From: Wolfgang Bumiller <w.bumiller@proxmox.com>
Date: Mon, 6 Dec 2021 08:38:01 +0000 (+0100)
Subject: fix #3768: warn on bad u2f or webauthn settings
X-Git-Url: https://git.proxmox.com/?p=pve-access-control.git;a=commitdiff_plain;h=280d0edd2cfc3916bc8c74fc2f2e7b9a6ffc6337

fix #3768: warn on bad u2f or webauthn settings

but don't bail out of the entire auth process, otherwise
not even totp or recovery keys will work anymore in this
case

Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
---

diff --git a/src/PVE/AccessControl.pm b/src/PVE/AccessControl.pm
index 51a96a3..1306576 100644
--- a/src/PVE/AccessControl.pm
+++ b/src/PVE/AccessControl.pm
@@ -895,17 +895,23 @@ sub configure_u2f_and_wa : prototype($) {
 
     my $dc = cfs_read_file('datacenter.cfg');
     if (my $u2f = $dc->{u2f}) {
-	$tfa_cfg->set_u2f_config({
-	    origin => $u2f->{origin} // $get_origin->(),
-	    appid => $u2f->{appid},
-	});
+	eval {
+	    $tfa_cfg->set_u2f_config({
+		origin => $u2f->{origin} // $get_origin->(),
+		appid => $u2f->{appid},
+	    });
+	};
+	warn "u2f unavailable, configuration error: $@\n" if $@;
     }
     if (my $wa = $dc->{webauthn}) {
-	$tfa_cfg->set_webauthn_config({
-	    origin => $wa->{origin} // $get_origin->(),
-	    rp => $wa->{rp},
-	    id => $wa->{id},
-	});
+	eval {
+	    $tfa_cfg->set_webauthn_config({
+		origin => $wa->{origin} // $get_origin->(),
+		rp => $wa->{rp},
+		id => $wa->{id},
+	    });
+	};
+	warn "webauthn unavailable, configuration error: $@\n" if $@;
     }
 }