aboutsummaryrefslogtreecommitdiff
path: root/src/libstore
diff options
context:
space:
mode:
authorJohn Ericson <John.Ericson@Obsidian.Systems>2020-08-12 15:14:56 +0000
committerJohn Ericson <John.Ericson@Obsidian.Systems>2020-08-12 15:22:33 +0000
commit8d4162ff9e940ea9e2f97b07f3030a722695901a (patch)
tree84835ec903463524e4d9a8838645b496d2eecbcc /src/libstore
parent574bf60b4d47f64c0b83b0cd032d34a67dbb3453 (diff)
Separate auth and logic for the daemon
Before, processConnection wanted to know a user name and user id, and `nix-daemon --stdio`, when it isn't proxying to an underlying daemon, would just assume "root" and 0. But `nix-daemon --stdio` (no proxying) shouldn't make guesses about who holds the other end of its standard streams. Now processConnection takes an "auth hook", so `nix-daemon` can provide the appropriate policy and daemon.cc doesn't need to know or care what it is.
Diffstat (limited to 'src/libstore')
-rw-r--r--src/libstore/build.cc3
-rw-r--r--src/libstore/daemon.cc13
-rw-r--r--src/libstore/daemon.hh7
3 files changed, 9 insertions, 14 deletions
diff --git a/src/libstore/build.cc b/src/libstore/build.cc
index 76baa1a6e..3fb052f00 100644
--- a/src/libstore/build.cc
+++ b/src/libstore/build.cc
@@ -2920,7 +2920,8 @@ void DerivationGoal::startDaemon()
FdSink to(remote.get());
try {
daemon::processConnection(store, from, to,
- daemon::NotTrusted, daemon::Recursive, "nobody", 65535);
+ daemon::NotTrusted, daemon::Recursive,
+ [&](Store & store) { store.createUser("nobody", 65535); });
debug("terminated daemon connection");
} catch (SysError &) {
ignoreException();
diff --git a/src/libstore/daemon.cc b/src/libstore/daemon.cc
index 5e568fc94..7a6eb99be 100644
--- a/src/libstore/daemon.cc
+++ b/src/libstore/daemon.cc
@@ -817,8 +817,7 @@ void processConnection(
FdSink & to,
TrustedFlag trusted,
RecursiveFlag recursive,
- const std::string & userName,
- uid_t userId)
+ std::function<void(Store &)> authHook)
{
auto monitor = !recursive ? std::make_unique<MonitorFdHup>(from.fd) : nullptr;
@@ -859,15 +858,7 @@ void processConnection(
/* If we can't accept clientVersion, then throw an error
*here* (not above). */
-
-#if 0
- /* Prevent users from doing something very dangerous. */
- if (geteuid() == 0 &&
- querySetting("build-users-group", "") == "")
- throw Error("if you run 'nix-daemon' as root, then you MUST set 'build-users-group'!");
-#endif
-
- store->createUser(userName, userId);
+ authHook(*store);
tunnelLogger->stopWork();
to.flush();
diff --git a/src/libstore/daemon.hh b/src/libstore/daemon.hh
index 266932013..841ace316 100644
--- a/src/libstore/daemon.hh
+++ b/src/libstore/daemon.hh
@@ -12,7 +12,10 @@ void processConnection(
FdSink & to,
TrustedFlag trusted,
RecursiveFlag recursive,
- const std::string & userName,
- uid_t userId);
+ /* Arbitrary hook to check authorization / initialize user data / whatever
+ after the protocol has been negotiated. The idea is that this function
+ and everything it calls doesn't know about this stuff, and the
+ `nix-daemon` handles that instead. */
+ std::function<void(Store &)> authHook);
}