BoomMicrophone/nixpkgs-suyu
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

user-groups: Sidestep all password escaping issues

Browse source 
Now passwords are written to a file first
This commit is contained in:
Shea Levy 2014-02-10 10:12:34 -05:00
parent 3dc6168b31
commit 80cc2697b1
1 changed files with 8 additions and 11 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

19
nixos/modules/config/users-groups.nix
View file

@ -403,24 +403,21 @@ in
let let
mkhomeUsers = filterAttrs (n: u: u.createHome) cfg.extraUsers; mkhomeUsers = filterAttrs (n: u: u.createHome) cfg.extraUsers;
setpwUsers = filterAttrs (n: u: u.createUser) cfg.extraUsers; setpwUsers = filterAttrs (n: u: u.createUser) cfg.extraUsers;
pwFile = u: if !(isNull u.hashedPassword)
then pkgs.writeTextFile { name = "password-file"; text = u.hashedPassword; }
else if !(isNull u.password)
then pkgs.runCommand "password-file" { pw = u.password; } ''
echo -n "$pw" | ${pkgs.mkpasswd}/bin/mkpasswd -s > $out
'' else u.passwordFile;
setpw = n: u: '' setpw = n: u: ''
setpw=yes setpw=yes
${optionalString cfg.mutableUsers '' ${optionalString cfg.mutableUsers ''
test "$(getent shadow '${u.name}' | cut -d: -f2)" != "x" && setpw=no test "$(getent shadow '${u.name}' | cut -d: -f2)" != "x" && setpw=no
''} ''}
if [ "$setpw" == "yes" ]; then if [ "$setpw" == "yes" ]; then
${if !(isNull u.hashedPassword) ${if !(isNull (pwFile u))
then '' then ''
echo '${u.name}:${u.hashedPassword}' | \ echo -n "${u.name}:" | cat - "${pwFile u}" | \
${pkgs.shadow}/sbin/chpasswd -e''
else if u.password == ""
then "passwd -d '${u.name}' &>/dev/null"
else if !(isNull u.password)
then ''
echo '${u.name}:${u.password}' | ${pkgs.shadow}/sbin/chpasswd''
else if !(isNull u.passwordFile)
then ''
echo -n "${u.name}:" | cat - "${u.passwordFile}" | \
${pkgs.shadow}/sbin/chpasswd -e ${pkgs.shadow}/sbin/chpasswd -e
'' ''
else "passwd -l '${u.name}' &>/dev/null" else "passwd -l '${u.name}' &>/dev/null"