mirror/nginx
1
0
Fork 0
mirror of https://github.com/nginx/nginx.git synced 2025-06-08 02:02:38 +08:00
Code Issues Actions Packages Projects Releases Wiki Activity

APOP

Browse Source
This commit is contained in:
Igor Sysoev 2006-10-23 13:10:10 +00:00
parent 73c80d82c1
commit abeb122d6e
9 changed files with 235 additions and 34 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
src/core/ngx_config.h
View File

@ -49,6 +49,8 @@
#define ngx_signal_helper(n) SIG##n #define ngx_signal_helper(n) SIG##n
#define ngx_signal_value(n) ngx_signal_helper(n) #define ngx_signal_value(n) ngx_signal_helper(n)
#define ngx_random random
/* TODO: #ifndef */ /* TODO: #ifndef */
#define NGX_SHUTDOWN_SIGNAL QUIT #define NGX_SHUTDOWN_SIGNAL QUIT
#define NGX_TERMINATE_SIGNAL TERM #define NGX_TERMINATE_SIGNAL TERM

6
src/core/ngx_file.c
View File

@ -9,7 +9,7 @@
static ngx_atomic_uint_t ngx_temp_number; static ngx_atomic_uint_t ngx_temp_number;
static ngx_atomic_uint_t ngx_random; static ngx_atomic_uint_t ngx_random_number;
ssize_t ssize_t
@ -216,7 +216,7 @@ void
ngx_init_temp_number(void) ngx_init_temp_number(void)
{ {
ngx_temp_number = 0; ngx_temp_number = 0;
ngx_random = 123456; ngx_random_number = 123456;
} }
@ -224,7 +224,7 @@ ngx_atomic_uint_t
ngx_next_temp_number(ngx_uint_t collision) ngx_next_temp_number(ngx_uint_t collision)
{ {
if (collision) { if (collision) {
ngx_temp_number += ngx_random; ngx_temp_number += ngx_random_number;
} }
return ngx_temp_number++; return ngx_temp_number++;

54
src/imap/ngx_imap.h
View File

@ -87,6 +87,10 @@ typedef struct {
ngx_str_t imap_starttls_capability; ngx_str_t imap_starttls_capability;
ngx_str_t imap_starttls_only_capability; ngx_str_t imap_starttls_only_capability;
ngx_str_t server_name;
ngx_uint_t auth_methods;
ngx_array_t pop3_capabilities; ngx_array_t pop3_capabilities;
ngx_array_t imap_capabilities; ngx_array_t imap_capabilities;
@ -149,10 +153,12 @@ typedef struct {
unsigned backslash:1; unsigned backslash:1;
unsigned no_sync_literal:1; unsigned no_sync_literal:1;
unsigned starttls:1; unsigned starttls:1;
unsigned auth_method:1;
ngx_str_t login; ngx_str_t login;
ngx_str_t passwd; ngx_str_t passwd;
ngx_str_t salt;
ngx_str_t tag; ngx_str_t tag;
ngx_str_t tagged_line; ngx_str_t tagged_line;
@ -179,29 +185,37 @@ typedef struct {
} ngx_imap_log_ctx_t; } ngx_imap_log_ctx_t;
#define NGX_POP3_USER 1 #define NGX_POP3_USER 1
#define NGX_POP3_PASS 2 #define NGX_POP3_PASS 2
#define NGX_POP3_CAPA 3 #define NGX_POP3_CAPA 3
#define NGX_POP3_QUIT 4 #define NGX_POP3_QUIT 4
#define NGX_POP3_NOOP 5 #define NGX_POP3_NOOP 5
#define NGX_POP3_STLS 6 #define NGX_POP3_STLS 6
#define NGX_POP3_APOP 7 #define NGX_POP3_APOP 7
#define NGX_POP3_STAT 8 #define NGX_POP3_STAT 8
#define NGX_POP3_LIST 9 #define NGX_POP3_LIST 9
#define NGX_POP3_RETR 10 #define NGX_POP3_RETR 10
#define NGX_POP3_DELE 11 #define NGX_POP3_DELE 11
#define NGX_POP3_RSET 12 #define NGX_POP3_RSET 12
#define NGX_POP3_TOP 13 #define NGX_POP3_TOP 13
#define NGX_POP3_UIDL 14 #define NGX_POP3_UIDL 14
#define NGX_IMAP_LOGIN 1 #define NGX_IMAP_LOGIN 1
#define NGX_IMAP_LOGOUT 2 #define NGX_IMAP_LOGOUT 2
#define NGX_IMAP_CAPABILITY 3 #define NGX_IMAP_CAPABILITY 3
#define NGX_IMAP_NOOP 4 #define NGX_IMAP_NOOP 4
#define NGX_IMAP_STARTTLS 5 #define NGX_IMAP_STARTTLS 5
#define NGX_IMAP_NEXT 6 #define NGX_IMAP_NEXT 6
#define NGX_IMAP_AUTH_PLAIN 0
#define NGX_IMAP_AUTH_APOP 1
#define NGX_IMAP_AUTH_PLAIN_ENABLED 0x0002
#define NGX_IMAP_AUTH_APOP_ENABLED 0x0004
#define NGX_IMAP_PARSE_INVALID_COMMAND 20 #define NGX_IMAP_PARSE_INVALID_COMMAND 20

51
src/imap/ngx_imap_auth_http_module.c
View File

@ -131,7 +131,10 @@ ngx_module_t ngx_imap_auth_http_module = {
}; };
static char *ngx_imap_auth_http_protocol[] = { "pop3", "imap" }; static char *ngx_imap_auth_http_protocol[] = { "pop3", "imap" };
static ngx_str_t ngx_imap_auth_http_method[] = {
ngx_string("plain"), ngx_string("apop")
};
void void
@ -558,6 +561,25 @@ ngx_imap_auth_http_process_headers(ngx_imap_session_t *s,
continue; continue;
} }
if (len == sizeof("Auth-Pass") - 1
&& ngx_strncasecmp(ctx->header_name_start, "Auth-Pass",
sizeof("Auth-Pass") - 1) == 0)
{
s->passwd.len = ctx->header_end - ctx->header_start;
s->passwd.data = ngx_palloc(s->connection->pool, s->passwd.len);
if (s->passwd.data == NULL) {
ngx_close_connection(ctx->peer.connection);
ngx_destroy_pool(ctx->pool);
ngx_imap_session_internal_server_error(s);
return;
}
ngx_memcpy(s->passwd.data, ctx->header_start, s->passwd.len);
continue;
}
if (len == sizeof("Auth-Wait") - 1 if (len == sizeof("Auth-Wait") - 1
&& ngx_strncasecmp(ctx->header_name_start, "Auth-Wait", && ngx_strncasecmp(ctx->header_name_start, "Auth-Wait",
sizeof("Auth-Wait") - 1) == 0) sizeof("Auth-Wait") - 1) == 0)
@ -614,6 +636,15 @@ ngx_imap_auth_http_process_headers(ngx_imap_session_t *s,
return; return;
} }
if (s->passwd.data == NULL) {
ngx_log_error(NGX_LOG_ERR, s->connection->log, 0,
"auth http server %V did not send password",
&ctx->peer.peers->peer[0].name);
ngx_destroy_pool(ctx->pool);
ngx_imap_session_internal_server_error(s);
return;
}
peers = ngx_pcalloc(s->connection->pool, sizeof(ngx_peers_t)); peers = ngx_pcalloc(s->connection->pool, sizeof(ngx_peers_t));
if (peers == NULL) { if (peers == NULL) {
ngx_destroy_pool(ctx->pool); ngx_destroy_pool(ctx->pool);
@ -731,6 +762,8 @@ ngx_imap_auth_sleep_handler(ngx_event_t *rev)
s->connection->read->handler = ngx_imap_auth_state; s->connection->read->handler = ngx_imap_auth_state;
} }
s->auth_method = NGX_IMAP_AUTH_PLAIN;
c->log->action = "in auth state"; c->log->action = "in auth state";
ngx_imap_send(s->connection->write); ngx_imap_send(s->connection->write);
@ -1007,6 +1040,7 @@ ngx_imap_auth_http_create_request(ngx_imap_session_t *s, ngx_pool_t *pool,
+ sizeof("Auth-Method: plain" CRLF) - 1 + sizeof("Auth-Method: plain" CRLF) - 1
+ sizeof("Auth-User: ") - 1 + login.len + sizeof(CRLF) - 1 + sizeof("Auth-User: ") - 1 + login.len + sizeof(CRLF) - 1
+ sizeof("Auth-Pass: ") - 1 + passwd.len + sizeof(CRLF) - 1 + sizeof("Auth-Pass: ") - 1 + passwd.len + sizeof(CRLF) - 1
+ sizeof("Auth-Salt: ") - 1 + s->salt.len
+ sizeof("Auth-Protocol: imap" CRLF) - 1 + sizeof("Auth-Protocol: imap" CRLF) - 1
+ sizeof("Auth-Login-Attempt: ") - 1 + NGX_INT_T_LEN + sizeof("Auth-Login-Attempt: ") - 1 + NGX_INT_T_LEN
+ sizeof(CRLF) - 1 + sizeof(CRLF) - 1
@ -1029,8 +1063,12 @@ ngx_imap_auth_http_create_request(ngx_imap_session_t *s, ngx_pool_t *pool,
ahcf->host_header.len); ahcf->host_header.len);
*b->last++ = CR; *b->last++ = LF; *b->last++ = CR; *b->last++ = LF;
b->last = ngx_cpymem(b->last, "Auth-Method: plain" CRLF, b->last = ngx_cpymem(b->last, "Auth-Method: ",
sizeof("Auth-Method: plain" CRLF) - 1); sizeof("Auth-Method: ") - 1);
b->last = ngx_cpymem(b->last,
ngx_imap_auth_http_method[s->auth_method].data,
ngx_imap_auth_http_method[s->auth_method].len);
*b->last++ = CR; *b->last++ = LF;
b->last = ngx_cpymem(b->last, "Auth-User: ", sizeof("Auth-User: ") - 1); b->last = ngx_cpymem(b->last, "Auth-User: ", sizeof("Auth-User: ") - 1);
b->last = ngx_copy(b->last, login.data, login.len); b->last = ngx_copy(b->last, login.data, login.len);
@ -1040,6 +1078,13 @@ ngx_imap_auth_http_create_request(ngx_imap_session_t *s, ngx_pool_t *pool,
b->last = ngx_copy(b->last, passwd.data, passwd.len); b->last = ngx_copy(b->last, passwd.data, passwd.len);
*b->last++ = CR; *b->last++ = LF; *b->last++ = CR; *b->last++ = LF;
if (s->salt.len) {
b->last = ngx_cpymem(b->last, "Auth-Salt: ", sizeof("Auth-Salt: ") - 1);
b->last = ngx_copy(b->last, s->salt.data, s->salt.len);
s->passwd.data = NULL;
}
b->last = ngx_cpymem(b->last, "Auth-Protocol: ", b->last = ngx_cpymem(b->last, "Auth-Protocol: ",
sizeof("Auth-Protocol: ") - 1); sizeof("Auth-Protocol: ") - 1);
b->last = ngx_cpymem(b->last, ngx_imap_auth_http_protocol[s->protocol], b->last = ngx_cpymem(b->last, ngx_imap_auth_http_protocol[s->protocol],

45
src/imap/ngx_imap_core_module.c
View File

@ -45,6 +45,13 @@ static ngx_str_t ngx_imap_default_capabilities[] = {
}; };
static ngx_conf_bitmask_t ngx_imap_auth_methods[] = {
{ ngx_string("plain"), NGX_IMAP_AUTH_PLAIN_ENABLED },
{ ngx_string("apop"), NGX_IMAP_AUTH_APOP_ENABLED },
{ ngx_null_string, 0 }
};
static ngx_command_t ngx_imap_core_commands[] = { static ngx_command_t ngx_imap_core_commands[] = {
{ ngx_string("server"), { ngx_string("server"),
@ -103,6 +110,20 @@ static ngx_command_t ngx_imap_core_commands[] = {
offsetof(ngx_imap_core_srv_conf_t, imap_capabilities), offsetof(ngx_imap_core_srv_conf_t, imap_capabilities),
NULL }, NULL },
{ ngx_string("server_name"),
NGX_IMAP_MAIN_CONF|NGX_IMAP_SRV_CONF|NGX_CONF_TAKE1,
ngx_conf_set_str_slot,
NGX_IMAP_SRV_CONF_OFFSET,
offsetof(ngx_imap_core_srv_conf_t, server_name),
NULL },
{ ngx_string("auth"),
NGX_IMAP_MAIN_CONF|NGX_IMAP_SRV_CONF|NGX_CONF_1MORE,
ngx_conf_set_bitmask_slot,
NGX_IMAP_SRV_CONF_OFFSET,
offsetof(ngx_imap_core_srv_conf_t, auth_methods),
&ngx_imap_auth_methods },
ngx_null_command ngx_null_command
}; };
@ -210,6 +231,30 @@ ngx_imap_core_merge_srv_conf(ngx_conf_t *cf, void *parent, void *child)
ngx_conf_merge_value(conf->so_keepalive, prev->so_keepalive, 0); ngx_conf_merge_value(conf->so_keepalive, prev->so_keepalive, 0);
ngx_conf_merge_bitmask_value(conf->auth_methods, prev->auth_methods,
(NGX_CONF_BITMASK_SET|NGX_IMAP_AUTH_PLAIN_ENABLED));
ngx_conf_merge_str_value(conf->server_name, prev->server_name, "");
if (conf->server_name.len == 0) {
conf->server_name.data = ngx_palloc(cf->pool, NGX_MAXHOSTNAMELEN);
if (conf->server_name.data == NULL) {
return NGX_CONF_ERROR;
}
if (gethostname((char *) conf->server_name.data, NGX_MAXHOSTNAMELEN)
== -1)
{
ngx_conf_log_error(NGX_LOG_EMERG, cf, ngx_errno,
"gethostname() failed");
return NGX_CONF_ERROR;
}
conf->server_name.len = ngx_strlen(conf->server_name.data);
}
if (conf->pop3_capabilities.nelts == 0) { if (conf->pop3_capabilities.nelts == 0) {
conf->pop3_capabilities = prev->pop3_capabilities; conf->pop3_capabilities = prev->pop3_capabilities;
} }

82
src/imap/ngx_imap_handler.c
View File

@ -233,6 +233,7 @@ ngx_imap_ssl_handshake_handler(ngx_connection_t *c)
static void static void
ngx_imap_init_session(ngx_connection_t *c) ngx_imap_init_session(ngx_connection_t *c)
{ {
u_char *p;
ngx_imap_session_t *s; ngx_imap_session_t *s;
ngx_imap_core_srv_conf_t *cscf; ngx_imap_core_srv_conf_t *cscf;
@ -253,6 +254,35 @@ ngx_imap_init_session(ngx_connection_t *c)
s->out = greetings[s->protocol]; s->out = greetings[s->protocol];
if ((cscf->auth_methods & NGX_IMAP_AUTH_APOP_ENABLED)
&& s->protocol == NGX_IMAP_POP3_PROTOCOL)
{
s->salt.data = ngx_palloc(c->pool,
sizeof(" <18446744073709551616.@>" CRLF) - 1
+ NGX_TIME_T_LEN
+ cscf->server_name.len);
if (s->salt.data == NULL) {
ngx_imap_session_internal_server_error(s);
return;
}
s->salt.len = ngx_sprintf(s->salt.data, "<%ul.%T@%V>" CRLF,
ngx_random(), ngx_time(), &cscf->server_name)
- s->salt.data;
s->out.data = ngx_palloc(c->pool, greetings[0].len + 1 + s->salt.len);
if (s->out.data == NULL) {
ngx_imap_session_internal_server_error(s);
return;
}
p = ngx_cpymem(s->out.data, greetings[0].data, greetings[0].len - 2);
*p++ = ' ';
p = ngx_cpymem(p, s->salt.data, s->salt.len);
s->out.len = p - s->out.data;
}
ngx_add_timer(c->read, cscf->timeout); ngx_add_timer(c->read, cscf->timeout);
if (ngx_handle_read_event(c->read, 0) == NGX_ERROR) { if (ngx_handle_read_event(c->read, 0) == NGX_ERROR) {
@ -726,6 +756,56 @@ ngx_pop3_auth_state(ngx_event_t *rev)
text = cscf->pop3_capability.data; text = cscf->pop3_capability.data;
break; break;
case NGX_POP3_APOP:
cscf = ngx_imap_get_module_srv_conf(s, ngx_imap_core_module);
if ((cscf->auth_methods & NGX_IMAP_AUTH_APOP_ENABLED)
&& s->args.nelts == 2)
{
arg = s->args.elts;
s->login.len = arg[0].len;
s->login.data = ngx_palloc(c->pool, s->login.len);
if (s->login.data == NULL) {
ngx_imap_session_internal_server_error(s);
return;
}
ngx_memcpy(s->login.data, arg[0].data, s->login.len);
s->passwd.len = arg[1].len;
s->passwd.data = ngx_palloc(c->pool, s->passwd.len);
if (s->passwd.data == NULL) {
ngx_imap_session_internal_server_error(s);
return;
}
ngx_memcpy(s->passwd.data, arg[1].data, s->passwd.len);
ngx_log_debug2(NGX_LOG_DEBUG_IMAP, c->log, 0,
"pop3 apop: \"%V\" \"%V\"",
&s->login, &s->passwd);
s->auth_method = NGX_IMAP_AUTH_APOP;
s->args.nelts = 0;
s->buffer->pos = s->buffer->start;
s->buffer->last = s->buffer->start;
if (rev->timer_set) {
ngx_del_timer(rev);
}
ngx_imap_auth_http_init(s);
return;
} else {
rc = NGX_IMAP_PARSE_INVALID_COMMAND;
}
break;
case NGX_POP3_QUIT: case NGX_POP3_QUIT:
s->quit = 1; s->quit = 1;
break; break;
@ -763,8 +843,6 @@ ngx_pop3_auth_state(ngx_event_t *rev)
case NGX_POP3_PASS: case NGX_POP3_PASS:
if (s->args.nelts == 1) { if (s->args.nelts == 1) {
/* STUB */ s->imap_state = ngx_pop3_start;
arg = s->args.elts; arg = s->args.elts;
s->passwd.len = arg[0].len; s->passwd.len = arg[0].len;
s->passwd.data = ngx_palloc(c->pool, s->passwd.len); s->passwd.data = ngx_palloc(c->pool, s->passwd.len);

24
src/imap/ngx_imap_parse.c
View File

@ -429,6 +429,10 @@ ngx_int_t ngx_pop3_parse_command(ngx_imap_session_t *s)
{ {
s->command = NGX_POP3_PASS; s->command = NGX_POP3_PASS;
} else if (c0 == 'A' && c1 == 'P' && c2 == 'O' && c3 == 'P')
{
s->command = NGX_POP3_APOP;
} else if (c0 == 'Q' && c1 == 'U' && c2 == 'I' && c3 == 'T') } else if (c0 == 'Q' && c1 == 'U' && c2 == 'I' && c3 == 'T')
{ {
s->command = NGX_POP3_QUIT; s->command = NGX_POP3_QUIT;
@ -496,12 +500,20 @@ ngx_int_t ngx_pop3_parse_command(ngx_imap_session_t *s)
case sw_argument: case sw_argument:
switch (ch) { switch (ch) {
/* case ' ':
* the space should be considered part of the at username
* or password, but not of argument in other commands /*
* * the space should be considered as part of the at username
* case ' ': * or password, but not of argument in other commands
*/ */
if (s->command == NGX_POP3_USER
|| s->command == NGX_POP3_PASS)
{
break;
}
/* fall through */
case CR: case CR:
case LF: case LF:

2
src/os/unix/ngx_posix_init.c
View File

@ -61,6 +61,8 @@ ngx_os_init(ngx_log_t *log)
ngx_inherited_nonblocking = 0; ngx_inherited_nonblocking = 0;
#endif #endif
srandom(ngx_time());
return NGX_OK; return NGX_OK;
} }

3
src/os/win32/ngx_win32_config.h
View File

@ -171,4 +171,7 @@ typedef int sig_atomic_t;
#endif #endif
#define ngx_random rand
#endif /* _NGX_WIN32_CONFIG_H_INCLUDED_ */ #endif /* _NGX_WIN32_CONFIG_H_INCLUDED_ */