User.hasInsecurePassword makes sure shadow passwords are enabled

So if the insecure password is later changed, the new password won't be
exposed.

2 files changed, 14 insertions, 2 deletions

diff --git a/debian/changelog b/debian/changelog
index b6436d2c..12d88b96 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,11 @@
+propellor (4.0.7) UNRELEASED; urgency=medium
+
+  * User.hasInsecurePassword makes sure shadow passwords are enabled,
+    so if the insecure password is later changed, the new password won't be
+    exposed.
+
+ -- Joey Hess <id@joeyh.name>  Tue, 20 Jun 2017 10:55:37 -0400
+
 propellor (4.0.6) unstable; urgency=medium
 
   * Fix bug that sometimes made --spin fail with 
diff --git a/src/Propellor/Property/User.hs b/src/Propellor/Property/User.hs
index 0c7e48f2..ce2611bc 100644
--- a/src/Propellor/Property/User.hs
+++ b/src/Propellor/Property/User.hs
@@ -97,8 +97,12 @@ setPassword getpassword = getpassword $ go
 -- | Makes a user's password be the passed String. Highly insecure:
 -- The password is right there in your config file for anyone to see!
 hasInsecurePassword :: User -> String -> Property DebianLike
-hasInsecurePassword u@(User n) p = property (n ++ " has insecure password") $
-	chpasswd u p []
+hasInsecurePassword u@(User n) p = go
+	`requires` shadowConfig True
+  where
+	go :: Property DebianLike
+	go = property (n ++ " has insecure password") $
+		chpasswd u p []
 
 chpasswd :: User -> String -> [String] -> Propellor Result
 chpasswd (User user) v ps = makeChange $ withHandle StdinHandle createProcessSuccess