diff --git a/src/PVE/API2/TFA.pm b/src/PVE/API2/TFA.pm index 9545842..13ffc59 100644 --- a/src/PVE/API2/TFA.pm +++ b/src/PVE/API2/TFA.pm @@ -242,8 +242,6 @@ __PACKAGE__->register_method ({ code => sub { my ($param) = @_; - PVE::AccessControl::assert_new_tfa_config_available(); - my $rpcenv = PVE::RPCEnvironment::get(); my $authuser = $rpcenv->get_user(); my $userid = @@ -378,8 +376,6 @@ __PACKAGE__->register_method ({ code => sub { my ($param) = @_; - PVE::AccessControl::assert_new_tfa_config_available(); - my $rpcenv = PVE::RPCEnvironment::get(); my $authuser = $rpcenv->get_user(); my ($userid, $realm) = @@ -473,8 +469,6 @@ __PACKAGE__->register_method ({ code => sub { my ($param) = @_; - PVE::AccessControl::assert_new_tfa_config_available(); - my $rpcenv = PVE::RPCEnvironment::get(); my $authuser = $rpcenv->get_user(); my $userid = diff --git a/src/PVE/AccessControl.pm b/src/PVE/AccessControl.pm index 88355f7..24c6618 100644 --- a/src/PVE/AccessControl.pm +++ b/src/PVE/AccessControl.pm @@ -1706,8 +1706,6 @@ sub parse_priv_tfa_config { sub write_priv_tfa_config { my ($filename, $cfg) = @_; - assert_new_tfa_config_available(); - return $cfg->write(); } @@ -1903,39 +1901,9 @@ my $USER_CONTROLLED_TFA_TYPES = { oath => 1, }; -sub assert_new_tfa_config_available() { - PVE::Cluster::cfs_update(); - my $version_info = PVE::Cluster::get_node_kv('version-info'); - die "cannot update tfa config, please make sure all cluster nodes are up to date\n" - if !$version_info; - my $members = PVE::Cluster::get_members() or return; # get_members returns undef on no cluster - my $old = ''; - foreach my $node (keys $members->%*) { - my $info = $version_info->{$node}; - if (!$info) { - $old .= " cluster node '$node' is too old, did not broadcast its version info\n"; - next; - } - $info = from_json($info); - my $ver = $info->{version}; - if ($ver !~ /^(\d+\.\d+)(?:[.-](\d+))?/) { - $old .= " cluster node '$node' provided an invalid version string: '$ver'\n"; - next; - } - my ($maj, $rel) = ($1, $2); - if (!($maj > 7.0 || ($maj == 7.0 && $rel >= 15))) { - $old .= " cluster node '$node' is too old ($ver < 7.0-15)\n"; - next; - } - } - die "cannot update tfa config, following nodes are not up to date:\n$old" if length($old); -} - sub user_remove_tfa : prototype($) { my ($userid) = @_; - assert_new_tfa_config_available(); - my $tfa_cfg = cfs_read_file('priv/tfa.cfg'); $tfa_cfg->remove_user($userid); cfs_write_file('priv/tfa.cfg', $tfa_cfg); diff --git a/src/PVE/CLI/pveum.pm b/src/PVE/CLI/pveum.pm index 9e64709..d635162 100755 --- a/src/PVE/CLI/pveum.pm +++ b/src/PVE/CLI/pveum.pm @@ -135,8 +135,6 @@ __PACKAGE__->register_method({ my $userid = extract_param($param, "userid"); my $tfa_id = extract_param($param, "id"); - PVE::AccessControl::assert_new_tfa_config_available(); - PVE::AccessControl::lock_tfa_config(sub { my $tfa_cfg = cfs_read_file('priv/tfa.cfg'); if (defined($tfa_id)) { @@ -166,8 +164,6 @@ __PACKAGE__->register_method({ my $userid = extract_param($param, "userid"); - PVE::AccessControl::assert_new_tfa_config_available(); - my sub format_tfa_entries : prototype($;$) { my ($entries, $indent) = @_;