summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--include/applets.src.h17
-rw-r--r--loginutils/Config.src237
-rw-r--r--loginutils/Kbuild.src12
-rw-r--r--loginutils/add-remove-shell.c13
-rw-r--r--loginutils/addgroup.c25
-rw-r--r--loginutils/adduser.c51
-rw-r--r--loginutils/chpasswd.c20
-rw-r--r--loginutils/cryptpw.c12
-rw-r--r--loginutils/deluser.c26
-rw-r--r--loginutils/getty.c22
-rw-r--r--loginutils/login.c50
-rw-r--r--loginutils/passwd.c24
-rw-r--r--loginutils/su.c31
-rw-r--r--loginutils/sulogin.c12
-rw-r--r--loginutils/vlock.c16
15 files changed, 290 insertions, 278 deletions
diff --git a/include/applets.src.h b/include/applets.src.h
index f491799..5b59720 100644
--- a/include/applets.src.h
+++ b/include/applets.src.h
@@ -76,8 +76,6 @@ INSERT
IF_TEST(APPLET_NOFORK([, test, BB_DIR_USR_BIN, BB_SUID_DROP, test))
IF_TEST(APPLET_NOFORK([[, test, BB_DIR_USR_BIN, BB_SUID_DROP, test))
IF_ACPID(APPLET(acpid, BB_DIR_SBIN, BB_SUID_DROP))
-IF_ADDGROUP(APPLET(addgroup, BB_DIR_USR_SBIN, BB_SUID_DROP))
-IF_ADDUSER(APPLET(adduser, BB_DIR_USR_SBIN, BB_SUID_DROP))
IF_ADJTIMEX(APPLET(adjtimex, BB_DIR_SBIN, BB_SUID_DROP))
IF_ARP(APPLET(arp, BB_DIR_SBIN, BB_SUID_DROP))
IF_ARPING(APPLET(arping, BB_DIR_USR_SBIN, BB_SUID_DROP))
@@ -94,7 +92,6 @@ IF_CHCON(APPLET(chcon, BB_DIR_USR_BIN, BB_SUID_DROP))
IF_CHGRP(APPLET_NOEXEC(chgrp, chgrp, BB_DIR_BIN, BB_SUID_DROP, chgrp))
IF_CHMOD(APPLET_NOEXEC(chmod, chmod, BB_DIR_BIN, BB_SUID_DROP, chmod))
IF_CHOWN(APPLET_NOEXEC(chown, chown, BB_DIR_BIN, BB_SUID_DROP, chown))
-IF_CHPASSWD(APPLET(chpasswd, BB_DIR_USR_SBIN, BB_SUID_DROP))
IF_CHROOT(APPLET(chroot, BB_DIR_USR_SBIN, BB_SUID_DROP))
IF_CHRT(APPLET(chrt, BB_DIR_USR_BIN, BB_SUID_DROP))
IF_CHVT(APPLET(chvt, BB_DIR_USR_BIN, BB_SUID_DROP))
@@ -104,13 +101,10 @@ IF_COMM(APPLET(comm, BB_DIR_USR_BIN, BB_SUID_DROP))
IF_CP(APPLET_NOEXEC(cp, cp, BB_DIR_BIN, BB_SUID_DROP, cp))
/* Needs to be run by root or be suid root - needs to change /var/spool/cron* files: */
IF_CRONTAB(APPLET(crontab, BB_DIR_USR_BIN, BB_SUID_REQUIRE))
-IF_CRYPTPW(APPLET(cryptpw, BB_DIR_USR_BIN, BB_SUID_DROP))
IF_CUT(APPLET_NOEXEC(cut, cut, BB_DIR_USR_BIN, BB_SUID_DROP, cut))
IF_DC(APPLET(dc, BB_DIR_USR_BIN, BB_SUID_DROP))
IF_DD(APPLET_NOEXEC(dd, dd, BB_DIR_BIN, BB_SUID_DROP, dd))
IF_DEALLOCVT(APPLET(deallocvt, BB_DIR_USR_BIN, BB_SUID_DROP))
-IF_DELGROUP(APPLET_ODDNAME(delgroup, deluser, BB_DIR_USR_SBIN, BB_SUID_DROP, delgroup))
-IF_DELUSER(APPLET(deluser, BB_DIR_USR_SBIN, BB_SUID_DROP))
IF_DEVFSD(APPLET(devfsd, BB_DIR_SBIN, BB_SUID_DROP))
IF_DEVMEM(APPLET(devmem, BB_DIR_SBIN, BB_SUID_DROP))
IF_DF(APPLET(df, BB_DIR_BIN, BB_SUID_DROP))
@@ -160,7 +154,6 @@ IF_FUSER(APPLET(fuser, BB_DIR_USR_BIN, BB_SUID_DROP))
IF_GETENFORCE(APPLET(getenforce, BB_DIR_USR_SBIN, BB_SUID_DROP))
IF_GETOPT(APPLET(getopt, BB_DIR_BIN, BB_SUID_DROP))
IF_GETSEBOOL(APPLET(getsebool, BB_DIR_USR_SBIN, BB_SUID_DROP))
-IF_GETTY(APPLET(getty, BB_DIR_SBIN, BB_SUID_DROP))
IF_HD(APPLET_NOEXEC(hd, hexdump, BB_DIR_USR_BIN, BB_SUID_DROP, hd))
IF_HDPARM(APPLET(hdparm, BB_DIR_SBIN, BB_SUID_DROP))
IF_HEAD(APPLET_NOEXEC(head, head, BB_DIR_USR_BIN, BB_SUID_DROP, head))
@@ -205,8 +198,6 @@ IF_LN(APPLET_NOEXEC(ln, ln, BB_DIR_BIN, BB_SUID_DROP, ln))
IF_LOAD_POLICY(APPLET(load_policy, BB_DIR_USR_SBIN, BB_SUID_DROP))
IF_LOADFONT(APPLET(loadfont, BB_DIR_USR_SBIN, BB_SUID_DROP))
IF_LOADKMAP(APPLET(loadkmap, BB_DIR_SBIN, BB_SUID_DROP))
-/* Needs to be run by root or be suid root - needs to change uid and gid: */
-IF_LOGIN(APPLET(login, BB_DIR_BIN, BB_SUID_REQUIRE))
IF_LOGNAME(APPLET_NOFORK(logname, logname, BB_DIR_USR_BIN, BB_SUID_DROP, logname))
IF_LOSETUP(APPLET(losetup, BB_DIR_SBIN, BB_SUID_DROP))
IF_LS(APPLET_NOEXEC(ls, ls, BB_DIR_BIN, BB_SUID_DROP, ls))
@@ -228,7 +219,6 @@ IF_MKFS_MINIX(APPLET_ODDNAME(mkfs.minix, mkfs_minix, BB_DIR_SBIN, BB_SUID_DROP,
IF_MKFS_REISER(APPLET_ODDNAME(mkfs.reiser, mkfs_reiser, BB_DIR_SBIN, BB_SUID_DROP, mkfs_reiser))
IF_MKFS_VFAT(APPLET_ODDNAME(mkfs.vfat, mkfs_vfat, BB_DIR_SBIN, BB_SUID_DROP, mkfs_vfat))
IF_MKNOD(APPLET_NOEXEC(mknod, mknod, BB_DIR_BIN, BB_SUID_DROP, mknod))
-IF_CRYPTPW(APPLET_ODDNAME(mkpasswd, cryptpw, BB_DIR_USR_BIN, BB_SUID_DROP, mkpasswd))
IF_MKSWAP(APPLET(mkswap, BB_DIR_SBIN, BB_SUID_DROP))
IF_MORE(APPLET(more, BB_DIR_BIN, BB_SUID_DROP))
/* On full-blown systems, requires suid for user mounts.
@@ -249,8 +239,6 @@ IF_NTPD(APPLET(ntpd, BB_DIR_USR_SBIN, BB_SUID_DROP))
IF_OD(APPLET(od, BB_DIR_USR_BIN, BB_SUID_DROP))
IF_OPENVT(APPLET(openvt, BB_DIR_USR_BIN, BB_SUID_DROP))
//IF_PARSE(APPLET(parse, BB_DIR_USR_BIN, BB_SUID_DROP))
-/* Needs to be run by root or be suid root - needs to change /etc/{passwd,shadow}: */
-IF_PASSWD(APPLET(passwd, BB_DIR_USR_BIN, BB_SUID_REQUIRE))
IF_PGREP(APPLET(pgrep, BB_DIR_USR_BIN, BB_SUID_DROP))
IF_PIDOF(APPLET(pidof, BB_DIR_BIN, BB_SUID_DROP))
IF_PIVOT_ROOT(APPLET(pivot_root, BB_DIR_SBIN, BB_SUID_DROP))
@@ -308,9 +296,6 @@ IF_SPLIT(APPLET(split, BB_DIR_USR_BIN, BB_SUID_DROP))
IF_STAT(APPLET(stat, BB_DIR_BIN, BB_SUID_DROP))
IF_STRINGS(APPLET(strings, BB_DIR_USR_BIN, BB_SUID_DROP))
IF_STTY(APPLET(stty, BB_DIR_BIN, BB_SUID_DROP))
-/* Needs to be run by root or be suid root - needs to change uid and gid: */
-IF_SU(APPLET(su, BB_DIR_BIN, BB_SUID_REQUIRE))
-IF_SULOGIN(APPLET(sulogin, BB_DIR_SBIN, BB_SUID_DROP))
IF_SUM(APPLET(sum, BB_DIR_USR_BIN, BB_SUID_DROP))
IF_SWAPONOFF(APPLET_ODDNAME(swapoff, swap_on_off, BB_DIR_SBIN, BB_SUID_DROP, swapoff))
IF_SWAPONOFF(APPLET_ODDNAME(swapon, swap_on_off, BB_DIR_SBIN, BB_SUID_DROP, swapon))
@@ -352,8 +337,6 @@ IF_USLEEP(APPLET_NOFORK(usleep, usleep, BB_DIR_BIN, BB_SUID_DROP, usleep))
IF_UUDECODE(APPLET(uudecode, BB_DIR_USR_BIN, BB_SUID_DROP))
IF_UUENCODE(APPLET(uuencode, BB_DIR_USR_BIN, BB_SUID_DROP))
IF_VCONFIG(APPLET(vconfig, BB_DIR_SBIN, BB_SUID_DROP))
-/* Needs to be run by root or be suid root - needs to change uid and gid: */
-IF_VLOCK(APPLET(vlock, BB_DIR_USR_BIN, BB_SUID_REQUIRE))
IF_VOLNAME(APPLET(volname, BB_DIR_USR_BIN, BB_SUID_DROP))
IF_WATCH(APPLET(watch, BB_DIR_BIN, BB_SUID_DROP))
IF_WATCHDOG(APPLET(watchdog, BB_DIR_SBIN, BB_SUID_DROP))
diff --git a/loginutils/Config.src b/loginutils/Config.src
index fa2b4f8..efb954b 100644
--- a/loginutils/Config.src
+++ b/loginutils/Config.src
@@ -5,8 +5,6 @@
menu "Login/Password Management Utilities"
-INSERT
-
config FEATURE_SHADOWPASSWDS
bool "Support for shadow passwords"
default y
@@ -93,239 +91,6 @@ config USE_BB_CRYPT_SHA
With this option off, login will fail password check for any
user which has password encrypted with these algorithms.
-config ADDUSER
- bool "adduser"
- default y
- help
- Utility for creating a new user account.
-
-config FEATURE_ADDUSER_LONG_OPTIONS
- bool "Enable long options"
- default y
- depends on ADDUSER && LONG_OPTS
- help
- Support long options for the adduser applet.
-
-config FEATURE_CHECK_NAMES
- bool "Enable sanity check on user/group names in adduser and addgroup"
- default n
- depends on ADDUSER || ADDGROUP
- help
- Enable sanity check on user and group names in adduser and addgroup.
- To avoid problems, the user or group name should consist only of
- letters, digits, underscores, periods, at signs and dashes,
- and not start with a dash (as defined by IEEE Std 1003.1-2001).
- For compatibility with Samba machine accounts "$" is also supported
- at the end of the user or group name.
-
-config LAST_ID
- int "Last valid uid or gid for adduser and addgroup"
- depends on ADDUSER || ADDGROUP
- default 60000
- help
- Last valid uid or gid for adduser and addgroup
-
-config FIRST_SYSTEM_ID
- int "First valid system uid or gid for adduser and addgroup"
- depends on ADDUSER || ADDGROUP
- range 0 LAST_ID
- default 100
- help
- First valid system uid or gid for adduser and addgroup
-
-config LAST_SYSTEM_ID
- int "Last valid system uid or gid for adduser and addgroup"
- depends on ADDUSER || ADDGROUP
- range FIRST_SYSTEM_ID LAST_ID
- default 999
- help
- Last valid system uid or gid for adduser and addgroup
-
-config ADDGROUP
- bool "addgroup"
- default y
- help
- Utility for creating a new group account.
-
-config FEATURE_ADDGROUP_LONG_OPTIONS
- bool "Enable long options"
- default y
- depends on ADDGROUP && LONG_OPTS
- help
- Support long options for the addgroup applet.
-
-config FEATURE_ADDUSER_TO_GROUP
- bool "Support for adding users to groups"
- default y
- depends on ADDGROUP
- help
- If called with two non-option arguments,
- addgroup will add an existing user to an
- existing group.
-
-config DELUSER
- bool "deluser"
- default y
- help
- Utility for deleting a user account.
-
-config DELGROUP
- bool "delgroup"
- default y
- help
- Utility for deleting a group account.
-
-config FEATURE_DEL_USER_FROM_GROUP
- bool "Support for removing users from groups"
- default y
- depends on DELGROUP
- help
- If called with two non-option arguments, deluser
- or delgroup will remove an user from a specified group.
-
-config GETTY
- bool "getty"
- default y
- select FEATURE_SYSLOG
- help
- getty lets you log in on a tty. It is normally invoked by init.
-
- Note that you can save a few bytes by disabling it and
- using login applet directly.
- If you need to reset tty attributes before calling login,
- this script approximates getty:
-
- exec </dev/$1 >/dev/$1 2>&1 || exit 1
- reset
- stty sane; stty ispeed 38400; stty ospeed 38400
- printf "%s login: " "`hostname`"
- read -r login
- exec /bin/login "$login"
-
-config LOGIN
- bool "login"
- default y
- select FEATURE_SYSLOG
- help
- login is used when signing onto a system.
-
- Note that Busybox binary must be setuid root for this applet to
- work properly.
-
-config LOGIN_SESSION_AS_CHILD
- bool "Run logged in session in a child process"
- default y if PAM
- depends on LOGIN
- help
- Run the logged in session in a child process. This allows
- login to clean up things such as utmp entries or PAM sessions
- when the login session is complete. If you use PAM, you
- almost always would want this to be set to Y, else PAM session
- will not be cleaned up.
-
-config LOGIN_SCRIPTS
- bool "Support for login scripts"
- depends on LOGIN
- default y
- help
- Enable this if you want login to execute $LOGIN_PRE_SUID_SCRIPT
- just prior to switching from root to logged-in user.
-
-config FEATURE_NOLOGIN
- bool "Support for /etc/nologin"
- default y
- depends on LOGIN
- help
- The file /etc/nologin is used by (some versions of) login(1).
- If it exists, non-root logins are prohibited.
-
-config FEATURE_SECURETTY
- bool "Support for /etc/securetty"
- default y
- depends on LOGIN
- help
- The file /etc/securetty is used by (some versions of) login(1).
- The file contains the device names of tty lines (one per line,
- without leading /dev/) on which root is allowed to login.
-
-config PASSWD
- bool "passwd"
- default y
- select FEATURE_SYSLOG
- help
- passwd changes passwords for user and group accounts. A normal user
- may only change the password for his/her own account, the super user
- may change the password for any account. The administrator of a group
- may change the password for the group.
-
- Note that Busybox binary must be setuid root for this applet to
- work properly.
-
-config FEATURE_PASSWD_WEAK_CHECK
- bool "Check new passwords for weakness"
- default y
- depends on PASSWD
- help
- With this option passwd will refuse new passwords which are "weak".
-
-config CRYPTPW
- bool "cryptpw"
- default y
- help
- Encrypts the given password with the crypt(3) libc function
- using the given salt. Debian has this utility under mkpasswd
- name. Busybox provides mkpasswd as an alias for cryptpw.
-
-config CHPASSWD
- bool "chpasswd"
- default y
- help
- Reads a file of user name and password pairs from standard input
- and uses this information to update a group of existing users.
-
-config FEATURE_DEFAULT_PASSWD_ALGO
- string "Default password encryption method (passwd -a, cryptpw -m parameter)"
- default "des"
- depends on PASSWD || CRYPTPW
- help
- Possible choices are "d[es]", "m[d5]", "s[ha256]" or "sha512".
-
-config SU
- bool "su"
- default y
- select FEATURE_SYSLOG
- help
- su is used to become another user during a login session.
- Invoked without a username, su defaults to becoming the super user.
-
- Note that Busybox binary must be setuid root for this applet to
- work properly.
-
-config FEATURE_SU_SYSLOG
- bool "Enable su to write to syslog"
- default y
- depends on SU
-
-config FEATURE_SU_CHECKS_SHELLS
- bool "Enable su to check user's shell to be listed in /etc/shells"
- depends on SU
- default y
-
-config SULOGIN
- bool "sulogin"
- default y
- select FEATURE_SYSLOG
- help
- sulogin is invoked when the system goes into single user
- mode (this is done through an entry in inittab).
-
-config VLOCK
- bool "vlock"
- default y
- help
- Build the "vlock" applet which allows you to lock (virtual) terminals.
-
- Note that Busybox binary must be setuid root for this applet to
- work properly.
+INSERT
endmenu
diff --git a/loginutils/Kbuild.src b/loginutils/Kbuild.src
index ef416a7..6b4fb74 100644
--- a/loginutils/Kbuild.src
+++ b/loginutils/Kbuild.src
@@ -7,15 +7,3 @@
lib-y:=
INSERT
-lib-$(CONFIG_ADDGROUP) += addgroup.o
-lib-$(CONFIG_ADDUSER) += adduser.o
-lib-$(CONFIG_CRYPTPW) += cryptpw.o
-lib-$(CONFIG_CHPASSWD) += chpasswd.o
-lib-$(CONFIG_GETTY) += getty.o
-lib-$(CONFIG_LOGIN) += login.o
-lib-$(CONFIG_PASSWD) += passwd.o
-lib-$(CONFIG_SU) += su.o
-lib-$(CONFIG_SULOGIN) += sulogin.o
-lib-$(CONFIG_VLOCK) += vlock.o
-lib-$(CONFIG_DELUSER) += deluser.o
-lib-$(CONFIG_DELGROUP) += deluser.o
diff --git a/loginutils/add-remove-shell.c b/loginutils/add-remove-shell.c
index 9419ff5..ce4a7bb 100644
--- a/loginutils/add-remove-shell.c
+++ b/loginutils/add-remove-shell.c
@@ -7,13 +7,6 @@
* Licensed under GPLv2 or later, see the LICENSE file in this source tree
* for details.
*/
-
-//applet:IF_ADD_SHELL( APPLET_ODDNAME(add-shell , add_remove_shell, BB_DIR_USR_SBIN, BB_SUID_DROP, add_shell ))
-//applet:IF_REMOVE_SHELL(APPLET_ODDNAME(remove-shell, add_remove_shell, BB_DIR_USR_SBIN, BB_SUID_DROP, remove_shell))
-
-//kbuild:lib-$(CONFIG_ADD_SHELL) += add-remove-shell.o
-//kbuild:lib-$(CONFIG_REMOVE_SHELL) += add-remove-shell.o
-
//config:config ADD_SHELL
//config: bool "add-shell"
//config: default y if DESKTOP
@@ -26,6 +19,12 @@
//config: help
//config: Remove shells from /etc/shells.
+//applet:IF_ADD_SHELL( APPLET_ODDNAME(add-shell , add_remove_shell, BB_DIR_USR_SBIN, BB_SUID_DROP, add_shell ))
+//applet:IF_REMOVE_SHELL(APPLET_ODDNAME(remove-shell, add_remove_shell, BB_DIR_USR_SBIN, BB_SUID_DROP, remove_shell))
+
+//kbuild:lib-$(CONFIG_ADD_SHELL) += add-remove-shell.o
+//kbuild:lib-$(CONFIG_REMOVE_SHELL) += add-remove-shell.o
+
//usage:#define add_shell_trivial_usage
//usage: "SHELL..."
//usage:#define add_shell_full_usage "\n\n"
diff --git a/loginutils/addgroup.c b/loginutils/addgroup.c
index 260e337..4d4fc3f 100644
--- a/loginutils/addgroup.c
+++ b/loginutils/addgroup.c
@@ -9,6 +9,31 @@
* Licensed under GPLv2 or later, see file LICENSE in this source tree.
*
*/
+//config:config ADDGROUP
+//config: bool "addgroup"
+//config: default y
+//config: help
+//config: Utility for creating a new group account.
+//config:
+//config:config FEATURE_ADDGROUP_LONG_OPTIONS
+//config: bool "Enable long options"
+//config: default y
+//config: depends on ADDGROUP && LONG_OPTS
+//config: help
+//config: Support long options for the addgroup applet.
+//config:
+//config:config FEATURE_ADDUSER_TO_GROUP
+//config: bool "Support for adding users to groups"
+//config: default y
+//config: depends on ADDGROUP
+//config: help
+//config: If called with two non-option arguments,
+//config: addgroup will add an existing user to an
+//config: existing group.
+
+//applet:IF_ADDGROUP(APPLET(addgroup, BB_DIR_USR_SBIN, BB_SUID_DROP))
+
+//kbuild:lib-$(CONFIG_ADDGROUP) += addgroup.o
//usage:#define addgroup_trivial_usage
//usage: "[-g GID] [-S] " IF_FEATURE_ADDUSER_TO_GROUP("[USER] ") "GROUP"
diff --git a/loginutils/adduser.c b/loginutils/adduser.c
index 605e336..608fb84 100644
--- a/loginutils/adduser.c
+++ b/loginutils/adduser.c
@@ -7,6 +7,57 @@
*
* Licensed under GPLv2 or later, see file LICENSE in this source tree.
*/
+//config:config ADDUSER
+//config: bool "adduser"
+//config: default y
+//config: help
+//config: Utility for creating a new user account.
+//config:
+//config:config FEATURE_ADDUSER_LONG_OPTIONS
+//config: bool "Enable long options"
+//config: default y
+//config: depends on ADDUSER && LONG_OPTS
+//config: help
+//config: Support long options for the adduser applet.
+//config:
+//config:config FEATURE_CHECK_NAMES
+//config: bool "Enable sanity check on user/group names in adduser and addgroup"
+//config: default n
+//config: depends on ADDUSER || ADDGROUP
+//config: help
+//config: Enable sanity check on user and group names in adduser and addgroup.
+//config: To avoid problems, the user or group name should consist only of
+//config: letters, digits, underscores, periods, at signs and dashes,
+//config: and not start with a dash (as defined by IEEE Std 1003.1-2001).
+//config: For compatibility with Samba machine accounts "$" is also supported
+//config: at the end of the user or group name.
+//config:
+//config:config LAST_ID
+//config: int "Last valid uid or gid for adduser and addgroup"
+//config: depends on ADDUSER || ADDGROUP
+//config: default 60000
+//config: help
+//config: Last valid uid or gid for adduser and addgroup
+//config:
+//config:config FIRST_SYSTEM_ID
+//config: int "First valid system uid or gid for adduser and addgroup"
+//config: depends on ADDUSER || ADDGROUP
+//config: range 0 LAST_ID
+//config: default 100
+//config: help
+//config: First valid system uid or gid for adduser and addgroup
+//config:
+//config:config LAST_SYSTEM_ID
+//config: int "Last valid system uid or gid for adduser and addgroup"
+//config: depends on ADDUSER || ADDGROUP
+//config: range FIRST_SYSTEM_ID LAST_ID
+//config: default 999
+//config: help
+//config: Last valid system uid or gid for adduser and addgroup
+
+//applet:IF_ADDUSER(APPLET(adduser, BB_DIR_USR_SBIN, BB_SUID_DROP))
+
+//kbuild:lib-$(CONFIG_ADDUSER) += adduser.o
//usage:#define adduser_trivial_usage
//usage: "[OPTIONS] USER [GROUP]"
diff --git a/loginutils/chpasswd.c b/loginutils/chpasswd.c
index 54ed737..6c41d17 100644
--- a/loginutils/chpasswd.c
+++ b/loginutils/chpasswd.c
@@ -5,7 +5,23 @@
* Written for SLIND (from passwd.c) by Alexander Shishkin <virtuoso@slind.org>
* Licensed under GPLv2 or later, see file LICENSE in this source tree.
*/
-#include "libbb.h"
+//config:config CHPASSWD
+//config: bool "chpasswd"
+//config: default y
+//config: help
+//config: Reads a file of user name and password pairs from standard input
+//config: and uses this information to update a group of existing users.
+//config:
+//config:config FEATURE_DEFAULT_PASSWD_ALGO
+//config: string "Default password encryption method (passwd -a, cryptpw -m parameter)"
+//config: default "des"
+//config: depends on PASSWD || CRYPTPW
+//config: help
+//config: Possible choices are "d[es]", "m[d5]", "s[ha256]" or "sha512".
+
+//applet:IF_CHPASSWD(APPLET(chpasswd, BB_DIR_USR_SBIN, BB_SUID_DROP))
+
+//kbuild:lib-$(CONFIG_CHPASSWD) += chpasswd.o
//usage:#define chpasswd_trivial_usage
//usage: IF_LONG_OPTS("[--md5|--encrypted]") IF_NOT_LONG_OPTS("[-m|-e]")
@@ -22,6 +38,8 @@
//TODO: implement -c ALGO
+#include "libbb.h"
+
#if ENABLE_LONG_OPTS
static const char chpasswd_longopts[] ALIGN1 =
"encrypted\0" No_argument "e"
diff --git a/loginutils/cryptpw.c b/loginutils/cryptpw.c
index 29f0fbe..55dcc29 100644
--- a/loginutils/cryptpw.c
+++ b/loginutils/cryptpw.c
@@ -9,6 +9,18 @@
*
* Licensed under GPLv2, see file LICENSE in this source tree.
*/
+//config:config CRYPTPW
+//config: bool "cryptpw"
+//config: default y
+//config: help
+//config: Encrypts the given password with the crypt(3) libc function
+//config: using the given salt. Debian has this utility under mkpasswd
+//config: name. Busybox provides mkpasswd as an alias for cryptpw.
+
+//applet:IF_CRYPTPW(APPLET(cryptpw, BB_DIR_USR_BIN, BB_SUID_DROP))
+//applet:IF_CRYPTPW(APPLET_ODDNAME(mkpasswd, cryptpw, BB_DIR_USR_BIN, BB_SUID_DROP, mkpasswd))
+
+//kbuild:lib-$(CONFIG_CRYPTPW) += cryptpw.o
//usage:#define cryptpw_trivial_usage
//usage: "[OPTIONS] [PASSWORD] [SALT]"
diff --git a/loginutils/deluser.c b/loginutils/deluser.c
index 110cd63..7c3caf9 100644
--- a/loginutils/deluser.c
+++ b/loginutils/deluser.c
@@ -7,8 +7,32 @@
* Copyright (C) 2007 by Tito Ragusa <farmatito@tiscali.it>
*
* Licensed under GPLv2, see file LICENSE in this source tree.
- *
*/
+//config:config DELUSER
+//config: bool "deluser"
+//config: default y
+//config: help
+//config: Utility for deleting a user account.
+//config:
+//config:config DELGROUP
+//config: bool "delgroup"
+//config: default y
+//config: help
+//config: Utility for deleting a group account.
+//config:
+//config:config FEATURE_DEL_USER_FROM_GROUP
+//config: bool "Support for removing users from groups"
+//config: default y
+//config: depends on DELGROUP
+//config: help
+//config: If called with two non-option arguments, deluser
+//config: or delgroup will remove an user from a specified group.
+
+//applet:IF_DELUSER(APPLET(deluser, BB_DIR_USR_SBIN, BB_SUID_DROP))
+//applet:IF_DELGROUP(APPLET_ODDNAME(delgroup, deluser, BB_DIR_USR_SBIN, BB_SUID_DROP, delgroup))
+
+//kbuild:lib-$(CONFIG_DELUSER) += deluser.o
+//kbuild:lib-$(CONFIG_DELGROUP) += deluser.o
//usage:#define deluser_trivial_usage
//usage: IF_LONG_OPTS("[--remove-home] ") "USER"
diff --git a/loginutils/getty.c b/loginutils/getty.c
index 762d5c7..b10bdbd 100644
--- a/loginutils/getty.c
+++ b/loginutils/getty.c
@@ -21,6 +21,28 @@
*
* Licensed under GPLv2 or later, see file LICENSE in this source tree.
*/
+//config:config GETTY
+//config: bool "getty"
+//config: default y
+//config: select FEATURE_SYSLOG
+//config: help
+//config: getty lets you log in on a tty. It is normally invoked by init.
+//config:
+//config: Note that you can save a few bytes by disabling it and
+//config: using login applet directly.
+//config: If you need to reset tty attributes before calling login,
+//config: this script approximates getty:
+//config:
+//config: exec </dev/$1 >/dev/$1 2>&1 || exit 1
+//config: reset
+//config: stty sane; stty ispeed 38400; stty ospeed 38400
+//config: printf "%s login: " "`hostname`"
+//config: read -r login
+//config: exec /bin/login "$login"
+
+//applet:IF_GETTY(APPLET(getty, BB_DIR_SBIN, BB_SUID_DROP))
+
+//kbuild:lib-$(CONFIG_GETTY) += getty.o
#include "libbb.h"
#include <syslog.h>
diff --git a/loginutils/login.c b/loginutils/login.c
index 1700cfc..f1f04da 100644
--- a/loginutils/login.c
+++ b/loginutils/login.c
@@ -2,6 +2,56 @@
/*
* Licensed under GPLv2 or later, see file LICENSE in this source tree.
*/
+//config:config LOGIN
+//config: bool "login"
+//config: default y
+//config: select FEATURE_SYSLOG
+//config: help
+//config: login is used when signing onto a system.
+//config:
+//config: Note that Busybox binary must be setuid root for this applet to
+//config: work properly.
+//config:
+//config:config LOGIN_SESSION_AS_CHILD
+//config: bool "Run logged in session in a child process"
+//config: default y if PAM
+//config: depends on LOGIN
+//config: help
+//config: Run the logged in session in a child process. This allows
+//config: login to clean up things such as utmp entries or PAM sessions
+//config: when the login session is complete. If you use PAM, you
+//config: almost always would want this to be set to Y, else PAM session
+//config: will not be cleaned up.
+//config:
+//config:config LOGIN_SCRIPTS
+//config: bool "Support for login scripts"
+//config: depends on LOGIN
+//config: default y
+//config: help
+//config: Enable this if you want login to execute $LOGIN_PRE_SUID_SCRIPT
+//config: just prior to switching from root to logged-in user.
+//config:
+//config:config FEATURE_NOLOGIN
+//config: bool "Support for /etc/nologin"
+//config: default y
+//config: depends on LOGIN
+//config: help
+//config: The file /etc/nologin is used by (some versions of) login(1).
+//config: If it exists, non-root logins are prohibited.
+//config:
+//config:config FEATURE_SECURETTY
+//config: bool "Support for /etc/securetty"
+//config: default y
+//config: depends on LOGIN
+//config: help
+//config: The file /etc/securetty is used by (some versions of) login(1).
+//config: The file contains the device names of tty lines (one per line,
+//config: without leading /dev/) on which root is allowed to login.
+
+//applet:/* Needs to be run by root or be suid root - needs to change uid and gid: */
+//applet:IF_LOGIN(APPLET(login, BB_DIR_BIN, BB_SUID_REQUIRE))
+
+//kbuild:lib-$(CONFIG_LOGIN) += login.o
//usage:#define login_trivial_usage
//usage: "[-p] [-h HOST] [[-f] USER]"
diff --git a/loginutils/passwd.c b/loginutils/passwd.c
index 1509089..73726d3 100644
--- a/loginutils/passwd.c
+++ b/loginutils/passwd.c
@@ -2,6 +2,30 @@
/*
* Licensed under GPLv2 or later, see file LICENSE in this source tree.
*/
+//config:config PASSWD
+//config: bool "passwd"
+//config: default y
+//config: select FEATURE_SYSLOG
+//config: help
+//config: passwd changes passwords for user and group accounts. A normal user
+//config: may only change the password for his/her own account, the super user
+//config: may change the password for any account. The administrator of a group
+//config: may change the password for the group.
+//config:
+//config: Note that Busybox binary must be setuid root for this applet to
+//config: work properly.
+//config:
+//config:config FEATURE_PASSWD_WEAK_CHECK
+//config: bool "Check new passwords for weakness"
+//config: default y
+//config: depends on PASSWD
+//config: help
+//config: With this option passwd will refuse new passwords which are "weak".
+
+//applet:/* Needs to be run by root or be suid root - needs to change /etc/{passwd,shadow}: */
+//applet:IF_PASSWD(APPLET(passwd, BB_DIR_USR_BIN, BB_SUID_REQUIRE))
+
+//kbuild:lib-$(CONFIG_PASSWD) += passwd.o
//usage:#define passwd_trivial_usage
//usage: "[OPTIONS] [USER]"
diff --git a/loginutils/su.c b/loginutils/su.c
index f812505..3c0e8c1 100644
--- a/loginutils/su.c
+++ b/loginutils/su.c
@@ -4,9 +4,31 @@
*
* Licensed under GPLv2 or later, see file LICENSE in this source tree.
*/
-
-#include "libbb.h"
-#include <syslog.h>
+//config:config SU
+//config: bool "su"
+//config: default y
+//config: select FEATURE_SYSLOG
+//config: help
+//config: su is used to become another user during a login session.
+//config: Invoked without a username, su defaults to becoming the super user.
+//config:
+//config: Note that Busybox binary must be setuid root for this applet to
+//config: work properly.
+//config:
+//config:config FEATURE_SU_SYSLOG
+//config: bool "Enable su to write to syslog"
+//config: default y
+//config: depends on SU
+//config:
+//config:config FEATURE_SU_CHECKS_SHELLS
+//config: bool "Enable su to check user's shell to be listed in /etc/shells"
+//config: depends on SU
+//config: default y
+
+//applet:/* Needs to be run by root or be suid root - needs to change uid and gid: */
+//applet:IF_SU(APPLET(su, BB_DIR_BIN, BB_SUID_REQUIRE))
+
+//kbuild:lib-$(CONFIG_SU) += su.o
//usage:#define su_trivial_usage
//usage: "[OPTIONS] [-] [USER]"
@@ -17,6 +39,9 @@
//usage: "\n -c CMD Command to pass to 'sh -c'"
//usage: "\n -s SH Shell to use instead of user's default"
+#include "libbb.h"
+#include <syslog.h>
+
#if ENABLE_FEATURE_SU_CHECKS_SHELLS
/* Return 1 if SHELL is a restricted shell (one not returned by
* getusershell), else 0, meaning it is a standard shell. */
diff --git a/loginutils/sulogin.c b/loginutils/sulogin.c
index 2a29099..19b1e30 100644
--- a/loginutils/sulogin.c
+++ b/loginutils/sulogin.c
@@ -4,6 +4,18 @@
*
* Licensed under GPLv2 or later, see file LICENSE in this source tree.
*/
+//config:config SULOGIN
+//config: bool "sulogin"
+//config: default y
+//config: select FEATURE_SYSLOG
+//config: help
+//config: sulogin is invoked when the system goes into single user
+//config: mode (this is done through an entry in inittab).
+
+//applet:/* Needs to be run by root or be suid root - needs to change uid and gid: */
+//applet:IF_SULOGIN(APPLET(sulogin, BB_DIR_SBIN, BB_SUID_DROP))
+
+//kbuild:lib-$(CONFIG_SULOGIN) += sulogin.o
//usage:#define sulogin_trivial_usage
//usage: "[-t N] [TTY]"
diff --git a/loginutils/vlock.c b/loginutils/vlock.c
index 44b14e6..52ae607 100644
--- a/loginutils/vlock.c
+++ b/loginutils/vlock.c
@@ -13,7 +13,21 @@
* minimalistic vlock.
*/
/* Fixed by Erik Andersen to do passwords the tinylogin way...
- * It now works with md5, sha1, etc passwords. */
+ * It now works with md5, sha1, etc passwords.
+ */
+//config:config VLOCK
+//config: bool "vlock"
+//config: default y
+//config: help
+//config: Build the "vlock" applet which allows you to lock (virtual) terminals.
+//config:
+//config: Note that Busybox binary must be setuid root for this applet to
+//config: work properly.
+
+//applet:/* Needs to be run by root or be suid root - needs to change uid and gid: */
+//applet:IF_VLOCK(APPLET(vlock, BB_DIR_USR_BIN, BB_SUID_REQUIRE))
+
+//kbuild:lib-$(CONFIG_VLOCK) += vlock.o
//usage:#define vlock_trivial_usage
//usage: "[-a]"