From 2af3966af33b961f7bb8239287037dce7f41af5a Mon Sep 17 00:00:00 2001 From: Lennart Poettering Date: Wed, 15 Apr 2020 21:56:31 +0200 Subject: [PATCH] homectl: add acquired fido2 PIN to user record If we successfully acquired the PIN for the fido2 key, let's add it to our user record, so that we can pass it to homed, which will need it too. --- src/home/homectl-fido2.c | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/src/home/homectl-fido2.c b/src/home/homectl-fido2.c index c78645fa3b..b7b2c1a3b5 100644 --- a/src/home/homectl-fido2.c +++ b/src/home/homectl-fido2.c @@ -9,6 +9,7 @@ #include "format-table.h" #include "hexdecoct.h" #include "homectl-fido2.h" +#include "homectl-pkcs11.h" #include "libcrypt-util.h" #include "locale-util.h" #include "memory-util.h" @@ -399,6 +400,13 @@ int identity_add_fido2_parameters( if (r < 0) return r; + /* If we acquired the PIN also include it in the secret section of the record, so that systemd-homed + * can use it if it needs to, given that it likely needs to decrypt the key again to pass to LUKS or + * fscrypt. */ + r = identity_add_token_pin(v, used_pin); + if (r < 0) + return r; + return 0; #else return log_error_errno(EOPNOTSUPP, "FIDO2 tokens not supported on this build."); -- 2.25.1