movefasta/nixpkgs
1
0
Fork 0
mirror of https://github.com/NixOS/nixpkgs.git synced 2025-06-10 19:55:41 +03:00
Code Issues Projects Releases Packages Wiki Activity

* Add support for pam_usb.

Browse source 
svn path=/nixos/trunk/; revision=19185
This commit is contained in:
Nicolas Pierron 2010-01-03 11:59:08 +00:00
parent 64c75274e1
commit d2901e979d
3 changed files with 48 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

1
modules/module-list.nix
View file

@ -33,6 +33,7 @@
./rename.nix ./rename.nix
./security/consolekit.nix ./security/consolekit.nix
./security/pam.nix ./security/pam.nix
./security/pam_usb.nix
./security/policykit.nix ./security/policykit.nix
#./security/polkit.nix # Currently disabled; using the old policykit. #./security/polkit.nix # Currently disabled; using the old policykit.
./security/setuid-wrappers.nix ./security/setuid-wrappers.nix

7
modules/security/pam.nix
View file

@ -7,7 +7,7 @@ with pkgs.lib;
let let
inherit (pkgs) pam_unix2 pam_ldap; inherit (pkgs) pam_unix2 pam_usb pam_ldap;
otherService = pkgs.writeText "other.pam" otherService = pkgs.writeText "other.pam"
'' ''
@ -26,6 +26,9 @@ let
, # If set, root doesn't need to authenticate (e.g. for the "chsh" , # If set, root doesn't need to authenticate (e.g. for the "chsh"
# service). # service).
rootOK ? false rootOK ? false
, # If set, user listed in /etc/pamusb.conf are able to log in with
# the associated usb key.
usbAuth ? config.security.pam.usb.enable
, # If set, use ConsoleKit's PAM connector module to claim , # If set, use ConsoleKit's PAM connector module to claim
# ownership of audio devices etc. # ownership of audio devices etc.
ownDevices ? false ownDevices ? false
@ -55,6 +58,8 @@ let
# Authentication management. # Authentication management.
${optionalString rootOK ${optionalString rootOK
"auth sufficient pam_rootok.so"} "auth sufficient pam_rootok.so"}
${optionalString usbAuth
"auth sufficient ${pam_usb}/lib/security/pam_usb.so"}
${optionalString config.users.ldap.enable ${optionalString config.users.ldap.enable
"auth sufficient ${pam_ldap}/lib/security/pam_ldap.so"} "auth sufficient ${pam_ldap}/lib/security/pam_ldap.so"}
auth sufficient ${pam_unix2}/lib/security/pam_unix2.so ${ auth sufficient ${pam_unix2}/lib/security/pam_unix2.so ${

41
modules/security/pam_usb.nix Normal file
View file

@ -0,0 +1,41 @@
{config, pkgs, ...}:
with pkgs.lib;
let
inherit (pkgs) pam_usb;
cfg = config.security.pam.usb;
anyUsbAuth = any (attrByPath ["usbAuth"] false) config.security.pam.services;
in
{
options = {
security.pam.usb = {
enable = mkOption {
default = false;
description = ''
Enable USB login for all login system unless the service disabled
it. For more information, visit <link
xlink:href="http://pamusb.org/doc/quickstart#setting_up" />.
'';
};
};
};
config = mkIf (cfg.enable || anyUsbAuth) {
# pmount need to have a set-uid bit to make pam_usb works in user
# environment. (like su, sudo)
security.setuidPrograms = [ "pmount" "pumount" ];
environment.systemPackages = [ pkgs.pmount ];
};
}