Log unknown class in auth errors to ircd.log as well.

[irc/rqf/shadowircd.git] / modules / m_challenge.c

diff --git a/modules/m_challenge.c b/modules/m_challenge.c
index 0d2278e4bbd275c74d580176423b3e24b6505eec..19729e3cbe7c79b672d4b07cb9aefd28b6dfb204 100644 (file)
--- a/modules/m_challenge.c
+++ b/modules/m_challenge.c
@@ -44,7 +44,7 @@
 #include "s_conf.h"
 #include "msg.h"
 #include "parse.h"
-#include "irc_string.h"
+#include "match.h"
 #include "logger.h"
 #include "s_user.h"
 #include "cache.h"
@@ -100,7 +100,6 @@ cleanup_challenge(struct Client *target_p)
 
 /*
  * m_challenge - generate RSA challenge for wouldbe oper
- * parv[0] = sender prefix
  * parv[1] = operator to challenge for, or +response
  *
  */
@@ -223,6 +222,22 @@ m_challenge(struct Client *client_p, struct Client *source_p, int parc, const ch
                return 0;
        }
 
+       if(IsOperConfNeedSSL(oper_p) && !IsSSLClient(source_p))
+       {
+               sendto_one(source_p, form_str(ERR_NOOPERHOST), me.name, source_p->name);
+               ilog(L_FOPER, "FAILED CHALLENGE (%s) by (%s!%s@%s) (%s) -- requires SSL/TLS",
+                    parv[1], source_p->name, source_p->username, source_p->host,
+                    source_p->sockhost);
+
+               if(ConfigFileEntry.failed_oper_notice)
+               {
+                       sendto_realops_snomask(SNO_GENERAL, L_ALL,
+                                            "Failed CHALLENGE attempt - missing SSL/TLS by %s (%s@%s)",
+                                            source_p->name, source_p->username, source_p->host);
+               }
+               return 0;
+       }
+
        if(!generate_challenge(&challenge, &(source_p->localClient->challenge), oper_p->rsa_pubkey))
        {
                char *chal = challenge;