public/nixpkgs
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

nixos/users-groups: add assertion for ":" in hashes

Browse Source
This commit is contained in:
rnhmjoj 2020-06-25 02:00:56 +02:00
parent 751c2ed6e4
commit 99899e2e46
No known key found for this signature in database
GPG Key ID: BFBAF4C975F76450
1 changed files with 11 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
nixos/modules/config/users-groups.nix
View File

@ -606,7 +606,17 @@ in {
Neither the root account nor any wheel user has a password or SSH authorized key. Neither the root account nor any wheel user has a password or SSH authorized key.
You must set one to prevent being locked out of your system.''; You must set one to prevent being locked out of your system.'';
} }
]; ] ++ flip mapAttrsToList cfg.users (name: user:
{
assertion = (user.hashedPassword != null)
-> (builtins.match ".*:.*" user.hashedPassword == null);
message = ''
The password hash of user "${name}" contains a ":" character.
This is invalid and would break the login system because the fields
of /etc/shadow (file where hashes are stored) are colon-separated.
Please check the value of option `users.users."${name}".hashedPassword`.'';
}
);
warnings = warnings =
builtins.filter (x: x != null) ( builtins.filter (x: x != null) (