nginx: src/mail/ngx_mail_parse.c comparison

comparison src/mail/ngx_mail_parse.c @ 9290:4538c1ffb0f8

Mail: added support for XOAUTH2 and OAUTHBEARER authentication. This patch adds support for the OAUTHBEARER SASL mechanism as defined by RFC 7628, as well as pre-RFC XOAUTH2 SASL mechanism. For both mechanisms, the "Auth-User" header is set to the client identity obtained from the initial SASL response sent by the client, and the "Auth-Pass" header is set to the Bearer token itself. The auth server may return the "Auth-Error-SASL" header, which is passed to the client as an additional SASL challenge. It is expected to contain mechanism-specific error details, base64-encoded. After the client responds (with an empty SASL response for XAUTH2, or with "AQ==" dummy response for OAUTHBEARER), the error message from the "Auth-Status" header is sent. Based on a patch by Rob Mueller.

author	Maxim Dounin <mdounin@mdounin.ru>
date	Mon, 03 Jun 2024 18:03:11 +0300
parents	20017bff0de8
children

comparison

equal deleted inserted replaced

-:20017bff0de8
+:4538c1ffb0f8
 }
 return NGX_MAIL_PARSE_INVALID_COMMAND;
 }
+if (arg[0].len == 7) {
+if (ngx_strncasecmp(arg[0].data, (u_char *) "XOAUTH2", 7) == 0) {
+if (s->args.nelts == 1 || s->args.nelts == 2) {
+return NGX_MAIL_AUTH_XOAUTH2;
+}
+return NGX_MAIL_PARSE_INVALID_COMMAND;
+}
+return NGX_MAIL_PARSE_INVALID_COMMAND;
+}
 if (arg[0].len == 8) {
 if (ngx_strncasecmp(arg[0].data, (u_char *) "CRAM-MD5", 8) == 0) {
 if (s->args.nelts != 1) {
 }
 return NGX_MAIL_PARSE_INVALID_COMMAND;
 }
+if (arg[0].len == 11) {
+if (ngx_strncasecmp(arg[0].data, (u_char *) "OAUTHBEARER", 11) == 0) {
+if (s->args.nelts == 1 || s->args.nelts == 2) {
+return NGX_MAIL_AUTH_OAUTHBEARER;
+}
+return NGX_MAIL_PARSE_INVALID_COMMAND;
+}
+return NGX_MAIL_PARSE_INVALID_COMMAND;
+}
 return NGX_MAIL_PARSE_INVALID_COMMAND;
 }

Mercurial > hg > nginx

comparison src/mail/ngx_mail_parse.c @ 9290:4538c1ffb0f8