Mercurial > hg > nginx

comparison src/mail/ngx_mail_smtp_module.c @ 9290:4538c1ffb0f8

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Mail: added support for XOAUTH2 and OAUTHBEARER authentication. This patch adds support for the OAUTHBEARER SASL mechanism as defined by RFC 7628, as well as pre-RFC XOAUTH2 SASL mechanism. For both mechanisms, the "Auth-User" header is set to the client identity obtained from the initial SASL response sent by the client, and the "Auth-Pass" header is set to the Bearer token itself. The auth server may return the "Auth-Error-SASL" header, which is passed to the client as an additional SASL challenge. It is expected to contain mechanism-specific error details, base64-encoded. After the client responds (with an empty SASL response for XAUTH2, or with "AQ==" dummy response for OAUTHBEARER), the error message from the "Auth-Status" header is sent. Based on a patch by Rob Mueller.
author Maxim Dounin <mdounin@mdounin.ru>
date Mon, 03 Jun 2024 18:03:11 +0300
parents dc955d274130
children
comparison
equal deleted inserted replaced
9289:20017bff0de8 9290:4538c1ffb0f8
20 static ngx_conf_bitmask_t ngx_mail_smtp_auth_methods[] = { 20 static ngx_conf_bitmask_t ngx_mail_smtp_auth_methods[] = {
21 { ngx_string("plain"), NGX_MAIL_AUTH_PLAIN_ENABLED }, 21 { ngx_string("plain"), NGX_MAIL_AUTH_PLAIN_ENABLED },
22 { ngx_string("login"), NGX_MAIL_AUTH_LOGIN_ENABLED }, 22 { ngx_string("login"), NGX_MAIL_AUTH_LOGIN_ENABLED },
23 { ngx_string("cram-md5"), NGX_MAIL_AUTH_CRAM_MD5_ENABLED }, 23 { ngx_string("cram-md5"), NGX_MAIL_AUTH_CRAM_MD5_ENABLED },
24 { ngx_string("external"), NGX_MAIL_AUTH_EXTERNAL_ENABLED }, 24 { ngx_string("external"), NGX_MAIL_AUTH_EXTERNAL_ENABLED },
25 { ngx_string("xoauth2"), NGX_MAIL_AUTH_XOAUTH2_ENABLED },
26 { ngx_string("oauthbearer"), NGX_MAIL_AUTH_OAUTHBEARER_ENABLED },
25 { ngx_string("none"), NGX_MAIL_AUTH_NONE_ENABLED }, 27 { ngx_string("none"), NGX_MAIL_AUTH_NONE_ENABLED },
26 { ngx_null_string, 0 } 28 { ngx_null_string, 0 }
27 }; 29 };
28 30
29 31
31 ngx_string("PLAIN"), 33 ngx_string("PLAIN"),
32 ngx_string("LOGIN"), 34 ngx_string("LOGIN"),
33 ngx_null_string, /* APOP */ 35 ngx_null_string, /* APOP */
34 ngx_string("CRAM-MD5"), 36 ngx_string("CRAM-MD5"),
35 ngx_string("EXTERNAL"), 37 ngx_string("EXTERNAL"),
38 ngx_string("XOAUTH2"),
39 ngx_string("OAUTHBEARER"),
36 ngx_null_string /* NONE */ 40 ngx_null_string /* NONE */
37 }; 41 };
38 42
39 43
40 static ngx_mail_protocol_t ngx_mail_smtp_protocol = { 44 static ngx_mail_protocol_t ngx_mail_smtp_protocol = {
208 } 212 }
209 213
210 auth_enabled = 0; 214 auth_enabled = 0;
211 215
212 for (m = NGX_MAIL_AUTH_PLAIN_ENABLED, i = 0; 216 for (m = NGX_MAIL_AUTH_PLAIN_ENABLED, i = 0;
213 m <= NGX_MAIL_AUTH_EXTERNAL_ENABLED; 217 m < NGX_MAIL_AUTH_NONE_ENABLED;
214 m <<= 1, i++) 218 m <<= 1, i++)
215 { 219 {
216 if (m & conf->auth_methods) { 220 if (m & conf->auth_methods) {
217 size += 1 + ngx_mail_smtp_auth_methods_names[i].len; 221 size += 1 + ngx_mail_smtp_auth_methods_names[i].len;
218 auth_enabled = 1; 222 auth_enabled = 1;
251 255
252 *p++ = '2'; *p++ = '5'; *p++ = '0'; *p++ = ' '; 256 *p++ = '2'; *p++ = '5'; *p++ = '0'; *p++ = ' ';
253 *p++ = 'A'; *p++ = 'U'; *p++ = 'T'; *p++ = 'H'; 257 *p++ = 'A'; *p++ = 'U'; *p++ = 'T'; *p++ = 'H';
254 258
255 for (m = NGX_MAIL_AUTH_PLAIN_ENABLED, i = 0; 259 for (m = NGX_MAIL_AUTH_PLAIN_ENABLED, i = 0;
256 m <= NGX_MAIL_AUTH_EXTERNAL_ENABLED; 260 m < NGX_MAIL_AUTH_NONE_ENABLED;
257 m <<= 1, i++) 261 m <<= 1, i++)
258 { 262 {
259 if (m & conf->auth_methods) { 263 if (m & conf->auth_methods) {
260 *p++ = ' '; 264 *p++ = ' ';
261 p = ngx_cpymem(p, ngx_mail_smtp_auth_methods_names[i].data, 265 p = ngx_cpymem(p, ngx_mail_smtp_auth_methods_names[i].data,