ext_unix_group_acl: Add support via -r flag to strip @REALM from usernames

diff --git a/helpers/external_acl/unix_group/check_group.cc b/helpers/external_acl/unix_group/check_group.cc
index 987f13ff10d3304fd81343c86b979a444e77e0b3..c816b70dc7845f55dfc4bb88b40036dda57e5ccd 100644 (file)
--- a/helpers/external_acl/unix_group/check_group.cc
+++ b/helpers/external_acl/unix_group/check_group.cc
@@ -140,6 +140,8 @@ usage(char *program)
             "-p                        Verify primary user group as well\n");
     fprintf(stderr,
             "-s                        Strip NT domain from usernames\n");
+    fprintf(stderr,
+            "-r                        Strip Kerberos realm from usernames\n");
 }
 
 int
@@ -148,13 +150,13 @@ main(int argc, char *argv[])
     char *user, *suser, *p;
     char buf[HELPER_INPUT_BUFFER];
     char **grents = NULL;
-    int check_pw = 0, ch, ngroups = 0, i, j = 0, strip_dm = 0;
+    int check_pw = 0, ch, ngroups = 0, i, j = 0, strip_dm = 0, strip_rm = 0;
 
     /* make standard output line buffered */
     setvbuf(stdout, NULL, _IOLBF, 0);
 
     /* get user options */
-    while ((ch = getopt(argc, argv, "dspg:")) != -1) {
+    while ((ch = getopt(argc, argv, "dsrpg:")) != -1) {
         switch (ch) {
         case 'd':
             debug_enabled = 1;
@@ -162,6 +164,9 @@ main(int argc, char *argv[])
         case 's':
             strip_dm = 1;
             break;
+        case 'r':
+            strip_rm = 1;
+            break;
         case 'p':
             check_pw = 1;
             break;
@@ -213,6 +218,10 @@ main(int argc, char *argv[])
                 if (!suser) suser = strchr(user, '/');
                 if (suser && suser[1]) user = suser + 1;
             }
+            if (strip_rm) {
+                suser = strchr(user, '@');
+                if (suser) *suser = '\0';
+            }
             /* check groups supplied by Squid */
             while ((p = strtok(NULL, " ")) != NULL) {
                 rfc1738_unescape(p);