Mercurial > hg > nginx
comparison src/mail/ngx_mail_smtp_handler.c @ 9290:4538c1ffb0f8
Mail: added support for XOAUTH2 and OAUTHBEARER authentication.
This patch adds support for the OAUTHBEARER SASL mechanism as defined
by RFC 7628, as well as pre-RFC XOAUTH2 SASL mechanism. For both
mechanisms, the "Auth-User" header is set to the client identity
obtained from the initial SASL response sent by the client, and the
"Auth-Pass" header is set to the Bearer token itself.
The auth server may return the "Auth-Error-SASL" header, which is
passed to the client as an additional SASL challenge. It is expected
to contain mechanism-specific error details, base64-encoded. After
the client responds (with an empty SASL response for XAUTH2, or with
"AQ==" dummy response for OAUTHBEARER), the error message from the
"Auth-Status" header is sent.
Based on a patch by Rob Mueller.
author | Maxim Dounin <mdounin@mdounin.ru> |
---|---|
date | Mon, 03 Jun 2024 18:03:11 +0300 |
parents | 32d4582c484d |
children |
comparison
equal
deleted
inserted
replaced
9289:20017bff0de8 | 9290:4538c1ffb0f8 |
---|---|
546 break; | 546 break; |
547 | 547 |
548 case ngx_smtp_auth_external: | 548 case ngx_smtp_auth_external: |
549 rc = ngx_mail_auth_external(s, c, 0); | 549 rc = ngx_mail_auth_external(s, c, 0); |
550 break; | 550 break; |
551 | |
552 case ngx_smtp_auth_xoauth2: | |
553 rc = ngx_mail_auth_xoauth2(s, c, 0); | |
554 break; | |
555 | |
556 case ngx_smtp_auth_oauthbearer: | |
557 rc = ngx_mail_auth_oauthbearer(s, c, 0); | |
558 break; | |
551 } | 559 } |
552 } | 560 } |
553 | 561 |
554 if (s->buffer->pos < s->buffer->last || c->read->ready) { | 562 if (s->buffer->pos < s->buffer->last || c->read->ready) { |
555 s->blocked = 1; | 563 s->blocked = 1; |
743 | 751 |
744 ngx_str_set(&s->out, smtp_username); | 752 ngx_str_set(&s->out, smtp_username); |
745 s->mail_state = ngx_smtp_auth_external; | 753 s->mail_state = ngx_smtp_auth_external; |
746 | 754 |
747 return NGX_OK; | 755 return NGX_OK; |
756 | |
757 case NGX_MAIL_AUTH_XOAUTH2: | |
758 | |
759 if (!(sscf->auth_methods & NGX_MAIL_AUTH_XOAUTH2_ENABLED)) { | |
760 return NGX_MAIL_PARSE_INVALID_COMMAND; | |
761 } | |
762 | |
763 if (s->args.nelts == 2) { | |
764 s->mail_state = ngx_smtp_auth_xoauth2; | |
765 return ngx_mail_auth_xoauth2(s, c, 1); | |
766 } | |
767 | |
768 ngx_str_set(&s->out, smtp_next); | |
769 s->mail_state = ngx_smtp_auth_xoauth2; | |
770 | |
771 return NGX_OK; | |
772 | |
773 case NGX_MAIL_AUTH_OAUTHBEARER: | |
774 | |
775 if (!(sscf->auth_methods & NGX_MAIL_AUTH_OAUTHBEARER_ENABLED)) { | |
776 return NGX_MAIL_PARSE_INVALID_COMMAND; | |
777 } | |
778 | |
779 if (s->args.nelts == 2) { | |
780 s->mail_state = ngx_smtp_auth_oauthbearer; | |
781 return ngx_mail_auth_oauthbearer(s, c, 1); | |
782 } | |
783 | |
784 ngx_str_set(&s->out, smtp_next); | |
785 s->mail_state = ngx_smtp_auth_oauthbearer; | |
786 | |
787 return NGX_OK; | |
748 } | 788 } |
749 | 789 |
750 return rc; | 790 return rc; |
751 } | 791 } |
752 | 792 |