summaryrefslogtreecommitdiff
path: root/gnu/services
diff options
context:
space:
mode:
authorLudovic Courtès <ludo@gnu.org>2019-05-09 12:02:20 +0200
committerLudovic Courtès <ludo@gnu.org>2019-05-09 12:11:36 +0200
commite6b1a2248ff164e14d1b2f495224faf8a8326142 (patch)
tree33d98a5b9dd782965e84e8054dc7621779c347a2 /gnu/services
parentaf55ca481d9e6c1d1e06632f96d550b42f33210f (diff)
downloadpatches-e6b1a2248ff164e14d1b2f495224faf8a8326142.tar
patches-e6b1a2248ff164e14d1b2f495224faf8a8326142.tar.gz
services: Log-in services now require "pam_loginuid".
Fixes <https://bugs.gnu.org/35553>. Reported by Bruno Haible <bruno@clisp.org>. * gnu/services/base.scm (login-pam-service): Pass #:login-uid? #t to 'unix-pam-service'. * gnu/services/ssh.scm (lsh-pam-services, openssh-pam-services): Likewise. * gnu/services/xorg.scm (slim-pam-service): Likewise. (gdm-pam-service): Likewise for "gdm-autologin" and "gdm-password". * gnu/tests/base.scm (run-basic-test)["getlogin on tty1"]: New test. * gnu/tests/ssh.scm (run-ssh-test): Add #:test-getlogin? parameter. ["getlogin"]: New test. (%test-dropbear): Pass #:test-getlogin? #f.
Diffstat (limited to 'gnu/services')
-rw-r--r--gnu/services/base.scm1
-rw-r--r--gnu/services/ssh.scm2
-rw-r--r--gnu/services/xorg.scm5
3 files changed, 7 insertions, 1 deletions
diff --git a/gnu/services/base.scm b/gnu/services/base.scm
index 952f6f9ab2..015d873308 100644
--- a/gnu/services/base.scm
+++ b/gnu/services/base.scm
@@ -830,6 +830,7 @@ Return a service that sets up Unicode support in @var{tty} and loads
"Return the list of PAM service needed for CONF."
;; Let 'login' be known to PAM.
(list (unix-pam-service "login"
+ #:login-uid? #t
#:allow-empty-passwords?
(login-configuration-allow-empty-passwords? config)
#:motd
diff --git a/gnu/services/ssh.scm b/gnu/services/ssh.scm
index 25db783420..d026c3115e 100644
--- a/gnu/services/ssh.scm
+++ b/gnu/services/ssh.scm
@@ -182,6 +182,7 @@
"Return a list of <pam-services> for lshd with CONFIG."
(list (unix-pam-service
"lshd"
+ #:login-uid? #t
#:allow-empty-passwords?
(lsh-configuration-allow-empty-passwords? config))))
@@ -506,6 +507,7 @@ of user-name/file-like tuples."
"Return a list of <pam-services> for sshd with CONFIG."
(list (unix-pam-service
"sshd"
+ #:login-uid? #t
#:allow-empty-passwords?
(openssh-configuration-allow-empty-passwords? config))))
diff --git a/gnu/services/xorg.scm b/gnu/services/xorg.scm
index 29955754fa..3a9fa53d29 100644
--- a/gnu/services/xorg.scm
+++ b/gnu/services/xorg.scm
@@ -501,6 +501,7 @@ desktop session from the system or user profile will be used."
"Return a PAM service for @command{slim}."
(list (unix-pam-service
"slim"
+ #:login-uid? #t
#:allow-empty-passwords?
(slim-configuration-allow-empty-passwords? config))))
@@ -830,7 +831,8 @@ the GNOME desktop environment.")
"Return a PAM service for @command{gdm}."
(list
(pam-service
- (inherit (unix-pam-service "gdm-autologin"))
+ (inherit (unix-pam-service "gdm-autologin"
+ #:login-uid? #t))
(auth (list (pam-entry
(control "[success=ok default=1]")
(module (file-append (gdm-configuration-gdm config)
@@ -844,6 +846,7 @@ the GNOME desktop environment.")
(control "required")
(module "pam_permit.so")))))
(unix-pam-service "gdm-password"
+ #:login-uid? #t
#:allow-empty-passwords?
(gdm-configuration-allow-empty-passwords? config))))