6 files changed, 29 insertions, 6 deletions

diff --git a/src/ngircd/conf.c b/src/ngircd/conf.c
index 97ecb10f..fe059380 100644
--- a/src/ngircd/conf.c
+++ b/src/ngircd/conf.c
@@ -259,6 +259,7 @@ Conf_Test( void )
 	printf( "  OperServerMode = %s\n", yesno_to_str(Conf_OperServerMode));
 	printf( "  PredefChannelsOnly = %s\n", yesno_to_str(Conf_PredefChannelsOnly));
 	printf( "  NoDNS = %s\n", yesno_to_str(Conf_NoDNS));
+	printf( "  NoIdent = %s\n", yesno_to_str(Conf_NoIdent));
 
 #ifdef WANT_IPV6
 	printf("  ConnectIPv4 = %s\n", yesno_to_str(Conf_ConnectIPv6));
@@ -519,6 +520,7 @@ Set_Defaults( bool InitServers )
 
 	Conf_OperCanMode = false;
 	Conf_NoDNS = false;
+	Conf_NoIdent = false;
 	Conf_PredefChannelsOnly = false;
 	Conf_OperServerMode = false;
 
@@ -903,6 +905,19 @@ Handle_GLOBAL( int Line, char *Var, char *Arg )
 		Conf_NoDNS = Check_ArgIsTrue( Arg );
 		return;
 	}
+	if (strcasecmp(Var, "NoIdent") == 0) {
+		/* don't do IDENT lookups when clients connect? */
+		Conf_NoIdent = Check_ArgIsTrue(Arg);
+#ifndef IDENTAUTH
+		if (!Conf_NoIdent) {
+			/* user has enabled ident lookups explicitly, but ... */
+			Config_Error(LOG_WARNING,
+				"%s: line %d: NoIdent=False, but ngircd was built without IDENT support",
+				NGIRCd_ConfFile, Line);
+		}
+#endif
+		return;
+	}
 #ifdef WANT_IPV6
 	/* the default setting for all the WANT_IPV6 special options is 'true' */
 	if( strcasecmp( Var, "ConnectIPv6" ) == 0 ) {
diff --git a/src/ngircd/conf.h b/src/ngircd/conf.h
index af489edf..53284656 100644
--- a/src/ngircd/conf.h
+++ b/src/ngircd/conf.h
@@ -143,6 +143,9 @@ GLOBAL bool Conf_OperCanMode;
 /* Disable all DNS functions? */
 GLOBAL bool Conf_NoDNS;
 
+/* Disable IDENT lookups, even when compiled with support for it */
+GLOBAL bool Conf_NoIdent;
+
 /*
  * try to connect to remote systems using the ipv6 protocol,
  * if they have an ipv6 address? (default yes)
diff --git a/src/ngircd/conn.c b/src/ngircd/conn.c
index f0a97f9c..b29ad7e3 100644
--- a/src/ngircd/conn.c
+++ b/src/ngircd/conn.c
@@ -1167,7 +1167,7 @@ New_Connection( int Sock )
 #endif
 	ng_ipaddr_t new_addr;
 	char ip_str[NG_INET_ADDRSTRLEN];
-	int new_sock, new_sock_len;
+	int new_sock, new_sock_len, identsock;
 	CLIENT *c;
 	long cnt;
 
@@ -1270,10 +1270,14 @@ New_Connection( int Sock )
 
 	Client_SetHostname(c, My_Connections[new_sock].host);
 
+	identsock = new_sock;
+#ifdef IDENTAUTH
+	if (Conf_NoIdent)
+		identsock = -1;
+#endif
 	if (!Conf_NoDNS)
 		Resolve_Addr(&My_Connections[new_sock].res_stat, &new_addr,
-			My_Connections[new_sock].sock, cb_Read_Resolver_Result);
-
+			     identsock, cb_Read_Resolver_Result);
 	Conn_SetPenalty(new_sock, 4);
 	return new_sock;
 } /* New_Connection */
diff --git a/src/ngircd/resolve.c b/src/ngircd/resolve.c
index 1eb35dd8..999ef990 100644
--- a/src/ngircd/resolve.c
+++ b/src/ngircd/resolve.c
@@ -175,13 +175,12 @@ Do_IdentQuery(int identsock, array *resolved_addr)
 #ifdef IDENTAUTH
 	char *res;
 
-	assert(identsock >= 0);
+	if (identsock < 0)
+		return;
 
 #ifdef DEBUG
 	Log_Resolver(LOG_DEBUG, "Doing IDENT lookup on socket %d ...", identsock);
 #endif
-	if (identsock < 0)
-		return;
 	res = ident_id( identsock, 10 );
 #ifdef DEBUG
 	Log_Resolver(LOG_DEBUG, "Ok, IDENT lookup on socket %d done: \"%s\"",
diff --git a/src/testsuite/ngircd-test1.conf b/src/testsuite/ngircd-test1.conf
index 299bf7ca..a12873fb 100644
--- a/src/testsuite/ngircd-test1.conf
+++ b/src/testsuite/ngircd-test1.conf
@@ -10,6 +10,7 @@
 	MaxConnectionsIP = 0
 	OperCanUseMode = yes
 	MaxJoins = 4
+	NoIdent = yes
 
 [Operator]
 	Name = TestOp
diff --git a/src/testsuite/ngircd-test2.conf b/src/testsuite/ngircd-test2.conf
index 3c2829bc..e6d1696b 100644
--- a/src/testsuite/ngircd-test2.conf
+++ b/src/testsuite/ngircd-test2.conf
@@ -10,6 +10,7 @@
 	MaxConnectionsIP = 0
 	OperCanUseMode = yes
 	MaxJoins = 4
+	NoIdent = yes
 
 [Operator]
 	Name = TestOp