[pve-devel] [PATCH access-control 1/3] authenticate_2nd_new: only lock tfa config for recovery keys
Wolfgang Bumiller
w.bumiller at proxmox.com
Fri Oct 21 10:03:04 CEST 2022
On Thu, Oct 20, 2022 at 03:14:10PM +0200, Dominik Csapak wrote:
>(...)
> +# Returns a tfa challenge or undef.
> +sub authenticate_2nd_new : prototype($$$$) {
> + my ($username, $realm, $otp, $tfa_challenge) = @_;
> +
> + my $result;
> +
> + if (defined($otp) && $otp =~ m/^recovery:$/) {
That regex should never trigger ;-)
(The '$' at the end is wrong)
> + $result = lock_tfa_config(sub {
> + authenticate_2nd_new_do($username, $realm, $otp, $tfa_challenge);
> + });
> + } else {
> + $result = authenticate_2nd_new_do($username, $realm, $otp, $tfa_challenge);
> + }
>
> # Yubico auth returns the authentication sub:
> if (ref($result) eq 'CODE') {
> --
> 2.30.2
More information about the pve-devel
mailing list