diff --git a/ChangeLog b/ChangeLog index ff9a75d5..ededa60f 100644 --- a/ChangeLog +++ b/ChangeLog @@ -34,6 +34,8 @@ ngIRCd-dev - More tests have been added to the test-suite ("make check"), and two servers are started for testing server-server linking. - Added a timestamp to log messages to the console. + - New configuration option "NoIdent" to disable IDENT lookups even if the + daemon is compiled with IDENT support. ngIRCd 0.12.1 (2008-07-09) diff --git a/NEWS b/NEWS index 162d86ad..0d77f0a8 100644 --- a/NEWS +++ b/NEWS @@ -26,6 +26,8 @@ ngIRCd-dev In addition ngIRCd creates a "special" channel &SERVER on startup and logs all the messages to it that a user with mode +s receives. - New make target "osxpkg" to build a Mac OS X installer package. + - New configuration option "NoIdent" to disable IDENT lookups even if the + daemon is compiled with IDENT support. ngIRCd 0.12.1 (2008-07-09) diff --git a/doc/sample-ngircd.conf b/doc/sample-ngircd.conf index 459d51d4..1ccc90c6 100644 --- a/doc/sample-ngircd.conf +++ b/doc/sample-ngircd.conf @@ -122,6 +122,10 @@ # Don't do any DNS lookups when a client connects to the server. ;NoDNS = no + # Don't do any IDENT lookups, even if ngIRCd has been compiled + # with support for it. + ;NoIdent = no + # try to connect to other irc servers using ipv4 and ipv6, if possible ;ConnectIPv6 = yes ;ConnectIPv4 = yes diff --git a/man/ngircd.conf.5.tmpl b/man/ngircd.conf.5.tmpl index 14baf209..0848c36b 100644 --- a/man/ngircd.conf.5.tmpl +++ b/man/ngircd.conf.5.tmpl @@ -178,10 +178,15 @@ the config file. Default: No. .TP \fBNoDNS\fR -If enabled, ngircd will not make DNS lookups when clients connect. +If set to true, ngircd will not make DNS lookups when clients connect. If you configure ngircd to connect to other servers, ngircd may still perform a DNS lookup if required. -Default: No. +Default: false. +.TP +\fBNoIdent\fR +If ngircd is compiled with IDENT support this can be used to disable IDENT +lookups at run time. +Default: false. .TP \fBConnectIPv4\fR Set this to no if you do not want ngircd to connect to other irc servers using ipv4. diff --git a/src/ngircd/conf.c b/src/ngircd/conf.c index 97ecb10f..fe059380 100644 --- a/src/ngircd/conf.c +++ b/src/ngircd/conf.c @@ -259,6 +259,7 @@ Conf_Test( void ) printf( " OperServerMode = %s\n", yesno_to_str(Conf_OperServerMode)); printf( " PredefChannelsOnly = %s\n", yesno_to_str(Conf_PredefChannelsOnly)); printf( " NoDNS = %s\n", yesno_to_str(Conf_NoDNS)); + printf( " NoIdent = %s\n", yesno_to_str(Conf_NoIdent)); #ifdef WANT_IPV6 printf(" ConnectIPv4 = %s\n", yesno_to_str(Conf_ConnectIPv6)); @@ -519,6 +520,7 @@ Set_Defaults( bool InitServers ) Conf_OperCanMode = false; Conf_NoDNS = false; + Conf_NoIdent = false; Conf_PredefChannelsOnly = false; Conf_OperServerMode = false; @@ -903,6 +905,19 @@ Handle_GLOBAL( int Line, char *Var, char *Arg ) Conf_NoDNS = Check_ArgIsTrue( Arg ); return; } + if (strcasecmp(Var, "NoIdent") == 0) { + /* don't do IDENT lookups when clients connect? */ + Conf_NoIdent = Check_ArgIsTrue(Arg); +#ifndef IDENTAUTH + if (!Conf_NoIdent) { + /* user has enabled ident lookups explicitly, but ... */ + Config_Error(LOG_WARNING, + "%s: line %d: NoIdent=False, but ngircd was built without IDENT support", + NGIRCd_ConfFile, Line); + } +#endif + return; + } #ifdef WANT_IPV6 /* the default setting for all the WANT_IPV6 special options is 'true' */ if( strcasecmp( Var, "ConnectIPv6" ) == 0 ) { diff --git a/src/ngircd/conf.h b/src/ngircd/conf.h index af489edf..53284656 100644 --- a/src/ngircd/conf.h +++ b/src/ngircd/conf.h @@ -143,6 +143,9 @@ GLOBAL bool Conf_OperCanMode; /* Disable all DNS functions? */ GLOBAL bool Conf_NoDNS; +/* Disable IDENT lookups, even when compiled with support for it */ +GLOBAL bool Conf_NoIdent; + /* * try to connect to remote systems using the ipv6 protocol, * if they have an ipv6 address? (default yes) diff --git a/src/ngircd/conn.c b/src/ngircd/conn.c index f0a97f9c..b29ad7e3 100644 --- a/src/ngircd/conn.c +++ b/src/ngircd/conn.c @@ -1167,7 +1167,7 @@ New_Connection( int Sock ) #endif ng_ipaddr_t new_addr; char ip_str[NG_INET_ADDRSTRLEN]; - int new_sock, new_sock_len; + int new_sock, new_sock_len, identsock; CLIENT *c; long cnt; @@ -1270,10 +1270,14 @@ New_Connection( int Sock ) Client_SetHostname(c, My_Connections[new_sock].host); + identsock = new_sock; +#ifdef IDENTAUTH + if (Conf_NoIdent) + identsock = -1; +#endif if (!Conf_NoDNS) Resolve_Addr(&My_Connections[new_sock].res_stat, &new_addr, - My_Connections[new_sock].sock, cb_Read_Resolver_Result); - + identsock, cb_Read_Resolver_Result); Conn_SetPenalty(new_sock, 4); return new_sock; } /* New_Connection */ diff --git a/src/ngircd/resolve.c b/src/ngircd/resolve.c index 1eb35dd8..999ef990 100644 --- a/src/ngircd/resolve.c +++ b/src/ngircd/resolve.c @@ -175,13 +175,12 @@ Do_IdentQuery(int identsock, array *resolved_addr) #ifdef IDENTAUTH char *res; - assert(identsock >= 0); + if (identsock < 0) + return; #ifdef DEBUG Log_Resolver(LOG_DEBUG, "Doing IDENT lookup on socket %d ...", identsock); #endif - if (identsock < 0) - return; res = ident_id( identsock, 10 ); #ifdef DEBUG Log_Resolver(LOG_DEBUG, "Ok, IDENT lookup on socket %d done: \"%s\"", diff --git a/src/testsuite/ngircd-test1.conf b/src/testsuite/ngircd-test1.conf index 299bf7ca..a12873fb 100644 --- a/src/testsuite/ngircd-test1.conf +++ b/src/testsuite/ngircd-test1.conf @@ -10,6 +10,7 @@ MaxConnectionsIP = 0 OperCanUseMode = yes MaxJoins = 4 + NoIdent = yes [Operator] Name = TestOp diff --git a/src/testsuite/ngircd-test2.conf b/src/testsuite/ngircd-test2.conf index 3c2829bc..e6d1696b 100644 --- a/src/testsuite/ngircd-test2.conf +++ b/src/testsuite/ngircd-test2.conf @@ -10,6 +10,7 @@ MaxConnectionsIP = 0 OperCanUseMode = yes MaxJoins = 4 + NoIdent = yes [Operator] Name = TestOp