Release 4.14.6

Signed-off-by: Alejandro Colomar <alx@kernel.org>

configure.ac

@@ -4,7 +4,7 @@ m4_define([libsubid_abi_major], 4)
 m4_define([libsubid_abi_minor], 0)
 m4_define([libsubid_abi_micro], 0)
 m4_define([libsubid_abi], [libsubid_abi_major.libsubid_abi_minor.libsubid_abi_micro])
-AC_INIT([shadow], [4.14.3], [pkg-shadow-devel@lists.alioth.debian.org], [],
+AC_INIT([shadow], [4.14.6], [pkg-shadow-devel@lists.alioth.debian.org], [],
 	[https://github.com/shadow-maint/shadow])
 AM_INIT_AUTOMAKE([1.11 foreign dist-xz])
 AC_CONFIG_MACRO_DIRS([m4])
@@ -32,6 +32,7 @@ AC_PROG_CC
 AC_PROG_LN_S
 AC_PROG_YACC
 LT_INIT
+LT_LIB_DLLOAD
 
 dnl Checks for libraries.
 
@@ -48,7 +49,7 @@ AC_CHECK_HEADER([shadow.h],,[AC_MSG_ERROR([You need a libc with shadow.h])])
 AC_CHECK_FUNCS(arc4random_buf futimes \
 	getentropy getrandom getspnam getusershell \
 	initgroups lckpwdf lutimes mempcpy \
-	setgroups updwtmp updwtmpx innetgr \
+	setgroups updwtmpx innetgr \
 	getspnam_r \
 	rpmatch \
 	memset_explicit explicit_bzero stpecpy stpeprintf)
@@ -56,17 +57,13 @@ AC_SYS_LARGEFILE
 
 dnl Checks for typedefs, structures, and compiler characteristics.
 
-AC_CHECK_MEMBERS([struct utmp.ut_type,
-                  struct utmp.ut_id,
-                  struct utmp.ut_name,
-                  struct utmp.ut_user,
-                  struct utmp.ut_host,
-                  struct utmp.ut_syslen,
-                  struct utmp.ut_addr,
-                  struct utmp.ut_addr_v6,
-                  struct utmp.ut_time,
-                  struct utmp.ut_xtime,
-                  struct utmp.ut_tv],,,[[#include <utmp.h>]])
+AC_CHECK_MEMBERS([struct utmpx.ut_name,
+                  struct utmpx.ut_host,
+                  struct utmpx.ut_syslen,
+                  struct utmpx.ut_addr,
+                  struct utmpx.ut_addr_v6,
+                  struct utmpx.ut_time,
+                  struct utmpx.ut_xtime],,,[[#include <utmpx.h>]])
 
 dnl Checks for library functions.
 AC_TYPE_GETGROUPS

etc/pam.d/Makefile.am

@@ -2,20 +2,20 @@
 # and also cooperate to make a distribution for `make dist'
 
 pamd_files = \
+	chpasswd \
 	chfn \
 	chsh \
 	groupmems \
 	login \
+	newusers \
 	passwd
 
 pamd_acct_tools_files = \
 	chage \
 	chgpasswd \
-	chpasswd \
 	groupadd \
 	groupdel \
 	groupmod \
-	newusers \
 	useradd \
 	userdel \
 	usermod

lib/Makefile.am

@@ -20,6 +20,7 @@ endif
 
 libshadow_la_CPPFLAGS += -I$(top_srcdir)
 libshadow_la_CFLAGS = $(LIBBSD_CFLAGS) $(LIBCRYPT_PAM) $(LIBSYSTEMD)
+libshadow_la_LIBADD = $(LIBADD_DLOPEN)
 
 libshadow_la_SOURCES = \
 	addgrps.c \

lib/age.c

@@ -139,7 +139,7 @@ int expire (const struct passwd *pw, /*@null@*/const struct spwd *sp)
 
 void agecheck (/*@null@*/const struct spwd *sp)
 {
-	long now = time(NULL) / SCALE;
+	long now = time(NULL) / DAY;
 	long remain;
 
 	if (NULL == sp) {
@@ -164,7 +164,6 @@ void agecheck (/*@null@*/const struct spwd *sp)
 
 	remain = sp->sp_lstchg + sp->sp_max - now;
 	if (remain <= sp->sp_warn) {
-		remain /= DAY / SCALE;
 		if (remain > 1) {
 			(void) printf (_("Your password will expire in %ld days.\n"),
 			               remain);

lib/agetpass.c

@@ -9,7 +9,6 @@
 
 #include <limits.h>
 #include <readpassphrase.h>
-#include <stdio.h>
 #include <stdlib.h>
 #include <string.h>
 
@@ -23,11 +22,6 @@
 #endif /* WITH_LIBBSD */
 
 
-#if !defined(PASS_MAX)
-#define PASS_MAX  BUFSIZ - 1
-#endif
-
-
 /*
  * SYNOPSIS
  *	[[gnu::malloc(erase_pass)]]

lib/chkname.c

@@ -74,12 +74,14 @@ static bool is_valid_name (const char *name)
 
 bool is_valid_user_name (const char *name)
 {
+	size_t  maxlen;
+
 	/*
 	 * User names length are limited by the kernel
 	 */
-	if (strlen (name) > sysconf(_SC_LOGIN_NAME_MAX)) {
+	maxlen = sysconf(_SC_LOGIN_NAME_MAX);
+	if (strlen(name) >= maxlen)
 		return false;
-	}
 
 	return is_valid_name (name);
 }

lib/defines.h

@@ -25,6 +25,7 @@
     ((N) == 1 ? (const char *) (Msgid1) : (const char *) (Msgid2))
 #endif
 
+#include <stdio.h>
 #include <stdlib.h>
 #include <string.h>
 
@@ -153,7 +154,6 @@ static inline void memzero(void *ptr, size_t size)
  *
  * DAY - seconds / day
  * WEEK - seconds / week
- * SCALE - seconds / aging unit
  */
 
 /* Solaris defines this in shadow.h */
@@ -163,12 +163,6 @@ static inline void memzero(void *ptr, size_t size)
 
 #define WEEK (7*DAY)
 
-#ifdef ITI_AGING
-#define SCALE 1
-#else
-#define SCALE DAY
-#endif
-
 #define WIDTHOF(x)   (sizeof(x) * CHAR_BIT)
 #define NITEMS(arr)  (sizeof((arr)) / sizeof((arr)[0]))
 #define STRLEN(s)    (NITEMS(s) - 1)
@@ -247,4 +241,14 @@ static inline void memzero(void *ptr, size_t size)
 #  define shadow_getenv(name) getenv(name)
 #endif
 
+/*
+ * Maximum password length
+ *
+ * Consider that there is also limit in PAM (PAM_MAX_RESP_SIZE)
+ * currently set to 512.
+ */
+#if !defined(PASS_MAX)
+#define PASS_MAX  BUFSIZ - 1
+#endif
+
 #endif				/* _DEFINES_H_ */

lib/getdate.y

@@ -318,7 +318,7 @@ relunit	: tUNUMBER tYEAR_UNIT {
 	    yyRelYear += $1 * $2;
 	}
 	| tYEAR_UNIT {
-	    yyRelYear++;
+	    yyRelYear += $1;
 	}
 	| tUNUMBER tMONTH_UNIT {
 	    yyRelMonth += $1 * $2;
@@ -327,7 +327,7 @@ relunit	: tUNUMBER tYEAR_UNIT {
 	    yyRelMonth += $1 * $2;
 	}
 	| tMONTH_UNIT {
-	    yyRelMonth++;
+	    yyRelMonth += $1;
 	}
 	| tUNUMBER tDAY_UNIT {
 	    yyRelDay += $1 * $2;
@@ -336,7 +336,7 @@ relunit	: tUNUMBER tYEAR_UNIT {
 	    yyRelDay += $1 * $2;
 	}
 	| tDAY_UNIT {
-	    yyRelDay++;
+	    yyRelDay += $1;
 	}
 	| tUNUMBER tHOUR_UNIT {
 	    yyRelHour += $1 * $2;
@@ -345,7 +345,7 @@ relunit	: tUNUMBER tYEAR_UNIT {
 	    yyRelHour += $1 * $2;
 	}
 	| tHOUR_UNIT {
-	    yyRelHour++;
+	    yyRelHour += $1;
 	}
 	| tUNUMBER tMINUTE_UNIT {
 	    yyRelMinutes += $1 * $2;
@@ -354,7 +354,7 @@ relunit	: tUNUMBER tYEAR_UNIT {
 	    yyRelMinutes += $1 * $2;
 	}
 	| tMINUTE_UNIT {
-	    yyRelMinutes++;
+	    yyRelMinutes += $1;
 	}
 	| tUNUMBER tSEC_UNIT {
 	    yyRelSeconds += $1 * $2;
@@ -363,7 +363,7 @@ relunit	: tUNUMBER tYEAR_UNIT {
 	    yyRelSeconds += $1 * $2;
 	}
 	| tSEC_UNIT {
-	    yyRelSeconds++;
+	    yyRelSeconds += $1;
 	}
 	;
 

lib/isexpired.c

@@ -40,7 +40,7 @@ int isexpired (const struct passwd *pw, /*@null@*/const struct spwd *sp)
 {
 	long now;
 
-	now = time(NULL) / SCALE;
+	now = time(NULL) / DAY;
 
 	if (NULL == sp) {
 		return 0;
@@ -84,7 +84,7 @@ int isexpired (const struct passwd *pw, /*@null@*/const struct spwd *sp)
 
 	if (   (-1 == sp->sp_lstchg)
 	    || (-1 == sp->sp_max)
-	    || (sp->sp_max >= ((10000L * DAY) / SCALE))) {
+	    || (sp->sp_max >= 10000)) {
 		return 0;
 	}
 

lib/log.c

@@ -24,7 +24,7 @@
  *
  *	A "last login" entry is created for the user being logged in.  The
  *	UID is extracted from the global (struct passwd) entry and the
- *	TTY information is gotten from the (struct utmp).
+ *	TTY information is gotten from the (struct utmpx).
  */
 void dolastlog (
 	struct lastlog *ll,

lib/logind.c

@@ -35,7 +35,7 @@ done:
     return ret;
 }
 
-unsigned long active_sessions_count(const char *name, unsigned long unused)
+unsigned long active_sessions_count(const char *name, unsigned long unused(limit))
 {
     struct passwd *pw;
     unsigned long count = 0;

lib/pwd2spwd.c

@@ -39,8 +39,8 @@ struct spwd *pwd_to_spwd (const struct passwd *pw)
 		 * Defaults used if there is no pw_age information.
 		 */
 		sp.sp_min = 0;
-		sp.sp_max = (10000L * DAY) / SCALE;
-		sp.sp_lstchg = gettime () / SCALE;
+		sp.sp_max = 10000;
+		sp.sp_lstchg = gettime () / DAY;
 		if (0 == sp.sp_lstchg) {
 			/* Better disable aging than requiring a password
 			 * change */

lib/strtoday.c

@@ -68,10 +68,9 @@ long strtoday (const char *str)
 		return retdate;
 	}
 
-	t = get_date (str, NULL);
+	t = get_date(str, NULL);
 	if ((time_t) - 1 == t) {
 		return -2;
 	}
-	/* convert seconds to days since 1970-01-01 */
-	return (t + DAY / 2) / DAY;
+	return t / DAY;
 }

lib/user_busy.c

@@ -49,13 +49,15 @@ int user_busy (const char *name, uid_t uid)
 #endif				/* !__linux__ */
 }
 
-#ifndef __linux__
-static int user_busy_utmp (const char *name)
-{
-	struct utmp *utent;
 
-	setutent ();
-	while ((utent = getutent ()) != NULL)
+#ifndef __linux__
+static int
+user_busy_utmp(const char *name)
+{
+	struct utmpx  *utent;
+
+	setutxent();
+	while ((utent = getutxent()) != NULL)
 	{
 		if (utent->ut_type != USER_PROCESS) {
 			continue;
@@ -77,6 +79,7 @@ static int user_busy_utmp (const char *name)
 }
 #endif				/* !__linux__ */
 
+
 #ifdef __linux__
 #ifdef ENABLE_SUBIDS
 #define in_parentuid_range(uid) ((uid) >= parentuid && (uid) < parentuid + range)

lib/utmp.c

@@ -13,7 +13,7 @@
 #include "prototypes.h"
 #include "getdef.h"
 
-#include <utmp.h>
+#include <utmpx.h>
 #include <assert.h>
 #include <sys/param.h>
 #include <sys/types.h>
@@ -27,19 +27,23 @@
 #ident "$Id$"
 
 
+#define UTX_LINESIZE  NITEMS((struct utmpx){}.ut_line)
+
+
 /*
  * is_my_tty -- determine if "tty" is the same TTY stdin is using
  */
-static bool is_my_tty (const char tty[UT_LINESIZE])
+static bool
+is_my_tty(const char tty[UTX_LINESIZE])
 {
-	char         full_tty[STRLEN("/dev/") + UT_LINESIZE + 1];
+	char         full_tty[STRLEN("/dev/") + UTX_LINESIZE + 1];
 	/* tmptty shall be bigger than full_tty */
 	static char  tmptty[sizeof(full_tty) + 1];
 
 	full_tty[0] = '\0';
 	if (tty[0] != '/')
 		strcpy (full_tty, "/dev/");
-	strncat (full_tty, tty, UT_LINESIZE);
+	strncat(full_tty, tty, UTX_LINESIZE);
 
 	if ('\0' == tmptty[0]) {
 		const char *tname = ttyname (STDIN_FILENO);
@@ -55,13 +59,15 @@ static bool is_my_tty (const char tty[UT_LINESIZE])
 	return strcmp (full_tty, tmptty) == 0;
 }
 
+
 /*
  * failtmp - update the cumulative failure log
  *
- *	failtmp updates the (struct utmp) formatted failure log which
+ *	failtmp updates the (struct utmpx) formatted failure log which
  *	maintains a record of all login failures.
  */
-static void failtmp (const char *username, const struct utmp *failent)
+static void
+failtmp(const char *username, const struct utmpx *failent)
 {
 	const char *ftmp;
 	int fd;
@@ -106,6 +112,7 @@ static void failtmp (const char *username, const struct utmp *failent)
 	}
 }
 
+
 /*
  * get_current_utmp - return the most probable utmp entry for the current
  *                    session
@@ -114,56 +121,55 @@ static void failtmp (const char *username, const struct utmp *failent)
  *	The line entered by the *getty / telnetd, etc. should also match
  *	the current terminal.
  *
- *	When an entry is returned by get_current_utmp, and if the utmp
+ *	When an entry is returned by get_current_utmp, and if the utmpx
  *	structure has a ut_id field, this field should be used to update
  *	the entry information.
  *
  *	Return NULL if no entries exist in utmp for the current process.
  */
-static
-/*@null@*/ /*@only@*/struct utmp *get_current_utmp (void)
+static /*@null@*/ /*@only@*/struct utmpx *
+get_current_utmp(void)
 {
-	struct utmp *ut;
-	struct utmp *ret = NULL;
+	struct utmpx  *ut;
+	struct utmpx  *ret = NULL;
 
-	setutent ();
+	setutxent();
 
 	/* First, try to find a valid utmp entry for this process.  */
-	while ((ut = getutent ()) != NULL) {
+	while ((ut = getutxent()) != NULL) {
 		if (   (ut->ut_pid == getpid ())
-#ifdef HAVE_STRUCT_UTMP_UT_ID
 		    && ('\0' != ut->ut_id[0])
-#endif
-#ifdef HAVE_STRUCT_UTMP_UT_TYPE
 		    && (   (LOGIN_PROCESS == ut->ut_type)
 		        || (USER_PROCESS  == ut->ut_type))
-#endif
 		    /* A process may have failed to close an entry
 		     * Check if this entry refers to the current tty */
-		    && is_my_tty (ut->ut_line)) {
+		    && is_my_tty(ut->ut_line))
+		{
 			break;
 		}
 	}
 
 	if (NULL != ut) {
-		ret = XMALLOC(1, struct utmp);
+		ret = XMALLOC(1, struct utmpx);
 		memcpy (ret, ut, sizeof (*ret));
 	}
 
-	endutent ();
+	endutxent();
 
 	return ret;
 }
 
-int get_session_host (char **out)
+
+int
+get_session_host(char **out)
 {
-	char *hostname = NULL;
-	struct utmp *ut = NULL;
-	int ret = 0;
+	int           ret = 0;
+	char          *hostname;
+	struct utmpx  *ut;
 
 	ut = get_current_utmp();
 
-#ifdef HAVE_STRUCT_UTMP_UT_HOST
+#if defined(HAVE_STRUCT_UTMPX_UT_HOST)
 	if ((ut != NULL) && (ut->ut_host[0] != '\0')) {
 		hostname = XMALLOC(sizeof(ut->ut_host) + 1, char);
 		strncpy (hostname, ut->ut_host, sizeof (ut->ut_host));
@@ -177,18 +183,19 @@ int get_session_host (char **out)
 #else
 	*out = NULL;
 	ret = -2;
-#endif /* HAVE_STRUCT_UTMP_UT_HOST */
+#endif
 
 	return ret;
 }
 
-#ifndef USE_PAM
+
+#if !defined(USE_PAM) && !defined(HAVE_UPDWTMPX)
 /*
- * Some systems already have updwtmp() and possibly updwtmpx().  Others
+ * Some systems already have updwtmpx().  Others
  * don't, so we re-implement these functions if necessary.
  */
-#ifndef HAVE_UPDWTMP
-static void updwtmp (const char *filename, const struct utmp *ut)
+static void
+updwtmpx(const char *filename, const struct utmpx *ut)
 {
 	int fd;
 
@@ -198,9 +205,7 @@ static void updwtmp (const char *filename, const struct utmp *ut)
 		close (fd);
 	}
 }
-#endif				/* ! HAVE_UPDWTMP */
-
-#endif				/* ! USE_PAM */
+#endif
 
 
 /*
@@ -221,15 +226,13 @@ static void updwtmp (const char *filename, const struct utmp *ut)
  *
  *	The returned structure shall be freed by the caller.
  */
-static
-/*@only@*/struct utmp *prepare_utmp (const char *name,
-                                     const char *line,
-                                     const char *host,
-                                     /*@null@*/const struct utmp *ut)
+static /*@only@*/struct utmpx *
+prepare_utmp(const char *name, const char *line, const char *host,
+             /*@null@*/const struct utmpx *ut)
 {
-	struct timeval tv;
-	char *hostname = NULL;
-	struct utmp *utent;
+	char            *hostname = NULL;
+	struct utmpx    *utent;
+	struct timeval  tv;
 
 	assert (NULL != name);
 	assert (NULL != line);
@@ -240,13 +243,13 @@ static
 	    && ('\0' != host[0])) {
 		hostname = XMALLOC(strlen(host) + 1, char);
 		strcpy (hostname, host);
-#ifdef HAVE_STRUCT_UTMP_UT_HOST
+#if defined(HAVE_STRUCT_UTMPX_UT_HOST)
 	} else if (   (NULL != ut)
 	           && ('\0' != ut->ut_host[0])) {
 		hostname = XMALLOC(sizeof(ut->ut_host) + 1, char);
 		strncpy (hostname, ut->ut_host, sizeof (ut->ut_host));
 		hostname[sizeof (ut->ut_host)] = '\0';
-#endif				/* HAVE_STRUCT_UTMP_UT_HOST */
+#endif
 	}
 
 	if (strncmp(line, "/dev/", 5) == 0) {
@@ -254,38 +257,32 @@ static
 	}
 
 
-	utent = XCALLOC (1, struct utmp);
+	utent = XCALLOC(1, struct utmpx);
 
 
-#ifdef HAVE_STRUCT_UTMP_UT_TYPE
 	utent->ut_type = USER_PROCESS;
-#endif				/* HAVE_STRUCT_UTMP_UT_TYPE */
 	utent->ut_pid = getpid ();
 	strncpy (utent->ut_line, line,      sizeof (utent->ut_line) - 1);
-#ifdef HAVE_STRUCT_UTMP_UT_ID
 	if (NULL != ut) {
 		strncpy (utent->ut_id, ut->ut_id, sizeof (utent->ut_id));
 	} else {
 		/* XXX - assumes /dev/tty?? */
 		strncpy (utent->ut_id, line + 3, sizeof (utent->ut_id) - 1);
 	}
-#endif				/* HAVE_STRUCT_UTMP_UT_ID */
-#ifdef HAVE_STRUCT_UTMP_UT_NAME
+#if defined(HAVE_STRUCT_UTMPX_UT_NAME)
 	strncpy (utent->ut_name, name,      sizeof (utent->ut_name));
-#endif				/* HAVE_STRUCT_UTMP_UT_NAME */
-#ifdef HAVE_STRUCT_UTMP_UT_USER
+#endif
 	strncpy (utent->ut_user, name,      sizeof (utent->ut_user) - 1);
-#endif				/* HAVE_STRUCT_UTMP_UT_USER */
 	if (NULL != hostname) {
 		struct addrinfo *info = NULL;
-#ifdef HAVE_STRUCT_UTMP_UT_HOST
+#if defined(HAVE_STRUCT_UTMPX_UT_HOST)
 		strncpy (utent->ut_host, hostname, sizeof (utent->ut_host) - 1);
-#endif				/* HAVE_STRUCT_UTMP_UT_HOST */
-#ifdef HAVE_STRUCT_UTMP_UT_SYSLEN
+#endif
+#if defined(HAVE_STRUCT_UTMPX_UT_SYSLEN)
 		utent->ut_syslen = MIN (strlen (hostname),
 		                        sizeof (utent->ut_host));
-#endif				/* HAVE_STRUCT_UTMP_UT_SYSLEN */
-#if defined(HAVE_STRUCT_UTMP_UT_ADDR) || defined(HAVE_STRUCT_UTMP_UT_ADDR_V6)
+#endif
+#if defined(HAVE_STRUCT_UTMPX_UT_ADDR) || defined(HAVE_STRUCT_UTMPX_UT_ADDR_V6)
 		if (getaddrinfo (hostname, NULL, NULL, &info) == 0) {
 			/* getaddrinfo might not be reliable.
 			 * Just try to log what may be useful.
@@ -293,13 +290,13 @@ static
 			if (info->ai_family == AF_INET) {
 				struct sockaddr_in *sa =
 					(struct sockaddr_in *) info->ai_addr;
-#ifdef HAVE_STRUCT_UTMP_UT_ADDR
+# if defined(HAVE_STRUCT_UTMPX_UT_ADDR)
 				memcpy (&(utent->ut_addr),
 				        &(sa->sin_addr),
 				        MIN (sizeof (utent->ut_addr),
 				             sizeof (sa->sin_addr)));
-#endif				/* HAVE_STRUCT_UTMP_UT_ADDR */
-#ifdef HAVE_STRUCT_UTMP_UT_ADDR_V6
+# endif
+# if defined(HAVE_STRUCT_UTMPX_UT_ADDR_V6)
 				memcpy (utent->ut_addr_v6,
 				        &(sa->sin_addr),
 				        MIN (sizeof (utent->ut_addr_v6),
@@ -311,61 +308,61 @@ static
 				        &(sa->sin6_addr),
 				        MIN (sizeof (utent->ut_addr_v6),
 				             sizeof (sa->sin6_addr)));
-#endif				/* HAVE_STRUCT_UTMP_UT_ADDR_V6 */
+# endif
 			}
 			freeaddrinfo (info);
 		}
-#endif		/* HAVE_STRUCT_UTMP_UT_ADDR || HAVE_STRUCT_UTMP_UT_ADDR_V6 */
+#endif
 		free (hostname);
 	}
 	/* ut_exit is only for DEAD_PROCESS */
 	utent->ut_session = getsid (0);
 	if (gettimeofday (&tv, NULL) == 0) {
-#ifdef HAVE_STRUCT_UTMP_UT_TIME
+#if defined(HAVE_STRUCT_UTMPX_UT_TIME)
 		utent->ut_time = tv.tv_sec;
-#endif				/* HAVE_STRUCT_UTMP_UT_TIME */
-#ifdef HAVE_STRUCT_UTMP_UT_XTIME
+#endif
+#if defined(HAVE_STRUCT_UTMPX_UT_XTIME)
 		utent->ut_xtime = tv.tv_usec;
-#endif				/* HAVE_STRUCT_UTMP_UT_XTIME */
-#ifdef HAVE_STRUCT_UTMP_UT_TV
+#endif
 		utent->ut_tv.tv_sec  = tv.tv_sec;
 		utent->ut_tv.tv_usec = tv.tv_usec;
-#endif				/* HAVE_STRUCT_UTMP_UT_TV */
 	}
 
 	return utent;
 }
 
+
 /*
  * setutmp - Update an entry in utmp and log an entry in wtmp
  *
  *	Return 1 on failure and 0 on success.
  */
-static int setutmp (struct utmp *ut)
+static int
+setutmp(struct utmpx *ut)
 {
 	int err = 0;
 
 	assert (NULL != ut);
 
-	setutent ();
-	if (pututline (ut) == NULL) {
+	setutxent();
+	if (pututxline(ut) == NULL) {
 		err = 1;
 	}
-	endutent ();
+	endutxent();
 
-#ifndef USE_PAM
+#if !defined(USE_PAM)
 	/* This is done by pam_lastlog */
-	updwtmp (_WTMP_FILE, ut);
-#endif				/* ! USE_PAM */
+	updwtmpx(_WTMP_FILE, ut);
+#endif
 
 	return err;
 }
 
-int update_utmp (const char *user,
-                 const char *tty,
-                 const char *host)
+
+int
+update_utmp(const char *user, const char *tty, const char *host)
 {
-	struct utmp *utent, *ut;
+	struct utmpx  *utent, *ut;
 
 	utent = get_current_utmp ();
 	ut = prepare_utmp  (user, tty, host, utent);
@@ -380,11 +377,11 @@ int update_utmp (const char *user,
 	return 0;
 }
 
-void record_failure(const char *failent_user,
-                    const char *tty,
-                    const char *hostname)
+
+void
+record_failure(const char *failent_user, const char *tty, const char *hostname)
 {
-	struct utmp *utent, *failent;
+	struct utmpx  *utent, *failent;
 
 	if (getdef_str ("FTMP_FILE") != NULL) {
 		utent = get_current_utmp ();
@@ -395,13 +392,15 @@ void record_failure(const char *failent_user,
 	}
 }
 
-unsigned long active_sessions_count(const char *name, unsigned long limit)
-{
-	struct utmp *ut;
-	unsigned long count = 0;
 
-	setutent ();
-	while ((ut = getutent ()))
+unsigned long
+active_sessions_count(const char *name, unsigned long limit)
+{
+	struct utmpx   *ut;
+	unsigned long  count = 0;
+
+	setutxent();
+	while ((ut = getutxent()))
 	{
 		if (USER_PROCESS != ut->ut_type) {
 			continue;
@@ -417,7 +416,7 @@ unsigned long active_sessions_count(const char *name, unsigned long limit)
 			break;
 		}
 	}
-	endutent ();
+	endutxent();
 
 	return count;
 }

share/containers/debian.dockerfile

@@ -9,7 +9,7 @@ RUN export DEBIAN_PRIORITY=critical \
 RUN apt-get update -y \
     && apt-get dist-upgrade -y
 RUN apt-get build-dep shadow -y
-RUN apt-get install libbsd-dev pkgconf -y
+RUN apt-get install libltdl-dev libbsd-dev pkgconf -y
 
 COPY ./ /usr/local/src/shadow/
 WORKDIR /usr/local/src/shadow/

src/chage.c

@@ -175,10 +175,10 @@ static int new_fields (void)
 		return 0;
 	}
 
-	if (-1 == lstchgdate || lstchgdate > LONG_MAX / SCALE) {
+	if (-1 == lstchgdate || lstchgdate > LONG_MAX / DAY) {
 		strcpy (buf, "-1");
 	} else {
-		date_to_str (sizeof(buf), buf, lstchgdate * SCALE);
+		date_to_str (sizeof(buf), buf, lstchgdate * DAY);
 	}
 
 	change_field (buf, sizeof buf, _("Last Password Change (YYYY-MM-DD)"));
@@ -206,10 +206,10 @@ static int new_fields (void)
 		return 0;
 	}
 
-	if (-1 == expdate || LONG_MAX / SCALE < expdate) {
+	if (-1 == expdate || LONG_MAX / DAY < expdate) {
 		strcpy (buf, "-1");
 	} else {
-		date_to_str (sizeof(buf), buf, expdate * SCALE);
+		date_to_str (sizeof(buf), buf, expdate * DAY);
 	}
 
 	change_field (buf, sizeof buf,
@@ -258,12 +258,12 @@ static void list_fields (void)
 	 * was last modified. The date is the number of days since 1/1/1970.
 	 */
 	(void) fputs (_("Last password change\t\t\t\t\t: "), stdout);
-	if (lstchgdate < 0 || lstchgdate > LONG_MAX / SCALE) {
+	if (lstchgdate < 0 || lstchgdate > LONG_MAX / DAY) {
 		(void) puts (_("never"));
 	} else if (lstchgdate == 0) {
 		(void) puts (_("password must be changed"));
 	} else {
-		changed = lstchgdate * SCALE;
+		changed = lstchgdate * DAY;
 		print_date (changed);
 	}
 
@@ -275,12 +275,12 @@ static void list_fields (void)
 	if (lstchgdate == 0) {
 		(void) puts (_("password must be changed"));
 	} else if (   (lstchgdate < 0)
-	           || (maxdays >= (10000 * (DAY / SCALE)))
+	           || (maxdays >= 10000)
 	           || (maxdays < 0)
-	           || ((LONG_MAX - changed) / SCALE < maxdays)) {
+	           || ((LONG_MAX - changed) / DAY < maxdays)) {
 		(void) puts (_("never"));
 	} else {
-		expires = changed + maxdays * SCALE;
+		expires = changed + maxdays * DAY;
 		print_date (expires);
 	}
 
@@ -295,13 +295,13 @@ static void list_fields (void)
 		(void) puts (_("password must be changed"));
 	} else if (   (lstchgdate < 0)
 	           || (inactdays < 0)
-	           || (maxdays >= (10000 * (DAY / SCALE)))
+	           || (maxdays >= 10000)
 	           || (maxdays < 0)
 	           || (maxdays > LONG_MAX - inactdays)
-	           || ((LONG_MAX - changed) / SCALE < maxdays + inactdays)) {
+	           || ((LONG_MAX - changed) / DAY < maxdays + inactdays)) {
 		(void) puts (_("never"));
 	} else {
-		expires = changed + (maxdays + inactdays) * SCALE;
+		expires = changed + (maxdays + inactdays) * DAY;
 		print_date (expires);
 	}
 
@@ -310,10 +310,10 @@ static void list_fields (void)
 	 * password expiring or not.
 	 */
 	(void) fputs (_("Account expires\t\t\t\t\t\t: "), stdout);
-	if (expdate < 0 || LONG_MAX / SCALE < expdate) {
+	if (expdate < 0 || LONG_MAX / DAY < expdate) {
 		(void) puts (_("never"));
 	} else {
-		expires = expdate * SCALE;
+		expires = expdate * DAY;
 		print_date (expires);
 	}
 

src/chpasswd.c

@@ -621,7 +621,7 @@ int main (int argc, char **argv)
 		if (NULL != sp) {
 			newsp = *sp;
 			newsp.sp_pwdp = cp;
-			newsp.sp_lstchg = gettime () / SCALE;
+			newsp.sp_lstchg = gettime () / DAY;
 			if (0 == newsp.sp_lstchg) {
 				/* Better disable aging than requiring a
 				 * password change */

src/login.c

@@ -572,11 +572,13 @@ int main (int argc, char **argv)
 	}
 #ifdef RLOGIN
 	if (rflg) {
-		size_t max_size = sysconf(_SC_LOGIN_NAME_MAX);
+		size_t  max_size = sysconf(_SC_LOGIN_NAME_MAX);
+
 		assert (NULL == username);
-		username = XMALLOC(max_size + 1, char);
-		username[max_size] = '\0';
-		if (do_rlogin (hostname, username, max_size, term, sizeof term)) {
+		username = XMALLOC(max_size, char);
+		username[max_size - 1] = '\0';
+		if (do_rlogin(hostname, username, max_size, term, sizeof(term)))
+		{
 			preauth_flag = true;
 		} else {
 			free (username);
@@ -885,15 +887,16 @@ int main (int argc, char **argv)
 
 		failed = false;	/* haven't failed authentication yet */
 		if (NULL == username) {	/* need to get a login id */
-			size_t max_size = sysconf(_SC_LOGIN_NAME_MAX);
+			size_t  max_size = sysconf(_SC_LOGIN_NAME_MAX);
+
 			if (subroot) {
 				closelog ();
 				exit (1);
 			}
 			preauth_flag = false;
-			username = XMALLOC(max_size + 1, char);
-			username[max_size] = '\0';
-			login_prompt (username, max_size);
+			username = XMALLOC(max_size, char);
+			username[max_size - 1] = '\0';
+			login_prompt(username, max_size);
 
 			if ('\0' == username[0]) {
 				/* Prompt for a new login */

src/logoutd.c

@@ -15,7 +15,7 @@
 #include <stdio.h>
 #include <sys/stat.h>
 #include <sys/types.h>
-#include <utmp.h>
+#include <utmpx.h>
 #include "defines.h"
 #include "prototypes.h"
 #include "shadowlog.h"
@@ -32,14 +32,17 @@ const char *Prog;
 #define HUP_MESG_FILE "/etc/logoutd.mesg"
 #endif
 
+
 /* local function prototypes */
-static int check_login (const struct utmp *ut);
+static int check_login (const struct utmpx *ut);
 static void send_mesg_to_tty (int tty_fd);
 
+
 /*
- * check_login - check if user (struct utmp) allowed to stay logged in
+ * check_login - check if user (struct utmpx) allowed to stay logged in
  */
-static int check_login (const struct utmp *ut)
+static int
+check_login(const struct utmpx *ut)
 {
 	char user[sizeof (ut->ut_user) + 1];
 	time_t now;
@@ -112,16 +115,17 @@ static void send_mesg_to_tty (int tty_fd)
  *	utmp file is periodically scanned and offending users are logged
  *	off from the system.
  */
-int main (int argc, char **argv)
+int
+main(int argc, char **argv)
 {
-	int i;
-	int status;
-	pid_t pid;
+	int    i;
+	int    status;
+	pid_t  pid;
 
-	struct utmp *ut;
-	char user[sizeof (ut->ut_user) + 1];	/* terminating NUL */
-	char tty_name[sizeof (ut->ut_line) + 6];	/* /dev/ + NUL */
-	int tty_fd;
+	struct utmpx  *ut;
+	char          user[sizeof (ut->ut_user) + 1];	/* terminating NUL */
+	char          tty_name[sizeof (ut->ut_line) + 6];	/* /dev/ + NUL */
+	int           tty_fd;
 
 	if (1 != argc) {
 		(void) fputs (_("Usage: logoutd\n"), stderr);
@@ -169,14 +173,14 @@ int main (int argc, char **argv)
 		 * Attempt to re-open the utmp file. The file is only
 		 * open while it is being used.
 		 */
-		setutent ();
+		setutxent();
 
 		/*
 		 * Read all of the entries in the utmp file. The entries
 		 * for login sessions will be checked to see if the user
 		 * is permitted to be signed on at this time.
 		 */
-		while ((ut = getutent ()) != NULL) {
+		while ((ut = getutxent()) != NULL) {
 			if (ut->ut_type != USER_PROCESS) {
 				continue;
 			}
@@ -208,7 +212,7 @@ int main (int argc, char **argv)
 				tty_name[0] = '\0';
 			}
 
-			strncat (tty_name, ut->ut_line, UT_LINESIZE);
+			strncat(tty_name, ut->ut_line, NITEMS(ut->ut_line));
 #ifndef O_NOCTTY
 #define O_NOCTTY 0
 #endif
@@ -239,7 +243,7 @@ int main (int argc, char **argv)
 			exit (EXIT_SUCCESS);
 		}
 
-		endutent ();
+		endutxent();
 
 #ifndef DEBUG
 		sleep (60);

src/newusers.c

@@ -527,7 +527,7 @@ static int add_passwd (struct passwd *pwd, const char *password)
 			}
 			spent.sp_pwdp = cp;
 		}
-		spent.sp_lstchg = gettime () / SCALE;
+		spent.sp_lstchg = gettime () / DAY;
 		if (0 == spent.sp_lstchg) {
 			/* Better disable aging than requiring a password
 			 * change */
@@ -584,7 +584,7 @@ static int add_passwd (struct passwd *pwd, const char *password)
 	 */
 	spent.sp_pwdp = "!";
 #endif
-	spent.sp_lstchg = gettime () / SCALE;
+	spent.sp_lstchg = gettime () / DAY;
 	if (0 == spent.sp_lstchg) {
 		/* Better disable aging than requiring a password change */
 		spent.sp_lstchg = -1;

src/passwd.c

@@ -192,8 +192,8 @@ static int new_password (const struct passwd *pw)
 	char *cipher;		/* Pointer to cipher text */
 	const char *salt;	/* Pointer to new salt */
 	char *cp;		/* Pointer to agetpass() response */
-	char orig[200];		/* Original password */
-	char pass[200];		/* New password */
+	char orig[PASS_MAX + 1];	/* Original password */
+	char pass[PASS_MAX + 1];	/* New password */
 	int i;			/* Counter for retries */
 	bool warned;
 	int pass_max_len = -1;
@@ -414,9 +414,9 @@ static void check_password (const struct passwd *pw, const struct spwd *sp)
 	 */
 	if (sp->sp_lstchg > 0) {
 		time_t ok;
-		ok = (time_t) sp->sp_lstchg * SCALE;
+		ok = (time_t) sp->sp_lstchg * DAY;
 		if (sp->sp_min > 0) {
-			ok += (time_t) sp->sp_min * SCALE;
+			ok += (time_t) sp->sp_min * DAY;
 		}
 
 		if (now < ok) {
@@ -451,15 +451,15 @@ static void print_status (const struct passwd *pw)
 
 	sp = prefix_getspnam (pw->pw_name); /* local, no need for xprefix_getspnam */
 	if (NULL != sp) {
-		date_to_str (sizeof(date), date, sp->sp_lstchg * SCALE),
-		(void) printf ("%s %s %s %lld %lld %lld %lld\n",
+		date_to_str (sizeof(date), date, sp->sp_lstchg * DAY),
+		(void) printf ("%s %s %s %ld %ld %ld %ld\n",
 		               pw->pw_name,
 		               pw_status (sp->sp_pwdp),
 		               date,
-		               ((long long)sp->sp_min * SCALE) / DAY,
-		               ((long long)sp->sp_max * SCALE) / DAY,
-		               ((long long)sp->sp_warn * SCALE) / DAY,
-		               ((long long)sp->sp_inact * SCALE) / DAY);
+		               sp->sp_min,
+		               sp->sp_max,
+		               sp->sp_warn,
+		               sp->sp_inact);
 	} else if (NULL != pw->pw_passwd) {
 		(void) printf ("%s %s\n",
 		               pw->pw_name, pw_status (pw->pw_passwd));
@@ -637,21 +637,21 @@ static void update_shadow (void)
 	}
 	nsp->sp_pwdp = update_crypt_pw (nsp->sp_pwdp);
 	if (xflg) {
-		nsp->sp_max = (age_max * DAY) / SCALE;
+		nsp->sp_max = age_max;
 	}
 	if (nflg) {
-		nsp->sp_min = (age_min * DAY) / SCALE;
+		nsp->sp_min = age_min;
 	}
 	if (wflg) {
-		nsp->sp_warn = (warn * DAY) / SCALE;
+		nsp->sp_warn = warn;
 	}
 	if (iflg) {
-		nsp->sp_inact = (inact * DAY) / SCALE;
+		nsp->sp_inact = inact;
 	}
 	if (!use_pam)
 	{
 		if (do_update_age) {
-			nsp->sp_lstchg = gettime () / SCALE;
+			nsp->sp_lstchg = gettime () / DAY;
 			if (0 == nsp->sp_lstchg) {
 				/* Better disable aging than requiring a password
 				 * change */

src/pwck.c

@@ -609,7 +609,7 @@ static void check_pw_file (int *errors, bool *changed)
 					sp.sp_inact  = -1;
 					sp.sp_expire = -1;
 					sp.sp_flag   = SHADOW_SP_FLAG_UNSET;
-					sp.sp_lstchg = gettime () / SCALE;
+					sp.sp_lstchg = gettime () / DAY;
 					if (0 == sp.sp_lstchg) {
 						/* Better disable aging than
 						 * requiring a password change
@@ -816,7 +816,7 @@ static void check_spw_file (int *errors, bool *changed)
 		if (!quiet) {
 			time_t t = time (NULL);
 			if (   (t != 0)
-			    && (spw->sp_lstchg > (long) t / SCALE)) {
+			    && (spw->sp_lstchg > (long) t / DAY)) {
 				printf (_("user %s: last password change in the future\n"),
 			                spw->sp_namp);
 				*errors += 1;

src/pwconv.c

@@ -247,7 +247,7 @@ int main (int argc, char **argv)
 			spent.sp_flag   = SHADOW_SP_FLAG_UNSET;
 		}
 		spent.sp_pwdp = pw->pw_passwd;
-		spent.sp_lstchg = gettime () / SCALE;
+		spent.sp_lstchg = gettime () / DAY;
 		if (0 == spent.sp_lstchg) {
 			/* Better disable aging than requiring a password
 			 * change */

src/useradd.c

@@ -214,7 +214,6 @@ static struct group * get_local_group (char * grp_name);
 static void usage (int status);
 static void new_pwent (struct passwd *);
 
-static long scale_age (long);
 static void new_spent (struct spwd *);
 static void grp_update (void);
 
@@ -1008,15 +1007,6 @@ static void new_pwent (struct passwd *pwent)
 	pwent->pw_shell = (char *) user_shell;
 }
 
-static long scale_age (long x)
-{
-	if (x <= 0) {
-		return x;
-	}
-
-	return x * (DAY / SCALE);
-}
-
 /*
  * new_spent - initialize the values in a shadow password file entry
  *
@@ -1028,17 +1018,17 @@ static void new_spent (struct spwd *spent)
 	memzero (spent, sizeof *spent);
 	spent->sp_namp = (char *) user_name;
 	spent->sp_pwdp = (char *) user_pass;
-	spent->sp_lstchg = gettime () / SCALE;
+	spent->sp_lstchg = gettime () / DAY;
 	if (0 == spent->sp_lstchg) {
 		/* Better disable aging than requiring a password change */
 		spent->sp_lstchg = -1;
 	}
 	if (!rflg) {
-		spent->sp_min = scale_age (getdef_num ("PASS_MIN_DAYS", -1));
-		spent->sp_max = scale_age (getdef_num ("PASS_MAX_DAYS", -1));
-		spent->sp_warn = scale_age (getdef_num ("PASS_WARN_AGE", -1));
-		spent->sp_inact = scale_age (def_inactive);
-		spent->sp_expire = scale_age (user_expire);
+		spent->sp_min = getdef_num ("PASS_MIN_DAYS", -1);
+		spent->sp_max = getdef_num ("PASS_MAX_DAYS", -1);
+		spent->sp_warn = getdef_num ("PASS_WARN_AGE", -1);
+		spent->sp_inact = def_inactive;
+		spent->sp_expire = user_expire;
 	} else {
 		spent->sp_min = -1;
 		spent->sp_max = -1;

src/usermod.c

@@ -613,7 +613,7 @@ static void new_spent (struct spwd *spent)
 	spent->sp_pwdp = new_pw_passwd (spent->sp_pwdp);
 
 	if (pflg) {
-		spent->sp_lstchg = gettime () / SCALE;
+		spent->sp_lstchg = gettime () / DAY;
 		if (0 == spent->sp_lstchg) {
 			/* Better disable aging than requiring a password
 			 * change. */
@@ -1059,7 +1059,6 @@ static void process_flags (int argc, char **argv)
 						 Prog, optarg);
 					exit (E_BAD_ARG);
 				}
-				user_newexpire *= DAY / SCALE;
 				eflg = true;
 				break;
 			case 'f':
@@ -1745,7 +1744,7 @@ static void usr_update (void)
 			spent.sp_pwdp   = xstrdup (pwent.pw_passwd);
 			pwent.pw_passwd = xstrdup (SHADOW_PASSWD_STRING);
 
-			spent.sp_lstchg = gettime () / SCALE;
+			spent.sp_lstchg = gettime () / DAY;
 			if (0 == spent.sp_lstchg) {
 				/* Better disable aging than
 				 * requiring a password change */