From 05f665ecdae3a0cc899e1c90aa21c20475485b94 Mon Sep 17 00:00:00 2001
From: Ondrej Kozina <okozina@redhat.com>
Date: Thu, 22 Feb 2018 18:03:32 +0100
Subject: [PATCH] Return error on conflicting keyring requests.

Add missing check in crypt_activate_by_token. An oversight
from previous patch.
---
 lib/setup.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/lib/setup.c b/lib/setup.c
index 7b1473dd..95c314bc 100644
--- a/lib/setup.c
+++ b/lib/setup.c
@@ -4042,6 +4042,9 @@ int crypt_activate_by_token(struct crypt_device *cd,
 	if ((r = _onlyLUKS2(cd, CRYPT_CD_QUIET | CRYPT_CD_UNRESTRICTED)))
 		return r;
 
+	if ((flags & CRYPT_ACTIVATE_KEYRING_KEY) && !crypt_use_keyring_for_vk(cd))
+		return -EINVAL;
+
 	if (token == CRYPT_ANY_TOKEN)
 		return LUKS2_token_open_and_activate_any(cd, &cd->u.luks2.hdr, name, flags);