release 4.14.0

Signed-off-by: Serge Hallyn <serge@hallyn.com>

.github/workflows/runner.yml

@@ -52,6 +52,38 @@ jobs:
         sudo ./run_some
         cat testsuite.log
 
+  # Make sure that 'make dist' makes a usable tarball with no missing files
+  dist-build:
+    runs-on: ubuntu-latest
+    steps:
+    - name: Checkout repository
+      uses: actions/checkout@v3
+
+    - name: Install dependencies
+      run: |
+        sudo cat /etc/apt/sources.list
+        sudo sed -i '/deb-src/d' /etc/apt/sources.list
+        sudo sed -i '/^deb /p;s/ /-src /' /etc/apt/sources.list
+        export DEBIAN_PRIORITY=critical
+        export DEBIAN_FRONTEND=noninteractive
+        # let's try to work around upgrade breakage in a pkg we don't care about
+        sudo apt-mark hold grub-efi-amd64-bin grub-efi-amd64-signed
+        sudo apt-get update
+        sudo apt-get -y dist-upgrade
+        sudo apt-get -y install ubuntu-dev-tools automake autopoint xsltproc gettext expect byacc libtool libbsd-dev pkgconf
+        sudo apt-get -y build-dep shadow
+
+    - name: Test make dist
+      run: |
+        ./autogen.sh
+        make dist
+        f=shadow-*.tar.gz
+        tar -zxf $f
+        d=$(basename $f .tar.gz)
+        cd $d
+        ./configure
+        make -j5
+
   container-build:
     runs-on: ubuntu-latest
     strategy:

autogen.sh

@@ -4,6 +4,7 @@ autoreconf -v -f --install || exit 1
 
 ./configure \
 	CFLAGS="-O2 -Wall" \
+	--enable-lastlog \
 	--enable-man \
 	--enable-maintainer-mode \
 	--enable-shared \

configure.ac

@@ -4,7 +4,7 @@ m4_define([libsubid_abi_major], 4)
 m4_define([libsubid_abi_minor], 0)
 m4_define([libsubid_abi_micro], 0)
 m4_define([libsubid_abi], [libsubid_abi_major.libsubid_abi_minor.libsubid_abi_micro])
-AC_INIT([shadow], [4.14.0-rc1], [pkg-shadow-devel@lists.alioth.debian.org], [],
+AC_INIT([shadow], [4.14.0], [pkg-shadow-devel@lists.alioth.debian.org], [],
 	[https://github.com/shadow-maint/shadow])
 AM_INIT_AUTOMAKE([1.11 foreign dist-xz])
 AC_CONFIG_MACRO_DIRS([m4])
@@ -267,6 +267,9 @@ AC_ARG_WITH(group-name-max-length,
 AC_ARG_WITH(su,
 	[AS_HELP_STRING([--with-su], [build and install su program and man page @<:@default=yes@:>@])],
 	[with_su=$withval], [with_su=yes])
+AC_ARG_WITH(libbsd,
+	[AS_HELP_STRING([--with-libbsd], [use libbsd support @<:@default=yes if found@:>@])],
+	[with_libbsd=$withval], [with_libbsd=yes])
 
 if test "$with_group_name_max_length" = "no" ; then
 	with_group_name_max_length=0
@@ -412,20 +415,28 @@ AC_SUBST(LIYESCRYPT)
 AC_CHECK_LIB(crypt, crypt, [LIYESCRYPT=-lcrypt],
 	[AC_MSG_ERROR([crypt() not found])])
 
-AC_SEARCH_LIBS([readpassphrase], [bsd], [], [
-	AC_MSG_ERROR([readpassphrase() is missing, either from libc or libbsd])
-])
-AS_IF([test "$ac_cv_search_readpassphrase" = "-lbsd"], [
-	PKG_CHECK_MODULES([LIBBSD], [libbsd-overlay])
-])
-dnl Make sure either the libc or libbsd provide the header.
-save_CFLAGS="$CFLAGS"
-CFLAGS="$CFLAGS $LIBBSD_CFLAGS"
-AC_CHECK_HEADERS([readpassphrase.h])
-AS_IF([test "$ac_cv_header_readpassphrase_h" != "yes"], [
-	AC_MSG_ERROR([readpassphrase.h is missing])
-])
-CFLAGS="$save_CFLAGS"
+AC_SUBST(LIBBSD)
+if test "$with_libbsd" != "no"; then
+	AC_SEARCH_LIBS([readpassphrase], [bsd], [], [
+		AC_MSG_ERROR([readpassphrase() is missing, either from libc or libbsd])
+	])
+	AS_IF([test "$ac_cv_search_readpassphrase" = "-lbsd"], [
+		PKG_CHECK_MODULES([LIBBSD], [libbsd-overlay])
+	])
+	dnl Make sure either the libc or libbsd provide the header.
+	save_CFLAGS="$CFLAGS"
+	CFLAGS="$CFLAGS $LIBBSD_CFLAGS"
+	AC_CHECK_HEADERS([readpassphrase.h])
+	AS_IF([test "$ac_cv_header_readpassphrase_h" != "yes"], [
+		AC_MSG_ERROR([readpassphrase.h is missing])
+	])
+	CFLAGS="$save_CFLAGS"
+	AC_DEFINE(WITH_LIBBSD, 1, [Build shadow with libbsd support])
+else
+	AC_DEFINE(WITH_LIBBSD, 0, [Build shadow without libbsd support])
+	AC_CHECK_FUNC(strlcpy, [], [AC_MSG_ERROR([strlcpy is required from glibc >= 2.38 or libbsd])])
+fi
+AM_CONDITIONAL(WITH_LIBBSD, test x$with_libbsd = xyes)
 
 AC_SUBST(LIBACL)
 if test "$with_acl" != "no"; then
@@ -750,6 +761,7 @@ AC_CONFIG_FILES([
 	contrib/Makefile
 	etc/Makefile
 	etc/pam.d/Makefile
+	etc/shadow-maint/Makefile
 	shadow.spec
 ])
 AC_OUTPUT

docs/index.html

@@ -1,15 +0,0 @@
-<head>
-<title>shadow - Welcome</title>
-</head>
-<body>
-<h2> Welcome!</h2>
-<p> This is the shadow tool suite home page. </p>
-
-<p>
-You can find releases <a href="https://github.com/shadow-maint/shadow/releases">here</a>.
-</p>
-
-<p>
-Raise issues, request features, and report bugs <a href="https://github.com/shadow-maint/shadow/issues">here</a>.
-</p>
-</body>

etc/Makefile.am

@@ -20,4 +20,4 @@ EXTRA_DIST = \
 	$(sysconf_DATA) \
 	$(default_DATA)
 
-SUBDIRS = pam.d
+SUBDIRS = pam.d shadow-maint

etc/shadow-maint/Makefile.am

@@ -0,0 +1,5 @@
+shadowmaint_files = \
+	groupdel-pre.d/01-kill_group_procs.sh \
+	userdel-pre.d/01-kill_user_procs.sh
+
+EXTRA_DIST = $(shadowmaint_files)

lib/Makefile.am

@@ -66,7 +66,8 @@ libshadow_la_SOURCES = \
 	shadowio.c \
 	shadowio.h \
 	shadowmem.c \
-	spawn.c
+	spawn.c \
+	write_full.c
 
 if WITH_TCB
 libshadow_la_SOURCES += tcbfuncs.c tcbfuncs.h

lib/commonio.c

@@ -140,7 +140,7 @@ static int do_lock_file (const char *file, const char *lock, bool log)
 	pid = getpid ();
 	snprintf (buf, sizeof buf, "%lu", (unsigned long) pid);
 	len = (ssize_t) strlen (buf) + 1;
-	if (write (fd, buf, (size_t) len) != len) {
+	if (write_full (fd, buf, (size_t) len) != len) {
 		if (log) {
 			(void) fprintf (shadow_logfd,
 			                "%s: %s file write error: %s\n",

lib/prototypes.h

@@ -526,6 +526,9 @@ extern unsigned long active_sessions_count(const char *name,
 /* valid.c */
 extern bool valid (const char *, const struct passwd *);
 
+/* write_full.c */
+extern ssize_t write_full(int fd, const void *buf, size_t count);
+
 /* xgetpwnam.c */
 extern /*@null@*/ /*@only@*/struct passwd *xgetpwnam (const char *);
 /* xprefix_getpwnam.c */

lib/write_full.c

@@ -0,0 +1,52 @@
+/*
+ * SPDX-FileCopyrightText:  2023, Christian Göttsche <cgzones@googlemail.com>
+ *
+ * SPDX-License-Identifier:  BSD-3-Clause
+ */
+
+
+#include <config.h>
+
+#ident "$Id$"
+
+#include "prototypes.h"
+
+#include <errno.h>
+#include <unistd.h>
+
+
+/*
+ * write_full - write entire buffer
+ *
+ * Write up to count bytes from the buffer starting at buf to the
+ * file referred to by the file descriptor fd.
+ * Retry in case of a short write.
+ *
+ * Returns the number of bytes written on success, -1 on error.
+ */
+ssize_t write_full(int fd, const void *buf, size_t count) {
+	ssize_t written = 0;
+
+	while (count > 0) {
+		ssize_t res;
+
+		res = write(fd, buf, count);
+		if (res < 0) {
+			if (errno == EINTR) {
+				continue;
+			}
+
+			return res;
+		}
+
+		if (res == 0) {
+			break;
+		}
+
+		written += res;
+		buf = (const unsigned char*)buf + res;
+		count -= res;
+	}
+
+	return written;
+}

libmisc/Makefile.am

@@ -17,9 +17,11 @@ libmisc_la_SOURCES = \
 	age.c \
 	agetpass.c \
 	alloc.c \
+	../lib/alloc.h \
 	audit_help.c \
 	basename.c \
 	bit.c \
+	../lib/bit.h \
 	chkname.c \
 	chkname.h \
 	chowndir.c \
@@ -70,7 +72,9 @@ libmisc_la_SOURCES = \
 	setupenv.c \
 	shell.c \
 	stpecpy.c \
+	../lib/stpecpy.h \
 	stpeprintf.c \
+	../lib/stpeprintf.h \
 	strtoday.c \
 	sub.c \
 	sulog.c \
@@ -100,3 +104,11 @@ libmisc_la_SOURCES += logind.c
 else
 libmisc_la_SOURCES += utmp.c
 endif
+
+if !WITH_LIBBSD
+libmisc_la_SOURCES += \
+	freezero.h \
+	freezero.c \
+	readpassphrase.h \
+	readpassphrase.c
+endif

libmisc/agetpass.c

@@ -18,6 +18,10 @@
 #include "alloc.h"
 #include "prototypes.h"
 
+#if WITH_LIBBSD == 0
+#include "freezero.h"
+#endif /* WITH_LIBBSD */
+
 
 #if !defined(PASS_MAX)
 #define PASS_MAX  BUFSIZ - 1

libmisc/copydir.c

@@ -740,42 +740,6 @@ static int copy_special (const struct path_info *src, const struct path_info *ds
 	return err;
 }
 
-/*
- * full_write - write entire buffer
- *
- * Write up to count bytes from the buffer starting at buf to the
- * file referred to by the file descriptor fd.
- * Retry in case of a short write.
- *
- * Returns the number of bytes written on success, -1 on error.
- */
-static ssize_t full_write(int fd, const void *buf, size_t count) {
-	ssize_t written = 0;
-
-	while (count > 0) {
-		ssize_t res;
-
-		res = write(fd, buf, count);
-		if (res < 0) {
-			if (errno == EINTR) {
-				continue;
-			}
-
-			return res;
-		}
-
-		if (res == 0) {
-			break;
-		}
-
-		written += res;
-		buf = (const unsigned char*)buf + res;
-		count -= res;
-	}
-
-	return written;
-}
-
 /*
  * copy_file - copy a file
  *
@@ -852,7 +816,7 @@ static int copy_file (const struct path_info *src, const struct path_info *dst,
 			break;
 		}
 
-		if (full_write (ofd, buf, cnt) < 0) {
+		if (write_full (ofd, buf, cnt) < 0) {
 			(void) close (ofd);
 			(void) close (ifd);
 			return -1;

libmisc/failure.c

@@ -17,6 +17,7 @@
 #include "defines.h"
 #include "faillog.h"
 #include "failure.h"
+#include "prototypes.h"
 #define	YEAR	(365L*DAY)
 /*
  * failure - make failure entry
@@ -85,7 +86,7 @@ void failure (uid_t uid, const char *tty, struct faillog *fl)
 	 */
 
 	if (   (lseek (fd, offset_uid, SEEK_SET) != offset_uid)
-	    || (write (fd, fl, sizeof *fl) != (ssize_t) sizeof *fl)
+	    || (write_full (fd, fl, sizeof *fl) != (ssize_t) sizeof *fl)
 	    || (close (fd) != 0)) {
 		SYSLOG ((LOG_WARN,
 		         "Can't write faillog entry for UID %lu in %s.",
@@ -184,7 +185,7 @@ int failcheck (uid_t uid, struct faillog *fl, bool failed)
 		fail.fail_cnt = 0;
 
 		if (   (lseek (fd, offset_uid, SEEK_SET) != offset_uid)
-		    || (write (fd, &fail, sizeof fail) != (ssize_t) sizeof fail)
+		    || (write_full (fd, &fail, sizeof fail) != (ssize_t) sizeof fail)
 		    || (close (fd) != 0)) {
 			SYSLOG ((LOG_WARN,
 			         "Can't reset faillog entry for UID %lu in %s.",

libmisc/freezero.c

@@ -0,0 +1,30 @@
+/*	$OpenBSD: malloc.c,v 1.267 2020/11/23 15:42:11 otto Exp $	*/
+/*
+ * Copyright (c) 2008, 2010, 2011, 2016 Otto Moerbeek <otto@drijf.net>
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ */
+
+#include <stdlib.h>
+#include <string.h>
+
+void
+freezero(void *ptr, size_t sz)
+{
+	/* This is legal. */
+	if (ptr == NULL)
+		return;
+
+	explicit_bzero(ptr, sz);
+	free(ptr);
+}

libmisc/freezero.h

@@ -0,0 +1,34 @@
+/*
+ * Copyright © 2005 Aurelien Jarno
+ * Copyright © 2006 Robert Millan
+ * Copyright © 2008-2011 Guillem Jover <guillem@hadrons.org>
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. The name of the author may not be used to endorse or promote products
+ *    derived from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
+ * INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
+ * AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL
+ * THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+ * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS;
+ * OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+ * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
+ * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
+ * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#ifndef LIBBSD_FREEZERO_H
+#define LIBBSD_FREEZERO_H
+
+void freezero(void *ptr, size_t size);
+
+#endif

libmisc/idmapping.c

@@ -215,7 +215,7 @@ void write_mapping(int proc_dir_fd, int ranges, const struct map_range *mappings
 			log_get_progname(), map_file, strerror(errno));
 		exit(EXIT_FAILURE);
 	}
-	if (write(fd, buf, pos - buf) != (pos - buf)) {
+	if (write_full(fd, buf, pos - buf) != (pos - buf)) {
 		fprintf(log_get_logfd(), _("%s: write to %s failed: %s\n"),
 			log_get_progname(), map_file, strerror(errno));
 		exit(EXIT_FAILURE);

libmisc/log.c

@@ -82,7 +82,7 @@ void dolastlog (
 	strncpy (newlog.ll_host, host, sizeof (newlog.ll_host) - 1);
 #endif
 	if (   (lseek (fd, offset, SEEK_SET) != offset)
-	    || (write (fd, &newlog, sizeof newlog) != (ssize_t) sizeof newlog)
+	    || (write_full (fd, &newlog, sizeof newlog) != (ssize_t) sizeof newlog)
 	    || (close (fd) != 0)) {
 		SYSLOG ((LOG_WARN,
 		         "Can't write lastlog entry for UID %lu in %s.",

libmisc/obscure.c

@@ -24,6 +24,11 @@
 #include "prototypes.h"
 #include "defines.h"
 #include "getdef.h"
+
+#if WITH_LIBBSD == 0
+#include "freezero.h"
+#endif /* WITH_LIBBSD */
+
 /*
  * can't be a palindrome - like `R A D A R' or `M A D A M'
  */

libmisc/readpassphrase.c

@@ -0,0 +1,198 @@
+/*	$OpenBSD: readpassphrase.c,v 1.26 2016/10/18 12:47:18 millert Exp $	*/
+
+/*
+ * Copyright (c) 2000-2002, 2007, 2010
+ *	Todd C. Miller <Todd.Miller@courtesan.com>
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ *
+ * Sponsored in part by the Defense Advanced Research Projects
+ * Agency (DARPA) and Air Force Research Laboratory, Air Force
+ * Materiel Command, USAF, under agreement number F39502-99-1-0512.
+ */
+
+#include <ctype.h>
+#include <errno.h>
+#include <fcntl.h>
+#include <paths.h>
+#include <pwd.h>
+#include <signal.h>
+#include <string.h>
+#include <termios.h>
+#include <unistd.h>
+#include <readpassphrase.h>
+
+#ifndef TCSASOFT
+#define TCSASOFT 0
+#endif
+
+#ifndef _NSIG
+#if defined(NSIG)
+#define _NSIG NSIG
+#else
+/* The SIGRTMAX define might be set to a function such as sysconf(). */
+#define _NSIG (SIGRTMAX + 1)
+#endif
+#endif
+
+static volatile sig_atomic_t signo[_NSIG];
+
+static void handler(int);
+
+char *
+readpassphrase(const char *prompt, char *buf, size_t bufsiz, int flags)
+{
+	ssize_t nr;
+	int input, output, save_errno, i, need_restart;
+	char ch, *p, *end;
+	struct termios term, oterm;
+	struct sigaction sa, savealrm, saveint, savehup, savequit, saveterm;
+	struct sigaction savetstp, savettin, savettou, savepipe;
+
+	/* I suppose we could alloc on demand in this case (XXX). */
+	if (bufsiz == 0) {
+		errno = EINVAL;
+		return(NULL);
+	}
+
+restart:
+	for (i = 0; i < _NSIG; i++)
+		signo[i] = 0;
+	nr = -1;
+	save_errno = 0;
+	need_restart = 0;
+	/*
+	 * Read and write to /dev/tty if available.  If not, read from
+	 * stdin and write to stderr unless a tty is required.
+	 */
+	if ((flags & RPP_STDIN) ||
+	    (input = output = open(_PATH_TTY, O_RDWR)) == -1) {
+		if (flags & RPP_REQUIRE_TTY) {
+			errno = ENOTTY;
+			return(NULL);
+		}
+		input = STDIN_FILENO;
+		output = STDERR_FILENO;
+	}
+
+	/*
+	 * Turn off echo if possible.
+	 * If we are using a tty but are not the foreground pgrp this will
+	 * generate SIGTTOU, so do it *before* installing the signal handlers.
+	 */
+	if (input != STDIN_FILENO && tcgetattr(input, &oterm) == 0) {
+		memcpy(&term, &oterm, sizeof(term));
+		if (!(flags & RPP_ECHO_ON))
+			term.c_lflag &= ~(ECHO | ECHONL);
+#ifdef VSTATUS
+		if (term.c_cc[VSTATUS] != _POSIX_VDISABLE)
+			term.c_cc[VSTATUS] = _POSIX_VDISABLE;
+#endif
+		(void)tcsetattr(input, TCSAFLUSH|TCSASOFT, &term);
+	} else {
+		memset(&term, 0, sizeof(term));
+		term.c_lflag |= ECHO;
+		memset(&oterm, 0, sizeof(oterm));
+		oterm.c_lflag |= ECHO;
+	}
+
+	/*
+	 * Catch signals that would otherwise cause the user to end
+	 * up with echo turned off in the shell.  Don't worry about
+	 * things like SIGXCPU and SIGVTALRM for now.
+	 */
+	sigemptyset(&sa.sa_mask);
+	sa.sa_flags = 0;		/* don't restart system calls */
+	sa.sa_handler = handler;
+	(void)sigaction(SIGALRM, &sa, &savealrm);
+	(void)sigaction(SIGHUP, &sa, &savehup);
+	(void)sigaction(SIGINT, &sa, &saveint);
+	(void)sigaction(SIGPIPE, &sa, &savepipe);
+	(void)sigaction(SIGQUIT, &sa, &savequit);
+	(void)sigaction(SIGTERM, &sa, &saveterm);
+	(void)sigaction(SIGTSTP, &sa, &savetstp);
+	(void)sigaction(SIGTTIN, &sa, &savettin);
+	(void)sigaction(SIGTTOU, &sa, &savettou);
+
+	if (!(flags & RPP_STDIN))
+		(void)write(output, prompt, strlen(prompt));
+	end = buf + bufsiz - 1;
+	p = buf;
+	while ((nr = read(input, &ch, 1)) == 1 && ch != '\n' && ch != '\r') {
+		if (p < end) {
+			if ((flags & RPP_SEVENBIT))
+				ch &= 0x7f;
+			if (isalpha((unsigned char)ch)) {
+				if ((flags & RPP_FORCELOWER))
+					ch = (char)tolower((unsigned char)ch);
+				if ((flags & RPP_FORCEUPPER))
+					ch = (char)toupper((unsigned char)ch);
+			}
+			*p++ = ch;
+		}
+	}
+	*p = '\0';
+	save_errno = errno;
+	if (!(term.c_lflag & ECHO))
+		(void)write(output, "\n", 1);
+
+	/* Restore old terminal settings and signals. */
+	if (memcmp(&term, &oterm, sizeof(term)) != 0) {
+		const int sigttou = signo[SIGTTOU];
+
+		/* Ignore SIGTTOU generated when we are not the fg pgrp. */
+		while (tcsetattr(input, TCSAFLUSH|TCSASOFT, &oterm) == -1 &&
+		    errno == EINTR && !signo[SIGTTOU])
+			continue;
+		signo[SIGTTOU] = sigttou;
+	}
+	(void)sigaction(SIGALRM, &savealrm, NULL);
+	(void)sigaction(SIGHUP, &savehup, NULL);
+	(void)sigaction(SIGINT, &saveint, NULL);
+	(void)sigaction(SIGQUIT, &savequit, NULL);
+	(void)sigaction(SIGPIPE, &savepipe, NULL);
+	(void)sigaction(SIGTERM, &saveterm, NULL);
+	(void)sigaction(SIGTSTP, &savetstp, NULL);
+	(void)sigaction(SIGTTIN, &savettin, NULL);
+	(void)sigaction(SIGTTOU, &savettou, NULL);
+	if (input != STDIN_FILENO)
+		(void)close(input);
+
+	/*
+	 * If we were interrupted by a signal, resend it to ourselves
+	 * now that we have restored the signal handlers.
+	 */
+	for (i = 0; i < _NSIG; i++) {
+		if (signo[i]) {
+			kill(getpid(), i);
+			switch (i) {
+			case SIGTSTP:
+			case SIGTTIN:
+			case SIGTTOU:
+				need_restart = 1;
+			}
+		}
+	}
+	if (need_restart)
+		goto restart;
+
+	if (save_errno)
+		errno = save_errno;
+	return(nr == -1 ? NULL : buf);
+}
+
+static void handler(int s)
+{
+
+	signo[s] = 1;
+}

libmisc/readpassphrase.h

@@ -0,0 +1,43 @@
+/*	$OpenBSD: readpassphrase.h,v 1.4 2003/06/03 01:52:39 millert Exp $	*/
+
+/*
+ * Copyright (c) 2000, 2002 Todd C. Miller <Todd.Miller@courtesan.com>
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ *
+ * Sponsored in part by the Defense Advanced Research Projects
+ * Agency (DARPA) and Air Force Research Laboratory, Air Force
+ * Materiel Command, USAF, under agreement number F39502-99-1-0512.
+ */
+
+#ifndef LIBBSD_READPASSPHRASE_H
+#define LIBBSD_READPASSPHRASE_H
+
+#define RPP_ECHO_OFF    0x00		/* Turn off echo (default). */
+#define RPP_ECHO_ON     0x01		/* Leave echo on. */
+#define RPP_REQUIRE_TTY 0x02		/* Fail if there is no tty. */
+#define RPP_FORCELOWER  0x04		/* Force input to lower case. */
+#define RPP_FORCEUPPER  0x08		/* Force input to upper case. */
+#define RPP_SEVENBIT    0x10		/* Strip the high bit from input. */
+#define RPP_STDIN       0x20		/* Read from stdin, not /dev/tty */
+
+#ifdef LIBBSD_OVERLAY
+#include <sys/cdefs.h>
+#endif
+#include <sys/types.h>
+
+__BEGIN_DECLS
+char * readpassphrase(const char *, char *, size_t, int);
+__END_DECLS
+
+#endif /* !LIBBSD_READPASSPHRASE_H */

libmisc/utmp.c

@@ -97,7 +97,7 @@ static void failtmp (const char *username, const struct utmp *failent)
 	 * Append the new failure record and close the log file.
 	 */
 
-	if (   (write (fd, failent, sizeof *failent) != (ssize_t) sizeof *failent)
+	if (   (write_full (fd, failent, sizeof *failent) != (ssize_t) sizeof *failent)
 	    || (close (fd) != 0)) {
 		SYSLOG ((LOG_WARN,
 		         "Can't append failure of user %s to %s.",
@@ -194,7 +194,7 @@ static void updwtmp (const char *filename, const struct utmp *ut)
 
 	fd = open (filename, O_APPEND | O_WRONLY, 0);
 	if (fd >= 0) {
-		write (fd, ut, sizeof (*ut));
+		write_full (fd, ut, sizeof (*ut));
 		close (fd);
 	}
 }

man/Makefile.am

@@ -202,7 +202,9 @@ EXTRA_DIST = \
 	man8/sulogin.8 \
 	sulogin.8.xml \
 	generate_mans.mak \
-	generate_translations.mak
+	generate_translations.mak \
+	its.rules \
+	shadow-man.xsl
 
 if USE_PAM
 EXTRA_DIST += $(man_nopam)

src/login.c

@@ -400,7 +400,7 @@ static void exit_handler (unused int sig)
 
 static void alarm_handler (unused int sig)
 {
-	write (STDERR_FILENO, tmsg, strlen (tmsg));
+	write_full (STDERR_FILENO, tmsg, strlen (tmsg));
 	signal(SIGALRM, exit_handler);
 	alarm(2);
 }

src/su.c

@@ -164,9 +164,9 @@ static void kill_child (int unused(s))
 {
 	if (0 != pid_child) {
 		(void) kill (-pid_child, SIGKILL);
-		(void) write (STDERR_FILENO, kill_msg, strlen (kill_msg));
+		(void) write_full (STDERR_FILENO, kill_msg, strlen (kill_msg));
 	} else {
-		(void) write (STDERR_FILENO, wait_msg, strlen (wait_msg));
+		(void) write_full (STDERR_FILENO, wait_msg, strlen (wait_msg));
 	}
 	_exit (255);
 }

src/useradd.c

@@ -2067,7 +2067,7 @@ static void faillog_reset (uid_t uid)
 		return;
 	}
 	if (   (lseek (fd, offset_uid, SEEK_SET) != offset_uid)
-	    || (write (fd, &fl, sizeof (fl)) != (ssize_t) sizeof (fl))
+	    || (write_full (fd, &fl, sizeof (fl)) != (ssize_t) sizeof (fl))
 	    || (fsync (fd) != 0)) {
 		fprintf (stderr,
 		         _("%s: failed to reset the faillog entry of UID %lu: %s\n"),
@@ -2112,7 +2112,7 @@ static void lastlog_reset (uid_t uid)
 		return;
 	}
 	if (   (lseek (fd, offset_uid, SEEK_SET) != offset_uid)
-	    || (write (fd, &ll, sizeof (ll)) != (ssize_t) sizeof (ll))
+	    || (write_full (fd, &ll, sizeof (ll)) != (ssize_t) sizeof (ll))
 	    || (fsync (fd) != 0)) {
 		fprintf (stderr,
 		         _("%s: failed to reset the lastlog entry of UID %lu: %s\n"),

src/usermod.c

@@ -1941,7 +1941,7 @@ static void update_lastlog (void)
 	    && (read (fd, &ll, sizeof ll) == (ssize_t) sizeof ll)) {
 		/* Copy the old entry to its new location */
 		if (   (lseek (fd, off_newuid, SEEK_SET) != off_newuid)
-		    || (write (fd, &ll, sizeof ll) != (ssize_t) sizeof ll)
+		    || (write_full (fd, &ll, sizeof ll) != (ssize_t) sizeof ll)
 		    || (fsync (fd) != 0)) {
 			fprintf (stderr,
 			         _("%s: failed to copy the lastlog entry of user %lu to user %lu: %s\n"),
@@ -1957,7 +1957,7 @@ static void update_lastlog (void)
 			/* Reset the new uid's lastlog entry */
 			memzero (&ll, sizeof (ll));
 			if (   (lseek (fd, off_newuid, SEEK_SET) != off_newuid)
-			    || (write (fd, &ll, sizeof ll) != (ssize_t) sizeof ll)
+			    || (write_full (fd, &ll, sizeof ll) != (ssize_t) sizeof ll)
 			    || (fsync (fd) != 0)) {
 				fprintf (stderr,
 				         _("%s: failed to copy the lastlog entry of user %lu to user %lu: %s\n"),
@@ -2001,7 +2001,7 @@ static void update_faillog (void)
 	    && (read (fd, &fl, sizeof fl) == (ssize_t) sizeof fl)) {
 		/* Copy the old entry to its new location */
 		if (   (lseek (fd, off_newuid, SEEK_SET) != off_newuid)
-		    || (write (fd, &fl, sizeof fl) != (ssize_t) sizeof fl)
+		    || (write_full (fd, &fl, sizeof fl) != (ssize_t) sizeof fl)
 		    || (fsync (fd) != 0)) {
 			fprintf (stderr,
 			         _("%s: failed to copy the faillog entry of user %lu to user %lu: %s\n"),
@@ -2017,7 +2017,7 @@ static void update_faillog (void)
 			/* Reset the new uid's faillog entry */
 			memzero (&fl, sizeof (fl));
 			if (   (lseek (fd, off_newuid, SEEK_SET) != off_newuid)
-			    || (write (fd, &fl, sizeof fl) != (ssize_t) sizeof fl)) {
+			    || (write_full (fd, &fl, sizeof fl) != (ssize_t) sizeof fl)) {
 				fprintf (stderr,
 				         _("%s: failed to copy the faillog entry of user %lu to user %lu: %s\n"),
 				         Prog, (unsigned long) user_id, (unsigned long) user_newid, strerror (errno));