From 8c2027e1386e3dd303a8d11a4f80edac0b96a5cb Mon Sep 17 00:00:00 2001 From: Eelco Dolstra Date: Mon, 8 Dec 2025 12:56:48 +0100 Subject: [PATCH] authPeer(): Use std::optional instead of empty string --- src/nix/unix/daemon.cc | 31 ++++++++++++++++++------------- 1 file changed, 18 insertions(+), 13 deletions(-) diff --git a/src/nix/unix/daemon.cc b/src/nix/unix/daemon.cc index 83e7e93fa..406258ff8 100644 --- a/src/nix/unix/daemon.cc +++ b/src/nix/unix/daemon.cc @@ -174,22 +174,23 @@ static bool matchUser(std::string_view user, const struct group & gr) * * Otherwise: No. */ -static bool matchUser(const std::string & user, const std::string & group, const Strings & users) +static bool +matchUser(const std::optional & user, const std::optional & group, const Strings & users) { if (find(users.begin(), users.end(), "*") != users.end()) return true; - if (find(users.begin(), users.end(), user) != users.end()) + if (user && find(users.begin(), users.end(), *user) != users.end()) return true; for (auto & i : users) if (i.substr(0, 1) == "@") { - if (group == i.substr(1)) + if (group && *group == i.substr(1)) return true; struct group * gr = getgrnam(i.c_str() + 1); if (!gr) continue; - if (matchUser(user, *gr)) + if (user && matchUser(*user, *gr)) return true; } @@ -264,15 +265,19 @@ static ref openUncachedStore() * * If the potential client is not allowed to talk to us, we throw an `Error`. */ -static std::pair authPeer(const PeerInfo & peer) +static std::pair> authPeer(const PeerInfo & peer) { TrustedFlag trusted = NotTrusted; auto pw = peer.uid ? getpwuid(*peer.uid) : nullptr; - std::string user = pw ? pw->pw_name : peer.uid ? std::to_string(*peer.uid) : ""; + auto user = pw ? std::optional(pw->pw_name) + : peer.uid ? std::optional(std::to_string(*peer.uid)) + : std::nullopt; auto gr = peer.gid ? getgrgid(*peer.gid) : 0; - std::string group = gr ? gr->gr_name : peer.gid ? std::to_string(*peer.gid) : ""; + auto group = gr ? std::optional(gr->gr_name) + : peer.gid ? std::optional(std::to_string(*peer.gid)) + : std::nullopt; const Strings & trustedUsers = authorizationSettings.trustedUsers; const Strings & allowedUsers = authorizationSettings.allowedUsers; @@ -281,7 +286,7 @@ static std::pair authPeer(const PeerInfo & peer) trusted = Trusted; if ((!trusted && !matchUser(user, group, allowedUsers)) || group == settings.buildUsersGroup) - throw Error("user '%1%' is not allowed to connect to the Nix daemon", user); + throw Error("user '%1%' is not allowed to connect to the Nix daemon", user.value_or("")); return {trusted, std::move(user)}; } @@ -360,21 +365,21 @@ static void daemonLoop(std::optional forceTrustClientOpt) PeerInfo peer; TrustedFlag trusted; - std::string user = ""; + std::optional userName; if (forceTrustClientOpt) trusted = *forceTrustClientOpt; else { peer = getPeerInfo(remote.get()); - auto [_trusted, _user] = authPeer(peer); + auto [_trusted, _userName] = authPeer(peer); trusted = _trusted; - user = _user; + userName = _userName; }; printInfo( (std::string) "accepted connection from pid %1%, user %2%" + (trusted ? " (trusted)" : ""), peer.pid ? std::to_string(*peer.pid) : "", - user); + userName.value_or("")); // Fork a child to handle the connection. ProcessOptions options; @@ -412,7 +417,7 @@ static void daemonLoop(std::optional forceTrustClientOpt) } catch (Error & error) { auto ei = error.info(); // FIXME: add to trace? - ei.msg = HintFmt("error processing connection: %1%", ei.msg.str()); + ei.msg = HintFmt("while processing connection: %1%", ei.msg.str()); logError(ei); } }