From 64785dbd4622d0a7e4854643cddf1712827bc02c Mon Sep 17 00:00:00 2001
From: "Simon L. B. Nielsen" <simon@FreeBSD.org>
Date: Sun, 18 Jul 2004 18:01:48 +0000
Subject: [PATCH] For the gbde attach script: - Ask the user up to X times (3
 by default) for the pass-phrase, if   it is incorrect the first time. - Add
 support for storing the lockfiles in another other directory   than /etc. -
 Document that it is possible to override the location of each single  
 lockfile.

Approved by:	pjd
---
 etc/defaults/rc.conf     |  2 ++
 etc/rc.d/gbde            | 16 +++++++++++++---
 share/man/man5/rc.conf.5 | 25 +++++++++++++++++++++++++
 3 files changed, 40 insertions(+), 3 deletions(-)

diff --git a/etc/defaults/rc.conf b/etc/defaults/rc.conf
index c4a94fb9582d..df9bd0c1362a 100644
--- a/etc/defaults/rc.conf
+++ b/etc/defaults/rc.conf
@@ -50,6 +50,8 @@ rc_conf_files="/etc/rc.conf /etc/rc.conf.local"
 # Experimental - test before enabling
 gbde_autoattach_all="NO" # YES automatically mounts gbde devices from fstab
 gbde_devices="NO" 	# Devices to automatically attach (list, or AUTO)
+gbde_attach_attempts="3" # Number of times to attempt attaching gbde devices
+gbde_lockdir="/etc"	# Where to look for gbde lockfiles
 gbde_swap_enable="NO"	# Set to YES to automatically initialize gbde swap
 			# devices listed in fstab with a random one-shot key
 
diff --git a/etc/rc.d/gbde b/etc/rc.d/gbde
index 25bcd2a9cc54..6359f415ae80 100644
--- a/etc/rc.d/gbde
+++ b/etc/rc.d/gbde
@@ -81,10 +81,20 @@ gbde_start()
 	for device in $gbde_devices; do
 		parentdev=${device%.bde}
 		parent=${parentdev#/dev/}
-		eval "lock=\${gbde_lock_${parent}-\"/etc/${parent}.lock\"}"
-		if [ -e $lock ]; then
+		eval "lock=\${gbde_lock_${parent}-\"${gbde_lockdir}/${parent}.lock\"}"
+		if [ -e "${lock}" -a ! -e "${device}" ]; then
 			echo "Configuring Disk Encryption for ${device}."
-			gbde attach ${parentdev} -l ${lock}
+
+			count=1
+			while [ ${count} -le ${gbde_attach_attempts} ]; do
+				gbde attach ${parentdev} -l ${lock}
+				if [ -e ${device} ]; then
+					break
+				fi
+				echo "Attach failed; attempt ${count} of ${gbde_attach_attempts}."
+				count=$((${count} + 1))
+			done
+
 		fi
 	done
 }
diff --git a/share/man/man5/rc.conf.5 b/share/man/man5/rc.conf.5
index 6aa9820597e0..844c13ed61ca 100644
--- a/share/man/man5/rc.conf.5
+++ b/share/man/man5/rc.conf.5
@@ -1069,6 +1069,31 @@ will attempt to automatically initialize your .bde devices in
 List the devices that the script should try to attach,
 or
 .Dq Li AUTO .
+.It Va gbde_lockdir
+.Pq Vt str
+The directory where the
+.Xr gbde 4
+lockfiles are located.
+The default lockfile directory is
+.Pa /etc .
+.Pp
+The lockfile for each individual
+.Xr gbde 4
+device can be overridden by setting the variable
+.Va gbde_lock_ Ns Aq Ar device ,
+where
+.Ar device
+is the encrypted device without the
+.Dq Pa /dev/
+and
+.Dq Pa .bde
+parts.
+.It Va gbde_attach_attempts
+.Pq Vt int
+Number of times to attempt attaching to a
+.Xr gbde 4
+device, i.e. how many times the user is asked for the pass-phrase.
+Default is 3.
 .It Va gbde_swap_enable
 .Pq Vt bool
 If set to