From: Steve Holme Date: Wed, 4 Sep 2013 20:27:01 +0000 (+0100) Subject: imap/smtp: Fixed incorrect SASL mechanism selection with XOAUTH2 servers X-Git-Tag: curl-7_33_0~170 X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=9e8ced98906b50dfa5864f2e609ec603e5342c0e;p=curl imap/smtp: Fixed incorrect SASL mechanism selection with XOAUTH2 servers XOAUTH2 would be selected in preference to LOGIN and PLAIN if the IMAP or SMTP server advertised support for it even though a user's password was supplied but bearer token wasn't. Modified the selection logic so that XOAUTH2 will only be selected if the server supports it and A) The curl user/libcurl programmer has specifically asked for XOAUTH via the ;AUTH=XOAUTH login option or 2) The bearer token is specified. Obviously if XOAUTH is asked for via the login option but no token is specified the user will receive a authentication failure which makes more sense than no known authentication mechanisms supported! --- diff --git a/lib/imap.c b/lib/imap.c index 22a0c4246..6b6d4ce45 100644 --- a/lib/imap.c +++ b/lib/imap.c @@ -579,9 +579,9 @@ static CURLcode imap_perform_authenticate(struct connectdata *conn) } else #endif - if((imapc->authmechs & SASL_MECH_XOAUTH2) && - (imapc->prefmech & SASL_MECH_XOAUTH2)) { + (imapc->prefmech & SASL_MECH_XOAUTH2) && + (imapc->prefmech != SASL_AUTH_ANY) || conn->xoauth2_bearer) { mech = "XOAUTH2"; state1 = IMAP_AUTHENTICATE_XOAUTH2; state2 = IMAP_AUTHENTICATE_FINAL; diff --git a/lib/smtp.c b/lib/smtp.c index f2c79794c..c3650e1d9 100644 --- a/lib/smtp.c +++ b/lib/smtp.c @@ -500,9 +500,9 @@ static CURLcode smtp_perform_authenticate(struct connectdata *conn) } else #endif - if((smtpc->authmechs & SASL_MECH_XOAUTH2) && - (smtpc->prefmech & SASL_MECH_XOAUTH2)) { + (smtpc->prefmech & SASL_MECH_XOAUTH2) && + (smtpc->prefmech != SASL_AUTH_ANY) || conn->xoauth2_bearer) { mech = "XOAUTH2"; state1 = SMTP_AUTH_XOAUTH2; state2 = SMTP_AUTH_FINAL;