search

ergochat / ergo

A modern IRC server (daemon/ircd) written in Go.
https://ergo.chat/
MIT License
2.2k stars 175 forks source link

Gracefully handle NS cert add myself <fp> #2128

Closed Eriner closed 4 months ago

Eriner commented 4 months ago

A non-operator with the nick "mynick" attempts to register a fingerprint to their authenticated account.

/msg NickServ cert add mynick <fingerprint>

NickServ responds with "Insufficient privileges" because they've accidentally invoked the operator syntax (to action other accounts).

This patch allows the user to add the fingerprint if the client's account is identical to the target account.

--

Note about implementation, this does add an extra mutex lock and unlock by calling client.Account() vs modifying the conditional logic below, but as this is security sensitive and an infrequent operation, I took the easy route of setting the zero value on target.

Eriner commented 4 months ago

oh, heh, I think this resolves https://github.com/ergochat/ergo/issues/2098

slingamn commented 4 months ago

Thanks very much!