make an optional XAUTH user ID available in the updown script
[strongswan.git] / src / pluto / kernel.c
index 79ba3aa..d17489d 100644 (file)
@@ -464,9 +464,11 @@ static bool do_command(connection_t *c, struct spd_route *sr,
                        peerclientnet_str[ADDRTOT_BUF],
                        peerclientmask_str[ADDRTOT_BUF],
                        peerca_str[BUF_LEN],
+                       xauth_user_str[BUF_LEN] = "",
                        secure_myid_str[BUF_LEN] = "",
                        secure_peerid_str[BUF_LEN] = "",
-                       secure_peerca_str[BUF_LEN] = "";
+                       secure_peerca_str[BUF_LEN] = "",
+                       secure_xauth_user_str[BUF_LEN] = "";
                ip_address ta;
                pubkey_list_t *p;
 
@@ -503,6 +505,15 @@ static bool do_command(connection_t *c, struct spd_route *sr,
                maskof(&sr->this.client, &ta);
                addrtot(&ta, 0, myclientmask_str, sizeof(myclientmask_str));
 
+               if (c->xauth_identity &&
+                       c->xauth_identity->get_type(c->xauth_identity) != ID_ANY)
+               {
+                       snprintf(xauth_user_str, sizeof(xauth_user_str),
+                                        "PLUTO_XAUTH_USER='%Y' ", c->xauth_identity);
+                       escape_metachar(xauth_user_str, secure_xauth_user_str,
+                                        sizeof(secure_xauth_user_str));
+               }
+
                addrtot(&sr->that.host_addr, 0, peer_str, sizeof(peer_str));
                snprintf(peerid_str, sizeof(peerid_str), "%Y", sr->that.id);
                escape_metachar(peerid_str, secure_peerid_str, sizeof(secure_peerid_str));
@@ -560,6 +571,7 @@ static bool do_command(connection_t *c, struct spd_route *sr,
                        "PLUTO_PEER_PROTOCOL='%u' "
                        "PLUTO_PEER_CA='%s' "
                        "%s"        /* optional PLUTO_MY_SRCIP */
+                       "%s"        /* optional PLUTO_XAUTH_USER */
                        "%s"        /* actual script */
                        , verb, verb_suffix
                        , c->name
@@ -583,6 +595,7 @@ static bool do_command(connection_t *c, struct spd_route *sr,
                        , sr->that.protocol
                        , secure_peerca_str
                        , srcip_str
+                       , secure_xauth_user_str
                        , sr->this.updown == NULL? DEFAULT_UPDOWN : sr->this.updown))
                {
                        loglog(RC_LOG_SERIOUS, "%s%s command too long!", verb, verb_suffix);