From 9e8ced98906b50dfa5864f2e609ec603e5342c0e Mon Sep 17 00:00:00 2001
From: Steve Holme <steve_holme@hotmail.com>
Date: Wed, 4 Sep 2013 21:27:01 +0100
Subject: imap/smtp: Fixed incorrect SASL mechanism selection with XOAUTH2
 servers

XOAUTH2 would be selected in preference to LOGIN and PLAIN if the IMAP
or SMTP server advertised support for it even though a user's password
was supplied but bearer token wasn't.

Modified the selection logic so that XOAUTH2 will only be selected if
the server supports it and A) The curl user/libcurl programmer has
specifically asked for XOAUTH via the ;AUTH=XOAUTH login option or 2)
The bearer token is specified. Obviously if XOAUTH is asked for via
the login option but no token is specified the user will receive a
authentication failure which makes more sense than no known
authentication mechanisms supported!
---
 lib/imap.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

(limited to 'lib/imap.c')

diff --git a/lib/imap.c b/lib/imap.c
index 22a0c4246..6b6d4ce45 100644
--- a/lib/imap.c
+++ b/lib/imap.c
@@ -579,9 +579,9 @@ static CURLcode imap_perform_authenticate(struct connectdata *conn)
   }
   else
 #endif
-
   if((imapc->authmechs & SASL_MECH_XOAUTH2) &&
-     (imapc->prefmech & SASL_MECH_XOAUTH2)) {
+     (imapc->prefmech & SASL_MECH_XOAUTH2) &&
+     (imapc->prefmech != SASL_AUTH_ANY) || conn->xoauth2_bearer) {
     mech = "XOAUTH2";
     state1 = IMAP_AUTHENTICATE_XOAUTH2;
     state2 = IMAP_AUTHENTICATE_FINAL;
-- 
cgit v1.2.3