From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mp12.migadu.com ([2001:41d0:8:6d80::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by ms5.migadu.com with LMTPS id 6PDIIZkM42JTswAAbAwnHQ (envelope-from ) for ; Fri, 29 Jul 2022 00:24:25 +0200 Received: from aspmx1.migadu.com ([2001:41d0:8:6d80::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by mp12.migadu.com with LMTPS id cBicIZkM42IPrAAAauVa8A (envelope-from ) for ; Fri, 29 Jul 2022 00:24:25 +0200 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by aspmx1.migadu.com (Postfix) with ESMTPS id 4C76BFFE8 for ; Fri, 29 Jul 2022 00:24:25 +0200 (CEST) Received: from localhost ([::1]:54156 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1oHBvc-0002Zp-0e for larch@yhetil.org; Thu, 28 Jul 2022 18:24:24 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:49620) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1oHBvI-00028C-H4 for guix-patches@gnu.org; Thu, 28 Jul 2022 18:24:04 -0400 Received: from debbugs.gnu.org ([209.51.188.43]:41588) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1oHBvI-0002CY-8K for guix-patches@gnu.org; Thu, 28 Jul 2022 18:24:04 -0400 Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1oHBvI-00048a-3T for guix-patches@gnu.org; Thu, 28 Jul 2022 18:24:04 -0400 X-Loop: help-debbugs@gnu.org Subject: [bug#54561] [PATCH v3 4/4] services: Add wsdd service. Resent-From: simon@netpanic.org Original-Sender: "Debbugs-submit" Resent-CC: guix-patches@gnu.org Resent-Date: Thu, 28 Jul 2022 22:24:04 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 54561 X-GNU-PR-Package: guix-patches X-GNU-PR-Keywords: patch To: 54561@debbugs.gnu.org Cc: Simon Streit Received: via spool by 54561-submit@debbugs.gnu.org id=B54561.165904701315837 (code B ref 54561); Thu, 28 Jul 2022 22:24:04 +0000 Received: (at 54561) by debbugs.gnu.org; 28 Jul 2022 22:23:33 +0000 Received: from localhost ([127.0.0.1]:59566 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1oHBum-00047H-On for submit@debbugs.gnu.org; Thu, 28 Jul 2022 18:23:33 -0400 Received: from smtprelay03.ispgateway.de ([80.67.31.30]:37067) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1oHBuf-00046X-Re for 54561@debbugs.gnu.org; Thu, 28 Jul 2022 18:23:26 -0400 Received: from [93.195.164.19] (helo=motorball.wh6.home.arpa) by smtprelay03.ispgateway.de with esmtpsa (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (Exim 4.94.2) (envelope-from ) id 1oHBvB-00051z-36; Fri, 29 Jul 2022 00:23:57 +0200 From: simon@netpanic.org Date: Fri, 29 Jul 2022 00:22:15 +0200 Message-Id: <20220728222215.21126-5-simon@netpanic.org> X-Mailer: git-send-email 2.37.1 In-Reply-To: <20220728222215.21126-1-simon@netpanic.org> References: <20220728222215.21126-1-simon@netpanic.org> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Df-Sender: c2ltb25AbmV0cGFuaWMub3Jn X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-BeenThere: guix-patches@gnu.org List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-patches-bounces+larch=yhetil.org@gnu.org Sender: "Guix-patches" X-Migadu-Flow: FLOW_IN X-Migadu-To: larch@yhetil.org X-Migadu-Country: US ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=yhetil.org; s=key1; t=1659047065; h=from:from:sender:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding:resent-cc: resent-from:resent-sender:resent-message-id:in-reply-to:in-reply-to: references:references:list-id:list-help:list-unsubscribe: list-subscribe:list-post; bh=z46YYSdueyq6DOluKuWnzZ4Cs/QoYXiKIuQcEcM1KOM=; b=d2P6ydbnh8ypCkjU4+UpACHnu3AZHNOTAWRFsFVJ8b9AweoNGNWBTe+tivcdEgkj6A5GUq 9fq9zxuCHaZo7lvTv7AEENNIPRKIfywchXfbvY28J95RkW6wRiqTwEuifWK7bgQP2JtMii zHbmAEotRDcHz5lRedUylZk3KIFKcLC8pEr6QqScJ5wB/Wzl8DpyELmb1nupXA3zwbMyMF t7f4AQSSuKracYTp+k82WbvOa/fbipinhhavHtLwTD75+8Ngp2UlMbTFJhc9SsoA9yMj4T cj+swoQCjqgvslMUQAOw9eoUotNhB6au3CJWzf02KSsgGXm+JH3SMbOvpUmN/w== ARC-Seal: i=1; s=key1; d=yhetil.org; t=1659047065; a=rsa-sha256; cv=none; b=FMnjaMDpkVn4FID3rNW+8v0RCY1f+d8hHEa7jD7f77KdqC1U1hrTCTbyvOU+bKymgGvilD 2L39INU2/ONStiEJnj1WLjzSMUzjHaL/BrTR5YobD9O/ti3t4uzxUsJ0ASDDN5/vm4GQt1 eCe/tfUDXBtPIQ8Z9AlTD3MCgIdbL4E/Oyy2w6de6qVz6jgaKaAQWLyZMSSAaBhNahkBOH I6qhEJZmnic6YFQJ8cSCflawt9smqxIZ1glNcAAwotGZqCPj3kmlNcXPu1PYg7thaX8Zg9 ZyQHuJJQp7cjAHcm6gfCQTEEbt0Lhh4xrdA4slwvLNJ79NDG+xKNLHdkGApHsg== ARC-Authentication-Results: i=1; aspmx1.migadu.com; dkim=none; dmarc=none; spf=pass (aspmx1.migadu.com: domain of "guix-patches-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="guix-patches-bounces+larch=yhetil.org@gnu.org" X-Migadu-Spam-Score: -2.52 Authentication-Results: aspmx1.migadu.com; dkim=none; dmarc=none; spf=pass (aspmx1.migadu.com: domain of "guix-patches-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="guix-patches-bounces+larch=yhetil.org@gnu.org" X-Migadu-Queue-Id: 4C76BFFE8 X-Spam-Score: -2.52 X-Migadu-Scanner: scn0.migadu.com X-TUID: PLXAbReH2++H From: Simon Streit * doc/guix.texi: Add documentation for wsdd service. * gnu/services/samba.scm (): New record. (wsdd-service-type): New variable. (wsdd-shepherd-services): New procedure. * gnu/tests/samba.scm: wsdd test. --- doc/guix.texi | 69 +++++++++++++++++++++++++++ gnu/services/samba.scm | 105 ++++++++++++++++++++++++++++++++++++++++- gnu/tests/samba.scm | 61 +++++++++++++++++++++++- 3 files changed, 233 insertions(+), 2 deletions(-) diff --git a/doc/guix.texi b/doc/guix.texi index 614d0a0e03..c168f063c3 100644 --- a/doc/guix.texi +++ b/doc/guix.texi @@ -31247,6 +31247,75 @@ Manually enable the @code{winbindd} daemon. @end table @end deftp +@cindex wsdd +@subsubheading Web Service Discovery Daemon + +Web Service Discovery Daemon implements +@uref{http://docs.oasis-open.org/ws-dd/discovery/1.1/os/wsdd-discovery-1.1-spec-os.html, +Web Services Dynamic Discovery} protocol that enables host discovery -- +similar to Avahi -- over Multicast DNS. It is a drop-in replacement for +SMB hosts that have had SMBv1 disabled for security reasons. + +@defvr {Scheme Variable} wsdd-service-type + +Service type for the WSD host daemon. The value for +this service type is a @code{wsdd-configuration} record. The details +for the @code{wsdd-configuration} record type are given below. +@end defvr + +@deftp{Data Type} wsdd-configuration This data type represents the +configuration for the wsdd service. + +@table @asis + +@item @code{package} (default: @code{wsdd}) +The wsdd package to use. + +@item @code{ipv4only?} (default: @code{#f}) +Only listen to IPv4 addresses. + +@item @code{ipv6only} (default: @code{#f}) +Only listen to IPv6 addresses. Please note: Activating both options is +not possible, since there would be no IP versions to listen to. + +@item @code{chroot} (default: @code{#f}) +Chroot into a separate directory to prevent access to other directories. +This is to increase security in case there is a vulnerability in +@command{wsdd}. + +@item @code{hop-limit} (default: @code{1}) +Limit to the level of hops for multicast packets. The default is +@var{1} which should prevent packets from leaving the local network. + +@item @code{interface} (default: @code{'()}) +Limit to the given list of interfaces to listen to. By default wsdd +will listen to all interfaces. Except the loopback interface is never +used. + +@item @code{uuid-device} (default: @code{#f}) +The WSD protocol requires a device to have a UUID. Set this to manually +assign the service a UUID. + +@item @code{domain} (default: @code{#f}) +Notify this host is a member of an Active Directory. + +@item @code{host-name} (default: @code{#f}) +Manually set the hostname rather than letting @command{wsdd} inherit +this host's hostname. Only the host name part of a possible FQDN will +be used in the default case. + +@item @code{preserve-case?} (default: @code{#f}) +By default @command{wsdd} will convert the hostname in workgroup to all +uppercase. The opposite is true for hostnames in domains. Setting this +parameter will preserve case. + +@item @code{workgroup} (default: @var{"WORKGROUP"}) +Change the name of the workgroup. By default @command{wsdd} reports +this host being member of a workgroup. + +@end table +@end deftp + @node Continuous Integration @subsection Continuous Integration diff --git a/gnu/services/samba.scm b/gnu/services/samba.scm index 2c9e52a0b0..c1f9033d63 100644 --- a/gnu/services/samba.scm +++ b/gnu/services/samba.scm @@ -41,7 +41,10 @@ (define-module (gnu services samba) #:export (samba-service-type samba-configuration - samba-smb-conf)) + samba-smb-conf + + wsdd-service-type + wsdd-configuration)) (define %smb-conf (plain-file "smb.conf" "[global] @@ -180,3 +183,103 @@ (define samba-service-type (service-extension profile-service-type (compose list samba-configuration-package)))) (default-value (samba-configuration)))) + + +;;; +;;; WSDD +;;; + +(define-record-type* + wsdd-configuration + make-wsdd-configuration + wsdd-configuration? + (package wsdd-configuration-package + (default wsdd)) + (ipv4only? wsdd-configuration-ipv4only? + (default #f)) + (ipv6only? wsdd-configuration-ipv6only? + (default #f)) + (chroot wsdd-configuration-chroot + (default #f)) + (hoplimit wsdd-configuration-hoplimit + (default 1)) + (interfaces wsdd-configuration-interfaces + (default '())) + (uuid-device wsdd-configuration-uuid-device + (default #f)) + (domain wsdd-configuration-domain + (default #f)) + (hostname wsdd-configuration-hostname + (default #f)) + (preserve-case? wsdd-configuration-preserve-case? + (default #f)) + (workgroup wsdd-configuration-workgroup + (default "WORKGROUP"))) + +(define wsdd-accounts + (list + (user-group (name "wsdd")) + (user-account (name "wsdd") + (group "wsdd") + (comment "Web Service Discovery user") + (home-directory "/var/empty") + (shell (file-append shadow "/sbin/nologin"))))) + +(define wsdd-shepherd-service + (match-lambda + (($ package ipv4only? ipv6only? chroot hoplimit + interfaces uuid-device domain hostname + preserve-case? workgroup) + (list (shepherd-service + (documentation "Run a Web Service Discovery service") + (provision '(wsdd)) + (requirement '(networking)) + (start #~(make-forkexec-constructor + (list #$(file-append package "/bin/wsdd") + #$@(if ipv4only? + #~("--ipv4only") + '()) + #$@(if ipv6only? + #~("--ipv6only") + '()) + #$@(if chroot + #~("--chroot" #$chroot) + '()) + #$@(if hoplimit + #~("--hoplimit" #$(number->string hoplimit)) + '()) + #$@(map (lambda (interfaces) + (string-append "--interface=" interfaces)) + interfaces) + #$@(if uuid-device + #~("--uuid" #$uuid-device) + '()) + #$@(if domain + #~("--domain" #$domain) + '()) + #$@(if hostname + #~("--hostname" #$hostname) + '()) + #$@(if preserve-case? + #~("--preserve-case") + '()) + #$@(if workgroup + #~("--workgroup" #$workgroup) + '())) + #:user "wsdd" + #:group "wsdd" + #:log-file "/var/log/wsdd.log")) + (stop #~(make-kill-destructor))))))) + +(define wsdd-service-type + (service-type + (name 'wsdd) + (description "Web Service Discovery Daemon") + (extensions + (list (service-extension shepherd-root-service-type + wsdd-shepherd-service) + (service-extension account-service-type + (const wsdd-accounts)) + (service-extension profile-service-type + (compose list wsdd-configuration-package)))) + (default-value (wsdd-configuration)))) diff --git a/gnu/tests/samba.scm b/gnu/tests/samba.scm index 27d7ea49c3..6b065cd5de 100644 --- a/gnu/tests/samba.scm +++ b/gnu/tests/samba.scm @@ -26,7 +26,8 @@ (define-module (gnu tests samba) #:use-module (gnu packages samba) #:use-module (guix gexp) #:use-module (guix store) - #:export (%test-samba)) + #:export (%test-samba + %test-wsdd)) ;;; @@ -156,3 +157,61 @@ (define %test-samba (name "samba") (description "Connect to a running Samba daemon.") (value (run-samba-test)))) + + +;;; +;;; The wsdd service. +;;; + +(define %wsdd-os + (let ((base-os (simple-operating-system + (service dhcp-client-service-type) + (service wsdd-service-type)))) + (operating-system + (inherit base-os) + (packages (cons wsdd (operating-system-packages base-os)))))) + +(define* (run-wsdd-test) + "Return a test of an OS running wsdd service." + + (define vm + (virtual-machine + (operating-system (marionette-operating-system + %wsdd-os + #:imported-modules '((gnu services herd)))) + (port-forwardings '((8135 . 135) + (8137 . 137) + (8138 . 138) + (8445 . 445))))) + + (define test + (with-imported-modules '((gnu build marionette)) + #~(begin + (use-modules (gnu build marionette) + (srfi srfi-26) + (srfi srfi-64)) + + (define marionette + (make-marionette '(#$vm))) + + (test-runner-current (system-test-runner #$output)) + (test-begin "wsdd") + + ;; Here shall be more tests to begin with. + + (test-assert "wsdd running" + (marionette-eval + '(begin + (use-modules (gnu services herd)) + (start-service 'wsdd)) + marionette)) + + (test-end)))) + + (gexp->derivation "samba-test" test)) + +(define %test-wsdd + (system-test + (name "wsdd") + (description "Connect to a running wsdd daemon.") + (value (run-wsdd-test)))) -- 2.37.1