Mercurial > hg > nginx
comparison src/mail/ngx_mail_parse.c @ 6774:bcb107bb89cd
Mail: support SASL EXTERNAL (RFC 4422).
This is needed to allow TLS client certificate auth to work. With
ssl_verify_client configured, the auth daemon can choose to allow the
connection to proceed based on the certificate data.
This has been tested with Thunderbird for IMAP only. I've not yet found a
client that will do client certificate auth for POP3 or SMTP, and the method is
not really documented anywhere that I can find. That said, its simple enough
that the way I've done is probably right.
| author | Rob N ★ <robn@fastmail.com> |
|---|---|
| date | Sat, 08 Oct 2016 18:05:00 +1100 |
| parents | 04e43d03e153 |
| children | 6a81d96d3733 |
comparison
equal
deleted
inserted
replaced
| 6773:73b451d304c0 | 6774:bcb107bb89cd |
|---|---|
| 903 return NGX_MAIL_PARSE_INVALID_COMMAND; | 903 return NGX_MAIL_PARSE_INVALID_COMMAND; |
| 904 } | 904 } |
| 905 | 905 |
| 906 if (arg[0].len == 8) { | 906 if (arg[0].len == 8) { |
| 907 | 907 |
| 908 if (s->args.nelts != 1) { | |
| 909 return NGX_MAIL_PARSE_INVALID_COMMAND; | |
| 910 } | |
| 911 | |
| 912 if (ngx_strncasecmp(arg[0].data, (u_char *) "CRAM-MD5", 8) == 0) { | 908 if (ngx_strncasecmp(arg[0].data, (u_char *) "CRAM-MD5", 8) == 0) { |
| 909 | |
| 910 if (s->args.nelts != 1) { | |
| 911 return NGX_MAIL_PARSE_INVALID_COMMAND; | |
| 912 } | |
| 913 | |
| 913 return NGX_MAIL_AUTH_CRAM_MD5; | 914 return NGX_MAIL_AUTH_CRAM_MD5; |
| 914 } | 915 } |
| 916 | |
| 917 if (ngx_strncasecmp(arg[0].data, (u_char *) "EXTERNAL", 8) == 0) { | |
| 918 | |
| 919 if (s->args.nelts == 1) { | |
| 920 return NGX_MAIL_AUTH_EXTERNAL; | |
| 921 } | |
| 922 | |
| 923 if (s->args.nelts == 2) { | |
| 924 return ngx_mail_auth_external(s, c, 1); | |
| 925 } | |
| 926 } | |
| 927 | |
| 928 return NGX_MAIL_PARSE_INVALID_COMMAND; | |
| 915 } | 929 } |
| 916 | 930 |
| 917 return NGX_MAIL_PARSE_INVALID_COMMAND; | 931 return NGX_MAIL_PARSE_INVALID_COMMAND; |
| 918 } | 932 } |