From 310ad345a3fd63a275281d78cf0575920b2c8bac Mon Sep 17 00:00:00 2001
From: James Lu <james@overdrivenetworks.com>
Date: Fri, 30 Mar 2018 11:54:45 -0700
Subject: [PATCH] SECURITY: normalize account names before checking network /
 oper filters

(cherry picked from commit a6c1beaad0f715a28495edab8b4ae0f53a8968a7)
---
 coremods/corecommands.py | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/coremods/corecommands.py b/coremods/corecommands.py
index 7480e50..0f7af93 100644
--- a/coremods/corecommands.py
+++ b/coremods/corecommands.py
@@ -15,12 +15,15 @@ from pylinkirc.log import log
 
 def _login(irc, source, username):
     """Internal function to process logins."""
+    # Mangle case before we start checking for login data.
+    accounts = {k.lower(): v for k, v in conf.conf['login'].get('accounts', {}).items()}
 
     if irc.is_internal_client(source):
         irc.error("Cannot use 'identify' via a command proxy.")
         return
 
-    logindata = conf.conf['login'].get('accounts', {}).get(username, {})
+    logindata = accounts.get(username.lower(), {})
+
     network_filter = logindata.get('networks')
     require_oper = logindata.get('require_oper', False)
     hosts_filter = logindata.get('hosts', [])