CEF/ergo
1
0
Fork 0
forked from External/ergo
Code Pull requests Activity

fix a bug

Browse source 
In the previous commit, the client would receive a failure message but would
actually remain logged in after an authzid/authcid mismatch. This was a
correctness rather than a security issue, but now it's fixed so that the client
never logs in in the first place.
This commit is contained in:
Shivaram Lingamneni 2019-12-25 15:06:26 -05:00
parent c8ccf94936
commit 33c8b2177e
4 changed files with 28 additions and 19 deletions
Download patch file Download diff file Expand all files Collapse all files

6
irc/accounts.go
View file

@ -971,7 +971,7 @@ func (am *AccountManager) ChannelsForAccount(account string) (channels []string)
return unmarshalRegisteredChannels(channelStr)
}
func (am *AccountManager) AuthenticateByCertFP(client *Client) error {
func (am *AccountManager) AuthenticateByCertFP(client *Client, authzid string) error {
if client.certfp == "" {
return errAccountInvalidCredentials
}
@ -991,6 +991,10 @@ func (am *AccountManager) AuthenticateByCertFP(client *Client) error {
return err
}
if authzid != "" && authzid != account {
return errAuthzidAuthcidMismatch
}
// ok, we found an account corresponding to their certificate
clientAccount, err := am.LoadAccount(account)
if err != nil {