From 1cc217a9aee6287ea285c01eac548b65646cf8f3 Mon Sep 17 00:00:00 2001
From: Daniel Oaks <daniel@danieloaks.net>
Date: Thu, 1 Dec 2016 18:48:11 +1000
Subject: [PATCH] sasl: Follow PLAIN spec more closely

---
 irc/accounts.go | 22 +++++++++++++---------
 1 file changed, 13 insertions(+), 9 deletions(-)

diff --git a/irc/accounts.go b/irc/accounts.go
index 36b81e8d..2ec3fd26 100644
--- a/irc/accounts.go
+++ b/irc/accounts.go
@@ -171,19 +171,23 @@ func authenticateHandler(server *Server, client *Client, msg ircmsg.IrcMessage)
 func authPlainHandler(server *Server, client *Client, mechanism string, value []byte) bool {
 	splitValue := bytes.Split(value, []byte{'\000'})
 
-	if len(splitValue) != 3 {
+	var accountKey, authzid string
+
+	if len(splitValue) == 3 {
+		accountKey = string(splitValue[0])
+		authzid = string(splitValue[1])
+
+		if accountKey == "" {
+			accountKey = authzid
+		} else if accountKey != authzid {
+			client.Send(nil, server.name, ERR_SASLFAIL, client.nick, "SASL authentication failed: authcid and authzid should be the same")
+			return false
+		}
+	} else {
 		client.Send(nil, server.name, ERR_SASLFAIL, client.nick, "SASL authentication failed: Invalid auth blob")
 		return false
 	}
 
-	accountKey := string(splitValue[0])
-	authzid := string(splitValue[1])
-
-	if accountKey != authzid {
-		client.Send(nil, server.name, ERR_SASLFAIL, client.nick, "SASL authentication failed: authcid and authzid should be the same")
-		return false
-	}
-
 	// keep it the same as in the REG CREATE stage
 	accountKey, err := CasefoldName(accountKey)
 	if err != nil {