Commit 155bd247742db6b451b668942b1f45d6654bb7f0
0 parents
initial commit of working version
Showing
2 changed files
with
67 additions
and
0 deletions
README.md
0 → 100644
1 | +++ a/README.md | |
... | ... |
privacyidea-checkotp
0 → 100755
1 | +++ a/privacyidea-checkotp | |
1 | +#!/bin/bash | |
2 | + | |
3 | +# privacyidea-checkotp - shell implementation of the PrivacyIDEA OTP check for | |
4 | +# integration with FreeRadius on systems without perl | |
5 | +# | |
6 | +# Version 1.0, latest version available from: | |
7 | +# https://gitlab.lindenaar.net/scripts/privacyidea-checkotp | |
8 | +# | |
9 | +# Copyright (c) 2015 Frederik Lindenaar | |
10 | +# | |
11 | +# This script is free software: you can redistribute and/or modify it under the | |
12 | +# terms of the GNU General Public License as published by the Free Software | |
13 | +# Foundation, either version 3 of the License, or (at your option) any later version. | |
14 | +# | |
15 | +# This script is distributed in the hope that it will be useful, but WITHOUT ANY | |
16 | +# WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR | |
17 | +# A PARTICULAR PURPOSE. See the GNU General Public License for more details. | |
18 | +# | |
19 | +# You should have received a copy of the GNU General Public License along with | |
20 | +# this program. If not, see <http://www.gnu.org/licenses/>. | |
21 | + | |
22 | +# If called for the Outbound-User Service type, exit immediately (not supported) | |
23 | +if [ "$SERVICE_TYPE" = "Outbound-User" ]; then | |
24 | + exit 8 | |
25 | +fi | |
26 | + | |
27 | +# Simple script to validate an OTP with PrivacyIDEA | |
28 | + | |
29 | +if [ $# = 1 ]; then | |
30 | + URL="$1/validate/check" | |
31 | + LOGIN=`echo "${STRIPPED_USER_NAME:-$USER_NAME}" | sed 's/^"\(.*\)"$/\1/'` | |
32 | + PASSWORD=`echo "$USER_PASSWORD" | sed 's/^"\(.*\)"$/\1/'` | |
33 | + NAS=`echo "$NAS_IP_ADDRESS" | sed 's/^"\(.*\)"$/\1/'` | |
34 | +# LOGIN="${User-Name}" | |
35 | +# PASSWORD="${User-Password}" | |
36 | +# NAS="${NAS-IP-Address}" | |
37 | +elif [ $# = 3 ]; then | |
38 | + URL="$1/validate/check" | |
39 | + LOGIN="$2" | |
40 | + PASSWORD="$3" | |
41 | + NAS= | |
42 | +elif [ $# = 4 ]; then | |
43 | + URL="$1/validate/check" | |
44 | + LOGIN="$2" | |
45 | + PASSWORD="$3" | |
46 | + NAS="$4" | |
47 | +else | |
48 | + echo "Usage: `basename $0` <urlprefix> [login password [nasip]]" | |
49 | + exit 2 | |
50 | +fi | |
51 | + | |
52 | +otpresult=`/usr/bin/curl -s "$URL" --data-urlencode "user=$LOGIN" --data-urlencode "pass=$PASSWORD" --data-urlencode "client=$NAS"` | |
53 | + | |
54 | +otpstatus=`echo $otpresult | sed 's/^{.*"result": { "status": true, "value": \(.*\) },.*}/\1/'` | |
55 | + | |
56 | +if [ "$otpstatus" = "true" ]; then | |
57 | +# echo $LOGIN did authenticate $otpresult | |
58 | + echo Auth-Type=PrivacyIDEA | |
59 | + exit 0 | |
60 | +elif [ "$otpstatus" = "false" ]; then | |
61 | +# echo $LOGIN did not authenticate $otpresult | |
62 | + echo Auth-Type=REJECT | |
63 | + exit 1 | |
64 | +else | |
65 | + echo Error occurred while connecting to $URL, got result: "$otpresult" | |
66 | + exit 2 | |
67 | +fi | |
... | ... |