From: Alexander Barton Date: Wed, 19 Nov 2008 18:11:39 +0000 (+0100) Subject: New configuration option "NoIdent" to disable IDENT lookups X-Git-Tag: rel-13-rc1~5 X-Git-Url: https://arthur.barton.de/cgi-bin/gitweb.cgi?p=ngircd-alex.git;a=commitdiff_plain;h=4c113d8850dfc423e3dae2d2f90e7e9a9d42f0b0 New configuration option "NoIdent" to disable IDENT lookups The new configuration option "NoIdent" in ngircd.conf can be used to disable IDENT lookups even when the ngIRCd daemon is compiled with IDENT lookups enabled. --- diff --git a/ChangeLog b/ChangeLog index ff9a75d5..ededa60f 100644 --- a/ChangeLog +++ b/ChangeLog @@ -34,6 +34,8 @@ ngIRCd-dev - More tests have been added to the test-suite ("make check"), and two servers are started for testing server-server linking. - Added a timestamp to log messages to the console. + - New configuration option "NoIdent" to disable IDENT lookups even if the + daemon is compiled with IDENT support. ngIRCd 0.12.1 (2008-07-09) diff --git a/NEWS b/NEWS index 162d86ad..0d77f0a8 100644 --- a/NEWS +++ b/NEWS @@ -26,6 +26,8 @@ ngIRCd-dev In addition ngIRCd creates a "special" channel &SERVER on startup and logs all the messages to it that a user with mode +s receives. - New make target "osxpkg" to build a Mac OS X installer package. + - New configuration option "NoIdent" to disable IDENT lookups even if the + daemon is compiled with IDENT support. ngIRCd 0.12.1 (2008-07-09) diff --git a/doc/sample-ngircd.conf b/doc/sample-ngircd.conf index 459d51d4..1ccc90c6 100644 --- a/doc/sample-ngircd.conf +++ b/doc/sample-ngircd.conf @@ -122,6 +122,10 @@ # Don't do any DNS lookups when a client connects to the server. ;NoDNS = no + # Don't do any IDENT lookups, even if ngIRCd has been compiled + # with support for it. + ;NoIdent = no + # try to connect to other irc servers using ipv4 and ipv6, if possible ;ConnectIPv6 = yes ;ConnectIPv4 = yes diff --git a/man/ngircd.conf.5.tmpl b/man/ngircd.conf.5.tmpl index 14baf209..0848c36b 100644 --- a/man/ngircd.conf.5.tmpl +++ b/man/ngircd.conf.5.tmpl @@ -178,10 +178,15 @@ the config file. Default: No. .TP \fBNoDNS\fR -If enabled, ngircd will not make DNS lookups when clients connect. +If set to true, ngircd will not make DNS lookups when clients connect. If you configure ngircd to connect to other servers, ngircd may still perform a DNS lookup if required. -Default: No. +Default: false. +.TP +\fBNoIdent\fR +If ngircd is compiled with IDENT support this can be used to disable IDENT +lookups at run time. +Default: false. .TP \fBConnectIPv4\fR Set this to no if you do not want ngircd to connect to other irc servers using ipv4. diff --git a/src/ngircd/conf.c b/src/ngircd/conf.c index 97ecb10f..fe059380 100644 --- a/src/ngircd/conf.c +++ b/src/ngircd/conf.c @@ -259,6 +259,7 @@ Conf_Test( void ) printf( " OperServerMode = %s\n", yesno_to_str(Conf_OperServerMode)); printf( " PredefChannelsOnly = %s\n", yesno_to_str(Conf_PredefChannelsOnly)); printf( " NoDNS = %s\n", yesno_to_str(Conf_NoDNS)); + printf( " NoIdent = %s\n", yesno_to_str(Conf_NoIdent)); #ifdef WANT_IPV6 printf(" ConnectIPv4 = %s\n", yesno_to_str(Conf_ConnectIPv6)); @@ -519,6 +520,7 @@ Set_Defaults( bool InitServers ) Conf_OperCanMode = false; Conf_NoDNS = false; + Conf_NoIdent = false; Conf_PredefChannelsOnly = false; Conf_OperServerMode = false; @@ -903,6 +905,19 @@ Handle_GLOBAL( int Line, char *Var, char *Arg ) Conf_NoDNS = Check_ArgIsTrue( Arg ); return; } + if (strcasecmp(Var, "NoIdent") == 0) { + /* don't do IDENT lookups when clients connect? */ + Conf_NoIdent = Check_ArgIsTrue(Arg); +#ifndef IDENTAUTH + if (!Conf_NoIdent) { + /* user has enabled ident lookups explicitly, but ... */ + Config_Error(LOG_WARNING, + "%s: line %d: NoIdent=False, but ngircd was built without IDENT support", + NGIRCd_ConfFile, Line); + } +#endif + return; + } #ifdef WANT_IPV6 /* the default setting for all the WANT_IPV6 special options is 'true' */ if( strcasecmp( Var, "ConnectIPv6" ) == 0 ) { diff --git a/src/ngircd/conf.h b/src/ngircd/conf.h index af489edf..53284656 100644 --- a/src/ngircd/conf.h +++ b/src/ngircd/conf.h @@ -143,6 +143,9 @@ GLOBAL bool Conf_OperCanMode; /* Disable all DNS functions? */ GLOBAL bool Conf_NoDNS; +/* Disable IDENT lookups, even when compiled with support for it */ +GLOBAL bool Conf_NoIdent; + /* * try to connect to remote systems using the ipv6 protocol, * if they have an ipv6 address? (default yes) diff --git a/src/ngircd/conn.c b/src/ngircd/conn.c index f0a97f9c..b29ad7e3 100644 --- a/src/ngircd/conn.c +++ b/src/ngircd/conn.c @@ -1167,7 +1167,7 @@ New_Connection( int Sock ) #endif ng_ipaddr_t new_addr; char ip_str[NG_INET_ADDRSTRLEN]; - int new_sock, new_sock_len; + int new_sock, new_sock_len, identsock; CLIENT *c; long cnt; @@ -1270,10 +1270,14 @@ New_Connection( int Sock ) Client_SetHostname(c, My_Connections[new_sock].host); + identsock = new_sock; +#ifdef IDENTAUTH + if (Conf_NoIdent) + identsock = -1; +#endif if (!Conf_NoDNS) Resolve_Addr(&My_Connections[new_sock].res_stat, &new_addr, - My_Connections[new_sock].sock, cb_Read_Resolver_Result); - + identsock, cb_Read_Resolver_Result); Conn_SetPenalty(new_sock, 4); return new_sock; } /* New_Connection */ diff --git a/src/ngircd/resolve.c b/src/ngircd/resolve.c index 1eb35dd8..999ef990 100644 --- a/src/ngircd/resolve.c +++ b/src/ngircd/resolve.c @@ -175,13 +175,12 @@ Do_IdentQuery(int identsock, array *resolved_addr) #ifdef IDENTAUTH char *res; - assert(identsock >= 0); + if (identsock < 0) + return; #ifdef DEBUG Log_Resolver(LOG_DEBUG, "Doing IDENT lookup on socket %d ...", identsock); #endif - if (identsock < 0) - return; res = ident_id( identsock, 10 ); #ifdef DEBUG Log_Resolver(LOG_DEBUG, "Ok, IDENT lookup on socket %d done: \"%s\"", diff --git a/src/testsuite/ngircd-test1.conf b/src/testsuite/ngircd-test1.conf index 299bf7ca..a12873fb 100644 --- a/src/testsuite/ngircd-test1.conf +++ b/src/testsuite/ngircd-test1.conf @@ -10,6 +10,7 @@ MaxConnectionsIP = 0 OperCanUseMode = yes MaxJoins = 4 + NoIdent = yes [Operator] Name = TestOp diff --git a/src/testsuite/ngircd-test2.conf b/src/testsuite/ngircd-test2.conf index 3c2829bc..e6d1696b 100644 --- a/src/testsuite/ngircd-test2.conf +++ b/src/testsuite/ngircd-test2.conf @@ -10,6 +10,7 @@ MaxConnectionsIP = 0 OperCanUseMode = yes MaxJoins = 4 + NoIdent = yes [Operator] Name = TestOp