Mercurial > hg > nginx
comparison src/mail/ngx_mail.h @ 9290:4538c1ffb0f8
Mail: added support for XOAUTH2 and OAUTHBEARER authentication.
This patch adds support for the OAUTHBEARER SASL mechanism as defined
by RFC 7628, as well as pre-RFC XOAUTH2 SASL mechanism. For both
mechanisms, the "Auth-User" header is set to the client identity
obtained from the initial SASL response sent by the client, and the
"Auth-Pass" header is set to the Bearer token itself.
The auth server may return the "Auth-Error-SASL" header, which is
passed to the client as an additional SASL challenge. It is expected
to contain mechanism-specific error details, base64-encoded. After
the client responds (with an empty SASL response for XAUTH2, or with
"AQ==" dummy response for OAUTHBEARER), the error message from the
"Auth-Status" header is sent.
Based on a patch by Rob Mueller.
author | Maxim Dounin <mdounin@mdounin.ru> |
---|---|
date | Mon, 03 Jun 2024 18:03:11 +0300 |
parents | d9a52ebb9b00 |
children |
comparison
equal
deleted
inserted
replaced
9289:20017bff0de8 | 9290:4538c1ffb0f8 |
---|---|
139 ngx_pop3_passwd, | 139 ngx_pop3_passwd, |
140 ngx_pop3_auth_login_username, | 140 ngx_pop3_auth_login_username, |
141 ngx_pop3_auth_login_password, | 141 ngx_pop3_auth_login_password, |
142 ngx_pop3_auth_plain, | 142 ngx_pop3_auth_plain, |
143 ngx_pop3_auth_cram_md5, | 143 ngx_pop3_auth_cram_md5, |
144 ngx_pop3_auth_external | 144 ngx_pop3_auth_external, |
145 ngx_pop3_auth_xoauth2, | |
146 ngx_pop3_auth_oauthbearer | |
145 } ngx_pop3_state_e; | 147 } ngx_pop3_state_e; |
146 | 148 |
147 | 149 |
148 typedef enum { | 150 typedef enum { |
149 ngx_imap_start = 0, | 151 ngx_imap_start = 0, |
150 ngx_imap_auth_login_username, | 152 ngx_imap_auth_login_username, |
151 ngx_imap_auth_login_password, | 153 ngx_imap_auth_login_password, |
152 ngx_imap_auth_plain, | 154 ngx_imap_auth_plain, |
153 ngx_imap_auth_cram_md5, | 155 ngx_imap_auth_cram_md5, |
154 ngx_imap_auth_external, | 156 ngx_imap_auth_external, |
157 ngx_imap_auth_xoauth2, | |
158 ngx_imap_auth_oauthbearer, | |
155 ngx_imap_login, | 159 ngx_imap_login, |
156 ngx_imap_user, | 160 ngx_imap_user, |
157 ngx_imap_passwd | 161 ngx_imap_passwd |
158 } ngx_imap_state_e; | 162 } ngx_imap_state_e; |
159 | 163 |
163 ngx_smtp_auth_login_username, | 167 ngx_smtp_auth_login_username, |
164 ngx_smtp_auth_login_password, | 168 ngx_smtp_auth_login_password, |
165 ngx_smtp_auth_plain, | 169 ngx_smtp_auth_plain, |
166 ngx_smtp_auth_cram_md5, | 170 ngx_smtp_auth_cram_md5, |
167 ngx_smtp_auth_external, | 171 ngx_smtp_auth_external, |
172 ngx_smtp_auth_xoauth2, | |
173 ngx_smtp_auth_oauthbearer, | |
168 ngx_smtp_helo, | 174 ngx_smtp_helo, |
169 ngx_smtp_helo_xclient, | 175 ngx_smtp_helo_xclient, |
170 ngx_smtp_helo_auth, | 176 ngx_smtp_helo_auth, |
171 ngx_smtp_helo_from, | 177 ngx_smtp_helo_from, |
172 ngx_smtp_xclient, | 178 ngx_smtp_xclient, |
210 unsigned quoted:1; | 216 unsigned quoted:1; |
211 unsigned backslash:1; | 217 unsigned backslash:1; |
212 unsigned no_sync_literal:1; | 218 unsigned no_sync_literal:1; |
213 unsigned starttls:1; | 219 unsigned starttls:1; |
214 unsigned esmtp:1; | 220 unsigned esmtp:1; |
215 unsigned auth_method:3; | 221 unsigned auth_method:4; |
216 unsigned auth_wait:1; | 222 unsigned auth_wait:1; |
223 unsigned auth_quit:1; | |
217 | 224 |
218 ngx_str_t login; | 225 ngx_str_t login; |
219 ngx_str_t passwd; | 226 ngx_str_t passwd; |
220 | 227 |
221 ngx_str_t salt; | 228 ngx_str_t salt; |
226 ngx_str_t *addr_text; | 233 ngx_str_t *addr_text; |
227 ngx_str_t host; | 234 ngx_str_t host; |
228 ngx_str_t smtp_helo; | 235 ngx_str_t smtp_helo; |
229 ngx_str_t smtp_from; | 236 ngx_str_t smtp_from; |
230 ngx_str_t smtp_to; | 237 ngx_str_t smtp_to; |
238 | |
239 ngx_str_t auth_err; | |
231 | 240 |
232 ngx_str_t cmd; | 241 ngx_str_t cmd; |
233 | 242 |
234 ngx_uint_t command; | 243 ngx_uint_t command; |
235 ngx_array_t args; | 244 ngx_array_t args; |
301 #define NGX_MAIL_AUTH_LOGIN 1 | 310 #define NGX_MAIL_AUTH_LOGIN 1 |
302 #define NGX_MAIL_AUTH_LOGIN_USERNAME 2 | 311 #define NGX_MAIL_AUTH_LOGIN_USERNAME 2 |
303 #define NGX_MAIL_AUTH_APOP 3 | 312 #define NGX_MAIL_AUTH_APOP 3 |
304 #define NGX_MAIL_AUTH_CRAM_MD5 4 | 313 #define NGX_MAIL_AUTH_CRAM_MD5 4 |
305 #define NGX_MAIL_AUTH_EXTERNAL 5 | 314 #define NGX_MAIL_AUTH_EXTERNAL 5 |
306 #define NGX_MAIL_AUTH_NONE 6 | 315 #define NGX_MAIL_AUTH_XOAUTH2 6 |
307 | 316 #define NGX_MAIL_AUTH_OAUTHBEARER 7 |
308 | 317 #define NGX_MAIL_AUTH_NONE 8 |
309 #define NGX_MAIL_AUTH_PLAIN_ENABLED 0x0002 | 318 |
310 #define NGX_MAIL_AUTH_LOGIN_ENABLED 0x0004 | 319 |
311 #define NGX_MAIL_AUTH_APOP_ENABLED 0x0008 | 320 #define NGX_MAIL_AUTH_PLAIN_ENABLED 0x0002 |
312 #define NGX_MAIL_AUTH_CRAM_MD5_ENABLED 0x0010 | 321 #define NGX_MAIL_AUTH_LOGIN_ENABLED 0x0004 |
313 #define NGX_MAIL_AUTH_EXTERNAL_ENABLED 0x0020 | 322 #define NGX_MAIL_AUTH_APOP_ENABLED 0x0008 |
314 #define NGX_MAIL_AUTH_NONE_ENABLED 0x0040 | 323 #define NGX_MAIL_AUTH_CRAM_MD5_ENABLED 0x0010 |
324 #define NGX_MAIL_AUTH_EXTERNAL_ENABLED 0x0020 | |
325 #define NGX_MAIL_AUTH_XOAUTH2_ENABLED 0x0040 | |
326 #define NGX_MAIL_AUTH_OAUTHBEARER_ENABLED 0x0080 | |
327 #define NGX_MAIL_AUTH_NONE_ENABLED 0x0100 | |
315 | 328 |
316 | 329 |
317 #define NGX_MAIL_PARSE_INVALID_COMMAND 20 | 330 #define NGX_MAIL_PARSE_INVALID_COMMAND 20 |
318 | 331 |
319 | 332 |
397 ngx_int_t ngx_mail_auth_cram_md5_salt(ngx_mail_session_t *s, | 410 ngx_int_t ngx_mail_auth_cram_md5_salt(ngx_mail_session_t *s, |
398 ngx_connection_t *c, char *prefix, size_t len); | 411 ngx_connection_t *c, char *prefix, size_t len); |
399 ngx_int_t ngx_mail_auth_cram_md5(ngx_mail_session_t *s, ngx_connection_t *c); | 412 ngx_int_t ngx_mail_auth_cram_md5(ngx_mail_session_t *s, ngx_connection_t *c); |
400 ngx_int_t ngx_mail_auth_external(ngx_mail_session_t *s, ngx_connection_t *c, | 413 ngx_int_t ngx_mail_auth_external(ngx_mail_session_t *s, ngx_connection_t *c, |
401 ngx_uint_t n); | 414 ngx_uint_t n); |
415 ngx_int_t ngx_mail_auth_xoauth2(ngx_mail_session_t *s, ngx_connection_t *c, | |
416 ngx_uint_t n); | |
417 ngx_int_t ngx_mail_auth_oauthbearer(ngx_mail_session_t *s, ngx_connection_t *c, | |
418 ngx_uint_t n); | |
402 ngx_int_t ngx_mail_auth_parse(ngx_mail_session_t *s, ngx_connection_t *c); | 419 ngx_int_t ngx_mail_auth_parse(ngx_mail_session_t *s, ngx_connection_t *c); |
403 | 420 |
404 void ngx_mail_send(ngx_event_t *wev); | 421 void ngx_mail_send(ngx_event_t *wev); |
405 ngx_int_t ngx_mail_read_command(ngx_mail_session_t *s, ngx_connection_t *c); | 422 ngx_int_t ngx_mail_read_command(ngx_mail_session_t *s, ngx_connection_t *c); |
406 void ngx_mail_auth(ngx_mail_session_t *s, ngx_connection_t *c); | 423 void ngx_mail_auth(ngx_mail_session_t *s, ngx_connection_t *c); |