1
2/*
3 * Copyright (C) Igor Sysoev
4 * Copyright (C) Nginx, Inc.
5 */
6
7
8#include <ngx_config.h>
9#include <ngx_core.h>
10#include <ngx_event.h>
11#include <ngx_event_connect.h>
12#include <ngx_mail.h>
13
14
15typedef struct {
16    ngx_flag_t  enable;
17    ngx_flag_t  pass_error_message;
18    ngx_flag_t  xclient;
19    size_t      buffer_size;
20    ngx_msec_t  timeout;
21} ngx_mail_proxy_conf_t;
22
23
24static void ngx_mail_proxy_block_read(ngx_event_t *rev);
25static void ngx_mail_proxy_pop3_handler(ngx_event_t *rev);
26static void ngx_mail_proxy_imap_handler(ngx_event_t *rev);
27static void ngx_mail_proxy_smtp_handler(ngx_event_t *rev);
28static void ngx_mail_proxy_dummy_handler(ngx_event_t *ev);
29static ngx_int_t ngx_mail_proxy_read_response(ngx_mail_session_t *s,
30    ngx_uint_t state);
31static void ngx_mail_proxy_handler(ngx_event_t *ev);
32static void ngx_mail_proxy_upstream_error(ngx_mail_session_t *s);
33static void ngx_mail_proxy_internal_server_error(ngx_mail_session_t *s);
34static void ngx_mail_proxy_close_session(ngx_mail_session_t *s);
35static void *ngx_mail_proxy_create_conf(ngx_conf_t *cf);
36static char *ngx_mail_proxy_merge_conf(ngx_conf_t *cf, void *parent,
37    void *child);
38
39
40static ngx_command_t  ngx_mail_proxy_commands[] = {
41
42    { ngx_string("proxy"),
43      NGX_MAIL_MAIN_CONF|NGX_MAIL_SRV_CONF|NGX_CONF_FLAG,
44      ngx_conf_set_flag_slot,
45      NGX_MAIL_SRV_CONF_OFFSET,
46      offsetof(ngx_mail_proxy_conf_t, enable),
47      NULL },
48
49    { ngx_string("proxy_buffer"),
50      NGX_MAIL_MAIN_CONF|NGX_MAIL_SRV_CONF|NGX_CONF_TAKE1,
51      ngx_conf_set_size_slot,
52      NGX_MAIL_SRV_CONF_OFFSET,
53      offsetof(ngx_mail_proxy_conf_t, buffer_size),
54      NULL },
55
56    { ngx_string("proxy_timeout"),
57      NGX_MAIL_MAIN_CONF|NGX_MAIL_SRV_CONF|NGX_CONF_TAKE1,
58      ngx_conf_set_msec_slot,
59      NGX_MAIL_SRV_CONF_OFFSET,
60      offsetof(ngx_mail_proxy_conf_t, timeout),
61      NULL },
62
63    { ngx_string("proxy_pass_error_message"),
64      NGX_MAIL_MAIN_CONF|NGX_MAIL_SRV_CONF|NGX_CONF_FLAG,
65      ngx_conf_set_flag_slot,
66      NGX_MAIL_SRV_CONF_OFFSET,
67      offsetof(ngx_mail_proxy_conf_t, pass_error_message),
68      NULL },
69
70    { ngx_string("xclient"),
71      NGX_MAIL_MAIN_CONF|NGX_MAIL_SRV_CONF|NGX_CONF_FLAG,
72      ngx_conf_set_flag_slot,
73      NGX_MAIL_SRV_CONF_OFFSET,
74      offsetof(ngx_mail_proxy_conf_t, xclient),
75      NULL },
76
77      ngx_null_command
78};
79
80
81static ngx_mail_module_t  ngx_mail_proxy_module_ctx = {
82    NULL,                                  /* protocol */
83
84    NULL,                                  /* create main configuration */
85    NULL,                                  /* init main configuration */
86
87    ngx_mail_proxy_create_conf,            /* create server configuration */
88    ngx_mail_proxy_merge_conf              /* merge server configuration */
89};
90
91
92ngx_module_t  ngx_mail_proxy_module = {
93    NGX_MODULE_V1,
94    &ngx_mail_proxy_module_ctx,            /* module context */
95    ngx_mail_proxy_commands,               /* module directives */
96    NGX_MAIL_MODULE,                       /* module type */
97    NULL,                                  /* init master */
98    NULL,                                  /* init module */
99    NULL,                                  /* init process */
100    NULL,                                  /* init thread */
101    NULL,                                  /* exit thread */
102    NULL,                                  /* exit process */
103    NULL,                                  /* exit master */
104    NGX_MODULE_V1_PADDING
105};
106
107
108static u_char  smtp_auth_ok[] = "235 2.0.0 OK" CRLF;
109
110
111void
112ngx_mail_proxy_init(ngx_mail_session_t *s, ngx_addr_t *peer)
113{
114    ngx_int_t                  rc;
115    ngx_mail_proxy_ctx_t      *p;
116    ngx_mail_proxy_conf_t     *pcf;
117    ngx_mail_core_srv_conf_t  *cscf;
118
119    s->connection->log->action = "connecting to upstream";
120
121    cscf = ngx_mail_get_module_srv_conf(s, ngx_mail_core_module);
122
123    p = ngx_pcalloc(s->connection->pool, sizeof(ngx_mail_proxy_ctx_t));
124    if (p == NULL) {
125        ngx_mail_session_internal_server_error(s);
126        return;
127    }
128
129    s->proxy = p;
130
131    p->upstream.sockaddr = peer->sockaddr;
132    p->upstream.socklen = peer->socklen;
133    p->upstream.name = &peer->name;
134    p->upstream.get = ngx_event_get_peer;
135    p->upstream.log = s->connection->log;
136    p->upstream.log_error = NGX_ERROR_ERR;
137
138    rc = ngx_event_connect_peer(&p->upstream);
139
140    if (rc == NGX_ERROR || rc == NGX_BUSY || rc == NGX_DECLINED) {
141        ngx_mail_proxy_internal_server_error(s);
142        return;
143    }
144
145    ngx_add_timer(p->upstream.connection->read, cscf->timeout);
146
147    p->upstream.connection->data = s;
148    p->upstream.connection->pool = s->connection->pool;
149
150    s->connection->read->handler = ngx_mail_proxy_block_read;
151    p->upstream.connection->write->handler = ngx_mail_proxy_dummy_handler;
152
153    pcf = ngx_mail_get_module_srv_conf(s, ngx_mail_proxy_module);
154
155    s->proxy->buffer = ngx_create_temp_buf(s->connection->pool,
156                                           pcf->buffer_size);
157    if (s->proxy->buffer == NULL) {
158        ngx_mail_proxy_internal_server_error(s);
159        return;
160    }
161
162    s->out.len = 0;
163
164    switch (s->protocol) {
165
166    case NGX_MAIL_POP3_PROTOCOL:
167        p->upstream.connection->read->handler = ngx_mail_proxy_pop3_handler;
168        s->mail_state = ngx_pop3_start;
169        break;
170
171    case NGX_MAIL_IMAP_PROTOCOL:
172        p->upstream.connection->read->handler = ngx_mail_proxy_imap_handler;
173        s->mail_state = ngx_imap_start;
174        break;
175
176    default: /* NGX_MAIL_SMTP_PROTOCOL */
177        p->upstream.connection->read->handler = ngx_mail_proxy_smtp_handler;
178        s->mail_state = ngx_smtp_start;
179        break;
180    }
181}
182
183
184static void
185ngx_mail_proxy_block_read(ngx_event_t *rev)
186{
187    ngx_connection_t    *c;
188    ngx_mail_session_t  *s;
189
190    ngx_log_debug0(NGX_LOG_DEBUG_MAIL, rev->log, 0, "mail proxy block read");
191
192    if (ngx_handle_read_event(rev, 0) != NGX_OK) {
193        c = rev->data;
194        s = c->data;
195
196        ngx_mail_proxy_close_session(s);
197    }
198}
199
200
201static void
202ngx_mail_proxy_pop3_handler(ngx_event_t *rev)
203{
204    u_char                 *p;
205    ngx_int_t               rc;
206    ngx_str_t               line;
207    ngx_connection_t       *c;
208    ngx_mail_session_t     *s;
209    ngx_mail_proxy_conf_t  *pcf;
210
211    ngx_log_debug0(NGX_LOG_DEBUG_MAIL, rev->log, 0,
212                   "mail proxy pop3 auth handler");
213
214    c = rev->data;
215    s = c->data;
216
217    if (rev->timedout) {
218        ngx_log_error(NGX_LOG_INFO, c->log, NGX_ETIMEDOUT,
219                      "upstream timed out");
220        c->timedout = 1;
221        ngx_mail_proxy_internal_server_error(s);
222        return;
223    }
224
225    rc = ngx_mail_proxy_read_response(s, 0);
226
227    if (rc == NGX_AGAIN) {
228        return;
229    }
230
231    if (rc == NGX_ERROR) {
232        ngx_mail_proxy_upstream_error(s);
233        return;
234    }
235
236    switch (s->mail_state) {
237
238    case ngx_pop3_start:
239        ngx_log_debug0(NGX_LOG_DEBUG_MAIL, rev->log, 0, "mail proxy send user");
240
241        s->connection->log->action = "sending user name to upstream";
242
243        line.len = sizeof("USER ")  - 1 + s->login.len + 2;
244        line.data = ngx_pnalloc(c->pool, line.len);
245        if (line.data == NULL) {
246            ngx_mail_proxy_internal_server_error(s);
247            return;
248        }
249
250        p = ngx_cpymem(line.data, "USER ", sizeof("USER ") - 1);
251        p = ngx_cpymem(p, s->login.data, s->login.len);
252        *p++ = CR; *p = LF;
253
254        s->mail_state = ngx_pop3_user;
255        break;
256
257    case ngx_pop3_user:
258        ngx_log_debug0(NGX_LOG_DEBUG_MAIL, rev->log, 0, "mail proxy send pass");
259
260        s->connection->log->action = "sending password to upstream";
261
262        line.len = sizeof("PASS ")  - 1 + s->passwd.len + 2;
263        line.data = ngx_pnalloc(c->pool, line.len);
264        if (line.data == NULL) {
265            ngx_mail_proxy_internal_server_error(s);
266            return;
267        }
268
269        p = ngx_cpymem(line.data, "PASS ", sizeof("PASS ") - 1);
270        p = ngx_cpymem(p, s->passwd.data, s->passwd.len);
271        *p++ = CR; *p = LF;
272
273        s->mail_state = ngx_pop3_passwd;
274        break;
275
276    case ngx_pop3_passwd:
277        s->connection->read->handler = ngx_mail_proxy_handler;
278        s->connection->write->handler = ngx_mail_proxy_handler;
279        rev->handler = ngx_mail_proxy_handler;
280        c->write->handler = ngx_mail_proxy_handler;
281
282        pcf = ngx_mail_get_module_srv_conf(s, ngx_mail_proxy_module);
283        ngx_add_timer(s->connection->read, pcf->timeout);
284        ngx_del_timer(c->read);
285
286        c->log->action = NULL;
287        ngx_log_error(NGX_LOG_INFO, c->log, 0, "client logged in");
288
289        ngx_mail_proxy_handler(s->connection->write);
290
291        return;
292
293    default:
294#if (NGX_SUPPRESS_WARN)
295        ngx_str_null(&line);
296#endif
297        break;
298    }
299
300    if (c->send(c, line.data, line.len) < (ssize_t) line.len) {
301        /*
302         * we treat the incomplete sending as NGX_ERROR
303         * because it is very strange here
304         */
305        ngx_mail_proxy_internal_server_error(s);
306        return;
307    }
308
309    s->proxy->buffer->pos = s->proxy->buffer->start;
310    s->proxy->buffer->last = s->proxy->buffer->start;
311}
312
313
314static void
315ngx_mail_proxy_imap_handler(ngx_event_t *rev)
316{
317    u_char                 *p;
318    ngx_int_t               rc;
319    ngx_str_t               line;
320    ngx_connection_t       *c;
321    ngx_mail_session_t     *s;
322    ngx_mail_proxy_conf_t  *pcf;
323
324    ngx_log_debug0(NGX_LOG_DEBUG_MAIL, rev->log, 0,
325                   "mail proxy imap auth handler");
326
327    c = rev->data;
328    s = c->data;
329
330    if (rev->timedout) {
331        ngx_log_error(NGX_LOG_INFO, c->log, NGX_ETIMEDOUT,
332                      "upstream timed out");
333        c->timedout = 1;
334        ngx_mail_proxy_internal_server_error(s);
335        return;
336    }
337
338    rc = ngx_mail_proxy_read_response(s, s->mail_state);
339
340    if (rc == NGX_AGAIN) {
341        return;
342    }
343
344    if (rc == NGX_ERROR) {
345        ngx_mail_proxy_upstream_error(s);
346        return;
347    }
348
349    switch (s->mail_state) {
350
351    case ngx_imap_start:
352        ngx_log_debug0(NGX_LOG_DEBUG_MAIL, rev->log, 0,
353                       "mail proxy send login");
354
355        s->connection->log->action = "sending LOGIN command to upstream";
356
357        line.len = s->tag.len + sizeof("LOGIN ") - 1
358                   + 1 + NGX_SIZE_T_LEN + 1 + 2;
359        line.data = ngx_pnalloc(c->pool, line.len);
360        if (line.data == NULL) {
361            ngx_mail_proxy_internal_server_error(s);
362            return;
363        }
364
365        line.len = ngx_sprintf(line.data, "%VLOGIN {%uz}" CRLF,
366                               &s->tag, s->login.len)
367                   - line.data;
368
369        s->mail_state = ngx_imap_login;
370        break;
371
372    case ngx_imap_login:
373        ngx_log_debug0(NGX_LOG_DEBUG_MAIL, rev->log, 0, "mail proxy send user");
374
375        s->connection->log->action = "sending user name to upstream";
376
377        line.len = s->login.len + 1 + 1 + NGX_SIZE_T_LEN + 1 + 2;
378        line.data = ngx_pnalloc(c->pool, line.len);
379        if (line.data == NULL) {
380            ngx_mail_proxy_internal_server_error(s);
381            return;
382        }
383
384        line.len = ngx_sprintf(line.data, "%V {%uz}" CRLF,
385                               &s->login, s->passwd.len)
386                   - line.data;
387
388        s->mail_state = ngx_imap_user;
389        break;
390
391    case ngx_imap_user:
392        ngx_log_debug0(NGX_LOG_DEBUG_MAIL, rev->log, 0,
393                       "mail proxy send passwd");
394
395        s->connection->log->action = "sending password to upstream";
396
397        line.len = s->passwd.len + 2;
398        line.data = ngx_pnalloc(c->pool, line.len);
399        if (line.data == NULL) {
400            ngx_mail_proxy_internal_server_error(s);
401            return;
402        }
403
404        p = ngx_cpymem(line.data, s->passwd.data, s->passwd.len);
405        *p++ = CR; *p = LF;
406
407        s->mail_state = ngx_imap_passwd;
408        break;
409
410    case ngx_imap_passwd:
411        s->connection->read->handler = ngx_mail_proxy_handler;
412        s->connection->write->handler = ngx_mail_proxy_handler;
413        rev->handler = ngx_mail_proxy_handler;
414        c->write->handler = ngx_mail_proxy_handler;
415
416        pcf = ngx_mail_get_module_srv_conf(s, ngx_mail_proxy_module);
417        ngx_add_timer(s->connection->read, pcf->timeout);
418        ngx_del_timer(c->read);
419
420        c->log->action = NULL;
421        ngx_log_error(NGX_LOG_INFO, c->log, 0, "client logged in");
422
423        ngx_mail_proxy_handler(s->connection->write);
424
425        return;
426
427    default:
428#if (NGX_SUPPRESS_WARN)
429        ngx_str_null(&line);
430#endif
431        break;
432    }
433
434    if (c->send(c, line.data, line.len) < (ssize_t) line.len) {
435        /*
436         * we treat the incomplete sending as NGX_ERROR
437         * because it is very strange here
438         */
439        ngx_mail_proxy_internal_server_error(s);
440        return;
441    }
442
443    s->proxy->buffer->pos = s->proxy->buffer->start;
444    s->proxy->buffer->last = s->proxy->buffer->start;
445}
446
447
448static void
449ngx_mail_proxy_smtp_handler(ngx_event_t *rev)
450{
451    u_char                    *p;
452    ngx_int_t                  rc;
453    ngx_str_t                  line;
454    ngx_buf_t                 *b;
455    ngx_connection_t          *c;
456    ngx_mail_session_t        *s;
457    ngx_mail_proxy_conf_t     *pcf;
458    ngx_mail_core_srv_conf_t  *cscf;
459
460    ngx_log_debug0(NGX_LOG_DEBUG_MAIL, rev->log, 0,
461                   "mail proxy smtp auth handler");
462
463    c = rev->data;
464    s = c->data;
465
466    if (rev->timedout) {
467        ngx_log_error(NGX_LOG_INFO, c->log, NGX_ETIMEDOUT,
468                      "upstream timed out");
469        c->timedout = 1;
470        ngx_mail_proxy_internal_server_error(s);
471        return;
472    }
473
474    rc = ngx_mail_proxy_read_response(s, s->mail_state);
475
476    if (rc == NGX_AGAIN) {
477        return;
478    }
479
480    if (rc == NGX_ERROR) {
481        ngx_mail_proxy_upstream_error(s);
482        return;
483    }
484
485    switch (s->mail_state) {
486
487    case ngx_smtp_start:
488        ngx_log_debug0(NGX_LOG_DEBUG_MAIL, rev->log, 0, "mail proxy send ehlo");
489
490        s->connection->log->action = "sending HELO/EHLO to upstream";
491
492        cscf = ngx_mail_get_module_srv_conf(s, ngx_mail_core_module);
493
494        line.len = sizeof("HELO ")  - 1 + cscf->server_name.len + 2;
495        line.data = ngx_pnalloc(c->pool, line.len);
496        if (line.data == NULL) {
497            ngx_mail_proxy_internal_server_error(s);
498            return;
499        }
500
501        pcf = ngx_mail_get_module_srv_conf(s, ngx_mail_proxy_module);
502
503        p = ngx_cpymem(line.data,
504                       ((s->esmtp || pcf->xclient) ? "EHLO " : "HELO "),
505                       sizeof("HELO ") - 1);
506
507        p = ngx_cpymem(p, cscf->server_name.data, cscf->server_name.len);
508        *p++ = CR; *p = LF;
509
510        if (pcf->xclient) {
511            s->mail_state = ngx_smtp_helo_xclient;
512
513        } else if (s->auth_method == NGX_MAIL_AUTH_NONE) {
514            s->mail_state = ngx_smtp_helo_from;
515
516        } else {
517            s->mail_state = ngx_smtp_helo;
518        }
519
520        break;
521
522    case ngx_smtp_helo_xclient:
523        ngx_log_debug0(NGX_LOG_DEBUG_MAIL, rev->log, 0,
524                       "mail proxy send xclient");
525
526        s->connection->log->action = "sending XCLIENT to upstream";
527
528        line.len = sizeof("XCLIENT ADDR= LOGIN= NAME="
529                          CRLF) - 1
530                   + s->connection->addr_text.len + s->login.len + s->host.len;
531
532#if (NGX_HAVE_INET6)
533        if (s->connection->sockaddr->sa_family == AF_INET6) {
534            line.len += sizeof("IPV6:") - 1;
535        }
536#endif
537
538        line.data = ngx_pnalloc(c->pool, line.len);
539        if (line.data == NULL) {
540            ngx_mail_proxy_internal_server_error(s);
541            return;
542        }
543
544        p = ngx_cpymem(line.data, "XCLIENT ADDR=", sizeof("XCLIENT ADDR=") - 1);
545
546#if (NGX_HAVE_INET6)
547        if (s->connection->sockaddr->sa_family == AF_INET6) {
548            p = ngx_cpymem(p, "IPV6:", sizeof("IPV6:") - 1);
549        }
550#endif
551
552        p = ngx_copy(p, s->connection->addr_text.data,
553                     s->connection->addr_text.len);
554
555        if (s->login.len) {
556            p = ngx_cpymem(p, " LOGIN=", sizeof(" LOGIN=") - 1);
557            p = ngx_copy(p, s->login.data, s->login.len);
558        }
559
560        p = ngx_cpymem(p, " NAME=", sizeof(" NAME=") - 1);
561        p = ngx_copy(p, s->host.data, s->host.len);
562
563        *p++ = CR; *p++ = LF;
564
565        line.len = p - line.data;
566
567        if (s->smtp_helo.len) {
568            s->mail_state = ngx_smtp_xclient_helo;
569
570        } else if (s->auth_method == NGX_MAIL_AUTH_NONE) {
571            s->mail_state = ngx_smtp_xclient_from;
572
573        } else {
574            s->mail_state = ngx_smtp_xclient;
575        }
576
577        break;
578
579    case ngx_smtp_xclient_helo:
580        ngx_log_debug0(NGX_LOG_DEBUG_MAIL, rev->log, 0,
581                       "mail proxy send client ehlo");
582
583        s->connection->log->action = "sending client HELO/EHLO to upstream";
584
585        line.len = sizeof("HELO " CRLF) - 1 + s->smtp_helo.len;
586
587        line.data = ngx_pnalloc(c->pool, line.len);
588        if (line.data == NULL) {
589            ngx_mail_proxy_internal_server_error(s);
590            return;
591        }
592
593        line.len = ngx_sprintf(line.data,
594                       ((s->esmtp) ? "EHLO %V" CRLF : "HELO %V" CRLF),
595                       &s->smtp_helo)
596                   - line.data;
597
598        s->mail_state = (s->auth_method == NGX_MAIL_AUTH_NONE) ?
599                            ngx_smtp_helo_from : ngx_smtp_helo;
600
601        break;
602
603    case ngx_smtp_helo_from:
604    case ngx_smtp_xclient_from:
605        ngx_log_debug0(NGX_LOG_DEBUG_MAIL, rev->log, 0,
606                       "mail proxy send mail from");
607
608        s->connection->log->action = "sending MAIL FROM to upstream";
609
610        line.len = s->smtp_from.len + sizeof(CRLF) - 1;
611        line.data = ngx_pnalloc(c->pool, line.len);
612        if (line.data == NULL) {
613            ngx_mail_proxy_internal_server_error(s);
614            return;
615        }
616
617        p = ngx_cpymem(line.data, s->smtp_from.data, s->smtp_from.len);
618        *p++ = CR; *p = LF;
619
620        s->mail_state = ngx_smtp_from;
621
622        break;
623
624    case ngx_smtp_from:
625        ngx_log_debug0(NGX_LOG_DEBUG_MAIL, rev->log, 0,
626                       "mail proxy send rcpt to");
627
628        s->connection->log->action = "sending RCPT TO to upstream";
629
630        line.len = s->smtp_to.len + sizeof(CRLF) - 1;
631        line.data = ngx_pnalloc(c->pool, line.len);
632        if (line.data == NULL) {
633            ngx_mail_proxy_internal_server_error(s);
634            return;
635        }
636
637        p = ngx_cpymem(line.data, s->smtp_to.data, s->smtp_to.len);
638        *p++ = CR; *p = LF;
639
640        s->mail_state = ngx_smtp_to;
641
642        break;
643
644    case ngx_smtp_helo:
645    case ngx_smtp_xclient:
646    case ngx_smtp_to:
647
648        b = s->proxy->buffer;
649
650        if (s->auth_method == NGX_MAIL_AUTH_NONE) {
651            b->pos = b->start;
652
653        } else {
654            ngx_memcpy(b->start, smtp_auth_ok, sizeof(smtp_auth_ok) - 1);
655            b->last = b->start + sizeof(smtp_auth_ok) - 1;
656        }
657
658        s->connection->read->handler = ngx_mail_proxy_handler;
659        s->connection->write->handler = ngx_mail_proxy_handler;
660        rev->handler = ngx_mail_proxy_handler;
661        c->write->handler = ngx_mail_proxy_handler;
662
663        pcf = ngx_mail_get_module_srv_conf(s, ngx_mail_proxy_module);
664        ngx_add_timer(s->connection->read, pcf->timeout);
665        ngx_del_timer(c->read);
666
667        c->log->action = NULL;
668        ngx_log_error(NGX_LOG_INFO, c->log, 0, "client logged in");
669
670        if (s->buffer->pos == s->buffer->last) {
671            ngx_mail_proxy_handler(s->connection->write);
672
673        } else {
674            ngx_mail_proxy_handler(c->write);
675        }
676
677        return;
678
679    default:
680#if (NGX_SUPPRESS_WARN)
681        ngx_str_null(&line);
682#endif
683        break;
684    }
685
686    if (c->send(c, line.data, line.len) < (ssize_t) line.len) {
687        /*
688         * we treat the incomplete sending as NGX_ERROR
689         * because it is very strange here
690         */
691        ngx_mail_proxy_internal_server_error(s);
692        return;
693    }
694
695    s->proxy->buffer->pos = s->proxy->buffer->start;
696    s->proxy->buffer->last = s->proxy->buffer->start;
697}
698
699
700static void
701ngx_mail_proxy_dummy_handler(ngx_event_t *wev)
702{
703    ngx_connection_t    *c;
704    ngx_mail_session_t  *s;
705
706    ngx_log_debug0(NGX_LOG_DEBUG_MAIL, wev->log, 0, "mail proxy dummy handler");
707
708    if (ngx_handle_write_event(wev, 0) != NGX_OK) {
709        c = wev->data;
710        s = c->data;
711
712        ngx_mail_proxy_close_session(s);
713    }
714}
715
716
717static ngx_int_t
718ngx_mail_proxy_read_response(ngx_mail_session_t *s, ngx_uint_t state)
719{
720    u_char                 *p, *m;
721    ssize_t                 n;
722    ngx_buf_t              *b;
723    ngx_mail_proxy_conf_t  *pcf;
724
725    s->connection->log->action = "reading response from upstream";
726
727    b = s->proxy->buffer;
728
729    n = s->proxy->upstream.connection->recv(s->proxy->upstream.connection,
730                                            b->last, b->end - b->last);
731
732    if (n == NGX_ERROR || n == 0) {
733        return NGX_ERROR;
734    }
735
736    if (n == NGX_AGAIN) {
737        return NGX_AGAIN;
738    }
739
740    b->last += n;
741
742    if (b->last - b->pos < 4) {
743        return NGX_AGAIN;
744    }
745
746    if (*(b->last - 2) != CR || *(b->last - 1) != LF) {
747        if (b->last == b->end) {
748            *(b->last - 1) = '\0';
749            ngx_log_error(NGX_LOG_ERR, s->connection->log, 0,
750                          "upstream sent too long response line: \"%s\"",
751                          b->pos);
752            return NGX_ERROR;
753        }
754
755        return NGX_AGAIN;
756    }
757
758    p = b->pos;
759
760    switch (s->protocol) {
761
762    case NGX_MAIL_POP3_PROTOCOL:
763        if (p[0] == '+' && p[1] == 'O' && p[2] == 'K') {
764            return NGX_OK;
765        }
766        break;
767
768    case NGX_MAIL_IMAP_PROTOCOL:
769        switch (state) {
770
771        case ngx_imap_start:
772            if (p[0] == '*' && p[1] == ' ' && p[2] == 'O' && p[3] == 'K') {
773                return NGX_OK;
774            }
775            break;
776
777        case ngx_imap_login:
778        case ngx_imap_user:
779            if (p[0] == '+') {
780                return NGX_OK;
781            }
782            break;
783
784        case ngx_imap_passwd:
785            if (ngx_strncmp(p, s->tag.data, s->tag.len) == 0) {
786                p += s->tag.len;
787                if (p[0] == 'O' && p[1] == 'K') {
788                    return NGX_OK;
789                }
790            }
791            break;
792        }
793
794        break;
795
796    default: /* NGX_MAIL_SMTP_PROTOCOL */
797
798        if (p[3] == '-') {
799            /* multiline reply, check if we got last line */
800
801            m = b->last - (sizeof(CRLF "200" CRLF) - 1);
802
803            while (m > p) {
804                if (m[0] == CR && m[1] == LF) {
805                    break;
806                }
807
808                m--;
809            }
810
811            if (m <= p || m[5] == '-') {
812                return NGX_AGAIN;
813            }
814        }
815
816        switch (state) {
817
818        case ngx_smtp_start:
819            if (p[0] == '2' && p[1] == '2' && p[2] == '0') {
820                return NGX_OK;
821            }
822            break;
823
824        case ngx_smtp_helo:
825        case ngx_smtp_helo_xclient:
826        case ngx_smtp_helo_from:
827        case ngx_smtp_from:
828            if (p[0] == '2' && p[1] == '5' && p[2] == '0') {
829                return NGX_OK;
830            }
831            break;
832
833        case ngx_smtp_xclient:
834        case ngx_smtp_xclient_from:
835        case ngx_smtp_xclient_helo:
836            if (p[0] == '2' && (p[1] == '2' || p[1] == '5') && p[2] == '0') {
837                return NGX_OK;
838            }
839            break;
840
841        case ngx_smtp_to:
842            return NGX_OK;
843        }
844
845        break;
846    }
847
848    pcf = ngx_mail_get_module_srv_conf(s, ngx_mail_proxy_module);
849
850    if (pcf->pass_error_message == 0) {
851        *(b->last - 2) = '\0';
852        ngx_log_error(NGX_LOG_ERR, s->connection->log, 0,
853                      "upstream sent invalid response: \"%s\"", p);
854        return NGX_ERROR;
855    }
856
857    s->out.len = b->last - p - 2;
858    s->out.data = p;
859
860    ngx_log_error(NGX_LOG_INFO, s->connection->log, 0,
861                  "upstream sent invalid response: \"%V\"", &s->out);
862
863    s->out.len = b->last - b->pos;
864    s->out.data = b->pos;
865
866    return NGX_ERROR;
867}
868
869
870static void
871ngx_mail_proxy_handler(ngx_event_t *ev)
872{
873    char                   *action, *recv_action, *send_action;
874    size_t                  size;
875    ssize_t                 n;
876    ngx_buf_t              *b;
877    ngx_uint_t              do_write;
878    ngx_connection_t       *c, *src, *dst;
879    ngx_mail_session_t     *s;
880    ngx_mail_proxy_conf_t  *pcf;
881
882    c = ev->data;
883    s = c->data;
884
885    if (ev->timedout) {
886        c->log->action = "proxying";
887
888        if (c == s->connection) {
889            ngx_log_error(NGX_LOG_INFO, c->log, NGX_ETIMEDOUT,
890                          "client timed out");
891            c->timedout = 1;
892
893        } else {
894            ngx_log_error(NGX_LOG_INFO, c->log, NGX_ETIMEDOUT,
895                          "upstream timed out");
896        }
897
898        ngx_mail_proxy_close_session(s);
899        return;
900    }
901
902    if (c == s->connection) {
903        if (ev->write) {
904            recv_action = "proxying and reading from upstream";
905            send_action = "proxying and sending to client";
906            src = s->proxy->upstream.connection;
907            dst = c;
908            b = s->proxy->buffer;
909
910        } else {
911            recv_action = "proxying and reading from client";
912            send_action = "proxying and sending to upstream";
913            src = c;
914            dst = s->proxy->upstream.connection;
915            b = s->buffer;
916        }
917
918    } else {
919        if (ev->write) {
920            recv_action = "proxying and reading from client";
921            send_action = "proxying and sending to upstream";
922            src = s->connection;
923            dst = c;
924            b = s->buffer;
925
926        } else {
927            recv_action = "proxying and reading from upstream";
928            send_action = "proxying and sending to client";
929            src = c;
930            dst = s->connection;
931            b = s->proxy->buffer;
932        }
933    }
934
935    do_write = ev->write ? 1 : 0;
936
937    ngx_log_debug3(NGX_LOG_DEBUG_MAIL, ev->log, 0,
938                   "mail proxy handler: %ui, #%d > #%d",
939                   do_write, src->fd, dst->fd);
940
941    for ( ;; ) {
942
943        if (do_write) {
944
945            size = b->last - b->pos;
946
947            if (size && dst->write->ready) {
948                c->log->action = send_action;
949
950                n = dst->send(dst, b->pos, size);
951
952                if (n == NGX_ERROR) {
953                    ngx_mail_proxy_close_session(s);
954                    return;
955                }
956
957                if (n > 0) {
958                    b->pos += n;
959
960                    if (b->pos == b->last) {
961                        b->pos = b->start;
962                        b->last = b->start;
963                    }
964                }
965            }
966        }
967
968        size = b->end - b->last;
969
970        if (size && src->read->ready) {
971            c->log->action = recv_action;
972
973            n = src->recv(src, b->last, size);
974
975            if (n == NGX_AGAIN || n == 0) {
976                break;
977            }
978
979            if (n > 0) {
980                do_write = 1;
981                b->last += n;
982
983                continue;
984            }
985
986            if (n == NGX_ERROR) {
987                src->read->eof = 1;
988            }
989        }
990
991        break;
992    }
993
994    c->log->action = "proxying";
995
996    if ((s->connection->read->eof && s->buffer->pos == s->buffer->last)
997        || (s->proxy->upstream.connection->read->eof
998            && s->proxy->buffer->pos == s->proxy->buffer->last)
999        || (s->connection->read->eof
1000            && s->proxy->upstream.connection->read->eof))
1001    {
1002        action = c->log->action;
1003        c->log->action = NULL;
1004        ngx_log_error(NGX_LOG_INFO, c->log, 0, "proxied session done");
1005        c->log->action = action;
1006
1007        ngx_mail_proxy_close_session(s);
1008        return;
1009    }
1010
1011    if (ngx_handle_write_event(dst->write, 0) != NGX_OK) {
1012        ngx_mail_proxy_close_session(s);
1013        return;
1014    }
1015
1016    if (ngx_handle_read_event(dst->read, 0) != NGX_OK) {
1017        ngx_mail_proxy_close_session(s);
1018        return;
1019    }
1020
1021    if (ngx_handle_write_event(src->write, 0) != NGX_OK) {
1022        ngx_mail_proxy_close_session(s);
1023        return;
1024    }
1025
1026    if (ngx_handle_read_event(src->read, 0) != NGX_OK) {
1027        ngx_mail_proxy_close_session(s);
1028        return;
1029    }
1030
1031    if (c == s->connection) {
1032        pcf = ngx_mail_get_module_srv_conf(s, ngx_mail_proxy_module);
1033        ngx_add_timer(c->read, pcf->timeout);
1034    }
1035}
1036
1037
1038static void
1039ngx_mail_proxy_upstream_error(ngx_mail_session_t *s)
1040{
1041    if (s->proxy->upstream.connection) {
1042        ngx_log_debug1(NGX_LOG_DEBUG_MAIL, s->connection->log, 0,
1043                       "close mail proxy connection: %d",
1044                       s->proxy->upstream.connection->fd);
1045
1046        ngx_close_connection(s->proxy->upstream.connection);
1047    }
1048
1049    if (s->out.len == 0) {
1050        ngx_mail_session_internal_server_error(s);
1051        return;
1052    }
1053
1054    s->quit = 1;
1055    ngx_mail_send(s->connection->write);
1056}
1057
1058
1059static void
1060ngx_mail_proxy_internal_server_error(ngx_mail_session_t *s)
1061{
1062    if (s->proxy->upstream.connection) {
1063        ngx_log_debug1(NGX_LOG_DEBUG_MAIL, s->connection->log, 0,
1064                       "close mail proxy connection: %d",
1065                       s->proxy->upstream.connection->fd);
1066
1067        ngx_close_connection(s->proxy->upstream.connection);
1068    }
1069
1070    ngx_mail_session_internal_server_error(s);
1071}
1072
1073
1074static void
1075ngx_mail_proxy_close_session(ngx_mail_session_t *s)
1076{
1077    if (s->proxy->upstream.connection) {
1078        ngx_log_debug1(NGX_LOG_DEBUG_MAIL, s->connection->log, 0,
1079                       "close mail proxy connection: %d",
1080                       s->proxy->upstream.connection->fd);
1081
1082        ngx_close_connection(s->proxy->upstream.connection);
1083    }
1084
1085    ngx_mail_close_connection(s->connection);
1086}
1087
1088
1089static void *
1090ngx_mail_proxy_create_conf(ngx_conf_t *cf)
1091{
1092    ngx_mail_proxy_conf_t  *pcf;
1093
1094    pcf = ngx_pcalloc(cf->pool, sizeof(ngx_mail_proxy_conf_t));
1095    if (pcf == NULL) {
1096        return NULL;
1097    }
1098
1099    pcf->enable = NGX_CONF_UNSET;
1100    pcf->pass_error_message = NGX_CONF_UNSET;
1101    pcf->xclient = NGX_CONF_UNSET;
1102    pcf->buffer_size = NGX_CONF_UNSET_SIZE;
1103    pcf->timeout = NGX_CONF_UNSET_MSEC;
1104
1105    return pcf;
1106}
1107
1108
1109static char *
1110ngx_mail_proxy_merge_conf(ngx_conf_t *cf, void *parent, void *child)
1111{
1112    ngx_mail_proxy_conf_t *prev = parent;
1113    ngx_mail_proxy_conf_t *conf = child;
1114
1115    ngx_conf_merge_value(conf->enable, prev->enable, 0);
1116    ngx_conf_merge_value(conf->pass_error_message, prev->pass_error_message, 0);
1117    ngx_conf_merge_value(conf->xclient, prev->xclient, 1);
1118    ngx_conf_merge_size_value(conf->buffer_size, prev->buffer_size,
1119                              (size_t) ngx_pagesize);
1120    ngx_conf_merge_msec_value(conf->timeout, prev->timeout, 24 * 60 * 60000);
1121
1122    return NGX_CONF_OK;
1123}
1124