Commit 155bd247742db6b451b668942b1f45d6654bb7f0
0 parents
initial commit of working version
Showing
2 changed files
with
67 additions
and
0 deletions
README.md
0 → 100644
| 1 | +++ a/README.md |
privacyidea-checkotp
0 → 100755
| 1 | +++ a/privacyidea-checkotp | ||
| 1 | +#!/bin/bash | ||
| 2 | + | ||
| 3 | +# privacyidea-checkotp - shell implementation of the PrivacyIDEA OTP check for | ||
| 4 | +# integration with FreeRadius on systems without perl | ||
| 5 | +# | ||
| 6 | +# Version 1.0, latest version available from: | ||
| 7 | +# https://gitlab.lindenaar.net/scripts/privacyidea-checkotp | ||
| 8 | +# | ||
| 9 | +# Copyright (c) 2015 Frederik Lindenaar | ||
| 10 | +# | ||
| 11 | +# This script is free software: you can redistribute and/or modify it under the | ||
| 12 | +# terms of the GNU General Public License as published by the Free Software | ||
| 13 | +# Foundation, either version 3 of the License, or (at your option) any later version. | ||
| 14 | +# | ||
| 15 | +# This script is distributed in the hope that it will be useful, but WITHOUT ANY | ||
| 16 | +# WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR | ||
| 17 | +# A PARTICULAR PURPOSE. See the GNU General Public License for more details. | ||
| 18 | +# | ||
| 19 | +# You should have received a copy of the GNU General Public License along with | ||
| 20 | +# this program. If not, see <http://www.gnu.org/licenses/>. | ||
| 21 | + | ||
| 22 | +# If called for the Outbound-User Service type, exit immediately (not supported) | ||
| 23 | +if [ "$SERVICE_TYPE" = "Outbound-User" ]; then | ||
| 24 | + exit 8 | ||
| 25 | +fi | ||
| 26 | + | ||
| 27 | +# Simple script to validate an OTP with PrivacyIDEA | ||
| 28 | + | ||
| 29 | +if [ $# = 1 ]; then | ||
| 30 | + URL="$1/validate/check" | ||
| 31 | + LOGIN=`echo "${STRIPPED_USER_NAME:-$USER_NAME}" | sed 's/^"\(.*\)"$/\1/'` | ||
| 32 | + PASSWORD=`echo "$USER_PASSWORD" | sed 's/^"\(.*\)"$/\1/'` | ||
| 33 | + NAS=`echo "$NAS_IP_ADDRESS" | sed 's/^"\(.*\)"$/\1/'` | ||
| 34 | +# LOGIN="${User-Name}" | ||
| 35 | +# PASSWORD="${User-Password}" | ||
| 36 | +# NAS="${NAS-IP-Address}" | ||
| 37 | +elif [ $# = 3 ]; then | ||
| 38 | + URL="$1/validate/check" | ||
| 39 | + LOGIN="$2" | ||
| 40 | + PASSWORD="$3" | ||
| 41 | + NAS= | ||
| 42 | +elif [ $# = 4 ]; then | ||
| 43 | + URL="$1/validate/check" | ||
| 44 | + LOGIN="$2" | ||
| 45 | + PASSWORD="$3" | ||
| 46 | + NAS="$4" | ||
| 47 | +else | ||
| 48 | + echo "Usage: `basename $0` <urlprefix> [login password [nasip]]" | ||
| 49 | + exit 2 | ||
| 50 | +fi | ||
| 51 | + | ||
| 52 | +otpresult=`/usr/bin/curl -s "$URL" --data-urlencode "user=$LOGIN" --data-urlencode "pass=$PASSWORD" --data-urlencode "client=$NAS"` | ||
| 53 | + | ||
| 54 | +otpstatus=`echo $otpresult | sed 's/^{.*"result": { "status": true, "value": \(.*\) },.*}/\1/'` | ||
| 55 | + | ||
| 56 | +if [ "$otpstatus" = "true" ]; then | ||
| 57 | +# echo $LOGIN did authenticate $otpresult | ||
| 58 | + echo Auth-Type=PrivacyIDEA | ||
| 59 | + exit 0 | ||
| 60 | +elif [ "$otpstatus" = "false" ]; then | ||
| 61 | +# echo $LOGIN did not authenticate $otpresult | ||
| 62 | + echo Auth-Type=REJECT | ||
| 63 | + exit 1 | ||
| 64 | +else | ||
| 65 | + echo Error occurred while connecting to $URL, got result: "$otpresult" | ||
| 66 | + exit 2 | ||
| 67 | +fi |