summaryrefslogtreecommitdiff
path: root/src/Propellor/Property/User.hs
diff options
context:
space:
mode:
authorJoey Hess2015-10-22 21:13:05 -0400
committerJoey Hess2015-10-22 21:13:05 -0400
commit54125139a306209995f9e145998514bc6a9233ab (patch)
tree7191b8ea34b07c0342f6edf5f167ebc1dbb6a25c /src/Propellor/Property/User.hs
parent5db5d8418e27e187502e0807c3cbb7554dbbbcd1 (diff)
hasInsecurePassword
Diffstat (limited to 'src/Propellor/Property/User.hs')
-rw-r--r--src/Propellor/Property/User.hs19
1 files changed, 13 insertions, 6 deletions
diff --git a/src/Propellor/Property/User.hs b/src/Propellor/Property/User.hs
index c3314738..78e606ac 100644
--- a/src/Propellor/Property/User.hs
+++ b/src/Propellor/Property/User.hs
@@ -58,14 +58,21 @@ hasPassword' (User u) context = go `requires` shadowConfig True
setPassword :: (((PrivDataField, PrivData) -> Propellor Result) -> Propellor Result) -> Propellor Result
setPassword getpassword = getpassword $ go
where
- go (Password user, password) = set user (privDataVal password) []
- go (CryptPassword user, hash) = set user (privDataVal hash) ["--encrypted"]
+ go (Password user, password) = chpasswd (User user) (privDataVal password) []
+ go (CryptPassword user, hash) = chpasswd (User user) (privDataVal hash) ["--encrypted"]
go (f, _) = error $ "Unexpected type of privdata: " ++ show f
- set user v ps = makeChange $ withHandle StdinHandle createProcessSuccess
- (proc "chpasswd" ps) $ \h -> do
- hPutStrLn h $ user ++ ":" ++ v
- hClose h
+-- | Makes a user's password be the passed String. Highly insecure:
+-- The password is right there in your config file for anyone to see!
+hasInsecurePassword :: User -> String -> Property NoInfo
+hasInsecurePassword u@(User n) p = property (n ++ " has insecure password") $
+ chpasswd u p []
+
+chpasswd :: User -> String -> [String] -> Propellor Result
+chpasswd (User user) v ps = makeChange $ withHandle StdinHandle createProcessSuccess
+ (proc "chpasswd" ps) $ \h -> do
+ hPutStrLn h $ user ++ ":" ++ v
+ hClose h
lockedPassword :: User -> Property NoInfo
lockedPassword user@(User u) = check (not <$> isLockedPassword user) $ cmdProperty "passwd"