Commit 76b51f60abf1c42a05072519486a4d96bf5635f8
1 parent
155bd247
textual updates
Showing
1 changed file
with
9 additions
and
11 deletions
privacyidea-checkotp
| 1 | #!/bin/bash | 1 | #!/bin/bash |
| 2 | - | 2 | +# |
| 3 | # privacyidea-checkotp - shell implementation of the PrivacyIDEA OTP check for | 3 | # privacyidea-checkotp - shell implementation of the PrivacyIDEA OTP check for |
| 4 | # integration with FreeRadius on systems without perl | 4 | # integration with FreeRadius on systems without perl |
| 5 | # | 5 | # |
| 6 | -# Version 1.0, latest version available from: | 6 | +# Version 1.0, latest version, documentation and bugtracker available at: |
| 7 | # https://gitlab.lindenaar.net/scripts/privacyidea-checkotp | 7 | # https://gitlab.lindenaar.net/scripts/privacyidea-checkotp |
| 8 | # | 8 | # |
| 9 | # Copyright (c) 2015 Frederik Lindenaar | 9 | # Copyright (c) 2015 Frederik Lindenaar |
| 10 | # | 10 | # |
| 11 | # This script is free software: you can redistribute and/or modify it under the | 11 | # This script is free software: you can redistribute and/or modify it under the |
| 12 | -# terms of the GNU General Public License as published by the Free Software | ||
| 13 | -# Foundation, either version 3 of the License, or (at your option) any later version. | 12 | +# terms of version 3 of the GNU General Public License as published by the Free |
| 13 | +# Software Foundation, or (at your option) any later version of the license. | ||
| 14 | # | 14 | # |
| 15 | -# This script is distributed in the hope that it will be useful, but WITHOUT ANY | 15 | +# This script is distributed in the hope that it will be useful but WITHOUT ANY |
| 16 | # WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR | 16 | # WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR |
| 17 | # A PARTICULAR PURPOSE. See the GNU General Public License for more details. | 17 | # A PARTICULAR PURPOSE. See the GNU General Public License for more details. |
| 18 | # | 18 | # |
| 19 | # You should have received a copy of the GNU General Public License along with | 19 | # You should have received a copy of the GNU General Public License along with |
| 20 | -# this program. If not, see <http://www.gnu.org/licenses/>. | 20 | +# this program. If not, visit <http://www.gnu.org/licenses/> to download it. |
| 21 | 21 | ||
| 22 | # If called for the Outbound-User Service type, exit immediately (not supported) | 22 | # If called for the Outbound-User Service type, exit immediately (not supported) |
| 23 | if [ "$SERVICE_TYPE" = "Outbound-User" ]; then | 23 | if [ "$SERVICE_TYPE" = "Outbound-User" ]; then |
| 24 | exit 8 | 24 | exit 8 |
| 25 | fi | 25 | fi |
| 26 | 26 | ||
| 27 | -# Simple script to validate an OTP with PrivacyIDEA | ||
| 28 | - | 27 | +# Obtain parameters from command line or environment variables |
| 29 | if [ $# = 1 ]; then | 28 | if [ $# = 1 ]; then |
| 30 | URL="$1/validate/check" | 29 | URL="$1/validate/check" |
| 31 | LOGIN=`echo "${STRIPPED_USER_NAME:-$USER_NAME}" | sed 's/^"\(.*\)"$/\1/'` | 30 | LOGIN=`echo "${STRIPPED_USER_NAME:-$USER_NAME}" | sed 's/^"\(.*\)"$/\1/'` |
| 32 | PASSWORD=`echo "$USER_PASSWORD" | sed 's/^"\(.*\)"$/\1/'` | 31 | PASSWORD=`echo "$USER_PASSWORD" | sed 's/^"\(.*\)"$/\1/'` |
| 33 | NAS=`echo "$NAS_IP_ADDRESS" | sed 's/^"\(.*\)"$/\1/'` | 32 | NAS=`echo "$NAS_IP_ADDRESS" | sed 's/^"\(.*\)"$/\1/'` |
| 34 | -# LOGIN="${User-Name}" | ||
| 35 | -# PASSWORD="${User-Password}" | ||
| 36 | -# NAS="${NAS-IP-Address}" | ||
| 37 | elif [ $# = 3 ]; then | 33 | elif [ $# = 3 ]; then |
| 38 | URL="$1/validate/check" | 34 | URL="$1/validate/check" |
| 39 | LOGIN="$2" | 35 | LOGIN="$2" |
| @@ -49,8 +45,10 @@ else | @@ -49,8 +45,10 @@ else | ||
| 49 | exit 2 | 45 | exit 2 |
| 50 | fi | 46 | fi |
| 51 | 47 | ||
| 48 | +# Obtain the result using curl | ||
| 52 | otpresult=`/usr/bin/curl -s "$URL" --data-urlencode "user=$LOGIN" --data-urlencode "pass=$PASSWORD" --data-urlencode "client=$NAS"` | 49 | otpresult=`/usr/bin/curl -s "$URL" --data-urlencode "user=$LOGIN" --data-urlencode "pass=$PASSWORD" --data-urlencode "client=$NAS"` |
| 53 | 50 | ||
| 51 | +# Extract the status of the request from the returned JSON | ||
| 54 | otpstatus=`echo $otpresult | sed 's/^{.*"result": { "status": true, "value": \(.*\) },.*}/\1/'` | 52 | otpstatus=`echo $otpresult | sed 's/^{.*"result": { "status": true, "value": \(.*\) },.*}/\1/'` |
| 55 | 53 | ||
| 56 | if [ "$otpstatus" = "true" ]; then | 54 | if [ "$otpstatus" = "true" ]; then |