optimizations

src/mail/ngx_mail.h

@@ -313,6 +313,7 @@ typedef ngx_int_t (*ngx_mail_parse_command_pt)(ngx_mail_session_t *s);
 
 #if (NGX_MAIL_SSL)
 void ngx_mail_starttls_handler(ngx_event_t *rev);
+ngx_int_t ngx_mail_starttls_only(ngx_mail_session_t *s, ngx_connection_t *c);
 #endif
 
 
@@ -330,6 +331,8 @@ ngx_int_t ngx_mail_auth_login_username(ngx_mail_session_t *s,
     ngx_connection_t *c);
 ngx_int_t ngx_mail_auth_login_password(ngx_mail_session_t *s,
     ngx_connection_t *c);
+ngx_int_t ngx_mail_auth_cram_md5_salt(ngx_mail_session_t *s,
+    ngx_connection_t *c, char *prefix, size_t len);
 ngx_int_t ngx_mail_auth_cram_md5(ngx_mail_session_t *s, ngx_connection_t *c);
 
 void ngx_mail_send(ngx_event_t *wev);
@@ -351,6 +354,7 @@ void ngx_mail_smtp_init_protocol(ngx_event_t *rev);
 ngx_int_t ngx_mail_pop3_parse_command(ngx_mail_session_t *s);
 ngx_int_t ngx_mail_imap_parse_command(ngx_mail_session_t *s);
 ngx_int_t ngx_mail_smtp_parse_command(ngx_mail_session_t *s);
+ngx_int_t ngx_mail_auth_parse(ngx_mail_session_t *s, ngx_connection_t *c);
 
 
 /* STUB */

src/mail/ngx_mail_handler.c

@@ -285,6 +285,29 @@ ngx_mail_salt(ngx_mail_session_t *s, ngx_connection_t *c,
 }
 
 
+#if (NGX_MAIL_SSL)
+
+ngx_int_t
+ngx_mail_starttls_only(ngx_mail_session_t *s, ngx_connection_t *c)
+{
+    ngx_mail_ssl_conf_t  *sslcf;
+
+    if (c->ssl) {
+        return 0;
+    }
+
+    sslcf = ngx_mail_get_module_srv_conf(s, ngx_mail_ssl_module);
+
+    if (sslcf->starttls == NGX_MAIL_STARTTLS_ONLY) {
+        return 1;
+    }
+
+    return 0;
+}
+
+#endif
+
+
 ngx_int_t
 ngx_mail_auth_plain(ngx_mail_session_t *s, ngx_connection_t *c, ngx_uint_t n)
 {
@@ -404,6 +427,35 @@ ngx_mail_auth_login_password(ngx_mail_session_t *s, ngx_connection_t *c)
 }
 
 
+ngx_int_t
+ngx_mail_auth_cram_md5_salt(ngx_mail_session_t *s, ngx_connection_t *c,
+    char *prefix, size_t len)
+{
+    u_char      *p;
+    ngx_str_t    salt;
+    ngx_uint_t   n;
+
+    p = ngx_palloc(c->pool, len + ngx_base64_encoded_length(s->salt.len) + 2);
+    if (p == NULL) {
+        return NGX_ERROR;
+    }
+
+    salt.data = ngx_cpymem(p, prefix, len);
+    s->salt.len -= 2;
+
+    ngx_encode_base64(&salt, &s->salt);
+
+    s->salt.len += 2;
+    n = len + salt.len;
+    p[n++] = CR; p[n++] = LF;
+
+    s->out.len = n;
+    s->out.data = p;
+
+    return NGX_OK;
+}
+
+
 ngx_int_t
 ngx_mail_auth_cram_md5(ngx_mail_session_t *s, ngx_connection_t *c)
 {

src/mail/ngx_mail_imap_handler.c

@@ -177,11 +177,7 @@ ngx_mail_imap_auth_state(ngx_event_t *rev)
 
             case NGX_IMAP_AUTHENTICATE:
                 rc = ngx_mail_imap_authenticate(s, c);
-
-                if (rc == NGX_OK) {
-                    tag = 0;
-                }
-
+                tag = (rc != NGX_OK);
                 break;
 
             case NGX_IMAP_CAPABILITY:
@@ -307,15 +303,10 @@ static ngx_int_t
 ngx_mail_imap_login(ngx_mail_session_t *s, ngx_connection_t *c)
 {
     ngx_str_t            *arg;
-#if (NGX_MAIL_SSL)
-    ngx_mail_ssl_conf_t  *sslcf;
 
-    if (c->ssl == NULL) {
-        sslcf = ngx_mail_get_module_srv_conf(s, ngx_mail_ssl_module);
-
-        if (sslcf->starttls == NGX_MAIL_STARTTLS_ONLY) {
-            return NGX_MAIL_PARSE_INVALID_COMMAND;
-        }
+#if (NGX_MAIL_SSL)
+    if (ngx_mail_starttls_only(s, c)) {
+        return NGX_MAIL_PARSE_INVALID_COMMAND;
     }
 #endif
 
@@ -357,85 +348,52 @@ ngx_mail_imap_login(ngx_mail_session_t *s, ngx_connection_t *c)
 static ngx_int_t
 ngx_mail_imap_authenticate(ngx_mail_session_t *s, ngx_connection_t *c)
 {
-    u_char                    *p;
-    ngx_str_t                 *arg, salt;
-    ngx_uint_t                 n;
+    ngx_int_t                  rc;
     ngx_mail_core_srv_conf_t  *cscf;
-#if (NGX_MAIL_SSL)
-    ngx_mail_ssl_conf_t       *sslcf;
 
-    if (c->ssl == NULL) {
-        sslcf = ngx_mail_get_module_srv_conf(s, ngx_mail_ssl_module);
-
-        if (sslcf->starttls == NGX_MAIL_STARTTLS_ONLY) {
-            return NGX_MAIL_PARSE_INVALID_COMMAND;
-        }
-    }
-#endif
-
-    if (s->args.nelts != 1) {
+#if (NGX_MAIL_SSL)
+    if (ngx_mail_starttls_only(s, c)) {
         return NGX_MAIL_PARSE_INVALID_COMMAND;
     }
+#endif
 
-    arg = s->args.elts;
+    rc = ngx_mail_auth_parse(s, c);
 
-    if (arg[0].len == 5) {
+    switch (rc) {
 
-        if (ngx_strncasecmp(arg[0].data, (u_char *) "LOGIN", 5) == 0) {
+    case NGX_MAIL_AUTH_LOGIN:
 
-            s->out.len = sizeof(imap_username) - 1;
-            s->out.data = imap_username;
-            s->mail_state = ngx_imap_auth_login_username;
+        s->out.len = sizeof(imap_username) - 1;
+        s->out.data = imap_username;
+        s->mail_state = ngx_imap_auth_login_username;
 
-            return NGX_OK;
+        return NGX_OK;
 
-        } else if (ngx_strncasecmp(arg[0].data, (u_char *) "PLAIN", 5) == 0) {
+    case NGX_MAIL_AUTH_PLAIN:
 
-            s->out.len = sizeof(imap_plain_next) - 1;
-            s->out.data = imap_plain_next;
-            s->mail_state = ngx_imap_auth_plain;
+        s->out.len = sizeof(imap_plain_next) - 1;
+        s->out.data = imap_plain_next;
+        s->mail_state = ngx_imap_auth_plain;
 
-            return NGX_OK;
-        }
+        return NGX_OK;
 
-    } else if (arg[0].len == 8
-               && ngx_strncasecmp(arg[0].data, (u_char *) "CRAM-MD5", 8) == 0)
-    {
-        if (s->args.nelts != 1) {
-            return NGX_MAIL_PARSE_INVALID_COMMAND;
-        }
+    case NGX_MAIL_AUTH_CRAM_MD5:
 
         cscf = ngx_mail_get_module_srv_conf(s, ngx_mail_core_module);
 
         if (!(cscf->imap_auth_methods & NGX_MAIL_AUTH_CRAM_MD5_ENABLED)) {
             return NGX_MAIL_PARSE_INVALID_COMMAND;
         }
 
-        p = ngx_palloc(c->pool,
-                       sizeof("+ " CRLF) - 1
-                       + ngx_base64_encoded_length(s->salt.len));
-        if (p == NULL) {
-            return NGX_ERROR;
+        if (ngx_mail_auth_cram_md5_salt(s, c, "+ ", 2) == NGX_OK) {
+            s->mail_state = ngx_imap_auth_cram_md5;
+            return NGX_OK;
         }
 
-        p[0] = '+'; p[1]= ' ';
-        salt.data = &p[2];
-        s->salt.len -= 2;
-
-        ngx_encode_base64(&salt, &s->salt);
-
-        s->salt.len += 2;
-        n = 2 + salt.len;
-        p[n++] = CR; p[n++] = LF;
-
-        s->out.len = n;
-        s->out.data = p;
-        s->mail_state = ngx_imap_auth_cram_md5;
-
-        return NGX_OK;
+        return NGX_ERROR;
     }
 
-    return NGX_MAIL_PARSE_INVALID_COMMAND;
+    return rc;
 }
 
 

src/mail/ngx_mail_parse.c

@@ -825,3 +825,56 @@ ngx_mail_smtp_parse_command(ngx_mail_session_t *s)
 
     return NGX_MAIL_PARSE_INVALID_COMMAND;
 }
+
+
+ngx_int_t
+ngx_mail_auth_parse(ngx_mail_session_t *s, ngx_connection_t *c)
+{
+    ngx_str_t                 *arg;
+
+#if (NGX_MAIL_SSL)
+    if (ngx_mail_starttls_only(s, c)) {
+        return NGX_MAIL_PARSE_INVALID_COMMAND;
+    }
+#endif
+
+    arg = s->args.elts;
+
+    if (arg[0].len == 5) {
+
+        if (ngx_strncasecmp(arg[0].data, (u_char *) "LOGIN", 5) == 0) {
+
+            if (s->args.nelts == 1) {
+                return NGX_MAIL_AUTH_LOGIN;
+            }
+
+            return NGX_MAIL_PARSE_INVALID_COMMAND;
+        }
+
+        if (ngx_strncasecmp(arg[0].data, (u_char *) "PLAIN", 5) == 0) {
+
+            if (s->args.nelts == 1) {
+                return NGX_MAIL_AUTH_PLAIN;
+            }
+
+            if (s->args.nelts == 2) {
+                return ngx_mail_auth_plain(s, c, 1);
+            }
+        }
+
+        return NGX_MAIL_PARSE_INVALID_COMMAND;
+    }
+
+    if (arg[0].len == 8) {
+
+        if (s->args.nelts != 1) {
+            return NGX_MAIL_PARSE_INVALID_COMMAND;
+        }
+
+        if (ngx_strncasecmp(arg[0].data, (u_char *) "CRAM-MD5", 8) == 0) {
+            return NGX_MAIL_AUTH_CRAM_MD5;
+        }
+    }
+
+    return NGX_MAIL_PARSE_INVALID_COMMAND;
+}