From 065a1641b242538073e92065e20fd788203108ab Mon Sep 17 00:00:00 2001 From: Maxim Dounin Date: Fri, 5 Mar 2021 17:16:17 +0300 Subject: Mail: added missing event handling after reading data. If we need to be notified about further events, ngx_handle_read_event() needs to be called after a read event is processed. Without this, an event can be removed from the kernel and won't be reported again, notably when using oneshot event methods, such as eventport on Solaris. For consistency, existing ngx_handle_read_event() call removed from ngx_mail_read_command(), as this call only covers one of the code paths where ngx_mail_read_command() returns NGX_AGAIN. Instead, appropriate processing added to the callers, covering all code paths where NGX_AGAIN is returned. --- src/mail/ngx_mail_handler.c | 5 ----- 1 file changed, 5 deletions(-) (limited to 'src/mail/ngx_mail_handler.c') diff --git a/src/mail/ngx_mail_handler.c b/src/mail/ngx_mail_handler.c index 803a247d2..63ae4b003 100644 --- a/src/mail/ngx_mail_handler.c +++ b/src/mail/ngx_mail_handler.c @@ -722,11 +722,6 @@ ngx_mail_read_command(ngx_mail_session_t *s, ngx_connection_t *c) } if (n == NGX_AGAIN) { - if (ngx_handle_read_event(c->read, 0) != NGX_OK) { - ngx_mail_session_internal_server_error(s); - return NGX_ERROR; - } - if (s->buffer->pos == s->buffer->last) { return NGX_AGAIN; } -- cgit From 7d4cd6cff428cb8717f8560a00f825d72b49f68a Mon Sep 17 00:00:00 2001 From: Maxim Dounin Date: Fri, 5 Mar 2021 17:16:19 +0300 Subject: Mail: postponed session initialization under accept mutex. Similarly to 40e8ce405859 in the stream module, this reduces the time accept mutex is held. This also simplifies following changes to introduce PROXY protocol support. --- src/mail/ngx_mail_handler.c | 29 ++++++++++++++++++++++++++++- 1 file changed, 28 insertions(+), 1 deletion(-) (limited to 'src/mail/ngx_mail_handler.c') diff --git a/src/mail/ngx_mail_handler.c b/src/mail/ngx_mail_handler.c index 63ae4b003..f72eeaca6 100644 --- a/src/mail/ngx_mail_handler.c +++ b/src/mail/ngx_mail_handler.c @@ -11,6 +11,7 @@ #include +static void ngx_mail_init_session_handler(ngx_event_t *rev); static void ngx_mail_init_session(ngx_connection_t *c); #if (NGX_MAIL_SSL) @@ -26,6 +27,7 @@ ngx_mail_init_connection(ngx_connection_t *c) { size_t len; ngx_uint_t i; + ngx_event_t *rev; ngx_mail_port_t *port; struct sockaddr *sa; struct sockaddr_in *sin; @@ -129,6 +131,10 @@ ngx_mail_init_connection(ngx_connection_t *c) s->main_conf = addr_conf->ctx->main_conf; s->srv_conf = addr_conf->ctx->srv_conf; +#if (NGX_MAIL_SSL) + s->ssl = addr_conf->ssl; +#endif + s->addr_text = &addr_conf->addr_text; c->data = s; @@ -159,13 +165,34 @@ ngx_mail_init_connection(ngx_connection_t *c) c->log_error = NGX_ERROR_INFO; + rev = c->read; + rev->handler = ngx_mail_init_session_handler; + + if (ngx_use_accept_mutex) { + ngx_post_event(rev, &ngx_posted_events); + return; + } + + rev->handler(rev); +} + + +static void +ngx_mail_init_session_handler(ngx_event_t *rev) +{ + ngx_connection_t *c; + ngx_mail_session_t *s; + + c = rev->data; + s = c->data; + #if (NGX_MAIL_SSL) { ngx_mail_ssl_conf_t *sslcf; sslcf = ngx_mail_get_module_srv_conf(s, ngx_mail_ssl_module); - if (sslcf->enable || addr_conf->ssl) { + if (sslcf->enable || s->ssl) { c->log->action = "SSL handshaking"; ngx_mail_ssl_init_connection(&sslcf->ssl, c); -- cgit From 83de0868b1bb5275e51698545e2165782bb5421d Mon Sep 17 00:00:00 2001 From: Maxim Dounin Date: Fri, 5 Mar 2021 17:16:20 +0300 Subject: Mail: fixed log action after SSL handshake. --- src/mail/ngx_mail_handler.c | 2 ++ 1 file changed, 2 insertions(+) (limited to 'src/mail/ngx_mail_handler.c') diff --git a/src/mail/ngx_mail_handler.c b/src/mail/ngx_mail_handler.c index f72eeaca6..cf87a1774 100644 --- a/src/mail/ngx_mail_handler.c +++ b/src/mail/ngx_mail_handler.c @@ -365,6 +365,8 @@ ngx_mail_init_session(ngx_connection_t *c) s = c->data; + c->log->action = "sending client greeting line"; + cscf = ngx_mail_get_module_srv_conf(s, ngx_mail_core_module); s->protocol = cscf->protocol->type; -- cgit From 1fce224f01b5a9b503315bd24e99421e5ca5bd7c Mon Sep 17 00:00:00 2001 From: Maxim Dounin Date: Fri, 5 Mar 2021 17:16:24 +0300 Subject: Mail: parsing of the PROXY protocol from clients. Activated with the "proxy_protocol" parameter of the "listen" directive. Obtained information is passed to the auth_http script in Proxy-Protocol-Addr, Proxy-Protocol-Port, Proxy-Protocol-Server-Addr, and Proxy-Protocol-Server-Port headers. --- src/mail/ngx_mail_handler.c | 94 +++++++++++++++++++++++++++++++++++++++++++-- 1 file changed, 91 insertions(+), 3 deletions(-) (limited to 'src/mail/ngx_mail_handler.c') diff --git a/src/mail/ngx_mail_handler.c b/src/mail/ngx_mail_handler.c index cf87a1774..50a44c782 100644 --- a/src/mail/ngx_mail_handler.c +++ b/src/mail/ngx_mail_handler.c @@ -11,6 +11,7 @@ #include +static void ngx_mail_proxy_protocol_handler(ngx_event_t *rev); static void ngx_mail_init_session_handler(ngx_event_t *rev); static void ngx_mail_init_session(ngx_connection_t *c); @@ -168,6 +169,22 @@ ngx_mail_init_connection(ngx_connection_t *c) rev = c->read; rev->handler = ngx_mail_init_session_handler; + if (addr_conf->proxy_protocol) { + c->log->action = "reading PROXY protocol"; + + rev->handler = ngx_mail_proxy_protocol_handler; + + if (!rev->ready) { + ngx_add_timer(rev, cscf->timeout); + + if (ngx_handle_read_event(rev, 0) != NGX_OK) { + ngx_mail_close_connection(c); + } + + return; + } + } + if (ngx_use_accept_mutex) { ngx_post_event(rev, &ngx_posted_events); return; @@ -177,6 +194,76 @@ ngx_mail_init_connection(ngx_connection_t *c) } +static void +ngx_mail_proxy_protocol_handler(ngx_event_t *rev) +{ + u_char *p, buf[NGX_PROXY_PROTOCOL_MAX_HEADER]; + size_t size; + ssize_t n; + ngx_err_t err; + ngx_connection_t *c; + ngx_mail_session_t *s; + ngx_mail_core_srv_conf_t *cscf; + + c = rev->data; + s = c->data; + + ngx_log_debug0(NGX_LOG_DEBUG_MAIL, c->log, 0, + "mail PROXY protocol handler"); + + if (rev->timedout) { + ngx_log_error(NGX_LOG_INFO, c->log, NGX_ETIMEDOUT, "client timed out"); + c->timedout = 1; + ngx_mail_close_connection(c); + return; + } + + n = recv(c->fd, (char *) buf, sizeof(buf), MSG_PEEK); + + err = ngx_socket_errno; + + ngx_log_debug1(NGX_LOG_DEBUG_MAIL, c->log, 0, "recv(): %z", n); + + if (n == -1) { + if (err == NGX_EAGAIN) { + rev->ready = 0; + + if (!rev->timer_set) { + cscf = ngx_mail_get_module_srv_conf(s, ngx_mail_core_module); + ngx_add_timer(rev, cscf->timeout); + } + + if (ngx_handle_read_event(rev, 0) != NGX_OK) { + ngx_mail_close_connection(c); + } + + return; + } + + ngx_connection_error(c, err, "recv() failed"); + + ngx_mail_close_connection(c); + return; + } + + p = ngx_proxy_protocol_read(c, buf, buf + n); + + if (p == NULL) { + ngx_mail_close_connection(c); + return; + } + + size = p - buf; + + if (c->recv(c, buf, size) != (ssize_t) size) { + ngx_mail_close_connection(c); + return; + } + + ngx_mail_init_session_handler(rev); +} + + static void ngx_mail_init_session_handler(ngx_event_t *rev) { @@ -242,9 +329,10 @@ ngx_mail_ssl_init_connection(ngx_ssl_t *ssl, ngx_connection_t *c) s = c->data; - cscf = ngx_mail_get_module_srv_conf(s, ngx_mail_core_module); - - ngx_add_timer(c->read, cscf->timeout); + if (!c->read->timer_set) { + cscf = ngx_mail_get_module_srv_conf(s, ngx_mail_core_module); + ngx_add_timer(c->read, cscf->timeout); + } c->ssl->handler = ngx_mail_ssl_handshake_handler; -- cgit From c2e22bcf325ee0031d1c86fbdfb79a2f8e1b4a7b Mon Sep 17 00:00:00 2001 From: Maxim Dounin Date: Fri, 5 Mar 2021 17:16:29 +0300 Subject: Mail: realip module. When configured with the "set_real_ip_from", it can set client's IP address as visible in logs to the one obtained via the PROXY protocol. --- src/mail/ngx_mail_handler.c | 5 +++++ 1 file changed, 5 insertions(+) (limited to 'src/mail/ngx_mail_handler.c') diff --git a/src/mail/ngx_mail_handler.c b/src/mail/ngx_mail_handler.c index 50a44c782..b9010535b 100644 --- a/src/mail/ngx_mail_handler.c +++ b/src/mail/ngx_mail_handler.c @@ -260,6 +260,11 @@ ngx_mail_proxy_protocol_handler(ngx_event_t *rev) return; } + if (ngx_mail_realip_handler(s) != NGX_OK) { + ngx_mail_close_connection(c); + return; + } + ngx_mail_init_session_handler(rev); } -- cgit