diff options
| -rw-r--r-- | debian/changelog | 8 | ||||
| -rw-r--r-- | src/Propellor/Property/User.hs | 8 |
2 files changed, 14 insertions, 2 deletions
diff --git a/debian/changelog b/debian/changelog index b6436d2c..12d88b96 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,11 @@ +propellor (4.0.7) UNRELEASED; urgency=medium + + * User.hasInsecurePassword makes sure shadow passwords are enabled, + so if the insecure password is later changed, the new password won't be + exposed. + + -- Joey Hess <id@joeyh.name> Tue, 20 Jun 2017 10:55:37 -0400 + propellor (4.0.6) unstable; urgency=medium * Fix bug that sometimes made --spin fail with diff --git a/src/Propellor/Property/User.hs b/src/Propellor/Property/User.hs index 0c7e48f2..ce2611bc 100644 --- a/src/Propellor/Property/User.hs +++ b/src/Propellor/Property/User.hs @@ -97,8 +97,12 @@ setPassword getpassword = getpassword $ go -- | Makes a user's password be the passed String. Highly insecure: -- The password is right there in your config file for anyone to see! hasInsecurePassword :: User -> String -> Property DebianLike -hasInsecurePassword u@(User n) p = property (n ++ " has insecure password") $ - chpasswd u p [] +hasInsecurePassword u@(User n) p = go + `requires` shadowConfig True + where + go :: Property DebianLike + go = property (n ++ " has insecure password") $ + chpasswd u p [] chpasswd :: User -> String -> [String] -> Propellor Result chpasswd (User user) v ps = makeChange $ withHandle StdinHandle createProcessSuccess |