Changeset 3232 for branches/3.2/mindi-busybox/loginutils – MondoRescue

branches/3.2/mindi-busybox/loginutils/Config.src

-              r2725
+              r3232
     select FEATURE_SYSLOG
     help
+      getty lets you log in on a tty, it is normally invoked by init.
+      getty lets you log in on a tty. It is normally invoked by init.
+      Note that you can save a few bytes by disabling it and
+      using login applet directly.
+      If you need to reset tty attributes before calling login,
+      this script approximates getty:
+      exec </dev/$1 >/dev/$1 2>&1 || exit 1
+      reset
+      stty sane; stty ispeed 38400; stty ospeed 38400
+      printf "%s login: " "`hostname`"
+      read -r login
+      exec /bin/login "$login"
 config LOGIN
 …
       Note that Busybox binary must be setuid root for this applet to
       work properly.
+config LOGIN_SESSION_AS_CHILD
+    bool "Run logged in session in a child process"
+    default y if PAM
+    depends on LOGIN
+    help
+      Run the logged in session in a child process.  This allows
+      login to clean up things such as utmp entries or PAM sessions
+      when the login session is complete.  If you use PAM, you
+      almost always would want this to be set to Y, else PAM session
+      will not be cleaned up.
 config PAM
 …
       and uses this information to update a group of existing users.
+config FEATURE_DEFAULT_PASSWD_ALGO
+    string "Default password encryption method (passwd -a, cryptpw -m parameter)"
+    default "des"
+    depends on PASSWD || CRYPTPW
+    help
+      Possible choices are "d[es]", "m[d5]", "s[ha256]" or "sha512".
 config SU
     bool "su"

branches/3.2/mindi-busybox/loginutils/add-remove-shell.c

-              r2725
+              r3232
  */
 //applet:IF_ADD_SHELL(   APPLET_ODDNAME(add-shell   , add_remove_shell, _BB_DIR_USR_BIN, _BB_SUID_DROP, add_shell   ))
 //applet:IF_REMOVE_SHELL(APPLET_ODDNAME(remove-shell, add_remove_shell, _BB_DIR_USR_BIN, _BB_SUID_DROP, remove_shell))
+//applet:IF_ADD_SHELL(   APPLET_ODDNAME(add-shell   , add_remove_shell, BB_DIR_USR_SBIN, BB_SUID_DROP, add_shell   ))
+//applet:IF_REMOVE_SHELL(APPLET_ODDNAME(remove-shell, add_remove_shell, BB_DIR_USR_SBIN, BB_SUID_DROP, remove_shell))
 //kbuild:lib-$(CONFIG_ADD_SHELL)    += add-remove-shell.o

branches/3.2/mindi-busybox/loginutils/addgroup.c

-              r2725
+              r3232
+ *
  */
+//usage:#define addgroup_trivial_usage
+//usage:       "[-g GID] " IF_FEATURE_ADDUSER_TO_GROUP("[USER] ") "GROUP"
+//usage:#define addgroup_full_usage "\n\n"
+//usage:       "Add a group " IF_FEATURE_ADDUSER_TO_GROUP("or add a user to a group") "\n"
+//usage:     "\n    -g GID  Group id"
+//usage:     "\n    -S  Create a system group"
 #include "libbb.h"

branches/3.2/mindi-busybox/loginutils/adduser.c

-              r2725
+              r3232
  * Licensed under GPLv2 or later, see file LICENSE in this source tree.
  */
+//usage:#define adduser_trivial_usage
+//usage:       "[OPTIONS] USER [GROUP]"
+//usage:#define adduser_full_usage "\n\n"
+//usage:       "Create new user, or add USER to GROUP\n"
+//usage:     "\n    -h DIR      Home directory"
+//usage:     "\n    -g GECOS    GECOS field"
+//usage:     "\n    -s SHELL    Login shell"
+//usage:     "\n    -G GRP      Add user to existing group"
+//usage:     "\n    -S      Create a system user"
+//usage:     "\n    -D      Don't assign a password"
+//usage:     "\n    -H      Don't create home directory"
+//usage:     "\n    -u UID      User id"
 #include "libbb.h"
 …
         if (p->pw_uid == max) {
             bb_error_msg_and_die("no %cids left", 'u');
+            /* this format string is reused in adduser and addgroup */
+        }
         p->pw_uid++;
 …
+}
+static void addgroup_wrapper(struct passwd *p, const char *group_name)
+{
+    char *cmd;
+    if (group_name) /* Add user to existing group */
+        cmd = xasprintf("addgroup '%s' '%s'", p->pw_name, group_name);
+    else    /* Add user to his own group with the first free gid found in passwd_study */
+        cmd = xasprintf("addgroup -g %u '%s'", (unsigned)p->pw_gid, p->pw_name);
+    /* Warning: to be compatible with external addgroup programs we should use --gid instead */
+    system(cmd);
+    free(cmd);
+}
+static void passwd_wrapper(const char *login) NORETURN;
+static void passwd_wrapper(const char *login)
+{
+    BB_EXECLP("passwd", "passwd", login, NULL);
+static int addgroup_wrapper(struct passwd *p, const char *group_name)
+{
+    char *argv[6];
+    argv[0] = (char*)"addgroup";
+    if (group_name) {
+        /* Add user to existing group */
+        argv[1] = (char*)"--";
+        argv[2] = p->pw_name;
+        argv[3] = (char*)group_name;
+        argv[4] = NULL;
+    } else {
+        /* Add user to his own group with the first free gid
+         * found in passwd_study.
+         */
+#if ENABLE_FEATURE_ADDGROUP_LONG_OPTIONS || !ENABLE_ADDGROUP
+        /* We try to use --gid, not -g, because "standard" addgroup
+         * has no short option -g, it has only long --gid.
+         */
+        argv[1] = (char*)"--gid";
+#else
+        /* Breaks if system in fact does NOT use busybox addgroup */
+        argv[1] = (char*)"-g";
+#endif
+        argv[2] = utoa(p->pw_gid);
+        argv[3] = (char*)"--";
+        argv[4] = p->pw_name;
+        argv[5] = NULL;
+    }
+    return spawn_and_wait(argv);
+}
+static void passwd_wrapper(const char *login_name) NORETURN;
+static void passwd_wrapper(const char *login_name)
+{
+    BB_EXECLP("passwd", "passwd", "--", login_name, NULL);
     bb_error_msg_and_die("can't execute passwd, you must set password manually");
+}
 …
     pw.pw_gecos = (char *)"Linux User,,,";
+    pw.pw_shell = (char *)DEFAULT_SHELL;
+    /* We assume that newly created users "inherit" root's shell setting */
+    pw.pw_shell = (char *)get_shell_name();
     pw.pw_dir = NULL;
     /* exactly one non-option arg */
+    /* at most two non-option args */
     /* disable interactive passwd for system accounts */
     opt_complementary = "=1:SD:u+";
+    opt_complementary = "?2:SD:u+";
     if (sizeof(pw.pw_uid) == sizeof(int)) {
         opts = getopt32(argv, "h:g:s:G:DSHu:", &pw.pw_dir, &pw.pw_gecos, &pw.pw_shell, &usegroup, &pw.pw_uid);
 …
+    }
     argv += optind;
+    pw.pw_name = argv[0];
+    if (!opts && argv[1]) {
+        /* if called with two non-option arguments, adduser
+         * will add an existing user to an existing group.
+         */
+        return addgroup_wrapper(&pw, argv[1]);
+    }
     /* fill in the passwd struct */
-    pw.pw_name = argv[0];
     die_if_bad_username(pw.pw_name);
     if (!pw.pw_dir) {
 …
     if (ENABLE_FEATURE_CLEAN_UP)
         free(p);
 #if ENABLE_FEATURE_SHADOWPASSWDS
     /* /etc/shadow fields:
 …
             /* New home. Copy /etc/skel to it */
             const char *args[] = {
+                "chown", "-R",
+                "chown",
+                "-R",
                 xasprintf("%u:%u", (int)pw.pw_uid, (int)pw.pw_gid),
+                pw.pw_dir, NULL
+                pw.pw_dir,
+                NULL
             };
             /* Be silent on any errors (like: no /etc/skel) */

branches/3.2/mindi-busybox/loginutils/chpasswd.c

-              r2725
+              r3232
  */
 #include "libbb.h"
+//usage:#define chpasswd_trivial_usage
+//usage:    IF_LONG_OPTS("[--md5|--encrypted]") IF_NOT_LONG_OPTS("[-m|-e]")
+//usage:#define chpasswd_full_usage "\n\n"
+//usage:       "Read user:password from stdin and update /etc/passwd\n"
+//usage:    IF_LONG_OPTS(
+//usage:     "\n    -e,--encrypted  Supplied passwords are in encrypted form"
+//usage:     "\n    -m,--md5    Use MD5 encryption instead of DES"
+//usage:    )
+//usage:    IF_NOT_LONG_OPTS(
+//usage:     "\n    -e  Supplied passwords are in encrypted form"
+//usage:     "\n    -m  Use MD5 encryption instead of DES"
+//usage:    )
+//TODO: implement -c ALGO
 #if ENABLE_LONG_OPTS
 …
 int chpasswd_main(int argc UNUSED_PARAM, char **argv)
+{
+    char *name, *pass;
+    char salt[sizeof("$N$XXXXXXXX")];
+    int opt, rc;
+    int rnd = rnd; /* we *want* it to be non-initialized! */
+    char *name;
+    int opt;
     if (getuid())
+    if (getuid() != 0)
         bb_error_msg_and_die(bb_msg_perm_denied_are_you_root);
 …
     while ((name = xmalloc_fgetline(stdin)) != NULL) {
+        char *free_me;
+        char *pass;
+        int rc;
         pass = strchr(name, ':');
         if (!pass)
 …
         xuname2uid(name); /* dies if there is no such user */
+        free_me = NULL;
         if (!(opt & OPT_ENC)) {
+            rnd = crypt_make_salt(salt, 1, rnd);
+            char salt[sizeof("$N$XXXXXXXX")];
+            crypt_make_salt(salt, 1);
             if (opt & OPT_MD5) {
+                strcpy(salt, "$1$");
+                rnd = crypt_make_salt(salt + 3, 4, rnd);
+                salt[0] = '$';
+                salt[1] = '1';
+                salt[2] = '$';
+                crypt_make_salt(salt + 3, 4);
+            }
             pass = pw_encrypt(pass, salt, 0);
+            free_me = pass = pw_encrypt(pass, salt, 0);
+        }
 …
 #if ENABLE_FEATURE_SHADOWPASSWDS
         rc = update_passwd(bb_path_shadow_file, name, pass, NULL);
+        if (rc == 0) /* no lines updated, no errors detected */
+        if (rc > 0) /* password in /etc/shadow was updated */
+            pass = (char*)"x";
+        if (rc >= 0)
+            /* 0 = /etc/shadow missing (not an error), >0 = passwd changed in /etc/shadow */
 #endif
             rc = update_passwd(bb_path_passwd_file, name, pass, NULL);
 …
         logmode = LOGMODE_STDIO;
         free(name);
+        if (!(opt & OPT_ENC))
+            free(pass);
+        free(free_me);
+    }
     return EXIT_SUCCESS;

branches/3.2/mindi-busybox/loginutils/cryptpw.c

-              r2725
+              r3232
  * Licensed under GPLv2, see file LICENSE in this source tree.
  */
+//usage:#define cryptpw_trivial_usage
+//usage:       "[OPTIONS] [PASSWORD] [SALT]"
+/* We do support -s, we just don't mention it */
+//usage:#define cryptpw_full_usage "\n\n"
+//usage:       "Crypt PASSWORD using crypt(3)\n"
+//usage:    IF_LONG_OPTS(
+//usage:     "\n    -P,--password-fd=N  Read password from fd N"
+/* //usage:  "\n    -s,--stdin      Use stdin; like -P0" */
+//usage:     "\n    -m,--method=TYPE    Encryption method"
+//usage:     "\n    -S,--salt=SALT"
+//usage:    )
+//usage:    IF_NOT_LONG_OPTS(
+//usage:     "\n    -P N    Read password from fd N"
+/* //usage:  "\n    -s  Use stdin; like -P0" */
+//usage:     "\n    -m TYPE Encryption method TYPE"
+//usage:     "\n    -S SALT"
+//usage:    )
+/* mkpasswd is an alias to cryptpw */
+//usage:#define mkpasswd_trivial_usage
+//usage:       "[OPTIONS] [PASSWORD] [SALT]"
+/* We do support -s, we just don't mention it */
+//usage:#define mkpasswd_full_usage "\n\n"
+//usage:       "Crypt PASSWORD using crypt(3)\n"
+//usage:    IF_LONG_OPTS(
+//usage:     "\n    -P,--password-fd=N  Read password from fd N"
+/* //usage:  "\n    -s,--stdin      Use stdin; like -P0" */
+//usage:     "\n    -m,--method=TYPE    Encryption method"
+//usage:     "\n    -S,--salt=SALT"
+//usage:    )
+//usage:    IF_NOT_LONG_OPTS(
+//usage:     "\n    -P N    Read password from fd N"
+/* //usage:  "\n    -s  Use stdin; like -P0" */
+//usage:     "\n    -m TYPE Encryption method TYPE"
+//usage:     "\n    -S SALT"
+//usage:    )
 #include "libbb.h"
 …
 int cryptpw_main(int argc UNUSED_PARAM, char **argv)
+{
+    /* $N$ + sha_salt_16_bytes + NUL */
+    char salt[3 + 16 + 1];
+    char salt[MAX_PW_SALT_LEN];
     char *salt_ptr;
     const char *opt_m, *opt_S;
-    int len;
     int fd;
 …
 #endif
     fd = STDIN_FILENO;
     opt_m = "d";
+    opt_m = CONFIG_FEATURE_DEFAULT_PASSWD_ALGO;
     opt_S = NULL;
     /* at most two non-option arguments; -P NUM */
 …
         opt_S = argv[1];
+    len = 2/2;
+    salt_ptr = salt;
+    if (opt_m[0] != 'd') { /* not des */
+        len = 8/2; /* so far assuming md5 */
+        *salt_ptr++ = '$';
+        *salt_ptr++ = '1';
+        *salt_ptr++ = '$';
+#if !ENABLE_USE_BB_CRYPT || ENABLE_USE_BB_CRYPT_SHA
+        if (opt_m[0] == 's') { /* sha */
+            salt[1] = '5' + (strcmp(opt_m, "sha512") == 0);
+            len = 16/2;
+        }
+#endif
+    }
+    salt_ptr = crypt_make_pw_salt(salt, opt_m);
     if (opt_S)
+        safe_strncpy(salt_ptr, opt_S, sizeof(salt) - 3);
+    else
+        crypt_make_salt(salt_ptr, len, 0);
+        safe_strncpy(salt_ptr, opt_S, sizeof(salt) - (sizeof("$N$")-1));
     xmove_fd(fd, STDIN_FILENO);

branches/3.2/mindi-busybox/loginutils/deluser.c

-              r2725
+              r3232
+ *
  */
+//usage:#define deluser_trivial_usage
+//usage:       "USER"
+//usage:#define deluser_full_usage "\n\n"
+//usage:       "Delete USER from the system"
+//usage:#define delgroup_trivial_usage
+//usage:    IF_FEATURE_DEL_USER_FROM_GROUP("[USER] ")"GROUP"
+//usage:#define delgroup_full_usage "\n\n"
+//usage:       "Delete group GROUP from the system"
+//usage:    IF_FEATURE_DEL_USER_FROM_GROUP(" or user USER from group GROUP")
 #include "libbb.h"

branches/3.2/mindi-busybox/loginutils/getty.c

-              r2725
+              r3232
 /* vi: set sw=4 ts=4: */
+/* agetty.c - another getty program for Linux. By W. Z. Venema 1989
+/*
+ * Based on agetty - another getty program for Linux. By W. Z. Venema 1989
  * Ported to Linux by Peter Orbaek <poe@daimi.aau.dk>
+ * This program is freely distributable. The entire man-page used to
+ * be here. Now read the real man-page agetty.8 instead.
+ * This program is freely distributable.
+ *
  * option added by Eric Rasmussen <ear@usfirst.org> - 12/28/95
+ *
  * 1999-02-22 Arkadiusz Mickiewicz <misiek@misiek.eu.org>
  * - added Native Language Support
+ * - Added Native Language Support
+ *
  * 1999-05-05 Thorsten Kranzkowski <dl8bcu@gmx.net>
+ * - enable hardware flow control before displaying /etc/issue
+ * - Enabled hardware flow control before displaying /etc/issue
+ *
+ * 2011-01 Venys Vlasenko
+ * - Removed parity detection code. It can't work reliably:
+ * if all chars received have bit 7 cleared and odd (or even) parity,
+ * it is impossible to determine whether other side is 8-bit,no-parity
+ * or 7-bit,odd(even)-parity. It also interferes with non-ASCII usernames.
+ * - From now on, we assume that parity is correctly set.
+ *
  * Licensed under GPLv2 or later, see file LICENSE in this source tree.
 …
 #include "libbb.h"
 #include <syslog.h>
-#if ENABLE_FEATURE_UTMP
-# include <utmp.h> /* LOGIN_PROCESS */
-#endif
 #ifndef IUCLC
 # define IUCLC 0
 #endif
+/*
+ * Some heuristics to find out what environment we are in: if it is not
+ * System V, assume it is SunOS 4.
+ */
+#ifdef LOGIN_PROCESS                    /* defined in System V utmp.h */
+#include <sys/utsname.h>
+#else /* if !sysV style, wtmp/utmp code is off */
+#undef ENABLE_FEATURE_UTMP
+#undef ENABLE_FEATURE_WTMP
+#define ENABLE_FEATURE_UTMP 0
+#define ENABLE_FEATURE_WTMP 0
+#endif  /* LOGIN_PROCESS */
+#ifndef LOGIN_PROCESS
+# undef ENABLE_FEATURE_UTMP
+# undef ENABLE_FEATURE_WTMP
+# define ENABLE_FEATURE_UTMP 0
+# define ENABLE_FEATURE_WTMP 0
+#endif
+/* The following is used for understandable diagnostics */
+#ifdef DEBUGGING
+static FILE *dbf;
+# define DEBUGTERM "/dev/ttyp0"
+# define debug(...) do { fprintf(dbf, __VA_ARGS__); fflush(dbf); } while (0)
+#else
+# define debug(...) ((void)0)
+#endif
 /*
 …
  * and for line editing at the same time.
  */
+/* I doubt there are systems which still need this */
+#undef HANDLE_ALLCAPS
+#undef ANCIENT_BS_KILL_CHARS
+#undef  _PATH_LOGIN
 #define _PATH_LOGIN "/bin/login"
+/* If ISSUE is not defined, getty will never display the contents of the
+/* Displayed before the login prompt.
+ * If ISSUE is not defined, getty will never display the contents of the
  * /etc/issue file. You will not want to spit out large "issue" files at the
  * wrong baud rate.
  */
+#define ISSUE "/etc/issue"              /* displayed before the login prompt */
+/* Some shorthands for control characters. */
+#define CTL(x)          ((x) ^ 0100)    /* Assumes ASCII dialect */
+#define CR              CTL('M')        /* carriage return */
+#define NL              CTL('J')        /* line feed */
+#define BS              CTL('H')        /* back space */
+#define DEL             CTL('?')        /* delete */
+/* Defaults for line-editing etc. characters; you may want to change this. */
+#define DEF_ERASE       DEL             /* default erase character */
+#define DEF_INTR        CTL('C')        /* default interrupt character */
+#define DEF_QUIT        CTL('\\')       /* default quit char */
+#define DEF_KILL        CTL('U')        /* default kill char */
+#define DEF_EOF         CTL('D')        /* default EOF char */
+#define DEF_EOL         '\n'
+#define DEF_SWITCH      0               /* default switch char */
+#define ISSUE "/etc/issue"
+/* Macro to build Ctrl-LETTER. Assumes ASCII dialect */
+#define CTL(x)          ((x) ^ 0100)
 /*
  * When multiple baud rates are specified on the command line, the first one
  * we will try is the first one specified.
+ * When multiple baud rates are specified on the command line,
+ * the first one we will try is the first one specified.
  */
 #define MAX_SPEED       10              /* max. nr. of baud rates */
+/* Storage for command-line options. */
+struct options {
+    int flags;                      /* toggle switches, see below */
+    unsigned timeout;               /* time-out period */
+struct globals {
+    unsigned timeout;
     const char *login;              /* login program */
+    const char *tty;                /* name of tty */
+    const char *initstring;         /* modem init string */
+    const char *fakehost;
+    const char *tty_name;
+    char *initstring;               /* modem init string */
     const char *issue;              /* alternative issue file */
     int numspeed;                   /* number of baud rates to try */
     int speeds[MAX_SPEED];          /* baud rates to be tried */
+    unsigned char eol;              /* end-of-line char seen (CR or NL) */
+    struct termios tty_attrs;
+    char line_buf[128];
 };
+/* Storage for things detected while the login name was read. */
+struct chardata {
+    unsigned char erase;    /* erase character */
+    unsigned char kill;     /* kill character */
+    unsigned char eol;      /* end-of-line character */
+    unsigned char parity;   /* what parity did we see */
+    /* (parity & 1): saw odd parity char with 7th bit set */
+    /* (parity & 2): saw even parity char with 7th bit set */
+    /* parity == 0: probably 7-bit, space parity? */
+    /* parity == 1: probably 7-bit, odd parity? */
+    /* parity == 2: probably 7-bit, even parity? */
+    /* parity == 3: definitely 8 bit, no parity! */
+    /* Hmm... with any value of "parity" 8 bit, no parity is possible */
+#ifdef HANDLE_ALLCAPS
+    unsigned char capslock; /* upper case without lower case */
+#endif
+};
+/* Initial values for the above. */
+static const struct chardata init_chardata = {
+    DEF_ERASE,                              /* default erase character */
+    DEF_KILL,                               /* default kill character */
+,                                     /* default eol char */
+,                                      /* space parity */
+#ifdef HANDLE_ALLCAPS
+,                                      /* no capslock */
+#endif
+};
+#define G (*ptr_to_globals)
+#define INIT_G() do { \
+    SET_PTR_TO_GLOBALS(xzalloc(sizeof(G))); \
+} while (0)
+//usage:#define getty_trivial_usage
+//usage:       "[OPTIONS] BAUD_RATE[,BAUD_RATE]... TTY [TERMTYPE]"
+//usage:#define getty_full_usage "\n\n"
+//usage:       "Open TTY, prompt for login name, then invoke /bin/login\n"
+//usage:     "\n    -h      Enable hardware RTS/CTS flow control"
+//usage:     "\n    -L      Set CLOCAL (ignore Carrier Detect state)"
+//usage:     "\n    -m      Get baud rate from modem's CONNECT status message"
+//usage:     "\n    -n      Don't prompt for login name"
+//usage:     "\n    -w      Wait for CR or LF before sending /etc/issue"
+//usage:     "\n    -i      Don't display /etc/issue"
+//usage:     "\n    -f ISSUE_FILE   Display ISSUE_FILE instead of /etc/issue"
+//usage:     "\n    -l LOGIN    Invoke LOGIN instead of /bin/login"
+//usage:     "\n    -t SEC      Terminate after SEC if no login name is read"
+//usage:     "\n    -I INITSTR  Send INITSTR before anything else"
+//usage:     "\n    -H HOST     Log HOST into the utmp file as the hostname"
+//usage:     "\n"
+//usage:     "\nBAUD_RATE of 0 leaves it unchanged"
 static const char opt_string[] ALIGN1 = "I:LH:f:hil:mt:wn";
+#define F_INITSTRING    (1 << 0)        /* -I initstring is set */
+#define F_LOCAL         (1 << 1)        /* -L force local */
+#define F_FAKEHOST      (1 << 2)        /* -H fake hostname */
+#define F_CUSTISSUE     (1 << 3)        /* -f give alternative issue file */
+#define F_RTSCTS        (1 << 4)        /* -h enable RTS/CTS flow control */
+#define F_ISSUE         (1 << 5)        /* -i display /etc/issue */
+#define F_LOGIN         (1 << 6)        /* -l non-default login program */
+#define F_PARSE         (1 << 7)        /* -m process modem status messages */
+#define F_TIMEOUT       (1 << 8)        /* -t time out */
+#define F_WAITCRLF      (1 << 9)        /* -w wait for CR or LF */
+#define F_NOPROMPT      (1 << 10)       /* -n don't ask for login name */
+#define line_buf bb_common_bufsiz1
+/* The following is used for understandable diagnostics. */
+#ifdef DEBUGGING
+static FILE *dbf;
+#define DEBUGTERM "/dev/ttyp0"
+#define debug(...) do { fprintf(dbf, __VA_ARGS__); fflush(dbf); } while (0)
+#else
+#define debug(...) ((void)0)
+#endif
+/* bcode - convert speed string to speed code; return <= 0 on failure */
+#define F_INITSTRING    (1 << 0)   /* -I */
+#define F_LOCAL         (1 << 1)   /* -L */
+#define F_FAKEHOST      (1 << 2)   /* -H */
+#define F_CUSTISSUE     (1 << 3)   /* -f */
+#define F_RTSCTS        (1 << 4)   /* -h */
+#define F_NOISSUE       (1 << 5)   /* -i */
+#define F_LOGIN         (1 << 6)   /* -l */
+#define F_PARSE         (1 << 7)   /* -m */
+#define F_TIMEOUT       (1 << 8)   /* -t */
+#define F_WAITCRLF      (1 << 9)   /* -w */
+#define F_NOPROMPT      (1 << 10)  /* -n */
+/* convert speed string to speed code; return <= 0 on failure */
 static int bcode(const char *s)
+{
 …
+}
 /* parse_speeds - parse alternate baud rates */
 static void parse_speeds(struct options *op, char *arg)
+/* parse alternate baud rates */
+static void parse_speeds(char *arg)
+{
     char *cp;
 …
     debug("entered parse_speeds\n");
     while ((cp = strsep(&arg, ",")) != NULL) {
         op->speeds[op->numspeed] = bcode(cp);
         if (op->speeds[op->numspeed] < 0)
+        G.speeds[G.numspeed] = bcode(cp);
+        if (G.speeds[G.numspeed] < 0)
             bb_error_msg_and_die("bad speed: %s", cp);
         /* note: arg "0" turns into speed B0 */
         op->numspeed++;
         if (op->numspeed > MAX_SPEED)
+        G.numspeed++;
+        if (G.numspeed > MAX_SPEED)
             bb_error_msg_and_die("too many alternate speeds");
+    }
 …
+}
 /* parse_args - parse command-line arguments */
 static void parse_args(char **argv, struct options *op, char **fakehost_p)
+/* parse command-line arguments */
+static void parse_args(char **argv)
+{
     char *ts;
+    int flags;
     opt_complementary = "-2:t+"; /* at least 2 args; -t N */
+    op->flags = getopt32(argv, opt_string,
+        &(op->initstring), fakehost_p, &(op->issue),
+        &(op->login), &op->timeout);
+    flags = getopt32(argv, opt_string,
+        &G.initstring, &G.fakehost, &G.issue,
+        &G.login, &G.timeout
+    );
+    if (flags & F_INITSTRING) {
+        G.initstring = xstrdup(G.initstring);
+        /* decode \ddd octal codes into chars */
+        strcpy_and_process_escape_sequences(G.initstring, G.initstring);
+    }
     argv += optind;
-    if (op->flags & F_INITSTRING) {
-        op->initstring = xstrdup(op->initstring);
-        /* decode \ddd octal codes into chars */
-        strcpy_and_process_escape_sequences((char*)op->initstring, op->initstring);
+    }
-    op->flags ^= F_ISSUE;           /* invert flag "show /etc/issue" */
     debug("after getopt\n");
     /* we loosen up a bit and accept both "baudrate tty" and "tty baudrate" */
     op->tty = argv[0];      /* tty name */
     ts = argv[1];           /* baud rate(s) */
+    /* We loosen up a bit and accept both "baudrate tty" and "tty baudrate" */
+    G.tty_name = argv[0];
+    ts = argv[1];            /* baud rate(s) */
     if (isdigit(argv[0][0])) {
+        /* a number first, assume it's a speed (BSD style) */
+        op->tty = ts;   /* tty name is in argv[1] */
+        ts = argv[0];   /* baud rate(s) */
+    }
+    parse_speeds(op, ts);
+    applet_name = xasprintf("getty: %s", op->tty);
+        /* A number first, assume it's a speed (BSD style) */
+        G.tty_name = ts; /* tty name is in argv[1] */
+        ts = argv[0];    /* baud rate(s) */
+    }
+    parse_speeds(ts);
     if (argv[2])
 …
+}
+/* open_tty - set up tty as standard { input, output, error } */
+static void open_tty(const char *tty)
+{
+    /* Set up new standard input, unless we are given an already opened port. */
+    if (NOT_LONE_DASH(tty)) {
+//      struct stat st;
+//      int cur_dir_fd;
+//      int fd;
+        /* Sanity checks... */
+//      cur_dir_fd = xopen(".", O_DIRECTORY | O_NONBLOCK);
+//      xchdir("/dev");
+//      xstat(tty, &st);
+//      if (!S_ISCHR(st.st_mode))
+//          bb_error_msg_and_die("not a character device");
+        if (tty[0] != '/')
+            tty = xasprintf("/dev/%s", tty); /* will leak it */
+        /* Open the tty as standard input. */
+/* set up tty as standard input, output, error */
+static void open_tty(void)
+{
+    /* Set up new standard input, unless we are given an already opened port */
+    if (NOT_LONE_DASH(G.tty_name)) {
+        if (G.tty_name[0] != '/')
+            G.tty_name = xasprintf("/dev/%s", G.tty_name); /* will leak it */
+        /* Open the tty as standard input */
         debug("open(2)\n");
         close(0);
+        /*fd =*/ xopen(tty, O_RDWR | O_NONBLOCK); /* uses fd 0 */
+//      /* Restore current directory */
+//      fchdir(cur_dir_fd);
+        /* Open the tty as standard input, continued */
+//      xmove_fd(fd, 0);
+//      /* fd is >= cur_dir_fd, and cur_dir_fd gets closed too here: */
+//      while (fd > 2)
+//          close(fd--);
+        /* Set proper protections and ownership. */
+        xopen(G.tty_name, O_RDWR | O_NONBLOCK); /* uses fd 0 */
+        /* Set proper protections and ownership */
         fchown(0, 0, 0);        /* 0:0 */
         fchmod(0, 0620);        /* crw--w---- */
     } else {
+        char *n;
         /*
          * Standard input should already be connected to an open port. Make
          * sure it is open for read/write.
+         * Standard input should already be connected to an open port.
+         * Make sure it is open for read/write.
          */
         if ((fcntl(0, F_GETFL) & O_RDWR) != O_RDWR)
+        if ((fcntl(0, F_GETFL) & (O_RDWR|O_RDONLY|O_WRONLY)) != O_RDWR)
             bb_error_msg_and_die("stdin is not open for read/write");
+    }
+}
+/* termios_init - initialize termios settings */
+static void termios_init(struct termios *tp, int speed, struct options *op)
+{
+    speed_t ispeed, ospeed;
+    /*
+     * Initial termios settings: 8-bit characters, raw-mode, blocking i/o.
+        /* Try to get real tty name instead of "-" */
+        n = xmalloc_ttyname(0);
+        if (n)
+            G.tty_name = n;
+    }
+    applet_name = xasprintf("getty: %s", skip_dev_pfx(G.tty_name));
+}
+static void set_tty_attrs(void)
+{
+    if (tcsetattr_stdin_TCSANOW(&G.tty_attrs) < 0)
+        bb_perror_msg_and_die("tcsetattr");
+}
+/* We manipulate tty_attrs this way:
+ * - first, we read existing tty_attrs
+ * - init_tty_attrs modifies some parts and sets it
+ * - auto_baud and/or BREAK processing can set different speed and set tty attrs
+ * - finalize_tty_attrs again modifies some parts and sets tty attrs before
+ *   execing login
+ */
+static void init_tty_attrs(int speed)
+{
+    /* Try to drain output buffer, with 5 sec timeout.
+     * Added on request from users of ~600 baud serial interface
+     * with biggish buffer on a 90MHz CPU.
+     * They were losing hundreds of bytes of buffered output
+     * on tcflush.
+     */
+    signal_no_SA_RESTART_empty_mask(SIGALRM, record_signo);
+    alarm(5);
+    tcdrain(STDIN_FILENO);
+    alarm(0);
+    /* Flush input and output queues, important for modems! */
+    tcflush(STDIN_FILENO, TCIOFLUSH);
+    /* Set speed if it wasn't specified as "0" on command line */
+    if (speed != B0)
+        cfsetspeed(&G.tty_attrs, speed);
+    /* Initial settings: 8-bit characters, raw mode, blocking i/o.
      * Special characters are set after we have read the login name; all
+     * reads will be done in raw mode anyway. Errors will be dealt with
+     * later on.
+     */
+    /* flush input and output queues, important for modems! */
+    tcflush(0, TCIOFLUSH);
+    ispeed = ospeed = speed;
+    if (speed == B0) {
+        /* Speed was specified as "0" on command line.
+         * Just leave it unchanged */
+        ispeed = cfgetispeed(tp);
+        ospeed = cfgetospeed(tp);
+    }
+    tp->c_cflag = CS8 | HUPCL | CREAD;
+    if (op->flags & F_LOCAL)
+        tp->c_cflag |= CLOCAL;
+    cfsetispeed(tp, ispeed);
+    cfsetospeed(tp, ospeed);
+    tp->c_iflag = tp->c_lflag = 0;
+    tp->c_oflag = OPOST | ONLCR;
+    tp->c_cc[VMIN] = 1;
+    tp->c_cc[VTIME] = 0;
+     * reads will be done in raw mode anyway.
+     */
+    /* Clear all bits except: */
+    G.tty_attrs.c_cflag &= (0
+        /* 2 stop bits (1 otherwise)
+         * Enable parity bit (both on input and output)
+         * Odd parity (else even)
+         */
+        | CSTOPB | PARENB | PARODD
+#ifdef CMSPAR
+        | CMSPAR  /* mark or space parity */
+#endif
+#ifdef CBAUD
+        | CBAUD   /* (output) baud rate */
+#endif
+#ifdef CBAUDEX
+        | CBAUDEX /* (output) baud rate */
+#endif
+#ifdef CIBAUD
+        | CIBAUD   /* input baud rate */
+#endif
+    );
+    /* Set: 8 bits; hang up (drop DTR) on last close; enable receive */
+    G.tty_attrs.c_cflag |= CS8 | HUPCL | CREAD;
+    if (option_mask32 & F_LOCAL) {
+        /* ignore Carrier Detect pin:
+         * opens don't block when CD is low,
+         * losing CD doesn't hang up processes whose ctty is this tty
+         */
+        G.tty_attrs.c_cflag |= CLOCAL;
+    }
+#ifdef CRTSCTS
+    if (option_mask32 & F_RTSCTS)
+        G.tty_attrs.c_cflag |= CRTSCTS; /* flow control using RTS/CTS pins */
+#endif
+    G.tty_attrs.c_iflag = 0;
+    G.tty_attrs.c_lflag = 0;
+    /* non-raw output; add CR to each NL */
+    G.tty_attrs.c_oflag = OPOST | ONLCR;
+    /* reads would block only if < 1 char is available */
+    G.tty_attrs.c_cc[VMIN] = 1;
+    /* no timeout (reads block forever) */
+    G.tty_attrs.c_cc[VTIME] = 0;
 #ifdef __linux__
+    tp->c_line = 0;
+#endif
+    /* Optionally enable hardware flow control */
+#ifdef CRTSCTS
+    if (op->flags & F_RTSCTS)
+        tp->c_cflag |= CRTSCTS;
+#endif
+    tcsetattr_stdin_TCSANOW(tp);
+    G.tty_attrs.c_line = 0;
+#endif
+    set_tty_attrs();
     debug("term_io 2\n");
+}
+/* auto_baud - extract baud rate from modem status message */
+static void auto_baud(char *buf, unsigned size_buf, struct termios *tp)
+{
+    int speed;
+    int vmin;
+    unsigned iflag;
+    char *bp;
+static void finalize_tty_attrs(void)
+{
+    /* software flow control on output (stop sending if XOFF is recvd);
+     * and on input (send XOFF when buffer is full)
+     */
+    G.tty_attrs.c_iflag |= IXON | IXOFF;
+    if (G.eol == '\r') {
+        G.tty_attrs.c_iflag |= ICRNL; /* map CR on input to NL */
+    }
+    /* Other bits in c_iflag:
+     * IXANY   Any recvd char enables output (any char is also a XON)
+     * INPCK   Enable parity check
+     * IGNPAR  Ignore parity errors (drop bad bytes)
+     * PARMRK  Mark parity errors with 0xff, 0x00 prefix
+     *         (else bad byte is received as 0x00)
+     * ISTRIP  Strip parity bit
+     * IGNBRK  Ignore break condition
+     * BRKINT  Send SIGINT on break - maybe set this?
+     * INLCR   Map NL to CR
+     * IGNCR   Ignore CR
+     * ICRNL   Map CR to NL
+     * IUCLC   Map uppercase to lowercase
+     * IMAXBEL Echo BEL on input line too long
+     * IUTF8   Appears to affect tty's idea of char widths,
+     *         observed to improve backspacing through Unicode chars
+     */
+    /* line buffered input (NL or EOL or EOF chars end a line);
+     * recognize INT/QUIT/SUSP chars;
+     * echo input chars;
+     * echo BS-SP-BS on erase character;
+     * echo kill char specially, not as ^c (ECHOKE controls how exactly);
+     * erase all input via BS-SP-BS on kill char (else go to next line)
+     */
+    G.tty_attrs.c_lflag |= ICANON | ISIG | ECHO | ECHOE | ECHOK | ECHOKE;
+    /* Other bits in c_lflag:
+     * XCASE   Map uppercase to \lowercase [tried, doesn't work]
+     * ECHONL  Echo NL even if ECHO is not set
+     * ECHOCTL Echo ctrl chars as ^c (else don't echo) - maybe set this?
+     * ECHOPRT On erase, echo erased chars
+     *         [qwe<BS><BS><BS> input looks like "qwe\ewq/" on screen]
+     * NOFLSH  Don't flush input buffer after interrupt or quit chars
+     * IEXTEN  Enable extended functions (??)
+     *         [glibc says it enables c_cc[LNEXT] "enter literal char"
+     *         and c_cc[VDISCARD] "toggle discard buffered output" chars]
+     * FLUSHO  Output being flushed (c_cc[VDISCARD] is in effect)
+     * PENDIN  Retype pending input at next read or input char
+     *         (c_cc[VREPRINT] is being processed)
+     * TOSTOP  Send SIGTTOU for background output
+     *         (why "stty sane" unsets this bit?)
+     */
+    G.tty_attrs.c_cc[VINTR] = CTL('C');
+    G.tty_attrs.c_cc[VQUIT] = CTL('\\');
+    G.tty_attrs.c_cc[VEOF] = CTL('D');
+    G.tty_attrs.c_cc[VEOL] = '\n';
+#ifdef VSWTC
+    G.tty_attrs.c_cc[VSWTC] = 0;
+#endif
+#ifdef VSWTCH
+    G.tty_attrs.c_cc[VSWTCH] = 0;
+#endif
+    G.tty_attrs.c_cc[VKILL] = CTL('U');
+    /* Other control chars:
+     * VEOL2
+     * VERASE, VWERASE - (word) erase. we may set VERASE in get_logname
+     * VREPRINT - reprint current input buffer
+     * VLNEXT, VDISCARD, VSTATUS
+     * VSUSP, VDSUSP - send (delayed) SIGTSTP
+     * VSTART, VSTOP - chars used for IXON/IXOFF
+     */
+    set_tty_attrs();
+    /* Now the newline character should be properly written */
+    full_write(STDOUT_FILENO, "\n", 1);
+}
+/* extract baud rate from modem status message */
+static void auto_baud(void)
+{
     int nread;
 …
      */
+    /*
+     * Use 7-bit characters, don't block if input queue is empty. Errors will
+     * be dealt with later on.
+     */
+    iflag = tp->c_iflag;
+    tp->c_iflag |= ISTRIP;          /* enable 8th-bit stripping */
+    vmin = tp->c_cc[VMIN];
+    tp->c_cc[VMIN] = 0;             /* don't block if queue empty */
+    tcsetattr_stdin_TCSANOW(tp);
+    G.tty_attrs.c_cc[VMIN] = 0; /* don't block reads (min read is 0 chars) */
+    set_tty_attrs();
     /*
 …
      */
     sleep(1);
     nread = safe_read(STDIN_FILENO, buf, size_buf - 1);
+    nread = safe_read(STDIN_FILENO, G.line_buf, sizeof(G.line_buf) - 1);
     if (nread > 0) {
+        buf[nread] = '\0';
+        for (bp = buf; bp < buf + nread; bp++) {
+        int speed;
+        char *bp;
+        G.line_buf[nread] = '\0';
+        for (bp = G.line_buf; bp < G.line_buf + nread; bp++) {
             if (isdigit(*bp)) {
                 speed = bcode(bp);
                 if (speed > 0)
                     cfsetspeed(tp, speed);
+                    cfsetspeed(&G.tty_attrs, speed);
                 break;
+            }
 …
+    }
+    /* Restore terminal settings. Errors will be dealt with later on. */
+    tp->c_iflag = iflag;
+    tp->c_cc[VMIN] = vmin;
+    tcsetattr_stdin_TCSANOW(tp);
+}
+/* do_prompt - show login prompt, optionally preceded by /etc/issue contents */
+static void do_prompt(struct options *op)
+{
+    /* Restore terminal settings */
+    G.tty_attrs.c_cc[VMIN] = 1; /* restore to value set by init_tty_attrs */
+    set_tty_attrs();
+}
+/* get user name, establish parity, speed, erase, kill, eol;
+ * return NULL on BREAK, logname on success
+ */
+static char *get_logname(void)
+{
+    char *bp;
+    char c;
+    /* Flush pending input (esp. after parsing or switching the baud rate) */
+    usleep(100*1000); /* 0.1 sec */
+    tcflush(STDIN_FILENO, TCIFLUSH);
+    /* Prompt for and read a login name */
+    do {
+        /* Write issue file and prompt */
 #ifdef ISSUE
+    print_login_issue(op->issue, op->tty);
+#endif
+    print_login_prompt();
+}
+#ifdef HANDLE_ALLCAPS
+/* all_is_upcase - string contains upper case without lower case */
+/* returns 1 if true, 0 if false */
+static int all_is_upcase(const char *s)
+{
+    while (*s)
+        if (islower(*s++))
+            return 0;
+    return 1;
+}
+#endif
+/* get_logname - get user name, establish parity, speed, erase, kill, eol;
+ * return NULL on BREAK, logname on success */
+static char *get_logname(char *logname, unsigned size_logname,
+        struct options *op, struct chardata *cp)
+{
+    char *bp;
+    char c;                         /* input character, full eight bits */
+    char ascval;                    /* low 7 bits of input character */
+    int bits;                       /* # of "1" bits per character */
+    int mask;                       /* mask with 1 bit up */
+    static const char erase[][3] = {/* backspace-space-backspace */
+        "\010\040\010",                 /* space parity */
+        "\010\040\010",                 /* odd parity */
+        "\210\240\210",                 /* even parity */
+        "\010\040\010",                 /* 8 bit no parity */
+    };
+    /* NB: *cp is pre-initialized with init_chardata */
+    /* Flush pending input (esp. after parsing or switching the baud rate). */
+    sleep(1);
+    tcflush(0, TCIOFLUSH);
+    /* Prompt for and read a login name. */
+    logname[0] = '\0';
+    while (!logname[0]) {
+        /* Write issue file and prompt, with "parity" bit == 0. */
+        do_prompt(op);
+        /* Read name, watch for break, parity, erase, kill, end-of-line. */
+        bp = logname;
+        cp->eol = '\0';
+        while (cp->eol == '\0') {
+            /* Do not report trivial EINTR/EIO errors. */
+        if (!(option_mask32 & F_NOISSUE))
+            print_login_issue(G.issue, G.tty_name);
+#endif
+        print_login_prompt();
+        /* Read name, watch for break, erase, kill, end-of-line */
+        bp = G.line_buf;
+        while (1) {
+            /* Do not report trivial EINTR/EIO errors */
             errno = EINTR; /* make read of 0 bytes be silent too */
             if (read(STDIN_FILENO, &c, 1) < 1) {
+                finalize_tty_attrs();
                 if (errno == EINTR || errno == EIO)
                     exit(EXIT_SUCCESS);
 …
+            }
+            /* BREAK. If we have speeds to try,
+             * return NULL (will switch speeds and return here) */
+            if (c == '\0' && op->numspeed > 1)
+                return NULL;
+            /* Do parity bit handling. */
+            if (!(op->flags & F_LOCAL) && (c & 0x80)) {       /* "parity" bit on? */
+                bits = 1;
+                mask = 1;
+                while (mask & 0x7f) {
+                    if (mask & c)
+                        bits++; /* count "1" bits */
+                    mask <<= 1;
+                }
+                /* ... |= 2 - even, 1 - odd */
+                cp->parity |= 2 - (bits & 1);
+            }
+            /* Do erase, kill and end-of-line processing. */
+            ascval = c & 0x7f;
+            switch (ascval) {
+            case CR:
+            case NL:
+                *bp = '\0';             /* terminate logname */
+                cp->eol = ascval;       /* set end-of-line char */
+                break;
+            case BS:
+            case DEL:
+#ifdef ANCIENT_BS_KILL_CHARS
+            case '#':
+#endif
+                cp->erase = ascval;     /* set erase character */
+                if (bp > logname) {
+                    full_write(STDOUT_FILENO, erase[cp->parity], 3);
+            switch (c) {
+            case '\r':
+            case '\n':
+                *bp = '\0';
+                G.eol = c;
+                goto got_logname;
+            case CTL('H'):
+            case 0x7f:
+                G.tty_attrs.c_cc[VERASE] = c;
+                if (bp > G.line_buf) {
+                    full_write(STDOUT_FILENO, "\010 \010", 3);
                     bp--;
+                }
                 break;
             case CTL('U'):
+#ifdef ANCIENT_BS_KILL_CHARS
+            case '@':
+#endif
+                cp->kill = ascval;      /* set kill character */
+                while (bp > logname) {
+                    full_write(STDOUT_FILENO, erase[cp->parity], 3);
+                while (bp > G.line_buf) {
+                    full_write(STDOUT_FILENO, "\010 \010", 3);
                     bp--;
+                }
                 break;
+            case CTL('C'):
             case CTL('D'):
+                finalize_tty_attrs();
                 exit(EXIT_SUCCESS);
+            case '\0':
+                /* BREAK. If we have speeds to try,
+                 * return NULL (will switch speeds and return here) */
+                if (G.numspeed > 1)
+                    return NULL;
+                /* fall through and ignore it */
             default:
                 if (ascval < ' ') {
+                if ((unsigned char)c < ' ') {
                     /* ignore garbage characters */
+                } else if ((int)(bp - logname) >= size_logname - 1) {
+                    bb_error_msg_and_die("input overrun");
+                } else {
+                    full_write(STDOUT_FILENO, &c, 1); /* echo the character */
+                    *bp++ = ascval; /* and store it */
+                } else if ((int)(bp - G.line_buf) < sizeof(G.line_buf) - 1) {
+                    /* echo and store the character */
+                    full_write(STDOUT_FILENO, &c, 1);
+                    *bp++ = c;
+                }
                 break;
+            }
+        }
+    }
+    /* Handle names with upper case and no lower case. */
+#ifdef HANDLE_ALLCAPS
+    cp->capslock = all_is_upcase(logname);
+    if (cp->capslock) {
+        for (bp = logname; *bp; bp++)
+            if (isupper(*bp))
+                *bp = tolower(*bp);     /* map name to lower case */
+    }
+#endif
+    return logname;
+}
+/* termios_final - set the final tty mode bits */
+static void termios_final(struct options *op, struct termios *tp, struct chardata *cp)
+{
+    /* General terminal-independent stuff. */
+    tp->c_iflag |= IXON | IXOFF;    /* 2-way flow control */
+    tp->c_lflag |= ICANON | ISIG | ECHO | ECHOE | ECHOK | ECHOKE;
+    /* no longer| ECHOCTL | ECHOPRT */
+    tp->c_oflag |= OPOST;
+    /* tp->c_cflag = 0; */
+    tp->c_cc[VINTR] = DEF_INTR;     /* default interrupt */
+    tp->c_cc[VQUIT] = DEF_QUIT;     /* default quit */
+    tp->c_cc[VEOF] = DEF_EOF;       /* default EOF character */
+    tp->c_cc[VEOL] = DEF_EOL;
+#ifdef VSWTC
+    tp->c_cc[VSWTC] = DEF_SWITCH;   /* default switch character */
+#endif
+    /* Account for special characters seen in input. */
+    if (cp->eol == CR) {
+        tp->c_iflag |= ICRNL;   /* map CR in input to NL */
+        tp->c_oflag |= ONLCR;   /* map NL in output to CR-NL */
+    }
+    tp->c_cc[VERASE] = cp->erase;   /* set erase character */
+    tp->c_cc[VKILL] = cp->kill;     /* set kill character */
+    /* Account for the presence or absence of parity bits in input. */
+    switch (cp->parity) {
+    case 0:                                 /* space (always 0) parity */
+// I bet most people go here - they use only 7-bit chars in usernames....
+        break;
+    case 1:                                 /* odd parity */
+        tp->c_cflag |= PARODD;
+        /* FALLTHROUGH */
+    case 2:                                 /* even parity */
+        tp->c_cflag |= PARENB;
+        tp->c_iflag |= INPCK | ISTRIP;
+        /* FALLTHROUGH */
+    case (1 | 2):                           /* no parity bit */
+        tp->c_cflag &= ~CSIZE;
+        tp->c_cflag |= CS7;
+// FIXME: wtf? case 3: we saw both even and odd 8-bit bytes -
+// it's probably some umlauts etc, but definitely NOT 7-bit!!!
+// Entire parity detection madness here just begs for deletion...
+        break;
+    }
+    /* Account for upper case without lower case. */
+#ifdef HANDLE_ALLCAPS
+    if (cp->capslock) {
+        tp->c_iflag |= IUCLC;
+        tp->c_lflag |= XCASE;
+        tp->c_oflag |= OLCUC;
+    }
+#endif
+    /* Optionally enable hardware flow control */
+#ifdef CRTSCTS
+    if (op->flags & F_RTSCTS)
+        tp->c_cflag |= CRTSCTS;
+#endif
+    /* Finally, make the new settings effective */
+    if (tcsetattr_stdin_TCSANOW(tp) < 0)
+        bb_perror_msg_and_die("tcsetattr");
+        } /* end of get char loop */
+ got_logname: ;
+    } while (G.line_buf[0] == '\0');  /* while logname is empty */
+    return G.line_buf;
+}
+static void alarm_handler(int sig UNUSED_PARAM)
+{
+    finalize_tty_attrs();
+    _exit(EXIT_SUCCESS);
+}
 …
+{
     int n;
+    pid_t pid;
+    char *fakehost = NULL;          /* Fake hostname for ut_host */
+    char *logname;                  /* login name, given to /bin/login */
+    /* Merging these into "struct local" may _seem_ to reduce
+     * parameter passing, but today's gcc will inline
+     * statics which are called once anyway, so don't do that */
+    struct chardata chardata;       /* set by get_logname() */
+    struct termios termios;         /* terminal mode bits */
+    struct options options;
+    chardata = init_chardata;
+    memset(&options, 0, sizeof(options));
+    options.login = _PATH_LOGIN;    /* default login program */
+    options.tty = "tty1";           /* default tty line */
+    options.initstring = "";        /* modem init string */
+    pid_t pid, tsid;
+    char *logname;
+    INIT_G();
+    G.login = _PATH_LOGIN;    /* default login program */
 #ifdef ISSUE
+    options.issue = ISSUE;          /* default issue file */
+#endif
+    /* Parse command-line arguments. */
+    parse_args(argv, &options, &fakehost);
+    logmode = LOGMODE_NONE;
+    /* Create new session, lose controlling tty, if any */
+    /* docs/ctty.htm says:
+     * "This is allowed only when the current process
+     *  is not a process group leader" - is this a problem? */
+    setsid();
+    /* close stdio, and stray descriptors, just in case */
+    G.issue = ISSUE;          /* default issue file */
+#endif
+    G.eol = '\r';
+    /* Parse command-line arguments */
+    parse_args(argv);
+    /* Create new session and pgrp, lose controlling tty */
+    pid = setsid();  /* this also gives us our pid :) */
+    if (pid < 0) {
+        int fd;
+        /* :(
+         * docs/ctty.htm says:
+         * "This is allowed only when the current process
+         *  is not a process group leader".
+         * Thus, setsid() will fail if we _already_ are
+         * a session leader - which is quite possible for getty!
+         */
+        pid = getpid();
+        if (getsid(0) != pid) {
+            //for debugging:
+            //bb_perror_msg_and_die("setsid failed:"
+            //  " pid %d ppid %d"
+            //  " sid %d pgid %d",
+            //  pid, getppid(),
+            //  getsid(0), getpgid(0));
+            bb_perror_msg_and_die("setsid");
+        }
+        /* Looks like we are already a session leader.
+         * In this case (setsid failed) we may still have ctty,
+         * and it may be different from tty we need to control!
+         * If we still have ctty, on Linux ioctl(TIOCSCTTY)
+         * (which we are going to use a bit later) always fails -
+         * even if we try to take ctty which is already ours!
+         * Try to drop old ctty now to prevent that.
+         * Use O_NONBLOCK: old ctty may be a serial line.
+         */
+        fd = open("/dev/tty", O_RDWR | O_NONBLOCK);
+        if (fd >= 0) {
+            /* TIOCNOTTY sends SIGHUP to the foreground
+             * process group - which may include us!
+             * Make sure to not die on it:
+             */
+            sighandler_t old = signal(SIGHUP, SIG_IGN);
+            ioctl(fd, TIOCNOTTY);
+            close(fd);
+            signal(SIGHUP, old);
+        }
+    }
+    /* Close stdio, and stray descriptors, just in case */
     n = xopen(bb_dev_null, O_RDWR);
     /* dup2(n, 0); - no, we need to handle "getty - 9600" too */
 …
     /* Open the tty as standard input, if it is not "-" */
-    /* If it's not "-" and not taken yet, it will become our ctty */
     debug("calling open_tty\n");
     open_tty(options.tty);
     ndelay_off(0);
+    open_tty();
+    ndelay_off(STDIN_FILENO);
     debug("duping\n");
+    xdup2(0, 1);
+    xdup2(0, 2);
+    xdup2(STDIN_FILENO, 1);
+    xdup2(STDIN_FILENO, 2);
+    /* Steal ctty if we don't have it yet */
+    tsid = tcgetsid(STDIN_FILENO);
+    if (tsid < 0 || pid != tsid) {
+        if (ioctl(STDIN_FILENO, TIOCSCTTY, /*force:*/ (long)1) < 0)
+            bb_perror_msg_and_die("TIOCSCTTY");
+    }
+#ifdef __linux__
+    /* Make ourself a foreground process group within our session */
+    if (tcsetpgrp(STDIN_FILENO, pid) < 0)
+        bb_perror_msg_and_die("tcsetpgrp");
+#endif
     /*
 …
      * 5 seconds seems to be a good value.
      */
     if (tcgetattr(0, &termios) < 0)
+    if (tcgetattr(STDIN_FILENO, &G.tty_attrs) < 0)
         bb_perror_msg_and_die("tcgetattr");
-    pid = getpid();
-#ifdef __linux__
-// FIXME: do we need this? Otherwise "-" case seems to be broken...
-    // /* Forcibly make fd 0 our controlling tty, even if another session
-    //  * has it as a ctty. (Another session loses ctty). */
-    // ioctl(0, TIOCSCTTY, (void*)1);
-    /* Make ourself a foreground process group within our session */
-    tcsetpgrp(0, pid);
-#endif
     /* Update the utmp file. This tty is ours now! */
     update_utmp(pid, LOGIN_PROCESS, options.tty, "LOGIN", fakehost);
     /* Initialize the termios settings (raw mode, eight-bit, blocking i/o). */
     debug("calling termios_init\n");
     termios_init(&termios, options.speeds[0], &options);
+    update_utmp(pid, LOGIN_PROCESS, G.tty_name, "LOGIN", G.fakehost);
+    /* Initialize tty attrs (raw mode, eight-bit, blocking i/o) */
+    debug("calling init_tty_attrs\n");
+    init_tty_attrs(G.speeds[0]);
     /* Write the modem init string and DON'T flush the buffers */
     if (options.flags & F_INITSTRING) {
+    if (option_mask32 & F_INITSTRING) {
         debug("writing init string\n");
         full_write1_str(options.initstring);
+        full_write1_str(G.initstring);
+    }
     /* Optionally detect the baud rate from the modem status message */
     debug("before autobaud\n");
     if (options.flags & F_PARSE)
         auto_baud(line_buf, sizeof(line_buf), &termios);
+    if (option_mask32 & F_PARSE)
+        auto_baud();
     /* Set the optional timer */
+    alarm(options.timeout); /* if 0, alarm is not set */
+    signal(SIGALRM, alarm_handler);
+    alarm(G.timeout); /* if 0, alarm is not set */
     /* Optionally wait for CR or LF before writing /etc/issue */
     if (options.flags & F_WAITCRLF) {
+    if (option_mask32 & F_WAITCRLF) {
         char ch;
         debug("waiting for cr-lf\n");
         while (safe_read(STDIN_FILENO, &ch, 1) == 1) {
             debug("read %x\n", (unsigned char)ch);
-            ch &= 0x7f;                     /* strip "parity bit" */
             if (ch == '\n' || ch == '\r')
                 break;
 …
     logname = NULL;
     if (!(options.flags & F_NOPROMPT)) {
         /* NB:termios_init already set line speed
          * to options.speeds[0] */
+    if (!(option_mask32 & F_NOPROMPT)) {
+        /* NB: init_tty_attrs already set line speed
+         * to G.speeds[0] */
         int baud_index = 0;
         while (1) {
             /* Read the login name. */
+            /* Read the login name */
             debug("reading login name\n");
+            logname = get_logname(line_buf, sizeof(line_buf),
+                    &options, &chardata);
+            logname = get_logname();
             if (logname)
                 break;
+            /* we are here only if options.numspeed > 1 */
+            baud_index = (baud_index + 1) % options.numspeed;
+            cfsetispeed(&termios, options.speeds[baud_index]);
+            cfsetospeed(&termios, options.speeds[baud_index]);
+            tcsetattr_stdin_TCSANOW(&termios);
+            /* We are here only if G.numspeed > 1 */
+            baud_index = (baud_index + 1) % G.numspeed;
+            cfsetspeed(&G.tty_attrs, G.speeds[baud_index]);
+            set_tty_attrs();
+        }
+    }
     /* Disable timer. */
+    /* Disable timer */
     alarm(0);
+    /* Finalize the termios settings. */
+    termios_final(&options, &termios, &chardata);
+    /* Now the newline character should be properly written. */
+    full_write(STDOUT_FILENO, "\n", 1);
+    /* Let the login program take care of password validation. */
+    finalize_tty_attrs();
+    /* Let the login program take care of password validation */
     /* We use PATH because we trust that root doesn't set "bad" PATH,
      * and getty is not suid-root applet. */
+     * and getty is not suid-root applet */
     /* With -n, logname == NULL, and login will ask for username instead */
     BB_EXECLP(options.login, options.login, "--", logname, NULL);
     bb_error_msg_and_die("can't execute '%s'", options.login);
+}
+    BB_EXECLP(G.login, G.login, "--", logname, NULL);
+    bb_error_msg_and_die("can't execute '%s'", G.login);
+}

branches/3.2/mindi-busybox/loginutils/login.c

-              r2725
+              r3232
  * Licensed under GPLv2 or later, see file LICENSE in this source tree.
  */
+//usage:#define login_trivial_usage
+//usage:       "[-p] [-h HOST] [[-f] USER]"
+//usage:#define login_full_usage "\n\n"
+//usage:       "Begin a new session on the system\n"
+//usage:     "\n    -f  Don't authenticate (user already authenticated)"
+//usage:     "\n    -h  Name of the remote host"
+//usage:     "\n    -p  Preserve environment"
 #include "libbb.h"
 #include <syslog.h>
-#if ENABLE_FEATURE_UTMP
-# include <utmp.h> /* USER_PROCESS */
-#endif
 #include <sys/resource.h>
 …
     TIMEOUT = 60,
     EMPTY_USERNAME_COUNT = 10,
+    USERNAME_SIZE = 32,
+    /* Some users found 32 chars limit to be too low: */
+    USERNAME_SIZE = 64,
     TTYNAME_SIZE = 32,
 };
+static char* short_tty;
+struct globals {
+    struct termios tty_attrs;
+} FIX_ALIASING;
+#define G (*(struct globals*)&bb_common_bufsiz1)
+#define INIT_G() do { } while (0)
 #if ENABLE_FEATURE_NOLOGIN
 …
 #if ENABLE_FEATURE_SECURETTY && !ENABLE_PAM
 static int check_securetty(void)
+static int check_securetty(const char *short_tty)
+{
     char *buf = (char*)"/etc/securetty"; /* any non-NULL is ok */
 …
+}
 #else
 static ALWAYS_INLINE int check_securetty(void) { return 1; }
+static ALWAYS_INLINE int check_securetty(const char *short_tty UNUSED_PARAM) { return 1; }
 #endif
 …
 #endif
+#if ENABLE_LOGIN_SESSION_AS_CHILD && ENABLE_PAM
+static void login_pam_end(pam_handle_t *pamh)
+{
+    int pamret;
+    pamret = pam_setcred(pamh, PAM_DELETE_CRED);
+    if (pamret != PAM_SUCCESS) {
+        bb_error_msg("pam_%s failed: %s (%d)", "setcred",
+            pam_strerror(pamh, pamret), pamret);
+    }
+    pamret = pam_close_session(pamh, 0);
+    if (pamret != PAM_SUCCESS) {
+        bb_error_msg("pam_%s failed: %s (%d)", "close_session",
+            pam_strerror(pamh, pamret), pamret);
+    }
+    pamret = pam_end(pamh, pamret);
+    if (pamret != PAM_SUCCESS) {
+        bb_error_msg("pam_%s failed: %s (%d)", "end",
+            pam_strerror(pamh, pamret), pamret);
+    }
+}
+#endif /* ENABLE_PAM */
 static void get_username_or_die(char *buf, int size_buf)
+{
 …
 static void alarm_handler(int sig UNUSED_PARAM)
+{
     /* This is the escape hatch!  Poor serial line users and the like
+    /* This is the escape hatch! Poor serial line users and the like
      * arrive here when their connection is broken.
      * We don't want to block here */
+    ndelay_on(1);
+    printf("\r\nLogin timed out after %d seconds\r\n", TIMEOUT);
+    ndelay_on(STDOUT_FILENO);
+    /* Test for correct attr restoring:
+     * run "getty 0 -" from a shell, enter bogus username, stop at
+     * password prompt, let it time out. Without the tcsetattr below,
+     * when you are back at shell prompt, echo will be still off.
+     */
+    tcsetattr_stdin_TCSANOW(&G.tty_attrs);
+    printf("\r\nLogin timed out after %u seconds\r\n", TIMEOUT);
     fflush_all();
     /* unix API is brain damaged regarding O_NONBLOCK,
      * we should undo it, or else we can affect other processes */
     ndelay_off(1);
+    ndelay_off(STDOUT_FILENO);
     _exit(EXIT_SUCCESS);
+}
 …
     char *fromhost;
     char username[USERNAME_SIZE];
-    const char *shell;
     int run_by_root;
     unsigned opt;
 …
     char *opt_user = opt_user; /* for compiler */
     char *full_tty;
+    char *short_tty;
     IF_SELINUX(security_context_t user_sid = NULL;)
 #if ENABLE_PAM
 …
     struct passwd pwdstruct;
     char pwdbuf[256];
+#endif
+    username[0] = '\0';
+    signal(SIGALRM, alarm_handler);
+    alarm(TIMEOUT);
+    char **pamenv;
+#endif
+#if ENABLE_LOGIN_SESSION_AS_CHILD
+    pid_t child_pid;
+#endif
+    INIT_G();
     /* More of suid paranoia if called by non-root: */
 …
     bb_daemonize_or_rexec(DAEMON_ONLY_SANITIZE | DAEMON_CLOSE_EXTRA_FDS, NULL);
+    username[0] = '\0';
     opt = getopt32(argv, "f:h:p", &opt_user, &opt_host);
     if (opt & LOGIN_OPT_f) {
 …
         safe_strncpy(username, argv[0], sizeof(username));
+    /* Let's find out and memorize our tty */
+    if (!isatty(STDIN_FILENO) || !isatty(STDOUT_FILENO) || !isatty(STDERR_FILENO))
+    /* Save tty attributes - and by doing it, check that it's indeed a tty */
+    if (tcgetattr(STDIN_FILENO, &G.tty_attrs) < 0
+     || !isatty(STDOUT_FILENO)
+     /*|| !isatty(STDERR_FILENO) - no, guess some people might want to redirect this */
+    ) {
         return EXIT_FAILURE;  /* Must be a terminal */
+    }
+    /* We install timeout handler only _after_ we saved G.tty_attrs */
+    signal(SIGALRM, alarm_handler);
+    alarm(TIMEOUT);
+    /* Find out and memorize our tty name */
     full_tty = xmalloc_ttyname(STDIN_FILENO);
     if (!full_tty)
 …
             goto pam_auth_failed;
+        }
+        pamret = pam_authenticate(pamh, 0);
+        if (pamret != PAM_SUCCESS) {
+            failed_msg = "authenticate";
+            goto pam_auth_failed;
+            /* TODO: or just "goto auth_failed"
+             * since user seems to enter wrong password
+             * (in this case pamret == 7)
+             */
+        /* set RHOST */
+        if (opt_host) {
+            pamret = pam_set_item(pamh, PAM_RHOST, opt_host);
+            if (pamret != PAM_SUCCESS) {
+                failed_msg = "set_item(RHOST)";
+                goto pam_auth_failed;
+            }
+        }
+        if (!(opt & LOGIN_OPT_f)) {
+            pamret = pam_authenticate(pamh, 0);
+            if (pamret != PAM_SUCCESS) {
+                failed_msg = "authenticate";
+                goto pam_auth_failed;
+                /* TODO: or just "goto auth_failed"
+                 * since user seems to enter wrong password
+                 * (in this case pamret == 7)
+                 */
+            }
+        }
         /* check that the account is healthy */
 …
             break; /* -f USER: success without asking passwd */
         if (pw->pw_uid == 0 && !check_securetty())
+        if (pw->pw_uid == 0 && !check_securetty(short_tty))
             goto auth_failed;
 …
             break;
  fake_it:
+        /* authorization takes place here */
+        /* Password reading and authorization takes place here.
+         * Note that reads (in no-echo mode) trash tty attributes.
+         * If we get interrupted by SIGALRM, we need to restore attrs.
+         */
         if (correct_password(pw))
             break;
 …
  auth_failed:
         opt &= ~LOGIN_OPT_f;
         bb_do_delay(FAIL_DELAY);
+        bb_do_delay(LOGIN_FAIL_DELAY);
         /* TODO: doesn't sound like correct English phrase to me */
         puts("Login incorrect");
 …
         die_if_nologin();
+    IF_SELINUX(initselinux(username, full_tty, &user_sid));
+#if ENABLE_LOGIN_SESSION_AS_CHILD
+    child_pid = vfork();
+    if (child_pid != 0) {
+        if (child_pid < 0)
+            bb_perror_msg("vfork");
+        else {
+            if (safe_waitpid(child_pid, NULL, 0) == -1)
+                bb_perror_msg("waitpid");
+            update_utmp(child_pid, DEAD_PROCESS, NULL, NULL, NULL);
+        }
+        IF_PAM(login_pam_end(pamh);)
+        return 0;
+    }
+#endif
+    IF_SELINUX(initselinux(username, full_tty, &user_sid);)
     /* Try these, but don't complain if they fail.
 …
     change_identity(pw);
+    shell = pw->pw_shell;
+    if (!shell || !shell[0])
+        shell = DEFAULT_SHELL;
+    setup_environment(shell,
+    setup_environment(pw->pw_shell,
             (!(opt & LOGIN_OPT_p) * SETUP_ENV_CLEARENV) + SETUP_ENV_CHANGEENV,
             pw);
+#if ENABLE_PAM
+    /* Modules such as pam_env will setup the PAM environment,
+     * which should be copied into the new environment. */
+    pamenv = pam_getenvlist(pamh);
+    if (pamenv) while (*pamenv) {
+        putenv(*pamenv);
+        pamenv++;
+    }
+#endif
     motd();
 …
     /* Exec login shell with no additional parameters */
     run_shell(shell, 1, NULL, NULL);
+    run_shell(pw->pw_shell, 1, NULL, NULL);
     /* return EXIT_FAILURE; - not reached */

branches/3.2/mindi-busybox/loginutils/passwd.c

-              r2725
+              r3232
  * Licensed under GPLv2 or later, see file LICENSE in this source tree.
  */
+//usage:#define passwd_trivial_usage
+//usage:       "[OPTIONS] [USER]"
+//usage:#define passwd_full_usage "\n\n"
+//usage:       "Change USER's password (default: current user)"
+//usage:     "\n"
+//usage:     "\n    -a ALG  Encryption method"
+//usage:     "\n    -d  Set password to ''"
+//usage:     "\n    -l  Lock (disable) account"
+//usage:     "\n    -u  Unlock (enable) account"
 #include "libbb.h"
 #include <syslog.h>
+#include <sys/resource.h> /* setrlimit */
 static void nuke_str(char *str)
 …
+}
 static char* new_password(const struct passwd *pw, uid_t myuid, int algo)
+static char* new_password(const struct passwd *pw, uid_t myuid, const char *algo)
+{
     char salt[sizeof("$N$XXXXXXXX")]; /* "$N$XXXXXXXX" or "XX" */
+    char salt[MAX_PW_SALT_LEN];
     char *orig = (char*)"";
     char *newp = NULL;
 …
     char *ret = NULL; /* failure so far */
     if (myuid && pw->pw_passwd[0]) {
+    if (myuid != 0 && pw->pw_passwd[0]) {
         char *encrypted;
 …
         encrypted = pw_encrypt(orig, pw->pw_passwd, 1); /* returns malloced str */
         if (strcmp(encrypted, pw->pw_passwd) != 0) {
+            syslog(LOG_WARNING, "incorrect password for %s",
+                pw->pw_name);
+            bb_do_delay(FAIL_DELAY);
+            syslog(LOG_WARNING, "incorrect password for %s", pw->pw_name);
+            bb_do_delay(LOGIN_FAIL_DELAY);
             puts("Incorrect password");
             goto err_ret;
+        }
+        if (ENABLE_FEATURE_CLEAN_UP) free(encrypted);
+        if (ENABLE_FEATURE_CLEAN_UP)
+            free(encrypted);
+    }
     orig = xstrdup(orig); /* or else bb_ask_stdin() will destroy it */
 …
     newp = xstrdup(newp); /* we are going to bb_ask_stdin() again, so save it */
     if (ENABLE_FEATURE_PASSWD_WEAK_CHECK
+     && obscure(orig, newp, pw) && myuid)
+     && obscure(orig, newp, pw)
+     && myuid != 0
+    ) {
         goto err_ret; /* non-root is not allowed to have weak passwd */
+    }
     cp = bb_ask_stdin("Retype password: ");
     if (!cp)
         goto err_ret;
     if (strcmp(cp, newp)) {
+    if (strcmp(cp, newp) != 0) {
         puts("Passwords don't match");
         goto err_ret;
+    }
+    crypt_make_salt(salt, 1, 0); /* des */
+    if (algo) { /* MD5 */
+        strcpy(salt, "$1$");
+        crypt_make_salt(salt + 3, 4, 0);
+    }
+    crypt_make_pw_salt(salt, algo);
     /* pw_encrypt returns malloced str */
     ret = pw_encrypt(newp, salt, 1);
 …
     nuke_str(orig);
     if (ENABLE_FEATURE_CLEAN_UP) free(orig);
     nuke_str(newp);
     if (ENABLE_FEATURE_CLEAN_UP) free(newp);
     nuke_str(cp);
     return ret;
 …
+{
     enum {
+        OPT_algo = 0x1, /* -a - password algorithm */
+        OPT_lock = 0x2, /* -l - lock account */
+        OPT_unlock = 0x4, /* -u - unlock account */
+        OPT_delete = 0x8, /* -d - delete password */
+        OPT_lud = 0xe,
+        STATE_ALGO_md5 = 0x10,
+        //STATE_ALGO_des = 0x20, not needed yet
+        OPT_algo   = (1 << 0), /* -a - password algorithm */
+        OPT_lock   = (1 << 1), /* -l - lock account */
+        OPT_unlock = (1 << 2), /* -u - unlock account */
+        OPT_delete = (1 << 3), /* -d - delete password */
+        OPT_lud    = OPT_lock | OPT_unlock | OPT_delete,
     };
     unsigned opt;
     int rc;
     const char *opt_a = "";
+    const char *opt_a = CONFIG_FEATURE_DEFAULT_PASSWD_ALGO;
     const char *filename;
     char *myname;
 …
     argv += optind;
-    if (strcasecmp(opt_a, "des") != 0) /* -a */
-        opt |= STATE_ALGO_md5;
-    //else
-    //  opt |= STATE_ALGO_des;
     myuid = getuid();
     /* -l, -u, -d require root priv and username argument */
     if ((opt & OPT_lud) && (myuid || !argv[0]))
+    if ((opt & OPT_lud) && (myuid != 0 || !argv[0]))
         bb_show_usage();
 …
     pw = xgetpwnam(name);
     if (myuid && pw->pw_uid != myuid) {
+    if (myuid != 0 && pw->pw_uid != myuid) {
         /* LOGMODE_BOTH */
         bb_error_msg_and_die("%s can't change password for %s", myname, name);
 …
     c = pw->pw_passwd[0] - '!';
     if (!(opt & OPT_lud)) {
         if (myuid && !c) { /* passwd starts with '!' */
+        if (myuid != 0 && !c) { /* passwd starts with '!' */
             /* LOGMODE_BOTH */
             bb_error_msg_and_die("can't change "
 …
+        }
         printf("Changing password for %s\n", name);
         newp = new_password(pw, myuid, opt & STATE_ALGO_md5);
+        newp = new_password(pw, myuid, opt_a);
         if (!newp) {
             logmode = LOGMODE_STDIO;
 …
+        }
     } else if (opt & OPT_lock) {
+        if (!c) goto skip; /* passwd starts with '!' */
+        if (!c)
+            goto skip; /* passwd starts with '!' */
         newp = xasprintf("!%s", pw->pw_passwd);
     } else if (opt & OPT_unlock) {
+        if (c) goto skip; /* not '!' */
+        if (c)
+            goto skip; /* not '!' */
         /* pw->pw_passwd points to static storage,
          * strdup'ing to avoid nasty surprizes */
         newp = xstrdup(&pw->pw_passwd[1]);
     } else if (opt & OPT_delete) {
-        //newp = xstrdup("");
         newp = (char*)"";
+    }
 …
     filename = bb_path_shadow_file;
     rc = update_passwd(bb_path_shadow_file, name, newp, NULL);
+    if (rc == 0) /* no lines updated, no errors detected */
+    if (rc > 0)
+        /* password in /etc/shadow was updated */
+        newp = (char*) "x";
+    if (rc >= 0)
+        /* 0 = /etc/shadow missing (not an error), >0 = passwd changed in /etc/shadow */
 #endif
+    {
 …
     /* LOGMODE_BOTH */
     if (rc < 0)
+        bb_error_msg_and_die("can't update password file %s",
+                filename);
+        bb_error_msg_and_die("can't update password file %s", filename);
     bb_info_msg("Password for %s changed by %s", name, myname);
     //if (ENABLE_FEATURE_CLEAN_UP) free(newp);
+    /*if (ENABLE_FEATURE_CLEAN_UP) free(newp); - can't, it may be non-malloced */
  skip:
     if (!newp) {
 …
             name, (opt & OPT_unlock) ? "un" : "");
+    }
+    if (ENABLE_FEATURE_CLEAN_UP) free(myname);
+    if (ENABLE_FEATURE_CLEAN_UP)
+        free(myname);
     return 0;
+}

branches/3.2/mindi-busybox/loginutils/su.c

-              r2725
+              r3232
 #include "libbb.h"
 #include <syslog.h>
+//usage:#define su_trivial_usage
+//usage:       "[OPTIONS] [-] [USER]"
+//usage:#define su_full_usage "\n\n"
+//usage:       "Run shell under USER (by default, root)\n"
+//usage:     "\n    -,-l    Clear environment, run shell as login shell"
+//usage:     "\n    -p,-m   Do not set new $HOME, $SHELL, $USER, $LOGNAME"
+//usage:     "\n    -c CMD  Command to pass to 'sh -c'"
+//usage:     "\n    -s SH   Shell to use instead of user's default"
 #if ENABLE_FEATURE_SU_CHECKS_SHELLS
 …
     uid_t cur_uid = getuid();
     const char *tty;
+#if ENABLE_FEATURE_UTMP
     char user_buf[64];
+#endif
     const char *old_user;
 …
+    }
-    /* Make sure pw->pw_shell is non-NULL.  It may be NULL when NEW_USER
-     * is a username that is retrieved via NIS (YP), that doesn't have
-     * a default shell listed.  */
-    if (!pw->pw_shell || !pw->pw_shell[0])
-        pw->pw_shell = (char *)DEFAULT_SHELL;
 #if ENABLE_FEATURE_SU_CHECKS_SHELLS
     if (opt_shell && cur_uid != 0 && restricted_shell(pw->pw_shell)) {
+    if (opt_shell && cur_uid != 0 && pw->pw_shell && restricted_shell(pw->pw_shell)) {
         /* The user being su'd to has a nonstandard shell, and so is
          * probably a uucp account or has restricted access.  Don't
 …
          * shell.  */
         bb_error_msg("using restricted shell");
         opt_shell = NULL;
+        opt_shell = NULL; /* ignore -s PROG */
+    }
     /* else: user can run whatever he wants via "su -s PROG USER".
 …
     setup_environment(opt_shell,
             ((flags & SU_OPT_l) / SU_OPT_l * SETUP_ENV_CLEARENV)
+            + (!(flags & SU_OPT_mp) * SETUP_ENV_CHANGEENV),
+            + (!(flags & SU_OPT_mp) * SETUP_ENV_CHANGEENV)
+            + (!(flags & SU_OPT_l) * SETUP_ENV_NO_CHDIR),
             pw);
     IF_SELINUX(set_current_security_context(NULL);)

branches/3.2/mindi-busybox/loginutils/sulogin.c

-              r2725
+              r3232
  * Licensed under GPLv2 or later, see file LICENSE in this source tree.
  */
+//usage:#define sulogin_trivial_usage
+//usage:       "[-t N] [TTY]"
+//usage:#define sulogin_full_usage "\n\n"
+//usage:       "Single user login\n"
+//usage:     "\n    -t N    Timeout"
 #include "libbb.h"
 …
             break;
+        }
         bb_do_delay(FAIL_DELAY);
         bb_error_msg("login incorrect");
+        bb_do_delay(LOGIN_FAIL_DELAY);
+        bb_info_msg("Login incorrect");
+    }
     memset(cp, 0, strlen(cp));

branches/3.2/mindi-busybox/loginutils/vlock.c

-              r2725
+              r3232
 /* Fixed by Erik Andersen to do passwords the tinylogin way...
  * It now works with md5, sha1, etc passwords. */
+//usage:#define vlock_trivial_usage
+//usage:       "[-a]"
+//usage:#define vlock_full_usage "\n\n"
+//usage:       "Lock a virtual terminal. A password is required to unlock.\n"
+//usage:     "\n    -a  Lock all VTs"
 #include "libbb.h"
 …
     tcsetattr_stdin_TCSANOW(&term);
     do {
+    while (1) {
         printf("Virtual console%s locked by %s.\n",
+                option_mask32 /*o_lock_all*/ ? "s" : "",
+                pw->pw_name);
+                /* "s" if -a, else "": */ "s" + !option_mask32,
+                pw->pw_name
+        );
         if (correct_password(pw)) {
             break;
+        }
         bb_do_delay(FAIL_DELAY);
         puts("Password incorrect");
     } while (1);
+        bb_do_delay(LOGIN_FAIL_DELAY);
+        puts("Incorrect password");
+    }
 #ifdef __linux__

Context Navigation

Changeset 3232 in MondoRescue for branches/3.2/mindi-busybox/loginutils

Legend:

branches/3.2/mindi-busybox/loginutils/Config.src

branches/3.2/mindi-busybox/loginutils/add-remove-shell.c

branches/3.2/mindi-busybox/loginutils/addgroup.c

branches/3.2/mindi-busybox/loginutils/adduser.c

branches/3.2/mindi-busybox/loginutils/chpasswd.c

branches/3.2/mindi-busybox/loginutils/cryptpw.c

branches/3.2/mindi-busybox/loginutils/deluser.c

branches/3.2/mindi-busybox/loginutils/getty.c

branches/3.2/mindi-busybox/loginutils/login.c

branches/3.2/mindi-busybox/loginutils/passwd.c

branches/3.2/mindi-busybox/loginutils/su.c

branches/3.2/mindi-busybox/loginutils/sulogin.c

branches/3.2/mindi-busybox/loginutils/vlock.c

Download in other formats: