From e7cb2847ab1cec48eac6a86c56885b3f0df76275 Mon Sep 17 00:00:00 2001 From: Dan Peebles Date: Tue, 21 Feb 2017 22:50:18 -0500 Subject: Explicitly model all settings and fail on unrecognized ones Previously, the Settings class allowed other code to query for string properties, which led to a proliferation of code all over the place making up new options without any sort of central registry of valid options. This commit pulls all those options back into the central Settings class and removes the public get() methods, to discourage future abuses like that. Furthermore, because we know the full set of options ahead of time, we now fail loudly if someone enters an unrecognized option, thus preventing subtle typos. With some template fun, we could probably also dump the full set of options (with documentation, defaults, etc.) to the command line, but I'm not doing that yet here. --- src/nix-daemon/nix-daemon.cc | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'src/nix-daemon') diff --git a/src/nix-daemon/nix-daemon.cc b/src/nix-daemon/nix-daemon.cc index 3b43ddfa16d5..2fcb5b565a9f 100644 --- a/src/nix-daemon/nix-daemon.cc +++ b/src/nix-daemon/nix-daemon.cc @@ -865,8 +865,8 @@ static void daemonLoop(char * * argv) struct group * gr = peer.gidKnown ? getgrgid(peer.gid) : 0; string group = gr ? gr->gr_name : std::to_string(peer.gid); - Strings trustedUsers = settings.get("trusted-users", Strings({"root"})); - Strings allowedUsers = settings.get("allowed-users", Strings({"*"})); + Strings trustedUsers = settings.trustedUsers; + Strings allowedUsers = settings.allowedUsers; if (matchUser(user, group, trustedUsers)) trusted = true; -- cgit 1.4.1