summary refs log tree commit diff
diff options
context:
space:
mode:
-rw-r--r--nix/libstore/globals.cc20
-rw-r--r--nix/libstore/globals.hh4
-rw-r--r--nix/nix-daemon/nix-daemon.cc3
3 files changed, 23 insertions, 4 deletions
diff --git a/nix/libstore/globals.cc b/nix/libstore/globals.cc
index 9da14dc51a..1cbe912625 100644
--- a/nix/libstore/globals.cc
+++ b/nix/libstore/globals.cc
@@ -57,8 +57,6 @@ Settings::Settings()
     lockCPU = getEnv("NIX_AFFINITY_HACK", "1") == "1";
     showTrace = false;
     enableImportNative = false;
-    trustedUsers = Strings({"root"});
-    allowedUsers = Strings({"*"});
 }
 
 
@@ -116,6 +114,22 @@ void Settings::set(const string & name, const string & value)
 }
 
 
+string Settings::get(const string & name, const string & def)
+{
+    auto i = settings.find(name);
+    if (i == settings.end()) return def;
+    return i->second;
+}
+
+
+Strings Settings::get(const string & name, const Strings & def)
+{
+    auto i = settings.find(name);
+    if (i == settings.end()) return def;
+    return tokenizeString<Strings>(i->second);
+}
+
+
 void Settings::update()
 {
     _get(tryFallback, "build-fallback");
@@ -147,8 +161,6 @@ void Settings::update()
     _get(logServers, "log-servers");
     _get(enableImportNative, "allow-unsafe-native-code-during-evaluation");
     _get(useCaseHack, "use-case-hack");
-    _get(trustedUsers, "trusted-users");
-    _get(allowedUsers, "allowed-users");
 
     string subs = getEnv("NIX_SUBSTITUTERS", "default");
     if (subs == "default") {
diff --git a/nix/libstore/globals.hh b/nix/libstore/globals.hh
index df113e2b63..743d2061ff 100644
--- a/nix/libstore/globals.hh
+++ b/nix/libstore/globals.hh
@@ -21,6 +21,10 @@ struct Settings {
 
     void set(const string & name, const string & value);
 
+    string get(const string & name, const string & def);
+
+    Strings get(const string & name, const Strings & def);
+
     void update();
 
     string pack();
diff --git a/nix/nix-daemon/nix-daemon.cc b/nix/nix-daemon/nix-daemon.cc
index dc41cae7f5..422c7f67b3 100644
--- a/nix/nix-daemon/nix-daemon.cc
+++ b/nix/nix-daemon/nix-daemon.cc
@@ -882,6 +882,9 @@ static void daemonLoop()
             struct group * gr = getgrgid(cred.gid);
             string group = gr ? gr->gr_name : int2String(cred.gid);
 
+            Strings trustedUsers = settings.get("trusted-users", Strings({"root"}));
+            Strings allowedUsers = settings.get("allowed-users", Strings({"*"}));
+
             if (matchUser(user, group, settings.trustedUsers))
                 trusted = true;