2 files changed, 12 insertions, 0 deletions

diff --git a/src/libstrongswan/credentials/auth_cfg.c b/src/libstrongswan/credentials/auth_cfg.c
index 4b5dbbcf7..c9a8be61e 100644
--- a/src/libstrongswan/credentials/auth_cfg.c
+++ b/src/libstrongswan/credentials/auth_cfg.c
@@ -37,6 +37,7 @@ ENUM(auth_rule_names, AUTH_RULE_IDENTITY, AUTH_HELPER_REVOCATION_CERT,
 	"RULE_EAP_IDENTITY",
 	"RULE_EAP_TYPE",
 	"RULE_EAP_VENDOR",
+	"RULE_XAUTH_BACKEND",
 	"RULE_CA_CERT",
 	"RULE_IM_CERT",
 	"RULE_SUBJECT_CERT",
@@ -159,6 +160,7 @@ static void destroy_entry_value(entry_t *entry)
 			break;
 		}
 		case AUTH_RULE_CERT_POLICY:
+		case AUTH_RULE_XAUTH_BACKEND:
 		case AUTH_HELPER_IM_HASH_URL:
 		case AUTH_HELPER_SUBJECT_HASH_URL:
 		{
@@ -205,6 +207,7 @@ static void replace(private_auth_cfg_t *this, entry_enumerator_t *enumerator,
 			case AUTH_RULE_IDENTITY:
 			case AUTH_RULE_EAP_IDENTITY:
 			case AUTH_RULE_AAA_IDENTITY:
+			case AUTH_RULE_XAUTH_BACKEND:
 			case AUTH_RULE_GROUP:
 			case AUTH_RULE_CA_CERT:
 			case AUTH_RULE_IM_CERT:
@@ -273,6 +276,7 @@ METHOD(auth_cfg_t, get, void*,
 		case AUTH_RULE_IDENTITY:
 		case AUTH_RULE_EAP_IDENTITY:
 		case AUTH_RULE_AAA_IDENTITY:
+		case AUTH_RULE_XAUTH_BACKEND:
 		case AUTH_RULE_GROUP:
 		case AUTH_RULE_CA_CERT:
 		case AUTH_RULE_IM_CERT:
@@ -313,6 +317,7 @@ static void add(private_auth_cfg_t *this, auth_rule_t type, ...)
 		case AUTH_RULE_IDENTITY:
 		case AUTH_RULE_EAP_IDENTITY:
 		case AUTH_RULE_AAA_IDENTITY:
+		case AUTH_RULE_XAUTH_BACKEND:
 		case AUTH_RULE_GROUP:
 		case AUTH_RULE_CA_CERT:
 		case AUTH_RULE_IM_CERT:
@@ -577,6 +582,8 @@ METHOD(auth_cfg_t, complies, bool,
 				}
 				break;
 			}
+			case AUTH_RULE_XAUTH_BACKEND:
+				/* not enforced, just a hint for local authentication */
 			case AUTH_HELPER_IM_CERT:
 			case AUTH_HELPER_SUBJECT_CERT:
 			case AUTH_HELPER_IM_HASH_URL:
@@ -656,6 +663,7 @@ static void merge(private_auth_cfg_t *this, private_auth_cfg_t *other, bool copy
 					add(this, type, id->clone(id));
 					break;
 				}
+				case AUTH_RULE_XAUTH_BACKEND:
 				case AUTH_RULE_CERT_POLICY:
 				case AUTH_HELPER_IM_HASH_URL:
 				case AUTH_HELPER_SUBJECT_HASH_URL:
@@ -755,6 +763,7 @@ static bool equals(private_auth_cfg_t *this, private_auth_cfg_t *other)
 						}
 						continue;
 					}
+					case AUTH_RULE_XAUTH_BACKEND:
 					case AUTH_RULE_CERT_POLICY:
 					case AUTH_HELPER_IM_HASH_URL:
 					case AUTH_HELPER_SUBJECT_HASH_URL:
@@ -840,6 +849,7 @@ METHOD(auth_cfg_t, clone_, auth_cfg_t*,
 				clone->add(clone, entry->type, cert->get_ref(cert));
 				break;
 			}
+			case AUTH_RULE_XAUTH_BACKEND:
 			case AUTH_RULE_CERT_POLICY:
 			case AUTH_HELPER_IM_HASH_URL:
 			case AUTH_HELPER_SUBJECT_HASH_URL:
diff --git a/src/libstrongswan/credentials/auth_cfg.h b/src/libstrongswan/credentials/auth_cfg.h
index fd8e4c06a..3e0fc7376 100644
--- a/src/libstrongswan/credentials/auth_cfg.h
+++ b/src/libstrongswan/credentials/auth_cfg.h
@@ -78,6 +78,8 @@ enum auth_rule_t {
 	AUTH_RULE_EAP_TYPE,
 	/** EAP vendor for vendor specific type, u_int32_t */
 	AUTH_RULE_EAP_VENDOR,
+	/** XAUTH backend name to use, char* */
+	AUTH_RULE_XAUTH_BACKEND,
 	/** certificate authority, certificate_t* */
 	AUTH_RULE_CA_CERT,
 	/** intermediate certificate in trustchain, certificate_t* */