auth: client protocol: Recognize empty initial response field as an absent initial...

Particularly, Exim sends an empty initial response field in the AUTH request for
an authentication command that has no initial response. Originally, Dovecot
allowed this, but this was recently changed so that the EXTERNAL SASL mechanism
works properly from ManageSieve. This commit makes it allowed again for older
authentication clients to send an empty initial response field for an
authentication command that has no initial response part. Sending '=' for an
empty initial response is still allowed in general.

diff --git a/src/auth/auth-request-handler.c b/src/auth/auth-request-handler.c
index e3b805ec699228f13db2f693c7747aa3d2d759ad..a8f505128e63172657a9fe37d1069212bfd8b558 100644 (file)
--- a/src/auth/auth-request-handler.c
+++ b/src/auth/auth-request-handler.c
@@ -14,6 +14,7 @@
 #include "auth-penalty.h"
 #include "auth-request.h"
 #include "auth-token.h"
+#include "auth-client-connection.h"
 #include "auth-master-connection.h"
 #include "auth-request-handler.h"
 #include "auth-policy.h"
@@ -583,6 +584,13 @@ bool auth_request_handler_auth_begin(struct auth_request_handler *handler,
                /* No initial response */
                request->initial_response = NULL;
                request->initial_response_len = 0;
+       } else if (handler->conn->version_minor < 2 && *initial_resp == '\0') {
+               /* Some authentication clients like Exim send and empty initial
+                  response field when it is in fact absent in the
+                  authentication command. This was allowed for older versions
+                  of the Dovecot authentication protocol. */
+               request->initial_response = NULL;
+               request->initial_response_len = 0;
        } else if (*initial_resp == '\0' || strcmp(initial_resp, "=") == 0 ) {
                /* Empty initial response - Protocols that use SASL often
                   use '=' to indicate an empty initial response; i.e., to