aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat
-rw-r--r--man/strongswan.conf.5.in4
-rw-r--r--src/libcharon/plugins/xauth_pam/xauth_pam.c13
2 files changed, 13 insertions, 4 deletions
diff --git a/man/strongswan.conf.5.in b/man/strongswan.conf.5.in
index ff7d8ef58..1df58a7ee 100644
--- a/man/strongswan.conf.5.in
+++ b/man/strongswan.conf.5.in
@@ -757,6 +757,10 @@ EAP plugin to be used as backend for XAuth credential verification
.TP
.BR charon.plugins.xauth-pam.pam_service " [login]"
PAM service to be used for authentication
+.TP
+.BR charon.plugins.xauth-pam.trim_email " [yes]"
+If an email address is given as an XAuth username, trim it to just the
+username part.
.SS libstrongswan section
.TP
.BR libstrongswan.cert_cache " [yes]"
diff --git a/src/libcharon/plugins/xauth_pam/xauth_pam.c b/src/libcharon/plugins/xauth_pam/xauth_pam.c
index 6cbe1c263..8ba2c764d 100644
--- a/src/libcharon/plugins/xauth_pam/xauth_pam.c
+++ b/src/libcharon/plugins/xauth_pam/xauth_pam.c
@@ -134,12 +134,17 @@ METHOD(xauth_method_t, process, status_t,
switch (attr->get_type(attr))
{
case XAUTH_USER_NAME:
- /* trim to username part if email address given */
chunk = attr->get_chunk(attr);
- pos = memchr(chunk.ptr, '@', chunk.len);
- if (pos)
+ /* trim to username part if email address given */
+ if (lib->settings->get_bool(lib->settings,
+ "%s.plugins.xauth-pam.trim_email",
+ TRUE, charon->name))
{
- chunk.len = (u_char*)pos - chunk.ptr;
+ pos = memchr(chunk.ptr, '@', chunk.len);
+ if (pos)
+ {
+ chunk.len = (u_char*)pos - chunk.ptr;
+ }
}
attr2string(user, sizeof(user), chunk);
break;
generated by cgit v1.2.3 (git 2.25.1) at 2025-07-22 20:46:57 +0000