Changeset 2725 for branches/2.2.9/mindi-busybox/loginutils – MondoRescue

branches/2.2.9/mindi-busybox/loginutils/Config.in

-              r1765
+              r2725
+# DO NOT EDIT. This file is generated from Config.src
+#
 # For a description of the syntax of this configuration file,
 …
 menu "Login/Password Management Utilities"
+config ADD_SHELL
+       bool "add-shell"
+       default y if DESKTOP
+       help
+         Add shells to /etc/shells.
+config REMOVE_SHELL
+       bool "remove-shell"
+       default y if DESKTOP
+       help
+         Remove shells from /etc/shells.
 config FEATURE_SHADOWPASSWDS
     bool "Support for shadow passwords"
     default n
     help
       Build support for shadow password in /etc/shadow.  This file is only
+    default y
+    help
+      Build support for shadow password in /etc/shadow. This file is only
       readable by root and thus the encrypted passwords are no longer
       publicly readable.
-config USE_BB_SHADOW
-    bool "  Use busybox shadow password functions"
-    default y
-    depends on USE_BB_PWD_GRP && FEATURE_SHADOWPASSWDS
-    help
-        If you leave this disabled, busybox will use the system's shadow
-        password handling functions.  And if you are using the GNU C library
-        (glibc), you will then need to install the /etc/nsswitch.conf
-        configuration file and the required /lib/libnss_* libraries in
-        order for the shadow password functions to work.  This generally
-        makes your embedded system quite a bit larger.
-        Enabling this option will cause busybox to directly access the
-        system's /etc/shadow file when handling shadow passwords.  This
-        makes your system smaller and I will get fewer emails asking about
-        how glibc NSS works).  When this option is enabled, you will not be
-        able to use PAM to access shadow passwords from remote LDAP
-        password servers and whatnot.
 config USE_BB_PWD_GRP
     bool "Use internal password and group functions rather than system functions"
+    default y
+    help
+      If you leave this disabled, busybox will use the system's password
+      and group functions. And if you are using the GNU C library
+      (glibc), you will then need to install the /etc/nsswitch.conf
+      configuration file and the required /lib/libnss_* libraries in
+      order for the password and group functions to work. This generally
+      makes your embedded system quite a bit larger.
+      Enabling this option will cause busybox to directly access the
+      system's /etc/password, /etc/group files (and your system will be
+      smaller, and I will get fewer emails asking about how glibc NSS
+      works). When this option is enabled, you will not be able to use
+      PAM to access remote LDAP password servers and whatnot. And if you
+      want hostname resolution to work with glibc, you still need the
+      /lib/libnss_* libraries.
+      If you need to use glibc's nsswitch.conf mechanism
+      (e.g. if user/group database is NOT stored in /etc/passwd etc),
+      you must NOT use this option.
+      If you enable this option, it will add about 1.5k.
+config USE_BB_SHADOW
+    bool "Use internal shadow password functions"
+    default y
+    depends on USE_BB_PWD_GRP && FEATURE_SHADOWPASSWDS
+    help
+      If you leave this disabled, busybox will use the system's shadow
+      password handling functions. And if you are using the GNU C library
+      (glibc), you will then need to install the /etc/nsswitch.conf
+      configuration file and the required /lib/libnss_* libraries in
+      order for the shadow password functions to work. This generally
+      makes your embedded system quite a bit larger.
+      Enabling this option will cause busybox to directly access the
+      system's /etc/shadow file when handling shadow passwords. This
+      makes your system smaller (and I will get fewer emails asking about
+      how glibc NSS works). When this option is enabled, you will not be
+      able to use PAM to access shadow passwords from remote LDAP
+      password servers and whatnot.
+config USE_BB_CRYPT
+    bool "Use internal crypt functions"
+    default y
+    help
+      Busybox has internal DES and MD5 crypt functions.
+      They produce results which are identical to corresponding
+      standard C library functions.
+      If you leave this disabled, busybox will use the system's
+      crypt functions. Most C libraries use large (~70k)
+      static buffers there, and also combine them with more general
+      DES encryption/decryption.
+      For busybox, having large static buffers is undesirable,
+      especially on NOMMU machines. Busybox also doesn't need
+      DES encryption/decryption and can do with smaller code.
+      If you enable this option, it will add about 4.8k of code
+      if you are building dynamically linked executable.
+      In static build, it makes code _smaller_ by about 1.2k,
+      and likely many kilobytes less of bss.
+config USE_BB_CRYPT_SHA
+    bool "Enable SHA256/512 crypt functions"
+    default y
+    depends on USE_BB_CRYPT
+    help
+      Enable this if you have passwords starting with "$5$" or "$6$"
+      in your /etc/passwd or /etc/shadow files. These passwords
+      are hashed using SHA256 and SHA512 algorithms. Support for them
+      was added to glibc in 2008.
+      With this option off, login will fail password check for any
+      user which has password encrypted with these algorithms.
+config ADDUSER
+    bool "adduser"
+    default y
+    help
+      Utility for creating a new user account.
+config FEATURE_ADDUSER_LONG_OPTIONS
+    bool "Enable long options"
+    default y
+    depends on ADDUSER && LONG_OPTS
+    help
+      Support long options for the adduser applet.
+config FEATURE_CHECK_NAMES
+    bool "Enable sanity check on user/group names in adduser and addgroup"
     default n
+    help
+        If you leave this disabled, busybox will use the system's password
+        and group functions.  And if you are using the GNU C library
+        (glibc), you will then need to install the /etc/nsswitch.conf
+        configuration file and the required /lib/libnss_* libraries in
+        order for the password and group functions to work.  This generally
+        makes your embedded system quite a bit larger.
+        Enabling this option will cause busybox to directly access the
+        system's /etc/password, /etc/group files (and your system will be
+        smaller, and I will get fewer emails asking about how glibc NSS
+        works).  When this option is enabled, you will not be able to use
+        PAM to access remote LDAP password servers and whatnot.  And if you
+        want hostname resolution to work with glibc, you still need the
+        /lib/libnss_* libraries.
+        If you enable this option, it will add about 1.5k to busybox.
+    depends on ADDUSER || ADDGROUP
+    help
+      Enable sanity check on user and group names in adduser and addgroup.
+      To avoid problems, the user or group name should consist only of
+      letters, digits, underscores, periods, at signs and dashes,
+      and not start with a dash (as defined by IEEE Std 1003.1-2001).
+      For compatibility with Samba machine accounts "$" is also supported
+      at the end of the user or group name.
+config FIRST_SYSTEM_ID
+    int "First valid system uid or gid for adduser and addgroup"
+    depends on ADDUSER || ADDGROUP
+    range 0 64900
+    default 100
+    help
+      First valid system uid or gid for adduser and addgroup
+config LAST_SYSTEM_ID
+    int "Last valid system uid or gid for adduser and addgroup"
+    depends on ADDUSER || ADDGROUP
+    range 0 64900
+    default 999
+    help
+      Last valid system uid or gid for adduser and addgroup
 config ADDGROUP
     bool "addgroup"
     default n
+    default y
     help
       Utility for creating a new group account.
+config FEATURE_ADDGROUP_LONG_OPTIONS
+    bool "Enable long options"
+    default y
+    depends on ADDGROUP && LONG_OPTS
+    help
+      Support long options for the addgroup applet.
 config FEATURE_ADDUSER_TO_GROUP
     bool "Support for adding users to groups"
     default n
+    default y
     depends on ADDGROUP
     help
 …
       existing group.
+config DELUSER
+    bool "deluser"
+    default y
+    help
+      Utility for deleting a user account.
 config DELGROUP
     bool "delgroup"
     default n
+    default y
     help
       Utility for deleting a group account.
 config FEATURE_DEL_USER_FROM_GROUP
     bool "Support for removing users from groups."
     default n
+    bool "Support for removing users from groups"
+    default y
     depends on DELGROUP
     help
 …
       or delgroup will remove an user from a specified group.
-config ADDUSER
-    bool "adduser"
-    default n
-    help
-      Utility for creating a new user account.
-config DELUSER
-    bool "deluser"
-    default n
-    help
-      Utility for deleting a user account.
 config GETTY
     bool "getty"
     default n
+    default y
     select FEATURE_SYSLOG
     help
       getty lets you log in on a tty, it is normally invoked by init.
-config FEATURE_UTMP
-    bool "Support utmp file"
-    depends on GETTY || LOGIN || SU || WHO
-    default n
-    help
-      The file /var/run/utmp is used to track who is currently logged in.
-config FEATURE_WTMP
-    bool "Support wtmp file"
-    depends on GETTY || LOGIN || SU || LAST
-    default n
-    select FEATURE_UTMP
-    help
-      The file /var/run/wtmp is used to track when user's have logged into
-      and logged out of the system.
 config LOGIN
     bool "login"
+    default n
+    select FEATURE_SUID
+    default y
     select FEATURE_SYSLOG
     help
 …
     bool "Support for login scripts"
     depends on LOGIN
     default n
+    default y
     help
       Enable this if you want login to execute $LOGIN_PRE_SUID_SCRIPT
 …
 config PASSWD
     bool "passwd"
+    default n
+    select FEATURE_SUID
+    select FEATURE_SYSLOG
+    help
+      passwd changes passwords for user and group accounts.  A normal user
+    default y
+    select FEATURE_SYSLOG
+    help
+      passwd changes passwords for user and group accounts. A normal user
       may only change the password for his/her own account, the super user
       may change the password for any account.  The administrator of a group
+      may change the password for any account. The administrator of a group
       may change the password for the group.
 …
 config CRYPTPW
     bool "cryptpw"
+    default n
+    help
+      Applet for crypting a string.
+    default y
+    help
+      Encrypts the given password with the crypt(3) libc function
+      using the given salt. Debian has this utility under mkpasswd
+      name. Busybox provides mkpasswd as an alias for cryptpw.
 config CHPASSWD
+       bool "chpasswd"
+       default n
+       help
+         chpasswd  reads  a  file  of user name and password pairs from
+         standard input and uses this information to update a group of
+         existing users.
+    bool "chpasswd"
+    default y
+    help
+      Reads a file of user name and password pairs from standard input
+      and uses this information to update a group of existing users.
 config SU
     bool "su"
+    default n
+    select FEATURE_SUID
+    default y
     select FEATURE_SYSLOG
     help
 …
 config SULOGIN
     bool "sulogin"
     default n
+    default y
     select FEATURE_SYSLOG
     help
 …
 config VLOCK
     bool "vlock"
+    default n
+    select FEATURE_SUID
+    default y
     help
       Build the "vlock" applet which allows you to lock (virtual) terminals.
 …
 endmenu

branches/2.2.9/mindi-busybox/loginutils/Kbuild

-              r1765
+              r2725
+# DO NOT EDIT. This file is generated from Kbuild.src
 # Makefile for busybox
+#
 # Copyright (C) 1999-2005 by Erik Andersen <andersen@codepoet.org>
+#
 # Licensed under the GPL v2, see the file LICENSE in this tarball.
+# Licensed under GPLv2, see file LICENSE in this source tree.
 lib-y:=
+lib-$(CONFIG_ADD_SHELL)    += add-remove-shell.o
+lib-$(CONFIG_REMOVE_SHELL) += add-remove-shell.o
 lib-$(CONFIG_ADDGROUP)  += addgroup.o
 lib-$(CONFIG_ADDUSER)   += adduser.o

branches/2.2.9/mindi-busybox/loginutils/addgroup.c

-              r1765
+              r2725
  * Copyright (C) 2007 by Tito Ragusa <farmatito@tiscali.it>
+ *
  * Licensed under GPLv2 or later, see file LICENSE in this tarball for details.
+ * Licensed under GPLv2 or later, see file LICENSE in this source tree.
+ *
  */
 #include "libbb.h"
+#if CONFIG_LAST_SYSTEM_ID < CONFIG_FIRST_SYSTEM_ID
+#error Bad LAST_SYSTEM_ID or FIRST_SYSTEM_ID in .config
+#endif
+#define OPT_GID                       (1 << 0)
+#define OPT_SYSTEM_ACCOUNT            (1 << 1)
+/* We assume GID_T_MAX == INT_MAX */
 static void xgroup_study(struct group *g)
+{
+    unsigned max = INT_MAX;
     /* Make sure gr_name is unused */
     if (getgrnam(g->gr_name)) {
+        goto error;
+        bb_error_msg_and_die("%s '%s' in use", "group", g->gr_name);
+        /* these format strings are reused in adduser and addgroup */
+    }
+    /* if a specific gid is requested, the --system switch and */
+    /* min and max values are overridden, and the range of valid */
+    /* gid values is set to [0, INT_MAX] */
+    if (!(option_mask32 & OPT_GID)) {
+        if (option_mask32 & OPT_SYSTEM_ACCOUNT) {
+            g->gr_gid = CONFIG_FIRST_SYSTEM_ID;
+            max = CONFIG_LAST_SYSTEM_ID;
+        } else {
+            g->gr_gid = CONFIG_LAST_SYSTEM_ID + 1;
+            max = 64999;
+        }
+    }
     /* Check if the desired gid is free
      * or find the first free one */
 …
             return; /* found free group: return */
+        }
         if (option_mask32) {
+        if (option_mask32 & OPT_GID) {
             /* -g N, cannot pick gid other than N: error */
+            g->gr_name = itoa(g->gr_gid);
+            goto error;
+            bb_error_msg_and_die("%s '%s' in use", "gid", itoa(g->gr_gid));
+            /* this format strings is reused in adduser and addgroup */
+        }
+        if (g->gr_gid == max) {
+            /* overflowed: error */
+            bb_error_msg_and_die("no %cids left", 'g');
+            /* this format string is reused in adduser and addgroup */
+        }
         g->gr_gid++;
-        if (g->gr_gid <= 0) {
-            /* overflowed: error */
-            bb_error_msg_and_die("no gids left");
+        }
+    }
- error:
-    /* exit */
-    bb_error_msg_and_die("group %s already exists", g->gr_name);
+}
 …
 static void new_group(char *group, gid_t gid)
+{
-    FILE *file;
     struct group gr;
+    char *p;
     /* make sure gid and group haven't already been allocated */
 …
     /* add entry to group */
     file = xfopen(bb_path_group_file, "a");
     /* group:passwd:gid:userlist */
     fprintf(file, "%s:x:%d:\n", group, gr.gr_gid);
+    p = xasprintf("x:%u:", (unsigned) gr.gr_gid);
+    if (update_passwd(bb_path_group_file, group, p, NULL) < 0)
+        exit(EXIT_FAILURE);
     if (ENABLE_FEATURE_CLEAN_UP)
         fclose(file);
+        free(p);
 #if ENABLE_FEATURE_SHADOWPASSWDS
+    file = fopen_or_warn(bb_path_gshadow_file, "a");
+    if (file) {
+        fprintf(file, "%s:!::\n", group);
+        if (ENABLE_FEATURE_CLEAN_UP)
+            fclose(file);
+    }
+    /* /etc/gshadow fields:
+     * 1. Group name.
+     * 2. Encrypted password.
+     *    If set, non-members of the group can join the group
+     *    by typing the password for that group using the newgrp command.
+     *    If the value is of this field ! then no user is allowed
+     *    to access the group using the newgrp command. A value of !!
+     *    is treated the same as a value of ! only it indicates
+     *    that a password has never been set before. If the value is null,
+     *    only group members can log into the group.
+     * 3. Group administrators (comma delimited list).
+     *    Group members listed here can add or remove group members
+     *    using the gpasswd command.
+     * 4. Group members (comma delimited list).
+     */
+    /* Ignore errors: if file is missing we assume admin doesn't want it */
+    update_passwd(bb_path_gshadow_file, group, "!::", NULL);
 #endif
+}
+#if ENABLE_FEATURE_ADDUSER_TO_GROUP
+static void add_user_to_group(char **args,
+        const char *path,
+        FILE *(*fopen_func)(const char *fileName, const char *mode))
+{
+    char *line;
+    int len = strlen(args[1]);
+    llist_t *plist = NULL;
+    FILE *group_file;
+    group_file = fopen_func(path, "r");
+    if (!group_file) return;
+    while ((line = xmalloc_getline(group_file))) {
+        /* Find the group */
+        if (!strncmp(line, args[1], len)
+         && line[len] == ':'
+        ) {
+            /* Add the new user */
+            line = xasprintf("%s%s%s", line,
+                        last_char_is(line, ':') ? "" : ",",
+                        args[0]);
+        }
+        llist_add_to_end(&plist, line);
+    }
+    if (ENABLE_FEATURE_CLEAN_UP) {
+        fclose(group_file);
+        group_file = fopen_func(path, "w");
+        while ((line = llist_pop(&plist))) {
+            if (group_file)
+                fprintf(group_file, "%s\n", line);
+            free(line);
+        }
+        if (group_file)
+            fclose(group_file);
+    } else {
+        group_file = fopen_func(path, "w");
+        if (group_file)
+            while ((line = llist_pop(&plist)))
+                fprintf(group_file, "%s\n", line);
+    }
+}
+#if ENABLE_FEATURE_ADDGROUP_LONG_OPTIONS
+static const char addgroup_longopts[] ALIGN1 =
+        "gid\0"                 Required_argument "g"
+        "system\0"              No_argument       "S"
+        ;
 #endif
 …
  * will add an existing user to an existing group.
  */
 int addgroup_main(int argc, char **argv);
 int addgroup_main(int argc, char **argv)
+int addgroup_main(int argc, char **argv) MAIN_EXTERNALLY_VISIBLE;
+int addgroup_main(int argc UNUSED_PARAM, char **argv)
+{
     char *group;
     gid_t gid = 0;
+    unsigned opts;
+    unsigned gid = 0;
     /* need to be root */
 …
         bb_error_msg_and_die(bb_msg_perm_denied_are_you_root);
+    }
+#if ENABLE_FEATURE_ADDGROUP_LONG_OPTIONS
+    applet_long_options = addgroup_longopts;
+#endif
     /* Syntax:
      *  addgroup group
 …
      *  addgroup user group
      * Check for min, max and missing args */
+    opt_complementary = "-1:?2";
+    if (getopt32(argv, "g:", &group)) {
+        gid = xatoul_range(group, 0, ((unsigned long)(gid_t)ULONG_MAX) >> 1);
+    }
+    opt_complementary = "-1:?2:g+";
+    opts = getopt32(argv, "g:S", &gid);
     /* move past the commandline options */
     argv += optind;
     argc -= optind;
+    //argc -= optind;
 #if ENABLE_FEATURE_ADDUSER_TO_GROUP
     if (argc == 2) {
+    if (argv[1]) {
         struct group *gr;
         if (option_mask32) {
+        if (opts & OPT_GID) {
             /* -g was there, but "addgroup -g num user group"
              * is a no-no */
 …
         /* check if group and user exist */
         xuname2uid(argv[0]); /* unknown user: exit */
         xgroup2gid(argv[1]); /* unknown group: exit */
+        gr = xgetgrnam(argv[1]); /* unknown group: exit */
         /* check if user is already in this group */
-        gr = getgrnam(argv[1]);
         for (; *(gr->gr_mem) != NULL; (gr->gr_mem)++) {
             if (!strcmp(argv[0], *(gr->gr_mem))) {
 …
+            }
+        }
+        add_user_to_group(argv, bb_path_group_file, xfopen);
+#if ENABLE_FEATURE_SHADOWPASSWDS
+        add_user_to_group(argv, bb_path_gshadow_file, fopen_or_warn);
+#endif /* ENABLE_FEATURE_SHADOWPASSWDS */
+        if (update_passwd(bb_path_group_file, argv[1], NULL, argv[0]) < 0) {
+            return EXIT_FAILURE;
+        }
+# if ENABLE_FEATURE_SHADOWPASSWDS
+        update_passwd(bb_path_gshadow_file, argv[1], NULL, argv[0]);
+# endif
     } else
 #endif /* ENABLE_FEATURE_ADDUSER_TO_GROUP */
+    {
+        die_if_bad_username(argv[0]);
         new_group(argv[0], gid);
+    }
     /* Reached only on success */
     return EXIT_SUCCESS;

branches/2.2.9/mindi-busybox/loginutils/adduser.c

-              r1765
+              r2725
  * Copyright (C) 1999,2000,2001 by John Beppu <beppu@codepoet.org>
+ *
  * Licensed under the GPL v2 or later, see the file LICENSE in this tarball.
+ * Licensed under GPLv2 or later, see file LICENSE in this source tree.
  */
 #include "libbb.h"
+#if CONFIG_LAST_SYSTEM_ID < CONFIG_FIRST_SYSTEM_ID
+#error Bad LAST_SYSTEM_ID or FIRST_SYSTEM_ID in .config
+#endif
+/* #define OPT_HOME           (1 << 0) */ /* unused */
+/* #define OPT_GECOS          (1 << 1) */ /* unused */
+#define OPT_SHELL          (1 << 2)
+#define OPT_GID            (1 << 3)
 #define OPT_DONT_SET_PASS  (1 << 4)
+#define OPT_SYSTEM_ACCOUNT (1 << 5)
 #define OPT_DONT_MAKE_HOME (1 << 6)
+#define OPT_UID            (1 << 7)
+/* We assume UID_T_MAX == INT_MAX */
 /* remix */
+/* EDR recoded such that the uid may be passed in *p */
+static int passwd_study(const char *filename, struct passwd *p)
+{
+    enum { min = 500, max = 65000 };
+    FILE *passwd;
+    /* We are using reentrant fgetpwent_r() in order to avoid
+     * pulling in static buffers from libc (think static build here) */
+    char buffer[256];
+    struct passwd pw;
+    struct passwd *result;
+    passwd = xfopen(filename, "r");
+    /* EDR if uid is out of bounds, set to min */
+    if ((p->pw_uid > max) || (p->pw_uid < min))
+        p->pw_uid = min;
+    /* stuff to do:
+     * make sure login isn't taken;
+     * find free uid and gid;
+     */
+    while (!fgetpwent_r(passwd, &pw, buffer, sizeof(buffer), &result)) {
+        if (strcmp(pw.pw_name, p->pw_name) == 0) {
+            /* return 0; */
+            return 1;
+        }
+        if ((pw.pw_uid >= p->pw_uid) && (pw.pw_uid < max)
+            && (pw.pw_uid >= min)) {
+            p->pw_uid = pw.pw_uid + 1;
+        }
+    }
+    if (p->pw_gid == 0) {
+        /* EDR check for an already existing gid */
+        while (getgrgid(p->pw_uid) != NULL)
+            p->pw_uid++;
+        /* EDR also check for an existing group definition */
+        if (getgrnam(p->pw_name) != NULL)
+            return 3;
+        /* EDR create new gid always = uid */
+        p->pw_gid = p->pw_uid;
+    }
+    /* EDR bounds check */
+    if ((p->pw_uid > max) || (p->pw_uid < min))
+        return 2;
+    /* return 1; */
+    return 0;
+}
+static void addgroup_wrapper(struct passwd *p)
+/* recoded such that the uid may be passed in *p */
+static void passwd_study(struct passwd *p)
+{
+    int max = UINT_MAX;
+    if (getpwnam(p->pw_name)) {
+        bb_error_msg_and_die("%s '%s' in use", "user", p->pw_name);
+        /* this format string is reused in adduser and addgroup */
+    }
+    if (!(option_mask32 & OPT_UID)) {
+        if (option_mask32 & OPT_SYSTEM_ACCOUNT) {
+            p->pw_uid = CONFIG_FIRST_SYSTEM_ID;
+            max = CONFIG_LAST_SYSTEM_ID;
+        } else {
+            p->pw_uid = CONFIG_LAST_SYSTEM_ID + 1;
+            max = 64999;
+        }
+    }
+    /* check for a free uid (and maybe gid) */
+    while (getpwuid(p->pw_uid) || (p->pw_gid == (gid_t)-1 && getgrgid(p->pw_uid))) {
+        if (option_mask32 & OPT_UID) {
+            /* -u N, cannot pick uid other than N: error */
+            bb_error_msg_and_die("%s '%s' in use", "uid", itoa(p->pw_uid));
+            /* this format string is reused in adduser and addgroup */
+        }
+        if (p->pw_uid == max) {
+            bb_error_msg_and_die("no %cids left", 'u');
+        }
+        p->pw_uid++;
+    }
+    if (p->pw_gid == (gid_t)-1) {
+        p->pw_gid = p->pw_uid; /* new gid = uid */
+        if (getgrnam(p->pw_name)) {
+            bb_error_msg_and_die("%s '%s' in use", "group", p->pw_name);
+            /* this format string is reused in adduser and addgroup */
+        }
+    }
+}
+static void addgroup_wrapper(struct passwd *p, const char *group_name)
+{
     char *cmd;
+    cmd = xasprintf("addgroup -g %d \"%s\"", p->pw_gid, p->pw_name);
+    if (group_name) /* Add user to existing group */
+        cmd = xasprintf("addgroup '%s' '%s'", p->pw_name, group_name);
+    else    /* Add user to his own group with the first free gid found in passwd_study */
+        cmd = xasprintf("addgroup -g %u '%s'", (unsigned)p->pw_gid, p->pw_name);
+    /* Warning: to be compatible with external addgroup programs we should use --gid instead */
     system(cmd);
     free(cmd);
+}
 static void passwd_wrapper(const char *login) ATTRIBUTE_NORETURN;
+static void passwd_wrapper(const char *login) NORETURN;
 static void passwd_wrapper(const char *login)
+{
+    static const char prog[] ALIGN1 = "passwd";
+    BB_EXECLP(prog, prog, login, NULL);
+    bb_error_msg_and_die("failed to execute '%s', you must set the password for '%s' manually", prog, login);
+}
+/* putpwent(3) remix */
+static int adduser(struct passwd *p)
+{
+    FILE *file;
+    int addgroup = !p->pw_gid;
+    /* make sure everything is kosher and setup uid && gid */
+    file = xfopen(bb_path_passwd_file, "a");
+    fseek(file, 0, SEEK_END);
+    switch (passwd_study(bb_path_passwd_file, p)) {
+        case 1:
+            bb_error_msg_and_die("%s: login already in use", p->pw_name);
+        case 2:
+            bb_error_msg_and_die("illegal uid or no uids left");
+        case 3:
+            bb_error_msg_and_die("%s: group name already in use", p->pw_name);
+    }
+    /* add to passwd */
+    if (putpwent(p, file) == -1) {
+        bb_perror_nomsg_and_die();
+    }
+    /* Do fclose even if !ENABLE_FEATURE_CLEAN_UP.
+     * We will exec passwd, files must be flushed & closed before that! */
+    fclose(file);
+#if ENABLE_FEATURE_SHADOWPASSWDS
+    /* add to shadow if necessary */
+    file = fopen_or_warn(bb_path_shadow_file, "a");
+    if (file) {
+        fseek(file, 0, SEEK_END);
+        fprintf(file, "%s:!:%ld:%d:%d:%d:::\n",
+                p->pw_name,             /* username */
+                time(NULL) / 86400,     /* sp->sp_lstchg */
+,                      /* sp->sp_min */
+,                  /* sp->sp_max */
+);                     /* sp->sp_warn */
+        fclose(file);
+    }
+#endif
+    /* add to group */
+    /* addgroup should be responsible for dealing w/ gshadow */
+    /* if using a pre-existing group, don't create one */
+    if (addgroup) addgroup_wrapper(p);
+    /* Clear the umask for this process so it doesn't
+     * screw up the permissions on the mkdir and chown. */
+    umask(0);
+    if (!(option_mask32 & OPT_DONT_MAKE_HOME)) {
+        /* Set the owner and group so it is owned by the new user,
+           then fix up the permissions to 2755. Can't do it before
+           since chown will clear the setgid bit */
+        if (mkdir(p->pw_dir, 0755)
+        || chown(p->pw_dir, p->pw_uid, p->pw_gid)
+        || chmod(p->pw_dir, 02755)) {
+            bb_perror_msg("%s", p->pw_dir);
+        }
+    }
+    if (!(option_mask32 & OPT_DONT_SET_PASS)) {
+        /* interactively set passwd */
+        passwd_wrapper(p->pw_name);
+    }
+    return 0;
+}
+    BB_EXECLP("passwd", "passwd", login, NULL);
+    bb_error_msg_and_die("can't execute passwd, you must set password manually");
+}
+#if ENABLE_FEATURE_ADDUSER_LONG_OPTIONS
+static const char adduser_longopts[] ALIGN1 =
+        "home\0"                Required_argument "h"
+        "gecos\0"               Required_argument "g"
+        "shell\0"               Required_argument "s"
+        "ingroup\0"             Required_argument "G"
+        "disabled-password\0"   No_argument       "D"
+        "empty-password\0"      No_argument       "D"
+        "system\0"              No_argument       "S"
+        "no-create-home\0"      No_argument       "H"
+        "uid\0"                 Required_argument "u"
+        ;
+#endif
 /*
  * adduser will take a login_name as its first parameter.
+ *
+ * home
+ * shell
+ * gecos
+ *
+ * home, shell, gecos:
  * can be customized via command-line parameters.
  */
 int adduser_main(int argc, char **argv);
 int adduser_main(int argc, char **argv)
+int adduser_main(int argc, char **argv) MAIN_EXTERNALLY_VISIBLE;
+int adduser_main(int argc UNUSED_PARAM, char **argv)
+{
     struct passwd pw;
     const char *usegroup = NULL;
+    char *p;
+    unsigned opts;
+#if ENABLE_FEATURE_ADDUSER_LONG_OPTIONS
+    applet_long_options = adduser_longopts;
+#endif
     /* got root? */
 …
     /* exactly one non-option arg */
+    opt_complementary = "=1";
+    getopt32(argv, "h:g:s:G:DSH", &pw.pw_dir, &pw.pw_gecos, &pw.pw_shell, &usegroup);
+    /* disable interactive passwd for system accounts */
+    opt_complementary = "=1:SD:u+";
+    if (sizeof(pw.pw_uid) == sizeof(int)) {
+        opts = getopt32(argv, "h:g:s:G:DSHu:", &pw.pw_dir, &pw.pw_gecos, &pw.pw_shell, &usegroup, &pw.pw_uid);
+    } else {
+        unsigned uid;
+        opts = getopt32(argv, "h:g:s:G:DSHu:", &pw.pw_dir, &pw.pw_gecos, &pw.pw_shell, &usegroup, &uid);
+        if (opts & OPT_UID) {
+            pw.pw_uid = uid;
+        }
+    }
     argv += optind;
     /* create a passwd struct */
+    /* fill in the passwd struct */
     pw.pw_name = argv[0];
+    die_if_bad_username(pw.pw_name);
     if (!pw.pw_dir) {
         /* create string for $HOME if not specified already */
 …
+    }
     pw.pw_passwd = (char *)"x";
+    pw.pw_uid = 0;
+    pw.pw_gid = usegroup ? xgroup2gid(usegroup) : 0; /* exits on failure */
+    /* grand finale */
+    return adduser(&pw);
+}
+    if (opts & OPT_SYSTEM_ACCOUNT) {
+        if (!usegroup) {
+            usegroup = "nogroup";
+        }
+        if (!(opts & OPT_SHELL)) {
+            pw.pw_shell = (char *) "/bin/false";
+        }
+    }
+    pw.pw_gid = usegroup ? xgroup2gid(usegroup) : -1; /* exits on failure */
+    /* make sure everything is kosher and setup uid && maybe gid */
+    passwd_study(&pw);
+    p = xasprintf("x:%u:%u:%s:%s:%s",
+            (unsigned) pw.pw_uid, (unsigned) pw.pw_gid,
+            pw.pw_gecos, pw.pw_dir, pw.pw_shell);
+    if (update_passwd(bb_path_passwd_file, pw.pw_name, p, NULL) < 0) {
+        return EXIT_FAILURE;
+    }
+    if (ENABLE_FEATURE_CLEAN_UP)
+        free(p);
+#if ENABLE_FEATURE_SHADOWPASSWDS
+    /* /etc/shadow fields:
+     * 1. username
+     * 2. encrypted password
+     * 3. last password change (unix date (unix time/24*60*60))
+     * 4. minimum days required between password changes
+     * 5. maximum days password is valid
+     * 6. days before password is to expire that user is warned
+     * 7. days after password expires that account is disabled
+     * 8. unix date when login expires (i.e. when it may no longer be used)
+     */
+    /* fields:     2 3  4 5     6 78 */
+    p = xasprintf("!:%u:0:99999:7:::", (unsigned)(time(NULL)) / (24*60*60));
+    /* ignore errors: if file is missing we suppose admin doesn't want it */
+    update_passwd(bb_path_shadow_file, pw.pw_name, p, NULL);
+    if (ENABLE_FEATURE_CLEAN_UP)
+        free(p);
+#endif
+    /* add to group */
+    addgroup_wrapper(&pw, usegroup);
+    /* clear the umask for this process so it doesn't
+     * screw up the permissions on the mkdir and chown. */
+    umask(0);
+    if (!(opts & OPT_DONT_MAKE_HOME)) {
+        /* set the owner and group so it is owned by the new user,
+         * then fix up the permissions to 2755. Can't do it before
+         * since chown will clear the setgid bit */
+        int mkdir_err = mkdir(pw.pw_dir, 0755);
+        if (mkdir_err == 0) {
+            /* New home. Copy /etc/skel to it */
+            const char *args[] = {
+                "chown", "-R",
+                xasprintf("%u:%u", (int)pw.pw_uid, (int)pw.pw_gid),
+                pw.pw_dir, NULL
+            };
+            /* Be silent on any errors (like: no /etc/skel) */
+            logmode = LOGMODE_NONE;
+            copy_file("/etc/skel", pw.pw_dir, FILEUTILS_RECUR);
+            logmode = LOGMODE_STDIO;
+            chown_main(4, (char**)args);
+        }
+        if ((mkdir_err != 0 && errno != EEXIST)
+         || chown(pw.pw_dir, pw.pw_uid, pw.pw_gid) != 0
+         || chmod(pw.pw_dir, 02755) != 0 /* set setgid bit on homedir */
+        ) {
+            bb_simple_perror_msg(pw.pw_dir);
+        }
+    }
+    if (!(opts & OPT_DONT_SET_PASS)) {
+        /* interactively set passwd */
+        passwd_wrapper(pw.pw_name);
+    }
+    return EXIT_SUCCESS;
+}

branches/2.2.9/mindi-busybox/loginutils/chpasswd.c

-              r1765
+              r2725
+ *
  * Written for SLIND (from passwd.c) by Alexander Shishkin <virtuoso@slind.org>
  * Licensed under GPLv2 or later, see file LICENSE in this tarball for details.
+ * Licensed under GPLv2 or later, see file LICENSE in this source tree.
  */
 #include "libbb.h"
+#if ENABLE_GETOPT_LONG
+#include <getopt.h>
+#if ENABLE_LONG_OPTS
 static const char chpasswd_longopts[] ALIGN1 =
     "encrypted\0" No_argument "e"
 …
 #endif
 #define OPT_ENC     1
 #define OPT_MD5     2
+#define OPT_ENC  1
+#define OPT_MD5  2
 int chpasswd_main(int argc, char **argv);
 int chpasswd_main(int argc, char **argv)
+int chpasswd_main(int argc, char **argv) MAIN_EXTERNALLY_VISIBLE;
+int chpasswd_main(int argc UNUSED_PARAM, char **argv)
+{
     char *name, *pass;
 …
     opt_complementary = "m--e:e--m";
     USE_GETOPT_LONG(applet_long_options = chpasswd_longopts;)
+    IF_LONG_OPTS(applet_long_options = chpasswd_longopts;)
     opt = getopt32(argv, "em");
     while ((name = xmalloc_getline(stdin)) != NULL) {
+    while ((name = xmalloc_fgetline(stdin)) != NULL) {
         pass = strchr(name, ':');
         if (!pass)
 …
                 rnd = crypt_make_salt(salt + 3, 4, rnd);
+            }
             pass = pw_encrypt(pass, salt);
+            pass = pw_encrypt(pass, salt, 0);
+        }
 …
          * we try to find & change his passwd in /etc/passwd */
 #if ENABLE_FEATURE_SHADOWPASSWDS
         rc = update_passwd(bb_path_shadow_file, name, pass);
+        rc = update_passwd(bb_path_shadow_file, name, pass, NULL);
         if (rc == 0) /* no lines updated, no errors detected */
 #endif
             rc = update_passwd(bb_path_passwd_file, name, pass);
+            rc = update_passwd(bb_path_passwd_file, name, pass, NULL);
         /* LOGMODE_BOTH logs to syslog also */
         logmode = LOGMODE_BOTH;
 …
         logmode = LOGMODE_STDIO;
         free(name);
+        if (!(opt & OPT_ENC))
+            free(pass);
+    }
+    return 0;
+    return EXIT_SUCCESS;
+}

branches/2.2.9/mindi-busybox/loginutils/cryptpw.c

-              r1765
+              r2725
 /* vi: set sw=4 ts=4: */
 /*
+ * cryptpw.c
+ * cryptpw.c - output a crypt(3)ed password to stdout.
+ *
+ * Licensed under GPLv2 or later, see file LICENSE in this source tree.
+ *
  * Cooked from passwd.c by Thomas Lundquist <thomasez@zelow.no>
+ * mkpasswd compatible options added by Bernhard Reutner-Fischer
+ *
+ * Licensed under GPLv2, see file LICENSE in this source tree.
  */
 #include "libbb.h"
+int cryptpw_main(int argc, char **argv);
+int cryptpw_main(int argc, char **argv)
+/* Debian has 'mkpasswd' utility, manpage says:
+NAME
+    mkpasswd - Overfeatured front end to crypt(3)
+SYNOPSIS
+    mkpasswd PASSWORD SALT
+...
+OPTIONS
+-S, --salt=STRING
+    Use the STRING as salt. It must not  contain  prefixes  such  as
+    $1$.
+-R, --rounds=NUMBER
+    Use NUMBER rounds. This argument is ignored if the method
+    choosen does not support variable rounds. For the OpenBSD Blowfish
+    method this is the logarithm of the number of rounds.
+-m, --method=TYPE
+    Compute the password using the TYPE method. If TYPE is 'help'
+    then the available methods are printed.
+-P, --password-fd=NUM
+    Read the password from file descriptor NUM instead of using getpass(3).
+    If the file descriptor is not connected to a tty then
+    no other message than the hashed password is printed on stdout.
+-s, --stdin
+    Like --password-fd=0.
+ENVIRONMENT
+    $MKPASSWD_OPTIONS
+    A list of options which will be evaluated before the ones
+    specified on the command line.
+BUGS
+    This programs suffers of a bad case of featuritis.
+    ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+Very true...
+cryptpw was in bbox before this gem, so we retain it, and alias mkpasswd
+to cryptpw. -a option (alias for -m) came from cryptpw.
+*/
+int cryptpw_main(int argc, char **argv) MAIN_EXTERNALLY_VISIBLE;
+int cryptpw_main(int argc UNUSED_PARAM, char **argv)
+{
+    char salt[sizeof("$N$XXXXXXXX")];
+    /* $N$ + sha_salt_16_bytes + NUL */
+    char salt[3 + 16 + 1];
+    char *salt_ptr;
+    const char *opt_m, *opt_S;
+    int len;
+    int fd;
+    if (!getopt32(argv, "a:", NULL) || argv[optind - 1][0] != 'd') {
+        strcpy(salt, "$1$");
+        /* Too ugly, and needs even more magic to handle endianness: */
+        //((uint32_t*)&salt)[0] = '$' + '1'*0x100 + '$'*0x10000;
+        /* Hope one day gcc will do it itself (inlining strcpy) */
+        crypt_make_salt(salt + 3, 4, 0); /* md5 */
+    } else {
+        crypt_make_salt(salt, 1, 0);     /* des */
+#if ENABLE_LONG_OPTS
+    static const char mkpasswd_longopts[] ALIGN1 =
+        "stdin\0"       No_argument       "s"
+        "password-fd\0" Required_argument "P"
+        "salt\0"        Required_argument "S"
+        "method\0"      Required_argument "m"
+    ;
+    applet_long_options = mkpasswd_longopts;
+#endif
+    fd = STDIN_FILENO;
+    opt_m = "d";
+    opt_S = NULL;
+    /* at most two non-option arguments; -P NUM */
+    opt_complementary = "?2:P+";
+    getopt32(argv, "sP:S:m:a:", &fd, &opt_S, &opt_m, &opt_m);
+    argv += optind;
+    /* have no idea how to handle -s... */
+    if (argv[0] && !opt_S)
+        opt_S = argv[1];
+    len = 2/2;
+    salt_ptr = salt;
+    if (opt_m[0] != 'd') { /* not des */
+        len = 8/2; /* so far assuming md5 */
+        *salt_ptr++ = '$';
+        *salt_ptr++ = '1';
+        *salt_ptr++ = '$';
+#if !ENABLE_USE_BB_CRYPT || ENABLE_USE_BB_CRYPT_SHA
+        if (opt_m[0] == 's') { /* sha */
+            salt[1] = '5' + (strcmp(opt_m, "sha512") == 0);
+            len = 16/2;
+        }
+#endif
+    }
+    if (opt_S)
+        safe_strncpy(salt_ptr, opt_S, sizeof(salt) - 3);
+    else
+        crypt_make_salt(salt_ptr, len, 0);
     puts(pw_encrypt(argv[optind] ? argv[optind] : xmalloc_getline(stdin), salt));
+    xmove_fd(fd, STDIN_FILENO);
+    return 0;
+    puts(pw_encrypt(
+        argv[0] ? argv[0] : (
+            /* Only mkpasswd, and only from tty, prompts.
+             * Otherwise it is a plain read. */
+            (isatty(STDIN_FILENO) && applet_name[0] == 'm')
+            ? bb_ask_stdin("Password: ")
+            : xmalloc_fgetline(stdin)
+        ),
+        salt, 1));
+    return EXIT_SUCCESS;
+}

branches/2.2.9/mindi-busybox/loginutils/deluser.c

-              r1765
+              r2725
  * Copyright (C) 2007 by Tito Ragusa <farmatito@tiscali.it>
+ *
  * Licensed under GPL version 2, see file LICENSE in this tarball for details.
+ * Licensed under GPLv2, see file LICENSE in this source tree.
+ *
  */
 #include "libbb.h"
+/* Status */
+#define STATUS_OK            0
+#define NAME_NOT_FOUND       1
+#define MEMBER_NOT_FOUND     2
+int deluser_main(int argc, char **argv) MAIN_EXTERNALLY_VISIBLE;
+int deluser_main(int argc, char **argv)
+{
+    /* User or group name */
+    char *name;
+    /* Username (non-NULL only in "delgroup USER GROUP" case) */
+    char *member;
+    /* Name of passwd or group file */
+    const char *pfile;
+    /* Name of shadow or gshadow file */
+    const char *sfile;
+    /* Are we deluser or delgroup? */
+    int do_deluser = (ENABLE_DELUSER && (!ENABLE_DELGROUP || applet_name[3] == 'u'));
+static void del_line_matching(char **args,
+        const char *filename,
+        FILE *(*fopen_func)(const char *fileName, const char *mode))
+{
+    FILE *passwd;
+    smallint error = NAME_NOT_FOUND;
+    char *name = (ENABLE_FEATURE_DEL_USER_FROM_GROUP && args[2]) ? args[2] : args[1];
+    char *line, *del;
+    char *new = xzalloc(1);
+    if (geteuid() != 0)
+        bb_error_msg_and_die(bb_msg_perm_denied_are_you_root);
+    passwd = fopen_func(filename, "r");
+    if (passwd) {
+        while ((line = xmalloc_fgets(passwd))) {
+            int len = strlen(name);
+    name = argv[1];
+    member = NULL;
+            if (strncmp(line, name, len) == 0
+             && line[len] == ':'
+            ) {
+                error = STATUS_OK;
+                if (ENABLE_FEATURE_DEL_USER_FROM_GROUP) {
+                    struct group *gr;
+                    char *p;
+                    if (args[2]
+                     /* There were two args on commandline */
+                     && (gr = getgrnam(name))
+                     /* The group was not deleted in the meanwhile */
+                     && (p = strrchr(line, ':'))
+                     /* We can find a pointer to the last ':' */
+                    ) {
+                        error = MEMBER_NOT_FOUND;
+                        /* Move past ':' (worst case to '\0') and cut the line */
+                        p[1] = '\0';
+                        /* Reuse p */
+                        for (p = xzalloc(1); *gr->gr_mem != NULL; gr->gr_mem++) {
+                            /* Add all the other group members */
+                            if (strcmp(args[1], *gr->gr_mem) != 0) {
+                                del = p;
+                                p = xasprintf("%s%s%s", p, p[0] ? "," : "", *gr->gr_mem);
+                                free(del);
+                            } else
+                                error = STATUS_OK;
+                        }
+                        /* Recompose the line */
+                        line = xasprintf("%s%s\n", line, p);
+                        if (ENABLE_FEATURE_CLEAN_UP) free(p);
+                    } else
+                        goto skip;
+    switch (argc) {
+    case 3:
+        if (!ENABLE_FEATURE_DEL_USER_FROM_GROUP || do_deluser)
+            break;
+        /* It's "delgroup USER GROUP" */
+        member = name;
+        name = argv[2];
+        /* Fallthrough */
+    case 2:
+        if (do_deluser) {
+            /* "deluser USER" */
+            xgetpwnam(name); /* bail out if USER is wrong */
+            pfile = bb_path_passwd_file;
+            if (ENABLE_FEATURE_SHADOWPASSWDS)
+                sfile = bb_path_shadow_file;
+        } else {
+            struct group *gr;
+ do_delgroup:
+            /* "delgroup GROUP" or "delgroup USER GROUP" */
+            if (do_deluser < 0) { /* delgroup after deluser? */
+                gr = getgrnam(name);
+                if (!gr)
+                    return EXIT_SUCCESS;
+            } else {
+                gr = xgetgrnam(name); /* bail out if GROUP is wrong */
+            }
+            if (!member) {
+                /* "delgroup GROUP" */
+                struct passwd *pw;
+                struct passwd pwent;
+                /* Check if the group is in use */
+#define passwd_buf bb_common_bufsiz1
+                while (!getpwent_r(&pwent, passwd_buf, sizeof(passwd_buf), &pw)) {
+                    if (pwent.pw_gid == gr->gr_gid)
+                        bb_error_msg_and_die("'%s' still has '%s' as their primary group!", pwent.pw_name, name);
+                }
+                //endpwent();
+            }
+            del = new;
+            new = xasprintf("%s%s", new, line);
+            free(del);
+ skip:
+            free(line);
+            pfile = bb_path_group_file;
+            if (ENABLE_FEATURE_SHADOWPASSWDS)
+                sfile = bb_path_gshadow_file;
+        }
+        if (ENABLE_FEATURE_CLEAN_UP) fclose(passwd);
+        /* Modify pfile, then sfile */
+        do {
+            if (update_passwd(pfile, name, NULL, member) == -1)
+                return EXIT_FAILURE;
+            if (ENABLE_FEATURE_SHADOWPASSWDS) {
+                pfile = sfile;
+                sfile = NULL;
+            }
+        } while (ENABLE_FEATURE_SHADOWPASSWDS && pfile);
+        if (error) {
+            if (ENABLE_FEATURE_DEL_USER_FROM_GROUP && error == MEMBER_NOT_FOUND) {
+                /* Set the correct values for error message */
+                filename = name;
+                name = args[1];
+            }
+            bb_error_msg("can't find %s in %s", name, filename);
+        } else {
+            passwd = fopen_func(filename, "w");
+            if (passwd) {
+                fputs(new, passwd);
+                if (ENABLE_FEATURE_CLEAN_UP) fclose(passwd);
+            }
+        if (ENABLE_DELGROUP && do_deluser > 0) {
+            /* "deluser USER" also should try to delete
+             * same-named group. IOW: do "delgroup USER"
+             */
+// On debian deluser is a perl script that calls userdel.
+// From man userdel:
+//  If USERGROUPS_ENAB is defined to yes in /etc/login.defs, userdel will
+//  delete the group with the same name as the user.
+            do_deluser = -1;
+            goto do_delgroup;
+        }
+        return EXIT_SUCCESS;
+    }
+    free(new);
+    /* Reached only if number of command line args is wrong */
+    bb_show_usage();
+}
-int deluser_main(int argc, char **argv);
-int deluser_main(int argc, char **argv)
+{
-    if (argc == 2
-     || (ENABLE_FEATURE_DEL_USER_FROM_GROUP
-        && (applet_name[3] == 'g' && argc == 3))
-    ) {
-        if (geteuid())
-            bb_error_msg_and_die(bb_msg_perm_denied_are_you_root);
-        if ((ENABLE_FEATURE_DEL_USER_FROM_GROUP && argc != 3)
-         || ENABLE_DELUSER
-         || (ENABLE_DELGROUP && ENABLE_DESKTOP)
-        ) {
-            if (ENABLE_DELUSER
-             && (!ENABLE_DELGROUP || applet_name[3] == 'u')
-            ) {
-                del_line_matching(argv, bb_path_passwd_file, xfopen);
-                if (ENABLE_FEATURE_SHADOWPASSWDS)
-                    del_line_matching(argv, bb_path_shadow_file, fopen_or_warn);
-            } else if (ENABLE_DESKTOP && ENABLE_DELGROUP && getpwnam(argv[1]))
-                bb_error_msg_and_die("can't remove primary group of user %s", argv[1]);
+        }
-        del_line_matching(argv, bb_path_group_file, xfopen);
-        if (ENABLE_FEATURE_SHADOWPASSWDS)
-            del_line_matching(argv, bb_path_gshadow_file, fopen_or_warn);
-        return EXIT_SUCCESS;
-    } else
-        bb_show_usage();
+}

branches/2.2.9/mindi-busybox/loginutils/getty.c

-              r1765
+              r2725
  * option added by Eric Rasmussen <ear@usfirst.org> - 12/28/95
+ *
  * 1999-02-22 Arkadiusz Mi¶kiewicz <misiek@misiek.eu.org>
+ * 1999-02-22 Arkadiusz Mickiewicz <misiek@misiek.eu.org>
  * - added Native Language Support
+ *
  * 1999-05-05 Thorsten Kranzkowski <dl8bcu@gmx.net>
  * - enable hardware flow control before displaying /etc/issue
+ *
+ * Licensed under GPLv2 or later, see file LICENSE in this tarball for details.
+ *
+ * Licensed under GPLv2 or later, see file LICENSE in this source tree.
  */
 …
 #if ENABLE_FEATURE_UTMP
+#include <utmp.h>
+# include <utmp.h> /* LOGIN_PROCESS */
+#endif
+#ifndef IUCLC
+# define IUCLC 0
 #endif
 …
  */
 #ifdef LOGIN_PROCESS                    /* defined in System V utmp.h */
-#define SYSV_STYLE                      /* select System V style getty */
 #include <sys/utsname.h>
 #include <time.h>
 #if ENABLE_FEATURE_WTMP
+extern void updwtmp(const char *filename, const struct utmp *ut);
+static void update_utmp(const char *line);
 #endif
+#else /* if !sysV style, wtmp/utmp code is off */
+#undef ENABLE_FEATURE_UTMP
+#undef ENABLE_FEATURE_WTMP
+#define ENABLE_FEATURE_UTMP 0
+#define ENABLE_FEATURE_WTMP 0
 #endif  /* LOGIN_PROCESS */
 …
 /* I doubt there are systems which still need this */
 #undef HANDLE_ALLCAPS
+#undef ANCIENT_BS_KILL_CHARS
 #define _PATH_LOGIN "/bin/login"
 …
 /* Some shorthands for control characters. */
 #define CTL(x)          (x ^ 0100)      /* Assumes ASCII dialect */
+#define CTL(x)          ((x) ^ 0100)    /* Assumes ASCII dialect */
 #define CR              CTL('M')        /* carriage return */
 #define NL              CTL('J')        /* line feed */
 …
  * we will try is the first one specified.
  */
 #define FIRST_SPEED     0
+#define MAX_SPEED       10              /* max. nr. of baud rates */
 /* Storage for command-line options. */
-#define MAX_SPEED       10              /* max. nr. of baud rates */
 struct options {
     int flags;                      /* toggle switches, see below */
     unsigned timeout;               /* time-out period */
     const char *login;                    /* login program */
     const char *tty;                      /* name of tty */
     const char *initstring;               /* modem init string */
     const char *issue;                    /* alternative issue file */
+    const char *login;              /* login program */
+    const char *tty;                /* name of tty */
+    const char *initstring;         /* modem init string */
+    const char *issue;              /* alternative issue file */
     int numspeed;                   /* number of baud rates to try */
     int speeds[MAX_SPEED];          /* baud rates to be tried */
 };
-static const char opt_string[] ALIGN1 = "I:LH:f:hil:mt:wn";
-#define F_INITSTRING    (1<<0)          /* initstring is set */
-#define F_LOCAL         (1<<1)          /* force local */
-#define F_FAKEHOST      (1<<2)          /* force fakehost */
-#define F_CUSTISSUE     (1<<3)          /* give alternative issue file */
-#define F_RTSCTS        (1<<4)          /* enable RTS/CTS flow control */
-#define F_ISSUE         (1<<5)          /* display /etc/issue */
-#define F_LOGIN         (1<<6)          /* non-default login program */
-#define F_PARSE         (1<<7)          /* process modem status messages */
-#define F_TIMEOUT       (1<<8)          /* time out */
-#define F_WAITCRLF      (1<<9)          /* wait for CR or LF */
-#define F_NOPROMPT      (1<<10)         /* don't ask for login name! */
 /* Storage for things detected while the login name was read. */
 …
     unsigned char eol;      /* end-of-line character */
     unsigned char parity;   /* what parity did we see */
+    /* (parity & 1): saw odd parity char with 7th bit set */
+    /* (parity & 2): saw even parity char with 7th bit set */
+    /* parity == 0: probably 7-bit, space parity? */
+    /* parity == 1: probably 7-bit, odd parity? */
+    /* parity == 2: probably 7-bit, even parity? */
+    /* parity == 3: definitely 8 bit, no parity! */
+    /* Hmm... with any value of "parity" 8 bit, no parity is possible */
 #ifdef HANDLE_ALLCAPS
     unsigned char capslock; /* upper case without lower case */
 #endif
 };
 /* Initial values for the above. */
 …
 };
+static const char opt_string[] ALIGN1 = "I:LH:f:hil:mt:wn";
+#define F_INITSTRING    (1 << 0)        /* -I initstring is set */
+#define F_LOCAL         (1 << 1)        /* -L force local */
+#define F_FAKEHOST      (1 << 2)        /* -H fake hostname */
+#define F_CUSTISSUE     (1 << 3)        /* -f give alternative issue file */
+#define F_RTSCTS        (1 << 4)        /* -h enable RTS/CTS flow control */
+#define F_ISSUE         (1 << 5)        /* -i display /etc/issue */
+#define F_LOGIN         (1 << 6)        /* -l non-default login program */
+#define F_PARSE         (1 << 7)        /* -m process modem status messages */
+#define F_TIMEOUT       (1 << 8)        /* -t time out */
+#define F_WAITCRLF      (1 << 9)        /* -w wait for CR or LF */
+#define F_NOPROMPT      (1 << 10)       /* -n don't ask for login name */
+#define line_buf bb_common_bufsiz1
 /* The following is used for understandable diagnostics. */
-/* Fake hostname for ut_host specified on command line. */
-static char *fakehost = NULL;
-/* ... */
 #ifdef DEBUGGING
+#define debug(s) fprintf(dbf,s); fflush(dbf)
+static FILE *dbf;
 #define DEBUGTERM "/dev/ttyp0"
+static FILE *dbf;
+#define debug(...) do { fprintf(dbf, __VA_ARGS__); fflush(dbf); } while (0)
 #else
 #define debug(s) /* nothing */
 #endif
 /* bcode - convert speed string to speed code; return 0 on failure */
+#define debug(...) ((void)0)
+#endif
+/* bcode - convert speed string to speed code; return <= 0 on failure */
 static int bcode(const char *s)
+{
+    int r;
+    unsigned value = bb_strtou(s, NULL, 10);
+    if (errno) {
+        return -1;
+    }
+    r = tty_value_to_baud(value);
+    if (r > 0) {
+        return r;
+    }
+    return 0;
+}
+    int value = bb_strtou(s, NULL, 10); /* yes, int is intended! */
+    if (value < 0) /* bad terminating char, overflow, etc */
+        return value;
+    return tty_value_to_baud(value);
+}
 /* parse_speeds - parse alternate baud rates */
 …
     char *cp;
+    /* NB: at least one iteration is always done */
     debug("entered parse_speeds\n");
+    for (cp = strtok(arg, ","); cp != 0; cp = strtok((char *) 0, ",")) {
+        if ((op->speeds[op->numspeed++] = bcode(cp)) <= 0)
+    while ((cp = strsep(&arg, ",")) != NULL) {
+        op->speeds[op->numspeed] = bcode(cp);
+        if (op->speeds[op->numspeed] < 0)
             bb_error_msg_and_die("bad speed: %s", cp);
+        /* note: arg "0" turns into speed B0 */
+        op->numspeed++;
         if (op->numspeed > MAX_SPEED)
             bb_error_msg_and_die("too many alternate speeds");
+    }
+    debug("exiting parsespeeds\n");
+}
+    debug("exiting parse_speeds\n");
+}
 /* parse_args - parse command-line arguments */
 static void parse_args(int argc, char **argv, struct options *op)
+static void parse_args(char **argv, struct options *op, char **fakehost_p)
+{
     char *ts;
+    opt_complementary = "-2:t+"; /* at least 2 args; -t N */
     op->flags = getopt32(argv, opt_string,
+        &(op->initstring), &fakehost, &(op->issue),
+        &(op->login), &ts);
+        &(op->initstring), fakehost_p, &(op->issue),
+        &(op->login), &op->timeout);
+    argv += optind;
     if (op->flags & F_INITSTRING) {
+        const char *p = op->initstring;
+        char *q;
+        op->initstring = q = xstrdup(op->initstring);
+        /* copy optarg into op->initstring decoding \ddd
+           octal codes into chars */
+        while (*p) {
+            if (*p == '\\') {
+                p++;
+                *q++ = bb_process_escape_sequence(&p);
+            } else {
+                *q++ = *p++;
+            }
+        }
+        *q = '\0';
+    }
+    op->flags ^= F_ISSUE;           /* revert flag show /etc/issue */
+    if (op->flags & F_TIMEOUT) {
+        op->timeout = xatoul_range(ts, 1, INT_MAX);
+    }
+    argv += optind;
+    argc -= optind;
+    debug("after getopt loop\n");
+    if (argc < 2)          /* check parameter count */
+        bb_show_usage();
+        op->initstring = xstrdup(op->initstring);
+        /* decode \ddd octal codes into chars */
+        strcpy_and_process_escape_sequences((char*)op->initstring, op->initstring);
+    }
+    op->flags ^= F_ISSUE;           /* invert flag "show /etc/issue" */
+    debug("after getopt\n");
     /* we loosen up a bit and accept both "baudrate tty" and "tty baudrate" */
+    op->tty = argv[0];      /* tty name */
+    ts = argv[1];           /* baud rate(s) */
     if (isdigit(argv[0][0])) {
         /* a number first, assume it's a speed (BSD style) */
+        parse_speeds(op, argv[0]);       /* baud rate(s) */
+        op->tty = argv[1]; /* tty name */
+    } else {
+        op->tty = argv[0];       /* tty name */
+        parse_speeds(op, argv[1]); /* baud rate(s) */
+    }
+        op->tty = ts;   /* tty name is in argv[1] */
+        ts = argv[0];   /* baud rate(s) */
+    }
+    parse_speeds(op, ts);
+    applet_name = xasprintf("getty: %s", op->tty);
     if (argv[2])
         setenv("TERM", argv[2], 1);
     debug("exiting parseargs\n");
+        xsetenv("TERM", argv[2]);
+    debug("exiting parse_args\n");
+}
 /* open_tty - set up tty as standard { input, output, error } */
+static void open_tty(const char *tty, struct termios *tp, int local)
+{
+    int chdir_to_root = 0;
+static void open_tty(const char *tty)
+{
     /* Set up new standard input, unless we are given an already opened port. */
     if (NOT_LONE_DASH(tty)) {
+        struct stat st;
+        int fd;
+//      struct stat st;
+//      int cur_dir_fd;
+//      int fd;
         /* Sanity checks... */
+        xchdir("/dev");
+        chdir_to_root = 1;
+        xstat(tty, &st);
+        if ((st.st_mode & S_IFMT) != S_IFCHR)
+            bb_error_msg_and_die("%s: not a character device", tty);
+//      cur_dir_fd = xopen(".", O_DIRECTORY | O_NONBLOCK);
+//      xchdir("/dev");
+//      xstat(tty, &st);
+//      if (!S_ISCHR(st.st_mode))
+//          bb_error_msg_and_die("not a character device");
+        if (tty[0] != '/')
+            tty = xasprintf("/dev/%s", tty); /* will leak it */
         /* Open the tty as standard input. */
         debug("open(2)\n");
+        fd = xopen(tty, O_RDWR | O_NONBLOCK);
+        xdup2(fd, 0);
+        while (fd > 2)
+            close(fd--);
+        close(0);
+        /*fd =*/ xopen(tty, O_RDWR | O_NONBLOCK); /* uses fd 0 */
+//      /* Restore current directory */
+//      fchdir(cur_dir_fd);
+        /* Open the tty as standard input, continued */
+//      xmove_fd(fd, 0);
+//      /* fd is >= cur_dir_fd, and cur_dir_fd gets closed too here: */
+//      while (fd > 2)
+//          close(fd--);
+        /* Set proper protections and ownership. */
+        fchown(0, 0, 0);        /* 0:0 */
+        fchmod(0, 0620);        /* crw--w---- */
     } else {
         /*
 …
             bb_error_msg_and_die("stdin is not open for read/write");
+    }
-    /* Replace current standard output/error fd's with new ones */
-    debug("duping\n");
-    xdup2(0, 1);
-    xdup2(0, 2);
-    /*
-     * The following ioctl will fail if stdin is not a tty, but also when
-     * there is noise on the modem control lines. In the latter case, the
-     * common course of action is (1) fix your cables (2) give the modem more
-     * time to properly reset after hanging up. SunOS users can achieve (2)
-     * by patching the SunOS kernel variable "zsadtrlow" to a larger value;
-     * 5 seconds seems to be a good value.
-     */
-    ioctl_or_perror_and_die(0, TCGETS, tp, "%s: TCGETS", tty);
-    /*
-     * It seems to be a terminal. Set proper protections and ownership. Mode
-     * 0622 is suitable for SYSV <4 because /bin/login does not change
-     * protections. SunOS 4 login will change the protections to 0620 (write
-     * access for group tty) after the login has succeeded.
-     */
-#ifdef DEBIAN
-#warning Debian /dev/vcs[a]NN hack is deprecated and will be removed
+    {
-        /* tty to root.dialout 660 */
-        struct group *gr;
-        int id;
-        gr = getgrnam("dialout");
-        id = gr ? gr->gr_gid : 0;
-        chown(tty, 0, id);
-        chmod(tty, 0660);
-        /* vcs,vcsa to root.sys 600 */
-        if (!strncmp(tty, "tty", 3) && isdigit(tty[3])) {
-            char *vcs, *vcsa;
-            vcs = xstrdup(tty);
-            vcsa = xmalloc(strlen(tty) + 2);
-            strcpy(vcs, "vcs");
-            strcpy(vcs + 3, tty + 3);
-            strcpy(vcsa, "vcsa");
-            strcpy(vcsa + 4, tty + 3);
-            gr = getgrnam("sys");
-            id = gr ? gr->gr_gid : 0;
-            chown(vcs, 0, id);
-            chmod(vcs, 0600);
-            chown(vcsa, 0, id);
-            chmod(vcs, 0600);
-            free(vcs);
-            free(vcsa);
+        }
+    }
-#else
-    if (NOT_LONE_DASH(tty)) {
-        chown(tty, 0, 0);        /* 0:0 */
-        chmod(tty, 0622);        /* crw--w--w- */
+    }
-#endif
-    if (chdir_to_root)
-        xchdir("/");
+}
 …
 static void termios_init(struct termios *tp, int speed, struct options *op)
+{
+    speed_t ispeed, ospeed;
     /*
      * Initial termios settings: 8-bit characters, raw-mode, blocking i/o.
 …
      * later on.
      */
-#ifdef __linux__
     /* flush input and output queues, important for modems! */
+    ioctl(0, TCFLSH, TCIOFLUSH);
+#endif
+    tp->c_cflag = CS8 | HUPCL | CREAD | speed;
+    if (op->flags & F_LOCAL) {
+    tcflush(0, TCIOFLUSH);
+    ispeed = ospeed = speed;
+    if (speed == B0) {
+        /* Speed was specified as "0" on command line.
+         * Just leave it unchanged */
+        ispeed = cfgetispeed(tp);
+        ospeed = cfgetospeed(tp);
+    }
+    tp->c_cflag = CS8 | HUPCL | CREAD;
+    if (op->flags & F_LOCAL)
         tp->c_cflag |= CLOCAL;
+    }
+    tp->c_iflag = tp->c_lflag = tp->c_line = 0;
+    cfsetispeed(tp, ispeed);
+    cfsetospeed(tp, ospeed);
+    tp->c_iflag = tp->c_lflag = 0;
     tp->c_oflag = OPOST | ONLCR;
     tp->c_cc[VMIN] = 1;
     tp->c_cc[VTIME] = 0;
+#ifdef __linux__
+    tp->c_line = 0;
+#endif
     /* Optionally enable hardware flow control */
+#ifdef  CRTSCTS
+#ifdef CRTSCTS
     if (op->flags & F_RTSCTS)
         tp->c_cflag |= CRTSCTS;
 #endif
+    ioctl(0, TCSETS, tp);
+    /* go to blocking input even in local mode */
+    ndelay_off(0);
+    tcsetattr_stdin_TCSANOW(tp);
     debug("term_io 2\n");
 …
      * be dealt with later on.
      */
     iflag = tp->c_iflag;
     tp->c_iflag |= ISTRIP;          /* enable 8th-bit stripping */
     vmin = tp->c_cc[VMIN];
     tp->c_cc[VMIN] = 0;                     /* don't block if queue empty */
     ioctl(0, TCSETS, tp);
+    tp->c_cc[VMIN] = 0;             /* don't block if queue empty */
+    tcsetattr_stdin_TCSANOW(tp);
     /*
 …
      * try to extract the speed of the dial-in call.
      */
     sleep(1);
     nread = read(0, buf, size_buf - 1);
+    nread = safe_read(STDIN_FILENO, buf, size_buf - 1);
     if (nread > 0) {
         buf[nread] = '\0';
         for (bp = buf; bp < buf + nread; bp++) {
             if (isascii(*bp) && isdigit(*bp)) {
+            if (isdigit(*bp)) {
                 speed = bcode(bp);
+                if (speed) {
+                    tp->c_cflag &= ~CBAUD;
+                    tp->c_cflag |= speed;
+                }
+                if (speed > 0)
+                    cfsetspeed(tp, speed);
                 break;
+            }
+        }
+    }
     /* Restore terminal settings. Errors will be dealt with later on. */
     tp->c_iflag = iflag;
     tp->c_cc[VMIN] = vmin;
+    ioctl(0, TCSETS, tp);
+}
+/* next_speed - select next baud rate */
+static void next_speed(struct termios *tp, struct options *op)
+{
+    static int baud_index = FIRST_SPEED;    /* current speed index */
+    baud_index = (baud_index + 1) % op->numspeed;
+    tp->c_cflag &= ~CBAUD;
+    tp->c_cflag |= op->speeds[baud_index];
+    ioctl(0, TCSETS, tp);
+}
+    tcsetattr_stdin_TCSANOW(tp);
+}
 /* do_prompt - show login prompt, optionally preceded by /etc/issue contents */
 static void do_prompt(struct options *op, struct termios *tp)
+static void do_prompt(struct options *op)
+{
 #ifdef ISSUE
 …
 #ifdef HANDLE_ALLCAPS
 /* caps_lock - string contains upper case without lower case */
+/* all_is_upcase - string contains upper case without lower case */
 /* returns 1 if true, 0 if false */
 static int caps_lock(const char *s)
+static int all_is_upcase(const char *s)
+{
     while (*s)
 …
 #endif
 /* get_logname - get user name, establish parity, speed, erase, kill, eol */
 /* return NULL on failure, logname on success */
+/* get_logname - get user name, establish parity, speed, erase, kill, eol;
+ * return NULL on BREAK, logname on success */
 static char *get_logname(char *logname, unsigned size_logname,
         struct options *op, struct chardata *cp, struct termios *tp)
+        struct options *op, struct chardata *cp)
+{
     char *bp;
     char c;             /* input character, full eight bits */
+    char c;                         /* input character, full eight bits */
     char ascval;                    /* low 7 bits of input character */
     int bits;                       /* # of "1" bits per character */
     int mask;                       /* mask with 1 bit up */
     static const char erase[][3] = {    /* backspace-space-backspace */
+    static const char erase[][3] = {/* backspace-space-backspace */
         "\010\040\010",                 /* space parity */
         "\010\040\010",                 /* odd parity */
         "\210\240\210",                 /* even parity */
         "\210\240\210",                 /* no parity */
+        "\010\040\010",                 /* 8 bit no parity */
     };
+    /* Initialize kill, erase, parity etc. (also after switching speeds). */
+    *cp = init_chardata;
+    /* NB: *cp is pre-initialized with init_chardata */
     /* Flush pending input (esp. after parsing or switching the baud rate). */
     sleep(1);
     ioctl(0, TCFLSH, TCIFLUSH);
+    tcflush(0, TCIOFLUSH);
     /* Prompt for and read a login name. */
     logname[0] = '\0';
     while (!logname[0]) {
         /* Write issue file and prompt, with "parity" bit == 0. */
+        do_prompt(op, tp);
+        do_prompt(op);
         /* Read name, watch for break, parity, erase, kill, end-of-line. */
         bp = logname;
         cp->eol = '\0';
 …
             /* Do not report trivial EINTR/EIO errors. */
+            if (read(0, &c, 1) < 1) {
+            errno = EINTR; /* make read of 0 bytes be silent too */
+            if (read(STDIN_FILENO, &c, 1) < 1) {
                 if (errno == EINTR || errno == EIO)
                     exit(0);
                 bb_perror_msg_and_die("%s: read", op->tty);
+                    exit(EXIT_SUCCESS);
+                bb_perror_msg_and_die(bb_msg_read_error);
+            }
+            /* Do BREAK handling elsewhere. */
+            /* BREAK. If we have speeds to try,
+             * return NULL (will switch speeds and return here) */
             if (c == '\0' && op->numspeed > 1)
                 return NULL;
             /* Do parity bit handling. */
+            ascval = c & 0177;
+            if (c != ascval) {       /* "parity" bit on ? */
+            if (!(op->flags & F_LOCAL) && (c & 0x80)) {       /* "parity" bit on? */
                 bits = 1;
                 mask = 1;
                 while (mask & 0177) {
                     if (mask & ascval)
+                while (mask & 0x7f) {
+                    if (mask & c)
                         bits++; /* count "1" bits */
                     mask <<= 1;
 …
             /* Do erase, kill and end-of-line processing. */
+            ascval = c & 0x7f;
             switch (ascval) {
             case CR:
 …
             case BS:
             case DEL:
+#ifdef ANCIENT_BS_KILL_CHARS
             case '#':
+#endif
                 cp->erase = ascval;     /* set erase character */
                 if (bp > logname) {
                     write(1, erase[cp->parity], 3);
+                    full_write(STDOUT_FILENO, erase[cp->parity], 3);
                     bp--;
+                }
                 break;
             case CTL('U'):
+#ifdef ANCIENT_BS_KILL_CHARS
             case '@':
+#endif
                 cp->kill = ascval;      /* set kill character */
                 while (bp > logname) {
                     write(1, erase[cp->parity], 3);
+                    full_write(STDOUT_FILENO, erase[cp->parity], 3);
                     bp--;
+                }
                 break;
             case CTL('D'):
                 exit(0);
+                exit(EXIT_SUCCESS);
             default:
                 if (!isascii(ascval) || !isprint(ascval)) {
+                if (ascval < ' ') {
                     /* ignore garbage characters */
                 } else if (bp - logname >= size_logname - 1) {
                     bb_error_msg_and_die("%s: input overrun", op->tty);
+                } else if ((int)(bp - logname) >= size_logname - 1) {
+                    bb_error_msg_and_die("input overrun");
                 } else {
                     write(1, &c, 1); /* echo the character */
+                    full_write(STDOUT_FILENO, &c, 1); /* echo the character */
                     *bp++ = ascval; /* and store it */
+                }
 …
 #ifdef HANDLE_ALLCAPS
     cp->capslock = caps_lock(logname);
+    cp->capslock = all_is_upcase(logname);
     if (cp->capslock) {
         for (bp = logname; *bp; bp++)
 …
+{
     /* General terminal-independent stuff. */
     tp->c_iflag |= IXON | IXOFF;    /* 2-way flow control */
     tp->c_lflag |= ICANON | ISIG | ECHO | ECHOE | ECHOK | ECHOKE;
 …
     tp->c_cc[VEOF] = DEF_EOF;       /* default EOF character */
     tp->c_cc[VEOL] = DEF_EOL;
+#ifdef VSWTC
     tp->c_cc[VSWTC] = DEF_SWITCH;   /* default switch character */
+#endif
     /* Account for special characters seen in input. */
     if (cp->eol == CR) {
         tp->c_iflag |= ICRNL;   /* map CR in input to NL */
 …
     /* Account for the presence or absence of parity bits in input. */
     switch (cp->parity) {
     case 0:                                 /* space (always 0) parity */
+// I bet most people go here - they use only 7-bit chars in usernames....
         break;
     case 1:                                 /* odd parity */
 …
         tp->c_cflag &= ~CSIZE;
         tp->c_cflag |= CS7;
+// FIXME: wtf? case 3: we saw both even and odd 8-bit bytes -
+// it's probably some umlauts etc, but definitely NOT 7-bit!!!
+// Entire parity detection madness here just begs for deletion...
         break;
+    }
 …
 #endif
     /* Optionally enable hardware flow control */
+#ifdef  CRTSCTS
+#ifdef CRTSCTS
     if (op->flags & F_RTSCTS)
         tp->c_cflag |= CRTSCTS;
 …
     /* Finally, make the new settings effective */
+    ioctl_or_perror_and_die(0, TCSETS, tp, "%s: TCSETS", op->tty);
+}
+#ifdef SYSV_STYLE
+#if ENABLE_FEATURE_UTMP
+/* update_utmp - update our utmp entry */
+static void update_utmp(const char *line)
+{
+    struct utmp ut;
+    struct utmp *utp;
+    time_t t;
+    int mypid = getpid();
+    /*
+     * The utmp file holds miscellaneous information about things started by
+     * /sbin/init and other system-related events. Our purpose is to update
+     * the utmp entry for the current process, in particular the process type
+     * and the tty line we are listening to. Return successfully only if the
+     * utmp file can be opened for update, and if we are able to find our
+     * entry in the utmp file.
+     */
+    if (access(_PATH_UTMP, R_OK|W_OK) == -1) {
+        close(creat(_PATH_UTMP, 0664));
+    }
+    utmpname(_PATH_UTMP);
+    setutent();
+    while ((utp = getutent())
+           && !(utp->ut_type == INIT_PROCESS && utp->ut_pid == mypid))
+        /* nothing */;
+    if (utp) {
+        memcpy(&ut, utp, sizeof(ut));
+    } else {
+        /* some inits don't initialize utmp... */
+        memset(&ut, 0, sizeof(ut));
+        safe_strncpy(ut.ut_id, line + 3, sizeof(ut.ut_id));
+    }
+    /* endutent(); */
+    strcpy(ut.ut_user, "LOGIN");
+    safe_strncpy(ut.ut_line, line, sizeof(ut.ut_line));
+    if (fakehost)
+        safe_strncpy(ut.ut_host, fakehost, sizeof(ut.ut_host));
+    time(&t);
+    ut.ut_time = t;
+    ut.ut_type = LOGIN_PROCESS;
+    ut.ut_pid = mypid;
+    pututline(&ut);
+    endutent();
+#if ENABLE_FEATURE_WTMP
+    if (access(bb_path_wtmp_file, R_OK|W_OK) == -1)
+        close(creat(bb_path_wtmp_file, 0664));
+    updwtmp(bb_path_wtmp_file, &ut);
+#endif
+}
+#endif /* CONFIG_FEATURE_UTMP */
+#endif /* SYSV_STYLE */
+int getty_main(int argc, char **argv);
+int getty_main(int argc, char **argv)
+{
+    int nullfd;
+    char *logname = NULL;           /* login name, given to /bin/login */
+    if (tcsetattr_stdin_TCSANOW(tp) < 0)
+        bb_perror_msg_and_die("tcsetattr");
+}
+int getty_main(int argc, char **argv) MAIN_EXTERNALLY_VISIBLE;
+int getty_main(int argc UNUSED_PARAM, char **argv)
+{
+    int n;
+    pid_t pid;
+    char *fakehost = NULL;          /* Fake hostname for ut_host */
+    char *logname;                  /* login name, given to /bin/login */
     /* Merging these into "struct local" may _seem_ to reduce
      * parameter passing, but today's gcc will inline
      * statics which are called once anyway, so don't do that */
     struct chardata chardata;       /* set by get_logname() */
+    struct termios termios;           /* terminal mode bits */
+    struct options options = {
+,                      /* show /etc/issue (SYSV_STYLE) */
+,                      /* no timeout */
+        _PATH_LOGIN,            /* default login program */
+        "tty1",                 /* default tty line */
+        "",                     /* modem init string */
+    struct termios termios;         /* terminal mode bits */
+    struct options options;
+    chardata = init_chardata;
+    memset(&options, 0, sizeof(options));
+    options.login = _PATH_LOGIN;    /* default login program */
+    options.tty = "tty1";           /* default tty line */
+    options.initstring = "";        /* modem init string */
 #ifdef ISSUE
+        ISSUE,                  /* default issue file */
+#else
+        NULL,
+#endif
+,                      /* no baud rates known yet */
+    };
+    /* Already too late because of theoretical
+     * possibility of getty --help somehow triggered
+     * inadvertently before we reach this. Oh well. */
+    options.issue = ISSUE;          /* default issue file */
+#endif
+    /* Parse command-line arguments. */
+    parse_args(argv, &options, &fakehost);
     logmode = LOGMODE_NONE;
+    /* Create new session, lose controlling tty, if any */
+    /* docs/ctty.htm says:
+     * "This is allowed only when the current process
+     *  is not a process group leader" - is this a problem? */
     setsid();
+    nullfd = xopen(bb_dev_null, O_RDWR);
+    /* dup2(nullfd, 0); - no, because of possible "getty - 9600" */
+    /* open_tty() will take care of fd# 0 anyway */
+    dup2(nullfd, 1);
+    dup2(nullfd, 2);
+    while (nullfd > 2) close(nullfd--);
+    /* We want special flavor of error_msg_and_die */
+    /* close stdio, and stray descriptors, just in case */
+    n = xopen(bb_dev_null, O_RDWR);
+    /* dup2(n, 0); - no, we need to handle "getty - 9600" too */
+    xdup2(n, 1);
+    xdup2(n, 2);
+    while (n > 2)
+        close(n--);
+    /* Logging. We want special flavor of error_msg_and_die */
     die_sleep = 10;
     msg_eol = "\r\n";
+    /* most likely will internally use fd #3 in CLOEXEC mode: */
     openlog(applet_name, LOG_PID, LOG_AUTH);
     logmode = LOGMODE_BOTH;
 #ifdef DEBUGGING
+    dbf = xfopen(DEBUGTERM, "w");
+    {
+        int i;
+        for (i = 1; i < argc; i++) {
+            debug(argv[i]);
+            debug("\n");
+        }
+    }
+#endif
+    /* Parse command-line arguments. */
+    parse_args(argc, argv, &options);
+#ifdef SYSV_STYLE
+#if ENABLE_FEATURE_UTMP
+    /* Update the utmp file. */
+    update_utmp(options.tty);
+#endif
+#endif
+    dbf = xfopen_for_write(DEBUGTERM);
+    for (n = 1; argv[n]; n++) {
+        debug(argv[n]);
+        debug("\n");
+    }
+#endif
+    /* Open the tty as standard input, if it is not "-" */
+    /* If it's not "-" and not taken yet, it will become our ctty */
     debug("calling open_tty\n");
+    /* Open the tty as standard { input, output, error }. */
+    open_tty(options.tty, &termios, options.flags & F_LOCAL);
+    open_tty(options.tty);
+    ndelay_off(0);
+    debug("duping\n");
+    xdup2(0, 1);
+    xdup2(0, 2);
+    /*
+     * The following ioctl will fail if stdin is not a tty, but also when
+     * there is noise on the modem control lines. In the latter case, the
+     * common course of action is (1) fix your cables (2) give the modem more
+     * time to properly reset after hanging up. SunOS users can achieve (2)
+     * by patching the SunOS kernel variable "zsadtrlow" to a larger value;
+     * 5 seconds seems to be a good value.
+     */
+    if (tcgetattr(0, &termios) < 0)
+        bb_perror_msg_and_die("tcgetattr");
+    pid = getpid();
 #ifdef __linux__
+    {
+        int iv;
+        iv = getpid();
+        ioctl(0, TIOCSPGRP, &iv);
+    }
+#endif
+// FIXME: do we need this? Otherwise "-" case seems to be broken...
+    // /* Forcibly make fd 0 our controlling tty, even if another session
+    //  * has it as a ctty. (Another session loses ctty). */
+    // ioctl(0, TIOCSCTTY, (void*)1);
+    /* Make ourself a foreground process group within our session */
+    tcsetpgrp(0, pid);
+#endif
+    /* Update the utmp file. This tty is ours now! */
+    update_utmp(pid, LOGIN_PROCESS, options.tty, "LOGIN", fakehost);
     /* Initialize the termios settings (raw mode, eight-bit, blocking i/o). */
     debug("calling termios_init\n");
     termios_init(&termios, options.speeds[FIRST_SPEED], &options);
     /* write the modem init string and DON'T flush the buffers */
+    termios_init(&termios, options.speeds[0], &options);
+    /* Write the modem init string and DON'T flush the buffers */
     if (options.flags & F_INITSTRING) {
         debug("writing init string\n");
+        write(1, options.initstring, strlen(options.initstring));
+    }
+    if (!(options.flags & F_LOCAL)) {
+        /* go to blocking write mode unless -L is specified */
+        ndelay_off(1);
+    }
+    /* Optionally detect the baud rate from the modem status message. */
+        full_write1_str(options.initstring);
+    }
+    /* Optionally detect the baud rate from the modem status message */
     debug("before autobaud\n");
     if (options.flags & F_PARSE)
+        auto_baud(bb_common_bufsiz1, sizeof(bb_common_bufsiz1), &termios);
+    /* Set the optional timer. */
+    if (options.timeout)
+        alarm(options.timeout);
+    /* optionally wait for CR or LF before writing /etc/issue */
+        auto_baud(line_buf, sizeof(line_buf), &termios);
+    /* Set the optional timer */
+    alarm(options.timeout); /* if 0, alarm is not set */
+    /* Optionally wait for CR or LF before writing /etc/issue */
     if (options.flags & F_WAITCRLF) {
         char ch;
         debug("waiting for cr-lf\n");
+        while (read(0, &ch, 1) == 1) {
+        while (safe_read(STDIN_FILENO, &ch, 1) == 1) {
+            debug("read %x\n", (unsigned char)ch);
             ch &= 0x7f;                     /* strip "parity bit" */
-#ifdef DEBUGGING
-            fprintf(dbf, "read %c\n", ch);
-#endif
             if (ch == '\n' || ch == '\r')
                 break;
 …
+    }
     chardata = init_chardata;
+    logname = NULL;
     if (!(options.flags & F_NOPROMPT)) {
+        /* Read the login name. */
+        debug("reading login name\n");
+        logname = get_logname(bb_common_bufsiz1, sizeof(bb_common_bufsiz1),
+                &options, &chardata, &termios);
+        while (logname == NULL)
+            next_speed(&termios, &options);
+        /* NB:termios_init already set line speed
+         * to options.speeds[0] */
+        int baud_index = 0;
+        while (1) {
+            /* Read the login name. */
+            debug("reading login name\n");
+            logname = get_logname(line_buf, sizeof(line_buf),
+                    &options, &chardata);
+            if (logname)
+                break;
+            /* we are here only if options.numspeed > 1 */
+            baud_index = (baud_index + 1) % options.numspeed;
+            cfsetispeed(&termios, options.speeds[baud_index]);
+            cfsetospeed(&termios, options.speeds[baud_index]);
+            tcsetattr_stdin_TCSANOW(&termios);
+        }
+    }
     /* Disable timer. */
+    if (options.timeout)
+        alarm(0);
+    alarm(0);
     /* Finalize the termios settings. */
     termios_final(&options, &termios, &chardata);
     /* Now the newline character should be properly written. */
+    write(1, "\n", 1);
+    full_write(STDOUT_FILENO, "\n", 1);
     /* Let the login program take care of password validation. */
+    execl(options.login, options.login, "--", logname, (char *) 0);
+    bb_error_msg_and_die("%s: can't exec %s", options.tty, options.login);
+}
+    /* We use PATH because we trust that root doesn't set "bad" PATH,
+     * and getty is not suid-root applet. */
+    /* With -n, logname == NULL, and login will ask for username instead */
+    BB_EXECLP(options.login, options.login, "--", logname, NULL);
+    bb_error_msg_and_die("can't execute '%s'", options.login);
+}

branches/2.2.9/mindi-busybox/loginutils/login.c

-              r1765
+              r2725
 /* vi: set sw=4 ts=4: */
 /*
  * Licensed under GPLv2 or later, see file LICENSE in this tarball for details.
+ * Licensed under GPLv2 or later, see file LICENSE in this source tree.
  */
 #include "libbb.h"
+#include <utmp.h>
+#include <syslog.h>
+#if ENABLE_FEATURE_UTMP
+# include <utmp.h> /* USER_PROCESS */
+#endif
 #include <sys/resource.h>
-#include <syslog.h>
 #if ENABLE_SELINUX
 #include <selinux/selinux.h>  /* for is_selinux_enabled()  */
 #include <selinux/get_context_list.h> /* for get_default_context() */
 #include <selinux/flask.h> /* for security class definitions  */
+# include <selinux/selinux.h>  /* for is_selinux_enabled()  */
+# include <selinux/get_context_list.h> /* for get_default_context() */
+# include <selinux/flask.h> /* for security class definitions  */
 #endif
 #if ENABLE_PAM
 /* PAM may include <locale.h>. We may need to undefine bbox's stub define: */
 #undef setlocale
+# undef setlocale
 /* For some obscure reason, PAM is not in pam/xxx, but in security/xxx.
  * Apparently they like to confuse people. */
 #include <security/pam_appl.h>
 #include <security/pam_misc.h>
+# include <security/pam_appl.h>
+# include <security/pam_misc.h>
 static const struct pam_conv conv = {
     misc_conv,
 …
 static char* short_tty;
-#if ENABLE_FEATURE_UTMP
-/* vv  Taken from tinylogin utmp.c  vv */
-/*
- * read_or_build_utent - see if utmp file is correct for this process
+ *
- *  System V is very picky about the contents of the utmp file
- *  and requires that a slot for the current process exist.
- *  The utmp file is scanned for an entry with the same process
- *  ID.  If no entry exists the process exits with a message.
+ *
- *  The "picky" flag is for network and other logins that may
- *  use special flags.  It allows the pid checks to be overridden.
- *  This means that getty should never invoke login with any
- *  command line flags.
- */
-static void read_or_build_utent(struct utmp *utptr, int picky)
+{
-    struct utmp *ut;
-    pid_t pid = getpid();
-    setutent();
-    /* First, try to find a valid utmp entry for this process.  */
-    while ((ut = getutent()))
-        if (ut->ut_pid == pid && ut->ut_line[0] && ut->ut_id[0] &&
-        (ut->ut_type == LOGIN_PROCESS || ut->ut_type == USER_PROCESS))
-            break;
-    /* If there is one, just use it, otherwise create a new one.  */
-    if (ut) {
-        *utptr = *ut;
-    } else {
-        if (picky)
-            bb_error_msg_and_die("no utmp entry found");
-        memset(utptr, 0, sizeof(*utptr));
-        utptr->ut_type = LOGIN_PROCESS;
-        utptr->ut_pid = pid;
-        strncpy(utptr->ut_line, short_tty, sizeof(utptr->ut_line));
-        /* This one is only 4 chars wide. Try to fit something
-         * remotely meaningful by skipping "tty"... */
-        strncpy(utptr->ut_id, short_tty + 3, sizeof(utptr->ut_id));
-        strncpy(utptr->ut_user, "LOGIN", sizeof(utptr->ut_user));
-        utptr->ut_time = time(NULL);
+    }
-    if (!picky) /* root login */
-        memset(utptr->ut_host, 0, sizeof(utptr->ut_host));
+}
-/*
- * write_utent - put a USER_PROCESS entry in the utmp file
+ *
- *  write_utent changes the type of the current utmp entry to
- *  USER_PROCESS.  the wtmp file will be updated as well.
- */
-static void write_utent(struct utmp *utptr, const char *username)
+{
-    utptr->ut_type = USER_PROCESS;
-    strncpy(utptr->ut_user, username, sizeof(utptr->ut_user));
-    utptr->ut_time = time(NULL);
-    /* other fields already filled in by read_or_build_utent above */
-    setutent();
-    pututline(utptr);
-    endutent();
-#if ENABLE_FEATURE_WTMP
-    if (access(bb_path_wtmp_file, R_OK|W_OK) == -1) {
-        close(creat(bb_path_wtmp_file, 0664));
+    }
-    updwtmp(bb_path_wtmp_file, utptr);
-#endif
+}
-#else /* !ENABLE_FEATURE_UTMP */
-#define read_or_build_utent(utptr, picky) ((void)0)
-#define write_utent(utptr, username) ((void)0)
-#endif /* !ENABLE_FEATURE_UTMP */
 #if ENABLE_FEATURE_NOLOGIN
 static void die_if_nologin_and_non_root(int amroot)
+static void die_if_nologin(void)
+{
     FILE *fp;
     int c;
+    if (access("/etc/nologin", F_OK))
+    int empty = 1;
+    fp = fopen_for_read("/etc/nologin");
+    if (!fp) /* assuming it does not exist */
         return;
     fp = fopen("/etc/nologin", "r");
     if (fp) {
         while ((c = getc(fp)) != EOF)
             putchar((c=='\n') ? '\r' : c);
         fflush(stdout);
         fclose(fp);
     } else
+    while ((c = getc(fp)) != EOF) {
+        if (c == '\n')
+            bb_putchar('\r');
+        bb_putchar(c);
+        empty = 0;
+    }
+    if (empty)
         puts("\r\nSystem closed for routine maintenance\r");
+    if (!amroot)
+        exit(1);
+    puts("\r\n[Disconnect bypassed -- root login allowed]\r");
+    fclose(fp);
+    fflush_all();
+    /* Users say that they do need this prior to exit: */
+    tcdrain(STDOUT_FILENO);
+    exit(EXIT_FAILURE);
+}
 #else
+static ALWAYS_INLINE void die_if_nologin_and_non_root(int amroot) {}
+# define die_if_nologin() ((void)0)
 #endif
 …
 static int check_securetty(void)
+{
+    FILE *fp;
+    int i;
+    char buf[256];
+    fp = fopen("/etc/securetty", "r");
+    if (!fp) {
+        /* A missing securetty file is not an error. */
+        return 1;
+    }
+    while (fgets(buf, sizeof(buf)-1, fp)) {
+        for (i = strlen(buf)-1; i >= 0; --i) {
+            if (!isspace(buf[i]))
+                break;
+        }
+        buf[++i] = '\0';
+        if (!buf[0] || (buf[0] == '#'))
+            continue;
+        if (strcmp(buf, short_tty) == 0) {
+            fclose(fp);
+            return 1;
+        }
+    }
+    fclose(fp);
+    return 0;
+    char *buf = (char*)"/etc/securetty"; /* any non-NULL is ok */
+    parser_t *parser = config_open2("/etc/securetty", fopen_for_read);
+    while (config_read(parser, &buf, 1, 1, "# \t", PARSE_NORMAL)) {
+        if (strcmp(buf, short_tty) == 0)
+            break;
+        buf = NULL;
+    }
+    config_close(parser);
+    /* buf != NULL here if config file was not found, empty
+     * or line was found which equals short_tty */
+    return buf != NULL;
+}
 #else
 static ALWAYS_INLINE int check_securetty(void) { return 1; }
+#endif
+#if ENABLE_SELINUX
+static void initselinux(char *username, char *full_tty,
+                        security_context_t *user_sid)
+{
+    security_context_t old_tty_sid, new_tty_sid;
+    if (!is_selinux_enabled())
+        return;
+    if (get_default_context(username, NULL, user_sid)) {
+        bb_error_msg_and_die("can't get SID for %s", username);
+    }
+    if (getfilecon(full_tty, &old_tty_sid) < 0) {
+        bb_perror_msg_and_die("getfilecon(%s) failed", full_tty);
+    }
+    if (security_compute_relabel(*user_sid, old_tty_sid,
+                SECCLASS_CHR_FILE, &new_tty_sid) != 0) {
+        bb_perror_msg_and_die("security_change_sid(%s) failed", full_tty);
+    }
+    if (setfilecon(full_tty, new_tty_sid) != 0) {
+        bb_perror_msg_and_die("chsid(%s, %s) failed", full_tty, new_tty_sid);
+    }
+}
+#endif
+#if ENABLE_LOGIN_SCRIPTS
+static void run_login_script(struct passwd *pw, char *full_tty)
+{
+    char *t_argv[2];
+    t_argv[0] = getenv("LOGIN_PRE_SUID_SCRIPT");
+    if (t_argv[0]) {
+        t_argv[1] = NULL;
+        xsetenv("LOGIN_TTY", full_tty);
+        xsetenv("LOGIN_USER", pw->pw_name);
+        xsetenv("LOGIN_UID", utoa(pw->pw_uid));
+        xsetenv("LOGIN_GID", utoa(pw->pw_gid));
+        xsetenv("LOGIN_SHELL", pw->pw_shell);
+        spawn_and_wait(t_argv); /* NOMMU-friendly */
+        unsetenv("LOGIN_TTY");
+        unsetenv("LOGIN_USER");
+        unsetenv("LOGIN_UID");
+        unsetenv("LOGIN_GID");
+        unsetenv("LOGIN_SHELL");
+    }
+}
+#else
+void run_login_script(struct passwd *pw, char *full_tty);
 #endif
 …
     do {
         c = getchar();
+        if (c == EOF) exit(1);
+        if (c == EOF)
+            exit(EXIT_FAILURE);
         if (c == '\n') {
+            if (!--cntdown) exit(1);
+            if (!--cntdown)
+                exit(EXIT_FAILURE);
             goto prompt;
+        }
     } while (isspace(c));
+    } while (isspace(c)); /* maybe isblank? */
     *buf++ = c;
     if (!fgets(buf, size_buf-2, stdin))
         exit(1);
+        exit(EXIT_FAILURE);
     if (!strchr(buf, '\n'))
+        exit(1);
+    while (isgraph(*buf)) buf++;
+        exit(EXIT_FAILURE);
+    while ((unsigned char)*buf > ' ')
+        buf++;
     *buf = '\0';
+}
 …
     fd = open(bb_path_motd_file, O_RDONLY);
     if (fd) {
         fflush(stdout);
+    if (fd >= 0) {
+        fflush_all();
         bb_copyfd_eof(fd, STDOUT_FILENO);
         close(fd);
 …
+}
 static void alarm_handler(int sig ATTRIBUTE_UNUSED)
+static void alarm_handler(int sig UNUSED_PARAM)
+{
     /* This is the escape hatch!  Poor serial line users and the like
 …
      * We don't want to block here */
     ndelay_on(1);
-    ndelay_on(2);
     printf("\r\nLogin timed out after %d seconds\r\n", TIMEOUT);
+    exit(EXIT_SUCCESS);
+}
+int login_main(int argc, char **argv);
+int login_main(int argc, char **argv)
+    fflush_all();
+    /* unix API is brain damaged regarding O_NONBLOCK,
+     * we should undo it, or else we can affect other processes */
+    ndelay_off(1);
+    _exit(EXIT_SUCCESS);
+}
+int login_main(int argc, char **argv) MAIN_EXTERNALLY_VISIBLE;
+int login_main(int argc UNUSED_PARAM, char **argv)
+{
     enum {
 …
     char *fromhost;
     char username[USERNAME_SIZE];
     const char *tmp;
     int amroot;
+    const char *shell;
+    int run_by_root;
     unsigned opt;
     int count = 0;
     struct passwd *pw;
     char *opt_host = NULL;
+    char *opt_user = NULL;
+    char full_tty[TTYNAME_SIZE];
+    USE_SELINUX(security_context_t user_sid = NULL;)
+    USE_FEATURE_UTMP(struct utmp utent;)
+    USE_PAM(pam_handle_t *pamh;)
+    USE_PAM(int pamret;)
+    USE_PAM(const char *failed_msg;)
+    short_tty = full_tty;
+    char *opt_user = opt_user; /* for compiler */
+    char *full_tty;
+    IF_SELINUX(security_context_t user_sid = NULL;)
+#if ENABLE_PAM
+    int pamret;
+    pam_handle_t *pamh;
+    const char *pamuser;
+    const char *failed_msg;
+    struct passwd pwdstruct;
+    char pwdbuf[256];
+#endif
     username[0] = '\0';
-    amroot = (getuid() == 0);
     signal(SIGALRM, alarm_handler);
     alarm(TIMEOUT);
+    /* More of suid paranoia if called by non-root: */
+    /* Clear dangerous stuff, set PATH */
+    run_by_root = !sanitize_env_if_suid();
     /* Mandatory paranoia for suid applet:
 …
     opt = getopt32(argv, "f:h:p", &opt_user, &opt_host);
     if (opt & LOGIN_OPT_f) {
         if (!amroot)
+        if (!run_by_root)
             bb_error_msg_and_die("-f is for root only");
         safe_strncpy(username, opt_user, sizeof(username));
+    }
+    if (optind < argc) /* user from command line (getty) */
+        safe_strncpy(username, argv[optind], sizeof(username));
+    argv += optind;
+    if (argv[0]) /* user from command line (getty) */
+        safe_strncpy(username, argv[0], sizeof(username));
     /* Let's find out and memorize our tty */
+    if (!isatty(0) || !isatty(1) || !isatty(2))
+        return EXIT_FAILURE;        /* Must be a terminal */
+    safe_strncpy(full_tty, "UNKNOWN", sizeof(full_tty));
+    tmp = ttyname(0);
+    if (tmp) {
+        safe_strncpy(full_tty, tmp, sizeof(full_tty));
+        if (strncmp(full_tty, "/dev/", 5) == 0)
+            short_tty = full_tty + 5;
+    }
+    read_or_build_utent(&utent, !amroot);
+    if (!isatty(STDIN_FILENO) || !isatty(STDOUT_FILENO) || !isatty(STDERR_FILENO))
+        return EXIT_FAILURE;  /* Must be a terminal */
+    full_tty = xmalloc_ttyname(STDIN_FILENO);
+    if (!full_tty)
+        full_tty = xstrdup("UNKNOWN");
+    short_tty = skip_dev_pfx(full_tty);
     if (opt_host) {
-        USE_FEATURE_UTMP(
-            safe_strncpy(utent.ut_host, opt_host, sizeof(utent.ut_host));
+        )
         fromhost = xasprintf(" on '%s' from '%s'", short_tty, opt_host);
     } else
+    } else {
         fromhost = xasprintf(" on '%s'", short_tty);
+    }
     /* Was breaking "login <username>" from shell command line: */
     /*bb_setpgrp();*/
     openlog(applet_name, LOG_PID | LOG_CONS | LOG_NOWAIT, LOG_AUTH);
+    openlog(applet_name, LOG_PID | LOG_CONS, LOG_AUTH);
     while (1) {
+        /* flush away any type-ahead (as getty does) */
+        tcflush(0, TCIFLUSH);
         if (!username[0])
             get_username_or_die(username, sizeof(username));
 …
         pamret = pam_start("login", username, &conv, &pamh);
         if (pamret != PAM_SUCCESS) {
             failed_msg = "pam_start";
+            failed_msg = "start";
             goto pam_auth_failed;
+        }
 …
         pamret = pam_set_item(pamh, PAM_TTY, short_tty);
         if (pamret != PAM_SUCCESS) {
             failed_msg = "pam_set_item(TTY)";
+            failed_msg = "set_item(TTY)";
             goto pam_auth_failed;
+        }
         pamret = pam_authenticate(pamh, 0);
         if (pamret != PAM_SUCCESS) {
             failed_msg = "pam_authenticate";
+            failed_msg = "authenticate";
             goto pam_auth_failed;
             /* TODO: or just "goto auth_failed"
 …
         pamret = pam_acct_mgmt(pamh, 0);
         if (pamret != PAM_SUCCESS) {
             failed_msg = "account setup";
+            failed_msg = "acct_mgmt";
             goto pam_auth_failed;
+        }
         /* read user back */
+        {
+            const char *pamuser;
+            /* gcc: "dereferencing type-punned pointer breaks aliasing rules..."
+             * thus we cast to (void*) */
+            if (pam_get_item(pamh, PAM_USER, (void*)&pamuser) != PAM_SUCCESS) {
+                failed_msg = "pam_get_item(USER)";
+                goto pam_auth_failed;
+            }
+            safe_strncpy(username, pamuser, sizeof(username));
+        }
+        /* If we get here, the user was authenticated, and is
+         * granted access. */
+        pw = getpwnam(username);
+        if (pw)
+            break;
+        goto auth_failed;
+        pamuser = NULL;
+        /* gcc: "dereferencing type-punned pointer breaks aliasing rules..."
+         * thus we cast to (void*) */
+        if (pam_get_item(pamh, PAM_USER, (void*)&pamuser) != PAM_SUCCESS) {
+            failed_msg = "get_item(USER)";
+            goto pam_auth_failed;
+        }
+        if (!pamuser || !pamuser[0])
+            goto auth_failed;
+        safe_strncpy(username, pamuser, sizeof(username));
+        /* Don't use "pw = getpwnam(username);",
+         * PAM is said to be capable of destroying static storage
+         * used by getpwnam(). We are using safe(r) function */
+        pw = NULL;
+        getpwnam_r(username, &pwdstruct, pwdbuf, sizeof(pwdbuf), &pw);
+        if (!pw)
+            goto auth_failed;
+        pamret = pam_open_session(pamh, 0);
+        if (pamret != PAM_SUCCESS) {
+            failed_msg = "open_session";
+            goto pam_auth_failed;
+        }
+        pamret = pam_setcred(pamh, PAM_ESTABLISH_CRED);
+        if (pamret != PAM_SUCCESS) {
+            failed_msg = "setcred";
+            goto pam_auth_failed;
+        }
+        break; /* success, continue login process */
  pam_auth_failed:
+        bb_error_msg("%s failed: %s (%d)", failed_msg, pam_strerror(pamh, pamret), pamret);
+        /* syslog, because we don't want potential attacker
+         * to know _why_ login failed */
+        syslog(LOG_WARNING, "pam_%s call failed: %s (%d)", failed_msg,
+                    pam_strerror(pamh, pamret), pamret);
         safe_strncpy(username, "UNKNOWN", sizeof(username));
 #else /* not PAM */
 …
             syslog(LOG_WARNING, "invalid password for '%s'%s",
                         username, fromhost);
+            if (ENABLE_FEATURE_CLEAN_UP)
+                free(fromhost);
             return EXIT_FAILURE;
+        }
         username[0] = '\0';
+    }
+    } /* while (1) */
     alarm(0);
+    die_if_nologin_and_non_root(pw->pw_uid == 0);
+    write_utent(&utent, username);
+#if ENABLE_SELINUX
+    if (is_selinux_enabled()) {
+        security_context_t old_tty_sid, new_tty_sid;
+        if (get_default_context(username, NULL, &user_sid)) {
+            bb_error_msg_and_die("cannot get SID for %s",
+                    username);
+        }
+        if (getfilecon(full_tty, &old_tty_sid) < 0) {
+            bb_perror_msg_and_die("getfilecon(%s) failed",
+                    full_tty);
+        }
+        if (security_compute_relabel(user_sid, old_tty_sid,
+                    SECCLASS_CHR_FILE, &new_tty_sid) != 0) {
+            bb_perror_msg_and_die("security_change_sid(%s) failed",
+                    full_tty);
+        }
+        if (setfilecon(full_tty, new_tty_sid) != 0) {
+            bb_perror_msg_and_die("chsid(%s, %s) failed",
+                    full_tty, new_tty_sid);
+        }
+    }
+#endif
+    /* We can ignore /etc/nologin if we are logging in as root,
+     * it doesn't matter whether we are run by root or not */
+    if (pw->pw_uid != 0)
+        die_if_nologin();
+    IF_SELINUX(initselinux(username, full_tty, &user_sid));
     /* Try these, but don't complain if they fail.
      * _f_chown is safe wrt race t=ttyname(0);...;chown(t); */
 …
     fchmod(0, 0600);
+    if (ENABLE_LOGIN_SCRIPTS) {
+        char *t_argv[2];
+        t_argv[0] = getenv("LOGIN_PRE_SUID_SCRIPT");
+        if (t_argv[0]) {
+            t_argv[1] = NULL;
+            xsetenv("LOGIN_TTY", full_tty);
+            xsetenv("LOGIN_USER", pw->pw_name);
+            xsetenv("LOGIN_UID", utoa(pw->pw_uid));
+            xsetenv("LOGIN_GID", utoa(pw->pw_gid));
+            xsetenv("LOGIN_SHELL", pw->pw_shell);
+            xspawn(t_argv); /* NOMMU-friendly */
+            /* All variables are unset by setup_environment */
+            wait(NULL);
+        }
+    }
+    update_utmp(getpid(), USER_PROCESS, short_tty, username, run_by_root ? opt_host : NULL);
+    /* We trust environment only if we run by root */
+    if (ENABLE_LOGIN_SCRIPTS && run_by_root)
+        run_login_script(pw, full_tty);
     change_identity(pw);
     tmp = pw->pw_shell;
     if (!tmp || !*tmp)
         tmp = DEFAULT_SHELL;
     /* setup_environment params: shell, loginshell, changeenv, pw */
     setup_environment(tmp, 1, !(opt & LOGIN_OPT_p), pw);
     /* FIXME: login shell = 1 -> 3rd parameter is ignored! */
+    shell = pw->pw_shell;
+    if (!shell || !shell[0])
+        shell = DEFAULT_SHELL;
+    setup_environment(shell,
+            (!(opt & LOGIN_OPT_p) * SETUP_ENV_CLEARENV) + SETUP_ENV_CHANGEENV,
+            pw);
     motd();
 …
     if (pw->pw_uid == 0)
         syslog(LOG_INFO, "root login%s", fromhost);
+#if ENABLE_SELINUX
+    if (ENABLE_FEATURE_CLEAN_UP)
+        free(fromhost);
     /* well, a simple setexeccon() here would do the job as well,
      * but let's play the game for now */
+    set_current_security_context(user_sid);
+#endif
+    IF_SELINUX(set_current_security_context(user_sid);)
     // util-linux login also does:
 …
     // If this stuff is really needed, add it and explain why!
+    /* set signals to defaults */
+    signal(SIGALRM, SIG_DFL);
+    /* Set signals to defaults */
+    /* Non-ignored signals revert to SIG_DFL on exec anyway */
+    /*signal(SIGALRM, SIG_DFL);*/
     /* Is this correct? This way user can ctrl-c out of /etc/profile,
      * potentially creating security breach (tested with bash 3.0).
 …
      * Maybe bash is buggy?
      * Need to find out what standards say about /bin/login -
      * should it leave SIGINT etc enabled or disabled? */
+     * should we leave SIGINT etc enabled or disabled? */
     signal(SIGINT, SIG_DFL);
     /* Exec login shell with no additional parameters */
     run_shell(tmp, 1, NULL, NULL);
+    run_shell(shell, 1, NULL, NULL);
     /* return EXIT_FAILURE; - not reached */

branches/2.2.9/mindi-busybox/loginutils/passwd.c

-              r1765
+              r2725
 /* vi: set sw=4 ts=4: */
 /*
  * Licensed under GPLv2 or later, see file LICENSE in this tarball for details.
+ * Licensed under GPLv2 or later, see file LICENSE in this source tree.
  */
 #include "libbb.h"
 #include <syslog.h>
 static void nuke_str(char *str)
 …
     char *orig = (char*)"";
     char *newp = NULL;
-    char *cipher = NULL;
     char *cp = NULL;
     char *ret = NULL; /* failure so far */
     if (myuid && pw->pw_passwd[0]) {
+        orig = bb_askpass(0, "Old password:"); /* returns ptr to static */
+        char *encrypted;
+        orig = bb_ask_stdin("Old password: "); /* returns ptr to static */
         if (!orig)
             goto err_ret;
         cipher = pw_encrypt(orig, pw->pw_passwd); /* returns ptr to static */
         if (strcmp(cipher, pw->pw_passwd) != 0) {
             syslog(LOG_WARNING, "incorrect password for '%s'",
+        encrypted = pw_encrypt(orig, pw->pw_passwd, 1); /* returns malloced str */
+        if (strcmp(encrypted, pw->pw_passwd) != 0) {
+            syslog(LOG_WARNING, "incorrect password for %s",
                 pw->pw_name);
             bb_do_delay(FAIL_DELAY);
 …
             goto err_ret;
+        }
+    }
+    orig = xstrdup(orig); /* or else bb_askpass() will destroy it */
+    newp = bb_askpass(0, "New password:"); /* returns ptr to static */
+        if (ENABLE_FEATURE_CLEAN_UP) free(encrypted);
+    }
+    orig = xstrdup(orig); /* or else bb_ask_stdin() will destroy it */
+    newp = bb_ask_stdin("New password: "); /* returns ptr to static */
     if (!newp)
         goto err_ret;
     newp = xstrdup(newp); /* we are going to bb_askpass() again, so save it */
+    newp = xstrdup(newp); /* we are going to bb_ask_stdin() again, so save it */
     if (ENABLE_FEATURE_PASSWD_WEAK_CHECK
      && obscure(orig, newp, pw) && myuid)
         goto err_ret; /* non-root is not allowed to have weak passwd */
     cp = bb_askpass(0, "Retype password:");
+    cp = bb_ask_stdin("Retype password: ");
     if (!cp)
         goto err_ret;
 …
         crypt_make_salt(salt + 3, 4, 0);
+    }
     /* pw_encrypt returns ptr to static */
     ret = xstrdup(pw_encrypt(newp, salt));
+    /* pw_encrypt returns malloced str */
+    ret = pw_encrypt(newp, salt, 1);
     /* whee, success! */
 …
     nuke_str(newp);
     if (ENABLE_FEATURE_CLEAN_UP) free(newp);
-    nuke_str(cipher);
     nuke_str(cp);
     return ret;
+}
 int passwd_main(int argc, char **argv);
 int passwd_main(int argc, char **argv)
+int passwd_main(int argc, char **argv) MAIN_EXTERNALLY_VISIBLE;
+int passwd_main(int argc UNUSED_PARAM, char **argv)
+{
     enum {
 …
     struct rlimit rlimit_fsize;
     char c;
 #if ENABLE_FEATURE_SHADOWPASSWDS
     /* Using _r function to avoid pulling in static buffers */
     struct spwd spw;
-    struct spwd *result;
     char buffer[256];
 #endif
     logmode = LOGMODE_BOTH;
     openlog(applet_name, LOG_NOWAIT, LOG_AUTH);
+    openlog(applet_name, 0, LOG_AUTH);
     opt = getopt32(argv, "a:lud", &opt_a);
     //argc -= optind;
 …
     /* Will complain and die if username not found */
     myname = xstrdup(bb_getpwuid(NULL, -1, myuid));
+    myname = xstrdup(xuid2uname(myuid));
     name = argv[0] ? argv[0] : myname;
+    pw = getpwnam(name);
+    if (!pw) bb_error_msg_and_die("unknown user %s", name);
+    pw = xgetpwnam(name);
     if (myuid && pw->pw_uid != myuid) {
         /* LOGMODE_BOTH */
 …
 #if ENABLE_FEATURE_SHADOWPASSWDS
+    /* getspnam_r() can lie! Even if user isn't in shadow, it can
+     * return success (pwd field was seen set to "!" in this case) */
+    if (getspnam_r(pw->pw_name, &spw, buffer, sizeof(buffer), &result)
+     || LONE_CHAR(spw.sp_pwdp, '!')) {
+        /* LOGMODE_BOTH */
+        bb_error_msg("no record of %s in %s, using %s",
+                name, bb_path_shadow_file,
+                bb_path_passwd_file);
+    } else {
+        pw->pw_passwd = spw.sp_pwdp;
+    {
+        /* getspnam_r may return 0 yet set result to NULL.
+         * At least glibc 2.4 does this. Be extra paranoid here. */
+        struct spwd *result = NULL;
+        errno = 0;
+        if (getspnam_r(pw->pw_name, &spw, buffer, sizeof(buffer), &result) != 0
+         || !result /* no error, but no record found either */
+         || strcmp(result->sp_namp, pw->pw_name) != 0 /* paranoia */
+        ) {
+            if (errno != ENOENT) {
+                /* LOGMODE_BOTH */
+                bb_perror_msg("no record of %s in %s, using %s",
+                    name, bb_path_shadow_file,
+                    bb_path_passwd_file);
+            }
+            /* else: /etc/shadow does not exist,
+             * apparently we are on a shadow-less system,
+             * no surprise there */
+        } else {
+            pw->pw_passwd = result->sp_pwdp;
+        }
+    }
 #endif
 …
         if (myuid && !c) { /* passwd starts with '!' */
             /* LOGMODE_BOTH */
             bb_error_msg_and_die("cannot change "
+            bb_error_msg_and_die("can't change "
                     "locked password for %s", name);
+        }
 …
     } else if (opt & OPT_unlock) {
         if (c) goto skip; /* not '!' */
         /* pw->pw_passwd pints to static storage,
+        /* pw->pw_passwd points to static storage,
          * strdup'ing to avoid nasty surprizes */
         newp = xstrdup(&pw->pw_passwd[1]);
 …
     rlimit_fsize.rlim_cur = rlimit_fsize.rlim_max = 512L * 30000;
     setrlimit(RLIMIT_FSIZE, &rlimit_fsize);
+    signal(SIGHUP, SIG_IGN);
+    signal(SIGINT, SIG_IGN);
+    signal(SIGQUIT, SIG_IGN);
+    bb_signals(0
+        + (1 << SIGHUP)
+        + (1 << SIGINT)
+        + (1 << SIGQUIT)
+        , SIG_IGN);
     umask(077);
     xsetuid(0);
 …
 #if ENABLE_FEATURE_SHADOWPASSWDS
     filename = bb_path_shadow_file;
     rc = update_passwd(bb_path_shadow_file, name, newp);
+    rc = update_passwd(bb_path_shadow_file, name, newp, NULL);
     if (rc == 0) /* no lines updated, no errors detected */
 #endif
+    {
         filename = bb_path_passwd_file;
         rc = update_passwd(bb_path_passwd_file, name, newp);
+        rc = update_passwd(bb_path_passwd_file, name, newp, NULL);
+    }
     /* LOGMODE_BOTH */
     if (rc < 0)
         bb_error_msg_and_die("cannot update password file %s",
+        bb_error_msg_and_die("can't update password file %s",
                 filename);
     bb_info_msg("Password for %s changed by %s", name, myname);

branches/2.2.9/mindi-busybox/loginutils/su.c

-              r1765
+              r2725
 /* vi: set sw=4 ts=4: */
 /*
  *  Mini su implementation for busybox
+ * Mini su implementation for busybox
+ *
  *  Licensed under the GPL v2 or later, see the file LICENSE in this tarball.
+ * Licensed under GPLv2 or later, see file LICENSE in this source tree.
  */
 …
 #include <syslog.h>
+#if ENABLE_FEATURE_SU_CHECKS_SHELLS
+/* Return 1 if SHELL is a restricted shell (one not returned by
+ * getusershell), else 0, meaning it is a standard shell.  */
+static int restricted_shell(const char *shell)
+{
+    char *line;
+    int result = 1;
+    /*setusershell(); - getusershell does it itself*/
+    while ((line = getusershell()) != NULL) {
+        if (/* *line != '#' && */ strcmp(line, shell) == 0) {
+            result = 0;
+            break;
+        }
+    }
+    if (ENABLE_FEATURE_CLEAN_UP)
+        endusershell();
+    return result;
+}
+#endif
 #define SU_OPT_mp (3)
 #define SU_OPT_l (4)
+#define SU_OPT_l  (4)
 int su_main(int argc, char **argv);
 int su_main(int argc, char **argv)
+int su_main(int argc, char **argv) MAIN_EXTERNALLY_VISIBLE;
+int su_main(int argc UNUSED_PARAM, char **argv)
+{
     unsigned flags;
 …
     uid_t cur_uid = getuid();
     const char *tty;
+    char *old_user;
+    char user_buf[64];
+    const char *old_user;
     flags = getopt32(argv, "mplc:s:", &opt_command, &opt_shell);
     argc -= optind;
+    //argc -= optind;
     argv += optind;
     if (argc && LONE_DASH(argv[0])) {
+    if (argv[0] && LONE_DASH(argv[0])) {
         flags |= SU_OPT_l;
-        argc--;
         argv++;
+    }
     /* get user if specified */
     if (argc) {
+    if (argv[0]) {
         opt_username = argv[0];
-//      argc--;
         argv++;
+    }
     if (ENABLE_FEATURE_SU_SYSLOG) {
+        /* The utmp entry (via getlogin) is probably the best way to identify
+        the user, especially if someone su's from a su-shell.
+        But getlogin can fail -- usually due to lack of utmp entry.
+        in this case resort to getpwuid.  */
+        old_user = xstrdup(USE_FEATURE_UTMP(getlogin() ? : ) (pw = getpwuid(cur_uid)) ? pw->pw_name : "");
+        tty = ttyname(2) ? : "none";
+        /* The utmp entry (via getlogin) is probably the best way to
+         * identify the user, especially if someone su's from a su-shell.
+         * But getlogin can fail -- usually due to lack of utmp entry.
+         * in this case resort to getpwuid.  */
+#if ENABLE_FEATURE_UTMP
+        old_user = user_buf;
+        if (getlogin_r(user_buf, sizeof(user_buf)) != 0)
+#endif
+        {
+            pw = getpwuid(cur_uid);
+            old_user = pw ? xstrdup(pw->pw_name) : "";
+        }
+        tty = xmalloc_ttyname(2);
+        if (!tty) {
+            tty = "none";
+        }
         openlog(applet_name, 0, LOG_AUTH);
+    }
+    pw = getpwnam(opt_username);
+    if (!pw)
+        bb_error_msg_and_die("unknown id: %s", opt_username);
+    pw = xgetpwnam(opt_username);
+    /* Make sure pw->pw_shell is non-NULL.  It may be NULL when NEW_USER
+       is a username that is retrieved via NIS (YP), but that doesn't have
+       a default shell listed.  */
+    if (!pw->pw_shell || !pw->pw_shell[0])
+        pw->pw_shell = (char *)DEFAULT_SHELL;
+    if ((cur_uid == 0) || correct_password(pw)) {
+    if (cur_uid == 0 || correct_password(pw)) {
         if (ENABLE_FEATURE_SU_SYSLOG)
             syslog(LOG_NOTICE, "%c %s %s:%s",
 …
     if (ENABLE_FEATURE_CLEAN_UP && ENABLE_FEATURE_SU_SYSLOG) {
         closelog();
-        free(old_user);
+    }
+    if (!opt_shell && (flags & SU_OPT_mp))
+    if (!opt_shell && (flags & SU_OPT_mp)) {
+        /* -s SHELL is not given, but "preserve env" opt is */
         opt_shell = getenv("SHELL");
+    }
+    /* Make sure pw->pw_shell is non-NULL.  It may be NULL when NEW_USER
+     * is a username that is retrieved via NIS (YP), that doesn't have
+     * a default shell listed.  */
+    if (!pw->pw_shell || !pw->pw_shell[0])
+        pw->pw_shell = (char *)DEFAULT_SHELL;
 #if ENABLE_FEATURE_SU_CHECKS_SHELLS
     if (opt_shell && cur_uid && restricted_shell(pw->pw_shell)) {
+    if (opt_shell && cur_uid != 0 && restricted_shell(pw->pw_shell)) {
         /* The user being su'd to has a nonstandard shell, and so is
            probably a uucp account or has restricted access.  Don't
            compromise the account by allowing access with a standard
            shell.  */
+         * probably a uucp account or has restricted access.  Don't
+         * compromise the account by allowing access with a standard
+         * shell.  */
         bb_error_msg("using restricted shell");
         opt_shell = 0;
+        opt_shell = NULL;
+    }
+    /* else: user can run whatever he wants via "su -s PROG USER".
+     * This is safe since PROG is run under user's uid/gid. */
 #endif
     if (!opt_shell)
 …
     change_identity(pw);
+    setup_environment(opt_shell, flags & SU_OPT_l, !(flags & SU_OPT_mp), pw);
+    USE_SELINUX(set_current_security_context(NULL);)
+    setup_environment(opt_shell,
+            ((flags & SU_OPT_l) / SU_OPT_l * SETUP_ENV_CLEARENV)
+            + (!(flags & SU_OPT_mp) * SETUP_ENV_CHANGEENV),
+            pw);
+    IF_SELINUX(set_current_security_context(NULL);)
     /* Never returns */
     run_shell(opt_shell, flags & SU_OPT_l, opt_command, (const char**)argv);
     return EXIT_FAILURE;
+    /* return EXIT_FAILURE; - not reached */
+}

branches/2.2.9/mindi-busybox/loginutils/sulogin.c

-              r1765
+              r2725
  * Mini sulogin implementation for busybox
+ *
  * Licensed under GPLv2 or later, see file LICENSE in this tarball for details.
+ * Licensed under GPLv2 or later, see file LICENSE in this source tree.
  */
+#include "libbb.h"
 #include <syslog.h>
+#include "libbb.h"
+static const char *const forbid[] = {
+    "ENV",
+    "BASH_ENV",
+    "HOME",
+    "IFS",
+    "PATH",
+    "SHELL",
+    "LD_LIBRARY_PATH",
+    "LD_PRELOAD",
+    "LD_TRACE_LOADED_OBJECTS",
+    "LD_BIND_NOW",
+    "LD_AOUT_LIBRARY_PATH",
+    "LD_AOUT_PRELOAD",
+    "LD_NOWARN",
+    "LD_KEEPDIR",
+    (char *) 0
+};
+//static void catchalarm(int UNUSED_PARAM junk)
+//{
+//  exit(EXIT_FAILURE);
+//}
+static void catchalarm(int ATTRIBUTE_UNUSED junk)
+{
+    exit(EXIT_FAILURE);
+}
+int sulogin_main(int argc, char **argv);
+int sulogin_main(int argc, char **argv)
+int sulogin_main(int argc, char **argv) MAIN_EXTERNALLY_VISIBLE;
+int sulogin_main(int argc UNUSED_PARAM, char **argv)
+{
     char *cp;
     int timeout = 0;
-    char *timeout_arg;
-    const char *const *p;
     struct passwd *pwd;
     const char *shell;
 …
     char buffer[256];
     struct spwd spw;
-    struct spwd *result;
 #endif
 …
     openlog(applet_name, 0, LOG_AUTH);
     if (getopt32(argv, "t:", &timeout_arg)) {
         timeout = xatoi_u(timeout_arg);
+    }
+    opt_complementary = "t+"; /* -t N */
+    getopt32(argv, "t:", &timeout);
+    argv += optind;
     if (argv[optind]) {
+    if (argv[0]) {
         close(0);
         close(1);
         dup(xopen(argv[optind], O_RDWR));
+        dup(xopen(argv[0], O_RDWR));
         close(2);
         dup(0);
+    }
+    /* Malicious use like "sulogin /dev/sda"? */
     if (!isatty(0) || !isatty(1) || !isatty(2)) {
         logmode = LOGMODE_SYSLOG;
 …
+    }
+    /* Clear out anything dangerous from the environment */
+    for (p = forbid; *p; p++)
+        unsetenv(*p);
+    signal(SIGALRM, catchalarm);
+    /* Clear dangerous stuff, set PATH */
+    sanitize_env_if_suid();
     pwd = getpwuid(0);
 …
 #if ENABLE_FEATURE_SHADOWPASSWDS
+    if (getspnam_r(pwd->pw_name, &spw, buffer, sizeof(buffer), &result)) {
+        goto auth_error;
+    {
+        /* getspnam_r may return 0 yet set result to NULL.
+         * At least glibc 2.4 does this. Be extra paranoid here. */
+        struct spwd *result = NULL;
+        int r = getspnam_r(pwd->pw_name, &spw, buffer, sizeof(buffer), &result);
+        if (r || !result) {
+            goto auth_error;
+        }
+        pwd->pw_passwd = result->sp_pwdp;
+    }
-    pwd->pw_passwd = spw.sp_pwdp;
 #endif
     while (1) {
+        char *encrypted;
+        int r;
         /* cp points to a static buffer that is zeroed every time */
         cp = bb_askpass(timeout,
+        cp = bb_ask(STDIN_FILENO, timeout,
                 "Give root password for system maintenance\n"
                 "(or type Control-D for normal startup):");
 …
             return 0;
+        }
+        if (strcmp(pw_encrypt(cp, pwd->pw_passwd), pwd->pw_passwd) == 0) {
+        encrypted = pw_encrypt(cp, pwd->pw_passwd, 1);
+        r = strcmp(encrypted, pwd->pw_passwd);
+        free(encrypted);
+        if (r == 0) {
             break;
+        }
 …
+    }
     memset(cp, 0, strlen(cp));
     signal(SIGALRM, SIG_DFL);
+//  signal(SIGALRM, SIG_DFL);
     bb_info_msg("System Maintenance Mode");
     USE_SELINUX(renew_current_security_context());
+    IF_SELINUX(renew_current_security_context());
     shell = getenv("SUSHELL");
+    if (!shell) shell = getenv("sushell");
+    if (!shell) {
+        shell = "/bin/sh";
+        if (pwd->pw_shell[0])
+            shell = pwd->pw_shell;
+    }
+    run_shell(shell, 1, 0, 0);
+    /* never returns */
+    if (!shell)
+        shell = getenv("sushell");
+    if (!shell)
+        shell = pwd->pw_shell;
+auth_error:
+    bb_error_msg_and_die("no password entry for 'root'");
+    /* Exec login shell with no additional parameters. Never returns. */
+    run_shell(shell, 1, NULL, NULL);
+ auth_error:
+    bb_error_msg_and_die("no password entry for root");
+}

branches/2.2.9/mindi-busybox/loginutils/vlock.c

-              r1765
+              r2725
 /* vi: set sw=4 ts=4: */
 /*
  * vlock implementation for busybox
 …
  * Written by spoon <spon@ix.netcom.com>
+ *
  * Licensed under GPLv2 or later, see file LICENSE in this tarball for details.
+ * Licensed under GPLv2 or later, see file LICENSE in this source tree.
  */
 …
 #include "libbb.h"
+#ifdef __linux__
 #include <sys/vt.h>
+static struct passwd *pw;
+static struct vt_mode ovtm;
+static struct termios oterm;
+static int vfd;
+static unsigned long o_lock_all;
+static void release_vt(int signo)
+static void release_vt(int signo UNUSED_PARAM)
+{
+    ioctl(vfd, VT_RELDISP, !o_lock_all);
+    /* If -a, param is 0, which means:
+     * "no, kernel, we don't allow console switch away from us!" */
+    ioctl(STDIN_FILENO, VT_RELDISP, (unsigned long) !option_mask32);
+}
 static void acquire_vt(int signo)
+static void acquire_vt(int signo UNUSED_PARAM)
+{
+    ioctl(vfd, VT_RELDISP, VT_ACKACQ);
+    /* ACK to kernel that switch to console is successful */
+    ioctl(STDIN_FILENO, VT_RELDISP, VT_ACKACQ);
+}
+#endif
+static void restore_terminal(void)
+int vlock_main(int argc, char **argv) MAIN_EXTERNALLY_VISIBLE;
+int vlock_main(int argc UNUSED_PARAM, char **argv)
+{
+    ioctl(vfd, VT_SETMODE, &ovtm);
+    tcsetattr(STDIN_FILENO, TCSANOW, &oterm);
+}
+#ifdef __linux__
+    struct vt_mode vtm;
+    struct vt_mode ovtm;
+#endif
+    struct termios term;
+    struct termios oterm;
+    struct passwd *pw;
+int vlock_main(int argc, char **argv);
+int vlock_main(int argc, char **argv)
+{
+    sigset_t sig;
+    struct sigaction sa;
+    struct vt_mode vtm;
+    struct termios term;
+    uid_t uid = getuid();
+    pw = xgetpwuid(getuid());
+    opt_complementary = "=0"; /* no params! */
+    getopt32(argv, "a");
+    pw = getpwuid(uid);
+    if (pw == NULL)
+        bb_error_msg_and_die("unknown uid %d", uid);
+    /* Ignore some signals so that we don't get killed by them */
+    bb_signals(0
+        + (1 << SIGTSTP)
+        + (1 << SIGTTIN)
+        + (1 << SIGTTOU)
+        + (1 << SIGHUP )
+        + (1 << SIGCHLD) /* paranoia :) */
+        + (1 << SIGQUIT)
+        + (1 << SIGINT )
+        , SIG_IGN);
+    if (argc > 2) {
+        bb_show_usage();
+    }
+#ifdef __linux__
+    /* We will use SIGUSRx for console switch control: */
+    /* 1: set handlers */
+    signal_SA_RESTART_empty_mask(SIGUSR1, release_vt);
+    signal_SA_RESTART_empty_mask(SIGUSR2, acquire_vt);
+    /* 2: unmask them */
+    sig_unblock(SIGUSR1);
+    sig_unblock(SIGUSR2);
+#endif
+    o_lock_all = getopt32(argv, "a");
+    /* Revert stdin/out to our controlling tty
+     * (or die if we have none) */
+    xmove_fd(xopen(CURRENT_TTY, O_RDWR), STDIN_FILENO);
+    xdup2(STDIN_FILENO, STDOUT_FILENO);
+    vfd = xopen(CURRENT_TTY, O_RDWR);
+    xioctl(vfd, VT_GETMODE, &vtm);
+    /* mask a bunch of signals */
+    sigprocmask(SIG_SETMASK, NULL, &sig);
+    sigdelset(&sig, SIGUSR1);
+    sigdelset(&sig, SIGUSR2);
+    sigaddset(&sig, SIGTSTP);
+    sigaddset(&sig, SIGTTIN);
+    sigaddset(&sig, SIGTTOU);
+    sigaddset(&sig, SIGHUP);
+    sigaddset(&sig, SIGCHLD);
+    sigaddset(&sig, SIGQUIT);
+    sigaddset(&sig, SIGINT);
+    sigemptyset(&(sa.sa_mask));
+    sa.sa_flags = SA_RESTART;
+    sa.sa_handler = release_vt;
+    sigaction(SIGUSR1, &sa, NULL);
+    sa.sa_handler = acquire_vt;
+    sigaction(SIGUSR2, &sa, NULL);
+    /* need to handle some signals so that we don't get killed by them */
+    sa.sa_handler = SIG_IGN;
+    sigaction(SIGHUP, &sa, NULL);
+    sigaction(SIGQUIT, &sa, NULL);
+    sigaction(SIGINT, &sa, NULL);
+    sigaction(SIGTSTP, &sa, NULL);
+#ifdef __linux__
+    xioctl(STDIN_FILENO, VT_GETMODE, &vtm);
     ovtm = vtm;
+    /* "console switches are controlled by us, not kernel!" */
     vtm.mode = VT_PROCESS;
     vtm.relsig = SIGUSR1;
     vtm.acqsig = SIGUSR2;
+    ioctl(vfd, VT_SETMODE, &vtm);
+    ioctl(STDIN_FILENO, VT_SETMODE, &vtm);
+#endif
     tcgetattr(STDIN_FILENO, &oterm);
 …
     term.c_lflag &= ~ISIG;
     term.c_lflag &= ~(ECHO | ECHOCTL);
     tcsetattr(STDIN_FILENO, TCSANOW, &term);
+    tcsetattr_stdin_TCSANOW(&term);
     do {
+        printf("Virtual Console%s locked by %s.\n", (o_lock_all) ? "s" : "", pw->pw_name);
+        printf("Virtual console%s locked by %s.\n",
+                option_mask32 /*o_lock_all*/ ? "s" : "",
+                pw->pw_name);
         if (correct_password(pw)) {
             break;
 …
         puts("Password incorrect");
     } while (1);
+    restore_terminal();
+    fflush_stdout_and_exit(0);
+#ifdef __linux__
+    ioctl(STDIN_FILENO, VT_SETMODE, &ovtm);
+#endif
+    tcsetattr_stdin_TCSANOW(&oterm);
+    fflush_stdout_and_exit(EXIT_SUCCESS);
+}

Context Navigation

Changeset 2725 in MondoRescue for branches/2.2.9/mindi-busybox/loginutils

Legend:

branches/2.2.9/mindi-busybox/loginutils/Config.in

branches/2.2.9/mindi-busybox/loginutils/Kbuild

branches/2.2.9/mindi-busybox/loginutils/addgroup.c

branches/2.2.9/mindi-busybox/loginutils/adduser.c

branches/2.2.9/mindi-busybox/loginutils/chpasswd.c

branches/2.2.9/mindi-busybox/loginutils/cryptpw.c

branches/2.2.9/mindi-busybox/loginutils/deluser.c

branches/2.2.9/mindi-busybox/loginutils/getty.c

branches/2.2.9/mindi-busybox/loginutils/login.c

branches/2.2.9/mindi-busybox/loginutils/passwd.c

branches/2.2.9/mindi-busybox/loginutils/su.c

branches/2.2.9/mindi-busybox/loginutils/sulogin.c

branches/2.2.9/mindi-busybox/loginutils/vlock.c

Download in other formats: