Mercurial > hg > nginx
comparison src/mail/ngx_mail_pop3_handler.c @ 6774:bcb107bb89cd
Mail: support SASL EXTERNAL (RFC 4422).
This is needed to allow TLS client certificate auth to work. With
ssl_verify_client configured, the auth daemon can choose to allow the
connection to proceed based on the certificate data.
This has been tested with Thunderbird for IMAP only. I've not yet found a
client that will do client certificate auth for POP3 or SMTP, and the method is
not really documented anywhere that I can find. That said, its simple enough
that the way I've done is probably right.
| author | Rob N ★ <robn@fastmail.com> |
|---|---|
| date | Sat, 08 Oct 2016 18:05:00 +1100 |
| parents | 778ef9c3fd2d |
| children | b2915d99ee8d |
comparison
equal
deleted
inserted
replaced
| 6773:73b451d304c0 | 6774:bcb107bb89cd |
|---|---|
| 238 break; | 238 break; |
| 239 | 239 |
| 240 case ngx_pop3_auth_cram_md5: | 240 case ngx_pop3_auth_cram_md5: |
| 241 rc = ngx_mail_auth_cram_md5(s, c); | 241 rc = ngx_mail_auth_cram_md5(s, c); |
| 242 break; | 242 break; |
| 243 | |
| 244 case ngx_pop3_auth_external: | |
| 245 rc = ngx_mail_auth_external(s, c, 0); | |
| 246 break; | |
| 243 } | 247 } |
| 244 } | 248 } |
| 245 | 249 |
| 246 switch (rc) { | 250 switch (rc) { |
| 247 | 251 |
| 492 s->mail_state = ngx_pop3_auth_cram_md5; | 496 s->mail_state = ngx_pop3_auth_cram_md5; |
| 493 return NGX_OK; | 497 return NGX_OK; |
| 494 } | 498 } |
| 495 | 499 |
| 496 return NGX_ERROR; | 500 return NGX_ERROR; |
| 501 | |
| 502 case NGX_MAIL_AUTH_EXTERNAL: | |
| 503 | |
| 504 ngx_str_set(&s->out, pop3_username); | |
| 505 s->mail_state = ngx_pop3_auth_external; | |
| 506 | |
| 507 return NGX_OK; | |
| 497 } | 508 } |
| 498 | 509 |
| 499 return rc; | 510 return rc; |
| 500 } | 511 } |