From 5980d130c9bb85a2d1110fa15abcf263b572b097 Mon Sep 17 00:00:00 2001
From: Nicolas Pierron <nicolas.b.pierron@gmail.com>
Date: Wed, 19 Aug 2009 15:04:05 +0000
Subject: [PATCH] Check sshd.permitRootLogin values.

svn path=/nixos/trunk/; revision=16769
---
 modules/services/networking/ssh/sshd.nix | 11 ++++++-----
 1 file changed, 6 insertions(+), 5 deletions(-)

diff --git a/modules/services/networking/ssh/sshd.nix b/modules/services/networking/ssh/sshd.nix
index a3ca7d84c46..4cce11a8145 100644
--- a/modules/services/networking/ssh/sshd.nix
+++ b/modules/services/networking/ssh/sshd.nix
@@ -31,11 +31,11 @@ let
       GatewayPorts ${cfg.gatewayPorts}
     '';
 
-  # !!! is this assertion evaluated anywhere???
-  assertion = cfg.permitRootLogin == "yes" ||
-       cfg.permitRootLogin == "without-password" ||
-       cfg.permitRootLogin == "forced-commands-only" ||
-       cfg.permitRootLogin == "no";
+  permitRootLoginCheck = v:
+    v == "yes" ||
+    v == "without-password" ||
+    v == "forced-commands-only" ||
+    v == "no";
 
 in
 
@@ -73,6 +73,7 @@ in
 
       permitRootLogin = mkOption {
         default = "yes";
+        check = permitRootLoginCheck;
         description = ''
           Whether the root user can login using ssh. Valid values are
           <literal>yes</literal>, <literal>without-password</literal>,