Fix --test-passphrase when device in reencryption.

Commit 0113ac2d broke test passphrase mode when device was in LUKS2 reencryption. Previously --test-passphrase parameter automatically raised CRYPT_ACTIVATE_ALLOW_UNBOUND_KEY flag. It did not make sense when users mostly want to test whether device can be activated by provided passphrase or not. Raise the aforementioned flag only if user requested it either by --unbound parameter or when specific keyslot was selected. Reported in: https://bugzilla.redhat.com/show_bug.cgi?id=2056439 Fixes: #716.
2025-12-18 14:20:09 +01:00 · 2022-02-23 12:18:35 +01:00
parent 6b774e617b
commit 0a9f14c658
5 changed files with 18 additions and 8 deletions
--- a/src/cryptsetup.c
+++ b/src/cryptsetup.c
@@ -2745,6 +2745,12 @@ static const char * verify_open(void)
 	if (ARG_SET(OPT_DEVICE_SIZE_ID) && ARG_SET(OPT_SIZE_ID))
 		return _("Options --device-size and --size cannot be combined.");

+	if (ARG_SET(OPT_UNBOUND_ID) && device_type && strncmp(device_type, "luks", 4))
+		return _("Option --unbound is allowed only for open of luks device.");
+
+	if (ARG_SET(OPT_UNBOUND_ID) && !ARG_SET(OPT_TEST_PASSPHRASE_ID))
+		return _("Option --unbound cannot be used without --test-passphrase.");
+
 	/* "open --type tcrypt" and "tcryptDump" checks are identical */
 	return verify_tcryptdump();
 }