movefasta/nixpkgs
1
0
Fork 0
mirror of https://github.com/NixOS/nixpkgs.git synced 2025-06-14 21:49:34 +03:00
Code Issues Projects Releases Packages Wiki Activity

nixos/sudo-rs: Move support for pam_ssh_agent_auth(8) to PAM's NixOS module

Browse source 
Similar to delroth's suggestion in #262790.
This commit is contained in:
nicoo 2023-09-04 21:06:12 +00:00
parent f5d059b1f5
commit bcc2d1238a
2 changed files with 8 additions and 9 deletions
Download patch file Download diff file Expand all files Collapse all files

11
nixos/modules/security/pam.nix
View file

@ -943,6 +943,11 @@ let
value.source = pkgs.writeText "${name}.pam" service.text; value.source = pkgs.writeText "${name}.pam" service.text;
}; };
optionalSudoConfigForSSHAgentAuth = optionalString config.security.pam.enableSSHAgentAuth ''
# Keep SSH_AUTH_SOCK so that pam_ssh_agent_auth.so can do its magic.
Defaults env_keep+=SSH_AUTH_SOCK
'';
in in
{ {
@ -1532,9 +1537,7 @@ in
concatLines concatLines
]); ]);
security.sudo.extraConfig = optionalString config.security.pam.enableSSHAgentAuth '' security.sudo.extraConfig = optionalSudoConfigForSSHAgentAuth;
# Keep SSH_AUTH_SOCK so that pam_ssh_agent_auth.so can do its magic. security.sudo-rs.extraConfig = optionalSudoConfigForSSHAgentAuth;
Defaults env_keep+=SSH_AUTH_SOCK
'';
}; };
} }

4
nixos/modules/security/sudo-rs.nix
View file

@ -220,10 +220,6 @@ in
# Don't edit this file. Set the NixOS options security.sudo-rs.configFile # Don't edit this file. Set the NixOS options security.sudo-rs.configFile
# or security.sudo-rs.extraRules instead. # or security.sudo-rs.extraRules instead.
'' ''
(optionalString enableSSHAgentAuth ''
# Keep SSH_AUTH_SOCK so that pam_ssh_agent_auth.so can do its magic.
Defaults env_keep+=SSH_AUTH_SOCK
'')
(pipe cfg.extraRules [ (pipe cfg.extraRules [
(filter (rule: length rule.commands != 0)) (filter (rule: length rule.commands != 0))
(map (rule: [ (map (rule: [