gnu: Add pam-mount.

* gnu/packages/admin.scm (pam-mount): New variable.
* gnu/packages/patches/pam-mount-luks2-support.patch: New file.
* gnu/local.mk (dist_patch_DATA): Add it.

Signed-off-by: Ludovic Courtès <ludo@gnu.org>

gnu/local.mk

@@ -1216,6 +1216,7 @@ dist_patch_DATA =						\
   %D%/packages/patches/p7zip-CVE-2016-9296.patch		\
   %D%/packages/patches/p7zip-CVE-2017-17969.patch		\
   %D%/packages/patches/p7zip-remove-unused-code.patch		\
+  %D%/packages/patches/pam-mount-luks2-support.patch		\
   %D%/packages/patches/patchutils-test-perms.patch		\
   %D%/packages/patches/patch-hurd-path-max.patch		\
   %D%/packages/patches/pcre2-fix-jit_match-crash.patch		\

gnu/packages/admin.scm

@@ -28,6 +28,7 @@
 ;;; Copyright © 2019 Jakob L. Kreuze <zerodaysfordays@sdf.lonestar.org>
 ;;; Copyright © 2019 Hartmut Goebel <h.goebel@crazy-compilers.com>
 ;;; Copyright © 2019 Alex Griffin <a@ajgrf.com>
+;;; Copyright © 2019 Guillaume Le Vaillant <glv@posteo.net>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -61,8 +62,10 @@ (define-module (gnu packages admin)
   #:use-module (gnu packages algebra)
   #:use-module (gnu packages base)
   #:use-module (gnu packages bash)
+  #:use-module (gnu packages c)
   #:use-module (gnu packages check)
   #:use-module (gnu packages crypto)
+  #:use-module (gnu packages cryptsetup)
   #:use-module (gnu packages cyrus-sasl)
   #:use-module (gnu packages dns)
   #:use-module (gnu packages file)
@@ -3513,3 +3516,68 @@ (define-public ngrep
 filter logic in the same fashion as more common packet sniffing tools, such as
 tcpdump and snoop.")
     (license license:bsd-3)))
+
+(define-public pam-mount
+  (package
+    (name "pam-mount")
+    (version "2.16")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (string-append "mirror://sourceforge/pam-mount/pam_mount/"
+                           version "/pam_mount-" version ".tar.xz"))
+       (sha256
+        (base32
+         "1rvi4irb7ylsbhvx1cr6islm2xxw1a4b19q6z4a9864ndkm0f0mf"))
+       (patches
+        ;; Patch adding support for encrypted volumes in LUKS2 format.
+        ;; It comes from the Gentoo package definition for sys-auth/pam_mount.
+        (search-patches "pam-mount-luks2-support.patch"))))
+    (build-system gnu-build-system)
+    (native-inputs
+     `(("perl" ,perl)
+       ("pkg-config" ,pkg-config)))
+    (inputs
+     `(("cryptsetup" ,cryptsetup)
+       ("libhx" ,libhx)
+       ("libxml2" ,libxml2)
+       ("linux-pam" ,linux-pam)
+       ("lvm2" ,lvm2)
+       ("openssl" ,openssl)
+       ("pcre" ,pcre)
+       ("util-linux" ,util-linux)))
+    (arguments
+     `(#:configure-flags
+       (list (string-append "--with-slibdir=" %output "/lib")
+             (string-append "--with-ssbindir=" %output "/sbin"))
+       #:phases
+       (modify-phases %standard-phases
+         (add-after 'unpack 'fix-program-paths
+           (lambda* (#:key inputs outputs #:allow-other-keys)
+             (let ((util-linux (assoc-ref inputs "util-linux"))
+                   (out (assoc-ref outputs "out")))
+               (substitute* "src/mtcrypt.c"
+                 (("\"mount\";")
+                  (string-append "\"" util-linux "/bin/mount\";"))
+                 (("\"umount\";")
+                  (string-append "\"" util-linux "/bin/umount\";"))
+                 (("\"fsck\",")
+                  (string-append "\"" util-linux "/sbin/fsck\",")))
+               (substitute* "src/rdconf1.c"
+                 (("\"mount\", \"")
+                  (string-append "\"" util-linux "/bin/mount\", \""))
+                 (("\"umount\", \"")
+                  (string-append "\"" util-linux "/bin/umount\", \""))
+                 (("\"fsck\", \"")
+                  (string-append "\"" util-linux "/sbin/fsck\", \""))
+                 (("\"pmvarrun\", \"")
+                  (string-append "\"" out "/sbin/pmvarrun\", \""))))
+             #t)))))
+    (home-page "http://pam-mount.sourceforge.net")
+    (synopsis "PAM module to mount volumes for a user session")
+    (description
+     "Pam-mount is a PAM module that can mount volumes when a user logs in.
+It supports mounting local filesystems of any kind the normal mount utility
+supports.  It can also mount encrypted LUKS volumes using the password
+supplied by the user when logging in.")
+    (license (list license:gpl2+ license:lgpl2.1+))))

gnu/packages/patches/pam-mount-luks2-support.patch

@@ -0,0 +1,51 @@
+From d4434c05e7c0cf05d87089404cfa2deedc60811a Mon Sep 17 00:00:00 2001
+From: Ingo Franzki <ifranzki@linux.ibm.com>
+Date: Mon, 29 Oct 2018 16:47:40 +0100
+Subject: [PATCH] crypto: Add support for LUKS2
+
+Cryptsetup version 2.0 added support for LUKS2.
+This patch adds support for mounting LUKS2 volumes with
+pam_mount.
+
+Signed-off-by: Ingo Franzki <ifranzki@linux.ibm.com>
+---
+ src/crypto-dmc.c | 10 ++++++++--
+ 1 file changed, 8 insertions(+), 2 deletions(-)
+
+diff --git a/src/crypto-dmc.c b/src/crypto-dmc.c
+index d0ab6ca..abd0358 100644
+--- a/src/crypto-dmc.c
++++ b/src/crypto-dmc.c
+@@ -21,6 +21,12 @@
+ #include "libcryptmount.h"
+ #include "pam_mount.h"
+ 
++#ifndef CRYPT_LUKS
++	#define CRYPT_LUKS	NULL /* Passing NULL to crypt_load will
++					default to LUKS(1) on older
++					libcryptsetup versions. */
++#endif
++
+ /**
+  * dmc_is_luks - check if @path points to a LUKS volume (cf. normal dm-crypt)
+  * @path:	path to the crypto container
+@@ -48,7 +54,7 @@ EXPORT_SYMBOL int ehd_is_luks(const char *path, bool blkdev)
+ 
+ 	ret = crypt_init(&cd, device);
+ 	if (ret == 0) {
+-		ret = crypt_load(cd, CRYPT_LUKS1, NULL);
++		ret = crypt_load(cd, CRYPT_LUKS, NULL);
+ 		if (ret == -EINVAL)
+ 			ret = false;
+ 		else if (ret == 0)
+@@ -106,7 +112,7 @@ static bool dmc_run(const struct ehd_mount_request *req,
+ #endif
+ 	}
+ 
+-	ret = crypt_load(cd, CRYPT_LUKS1, NULL);
++	ret = crypt_load(cd, CRYPT_LUKS, NULL);
+ 	if (ret == 0) {
+ 		ret = crypt_activate_by_passphrase(cd, mt->crypto_name,
+ 		      CRYPT_ANY_SLOT, req->key_data, req->key_size, flags);
+-- 
+2.21.0