From 80cc2697b147c63300e4dd09f2790dee78220d5f Mon Sep 17 00:00:00 2001 From: Shea Levy Date: Mon, 10 Feb 2014 10:12:34 -0500 Subject: [PATCH] user-groups: Sidestep all password escaping issues Now passwords are written to a file first --- nixos/modules/config/users-groups.nix | 19 ++++++++----------- 1 file changed, 8 insertions(+), 11 deletions(-) diff --git a/nixos/modules/config/users-groups.nix b/nixos/modules/config/users-groups.nix index 09e7fc53c76f..a0fd99732bd3 100644 --- a/nixos/modules/config/users-groups.nix +++ b/nixos/modules/config/users-groups.nix @@ -403,24 +403,21 @@ in let mkhomeUsers = filterAttrs (n: u: u.createHome) cfg.extraUsers; setpwUsers = filterAttrs (n: u: u.createUser) cfg.extraUsers; + pwFile = u: if !(isNull u.hashedPassword) + then pkgs.writeTextFile { name = "password-file"; text = u.hashedPassword; } + else if !(isNull u.password) + then pkgs.runCommand "password-file" { pw = u.password; } '' + echo -n "$pw" | ${pkgs.mkpasswd}/bin/mkpasswd -s > $out + '' else u.passwordFile; setpw = n: u: '' setpw=yes ${optionalString cfg.mutableUsers '' test "$(getent shadow '${u.name}' | cut -d: -f2)" != "x" && setpw=no ''} if [ "$setpw" == "yes" ]; then - ${if !(isNull u.hashedPassword) + ${if !(isNull (pwFile u)) then '' - echo '${u.name}:${u.hashedPassword}' | \ - ${pkgs.shadow}/sbin/chpasswd -e'' - else if u.password == "" - then "passwd -d '${u.name}' &>/dev/null" - else if !(isNull u.password) - then '' - echo '${u.name}:${u.password}' | ${pkgs.shadow}/sbin/chpasswd'' - else if !(isNull u.passwordFile) - then '' - echo -n "${u.name}:" | cat - "${u.passwordFile}" | \ + echo -n "${u.name}:" | cat - "${pwFile u}" | \ ${pkgs.shadow}/sbin/chpasswd -e '' else "passwd -l '${u.name}' &>/dev/null"