diff --git a/include/applets.src.h b/include/applets.src.h index f49179996..5b597202e 100644 --- a/include/applets.src.h +++ b/include/applets.src.h @@ -76,8 +76,6 @@ INSERT IF_TEST(APPLET_NOFORK([, test, BB_DIR_USR_BIN, BB_SUID_DROP, test)) IF_TEST(APPLET_NOFORK([[, test, BB_DIR_USR_BIN, BB_SUID_DROP, test)) IF_ACPID(APPLET(acpid, BB_DIR_SBIN, BB_SUID_DROP)) -IF_ADDGROUP(APPLET(addgroup, BB_DIR_USR_SBIN, BB_SUID_DROP)) -IF_ADDUSER(APPLET(adduser, BB_DIR_USR_SBIN, BB_SUID_DROP)) IF_ADJTIMEX(APPLET(adjtimex, BB_DIR_SBIN, BB_SUID_DROP)) IF_ARP(APPLET(arp, BB_DIR_SBIN, BB_SUID_DROP)) IF_ARPING(APPLET(arping, BB_DIR_USR_SBIN, BB_SUID_DROP)) @@ -94,7 +92,6 @@ IF_CHCON(APPLET(chcon, BB_DIR_USR_BIN, BB_SUID_DROP)) IF_CHGRP(APPLET_NOEXEC(chgrp, chgrp, BB_DIR_BIN, BB_SUID_DROP, chgrp)) IF_CHMOD(APPLET_NOEXEC(chmod, chmod, BB_DIR_BIN, BB_SUID_DROP, chmod)) IF_CHOWN(APPLET_NOEXEC(chown, chown, BB_DIR_BIN, BB_SUID_DROP, chown)) -IF_CHPASSWD(APPLET(chpasswd, BB_DIR_USR_SBIN, BB_SUID_DROP)) IF_CHROOT(APPLET(chroot, BB_DIR_USR_SBIN, BB_SUID_DROP)) IF_CHRT(APPLET(chrt, BB_DIR_USR_BIN, BB_SUID_DROP)) IF_CHVT(APPLET(chvt, BB_DIR_USR_BIN, BB_SUID_DROP)) @@ -104,13 +101,10 @@ IF_COMM(APPLET(comm, BB_DIR_USR_BIN, BB_SUID_DROP)) IF_CP(APPLET_NOEXEC(cp, cp, BB_DIR_BIN, BB_SUID_DROP, cp)) /* Needs to be run by root or be suid root - needs to change /var/spool/cron* files: */ IF_CRONTAB(APPLET(crontab, BB_DIR_USR_BIN, BB_SUID_REQUIRE)) -IF_CRYPTPW(APPLET(cryptpw, BB_DIR_USR_BIN, BB_SUID_DROP)) IF_CUT(APPLET_NOEXEC(cut, cut, BB_DIR_USR_BIN, BB_SUID_DROP, cut)) IF_DC(APPLET(dc, BB_DIR_USR_BIN, BB_SUID_DROP)) IF_DD(APPLET_NOEXEC(dd, dd, BB_DIR_BIN, BB_SUID_DROP, dd)) IF_DEALLOCVT(APPLET(deallocvt, BB_DIR_USR_BIN, BB_SUID_DROP)) -IF_DELGROUP(APPLET_ODDNAME(delgroup, deluser, BB_DIR_USR_SBIN, BB_SUID_DROP, delgroup)) -IF_DELUSER(APPLET(deluser, BB_DIR_USR_SBIN, BB_SUID_DROP)) IF_DEVFSD(APPLET(devfsd, BB_DIR_SBIN, BB_SUID_DROP)) IF_DEVMEM(APPLET(devmem, BB_DIR_SBIN, BB_SUID_DROP)) IF_DF(APPLET(df, BB_DIR_BIN, BB_SUID_DROP)) @@ -160,7 +154,6 @@ IF_FUSER(APPLET(fuser, BB_DIR_USR_BIN, BB_SUID_DROP)) IF_GETENFORCE(APPLET(getenforce, BB_DIR_USR_SBIN, BB_SUID_DROP)) IF_GETOPT(APPLET(getopt, BB_DIR_BIN, BB_SUID_DROP)) IF_GETSEBOOL(APPLET(getsebool, BB_DIR_USR_SBIN, BB_SUID_DROP)) -IF_GETTY(APPLET(getty, BB_DIR_SBIN, BB_SUID_DROP)) IF_HD(APPLET_NOEXEC(hd, hexdump, BB_DIR_USR_BIN, BB_SUID_DROP, hd)) IF_HDPARM(APPLET(hdparm, BB_DIR_SBIN, BB_SUID_DROP)) IF_HEAD(APPLET_NOEXEC(head, head, BB_DIR_USR_BIN, BB_SUID_DROP, head)) @@ -205,8 +198,6 @@ IF_LN(APPLET_NOEXEC(ln, ln, BB_DIR_BIN, BB_SUID_DROP, ln)) IF_LOAD_POLICY(APPLET(load_policy, BB_DIR_USR_SBIN, BB_SUID_DROP)) IF_LOADFONT(APPLET(loadfont, BB_DIR_USR_SBIN, BB_SUID_DROP)) IF_LOADKMAP(APPLET(loadkmap, BB_DIR_SBIN, BB_SUID_DROP)) -/* Needs to be run by root or be suid root - needs to change uid and gid: */ -IF_LOGIN(APPLET(login, BB_DIR_BIN, BB_SUID_REQUIRE)) IF_LOGNAME(APPLET_NOFORK(logname, logname, BB_DIR_USR_BIN, BB_SUID_DROP, logname)) IF_LOSETUP(APPLET(losetup, BB_DIR_SBIN, BB_SUID_DROP)) IF_LS(APPLET_NOEXEC(ls, ls, BB_DIR_BIN, BB_SUID_DROP, ls)) @@ -228,7 +219,6 @@ IF_MKFS_MINIX(APPLET_ODDNAME(mkfs.minix, mkfs_minix, BB_DIR_SBIN, BB_SUID_DROP, IF_MKFS_REISER(APPLET_ODDNAME(mkfs.reiser, mkfs_reiser, BB_DIR_SBIN, BB_SUID_DROP, mkfs_reiser)) IF_MKFS_VFAT(APPLET_ODDNAME(mkfs.vfat, mkfs_vfat, BB_DIR_SBIN, BB_SUID_DROP, mkfs_vfat)) IF_MKNOD(APPLET_NOEXEC(mknod, mknod, BB_DIR_BIN, BB_SUID_DROP, mknod)) -IF_CRYPTPW(APPLET_ODDNAME(mkpasswd, cryptpw, BB_DIR_USR_BIN, BB_SUID_DROP, mkpasswd)) IF_MKSWAP(APPLET(mkswap, BB_DIR_SBIN, BB_SUID_DROP)) IF_MORE(APPLET(more, BB_DIR_BIN, BB_SUID_DROP)) /* On full-blown systems, requires suid for user mounts. @@ -249,8 +239,6 @@ IF_NTPD(APPLET(ntpd, BB_DIR_USR_SBIN, BB_SUID_DROP)) IF_OD(APPLET(od, BB_DIR_USR_BIN, BB_SUID_DROP)) IF_OPENVT(APPLET(openvt, BB_DIR_USR_BIN, BB_SUID_DROP)) //IF_PARSE(APPLET(parse, BB_DIR_USR_BIN, BB_SUID_DROP)) -/* Needs to be run by root or be suid root - needs to change /etc/{passwd,shadow}: */ -IF_PASSWD(APPLET(passwd, BB_DIR_USR_BIN, BB_SUID_REQUIRE)) IF_PGREP(APPLET(pgrep, BB_DIR_USR_BIN, BB_SUID_DROP)) IF_PIDOF(APPLET(pidof, BB_DIR_BIN, BB_SUID_DROP)) IF_PIVOT_ROOT(APPLET(pivot_root, BB_DIR_SBIN, BB_SUID_DROP)) @@ -308,9 +296,6 @@ IF_SPLIT(APPLET(split, BB_DIR_USR_BIN, BB_SUID_DROP)) IF_STAT(APPLET(stat, BB_DIR_BIN, BB_SUID_DROP)) IF_STRINGS(APPLET(strings, BB_DIR_USR_BIN, BB_SUID_DROP)) IF_STTY(APPLET(stty, BB_DIR_BIN, BB_SUID_DROP)) -/* Needs to be run by root or be suid root - needs to change uid and gid: */ -IF_SU(APPLET(su, BB_DIR_BIN, BB_SUID_REQUIRE)) -IF_SULOGIN(APPLET(sulogin, BB_DIR_SBIN, BB_SUID_DROP)) IF_SUM(APPLET(sum, BB_DIR_USR_BIN, BB_SUID_DROP)) IF_SWAPONOFF(APPLET_ODDNAME(swapoff, swap_on_off, BB_DIR_SBIN, BB_SUID_DROP, swapoff)) IF_SWAPONOFF(APPLET_ODDNAME(swapon, swap_on_off, BB_DIR_SBIN, BB_SUID_DROP, swapon)) @@ -352,8 +337,6 @@ IF_USLEEP(APPLET_NOFORK(usleep, usleep, BB_DIR_BIN, BB_SUID_DROP, usleep)) IF_UUDECODE(APPLET(uudecode, BB_DIR_USR_BIN, BB_SUID_DROP)) IF_UUENCODE(APPLET(uuencode, BB_DIR_USR_BIN, BB_SUID_DROP)) IF_VCONFIG(APPLET(vconfig, BB_DIR_SBIN, BB_SUID_DROP)) -/* Needs to be run by root or be suid root - needs to change uid and gid: */ -IF_VLOCK(APPLET(vlock, BB_DIR_USR_BIN, BB_SUID_REQUIRE)) IF_VOLNAME(APPLET(volname, BB_DIR_USR_BIN, BB_SUID_DROP)) IF_WATCH(APPLET(watch, BB_DIR_BIN, BB_SUID_DROP)) IF_WATCHDOG(APPLET(watchdog, BB_DIR_SBIN, BB_SUID_DROP)) diff --git a/loginutils/Config.src b/loginutils/Config.src index fa2b4f8c0..efb954b6c 100644 --- a/loginutils/Config.src +++ b/loginutils/Config.src @@ -5,8 +5,6 @@ menu "Login/Password Management Utilities" -INSERT - config FEATURE_SHADOWPASSWDS bool "Support for shadow passwords" default y @@ -93,239 +91,6 @@ config USE_BB_CRYPT_SHA With this option off, login will fail password check for any user which has password encrypted with these algorithms. -config ADDUSER - bool "adduser" - default y - help - Utility for creating a new user account. - -config FEATURE_ADDUSER_LONG_OPTIONS - bool "Enable long options" - default y - depends on ADDUSER && LONG_OPTS - help - Support long options for the adduser applet. - -config FEATURE_CHECK_NAMES - bool "Enable sanity check on user/group names in adduser and addgroup" - default n - depends on ADDUSER || ADDGROUP - help - Enable sanity check on user and group names in adduser and addgroup. - To avoid problems, the user or group name should consist only of - letters, digits, underscores, periods, at signs and dashes, - and not start with a dash (as defined by IEEE Std 1003.1-2001). - For compatibility with Samba machine accounts "$" is also supported - at the end of the user or group name. - -config LAST_ID - int "Last valid uid or gid for adduser and addgroup" - depends on ADDUSER || ADDGROUP - default 60000 - help - Last valid uid or gid for adduser and addgroup - -config FIRST_SYSTEM_ID - int "First valid system uid or gid for adduser and addgroup" - depends on ADDUSER || ADDGROUP - range 0 LAST_ID - default 100 - help - First valid system uid or gid for adduser and addgroup - -config LAST_SYSTEM_ID - int "Last valid system uid or gid for adduser and addgroup" - depends on ADDUSER || ADDGROUP - range FIRST_SYSTEM_ID LAST_ID - default 999 - help - Last valid system uid or gid for adduser and addgroup - -config ADDGROUP - bool "addgroup" - default y - help - Utility for creating a new group account. - -config FEATURE_ADDGROUP_LONG_OPTIONS - bool "Enable long options" - default y - depends on ADDGROUP && LONG_OPTS - help - Support long options for the addgroup applet. - -config FEATURE_ADDUSER_TO_GROUP - bool "Support for adding users to groups" - default y - depends on ADDGROUP - help - If called with two non-option arguments, - addgroup will add an existing user to an - existing group. - -config DELUSER - bool "deluser" - default y - help - Utility for deleting a user account. - -config DELGROUP - bool "delgroup" - default y - help - Utility for deleting a group account. - -config FEATURE_DEL_USER_FROM_GROUP - bool "Support for removing users from groups" - default y - depends on DELGROUP - help - If called with two non-option arguments, deluser - or delgroup will remove an user from a specified group. - -config GETTY - bool "getty" - default y - select FEATURE_SYSLOG - help - getty lets you log in on a tty. It is normally invoked by init. - - Note that you can save a few bytes by disabling it and - using login applet directly. - If you need to reset tty attributes before calling login, - this script approximates getty: - - exec /dev/$1 2>&1 || exit 1 - reset - stty sane; stty ispeed 38400; stty ospeed 38400 - printf "%s login: " "`hostname`" - read -r login - exec /bin/login "$login" - -config LOGIN - bool "login" - default y - select FEATURE_SYSLOG - help - login is used when signing onto a system. - - Note that Busybox binary must be setuid root for this applet to - work properly. - -config LOGIN_SESSION_AS_CHILD - bool "Run logged in session in a child process" - default y if PAM - depends on LOGIN - help - Run the logged in session in a child process. This allows - login to clean up things such as utmp entries or PAM sessions - when the login session is complete. If you use PAM, you - almost always would want this to be set to Y, else PAM session - will not be cleaned up. - -config LOGIN_SCRIPTS - bool "Support for login scripts" - depends on LOGIN - default y - help - Enable this if you want login to execute $LOGIN_PRE_SUID_SCRIPT - just prior to switching from root to logged-in user. - -config FEATURE_NOLOGIN - bool "Support for /etc/nologin" - default y - depends on LOGIN - help - The file /etc/nologin is used by (some versions of) login(1). - If it exists, non-root logins are prohibited. - -config FEATURE_SECURETTY - bool "Support for /etc/securetty" - default y - depends on LOGIN - help - The file /etc/securetty is used by (some versions of) login(1). - The file contains the device names of tty lines (one per line, - without leading /dev/) on which root is allowed to login. - -config PASSWD - bool "passwd" - default y - select FEATURE_SYSLOG - help - passwd changes passwords for user and group accounts. A normal user - may only change the password for his/her own account, the super user - may change the password for any account. The administrator of a group - may change the password for the group. - - Note that Busybox binary must be setuid root for this applet to - work properly. - -config FEATURE_PASSWD_WEAK_CHECK - bool "Check new passwords for weakness" - default y - depends on PASSWD - help - With this option passwd will refuse new passwords which are "weak". - -config CRYPTPW - bool "cryptpw" - default y - help - Encrypts the given password with the crypt(3) libc function - using the given salt. Debian has this utility under mkpasswd - name. Busybox provides mkpasswd as an alias for cryptpw. - -config CHPASSWD - bool "chpasswd" - default y - help - Reads a file of user name and password pairs from standard input - and uses this information to update a group of existing users. - -config FEATURE_DEFAULT_PASSWD_ALGO - string "Default password encryption method (passwd -a, cryptpw -m parameter)" - default "des" - depends on PASSWD || CRYPTPW - help - Possible choices are "d[es]", "m[d5]", "s[ha256]" or "sha512". - -config SU - bool "su" - default y - select FEATURE_SYSLOG - help - su is used to become another user during a login session. - Invoked without a username, su defaults to becoming the super user. - - Note that Busybox binary must be setuid root for this applet to - work properly. - -config FEATURE_SU_SYSLOG - bool "Enable su to write to syslog" - default y - depends on SU - -config FEATURE_SU_CHECKS_SHELLS - bool "Enable su to check user's shell to be listed in /etc/shells" - depends on SU - default y - -config SULOGIN - bool "sulogin" - default y - select FEATURE_SYSLOG - help - sulogin is invoked when the system goes into single user - mode (this is done through an entry in inittab). - -config VLOCK - bool "vlock" - default y - help - Build the "vlock" applet which allows you to lock (virtual) terminals. - - Note that Busybox binary must be setuid root for this applet to - work properly. +INSERT endmenu diff --git a/loginutils/Kbuild.src b/loginutils/Kbuild.src index ef416a76f..6b4fb7470 100644 --- a/loginutils/Kbuild.src +++ b/loginutils/Kbuild.src @@ -7,15 +7,3 @@ lib-y:= INSERT -lib-$(CONFIG_ADDGROUP) += addgroup.o -lib-$(CONFIG_ADDUSER) += adduser.o -lib-$(CONFIG_CRYPTPW) += cryptpw.o -lib-$(CONFIG_CHPASSWD) += chpasswd.o -lib-$(CONFIG_GETTY) += getty.o -lib-$(CONFIG_LOGIN) += login.o -lib-$(CONFIG_PASSWD) += passwd.o -lib-$(CONFIG_SU) += su.o -lib-$(CONFIG_SULOGIN) += sulogin.o -lib-$(CONFIG_VLOCK) += vlock.o -lib-$(CONFIG_DELUSER) += deluser.o -lib-$(CONFIG_DELGROUP) += deluser.o diff --git a/loginutils/add-remove-shell.c b/loginutils/add-remove-shell.c index 9419ff5e7..ce4a7bbd2 100644 --- a/loginutils/add-remove-shell.c +++ b/loginutils/add-remove-shell.c @@ -7,13 +7,6 @@ * Licensed under GPLv2 or later, see the LICENSE file in this source tree * for details. */ - -//applet:IF_ADD_SHELL( APPLET_ODDNAME(add-shell , add_remove_shell, BB_DIR_USR_SBIN, BB_SUID_DROP, add_shell )) -//applet:IF_REMOVE_SHELL(APPLET_ODDNAME(remove-shell, add_remove_shell, BB_DIR_USR_SBIN, BB_SUID_DROP, remove_shell)) - -//kbuild:lib-$(CONFIG_ADD_SHELL) += add-remove-shell.o -//kbuild:lib-$(CONFIG_REMOVE_SHELL) += add-remove-shell.o - //config:config ADD_SHELL //config: bool "add-shell" //config: default y if DESKTOP @@ -26,6 +19,12 @@ //config: help //config: Remove shells from /etc/shells. +//applet:IF_ADD_SHELL( APPLET_ODDNAME(add-shell , add_remove_shell, BB_DIR_USR_SBIN, BB_SUID_DROP, add_shell )) +//applet:IF_REMOVE_SHELL(APPLET_ODDNAME(remove-shell, add_remove_shell, BB_DIR_USR_SBIN, BB_SUID_DROP, remove_shell)) + +//kbuild:lib-$(CONFIG_ADD_SHELL) += add-remove-shell.o +//kbuild:lib-$(CONFIG_REMOVE_SHELL) += add-remove-shell.o + //usage:#define add_shell_trivial_usage //usage: "SHELL..." //usage:#define add_shell_full_usage "\n\n" diff --git a/loginutils/addgroup.c b/loginutils/addgroup.c index 260e337f3..4d4fc3f28 100644 --- a/loginutils/addgroup.c +++ b/loginutils/addgroup.c @@ -9,6 +9,31 @@ * Licensed under GPLv2 or later, see file LICENSE in this source tree. * */ +//config:config ADDGROUP +//config: bool "addgroup" +//config: default y +//config: help +//config: Utility for creating a new group account. +//config: +//config:config FEATURE_ADDGROUP_LONG_OPTIONS +//config: bool "Enable long options" +//config: default y +//config: depends on ADDGROUP && LONG_OPTS +//config: help +//config: Support long options for the addgroup applet. +//config: +//config:config FEATURE_ADDUSER_TO_GROUP +//config: bool "Support for adding users to groups" +//config: default y +//config: depends on ADDGROUP +//config: help +//config: If called with two non-option arguments, +//config: addgroup will add an existing user to an +//config: existing group. + +//applet:IF_ADDGROUP(APPLET(addgroup, BB_DIR_USR_SBIN, BB_SUID_DROP)) + +//kbuild:lib-$(CONFIG_ADDGROUP) += addgroup.o //usage:#define addgroup_trivial_usage //usage: "[-g GID] [-S] " IF_FEATURE_ADDUSER_TO_GROUP("[USER] ") "GROUP" diff --git a/loginutils/adduser.c b/loginutils/adduser.c index 605e3363f..608fb8437 100644 --- a/loginutils/adduser.c +++ b/loginutils/adduser.c @@ -7,6 +7,57 @@ * * Licensed under GPLv2 or later, see file LICENSE in this source tree. */ +//config:config ADDUSER +//config: bool "adduser" +//config: default y +//config: help +//config: Utility for creating a new user account. +//config: +//config:config FEATURE_ADDUSER_LONG_OPTIONS +//config: bool "Enable long options" +//config: default y +//config: depends on ADDUSER && LONG_OPTS +//config: help +//config: Support long options for the adduser applet. +//config: +//config:config FEATURE_CHECK_NAMES +//config: bool "Enable sanity check on user/group names in adduser and addgroup" +//config: default n +//config: depends on ADDUSER || ADDGROUP +//config: help +//config: Enable sanity check on user and group names in adduser and addgroup. +//config: To avoid problems, the user or group name should consist only of +//config: letters, digits, underscores, periods, at signs and dashes, +//config: and not start with a dash (as defined by IEEE Std 1003.1-2001). +//config: For compatibility with Samba machine accounts "$" is also supported +//config: at the end of the user or group name. +//config: +//config:config LAST_ID +//config: int "Last valid uid or gid for adduser and addgroup" +//config: depends on ADDUSER || ADDGROUP +//config: default 60000 +//config: help +//config: Last valid uid or gid for adduser and addgroup +//config: +//config:config FIRST_SYSTEM_ID +//config: int "First valid system uid or gid for adduser and addgroup" +//config: depends on ADDUSER || ADDGROUP +//config: range 0 LAST_ID +//config: default 100 +//config: help +//config: First valid system uid or gid for adduser and addgroup +//config: +//config:config LAST_SYSTEM_ID +//config: int "Last valid system uid or gid for adduser and addgroup" +//config: depends on ADDUSER || ADDGROUP +//config: range FIRST_SYSTEM_ID LAST_ID +//config: default 999 +//config: help +//config: Last valid system uid or gid for adduser and addgroup + +//applet:IF_ADDUSER(APPLET(adduser, BB_DIR_USR_SBIN, BB_SUID_DROP)) + +//kbuild:lib-$(CONFIG_ADDUSER) += adduser.o //usage:#define adduser_trivial_usage //usage: "[OPTIONS] USER [GROUP]" diff --git a/loginutils/chpasswd.c b/loginutils/chpasswd.c index 54ed73795..6c41d17be 100644 --- a/loginutils/chpasswd.c +++ b/loginutils/chpasswd.c @@ -5,7 +5,23 @@ * Written for SLIND (from passwd.c) by Alexander Shishkin * Licensed under GPLv2 or later, see file LICENSE in this source tree. */ -#include "libbb.h" +//config:config CHPASSWD +//config: bool "chpasswd" +//config: default y +//config: help +//config: Reads a file of user name and password pairs from standard input +//config: and uses this information to update a group of existing users. +//config: +//config:config FEATURE_DEFAULT_PASSWD_ALGO +//config: string "Default password encryption method (passwd -a, cryptpw -m parameter)" +//config: default "des" +//config: depends on PASSWD || CRYPTPW +//config: help +//config: Possible choices are "d[es]", "m[d5]", "s[ha256]" or "sha512". + +//applet:IF_CHPASSWD(APPLET(chpasswd, BB_DIR_USR_SBIN, BB_SUID_DROP)) + +//kbuild:lib-$(CONFIG_CHPASSWD) += chpasswd.o //usage:#define chpasswd_trivial_usage //usage: IF_LONG_OPTS("[--md5|--encrypted]") IF_NOT_LONG_OPTS("[-m|-e]") @@ -22,6 +38,8 @@ //TODO: implement -c ALGO +#include "libbb.h" + #if ENABLE_LONG_OPTS static const char chpasswd_longopts[] ALIGN1 = "encrypted\0" No_argument "e" diff --git a/loginutils/cryptpw.c b/loginutils/cryptpw.c index 29f0fbe91..55dcc2914 100644 --- a/loginutils/cryptpw.c +++ b/loginutils/cryptpw.c @@ -9,6 +9,18 @@ * * Licensed under GPLv2, see file LICENSE in this source tree. */ +//config:config CRYPTPW +//config: bool "cryptpw" +//config: default y +//config: help +//config: Encrypts the given password with the crypt(3) libc function +//config: using the given salt. Debian has this utility under mkpasswd +//config: name. Busybox provides mkpasswd as an alias for cryptpw. + +//applet:IF_CRYPTPW(APPLET(cryptpw, BB_DIR_USR_BIN, BB_SUID_DROP)) +//applet:IF_CRYPTPW(APPLET_ODDNAME(mkpasswd, cryptpw, BB_DIR_USR_BIN, BB_SUID_DROP, mkpasswd)) + +//kbuild:lib-$(CONFIG_CRYPTPW) += cryptpw.o //usage:#define cryptpw_trivial_usage //usage: "[OPTIONS] [PASSWORD] [SALT]" diff --git a/loginutils/deluser.c b/loginutils/deluser.c index 110cd6310..7c3caf9e3 100644 --- a/loginutils/deluser.c +++ b/loginutils/deluser.c @@ -7,8 +7,32 @@ * Copyright (C) 2007 by Tito Ragusa * * Licensed under GPLv2, see file LICENSE in this source tree. - * */ +//config:config DELUSER +//config: bool "deluser" +//config: default y +//config: help +//config: Utility for deleting a user account. +//config: +//config:config DELGROUP +//config: bool "delgroup" +//config: default y +//config: help +//config: Utility for deleting a group account. +//config: +//config:config FEATURE_DEL_USER_FROM_GROUP +//config: bool "Support for removing users from groups" +//config: default y +//config: depends on DELGROUP +//config: help +//config: If called with two non-option arguments, deluser +//config: or delgroup will remove an user from a specified group. + +//applet:IF_DELUSER(APPLET(deluser, BB_DIR_USR_SBIN, BB_SUID_DROP)) +//applet:IF_DELGROUP(APPLET_ODDNAME(delgroup, deluser, BB_DIR_USR_SBIN, BB_SUID_DROP, delgroup)) + +//kbuild:lib-$(CONFIG_DELUSER) += deluser.o +//kbuild:lib-$(CONFIG_DELGROUP) += deluser.o //usage:#define deluser_trivial_usage //usage: IF_LONG_OPTS("[--remove-home] ") "USER" diff --git a/loginutils/getty.c b/loginutils/getty.c index 762d5c773..b10bdbdbf 100644 --- a/loginutils/getty.c +++ b/loginutils/getty.c @@ -21,6 +21,28 @@ * * Licensed under GPLv2 or later, see file LICENSE in this source tree. */ +//config:config GETTY +//config: bool "getty" +//config: default y +//config: select FEATURE_SYSLOG +//config: help +//config: getty lets you log in on a tty. It is normally invoked by init. +//config: +//config: Note that you can save a few bytes by disabling it and +//config: using login applet directly. +//config: If you need to reset tty attributes before calling login, +//config: this script approximates getty: +//config: +//config: exec /dev/$1 2>&1 || exit 1 +//config: reset +//config: stty sane; stty ispeed 38400; stty ospeed 38400 +//config: printf "%s login: " "`hostname`" +//config: read -r login +//config: exec /bin/login "$login" + +//applet:IF_GETTY(APPLET(getty, BB_DIR_SBIN, BB_SUID_DROP)) + +//kbuild:lib-$(CONFIG_GETTY) += getty.o #include "libbb.h" #include diff --git a/loginutils/login.c b/loginutils/login.c index 1700cfcb5..f1f04da19 100644 --- a/loginutils/login.c +++ b/loginutils/login.c @@ -2,6 +2,56 @@ /* * Licensed under GPLv2 or later, see file LICENSE in this source tree. */ +//config:config LOGIN +//config: bool "login" +//config: default y +//config: select FEATURE_SYSLOG +//config: help +//config: login is used when signing onto a system. +//config: +//config: Note that Busybox binary must be setuid root for this applet to +//config: work properly. +//config: +//config:config LOGIN_SESSION_AS_CHILD +//config: bool "Run logged in session in a child process" +//config: default y if PAM +//config: depends on LOGIN +//config: help +//config: Run the logged in session in a child process. This allows +//config: login to clean up things such as utmp entries or PAM sessions +//config: when the login session is complete. If you use PAM, you +//config: almost always would want this to be set to Y, else PAM session +//config: will not be cleaned up. +//config: +//config:config LOGIN_SCRIPTS +//config: bool "Support for login scripts" +//config: depends on LOGIN +//config: default y +//config: help +//config: Enable this if you want login to execute $LOGIN_PRE_SUID_SCRIPT +//config: just prior to switching from root to logged-in user. +//config: +//config:config FEATURE_NOLOGIN +//config: bool "Support for /etc/nologin" +//config: default y +//config: depends on LOGIN +//config: help +//config: The file /etc/nologin is used by (some versions of) login(1). +//config: If it exists, non-root logins are prohibited. +//config: +//config:config FEATURE_SECURETTY +//config: bool "Support for /etc/securetty" +//config: default y +//config: depends on LOGIN +//config: help +//config: The file /etc/securetty is used by (some versions of) login(1). +//config: The file contains the device names of tty lines (one per line, +//config: without leading /dev/) on which root is allowed to login. + +//applet:/* Needs to be run by root or be suid root - needs to change uid and gid: */ +//applet:IF_LOGIN(APPLET(login, BB_DIR_BIN, BB_SUID_REQUIRE)) + +//kbuild:lib-$(CONFIG_LOGIN) += login.o //usage:#define login_trivial_usage //usage: "[-p] [-h HOST] [[-f] USER]" diff --git a/loginutils/passwd.c b/loginutils/passwd.c index 150908932..73726d3e0 100644 --- a/loginutils/passwd.c +++ b/loginutils/passwd.c @@ -2,6 +2,30 @@ /* * Licensed under GPLv2 or later, see file LICENSE in this source tree. */ +//config:config PASSWD +//config: bool "passwd" +//config: default y +//config: select FEATURE_SYSLOG +//config: help +//config: passwd changes passwords for user and group accounts. A normal user +//config: may only change the password for his/her own account, the super user +//config: may change the password for any account. The administrator of a group +//config: may change the password for the group. +//config: +//config: Note that Busybox binary must be setuid root for this applet to +//config: work properly. +//config: +//config:config FEATURE_PASSWD_WEAK_CHECK +//config: bool "Check new passwords for weakness" +//config: default y +//config: depends on PASSWD +//config: help +//config: With this option passwd will refuse new passwords which are "weak". + +//applet:/* Needs to be run by root or be suid root - needs to change /etc/{passwd,shadow}: */ +//applet:IF_PASSWD(APPLET(passwd, BB_DIR_USR_BIN, BB_SUID_REQUIRE)) + +//kbuild:lib-$(CONFIG_PASSWD) += passwd.o //usage:#define passwd_trivial_usage //usage: "[OPTIONS] [USER]" diff --git a/loginutils/su.c b/loginutils/su.c index f8125054a..3c0e8c100 100644 --- a/loginutils/su.c +++ b/loginutils/su.c @@ -4,9 +4,31 @@ * * Licensed under GPLv2 or later, see file LICENSE in this source tree. */ +//config:config SU +//config: bool "su" +//config: default y +//config: select FEATURE_SYSLOG +//config: help +//config: su is used to become another user during a login session. +//config: Invoked without a username, su defaults to becoming the super user. +//config: +//config: Note that Busybox binary must be setuid root for this applet to +//config: work properly. +//config: +//config:config FEATURE_SU_SYSLOG +//config: bool "Enable su to write to syslog" +//config: default y +//config: depends on SU +//config: +//config:config FEATURE_SU_CHECKS_SHELLS +//config: bool "Enable su to check user's shell to be listed in /etc/shells" +//config: depends on SU +//config: default y -#include "libbb.h" -#include +//applet:/* Needs to be run by root or be suid root - needs to change uid and gid: */ +//applet:IF_SU(APPLET(su, BB_DIR_BIN, BB_SUID_REQUIRE)) + +//kbuild:lib-$(CONFIG_SU) += su.o //usage:#define su_trivial_usage //usage: "[OPTIONS] [-] [USER]" @@ -17,6 +39,9 @@ //usage: "\n -c CMD Command to pass to 'sh -c'" //usage: "\n -s SH Shell to use instead of user's default" +#include "libbb.h" +#include + #if ENABLE_FEATURE_SU_CHECKS_SHELLS /* Return 1 if SHELL is a restricted shell (one not returned by * getusershell), else 0, meaning it is a standard shell. */ diff --git a/loginutils/sulogin.c b/loginutils/sulogin.c index 2a2909937..19b1e304c 100644 --- a/loginutils/sulogin.c +++ b/loginutils/sulogin.c @@ -4,6 +4,18 @@ * * Licensed under GPLv2 or later, see file LICENSE in this source tree. */ +//config:config SULOGIN +//config: bool "sulogin" +//config: default y +//config: select FEATURE_SYSLOG +//config: help +//config: sulogin is invoked when the system goes into single user +//config: mode (this is done through an entry in inittab). + +//applet:/* Needs to be run by root or be suid root - needs to change uid and gid: */ +//applet:IF_SULOGIN(APPLET(sulogin, BB_DIR_SBIN, BB_SUID_DROP)) + +//kbuild:lib-$(CONFIG_SULOGIN) += sulogin.o //usage:#define sulogin_trivial_usage //usage: "[-t N] [TTY]" diff --git a/loginutils/vlock.c b/loginutils/vlock.c index 44b14e6bc..52ae607c9 100644 --- a/loginutils/vlock.c +++ b/loginutils/vlock.c @@ -13,7 +13,21 @@ * minimalistic vlock. */ /* Fixed by Erik Andersen to do passwords the tinylogin way... - * It now works with md5, sha1, etc passwords. */ + * It now works with md5, sha1, etc passwords. + */ +//config:config VLOCK +//config: bool "vlock" +//config: default y +//config: help +//config: Build the "vlock" applet which allows you to lock (virtual) terminals. +//config: +//config: Note that Busybox binary must be setuid root for this applet to +//config: work properly. + +//applet:/* Needs to be run by root or be suid root - needs to change uid and gid: */ +//applet:IF_VLOCK(APPLET(vlock, BB_DIR_USR_BIN, BB_SUID_REQUIRE)) + +//kbuild:lib-$(CONFIG_VLOCK) += vlock.o //usage:#define vlock_trivial_usage //usage: "[-a]"