Mercurial > hg > nginx
view src/core/ngx_proxy_protocol.h @ 9287:32d4582c484d
Mail: fixed EXTERNAL to be accepted only if enabled.
As originally implemented in 6774:bcb107bb89cd, it wasn't possible to
disable the EXTERNAL authentication method: it was always accepted
(but not advertised unless enabled). It is, however, believed that
it is better to reject attempts to use the disabled method, hence in
6869:b2915d99ee8d an attempt was made to address this. This attempt
was insufficient though: it was still possible to use the method as long
as initial SASL response was used.
With this patch both challenge-response and initial response forms are
disabled. Additionally, initial response handling for the PLAIN
authentication is removed from ngx_mail_auth_parse(), for consistency
and to don't provoke such bugs.
author | Maxim Dounin <mdounin@mdounin.ru> |
---|---|
date | Mon, 03 Jun 2024 18:03:05 +0300 |
parents | 17d6a537fb1b |
children |
line wrap: on
line source
/* * Copyright (C) Roman Arutyunyan * Copyright (C) Nginx, Inc. */ #ifndef _NGX_PROXY_PROTOCOL_H_INCLUDED_ #define _NGX_PROXY_PROTOCOL_H_INCLUDED_ #include <ngx_config.h> #include <ngx_core.h> #define NGX_PROXY_PROTOCOL_V1_MAX_HEADER 107 #define NGX_PROXY_PROTOCOL_MAX_HEADER 4096 struct ngx_proxy_protocol_s { ngx_str_t src_addr; ngx_str_t dst_addr; in_port_t src_port; in_port_t dst_port; ngx_str_t tlvs; }; u_char *ngx_proxy_protocol_read(ngx_connection_t *c, u_char *buf, u_char *last); u_char *ngx_proxy_protocol_write(ngx_connection_t *c, u_char *buf, u_char *last); ngx_int_t ngx_proxy_protocol_get_tlv(ngx_connection_t *c, ngx_str_t *name, ngx_str_t *value); #endif /* _NGX_PROXY_PROTOCOL_H_INCLUDED_ */