Release 4.14.4

Signed-off-by: Alejandro Colomar <alx@kernel.org>

.gitignore

@@ -47,5 +47,5 @@ Makefile.in
 
 /shadow.spec
 /shadow-*.tar.*
-/libmisc/getdate.c
+/lib/getdate.c
 /libsubid/subid.h

Makefile.am

@@ -2,7 +2,7 @@
 
 EXTRA_DIST = NEWS README TODO shadow.spec.in
 
-SUBDIRS = libmisc lib
+SUBDIRS = lib
 
 if ENABLE_SUBIDS
 SUBDIRS += libsubid

TODO

@@ -10,13 +10,13 @@
 
 Check when RLOGIN is enabled if ruserok() exists
 
-Move selinux_file_context out of libmisc/copydir.c
+Move selinux_file_context out of lib/copydir.c
 
 Review hardcoded root account?
 
 review all call to strto
 
-libmisc/cleanup_user.c
+lib/cleanup_user.c
 	cleanup needed (cleanup_report_add_user* not used)
 
 

autogen.sh

@@ -4,6 +4,7 @@ autoreconf -v -f --install || exit 1
 
 ./configure \
 	CFLAGS="-O2 -Wall" \
+	--enable-lastlog \
 	--enable-man \
 	--enable-maintainer-mode \
 	--enable-shared \

configure.ac

@@ -4,7 +4,7 @@ m4_define([libsubid_abi_major], 4)
 m4_define([libsubid_abi_minor], 0)
 m4_define([libsubid_abi_micro], 0)
 m4_define([libsubid_abi], [libsubid_abi_major.libsubid_abi_minor.libsubid_abi_micro])
-AC_INIT([shadow], [4.14.0-rc2], [pkg-shadow-devel@lists.alioth.debian.org], [],
+AC_INIT([shadow], [4.14.4], [pkg-shadow-devel@lists.alioth.debian.org], [],
 	[https://github.com/shadow-maint/shadow])
 AM_INIT_AUTOMAKE([1.11 foreign dist-xz])
 AC_CONFIG_MACRO_DIRS([m4])
@@ -32,6 +32,7 @@ AC_PROG_CC
 AC_PROG_LN_S
 AC_PROG_YACC
 LT_INIT
+LT_LIB_DLLOAD
 
 dnl Checks for libraries.
 
@@ -267,6 +268,9 @@ AC_ARG_WITH(group-name-max-length,
 AC_ARG_WITH(su,
 	[AS_HELP_STRING([--with-su], [build and install su program and man page @<:@default=yes@:>@])],
 	[with_su=$withval], [with_su=yes])
+AC_ARG_WITH(libbsd,
+	[AS_HELP_STRING([--with-libbsd], [use libbsd support @<:@default=yes if found@:>@])],
+	[with_libbsd=$withval], [with_libbsd=yes])
 
 if test "$with_group_name_max_length" = "no" ; then
 	with_group_name_max_length=0
@@ -412,20 +416,28 @@ AC_SUBST(LIYESCRYPT)
 AC_CHECK_LIB(crypt, crypt, [LIYESCRYPT=-lcrypt],
 	[AC_MSG_ERROR([crypt() not found])])
 
-AC_SEARCH_LIBS([readpassphrase], [bsd], [], [
-	AC_MSG_ERROR([readpassphrase() is missing, either from libc or libbsd])
-])
-AS_IF([test "$ac_cv_search_readpassphrase" = "-lbsd"], [
-	PKG_CHECK_MODULES([LIBBSD], [libbsd-overlay])
-])
-dnl Make sure either the libc or libbsd provide the header.
-save_CFLAGS="$CFLAGS"
-CFLAGS="$CFLAGS $LIBBSD_CFLAGS"
-AC_CHECK_HEADERS([readpassphrase.h])
-AS_IF([test "$ac_cv_header_readpassphrase_h" != "yes"], [
-	AC_MSG_ERROR([readpassphrase.h is missing])
-])
-CFLAGS="$save_CFLAGS"
+AC_SUBST(LIBBSD)
+if test "$with_libbsd" != "no"; then
+	AC_SEARCH_LIBS([readpassphrase], [bsd], [], [
+		AC_MSG_ERROR([readpassphrase() is missing, either from libc or libbsd])
+	])
+	AS_IF([test "$ac_cv_search_readpassphrase" = "-lbsd"], [
+		PKG_CHECK_MODULES([LIBBSD], [libbsd-overlay])
+	])
+	dnl Make sure either the libc or libbsd provide the header.
+	save_CFLAGS="$CFLAGS"
+	CFLAGS="$CFLAGS $LIBBSD_CFLAGS"
+	AC_CHECK_HEADERS([readpassphrase.h])
+	AS_IF([test "$ac_cv_header_readpassphrase_h" != "yes"], [
+		AC_MSG_ERROR([readpassphrase.h is missing])
+	])
+	CFLAGS="$save_CFLAGS"
+	AC_DEFINE(WITH_LIBBSD, 1, [Build shadow with libbsd support])
+else
+	AC_DEFINE(WITH_LIBBSD, 0, [Build shadow without libbsd support])
+	AC_CHECK_FUNC(strlcpy, [], [AC_MSG_ERROR([strlcpy is required from glibc >= 2.38 or libbsd])])
+fi
+AM_CONDITIONAL(WITH_LIBBSD, test x$with_libbsd = xyes)
 
 AC_SUBST(LIBACL)
 if test "$with_acl" != "no"; then
@@ -742,7 +754,6 @@ AC_CONFIG_FILES([
 	man/uk/Makefile
 	man/zh_CN/Makefile
 	man/zh_TW/Makefile
-	libmisc/Makefile
 	lib/Makefile
 	libsubid/Makefile
 	libsubid/subid.h
@@ -750,6 +761,7 @@ AC_CONFIG_FILES([
 	contrib/Makefile
 	etc/Makefile
 	etc/pam.d/Makefile
+	etc/shadow-maint/Makefile
 	shadow.spec
 ])
 AC_OUTPUT

docs/index.html

@@ -1,15 +0,0 @@
-<head>
-<title>shadow - Welcome</title>
-</head>
-<body>
-<h2> Welcome!</h2>
-<p> This is the shadow tool suite home page. </p>
-
-<p>
-You can find releases <a href="https://github.com/shadow-maint/shadow/releases">here</a>.
-</p>
-
-<p>
-Raise issues, request features, and report bugs <a href="https://github.com/shadow-maint/shadow/issues">here</a>.
-</p>
-</body>

etc/Makefile.am

@@ -20,4 +20,4 @@ EXTRA_DIST = \
 	$(sysconf_DATA) \
 	$(default_DATA)
 
-SUBDIRS = pam.d
+SUBDIRS = pam.d shadow-maint

etc/pam.d/Makefile.am

@@ -2,20 +2,20 @@
 # and also cooperate to make a distribution for `make dist'
 
 pamd_files = \
+	chpasswd \
 	chfn \
 	chsh \
 	groupmems \
 	login \
+	newusers \
 	passwd
 
 pamd_acct_tools_files = \
 	chage \
-	chgpasswd \
 	chpasswd \
 	groupadd \
 	groupdel \
 	groupmod \
-	newusers \
 	useradd \
 	userdel \
 	usermod

etc/shadow-maint/Makefile.am

@@ -0,0 +1,5 @@
+shadowmaint_files = \
+	groupdel-pre.d/01-kill_group_procs.sh \
+	userdel-pre.d/01-kill_user_procs.sh
+
+EXTRA_DIST = $(shadowmaint_files)

lib/Makefile.am

@@ -5,58 +5,118 @@ DEFS =
 
 noinst_LTLIBRARIES = libshadow.la
 
+if USE_PAM
+LIBCRYPT_PAM = $(LIBCRYPT)
+else
+LIBCRYPT_PAM =
+endif
+
+AM_CPPFLAGS = -I$(top_srcdir)/lib -I$(top_srcdir) $(ECONF_CPPFLAGS)
+
 libshadow_la_CPPFLAGS = $(ECONF_CPPFLAGS)
 if HAVE_VENDORDIR
 libshadow_la_CPPFLAGS += -DVENDORDIR=\"$(VENDORDIR)\"
 endif
 
 libshadow_la_CPPFLAGS += -I$(top_srcdir)
-libshadow_la_CFLAGS = $(LIBBSD_CFLAGS)
+libshadow_la_CFLAGS = $(LIBBSD_CFLAGS) $(LIBCRYPT_PAM) $(LIBSYSTEMD)
+libshadow_la_LIBADD = $(LIBADD_DLOPEN)
 
 libshadow_la_SOURCES = \
+	addgrps.c \
+	age.c \
+	agetpass.c \
+	alloc.c \
+	alloc.h \
+	audit_help.c \
+	basename.c \
+	bit.c \
+	bit.h \
+	chkname.c \
+	chkname.h \
+	chowndir.c \
+	chowntty.c \
+	cleanup.c \
+	cleanup_group.c \
+	cleanup_user.c \
 	commonio.c \
 	commonio.h \
+	console.c \
+	copydir.c \
+	csrand.c \
+	date_to_str.c \
 	defines.h \
 	encrypt.c \
+	entry.c \
+	env.c \
 	exitcodes.h \
 	faillog.h \
+	failure.c \
+	failure.h \
 	fields.c \
+	find_new_gid.c \
+	find_new_uid.c \
+	find_new_sub_gids.c \
+	find_new_sub_uids.c \
 	fputsx.c \
-	getdef.c \
-	getdef.h \
 	get_gid.c \
-	getlong.c \
 	get_pid.c \
 	get_uid.c \
+	getdate.h \
+	getdate.y \
+	getdef.c \
+	getdef.h \
+	getlong.c \
+	getgr_nam_gid.c \
+	getrange.c \
+	gettime.c \
 	getulong.c \
 	groupio.c \
 	groupmem.c \
 	groupio.h \
 	gshadow.c \
+	hushed.c \
+	idmapping.h \
+	idmapping.c \
+	isexpired.c \
+	limits.c \
+	list.c \
 	lockpw.c \
+	loginprompt.c \
+	mail.c \
+	mempcpy.c \
+	mempcpy.h \
+	motd.c \
+	myname.c \
 	nss.c \
 	nscd.c \
 	nscd.h \
-	shadowlog.c \
-	shadowlog.h \
-	shadowlog_internal.h \
-	sssd.c \
-	sssd.h \
+	obscure.c \
 	pam_defs.h \
+	pam_pass.c \
+	pam_pass_non_interactive.c \
 	port.c \
 	port.h \
+	prefix_flag.c \
 	prototypes.h \
 	pwauth.c \
 	pwauth.h \
 	pwio.c \
 	pwio.h \
+	pwd_init.c \
+	pwd2spwd.c \
+	pwdcheck.c \
 	pwmem.c \
+	remove_tree.c \
+	rlogin.c \
+	root_flag.c \
 	run_part.h \
 	run_part.c \
-	subordinateio.h \
-	subordinateio.c \
+	salt.c \
 	selinux.c \
 	semanage.c \
+	setugid.c \
+	setupenv.c \
 	sgetgrent.c \
 	sgetpwent.c \
 	sgetspent.c \
@@ -65,13 +125,63 @@ libshadow_la_SOURCES = \
 	shadow.c \
 	shadowio.c \
 	shadowio.h \
+	shadowlog.c \
+	shadowlog.h \
+	shadowlog_internal.h \
 	shadowmem.c \
-	spawn.c
+	shell.c \
+	spawn.c \
+	sssd.c \
+	sssd.h \
+	stpecpy.c \
+	stpecpy.h \
+	stpeprintf.c \
+	stpeprintf.h \
+	strtoday.c \
+	sub.c \
+	subordinateio.h \
+	subordinateio.c \
+	sulog.c \
+	ttytype.c \
+	tz.c \
+	ulimit.c \
+	user_busy.c \
+	valid.c \
+	write_full.c \
+	xgetpwnam.c \
+	xprefix_getpwnam.c \
+	xgetpwuid.c \
+	xgetgrnam.c \
+	xgetgrgid.c \
+	xgetspnam.c \
+	yesno.c
 
 if WITH_TCB
 libshadow_la_SOURCES += tcbfuncs.c tcbfuncs.h
 endif
 
+if WITH_BTRFS
+libshadow_la_SOURCES += btrfs.c
+endif
+
+if ENABLE_LASTLOG
+libshadow_la_SOURCES += log.c
+endif
+
+if ENABLE_LOGIND
+libshadow_la_SOURCES += logind.c
+else
+libshadow_la_SOURCES += utmp.c
+endif
+
+if !WITH_LIBBSD
+libshadow_la_SOURCES += \
+	freezero.h \
+	freezero.c \
+	readpassphrase.h \
+	readpassphrase.c
+endif
+
 # These files are unneeded for some reason, listed in
 # order of appearance:
 #
@@ -79,4 +189,5 @@ endif
 
 EXTRA_DIST = \
 	.indent.pro \
-	gshadow_.h
+	gshadow_.h \
+	xgetXXbyYY.c

lib/agetpass.c

@@ -18,6 +18,10 @@
 #include "alloc.h"
 #include "prototypes.h"
 
+#if WITH_LIBBSD == 0
+#include "freezero.h"
+#endif /* WITH_LIBBSD */
+
 
 #if !defined(PASS_MAX)
 #define PASS_MAX  BUFSIZ - 1

lib/btrfs.c

@@ -39,7 +39,7 @@ static int run_btrfs_subvolume_cmd(const char *subcmd, const char *arg1, const c
 		NULL
 	};
 
-	if (access(cmd, X_OK)) {
+	if (!cmd || access(cmd, X_OK)) {
 		return 1;
 	}
 

lib/chkname.c

@@ -74,12 +74,14 @@ static bool is_valid_name (const char *name)
 
 bool is_valid_user_name (const char *name)
 {
+	size_t  maxlen;
+
 	/*
 	 * User names length are limited by the kernel
 	 */
-	if (strlen (name) > sysconf(_SC_LOGIN_NAME_MAX)) {
+	maxlen = sysconf(_SC_LOGIN_NAME_MAX);
+	if (strlen(name) >= maxlen)
 		return false;
-	}
 
 	return is_valid_name (name);
 }

lib/commonio.c

@@ -140,7 +140,7 @@ static int do_lock_file (const char *file, const char *lock, bool log)
 	pid = getpid ();
 	snprintf (buf, sizeof buf, "%lu", (unsigned long) pid);
 	len = (ssize_t) strlen (buf) + 1;
-	if (write (fd, buf, (size_t) len) != len) {
+	if (write_full (fd, buf, (size_t) len) != len) {
 		if (log) {
 			(void) fprintf (shadow_logfd,
 			                "%s: %s file write error: %s\n",

lib/copydir.c

@@ -740,42 +740,6 @@ static int copy_special (const struct path_info *src, const struct path_info *ds
 	return err;
 }
 
-/*
- * full_write - write entire buffer
- *
- * Write up to count bytes from the buffer starting at buf to the
- * file referred to by the file descriptor fd.
- * Retry in case of a short write.
- *
- * Returns the number of bytes written on success, -1 on error.
- */
-static ssize_t full_write(int fd, const void *buf, size_t count) {
-	ssize_t written = 0;
-
-	while (count > 0) {
-		ssize_t res;
-
-		res = write(fd, buf, count);
-		if (res < 0) {
-			if (errno == EINTR) {
-				continue;
-			}
-
-			return res;
-		}
-
-		if (res == 0) {
-			break;
-		}
-
-		written += res;
-		buf = (const unsigned char*)buf + res;
-		count -= res;
-	}
-
-	return written;
-}
-
 /*
  * copy_file - copy a file
  *
@@ -852,7 +816,7 @@ static int copy_file (const struct path_info *src, const struct path_info *dst,
 			break;
 		}
 
-		if (full_write (ofd, buf, cnt) < 0) {
+		if (write_full (ofd, buf, cnt) < 0) {
 			(void) close (ofd);
 			(void) close (ifd);
 			return -1;

lib/failure.c

@@ -17,6 +17,7 @@
 #include "defines.h"
 #include "faillog.h"
 #include "failure.h"
+#include "prototypes.h"
 #define	YEAR	(365L*DAY)
 /*
  * failure - make failure entry
@@ -85,7 +86,7 @@ void failure (uid_t uid, const char *tty, struct faillog *fl)
 	 */
 
 	if (   (lseek (fd, offset_uid, SEEK_SET) != offset_uid)
-	    || (write (fd, fl, sizeof *fl) != (ssize_t) sizeof *fl)
+	    || (write_full (fd, fl, sizeof *fl) != (ssize_t) sizeof *fl)
 	    || (close (fd) != 0)) {
 		SYSLOG ((LOG_WARN,
 		         "Can't write faillog entry for UID %lu in %s.",
@@ -184,7 +185,7 @@ int failcheck (uid_t uid, struct faillog *fl, bool failed)
 		fail.fail_cnt = 0;
 
 		if (   (lseek (fd, offset_uid, SEEK_SET) != offset_uid)
-		    || (write (fd, &fail, sizeof fail) != (ssize_t) sizeof fail)
+		    || (write_full (fd, &fail, sizeof fail) != (ssize_t) sizeof fail)
 		    || (close (fd) != 0)) {
 			SYSLOG ((LOG_WARN,
 			         "Can't reset faillog entry for UID %lu in %s.",

lib/freezero.c

@@ -0,0 +1,30 @@
+/*	$OpenBSD: malloc.c,v 1.267 2020/11/23 15:42:11 otto Exp $	*/
+/*
+ * Copyright (c) 2008, 2010, 2011, 2016 Otto Moerbeek <otto@drijf.net>
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ */
+
+#include <stdlib.h>
+#include <string.h>
+
+void
+freezero(void *ptr, size_t sz)
+{
+	/* This is legal. */
+	if (ptr == NULL)
+		return;
+
+	explicit_bzero(ptr, sz);
+	free(ptr);
+}

lib/freezero.h

@@ -0,0 +1,34 @@
+/*
+ * Copyright © 2005 Aurelien Jarno
+ * Copyright © 2006 Robert Millan
+ * Copyright © 2008-2011 Guillem Jover <guillem@hadrons.org>
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. The name of the author may not be used to endorse or promote products
+ *    derived from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
+ * INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
+ * AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL
+ * THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+ * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS;
+ * OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+ * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
+ * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
+ * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#ifndef LIBBSD_FREEZERO_H
+#define LIBBSD_FREEZERO_H
+
+void freezero(void *ptr, size_t size);
+
+#endif

lib/idmapping.c

@@ -215,7 +215,7 @@ void write_mapping(int proc_dir_fd, int ranges, const struct map_range *mappings
 			log_get_progname(), map_file, strerror(errno));
 		exit(EXIT_FAILURE);
 	}
-	if (write(fd, buf, pos - buf) != (pos - buf)) {
+	if (write_full(fd, buf, pos - buf) != (pos - buf)) {
 		fprintf(log_get_logfd(), _("%s: write to %s failed: %s\n"),
 			log_get_progname(), map_file, strerror(errno));
 		exit(EXIT_FAILURE);

lib/log.c

@@ -82,7 +82,7 @@ void dolastlog (
 	strncpy (newlog.ll_host, host, sizeof (newlog.ll_host) - 1);
 #endif
 	if (   (lseek (fd, offset, SEEK_SET) != offset)
-	    || (write (fd, &newlog, sizeof newlog) != (ssize_t) sizeof newlog)
+	    || (write_full (fd, &newlog, sizeof newlog) != (ssize_t) sizeof newlog)
 	    || (close (fd) != 0)) {
 		SYSLOG ((LOG_WARN,
 		         "Can't write lastlog entry for UID %lu in %s.",

lib/logind.c

@@ -35,7 +35,7 @@ done:
     return ret;
 }
 
-unsigned long active_sessions_count(const char *name, unsigned long unused)
+unsigned long active_sessions_count(const char *name, unsigned long unused(limit))
 {
     struct passwd *pw;
     unsigned long count = 0;

lib/obscure.c

@@ -24,6 +24,11 @@
 #include "prototypes.h"
 #include "defines.h"
 #include "getdef.h"
+
+#if WITH_LIBBSD == 0
+#include "freezero.h"
+#endif /* WITH_LIBBSD */
+
 /*
  * can't be a palindrome - like `R A D A R' or `M A D A M'
  */

lib/prototypes.h

@@ -10,7 +10,7 @@
 /*
  * prototypes.h
  *
- * prototypes of libmisc functions, and private lib functions.
+ * prototypes of some lib functions, and private lib functions.
  *
  * $Id$
  *
@@ -526,6 +526,9 @@ extern unsigned long active_sessions_count(const char *name,
 /* valid.c */
 extern bool valid (const char *, const struct passwd *);
 
+/* write_full.c */
+extern ssize_t write_full(int fd, const void *buf, size_t count);
+
 /* xgetpwnam.c */
 extern /*@null@*/ /*@only@*/struct passwd *xgetpwnam (const char *);
 /* xprefix_getpwnam.c */

lib/readpassphrase.c

@@ -0,0 +1,198 @@
+/*	$OpenBSD: readpassphrase.c,v 1.26 2016/10/18 12:47:18 millert Exp $	*/
+
+/*
+ * Copyright (c) 2000-2002, 2007, 2010
+ *	Todd C. Miller <Todd.Miller@courtesan.com>
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ *
+ * Sponsored in part by the Defense Advanced Research Projects
+ * Agency (DARPA) and Air Force Research Laboratory, Air Force
+ * Materiel Command, USAF, under agreement number F39502-99-1-0512.
+ */
+
+#include <ctype.h>
+#include <errno.h>
+#include <fcntl.h>
+#include <paths.h>
+#include <pwd.h>
+#include <signal.h>
+#include <string.h>
+#include <termios.h>
+#include <unistd.h>
+#include <readpassphrase.h>
+
+#ifndef TCSASOFT
+#define TCSASOFT 0
+#endif
+
+#ifndef _NSIG
+#if defined(NSIG)
+#define _NSIG NSIG
+#else
+/* The SIGRTMAX define might be set to a function such as sysconf(). */
+#define _NSIG (SIGRTMAX + 1)
+#endif
+#endif
+
+static volatile sig_atomic_t signo[_NSIG];
+
+static void handler(int);
+
+char *
+readpassphrase(const char *prompt, char *buf, size_t bufsiz, int flags)
+{
+	ssize_t nr;
+	int input, output, save_errno, i, need_restart;
+	char ch, *p, *end;
+	struct termios term, oterm;
+	struct sigaction sa, savealrm, saveint, savehup, savequit, saveterm;
+	struct sigaction savetstp, savettin, savettou, savepipe;
+
+	/* I suppose we could alloc on demand in this case (XXX). */
+	if (bufsiz == 0) {
+		errno = EINVAL;
+		return(NULL);
+	}
+
+restart:
+	for (i = 0; i < _NSIG; i++)
+		signo[i] = 0;
+	nr = -1;
+	save_errno = 0;
+	need_restart = 0;
+	/*
+	 * Read and write to /dev/tty if available.  If not, read from
+	 * stdin and write to stderr unless a tty is required.
+	 */
+	if ((flags & RPP_STDIN) ||
+	    (input = output = open(_PATH_TTY, O_RDWR)) == -1) {
+		if (flags & RPP_REQUIRE_TTY) {
+			errno = ENOTTY;
+			return(NULL);
+		}
+		input = STDIN_FILENO;
+		output = STDERR_FILENO;
+	}
+
+	/*
+	 * Turn off echo if possible.
+	 * If we are using a tty but are not the foreground pgrp this will
+	 * generate SIGTTOU, so do it *before* installing the signal handlers.
+	 */
+	if (input != STDIN_FILENO && tcgetattr(input, &oterm) == 0) {
+		memcpy(&term, &oterm, sizeof(term));
+		if (!(flags & RPP_ECHO_ON))
+			term.c_lflag &= ~(ECHO | ECHONL);
+#ifdef VSTATUS
+		if (term.c_cc[VSTATUS] != _POSIX_VDISABLE)
+			term.c_cc[VSTATUS] = _POSIX_VDISABLE;
+#endif
+		(void)tcsetattr(input, TCSAFLUSH|TCSASOFT, &term);
+	} else {
+		memset(&term, 0, sizeof(term));
+		term.c_lflag |= ECHO;
+		memset(&oterm, 0, sizeof(oterm));
+		oterm.c_lflag |= ECHO;
+	}
+
+	/*
+	 * Catch signals that would otherwise cause the user to end
+	 * up with echo turned off in the shell.  Don't worry about
+	 * things like SIGXCPU and SIGVTALRM for now.
+	 */
+	sigemptyset(&sa.sa_mask);
+	sa.sa_flags = 0;		/* don't restart system calls */
+	sa.sa_handler = handler;
+	(void)sigaction(SIGALRM, &sa, &savealrm);
+	(void)sigaction(SIGHUP, &sa, &savehup);
+	(void)sigaction(SIGINT, &sa, &saveint);
+	(void)sigaction(SIGPIPE, &sa, &savepipe);
+	(void)sigaction(SIGQUIT, &sa, &savequit);
+	(void)sigaction(SIGTERM, &sa, &saveterm);
+	(void)sigaction(SIGTSTP, &sa, &savetstp);
+	(void)sigaction(SIGTTIN, &sa, &savettin);
+	(void)sigaction(SIGTTOU, &sa, &savettou);
+
+	if (!(flags & RPP_STDIN))
+		(void)write(output, prompt, strlen(prompt));
+	end = buf + bufsiz - 1;
+	p = buf;
+	while ((nr = read(input, &ch, 1)) == 1 && ch != '\n' && ch != '\r') {
+		if (p < end) {
+			if ((flags & RPP_SEVENBIT))
+				ch &= 0x7f;
+			if (isalpha((unsigned char)ch)) {
+				if ((flags & RPP_FORCELOWER))
+					ch = (char)tolower((unsigned char)ch);
+				if ((flags & RPP_FORCEUPPER))
+					ch = (char)toupper((unsigned char)ch);
+			}
+			*p++ = ch;
+		}
+	}
+	*p = '\0';
+	save_errno = errno;
+	if (!(term.c_lflag & ECHO))
+		(void)write(output, "\n", 1);
+
+	/* Restore old terminal settings and signals. */
+	if (memcmp(&term, &oterm, sizeof(term)) != 0) {
+		const int sigttou = signo[SIGTTOU];
+
+		/* Ignore SIGTTOU generated when we are not the fg pgrp. */
+		while (tcsetattr(input, TCSAFLUSH|TCSASOFT, &oterm) == -1 &&
+		    errno == EINTR && !signo[SIGTTOU])
+			continue;
+		signo[SIGTTOU] = sigttou;
+	}
+	(void)sigaction(SIGALRM, &savealrm, NULL);
+	(void)sigaction(SIGHUP, &savehup, NULL);
+	(void)sigaction(SIGINT, &saveint, NULL);
+	(void)sigaction(SIGQUIT, &savequit, NULL);
+	(void)sigaction(SIGPIPE, &savepipe, NULL);
+	(void)sigaction(SIGTERM, &saveterm, NULL);
+	(void)sigaction(SIGTSTP, &savetstp, NULL);
+	(void)sigaction(SIGTTIN, &savettin, NULL);
+	(void)sigaction(SIGTTOU, &savettou, NULL);
+	if (input != STDIN_FILENO)
+		(void)close(input);
+
+	/*
+	 * If we were interrupted by a signal, resend it to ourselves
+	 * now that we have restored the signal handlers.
+	 */
+	for (i = 0; i < _NSIG; i++) {
+		if (signo[i]) {
+			kill(getpid(), i);
+			switch (i) {
+			case SIGTSTP:
+			case SIGTTIN:
+			case SIGTTOU:
+				need_restart = 1;
+			}
+		}
+	}
+	if (need_restart)
+		goto restart;
+
+	if (save_errno)
+		errno = save_errno;
+	return(nr == -1 ? NULL : buf);
+}
+
+static void handler(int s)
+{
+
+	signo[s] = 1;
+}

lib/readpassphrase.h

@@ -0,0 +1,47 @@
+/*	$OpenBSD: readpassphrase.h,v 1.4 2003/06/03 01:52:39 millert Exp $	*/
+
+/*
+ * Copyright (c) 2000, 2002 Todd C. Miller <Todd.Miller@courtesan.com>
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ *
+ * Sponsored in part by the Defense Advanced Research Projects
+ * Agency (DARPA) and Air Force Research Laboratory, Air Force
+ * Materiel Command, USAF, under agreement number F39502-99-1-0512.
+ */
+
+#ifndef LIBBSD_READPASSPHRASE_H
+#define LIBBSD_READPASSPHRASE_H
+
+#define RPP_ECHO_OFF    0x00		/* Turn off echo (default). */
+#define RPP_ECHO_ON     0x01		/* Leave echo on. */
+#define RPP_REQUIRE_TTY 0x02		/* Fail if there is no tty. */
+#define RPP_FORCELOWER  0x04		/* Force input to lower case. */
+#define RPP_FORCEUPPER  0x08		/* Force input to upper case. */
+#define RPP_SEVENBIT    0x10		/* Strip the high bit from input. */
+#define RPP_STDIN       0x20		/* Read from stdin, not /dev/tty */
+
+#ifdef LIBBSD_OVERLAY
+#include <sys/cdefs.h>
+#endif
+#include <sys/types.h>
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+char * readpassphrase(const char *, char *, size_t, int);
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* !LIBBSD_READPASSPHRASE_H */

lib/sgetgrent.c

@@ -37,8 +37,8 @@
 static char **list (char *s)
 {
 	static char **members = NULL;
-	static int size = 0;	/* max members + 1 */
-	int i;
+	static size_t size = 0;	/* max members + 1 */
+	size_t i;
 
 	i = 0;
 	for (;;) {
@@ -47,8 +47,10 @@ static char **list (char *s)
 		if (i >= size) {
 			size = i + 100;	/* at least: i + 1 */
 			members = REALLOCF(members, size, char *);
-			if (!members)
+			if (!members) {
+				size = 0;
 				return NULL;
+			}
 		}
 		if (!s || s[0] == '\0')
 			break;

lib/utmp.c

@@ -97,7 +97,7 @@ static void failtmp (const char *username, const struct utmp *failent)
 	 * Append the new failure record and close the log file.
 	 */
 
-	if (   (write (fd, failent, sizeof *failent) != (ssize_t) sizeof *failent)
+	if (   (write_full (fd, failent, sizeof *failent) != (ssize_t) sizeof *failent)
 	    || (close (fd) != 0)) {
 		SYSLOG ((LOG_WARN,
 		         "Can't append failure of user %s to %s.",
@@ -194,7 +194,7 @@ static void updwtmp (const char *filename, const struct utmp *ut)
 
 	fd = open (filename, O_APPEND | O_WRONLY, 0);
 	if (fd >= 0) {
-		write (fd, ut, sizeof (*ut));
+		write_full (fd, ut, sizeof (*ut));
 		close (fd);
 	}
 }
@@ -368,17 +368,16 @@ int update_utmp (const char *user,
 	struct utmp *utent, *ut;
 
 	utent = get_current_utmp ();
-	if (utent == NULL) {
-		return -1;
-	}
-
 	ut = prepare_utmp  (user, tty, host, utent);
 
 	(void) setutmp  (ut);	/* make entry in the utmp & wtmp files */
-	free (utent);
+
+	if (utent != NULL) {
+		free (utent);
+	}
 	free (ut);
 
-	return 1;
+	return 0;
 }
 
 void record_failure(const char *failent_user,

lib/write_full.c

@@ -0,0 +1,52 @@
+/*
+ * SPDX-FileCopyrightText:  2023, Christian Göttsche <cgzones@googlemail.com>
+ *
+ * SPDX-License-Identifier:  BSD-3-Clause
+ */
+
+
+#include <config.h>
+
+#ident "$Id$"
+
+#include "prototypes.h"
+
+#include <errno.h>
+#include <unistd.h>
+
+
+/*
+ * write_full - write entire buffer
+ *
+ * Write up to count bytes from the buffer starting at buf to the
+ * file referred to by the file descriptor fd.
+ * Retry in case of a short write.
+ *
+ * Returns the number of bytes written on success, -1 on error.
+ */
+ssize_t write_full(int fd, const void *buf, size_t count) {
+	ssize_t written = 0;
+
+	while (count > 0) {
+		ssize_t res;
+
+		res = write(fd, buf, count);
+		if (res < 0) {
+			if (errno == EINTR) {
+				continue;
+			}
+
+			return res;
+		}
+
+		if (res == 0) {
+			break;
+		}
+
+		written += res;
+		buf = (const unsigned char*)buf + res;
+		count -= res;
+	}
+
+	return written;
+}

libmisc/.indent.pro

@@ -1,5 +0,0 @@
--kr
--i8
--bad
--pcs
--l80

libmisc/Makefile.am

@@ -1,106 +0,0 @@
-
-EXTRA_DIST = .indent.pro xgetXXbyYY.c
-
-AM_CPPFLAGS = -I$(top_srcdir)/lib -I$(top_srcdir) $(ECONF_CPPFLAGS)
-
-noinst_LTLIBRARIES = libmisc.la
-
-if USE_PAM
-LIBCRYPT_PAM = $(LIBCRYPT)
-else
-LIBCRYPT_PAM =
-endif
-
-libmisc_la_CFLAGS = $(LIBBSD_CFLAGS) $(LIBCRYPT_PAM) $(LIBSYSTEMD)
-libmisc_la_SOURCES = \
-	addgrps.c \
-	age.c \
-	agetpass.c \
-	alloc.c \
-	../lib/alloc.h \
-	audit_help.c \
-	basename.c \
-	bit.c \
-	../lib/bit.h \
-	chkname.c \
-	chkname.h \
-	chowndir.c \
-	chowntty.c \
-	cleanup.c \
-	cleanup_group.c \
-	cleanup_user.c \
-	console.c \
-	copydir.c \
-	date_to_str.c \
-	entry.c \
-	env.c \
-	failure.c \
-	failure.h \
-	find_new_gid.c \
-	find_new_uid.c \
-	find_new_sub_gids.c \
-	find_new_sub_uids.c \
-	getdate.h \
-	getdate.y \
-	getgr_nam_gid.c \
-	getrange.c \
-	gettime.c \
-	hushed.c \
-	idmapping.h \
-	idmapping.c \
-	isexpired.c \
-	limits.c \
-	list.c \
-	loginprompt.c \
-	mail.c \
-	mempcpy.c \
-	motd.c \
-	myname.c \
-	obscure.c \
-	pam_pass.c \
-	pam_pass_non_interactive.c \
-	prefix_flag.c \
-	pwd2spwd.c \
-	pwdcheck.c \
-	pwd_init.c \
-	csrand.c \
-	remove_tree.c \
-	rlogin.c \
-	root_flag.c \
-	salt.c \
-	setugid.c \
-	setupenv.c \
-	shell.c \
-	stpecpy.c \
-	../lib/stpecpy.h \
-	stpeprintf.c \
-	../lib/stpeprintf.h \
-	strtoday.c \
-	sub.c \
-	sulog.c \
-	ttytype.c \
-	tz.c \
-	ulimit.c \
-	user_busy.c \
-	valid.c \
-	xgetpwnam.c \
-	xprefix_getpwnam.c \
-	xgetpwuid.c \
-	xgetgrnam.c \
-	xgetgrgid.c \
-	xgetspnam.c \
-	yesno.c
-
-if WITH_BTRFS
-libmisc_la_SOURCES += btrfs.c
-endif
-
-if ENABLE_LASTLOG
-libmisc_la_SOURCES += log.c
-endif
-
-if ENABLE_LOGIND
-libmisc_la_SOURCES += logind.c
-else
-libmisc_la_SOURCES += utmp.c
-endif

libsubid/Makefile.am

@@ -21,10 +21,8 @@ MISCLIBS = \
 
 libsubid_la_LIBADD = \
 	$(top_builddir)/lib/libshadow.la \
-	$(top_builddir)/libmisc/libmisc.la \
 	$(MISCLIBS) -ldl
 
 AM_CPPFLAGS = \
 	-I${top_srcdir}/lib \
-	-I${top_srcdir}/libmisc \
 	-DLOCALEDIR=\"$(datadir)/locale\"

man/Makefile.am

@@ -202,7 +202,9 @@ EXTRA_DIST = \
 	man8/sulogin.8 \
 	sulogin.8.xml \
 	generate_mans.mak \
-	generate_translations.mak
+	generate_translations.mak \
+	its.rules \
+	shadow-man.xsl
 
 if USE_PAM
 EXTRA_DIST += $(man_nopam)