Proxmox/pve-access-control
5
0
Fork 0
mirror of git://git.proxmox.com/git/pve-access-control.git synced 2025-01-06 13:17:54 +03:00
Code Releases Activity

fix #3768: warn on bad u2f or webauthn settings

Browse Source 
but don't bail out of the entire auth process, otherwise
not even totp or recovery keys will work anymore in this
case

Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
This commit is contained in:
Wolfgang Bumiller 2021-12-06 09:38:01 +01:00 committed by Thomas Lamprecht
parent 7262f24391
commit 280d0edd2c
1 changed files with 15 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

24
src/PVE/AccessControl.pm
View File

@ -895,17 +895,23 @@ sub configure_u2f_and_wa : prototype($) {
my $dc = cfs_read_file('datacenter.cfg'); my $dc = cfs_read_file('datacenter.cfg');
if (my $u2f = $dc->{u2f}) { if (my $u2f = $dc->{u2f}) {
$tfa_cfg->set_u2f_config({ eval {
origin => $u2f->{origin} // $get_origin->(), $tfa_cfg->set_u2f_config({
appid => $u2f->{appid}, origin => $u2f->{origin} // $get_origin->(),
}); appid => $u2f->{appid},
});
};
warn "u2f unavailable, configuration error: $@\n" if $@;
} }
if (my $wa = $dc->{webauthn}) { if (my $wa = $dc->{webauthn}) {
$tfa_cfg->set_webauthn_config({ eval {
origin => $wa->{origin} // $get_origin->(), $tfa_cfg->set_webauthn_config({
rp => $wa->{rp}, origin => $wa->{origin} // $get_origin->(),
id => $wa->{id}, rp => $wa->{rp},
}); id => $wa->{id},
});
};
warn "webauthn unavailable, configuration error: $@\n" if $@;
} }
} }