diff --git a/lib/Test/Nginx/SMTP.pm b/lib/Test/Nginx/SMTP.pm index f088f5fe..aaf84d81 100644 --- a/lib/Test/Nginx/SMTP.pm +++ b/lib/Test/Nginx/SMTP.pm @@ -150,8 +150,14 @@ sub socket { ############################################################################### +sub fail { + my ($client, $reason) = @_; + print $client '500 failed: ' . $reason . CRLF; + $client->close(); +} + sub smtp_test_daemon { - my ($port) = @_; + my ($port, $with_auth) = @_; my $proxy_protocol; my $server = IO::Socket::INET->new( @@ -167,6 +173,7 @@ sub smtp_test_daemon { print $client "220 fake esmtp server ready" . CRLF; $proxy_protocol = ''; + my $authenticated = 0; while (<$client>) { Test::Nginx::log_core('||', $_); @@ -177,8 +184,15 @@ sub smtp_test_daemon { print $client '250 hello ok' . CRLF; } elsif (/^rset/i) { print $client '250 rset ok' . CRLF; + } elsif (/^auth/i and not $with_auth) { + fail($client, "No authentication expected"); } elsif (/^auth plain/i) { print $client '235 auth ok' . CRLF; + $authenticated = 1; + } elsif (/^mail/i and $with_auth and not $authenticated) { + fail($client, "Authentication expected"); + } elsif (/^rcpt/i and $with_auth and not $authenticated) { + fail($client, "Authentication expected"); } elsif (/^mail from:[^@]+$/i) { print $client '500 mail from error' . CRLF; } elsif (/^mail from:/i) { diff --git a/mail_proxy_protocol.t b/mail_proxy_protocol.t index d4f4852d..3c318bc0 100644 --- a/mail_proxy_protocol.t +++ b/mail_proxy_protocol.t @@ -91,7 +91,7 @@ http { EOF -$t->run_daemon(\&Test::Nginx::SMTP::smtp_test_daemon); +$t->run_daemon(\&Test::Nginx::SMTP::smtp_test_daemon, port(8026), 1); $t->run()->plan(8); $t->waitforsocket('127.0.0.1:' . port(8026)); diff --git a/mail_proxy_smtp_auth.t b/mail_proxy_smtp_auth.t index 4eb92b94..16040d90 100644 --- a/mail_proxy_smtp_auth.t +++ b/mail_proxy_smtp_auth.t @@ -75,7 +75,7 @@ http { EOF -$t->run_daemon(\&Test::Nginx::SMTP::smtp_test_daemon); +$t->run_daemon(\&Test::Nginx::SMTP::smtp_test_daemon, port(8026), 1); $t->run()->plan(7); $t->waitforsocket('127.0.0.1:' . port(8026)); diff --git a/mail_proxy_smtp_auth_none.t b/mail_proxy_smtp_auth_none.t new file mode 100644 index 00000000..f6a4d7db --- /dev/null +++ b/mail_proxy_smtp_auth_none.t @@ -0,0 +1,149 @@ +#!/usr/bin/perl + +# (C) Sergey Kandaurov +# (C) Nginx, Inc. + +# Tests for nginx mail proxy module, the proxy_smtp_auth directive. + +############################################################################### + +use warnings; +use strict; + +use Test::More; + +use MIME::Base64; + +BEGIN { use FindBin; chdir($FindBin::Bin); } + +use lib 'lib'; +use Test::Nginx; +use Test::Nginx::SMTP; + +############################################################################### + +select STDERR; $| = 1; +select STDOUT; $| = 1; + +local $SIG{PIPE} = 'IGNORE'; + +my $t = Test::Nginx->new()->has(qw/mail smtp http rewrite/) + ->write_file_expand('nginx.conf', <<'EOF'); + +%%TEST_GLOBALS%% + +daemon off; + +events { +} + +mail { + proxy_pass_error_message on; + proxy_timeout 15s; + proxy_smtp_auth on; + auth_http http://127.0.0.1:8080/mail/auth; + smtp_auth login plain external; + + server { + listen 127.0.0.1:8025; + protocol smtp; + } + + server { + listen 127.0.0.1:8027; + protocol smtp; + xclient off; + } +} + +http { + %%TEST_GLOBALS_HTTP%% + + server { + listen 127.0.0.1:8080; + server_name localhost; + + location = /mail/auth { + add_header Auth-Status OK; + add_header Auth-Server 127.0.0.1; + add_header Auth-Port %%PORT_8026%%; + add_header Auth-Wait 1; + add_header Auth-Method none; + return 204; + } + } +} + +EOF + +$t->run_daemon(\&Test::Nginx::SMTP::smtp_test_daemon, port(8026), 0); +$t->run()->plan(7); + +$t->waitforsocket('127.0.0.1:' . port(8026)); + +############################################################################### + +# The following combinations may be sent to backend with proxy_smtp_auth on: +# +# ehlo, xclient, auth +# ehlo, xclient, helo, auth +# ehlo, xclient, ehlo, auth +# helo, auth +# ehlo, auth +# +# Test them in order. + +# ehlo, xclient, auth + +my $s = Test::Nginx::SMTP->new(); +$s->read(); +$s->send('AUTH PLAIN ' . encode_base64("\0test\@example.com\0secret", '')); +$s->authok('ehlo, xclient, auth'); + +# ehlo, xclient, helo, auth + +$s = Test::Nginx::SMTP->new(); +$s->read(); +$s->send('HELO example.com'); +$s->read(); +$s->send('AUTH PLAIN ' . encode_base64("\0test\@example.com\0secret", '')); +$s->authok('ehlo, xclient, helo, auth'); + +# ehlo, xclient, ehlo, auth + +$s = Test::Nginx::SMTP->new(); +$s->read(); +$s->send('EHLO example.com'); +$s->read(); +$s->send('AUTH PLAIN ' . encode_base64("\0test\@example.com\0secret", '')); +$s->authok('ehlo, xclient, ehlo, auth'); + +# helo, auth + +$s = Test::Nginx::SMTP->new(PeerAddr => '127.0.0.1:' . port(8027)); +$s->read(); +$s->send('AUTH PLAIN ' . encode_base64("\0test\@example.com\0secret", '')); +$s->authok('helo, auth'); + +# ehlo, auth + +$s = Test::Nginx::SMTP->new(PeerAddr => '127.0.0.1:' . port(8027)); +$s->read(); +$s->send('EHLO example.com'); +$s->read(); +$s->send('AUTH PLAIN ' . encode_base64("\0test\@example.com\0secret", '')); +$s->authok('ehlo, auth'); + +# Try auth external + +$s = Test::Nginx::SMTP->new(); +$s->read(); +$s->send('EHLO example.com'); +$s->read(); + +$s->send('AUTH EXTERNAL'); +$s->check(qr/^334 VXNlcm5hbWU6/, 'auth external challenge'); +$s->send(encode_base64('test@example.com', '')); +$s->authok('auth external'); + +###############################################################################