/* now it is -larne */
static int challenge_load(void)
{
- sendto_realops_snomask(SNO_GENERAL, L_ALL,
+ sendto_realops_snomask(SNO_GENERAL, L_NETWIDE,
"Challenge module not loaded because OpenSSL is not available.");
ilog(L_MAIN, "Challenge module not loaded because OpenSSL is not available.");
return -1;
size_t cnt;
int len = 0;
+ if (ConfigFileEntry.oper_secure_only && !IsSecureClient(source_p))
+ {
+ sendto_one_notice(source_p, ":You must be using a secure connection to /CHALLENGE on this server");
+ if (ConfigFileEntry.failed_oper_notice)
+ {
+ sendto_realops_snomask(SNO_GENERAL, L_NETWIDE,
+ "Failed CHALLENGE attempt - missing secure connection by %s (%s@%s)",
+ source_p->name, source_p->username, source_p->host);
+ }
+ return;
+ }
+
/* if theyre an oper, reprint oper motd and ignore */
if(IsOper(source_p))
{
"Failed CHALLENGE attempt - host mismatch by %s (%s@%s)",
source_p->name, source_p->username,
source_p->host);
+ cleanup_challenge(source_p);
return;
}
if(ConfigFileEntry.failed_oper_notice)
{
- sendto_realops_snomask(SNO_GENERAL, L_ALL,
+ sendto_realops_snomask(SNO_GENERAL, L_NETWIDE,
"Failed CHALLENGE attempt - missing SSL/TLS by %s (%s@%s)",
source_p->name, source_p->username, source_p->host);
}
if(ConfigFileEntry.failed_oper_notice)
{
- sendto_realops_snomask(SNO_GENERAL, L_ALL,
+ sendto_realops_snomask(SNO_GENERAL, L_NETWIDE,
"Failed OPER attempt - client certificate fingerprint mismatch by %s (%s@%s)",
source_p->name, source_p->username, source_p->host);
}
{
cnt = rb_strlcpy(chal_line, chal, CHALLENGE_WIDTH);
sendto_one(source_p, form_str(RPL_RSACHALLENGE2), me.name, source_p->name, chal_line);
- if(cnt > CHALLENGE_WIDTH)
+ if(cnt >= CHALLENGE_WIDTH)
chal += CHALLENGE_WIDTH - 1;
else
break;
{
SHA1_Init(&ctx);
SHA1_Update(&ctx, (uint8_t *)secret, CHALLENGE_SECRET_LENGTH);
- *r_response = malloc(SHA_DIGEST_LENGTH);
+ *r_response = rb_malloc(SHA_DIGEST_LENGTH);
SHA1_Final((uint8_t *)*r_response, &ctx);
length = RSA_size(rsa);