Missing option to enforce challenge response during botlink

[michaelortmann]

I would like to have an eggdrop config option added to enforce challenge response (instead of sending a cleartext password) during botlink.

Without that option, a bot can be made to fallback. See https://github.com/eggheads/eggdrop/blob/ddcf4d0bb029bcbab5cad95626a5fcd10e02224a/src/dcc.c#L376

Demo, to show what i mean:

#!/usr/bin/python

import os
import socket
import sys

if len(sys.argv) != 2:
    print("usage: %s <port>" % sys.argv[0]);
    exit(os.EX_USAGE)

s = socket.socket()
s.bind(("", int(sys.argv[1])))
s.listen(0)

while 1:
  conn, addr = s.accept()
  conn.send(b"\n");
  name = conn.recv(1024)
  conn.send(b"passreq\n")
  passwd = conn.recv(1024)
  print("your are %s and your password is %s" % (name.decode('utf-8')[:-1], passwd.decode('utf-8')[:-1]));
  conn.close()

This python code (compatible with python 2 and 3) executed with a port number to listen gives:

$ ./eggdrop-pass.py 3364
your are BotA and your password is hunter

If you do the following on the eggdrop bot:

.chaddr testbot 127.0.0.1 3364
.chpass testbot hunter
[...]
.link testbot

In other words, if one bot does not ask for challenge response and only sends "passreq\n" (like in ancient days before it was implemented) then the other bot doesnt use challenge response but falls back to clear text, without even logging a warning about it.