From 9d59f5b2f97760637ed32f778eeacf9869dc553e Mon Sep 17 00:00:00 2001
From: =?utf8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
Date: Mon, 10 May 2021 15:04:10 +0200
Subject: [PATCH] cryptsetup: fix flags check

FLAGS_SET() checks if *all* the bits are set. In this case we want to check
if *any* are. FLAGS_SET() was added in cde2f8605e0c3842f9a87785dd758f955f2d04ba,
but not a bug then yet, because with just one bit, both options are equivalent.
But when more bits were added later, this stopped being correct.
---
 src/cryptsetup/cryptsetup.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/cryptsetup/cryptsetup.c b/src/cryptsetup/cryptsetup.c
index 5ae2aaa0603..ca6bdecb863 100644
--- a/src/cryptsetup/cryptsetup.c
+++ b/src/cryptsetup/cryptsetup.c
@@ -772,7 +772,7 @@ static int attach_luks_or_plain_or_bitlk_by_fido2(
                 if (r < 0)
                         return r;
 
-                if (FLAGS_SET(required, FIDO2ENROLL_PIN | FIDO2ENROLL_UP | FIDO2ENROLL_UV) && arg_headless)
+                if ((required & (FIDO2ENROLL_PIN | FIDO2ENROLL_UP | FIDO2ENROLL_UV)) && arg_headless)
                         return log_error_errno(SYNTHETIC_ERRNO(ENOPKG),
                                                "Local verification is required to unlock this volume, but the 'headless' parameter was set.");
 
-- 
2.47.3