#!/bin/sh#DEBUG#username=$1#password=$2gratesuksess=0CLIENT_ID=1log=/var

1. #!/bin/sh
2.  
3. #DEBUG
4. #username=$1
5. #password=$2
6. gratesuksess=0
7.  
8. CLIENT_ID=1
9. log=/var/log/yubikey.log
10. yubikeys=/etc/openvpn/yubikeys/yubikeys.conf
11.  
12. yubimatch=`cat $yubikeys | grep ${username}:`
13. yubimatchuser=`echo $yubimatch | awk -F":" '{ print $1 }'`
14.  
15.  
16. if [ "$username" = "$yubimatchuser" ]; then
17. yubimatchkey=`echo $yubimatch | awk -F":" '{ print $2 }'`
18. yubitrimmedkey=`echo $password | sed 's/\(.\{12\}\).*/\1/'`
19.  
20.  
21. if [ "$yubimatchkey" = "$yubitrimmedkey" ]; then
22. # echo DEBUG: $yubimatch - $yubimatchkey
23. /usr/bin/ykclient ${CLIENT_ID} "${password}"
24. status=$?
25. if [ "$status" = "$gratesuksess" ]; then
26. echo "`date` login success (yubikey match)/ yubikey: $yubitrimmedkey - username: ${username} - token: $password" >>$log
27. exit $status
28. else
29. echo "`date` login failure (yubikey: $status)/ yubikey: $yubitrimmedkey - username: ${username} - token: $password" >>$log
30. exit 1
31. fi
32. else
33. echo "`date` login failure (yubikey mismatch)/ yubikey: $yubitrimmedkey - username: ${username} - token: $password" >>$log
34. exit 1
35. fi
36. else
37. echo "`date` login failure (username not found)/ yubikey: $yubitrimmedkey - username: ${username} - token: $password" >>$log
38. exit 1
39. fi