From d393fbc256e22cc8019d18214e4d140d58f3302a Mon Sep 17 00:00:00 2001
From: Sergio Correia <scorreia@redhat.com>
Date: Wed, 13 May 2020 23:51:04 -0300
Subject: [PATCH 3/8] Improve error message when bind is given an invalid PIN

---
 src/luks/clevis-luks-bind.in          | 6 ++++++
 src/luks/clevis-luks-common-functions | 9 +++++++++
 2 files changed, 15 insertions(+)

diff --git a/src/luks/clevis-luks-bind.in b/src/luks/clevis-luks-bind.in
index a5d3c5f..89a5e22 100755
--- a/src/luks/clevis-luks-bind.in
+++ b/src/luks/clevis-luks-bind.in
@@ -19,6 +19,8 @@
 # along with this program.  If not, see <http://www.gnu.org/licenses/>.
 #
 
+. clevis-luks-common-functions
+
 SUMMARY="Binds a LUKS device using the specified policy"
 UUID=cb6e8904-81ff-40da-a84a-07ab9ab5715e
 
@@ -76,6 +78,10 @@ fi
 if ! PIN="${@:$((OPTIND++)):1}" || [ -z "$PIN" ]; then
     echo "Did not specify a pin!" >&2
     usage
+elif ! EXE=$(findexe clevis-encrypt-"${PIN}") \
+             || [ -z "${EXE}" ]; then
+    echo "'$PIN' is not a valid pin!" >&2
+    usage
 fi
 
 if ! CFG="${@:$((OPTIND++)):1}" || [ -z "$CFG" ]; then
diff --git a/src/luks/clevis-luks-common-functions b/src/luks/clevis-luks-common-functions
index d04fdb5..36f0bfd 100644
--- a/src/luks/clevis-luks-common-functions
+++ b/src/luks/clevis-luks-common-functions
@@ -108,6 +108,15 @@ clevis_luks_read_slot() {
     echo "${DATA_CODED}"
 }
 
+# findexe() finds an executable.
+findexe() {
+    while read -r -d: path; do
+        [ -f "${path}/${1}" ] && [ -x "${path}/${1}" ] && \
+          echo "${path}/${1}" && return 0
+    done <<< "${PATH}:"
+    return 1
+}
+
 # clevis_luks_used_slots() will return the list of used slots for a given LUKS
 # device.
 clevis_luks_used_slots() {
-- 
2.18.4