Mercurial > hg > nginx
comparison src/mail/ngx_mail_imap_handler.c @ 6774:bcb107bb89cd
Mail: support SASL EXTERNAL (RFC 4422).
This is needed to allow TLS client certificate auth to work. With
ssl_verify_client configured, the auth daemon can choose to allow the
connection to proceed based on the certificate data.
This has been tested with Thunderbird for IMAP only. I've not yet found a
client that will do client certificate auth for POP3 or SMTP, and the method is
not really documented anywhere that I can find. That said, its simple enough
that the way I've done is probably right.
| author | Rob N ★ <robn@fastmail.com> |
|---|---|
| date | Sat, 08 Oct 2016 18:05:00 +1100 |
| parents | d620f497c50f |
| children | b2915d99ee8d |
comparison
equal
deleted
inserted
replaced
| 6773:73b451d304c0 | 6774:bcb107bb89cd |
|---|---|
| 220 break; | 220 break; |
| 221 | 221 |
| 222 case ngx_imap_auth_cram_md5: | 222 case ngx_imap_auth_cram_md5: |
| 223 rc = ngx_mail_auth_cram_md5(s, c); | 223 rc = ngx_mail_auth_cram_md5(s, c); |
| 224 break; | 224 break; |
| 225 | |
| 226 case ngx_imap_auth_external: | |
| 227 rc = ngx_mail_auth_external(s, c, 0); | |
| 228 break; | |
| 225 } | 229 } |
| 226 | 230 |
| 227 } else if (rc == NGX_IMAP_NEXT) { | 231 } else if (rc == NGX_IMAP_NEXT) { |
| 228 tag = 0; | 232 tag = 0; |
| 229 ngx_str_set(&s->out, imap_next); | 233 ngx_str_set(&s->out, imap_next); |
| 397 s->mail_state = ngx_imap_auth_cram_md5; | 401 s->mail_state = ngx_imap_auth_cram_md5; |
| 398 return NGX_OK; | 402 return NGX_OK; |
| 399 } | 403 } |
| 400 | 404 |
| 401 return NGX_ERROR; | 405 return NGX_ERROR; |
| 406 | |
| 407 case NGX_MAIL_AUTH_EXTERNAL: | |
| 408 | |
| 409 ngx_str_set(&s->out, imap_username); | |
| 410 s->mail_state = ngx_imap_auth_external; | |
| 411 | |
| 412 return NGX_OK; | |
| 402 } | 413 } |
| 403 | 414 |
| 404 return rc; | 415 return rc; |
| 405 } | 416 } |
| 406 | 417 |