Mercurial > hg > nginx
comparison src/mail/ngx_mail_smtp_handler.c @ 9290:4538c1ffb0f8
Mail: added support for XOAUTH2 and OAUTHBEARER authentication.
This patch adds support for the OAUTHBEARER SASL mechanism as defined
by RFC 7628, as well as pre-RFC XOAUTH2 SASL mechanism. For both
mechanisms, the "Auth-User" header is set to the client identity
obtained from the initial SASL response sent by the client, and the
"Auth-Pass" header is set to the Bearer token itself.
The auth server may return the "Auth-Error-SASL" header, which is
passed to the client as an additional SASL challenge. It is expected
to contain mechanism-specific error details, base64-encoded. After
the client responds (with an empty SASL response for XAUTH2, or with
"AQ==" dummy response for OAUTHBEARER), the error message from the
"Auth-Status" header is sent.
Based on a patch by Rob Mueller.
| author | Maxim Dounin <mdounin@mdounin.ru> |
|---|---|
| date | Mon, 03 Jun 2024 18:03:11 +0300 |
| parents | 32d4582c484d |
| children |
comparison
equal
deleted
inserted
replaced
| 9289:20017bff0de8 | 9290:4538c1ffb0f8 |
|---|---|
| 546 break; | 546 break; |
| 547 | 547 |
| 548 case ngx_smtp_auth_external: | 548 case ngx_smtp_auth_external: |
| 549 rc = ngx_mail_auth_external(s, c, 0); | 549 rc = ngx_mail_auth_external(s, c, 0); |
| 550 break; | 550 break; |
| 551 | |
| 552 case ngx_smtp_auth_xoauth2: | |
| 553 rc = ngx_mail_auth_xoauth2(s, c, 0); | |
| 554 break; | |
| 555 | |
| 556 case ngx_smtp_auth_oauthbearer: | |
| 557 rc = ngx_mail_auth_oauthbearer(s, c, 0); | |
| 558 break; | |
| 551 } | 559 } |
| 552 } | 560 } |
| 553 | 561 |
| 554 if (s->buffer->pos < s->buffer->last || c->read->ready) { | 562 if (s->buffer->pos < s->buffer->last || c->read->ready) { |
| 555 s->blocked = 1; | 563 s->blocked = 1; |
| 743 | 751 |
| 744 ngx_str_set(&s->out, smtp_username); | 752 ngx_str_set(&s->out, smtp_username); |
| 745 s->mail_state = ngx_smtp_auth_external; | 753 s->mail_state = ngx_smtp_auth_external; |
| 746 | 754 |
| 747 return NGX_OK; | 755 return NGX_OK; |
| 756 | |
| 757 case NGX_MAIL_AUTH_XOAUTH2: | |
| 758 | |
| 759 if (!(sscf->auth_methods & NGX_MAIL_AUTH_XOAUTH2_ENABLED)) { | |
| 760 return NGX_MAIL_PARSE_INVALID_COMMAND; | |
| 761 } | |
| 762 | |
| 763 if (s->args.nelts == 2) { | |
| 764 s->mail_state = ngx_smtp_auth_xoauth2; | |
| 765 return ngx_mail_auth_xoauth2(s, c, 1); | |
| 766 } | |
| 767 | |
| 768 ngx_str_set(&s->out, smtp_next); | |
| 769 s->mail_state = ngx_smtp_auth_xoauth2; | |
| 770 | |
| 771 return NGX_OK; | |
| 772 | |
| 773 case NGX_MAIL_AUTH_OAUTHBEARER: | |
| 774 | |
| 775 if (!(sscf->auth_methods & NGX_MAIL_AUTH_OAUTHBEARER_ENABLED)) { | |
| 776 return NGX_MAIL_PARSE_INVALID_COMMAND; | |
| 777 } | |
| 778 | |
| 779 if (s->args.nelts == 2) { | |
| 780 s->mail_state = ngx_smtp_auth_oauthbearer; | |
| 781 return ngx_mail_auth_oauthbearer(s, c, 1); | |
| 782 } | |
| 783 | |
| 784 ngx_str_set(&s->out, smtp_next); | |
| 785 s->mail_state = ngx_smtp_auth_oauthbearer; | |
| 786 | |
| 787 return NGX_OK; | |
| 748 } | 788 } |
| 749 | 789 |
| 750 return rc; | 790 return rc; |
| 751 } | 791 } |
| 752 | 792 |