summaryrefslogtreecommitdiff
path: root/gnu/services/authentication.scm
AgeCommit message (Collapse)Author
2023-05-11system: pam: Let PAM extensions add shepherd requirements.Josselin Poiret
* gnu/system/pam.scm (<pam-extension>): New record type. (pam-shepherd-service): Add Shepherd synchronization point. * gnu/services/mail.scm (dovecot-shepherd-service) * gnu/services/lightdm.scm (lightdm-shepherd-service) * gnu/services/mail.scm (opensmtpd-shepherd-service) * gnu/services/sddm.scm (sddm-shepherd-service) * gnu/services/ssh.scm (lsh-shepherd-service, openssh-shepherd-service) * gnu/services/xorg.scm (slim-shepherd-service, gdm-shepherd-service) * gnu/services/base.scm (greetd-shepherd-services): Add PAM requirement. * gnu/system/pam.scm (/etc-entry, extend-configuration, pam-root-service-type, pam-root-service) * gnu/services/authentication.scm (pam-ldap-pam-service) * gnu/services/base.scm (pam-limits-service-type) (greetd-pam-service) * gnu/services/desktop.scm (pam-gnome-keyring) * gnu/services/kerberos.scm (pam-krb5-pam-service) * gnu/services/pam-mount.scm (pam-mount-pam-service): Adapt to use pam-extension. Signed-off-by: Ludovic Courtès <ludo@gnu.org>
2022-06-15services: configuration: Use *unspecified* instead of 'disabled.Attila Lendvai
Use *unspecified* as a marker for field values that have not been set. Rationale: 'disabled may easily clash with user values for boolean fields, is confusing (i.e. its meaning is *not* boolean false, but unspecified) and it also passes silently through the symbol? predicate of a field of type symbol. * gnu/services/configuration.scm (configuration-missing-default-value): Renamed from configuration-no-default-value. (define-maybe-helper): Use *unspecified* instead of 'disabled, and make the default value optional. * gnu/home/services/desktop.scm (home-redshift-configuration): Change (maybe-xyz 'disabled) to maybe-xyz. * gnu/services/authentication.scm (nslcd-configuration): Likewise. * gnu/services/cgit.scm (repository-cgit-configuration): Likewise. * gnu/services/file-sharing.scm (serialize-maybe-string) (serialize-maybe-file-object): Use 'unspecified?' instead of (eq? val 'disabled). * gnu/services/messaging.scm (raw-content?): Likewise. (ssl-configuration): Change (maybe-xyz 'disabled) to maybe-xyz. (prosody-configuration): Likewise. * gnu/services/file-sharing.scm (transmission-daemon-configuration): Likewise. * gnu/services/messaging.scm (define-all-configurations): Use *unspecified* instead of 'disabled'. * gnu/services/networking.scm (opendht-configuration): Likewise. * gnu/services/pm.scm (tlp-configuration): Likewise. * gnu/services/telephony.scm (jami-account): Likewise. (jami-configuration): Likewise. * gnu/services/vpn.scm (openvpn-client-configuration): Likewise. * tests/services/configuration.scm ("maybe type, no default") ("maybe type, with default"): New tests. Signed-off-by: Ludovic Courtès <ludo@gnu.org>
2021-11-30services: Accept <inferior-package>s in lieu of <package>s.Tobias Geerinckx-Rice
* gnu/services/authentication.scm (fprintd-configuration) (nslcd-configuration): Substitute file-like objects for package ones. * gnu/services/cgit.scm (cgit-configuration, opaque-cgit-configuration): Likewise. * gnu/services/cups.scm (package-list?, cups-configuration): Likewise. * gnu/services/dns.scm (verify-knot-configuration) (ddclient-configuration): Likewise. * gnu/services/docker.scm (docker-configuration): Likewise. * gnu/services/file-sharing.scm (transmission-daemon-configuration): Likewise. * gnu/services/getmail.scm (getmail-configuration): Likewise. * gnu/services/mail.scm (dovecot-configuration) (opaque-dovecot-configuration): Likewise. * gnu/services/messaging.scm (prosody-configuration) (opaque-prosody-configuration): Likewise. * gnu/services/monitoring.scm (zabbix-server-configuration) (zabbix-agent-configuration): Likewise. * gnu/services/networking.scm (opendht-configuration): Likewise. * gnu/services/pm.scm (tlp-configuration): Likewise. * gnu/services/telephony.scm (jami-configuration): Likewise. * gnu/services/virtualization.scm (libvirt-configuration) (qemu-guest-agent-configuration): Likewise. * gnu/services/vpn.scm (openvpn-client-configuration): Likewise.
2021-03-10services: Prevent following symlinks during activation.Maxime Devos
This addresses a potential security issue, where a compromised service could trick the activation code in changing the permissions, owner and group of arbitrary files. However, this patch is currently only a partial fix, due to a TOCTTOU (time-of-check to time-of-use) race, which can be fixed once guile has bindings to openat and friends. Fixes: <https://lists.gnu.org/archive/html/guix-devel/2021-01/msg00388.html> * gnu/build/activation.scm: new procedure 'mkdir-p/perms'. * gnu/services/authentication.scm (%nslcd-activation, nslcd-service-type): use new procedure. * gnu/services/cups.scm (%cups-activation): likewise. * gnu/services/dbus.scm (dbus-activation): likewise. * gnu/services/dns.scm (knot-activation): likewise. Signed-off-by: Ludovic Courtès <ludo@gnu.org>
2019-04-24services: fprintd: Provide polkit policy.Danny Milosavljevic
* gnu/services/authentication.scm (fprintd-service-type)[extensions]: Add polkit-service-type.
2019-04-21services: fprintd: Use define-configuration.Danny Milosavljevic
* gnu/services/authentication.scm: Use define-configuration in fprintd.
2019-04-17services: fprintd: Fix service.Danny Milosavljevic
* gnu/services/authentication.scm (<fprintd-configuration>)[ntp]: Rename to... [fprintd]: ...this. (fprintd-dbus-service): New procedure. (fprintd-service-type): Use it. [default-value]: Add value.
2019-03-20services: Add nslcd-service-type.Ricardo Wurmus
* gnu/services/authentication.scm (nslcd-service-type, nslcd-configuration, %nslcd-accounts): New variables. (uglify-field-name, value->string, serialize-field, serialize-list, ssl-option?, tls-reqcert-option?, deref-option?, comma-separated-list-of-strings?, serialize-ignore-users-option, log-option?, serialize-log-option, valid-map?, scope-option?, serialize-scope-option, map-entry?, list-of-map-entries?, filter-entry?, list-of-filter-entries?, serialize-filter-entry, serialize-list-of-filter-entries, serialize-map-entry, serialize-list-of-map-entries, nslcd-config-file, nslcd-etc-service, nslcd-shepherd-service, pam-ldap-pam-services, pam-ldap-pam-service, generate-nslcd-documentation): New procedures. * gnu/tests/ldap.scm: New file. * gnu/local.mk (GNU_SYSTEM_MODULES): Add it. * doc/guix.texi (LDAP Services): Document it.
2018-06-23services: Fix "authentication" service name.Danny Milosavljevic
Follow-up to 7f93bbd5aadf0427190769fba8f478c29e37b4f4. * gnu/services/authentication.scm: Fix module name.
2018-06-23services: Add fingerprint identification service.Danny Milosavljevic
* gnu/services/authentication.scm: New file. * gnu/local.mk (GNU_SYSTEM_MODULES): Add it. * doc/guix.texi (Miscellaneous Services): Document it.