From 1ff4a60b8d241230c580fc5e9a705335c9c415a6 Mon Sep 17 00:00:00 2001
From: tv <tv@krebsco.de>
Date: Fri, 5 Feb 2021 19:52:07 +0100
Subject: krebs.shadow: admit password changes

---
 krebs/3modules/shadow.nix | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

(limited to 'krebs/3modules')

diff --git a/krebs/3modules/shadow.nix b/krebs/3modules/shadow.nix
index cff66492..9505efb0 100644
--- a/krebs/3modules/shadow.nix
+++ b/krebs/3modules/shadow.nix
@@ -4,19 +4,21 @@ with import <stockholm/lib>;
   cfg = config.krebs.shadow;
 
   mergeShadowsJq = pkgs.writeJq "merge-shadows.jq" ''
-    def fields_3_to_9: ["1", "", "", "", "", "", ""];
+    def is_int: . == (. | floor);
+    def fields_4_to_9: ["", "", "", "", "", ""];
+    def check_fields_3_to_9: (.[2] | tonumber | is_int) and .[3:] == fields_4_to_9;
 
     def read_value:
       split(":") |
       if length == 9 then
-        if .[2:] == fields_3_to_9 then
+        if check_fields_3_to_9 then
           .
         else
           error("unrecognized field contents")
         end
       elif length == 2 then
         if .[1] | test("^\\$6\\$") then
-          . + fields_3_to_9
+          . + ["1"] + fields_4_to_9
         else
           error("unrecognized hashed password")
         end
-- 
cgit v1.2.3