diff options
author | rnhmjoj <rnhmjoj@inventati.org> | 2020-06-25 02:00:56 +0200 |
---|---|---|
committer | rnhmjoj <rnhmjoj@inventati.org> | 2020-07-04 12:21:49 +0200 |
commit | 99899e2e464845da34638ab35125943e8445bce0 (patch) | |
tree | 60439d7f82f237e3efd16165a72f52c25549b90c /nixos/modules/config | |
parent | 751c2ed6e4af9e525fe57b7c0f0ee8a611eab9fa (diff) | |
download | nixpkgs-99899e2e464845da34638ab35125943e8445bce0.tar nixpkgs-99899e2e464845da34638ab35125943e8445bce0.tar.gz nixpkgs-99899e2e464845da34638ab35125943e8445bce0.tar.bz2 nixpkgs-99899e2e464845da34638ab35125943e8445bce0.tar.lz nixpkgs-99899e2e464845da34638ab35125943e8445bce0.tar.xz nixpkgs-99899e2e464845da34638ab35125943e8445bce0.tar.zst nixpkgs-99899e2e464845da34638ab35125943e8445bce0.zip |
nixos/users-groups: add assertion for ":" in hashes
Diffstat (limited to 'nixos/modules/config')
-rw-r--r-- | nixos/modules/config/users-groups.nix | 12 |
1 files changed, 11 insertions, 1 deletions
diff --git a/nixos/modules/config/users-groups.nix b/nixos/modules/config/users-groups.nix index e06514bd934..cca87d8b4a5 100644 --- a/nixos/modules/config/users-groups.nix +++ b/nixos/modules/config/users-groups.nix @@ -606,7 +606,17 @@ in { Neither the root account nor any wheel user has a password or SSH authorized key. You must set one to prevent being locked out of your system.''; } - ]; + ] ++ flip mapAttrsToList cfg.users (name: user: + { + assertion = (user.hashedPassword != null) + -> (builtins.match ".*:.*" user.hashedPassword == null); + message = '' + The password hash of user "${name}" contains a ":" character. + This is invalid and would break the login system because the fields + of /etc/shadow (file where hashes are stored) are colon-separated. + Please check the value of option `users.users."${name}".hashedPassword`.''; + } + ); warnings = builtins.filter (x: x != null) ( |