summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorJoey Hess2014-12-05 16:33:23 -0400
committerJoey Hess2014-12-05 16:33:23 -0400
commit527975dffec07458e25f100257ec70a3c826c20d (patch)
tree05bfb206b068f281ab0dfbd93efd3695f906475f
parent2559b2348207ed9e914999e92fe9d26da0e1f5ad (diff)
hasSomePassword and hasPassword now check to make sure shadow passwords are enabled.
-rw-r--r--config-joey.hs3
-rw-r--r--debian/changelog2
-rw-r--r--src/Propellor/Property/OS.hs3
-rw-r--r--src/Propellor/Property/User.hs16
4 files changed, 13 insertions, 11 deletions
diff --git a/config-joey.hs b/config-joey.hs
index b41af4a2..c1eb0a23 100644
--- a/config-joey.hs
+++ b/config-joey.hs
@@ -57,8 +57,7 @@ testvm = host "testvm.kitenet.net"
& os (System (Debian Unstable) "amd64")
& OS.cleanInstallOnce (OS.Confirmed "testvm.kitenet.net")
`onChange` propertyList "fixing up after clean install"
- [ User.shadowConfig True
- , OS.preserveRootSshAuthorized
+ [ OS.preserveRootSshAuthorized
, OS.preserveResolvConf
, Apt.update
, Grub.boots "/dev/sda"
diff --git a/debian/changelog b/debian/changelog
index 7ee1198b..4bb387ce 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -21,6 +21,8 @@ propellor (1.1.0) UNRELEASED; urgency=medium
* hasSomePassword and hasPassword now default to using the name of the
host as the Context for the password. To specify a different context,
use hasSomePassword' and hasPassword' (API change)
+ * hasSomePassword and hasPassword now check to make sure shadow passwords
+ are enabled.
* cron.runPropellor now runs propellor, rather than using its Makefile.
This is more robust.
* propellor.debug can be set in the git config to enable more persistent
diff --git a/src/Propellor/Property/OS.hs b/src/Propellor/Property/OS.hs
index 30f8c4bb..3f999e23 100644
--- a/src/Propellor/Property/OS.hs
+++ b/src/Propellor/Property/OS.hs
@@ -45,8 +45,7 @@ import Control.Exception (throw)
-- > & os (System (Debian Unstable) "amd64")
-- > & cleanInstallOnce (Confirmed "foo.example.com")
-- > `onChange` propertyList "fixing up after clean install"
--- > [ User.shadowConfig True
--- > , preserveNetworkInterfaces
+-- > [ preserveNetworkInterfaces
-- > , preserveResolvConf
-- > , preserverRootSshAuthorized
-- > , Apt.update
diff --git a/src/Propellor/Property/User.hs b/src/Propellor/Property/User.hs
index ccb69b24..5c8e768c 100644
--- a/src/Propellor/Property/User.hs
+++ b/src/Propellor/Property/User.hs
@@ -44,13 +44,15 @@ hasPassword user = property (user ++ "has password") $ do
ensureProperty $ hasPassword' user (Context hostname)
hasPassword' :: UserName -> Context -> Property
-hasPassword' user context = withPrivData (Password user) context $ \getpassword ->
- property (user ++ " has password") $
- getpassword $ \password -> makeChange $
- withHandle StdinHandle createProcessSuccess
- (proc "chpasswd" []) $ \h -> do
- hPutStrLn h $ user ++ ":" ++ password
- hClose h
+hasPassword' user context = go `requires` shadowConfig True
+ where
+ go = withPrivData (Password user) context $ \getpassword ->
+ property (user ++ " has password") $
+ getpassword $ \password -> makeChange $
+ withHandle StdinHandle createProcessSuccess
+ (proc "chpasswd" []) $ \h -> do
+ hPutStrLn h $ user ++ ":" ++ password
+ hClose h
lockedPassword :: UserName -> Property
lockedPassword user = check (not <$> isLockedPassword user) $ cmdProperty "passwd"