proxmox-mirrors/pve-access-control
1
0
Fork 0
mirror of https://git.proxmox.com/git/pve-access-control synced 2025-10-04 11:32:00 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

fill origin into webauthn config if not provided

Browse Source 
in order to allow subdomains to work, the wa config should
only specify 'id' and 'rp', the 'origin' gets filled in by
the node

Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
This commit is contained in:
Wolfgang Bumiller 2021-11-22 13:52:57 +01:00
parent 44a55ff792
commit d12f247edc
1 changed files with 17 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

29
src/PVE/AccessControl.pm
View File

@ -882,25 +882,30 @@ sub authenticate_yubico_do : prototype($$$) {
sub configure_u2f_and_wa : prototype($) {
my ($tfa_cfg) = @_;
my $rpc_origin;
my $get_origin = sub {
return $rpc_origin if defined($rpc_origin);
my $rpcenv = PVE::RPCEnvironment::get();
if (my $origin = $rpcenv->get_request_host(1)) {
$rpc_origin = "https://$origin";
return $rpc_origin;
}
die "failed to figure out origin\n";
};
my $dc = cfs_read_file('datacenter.cfg');
if (my $u2f = $dc->{u2f}) {
my $origin = $u2f->{origin};
if (!defined($origin)) {
my $rpcenv = PVE::RPCEnvironment::get();
$origin = $rpcenv->get_request_host(1);
if ($origin) {
$origin = "https://$origin";
} else {
die "failed to figure out u2f origin\n";
}
}
$tfa_cfg->set_u2f_config({
origin => $origin,
origin => $u2f->{origin} // $get_origin->(),
appid => $u2f->{appid},
});
}
if (my $wa = $dc->{webauthn}) {
$tfa_cfg->set_webauthn_config($wa);
$tfa_cfg->set_webauthn_config({
origin => $wa->{origin} // $get_origin->(),
rp => $wa->{rp},
id => $wa->{id},
});
}
}