INFO, s->connection->log, 0,
"client sent too long command \"%V\"", &l);
return NGX_IMAP_PARSE_INVALID_COMMAND;
}
if (rc == NGX_IMAP_NEXT || rc == NGX_IMAP_PARSE_INVALID_COMMAND) {
return rc;
}
if (rc == NGX_ERROR) {
ngx_imap_close_connection(s->connection);
return NGX_ERROR;
}
return NGX_OK;
}
void
ngx_imap_session_internal_server_error(ngx_imap_session_t *s)
{
s->out = internal_server_errors[s->protocol];
s->quit = 1;
ngx_imap_send(s->connection->write);
}
void
ngx_imap_close_connection(ngx_connection_t *c)
{
ngx_pool_t *pool;
ngx_log_debug1(NGX_LOG_DEBUG_IMAP, c->log, 0,
"close imap connection: %d", c->fd);
#if (NGX_IMAP_SSL)
if (c->ssl) {
if (ngx_ssl_shutdown(c) == NGX_AGAIN) {
c->ssl->handler = ngx_imap_close_connection;
return;
}
}
#endif
c->destroyed = 1;
pool = c->pool;
ngx_close_connection(c);
ngx_destroy_pool(pool);
}
static u_char *
ngx_imap_log_error(ngx_log_t *log, u_char *buf, size_t len)
{
u_char *p;
ngx_imap_session_t *s;
ngx_imap_log_ctx_t *ctx;
if (log->action) {
p = ngx_snprintf(buf, len, " while %s", log->action);
len -= p - buf;
buf = p;
}
ctx = log->data;
p = ngx_snprintf(buf, len, ", client: %V", ctx->client);
len -= p - buf;
buf = p;
s = ctx->session;
if (s == NULL) {
return p;
}
p = ngx_snprintf(buf, len, ", server: %V", s->addr_text);
len -= p - buf;
buf = p;
if (s->login.len == 0) {
return p;
}
p = ngx_snprintf(buf, len, ", login: \"%V\"", &s->login);
len -= p - buf;
buf = p;
if (s->proxy == NULL) {
return p;
}
p = ngx_snprintf(buf, len, ", upstream: %V", s->proxy->upstream.name);
return p;
}