Merge remote-tracking branch 'ni/master'

author: lassulus <lassulus@lassul.us> 2021-02-11 11:09:03 +0100
committer: lassulus <lassulus@lassul.us> 2021-02-11 11:09:03 +0100
commit: 3054b326ef5e9d92ef8d26b50db5546691c24d59 (patch)
tree: 26eeae9a61206a5fddba5690729e2ee2f7ab52e6 /krebs/3modules/shadow.nix
parent: f0e8399b81b911da6c88d7af442bc305a1827c66 (diff)
parent: bda725bbfc4a4e1ecf8a8fd8d3dbff69b5cf4d60 (diff)
1 files changed, 5 insertions, 3 deletions
diff --git a/krebs/3modules/shadow.nix b/krebs/3modules/shadow.nix
index cff66492d..9505efb0c 100644
--- a/krebs/3modules/shadow.nix
+++ b/krebs/3modules/shadow.nix
@@ -4,19 +4,21 @@ with import <stockholm/lib>;
   cfg = config.krebs.shadow;
 
   mergeShadowsJq = pkgs.writeJq "merge-shadows.jq" ''
-    def fields_3_to_9: ["1", "", "", "", "", "", ""];
+    def is_int: . == (. | floor);
+    def fields_4_to_9: ["", "", "", "", "", ""];
+    def check_fields_3_to_9: (.[2] | tonumber | is_int) and .[3:] == fields_4_to_9;
 
     def read_value:
       split(":") |
       if length == 9 then
-        if .[2:] == fields_3_to_9 then
+        if check_fields_3_to_9 then
           .
         else
           error("unrecognized field contents")
         end
       elif length == 2 then
         if .[1] | test("^\\$6\\$") then
-          . + fields_3_to_9
+          . + ["1"] + fields_4_to_9
         else
           error("unrecognized hashed password")
         end
author	lassulus <lassulus@lassul.us>	2021-02-11 11:09:03 +0100
committer	lassulus <lassulus@lassul.us>	2021-02-11 11:09:03 +0100
commit	3054b326ef5e9d92ef8d26b50db5546691c24d59 (patch)
tree	26eeae9a61206a5fddba5690729e2ee2f7ab52e6 /krebs/3modules/shadow.nix
parent	f0e8399b81b911da6c88d7af442bc305a1827c66 (diff)
parent	bda725bbfc4a4e1ecf8a8fd8d3dbff69b5cf4d60 (diff)