summaryrefslogtreecommitdiff
path: root/src/Propellor/Property/User.hs
diff options
context:
space:
mode:
authorJoey Hess2015-04-22 13:04:39 -0400
committerJoey Hess2015-04-22 13:04:39 -0400
commitf35ef9d6975710f2d77c2ea708c66500861d92d1 (patch)
treece00d88d1f67109b62dcdec56262e63471fba412 /src/Propellor/Property/User.hs
parentd3dbdb1f4d47142c20a498dc9279e480900b86c5 (diff)
API change: Added User and Group newtypes, and Properties that used to use the type UserName = String were changed to use them.
Note that UserName is kept and PrivData still uses it in its sum type. This is to avoid breaking PrivData serialization.
Diffstat (limited to 'src/Propellor/Property/User.hs')
-rw-r--r--src/Propellor/Property/User.hs66
1 files changed, 33 insertions, 33 deletions
diff --git a/src/Propellor/Property/User.hs b/src/Propellor/Property/User.hs
index 557875fb..add3ae52 100644
--- a/src/Propellor/Property/User.hs
+++ b/src/Propellor/Property/User.hs
@@ -7,31 +7,31 @@ import qualified Propellor.Property.File as File
data Eep = YesReallyDeleteHome
-accountFor :: UserName -> Property NoInfo
-accountFor user = check (isNothing <$> catchMaybeIO (homedir user)) $ cmdProperty "adduser"
+accountFor :: User -> Property NoInfo
+accountFor user@(User u) = check (isNothing <$> catchMaybeIO (homedir user)) $ cmdProperty "adduser"
[ "--disabled-password"
, "--gecos", ""
- , user
+ , u
]
- `describe` ("account for " ++ user)
+ `describe` ("account for " ++ u)
-- | Removes user home directory!! Use with caution.
-nuked :: UserName -> Eep -> Property NoInfo
-nuked user _ = check (isJust <$> catchMaybeIO (homedir user)) $ cmdProperty "userdel"
+nuked :: User -> Eep -> Property NoInfo
+nuked user@(User u) _ = check (isJust <$> catchMaybeIO (homedir user)) $ cmdProperty "userdel"
[ "-r"
- , user
+ , u
]
- `describe` ("nuked user " ++ user)
+ `describe` ("nuked user " ++ u)
-- | Only ensures that the user has some password set. It may or may
-- not be a password from the PrivData.
-hasSomePassword :: UserName -> Property HasInfo
+hasSomePassword :: User -> Property HasInfo
hasSomePassword user = hasSomePassword' user hostContext
-- | While hasSomePassword uses the name of the host as context,
-- this allows specifying a different context. This is useful when
-- you want to use the same password on multiple hosts, for example.
-hasSomePassword' :: IsContext c => UserName -> c -> Property HasInfo
+hasSomePassword' :: IsContext c => User -> c -> Property HasInfo
hasSomePassword' user context = check ((/= HasPassword) <$> getPasswordStatus user) $
hasPassword' user context
@@ -41,18 +41,18 @@ hasSomePassword' user context = check ((/= HasPassword) <$> getPasswordStatus us
-- A user's password can be stored in the PrivData in either of two forms;
-- the full cleartext <Password> or a <CryptPassword> hash. The latter
-- is obviously more secure.
-hasPassword :: UserName -> Property HasInfo
+hasPassword :: User -> Property HasInfo
hasPassword user = hasPassword' user hostContext
-hasPassword' :: IsContext c => UserName -> c -> Property HasInfo
-hasPassword' user context = go `requires` shadowConfig True
+hasPassword' :: IsContext c => User -> c -> Property HasInfo
+hasPassword' (User u) context = go `requires` shadowConfig True
where
go = withSomePrivData srcs context $
- property (user ++ " has password") . setPassword
+ property (u ++ " has password") . setPassword
srcs =
- [ PrivDataSource (CryptPassword user)
+ [ PrivDataSource (CryptPassword u)
"a crypt(3)ed password, which can be generated by, for example: perl -e 'print crypt(shift, q{$6$}.shift)' 'somepassword' 'somesalt'"
- , PrivDataSource (Password user) ("a password for " ++ user)
+ , PrivDataSource (Password u) ("a password for " ++ u)
]
setPassword :: (((PrivDataField, PrivData) -> Propellor Result) -> Propellor Result) -> Propellor Result
@@ -67,32 +67,32 @@ setPassword getpassword = getpassword $ go
hPutStrLn h $ user ++ ":" ++ v
hClose h
-lockedPassword :: UserName -> Property NoInfo
-lockedPassword user = check (not <$> isLockedPassword user) $ cmdProperty "passwd"
+lockedPassword :: User -> Property NoInfo
+lockedPassword user@(User u) = check (not <$> isLockedPassword user) $ cmdProperty "passwd"
[ "--lock"
- , user
+ , u
]
- `describe` ("locked " ++ user ++ " password")
+ `describe` ("locked " ++ u ++ " password")
data PasswordStatus = NoPassword | LockedPassword | HasPassword
deriving (Eq)
-getPasswordStatus :: UserName -> IO PasswordStatus
-getPasswordStatus user = parse . words <$> readProcess "passwd" ["-S", user]
+getPasswordStatus :: User -> IO PasswordStatus
+getPasswordStatus (User u) = parse . words <$> readProcess "passwd" ["-S", u]
where
parse (_:"L":_) = LockedPassword
parse (_:"NP":_) = NoPassword
parse (_:"P":_) = HasPassword
parse _ = NoPassword
-isLockedPassword :: UserName -> IO Bool
+isLockedPassword :: User -> IO Bool
isLockedPassword user = (== LockedPassword) <$> getPasswordStatus user
-homedir :: UserName -> IO FilePath
-homedir user = homeDirectory <$> getUserEntryForName user
+homedir :: User -> IO FilePath
+homedir (User user) = homeDirectory <$> getUserEntryForName user
-hasGroup :: UserName -> GroupName -> Property NoInfo
-hasGroup user group' = check test $ cmdProperty "adduser"
+hasGroup :: User -> Group -> Property NoInfo
+hasGroup (User user) (Group group') = check test $ cmdProperty "adduser"
[ user
, group'
]
@@ -114,16 +114,16 @@ shadowExists = doesFileExist "/etc/shadow"
-- | Ensures that a user has a specified login shell, and that the shell
-- is enabled in /etc/shells.
-hasLoginShell :: UserName -> FilePath -> Property NoInfo
+hasLoginShell :: User -> FilePath -> Property NoInfo
hasLoginShell user loginshell = shellSetTo user loginshell `requires` shellEnabled loginshell
-shellSetTo :: UserName -> FilePath -> Property NoInfo
-shellSetTo user loginshell = check needchangeshell $
- cmdProperty "chsh" ["--shell", loginshell, user]
- `describe` (user ++ " has login shell " ++ loginshell)
+shellSetTo :: User -> FilePath -> Property NoInfo
+shellSetTo (User u) loginshell = check needchangeshell $
+ cmdProperty "chsh" ["--shell", loginshell, u]
+ `describe` (u ++ " has login shell " ++ loginshell)
where
needchangeshell = do
- currshell <- userShell <$> getUserEntryForName user
+ currshell <- userShell <$> getUserEntryForName u
return (currshell /= loginshell)
-- | Ensures that /etc/shells contains a shell.