privacyidea-checkotp
2.27 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
#!/bin/bash
#
# privacyidea-checkotp - shell implementation of the PrivacyIDEA OTP check for
# integration with FreeRadius on systems without perl
#
# Version 1.0, latest version, documentation and bugtracker available at:
# https://gitlab.lindenaar.net/scripts/privacyidea-checkotp
#
# Copyright (c) 2015 Frederik Lindenaar
#
# This script is free software: you can redistribute and/or modify it under the
# terms of version 3 of the GNU General Public License as published by the Free
# Software Foundation, or (at your option) any later version of the license.
#
# This script is distributed in the hope that it will be useful but WITHOUT ANY
# WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR
# A PARTICULAR PURPOSE. See the GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License along with
# this program. If not, visit <http://www.gnu.org/licenses/> to download it.
# If called for the Outbound-User Service type, exit immediately (not supported)
if [ "$SERVICE_TYPE" = "Outbound-User" ]; then
exit 8
fi
# Obtain parameters from command line or environment variables
if [ $# = 1 ]; then
URL="$1/validate/check"
LOGIN=`echo "${STRIPPED_USER_NAME:-$USER_NAME}" | sed 's/^"\(.*\)"$/\1/'`
PASSWORD=`echo "$USER_PASSWORD" | sed 's/^"\(.*\)"$/\1/'`
NAS=`echo "$NAS_IP_ADDRESS" | sed 's/^"\(.*\)"$/\1/'`
elif [ $# = 3 ]; then
URL="$1/validate/check"
LOGIN="$2"
PASSWORD="$3"
NAS=
elif [ $# = 4 ]; then
URL="$1/validate/check"
LOGIN="$2"
PASSWORD="$3"
NAS="$4"
else
echo "Usage: `basename $0` <urlprefix> [login password [nasip]]"
exit 2
fi
# Obtain the result using curl
otpresult=`/usr/bin/curl -s "$URL" --data-urlencode "user=$LOGIN" --data-urlencode "pass=$PASSWORD" --data-urlencode "client=$NAS"`
# Extract the status of the request from the returned JSON
otpstatus=`echo $otpresult | sed 's/^{.*"result": *{ *"status": *true, *"value": *\(.*\) *},.*}/\1/'`
if [ "$otpstatus" = "true" ]; then
# echo $LOGIN did authenticate $otpresult
echo Auth-Type=PrivacyIDEA
exit 0
elif [ "$otpstatus" = "false" ]; then
# echo $LOGIN did not authenticate $otpresult
echo Auth-Type=REJECT
exit 1
else
echo Error occurred while connecting to $URL, got result: "$otpresult"
exit 2
fi