.BitchX/operchallenge/0042755000175000017500000000000007572044611013227 5ustar  dandan.BitchX/operchallenge/Makefile0100600000175000017500000000026207571322607014655 0ustar  dandan# $Id: Makefile,v 1.7 2001/10/25 05:21:13 wcampbel Exp $

all: respond

respond: respond.c
	gcc -g -O2 -Wall -o respond respond.c -lcrypto -ggdb

clean:
	rm -f respond *.core *~
.BitchX/operchallenge/challenge.txt0100600000175000017500000003200307571322700015670 0ustar  dandan                       Oper Challenge and Response System

   $Id: challenge.txt,v 1.9 2002/07/17 23:31:11 leeh Exp $

   Copyright (c) 2001 by ircd-hybrid team

     ----------------------------------------------------------------------

   ircd-hybrid

   In an effort to reduce the damage caused to a network by a hacked O-line,
   Hybrid supports an OpenSSL based challenge-response system. This new
   system allows the admin to remove all oper block passwords from the conf
   file. Authentication is done through a public/private key.

     ----------------------------------------------------------------------

                                  Requirements

   The ircd must be compiled with the --enable-openssl option to configure .
   If configure detects a working openssl library, --enable-openssl is
   implicitly enabled.

   oper {} blocks should not have normal passwords, but should contain the
   the name of the private key file. However it is possible for the user to
   use both challenge and normal passwords, but this would defeat the purpose
   of the challenge system.

   m_challenge.so must be loaded.

   The oper has their private key file and an implementation of the RSA
   Respond tool available to be run.

     ----------------------------------------------------------------------

                                    Process

   Each oper should have a private key file and a public key file. The keys
   can be generated with the mkkeypair utility provided in tools/. The keys
   are compatible with cryptlink keys.

   The oper keeps their private key file in a safe place, and gives their
   public key file to their admin(s).

   The admin will place an entry for the public key file into a field called
   rsa_public_key_file of each oper's oper {} block in the conf file.

   The oper wishes to obtain their operator status, and issues the CHALLENGE
   command.

   The server will print out a long hexadecimal string, that needs to be fed
   to the respond utility provided in tools/rsa_respond.

   The respond program will generate an answer that is fed back to the
   CHALLENGE command.

     ----------------------------------------------------------------------

                            Generating the Key Files

   The keys can be generated with the openssl command as follows:

       openssl genrsa -des3(1) -out rsa.key 1024(2)
       openssl rsa -in rsa.key -pubout -out rsa.pub
   

   (1)
           The -des3 must be included in order to create a key with a
           passphrase. Omitting this option will create a non protected key.
   (2)
           The key size must be 1024 or below. The challenge sent for a
           longer keysize will be too long to fit into the ircd's 512 byte
           line constraint.

   It is highly recommended that you set a password on your private key.

   The tools/mkkeypair utility cannot be used to create a key suitable for
   use in CHALLENGE.

     ----------------------------------------------------------------------

                          Using CHALLENGE and respond

     Note: All examples assume the use of the stock respond client included
     with the Hybrid 7 source, run on a UNIX(c) platform.

   The administrator of the server you oper on should remove the password in
   your oper {} block and replace it with an entry for your public key, so
   that /oper will be disabled.

     Note: The public key is a VERY long string.

   The oper will issue /challenge oper_nick, and see something like below:

 *** 56F1FDAE4C590C524CF758917E62C2A2A1376CB9C4C2E7D411BB0AD9C4A
 605A2D05A94E7254197E9D71438B5FB565B6FD35465E462305F35F4A2D45311
 F983B3E062F635912FA155B4B1E18EAA782CC107F4C9DA83092658D16A2E88A
 6BCF9820F5A044A29CDD4C062F05BF509CA3B561375CBC4179BD1CF6026BDE9
 60E52C6B

     Note: The challenge is all on one line.

     Note: With some clients, the oper will have to issue /quote CHALLENGE
     instead of /challenge.

   The oper will then have to feed that challenge to the respond program.

   +------------------------------------------------------------------+
   | The respond utility's syntax is:                                 |
   |                                                                  |
   |$ ./respond private_key_file challenge_from_server                |
   |                                                                  |
   |                                                                  |
   | Example:                                                         |
   |                                                                  |
   |wcampbel@botbay (rsa_respond): ./respond hwy.key \                |
   |56F1FDAE4C590C524CF758917E62C2A2A1376CB9C4C2E7D411BB0AD9C4A605A2D0|
   |5A94E7254197E9D71438B5FB565B6FD35465E462305F35F4A2D45311F983B3E062|
   |F635912FA155B4B1E18EAA782CC107F4C9DA83092658D16A2E88A6BCF9820F5A04|
   |4A29CDD4C062F05BF509CA3B561375CBC4179BD1CF6026BDE960E52C6B        |
   |Keyphrase:                                                        |
   |6B882932DD00F86123869E401F7334B9B0D0018A60F1DE244E90E47246AA87C7  |
   |                                                                  |
   |   Note: The challenge parameter must be on one line.             |
   +------------------------------------------------------------------+

   The keyphrase must be entered properly to get the response. The bottom
   line is the response that must be sent back to the server.

   The oper will issue the following command in order to obtain operator
   status:

   /challenge
   +6B882932DD00F86123869E401F7334B9B0D0018A60F1DE244E90E47246AA87C7

     Note: The '+' is needed

   If successful, the oper will obtain operator status on the server.

   +------------------------------------------------------------------------+
   |                                Warning                                 |
   |------------------------------------------------------------------------|
   | If the CHALLENGE fails, and you use ircII, EPIC, or BX, you may get    |
   | disconnected with the client asking for the server password. This is a |
   | client bug, not an ircd bug.                                           |
   +------------------------------------------------------------------------+

     ----------------------------------------------------------------------

                                RSA Respond Tool

   The RSA Respond tool is a vital part of challenge/response system. In
   order to function, the operator must have must have a way to quickly issue
   the respond command, and to copy and paste data to and from the IRC
   client.

   The respond source code is included with the Hybrid 7 source, in the
   tools/rsa_respond directory. A distributable tar file can easily be
   created by issuing make rsa_respond in the root of the source tree. The
   file rsa_respond.tar.gz will be created in the root of the source tree.

   rsa_respond.tar.gz should compile with little or no modifications[1] on
   most UNIX(c) and UNIX-like platforms[2]. The README in the tar archive
   gives more information.

   A copy of the source tar file is available on
   http://ircd.botbay.net/pub/hybrid/rsa/rsa_respond.tar.gz.

   For Windows platforms, there are two available RSA Respond tools. One is a
   text only port of the stock tool. The binary is available from
   http://ircd.botbay.net/pub/hybrid/rsa/rsa_respond-bin.tar.gz. The other
   tool is a GUI enabled version[3]. The source tree[4] is available from
   http://ircd.botbay.net/pub/hybrid/rsa/winrespond-src.tar.gz. A binary
   distribution is available from
   http://ircd.botbay.net/pub/hybrid/rsa/winrespond-bin.tar.gz.

   With the appropriate version of the RSA Respond tool, any operator can
   protect their privileged access to the server, with little additional
   effort over using standard operator passwords.

     ----------------------------------------------------------------------

                                    Benefits

   The greatest benefit of using the challenge/response system is that there
   are no passwords sent over the network in plaintext. There are also no
   credentials left on the server side, as only public keys are kept in the
   conf. The use of public/private key encryption provides far greater
   security over having a single password, and may (if the key is kept
   secure, and has a good passphrase) virtually eliminate hacked O-lines.

     ----------------------------------------------------------------------

                                  A. Numerics

 :server 381 user :You have entered... the Twilight Zone!.
 :server 386 user :challenge-text
 :server 464 user :Password Incorrect
 :server 491 user :Only few of mere mortals may try to enter the twilight zone
   

     Note: The text used can be changed by the server administrator.

     ----------------------------------------------------------------------

                                  B. Scripting

   The following script is for EPIC 4 only. It was written by Greg Prosser,
   xyst <[email protected]>.

   Please note that passphrase protected keys cannot be used in conjunction
   with this script.

   BEGIN challenge.irc

      

      
 # challenge.irc -- authenticate to a hybrid-7 server with challenge response
 #                  oper authentication.  --gnp (xyst)
 # note: this is almost gauranteed to not work if your key needs a passphrase
 #
 # credit goes to hop for pipe from the default script archive, which doesn't
 # work, but gave me a framework for execing stuff and getting the response.

 # For Hybrid's cvs...
 # $Id: challenge.txt,v 1.9 2002/07/17 23:31:11 leeh Exp $

 xecho ... Loading challenge.irc by xyst, feer.

 # you might want to change these..

 @challenge.path=[~/.irc/respond]
 @challenge.key=[~/.irc/challenge.identity]
 @challenge.num=0
 @challenge.response=[]
 @challenge.savepath=[~/.irc/challenge.config]

 alias rsaconfig {
     if ([$0])
     {
         switch ($tolower($0))
         {
             (resppath)
             {
                 if ([$1])
                 {
                     @challenge.resp=[$1]
                     xecho $G Challenge -- resppath is now: $1
                 } {
                     xecho $G Challenge -- resppath: $challenge.path
                 }
             }
             (keypath)
             {
                 if ([$1])
                 {
                     @challenge.key=[$1]
                     xecho $G Challenge -- keypath is now: $1
                 } {
                     xecho $G Challenge -- keypath: $challenge.key
                 }
             }
             (save)
             {
                 @unlink($challenge.savepath)
                 @fd=open($challenge.savepath W)
                 @write($fd @challenge.path=[$challenge.path])
                 @write($fd @challenge.key=[$challenge.key])
                 @close($fd)
                 xecho $G Challenge -- saved settings.
             }
             (*)
             {
                 xecho $G Usage: /rsaconfig <resppath|keypath> [value]
             }
         }
     } {
         xecho $G Current settings for challenge.irc:
         rsaconfig resppath
         rsaconfig keypath
         xecho $G Type /rsaconfig <resppath|keypath> <value> to change these, /rsaconfig save saves them.
     }
 }

 alias challenge {
     if ([$0])
     {
         ^quote challenge $0
     } {
         xecho $G Usage: /challenge <username>
     }
 }

 on ^386 * {
     xecho $G Got oper-challenge from server, sending response..
     @challenge.num++
     ^on ^exec "chall$challenge.num *" {
         @challenge.response=[$1]
     }
     ^exec -name chall$challenge.num $challenge.path $challenge.key $1
     ^wait %chall$challenge.num
     ^on exec -"chall$challenge.num *"
     ^stack push on raw_irc
     ^stack push on 381
     ^on ^raw_irc "$S 464 *" { xecho $G Challenge incorrect.  Check your key.;^stack pop on raw_irc;^stack pop on 381 }
     ^on -381 * { ^stack pop on 381;^stack pop on raw_irc }
     ^quote challenge +$challenge.response
 }

 if ([$fexist($challenge.savepath)] > 0)
 {
     xecho $G Loading settings from $challenge.savepath ..
     ^load $challenge.savepath
 } {
     xecho $G Config file not found, try /rsaconfig save\; using defaults.
 }

 rsaconfig

      
   

  Notes

   [1] Some platforms may require Makefile changes in order to link in the    
       OpenSSL library. This may change in the future.                        
   [2] Platforms known to function include: Linux, FreeBSD, Solaris, and      
       Cygwin.                                                                
   [3] A screenshot of the program is available on                            
       http://kabel.pp.ru/sgml/winrespond.png .                               
   [4] The winrespond source depends on a working, up to date, Cygwin         
       installation.                                                          
.BitchX/operchallenge/ChangeLog0100644000175000017500000000127107572044611014775 0ustar  dandanversion 1.3
 - moved "on exec chalresponse" to outside of the "on 386" routine.
 - cleaned up operchallenge-nocolor.bx to remove unneeded variables relating
   to color output.

version 1.2
 - cleaned up more code suggested by BlackJac (thanks!)
 - created an operchallenge-nocolor.bx script if you want to use it without the colors

version 1.1
 - cleaned up some of the code
 - added client_information
 - added another exec hook to catch decryption errors

version 1.0 - Thu Nov 28 05:43:13 EST 2002
 - Inital release for BitchX ONLY
 - Requires you are running a version ov BitchX which supports /exec -inquiet
   As of the above date, this is only the most current CVS release of 1.0c20cvs


.BitchX/operchallenge/respond-README0100600000175000017500000000145707571322615015553 0ustar  dandan                                rsa_respond

respond:

respond takes the challenge from the server and creates a valid response
to pass back to the server.

Syntax:
$ ./respond <private key> <challenge>

Notes:

The private key file is protected by a passphrase, entered when the key is
created.  The passphrase is prompted for whenever respond is called.

Compiling:

Untar the distribution
Read this document
Run 'make'

libcrypto from OpenSSL must be available in order to use this program.

Note that you may have to explicitly add -L/usr/local/lib if OpenSSL
was installed there, instead of one of the system library paths.

System support:
genkey and respond compile properly, and have been tested on FreeBSD 4.x,
Linux glibc, and Cygwin 1.2 or higher.

# $Id: README,v 1.6 2001/10/25 05:21:13 wcampbel Exp $
.BitchX/operchallenge/respond.c0100600000175000017500000000616107571322627015041 0ustar  dandan/*
 * tools/rsa_respond/respond.c
 * A simple RSA authentification challenge response generator for the
 * ircd-hybrid CHALLENGE command.
 *  This code is Copyright(C)2001 by the past and present ircd-hybrid
 *  developers.
 *  This program is free software; you can redistribute it and/or modify
 *  it under the terms of the GNU General Public License as published by
 *  the Free Software Foundation; either version 2 of the License, or
 *  (at your option) any later version.
 *
 *  This program is distributed in the hope that it will be useful,
 *  but WITHOUT ANY WARRANTY; without even the implied warranty of
 *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 *  GNU General Public License for more details.
 *
 *  You should have received a copy of the GNU General Public License
 *  along with this program; if not, write to the Free Software
 *  Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
 *  $Id: respond.c,v 1.6 2001/10/24 05:26:07 androsyn Exp $
 */
#include <stdio.h>
#include <openssl/err.h>
#include <openssl/rsa.h>
#include <openssl/pem.h>
#include <openssl/md5.h>
#include <unistd.h>

static int pass_cb(char *buf, int size, int rwflag, void *u)
{
	int len;
        char *tmp;
	tmp = getpass("Enter passphrase for challenge: ");
        len = strlen(tmp);
        if (len <= 0) 
		return 0;
        if (len > size)
        	len = size;
        memcpy(buf, tmp, len);
        return len;
}

                                                                                        
static void
binary_to_hex( unsigned char * bin, char * hex, int length )
{
	char * trans = "0123456789ABCDEF";
	int i;

	for( i = 0; i < length; i++ )
	{
		hex[i<<1]     = trans[bin[i] >> 4];
		hex[(i<<1)+1] = trans[bin[i] & 0xf];
	}
	hex[i<<1] = '\0';
}

static int
hex_to_binary(const char *from, char *to, int len)
{
	char a, b=1;
	int p=0;
	const char *ptr = from;
	while (-1)
	{
		a = *ptr++;
		if (!a)
			break;
		b = *ptr++;
		
		/* If this happens, we got bad input. */
		if (!b)
			break;
		if (p >= len)
			break;
		if (!((a >= '0' && a <= '9') || (a >= 'A' && a <= 'F')))
			break;
		if (!((b >= '0' && b <= '9') || (b >= 'A' && b <= 'F')))
			break;
		to[p++] = ((a <= '9') ? (a - '0') : (a - 'A' + 0xA))<<4 |
			((b <= '9') ? (b - '0') : (b - 'A' + 0xA));
	}
	return p;
}

int
main(int argc, char **argv)
{
	FILE *kfile;
	RSA *rsa = NULL;
	char ndata[257], ddata[257];
	/* respond privatefile challenge */
	if (argc < 3)
	{
		puts("Usage: respond privatefile challenge");
		return 0;
	}

	if (!(kfile = fopen(argv[1], "r")))
	{
		puts("Could not open the private keyfile.");
		return 0;
	}
	
	SSLeay_add_all_ciphers();
	rsa = PEM_read_RSAPrivateKey(kfile, NULL,pass_cb, NULL);
  
	if(!rsa)
	{
		puts("Unable to read your private key, is the passphrase wrong?\n");
		return 0;
	}

	 fclose(kfile);
	if (hex_to_binary(argv[2], ndata, 128) != 128)
	{
		puts("Bad challenge.");
		return -1;
	}

	if (RSA_private_decrypt(128, (unsigned char*)ndata,
		(unsigned char*)ddata, rsa, RSA_PKCS1_PADDING) == -1)
	{
		puts("Decryption error.");
		return -1;
	}
	binary_to_hex((unsigned char*)ddata, ndata, 32);
	puts(ndata);
	return 0;
}
.BitchX/operchallenge/operchallenge.bx0100600000175000017500000001053207572043461016360 0ustar  dandan/*
* oper_challenge.bx for BitchX by powuh@EFNet
*
* This script requires the `respond` binary included with ircd-hybrid7+
* and ircd-ratbox1.0+.  I have included the respond.c source and Makefile
* in the tarball for this script.
*
* Any questions/comments/ideas/thankyou's -> powuh@EFNet (#BitchX, #efnet.org)
*/

if (bitchx() && V > 20020324) {

@ bx.operchallengever = 1.3
@ bx.operchallengeconfig = [~/.BitchX/operchallenge/operchallenge.cfg]

alias _opercecho { xecho -c $cparse("%K\[%bbX%K/%Roper%rchallenge%K\]%n $*") }

if (fexist($bx.operchallengeconfig) == -1) {
  _opercecho %rConfig file%K, %R$bx.operchallengeconfig%K,%R not found%K!!! %rType %R/operconf %rand %R/opersave%n
} else {
  ^load $bx.operchallengeconfig
}

alias challenge {
   @ bx.challenge.srv = [%K(%c$S%K)]
   if (!bx.operchallengenick) {
      _opercecho %BYour OPER nick is not set%K. %bType %B/operconf %bto set%K.%n
   } else {
      _opercecho $bx.challenge.srv %BSending %boper challenge request for %B$bx.operchallengenick%K.%n
      quote CHALLENGE $bx.operchallengenick
   }
}

alias operconf {
   @ :conftext = [$1]
   switch ($0) {
      (a) {@ bx.operchallenge = ([$1]==[yes])?1:0}
      (b) {@ bx.operchallengebin = [$conftext]}
      (c) {@ bx.operchallengekeyfile = [$conftext]}
      (d) {@ bx.operchallengenick = [$conftext]}
   }
   _opercecho %BCurrent Configuration%K:%n
   _opercecho     %K(%ra%K) %bRespond to challenge requests?%K(yes/no).... %K[%B${bx.operchallenge?[yes]:[no]}%K]%n
   _opercecho     %K(%rb%K) %bChallenge respond binary%K.................. %K[%B${bx.operchallengebin?[$bx.operchallengebin]:[N/A]}%K]%n
   _opercecho     %K(%rc%K) %bYour SSL private keyfile%K.................. %K[%B${bx.operchallengekeyfile?[$bx.operchallengekeyfile]:[N/A]}%K]%n
   _opercecho     %K(%rd%K) %bYour OPER nick%K............................ %K[%B${bx.operchallengenick?[$bx.operchallengenick]:[N/A]}%K]%n
   _opercecho %KInternal script version: $bx.operchallengever by powuh%n
   _opercecho %bType %B/operconf %K<%Bletter%K> <%Bvalue%K> %bto change a setting%K.%n
   _opercecho %bType %B/opersave %bto save settings%K.%n
}

alias opersave {
   @ rename($bx.operchallengeconfig $bx.operchallengeconfig~)
   @ operconf = open($bx.operchallengeconfig W T)
   @ write($operconf # operchallenge config file - saved $strftime($time() %D %T))
   @ write($operconf @ bx.operchallenge = [$bx.operchallenge])
   @ write($operconf @ bx.operchallengebin = [$bx.operchallengebin])
   @ write($operconf @ bx.operchallengekeyfile = [$bx.operchallengekeyfile])
   @ write($operconf @ bx.operchallengenick = [$bx.operchallengenick])
   @ close($operconf)
   _opercecho %BSaved Config %K-%b $bx.operchallengeconfig%n
}

/* Server numeric 386 is the response to a valid oper /challenge <nick> request */
on ^386 * {
   @ bx.challenge.str = [$1]
   $sar(r/://bx.challenge.str)
   _opercecho $bx.challenge.srv %BReceived%b SSL Oper Challenge Response%K.%n

   if (!bx.operchallenge) {
      _opercecho $bx.challenge.srv %rReceived challange response, but I'm not configured to respond%K.%n
      _opercecho $bx.challenge.srv %rType %R/operconf a yes %rto enable challenge responses%K.%n
      return
   }
   if (fexist($bx.operchallengebin) == -1) {
      _opercecho %rSpecified respond binary doesn't exist%K. %rType %R/operconf%r to set path/filename%K.%n
      return
   }
   if (fexist($bx.operchallengekeyfile) == -1) {
      _opercecho %rSpecified SSL private keyfile doesn't exist%K. %rType %R/operconf%r to set path/filename%K.%n
      return
   }
   exec -name chalrespond $bx.operchallengebin $bx.operchallengekeyfile $bx.challenge.str
   input -noecho "Oper SSL Passphrase:" { exec -inquiet %chalrespond $0- }
}

^on ^exec "chalrespond *" {
   switch ($1-) {
      (Bad challenge.)
         {_opercecho $bx.challenge.srv %RReceived invalid challenge string from the server%K.%n;return}
      (Unable to read your private key, is the passphrase wrong?)
         {_opercecho %RThe Passphrase you entered was incorrect!%n;return}
      (Decryption error.)
         {_opercecho %RDecryption error!%n;return}
   }
_opercecho $bx.challenge.srv %BPassphrase OK%K.  %BSending SSL Challenge Response to server%K.%n
do quote CHALLENGE +$1-
}

_opercecho %bversion %B$bx.operchallengever %bby %Bpowuh %bloaded%K. %bType %B/operconf%b to configure%K.%n

}{
   echo bX/operchallenge will only work on BitchX1.0c20 or above, for now - not loaded.
}

/* EOF */

.BitchX/operchallenge/README.NOW0100644000175000017500000000161107571600631014542 0ustar  dandan!!!IMPORTANT!!!
This script requires you are running a version of BitchX that supports /exec -inquiet
As of Thu Nov 28 05:48:23 EST 2002, the only version of BitchX that supports
this command is the latest version of 1.0c20cvs, available via CVS:

(CVS can be obtained from ftp://ftp.cvshome.org/pub)
export CVSROOT=:pserver:[email protected]:/cvs/bitchx
cvs login (password is blank, just hit <enter>)
cvs co BitchX

All future versions of BitchX after 1.0c20 will support this command.


----- INSTALLATION -----
This script should have extracted to ~/.BitchX/operchallenge/

Type 'make' to compile the respond binary.
libcrypto from OpenSSL must be available in order to compile this!

To load in BitchX:
   /load operchallenge/operchallenge.bx
   or
   /load operchallenge/operchallenge-nocolor.bx


Type /operconf to configure settings and /opersave to save settings.


Cheers,
powuh

.BitchX/operchallenge/TODO0100644000175000017500000000024707571372655013730 0ustar  dandanNothing I can think of at the moment.

If you have an idea, suggestion, comment, etc you can catch me on EFNet.

Or you can email me at [email protected]


Cheers,
powuh

.BitchX/operchallenge/operchallenge-nocolor.bx0100600000175000017500000000771407572044451020041 0ustar  dandan/*
* oper_challenge.bx for BitchX by powuh@EFNet
*
* This script requires the `respond` binary included with ircd-hybrid7+
* and ircd-ratbox1.0+.  I have included the respond.c source and Makefile
* in the tarball for this script.
*
* Any questions/comments/ideas/thankyou's -> powuh@EFNet (#BitchX, #efnet.org)
*/

if (bitchx() && V > 20020324) {

@ bx.operchallengever = 1.3
@ bx.operchallengeconfig = [~/.BitchX/operchallenge/operchallenge.cfg]

alias _opercecho { xecho -c [bX/operchallenge] $* }

if (fexist($bx.operchallengeconfig) == -1) {
  _opercecho Config file, $bx.operchallengeconfig, not found!!! Type /operconf and /opersave
} else {
  ^load $bx.operchallengeconfig
}

alias challenge {
   if (!bx.operchallengenick) {
      _opercecho Your OPER nick is not set. Type /operconf to set.
   } else {
      _opercecho \($S\) Sending oper challenge request for $bx.operchallengenick.
      quote CHALLENGE $bx.operchallengenick
   }
}

alias operconf {
   @ :conftext = [$1]
   switch ($0) {
      (a) {@ bx.operchallenge = ([$1]==[yes])?1:0}
      (b) {@ bx.operchallengebin = [$conftext]}
      (c) {@ bx.operchallengekeyfile = [$conftext]}
      (d) {@ bx.operchallengenick = [$conftext]}
   }
   _opercecho Current Configuration:
   _opercecho     (a) Respond to challenge requests?(yes/no).... [${bx.operchallenge?[yes]:[no]}]
   _opercecho     (b) Challenge respond binary.................. [${bx.operchallengebin?[$bx.operchallengebin]:[N/A]}]
   _opercecho     (c) Your SSL private keyfile.................. [${bx.operchallengekeyfile?[$bx.operchallengekeyfile]:[N/A]}]
   _opercecho     (d) Your OPER nick............................ [${bx.operchallengenick?[$bx.operchallengenick]:[N/A]}]
   _opercecho Internal script version: $bx.operchallengever by powuh
   _opercecho Type /operconf <letter> <value> to change a setting.
   _opercecho Type /opersave to save settings.
}

alias opersave {
   @ rename($bx.operchallengeconfig $bx.operchallengeconfig~)
   @ operconf = open($bx.operchallengeconfig W T)
   @ write($operconf # operchallenge config file - saved $strftime($time()  ))
   @ write($operconf @ bx.operchallenge = [$bx.operchallenge])
   @ write($operconf @ bx.operchallengebin = [$bx.operchallengebin])
   @ write($operconf @ bx.operchallengekeyfile = [$bx.operchallengekeyfile])
   @ write($operconf @ bx.operchallengenick = [$bx.operchallengenick])
   @ close($operconf)
   _opercecho Saved Config - $bx.operchallengeconfig
}

/* Server numeric 386 is the response to a valid oper /challenge <nick> request */
on ^386 * {
   @ bx.challenge.str = [$1]
   $sar(r/://bx.challenge.str)
   _opercecho \($S\) Received SSL Oper Challenge Response.

   if (!bx.operchallenge) {
      _opercecho \($S\) Received challange response, but I'm not configured to respond.
      _opercecho \($S\) Type /operconf a yes to enable challenge responses.
      return
   }
   if (fexist($bx.operchallengebin) == -1) {
      _opercecho Specified respond binary doesn't exist. Type /operconf to set path/filename.
      return
   }
   if (fexist($bx.operchallengekeyfile) == -1) {
      _opercecho Specified SSL private keyfile doesn't exist. Type /operconf to set path/filename.
      return
   }
   exec -name chalrespond $bx.operchallengebin $bx.operchallengekeyfile $bx.challenge.str
   input -noecho "Oper SSL Passphrase:" { exec -inquiet %chalrespond $0- }
}

^on ^exec "chalrespond *" {
   switch ($1-) {
      (Bad challenge.)
         {_opercecho \($S\) Received invalid challenge string from the server.;return}
      (Unable to read your private key, is the passphrase wrong?)
         {_opercecho The Passphrase you entered was incorrect!;return}
      (Decryption error.)
         {_opercecho Decryption error!;return}
   }
_opercecho \($S\) Passphrase OK.  Sending SSL Challenge Response to server.
do quote CHALLENGE +$1-
}

_opercecho version $bx.operchallengever by powuh loaded. Type /operconf to configure.

}{
   echo bX/operchallenge will only work on BitchX1.0c20 or above, for now - not loaded.
}

/* EOF */