Mercurial > hg > nginx
diff src/mail/ngx_mail_smtp_module.c @ 9290:4538c1ffb0f8
Mail: added support for XOAUTH2 and OAUTHBEARER authentication.
This patch adds support for the OAUTHBEARER SASL mechanism as defined
by RFC 7628, as well as pre-RFC XOAUTH2 SASL mechanism. For both
mechanisms, the "Auth-User" header is set to the client identity
obtained from the initial SASL response sent by the client, and the
"Auth-Pass" header is set to the Bearer token itself.
The auth server may return the "Auth-Error-SASL" header, which is
passed to the client as an additional SASL challenge. It is expected
to contain mechanism-specific error details, base64-encoded. After
the client responds (with an empty SASL response for XAUTH2, or with
"AQ==" dummy response for OAUTHBEARER), the error message from the
"Auth-Status" header is sent.
Based on a patch by Rob Mueller.
author | Maxim Dounin <mdounin@mdounin.ru> |
---|---|
date | Mon, 03 Jun 2024 18:03:11 +0300 |
parents | dc955d274130 |
children |
line wrap: on
line diff
--- a/src/mail/ngx_mail_smtp_module.c Mon Jun 03 18:03:09 2024 +0300 +++ b/src/mail/ngx_mail_smtp_module.c Mon Jun 03 18:03:11 2024 +0300 @@ -22,6 +22,8 @@ { ngx_string("login"), NGX_MAIL_AUTH_LOGIN_ENABLED }, { ngx_string("cram-md5"), NGX_MAIL_AUTH_CRAM_MD5_ENABLED }, { ngx_string("external"), NGX_MAIL_AUTH_EXTERNAL_ENABLED }, + { ngx_string("xoauth2"), NGX_MAIL_AUTH_XOAUTH2_ENABLED }, + { ngx_string("oauthbearer"), NGX_MAIL_AUTH_OAUTHBEARER_ENABLED }, { ngx_string("none"), NGX_MAIL_AUTH_NONE_ENABLED }, { ngx_null_string, 0 } }; @@ -33,6 +35,8 @@ ngx_null_string, /* APOP */ ngx_string("CRAM-MD5"), ngx_string("EXTERNAL"), + ngx_string("XOAUTH2"), + ngx_string("OAUTHBEARER"), ngx_null_string /* NONE */ }; @@ -210,7 +214,7 @@ auth_enabled = 0; for (m = NGX_MAIL_AUTH_PLAIN_ENABLED, i = 0; - m <= NGX_MAIL_AUTH_EXTERNAL_ENABLED; + m < NGX_MAIL_AUTH_NONE_ENABLED; m <<= 1, i++) { if (m & conf->auth_methods) { @@ -253,7 +257,7 @@ *p++ = 'A'; *p++ = 'U'; *p++ = 'T'; *p++ = 'H'; for (m = NGX_MAIL_AUTH_PLAIN_ENABLED, i = 0; - m <= NGX_MAIL_AUTH_EXTERNAL_ENABLED; + m < NGX_MAIL_AUTH_NONE_ENABLED; m <<= 1, i++) { if (m & conf->auth_methods) {