1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
| | ;;; GNU Guix --- Functional package management for GNU
;;; Copyright © 2024 Felix Lechner <felix.lechner@lease-up.com>
;;;
;;; This file is part of GNU Guix.
;;;
;;; GNU Guix is free software; you can redistribute it and/or modify it
;;; under the terms of the GNU General Public License as published by
;;; the Free Software Foundation; either version 3 of the License, or (at
;;; your option) any later version.
;;;
;;; GNU Guix is distributed in the hope that it will be useful, but
;;; WITHOUT ANY WARRANTY; without even the implied warranty of
;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
;;; GNU General Public License for more details.
;;;
;;; You should have received a copy of the GNU General Public License
;;; along with GNU Guix. If not, see <http://www.gnu.org/licenses/>.
(define-module (gnu services pam)
#:use-module (gnu packages guile)
#:use-module (gnu packages guile-xyz)
#:use-module (gnu packages linux)
#:use-module (gnu packages mes)
#:use-module (gnu services)
#:use-module (gnu services configuration)
#:use-module (gnu system pam)
#:use-module (guix gexp)
#:use-module (guix packages)
#:use-module (guix records)
#:use-module (guix utils)
#:use-module (srfi srfi-1)
#:export (guile-pam-module-configuration))
(define-maybe string)
(define-maybe list-of-strings)
(define-maybe file-like)
(define-maybe string-or-file-like)
(define (string-or-file-like? val)
(or (string? val) (file-like? val)))
(define-maybe list-of-packages)
(define (list-of-packages? val)
(and (list? val) (map package? val)))
(define-configuration/no-serialization guile-pam-module-configuration
(rules
maybe-string
"Determines how the module's return value is evaluated.")
(module
maybe-file-like
"A Guile-PAM pamda file or a classical PAM module.")
(services
maybe-list-of-strings
"List of PAM service names for which to install the module.")
(guile-inputs
maybe-list-of-packages
"Guile inputs available in the PAM module")
(foreign-library-path
maybe-list-of-packages
"Search path for shared objects and libraries.") )
(define (guile-pam-module-service config)
"Return a list of <shepherd-service> for guile-pam-module for CONFIG."
(match-record
config <guile-pam-module-configuration> (foreign-library-path
guile-inputs
module
rules
services)
(list
(pam-extension
(transformer
(lambda (pam)
(if (member (pam-service-name pam) services)
(let* ((new-entry
(pam-entry
(control rules)
(module module)
(guile-inputs (if (eq? %unset-value guile-inputs)
'()
guile-inputs))
(foreign-library-path (if (eq? %unset-value foreign-library-path)
'()
foreign-library-path)))))
(pam-service
(inherit pam)
(auth (append (pam-service-auth pam)
(list new-entry)))
(account (append (pam-service-account pam)
(list new-entry)))
(session (append (pam-service-session pam)
(list new-entry)))
(password (append (pam-service-password pam)
(list new-entry)))))
pam)))))))
(define-public guile-pam-module-service-type
(service-type
(name 'guile-pam-module)
(extensions (list (service-extension pam-root-service-type
guile-pam-module-service)))
(compose concatenate)
(default-value (guile-pam-module-configuration))
(description "Load Guile code as part of Linux-PAM.")))
|