3 * Copyright (C) Igor Sysoev
7 #include <ngx_config.h>
13 static void ngx_mail_init_session(ngx_connection_t *c);
16 static void ngx_mail_ssl_init_connection(ngx_ssl_t *ssl, ngx_connection_t *c);
17 static void ngx_mail_ssl_handshake_handler(ngx_connection_t *c);
22 ngx_mail_init_connection(ngx_connection_t *c)
27 struct sockaddr_in sin;
28 ngx_mail_log_ctx_t *ctx;
29 ngx_mail_in_port_t *imip;
30 ngx_mail_in_addr_t *imia;
31 ngx_mail_session_t *s;
33 /* find the server configuration for the address:port */
37 imip = c->listening->servers;
42 if (imip->naddrs > 1) {
45 * There are several addresses on this port and one of them
46 * is the "*:port" wildcard so getsockname() is needed to determine
49 * AcceptEx() already gave this address.
53 if (c->local_sockaddr) {
55 ((struct sockaddr_in *) c->local_sockaddr)->sin_addr.s_addr;
60 len = sizeof(struct sockaddr_in);
61 if (getsockname(c->fd, (struct sockaddr *) &sin, &len) == -1) {
62 ngx_connection_error(c, ngx_socket_errno,
63 "getsockname() failed");
64 ngx_mail_close_connection(c);
68 in_addr = sin.sin_addr.s_addr;
71 /* the last address is "*" */
73 for ( /* void */ ; i < imip->naddrs - 1; i++) {
74 if (in_addr == imia[i].addr) {
81 s = ngx_pcalloc(c->pool, sizeof(ngx_mail_session_t));
83 ngx_mail_close_connection(c);
87 s->main_conf = imia[i].ctx->main_conf;
88 s->srv_conf = imia[i].ctx->srv_conf;
90 s->addr_text = &imia[i].addr_text;
95 ngx_log_error(NGX_LOG_INFO, c->log, 0, "*%ui client %V connected to %V",
96 c->number, &c->addr_text, s->addr_text);
98 ctx = ngx_palloc(c->pool, sizeof(ngx_mail_log_ctx_t));
100 ngx_mail_close_connection(c);
104 ctx->client = &c->addr_text;
107 c->log->connection = c->number;
108 c->log->handler = ngx_mail_log_error;
110 c->log->action = "sending client greeting line";
112 c->log_error = NGX_ERROR_INFO;
116 ngx_mail_ssl_conf_t *sslcf;
118 sslcf = ngx_mail_get_module_srv_conf(s, ngx_mail_ssl_module);
121 c->log->action = "SSL handshaking";
123 ngx_mail_ssl_init_connection(&sslcf->ssl, c);
129 c->log->action = "SSL handshaking";
131 if (sslcf->ssl.ctx == NULL) {
132 ngx_log_error(NGX_LOG_ERR, c->log, 0,
133 "no \"ssl_certificate\" is defined "
134 "in server listening on SSL port");
135 ngx_mail_close_connection(c);
139 ngx_mail_ssl_init_connection(&sslcf->ssl, c);
146 ngx_mail_init_session(c);
153 ngx_mail_starttls_handler(ngx_event_t *rev)
156 ngx_mail_session_t *s;
157 ngx_mail_ssl_conf_t *sslcf;
163 c->log->action = "in starttls state";
165 sslcf = ngx_mail_get_module_srv_conf(s, ngx_mail_ssl_module);
167 ngx_mail_ssl_init_connection(&sslcf->ssl, c);
172 ngx_mail_ssl_init_connection(ngx_ssl_t *ssl, ngx_connection_t *c)
174 ngx_mail_session_t *s;
175 ngx_mail_core_srv_conf_t *cscf;
177 if (ngx_ssl_create_connection(ssl, c, 0) == NGX_ERROR) {
178 ngx_mail_close_connection(c);
182 if (ngx_ssl_handshake(c) == NGX_AGAIN) {
186 cscf = ngx_mail_get_module_srv_conf(s, ngx_mail_core_module);
188 ngx_add_timer(c->read, cscf->timeout);
190 c->ssl->handler = ngx_mail_ssl_handshake_handler;
195 ngx_mail_ssl_handshake_handler(c);
200 ngx_mail_ssl_handshake_handler(ngx_connection_t *c)
202 ngx_mail_session_t *s;
203 ngx_mail_core_srv_conf_t *cscf;
205 if (c->ssl->handshaked) {
210 cscf = ngx_mail_get_module_srv_conf(s, ngx_mail_core_module);
212 c->read->handler = cscf->protocol->init_protocol;
213 c->write->handler = ngx_mail_send;
215 cscf->protocol->init_protocol(c->read);
222 ngx_mail_init_session(c);
226 ngx_mail_close_connection(c);
233 ngx_mail_init_session(ngx_connection_t *c)
235 ngx_mail_session_t *s;
236 ngx_mail_core_srv_conf_t *cscf;
240 cscf = ngx_mail_get_module_srv_conf(s, ngx_mail_core_module);
242 s->protocol = cscf->protocol->type;
244 s->ctx = ngx_pcalloc(c->pool, sizeof(void *) * ngx_mail_max_module);
245 if (s->ctx == NULL) {
246 ngx_mail_session_internal_server_error(s);
250 c->write->handler = ngx_mail_send;
252 cscf->protocol->init_session(s, c);
257 ngx_mail_salt(ngx_mail_session_t *s, ngx_connection_t *c,
258 ngx_mail_core_srv_conf_t *cscf)
260 s->salt.data = ngx_pnalloc(c->pool,
261 sizeof(" <18446744073709551616.@>" CRLF) - 1
263 + cscf->server_name.len);
264 if (s->salt.data == NULL) {
268 s->salt.len = ngx_sprintf(s->salt.data, "<%ul.%T@%V>" CRLF,
269 ngx_random(), ngx_time(), &cscf->server_name)
279 ngx_mail_starttls_only(ngx_mail_session_t *s, ngx_connection_t *c)
281 ngx_mail_ssl_conf_t *sslcf;
287 sslcf = ngx_mail_get_module_srv_conf(s, ngx_mail_ssl_module);
289 if (sslcf->starttls == NGX_MAIL_STARTTLS_ONLY) {
300 ngx_mail_auth_plain(ngx_mail_session_t *s, ngx_connection_t *c, ngx_uint_t n)
303 ngx_str_t *arg, plain;
307 #if (NGX_DEBUG_MAIL_PASSWD)
308 ngx_log_debug1(NGX_LOG_DEBUG_MAIL, c->log, 0,
309 "mail auth plain: \"%V\"", &arg[n]);
312 plain.data = ngx_pnalloc(c->pool, ngx_base64_decoded_length(arg[n].len));
313 if (plain.data == NULL){
317 if (ngx_decode_base64(&plain, &arg[n]) != NGX_OK) {
318 ngx_log_error(NGX_LOG_INFO, c->log, 0,
319 "client sent invalid base64 encoding in AUTH PLAIN command");
320 return NGX_MAIL_PARSE_INVALID_COMMAND;
324 last = p + plain.len;
326 while (p < last && *p++) { /* void */ }
329 ngx_log_error(NGX_LOG_INFO, c->log, 0,
330 "client sent invalid login in AUTH PLAIN command");
331 return NGX_MAIL_PARSE_INVALID_COMMAND;
336 while (p < last && *p) { p++; }
339 ngx_log_error(NGX_LOG_INFO, c->log, 0,
340 "client sent invalid password in AUTH PLAIN command");
341 return NGX_MAIL_PARSE_INVALID_COMMAND;
344 s->login.len = p++ - s->login.data;
346 s->passwd.len = last - p;
349 #if (NGX_DEBUG_MAIL_PASSWD)
350 ngx_log_debug2(NGX_LOG_DEBUG_MAIL, c->log, 0,
351 "mail auth plain: \"%V\" \"%V\"", &s->login, &s->passwd);
359 ngx_mail_auth_login_username(ngx_mail_session_t *s, ngx_connection_t *c,
366 ngx_log_debug1(NGX_LOG_DEBUG_MAIL, c->log, 0,
367 "mail auth login username: \"%V\"", &arg[n]);
369 s->login.data = ngx_pnalloc(c->pool, ngx_base64_decoded_length(arg[n].len));
370 if (s->login.data == NULL){
374 if (ngx_decode_base64(&s->login, &arg[n]) != NGX_OK) {
375 ngx_log_error(NGX_LOG_INFO, c->log, 0,
376 "client sent invalid base64 encoding in AUTH LOGIN command");
377 return NGX_MAIL_PARSE_INVALID_COMMAND;
380 ngx_log_debug1(NGX_LOG_DEBUG_MAIL, c->log, 0,
381 "mail auth login username: \"%V\"", &s->login);
388 ngx_mail_auth_login_password(ngx_mail_session_t *s, ngx_connection_t *c)
394 #if (NGX_DEBUG_MAIL_PASSWD)
395 ngx_log_debug1(NGX_LOG_DEBUG_MAIL, c->log, 0,
396 "mail auth login password: \"%V\"", &arg[0]);
399 s->passwd.data = ngx_pnalloc(c->pool,
400 ngx_base64_decoded_length(arg[0].len));
401 if (s->passwd.data == NULL){
405 if (ngx_decode_base64(&s->passwd, &arg[0]) != NGX_OK) {
406 ngx_log_error(NGX_LOG_INFO, c->log, 0,
407 "client sent invalid base64 encoding in AUTH LOGIN command");
408 return NGX_MAIL_PARSE_INVALID_COMMAND;
411 #if (NGX_DEBUG_MAIL_PASSWD)
412 ngx_log_debug1(NGX_LOG_DEBUG_MAIL, c->log, 0,
413 "mail auth login password: \"%V\"", &s->passwd);
421 ngx_mail_auth_cram_md5_salt(ngx_mail_session_t *s, ngx_connection_t *c,
422 char *prefix, size_t len)
428 p = ngx_pnalloc(c->pool, len + ngx_base64_encoded_length(s->salt.len) + 2);
433 salt.data = ngx_cpymem(p, prefix, len);
436 ngx_encode_base64(&salt, &s->salt);
440 p[n++] = CR; p[n++] = LF;
450 ngx_mail_auth_cram_md5(ngx_mail_session_t *s, ngx_connection_t *c)
457 ngx_log_debug1(NGX_LOG_DEBUG_MAIL, c->log, 0,
458 "mail auth cram-md5: \"%V\"", &arg[0]);
460 s->login.data = ngx_pnalloc(c->pool, ngx_base64_decoded_length(arg[0].len));
461 if (s->login.data == NULL){
465 if (ngx_decode_base64(&s->login, &arg[0]) != NGX_OK) {
466 ngx_log_error(NGX_LOG_INFO, c->log, 0,
467 "client sent invalid base64 encoding in AUTH CRAM-MD5 command");
468 return NGX_MAIL_PARSE_INVALID_COMMAND;
472 last = p + s->login.len;
476 s->login.len = p - s->login.data - 1;
477 s->passwd.len = last - p;
483 if (s->passwd.len != 32) {
484 ngx_log_error(NGX_LOG_INFO, c->log, 0,
485 "client sent invalid CRAM-MD5 hash in AUTH CRAM-MD5 command");
486 return NGX_MAIL_PARSE_INVALID_COMMAND;
489 ngx_log_debug2(NGX_LOG_DEBUG_MAIL, c->log, 0,
490 "mail auth cram-md5: \"%V\" \"%V\"", &s->login, &s->passwd);
492 s->auth_method = NGX_MAIL_AUTH_CRAM_MD5;
499 ngx_mail_send(ngx_event_t *wev)
503 ngx_mail_session_t *s;
504 ngx_mail_core_srv_conf_t *cscf;
510 ngx_log_error(NGX_LOG_INFO, c->log, NGX_ETIMEDOUT, "client timed out");
512 ngx_mail_close_connection(c);
516 if (s->out.len == 0) {
517 if (ngx_handle_write_event(c->write, 0) != NGX_OK) {
518 ngx_mail_close_connection(c);
524 n = c->send(c, s->out.data, s->out.len);
529 if (wev->timer_set) {
534 ngx_mail_close_connection(c);
539 c->read->handler(c->read);
545 if (n == NGX_ERROR) {
546 ngx_mail_close_connection(c);
552 cscf = ngx_mail_get_module_srv_conf(s, ngx_mail_core_module);
554 ngx_add_timer(c->write, cscf->timeout);
556 if (ngx_handle_write_event(c->write, 0) != NGX_OK) {
557 ngx_mail_close_connection(c);
564 ngx_mail_read_command(ngx_mail_session_t *s, ngx_connection_t *c)
569 ngx_mail_core_srv_conf_t *cscf;
571 n = c->recv(c, s->buffer->last, s->buffer->end - s->buffer->last);
573 if (n == NGX_ERROR || n == 0) {
574 ngx_mail_close_connection(c);
579 s->buffer->last += n;
582 if (n == NGX_AGAIN) {
583 if (ngx_handle_read_event(c->read, 0) != NGX_OK) {
584 ngx_mail_session_internal_server_error(s);
591 cscf = ngx_mail_get_module_srv_conf(s, ngx_mail_core_module);
593 rc = cscf->protocol->parse_command(s);
595 if (rc == NGX_AGAIN) {
597 if (s->buffer->last < s->buffer->end) {
601 l.len = s->buffer->last - s->buffer->start;
602 l.data = s->buffer->start;
604 ngx_log_error(NGX_LOG_INFO, c->log, 0,
605 "client sent too long command \"%V\"", &l);
609 return NGX_MAIL_PARSE_INVALID_COMMAND;
612 if (rc == NGX_IMAP_NEXT || rc == NGX_MAIL_PARSE_INVALID_COMMAND) {
616 if (rc == NGX_ERROR) {
617 ngx_mail_close_connection(c);
626 ngx_mail_auth(ngx_mail_session_t *s, ngx_connection_t *c)
629 s->buffer->pos = s->buffer->start;
630 s->buffer->last = s->buffer->start;
633 if (c->read->timer_set) {
634 ngx_del_timer(c->read);
639 ngx_mail_auth_http_init(s);
644 ngx_mail_session_internal_server_error(ngx_mail_session_t *s)
646 ngx_mail_core_srv_conf_t *cscf;
648 cscf = ngx_mail_get_module_srv_conf(s, ngx_mail_core_module);
650 s->out = cscf->protocol->internal_server_error;
653 ngx_mail_send(s->connection->write);
658 ngx_mail_close_connection(ngx_connection_t *c)
662 ngx_log_debug1(NGX_LOG_DEBUG_MAIL, c->log, 0,
663 "close mail connection: %d", c->fd);
668 if (ngx_ssl_shutdown(c) == NGX_AGAIN) {
669 c->ssl->handler = ngx_mail_close_connection;
677 ngx_atomic_fetch_add(ngx_stat_active, -1);
684 ngx_close_connection(c);
686 ngx_destroy_pool(pool);
691 ngx_mail_log_error(ngx_log_t *log, u_char *buf, size_t len)
694 ngx_mail_session_t *s;
695 ngx_mail_log_ctx_t *ctx;
698 p = ngx_snprintf(buf, len, " while %s", log->action);
705 p = ngx_snprintf(buf, len, ", client: %V", ctx->client);
715 p = ngx_snprintf(buf, len, "%s, server: %V",
716 s->starttls ? " using starttls" : "",
721 if (s->login.len == 0) {
725 p = ngx_snprintf(buf, len, ", login: \"%V\"", &s->login);
729 if (s->proxy == NULL) {
733 p = ngx_snprintf(buf, len, ", upstream: %V", s->proxy->upstream.name);