3 * Copyright (C) Igor Sysoev
7 #include <ngx_config.h>
13 static void ngx_mail_init_session(ngx_connection_t *c);
16 static void ngx_mail_ssl_init_connection(ngx_ssl_t *ssl, ngx_connection_t *c);
17 static void ngx_mail_ssl_handshake_handler(ngx_connection_t *c);
22 ngx_mail_init_connection(ngx_connection_t *c)
27 struct sockaddr_in sin;
28 ngx_mail_log_ctx_t *ctx;
29 ngx_mail_in_port_t *imip;
30 ngx_mail_in_addr_t *imia;
31 ngx_mail_session_t *s;
33 /* find the server configuration for the address:port */
37 imip = c->listening->servers;
42 if (imip->naddrs > 1) {
45 * There are several addresses on this port and one of them
46 * is the "*:port" wildcard so getsockname() is needed to determine
49 * AcceptEx() already gave this address.
53 if (c->local_sockaddr) {
55 ((struct sockaddr_in *) c->local_sockaddr)->sin_addr.s_addr;
60 len = sizeof(struct sockaddr_in);
61 if (getsockname(c->fd, (struct sockaddr *) &sin, &len) == -1) {
62 ngx_connection_error(c, ngx_socket_errno,
63 "getsockname() failed");
64 ngx_mail_close_connection(c);
68 in_addr = sin.sin_addr.s_addr;
71 /* the last address is "*" */
73 for ( /* void */ ; i < imip->naddrs - 1; i++) {
74 if (in_addr == imia[i].addr) {
81 s = ngx_pcalloc(c->pool, sizeof(ngx_mail_session_t));
83 ngx_mail_close_connection(c);
87 s->main_conf = imia[i].ctx->main_conf;
88 s->srv_conf = imia[i].ctx->srv_conf;
90 s->addr_text = &imia[i].addr_text;
95 ngx_log_error(NGX_LOG_INFO, c->log, 0, "*%ui client %V connected to %V",
96 c->number, &c->addr_text, s->addr_text);
98 ctx = ngx_palloc(c->pool, sizeof(ngx_mail_log_ctx_t));
100 ngx_mail_close_connection(c);
104 ctx->client = &c->addr_text;
107 c->log->connection = c->number;
108 c->log->handler = ngx_mail_log_error;
110 c->log->action = "sending client greeting line";
112 c->log_error = NGX_ERROR_INFO;
116 ngx_mail_ssl_conf_t *sslcf;
118 sslcf = ngx_mail_get_module_srv_conf(s, ngx_mail_ssl_module);
121 c->log->action = "SSL handshaking";
123 ngx_mail_ssl_init_connection(&sslcf->ssl, c);
129 c->log->action = "SSL handshaking";
131 if (sslcf->ssl.ctx == NULL) {
132 ngx_log_error(NGX_LOG_ERR, c->log, 0,
133 "no \"ssl_certificate\" is defined "
134 "in server listening on SSL port");
135 ngx_mail_close_connection(c);
139 ngx_mail_ssl_init_connection(&sslcf->ssl, c);
146 ngx_mail_init_session(c);
153 ngx_mail_starttls_handler(ngx_event_t *rev)
156 ngx_mail_session_t *s;
157 ngx_mail_ssl_conf_t *sslcf;
163 c->log->action = "in starttls state";
165 sslcf = ngx_mail_get_module_srv_conf(s, ngx_mail_ssl_module);
167 ngx_mail_ssl_init_connection(&sslcf->ssl, c);
172 ngx_mail_ssl_init_connection(ngx_ssl_t *ssl, ngx_connection_t *c)
174 ngx_mail_session_t *s;
175 ngx_mail_core_srv_conf_t *cscf;
177 if (ngx_ssl_create_connection(ssl, c, 0) == NGX_ERROR) {
178 ngx_mail_close_connection(c);
182 if (ngx_ssl_handshake(c) == NGX_AGAIN) {
186 cscf = ngx_mail_get_module_srv_conf(s, ngx_mail_core_module);
188 ngx_add_timer(c->read, cscf->timeout);
190 c->ssl->handler = ngx_mail_ssl_handshake_handler;
195 ngx_mail_ssl_handshake_handler(c);
200 ngx_mail_ssl_handshake_handler(ngx_connection_t *c)
202 ngx_mail_session_t *s;
203 ngx_mail_core_srv_conf_t *cscf;
205 if (c->ssl->handshaked) {
210 cscf = ngx_mail_get_module_srv_conf(s, ngx_mail_core_module);
212 c->read->handler = cscf->protocol->init_protocol;
213 c->write->handler = ngx_mail_send;
215 cscf->protocol->init_protocol(c->read);
222 ngx_mail_init_session(c);
226 ngx_mail_close_connection(c);
233 ngx_mail_init_session(ngx_connection_t *c)
235 ngx_mail_session_t *s;
236 ngx_mail_core_srv_conf_t *cscf;
240 cscf = ngx_mail_get_module_srv_conf(s, ngx_mail_core_module);
242 s->protocol = cscf->protocol->type;
244 s->ctx = ngx_pcalloc(c->pool, sizeof(void *) * ngx_mail_max_module);
245 if (s->ctx == NULL) {
246 ngx_mail_session_internal_server_error(s);
250 c->write->handler = ngx_mail_send;
252 cscf->protocol->init_session(s, c);
257 ngx_mail_salt(ngx_mail_session_t *s, ngx_connection_t *c,
258 ngx_mail_core_srv_conf_t *cscf)
260 s->salt.data = ngx_pnalloc(c->pool,
261 sizeof(" <18446744073709551616.@>" CRLF) - 1
263 + cscf->server_name.len);
264 if (s->salt.data == NULL) {
268 s->salt.len = ngx_sprintf(s->salt.data, "<%ul.%T@%V>" CRLF,
269 ngx_random(), ngx_time(), &cscf->server_name)
279 ngx_mail_starttls_only(ngx_mail_session_t *s, ngx_connection_t *c)
281 ngx_mail_ssl_conf_t *sslcf;
287 sslcf = ngx_mail_get_module_srv_conf(s, ngx_mail_ssl_module);
289 if (sslcf->starttls == NGX_MAIL_STARTTLS_ONLY) {
300 ngx_mail_auth_plain(ngx_mail_session_t *s, ngx_connection_t *c, ngx_uint_t n)
303 ngx_str_t *arg, plain;
307 #if (NGX_DEBUG_MAIL_PASSWD)
308 ngx_log_debug1(NGX_LOG_DEBUG_MAIL, c->log, 0,
309 "mail auth plain: \"%V\"", &arg[n]);
312 plain.data = ngx_pnalloc(c->pool, ngx_base64_decoded_length(arg[n].len));
313 if (plain.data == NULL){
317 if (ngx_decode_base64(&plain, &arg[n]) != NGX_OK) {
318 ngx_log_error(NGX_LOG_INFO, c->log, 0,
319 "client sent invalid base64 encoding in AUTH PLAIN command");
320 return NGX_MAIL_PARSE_INVALID_COMMAND;
324 last = p + plain.len;
326 while (p < last && *p++) { /* void */ }
329 ngx_log_error(NGX_LOG_INFO, c->log, 0,
330 "client sent invalid login in AUTH PLAIN command");
331 return NGX_MAIL_PARSE_INVALID_COMMAND;
336 while (p < last && *p) { p++; }
339 ngx_log_error(NGX_LOG_INFO, c->log, 0,
340 "client sent invalid password in AUTH PLAIN command");
341 return NGX_MAIL_PARSE_INVALID_COMMAND;
344 s->login.len = p++ - s->login.data;
346 s->passwd.len = last - p;
349 #if (NGX_DEBUG_MAIL_PASSWD)
350 ngx_log_debug2(NGX_LOG_DEBUG_MAIL, c->log, 0,
351 "mail auth plain: \"%V\" \"%V\"", &s->login, &s->passwd);
359 ngx_mail_auth_login_username(ngx_mail_session_t *s, ngx_connection_t *c)
365 ngx_log_debug1(NGX_LOG_DEBUG_MAIL, c->log, 0,
366 "mail auth login username: \"%V\"", &arg[0]);
368 s->login.data = ngx_pnalloc(c->pool, ngx_base64_decoded_length(arg[0].len));
369 if (s->login.data == NULL){
373 if (ngx_decode_base64(&s->login, &arg[0]) != NGX_OK) {
374 ngx_log_error(NGX_LOG_INFO, c->log, 0,
375 "client sent invalid base64 encoding in AUTH LOGIN command");
376 return NGX_MAIL_PARSE_INVALID_COMMAND;
379 ngx_log_debug1(NGX_LOG_DEBUG_MAIL, c->log, 0,
380 "mail auth login username: \"%V\"", &s->login);
387 ngx_mail_auth_login_password(ngx_mail_session_t *s, ngx_connection_t *c)
393 #if (NGX_DEBUG_MAIL_PASSWD)
394 ngx_log_debug1(NGX_LOG_DEBUG_MAIL, c->log, 0,
395 "mail auth login password: \"%V\"", &arg[0]);
398 s->passwd.data = ngx_pnalloc(c->pool,
399 ngx_base64_decoded_length(arg[0].len));
400 if (s->passwd.data == NULL){
404 if (ngx_decode_base64(&s->passwd, &arg[0]) != NGX_OK) {
405 ngx_log_error(NGX_LOG_INFO, c->log, 0,
406 "client sent invalid base64 encoding in AUTH LOGIN command");
407 return NGX_MAIL_PARSE_INVALID_COMMAND;
410 #if (NGX_DEBUG_MAIL_PASSWD)
411 ngx_log_debug1(NGX_LOG_DEBUG_MAIL, c->log, 0,
412 "mail auth login password: \"%V\"", &s->passwd);
420 ngx_mail_auth_cram_md5_salt(ngx_mail_session_t *s, ngx_connection_t *c,
421 char *prefix, size_t len)
427 p = ngx_pnalloc(c->pool, len + ngx_base64_encoded_length(s->salt.len) + 2);
432 salt.data = ngx_cpymem(p, prefix, len);
435 ngx_encode_base64(&salt, &s->salt);
439 p[n++] = CR; p[n++] = LF;
449 ngx_mail_auth_cram_md5(ngx_mail_session_t *s, ngx_connection_t *c)
456 ngx_log_debug1(NGX_LOG_DEBUG_MAIL, c->log, 0,
457 "mail auth cram-md5: \"%V\"", &arg[0]);
459 s->login.data = ngx_pnalloc(c->pool, ngx_base64_decoded_length(arg[0].len));
460 if (s->login.data == NULL){
464 if (ngx_decode_base64(&s->login, &arg[0]) != NGX_OK) {
465 ngx_log_error(NGX_LOG_INFO, c->log, 0,
466 "client sent invalid base64 encoding in AUTH CRAM-MD5 command");
467 return NGX_MAIL_PARSE_INVALID_COMMAND;
471 last = p + s->login.len;
475 s->login.len = p - s->login.data - 1;
476 s->passwd.len = last - p;
482 if (s->passwd.len != 32) {
483 ngx_log_error(NGX_LOG_INFO, c->log, 0,
484 "client sent invalid CRAM-MD5 hash in AUTH CRAM-MD5 command");
485 return NGX_MAIL_PARSE_INVALID_COMMAND;
488 ngx_log_debug2(NGX_LOG_DEBUG_MAIL, c->log, 0,
489 "mail auth cram-md5: \"%V\" \"%V\"", &s->login, &s->passwd);
491 s->auth_method = NGX_MAIL_AUTH_CRAM_MD5;
498 ngx_mail_send(ngx_event_t *wev)
502 ngx_mail_session_t *s;
503 ngx_mail_core_srv_conf_t *cscf;
509 ngx_log_error(NGX_LOG_INFO, c->log, NGX_ETIMEDOUT, "client timed out");
511 ngx_mail_close_connection(c);
515 if (s->out.len == 0) {
516 if (ngx_handle_write_event(c->write, 0) != NGX_OK) {
517 ngx_mail_close_connection(c);
523 n = c->send(c, s->out.data, s->out.len);
528 if (wev->timer_set) {
533 ngx_mail_close_connection(c);
538 c->read->handler(c->read);
544 if (n == NGX_ERROR) {
545 ngx_mail_close_connection(c);
551 cscf = ngx_mail_get_module_srv_conf(s, ngx_mail_core_module);
553 ngx_add_timer(c->write, cscf->timeout);
555 if (ngx_handle_write_event(c->write, 0) != NGX_OK) {
556 ngx_mail_close_connection(c);
563 ngx_mail_read_command(ngx_mail_session_t *s, ngx_connection_t *c)
568 ngx_mail_core_srv_conf_t *cscf;
570 n = c->recv(c, s->buffer->last, s->buffer->end - s->buffer->last);
572 if (n == NGX_ERROR || n == 0) {
573 ngx_mail_close_connection(c);
578 s->buffer->last += n;
581 if (n == NGX_AGAIN) {
582 if (ngx_handle_read_event(c->read, 0) != NGX_OK) {
583 ngx_mail_session_internal_server_error(s);
590 cscf = ngx_mail_get_module_srv_conf(s, ngx_mail_core_module);
592 rc = cscf->protocol->parse_command(s);
594 if (rc == NGX_AGAIN) {
596 if (s->buffer->last < s->buffer->end) {
600 l.len = s->buffer->last - s->buffer->start;
601 l.data = s->buffer->start;
603 ngx_log_error(NGX_LOG_INFO, c->log, 0,
604 "client sent too long command \"%V\"", &l);
608 return NGX_MAIL_PARSE_INVALID_COMMAND;
611 if (rc == NGX_IMAP_NEXT || rc == NGX_MAIL_PARSE_INVALID_COMMAND) {
615 if (rc == NGX_ERROR) {
616 ngx_mail_close_connection(c);
625 ngx_mail_auth(ngx_mail_session_t *s, ngx_connection_t *c)
628 s->buffer->pos = s->buffer->start;
629 s->buffer->last = s->buffer->start;
632 if (c->read->timer_set) {
633 ngx_del_timer(c->read);
638 ngx_mail_auth_http_init(s);
643 ngx_mail_session_internal_server_error(ngx_mail_session_t *s)
645 ngx_mail_core_srv_conf_t *cscf;
647 cscf = ngx_mail_get_module_srv_conf(s, ngx_mail_core_module);
649 s->out = cscf->protocol->internal_server_error;
652 ngx_mail_send(s->connection->write);
657 ngx_mail_close_connection(ngx_connection_t *c)
661 ngx_log_debug1(NGX_LOG_DEBUG_MAIL, c->log, 0,
662 "close mail connection: %d", c->fd);
667 if (ngx_ssl_shutdown(c) == NGX_AGAIN) {
668 c->ssl->handler = ngx_mail_close_connection;
676 ngx_atomic_fetch_add(ngx_stat_active, -1);
683 ngx_close_connection(c);
685 ngx_destroy_pool(pool);
690 ngx_mail_log_error(ngx_log_t *log, u_char *buf, size_t len)
693 ngx_mail_session_t *s;
694 ngx_mail_log_ctx_t *ctx;
697 p = ngx_snprintf(buf, len, " while %s", log->action);
704 p = ngx_snprintf(buf, len, ", client: %V", ctx->client);
714 p = ngx_snprintf(buf, len, "%s, server: %V",
715 s->starttls ? " using starttls" : "",
720 if (s->login.len == 0) {
724 p = ngx_snprintf(buf, len, ", login: \"%V\"", &s->login);
728 if (s->proxy == NULL) {
732 p = ngx_snprintf(buf, len, ", upstream: %V", s->proxy->upstream.name);