User.hasInsecurePassword makes sure shadow passwords are enabled

So if the insecure password is later changed, the new password won't be exposed.
author: Joey Hess <joeyh@joeyh.name> 2017-06-20 10:57:47 -0400
committer: Joey Hess <joeyh@joeyh.name> 2017-06-20 10:57:47 -0400
commit: b79f9d9539ea7a6d97bd259c0ecfa2f45cb1d9c8 (patch)
tree: 2eefbe80ab8f683b6b28078c2de72f56b025f9b8 /src/Propellor/Property/User.hs
parent: 727e7f8224f62f338db378852f5da478696da260 (diff)
1 files changed, 6 insertions, 2 deletions
diff --git a/src/Propellor/Property/User.hs b/src/Propellor/Property/User.hs
index 0c7e48f2..ce2611bc 100644
--- a/src/Propellor/Property/User.hs
+++ b/src/Propellor/Property/User.hs
@@ -97,8 +97,12 @@ setPassword getpassword = getpassword $ go
 -- | Makes a user's password be the passed String. Highly insecure:
 -- The password is right there in your config file for anyone to see!
 hasInsecurePassword :: User -> String -> Property DebianLike
-hasInsecurePassword u@(User n) p = property (n ++ " has insecure password") $
-	chpasswd u p []
+hasInsecurePassword u@(User n) p = go
+	`requires` shadowConfig True
+  where
+	go :: Property DebianLike
+	go = property (n ++ " has insecure password") $
+		chpasswd u p []
 
 chpasswd :: User -> String -> [String] -> Propellor Result
 chpasswd (User user) v ps = makeChange $ withHandle StdinHandle createProcessSuccess
author	Joey Hess <joeyh@joeyh.name>	2017-06-20 10:57:47 -0400
committer	Joey Hess <joeyh@joeyh.name>	2017-06-20 10:57:47 -0400
commit	b79f9d9539ea7a6d97bd259c0ecfa2f45cb1d9c8 (patch)
tree	2eefbe80ab8f683b6b28078c2de72f56b025f9b8 /src/Propellor/Property/User.hs
parent	727e7f8224f62f338db378852f5da478696da260 (diff)