creds-util: add a concept of "user-scoped" credentials

So far credentials are a concept for system services only: to encrypt or decrypt credential you must be privileged, as only then you can access the TPM and the host key. Let's break this up a bit: let's add a "user-scoped" credential, that are specific to users. Internally this works by adding another step to the acquisition of the symmetric encryption key for the credential: if a "user-scoped" credential is used we'll generate an symmetric encryption key K as usual, but then we'll use it to calculate K' = HMAC(K, flags || uid || machine-id || username) and then use the resulting K' as encryption key instead. This basically includes the (public) user's identity in the encryption key, ensuring that only if the right user credentials are specified the correct key can be acquired.
author: Lennart Poettering <lennart@poettering.net> 2024-01-15 17:36:44 +0100
committer: Lennart Poettering <lennart@poettering.net> 2024-01-30 17:07:47 +0100
commit: 48d67957d507c17009f804ec91bf459a674edab7 (patch)
tree: 04442e4438420deb1152e6f2b1261be8bd005bff /src/core/exec-credential.c
parent: Merge pull request #31121 from YHNdnzj/notify-man (diff)
download: systemd-48d67957d507c17009f804ec91bf459a674edab7.tar.xz
systemd-48d67957d507c17009f804ec91bf459a674edab7.zip
1 files changed, 4 insertions, 2 deletions
diff --git a/src/core/exec-credential.c b/src/core/exec-credential.c
index 41c0fce13b..80ebd96f97 100644
--- a/src/core/exec-credential.c
+++ b/src/core/exec-credential.c
@@ -281,8 +281,9 @@ static int maybe_decrypt_and_write_credential(
                                 now(CLOCK_REALTIME),
                                 /* tpm2_device= */ NULL,
                                 /* tpm2_signature_path= */ NULL,
+                                getuid(),
                                 &IOVEC_MAKE(data, size),
-                                /* flags= */ 0,
+                                CREDENTIAL_ANY_SCOPE,
                                 &plaintext);
                 if (r < 0)
                         return r;
@@ -707,8 +708,9 @@ static int acquire_credentials(
                                         now(CLOCK_REALTIME),
                                         /* tpm2_device= */ NULL,
                                         /* tpm2_signature_path= */ NULL,
+                                        getuid(),
                                         &IOVEC_MAKE(sc->data, sc->size),
-                                        /* flags= */ 0,
+                                        CREDENTIAL_ANY_SCOPE,
                                         &plaintext);
                         if (r < 0)
                                 return r;
author	Lennart Poettering <lennart@poettering.net>	2024-01-15 17:36:44 +0100
committer	Lennart Poettering <lennart@poettering.net>	2024-01-30 17:07:47 +0100
commit	48d67957d507c17009f804ec91bf459a674edab7 (patch)
tree	04442e4438420deb1152e6f2b1261be8bd005bff /src/core/exec-credential.c
parent	Merge pull request #31121 from YHNdnzj/notify-man (diff)
download	systemd-48d67957d507c17009f804ec91bf459a674edab7.tar.xz systemd-48d67957d507c17009f804ec91bf459a674edab7.zip