diff options
author | Lennart Poettering <lennart@poettering.net> | 2021-05-28 18:18:54 +0200 |
---|---|---|
committer | Lennart Poettering <lennart@poettering.net> | 2021-06-01 13:31:53 +0200 |
commit | 17e7561a973495992014dd102135f15eb808ae01 (patch) | |
tree | 2ee7ecb59582619e814b9662171f75374521d7ea /src/shared/user-record.h | |
parent | 7dba77a67ed334d9336b89371b0601661609d277 (diff) | |
download | systemd-17e7561a973495992014dd102135f15eb808ae01.tar.gz |
homectl: store FIDO2 up/uv/clientPin fields in user records too
This catches up homed's FIDO2 support with cryptsetup's: we'll now store
the uv/up/clientPin configuration at enrollment in the user record JSON
data, and use it when authenticating with it.
This also adds explicit "uv" support: we'll only allow it to happen when
the client explicity said it's OK. This is then used by clients to print
a nice message suggesting "uv" has to take place before retrying
allowing it this time. This is modelled after the existing handling for
"up".
Diffstat (limited to 'src/shared/user-record.h')
-rw-r--r-- | src/shared/user-record.h | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/src/shared/user-record.h b/src/shared/user-record.h index 66dceecfdd..fa58dfdb6e 100644 --- a/src/shared/user-record.h +++ b/src/shared/user-record.h @@ -236,6 +236,9 @@ typedef struct Fido2HmacSalt { /* What to test the hashed salt value against, usually UNIX password hash here. */ char *hashed_password; + + /* Whether the 'up', 'uv', 'clientPin' features are enabled. */ + int uv, up, client_pin; } Fido2HmacSalt; typedef struct RecoveryKey { @@ -371,6 +374,7 @@ typedef struct UserRecord { Fido2HmacSalt *fido2_hmac_salt; size_t n_fido2_hmac_salt; int fido2_user_presence_permitted; + int fido2_user_verification_permitted; char **recovery_key_type; RecoveryKey *recovery_key; |