From 380c1b0fd6c25dec3c924b82f1d721aa91a001da Mon Sep 17 00:00:00 2001
From: Joey Hess <joey@kitenet.net>
Date: Sun, 30 Mar 2014 23:37:54 -0400
Subject: prepare for hackage

---
 Propellor/Property/User.hs | 61 ++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 61 insertions(+)
 create mode 100644 Propellor/Property/User.hs

(limited to 'Propellor/Property/User.hs')

diff --git a/Propellor/Property/User.hs b/Propellor/Property/User.hs
new file mode 100644
index 00000000..2d2118cc
--- /dev/null
+++ b/Propellor/Property/User.hs
@@ -0,0 +1,61 @@
+module Propellor.Property.User where
+
+import System.Posix
+
+import Propellor.Common
+
+data Eep = YesReallyDeleteHome
+
+sshAccountFor :: UserName -> Property
+sshAccountFor user = check (isNothing <$> homedir user) $ cmdProperty "adduser"
+	[ Param "--disabled-password"
+	, Param "--gecos", Param ""
+	, Param user
+	]
+	`describe` ("ssh account " ++ user)
+
+{- | Removes user home directory!! Use with caution. -}
+nuked :: UserName -> Eep -> Property
+nuked user _ = check (isJust <$> homedir user) $ cmdProperty "userdel"
+	[ Param "-r"
+	, Param user
+	]
+	`describe` ("nuked user " ++ user)
+
+{- | Only ensures that the user has some password set. It may or may
+ - not be the password from the PrivData. -}
+hasSomePassword :: UserName -> Property
+hasSomePassword user = check ((/= HasPassword) <$> getPasswordStatus user) $
+	hasPassword user
+
+hasPassword :: UserName -> Property
+hasPassword user = Property (user ++ " has password") $
+	withPrivData (Password user) $ \password -> makeChange $
+		withHandle StdinHandle createProcessSuccess
+			(proc "chpasswd" []) $ \h -> do
+				hPutStrLn h $ user ++ ":" ++ password
+				hClose h
+
+lockedPassword :: UserName -> Property
+lockedPassword user = check (not <$> isLockedPassword user) $ cmdProperty "passwd"
+	[ Param "--lock"
+	, Param user
+	]
+	`describe` ("locked " ++ user ++ " password")
+
+data PasswordStatus = NoPassword | LockedPassword | HasPassword
+	deriving (Eq)
+
+getPasswordStatus :: UserName -> IO PasswordStatus
+getPasswordStatus user = parse . words <$> readProcess "passwd" ["-S", user]
+  where
+	parse (_:"L":_) = LockedPassword
+	parse (_:"NP":_) = NoPassword
+	parse (_:"P":_) = HasPassword
+	parse _ = NoPassword
+
+isLockedPassword :: UserName -> IO Bool
+isLockedPassword user = (== LockedPassword) <$> getPasswordStatus user
+
+homedir :: UserName -> IO (Maybe FilePath)
+homedir user = catchMaybeIO $ homeDirectory <$> getUserEntryForName user
-- 
cgit v1.3-2-g0d8e