commit 4c113d8850dfc423e3dae2d2f90e7e9a9d42f0b0 from: Alexander Barton date: Wed Nov 19 18:11:39 2008 UTC New configuration option "NoIdent" to disable IDENT lookups The new configuration option "NoIdent" in ngircd.conf can be used to disable IDENT lookups even when the ngIRCd daemon is compiled with IDENT lookups enabled. commit - 3243d9ee441e9cd4338965bac7c2ed3b49a3c2dd commit + 4c113d8850dfc423e3dae2d2f90e7e9a9d42f0b0 blob - ff9a75d597ca29acadcc04da48a1bf4e141fc6dd blob + ededa60f9d6e8ded04f320639eff203725912fd3 --- ChangeLog +++ ChangeLog @@ -34,6 +34,8 @@ ngIRCd-dev - More tests have been added to the test-suite ("make check"), and two servers are started for testing server-server linking. - Added a timestamp to log messages to the console. + - New configuration option "NoIdent" to disable IDENT lookups even if the + daemon is compiled with IDENT support. ngIRCd 0.12.1 (2008-07-09) blob - 162d86ad9ebe1f3d0e2569e6fcc17c2768545f6e blob + 0d77f0a81570302b8a1530d0d5cf5e92d0f71849 --- NEWS +++ NEWS @@ -26,6 +26,8 @@ ngIRCd-dev In addition ngIRCd creates a "special" channel &SERVER on startup and logs all the messages to it that a user with mode +s receives. - New make target "osxpkg" to build a Mac OS X installer package. + - New configuration option "NoIdent" to disable IDENT lookups even if the + daemon is compiled with IDENT support. ngIRCd 0.12.1 (2008-07-09) blob - 459d51d4e1765054735c97430939f4178e8df61f blob + 1ccc90c6898557d8b90b96bfed3c2e28eaaf03e8 --- doc/sample-ngircd.conf +++ doc/sample-ngircd.conf @@ -122,6 +122,10 @@ # Don't do any DNS lookups when a client connects to the server. ;NoDNS = no + # Don't do any IDENT lookups, even if ngIRCd has been compiled + # with support for it. + ;NoIdent = no + # try to connect to other irc servers using ipv4 and ipv6, if possible ;ConnectIPv6 = yes ;ConnectIPv4 = yes blob - 14baf2090b6f3ee6f05ebba8ef386306efaa9f8c blob + 0848c36bffaa76aedd13a0faa6a5f0f6330b136f --- man/ngircd.conf.5.tmpl +++ man/ngircd.conf.5.tmpl @@ -178,11 +178,16 @@ the config file. Default: No. .TP \fBNoDNS\fR -If enabled, ngircd will not make DNS lookups when clients connect. +If set to true, ngircd will not make DNS lookups when clients connect. If you configure ngircd to connect to other servers, ngircd may still perform a DNS lookup if required. -Default: No. +Default: false. .TP +\fBNoIdent\fR +If ngircd is compiled with IDENT support this can be used to disable IDENT +lookups at run time. +Default: false. +.TP \fBConnectIPv4\fR Set this to no if you do not want ngircd to connect to other irc servers using ipv4. This allows use of ngircd in ipv6-only setups. blob - 97ecb10ff0176edf525a99b05e87eb1661942dcc blob + fe0593803f1344c67831e48de3496cafd74a76d1 --- src/ngircd/conf.c +++ src/ngircd/conf.c @@ -259,6 +259,7 @@ Conf_Test( void ) printf( " OperServerMode = %s\n", yesno_to_str(Conf_OperServerMode)); printf( " PredefChannelsOnly = %s\n", yesno_to_str(Conf_PredefChannelsOnly)); printf( " NoDNS = %s\n", yesno_to_str(Conf_NoDNS)); + printf( " NoIdent = %s\n", yesno_to_str(Conf_NoIdent)); #ifdef WANT_IPV6 printf(" ConnectIPv4 = %s\n", yesno_to_str(Conf_ConnectIPv6)); @@ -519,6 +520,7 @@ Set_Defaults( bool InitServers ) Conf_OperCanMode = false; Conf_NoDNS = false; + Conf_NoIdent = false; Conf_PredefChannelsOnly = false; Conf_OperServerMode = false; @@ -903,6 +905,19 @@ Handle_GLOBAL( int Line, char *Var, char *Arg ) Conf_NoDNS = Check_ArgIsTrue( Arg ); return; } + if (strcasecmp(Var, "NoIdent") == 0) { + /* don't do IDENT lookups when clients connect? */ + Conf_NoIdent = Check_ArgIsTrue(Arg); +#ifndef IDENTAUTH + if (!Conf_NoIdent) { + /* user has enabled ident lookups explicitly, but ... */ + Config_Error(LOG_WARNING, + "%s: line %d: NoIdent=False, but ngircd was built without IDENT support", + NGIRCd_ConfFile, Line); + } +#endif + return; + } #ifdef WANT_IPV6 /* the default setting for all the WANT_IPV6 special options is 'true' */ if( strcasecmp( Var, "ConnectIPv6" ) == 0 ) { blob - af489edfc02b64fc484fd7b31a2e0b1f3c2255ff blob + 5328465677c5939aa9718c03c5c0b24ab4846d3c --- src/ngircd/conf.h +++ src/ngircd/conf.h @@ -143,6 +143,9 @@ GLOBAL bool Conf_OperCanMode; /* Disable all DNS functions? */ GLOBAL bool Conf_NoDNS; +/* Disable IDENT lookups, even when compiled with support for it */ +GLOBAL bool Conf_NoIdent; + /* * try to connect to remote systems using the ipv6 protocol, * if they have an ipv6 address? (default yes) blob - f0a97f9cdddec0437f883d7f0716c24f4d6b9286 blob + b29ad7e353dbb5042d94db35f97798b0ef26bb07 --- src/ngircd/conn.c +++ src/ngircd/conn.c @@ -1167,7 +1167,7 @@ New_Connection( int Sock ) #endif ng_ipaddr_t new_addr; char ip_str[NG_INET_ADDRSTRLEN]; - int new_sock, new_sock_len; + int new_sock, new_sock_len, identsock; CLIENT *c; long cnt; @@ -1270,10 +1270,14 @@ New_Connection( int Sock ) Client_SetHostname(c, My_Connections[new_sock].host); + identsock = new_sock; +#ifdef IDENTAUTH + if (Conf_NoIdent) + identsock = -1; +#endif if (!Conf_NoDNS) Resolve_Addr(&My_Connections[new_sock].res_stat, &new_addr, - My_Connections[new_sock].sock, cb_Read_Resolver_Result); - + identsock, cb_Read_Resolver_Result); Conn_SetPenalty(new_sock, 4); return new_sock; } /* New_Connection */ blob - 1eb35dd84e55156c30cd29b9a72f097f18c9e10a blob + 999ef9906df241f3c3d195524df8fb86c1082907 --- src/ngircd/resolve.c +++ src/ngircd/resolve.c @@ -175,13 +175,12 @@ Do_IdentQuery(int identsock, array *resolved_addr) #ifdef IDENTAUTH char *res; - assert(identsock >= 0); + if (identsock < 0) + return; #ifdef DEBUG Log_Resolver(LOG_DEBUG, "Doing IDENT lookup on socket %d ...", identsock); #endif - if (identsock < 0) - return; res = ident_id( identsock, 10 ); #ifdef DEBUG Log_Resolver(LOG_DEBUG, "Ok, IDENT lookup on socket %d done: \"%s\"", blob - 299bf7ca2b1df0467dae95e82c4c7da62a4ee7c6 blob + a12873fb69105911a3579c323dd3c4281e1f9452 --- src/testsuite/ngircd-test1.conf +++ src/testsuite/ngircd-test1.conf @@ -10,6 +10,7 @@ MaxConnectionsIP = 0 OperCanUseMode = yes MaxJoins = 4 + NoIdent = yes [Operator] Name = TestOp blob - 3c2829bc80575125df63c1ffcff1e8ba2ea3aa19 blob + e6d1696bc6d861997663105590503fb9ac327e2e --- src/testsuite/ngircd-test2.conf +++ src/testsuite/ngircd-test2.conf @@ -10,6 +10,7 @@ MaxConnectionsIP = 0 OperCanUseMode = yes MaxJoins = 4 + NoIdent = yes [Operator] Name = TestOp