Mercurial > hg > nginx
comparison src/mail/ngx_mail.h @ 6774:bcb107bb89cd
Mail: support SASL EXTERNAL (RFC 4422).
This is needed to allow TLS client certificate auth to work. With
ssl_verify_client configured, the auth daemon can choose to allow the
connection to proceed based on the certificate data.
This has been tested with Thunderbird for IMAP only. I've not yet found a
client that will do client certificate auth for POP3 or SMTP, and the method is
not really documented anywhere that I can find. That said, its simple enough
that the way I've done is probably right.
| author | Rob N ★ <robn@fastmail.com> |
|---|---|
| date | Sat, 08 Oct 2016 18:05:00 +1100 |
| parents | a9a50bb65120 |
| children | 6c13008ad503 |
comparison
equal
deleted
inserted
replaced
| 6773:73b451d304c0 | 6774:bcb107bb89cd |
|---|---|
| 130 ngx_pop3_user, | 130 ngx_pop3_user, |
| 131 ngx_pop3_passwd, | 131 ngx_pop3_passwd, |
| 132 ngx_pop3_auth_login_username, | 132 ngx_pop3_auth_login_username, |
| 133 ngx_pop3_auth_login_password, | 133 ngx_pop3_auth_login_password, |
| 134 ngx_pop3_auth_plain, | 134 ngx_pop3_auth_plain, |
| 135 ngx_pop3_auth_cram_md5 | 135 ngx_pop3_auth_cram_md5, |
| 136 ngx_pop3_auth_external | |
| 136 } ngx_pop3_state_e; | 137 } ngx_pop3_state_e; |
| 137 | 138 |
| 138 | 139 |
| 139 typedef enum { | 140 typedef enum { |
| 140 ngx_imap_start = 0, | 141 ngx_imap_start = 0, |
| 141 ngx_imap_auth_login_username, | 142 ngx_imap_auth_login_username, |
| 142 ngx_imap_auth_login_password, | 143 ngx_imap_auth_login_password, |
| 143 ngx_imap_auth_plain, | 144 ngx_imap_auth_plain, |
| 144 ngx_imap_auth_cram_md5, | 145 ngx_imap_auth_cram_md5, |
| 146 ngx_imap_auth_external, | |
| 145 ngx_imap_login, | 147 ngx_imap_login, |
| 146 ngx_imap_user, | 148 ngx_imap_user, |
| 147 ngx_imap_passwd | 149 ngx_imap_passwd |
| 148 } ngx_imap_state_e; | 150 } ngx_imap_state_e; |
| 149 | 151 |
| 152 ngx_smtp_start = 0, | 154 ngx_smtp_start = 0, |
| 153 ngx_smtp_auth_login_username, | 155 ngx_smtp_auth_login_username, |
| 154 ngx_smtp_auth_login_password, | 156 ngx_smtp_auth_login_password, |
| 155 ngx_smtp_auth_plain, | 157 ngx_smtp_auth_plain, |
| 156 ngx_smtp_auth_cram_md5, | 158 ngx_smtp_auth_cram_md5, |
| 159 ngx_smtp_auth_external, | |
| 157 ngx_smtp_helo, | 160 ngx_smtp_helo, |
| 158 ngx_smtp_helo_xclient, | 161 ngx_smtp_helo_xclient, |
| 159 ngx_smtp_helo_from, | 162 ngx_smtp_helo_from, |
| 160 ngx_smtp_xclient, | 163 ngx_smtp_xclient, |
| 161 ngx_smtp_xclient_from, | 164 ngx_smtp_xclient_from, |
| 283 #define NGX_MAIL_AUTH_PLAIN 0 | 286 #define NGX_MAIL_AUTH_PLAIN 0 |
| 284 #define NGX_MAIL_AUTH_LOGIN 1 | 287 #define NGX_MAIL_AUTH_LOGIN 1 |
| 285 #define NGX_MAIL_AUTH_LOGIN_USERNAME 2 | 288 #define NGX_MAIL_AUTH_LOGIN_USERNAME 2 |
| 286 #define NGX_MAIL_AUTH_APOP 3 | 289 #define NGX_MAIL_AUTH_APOP 3 |
| 287 #define NGX_MAIL_AUTH_CRAM_MD5 4 | 290 #define NGX_MAIL_AUTH_CRAM_MD5 4 |
| 288 #define NGX_MAIL_AUTH_NONE 5 | 291 #define NGX_MAIL_AUTH_EXTERNAL 5 |
| 292 #define NGX_MAIL_AUTH_NONE 6 | |
| 289 | 293 |
| 290 | 294 |
| 291 #define NGX_MAIL_AUTH_PLAIN_ENABLED 0x0002 | 295 #define NGX_MAIL_AUTH_PLAIN_ENABLED 0x0002 |
| 292 #define NGX_MAIL_AUTH_LOGIN_ENABLED 0x0004 | 296 #define NGX_MAIL_AUTH_LOGIN_ENABLED 0x0004 |
| 293 #define NGX_MAIL_AUTH_APOP_ENABLED 0x0008 | 297 #define NGX_MAIL_AUTH_APOP_ENABLED 0x0008 |
| 294 #define NGX_MAIL_AUTH_CRAM_MD5_ENABLED 0x0010 | 298 #define NGX_MAIL_AUTH_CRAM_MD5_ENABLED 0x0010 |
| 295 #define NGX_MAIL_AUTH_NONE_ENABLED 0x0020 | 299 #define NGX_MAIL_AUTH_EXTERNAL_ENABLED 0x0020 |
| 300 #define NGX_MAIL_AUTH_NONE_ENABLED 0x0040 | |
| 296 | 301 |
| 297 | 302 |
| 298 #define NGX_MAIL_PARSE_INVALID_COMMAND 20 | 303 #define NGX_MAIL_PARSE_INVALID_COMMAND 20 |
| 299 | 304 |
| 300 | 305 |
| 375 ngx_int_t ngx_mail_auth_login_password(ngx_mail_session_t *s, | 380 ngx_int_t ngx_mail_auth_login_password(ngx_mail_session_t *s, |
| 376 ngx_connection_t *c); | 381 ngx_connection_t *c); |
| 377 ngx_int_t ngx_mail_auth_cram_md5_salt(ngx_mail_session_t *s, | 382 ngx_int_t ngx_mail_auth_cram_md5_salt(ngx_mail_session_t *s, |
| 378 ngx_connection_t *c, char *prefix, size_t len); | 383 ngx_connection_t *c, char *prefix, size_t len); |
| 379 ngx_int_t ngx_mail_auth_cram_md5(ngx_mail_session_t *s, ngx_connection_t *c); | 384 ngx_int_t ngx_mail_auth_cram_md5(ngx_mail_session_t *s, ngx_connection_t *c); |
| 385 ngx_int_t ngx_mail_auth_external(ngx_mail_session_t *s, ngx_connection_t *c, | |
| 386 ngx_uint_t n); | |
| 380 ngx_int_t ngx_mail_auth_parse(ngx_mail_session_t *s, ngx_connection_t *c); | 387 ngx_int_t ngx_mail_auth_parse(ngx_mail_session_t *s, ngx_connection_t *c); |
| 381 | 388 |
| 382 void ngx_mail_send(ngx_event_t *wev); | 389 void ngx_mail_send(ngx_event_t *wev); |
| 383 ngx_int_t ngx_mail_read_command(ngx_mail_session_t *s, ngx_connection_t *c); | 390 ngx_int_t ngx_mail_read_command(ngx_mail_session_t *s, ngx_connection_t *c); |
| 384 void ngx_mail_auth(ngx_mail_session_t *s, ngx_connection_t *c); | 391 void ngx_mail_auth(ngx_mail_session_t *s, ngx_connection_t *c); |