diff options
| author | makefu <github@syntax-fehler.de> | 2019-04-17 21:48:16 +0200 |
|---|---|---|
| committer | makefu <github@syntax-fehler.de> | 2019-04-17 21:48:16 +0200 |
| commit | 12f77bbed628e4071ac300af77857815be97a344 (patch) | |
| tree | 4f8233712a96ac5a38a386e1cc9df24de8a2b31a /lass/3modules/usershadow.nix | |
| parent | e9743b162d51c4eb04d7939f8445e1acaa2d723d (diff) | |
| parent | d0d3fcb2d2b9ed82dd1ff2864b9fbbd88aa65ff4 (diff) | |
Merge remote-tracking branch 'lass/master'
Diffstat (limited to 'lass/3modules/usershadow.nix')
| -rw-r--r-- | lass/3modules/usershadow.nix | 31 |
1 files changed, 22 insertions, 9 deletions
diff --git a/lass/3modules/usershadow.nix b/lass/3modules/usershadow.nix index cb2890969..51da2ec93 100644 --- a/lass/3modules/usershadow.nix +++ b/lass/3modules/usershadow.nix @@ -31,13 +31,24 @@ session required pam_loginuid.so ''; - security.pam.services.dovecot2.text = '' - auth required pam_exec.so expose_authtok ${usershadow}/bin/verify_pam ${cfg.pattern} - auth required pam_permit.so - account required pam_permit.so - session required pam_permit.so - session required pam_env.so envfile=${config.system.build.pamEnvironment} - ''; + security.pam.services.dovecot2 = { + text = '' + auth required pam_exec.so debug expose_authtok log=/tmp/lol /run/wrappers/bin/shadow_verify_pam ${cfg.pattern} + auth required pam_permit.so + account required pam_permit.so + session required pam_permit.so + session required pam_env.so envfile=${config.system.build.pamEnvironment} + ''; + }; + + security.wrappers.shadow_verify_pam = { + source = "${usershadow}/bin/verify_pam"; + owner = "root"; + }; + security.wrappers.shadow_verify_arg = { + source = "${usershadow}/bin/verify_arg"; + owner = "root"; + }; }; usershadow = let { @@ -46,10 +57,13 @@ "bytestring" ]; body = pkgs.writeHaskellPackage "passwords" { + ghc-options = [ + "-rtsopts" + "-Wall" + ]; executables.verify_pam = { extra-depends = deps; text = '' - import Data.Monoid import System.IO import Data.Char (chr) import System.Environment (getEnv, getArgs) @@ -72,7 +86,6 @@ executables.verify_arg = { extra-depends = deps; text = '' - import Data.Monoid import System.Environment (getArgs) import Crypto.PasswordStore (verifyPasswordWith, pbkdf2) import qualified Data.ByteString.Char8 as BS8 |