sasl: Follow PLAIN spec more closely

2024-11-13 07:29:30 +01:00 · 2016-12-01 18:48:11 +10:00 · 2016-12-01 18:48:11 +10:00 · 1cc217a9ae
commit 1cc217a9ae
parent cc910d0e6e
1 changed files with 13 additions and 9 deletions
--- a/irc/accounts.go
+++ b/irc/accounts.go
@ -171,19 +171,23 @@ func authenticateHandler(server *Server, client *Client, msg ircmsg.IrcMessage)
 func authPlainHandler(server *Server, client *Client, mechanism string, value []byte) bool {
 	splitValue := bytes.Split(value, []byte{'\000'})

-	if len(splitValue) != 3 {
+	var accountKey, authzid string
+
+	if len(splitValue) == 3 {
+		accountKey = string(splitValue[0])
+		authzid = string(splitValue[1])
+
+		if accountKey == "" {
+			accountKey = authzid
+		} else if accountKey != authzid {
+			client.Send(nil, server.name, ERR_SASLFAIL, client.nick, "SASL authentication failed: authcid and authzid should be the same")
+			return false
+		}
+	} else {
 		client.Send(nil, server.name, ERR_SASLFAIL, client.nick, "SASL authentication failed: Invalid auth blob")
 		return false
 	}

-	accountKey := string(splitValue[0])
-	authzid := string(splitValue[1])
-
-	if accountKey != authzid {
-		client.Send(nil, server.name, ERR_SASLFAIL, client.nick, "SASL authentication failed: authcid and authzid should be the same")
-		return false
-	}
-
 	// keep it the same as in the REG CREATE stage
 	accountKey, err := CasefoldName(accountKey)
 	if err != nil {