| 1 | ;;; GNU Guix --- Functional package management for GNU |
| 2 | ;;; Copyright © 2015, 2018 Ludovic Courtès <ludo@gnu.org> |
| 3 | ;;; |
| 4 | ;;; This file is part of GNU Guix. |
| 5 | ;;; |
| 6 | ;;; GNU Guix is free software; you can redistribute it and/or modify it |
| 7 | ;;; under the terms of the GNU General Public License as published by |
| 8 | ;;; the Free Software Foundation; either version 3 of the License, or (at |
| 9 | ;;; your option) any later version. |
| 10 | ;;; |
| 11 | ;;; GNU Guix is distributed in the hope that it will be useful, but |
| 12 | ;;; WITHOUT ANY WARRANTY; without even the implied warranty of |
| 13 | ;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
| 14 | ;;; GNU General Public License for more details. |
| 15 | ;;; |
| 16 | ;;; You should have received a copy of the GNU General Public License |
| 17 | ;;; along with GNU Guix. If not, see <http://www.gnu.org/licenses/>. |
| 18 | |
| 19 | (define-module (gnu system nss) |
| 20 | #:use-module (rnrs enums) |
| 21 | #:use-module (guix records) |
| 22 | #:use-module (srfi srfi-9) |
| 23 | #:use-module (ice-9 match) |
| 24 | #:export (name-service-switch? |
| 25 | name-service-switch |
| 26 | name-service? |
| 27 | name-service |
| 28 | |
| 29 | lookup-specification |
| 30 | |
| 31 | %default-nss |
| 32 | %mdns-host-lookup-nss |
| 33 | |
| 34 | %files |
| 35 | %compat |
| 36 | %dns |
| 37 | |
| 38 | name-service-switch->string)) |
| 39 | |
| 40 | ;;; Commentary: |
| 41 | ;;; |
| 42 | ;;; Bindings for libc's name service switch (NSS) configuration. |
| 43 | ;;; |
| 44 | ;;; Code: |
| 45 | |
| 46 | (define-record-type* <name-service> name-service |
| 47 | make-name-service |
| 48 | name-service? |
| 49 | (name name-service-name) |
| 50 | (reaction name-service-reaction |
| 51 | (default (lookup-specification)))) |
| 52 | |
| 53 | ;; Lookup specification (info "(libc) Actions in the NSS Configuration"). |
| 54 | |
| 55 | (define-enumeration lookup-action |
| 56 | (return continue) |
| 57 | make-lookup-action) |
| 58 | |
| 59 | (define-enumeration lookup-status |
| 60 | (success |
| 61 | not-found |
| 62 | unavailable |
| 63 | try-again) |
| 64 | make-lookup-status) |
| 65 | |
| 66 | (define-record-type <lookup-status-negation> |
| 67 | (lookup-status-negation status) |
| 68 | lookup-status-negation? |
| 69 | (status lookup-status-negation-status)) |
| 70 | |
| 71 | (define-record-type <lookup-reaction> |
| 72 | (make-lookup-reaction status action) |
| 73 | lookup-reaction? |
| 74 | (status lookup-reaction-status) |
| 75 | (action lookup-reaction-action)) |
| 76 | |
| 77 | (define-syntax lookup-reaction |
| 78 | (syntax-rules (not =>) |
| 79 | ((_ ((not status) => action)) |
| 80 | (make-lookup-reaction (lookup-status-negation (lookup-status status)) |
| 81 | (lookup-action action))) |
| 82 | ((_ (status => action)) |
| 83 | (make-lookup-reaction (lookup-status status) |
| 84 | (lookup-action action))))) |
| 85 | |
| 86 | (define-syntax-rule (lookup-specification reaction ...) |
| 87 | "Return an NSS lookup specification." |
| 88 | (list (lookup-reaction reaction) ...)) |
| 89 | |
| 90 | \f |
| 91 | ;;; |
| 92 | ;;; Common name services and default NSS configuration. |
| 93 | ;;; |
| 94 | |
| 95 | (define %compat |
| 96 | ;; Note: Starting from version 2.26, libc no longer provides libnss_compat |
| 97 | ;; so this specification has become useless. |
| 98 | (name-service |
| 99 | (name "compat") |
| 100 | (reaction (lookup-specification (not-found => return))))) |
| 101 | |
| 102 | (define %files |
| 103 | (name-service (name "files"))) |
| 104 | |
| 105 | (define %dns |
| 106 | ;; DNS is supposed to be authoritative, so unless it's unavailable, return |
| 107 | ;; what it finds. |
| 108 | (name-service |
| 109 | (name "dns") |
| 110 | (reaction (lookup-specification ((not unavailable) => return))))) |
| 111 | |
| 112 | ;; The NSS. We list all the databases here because that allows us to |
| 113 | ;; statically ensure that the user's configuration refers to existing |
| 114 | ;; databases. See libc/nss/databases.def for the list of databases. Default |
| 115 | ;; values obtained by looking for "DEFAULT_CONFIG" in libc/nss/*.c. |
| 116 | ;; |
| 117 | ;; Although libc places 'dns' before 'files' in the default configurations of |
| 118 | ;; the 'hosts' and 'networks' databases, we choose to put 'files' before 'dns' |
| 119 | ;; by default, so that users can override host/address mappings in /etc/hosts |
| 120 | ;; and bypass DNS to improve their privacy and escape NSA's MORECOWBELL. |
| 121 | (define-record-type* <name-service-switch> name-service-switch |
| 122 | make-name-service-switch |
| 123 | name-service-switch? |
| 124 | (aliases name-service-switch-aliases |
| 125 | (default '())) |
| 126 | (ethers name-service-switch-ethers |
| 127 | (default '())) |
| 128 | (group name-service-switch-group |
| 129 | (default (list %files))) |
| 130 | (gshadow name-service-switch-gshadow |
| 131 | (default '())) |
| 132 | (hosts name-service-switch-hosts |
| 133 | (default (list %files %dns))) |
| 134 | (initgroups name-service-switch-initgroups |
| 135 | (default '())) |
| 136 | (netgroup name-service-switch-netgroup |
| 137 | (default '())) |
| 138 | (networks name-service-switch-networks |
| 139 | (default (list %files %dns))) |
| 140 | (password name-service-switch-password |
| 141 | (default (list %files))) |
| 142 | (public-key name-service-switch-public-key |
| 143 | (default '())) |
| 144 | (rpc name-service-switch-rpc |
| 145 | (default '())) |
| 146 | (services name-service-switch-services |
| 147 | (default '())) |
| 148 | (shadow name-service-switch-shadow |
| 149 | (default (list %files)))) |
| 150 | |
| 151 | (define %default-nss |
| 152 | ;; Default NSS configuration. |
| 153 | (name-service-switch)) |
| 154 | |
| 155 | (define %mdns-host-lookup-nss |
| 156 | (name-service-switch |
| 157 | (hosts (list %files ;first, check /etc/hosts |
| 158 | |
| 159 | ;; If the above did not succeed, try with 'mdns_minimal'. |
| 160 | (name-service |
| 161 | (name "mdns_minimal") |
| 162 | |
| 163 | ;; 'mdns_minimal' is authoritative for '.local'. When it |
| 164 | ;; returns "not found", no need to try the next methods. |
| 165 | (reaction (lookup-specification |
| 166 | (not-found => return)))) |
| 167 | |
| 168 | ;; Then fall back to DNS. |
| 169 | (name-service |
| 170 | (name "dns")) |
| 171 | |
| 172 | ;; Finally, try with the "full" 'mdns'. |
| 173 | (name-service |
| 174 | (name "mdns")))))) |
| 175 | |
| 176 | \f |
| 177 | ;;; |
| 178 | ;;; Serialization. |
| 179 | ;;; |
| 180 | |
| 181 | (define (lookup-status->string status) |
| 182 | (match status |
| 183 | ('success "SUCCESS") |
| 184 | ('not-found "NOTFOUND") |
| 185 | ('unavailable "UNAVAIL") |
| 186 | ('try-again "TRYAGAIN") |
| 187 | (($ <lookup-status-negation> status) |
| 188 | (string-append "!" (lookup-status->string status))))) |
| 189 | |
| 190 | (define lookup-reaction->string |
| 191 | (match-lambda |
| 192 | (($ <lookup-reaction> status action) |
| 193 | (string-append (lookup-status->string status) "=" |
| 194 | (symbol->string action))))) |
| 195 | |
| 196 | (define name-service->string |
| 197 | (match-lambda |
| 198 | (($ <name-service> name ()) |
| 199 | name) |
| 200 | (($ <name-service> name reactions) |
| 201 | (string-append name " [" |
| 202 | (string-join (map lookup-reaction->string reactions)) |
| 203 | "]")))) |
| 204 | |
| 205 | (define (name-service-switch->string nss) |
| 206 | "Return the 'nsswitch.conf' contents for NSS as a string. See \"NSS |
| 207 | Configuration File\" in the libc manual." |
| 208 | (let-syntax ((->string |
| 209 | (syntax-rules () |
| 210 | ((_ name field) |
| 211 | (match (field nss) |
| 212 | (() ;keep the default config |
| 213 | "") |
| 214 | ((services (... ...)) |
| 215 | (string-append name ":\t" |
| 216 | (string-join |
| 217 | (map name-service->string services)) |
| 218 | "\n"))))))) |
| 219 | (string-append (->string "aliases" name-service-switch-aliases) |
| 220 | (->string "ethers" name-service-switch-ethers) |
| 221 | (->string "group" name-service-switch-group) |
| 222 | (->string "gshadow" name-service-switch-gshadow) |
| 223 | (->string "hosts" name-service-switch-hosts) |
| 224 | (->string "initgroups" name-service-switch-initgroups) |
| 225 | (->string "netgroup" name-service-switch-netgroup) |
| 226 | (->string "networks" name-service-switch-networks) |
| 227 | (->string "passwd" name-service-switch-password) |
| 228 | (->string "publickey" name-service-switch-public-key) |
| 229 | (->string "rpc" name-service-switch-rpc) |
| 230 | (->string "services" name-service-switch-services) |
| 231 | (->string "shadow" name-service-switch-shadow)))) |
| 232 | |
| 233 | ;;; Local Variables: |
| 234 | ;;; eval: (put 'name-service 'scheme-indent-function 0) |
| 235 | ;;; eval: (put 'name-service-switch 'scheme-indent-function 0) |
| 236 | ;;; End: |
| 237 | |
| 238 | ;;; nss.scm ends here |