[PATCH] services: mpd: Allow authentication and permissions to be configured.

OpenSubmitted by pinoaffe.
Details
One participant
  • pinoaffe
Owner
unassigned
Severity
normal
P
P
pinoaffe wrote on 26 Apr 2020 22:16
(address . guix-patches@gnu.org)
1ee4ef44362d20518fe69da7b6c37df5@airmail.cc
* gnu/services/audio.scm (mpd-credential): New public variable.
* gnu/services/audio.scm (mpd-configuration): Add credentials
and permissions.
---
doc/guix.texi | 23 ++++++++++++
gnu/services/audio.scm | 79 ++++++++++++++++++++++++++++++------------
2 files changed, 80 insertions(+), 22 deletions(-)

Toggle diff (171 lines)
diff --git a/doc/guix.texi b/doc/guix.texi
index 6613a4af13..1693d938f1 100644
--- a/doc/guix.texi
+++ b/doc/guix.texi
@@ -23271,12 +23271,35 @@ an absolute path can be specified here.
  @item @code{outputs} (default: @code{"(list (mpd-output))"})
  The audio outputs that MPD can use.  By default this is a single output 
using pulseaudio.

+@item @code{default-permissions} (default: @code{'(read add control 
admin)})
+The permissions a user that connected to the mpd server without a 
password should enjoy.
+Should be a subset of @code{'(read add control admin)}.
+
+@item @code{credentials} (default: @code{'()})
+The list of credentials one can use to sign in to mpd and gain extra 
permissions.  By
+default this is an empty list.
+
  @end table
  @end deftp

+@deftp {Data Type} mpd-credential
+Data type representing an @command{mpd} password/permissions pair.
+
  @deftp {Data Type} mpd-output
  Data type representing an @command{mpd} audio output.

+@table @asis
+@item @code{password} (default: @code{""})
+The password used to authenticate.  The password may not contain "@".
+
+@item @code{permissions} (default: @code{'()})
+The permissions one gains after authenticating to the server using 
@code{password}.
+This should be a subset of @code{'(read add control admin)}, as in
+@code{default-permissions}.
+
+@end table
+@end deftp
+
  @table @asis
  @item @code{name} (default: @code{"MPD"})
  The name of the audio output.
diff --git a/gnu/services/audio.scm b/gnu/services/audio.scm
index 345d8225b2..9a6dc8db94 100644
--- a/gnu/services/audio.scm
+++ b/gnu/services/audio.scm
@@ -26,6 +26,8 @@
    #:use-module (ice-9 match)
    #:export (mpd-output
              mpd-output?
+            mpd-credential
+            mpd-credential?
              mpd-configuration
              mpd-configuration?
              mpd-service-type))
@@ -36,6 +38,16 @@
  ;;;
  ;;; Code:

+(define-record-type* <mpd-credential>
+  mpd-credential make-mpd-credential
+  mpd-credential?
+  (password    mpd-credential-password
+               ;; valid: any string that does not contain #\@
+               (default ""))
+  (permissions mpd-credential-permissions
+               ;; valid: any subset of read, add, control and admin
+               (default '())))
+
  (define-record-type* <mpd-output>
    mpd-output make-mpd-output
    mpd-output?
@@ -58,24 +70,41 @@
  (define-record-type* <mpd-configuration>
    mpd-configuration make-mpd-configuration
    mpd-configuration?
-  (user         mpd-configuration-user
-                (default "mpd"))
-  (music-dir    mpd-configuration-music-dir
-                (default "~/Music"))
-  (playlist-dir mpd-configuration-playlist-dir
-                (default "~/.mpd/playlists"))
-  (db-file      mpd-configuration-db-file
-                (default "~/.mpd/tag_cache"))
-  (state-file   mpd-configuration-state-file
-                (default "~/.mpd/state"))
-  (sticker-file mpd-configuration-sticker-file
-                (default "~/.mpd/sticker.sql"))
-  (port         mpd-configuration-port
-                (default "6600"))
-  (address      mpd-configuration-address
-                (default "any"))
-  (outputs      mpd-configuration-outputs
-                (default (list (mpd-output)))))
+  (user                mpd-configuration-user
+                       (default "mpd"))
+  (music-dir           mpd-configuration-music-dir
+                       (default "~/Music"))
+  (playlist-dir        mpd-configuration-playlist-dir
+                       (default "~/.mpd/playlists"))
+  (db-file             mpd-configuration-db-file
+                       (default "~/.mpd/tag_cache"))
+  (state-file          mpd-configuration-state-file
+                       (default "~/.mpd/state"))
+  (sticker-file        mpd-configuration-sticker-file
+                       (default "~/.mpd/sticker.sql"))
+  (port                mpd-configuration-port
+                       (default "6600"))
+  (address             mpd-configuration-address
+                       (default "any"))
+  (credentials         mpd-configuration-credentials
+                       (default '()))
+  (default-permissions mpd-configuration-default-permissions
+                       (default '(read add control admin)))
+  (outputs             mpd-configuration-outputs
+                       (default (list (mpd-output)))))
+
+(define (mpd-permissions->string permissions)
+  (string-join (map symbol->string
+                    permissions)
+               ","))
+
+(define (mpd-credential->string credential)
+  "Convert the USER of type <mpd-credential> to a configuration file 
snippet."
+  (format #f
+          "password \"~a@~a\"\n"
+          (mpd-credential-password credential)
+          (mpd-permissions->string
+           (mpd-credential-permissions credential))))

  (define (mpd-output->string output)
    "Convert the OUTPUT of type <mpd-output> to a configuration file 
snippet."
@@ -110,8 +139,14 @@ audio_output {
    (apply
     mixed-text-file "mpd.conf"
     "pid_file \"" (mpd-file-name config "pid") "\"\n"
+   "default_permissions \""
+   (mpd-permissions->string
+    (mpd-configuration-default-permissions config))
+   "\"\n"
     (append (map mpd-output->string
                  (mpd-configuration-outputs config))
+           (map mpd-credential->string
+                (mpd-configuration-credentials config))
             (map (match-lambda
                    ((config-name config-val)
                     (string-append config-name " \"" (config-val config) 
"\"\n")))
@@ -143,10 +178,10 @@ audio_output {
               #:environment-variables
               ;; Required to detect PulseAudio when run under a user 
account.
               '(#$(string-append
-                   "XDG_RUNTIME_DIR=/run/user/"
-                   (number->string
-                     (passwd:uid
-                       (getpwnam (mpd-configuration-user config))))))
+                  "XDG_RUNTIME_DIR=/run/user/"
+                  (number->string
+                   (passwd:uid
+                    (getpwnam (mpd-configuration-user config))))))
               #:log-file #$(mpd-file-name config "log")))
     (stop  #~(make-kill-destructor))))

-- 
2.26.2
P
P
pinoaffe wrote on 28 Apr 2020 13:29
[PATCH (hopefully not garbled this time)] services: mpd: Allow authentication and permissions to be configured.
(address . 40878@debbugs.gnu.org)
20200426223555.2a5793bb@airmail.cc
* gnu/services/audio.scm (mpd-credential): New public variable.
* gnu/services/audio.scm (mpd-configuration): Add credentials
and permissions.
---
doc/guix.texi | 23 ++++++++++++
gnu/services/audio.scm | 79 ++++++++++++++++++++++++++++++------------
2 files changed, 80 insertions(+), 22 deletions(-)

Toggle diff (162 lines)
diff --git a/doc/guix.texi b/doc/guix.texi
index 6613a4af13..1693d938f1 100644
--- a/doc/guix.texi
+++ b/doc/guix.texi
@@ -23271,12 +23271,35 @@ an absolute path can be specified here.
 @item @code{outputs} (default: @code{"(list (mpd-output))"})
 The audio outputs that MPD can use.  By default this is a single output using pulseaudio.
 
+@item @code{default-permissions} (default: @code{'(read add control admin)})
+The permissions a user that connected to the mpd server without a password should enjoy. 
+Should be a subset of @code{'(read add control admin)}.
+
+@item @code{credentials} (default: @code{'()})
+The list of credentials one can use to sign in to mpd and gain extra permissions.  By
+default this is an empty list.
+
 @end table
 @end deftp
 
+@deftp {Data Type} mpd-credential
+Data type representing an @command{mpd} password/permissions pair.
+
 @deftp {Data Type} mpd-output
 Data type representing an @command{mpd} audio output.
 
+@table @asis
+@item @code{password} (default: @code{""})
+The password used to authenticate.  The password may not contain "@".
+
+@item @code{permissions} (default: @code{'()})
+The permissions one gains after authenticating to the server using @code{password}.
+This should be a subset of @code{'(read add control admin)}, as in
+@code{default-permissions}.
+
+@end table
+@end deftp
+
 @table @asis
 @item @code{name} (default: @code{"MPD"})
 The name of the audio output.
diff --git a/gnu/services/audio.scm b/gnu/services/audio.scm
index 345d8225b2..9a6dc8db94 100644
--- a/gnu/services/audio.scm
+++ b/gnu/services/audio.scm
@@ -26,6 +26,8 @@
   #:use-module (ice-9 match)
   #:export (mpd-output
             mpd-output?
+            mpd-credential
+            mpd-credential?
             mpd-configuration
             mpd-configuration?
             mpd-service-type))
@@ -36,6 +38,16 @@
 ;;;
 ;;; Code:
 
+(define-record-type* <mpd-credential>
+  mpd-credential make-mpd-credential
+  mpd-credential?
+  (password    mpd-credential-password
+               ;; valid: any string that does not contain #\@
+               (default ""))
+  (permissions mpd-credential-permissions
+               ;; valid: any subset of read, add, control and admin
+               (default '())))
+
 (define-record-type* <mpd-output>
   mpd-output make-mpd-output
   mpd-output?
@@ -58,24 +70,41 @@
 (define-record-type* <mpd-configuration>
   mpd-configuration make-mpd-configuration
   mpd-configuration?
-  (user         mpd-configuration-user
-                (default "mpd"))
-  (music-dir    mpd-configuration-music-dir
-                (default "~/Music"))
-  (playlist-dir mpd-configuration-playlist-dir
-                (default "~/.mpd/playlists"))
-  (db-file      mpd-configuration-db-file
-                (default "~/.mpd/tag_cache"))
-  (state-file   mpd-configuration-state-file
-                (default "~/.mpd/state"))
-  (sticker-file mpd-configuration-sticker-file
-                (default "~/.mpd/sticker.sql"))
-  (port         mpd-configuration-port
-                (default "6600"))
-  (address      mpd-configuration-address
-                (default "any"))
-  (outputs      mpd-configuration-outputs
-                (default (list (mpd-output)))))
+  (user                mpd-configuration-user
+                       (default "mpd"))
+  (music-dir           mpd-configuration-music-dir
+                       (default "~/Music"))
+  (playlist-dir        mpd-configuration-playlist-dir
+                       (default "~/.mpd/playlists"))
+  (db-file             mpd-configuration-db-file
+                       (default "~/.mpd/tag_cache"))
+  (state-file          mpd-configuration-state-file
+                       (default "~/.mpd/state"))
+  (sticker-file        mpd-configuration-sticker-file
+                       (default "~/.mpd/sticker.sql"))
+  (port                mpd-configuration-port
+                       (default "6600"))
+  (address             mpd-configuration-address
+                       (default "any"))
+  (credentials         mpd-configuration-credentials
+                       (default '()))
+  (default-permissions mpd-configuration-default-permissions
+                       (default '(read add control admin)))
+  (outputs             mpd-configuration-outputs
+                       (default (list (mpd-output)))))
+
+(define (mpd-permissions->string permissions)
+  (string-join (map symbol->string
+                    permissions)
+               ","))
+
+(define (mpd-credential->string credential)
+  "Convert the USER of type <mpd-credential> to a configuration file snippet."
+  (format #f
+          "password \"~a@~a\"\n"
+          (mpd-credential-password credential)
+          (mpd-permissions->string
+           (mpd-credential-permissions credential))))
 
 (define (mpd-output->string output)
   "Convert the OUTPUT of type <mpd-output> to a configuration file snippet."
@@ -110,8 +139,14 @@ audio_output {
   (apply
    mixed-text-file "mpd.conf"
    "pid_file \"" (mpd-file-name config "pid") "\"\n"
+   "default_permissions \""
+   (mpd-permissions->string
+    (mpd-configuration-default-permissions config))
+   "\"\n"
    (append (map mpd-output->string
                 (mpd-configuration-outputs config))
+           (map mpd-credential->string
+                (mpd-configuration-credentials config))
            (map (match-lambda
                   ((config-name config-val)
                    (string-append config-name " \"" (config-val config) "\"\n")))
@@ -143,10 +178,10 @@ audio_output {
              #:environment-variables
              ;; Required to detect PulseAudio when run under a user account.
              '(#$(string-append
-                   "XDG_RUNTIME_DIR=/run/user/"
-                   (number->string
-                     (passwd:uid
-                       (getpwnam (mpd-configuration-user config))))))
+                  "XDG_RUNTIME_DIR=/run/user/"
+                  (number->string
+                   (passwd:uid
+                    (getpwnam (mpd-configuration-user config))))))
              #:log-file #$(mpd-file-name config "log")))
    (stop  #~(make-kill-destructor))))
 
-- 
2.26.2
P
P
pinoaffe wrote on 28 Apr 2020 17:00
[PATCH v2] services: mpd: Allow authentication and permissions to be configured.
(address . 40878@debbugs.gnu.org)
20200428170023.3304924a@airmail.cc
* gnu/services/audio.scm (mpd-credential): New public variable.
* gnu/services/audio.scm (mpd-configuration): Add credentials
and permissions.
---
doc/guix.texi | 26 ++++++++++++++
gnu/services/audio.scm | 79 ++++++++++++++++++++++++++++++------------
2 files changed, 83 insertions(+), 22 deletions(-)

Toggle diff (159 lines)
diff --git a/doc/guix.texi b/doc/guix.texi
index 6613a4af13..6a5038fd37 100644
--- a/doc/guix.texi
+++ b/doc/guix.texi
@@ -23271,6 +23271,32 @@ an absolute path can be specified here.
 @item @code{outputs} (default: @code{"(list (mpd-output))"})
 The audio outputs that MPD can use.  By default this is a single output using pulseaudio.
 
+@item @code{default-permissions} (default: @code{'(read add control admin)})
+The permissions a user that connected to the mpd server without a password should enjoy. 
+Should be a subset of @code{'(read add control admin)}.
+
+@item @code{credentials} (default: @code{'()})
+The list of credentials one can use to sign in to mpd and gain extra permissions.  By
+default this is an empty list.
+
+@end table
+@end deftp
+
+@deftp {Data Type} mpd-credential
+Data type representing an @command{mpd} password/permissions pair.
+
+@table @asis
+@item @code{password} (default: @code{""})
+The password used to authenticate.  The password may not contain "@".
+Warning: due to limitations of the mpd configuration system, the generated mpd config
+(which is stored in the guix store and is readable to all users) will include a
+plaintext copy of the provided password(s).
+
+@item @code{permissions} (default: @code{'()})
+The permissions one gains after authenticating to the server using @code{password}.
+This should be a subset of @code{'(read add control admin)}, as in
+@code{default-permissions}.
+
 @end table
 @end deftp
 
diff --git a/gnu/services/audio.scm b/gnu/services/audio.scm
index 345d8225b2..9a6dc8db94 100644
--- a/gnu/services/audio.scm
+++ b/gnu/services/audio.scm
@@ -26,6 +26,8 @@
   #:use-module (ice-9 match)
   #:export (mpd-output
             mpd-output?
+            mpd-credential
+            mpd-credential?
             mpd-configuration
             mpd-configuration?
             mpd-service-type))
@@ -36,6 +38,16 @@
 ;;;
 ;;; Code:
 
+(define-record-type* <mpd-credential>
+  mpd-credential make-mpd-credential
+  mpd-credential?
+  (password    mpd-credential-password
+               ;; valid: any string that does not contain #\@
+               (default ""))
+  (permissions mpd-credential-permissions
+               ;; valid: any subset of read, add, control and admin
+               (default '())))
+
 (define-record-type* <mpd-output>
   mpd-output make-mpd-output
   mpd-output?
@@ -58,24 +70,41 @@
 (define-record-type* <mpd-configuration>
   mpd-configuration make-mpd-configuration
   mpd-configuration?
-  (user         mpd-configuration-user
-                (default "mpd"))
-  (music-dir    mpd-configuration-music-dir
-                (default "~/Music"))
-  (playlist-dir mpd-configuration-playlist-dir
-                (default "~/.mpd/playlists"))
-  (db-file      mpd-configuration-db-file
-                (default "~/.mpd/tag_cache"))
-  (state-file   mpd-configuration-state-file
-                (default "~/.mpd/state"))
-  (sticker-file mpd-configuration-sticker-file
-                (default "~/.mpd/sticker.sql"))
-  (port         mpd-configuration-port
-                (default "6600"))
-  (address      mpd-configuration-address
-                (default "any"))
-  (outputs      mpd-configuration-outputs
-                (default (list (mpd-output)))))
+  (user                mpd-configuration-user
+                       (default "mpd"))
+  (music-dir           mpd-configuration-music-dir
+                       (default "~/Music"))
+  (playlist-dir        mpd-configuration-playlist-dir
+                       (default "~/.mpd/playlists"))
+  (db-file             mpd-configuration-db-file
+                       (default "~/.mpd/tag_cache"))
+  (state-file          mpd-configuration-state-file
+                       (default "~/.mpd/state"))
+  (sticker-file        mpd-configuration-sticker-file
+                       (default "~/.mpd/sticker.sql"))
+  (port                mpd-configuration-port
+                       (default "6600"))
+  (address             mpd-configuration-address
+                       (default "any"))
+  (credentials         mpd-configuration-credentials
+                       (default '()))
+  (default-permissions mpd-configuration-default-permissions
+                       (default '(read add control admin)))
+  (outputs             mpd-configuration-outputs
+                       (default (list (mpd-output)))))
+
+(define (mpd-permissions->string permissions)
+  (string-join (map symbol->string
+                    permissions)
+               ","))
+
+(define (mpd-credential->string credential)
+  "Convert the USER of type <mpd-credential> to a configuration file snippet."
+  (format #f
+          "password \"~a@~a\"\n"
+          (mpd-credential-password credential)
+          (mpd-permissions->string
+           (mpd-credential-permissions credential))))
 
 (define (mpd-output->string output)
   "Convert the OUTPUT of type <mpd-output> to a configuration file snippet."
@@ -110,8 +139,14 @@ audio_output {
   (apply
    mixed-text-file "mpd.conf"
    "pid_file \"" (mpd-file-name config "pid") "\"\n"
+   "default_permissions \""
+   (mpd-permissions->string
+    (mpd-configuration-default-permissions config))
+   "\"\n"
    (append (map mpd-output->string
                 (mpd-configuration-outputs config))
+           (map mpd-credential->string
+                (mpd-configuration-credentials config))
            (map (match-lambda
                   ((config-name config-val)
                    (string-append config-name " \"" (config-val config) "\"\n")))
@@ -143,10 +178,10 @@ audio_output {
              #:environment-variables
              ;; Required to detect PulseAudio when run under a user account.
              '(#$(string-append
-                   "XDG_RUNTIME_DIR=/run/user/"
-                   (number->string
-                     (passwd:uid
-                       (getpwnam (mpd-configuration-user config))))))
+                  "XDG_RUNTIME_DIR=/run/user/"
+                  (number->string
+                   (passwd:uid
+                    (getpwnam (mpd-configuration-user config))))))
              #:log-file #$(mpd-file-name config "log")))
    (stop  #~(make-kill-destructor))))
 
-- 
2.26.2
?
Your comment

Commenting via the web interface is currently disabled.

To comment on this conversation send email to 40878@debbugs.gnu.org