summary refs log tree commit diff
diff options
context:
space:
mode:
authorLudovic Courtès <ludo@gnu.org>2016-02-06 11:57:54 +0100
committerLudovic Courtès <ludo@gnu.org>2016-02-06 12:01:42 +0100
commite7ad0d586251383a4c8b00222e8dec61d491f03b (patch)
tree83965a3efa3b53c720e9104420187eeca93b9ee8
parent12c00bca92e3eef2b86565924bbefc39397b5497 (diff)
downloadguix-e7ad0d586251383a4c8b00222e8dec61d491f03b.tar.gz
services: elogind: Extend PAM to use 'pam_elogind.so'.
Thanks to Andy Wingo <wingo@igalia.com> for explaining this at
<https://lists.gnu.org/archive/html/guix-devel/2015-08/msg00439.html>.

* gnu/services/desktop.scm (pam-extension-procedure): New procedure.
(elogind-service-type): Extend PAM-ROOT-SERVICE-TYPE.
-rw-r--r--gnu/services/desktop.scm21
1 files changed, 19 insertions, 2 deletions
diff --git a/gnu/services/desktop.scm b/gnu/services/desktop.scm
index 36e336f5ca..e4f0736b89 100644
--- a/gnu/services/desktop.scm
+++ b/gnu/services/desktop.scm
@@ -664,6 +664,22 @@ include the @command{udisksctl} command, part of UDisks, and GNOME Disks."
                      (list (string-append "ELOGIND_CONF_FILE=" #$config-file))))
            (stop #~(make-kill-destructor))))))
 
+(define (pam-extension-procedure config)
+  "Return an extension for PAM-ROOT-SERVICE-TYPE that ensures that all the PAM
+services use 'pam_elogind.so', a module that allows elogind to keep track of
+logged-in users (run 'loginctl' to see elogind's world view of users and
+seats.)"
+  (define pam-elogind
+    (pam-entry
+     (control "required")
+     (module #~(string-append #$(elogind-package config)
+                              "/lib/security/pam_elogind.so"))))
+
+  (list (lambda (pam)
+          (pam-service
+           (inherit pam)
+           (session (cons pam-elogind (pam-service-session pam)))))))
+
 (define elogind-service-type
   (service-type (name 'elogind)
                 (extensions
@@ -680,8 +696,9 @@ include the @command{udisksctl} command, part of UDisks, and GNOME Disks."
                        (service-extension profile-service-type
                                           (compose list elogind-package))
 
-                       ;; TODO: Extend PAM with pam_elogind.so.
-                       ))))
+                       ;; Extend PAM with pam_elogind.so.
+                       (service-extension pam-root-service-type
+                                          pam-extension-procedure)))))
 
 (define* (elogind-service #:key (config (elogind-configuration)))
   "Return a service that runs the @command{elogind} login and seat management