Be a little more verbose about XAuth configs in ipsec statusall
authorMartin Willi <martin@revosec.ch>
Thu, 15 Dec 2011 12:13:30 +0000 (13:13 +0100)
committerMartin Willi <martin@revosec.ch>
Tue, 20 Mar 2012 16:31:23 +0000 (17:31 +0100)
src/libcharon/plugins/stroke/stroke_list.c

index 2246e74..d2fda1b 100644 (file)
@@ -319,11 +319,7 @@ static void log_auth_cfgs(FILE *out, peer_cfg_t *peer_cfg, bool local)
                                auth->get(auth, AUTH_RULE_IDENTITY));
 
                auth_class = (uintptr_t)auth->get(auth, AUTH_RULE_AUTH_CLASS);
-               if (auth_class != AUTH_CLASS_EAP)
-               {
-                       fprintf(out, "%N authentication\n", auth_class_names, auth_class);
-               }
-               else
+               if (auth_class == AUTH_CLASS_EAP)
                {
                        if ((uintptr_t)auth->get(auth, AUTH_RULE_EAP_TYPE) == EAP_NAK)
                        {
@@ -350,6 +346,21 @@ static void log_auth_cfgs(FILE *out, peer_cfg_t *peer_cfg, bool local)
                        }
                        fprintf(out, "\n");
                }
+               else if (auth_class == AUTH_CLASS_XAUTH)
+               {
+                       fprintf(out, "%N authentication: %s", auth_class_names, auth_class,
+                                       auth->get(auth, AUTH_RULE_XAUTH_BACKEND) ?: "any");
+                       id = auth->get(auth, AUTH_RULE_XAUTH_IDENTITY);
+                       if (id)
+                       {
+                               fprintf(out, " with XAuth identity '%Y'", id);
+                       }
+                       fprintf(out, "\n");
+               }
+               else
+               {
+                       fprintf(out, "%N authentication\n", auth_class_names, auth_class);
+               }
 
                cert = auth->get(auth, AUTH_RULE_CA_CERT);
                if (cert)