summaryrefslogtreecommitdiffstats
path: root/lass/3modules
diff options
context:
space:
mode:
authortv <tv@krebsco.de>2016-11-11 08:49:37 +0100
committertv <tv@krebsco.de>2016-11-11 08:49:37 +0100
commit0e13a4e2373d891e6a895e4b6ad2b42da028ba12 (patch)
tree1d8ca040ab86b462d6e3fd283997d56177fa4b33 /lass/3modules
parentb837dec290e54f532cd5539c93a663ba11f68c54 (diff)
parente6c7b13f5990d96e269ee12b9bf6b15bfa7d5b82 (diff)
Merge remote-tracking branch 'prism/master'
Diffstat (limited to 'lass/3modules')
-rw-r--r--lass/3modules/usershadow.nix41
1 files changed, 35 insertions, 6 deletions
diff --git a/lass/3modules/usershadow.nix b/lass/3modules/usershadow.nix
index 1ee01e8d9..a8ab1c52a 100644
--- a/lass/3modules/usershadow.nix
+++ b/lass/3modules/usershadow.nix
@@ -13,22 +13,27 @@
type = types.str;
default = "/home/%/.shadow";
};
+ path = mkOption {
+ type = types.str;
+ };
};
imp = {
environment.systemPackages = [ usershadow ];
+ lass.usershadow.path = "${usershadow}";
security.pam.services.sshd.text = ''
- auth required pam_exec.so expose_authtok ${usershadow}/bin/verify ${cfg.pattern}
+ auth required pam_exec.so expose_authtok ${usershadow}/bin/verify_pam ${cfg.pattern}
auth required pam_permit.so
account required pam_permit.so
session required pam_permit.so
'';
- security.pam.services.exim.text = ''
- auth required pam_exec.so expose_authtok ${usershadow}/bin/verify ${cfg.pattern}
+ security.pam.services.dovecot2.text = ''
+ auth required pam_exec.so expose_authtok ${usershadow}/bin/verify_pam ${cfg.pattern}
auth required pam_permit.so
account required pam_permit.so
session required pam_permit.so
+ session required pam_env.so envfile=${config.system.build.pamEnvironment}
'';
};
@@ -38,7 +43,7 @@
"bytestring"
];
body = pkgs.writeHaskell "passwords" {
- executables.verify = {
+ executables.verify_pam = {
extra-depends = deps;
text = ''
import Data.Monoid
@@ -61,18 +66,42 @@
if res then exitSuccess else exitFailure
'';
};
+ executables.verify_arg = {
+ extra-depends = deps;
+ text = ''
+ import Data.Monoid
+ import System.IO
+ import Data.Char (chr)
+ import System.Environment (getEnv, getArgs)
+ import Crypto.PasswordStore (verifyPasswordWith, pbkdf2)
+ import qualified Data.ByteString.Char8 as BS8
+ import System.Exit (exitFailure, exitSuccess)
+
+ main :: IO ()
+ main = do
+ argsList <- getArgs
+ let shadowFilePattern = argsList !! 0
+ let user = argsList !! 1
+ let password = argsList !! 2
+ let shadowFile = lhs <> user <> tail rhs
+ (lhs, rhs) = span (/= '%') shadowFilePattern
+ hash <- readFile shadowFile
+ let res = verifyPasswordWith pbkdf2 (2^) (BS8.pack password) (BS8.pack hash)
+ if res then do (putStr "yes") else exitFailure
+ '';
+ };
executables.passwd = {
extra-depends = deps;
text = ''
import System.Environment (getEnv)
import Crypto.PasswordStore (makePasswordWith, pbkdf2)
import qualified Data.ByteString.Char8 as BS8
- import System.IO (stdin, hSetEcho, putStr)
+ import System.IO (stdin, hSetEcho, putStrLn)
main :: IO ()
main = do
home <- getEnv "HOME"
- putStr "password:"
+ putStrLn "password:"
hSetEcho stdin False
password <- BS8.hGetLine stdin
hash <- makePasswordWith pbkdf2 password 10