diff options
author | lassulus <lassulus@lassul.us> | 2019-04-13 14:49:48 +0200 |
---|---|---|
committer | lassulus <lassulus@lassul.us> | 2019-04-13 14:49:48 +0200 |
commit | ec4b7f30f5f4dfbc5b2164fdb6f25ff32e841cde (patch) | |
tree | 622682154a8ef2c92cfe7b38e9efd123f06b85d7 | |
parent | d03c70bb86ef1fb3e88a2dc9143faf34240feec0 (diff) |
l usershadow: add setuid wrapper for check_pw
-rw-r--r-- | lass/3modules/usershadow.nix | 21 |
1 files changed, 14 insertions, 7 deletions
diff --git a/lass/3modules/usershadow.nix b/lass/3modules/usershadow.nix index cb2890969..383b9a537 100644 --- a/lass/3modules/usershadow.nix +++ b/lass/3modules/usershadow.nix @@ -31,13 +31,20 @@ session required pam_loginuid.so ''; - security.pam.services.dovecot2.text = '' - auth required pam_exec.so expose_authtok ${usershadow}/bin/verify_pam ${cfg.pattern} - auth required pam_permit.so - account required pam_permit.so - session required pam_permit.so - session required pam_env.so envfile=${config.system.build.pamEnvironment} - ''; + security.pam.services.dovecot2 = { + text = '' + auth required pam_exec.so debug expose_authtok log=/tmp/lol /run/wrappers/bin/shadow_verify_pam ${cfg.pattern} + auth required pam_permit.so + account required pam_permit.so + session required pam_permit.so + session required pam_env.so envfile=${config.system.build.pamEnvironment} + ''; + }; + + security.wrappers.shadow_verify_pam = { + source = "${usershadow}/bin/verify_pam"; + owner = "root"; + }; }; usershadow = let { |