summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--usr.sbin/identd/identd.812
-rw-r--r--usr.sbin/identd/identd.c66
2 files changed, 66 insertions, 12 deletions
diff --git a/usr.sbin/identd/identd.8 b/usr.sbin/identd/identd.8
index 9f340e88494..b3628f784cc 100644
--- a/usr.sbin/identd/identd.8
+++ b/usr.sbin/identd/identd.8
@@ -1,4 +1,4 @@
-.\" $OpenBSD: identd.8,v 1.3 2013/03/18 17:09:11 jmc Exp $
+.\" $OpenBSD: identd.8,v 1.4 2013/04/23 01:46:39 dlg Exp $
.\"
.\" Copyright (c) 2013 David Gwynne <dlg@openbsd.org>
.\"
@@ -14,7 +14,7 @@
.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
.\"
-.Dd $Mdocdate: March 18 2013 $
+.Dd $Mdocdate: April 23 2013 $
.Dt IDENTD 8
.Os
.Sh NAME
@@ -56,6 +56,14 @@ Listen on the specified address.
By default
.Nm
listens on wildcard addresses.
+.It Fl N
+When replying with a user name or ID, first
+check for a file
+.Pa .noident
+in the user's home directory.
+If this file is accessible, return
+.Dq HIDDEN-USER
+instead of the normal USERID response.
.It Fl p Ar port
Listen on the specified port.
By default
diff --git a/usr.sbin/identd/identd.c b/usr.sbin/identd/identd.c
index 6201e98bf9e..da77274b927 100644
--- a/usr.sbin/identd/identd.c
+++ b/usr.sbin/identd/identd.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: identd.c,v 1.10 2013/04/22 05:08:46 dlg Exp $ */
+/* $OpenBSD: identd.c,v 1.11 2013/04/23 01:46:39 dlg Exp $ */
/*
* Copyright (c) 2013 David Gwynne <dlg@openbsd.org>
@@ -35,6 +35,7 @@
#include <ctype.h>
#include <errno.h>
#include <event.h>
+#include <fcntl.h>
#include <pwd.h>
#include <stdio.h>
#include <stdlib.h>
@@ -44,6 +45,8 @@
#define IDENTD_USER "_identd"
+#define DOTNOIDENT ".noident"
+
#define TIMEOUT_MIN 4
#define TIMEOUT_MAX 240
#define TIMEOUT_DEFAULT 120
@@ -101,6 +104,7 @@ struct identd_listener {
void parent_rd(int, short, void *);
void parent_wr(int, short, void *);
+void parent_noident(struct ident_resolver *, struct passwd *);
void child_rd(int, short, void *);
void child_wr(int, short, void *);
@@ -178,6 +182,7 @@ usage(void)
struct timeval timeout = { TIMEOUT_DEFAULT, 0 };
int debug = 0;
+int noident = 0;
int on = 1;
struct event proc_rd, proc_wr;
@@ -207,7 +212,7 @@ main(int argc, char *argv[])
pid_t parent;
int sibling;
- while ((c = getopt(argc, argv, "46dl:p:t:")) != -1) {
+ while ((c = getopt(argc, argv, "46dl:Np:t:")) != -1) {
switch (c) {
case '4':
family = AF_INET;
@@ -221,6 +226,9 @@ main(int argc, char *argv[])
case 'l':
addr = optarg;
break;
+ case 'N':
+ noident = 1;
+ break;
case 'p':
port = optarg;
break;
@@ -355,21 +363,59 @@ parent_rd(int fd, short events, void *arg)
pw = getpwuid(uid);
if (pw == NULL) {
r->error = E_NOUSER;
- } else {
- n = asprintf(&r->buf, "%s", pw->pw_name);
- if (n == -1)
- r->error = E_UNKNOWN;
- else {
- r->error = E_NONE;
- r->buflen = n;
- }
+ goto done;
+ }
+
+ if (noident) {
+ parent_noident(r, pw);
+ if (r->error != E_NONE)
+ goto done;
}
+ n = asprintf(&r->buf, "%s", pw->pw_name);
+ if (n == -1) {
+ r->error = E_UNKNOWN;
+ goto done;
+ }
+
+ r->buflen = n;
+
+done:
SIMPLEQ_INSERT_TAIL(&sc.parent.replies, r, entry);
event_add(&proc_wr, NULL);
}
void
+parent_noident(struct ident_resolver *r, struct passwd *pw)
+{
+ char path[MAXPATHLEN];
+ int fd;
+ int rv;
+
+ rv = snprintf(path, sizeof(path), "%s/%s", pw->pw_dir, DOTNOIDENT);
+ if (rv == -1 || rv >= sizeof(path)) {
+ r->error = E_UNKNOWN;
+ return;
+ }
+
+ fd = open(path, O_RDONLY, 0);
+ if (fd == -1) {
+ switch (errno) {
+ case ENOENT:
+ case EACCES:
+ return; /* not an error */
+ default:
+ r->error = E_UNKNOWN;
+ return;
+ }
+ }
+
+ close(fd);
+
+ r->error = E_HIDDEN;
+}
+
+void
parent_wr(int fd, short events, void *arg)
{
struct ident_resolver *r = SIMPLEQ_FIRST(&sc.parent.replies);