From 3bd11414f554e263abdf01396f1afabb6e778f1e Mon Sep 17 00:00:00 2001
From: Brendan Cully <brendan@kublai.com>
Date: Sat, 7 Jul 2012 15:50:08 -0700
Subject: [PATCH] Do not use SASL for login unless AUTH=LOGIN is advertised
 (closes #3556)

---
 imap/auth_sasl.c | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/imap/auth_sasl.c b/imap/auth_sasl.c
index ed7cf921f..ea076cf34 100644
--- a/imap/auth_sasl.c
+++ b/imap/auth_sasl.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2000-6 Brendan Cully <brendan@kublai.com>
+ * Copyright (C) 2000-6,2012 Brendan Cully <brendan@kublai.com>
  * 
  *     This program is free software; you can redistribute it and/or modify
  *     it under the terms of the GNU General Public License as published by
@@ -69,7 +69,10 @@ imap_auth_res_t imap_auth_sasl (IMAP_DATA* idata, const char* method)
 	 !ascii_strncmp (idata->conn->account.user, "anonymous", 9)))
       rc = sasl_client_start (saslconn, "AUTH=ANONYMOUS", NULL, &pc, &olen, 
                               &mech);
-  }
+  } else if (!ascii_strcasecmp ("login", method) &&
+	!strstr (idata->capstr, "AUTH=LOGIN"))
+    /* do not use SASL login for regular IMAP login (#3556) */
+    return IMAP_AUTH_UNAVAIL;
   
   if (rc != SASL_OK && rc != SASL_CONTINUE)
     do
-- 
2.40.0