loginutils/*: convert to new-style "one file" applets

Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2024-05-28 21:41:30 +00:00 · 2015-10-19 01:20:36 +02:00 · 2015-10-19 01:20:36 +02:00 · 95dee81a46
commit 95dee81a46
parent 28826ac8c0
15 changed files with 289 additions and 277 deletions
--- a/include/applets.src.h
+++ b/include/applets.src.h
@ -76,8 +76,6 @@ INSERT
 IF_TEST(APPLET_NOFORK([,  test, BB_DIR_USR_BIN, BB_SUID_DROP, test))
 IF_TEST(APPLET_NOFORK([[, test, BB_DIR_USR_BIN, BB_SUID_DROP, test))
 IF_ACPID(APPLET(acpid, BB_DIR_SBIN, BB_SUID_DROP))
-IF_ADDGROUP(APPLET(addgroup, BB_DIR_USR_SBIN, BB_SUID_DROP))
-IF_ADDUSER(APPLET(adduser, BB_DIR_USR_SBIN, BB_SUID_DROP))
 IF_ADJTIMEX(APPLET(adjtimex, BB_DIR_SBIN, BB_SUID_DROP))
 IF_ARP(APPLET(arp, BB_DIR_SBIN, BB_SUID_DROP))
 IF_ARPING(APPLET(arping, BB_DIR_USR_SBIN, BB_SUID_DROP))
@ -94,7 +92,6 @@ IF_CHCON(APPLET(chcon, BB_DIR_USR_BIN, BB_SUID_DROP))
 IF_CHGRP(APPLET_NOEXEC(chgrp, chgrp, BB_DIR_BIN, BB_SUID_DROP, chgrp))
 IF_CHMOD(APPLET_NOEXEC(chmod, chmod, BB_DIR_BIN, BB_SUID_DROP, chmod))
 IF_CHOWN(APPLET_NOEXEC(chown, chown, BB_DIR_BIN, BB_SUID_DROP, chown))
-IF_CHPASSWD(APPLET(chpasswd, BB_DIR_USR_SBIN, BB_SUID_DROP))
 IF_CHROOT(APPLET(chroot, BB_DIR_USR_SBIN, BB_SUID_DROP))
 IF_CHRT(APPLET(chrt, BB_DIR_USR_BIN, BB_SUID_DROP))
 IF_CHVT(APPLET(chvt, BB_DIR_USR_BIN, BB_SUID_DROP))
@ -104,13 +101,10 @@ IF_COMM(APPLET(comm, BB_DIR_USR_BIN, BB_SUID_DROP))
 IF_CP(APPLET_NOEXEC(cp, cp, BB_DIR_BIN, BB_SUID_DROP, cp))
 /* Needs to be run by root or be suid root - needs to change /var/spool/cron* files: */
 IF_CRONTAB(APPLET(crontab, BB_DIR_USR_BIN, BB_SUID_REQUIRE))
-IF_CRYPTPW(APPLET(cryptpw, BB_DIR_USR_BIN, BB_SUID_DROP))
 IF_CUT(APPLET_NOEXEC(cut, cut, BB_DIR_USR_BIN, BB_SUID_DROP, cut))
 IF_DC(APPLET(dc, BB_DIR_USR_BIN, BB_SUID_DROP))
 IF_DD(APPLET_NOEXEC(dd, dd, BB_DIR_BIN, BB_SUID_DROP, dd))
 IF_DEALLOCVT(APPLET(deallocvt, BB_DIR_USR_BIN, BB_SUID_DROP))
-IF_DELGROUP(APPLET_ODDNAME(delgroup, deluser, BB_DIR_USR_SBIN, BB_SUID_DROP, delgroup))
-IF_DELUSER(APPLET(deluser, BB_DIR_USR_SBIN, BB_SUID_DROP))
 IF_DEVFSD(APPLET(devfsd, BB_DIR_SBIN, BB_SUID_DROP))
 IF_DEVMEM(APPLET(devmem, BB_DIR_SBIN, BB_SUID_DROP))
 IF_DF(APPLET(df, BB_DIR_BIN, BB_SUID_DROP))
@ -160,7 +154,6 @@ IF_FUSER(APPLET(fuser, BB_DIR_USR_BIN, BB_SUID_DROP))
 IF_GETENFORCE(APPLET(getenforce, BB_DIR_USR_SBIN, BB_SUID_DROP))
 IF_GETOPT(APPLET(getopt, BB_DIR_BIN, BB_SUID_DROP))
 IF_GETSEBOOL(APPLET(getsebool, BB_DIR_USR_SBIN, BB_SUID_DROP))
-IF_GETTY(APPLET(getty, BB_DIR_SBIN, BB_SUID_DROP))
 IF_HD(APPLET_NOEXEC(hd, hexdump, BB_DIR_USR_BIN, BB_SUID_DROP, hd))
 IF_HDPARM(APPLET(hdparm, BB_DIR_SBIN, BB_SUID_DROP))
 IF_HEAD(APPLET_NOEXEC(head, head, BB_DIR_USR_BIN, BB_SUID_DROP, head))
@ -205,8 +198,6 @@ IF_LN(APPLET_NOEXEC(ln, ln, BB_DIR_BIN, BB_SUID_DROP, ln))
 IF_LOAD_POLICY(APPLET(load_policy, BB_DIR_USR_SBIN, BB_SUID_DROP))
 IF_LOADFONT(APPLET(loadfont, BB_DIR_USR_SBIN, BB_SUID_DROP))
 IF_LOADKMAP(APPLET(loadkmap, BB_DIR_SBIN, BB_SUID_DROP))
-/* Needs to be run by root or be suid root - needs to change uid and gid: */
-IF_LOGIN(APPLET(login, BB_DIR_BIN, BB_SUID_REQUIRE))
 IF_LOGNAME(APPLET_NOFORK(logname, logname, BB_DIR_USR_BIN, BB_SUID_DROP, logname))
 IF_LOSETUP(APPLET(losetup, BB_DIR_SBIN, BB_SUID_DROP))
 IF_LS(APPLET_NOEXEC(ls, ls, BB_DIR_BIN, BB_SUID_DROP, ls))
@ -228,7 +219,6 @@ IF_MKFS_MINIX(APPLET_ODDNAME(mkfs.minix, mkfs_minix, BB_DIR_SBIN, BB_SUID_DROP,
 IF_MKFS_REISER(APPLET_ODDNAME(mkfs.reiser, mkfs_reiser, BB_DIR_SBIN, BB_SUID_DROP, mkfs_reiser))
 IF_MKFS_VFAT(APPLET_ODDNAME(mkfs.vfat, mkfs_vfat, BB_DIR_SBIN, BB_SUID_DROP, mkfs_vfat))
 IF_MKNOD(APPLET_NOEXEC(mknod, mknod, BB_DIR_BIN, BB_SUID_DROP, mknod))
-IF_CRYPTPW(APPLET_ODDNAME(mkpasswd, cryptpw, BB_DIR_USR_BIN, BB_SUID_DROP, mkpasswd))
 IF_MKSWAP(APPLET(mkswap, BB_DIR_SBIN, BB_SUID_DROP))
 IF_MORE(APPLET(more, BB_DIR_BIN, BB_SUID_DROP))
 /* On full-blown systems, requires suid for user mounts.
@ -249,8 +239,6 @@ IF_NTPD(APPLET(ntpd, BB_DIR_USR_SBIN, BB_SUID_DROP))
 IF_OD(APPLET(od, BB_DIR_USR_BIN, BB_SUID_DROP))
 IF_OPENVT(APPLET(openvt, BB_DIR_USR_BIN, BB_SUID_DROP))
 //IF_PARSE(APPLET(parse, BB_DIR_USR_BIN, BB_SUID_DROP))
-/* Needs to be run by root or be suid root - needs to change /etc/{passwd,shadow}: */
-IF_PASSWD(APPLET(passwd, BB_DIR_USR_BIN, BB_SUID_REQUIRE))
 IF_PGREP(APPLET(pgrep, BB_DIR_USR_BIN, BB_SUID_DROP))
 IF_PIDOF(APPLET(pidof, BB_DIR_BIN, BB_SUID_DROP))
 IF_PIVOT_ROOT(APPLET(pivot_root, BB_DIR_SBIN, BB_SUID_DROP))
@ -308,9 +296,6 @@ IF_SPLIT(APPLET(split, BB_DIR_USR_BIN, BB_SUID_DROP))
 IF_STAT(APPLET(stat, BB_DIR_BIN, BB_SUID_DROP))
 IF_STRINGS(APPLET(strings, BB_DIR_USR_BIN, BB_SUID_DROP))
 IF_STTY(APPLET(stty, BB_DIR_BIN, BB_SUID_DROP))
-/* Needs to be run by root or be suid root - needs to change uid and gid: */
-IF_SU(APPLET(su, BB_DIR_BIN, BB_SUID_REQUIRE))
-IF_SULOGIN(APPLET(sulogin, BB_DIR_SBIN, BB_SUID_DROP))
 IF_SUM(APPLET(sum, BB_DIR_USR_BIN, BB_SUID_DROP))
 IF_SWAPONOFF(APPLET_ODDNAME(swapoff, swap_on_off, BB_DIR_SBIN, BB_SUID_DROP, swapoff))
 IF_SWAPONOFF(APPLET_ODDNAME(swapon, swap_on_off, BB_DIR_SBIN, BB_SUID_DROP, swapon))
@ -352,8 +337,6 @@ IF_USLEEP(APPLET_NOFORK(usleep, usleep, BB_DIR_BIN, BB_SUID_DROP, usleep))
 IF_UUDECODE(APPLET(uudecode, BB_DIR_USR_BIN, BB_SUID_DROP))
 IF_UUENCODE(APPLET(uuencode, BB_DIR_USR_BIN, BB_SUID_DROP))
 IF_VCONFIG(APPLET(vconfig, BB_DIR_SBIN, BB_SUID_DROP))
-/* Needs to be run by root or be suid root - needs to change uid and gid: */
-IF_VLOCK(APPLET(vlock, BB_DIR_USR_BIN, BB_SUID_REQUIRE))
 IF_VOLNAME(APPLET(volname, BB_DIR_USR_BIN, BB_SUID_DROP))
 IF_WATCH(APPLET(watch, BB_DIR_BIN, BB_SUID_DROP))
 IF_WATCHDOG(APPLET(watchdog, BB_DIR_SBIN, BB_SUID_DROP))
--- a/loginutils/Config.src
+++ b/loginutils/Config.src
@ -5,8 +5,6 @@

 menu "Login/Password Management Utilities"

-INSERT
-
 config FEATURE_SHADOWPASSWDS
 	bool "Support for shadow passwords"
 	default y
@ -93,239 +91,6 @@ config USE_BB_CRYPT_SHA
 	  With this option off, login will fail password check for any
 	  user which has password encrypted with these algorithms.

-config ADDUSER
-	bool "adduser"
-	default y
-	help
-	  Utility for creating a new user account.
-
-config FEATURE_ADDUSER_LONG_OPTIONS
-	bool "Enable long options"
-	default y
-	depends on ADDUSER && LONG_OPTS
-	help
-	  Support long options for the adduser applet.
-
-config FEATURE_CHECK_NAMES
-	bool "Enable sanity check on user/group names in adduser and addgroup"
-	default n
-	depends on ADDUSER || ADDGROUP
-	help
-	  Enable sanity check on user and group names in adduser and addgroup.
-	  To avoid problems, the user or group name should consist only of
-	  letters, digits, underscores, periods, at signs and dashes,
-	  and not start with a dash (as defined by IEEE Std 1003.1-2001).
-	  For compatibility with Samba machine accounts "$" is also supported
-	  at the end of the user or group name.
-
-config LAST_ID
-	int "Last valid uid or gid for adduser and addgroup"
-	depends on ADDUSER || ADDGROUP
-	default 60000
-	help
-	  Last valid uid or gid for adduser and addgroup
-
-config FIRST_SYSTEM_ID
-	int "First valid system uid or gid for adduser and addgroup"
-	depends on ADDUSER || ADDGROUP
-	range 0 LAST_ID
-	default 100
-	help
-	  First valid system uid or gid for adduser and addgroup
-
-config LAST_SYSTEM_ID
-	int "Last valid system uid or gid for adduser and addgroup"
-	depends on ADDUSER || ADDGROUP
-	range FIRST_SYSTEM_ID LAST_ID
-	default 999
-	help
-	  Last valid system uid or gid for adduser and addgroup
-
-config ADDGROUP
-	bool "addgroup"
-	default y
-	help
-	  Utility for creating a new group account.
-
-config FEATURE_ADDGROUP_LONG_OPTIONS
-	bool "Enable long options"
-	default y
-	depends on ADDGROUP && LONG_OPTS
-	help
-	  Support long options for the addgroup applet.
-
-config FEATURE_ADDUSER_TO_GROUP
-	bool "Support for adding users to groups"
-	default y
-	depends on ADDGROUP
-	help
-	  If  called  with two non-option arguments,
-	  addgroup will add an existing user to an
-	  existing group.
-
-config DELUSER
-	bool "deluser"
-	default y
-	help
-	  Utility for deleting a user account.
-
-config DELGROUP
-	bool "delgroup"
-	default y
-	help
-	  Utility for deleting a group account.
-
-config FEATURE_DEL_USER_FROM_GROUP
-	bool "Support for removing users from groups"
-	default y
-	depends on DELGROUP
-	help
-	  If called with two non-option arguments, deluser
-	  or delgroup will remove an user from a specified group.
-
-config GETTY
-	bool "getty"
-	default y
-	select FEATURE_SYSLOG
-	help
-	  getty lets you log in on a tty. It is normally invoked by init.
-
-	  Note that you can save a few bytes by disabling it and
-	  using login applet directly.
-	  If you need to reset tty attributes before calling login,
-	  this script approximates getty:
-
-	  exec </dev/$1 >/dev/$1 2>&1 || exit 1
-	  reset
-	  stty sane; stty ispeed 38400; stty ospeed 38400
-	  printf "%s login: " "`hostname`"
-	  read -r login
-	  exec /bin/login "$login"
-
-config LOGIN
-	bool "login"
-	default y
-	select FEATURE_SYSLOG
-	help
-	  login is used when signing onto a system.
-
-	  Note that Busybox binary must be setuid root for this applet to
-	  work properly.
-
-config LOGIN_SESSION_AS_CHILD
-	bool "Run logged in session in a child process"
-	default y if PAM
-	depends on LOGIN
-	help
-	  Run the logged in session in a child process.  This allows
-	  login to clean up things such as utmp entries or PAM sessions
-	  when the login session is complete.  If you use PAM, you
-	  almost always would want this to be set to Y, else PAM session
-	  will not be cleaned up.
-
-config LOGIN_SCRIPTS
-	bool "Support for login scripts"
-	depends on LOGIN
-	default y
-	help
-	  Enable this if you want login to execute $LOGIN_PRE_SUID_SCRIPT
-	  just prior to switching from root to logged-in user.
-
-config FEATURE_NOLOGIN
-	bool "Support for /etc/nologin"
-	default y
-	depends on LOGIN
-	help
-	  The file /etc/nologin is used by (some versions of) login(1).
-	  If it exists, non-root logins are prohibited.
-
-config FEATURE_SECURETTY
-	bool "Support for /etc/securetty"
-	default y
-	depends on LOGIN
-	help
-	  The file /etc/securetty is used by (some versions of) login(1).
-	  The file contains the device names of tty lines (one per line,
-	  without leading /dev/) on which root is allowed to login.
-
-config PASSWD
-	bool "passwd"
-	default y
-	select FEATURE_SYSLOG
-	help
-	  passwd changes passwords for user and group accounts. A normal user
-	  may only change the password for his/her own account, the super user
-	  may change the password for any account. The administrator of a group
-	  may change the password for the group.
-
-	  Note that Busybox binary must be setuid root for this applet to
-	  work properly.
-
-config FEATURE_PASSWD_WEAK_CHECK
-	bool "Check new passwords for weakness"
-	default y
-	depends on PASSWD
-	help
-	  With this option passwd will refuse new passwords which are "weak".
-
-config CRYPTPW
-	bool "cryptpw"
-	default y
-	help
-	  Encrypts the given password with the crypt(3) libc function
-	  using the given salt. Debian has this utility under mkpasswd
-	  name. Busybox provides mkpasswd as an alias for cryptpw.
-
-config CHPASSWD
-	bool "chpasswd"
-	default y
-	help
-	  Reads a file of user name and password pairs from standard input
-	  and uses this information to update a group of existing users.
-
-config FEATURE_DEFAULT_PASSWD_ALGO
-	string "Default password encryption method (passwd -a, cryptpw -m parameter)"
-	default "des"
-	depends on PASSWD || CRYPTPW
-	help
-	  Possible choices are "d[es]", "m[d5]", "s[ha256]" or "sha512".
-
-config SU
-	bool "su"
-	default y
-	select FEATURE_SYSLOG
-	help
-	  su is used to become another user during a login session.
-	  Invoked without a username, su defaults to becoming the super user.
-
-	  Note that Busybox binary must be setuid root for this applet to
-	  work properly.
-
-config FEATURE_SU_SYSLOG
-	bool "Enable su to write to syslog"
-	default y
-	depends on SU
-
-config FEATURE_SU_CHECKS_SHELLS
-	bool "Enable su to check user's shell to be listed in /etc/shells"
-	depends on SU
-	default y
-
-config SULOGIN
-	bool "sulogin"
-	default y
-	select FEATURE_SYSLOG
-	help
-	  sulogin is invoked when the system goes into single user
-	  mode (this is done through an entry in inittab).
-
-config VLOCK
-	bool "vlock"
-	default y
-	help
-	  Build the "vlock" applet which allows you to lock (virtual) terminals.
-
-	  Note that Busybox binary must be setuid root for this applet to
-	  work properly.
+INSERT

 endmenu
--- a/loginutils/Kbuild.src
+++ b/loginutils/Kbuild.src
@ -7,15 +7,3 @@
 lib-y:=

 INSERT
-lib-$(CONFIG_ADDGROUP)	+= addgroup.o
-lib-$(CONFIG_ADDUSER)	+= adduser.o
-lib-$(CONFIG_CRYPTPW)	+= cryptpw.o
-lib-$(CONFIG_CHPASSWD)	+= chpasswd.o
-lib-$(CONFIG_GETTY)	+= getty.o
-lib-$(CONFIG_LOGIN)	+= login.o
-lib-$(CONFIG_PASSWD)	+= passwd.o
-lib-$(CONFIG_SU)	+= su.o
-lib-$(CONFIG_SULOGIN)	+= sulogin.o
-lib-$(CONFIG_VLOCK)	+= vlock.o
-lib-$(CONFIG_DELUSER)	+= deluser.o
-lib-$(CONFIG_DELGROUP)	+= deluser.o
--- a/loginutils/add-remove-shell.c
+++ b/loginutils/add-remove-shell.c
@ -7,13 +7,6 @@
 * Licensed under GPLv2 or later, see the LICENSE file in this source tree
 * for details.
 */
-
-//applet:IF_ADD_SHELL(   APPLET_ODDNAME(add-shell   , add_remove_shell, BB_DIR_USR_SBIN, BB_SUID_DROP, add_shell   ))
-//applet:IF_REMOVE_SHELL(APPLET_ODDNAME(remove-shell, add_remove_shell, BB_DIR_USR_SBIN, BB_SUID_DROP, remove_shell))
-
-//kbuild:lib-$(CONFIG_ADD_SHELL)    += add-remove-shell.o
-//kbuild:lib-$(CONFIG_REMOVE_SHELL) += add-remove-shell.o
-
 //config:config ADD_SHELL
 //config:       bool "add-shell"
 //config:       default y if DESKTOP
@ -26,6 +19,12 @@
 //config:       help
 //config:         Remove shells from /etc/shells.

+//applet:IF_ADD_SHELL(   APPLET_ODDNAME(add-shell   , add_remove_shell, BB_DIR_USR_SBIN, BB_SUID_DROP, add_shell   ))
+//applet:IF_REMOVE_SHELL(APPLET_ODDNAME(remove-shell, add_remove_shell, BB_DIR_USR_SBIN, BB_SUID_DROP, remove_shell))
+
+//kbuild:lib-$(CONFIG_ADD_SHELL)    += add-remove-shell.o
+//kbuild:lib-$(CONFIG_REMOVE_SHELL) += add-remove-shell.o
+
 //usage:#define add_shell_trivial_usage
 //usage:       "SHELL..."
 //usage:#define add_shell_full_usage "\n\n"
--- a/loginutils/addgroup.c
+++ b/loginutils/addgroup.c
@ -9,6 +9,31 @@
 * Licensed under GPLv2 or later, see file LICENSE in this source tree.
 *
 */
+//config:config ADDGROUP
+//config:	bool "addgroup"
+//config:	default y
+//config:	help
+//config:	  Utility for creating a new group account.
+//config:
+//config:config FEATURE_ADDGROUP_LONG_OPTIONS
+//config:	bool "Enable long options"
+//config:	default y
+//config:	depends on ADDGROUP && LONG_OPTS
+//config:	help
+//config:	  Support long options for the addgroup applet.
+//config:
+//config:config FEATURE_ADDUSER_TO_GROUP
+//config:	bool "Support for adding users to groups"
+//config:	default y
+//config:	depends on ADDGROUP
+//config:	help
+//config:	  If  called  with two non-option arguments,
+//config:	  addgroup will add an existing user to an
+//config:	  existing group.
+
+//applet:IF_ADDGROUP(APPLET(addgroup, BB_DIR_USR_SBIN, BB_SUID_DROP))
+
+//kbuild:lib-$(CONFIG_ADDGROUP) += addgroup.o

 //usage:#define addgroup_trivial_usage
 //usage:       "[-g GID] [-S] " IF_FEATURE_ADDUSER_TO_GROUP("[USER] ") "GROUP"
--- a/loginutils/adduser.c
+++ b/loginutils/adduser.c
@ -7,6 +7,57 @@
 *
 * Licensed under GPLv2 or later, see file LICENSE in this source tree.
 */
+//config:config ADDUSER
+//config:	bool "adduser"
+//config:	default y
+//config:	help
+//config:	  Utility for creating a new user account.
+//config:
+//config:config FEATURE_ADDUSER_LONG_OPTIONS
+//config:	bool "Enable long options"
+//config:	default y
+//config:	depends on ADDUSER && LONG_OPTS
+//config:	help
+//config:	  Support long options for the adduser applet.
+//config:
+//config:config FEATURE_CHECK_NAMES
+//config:	bool "Enable sanity check on user/group names in adduser and addgroup"
+//config:	default n
+//config:	depends on ADDUSER || ADDGROUP
+//config:	help
+//config:	  Enable sanity check on user and group names in adduser and addgroup.
+//config:	  To avoid problems, the user or group name should consist only of
+//config:	  letters, digits, underscores, periods, at signs and dashes,
+//config:	  and not start with a dash (as defined by IEEE Std 1003.1-2001).
+//config:	  For compatibility with Samba machine accounts "$" is also supported
+//config:	  at the end of the user or group name.
+//config:
+//config:config LAST_ID
+//config:	int "Last valid uid or gid for adduser and addgroup"
+//config:	depends on ADDUSER || ADDGROUP
+//config:	default 60000
+//config:	help
+//config:	  Last valid uid or gid for adduser and addgroup
+//config:
+//config:config FIRST_SYSTEM_ID
+//config:	int "First valid system uid or gid for adduser and addgroup"
+//config:	depends on ADDUSER || ADDGROUP
+//config:	range 0 LAST_ID
+//config:	default 100
+//config:	help
+//config:	  First valid system uid or gid for adduser and addgroup
+//config:
+//config:config LAST_SYSTEM_ID
+//config:	int "Last valid system uid or gid for adduser and addgroup"
+//config:	depends on ADDUSER || ADDGROUP
+//config:	range FIRST_SYSTEM_ID LAST_ID
+//config:	default 999
+//config:	help
+//config:	  Last valid system uid or gid for adduser and addgroup
+
+//applet:IF_ADDUSER(APPLET(adduser, BB_DIR_USR_SBIN, BB_SUID_DROP))
+
+//kbuild:lib-$(CONFIG_ADDUSER) += adduser.o

 //usage:#define adduser_trivial_usage
 //usage:       "[OPTIONS] USER [GROUP]"
--- a/loginutils/chpasswd.c
+++ b/loginutils/chpasswd.c
@ -5,7 +5,23 @@
 * Written for SLIND (from passwd.c) by Alexander Shishkin <virtuoso@slind.org>
 * Licensed under GPLv2 or later, see file LICENSE in this source tree.
 */
-#include "libbb.h"
+//config:config CHPASSWD
+//config:	bool "chpasswd"
+//config:	default y
+//config:	help
+//config:	  Reads a file of user name and password pairs from standard input
+//config:	  and uses this information to update a group of existing users.
+//config:
+//config:config FEATURE_DEFAULT_PASSWD_ALGO
+//config:	string "Default password encryption method (passwd -a, cryptpw -m parameter)"
+//config:	default "des"
+//config:	depends on PASSWD || CRYPTPW
+//config:	help
+//config:	  Possible choices are "d[es]", "m[d5]", "s[ha256]" or "sha512".
+
+//applet:IF_CHPASSWD(APPLET(chpasswd, BB_DIR_USR_SBIN, BB_SUID_DROP))
+
+//kbuild:lib-$(CONFIG_CHPASSWD) += chpasswd.o

 //usage:#define chpasswd_trivial_usage
 //usage:	IF_LONG_OPTS("[--md5|--encrypted]") IF_NOT_LONG_OPTS("[-m|-e]")
@ -22,6 +38,8 @@

 //TODO: implement -c ALGO

+#include "libbb.h"
+
 #if ENABLE_LONG_OPTS
 static const char chpasswd_longopts[] ALIGN1 =
 	"encrypted\0" No_argument "e"
--- a/loginutils/cryptpw.c
+++ b/loginutils/cryptpw.c
@ -9,6 +9,18 @@
 *
 * Licensed under GPLv2, see file LICENSE in this source tree.
 */
+//config:config CRYPTPW
+//config:	bool "cryptpw"
+//config:	default y
+//config:	help
+//config:	  Encrypts the given password with the crypt(3) libc function
+//config:	  using the given salt. Debian has this utility under mkpasswd
+//config:	  name. Busybox provides mkpasswd as an alias for cryptpw.
+
+//applet:IF_CRYPTPW(APPLET(cryptpw, BB_DIR_USR_BIN, BB_SUID_DROP))
+//applet:IF_CRYPTPW(APPLET_ODDNAME(mkpasswd, cryptpw, BB_DIR_USR_BIN, BB_SUID_DROP, mkpasswd))
+
+//kbuild:lib-$(CONFIG_CRYPTPW) += cryptpw.o

 //usage:#define cryptpw_trivial_usage
 //usage:       "[OPTIONS] [PASSWORD] [SALT]"
--- a/loginutils/deluser.c
+++ b/loginutils/deluser.c
@ -7,8 +7,32 @@
 * Copyright (C) 2007 by Tito Ragusa <farmatito@tiscali.it>
 *
 * Licensed under GPLv2, see file LICENSE in this source tree.
- *
 */
+//config:config DELUSER
+//config:	bool "deluser"
+//config:	default y
+//config:	help
+//config:	  Utility for deleting a user account.
+//config:
+//config:config DELGROUP
+//config:	bool "delgroup"
+//config:	default y
+//config:	help
+//config:	  Utility for deleting a group account.
+//config:
+//config:config FEATURE_DEL_USER_FROM_GROUP
+//config:	bool "Support for removing users from groups"
+//config:	default y
+//config:	depends on DELGROUP
+//config:	help
+//config:	  If called with two non-option arguments, deluser
+//config:	  or delgroup will remove an user from a specified group.
+
+//applet:IF_DELUSER(APPLET(deluser, BB_DIR_USR_SBIN, BB_SUID_DROP))
+//applet:IF_DELGROUP(APPLET_ODDNAME(delgroup, deluser, BB_DIR_USR_SBIN, BB_SUID_DROP, delgroup))
+
+//kbuild:lib-$(CONFIG_DELUSER) += deluser.o
+//kbuild:lib-$(CONFIG_DELGROUP) += deluser.o

 //usage:#define deluser_trivial_usage
 //usage:       IF_LONG_OPTS("[--remove-home] ") "USER"
--- a/loginutils/getty.c
+++ b/loginutils/getty.c
@ -21,6 +21,28 @@
 *
 * Licensed under GPLv2 or later, see file LICENSE in this source tree.
 */
+//config:config GETTY
+//config:	bool "getty"
+//config:	default y
+//config:	select FEATURE_SYSLOG
+//config:	help
+//config:	  getty lets you log in on a tty. It is normally invoked by init.
+//config:
+//config:	  Note that you can save a few bytes by disabling it and
+//config:	  using login applet directly.
+//config:	  If you need to reset tty attributes before calling login,
+//config:	  this script approximates getty:
+//config:
+//config:	  exec </dev/$1 >/dev/$1 2>&1 || exit 1
+//config:	  reset
+//config:	  stty sane; stty ispeed 38400; stty ospeed 38400
+//config:	  printf "%s login: " "`hostname`"
+//config:	  read -r login
+//config:	  exec /bin/login "$login"
+
+//applet:IF_GETTY(APPLET(getty, BB_DIR_SBIN, BB_SUID_DROP))
+
+//kbuild:lib-$(CONFIG_GETTY) += getty.o

 #include "libbb.h"
 #include <syslog.h>
--- a/loginutils/login.c
+++ b/loginutils/login.c
@ -2,6 +2,56 @@
 /*
 * Licensed under GPLv2 or later, see file LICENSE in this source tree.
 */
+//config:config LOGIN
+//config:	bool "login"
+//config:	default y
+//config:	select FEATURE_SYSLOG
+//config:	help
+//config:	  login is used when signing onto a system.
+//config:
+//config:	  Note that Busybox binary must be setuid root for this applet to
+//config:	  work properly.
+//config:
+//config:config LOGIN_SESSION_AS_CHILD
+//config:	bool "Run logged in session in a child process"
+//config:	default y if PAM
+//config:	depends on LOGIN
+//config:	help
+//config:	  Run the logged in session in a child process.  This allows
+//config:	  login to clean up things such as utmp entries or PAM sessions
+//config:	  when the login session is complete.  If you use PAM, you
+//config:	  almost always would want this to be set to Y, else PAM session
+//config:	  will not be cleaned up.
+//config:
+//config:config LOGIN_SCRIPTS
+//config:	bool "Support for login scripts"
+//config:	depends on LOGIN
+//config:	default y
+//config:	help
+//config:	  Enable this if you want login to execute $LOGIN_PRE_SUID_SCRIPT
+//config:	  just prior to switching from root to logged-in user.
+//config:
+//config:config FEATURE_NOLOGIN
+//config:	bool "Support for /etc/nologin"
+//config:	default y
+//config:	depends on LOGIN
+//config:	help
+//config:	  The file /etc/nologin is used by (some versions of) login(1).
+//config:	  If it exists, non-root logins are prohibited.
+//config:
+//config:config FEATURE_SECURETTY
+//config:	bool "Support for /etc/securetty"
+//config:	default y
+//config:	depends on LOGIN
+//config:	help
+//config:	  The file /etc/securetty is used by (some versions of) login(1).
+//config:	  The file contains the device names of tty lines (one per line,
+//config:	  without leading /dev/) on which root is allowed to login.
+
+//applet:/* Needs to be run by root or be suid root - needs to change uid and gid: */
+//applet:IF_LOGIN(APPLET(login, BB_DIR_BIN, BB_SUID_REQUIRE))
+
+//kbuild:lib-$(CONFIG_LOGIN) += login.o

 //usage:#define login_trivial_usage
 //usage:       "[-p] [-h HOST] [[-f] USER]"
--- a/loginutils/passwd.c
+++ b/loginutils/passwd.c
@ -2,6 +2,30 @@
 /*
 * Licensed under GPLv2 or later, see file LICENSE in this source tree.
 */
+//config:config PASSWD
+//config:	bool "passwd"
+//config:	default y
+//config:	select FEATURE_SYSLOG
+//config:	help
+//config:	  passwd changes passwords for user and group accounts. A normal user
+//config:	  may only change the password for his/her own account, the super user
+//config:	  may change the password for any account. The administrator of a group
+//config:	  may change the password for the group.
+//config:
+//config:	  Note that Busybox binary must be setuid root for this applet to
+//config:	  work properly.
+//config:
+//config:config FEATURE_PASSWD_WEAK_CHECK
+//config:	bool "Check new passwords for weakness"
+//config:	default y
+//config:	depends on PASSWD
+//config:	help
+//config:	  With this option passwd will refuse new passwords which are "weak".
+
+//applet:/* Needs to be run by root or be suid root - needs to change /etc/{passwd,shadow}: */
+//applet:IF_PASSWD(APPLET(passwd, BB_DIR_USR_BIN, BB_SUID_REQUIRE))
+
+//kbuild:lib-$(CONFIG_PASSWD) += passwd.o

 //usage:#define passwd_trivial_usage
 //usage:       "[OPTIONS] [USER]"
--- a/loginutils/su.c
+++ b/loginutils/su.c
@ -4,9 +4,31 @@
 *
 * Licensed under GPLv2 or later, see file LICENSE in this source tree.
 */
+//config:config SU
+//config:	bool "su"
+//config:	default y
+//config:	select FEATURE_SYSLOG
+//config:	help
+//config:	  su is used to become another user during a login session.
+//config:	  Invoked without a username, su defaults to becoming the super user.
+//config:
+//config:	  Note that Busybox binary must be setuid root for this applet to
+//config:	  work properly.
+//config:
+//config:config FEATURE_SU_SYSLOG
+//config:	bool "Enable su to write to syslog"
+//config:	default y
+//config:	depends on SU
+//config:
+//config:config FEATURE_SU_CHECKS_SHELLS
+//config:	bool "Enable su to check user's shell to be listed in /etc/shells"
+//config:	depends on SU
+//config:	default y

-#include "libbb.h"
-#include <syslog.h>
+//applet:/* Needs to be run by root or be suid root - needs to change uid and gid: */
+//applet:IF_SU(APPLET(su, BB_DIR_BIN, BB_SUID_REQUIRE))
+
+//kbuild:lib-$(CONFIG_SU) += su.o

 //usage:#define su_trivial_usage
 //usage:       "[OPTIONS] [-] [USER]"
@ -17,6 +39,9 @@
 //usage:     "\n	-c CMD	Command to pass to 'sh -c'"
 //usage:     "\n	-s SH	Shell to use instead of user's default"

+#include "libbb.h"
+#include <syslog.h>
+
 #if ENABLE_FEATURE_SU_CHECKS_SHELLS
 /* Return 1 if SHELL is a restricted shell (one not returned by
 * getusershell), else 0, meaning it is a standard shell.  */
--- a/loginutils/sulogin.c
+++ b/loginutils/sulogin.c
@ -4,6 +4,18 @@
 *
 * Licensed under GPLv2 or later, see file LICENSE in this source tree.
 */
+//config:config SULOGIN
+//config:	bool "sulogin"
+//config:	default y
+//config:	select FEATURE_SYSLOG
+//config:	help
+//config:	  sulogin is invoked when the system goes into single user
+//config:	  mode (this is done through an entry in inittab).
+
+//applet:/* Needs to be run by root or be suid root - needs to change uid and gid: */
+//applet:IF_SULOGIN(APPLET(sulogin, BB_DIR_SBIN, BB_SUID_DROP))
+
+//kbuild:lib-$(CONFIG_SULOGIN) += sulogin.o

 //usage:#define sulogin_trivial_usage
 //usage:       "[-t N] [TTY]"
--- a/loginutils/vlock.c
+++ b/loginutils/vlock.c
@ -13,7 +13,21 @@
 * minimalistic vlock.
 */
 /* Fixed by Erik Andersen to do passwords the tinylogin way...
- * It now works with md5, sha1, etc passwords. */
+ * It now works with md5, sha1, etc passwords.
+ */
+//config:config VLOCK
+//config:	bool "vlock"
+//config:	default y
+//config:	help
+//config:	  Build the "vlock" applet which allows you to lock (virtual) terminals.
+//config:
+//config:	  Note that Busybox binary must be setuid root for this applet to
+//config:	  work properly.
+
+//applet:/* Needs to be run by root or be suid root - needs to change uid and gid: */
+//applet:IF_VLOCK(APPLET(vlock, BB_DIR_USR_BIN, BB_SUID_REQUIRE))
+
+//kbuild:lib-$(CONFIG_VLOCK) += vlock.o

 //usage:#define vlock_trivial_usage
 //usage:       "[-a]"