8d4162ff9e
Before, processConnection wanted to know a user name and user id, and `nix-daemon --stdio`, when it isn't proxying to an underlying daemon, would just assume "root" and 0. But `nix-daemon --stdio` (no proxying) shouldn't make guesses about who holds the other end of its standard streams. Now processConnection takes an "auth hook", so `nix-daemon` can provide the appropriate policy and daemon.cc doesn't need to know or care what it is.
22 lines
666 B
C++
22 lines
666 B
C++
#include "serialise.hh"
|
|
#include "store-api.hh"
|
|
|
|
namespace nix::daemon {
|
|
|
|
enum TrustedFlag : bool { NotTrusted = false, Trusted = true };
|
|
enum RecursiveFlag : bool { NotRecursive = false, Recursive = true };
|
|
|
|
void processConnection(
|
|
ref<Store> store,
|
|
FdSource & from,
|
|
FdSink & to,
|
|
TrustedFlag trusted,
|
|
RecursiveFlag recursive,
|
|
/* Arbitrary hook to check authorization / initialize user data / whatever
|
|
after the protocol has been negotiated. The idea is that this function
|
|
and everything it calls doesn't know about this stuff, and the
|
|
`nix-daemon` handles that instead. */
|
|
std::function<void(Store &)> authHook);
|
|
|
|
}
|