Skip to content
Permalink
Browse files

Add oident and builtin ident support as module

Patch by: michaelortmann
Fixes: #259

This commit adds oident integration support and a built-in ident server via the ident module. oident is a separate ident service not maintained by eggdrop. The built-in ident server binds/opens only during a connect to an IRC server.

* Add oident support
* add Makefile
* misc/makedepend
* First hack at docs
* Add partyline help
* First hack at custom port
* add ident-port to eggdrop.conf, fix unload ident segfault, fix open and close of socket, change license from MIT to GPL
* doc updates
* Add debug messages
* after response, dont wait for 001, but stop ident server on spot; cleanup redundant code
  • Loading branch information...
michaelortmann authored and vanosg committed Jul 3, 2019
1 parent 5445dd0 commit 5d725fb7fea3e20ec4122ca69bc43870f0914971
@@ -0,0 +1,71 @@
Last revised: June 27, 2019

.. _notes:

============
Ident Module
============

This module adds Eggdrop support for the externally-provided oident
service, or alternatively the ability for Eggdrop to act as its own ident
daemon.

Traditionally, an IRC server queries port 113 on an irc client's host to
determine the ident for the client. The client's host normally replies with
the username of the account. If the host machine is running oident as its
ident service, Eggdrop can now interact with oident to instead reply with
a custom ident specified by Eggdrop (oidentd is an external service not
specific to Eggdrop nor maintained by Eggheads developers, thus no support
for it can be given).

Alternatively, this module can also allow Eggdrop to act as its own ident
daemon, answering queries from the IRC server directly. While this option
may be of use to a very specific group of people, it requires additional
external configuration via root access. Because most modern OSs do not allow
user-level programs to bind to port 113, required by this option, a user must
either:
- Allow Eggdrop to bind to ports <1024 via the command:
'sudo setcap "cap_net_bind_service=+ep" /path/to/eggdrop'
Warning: this will allow Eggdrop to *any* port below 1024, potentially
allowing a user to impersonate a standard system service with Eggdrop
- Use iptables to re-route ident queries destined for port 113 to a
>1024 port that Eggdrop can bind to, for example by running:
'sudo iptables -t nat -A PREROUTING -i eth0 -p tcp --dport \
113 -j REDIRECT --to-port <ident port in config>'

Additionally, using Eggdrop as a built-in ident daemon can cause issues
when running multiple bots from the same account. The ident server is only
activated and bound to the configured ident port while Eggdrop is connecting
to an IRC server, but only one Eggdrop can bind to port 113 at a time. If
multiple bots were to start at the same time, such as after a netsplit or host
reboot, only one bot can bind to port 113 at a time, creating ident conflicts.
Thus, this option is best suited for single-bot environments.

This module requires:
- oident to be running on your shell host, configured to allow user
spoofing, for the oidentd method.

Put this line into your Eggdrop configuration file to load the ident
module::

loadmodule ident

There are also some variables you can set in your config file:

set ident-method 0
This sets which ident method you wish to use:
0 = oidentd / Your bot will overwrite $HOME/.oidentd.conf right before
opening the socket to the IRC server with the global reply.
1 = Builtin / Your bot will automatically turn its builtin identd on and
off when needed so it shouldn't conflict with other identds that do the
same. Ident port 113 is normally restricted to privileged processes on
UNIX systems.

set ident-port 113
This sets the port which port Eggdrop will attempt to bind to for option 1
of ident-method. Most OSs do not allow non-privileged programs such as
Eggdrop to bind to ports <1024; please read the beginning of this document
for potential ways to implement this setting.


Copyright (C) 2019 - 2019 Eggheads Development Team
@@ -35,6 +35,7 @@ loadmodule console ; # Console setting storage
#loadmodule seen ; # Basic seen functionality
#loadmodule assoc ; # Party line channel naming
loadmodule uptime ; # Centralized uptime stat collection (http://uptime.eggheads.org)
#loadmodule ident ; # Ident support


##### BASIC SETTINGS #####
@@ -52,8 +53,9 @@ set altnick "Llamab?t"
## This can not be blank, it has to contain something.
set realname "/msg LamestBot hello"

## This setting defines the username the bot uses on IRC. This setting has
## no effect if an ident daemon is running on your bot's machine.
## This setting defines the username the bot uses on IRC. This setting has no
## effect if an ident daemon is running on your bot's machine. See also ident
## module.
set username "lamest"

# Specify here the filename Eggdrop will save its pid to. If no pidfile is
@@ -19,8 +19,9 @@

##### BASIC SETTINGS #####

# This setting defines the username the bot uses on IRC. This setting has
# no effect if an ident daemon is running on your bot's machine.
# This setting defines the username the bot uses on IRC. This setting has no
# effect if an ident daemon is running on your bot's machine. See also ident
# module.
set username "lamest"

# This setting defines which contact person should be shown in .status,
@@ -1150,6 +1151,7 @@ set stack-limit 4
# is 32.
#set nick-len 9


#### CTCP MODULE ####

# This module provides the normal ctcp replies that you'd expect.
@@ -1469,6 +1471,7 @@ die "You didn't edit your config file completely like you were told, did you?"
# This next line checks if eggdrop is being executed from the source directory
if {[file exists aclocal.m4]} { die {You are attempting to run Eggdrop from the source directory. Please finish installing Eggdrop by running "make install" and run it from the install location.} }


#### CONSOLE MODULE ####

# This module provides storage of console settings when you exit the
@@ -1525,6 +1528,33 @@ set info-party 0
# information to be sent, comment out the following line.
loadmodule uptime


#### IDENT MODULE ####

# This module adds Eggdrop support for the externally-provided oident
# service, or alternatively the ability for Eggdrop to act as its own ident
# daemon. Please read the docs at doc/settings/mod.ident for additional
# information on correctly configuring this section. If you don't know
# what ident or oident are, it is safe to leave this section commented.
#loadmodule ident

# Set the ident method you wish to use. Each of these methods requires
# some form of external configuration in order to function. See
# doc/settings/mod.ident for additional information.
# 0: oidentd
# Your bot will overwrite $HOME/.oidentd.conf right before opening the
# socket to the IRC server with the global reply.
# NOTE: requires the oidentd service to be running on the host machine
# 1: Builtin
# Your bot will automatically turn its builtin identd on and off when
# needed so it shouldn't conflict with other identds that do the same.
# NOTE: Eggdrop must be granted permissions on the host system to bind
# to port 113.
#set ident-method 0

# Set the ident port to use for ident-method 1.
#set ident-port 113

##### SCRIPTS #####

# This is a good place to load scripts to use with your bot.
@@ -116,6 +116,7 @@ mv tmpdocs/faq.txt $BASEDIR/../doc/FAQ
mv tmpdocs/features.txt $BASEDIR/../FEATURES
mv tmpdocs/filesys.txt $BASEDIR/../doc/settings/mod.filesys
mv tmpdocs/first-script.txt $BASEDIR/../doc/FIRST-SCRIPT
mv tmpdocs/ident.txt $BASEDIR/../doc/settings/mod.ident
mv tmpdocs/install.txt $BASEDIR/../INSTALL
mv tmpdocs/ipv6.txt $BASEDIR/../doc/IPV6
mv tmpdocs/irc.txt $BASEDIR/../doc/settings/mod.irc
@@ -52,6 +52,7 @@
#define CHANNELLEN 80 /* FIXME see issue #3 and issue #38 and rfc1459 <= 200 */
#define HANDLEN 32 /* valid values 9->NICKMAX */
#define NICKMAX 32 /* valid values HANDLEN->32 */
#define USERLEN 10


/* Handy string lengths */
@@ -0,0 +1,41 @@
# Makefile for src/mod/ident.mod/

srcdir = .


doofus:
@echo "" && \
echo "Let's try this from the right directory..." && \
echo "" && \
cd ../../../ && $(MAKE)

static: ../ident.o

modules: ../../../ident.$(MOD_EXT)

../ident.o:
$(CC) $(CFLAGS) $(CPPFLAGS) -DMAKING_MODS -c $(srcdir)/ident.c && mv -f ident.o ../

../../../ident.$(MOD_EXT): ../ident.o
$(LD) $(CFLAGS) -o ../../../ident.$(MOD_EXT) ../ident.o $(XLIBS) $(MODULE_XLIBS) && $(STRIP) ../../../ident.$(MOD_EXT)

depend:
$(CC) $(CFLAGS) -MM $(srcdir)/ident.c -MT ../ident.o > .depend

clean:
@rm -f .depend *.o *.$(MOD_EXT) *~

distclean: clean

#safety hash
../ident.o: .././ident.mod/ident.c ../../../src/mod/module.h \
../../../src/main.h ../../../config.h ../../../eggint.h ../../../lush.h \
../../../src/lang.h ../../../src/eggdrop.h ../../../src/compat/in6.h \
../../../src/flags.h ../../../src/cmdt.h ../../../src/tclegg.h \
../../../src/tclhash.h ../../../src/chan.h ../../../src/users.h \
../../../src/compat/compat.h ../../../src/compat/inet_aton.h \
../../../src/compat/snprintf.h ../../../src/compat/strcasecmp.h \
../../../src/compat/inet_ntop.h ../../../src/compat/inet_pton.h \
../../../src/compat/gethostbyname2.h ../../../src/compat/strlcpy.h \
../../../src/mod/modvals.h ../../../src/tandem.h \
../../../src/mod/server.mod/server.h
@@ -0,0 +1,7 @@
%{help=ident module}%{+n}
### %bident module%b
This module provides support for alternate methods of providing ident.

Config file variables for configuring the ident module:
%bident-method%b
(Use %b'.help set <variable>'%b for more info)
@@ -0,0 +1,18 @@
%{help=set ident-method}%{+n}
### %bset ident-method%b <0/1>
Set the ident method you wish to use. See doc/settings/mod.ident for
additional information.
%b0%b: oidentd
Your bot will overwrite $HOME/.oidentd.conf right before opening the
socket to the IRC server with the global reply.
NOTE: requires the oident service to be running on the host machine
%b1%b: Builtin
Your bot will automatically turn its builtin identd on and off when
needed so it shouldn't conflict with other identds that do the same.
### %bset ident-port%b <port>
This sets the port which port Eggdrop will attempt to bind to for option 1
of ident-method. Most OSs do not allow non-privileged programs such as
Eggdrop to bind to ports <1024; please read doc/settings/mod.ident for
suggestions on how to implement this setting.
~
~

0 comments on commit 5d725fb

Please sign in to comment.
You can’t perform that action at this time.