bugfix/imuxsock: did not compile on platforms without SCM_CREDENTIALS

Note: we do rate-limiting by the pid and we obtain the pid via SCM_CREDENTIALS
socket options. So this patch effectively disables the (new) ratelimiting
capability. In a later patch, I'll see that I can provide a global ratelimiting
capability, which could always be used (an alternative may be using the tag, will
check this out as well).

2 files changed, 16 insertions, 3 deletions

diff --git a/configure.ac b/configure.ac
index 7254b99d..0dbe0f5d 100644
--- a/configure.ac
+++ b/configure.ac
@@ -110,6 +110,11 @@ AC_FUNC_STRERROR_R
 AC_FUNC_VPRINTF
 AC_CHECK_FUNCS([flock basename alarm clock_gettime gethostbyname gethostname gettimeofday localtime_r memset mkdir regcomp select setid socket strcasecmp strchr strdup strerror strndup strnlen strrchr strstr strtol strtoul uname ttyname_r getline malloc_trim prctl epoll_create epoll_create1 fdatasync])
 
+# the check below is probably ugly. If someone knows how to do it in a better way, please
+# let me know! -- rgerhards, 2010-10-06
+AC_CHECK_DECL([SCM_CREDENTIALS], [AC_DEFINE(HAVE_SCM_CREDENTIALS, [1], [set define])], [], [#include <sys/types.h>
+#include <sys/socket.h>])
+
 # Check for MAXHOSTNAMELEN
 AC_MSG_CHECKING(for MAXHOSTNAMELEN)
 AC_TRY_COMPILE([
diff --git a/plugins/imuxsock/imuxsock.c b/plugins/imuxsock/imuxsock.c
index 41bff4f9..5b548602 100644
--- a/plugins/imuxsock/imuxsock.c
+++ b/plugins/imuxsock/imuxsock.c
@@ -406,6 +406,7 @@ openLogSocket(lstn_t *pLstn)
 		CHKiRet(createLogSocket(pLstn));
 	}
 
+#	if HAVE_SCM_CREDENTIALS
 	if(pLstn->bUseCreds) {
 		one = 1;
 		if(setsockopt(pLstn->fd, SOL_SOCKET, SO_PASSCRED, &one, (socklen_t) sizeof(one)) != 0) {
@@ -417,6 +418,9 @@ openLogSocket(lstn_t *pLstn)
 			pLstn->bUseCreds = 0;
 		}
 	}
+#	else /* HAVE_SCM_CREDENTIALS */
+	pLstn->bUseCreds = 0;
+#	endif /* HAVE_SCM_CREDENTIALS */
 
 finalize_it:
 	if(iRet != RS_RET_OK) {
@@ -513,7 +517,7 @@ SubmitMsg(uchar *pRcv, int lenRcv, lstn_t *pLstn, struct ucred *cred)
 	rs_ratelimit_state_t *ratelimiter = NULL;
 	DEFiRet;
 
-// TODO: handle format errors??
+	/* TODO: handle format errors?? */
 	/* we need to parse the pri first, because we need the severity for
 	 * rate-limiting as well.
 	 */
@@ -530,8 +534,10 @@ SubmitMsg(uchar *pRcv, int lenRcv, lstn_t *pLstn, struct ucred *cred)
 	facil = LOG_FAC(pri);
 	sever = LOG_PRI(pri);
 
-	if(sever >= pLstn->ratelimitSev)
+	if(sever >= pLstn->ratelimitSev) {
+		/* note: if cred == NULL, then ratelimiter == NULL as well! */
 		findRatelimiter(pLstn, cred, &ratelimiter); /* ignore error, better so than others... */
+	}
 
 	datetime.getCurrTime(&st, &tt);
 	if(ratelimiter != NULL && !withinRatelimit(ratelimiter, tt, cred->pid)) {
@@ -637,6 +643,7 @@ static rsRetVal readSocket(lstn_t *pLstn)
 	dbgprintf("Message from UNIX socket: #%d\n", pLstn->fd);
 	if(iRcvd > 0) {
 		cred = NULL;
+#		if HAVE_SCM_CREDENTIALS
 		if(pLstn->bUseCreds) {
 			dbgprintf("XXX: pre CM loop, length of control message %d\n", (int) msgh.msg_controllen);
 			for (cm = CMSG_FIRSTHDR(&msgh); cm; cm = CMSG_NXTHDR(&msgh, cm)) {
@@ -644,11 +651,12 @@ static rsRetVal readSocket(lstn_t *pLstn)
 				if (cm->cmsg_level == SOL_SOCKET && cm->cmsg_type == SCM_CREDENTIALS) {
 					cred = (struct ucred*) CMSG_DATA(cm);
 					dbgprintf("XXX: got credentials pid %d\n", (int) cred->pid);
-					//break;
+					break;
 				}
 			}
 			dbgprintf("XXX: post CM loop\n");
 		}
+#		endif /* HAVE_SCM_CREDENTIALS */
 		CHKiRet(SubmitMsg(pRcv, iRcvd, pLstn, cred));
 	} else if(iRcvd < 0 && errno != EINTR) {
 		char errStr[1024];