Mercurial > hg > nginx
diff src/mail/ngx_mail_imap_handler.c @ 9290:4538c1ffb0f8
Mail: added support for XOAUTH2 and OAUTHBEARER authentication.
This patch adds support for the OAUTHBEARER SASL mechanism as defined
by RFC 7628, as well as pre-RFC XOAUTH2 SASL mechanism. For both
mechanisms, the "Auth-User" header is set to the client identity
obtained from the initial SASL response sent by the client, and the
"Auth-Pass" header is set to the Bearer token itself.
The auth server may return the "Auth-Error-SASL" header, which is
passed to the client as an additional SASL challenge. It is expected
to contain mechanism-specific error details, base64-encoded. After
the client responds (with an empty SASL response for XAUTH2, or with
"AQ==" dummy response for OAUTHBEARER), the error message from the
"Auth-Status" header is sent.
Based on a patch by Rob Mueller.
author | Maxim Dounin <mdounin@mdounin.ru> |
---|---|
date | Mon, 03 Jun 2024 18:03:11 +0300 |
parents | 32d4582c484d |
children |
line wrap: on
line diff
--- a/src/mail/ngx_mail_imap_handler.c Mon Jun 03 18:03:09 2024 +0300 +++ b/src/mail/ngx_mail_imap_handler.c Mon Jun 03 18:03:11 2024 +0300 @@ -220,6 +220,14 @@ case ngx_imap_auth_external: rc = ngx_mail_auth_external(s, c, 0); break; + + case ngx_imap_auth_xoauth2: + rc = ngx_mail_auth_xoauth2(s, c, 0); + break; + + case ngx_imap_auth_oauthbearer: + rc = ngx_mail_auth_oauthbearer(s, c, 0); + break; } } else if (rc == NGX_IMAP_NEXT) { @@ -432,6 +440,38 @@ s->mail_state = ngx_imap_auth_external; return NGX_OK; + + case NGX_MAIL_AUTH_XOAUTH2: + + if (!(iscf->auth_methods & NGX_MAIL_AUTH_XOAUTH2_ENABLED)) { + return NGX_MAIL_PARSE_INVALID_COMMAND; + } + + if (s->args.nelts == 2) { + s->mail_state = ngx_imap_auth_xoauth2; + return ngx_mail_auth_xoauth2(s, c, 1); + } + + ngx_str_set(&s->out, imap_plain_next); + s->mail_state = ngx_imap_auth_xoauth2; + + return NGX_OK; + + case NGX_MAIL_AUTH_OAUTHBEARER: + + if (!(iscf->auth_methods & NGX_MAIL_AUTH_OAUTHBEARER_ENABLED)) { + return NGX_MAIL_PARSE_INVALID_COMMAND; + } + + if (s->args.nelts == 2) { + s->mail_state = ngx_imap_auth_oauthbearer; + return ngx_mail_auth_oauthbearer(s, c, 1); + } + + ngx_str_set(&s->out, imap_plain_next); + s->mail_state = ngx_imap_auth_oauthbearer; + + return NGX_OK; } return rc;