me/guix
Archived
1
0
Fork 0
Code Activity
This repository has been archived on 2024-08-07. You can view files and clone it, but cannot push or open issues or pull requests.
guix/gnu/system/nss.scm
Ludovic Courtès 15137a29c2 nss: Add '%mdns-host-lookup-nss'. 
* gnu/system/nss.scm (%mdns-host-lookup-nss): New variable.
* doc/guix.texi (Name Service Switch): Document it.
2015-05-08 16:35:32 +02:00

236 lines
7.9 KiB
Scheme
Raw Blame History

This file contains invisible Unicode characters

This file contains invisible Unicode characters that are indistinguishable to humans but may be processed differently by a computer. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

;;; GNU Guix --- Functional package management for GNU
;;; Copyright © 2015 Ludovic Courtès <ludo@gnu.org>
;;;
;;; This file is part of GNU Guix.
;;;
;;; GNU Guix is free software; you can redistribute it and/or modify it
;;; under the terms of the GNU General Public License as published by
;;; the Free Software Foundation; either version 3 of the License, or (at
;;; your option) any later version.
;;;
;;; GNU Guix is distributed in the hope that it will be useful, but
;;; WITHOUT ANY WARRANTY; without even the implied warranty of
;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
;;; GNU General Public License for more details.
;;;
;;; You should have received a copy of the GNU General Public License
;;; along with GNU Guix. If not, see <http://www.gnu.org/licenses/>.
(define-module (gnu system nss)
#:use-module (rnrs enums)
#:use-module (guix records)
#:use-module (srfi srfi-9)
#:use-module (ice-9 match)
#:export (name-service-switch?
name-service-switch
name-service?
name-service
lookup-specification
%default-nss
%mdns-host-lookup-nss
%files
%compat
%dns
name-service-switch->string))
;;; Commentary:
;;;
;;; Bindings for libc's name service switch (NSS) configuration.
;;;
;;; Code:
(define-record-type* <name-service> name-service
make-name-service
name-service?
(name name-service-name)
(reaction name-service-reaction
(default (lookup-specification))))
;; Lookup specification (info "(libc) Actions in the NSS Configuration").
(define-enumeration lookup-action
(return continue)
make-lookup-action)
(define-enumeration lookup-status
(success
not-found
unavailable
try-again)
make-lookup-status)
(define-record-type <lookup-status-negation>
(lookup-status-negation status)
lookup-status-negation?
(status lookup-status-negation-status))
(define-record-type <lookup-reaction>
(make-lookup-reaction status action)
lookup-reaction?
(status lookup-reaction-status)
(action lookup-reaction-action))
(define-syntax lookup-reaction
(syntax-rules (not =>)
((_ ((not status) => action))
(make-lookup-reaction (lookup-status-negation (lookup-status status))
(lookup-action action)))
((_ (status => action))
(make-lookup-reaction (lookup-status status)
(lookup-action action)))))
(define-syntax-rule (lookup-specification reaction ...)
"Return an NSS lookup specification."
(list (lookup-reaction reaction) ...))
;;;
;;; Common name services and default NSS configuration.
;;;
(define %compat
(name-service
(name "compat")
(reaction (lookup-specification (not-found => return)))))
(define %files
(name-service (name "files")))
(define %dns
;; DNS is supposed to be authoritative, so unless it's unavailable, return
;; what it finds.
(name-service
(name "dns")
(reaction (lookup-specification ((not unavailable) => return)))))
;; The NSS. We list all the databases here because that allows us to
;; statically ensure that the user's configuration refers to existing
;; databases. See libc/nss/databases.def for the list of databases. Default
;; values obtained by looking for "DEFAULT_CONFIG" in libc/nss/*.c.
;;
;; Although libc places 'dns' before 'files' in the default configurations of
;; the 'hosts' and 'networks' databases, we choose to put 'files' before 'dns'
;; by default, so that users can override host/address mappings in /etc/hosts
;; and bypass DNS to improve their privacy and escape NSA's MORECOWBELL.
(define-record-type* <name-service-switch> name-service-switch
make-name-service-switch
name-service-switch?
(aliases name-service-switch-aliases
(default '()))
(ethers name-service-switch-ethers
(default '()))
(group name-service-switch-group
(default (list %compat %files)))
(gshadow name-service-switch-gshadow
(default '()))
(hosts name-service-switch-hosts
(default (list %files %dns)))
(initgroups name-service-switch-initgroups
(default '()))
(netgroup name-service-switch-netgroup
(default '()))
(networks name-service-switch-networks
(default (list %files %dns)))
(password name-service-switch-password
(default (list %compat %files)))
(public-key name-service-switch-public-key
(default '()))
(rpc name-service-switch-rpc
(default '()))
(services name-service-switch-services
(default '()))
(shadow name-service-switch-shadow
(default (list %compat %files))))
(define %default-nss
;; Default NSS configuration.
(name-service-switch))
(define %mdns-host-lookup-nss
(name-service-switch
(hosts (list %files ;first, check /etc/hosts
;; If the above did not succeed, try with 'mdns_minimal'.
(name-service
(name "mdns_minimal")
;; 'mdns_minimal' is authoritative for '.local'. When it
;; returns "not found", no need to try the next methods.
(reaction (lookup-specification
(not-found => return))))
;; Then fall back to DNS.
(name-service
(name "dns"))
;; Finally, try with the "full" 'mdns'.
(name-service
(name "mdns"))))))
;;;
;;; Serialization.
;;;
(define (lookup-status->string status)
(match status
('success "SUCCESS")
('not-found "NOTFOUND")
('unavailable "UNAVAIL")
('try-again "TRYAGAIN")
(($ <lookup-status-negation> status)
(string-append "!" (lookup-status->string status)))))
(define lookup-reaction->string
(match-lambda
(($ <lookup-reaction> status action)
(string-append (lookup-status->string status) "="
(symbol->string action)))))
(define name-service->string
(match-lambda
(($ <name-service> name ())
name)
(($ <name-service> name reactions)
(string-append name " ["
(string-join (map lookup-reaction->string reactions))
"]"))))
(define (name-service-switch->string nss)
"Return the 'nsswitch.conf' contents for NSS as a string. See \"NSS
Configuration File\" in the libc manual."
(let-syntax ((->string
(syntax-rules ()
((_ name field)
(match (field nss)
(() ;keep the default config
"")
((services (... ...))
(string-append name ":\t"
(string-join
(map name-service->string services))
"\n")))))))
(string-append (->string "aliases" name-service-switch-aliases)
(->string "ethers" name-service-switch-ethers)
(->string "group" name-service-switch-group)
(->string "gshadow" name-service-switch-gshadow)
(->string "hosts" name-service-switch-hosts)
(->string "initgroups" name-service-switch-initgroups)
(->string "netgroup" name-service-switch-netgroup)
(->string "networks" name-service-switch-networks)
(->string "passwd" name-service-switch-password)
(->string "publickey" name-service-switch-public-key)
(->string "rpc" name-service-switch-rpc)
(->string "services" name-service-switch-services)
(->string "shadow" name-service-switch-shadow))))
;;; Local Variables:
;;; eval: (put 'name-service 'scheme-indent-function 0)
;;; eval: (put 'name-service-switch 'scheme-indent-function 0)
;;; End:
;;; nss.scm ends here
View git blame Copy permalink