mirror of
https://github.com/ilyakooo0/nixpkgs.git
synced 2024-12-26 21:33:03 +03:00
Properly escape passwords sent to chpasswd
The mutableUsers feature uses `chpasswd` to set users passwords. Passwords and their hashes were being piped into the program using double quotes ("") to escape. This causes any `$` characters to be expanded as shell variables. This is a serious problem because all the password hash methods besides DES use multiple `$` in the hashes. Single quotes ('') should be used instead to prevent shell variable expansion.
This commit is contained in:
parent
6a8cc9ab11
commit
3dc6168b31
@ -411,13 +411,13 @@ in
|
|||||||
if [ "$setpw" == "yes" ]; then
|
if [ "$setpw" == "yes" ]; then
|
||||||
${if !(isNull u.hashedPassword)
|
${if !(isNull u.hashedPassword)
|
||||||
then ''
|
then ''
|
||||||
echo "${u.name}:${u.hashedPassword}" | \
|
echo '${u.name}:${u.hashedPassword}' | \
|
||||||
${pkgs.shadow}/sbin/chpasswd -e''
|
${pkgs.shadow}/sbin/chpasswd -e''
|
||||||
else if u.password == ""
|
else if u.password == ""
|
||||||
then "passwd -d '${u.name}' &>/dev/null"
|
then "passwd -d '${u.name}' &>/dev/null"
|
||||||
else if !(isNull u.password)
|
else if !(isNull u.password)
|
||||||
then ''
|
then ''
|
||||||
echo "${u.name}:${u.password}" | ${pkgs.shadow}/sbin/chpasswd''
|
echo '${u.name}:${u.password}' | ${pkgs.shadow}/sbin/chpasswd''
|
||||||
else if !(isNull u.passwordFile)
|
else if !(isNull u.passwordFile)
|
||||||
then ''
|
then ''
|
||||||
echo -n "${u.name}:" | cat - "${u.passwordFile}" | \
|
echo -n "${u.name}:" | cat - "${u.passwordFile}" | \
|
||||||
|
Loading…
Reference in New Issue
Block a user