From d393fbc256e22cc8019d18214e4d140d58f3302a Mon Sep 17 00:00:00 2001
From: Sergio Correia <scorreia@redhat.com>
Date: Wed, 13 May 2020 23:51:04 -0300
Subject: [PATCH 3/8] Improve error message when bind is given an invalid PIN
---
src/luks/clevis-luks-bind.in | 6 ++++++
src/luks/clevis-luks-common-functions | 9 +++++++++
2 files changed, 15 insertions(+)
diff --git a/src/luks/clevis-luks-bind.in b/src/luks/clevis-luks-bind.in
index a5d3c5f..89a5e22 100755
--- a/src/luks/clevis-luks-bind.in
+++ b/src/luks/clevis-luks-bind.in
@@ -19,6 +19,8 @@
# along with this program. If not, see <http://www.gnu.org/licenses/>.
#
+. clevis-luks-common-functions
+
SUMMARY="Binds a LUKS device using the specified policy"
UUID=cb6e8904-81ff-40da-a84a-07ab9ab5715e
@@ -76,6 +78,10 @@ fi
if ! PIN="${@:$((OPTIND++)):1}" || [ -z "$PIN" ]; then
echo "Did not specify a pin!" >&2
usage
+elif ! EXE=$(findexe clevis-encrypt-"${PIN}") \
+ || [ -z "${EXE}" ]; then
+ echo "'$PIN' is not a valid pin!" >&2
+ usage
fi
if ! CFG="${@:$((OPTIND++)):1}" || [ -z "$CFG" ]; then
diff --git a/src/luks/clevis-luks-common-functions b/src/luks/clevis-luks-common-functions
index d04fdb5..36f0bfd 100644
--- a/src/luks/clevis-luks-common-functions
+++ b/src/luks/clevis-luks-common-functions
@@ -108,6 +108,15 @@ clevis_luks_read_slot() {
echo "${DATA_CODED}"
}
+# findexe() finds an executable.
+findexe() {
+ while read -r -d: path; do
+ [ -f "${path}/${1}" ] && [ -x "${path}/${1}" ] && \
+ echo "${path}/${1}" && return 0
+ done <<< "${PATH}:"
+ return 1
+}
+
# clevis_luks_used_slots() will return the list of used slots for a given LUKS
# device.
clevis_luks_used_slots() {
--
2.18.4