Mercurial > hg > nginx
comparison src/mail/ngx_mail_pop3_module.c @ 9290:4538c1ffb0f8
Mail: added support for XOAUTH2 and OAUTHBEARER authentication.
This patch adds support for the OAUTHBEARER SASL mechanism as defined
by RFC 7628, as well as pre-RFC XOAUTH2 SASL mechanism. For both
mechanisms, the "Auth-User" header is set to the client identity
obtained from the initial SASL response sent by the client, and the
"Auth-Pass" header is set to the Bearer token itself.
The auth server may return the "Auth-Error-SASL" header, which is
passed to the client as an additional SASL challenge. It is expected
to contain mechanism-specific error details, base64-encoded. After
the client responds (with an empty SASL response for XAUTH2, or with
"AQ==" dummy response for OAUTHBEARER), the error message from the
"Auth-Status" header is sent.
Based on a patch by Rob Mueller.
| author | Maxim Dounin <mdounin@mdounin.ru> |
|---|---|
| date | Mon, 03 Jun 2024 18:03:11 +0300 |
| parents | dc955d274130 |
| children |
comparison
equal
deleted
inserted
replaced
| 9289:20017bff0de8 | 9290:4538c1ffb0f8 |
|---|---|
| 28 static ngx_conf_bitmask_t ngx_mail_pop3_auth_methods[] = { | 28 static ngx_conf_bitmask_t ngx_mail_pop3_auth_methods[] = { |
| 29 { ngx_string("plain"), NGX_MAIL_AUTH_PLAIN_ENABLED }, | 29 { ngx_string("plain"), NGX_MAIL_AUTH_PLAIN_ENABLED }, |
| 30 { ngx_string("apop"), NGX_MAIL_AUTH_APOP_ENABLED }, | 30 { ngx_string("apop"), NGX_MAIL_AUTH_APOP_ENABLED }, |
| 31 { ngx_string("cram-md5"), NGX_MAIL_AUTH_CRAM_MD5_ENABLED }, | 31 { ngx_string("cram-md5"), NGX_MAIL_AUTH_CRAM_MD5_ENABLED }, |
| 32 { ngx_string("external"), NGX_MAIL_AUTH_EXTERNAL_ENABLED }, | 32 { ngx_string("external"), NGX_MAIL_AUTH_EXTERNAL_ENABLED }, |
| 33 { ngx_string("xoauth2"), NGX_MAIL_AUTH_XOAUTH2_ENABLED }, | |
| 34 { ngx_string("oauthbearer"), NGX_MAIL_AUTH_OAUTHBEARER_ENABLED }, | |
| 33 { ngx_null_string, 0 } | 35 { ngx_null_string, 0 } |
| 34 }; | 36 }; |
| 35 | 37 |
| 36 | 38 |
| 37 static ngx_str_t ngx_mail_pop3_auth_methods_names[] = { | 39 static ngx_str_t ngx_mail_pop3_auth_methods_names[] = { |
| 38 ngx_string("PLAIN"), | 40 ngx_string("PLAIN"), |
| 39 ngx_string("LOGIN"), | 41 ngx_string("LOGIN"), |
| 40 ngx_null_string, /* APOP */ | 42 ngx_null_string, /* APOP */ |
| 41 ngx_string("CRAM-MD5"), | 43 ngx_string("CRAM-MD5"), |
| 42 ngx_string("EXTERNAL"), | 44 ngx_string("EXTERNAL"), |
| 45 ngx_string("XOAUTH2"), | |
| 46 ngx_string("OAUTHBEARER"), | |
| 43 ngx_null_string /* NONE */ | 47 ngx_null_string /* NONE */ |
| 44 }; | 48 }; |
| 45 | 49 |
| 46 | 50 |
| 47 static ngx_mail_protocol_t ngx_mail_pop3_protocol = { | 51 static ngx_mail_protocol_t ngx_mail_pop3_protocol = { |
| 181 } | 185 } |
| 182 | 186 |
| 183 size += sizeof("SASL") - 1 + sizeof(CRLF) - 1; | 187 size += sizeof("SASL") - 1 + sizeof(CRLF) - 1; |
| 184 | 188 |
| 185 for (m = NGX_MAIL_AUTH_PLAIN_ENABLED, i = 0; | 189 for (m = NGX_MAIL_AUTH_PLAIN_ENABLED, i = 0; |
| 186 m <= NGX_MAIL_AUTH_EXTERNAL_ENABLED; | 190 m < NGX_MAIL_AUTH_NONE_ENABLED; |
| 187 m <<= 1, i++) | 191 m <<= 1, i++) |
| 188 { | 192 { |
| 189 if (ngx_mail_pop3_auth_methods_names[i].len == 0) { | 193 if (ngx_mail_pop3_auth_methods_names[i].len == 0) { |
| 190 continue; | 194 continue; |
| 191 } | 195 } |
| 212 } | 216 } |
| 213 | 217 |
| 214 p = ngx_cpymem(p, "SASL", sizeof("SASL") - 1); | 218 p = ngx_cpymem(p, "SASL", sizeof("SASL") - 1); |
| 215 | 219 |
| 216 for (m = NGX_MAIL_AUTH_PLAIN_ENABLED, i = 0; | 220 for (m = NGX_MAIL_AUTH_PLAIN_ENABLED, i = 0; |
| 217 m <= NGX_MAIL_AUTH_EXTERNAL_ENABLED; | 221 m < NGX_MAIL_AUTH_NONE_ENABLED; |
| 218 m <<= 1, i++) | 222 m <<= 1, i++) |
| 219 { | 223 { |
| 220 if (ngx_mail_pop3_auth_methods_names[i].len == 0) { | 224 if (ngx_mail_pop3_auth_methods_names[i].len == 0) { |
| 221 continue; | 225 continue; |
| 222 } | 226 } |
| 252 | 256 |
| 253 size = sizeof("+OK methods supported:" CRLF) - 1 | 257 size = sizeof("+OK methods supported:" CRLF) - 1 |
| 254 + sizeof("." CRLF) - 1; | 258 + sizeof("." CRLF) - 1; |
| 255 | 259 |
| 256 for (m = NGX_MAIL_AUTH_PLAIN_ENABLED, i = 0; | 260 for (m = NGX_MAIL_AUTH_PLAIN_ENABLED, i = 0; |
| 257 m <= NGX_MAIL_AUTH_EXTERNAL_ENABLED; | 261 m < NGX_MAIL_AUTH_NONE_ENABLED; |
| 258 m <<= 1, i++) | 262 m <<= 1, i++) |
| 259 { | 263 { |
| 260 if (ngx_mail_pop3_auth_methods_names[i].len == 0) { | 264 if (ngx_mail_pop3_auth_methods_names[i].len == 0) { |
| 261 continue; | 265 continue; |
| 262 } | 266 } |
| 277 | 281 |
| 278 p = ngx_cpymem(p, "+OK methods supported:" CRLF, | 282 p = ngx_cpymem(p, "+OK methods supported:" CRLF, |
| 279 sizeof("+OK methods supported:" CRLF) - 1); | 283 sizeof("+OK methods supported:" CRLF) - 1); |
| 280 | 284 |
| 281 for (m = NGX_MAIL_AUTH_PLAIN_ENABLED, i = 0; | 285 for (m = NGX_MAIL_AUTH_PLAIN_ENABLED, i = 0; |
| 282 m <= NGX_MAIL_AUTH_EXTERNAL_ENABLED; | 286 m < NGX_MAIL_AUTH_NONE_ENABLED; |
| 283 m <<= 1, i++) | 287 m <<= 1, i++) |
| 284 { | 288 { |
| 285 if (ngx_mail_pop3_auth_methods_names[i].len == 0) { | 289 if (ngx_mail_pop3_auth_methods_names[i].len == 0) { |
| 286 continue; | 290 continue; |
| 287 } | 291 } |