New configuration option "NoIdent" to disable IDENT lookups

The new configuration option "NoIdent" in ngircd.conf can be used to
disable IDENT lookups even when the ngIRCd daemon is compiled with IDENT
lookups enabled.

ChangeLog

@@ -34,6 +34,8 @@ ngIRCd-dev
   - More tests have been added to the test-suite ("make check"), and two
     servers are started for testing server-server linking.
   - Added a timestamp to log messages to the console.
+  - New configuration option "NoIdent" to disable IDENT lookups even if the
+    daemon is compiled with IDENT support.
 
 ngIRCd 0.12.1 (2008-07-09)
 

NEWS

@@ -26,6 +26,8 @@ ngIRCd-dev
     In addition ngIRCd creates a "special" channel &SERVER on startup and logs
     all the messages to it that a user with mode +s receives.
   - New make target "osxpkg" to build a Mac OS X installer package.
+  - New configuration option "NoIdent" to disable IDENT lookups even if the
+    daemon is compiled with IDENT support.
 
 ngIRCd 0.12.1 (2008-07-09)
 

doc/sample-ngircd.conf

@@ -122,6 +122,10 @@
 	# Don't do any DNS lookups when a client connects to the server.
 	;NoDNS = no
 
+	# Don't do any IDENT lookups, even if ngIRCd has been compiled
+	# with support for it.
+	;NoIdent = no
+
 	# try to connect to other irc servers using ipv4 and ipv6, if possible
 	;ConnectIPv6 = yes
 	;ConnectIPv4 = yes

man/ngircd.conf.5.tmpl

@@ -178,10 +178,15 @@ the config file.
 Default: No.
 .TP
 \fBNoDNS\fR
-If enabled, ngircd will not make DNS lookups when clients connect.
+If set to true, ngircd will not make DNS lookups when clients connect.
 If you configure ngircd to connect to other servers, ngircd may still
 perform a DNS lookup if required.
-Default: No.
+Default: false.
+.TP
+\fBNoIdent\fR
+If ngircd is compiled with IDENT support this can be used to disable IDENT
+lookups at run time.
+Default: false.
 .TP
 \fBConnectIPv4\fR
 Set this to no if you do not want ngircd to connect to other irc servers using ipv4.

src/ngircd/conf.c

@@ -259,6 +259,7 @@ Conf_Test( void )
 	printf( "  OperServerMode = %s\n", yesno_to_str(Conf_OperServerMode));
 	printf( "  PredefChannelsOnly = %s\n", yesno_to_str(Conf_PredefChannelsOnly));
 	printf( "  NoDNS = %s\n", yesno_to_str(Conf_NoDNS));
+	printf( "  NoIdent = %s\n", yesno_to_str(Conf_NoIdent));
 
 #ifdef WANT_IPV6
 	printf("  ConnectIPv4 = %s\n", yesno_to_str(Conf_ConnectIPv6));
@@ -519,6 +520,7 @@ Set_Defaults( bool InitServers )
 
 	Conf_OperCanMode = false;
 	Conf_NoDNS = false;
+	Conf_NoIdent = false;
 	Conf_PredefChannelsOnly = false;
 	Conf_OperServerMode = false;
 
@@ -903,6 +905,19 @@ Handle_GLOBAL( int Line, char *Var, char *Arg )
 		Conf_NoDNS = Check_ArgIsTrue( Arg );
 		return;
 	}
+	if (strcasecmp(Var, "NoIdent") == 0) {
+		/* don't do IDENT lookups when clients connect? */
+		Conf_NoIdent = Check_ArgIsTrue(Arg);
+#ifndef IDENTAUTH
+		if (!Conf_NoIdent) {
+			/* user has enabled ident lookups explicitly, but ... */
+			Config_Error(LOG_WARNING,
+				"%s: line %d: NoIdent=False, but ngircd was built without IDENT support",
+				NGIRCd_ConfFile, Line);
+		}
+#endif
+		return;
+	}
 #ifdef WANT_IPV6
 	/* the default setting for all the WANT_IPV6 special options is 'true' */
 	if( strcasecmp( Var, "ConnectIPv6" ) == 0 ) {

src/ngircd/conf.h

@@ -143,6 +143,9 @@ GLOBAL bool Conf_OperCanMode;
 /* Disable all DNS functions? */
 GLOBAL bool Conf_NoDNS;
 
+/* Disable IDENT lookups, even when compiled with support for it */
+GLOBAL bool Conf_NoIdent;
+
 /*
  * try to connect to remote systems using the ipv6 protocol,
  * if they have an ipv6 address? (default yes)

src/ngircd/conn.c

@@ -1167,7 +1167,7 @@ New_Connection( int Sock )
 #endif
 	ng_ipaddr_t new_addr;
 	char ip_str[NG_INET_ADDRSTRLEN];
-	int new_sock, new_sock_len;
+	int new_sock, new_sock_len, identsock;
 	CLIENT *c;
 	long cnt;
 
@@ -1270,10 +1270,14 @@ New_Connection( int Sock )
 
 	Client_SetHostname(c, My_Connections[new_sock].host);
 
+	identsock = new_sock;
+#ifdef IDENTAUTH
+	if (Conf_NoIdent)
+		identsock = -1;
+#endif
 	if (!Conf_NoDNS)
 		Resolve_Addr(&My_Connections[new_sock].res_stat, &new_addr,
-			My_Connections[new_sock].sock, cb_Read_Resolver_Result);
-
+			     identsock, cb_Read_Resolver_Result);
 	Conn_SetPenalty(new_sock, 4);
 	return new_sock;
 } /* New_Connection */

src/ngircd/resolve.c

@@ -175,13 +175,12 @@ Do_IdentQuery(int identsock, array *resolved_addr)
 #ifdef IDENTAUTH
 	char *res;
 
-	assert(identsock >= 0);
+	if (identsock < 0)
+		return;
 
 #ifdef DEBUG
 	Log_Resolver(LOG_DEBUG, "Doing IDENT lookup on socket %d ...", identsock);
 #endif
-	if (identsock < 0)
-		return;
 	res = ident_id( identsock, 10 );
 #ifdef DEBUG
 	Log_Resolver(LOG_DEBUG, "Ok, IDENT lookup on socket %d done: \"%s\"",

src/testsuite/ngircd-test1.conf

@@ -10,6 +10,7 @@
 	MaxConnectionsIP = 0
 	OperCanUseMode = yes
 	MaxJoins = 4
+	NoIdent = yes
 
 [Operator]
 	Name = TestOp

src/testsuite/ngircd-test2.conf

@@ -10,6 +10,7 @@
 	MaxConnectionsIP = 0
 	OperCanUseMode = yes
 	MaxJoins = 4
+	NoIdent = yes
 
 [Operator]
 	Name = TestOp