xauth-pam: Make trimming of email addresses optional 5.1.1dr4
authorTobias Brunner <tobias@strongswan.org>
Fri, 4 Oct 2013 08:49:54 +0000 (10:49 +0200)
committerTobias Brunner <tobias@strongswan.org>
Fri, 4 Oct 2013 08:49:54 +0000 (10:49 +0200)
Fixes #430.

man/strongswan.conf.5.in
src/libcharon/plugins/xauth_pam/xauth_pam.c

index ff7d8ef..1df58a7 100644 (file)
@@ -757,6 +757,10 @@ EAP plugin to be used as backend for XAuth credential verification
 .TP
 .BR charon.plugins.xauth-pam.pam_service " [login]"
 PAM service to be used for authentication
+.TP
+.BR charon.plugins.xauth-pam.trim_email " [yes]"
+If an email address is given as an XAuth username, trim it to just the
+username part.
 .SS libstrongswan section
 .TP
 .BR libstrongswan.cert_cache " [yes]"
index 6cbe1c2..8ba2c76 100644 (file)
@@ -134,12 +134,17 @@ METHOD(xauth_method_t, process, status_t,
                switch (attr->get_type(attr))
                {
                        case XAUTH_USER_NAME:
-                               /* trim to username part if email address given */
                                chunk = attr->get_chunk(attr);
-                               pos = memchr(chunk.ptr, '@', chunk.len);
-                               if (pos)
+                               /* trim to username part if email address given */
+                               if (lib->settings->get_bool(lib->settings,
+                                                                                       "%s.plugins.xauth-pam.trim_email",
+                                                                                       TRUE, charon->name))
                                {
-                                       chunk.len = (u_char*)pos - chunk.ptr;
+                                       pos = memchr(chunk.ptr, '@', chunk.len);
+                                       if (pos)
+                                       {
+                                               chunk.len = (u_char*)pos - chunk.ptr;
+                                       }
                                }
                                attr2string(user, sizeof(user), chunk);
                                break;