Mercurial > hg > nginx
comparison src/mail/ngx_mail_smtp_module.c @ 9290:4538c1ffb0f8
Mail: added support for XOAUTH2 and OAUTHBEARER authentication.
This patch adds support for the OAUTHBEARER SASL mechanism as defined
by RFC 7628, as well as pre-RFC XOAUTH2 SASL mechanism. For both
mechanisms, the "Auth-User" header is set to the client identity
obtained from the initial SASL response sent by the client, and the
"Auth-Pass" header is set to the Bearer token itself.
The auth server may return the "Auth-Error-SASL" header, which is
passed to the client as an additional SASL challenge. It is expected
to contain mechanism-specific error details, base64-encoded. After
the client responds (with an empty SASL response for XAUTH2, or with
"AQ==" dummy response for OAUTHBEARER), the error message from the
"Auth-Status" header is sent.
Based on a patch by Rob Mueller.
author | Maxim Dounin <mdounin@mdounin.ru> |
---|---|
date | Mon, 03 Jun 2024 18:03:11 +0300 |
parents | dc955d274130 |
children |
comparison
equal
deleted
inserted
replaced
9289:20017bff0de8 | 9290:4538c1ffb0f8 |
---|---|
20 static ngx_conf_bitmask_t ngx_mail_smtp_auth_methods[] = { | 20 static ngx_conf_bitmask_t ngx_mail_smtp_auth_methods[] = { |
21 { ngx_string("plain"), NGX_MAIL_AUTH_PLAIN_ENABLED }, | 21 { ngx_string("plain"), NGX_MAIL_AUTH_PLAIN_ENABLED }, |
22 { ngx_string("login"), NGX_MAIL_AUTH_LOGIN_ENABLED }, | 22 { ngx_string("login"), NGX_MAIL_AUTH_LOGIN_ENABLED }, |
23 { ngx_string("cram-md5"), NGX_MAIL_AUTH_CRAM_MD5_ENABLED }, | 23 { ngx_string("cram-md5"), NGX_MAIL_AUTH_CRAM_MD5_ENABLED }, |
24 { ngx_string("external"), NGX_MAIL_AUTH_EXTERNAL_ENABLED }, | 24 { ngx_string("external"), NGX_MAIL_AUTH_EXTERNAL_ENABLED }, |
25 { ngx_string("xoauth2"), NGX_MAIL_AUTH_XOAUTH2_ENABLED }, | |
26 { ngx_string("oauthbearer"), NGX_MAIL_AUTH_OAUTHBEARER_ENABLED }, | |
25 { ngx_string("none"), NGX_MAIL_AUTH_NONE_ENABLED }, | 27 { ngx_string("none"), NGX_MAIL_AUTH_NONE_ENABLED }, |
26 { ngx_null_string, 0 } | 28 { ngx_null_string, 0 } |
27 }; | 29 }; |
28 | 30 |
29 | 31 |
31 ngx_string("PLAIN"), | 33 ngx_string("PLAIN"), |
32 ngx_string("LOGIN"), | 34 ngx_string("LOGIN"), |
33 ngx_null_string, /* APOP */ | 35 ngx_null_string, /* APOP */ |
34 ngx_string("CRAM-MD5"), | 36 ngx_string("CRAM-MD5"), |
35 ngx_string("EXTERNAL"), | 37 ngx_string("EXTERNAL"), |
38 ngx_string("XOAUTH2"), | |
39 ngx_string("OAUTHBEARER"), | |
36 ngx_null_string /* NONE */ | 40 ngx_null_string /* NONE */ |
37 }; | 41 }; |
38 | 42 |
39 | 43 |
40 static ngx_mail_protocol_t ngx_mail_smtp_protocol = { | 44 static ngx_mail_protocol_t ngx_mail_smtp_protocol = { |
208 } | 212 } |
209 | 213 |
210 auth_enabled = 0; | 214 auth_enabled = 0; |
211 | 215 |
212 for (m = NGX_MAIL_AUTH_PLAIN_ENABLED, i = 0; | 216 for (m = NGX_MAIL_AUTH_PLAIN_ENABLED, i = 0; |
213 m <= NGX_MAIL_AUTH_EXTERNAL_ENABLED; | 217 m < NGX_MAIL_AUTH_NONE_ENABLED; |
214 m <<= 1, i++) | 218 m <<= 1, i++) |
215 { | 219 { |
216 if (m & conf->auth_methods) { | 220 if (m & conf->auth_methods) { |
217 size += 1 + ngx_mail_smtp_auth_methods_names[i].len; | 221 size += 1 + ngx_mail_smtp_auth_methods_names[i].len; |
218 auth_enabled = 1; | 222 auth_enabled = 1; |
251 | 255 |
252 *p++ = '2'; *p++ = '5'; *p++ = '0'; *p++ = ' '; | 256 *p++ = '2'; *p++ = '5'; *p++ = '0'; *p++ = ' '; |
253 *p++ = 'A'; *p++ = 'U'; *p++ = 'T'; *p++ = 'H'; | 257 *p++ = 'A'; *p++ = 'U'; *p++ = 'T'; *p++ = 'H'; |
254 | 258 |
255 for (m = NGX_MAIL_AUTH_PLAIN_ENABLED, i = 0; | 259 for (m = NGX_MAIL_AUTH_PLAIN_ENABLED, i = 0; |
256 m <= NGX_MAIL_AUTH_EXTERNAL_ENABLED; | 260 m < NGX_MAIL_AUTH_NONE_ENABLED; |
257 m <<= 1, i++) | 261 m <<= 1, i++) |
258 { | 262 { |
259 if (m & conf->auth_methods) { | 263 if (m & conf->auth_methods) { |
260 *p++ = ' '; | 264 *p++ = ' '; |
261 p = ngx_cpymem(p, ngx_mail_smtp_auth_methods_names[i].data, | 265 p = ngx_cpymem(p, ngx_mail_smtp_auth_methods_names[i].data, |