configure.ac: Release 4.15.0

Signed-off-by: Serge Hallyn <serge@hallyn.com>

.builds/alpine-edge.yml

@@ -1,34 +0,0 @@
-image: alpine/latest
-# apk add --update alpine-sdk
-packages:
-  - cmd:setcap
-  - autoconf
-  - automake
-  - byacc
-  - expect
-  - gettext
-  - gettext-dev
-  - gettext-lang
-  - libbsd-dev
-  - libcap-dev
-  - libtool
-  - linux-pam-dev
-  - pkgconf
-  - sed
-sources:
-  - https://github.com/shadow-maint/shadow
-tasks:
-  - build: |
-      cd shadow
-      ./autogen.sh --without-selinux --disable-man --disable-nls
-      grep ENABLE_ config.status
-  - tasks: |
-      cd shadow
-      cat /proc/self/uid_map
-      cat /proc/self/status
-      make
-      make DESTDIR=/tmp/shadow-inst install
-      sudo make install
-      #TODO - fix up the tests.  Let's merge what's here now as it
-      #at least tests build.
-      #(cd tests; sudo ./run_some || { cat testsuite.log; false; })

.builds/fedora.yml

@@ -1,33 +0,0 @@
-image: fedora/latest
-packages:
-  - autoconf
-  - automake
-  - byacc
-  - expect
-  - findutils
-  - gettext
-  - gettext-devel
-  - git
-  - libbsd-devel
-  - libselinux-devel
-  - libsemanage-devel
-  - libtool
-  - libxslt
-  - pkgconf
-sources:
-  - https://github.com/shadow-maint/shadow
-tasks:
-  - build: |
-      cd shadow
-      ./autogen.sh --with-selinux --enable-man
-      grep ENABLE_ config.status
-  - tasks: |
-      cd shadow
-      cat /proc/self/uid_map
-      cat /proc/self/status
-      make
-      make DESTDIR=/tmp/shadow-inst install
-      sudo make install
-      #TODO - fix up the tests.  Let's merge what's here now as it
-      #at least tests build.
-      #(cd tests; sudo ./run_some || { cat testsuite.log; false; })

.builds/ubuntu-focal.yml

@@ -1,28 +0,0 @@
-image: ubuntu/focal
-packages:
-  - automake
-  - autopoint
-  - xsltproc
-  - libbsd-dev
-  - libselinux1-dev
-  - gettext
-  - expect
-  - byacc
-  - libtool
-  - pkgconf
-sources:
-  - https://github.com/shadow-maint/shadow
-tasks:
-  - build: |
-      cd shadow
-      ./autogen.sh --without-selinux --disable-man
-      grep ENABLE_ config.status
-  - tasks: |
-      cd shadow
-      cat /proc/self/uid_map
-      cat /proc/self/status
-      systemd-detect-virt
-      make
-      make DESTDIR=/tmp/shadow-inst install
-      sudo make install
-      (cd tests; sudo ./run_some || { cat testsuite.log; false; })

.builds/ubuntu-jammy.yml

@@ -1,28 +0,0 @@
-image: ubuntu/22.04
-packages:
-  - automake
-  - autopoint
-  - xsltproc
-  - libbsd-dev
-  - libselinux1-dev
-  - gettext
-  - expect
-  - byacc
-  - libtool
-  - pkgconf
-sources:
-  - https://github.com/shadow-maint/shadow
-tasks:
-  - build: |
-      cd shadow
-      ./autogen.sh --without-selinux --enable-man
-      grep ENABLE_ config.status
-  - tasks: |
-      cat /proc/self/uid_map
-      cat /proc/self/status
-      systemd-detect-virt
-      cd shadow
-      make
-      make DESTDIR=/tmp/shadow-inst install
-      sudo make install
-      (cd tests; sudo ./run_some || { cat testsuite.log; false; })

.github/workflows/runner.yml

@@ -35,7 +35,7 @@ jobs:
         sudo apt-mark hold grub-efi-amd64-bin grub-efi-amd64-signed
         sudo apt-get update
         sudo apt-get -y dist-upgrade
-        sudo apt-get -y install ubuntu-dev-tools automake autopoint xsltproc gettext expect byacc libtool libbsd-dev pkgconf
+        sudo apt-get -y install ubuntu-dev-tools automake autopoint xsltproc gettext expect byacc libtool libbsd-dev pkgconf libcmocka-dev
         sudo apt-get -y build-dep shadow
     - name: configure
       run: |
@@ -49,8 +49,9 @@ jobs:
       run: |
         set -e
         cd tests
+        trap 'cat testsuite.log' ERR
         sudo ./run_some
-        cat testsuite.log
+        trap - ERR
 
   # Make sure that 'make dist' makes a usable tarball with no missing files
   dist-build:
@@ -83,6 +84,7 @@ jobs:
         cd $d
         ./configure
         make -j5
+        make check
 
   container-build:
     runs-on: ubuntu-latest

.travis.yml

@@ -1,52 +0,0 @@
-dist: bionic
-sudo: false
-
-language: c
-
-compiler:
- - gcc
- - clang
-
-arch:
- - amd64
- - arm64
- - ppc64le
- - s390x
-
-before_install:
-  - sudo apt-get update -qq
-  - sudo apt-get -y install -qq automake autopoint xsltproc libselinux1-dev gettext expect
-  - sudo apt-get -y install -qq byacc libtool
-script:
- - ./autogen.sh --without-selinux --disable-man
- - grep ENABLE_ config.status
- - make
-
-env:
-  global:
-   - secure: "G47VYFrtzqalrVjixTqBG9Qsa8EZRcaqsh1k6fq5JgEyHmMQActpvTUDs9FXf1MEqiY5XX3VDVfBsZgKPHgmHsMzD1bX11xpnpGByB8g7gr8I3u2ZkCREqgi77a5l3LeBh+seWiambe/DYOgvPCNa6pCynLgR9advqtgKhpCruU="
-
-addons:
-  coverity_scan:
-
-    project:
-      name: "shadow-maint/shadow"
-      description: "Upstream shadow utils tree"
-
-    notification_email: christian.brauner@ubuntu.com,serge@hallyn.com
-
-    build_command_prepend: "./autogen.sh --without-selinux --disable-man"
-    build_command: "make -kj4 || make"
-    branch_pattern: master
-
-script:
- - cat /proc/self/uid_map
- - cat /proc/self/status
- - systemd-detect-virt
- - ./autogen.sh --without-selinux --disable-man
- - grep ENABLE_ config.status
- - make
- - sudo make install
- - (cd tests; sudo ./run_some; cat testsuite.log)
-
-# vim:et:ts=2:sw=2

AUTHORS.md

@@ -9,6 +9,14 @@ a lot of mail...
 * Serge E. Hallyn <serge@hallyn.com> (2014-now)
 * Christian Brauner <christian@brauner.io> (2019-now)
 * Iker Pedrosa <ipedrosa@redhat.com> (2022-now)
+* Alejandro Colomar <alx@kernel.org> (2023-now) (4.14 stable)
+
+To verify signatures on releases, use the following keys under keys/ :
+
+* Serge Hallyn: keys/66D0387DB85D320F8408166DB175CFA98F192AF2.asc
+* Christian Brauner: keys/4880B8C9BD0E5106FC070F4F7B3C391EFEA93624.asc
+* Iker Pedrosa: keys/4E80EF49C7987B6DE2F81F5005079C6C3A653E57.asc
+* Alejandro Colomar: keys/A9348594CE31283A826FBDD8D57633D441E25BB5.asc
 
 # Authors and contributors
 * Adam Rudnicki <adam@v-lo.krakow.pl>

Makefile.am

@@ -1,6 +1,6 @@
 ## Process this file with automake to produce Makefile.in
 
-EXTRA_DIST = NEWS README TODO shadow.spec.in
+EXTRA_DIST = NEWS README
 
 SUBDIRS = lib
 
@@ -8,7 +8,7 @@ if ENABLE_SUBIDS
 SUBDIRS += libsubid
 endif
 
-SUBDIRS += src po contrib doc etc
+SUBDIRS += src po contrib doc etc tests/unit
 
 if ENABLE_REGENERATE_MAN
 SUBDIRS += man

README.md

@@ -17,6 +17,12 @@ are used for managing group accounts.
 * [Issue tracker](https://github.com/shadow-maint/shadow/issues)
 * [Releases](https://github.com/shadow-maint/shadow/releases)
 
+## Code
+
+The main development branch is at [https://github.com/shadow-maint/shadow.git](https://github.com/shadow-maint/shadow)
+
+See [STABLE.md](https://github.com/shadow-maint/shadow/blob/master/STABLE.md) for a list of supported stable branches.
+
 ## Contacts
 There are several ways to contact us:
 * [the general discussion mailing list](

STABLE.md

@@ -0,0 +1,11 @@
+# Supported stable branches
+
+The following stable branches are kindly maintained by trusted volunteers:
+
+-  4.14.x
+   -  git
+      -  [main](https://www.alejandro-colomar.es/src/alx/shadow/stable/shadow.git/log/?h=4.14.x)
+      -  [mirror](https://github.com/shadow-maint/shadow/tree/4.14.x)
+   -  tarballs
+      -  [main](https://www.alejandro-colomar.es/share/dist/shadow/4/4.14/)
+      -  [mirror](https://github.com/shadow-maint/shadow/releases/)

TODO

@@ -1,127 +0,0 @@
- * Create a common usage function that'd take the array of
-   long options and an array of descriptions and output that so things would
-   be standardized across the utils.
-   Usage strings should be normalized and split first.
-   Investigate optparse.
-
-
-/etc/default/useradd
- * GROUP=1000 should accept a group name.
-
-Check when RLOGIN is enabled if ruserok() exists
-
-Move selinux_file_context out of lib/copydir.c
-
-Review hardcoded root account?
-
-review all call to strto
-
-lib/cleanup_user.c
-	cleanup needed (cleanup_report_add_user* not used)
-
-
-libxcrypt support
- * http://wiki.linuxfromscratch.org/patches/browser/trunk/shadow/shadow-4.0.18.1-owl_blowfish-1.patch
-
-implement getlong, getulong.
-	avoid atoi, atol, atoul, strtol, strtoul, ...
-
-manpages: comment the RLOGIN parts
-
-Replace build_list (in lib/gshadow.c) and list (in lib/sgetgrent.c) by
-comma_to_list()
-
-Revert the modified files if all files could not be changed.
-  * or warn and indicate which files were modified and which were not.
-  * check the order the files are modified.
-
-report nscd_flush_cache failures?
-call nscd from the programs or from lib (commonio?)
-
-PAM: check if a non-interactive conversation function could be used to set
-the password in chpasswd and newusers
-
-WITH_SELINUX
-  - review all tools to check that the strategies are consistent
-
-chage, chfn, chsh: same change needed as in passwd.
-  - probably need moving check_selinux_access to a separate file.
-
-testsuite
- - newgrp
-   - test with unknown user's GID
-
-newusers
- - add logging to SYSLOG & AUDIT
- - use CREATE_HOME
- - Add a -Z option (see useradd / usermod)
-
-Document when/where option appeared, document whether an option is standard
-or not.
-
-Check all the expiry semantics
-
-ALL:
-- move base passwd/shadow/group/gshadow operation to module for allow write
-  different backend modules for db, NIS, LDAP and others. Default backend it
-  will be goot if will be chosen depending on /etc/nsswitch.conf and allow
-  override this by -r <repository> options (where the <repository> can be
-  file, db, nis nisplus, ldap .. like on /etc/nsswitch.conf in service column).
-  passwd have old piece of code with handling -r option and it will be good
-  finish this and propagate on other shadow tools for allow operate on other
-  user databases by well known tools.
-- Protect against signals. Register do_cleanups in a signal handler.
-
-- login.defs
-  - generate depending on configuration
-
-- useradd:
-  - add handle create user mail spool in maildir format.
-  - Add support for -k in -D mode
-  - Add support for -K in -D mode
-  - Add option to create or not the mail spool (and set the default in -D
-    mode)
-  - Change -l to reset the entry if an entry was already there
-  - set the mask in mkdir?
-
-- userdel:
-  - add backup option for the removal of user resources,
-  - user_busy: check that the user is not running any processes.
-  - missing "deleting group" FAILED
-  - home dir removed, but userdel may fail and may leave the user
-    => warning needed
-
-- usermod
-  - add an option equivalent to useradd's -l (only when uid is changed)
-  - the mode of new home directories should be set according to the
-    original mode. Does copy_tree does this?
-  - user renamed, order is not kept in /etc/group (see
-    47_usermod-l_no_shadow_file). This is a problem when the first user is
-    considered as the admin.
-  - see mail "user ID change" on  April, 15
-    + fix call to chown (combination of -m and -u/-g)
-    + add tests
-
-- passwd:
-  - check combination of options (e.g. -u/-l)
-  - when -u refuse to unlock because it would create an empty password, it
-    should not display "Password changed."
-    exit instead?
-
-- newgrp: check the USE_PAM section.
-
-- pwck
-  - Add check to move passwd passwords to shadow if there is a shadow
-    entry (with a password).
-  - Add check to move passwd passwords to shadow if there is a shadow
-    file.
-  - Support an alternative /etc/tcb directory as second parameter.
-  - add options -g / -G to specify alternative group / gshadow files
-
-- su
-  - add a login.defs configuration parameter to add variables to keep in
-    the environment with "su -l" (TERM/TERMCOLOR/...)
-
-- vipw
-  - set ACLs and XATTRs on the temporary file (and backups?)
-  - vipw + selinux -> use lib/selinux.c

autogen.sh

@@ -1,9 +1,20 @@
 #! /bin/sh
 
-autoreconf -v -f --install || exit 1
+autoreconf -v -f --install "$(dirname "$0")" || exit 1
 
-./configure \
-	CFLAGS="-O2 -Wall" \
+CFLAGS="-O2"
+CFLAGS="$CFLAGS -Wall"
+CFLAGS="$CFLAGS -Wextra"
+CFLAGS="$CFLAGS -Werror=implicit-function-declaration"
+CFLAGS="$CFLAGS -Werror=implicit-int"
+CFLAGS="$CFLAGS -Werror=incompatible-pointer-types"
+CFLAGS="$CFLAGS -Werror=int-conversion"
+CFLAGS="$CFLAGS -Wno-expansion-to-defined"
+CFLAGS="$CFLAGS -Wno-unknown-attributes"
+CFLAGS="$CFLAGS -Wno-unknown-warning-option"
+
+"$(dirname "$0")"/configure \
+	CFLAGS="$CFLAGS" \
 	--enable-lastlog \
 	--enable-man \
 	--enable-maintainer-mode \

configure.ac

@@ -4,9 +4,9 @@ m4_define([libsubid_abi_major], 4)
 m4_define([libsubid_abi_minor], 0)
 m4_define([libsubid_abi_micro], 0)
 m4_define([libsubid_abi], [libsubid_abi_major.libsubid_abi_minor.libsubid_abi_micro])
-AC_INIT([shadow], [4.14.2], [pkg-shadow-devel@lists.alioth.debian.org], [],
+AC_INIT([shadow], [4.15.0], [pkg-shadow-devel@lists.alioth.debian.org], [],
 	[https://github.com/shadow-maint/shadow])
-AM_INIT_AUTOMAKE([1.11 foreign dist-xz])
+AM_INIT_AUTOMAKE([1.11 foreign dist-xz subdir-objects])
 AC_CONFIG_MACRO_DIRS([m4])
 AM_SILENT_RULES([yes])
 AC_CONFIG_HEADERS([config.h])
@@ -32,6 +32,7 @@ AC_PROG_CC
 AC_PROG_LN_S
 AC_PROG_YACC
 LT_INIT
+LT_LIB_DLLOAD
 
 dnl Checks for libraries.
 
@@ -47,8 +48,8 @@ AC_CHECK_HEADER([shadow.h],,[AC_MSG_ERROR([You need a libc with shadow.h])])
 
 AC_CHECK_FUNCS(arc4random_buf futimes \
 	getentropy getrandom getspnam getusershell \
-	initgroups lckpwdf lutimes mempcpy \
-	setgroups updwtmp updwtmpx innetgr \
+	initgroups lckpwdf lutimes \
+	setgroups updwtmpx innetgr \
 	getspnam_r \
 	rpmatch \
 	memset_explicit explicit_bzero stpecpy stpeprintf)
@@ -56,17 +57,13 @@ AC_SYS_LARGEFILE
 
 dnl Checks for typedefs, structures, and compiler characteristics.
 
-AC_CHECK_MEMBERS([struct utmp.ut_type,
-                  struct utmp.ut_id,
-                  struct utmp.ut_name,
-                  struct utmp.ut_user,
-                  struct utmp.ut_host,
-                  struct utmp.ut_syslen,
-                  struct utmp.ut_addr,
-                  struct utmp.ut_addr_v6,
-                  struct utmp.ut_time,
-                  struct utmp.ut_xtime,
-                  struct utmp.ut_tv],,,[[#include <utmp.h>]])
+AC_CHECK_MEMBERS([struct utmpx.ut_name,
+                  struct utmpx.ut_host,
+                  struct utmpx.ut_syslen,
+                  struct utmpx.ut_addr,
+                  struct utmpx.ut_addr_v6,
+                  struct utmpx.ut_time,
+                  struct utmpx.ut_xtime],,,[[#include <utmpx.h>]])
 
 dnl Checks for library functions.
 AC_TYPE_GETGROUPS
@@ -243,9 +240,6 @@ AC_ARG_WITH(skey,
 AC_ARG_WITH(tcb,
 	[AS_HELP_STRING([--with-tcb], [use tcb support (incomplete) @<:@default=yes if found@:>@])],
 	[with_tcb=$withval], [with_tcb=maybe])
-AC_ARG_WITH(libcrack,
-	[AS_HELP_STRING([--with-libcrack], [use libcrack @<:@default=no@:>@])],
-	[with_libcrack=$withval], [with_libcrack=no])
 AC_ARG_WITH(sha-crypt,
 	[AS_HELP_STRING([--with-sha-crypt], [allow the SHA256 and SHA512 password encryption algorithms @<:@default=yes@:>@])],
 	[with_sha_crypt=$withval], [with_sha_crypt=yes])
@@ -434,7 +428,6 @@ if test "$with_libbsd" != "no"; then
 	AC_DEFINE(WITH_LIBBSD, 1, [Build shadow with libbsd support])
 else
 	AC_DEFINE(WITH_LIBBSD, 0, [Build shadow without libbsd support])
-	AC_CHECK_FUNC(strlcpy, [], [AC_MSG_ERROR([strlcpy is required from glibc >= 2.38 or libbsd])])
 fi
 AM_CONDITIONAL(WITH_LIBBSD, test x$with_libbsd = xyes)
 
@@ -522,17 +515,6 @@ if test "$with_audit" != "no"; then
 	fi
 fi
 
-AC_SUBST(LIBCRACK)
-if test "$with_libcrack" = "yes"; then
-	echo "checking cracklib flavour, don't be surprised by the results"
-	AC_CHECK_LIB(crack, FascistCheck,
-		[LIBCRACK=-lcrack AC_DEFINE(HAVE_LIBCRACK, 1, [Defined if you have libcrack.])])
-	AC_CHECK_LIB(crack, FascistHistory,
-		AC_DEFINE(HAVE_LIBCRACK_HIST, 1, [Defined if you have the ts&szs cracklib.]))
-	AC_CHECK_LIB(crack, FascistHistoryPw,
-		AC_DEFINE(HAVE_LIBCRACK_PW, 1, [Defined if it includes *Pw functions.]))
-fi
-
 if test "$with_btrfs" != "no"; then
 	AC_CHECK_HEADERS([sys/statfs.h linux/magic.h linux/btrfs_tree.h], \
 		[btrfs_headers="yes"], [btrfs_headers="no"])
@@ -719,6 +701,10 @@ if test "$with_skey" = "yes"; then
 	]])],[AC_DEFINE(SKEY_BSD_STYLE, 1, [Define to support newer BSD S/Key API])],[])
 fi
 
+PKG_CHECK_MODULES([CMOCKA], [cmocka], [have_cmocka="yes"],
+	[AC_MSG_WARN([libcmocka not found, cmocka tests will not be built])])
+AM_CONDITIONAL([HAVE_CMOCKA], [test x$have_cmocka = xyes])
+
 AC_CHECK_FUNC(fgetpwent_r, [AC_DEFINE(HAVE_FGETPWENT_R, 1, [Defined to 1 if you have the declaration of 'fgetpwent_r'])])
 
 AC_DEFINE_UNQUOTED(SHELL, ["$SHELL"], [The default shell.])
@@ -761,7 +747,7 @@ AC_CONFIG_FILES([
 	etc/Makefile
 	etc/pam.d/Makefile
 	etc/shadow-maint/Makefile
-	shadow.spec
+	tests/unit/Makefile
 ])
 AC_OUTPUT
 
@@ -769,7 +755,6 @@ echo
 echo "shadow will be compiled with the following features:"
 echo
 echo "	auditing support:		$with_audit"
-echo "	CrackLib support:		$with_libcrack"
 echo "	PAM support:			$with_libpam"
 if test "$with_libpam" = "yes"; then
 echo "	suid account management tools:	$enable_acct_tools_setuid"

contrib/Makefile.am

@@ -1,6 +1,4 @@
 # This is a dummy Makefile.am to get automake work flawlessly,
 # and also cooperate to make a distribution for `make dist'
 
-EXTRA_DIST = README adduser.c adduser.sh adduser2.sh \
- atudel groupmems.shar shadow-anonftp.patch \
- udbachk.tgz
+EXTRA_DIST = README adduser.c adduser.sh adduser2.sh

contrib/README

@@ -2,9 +2,6 @@ People keep sending various adduser programs and scripts...  They are
 all in this directory.  I haven't tested them, use at your own risk.
 Anyway, the best one I've seen so far is adduser-3.x from Debian.
 
-atudel is a perl script to remove at jobs owned by the specified user
-(atrm in at-2.9 for Linux can't do that).
-
 udbachk.tgz is a passwd/group/shadow file integrity checker.
 
 --marekm

contrib/atudel

@@ -1,58 +0,0 @@
-#!/usr/bin/perl
-#
-# SPDX-FileCopyrightText: 1996 Brian R. Gaeke
-# SPDX-License-Identifier: BSD-4-Clause
-#
-# Additionally:
-#
-# This software is provided without support and without any obligation
-# on the part of Brian R. Gaeke to assist in its use, correction,
-# modification or enhancement.
-#
-#######################################################################
-#
-# this is atudel, version 2, by Brian R. Gaeke <brg@dgate.org>
-#
-
-require "getopts.pl";
-&Getopts('v');
-$username = shift(@ARGV);
-&usage unless $username;
-
-sub usage
-{
-	print STDERR "atudel - remove all at jobs owned by a user\n";
-	print STDERR "usage: $0 [-v] username\n";
-	exit(1);
-}
-
-# odd. unless getpwnam($uname) doesn't seem to work for $uname eq "root" on
-# my linux system. but this does.
-die "user $username does not exist; stopping"
-	unless defined(getpwnam($username));
-
-print "searching for at jobs owned by user $username ..." if $opt_v;
-
-chdir "/var/spool/atjobs" ||
-	die "can't chdir to /var/spool/atjobs: $!\nstopping";
-opendir(DIR,".") || die "can't opendir(/var/spool/atjobs): $!\nstopping";
-@files = grep(!/^\./,grep(-f,readdir(DIR)));
-closedir DIR;
-
-foreach $x (@files)
-{
-	$owner = (getpwuid((stat($x))[4]))[0];
-	push(@nuke_bait,$x) if $owner eq $username;
-}
-
-if (@nuke_bait)
-{
-	print "removed jobIDs: @{nuke_bait}.\n" if $opt_v;
-	unlink @nuke_bait;
-}
-elsif ($opt_v)
-{
-	print "\n";
-}
-
-exit 0;

contrib/groupmems.shar

@@ -1,465 +0,0 @@
-#!/bin/sh
-# This is a shell archive (produced by GNU sharutils 4.2.1).
-# To extract the files from this archive, save it to some FILE, remove
-# everything before the `!/bin/sh' line above, then type `sh FILE'.
-#
-# Made on 2000-05-25 14:41 CDT by <gk4@gnu.austin.ibm.com>.
-# Source directory was `/home/gk4/src/groupmem'.
-#
-# Existing files will *not* be overwritten unless `-c' is specified.
-#
-# This shar contains:
-# length mode       name
-# ------ ---------- ------------------------------------------
-#   1960 -rw-r--r-- Makefile
-#   6348 -rw-r--r-- groupmems.c
-#   3372 -rw------- groupmems.8
-#
-save_IFS="${IFS}"
-IFS="${IFS}:"
-gettext_dir=FAILED
-locale_dir=FAILED
-first_param="$1"
-for dir in $PATH
-do
-  if test "$gettext_dir" = FAILED && test -f $dir/gettext \
-     && ($dir/gettext --version >/dev/null 2>&1)
-  then
-    set `$dir/gettext --version 2>&1`
-    if test "$3" = GNU
-    then
-      gettext_dir=$dir
-    fi
-  fi
-  if test "$locale_dir" = FAILED && test -f $dir/shar \
-     && ($dir/shar --print-text-domain-dir >/dev/null 2>&1)
-  then
-    locale_dir=`$dir/shar --print-text-domain-dir`
-  fi
-done
-IFS="$save_IFS"
-if test "$locale_dir" = FAILED || test "$gettext_dir" = FAILED
-then
-  echo=echo
-else
-  TEXTDOMAINDIR=$locale_dir
-  export TEXTDOMAINDIR
-  TEXTDOMAIN=sharutils
-  export TEXTDOMAIN
-  echo="$gettext_dir/gettext -s"
-fi
-if touch -am -t 200112312359.59 $$.touch >/dev/null 2>&1 && test ! -f 200112312359.59 -a -f $$.touch; then
-  shar_touch='touch -am -t $1$2$3$4$5$6.$7 "$8"'
-elif touch -am 123123592001.59 $$.touch >/dev/null 2>&1 && test ! -f 123123592001.59 -a ! -f 123123592001.5 -a -f $$.touch; then
-  shar_touch='touch -am $3$4$5$6$1$2.$7 "$8"'
-elif touch -am 1231235901 $$.touch >/dev/null 2>&1 && test ! -f 1231235901 -a -f $$.touch; then
-  shar_touch='touch -am $3$4$5$6$2 "$8"'
-else
-  shar_touch=:
-  echo
-  $echo 'WARNING: not restoring timestamps.  Consider getting and'
-  $echo "installing GNU \`touch', distributed in GNU File Utilities..."
-  echo
-fi
-rm -f 200112312359.59 123123592001.59 123123592001.5 1231235901 $$.touch
-#
-if mkdir _sh10937; then
-  $echo 'x -' 'creating lock directory'
-else
-  $echo 'failed to create lock directory'
-  exit 1
-fi
-# ============= Makefile ==============
-if test -f 'Makefile' && test "$first_param" != -c; then
-  $echo 'x -' SKIPPING 'Makefile' '(file already exists)'
-else
-  $echo 'x -' extracting 'Makefile' '(text)'
-  sed 's/^X//' << 'SHAR_EOF' > 'Makefile' &&
-/*
-# SPDX-FileCopyrightText: 2000, International Business Machines, Inc.
-# SPDX-FileCopyrightText: 2000, George Kraft IV, gk4@us.ibm.com
-# SPDX-License-Identifier: BSD-3-Clause
-# 
-X
-all: groupmems
-X
-groupmems: groupmems.c
-X	cc -g -o groupmems groupmems.c -L. -lshadow
-X
-install: groupmems
-X	-/usr/sbin/groupadd groups
-X	install -o root -g groups -m 4770 groupmems /usr/bin
-X
-install.man: groupmems.8
-X	install -o root -g root -m 644 groupmems.8 /usr/man/man8
-X
-SHAR_EOF
-  (set 20 00 05 25 14 40 28 'Makefile'; eval "$shar_touch") &&
-  chmod 0644 'Makefile' ||
-  $echo 'restore of' 'Makefile' 'failed'
-  if ( md5sum --help 2>&1 | grep 'sage: md5sum \[' ) >/dev/null 2>&1 \
-  && ( md5sum --version 2>&1 | grep -v 'textutils 1.12' ) >/dev/null; then
-    md5sum -c << SHAR_EOF >/dev/null 2>&1 \
-    || $echo 'Makefile:' 'MD5 check failed'
-b46cf7ef8d59149093c011ced3f3103c  Makefile
-SHAR_EOF
-  else
-    shar_count="`LC_ALL= LC_CTYPE= LANG= wc -c < 'Makefile'`"
-    test 1960 -eq "$shar_count" ||
-    $echo 'Makefile:' 'original size' '1960,' 'current size' "$shar_count!"
-  fi
-fi
-# ============= groupmems.c ==============
-if test -f 'groupmems.c' && test "$first_param" != -c; then
-  $echo 'x -' SKIPPING 'groupmems.c' '(file already exists)'
-else
-  $echo 'x -' extracting 'groupmems.c' '(text)'
-  sed 's/^X//' << 'SHAR_EOF' > 'groupmems.c' &&
-/*
-X * SPDX-FileCopyrightText: 2000, International Business Machines, Inc.
-X * SPDX-FileCopyrightText: 2000, George Kraft IV, gk4@us.ibm.com
-X * SPDX-License-Identifier: BSD-3-Clause
-X */
-/*
-**
-**	Utility "groupmem" adds and deletes members from a user's group.
-**	
-**	Setup (as "root"):
-**	
-**		groupadd -r groups 
-**		chmod 2770 groupmems
-**		chown root.groups groupmems
-**		groupmems -g groups -a gk4
-**	
-**	Usage (as "gk4"):
-**	
-**		groupmems -a olive
-**		groupmems -a jordan
-**		groupmems -a meghan
-**		groupmems -a morgan
-**		groupmems -a jake
-**		groupmems -l 
-**		groupmems -d jake
-**		groupmems -l 
-*/
-X
-#include <stdio.h>
-#include <pwd.h>
-#include <grp.h>
-#include <sys/types.h>
-#include <sys/stat.h>
-#include <fcntl.h>
-#include "defines.h"
-#include "groupio.h"
-X
-/* Exit Status Values */
-X
-#define EXIT_SUCCESS		0	/* success */
-#define EXIT_USAGE		1	/* invalid command syntax */
-#define EXIT_GROUP_FILE		2	/* group file access problems */
-#define EXIT_NOT_ROOT		3	/* not superuser  */
-#define EXIT_NOT_EROOT		4	/* not effective superuser  */
-#define EXIT_NOT_PRIMARY	5	/* not primary owner of group  */
-#define EXIT_NOT_MEMBER		6	/* member of group does not exist */
-#define EXIT_MEMBER_EXISTS	7	/* member of group already exists */
-X
-#define TRUE 1
-#define FALSE 0
-X
-/* Globals */
-X
-extern int optind;
-extern char *optarg;
-static char *adduser = NULL;
-static char *deluser = NULL;
-static char *thisgroup = NULL;
-static int purge = FALSE;
-static int list = FALSE;
-static int exclusive = 0;
-X
-static int isroot(void) {
-X	return getuid() ? FALSE : TRUE;
-}
-X
-static int isgroup(void) {
-X	gid_t g = getgid();
-X	struct group *grp = getgrgid(g);
-X
-X	return TRUE;
-}
-X
-static char *whoami(void) {
-X	struct group *grp = getgrgid(getgid());
-X	struct passwd *usr = getpwuid(getuid());
-X
-X	if (0 == strcmp(usr->pw_name, grp->gr_name)) {
-X		return (char *)strdup(usr->pw_name);
-X	} else {
-X		return NULL;
-X	} 
-}
-X
-static void
-addtogroup(char *user, char **members) {
-X	int i;
-X	char **pmembers;
-X
-X	for (i = 0; NULL != members[i]; i++ ) {
-X		if (0 == strcmp(user, members[i])) {
-X			fprintf(stderr, "Member already exists\n");
-X			exit(EXIT_MEMBER_EXISTS);
-X		}
-X	}
-X
-X	if (0 == i) {
-X		pmembers = (char **)calloc(2, sizeof(char *));
-X	} else {
-X		pmembers = (char **)realloc(members, sizeof(char *)*(i+1));
-X	}
-X
-X	*members = *pmembers;
-X	members[i] = user;
-X	members[i+1] = NULL;
-}
-X
-static void
-rmfromgroup(char *user, char **members) {
-X	int i;
-X	int found = FALSE;
-X
-X	i = 0;
-X	while (!found && NULL != members[i]) {
-X		if (0 == strcmp(user, members[i])) {
-X			found = TRUE;
-X		} else {
-X			i++;
-X		}
-X	}
-X
-X	while (found && NULL != members[i]) {
-X		members[i] = members[++i];
-X	}
-X
-X	if (!found) {
-X		fprintf(stderr, "Member to remove could not be found\n");
-X		exit(EXIT_NOT_MEMBER);
-X	}
-}
-X
-static void
-nomembers(char **members) {
-X	int i;
-X
-X	for (i = 0; NULL != members[i]; i++ ) {
-X		members[i] = NULL;
-X	}
-}
-X
-static void
-members(char **members) {
-X	int i;
-X
-X	for (i = 0; NULL != members[i]; i++ ) {
-X		printf("%s ", members[i]);
-X
-X		if (NULL == members[i+1]) {
-X			printf("\n");
-X		} else {
-X			printf(" ");
-X		}
-X	}
-}
-X
-static void usage(void) {
-X	fprintf(stderr, "usage: groupmems -a username | -d username | -D | -l [-g groupname]\n");
-X	exit(EXIT_USAGE);
-}
-X
-main(int argc, char **argv) {
-X	int arg, i;
-X	char *name;
-X	struct group *grp;
-X
-X	while ((arg = getopt(argc, argv, "a:d:g:Dl")) != EOF) {
-X		switch (arg) {
-X		case 'a':
-X			adduser = strdup(optarg);
-X			++exclusive;
-X			break;
-X		case 'd':
-X			deluser = strdup(optarg);
-X			++exclusive;
-X			break;
-X		case 'g':
-X			thisgroup = strdup(optarg);
-X			break;
-X		case 'D':
-X			purge = TRUE;
-X			++exclusive;
-X			break;
-X		case 'l':
-X			list = TRUE;
-X			++exclusive;
-X			break;
-X		default:
-X			usage();
-X		}
-X	}
-X
-X	if (exclusive > 1 || optind < argc) {
-X		usage();
-X	}
-X
-X	if (!isroot() && NULL != thisgroup) {
-X		fprintf(stderr, "Only root can add members to different groups\n");
-X		exit(EXIT_NOT_ROOT);
-X	} else if (isroot() && NULL != thisgroup) {
-X		name = thisgroup;
-X	} else if (!isgroup()) {
-X		fprintf(stderr, "Group access is required\n");
-X		exit(EXIT_NOT_EROOT);
-X	} else if (NULL == (name = whoami())) {
-X		fprintf(stderr, "Not primary owner of current group\n");
-X		exit(EXIT_NOT_PRIMARY);
-X	}
-X
-X	if (!gr_lock()) {
-X		fprintf(stderr, "Unable to lock group file\n");
-X		exit(EXIT_GROUP_FILE);
-X	}
-X
-X	if (!gr_open(O_RDWR)) {
-X		fprintf(stderr, "Unable to open group file\n");
-X		exit(EXIT_GROUP_FILE);
-X	}
-X
-X	grp = (struct group *)gr_locate(name);
-X
-X	if (NULL != adduser) {
-X		addtogroup(adduser, grp->gr_mem);
-X		gr_update(grp);
-X	} else if (NULL != deluser) {
-X		rmfromgroup(deluser, grp->gr_mem);
-X		gr_update(grp);
-X	} else if (purge) {
-X		nomembers(grp->gr_mem);
-X		gr_update(grp);
-X	} else if (list) {
-X		members(grp->gr_mem);
-X	}
-X
-X	if (!gr_close()) {
-X		fprintf(stderr, "Cannot close group file\n");
-X		exit(EXIT_GROUP_FILE);
-X	}
-X
-X	gr_unlock();
-X
-X	exit(EXIT_SUCCESS);
-}
-X
-/* EOF */
-SHAR_EOF
-  (set 20 00 05 25 14 36 38 'groupmems.c'; eval "$shar_touch") &&
-  chmod 0644 'groupmems.c' ||
-  $echo 'restore of' 'groupmems.c' 'failed'
-  if ( md5sum --help 2>&1 | grep 'sage: md5sum \[' ) >/dev/null 2>&1 \
-  && ( md5sum --version 2>&1 | grep -v 'textutils 1.12' ) >/dev/null; then
-    md5sum -c << SHAR_EOF >/dev/null 2>&1 \
-    || $echo 'groupmems.c:' 'MD5 check failed'
-f0dd68f8d762d89d24d3ce1f4141f981  groupmems.c
-SHAR_EOF
-  else
-    shar_count="`LC_ALL= LC_CTYPE= LANG= wc -c < 'groupmems.c'`"
-    test 6348 -eq "$shar_count" ||
-    $echo 'groupmems.c:' 'original size' '6348,' 'current size' "$shar_count!"
-  fi
-fi
-# ============= groupmems.8 ==============
-if test -f 'groupmems.8' && test "$first_param" != -c; then
-  $echo 'x -' SKIPPING 'groupmems.8' '(file already exists)'
-else
-  $echo 'x -' extracting 'groupmems.8' '(text)'
-  sed 's/^X//' << 'SHAR_EOF' > 'groupmems.8' &&
-X.\"
-X.\" SPDX-FileCopyrightText: 2000, International Business Machines, Inc.
-X.\" SPDX-FileCopyrightText: 2000, George Kraft IV, gk4@us.ibm.com
-X.\" SPDX-License-Identifier: BSD-3-Clause
-X.\"
-X.\" $Id$
-X.\"
-X.TH GROUPMEMS 8
-X.SH NAME
-groupmems \- Administer members of a user's primary group
-X.SH SYNOPSIS
-X.B groupmems
-\fB-a\fI user_name \fR |
-\fB-d\fI user_name \fR |
-\fB-l\fR |
-\fB-D\fR |
-[\fB-g\fI group_name \fR]
-X.SH DESCRIPTION
-The \fBgroupmems\fR utility allows a user to administer their own
-group membership list without the requirement of superuser privileges.
-The \fBgroupmems\fR utility is for systems that configure its users to
-be in their own name sake primary group (i.e., guest / guest).
-X.P
-Only the superuser, as administrator, can use \fBgroupmems\fR to alter
-the memberships of other groups.
-X.IP "\fB-a \fIuser_name\fR"
-Add a new user to the group membership list.
-X.IP "\fB-d \fIuser_name\fR"
-Delete a user from the group membership list.
-X.IP "\fB-l\fR"
-List the group membership list.
-X.IP "\fB-D\fR"
-Delete all users from the group membership list.
-X.IP "\fB-g \fIgroup_name\fR"
-The superuser can specify which group membership list to modify.
-X.SH SETUP
-The \fBgroupmems\fR executable should be in mode \fB2770\fR as user \fBroot\fR
-and in group \fBgroups\fR.   The system administrator can add users to
-group groups to allow or disallow them using the  \fBgroupmems\fR utility
-to manager their own group membership list.
-X.P
-X     $ groupadd -r groups
-X.br
-X     $ chmod 2770 groupmems
-X.br
-X     $ chown root.groups groupmems
-X.br
-X     $ groupmems -g groups -a gk4
-X.SH FILES
-/etc/group
-X.br
-/etc/gshadow
-X.SH SEE ALSO
-X.BR chfn (1),
-X.BR chsh (1),
-X.BR useradd (8),
-X.BR userdel (8),
-X.BR usermod (8),
-X.BR passwd (1),
-X.BR groupadd (8),
-X.BR groupdel (8)
-X.SH AUTHOR
-George Kraft IV (gk4@us.ibm.com)
-X.\" EOF
-SHAR_EOF
-  (set 20 00 05 25 14 38 23 'groupmems.8'; eval "$shar_touch") &&
-  chmod 0600 'groupmems.8' ||
-  $echo 'restore of' 'groupmems.8' 'failed'
-  if ( md5sum --help 2>&1 | grep 'sage: md5sum \[' ) >/dev/null 2>&1 \
-  && ( md5sum --version 2>&1 | grep -v 'textutils 1.12' ) >/dev/null; then
-    md5sum -c << SHAR_EOF >/dev/null 2>&1 \
-    || $echo 'groupmems.8:' 'MD5 check failed'
-181e6cd3a3c9d3df320197fa2cde2b4a  groupmems.8
-SHAR_EOF
-  else
-    shar_count="`LC_ALL= LC_CTYPE= LANG= wc -c < 'groupmems.8'`"
-    test 3372 -eq "$shar_count" ||
-    $echo 'groupmems.8:' 'original size' '3372,' 'current size' "$shar_count!"
-  fi
-fi
-rm -fr _sh10937
-exit 0

contrib/shadow-anonftp.patch

@@ -1,147 +0,0 @@
-Hello Marek,
-
-I have created a diffile against the 980403 release that adds
-functionality to newusers for automatic handling of users with only
-anonymous ftp login (using the guestgroup feature in ftpaccess, which
-means that the users home directory looks like '/home/user/./'). It also
-adds a commandline argument to specify an initial directory structure
-for such users, with a tarball normally containing the bin,lib,etc
-directories used in the chrooted environment.
-
-I am using it to automatically create chunks of users with only ftp
-access for a webserver.
-
-I have tried to follow your coding standards and I believe it is bug
-free but.. well, who knows. :) It's not much code however.
-
-I hope you find it useful. Do what you like with it, feel free to ask if
-anything is unclear.
-
-Best rgds,
-  Calle Karlsson
-  ckn@kash.se
-
-diff -uNr shadow-980403.orig/src/newusers.c shadow-980403/src/newusers.c
---- shadow-980403.orig/src/newusers.c	Fri Jan 30 00:22:43 1998
-+++ shadow-980403/src/newusers.c	Fri Apr 17 16:55:33 1998
-@@ -76,11 +76,35 @@
- static void
- usage(void)
- {
--	fprintf(stderr, "Usage: %s [ input ]\n", Prog);
-+	fprintf (stderr, "Usage: %s [-p prototype tarfile] [ input ]\n", Prog);
-+	fprintf (stderr, "The prototype tarfile is only used for users\n");
-+	fprintf (stderr, "marked as anonymous ftp users. It must be a full pathname.\n");
- 	exit(1);
- }
- 
- /*
-+ * createuserdir - create a directory and chmod it
-+ */
-+
-+static int
-+createuserdir (char * dir, int uid, int gid, int line)
-+{
-+	if (mkdir (dir, 0777 & ~getdef_num("UMASK", 077))) {
-+		fprintf (stderr, "%s: line %d: mkdir %s failed\n",
-+			 Prog, line, dir);
-+		return -1;
-+	}
-+
-+	if (chown (dir, uid, gid)) {
-+		fprintf (stderr, "%s: line %d: chown %s failed\n",
-+			 Prog, line, dir);
-+		return -1;
-+	}
-+
-+	return 0;
-+}
-+
-+/*
-  * add_group - create a new group or add a user to an existing group
-  */
- 
-@@ -328,6 +352,8 @@
- main(int argc, char **argv)
- {
- 	char	buf[BUFSIZ];
-+	char	anonproto[BUFSIZ];
-+	int	flag;
- 	char	*fields[8];
- 	int	nfields;
- 	char	*cp;
-@@ -340,12 +366,23 @@
- 
- 	Prog = Basename(argv[0]);
- 
--	if (argc > 1 && argv[1][0] == '-')
--		usage ();
-+	* anonproto = '\0';
-+
-+	while ((flag = getopt (argc, argv, "p:h")) != EOF) {
-+		switch (flag) {
-+		case 'p':
-+			STRFCPY(anonproto, optarg);
-+			break;
-+		case 'h':
-+		default:
-+			usage ();
-+			break;
-+		}
-+	}
- 
--	if (argc == 2) {
--		if (! freopen (argv[1], "r", stdin)) {
--			snprintf(buf, sizeof buf, "%s: %s", Prog, argv[1]);
-+	if (optind < argc) {
-+		if (! freopen (argv[optind], "r", stdin)) {
-+			snprintf(buf, sizeof buf, "%s: %s", Prog, argv[optind]);
- 			perror (buf);
- 			exit (1);
- 		}
-@@ -499,15 +536,36 @@
- 		if (fields[6][0])
- 			newpw.pw_shell = fields[6];
- 
--		if (newpw.pw_dir[0] && access(newpw.pw_dir, F_OK)) {
--			if (mkdir (newpw.pw_dir,
--					0777 & ~getdef_num("UMASK", 077)))
--				fprintf (stderr, "%s: line %d: mkdir failed\n",
--					Prog, line);
--			else if (chown (newpw.pw_dir,
--					newpw.pw_uid, newpw.pw_gid))
--				fprintf (stderr, "%s: line %d: chown failed\n",
--					Prog, line);
-+		if (newpw.pw_dir[0]) {
-+		        char * userdir = strdup (newpw.pw_dir);
-+			char * anonpart;
-+			int rc;
-+
-+			if ((anonpart = strstr (userdir, "/./"))) {
-+			        * anonpart = '\0';
-+				anonpart += 2;
-+			}
-+			
-+			if (access(userdir, F_OK))
-+				rc = createuserdir (userdir, newpw.pw_uid, newpw.pw_gid, line);
-+			else
-+				rc = 0;
-+
-+			if (rc == 0 && anonpart) {
-+				if (* anonproto) {
-+					char cmdbuf [BUFSIZ];
-+					snprintf(cmdbuf, sizeof cmdbuf,
-+						 "cd %s; tar xf %s",
-+						 userdir, anonproto);
-+					system (cmdbuf);
-+				}
-+				if (strlen (anonpart) > 1) {
-+					strcat (userdir, anonpart);
-+					if (access (userdir, F_OK))
-+						createuserdir (userdir, newpw.pw_uid, newpw.pw_gid, line);
-+				}
-+			}
-+			free (userdir);
- 		}
- 
- 		/*

doc/Makefile.am

@@ -1,5 +1,4 @@
 # This is a dummy Makefile.am to get automake work flawlessly,
 # and also cooperate to make a distribution for `make dist'
 
-EXTRA_DIST = HOWTO README.limits \
-    README.platforms WISHLIST console.c.spec.txt cracklib26.diff
+EXTRA_DIST = HOWTO README.limits

doc/README.platforms

@@ -1,33 +0,0 @@
-# $Id$
-#
-# This is the current (still incomplete) list of platforms this
-# package has been verified to work on.  Additions (preferably
-# in the format as described below) are welcome.  Thanks!
-#
-# V: last version reported to work
-# H: host type
-# L: Linux libc version
-# D: Linux distribution, or other OS name and version
-# C: changes (if any)
-# R: reported by
-
-V: 980529
-H: sparc-unknown-linux-gnu
-L: glibc-2.0.7
-D: Ultrapenguin-1.0.9
-C: had to explicitly disable desrpc.
-R: Bjorn Christianson <bjorn@cascade.psychology.mcmaster.ca>
-
-V: 980724
-H: i486-pc-linux-gnulibc1
-L: libc-5.4.33
-D: Debian-1.3.1.r6
-C: none (use dpkg-buildpackage)
-R: Marek Michalkiewicz <marekm@linux.org.pl>
-
-V: current
-H: i686-pc-linux-gnu
-L: glibc-2.0.7.19981211
-D: Debian-2.1
-C: none (use dpkg-buildpackage)
-R: Marek Michalkiewicz <marekm@linux.org.pl>

doc/WISHLIST

@@ -1,38 +0,0 @@
-$Id$
-
-This is my wishlist for the shadow suite, in no particular order.  Feel
-free to do anything from this list and mail me the diffs :-).
-
-Patches in diff -u format, against the latest version (sometimes in the
-"beta" directory) are preferred and make my job easier.  Please, no
-MIME, base64, quoted-printable, or HTML.  For very big patches, or if
-your mailer can corrupt them, please use gzip and uuencode.  Thanks!
-
-New ideas to add to this list are welcome, too.  --marekm
-
-- fix all the bugs, of course
-- implement "su only" accounts (no logins, only su from other account)
-- rewrite getdef.c to be more general? (no hardcoded names)
-- patch for rlogind/telnetd to create utmp entry and fill in ut_addr
-- option to specify encrypted password in passwd (for yppasswdd, so it
-  doesn't need to know about shadow/non-shadow); should probably use a pipe
-  (less insecure than command line arguments)
-- add support for changing NIS passwords
-- add option to check passwords by piping them to external programs
-- add functionality of the contrib/rpasswd.c wrapper to passwd
-- option to generate pronounceable passwords (like on SCO), external program?
-- poppassd (remote password change for eudora etc.)
-- add support for passwd/shadow db files (glibc)
-- vipw: check password files for errors after editing
-- add "maximum time users allowed to stay logged in" limit option to logoutd
-- handle quotes in /etc/environment like the shell does (but sshd doesn't...)
-- better OPIE support (report number of logins left, etc.)
-- new option for /etc/suauth: don't load user's environment (force "su -")
-  suggested by Ulisses Alonso Camaro
-- find out why recent releases won't compile on Solaris
-- newusers should be able to copy /etc/skel to the new home directory
-  (like useradd)
-- add directories where other packages can add hooks for package-specific
-  per-user configuration, to be executed with run-parts. Some hooks should
-  be executed at package install time for existing users, likewise for
-  package removal and possibly modification.  (Debian Bug#36019)

doc/console.c.spec.txt

@@ -1,36 +0,0 @@
-$Id$
-
-Specification for console.c source file --
-
-input values --
-	tty -- character pointer to device name with leading "/dev/"
-	       removed.
-
-return values --
-	0 -- false
-	1 -- true
-
-int console (char * tty)
-	if "CONSOLE" string value is not present in login.defs
-		return true
-
-	if the first character of "CONSOLE" string value is not "/"
-		treat the string as a ":" delimited list of device
-		names and search for the value of tty in that
-		tokenized list.
-
-		if a match is found
-			return true
-
-		return false
-
-	if the file named by "CONSOLE" cannot be opened
-		return true
-
-	scan the file looking for a match between the input line
-	and the value of tty
-
-	if a match is found
-		return true
-
-	return false

doc/contributions/tests.md

@@ -1,6 +1,22 @@
 # Tests
 
-Currently, shadow only provides system tests.
+Currently, shadow provides unit and system tests.
+
+## Unit tests
+
+Unit testing is provided by the [cmocka](https://cmocka.org/) framework. It's
+recommended to read the
+[basics](https://cmocka.org/talks/cmocka_unit_testing_and_mocking.pdf) and
+[API](https://api.cmocka.org/) before writing any test case.
+
+In addition, you can check [test_logind.c](../../tests/unit/test_logind.c) to
+get a general idea on how to implement unit tests for shadow using cmocka.
+
+You can execute unit tests by running:
+
+```
+make check
+```
 
 ## System tests
 

doc/cracklib26.diff

@@ -1,340 +0,0 @@
-diff -ur orig/cracklib26_small/cracklib/fascist.c cracklib26_small/cracklib/fascist.c
---- orig/cracklib26_small/cracklib/fascist.c	Mon Dec 15 02:56:55 1997
-+++ cracklib26_small/cracklib/fascist.c	Sat Apr  4 22:14:45 1998
-@@ -12,6 +12,7 @@
- #include <ctype.h>
- #include <sys/types.h>
- #include <pwd.h>
-+#include <string.h>
- 
- #define ISSKIP(x) (isspace(x) || ispunct(x))
- 
-@@ -460,28 +461,27 @@
- }
- 
- char *
--FascistGecos(password, uid)
-+FascistGecosPw(password, pwd)
-     char *password;
--    int uid;
-+    struct passwd *pwd;
- {
-     int i;
-     int j;
-     int wc;
-     char *ptr;
--    struct passwd *pwp;
-     char gbuffer[STRINGSIZE];
-     char tbuffer[STRINGSIZE];
-     char *uwords[STRINGSIZE];
-     char longbuffer[STRINGSIZE * 2];
- 
--    if (!(pwp = getpwuid(uid)))
-+    if (!pwd)
-     {
- 	return ("you are not registered in the password file");
-     }
- 
-     /* lets get really paranoid and assume a dangerously long gecos entry */
- 
--    strncpy(tbuffer, pwp->pw_name, STRINGSIZE);
-+    strncpy(tbuffer, pwd->pw_name, STRINGSIZE);
-     tbuffer[STRINGSIZE-1] = '\0';
-     if (GTry(tbuffer, password))
-     {
-@@ -490,12 +490,13 @@
- 
-     /* it never used to be that you got passwd strings > 1024 chars, but now... */
- 
--    strncpy(tbuffer, pwp->pw_gecos, STRINGSIZE);
-+    strncpy(tbuffer, pwd->pw_gecos, STRINGSIZE);
-     tbuffer[STRINGSIZE-1] = '\0';
-     strcpy(gbuffer, Lowercase(tbuffer));
- 
-     wc = 0;
-     ptr = gbuffer;
-+    uwords[0] = (char *) 0;
- 
-     while (*ptr)
-     {
-@@ -530,6 +531,8 @@
- 	    *(ptr++) = '\0';
- 	}
-     }
-+    if (!uwords[0])
-+	return ((char *) 0);  /* empty gecos */
- #ifdef DEBUG
-     for (i = 0; uwords[i]; i++)
-     {
-@@ -586,9 +589,10 @@
- }
- 
- char *
--FascistLook(pwp, instring)
-+FascistLookPw(pwp, instring, pwd)
-     PWDICT *pwp;
-     char *instring;
-+    struct passwd *pwd;
- {
-     int i;
-     char *ptr;
-@@ -667,7 +671,7 @@
- 	return ("it looks like a National Insurance number.");
-     }
- 
--    if (ptr = FascistGecos(password, getuid()))
-+    if (ptr = FascistGecosPw(password, pwd ? pwd : getpwuid(getuid())))
-     {
- 	return (ptr);
-     }
-@@ -715,9 +719,10 @@
- }
- 
- char *
--FascistCheck(password, path)
-+FascistCheckPw(password, path, pwd)
-     char *password;
-     char *path;
-+    struct passwd *pwd;
- {
-     static char lastpath[STRINGSIZE];
-     static PWDICT *pwp;
-@@ -750,5 +755,29 @@
- 	strncpy(lastpath, path, STRINGSIZE);
-     }
- 
--    return (FascistLook(pwp, pwtrunced));
-+    return (FascistLookPw(pwp, pwtrunced, pwd));
-+}
-+
-+char *
-+FascistGecos(password, uid)
-+    char *password;
-+    int uid;
-+{
-+    return (FascistGecosPw(password, getpwuid(uid)));
-+}
-+
-+char *
-+FascistLook(pwp, instring)
-+    PWDICT *pwp;
-+    char *instring;
-+{
-+    return (FascistLookPw(pwp, instring, (char *) 0));
-+}
-+
-+char *
-+FascistCheck(password, path)
-+    char *password;
-+    char *path;
-+{
-+    return (FascistCheckPw(password, path, (char *) 0));
- }
-diff -ur orig/cracklib26_small/cracklib/packer.h cracklib26_small/cracklib/packer.h
---- orig/cracklib26_small/cracklib/packer.h	Mon Dec 15 00:09:30 1997
-+++ cracklib26_small/cracklib/packer.h	Sat Jan 10 22:13:46 1998
-@@ -34,6 +34,7 @@
-     FILE *dfp;
-     FILE *wfp;
- 
-+    int canfree;
-     int32 flags;
- #define PFOR_WRITE	0x0001
- #define PFOR_FLUSH	0x0002
-diff -ur orig/cracklib26_small/cracklib/packlib.c cracklib26_small/cracklib/packlib.c
---- orig/cracklib26_small/cracklib/packlib.c	Fri Jul  9 22:22:58 1993
-+++ cracklib26_small/cracklib/packlib.c	Sat Jan 10 22:28:49 1998
-@@ -16,7 +16,7 @@
-     char *mode;
- {
-     int32 i;
--    static PWDICT pdesc;
-+    PWDICT *pdesc;
-     char iname[STRINGSIZE];
-     char dname[STRINGSIZE];
-     char wname[STRINGSIZE];
-@@ -25,92 +25,94 @@
-     FILE *ifp;
-     FILE *wfp;
- 
--    if (pdesc.header.pih_magic == PIH_MAGIC)
--    {
--	fprintf(stderr, "%s: another dictionary already open\n", prefix);
-+    if ((pdesc = (PWDICT *) malloc(sizeof(PWDICT))) == 0)
- 	return ((PWDICT *) 0);
--    }
- 
--    memset(&pdesc, '\0', sizeof(pdesc));
-+    memset(pdesc, '\0', sizeof(*pdesc));
- 
-     sprintf(iname, "%s.pwi", prefix);
-     sprintf(dname, "%s.pwd", prefix);
-     sprintf(wname, "%s.hwm", prefix);
- 
--    if (!(pdesc.dfp = fopen(dname, mode)))
-+    if (!(pdesc->dfp = fopen(dname, mode)))
-     {
- 	perror(dname);
-+	free(pdesc);
- 	return ((PWDICT *) 0);
-     }
- 
--    if (!(pdesc.ifp = fopen(iname, mode)))
-+    if (!(pdesc->ifp = fopen(iname, mode)))
-     {
--	fclose(pdesc.dfp);
-+	fclose(pdesc->dfp);
- 	perror(iname);
-+	free(pdesc);
- 	return ((PWDICT *) 0);
-     }
- 
--    if (pdesc.wfp = fopen(wname, mode))
-+    if (pdesc->wfp = fopen(wname, mode))
-     {
--	pdesc.flags |= PFOR_USEHWMS;
-+	pdesc->flags |= PFOR_USEHWMS;
-     }
- 
--    ifp = pdesc.ifp;
--    dfp = pdesc.dfp;
--    wfp = pdesc.wfp;
-+    ifp = pdesc->ifp;
-+    dfp = pdesc->dfp;
-+    wfp = pdesc->wfp;
- 
-     if (mode[0] == 'w')
-     {
--	pdesc.flags |= PFOR_WRITE;
--	pdesc.header.pih_magic = PIH_MAGIC;
--	pdesc.header.pih_blocklen = NUMWORDS;
--	pdesc.header.pih_numwords = 0;
-+	pdesc->flags |= PFOR_WRITE;
-+	pdesc->header.pih_magic = PIH_MAGIC;
-+	pdesc->header.pih_blocklen = NUMWORDS;
-+	pdesc->header.pih_numwords = 0;
- 
--	fwrite((char *) &pdesc.header, sizeof(pdesc.header), 1, ifp);
-+	fwrite((char *) &pdesc->header, sizeof(pdesc->header), 1, ifp);
-     } else
-     {
--	pdesc.flags &= ~PFOR_WRITE;
-+	pdesc->flags &= ~PFOR_WRITE;
- 
--	if (!fread((char *) &pdesc.header, sizeof(pdesc.header), 1, ifp))
-+	if (!fread((char *) &pdesc->header, sizeof(pdesc->header), 1, ifp))
- 	{
- 	    fprintf(stderr, "%s: error reading header\n", prefix);
- 
--	    pdesc.header.pih_magic = 0;
-+	    pdesc->header.pih_magic = 0;
- 	    fclose(ifp);
- 	    fclose(dfp);
-+	    free(pdesc);
- 	    return ((PWDICT *) 0);
- 	}
- 
--	if (pdesc.header.pih_magic != PIH_MAGIC)
-+	if (pdesc->header.pih_magic != PIH_MAGIC)
- 	{
- 	    fprintf(stderr, "%s: magic mismatch\n", prefix);
- 
--	    pdesc.header.pih_magic = 0;
-+	    pdesc->header.pih_magic = 0;
- 	    fclose(ifp);
- 	    fclose(dfp);
-+	    free(pdesc);
- 	    return ((PWDICT *) 0);
- 	}
- 
--	if (pdesc.header.pih_blocklen != NUMWORDS)
-+	if (pdesc->header.pih_blocklen != NUMWORDS)
- 	{
- 	    fprintf(stderr, "%s: size mismatch\n", prefix);
- 
--	    pdesc.header.pih_magic = 0;
-+	    pdesc->header.pih_magic = 0;
- 	    fclose(ifp);
- 	    fclose(dfp);
-+	    free(pdesc);
- 	    return ((PWDICT *) 0);
- 	}
- 
--	if (pdesc.flags & PFOR_USEHWMS)
-+	if (pdesc->flags & PFOR_USEHWMS)
- 	{
--	    if (fread(pdesc.hwms, 1, sizeof(pdesc.hwms), wfp) != sizeof(pdesc.hwms))
-+	    if (fread(pdesc->hwms, 1, sizeof(pdesc->hwms), wfp) != sizeof(pdesc->hwms))
- 	    {
--		pdesc.flags &= ~PFOR_USEHWMS;
-+		pdesc->flags &= ~PFOR_USEHWMS;
- 	    }
- 	}
-     }
--
--    return (&pdesc);
-+    pdesc->canfree = 1;
-+    return (pdesc);
- }
- 
- int
-@@ -159,8 +161,13 @@
- 
-     fclose(pwp->ifp);
-     fclose(pwp->dfp);
-+    if (pwp->wfp)
-+	fclose(pwp->wfp);
- 
--    pwp->header.pih_magic = 0;
-+    if (pwp->canfree)
-+	free(pwp);
-+    else
-+	pwp->header.pih_magic = 0;
- 
-     return (0);
- }
-@@ -307,6 +314,11 @@
-     register char *this;
-     int idx;
- 
-+/*
-+ * comment in npasswd-2.0beta4 says this:
-+ * This does not work under all circumstances, so don't bother
-+ */
-+#if 0
-     if (pwp->flags & PFOR_USEHWMS)
-     {
- 	idx = string[0] & 0xff;
-@@ -317,6 +329,10 @@
-     	lwm = 0;
-     	hwm = PW_WORDS(pwp) - 1;
-     }
-+#else
-+    lwm = 0;
-+    hwm = PW_WORDS(pwp);
-+#endif
- 
- #ifdef DEBUG
-     printf("---- %lu, %lu ----\n", lwm, hwm);
-diff -ur orig/cracklib26_small/util/mkdict cracklib26_small/util/mkdict
---- orig/cracklib26_small/util/mkdict	Fri Jul  9 22:23:03 1993
-+++ cracklib26_small/util/mkdict	Sat Apr  4 22:31:45 1998
-@@ -14,9 +14,16 @@
- SORT="sort"
- ###SORT="sort -T /tmp"
- 
--cat $* |
-+### Use zcat to read compressed (as well as uncompressed) dictionaries.
-+### Compressed dictionaries can save quite a lot of disk space.
-+
-+CAT="gzip -cdf"
-+###CAT="zcat"
-+###CAT="cat"
-+
-+$CAT $* |
- 	tr '[A-Z]' '[a-z]' |
--	tr -cd '[\012a-z0-9]' |
-+	tr -cd '\012[a-z][0-9]' |
- 	$SORT |
- 	uniq |
- 	grep -v '^#' |

etc/login.defs

@@ -227,11 +227,6 @@ PASS_WARN_AGE	7
 #
 SU_WHEEL_ONLY	no
 
-#
-# If compiled with cracklib support, sets the path to the dictionaries
-#
-CRACKLIB_DICTPATH	/var/cache/cracklib/cracklib_dict
-
 #
 # Min/max values for automatic uid selection in useradd(8)
 #

etc/pam.d/Makefile.am

@@ -2,20 +2,20 @@
 # and also cooperate to make a distribution for `make dist'
 
 pamd_files = \
+	chpasswd \
 	chfn \
 	chsh \
 	groupmems \
 	login \
+	newusers \
 	passwd
 
 pamd_acct_tools_files = \
 	chage \
 	chgpasswd \
-	chpasswd \
 	groupadd \
 	groupdel \
 	groupmod \
-	newusers \
 	useradd \
 	userdel \
 	usermod

keys/4E80EF49C7987B6DE2F81F5005079C6C3A653E57.asc

@@ -0,0 +1,58 @@
+-----BEGIN PGP PUBLIC KEY BLOCK-----
+
+mQINBGG8mOoBEADeiVXeiQGVydXf6J/VpVjh9L2Q8drC8esi0zrMGO07TExJ+A/u
+h1wLDfArQWhkoKqoSpbEynYyXubuZ1VIDtV61Vjglm28uCVuWPBk1AoQLe6erENk
+d/b6IFJ0+OwFqqN0/0erqzTMaAM7rhE+3t4Uuqi2D259UVZRRXkld4AMztkYVxK2
+dPQOhddZSN+didG/pVDP3q5t9bLpOYd8DL3reIgoFsvfKbmbTFU+ymT1Pgdd+Fvr
+g1Xs7lL8l8P0u9lrm7YSaJkk0mqUooE05oc/yeXWJKun8EqQRyMQmkL/nLzlFx8r
+Kjlq1fMiOKDFYzDAGyac7XDGGIYeNPBrSxu5XVgRfywgoAZzEI4cR0ZvMpO7cG0q
++DWZ0mFvAxZ5kE3gNgTb2YM59PaS86Wu0E+4WAbu/60mcv/llRAd7JLcvQcJjK0R
+/BgPIujfkAeU06TzqVKeb9+DJ5jlzRkthROO/K9RPJMwDANRfkmHZoSQXuAOWKP2
+KC8uh7N/Xy0NKP7xnffXeI0494Xg4uCjRROw3H7ZZnAiyRYM+d0cYFRF4Q7n9hy6
+Umwb6yrFxhP4gRCN+HbE2Q5Ot4OsaU9KrczmXGbjbm88o5UDmHTGAssdmEWG/IFP
+s5tJi/TwhXVBLxQWCDfHKl3/LCb2Xd0IWQs9W/8vMaZxYl0x6nuSOE1rFwARAQAB
+tCJJa2VyIFBlZHJvc2EgPGlwZWRyb3NhQHJlZGhhdC5jb20+iQJSBBMBCAA8FiEE
+ToDvSceYe23i+B9QBQecbDplPlcFAmG8mOoCGwMFCwkIBwIDIgIBBhUKCQgLAgQW
+AgMBAh4HAheAAAoJEAUHnGw6ZT5XfGYP/2jIKN2QtK0+lNltlwPEjKODRxIhnlGa
+nx3vmFkcQg66VoxV16FhAtuXuNMfRXZLDj+ky0aYxdpI/dGBjssFWsFum9HAXwjW
+F3V71tPlneYJR+EoCwX08qUDhouODT1jl7j0ZoF2YOoZZ32K6DZ5/Zjw1/WBh7Dm
+dUig9hQMME+2A6fUD6oRRGMDaz7a5Ce+iqCkTqcbqwZ+YkebHozprm58NH8dUIrf
+Fn9kCLAqNRjGs4oQTBjBWEl4EC+ysCGR9Y4UWDhvkQbfgqxyKtht/fiCTEwYSS2t
+w9JOxTCINuI49anIjljGTrFmKvNz1XgGUiU8Y42ZIvppVviTHEPYHQ6ECbgE9vKG
+4r1Qvg3FLos0yqcuwOn/w1DtIxvC/3/tNlh/ZtCWdfM4ZRtxu4J1qqHnjsRcDbPs
+FvJf5gQNZ3vVqaH84E+N8GwTt4iXH9c5s8j77hRq7RjJwCy4t//yq3Ot38vz1IiH
+4w2DJynSVhZ75c6/UcDCdU9bcWfDfbvyRfTEqsDZ9M36M82r+L4Mzuj+Q9zCpuaR
+TafPZuB02Yt97nIk06VxxehffJjjRTplt8oMlILkyX3rlhMnnQlTysdTL3rEG/Xa
+h05rPuLLSRwo8KrCIXrVbXK9YSzqYJ6EdUmOpvbiQIv8SmWmVyIPs7ZtgefM+BWW
+WcrXeHNy9I+FiQEzBBABCgAdFiEEZtA4fbhdMg+ECBZtsXXPqY8ZKvIFAmU61cQA
+CgkQsXXPqY8ZKvI01Qf8CXnTPsmeIf546qUGnXiVbdwxR8Mk3DDQZ5aKHmCO3Ksq
+ly5T0JoyJCycR873zbeo4Hp9xRftioJvFHo95l/9aW7bMSCH6bJlGZm4+7ZXszc8
+Cq75YCkO9+e63xTFbmb+56TMoILwyBgRzpwHTdkHpvZf/mZonsvOkhqM4OU/Vq8C
+TeQluNypr/d1oPidR/b8WPMbseaGOmhN3EogUyOFasbn3JCtETYTp0FeVJvrVvnN
+ih7lQq2Kt4z6WsG+wf25sIoMqC//g579wDX74J1pfIiOKWMHEeUF0mKJOI2z8+gD
+WRk7ZSPT3zFdhU1FLRNbiTT7bWEj5qaJlELhHs1m2bkCDQRhvJjqARAApG8OF2WU
+Qp5JWei313GjoZLIBwywGRtGdjcZVRb46uDyw6+N1NMi005MroWkyTC5A3cUr+Iu
+QYAzox6sIWhaue8CLh+sSpS0eaf+tJgQkb81y8vDBTG4Fh3FmKub5DGZmgzVhzLS
+gfFCtgnNp5BujVijwNmHSI2aNqVrcr1GFuOefmphvG44uyPHdw5MovUML2AUmkiQ
+F445grST81RwpoNLHIBNsZWd0HQU81CXB3ZiVzuVoDmpcMtK6lqg3ni9Hf7O2nUo
+Jj6rW2GlczFkKepd7/J5BiIjVopAQzO/TDQAq3gXw549qxwBnvjx6iw8MhWj0VQO
+Be0uKDVa3rE07yj1UF23q7KoNYChr694nB8ZTVk8Ve1lamNDSAJJZwk1dmtb8aA8
+f9b8dPwKdR+XE9lkdfiYeM8imZslx3KJH8ZnybJ+EN15tIAGqxpHEllrXfBxvUiB
+Gs3JIQy81H5bpcHUTjhFQegMmr95Hz/y5YrrbMb4reUg8k4DULAcbU0MKCJaaHe3
+tM5kRWrH1BM8CBwDI8jZ1bpn9d6xtFG6T0FRGiY7u/F7wzBHwoLZ5nfWJnZoQPNg
+5GePRy5uBl3dk6A5ejL96HP/ry9DtdKpR44sju4X94MxvdBXgDQjgq0rnjyuhFLx
+piH2u7H4xlfaB2J4P16ucxUUqRd9bVXsT80AEQEAAYkCNgQYAQgAIBYhBE6A70nH
+mHtt4vgfUAUHnGw6ZT5XBQJhvJjqAhsMAAoJEAUHnGw6ZT5XQHUP/jjL2xAqupWw
+LROWvFVwX8M5ALt3mm61/j2RhSj3CPyv7c/A0tOlAM7PmFH8KG3VZT3iBSYsPi/X
+j20S0r5/yaPzgqRQCdfE1KWDF0/NRs+FVP9syGYL5etgdOgQIsIplQuB2wudYpxJ
+xj/tXCcFpVlirobXPjKRye40buiopQsh0RAzUox1UAXBuphqA8Z+u3vyfQovreRM
+b808GqWRuqfQtieSdyOdCHQMJ87YOrr5VusGtXycG80Wxuj5m+VGyLevmXPEbcV4
+7nIqY+pOqYP852nzEilKujBkEPAc+kWUV3uwYWy4nLu3xFvSySBoBnT+ztE2ysxz
+gBNNyrTL/ihfCrK/uUdBnHWr/Wf834FQGQm2g2yHMan5XsLCJUu5P4MiOY6Fekah
+4jXSkOmMZJ0ZK444qP5J6zscZcLJ3ANdHPeW8U6Ey81UtgSdoF0RFniTFbvtT+3v
+rdCEQZUr2N87fFMp4ygMipZgtXNrI810QROLxJCFE+ZCn28T4yZzciVV7f1vRm5Q
++VUD2tFeQbJJqUsMqos4umU2pNosQyE2W5mMhjlZQi0+ZajjiEZs+plVZ1JSEvgZ
+3r+yagFOArK8ZyCzsL9u4ZFhomQNUKskSK01zbjWv4/mSdxS7U+citNKFsDuhq9P
+wc44x8aaET0FtmmJmRfxzQSEkczkR4AM
+=K+Fs
+-----END PGP PUBLIC KEY BLOCK-----

keys/66D0387DB85D320F8408166DB175CFA98F192AF2.asc

@@ -0,0 +1,185 @@
+-----BEGIN PGP PUBLIC KEY BLOCK-----
+
+mQENBE+oKZQBCACz5WylGAr+eitZjuSigzR+y30W3E+gkU0DSNlBB3WlorOtmzMX
+9F2d+z+ozJuez4NPqwfQ5y2ExKSbL8i1rwYmExZIzTDpm1Q6N3hG+vLbxwbrbsKT
+qW9rPiXriU5yRwuvVJl4NOU6T/Pau3/VD8iFN7U4mVpNFVPlB8vCvDJ+07Z0xIH9
+MXe8uaERG3v2EL7Mv8L5w05XEeuTT/CJiw6NdzwjZc1FymVoFjntetl8HaJ+5JCB
+2ylAbnw/wZJHORgsLxZhOL6/zrJRG8GvjgB+1l8izgl4n0DOqjyyoQIZJ+mfuHR0
+6wDqwvP5F9RZqCh8Md4hYujop5a0BKfAzLfdABEBAAG0IFNlcmdlIEhhbGx5biA8
+c2VyZ2VoQGtlcm5lbC5vcmc+iQFOBBMBCgA4FiEEZtA4fbhdMg+ECBZtsXXPqY8Z
+KvIFAl2r0d0CGwMFCwkIBwMFFQoJCAsFFgIDAQACHgECF4AACgkQsXXPqY8ZKvIM
+nAgAiTpLlXuzyD4C+9I/yCA9N/BqK43jnMfJOl/Ky56vgJ/WbrFJLuO3wubMlRLD
+3jurC6SK2g0TpygyoX2MjwZVT60Sq3ZcgIh71yyWHhtZ29NuUiKsKnajb9IlP+AM
+1V0g9py41YdDUmAuC/5crqyK+8u1CVrB/is7Eym598gIl9nyGvaZrzgjG1cRCjzf
+ZU8pRG+VPMr5Xla8rDKBZl+LcusV90eAUa0E/KVFS5N1dQ6HKckYXPSBN3DKHZy+
+qKa1k7Dq0CnkTjQmjaMu3j5sdOXg4QUfhCHeLDFAtadNdP04I6g5KZRvC44XdQ1A
+bxFMLyObhCsq/QxSh/nYrKsw0okCMwQQAQgAHRYhBFthJl4sTzRNQx3P6R5EEKQC
+S8bwBQJfcizvAAoJEB5EEKQCS8bwYiEP/Ax0AQmfXibQixFkH8At4dsSOtL9kyzn
+SJfDg7+q47BtjCKDrx+ecX22ilfjBNymoZo/N6JYDbOh7Z6nHC10IrguGIxM/Ynp
+R5axA+5VVuEvc1x9SDyBw9MZcC9QkF10AmISzvgJ2OPJlH7uCPrBvrsjy7WuPn/6
+l91tUGem/iThccog1IxNHLDWmCUI09hD+txTNyf4vJvkGP7Omqwy+DwFyWdWtDYm
+Mg/mRkUnU38gZ0UqPlYIUVujZjGy9MQGwtfFtfEAfp0EXruw1KLchsLa0PIaWc+R
+qkmlk5L+GMq0qAdJMUmeHZZx3jKYQFeo/PI++3fJg1kD0ncwx0sQ4SaKZoiU8oB7
+mT3jYwrz+2cJsnS07fhDu7tLq3mqNzJSux5cgJvlCM1N01lQcuFyl9PaCNha/z1Q
+piFdtA4MM4a2QcUPEcfh532/thfnM4NP3IEm0EXSGs51Xh7NNILx7YRZ3V4xfqvg
+EaPs6+2vsEP6SsZ+icwaklzKh/I1Jni3CZFtsiBO1hCRO6yIKlvQCq6wtZa7QMZa
+65fvESoLM/dRZRMNqgUp1KFhMndpenQJDAKG7w9SdKDkXx7WGrBUDVBbm8tN13Fo
+WPmbMmmNPreMQ2LEXN9HentYVxZXcW3q7KnSCuWGc0lxM9jDwE6W/Zm84dsLAdlP
+JdoeKv4fnhoZiQEzBBMBCgAdFiEEDnKQYQ0vbcTWXqkhmjFOxfRwoKwFAl9yMrYA
+CgkQmjFOxfRwoKwSfgf7B+OaMOtQksO88589TB3mP4tMg4fFSmayenLHRRpslgyH
+f2Vnwq0/8qhR4KYapQ3vICy14KhCChWsPV1U0H44eR0R7FVHoW2xt/QCtFsxoBvP
+zNcLFbc5CUN+7Ff4ybvwSRYNBwYktiXRQOHeeli/i534+kNkQo9zYsn2ej7diaLg
+8x35UV93BmmWb7aJVj1nrZ5Nj7BzBiakkWlAj9qb7xeS7lcwvgcOP8qEpPh1FRgL
+eR+2WjueArNTNS5w3X945EHWi6mtzKLiHMC8T0k/9WmmPiKe+LWudRrZazFhairt
+18dlMtm5aLU75iDufblQnaAMGfNlkwpCw8jwwox+c4kCMwQQAQgAHRYhBHEAqt+u
+bm6UDS4K1lXkWlroynyKBQJfcmGfAAoJEFXkWlroynyKg0wP/2weLgYIzUvBs7WA
+pU3a/JuSRSoQ5iyUk4TN8UD2pXR4f5G/vDIkxEMLsFjQVJSOZyrsJlS6s32Oc4Ku
+vrVFrjFSqkuLbA06fUxihXozdH7hfqSVl1nZIftCo1Y47PmRNyW59mqhi3OkeXJZ
+hkMLL/g57Hv9rlKPi8ujb3SjSltaK0TFjT4IdrQVNgit3zw8ic+roS28rHwmXmy7
+MXgVwFY0d4Tg5SX3KgjuiGK+fhbv59LBpM2uUwSQ2Q0IbyLuUkVK3LBmQmISR2lT
+0hNsV8Xr6dL/EF8+e9O8pxwI03i56hktCXrBiwbgDiYxJcaPyb7Nw2KNY2xtIebQ
+xMgdY02PLiAJVNYiZPLr1Ro4p0kIChbjdPapzoVaoBpMBWm6lKVIMH0UnnzsduPg
+pZ+YBBYSwUkFmfe6cFf+Jg4jSNIoFThEzum5Jzw1gra1Wu96KrvnESBfuEUPXQcB
+fCQ6KNVrdOY/SMPHt9MAPaovES+bXNS8/k7/y5Xtzv39l6M6o8xChEbYHINGJgWx
+hTtGi+NVQyD6Q2paDPnt3hHXQfrDq/8r5zQZ0+NO3ay+DZTyH54F13YGlYeT+PWM
+gbh1UOfZADP/kXpTMvALsMTPZrvHf3/1RrPIa9aRL8C3T6a6ixz0n+MVX4XoYWR1
+NcB7TxK1foFwnkbWxPvfpA5aCZ10tCxTZXJnZSBIYWxseW4gKGtlcm5lbC5vcmcp
+IDxzZXJnZUBoYWxseW4uY29tPokBOAQTAQIAIgUCT6gplAIbAwYLCQgHAwIGFQgC
+CQoLBBYCAwECHgECF4AACgkQsXXPqY8ZKvJh8QgAm+I4djDNeOcdauxtBDvmsmrb
+BDg2UzkVGWOyS58Je0jP8NSkopPdqobfLvLC0TCXh4+h8mYtsLQ7ltkX1uWBJIJX
+TbPMZ15SiwAmzG6ZgdWL0JEdayIBo0xfyCJ/294+rP+Jj9xo9LjDiAFckry8vC/F
+OgjgJkPAiUyQyi///cdDm/k4p96psDWuewYjvi9TD1m39KqC53Pltjrnr3c6p5FF
+ZTq04fzOjgeQV7Dbph2HzSoCfVHsAueTrzPB9ePy93JH1/Tl0SpuD/i2FlZyNYL8
+WudA6NxPAq7kOdQIT3ftrUw/O3i3UUJhQeupws3327Ma44Pjaj39L4kBrYdaF4kC
+HAQQAQIABgUCT6ixnAAKCRCJcvTf3G3AJjknD/9zVnKUb5DnZLmplTCdAAFTMu2I
++ZfDyp9otlLOid4AVco7UjwtYA9+qkBi62QC9qcNoImuiSrwZEhCb4hepcTZU5sb
+fBZ/DFIm3y3sAxroCTiCEUH5LS5xRBjphtuM9iq1++i4X96OLgXVbC3XPajxmv3x
+V3rtcKHA9Yb6KmSDL+pkD+1qg3jYZqpXykgg5C4U8ypnlPyuBAY0yUxRRqF3rHmx
+F+ro31mReqmAIAUd0PgwKFrEp1GpJdGyeJriL+8yznttihvRy7OookTFc5HKZ6qE
+GjTl4pDz28FQoL7QIDePoRTQTcfcaA2sFvW+4Pvo6PrE4mtL4nXVidznrsU4sjJw
+h8U09XJQ/7cvNmQ4Wt5XaS5BgLRkSKp7otGnp56NHbaL+zo9L7p50j2p688Imlb5
+FTqQBHY6pZfMHL3QPk3eUXcakJz3uyS4DlTVmlXhpfHloL1sY9n39iqKwpb8ItVJ
+kxb6f8eqAJk1H3CoABEMSLGQQz3DAn0lqGIGzzm9H90uhyiCcPq21zwN2pXhoHfP
+d0BBb45u+EryJ5JfUFEpeRw3QFHUFrdyY8e/INYnctUOaChFsjvd5Vv/A7OXEzkl
+p4yCD7Yo/2d6e2m3bvSKkU/t7DwysqwwkWx1eVPQN4eR/LxddZ9cIF/9C0f3epP/
+MGpK2dfHD0yxte1OfokCHAQQAQIABgUCT6iu+wAKCRBP++TpLv3qcrq6D/9+RLUF
+HyDgrnhjwBZlN47nh363cpQwuFFrIWi1SCnRrkvYtHYA7QVnPw/Wa/6FKO4gAJ4z
+KJg4RByw8+Ehk7LyhWqAaqs2fQExLHBtmS2rSj2j2ztKKNq7oEHfTHXIrFGqYoBG
+BS98uVdIrjtsfuWhpyFojQcLCmAGoZMCtJJWdROR5KZDbCk7fZrjq6W/xYxQm8I8
+ywmQyYoq9yOdqb+8aP871/a5TDxnbOAuObxCko+uG7fKm8FxvDGkAFC0TnX6cyww
+jmIcsIVYjZGfD5lpp4S6y6pWZ17s773SSJF3xiQ04HbBv38HtfZPZPofioz2DAx+
+fZS5ilZCBf1bZpIUJLBaKonnxa3S8Elxnia2wjAMSY7mDs1TSilkkwQyrELqKIQB
+fyQtKeti8qSWxjhkBaHEQwD5qZr5B1a57AbgLDFjaa4lst1fcgHbBPY/5jkqh1dE
+OkZJACt5YGaHOucqeKZbYWUBDtbdd0UMl8CX0TrzcUg5SYEVFKFQbdYh/fs0cKKA
+AxtQ53QEU8+XcX6UM8UHJJASui7o56+2IJECCKm7r8Uqi8E93GJUDsbij1Gd+Rl2
+rjBWa4P/hhUYG38tZUhng95olgu4/x1BfHihrHKd8LLnb3zgYtRl5Z2ANDcUYnye
+4gbkeIK0bPaoZ+7ioibzfjaLt//NFp36iNfKfIkCHAQQAQIABgUCT6ivNgAKCRB1
+gM7ry4iwi2KjEACa/zVC3Qm2zNgKu4lO/ELFNZHjKeoY+lsELb3TAyO7Kd32zgYZ
+a/QEfq9GTGffQgu8W1jNhvhFVq3OhFWsC4zl1znjGGINYWx2UiIGvu4Yh7LHItQu
+B/xPqL2rlyFEi751Mc7HYQXv+BIXU5y6NnjyAzuv0h0LQzcmaJKL6WkJUtxBy0Ux
+A7l3aT+2tpEaU6lkMXsBLppc9HqGXfNld5wR2CHqwIGFlu+SSgmADK4AZMQ11SnU
+RLBzAW+Rz4u94JZevTPQx3sWJNlONef6SVZ6B49YZ7IbUZMVDQZZwSQUWrjgKMv2
+QjW4jitGfqxnwU3egzRASbpIVoXsthkAGLyQAwcyq/K/sumwOJBA+nh3h+HLJ88K
+oYHqhYsnlJdRLo4lbXIvXnhgtnWT2i1tYiD7st7f15zn1Bu4edhItXK7un7In3Nq
+RHOjwCbOJOlMfOsdDxE75RffbDHIHRuNhSRa1tQzvs5HricPpw+HC86sKwhqyYa1
+zvpFyLN4dn4mqANvmEAKL+s1KH9vZcGpihJJwATRgVL9wQrTE7CcwmTpWRVFsHtQ
+LjUCVLN9UdFq1vKJfgScKpB2PdLt3PP480lcSlpTD5ngeTopDyezpF1bEzMdVXRE
+mFN/2UvSpqQJIKVcteeneWu+jGiMGb/sS8DMRhEsx9cWJgSkiTiAIcQklYkCHAQQ
+AQIABgUCT62IbgAKCRB6I+Rm1KK4HkJbD/95poXt7poScmgTrp0T1Tssnc4bbLAV
+zuQspbmR7aPodnnbp4U6a4bIwb+NwxHxb43ttJh1LpVYxV9xzNNwSih9K/ggkCjz
+H9tTelclkjYql0zEkfJBoIKy1r6csEdzDMMTuOPYNTtDTU/Ax4ERwBTF/X8GjnS5
+SQ3gnBmpxrxXwC2+9NRzEPCNw+MUPgoAJpwSqrmoNVd2I39MzKo19LAZKJ45vQY5
+hfeuPnn+RpcnRtjcwFUqakr2mzipFdFQGZTtjbYYEapRXSy8jvvp0k5cCreU+cxR
+T9nVfySHXBF4ySHqpIoqko3+QtqPLI++C5wugoYiJL/bVB058MxzxWm6KKGgjcAe
+62qQsTNXoPErp/Z6J3TGdxwuIcJjEVRKkNaFRb/rSBYw1L/qdW3qEVBB22l16lfa
+1Pdd3IhpQHVGQnKdebCu+BAW+egF8SULgLnBPZKj6rhI9z9gOgHyzXJGzPoIk9+/
+O/D23w9pUmumOP5s6LGcTFGkumG3TjJat/SjUQC7mlEDO/rOzJ31mLdmgXtvpSct
+3BRUZsPjqcw3eYTMJql2PkpHM+Mrljtm48z8394vB5Fv6MrRDppwXSBMSyxoZ1Cg
+sx7AKWPBWeVMQO5fxblBmKfyOd4ee4UdVsL9qjosfkf22/meyg1M/yUH9qbHffMN
+kAmrW5h2LYxqiYkCMwQQAQgAHRYhBFthJl4sTzRNQx3P6R5EEKQCS8bwBQJfciz2
+AAoJEB5EEKQCS8bwe6sP/0BFyE1KWVcJjR4iH3QKzrxzoQunSbLUGrb9i+TrwQD1
+VETGu8KzcZ+BSod/mYaYq39r5NHczrPgmlkHgZ/qTu9ufvBdSPiTbpTU8enoiZvG
+2PZyjF626MWzeljzn5wKjxZo/4+sRd9dzZTl6xG4N5crctcriWllO3zDmrsnNQBT
+E4AXmCnOCgbuFhA8NCun/NyXsYrTu5nKXictwR8VhyH/HdML7VRqe3SsLIfbyB6/
+M+8H7/CYzBCokZEgFmFwC0gxt4rbP5KkBxZUPJLISpGcYO7tXMuXq/vRrsHFlUnB
+d5MW8mKF12cnky9YFIeW0bXxMPcy8tdPnDI+LSGgt55RzDDvWheoQsCkPf4nqp3Z
+uLL5XahXvREsDZUya03fXyOoiHqskqdu9KjoKiJMW0ZKYtSZ/UvMb5J6fbw9xR6Y
+G+fLINZuee6sP+2Hk4n8rZLg2mdxKh/nclXE0yFy2O+jLAiz3mMvzVxHKUCegAn5
+N/l3ecutmWrOdjMN8Dn21iwgWxCGeuXUkswKyOmWnV3hVNjlKHq2x9q6abrk6Wx2
+duJorBbtAKjeLaSmXr85BS4ljzV0I8g4P/qmC+6uFNI166vzeLlbaGcNeNJaDtuC
+Z9ut9YD8bH3IEviczW3nz7IREbZV0t2771alqUomZbFS46kyMEs6MQ6IRQybD36M
+iQEzBBMBCgAdFiEEDnKQYQ0vbcTWXqkhmjFOxfRwoKwFAl9yMrYACgkQmjFOxfRw
+oKzxmAgAsZkOt2eAk3b0z/seDMEqs8MVaT9Tt1nWkN2Jj2j7ns9dFLKOhbiBshke
+86rApWVxMZWT9io8qJZj6V9uNMc9g6ujaEISzzYuI+mlwm2Myfg+62b3aE8C+m87
+jLcUk57BB7Fsv0VZZJGz/dxpCUyGbvNqIHXx4irwhnN6GMBnbHrUQQb3erGeaq0/
+EM9umQ3oyi734EYmRKXkCBMon5YsEt3pJyZZLe4S2zxPUQZ0Qh87DJib4giGFOgw
+sKY36VI+clHh3aZ5XAoGR8FF95cP/vb3x7cClMydLogO0LS8gy7bBQpxJwahH201
+M2NnJJtA4g+gzgbjh+PqLy3zW/cK6okCMwQQAQgAHRYhBHEAqt+ubm6UDS4K1lXk
+WlroynyKBQJfcmGjAAoJEFXkWlroynyKIfwP/0MCTmvNrsVMxf9N6RP1bpeN8/ZJ
+I3l4CKVGM2U1cDapALYqgXwptaCbJWw+xw96fxlHN3QlDbd9sp9R0IWma4qZ61B8
+XXNr2UgbvIoQ+KKhbrtSQqyU4kYTSpOXMofvrkA54G+sWbGqRivjRUJU1kC0UamU
+LRy5DkPULumYh04eDfJkFxEJQWztV0zoJc75Ed9ESGrd6kMzj4FQeUjK4yr+sN/P
+eLDU9yCgVYMQCgO1BM353SK/Iw+1YbugjmxP33l+6PpLvSSwfDMVWT6L4M3TUK0Q
+aWPJThrXxQMLs85tVbTKxjBnlPhlXYJgFRAl6pAToMaCsawg/zcDPeSdW/1koxtL
+3IlL1YXWxt67waD+qxKMCJdUmqF33fa962LAYNGsjCOngBYVK6jNUCSzRvAIoDBz
+XJBqdsAsWRaLfp/lffEycYbcX8NRkTRxWTVJgh5qwzyLQyoJdJa+879WZ9SzDdhi
+vw+K57M7Di90ycjsP+6iSTKTXwcC9KSZ+Z50IqTT42ZMc5wHepK2ce90PjAnLM0P
+j57LzMCjNylC74rjmuf5ooZ1F9Qz6YR7mnM8wBiiKjSAOkLviZ71+ZUBSompLQ27
++r/2RMn4BMRFxkAePeA3mA/K19jXQpHSo9GAasHZifQcPW701dEStN+QdDY+KeTe
+AF6v87OszaOUiefauQENBE+oKZQBCADc9sYSnWAj3y6QE9sGNDUFaKpAFUsprpQ8
+LeA05nh3RUxYDd75qc0ewtGR1+SlgpehKQfSXVQT254jM5lJanNDPYffk9k9lMwg
+SVoTP2QaszfDgir7WKKQuj3dBwnmYHdIY2mq+eaAh/1cCU//ggdaATo4ENQhKTAI
+iuviGKBpYX/zHAlPIvyFjERsBmq0woQKvDGsoQEObx1zu1GaTWeTSIEnHyRhajMQ
+rKUAxSCh9Th2Vj6xOhvx9TK6li+ecxYuuBVP0Xllg1GdoQBC8KWITDOrU18suj1v
+EGK4YOzQQPxANs6I81SvVddd2bh71cyAjhHr1kugw3PWQvLe4yHHABEBAAGJAR8E
+GAECAAkFAk+oKZQCGwwACgkQsXXPqY8ZKvJrVAgAi7CVXJt8mZiN+yzwiZVlzrkR
+QduB2cgvGZD6Hm3MJc1aVA3Gh0tJcLo+SdutCOzKSmPRSsnWT19EKxpDMrc9j97P
+i9SDrGyUOx7Bz8gKjTI6BcfPNAhAyIr5Gr9SDyTx6tUduSmmErrvjYWP1/Jz7spI
+nN2wQd5ZVRSvS/rNZGh1NU31oeWlbpkU0JpGbZkMXv4JIy+1caH5zzrcRMC9JFxf
+m/bYdaq+jHhMufnSy0Qa3QgJkKvzxzvlIG9BaUmuNeR+XoA9ISEMQzAYXqxJQSL2
+8Er9IVaNgtz5mqCMf8vuDTPGpkYyqGnOjtQNF695wiA7CAr3/WTeiEl6kKsBFrkB
+DQRdq+CmAQgA6Tx0yBi7hDuFTjrUQL8y3EiLBIPyLuWLNQHxLPEU+fJaCS8bYWKT
+mVSIMmYSy0t0Kbd2lqmIm53NxOCX0BujjGCir5VspEI+TTTXskTZs1JsXdObGFoc
+AeIG+FT9T6RHP6UOdQTVKaHMZ3XKfWQK+Yb0yZaOJA+Qb28vHd3joMGeoc7rCfUA
+V4qIq7IKzWKC+1ParP7b6LNj23J36zY73n7UINCyWpDwhA0/TRwVMmWOyTd2ZldB
+vpKTHFM0b4T/a8x1RmFRtvtQgVQ6YV6Rm8Zkwh/2w0wkYJUg36/IwyETUwDXuIkb
+G0AVWp4w3jAD34wDjPm52R6B1vGdbEu2DQARAQABiQJsBBgBCgAgFiEEZtA4fbhd
+Mg+ECBZtsXXPqY8ZKvIFAl2r4KYCGwIBQAkQsXXPqY8ZKvLAdCAEGQEKAB0WIQSp
+vT/xcHK223gPz5Q1cNoXJwrOJAUCXavgpgAKCRA1cNoXJwrOJPZ8B/4+BLTyb1SK
+Sz0tYCn0GlqJWfRJfH9diFMmZGvvxSsIeiBmy0ARPaFoupbAwijI6mJ7lW63GLZZ
+dC3OwnUEdX0sH80/ecVP8/1qxlfMW0EFFCwPDFbmKLbSGQcobXQzb5AaILSyx+LX
+ONAUpto6nG+i7k+L7MFC5PVFDrk1CsVhAjjN3ItueeJfYRmkOKksUl4azzzUdC3t
+GPBJS0CNdb0z+lBAOn8lYSOnoPdHjKzT9jhwluUJyLmszxSf9pW9dgYGoSmx12Ef
+3EamTQlNa0YB/DVrSi9G/f0PW7Aby5dNCJQNMYaWWVeHOkuRwkG1PxV6iCIAZkL3
+2ls1bkFTxxsXI4cH/1D8cGYiqaPkxi9BkJD/9x/0B/2Bz6jZgDj8qDalJ/0YpmLN
+3cnw07Tk7phKxeoiwGvaUgaPDiSWQTsbJF38pUxA7GsVj28Vx1LFC6SWcVR6Ifvd
+EU/eex3PD4xGvgdylub0XR8KcHppTWCp/vh7/pCK/p3amrsPPLPHtkKbwFEtPYdl
+sV5hDoax04hiBbNZeq6uT/ryuUTUPsWj0or2Wass7Cuvt7PWk4scDyk8OFmHEjkP
+dmEOwtS7HdxoJR8V0/9WlomKMY1zUdi3yaThTVBvpmVp9NhvvkX13rW/z8z8cBNn
+kqlP2CvRoaR/Cm3MLCUEnzKlxEj0C5RQMJMBcga5AQ0EXavhYgEIAMd+iVOTx6FC
+3Ghv2PASeXsnxtb9Af+aBjNf0m8WKTLgIS9xQbxgNJctG6AEptkBfAStRLIA5qOa
+0iYIpkJynEPbonJ12qvtlJ6b6g1h3AThYXQBjTQ89X+rlFzVGQsieqanjI+fiSNb
+DarOLQUbeJOrkfFukr34o5xloKENL/kwu1lDG/Y2GMxZRLe1aVJUXQg4FiEiaE+L
+NFbrUHxdNR2PE4XuJHetneHEiT/zXpvEF4MCisjJTGAHEC43rl7OqHU/GDdcW0ud
+yf9v33LCFWTRLlgKKHVyUrHVhVzbB2z1+xnxxh/bQXjgttIP3Zqn8LXiLnUNU5+e
+jJiuAwdwcn8AEQEAAYkBNgQYAQoAIBYhBGbQOH24XTIPhAgWbbF1z6mPGSryBQJd
+q+FiAhsMAAoJELF1z6mPGSry9/UH/0vOoYu6b57UxsJNR5dCMhsPYV7FFIX9uj5X
+IDo/bQt2RTMa2PuKMbcDGINsDqHXqOFpZq5WDHhq0cEoIqhlkgj1uC77LLGw7mWy
+iaMbITQDlRzP9c9Qj3NkGNKW6FTwR7LPh43kgXygO1StVADIdHapiw9hI52rF8Fr
+NYy4oNRXhUcDPfn03akuIbF75saCHaYO/xoQeEqE+0qV82V/FT5tISMygkzgq+9z
+UhiA4XQjxiVhSK2cAi0iUTXZecyEueLk6zZ9vkD8JZagSirTFgxtLrnhVpUBJMOg
+ffv5jmO/Sun4s+3JbAdicmsFqw90hWmGNwa0F5HZ20rEVAwkdt25AQ0EXavhqwEI
+AMKECc/f8f0/CenKkz3wXGEtlG46YLjtTt2tWYXdt9Z04ihVaYePanFtvuujyO3I
+3jUQNv2foU1CtOuVyfZqX+TXqs0BUPXWwTCkMOyc/fEQ5u0BFJjWYtmr2sZY4Ag1
+juJsmzI7g3cnMLL9LbjpbHRruFIT5rnv9NwG7PURn1XnCt9tdZ/d0h7vEaNkD37j
+67rjy8UElVVcwVGhsCR8CkqwZ6ZwpQxE9wyq/Txb+v8qEJcohc5SWbYl70AtzHOb
+okkW6cvRjNz+BcEpnPfu10lbPO/8a16B96VDdjDGPj2shfNsFLaT8MtFfDAdjZRG
+lrfv3Wp4qFRlSUGrjInvOLMAEQEAAYkBNgQYAQoAIBYhBGbQOH24XTIPhAgWbbF1
+z6mPGSryBQJdq+GrAhsgAAoJELF1z6mPGSryW4wH/3Xk9x+WUxeJNtm+5hOfe/KB
+sXQUbBz+JHGFjd9YQw98jUvPNN1RfgtKf31b+FDKbk/cu+9bNLSfhKDz2AEREVio
+gKRcVjJDy9XmmWQd1oo+M4GHNYhpIt5ZK1d3CROIiqisLQsih64/gl9gboMcsUuH
+Rkc3hVKUb2umCZPG37hUdAvOmOMS7/0KCGS5pXnfsX+zegSKjps12siExYXiRpkx
+bF9MW7er6/6ukvHLx4jHpgiZ5Sjt/9OqUiAOgUSQfhpAUJlaLxe9E3nj+ABs7LV+
+FOjtI64skqgqbYo5VXobFSJhqFTog1+KmMznfsdKaOZQuZh3v3TtGUzkxoMUHPc=
+=xU87
+-----END PGP PUBLIC KEY BLOCK-----

keys/A9348594CE31283A826FBDD8D57633D441E25BB5.asc

@@ -0,0 +1,147 @@
+-----BEGIN PGP PUBLIC KEY BLOCK-----
+
+mQINBGI/tA8BEACYC5fPDOMDrT8SxNlsB9fRj9YAZt7okGtbCIlVuSPs81YMkeJm
+BxtPPnps5Vw2whZS13zaoyPykMg6k+komDWctWQKIF0VgpVYtIuezq4q8kMNmKLc
+MnHiZRKRh8dOqlK6jHcUlF8rBgQhk+RUBUPOqFEYeTveoZ9qqVmWhOVce5uUX01k
+iU2SjoGAGkNDBqmOkhhVUSQg/AVcc4web6Gu184VUbOXx7J5MPpRmXE610fAUeeJ
+1VzyB8U/hgPLrbZX3jQMJbcCSM+Qdxdr/gsptfx1XIm4NsvKXTUOpWg1DQFiQYTJ
+FN6Kz0NKN6MV/3AqbKGtWDqKhFt3u3a7T+uUP/qzi9jma+DruQuzQztI6xnthZCb
+RjFkQ/iUUtuGgmpOB14HrgwNaRjKWddzab+A7BL971Q3fFqDsvrntD+koYVUgTfq
+ErcQo9ZdGRAUL5icyyDg4cC6xgjdmYfnX1s4Rlo3cXJXTZpIOx5AvZV6HYNNm9pu
+EoPm5gjNtk4F+FENNjkB3c2ntFr2prpoxaN9ceNd8a1tkWAgh6ueFVA/tkd1hy+2
+bP7e5+Nk9NjsWLvnL2slep1cX38DU9hx91t21+x/8hCxN4gqtvDJY/eqUZ2d0uAR
+KhPEDZ8GzchxVtX9bGx1HSAVcdnkSzKIGFOJi3ivYqUEihXd5WQE57UovQARAQAB
+tCJBbGVqYW5kcm8gQ29sb21hciA8YWx4QGtlcm5lbC5vcmc+iQJOBBMBCgA4FiEE
+qTSFlM4xKDqCb73Y1XYz1EHiW7UFAmNDAAYCGwEFCwkIBwIGFQoJCAsCBBYCAwEC
+HgECF4AACgkQ1XYz1EHiW7Vm4g/+NDfrYWHAHSMBkQnTZdhrOFCR1tJsWTLABwe1
+fMLBW7djLZMZweDMU76UBrucAEsarKkIHyhqpBES5EXwmlvKSnEhzPjXZ+PoHmM0
+M8Lq7QFZ5IEbrhuJbvpfTCa0gleHKIVYCCeaf2AUpgwX1XMkG2mmRdvUDQ2M8NMH
+ljM/OZ+6tBGpw7zvx1kYsSfBerlHxmLXlRxHrr9nWi7zXa+HrHZQAhopuufIb1we
+8lI/gdfywq7s/e5Xelk4dnr/pEFx56G1vh0bc+zU36+C9gX5IXOJv2WrTmOfG3Am
+gaJgWZapJQlPFEByk+2oJf5UOgPRhdX7qLR8mVnQ4EHM1sr9B6UGwcySZpVwag9n
+51WhjgdqYoSPt9dpPSNfNavLJDR+paM0aEHi3/t3mGJSyOPM4E6ejrYk7791fOJF
+0J3VhKr9KR1rMxQpE1kMs7qO1uUJvnF+opzrueMELffwTfDDyvY1bV/ZNou/MPi4
+EbUJyZDvsq2shaKj/NB4nzYJIoGbUzUrz008buTagf+WZ+uTDIdOJbaVPcUUjtzr
+21KifSWxcokNhqSIrsCLzCJkbiKEK7nUoOvl9q3Wl9L5CWAOflr5499iyGqxlJ+E
+7xzerWy1ZqgQHJ3Zp0wVMgHTKvPsmDvwaXBvEZkrUQ4PnInWTNJ2yiNxJU/we7Xx
+kxo4Qk2JATMEEAEKAB0WIQRm0Dh9uF0yD4QIFm2xdc+pjxkq8gUCZTrVZwAKCRCx
+dc+pjxkq8s7uB/4yKEi2S+So2YHaIstBo0+9Uxcuqy1NUHuDRFTiNhocph+exjbn
+t09TK1NM9Sc3ErwnUoItLp2rW7D81TMXNnUsIfdusKkVkxC5xs4oLTpoIb+uBzDR
+O4KYebALpcPz2Y5I/jI9kiXYxd/pXUeyBQDN3zKwpM6Y8eax0h+EUh904ZGO4BRB
+tl0V1rnQ3AybSIi2dUVn2e8MGEW7hddMc1B85Bf7jCYuesR1FXMcHMs2v/S4kRH1
+179xFi6wxrNwBYY+YRwbX0OjSENls6I9vGC6+UoPaCHDS3MOcNuD77otYLK1Up46
+6G/KfcDLQsWsgPEdION3cE0+JCa3Kz9jn05DtDFBbGVqYW5kcm8gQ29sb21hciBB
+bmRyZXMgPGFseC5tYW5wYWdlc0BnbWFpbC5jb20+iQJOBBMBCgA4FiEEqTSFlM4x
+KDqCb73Y1XYz1EHiW7UFAmI/tA8CGwEFCwkIBwIGFQoJCAsCBBYCAwECHgECF4AA
+CgkQ1XYz1EHiW7U3bA//e10l6Nw6m3mgFoY63ik8DvbD4fZ+/bUuQmTJ3uOI7wuz
+gjRnhWKvzBspNGgz3Hzdu3TuGEiVzXfNrdiubwvOVufrW50RDfjkzcvG+lOF8aXk
+IRz+46+cXkLdGk5FB9xKPtJs1KuH0ocTDHIeBbg7zHKIZDkLOizCsrzaNI1wDN5x
+OpyXkYqQYxuXfCipcfXapkuWXnvRQGGsopEhae+2khiL1hXo00t2A2jfwD6LTdUo
+XhFh7RkWNc72z2xiiSjMv5PDtG9EyYBhntEcxZj2kEgnP2ZaRto5OQa557KQg06t
+SP9s3KYHcHEd/9yLsNlQJTlOPMO0LH2XnL2MPvM5a7CZQfzTVOrNWM3k4t+46ON2
+qoMsOBO4nr9fH9eFtmULiEGN+oVJn+M+PYQJYlnKKu0mS+rbHZnkD42FiW9ZcXbP
+LPohB9T1LBjm1lJI8tYiHyfoFwnvBLimSjxmO0VsGKEgZYglVV34Jg9l0I2vYt6Y
+0Yieku7GI2Z7oDcBWlW3qbRxPDS+CWN3kSaWXRos1ufM038Yb1PwI4wzIaqrIVvG
+UmwCESNOXhsc8JPNqhqvnFFcbAXlPO4vQ26jThedHGMpbWFVSfajwMTvubAbVuq6
+vssZCwK405aSESbK10ohSRagKexZAqVMeusb1fC4AFTCng9qPgHvJgk5mCX4gmmJ
+AjMEEwEIAB0WIQTlIllbUu2k5r/My16FYZkROjXOXgUCYpTOnQAKCRCFYZkROjXO
+XhBrD/wPSTPIlpcHO0MLKeF/hjOYyf48YRvbwZ9Ys1wbjfFX9bL/s3S/zli80dma
+EGXJALcml1WA+LmpTDri3otG70Em5vTdoocnqwgnlXjiKbB4UzDLtwln7wHinQK0
+UaE5R33p8qNZRR9Ydg3C8EFEriZ0/AZkFUE+/Le8+yeGU/Dg//GOt84OzB/GKh+p
+SLwA+bJL9xv7ipGI6kOEzKTYceyqj8+KA0VE+rnLeqIdBsH+fp8iCZ2g0Aobv1IW
+wPvMcYfNYAoza99hfi5NFTmST/gZcE6Jb+U3/KBsCUEWfV6zhGlMcTHEgoCUBoMS
+KWY6nHC/NPSMi2Q3I4l89CCsVcJqABxlY8wrK9axdvv7zPYIpn4JRvGr3HQa5Y5d
+2HhQyHtRhElVXe/3DGiErLkzKJORxbn0miyC/F6WOUMnLQEWqUHqd0VspqavQ3PS
+OjIKShtlXiLX51q8BED+wOhpuafhFcq8NAAUXLBQDHdViVvH6+sazRNUl+vbujod
+eMv7tLtnhpXiwCryb+MPW1alwVcLbnU3xhXazvPRUpG5MtPmir6B++4WtC3El8J/
+szPeGY6MZUyxgEzxAGGIOycS9fB4Gw8cxWpmWwwOF31icb6w5ZIrTD/4Q7DaZ/fy
+qjgS4duDfHur8ajN0FpkHc0LpkUfLl3rOpGxXh9EkAqtNk6kfIkBMwQQAQoAHRYh
+BGbQOH24XTIPhAgWbbF1z6mPGSryBQJlOtVoAAoJELF1z6mPGSryH7IH/A7PoxLI
+Dc1rgbLaGbn1Qrt5AU5IFUVHZh5fW06rDHzEYJjk57f+FNJgz8VfGQ61zk14k1+b
+eboVTUSW2xZuSBQSRsSVOcj05vJHUpdMK0w1l5W5tbOR9nfn1c5qnQ6lhmFNrlJ6
+BEN5IU0swN3s3p7bRl0v0Axx0dZFF41ERDcQ1waqc0Sbp+s4dgdyXhvmu19Vtw6i
+WoMjPhMWCnP0DDjGOKA6ogWRlQcO2DuWGpGqmic5eH4VUheXS7orIATslU9VCvbz
+GmHrHmqTUj2pAkbvbYDycwK0/O317QHXecv5ErtKOdjtzrULlsFzDEt/b3y6bz5/
+YTka4L8CBNzGkye5Ag0EYj+7OQEQAJLWRpWSI3JRdHZEMSKSdnENBThIM8xtIWcy
+Hx8y1k+x77mNFx1gCOuMmWw0nR5Ck0im1Z606AmsgQ7tKCEmt4GYfnHeWviIH+Db
+CJBjUWrJBp5mWFDPkT9T8yj5VanTyHF3nWb03q5kRyMju9396eZMPrw68hsrm67d
+p9iBWye0qKTXndpFyLOXcpPPZryfprjwgw+cGB23V36RB/is50TjBzlR88Hx2EPv
+n4p7sNnI3SWwMmc+kEqKQEHoOOlBAJP2kxriN3BBSMw6unKakvH76Wxxi+Touue7
+dotUy81AqP+BStNu2S5E16XAfIW5ihVoX1rng8d2kTb25aCZ+5Kve0YZxN7YHsIv
+rMibCgqzpR3Naw/PyTS/ZXK9srkk5sGPNEA1TVN1NmXqi3cceOzt9c0eVQqRrtPU
+aOe2yY+WGjLpMJmC4j8ExMZE6qq8n+0LC6uO04HftGJ1Mqu/VxL9Ou6MPhQsWyKE
+jZUFgVti2zYtyXjTwjNKVnYBbokBNihR9LOKrpSsRGxLcKVVzh/X5lDdt1ZCNU52
+q30ZRl4EnTiEkW12tDvU2vOQRfzbaAV0VOArQ3XJk+9+Nz40T2wBdYsVPijoQw7m
+gwVFeYg+gV6sh8i+q3ImL6h0MJoNs7XRZk3sGqVdddlb9sKar28q87M07TMPHPdm
+Oyn4Hn2PABEBAAGJAjwEGAEKACYWIQSpNIWUzjEoOoJvvdjVdjPUQeJbtQUCYj+7
+OQIbDAUJAeEzgAAKCRDVdjPUQeJbtZgLD/0f+BOvEbe6FCP99Hk7okW/Qv2cehGm
+VSCQcBtnMCgfRpFOLxkdj1NX9ub8pvdn8sEj/Tmr1sg3larTfAK+FOAmw/y/X9iY
+GTE16xxYMVPeLssCjsYSxC/MpYGlPPZemn9QcpwZ92FP5i0MjBwDE7NLmon4wHnX
+jSatPF1j921XcUcsI/66gH+digPWPwufZgn8eL5mLtq9o28AglVjrC+bIFsk4chi
+rjb9QO/pNCWCZbCfGq6PbEtH47HL6MsWow19rtDKv3U24xVoiUG3U9pljIIjh8aR
+gxrLfTR+fiW2GRlf033iRQyAFvz8N4JLSreNCD9resub48lAhxBJ9hOqX569V5mO
+hDmnuYT2CUDVGycPfEXaTz2N5eBWOPTN9dr+naYQI9pAZjL+5m8i6yGaE7B8OUPv
+ooPN1YvyNbuLU72aJhZ9qaNzDt/kC9BU6s8D44k8lJkjuKzIuRGYiyReSE0mhEhV
+zRkG+FAU7l2ICl2OLKVnmKUgdqkRIa5F4F6w1hCQcCASVuKaTyOIUYXnxlesB00c
+RduDaIlT8+AAWk0BZL2W6ck0/g09Ai/LRzMBe06t8BUOEa/NiwUv31sYM3smE4Gc
+F11BWGKjOzl8CSlY5YAtgfjhMIF3HUcQeMuWrHf/w/cFXg9KX4lpPjoZov2BfVph
+YJq1nryud52VB7kCDQRiP7d1ARAAq/ZXcWpJDXSqfz3PPn0c50f/m9vQn0FozhL9
+p4wcoUGuQlNfIzE+gyDqJL9r1O8cGjSb4gaLmilgCHuYsmtwVh4UaZOntlp0k/19
+2cZpvDYwWQDFZdSV0v7wxA4VLu+sv2fNmHB2Yudn0V0a948M2v4xhcoy8HptOBvw
+q0vrVB4lnd3G3odPS5UP8ze3DvKDqGGVsqF9BjbV21KL8rLHVLdUTg60lXXvvHnO
+wEJvH4O5kbdxwl4Y8K3S8b6lUYBt8GAkd058y/qxroWMWkxJm3Izy6yqkn2WrbJl
+Yq9SSdgp/DvTbOUTrKp7pWGtH6E6OCw8IKkfNrnpfJhGmREIeAe6G/Jr6jyygR20
+F1XkU8bqi3cnd1v9sruZyFIu5AOgiJuZnSvDE+goh6mGMUA99x0zeDrRaq39028o
+wRucJcwg9pkqxgedhWIK5H0oilwTsYqqBaPvkqStcErhzWtoHtYZCHZRPMBDwwQ0
+kaj7WvLfGWszT7nObUeoNAfyVEyGuq/Gw5OTYDY/I6xqrzL01pfrcXEObmKOTpb3
+YsB8tv2MxA4VnG9ZbNH2kEB59gmBa+kvQHfXTrDCWdhNvSuL/2qRpxhIy6qql1ny
+MTwatNW2WNaUCPH8vjyZKfCB2X0Nka5lBWkjrnyzoEBO3MPI/0sZUnWxawWQO3DH
+xizy09EAEQEAAYkEbAQYAQoAIBYhBKk0hZTOMSg6gm+92NV2M9RB4lu1BQJiP7d1
+AhsCAkAJENV2M9RB4lu1wXQgBBkBCgAdFiEE6jqH8KTroDDkXfJAnowa+77/2zIF
+AmI/t3UACgkQnowa+77/2zJKtw/+PGO4y3yAeY2PXc1QpopG7nsTgG9GA0mUEtz7
+ehpz68iJtYC2kbdI8PB1lSPNGzEb0yryew+/pHOhgiyvdDI8TAXZS/wXwRY/Izbl
+XmjXyO3U26J9JK4uemzCNwHfxu468kXJz60WaP58xinDA1sVd7YGZGpodKR2Fo0r
+bbdH6/Ldql8yu+Fztz51NUZBmNUAJTGvPRSV1Mlvr3hacgCVjVvc2FWrYzyj8jC6
+/CO7fSi474iQQVsBNn214L0+fCKoagAyrfmCXV5TYg9TJ2WgW2wQjuzJ/mhvsgCQ
+SSj6po6DdXTl8tRbbjaxx502CB8qEQ/yEdQ7RMJSGB5YWfvLstq1zzAPyPIUgsRY
+DBCWmPCM3z+PbD78BTHxoJxBZO45kwHMz+68Eng7r0Z1kM7SarvT0Kd1pnpP3mu1
+lfd6wZiOlYqZfD+vZtws0BK57iGVLrbIz9AWolPoRDaF7mZpVdDLZzYsdI9vLEyH
+uPb7W+VE1USYyMMCNQQxrTOFJIo/bTZA5J7a05KQRNzBZPUmIvGgDffZAQjZpMEX
+WNKKcDYRhScARMMnL+yO3e7P2O/WUrmQa4wepweYFPl4dbQ3UGccxy3LZ2dnAIxP
+AXFNsK4GYIVokWe2JSNG6M15ev1SWgFYWVO3+nm5JV0mBScE6wsGpvFW3IKIrpDL
+Hb/N9TZpDw/+LI0iX6KnROJBhx1/0vzf0PC4n5Xn2Iry11/1rRskYLrmB/vGA6hm
+ghnKPCCppUQ4WjBNWnIYzKfzvNPAdq8aIKbC1rtPABeDyfe8NNUX4wa/GgOar2V5
+wnwJ5qUc0Iw64yLjTpXvN+HV7zgADboEdtnQW47+zEbTqV59cIcgBCSMAXgICnvq
+dc8FskDb9hqvvQtCENsOLibKHYzYumMxZ075tx7pZza+LC/sf4vtuIrs9Bn9imxo
+kdhbQsiiHpNDdjQIT6rqCOy9BxD9hSodznhB9GgnRXGX/w8NfX46hETmiYVb0oE7
+1yFYd3ZweHu6pWLDEjUMagnCkA+A+/ZIxazsoMklPusTKb1ELzoheOjKz8fCrX4r
+j07hI4tGNBfas9bub6sHpbIOb6aGtdofaknV/7lim0aqkMeYBxES6E10+2jCmLg1
+N1ADMRBBDml5zrVjZa95+B+8zK2d6r5E0UZhoh/IhpEhZ8Nljt66/35XyEACS0lB
++ZU5keI/1wTbThkgFimkVNzeXF9sx3EuWMZGgcd7uBMPg6pwTS+qGs6XtYmiKMbM
+gvDDhcqFh5r/4r7+xW6ZFhR4Dfkdp3pyDIh7h0Hf+tv0Qj1RKBpmi/lwn0qZrLWM
+/aYXo0Vuy2nAbeATAle4Iag+r2AkdEAaBDadFeZisl0Oj0djrGERRhu5Ag0EY9v+
+KgEQAMOFV6nHZR7Jwg6nAseVPpxwzjLMhKhuxfJor7fXKL15BlBqCyN2ZRlP+RKE
+cEAfdbhyTFPcycLpkOLS7LM4TgfwjQUg2eF0wnBHo/nYUKLp0SHW2Pg3F5+HVXcf
+5mAhT1W+zrVHuvJur8omotihtvPEG455MzQNttnGj0DQ8ujbCBofFeVgygmuyZNG
+bYvrU3Yvr4ZBY5O/m64eSKs2oX7pP7lQ1gVFU9zojUcsLaLkwXX099yYUMkakjLc
+uoI5JGMsV9EA+a+RCFa7a4K3umgVsN3cuuKVbPZ8VQYVQh+Iej8EXlxQeJH44MPN
+kNfw5Bf2TLB/Gzz7b4yNTWM/kzGi3FEF+31pVu2G0El0sBeJlEjGIHTmfAkzUIyp
+qZ6VYR2Li+u3Btunr//k+Dq3E9dN4/yJy4qSr2FAtx8BTG6tj//Xnan/OXfzZdSj
+HQcid6lVRTLl44ia9Ln9SqHO53z95qpD1BxHY7B50J6TVmTwa+cbPIjbRpoJbZyR
+No2nFxarbyejPboKzGrqCrObDTIar3/88mYi1pHGfG1ounBpfyQ9UUuulYhRZlXo
+OcaVYLKVALAAwmS53kwgFuOgydhLKvdmnyFUs/wFLVYy1CcmSDgWlc2NiV0fbOf3
+jyQHeE+NnINSna3bItHT2DDsD40AaYrnrQOHQlni+arnJ0gFABEBAAGJAjwEGAEK
+ACYWIQSpNIWUzjEoOoJvvdjVdjPUQeJbtQUCY9v+KgIbDAUJAeEzgAAKCRDVdjPU
+QeJbteydD/9yzfrnjkeKuBuSjpywOfrtcvOHdCyNemeN4gJtjcgFgjZL4xo90akA
+/GcBZnJLpX9OZobyznMMRIvGgJxHLCuGH7Bo4EEQySAoT52Qn7LApBVY308hHDIC
+OLK/IQY26flCy+Czpx7uAS41o3lnOPHbVUO6nHrVcO7vWQAX0QT8VQYGPCHcb9al
+TkBNdz9rD822CrBc/tph+eeFZzDuuM6gm3nMYFeDURXE3jVGg4Jeg+8zZTZoeI+n
+O7Co6BM2CFYswKTOMTLTgbMi+Hxl0XDbXp7gQ3P9fz3h3Q4ahhpWXbNUZkyyZvoA
+s1YqOM+RFzyTCowFQR2qTDTJeE4k2suoDBukCTMJIFZkthdvMMY/Ss7ZHZwvtmFi
+XVg3jNOy3tt9V9oZ0UBPw3qTeDKLh6HzgdyN1mPrEkdilIpPVnHi/iAiL1IrAjZN
+xr11YOoWFyLpDfGUeEn9wK0T6Xj6HwytL2XliBremZLFWPQNxkHNHDGoKoAkytIF
+MXg5P7Tx/Mcs/1b0WTxmghpc3kkNYIksIDV19RQ35xjnZ/6yYf2qA5dT80wY8mXG
+debPR0jwOod+kzIAq0gmopFo25PJjiYSIU28XJciPSS7tgHirvsz+NRotABBBpIR
+SmfXBunBhuwLkrImdzqjrrMpv2Ss9brlxqNYiSYJGdsoqt6MeyhzGQ==
+=2CmL
+-----END PGP PUBLIC KEY BLOCK-----

lib/Makefile.am

@@ -20,17 +20,27 @@ endif
 
 libshadow_la_CPPFLAGS += -I$(top_srcdir)
 libshadow_la_CFLAGS = $(LIBBSD_CFLAGS) $(LIBCRYPT_PAM) $(LIBSYSTEMD)
+libshadow_la_LIBADD = $(LIBADD_DLOPEN)
 
 libshadow_la_SOURCES = \
 	addgrps.c \
+	adds.c \
+	adds.h \
 	age.c \
 	agetpass.c \
+	agetpass.h \
 	alloc.c \
 	alloc.h \
+	atoi/strtoi.c \
+	atoi/strtoi.h \
+	atoi/strtou_noneg.c \
+	atoi/strtou_noneg.h \
+	attr.h \
 	audit_help.c \
 	basename.c \
 	bit.c \
 	bit.h \
+	cast.h \
 	chkname.c \
 	chkname.h \
 	chowndir.c \
@@ -46,7 +56,6 @@ libshadow_la_SOURCES = \
 	date_to_str.c \
 	defines.h \
 	encrypt.c \
-	entry.c \
 	env.c \
 	exitcodes.h \
 	faillog.h \
@@ -83,9 +92,10 @@ libshadow_la_SOURCES = \
 	lockpw.c \
 	loginprompt.c \
 	mail.c \
-	mempcpy.c \
-	mempcpy.h \
+	memzero.c \
+	memzero.h \
 	motd.c \
+	must_be.h \
 	myname.c \
 	nss.c \
 	nscd.c \
@@ -129,13 +139,21 @@ libshadow_la_SOURCES = \
 	shadowlog_internal.h \
 	shadowmem.c \
 	shell.c \
+	sizeof.h \
 	spawn.c \
 	sssd.c \
 	sssd.h \
-	stpecpy.c \
-	stpecpy.h \
-	stpeprintf.c \
-	stpeprintf.h \
+	string/sprintf.c \
+	string/sprintf.h \
+	string/stpecpy.c \
+	string/stpecpy.h \
+	string/stpeprintf.c \
+	string/stpeprintf.h \
+	string/strncpy.h \
+	string/strtcpy.c \
+	string/strtcpy.h \
+	string/zustr2stp.c \
+	string/zustr2stp.h \
 	strtoday.c \
 	sub.c \
 	subordinateio.h \

lib/adds.c

@@ -0,0 +1,15 @@
+// SPDX-FileCopyrightText: 2023, Alejandro Colomar <alx@kernel.org>
+// SPDX-License-Identifier: BSD-3-Clause
+
+
+#include <config.h>
+
+#include "adds.h"
+
+#include <stddef.h>
+
+
+extern inline long addsl2(long a, long b);
+extern inline long addslN(size_t n, long addend[n]);
+
+extern inline int cmpl(const void *p1, const void *p2);

lib/adds.h

@@ -0,0 +1,86 @@
+// SPDX-FileCopyrightText: 2023, Alejandro Colomar <alx@kernel.org>
+// SPDX-License-Identifier: BSD-3-Clause
+
+
+#ifndef SHADOW_INCLUDE_LIB_ADDS_H_
+#define SHADOW_INCLUDE_LIB_ADDS_H_
+
+
+#include <config.h>
+
+#include <errno.h>
+#include <limits.h>
+#include <stddef.h>
+#include <stdlib.h>
+
+#include "sizeof.h"
+
+
+#define addsl(a, b, ...)                                                      \
+({                                                                            \
+	long  addend_[] = {a, b, __VA_ARGS__};                                \
+                                                                              \
+	addslN(NITEMS(addend_), addend_);                                     \
+})
+
+
+inline long addsl2(long a, long b);
+inline long addslN(size_t n, long addend[n]);
+
+inline int cmpl(const void *p1, const void *p2);
+
+
+inline long
+addsl2(long a, long b)
+{
+	if (a > 0 && b > LONG_MAX - a) {
+		errno = EOVERFLOW;
+		return LONG_MAX;
+	}
+	if (a < 0 && b < LONG_MIN - a) {
+		errno = EOVERFLOW;
+		return LONG_MIN;
+	}
+	return a + b;
+}
+
+
+inline long
+addslN(size_t n, long addend[n])
+{
+	int   e;
+
+	if (n == 0) {
+		errno = EDOM;
+		return 0;
+	}
+
+	e = errno;
+	while (n > 1) {
+		qsort(addend, n, sizeof(addend[0]), cmpl);
+
+		errno = 0;
+		addend[0] = addsl2(addend[0], addend[--n]);
+		if (errno == EOVERFLOW)
+			return addend[0];
+	}
+	errno = e;
+	return addend[0];
+}
+
+
+inline int
+cmpl(const void *p1, const void *p2)
+{
+	const long  *l1 = p1;
+	const long  *l2 = p2;
+
+	if (*l1 < *l2)
+		return -1;
+	if (*l1 > *l2)
+		return +1;
+	return 0;
+}
+
+
+#endif  // include guard

lib/age.c

@@ -13,12 +13,15 @@
 #include <stdio.h>
 #include <time.h>
 #include <errno.h>
-#include "prototypes.h"
-#include "defines.h"
-#include "exitcodes.h"
 #include <pwd.h>
 #include <grp.h>
 
+#include "adds.h"
+#include "defines.h"
+#include "exitcodes.h"
+#include "prototypes.h"
+
+
 #ident "$Id$"
 
 #ifndef PASSWD_PROGRAM
@@ -139,7 +142,7 @@ int expire (const struct passwd *pw, /*@null@*/const struct spwd *sp)
 
 void agecheck (/*@null@*/const struct spwd *sp)
 {
-	long now = time(NULL) / SCALE;
+	long now = time(NULL) / DAY;
 	long remain;
 
 	if (NULL == sp) {
@@ -162,9 +165,9 @@ void agecheck (/*@null@*/const struct spwd *sp)
 		return;
 	}
 
-	remain = sp->sp_lstchg + sp->sp_max - now;
+	remain = addsl(sp->sp_lstchg, sp->sp_max, -now);
+
 	if (remain <= sp->sp_warn) {
-		remain /= DAY / SCALE;
 		if (remain > 1) {
 			(void) printf (_("Your password will expire in %ld days.\n"),
 			               remain);

lib/agetpass.c

@@ -7,31 +7,27 @@
 
 #include <config.h>
 
+#include "agetpass.h"
+
 #include <limits.h>
 #include <readpassphrase.h>
-#include <stdio.h>
 #include <stdlib.h>
 #include <string.h>
 
 #ident "$Id$"
 
 #include "alloc.h"
-#include "prototypes.h"
 
 #if WITH_LIBBSD == 0
 #include "freezero.h"
 #endif /* WITH_LIBBSD */
 
 
-#if !defined(PASS_MAX)
-#define PASS_MAX  BUFSIZ - 1
-#endif
-
-
 /*
  * SYNOPSIS
  *	[[gnu::malloc(erase_pass)]]
  *	char *agetpass(const char *prompt);
+ *	char *agetpass_stdin();
  *
  *	void erase_pass(char *pass);
  *
@@ -64,6 +60,10 @@
  *	erased by calling erase_pass(), to avoid possibly leaking the
  *	password.
  *
+ *   agetpass_stdin()
+ *	This function is the same as previous one (agetpass). Just the
+ *	password is read from stdin and terminal is not required.
+ *
  *   erase_pass()
  *	This function first clears the password, by calling
  *	explicit_bzero(3) (or an equivalent call), and then frees the
@@ -92,8 +92,8 @@
  */
 
 
-char *
-agetpass(const char *prompt)
+static char *
+agetpass_internal(const char *prompt, int flags)
 {
 	char    *pass;
 	size_t  len;
@@ -110,7 +110,7 @@ agetpass(const char *prompt)
 	if (pass == NULL)
 		return NULL;
 
-	if (readpassphrase(prompt, pass, PASS_MAX + 2, RPP_REQUIRE_TTY) == NULL)
+	if (readpassphrase(prompt, pass, PASS_MAX + 2, flags) == NULL)
 		goto fail;
 
 	len = strlen(pass);
@@ -126,6 +126,17 @@ fail:
 	return NULL;
 }
 
+char *
+agetpass(const char *prompt)
+{
+	return agetpass_internal(prompt, RPP_REQUIRE_TTY);
+}
+
+char *
+agetpass_stdin()
+{
+	return agetpass_internal(NULL, RPP_STDIN);
+}
 
 void
 erase_pass(char *pass)

lib/agetpass.h

@@ -0,0 +1,23 @@
+/*
+ * SPDX-FileCopyrightText: 2022-2023, Alejandro Colomar <alx@kernel.org>
+ * SPDX-License-Identifier: BSD-3-Clause
+ */
+
+
+#ifndef SHADOW_INCLUDE_LIB_AGETPASS_H_
+#define SHADOW_INCLUDE_LIB_AGETPASS_H_
+
+
+#include <config.h>
+
+#include "attr.h"
+#include "defines.h"
+
+
+void erase_pass(char *pass);
+ATTR_MALLOC(erase_pass)
+char *agetpass(const char *prompt);
+char *agetpass_stdin();
+
+
+#endif  // include guard

lib/alloc.h

@@ -17,6 +17,7 @@
 #include <stdint.h>
 #include <stdlib.h>
 
+#include "attr.h"
 #include "defines.h"
 
 

lib/atoi/strtoi.c

@@ -0,0 +1,15 @@
+// SPDX-FileCopyrightText: 2023, Alejandro Colomar <alx@kernel.org>
+// SPDX-License-Identifier: BSD-3-Clause
+
+
+#include <config.h>
+
+#include "atoi/strtoi.h"
+
+#include <stdint.h>
+
+
+extern inline intmax_t strtoi_(const char *s, char **restrict endp, int base,
+    intmax_t min, intmax_t max, int *restrict status);
+extern inline uintmax_t strtou_(const char *s, char **restrict endp, int base,
+    uintmax_t min, uintmax_t max, int *restrict status);

lib/atoi/strtoi.h

@@ -0,0 +1,96 @@
+// SPDX-FileCopyrightText: 2023, Alejandro Colomar <alx@kernel.org>
+// SPDX-License-Identifier: BSD-3-Clause
+
+
+#ifndef SHADOW_INCLUDE_LIB_ATOI_STRTOI_H_
+#define SHADOW_INCLUDE_LIB_ATOI_STRTOI_H_
+
+
+#include <config.h>
+
+#include <errno.h>
+#include <inttypes.h>
+#include <stddef.h>
+#include <stdint.h>
+#include <stdlib.h>
+#include <sys/param.h>
+
+#include "attr.h"
+
+
+#define strtoNmax(TYPE, ...)                                                  \
+(                                                                             \
+	_Generic((TYPE) 0,                                                    \
+		intmax_t:  strtoimax,                                         \
+		uintmax_t: strtoumax                                          \
+	)(__VA_ARGS__)                                                        \
+)
+
+
+#define strtoN(s, endp, base, min, max, status, TYPE)                         \
+({                                                                            \
+	const char  *s_ = s;                                                  \
+	char        **endp_ = endp;                                           \
+	int         base_ = base;                                             \
+	TYPE        min_ = min;                                               \
+	TYPE        max_ = max;                                               \
+	int         *status_ = status;                                        \
+                                                                              \
+	int         e_, st_;                                                  \
+	char        *end_;                                                    \
+	TYPE        n_;                                                       \
+                                                                              \
+	if (endp_ == NULL)                                                    \
+		endp_ = &end_;                                                \
+	if (status_ == NULL)                                                  \
+		status_ = &st_;                                               \
+                                                                              \
+	if (base_ != 0 && (base_ < 0 || base_ > 36)) {                        \
+		*status_ = EINVAL;                                            \
+		n_ = 0;                                                       \
+                                                                              \
+	} else {                                                              \
+		e_ = errno;                                                   \
+		errno = 0;                                                    \
+		n_ = strtoNmax(TYPE, s_, endp_, base_);                       \
+                                                                              \
+		if (*endp_ == s_)                                             \
+			*status_ = ECANCELED;                                 \
+		else if (errno == ERANGE || n_ < min_ || n_ > max_)           \
+			*status_ = ERANGE;                                    \
+		else if (**endp_ != '\0')                                     \
+			*status_ = ENOTSUP;                                   \
+		else                                                          \
+			*status_ = 0;                                         \
+                                                                              \
+		errno = e_;                                                   \
+	}                                                                     \
+	MAX(min_, MIN(max_, n_));                                             \
+})
+
+
+ATTR_STRING(1) ATTR_ACCESS(write_only, 2) ATTR_ACCESS(write_only, 6)
+inline intmax_t strtoi_(const char *s, char **restrict endp, int base,
+    intmax_t min, intmax_t max, int *restrict status);
+ATTR_STRING(1) ATTR_ACCESS(write_only, 2) ATTR_ACCESS(write_only, 6)
+inline uintmax_t strtou_(const char *s, char **restrict endp, int base,
+    uintmax_t min, uintmax_t max, int *restrict status);
+
+
+inline intmax_t
+strtoi_(const char *s, char **restrict endp, int base,
+    intmax_t min, intmax_t max, int *restrict status)
+{
+	return strtoN(s, endp, base, min, max, status, intmax_t);
+}
+
+
+inline uintmax_t
+strtou_(const char *s, char **restrict endp, int base,
+    uintmax_t min, uintmax_t max, int *restrict status)
+{
+	return strtoN(s, endp, base, min, max, status, uintmax_t);
+}
+
+
+#endif  // include guard

lib/atoi/strtou_noneg.c

@@ -0,0 +1,18 @@
+// SPDX-FileCopyrightText: 2023, Alejandro Colomar <alx@kernel.org>
+// SPDX-License-Identifier: BSD-3-Clause
+
+
+#include <config.h>
+
+#include "atoi/strtou_noneg.h"
+
+#include <stdint.h>
+
+
+extern inline uintmax_t strtou_noneg(const char *s, char **restrict endp,
+    int base, uintmax_t min, uintmax_t max, int *restrict status);
+
+extern inline unsigned long strtoul_noneg(const char *s,
+    char **restrict endp, int base);
+extern inline unsigned long long strtoull_noneg(const char *s,
+    char **restrict endp, int base);

lib/atoi/strtou_noneg.h

@@ -0,0 +1,68 @@
+// SPDX-FileCopyrightText: 2023, Alejandro Colomar <alx@kernel.org>
+// SPDX-License-Identifier: BSD-3-Clause
+
+
+#ifndef SHADOW_INCLUDE_LIB_ATOI_STRTOU_NONEG_H_
+#define SHADOW_INCLUDE_LIB_ATOI_STRTOU_NONEG_H_
+
+
+#include <config.h>
+
+#include <errno.h>
+#include <stdint.h>
+#include <stdlib.h>
+
+#include "atoi/strtoi.h"
+#include "attr.h"
+
+
+ATTR_STRING(1) ATTR_ACCESS(write_only, 2) ATTR_ACCESS(write_only, 6)
+inline uintmax_t strtou_noneg(const char *s, char **restrict endp,
+    int base, uintmax_t min, uintmax_t max, int *restrict status);
+
+ATTR_STRING(1) ATTR_ACCESS(write_only, 2)
+inline unsigned long strtoul_noneg(const char *s,
+    char **restrict endp, int base);
+ATTR_STRING(1) ATTR_ACCESS(write_only, 2)
+inline unsigned long long strtoull_noneg(const char *s,
+    char **restrict endp, int base);
+
+
+inline uintmax_t
+strtou_noneg(const char *s, char **restrict endp, int base,
+    uintmax_t min, uintmax_t max, int *restrict status)
+{
+	int  st;
+
+	if (status == NULL)
+		status = &st;
+	if (strtoi_(s, endp, base, 0, 1, status) == 0 && *status == ERANGE)
+		return min;
+
+	return strtou_(s, endp, base, min, max, status);
+}
+
+
+inline unsigned long
+strtoul_noneg(const char *s, char **restrict endp, int base)
+{
+	if (strtol(s, endp, base) < 0) {
+		errno = ERANGE;
+		return 0;
+	}
+	return strtoul(s, endp, base);
+}
+
+
+inline unsigned long long
+strtoull_noneg(const char *s, char **restrict endp, int base)
+{
+	if (strtol(s, endp, base) < 0) {
+		errno = ERANGE;
+		return 0;
+	}
+	return strtoull(s, endp, base);
+}
+
+
+#endif  // include guard

lib/attr.h

@@ -0,0 +1,33 @@
+#ifndef SHADOW_INCLUDE_LIB_ATTR_H_
+#define SHADOW_INCLUDE_LIB_ATTR_H_
+
+
+#include "config.h"
+
+
+#if defined(__GNUC__)
+# define MAYBE_UNUSED                __attribute__((unused))
+# define NORETURN                    __attribute__((__noreturn__))
+# define format_attr(type, fmt, va)  __attribute__((format(type, fmt, va)))
+# define ATTR_ACCESS(...)            __attribute__((access(__VA_ARGS__)))
+#else
+# define MAYBE_UNUSED
+# define NORETURN
+# define format_attr(type, fmt, va)
+# define ATTR_ACCESS(...)
+#endif
+
+#if (__GNUC__ >= 11) && !defined(__clang__)
+# define ATTR_MALLOC(deallocator)    [[gnu::malloc(deallocator)]]
+#else
+# define ATTR_MALLOC(deallocator)
+#endif
+
+#if (__GNUC__ >= 14)
+# define ATTR_STRING(...)       [[gnu::null_terminated_string_arg(__VA_ARGS__)]]
+#else
+# define ATTR_STRING(...)
+#endif
+
+
+#endif  // include guard

lib/audit_help.c

@@ -21,6 +21,8 @@
 #include <libaudit.h>
 #include <errno.h>
 #include <stdio.h>
+
+#include "attr.h"
 #include "prototypes.h"
 #include "shadowlog.h"
 int audit_fd;
@@ -54,7 +56,7 @@ void audit_help_open (void)
  * id  -  uid or gid that the operation is being performed on. This is used
  *	  only when user is NULL.
  */
-void audit_logger (int type, unused const char *pgname, const char *op,
+void audit_logger (int type, MAYBE_UNUSED const char *pgname, const char *op,
                    const char *name, unsigned int id,
                    shadow_audit_result result)
 {

lib/cast.h

@@ -0,0 +1,21 @@
+// SPDX-FileCopyrightText: 2022-2024, Alejandro Colomar <alx@kernel.org>
+// SPDX-License-Identifier: BSD-3-Clause
+
+
+#ifndef SHADOW_INCLUDE_LIB_CAST_H_
+#define SHADOW_INCLUDE_LIB_CAST_H_
+
+
+#include <config.h>
+
+#include "must_be.h"
+
+
+#define const_cast(T, p)                                                      \
+({                                                                            \
+	static_assert(is_same_type(typeof(&*(p)), const T), "");              \
+	(T) (p);                                                              \
+})
+
+
+#endif  // include guard

lib/chkname.c

@@ -1,11 +1,9 @@
-/*
- * SPDX-FileCopyrightText: 1990 - 1994, Julianne Frances Haugh
- * SPDX-FileCopyrightText: 1996 - 2000, Marek Michałkiewicz
- * SPDX-FileCopyrightText: 2001 - 2005, Tomasz Kłoczko
- * SPDX-FileCopyrightText: 2005 - 2008, Nicolas François
- *
- * SPDX-License-Identifier: BSD-3-Clause
- */
+// SPDX-FileCopyrightText: 1990-1994, Julianne Frances Haugh
+// SPDX-FileCopyrightText: 1996-2000, Marek Michałkiewicz
+// SPDX-FileCopyrightText: 2001-2005, Tomasz Kłoczko
+// SPDX-FileCopyrightText: 2005-2008, Nicolas François
+// SPDX-FileCopyrightText: 2023-2024, Alejandro Colomar <alx@kernel.org>
+// SPDX-License-Identifier: BSD-3-Clause
 
 /*
  * is_valid_user_name(), is_valid_group_name() - check the new user/group
@@ -20,6 +18,8 @@
 #ident "$Id$"
 
 #include <ctype.h>
+#include <errno.h>
+#include <limits.h>
 #include "defines.h"
 #include "chkname.h"
 
@@ -32,8 +32,8 @@ static bool is_valid_name (const char *name)
 	}
 
 	/*
-         * User/group names must match gnu e-regex:
-         *    [a-zA-Z0-9_.][a-zA-Z0-9_.-]{0,30}[a-zA-Z0-9_.$-]?
+         * User/group names must match BRE regex:
+         *    [a-zA-Z0-9_.][a-zA-Z0-9_.-]*$\?
          *
          * as a non-POSIX, extension, allow "$" as the last char for
          * sake of Samba 3.x "add machine script"
@@ -72,18 +72,28 @@ static bool is_valid_name (const char *name)
 	return !numeric;
 }
 
-bool is_valid_user_name (const char *name)
-{
-	/*
-	 * User names length are limited by the kernel
-	 */
-	if (strlen (name) > sysconf(_SC_LOGIN_NAME_MAX)) {
-		return false;
-	}
 
-	return is_valid_name (name);
+bool
+is_valid_user_name(const char *name)
+{
+	long    conf;
+	size_t  maxsize;
+
+	errno = 0;
+	conf = sysconf(_SC_LOGIN_NAME_MAX);
+
+	if (conf == -1 && errno != 0)
+		maxsize = LOGIN_NAME_MAX;
+	else
+		maxsize = conf;
+
+	if (strlen(name) >= maxsize)
+		return false;
+
+	return is_valid_name(name);
 }
 
+
 bool is_valid_group_name (const char *name)
 {
 	/*
@@ -97,4 +107,3 @@ bool is_valid_group_name (const char *name)
 
 	return is_valid_name (name);
 }
-

lib/cleanup_group.c

@@ -9,6 +9,7 @@
 #include <assert.h>
 #include <stdio.h>
 
+#include "attr.h"
 #include "defines.h"
 #include "groupio.h"
 #include "sgroupio.h"
@@ -178,7 +179,7 @@ void cleanup_report_del_group_gshadow (void *group_name)
  *
  * It should be registered after the group file is successfully locked.
  */
-void cleanup_unlock_group (unused void *arg)
+void cleanup_unlock_group (MAYBE_UNUSED void *arg)
 {
 	if (gr_unlock () == 0) {
 		fprintf (log_get_logfd(),
@@ -198,7 +199,7 @@ void cleanup_unlock_group (unused void *arg)
  *
  * It should be registered after the gshadow file is successfully locked.
  */
-void cleanup_unlock_gshadow (unused void *arg)
+void cleanup_unlock_gshadow (MAYBE_UNUSED void *arg)
 {
 	if (sgr_unlock () == 0) {
 		fprintf (log_get_logfd(),

lib/cleanup_user.c

@@ -9,6 +9,7 @@
 #include <assert.h>
 #include <stdio.h>
 
+#include "attr.h"
 #include "defines.h"
 #include "pwio.h"
 #include "shadowio.h"
@@ -95,7 +96,7 @@ void cleanup_report_add_user_shadow (void *user_name)
  *
  * It should be registered after the passwd database is successfully locked.
  */
-void cleanup_unlock_passwd (unused void *arg)
+void cleanup_unlock_passwd (MAYBE_UNUSED void *arg)
 {
 	if (pw_unlock () == 0) {
 		fprintf (log_get_logfd(),
@@ -114,7 +115,7 @@ void cleanup_unlock_passwd (unused void *arg)
  *
  * It should be registered after the shadow database is successfully locked.
  */
-void cleanup_unlock_shadow (unused void *arg)
+void cleanup_unlock_shadow (MAYBE_UNUSED void *arg)
 {
 	if (spw_unlock () == 0) {
 		fprintf (log_get_logfd(),

lib/commonio.c

@@ -23,6 +23,7 @@
 #include <signal.h>
 
 #include "alloc.h"
+#include "memzero.h"
 #include "nscd.h"
 #include "sssd.h"
 #ifdef WITH_TCB
@@ -31,6 +32,8 @@
 #include "prototypes.h"
 #include "commonio.h"
 #include "shadowlog_internal.h"
+#include "string/sprintf.h"
+
 
 /* local function prototypes */
 static int lrename (const char *, const char *);
@@ -108,9 +111,9 @@ static int check_link_count (const char *file, bool log)
 
 	if (sb.st_nlink != 2) {
 		if (log) {
-			(void) fprintf (shadow_logfd,
-			                "%s: %s: lock file already used (nlink: %u)\n",
-			                shadow_progname, file, sb.st_nlink);
+			fprintf(shadow_logfd,
+			        "%s: %s: lock file already used (nlink: %ju)\n",
+			        shadow_progname, file, (uintmax_t) sb.st_nlink);
 		}
 		return 0;
 	}
@@ -121,11 +124,11 @@ static int check_link_count (const char *file, bool log)
 
 static int do_lock_file (const char *file, const char *lock, bool log)
 {
-	int fd;
-	pid_t pid;
-	ssize_t len;
-	int retval;
-	char buf[32];
+	int      fd;
+	int      retval;
+	char     buf[32];
+	pid_t    pid;
+	ssize_t  len;
 
 	fd = open (file, O_CREAT | O_TRUNC | O_WRONLY, 0600);
 	if (-1 == fd) {
@@ -138,9 +141,9 @@ static int do_lock_file (const char *file, const char *lock, bool log)
 	}
 
 	pid = getpid ();
-	snprintf (buf, sizeof buf, "%lu", (unsigned long) pid);
+	SNPRINTF(buf, "%lu", (unsigned long) pid);
 	len = (ssize_t) strlen (buf) + 1;
-	if (write_full (fd, buf, (size_t) len) != len) {
+	if (write_full(fd, buf, len) == -1) {
 		if (log) {
 			(void) fprintf (shadow_logfd,
 			                "%s: %s file write error: %s\n",
@@ -192,7 +195,7 @@ static int do_lock_file (const char *file, const char *lock, bool log)
 		return 0;
 	}
 	buf[len] = '\0';
-	if (get_pid (buf, &pid) == 0) {
+	if (get_pid(buf, &pid) == -1) {
 		if (log) {
 			(void) fprintf (shadow_logfd,
 			                "%s: existing lock file %s with an invalid PID '%s'\n",
@@ -339,7 +342,7 @@ static void free_linked_list (struct commonio_db *db)
 
 int commonio_setname (struct commonio_db *db, const char *name)
 {
-	snprintf (db->filename, sizeof (db->filename), "%s", name);
+	SNPRINTF(db->filename, "%s", name);
 	db->setname = true;
 	return 1;
 }
@@ -353,33 +356,25 @@ bool commonio_present (const struct commonio_db *db)
 
 int commonio_lock_nowait (struct commonio_db *db, bool log)
 {
-	char* file = NULL;
-	char* lock = NULL;
-	size_t lock_file_len;
-	size_t file_len;
-	int err = 0;
+	int   err = 0;
+	char  *file = NULL;
+	char  *lock = NULL;
 
 	if (db->locked) {
 		return 1;
 	}
-	file_len = strlen(db->filename) + 11;/* %lu max size */
-	lock_file_len = strlen(db->filename) + 6; /* sizeof ".lock" */
-	file = MALLOC(file_len, char);
-	if (file == NULL) {
+
+	if (asprintf(&file, "%s.%ju", db->filename, (uintmax_t) getpid()) == -1)
 		goto cleanup_ENOMEM;
-	}
-	lock = MALLOC(lock_file_len, char);
-	if (lock == NULL) {
+	if (asprintf(&lock, "%s.lock", db->filename) == -1)
 		goto cleanup_ENOMEM;
-	}
-	snprintf (file, file_len, "%s.%lu",
-	          db->filename, (unsigned long) getpid ());
-	snprintf (lock, lock_file_len, "%s.lock", db->filename);
+
 	if (do_lock_file (file, lock, log) != 0) {
 		db->locked = true;
 		lock_count++;
 		err = 1;
 	}
+
 cleanup_ENOMEM:
 	free(file);
 	free(lock);
@@ -473,7 +468,7 @@ static void dec_lock_count (void)
 
 int commonio_unlock (struct commonio_db *db)
 {
-	char lock[1024];
+	char  lock[1029];
 
 	if (db->isopen) {
 		db->readonly = true;
@@ -490,7 +485,7 @@ int commonio_unlock (struct commonio_db *db)
 		 * then call ulckpwdf() (if used) on last unlock.
 		 */
 		db->locked = false;
-		snprintf (lock, sizeof lock, "%s.lock", db->filename);
+		SNPRINTF(lock, "%s.lock", db->filename);
 		unlink (lock);
 		dec_lock_count ();
 		return 1;
@@ -646,7 +641,7 @@ int commonio_open (struct commonio_db *db, int mode)
 	}
 
 	while (db->ops->fgets (buf, buflen, db->fp) == buf) {
-		while (   ((cp = strrchr (buf, '\n')) == NULL)
+		while (   (strrchr (buf, '\n') == NULL)
 		       && (feof (db->fp) == 0)) {
 			size_t len;
 
@@ -899,9 +894,9 @@ static int write_all (const struct commonio_db *db)
 
 int commonio_close (struct commonio_db *db)
 {
-	char buf[1024];
-	int errors = 0;
-	struct stat sb;
+	int          errors = 0;
+	char         buf[1024];
+	struct stat  sb;
 
 	if (!db->isopen) {
 		errno = EINVAL;
@@ -932,7 +927,11 @@ int commonio_close (struct commonio_db *db)
 		/*
 		 * Create backup file.
 		 */
-		snprintf (buf, sizeof buf, "%s-", db->filename);
+		if (SNPRINTF(buf, "%s-", db->filename) == -1) {
+			(void) fclose (db->fp);
+			db->fp = NULL;
+			goto fail;
+		}
 
 #ifdef WITH_SELINUX
 		if (set_selinux_file_context (db->filename, S_IFREG) != 0) {
@@ -947,15 +946,15 @@ int commonio_close (struct commonio_db *db)
 			errors++;
 		}
 
+		db->fp = NULL;
+
 #ifdef WITH_SELINUX
 		if (reset_selinux_file_context () != 0) {
 			errors++;
 		}
 #endif
-		if (errors != 0) {
-			db->fp = NULL;
+		if (errors != 0)
 			goto fail;
-		}
 	} else {
 		/*
 		 * Default permissions for new [g]shadow files.
@@ -965,7 +964,8 @@ int commonio_close (struct commonio_db *db)
 		sb.st_gid = db->st_gid;
 	}
 
-	snprintf (buf, sizeof buf, "%s+", db->filename);
+	if (SNPRINTF(buf, "%s+", db->filename) == -1)
+		goto fail;
 
 #ifdef WITH_SELINUX
 	if (set_selinux_file_context (db->filename, S_IFREG) != 0) {

lib/commonio.h

@@ -11,8 +11,11 @@
 #ifndef COMMONIO_H
 #define COMMONIO_H
 
+
+#include "attr.h"
 #include "defines.h" /* bool */
 
+
 /*
  * Linked list entry.
  */
@@ -37,7 +40,7 @@ struct commonio_ops {
 	/*
 	 * free() the object including any strings pointed by it.
 	 */
-	void (*free) (/*@out@*/ /*@only@*/void *);
+	void (*free)(/*@only@*/void *);
 
 	/*
 	 * Return the name of the object (for example, pw_name
@@ -61,7 +64,9 @@ struct commonio_ops {
 	 * fgets and fputs (can be replaced by versions that
 	 * understand line continuation conventions).
 	 */
-	/*@null@*/char *(*fgets) (/*@returned@*/ /*@out@*/char *s, int n, FILE *stream);
+	ATTR_ACCESS(write_only, 1, 2)
+	/*@null@*/char *(*fgets)(/*@returned@*/char *restrict s, int n,
+	                         FILE *restrict stream);
 	int (*fputs) (const char *, FILE *);
 
 	/*

lib/console.c

@@ -13,6 +13,7 @@
 #include <stdio.h>
 #include "getdef.h"
 #include "prototypes.h"
+#include "string/strtcpy.h"
 
 #ident "$Id$"
 
@@ -44,7 +45,7 @@ static bool is_listed (const char *cfgin, const char *tty, bool def)
 
 	if (*cons != '/') {
 		char *pbuf;
-		strlcpy (buf, cons, sizeof (buf));
+		STRTCPY(buf, cons);
 		pbuf = &buf[0];
 		while ((s = strtok (pbuf, ":")) != NULL) {
 			if (strcmp (s, tty) == 0) {

lib/copydir.c

@@ -19,6 +19,7 @@
 #include <stdio.h>
 
 #include "alloc.h"
+#include "attr.h"
 #include "prototypes.h"
 #include "defines.h"
 #ifdef WITH_SELINUX
@@ -35,6 +36,7 @@
 #include <attr/libattr.h>
 #endif				/* WITH_ATTR */
 #include "shadowlog.h"
+#include "string/sprintf.h"
 
 
 static /*@null@*/const char *src_orig;
@@ -66,12 +68,12 @@ static int copy_dir (const struct path_info *src, const struct path_info *dst,
                      gid_t old_gid, gid_t new_gid);
 static /*@null@*/char *readlink_malloc (const char *filename);
 static int copy_symlink (const struct path_info *src, const struct path_info *dst,
-                         unused bool reset_selinux,
+                         MAYBE_UNUSED bool reset_selinux,
                          const struct stat *statp, const struct timespec mt[],
                          uid_t old_uid, uid_t new_uid,
                          gid_t old_gid, gid_t new_gid);
 static int copy_hardlink (const struct path_info *dst,
-                          unused bool reset_selinux,
+                          MAYBE_UNUSED bool reset_selinux,
                           struct link_name *lp);
 static int copy_special (const struct path_info *src, const struct path_info *dst,
                          bool reset_selinux,
@@ -95,7 +97,7 @@ static int fchown_if_needed (int fdst, const struct stat *statp,
  * error_acl - format the error messages for the ACL and EQ libraries.
  */
 format_attr(printf, 2, 3)
-static void error_acl (unused struct error_context *ctx, const char *fmt, ...)
+static void error_acl (MAYBE_UNUSED struct error_context *ctx, const char *fmt, ...)
 {
 	va_list ap;
 	FILE *shadow_logfd = log_get_logfd();
@@ -208,11 +210,7 @@ static void remove_link (/*@only@*/struct link_name *ln)
 
 static /*@exposed@*/ /*@null@*/struct link_name *check_link (const char *name, const struct stat *sb)
 {
-	struct link_name *lp;
-	size_t src_len;
-	size_t dst_len;
-	size_t name_len;
-	size_t len;
+	struct link_name  *lp;
 
 	/* copy_tree () must be the entry point */
 	assert (NULL != src_orig);
@@ -229,15 +227,10 @@ static /*@exposed@*/ /*@null@*/struct link_name *check_link (const char *name, c
 	}
 
 	lp = XMALLOC(1, struct link_name);
-	src_len = strlen (src_orig);
-	dst_len = strlen (dst_orig);
-	name_len = strlen (name);
 	lp->ln_dev = sb->st_dev;
 	lp->ln_ino = sb->st_ino;
 	lp->ln_count = sb->st_nlink;
-	len = name_len - src_len + dst_len + 1;
-	lp->ln_name = XMALLOC(len, char);
-	(void) snprintf (lp->ln_name, len, "%s%s", dst_orig, name + src_len);
+	xasprintf(&lp->ln_name, "%s%s", dst_orig, name + strlen(src_orig));
 	lp->ln_next = links;
 	links = lp;
 
@@ -314,51 +307,43 @@ static int copy_tree_impl (const struct path_info *src, const struct path_info *
 		set_orig = true;
 	}
 	while ((0 == err) && (ent = readdir (dir)) != NULL) {
+		char              *src_name = NULL;
+		char              *dst_name;
+		struct path_info  src_entry, dst_entry;
 		/*
 		 * Skip the "." and ".." entries
 		 */
-		if ((strcmp (ent->d_name, ".") != 0) &&
-		    (strcmp (ent->d_name, "..") != 0)) {
-			char *src_name;
-			char *dst_name;
-			size_t src_len = strlen (ent->d_name) + 2;
-			size_t dst_len = strlen (ent->d_name) + 2;
-			src_len += strlen (src->full_path);
-			dst_len += strlen (dst->full_path);
-
-			src_name = MALLOC(src_len, char);
-			dst_name = MALLOC(dst_len, char);
-
-			if ((NULL == src_name) || (NULL == dst_name)) {
-				err = -1;
-			} else {
-				/*
-				 * Build the filename for both the source and
-				 * the destination files.
-				 */
-				struct path_info src_entry, dst_entry;
-
-				(void) snprintf (src_name, src_len, "%s/%s",
-				                 src->full_path, ent->d_name);
-				(void) snprintf (dst_name, dst_len, "%s/%s",
-				                 dst->full_path, ent->d_name);
-
-				src_entry.full_path = src_name;
-				src_entry.dirfd = dirfd(dir);
-				src_entry.name = ent->d_name;
-
-				dst_entry.full_path = dst_name;
-				dst_entry.dirfd = dst_fd;
-				dst_entry.name = ent->d_name;
-
-				err = copy_entry (&src_entry, &dst_entry,
-				                  reset_selinux,
-				                  old_uid, new_uid,
-				                  old_gid, new_gid);
-			}
-			free (src_name);
-			free (dst_name);
+		if (strcmp(ent->d_name, ".") == 0 ||
+		    strcmp(ent->d_name, "..") == 0)
+		{
+			continue;
 		}
+
+		if (asprintf(&src_name, "%s/%s", src->full_path, ent->d_name) == -1)
+		{
+			err = -1;
+			continue;
+		}
+		if (asprintf(&dst_name, "%s/%s", dst->full_path, ent->d_name) == -1)
+		{
+			err = -1;
+			goto skip;
+		}
+
+		src_entry.full_path = src_name;
+		src_entry.dirfd = dirfd(dir);
+		src_entry.name = ent->d_name;
+
+		dst_entry.full_path = dst_name;
+		dst_entry.dirfd = dst_fd;
+		dst_entry.name = ent->d_name;
+
+		err = copy_entry(&src_entry, &dst_entry, reset_selinux,
+				 old_uid, new_uid, old_gid, new_gid);
+
+		free(dst_name);
+skip:
+		free(src_name);
 	}
 	(void) closedir (dir);
 	(void) close (dst_fd);
@@ -420,63 +405,64 @@ static int copy_entry (const struct path_info *src, const struct path_info *dst,
 
 	if (fstatat(src->dirfd, src->name, &sb, AT_SYMLINK_NOFOLLOW) == -1) {
 		/* If we cannot stat the file, do not care. */
-	} else {
-		mt[0].tv_sec  = sb.st_atim.tv_sec;
-		mt[0].tv_nsec = sb.st_atim.tv_nsec;
+		return 0;
+	}
 
-		mt[1].tv_sec  = sb.st_mtim.tv_sec;
-		mt[1].tv_nsec = sb.st_mtim.tv_nsec;
+	mt[0].tv_sec  = sb.st_atim.tv_sec;
+	mt[0].tv_nsec = sb.st_atim.tv_nsec;
 
-		if (S_ISDIR (sb.st_mode)) {
-			err = copy_dir (src, dst, reset_selinux, &sb, mt,
-			                old_uid, new_uid, old_gid, new_gid);
-		}
+	mt[1].tv_sec  = sb.st_mtim.tv_sec;
+	mt[1].tv_nsec = sb.st_mtim.tv_nsec;
 
-		/*
-		 * If the destination already exists do nothing.
-		 * This is after the copy_dir above to still iterate into subdirectories.
-		 */
-		if (fstatat(dst->dirfd, dst->name, &sb, AT_SYMLINK_NOFOLLOW) != -1) {
-			return 0;
-		}
+	if (S_ISDIR (sb.st_mode)) {
+		err = copy_dir (src, dst, reset_selinux, &sb, mt,
+				old_uid, new_uid, old_gid, new_gid);
+	}
 
-		/*
-		 * Copy any symbolic links
-		 */
+	/*
+	* If the destination already exists do nothing.
+	* This is after the copy_dir above to still iterate into subdirectories.
+	*/
+	if (fstatat(dst->dirfd, dst->name, &sb, AT_SYMLINK_NOFOLLOW) != -1) {
+		return err;
+	}
 
-		else if (S_ISLNK (sb.st_mode)) {
-			err = copy_symlink (src, dst, reset_selinux, &sb, mt,
-			                    old_uid, new_uid, old_gid, new_gid);
-		}
+	/*
+	* Copy any symbolic links
+	*/
 
-		/*
-		 * See if this is a previously copied link
-		 */
+	else if (S_ISLNK (sb.st_mode)) {
+		err = copy_symlink (src, dst, reset_selinux, &sb, mt,
+				    old_uid, new_uid, old_gid, new_gid);
+	}
 
-		else if ((lp = check_link (src->full_path, &sb)) != NULL) {
-			err = copy_hardlink (dst, reset_selinux, lp);
-		}
+	/*
+	* See if this is a previously copied link
+	*/
 
-		/*
-		 * Deal with FIFOs and special files.  The user really
-		 * shouldn't have any of these, but it seems like it
-		 * would be nice to copy everything ...
-		 */
+	else if ((lp = check_link (src->full_path, &sb)) != NULL) {
+		err = copy_hardlink (dst, reset_selinux, lp);
+	}
 
-		else if (!S_ISREG (sb.st_mode)) {
-			err = copy_special (src, dst, reset_selinux, &sb, mt,
-			                    old_uid, new_uid, old_gid, new_gid);
-		}
+	/*
+	* Deal with FIFOs and special files.  The user really
+	* shouldn't have any of these, but it seems like it
+	* would be nice to copy everything ...
+	*/
 
-		/*
-		 * Create the new file and copy the contents.  The new
-		 * file will be owned by the provided UID and GID values.
-		 */
+	else if (!S_ISREG (sb.st_mode)) {
+		err = copy_special (src, dst, reset_selinux, &sb, mt,
+				    old_uid, new_uid, old_gid, new_gid);
+	}
 
-		else {
-			err = copy_file (src, dst, reset_selinux, &sb, mt,
-			                 old_uid, new_uid, old_gid, new_gid);
-		}
+	/*
+	* Create the new file and copy the contents.  The new
+	* file will be owned by the provided UID and GID values.
+	*/
+
+	else {
+		err = copy_file (src, dst, reset_selinux, &sb, mt,
+				 old_uid, new_uid, old_gid, new_gid);
 	}
 
 	return err;
@@ -596,7 +582,7 @@ static /*@null@*/char *readlink_malloc (const char *filename)
  *	Return 0 on success, -1 on error.
  */
 static int copy_symlink (const struct path_info *src, const struct path_info *dst,
-                         unused bool reset_selinux,
+                         MAYBE_UNUSED bool reset_selinux,
                          const struct stat *statp, const struct timespec mt[],
                          uid_t old_uid, uid_t new_uid,
                          gid_t old_gid, gid_t new_gid)
@@ -624,13 +610,11 @@ static int copy_symlink (const struct path_info *src, const struct path_info *ds
 	 * create a link to the corresponding entry in the dst_orig
 	 * directory.
 	 */
-	if (strncmp (oldlink, src_orig, strlen (src_orig)) == 0) {
-		size_t len = strlen (dst_orig) + strlen (oldlink) - strlen (src_orig) + 1;
-		char *dummy = XMALLOC(len, char);
-		(void) snprintf (dummy, len, "%s%s",
-		                 dst_orig,
-		                 oldlink + strlen (src_orig));
-		free (oldlink);
+	if (strncmp(oldlink, src_orig, strlen(src_orig)) == 0) {
+		char  *dummy;
+
+		xasprintf(&dummy, "%s%s", dst_orig, oldlink + strlen(src_orig));
+		free(oldlink);
 		oldlink = dummy;
 	}
 
@@ -670,7 +654,7 @@ static int copy_symlink (const struct path_info *src, const struct path_info *ds
  *	Return 0 on success, -1 on error.
  */
 static int copy_hardlink (const struct path_info *dst,
-                          unused bool reset_selinux,
+                          MAYBE_UNUSED bool reset_selinux,
                           struct link_name *lp)
 {
 	/* FIXME: selinux, ACL, Extended Attributes needed? */
@@ -689,6 +673,7 @@ static int copy_hardlink (const struct path_info *dst,
 	return 0;
 }
 
+
 /*
  * copy_special - copy a special file
  *
@@ -699,29 +684,33 @@ static int copy_hardlink (const struct path_info *dst,
  *
  *	Return 0 on success, -1 on error.
  */
-static int copy_special (const struct path_info *src, const struct path_info *dst,
-                         bool reset_selinux,
-                         const struct stat *statp, const struct timespec mt[],
-                         uid_t old_uid, uid_t new_uid,
-                         gid_t old_gid, gid_t new_gid)
+static int
+copy_special(const struct path_info *src, const struct path_info *dst,
+             bool reset_selinux,
+             const struct stat *statp, const struct timespec mt[],
+             uid_t old_uid, uid_t new_uid,
+             gid_t old_gid, gid_t new_gid)
 {
-	int err = 0;
-
-#ifdef WITH_SELINUX
-	if (set_selinux_file_context (dst->full_path, statp->st_mode & S_IFMT) != 0) {
+#if defined(WITH_SELINUX)
+	if (set_selinux_file_context(dst->full_path, statp->st_mode & S_IFMT) != 0)
 		return -1;
-	}
-#endif				/* WITH_SELINUX */
+#endif
 
-	if (   (mknodat (dst->dirfd, dst->name, statp->st_mode & ~07777U, statp->st_rdev) != 0)
-	    || (chownat_if_needed (dst, statp,
-	                         old_uid, new_uid, old_gid, new_gid) != 0)
-	    || (fchmodat (dst->dirfd, dst->name, statp->st_mode & 07777, AT_SYMLINK_NOFOLLOW) != 0)
-#ifdef WITH_ACL
-	    || (   (perm_copy_path (src, dst, &ctx) != 0)
-	        && (errno != 0))
-#endif				/* WITH_ACL */
-#ifdef WITH_ATTR
+	if (mknodat(dst->dirfd, dst->name, statp->st_mode & ~07777U, statp->st_rdev) == -1)
+		return -1;
+
+	if (chownat_if_needed(dst, statp, old_uid, new_uid, old_gid, new_gid) == -1)
+		return -1;
+
+	if (fchmodat(dst->dirfd, dst->name, statp->st_mode & 07777, AT_SYMLINK_NOFOLLOW) == -1)
+		return -1;
+
+#if defined(WITH_ACL)
+	if (perm_copy_path(src, dst, &ctx) == -1 && errno != 0)
+		return -1;
+#endif
+
+#if defined(WITH_ATTR)
 	/*
 	 * If the third parameter is NULL, all extended attributes
 	 * except those that define Access Control Lists are copied.
@@ -729,15 +718,16 @@ static int copy_special (const struct path_info *src, const struct path_info *ds
 	 * file systems with and without ACL support needs some
 	 * additional logic so that no unexpected permissions result.
 	 */
-	    || (   !reset_selinux
-	        && (attr_copy_path (src, dst, NULL, &ctx) != 0)
-	        && (errno != 0))
-#endif				/* WITH_ATTR */
-		|| (utimensat (dst->dirfd, dst->name, mt, AT_SYMLINK_NOFOLLOW) != 0)) {
-		err = -1;
+	if (!reset_selinux) {
+		if (attr_copy_path(src, dst, NULL, &ctx) == -1 && errno != 0)
+			return -1;
 	}
+#endif
 
-	return err;
+	if (utimensat(dst->dirfd, dst->name, mt, AT_SYMLINK_NOFOLLOW) == -1)
+		return -1;
+
+	return 0;
 }
 
 /*
@@ -816,7 +806,7 @@ static int copy_file (const struct path_info *src, const struct path_info *dst,
 			break;
 		}
 
-		if (write_full (ofd, buf, cnt) < 0) {
+		if (write_full(ofd, buf, cnt) == -1) {
 			(void) close (ofd);
 			(void) close (ifd);
 			return -1;
@@ -824,7 +814,7 @@ static int copy_file (const struct path_info *src, const struct path_info *dst,
 	}
 
 	(void) close (ifd);
-	if (close (ofd) != 0) {
+	if (close (ofd) != 0 && errno != EINTR) {
 		return -1;
 	}
 

lib/csrand.c

@@ -20,6 +20,7 @@
 #include "defines.h"
 #include "prototypes.h"
 #include "shadowlog.h"
+#include "sizeof.h"
 
 
 static uint32_t csrand_uniform32(uint32_t n);

lib/date_to_str.c

@@ -1,38 +1,20 @@
 /*
- * Copyright (c) 2021, Alejandro Colomar <alx.manpages@gmail.com>
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. The name of the copyright holders or contributors may not be used to
- *    endorse or promote products derived from this software without
- *    specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
- * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
- * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
- * PARTICULAR PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE COPYRIGHT
- * HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
- * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
- * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
- * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
- * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
- * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ * SPDX-FileCopyrightText: 2021-2023, Alejandro Colomar <alx@kernel.org>
+ * SPDX-License-Identifier: BSD-3-Clause
  */
 
+
+#include <config.h>
+
 #include <string.h>
 #include <time.h>
 
 #ident "$Id$"
 
+#include "string/strtcpy.h"
 #include "prototypes.h"
 
+
 void
 date_to_str(size_t size, char buf[size], long date)
 {
@@ -41,16 +23,16 @@ date_to_str(size_t size, char buf[size], long date)
 
 	t = date;
 	if (date < 0) {
-		(void) strlcpy(buf, "never", size);
+		(void) strtcpy(buf, "never", size);
 		return;
 	}
 
 	tm = gmtime(&t);
 	if (tm == NULL) {
-		(void) strlcpy(buf, "future", size);
+		(void) strtcpy(buf, "future", size);
 		return;
 	}
 
-	(void) strftime(buf, size, "%Y-%m-%d", tm);
-	buf[size - 1] = '\0';
+	if (strftime(buf, size, "%Y-%m-%d", tm) == 0)
+		(void) strtcpy(buf, "future", size);
 }

lib/defines.h

@@ -25,6 +25,7 @@
     ((N) == 1 ? (const char *) (Msgid1) : (const char *) (Msgid2))
 #endif
 
+#include <stdio.h>
 #include <stdlib.h>
 #include <string.h>
 
@@ -47,20 +48,6 @@
 #include <sys/time.h>
 #include <time.h>
 
-#ifdef HAVE_MEMSET_EXPLICIT
-# define memzero(ptr, size) memset_explicit((ptr), 0, (size))
-#elif defined HAVE_EXPLICIT_BZERO	/* !HAVE_MEMSET_S */
-# define memzero(ptr, size) explicit_bzero((ptr), (size))
-#else					/* !HAVE_MEMSET_S && HAVE_EXPLICIT_BZERO */
-static inline void memzero(void *ptr, size_t size)
-{
-	ptr = memset(ptr, '\0', size);
-	__asm__ __volatile__ ("" : : "r"(ptr) : "memory");
-}
-#endif					/* !HAVE_MEMSET_S && !HAVE_EXPLICIT_BZERO */
-
-#define strzero(s) memzero(s, strlen(s))	/* warning: evaluates twice */
-
 #include <dirent.h>
 
 /*
@@ -153,34 +140,15 @@ static inline void memzero(void *ptr, size_t size)
  *
  * DAY - seconds / day
  * WEEK - seconds / week
- * SCALE - seconds / aging unit
  */
 
 /* Solaris defines this in shadow.h */
 #ifndef DAY
-#define DAY (24L*3600L)
+#define DAY  ((time_t) 24 * 3600)
 #endif
 
 #define WEEK (7*DAY)
 
-#ifdef ITI_AGING
-#define SCALE 1
-#else
-#define SCALE DAY
-#endif
-
-#define WIDTHOF(x)   (sizeof(x) * CHAR_BIT)
-#define NITEMS(arr)  (sizeof((arr)) / sizeof((arr)[0]))
-#define STRLEN(s)    (NITEMS(s) - 1)
-
-/* Copy string pointed by B to array A with size checking.  It was originally
-   in lmain.c but is _very_ useful elsewhere.  Some setuid root programs with
-   very sloppy coding used to assume that BUFSIZ will always be enough...  */
-
-					/* danger - side effects */
-#define STRFCPY(A,B) \
-	(strncpy((A), (B), sizeof(A) - 1), (A)[sizeof(A) - 1] = '\0')
-
 #ifndef PASSWD_FILE
 #define PASSWD_FILE "/etc/passwd"
 #endif
@@ -193,6 +161,14 @@ static inline void memzero(void *ptr, size_t size)
 #define SHADOW_FILE "/etc/shadow"
 #endif
 
+#ifndef SUBUID_FILE
+#define SUBUID_FILE "/etc/subuid"
+#endif
+
+#ifndef SUBGID_FILE
+#define SUBGID_FILE "/etc/subgid"
+#endif
+
 #ifdef SHADOWGRP
 #ifndef SGROUP_FILE
 #define SGROUP_FILE "/etc/gshadow"
@@ -208,43 +184,33 @@ static inline void memzero(void *ptr, size_t size)
 #define SHADOW_PASSWD_STRING "x"
 #endif
 
-#define SHADOW_SP_FLAG_UNSET ((unsigned long int)-1)
+#define SHADOW_SP_FLAG_UNSET ((unsigned long)-1)
 
 #ifdef WITH_AUDIT
-#ifdef __u8			/* in case we use pam < 0.80 */
+/* in case we use pam < 0.80 */
 #undef __u8
-#endif
-#ifdef __u32
 #undef __u32
-#endif
 
 #include <libaudit.h>
 #endif
 
-/* To be used for verified unused parameters */
-#if defined(__GNUC__) && !defined(__STRICT_ANSI__)
-# define unused    __attribute__((unused))
-# define NORETURN  __attribute__((__noreturn__))
-# define format_attr(type, index, check) __attribute__((format (type, index, check)))
-#else
-# define unused
-# define NORETURN
-# define format_attr(type, index, check)
-#endif
-
 /* Maximum length of passwd entry */
 #define PASSWD_ENTRY_MAX_LENGTH 32768
 
-#if (__GNUC__ >= 11) && !defined(__clang__)
-# define ATTR_MALLOC(deallocator)  [[gnu::malloc(deallocator)]]
-#else
-# define ATTR_MALLOC(deallocator)
-#endif
-
 #ifdef HAVE_SECURE_GETENV
 #  define shadow_getenv(name) secure_getenv(name)
 # else
 #  define shadow_getenv(name) getenv(name)
 #endif
 
+/*
+ * Maximum password length
+ *
+ * Consider that there is also limit in PAM (PAM_MAX_RESP_SIZE)
+ * currently set to 512.
+ */
+#if !defined(PASS_MAX)
+#define PASS_MAX  BUFSIZ - 1
+#endif
+
 #endif				/* _DEFINES_H_ */

lib/entry.c

@@ -1,47 +0,0 @@
-/*
- * SPDX-FileCopyrightText: 1989 - 1994, Julianne Frances Haugh
- * SPDX-FileCopyrightText: 1996 - 2000, Marek Michałkiewicz
- * SPDX-FileCopyrightText: 2003 - 2005, Tomasz Kłoczko
- * SPDX-FileCopyrightText: 2007 - 2008, Nicolas François
- *
- * SPDX-License-Identifier: BSD-3-Clause
- */
-
-#include <config.h>
-
-#ident "$Id$"
-
-#include <sys/types.h>
-#include <stdio.h>
-
-#include "alloc.h"
-#include "prototypes.h"
-#include "defines.h"
-#include <pwd.h>
-
-void pw_entry (const char *name, struct passwd *pwent)
-{
-	struct passwd *passwd;
-
-	struct spwd *spwd;
-
-	if (!(passwd = getpwnam (name))) { /* local, no need for xgetpwnam */
-		pwent->pw_name = NULL;
-		return;
-	} else {
-		pwent->pw_name = xstrdup (passwd->pw_name);
-		pwent->pw_uid = passwd->pw_uid;
-		pwent->pw_gid = passwd->pw_gid;
-		pwent->pw_gecos = xstrdup (passwd->pw_gecos);
-		pwent->pw_dir = xstrdup (passwd->pw_dir);
-		pwent->pw_shell = xstrdup (passwd->pw_shell);
-#if !defined(AUTOSHADOW)
-		/* local, no need for xgetspnam */
-		if ((spwd = getspnam (name))) {
-			pwent->pw_passwd = xstrdup (spwd->sp_pwdp);
-			return;
-		}
-#endif
-		pwent->pw_passwd = xstrdup (passwd->pw_passwd);
-	}
-}

lib/env.c

@@ -20,6 +20,9 @@
 #include "prototypes.h"
 #include "defines.h"
 #include "shadowlog.h"
+#include "string/sprintf.h"
+
+
 /*
  * NEWENVP_STEP must be a power of two.  This is the number
  * of (char *) pointers to allocate at a time, to avoid using
@@ -67,16 +70,11 @@ void initenv (void)
 
 void addenv (const char *string, /*@null@*/const char *value)
 {
-	char *cp, *newstring;
-	size_t i;
-	size_t n;
+	char    *cp, *newstring;
+	size_t  i, n;
 
 	if (NULL != value) {
-		size_t len = strlen (string) + strlen (value) + 2;
-		int wlen;
-		newstring = XMALLOC(len, char);
-		wlen = snprintf (newstring, len, "%s=%s", string, value);
-		assert (wlen == (int) len -1);
+		xasprintf(&newstring, "%s=%s", string, value);
 	} else {
 		newstring = xstrdup (string);
 	}
@@ -88,7 +86,7 @@ void addenv (const char *string, /*@null@*/const char *value)
 
 	cp = strchr (newstring, '=');
 	if (NULL == cp) {
-		free (newstring);
+		free(newstring);
 		return;
 	}
 
@@ -105,7 +103,7 @@ void addenv (const char *string, /*@null@*/const char *value)
 	}
 
 	if (i < newenvc) {
-		free (newenvp[i]);
+		free(newenvp[i]);
 		newenvp[i] = newstring;
 		return;
 	}
@@ -168,9 +166,9 @@ void addenv (const char *string, /*@null@*/const char *value)
  */
 void set_env (int argc, char *const *argv)
 {
-	int noname = 1;
-	char variable[1024];
-	char *cp;
+	int   noname = 1;
+	char  variable[1024];
+	char  *cp;
 
 	for (; argc > 0; argc--, argv++) {
 		if (strlen (*argv) >= sizeof variable) {
@@ -179,9 +177,7 @@ void set_env (int argc, char *const *argv)
 
 		cp = strchr (*argv, '=');
 		if (NULL == cp) {
-			int wlen;
-			wlen = snprintf (variable, sizeof variable, "L%d", noname);
-			assert (wlen < (int) sizeof(variable));
+			assert(SNPRINTF(variable, "L%d", noname) != -1);
 			noname++;
 			addenv (variable, *argv);
 		} else {
@@ -194,8 +190,7 @@ void set_env (int argc, char *const *argv)
 			}
 
 			if (NULL != *p) {
-				strncpy (variable, *argv, (size_t)(cp - *argv));
-				variable[cp - *argv] = '\0';
+				stpcpy(mempcpy(variable, *argv, (size_t)(cp - *argv)), "");
 				printf (_("You may not change $%s\n"),
 					variable);
 				continue;

lib/failure.c

@@ -17,7 +17,11 @@
 #include "defines.h"
 #include "faillog.h"
 #include "failure.h"
+#include "memzero.h"
 #include "prototypes.h"
+#include "string/strtcpy.h"
+
+
 #define	YEAR	(365L*DAY)
 /*
  * failure - make failure entry
@@ -41,7 +45,7 @@ void failure (uid_t uid, const char *tty, struct faillog *fl)
 	fd = open (FAILLOG_FILE, O_RDWR);
 	if (fd < 0) {
 		SYSLOG ((LOG_WARN,
-		         "Can't write faillog entry for UID %lu in %s.",
+		         "Can't write faillog entry for UID %lu in %s: %m",
 		         (unsigned long) uid, FAILLOG_FILE));
 		return;
 	}
@@ -75,7 +79,7 @@ void failure (uid_t uid, const char *tty, struct faillog *fl)
 		fl->fail_cnt++;
 	}
 
-	strncpy (fl->fail_line, tty, sizeof (fl->fail_line) - 1);
+	STRTCPY(fl->fail_line, tty);
 	(void) time (&fl->fail_time);
 
 	/*
@@ -86,13 +90,26 @@ void failure (uid_t uid, const char *tty, struct faillog *fl)
 	 */
 
 	if (   (lseek (fd, offset_uid, SEEK_SET) != offset_uid)
-	    || (write_full (fd, fl, sizeof *fl) != (ssize_t) sizeof *fl)
-	    || (close (fd) != 0)) {
-		SYSLOG ((LOG_WARN,
-		         "Can't write faillog entry for UID %lu in %s.",
-		         (unsigned long) uid, FAILLOG_FILE));
-		(void) close (fd);
+	    || (write_full(fd, fl, sizeof *fl) == -1)) {
+		goto err_write;
 	}
+
+	if (close (fd) != 0 && errno != EINTR) {
+		goto err_close;
+	}
+
+	return;
+
+err_write:
+	{
+		int saved_errno = errno;
+		(void) close (fd);
+		errno = saved_errno;
+	}
+err_close:
+	SYSLOG ((LOG_WARN,
+	         "Can't write faillog entry for UID %lu to %s: %m",
+	         (unsigned long) uid, FAILLOG_FILE));
 }
 
 static bool too_many_failures (const struct faillog *fl)
@@ -144,7 +161,7 @@ int failcheck (uid_t uid, struct faillog *fl, bool failed)
 	fd = open (FAILLOG_FILE, failed?O_RDONLY:O_RDWR);
 	if (fd < 0) {
 		SYSLOG ((LOG_WARN,
-		         "Can't open the faillog file (%s) to check UID %lu. "
+		         "Can't open the faillog file (%s) to check UID %lu: %m; "
 		         "User access authorized.",
 		         FAILLOG_FILE, (unsigned long) uid));
 		return 1;
@@ -185,18 +202,30 @@ int failcheck (uid_t uid, struct faillog *fl, bool failed)
 		fail.fail_cnt = 0;
 
 		if (   (lseek (fd, offset_uid, SEEK_SET) != offset_uid)
-		    || (write_full (fd, &fail, sizeof fail) != (ssize_t) sizeof fail)
-		    || (close (fd) != 0)) {
-			SYSLOG ((LOG_WARN,
-			         "Can't reset faillog entry for UID %lu in %s.",
-			         (unsigned long) uid, FAILLOG_FILE));
-			(void) close (fd);
+		    || (write_full(fd, &fail, sizeof fail) == -1)) {
+			    goto err_write;
+		}
+
+		if (close (fd) != 0 && errno != EINTR) {
+			goto err_close;
 		}
 	} else {
 		(void) close (fd);
 	}
 
 	return 1;
+
+err_write:
+	{
+		int saved_errno = errno;
+		(void) close (fd);
+		errno = saved_errno;
+	}
+err_close:
+	SYSLOG ((LOG_WARN,
+	         "Can't reset faillog entry for UID %lu in %s: %m",
+	         (unsigned long) uid, FAILLOG_FILE));
+	return 1;
 }
 
 /*

lib/find_new_uid.c

@@ -232,14 +232,13 @@ int find_new_uid(bool sys_user,
 	 */
 
 	/* Create an array to hold all of the discovered UIDs */
-	used_uids = MALLOC(uid_max + 1, bool);
+	used_uids = CALLOC(uid_max + 1, bool);
 	if (NULL == used_uids) {
 		fprintf (log_get_logfd(),
 			 _("%s: failed to allocate memory: %s\n"),
 			 log_get_progname(), strerror (errno));
 		return -1;
 	}
-	memset (used_uids, false, sizeof (bool) * (uid_max + 1));
 
 	/* First look for the lowest and highest value in the local database */
 	(void) pw_rewind ();

lib/fputsx.c

@@ -16,7 +16,8 @@
 #ident "$Id$"
 
 
-/*@null@*/char *fgetsx (/*@returned@*/ /*@out@*/char *buf, int cnt, FILE * f)
+/*@null@*/char *
+fgetsx(/*@returned@*/char *restrict buf, int cnt, FILE *restrict f)
 {
 	char *cp = buf;
 	char *ep;

lib/get_gid.c

@@ -4,6 +4,7 @@
  * SPDX-License-Identifier: BSD-3-Clause
  */
 
+
 #include <config.h>
 
 #ident "$Id$"
@@ -11,21 +12,23 @@
 #include "prototypes.h"
 #include "defines.h"
 
-int get_gid (const char *gidstr, gid_t *gid)
+
+int
+get_gid(const char *gidstr, gid_t *gid)
 {
-	long long int val;
+	long long  val;
 	char *endptr;
 
 	errno = 0;
-	val = strtoll (gidstr, &endptr, 10);
+	val = strtoll(gidstr, &endptr, 10);
 	if (   ('\0' == *gidstr)
 	    || ('\0' != *endptr)
-	    || (ERANGE == errno)
+	    || (0 != errno)
 	    || (/*@+longintegral@*/val != (gid_t)val)/*@=longintegral@*/) {
-		return 0;
+		return -1;
 	}
 
 	*gid = val;
-	return 1;
+	return 0;
 }
 

lib/get_pid.c

@@ -14,23 +14,26 @@
 #include <sys/stat.h>
 #include <fcntl.h>
 
+#include "string/sprintf.h"
+
+
 int get_pid (const char *pidstr, pid_t *pid)
 {
-	long long int val;
+	long long  val;
 	char *endptr;
 
 	errno = 0;
-	val = strtoll (pidstr, &endptr, 10);
+	val = strtoll(pidstr, &endptr, 10);
 	if (   ('\0' == *pidstr)
 	    || ('\0' != *endptr)
-	    || (ERANGE == errno)
+	    || (0 != errno)
 	    || (val < 1)
 	    || (/*@+longintegral@*/val != (pid_t)val)/*@=longintegral@*/) {
-		return 0;
+		return -1;
 	}
 
 	*pid = val;
-	return 1;
+	return 0;
 }
 
 /*
@@ -40,16 +43,16 @@ int get_pid (const char *pidstr, pid_t *pid)
  */
 int get_pidfd_from_fd(const char *pidfdstr)
 {
-	long long int val;
+	long long  val;
 	char *endptr;
 	struct stat st;
 	dev_t proc_st_dev, proc_st_rdev;
 
 	errno = 0;
-	val = strtoll (pidfdstr, &endptr, 10);
+	val = strtoll(pidfdstr, &endptr, 10);
 	if (   ('\0' == *pidfdstr)
 	    || ('\0' != *endptr)
-	    || (ERANGE == errno)
+	    || (0 != errno)
 	    || (val < 0)
 	    || (/*@+longintegral@*/val != (int)val)/*@=longintegral@*/) {
 		return -1;
@@ -75,18 +78,15 @@ int get_pidfd_from_fd(const char *pidfdstr)
 
 int open_pidfd(const char *pidstr)
 {
-	int proc_dir_fd;
-	int written;
-	char proc_dir_name[32];
-	pid_t target;
+	int    proc_dir_fd;
+	char   proc_dir_name[32];
+	pid_t  target;
 
-	if (get_pid(pidstr, &target) == 0)
+	if (get_pid(pidstr, &target) == -1)
 		return -ENOENT;
 
 	/* max string length is 6 + 10 + 1 + 1 = 18, allocate 32 bytes */
-	written = snprintf(proc_dir_name, sizeof(proc_dir_name), "/proc/%u/",
-		target);
-	if ((written <= 0) || ((size_t)written >= sizeof(proc_dir_name))) {
+	if (SNPRINTF(proc_dir_name, "/proc/%u/", target) == -1) {
 		fprintf(stderr, "snprintf of proc path failed for %u: %s\n",
 			target, strerror(errno));
 		return -EINVAL;

lib/get_uid.c

@@ -4,6 +4,7 @@
  * SPDX-License-Identifier: BSD-3-Clause
  */
 
+
 #include <config.h>
 
 #ident "$Id$"
@@ -11,21 +12,23 @@
 #include "prototypes.h"
 #include "defines.h"
 
-int get_uid (const char *uidstr, uid_t *uid)
+
+int
+get_uid(const char *uidstr, uid_t *uid)
 {
-	long long int val;
+	long long  val;
 	char *endptr;
 
 	errno = 0;
-	val = strtoll (uidstr, &endptr, 10);
+	val = strtoll(uidstr, &endptr, 10);
 	if (   ('\0' == *uidstr)
 	    || ('\0' != *endptr)
-	    || (ERANGE == errno)
+	    || (0 != errno)
 	    || (/*@+longintegral@*/val != (uid_t)val)/*@=longintegral@*/) {
-		return 0;
+		return -1;
 	}
 
 	*uid = val;
-	return 1;
+	return 0;
 }
 

lib/getdate.y

@@ -28,6 +28,7 @@
 #include <ctype.h>
 #include <time.h>
 
+#include "attr.h"
 #include "getdate.h"
 
 #include <string.h>
@@ -318,7 +319,7 @@ relunit	: tUNUMBER tYEAR_UNIT {
 	    yyRelYear += $1 * $2;
 	}
 	| tYEAR_UNIT {
-	    yyRelYear++;
+	    yyRelYear += $1;
 	}
 	| tUNUMBER tMONTH_UNIT {
 	    yyRelMonth += $1 * $2;
@@ -327,7 +328,7 @@ relunit	: tUNUMBER tYEAR_UNIT {
 	    yyRelMonth += $1 * $2;
 	}
 	| tMONTH_UNIT {
-	    yyRelMonth++;
+	    yyRelMonth += $1;
 	}
 	| tUNUMBER tDAY_UNIT {
 	    yyRelDay += $1 * $2;
@@ -336,7 +337,7 @@ relunit	: tUNUMBER tYEAR_UNIT {
 	    yyRelDay += $1 * $2;
 	}
 	| tDAY_UNIT {
-	    yyRelDay++;
+	    yyRelDay += $1;
 	}
 	| tUNUMBER tHOUR_UNIT {
 	    yyRelHour += $1 * $2;
@@ -345,7 +346,7 @@ relunit	: tUNUMBER tYEAR_UNIT {
 	    yyRelHour += $1 * $2;
 	}
 	| tHOUR_UNIT {
-	    yyRelHour++;
+	    yyRelHour += $1;
 	}
 	| tUNUMBER tMINUTE_UNIT {
 	    yyRelMinutes += $1 * $2;
@@ -354,7 +355,7 @@ relunit	: tUNUMBER tYEAR_UNIT {
 	    yyRelMinutes += $1 * $2;
 	}
 	| tMINUTE_UNIT {
-	    yyRelMinutes++;
+	    yyRelMinutes += $1;
 	}
 	| tUNUMBER tSEC_UNIT {
 	    yyRelSeconds += $1 * $2;
@@ -363,7 +364,7 @@ relunit	: tUNUMBER tYEAR_UNIT {
 	    yyRelSeconds += $1 * $2;
 	}
 	| tSEC_UNIT {
-	    yyRelSeconds++;
+	    yyRelSeconds += $1;
 	}
 	;
 
@@ -569,7 +570,7 @@ static TABLE const MilitaryTable[] = {
 
 
 
-static int yyerror (unused const char *s)
+static int yyerror (MAYBE_UNUSED const char *s)
 {
   return 0;
 }

lib/getdef.c

@@ -25,6 +25,8 @@
 #include "alloc.h"
 #include "getdef.h"
 #include "shadowlog_internal.h"
+#include "string/sprintf.h"
+
 
 /*
  * A configuration item definition.
@@ -37,7 +39,6 @@ struct itemdef {
 #define PAMDEFS					\
 	{"CHFN_AUTH", NULL},			\
 	{"CHSH_AUTH", NULL},			\
-	{"CRACKLIB_DICTPATH", NULL},		\
 	{"ENV_HZ", NULL},			\
 	{"ENVIRON_FILE", NULL},			\
 	{"ENV_TZ", NULL},			\
@@ -244,9 +245,9 @@ int getdef_num (const char *item, int dflt)
 		return dflt;
 	}
 
-	if (   (getlong (d->value, &val) == 0)
+	if (   (getlong(d->value, &val) == -1)
 	    || (val > INT_MAX)
-	    || (val < INT_MIN)) {
+	    || (val < -1)) {
 		fprintf (shadow_logfd,
 		         _("configuration error - cannot parse %s value: '%s'"),
 		         item, d->value);
@@ -279,7 +280,7 @@ unsigned int getdef_unum (const char *item, unsigned int dflt)
 		return dflt;
 	}
 
-	if (   (getlong (d->value, &val) == 0)
+	if (   (getlong(d->value, &val) == -1)
 	    || (val < 0)
 	    || (val > INT_MAX)) {
 		fprintf (shadow_logfd,
@@ -314,7 +315,7 @@ long getdef_long (const char *item, long dflt)
 		return dflt;
 	}
 
-	if (getlong (d->value, &val) == 0) {
+	if (getlong(d->value, &val) == -1 || val < -1) {
 		fprintf (shadow_logfd,
 		         _("configuration error - cannot parse %s value: '%s'"),
 		         item, d->value);
@@ -346,7 +347,7 @@ unsigned long getdef_ulong (const char *item, unsigned long dflt)
 		return dflt;
 	}
 
-	if (getulong (d->value, &val) == 0) {
+	if (getulong(d->value, &val) == -1) {
 		fprintf (shadow_logfd,
 		         _("configuration error - cannot parse %s value: '%s'"),
 		         item, d->value);
@@ -361,7 +362,7 @@ unsigned long getdef_ulong (const char *item, unsigned long dflt)
  * (also used when loading the initial defaults)
  */
 
-int putdef_str (const char *name, const char *value)
+int putdef_str (const char *name, const char *value, const char *srcfile)
 {
 	struct itemdef *d;
 	char *cp;
@@ -376,6 +377,8 @@ int putdef_str (const char *name, const char *value)
 	 */
 	d = def_find (name);
 	if (NULL == d) {
+		if (NULL != srcfile)
+			SYSLOG ((LOG_CRIT, "shadow: unknown configuration item '%s' in '%s'", name, srcfile));
 		return -1;
 	}
 
@@ -429,7 +432,6 @@ static /*@observer@*/ /*@null@*/struct itemdef *def_find (const char *name)
 	fprintf (shadow_logfd,
 	         _("configuration error - unknown item '%s' (notify administrator)\n"),
 	         name);
-	SYSLOG ((LOG_CRIT, "unknown configuration item `%s'", name));
 
 out:
 	return NULL;
@@ -444,21 +446,12 @@ out:
 void setdef_config_file (const char* file)
 {
 #ifdef USE_ECONF
-	size_t len;
-	char* cp;
+	char  *cp;
 
-	len = strlen(file) + strlen(sysconfdir) + 2;
-	cp = MALLOC(len, char);
-	if (cp == NULL)
-		exit (13);
-	snprintf(cp, len, "%s/%s", file, sysconfdir);
+	xasprintf(&cp, "%s/%s", file, sysconfdir);
 	sysconfdir = cp;
 #ifdef VENDORDIR
-	len = strlen(file) + strlen(vendordir) + 2;
-	cp = MALLOC(len, char);
-	if (cp == NULL)
-		exit (13);
-	snprintf(cp, len, "%s/%s", file, vendordir);
+	xasprintf(&cp, "%s/%s", file, vendordir);
 	vendordir = cp;
 #endif
 #else
@@ -519,7 +512,7 @@ static void def_load (void)
 		 * The error was already reported to the user and to
 		 * syslog. The tools will just use their default values.
 		 */
-		(void)putdef_str (keys[i], value);
+		(void)putdef_str (keys[i], value, econf_getPath(defs_file));
 
 		free(value);
 	}
@@ -592,7 +585,7 @@ static void def_load (void)
 		 * The error was already reported to the user and to
 		 * syslog. The tools will just use their default values.
 		 */
-		(void)putdef_str (name, value);
+		(void)putdef_str (name, value, def_fname);
 	}
 
 	if (ferror (fp) != 0) {

lib/getdef.h

@@ -16,7 +16,7 @@ extern int getdef_num (const char *, int);
 extern unsigned long getdef_ulong (const char *, unsigned long);
 extern unsigned int getdef_unum (const char *, unsigned int);
 extern /*@observer@*/ /*@null@*/const char *getdef_str (const char *);
-extern int putdef_str (const char *, const char *);
+extern int putdef_str (const char *, const char *, const char *);
 extern void setdef_config_file (const char* file);
 
 /* default UMASK value if not specified in /etc/login.defs */

lib/getgr_nam_gid.c

@@ -23,7 +23,7 @@
  */
 extern /*@only@*//*@null@*/struct group *getgr_nam_gid (/*@null@*/const char *grname)
 {
-	long long int gid;
+	long long  gid;
 	char *endptr;
 
 	if (NULL == grname) {
@@ -31,10 +31,10 @@ extern /*@only@*//*@null@*/struct group *getgr_nam_gid (/*@null@*/const char *gr
 	}
 
 	errno = 0;
-	gid = strtoll (grname, &endptr, 10);
+	gid = strtoll(grname, &endptr, 10);
 	if (   ('\0' != *grname)
 	    && ('\0' == *endptr)
-	    && (ERANGE != errno)
+	    && (0 == errno)
 	    && (/*@+longintegral@*/gid == (gid_t)gid)/*@=longintegral@*/) {
 		return xgetgrgid (gid);
 	}

lib/getlong.c

@@ -4,33 +4,33 @@
  * SPDX-License-Identifier: BSD-3-Clause
  */
 
+
 #include <config.h>
 
 #ident "$Id$"
 
 #include <stdlib.h>
 #include <errno.h>
+
 #include "prototypes.h"
 
+
 /*
  * getlong - extract a long integer provided by the numstr string in *result
  *
  * It supports decimal, hexadecimal or octal representations.
- *
- * Returns 0 on failure, 1 on success.
  */
-int getlong (const char *numstr, /*@out@*/long int *result)
+int
+getlong(const char *restrict numstr, long *restrict result)
 {
-	long val;
-	char *endptr;
+	char  *endptr;
+	long  val;
 
 	errno = 0;
-	val = strtol (numstr, &endptr, 0);
-	if (('\0' == *numstr) || ('\0' != *endptr) || (ERANGE == errno)) {
-		return 0;
-	}
+	val = strtol(numstr, &endptr, 0);
+	if (('\0' == *numstr) || ('\0' != *endptr) || (0 != errno))
+		return -1;
 
 	*result = val;
-	return 1;
+	return 0;
 }
-

lib/getrange.c

@@ -4,6 +4,7 @@
  * SPDX-License-Identifier: BSD-3-Clause
  */
 
+
 #include <config.h>
 
 #ident "$Id: $"
@@ -11,9 +12,11 @@
 #include <ctype.h>
 #include <stdlib.h>
 
+#include "atoi/strtou_noneg.h"
 #include "defines.h"
 #include "prototypes.h"
 
+
 /*
  * Parse a range and indicate if the range is valid.
  * Valid ranges are in the form:
@@ -21,81 +24,71 @@
  *     -<long>         -> max=long            !has_min  has_max
  *     <long>-         -> min=long             has_min !has_max
  *     <long1>-<long2> -> min=long1 max=long2  has_min  has_max
- *
- * If the range is valid, getrange returns 1.
- * If the range is not valid, getrange returns 0.
  */
-int getrange (const char *range,
-              unsigned long *min, bool *has_min,
-              unsigned long *max, bool *has_max)
+int
+getrange(const char *range,
+         unsigned long *min, bool *has_min,
+         unsigned long *max, bool *has_max)
 {
 	char *endptr;
 	unsigned long n;
 
-	if (NULL == range) {
-		return 0;
-	}
+	if (NULL == range)
+		return -1;
 
 	if ('-' == range[0]) {
-		if (!isdigit(range[1])) {
-			/* invalid */
-			return 0;
-		}
+		if (!isdigit(range[1]))
+			return -1;
+
 		errno = 0;
-		n = strtoul (&range[1], &endptr, 10);
-		if (('\0' != *endptr) || (ERANGE == errno)) {
-			/* invalid */
-			return 0;
-		}
+		n = strtoul_noneg(&range[1], &endptr, 10);
+		if (('\0' != *endptr) || (0 != errno))
+			return -1;
+
 		/* -<long> */
 		*has_min = false;
 		*has_max = true;
 		*max = n;
 	} else {
 		errno = 0;
-		n = strtoul (range, &endptr, 10);
-		if (ERANGE == errno) {
-			/* invalid */
-			return 0;
-		}
+		n = strtoul_noneg(range, &endptr, 10);
+		if (endptr == range || 0 != errno)
+			return -1;
+
 		switch (*endptr) {
-			case '\0':
-				/* <long> */
+		case '\0':
+			/* <long> */
+			*has_min = true;
+			*has_max = true;
+			*min = n;
+			*max = n;
+			break;
+		case '-':
+			endptr++;
+			if ('\0' == *endptr) {
+				/* <long>- */
 				*has_min = true;
-				*has_max = true;
+				*has_max = false;
 				*min = n;
+			} else if (!isdigit (*endptr)) {
+				return -1;
+			} else {
+				*has_min = true;
+				*min = n;
+				errno = 0;
+				n = strtoul_noneg(endptr, &endptr, 10);
+				if ('\0' != *endptr || 0 != errno)
+					return -1;
+
+				/* <long>-<long> */
+				*has_max = true;
 				*max = n;
-				break;
-			case '-':
-				endptr++;
-				if ('\0' == *endptr) {
-					/* <long>- */
-					*has_min = true;
-					*has_max = false;
-					*min = n;
-				} else if (!isdigit (*endptr)) {
-					/* invalid */
-					return 0;
-				} else {
-					*has_min = true;
-					*min = n;
-					errno = 0;
-					n = strtoul (endptr, &endptr, 10);
-					if (   ('\0' != *endptr)
-					    || (ERANGE == errno)) {
-						/* invalid */
-						return 0;
-					}
-					/* <long>-<long> */
-					*has_max = true;
-					*max = n;
-				}
-				break;
-			default:
-				return 0;
+			}
+			break;
+		default:
+			return -1;
 		}
 	}
 
-	return 1;
+	return 0;
 }
-

lib/gettime.c

@@ -11,6 +11,8 @@
 #include <errno.h>
 #include <limits.h>
 #include <stdio.h>
+
+#include "atoi/strtou_noneg.h"
 #include "defines.h"
 #include "prototypes.h"
 #include "shadowlog.h"
@@ -37,9 +39,8 @@
 		return fallback;
 
 	errno = 0;
-	epoch = strtoull (source_date_epoch, &endptr, 10);
-	if ((errno == ERANGE && (epoch == ULLONG_MAX || epoch == 0))
-			|| (errno != 0 && epoch == 0)) {
+	epoch = strtoull_noneg(source_date_epoch, &endptr, 10);
+	if (errno != 0) {
 		fprintf (shadow_logfd,
 			 _("Environment variable $SOURCE_DATE_EPOCH: strtoull: %s\n"),
 			 strerror(errno));

lib/getulong.c

@@ -4,36 +4,34 @@
  * SPDX-License-Identifier: BSD-3-Clause
  */
 
+
 #include <config.h>
 
 #ident "$Id: getlong.c 2763 2009-04-23 09:57:03Z nekral-guest $"
 
 #include <stdlib.h>
 #include <errno.h>
+
+#include "atoi/strtou_noneg.h"
 #include "prototypes.h"
 
+
 /*
  * getulong - extract an unsigned long integer provided by the numstr string in *result
  *
  * It supports decimal, hexadecimal or octal representations.
- *
- * Returns 0 on failure, 1 on success.
  */
-int getulong (const char *numstr, /*@out@*/unsigned long int *result)
+int
+getulong(const char *restrict numstr, unsigned long *restrict result)
 {
-	unsigned long int val;
-	char *endptr;
+	char           *endptr;
+	unsigned long  val;
 
 	errno = 0;
-	val = strtoul (numstr, &endptr, 0);
-	if (    ('\0' == *numstr)
-	     || ('\0' != *endptr)
-	     || (ERANGE == errno)
-	   ) {
-		return 0;
-	}
+	val = strtoul_noneg(numstr, &endptr, 0);
+	if (('\0' == *numstr) || ('\0' != *endptr) || (0 != errno))
+		return -1;
 
 	*result = val;
-	return 1;
+	return 0;
 }
-

lib/groupio.c

@@ -22,6 +22,7 @@
 #include "getdef.h"
 #include "groupio.h"
 
+
 static /*@null@*/struct commonio_entry *merge_group_entries (
 	/*@null@*/ /*@returned@*/struct commonio_entry *gr1,
 	/*@null@*/struct commonio_entry *gr2);
@@ -35,7 +36,8 @@ static /*@null@*/ /*@only@*/void *group_dup (const void *ent)
 	return __gr_dup (gr);
 }
 
-static void group_free (/*@out@*/ /*@only@*/void *ent)
+static void
+group_free(/*@only@*/void *ent)
 {
 	struct group *gr = ent;
 
@@ -210,17 +212,25 @@ void __gr_del_entry (const struct commonio_entry *ent)
 
 static int gr_cmp (const void *p1, const void *p2)
 {
+	const struct commonio_entry *const *ce1;
+	const struct commonio_entry *const *ce2;
+	const struct group *g1, *g2;
 	gid_t u1, u2;
 
-	if ((*(struct commonio_entry **) p1)->eptr == NULL) {
+	ce1 = p1;
+	g1 = (*ce1)->eptr;
+	if (g1 == NULL) {
 		return 1;
 	}
-	if ((*(struct commonio_entry **) p2)->eptr == NULL) {
+
+	ce2 = p2;
+	g2 = (*ce2)->eptr;
+	if (g2 == NULL) {
 		return -1;
 	}
 
-	u1 = ((struct group *) (*(struct commonio_entry **) p1)->eptr)->gr_gid;
-	u2 = ((struct group *) (*(struct commonio_entry **) p2)->eptr)->gr_gid;
+	u1 = g1->gr_gid;
+	u2 = g2->gr_gid;
 
 	if (u1 < u2) {
 		return -1;
@@ -292,12 +302,13 @@ static /*@null@*/struct commonio_entry *merge_group_entries (
 	/*@null@*/ /*@returned@*/struct commonio_entry *gr1,
 	/*@null@*/struct commonio_entry *gr2)
 {
-	struct group *gptr1;
-	struct group *gptr2;
-	char **new_members;
-	size_t members = 0;
-	char *new_line;
-	size_t new_line_len, i;
+	char          *new_line;
+	char          **new_members;
+	size_t        i;
+	size_t        members = 0;
+	struct group  *gptr1;
+	struct group  *gptr2;
+
 	if (NULL == gr2 || NULL == gr1) {
 		errno = EINVAL;
 		return NULL;
@@ -311,12 +322,8 @@ static /*@null@*/struct commonio_entry *merge_group_entries (
 	}
 
 	/* Concatenate the 2 lines */
-	new_line_len = strlen (gr1->line) + strlen (gr2->line) +1;
-	new_line = MALLOC(new_line_len + 1, char);
-	if (NULL == new_line) {
+	if (asprintf(&new_line, "%s\n%s", gr1->line, gr2->line) == -1)
 		return NULL;
-	}
-	snprintf(new_line, new_line_len + 1, "%s\n%s", gr1->line, gr2->line);
 
 	/* Concatenate the 2 list of members */
 	for (i=0; NULL != gptr1->gr_mem[i]; i++);
@@ -335,7 +342,7 @@ static /*@null@*/struct commonio_entry *merge_group_entries (
 	}
 	new_members = CALLOC (members + 1, char *);
 	if (NULL == new_members) {
-		free (new_line);
+		free(new_line);
 		return NULL;
 	}
 	for (i=0; NULL != gptr1->gr_mem[i]; i++) {

lib/groupmem.c

@@ -13,6 +13,7 @@
 #ident "$Id$"
 
 #include "alloc.h"
+#include "memzero.h"
 #include "prototypes.h"
 #include "defines.h"
 #include "groupio.h"
@@ -22,12 +23,11 @@
 	struct group *gr;
 	int i;
 
-	gr = MALLOC(1, struct group);
+	gr = CALLOC(1, struct group);
 	if (NULL == gr) {
 		return NULL;
 	}
 	/* The libc might define other fields. They won't be copied. */
-	memset (gr, 0, sizeof *gr);
 	gr->gr_gid = grent->gr_gid;
 	/*@-mustfreeonly@*/
 	gr->gr_name = strdup (grent->gr_name);
@@ -77,7 +77,8 @@ void gr_free_members (struct group *grent)
 	}
 }
 
-void gr_free (/*@out@*/ /*@only@*/struct group *grent)
+void
+gr_free(/*@only@*/struct group *grent)
 {
 	free (grent->gr_name);
 	if (NULL != grent->gr_passwd) {

lib/hushed.c

@@ -18,6 +18,9 @@
 #include "defines.h"
 #include "prototypes.h"
 #include "getdef.h"
+#include "string/sprintf.h"
+
+
 /*
  * hushed - determine if a user receives login messages
  *
@@ -26,11 +29,11 @@
  */
 bool hushed (const char *username)
 {
-	struct passwd *pw;
-	const char *hushfile;
-	char buf[BUFSIZ];
-	bool found;
-	FILE *fp;
+	bool           found;
+	char           buf[BUFSIZ];
+	FILE           *fp;
+	const char     *hushfile;
+	struct passwd  *pw;
 
 	/*
 	 * Get the name of the file to use.  If this option is not
@@ -53,7 +56,7 @@ bool hushed (const char *username)
 	 */
 
 	if (hushfile[0] != '/') {
-		(void) snprintf (buf, sizeof (buf), "%s/%s", pw->pw_dir, hushfile);
+		SNPRINTF(buf, "%s/%s", pw->pw_dir, hushfile);
 		return (access (buf, F_OK) == 0);
 	}
 

lib/idmapping.c

@@ -11,16 +11,18 @@
 #include <limits.h>
 #include <stdlib.h>
 #include <stdio.h>
+#include <strings.h>
 
 #include "alloc.h"
 #include "prototypes.h"
-#include "stpeprintf.h"
+#include "string/stpeprintf.h"
 #include "idmapping.h"
 #if HAVE_SYS_CAPABILITY_H
 #include <sys/prctl.h>
 #include <sys/capability.h>
 #endif
 #include "shadowlog.h"
+#include "sizeof.h"
 
 struct map_range *get_map_ranges(int ranges, int argc, char **argv)
 {
@@ -56,15 +58,15 @@ struct map_range *get_map_ranges(int ranges, int argc, char **argv)
 	/* Gather up the ranges from the command line */
 	mapping = mappings;
 	for (idx = 0, argidx = 0; idx < ranges; idx++, argidx += 3, mapping++) {
-		if (!getulong(argv[argidx + 0], &mapping->upper)) {
+		if (getulong(argv[argidx + 0], &mapping->upper) == -1) {
 			free(mappings);
 			return NULL;
 		}
-		if (!getulong(argv[argidx + 1], &mapping->lower)) {
+		if (getulong(argv[argidx + 1], &mapping->lower) == -1) {
 			free(mappings);
 			return NULL;
 		}
-		if (!getulong(argv[argidx + 2], &mapping->count)) {
+		if (getulong(argv[argidx + 2], &mapping->count) == -1) {
 			free(mappings);
 			return NULL;
 		}
@@ -175,7 +177,7 @@ void write_mapping(int proc_dir_fd, int ranges, const struct map_range *mappings
 	}
 
 	/* Lockdown new{g,u}idmap by dropping all unneeded capabilities. */
-	memset(data, 0, sizeof(data));
+	bzero(data, sizeof(data));
 	data[0].effective = CAP_TO_MASK(cap);
 	/*
 	 * When uid 0 from the ancestor userns is supposed to be mapped into
@@ -190,7 +192,7 @@ void write_mapping(int proc_dir_fd, int ranges, const struct map_range *mappings
 	}
 #endif
 
-	bufsize = ranges * ((ULONG_DIGITS + 1) * 3);
+	bufsize = (ULONG_DIGITS + 1) * 3 * ranges + 1;
 	pos = buf = XMALLOC(bufsize, char);
 	end = buf + bufsize;
 
@@ -215,11 +217,15 @@ void write_mapping(int proc_dir_fd, int ranges, const struct map_range *mappings
 			log_get_progname(), map_file, strerror(errno));
 		exit(EXIT_FAILURE);
 	}
-	if (write_full(fd, buf, pos - buf) != (pos - buf)) {
+	if (write_full(fd, buf, pos - buf) == -1) {
 		fprintf(log_get_logfd(), _("%s: write to %s failed: %s\n"),
 			log_get_progname(), map_file, strerror(errno));
 		exit(EXIT_FAILURE);
 	}
-	close(fd);
+	if (close(fd) != 0 && errno != EINTR) {
+		fprintf(log_get_logfd(), _("%s: closing %s failed: %s\n"),
+			log_get_progname(), map_file, strerror(errno));
+		exit(EXIT_FAILURE);
+	}
 	free(buf);
 }

lib/isexpired.c

@@ -15,11 +15,13 @@
 #include <config.h>
 
 #include <sys/types.h>
-#include "prototypes.h"
-#include "defines.h"
 #include <pwd.h>
 #include <time.h>
 
+#include "adds.h"
+#include "defines.h"
+#include "prototypes.h"
+
 #ident "$Id$"
 
 
@@ -38,9 +40,9 @@
  */
 int isexpired (const struct passwd *pw, /*@null@*/const struct spwd *sp)
 {
-	long now;
+	long  now;
 
-	now = time(NULL) / SCALE;
+	now = time(NULL) / DAY;
 
 	if (NULL == sp) {
 		return 0;
@@ -72,7 +74,8 @@ int isexpired (const struct passwd *pw, /*@null@*/const struct spwd *sp)
 	if (   (sp->sp_lstchg > 0)
 	    && (sp->sp_max >= 0)
 	    && (sp->sp_inact >= 0)
-	    && (now >= (sp->sp_lstchg + sp->sp_max + sp->sp_inact))) {
+	    && (now >= addsl(sp->sp_lstchg, sp->sp_max, sp->sp_inact)))
+	{
 		return 2;
 	}
 
@@ -84,7 +87,7 @@ int isexpired (const struct passwd *pw, /*@null@*/const struct spwd *sp)
 
 	if (   (-1 == sp->sp_lstchg)
 	    || (-1 == sp->sp_max)
-	    || (sp->sp_max >= ((10000L * DAY) / SCALE))) {
+	    || (sp->sp_max >= 10000)) {
 		return 0;
 	}
 
@@ -94,9 +97,9 @@ int isexpired (const struct passwd *pw, /*@null@*/const struct spwd *sp)
 	 * the password has expired.
 	 */
 
-	if (now >= (sp->sp_lstchg + sp->sp_max)) {
+	if (now >= addsl(sp->sp_lstchg, sp->sp_max))
 		return 1;
-	}
+
 	return 0;
 }
 

lib/limits.c

@@ -29,6 +29,7 @@
 #include "getdef.h"
 #include "shadowlog.h"
 #include <sys/resource.h>
+#include "memzero.h"
 #ifndef LIMITS_FILE
 #define LIMITS_FILE "/etc/limits"
 #endif
@@ -44,8 +45,10 @@ static int setrlimit_value (unsigned int resource,
                             const char *value,
                             unsigned int multiplier)
 {
-	struct rlimit rlim;
-	rlim_t limit;
+	char           *endptr;
+	long           l;
+	rlim_t         limit;
+	struct rlimit  rlim;
 
 	/* The "-" is special, not belonging to a strange negative limit.
 	 * It is infinity, in a controlled way.
@@ -59,18 +62,13 @@ static int setrlimit_value (unsigned int resource,
 		 * Also, we are limited to base 10 here (hex numbers will not
 		 * work with the limit string parser as is anyway)
 		 */
-		char *endptr;
-		long longlimit = strtol (value, &endptr, 10);
-		if ((0 == longlimit) && (value == endptr)) {
-			/* No argument at all. No-op.
-			 * FIXME: We could instead throw an error, though.
-			 */
-			return 0;
-		}
-		longlimit *= multiplier;
-		limit = longlimit;
-		if (longlimit != limit)
-		{
+		errno = 0;
+		l = strtol(value, &endptr, 10);
+
+		if (value == endptr || errno != 0)
+			return 0;  // FIXME: We could instead throw an error, though.
+
+		if (__builtin_mul_overflow(l, multiplier, &limit)) {
 			/* FIXME: Again, silent error handling...
 			 * Wouldn't screaming make more sense?
 			 */
@@ -91,7 +89,7 @@ static int set_prio (const char *value)
 {
 	long prio;
 
-	if (   (getlong (value, &prio) == 0)
+	if (   (getlong(value, &prio) == -1)
 	    || (prio != (int) prio)) {
 		return 0;
 	}
@@ -104,9 +102,9 @@ static int set_prio (const char *value)
 
 static int set_umask (const char *value)
 {
-	unsigned long int mask;
+	unsigned long  mask;
 
-	if (   (getulong (value, &mask) == 0)
+	if (   (getulong(value, &mask) == -1)
 	    || (mask != (mode_t) mask)) {
 		return 0;
 	}
@@ -121,7 +119,7 @@ static int check_logins (const char *name, const char *maxlogins)
 {
 	unsigned long limit, count;
 
-	if (getulong (maxlogins, &limit) == 0) {
+	if (getulong(maxlogins, &limit) == -1) {
 		return 0;
 	}
 
@@ -356,11 +354,11 @@ static int setup_user_limits (const char *uname)
 	char tempbuf[1024];
 
 	/* init things */
-	memzero (buf, sizeof (buf));
-	memzero (name, sizeof (name));
-	memzero (limits, sizeof (limits));
-	memzero (deflimits, sizeof (deflimits));
-	memzero (tempbuf, sizeof (tempbuf));
+	MEMZERO(buf);
+	MEMZERO(name);
+	MEMZERO(limits);
+	MEMZERO(deflimits);
+	MEMZERO(tempbuf);
 
 	/* start the checks */
 	fil = fopen (LIMITS_FILE, "r");
@@ -377,7 +375,7 @@ static int setup_user_limits (const char *uname)
 		if (('#' == buf[0]) || ('\n' == buf[0])) {
 			continue;
 		}
-		memzero (tempbuf, sizeof (tempbuf));
+		MEMZERO(tempbuf);
 		/* a valid line should have a username, then spaces,
 		 * then limits
 		 * we allow the format:
@@ -482,8 +480,9 @@ void setup_limits (const struct passwd *info)
 			}
 
 			if (strncmp (cp, "pri=", 4) == 0) {
-				long int inc;
-				if (   (getlong (cp + 4, &inc) == 1)
+				long  inc;
+
+				if (   (getlong(cp + 4, &inc) == 0)
 				    && (inc >= -20) && (inc <= 20)) {
 					errno = 0;
 					if (   (nice (inc) != -1)
@@ -500,8 +499,8 @@ void setup_limits (const struct passwd *info)
 				continue;
 			}
 			if (strncmp (cp, "ulimit=", 7) == 0) {
-				long int blocks;
-				if (   (getlong (cp + 7, &blocks) == 0)
+				long  blocks;
+				if (   (getlong(cp + 7, &blocks) == -1)
 				    || (blocks != (int) blocks)
 				    || (set_filesize_limit (blocks) != 0)) {
 					SYSLOG ((LOG_WARN,
@@ -511,8 +510,9 @@ void setup_limits (const struct passwd *info)
 				continue;
 			}
 			if (strncmp (cp, "umask=", 6) == 0) {
-				unsigned long int mask;
-				if (   (getulong (cp + 6, &mask) == 0)
+				unsigned long  mask;
+
+				if (   (getulong(cp + 6, &mask) == -1)
 				    || (mask != (mode_t) mask)) {
 					SYSLOG ((LOG_WARN,
 					         "Can't set umask value for user %s",

lib/list.c

@@ -22,7 +22,8 @@
  *	name, and if not present it is added to a freshly allocated
  *	list of users.
  */
-/*@only@*/ /*@out@*/char **add_list (/*@returned@*/ /*@only@*/char **list, const char *member)
+/*@only@*/char **
+add_list(/*@returned@*/ /*@only@*/char **list, const char *member)
 {
 	int i;
 	char **tmp;
@@ -72,7 +73,8 @@
  *	list of users.
  */
 
-/*@only@*/ /*@out@*/char **del_list (/*@returned@*/ /*@only@*/char **list, const char *member)
+/*@only@*/char **
+del_list(/*@returned@*/ /*@only@*/char **list, const char *member)
 {
 	int i, j;
 	char **tmp;
@@ -126,7 +128,8 @@
  * function with list of members, the list elements are not enforced to be
  * constant strings here.
  */
-/*@only@*/ /*@out@*/char **dup_list (char *const *list)
+/*@only@*/char **
+dup_list(char *const *list)
 {
 	int i;
 	char **tmp;

lib/log.c

@@ -17,14 +17,18 @@
 #include <time.h>
 #include "defines.h"
 #include <lastlog.h>
+#include "memzero.h"
 #include "prototypes.h"
+#include "string/strncpy.h"
+#include "string/strtcpy.h"
+
 
 /*
  * dolastlog - create lastlog entry
  *
  *	A "last login" entry is created for the user being logged in.  The
  *	UID is extracted from the global (struct passwd) entry and the
- *	TTY information is gotten from the (struct utmp).
+ *	TTY information is gotten from the (struct utmpx).
  */
 void dolastlog (
 	struct lastlog *ll,
@@ -77,17 +81,29 @@ void dolastlog (
 	ll_time = newlog.ll_time;
 	(void) time (&ll_time);
 	newlog.ll_time = ll_time;
-	strncpy (newlog.ll_line, line, sizeof (newlog.ll_line) - 1);
+	STRTCPY(newlog.ll_line, line);
 #if HAVE_LL_HOST
-	strncpy (newlog.ll_host, host, sizeof (newlog.ll_host) - 1);
+	STRNCPY(newlog.ll_host, host);
 #endif
 	if (   (lseek (fd, offset, SEEK_SET) != offset)
-	    || (write_full (fd, &newlog, sizeof newlog) != (ssize_t) sizeof newlog)
-	    || (close (fd) != 0)) {
-		SYSLOG ((LOG_WARN,
-		         "Can't write lastlog entry for UID %lu in %s.",
-		         (unsigned long) pw->pw_uid, LASTLOG_FILE));
-		(void) close (fd);
+	    || (write_full(fd, &newlog, sizeof newlog) == -1)) {
+		goto err_write;
 	}
-}
 
+	if (close (fd) != 0 && errno != EINTR) {
+		goto err_close;
+	}
+
+	return;
+
+err_write:
+	{
+		int saved_errno = errno;
+		(void) close (fd);
+		errno = saved_errno;
+	}
+err_close:
+	SYSLOG ((LOG_WARN,
+	         "Can't write lastlog entry for UID %lu in %s: %m",
+	         (unsigned long) pw->pw_uid, LASTLOG_FILE));
+}

lib/logind.c

@@ -8,6 +8,7 @@
 
 #ident "$Id$"
 
+#include "attr.h"
 #include "defines.h"
 #include "prototypes.h"
 
@@ -35,7 +36,7 @@ done:
     return ret;
 }
 
-unsigned long active_sessions_count(const char *name, unsigned long unused)
+unsigned long active_sessions_count(const char *name, MAYBE_UNUSED unsigned long limit)
 {
     struct passwd *pw;
     unsigned long count = 0;

lib/loginprompt.c

@@ -16,11 +16,13 @@
 #include <signal.h>
 
 #include "alloc.h"
+#include "attr.h"
+#include "memzero.h"
 #include "prototypes.h"
 #include "defines.h"
 #include "getdef.h"
 
-static void login_exit (unused int sig)
+static void login_exit (MAYBE_UNUSED int sig)
 {
 	_exit (EXIT_FAILURE);
 }
@@ -36,8 +38,6 @@ void login_prompt (char *name, int namesize)
 {
 	char buf[1024];
 
-#define MAX_ENV 32
-	char *envp[MAX_ENV];
 	char *cp;
 	int i;
 	FILE *fp;
@@ -79,7 +79,7 @@ void login_prompt (char *name, int namesize)
 	 * removed.
 	 */
 
-	memzero (buf, sizeof buf);
+	MEMZERO(buf);
 	if (fgets (buf, sizeof buf, stdin) != buf) {
 		exit (EXIT_FAILURE);
 	}

lib/mail.c

@@ -17,6 +17,7 @@
 
 #include "alloc.h"
 #include "getdef.h"
+#include "string/sprintf.h"
 
 #ident "$Id$"
 
@@ -35,22 +36,18 @@ void mailcheck (void)
 	 */
 	mailbox = getenv ("MAILDIR");
 	if (NULL != mailbox) {
-		char *newmail;
-		size_t len = strlen (mailbox) + 5;
-		int wlen;
+		char  *newmail;
 
-		newmail = XMALLOC(len, char);
-		wlen = snprintf (newmail, len, "%s/new", mailbox);
-		assert (wlen == (int) len - 1);
+		xasprintf(&newmail, "%s/new", mailbox);
 
 		if (stat (newmail, &statbuf) != -1 && statbuf.st_size != 0) {
 			if (statbuf.st_mtime > statbuf.st_atime) {
-				free (newmail);
+				free(newmail);
 				(void) puts (_("You have new mail."));
 				return;
 			}
 		}
-		free (newmail);
+		free(newmail);
 	}
 
 	mailbox = getenv ("MAIL");

lib/mempcpy.c

@@ -1,23 +0,0 @@
-/*
- * SPDX-FileCopyrightText:  2023, Alejandro Colomar <alx@kernel.org>
- *
- * SPDX-License-Identifier:  BSD-3-Clause
- */
-
-
-#include <config.h>
-
-#if !defined(HAVE_MEMPCPY)
-
-#ident "$Id$"
-
-#include "mempcpy.h"
-
-#include <stddef.h>
-
-
-extern inline void *mempcpy(void *restrict dst, const void *restrict src,
-    size_t n);
-
-
-#endif

lib/mempcpy.h

@@ -1,31 +0,0 @@
-/*
- * SPDX-FileCopyrightText:  2023, Alejandro Colomar <alx@kernel.org>
- *
- * SPDX-License-Identifier:  BSD-3-Clause
- */
-
-
-#ifndef SHADOW_INCLUDE_LIB_MEMPCPY_H_
-#define SHADOW_INCLUDE_LIB_MEMPCPY_H_
-
-
-#include <config.h>
-
-#if !defined(HAVE_MEMPCPY)
-
-#include <stddef.h>
-#include <string.h>
-
-
-inline void *mempcpy(void *restrict dst, const void *restrict src, size_t n);
-
-
-inline void *
-mempcpy(void *restrict dst, const void *restrict src, size_t n)
-{
-	return memcpy(dst, src, n) + n;
-}
-
-
-#endif  // !HAVE_MEMPCPY
-#endif  // include guard

lib/memzero.c

@@ -0,0 +1,17 @@
+/*
+ * SPDX-FileCopyrightText: 2023, Alejandro Colomar <alx@kernel.org>
+ * SPDX-License-Identifier: BSD-3-Clause
+ */
+
+
+#include <config.h>
+
+#ident "$Id$"
+
+#include <stddef.h>
+
+#include "memzero.h"
+
+
+extern inline void memzero(void *ptr, size_t size);
+extern inline void strzero(char *s);

lib/memzero.h

@@ -0,0 +1,49 @@
+/*
+ * SPDX-FileCopyrightText: 2022-2023, Christian Göttsche <cgzones@googlemail.com>
+ * SPDX-FileCopyrightText: 2023, Alejandro Colomar <alx@kernel.org>
+ * SPDX-License-Identifier: BSD-3-Clause
+ */
+
+
+#ifndef SHADOW_INCLUDE_LIBMISC_MEMZERO_H_
+#define SHADOW_INCLUDE_LIBMISC_MEMZERO_H_
+
+
+#include <config.h>
+
+#include <stddef.h>
+#include <string.h>
+#include <strings.h>
+
+#include "sizeof.h"
+
+
+#define MEMZERO(arr)  memzero(arr, SIZEOF_ARRAY(arr))
+
+
+inline void memzero(void *ptr, size_t size);
+inline void strzero(char *s);
+
+
+inline void
+memzero(void *ptr, size_t size)
+{
+#if defined(HAVE_MEMSET_EXPLICIT)
+	memset_explicit(ptr, 0, size);
+#elif defined(HAVE_EXPLICIT_BZERO)
+	explicit_bzero(ptr, size);
+#else
+	bzero(ptr, size);
+	__asm__ __volatile__ ("" : : "r"(ptr) : "memory");
+#endif
+}
+
+
+inline void
+strzero(char *s)
+{
+	memzero(s, strlen(s));
+}
+
+
+#endif  // include guard

lib/must_be.h

@@ -0,0 +1,99 @@
+/*
+ * SPDX-FileCopyrightText: 2019-2023, Alejandro Colomar <alx@kernel.org>
+ * SPDX-License-Identifier: BSD-3-Clause
+ */
+
+
+#ifndef SHADOW_INCLUDE_LIBMISC_MUST_BE_H_
+#define SHADOW_INCLUDE_LIBMISC_MUST_BE_H_
+
+
+#include <config.h>
+
+#include <assert.h>
+
+
+/*
+ * SYNOPSIS
+ *	int must_be(bool e);
+ *
+ * ARGUMENTS
+ *	e	Expression to be asserted.
+ *
+ * DESCRIPTION
+ *	This macro fails compilation if 'e' is false.  If 'e' is true,
+ *	it returns (int) 0, so it doesn't affect the expression in which
+ *	it is contained.
+ *
+ *	This macro is similar to static_assert(3).  While
+ *	static_assert(3) can only be used where a statement is allowed,
+ *	this must_be() macro can be used wherever an expression is
+ *	allowed.
+ *
+ * RETURN VALUE
+ *	0
+ *
+ * ERRORS
+ *	If 'e' is false, the compilation will fail, as when using
+ *	static_assert(3).
+ *
+ * EXAMPLES
+ *	#define must_be_array(a)  must_be(is_array(a))
+ *
+ *	#define NITEMS(a)  (sizeof(a) / sizeof(*(a)) + must_be_array(a))
+ *
+ *	int foo[42];
+ *	int bar[NITEMS(foo)];
+ */
+
+
+#define must_be(e)                                                            \
+(                                                                             \
+	0 * (int) sizeof(                                                     \
+		struct {                                                      \
+			static_assert(e, "");                                 \
+			int ISO_C_forbids_a_struct_with_no_members_;          \
+		}                                                             \
+	)                                                                     \
+)
+
+
+/*
+ * SYNOPSIS
+ *	int must_be_array(a);
+ *
+ * ARGUMENTS
+ *	a	Array.
+ *
+ * DESCRIPTION
+ *	This macro fails compilation if 'a' is not an array.  It is
+ *	useful in macros that accept an array as a parameter, where this
+ *	macro can validate the macro argument.  It prevent passing a
+ *	pointer to such macros, which would otherwise produce silent
+ *	bugs.
+ *
+ * RETURN VALUE
+ *	0
+ *
+ * ERRORS
+ *	If 'a' is not an array, the compilation will fail.
+ *
+ * EXAMPLES
+ *	int a[10];
+ *	int *p;
+ *
+ *	must_be_array(a);  // Ok
+ *	must_be_array(p);  // Compile-time error
+ *
+ * SEE ALSO
+ *	must_be()
+ */
+
+
+#define is_same_type(a, b)    __builtin_types_compatible_p(a, b)
+#define is_same_typeof(a, b)  is_same_type(typeof(a), typeof(b))
+#define is_array(a)           (!is_same_typeof((a), &(a)[0]))
+#define must_be_array(a)      must_be(is_array(a))
+
+
+#endif  // include guard

lib/nss.c

@@ -1,3 +1,5 @@
+#include <config.h>
+
 #include <stdio.h>
 #include <stdlib.h>
 #include <dlfcn.h>
@@ -12,6 +14,8 @@
 #include "../libsubid/subid.h"
 #include "shadowlog_internal.h"
 #include "shadowlog.h"
+#include "string/sprintf.h"
+
 
 #define NSSWITCH "/etc/nsswitch.conf"
 
@@ -42,12 +46,12 @@ static void nss_exit(void) {
 
 // nsswitch_path is an argument only to support testing.
 void nss_init(const char *nsswitch_path) {
-	FILE *nssfp = NULL;
-	char *line = NULL, *p, *token, *saveptr;
-	size_t len = 0;
-	FILE *shadow_logfd = log_get_logfd();
-	char libname[65];
-	void *h;
+	char    *line = NULL, *p, *token, *saveptr;
+	char    libname[64];
+	FILE    *nssfp = NULL;
+	FILE    *shadow_logfd = log_get_logfd();
+	void    *h;
+	size_t  len = 0;
 
 	if (atomic_flag_test_and_set(&nss_init_started)) {
 		// Another thread has started nss_init, wait for it to complete
@@ -101,7 +105,7 @@ void nss_init(const char *nsswitch_path) {
 		fprintf(shadow_logfd, "Using files\n");
 		goto null_subid;
 	}
-	snprintf(libname, 64,  "libsubid_%s.so", token);
+	SNPRINTF(libname, "libsubid_%s.so", token);
 	h = dlopen(libname, RTLD_LAZY);
 	if (!h) {
 		fprintf(shadow_logfd, "Error opening %s: %s\n", libname, dlerror());

lib/obscure.c

@@ -12,15 +12,12 @@
 #ident "$Id$"
 
 
-/*
- * This version of obscure.c contains modifications to support "cracklib"
- * by Alec Muffet (alec.muffett@uk.sun.com).  You must obtain the Cracklib
- * library source code for this function to operate.
- */
 #include <ctype.h>
 #include <stdio.h>
 
 #include "alloc.h"
+#include "attr.h"
+#include "memzero.h"
 #include "prototypes.h"
 #include "defines.h"
 #include "getdef.h"
@@ -32,7 +29,7 @@
 /*
  * can't be a palindrome - like `R A D A R' or `M A D A M'
  */
-static bool palindrome (unused const char *old, const char *new)
+static bool palindrome (MAYBE_UNUSED const char *old, const char *new)
 {
 	size_t i, j;
 
@@ -91,21 +88,11 @@ static char *str_lower (/*@returned@*/char *string)
 static /*@observer@*//*@null@*/const char *password_check (
 	/*@notnull@*/const char *old,
 	/*@notnull@*/const char *new,
-	/*@notnull@*/const struct passwd *pwdp)
+	/*@notnull@*/MAYBE_UNUSED const struct passwd *pwdp)
 {
 	const char *msg = NULL;
 	char *oldmono, *newmono, *wrapped;
 
-#ifdef HAVE_LIBCRACK
-	char *dictpath;
-
-#ifdef HAVE_LIBCRACK_PW
-	char *FascistCheckPw ();
-#else
-	char *FascistCheck ();
-#endif
-#endif
-
 	if (strcmp (new, old) == 0) {
 		return _("no change");
 	}
@@ -124,21 +111,6 @@ static /*@observer@*//*@null@*/const char *password_check (
 		msg = _("too similar");
 	} else if (strstr (wrapped, newmono) != NULL) {
 		msg = _("rotated");
-	} else {
-#ifdef HAVE_LIBCRACK
-		/*
-		 * Invoke Alec Muffett's cracklib routines.
-		 */
-
-		dictpath = getdef_str ("CRACKLIB_DICTPATH");
-		if (NULL != dictpath) {
-#ifdef HAVE_LIBCRACK_PW
-			msg = FascistCheckPw (new, dictpath, pwdp);
-#else
-			msg = FascistCheck (new, dictpath);
-#endif
-		}
-#endif
 	}
 	strzero (newmono);
 	strzero (oldmono);

lib/pam_pass_non_interactive.c

@@ -13,9 +13,12 @@
 #include <string.h>
 #include <stdio.h>
 #include <stdlib.h>
+#include <strings.h>
+
 #include <security/pam_appl.h>
 
 #include "alloc.h"
+#include "attr.h"
 #include "prototypes.h"
 #include "shadowlog.h"
 
@@ -23,7 +26,7 @@
 static int ni_conv (int num_msg,
                     const struct pam_message **msg,
                     struct pam_response **resp,
-                    unused void *appdata_ptr);
+                    MAYBE_UNUSED void *appdata_ptr);
 static const struct pam_conv non_interactive_pam_conv = {
 	ni_conv,
 	NULL
@@ -34,7 +37,7 @@ static const struct pam_conv non_interactive_pam_conv = {
 static int ni_conv (int num_msg,
                     const struct pam_message **msg,
                     struct pam_response **resp,
-                    unused void *appdata_ptr)
+                    MAYBE_UNUSED void *appdata_ptr)
 {
 	struct pam_response *responses;
 	int count;
@@ -94,8 +97,8 @@ static int ni_conv (int num_msg,
 failed_conversation:
 	for (count=0; count < num_msg; count++) {
 		if (NULL != responses[count].resp) {
-			memset (responses[count].resp, 0,
-			        strlen (responses[count].resp));
+			bzero(responses[count].resp,
+			      strlen(responses[count].resp));
 			free (responses[count].resp);
 			responses[count].resp = NULL;
 		}

lib/prefix_flag.c

@@ -28,6 +28,8 @@
 #endif				/* ENABLE_SUBIDS */
 #include "getdef.h"
 #include "shadowlog.h"
+#include "string/sprintf.h"
+
 
 static char *passwd_db_file = NULL;
 static char *spw_db_file = NULL;
@@ -104,50 +106,36 @@ extern const char* process_prefix_flag (const char* short_opt, int argc, char **
 				 log_get_progname());
 			exit (E_BAD_ARG);
 		}
-		size_t len;
-		len = strlen(prefix) + strlen(PASSWD_FILE) + 2;
-		passwd_db_file = XMALLOC(len, char);
-		snprintf(passwd_db_file, len, "%s/%s", prefix, PASSWD_FILE);
+
+		xasprintf(&passwd_db_file, "%s/%s", prefix, PASSWD_FILE);
 		pw_setdbname(passwd_db_file);
 
-		len = strlen(prefix) + strlen(GROUP_FILE) + 2;
-		group_db_file = XMALLOC(len, char);
-		snprintf(group_db_file, len, "%s/%s", prefix, GROUP_FILE);
+		xasprintf(&group_db_file, "%s/%s", prefix, GROUP_FILE);
 		gr_setdbname(group_db_file);
 
 #ifdef  SHADOWGRP
-		len = strlen(prefix) + strlen(SGROUP_FILE) + 2;
-		sgroup_db_file = XMALLOC(len, char);
-		snprintf(sgroup_db_file, len, "%s/%s", prefix, SGROUP_FILE);
+		xasprintf(&sgroup_db_file, "%s/%s", prefix, SGROUP_FILE);
 		sgr_setdbname(sgroup_db_file);
 #endif
 #ifdef	USE_NIS
 		__setspNIS(0); /* disable NIS for now, at least until it is properly supporting a "prefix" */
 #endif
 
-		len = strlen(prefix) + strlen(SHADOW_FILE) + 2;
-		spw_db_file = XMALLOC(len, char);
-		snprintf(spw_db_file, len, "%s/%s", prefix, SHADOW_FILE);
+		xasprintf(&spw_db_file, "%s/%s", prefix, SHADOW_FILE);
 		spw_setdbname(spw_db_file);
 
 #ifdef ENABLE_SUBIDS
-		len = strlen(prefix) + strlen("/etc/subuid") + 2;
-		suid_db_file = XMALLOC(len, char);
-		snprintf(suid_db_file, len, "%s/%s", prefix, "/etc/subuid");
+		xasprintf(&suid_db_file, "%s/%s", prefix, SUBUID_FILE);
 		sub_uid_setdbname(suid_db_file);
 
-		len = strlen(prefix) + strlen("/etc/subgid") + 2;
-		sgid_db_file = XMALLOC(len, char);
-		snprintf(sgid_db_file, len, "%s/%s", prefix, "/etc/subgid");
+		xasprintf(&sgid_db_file, "%s/%s", prefix, SUBGID_FILE);
 		sub_gid_setdbname(sgid_db_file);
 #endif
 
 #ifdef USE_ECONF
 		setdef_config_file(prefix);
 #else
-		len = strlen(prefix) + strlen("/etc/login.defs") + 2;
-		def_conf_file = XMALLOC(len, char);
-		snprintf(def_conf_file, len, "%s/%s", prefix, "/etc/login.defs");
+		xasprintf(&def_conf_file, "%s/%s", prefix, "/etc/login.defs");
 		setdef_config_file(def_conf_file);
 #endif
 	}
@@ -349,7 +337,7 @@ extern void prefix_endgrent(void)
 
 extern struct group *prefix_getgr_nam_gid(const char *grname)
 {
-	long long int gid;
+	long long  gid;
 	char *endptr;
 	struct group *g;
 
@@ -357,18 +345,19 @@ extern struct group *prefix_getgr_nam_gid(const char *grname)
 		return NULL;
 	}
 
-	if (group_db_file) {
-		errno = 0;
-		gid = strtoll (grname, &endptr, 10);
-		if (   ('\0' != *grname)
-	    	&& ('\0' == *endptr)
-	    	&& (ERANGE != errno)
-	    	&& (gid == (gid_t)gid)) {
-			return prefix_getgrgid (gid);
-		}
-		g = prefix_getgrnam (grname);
-		return g ? __gr_dup(g) : NULL;
-	}
-	else
+	if (!group_db_file)
 		return getgr_nam_gid(grname);
+
+	errno = 0;
+	gid = strtoll(grname, &endptr, 10);
+	if (   ('\0' != *grname)
+	    && ('\0' == *endptr)
+	    && (0 == errno)
+	    && (gid == (gid_t)gid))
+	{
+		return prefix_getgrgid(gid);
+	}
+
+	g = prefix_getgrnam(grname);
+	return g ? __gr_dup(g) : NULL;
 }

lib/prototypes.h

@@ -31,6 +31,7 @@
 #include <lastlog.h>
 #endif /* ENABLE_LASTLOG */
 
+#include "attr.h"
 #include "defines.h"
 #include "commonio.h"
 
@@ -43,11 +44,6 @@ extern int add_groups (const char *);
 extern void agecheck (/*@null@*/const struct spwd *);
 extern int expire (const struct passwd *, /*@null@*/const struct spwd *);
 
-/* agetpass.c */
-extern void erase_pass(char *pass);
-ATTR_MALLOC(erase_pass)
-extern char *agetpass(const char *prompt);
-
 /* isexpired.c */
 extern int isexpired (const struct passwd *, /*@null@*/const struct spwd *);
 
@@ -96,11 +92,11 @@ void cleanup_report_del_group_gshadow (void *group_name);
 void cleanup_report_mod_passwd (void *cleanup_info);
 void cleanup_report_mod_group (void *cleanup_info);
 void cleanup_report_mod_gshadow (void *cleanup_info);
-void cleanup_unlock_group (/*@null@*/void *unused);
+void cleanup_unlock_group (/*@null@*/void *MAYBE_UNUSED);
 #ifdef SHADOWGRP
-void cleanup_unlock_gshadow (/*@null@*/void *unused);
+void cleanup_unlock_gshadow (/*@null@*/void *MAYBE_UNUSED);
 #endif
-void cleanup_unlock_passwd (/*@null@*/void *unused);
+void cleanup_unlock_passwd (/*@null@*/void *MAYBE_UNUSED);
 
 /* console.c */
 extern bool console (const char *);
@@ -118,9 +114,6 @@ extern void date_to_str (size_t size, char buf[size], long date);
 /* encrypt.c */
 extern /*@exposed@*//*@null@*/char *pw_encrypt (const char *, const char *);
 
-/* entry.c */
-extern void pw_entry (const char *, struct passwd *);
-
 /* env.c */
 extern void addenv (const char *, /*@null@*/const char *);
 extern void initenv (void);
@@ -157,7 +150,8 @@ extern int get_gid (const char *gidstr, gid_t *gid);
 extern /*@only@*//*@null@*/struct group *getgr_nam_gid (/*@null@*/const char *grname);
 
 /* getlong.c */
-extern int getlong (const char *numstr, /*@out@*/long int *result);
+ATTR_ACCESS(write_only, 2)
+extern int getlong(const char *restrict numstr, long *restrict result);
 
 /* get_pid.c */
 extern int get_pid (const char *pidstr, pid_t *pid);
@@ -176,10 +170,12 @@ extern time_t gettime (void);
 extern int get_uid (const char *uidstr, uid_t *uid);
 
 /* getulong.c */
-extern int getulong (const char *numstr, /*@out@*/unsigned long int *result);
+ATTR_ACCESS(write_only, 2)
+extern int getulong(const char *restrict numstr, unsigned long *restrict result);
 
 /* fputsx.c */
-extern /*@null@*/char *fgetsx (/*@returned@*/ /*@out@*/char *, int, FILE *);
+ATTR_ACCESS(write_only, 1, 2)
+extern /*@null@*/char *fgetsx(/*@returned@*/char *restrict, int, FILE *restrict);
 extern int fputsx (const char *, FILE *);
 
 /* groupio.c */
@@ -191,7 +187,7 @@ extern void __gr_set_changed (void);
 /* groupmem.c */
 extern /*@null@*/ /*@only@*/struct group *__gr_dup (const struct group *grent);
 extern void gr_free_members (struct group *grent);
-extern void gr_free (/*@out@*/ /*@only@*/struct group *grent);
+extern void gr_free(/*@only@*/struct group *grent);
 
 /* hushed.c */
 extern bool hushed (const char *username);
@@ -217,9 +213,9 @@ extern void setup_limits (const struct passwd *);
 #endif
 
 /* list.c */
-extern /*@only@*/ /*@out@*/char **add_list (/*@returned@*/ /*@only@*/char **, const char *);
-extern /*@only@*/ /*@out@*/char **del_list (/*@returned@*/ /*@only@*/char **, const char *);
-extern /*@only@*/ /*@out@*/char **dup_list (char *const *);
+extern /*@only@*/char **add_list (/*@returned@*/ /*@only@*/char **, const char *);
+extern /*@only@*/char **del_list (/*@returned@*/ /*@only@*/char **, const char *);
+extern /*@only@*/char **dup_list (char *const *);
 extern bool is_on_list (char *const *list, const char *member);
 extern /*@only@*/char **comma_to_list (const char *);
 
@@ -358,7 +354,7 @@ extern /*@dependent@*/ /*@null@*/struct commonio_entry *__pw_get_head (void);
 
 /* pwmem.c */
 extern /*@null@*/ /*@only@*/struct passwd *__pw_dup (const struct passwd *pwent);
-extern void pw_free (/*@out@*/ /*@only@*/struct passwd *pwent);
+extern void pw_free(/*@only@*/struct passwd *pwent);
 
 /* csrand.c */
 unsigned long csrand (void);
@@ -369,8 +365,8 @@ unsigned long csrand_interval (unsigned long min, unsigned long max);
 extern int remove_tree (const char *root, bool remove_root);
 
 /* rlogin.c */
-extern int do_rlogin (const char *remote_host, char *name, size_t namelen,
-                      char *term, size_t termlen);
+extern int do_rlogin(const char *remote_host, char *name, size_t namesize,
+                     char *term, size_t termsize);
 
 /* root_flag.c */
 extern void process_root_flag (const char* short_opt, int argc, char **argv);
@@ -421,7 +417,7 @@ extern struct spwd *sgetspent (const char *string);
 /* sgroupio.c */
 extern void __sgr_del_entry (const struct commonio_entry *ent);
 extern /*@null@*/ /*@only@*/struct sgrp *__sgr_dup (const struct sgrp *sgent);
-extern void sgr_free (/*@out@*/ /*@only@*/struct sgrp *sgent);
+extern void sgr_free(/*@only@*/struct sgrp *sgent);
 extern /*@dependent@*/ /*@null@*/struct commonio_entry *__sgr_get_head (void);
 extern void __sgr_set_changed (void);
 
@@ -431,14 +427,15 @@ extern void __spw_del_entry (const struct commonio_entry *ent);
 
 /* shadowmem.c */
 extern /*@null@*/ /*@only@*/struct spwd *__spw_dup (const struct spwd *spent);
-extern void spw_free (/*@out@*/ /*@only@*/struct spwd *spent);
+extern void spw_free(/*@only@*/struct spwd *spent);
 
 /* shell.c */
 extern int shell (const char *file, /*@null@*/const char *arg, char *const envp[]);
 
 /* spawn.c */
-extern int run_command (const char *cmd, const char *argv[],
-                        /*@null@*/const char *envp[], /*@out@*/int *status);
+ATTR_ACCESS(write_only, 4)
+extern int run_command(const char *cmd, const char *argv[],
+                       /*@null@*/const char *envp[], int *restrict status);
 
 /* strtoday.c */
 extern long strtoday (const char *);
@@ -527,7 +524,7 @@ extern unsigned long active_sessions_count(const char *name,
 extern bool valid (const char *, const struct passwd *);
 
 /* write_full.c */
-extern ssize_t write_full(int fd, const void *buf, size_t count);
+extern int write_full(int fd, const void *buf, size_t count);
 
 /* xgetpwnam.c */
 extern /*@null@*/ /*@only@*/struct passwd *xgetpwnam (const char *);

lib/pwauth.c

@@ -18,21 +18,26 @@
 #include <stdio.h>
 #include <sys/types.h>
 #include <unistd.h>
-#include "prototypes.h"
+
+#include "agetpass.h"
 #include "defines.h"
+#include "memzero.h"
+#include "prototypes.h"
 #include "pwauth.h"
 #include "getdef.h"
+#include "string/sprintf.h"
+
 #ifdef SKEY
 #include <skey.h>
 #endif
+
+
 #ifdef __linux__		/* standard password prompt by default */
 static const char *PROMPT = gettext_noop ("Password: ");
 #else
 static const char *PROMPT = gettext_noop ("%s's Password: ");
 #endif
 
-bool wipe_clear_pass = true;
-/*@null@*/char *clear_pass = NULL;
 
 /*
  * pw_auth - perform getpass/crypt authentication
@@ -47,16 +52,16 @@ int pw_auth (const char *cipher,
              int reason,
              /*@null@*/const char *input)
 {
-	char prompt[1024];
-	char *clear = NULL;
-	const char *cp;
-	const char *encrypted;
-	int retval;
+	int          retval;
+	char         prompt[1024];
+	char         *clear = NULL;
+	const char   *cp;
+	const char   *encrypted;
 
 #ifdef	SKEY
-	bool use_skey = false;
-	char challenge_info[40];
-	struct skey skey;
+	bool         use_skey = false;
+	char         challenge_info[40];
+	struct skey  skey;
 #endif
 
 	/*
@@ -137,15 +142,9 @@ int pw_auth (const char *cipher,
 		}
 #endif
 
-		snprintf (prompt, sizeof prompt, cp, user);
-		clear = getpass (prompt);
-		if (NULL == clear) {
-			static char c[1];
-
-			c[0] = '\0';
-			clear = c;
-		}
-		input = clear;
+		SNPRINTF(prompt, cp, user);
+		clear = agetpass(prompt);
+		input = (clear == NULL) ? "" : clear;
 	}
 
 	/*
@@ -171,14 +170,9 @@ int pw_auth (const char *cipher,
 	 * -- AR 8/22/1999
 	 */
 	if ((0 != retval) && ('\0' == input[0]) && use_skey) {
-		clear = getpass (prompt);
-		if (NULL == clear) {
-			static char c[1];
-
-			c[0] = '\0';
-			clear = c;
-		}
-		input = clear;
+		erase_pass(clear);
+		clear = agetpass(prompt);
+		input = (clear == NULL) ? "" : clear;
 	}
 
 	if ((0 != retval) && use_skey) {
@@ -192,18 +186,8 @@ int pw_auth (const char *cipher,
 		}
 	}
 #endif
+	erase_pass(clear);
 
-	/*
-	 * Things like RADIUS authentication may need the password -
-	 * if the external variable wipe_clear_pass is zero, we will
-	 * not wipe it (the caller should wipe clear_pass when it is
-	 * no longer needed).  --marekm
-	 */
-
-	clear_pass = clear;
-	if (wipe_clear_pass && (NULL != clear) && ('\0' != *clear)) {
-		strzero (clear);
-	}
 	return retval;
 }
 #else				/* !USE_PAM */

lib/pwd2spwd.c

@@ -39,8 +39,8 @@ struct spwd *pwd_to_spwd (const struct passwd *pw)
 		 * Defaults used if there is no pw_age information.
 		 */
 		sp.sp_min = 0;
-		sp.sp_max = (10000L * DAY) / SCALE;
-		sp.sp_lstchg = gettime () / SCALE;
+		sp.sp_max = 10000;
+		sp.sp_lstchg = gettime () / DAY;
 		if (0 == sp.sp_lstchg) {
 			/* Better disable aging than requiring a password
 			 * change */

lib/pwdcheck.c

@@ -13,12 +13,14 @@
 
 #include <stdio.h>
 #include <shadow.h>
+
+#include "attr.h"
 #include "prototypes.h"
 #include "defines.h"
 #include "pwauth.h"
 #include "shadowlog.h"
 
-void passwd_check (const char *user, const char *passwd, unused const char *progname)
+void passwd_check (const char *user, const char *passwd, MAYBE_UNUSED const char *progname)
 {
 	struct spwd *sp;
 

lib/pwio.c

@@ -26,7 +26,8 @@ static /*@null@*/ /*@only@*/void *passwd_dup (const void *ent)
 	return __pw_dup (pw);
 }
 
-static void passwd_free (/*@out@*/ /*@only@*/void *ent)
+static void
+passwd_free(/*@only@*/void *ent)
 {
 	struct passwd *pw = ent;
 
@@ -182,15 +183,23 @@ struct commonio_db *__pw_get_db (void)
 
 static int pw_cmp (const void *p1, const void *p2)
 {
+	const struct commonio_entry *const *ce1;
+	const struct commonio_entry *const *ce2;
+	const struct passwd *pw1, *pw2;
 	uid_t u1, u2;
 
-	if ((*(struct commonio_entry **) p1)->eptr == NULL)
+	ce1 = p1;
+	pw1 = (*ce1)->eptr;
+	if (pw1 == NULL)
 		return 1;
-	if ((*(struct commonio_entry **) p2)->eptr == NULL)
+
+	ce2 = p2;
+	pw2 = (*ce2)->eptr;
+	if (pw2 == NULL)
 		return -1;
 
-	u1 = ((struct passwd *) (*(struct commonio_entry **) p1)->eptr)->pw_uid;
-	u2 = ((struct passwd *) (*(struct commonio_entry **) p2)->eptr)->pw_uid;
+	u1 = pw1->pw_uid;
+	u2 = pw2->pw_uid;
 
 	if (u1 < u2)
 		return -1;

lib/pwmem.c

@@ -16,6 +16,7 @@
 
 #include "alloc.h"
 #include "defines.h"
+#include "memzero.h"
 #include "prototypes.h"
 #include "pwio.h"
 
@@ -69,7 +70,8 @@
 	return pw;
 }
 
-void pw_free (/*@out@*/ /*@only@*/struct passwd *pwent)
+void
+pw_free(/*@only@*/struct passwd *pwent)
 {
 	if (pwent != NULL) {
 		free (pwent->pw_name);

lib/rlogin.c

@@ -41,7 +41,9 @@ static struct {
 	{ -1, -1}
 };
 
-static void get_remote_string (char *buf, size_t size)
+
+static void
+get_remote_string(char *buf, size_t size)
 {
 	for (;;) {
 		if (read (0, buf, 1) != 1) {
@@ -55,11 +57,13 @@ static void get_remote_string (char *buf, size_t size)
 			++buf;
 		}
 	}
- /*NOTREACHED*/}
+	/*NOTREACHED*/
+}
+
 
 int
-do_rlogin (const char *remote_host, char *name, size_t namelen, char *term,
-           size_t termlen)
+do_rlogin(const char *remote_host, char *name, size_t namesize, char *term,
+          size_t termsize)
 {
 	struct passwd *pwd;
 	char remote_name[32];
@@ -69,16 +73,16 @@ do_rlogin (const char *remote_host, char *name, size_t namelen, char *term,
 	int i;
 	TERMIO termio;
 
-	get_remote_string (remote_name, sizeof remote_name);
-	get_remote_string (name, namelen);
-	get_remote_string (term, termlen);
+	get_remote_string(remote_name, sizeof(remote_name));
+	get_remote_string(name, namesize);
+	get_remote_string(term, termsize);
 
 	cp = strchr (term, '/');
 	if (NULL != cp) {
 		*cp = '\0';
 		cp++;
 
-		if (getulong (cp, &remote_speed) == 0) {
+		if (getulong(cp, &remote_speed) == -1) {
 			remote_speed = 9600;
 		}
 	}
@@ -126,4 +130,3 @@ do_rlogin (const char *remote_host, char *name, size_t namelen, char *term,
 #endif
 }
 #endif				/* RLOGIN */
-

lib/run_part.c

@@ -1,3 +1,5 @@
+#include <config.h>
+
 #include <dirent.h>
 #include <errno.h>
 #include <stdio.h>
@@ -13,6 +15,7 @@
 #include "run_part.h"
 #include "shadowlog_internal.h"
 
+
 int run_part (char *script_path, const char *name, const char *action)
 {
 	int pid;
@@ -55,25 +58,22 @@ int run_parts (const char *directory, const char *name, const char *action)
 	}
 
 	for (n=0; n<scanlist; n++) {
-		int path_length;
-		struct stat sb;
+		char         *s;
+		struct stat  sb;
 
-		path_length=strlen(directory) + strlen(namelist[n]->d_name) + 2;
-		char *s = MALLOC(path_length, char);
-		if (!s) {
-			printf ("could not allocate memory\n");
+		if (asprintf(&s, "%s/%s", directory, namelist[n]->d_name) == -1) {
+			fprintf(stderr, "could not allocate memory\n");
 			for (; n<scanlist; n++) {
-				free (namelist[n]);
+				free(namelist[n]);
 			}
-			free (namelist);
+			free(namelist);
 			return (1);
 		}
-		snprintf (s, path_length, "%s/%s", directory, namelist[n]->d_name);
 
 		execute_result = 0;
 		if (stat (s, &sb) == -1) {
 			perror ("stat");
-			free (s);
+			free(s);
 			for (; n<scanlist; n++) {
 				free (namelist[n]);
 			}
@@ -85,7 +85,7 @@ int run_parts (const char *directory, const char *name, const char *action)
 			execute_result = run_part (s, name, action);
 		}
 
-		free (s);
+		free(s);
 
 		if (execute_result!=0) {
 			fprintf (shadow_logfd,

lib/salt.c

@@ -20,6 +20,8 @@
 #include <stdio.h>
 #include <stdlib.h>
 #include <string.h>
+#include <strings.h>
+
 #include "prototypes.h"
 #include "defines.h"
 #include "getdef.h"
@@ -319,7 +321,7 @@ static /*@observer@*/const char *gensalt (size_t salt_size)
 {
 	static char salt[MAX_SALT_SIZE + 6];
 
-	memset (salt, '\0', MAX_SALT_SIZE + 6);
+	bzero(salt, MAX_SALT_SIZE + 6);
 
 	assert (salt_size >= MIN_SALT_SIZE &&
 	        salt_size <= MAX_SALT_SIZE);
@@ -358,7 +360,7 @@ static /*@observer@*/const char *gensalt (size_t salt_size)
 	const char *method;
 	unsigned long rounds = 0;
 
-	memset (result, '\0', GENSALT_SETTING_SIZE);
+	bzero(result, GENSALT_SETTING_SIZE);
 
 	if (NULL != meth)
 		method = meth;
@@ -406,7 +408,7 @@ static /*@observer@*/const char *gensalt (size_t salt_size)
 			 method);
 		salt_len = MAX_SALT_SIZE;
 		rounds = 0;
-		memset (result, '\0', GENSALT_SETTING_SIZE);
+		bzero(result, GENSALT_SETTING_SIZE);
 	}
 
 #if USE_XCRYPT_GENSALT
@@ -418,7 +420,7 @@ static /*@observer@*/const char *gensalt (size_t salt_size)
 		/* Avoid -Wunused-but-set-variable. */
 		salt_len = GENSALT_SETTING_SIZE - 1;
 		rounds = 0;
-		memset (result, '.', salt_len);
+		memset(result, '.', salt_len);
 		result[salt_len] = '\0';
 	}