commit a6809ffcc6b2038292d723b3e3a7ffcbbf6d6c03 · pyrox.dev/nixpkgs

+22 -5

nixos/modules/security/pam.nix

···

       2311
        
       

     

       2312
        
           environment.etc = lib.mapAttrs' makePAMService enabledServices;

     

       2313
        
       

     

       2314
       -
           systemd = lib.optionalAttrs config.security.pam.services.login.updateWtmp {

     

       2315
       -
             tmpfiles.packages = [ pkgs.util-linux.lastlog ]; # /lib/tmpfiles.d/lastlog2-tmpfiles.conf

     

       2316
       -
             services.lastlog2-import.enable = true;

     

       2317
       -
             packages = [ pkgs.util-linux.lastlog ]; # lib/systemd/system/lastlog2-import.service

     

       2318
       -
           };

     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       2319
        
       

     

       2320
        
           security.pam.services = {

     

       2321
        
             other.text = ''

···

       2311
        
       

     

       2312
        
           environment.etc = lib.mapAttrs' makePAMService enabledServices;

     

       2313
        
       

     

       2314
       +
           systemd =

     

       2315
       +
             lib.optionalAttrs

     

       2316
       +
               (lib.any (service: service.updateWtmp) (lib.attrValues config.security.pam.services))

     

       2317
       +
               {

     

       2318
       +
                 tmpfiles.packages = [ pkgs.util-linux.lastlog ]; # /lib/tmpfiles.d/lastlog2-tmpfiles.conf

     

       2319
       +
                 services.lastlog2-import = {

     

       2320
       +
                   enable = true;

     

       2321
       +
                   wantedBy = [ "default.target" ];

     

       2322
       +
                   after = [

     

       2323
       +
                     "local-fs.target"

     

       2324
       +
                     "systemd-tmpfiles-setup.service"

     

       2325
       +
                   ];

     

       2326
       +
                   # TODO: ${pkgs.util-linux.lastlog}/lib/systemd/system/lastlog2-import.service

     

       2327
       +
                   # uses unpatched /usr/bin/mv, needs to be fixed on staging

     

       2328
       +
                   # in the meantime, use a service drop-in here

     

       2329
       +
                   serviceConfig.ExecStartPost = [

     

       2330
       +
                     ""

     

       2331
       +
                     "${lib.getExe' pkgs.coreutils "mv"} /var/log/lastlog /var/log/lastlog.migrated"

     

       2332
       +
                   ];

     

       2333
       +
                 };

     

       2334
       +
                 packages = [ pkgs.util-linux.lastlog ]; # lib/systemd/system/lastlog2-import.service

     

       2335
       +
               };

     

       2336
        
       

     

       2337
        
           security.pam.services = {

     

       2338
        
             other.text = ''

+13 -4

nixos/tests/pam/pam-lastlog.nix

···

       13
        
           };

     

       14
        
       

     

       15
        
         testScript = ''

     

       16
       -
           machine.wait_for_unit("multi-user.target")

     

       17
       -
           machine.succeed("run0 --pty true") # perform full login

     

       18
       -
           print(machine.succeed("lastlog2 --active --user root"))

     

       19
       -
           machine.succeed("stat /var/lib/lastlog/lastlog2.db")

     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       20
        
         '';

     

       21
        
       }

···

       13
        
           };

     

       14
        
       

     

       15
        
         testScript = ''

     

       16
       +
           with subtest("Test legacy lastlog import"):

     

       17
       +
             # create old lastlog file to test import

     

       18
       +
             # empty = nothing will actually be imported, but the service will run

     

       19
       +
             machine.succeed("touch /var/log/lastlog")

     

       20
       +
             machine.wait_for_unit("lastlog2-import.service")

     

       21
       +
             machine.succeed("journalctl -b --grep 'Starting Import lastlog data into lastlog2 database'")

     

       22
       +
             machine.succeed("stat /var/log/lastlog.migrated")

     

       23
       +
       

     

       24
       +
           with subtest("Test lastlog entries are created by logins"):

     

       25
       +
             machine.wait_for_unit("multi-user.target")

     

       26
       +
             machine.succeed("run0 --pty true") # perform full login

     

       27
       +
             print(machine.succeed("lastlog2 --active --user root"))

     

       28
       +
             machine.succeed("stat /var/lib/lastlog/lastlog2.db")

     

       29
        
         '';

     

       30
        
       }