From 5ecad8f4c59a2908fc0c71e3be3324c088d7c1e7 Mon Sep 17 00:00:00 2001 From: Sean Whitton Date: Tue, 25 May 2021 13:10:20 -0700 Subject: add USER:HAS-ENABLED-PASSWORD Signed-off-by: Sean Whitton --- src/package.lisp | 1 + src/property/user.lisp | 14 ++++++++++++++ 2 files changed, 15 insertions(+) diff --git a/src/package.lisp b/src/package.lisp index 9b39949..9569cf6 100644 --- a/src/package.lisp +++ b/src/package.lisp @@ -354,6 +354,7 @@ (:local-nicknames (#:file #:consfigurator.property.file)) (:export #:has-account #:has-login-shell + #:has-enabled-password #:passwd-entry)) (defpackage :consfigurator.property.chroot diff --git a/src/property/user.lisp b/src/property/user.lisp index 9aab625..b10b258 100644 --- a/src/property/user.lisp +++ b/src/property/user.lisp @@ -39,6 +39,20 @@ Note that this uses getent(1) and so is not strictly POSIX-compatible." (file:contains-lines "/etc/shells" shell) (mrun "chsh" "--shell" shell username))) +(defprop has-enabled-password :posix (username initial-password) + "Ensures that it is possible to login as USERNAME; if this requires enabling +the account's password, also set it to INITIAL-PASSWORD. +The main purpose of this property is to ensure that in a freshly installed +system it will be possible to log in. The password should usually be changed +to something which is not stored in plain text in your consfig right after, +and then this property will do nothing." + (:desc #?"${username} has an enabled password") + (:check + (declare (ignore initial-password)) + (string= "P" (cadr (split-string (run "passwd" "-S" username))))) + (:apply + (mrun :input (format nil "~A:~A" username initial-password) "chpasswd"))) + (defun passwd-entry (n username-or-uid) "Get the nth entry in the getent(1) output for USERNAME-OR-UID. Note that getent(1) is not specified in POSIX so use of this function makes -- cgit v1.2.3