l 3 usershadow: more validators, expose path

This commit is contained in:
lassulus 2016-10-27 13:29:03 +02:00
parent 809a42339d
commit d0198ecd07

View File

@ -13,22 +13,27 @@
type = types.str;
default = "/home/%/.shadow";
};
path = mkOption {
type = types.str;
};
};
imp = {
environment.systemPackages = [ usershadow ];
lass.usershadow.path = "${usershadow}";
security.pam.services.sshd.text = ''
auth required pam_exec.so expose_authtok ${usershadow}/bin/verify ${cfg.pattern}
auth required pam_exec.so expose_authtok ${usershadow}/bin/verify_pam ${cfg.pattern}
auth required pam_permit.so
account required pam_permit.so
session required pam_permit.so
'';
security.pam.services.exim.text = ''
auth required pam_exec.so expose_authtok ${usershadow}/bin/verify ${cfg.pattern}
security.pam.services.dovecot2.text = ''
auth required pam_exec.so expose_authtok ${usershadow}/bin/verify_pam ${cfg.pattern}
auth required pam_permit.so
account required pam_permit.so
session required pam_permit.so
session required pam_env.so envfile=${config.system.build.pamEnvironment}
'';
};
@ -38,7 +43,7 @@
"bytestring"
];
body = pkgs.writeHaskell "passwords" {
executables.verify = {
executables.verify_pam = {
extra-depends = deps;
text = ''
import Data.Monoid
@ -61,18 +66,42 @@
if res then exitSuccess else exitFailure
'';
};
executables.verify_arg = {
extra-depends = deps;
text = ''
import Data.Monoid
import System.IO
import Data.Char (chr)
import System.Environment (getEnv, getArgs)
import Crypto.PasswordStore (verifyPasswordWith, pbkdf2)
import qualified Data.ByteString.Char8 as BS8
import System.Exit (exitFailure, exitSuccess)
main :: IO ()
main = do
argsList <- getArgs
let shadowFilePattern = argsList !! 0
let user = argsList !! 1
let password = argsList !! 2
let shadowFile = lhs <> user <> tail rhs
(lhs, rhs) = span (/= '%') shadowFilePattern
hash <- readFile shadowFile
let res = verifyPasswordWith pbkdf2 (2^) (BS8.pack password) (BS8.pack hash)
if res then do (putStr "yes") else exitFailure
'';
};
executables.passwd = {
extra-depends = deps;
text = ''
import System.Environment (getEnv)
import Crypto.PasswordStore (makePasswordWith, pbkdf2)
import qualified Data.ByteString.Char8 as BS8
import System.IO (stdin, hSetEcho, putStr)
import System.IO (stdin, hSetEcho, putStrLn)
main :: IO ()
main = do
home <- getEnv "HOME"
putStr "password:"
putStrLn "password:"
hSetEcho stdin False
password <- BS8.hGetLine stdin
hash <- makePasswordWith pbkdf2 password 10