[pve-devel] [PATCH access-control] fix user deletion when realm does not enforce TFA
Dominik Csapak
d.csapak at proxmox.com
Tue Oct 19 13:52:42 CEST 2021
here the existance of the user is only interesting if we want to set
data, not if we delete it.
Signed-off-by: Dominik Csapak <d.csapak at proxmox.com>
---
src/PVE/AccessControl.pm | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/PVE/AccessControl.pm b/src/PVE/AccessControl.pm
index fcb16bd..347c2a8 100644
--- a/src/PVE/AccessControl.pm
+++ b/src/PVE/AccessControl.pm
@@ -1628,7 +1628,7 @@ sub user_set_tfa {
die "realm '$realm' does not allow removing the 2nd factor\n" if defined($user);
}
} else {
- die "user '$userid' not found\n" if !defined($user);
+ die "user '$userid' not found\n" if !defined($user) && defined($data);
# Without a realm-enforced TFA setting the user can add a u2f or totp entry by themselves.
# The 'yubico' type requires yubico server settings, which have to be configured on the
# realm, so this is not supported here:
--
2.30.2
More information about the pve-devel
mailing list