user-groups: Sidestep all password escaping issues

Now passwords are written to a file first
2014-02-10 10:12:34 -05:00 · 2014-02-10 10:12:34 -05:00 · 80cc2697b1
commit 80cc2697b1
parent 3dc6168b31
1 changed files with 8 additions and 11 deletions
--- a/nixos/modules/config/users-groups.nix
+++ b/nixos/modules/config/users-groups.nix
@ -403,24 +403,21 @@ in
      let
        mkhomeUsers = filterAttrs (n: u: u.createHome) cfg.extraUsers;
        setpwUsers = filterAttrs (n: u: u.createUser) cfg.extraUsers;
+        pwFile = u: if !(isNull u.hashedPassword)
+          then pkgs.writeTextFile { name = "password-file"; text = u.hashedPassword; }
+          else if !(isNull u.password)
+          then pkgs.runCommand "password-file" { pw = u.password; } ''
+            echo -n "$pw" | ${pkgs.mkpasswd}/bin/mkpasswd -s > $out
+          '' else u.passwordFile;
        setpw = n: u: ''
          setpw=yes
          ${optionalString cfg.mutableUsers ''
            test "$(getent shadow '${u.name}' | cut -d: -f2)" != "x" && setpw=no
          ''}
          if [ "$setpw" == "yes" ]; then
-            ${if !(isNull u.hashedPassword)
+            ${if !(isNull (pwFile u))
              then ''
-                echo '${u.name}:${u.hashedPassword}' | \
-                  ${pkgs.shadow}/sbin/chpasswd -e''
-              else if u.password == ""
-              then "passwd -d '${u.name}' &>/dev/null"
-              else if !(isNull u.password)
-              then ''
-                echo '${u.name}:${u.password}' | ${pkgs.shadow}/sbin/chpasswd''
-              else if !(isNull u.passwordFile)
-              then ''
-                echo -n "${u.name}:" | cat - "${u.passwordFile}" | \
+                echo -n "${u.name}:" | cat - "${pwFile u}" | \
                  ${pkgs.shadow}/sbin/chpasswd -e
              ''
              else "passwd -l '${u.name}' &>/dev/null"