Skip to content

Commit

Permalink
fix access-reject on fortigate when two_fa is enabled Fixes #5
Browse files Browse the repository at this point in the history
  • Loading branch information
@abbas-gheydi
abbas-gheydi committed Feb 2, 2024
1 parent bc1eb12 commit bc7da7f
Show file tree
Hide file tree
Showing 3 changed files with 21 additions and 3 deletions.
20 changes: 19 additions & 1 deletion cmd/client/main.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -56,12 +56,30 @@ func main() {
rfc2865.UserName_SetString(packet, username)
rfc2865.UserPassword_SetString(packet, password)
response, err := radius.Exchange(context.Background(), packet, server)
wg.Done()
if err != nil {
log.Fatal(err)
}

log.Println("Code:", response.Code)
if response.Code == radius.CodeAccessChallenge {
state := rfc2865.State_GetString(response)
var otpCode string
if _, err := fmt.Scanln(&otpCode); err != nil {
log.Println(err)
}

rfc2865.UserPassword_SetString(packet, otpCode)
rfc2865.State_SetString(packet, state)
challengeResponse, err := radius.Exchange(context.Background(), packet, server)
if err != nil {
log.Fatal(err)
}
log.Print("Code:", challengeResponse.Code)

}

wg.Done()

}()
}
wg.Wait()
Expand Down
2 changes: 1 addition & 1 deletion deploy/docker-compose.yml
View file
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
version: "2"
services:
radotp:
image: ghcr.io/abbas-gheydi/radotp:main
image: ghcr.io/abbas-gheydi/radotp:v2.0.1
restart: always
ports:
- "80:8080"
Expand Down
2 changes: 1 addition & 1 deletion pkgs/rad/Start.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -33,7 +33,7 @@ func StartRadius() {
log.Println("password is empty for user: ", rfc2865.UserName_GetString(r.Packet))
}

if mustCheckPassword() {
if mustCheckPassword() && rfc2865.State_GetString(r.Packet) == "" {
User_PassHandler(w, r)

} else {
Expand Down

0 comments on commit bc7da7f

Please sign in to comment.