mirror of
https://github.com/NixOS/nix.git
synced 2024-11-25 08:12:29 +00:00
Merge pull request #7738 from obsidiansystems/delete-authHook
Get rid of the `authHook` parameter on `processConnection`
This commit is contained in:
commit
1647354d6b
@ -1516,8 +1516,7 @@ void LocalDerivationGoal::startDaemon()
|
||||
FdSink to(remote.get());
|
||||
try {
|
||||
daemon::processConnection(store, from, to,
|
||||
daemon::NotTrusted, daemon::Recursive,
|
||||
[&](Store & store) {});
|
||||
daemon::NotTrusted, daemon::Recursive);
|
||||
debug("terminated daemon connection");
|
||||
} catch (SysError &) {
|
||||
ignoreException();
|
||||
|
@ -985,8 +985,7 @@ void processConnection(
|
||||
FdSource & from,
|
||||
FdSink & to,
|
||||
TrustedFlag trusted,
|
||||
RecursiveFlag recursive,
|
||||
std::function<void(Store &)> authHook)
|
||||
RecursiveFlag recursive)
|
||||
{
|
||||
auto monitor = !recursive ? std::make_unique<MonitorFdHup>(from.fd) : nullptr;
|
||||
|
||||
@ -1029,10 +1028,6 @@ void processConnection(
|
||||
|
||||
try {
|
||||
|
||||
/* If we can't accept clientVersion, then throw an error
|
||||
*here* (not above). */
|
||||
authHook(*store);
|
||||
|
||||
tunnelLogger->stopWork();
|
||||
to.flush();
|
||||
|
||||
|
@ -13,11 +13,6 @@ void processConnection(
|
||||
FdSource & from,
|
||||
FdSink & to,
|
||||
TrustedFlag trusted,
|
||||
RecursiveFlag recursive,
|
||||
/* Arbitrary hook to check authorization / initialize user data / whatever
|
||||
after the protocol has been negotiated. The idea is that this function
|
||||
and everything it calls doesn't know about this stuff, and the
|
||||
`nix-daemon` handles that instead. */
|
||||
std::function<void(Store &)> authHook);
|
||||
RecursiveFlag recursive);
|
||||
|
||||
}
|
||||
|
@ -241,14 +241,7 @@ static void daemonLoop()
|
||||
// Handle the connection.
|
||||
FdSource from(remote.get());
|
||||
FdSink to(remote.get());
|
||||
processConnection(openUncachedStore(), from, to, trusted, NotRecursive, [&](Store & store) {
|
||||
#if 0
|
||||
/* Prevent users from doing something very dangerous. */
|
||||
if (geteuid() == 0 &&
|
||||
querySetting("build-users-group", "") == "")
|
||||
throw Error("if you run 'nix-daemon' as root, then you MUST set 'build-users-group'!");
|
||||
#endif
|
||||
});
|
||||
processConnection(openUncachedStore(), from, to, trusted, NotRecursive);
|
||||
|
||||
exit(0);
|
||||
}, options);
|
||||
@ -301,7 +294,7 @@ static void runDaemon(bool stdio)
|
||||
/* Auth hook is empty because in this mode we blindly trust the
|
||||
standard streams. Limiting access to those is explicitly
|
||||
not `nix-daemon`'s responsibility. */
|
||||
processConnection(openUncachedStore(), from, to, Trusted, NotRecursive, [&](Store & _){});
|
||||
processConnection(openUncachedStore(), from, to, Trusted, NotRecursive);
|
||||
}
|
||||
} else
|
||||
daemonLoop();
|
||||
|
Loading…
Reference in New Issue
Block a user