diff options
| author | tv <tv@krebsco.de> | 2021-02-05 19:52:07 +0100 |
|---|---|---|
| committer | tv <tv@krebsco.de> | 2021-02-05 19:55:34 +0100 |
| commit | 1ff4a60b8d241230c580fc5e9a705335c9c415a6 (patch) | |
| tree | 8a6206a8c047751c1a519304bbc956e0290600c2 | |
| parent | 315dcf3cbff0980495c0899a38ecdf538651dabc (diff) | |
krebs.shadow: admit password changes
| -rw-r--r-- | krebs/3modules/shadow.nix | 8 |
1 files changed, 5 insertions, 3 deletions
diff --git a/krebs/3modules/shadow.nix b/krebs/3modules/shadow.nix index cff66492..9505efb0 100644 --- a/krebs/3modules/shadow.nix +++ b/krebs/3modules/shadow.nix @@ -4,19 +4,21 @@ with import <stockholm/lib>; cfg = config.krebs.shadow; mergeShadowsJq = pkgs.writeJq "merge-shadows.jq" '' - def fields_3_to_9: ["1", "", "", "", "", "", ""]; + def is_int: . == (. | floor); + def fields_4_to_9: ["", "", "", "", "", ""]; + def check_fields_3_to_9: (.[2] | tonumber | is_int) and .[3:] == fields_4_to_9; def read_value: split(":") | if length == 9 then - if .[2:] == fields_3_to_9 then + if check_fields_3_to_9 then . else error("unrecognized field contents") end elif length == 2 then if .[1] | test("^\\$6\\$") then - . + fields_3_to_9 + . + ["1"] + fields_4_to_9 else error("unrecognized hashed password") end |