Fix plain SASL when TLS unavailable

Found by: @eryg-kai Patch by: @eryg-kai Fix plain SASL auth when TLS is unavailable There is common code after the if/else that was being omitted by an ifdef that should only be affecting the last else branch. This change brings this ifdef in line with the previous ifdef (utilizing an early `return 1`). (cherry picked from commit 7d8f3de)
eggheads · Aug 11, 2022 · f835ec1 · f835ec1
1 parent 9cca2b6
commit f835ec1
Showing 1 changed file with 7 additions and 6 deletions.
diff --git a/src/mod/server.mod/servmsg.c b/src/mod/server.mod/servmsg.c
@@ -1383,23 +1383,24 @@ static int tryauthenticate(char *from, char *msg)
       }
     }
 #else
-      putlog(LOG_DEBUG, "*", "SASL: TLS libs missing EC support, try PLAIN or "
-                "EXTERNAL method");
+      putlog(LOG_DEBUG, "*", "SASL: TLS libs not present or missing EC support."
+                " Try the PLAIN or EXTERNAL method instead");
       return 1;
     }
 #endif
     else {          /* sasl_mechanism == SASL_MECHANISM_EXTERNAL */
-#ifdef TLS          /* TLS required for EXTERNAL sasl */ 
+#ifdef TLS          /* TLS required for EXTERNAL sasl */
       dst[0] = '+';
       dst[1] = 0;
     }
-    putlog(LOG_DEBUG, "*", "SASL: put AUTHENTICATE %s", dst);
-    dprintf(DP_MODE, "AUTHENTICATE %s\n", dst);
 #else
-    putlog(LOG_DEBUG, "*", "SASL: TLS libs required for EXTERNAL but are not "
+      putlog(LOG_DEBUG, "*", "SASL: TLS libs required for EXTERNAL but are not "
             "installed, try PLAIN method");
+      return 1;
     }
 #endif /* TLS */
+    putlog(LOG_DEBUG, "*", "SASL: put AUTHENTICATE %s", dst);
+    dprintf(DP_MODE, "AUTHENTICATE %s\n", dst);
   } else {      /* Only EC-challenges get extra auth messages w/o a + */
 #ifdef TLS
 #ifdef HAVE_EVP_PKEY_GET1_EC_KEY