Mercurial > hg > nginx
diff src/mail/ngx_mail_parse.c @ 9290:4538c1ffb0f8
Mail: added support for XOAUTH2 and OAUTHBEARER authentication.
This patch adds support for the OAUTHBEARER SASL mechanism as defined
by RFC 7628, as well as pre-RFC XOAUTH2 SASL mechanism. For both
mechanisms, the "Auth-User" header is set to the client identity
obtained from the initial SASL response sent by the client, and the
"Auth-Pass" header is set to the Bearer token itself.
The auth server may return the "Auth-Error-SASL" header, which is
passed to the client as an additional SASL challenge. It is expected
to contain mechanism-specific error details, base64-encoded. After
the client responds (with an empty SASL response for XAUTH2, or with
"AQ==" dummy response for OAUTHBEARER), the error message from the
"Auth-Status" header is sent.
Based on a patch by Rob Mueller.
| author | Maxim Dounin <mdounin@mdounin.ru> |
|---|---|
| date | Mon, 03 Jun 2024 18:03:11 +0300 |
| parents | 20017bff0de8 |
| children |
line wrap: on
line diff
--- a/src/mail/ngx_mail_parse.c +++ b/src/mail/ngx_mail_parse.c @@ -953,6 +953,20 @@ ngx_mail_auth_parse(ngx_mail_session_t * return NGX_MAIL_PARSE_INVALID_COMMAND; } + if (arg[0].len == 7) { + + if (ngx_strncasecmp(arg[0].data, (u_char *) "XOAUTH2", 7) == 0) { + + if (s->args.nelts == 1 || s->args.nelts == 2) { + return NGX_MAIL_AUTH_XOAUTH2; + } + + return NGX_MAIL_PARSE_INVALID_COMMAND; + } + + return NGX_MAIL_PARSE_INVALID_COMMAND; + } + if (arg[0].len == 8) { if (ngx_strncasecmp(arg[0].data, (u_char *) "CRAM-MD5", 8) == 0) { @@ -976,5 +990,19 @@ ngx_mail_auth_parse(ngx_mail_session_t * return NGX_MAIL_PARSE_INVALID_COMMAND; } + if (arg[0].len == 11) { + + if (ngx_strncasecmp(arg[0].data, (u_char *) "OAUTHBEARER", 11) == 0) { + + if (s->args.nelts == 1 || s->args.nelts == 2) { + return NGX_MAIL_AUTH_OAUTHBEARER; + } + + return NGX_MAIL_PARSE_INVALID_COMMAND; + } + + return NGX_MAIL_PARSE_INVALID_COMMAND; + } + return NGX_MAIL_PARSE_INVALID_COMMAND; }