Mercurial > hg > nginx
comparison src/mail/ngx_mail_parse.c @ 9290:4538c1ffb0f8
Mail: added support for XOAUTH2 and OAUTHBEARER authentication.
This patch adds support for the OAUTHBEARER SASL mechanism as defined
by RFC 7628, as well as pre-RFC XOAUTH2 SASL mechanism. For both
mechanisms, the "Auth-User" header is set to the client identity
obtained from the initial SASL response sent by the client, and the
"Auth-Pass" header is set to the Bearer token itself.
The auth server may return the "Auth-Error-SASL" header, which is
passed to the client as an additional SASL challenge. It is expected
to contain mechanism-specific error details, base64-encoded. After
the client responds (with an empty SASL response for XAUTH2, or with
"AQ==" dummy response for OAUTHBEARER), the error message from the
"Auth-Status" header is sent.
Based on a patch by Rob Mueller.
author | Maxim Dounin <mdounin@mdounin.ru> |
---|---|
date | Mon, 03 Jun 2024 18:03:11 +0300 |
parents | 20017bff0de8 |
children |
comparison
equal
deleted
inserted
replaced
9289:20017bff0de8 | 9290:4538c1ffb0f8 |
---|---|
951 } | 951 } |
952 | 952 |
953 return NGX_MAIL_PARSE_INVALID_COMMAND; | 953 return NGX_MAIL_PARSE_INVALID_COMMAND; |
954 } | 954 } |
955 | 955 |
956 if (arg[0].len == 7) { | |
957 | |
958 if (ngx_strncasecmp(arg[0].data, (u_char *) "XOAUTH2", 7) == 0) { | |
959 | |
960 if (s->args.nelts == 1 || s->args.nelts == 2) { | |
961 return NGX_MAIL_AUTH_XOAUTH2; | |
962 } | |
963 | |
964 return NGX_MAIL_PARSE_INVALID_COMMAND; | |
965 } | |
966 | |
967 return NGX_MAIL_PARSE_INVALID_COMMAND; | |
968 } | |
969 | |
956 if (arg[0].len == 8) { | 970 if (arg[0].len == 8) { |
957 | 971 |
958 if (ngx_strncasecmp(arg[0].data, (u_char *) "CRAM-MD5", 8) == 0) { | 972 if (ngx_strncasecmp(arg[0].data, (u_char *) "CRAM-MD5", 8) == 0) { |
959 | 973 |
960 if (s->args.nelts != 1) { | 974 if (s->args.nelts != 1) { |
974 } | 988 } |
975 | 989 |
976 return NGX_MAIL_PARSE_INVALID_COMMAND; | 990 return NGX_MAIL_PARSE_INVALID_COMMAND; |
977 } | 991 } |
978 | 992 |
993 if (arg[0].len == 11) { | |
994 | |
995 if (ngx_strncasecmp(arg[0].data, (u_char *) "OAUTHBEARER", 11) == 0) { | |
996 | |
997 if (s->args.nelts == 1 || s->args.nelts == 2) { | |
998 return NGX_MAIL_AUTH_OAUTHBEARER; | |
999 } | |
1000 | |
1001 return NGX_MAIL_PARSE_INVALID_COMMAND; | |
1002 } | |
1003 | |
1004 return NGX_MAIL_PARSE_INVALID_COMMAND; | |
1005 } | |
1006 | |
979 return NGX_MAIL_PARSE_INVALID_COMMAND; | 1007 return NGX_MAIL_PARSE_INVALID_COMMAND; |
980 } | 1008 } |