commit 32e7482074ecc3d7be079e8ed87cd74c7986f202 · pyrox.dev/nixpkgs

+1 -1

nixos/modules/config/users-groups.nix

···

       697
        
                 value = "[a-zA-Z0-9/+.-]+";

     

       698
        
                 options = "${id}(=${value})?(,${id}=${value})*";

     

       699
        
                 scheme  = "${id}(${sep}${options})?";

     

       700
       -
                 content = "${base64}${sep}${base64}";

     

       701
        
                 mcf = "^${sep}${scheme}${sep}${content}$";

     

       702
        
               in

     

       703
        
               if (allowsLogin user.hashedPassword

···

       697
        
                 value = "[a-zA-Z0-9/+.-]+";

     

       698
        
                 options = "${id}(=${value})?(,${id}=${value})*";

     

       699
        
                 scheme  = "${id}(${sep}${options})?";

     

       700
       +
                 content = "${base64}${sep}${base64}(${sep}${base64})?";

     

       701
        
                 mcf = "^${sep}${scheme}${sep}${content}$";

     

       702
        
               in

     

       703
        
               if (allowsLogin user.hashedPassword

+30

nixos/tests/shadow.nix

···

       3
        
         password2 = "helloworld";

     

       4
        
         password3 = "bazqux";

     

       5
        
         password4 = "asdf123";

     

       0
        
       
     

       0
        
       
     

       6
        
       in import ./make-test-python.nix ({ pkgs, ... }: {

     

       7
        
         name = "shadow";

     

       8
        
         meta = with pkgs.lib.maintainers; { maintainers = [ nequissimus ]; };

     
···

       25
        
             users.ash = {

     

       26
        
               isNormalUser = true;

     

       27
        
               password = password4;

     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       28
        
               shell = pkgs.bash;

     

       29
        
             };

     

       30
        
           };

     
···

       115
        
               shadow.wait_until_succeeds("pgrep login")

     

       116
        
               shadow.send_chars("${password2}\n")

     

       117
        
               shadow.wait_until_tty_matches("5", "login:")

     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       118
        
         '';

     

       119
        
       })

···

       3
        
         password2 = "helloworld";

     

       4
        
         password3 = "bazqux";

     

       5
        
         password4 = "asdf123";

     

       6
       +
         hashed_bcrypt = "$2b$05$8xIEflrk2RxQtcVXbGIxs.Vl0x7dF1/JSv3cyX6JJt0npzkTCWvxK"; # fnord

     

       7
       +
         hashed_yeshash = "$y$j9T$d8Z4EAf8P1SvM/aDFbxMS0$VnTXMp/Hnc7QdCBEaLTq5ZFOAFo2/PM0/xEAFuOE88."; # fnord

     

       8
        
       in import ./make-test-python.nix ({ pkgs, ... }: {

     

       9
        
         name = "shadow";

     

       10
        
         meta = with pkgs.lib.maintainers; { maintainers = [ nequissimus ]; };

     
···

       27
        
             users.ash = {

     

       28
        
               isNormalUser = true;

     

       29
        
               password = password4;

     

       30
       +
               shell = pkgs.bash;

     

       31
       +
             };

     

       32
       +
             users.berta = {

     

       33
       +
               isNormalUser = true;

     

       34
       +
               hashedPassword = hashed_bcrypt;

     

       35
       +
               shell = pkgs.bash;

     

       36
       +
             };

     

       37
       +
             users.yesim = {

     

       38
       +
               isNormalUser = true;

     

       39
       +
               hashedPassword = hashed_yeshash;

     

       40
        
               shell = pkgs.bash;

     

       41
        
             };

     

       42
        
           };

     
···

       127
        
               shadow.wait_until_succeeds("pgrep login")

     

       128
        
               shadow.send_chars("${password2}\n")

     

       129
        
               shadow.wait_until_tty_matches("5", "login:")

     

       130
       +
       

     

       131
       +
           with subtest("check alternate password hashes"):

     

       132
       +
               shadow.send_key("alt-f6")

     

       133
       +
               shadow.wait_until_succeeds("[ $(fgconsole) = 6 ]")

     

       134
       +
               for u in ["berta", "yesim"]:

     

       135
       +
                   shadow.wait_for_unit("getty@tty6.service")

     

       136
       +
                   shadow.wait_until_succeeds("pgrep -f 'agetty.*tty6'")

     

       137
       +
                   shadow.wait_until_tty_matches("6", "login: ")

     

       138
       +
                   shadow.send_chars(f"{u}\n")

     

       139
       +
                   shadow.wait_until_tty_matches("6", f"login: {u}")

     

       140
       +
                   shadow.wait_until_succeeds("pgrep login")

     

       141
       +
                   shadow.sleep(2)

     

       142
       +
                   shadow.send_chars("fnord\n")

     

       143
       +
                   shadow.send_chars(f"whoami > /tmp/{u}\n")

     

       144
       +
                   shadow.wait_for_file(f"/tmp/{u}")

     

       145
       +
                   print(shadow.succeed(f"cat /tmp/{u}"))

     

       146
       +
                   assert u in shadow.succeed(f"cat /tmp/{u}")

     

       147
       +
                   shadow.send_chars("logout\n")

     

       148
        
         '';

     

       149
        
       })