From: Lennart Poettering <lennart@poettering.net>
Date: Fri, 8 Oct 2021 19:55:04 +0000 (+0200)
Subject: libfido2-util: add helper that checks whether a FIDO2 device is plugged in
X-Git-Tag: v250-rc1~535^2~5
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=4f0cfa77414c2377fbf747b6acfe2f98a3f34d2d;p=thirdparty%2Fsystemd.git

libfido2-util: add helper that checks whether a FIDO2 device is plugged in
---

diff --git a/src/shared/libfido2-util.c b/src/shared/libfido2-util.c
index a3356c139a5..87b88f04d65 100644
--- a/src/shared/libfido2-util.c
+++ b/src/shared/libfido2-util.c
@@ -12,6 +12,7 @@
 #include "memory-util.h"
 #include "random-util.h"
 #include "strv.h"
+#include "unistd.h"
 
 static void *libfido2_dl = NULL;
 
@@ -1077,3 +1078,52 @@ finish:
                                "FIDO2 tokens not supported on this build.");
 #endif
 }
+
+int fido2_have_device(const char *device) {
+#if HAVE_LIBFIDO2
+        size_t allocated = 64, found = 0;
+        fido_dev_info_t *di = NULL;
+        int r;
+
+        /* Return == 0 if not devices are found, > 0 if at least one is found */
+
+        r = dlopen_libfido2();
+        if (r < 0)
+                return log_error_errno(r, "FIDO2 support is not installed.");
+
+        if (device) {
+                if (access(device, F_OK) < 0) {
+                        if (errno == ENOENT)
+                                return 0;
+
+                        return log_error_errno(errno, "Failed to determine whether device '%s' exists: %m", device);
+                }
+
+                return 1;
+        }
+
+        di = sym_fido_dev_info_new(allocated);
+        if (!di)
+                return log_oom();
+
+        r = sym_fido_dev_info_manifest(di, allocated, &found);
+        if (r == FIDO_ERR_INTERNAL) {
+                /* The library returns FIDO_ERR_INTERNAL when no devices are found. I wish it wouldn't. */
+                r = 0;
+                goto finish;
+        }
+        if (r != FIDO_OK) {
+                r = log_error_errno(SYNTHETIC_ERRNO(EIO), "Failed to enumerate FIDO2 devices: %s", sym_fido_strerr(r));
+                goto finish;
+        }
+
+        r = found;
+
+finish:
+        sym_fido_dev_info_free(&di, allocated);
+        return r;
+#else
+        return log_error_errno(SYNTHETIC_ERRNO(EOPNOTSUPP),
+                               "FIDO2 tokens not supported on this build.");
+#endif
+}
diff --git a/src/shared/libfido2-util.h b/src/shared/libfido2-util.h
index 4ebf8ab7750..c9cd505f34a 100644
--- a/src/shared/libfido2-util.h
+++ b/src/shared/libfido2-util.h
@@ -119,3 +119,5 @@ int fido2_generate_hmac_hash(
 
 int fido2_list_devices(void);
 int fido2_find_device_auto(char **ret);
+
+int fido2_have_device(const char *device);