From 2331fc8b65377e722294b02bcf10d551336e6f6c Mon Sep 17 00:00:00 2001
From: Kim Alvefur <zash@zash.se>
Date: Thu, 16 Mar 2023 13:45:49 +0100
Subject: util.sasl.oauthbearer: Adjust parsing of GS2 to allow lack of authzid

Partly copied from util.sasl.scram and then reduced a bit.
---
 util/sasl/anonymous.lua   | 4 ++--
 util/sasl/oauthbearer.lua | 5 +++--
 2 files changed, 5 insertions(+), 4 deletions(-)

diff --git a/util/sasl/anonymous.lua b/util/sasl/anonymous.lua
index de98a5e2..089f038f 100644
--- a/util/sasl/anonymous.lua
+++ b/util/sasl/anonymous.lua
@@ -33,8 +33,8 @@ local function anonymous(self, message) -- luacheck: ignore 212/message
 	local username;
 	repeat
 		username = generate_random_id():lower();
-	until self.profile.anonymous(self, username, self.realm);
-	self.username = username;
+		self.username = username;
+	until self.profile.anonymous(self, username, self.realm, message);
 	return "success"
 end
 
diff --git a/util/sasl/oauthbearer.lua b/util/sasl/oauthbearer.lua
index 490a205f..7cba5f35 100644
--- a/util/sasl/oauthbearer.lua
+++ b/util/sasl/oauthbearer.lua
@@ -11,10 +11,11 @@ local function oauthbearer(self, message)
 		return "failure", "not-authorized";
 	end
 
-	local gs2_authzid, kvpairs = message:match("n,a=([^,]+),(.+)$");
-	if not gs2_authzid then
+	local gs2_header, kvpairs = message:match("^(n,[^,]*,),(.+)$");
+	if not gs2_header then
 		return "failure", "malformed-request";
 	end
+	local gs2_authzid = gs2_header:match("^[^,]*,a=([^,]*),$");
 
 	local auth_header;
 	for k, v in kvpairs:gmatch("([a-zA-Z]+)=([\033-\126 \009\r\n]*)\001") do
-- 
cgit v1.2.3