authPeer(): Use std::optional instead of empty string

2025-12-12 12:01:05 +01:00 · 2025-12-08 12:56:48 +01:00 · 2025-12-08 12:56:48 +01:00 · 8c2027e138
commit 8c2027e138
parent 5d7f6efc82
1 changed files with 18 additions and 13 deletions
--- a/src/nix/unix/daemon.cc
+++ b/src/nix/unix/daemon.cc
@ -174,22 +174,23 @@ static bool matchUser(std::string_view user, const struct group & gr)
 *
 * Otherwise: No.
 */
-static bool matchUser(const std::string & user, const std::string & group, const Strings & users)
+static bool
 matchUser(const std::optional<std::string> & user, const std::optional<std::string> & group, const Strings & users)
 {
    if (find(users.begin(), users.end(), "*") != users.end())
        return true;
-    if (find(users.begin(), users.end(), user) != users.end())
+    if (user && find(users.begin(), users.end(), *user) != users.end())
        return true;
    for (auto & i : users)
        if (i.substr(0, 1) == "@") {
-            if (group == i.substr(1))
+            if (group && *group == i.substr(1))
                return true;
            struct group * gr = getgrnam(i.c_str() + 1);
            if (!gr)
                continue;
-            if (matchUser(user, *gr))
+            if (user && matchUser(*user, *gr))
                return true;
        }
@ -264,15 +265,19 @@ static ref<Store> openUncachedStore()
 *
 * If the potential client is not allowed to talk to us, we throw an `Error`.
 */
-static std::pair<TrustedFlag, std::string> authPeer(const PeerInfo & peer)
+static std::pair<TrustedFlag, std::optional<std::string>> authPeer(const PeerInfo & peer)
 {
    TrustedFlag trusted = NotTrusted;
    auto pw = peer.uid ? getpwuid(*peer.uid) : nullptr;
-    std::string user = pw ? pw->pw_name : peer.uid ? std::to_string(*peer.uid) : "";
+    auto user = pw         ? std::optional<std::string>(pw->pw_name)
                : peer.uid ? std::optional(std::to_string(*peer.uid))
                           : std::nullopt;
    auto gr = peer.gid ? getgrgid(*peer.gid) : 0;
-    std::string group = gr ? gr->gr_name : peer.gid ? std::to_string(*peer.gid) : "";
+    auto group = gr         ? std::optional<std::string>(gr->gr_name)
                 : peer.gid ? std::optional(std::to_string(*peer.gid))
                            : std::nullopt;
    const Strings & trustedUsers = authorizationSettings.trustedUsers;
    const Strings & allowedUsers = authorizationSettings.allowedUsers;
@ -281,7 +286,7 @@ static std::pair<TrustedFlag, std::string> authPeer(const PeerInfo & peer)
        trusted = Trusted;
    if ((!trusted && !matchUser(user, group, allowedUsers)) || group == settings.buildUsersGroup)
-        throw Error("user '%1%' is not allowed to connect to the Nix daemon", user);
+        throw Error("user '%1%' is not allowed to connect to the Nix daemon", user.value_or("<unknown>"));
    return {trusted, std::move(user)};
 }
@ -360,21 +365,21 @@ static void daemonLoop(std::optional<TrustedFlag> forceTrustClientOpt)
            PeerInfo peer;
            TrustedFlag trusted;
-            std::string user = "<unknown>";
+            std::optional<std::string> userName;
            if (forceTrustClientOpt)
                trusted = *forceTrustClientOpt;
            else {
                peer = getPeerInfo(remote.get());
-                auto [_trusted, _user] = authPeer(peer);
+                auto [_trusted, _userName] = authPeer(peer);
                trusted = _trusted;
-                user = _user;
+                userName = _userName;
            };
            printInfo(
                (std::string) "accepted connection from pid %1%, user %2%" + (trusted ? " (trusted)" : ""),
                peer.pid ? std::to_string(*peer.pid) : "<unknown>",
-                user);
+                userName.value_or("<unknown>"));
            //  Fork a child to handle the connection.
            ProcessOptions options;
@ -412,7 +417,7 @@ static void daemonLoop(std::optional<TrustedFlag> forceTrustClientOpt)
        } catch (Error & error) {
            auto ei = error.info();
            // FIXME: add to trace?
-            ei.msg = HintFmt("error processing connection: %1%", ei.msg.str());
+            ei.msg = HintFmt("while processing connection: %1%", ei.msg.str());
            logError(ei);
        }
    }