Mercurial > hg > nginx
comparison src/mail/ngx_mail_pop3_handler.c @ 9290:4538c1ffb0f8
Mail: added support for XOAUTH2 and OAUTHBEARER authentication.
This patch adds support for the OAUTHBEARER SASL mechanism as defined
by RFC 7628, as well as pre-RFC XOAUTH2 SASL mechanism. For both
mechanisms, the "Auth-User" header is set to the client identity
obtained from the initial SASL response sent by the client, and the
"Auth-Pass" header is set to the Bearer token itself.
The auth server may return the "Auth-Error-SASL" header, which is
passed to the client as an additional SASL challenge. It is expected
to contain mechanism-specific error details, base64-encoded. After
the client responds (with an empty SASL response for XAUTH2, or with
"AQ==" dummy response for OAUTHBEARER), the error message from the
"Auth-Status" header is sent.
Based on a patch by Rob Mueller.
| author | Maxim Dounin <mdounin@mdounin.ru> |
|---|---|
| date | Mon, 03 Jun 2024 18:03:11 +0300 |
| parents | 32d4582c484d |
| children |
comparison
equal
deleted
inserted
replaced
| 9289:20017bff0de8 | 9290:4538c1ffb0f8 |
|---|---|
| 258 break; | 258 break; |
| 259 | 259 |
| 260 case ngx_pop3_auth_external: | 260 case ngx_pop3_auth_external: |
| 261 rc = ngx_mail_auth_external(s, c, 0); | 261 rc = ngx_mail_auth_external(s, c, 0); |
| 262 break; | 262 break; |
| 263 | |
| 264 case ngx_pop3_auth_xoauth2: | |
| 265 rc = ngx_mail_auth_xoauth2(s, c, 0); | |
| 266 break; | |
| 267 | |
| 268 case ngx_pop3_auth_oauthbearer: | |
| 269 rc = ngx_mail_auth_oauthbearer(s, c, 0); | |
| 270 break; | |
| 263 } | 271 } |
| 264 } | 272 } |
| 265 | 273 |
| 266 if (s->buffer->pos < s->buffer->last || c->read->ready) { | 274 if (s->buffer->pos < s->buffer->last || c->read->ready) { |
| 267 s->blocked = 1; | 275 s->blocked = 1; |
| 551 | 559 |
| 552 ngx_str_set(&s->out, pop3_username); | 560 ngx_str_set(&s->out, pop3_username); |
| 553 s->mail_state = ngx_pop3_auth_external; | 561 s->mail_state = ngx_pop3_auth_external; |
| 554 | 562 |
| 555 return NGX_OK; | 563 return NGX_OK; |
| 564 | |
| 565 case NGX_MAIL_AUTH_XOAUTH2: | |
| 566 | |
| 567 if (!(pscf->auth_methods & NGX_MAIL_AUTH_XOAUTH2_ENABLED)) { | |
| 568 return NGX_MAIL_PARSE_INVALID_COMMAND; | |
| 569 } | |
| 570 | |
| 571 if (s->args.nelts == 2) { | |
| 572 s->mail_state = ngx_pop3_auth_xoauth2; | |
| 573 return ngx_mail_auth_xoauth2(s, c, 1); | |
| 574 } | |
| 575 | |
| 576 ngx_str_set(&s->out, pop3_next); | |
| 577 s->mail_state = ngx_pop3_auth_xoauth2; | |
| 578 | |
| 579 return NGX_OK; | |
| 580 | |
| 581 case NGX_MAIL_AUTH_OAUTHBEARER: | |
| 582 | |
| 583 if (!(pscf->auth_methods & NGX_MAIL_AUTH_OAUTHBEARER_ENABLED)) { | |
| 584 return NGX_MAIL_PARSE_INVALID_COMMAND; | |
| 585 } | |
| 586 | |
| 587 if (s->args.nelts == 2) { | |
| 588 s->mail_state = ngx_pop3_auth_oauthbearer; | |
| 589 return ngx_mail_auth_oauthbearer(s, c, 1); | |
| 590 } | |
| 591 | |
| 592 ngx_str_set(&s->out, pop3_next); | |
| 593 s->mail_state = ngx_pop3_auth_oauthbearer; | |
| 594 | |
| 595 return NGX_OK; | |
| 556 } | 596 } |
| 557 | 597 |
| 558 return rc; | 598 return rc; |
| 559 } | 599 } |