Merge pull request #7738 from obsidiansystems/delete-authHook

Get rid of the `authHook` parameter on `processConnection`
This commit is contained in:
Eelco Dolstra 2023-02-03 11:54:05 +01:00 committed by GitHub
commit 1647354d6b
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
4 changed files with 5 additions and 23 deletions

View file

@ -1516,8 +1516,7 @@ void LocalDerivationGoal::startDaemon()
FdSink to(remote.get()); FdSink to(remote.get());
try { try {
daemon::processConnection(store, from, to, daemon::processConnection(store, from, to,
daemon::NotTrusted, daemon::Recursive, daemon::NotTrusted, daemon::Recursive);
[&](Store & store) {});
debug("terminated daemon connection"); debug("terminated daemon connection");
} catch (SysError &) { } catch (SysError &) {
ignoreException(); ignoreException();

View file

@ -985,8 +985,7 @@ void processConnection(
FdSource & from, FdSource & from,
FdSink & to, FdSink & to,
TrustedFlag trusted, TrustedFlag trusted,
RecursiveFlag recursive, RecursiveFlag recursive)
std::function<void(Store &)> authHook)
{ {
auto monitor = !recursive ? std::make_unique<MonitorFdHup>(from.fd) : nullptr; auto monitor = !recursive ? std::make_unique<MonitorFdHup>(from.fd) : nullptr;
@ -1029,10 +1028,6 @@ void processConnection(
try { try {
/* If we can't accept clientVersion, then throw an error
*here* (not above). */
authHook(*store);
tunnelLogger->stopWork(); tunnelLogger->stopWork();
to.flush(); to.flush();

View file

@ -13,11 +13,6 @@ void processConnection(
FdSource & from, FdSource & from,
FdSink & to, FdSink & to,
TrustedFlag trusted, TrustedFlag trusted,
RecursiveFlag recursive, RecursiveFlag recursive);
/* Arbitrary hook to check authorization / initialize user data / whatever
after the protocol has been negotiated. The idea is that this function
and everything it calls doesn't know about this stuff, and the
`nix-daemon` handles that instead. */
std::function<void(Store &)> authHook);
} }

View file

@ -241,14 +241,7 @@ static void daemonLoop()
// Handle the connection. // Handle the connection.
FdSource from(remote.get()); FdSource from(remote.get());
FdSink to(remote.get()); FdSink to(remote.get());
processConnection(openUncachedStore(), from, to, trusted, NotRecursive, [&](Store & store) { processConnection(openUncachedStore(), from, to, trusted, NotRecursive);
#if 0
/* Prevent users from doing something very dangerous. */
if (geteuid() == 0 &&
querySetting("build-users-group", "") == "")
throw Error("if you run 'nix-daemon' as root, then you MUST set 'build-users-group'!");
#endif
});
exit(0); exit(0);
}, options); }, options);
@ -301,7 +294,7 @@ static void runDaemon(bool stdio)
/* Auth hook is empty because in this mode we blindly trust the /* Auth hook is empty because in this mode we blindly trust the
standard streams. Limiting access to those is explicitly standard streams. Limiting access to those is explicitly
not `nix-daemon`'s responsibility. */ not `nix-daemon`'s responsibility. */
processConnection(openUncachedStore(), from, to, Trusted, NotRecursive, [&](Store & _){}); processConnection(openUncachedStore(), from, to, Trusted, NotRecursive);
} }
} else } else
daemonLoop(); daemonLoop();