1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
| | ;;; GNU Guix --- Functional package management for GNU
;;; Copyright © 2019 Guillaume Le Vaillant <glv@posteo.net>
;;;
;;; This file is part of GNU Guix.
;;;
;;; GNU Guix is free software; you can redistribute it and/or modify it
;;; under the terms of the GNU General Public License as published by
;;; the Free Software Foundation; either version 3 of the License, or (at
;;; your option) any later version.
;;;
;;; GNU Guix is distributed in the hope that it will be useful, but
;;; WITHOUT ANY WARRANTY; without even the implied warranty of
;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
;;; GNU General Public License for more details.
;;;
;;; You should have received a copy of the GNU General Public License
;;; along with GNU Guix. If not, see <http://www.gnu.org/licenses/>.
(define-module (gnu services pam-mount)
#:use-module (gnu packages admin)
#:use-module (gnu services)
#:use-module (gnu services configuration)
#:use-module (gnu system pam)
#:use-module (guix gexp)
#:use-module (guix records)
#:export (pam-mount-configuration
pam-mount-configuration?
pam-mount-service-type))
(define %pam-mount-default-configuration
(plain-file "pam_mount.conf.xml"
"<?xml version=\"1.0\" encoding=\"utf-8\" ?>
<!DOCTYPE pam_mount SYSTEM \"pam_mount.conf.xml.dtd\">
<pam_mount>
<debug enable=\"0\" />
<mntoptions
allow=\"nosuid,nodev,loop,encryption,fsck,nonempty,allow_root,allow_other\" />
<mntoptions require=\"nosuid,nodev\" />
<logout wait=\"0\" hup=\"no\" term=\"no\" kill=\"no\" />
<mkmountpoint enable=\"1\" remove=\"true\" />
</pam_mount>\n"))
(define-record-type* <pam-mount-configuration>
pam-mount-configuration
make-pam-mount-configuration
pam-mount-configuration?
(file pam-mount-configuration-file
(default %pam-mount-default-configuration)))
(define (pam-mount-etc-service config)
`(("security/pam_mount.conf.xml" ,(pam-mount-configuration-file config))))
(define (pam-mount-pam-service config)
(define optional-pam-mount
(pam-entry
(control "optional")
(module #~(string-append #$pam-mount "/lib/security/pam_mount.so"))))
(list (lambda (pam)
(if (member (pam-service-name pam)
'("login" "su" "slim" "gdm-password"))
(pam-service
(inherit pam)
(auth (append (pam-service-auth pam)
(list optional-pam-mount)))
(session (append (pam-service-session pam)
(list optional-pam-mount))))
pam))))
(define pam-mount-service-type
(service-type
(name 'pam-mount)
(extensions (list (service-extension etc-service-type
pam-mount-etc-service)
(service-extension pam-root-service-type
pam-mount-pam-service)))
(default-value (pam-mount-configuration))))
|