imap/smtp: Fixed incorrect SASL mechanism selection with XOAUTH2 servers
XOAUTH2 would be selected in preference to LOGIN and PLAIN if the IMAP or SMTP server advertised support for it even though a user's password was supplied but bearer token wasn't. Modified the selection logic so that XOAUTH2 will only be selected if the server supports it and A) The curl user/libcurl programmer has specifically asked for XOAUTH via the ;AUTH=XOAUTH login option or 2) The bearer token is specified. Obviously if XOAUTH is asked for via the login option but no token is specified the user will receive a authentication failure which makes more sense than no known authentication mechanisms supported!
This commit is contained in:
		| @@ -579,9 +579,9 @@ static CURLcode imap_perform_authenticate(struct connectdata *conn) | |||||||
|   } |   } | ||||||
|   else |   else | ||||||
| #endif | #endif | ||||||
|  |  | ||||||
|   if((imapc->authmechs & SASL_MECH_XOAUTH2) && |   if((imapc->authmechs & SASL_MECH_XOAUTH2) && | ||||||
|      (imapc->prefmech & SASL_MECH_XOAUTH2)) { |      (imapc->prefmech & SASL_MECH_XOAUTH2) && | ||||||
|  |      (imapc->prefmech != SASL_AUTH_ANY) || conn->xoauth2_bearer) { | ||||||
|     mech = "XOAUTH2"; |     mech = "XOAUTH2"; | ||||||
|     state1 = IMAP_AUTHENTICATE_XOAUTH2; |     state1 = IMAP_AUTHENTICATE_XOAUTH2; | ||||||
|     state2 = IMAP_AUTHENTICATE_FINAL; |     state2 = IMAP_AUTHENTICATE_FINAL; | ||||||
|   | |||||||
| @@ -500,9 +500,9 @@ static CURLcode smtp_perform_authenticate(struct connectdata *conn) | |||||||
|     } |     } | ||||||
|   else |   else | ||||||
| #endif | #endif | ||||||
|  |  | ||||||
|   if((smtpc->authmechs & SASL_MECH_XOAUTH2) && |   if((smtpc->authmechs & SASL_MECH_XOAUTH2) && | ||||||
|      (smtpc->prefmech & SASL_MECH_XOAUTH2)) { |      (smtpc->prefmech & SASL_MECH_XOAUTH2) && | ||||||
|  |      (smtpc->prefmech != SASL_AUTH_ANY) || conn->xoauth2_bearer) { | ||||||
|     mech = "XOAUTH2"; |     mech = "XOAUTH2"; | ||||||
|     state1 = SMTP_AUTH_XOAUTH2; |     state1 = SMTP_AUTH_XOAUTH2; | ||||||
|     state2 = SMTP_AUTH_FINAL; |     state2 = SMTP_AUTH_FINAL; | ||||||
|   | |||||||
		Reference in New Issue
	
	Block a user
	 Steve Holme
					Steve Holme