From f55307fd73af235069744dd5155fda0bc73fe613 Mon Sep 17 00:00:00 2001
From: lassulus <git@lassul.us>
Date: Thu, 7 Sep 2023 12:26:31 +0200
Subject: lass: migrate away

---
 lass/3modules/usershadow.nix | 139 -------------------------------------------
 1 file changed, 139 deletions(-)
 delete mode 100644 lass/3modules/usershadow.nix

(limited to 'lass/3modules/usershadow.nix')

diff --git a/lass/3modules/usershadow.nix b/lass/3modules/usershadow.nix
deleted file mode 100644
index 094d37a36..000000000
--- a/lass/3modules/usershadow.nix
+++ /dev/null
@@ -1,139 +0,0 @@
-{ config, lib, pkgs, ... }@args: with import <stockholm/lib>; let
-
-  cfg = config.lass.usershadow;
-
-  out = {
-    options.lass.usershadow = api;
-    config = lib.mkIf cfg.enable imp;
-  };
-
-  api = {
-    enable = mkEnableOption "usershadow";
-    pattern = mkOption {
-      type = types.str;
-      default = "/home/%/.shadow";
-    };
-    path = mkOption {
-      type = types.str;
-    };
-  };
-
-  imp = {
-    environment.systemPackages = [ usershadow ];
-    lass.usershadow.path = "${usershadow}";
-    security.pam.services.sshd.text = ''
-      auth required pam_exec.so expose_authtok /run/wrappers/bin/shadow_verify_pam ${cfg.pattern}
-      auth required pam_permit.so
-      account required pam_permit.so
-      session required pam_permit.so
-    '';
-
-    security.pam.services.dovecot2.text = ''
-      auth required pam_exec.so expose_authtok /run/wrappers/bin/shadow_verify_pam ${cfg.pattern}
-      auth required pam_permit.so
-      account required pam_permit.so
-      session required pam_permit.so
-    '';
-
-    security.wrappers.shadow_verify_pam = {
-      setuid = true;
-      source = "${usershadow}/bin/verify_pam";
-      owner = "root";
-      group = "root";
-    };
-    security.wrappers.shadow_verify_arg = {
-      setuid = true;
-      source = "${usershadow}/bin/verify_arg";
-      owner = "root";
-      group = "root";
-    };
-  };
-
-  usershadow = let {
-    deps = [
-      "pwstore-fast"
-      "bytestring"
-    ];
-    body = pkgs.writeHaskellPackage "passwords" {
-      ghc-options = [
-        "-rtsopts"
-        "-Wall"
-      ];
-      executables.verify_pam = {
-        extra-depends = deps;
-        text = ''
-          import System.IO
-          import Data.Char (chr)
-          import System.Environment (getEnv, getArgs)
-          import Crypto.PasswordStore (verifyPasswordWith, pbkdf2)
-          import qualified Data.ByteString.Char8 as BS8
-          import System.Exit (exitFailure, exitSuccess)
-
-          main :: IO ()
-          main = do
-            user <- getEnv "PAM_USER"
-            shadowFilePattern <- head <$> getArgs
-            let shadowFile = lhs <> user <> tail rhs
-                (lhs, rhs) = span (/= '%') shadowFilePattern
-            hash <- readFile shadowFile
-            password <- takeWhile (/= (chr 0)) <$> hGetLine stdin
-            let res = verifyPasswordWith pbkdf2 (2^) (BS8.pack password) (BS8.pack hash)
-            if res then exitSuccess else exitFailure
-        '';
-      };
-      executables.verify_arg = {
-        extra-depends = deps;
-        text = ''
-          import System.Environment (getArgs)
-          import Crypto.PasswordStore (verifyPasswordWith, pbkdf2)
-          import qualified Data.ByteString.Char8 as BS8
-          import System.Exit (exitFailure, exitSuccess)
-
-          main :: IO ()
-          main = do
-            argsList <- getArgs
-            let shadowFilePattern = argsList !! 0
-            let user = argsList !! 1
-            let password = argsList !! 2
-            let shadowFile = lhs <> user <> tail rhs
-                (lhs, rhs) = span (/= '%') shadowFilePattern
-            hash <- readFile shadowFile
-            let res = verifyPasswordWith pbkdf2 (2^) (BS8.pack password) (BS8.pack hash)
-            if res then do (putStr "yes") else exitFailure
-        '';
-      };
-      executables.passwd = {
-        extra-depends = deps;
-        text = ''
-          import System.Environment (getEnv)
-          import Crypto.PasswordStore (makePasswordWith, pbkdf2)
-          import qualified Data.ByteString.Char8 as BS8
-          import System.IO (stdin, stdout, hSetEcho, hFlush, putStr, putStrLn)
-          import Control.Exception (bracket_)
-
-          main :: IO ()
-          main = do
-            home <- getEnv "HOME"
-            mb_password <- bracket_ (hSetEcho stdin False) (hSetEcho stdin True) $ do
-              putStr "Enter new UNIX password: "
-              hFlush stdout
-              password <- BS8.hGetLine stdin
-              putStrLn ""
-              putStr "Retype new UNIX password: "
-              hFlush stdout
-              password2 <- BS8.hGetLine stdin
-              return $ if password == password2
-                then Just password
-                else Nothing
-            case mb_password of
-              Just password -> do
-                hash <- makePasswordWith pbkdf2 password 10
-                BS8.writeFile (home ++ "/.shadow") hash
-                putStrLn "passwd: all authentication tokens updated successfully."
-              Nothing -> putStrLn "Sorry, passwords do not match"
-        '';
-      };
-    };
-  };
-
-in out
-- 
cgit v1.2.3

[cgit] Unable to lock slot /tmp/cgit/ff200000.lock: No such file or directory (2)