From: Steve Holme <steve_holme@hotmail.com>
Date: Sat, 5 Sep 2015 16:29:49 +0000 (+0100)
Subject: sasl: Don't choose OAuth 2.0 if mechanism not advertised
X-Git-Tag: curl-7_46_0~79
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=d6d58dd5580f5737432cae1e65f2023dff2804b6;p=curl

sasl: Don't choose OAuth 2.0 if mechanism not advertised

Regression from commit 9e8ced9890 which meant if --oauth2-bearer was
specified but the SASL mechanism wasn't supported by the server then
the mechanism would be chosen.
---

diff --git a/lib/curl_sasl.c b/lib/curl_sasl.c
index a0c989915..8ccfac84a 100644
--- a/lib/curl_sasl.c
+++ b/lib/curl_sasl.c
@@ -1455,7 +1455,8 @@ CURLcode Curl_sasl_start(struct SASL *sasl, struct connectdata *conn,
       }
     else
 #endif
-    if((enabledmechs & SASL_MECH_XOAUTH2) || conn->oauth_bearer) {
+    if((enabledmechs & SASL_MECH_XOAUTH2) && ((conn->oauth_bearer) ||
+                                              (!conn->passwd))) {
       mech = SASL_MECH_STRING_XOAUTH2;
       state1 = SASL_XOAUTH2;
       sasl->authused = SASL_MECH_XOAUTH2;