homectl: add acquired fido2 PIN to user record

If we successfully acquired the PIN for the fido2 key, let's add it to
our user record, so that we can pass it to homed, which will need it
too.

diff --git a/src/home/homectl-fido2.c b/src/home/homectl-fido2.c
index c78645fa3b928972a51513e011aa697db922ee6d..b7b2c1a3b5b3df7b1116564329f14994659fca71 100644 (file)
--- a/src/home/homectl-fido2.c
+++ b/src/home/homectl-fido2.c
@@ -9,6 +9,7 @@
 #include "format-table.h"
 #include "hexdecoct.h"
 #include "homectl-fido2.h"
+#include "homectl-pkcs11.h"
 #include "libcrypt-util.h"
 #include "locale-util.h"
 #include "memory-util.h"
@@ -399,6 +400,13 @@ int identity_add_fido2_parameters(
         if (r < 0)
                 return r;
 
+        /* If we acquired the PIN also include it in the secret section of the record, so that systemd-homed
+         * can use it if it needs to, given that it likely needs to decrypt the key again to pass to LUKS or
+         * fscrypt. */
+        r = identity_add_token_pin(v, used_pin);
+        if (r < 0)
+                return r;
+
         return 0;
 #else
         return log_error_errno(EOPNOTSUPP, "FIDO2 tokens not supported on this build.");