TakeV
/
guix
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

nix-daemon: Only print connection info if we have SO_PEERCRED

This commit is contained in:
Eelco Dolstra 2014-07-17 15:41:11 +02:00
parent 8f72e702a1
commit 77c972c898
1 changed files with 12 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

21
src/nix-daemon/nix-daemon.cc
View File

@ -854,22 +854,25 @@ static void daemonLoop()
closeOnExec(remote); closeOnExec(remote);
/* Get the identity of the caller, if possible. */
uid_t clientUid = -1;
pid_t clientPid = -1;
bool trusted = false; bool trusted = false;
pid_t clientPid = -1;
#if defined(SO_PEERCRED) #if defined(SO_PEERCRED)
/* Get the identity of the caller, if possible. */
uid_t clientUid = -1;
ucred cred; ucred cred;
socklen_t credLen = sizeof(cred); socklen_t credLen = sizeof(cred);
if (getsockopt(remote, SOL_SOCKET, SO_PEERCRED, &cred, &credLen) != -1) { if (getsockopt(remote, SOL_SOCKET, SO_PEERCRED, &cred, &credLen) == -1)
clientPid = cred.pid; throw SysError("getting peer credentials");
clientUid = cred.uid;
if (clientUid == 0) trusted = true; clientPid = cred.pid;
} clientUid = cred.uid;
#endif if (clientUid == 0) trusted = true;
printMsg(lvlInfo, format("accepted connection from pid %1%, uid %2%") % clientPid % clientUid); printMsg(lvlInfo, format("accepted connection from pid %1%, uid %2%") % clientPid % clientUid);
#endif
/* Fork a child to handle the connection. */ /* Fork a child to handle the connection. */
startProcess([&]() { startProcess([&]() {