From 527975dffec07458e25f100257ec70a3c826c20d Mon Sep 17 00:00:00 2001 From: Joey Hess Date: Fri, 5 Dec 2014 16:33:23 -0400 Subject: hasSomePassword and hasPassword now check to make sure shadow passwords are enabled. --- config-joey.hs | 3 +-- debian/changelog | 2 ++ src/Propellor/Property/OS.hs | 3 +-- src/Propellor/Property/User.hs | 16 +++++++++------- 4 files changed, 13 insertions(+), 11 deletions(-) diff --git a/config-joey.hs b/config-joey.hs index b41af4a2..c1eb0a23 100644 --- a/config-joey.hs +++ b/config-joey.hs @@ -57,8 +57,7 @@ testvm = host "testvm.kitenet.net" & os (System (Debian Unstable) "amd64") & OS.cleanInstallOnce (OS.Confirmed "testvm.kitenet.net") `onChange` propertyList "fixing up after clean install" - [ User.shadowConfig True - , OS.preserveRootSshAuthorized + [ OS.preserveRootSshAuthorized , OS.preserveResolvConf , Apt.update , Grub.boots "/dev/sda" diff --git a/debian/changelog b/debian/changelog index 7ee1198b..4bb387ce 100644 --- a/debian/changelog +++ b/debian/changelog @@ -21,6 +21,8 @@ propellor (1.1.0) UNRELEASED; urgency=medium * hasSomePassword and hasPassword now default to using the name of the host as the Context for the password. To specify a different context, use hasSomePassword' and hasPassword' (API change) + * hasSomePassword and hasPassword now check to make sure shadow passwords + are enabled. * cron.runPropellor now runs propellor, rather than using its Makefile. This is more robust. * propellor.debug can be set in the git config to enable more persistent diff --git a/src/Propellor/Property/OS.hs b/src/Propellor/Property/OS.hs index 30f8c4bb..3f999e23 100644 --- a/src/Propellor/Property/OS.hs +++ b/src/Propellor/Property/OS.hs @@ -45,8 +45,7 @@ import Control.Exception (throw) -- > & os (System (Debian Unstable) "amd64") -- > & cleanInstallOnce (Confirmed "foo.example.com") -- > `onChange` propertyList "fixing up after clean install" --- > [ User.shadowConfig True --- > , preserveNetworkInterfaces +-- > [ preserveNetworkInterfaces -- > , preserveResolvConf -- > , preserverRootSshAuthorized -- > , Apt.update diff --git a/src/Propellor/Property/User.hs b/src/Propellor/Property/User.hs index ccb69b24..5c8e768c 100644 --- a/src/Propellor/Property/User.hs +++ b/src/Propellor/Property/User.hs @@ -44,13 +44,15 @@ hasPassword user = property (user ++ "has password") $ do ensureProperty $ hasPassword' user (Context hostname) hasPassword' :: UserName -> Context -> Property -hasPassword' user context = withPrivData (Password user) context $ \getpassword -> - property (user ++ " has password") $ - getpassword $ \password -> makeChange $ - withHandle StdinHandle createProcessSuccess - (proc "chpasswd" []) $ \h -> do - hPutStrLn h $ user ++ ":" ++ password - hClose h +hasPassword' user context = go `requires` shadowConfig True + where + go = withPrivData (Password user) context $ \getpassword -> + property (user ++ " has password") $ + getpassword $ \password -> makeChange $ + withHandle StdinHandle createProcessSuccess + (proc "chpasswd" []) $ \h -> do + hPutStrLn h $ user ++ ":" ++ password + hClose h lockedPassword :: UserName -> Property lockedPassword user = check (not <$> isLockedPassword user) $ cmdProperty "passwd" -- cgit v1.2.3