diff options
author | Luke Howard <lukeh@padl.com> | 2011-04-03 04:27:55 +0000 |
---|---|---|
committer | Luke Howard <lukeh@padl.com> | 2011-04-03 04:27:55 +0000 |
commit | 83818071a2e312f81de9f5243ebe2d34669dcc94 (patch) | |
tree | 2de96e7750e177b87712ec67304a12485a325133 | |
parent | 39533629f333842fb0a1eb6d902e5f5d2119e72e (diff) | |
download | krb5-83818071a2e312f81de9f5243ebe2d34669dcc94.zip krb5-83818071a2e312f81de9f5243ebe2d34669dcc94.tar.gz krb5-83818071a2e312f81de9f5243ebe2d34669dcc94.tar.bz2 |
Add an option to saml_sign for generating RADIUS AAA configuration
git-svn-id: svn://anonsvn.mit.edu/krb5/users/lhoward/saml2@24810 dc483132-0cff-0310-8789-dd5450dbe970
-rw-r--r-- | src/plugins/authdata/saml_server/saml_sign.cpp | 41 |
1 files changed, 40 insertions, 1 deletions
diff --git a/src/plugins/authdata/saml_server/saml_sign.cpp b/src/plugins/authdata/saml_server/saml_sign.cpp index e07502f..7155ed4 100644 --- a/src/plugins/authdata/saml_server/saml_sign.cpp +++ b/src/plugins/authdata/saml_server/saml_sign.cpp @@ -53,11 +53,18 @@ int main(int argc, char *argv[]) krb5_authdata authdata; saml2::Assertion *assertion = NULL; string signedAssertionBuf; + int radius = 0; memset(&ent, 0, sizeof(ent)); memset(&key, 0, sizeof(key)); memset(&data, 0, sizeof(data)); + if (argc > 1 && strcmp(argv[1], "-radius") == 0) { + radius = 1; + argc--; + argv++; + } + if (argc > 4 || (argc > 1 && strcmp(argv[1], "-help") == 0)) { fprintf(stderr, "Usage: %s [assertion.xml|-] [idp-princ|-] [keytab|-]\n", argv[0]); return EINVAL; @@ -169,7 +176,39 @@ int main(int argc, char *argv[]) goto cleanup; } - fprintf(stdout, "%s\n", signedAssertionBuf.c_str()); + if (radius) { + /* Format assertion so that it can be loaded into FreeRADIUS */ + size_t i, j, len = signedAssertionBuf.length(); + const char *p = signedAssertionBuf.c_str(); +#define WRAP_LEN 200 + + for (i = 0, j = 0; i < len; i++) { + int esc = 0; + char c = p[i]; + + if ((j % WRAP_LEN) == 0) { + if (j) + printf("\"\n"); + printf("\t\tSAML-AAA-Assertion = \""); + } + if (c == '\n') { + esc++; + c = 'n'; + } else if (c == '"') { + esc++; + c = '"'; + } + if (esc) { + printf("\\"); + j++; + } + printf("%c", c); + j++; + } + printf("\"\n"); + } else { + printf("%s\n", signedAssertionBuf.c_str()); + } cleanup: if (fp != stdin) |