Fix --test-passphrase when device in reencryption.

Commit 0113ac2d broke test passphrase mode when device was in LUKS2 reencryption. Previously --test-passphrase parameter automatically raised CRYPT_ACTIVATE_ALLOW_UNBOUND_KEY flag. It did not make sense when users mostly want to test whether device can be activated by provided passphrase or not. Raise the aforementioned flag only if user requested it either by --unbound parameter or when specific keyslot was selected. Reported in: https://bugzilla.redhat.com/show_bug.cgi?id=2056439 Fixes: #716.
2025-12-15 04:40:05 +01:00 · 2022-02-23 12:18:35 +01:00
parent 6b774e617b
commit 0a9f14c658
5 changed files with 18 additions and 8 deletions
--- a/src/cryptsetup_args.h
+++ b/src/cryptsetup_args.h
@@ -88,7 +88,7 @@
 #define OPT_TCRYPT_SYSTEM_ACTIONS		{ OPEN_ACTION, TCRYPTDUMP_ACTION }
 #define OPT_TEST_PASSPHRASE_ACTIONS		{ OPEN_ACTION }
 #define OPT_TOKEN_REPLACE_ACTIONS		{ TOKEN_ACTION }
-#define OPT_UNBOUND_ACTIONS			{ ADDKEY_ACTION, LUKSDUMP_ACTION }
+#define OPT_UNBOUND_ACTIONS			{ ADDKEY_ACTION, LUKSDUMP_ACTION, OPEN_ACTION }
 #define OPT_USE_RANDOM_ACTIONS			{ FORMAT_ACTION, REENCRYPT_ACTION }
 #define OPT_USE_URANDOM_ACTIONS			{ FORMAT_ACTION, REENCRYPT_ACTION }
 #define OPT_UUID_ACTIONS			{ FORMAT_ACTION, UUID_ACTION, REENCRYPT_ACTION }