Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Gracefully handle NS cert add myself <fp> #2128

Merged
merged 2 commits into from
Feb 14, 2024

Conversation

Eriner
Copy link
Contributor

@Eriner Eriner commented Feb 14, 2024

A non-operator with the nick "mynick" attempts to register a fingerprint to their authenticated account.

/msg NickServ cert add mynick <fingerprint>

NickServ responds with "Insufficient privileges" because they've accidentally invoked the operator syntax (to action other accounts).

This patch allows the user to add the fingerprint if the client's account is identical to the target account.

--

Note about implementation, this does add an extra mutex lock and unlock by calling client.Account() vs modifying the conditional logic below, but as this is security sensitive and an infrequent operation, I took the easy route of setting the zero value on target.

A non-operator with the nick "mynick" attempts to register
a fingerprint to their authenticated account.

They /msg NickServ cert add mynick <fingerprint>

NickServ responds with "Insufficient privileges" because
they've accidentally invoked the operator syntax (to action
other accounts).

This patch allows the user to add the fingerprint if the client's
account is identical to the target account.

Signed-off-by: Matt Hamilton <m@tthamilton.com>
@Eriner
Copy link
Contributor Author

Eriner commented Feb 14, 2024

oh, heh, I think this resolves #2098

Compare the case-normalized target to Account()
@slingamn
Copy link
Member

Thanks very much!

@slingamn slingamn merged commit c67835c into ergochat:master Feb 14, 2024
1 check passed
@slingamn slingamn added this to the 2.14 milestone Feb 14, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants