diff options
| author | tv <tv@krebsco.de> | 2016-11-11 08:49:37 +0100 |
|---|---|---|
| committer | tv <tv@krebsco.de> | 2016-11-11 08:49:37 +0100 |
| commit | 0e13a4e2373d891e6a895e4b6ad2b42da028ba12 (patch) | |
| tree | 1d8ca040ab86b462d6e3fd283997d56177fa4b33 /lass/3modules | |
| parent | b837dec290e54f532cd5539c93a663ba11f68c54 (diff) | |
| parent | e6c7b13f5990d96e269ee12b9bf6b15bfa7d5b82 (diff) | |
Merge remote-tracking branch 'prism/master'
Diffstat (limited to 'lass/3modules')
| -rw-r--r-- | lass/3modules/usershadow.nix | 41 |
1 files changed, 35 insertions, 6 deletions
diff --git a/lass/3modules/usershadow.nix b/lass/3modules/usershadow.nix index 1ee01e8d..a8ab1c52 100644 --- a/lass/3modules/usershadow.nix +++ b/lass/3modules/usershadow.nix @@ -13,22 +13,27 @@ type = types.str; default = "/home/%/.shadow"; }; + path = mkOption { + type = types.str; + }; }; imp = { environment.systemPackages = [ usershadow ]; + lass.usershadow.path = "${usershadow}"; security.pam.services.sshd.text = '' - auth required pam_exec.so expose_authtok ${usershadow}/bin/verify ${cfg.pattern} + auth required pam_exec.so expose_authtok ${usershadow}/bin/verify_pam ${cfg.pattern} auth required pam_permit.so account required pam_permit.so session required pam_permit.so ''; - security.pam.services.exim.text = '' - auth required pam_exec.so expose_authtok ${usershadow}/bin/verify ${cfg.pattern} + security.pam.services.dovecot2.text = '' + auth required pam_exec.so expose_authtok ${usershadow}/bin/verify_pam ${cfg.pattern} auth required pam_permit.so account required pam_permit.so session required pam_permit.so + session required pam_env.so envfile=${config.system.build.pamEnvironment} ''; }; @@ -38,7 +43,7 @@ "bytestring" ]; body = pkgs.writeHaskell "passwords" { - executables.verify = { + executables.verify_pam = { extra-depends = deps; text = '' import Data.Monoid @@ -61,18 +66,42 @@ if res then exitSuccess else exitFailure ''; }; + executables.verify_arg = { + extra-depends = deps; + text = '' + import Data.Monoid + import System.IO + import Data.Char (chr) + import System.Environment (getEnv, getArgs) + import Crypto.PasswordStore (verifyPasswordWith, pbkdf2) + import qualified Data.ByteString.Char8 as BS8 + import System.Exit (exitFailure, exitSuccess) + + main :: IO () + main = do + argsList <- getArgs + let shadowFilePattern = argsList !! 0 + let user = argsList !! 1 + let password = argsList !! 2 + let shadowFile = lhs <> user <> tail rhs + (lhs, rhs) = span (/= '%') shadowFilePattern + hash <- readFile shadowFile + let res = verifyPasswordWith pbkdf2 (2^) (BS8.pack password) (BS8.pack hash) + if res then do (putStr "yes") else exitFailure + ''; + }; executables.passwd = { extra-depends = deps; text = '' import System.Environment (getEnv) import Crypto.PasswordStore (makePasswordWith, pbkdf2) import qualified Data.ByteString.Char8 as BS8 - import System.IO (stdin, hSetEcho, putStr) + import System.IO (stdin, hSetEcho, putStrLn) main :: IO () main = do home <- getEnv "HOME" - putStr "password:" + putStrLn "password:" hSetEcho stdin False password <- BS8.hGetLine stdin hash <- makePasswordWith pbkdf2 password 10 |