Allow three failed password attempts

Adapt @rlaager's script for direct inclusion into the systemd unit, automatically retrying up to three times on zfs load-key failure. Signed-off-by: Antonio Russo <[email protected]>
openzfs · Jul 3, 2019 · 0dc02e5 · 0dc02e5
1 parent 0182650
commit 0dc02e5
Showing 1 changed file with 9 additions and 1 deletion.
diff --git a/etc/systemd/system-generators/zfs-mount-generator.in b/etc/systemd/system-generators/zfs-mount-generator.in
@@ -181,7 +181,15 @@ process_line() {
         pathdep="RequiresMountsFor='${p_keyloc#file://}'"
         keyloadcmd="@sbindir@/zfs load-key '${dataset}'"
       elif [ "${p_keyloc}" = "prompt" ] ; then
-  keyloadcmd="sh -c 'systemd-ask-password | @sbindir@/zfs load-key '${dataset}'"
+        keyloadcmd="sh -c 'set -eu;"\
+"count=0;"\
+"while [ \$\$count -lt 3 ];do"\
+"  systemd-ask-password --id=\"zfs:${dataset}\""\
+"    \"Enter passphrase for ${dataset}:\"|"\
+"    @sbindir@/zfs load-key \"${dataset}\" && exit 0;"\
+"  count=\$\$((count + 1));"\
+"done;"\
+"exit 1'"
       else
         printf 'zfs-mount-generator: (%s) invalid keylocation\n' \
           "${dataset}" >/dev/kmsg