Commit 155bd247742db6b451b668942b1f45d6654bb7f0
0 parents
initial commit of working version
Showing
2 changed files
with
67 additions
and
0 deletions
README.md
0 → 100644
| 1 | +++ a/README.md | |
| ... | ... |
privacyidea-checkotp
0 → 100755
| 1 | +++ a/privacyidea-checkotp | |
| 1 | +#!/bin/bash | |
| 2 | + | |
| 3 | +# privacyidea-checkotp - shell implementation of the PrivacyIDEA OTP check for | |
| 4 | +# integration with FreeRadius on systems without perl | |
| 5 | +# | |
| 6 | +# Version 1.0, latest version available from: | |
| 7 | +# https://gitlab.lindenaar.net/scripts/privacyidea-checkotp | |
| 8 | +# | |
| 9 | +# Copyright (c) 2015 Frederik Lindenaar | |
| 10 | +# | |
| 11 | +# This script is free software: you can redistribute and/or modify it under the | |
| 12 | +# terms of the GNU General Public License as published by the Free Software | |
| 13 | +# Foundation, either version 3 of the License, or (at your option) any later version. | |
| 14 | +# | |
| 15 | +# This script is distributed in the hope that it will be useful, but WITHOUT ANY | |
| 16 | +# WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR | |
| 17 | +# A PARTICULAR PURPOSE. See the GNU General Public License for more details. | |
| 18 | +# | |
| 19 | +# You should have received a copy of the GNU General Public License along with | |
| 20 | +# this program. If not, see <http://www.gnu.org/licenses/>. | |
| 21 | + | |
| 22 | +# If called for the Outbound-User Service type, exit immediately (not supported) | |
| 23 | +if [ "$SERVICE_TYPE" = "Outbound-User" ]; then | |
| 24 | + exit 8 | |
| 25 | +fi | |
| 26 | + | |
| 27 | +# Simple script to validate an OTP with PrivacyIDEA | |
| 28 | + | |
| 29 | +if [ $# = 1 ]; then | |
| 30 | + URL="$1/validate/check" | |
| 31 | + LOGIN=`echo "${STRIPPED_USER_NAME:-$USER_NAME}" | sed 's/^"\(.*\)"$/\1/'` | |
| 32 | + PASSWORD=`echo "$USER_PASSWORD" | sed 's/^"\(.*\)"$/\1/'` | |
| 33 | + NAS=`echo "$NAS_IP_ADDRESS" | sed 's/^"\(.*\)"$/\1/'` | |
| 34 | +# LOGIN="${User-Name}" | |
| 35 | +# PASSWORD="${User-Password}" | |
| 36 | +# NAS="${NAS-IP-Address}" | |
| 37 | +elif [ $# = 3 ]; then | |
| 38 | + URL="$1/validate/check" | |
| 39 | + LOGIN="$2" | |
| 40 | + PASSWORD="$3" | |
| 41 | + NAS= | |
| 42 | +elif [ $# = 4 ]; then | |
| 43 | + URL="$1/validate/check" | |
| 44 | + LOGIN="$2" | |
| 45 | + PASSWORD="$3" | |
| 46 | + NAS="$4" | |
| 47 | +else | |
| 48 | + echo "Usage: `basename $0` <urlprefix> [login password [nasip]]" | |
| 49 | + exit 2 | |
| 50 | +fi | |
| 51 | + | |
| 52 | +otpresult=`/usr/bin/curl -s "$URL" --data-urlencode "user=$LOGIN" --data-urlencode "pass=$PASSWORD" --data-urlencode "client=$NAS"` | |
| 53 | + | |
| 54 | +otpstatus=`echo $otpresult | sed 's/^{.*"result": { "status": true, "value": \(.*\) },.*}/\1/'` | |
| 55 | + | |
| 56 | +if [ "$otpstatus" = "true" ]; then | |
| 57 | +# echo $LOGIN did authenticate $otpresult | |
| 58 | + echo Auth-Type=PrivacyIDEA | |
| 59 | + exit 0 | |
| 60 | +elif [ "$otpstatus" = "false" ]; then | |
| 61 | +# echo $LOGIN did not authenticate $otpresult | |
| 62 | + echo Auth-Type=REJECT | |
| 63 | + exit 1 | |
| 64 | +else | |
| 65 | + echo Error occurred while connecting to $URL, got result: "$otpresult" | |
| 66 | + exit 2 | |
| 67 | +fi | |
| ... | ... |