Release 4.14.6

Signed-off-by: Alejandro Colomar <alx@kernel.org>

.github/workflows/runner.yml

@@ -52,6 +52,38 @@ jobs:
         sudo ./run_some
         cat testsuite.log
 
+  # Make sure that 'make dist' makes a usable tarball with no missing files
+  dist-build:
+    runs-on: ubuntu-latest
+    steps:
+    - name: Checkout repository
+      uses: actions/checkout@v3
+
+    - name: Install dependencies
+      run: |
+        sudo cat /etc/apt/sources.list
+        sudo sed -i '/deb-src/d' /etc/apt/sources.list
+        sudo sed -i '/^deb /p;s/ /-src /' /etc/apt/sources.list
+        export DEBIAN_PRIORITY=critical
+        export DEBIAN_FRONTEND=noninteractive
+        # let's try to work around upgrade breakage in a pkg we don't care about
+        sudo apt-mark hold grub-efi-amd64-bin grub-efi-amd64-signed
+        sudo apt-get update
+        sudo apt-get -y dist-upgrade
+        sudo apt-get -y install ubuntu-dev-tools automake autopoint xsltproc gettext expect byacc libtool libbsd-dev pkgconf
+        sudo apt-get -y build-dep shadow
+
+    - name: Test make dist
+      run: |
+        ./autogen.sh
+        make dist
+        f=shadow-*.tar.gz
+        tar -zxf $f
+        d=$(basename $f .tar.gz)
+        cd $d
+        ./configure
+        make -j5
+
   container-build:
     runs-on: ubuntu-latest
     strategy:

.gitignore

@@ -47,5 +47,5 @@ Makefile.in
 
 /shadow.spec
 /shadow-*.tar.*
-/libmisc/getdate.c
+/lib/getdate.c
 /libsubid/subid.h

Makefile.am

@@ -2,7 +2,7 @@
 
 EXTRA_DIST = NEWS README TODO shadow.spec.in
 
-SUBDIRS = libmisc lib
+SUBDIRS = lib
 
 if ENABLE_SUBIDS
 SUBDIRS += libsubid

TODO

@@ -10,13 +10,13 @@
 
 Check when RLOGIN is enabled if ruserok() exists
 
-Move selinux_file_context out of libmisc/copydir.c
+Move selinux_file_context out of lib/copydir.c
 
 Review hardcoded root account?
 
 review all call to strto
 
-libmisc/cleanup_user.c
+lib/cleanup_user.c
 	cleanup needed (cleanup_report_add_user* not used)
 
 

autogen.sh

@@ -4,6 +4,7 @@ autoreconf -v -f --install || exit 1
 
 ./configure \
 	CFLAGS="-O2 -Wall" \
+	--enable-lastlog \
 	--enable-man \
 	--enable-maintainer-mode \
 	--enable-shared \

configure.ac

@@ -4,7 +4,7 @@ m4_define([libsubid_abi_major], 4)
 m4_define([libsubid_abi_minor], 0)
 m4_define([libsubid_abi_micro], 0)
 m4_define([libsubid_abi], [libsubid_abi_major.libsubid_abi_minor.libsubid_abi_micro])
-AC_INIT([shadow], [4.14.0-rc1], [pkg-shadow-devel@lists.alioth.debian.org], [],
+AC_INIT([shadow], [4.14.6], [pkg-shadow-devel@lists.alioth.debian.org], [],
 	[https://github.com/shadow-maint/shadow])
 AM_INIT_AUTOMAKE([1.11 foreign dist-xz])
 AC_CONFIG_MACRO_DIRS([m4])
@@ -32,6 +32,7 @@ AC_PROG_CC
 AC_PROG_LN_S
 AC_PROG_YACC
 LT_INIT
+LT_LIB_DLLOAD
 
 dnl Checks for libraries.
 
@@ -48,7 +49,7 @@ AC_CHECK_HEADER([shadow.h],,[AC_MSG_ERROR([You need a libc with shadow.h])])
 AC_CHECK_FUNCS(arc4random_buf futimes \
 	getentropy getrandom getspnam getusershell \
 	initgroups lckpwdf lutimes mempcpy \
-	setgroups updwtmp updwtmpx innetgr \
+	setgroups updwtmpx innetgr \
 	getspnam_r \
 	rpmatch \
 	memset_explicit explicit_bzero stpecpy stpeprintf)
@@ -56,17 +57,13 @@ AC_SYS_LARGEFILE
 
 dnl Checks for typedefs, structures, and compiler characteristics.
 
-AC_CHECK_MEMBERS([struct utmp.ut_type,
-                  struct utmp.ut_id,
-                  struct utmp.ut_name,
-                  struct utmp.ut_user,
-                  struct utmp.ut_host,
-                  struct utmp.ut_syslen,
-                  struct utmp.ut_addr,
-                  struct utmp.ut_addr_v6,
-                  struct utmp.ut_time,
-                  struct utmp.ut_xtime,
-                  struct utmp.ut_tv],,,[[#include <utmp.h>]])
+AC_CHECK_MEMBERS([struct utmpx.ut_name,
+                  struct utmpx.ut_host,
+                  struct utmpx.ut_syslen,
+                  struct utmpx.ut_addr,
+                  struct utmpx.ut_addr_v6,
+                  struct utmpx.ut_time,
+                  struct utmpx.ut_xtime],,,[[#include <utmpx.h>]])
 
 dnl Checks for library functions.
 AC_TYPE_GETGROUPS
@@ -267,6 +264,9 @@ AC_ARG_WITH(group-name-max-length,
 AC_ARG_WITH(su,
 	[AS_HELP_STRING([--with-su], [build and install su program and man page @<:@default=yes@:>@])],
 	[with_su=$withval], [with_su=yes])
+AC_ARG_WITH(libbsd,
+	[AS_HELP_STRING([--with-libbsd], [use libbsd support @<:@default=yes if found@:>@])],
+	[with_libbsd=$withval], [with_libbsd=yes])
 
 if test "$with_group_name_max_length" = "no" ; then
 	with_group_name_max_length=0
@@ -412,20 +412,28 @@ AC_SUBST(LIYESCRYPT)
 AC_CHECK_LIB(crypt, crypt, [LIYESCRYPT=-lcrypt],
 	[AC_MSG_ERROR([crypt() not found])])
 
-AC_SEARCH_LIBS([readpassphrase], [bsd], [], [
-	AC_MSG_ERROR([readpassphrase() is missing, either from libc or libbsd])
-])
-AS_IF([test "$ac_cv_search_readpassphrase" = "-lbsd"], [
-	PKG_CHECK_MODULES([LIBBSD], [libbsd-overlay])
-])
-dnl Make sure either the libc or libbsd provide the header.
-save_CFLAGS="$CFLAGS"
-CFLAGS="$CFLAGS $LIBBSD_CFLAGS"
-AC_CHECK_HEADERS([readpassphrase.h])
-AS_IF([test "$ac_cv_header_readpassphrase_h" != "yes"], [
-	AC_MSG_ERROR([readpassphrase.h is missing])
-])
-CFLAGS="$save_CFLAGS"
+AC_SUBST(LIBBSD)
+if test "$with_libbsd" != "no"; then
+	AC_SEARCH_LIBS([readpassphrase], [bsd], [], [
+		AC_MSG_ERROR([readpassphrase() is missing, either from libc or libbsd])
+	])
+	AS_IF([test "$ac_cv_search_readpassphrase" = "-lbsd"], [
+		PKG_CHECK_MODULES([LIBBSD], [libbsd-overlay])
+	])
+	dnl Make sure either the libc or libbsd provide the header.
+	save_CFLAGS="$CFLAGS"
+	CFLAGS="$CFLAGS $LIBBSD_CFLAGS"
+	AC_CHECK_HEADERS([readpassphrase.h])
+	AS_IF([test "$ac_cv_header_readpassphrase_h" != "yes"], [
+		AC_MSG_ERROR([readpassphrase.h is missing])
+	])
+	CFLAGS="$save_CFLAGS"
+	AC_DEFINE(WITH_LIBBSD, 1, [Build shadow with libbsd support])
+else
+	AC_DEFINE(WITH_LIBBSD, 0, [Build shadow without libbsd support])
+	AC_CHECK_FUNC(strlcpy, [], [AC_MSG_ERROR([strlcpy is required from glibc >= 2.38 or libbsd])])
+fi
+AM_CONDITIONAL(WITH_LIBBSD, test x$with_libbsd = xyes)
 
 AC_SUBST(LIBACL)
 if test "$with_acl" != "no"; then
@@ -742,7 +750,6 @@ AC_CONFIG_FILES([
 	man/uk/Makefile
 	man/zh_CN/Makefile
 	man/zh_TW/Makefile
-	libmisc/Makefile
 	lib/Makefile
 	libsubid/Makefile
 	libsubid/subid.h
@@ -750,6 +757,7 @@ AC_CONFIG_FILES([
 	contrib/Makefile
 	etc/Makefile
 	etc/pam.d/Makefile
+	etc/shadow-maint/Makefile
 	shadow.spec
 ])
 AC_OUTPUT

docs/index.html

@@ -1,15 +0,0 @@
-<head>
-<title>shadow - Welcome</title>
-</head>
-<body>
-<h2> Welcome!</h2>
-<p> This is the shadow tool suite home page. </p>
-
-<p>
-You can find releases <a href="https://github.com/shadow-maint/shadow/releases">here</a>.
-</p>
-
-<p>
-Raise issues, request features, and report bugs <a href="https://github.com/shadow-maint/shadow/issues">here</a>.
-</p>
-</body>

etc/Makefile.am

@@ -20,4 +20,4 @@ EXTRA_DIST = \
 	$(sysconf_DATA) \
 	$(default_DATA)
 
-SUBDIRS = pam.d
+SUBDIRS = pam.d shadow-maint

etc/pam.d/Makefile.am

@@ -2,20 +2,20 @@
 # and also cooperate to make a distribution for `make dist'
 
 pamd_files = \
+	chpasswd \
 	chfn \
 	chsh \
 	groupmems \
 	login \
+	newusers \
 	passwd
 
 pamd_acct_tools_files = \
 	chage \
 	chgpasswd \
-	chpasswd \
 	groupadd \
 	groupdel \
 	groupmod \
-	newusers \
 	useradd \
 	userdel \
 	usermod

etc/shadow-maint/Makefile.am

@@ -0,0 +1,5 @@
+shadowmaint_files = \
+	groupdel-pre.d/01-kill_group_procs.sh \
+	userdel-pre.d/01-kill_user_procs.sh
+
+EXTRA_DIST = $(shadowmaint_files)

lib/Makefile.am

@@ -5,58 +5,118 @@ DEFS =
 
 noinst_LTLIBRARIES = libshadow.la
 
+if USE_PAM
+LIBCRYPT_PAM = $(LIBCRYPT)
+else
+LIBCRYPT_PAM =
+endif
+
+AM_CPPFLAGS = -I$(top_srcdir)/lib -I$(top_srcdir) $(ECONF_CPPFLAGS)
+
 libshadow_la_CPPFLAGS = $(ECONF_CPPFLAGS)
 if HAVE_VENDORDIR
 libshadow_la_CPPFLAGS += -DVENDORDIR=\"$(VENDORDIR)\"
 endif
 
 libshadow_la_CPPFLAGS += -I$(top_srcdir)
-libshadow_la_CFLAGS = $(LIBBSD_CFLAGS)
+libshadow_la_CFLAGS = $(LIBBSD_CFLAGS) $(LIBCRYPT_PAM) $(LIBSYSTEMD)
+libshadow_la_LIBADD = $(LIBADD_DLOPEN)
 
 libshadow_la_SOURCES = \
+	addgrps.c \
+	age.c \
+	agetpass.c \
+	alloc.c \
+	alloc.h \
+	audit_help.c \
+	basename.c \
+	bit.c \
+	bit.h \
+	chkname.c \
+	chkname.h \
+	chowndir.c \
+	chowntty.c \
+	cleanup.c \
+	cleanup_group.c \
+	cleanup_user.c \
 	commonio.c \
 	commonio.h \
+	console.c \
+	copydir.c \
+	csrand.c \
+	date_to_str.c \
 	defines.h \
 	encrypt.c \
+	entry.c \
+	env.c \
 	exitcodes.h \
 	faillog.h \
+	failure.c \
+	failure.h \
 	fields.c \
+	find_new_gid.c \
+	find_new_uid.c \
+	find_new_sub_gids.c \
+	find_new_sub_uids.c \
 	fputsx.c \
-	getdef.c \
-	getdef.h \
 	get_gid.c \
-	getlong.c \
 	get_pid.c \
 	get_uid.c \
+	getdate.h \
+	getdate.y \
+	getdef.c \
+	getdef.h \
+	getlong.c \
+	getgr_nam_gid.c \
+	getrange.c \
+	gettime.c \
 	getulong.c \
 	groupio.c \
 	groupmem.c \
 	groupio.h \
 	gshadow.c \
+	hushed.c \
+	idmapping.h \
+	idmapping.c \
+	isexpired.c \
+	limits.c \
+	list.c \
 	lockpw.c \
+	loginprompt.c \
+	mail.c \
+	mempcpy.c \
+	mempcpy.h \
+	motd.c \
+	myname.c \
 	nss.c \
 	nscd.c \
 	nscd.h \
-	shadowlog.c \
-	shadowlog.h \
-	shadowlog_internal.h \
-	sssd.c \
-	sssd.h \
+	obscure.c \
 	pam_defs.h \
+	pam_pass.c \
+	pam_pass_non_interactive.c \
 	port.c \
 	port.h \
+	prefix_flag.c \
 	prototypes.h \
 	pwauth.c \
 	pwauth.h \
 	pwio.c \
 	pwio.h \
+	pwd_init.c \
+	pwd2spwd.c \
+	pwdcheck.c \
 	pwmem.c \
+	remove_tree.c \
+	rlogin.c \
+	root_flag.c \
 	run_part.h \
 	run_part.c \
-	subordinateio.h \
-	subordinateio.c \
+	salt.c \
 	selinux.c \
 	semanage.c \
+	setugid.c \
+	setupenv.c \
 	sgetgrent.c \
 	sgetpwent.c \
 	sgetspent.c \
@@ -65,13 +125,63 @@ libshadow_la_SOURCES = \
 	shadow.c \
 	shadowio.c \
 	shadowio.h \
+	shadowlog.c \
+	shadowlog.h \
+	shadowlog_internal.h \
 	shadowmem.c \
-	spawn.c
+	shell.c \
+	spawn.c \
+	sssd.c \
+	sssd.h \
+	stpecpy.c \
+	stpecpy.h \
+	stpeprintf.c \
+	stpeprintf.h \
+	strtoday.c \
+	sub.c \
+	subordinateio.h \
+	subordinateio.c \
+	sulog.c \
+	ttytype.c \
+	tz.c \
+	ulimit.c \
+	user_busy.c \
+	valid.c \
+	write_full.c \
+	xgetpwnam.c \
+	xprefix_getpwnam.c \
+	xgetpwuid.c \
+	xgetgrnam.c \
+	xgetgrgid.c \
+	xgetspnam.c \
+	yesno.c
 
 if WITH_TCB
 libshadow_la_SOURCES += tcbfuncs.c tcbfuncs.h
 endif
 
+if WITH_BTRFS
+libshadow_la_SOURCES += btrfs.c
+endif
+
+if ENABLE_LASTLOG
+libshadow_la_SOURCES += log.c
+endif
+
+if ENABLE_LOGIND
+libshadow_la_SOURCES += logind.c
+else
+libshadow_la_SOURCES += utmp.c
+endif
+
+if !WITH_LIBBSD
+libshadow_la_SOURCES += \
+	freezero.h \
+	freezero.c \
+	readpassphrase.h \
+	readpassphrase.c
+endif
+
 # These files are unneeded for some reason, listed in
 # order of appearance:
 #
@@ -79,4 +189,5 @@ endif
 
 EXTRA_DIST = \
 	.indent.pro \
-	gshadow_.h
+	gshadow_.h \
+	xgetXXbyYY.c

lib/age.c

@@ -139,7 +139,7 @@ int expire (const struct passwd *pw, /*@null@*/const struct spwd *sp)
 
 void agecheck (/*@null@*/const struct spwd *sp)
 {
-	long now = time(NULL) / SCALE;
+	long now = time(NULL) / DAY;
 	long remain;
 
 	if (NULL == sp) {
@@ -164,7 +164,6 @@ void agecheck (/*@null@*/const struct spwd *sp)
 
 	remain = sp->sp_lstchg + sp->sp_max - now;
 	if (remain <= sp->sp_warn) {
-		remain /= DAY / SCALE;
 		if (remain > 1) {
 			(void) printf (_("Your password will expire in %ld days.\n"),
 			               remain);

lib/agetpass.c

@@ -9,7 +9,6 @@
 
 #include <limits.h>
 #include <readpassphrase.h>
-#include <stdio.h>
 #include <stdlib.h>
 #include <string.h>
 
@@ -18,10 +17,9 @@
 #include "alloc.h"
 #include "prototypes.h"
 
-
-#if !defined(PASS_MAX)
-#define PASS_MAX  BUFSIZ - 1
-#endif
+#if WITH_LIBBSD == 0
+#include "freezero.h"
+#endif /* WITH_LIBBSD */
 
 
 /*

lib/btrfs.c

@@ -39,7 +39,7 @@ static int run_btrfs_subvolume_cmd(const char *subcmd, const char *arg1, const c
 		NULL
 	};
 
-	if (access(cmd, X_OK)) {
+	if (!cmd || access(cmd, X_OK)) {
 		return 1;
 	}
 

lib/chkname.c

@@ -74,12 +74,14 @@ static bool is_valid_name (const char *name)
 
 bool is_valid_user_name (const char *name)
 {
+	size_t  maxlen;
+
 	/*
 	 * User names length are limited by the kernel
 	 */
-	if (strlen (name) > sysconf(_SC_LOGIN_NAME_MAX)) {
+	maxlen = sysconf(_SC_LOGIN_NAME_MAX);
+	if (strlen(name) >= maxlen)
 		return false;
-	}
 
 	return is_valid_name (name);
 }

lib/commonio.c

@@ -140,7 +140,7 @@ static int do_lock_file (const char *file, const char *lock, bool log)
 	pid = getpid ();
 	snprintf (buf, sizeof buf, "%lu", (unsigned long) pid);
 	len = (ssize_t) strlen (buf) + 1;
-	if (write (fd, buf, (size_t) len) != len) {
+	if (write_full (fd, buf, (size_t) len) != len) {
 		if (log) {
 			(void) fprintf (shadow_logfd,
 			                "%s: %s file write error: %s\n",

lib/copydir.c

@@ -740,42 +740,6 @@ static int copy_special (const struct path_info *src, const struct path_info *ds
 	return err;
 }
 
-/*
- * full_write - write entire buffer
- *
- * Write up to count bytes from the buffer starting at buf to the
- * file referred to by the file descriptor fd.
- * Retry in case of a short write.
- *
- * Returns the number of bytes written on success, -1 on error.
- */
-static ssize_t full_write(int fd, const void *buf, size_t count) {
-	ssize_t written = 0;
-
-	while (count > 0) {
-		ssize_t res;
-
-		res = write(fd, buf, count);
-		if (res < 0) {
-			if (errno == EINTR) {
-				continue;
-			}
-
-			return res;
-		}
-
-		if (res == 0) {
-			break;
-		}
-
-		written += res;
-		buf = (const unsigned char*)buf + res;
-		count -= res;
-	}
-
-	return written;
-}
-
 /*
  * copy_file - copy a file
  *
@@ -852,7 +816,7 @@ static int copy_file (const struct path_info *src, const struct path_info *dst,
 			break;
 		}
 
-		if (full_write (ofd, buf, cnt) < 0) {
+		if (write_full (ofd, buf, cnt) < 0) {
 			(void) close (ofd);
 			(void) close (ifd);
 			return -1;

lib/defines.h

@@ -25,6 +25,7 @@
     ((N) == 1 ? (const char *) (Msgid1) : (const char *) (Msgid2))
 #endif
 
+#include <stdio.h>
 #include <stdlib.h>
 #include <string.h>
 
@@ -153,7 +154,6 @@ static inline void memzero(void *ptr, size_t size)
  *
  * DAY - seconds / day
  * WEEK - seconds / week
- * SCALE - seconds / aging unit
  */
 
 /* Solaris defines this in shadow.h */
@@ -163,12 +163,6 @@ static inline void memzero(void *ptr, size_t size)
 
 #define WEEK (7*DAY)
 
-#ifdef ITI_AGING
-#define SCALE 1
-#else
-#define SCALE DAY
-#endif
-
 #define WIDTHOF(x)   (sizeof(x) * CHAR_BIT)
 #define NITEMS(arr)  (sizeof((arr)) / sizeof((arr)[0]))
 #define STRLEN(s)    (NITEMS(s) - 1)
@@ -247,4 +241,14 @@ static inline void memzero(void *ptr, size_t size)
 #  define shadow_getenv(name) getenv(name)
 #endif
 
+/*
+ * Maximum password length
+ *
+ * Consider that there is also limit in PAM (PAM_MAX_RESP_SIZE)
+ * currently set to 512.
+ */
+#if !defined(PASS_MAX)
+#define PASS_MAX  BUFSIZ - 1
+#endif
+
 #endif				/* _DEFINES_H_ */

lib/failure.c

@@ -17,6 +17,7 @@
 #include "defines.h"
 #include "faillog.h"
 #include "failure.h"
+#include "prototypes.h"
 #define	YEAR	(365L*DAY)
 /*
  * failure - make failure entry
@@ -85,7 +86,7 @@ void failure (uid_t uid, const char *tty, struct faillog *fl)
 	 */
 
 	if (   (lseek (fd, offset_uid, SEEK_SET) != offset_uid)
-	    || (write (fd, fl, sizeof *fl) != (ssize_t) sizeof *fl)
+	    || (write_full (fd, fl, sizeof *fl) != (ssize_t) sizeof *fl)
 	    || (close (fd) != 0)) {
 		SYSLOG ((LOG_WARN,
 		         "Can't write faillog entry for UID %lu in %s.",
@@ -184,7 +185,7 @@ int failcheck (uid_t uid, struct faillog *fl, bool failed)
 		fail.fail_cnt = 0;
 
 		if (   (lseek (fd, offset_uid, SEEK_SET) != offset_uid)
-		    || (write (fd, &fail, sizeof fail) != (ssize_t) sizeof fail)
+		    || (write_full (fd, &fail, sizeof fail) != (ssize_t) sizeof fail)
 		    || (close (fd) != 0)) {
 			SYSLOG ((LOG_WARN,
 			         "Can't reset faillog entry for UID %lu in %s.",

lib/freezero.c

@@ -0,0 +1,30 @@
+/*	$OpenBSD: malloc.c,v 1.267 2020/11/23 15:42:11 otto Exp $	*/
+/*
+ * Copyright (c) 2008, 2010, 2011, 2016 Otto Moerbeek <otto@drijf.net>
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ */
+
+#include <stdlib.h>
+#include <string.h>
+
+void
+freezero(void *ptr, size_t sz)
+{
+	/* This is legal. */
+	if (ptr == NULL)
+		return;
+
+	explicit_bzero(ptr, sz);
+	free(ptr);
+}

lib/freezero.h

@@ -0,0 +1,34 @@
+/*
+ * Copyright © 2005 Aurelien Jarno
+ * Copyright © 2006 Robert Millan
+ * Copyright © 2008-2011 Guillem Jover <guillem@hadrons.org>
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. The name of the author may not be used to endorse or promote products
+ *    derived from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
+ * INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
+ * AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL
+ * THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+ * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS;
+ * OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+ * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
+ * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
+ * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#ifndef LIBBSD_FREEZERO_H
+#define LIBBSD_FREEZERO_H
+
+void freezero(void *ptr, size_t size);
+
+#endif

lib/getdate.y

@@ -318,7 +318,7 @@ relunit	: tUNUMBER tYEAR_UNIT {
 	    yyRelYear += $1 * $2;
 	}
 	| tYEAR_UNIT {
-	    yyRelYear++;
+	    yyRelYear += $1;
 	}
 	| tUNUMBER tMONTH_UNIT {
 	    yyRelMonth += $1 * $2;
@@ -327,7 +327,7 @@ relunit	: tUNUMBER tYEAR_UNIT {
 	    yyRelMonth += $1 * $2;
 	}
 	| tMONTH_UNIT {
-	    yyRelMonth++;
+	    yyRelMonth += $1;
 	}
 	| tUNUMBER tDAY_UNIT {
 	    yyRelDay += $1 * $2;
@@ -336,7 +336,7 @@ relunit	: tUNUMBER tYEAR_UNIT {
 	    yyRelDay += $1 * $2;
 	}
 	| tDAY_UNIT {
-	    yyRelDay++;
+	    yyRelDay += $1;
 	}
 	| tUNUMBER tHOUR_UNIT {
 	    yyRelHour += $1 * $2;
@@ -345,7 +345,7 @@ relunit	: tUNUMBER tYEAR_UNIT {
 	    yyRelHour += $1 * $2;
 	}
 	| tHOUR_UNIT {
-	    yyRelHour++;
+	    yyRelHour += $1;
 	}
 	| tUNUMBER tMINUTE_UNIT {
 	    yyRelMinutes += $1 * $2;
@@ -354,7 +354,7 @@ relunit	: tUNUMBER tYEAR_UNIT {
 	    yyRelMinutes += $1 * $2;
 	}
 	| tMINUTE_UNIT {
-	    yyRelMinutes++;
+	    yyRelMinutes += $1;
 	}
 	| tUNUMBER tSEC_UNIT {
 	    yyRelSeconds += $1 * $2;
@@ -363,7 +363,7 @@ relunit	: tUNUMBER tYEAR_UNIT {
 	    yyRelSeconds += $1 * $2;
 	}
 	| tSEC_UNIT {
-	    yyRelSeconds++;
+	    yyRelSeconds += $1;
 	}
 	;
 

lib/idmapping.c

@@ -215,7 +215,7 @@ void write_mapping(int proc_dir_fd, int ranges, const struct map_range *mappings
 			log_get_progname(), map_file, strerror(errno));
 		exit(EXIT_FAILURE);
 	}
-	if (write(fd, buf, pos - buf) != (pos - buf)) {
+	if (write_full(fd, buf, pos - buf) != (pos - buf)) {
 		fprintf(log_get_logfd(), _("%s: write to %s failed: %s\n"),
 			log_get_progname(), map_file, strerror(errno));
 		exit(EXIT_FAILURE);

lib/isexpired.c

@@ -40,7 +40,7 @@ int isexpired (const struct passwd *pw, /*@null@*/const struct spwd *sp)
 {
 	long now;
 
-	now = time(NULL) / SCALE;
+	now = time(NULL) / DAY;
 
 	if (NULL == sp) {
 		return 0;
@@ -84,7 +84,7 @@ int isexpired (const struct passwd *pw, /*@null@*/const struct spwd *sp)
 
 	if (   (-1 == sp->sp_lstchg)
 	    || (-1 == sp->sp_max)
-	    || (sp->sp_max >= ((10000L * DAY) / SCALE))) {
+	    || (sp->sp_max >= 10000)) {
 		return 0;
 	}
 

lib/log.c

@@ -24,7 +24,7 @@
  *
  *	A "last login" entry is created for the user being logged in.  The
  *	UID is extracted from the global (struct passwd) entry and the
- *	TTY information is gotten from the (struct utmp).
+ *	TTY information is gotten from the (struct utmpx).
  */
 void dolastlog (
 	struct lastlog *ll,
@@ -82,7 +82,7 @@ void dolastlog (
 	strncpy (newlog.ll_host, host, sizeof (newlog.ll_host) - 1);
 #endif
 	if (   (lseek (fd, offset, SEEK_SET) != offset)
-	    || (write (fd, &newlog, sizeof newlog) != (ssize_t) sizeof newlog)
+	    || (write_full (fd, &newlog, sizeof newlog) != (ssize_t) sizeof newlog)
 	    || (close (fd) != 0)) {
 		SYSLOG ((LOG_WARN,
 		         "Can't write lastlog entry for UID %lu in %s.",

lib/logind.c

@@ -35,7 +35,7 @@ done:
     return ret;
 }
 
-unsigned long active_sessions_count(const char *name, unsigned long unused)
+unsigned long active_sessions_count(const char *name, unsigned long unused(limit))
 {
     struct passwd *pw;
     unsigned long count = 0;

lib/obscure.c

@@ -24,6 +24,11 @@
 #include "prototypes.h"
 #include "defines.h"
 #include "getdef.h"
+
+#if WITH_LIBBSD == 0
+#include "freezero.h"
+#endif /* WITH_LIBBSD */
+
 /*
  * can't be a palindrome - like `R A D A R' or `M A D A M'
  */

lib/prototypes.h

@@ -10,7 +10,7 @@
 /*
  * prototypes.h
  *
- * prototypes of libmisc functions, and private lib functions.
+ * prototypes of some lib functions, and private lib functions.
  *
  * $Id$
  *
@@ -526,6 +526,9 @@ extern unsigned long active_sessions_count(const char *name,
 /* valid.c */
 extern bool valid (const char *, const struct passwd *);
 
+/* write_full.c */
+extern ssize_t write_full(int fd, const void *buf, size_t count);
+
 /* xgetpwnam.c */
 extern /*@null@*/ /*@only@*/struct passwd *xgetpwnam (const char *);
 /* xprefix_getpwnam.c */

lib/pwd2spwd.c

@@ -39,8 +39,8 @@ struct spwd *pwd_to_spwd (const struct passwd *pw)
 		 * Defaults used if there is no pw_age information.
 		 */
 		sp.sp_min = 0;
-		sp.sp_max = (10000L * DAY) / SCALE;
-		sp.sp_lstchg = gettime () / SCALE;
+		sp.sp_max = 10000;
+		sp.sp_lstchg = gettime () / DAY;
 		if (0 == sp.sp_lstchg) {
 			/* Better disable aging than requiring a password
 			 * change */

lib/readpassphrase.c

@@ -0,0 +1,198 @@
+/*	$OpenBSD: readpassphrase.c,v 1.26 2016/10/18 12:47:18 millert Exp $	*/
+
+/*
+ * Copyright (c) 2000-2002, 2007, 2010
+ *	Todd C. Miller <Todd.Miller@courtesan.com>
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ *
+ * Sponsored in part by the Defense Advanced Research Projects
+ * Agency (DARPA) and Air Force Research Laboratory, Air Force
+ * Materiel Command, USAF, under agreement number F39502-99-1-0512.
+ */
+
+#include <ctype.h>
+#include <errno.h>
+#include <fcntl.h>
+#include <paths.h>
+#include <pwd.h>
+#include <signal.h>
+#include <string.h>
+#include <termios.h>
+#include <unistd.h>
+#include <readpassphrase.h>
+
+#ifndef TCSASOFT
+#define TCSASOFT 0
+#endif
+
+#ifndef _NSIG
+#if defined(NSIG)
+#define _NSIG NSIG
+#else
+/* The SIGRTMAX define might be set to a function such as sysconf(). */
+#define _NSIG (SIGRTMAX + 1)
+#endif
+#endif
+
+static volatile sig_atomic_t signo[_NSIG];
+
+static void handler(int);
+
+char *
+readpassphrase(const char *prompt, char *buf, size_t bufsiz, int flags)
+{
+	ssize_t nr;
+	int input, output, save_errno, i, need_restart;
+	char ch, *p, *end;
+	struct termios term, oterm;
+	struct sigaction sa, savealrm, saveint, savehup, savequit, saveterm;
+	struct sigaction savetstp, savettin, savettou, savepipe;
+
+	/* I suppose we could alloc on demand in this case (XXX). */
+	if (bufsiz == 0) {
+		errno = EINVAL;
+		return(NULL);
+	}
+
+restart:
+	for (i = 0; i < _NSIG; i++)
+		signo[i] = 0;
+	nr = -1;
+	save_errno = 0;
+	need_restart = 0;
+	/*
+	 * Read and write to /dev/tty if available.  If not, read from
+	 * stdin and write to stderr unless a tty is required.
+	 */
+	if ((flags & RPP_STDIN) ||
+	    (input = output = open(_PATH_TTY, O_RDWR)) == -1) {
+		if (flags & RPP_REQUIRE_TTY) {
+			errno = ENOTTY;
+			return(NULL);
+		}
+		input = STDIN_FILENO;
+		output = STDERR_FILENO;
+	}
+
+	/*
+	 * Turn off echo if possible.
+	 * If we are using a tty but are not the foreground pgrp this will
+	 * generate SIGTTOU, so do it *before* installing the signal handlers.
+	 */
+	if (input != STDIN_FILENO && tcgetattr(input, &oterm) == 0) {
+		memcpy(&term, &oterm, sizeof(term));
+		if (!(flags & RPP_ECHO_ON))
+			term.c_lflag &= ~(ECHO | ECHONL);
+#ifdef VSTATUS
+		if (term.c_cc[VSTATUS] != _POSIX_VDISABLE)
+			term.c_cc[VSTATUS] = _POSIX_VDISABLE;
+#endif
+		(void)tcsetattr(input, TCSAFLUSH|TCSASOFT, &term);
+	} else {
+		memset(&term, 0, sizeof(term));
+		term.c_lflag |= ECHO;
+		memset(&oterm, 0, sizeof(oterm));
+		oterm.c_lflag |= ECHO;
+	}
+
+	/*
+	 * Catch signals that would otherwise cause the user to end
+	 * up with echo turned off in the shell.  Don't worry about
+	 * things like SIGXCPU and SIGVTALRM for now.
+	 */
+	sigemptyset(&sa.sa_mask);
+	sa.sa_flags = 0;		/* don't restart system calls */
+	sa.sa_handler = handler;
+	(void)sigaction(SIGALRM, &sa, &savealrm);
+	(void)sigaction(SIGHUP, &sa, &savehup);
+	(void)sigaction(SIGINT, &sa, &saveint);
+	(void)sigaction(SIGPIPE, &sa, &savepipe);
+	(void)sigaction(SIGQUIT, &sa, &savequit);
+	(void)sigaction(SIGTERM, &sa, &saveterm);
+	(void)sigaction(SIGTSTP, &sa, &savetstp);
+	(void)sigaction(SIGTTIN, &sa, &savettin);
+	(void)sigaction(SIGTTOU, &sa, &savettou);
+
+	if (!(flags & RPP_STDIN))
+		(void)write(output, prompt, strlen(prompt));
+	end = buf + bufsiz - 1;
+	p = buf;
+	while ((nr = read(input, &ch, 1)) == 1 && ch != '\n' && ch != '\r') {
+		if (p < end) {
+			if ((flags & RPP_SEVENBIT))
+				ch &= 0x7f;
+			if (isalpha((unsigned char)ch)) {
+				if ((flags & RPP_FORCELOWER))
+					ch = (char)tolower((unsigned char)ch);
+				if ((flags & RPP_FORCEUPPER))
+					ch = (char)toupper((unsigned char)ch);
+			}
+			*p++ = ch;
+		}
+	}
+	*p = '\0';
+	save_errno = errno;
+	if (!(term.c_lflag & ECHO))
+		(void)write(output, "\n", 1);
+
+	/* Restore old terminal settings and signals. */
+	if (memcmp(&term, &oterm, sizeof(term)) != 0) {
+		const int sigttou = signo[SIGTTOU];
+
+		/* Ignore SIGTTOU generated when we are not the fg pgrp. */
+		while (tcsetattr(input, TCSAFLUSH|TCSASOFT, &oterm) == -1 &&
+		    errno == EINTR && !signo[SIGTTOU])
+			continue;
+		signo[SIGTTOU] = sigttou;
+	}
+	(void)sigaction(SIGALRM, &savealrm, NULL);
+	(void)sigaction(SIGHUP, &savehup, NULL);
+	(void)sigaction(SIGINT, &saveint, NULL);
+	(void)sigaction(SIGQUIT, &savequit, NULL);
+	(void)sigaction(SIGPIPE, &savepipe, NULL);
+	(void)sigaction(SIGTERM, &saveterm, NULL);
+	(void)sigaction(SIGTSTP, &savetstp, NULL);
+	(void)sigaction(SIGTTIN, &savettin, NULL);
+	(void)sigaction(SIGTTOU, &savettou, NULL);
+	if (input != STDIN_FILENO)
+		(void)close(input);
+
+	/*
+	 * If we were interrupted by a signal, resend it to ourselves
+	 * now that we have restored the signal handlers.
+	 */
+	for (i = 0; i < _NSIG; i++) {
+		if (signo[i]) {
+			kill(getpid(), i);
+			switch (i) {
+			case SIGTSTP:
+			case SIGTTIN:
+			case SIGTTOU:
+				need_restart = 1;
+			}
+		}
+	}
+	if (need_restart)
+		goto restart;
+
+	if (save_errno)
+		errno = save_errno;
+	return(nr == -1 ? NULL : buf);
+}
+
+static void handler(int s)
+{
+
+	signo[s] = 1;
+}

lib/readpassphrase.h

@@ -0,0 +1,47 @@
+/*	$OpenBSD: readpassphrase.h,v 1.4 2003/06/03 01:52:39 millert Exp $	*/
+
+/*
+ * Copyright (c) 2000, 2002 Todd C. Miller <Todd.Miller@courtesan.com>
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ *
+ * Sponsored in part by the Defense Advanced Research Projects
+ * Agency (DARPA) and Air Force Research Laboratory, Air Force
+ * Materiel Command, USAF, under agreement number F39502-99-1-0512.
+ */
+
+#ifndef LIBBSD_READPASSPHRASE_H
+#define LIBBSD_READPASSPHRASE_H
+
+#define RPP_ECHO_OFF    0x00		/* Turn off echo (default). */
+#define RPP_ECHO_ON     0x01		/* Leave echo on. */
+#define RPP_REQUIRE_TTY 0x02		/* Fail if there is no tty. */
+#define RPP_FORCELOWER  0x04		/* Force input to lower case. */
+#define RPP_FORCEUPPER  0x08		/* Force input to upper case. */
+#define RPP_SEVENBIT    0x10		/* Strip the high bit from input. */
+#define RPP_STDIN       0x20		/* Read from stdin, not /dev/tty */
+
+#ifdef LIBBSD_OVERLAY
+#include <sys/cdefs.h>
+#endif
+#include <sys/types.h>
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+char * readpassphrase(const char *, char *, size_t, int);
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* !LIBBSD_READPASSPHRASE_H */

lib/sgetgrent.c

@@ -37,8 +37,8 @@
 static char **list (char *s)
 {
 	static char **members = NULL;
-	static int size = 0;	/* max members + 1 */
-	int i;
+	static size_t size = 0;	/* max members + 1 */
+	size_t i;
 
 	i = 0;
 	for (;;) {
@@ -47,8 +47,10 @@ static char **list (char *s)
 		if (i >= size) {
 			size = i + 100;	/* at least: i + 1 */
 			members = REALLOCF(members, size, char *);
-			if (!members)
+			if (!members) {
+				size = 0;
 				return NULL;
+			}
 		}
 		if (!s || s[0] == '\0')
 			break;

lib/strtoday.c

@@ -68,10 +68,9 @@ long strtoday (const char *str)
 		return retdate;
 	}
 
-	t = get_date (str, NULL);
+	t = get_date(str, NULL);
 	if ((time_t) - 1 == t) {
 		return -2;
 	}
-	/* convert seconds to days since 1970-01-01 */
-	return (t + DAY / 2) / DAY;
+	return t / DAY;
 }

lib/user_busy.c

@@ -49,13 +49,15 @@ int user_busy (const char *name, uid_t uid)
 #endif				/* !__linux__ */
 }
 
-#ifndef __linux__
-static int user_busy_utmp (const char *name)
-{
-	struct utmp *utent;
 
-	setutent ();
-	while ((utent = getutent ()) != NULL)
+#ifndef __linux__
+static int
+user_busy_utmp(const char *name)
+{
+	struct utmpx  *utent;
+
+	setutxent();
+	while ((utent = getutxent()) != NULL)
 	{
 		if (utent->ut_type != USER_PROCESS) {
 			continue;
@@ -77,6 +79,7 @@ static int user_busy_utmp (const char *name)
 }
 #endif				/* !__linux__ */
 
+
 #ifdef __linux__
 #ifdef ENABLE_SUBIDS
 #define in_parentuid_range(uid) ((uid) >= parentuid && (uid) < parentuid + range)

lib/utmp.c

@@ -13,7 +13,7 @@
 #include "prototypes.h"
 #include "getdef.h"
 
-#include <utmp.h>
+#include <utmpx.h>
 #include <assert.h>
 #include <sys/param.h>
 #include <sys/types.h>
@@ -27,19 +27,23 @@
 #ident "$Id$"
 
 
+#define UTX_LINESIZE  NITEMS((struct utmpx){}.ut_line)
+
+
 /*
  * is_my_tty -- determine if "tty" is the same TTY stdin is using
  */
-static bool is_my_tty (const char tty[UT_LINESIZE])
+static bool
+is_my_tty(const char tty[UTX_LINESIZE])
 {
-	char         full_tty[STRLEN("/dev/") + UT_LINESIZE + 1];
+	char         full_tty[STRLEN("/dev/") + UTX_LINESIZE + 1];
 	/* tmptty shall be bigger than full_tty */
 	static char  tmptty[sizeof(full_tty) + 1];
 
 	full_tty[0] = '\0';
 	if (tty[0] != '/')
 		strcpy (full_tty, "/dev/");
-	strncat (full_tty, tty, UT_LINESIZE);
+	strncat(full_tty, tty, UTX_LINESIZE);
 
 	if ('\0' == tmptty[0]) {
 		const char *tname = ttyname (STDIN_FILENO);
@@ -55,13 +59,15 @@ static bool is_my_tty (const char tty[UT_LINESIZE])
 	return strcmp (full_tty, tmptty) == 0;
 }
 
+
 /*
  * failtmp - update the cumulative failure log
  *
- *	failtmp updates the (struct utmp) formatted failure log which
+ *	failtmp updates the (struct utmpx) formatted failure log which
  *	maintains a record of all login failures.
  */
-static void failtmp (const char *username, const struct utmp *failent)
+static void
+failtmp(const char *username, const struct utmpx *failent)
 {
 	const char *ftmp;
 	int fd;
@@ -97,7 +103,7 @@ static void failtmp (const char *username, const struct utmp *failent)
 	 * Append the new failure record and close the log file.
 	 */
 
-	if (   (write (fd, failent, sizeof *failent) != (ssize_t) sizeof *failent)
+	if (   (write_full (fd, failent, sizeof *failent) != (ssize_t) sizeof *failent)
 	    || (close (fd) != 0)) {
 		SYSLOG ((LOG_WARN,
 		         "Can't append failure of user %s to %s.",
@@ -106,6 +112,7 @@ static void failtmp (const char *username, const struct utmp *failent)
 	}
 }
 
+
 /*
  * get_current_utmp - return the most probable utmp entry for the current
  *                    session
@@ -114,56 +121,55 @@ static void failtmp (const char *username, const struct utmp *failent)
  *	The line entered by the *getty / telnetd, etc. should also match
  *	the current terminal.
  *
- *	When an entry is returned by get_current_utmp, and if the utmp
+ *	When an entry is returned by get_current_utmp, and if the utmpx
  *	structure has a ut_id field, this field should be used to update
  *	the entry information.
  *
  *	Return NULL if no entries exist in utmp for the current process.
  */
-static
-/*@null@*/ /*@only@*/struct utmp *get_current_utmp (void)
+static /*@null@*/ /*@only@*/struct utmpx *
+get_current_utmp(void)
 {
-	struct utmp *ut;
-	struct utmp *ret = NULL;
+	struct utmpx  *ut;
+	struct utmpx  *ret = NULL;
 
-	setutent ();
+	setutxent();
 
 	/* First, try to find a valid utmp entry for this process.  */
-	while ((ut = getutent ()) != NULL) {
+	while ((ut = getutxent()) != NULL) {
 		if (   (ut->ut_pid == getpid ())
-#ifdef HAVE_STRUCT_UTMP_UT_ID
 		    && ('\0' != ut->ut_id[0])
-#endif
-#ifdef HAVE_STRUCT_UTMP_UT_TYPE
 		    && (   (LOGIN_PROCESS == ut->ut_type)
 		        || (USER_PROCESS  == ut->ut_type))
-#endif
 		    /* A process may have failed to close an entry
 		     * Check if this entry refers to the current tty */
-		    && is_my_tty (ut->ut_line)) {
+		    && is_my_tty(ut->ut_line))
+		{
 			break;
 		}
 	}
 
 	if (NULL != ut) {
-		ret = XMALLOC(1, struct utmp);
+		ret = XMALLOC(1, struct utmpx);
 		memcpy (ret, ut, sizeof (*ret));
 	}
 
-	endutent ();
+	endutxent();
 
 	return ret;
 }
 
-int get_session_host (char **out)
+
+int
+get_session_host(char **out)
 {
-	char *hostname = NULL;
-	struct utmp *ut = NULL;
-	int ret = 0;
+	int           ret = 0;
+	char          *hostname;
+	struct utmpx  *ut;
 
 	ut = get_current_utmp();
 
-#ifdef HAVE_STRUCT_UTMP_UT_HOST
+#if defined(HAVE_STRUCT_UTMPX_UT_HOST)
 	if ((ut != NULL) && (ut->ut_host[0] != '\0')) {
 		hostname = XMALLOC(sizeof(ut->ut_host) + 1, char);
 		strncpy (hostname, ut->ut_host, sizeof (ut->ut_host));
@@ -177,30 +183,29 @@ int get_session_host (char **out)
 #else
 	*out = NULL;
 	ret = -2;
-#endif /* HAVE_STRUCT_UTMP_UT_HOST */
+#endif
 
 	return ret;
 }
 
-#ifndef USE_PAM
+
+#if !defined(USE_PAM) && !defined(HAVE_UPDWTMPX)
 /*
- * Some systems already have updwtmp() and possibly updwtmpx().  Others
+ * Some systems already have updwtmpx().  Others
  * don't, so we re-implement these functions if necessary.
  */
-#ifndef HAVE_UPDWTMP
-static void updwtmp (const char *filename, const struct utmp *ut)
+static void
+updwtmpx(const char *filename, const struct utmpx *ut)
 {
 	int fd;
 
 	fd = open (filename, O_APPEND | O_WRONLY, 0);
 	if (fd >= 0) {
-		write (fd, ut, sizeof (*ut));
+		write_full (fd, ut, sizeof (*ut));
 		close (fd);
 	}
 }
-#endif				/* ! HAVE_UPDWTMP */
-
-#endif				/* ! USE_PAM */
+#endif
 
 
 /*
@@ -221,15 +226,13 @@ static void updwtmp (const char *filename, const struct utmp *ut)
  *
  *	The returned structure shall be freed by the caller.
  */
-static
-/*@only@*/struct utmp *prepare_utmp (const char *name,
-                                     const char *line,
-                                     const char *host,
-                                     /*@null@*/const struct utmp *ut)
+static /*@only@*/struct utmpx *
+prepare_utmp(const char *name, const char *line, const char *host,
+             /*@null@*/const struct utmpx *ut)
 {
-	struct timeval tv;
-	char *hostname = NULL;
-	struct utmp *utent;
+	char            *hostname = NULL;
+	struct utmpx    *utent;
+	struct timeval  tv;
 
 	assert (NULL != name);
 	assert (NULL != line);
@@ -240,13 +243,13 @@ static
 	    && ('\0' != host[0])) {
 		hostname = XMALLOC(strlen(host) + 1, char);
 		strcpy (hostname, host);
-#ifdef HAVE_STRUCT_UTMP_UT_HOST
+#if defined(HAVE_STRUCT_UTMPX_UT_HOST)
 	} else if (   (NULL != ut)
 	           && ('\0' != ut->ut_host[0])) {
 		hostname = XMALLOC(sizeof(ut->ut_host) + 1, char);
 		strncpy (hostname, ut->ut_host, sizeof (ut->ut_host));
 		hostname[sizeof (ut->ut_host)] = '\0';
-#endif				/* HAVE_STRUCT_UTMP_UT_HOST */
+#endif
 	}
 
 	if (strncmp(line, "/dev/", 5) == 0) {
@@ -254,38 +257,32 @@ static
 	}
 
 
-	utent = XCALLOC (1, struct utmp);
+	utent = XCALLOC(1, struct utmpx);
 
 
-#ifdef HAVE_STRUCT_UTMP_UT_TYPE
 	utent->ut_type = USER_PROCESS;
-#endif				/* HAVE_STRUCT_UTMP_UT_TYPE */
 	utent->ut_pid = getpid ();
 	strncpy (utent->ut_line, line,      sizeof (utent->ut_line) - 1);
-#ifdef HAVE_STRUCT_UTMP_UT_ID
 	if (NULL != ut) {
 		strncpy (utent->ut_id, ut->ut_id, sizeof (utent->ut_id));
 	} else {
 		/* XXX - assumes /dev/tty?? */
 		strncpy (utent->ut_id, line + 3, sizeof (utent->ut_id) - 1);
 	}
-#endif				/* HAVE_STRUCT_UTMP_UT_ID */
-#ifdef HAVE_STRUCT_UTMP_UT_NAME
+#if defined(HAVE_STRUCT_UTMPX_UT_NAME)
 	strncpy (utent->ut_name, name,      sizeof (utent->ut_name));
-#endif				/* HAVE_STRUCT_UTMP_UT_NAME */
-#ifdef HAVE_STRUCT_UTMP_UT_USER
+#endif
 	strncpy (utent->ut_user, name,      sizeof (utent->ut_user) - 1);
-#endif				/* HAVE_STRUCT_UTMP_UT_USER */
 	if (NULL != hostname) {
 		struct addrinfo *info = NULL;
-#ifdef HAVE_STRUCT_UTMP_UT_HOST
+#if defined(HAVE_STRUCT_UTMPX_UT_HOST)
 		strncpy (utent->ut_host, hostname, sizeof (utent->ut_host) - 1);
-#endif				/* HAVE_STRUCT_UTMP_UT_HOST */
-#ifdef HAVE_STRUCT_UTMP_UT_SYSLEN
+#endif
+#if defined(HAVE_STRUCT_UTMPX_UT_SYSLEN)
 		utent->ut_syslen = MIN (strlen (hostname),
 		                        sizeof (utent->ut_host));
-#endif				/* HAVE_STRUCT_UTMP_UT_SYSLEN */
-#if defined(HAVE_STRUCT_UTMP_UT_ADDR) || defined(HAVE_STRUCT_UTMP_UT_ADDR_V6)
+#endif
+#if defined(HAVE_STRUCT_UTMPX_UT_ADDR) || defined(HAVE_STRUCT_UTMPX_UT_ADDR_V6)
 		if (getaddrinfo (hostname, NULL, NULL, &info) == 0) {
 			/* getaddrinfo might not be reliable.
 			 * Just try to log what may be useful.
@@ -293,13 +290,13 @@ static
 			if (info->ai_family == AF_INET) {
 				struct sockaddr_in *sa =
 					(struct sockaddr_in *) info->ai_addr;
-#ifdef HAVE_STRUCT_UTMP_UT_ADDR
+# if defined(HAVE_STRUCT_UTMPX_UT_ADDR)
 				memcpy (&(utent->ut_addr),
 				        &(sa->sin_addr),
 				        MIN (sizeof (utent->ut_addr),
 				             sizeof (sa->sin_addr)));
-#endif				/* HAVE_STRUCT_UTMP_UT_ADDR */
-#ifdef HAVE_STRUCT_UTMP_UT_ADDR_V6
+# endif
+# if defined(HAVE_STRUCT_UTMPX_UT_ADDR_V6)
 				memcpy (utent->ut_addr_v6,
 				        &(sa->sin_addr),
 				        MIN (sizeof (utent->ut_addr_v6),
@@ -311,81 +308,80 @@ static
 				        &(sa->sin6_addr),
 				        MIN (sizeof (utent->ut_addr_v6),
 				             sizeof (sa->sin6_addr)));
-#endif				/* HAVE_STRUCT_UTMP_UT_ADDR_V6 */
+# endif
 			}
 			freeaddrinfo (info);
 		}
-#endif		/* HAVE_STRUCT_UTMP_UT_ADDR || HAVE_STRUCT_UTMP_UT_ADDR_V6 */
+#endif
 		free (hostname);
 	}
 	/* ut_exit is only for DEAD_PROCESS */
 	utent->ut_session = getsid (0);
 	if (gettimeofday (&tv, NULL) == 0) {
-#ifdef HAVE_STRUCT_UTMP_UT_TIME
+#if defined(HAVE_STRUCT_UTMPX_UT_TIME)
 		utent->ut_time = tv.tv_sec;
-#endif				/* HAVE_STRUCT_UTMP_UT_TIME */
-#ifdef HAVE_STRUCT_UTMP_UT_XTIME
+#endif
+#if defined(HAVE_STRUCT_UTMPX_UT_XTIME)
 		utent->ut_xtime = tv.tv_usec;
-#endif				/* HAVE_STRUCT_UTMP_UT_XTIME */
-#ifdef HAVE_STRUCT_UTMP_UT_TV
+#endif
 		utent->ut_tv.tv_sec  = tv.tv_sec;
 		utent->ut_tv.tv_usec = tv.tv_usec;
-#endif				/* HAVE_STRUCT_UTMP_UT_TV */
 	}
 
 	return utent;
 }
 
+
 /*
  * setutmp - Update an entry in utmp and log an entry in wtmp
  *
  *	Return 1 on failure and 0 on success.
  */
-static int setutmp (struct utmp *ut)
+static int
+setutmp(struct utmpx *ut)
 {
 	int err = 0;
 
 	assert (NULL != ut);
 
-	setutent ();
-	if (pututline (ut) == NULL) {
+	setutxent();
+	if (pututxline(ut) == NULL) {
 		err = 1;
 	}
-	endutent ();
+	endutxent();
 
-#ifndef USE_PAM
+#if !defined(USE_PAM)
 	/* This is done by pam_lastlog */
-	updwtmp (_WTMP_FILE, ut);
-#endif				/* ! USE_PAM */
+	updwtmpx(_WTMP_FILE, ut);
+#endif
 
 	return err;
 }
 
-int update_utmp (const char *user,
-                 const char *tty,
-                 const char *host)
+
+int
+update_utmp(const char *user, const char *tty, const char *host)
 {
-	struct utmp *utent, *ut;
+	struct utmpx  *utent, *ut;
 
 	utent = get_current_utmp ();
-	if (utent == NULL) {
-		return -1;
-	}
-
 	ut = prepare_utmp  (user, tty, host, utent);
 
 	(void) setutmp  (ut);	/* make entry in the utmp & wtmp files */
-	free (utent);
+
+	if (utent != NULL) {
+		free (utent);
+	}
 	free (ut);
 
-	return 1;
+	return 0;
 }
 
-void record_failure(const char *failent_user,
-                    const char *tty,
-                    const char *hostname)
+
+void
+record_failure(const char *failent_user, const char *tty, const char *hostname)
 {
-	struct utmp *utent, *failent;
+	struct utmpx  *utent, *failent;
 
 	if (getdef_str ("FTMP_FILE") != NULL) {
 		utent = get_current_utmp ();
@@ -396,13 +392,15 @@ void record_failure(const char *failent_user,
 	}
 }
 
-unsigned long active_sessions_count(const char *name, unsigned long limit)
-{
-	struct utmp *ut;
-	unsigned long count = 0;
 
-	setutent ();
-	while ((ut = getutent ()))
+unsigned long
+active_sessions_count(const char *name, unsigned long limit)
+{
+	struct utmpx   *ut;
+	unsigned long  count = 0;
+
+	setutxent();
+	while ((ut = getutxent()))
 	{
 		if (USER_PROCESS != ut->ut_type) {
 			continue;
@@ -418,7 +416,7 @@ unsigned long active_sessions_count(const char *name, unsigned long limit)
 			break;
 		}
 	}
-	endutent ();
+	endutxent();
 
 	return count;
 }

lib/write_full.c

@@ -0,0 +1,52 @@
+/*
+ * SPDX-FileCopyrightText:  2023, Christian Göttsche <cgzones@googlemail.com>
+ *
+ * SPDX-License-Identifier:  BSD-3-Clause
+ */
+
+
+#include <config.h>
+
+#ident "$Id$"
+
+#include "prototypes.h"
+
+#include <errno.h>
+#include <unistd.h>
+
+
+/*
+ * write_full - write entire buffer
+ *
+ * Write up to count bytes from the buffer starting at buf to the
+ * file referred to by the file descriptor fd.
+ * Retry in case of a short write.
+ *
+ * Returns the number of bytes written on success, -1 on error.
+ */
+ssize_t write_full(int fd, const void *buf, size_t count) {
+	ssize_t written = 0;
+
+	while (count > 0) {
+		ssize_t res;
+
+		res = write(fd, buf, count);
+		if (res < 0) {
+			if (errno == EINTR) {
+				continue;
+			}
+
+			return res;
+		}
+
+		if (res == 0) {
+			break;
+		}
+
+		written += res;
+		buf = (const unsigned char*)buf + res;
+		count -= res;
+	}
+
+	return written;
+}

libmisc/.indent.pro

@@ -1,5 +0,0 @@
--kr
--i8
--bad
--pcs
--l80

libmisc/Makefile.am

@@ -1,102 +0,0 @@
-
-EXTRA_DIST = .indent.pro xgetXXbyYY.c
-
-AM_CPPFLAGS = -I$(top_srcdir)/lib -I$(top_srcdir) $(ECONF_CPPFLAGS)
-
-noinst_LTLIBRARIES = libmisc.la
-
-if USE_PAM
-LIBCRYPT_PAM = $(LIBCRYPT)
-else
-LIBCRYPT_PAM =
-endif
-
-libmisc_la_CFLAGS = $(LIBBSD_CFLAGS) $(LIBCRYPT_PAM) $(LIBSYSTEMD)
-libmisc_la_SOURCES = \
-	addgrps.c \
-	age.c \
-	agetpass.c \
-	alloc.c \
-	audit_help.c \
-	basename.c \
-	bit.c \
-	chkname.c \
-	chkname.h \
-	chowndir.c \
-	chowntty.c \
-	cleanup.c \
-	cleanup_group.c \
-	cleanup_user.c \
-	console.c \
-	copydir.c \
-	date_to_str.c \
-	entry.c \
-	env.c \
-	failure.c \
-	failure.h \
-	find_new_gid.c \
-	find_new_uid.c \
-	find_new_sub_gids.c \
-	find_new_sub_uids.c \
-	getdate.h \
-	getdate.y \
-	getgr_nam_gid.c \
-	getrange.c \
-	gettime.c \
-	hushed.c \
-	idmapping.h \
-	idmapping.c \
-	isexpired.c \
-	limits.c \
-	list.c \
-	loginprompt.c \
-	mail.c \
-	mempcpy.c \
-	motd.c \
-	myname.c \
-	obscure.c \
-	pam_pass.c \
-	pam_pass_non_interactive.c \
-	prefix_flag.c \
-	pwd2spwd.c \
-	pwdcheck.c \
-	pwd_init.c \
-	csrand.c \
-	remove_tree.c \
-	rlogin.c \
-	root_flag.c \
-	salt.c \
-	setugid.c \
-	setupenv.c \
-	shell.c \
-	stpecpy.c \
-	stpeprintf.c \
-	strtoday.c \
-	sub.c \
-	sulog.c \
-	ttytype.c \
-	tz.c \
-	ulimit.c \
-	user_busy.c \
-	valid.c \
-	xgetpwnam.c \
-	xprefix_getpwnam.c \
-	xgetpwuid.c \
-	xgetgrnam.c \
-	xgetgrgid.c \
-	xgetspnam.c \
-	yesno.c
-
-if WITH_BTRFS
-libmisc_la_SOURCES += btrfs.c
-endif
-
-if ENABLE_LASTLOG
-libmisc_la_SOURCES += log.c
-endif
-
-if ENABLE_LOGIND
-libmisc_la_SOURCES += logind.c
-else
-libmisc_la_SOURCES += utmp.c
-endif