Separate auth and logic for the daemon

Before, processConnection wanted to know a user name and user id, and `nix-daemon --stdio`, when it isn't proxying to an underlying daemon, would just assume "root" and 0. But `nix-daemon --stdio` (no proxying) shouldn't make guesses about who holds the other end of its standard streams. Now processConnection takes an "auth hook", so `nix-daemon` can provide the appropriate policy and daemon.cc doesn't need to know or care what it is.
author: John Ericson <John.Ericson@Obsidian.Systems> 2020-08-12 15:14:56 +0000
committer: John Ericson <John.Ericson@Obsidian.Systems> 2020-08-12 15:22:33 +0000
commit: 8d4162ff9e940ea9e2f97b07f3030a722695901a (patch)
tree: 84835ec903463524e4d9a8838645b496d2eecbcc /src/libstore/daemon.hh
parent: 574bf60b4d47f64c0b83b0cd032d34a67dbb3453 (diff)
1 files changed, 5 insertions, 2 deletions
diff --git a/src/libstore/daemon.hh b/src/libstore/daemon.hh
index 266932013..841ace316 100644
--- a/src/libstore/daemon.hh
+++ b/src/libstore/daemon.hh
@@ -12,7 +12,10 @@ void processConnection(
     FdSink & to,
     TrustedFlag trusted,
     RecursiveFlag recursive,
-    const std::string & userName,
-    uid_t userId);
+    /* Arbitrary hook to check authorization / initialize user data / whatever
+       after the protocol has been negotiated. The idea is that this function
+       and everything it calls doesn't know about this stuff, and the
+       `nix-daemon` handles that instead. */
+    std::function<void(Store &)> authHook);
 
 }
author	John Ericson <John.Ericson@Obsidian.Systems>	2020-08-12 15:14:56 +0000
committer	John Ericson <John.Ericson@Obsidian.Systems>	2020-08-12 15:22:33 +0000
commit	8d4162ff9e940ea9e2f97b07f3030a722695901a (patch)
tree	84835ec903463524e4d9a8838645b496d2eecbcc /src/libstore/daemon.hh
parent	574bf60b4d47f64c0b83b0cd032d34a67dbb3453 (diff)