homectl: add acquired fido2 PIN to user record

If we successfully acquired the PIN for the fido2 key, let's add it to our user record, so that we can pass it to homed, which will need it too.
2025-01-11 05:17:44 +03:00 · 2020-04-15 21:56:31 +02:00 · 2020-04-15 21:56:31 +02:00 · 2af3966af3
commit 2af3966af3
parent 93295a2501
1 changed files with 8 additions and 0 deletions
--- a/src/home/homectl-fido2.c
+++ b/src/home/homectl-fido2.c
@ -9,6 +9,7 @@
 #include "format-table.h"
 #include "hexdecoct.h"
 #include "homectl-fido2.h"
+#include "homectl-pkcs11.h"
 #include "libcrypt-util.h"
 #include "locale-util.h"
 #include "memory-util.h"
@ -399,6 +400,13 @@ int identity_add_fido2_parameters(
        if (r < 0)
                return r;

+        /* If we acquired the PIN also include it in the secret section of the record, so that systemd-homed
+         * can use it if it needs to, given that it likely needs to decrypt the key again to pass to LUKS or
+         * fscrypt. */
+        r = identity_add_token_pin(v, used_pin);
+        if (r < 0)
+                return r;
+
        return 0;
 #else
        return log_error_errno(EOPNOTSUPP, "FIDO2 tokens not supported on this build.");