nginxtra 1.0.15.0

data/src/nginx/src/mail/ngx_mail.h

@@ -0,0 +1,407 @@
+
+/*
+ * Copyright (C) Igor Sysoev
+ * Copyright (C) Nginx, Inc.
+ */
+
+
+#ifndef _NGX_MAIL_H_INCLUDED_
+#define _NGX_MAIL_H_INCLUDED_
+
+
+#include <ngx_config.h>
+#include <ngx_core.h>
+#include <ngx_event.h>
+#include <ngx_event_connect.h>
+
+#if (NGX_MAIL_SSL)
+#include <ngx_mail_ssl_module.h>
+#endif
+
+
+
+typedef struct {
+    void                  **main_conf;
+    void                  **srv_conf;
+} ngx_mail_conf_ctx_t;
+
+
+typedef struct {
+    u_char                  sockaddr[NGX_SOCKADDRLEN];
+    socklen_t               socklen;
+
+    /* server ctx */
+    ngx_mail_conf_ctx_t    *ctx;
+
+    unsigned                bind:1;
+    unsigned                wildcard:1;
+#if (NGX_MAIL_SSL)
+    unsigned                ssl:1;
+#endif
+#if (NGX_HAVE_INET6 && defined IPV6_V6ONLY)
+    unsigned                ipv6only:2;
+#endif
+} ngx_mail_listen_t;
+
+
+typedef struct {
+    ngx_mail_conf_ctx_t    *ctx;
+    ngx_str_t               addr_text;
+#if (NGX_MAIL_SSL)
+    ngx_uint_t              ssl;    /* unsigned   ssl:1; */
+#endif
+} ngx_mail_addr_conf_t;
+
+typedef struct {
+    in_addr_t               addr;
+    ngx_mail_addr_conf_t    conf;
+} ngx_mail_in_addr_t;
+
+
+#if (NGX_HAVE_INET6)
+
+typedef struct {
+    struct in6_addr         addr6;
+    ngx_mail_addr_conf_t    conf;
+} ngx_mail_in6_addr_t;
+
+#endif
+
+
+typedef struct {
+    /* ngx_mail_in_addr_t or ngx_mail_in6_addr_t */
+    void                   *addrs;
+    ngx_uint_t              naddrs;
+} ngx_mail_port_t;
+
+
+typedef struct {
+    int                     family;
+    in_port_t               port;
+    ngx_array_t             addrs;       /* array of ngx_mail_conf_addr_t */
+} ngx_mail_conf_port_t;
+
+
+typedef struct {
+    struct sockaddr        *sockaddr;
+    socklen_t               socklen;
+
+    ngx_mail_conf_ctx_t    *ctx;
+
+    unsigned                bind:1;
+    unsigned                wildcard:1;
+#if (NGX_MAIL_SSL)
+    unsigned                ssl:1;
+#endif
+#if (NGX_HAVE_INET6 && defined IPV6_V6ONLY)
+    unsigned                ipv6only:2;
+#endif
+} ngx_mail_conf_addr_t;
+
+
+typedef struct {
+    ngx_array_t             servers;     /* ngx_mail_core_srv_conf_t */
+    ngx_array_t             listen;      /* ngx_mail_listen_t */
+} ngx_mail_core_main_conf_t;
+
+
+#define NGX_MAIL_POP3_PROTOCOL  0
+#define NGX_MAIL_IMAP_PROTOCOL  1
+#define NGX_MAIL_SMTP_PROTOCOL  2
+
+
+typedef struct ngx_mail_protocol_s  ngx_mail_protocol_t;
+
+
+typedef struct {
+    ngx_mail_protocol_t    *protocol;
+
+    ngx_msec_t              timeout;
+    ngx_msec_t              resolver_timeout;
+
+    ngx_flag_t              so_keepalive;
+
+    ngx_str_t               server_name;
+
+    u_char                 *file_name;
+    ngx_int_t               line;
+
+    ngx_resolver_t         *resolver;
+
+    /* server ctx */
+    ngx_mail_conf_ctx_t    *ctx;
+} ngx_mail_core_srv_conf_t;
+
+
+typedef enum {
+    ngx_pop3_start = 0,
+    ngx_pop3_user,
+    ngx_pop3_passwd,
+    ngx_pop3_auth_login_username,
+    ngx_pop3_auth_login_password,
+    ngx_pop3_auth_plain,
+    ngx_pop3_auth_cram_md5
+} ngx_pop3_state_e;
+
+
+typedef enum {
+    ngx_imap_start = 0,
+    ngx_imap_auth_login_username,
+    ngx_imap_auth_login_password,
+    ngx_imap_auth_plain,
+    ngx_imap_auth_cram_md5,
+    ngx_imap_login,
+    ngx_imap_user,
+    ngx_imap_passwd
+} ngx_imap_state_e;
+
+
+typedef enum {
+    ngx_smtp_start = 0,
+    ngx_smtp_auth_login_username,
+    ngx_smtp_auth_login_password,
+    ngx_smtp_auth_plain,
+    ngx_smtp_auth_cram_md5,
+    ngx_smtp_helo,
+    ngx_smtp_helo_xclient,
+    ngx_smtp_helo_from,
+    ngx_smtp_xclient,
+    ngx_smtp_xclient_from,
+    ngx_smtp_xclient_helo,
+    ngx_smtp_from,
+    ngx_smtp_to
+} ngx_smtp_state_e;
+
+
+typedef struct {
+    ngx_peer_connection_t   upstream;
+    ngx_buf_t              *buffer;
+} ngx_mail_proxy_ctx_t;
+
+
+typedef struct {
+    uint32_t                signature;         /* "MAIL" */
+
+    ngx_connection_t       *connection;
+
+    ngx_str_t               out;
+    ngx_buf_t              *buffer;
+
+    void                  **ctx;
+    void                  **main_conf;
+    void                  **srv_conf;
+
+    ngx_resolver_ctx_t     *resolver_ctx;
+
+    ngx_mail_proxy_ctx_t   *proxy;
+
+    ngx_uint_t              mail_state;
+
+    unsigned                protocol:3;
+    unsigned                blocked:1;
+    unsigned                quit:1;
+    unsigned                quoted:1;
+    unsigned                backslash:1;
+    unsigned                no_sync_literal:1;
+    unsigned                starttls:1;
+    unsigned                esmtp:1;
+    unsigned                auth_method:3;
+    unsigned                auth_wait:1;
+
+    ngx_str_t               login;
+    ngx_str_t               passwd;
+
+    ngx_str_t               salt;
+    ngx_str_t               tag;
+    ngx_str_t               tagged_line;
+    ngx_str_t               text;
+
+    ngx_str_t              *addr_text;
+    ngx_str_t               host;
+    ngx_str_t               smtp_helo;
+    ngx_str_t               smtp_from;
+    ngx_str_t               smtp_to;
+
+    ngx_uint_t              command;
+    ngx_array_t             args;
+
+    ngx_uint_t              login_attempt;
+
+    /* used to parse POP3/IMAP/SMTP command */
+
+    ngx_uint_t              state;
+    u_char                 *cmd_start;
+    u_char                 *arg_start;
+    u_char                 *arg_end;
+    ngx_uint_t              literal_len;
+} ngx_mail_session_t;
+
+
+typedef struct {
+    ngx_str_t              *client;
+    ngx_mail_session_t     *session;
+} ngx_mail_log_ctx_t;
+
+
+#define NGX_POP3_USER          1
+#define NGX_POP3_PASS          2
+#define NGX_POP3_CAPA          3
+#define NGX_POP3_QUIT          4
+#define NGX_POP3_NOOP          5
+#define NGX_POP3_STLS          6
+#define NGX_POP3_APOP          7
+#define NGX_POP3_AUTH          8
+#define NGX_POP3_STAT          9
+#define NGX_POP3_LIST          10
+#define NGX_POP3_RETR          11
+#define NGX_POP3_DELE          12
+#define NGX_POP3_RSET          13
+#define NGX_POP3_TOP           14
+#define NGX_POP3_UIDL          15
+
+
+#define NGX_IMAP_LOGIN         1
+#define NGX_IMAP_LOGOUT        2
+#define NGX_IMAP_CAPABILITY    3
+#define NGX_IMAP_NOOP          4
+#define NGX_IMAP_STARTTLS      5
+
+#define NGX_IMAP_NEXT          6
+
+#define NGX_IMAP_AUTHENTICATE  7
+
+
+#define NGX_SMTP_HELO          1
+#define NGX_SMTP_EHLO          2
+#define NGX_SMTP_AUTH          3
+#define NGX_SMTP_QUIT          4
+#define NGX_SMTP_NOOP          5
+#define NGX_SMTP_MAIL          6
+#define NGX_SMTP_RSET          7
+#define NGX_SMTP_RCPT          8
+#define NGX_SMTP_DATA          9
+#define NGX_SMTP_VRFY          10
+#define NGX_SMTP_EXPN          11
+#define NGX_SMTP_HELP          12
+#define NGX_SMTP_STARTTLS      13
+
+
+#define NGX_MAIL_AUTH_PLAIN             0
+#define NGX_MAIL_AUTH_LOGIN             1
+#define NGX_MAIL_AUTH_LOGIN_USERNAME    2
+#define NGX_MAIL_AUTH_APOP              3
+#define NGX_MAIL_AUTH_CRAM_MD5          4
+#define NGX_MAIL_AUTH_NONE              5
+
+
+#define NGX_MAIL_AUTH_PLAIN_ENABLED     0x0002
+#define NGX_MAIL_AUTH_LOGIN_ENABLED     0x0004
+#define NGX_MAIL_AUTH_APOP_ENABLED      0x0008
+#define NGX_MAIL_AUTH_CRAM_MD5_ENABLED  0x0010
+#define NGX_MAIL_AUTH_NONE_ENABLED      0x0020
+
+
+#define NGX_MAIL_PARSE_INVALID_COMMAND  20
+
+
+typedef void (*ngx_mail_init_session_pt)(ngx_mail_session_t *s,
+    ngx_connection_t *c);
+typedef void (*ngx_mail_init_protocol_pt)(ngx_event_t *rev);
+typedef void (*ngx_mail_auth_state_pt)(ngx_event_t *rev);
+typedef ngx_int_t (*ngx_mail_parse_command_pt)(ngx_mail_session_t *s);
+
+
+struct ngx_mail_protocol_s {
+    ngx_str_t                   name;
+    in_port_t                   port[4];
+    ngx_uint_t                  type;
+
+    ngx_mail_init_session_pt    init_session;
+    ngx_mail_init_protocol_pt   init_protocol;
+    ngx_mail_parse_command_pt   parse_command;
+    ngx_mail_auth_state_pt      auth_state;
+
+    ngx_str_t                   internal_server_error;
+};
+
+
+typedef struct {
+    ngx_mail_protocol_t        *protocol;
+
+    void                       *(*create_main_conf)(ngx_conf_t *cf);
+    char                       *(*init_main_conf)(ngx_conf_t *cf, void *conf);
+
+    void                       *(*create_srv_conf)(ngx_conf_t *cf);
+    char                       *(*merge_srv_conf)(ngx_conf_t *cf, void *prev,
+                                      void *conf);
+} ngx_mail_module_t;
+
+
+#define NGX_MAIL_MODULE         0x4C49414D     /* "MAIL" */
+
+#define NGX_MAIL_MAIN_CONF      0x02000000
+#define NGX_MAIL_SRV_CONF       0x04000000
+
+
+#define NGX_MAIL_MAIN_CONF_OFFSET  offsetof(ngx_mail_conf_ctx_t, main_conf)
+#define NGX_MAIL_SRV_CONF_OFFSET   offsetof(ngx_mail_conf_ctx_t, srv_conf)
+
+
+#define ngx_mail_get_module_ctx(s, module)     (s)->ctx[module.ctx_index]
+#define ngx_mail_set_ctx(s, c, module)         s->ctx[module.ctx_index] = c;
+#define ngx_mail_delete_ctx(s, module)         s->ctx[module.ctx_index] = NULL;
+
+
+#define ngx_mail_get_module_main_conf(s, module)                             \
+    (s)->main_conf[module.ctx_index]
+#define ngx_mail_get_module_srv_conf(s, module)  (s)->srv_conf[module.ctx_index]
+
+#define ngx_mail_conf_get_module_main_conf(cf, module)                       \
+    ((ngx_mail_conf_ctx_t *) cf->ctx)->main_conf[module.ctx_index]
+#define ngx_mail_conf_get_module_srv_conf(cf, module)                        \
+    ((ngx_mail_conf_ctx_t *) cf->ctx)->srv_conf[module.ctx_index]
+
+
+#if (NGX_MAIL_SSL)
+void ngx_mail_starttls_handler(ngx_event_t *rev);
+ngx_int_t ngx_mail_starttls_only(ngx_mail_session_t *s, ngx_connection_t *c);
+#endif
+
+
+void ngx_mail_init_connection(ngx_connection_t *c);
+
+ngx_int_t ngx_mail_salt(ngx_mail_session_t *s, ngx_connection_t *c,
+    ngx_mail_core_srv_conf_t *cscf);
+ngx_int_t ngx_mail_auth_plain(ngx_mail_session_t *s, ngx_connection_t *c,
+    ngx_uint_t n);
+ngx_int_t ngx_mail_auth_login_username(ngx_mail_session_t *s,
+    ngx_connection_t *c, ngx_uint_t n);
+ngx_int_t ngx_mail_auth_login_password(ngx_mail_session_t *s,
+    ngx_connection_t *c);
+ngx_int_t ngx_mail_auth_cram_md5_salt(ngx_mail_session_t *s,
+    ngx_connection_t *c, char *prefix, size_t len);
+ngx_int_t ngx_mail_auth_cram_md5(ngx_mail_session_t *s, ngx_connection_t *c);
+ngx_int_t ngx_mail_auth_parse(ngx_mail_session_t *s, ngx_connection_t *c);
+
+void ngx_mail_send(ngx_event_t *wev);
+ngx_int_t ngx_mail_read_command(ngx_mail_session_t *s, ngx_connection_t *c);
+void ngx_mail_auth(ngx_mail_session_t *s, ngx_connection_t *c);
+void ngx_mail_close_connection(ngx_connection_t *c);
+void ngx_mail_session_internal_server_error(ngx_mail_session_t *s);
+u_char *ngx_mail_log_error(ngx_log_t *log, u_char *buf, size_t len);
+
+
+char *ngx_mail_capabilities(ngx_conf_t *cf, ngx_command_t *cmd, void *conf);
+
+
+/* STUB */
+void ngx_mail_proxy_init(ngx_mail_session_t *s, ngx_addr_t *peer);
+void ngx_mail_auth_http_init(ngx_mail_session_t *s);
+/**/
+
+
+extern ngx_uint_t    ngx_mail_max_module;
+extern ngx_module_t  ngx_mail_core_module;
+
+
+#endif /* _NGX_MAIL_H_INCLUDED_ */

data/src/nginx/src/mail/ngx_mail_auth_http_module.c

@@ -0,0 +1,1452 @@
+
+/*
+ * Copyright (C) Igor Sysoev
+ * Copyright (C) Nginx, Inc.
+ */
+
+
+#include <ngx_config.h>
+#include <ngx_core.h>
+#include <ngx_event.h>
+#include <ngx_event_connect.h>
+#include <ngx_mail.h>
+
+
+typedef struct {
+    ngx_addr_t                     *peer;
+
+    ngx_msec_t                      timeout;
+
+    ngx_str_t                       host_header;
+    ngx_str_t                       uri;
+    ngx_str_t                       header;
+
+    ngx_array_t                    *headers;
+
+    u_char                         *file;
+    ngx_uint_t                      line;
+} ngx_mail_auth_http_conf_t;
+
+
+typedef struct ngx_mail_auth_http_ctx_s  ngx_mail_auth_http_ctx_t;
+
+typedef void (*ngx_mail_auth_http_handler_pt)(ngx_mail_session_t *s,
+    ngx_mail_auth_http_ctx_t *ctx);
+
+struct ngx_mail_auth_http_ctx_s {
+    ngx_buf_t                      *request;
+    ngx_buf_t                      *response;
+    ngx_peer_connection_t           peer;
+
+    ngx_mail_auth_http_handler_pt   handler;
+
+    ngx_uint_t                      state;
+
+    u_char                         *header_name_start;
+    u_char                         *header_name_end;
+    u_char                         *header_start;
+    u_char                         *header_end;
+
+    ngx_str_t                       addr;
+    ngx_str_t                       port;
+    ngx_str_t                       err;
+    ngx_str_t                       errmsg;
+    ngx_str_t                       errcode;
+
+    time_t                          sleep;
+
+    ngx_pool_t                     *pool;
+};
+
+
+static void ngx_mail_auth_http_write_handler(ngx_event_t *wev);
+static void ngx_mail_auth_http_read_handler(ngx_event_t *rev);
+static void ngx_mail_auth_http_ignore_status_line(ngx_mail_session_t *s,
+    ngx_mail_auth_http_ctx_t *ctx);
+static void ngx_mail_auth_http_process_headers(ngx_mail_session_t *s,
+    ngx_mail_auth_http_ctx_t *ctx);
+static void ngx_mail_auth_sleep_handler(ngx_event_t *rev);
+static ngx_int_t ngx_mail_auth_http_parse_header_line(ngx_mail_session_t *s,
+    ngx_mail_auth_http_ctx_t *ctx);
+static void ngx_mail_auth_http_block_read(ngx_event_t *rev);
+static void ngx_mail_auth_http_dummy_handler(ngx_event_t *ev);
+static ngx_buf_t *ngx_mail_auth_http_create_request(ngx_mail_session_t *s,
+    ngx_pool_t *pool, ngx_mail_auth_http_conf_t *ahcf);
+static ngx_int_t ngx_mail_auth_http_escape(ngx_pool_t *pool, ngx_str_t *text,
+    ngx_str_t *escaped);
+
+static void *ngx_mail_auth_http_create_conf(ngx_conf_t *cf);
+static char *ngx_mail_auth_http_merge_conf(ngx_conf_t *cf, void *parent,
+    void *child);
+static char *ngx_mail_auth_http(ngx_conf_t *cf, ngx_command_t *cmd, void *conf);
+static char *ngx_mail_auth_http_header(ngx_conf_t *cf, ngx_command_t *cmd,
+    void *conf);
+
+
+static ngx_command_t  ngx_mail_auth_http_commands[] = {
+
+    { ngx_string("auth_http"),
+      NGX_MAIL_MAIN_CONF|NGX_MAIL_SRV_CONF|NGX_CONF_TAKE1,
+      ngx_mail_auth_http,
+      NGX_MAIL_SRV_CONF_OFFSET,
+      0,
+      NULL },
+
+    { ngx_string("auth_http_timeout"),
+      NGX_MAIL_MAIN_CONF|NGX_MAIL_SRV_CONF|NGX_CONF_TAKE1,
+      ngx_conf_set_msec_slot,
+      NGX_MAIL_SRV_CONF_OFFSET,
+      offsetof(ngx_mail_auth_http_conf_t, timeout),
+      NULL },
+
+    { ngx_string("auth_http_header"),
+      NGX_MAIL_MAIN_CONF|NGX_MAIL_SRV_CONF|NGX_CONF_TAKE2,
+      ngx_mail_auth_http_header,
+      NGX_MAIL_SRV_CONF_OFFSET,
+      0,
+      NULL },
+
+      ngx_null_command
+};
+
+
+static ngx_mail_module_t  ngx_mail_auth_http_module_ctx = {
+    NULL,                                  /* protocol */
+
+    NULL,                                  /* create main configuration */
+    NULL,                                  /* init main configuration */
+
+    ngx_mail_auth_http_create_conf,        /* create server configuration */
+    ngx_mail_auth_http_merge_conf          /* merge server configuration */
+};
+
+
+ngx_module_t  ngx_mail_auth_http_module = {
+    NGX_MODULE_V1,
+    &ngx_mail_auth_http_module_ctx,        /* module context */
+    ngx_mail_auth_http_commands,           /* module directives */
+    NGX_MAIL_MODULE,                       /* module type */
+    NULL,                                  /* init master */
+    NULL,                                  /* init module */
+    NULL,                                  /* init process */
+    NULL,                                  /* init thread */
+    NULL,                                  /* exit thread */
+    NULL,                                  /* exit process */
+    NULL,                                  /* exit master */
+    NGX_MODULE_V1_PADDING
+};
+
+
+static ngx_str_t   ngx_mail_auth_http_method[] = {
+    ngx_string("plain"),
+    ngx_string("plain"),
+    ngx_string("plain"),
+    ngx_string("apop"),
+    ngx_string("cram-md5"),
+    ngx_string("none")
+};
+
+static ngx_str_t   ngx_mail_smtp_errcode = ngx_string("535 5.7.0");
+
+
+void
+ngx_mail_auth_http_init(ngx_mail_session_t *s)
+{
+    ngx_int_t                   rc;
+    ngx_pool_t                 *pool;
+    ngx_mail_auth_http_ctx_t   *ctx;
+    ngx_mail_auth_http_conf_t  *ahcf;
+
+    s->connection->log->action = "in http auth state";
+
+    pool = ngx_create_pool(2048, s->connection->log);
+    if (pool == NULL) {
+        ngx_mail_session_internal_server_error(s);
+        return;
+    }
+
+    ctx = ngx_pcalloc(pool, sizeof(ngx_mail_auth_http_ctx_t));
+    if (ctx == NULL) {
+        ngx_destroy_pool(pool);
+        ngx_mail_session_internal_server_error(s);
+        return;
+    }
+
+    ctx->pool = pool;
+
+    ahcf = ngx_mail_get_module_srv_conf(s, ngx_mail_auth_http_module);
+
+    ctx->request = ngx_mail_auth_http_create_request(s, pool, ahcf);
+    if (ctx->request == NULL) {
+        ngx_destroy_pool(ctx->pool);
+        ngx_mail_session_internal_server_error(s);
+        return;
+    }
+
+    ngx_mail_set_ctx(s, ctx, ngx_mail_auth_http_module);
+
+    ctx->peer.sockaddr = ahcf->peer->sockaddr;
+    ctx->peer.socklen = ahcf->peer->socklen;
+    ctx->peer.name = &ahcf->peer->name;
+    ctx->peer.get = ngx_event_get_peer;
+    ctx->peer.log = s->connection->log;
+    ctx->peer.log_error = NGX_ERROR_ERR;
+
+    rc = ngx_event_connect_peer(&ctx->peer);
+
+    if (rc == NGX_ERROR || rc == NGX_BUSY || rc == NGX_DECLINED) {
+        if (ctx->peer.connection) {
+            ngx_close_connection(ctx->peer.connection);
+        }
+
+        ngx_destroy_pool(ctx->pool);
+        ngx_mail_session_internal_server_error(s);
+        return;
+    }
+
+    ctx->peer.connection->data = s;
+    ctx->peer.connection->pool = s->connection->pool;
+
+    s->connection->read->handler = ngx_mail_auth_http_block_read;
+    ctx->peer.connection->read->handler = ngx_mail_auth_http_read_handler;
+    ctx->peer.connection->write->handler = ngx_mail_auth_http_write_handler;
+
+    ctx->handler = ngx_mail_auth_http_ignore_status_line;
+
+    ngx_add_timer(ctx->peer.connection->read, ahcf->timeout);
+    ngx_add_timer(ctx->peer.connection->write, ahcf->timeout);
+
+    if (rc == NGX_OK) {
+        ngx_mail_auth_http_write_handler(ctx->peer.connection->write);
+        return;
+    }
+}
+
+
+static void
+ngx_mail_auth_http_write_handler(ngx_event_t *wev)
+{
+    ssize_t                     n, size;
+    ngx_connection_t           *c;
+    ngx_mail_session_t         *s;
+    ngx_mail_auth_http_ctx_t   *ctx;
+    ngx_mail_auth_http_conf_t  *ahcf;
+
+    c = wev->data;
+    s = c->data;
+
+    ctx = ngx_mail_get_module_ctx(s, ngx_mail_auth_http_module);
+
+    ngx_log_debug0(NGX_LOG_DEBUG_MAIL, wev->log, 0,
+                   "mail auth http write handler");
+
+    if (wev->timedout) {
+        ngx_log_error(NGX_LOG_ERR, wev->log, NGX_ETIMEDOUT,
+                      "auth http server %V timed out", ctx->peer.name);
+        ngx_close_connection(c);
+        ngx_destroy_pool(ctx->pool);
+        ngx_mail_session_internal_server_error(s);
+        return;
+    }
+
+    size = ctx->request->last - ctx->request->pos;
+
+    n = ngx_send(c, ctx->request->pos, size);
+
+    if (n == NGX_ERROR) {
+        ngx_close_connection(c);
+        ngx_destroy_pool(ctx->pool);
+        ngx_mail_session_internal_server_error(s);
+        return;
+    }
+
+    if (n > 0) {
+        ctx->request->pos += n;
+
+        if (n == size) {
+            wev->handler = ngx_mail_auth_http_dummy_handler;
+
+            if (wev->timer_set) {
+                ngx_del_timer(wev);
+            }
+
+            if (ngx_handle_write_event(wev, 0) != NGX_OK) {
+                ngx_close_connection(c);
+                ngx_destroy_pool(ctx->pool);
+                ngx_mail_session_internal_server_error(s);
+            }
+
+            return;
+        }
+    }
+
+    if (!wev->timer_set) {
+        ahcf = ngx_mail_get_module_srv_conf(s, ngx_mail_auth_http_module);
+        ngx_add_timer(wev, ahcf->timeout);
+    }
+}
+
+
+static void
+ngx_mail_auth_http_read_handler(ngx_event_t *rev)
+{
+    ssize_t                     n, size;
+    ngx_connection_t          *c;
+    ngx_mail_session_t        *s;
+    ngx_mail_auth_http_ctx_t  *ctx;
+
+    c = rev->data;
+    s = c->data;
+
+    ngx_log_debug0(NGX_LOG_DEBUG_MAIL, rev->log, 0,
+                   "mail auth http read handler");
+
+    ctx = ngx_mail_get_module_ctx(s, ngx_mail_auth_http_module);
+
+    if (rev->timedout) {
+        ngx_log_error(NGX_LOG_ERR, rev->log, NGX_ETIMEDOUT,
+                      "auth http server %V timed out", ctx->peer.name);
+        ngx_close_connection(c);
+        ngx_destroy_pool(ctx->pool);
+        ngx_mail_session_internal_server_error(s);
+        return;
+    }
+
+    if (ctx->response == NULL) {
+        ctx->response = ngx_create_temp_buf(ctx->pool, 1024);
+        if (ctx->response == NULL) {
+            ngx_close_connection(c);
+            ngx_destroy_pool(ctx->pool);
+            ngx_mail_session_internal_server_error(s);
+            return;
+        }
+    }
+
+    size = ctx->response->end - ctx->response->last;
+
+    n = ngx_recv(c, ctx->response->pos, size);
+
+    if (n > 0) {
+        ctx->response->last += n;
+
+        ctx->handler(s, ctx);
+        return;
+    }
+
+    if (n == NGX_AGAIN) {
+        return;
+    }
+
+    ngx_close_connection(c);
+    ngx_destroy_pool(ctx->pool);
+    ngx_mail_session_internal_server_error(s);
+}
+
+
+static void
+ngx_mail_auth_http_ignore_status_line(ngx_mail_session_t *s,
+    ngx_mail_auth_http_ctx_t *ctx)
+{
+    u_char  *p, ch;
+    enum  {
+        sw_start = 0,
+        sw_H,
+        sw_HT,
+        sw_HTT,
+        sw_HTTP,
+        sw_skip,
+        sw_almost_done
+    } state;
+
+    ngx_log_debug0(NGX_LOG_DEBUG_MAIL, s->connection->log, 0,
+                   "mail auth http process status line");
+
+    state = ctx->state;
+
+    for (p = ctx->response->pos; p < ctx->response->last; p++) {
+        ch = *p;
+
+        switch (state) {
+
+        /* "HTTP/" */
+        case sw_start:
+            if (ch == 'H') {
+                state = sw_H;
+                break;
+            }
+            goto next;
+
+        case sw_H:
+            if (ch == 'T') {
+                state = sw_HT;
+                break;
+            }
+            goto next;
+
+        case sw_HT:
+            if (ch == 'T') {
+                state = sw_HTT;
+                break;
+            }
+            goto next;
+
+        case sw_HTT:
+            if (ch == 'P') {
+                state = sw_HTTP;
+                break;
+            }
+            goto next;
+
+        case sw_HTTP:
+            if (ch == '/') {
+                state = sw_skip;
+                break;
+            }
+            goto next;
+
+        /* any text until end of line */
+        case sw_skip:
+            switch (ch) {
+            case CR:
+                state = sw_almost_done;
+
+                break;
+            case LF:
+                goto done;
+            }
+            break;
+
+        /* end of status line */
+        case sw_almost_done:
+            if (ch == LF) {
+                goto done;
+            }
+
+            ngx_log_error(NGX_LOG_ERR, s->connection->log, 0,
+                          "auth http server &V sent invalid response",
+                          ctx->peer.name);
+            ngx_close_connection(ctx->peer.connection);
+            ngx_destroy_pool(ctx->pool);
+            ngx_mail_session_internal_server_error(s);
+            return;
+        }
+    }
+
+    ctx->response->pos = p;
+    ctx->state = state;
+
+    return;
+
+next:
+
+    p = ctx->response->start - 1;
+
+done:
+
+    ctx->response->pos = p + 1;
+    ctx->state = 0;
+    ctx->handler = ngx_mail_auth_http_process_headers;
+    ctx->handler(s, ctx);
+}
+
+
+static void
+ngx_mail_auth_http_process_headers(ngx_mail_session_t *s,
+    ngx_mail_auth_http_ctx_t *ctx)
+{
+    u_char              *p;
+    time_t               timer;
+    size_t               len, size;
+    ngx_int_t            rc, port, n;
+    ngx_addr_t          *peer;
+    struct sockaddr_in  *sin;
+
+    ngx_log_debug0(NGX_LOG_DEBUG_MAIL, s->connection->log, 0,
+                   "mail auth http process headers");
+
+    for ( ;; ) {
+        rc = ngx_mail_auth_http_parse_header_line(s, ctx);
+
+        if (rc == NGX_OK) {
+
+#if (NGX_DEBUG)
+            {
+            ngx_str_t  key, value;
+
+            key.len = ctx->header_name_end - ctx->header_name_start;
+            key.data = ctx->header_name_start;
+            value.len = ctx->header_end - ctx->header_start;
+            value.data = ctx->header_start;
+
+            ngx_log_debug2(NGX_LOG_DEBUG_MAIL, s->connection->log, 0,
+                           "mail auth http header: \"%V: %V\"",
+                           &key, &value);
+            }
+#endif
+
+            len = ctx->header_name_end - ctx->header_name_start;
+
+            if (len == sizeof("Auth-Status") - 1
+                && ngx_strncasecmp(ctx->header_name_start,
+                                   (u_char *) "Auth-Status",
+                                   sizeof("Auth-Status") - 1)
+                   == 0)
+            {
+                len = ctx->header_end - ctx->header_start;
+
+                if (len == 2
+                    && ctx->header_start[0] == 'O'
+                    && ctx->header_start[1] == 'K')
+                {
+                    continue;
+                }
+
+                if (len == 4
+                    && ctx->header_start[0] == 'W'
+                    && ctx->header_start[1] == 'A'
+                    && ctx->header_start[2] == 'I'
+                    && ctx->header_start[3] == 'T')
+                {
+                    s->auth_wait = 1;
+                    continue;
+                }
+
+                ctx->errmsg.len = len;
+                ctx->errmsg.data = ctx->header_start;
+
+                switch (s->protocol) {
+
+                case NGX_MAIL_POP3_PROTOCOL:
+                    size = sizeof("-ERR ") - 1 + len + sizeof(CRLF) - 1;
+                    break;
+
+                case NGX_MAIL_IMAP_PROTOCOL:
+                    size = s->tag.len + sizeof("NO ") - 1 + len
+                           + sizeof(CRLF) - 1;
+                    break;
+
+                default: /* NGX_MAIL_SMTP_PROTOCOL */
+                    ctx->err = ctx->errmsg;
+                    continue;
+                }
+
+                p = ngx_pnalloc(s->connection->pool, size);
+                if (p == NULL) {
+                    ngx_close_connection(ctx->peer.connection);
+                    ngx_destroy_pool(ctx->pool);
+                    ngx_mail_session_internal_server_error(s);
+                    return;
+                }
+
+                ctx->err.data = p;
+
+                switch (s->protocol) {
+
+                case NGX_MAIL_POP3_PROTOCOL:
+                    *p++ = '-'; *p++ = 'E'; *p++ = 'R'; *p++ = 'R'; *p++ = ' ';
+                    break;
+
+                case NGX_MAIL_IMAP_PROTOCOL:
+                    p = ngx_cpymem(p, s->tag.data, s->tag.len);
+                    *p++ = 'N'; *p++ = 'O'; *p++ = ' ';
+                    break;
+
+                default: /* NGX_MAIL_SMTP_PROTOCOL */
+                    break;
+                }
+
+                p = ngx_cpymem(p, ctx->header_start, len);
+                *p++ = CR; *p++ = LF;
+
+                ctx->err.len = p - ctx->err.data;
+
+                continue;
+            }
+
+            if (len == sizeof("Auth-Server") - 1
+                && ngx_strncasecmp(ctx->header_name_start,
+                                   (u_char *) "Auth-Server",
+                                   sizeof("Auth-Server") - 1)
+                    == 0)
+            {
+                ctx->addr.len = ctx->header_end - ctx->header_start;
+                ctx->addr.data = ctx->header_start;
+
+                continue;
+            }
+
+            if (len == sizeof("Auth-Port") - 1
+                && ngx_strncasecmp(ctx->header_name_start,
+                                   (u_char *) "Auth-Port",
+                                   sizeof("Auth-Port") - 1)
+                   == 0)
+            {
+                ctx->port.len = ctx->header_end - ctx->header_start;
+                ctx->port.data = ctx->header_start;
+
+                continue;
+            }
+
+            if (len == sizeof("Auth-User") - 1
+                && ngx_strncasecmp(ctx->header_name_start,
+                                   (u_char *) "Auth-User",
+                                   sizeof("Auth-User") - 1)
+                   == 0)
+            {
+                s->login.len = ctx->header_end - ctx->header_start;
+
+                s->login.data = ngx_pnalloc(s->connection->pool, s->login.len);
+                if (s->login.data == NULL) {
+                    ngx_close_connection(ctx->peer.connection);
+                    ngx_destroy_pool(ctx->pool);
+                    ngx_mail_session_internal_server_error(s);
+                    return;
+                }
+
+                ngx_memcpy(s->login.data, ctx->header_start, s->login.len);
+
+                continue;
+            }
+
+            if (len == sizeof("Auth-Pass") - 1
+                && ngx_strncasecmp(ctx->header_name_start,
+                                   (u_char *) "Auth-Pass",
+                                   sizeof("Auth-Pass") - 1)
+                   == 0)
+            {
+                s->passwd.len = ctx->header_end - ctx->header_start;
+
+                s->passwd.data = ngx_pnalloc(s->connection->pool,
+                                             s->passwd.len);
+                if (s->passwd.data == NULL) {
+                    ngx_close_connection(ctx->peer.connection);
+                    ngx_destroy_pool(ctx->pool);
+                    ngx_mail_session_internal_server_error(s);
+                    return;
+                }
+
+                ngx_memcpy(s->passwd.data, ctx->header_start, s->passwd.len);
+
+                continue;
+            }
+
+            if (len == sizeof("Auth-Wait") - 1
+                && ngx_strncasecmp(ctx->header_name_start,
+                                   (u_char *) "Auth-Wait",
+                                   sizeof("Auth-Wait") - 1)
+                   == 0)
+            {
+                n = ngx_atoi(ctx->header_start,
+                             ctx->header_end - ctx->header_start);
+
+                if (n != NGX_ERROR) {
+                    ctx->sleep = n;
+                }
+
+                continue;
+            }
+
+            if (len == sizeof("Auth-Error-Code") - 1
+                && ngx_strncasecmp(ctx->header_name_start,
+                                   (u_char *) "Auth-Error-Code",
+                                   sizeof("Auth-Error-Code") - 1)
+                   == 0)
+            {
+                ctx->errcode.len = ctx->header_end - ctx->header_start;
+
+                ctx->errcode.data = ngx_pnalloc(s->connection->pool,
+                                                ctx->errcode.len);
+                if (ctx->errcode.data == NULL) {
+                    ngx_close_connection(ctx->peer.connection);
+                    ngx_destroy_pool(ctx->pool);
+                    ngx_mail_session_internal_server_error(s);
+                    return;
+                }
+
+                ngx_memcpy(ctx->errcode.data, ctx->header_start,
+                           ctx->errcode.len);
+
+                continue;
+            }
+
+            /* ignore other headers */
+
+            continue;
+        }
+
+        if (rc == NGX_DONE) {
+            ngx_log_debug0(NGX_LOG_DEBUG_MAIL, s->connection->log, 0,
+                           "mail auth http header done");
+
+            ngx_close_connection(ctx->peer.connection);
+
+            if (ctx->err.len) {
+
+                ngx_log_error(NGX_LOG_INFO, s->connection->log, 0,
+                              "client login failed: \"%V\"", &ctx->errmsg);
+
+                if (s->protocol == NGX_MAIL_SMTP_PROTOCOL) {
+
+                    if (ctx->errcode.len == 0) {
+                        ctx->errcode = ngx_mail_smtp_errcode;
+                    }
+
+                    ctx->err.len = ctx->errcode.len + ctx->errmsg.len
+                                   + sizeof(" " CRLF) - 1;
+
+                    p = ngx_pnalloc(s->connection->pool, ctx->err.len);
+                    if (p == NULL) {
+                        ngx_close_connection(ctx->peer.connection);
+                        ngx_destroy_pool(ctx->pool);
+                        ngx_mail_session_internal_server_error(s);
+                        return;
+                    }
+
+                    ctx->err.data = p;
+
+                    p = ngx_cpymem(p, ctx->errcode.data, ctx->errcode.len);
+                    *p++ = ' ';
+                    p = ngx_cpymem(p, ctx->errmsg.data, ctx->errmsg.len);
+                    *p++ = CR; *p = LF;
+                }
+
+                s->out = ctx->err;
+                timer = ctx->sleep;
+
+                ngx_destroy_pool(ctx->pool);
+
+                if (timer == 0) {
+                    s->quit = 1;
+                    ngx_mail_send(s->connection->write);
+                    return;
+                }
+
+                ngx_add_timer(s->connection->read, (ngx_msec_t) (timer * 1000));
+
+                s->connection->read->handler = ngx_mail_auth_sleep_handler;
+
+                return;
+            }
+
+            if (s->auth_wait) {
+                timer = ctx->sleep;
+
+                ngx_destroy_pool(ctx->pool);
+
+                if (timer == 0) {
+                    ngx_mail_auth_http_init(s);
+                    return;
+                }
+
+                ngx_add_timer(s->connection->read, (ngx_msec_t) (timer * 1000));
+
+                s->connection->read->handler = ngx_mail_auth_sleep_handler;
+
+                return;
+            }
+
+            if (ctx->addr.len == 0 || ctx->port.len == 0) {
+                ngx_log_error(NGX_LOG_ERR, s->connection->log, 0,
+                              "auth http server %V did not send server or port",
+                              ctx->peer.name);
+                ngx_destroy_pool(ctx->pool);
+                ngx_mail_session_internal_server_error(s);
+                return;
+            }
+
+            if (s->passwd.data == NULL
+                && s->protocol != NGX_MAIL_SMTP_PROTOCOL)
+            {
+                ngx_log_error(NGX_LOG_ERR, s->connection->log, 0,
+                              "auth http server %V did not send password",
+                              ctx->peer.name);
+                ngx_destroy_pool(ctx->pool);
+                ngx_mail_session_internal_server_error(s);
+                return;
+            }
+
+            peer = ngx_pcalloc(s->connection->pool, sizeof(ngx_addr_t));
+            if (peer == NULL) {
+                ngx_destroy_pool(ctx->pool);
+                ngx_mail_session_internal_server_error(s);
+                return;
+            }
+
+            /* AF_INET only */
+
+            sin = ngx_pcalloc(s->connection->pool, sizeof(struct sockaddr_in));
+            if (sin == NULL) {
+                ngx_destroy_pool(ctx->pool);
+                ngx_mail_session_internal_server_error(s);
+                return;
+            }
+
+            sin->sin_family = AF_INET;
+
+            port = ngx_atoi(ctx->port.data, ctx->port.len);
+            if (port == NGX_ERROR || port < 1 || port > 65535) {
+                ngx_log_error(NGX_LOG_ERR, s->connection->log, 0,
+                              "auth http server %V sent invalid server "
+                              "port:\"%V\"",
+                              ctx->peer.name, &ctx->port);
+                ngx_destroy_pool(ctx->pool);
+                ngx_mail_session_internal_server_error(s);
+                return;
+            }
+
+            sin->sin_port = htons((in_port_t) port);
+
+            sin->sin_addr.s_addr = ngx_inet_addr(ctx->addr.data, ctx->addr.len);
+            if (sin->sin_addr.s_addr == INADDR_NONE) {
+                ngx_log_error(NGX_LOG_ERR, s->connection->log, 0,
+                              "auth http server %V sent invalid server "
+                              "address:\"%V\"",
+                              ctx->peer.name, &ctx->addr);
+                ngx_destroy_pool(ctx->pool);
+                ngx_mail_session_internal_server_error(s);
+                return;
+            }
+
+            peer->sockaddr = (struct sockaddr *) sin;
+            peer->socklen = sizeof(struct sockaddr_in);
+
+            len = ctx->addr.len + 1 + ctx->port.len;
+
+            peer->name.len = len;
+
+            peer->name.data = ngx_pnalloc(s->connection->pool, len);
+            if (peer->name.data == NULL) {
+                ngx_destroy_pool(ctx->pool);
+                ngx_mail_session_internal_server_error(s);
+                return;
+            }
+
+            len = ctx->addr.len;
+
+            ngx_memcpy(peer->name.data, ctx->addr.data, len);
+
+            peer->name.data[len++] = ':';
+
+            ngx_memcpy(peer->name.data + len, ctx->port.data, ctx->port.len);
+
+            ngx_destroy_pool(ctx->pool);
+            ngx_mail_proxy_init(s, peer);
+
+            return;
+        }
+
+        if (rc == NGX_AGAIN ) {
+            return;
+        }
+
+        /* rc == NGX_ERROR */
+
+        ngx_log_error(NGX_LOG_ERR, s->connection->log, 0,
+                      "auth http server %V sent invalid header in response",
+                      ctx->peer.name);
+        ngx_close_connection(ctx->peer.connection);
+        ngx_destroy_pool(ctx->pool);
+        ngx_mail_session_internal_server_error(s);
+
+        return;
+    }
+}
+
+
+static void
+ngx_mail_auth_sleep_handler(ngx_event_t *rev)
+{
+    ngx_connection_t          *c;
+    ngx_mail_session_t        *s;
+    ngx_mail_core_srv_conf_t  *cscf;
+
+    ngx_log_debug0(NGX_LOG_DEBUG_MAIL, rev->log, 0, "mail auth sleep handler");
+
+    c = rev->data;
+    s = c->data;
+
+    if (rev->timedout) {
+
+        rev->timedout = 0;
+
+        if (s->auth_wait) {
+            s->auth_wait = 0;
+            ngx_mail_auth_http_init(s);
+            return;
+        }
+
+        cscf = ngx_mail_get_module_srv_conf(s, ngx_mail_core_module);
+
+        rev->handler = cscf->protocol->auth_state;
+
+        s->mail_state = 0;
+        s->auth_method = NGX_MAIL_AUTH_PLAIN;
+
+        c->log->action = "in auth state";
+
+        ngx_mail_send(c->write);
+
+        if (c->destroyed) {
+            return;
+        }
+
+        ngx_add_timer(rev, cscf->timeout);
+
+        if (rev->ready) {
+            rev->handler(rev);
+            return;
+        }
+
+        if (ngx_handle_read_event(rev, 0) != NGX_OK) {
+            ngx_mail_close_connection(c);
+        }
+
+        return;
+    }
+
+    if (rev->active) {
+        if (ngx_handle_read_event(rev, 0) != NGX_OK) {
+            ngx_mail_close_connection(c);
+        }
+    }
+}
+
+
+static ngx_int_t
+ngx_mail_auth_http_parse_header_line(ngx_mail_session_t *s,
+    ngx_mail_auth_http_ctx_t *ctx)
+{
+    u_char      c, ch, *p;
+    enum {
+        sw_start = 0,
+        sw_name,
+        sw_space_before_value,
+        sw_value,
+        sw_space_after_value,
+        sw_almost_done,
+        sw_header_almost_done
+    } state;
+
+    state = ctx->state;
+
+    for (p = ctx->response->pos; p < ctx->response->last; p++) {
+        ch = *p;
+
+        switch (state) {
+
+        /* first char */
+        case sw_start:
+
+            switch (ch) {
+            case CR:
+                ctx->header_end = p;
+                state = sw_header_almost_done;
+                break;
+            case LF:
+                ctx->header_end = p;
+                goto header_done;
+            default:
+                state = sw_name;
+                ctx->header_name_start = p;
+
+                c = (u_char) (ch | 0x20);
+                if (c >= 'a' && c <= 'z') {
+                    break;
+                }
+
+                if (ch >= '0' && ch <= '9') {
+                    break;
+                }
+
+                return NGX_ERROR;
+            }
+            break;
+
+        /* header name */
+        case sw_name:
+            c = (u_char) (ch | 0x20);
+            if (c >= 'a' && c <= 'z') {
+                break;
+            }
+
+            if (ch == ':') {
+                ctx->header_name_end = p;
+                state = sw_space_before_value;
+                break;
+            }
+
+            if (ch == '-') {
+                break;
+            }
+
+            if (ch >= '0' && ch <= '9') {
+                break;
+            }
+
+            if (ch == CR) {
+                ctx->header_name_end = p;
+                ctx->header_start = p;
+                ctx->header_end = p;
+                state = sw_almost_done;
+                break;
+            }
+
+            if (ch == LF) {
+                ctx->header_name_end = p;
+                ctx->header_start = p;
+                ctx->header_end = p;
+                goto done;
+            }
+
+            return NGX_ERROR;
+
+        /* space* before header value */
+        case sw_space_before_value:
+            switch (ch) {
+            case ' ':
+                break;
+            case CR:
+                ctx->header_start = p;
+                ctx->header_end = p;
+                state = sw_almost_done;
+                break;
+            case LF:
+                ctx->header_start = p;
+                ctx->header_end = p;
+                goto done;
+            default:
+                ctx->header_start = p;
+                state = sw_value;
+                break;
+            }
+            break;
+
+        /* header value */
+        case sw_value:
+            switch (ch) {
+            case ' ':
+                ctx->header_end = p;
+                state = sw_space_after_value;
+                break;
+            case CR:
+                ctx->header_end = p;
+                state = sw_almost_done;
+                break;
+            case LF:
+                ctx->header_end = p;
+                goto done;
+            }
+            break;
+
+        /* space* before end of header line */
+        case sw_space_after_value:
+            switch (ch) {
+            case ' ':
+                break;
+            case CR:
+                state = sw_almost_done;
+                break;
+            case LF:
+                goto done;
+            default:
+                state = sw_value;
+                break;
+            }
+            break;
+
+        /* end of header line */
+        case sw_almost_done:
+            switch (ch) {
+            case LF:
+                goto done;
+            default:
+                return NGX_ERROR;
+            }
+
+        /* end of header */
+        case sw_header_almost_done:
+            switch (ch) {
+            case LF:
+                goto header_done;
+            default:
+                return NGX_ERROR;
+            }
+        }
+    }
+
+    ctx->response->pos = p;
+    ctx->state = state;
+
+    return NGX_AGAIN;
+
+done:
+
+    ctx->response->pos = p + 1;
+    ctx->state = sw_start;
+
+    return NGX_OK;
+
+header_done:
+
+    ctx->response->pos = p + 1;
+    ctx->state = sw_start;
+
+    return NGX_DONE;
+}
+
+
+static void
+ngx_mail_auth_http_block_read(ngx_event_t *rev)
+{
+    ngx_connection_t          *c;
+    ngx_mail_session_t        *s;
+    ngx_mail_auth_http_ctx_t  *ctx;
+
+    ngx_log_debug0(NGX_LOG_DEBUG_MAIL, rev->log, 0,
+                   "mail auth http block read");
+
+    if (ngx_handle_read_event(rev, 0) != NGX_OK) {
+        c = rev->data;
+        s = c->data;
+
+        ctx = ngx_mail_get_module_ctx(s, ngx_mail_auth_http_module);
+
+        ngx_close_connection(ctx->peer.connection);
+        ngx_destroy_pool(ctx->pool);
+        ngx_mail_session_internal_server_error(s);
+    }
+}
+
+
+static void
+ngx_mail_auth_http_dummy_handler(ngx_event_t *ev)
+{
+    ngx_log_debug0(NGX_LOG_DEBUG_MAIL, ev->log, 0,
+                   "mail auth http dummy handler");
+}
+
+
+static ngx_buf_t *
+ngx_mail_auth_http_create_request(ngx_mail_session_t *s, ngx_pool_t *pool,
+    ngx_mail_auth_http_conf_t *ahcf)
+{
+    size_t                     len;
+    ngx_buf_t                 *b;
+    ngx_str_t                  login, passwd;
+    ngx_mail_core_srv_conf_t  *cscf;
+
+    if (ngx_mail_auth_http_escape(pool, &s->login, &login) != NGX_OK) {
+        return NULL;
+    }
+
+    if (ngx_mail_auth_http_escape(pool, &s->passwd, &passwd) != NGX_OK) {
+        return NULL;
+    }
+
+    cscf = ngx_mail_get_module_srv_conf(s, ngx_mail_core_module);
+
+    len = sizeof("GET ") - 1 + ahcf->uri.len + sizeof(" HTTP/1.0" CRLF) - 1
+          + sizeof("Host: ") - 1 + ahcf->host_header.len + sizeof(CRLF) - 1
+          + sizeof("Auth-Method: ") - 1
+                + ngx_mail_auth_http_method[s->auth_method].len
+                + sizeof(CRLF) - 1
+          + sizeof("Auth-User: ") - 1 + login.len + sizeof(CRLF) - 1
+          + sizeof("Auth-Pass: ") - 1 + passwd.len + sizeof(CRLF) - 1
+          + sizeof("Auth-Salt: ") - 1 + s->salt.len
+          + sizeof("Auth-Protocol: ") - 1 + cscf->protocol->name.len
+                + sizeof(CRLF) - 1
+          + sizeof("Auth-Login-Attempt: ") - 1 + NGX_INT_T_LEN
+                + sizeof(CRLF) - 1
+          + sizeof("Client-IP: ") - 1 + s->connection->addr_text.len
+                + sizeof(CRLF) - 1
+          + sizeof("Client-Host: ") - 1 + s->host.len + sizeof(CRLF) - 1
+          + sizeof("Auth-SMTP-Helo: ") - 1 + s->smtp_helo.len
+          + sizeof("Auth-SMTP-From: ") - 1 + s->smtp_from.len
+          + sizeof("Auth-SMTP-To: ") - 1 + s->smtp_to.len
+          + ahcf->header.len
+          + sizeof(CRLF) - 1;
+
+    b = ngx_create_temp_buf(pool, len);
+    if (b == NULL) {
+        return NULL;
+    }
+
+    b->last = ngx_cpymem(b->last, "GET ", sizeof("GET ") - 1);
+    b->last = ngx_copy(b->last, ahcf->uri.data, ahcf->uri.len);
+    b->last = ngx_cpymem(b->last, " HTTP/1.0" CRLF,
+                         sizeof(" HTTP/1.0" CRLF) - 1);
+
+    b->last = ngx_cpymem(b->last, "Host: ", sizeof("Host: ") - 1);
+    b->last = ngx_copy(b->last, ahcf->host_header.data,
+                         ahcf->host_header.len);
+    *b->last++ = CR; *b->last++ = LF;
+
+    b->last = ngx_cpymem(b->last, "Auth-Method: ",
+                         sizeof("Auth-Method: ") - 1);
+    b->last = ngx_cpymem(b->last,
+                         ngx_mail_auth_http_method[s->auth_method].data,
+                         ngx_mail_auth_http_method[s->auth_method].len);
+    *b->last++ = CR; *b->last++ = LF;
+
+    b->last = ngx_cpymem(b->last, "Auth-User: ", sizeof("Auth-User: ") - 1);
+    b->last = ngx_copy(b->last, login.data, login.len);
+    *b->last++ = CR; *b->last++ = LF;
+
+    b->last = ngx_cpymem(b->last, "Auth-Pass: ", sizeof("Auth-Pass: ") - 1);
+    b->last = ngx_copy(b->last, passwd.data, passwd.len);
+    *b->last++ = CR; *b->last++ = LF;
+
+    if (s->auth_method != NGX_MAIL_AUTH_PLAIN && s->salt.len) {
+        b->last = ngx_cpymem(b->last, "Auth-Salt: ", sizeof("Auth-Salt: ") - 1);
+        b->last = ngx_copy(b->last, s->salt.data, s->salt.len);
+
+        s->passwd.data = NULL;
+    }
+
+    b->last = ngx_cpymem(b->last, "Auth-Protocol: ",
+                         sizeof("Auth-Protocol: ") - 1);
+    b->last = ngx_cpymem(b->last, cscf->protocol->name.data,
+                         cscf->protocol->name.len);
+    *b->last++ = CR; *b->last++ = LF;
+
+    b->last = ngx_sprintf(b->last, "Auth-Login-Attempt: %ui" CRLF,
+                          s->login_attempt);
+
+    b->last = ngx_cpymem(b->last, "Client-IP: ", sizeof("Client-IP: ") - 1);
+    b->last = ngx_copy(b->last, s->connection->addr_text.data,
+                       s->connection->addr_text.len);
+    *b->last++ = CR; *b->last++ = LF;
+
+    if (s->host.len) {
+        b->last = ngx_cpymem(b->last, "Client-Host: ",
+                             sizeof("Client-Host: ") - 1);
+        b->last = ngx_copy(b->last, s->host.data, s->host.len);
+        *b->last++ = CR; *b->last++ = LF;
+    }
+
+    if (s->auth_method == NGX_MAIL_AUTH_NONE) {
+
+        /* HELO, MAIL FROM, and RCPT TO can't contain CRLF, no need to escape */
+
+        b->last = ngx_cpymem(b->last, "Auth-SMTP-Helo: ",
+                             sizeof("Auth-SMTP-Helo: ") - 1);
+        b->last = ngx_copy(b->last, s->smtp_helo.data, s->smtp_helo.len);
+        *b->last++ = CR; *b->last++ = LF;
+
+        b->last = ngx_cpymem(b->last, "Auth-SMTP-From: ",
+                             sizeof("Auth-SMTP-From: ") - 1);
+        b->last = ngx_copy(b->last, s->smtp_from.data, s->smtp_from.len);
+        *b->last++ = CR; *b->last++ = LF;
+
+        b->last = ngx_cpymem(b->last, "Auth-SMTP-To: ",
+                             sizeof("Auth-SMTP-To: ") - 1);
+        b->last = ngx_copy(b->last, s->smtp_to.data, s->smtp_to.len);
+        *b->last++ = CR; *b->last++ = LF;
+
+    }
+
+    if (ahcf->header.len) {
+        b->last = ngx_copy(b->last, ahcf->header.data, ahcf->header.len);
+    }
+
+    /* add "\r\n" at the header end */
+    *b->last++ = CR; *b->last++ = LF;
+
+#if (NGX_DEBUG_MAIL_PASSWD)
+    {
+    ngx_str_t  l;
+
+    l.len = b->last - b->pos;
+    l.data = b->pos;
+    ngx_log_debug1(NGX_LOG_DEBUG_MAIL, s->connection->log, 0,
+                   "mail auth http header:\n\"%V\"", &l);
+    }
+#endif
+
+    return b;
+}
+
+
+static ngx_int_t
+ngx_mail_auth_http_escape(ngx_pool_t *pool, ngx_str_t *text, ngx_str_t *escaped)
+{
+    u_char     *p;
+    uintptr_t   n;
+
+    n = ngx_escape_uri(NULL, text->data, text->len, NGX_ESCAPE_MAIL_AUTH);
+
+    if (n == 0) {
+        *escaped = *text;
+        return NGX_OK;
+    }
+
+    escaped->len = text->len + n * 2;
+
+    p = ngx_pnalloc(pool, escaped->len);
+    if (p == NULL) {
+        return NGX_ERROR;
+    }
+
+    (void) ngx_escape_uri(p, text->data, text->len, NGX_ESCAPE_MAIL_AUTH);
+
+    escaped->data = p;
+
+    return NGX_OK;
+}
+
+
+static void *
+ngx_mail_auth_http_create_conf(ngx_conf_t *cf)
+{
+    ngx_mail_auth_http_conf_t  *ahcf;
+
+    ahcf = ngx_pcalloc(cf->pool, sizeof(ngx_mail_auth_http_conf_t));
+    if (ahcf == NULL) {
+        return NULL;
+    }
+
+    ahcf->timeout = NGX_CONF_UNSET_MSEC;
+
+    ahcf->file = cf->conf_file->file.name.data;
+    ahcf->line = cf->conf_file->line;
+
+    return ahcf;
+}
+
+
+static char *
+ngx_mail_auth_http_merge_conf(ngx_conf_t *cf, void *parent, void *child)
+{
+    ngx_mail_auth_http_conf_t *prev = parent;
+    ngx_mail_auth_http_conf_t *conf = child;
+
+    u_char           *p;
+    size_t            len;
+    ngx_uint_t        i;
+    ngx_table_elt_t  *header;
+
+    if (conf->peer == NULL) {
+        conf->peer = prev->peer;
+        conf->host_header = prev->host_header;
+        conf->uri = prev->uri;
+
+        if (conf->peer == NULL) {
+            ngx_log_error(NGX_LOG_EMERG, cf->log, 0,
+                          "no \"http_auth\" is defined for server in %s:%ui",
+                          conf->file, conf->line);
+
+            return NGX_CONF_ERROR;
+        }
+    }
+
+    ngx_conf_merge_msec_value(conf->timeout, prev->timeout, 60000);
+
+    if (conf->headers == NULL) {
+        conf->headers = prev->headers;
+        conf->header = prev->header;
+    }
+
+    if (conf->headers && conf->header.len == 0) {
+        len = 0;
+        header = conf->headers->elts;
+        for (i = 0; i < conf->headers->nelts; i++) {
+            len += header[i].key.len + 2 + header[i].value.len + 2;
+        }
+
+        p = ngx_pnalloc(cf->pool, len);
+        if (p == NULL) {
+            return NGX_CONF_ERROR;
+        }
+
+        conf->header.len = len;
+        conf->header.data = p;
+
+        for (i = 0; i < conf->headers->nelts; i++) {
+            p = ngx_cpymem(p, header[i].key.data, header[i].key.len);
+            *p++ = ':'; *p++ = ' ';
+            p = ngx_cpymem(p, header[i].value.data, header[i].value.len);
+            *p++ = CR; *p++ = LF;
+        }
+    }
+
+    return NGX_CONF_OK;
+}
+
+
+static char *
+ngx_mail_auth_http(ngx_conf_t *cf, ngx_command_t *cmd, void *conf)
+{
+    ngx_mail_auth_http_conf_t *ahcf = conf;
+
+    ngx_str_t  *value;
+    ngx_url_t   u;
+
+    value = cf->args->elts;
+
+    ngx_memzero(&u, sizeof(ngx_url_t));
+
+    u.url = value[1];
+    u.default_port = 80;
+    u.uri_part = 1;
+    u.one_addr = 1;
+
+    if (ngx_strncmp(u.url.data, "http://", 7) == 0) {
+        u.url.len -= 7;
+        u.url.data += 7;
+    }
+
+    if (ngx_parse_url(cf->pool, &u) != NGX_OK) {
+        if (u.err) {
+            ngx_conf_log_error(NGX_LOG_EMERG, cf, 0,
+                               "%s in auth_http \"%V\"", u.err, &u.url);
+        }
+
+        return NGX_CONF_ERROR;
+    }
+
+    ahcf->peer = u.addrs;
+
+    if (u.family != AF_UNIX) {
+        ahcf->host_header = u.host;
+
+    } else {
+        ngx_str_set(&ahcf->host_header, "localhost");
+    }
+
+    ahcf->uri = u.uri;
+
+    if (ahcf->uri.len == 0) {
+        ngx_str_set(&ahcf->uri, "/");
+    }
+
+    return NGX_CONF_OK;
+}
+
+
+static char *
+ngx_mail_auth_http_header(ngx_conf_t *cf, ngx_command_t *cmd, void *conf)
+{
+    ngx_mail_auth_http_conf_t *ahcf = conf;
+
+    ngx_str_t        *value;
+    ngx_table_elt_t  *header;
+
+    if (ahcf->headers == NULL) {
+        ahcf->headers = ngx_array_create(cf->pool, 1, sizeof(ngx_table_elt_t));
+        if (ahcf->headers == NULL) {
+            return NGX_CONF_ERROR;
+        }
+    }
+
+    header = ngx_array_push(ahcf->headers);
+    if (header == NULL) {
+        return NGX_CONF_ERROR;
+    }
+
+    value = cf->args->elts;
+
+    header->key = value[1];
+    header->value = value[2];
+
+    return NGX_CONF_OK;
+}