initial commit of working version
This commit is contained in:
67
privacyidea-checkotp
Executable file
67
privacyidea-checkotp
Executable file
@@ -0,0 +1,67 @@
|
|||||||
|
#!/bin/bash
|
||||||
|
|
||||||
|
# privacyidea-checkotp - shell implementation of the PrivacyIDEA OTP check for
|
||||||
|
# integration with FreeRadius on systems without perl
|
||||||
|
#
|
||||||
|
# Version 1.0, latest version available from:
|
||||||
|
# https://gitlab.lindenaar.net/scripts/privacyidea-checkotp
|
||||||
|
#
|
||||||
|
# Copyright (c) 2015 Frederik Lindenaar
|
||||||
|
#
|
||||||
|
# This script is free software: you can redistribute and/or modify it under the
|
||||||
|
# terms of the GNU General Public License as published by the Free Software
|
||||||
|
# Foundation, either version 3 of the License, or (at your option) any later version.
|
||||||
|
#
|
||||||
|
# This script is distributed in the hope that it will be useful, but WITHOUT ANY
|
||||||
|
# WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR
|
||||||
|
# A PARTICULAR PURPOSE. See the GNU General Public License for more details.
|
||||||
|
#
|
||||||
|
# You should have received a copy of the GNU General Public License along with
|
||||||
|
# this program. If not, see <http://www.gnu.org/licenses/>.
|
||||||
|
|
||||||
|
# If called for the Outbound-User Service type, exit immediately (not supported)
|
||||||
|
if [ "$SERVICE_TYPE" = "Outbound-User" ]; then
|
||||||
|
exit 8
|
||||||
|
fi
|
||||||
|
|
||||||
|
# Simple script to validate an OTP with PrivacyIDEA
|
||||||
|
|
||||||
|
if [ $# = 1 ]; then
|
||||||
|
URL="$1/validate/check"
|
||||||
|
LOGIN=`echo "${STRIPPED_USER_NAME:-$USER_NAME}" | sed 's/^"\(.*\)"$/\1/'`
|
||||||
|
PASSWORD=`echo "$USER_PASSWORD" | sed 's/^"\(.*\)"$/\1/'`
|
||||||
|
NAS=`echo "$NAS_IP_ADDRESS" | sed 's/^"\(.*\)"$/\1/'`
|
||||||
|
# LOGIN="${User-Name}"
|
||||||
|
# PASSWORD="${User-Password}"
|
||||||
|
# NAS="${NAS-IP-Address}"
|
||||||
|
elif [ $# = 3 ]; then
|
||||||
|
URL="$1/validate/check"
|
||||||
|
LOGIN="$2"
|
||||||
|
PASSWORD="$3"
|
||||||
|
NAS=
|
||||||
|
elif [ $# = 4 ]; then
|
||||||
|
URL="$1/validate/check"
|
||||||
|
LOGIN="$2"
|
||||||
|
PASSWORD="$3"
|
||||||
|
NAS="$4"
|
||||||
|
else
|
||||||
|
echo "Usage: `basename $0` <urlprefix> [login password [nasip]]"
|
||||||
|
exit 2
|
||||||
|
fi
|
||||||
|
|
||||||
|
otpresult=`/usr/bin/curl -s "$URL" --data-urlencode "user=$LOGIN" --data-urlencode "pass=$PASSWORD" --data-urlencode "client=$NAS"`
|
||||||
|
|
||||||
|
otpstatus=`echo $otpresult | sed 's/^{.*"result": { "status": true, "value": \(.*\) },.*}/\1/'`
|
||||||
|
|
||||||
|
if [ "$otpstatus" = "true" ]; then
|
||||||
|
# echo $LOGIN did authenticate $otpresult
|
||||||
|
echo Auth-Type=PrivacyIDEA
|
||||||
|
exit 0
|
||||||
|
elif [ "$otpstatus" = "false" ]; then
|
||||||
|
# echo $LOGIN did not authenticate $otpresult
|
||||||
|
echo Auth-Type=REJECT
|
||||||
|
exit 1
|
||||||
|
else
|
||||||
|
echo Error occurred while connecting to $URL, got result: "$otpresult"
|
||||||
|
exit 2
|
||||||
|
fi
|
||||||
Reference in New Issue
Block a user