summaryrefslogtreecommitdiff
path: root/src
diff options
context:
space:
mode:
authorJoey Hess2017-06-20 10:57:47 -0400
committerJoey Hess2017-06-20 10:57:47 -0400
commitb79f9d9539ea7a6d97bd259c0ecfa2f45cb1d9c8 (patch)
tree2eefbe80ab8f683b6b28078c2de72f56b025f9b8 /src
parent727e7f8224f62f338db378852f5da478696da260 (diff)
User.hasInsecurePassword makes sure shadow passwords are enabled
So if the insecure password is later changed, the new password won't be exposed.
Diffstat (limited to 'src')
-rw-r--r--src/Propellor/Property/User.hs8
1 files changed, 6 insertions, 2 deletions
diff --git a/src/Propellor/Property/User.hs b/src/Propellor/Property/User.hs
index 0c7e48f2..ce2611bc 100644
--- a/src/Propellor/Property/User.hs
+++ b/src/Propellor/Property/User.hs
@@ -97,8 +97,12 @@ setPassword getpassword = getpassword $ go
-- | Makes a user's password be the passed String. Highly insecure:
-- The password is right there in your config file for anyone to see!
hasInsecurePassword :: User -> String -> Property DebianLike
-hasInsecurePassword u@(User n) p = property (n ++ " has insecure password") $
- chpasswd u p []
+hasInsecurePassword u@(User n) p = go
+ `requires` shadowConfig True
+ where
+ go :: Property DebianLike
+ go = property (n ++ " has insecure password") $
+ chpasswd u p []
chpasswd :: User -> String -> [String] -> Propellor Result
chpasswd (User user) v ps = makeChange $ withHandle StdinHandle createProcessSuccess