Commit 9e8ced98 authored by Steve Holme's avatar Steve Holme
Browse files

imap/smtp: Fixed incorrect SASL mechanism selection with XOAUTH2 servers 

XOAUTH2 would be selected in preference to LOGIN and PLAIN if the IMAP
or SMTP server advertised support for it even though a user's password
was supplied but bearer token wasn't.

Modified the selection logic so that XOAUTH2 will only be selected if
the server supports it and A) The curl user/libcurl programmer has
specifically asked for XOAUTH via the ;AUTH=XOAUTH login option or 2)
The bearer token is specified. Obviously if XOAUTH is asked for via
the login option but no token is specified the user will receive a
authentication failure which makes more sense than no known
authentication mechanisms supported!
parent 698e3bdf

lib/imap.c

+2 −2
Original line number Diff line number Diff line
@@ -579,9 +579,9 @@ static CURLcode imap_perform_authenticate(struct connectdata *conn) 
  }

  else

#endif



  if((imapc->authmechs & SASL_MECH_XOAUTH2) &&

     (imapc->prefmech & SASL_MECH_XOAUTH2)) {

     (imapc->prefmech & SASL_MECH_XOAUTH2) &&

     (imapc->prefmech != SASL_AUTH_ANY) || conn->xoauth2_bearer) {

    mech = "XOAUTH2";

    state1 = IMAP_AUTHENTICATE_XOAUTH2;

    state2 = IMAP_AUTHENTICATE_FINAL;

lib/smtp.c

+2 −2
Original line number Diff line number Diff line
@@ -500,9 +500,9 @@ static CURLcode smtp_perform_authenticate(struct connectdata *conn) 
    }

  else

#endif



  if((smtpc->authmechs & SASL_MECH_XOAUTH2) &&

     (smtpc->prefmech & SASL_MECH_XOAUTH2)) {

     (smtpc->prefmech & SASL_MECH_XOAUTH2) &&

     (smtpc->prefmech != SASL_AUTH_ANY) || conn->xoauth2_bearer) {

    mech = "XOAUTH2";

    state1 = SMTP_AUTH_XOAUTH2;

    state2 = SMTP_AUTH_FINAL;