check if user is enabled after verifying a ticket

when a user is disabled, we do not touch any ACLs, and already issued
tickets are still valid (until their expiration time)

check directly after the verification of the ticket if the user
is still enabled, so that any api call fails for that user

Signed-off-by: Dominik Csapak <d.csapak@proxmox.com>
This commit is contained in:
Dominik Csapak 2020-03-12 15:09:21 +01:00 committed by Thomas Lamprecht
parent 3b82e4cf43
commit 86f64e0d8b

View File

@ -85,6 +85,7 @@ sub auth_handler {
die "No ticket\n" if !$ticket;
($username, $age, my $tfa_info) = PVE::AccessControl::verify_ticket($ticket);
$rpcenv->check_user_enabled($username);
if (defined($tfa_info)) {
if (defined(my $challenge = $tfa_info->{challenge})) {