From f364990b9b476f44843f73ea773a089764ee3596 Mon Sep 17 00:00:00 2001
From: Ondrej Kozina <okozina@redhat.com>
Date: Thu, 29 Jul 2021 15:11:15 +0200
Subject: [PATCH] Do not fallback to pasphrase based activation when device
 exists.

If token based device activation activation fails with -EEXIST
report proper error and do not fallback to passphrase based
activation in cli.
---
 lib/setup.c      | 4 ++++
 src/cryptsetup.c | 2 +-
 2 files changed, 5 insertions(+), 1 deletion(-)

diff --git a/lib/setup.c b/lib/setup.c
index 715e520c..d06a2faf 100644
--- a/lib/setup.c
+++ b/lib/setup.c
@@ -5690,6 +5690,10 @@ int crypt_activate_by_token_pin(struct crypt_device *cd, const char *name,
 	if ((flags & CRYPT_ACTIVATE_ALLOW_UNBOUND_KEY) && name)
 		return -EINVAL;
 
+	r = _activate_check_status(cd, name, flags & CRYPT_ACTIVATE_REFRESH);
+	if (r < 0)
+		return r;
+
 	return LUKS2_token_open_and_activate(cd, &cd->u.luks2.hdr, token, name, type, pin, pin_size, flags, usrptr);
 }
 
diff --git a/src/cryptsetup.c b/src/cryptsetup.c
index 3559c1f8..394984e2 100644
--- a/src/cryptsetup.c
+++ b/src/cryptsetup.c
@@ -1588,7 +1588,7 @@ static int action_open_luks(void)
 		if (ARG_SET(OPT_TOKEN_ONLY_ID) && r == -ENOANO)
 			r = _try_token_pin_unlock(cd, ARG_INT32(OPT_TOKEN_ID_ID), activated_name, ARG_STR(OPT_TOKEN_TYPE_ID), activate_flags, _set_tries_tty());
 
-		if (r >= 0 || ARG_SET(OPT_TOKEN_ONLY_ID))
+		if (r >= 0 || r == -EEXIST || ARG_SET(OPT_TOKEN_ONLY_ID))
 			goto out;
 
 		tries = _set_tries_tty();