Changeset 279 for trunk/src

Timestamp:

Apr 30, 2010, 11:55:18 PM (15 years ago)

Author:

katerina

Message:

Fix for tickets #200 to #206 (kernel check, login checks, bugfixes).

Location:

trunk/src

Files:

• dnmalloc.c (modified) (2 diffs)
• kern_head.c (modified) (25 diffs)
• samhain_kmem.c (added)
• sh_cat.c (modified) (2 diffs)
• sh_err_log.c (modified) (1 diff)
• sh_err_syslog.c (modified) (2 diffs)
• sh_hash.c (modified) (1 diff)
• sh_kern.c (modified) (11 diffs)
• sh_login_track.c (added)
• sh_port2proc.c (modified) (1 diff)
• sh_readconf.c (modified) (2 diffs)
• sh_unix.c (modified) (6 diffs)
• sh_utmp.c (modified) (7 diffs)
• slib.c (modified) (3 diffs)

trunk/src/dnmalloc.c

@@ -309 +309 @@
   char * i3 = "): ";
   char * i5 = "\n";
+  int   res = 0;
 
   iov[0].iov_base = i1;               iov[0].iov_len = strlen(i1); 
@@ -314 +315 @@
   iov[2].iov_base = i3;               iov[2].iov_len = strlen(i3); 
   iov[3].iov_base = (char*) error;    iov[3].iov_len = strlen(error); 
-  iov[4].iov_base = i5;               iov[4].iov_len = strlen(i5); 
-  writev(STDERR_FILENO, iov, 5);
+  iov[4].iov_base = i5;               iov[4].iov_len = strlen(i5);
+  do {
+    res = writev(STDERR_FILENO, iov, 5);
+  } while (res < 0 && errno == EINTR);  
 #else
   fputs("assertion failed (", stderr);

trunk/src/kern_head.c

@@ -7 +7 @@
 #include "config.h"
 
-#ifdef HOST_IS_I86LINUX
+#if defined(HOST_IS_I86LINUX) || defined(HOST_IS_64LINUX)
 #define SH_IDT_TABLE
 #endif
@@ -73 +73 @@
 static unsigned char system_call_code[SYS_CODE_SIZE];
 
+#define KERNEL_VERSION(a,b,c) (((a) << 16) + ((b) << 8) + (c))
+
 static int kmem_read (int fd, unsigned long addr, unsigned char * buf, int len)
 {
@@ -105 +107 @@
 
   if (verbose)
-    fprintf(stderr, 
-            "kmem_mmap: read() from /dev/kmem failed, now trying mmap()\n");
+    fprintf(stderr, "kmem_mmap: read() failed, now trying mmap()\n");
 
   sz = getpagesize(); /* unistd.h */
@@ -141 +142 @@
 
   fd = open ("/dev/kmem", O_RDONLY);
+
   if (fd < 0)
     {
-      perror("read_kcode: open /dev/kmem");
-      return -1;
-    }
+      if (0 != access("/proc/kmem", R_OK)) 
+        {
+          perror("read_kcode: access /proc/kmem");
+
+          fprintf(stderr, "\n");
+      
+          fprintf(stderr, "NOTE:  kern_head: apparently you have no /dev/kmem, and the samhain_kmem module is not loaded\n");
+          fprintf(stderr, "       If you get this message, then proceed as follows:\n");
+          fprintf(stderr, "       $ make samhain_kmem.ko\n");
+          fprintf(stderr, "       $ sudo insmod samhain_kmem.ko; sudo ./kern_head > sh_ks.h; sudo rmmod samhain_kmem\n");
+          fprintf(stderr, "       $ make\n\n");
+          exit (EXIT_FAILURE);
+        }
+      fd = open ("/proc/kmem", O_RDONLY);
+    }
+
+  if (fd < 0)
+    {
+      perror("read_kcode: open /dev/kmem and /proc/kmem");
+      return -1;
+    }
+
   if (kmem_mmap(fd, addr, buf, len) < 0)
     {
@@ -151 +172 @@
       return -1;
     }
+
   close (fd);
+
   return 0;
 }
@@ -203 +226 @@
 {
   FILE * fp;
-  char buf[512], addr[16], * p;
+  char buf[512], addr[32], * p;
   unsigned long retval = 0;
+#if defined(__x86_64__) || defined(__amd64__)
+  int off = 8;
+#else
+  int off = 0;
+#endif
 
   fp = fopen (systemmap, "r");
@@ -216 +244 @@
   while (fgets(buf, 512, fp) != NULL)
     {
-      if (buf[9] != flag)
+      if (buf[9+off] != flag)
         continue;
 
@@ -223 +251 @@
         *p = '\0';
 
-      if (0 != strcmp(&buf[11], symbol))
+      if (0 != strcmp(&buf[11+off], symbol))
         continue;
 
       addr[0] = '0'; addr[1] = 'x'; addr[2] = '\0';
-      strncat(&addr[2], buf, 8);
+      strncat(&addr[2], buf, 8+off);
 
       retval = strtoul(addr, NULL, 0);
@@ -247 +275 @@
 {
   FILE * fp;
-  char buf[512], addr[16], name[128];
+  char buf[512], addr[32], name[128];
   int  i, j, count = 0, maxcall = 0;
+#if defined(__x86_64__) || defined(__amd64__)
+  int off = 8;
+#else
+  int off = 0;
+#endif
 
   fp = fopen (SYSTEMMAP, "r");
@@ -266 +299 @@
     {
       
-      if ( ( (buf[9] == 'D') || (buf[9] == 'd') || 
-             (buf[9] == 'R') || (buf[9] == 'r')) && 
-           0 == strncmp("sys_call_table", &buf[11], 14))
+      if ( ( (buf[9+off] == 'D') || (buf[9+off] == 'd') || 
+             (buf[9+off] == 'R') || (buf[9+off] == 'r')) && 
+           0 == strncmp("sys_call_table", &buf[11+off], 14))
         {
           printf("/* found sys_call_table */\n");
@@ -274 +307 @@
            */
           addr[0] = '0'; addr[1] = 'x'; addr[2] = '\0';
-          strncat(&addr[2], buf, 8);
-          addr[10] = '\0';
+          strncat(&addr[2], buf, 8+off);
+          addr[10+off] = '\0';
+
           sh_sys_call.addr_sys_call_table = strtoul(addr, NULL, 0);
           if (sh_sys_call.addr_sys_call_table == ULONG_MAX)
@@ -288 +322 @@
         }
 
-      if (buf[9] != 'T')
+      if (buf[9+off] != 'T')
         continue;
 
-      if (0 == strncmp("system_call", &buf[11], 11))
+      if (0 == strncmp("system_call", &buf[11+off], 11))
         {
           printf("/* found system_call */\n");
@@ -297 +331 @@
            */
           addr[0] = '0'; addr[1] = 'x'; addr[2] = '\0';
-          strncat(&addr[2], buf, 8);
-          addr[10] = '\0';
+          strncat(&addr[2], buf, 8+off);
+          addr[10+off] = '\0';
           addr_system_call = strtoul(addr, NULL, 0);
           if (addr_system_call == ULONG_MAX)
@@ -308 +342 @@
 
 
-      if ( (buf[11]!='s' || buf[12]!='y' || buf[13]!='s' || buf[14]!='_') &&
-           (buf[11]!='o' || buf[12]!='l' || buf[13]!='d' || buf[14]!='_'))
+      if ( (buf[11+off]!='s' || buf[12+off]!='y' || 
+            buf[13+off]!='s' || buf[14+off]!='_') &&
+           (buf[11+off]!='o' || buf[12+off]!='l' || 
+            buf[13+off]!='d' || buf[14+off]!='_'))
         continue;
 
       for (i = 0; i < num; ++i)
         {
-          for (j = 0; j < 128; ++j)
+          for (j = 0; j < 127; ++j)
             {
-              if (buf[11+j] == '\n' || buf[11+j] == '\0')
+              if (buf[11+off+j] == '\n' || buf[11+off+j] == '\0')
                 {
                   name[j] = '\0';
                   break;
                 }
-              name[j] = buf[11+j];
+              name[j] = buf[11+off+j];
             }
 
@@ -331 +367 @@
                */
               addr[0] = '0'; addr[1] = 'x'; addr[2] = '\0';
-              strncat(&addr[2], buf, 8);
-              addr[10] = '\0';
+              strncat(&addr[2], buf, 8+off);
+              addr[10+off] = '\0';
               sh_smap[i].addr = strtoul(addr, NULL, 0);
               if (sh_smap[i].addr == ULONG_MAX)
@@ -347 +383 @@
     }
   fclose(fp);
+
   if ((count > 0) && (maxcall > 0))
     return maxcall+1;
@@ -357 +394 @@
 {
   int i, count, maxcall, qq;
-  int which = 4;
-  int two_six_seventeen_plus = 0;
   smap_entry sh_smap[SH_MAXCALLS];
   struct utsname utbuf;
@@ -368 +403 @@
 
   unsigned long addr_ni_syscall = 0;
+
+  int major, minor, micro, is64 = 0;
 
   if (argc > 1)
@@ -396 +433 @@
     }
 
-  if      (strncmp(p, "2.2", 3) == 0)
-    which = 2;
-  else if (strncmp(p, "2.4", 3) == 0)
-    which = 4;
-  else if (strncmp(p, "2.6", 3) == 0)
-    {
-      which = 6;
-      if (17 >= atoi (&p[4]))
-        {
-          two_six_seventeen_plus = 1;
-        }
-    }
-  else
+  if (3 != sscanf(p, "%d.%d.%d", &major, &minor, &micro))
+    {
+      perror("kern_head: sscanf");
+      exit (EXIT_FAILURE);
+    }
+
+  if (minor != 4 && minor != 6)
     {
       fprintf(stderr, "kern_head: kernel %s not supported\n", p);
@@ -418 +449 @@
       utbuf.machine[3] != '6')
     {
-      fprintf(stderr, "kern_head: machine %s not supported\n", utbuf.machine);
-      exit (EXIT_FAILURE);
+      if (0 != strcmp(utbuf.machine, "x86_64"))
+        {
+          fprintf(stderr, "kern_head: machine %s not supported\n", utbuf.machine);
+          exit (EXIT_FAILURE);
+        }
+      else
+        {
+          is64 = 1;
+        }
     }
 
@@ -428 +466 @@
       fprintf(stderr, "NOTE:  kern_head: must run as 'root' (need to read from /dev/kmem)\n");
       fprintf(stderr, "       If you get this message, then proceed as follows:\n");
-      fprintf(stderr, "       $ su\n");
-      fprintf(stderr, "       $ ./kern_head > sh_ks.h\n");
-      fprintf(stderr, "       $ exit\n");
+      fprintf(stderr, "       $ sudo ./kern_head > sh_ks.h\n");
       fprintf(stderr, "       $ make\n\n");
       exit (EXIT_FAILURE);
@@ -438 +474 @@
   printf("#define SH_KERN_CALLS_H\n\n");
 
-  printf("\n/* Kernel %s, machine %s -- use table %s */\n\n", 
+  printf("\n/* Kernel %s, machine %s, %d bit -- use table callz_2p4 */\n\n", 
          p, utbuf.machine,
-         (which == 2) ? "callz_2p2" : "callz_2p4");
-      
+         (is64 == 0) ? 32 : 64,
+         (is64 == 0) ? "syscalls_32" : "syscalls_64");
 
   /* initiate the system call table 
    */
-  for (i = 0; i < SH_MAXCALLS; ++i)
-    {
-      if (which == 2)
-        {
-          if (callz_2p2[i] == NULL)
+  if (is64 == 0)
+    {
+      for (i = 0; i < SH_MAXCALLS; ++i)
+        {
+          if (syscalls_32[i] == NULL)
             break;
-          strcpy(sh_smap[i].name, callz_2p2[i]);
-        }
-      else
-        {
-          if (callz_2p4[i] == NULL)
+          strcpy(sh_smap[i].name, syscalls_32[i]);
+          sh_smap[i].addr    = 0UL;
+        }
+      if (minor == 6) /* fix syscall map for 2.6 */
+        {
+          strcpy(sh_smap[0].name,   "sys_restart_syscall");
+          strcpy(sh_smap[180].name, "sys_pread64");
+          strcpy(sh_smap[181].name, "sys_pwrite64");
+        }
+    }
+  else /* x86_64 */
+    {
+      for (i = 0; i < SH_MAXCALLS; ++i)
+        {
+          if (syscalls_64[i] == NULL)
             break;
-          strcpy(sh_smap[i].name, callz_2p4[i]);
-        }
-      sh_smap[i].addr    = 0UL;
-    }
-
-  if (which == 6) /* fix syscall map for 2.6 */
-    {
-      strcpy(sh_smap[0].name,   "sys_restart_syscall");
-      strcpy(sh_smap[180].name, "sys_pread64");
-      strcpy(sh_smap[181].name, "sys_pwrite64");
-    }
+          strcpy(sh_smap[i].name, syscalls_64[i]);
+          sh_smap[i].addr    = 0UL;
+        }
+    }
+
   count = i;
 
-  /* get the actual number of the highest syscalls and use no more.
+  /* get the actual number of the highest syscall and use no more.
    * get sys_call_table and system_call
    */
@@ -480 +520 @@
       exit (EXIT_FAILURE);
     }
+
   if (addr_system_call == 0L) 
     {
@@ -502 +543 @@
         }
     }
-  if (which < 6)
+
+  if (minor < 6)
     {
       maxcall = (maxcall > 256) ? 256 : maxcall;
@@ -622 +664 @@
   }
 
-  if (two_six_seventeen_plus == 1) {
-    printf("#define TWO_SIX_SEVENTEEN_PLUS 1\n\n");
-  }
+  if (KERNEL_VERSION(major,minor,micro) >= KERNEL_VERSION(2,6,17)) 
+    {
+      printf("#define TWO_SIX_SEVENTEEN_PLUS 1\n\n");
+    }
 
   printf("#endif\n");

trunk/src/sh_cat.c

@@ -121 +121 @@
   { MSG_UT_LG3C,     SH_ERR_INFO,    EVENT, N_("msg=\"Logout\" tty=\"%s\" time=\"%s\" status=\"%d\"")},
   { MSG_UT_ROT,      SH_ERR_WARN,    RUN,   N_("msg=\"Logfile size decreased\" path=\"%s\"")},
+
+  { MSG_UT_BAD,      SH_ERR_SEVERE,  EVENT, N_("msg=\"Login at disallowed time\" userid=\"%s\" host=\"%s\" time=\"%s\"")},
+  { MSG_UT_FIRST,    SH_ERR_SEVERE,  EVENT, N_("msg=\"First login from this host\" userid=\"%s\" host=\"%s\" time=\"%s\"")},
+  { MSG_UT_OUTLIER,  SH_ERR_SEVERE,  EVENT, N_("msg=\"Login time outlier\" userid=\"%s\" host=\"%s\" time=\"%s\"")},
 
 #endif
@@ -454 +458 @@
   { MSG_UT_ROT,      SH_ERR_WARN,    RUN,   N_("msg=<Logfile size decreased>, path=<%s>")},
 
+  { MSG_UT_BAD,      SH_ERR_SEVERE,  EVENT, N_("msg=<Login at disallowed time> userid=<%s> host=<%s> time=<%s>")},
+  { MSG_UT_FIRST,    SH_ERR_SEVERE,  EVENT, N_("msg=<First login from this host> userid=<%s> host=<%s> time=<%s>")},
+  { MSG_UT_OUTLIER,  SH_ERR_SEVERE,  EVENT, N_("msg=<Login time outlier> userid=<%s> host=<%s> time=<%s>")},
 #endif
 

trunk/src/sh_err_log.c

@@ -377 +377 @@
               key[0] = '\0';
               
-              while (sl_strlen(key) < KEY_LEN ) 
+              while (strlen(key) < KEY_LEN ) 
                 { 
                   if (key[0] != '\n' && key[0] != '\0')

trunk/src/sh_err_syslog.c

@@ -131 +131 @@
 }
   
-  
+static int sh_stamp_priority = LOG_ERR;
+
+/* set priority for heartbeat messages
+ */
+int  sh_log_set_stamp_priority (const char * c)
+{
+  int retval = 0;
+
+  if      (0 == strcmp(c, _("LOG_DEBUG")))   { sh_stamp_priority = LOG_DEBUG; }
+  else if (0 == strcmp(c, _("LOG_INFO")))    { sh_stamp_priority = LOG_INFO;  }
+  else if (0 == strcmp(c, _("LOG_NOTICE")))  { sh_stamp_priority = LOG_NOTICE;}
+  else if (0 == strcmp(c, _("LOG_WARNING"))) { sh_stamp_priority = LOG_WARNING;}
+  else if (0 == strcmp(c, _("LOG_ERR")))     { sh_stamp_priority = LOG_ERR;   }
+  else if (0 == strcmp(c, _("LOG_CRIT")))    { sh_stamp_priority = LOG_CRIT;  }
+  else if (0 == strcmp(c, _("LOG_ALERT")))   { sh_stamp_priority = LOG_ALERT; }
+#ifdef LOG_EMERG
+  else if (0 == strcmp(c, _("LOG_EMERG")))   { sh_stamp_priority = LOG_EMERG; }
+#endif
+  else { retval = -1; }
+
+  return retval;
+}  
 
 /* syslog error message
@@ -154 +175 @@
   else if (severity == SH_ERR_NOTICE) priority = LOG_NOTICE;
   else if (severity == SH_ERR_WARN)   priority = LOG_WARNING;
-  else if (severity == SH_ERR_STAMP)  priority = LOG_ERR;
+  else if (severity == SH_ERR_STAMP)  priority = sh_stamp_priority;
   else if (severity == SH_ERR_ERR)    priority = LOG_ERR;
   else if (severity == SH_ERR_SEVERE) priority = LOG_CRIT;

trunk/src/sh_hash.c

@@ -1805 +1805 @@
                   sl_write (pushdata_fd, _(" Date "), 6);
                   (void) sh_unix_time(0, timestring, sizeof(timestring));
-                  sl_write (pushdata_fd, timestring, sl_strlen(timestring));
+                  sl_write (pushdata_fd, timestring, strlen(timestring));
                   sl_write (pushdata_fd,        "\n", 1);
                 } else {

trunk/src/sh_kern.c

@@ -137 +137 @@
  */
 #ifdef SH_SYS_CALL_TABLE
-static unsigned int  kaddr = SH_SYS_CALL_TABLE;
+static unsigned long  kaddr = SH_SYS_CALL_TABLE;
 #else
-static unsigned int  kaddr = 0;
+static unsigned long  kaddr = 0;
 #endif
 
@@ -268 +268 @@
 #ifdef HOST_IS_LINUX
 
+#ifndef KERNEL_VERSION
+#define KERNEL_VERSION(a,b,c) (((a) << 16) + ((b) << 8) + (c))
+#endif
+
 /*
  * Interrupt Descriptor Table
@@ -281 +285 @@
 static char * sh_strseg(unsigned short segment)
 {
+  static int flip = 0;
+  static char one[32];
+  static char two[32];
+
   switch (segment) {
 #ifdef __KERNEL_CS
@@ -299 +307 @@
 #endif
   default:
-    return _("unknown");
+    if (flip == 0)
+      {
+        snprintf(one, sizeof(one), "%hX", segment);
+        flip = 1;
+        return one;
+      }
+    else
+      {
+        snprintf(two, sizeof(two), "%hX", segment);
+        flip = 0;
+        return two;
+      }
   }
 }
@@ -550 +569 @@
   unsigned int  kmem_code_table[SH_KERN_SIZ][2];
 
-  unsigned char  buf[6];
-  unsigned short idt_size;
-  unsigned long  idt_addr;
-
   unsigned char new_system_call_code[SH_KERN_SCC];
 
@@ -620 +635 @@
        * and read the content into the global array sh_idt_table[]
        */
-      __asm__ volatile ("sidt %0": "=m" (buf));
-      idt_size = *((unsigned short *) &buf[0]);
-      idt_addr = *((unsigned long *)  &buf[2]);
-      idt_size = (idt_size + 1)/8;
+      struct {
+        char pad[6];
+        unsigned short size;
+        unsigned long  addr;
+      } idt;
+
+      __asm__ volatile ("sidt %0": "=m" (idt.size));
+
+      idt.size = (idt.size + 1)/8;
       
-      if (idt_size > SH_MAXIDT)
-        idt_size = SH_MAXIDT;
+      if (idt.size > SH_MAXIDT)
+        idt.size = SH_MAXIDT;
       
       memset(sh_idt_table, '\0', SH_MAXIDT*8);
-      if (sh_kern_read_data (kd, idt_addr, 
-                             (unsigned char *) sh_idt_table, idt_size*8))
+      if (sh_kern_read_data (kd, idt.addr, 
+                             (unsigned char *) sh_idt_table, idt.size*8))
         status = -5;
     }
@@ -660 +680 @@
     }
 /* 2.6.21 (((2) << 16) + ((6) << 8) + (21)) */
-#if SH_KERNEL_NUMBER < 132629
+#if SH_KERNEL_NUMBER < KERNEL_VERSION(2,6,21)
   if(status == 0)
     {
@@ -669 +689 @@
     }
 #else
-  memset(&proc_root_inode, '\0', sizeof(proc_root_inode));
+    memset(&proc_root_inode, '\0', sizeof(proc_root_inode));
 #endif
   
@@ -1062 +1082 @@
 static void check_proc_root (struct sh_kernel_info * kinfo)
 {
-  struct proc_dir_entry   proc_root_dir;
+  struct proc_dir_entry     proc_root_dir;
+  struct inode_operations * proc_root_inode_op = NULL;
 
 /* 2.6.21 (((2) << 16) + ((6) << 8) + (21)) */
-#if SH_KERNEL_NUMBER < 132629
+#if SH_KERNEL_NUMBER < KERNEL_VERSION(2,6,21)
   struct inode_operations proc_root_inode;
 
@@ -1080 +1101 @@
 
   memcpy (&proc_root_dir,   &(kinfo->proc_root_dir),   sizeof(struct proc_dir_entry));
-  if (    (((unsigned int) * &proc_root_dir.proc_iops) != proc_root_iops)
-            && (proc_root_dir.size != proc_root_iops)
-            && (((unsigned int) * &proc_root_dir.proc_fops) != proc_root_iops)
-            )
+
+  if (((unsigned long) * &proc_root_dir.proc_iops) == proc_root_iops)
+    {
+      proc_root_inode_op = (struct inode_operations *) &(proc_root_dir.proc_iops);
+    }
+  else if (proc_root_dir.size == proc_root_iops)
+    {
+      proc_root_inode_op = (struct inode_operations *) &(proc_root_dir.size);
+    }
+  else if ((unsigned long) * &proc_root_dir.proc_fops == proc_root_iops)
+    {
+      proc_root_inode_op = (struct inode_operations *) &(proc_root_dir.proc_fops);
+    }
+
+  if (!proc_root_inode_op)
     {
       sh_error_handle ((-1), FIL__, __LINE__, 0, MSG_KERN_PROC,
@@ -1365 +1397 @@
   if (kd < 0)
     {
+      kd = aud_open(FIL__, __LINE__, SL_YESPRIV, _("/proc/kmem"), O_RDONLY, 0);
+    }
+
+  if (kd < 0)
+    {
       status = errno;
       sh_error_handle ((-1), FIL__, __LINE__, status, MSG_E_SUBGEN,

trunk/src/sh_port2proc.c

@@ -322 +322 @@
 /* returns the command and fills the 'user' array 
  */
-static char * port2proc_query(char * file, int proto, struct in_addr * saddr, int sport, 
+static char * port2proc_query(char * file, int proto, 
+                              struct in_addr * saddr, int sport, 
                               unsigned long * pid, char * user, size_t userlen)
 {

trunk/src/sh_readconf.c

@@ -255 +255 @@
                   sh.host.release, sh.host.machine);
       
-      if  (sl_strncmp (p,  myident, sl_strlen(myident)) == 0
+      if  (sl_strncmp (p,  myident, strlen(myident)) == 0
 #ifdef HAVE_REGEX_H
            || sh_util_regcmp (p, myident) == 0
@@ -1202 +1202 @@
     sh_log_set_facility },
 
+  { N_("syslogmapstampto"),    SH_SECTION_LOG,   SH_SECTION_MISC, 
+    sh_log_set_stamp_priority },
+
   { N_("mactype"),     SH_SECTION_MISC,  SH_SECTION_NONE, 
     sh_util_sigtype },

trunk/src/sh_unix.c

@@ -670 +670 @@
     sig_force_check = 1;
 #endif
+#ifdef SIGTTIN
+  if (mysignal == SIGTTIN)
+    sig_fresh_trail = 1;
+#endif
 #ifdef SIGABRT
   if (mysignal == SIGABRT)
@@ -837 +841 @@
   retry_sigaction(FIL__, __LINE__, SIGTSTP,   &ignact, &oldact);
 #endif
-#ifdef SIGTTIN
-  retry_sigaction(FIL__, __LINE__, SIGTTIN,   &ignact, &oldact);
-#endif
+
 #if defined (SH_WITH_CLIENT) || defined (SH_STANDALONE)
 #ifdef SIGTTOU
@@ -847 +849 @@
     retry_sigaction(FIL__, __LINE__, SIGTTOU,   &ignact, &oldact);
 #endif
+#ifdef SIGTTIN
+  if (goDaemon == 1)
+    retry_sigaction(FIL__, __LINE__, SIGTTIN,     &act2, &oldact);
+  else
+    retry_sigaction(FIL__, __LINE__, SIGTTIN,   &ignact, &oldact);
+#endif
 #else
 #ifdef SIGTTOU
   retry_sigaction(FIL__, __LINE__, SIGTTOU,   &ignact, &oldact);
+#endif
+#ifdef SIGTTIN
+  retry_sigaction(FIL__, __LINE__, SIGTTIN,   &ignact, &oldact);
 #endif
 #endif
@@ -3128 +3139 @@
   SL_RETURN(0, _("sh_unix_getinfo_attr"));
 }
-#else
-static 
-int sh_unix_getinfo_attr (char * name, 
-                          unsigned long * flags, 
-                          char * c_attr,
-                          int fd, struct stat * buf)
-{
-  return 0;
-}
 
 /* defined(__linux__) || defined(HAVE_STAT_FLAGS) */
@@ -3905 +3907 @@
   theFile->attributes      =    0;
 
+#if (defined(__linux__) && (defined(HAVE_LINUX_EXT2_FS_H) || defined(HAVE_EXT2FS_EXT2_FS_H))) || defined(HAVE_STAT_FLAGS)
   if (theFile->c_mode[0] != 'c' && theFile->c_mode[0] != 'b' &&
       theFile->c_mode[0] != 'l' )
@@ -3910 +3913 @@
                          &theFile->attributes, theFile->c_attributes, 
                          fd, &buf);
+#endif
 #endif
 

trunk/src/sh_utmp.c

@@ -225 +225 @@
   },
   {
+    N_("logincheckfirst"),
+    sh_login_set_checklevel
+  },
+  {
+    N_("logincheckoutlier"),
+    sh_login_set_siglevel
+  },
+  {
+    N_("logincheckdate"),
+    sh_login_set_def_allow
+  },
+  {
+    N_("logincheckuserdate"),
+    sh_login_set_user_allow
+  },
+  {
     NULL,
     NULL
@@ -237 +253 @@
   ShUtmpActive       = S_TRUE;
   ShUtmpInterval     = 300;
+
+  sh_login_reset();
   return;
 }
@@ -498 +516 @@
 int sh_utmp_init (struct mod_type * arg)
 {
+#if !defined(HAVE_PTHREAD)
+  (void) arg;
+#endif
   if (ShUtmpActive == BAD)
     return SH_MOD_FAILED;
@@ -548 +569 @@
   init_done          = 0;
 
+#if defined(HAVE_PTHREAD)
   sh_inotify_remove(&inotify_watch);
+#endif
 
   SL_RETURN( (0), _("sh_utmp_end"));
@@ -557 +580 @@
 {
   set_defaults();
+#if defined(HAVE_PTHREAD)
   sh_inotify_remove(&inotify_watch);
+#endif
   return 0;
 }
@@ -1206 +1231 @@
 }
 
+extern void sh_ltrack_check(struct SH_UTMP_S * ut);
 
 static void sh_utmp_login_morechecks(struct SH_UTMP_S * ut)
 {
-  if (ut)
-    return;
+  sh_ltrack_check(ut);
   return;
 }
@@ -1216 +1241 @@
 static void sh_utmp_logout_morechecks(struct log_user * user)
 {
-  if (user)
-    return;
+  (void) user;
   return;
 }

trunk/src/slib.c

@@ -16 +16 @@
 #endif
 
+#include <sys/types.h>
+#include <sys/stat.h>
 #include <unistd.h>
-#include <sys/stat.h>
-#include <sys/types.h>
 #include <fcntl.h>
 #include <signal.h>
@@ -259 +259 @@
   else
     sl_strlcpy(tmp, fmt, 256);
-  retval = sl_strlen(tmp);
+  retval = strlen(tmp);
   if (retval > 0 && tmp[retval-1] == '\n')
     tmp[retval-1] = '\0';
@@ -274 +274 @@
       sprintf      (val, _("[%2d] "), trace_level);
       sl_strlcat   (msg,     val,   256);
-      sl_vsnprintf (&msg[sl_strlen(msg)], 255, tmp, ap);
+      sl_vsnprintf (&msg[strlen(msg)], 255, tmp, ap);
       sl_snprintf  (tmp, 255, _(" \t - File %c%s%c at line %d"), 
                     0x22, file, 0x22, line);