From cd3dc0498991f2f75670ea29e99b188d2430d554 Mon Sep 17 00:00:00 2001 From: zouzehua Date: Fri, 26 Nov 2021 15:50:13 +0800 Subject: [PATCH 1/3] =?UTF-8?q?=E4=BF=AE=E5=A4=8Dsmtp=E6=8F=90=E4=BA=A4?= =?UTF-8?q?=E9=82=AE=E4=BB=B6=E5=87=BA=E7=8E=B0client=20was=20rejected?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../src/mail/ngx_mail_smtp_handler.c | 444 ++++++++++-------- 1 file changed, 245 insertions(+), 199 deletions(-) diff --git a/openresty-1.15.8.1/bundle/nginx-1.15.8/src/mail/ngx_mail_smtp_handler.c b/openresty-1.15.8.1/bundle/nginx-1.15.8/src/mail/ngx_mail_smtp_handler.c index d3c16ac..122be24 100644 --- a/openresty-1.15.8.1/bundle/nginx-1.15.8/src/mail/ngx_mail_smtp_handler.c +++ b/openresty-1.15.8.1/bundle/nginx-1.15.8/src/mail/ngx_mail_smtp_handler.c @@ -4,70 +4,66 @@ * Copyright (C) Nginx, Inc. */ - #include #include #include #include #include - static void ngx_mail_smtp_resolve_addr_handler(ngx_resolver_ctx_t *ctx); static void ngx_mail_smtp_resolve_name(ngx_event_t *rev); static void ngx_mail_smtp_resolve_name_handler(ngx_resolver_ctx_t *ctx); static void ngx_mail_smtp_greeting(ngx_mail_session_t *s, ngx_connection_t *c); static void ngx_mail_smtp_invalid_pipelining(ngx_event_t *rev); static ngx_int_t ngx_mail_smtp_create_buffer(ngx_mail_session_t *s, - ngx_connection_t *c); + ngx_connection_t *c); static ngx_int_t ngx_mail_smtp_helo(ngx_mail_session_t *s, ngx_connection_t *c); static ngx_int_t ngx_mail_smtp_auth(ngx_mail_session_t *s, ngx_connection_t *c); static ngx_int_t ngx_mail_smtp_mail(ngx_mail_session_t *s, ngx_connection_t *c); static ngx_int_t ngx_mail_smtp_starttls(ngx_mail_session_t *s, - ngx_connection_t *c); + ngx_connection_t *c); static ngx_int_t ngx_mail_smtp_rset(ngx_mail_session_t *s, ngx_connection_t *c); static ngx_int_t ngx_mail_smtp_rcpt(ngx_mail_session_t *s, ngx_connection_t *c); static ngx_int_t ngx_mail_smtp_discard_command(ngx_mail_session_t *s, - ngx_connection_t *c, char *err); + ngx_connection_t *c, char *err); static void ngx_mail_smtp_log_rejected_command(ngx_mail_session_t *s, - ngx_connection_t *c, char *err); - - -static u_char smtp_ok[] = "250 2.0.0 OK" CRLF; -static u_char smtp_bye[] = "221 2.0.0 Bye" CRLF; -static u_char smtp_starttls[] = "220 2.0.0 Start TLS" CRLF; -static u_char smtp_next[] = "334 " CRLF; -static u_char smtp_username[] = "334 VXNlcm5hbWU6" CRLF; -static u_char smtp_password[] = "334 UGFzc3dvcmQ6" CRLF; -static u_char smtp_invalid_command[] = "500 5.5.1 Invalid command" CRLF; -static u_char smtp_invalid_pipelining[] = + ngx_connection_t *c, char *err); + +static u_char smtp_ok[] = "250 2.0.0 OK" CRLF; +static u_char smtp_bye[] = "221 2.0.0 Bye" CRLF; +static u_char smtp_starttls[] = "220 2.0.0 Start TLS" CRLF; +static u_char smtp_next[] = "334 " CRLF; +static u_char smtp_username[] = "334 VXNlcm5hbWU6" CRLF; +static u_char smtp_password[] = "334 UGFzc3dvcmQ6" CRLF; +static u_char smtp_invalid_command[] = "500 5.5.1 Invalid command" CRLF; +static u_char smtp_invalid_pipelining[] = "503 5.5.0 Improper use of SMTP command pipelining" CRLF; -static u_char smtp_invalid_argument[] = "501 5.5.4 Invalid argument" CRLF; -static u_char smtp_auth_required[] = "530 5.7.1 Authentication required" CRLF; -static u_char smtp_bad_sequence[] = "503 5.5.1 Bad sequence of commands" CRLF; - +static u_char smtp_invalid_argument[] = "501 5.5.4 Invalid argument" CRLF; +static u_char smtp_auth_required[] = "530 5.7.1 Authentication required" CRLF; +static u_char smtp_bad_sequence[] = "503 5.5.1 Bad sequence of commands" CRLF; -static ngx_str_t smtp_unavailable = ngx_string("[UNAVAILABLE]"); -static ngx_str_t smtp_tempunavail = ngx_string("[TEMPUNAVAIL]"); +static ngx_str_t smtp_unavailable = ngx_string("[UNAVAILABLE]"); +static ngx_str_t smtp_tempunavail = ngx_string("[TEMPUNAVAIL]"); - -void -ngx_mail_smtp_init_session(ngx_mail_session_t *s, ngx_connection_t *c) +void ngx_mail_smtp_init_session(ngx_mail_session_t *s, ngx_connection_t *c) { - ngx_resolver_ctx_t *ctx; - ngx_mail_core_srv_conf_t *cscf; + ngx_resolver_ctx_t *ctx; + ngx_mail_core_srv_conf_t *cscf; cscf = ngx_mail_get_module_srv_conf(s, ngx_mail_core_module); - if (cscf->resolver == NULL) { + if (cscf->resolver == NULL) + { s->host = smtp_unavailable; ngx_mail_smtp_greeting(s, c); return; } #if (NGX_HAVE_UNIX_DOMAIN) - if (c->sockaddr->sa_family == AF_UNIX) { + if (c->sockaddr->sa_family == AF_UNIX) + { s->host = smtp_tempunavail; ngx_mail_smtp_greeting(s, c); return; @@ -77,7 +73,8 @@ ngx_mail_smtp_init_session(ngx_mail_session_t *s, ngx_connection_t *c) c->log->action = "in resolving client address"; ctx = ngx_resolve_start(cscf->resolver, NULL); - if (ctx == NULL) { + if (ctx == NULL) + { ngx_mail_close_connection(c); return; } @@ -88,31 +85,34 @@ ngx_mail_smtp_init_session(ngx_mail_session_t *s, ngx_connection_t *c) ctx->data = s; ctx->timeout = cscf->resolver_timeout; - if (ngx_resolve_addr(ctx) != NGX_OK) { + if (ngx_resolve_addr(ctx) != NGX_OK) + { ngx_mail_close_connection(c); } } - static void ngx_mail_smtp_resolve_addr_handler(ngx_resolver_ctx_t *ctx) { - ngx_connection_t *c; - ngx_mail_session_t *s; + ngx_connection_t *c; + ngx_mail_session_t *s; s = ctx->data; c = s->connection; - if (ctx->state) { + if (ctx->state) + { ngx_log_error(NGX_LOG_ERR, c->log, 0, "%V could not be resolved (%i: %s)", &c->addr_text, ctx->state, ngx_resolver_strerror(ctx->state)); - if (ctx->state == NGX_RESOLVE_NXDOMAIN) { + if (ctx->state == NGX_RESOLVE_NXDOMAIN) + { s->host = smtp_unavailable; - - } else { + } + else + { s->host = smtp_tempunavail; } @@ -126,7 +126,8 @@ ngx_mail_smtp_resolve_addr_handler(ngx_resolver_ctx_t *ctx) c->log->action = "in resolving client hostname"; s->host.data = ngx_pstrdup(c->pool, &ctx->name); - if (s->host.data == NULL) { + if (s->host.data == NULL) + { ngx_resolve_addr_done(ctx); ngx_mail_close_connection(c); return; @@ -144,14 +145,13 @@ ngx_mail_smtp_resolve_addr_handler(ngx_resolver_ctx_t *ctx) ngx_post_event(c->read, &ngx_posted_events); } - static void ngx_mail_smtp_resolve_name(ngx_event_t *rev) { - ngx_connection_t *c; - ngx_mail_session_t *s; - ngx_resolver_ctx_t *ctx; - ngx_mail_core_srv_conf_t *cscf; + ngx_connection_t *c; + ngx_mail_session_t *s; + ngx_resolver_ctx_t *ctx; + ngx_mail_core_srv_conf_t *cscf; c = rev->data; s = c->data; @@ -159,7 +159,8 @@ ngx_mail_smtp_resolve_name(ngx_event_t *rev) cscf = ngx_mail_get_module_srv_conf(s, ngx_mail_core_module); ctx = ngx_resolve_start(cscf->resolver, NULL); - if (ctx == NULL) { + if (ctx == NULL) + { ngx_mail_close_connection(c); return; } @@ -169,59 +170,64 @@ ngx_mail_smtp_resolve_name(ngx_event_t *rev) ctx->data = s; ctx->timeout = cscf->resolver_timeout; - if (ngx_resolve_name(ctx) != NGX_OK) { + if (ngx_resolve_name(ctx) != NGX_OK) + { ngx_mail_close_connection(c); } } - static void ngx_mail_smtp_resolve_name_handler(ngx_resolver_ctx_t *ctx) { - ngx_uint_t i; - ngx_connection_t *c; - ngx_mail_session_t *s; + ngx_uint_t i; + ngx_connection_t *c; + ngx_mail_session_t *s; s = ctx->data; c = s->connection; - if (ctx->state) { + if (ctx->state) + { ngx_log_error(NGX_LOG_ERR, c->log, 0, "\"%V\" could not be resolved (%i: %s)", &ctx->name, ctx->state, ngx_resolver_strerror(ctx->state)); - if (ctx->state == NGX_RESOLVE_NXDOMAIN) { + if (ctx->state == NGX_RESOLVE_NXDOMAIN) + { s->host = smtp_unavailable; - - } else { + } + else + { s->host = smtp_tempunavail; } - - } else { + } + else + { #if (NGX_DEBUG) { - u_char text[NGX_SOCKADDR_STRLEN]; - ngx_str_t addr; + u_char text[NGX_SOCKADDR_STRLEN]; + ngx_str_t addr; - addr.data = text; + addr.data = text; - for (i = 0; i < ctx->naddrs; i++) { - addr.len = ngx_sock_ntop(ctx->addrs[i].sockaddr, - ctx->addrs[i].socklen, - text, NGX_SOCKADDR_STRLEN, 0); + for (i = 0; i < ctx->naddrs; i++) + { + addr.len = ngx_sock_ntop(ctx->addrs[i].sockaddr, + ctx->addrs[i].socklen, + text, NGX_SOCKADDR_STRLEN, 0); - ngx_log_debug1(NGX_LOG_DEBUG_MAIL, c->log, 0, - "name was resolved to %V", &addr); - } + ngx_log_debug1(NGX_LOG_DEBUG_MAIL, c->log, 0, + "name was resolved to %V", &addr); + } } #endif - for (i = 0; i < ctx->naddrs; i++) { + for (i = 0; i < ctx->naddrs; i++) + { if (ngx_cmp_sockaddr(ctx->addrs[i].sockaddr, ctx->addrs[i].socklen, - c->sockaddr, c->socklen, 0) - == NGX_OK) + c->sockaddr, c->socklen, 0) == NGX_OK) { goto found; } @@ -237,13 +243,12 @@ ngx_mail_smtp_resolve_name_handler(ngx_resolver_ctx_t *ctx) ngx_mail_smtp_greeting(s, c); } - static void ngx_mail_smtp_greeting(ngx_mail_session_t *s, ngx_connection_t *c) { - ngx_msec_t timeout; - ngx_mail_core_srv_conf_t *cscf; - ngx_mail_smtp_srv_conf_t *sscf; + ngx_msec_t timeout; + ngx_mail_core_srv_conf_t *cscf; + ngx_mail_smtp_srv_conf_t *sscf; ngx_log_debug1(NGX_LOG_DEBUG_MAIL, c->log, 0, "smtp greeting for \"%V\"", &s->host); @@ -254,13 +259,15 @@ ngx_mail_smtp_greeting(ngx_mail_session_t *s, ngx_connection_t *c) timeout = sscf->greeting_delay ? sscf->greeting_delay : cscf->timeout; ngx_add_timer(c->read, timeout); - if (ngx_handle_read_event(c->read, 0) != NGX_OK) { + if (ngx_handle_read_event(c->read, 0) != NGX_OK) + { ngx_mail_close_connection(c); } - if (sscf->greeting_delay) { - c->read->handler = ngx_mail_smtp_invalid_pipelining; - return; + if (sscf->greeting_delay) + { + c->read->handler = ngx_mail_smtp_invalid_pipelining; + return; } c->read->handler = ngx_mail_smtp_init_protocol; @@ -270,21 +277,21 @@ ngx_mail_smtp_greeting(ngx_mail_session_t *s, ngx_connection_t *c) ngx_mail_send(c->write); } - static void ngx_mail_smtp_invalid_pipelining(ngx_event_t *rev) { - ngx_connection_t *c; - ngx_mail_session_t *s; - ngx_mail_core_srv_conf_t *cscf; - ngx_mail_smtp_srv_conf_t *sscf; + ngx_connection_t *c; + ngx_mail_session_t *s; + ngx_mail_core_srv_conf_t *cscf; + ngx_mail_smtp_srv_conf_t *sscf; c = rev->data; s = c->data; c->log->action = "in delay pipelining state"; - if (rev->timedout) { + if (rev->timedout) + { ngx_log_debug0(NGX_LOG_DEBUG_MAIL, c->log, 0, "delay greeting"); @@ -296,7 +303,8 @@ ngx_mail_smtp_invalid_pipelining(ngx_event_t *rev) ngx_add_timer(c->read, cscf->timeout); - if (ngx_handle_read_event(c->read, 0) != NGX_OK) { + if (ngx_handle_read_event(c->read, 0) != NGX_OK) + { ngx_mail_close_connection(c); return; } @@ -304,20 +312,22 @@ ngx_mail_smtp_invalid_pipelining(ngx_event_t *rev) sscf = ngx_mail_get_module_srv_conf(s, ngx_mail_smtp_module); s->out = sscf->greeting; - - } else { + } + else + { ngx_log_debug0(NGX_LOG_DEBUG_MAIL, c->log, 0, "invalid pipelining"); - if (s->buffer == NULL) { - if (ngx_mail_smtp_create_buffer(s, c) != NGX_OK) { + if (s->buffer == NULL) + { + if (ngx_mail_smtp_create_buffer(s, c) != NGX_OK) + { return; } } if (ngx_mail_smtp_discard_command(s, c, - "client was rejected before greeting: \"%V\"") - != NGX_OK) + "client was rejected before greeting: \"%V\"") != NGX_OK) { return; } @@ -329,18 +339,17 @@ ngx_mail_smtp_invalid_pipelining(ngx_event_t *rev) ngx_mail_send(c->write); } - -void -ngx_mail_smtp_init_protocol(ngx_event_t *rev) +void ngx_mail_smtp_init_protocol(ngx_event_t *rev) { - ngx_connection_t *c; - ngx_mail_session_t *s; + ngx_connection_t *c; + ngx_mail_session_t *s; c = rev->data; c->log->action = "in auth state"; - if (rev->timedout) { + if (rev->timedout) + { ngx_log_error(NGX_LOG_INFO, c->log, NGX_ETIMEDOUT, "client timed out"); c->timedout = 1; ngx_mail_close_connection(c); @@ -349,8 +358,10 @@ ngx_mail_smtp_init_protocol(ngx_event_t *rev) s = c->data; - if (s->buffer == NULL) { - if (ngx_mail_smtp_create_buffer(s, c) != NGX_OK) { + if (s->buffer == NULL) + { + if (ngx_mail_smtp_create_buffer(s, c) != NGX_OK) + { return; } } @@ -361,13 +372,13 @@ ngx_mail_smtp_init_protocol(ngx_event_t *rev) ngx_mail_smtp_auth_state(rev); } - static ngx_int_t ngx_mail_smtp_create_buffer(ngx_mail_session_t *s, ngx_connection_t *c) { - ngx_mail_smtp_srv_conf_t *sscf; + ngx_mail_smtp_srv_conf_t *sscf; - if (ngx_array_init(&s->args, c->pool, 2, sizeof(ngx_str_t)) == NGX_ERROR) { + if (ngx_array_init(&s->args, c->pool, 2, sizeof(ngx_str_t)) == NGX_ERROR) + { ngx_mail_session_internal_server_error(s); return NGX_ERROR; } @@ -375,7 +386,8 @@ ngx_mail_smtp_create_buffer(ngx_mail_session_t *s, ngx_connection_t *c) sscf = ngx_mail_get_module_srv_conf(s, ngx_mail_smtp_module); s->buffer = ngx_create_temp_buf(c->pool, sscf->client_buffer_size); - if (s->buffer == NULL) { + if (s->buffer == NULL) + { ngx_mail_session_internal_server_error(s); return NGX_ERROR; } @@ -383,27 +395,27 @@ ngx_mail_smtp_create_buffer(ngx_mail_session_t *s, ngx_connection_t *c) return NGX_OK; } - -void -ngx_mail_smtp_auth_state(ngx_event_t *rev) +void ngx_mail_smtp_auth_state(ngx_event_t *rev) { - ngx_int_t rc; - ngx_connection_t *c; - ngx_mail_session_t *s; + ngx_int_t rc; + ngx_connection_t *c; + ngx_mail_session_t *s; c = rev->data; s = c->data; ngx_log_debug0(NGX_LOG_DEBUG_MAIL, c->log, 0, "smtp auth state"); - if (rev->timedout) { + if (rev->timedout) + { ngx_log_error(NGX_LOG_INFO, c->log, NGX_ETIMEDOUT, "client timed out"); c->timedout = 1; ngx_mail_close_connection(c); return; } - if (s->out.len) { + if (s->out.len) + { ngx_log_debug0(NGX_LOG_DEBUG_MAIL, c->log, 0, "smtp send handler busy"); s->blocked = 1; return; @@ -413,19 +425,23 @@ ngx_mail_smtp_auth_state(ngx_event_t *rev) rc = ngx_mail_read_command(s, c); - if (rc == NGX_AGAIN || rc == NGX_ERROR) { + if (rc == NGX_AGAIN || rc == NGX_ERROR) + { return; } ngx_str_set(&s->out, smtp_ok); - if (rc == NGX_OK) { - switch (s->client_state) { + if (rc == NGX_OK) + { + switch (s->client_state) + { case ngx_smtp_start: - case ngx_smtp_auth_password: + case ngx_smtp_auth_password: - switch (s->command) { + switch (s->command) + { case NGX_SMTP_HELO: case NGX_SMTP_EHLO: @@ -436,22 +452,22 @@ ngx_mail_smtp_auth_state(ngx_event_t *rev) rc = ngx_mail_smtp_auth(s, c); break; - case NGX_SMTP_DATA: - s->mail_state = ngx_smtp_data; - rc = NGX_DONE; - break; - case NGX_SMTP_QUIT://TODO state + case NGX_SMTP_DATA: + s->mail_state = ngx_smtp_data; + rc = NGX_DONE; + break; + case NGX_SMTP_QUIT: //TODO state s->quit = 1; ngx_str_set(&s->out, smtp_bye); break; case NGX_SMTP_MAIL: - s->mail_state = ngx_smtp_from; + s->mail_state = ngx_smtp_from; rc = ngx_mail_smtp_mail(s, c); break; case NGX_SMTP_RCPT: - s->mail_state = ngx_smtp_to; + s->mail_state = ngx_smtp_to; rc = ngx_mail_smtp_rcpt(s, c); break; @@ -459,7 +475,7 @@ ngx_mail_smtp_auth_state(ngx_event_t *rev) rc = ngx_mail_smtp_rset(s, c); break; - case NGX_SMTP_NOOP://TODO state + case NGX_SMTP_NOOP: //TODO state break; case NGX_SMTP_STARTTLS: @@ -499,35 +515,40 @@ ngx_mail_smtp_auth_state(ngx_event_t *rev) } } - if (s->buffer->pos < s->buffer->last) { + if (s->buffer->pos < s->buffer->last) + { s->blocked = 1; } - if((rc==NGX_OK||rc==NGX_DONE) && s->client_state == ngx_smtp_auth_password) - { - rc = NGX_DECLINED; - } + if ((rc == NGX_OK || rc == NGX_DONE) && s->client_state == ngx_smtp_auth_password) + { + rc = NGX_DECLINED; + } - switch (rc) { + switch (rc) + { - case NGX_DECLINED: //Ô­Ñùת·¢ÃüÁî - if (s->proxy->upstream.connection->send(s->proxy->upstream.connection, - s->buffer_cmd.data, s->buffer_cmd.len) < s->buffer_cmd.len) { - ngx_mail_session_internal_server_error(s); - return; - } - s->args.nelts = 0; - if (s->buffer->pos == s->buffer->last) { + case NGX_DECLINED: //ԭ��ת������ + if (s->proxy->upstream.connection->send(s->proxy->upstream.connection, + s->buffer_cmd.data, s->buffer_cmd.len) < s->buffer_cmd.len) + { + ngx_mail_session_internal_server_error(s); + return; + } + s->args.nelts = 0; + if (s->buffer->pos == s->buffer->last) + { s->buffer->pos = s->buffer->start; s->buffer->last = s->buffer->start; } - if (s->state) { + if (s->state) + { s->arg_start = s->buffer->pos; } - break; - + break; + case NGX_DONE: - s->client_state = ngx_smtp_auth_password; //´ú±íÈÏÖ¤Íê³É + s->client_state = ngx_smtp_auth_password; //������֤��� ngx_mail_auth(s, c); return; @@ -545,12 +566,14 @@ ngx_mail_smtp_auth_state(ngx_event_t *rev) case NGX_OK: s->args.nelts = 0; - if (s->buffer->pos == s->buffer->last) { + if (s->buffer->pos == s->buffer->last) + { s->buffer->pos = s->buffer->start; s->buffer->last = s->buffer->start; } - if (s->state) { + if (s->state) + { s->arg_start = s->buffer->pos; } @@ -558,14 +581,14 @@ ngx_mail_smtp_auth_state(ngx_event_t *rev) } } - static ngx_int_t ngx_mail_smtp_helo(ngx_mail_session_t *s, ngx_connection_t *c) { - ngx_str_t *arg; - ngx_mail_smtp_srv_conf_t *sscf; + ngx_str_t *arg; + ngx_mail_smtp_srv_conf_t *sscf; - if (s->args.nelts != 1) { + if (s->args.nelts != 1) + { ngx_str_set(&s->out, smtp_invalid_argument); s->state = 0; return NGX_OK; @@ -576,7 +599,8 @@ ngx_mail_smtp_helo(ngx_mail_session_t *s, ngx_connection_t *c) s->smtp_helo.len = arg[0].len; s->smtp_helo.data = ngx_pnalloc(c->pool, arg[0].len); - if (s->smtp_helo.data == NULL) { + if (s->smtp_helo.data == NULL) + { return NGX_ERROR; } @@ -587,25 +611,30 @@ ngx_mail_smtp_helo(ngx_mail_session_t *s, ngx_connection_t *c) sscf = ngx_mail_get_module_srv_conf(s, ngx_mail_smtp_module); - if (s->command == NGX_SMTP_HELO) { + if (s->command == NGX_SMTP_HELO) + { s->out = sscf->server_name; - - } else { + } + else + { s->esmtp = 1; #if (NGX_MAIL_SSL) - if (c->ssl == NULL) { - ngx_mail_ssl_conf_t *sslcf; + if (c->ssl == NULL) + { + ngx_mail_ssl_conf_t *sslcf; sslcf = ngx_mail_get_module_srv_conf(s, ngx_mail_ssl_module); - if (sslcf->starttls == NGX_MAIL_STARTTLS_ON) { + if (sslcf->starttls == NGX_MAIL_STARTTLS_ON) + { s->out = sscf->starttls_capability; return NGX_OK; } - if (sslcf->starttls == NGX_MAIL_STARTTLS_ONLY) { + if (sslcf->starttls == NGX_MAIL_STARTTLS_ONLY) + { s->out = sscf->starttls_only_capability; return NGX_OK; } @@ -618,21 +647,22 @@ ngx_mail_smtp_helo(ngx_mail_session_t *s, ngx_connection_t *c) return NGX_OK; } - static ngx_int_t ngx_mail_smtp_auth(ngx_mail_session_t *s, ngx_connection_t *c) { - ngx_int_t rc; - ngx_mail_core_srv_conf_t *cscf; - ngx_mail_smtp_srv_conf_t *sscf; + ngx_int_t rc; + ngx_mail_core_srv_conf_t *cscf; + ngx_mail_smtp_srv_conf_t *sscf; #if (NGX_MAIL_SSL) - if (ngx_mail_starttls_only(s, c)) { + if (ngx_mail_starttls_only(s, c)) + { return NGX_MAIL_PARSE_INVALID_COMMAND; } #endif - if (s->args.nelts == 0) { + if (s->args.nelts == 0) + { ngx_str_set(&s->out, smtp_invalid_argument); s->state = 0; return NGX_OK; @@ -642,7 +672,8 @@ ngx_mail_smtp_auth(ngx_mail_session_t *s, ngx_connection_t *c) rc = ngx_mail_auth_parse(s, c); - switch (rc) { + switch (rc) + { case NGX_MAIL_AUTH_LOGIN: @@ -667,19 +698,23 @@ ngx_mail_smtp_auth(ngx_mail_session_t *s, ngx_connection_t *c) case NGX_MAIL_AUTH_CRAM_MD5: - if (!(sscf->auth_methods & NGX_MAIL_AUTH_CRAM_MD5_ENABLED)) { + if (!(sscf->auth_methods & NGX_MAIL_AUTH_CRAM_MD5_ENABLED)) + { return NGX_MAIL_PARSE_INVALID_COMMAND; } - if (s->salt.data == NULL) { + if (s->salt.data == NULL) + { cscf = ngx_mail_get_module_srv_conf(s, ngx_mail_core_module); - if (ngx_mail_salt(s, c, cscf) != NGX_OK) { + if (ngx_mail_salt(s, c, cscf) != NGX_OK) + { return NGX_ERROR; } } - if (ngx_mail_auth_cram_md5_salt(s, c, "334 ", 4) == NGX_OK) { + if (ngx_mail_auth_cram_md5_salt(s, c, "334 ", 4) == NGX_OK) + { s->client_state = ngx_smtp_auth_cram_md5; return NGX_OK; } @@ -688,7 +723,8 @@ ngx_mail_smtp_auth(ngx_mail_session_t *s, ngx_connection_t *c) case NGX_MAIL_AUTH_EXTERNAL: - if (!(sscf->auth_methods & NGX_MAIL_AUTH_EXTERNAL_ENABLED)) { + if (!(sscf->auth_methods & NGX_MAIL_AUTH_EXTERNAL_ENABLED)) + { return NGX_MAIL_PARSE_INVALID_COMMAND; } @@ -701,16 +737,16 @@ ngx_mail_smtp_auth(ngx_mail_session_t *s, ngx_connection_t *c) return rc; } - static ngx_int_t ngx_mail_smtp_mail(ngx_mail_session_t *s, ngx_connection_t *c) { - ngx_str_t *arg, cmd; - ngx_mail_smtp_srv_conf_t *sscf; + ngx_str_t *arg, cmd; + ngx_mail_smtp_srv_conf_t *sscf; sscf = ngx_mail_get_module_srv_conf(s, ngx_mail_smtp_module); - if (!(sscf->auth_methods & NGX_MAIL_AUTH_NONE_ENABLED)) { + if (!(sscf->auth_methods & NGX_MAIL_AUTH_PLAIN_ENABLED)) + { ngx_mail_smtp_log_rejected_command(s, c, "client was rejected: \"%V\""); ngx_str_set(&s->out, smtp_auth_required); return NGX_OK; @@ -718,12 +754,14 @@ ngx_mail_smtp_mail(ngx_mail_session_t *s, ngx_connection_t *c) /* auth none */ - if (s->smtp_from.len) { + if (s->smtp_from.len) + { ngx_str_set(&s->out, smtp_bad_sequence); return NGX_OK; } - if (s->args.nelts == 0) { + if (s->args.nelts == 0) + { ngx_str_set(&s->out, smtp_invalid_argument); return NGX_OK; } @@ -737,7 +775,8 @@ ngx_mail_smtp_mail(ngx_mail_session_t *s, ngx_connection_t *c) s->smtp_from.len = cmd.len; s->smtp_from.data = ngx_pnalloc(c->pool, cmd.len); - if (s->smtp_from.data == NULL) { + if (s->smtp_from.data == NULL) + { return NGX_ERROR; } @@ -751,18 +790,19 @@ ngx_mail_smtp_mail(ngx_mail_session_t *s, ngx_connection_t *c) return NGX_DONE; } - static ngx_int_t ngx_mail_smtp_rcpt(ngx_mail_session_t *s, ngx_connection_t *c) { - ngx_str_t *arg, cmd; + ngx_str_t *arg, cmd; - if (s->smtp_from.len == 0) { + if (s->smtp_from.len == 0) + { ngx_str_set(&s->out, smtp_bad_sequence); return NGX_OK; } - if (s->args.nelts == 0) { + if (s->args.nelts == 0) + { ngx_str_set(&s->out, smtp_invalid_argument); return NGX_OK; } @@ -776,7 +816,8 @@ ngx_mail_smtp_rcpt(ngx_mail_session_t *s, ngx_connection_t *c) s->smtp_to.len = cmd.len; s->smtp_to.data = ngx_pnalloc(c->pool, cmd.len); - if (s->smtp_to.data == NULL) { + if (s->smtp_to.data == NULL) + { return NGX_ERROR; } @@ -790,7 +831,6 @@ ngx_mail_smtp_rcpt(ngx_mail_session_t *s, ngx_connection_t *c) return NGX_DONE; } - static ngx_int_t ngx_mail_smtp_rset(ngx_mail_session_t *s, ngx_connection_t *c) { @@ -801,16 +841,17 @@ ngx_mail_smtp_rset(ngx_mail_session_t *s, ngx_connection_t *c) return NGX_OK; } - static ngx_int_t ngx_mail_smtp_starttls(ngx_mail_session_t *s, ngx_connection_t *c) { #if (NGX_MAIL_SSL) - ngx_mail_ssl_conf_t *sslcf; + ngx_mail_ssl_conf_t *sslcf; - if (c->ssl == NULL) { + if (c->ssl == NULL) + { sslcf = ngx_mail_get_module_srv_conf(s, ngx_mail_ssl_module); - if (sslcf->starttls) { + if (sslcf->starttls) + { /* * RFC3207 requires us to discard any knowledge @@ -834,26 +875,29 @@ ngx_mail_smtp_starttls(ngx_mail_session_t *s, ngx_connection_t *c) return NGX_MAIL_PARSE_INVALID_COMMAND; } - static ngx_int_t ngx_mail_smtp_discard_command(ngx_mail_session_t *s, ngx_connection_t *c, - char *err) + char *err) { - ssize_t n; + ssize_t n; n = c->recv(c, s->buffer->last, s->buffer->end - s->buffer->last); - if (n == NGX_ERROR || n == 0) { + if (n == NGX_ERROR || n == 0) + { ngx_mail_close_connection(c); return NGX_ERROR; } - if (n > 0) { + if (n > 0) + { s->buffer->last += n; } - if (n == NGX_AGAIN) { - if (ngx_handle_read_event(c->read, 0) != NGX_OK) { + if (n == NGX_AGAIN) + { + if (ngx_handle_read_event(c->read, 0) != NGX_OK) + { ngx_mail_session_internal_server_error(s); return NGX_ERROR; } @@ -869,26 +913,28 @@ ngx_mail_smtp_discard_command(ngx_mail_session_t *s, ngx_connection_t *c, return NGX_OK; } - static void ngx_mail_smtp_log_rejected_command(ngx_mail_session_t *s, ngx_connection_t *c, - char *err) + char *err) { - u_char ch; - ngx_str_t cmd; - ngx_uint_t i; + u_char ch; + ngx_str_t cmd; + ngx_uint_t i; - if (c->log->log_level < NGX_LOG_INFO) { + if (c->log->log_level < NGX_LOG_INFO) + { return; } cmd.len = s->buffer->last - s->buffer->start; cmd.data = s->buffer->start; - for (i = 0; i < cmd.len; i++) { + for (i = 0; i < cmd.len; i++) + { ch = cmd.data[i]; - if (ch != CR && ch != LF) { + if (ch != CR && ch != LF) + { continue; } From 77576121be4cd0daef6fa5812cc1b8c31aad791d Mon Sep 17 00:00:00 2001 From: zouzehua Date: Tue, 30 Nov 2021 20:18:12 +0800 Subject: [PATCH 2/3] logging --- .../bundle/nginx-1.15.8/src/mail/ngx_mail_smtp_handler.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/openresty-1.15.8.1/bundle/nginx-1.15.8/src/mail/ngx_mail_smtp_handler.c b/openresty-1.15.8.1/bundle/nginx-1.15.8/src/mail/ngx_mail_smtp_handler.c index 122be24..94acc9b 100644 --- a/openresty-1.15.8.1/bundle/nginx-1.15.8/src/mail/ngx_mail_smtp_handler.c +++ b/openresty-1.15.8.1/bundle/nginx-1.15.8/src/mail/ngx_mail_smtp_handler.c @@ -745,6 +745,8 @@ ngx_mail_smtp_mail(ngx_mail_session_t *s, ngx_connection_t *c) sscf = ngx_mail_get_module_srv_conf(s, ngx_mail_smtp_module); + ngx_log_error(NGX_LOG_INFO, c->log, 0, "auth_methods:\"%d\"", (int)sscf->auth_methods); + if (!(sscf->auth_methods & NGX_MAIL_AUTH_PLAIN_ENABLED)) { ngx_mail_smtp_log_rejected_command(s, c, "client was rejected: \"%V\""); From e6760ee0cc061e9ba6accd8861d70c3e491895be Mon Sep 17 00:00:00 2001 From: zouzehua Date: Wed, 1 Dec 2021 18:04:52 +0800 Subject: [PATCH 3/3] =?UTF-8?q?smtp=E5=8F=AA=E5=85=81=E8=AE=B8login?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../bundle/nginx-1.15.8/src/mail/ngx_mail_smtp_handler.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/openresty-1.15.8.1/bundle/nginx-1.15.8/src/mail/ngx_mail_smtp_handler.c b/openresty-1.15.8.1/bundle/nginx-1.15.8/src/mail/ngx_mail_smtp_handler.c index 94acc9b..c5385b0 100644 --- a/openresty-1.15.8.1/bundle/nginx-1.15.8/src/mail/ngx_mail_smtp_handler.c +++ b/openresty-1.15.8.1/bundle/nginx-1.15.8/src/mail/ngx_mail_smtp_handler.c @@ -456,7 +456,7 @@ void ngx_mail_smtp_auth_state(ngx_event_t *rev) s->mail_state = ngx_smtp_data; rc = NGX_DONE; break; - case NGX_SMTP_QUIT: //TODO state + case NGX_SMTP_QUIT: // TODO state s->quit = 1; ngx_str_set(&s->out, smtp_bye); break; @@ -471,11 +471,11 @@ void ngx_mail_smtp_auth_state(ngx_event_t *rev) rc = ngx_mail_smtp_rcpt(s, c); break; - case NGX_SMTP_RSET: //TODO state + case NGX_SMTP_RSET: // TODO state rc = ngx_mail_smtp_rset(s, c); break; - case NGX_SMTP_NOOP: //TODO state + case NGX_SMTP_NOOP: // TODO state break; case NGX_SMTP_STARTTLS: @@ -747,7 +747,7 @@ ngx_mail_smtp_mail(ngx_mail_session_t *s, ngx_connection_t *c) ngx_log_error(NGX_LOG_INFO, c->log, 0, "auth_methods:\"%d\"", (int)sscf->auth_methods); - if (!(sscf->auth_methods & NGX_MAIL_AUTH_PLAIN_ENABLED)) + if (!(sscf->auth_methods & NGX_MAIL_AUTH_LOGIN_ENABLED)) { ngx_mail_smtp_log_rejected_command(s, c, "client was rejected: \"%V\""); ngx_str_set(&s->out, smtp_auth_required);