Mercurial > hg > nginx
comparison src/mail/ngx_mail_smtp_handler.c @ 6774:bcb107bb89cd
Mail: support SASL EXTERNAL (RFC 4422).
This is needed to allow TLS client certificate auth to work. With
ssl_verify_client configured, the auth daemon can choose to allow the
connection to proceed based on the certificate data.
This has been tested with Thunderbird for IMAP only. I've not yet found a
client that will do client certificate auth for POP3 or SMTP, and the method is
not really documented anywhere that I can find. That said, its simple enough
that the way I've done is probably right.
author | Rob N ★ <robn@fastmail.com> |
---|---|
date | Sat, 08 Oct 2016 18:05:00 +1100 |
parents | 2cd019520210 |
children | b2915d99ee8d |
comparison
equal
deleted
inserted
replaced
6773:73b451d304c0 | 6774:bcb107bb89cd |
---|---|
483 break; | 483 break; |
484 | 484 |
485 case ngx_smtp_auth_cram_md5: | 485 case ngx_smtp_auth_cram_md5: |
486 rc = ngx_mail_auth_cram_md5(s, c); | 486 rc = ngx_mail_auth_cram_md5(s, c); |
487 break; | 487 break; |
488 | |
489 case ngx_smtp_auth_external: | |
490 rc = ngx_mail_auth_external(s, c, 0); | |
491 break; | |
488 } | 492 } |
489 } | 493 } |
490 | 494 |
491 if (s->buffer->pos < s->buffer->last) { | 495 if (s->buffer->pos < s->buffer->last) { |
492 s->blocked = 1; | 496 s->blocked = 1; |
650 s->mail_state = ngx_smtp_auth_cram_md5; | 654 s->mail_state = ngx_smtp_auth_cram_md5; |
651 return NGX_OK; | 655 return NGX_OK; |
652 } | 656 } |
653 | 657 |
654 return NGX_ERROR; | 658 return NGX_ERROR; |
659 | |
660 case NGX_MAIL_AUTH_EXTERNAL: | |
661 | |
662 ngx_str_set(&s->out, smtp_username); | |
663 s->mail_state = ngx_smtp_auth_external; | |
664 | |
665 return NGX_OK; | |
655 } | 666 } |
656 | 667 |
657 return rc; | 668 return rc; |
658 } | 669 } |
659 | 670 |