[PATCH 3/7] gnu: Allow OS configurations to add PAM session modules

all messages for Guix-related lists mirrored at yhetil.org
 help / color / mirror / code / Atom feed

From: Andy Wingo <wingo@igalia.com>
To: guix-devel@gnu.org
Subject: [PATCH 3/7] gnu: Allow OS configurations to add PAM session modules
Date: Tue, 18 Aug 2015 10:22:16 +0200	[thread overview]
Message-ID: <1439894045.491759.5255@rusty> (raw)

* gnu/services/base.scm (mingetty-service):
* gnu/system/linux.scm (unix-pam-service, base-pam-services): Add
  #:additional-session-modules keyword argument.
---
 gnu/services/base.scm |  6 ++++--
 gnu/system/linux.scm  | 27 ++++++++++++++++-----------
 2 files changed, 20 insertions(+), 13 deletions(-)

diff --git a/gnu/services/base.scm b/gnu/services/base.scm
index 888e446..60dc93b 100644
--- a/gnu/services/base.scm
+++ b/gnu/services/base.scm
@@ -364,7 +364,8 @@ stopped before 'kill' is called."
                            ;; Allow empty passwords by default so that
                            ;; first-time users can log in when the 'root'
                            ;; account has just been created.
-                           (allow-empty-passwords? #t))
+                           (allow-empty-passwords? #t)
+                           (additional-session-modules '()))
   "Return a service to run mingetty on @var{tty}.
 
 When @var{allow-empty-passwords?} is true, allow empty log-in password.  When
@@ -416,7 +417,8 @@ the ``message of the day''."
        ;; duplicates are removed.
        (list (unix-pam-service "login"
                                #:allow-empty-passwords? allow-empty-passwords?
-                               #:motd motd)))))))
+                               #:motd motd
+                               #:additional-session-modules additional-session-modules)))))))
 
 (define-record-type* <nscd-configuration> nscd-configuration
   make-nscd-configuration
diff --git a/gnu/system/linux.scm b/gnu/system/linux.scm
index aaaa8c6..d6a9959 100644
--- a/gnu/system/linux.scm
+++ b/gnu/system/linux.scm
@@ -133,7 +133,8 @@ dumped in /etc/pam.d/NAME, where NAME is the name of SERVICE."
   (let ((unix (pam-entry
                (control "required")
                (module "pam_unix.so"))))
-    (lambda* (name #:key allow-empty-passwords? motd)
+    (lambda* (name #:key allow-empty-passwords? motd
+                   (additional-session-modules '()))
       "Return a standard Unix-style PAM service for NAME.  When
 ALLOW-EMPTY-PASSWORDS? is true, allow empty passwords.  When MOTD is true, it
 should be the name of a file used as the message-of-the-day."
@@ -149,14 +150,16 @@ should be the name of a file used as the message-of-the-day."
                           (arguments '("nullok")))
                          unix)))
          (password (list unix))
-         (session (if motd
-                      (list unix
-                            (pam-entry
-                             (control "optional")
-                             (module "pam_motd.so")
-                             (arguments
-                              (list #~(string-append "motd=" #$motd)))))
-                      (list unix))))))))
+         (session (append
+                   (if motd
+                       (list unix
+                             (pam-entry
+                              (control "optional")
+                              (module "pam_motd.so")
+                              (arguments
+                               (list #~(string-append "motd=" #$motd)))))
+                       (list unix))
+                   additional-session-modules)))))))
 
 (define (rootok-pam-service command)
   "Return a PAM service for COMMAND such that 'root' does not need to
@@ -173,14 +176,16 @@ authenticate to run COMMAND."
      (password (list unix))
      (session (list unix)))))
 
-(define* (base-pam-services #:key allow-empty-passwords?)
+(define* (base-pam-services #:key allow-empty-passwords?
+                            (additional-session-modules '()))
   "Return the list of basic PAM services everyone would want."
   ;; TODO: Add other Shadow programs?
   (append (list %pam-other-services)
 
           ;; These programs are setuid-root.
           (map (cut unix-pam-service <>
-                    #:allow-empty-passwords? allow-empty-passwords?)
+                    #:allow-empty-passwords? allow-empty-passwords?
+                    #:additional-session-modules additional-session-modules)
                '("su" "passwd" "sudo"
                  "xlock" "xscreensaver"))
 
-- 
2.4.3

                 reply	other threads:[~2015-08-18 10:34 UTC|newest]

Thread overview: [no followups] expand[flat|nested]  mbox.gz  Atom feed

find likely ancestor, descendant, or conflicting patches for this message:
( dfblob:888e446 dfblob:60dc93b dfblob:aaaa8c6 dfblob:d6a9959 )
 OR (
bs:"[PATCH 3/7] gnu: Allow OS configurations to add PAM session modules" )
	(help)

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=1439894045.491759.5255@rusty \
    --to=wingo@igalia.com \
    --cc=guix-devel@gnu.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

Code repositories for project(s) associated with this external index

	https://git.savannah.gnu.org/cgit/guix.git

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.