Mercurial > hg > nginx
comparison src/mail/ngx_mail.h @ 9290:4538c1ffb0f8
Mail: added support for XOAUTH2 and OAUTHBEARER authentication.
This patch adds support for the OAUTHBEARER SASL mechanism as defined
by RFC 7628, as well as pre-RFC XOAUTH2 SASL mechanism. For both
mechanisms, the "Auth-User" header is set to the client identity
obtained from the initial SASL response sent by the client, and the
"Auth-Pass" header is set to the Bearer token itself.
The auth server may return the "Auth-Error-SASL" header, which is
passed to the client as an additional SASL challenge. It is expected
to contain mechanism-specific error details, base64-encoded. After
the client responds (with an empty SASL response for XAUTH2, or with
"AQ==" dummy response for OAUTHBEARER), the error message from the
"Auth-Status" header is sent.
Based on a patch by Rob Mueller.
| author | Maxim Dounin <mdounin@mdounin.ru> |
|---|---|
| date | Mon, 03 Jun 2024 18:03:11 +0300 |
| parents | d9a52ebb9b00 |
| children |
comparison
equal
deleted
inserted
replaced
| 9289:20017bff0de8 | 9290:4538c1ffb0f8 |
|---|---|
| 139 ngx_pop3_passwd, | 139 ngx_pop3_passwd, |
| 140 ngx_pop3_auth_login_username, | 140 ngx_pop3_auth_login_username, |
| 141 ngx_pop3_auth_login_password, | 141 ngx_pop3_auth_login_password, |
| 142 ngx_pop3_auth_plain, | 142 ngx_pop3_auth_plain, |
| 143 ngx_pop3_auth_cram_md5, | 143 ngx_pop3_auth_cram_md5, |
| 144 ngx_pop3_auth_external | 144 ngx_pop3_auth_external, |
| 145 ngx_pop3_auth_xoauth2, | |
| 146 ngx_pop3_auth_oauthbearer | |
| 145 } ngx_pop3_state_e; | 147 } ngx_pop3_state_e; |
| 146 | 148 |
| 147 | 149 |
| 148 typedef enum { | 150 typedef enum { |
| 149 ngx_imap_start = 0, | 151 ngx_imap_start = 0, |
| 150 ngx_imap_auth_login_username, | 152 ngx_imap_auth_login_username, |
| 151 ngx_imap_auth_login_password, | 153 ngx_imap_auth_login_password, |
| 152 ngx_imap_auth_plain, | 154 ngx_imap_auth_plain, |
| 153 ngx_imap_auth_cram_md5, | 155 ngx_imap_auth_cram_md5, |
| 154 ngx_imap_auth_external, | 156 ngx_imap_auth_external, |
| 157 ngx_imap_auth_xoauth2, | |
| 158 ngx_imap_auth_oauthbearer, | |
| 155 ngx_imap_login, | 159 ngx_imap_login, |
| 156 ngx_imap_user, | 160 ngx_imap_user, |
| 157 ngx_imap_passwd | 161 ngx_imap_passwd |
| 158 } ngx_imap_state_e; | 162 } ngx_imap_state_e; |
| 159 | 163 |
| 163 ngx_smtp_auth_login_username, | 167 ngx_smtp_auth_login_username, |
| 164 ngx_smtp_auth_login_password, | 168 ngx_smtp_auth_login_password, |
| 165 ngx_smtp_auth_plain, | 169 ngx_smtp_auth_plain, |
| 166 ngx_smtp_auth_cram_md5, | 170 ngx_smtp_auth_cram_md5, |
| 167 ngx_smtp_auth_external, | 171 ngx_smtp_auth_external, |
| 172 ngx_smtp_auth_xoauth2, | |
| 173 ngx_smtp_auth_oauthbearer, | |
| 168 ngx_smtp_helo, | 174 ngx_smtp_helo, |
| 169 ngx_smtp_helo_xclient, | 175 ngx_smtp_helo_xclient, |
| 170 ngx_smtp_helo_auth, | 176 ngx_smtp_helo_auth, |
| 171 ngx_smtp_helo_from, | 177 ngx_smtp_helo_from, |
| 172 ngx_smtp_xclient, | 178 ngx_smtp_xclient, |
| 210 unsigned quoted:1; | 216 unsigned quoted:1; |
| 211 unsigned backslash:1; | 217 unsigned backslash:1; |
| 212 unsigned no_sync_literal:1; | 218 unsigned no_sync_literal:1; |
| 213 unsigned starttls:1; | 219 unsigned starttls:1; |
| 214 unsigned esmtp:1; | 220 unsigned esmtp:1; |
| 215 unsigned auth_method:3; | 221 unsigned auth_method:4; |
| 216 unsigned auth_wait:1; | 222 unsigned auth_wait:1; |
| 223 unsigned auth_quit:1; | |
| 217 | 224 |
| 218 ngx_str_t login; | 225 ngx_str_t login; |
| 219 ngx_str_t passwd; | 226 ngx_str_t passwd; |
| 220 | 227 |
| 221 ngx_str_t salt; | 228 ngx_str_t salt; |
| 226 ngx_str_t *addr_text; | 233 ngx_str_t *addr_text; |
| 227 ngx_str_t host; | 234 ngx_str_t host; |
| 228 ngx_str_t smtp_helo; | 235 ngx_str_t smtp_helo; |
| 229 ngx_str_t smtp_from; | 236 ngx_str_t smtp_from; |
| 230 ngx_str_t smtp_to; | 237 ngx_str_t smtp_to; |
| 238 | |
| 239 ngx_str_t auth_err; | |
| 231 | 240 |
| 232 ngx_str_t cmd; | 241 ngx_str_t cmd; |
| 233 | 242 |
| 234 ngx_uint_t command; | 243 ngx_uint_t command; |
| 235 ngx_array_t args; | 244 ngx_array_t args; |
| 301 #define NGX_MAIL_AUTH_LOGIN 1 | 310 #define NGX_MAIL_AUTH_LOGIN 1 |
| 302 #define NGX_MAIL_AUTH_LOGIN_USERNAME 2 | 311 #define NGX_MAIL_AUTH_LOGIN_USERNAME 2 |
| 303 #define NGX_MAIL_AUTH_APOP 3 | 312 #define NGX_MAIL_AUTH_APOP 3 |
| 304 #define NGX_MAIL_AUTH_CRAM_MD5 4 | 313 #define NGX_MAIL_AUTH_CRAM_MD5 4 |
| 305 #define NGX_MAIL_AUTH_EXTERNAL 5 | 314 #define NGX_MAIL_AUTH_EXTERNAL 5 |
| 306 #define NGX_MAIL_AUTH_NONE 6 | 315 #define NGX_MAIL_AUTH_XOAUTH2 6 |
| 307 | 316 #define NGX_MAIL_AUTH_OAUTHBEARER 7 |
| 308 | 317 #define NGX_MAIL_AUTH_NONE 8 |
| 309 #define NGX_MAIL_AUTH_PLAIN_ENABLED 0x0002 | 318 |
| 310 #define NGX_MAIL_AUTH_LOGIN_ENABLED 0x0004 | 319 |
| 311 #define NGX_MAIL_AUTH_APOP_ENABLED 0x0008 | 320 #define NGX_MAIL_AUTH_PLAIN_ENABLED 0x0002 |
| 312 #define NGX_MAIL_AUTH_CRAM_MD5_ENABLED 0x0010 | 321 #define NGX_MAIL_AUTH_LOGIN_ENABLED 0x0004 |
| 313 #define NGX_MAIL_AUTH_EXTERNAL_ENABLED 0x0020 | 322 #define NGX_MAIL_AUTH_APOP_ENABLED 0x0008 |
| 314 #define NGX_MAIL_AUTH_NONE_ENABLED 0x0040 | 323 #define NGX_MAIL_AUTH_CRAM_MD5_ENABLED 0x0010 |
| 324 #define NGX_MAIL_AUTH_EXTERNAL_ENABLED 0x0020 | |
| 325 #define NGX_MAIL_AUTH_XOAUTH2_ENABLED 0x0040 | |
| 326 #define NGX_MAIL_AUTH_OAUTHBEARER_ENABLED 0x0080 | |
| 327 #define NGX_MAIL_AUTH_NONE_ENABLED 0x0100 | |
| 315 | 328 |
| 316 | 329 |
| 317 #define NGX_MAIL_PARSE_INVALID_COMMAND 20 | 330 #define NGX_MAIL_PARSE_INVALID_COMMAND 20 |
| 318 | 331 |
| 319 | 332 |
| 397 ngx_int_t ngx_mail_auth_cram_md5_salt(ngx_mail_session_t *s, | 410 ngx_int_t ngx_mail_auth_cram_md5_salt(ngx_mail_session_t *s, |
| 398 ngx_connection_t *c, char *prefix, size_t len); | 411 ngx_connection_t *c, char *prefix, size_t len); |
| 399 ngx_int_t ngx_mail_auth_cram_md5(ngx_mail_session_t *s, ngx_connection_t *c); | 412 ngx_int_t ngx_mail_auth_cram_md5(ngx_mail_session_t *s, ngx_connection_t *c); |
| 400 ngx_int_t ngx_mail_auth_external(ngx_mail_session_t *s, ngx_connection_t *c, | 413 ngx_int_t ngx_mail_auth_external(ngx_mail_session_t *s, ngx_connection_t *c, |
| 401 ngx_uint_t n); | 414 ngx_uint_t n); |
| 415 ngx_int_t ngx_mail_auth_xoauth2(ngx_mail_session_t *s, ngx_connection_t *c, | |
| 416 ngx_uint_t n); | |
| 417 ngx_int_t ngx_mail_auth_oauthbearer(ngx_mail_session_t *s, ngx_connection_t *c, | |
| 418 ngx_uint_t n); | |
| 402 ngx_int_t ngx_mail_auth_parse(ngx_mail_session_t *s, ngx_connection_t *c); | 419 ngx_int_t ngx_mail_auth_parse(ngx_mail_session_t *s, ngx_connection_t *c); |
| 403 | 420 |
| 404 void ngx_mail_send(ngx_event_t *wev); | 421 void ngx_mail_send(ngx_event_t *wev); |
| 405 ngx_int_t ngx_mail_read_command(ngx_mail_session_t *s, ngx_connection_t *c); | 422 ngx_int_t ngx_mail_read_command(ngx_mail_session_t *s, ngx_connection_t *c); |
| 406 void ngx_mail_auth(ngx_mail_session_t *s, ngx_connection_t *c); | 423 void ngx_mail_auth(ngx_mail_session_t *s, ngx_connection_t *c); |