Be a little more verbose about XAuth configs in ipsec statusall

1 files changed, 16 insertions, 5 deletions

diff --git a/src/libcharon/plugins/stroke/stroke_list.c b/src/libcharon/plugins/stroke/stroke_list.c
index 2246e748d..d2fda1b3c 100644
--- a/src/libcharon/plugins/stroke/stroke_list.c
+++ b/src/libcharon/plugins/stroke/stroke_list.c
@@ -319,11 +319,7 @@ static void log_auth_cfgs(FILE *out, peer_cfg_t *peer_cfg, bool local)
 				auth->get(auth, AUTH_RULE_IDENTITY));
 
 		auth_class = (uintptr_t)auth->get(auth, AUTH_RULE_AUTH_CLASS);
-		if (auth_class != AUTH_CLASS_EAP)
-		{
-			fprintf(out, "%N authentication\n", auth_class_names, auth_class);
-		}
-		else
+		if (auth_class == AUTH_CLASS_EAP)
 		{
 			if ((uintptr_t)auth->get(auth, AUTH_RULE_EAP_TYPE) == EAP_NAK)
 			{
@@ -350,6 +346,21 @@ static void log_auth_cfgs(FILE *out, peer_cfg_t *peer_cfg, bool local)
 			}
 			fprintf(out, "\n");
 		}
+		else if (auth_class == AUTH_CLASS_XAUTH)
+		{
+			fprintf(out, "%N authentication: %s", auth_class_names, auth_class,
+					auth->get(auth, AUTH_RULE_XAUTH_BACKEND) ?: "any");
+			id = auth->get(auth, AUTH_RULE_XAUTH_IDENTITY);
+			if (id)
+			{
+				fprintf(out, " with XAuth identity '%Y'", id);
+			}
+			fprintf(out, "\n");
+		}
+		else
+		{
+			fprintf(out, "%N authentication\n", auth_class_names, auth_class);
+		}
 
 		cert = auth->get(auth, AUTH_RULE_CA_CERT);
 		if (cert)