+ case -5:
+ sendto_realops_snomask(SNO_GENERAL, L_ALL,
+ "Connection from servername %s requires SSL/TLS but is plaintext",
+ name);
+ ilog(L_SERVER, "Access denied, requires SSL/TLS but is plaintext from %s",
+ log_client_name(client_p, SHOW_IP));
+
+ exit_client(client_p, client_p, client_p, "Access denied, requires SSL/TLS but is plaintext");
+ return 0;
+ }
+
+ /* require TS6 for direct links */
+ if(!IsCapable(client_p, CAP_TS6))
+ {
+ sendto_realops_snomask(SNO_GENERAL, is_remote_connect(client_p) ? L_NETWIDE : L_ALL,
+ "Link %s dropped, TS6 protocol is required", name);
+ exit_client(client_p, client_p, client_p, "Incompatible TS version");
+ return 0;
+ }
+
+ /* check to ensure any "required" caps are set. --nenolod */
+ required_mask = capability_index_get_required(serv_capindex);
+ if (!IsCapable(client_p, required_mask))
+ {
+ missing = capability_index_list(serv_capindex, required_mask &
+ ~client_p->localClient->caps);
+ sendto_realops_snomask(SNO_GENERAL, is_remote_connect(client_p) ? L_NETWIDE : L_ALL,
+ "Link %s dropped, required CAPABs [%s] are missing",
+ name, missing);
+ ilog(L_SERVER, "Link %s%s dropped, required CAPABs [%s] are missing",
+ EmptyString(client_p->name) ? name : "",
+ log_client_name(client_p, SHOW_IP), missing);
+ /* Do not use '[' in the below message because it would cause
+ * it to be considered potentially unsafe (might disclose IP
+ * addresses)
+ */
+ sendto_one(client_p, "ERROR :Missing required CAPABs (%s)", missing);
+ exit_client(client_p, client_p, client_p, "Missing required CAPABs");
+
+ return 0;