diff options
| author | lassulus <lass@aidsballs.de> | 2016-10-27 13:29:03 +0200 | 
|---|---|---|
| committer | lassulus <lass@aidsballs.de> | 2016-10-27 13:29:03 +0200 | 
| commit | d0198ecd07ac825ebb6841619c4d3039aa476c54 (patch) | |
| tree | 6d1325d65eacc2b41ed117bc6513588f6884fefc | |
| parent | 809a42339d2fa3e52d69a5d6966e60ae45968be5 (diff) | |
l 3 usershadow: more validators, expose path
| -rw-r--r-- | lass/3modules/usershadow.nix | 41 | 
1 files changed, 35 insertions, 6 deletions
| diff --git a/lass/3modules/usershadow.nix b/lass/3modules/usershadow.nix index 1ee01e8d9..a8ab1c52a 100644 --- a/lass/3modules/usershadow.nix +++ b/lass/3modules/usershadow.nix @@ -13,22 +13,27 @@        type = types.str;        default = "/home/%/.shadow";      }; +    path = mkOption { +      type = types.str; +    };    };    imp = {      environment.systemPackages = [ usershadow ]; +    lass.usershadow.path = "${usershadow}";      security.pam.services.sshd.text = '' -      auth required pam_exec.so expose_authtok ${usershadow}/bin/verify ${cfg.pattern} +      auth required pam_exec.so expose_authtok ${usershadow}/bin/verify_pam ${cfg.pattern}        auth required pam_permit.so        account required pam_permit.so        session required pam_permit.so      ''; -    security.pam.services.exim.text = '' -      auth required pam_exec.so expose_authtok ${usershadow}/bin/verify ${cfg.pattern} +    security.pam.services.dovecot2.text = '' +      auth required pam_exec.so expose_authtok ${usershadow}/bin/verify_pam ${cfg.pattern}        auth required pam_permit.so        account required pam_permit.so        session required pam_permit.so +      session required pam_env.so envfile=${config.system.build.pamEnvironment}      '';    }; @@ -38,7 +43,7 @@        "bytestring"      ];      body = pkgs.writeHaskell "passwords" { -      executables.verify = { +      executables.verify_pam = {          extra-depends = deps;          text = ''            import Data.Monoid @@ -61,18 +66,42 @@              if res then exitSuccess else exitFailure          '';        }; +      executables.verify_arg = { +        extra-depends = deps; +        text = '' +          import Data.Monoid +          import System.IO +          import Data.Char (chr) +          import System.Environment (getEnv, getArgs) +          import Crypto.PasswordStore (verifyPasswordWith, pbkdf2) +          import qualified Data.ByteString.Char8 as BS8 +          import System.Exit (exitFailure, exitSuccess) + +          main :: IO () +          main = do +            argsList <- getArgs +            let shadowFilePattern = argsList !! 0 +            let user = argsList !! 1 +            let password = argsList !! 2 +            let shadowFile = lhs <> user <> tail rhs +                (lhs, rhs) = span (/= '%') shadowFilePattern +            hash <- readFile shadowFile +            let res = verifyPasswordWith pbkdf2 (2^) (BS8.pack password) (BS8.pack hash) +            if res then do (putStr "yes") else exitFailure +        ''; +      };        executables.passwd = {          extra-depends = deps;          text = ''            import System.Environment (getEnv)            import Crypto.PasswordStore (makePasswordWith, pbkdf2)            import qualified Data.ByteString.Char8 as BS8 -          import System.IO (stdin, hSetEcho, putStr) +          import System.IO (stdin, hSetEcho, putStrLn)            main :: IO ()            main = do              home <- getEnv "HOME" -            putStr "password:" +            putStrLn "password:"              hSetEcho stdin False              password <- BS8.hGetLine stdin              hash <- makePasswordWith pbkdf2 password 10 | 
