From 24d7e2fa03a4533368a8ec90599211366feb1510 Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Wed, 17 Apr 2019 20:16:06 +0200
Subject: l domsen: run verify_arg as root

---
 lass/2configs/websites/domsen.nix | 2 +-
 lass/3modules/usershadow.nix      | 4 ++++
 2 files changed, 5 insertions(+), 1 deletion(-)

diff --git a/lass/2configs/websites/domsen.nix b/lass/2configs/websites/domsen.nix
index 5bd5a7ca..2131c7c6 100644
--- a/lass/2configs/websites/domsen.nix
+++ b/lass/2configs/websites/domsen.nix
@@ -119,7 +119,7 @@ in {
     authenticators.PLAIN = ''
       driver = plaintext
       public_name = PLAIN
-      server_condition = ''${run{${config.lass.usershadow.path}/bin/verify_arg ${config.lass.usershadow.pattern} $auth2 $auth3}{yes}{no}}
+      server_condition = ''${run{/run/wrappers/bin/shadow_verify_arg ${config.lass.usershadow.pattern} $auth2 $auth3}{yes}{no}}
     '';
     authenticators.LOGIN = ''
       driver = plaintext
diff --git a/lass/3modules/usershadow.nix b/lass/3modules/usershadow.nix
index d967a108..51da2ec9 100644
--- a/lass/3modules/usershadow.nix
+++ b/lass/3modules/usershadow.nix
@@ -45,6 +45,10 @@
       source = "${usershadow}/bin/verify_pam";
       owner = "root";
     };
+    security.wrappers.shadow_verify_arg = {
+      source = "${usershadow}/bin/verify_arg";
+      owner = "root";
+    };
   };
 
   usershadow = let {
-- 
cgit v1.2.3