From 46b70d7317ce9d5dc01d9686314bdab34295c62f Mon Sep 17 00:00:00 2001
From: Ondrej Kozina <okozina@redhat.com>
Date: Mon, 23 Aug 2021 14:42:46 +0200
Subject: [PATCH] Add error message when assigning token to inactive keyslot.

While adding or importing new token and assigning immediately to
keyslot it would be useful to provide specific error message
directly from cryptsetup utility when keyslot does not exist.
---
 src/cryptsetup.c | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/src/cryptsetup.c b/src/cryptsetup.c
index 394984e2..5b558e8e 100644
--- a/src/cryptsetup.c
+++ b/src/cryptsetup.c
@@ -2624,6 +2624,11 @@ static int _token_add(struct crypt_device *cd)
 		}
 	}
 
+	if (crypt_keyslot_status(cd, ARG_INT32(OPT_KEY_SLOT_ID)) == CRYPT_SLOT_INACTIVE) {
+		log_err(_("Keyslot %d is not active."), ARG_INT32(OPT_KEY_SLOT_ID));
+		return -EINVAL;
+	}
+
 	r = crypt_token_luks2_keyring_set(cd, ARG_INT32(OPT_TOKEN_ID_ID), &params);
 	if (r < 0) {
 		log_err(_("Failed to add luks2-keyring token %d."), ARG_INT32(OPT_TOKEN_ID_ID));
@@ -2676,6 +2681,11 @@ static int _token_import(struct crypt_device *cd)
 		}
 	}
 
+	if (crypt_keyslot_status(cd, ARG_INT32(OPT_KEY_SLOT_ID)) == CRYPT_SLOT_INACTIVE) {
+		log_err(_("Keyslot %d is not active."), ARG_INT32(OPT_KEY_SLOT_ID));
+		return -EINVAL;
+	}
+
 	r = tools_read_json_file(ARG_STR(OPT_JSON_FILE_ID), &json, &json_length, ARG_SET(OPT_BATCH_MODE_ID));
 	if (r)
 		return r;