From c67835ce5c5547df36476adfe18850ff75f4c332 Mon Sep 17 00:00:00 2001
From: Matt Hamilton <matt@givemesecurity.info>
Date: Wed, 14 Feb 2024 09:56:37 -0500
Subject: [PATCH] Gracefully handle NS cert add myself <fp> (#2128)

* Gracefully handle NS cert add myself <fp>

A non-operator with the nick "mynick" attempts to register
a fingerprint to their authenticated account.

They /msg NickServ cert add mynick <fingerprint>

NickServ responds with "Insufficient privileges" because
they've accidentally invoked the operator syntax (to action
other accounts).

This patch allows the user to add the fingerprint if the client's
account is identical to the target account.

Signed-off-by: Matt Hamilton <m@tthamilton.com>

* Update nickserv.go

Compare the case-normalized target to Account()

---------

Signed-off-by: Matt Hamilton <m@tthamilton.com>
Co-authored-by: Shivaram Lingamneni <slingamn@cs.stanford.edu>
---
 irc/nickserv.go | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/irc/nickserv.go b/irc/nickserv.go
index 94004070..3e859160 100644
--- a/irc/nickserv.go
+++ b/irc/nickserv.go
@@ -1398,6 +1398,11 @@ func nsCertHandler(service *ircService, server *Server, client *Client, command
 	case "add", "del":
 		if 2 <= len(params) {
 			target, certfp = params[0], params[1]
+			if cftarget, err := CasefoldName(target); err == nil && client.Account() == cftarget {
+				// If the target is equal to the account, then the user accidentally invoked operator
+				// syntax (cert add mynick <fp>) instead of self syntax (cert add <fp>).
+				target = ""
+			}
 		} else if len(params) == 1 {
 			certfp = params[0]
 		} else if len(params) == 0 && verb == "add" && rb.session.certfp != "" {