From 5399df8075b16fdc8a8fe4249972c2786fe6fcab Mon Sep 17 00:00:00 2001
From: Jeremy Harris <jgh146exb@wizmail.org>
Date: Wed, 19 Feb 2020 17:00:23 +0000
Subject: [PATCH] Unix socket creds sockopt for BSD-ish platforms

---
 src/src/daemon.c | 24 ++++++++++++++++--------
 src/src/expand.c |  6 ++++--
 2 files changed, 20 insertions(+), 10 deletions(-)

diff --git a/src/src/daemon.c b/src/src/daemon.c
index 265ee2bb6..bb9b32f4e 100644
--- a/src/src/daemon.c
+++ b/src/src/daemon.c
@@ -1006,7 +1006,15 @@ if (bind(fd, (const struct sockaddr *)&sun, len) < 0)
   goto bad;
 
 where = US"SO_PASSCRED";
-if (setsockopt(fd, SOL_SOCKET, SO_PASSCRED, &on, sizeof(on)) < 0)
+if (setsockopt(fd, SOL_SOCKET,
+#ifdef SO_PASSCRED		/* Linux */
+	SO_PASSCRED,
+#elif defined(LOCAL_CREDS)	/* BSD-ish */
+	LOCAL_CREDS,
+#else
+# error no SO_PASSCRED
+#endif
+	&on, sizeof(on)) < 0)
   goto bad;
 
 /* debug_printf("%s: fd %d\n", __FUNCTION__, fd); */
@@ -1051,7 +1059,7 @@ DEBUG(D_queue_run) debug_printf("%s from addr%s '%s'\n", __FUNCTION__,
 /* Refuse to handle the item unless the peer has good credentials */
 #ifdef SCM_CREDENTIALS
 # define EXIM_SCM_CR_TYPE SCM_CREDENTIALS
-#elif defined(SCM_CREDS)
+#elif defined(LOCAL_CREDS) && defined(SCM_CREDS)
 # define EXIM_SCM_CR_TYPE SCM_CREDS
 #else
 # error no SCM creds knowlege
@@ -1062,19 +1070,19 @@ for (struct cmsghdr * cp = CMSG_FIRSTHDR(&msg);
      cp = CMSG_NXTHDR(&msg, cp))
   if (cp->cmsg_level == SOL_SOCKET && cp->cmsg_type == EXIM_SCM_CR_TYPE)
   {
-#ifdef SCM_CREDENTIALS
+#ifdef SCM_CREDENTIALS					/* Linux */
   struct ucred * cr = (struct ucred *) CMSG_DATA(cp);
   if (cr->uid && cr->uid != exim_uid)
     {
     DEBUG(D_queue_run) debug_printf("%s: sender creds pid %d uid %d gid %d\n",
       __FUNCTION__, (int)cr->pid, (int)cr->uid, (int)cr->gid);
     return FALSE;
-#elif defined(SCM_CREDS)
-  struct cmsgcred * cr = (struct cmsgcred *) CMSG_DATA(cp);
-  if (cr->cmcred_uid && cr->cmcred_uid != exim_uid)
+#elif defined(LOCAL_CREDS)				/* BSD-ish */
+  struct sockcred * cr = (struct sockcred *) CMSG_DATA(cp);
+  if (cr->sc_uid && cr->sc_uid != exim_uid)
     {
-    DEBUG(D_queue_run) debug_printf("%s: sender creds pid %d uid %d gid %d\n",
-      __FUNCTION__, (int)cr->cmcred_pid, (int)cr->cmcred_uid, (int)cr->cmcred_gid);
+    DEBUG(D_queue_run) debug_printf("%s: sender creds pid ??? uid %d gid %d\n",
+      __FUNCTION__, (int)cr->sc_uid, (int)cr->sc_gid);
     return FALSE;
 #endif
     }
diff --git a/src/src/expand.c b/src/src/expand.c
index cd4522afb..427effedf 100644
--- a/src/src/expand.c
+++ b/src/src/expand.c
@@ -1773,7 +1773,8 @@ len = offsetof(struct sockaddr_un, sun_path)
       spool_directory, getpid());
 #endif
 
-if (bind(fd, &sun, len) < 0) { where = US"bind"; goto bad; }
+if (bind(fd, (const struct sockaddr *)&sun, len) < 0)
+  { where = US"bind"; goto bad; }
 
 #ifdef notdef
 debug_printf("local%s '%s'\n", *sun.sun_path ? "" : " abstract",
@@ -1784,7 +1785,8 @@ sun.sun_path[0] = 0;	/* Abstract local socket addr - Linux-specific? */
 len = offsetof(struct sockaddr_un, sun_path) + 1
   + snprintf(sun.sun_path+1, sizeof(sun.sun_path)-1, "%s", NOTIFIER_SOCKET_NAME);
 
-if (connect(fd, &sun, len) < 0) { where = US"connect"; goto bad; }
+if (connect(fd, (const struct sockaddr *)&sun, len) < 0)
+  { where = US"connect"; goto bad; }
 
 buf[0] = NOTIFY_QUEUE_SIZE_REQ;
 if (send(fd, buf, 1, 0) < 0) { where = US"send"; goto bad; }
-- 
2.30.2