l 3 usershadow: more validators, expose path
This commit is contained in:
parent
809a42339d
commit
d0198ecd07
@ -13,22 +13,27 @@
|
||||
type = types.str;
|
||||
default = "/home/%/.shadow";
|
||||
};
|
||||
path = mkOption {
|
||||
type = types.str;
|
||||
};
|
||||
};
|
||||
|
||||
imp = {
|
||||
environment.systemPackages = [ usershadow ];
|
||||
lass.usershadow.path = "${usershadow}";
|
||||
security.pam.services.sshd.text = ''
|
||||
auth required pam_exec.so expose_authtok ${usershadow}/bin/verify ${cfg.pattern}
|
||||
auth required pam_exec.so expose_authtok ${usershadow}/bin/verify_pam ${cfg.pattern}
|
||||
auth required pam_permit.so
|
||||
account required pam_permit.so
|
||||
session required pam_permit.so
|
||||
'';
|
||||
|
||||
security.pam.services.exim.text = ''
|
||||
auth required pam_exec.so expose_authtok ${usershadow}/bin/verify ${cfg.pattern}
|
||||
security.pam.services.dovecot2.text = ''
|
||||
auth required pam_exec.so expose_authtok ${usershadow}/bin/verify_pam ${cfg.pattern}
|
||||
auth required pam_permit.so
|
||||
account required pam_permit.so
|
||||
session required pam_permit.so
|
||||
session required pam_env.so envfile=${config.system.build.pamEnvironment}
|
||||
'';
|
||||
};
|
||||
|
||||
@ -38,7 +43,7 @@
|
||||
"bytestring"
|
||||
];
|
||||
body = pkgs.writeHaskell "passwords" {
|
||||
executables.verify = {
|
||||
executables.verify_pam = {
|
||||
extra-depends = deps;
|
||||
text = ''
|
||||
import Data.Monoid
|
||||
@ -61,18 +66,42 @@
|
||||
if res then exitSuccess else exitFailure
|
||||
'';
|
||||
};
|
||||
executables.verify_arg = {
|
||||
extra-depends = deps;
|
||||
text = ''
|
||||
import Data.Monoid
|
||||
import System.IO
|
||||
import Data.Char (chr)
|
||||
import System.Environment (getEnv, getArgs)
|
||||
import Crypto.PasswordStore (verifyPasswordWith, pbkdf2)
|
||||
import qualified Data.ByteString.Char8 as BS8
|
||||
import System.Exit (exitFailure, exitSuccess)
|
||||
|
||||
main :: IO ()
|
||||
main = do
|
||||
argsList <- getArgs
|
||||
let shadowFilePattern = argsList !! 0
|
||||
let user = argsList !! 1
|
||||
let password = argsList !! 2
|
||||
let shadowFile = lhs <> user <> tail rhs
|
||||
(lhs, rhs) = span (/= '%') shadowFilePattern
|
||||
hash <- readFile shadowFile
|
||||
let res = verifyPasswordWith pbkdf2 (2^) (BS8.pack password) (BS8.pack hash)
|
||||
if res then do (putStr "yes") else exitFailure
|
||||
'';
|
||||
};
|
||||
executables.passwd = {
|
||||
extra-depends = deps;
|
||||
text = ''
|
||||
import System.Environment (getEnv)
|
||||
import Crypto.PasswordStore (makePasswordWith, pbkdf2)
|
||||
import qualified Data.ByteString.Char8 as BS8
|
||||
import System.IO (stdin, hSetEcho, putStr)
|
||||
import System.IO (stdin, hSetEcho, putStrLn)
|
||||
|
||||
main :: IO ()
|
||||
main = do
|
||||
home <- getEnv "HOME"
|
||||
putStr "password:"
|
||||
putStrLn "password:"
|
||||
hSetEcho stdin False
|
||||
password <- BS8.hGetLine stdin
|
||||
hash <- makePasswordWith pbkdf2 password 10
|
||||
|
Loading…
Reference in New Issue
Block a user