From 3e3db3743e1c11200f58a91f2b6745364cb42c5c Mon Sep 17 00:00:00 2001 From: Tobias Brunner Date: Fri, 4 Oct 2013 10:49:54 +0200 Subject: [PATCH] xauth-pam: Make trimming of email addresses optional Fixes #430. --- man/strongswan.conf.5.in | 4 ++++ src/libcharon/plugins/xauth_pam/xauth_pam.c | 13 +++++++++---- 2 files changed, 13 insertions(+), 4 deletions(-) diff --git a/man/strongswan.conf.5.in b/man/strongswan.conf.5.in index ff7d8ef586..1df58a7ee3 100644 --- a/man/strongswan.conf.5.in +++ b/man/strongswan.conf.5.in @@ -757,6 +757,10 @@ EAP plugin to be used as backend for XAuth credential verification .TP .BR charon.plugins.xauth-pam.pam_service " [login]" PAM service to be used for authentication +.TP +.BR charon.plugins.xauth-pam.trim_email " [yes]" +If an email address is given as an XAuth username, trim it to just the +username part. .SS libstrongswan section .TP .BR libstrongswan.cert_cache " [yes]" diff --git a/src/libcharon/plugins/xauth_pam/xauth_pam.c b/src/libcharon/plugins/xauth_pam/xauth_pam.c index 6cbe1c2638..8ba2c764d9 100644 --- a/src/libcharon/plugins/xauth_pam/xauth_pam.c +++ b/src/libcharon/plugins/xauth_pam/xauth_pam.c @@ -134,12 +134,17 @@ METHOD(xauth_method_t, process, status_t, switch (attr->get_type(attr)) { case XAUTH_USER_NAME: - /* trim to username part if email address given */ chunk = attr->get_chunk(attr); - pos = memchr(chunk.ptr, '@', chunk.len); - if (pos) + /* trim to username part if email address given */ + if (lib->settings->get_bool(lib->settings, + "%s.plugins.xauth-pam.trim_email", + TRUE, charon->name)) { - chunk.len = (u_char*)pos - chunk.ptr; + pos = memchr(chunk.ptr, '@', chunk.len); + if (pos) + { + chunk.len = (u_char*)pos - chunk.ptr; + } } attr2string(user, sizeof(user), chunk); break; -- 2.47.3