Add support for getsockopt(SO_PEERCRED) on OpenBSD 5.2.

OpenBSD requires different headers to be included, including a bug which
makes it essential to include sys/param.h before sys/ucred.h, and gives the
fields of struct ucred different names than Linux does.

This fixes compilation on OpenBSD and allows the user connecting to a UNIX
socket to be checked, increasing security of the command socket on this
platform.

2 files changed, 32 insertions, 0 deletions

diff --git a/infrastructure/m4/boxbackup_tests.m4 b/infrastructure/m4/boxbackup_tests.m4
index 8bc13883..ccb46646 100644
--- a/infrastructure/m4/boxbackup_tests.m4
+++ b/infrastructure/m4/boxbackup_tests.m4
@@ -138,6 +138,11 @@ AC_CHECK_HEADERS([syslog.h time.h cxxabi.h])
 AC_CHECK_HEADERS([netinet/in.h netinet/tcp.h])
 AC_CHECK_HEADERS([sys/file.h sys/param.h sys/poll.h sys/socket.h sys/time.h])
 AC_CHECK_HEADERS([sys/types.h sys/uio.h sys/un.h sys/wait.h sys/xattr.h])
+AC_CHECK_HEADERS([sys/ucred.h],,, [
+	#ifdef HAVE_SYS_PARAM_H
+	#	include <sys/param.h>
+	#endif
+	])
 AC_CHECK_HEADERS([bsd/unistd.h])
 AC_CHECK_HEADERS([sys/socket.h], [have_sys_socket_h=yes])
 AC_CHECK_HEADERS([winsock2.h], [have_winsock2_h=yes])
@@ -217,6 +222,20 @@ fi
 # Solaris provides getpeerucred() instead of getpeereid() or SO_PEERCRED
 AC_CHECK_HEADERS([ucred.h])
 AC_CHECK_FUNCS([getpeerucred])
+AC_CHECK_MEMBERS([struct ucred.uid, struct ucred.cr_uid],,,
+	[[
+		#ifdef HAVE_UCRED_H
+		#	include <ucred.h>
+		#endif
+
+		#ifdef HAVE_SYS_PARAM_H
+		#	include <sys/param.h>
+		#endif
+
+		#ifdef HAVE_SYS_UCRED_H
+		#	include <sys/ucred.h>
+		#endif
+	]])
 
 AC_CHECK_DECLS([optreset],,, [[#include <getopt.h>]])
 AC_CHECK_DECLS([dirfd],,,
diff --git a/lib/server/SocketStream.cpp b/lib/server/SocketStream.cpp
index ab0a54ae..22ca1551 100644
--- a/lib/server/SocketStream.cpp
+++ b/lib/server/SocketStream.cpp
@@ -29,6 +29,14 @@
 	#include <bsd/unistd.h>
 #endif
 
+#ifdef HAVE_SYS_PARAM_H
+	#include <sys/param.h>
+#endif
+
+#ifdef HAVE_SYS_UCRED_H
+	#include <sys/ucred.h>
+#endif
+
 #include "autogen_ConnectionException.h"
 #include "autogen_ServerException.h"
 #include "SocketStream.h"
@@ -511,8 +519,13 @@ bool SocketStream::GetPeerCredentials(uid_t &rUidOut, gid_t &rGidOut)
 	if(::getsockopt(mSocketHandle, SOL_SOCKET, SO_PEERCRED, &cred,
 		&credLen) == 0)
 	{
+#ifdef HAVE_STRUCT_CRED_UID
 		rUidOut = cred.uid;
 		rGidOut = cred.gid;
+#else // HAVE_STRUCT_CRED_CR_UID
+		rUidOut = cred.cr_uid;
+		rGidOut = cred.cr_gid;
+#endif
 		return true;
 	}