diff options
author | Shea Levy <shea@shealevy.com> | 2014-02-10 10:12:34 -0500 |
---|---|---|
committer | Shea Levy <shea@shealevy.com> | 2014-02-10 10:12:34 -0500 |
commit | 80cc2697b147c63300e4dd09f2790dee78220d5f (patch) | |
tree | bb0d4cf15617f912f8a1f29498c449f650af49ed /nixos | |
parent | 3dc6168b317fb3923f2ae073575a8582d01d3ba9 (diff) | |
download | nixlib-80cc2697b147c63300e4dd09f2790dee78220d5f.tar nixlib-80cc2697b147c63300e4dd09f2790dee78220d5f.tar.gz nixlib-80cc2697b147c63300e4dd09f2790dee78220d5f.tar.bz2 nixlib-80cc2697b147c63300e4dd09f2790dee78220d5f.tar.lz nixlib-80cc2697b147c63300e4dd09f2790dee78220d5f.tar.xz nixlib-80cc2697b147c63300e4dd09f2790dee78220d5f.tar.zst nixlib-80cc2697b147c63300e4dd09f2790dee78220d5f.zip |
user-groups: Sidestep all password escaping issues
Now passwords are written to a file first
Diffstat (limited to 'nixos')
-rw-r--r-- | nixos/modules/config/users-groups.nix | 19 |
1 files changed, 8 insertions, 11 deletions
diff --git a/nixos/modules/config/users-groups.nix b/nixos/modules/config/users-groups.nix index 09e7fc53c76f..a0fd99732bd3 100644 --- a/nixos/modules/config/users-groups.nix +++ b/nixos/modules/config/users-groups.nix @@ -403,24 +403,21 @@ in let mkhomeUsers = filterAttrs (n: u: u.createHome) cfg.extraUsers; setpwUsers = filterAttrs (n: u: u.createUser) cfg.extraUsers; + pwFile = u: if !(isNull u.hashedPassword) + then pkgs.writeTextFile { name = "password-file"; text = u.hashedPassword; } + else if !(isNull u.password) + then pkgs.runCommand "password-file" { pw = u.password; } '' + echo -n "$pw" | ${pkgs.mkpasswd}/bin/mkpasswd -s > $out + '' else u.passwordFile; setpw = n: u: '' setpw=yes ${optionalString cfg.mutableUsers '' test "$(getent shadow '${u.name}' | cut -d: -f2)" != "x" && setpw=no ''} if [ "$setpw" == "yes" ]; then - ${if !(isNull u.hashedPassword) + ${if !(isNull (pwFile u)) then '' - echo '${u.name}:${u.hashedPassword}' | \ - ${pkgs.shadow}/sbin/chpasswd -e'' - else if u.password == "" - then "passwd -d '${u.name}' &>/dev/null" - else if !(isNull u.password) - then '' - echo '${u.name}:${u.password}' | ${pkgs.shadow}/sbin/chpasswd'' - else if !(isNull u.passwordFile) - then '' - echo -n "${u.name}:" | cat - "${u.passwordFile}" | \ + echo -n "${u.name}:" | cat - "${pwFile u}" | \ ${pkgs.shadow}/sbin/chpasswd -e '' else "passwd -l '${u.name}' &>/dev/null" |