Commit 155bd247742db6b451b668942b1f45d6654bb7f0

Authored by Frederik Lindenaar
0 parents

initial commit of working version

README.md 0 → 100644
  1 +++ a/README.md
... ...
privacyidea-checkotp 0 → 100755
  1 +++ a/privacyidea-checkotp
  1 +#!/bin/bash
  2 +
  3 +# privacyidea-checkotp - shell implementation of the PrivacyIDEA OTP check for
  4 +# integration with FreeRadius on systems without perl
  5 +#
  6 +# Version 1.0, latest version available from:
  7 +# https://gitlab.lindenaar.net/scripts/privacyidea-checkotp
  8 +#
  9 +# Copyright (c) 2015 Frederik Lindenaar
  10 +#
  11 +# This script is free software: you can redistribute and/or modify it under the
  12 +# terms of the GNU General Public License as published by the Free Software
  13 +# Foundation, either version 3 of the License, or (at your option) any later version.
  14 +#
  15 +# This script is distributed in the hope that it will be useful, but WITHOUT ANY
  16 +# WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR
  17 +# A PARTICULAR PURPOSE. See the GNU General Public License for more details.
  18 +#
  19 +# You should have received a copy of the GNU General Public License along with
  20 +# this program. If not, see <http://www.gnu.org/licenses/>.
  21 +
  22 +# If called for the Outbound-User Service type, exit immediately (not supported)
  23 +if [ "$SERVICE_TYPE" = "Outbound-User" ]; then
  24 + exit 8
  25 +fi
  26 +
  27 +# Simple script to validate an OTP with PrivacyIDEA
  28 +
  29 +if [ $# = 1 ]; then
  30 + URL="$1/validate/check"
  31 + LOGIN=`echo "${STRIPPED_USER_NAME:-$USER_NAME}" | sed 's/^"\(.*\)"$/\1/'`
  32 + PASSWORD=`echo "$USER_PASSWORD" | sed 's/^"\(.*\)"$/\1/'`
  33 + NAS=`echo "$NAS_IP_ADDRESS" | sed 's/^"\(.*\)"$/\1/'`
  34 +# LOGIN="${User-Name}"
  35 +# PASSWORD="${User-Password}"
  36 +# NAS="${NAS-IP-Address}"
  37 +elif [ $# = 3 ]; then
  38 + URL="$1/validate/check"
  39 + LOGIN="$2"
  40 + PASSWORD="$3"
  41 + NAS=
  42 +elif [ $# = 4 ]; then
  43 + URL="$1/validate/check"
  44 + LOGIN="$2"
  45 + PASSWORD="$3"
  46 + NAS="$4"
  47 +else
  48 + echo "Usage: `basename $0` <urlprefix> [login password [nasip]]"
  49 + exit 2
  50 +fi
  51 +
  52 +otpresult=`/usr/bin/curl -s "$URL" --data-urlencode "user=$LOGIN" --data-urlencode "pass=$PASSWORD" --data-urlencode "client=$NAS"`
  53 +
  54 +otpstatus=`echo $otpresult | sed 's/^{.*"result": { "status": true, "value": \(.*\) },.*}/\1/'`
  55 +
  56 +if [ "$otpstatus" = "true" ]; then
  57 +# echo $LOGIN did authenticate $otpresult
  58 + echo Auth-Type=PrivacyIDEA
  59 + exit 0
  60 +elif [ "$otpstatus" = "false" ]; then
  61 +# echo $LOGIN did not authenticate $otpresult
  62 + echo Auth-Type=REJECT
  63 + exit 1
  64 +else
  65 + echo Error occurred while connecting to $URL, got result: "$otpresult"
  66 + exit 2
  67 +fi
... ...