diff options
-rw-r--r-- | usr.sbin/identd/identd.8 | 12 | ||||
-rw-r--r-- | usr.sbin/identd/identd.c | 66 |
2 files changed, 66 insertions, 12 deletions
diff --git a/usr.sbin/identd/identd.8 b/usr.sbin/identd/identd.8 index 9f340e88494..b3628f784cc 100644 --- a/usr.sbin/identd/identd.8 +++ b/usr.sbin/identd/identd.8 @@ -1,4 +1,4 @@ -.\" $OpenBSD: identd.8,v 1.3 2013/03/18 17:09:11 jmc Exp $ +.\" $OpenBSD: identd.8,v 1.4 2013/04/23 01:46:39 dlg Exp $ .\" .\" Copyright (c) 2013 David Gwynne <dlg@openbsd.org> .\" @@ -14,7 +14,7 @@ .\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. .\" -.Dd $Mdocdate: March 18 2013 $ +.Dd $Mdocdate: April 23 2013 $ .Dt IDENTD 8 .Os .Sh NAME @@ -56,6 +56,14 @@ Listen on the specified address. By default .Nm listens on wildcard addresses. +.It Fl N +When replying with a user name or ID, first +check for a file +.Pa .noident +in the user's home directory. +If this file is accessible, return +.Dq HIDDEN-USER +instead of the normal USERID response. .It Fl p Ar port Listen on the specified port. By default diff --git a/usr.sbin/identd/identd.c b/usr.sbin/identd/identd.c index 6201e98bf9e..da77274b927 100644 --- a/usr.sbin/identd/identd.c +++ b/usr.sbin/identd/identd.c @@ -1,4 +1,4 @@ -/* $OpenBSD: identd.c,v 1.10 2013/04/22 05:08:46 dlg Exp $ */ +/* $OpenBSD: identd.c,v 1.11 2013/04/23 01:46:39 dlg Exp $ */ /* * Copyright (c) 2013 David Gwynne <dlg@openbsd.org> @@ -35,6 +35,7 @@ #include <ctype.h> #include <errno.h> #include <event.h> +#include <fcntl.h> #include <pwd.h> #include <stdio.h> #include <stdlib.h> @@ -44,6 +45,8 @@ #define IDENTD_USER "_identd" +#define DOTNOIDENT ".noident" + #define TIMEOUT_MIN 4 #define TIMEOUT_MAX 240 #define TIMEOUT_DEFAULT 120 @@ -101,6 +104,7 @@ struct identd_listener { void parent_rd(int, short, void *); void parent_wr(int, short, void *); +void parent_noident(struct ident_resolver *, struct passwd *); void child_rd(int, short, void *); void child_wr(int, short, void *); @@ -178,6 +182,7 @@ usage(void) struct timeval timeout = { TIMEOUT_DEFAULT, 0 }; int debug = 0; +int noident = 0; int on = 1; struct event proc_rd, proc_wr; @@ -207,7 +212,7 @@ main(int argc, char *argv[]) pid_t parent; int sibling; - while ((c = getopt(argc, argv, "46dl:p:t:")) != -1) { + while ((c = getopt(argc, argv, "46dl:Np:t:")) != -1) { switch (c) { case '4': family = AF_INET; @@ -221,6 +226,9 @@ main(int argc, char *argv[]) case 'l': addr = optarg; break; + case 'N': + noident = 1; + break; case 'p': port = optarg; break; @@ -355,21 +363,59 @@ parent_rd(int fd, short events, void *arg) pw = getpwuid(uid); if (pw == NULL) { r->error = E_NOUSER; - } else { - n = asprintf(&r->buf, "%s", pw->pw_name); - if (n == -1) - r->error = E_UNKNOWN; - else { - r->error = E_NONE; - r->buflen = n; - } + goto done; + } + + if (noident) { + parent_noident(r, pw); + if (r->error != E_NONE) + goto done; } + n = asprintf(&r->buf, "%s", pw->pw_name); + if (n == -1) { + r->error = E_UNKNOWN; + goto done; + } + + r->buflen = n; + +done: SIMPLEQ_INSERT_TAIL(&sc.parent.replies, r, entry); event_add(&proc_wr, NULL); } void +parent_noident(struct ident_resolver *r, struct passwd *pw) +{ + char path[MAXPATHLEN]; + int fd; + int rv; + + rv = snprintf(path, sizeof(path), "%s/%s", pw->pw_dir, DOTNOIDENT); + if (rv == -1 || rv >= sizeof(path)) { + r->error = E_UNKNOWN; + return; + } + + fd = open(path, O_RDONLY, 0); + if (fd == -1) { + switch (errno) { + case ENOENT: + case EACCES: + return; /* not an error */ + default: + r->error = E_UNKNOWN; + return; + } + } + + close(fd); + + r->error = E_HIDDEN; +} + +void parent_wr(int fd, short events, void *arg) { struct ident_resolver *r = SIMPLEQ_FIRST(&sc.parent.replies); |