From d393fbc256e22cc8019d18214e4d140d58f3302a Mon Sep 17 00:00:00 2001

From: Sergio Correia <scorreia@redhat.com>

Date: Wed, 13 May 2020 23:51:04 -0300

Subject: [PATCH 3/8] Improve error message when bind is given an invalid PIN

---

 src/luks/clevis-luks-bind.in          | 6 ++++++

 src/luks/clevis-luks-common-functions | 9 +++++++++

 2 files changed, 15 insertions(+)

diff --git a/src/luks/clevis-luks-bind.in b/src/luks/clevis-luks-bind.in

index a5d3c5f..89a5e22 100755

--- a/src/luks/clevis-luks-bind.in

+++ b/src/luks/clevis-luks-bind.in

@@ -19,6 +19,8 @@

 # along with this program.  If not, see <http://www.gnu.org/licenses/>.

 #

+. clevis-luks-common-functions

+

 SUMMARY="Binds a LUKS device using the specified policy"

 UUID=cb6e8904-81ff-40da-a84a-07ab9ab5715e

@@ -76,6 +78,10 @@ fi

 if ! PIN="${@:$((OPTIND++)):1}" || [ -z "$PIN" ]; then

     echo "Did not specify a pin!" >&2

     usage

+elif ! EXE=$(findexe clevis-encrypt-"${PIN}") \

+             || [ -z "${EXE}" ]; then

+    echo "'$PIN' is not a valid pin!" >&2

+    usage

 fi

 if ! CFG="${@:$((OPTIND++)):1}" || [ -z "$CFG" ]; then

diff --git a/src/luks/clevis-luks-common-functions b/src/luks/clevis-luks-common-functions

index d04fdb5..36f0bfd 100644

--- a/src/luks/clevis-luks-common-functions

+++ b/src/luks/clevis-luks-common-functions

@@ -108,6 +108,15 @@ clevis_luks_read_slot() {

     echo "${DATA_CODED}"

 }

+# findexe() finds an executable.

+findexe() {

+    while read -r -d: path; do

+        [ -f "${path}/${1}" ] && [ -x "${path}/${1}" ] && \

+          echo "${path}/${1}" && return 0

+    done <<< "${PATH}:"

+    return 1

+}

+

 # clevis_luks_used_slots() will return the list of used slots for a given LUKS

 # device.

 clevis_luks_used_slots() {

-- 

2.18.4