IntenseWebs/nginx
3
0
Fork 0
mirror of https://github.com/nginx/nginx.git synced 2025-02-25 18:55:26 -06:00
Code Issues Packages Projects Releases Wiki Activity

smtp_auth none

Browse Source 
patch by Maxim Dounin
This commit is contained in:
Igor Sysoev 2008-11-13 13:25:34 +00:00
parent a485909174
commit d0e8e5456c
7 changed files with 330 additions and 56 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
src/mail/ngx_mail.h
View File

@ -136,8 +136,12 @@ typedef enum {
ngx_smtp_auth_plain,
ngx_smtp_auth_cram_md5,
ngx_smtp_helo,
ngx_smtp_noxclient,
ngx_smtp_xclient
ngx_smtp_helo_xclient,
ngx_smtp_helo_from,
ngx_smtp_xclient,
ngx_smtp_xclient_from,
ngx_smtp_from,
ngx_smtp_to
} ngx_smtp_state_e;
@ -173,7 +177,7 @@ typedef struct {
unsigned no_sync_literal:1;
unsigned starttls:1;
unsigned esmtp:1;
unsigned auth_method:2;
unsigned auth_method:3;
unsigned auth_wait:1;
ngx_str_t login;
@ -187,6 +191,8 @@ typedef struct {
ngx_str_t *addr_text;
ngx_str_t host;
ngx_str_t smtp_helo;
ngx_str_t smtp_from;
ngx_str_t smtp_to;
ngx_uint_t command;
ngx_array_t args;
@ -256,12 +262,14 @@ typedef struct {
#define NGX_MAIL_AUTH_LOGIN 1
#define NGX_MAIL_AUTH_APOP 2
#define NGX_MAIL_AUTH_CRAM_MD5 3
#define NGX_MAIL_AUTH_NONE 4
#define NGX_MAIL_AUTH_PLAIN_ENABLED 0x0002
#define NGX_MAIL_AUTH_LOGIN_ENABLED 0x0004
#define NGX_MAIL_AUTH_APOP_ENABLED 0x0008
#define NGX_MAIL_AUTH_CRAM_MD5_ENABLED 0x0010
#define NGX_MAIL_AUTH_NONE_ENABLED 0x0020
#define NGX_MAIL_PARSE_INVALID_COMMAND 20

37
src/mail/ngx_mail_auth_http_module.c
View File

@ -141,7 +141,8 @@ static ngx_str_t ngx_mail_auth_http_method[] = {
ngx_string("plain"),
ngx_string("plain"),
ngx_string("apop"),
ngx_string("cram-md5")
ngx_string("cram-md5"),
ngx_string("none")
};
static ngx_str_t ngx_mail_smtp_errcode = ngx_string("535 5.7.0");
@ -1165,6 +1166,10 @@ ngx_mail_auth_http_create_request(ngx_mail_session_t *s, ngx_pool_t *pool,
+ sizeof(CRLF) - 1
+ sizeof("Client-IP: ") - 1 + s->connection->addr_text.len
+ sizeof(CRLF) - 1
+ sizeof("Client-Host: ") - 1 + s->host.len + sizeof(CRLF) - 1
+ sizeof("Auth-SMTP-Helo: ") - 1 + s->smtp_helo.len
+ sizeof("Auth-SMTP-From: ") - 1 + s->smtp_from.len
+ sizeof("Auth-SMTP-To: ") - 1 + s->smtp_to.len
+ ahcf->header.len
+ sizeof(CRLF) - 1;
@ -1216,9 +1221,37 @@ ngx_mail_auth_http_create_request(ngx_mail_session_t *s, ngx_pool_t *pool,
b->last = ngx_cpymem(b->last, "Client-IP: ", sizeof("Client-IP: ") - 1);
b->last = ngx_copy(b->last, s->connection->addr_text.data,
s->connection->addr_text.len);
s->connection->addr_text.len);
*b->last++ = CR; *b->last++ = LF;
if (s->host.len) {
b->last = ngx_cpymem(b->last, "Client-Host: ",
sizeof("Client-Host: ") - 1);
b->last = ngx_copy(b->last, s->host.data, s->host.len);
*b->last++ = CR; *b->last++ = LF;
}
if (s->auth_method == NGX_MAIL_AUTH_NONE) {
/* HELO, MAIL FROM, and RCPT TO can't contain CRLF, no need to escape */
b->last = ngx_cpymem(b->last, "Auth-SMTP-Helo: ",
sizeof("Auth-SMTP-Helo: ") - 1);
b->last = ngx_copy(b->last, s->smtp_helo.data, s->smtp_helo.len);
*b->last++ = CR; *b->last++ = LF;
b->last = ngx_cpymem(b->last, "Auth-SMTP-From: ",
sizeof("Auth-SMTP-From: ") - 1);
b->last = ngx_copy(b->last, s->smtp_from.data, s->smtp_from.len);
*b->last++ = CR; *b->last++ = LF;
b->last = ngx_cpymem(b->last, "Auth-SMTP-To: ",
sizeof("Auth-SMTP-To: ") - 1);
b->last = ngx_copy(b->last, s->smtp_to.data, s->smtp_to.len);
*b->last++ = CR; *b->last++ = LF;
}
if (ahcf->header.len) {
b->last = ngx_copy(b->last, ahcf->header.data, ahcf->header.len);
}

3
src/mail/ngx_mail_imap_module.c
View File

@ -36,7 +36,8 @@ static ngx_str_t ngx_mail_imap_auth_methods_names[] = {
ngx_string("AUTH=PLAIN"),
ngx_string("AUTH=LOGIN"),
ngx_null_string, /* APOP */
ngx_string("AUTH=CRAM-MD5")
ngx_string("AUTH=CRAM-MD5"),
ngx_null_string /* NONE */
};

2
src/mail/ngx_mail_parse.c
View File

@ -746,7 +746,7 @@ ngx_mail_smtp_parse_command(ngx_mail_session_t *s)
s->arg_end = p;
goto done;
default:
if (s->args.nelts <= 2) {
if (s->args.nelts <= 10) {
state = sw_argument;
s->arg_start = p;
break;

111
src/mail/ngx_mail_proxy_module.c
View File

@ -104,7 +104,8 @@ ngx_module_t ngx_mail_proxy_module = {
};
static u_char smtp_ok[] = "235 2.0.0 OK" CRLF;
static u_char smtp_auth_ok[] = "235 2.0.0 OK" CRLF;
static u_char smtp_ok[] = "250 2.0.0 OK" CRLF;
void
@ -465,6 +466,7 @@ ngx_mail_proxy_smtp_handler(ngx_event_t *rev)
u_char *p;
ngx_int_t rc;
ngx_str_t line;
ngx_buf_t *b;
ngx_connection_t *c;
ngx_mail_session_t *s;
ngx_mail_proxy_conf_t *pcf;
@ -520,11 +522,19 @@ ngx_mail_proxy_smtp_handler(ngx_event_t *rev)
p = ngx_cpymem(p, cscf->server_name.data, cscf->server_name.len);
*p++ = CR; *p = LF;
s->mail_state = pcf->xclient ? ngx_smtp_helo: ngx_smtp_noxclient;
if (pcf->xclient) {
s->mail_state = ngx_smtp_helo_xclient;
} else if (s->auth_method == NGX_MAIL_AUTH_NONE) {
s->mail_state = ngx_smtp_helo_from;
} else {
s->mail_state = ngx_smtp_helo;
}
break;
case ngx_smtp_helo:
case ngx_smtp_helo_xclient:
ngx_log_debug0(NGX_LOG_DEBUG_MAIL, rev->log, 0,
"mail proxy send xclient");
@ -541,30 +551,76 @@ ngx_mail_proxy_smtp_handler(ngx_event_t *rev)
return;
}
if (s->smtp_helo.len) {
line.len = ngx_sprintf(line.data,
"XCLIENT PROTO=%sSMTP HELO=%V ADDR=%V LOGIN=%V "
"NAME=%V" CRLF,
(s->esmtp ? "E" : ""), &s->smtp_helo,
&s->connection->addr_text, &s->login, &s->host)
- line.data;
} else {
line.len = ngx_sprintf(line.data,
"XCLIENT PROTO=SMTP ADDR=%V LOGIN=%V NAME=%V" CRLF,
&s->connection->addr_text, &s->login, &s->host)
- line.data;
}
line.len = ngx_sprintf(line.data,
"XCLIENT PROTO=%sSMTP%s%V ADDR=%V%s%V NAME=%V" CRLF,
(s->esmtp ? "E" : ""),
(s->smtp_helo.len ? " HELO=" : ""), &s->smtp_helo,
&s->connection->addr_text,
(s->login.len ? " LOGIN=" : ""), &s->login, &s->host)
- line.data;
s->mail_state = (s->auth_method == NGX_MAIL_AUTH_NONE) ?
ngx_smtp_xclient_from : ngx_smtp_xclient;
s->mail_state = ngx_smtp_xclient;
break;
case ngx_smtp_noxclient:
case ngx_smtp_helo_from:
case ngx_smtp_xclient_from:
ngx_log_debug0(NGX_LOG_DEBUG_MAIL, rev->log, 0,
"mail proxy send mail from");
s->connection->log->action = "sending MAIL FROM to upstream";
line.len = s->smtp_from.len + sizeof(CRLF) - 1;
line.data = ngx_pnalloc(c->pool, line.len);
if (line.data == NULL) {
ngx_mail_proxy_internal_server_error(s);
return;
}
p = ngx_cpymem(line.data, s->smtp_from.data, s->smtp_from.len);
*p++ = CR; *p = LF;
s->mail_state = ngx_smtp_from;
break;
case ngx_smtp_from:
ngx_log_debug0(NGX_LOG_DEBUG_MAIL, rev->log, 0,
"mail proxy send rcpt to");
s->connection->log->action = "sending RCPT TO to upstream";
line.len = s->smtp_to.len + sizeof(CRLF) - 1;
line.data = ngx_pnalloc(c->pool, line.len);
if (line.data == NULL) {
ngx_mail_proxy_internal_server_error(s);
return;
}
p = ngx_cpymem(line.data, s->smtp_to.data, s->smtp_to.len);
*p++ = CR; *p = LF;
s->mail_state = ngx_smtp_to;
break;
case ngx_smtp_helo:
case ngx_smtp_xclient:
case ngx_smtp_to:
ngx_memcpy(s->proxy->buffer->start, smtp_ok, sizeof(smtp_ok) - 1);
b = s->proxy->buffer;
s->proxy->buffer->pos = s->proxy->buffer->start;
s->proxy->buffer->last = s->proxy->buffer->start + sizeof(smtp_ok) - 1;
if (s->auth_method == NGX_MAIL_AUTH_NONE) {
ngx_memcpy(b->start, smtp_ok, sizeof(smtp_ok) - 1);
b->last = b->start + sizeof(smtp_ok) - 1;
} else {
ngx_memcpy(b->start, smtp_auth_ok, sizeof(smtp_auth_ok) - 1);
b->last = b->start + sizeof(smtp_auth_ok) - 1;
}
b->pos = b->start;
s->connection->read->handler = ngx_mail_proxy_handler;
s->connection->write->handler = ngx_mail_proxy_handler;
@ -704,18 +760,27 @@ ngx_mail_proxy_read_response(ngx_mail_session_t *s, ngx_uint_t state)
switch (state) {
case ngx_smtp_helo:
case ngx_smtp_noxclient:
case ngx_smtp_helo_from:
case ngx_smtp_helo_xclient:
case ngx_smtp_from:
case ngx_smtp_to:
if (p[0] == '2' && p[1] == '5' && p[2] == '0') {
return NGX_OK;
}
break;
case ngx_smtp_start:
case ngx_smtp_xclient:
if (p[0] == '2' && p[1] == '2' && p[2] == '0') {
return NGX_OK;
}
break;
case ngx_smtp_xclient:
case ngx_smtp_xclient_from:
if (p[0] == '2' && (p[1] == '2' || p[1] == '5') && p[2] == '0') {
return NGX_OK;
}
break;
}
break;

153
src/mail/ngx_mail_smtp_handler.c
View File

@ -23,6 +23,8 @@ static ngx_int_t ngx_mail_smtp_auth(ngx_mail_session_t *s, ngx_connection_t *c);
static ngx_int_t ngx_mail_smtp_mail(ngx_mail_session_t *s, ngx_connection_t *c);
static ngx_int_t ngx_mail_smtp_starttls(ngx_mail_session_t *s,
ngx_connection_t *c);
static ngx_int_t ngx_mail_smtp_rset(ngx_mail_session_t *s, ngx_connection_t *c);
static ngx_int_t ngx_mail_smtp_rcpt(ngx_mail_session_t *s, ngx_connection_t *c);
static ngx_int_t ngx_mail_smtp_discard_command(ngx_mail_session_t *s,
ngx_connection_t *c, char *err);
@ -41,6 +43,7 @@ static u_char smtp_invalid_pipelining[] =
"503 5.5.0 Improper use of SMTP command pipelining" CRLF;
static u_char smtp_invalid_argument[] = "501 5.5.4 Invalid argument" CRLF;
static u_char smtp_auth_required[] = "530 5.7.1 Authentication required" CRLF;
static u_char smtp_bad_sequence[] = "503 5.5.1 Bad sequence of commands" CRLF;
static ngx_str_t smtp_unavailable = ngx_string("[UNAVAILABLE]");
@ -417,8 +420,15 @@ ngx_mail_smtp_auth_state(ngx_event_t *rev)
rc = ngx_mail_smtp_mail(s, c);
break;
case NGX_SMTP_NOOP:
case NGX_SMTP_RCPT:
rc = ngx_mail_smtp_rcpt(s, c);
break;
case NGX_SMTP_RSET:
rc = ngx_mail_smtp_rset(s, c);
break;
case NGX_SMTP_NOOP:
break;
case NGX_SMTP_STARTTLS:
@ -513,6 +523,11 @@ ngx_mail_smtp_helo(ngx_mail_session_t *s, ngx_connection_t *c)
ngx_memcpy(s->smtp_helo.data, arg[0].data, arg[0].len);
s->smtp_from.len = 0;
s->smtp_from.data = NULL;
s->smtp_to.len = 0;
s->smtp_to.data = NULL;
sscf = ngx_mail_get_module_srv_conf(s, ngx_mail_smtp_module);
if (s->command == NGX_SMTP_HELO) {
@ -618,10 +633,136 @@ ngx_mail_smtp_auth(ngx_mail_session_t *s, ngx_connection_t *c)
static ngx_int_t
ngx_mail_smtp_mail(ngx_mail_session_t *s, ngx_connection_t *c)
{
ngx_mail_smtp_log_rejected_command(s, c, "client was rejected: \"%V\"");
u_char ch;
ngx_str_t l;
ngx_uint_t i;
ngx_mail_smtp_srv_conf_t *sscf;
s->out.len = sizeof(smtp_auth_required) - 1;
s->out.data = smtp_auth_required;
sscf = ngx_mail_get_module_srv_conf(s, ngx_mail_smtp_module);
if (!(sscf->auth_methods & NGX_MAIL_AUTH_NONE_ENABLED)) {
ngx_mail_smtp_log_rejected_command(s, c, "client was rejected: \"%V\"");
s->out.len = sizeof(smtp_auth_required) - 1;
s->out.data = smtp_auth_required;
return NGX_OK;
}
/* auth none */
if (s->smtp_from.len) {
s->out.len = sizeof(smtp_bad_sequence) - 1;
s->out.data = smtp_bad_sequence;
return NGX_OK;
}
l.len = s->buffer->last - s->buffer->start;
l.data = s->buffer->start;
for (i = 0; i < l.len; i++) {
ch = l.data[i];
if (ch != CR && ch != LF) {
continue;
}
l.data[i] = ' ';
}
while (i) {
if (l.data[i - 1] != ' ') {
break;
}
i--;
}
l.len = i;
s->smtp_from.len = l.len;
s->smtp_from.data = ngx_pnalloc(c->pool, l.len);
if (s->smtp_from.data == NULL) {
return NGX_ERROR;
}
ngx_memcpy(s->smtp_from.data, l.data, l.len);
ngx_log_debug1(NGX_LOG_DEBUG_MAIL, c->log, 0,
"smtp mail from:\"%V\"", &s->smtp_from);
s->out.len = sizeof(smtp_ok) - 1;
s->out.data = smtp_ok;
return NGX_OK;
}
static ngx_int_t
ngx_mail_smtp_rcpt(ngx_mail_session_t *s, ngx_connection_t *c)
{
u_char ch;
ngx_str_t l;
ngx_uint_t i;
if (s->smtp_from.len == 0) {
s->out.len = sizeof(smtp_bad_sequence) - 1;
s->out.data = smtp_bad_sequence;
return NGX_OK;
}
l.len = s->buffer->last - s->buffer->start;
l.data = s->buffer->start;
for (i = 0; i < l.len; i++) {
ch = l.data[i];
if (ch != CR && ch != LF) {
continue;
}
l.data[i] = ' ';
}
while (i) {
if (l.data[i - 1] != ' ') {
break;
}
i--;
}
l.len = i;
s->smtp_to.len = l.len;
s->smtp_to.data = ngx_pnalloc(c->pool, l.len);
if (s->smtp_to.data == NULL) {
return NGX_ERROR;
}
ngx_memcpy(s->smtp_to.data, l.data, l.len);
ngx_log_debug1(NGX_LOG_DEBUG_MAIL, c->log, 0,
"smtp rcpt to:\"%V\"", &s->smtp_to);
s->auth_method = NGX_MAIL_AUTH_NONE;
return NGX_DONE;
}
static ngx_int_t
ngx_mail_smtp_rset(ngx_mail_session_t *s, ngx_connection_t *c)
{
s->smtp_from.len = 0;
s->smtp_from.data = NULL;
s->smtp_to.len = 0;
s->smtp_to.data = NULL;
s->out.len = sizeof(smtp_ok) - 1;
s->out.data = smtp_ok;
return NGX_OK;
}
@ -644,6 +785,10 @@ ngx_mail_smtp_starttls(ngx_mail_session_t *s, ngx_connection_t *c)
s->smtp_helo.len = 0;
s->smtp_helo.data = NULL;
s->smtp_from.len = 0;
s->smtp_from.data = NULL;
s->smtp_to.len = 0;
s->smtp_to.data = NULL;
c->read->handler = ngx_mail_starttls_handler;
return NGX_OK;

66
src/mail/ngx_mail_smtp_module.c
View File

@ -20,6 +20,7 @@ static ngx_conf_bitmask_t ngx_mail_smtp_auth_methods[] = {
{ ngx_string("plain"), NGX_MAIL_AUTH_PLAIN_ENABLED },
{ ngx_string("login"), NGX_MAIL_AUTH_LOGIN_ENABLED },
{ ngx_string("cram-md5"), NGX_MAIL_AUTH_CRAM_MD5_ENABLED },
{ ngx_string("none"), NGX_MAIL_AUTH_NONE_ENABLED },
{ ngx_null_string, 0 }
};
@ -28,7 +29,8 @@ static ngx_str_t ngx_mail_smtp_auth_methods_names[] = {
ngx_string("PLAIN"),
ngx_string("LOGIN"),
ngx_null_string, /* APOP */
ngx_string("CRAM-MD5")
ngx_string("CRAM-MD5"),
ngx_null_string /* NONE */
};
@ -136,10 +138,10 @@ ngx_mail_smtp_merge_srv_conf(ngx_conf_t *cf, void *parent, void *child)
ngx_mail_smtp_srv_conf_t *prev = parent;
ngx_mail_smtp_srv_conf_t *conf = child;
u_char *p, *auth;
u_char *p, *auth, *last;
size_t size;
ngx_str_t *c;
ngx_uint_t i, m;
ngx_uint_t i, m, auth_enabled;
ngx_mail_core_srv_conf_t *cscf;
ngx_conf_merge_size_value(conf->client_buffer_size,
@ -192,23 +194,29 @@ ngx_mail_smtp_merge_srv_conf(ngx_conf_t *cf, void *parent, void *child)
conf->capabilities = prev->capabilities;
}
size = sizeof("250-") - 1 + cscf->server_name.len + sizeof(CRLF) - 1
+ sizeof("250 AUTH") - 1 + sizeof(CRLF) - 1;
size = sizeof("250-") - 1 + cscf->server_name.len + sizeof(CRLF) - 1;
c = conf->capabilities.elts;
for (i = 0; i < conf->capabilities.nelts; i++) {
size += sizeof("250 ") - 1 + c[i].len + sizeof(CRLF) - 1;
}
auth_enabled = 0;
for (m = NGX_MAIL_AUTH_PLAIN_ENABLED, i = 0;
m <= NGX_MAIL_AUTH_CRAM_MD5_ENABLED;
m <<= 1, i++)
{
if (m & conf->auth_methods) {
size += 1 + ngx_mail_smtp_auth_methods_names[i].len;
auth_enabled = 1;
}
}
if (auth_enabled) {
size += sizeof("250 AUTH") - 1 + sizeof(CRLF) - 1;
}
p = ngx_pnalloc(cf->pool, size);
if (p == NULL) {
return NGX_CONF_ERROR;
@ -217,11 +225,14 @@ ngx_mail_smtp_merge_srv_conf(ngx_conf_t *cf, void *parent, void *child)
conf->capability.len = size;
conf->capability.data = p;
last = p;
*p++ = '2'; *p++ = '5'; *p++ = '0'; *p++ = '-';
p = ngx_cpymem(p, cscf->server_name.data, cscf->server_name.len);
*p++ = CR; *p++ = LF;
for (i = 0; i < conf->capabilities.nelts; i++) {
last = p;
*p++ = '2'; *p++ = '5'; *p++ = '0'; *p++ = '-';
p = ngx_cpymem(p, c[i].data, c[i].len);
*p++ = CR; *p++ = LF;
@ -229,21 +240,28 @@ ngx_mail_smtp_merge_srv_conf(ngx_conf_t *cf, void *parent, void *child)
auth = p;
*p++ = '2'; *p++ = '5'; *p++ = '0'; *p++ = ' ';
*p++ = 'A'; *p++ = 'U'; *p++ = 'T'; *p++ = 'H';
if (auth_enabled) {
last = p;
for (m = NGX_MAIL_AUTH_PLAIN_ENABLED, i = 0;
m <= NGX_MAIL_AUTH_CRAM_MD5_ENABLED;
m <<= 1, i++)
{
if (m & conf->auth_methods) {
*p++ = ' ';
p = ngx_cpymem(p, ngx_mail_smtp_auth_methods_names[i].data,
ngx_mail_smtp_auth_methods_names[i].len);
*p++ = '2'; *p++ = '5'; *p++ = '0'; *p++ = ' ';
*p++ = 'A'; *p++ = 'U'; *p++ = 'T'; *p++ = 'H';
for (m = NGX_MAIL_AUTH_PLAIN_ENABLED, i = 0;
m <= NGX_MAIL_AUTH_CRAM_MD5_ENABLED;
m <<= 1, i++)
{
if (m & conf->auth_methods) {
*p++ = ' ';
p = ngx_cpymem(p, ngx_mail_smtp_auth_methods_names[i].data,
ngx_mail_smtp_auth_methods_names[i].len);
}
}
}
*p++ = CR; *p = LF;
*p++ = CR; *p = LF;
} else {
last[3] = ' ';
}
size += sizeof("250 STARTTLS" CRLF) - 1;
@ -255,14 +273,13 @@ ngx_mail_smtp_merge_srv_conf(ngx_conf_t *cf, void *parent, void *child)
conf->starttls_capability.len = size;
conf->starttls_capability.data = p;
p = ngx_cpymem(p, conf->capability.data,
conf->capability.len);
p = ngx_cpymem(p, conf->capability.data, conf->capability.len);
p = ngx_cpymem(p, "250 STARTTLS" CRLF, sizeof("250 STARTTLS" CRLF) - 1);
*p++ = CR; *p = LF;
p = conf->starttls_capability.data
+ (auth - conf->capability.data) + 3;
+ (last - conf->capability.data) + 3;
*p = '-';
size = (auth - conf->capability.data)
@ -276,10 +293,15 @@ ngx_mail_smtp_merge_srv_conf(ngx_conf_t *cf, void *parent, void *child)
conf->starttls_only_capability.len = size;
conf->starttls_only_capability.data = p;
p = ngx_cpymem(p, conf->capability.data,
auth - conf->capability.data);
p = ngx_cpymem(p, conf->capability.data, auth - conf->capability.data);
ngx_memcpy(p, "250 STARTTLS" CRLF, sizeof("250 STARTTLS" CRLF) - 1);
if (last < auth) {
p = conf->starttls_only_capability.data
+ (last - conf->capability.data) + 3;
*p = '-';
}
return NGX_CONF_OK;
}