diff options
-rw-r--r-- | src/download-via-ssh/download-via-ssh.cc | 2 | ||||
-rw-r--r-- | src/libstore/globals.cc | 12 | ||||
-rw-r--r-- | src/libstore/globals.hh | 4 | ||||
-rw-r--r-- | src/nix-daemon/nix-daemon.cc | 3 |
4 files changed, 15 insertions, 6 deletions
diff --git a/src/download-via-ssh/download-via-ssh.cc b/src/download-via-ssh/download-via-ssh.cc index 466233c7a5e5..688fb523a77a 100644 --- a/src/download-via-ssh/download-via-ssh.cc +++ b/src/download-via-ssh/download-via-ssh.cc @@ -103,7 +103,7 @@ void run(Strings args) /* Pass on the location of the daemon client's SSH authentication socket. */ - string sshAuthSock = settings.get("ssh-auth-sock"); + string sshAuthSock = settings.get("ssh-auth-sock", ""); if (sshAuthSock != "") setenv("SSH_AUTH_SOCK", sshAuthSock.c_str(), 1); string host = settings.sshSubstituterHosts.front(); diff --git a/src/libstore/globals.cc b/src/libstore/globals.cc index 8fad6e5a9f83..23ece4a23369 100644 --- a/src/libstore/globals.cc +++ b/src/libstore/globals.cc @@ -63,8 +63,6 @@ Settings::Settings() lockCPU = getEnv("NIX_AFFINITY_HACK", "1") == "1"; showTrace = false; enableImportNative = false; - trustedUsers = Strings({"root"}); - allowedUsers = Strings({"*"}); } @@ -130,6 +128,14 @@ string Settings::get(const string & name, const string & def) } +Strings Settings::get(const string & name, const Strings & def) +{ + auto i = settings.find(name); + if (i == settings.end()) return def; + return tokenizeString<Strings>(i->second); +} + + void Settings::update() { _get(tryFallback, "build-fallback"); @@ -161,8 +167,6 @@ void Settings::update() _get(logServers, "log-servers"); _get(enableImportNative, "allow-unsafe-native-code-during-evaluation"); _get(useCaseHack, "use-case-hack"); - _get(trustedUsers, "trusted-users"); - _get(allowedUsers, "allowed-users"); string subs = getEnv("NIX_SUBSTITUTERS", "default"); if (subs == "default") { diff --git a/src/libstore/globals.hh b/src/libstore/globals.hh index 1202f5dd2336..743d2061ffa5 100644 --- a/src/libstore/globals.hh +++ b/src/libstore/globals.hh @@ -21,7 +21,9 @@ struct Settings { void set(const string & name, const string & value); - string get(const string & name, const string & def = ""); + string get(const string & name, const string & def); + + Strings get(const string & name, const Strings & def); void update(); diff --git a/src/nix-daemon/nix-daemon.cc b/src/nix-daemon/nix-daemon.cc index 2d6a3c4c416b..77c63f1e6d06 100644 --- a/src/nix-daemon/nix-daemon.cc +++ b/src/nix-daemon/nix-daemon.cc @@ -743,6 +743,9 @@ static void daemonLoop() struct group * gr = getgrgid(cred.gid); string group = gr ? gr->gr_name : int2String(cred.gid); + Strings trustedUsers = settings.get("trusted-users", Strings({"root"})); + Strings allowedUsers = settings.get("allowed-users", Strings({"*"})); + if (matchUser(user, group, settings.trustedUsers)) trusted = true; |