hasSomePassword and hasPassword now check to make sure shadow passwords are enabled.

2014-12-05 16:33:23 -04:00 · 2014-12-05 16:33:23 -04:00 · 527975dffe
parent 2559b23482
commit 527975dffe
4 changed files with 13 additions and 11 deletions
--- a/config-joey.hs
+++ b/config-joey.hs
@ -57,8 +57,7 @@ testvm = host "testvm.kitenet.net"
 	& os (System (Debian Unstable) "amd64")
 	& OS.cleanInstallOnce (OS.Confirmed "testvm.kitenet.net")
 	 	`onChange` propertyList "fixing up after clean install"
-	 		[ User.shadowConfig True
-			, OS.preserveRootSshAuthorized
+	 		[ OS.preserveRootSshAuthorized
 			, OS.preserveResolvConf
 			, Apt.update
 			, Grub.boots "/dev/sda"
--- a/debian/changelog
+++ b/debian/changelog
@ -21,6 +21,8 @@ propellor (1.1.0) UNRELEASED; urgency=medium
  * hasSomePassword and hasPassword now default to using the name of the
    host as the Context for the password. To specify a different context,
    use hasSomePassword' and hasPassword' (API change)
+  * hasSomePassword and hasPassword now check to make sure shadow passwords
+    are enabled.
  * cron.runPropellor now runs propellor, rather than using its Makefile.
    This is more robust.
  * propellor.debug can be set in the git config to enable more persistent
--- a/src/Propellor/Property/OS.hs
+++ b/src/Propellor/Property/OS.hs
@ -45,8 +45,7 @@ import Control.Exception (throw)
 -- > & os (System (Debian Unstable) "amd64")
 -- > & cleanInstallOnce (Confirmed "foo.example.com")
 -- >    `onChange` propertyList "fixing up after clean install"
-- >        [ User.shadowConfig True
-- >        , preserveNetworkInterfaces
+-- >        [ preserveNetworkInterfaces
 -- >        , preserveResolvConf
 -- >        , preserverRootSshAuthorized
 -- >        , Apt.update
--- a/src/Propellor/Property/User.hs
+++ b/src/Propellor/Property/User.hs
@ -44,13 +44,15 @@ hasPassword user = property (user ++ "has password") $ do
 	ensureProperty $ hasPassword' user (Context hostname)

 hasPassword' :: UserName -> Context -> Property
-hasPassword' user context = withPrivData (Password user) context $ \getpassword ->
-	property (user ++ " has password") $
-		getpassword $ \password -> makeChange $
-			withHandle StdinHandle createProcessSuccess
-				(proc "chpasswd" []) $ \h -> do
-					hPutStrLn h $ user ++ ":" ++ password
-					hClose h
+hasPassword' user context = go `requires` shadowConfig True
+  where
+	go = withPrivData (Password user) context $ \getpassword ->
+		property (user ++ " has password") $
+			getpassword $ \password -> makeChange $
+				withHandle StdinHandle createProcessSuccess
+					(proc "chpasswd" []) $ \h -> do
+						hPutStrLn h $ user ++ ":" ++ password
+						hClose h

 lockedPassword :: UserName -> Property
 lockedPassword user = check (not <$> isLockedPassword user) $ cmdProperty "passwd"