[pve-devel] [PATCH apiclient] check for tfa during cluster join, abort if yes

Oguz Bektas o.bektas at proxmox.com
Thu Jun 27 18:00:48 CEST 2019


momentarily, we check for tfa in the cluster join and abort if it's
enabled, since the tfa ticket is not being handled correctly atm, which
caused a '401 No ticket' error[0][1].

todo is to ask with a prompt on gui and cli to enable totp and possible
u2f in the future

[0]: https://forum.proxmox.com/threads/failed-to-add-cluster-node-401-no-ticket.54882/
[1]: https://bugzilla.proxmox.com/show_bug.cgi?id=2227

Signed-off-by: Oguz Bektas <o.bektas at proxmox.com>
---
 PVE/APIClient/LWP.pm | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/PVE/APIClient/LWP.pm b/PVE/APIClient/LWP.pm
index 31df3c5..492f64d 100755
--- a/PVE/APIClient/LWP.pm
+++ b/PVE/APIClient/LWP.pm
@@ -129,6 +129,11 @@ sub login {
 
     my $data = $extract_data->($res);
 
+    # TODO: make it possible to use tfa
+    if ($data->{ticket} =~ m/^PVE:tfa!/) {
+	die "TFA in API is not yet implemented! Try disabling TFA for the user.\n";
+    }
+
     $self->update_ticket($data->{ticket});
     $self->update_csrftoken($data->{CSRFPreventionToken});
 
-- 
2.11.0





More information about the pve-devel mailing list