Mercurial > hg > nginx

comparison src/mail/ngx_mail_handler.c @ 6774:bcb107bb89cd

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Mail: support SASL EXTERNAL (RFC 4422). This is needed to allow TLS client certificate auth to work. With ssl_verify_client configured, the auth daemon can choose to allow the connection to proceed based on the certificate data. This has been tested with Thunderbird for IMAP only. I've not yet found a client that will do client certificate auth for POP3 or SMTP, and the method is not really documented anywhere that I can find. That said, its simple enough that the way I've done is probably right.
author Rob N ★ <robn@fastmail.com>
date Sat, 08 Oct 2016 18:05:00 +1100
parents fc99323a3d79
children 03444167a3bb
comparison
equal deleted inserted replaced
6773:73b451d304c0 6774:bcb107bb89cd
610 610
611 return NGX_DONE; 611 return NGX_DONE;
612 } 612 }
613 613
614 614
615 ngx_int_t
616 ngx_mail_auth_external(ngx_mail_session_t *s, ngx_connection_t *c,
617 ngx_uint_t n)
618 {
619 ngx_str_t *arg, external;
620
621 arg = s->args.elts;
622
623 ngx_log_debug1(NGX_LOG_DEBUG_MAIL, c->log, 0,
624 "mail auth external: \"%V\"", &arg[n]);
625
626 external.data = ngx_pnalloc(c->pool, ngx_base64_decoded_length(arg[n].len));
627 if (external.data == NULL) {
628 return NGX_ERROR;
629 }
630
631 if (ngx_decode_base64(&external, &arg[n]) != NGX_OK) {
632 ngx_log_error(NGX_LOG_INFO, c->log, 0,
633 "client sent invalid base64 encoding in AUTH EXTERNAL command");
634 return NGX_MAIL_PARSE_INVALID_COMMAND;
635 }
636
637 s->login.len = external.len;
638 s->login.data = external.data;
639
640 ngx_log_debug1(NGX_LOG_DEBUG_MAIL, c->log, 0,
641 "mail auth external: \"%V\"", &s->login);
642
643 s->auth_method = NGX_MAIL_AUTH_EXTERNAL;
644
645 return NGX_DONE;
646 }
647
648
615 void 649 void
616 ngx_mail_send(ngx_event_t *wev) 650 ngx_mail_send(ngx_event_t *wev)
617 { 651 {
618 ngx_int_t n; 652 ngx_int_t n;
619 ngx_connection_t *c; 653 ngx_connection_t *c;