diff options
| author | Ludovic Courtès <ludo@gnu.org> | 2019-05-09 12:02:20 +0200 |
|---|---|---|
| committer | Ludovic Courtès <ludo@gnu.org> | 2019-05-09 12:11:36 +0200 |
| commit | e6b1a2248ff164e14d1b2f495224faf8a8326142 (patch) | |
| tree | 33d98a5b9dd782965e84e8054dc7621779c347a2 /gnu/services | |
| parent | af55ca481d9e6c1d1e06632f96d550b42f33210f (diff) | |
| download | guix-e6b1a2248ff164e14d1b2f495224faf8a8326142.tar guix-e6b1a2248ff164e14d1b2f495224faf8a8326142.tar.gz | |
services: Log-in services now require "pam_loginuid".
Fixes <https://bugs.gnu.org/35553>.
Reported by Bruno Haible <bruno@clisp.org>.
* gnu/services/base.scm (login-pam-service): Pass #:login-uid? #t to
'unix-pam-service'.
* gnu/services/ssh.scm (lsh-pam-services, openssh-pam-services):
Likewise.
* gnu/services/xorg.scm (slim-pam-service): Likewise.
(gdm-pam-service): Likewise for "gdm-autologin" and "gdm-password".
* gnu/tests/base.scm (run-basic-test)["getlogin on tty1"]: New test.
* gnu/tests/ssh.scm (run-ssh-test): Add #:test-getlogin? parameter.
["getlogin"]: New test.
(%test-dropbear): Pass #:test-getlogin? #f.
Diffstat (limited to 'gnu/services')
| -rw-r--r-- | gnu/services/base.scm | 1 | ||||
| -rw-r--r-- | gnu/services/ssh.scm | 2 | ||||
| -rw-r--r-- | gnu/services/xorg.scm | 5 |
3 files changed, 7 insertions, 1 deletions
diff --git a/gnu/services/base.scm b/gnu/services/base.scm index 952f6f9ab2..015d873308 100644 --- a/gnu/services/base.scm +++ b/gnu/services/base.scm @@ -830,6 +830,7 @@ Return a service that sets up Unicode support in @var{tty} and loads "Return the list of PAM service needed for CONF." ;; Let 'login' be known to PAM. (list (unix-pam-service "login" + #:login-uid? #t #:allow-empty-passwords? (login-configuration-allow-empty-passwords? config) #:motd diff --git a/gnu/services/ssh.scm b/gnu/services/ssh.scm index 25db783420..d026c3115e 100644 --- a/gnu/services/ssh.scm +++ b/gnu/services/ssh.scm @@ -182,6 +182,7 @@ "Return a list of <pam-services> for lshd with CONFIG." (list (unix-pam-service "lshd" + #:login-uid? #t #:allow-empty-passwords? (lsh-configuration-allow-empty-passwords? config)))) @@ -506,6 +507,7 @@ of user-name/file-like tuples." "Return a list of <pam-services> for sshd with CONFIG." (list (unix-pam-service "sshd" + #:login-uid? #t #:allow-empty-passwords? (openssh-configuration-allow-empty-passwords? config)))) diff --git a/gnu/services/xorg.scm b/gnu/services/xorg.scm index 29955754fa..3a9fa53d29 100644 --- a/gnu/services/xorg.scm +++ b/gnu/services/xorg.scm @@ -501,6 +501,7 @@ desktop session from the system or user profile will be used." "Return a PAM service for @command{slim}." (list (unix-pam-service "slim" + #:login-uid? #t #:allow-empty-passwords? (slim-configuration-allow-empty-passwords? config)))) @@ -830,7 +831,8 @@ the GNOME desktop environment.") "Return a PAM service for @command{gdm}." (list (pam-service - (inherit (unix-pam-service "gdm-autologin")) + (inherit (unix-pam-service "gdm-autologin" + #:login-uid? #t)) (auth (list (pam-entry (control "[success=ok default=1]") (module (file-append (gdm-configuration-gdm config) @@ -844,6 +846,7 @@ the GNOME desktop environment.") (control "required") (module "pam_permit.so"))))) (unix-pam-service "gdm-password" + #:login-uid? #t #:allow-empty-passwords? (gdm-configuration-allow-empty-passwords? config)))) |