diff options
Diffstat (limited to 'src/Propellor/Property/User.hs')
| -rw-r--r-- | src/Propellor/Property/User.hs | 66 |
1 files changed, 33 insertions, 33 deletions
diff --git a/src/Propellor/Property/User.hs b/src/Propellor/Property/User.hs index 557875fb..add3ae52 100644 --- a/src/Propellor/Property/User.hs +++ b/src/Propellor/Property/User.hs @@ -7,31 +7,31 @@ import qualified Propellor.Property.File as File data Eep = YesReallyDeleteHome -accountFor :: UserName -> Property NoInfo -accountFor user = check (isNothing <$> catchMaybeIO (homedir user)) $ cmdProperty "adduser" +accountFor :: User -> Property NoInfo +accountFor user@(User u) = check (isNothing <$> catchMaybeIO (homedir user)) $ cmdProperty "adduser" [ "--disabled-password" , "--gecos", "" - , user + , u ] - `describe` ("account for " ++ user) + `describe` ("account for " ++ u) -- | Removes user home directory!! Use with caution. -nuked :: UserName -> Eep -> Property NoInfo -nuked user _ = check (isJust <$> catchMaybeIO (homedir user)) $ cmdProperty "userdel" +nuked :: User -> Eep -> Property NoInfo +nuked user@(User u) _ = check (isJust <$> catchMaybeIO (homedir user)) $ cmdProperty "userdel" [ "-r" - , user + , u ] - `describe` ("nuked user " ++ user) + `describe` ("nuked user " ++ u) -- | Only ensures that the user has some password set. It may or may -- not be a password from the PrivData. -hasSomePassword :: UserName -> Property HasInfo +hasSomePassword :: User -> Property HasInfo hasSomePassword user = hasSomePassword' user hostContext -- | While hasSomePassword uses the name of the host as context, -- this allows specifying a different context. This is useful when -- you want to use the same password on multiple hosts, for example. -hasSomePassword' :: IsContext c => UserName -> c -> Property HasInfo +hasSomePassword' :: IsContext c => User -> c -> Property HasInfo hasSomePassword' user context = check ((/= HasPassword) <$> getPasswordStatus user) $ hasPassword' user context @@ -41,18 +41,18 @@ hasSomePassword' user context = check ((/= HasPassword) <$> getPasswordStatus us -- A user's password can be stored in the PrivData in either of two forms; -- the full cleartext <Password> or a <CryptPassword> hash. The latter -- is obviously more secure. -hasPassword :: UserName -> Property HasInfo +hasPassword :: User -> Property HasInfo hasPassword user = hasPassword' user hostContext -hasPassword' :: IsContext c => UserName -> c -> Property HasInfo -hasPassword' user context = go `requires` shadowConfig True +hasPassword' :: IsContext c => User -> c -> Property HasInfo +hasPassword' (User u) context = go `requires` shadowConfig True where go = withSomePrivData srcs context $ - property (user ++ " has password") . setPassword + property (u ++ " has password") . setPassword srcs = - [ PrivDataSource (CryptPassword user) + [ PrivDataSource (CryptPassword u) "a crypt(3)ed password, which can be generated by, for example: perl -e 'print crypt(shift, q{$6$}.shift)' 'somepassword' 'somesalt'" - , PrivDataSource (Password user) ("a password for " ++ user) + , PrivDataSource (Password u) ("a password for " ++ u) ] setPassword :: (((PrivDataField, PrivData) -> Propellor Result) -> Propellor Result) -> Propellor Result @@ -67,32 +67,32 @@ setPassword getpassword = getpassword $ go hPutStrLn h $ user ++ ":" ++ v hClose h -lockedPassword :: UserName -> Property NoInfo -lockedPassword user = check (not <$> isLockedPassword user) $ cmdProperty "passwd" +lockedPassword :: User -> Property NoInfo +lockedPassword user@(User u) = check (not <$> isLockedPassword user) $ cmdProperty "passwd" [ "--lock" - , user + , u ] - `describe` ("locked " ++ user ++ " password") + `describe` ("locked " ++ u ++ " password") data PasswordStatus = NoPassword | LockedPassword | HasPassword deriving (Eq) -getPasswordStatus :: UserName -> IO PasswordStatus -getPasswordStatus user = parse . words <$> readProcess "passwd" ["-S", user] +getPasswordStatus :: User -> IO PasswordStatus +getPasswordStatus (User u) = parse . words <$> readProcess "passwd" ["-S", u] where parse (_:"L":_) = LockedPassword parse (_:"NP":_) = NoPassword parse (_:"P":_) = HasPassword parse _ = NoPassword -isLockedPassword :: UserName -> IO Bool +isLockedPassword :: User -> IO Bool isLockedPassword user = (== LockedPassword) <$> getPasswordStatus user -homedir :: UserName -> IO FilePath -homedir user = homeDirectory <$> getUserEntryForName user +homedir :: User -> IO FilePath +homedir (User user) = homeDirectory <$> getUserEntryForName user -hasGroup :: UserName -> GroupName -> Property NoInfo -hasGroup user group' = check test $ cmdProperty "adduser" +hasGroup :: User -> Group -> Property NoInfo +hasGroup (User user) (Group group') = check test $ cmdProperty "adduser" [ user , group' ] @@ -114,16 +114,16 @@ shadowExists = doesFileExist "/etc/shadow" -- | Ensures that a user has a specified login shell, and that the shell -- is enabled in /etc/shells. -hasLoginShell :: UserName -> FilePath -> Property NoInfo +hasLoginShell :: User -> FilePath -> Property NoInfo hasLoginShell user loginshell = shellSetTo user loginshell `requires` shellEnabled loginshell -shellSetTo :: UserName -> FilePath -> Property NoInfo -shellSetTo user loginshell = check needchangeshell $ - cmdProperty "chsh" ["--shell", loginshell, user] - `describe` (user ++ " has login shell " ++ loginshell) +shellSetTo :: User -> FilePath -> Property NoInfo +shellSetTo (User u) loginshell = check needchangeshell $ + cmdProperty "chsh" ["--shell", loginshell, u] + `describe` (u ++ " has login shell " ++ loginshell) where needchangeshell = do - currshell <- userShell <$> getUserEntryForName user + currshell <- userShell <$> getUserEntryForName u return (currshell /= loginshell) -- | Ensures that /etc/shells contains a shell. |