storage: Remove slot and not passphrase

Current implementation was removing passphrase that was provided for
'Confirm removal with passphrase'. It should remove slot and take
confirmation with different passphrase.

Fixes cockpit-project#15773

pkg/storaged/crypto-keyslots.jsx

@@ -128,7 +128,7 @@ export function clevis_recover_passphrase(block) {
             .then(output => output.trim());
 }
 
-/* Passphrase operations
+/* Passphrase and slot operations
  */
 
 function passphrase_add(block, new_passphrase, old_passphrase) {
@@ -143,19 +143,20 @@ function passphrase_change(block, key, new_passphrase, old_passphrase) {
                          { superuser: true, err: "message" }).input(old_passphrase + "\n" + new_passphrase + "\n");
 }
 
-function passphrase_remove(block, passphrase) {
-    var dev = decode_filename(block.Device);
-    return cockpit.spawn(["cryptsetup", "luksRemoveKey", dev],
-                         { superuser: true, err: "message" }).input(passphrase);
-}
+function slot_remove(block, slot, passphrase) {
+    const dev = decode_filename(block.Device);
+    const opts = { superuser: true, err: "message" };
+    const cmd = ["cryptsetup", "luksKillSlot", dev, slot.toString()];
+    if (passphrase === false) {
+        cmd.splice(2, 0, "-q");
+        opts.pty = true;
+    }
 
-/* Generic slot operations
- */
+    const spawn = cockpit.spawn(cmd, opts);
+    if (passphrase !== false)
+        spawn.input(passphrase + "\n");
 
-function slot_remove(block, slot) {
-    var dev = decode_filename(block.Device);
-    return cockpit.spawn(["cryptsetup", "luksKillSlot", "-q", dev, slot.toString()],
-                         { superuser: true, err: "message", pty: true });
+    return spawn;
 }
 
 /* Dialogs
@@ -394,10 +395,7 @@ function remove_passphrase_dialog(block, key) {
             DangerButton: true,
             Title: _("Remove"),
             action: function (vals) {
-                if (vals.passphrase === false)
-                    return slot_remove(block, key.slot);
-                else
-                    return passphrase_remove(block, vals.passphrase);
+                return slot_remove(block, key.slot, vals.passphrase);
             }
         }
     });

test/verify/check-storage-luks

@@ -274,11 +274,16 @@ class TestStorageLuks(StorageCase):
         self.content_head_action(1, "Unlock")
         self.dialog({"passphrase": "vainu-reku-toma-rolle-kaja-1"})
         self.content_row_wait_in_col(2, 1, "ext4 file system")
-        # delete second key slot by providing passphrase
+        # delete second key slot
         b.click(panel + "li:nth-child(2) button[aria-label=Remove]")
         self.dialog_wait_open()
+        # do not accept the same passphrase
         b.set_input_text(self.dialog_field("passphrase") + " input[type=password]", "vainu-reku-toma-rolle-kaja-1")
         self.dialog_apply()
+        b.wait_in_text(".pf-c-alert__title", "No key available with this passphrase.")
+        # delete with passphrase from slot 0
+        b.set_input_text(self.dialog_field("passphrase") + " input[type=password]", "vainu-reku-toma-rolle-kaja")
+        self.dialog_apply()
         self.dialog_wait_close()
         # check that it is not possible to unlock with deleted passphrase
         self.content_dropdown_action(1, "Lock")
@@ -314,7 +319,7 @@ class TestStorageLuks(StorageCase):
         slots_list = tab + " .pf-c-card ul "
         b.wait_visible(slots_list + "li:last-child button[aria-label=Remove]")
         b.click(slots_list + "li:last-child button[aria-label=Remove]")
-        b.set_input_text(self.dialog_field("passphrase") + " input[type=password]", "vainu-reku-toma-rolle-kaja-7")
+        b.set_input_text(self.dialog_field("passphrase") + " input[type=password]", "vainu-reku-toma-rolle-kaja-6")
         self.dialog_apply()
         self.dialog_wait_close()
         # check if buttons have become enabled after removing last slot