Merge pull request from GHSA-6g7f-8qm4-f7h8

When LOGIN authentication was used, Fleet would send SMTP credentials
even if the connection the SMTP server was not secured via TLS.

Copying the pattern used in the standard library PlainAuth
implementation, we now only send credentials when the connection is
secure or the server is localhost.

Author: zwass

server/mail/mail.go

@@ -74,13 +74,26 @@ func (m mailService) SendEmail(e kolide.Email) error {
 type loginauth struct {
 	username string
 	password string
+	host     string
 }
 
-func LoginAuth(username, password string) smtp.Auth {
-	return &loginauth{username: username, password: password}
+func LoginAuth(username, password, host string) smtp.Auth {
+	return &loginauth{username: username, password: password, host: host}
 }
 
-func (l *loginauth) Start(serverInfo *smtp.ServerInfo) (proto string, toServer []byte, err error) {
+func isLocalhost(name string) bool {
+	return name == "localhost" || name == "127.0.0.1" || name == "::1"
+}
+
+func (l *loginauth) Start(server *smtp.ServerInfo) (proto string, toServer []byte, err error) {
+	if !server.TLS && !isLocalhost(server.Name) {
+		return "", nil, errors.New("unencrypted connection")
+	}
+
+	if server.Name != l.host {
+		return "", nil, errors.New("wrong host name")
+	}
+
 	return "LOGIN", nil, nil
 }
 
@@ -111,7 +124,7 @@ func smtpAuth(e kolide.Email) (smtp.Auth, error) {
 	case kolide.AuthMethodPlain:
 		auth = smtp.PlainAuth("", e.Config.SMTPUserName, e.Config.SMTPPassword, e.Config.SMTPServer)
 	case kolide.AuthMethodLogin:
-		auth = LoginAuth(e.Config.SMTPUserName, e.Config.SMTPPassword)
+		auth = LoginAuth(e.Config.SMTPUserName, e.Config.SMTPPassword, e.Config.SMTPServer)
 	default:
 		return nil, fmt.Errorf("unknown SMTP auth type '%d'", e.Config.SMTPAuthenticationMethod)
 	}