Mercurial > hg > nginx
diff src/mail/ngx_mail.h @ 9290:4538c1ffb0f8
Mail: added support for XOAUTH2 and OAUTHBEARER authentication.
This patch adds support for the OAUTHBEARER SASL mechanism as defined
by RFC 7628, as well as pre-RFC XOAUTH2 SASL mechanism. For both
mechanisms, the "Auth-User" header is set to the client identity
obtained from the initial SASL response sent by the client, and the
"Auth-Pass" header is set to the Bearer token itself.
The auth server may return the "Auth-Error-SASL" header, which is
passed to the client as an additional SASL challenge. It is expected
to contain mechanism-specific error details, base64-encoded. After
the client responds (with an empty SASL response for XAUTH2, or with
"AQ==" dummy response for OAUTHBEARER), the error message from the
"Auth-Status" header is sent.
Based on a patch by Rob Mueller.
| author | Maxim Dounin <mdounin@mdounin.ru> |
|---|---|
| date | Mon, 03 Jun 2024 18:03:11 +0300 |
| parents | d9a52ebb9b00 |
| children |
line wrap: on
line diff
--- a/src/mail/ngx_mail.h +++ b/src/mail/ngx_mail.h @@ -141,7 +141,9 @@ typedef enum { ngx_pop3_auth_login_password, ngx_pop3_auth_plain, ngx_pop3_auth_cram_md5, - ngx_pop3_auth_external + ngx_pop3_auth_external, + ngx_pop3_auth_xoauth2, + ngx_pop3_auth_oauthbearer } ngx_pop3_state_e; @@ -152,6 +154,8 @@ typedef enum { ngx_imap_auth_plain, ngx_imap_auth_cram_md5, ngx_imap_auth_external, + ngx_imap_auth_xoauth2, + ngx_imap_auth_oauthbearer, ngx_imap_login, ngx_imap_user, ngx_imap_passwd @@ -165,6 +169,8 @@ typedef enum { ngx_smtp_auth_plain, ngx_smtp_auth_cram_md5, ngx_smtp_auth_external, + ngx_smtp_auth_xoauth2, + ngx_smtp_auth_oauthbearer, ngx_smtp_helo, ngx_smtp_helo_xclient, ngx_smtp_helo_auth, @@ -212,8 +218,9 @@ typedef struct { unsigned no_sync_literal:1; unsigned starttls:1; unsigned esmtp:1; - unsigned auth_method:3; + unsigned auth_method:4; unsigned auth_wait:1; + unsigned auth_quit:1; ngx_str_t login; ngx_str_t passwd; @@ -229,6 +236,8 @@ typedef struct { ngx_str_t smtp_from; ngx_str_t smtp_to; + ngx_str_t auth_err; + ngx_str_t cmd; ngx_uint_t command; @@ -303,15 +312,19 @@ typedef struct { #define NGX_MAIL_AUTH_APOP 3 #define NGX_MAIL_AUTH_CRAM_MD5 4 #define NGX_MAIL_AUTH_EXTERNAL 5 -#define NGX_MAIL_AUTH_NONE 6 +#define NGX_MAIL_AUTH_XOAUTH2 6 +#define NGX_MAIL_AUTH_OAUTHBEARER 7 +#define NGX_MAIL_AUTH_NONE 8 -#define NGX_MAIL_AUTH_PLAIN_ENABLED 0x0002 -#define NGX_MAIL_AUTH_LOGIN_ENABLED 0x0004 -#define NGX_MAIL_AUTH_APOP_ENABLED 0x0008 -#define NGX_MAIL_AUTH_CRAM_MD5_ENABLED 0x0010 -#define NGX_MAIL_AUTH_EXTERNAL_ENABLED 0x0020 -#define NGX_MAIL_AUTH_NONE_ENABLED 0x0040 +#define NGX_MAIL_AUTH_PLAIN_ENABLED 0x0002 +#define NGX_MAIL_AUTH_LOGIN_ENABLED 0x0004 +#define NGX_MAIL_AUTH_APOP_ENABLED 0x0008 +#define NGX_MAIL_AUTH_CRAM_MD5_ENABLED 0x0010 +#define NGX_MAIL_AUTH_EXTERNAL_ENABLED 0x0020 +#define NGX_MAIL_AUTH_XOAUTH2_ENABLED 0x0040 +#define NGX_MAIL_AUTH_OAUTHBEARER_ENABLED 0x0080 +#define NGX_MAIL_AUTH_NONE_ENABLED 0x0100 #define NGX_MAIL_PARSE_INVALID_COMMAND 20 @@ -399,6 +412,10 @@ ngx_int_t ngx_mail_auth_cram_md5_salt(ng ngx_int_t ngx_mail_auth_cram_md5(ngx_mail_session_t *s, ngx_connection_t *c); ngx_int_t ngx_mail_auth_external(ngx_mail_session_t *s, ngx_connection_t *c, ngx_uint_t n); +ngx_int_t ngx_mail_auth_xoauth2(ngx_mail_session_t *s, ngx_connection_t *c, + ngx_uint_t n); +ngx_int_t ngx_mail_auth_oauthbearer(ngx_mail_session_t *s, ngx_connection_t *c, + ngx_uint_t n); ngx_int_t ngx_mail_auth_parse(ngx_mail_session_t *s, ngx_connection_t *c); void ngx_mail_send(ngx_event_t *wev);