New configuration option "NoIdent" to disable IDENT lookups

The new configuration option "NoIdent" in ngircd.conf can be used to
disable IDENT lookups even when the ngIRCd daemon is compiled with IDENT
lookups enabled.

6 files changed, 29 insertions, 6 deletions

diff --git a/src/ngircd/conf.c b/src/ngircd/conf.c
index 97ecb10f..fe059380 100644
--- a/src/ngircd/conf.c
+++ b/src/ngircd/conf.c
@@ -259,6 +259,7 @@ Conf_Test( void )
 	printf( "  OperServerMode = %s\n", yesno_to_str(Conf_OperServerMode));
 	printf( "  PredefChannelsOnly = %s\n", yesno_to_str(Conf_PredefChannelsOnly));
 	printf( "  NoDNS = %s\n", yesno_to_str(Conf_NoDNS));
+	printf( "  NoIdent = %s\n", yesno_to_str(Conf_NoIdent));
 
 #ifdef WANT_IPV6
 	printf("  ConnectIPv4 = %s\n", yesno_to_str(Conf_ConnectIPv6));
@@ -519,6 +520,7 @@ Set_Defaults( bool InitServers )
 
 	Conf_OperCanMode = false;
 	Conf_NoDNS = false;
+	Conf_NoIdent = false;
 	Conf_PredefChannelsOnly = false;
 	Conf_OperServerMode = false;
 
@@ -903,6 +905,19 @@ Handle_GLOBAL( int Line, char *Var, char *Arg )
 		Conf_NoDNS = Check_ArgIsTrue( Arg );
 		return;
 	}
+	if (strcasecmp(Var, "NoIdent") == 0) {
+		/* don't do IDENT lookups when clients connect? */
+		Conf_NoIdent = Check_ArgIsTrue(Arg);
+#ifndef IDENTAUTH
+		if (!Conf_NoIdent) {
+			/* user has enabled ident lookups explicitly, but ... */
+			Config_Error(LOG_WARNING,
+				"%s: line %d: NoIdent=False, but ngircd was built without IDENT support",
+				NGIRCd_ConfFile, Line);
+		}
+#endif
+		return;
+	}
 #ifdef WANT_IPV6
 	/* the default setting for all the WANT_IPV6 special options is 'true' */
 	if( strcasecmp( Var, "ConnectIPv6" ) == 0 ) {
diff --git a/src/ngircd/conf.h b/src/ngircd/conf.h
index af489edf..53284656 100644
--- a/src/ngircd/conf.h
+++ b/src/ngircd/conf.h
@@ -143,6 +143,9 @@ GLOBAL bool Conf_OperCanMode;
 /* Disable all DNS functions? */
 GLOBAL bool Conf_NoDNS;
 
+/* Disable IDENT lookups, even when compiled with support for it */
+GLOBAL bool Conf_NoIdent;
+
 /*
  * try to connect to remote systems using the ipv6 protocol,
  * if they have an ipv6 address? (default yes)
diff --git a/src/ngircd/conn.c b/src/ngircd/conn.c
index f0a97f9c..b29ad7e3 100644
--- a/src/ngircd/conn.c
+++ b/src/ngircd/conn.c
@@ -1167,7 +1167,7 @@ New_Connection( int Sock )
 #endif
 	ng_ipaddr_t new_addr;
 	char ip_str[NG_INET_ADDRSTRLEN];
-	int new_sock, new_sock_len;
+	int new_sock, new_sock_len, identsock;
 	CLIENT *c;
 	long cnt;
 
@@ -1270,10 +1270,14 @@ New_Connection( int Sock )
 
 	Client_SetHostname(c, My_Connections[new_sock].host);
 
+	identsock = new_sock;
+#ifdef IDENTAUTH
+	if (Conf_NoIdent)
+		identsock = -1;
+#endif
 	if (!Conf_NoDNS)
 		Resolve_Addr(&My_Connections[new_sock].res_stat, &new_addr,
-			My_Connections[new_sock].sock, cb_Read_Resolver_Result);
-
+			     identsock, cb_Read_Resolver_Result);
 	Conn_SetPenalty(new_sock, 4);
 	return new_sock;
 } /* New_Connection */
diff --git a/src/ngircd/resolve.c b/src/ngircd/resolve.c
index 1eb35dd8..999ef990 100644
--- a/src/ngircd/resolve.c
+++ b/src/ngircd/resolve.c
@@ -175,13 +175,12 @@ Do_IdentQuery(int identsock, array *resolved_addr)
 #ifdef IDENTAUTH
 	char *res;
 
-	assert(identsock >= 0);
+	if (identsock < 0)
+		return;
 
 #ifdef DEBUG
 	Log_Resolver(LOG_DEBUG, "Doing IDENT lookup on socket %d ...", identsock);
 #endif
-	if (identsock < 0)
-		return;
 	res = ident_id( identsock, 10 );
 #ifdef DEBUG
 	Log_Resolver(LOG_DEBUG, "Ok, IDENT lookup on socket %d done: \"%s\"",
diff --git a/src/testsuite/ngircd-test1.conf b/src/testsuite/ngircd-test1.conf
index 299bf7ca..a12873fb 100644
--- a/src/testsuite/ngircd-test1.conf
+++ b/src/testsuite/ngircd-test1.conf
@@ -10,6 +10,7 @@
 	MaxConnectionsIP = 0
 	OperCanUseMode = yes
 	MaxJoins = 4
+	NoIdent = yes
 
 [Operator]
 	Name = TestOp
diff --git a/src/testsuite/ngircd-test2.conf b/src/testsuite/ngircd-test2.conf
index 3c2829bc..e6d1696b 100644
--- a/src/testsuite/ngircd-test2.conf
+++ b/src/testsuite/ngircd-test2.conf
@@ -10,6 +10,7 @@
 	MaxConnectionsIP = 0
 	OperCanUseMode = yes
 	MaxJoins = 4
+	NoIdent = yes
 
 [Operator]
 	Name = TestOp