Changeset 3621 in MondoRescue for branches/3.3/mindi-busybox/loginutils

Timestamp:

Dec 20, 2016, 4:07:32 PM (8 years ago)

Author:

Bruno Cornec

Message:

New 3?3 banch for incorporation of latest busybox 1.25. Changing minor version to handle potential incompatibilities.

Location:

branches/3.3

Files:

• . (copied) (copied from branches/3.2 )
• mindi-busybox/loginutils/Config.src (modified) (2 diffs)
• mindi-busybox/loginutils/Kbuild.src (modified) (1 diff)
• mindi-busybox/loginutils/README (added)
• mindi-busybox/loginutils/add-remove-shell.c (modified) (4 diffs)
• mindi-busybox/loginutils/addgroup.c (modified) (6 diffs)
• mindi-busybox/loginutils/adduser.c (modified) (9 diffs)
• mindi-busybox/loginutils/chpasswd.c (modified) (5 diffs)
• mindi-busybox/loginutils/cryptpw.c (modified) (4 diffs)
• mindi-busybox/loginutils/deluser.c (modified) (5 diffs)
• mindi-busybox/loginutils/getty.c (modified) (6 diffs)
• mindi-busybox/loginutils/login.c (modified) (7 diffs)
• mindi-busybox/loginutils/passwd.c (modified) (3 diffs)
• mindi-busybox/loginutils/su.c (modified) (4 diffs)
• mindi-busybox/loginutils/sulogin.c (modified) (4 diffs)
• mindi-busybox/loginutils/vlock.c (modified) (2 diffs)

branches/3.3/mindi-busybox/loginutils/Config.src

@@ -5 +5 @@
 
 menu "Login/Password Management Utilities"
-
-INSERT
 
 config FEATURE_SHADOWPASSWDS
@@ -94 +92 @@
       user which has password encrypted with these algorithms.
 
-config ADDUSER
-    bool "adduser"
-    default y
-    help
-      Utility for creating a new user account.
-
-config FEATURE_ADDUSER_LONG_OPTIONS
-    bool "Enable long options"
-    default y
-    depends on ADDUSER && LONG_OPTS
-    help
-      Support long options for the adduser applet.
-
-config FEATURE_CHECK_NAMES
-    bool "Enable sanity check on user/group names in adduser and addgroup"
-    default n
-    depends on ADDUSER || ADDGROUP
-    help
-      Enable sanity check on user and group names in adduser and addgroup.
-      To avoid problems, the user or group name should consist only of
-      letters, digits, underscores, periods, at signs and dashes,
-      and not start with a dash (as defined by IEEE Std 1003.1-2001).
-      For compatibility with Samba machine accounts "$" is also supported
-      at the end of the user or group name.
-
-config FIRST_SYSTEM_ID
-    int "First valid system uid or gid for adduser and addgroup"
-    depends on ADDUSER || ADDGROUP
-    range 0 64900
-    default 100
-    help
-      First valid system uid or gid for adduser and addgroup
-
-config LAST_SYSTEM_ID
-    int "Last valid system uid or gid for adduser and addgroup"
-    depends on ADDUSER || ADDGROUP
-    range 0 64900
-    default 999
-    help
-      Last valid system uid or gid for adduser and addgroup
-
-config ADDGROUP
-    bool "addgroup"
-    default y
-    help
-      Utility for creating a new group account.
-
-config FEATURE_ADDGROUP_LONG_OPTIONS
-    bool "Enable long options"
-    default y
-    depends on ADDGROUP && LONG_OPTS
-    help
-      Support long options for the addgroup applet.
-
-config FEATURE_ADDUSER_TO_GROUP
-    bool "Support for adding users to groups"
-    default y
-    depends on ADDGROUP
-    help
-      If  called  with two non-option arguments,
-      addgroup will add an existing user to an
-      existing group.
-
-config DELUSER
-    bool "deluser"
-    default y
-    help
-      Utility for deleting a user account.
-
-config DELGROUP
-    bool "delgroup"
-    default y
-    help
-      Utility for deleting a group account.
-
-config FEATURE_DEL_USER_FROM_GROUP
-    bool "Support for removing users from groups"
-    default y
-    depends on DELGROUP
-    help
-      If called with two non-option arguments, deluser
-      or delgroup will remove an user from a specified group.
-
-config GETTY
-    bool "getty"
-    default y
-    select FEATURE_SYSLOG
-    help
-      getty lets you log in on a tty. It is normally invoked by init.
-
-      Note that you can save a few bytes by disabling it and
-      using login applet directly.
-      If you need to reset tty attributes before calling login,
-      this script approximates getty:
-
-      exec </dev/$1 >/dev/$1 2>&1 || exit 1
-      reset
-      stty sane; stty ispeed 38400; stty ospeed 38400
-      printf "%s login: " "`hostname`"
-      read -r login
-      exec /bin/login "$login"
-
-config LOGIN
-    bool "login"
-    default y
-    select FEATURE_SYSLOG
-    help
-      login is used when signing onto a system.
-
-      Note that Busybox binary must be setuid root for this applet to
-      work properly.
-
-config LOGIN_SESSION_AS_CHILD
-    bool "Run logged in session in a child process"
-    default y if PAM
-    depends on LOGIN
-    help
-      Run the logged in session in a child process.  This allows
-      login to clean up things such as utmp entries or PAM sessions
-      when the login session is complete.  If you use PAM, you
-      almost always would want this to be set to Y, else PAM session
-      will not be cleaned up.
-
-config PAM
-    bool "Support for PAM (Pluggable Authentication Modules)"
-    default n
-    depends on LOGIN
-    help
-      Use PAM in login(1) instead of direct access to password database.
-
-config LOGIN_SCRIPTS
-    bool "Support for login scripts"
-    depends on LOGIN
-    default y
-    help
-      Enable this if you want login to execute $LOGIN_PRE_SUID_SCRIPT
-      just prior to switching from root to logged-in user.
-
-config FEATURE_NOLOGIN
-    bool "Support for /etc/nologin"
-    default y
-    depends on LOGIN
-    help
-      The file /etc/nologin is used by (some versions of) login(1).
-      If it exists, non-root logins are prohibited.
-
-config FEATURE_SECURETTY
-    bool "Support for /etc/securetty"
-    default y
-    depends on LOGIN
-    help
-      The file /etc/securetty is used by (some versions of) login(1).
-      The file contains the device names of tty lines (one per line,
-      without leading /dev/) on which root is allowed to login.
-
-config PASSWD
-    bool "passwd"
-    default y
-    select FEATURE_SYSLOG
-    help
-      passwd changes passwords for user and group accounts. A normal user
-      may only change the password for his/her own account, the super user
-      may change the password for any account. The administrator of a group
-      may change the password for the group.
-
-      Note that Busybox binary must be setuid root for this applet to
-      work properly.
-
-config FEATURE_PASSWD_WEAK_CHECK
-    bool "Check new passwords for weakness"
-    default y
-    depends on PASSWD
-    help
-      With this option passwd will refuse new passwords which are "weak".
-
-config CRYPTPW
-    bool "cryptpw"
-    default y
-    help
-      Encrypts the given password with the crypt(3) libc function
-      using the given salt. Debian has this utility under mkpasswd
-      name. Busybox provides mkpasswd as an alias for cryptpw.
-
-config CHPASSWD
-    bool "chpasswd"
-    default y
-    help
-      Reads a file of user name and password pairs from standard input
-      and uses this information to update a group of existing users.
-
-config FEATURE_DEFAULT_PASSWD_ALGO
-    string "Default password encryption method (passwd -a, cryptpw -m parameter)"
-    default "des"
-    depends on PASSWD || CRYPTPW
-    help
-      Possible choices are "d[es]", "m[d5]", "s[ha256]" or "sha512".
-
-config SU
-    bool "su"
-    default y
-    select FEATURE_SYSLOG
-    help
-      su is used to become another user during a login session.
-      Invoked without a username, su defaults to becoming the super user.
-
-      Note that Busybox binary must be setuid root for this applet to
-      work properly.
-
-config FEATURE_SU_SYSLOG
-    bool "Enable su to write to syslog"
-    default y
-    depends on SU
-
-config FEATURE_SU_CHECKS_SHELLS
-    bool "Enable su to check user's shell to be listed in /etc/shells"
-    depends on SU
-    default y
-
-config SULOGIN
-    bool "sulogin"
-    default y
-    select FEATURE_SYSLOG
-    help
-      sulogin is invoked when the system goes into single user
-      mode (this is done through an entry in inittab).
-
-config VLOCK
-    bool "vlock"
-    default y
-    help
-      Build the "vlock" applet which allows you to lock (virtual) terminals.
-
-      Note that Busybox binary must be setuid root for this applet to
-      work properly.
+INSERT
 
 endmenu

branches/3.3/mindi-busybox/loginutils/Kbuild.src

@@ -8 +8 @@
 
 INSERT
-lib-$(CONFIG_ADDGROUP)  += addgroup.o
-lib-$(CONFIG_ADDUSER)   += adduser.o
-lib-$(CONFIG_CRYPTPW)   += cryptpw.o
-lib-$(CONFIG_CHPASSWD)  += chpasswd.o
-lib-$(CONFIG_GETTY) += getty.o
-lib-$(CONFIG_LOGIN) += login.o
-lib-$(CONFIG_PASSWD)    += passwd.o
-lib-$(CONFIG_SU)    += su.o
-lib-$(CONFIG_SULOGIN)   += sulogin.o
-lib-$(CONFIG_VLOCK) += vlock.o
-lib-$(CONFIG_DELUSER)   += deluser.o
-lib-$(CONFIG_DELGROUP)  += deluser.o

branches/3.3/mindi-busybox/loginutils/add-remove-shell.c

@@ -8 +8 @@
  * for details.
  */
-
-//applet:IF_ADD_SHELL(   APPLET_ODDNAME(add-shell   , add_remove_shell, BB_DIR_USR_SBIN, BB_SUID_DROP, add_shell   ))
-//applet:IF_REMOVE_SHELL(APPLET_ODDNAME(remove-shell, add_remove_shell, BB_DIR_USR_SBIN, BB_SUID_DROP, remove_shell))
-
-//kbuild:lib-$(CONFIG_ADD_SHELL)    += add-remove-shell.o
-//kbuild:lib-$(CONFIG_REMOVE_SHELL) += add-remove-shell.o
-
 //config:config ADD_SHELL
 //config:       bool "add-shell"
@@ -26 +19 @@
 //config:       help
 //config:         Remove shells from /etc/shells.
+
+//applet:IF_ADD_SHELL(   APPLET_ODDNAME(add-shell   , add_remove_shell, BB_DIR_USR_SBIN, BB_SUID_DROP, add_shell   ))
+//applet:IF_REMOVE_SHELL(APPLET_ODDNAME(remove-shell, add_remove_shell, BB_DIR_USR_SBIN, BB_SUID_DROP, remove_shell))
+
+//kbuild:lib-$(CONFIG_ADD_SHELL)    += add-remove-shell.o
+//kbuild:lib-$(CONFIG_REMOVE_SHELL) += add-remove-shell.o
 
 //usage:#define add_shell_trivial_usage
@@ -101 +100 @@
             }
             /* copy shell name from old to new file */
-            printf("%s\n", line);
+            puts(line);
  next_line:
             free(line);
@@ -113 +112 @@
         while (*cpp) {
             if (*cpp != dont_add)
-                printf("%s\n", *cpp);
+                puts(*cpp);
             cpp++;
         }

branches/3.3/mindi-busybox/loginutils/addgroup.c

@@ -10 +10 @@
  *
  */
+//config:config ADDGROUP
+//config:   bool "addgroup"
+//config:   default y
+//config:   help
+//config:     Utility for creating a new group account.
+//config:
+//config:config FEATURE_ADDGROUP_LONG_OPTIONS
+//config:   bool "Enable long options"
+//config:   default y
+//config:   depends on ADDGROUP && LONG_OPTS
+//config:   help
+//config:     Support long options for the addgroup applet.
+//config:
+//config:config FEATURE_ADDUSER_TO_GROUP
+//config:   bool "Support for adding users to groups"
+//config:   default y
+//config:   depends on ADDGROUP
+//config:   help
+//config:     If  called  with two non-option arguments,
+//config:     addgroup will add an existing user to an
+//config:     existing group.
+
+//applet:IF_ADDGROUP(APPLET(addgroup, BB_DIR_USR_SBIN, BB_SUID_DROP))
+
+//kbuild:lib-$(CONFIG_ADDGROUP) += addgroup.o
 
 //usage:#define addgroup_trivial_usage
-//usage:       "[-g GID] " IF_FEATURE_ADDUSER_TO_GROUP("[USER] ") "GROUP"
+//usage:       "[-g GID] [-S] " IF_FEATURE_ADDUSER_TO_GROUP("[USER] ") "GROUP"
 //usage:#define addgroup_full_usage "\n\n"
-//usage:       "Add a group " IF_FEATURE_ADDUSER_TO_GROUP("or add a user to a group") "\n"
+//usage:       "Add a group" IF_FEATURE_ADDUSER_TO_GROUP(" or add a user to a group") "\n"
 //usage:     "\n    -g GID  Group id"
 //usage:     "\n    -S  Create a system group"
@@ -23 +48 @@
 #error Bad LAST_SYSTEM_ID or FIRST_SYSTEM_ID in .config
 #endif
+#if CONFIG_LAST_ID < CONFIG_LAST_SYSTEM_ID
+#error Bad LAST_ID or LAST_SYSTEM_ID in .config
+#endif
 
 #define OPT_GID                       (1 << 0)
 #define OPT_SYSTEM_ACCOUNT            (1 << 1)
 
-/* We assume GID_T_MAX == INT_MAX */
 static void xgroup_study(struct group *g)
 {
-    unsigned max = INT_MAX;
+    unsigned max = CONFIG_LAST_ID;
 
     /* Make sure gr_name is unused */
@@ -47 +74 @@
         } else {
             g->gr_gid = CONFIG_LAST_SYSTEM_ID + 1;
-            max = 64999;
         }
     }
@@ -126 +152 @@
 {
     unsigned opts;
-    unsigned gid = 0;
+    const char *gid = "0";
 
     /* need to be root */
@@ -140 +166 @@
      *  addgroup user group
      * Check for min, max and missing args */
-    opt_complementary = "-1:?2:g+";
+    opt_complementary = "-1:?2";
     opts = getopt32(argv, "g:S", &gid);
     /* move past the commandline options */
@@ -176 +202 @@
     {
         die_if_bad_username(argv[0]);
-        new_group(argv[0], gid);
+        new_group(argv[0], xatou_range(gid, 0, CONFIG_LAST_ID));
     }
     /* Reached only on success */

branches/3.3/mindi-busybox/loginutils/adduser.c

@@ -8 +8 @@
  * Licensed under GPLv2 or later, see file LICENSE in this source tree.
  */
+//config:config ADDUSER
+//config:   bool "adduser"
+//config:   default y
+//config:   help
+//config:     Utility for creating a new user account.
+//config:
+//config:config FEATURE_ADDUSER_LONG_OPTIONS
+//config:   bool "Enable long options"
+//config:   default y
+//config:   depends on ADDUSER && LONG_OPTS
+//config:   help
+//config:     Support long options for the adduser applet.
+//config:
+//config:config FEATURE_CHECK_NAMES
+//config:   bool "Enable sanity check on user/group names in adduser and addgroup"
+//config:   default n
+//config:   depends on ADDUSER || ADDGROUP
+//config:   help
+//config:     Enable sanity check on user and group names in adduser and addgroup.
+//config:     To avoid problems, the user or group name should consist only of
+//config:     letters, digits, underscores, periods, at signs and dashes,
+//config:     and not start with a dash (as defined by IEEE Std 1003.1-2001).
+//config:     For compatibility with Samba machine accounts "$" is also supported
+//config:     at the end of the user or group name.
+//config:
+//config:config LAST_ID
+//config:   int "Last valid uid or gid for adduser and addgroup"
+//config:   depends on ADDUSER || ADDGROUP
+//config:   default 60000
+//config:   help
+//config:     Last valid uid or gid for adduser and addgroup
+//config:
+//config:config FIRST_SYSTEM_ID
+//config:   int "First valid system uid or gid for adduser and addgroup"
+//config:   depends on ADDUSER || ADDGROUP
+//config:   range 0 LAST_ID
+//config:   default 100
+//config:   help
+//config:     First valid system uid or gid for adduser and addgroup
+//config:
+//config:config LAST_SYSTEM_ID
+//config:   int "Last valid system uid or gid for adduser and addgroup"
+//config:   depends on ADDUSER || ADDGROUP
+//config:   range FIRST_SYSTEM_ID LAST_ID
+//config:   default 999
+//config:   help
+//config:     Last valid system uid or gid for adduser and addgroup
+
+//applet:IF_ADDUSER(APPLET(adduser, BB_DIR_USR_SBIN, BB_SUID_DROP))
+
+//kbuild:lib-$(CONFIG_ADDUSER) += adduser.o
 
 //usage:#define adduser_trivial_usage
@@ -21 +72 @@
 //usage:     "\n    -H      Don't create home directory"
 //usage:     "\n    -u UID      User id"
+//usage:     "\n    -k SKEL     Skeleton directory (/etc/skel)"
 
 #include "libbb.h"
@@ -27 +79 @@
 #error Bad LAST_SYSTEM_ID or FIRST_SYSTEM_ID in .config
 #endif
+#if CONFIG_LAST_ID < CONFIG_LAST_SYSTEM_ID
+#error Bad LAST_ID or LAST_SYSTEM_ID in .config
+#endif
+
 
 /* #define OPT_HOME           (1 << 0) */ /* unused */
@@ -36 +92 @@
 #define OPT_DONT_MAKE_HOME (1 << 6)
 #define OPT_UID            (1 << 7)
-
-/* We assume UID_T_MAX == INT_MAX */
+#define OPT_SKEL           (1 << 8)
+
 /* remix */
 /* recoded such that the uid may be passed in *p */
 static void passwd_study(struct passwd *p)
 {
-    int max = UINT_MAX;
+    int max = CONFIG_LAST_ID;
 
     if (getpwnam(p->pw_name)) {
@@ -55 +111 @@
         } else {
             p->pw_uid = CONFIG_LAST_SYSTEM_ID + 1;
-            max = 64999;
         }
     }
@@ -133 +188 @@
         "no-create-home\0"      No_argument       "H"
         "uid\0"                 Required_argument "u"
+        "skel\0"                Required_argument "k"
         ;
 #endif
@@ -148 +204 @@
     char *p;
     unsigned opts;
+    char *uid;
+    const char *skel = "/etc/skel";
 
 #if ENABLE_FEATURE_ADDUSER_LONG_OPTIONS
@@ -163 +221 @@
     pw.pw_dir = NULL;
 
-    /* at most two non-option args */
+    /* at least one and at most two non-option args */
     /* disable interactive passwd for system accounts */
-    opt_complementary = "?2:SD:u+";
-    if (sizeof(pw.pw_uid) == sizeof(int)) {
-        opts = getopt32(argv, "h:g:s:G:DSHu:", &pw.pw_dir, &pw.pw_gecos, &pw.pw_shell, &usegroup, &pw.pw_uid);
-    } else {
-        unsigned uid;
-        opts = getopt32(argv, "h:g:s:G:DSHu:", &pw.pw_dir, &pw.pw_gecos, &pw.pw_shell, &usegroup, &uid);
-        if (opts & OPT_UID) {
-            pw.pw_uid = uid;
-        }
-    }
+    opt_complementary = "-1:?2:SD";
+    opts = getopt32(argv, "h:g:s:G:DSHu:k:", &pw.pw_dir, &pw.pw_gecos, &pw.pw_shell, &usegroup, &uid, &skel);
+    if (opts & OPT_UID)
+        pw.pw_uid = xatou_range(uid, 0, CONFIG_LAST_ID);
+
     argv += optind;
     pw.pw_name = argv[0];
@@ -253 +306 @@
             };
             /* Be silent on any errors (like: no /etc/skel) */
-            logmode = LOGMODE_NONE;
-            copy_file("/etc/skel", pw.pw_dir, FILEUTILS_RECUR);
+            if (!(opts & OPT_SKEL))
+                logmode = LOGMODE_NONE;
+            copy_file(skel, pw.pw_dir, FILEUTILS_RECUR);
             logmode = LOGMODE_STDIO;
             chown_main(4, (char**)args);

branches/3.3/mindi-busybox/loginutils/chpasswd.c

@@ -6 +6 @@
  * Licensed under GPLv2 or later, see file LICENSE in this source tree.
  */
-#include "libbb.h"
+//config:config CHPASSWD
+//config:   bool "chpasswd"
+//config:   default y
+//config:   help
+//config:     Reads a file of user name and password pairs from standard input
+//config:     and uses this information to update a group of existing users.
+//config:
+//config:config FEATURE_DEFAULT_PASSWD_ALGO
+//config:   string "Default password encryption method (passwd -a, cryptpw -m parameter)"
+//config:   default "des"
+//config:   depends on PASSWD || CRYPTPW
+//config:   help
+//config:     Possible choices are "d[es]", "m[d5]", "s[ha256]" or "sha512".
+
+//applet:IF_CHPASSWD(APPLET(chpasswd, BB_DIR_USR_SBIN, BB_SUID_DROP))
+
+//kbuild:lib-$(CONFIG_CHPASSWD) += chpasswd.o
 
 //usage:#define chpasswd_trivial_usage
-//usage:    IF_LONG_OPTS("[--md5|--encrypted]") IF_NOT_LONG_OPTS("[-m|-e]")
+//usage:    IF_LONG_OPTS("[--md5|--encrypted|--crypt-method]") IF_NOT_LONG_OPTS("[-m|-e|-c]")
 //usage:#define chpasswd_full_usage "\n\n"
 //usage:       "Read user:password from stdin and update /etc/passwd\n"
 //usage:    IF_LONG_OPTS(
-//usage:     "\n    -e,--encrypted  Supplied passwords are in encrypted form"
-//usage:     "\n    -m,--md5    Use MD5 encryption instead of DES"
+//usage:     "\n    -e,--encrypted      Supplied passwords are in encrypted form"
+//usage:     "\n    -m,--md5        Use MD5 encryption instead of DES"
+//usage:     "\n    -c,--crypt-method   Use the specified method to encrypt the passwords"
 //usage:    )
 //usage:    IF_NOT_LONG_OPTS(
 //usage:     "\n    -e  Supplied passwords are in encrypted form"
 //usage:     "\n    -m  Use MD5 encryption instead of DES"
+//usage:     "\n    -c  Use the specified method to encrypt the passwords"
 //usage:    )
 
-//TODO: implement -c ALGO
+#include "libbb.h"
 
 #if ENABLE_LONG_OPTS
 static const char chpasswd_longopts[] ALIGN1 =
-    "encrypted\0" No_argument "e"
-    "md5\0"       No_argument "m"
+    "encrypted\0"    No_argument       "e"
+    "md5\0"          No_argument       "m"
+    "crypt-method\0" Required_argument "c"
     ;
 #endif
@@ -37 +56 @@
 {
     char *name;
+    const char *algo = CONFIG_FEATURE_DEFAULT_PASSWD_ALGO;
     int opt;
 
@@ -42 +62 @@
         bb_error_msg_and_die(bb_msg_perm_denied_are_you_root);
 
-    opt_complementary = "m--e:e--m";
+    opt_complementary = "m--ec:e--mc:c--em";
     IF_LONG_OPTS(applet_long_options = chpasswd_longopts;)
-    opt = getopt32(argv, "em");
+    opt = getopt32(argv, "emc:", &algo);
 
     while ((name = xmalloc_fgetline(stdin)) != NULL) {
@@ -60 +80 @@
         free_me = NULL;
         if (!(opt & OPT_ENC)) {
-            char salt[sizeof("$N$XXXXXXXX")];
+            char salt[MAX_PW_SALT_LEN];
 
-            crypt_make_salt(salt, 1);
             if (opt & OPT_MD5) {
-                salt[0] = '$';
-                salt[1] = '1';
-                salt[2] = '$';
-                crypt_make_salt(salt + 3, 4);
+                /* Force MD5 if the -m flag is set */
+                algo = "md5";
             }
+
+            crypt_make_pw_salt(salt, algo);
             free_me = pass = pw_encrypt(pass, salt, 0);
         }
@@ -87 +106 @@
             bb_error_msg_and_die("an error occurred updating password for %s", name);
         if (rc)
-            bb_info_msg("Password for '%s' changed", name);
+            bb_error_msg("password for '%s' changed", name);
         logmode = LOGMODE_STDIO;
         free(name);

branches/3.3/mindi-busybox/loginutils/cryptpw.c

@@ -10 +10 @@
  * Licensed under GPLv2, see file LICENSE in this source tree.
  */
+//config:config CRYPTPW
+//config:   bool "cryptpw"
+//config:   default y
+//config:   help
+//config:     Encrypts the given password with the crypt(3) libc function
+//config:     using the given salt.
+//config:
+//config:config MKPASSWD
+//config:   bool "mkpasswd"
+//config:   default y
+//config:   help
+//config:     Encrypts the given password with the crypt(3) libc function
+//config:     using the given salt. Debian has this utility under mkpasswd
+//config:     name. Busybox provides mkpasswd as an alias for cryptpw.
+
+//applet:IF_CRYPTPW(APPLET(cryptpw, BB_DIR_USR_BIN, BB_SUID_DROP))
+//                   APPLET_ODDNAME:name      main     location        suid_type     help
+//applet:IF_MKPASSWD(APPLET_ODDNAME(mkpasswd, cryptpw, BB_DIR_USR_BIN, BB_SUID_DROP, cryptpw))
+
+//kbuild:lib-$(CONFIG_CRYPTPW) += cryptpw.o
+//kbuild:lib-$(CONFIG_MKPASSWD) += cryptpw.o
 
 //usage:#define cryptpw_trivial_usage
@@ -15 +36 @@
 /* We do support -s, we just don't mention it */
 //usage:#define cryptpw_full_usage "\n\n"
-//usage:       "Crypt PASSWORD using crypt(3)\n"
-//usage:    IF_LONG_OPTS(
-//usage:     "\n    -P,--password-fd=N  Read password from fd N"
-/* //usage:  "\n    -s,--stdin      Use stdin; like -P0" */
-//usage:     "\n    -m,--method=TYPE    Encryption method"
-//usage:     "\n    -S,--salt=SALT"
-//usage:    )
-//usage:    IF_NOT_LONG_OPTS(
-//usage:     "\n    -P N    Read password from fd N"
-/* //usage:  "\n    -s  Use stdin; like -P0" */
-//usage:     "\n    -m TYPE Encryption method TYPE"
-//usage:     "\n    -S SALT"
-//usage:    )
-
-/* mkpasswd is an alias to cryptpw */
-//usage:#define mkpasswd_trivial_usage
-//usage:       "[OPTIONS] [PASSWORD] [SALT]"
-/* We do support -s, we just don't mention it */
-//usage:#define mkpasswd_full_usage "\n\n"
 //usage:       "Crypt PASSWORD using crypt(3)\n"
 //usage:    IF_LONG_OPTS(
@@ -93 +95 @@
     char salt[MAX_PW_SALT_LEN];
     char *salt_ptr;
+    char *password;
     const char *opt_m, *opt_S;
     int fd;
@@ -124 +127 @@
     xmove_fd(fd, STDIN_FILENO);
 
-    puts(pw_encrypt(
-        argv[0] ? argv[0] : (
-            /* Only mkpasswd, and only from tty, prompts.
-             * Otherwise it is a plain read. */
-            (isatty(STDIN_FILENO) && applet_name[0] == 'm')
+    password = argv[0];
+    if (!password) {
+        /* Only mkpasswd, and only from tty, prompts.
+         * Otherwise it is a plain read. */
+        password = (ENABLE_MKPASSWD && isatty(STDIN_FILENO) && applet_name[0] == 'm')
             ? bb_ask_stdin("Password: ")
             : xmalloc_fgetline(stdin)
-        ),
-        salt, 1));
+        ;
+        /* may still be NULL on EOF/error */
+    }
+
+    if (password)
+        puts(pw_encrypt(password, salt, 1));
 
     return EXIT_SUCCESS;

branches/3.3/mindi-busybox/loginutils/deluser.c

@@ -8 +8 @@
  *
  * Licensed under GPLv2, see file LICENSE in this source tree.
- *
  */
+//config:config DELUSER
+//config:   bool "deluser"
+//config:   default y
+//config:   help
+//config:     Utility for deleting a user account.
+//config:
+//config:config DELGROUP
+//config:   bool "delgroup"
+//config:   default y
+//config:   help
+//config:     Utility for deleting a group account.
+//config:
+//config:config FEATURE_DEL_USER_FROM_GROUP
+//config:   bool "Support for removing users from groups"
+//config:   default y
+//config:   depends on DELGROUP
+//config:   help
+//config:     If called with two non-option arguments, deluser
+//config:     or delgroup will remove an user from a specified group.
+
+//applet:IF_DELUSER(APPLET(deluser, BB_DIR_USR_SBIN, BB_SUID_DROP))
+//applet:IF_DELGROUP(APPLET_ODDNAME(delgroup, deluser, BB_DIR_USR_SBIN, BB_SUID_DROP, delgroup))
+
+//kbuild:lib-$(CONFIG_DELUSER) += deluser.o
+//kbuild:lib-$(CONFIG_DELGROUP) += deluser.o
 
 //usage:#define deluser_trivial_usage
-//usage:       "USER"
+//usage:       IF_LONG_OPTS("[--remove-home] ") "USER"
 //usage:#define deluser_full_usage "\n\n"
 //usage:       "Delete USER from the system"
+//  --remove-home is self-explanatory enough to put it in --help
 
 //usage:#define delgroup_trivial_usage
@@ -38 +63 @@
     int do_deluser = (ENABLE_DELUSER && (!ENABLE_DELGROUP || applet_name[3] == 'u'));
 
+#if !ENABLE_LONG_OPTS
+    const int opt_delhome = 0;
+#else
+    int opt_delhome = 0;
+    if (do_deluser) {
+        applet_long_options =
+            "remove-home\0" No_argument "\xff";
+        opt_delhome = getopt32(argv, "");
+        argv += opt_delhome;
+        argc -= opt_delhome;
+    }
+#endif
+
     if (geteuid() != 0)
         bb_error_msg_and_die(bb_msg_perm_denied_are_you_root);
@@ -56 +94 @@
         if (do_deluser) {
             /* "deluser USER" */
-            xgetpwnam(name); /* bail out if USER is wrong */
+            struct passwd *pw;
+
+            pw = xgetpwnam(name); /* bail out if USER is wrong */
             pfile = bb_path_passwd_file;
             if (ENABLE_FEATURE_SHADOWPASSWDS)
                 sfile = bb_path_shadow_file;
+            if (opt_delhome)
+                remove_file(pw->pw_dir, FILEUTILS_RECUR);
         } else {
             struct group *gr;
@@ -74 +116 @@
                 /* "delgroup GROUP" */
                 struct passwd *pw;
-                struct passwd pwent;
                 /* Check if the group is in use */
-#define passwd_buf bb_common_bufsiz1
-                while (!getpwent_r(&pwent, passwd_buf, sizeof(passwd_buf), &pw)) {
-                    if (pwent.pw_gid == gr->gr_gid)
-                        bb_error_msg_and_die("'%s' still has '%s' as their primary group!", pwent.pw_name, name);
+                while ((pw = getpwent()) != NULL) {
+                    if (pw->pw_gid == gr->gr_gid)
+                        bb_error_msg_and_die("'%s' still has '%s' as their primary group!",
+                            pw->pw_name, name);
                 }
                 //endpwent();
@@ -98 +139 @@
         } while (ENABLE_FEATURE_SHADOWPASSWDS && pfile);
 
-        if (ENABLE_DELGROUP && do_deluser > 0) {
-            /* "deluser USER" also should try to delete
-             * same-named group. IOW: do "delgroup USER"
-             */
+        if (do_deluser > 0) {
+            /* Delete user from all groups */
+            if (update_passwd(bb_path_group_file, NULL, NULL, name) == -1)
+                return EXIT_FAILURE;
+
+            if (ENABLE_DELGROUP) {
+                /* "deluser USER" also should try to delete
+                 * same-named group. IOW: do "delgroup USER"
+                 */
 // On debian deluser is a perl script that calls userdel.
 // From man userdel:
 //  If USERGROUPS_ENAB is defined to yes in /etc/login.defs, userdel will
 //  delete the group with the same name as the user.
-            do_deluser = -1;
-            goto do_delgroup;
+                do_deluser = -1;
+                goto do_delgroup;
+            }
         }
         return EXIT_SUCCESS;

branches/3.3/mindi-busybox/loginutils/getty.c

@@ -22 +22 @@
  * Licensed under GPLv2 or later, see file LICENSE in this source tree.
  */
+//config:config GETTY
+//config:   bool "getty"
+//config:   default y
+//config:   select FEATURE_SYSLOG
+//config:   help
+//config:     getty lets you log in on a tty. It is normally invoked by init.
+//config:
+//config:     Note that you can save a few bytes by disabling it and
+//config:     using login applet directly.
+//config:     If you need to reset tty attributes before calling login,
+//config:     this script approximates getty:
+//config:
+//config:     exec </dev/$1 >/dev/$1 2>&1 || exit 1
+//config:     reset
+//config:     stty sane; stty ispeed 38400; stty ospeed 38400
+//config:     printf "%s login: " "`hostname`"
+//config:     read -r login
+//config:     exec /bin/login "$login"
+
+//applet:IF_GETTY(APPLET(getty, BB_DIR_SBIN, BB_SUID_DROP))
+
+//kbuild:lib-$(CONFIG_GETTY) += getty.o
 
 #include "libbb.h"
@@ -335 +357 @@
      */
 
-    /* line buffered input (NL or EOL or EOF chars end a line);
-     * recognize INT/QUIT/SUSP chars;
-     * echo input chars;
-     * echo BS-SP-BS on erase character;
-     * echo kill char specially, not as ^c (ECHOKE controls how exactly);
-     * erase all input via BS-SP-BS on kill char (else go to next line)
-     */
-    G.tty_attrs.c_lflag |= ICANON | ISIG | ECHO | ECHOE | ECHOK | ECHOKE;
+    /* ICANON  line buffered input (NL or EOL or EOF chars end a line);
+     * ISIG    recognize INT/QUIT/SUSP chars;
+     * ECHO    echo input chars;
+     * ECHOE   echo BS-SP-BS on erase character;
+     * ECHOK   echo kill char specially, not as ^c (ECHOKE controls how exactly);
+     * ECHOKE  erase all input via BS-SP-BS on kill char (else go to next line)
+     * ECHOCTL Echo ctrl chars as ^c (else echo verbatim:
+     *         e.g. up arrow emits "ESC-something" and thus moves cursor up!)
+     */
+    G.tty_attrs.c_lflag |= ICANON | ISIG | ECHO | ECHOE | ECHOK | ECHOKE | ECHOCTL;
     /* Other bits in c_lflag:
      * XCASE   Map uppercase to \lowercase [tried, doesn't work]
      * ECHONL  Echo NL even if ECHO is not set
-     * ECHOCTL Echo ctrl chars as ^c (else don't echo) - maybe set this?
      * ECHOPRT On erase, echo erased chars
      *         [qwe<BS><BS><BS> input looks like "qwe\ewq/" on screen]
@@ -520 +543 @@
 }
 
+static void sleep10(void)
+{
+    sleep(10);
+}
+
 int getty_main(int argc, char **argv) MAIN_EXTERNALLY_VISIBLE;
 int getty_main(int argc UNUSED_PARAM, char **argv)
@@ -557 +585 @@
             //  getsid(0), getpgid(0));
             bb_perror_msg_and_die("setsid");
+            /*
+             * When we can end up here?
+             * Example: setsid() fails when run alone in interactive shell:
+             *  # getty 115200 /dev/tty2
+             * because shell's child (getty) is put in a new process group.
+             * But doesn't fail if shell is not interactive
+             * (and therefore doesn't create process groups for pipes),
+             * or if getty is not the first process in the process group:
+             *  # true | getty 115200 /dev/tty2
+             */
         }
         /* Looks like we are already a session leader.
@@ -589 +627 @@
 
     /* Logging. We want special flavor of error_msg_and_die */
-    die_sleep = 10;
+    die_func = sleep10;
     msg_eol = "\r\n";
     /* most likely will internally use fd #3 in CLOEXEC mode: */
@@ -696 +734 @@
      * and getty is not suid-root applet */
     /* With -n, logname == NULL, and login will ask for username instead */
-    BB_EXECLP(G.login, G.login, "--", logname, NULL);
+    BB_EXECLP(G.login, G.login, "--", logname, (char *)0);
     bb_error_msg_and_die("can't execute '%s'", G.login);
 }

branches/3.3/mindi-busybox/loginutils/login.c

@@ -3 +3 @@
  * Licensed under GPLv2 or later, see file LICENSE in this source tree.
  */
+//config:config LOGIN
+//config:   bool "login"
+//config:   default y
+//config:   select FEATURE_SYSLOG
+//config:   help
+//config:     login is used when signing onto a system.
+//config:
+//config:     Note that Busybox binary must be setuid root for this applet to
+//config:     work properly.
+//config:
+//config:config LOGIN_SESSION_AS_CHILD
+//config:   bool "Run logged in session in a child process"
+//config:   default y if PAM
+//config:   depends on LOGIN
+//config:   help
+//config:     Run the logged in session in a child process.  This allows
+//config:     login to clean up things such as utmp entries or PAM sessions
+//config:     when the login session is complete.  If you use PAM, you
+//config:     almost always would want this to be set to Y, else PAM session
+//config:     will not be cleaned up.
+//config:
+//config:config LOGIN_SCRIPTS
+//config:   bool "Support for login scripts"
+//config:   depends on LOGIN
+//config:   default y
+//config:   help
+//config:     Enable this if you want login to execute $LOGIN_PRE_SUID_SCRIPT
+//config:     just prior to switching from root to logged-in user.
+//config:
+//config:config FEATURE_NOLOGIN
+//config:   bool "Support for /etc/nologin"
+//config:   default y
+//config:   depends on LOGIN
+//config:   help
+//config:     The file /etc/nologin is used by (some versions of) login(1).
+//config:     If it exists, non-root logins are prohibited.
+//config:
+//config:config FEATURE_SECURETTY
+//config:   bool "Support for /etc/securetty"
+//config:   default y
+//config:   depends on LOGIN
+//config:   help
+//config:     The file /etc/securetty is used by (some versions of) login(1).
+//config:     The file contains the device names of tty lines (one per line,
+//config:     without leading /dev/) on which root is allowed to login.
+
+//applet:/* Needs to be run by root or be suid root - needs to change uid and gid: */
+//applet:IF_LOGIN(APPLET(login, BB_DIR_BIN, BB_SUID_REQUIRE))
+
+//kbuild:lib-$(CONFIG_LOGIN) += login.o
 
 //usage:#define login_trivial_usage
@@ -9 +59 @@
 //usage:       "Begin a new session on the system\n"
 //usage:     "\n    -f  Don't authenticate (user already authenticated)"
-//usage:     "\n    -h  Name of the remote host"
+//usage:     "\n    -h HOST Host user came from (for network logins)"
 //usage:     "\n    -p  Preserve environment"
 
 #include "libbb.h"
+#include "common_bufsiz.h"
 #include <syslog.h>
 #include <sys/resource.h>
@@ -29 +80 @@
 # include <security/pam_appl.h>
 # include <security/pam_misc.h>
+
+# if 0
+/* This supposedly can be used to avoid double password prompt,
+ * if used instead of standard misc_conv():
+ *
+ * "When we want to authenticate first with local method and then with tacacs for example,
+ *  the password is asked for local method and if not good is asked a second time for tacacs.
+ *  So if we want to authenticate a user with tacacs, and the user exists localy, the password is
+ *  asked two times before authentication is accepted."
+ *
+ * However, code looks shaky. For example, why misc_conv() return value is ignored?
+ * Are msg[i] and resp[i] indexes handled correctly?
+ */
+static char *passwd = NULL;
+static int my_conv(int num_msg, const struct pam_message **msg,
+        struct pam_response **resp, void *data)
+{
+    int i;
+    for (i = 0; i < num_msg; i++) {
+        switch (msg[i]->msg_style) {
+        case PAM_PROMPT_ECHO_OFF:
+            if (passwd == NULL) {
+                misc_conv(num_msg, msg, resp, data);
+                passwd = xstrdup(resp[i]->resp);
+                return PAM_SUCCESS;
+            }
+
+            resp[0] = xzalloc(sizeof(struct pam_response));
+            resp[0]->resp = passwd;
+            passwd = NULL;
+            resp[0]->resp_retcode = PAM_SUCCESS;
+            resp[1] = NULL;
+            return PAM_SUCCESS;
+
+        default:
+            break;
+        }
+    }
+
+    return PAM_SUCCESS;
+}
+# endif
+
 static const struct pam_conv conv = {
     misc_conv,
@@ -46 +140 @@
     struct termios tty_attrs;
 } FIX_ALIASING;
-#define G (*(struct globals*)&bb_common_bufsiz1)
-#define INIT_G() do { } while (0)
+#define G (*(struct globals*)bb_common_bufsiz1)
+#define INIT_G() do { setup_common_bufsiz(); } while (0)
 
 
@@ -421 +515 @@
          * If we get interrupted by SIGALRM, we need to restore attrs.
          */
-        if (correct_password(pw))
+        if (ask_and_check_password(pw) > 0)
             break;
 #endif /* ENABLE_PAM */
@@ -455 +549 @@
             if (safe_waitpid(child_pid, NULL, 0) == -1)
                 bb_perror_msg("waitpid");
-            update_utmp(child_pid, DEAD_PROCESS, NULL, NULL, NULL);
+            update_utmp_DEAD_PROCESS(child_pid);
         }
         IF_PAM(login_pam_end(pamh);)
@@ -490 +584 @@
 #endif
 
-    motd();
+    if (access(".hushlogin", F_OK) != 0)
+        motd();
 
     if (pw->pw_uid == 0)

branches/3.3/mindi-busybox/loginutils/passwd.c

@@ -3 +3 @@
  * Licensed under GPLv2 or later, see file LICENSE in this source tree.
  */
+//config:config PASSWD
+//config:   bool "passwd"
+//config:   default y
+//config:   select FEATURE_SYSLOG
+//config:   help
+//config:     passwd changes passwords for user and group accounts. A normal user
+//config:     may only change the password for his/her own account, the super user
+//config:     may change the password for any account. The administrator of a group
+//config:     may change the password for the group.
+//config:
+//config:     Note that Busybox binary must be setuid root for this applet to
+//config:     work properly.
+//config:
+//config:config FEATURE_PASSWD_WEAK_CHECK
+//config:   bool "Check new passwords for weakness"
+//config:   default y
+//config:   depends on PASSWD
+//config:   help
+//config:     With this option passwd will refuse new passwords which are "weak".
+
+//applet:/* Needs to be run by root or be suid root - needs to change /etc/{passwd,shadow}: */
+//applet:IF_PASSWD(APPLET(passwd, BB_DIR_USR_BIN, BB_SUID_REQUIRE))
+
+//kbuild:lib-$(CONFIG_PASSWD) += passwd.o
 
 //usage:#define passwd_trivial_usage
@@ -17 +41 @@
 #include <syslog.h>
 #include <sys/resource.h> /* setrlimit */
-
-static void nuke_str(char *str)
-{
-    if (str) memset(str, 0, strlen(str));
-}
 
 static char* new_password(const struct passwd *pw, uid_t myuid, const char *algo)
@@ -212 +231 @@
     if (rc < 0)
         bb_error_msg_and_die("can't update password file %s", filename);
-    bb_info_msg("Password for %s changed by %s", name, myname);
+    bb_error_msg("password for %s changed by %s", name, myname);
 
     /*if (ENABLE_FEATURE_CLEAN_UP) free(newp); - can't, it may be non-malloced */

branches/3.3/mindi-busybox/loginutils/su.c

@@ -5 +5 @@
  * Licensed under GPLv2 or later, see file LICENSE in this source tree.
  */
+//config:config SU
+//config:   bool "su"
+//config:   default y
+//config:   select FEATURE_SYSLOG
+//config:   help
+//config:     su is used to become another user during a login session.
+//config:     Invoked without a username, su defaults to becoming the super user.
+//config:
+//config:     Note that Busybox binary must be setuid root for this applet to
+//config:     work properly.
+//config:
+//config:config FEATURE_SU_SYSLOG
+//config:   bool "Enable su to write to syslog"
+//config:   default y
+//config:   depends on SU
+//config:
+//config:config FEATURE_SU_CHECKS_SHELLS
+//config:   bool "Enable su to check user's shell to be listed in /etc/shells"
+//config:   depends on SU
+//config:   default y
 
-#include "libbb.h"
-#include <syslog.h>
+//applet:/* Needs to be run by root or be suid root - needs to change uid and gid: */
+//applet:IF_SU(APPLET(su, BB_DIR_BIN, BB_SUID_REQUIRE))
+
+//kbuild:lib-$(CONFIG_SU) += su.o
 
 //usage:#define su_trivial_usage
@@ -17 +39 @@
 //usage:     "\n    -c CMD  Command to pass to 'sh -c'"
 //usage:     "\n    -s SH   Shell to use instead of user's default"
+
+#include "libbb.h"
+#include <syslog.h>
 
 #if ENABLE_FEATURE_SU_CHECKS_SHELLS
@@ -94 +119 @@
     pw = xgetpwnam(opt_username);
 
-    if (cur_uid == 0 || correct_password(pw)) {
+    if (cur_uid == 0 || ask_and_check_password(pw) > 0) {
         if (ENABLE_FEATURE_SU_SYSLOG)
             syslog(LOG_NOTICE, "%c %s %s:%s",
@@ -102 +127 @@
             syslog(LOG_NOTICE, "%c %s %s:%s",
                 '-', tty, old_user, opt_username);
+        bb_do_delay(LOGIN_FAIL_DELAY);
         bb_error_msg_and_die("incorrect password");
     }

branches/3.3/mindi-busybox/loginutils/sulogin.c

@@ -5 +5 @@
  * Licensed under GPLv2 or later, see file LICENSE in this source tree.
  */
+//config:config SULOGIN
+//config:   bool "sulogin"
+//config:   default y
+//config:   select FEATURE_SYSLOG
+//config:   help
+//config:     sulogin is invoked when the system goes into single user
+//config:     mode (this is done through an entry in inittab).
+
+//applet:IF_SULOGIN(APPLET(sulogin, BB_DIR_SBIN, BB_SUID_DROP))
+
+//kbuild:lib-$(CONFIG_SULOGIN) += sulogin.o
 
 //usage:#define sulogin_trivial_usage
@@ -15 +26 @@
 #include <syslog.h>
 
-//static void catchalarm(int UNUSED_PARAM junk)
-//{
-//  exit(EXIT_FAILURE);
-//}
-
-
 int sulogin_main(int argc, char **argv) MAIN_EXTERNALLY_VISIBLE;
 int sulogin_main(int argc UNUSED_PARAM, char **argv)
 {
-    char *cp;
     int timeout = 0;
     struct passwd *pwd;
     const char *shell;
-#if ENABLE_FEATURE_SHADOWPASSWDS
-    /* Using _r function to avoid pulling in static buffers */
-    char buffer[256];
-    struct spwd spw;
-#endif
+
+    /* Note: sulogin is not a suid app. It is meant to be run by init
+     * for single user / emergency mode. init starts it as root.
+     * Normal users (potentially malisious ones) can only run it under
+     * their UID, therefore no paranoia here is warranted:
+     * $LD_LIBRARY_PATH in env, TTY = /dev/sda
+     * are no more dangerous here than in e.g. cp applet.
+     */
 
     logmode = LOGMODE_BOTH;
@@ -49 +56 @@
     }
 
-    /* Malicious use like "sulogin /dev/sda"? */
-    if (!isatty(0) || !isatty(1) || !isatty(2)) {
-        logmode = LOGMODE_SYSLOG;
-        bb_error_msg_and_die("not a tty");
+    pwd = getpwuid(0);
+    if (!pwd) {
+        bb_error_msg_and_die("no password entry for root");
     }
 
-    /* Clear dangerous stuff, set PATH */
-    sanitize_env_if_suid();
-
-    pwd = getpwuid(0);
-    if (!pwd) {
-        goto auth_error;
-    }
-
-#if ENABLE_FEATURE_SHADOWPASSWDS
-    {
-        /* getspnam_r may return 0 yet set result to NULL.
-         * At least glibc 2.4 does this. Be extra paranoid here. */
-        struct spwd *result = NULL;
-        int r = getspnam_r(pwd->pw_name, &spw, buffer, sizeof(buffer), &result);
-        if (r || !result) {
-            goto auth_error;
-        }
-        pwd->pw_passwd = result->sp_pwdp;
-    }
-#endif
-
     while (1) {
-        char *encrypted;
         int r;
 
-        /* cp points to a static buffer that is zeroed every time */
-        cp = bb_ask(STDIN_FILENO, timeout,
-                "Give root password for system maintenance\n"
-                "(or type Control-D for normal startup):");
-
-        if (!cp || !*cp) {
-            bb_info_msg("Normal startup");
+        r = ask_and_check_password_extended(pwd, timeout,
+            "Give root password for system maintenance\n"
+            "(or type Control-D for normal startup):"
+        );
+        if (r < 0) {
+            /* ^D, ^C, timeout, or read error */
+            bb_error_msg("normal startup");
             return 0;
         }
-        encrypted = pw_encrypt(cp, pwd->pw_passwd, 1);
-        r = strcmp(encrypted, pwd->pw_passwd);
-        free(encrypted);
-        if (r == 0) {
+        if (r > 0) {
             break;
         }
         bb_do_delay(LOGIN_FAIL_DELAY);
-        bb_info_msg("Login incorrect");
+        bb_error_msg("Login incorrect");
     }
-    memset(cp, 0, strlen(cp));
-//  signal(SIGALRM, SIG_DFL);
 
-    bb_info_msg("System Maintenance Mode");
+    bb_error_msg("starting shell for system maintenance");
 
     IF_SELINUX(renew_current_security_context());
@@ -113 +92 @@
     /* Exec login shell with no additional parameters. Never returns. */
     run_shell(shell, 1, NULL, NULL);
-
- auth_error:
-    bb_error_msg_and_die("no password entry for root");
 }

branches/3.3/mindi-busybox/loginutils/vlock.c

@@ -14 +14 @@
  */
 /* Fixed by Erik Andersen to do passwords the tinylogin way...
- * It now works with md5, sha1, etc passwords. */
+ * It now works with md5, sha1, etc passwords.
+ */
+//config:config VLOCK
+//config:   bool "vlock"
+//config:   default y
+//config:   help
+//config:     Build the "vlock" applet which allows you to lock (virtual) terminals.
+//config:
+//config:     Note that Busybox binary must be setuid root for this applet to
+//config:     work properly.
+
+//applet:/* Needs to be run by root or be suid root - needs to change uid and gid: */
+//applet:IF_VLOCK(APPLET(vlock, BB_DIR_USR_BIN, BB_SUID_REQUIRE))
+
+//kbuild:lib-$(CONFIG_VLOCK) += vlock.o
 
 //usage:#define vlock_trivial_usage
@@ -105 +119 @@
                 pw->pw_name
         );
-        if (correct_password(pw)) {
+        if (ask_and_check_password(pw) > 0) {
             break;
         }