mirror of
https://github.com/privatevoid-net/nix-super.git
synced 2024-11-27 00:06:16 +02:00
Merge pull request #7738 from obsidiansystems/delete-authHook
Get rid of the `authHook` parameter on `processConnection`
This commit is contained in:
commit
1647354d6b
4 changed files with 5 additions and 23 deletions
|
@ -1516,8 +1516,7 @@ void LocalDerivationGoal::startDaemon()
|
||||||
FdSink to(remote.get());
|
FdSink to(remote.get());
|
||||||
try {
|
try {
|
||||||
daemon::processConnection(store, from, to,
|
daemon::processConnection(store, from, to,
|
||||||
daemon::NotTrusted, daemon::Recursive,
|
daemon::NotTrusted, daemon::Recursive);
|
||||||
[&](Store & store) {});
|
|
||||||
debug("terminated daemon connection");
|
debug("terminated daemon connection");
|
||||||
} catch (SysError &) {
|
} catch (SysError &) {
|
||||||
ignoreException();
|
ignoreException();
|
||||||
|
|
|
@ -985,8 +985,7 @@ void processConnection(
|
||||||
FdSource & from,
|
FdSource & from,
|
||||||
FdSink & to,
|
FdSink & to,
|
||||||
TrustedFlag trusted,
|
TrustedFlag trusted,
|
||||||
RecursiveFlag recursive,
|
RecursiveFlag recursive)
|
||||||
std::function<void(Store &)> authHook)
|
|
||||||
{
|
{
|
||||||
auto monitor = !recursive ? std::make_unique<MonitorFdHup>(from.fd) : nullptr;
|
auto monitor = !recursive ? std::make_unique<MonitorFdHup>(from.fd) : nullptr;
|
||||||
|
|
||||||
|
@ -1029,10 +1028,6 @@ void processConnection(
|
||||||
|
|
||||||
try {
|
try {
|
||||||
|
|
||||||
/* If we can't accept clientVersion, then throw an error
|
|
||||||
*here* (not above). */
|
|
||||||
authHook(*store);
|
|
||||||
|
|
||||||
tunnelLogger->stopWork();
|
tunnelLogger->stopWork();
|
||||||
to.flush();
|
to.flush();
|
||||||
|
|
||||||
|
|
|
@ -13,11 +13,6 @@ void processConnection(
|
||||||
FdSource & from,
|
FdSource & from,
|
||||||
FdSink & to,
|
FdSink & to,
|
||||||
TrustedFlag trusted,
|
TrustedFlag trusted,
|
||||||
RecursiveFlag recursive,
|
RecursiveFlag recursive);
|
||||||
/* Arbitrary hook to check authorization / initialize user data / whatever
|
|
||||||
after the protocol has been negotiated. The idea is that this function
|
|
||||||
and everything it calls doesn't know about this stuff, and the
|
|
||||||
`nix-daemon` handles that instead. */
|
|
||||||
std::function<void(Store &)> authHook);
|
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
|
@ -241,14 +241,7 @@ static void daemonLoop()
|
||||||
// Handle the connection.
|
// Handle the connection.
|
||||||
FdSource from(remote.get());
|
FdSource from(remote.get());
|
||||||
FdSink to(remote.get());
|
FdSink to(remote.get());
|
||||||
processConnection(openUncachedStore(), from, to, trusted, NotRecursive, [&](Store & store) {
|
processConnection(openUncachedStore(), from, to, trusted, NotRecursive);
|
||||||
#if 0
|
|
||||||
/* Prevent users from doing something very dangerous. */
|
|
||||||
if (geteuid() == 0 &&
|
|
||||||
querySetting("build-users-group", "") == "")
|
|
||||||
throw Error("if you run 'nix-daemon' as root, then you MUST set 'build-users-group'!");
|
|
||||||
#endif
|
|
||||||
});
|
|
||||||
|
|
||||||
exit(0);
|
exit(0);
|
||||||
}, options);
|
}, options);
|
||||||
|
@ -301,7 +294,7 @@ static void runDaemon(bool stdio)
|
||||||
/* Auth hook is empty because in this mode we blindly trust the
|
/* Auth hook is empty because in this mode we blindly trust the
|
||||||
standard streams. Limiting access to those is explicitly
|
standard streams. Limiting access to those is explicitly
|
||||||
not `nix-daemon`'s responsibility. */
|
not `nix-daemon`'s responsibility. */
|
||||||
processConnection(openUncachedStore(), from, to, Trusted, NotRecursive, [&](Store & _){});
|
processConnection(openUncachedStore(), from, to, Trusted, NotRecursive);
|
||||||
}
|
}
|
||||||
} else
|
} else
|
||||||
daemonLoop();
|
daemonLoop();
|
||||||
|
|
Loading…
Reference in a new issue