summary refs log tree commit diff
path: root/nix/nix-daemon/nix-daemon.cc
diff options
context:
space:
mode:
Diffstat (limited to 'nix/nix-daemon/nix-daemon.cc')
-rw-r--r--nix/nix-daemon/nix-daemon.cc19
1 files changed, 16 insertions, 3 deletions
diff --git a/nix/nix-daemon/nix-daemon.cc b/nix/nix-daemon/nix-daemon.cc
index 9b29b3e91d..47b67d5863 100644
--- a/nix/nix-daemon/nix-daemon.cc
+++ b/nix/nix-daemon/nix-daemon.cc
@@ -203,11 +203,11 @@ static void stopWork(bool success = true, const string & msg = "", unsigned int
 }
 
 
-struct TunnelSink : Sink
+struct TunnelSink : BufferedSink
 {
     Sink & to;
-    TunnelSink(Sink & to) : to(to) { }
-    virtual void operator () (const unsigned char * data, size_t len)
+    TunnelSink(Sink & to) : BufferedSink(64 * 1024), to(to) { }
+    virtual void write(const unsigned char * data, size_t len)
     {
         writeInt(STDERR_WRITE, to);
         writeString(data, len, to);
@@ -433,6 +433,7 @@ static void performOp(bool trusted, unsigned int clientVersion,
         startWork();
         TunnelSink sink(to);
         store->exportPath(path, sign, sink);
+        sink.flush();
         stopWork();
         writeInt(1, to);
         break;
@@ -959,6 +960,18 @@ static void daemonLoop()
                     strncpy(argvSaved[1], processName.c_str(), strlen(argvSaved[1]));
                 }
 
+#if defined(SO_PEERCRED)
+                /* Store the client's user and group for this connection. This
+                   has to be done in the forked process since it is per
+                   connection. */
+                settings.clientUid = cred.uid;
+                settings.clientGid = cred.gid;
+#else
+                /* Setting these to -1 means: do not change */
+                settings.clientUid = (uid_t) -1;
+                settings.clientGid = (gid_t) -1;
+#endif
+
                 /* Handle the connection. */
                 from.fd = remote;
                 to.fd = remote;
generated by cgit-pink 1.4.1 (git 2.36.1) at 2025-04-04 10:08:36 +0000