From: Tobias Brunner <tobias@strongswan.org>
Date: Fri, 4 Oct 2013 08:49:54 +0000 (+0200)
Subject: xauth-pam: Make trimming of email addresses optional
X-Git-Tag: 5.1.1dr4^0
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=3e3db3743e1c11200f58a91f2b6745364cb42c5c;p=thirdparty%2Fstrongswan.git

xauth-pam: Make trimming of email addresses optional

Fixes #430.
---

diff --git a/man/strongswan.conf.5.in b/man/strongswan.conf.5.in
index ff7d8ef586..1df58a7ee3 100644
--- a/man/strongswan.conf.5.in
+++ b/man/strongswan.conf.5.in
@@ -757,6 +757,10 @@ EAP plugin to be used as backend for XAuth credential verification
 .TP
 .BR charon.plugins.xauth-pam.pam_service " [login]"
 PAM service to be used for authentication
+.TP
+.BR charon.plugins.xauth-pam.trim_email " [yes]"
+If an email address is given as an XAuth username, trim it to just the
+username part.
 .SS libstrongswan section
 .TP
 .BR libstrongswan.cert_cache " [yes]"
diff --git a/src/libcharon/plugins/xauth_pam/xauth_pam.c b/src/libcharon/plugins/xauth_pam/xauth_pam.c
index 6cbe1c2638..8ba2c764d9 100644
--- a/src/libcharon/plugins/xauth_pam/xauth_pam.c
+++ b/src/libcharon/plugins/xauth_pam/xauth_pam.c
@@ -134,12 +134,17 @@ METHOD(xauth_method_t, process, status_t,
 		switch (attr->get_type(attr))
 		{
 			case XAUTH_USER_NAME:
-				/* trim to username part if email address given */
 				chunk = attr->get_chunk(attr);
-				pos = memchr(chunk.ptr, '@', chunk.len);
-				if (pos)
+				/* trim to username part if email address given */
+				if (lib->settings->get_bool(lib->settings,
+											"%s.plugins.xauth-pam.trim_email",
+											TRUE, charon->name))
 				{
-					chunk.len = (u_char*)pos - chunk.ptr;
+					pos = memchr(chunk.ptr, '@', chunk.len);
+					if (pos)
+					{
+						chunk.len = (u_char*)pos - chunk.ptr;
+					}
 				}
 				attr2string(user, sizeof(user), chunk);
 				break;