summaryrefslogtreecommitdiff
path: root/src/Propellor/Property/User.hs
diff options
context:
space:
mode:
Diffstat (limited to 'src/Propellor/Property/User.hs')
-rw-r--r--src/Propellor/Property/User.hs66
1 files changed, 33 insertions, 33 deletions
diff --git a/src/Propellor/Property/User.hs b/src/Propellor/Property/User.hs
index 557875fb..add3ae52 100644
--- a/src/Propellor/Property/User.hs
+++ b/src/Propellor/Property/User.hs
@@ -7,31 +7,31 @@ import qualified Propellor.Property.File as File
data Eep = YesReallyDeleteHome
-accountFor :: UserName -> Property NoInfo
-accountFor user = check (isNothing <$> catchMaybeIO (homedir user)) $ cmdProperty "adduser"
+accountFor :: User -> Property NoInfo
+accountFor user@(User u) = check (isNothing <$> catchMaybeIO (homedir user)) $ cmdProperty "adduser"
[ "--disabled-password"
, "--gecos", ""
- , user
+ , u
]
- `describe` ("account for " ++ user)
+ `describe` ("account for " ++ u)
-- | Removes user home directory!! Use with caution.
-nuked :: UserName -> Eep -> Property NoInfo
-nuked user _ = check (isJust <$> catchMaybeIO (homedir user)) $ cmdProperty "userdel"
+nuked :: User -> Eep -> Property NoInfo
+nuked user@(User u) _ = check (isJust <$> catchMaybeIO (homedir user)) $ cmdProperty "userdel"
[ "-r"
- , user
+ , u
]
- `describe` ("nuked user " ++ user)
+ `describe` ("nuked user " ++ u)
-- | Only ensures that the user has some password set. It may or may
-- not be a password from the PrivData.
-hasSomePassword :: UserName -> Property HasInfo
+hasSomePassword :: User -> Property HasInfo
hasSomePassword user = hasSomePassword' user hostContext
-- | While hasSomePassword uses the name of the host as context,
-- this allows specifying a different context. This is useful when
-- you want to use the same password on multiple hosts, for example.
-hasSomePassword' :: IsContext c => UserName -> c -> Property HasInfo
+hasSomePassword' :: IsContext c => User -> c -> Property HasInfo
hasSomePassword' user context = check ((/= HasPassword) <$> getPasswordStatus user) $
hasPassword' user context
@@ -41,18 +41,18 @@ hasSomePassword' user context = check ((/= HasPassword) <$> getPasswordStatus us
-- A user's password can be stored in the PrivData in either of two forms;
-- the full cleartext <Password> or a <CryptPassword> hash. The latter
-- is obviously more secure.
-hasPassword :: UserName -> Property HasInfo
+hasPassword :: User -> Property HasInfo
hasPassword user = hasPassword' user hostContext
-hasPassword' :: IsContext c => UserName -> c -> Property HasInfo
-hasPassword' user context = go `requires` shadowConfig True
+hasPassword' :: IsContext c => User -> c -> Property HasInfo
+hasPassword' (User u) context = go `requires` shadowConfig True
where
go = withSomePrivData srcs context $
- property (user ++ " has password") . setPassword
+ property (u ++ " has password") . setPassword
srcs =
- [ PrivDataSource (CryptPassword user)
+ [ PrivDataSource (CryptPassword u)
"a crypt(3)ed password, which can be generated by, for example: perl -e 'print crypt(shift, q{$6$}.shift)' 'somepassword' 'somesalt'"
- , PrivDataSource (Password user) ("a password for " ++ user)
+ , PrivDataSource (Password u) ("a password for " ++ u)
]
setPassword :: (((PrivDataField, PrivData) -> Propellor Result) -> Propellor Result) -> Propellor Result
@@ -67,32 +67,32 @@ setPassword getpassword = getpassword $ go
hPutStrLn h $ user ++ ":" ++ v
hClose h
-lockedPassword :: UserName -> Property NoInfo
-lockedPassword user = check (not <$> isLockedPassword user) $ cmdProperty "passwd"
+lockedPassword :: User -> Property NoInfo
+lockedPassword user@(User u) = check (not <$> isLockedPassword user) $ cmdProperty "passwd"
[ "--lock"
- , user
+ , u
]
- `describe` ("locked " ++ user ++ " password")
+ `describe` ("locked " ++ u ++ " password")
data PasswordStatus = NoPassword | LockedPassword | HasPassword
deriving (Eq)
-getPasswordStatus :: UserName -> IO PasswordStatus
-getPasswordStatus user = parse . words <$> readProcess "passwd" ["-S", user]
+getPasswordStatus :: User -> IO PasswordStatus
+getPasswordStatus (User u) = parse . words <$> readProcess "passwd" ["-S", u]
where
parse (_:"L":_) = LockedPassword
parse (_:"NP":_) = NoPassword
parse (_:"P":_) = HasPassword
parse _ = NoPassword
-isLockedPassword :: UserName -> IO Bool
+isLockedPassword :: User -> IO Bool
isLockedPassword user = (== LockedPassword) <$> getPasswordStatus user
-homedir :: UserName -> IO FilePath
-homedir user = homeDirectory <$> getUserEntryForName user
+homedir :: User -> IO FilePath
+homedir (User user) = homeDirectory <$> getUserEntryForName user
-hasGroup :: UserName -> GroupName -> Property NoInfo
-hasGroup user group' = check test $ cmdProperty "adduser"
+hasGroup :: User -> Group -> Property NoInfo
+hasGroup (User user) (Group group') = check test $ cmdProperty "adduser"
[ user
, group'
]
@@ -114,16 +114,16 @@ shadowExists = doesFileExist "/etc/shadow"
-- | Ensures that a user has a specified login shell, and that the shell
-- is enabled in /etc/shells.
-hasLoginShell :: UserName -> FilePath -> Property NoInfo
+hasLoginShell :: User -> FilePath -> Property NoInfo
hasLoginShell user loginshell = shellSetTo user loginshell `requires` shellEnabled loginshell
-shellSetTo :: UserName -> FilePath -> Property NoInfo
-shellSetTo user loginshell = check needchangeshell $
- cmdProperty "chsh" ["--shell", loginshell, user]
- `describe` (user ++ " has login shell " ++ loginshell)
+shellSetTo :: User -> FilePath -> Property NoInfo
+shellSetTo (User u) loginshell = check needchangeshell $
+ cmdProperty "chsh" ["--shell", loginshell, u]
+ `describe` (u ++ " has login shell " ++ loginshell)
where
needchangeshell = do
- currshell <- userShell <$> getUserEntryForName user
+ currshell <- userShell <$> getUserEntryForName u
return (currshell /= loginshell)
-- | Ensures that /etc/shells contains a shell.