From: Lennart Poettering <lennart@poettering.net>
Date: Wed, 15 Apr 2020 19:56:31 +0000 (+0200)
Subject: homectl: add acquired fido2 PIN to user record
X-Git-Tag: v246-rc1~45^2~4
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=2af3966af33b961f7bb8239287037dce7f41af5a;p=thirdparty%2Fsystemd.git

homectl: add acquired fido2 PIN to user record

If we successfully acquired the PIN for the fido2 key, let's add it to
our user record, so that we can pass it to homed, which will need it
too.
---

diff --git a/src/home/homectl-fido2.c b/src/home/homectl-fido2.c
index c78645fa3b9..b7b2c1a3b5b 100644
--- a/src/home/homectl-fido2.c
+++ b/src/home/homectl-fido2.c
@@ -9,6 +9,7 @@
 #include "format-table.h"
 #include "hexdecoct.h"
 #include "homectl-fido2.h"
+#include "homectl-pkcs11.h"
 #include "libcrypt-util.h"
 #include "locale-util.h"
 #include "memory-util.h"
@@ -399,6 +400,13 @@ int identity_add_fido2_parameters(
         if (r < 0)
                 return r;
 
+        /* If we acquired the PIN also include it in the secret section of the record, so that systemd-homed
+         * can use it if it needs to, given that it likely needs to decrypt the key again to pass to LUKS or
+         * fscrypt. */
+        r = identity_add_token_pin(v, used_pin);
+        if (r < 0)
+                return r;
+
         return 0;
 #else
         return log_error_errno(EOPNOTSUPP, "FIDO2 tokens not supported on this build.");