fix #3768: warn on bad u2f or webauthn settings

but don't bail out of the entire auth process, otherwise
not even totp or recovery keys will work anymore in this
case

Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>

diff --git a/src/PVE/AccessControl.pm b/src/PVE/AccessControl.pm
index 51a96a38d9e31ddf76371f18d3d72e55658e6adb..13065764ec20a8edcc4678f5feede3ecd7daebf8 100644 (file)
--- a/src/PVE/AccessControl.pm
+++ b/src/PVE/AccessControl.pm
@@ -895,17 +895,23 @@ sub configure_u2f_and_wa : prototype($) {
 
     my $dc = cfs_read_file('datacenter.cfg');
     if (my $u2f = $dc->{u2f}) {
 
     my $dc = cfs_read_file('datacenter.cfg');
     if (my $u2f = $dc->{u2f}) {

-       $tfa_cfg->set_u2f_config({
-           origin => $u2f->{origin} // $get_origin->(),
-           appid => $u2f->{appid},
-       });
+       eval {
+           $tfa_cfg->set_u2f_config({
+               origin => $u2f->{origin} // $get_origin->(),
+               appid => $u2f->{appid},
+           });
+       };
+       warn "u2f unavailable, configuration error: $@\n" if $@;

     }
     if (my $wa = $dc->{webauthn}) {
     }
     if (my $wa = $dc->{webauthn}) {

-       $tfa_cfg->set_webauthn_config({
-           origin => $wa->{origin} // $get_origin->(),
-           rp => $wa->{rp},
-           id => $wa->{id},
-       });
+       eval {
+           $tfa_cfg->set_webauthn_config({
+               origin => $wa->{origin} // $get_origin->(),
+               rp => $wa->{rp},
+               id => $wa->{id},
+           });
+       };
+       warn "webauthn unavailable, configuration error: $@\n" if $@;

     }
 }
 
     }
 }