Move the 4.1.2.1 branch to a tag.

The branch is no more needed.
Prepare the 4.1.2.1 release
2008-06-26 21:10:10 +00:00 · 2008-06-26 20:29:59 +00:00 · 2008-06-26 20:28:31 +00:00 · 2008-06-23 23:52:40 +00:00 · 2008-05-25 12:58:59 +00:00
10786 changed files with 113500 additions and 705089 deletions
@@ -1,4 +0,0 @@
 root = true
 [*.{c,h}]
 indent_style = tab
@@ -1,25 +0,0 @@
 name: 'Install dependencies'
 description: 'Install dependencies to build shadow-utils'
 runs:
  using: "composite"
  steps:
  - shell: bash
    run: |
      if [ -f /etc/apt/sources.list.d/ubuntu.sources ]; then
        echo "Found new-style sources.list.d"
        cat /etc/apt/sources.list.d/ubuntu.sources
        sudo sed -i 's/^Types: deb/Types: deb deb-src/' /etc/apt/sources.list.d/ubuntu.sources
      else
        echo "Found legacy sources.list"
        cat /etc/apt/sources.list
        sudo sed -i '/deb-src/d' /etc/apt/sources.list
        sudo sed -i '/^deb /p;s/ /-src /' /etc/apt/sources.list
      fi
      export DEBIAN_PRIORITY=critical
      export DEBIAN_FRONTEND=noninteractive
      # let's try to work around upgrade breakage in a pkg we don't care about
      sudo apt-mark hold grub-efi-amd64-bin grub-efi-amd64-signed
      sudo apt-get update
      sudo apt-get -y dist-upgrade
      sudo apt-get -y install ubuntu-dev-tools automake autopoint xsltproc gettext expect byacc libtool libbsd-dev libltdl-dev pkgconf
      sudo apt-get -y build-dep shadow
@@ -1,101 +0,0 @@
 name: CI
 on:
  push:
    branches: [ master ]
  pull_request:
    branches: [ master ]
  # Allows you to run this workflow manually from the Actions tab
  workflow_dispatch:
 jobs:
  build:
    runs-on: ubuntu-latest
    steps:
    - uses: actions/checkout@v3
    - name: debug
      run: |
        id
        which bash
        whoami
        env
        ps -ef
        pwd
        cat /proc/self/uid_map
        cat /proc/self/status
        systemd-detect-virt
    - name: Install dependencies
      id: dependencies
      uses: ./.github/actions/install-dependencies
    - name: configure
      run: |
        autoreconf -v -f --install
        ./autogen.sh --without-selinux --disable-man --with-yescrypt
    - run: make
    - run: make install DESTDIR=${HOME}/rootfs
    - run: sudo make install
    - name: run tests in shell with tty
      shell: 'script -q -e -c "bash {0}"'
      run: |
        set -e
        cd tests
        trap 'cat testsuite.log' ERR
        sudo ./run_some
        trap - ERR
  # Make sure that 'make dist' makes a usable tarball with no missing files
  dist-build:
    runs-on: ubuntu-latest
    steps:
    - name: Checkout repository
      uses: actions/checkout@v3
    - name: Install dependencies
      id: dependencies
      uses: ./.github/actions/install-dependencies
    - name: Test make dist
      run: |
        ./autogen.sh
        make dist
        f=shadow-*.tar.gz
        tar -zxf $f
        d=$(basename $f .tar.gz)
        cd $d
        ./configure
        make -j5
        make check
  container-build:
    runs-on: ubuntu-latest
    strategy:
      fail-fast: false
      matrix:
        os: [alpine, debian, fedora]
    steps:
    - name: Checkout repository
      uses: actions/checkout@v3
    - name: Install Ansible
      run: |
        sudo apt-get update
        sudo apt-get -y install ansible
    - name: Build container
      run: |
        pushd share/ansible/
        ansible-playbook playbook.yml -i inventory.ini -e 'distribution=${{ matrix.os }}'
        popd
    - name: Store artifacts
      if: always()
      uses: actions/upload-artifact@v4
      with:
        name: ${{ matrix.os }}-build
        path: |
          ./share/ansible/build-out/config.log
          ./share/ansible/build-out/config.h
          ./share/ansible/build-out/build.log
          ./share/ansible/build-out/test-suite.log
        if-no-files-found: ignore
@@ -1,58 +0,0 @@
 name: "Static code analysis"
 on:
  push:
    branches: [master]
  pull_request:
    branches: [master]
  schedule:
    # Everyday at midnight
    - cron: '0 0 * * *'
 jobs:
  codeql:
    runs-on: ubuntu-latest
    permissions:
      security-events: write
    steps:
    - name: Checkout repository
      uses: actions/checkout@v3
    - name: Install dependencies
      id: dependencies
      uses: ./.github/actions/install-dependencies
    - name: Initialize CodeQL
      uses: github/codeql-action/init@v2
      with:
        languages: cpp
        queries: +security-and-quality
    - name: Configure shadow-utils
      run: ./autogen.sh --without-selinux --disable-man
    - name: Build shadow-utils
      run: |
        PROCESSORS=$(/usr/bin/getconf _NPROCESSORS_ONLN)
        make -Orecurse -j$PROCESSORS
    - name: Perform CodeQL Analysis
      uses: github/codeql-action/analyze@v2
  differential-shellcheck:
    runs-on: ubuntu-latest
    permissions:
      contents: read
      security-events: write
    steps:
      - name: Checkout repository
        uses: actions/checkout@v3
        with:
          fetch-depth: 0
      # Doc: https://github.com/redhat-plumbers-in-action/differential-shellcheck#usage
      - name: Differential ShellCheck
        uses: redhat-plumbers-in-action/differential-shellcheck@v3
        with:
          severity: warning
          token: ${{ secrets.GITHUB_TOKEN }}
@@ -1,56 +0,0 @@
 *~
 lib*.a
 *.o
 *.lo
 *.la
 *.mo
 *.gmo
 .deps
 .libs
 .dirstamp
 *.patch
 *.rej
 *.orig
 Makefile
 Makefile.in
 test-driver
 /ABOUT-NLS
 /aclocal.m4
 /autom4te.cache
 /compile
 /config.cache
 /config.guess
 /config.h
 /config.h.in
 /config.log
 /config.rpath
 /config.status
 /config.sub
 /configure
 /depcomp
 /install-sh
 /libtool
 /ltmain.sh
 /m4
 /missing
 /stamp-h1
 /test-driver
 /ylwrap
 /po/*.header
 /po/*.sed
 /po/*.sin
 /po/Makefile.in.in
 /po/Makevars.template
 /po/POTFILES
 /po/Rules-quot
 /po/stamp-po
 /shadow.spec
 /shadow-*.tar.*
 /lib/getdate.c
 /libsubid/subid.h
@@ -1,98 +0,0 @@
 Thanks to at least the following people for sending patches, bug
 reports and various comments. This list may be incomplete, I received
 a lot of mail...
 # Maintainers
 * Marek Michałkiewicz <marekm72@gmail.com> (1995-2000)
 * Tomasz Kłoczko <kloczek@pld.org.pl> (2000-2007)
 * Nicolas François <nicolas.francois@centraliens.net> (2007-2014)
 * Serge E. Hallyn <serge@hallyn.com> (2014-now)
 * Christian Brauner <christian@brauner.io> (2019-now)
 * Iker Pedrosa <ipedrosa@redhat.com> (2022-now)
 * Alejandro Colomar <alx@kernel.org> (2023-now) (4.14 stable)
 To verify signatures on releases, use the following keys under keys/ :
 * Serge Hallyn: keys/66D0387DB85D320F8408166DB175CFA98F192AF2.asc
 * Christian Brauner: keys/4880B8C9BD0E5106FC070F4F7B3C391EFEA93624.asc
 * Iker Pedrosa: keys/4E80EF49C7987B6DE2F81F5005079C6C3A653E57.asc
 * Alejandro Colomar: keys/A9348594CE31283A826FBDD8D57633D441E25BB5.asc
 # Authors and contributors
 * Adam Rudnicki <adam@v-lo.krakow.pl>
 * Alan Curry <pacman@tardis.mars.net>
 * Aleksa Sarai <cyphar@cyphar.com>
 * Alexander O. Yuriev <alex@bach.cis.temple.edu>
 * Algis Rudys <arudys@rice.edu>
 * Andreas Jaeger <aj@arthur.rhein-neckar.de>
 * Andy Zaugg <andy.zaugg@gmail.com>
 * Aniello Del Sorbo <anidel@edu-gw.dia.unisa.it>
 * Anton Gluck <gluc@midway.uchicago.edu>
 * Arkadiusz Miskiewicz <misiek@pld.org.pl>
 * Ben Collins <bcollins@debian.org>
 * Brian R. Gaeke <brg@dgate.org>
 * Calle Karlsson <ckn@kash.se>
 * Chip Rosenthal <chip@unicom.com>
 * Chris Evans <lady0110@sable.ox.ac.uk>
 * Chris Lamb <chris@chris-lamb.co.uk>
 * Cristian Gafton <gafton@sorosis.ro>
 * Dan Walsh <dwalsh@redhat.com>
 * Darcy Boese <possum@chardonnay.niagara.com>
 * Dave Hagewood <admin@arrowweb.com>
 * David A. Holland <dholland@hcs.harvard.edu>
 * David Frey <David.Frey@lugs.ch>
 * Ed Carp <ecarp@netcom.com>
 * Ed Neville <ed@s5h.net>
 * Eric W. Biederman" <ebiederm@xmission.com>
 * Floody <flood@evcom.net>
 * Frank Denis <j@4u.net>
 * George Kraft IV <gk4@us.ibm.com>
 * Greg Mortensen <loki@world.std.com>
 * Guido van Rooij
 * Guy Maor <maor@debian.org>
 * Hrvoje Dogan <hdogan@bjesomar.srce.hr>
 * Jakub Hrozek <jhrozek@redhat.com>
 * Janos Farkas <chexum@bankinf.banki.hu>
 * Jason Franklin <jason.franklin@quoininc.com>
 * Jay Soffian <jay@lw.net>
 * Jesse Thilo <Jesse.Thilo@pobox.com>
 * Joey Hess <joey@kite.ml.org>
 * John Adelsberger <jja@umr.edu>
 * Jonathan Hankins <jhankins@mailserv.homewood.k12.al.us>
 * Jon Lewis <jlewis@lewis.org>
 * Joshua Cowan <jcowan@hermit.reslife.okstate.edu>
 * Judd Bourgeois <shagboy@bluesky.net>
 * Juergen Heinzl <unicorn@noris.net>
 * Juha Virtanen <jiivee@iki.fi>
 * Julian Pidancet <julian.pidancet@gmail.com>
 * Julianne Frances Haugh <julie78787@gmail.com>
 * Leonard N. Zubkoff <lnz@dandelion.com>
 * Luca Berra <bluca@www.polimi.it>
 * Lukáš Kuklínek <lkukline@redhat.com>
 * Lutz Schwalowsky <schwalow@mineralogie.uni-hamburg.de>
 * Marc Ewing <marc@redhat.com>
 * Martin Bene <mb@sime.com>
 * Martin Mares <mj@gts.cz>
 * Michael Meskes <meskes@topsystem.de>
 * Michael Talbot-Wilson <mike@calypso.bns.com.au>
 * Michael Vetter <jubalh@iodoru.org>
 * Mike Frysinger <vapier@gentoo.org>
 * Mike Pakovic <mpakovic@users.southeast.net>
 * Nicolas François <nicolas.francois@centraliens.net>
 * Nikos Mavroyanopoulos <nmav@i-net.paiko.gr>
 * Pavel Machek <pavel@bug.ucw.cz>
 * Peter Vrabec <pvrabec@redhat.com>
 * Phillip Street
 * Rafał Maszkowski <rzm@icm.edu.pl>
 * Rani Chouha <ranibey@smartec.com>
 * Sami Kerola <kerolasa@rocketmail.com>
 * Scott Garman <scott.a.garman@intel.com>
 * Sebastian Rick Rijkers <srrijkers@gmail.com>
 * Seraphim Mellos <mellos@ceid.upatras.gr>
 * Shane Watts <shane@nexus.mlckew.edu.au>
 * Steve M. Robbins <steve@nyongwa.montreal.qc.ca>
 * Thorsten Kukuk <kukuk@suse.de>
 * Tim Hockin <thockin@eagle.ais.net>
 * Timo Karjalainen <timok@iki.fi>
 * Ulisses Alonso Camaro <ulisses@pusa.eleinf.uv.es>
 * Werner Fink <werner@suse.de>
@@ -1,41 +1,118 @@
-SPDX-License-Identifier: BSD-3-Clause
+NOTE:
  This license has been obsoleted by the change to the BSD-style copyright.
  You may continue to use this license if you wish, but you are under no
  obligation to do so.
-All files under this project either
+(*
 This document is freely plagiarised from the 'Artistic Licence',
 distributed as part of the Perl v4.0 kit by Larry Wall, which is
 available from most major archive sites.  I stole it from CrackLib.
-1. fall under the BSD 3 clause license (by default).
+	$Id$
 *)
-2. carry an SPDX header declaring what license applies.
+This documents purpose is to state the conditions under which this
 Package (See definition below) viz: "Shadow", the Shadow Password Suite
 which is held by Julianne Frances Haugh, may be copied, such that the
 copyright holder maintains some semblance of artistic control over the
 development of the package, while giving the users of the package the
 right to use and distribute the Package in a more-or-less customary
 fashion, plus the right to make reasonable modifications. 
-or
+So there.
-3. list a full custom license
+***************************************************************************
-This software is originally
+Definitions:
 * Copyright (c) 1989 - 1994, Julianne Frances Haugh
- * All rights reserved.
+A "Package" refers to the collection of files distributed by the
- *
+Copyright Holder, and derivatives of that collection of files created
- * Redistribution and use in source and binary forms, with or without
+through textual modification, or segments thereof. 
- * modification, are permitted provided that the following conditions
+
- * are met:
+"Standard Version" refers to such a Package if it has not been modified,
- * 1. Redistributions of source code must retain the above copyright
+or has been modified in accordance with the wishes of the Copyright
- *    notice, this list of conditions and the following disclaimer.
+Holder.
- * 2. Redistributions in binary form must reproduce the above copyright
+
- *    notice, this list of conditions and the following disclaimer in the
+"Copyright Holder" is whoever is named in the copyright or copyrights
- *    documentation and/or other materials provided with the distribution.
+for the package.
- * 3. The name of the copyright holders or contributors may not be used to
+
- *    endorse or promote products derived from this software without
+"You" is you, if you're thinking about copying or distributing this
- *    specific prior written permission.
+Package.
- *
+
- * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+"Reasonable copying fee" is whatever you can justify on the basis of
- * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+media cost, duplication charges, time of people involved, and so on.
- * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
+(You will not be required to justify it to the Copyright Holder, but
- * PARTICULAR PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE COPYRIGHT
+only to the computing community at large as a market that must bear the
- * HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+fee.)
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+
- * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+"Freely Available" means that no fee is charged for the item itself,
- * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+though there may be fees involved in handling the item.  It also means
- * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+that recipients of the item may redistribute it under the same
- * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+conditions they received it.
- * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
 1.  You may make and give away verbatim copies of the source form of the
 Standard Version of this Package without restriction, provided that you
 duplicate all of the original copyright notices and associated
 disclaimers.
 2.  You may apply bug fixes, portability fixes and other modifications
 derived from the Public Domain or from the Copyright Holder.  A Package
 modified in such a way shall still be considered the Standard Version.
 3.  You may otherwise modify your copy of this Package in any way,
 provided that you insert a prominent notice in each changed file stating
 how and when AND WHY you changed that file, and provided that you do at
 least ONE of the following:
 a) place your modifications in the Public Domain or otherwise make them
 Freely Available, such as by posting said modifications to Usenet or an
 equivalent medium, or placing the modifications on a major archive site
 such as uunet.uu.net, or by allowing the Copyright Holder to include
 your modifications in the Standard Version of the Package.
 b) use the modified Package only within your corporation or organization.
 c) rename any non-standard executables so the names do not conflict with
 standard executables, which must also be provided, and provide separate
 documentation for each non-standard executable that clearly documents
 how it differs from the Standard Version.
 d) make other distribution arrangements with the Copyright Holder.
 4.  You may distribute the programs of this Package in object code or
 executable form, provided that you do at least ONE of the following:
 a) distribute a Standard Version of the executables and library files,
 together with instructions (in the manual page or equivalent) on where
 to get the Standard Version.
 b) accompany the distribution with the machine-readable source of the
 Package with your modifications.
 c) accompany any non-standard executables with their corresponding
 Standard Version executables, giving the non-standard executables
 non-standard names, and clearly documenting the differences in manual
 pages (or equivalent), together with instructions on where to get the
 Standard Version.
 d) make other distribution arrangements with the Copyright Holder.
 5.  You may charge a reasonable copying fee for any distribution of this
 Package.  You may charge any fee you choose for support of this Package. 
 YOU MAY NOT CHARGE A FEE FOR THIS PACKAGE ITSELF.  However, you may
 distribute this Package in aggregate with other (possibly commercial)
 programs as part of a larger (possibly commercial) software distribution
 provided that YOU DO NOT ADVERTISE this package as a product of your
 own. 
 6.  The name of the Copyright Holder may not be used to endorse or
 promote products derived from this software without specific prior
 written permission.
 7.  THIS PACKAGE IS PROVIDED "AS IS" AND WITHOUT ANY EXPRESS OR IMPLIED
 WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF
 MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
 				The End
@@ -1,27 +1,8 @@
 ## Process this file with automake to produce Makefile.in
-SUBDIRS = lib
+EXTRA_DIST = NEWS README TODO shadow.spec.in
-if ENABLE_SUBIDS
+AUTOMAKE_OPTIONS = 1.5 dist-bzip2 foreign
 SUBDIRS += libsubid
 endif
-SUBDIRS += src po contrib doc etc tests/unit
+SUBDIRS = po man libmisc lib src \
-
+	contrib doc etc
 if ENABLE_REGENERATE_MAN
 SUBDIRS += man
 endif
 CLEANFILES = man/8.out man/po/remove-potcdate.* man/*/login.defs.d man/*/*.mo
 EXTRA_DIST = NEWS README tests/
 dist-hook:
 	chmod -R u+w $(distdir)/tests
 	chmod u+w $(distdir)
 	mv $(distdir)/tests/unit $(distdir)/realunittest
 	mv $(distdir)/tests/tests $(distdir)/realtests
 	rm -rf $(distdir)/tests
 	mv $(distdir)/realtests $(distdir)/tests
 	rm -rf $(distdir)/tests/unit $(distdir)/tests/Makefile*
 	mv $(distdir)/realunittest $(distdir)/tests/unit
@@ -1,442 +1,5 @@
 $Id$
 shadow-4.1.5.1 -> shadow-4.2					UNRELEASED
 *** general
  * Handle libc whose crypt() returns NULL when passed a salt that
    violates specs or system requirements (e.g. FIPS140). This is needed
    with glibc/eglibc 2.17 for tools checking passwords (passwd (non PAM
    enabled) or newgrp), and for tools generating encrypted passwords
    (chgpasswd, chpasswd, or gpasswd when non PAM enabled or when a fixed
    crypt method is requested on the command line, and newusers, or passwd
    in their non PAM enabled versions)
  * Fix segfault when reading groups split on multiple lines. This impacts
    most user/group management tools when MAX_MEMBERS_PER_GROUP is set.
 - su
  * When su receives a signal (SIGTERM, or SIGINT/SIGQUIT in non
    interactive mode), kill the child process group, rather than just the
    immediate child.
  * Fix segmentation faults for users without a proper home or shell in
    their passwd entries.
 - login
  * Fix segmentation faults for users without a proper home or shell in
    their passwd entries.
 *** documentation
  * Fixed useradd man page (--home-dir option, instead of --home).
 *** translation
  * Updated Russian translation.
  * Updated German man pages translation.
  * Fixed gshadow Japanese man page translation.
 shadow-4.1.5 -> shadow-4.1.5.1					2012-05-25
 - login
  * Log into utmp(x) when PAM is enabled, but do not log into wtmp.
    This complete pam_lastlog which logs into wtmp and in into utmp(x).
 - su
  * non PAM enabled versions: do not fail if su is called without a
    controlling terminal.
 - userdel
  * Fix segfault when userdel removes the user's group.
 *** documentation
  * .so links now point to paths relative to the top-level manual hierarchy
 *** translation
  * Updated French man pages translation.
  * Updated German man pages translation.
  * Updated Polish man pages translation. (logoutd.8)
 shadow-4.1.4.3 -> shadow-4.1.5					2012-02-12
 *** security
  * su -c could be abused by the executed command to invoke commands with
    the caller privileges. See below. (CVE-2005-4890)
 *** general
  * report usage error to stderr, but report usage help to stdout (and return
    zero) when explicitly requested (e.g. with --help).
  * initial support for tcb (http://openwall.com/tcb/) for useradd,
    userdel, usermod, chage, pwck, vipw.
  * Added support for ACLs and Extended Attributes in useradd and usermod.
    Support shall be enabled with the new --with-acl or --with-attr
    configure options.
  * Added diagnosis for lock failures.
  * use libsemanage instead of the semanage tool.
 - chage
  * Add --root option.
 - chfn
  * Add --root option.
 - chgpasswd
  * When the gshadow file exists but there are no gshadow entries, an entry
    is created if the password is changed and group requires a
    shadow entry.
  * Add --root option.
 - chpasswd
  * PAM enabled versions: restore the -e option to allow restoring
    passwords without knowing those passwords. Restore together the -m
    and -c options. (These options were removed in shadow-4.1.4 on PAM
    enabled versions)
  * When the shadow file exists but there are no shadow entries, an entry
    is created if the password is changed and passwd requires a
    shadow entry.
  * Add --root option.
 - chsh
  * Add --root option.
 - faillog
  * The -l, -m, -r, -t options only act on the existing users, unless -a is
    specified.
  * Add --root option.
 - gpasswd
  * Add --root option.
 - groupadd
  * Add --root option.
 - groupdel
  * Add --root option.
 - groupmems
  * Fix parsing of gshadow entries.
  * Add --root option.
 - groupmod
  * Fixed groupmod when configured with --enable-account-tools-setuid.
  * When the gshadow file exists but there are no gshadow entries, an entry
    is created if the password is changed and group requires a
    shadow entry.
  * Add --root option.
 - grpck
  * Add --root option.
  * NIS entries were dropped by -s (sort).
 - grpconv
  * Add --root option.
 - grpunconv
  * Add --root option.
 - lastlog
  * Add --root option.
 - login
  * Fixed limits support (non PAM enabled versions only)
  * Added support for infinite limits and group based limits (non PAM
    enabled versions only)
  * Fixed infinite loop when CONSOLE is configured with a colon-separated
    list of TTYs.
  * Fixed warning and support for CONSOLE_GROUPS for users member of more
    than 16 groups.
  * Do not log into utmp(x) or wtmp when PAM is enabled. This is done by
    pam_lastlog.
 - newgrp, sg
  * Fix parsing of gshadow entries.
 - newusers
  * Add --root option.
 - passwd
  * Add --root option.
 - pwpck
  * NIS entries were dropped by -s (sort).
  * Add --root option.
 - pwconv
  * Add --root option.
 - pwunconv
  * Add --root option.
 - useradd
  * If the skeleton directory contained hardlinked files, copies of the
    hardlink were removed from the skeleton directory.
  * Add --root option.
 - userdel
  * Check the existence of the user's mail spool before trying to remove
    it. If it does not exist, a warning is issued, but no failure.
  * Do not remove a group with the same name as the user (usergroup) if
    this group isn't the user's primary group.
  * Add --root option.
  * Add --selinux-user option.
 - usermod
  * Accept options in any order (username not necessarily at the end)
  * When the shadow file exists but there are no shadow entries, an entry
    is created if the password is changed and passwd requires a
    shadow entry, or if aging features are used (-e or -f).
  * Add --root option.
 - su
  * Document the su exit values.
  * When su receives a signal, wait for the child to terminate (after
    sending a SIGTERM), and kill it only if it did not terminate by itself.
    No delay will be enforced if the child cooperates.
  * Default ENV_SUPATH is /sbin:/bin:/usr/sbin:/usr/bin
  * Fixed infinite loop when CONSOLE is configured with a colon-separated
    list of TTYs.
  * Fixed warning and support for CONSOLE_GROUPS for users member of more
    than 16 groups.
  * Do not forward the controlling terminal to commands executed with -c.
    This prevents tty hijacking which could lead to execution with the
    caller's privileges.
  * Close PAM sessions as root. This will be more friendly to PAM modules
    like pam_mount or pam_systemd.
  * Added support for PAM modules which change PAM_USER.
 *** translation
  * Updated Brazilian Portuguese translation.
  * Updated Catalan translation.
  * Updated Czech translation.
  * Updated Danish translation.
  * New Danish man pages translation.
  * Updated French translation.
  * Updated French man pages translation.
  * Updated German translation.
  * Updated German man pages translation.
  * Updated Greek translation.
  * Updated Italian man pages translation.
  * Updated Japanese translation.
  * Updated Kazakh translation.
  * Updated Norwegian Bokmål translation.
  * Updated Portuguese translation.
  * Updated Russian translation.
  * Updated Simplified Chinese translation.
  * Updated Simplified Chinese man pages translation.
  * Updated Swedish translation.
  * Updated Vietnamese translation.
 shadow-4.1.4.2 -> shadow-4.1.4.3						2011-02-15
 *** security
 - CVE-2011-0721: An insufficient input sanitation in chfn can be exploited
  to create users or groups in a NIS environment.
 shadow-4.1.4.1 -> shadow-4.1.4.2					2009-07-24
 - general
  * Improved support for large groups (impacts most user/group management
    tools).
 - addition of system users or groups
  * Speed improvement. This should be noticeable in case of LDAP configured
    systems. This should impact useradd, groupadd, and newusers
  * Since system accounts are allocated from SYS_?ID_MIN to SYS_?ID_MAX in
    reverse order, accounts are packed close to SYS_?ID_MAX if SYS_?ID_MIN
    is already used but there are still dome gaps.
 - login
  * Add support for shells being a shell script without a shebang.
 - su
  * Preserve the DISPLAY and XAUTHORITY environment variables. This was
    only the case in the non PAM enabled versions.
  * Add support for shells being a shell script without a shebang.
 *** translation
  * The Finnish translation of passwd(1) was outdated and is no more
    distributed.
 shadow-4.1.4 -> shadow-4.1.4.1						2009-05-22
 - login
  * Fix failures with empty usernames on non PAM versions.
  * Fix CONSOLE (securetty) support on non PAM versions.
 - newgrp
  * Return the exit status of the child.
 - userdel
  * On Linux, do not check if an user is logged in with utmp, but check if
    the user is running some processes.
  * If not on Linux, continue to search for an utmp record, but make sure
    the process recorded in the utmp entry is still running.
  * Report failures to remove the user's mailbox
  * When USERGROUPS_ENAB is enabled, remove the user's group when the
    user was the only member.
  * Do not fail when -r is used and the home directory does not exist.
 - usermod
  * Check if the user is busy when the user's UID, name or home directory
    is changed.
 shadow-4.1.3.1 -> shadow-4.1.4						2009-05-10
 - packaging
  * Enable --enable-account-tools-setuid by default for PAM builds.
  * Add configure option --enable-utmpx, disabled by default to mimic
    the previous behavior on Linux (where utmp and utmpx are identical).
  * Fix build failure on non-PAM systems when --without-pam is not
    specified.
 - chpasswd
  * Change the passwords using PAM. This permits to define the password
    policy in a central place. The -c/--crypt-method, -e/--encrypted,
    -m/--md5 and -s/--sha-rounds options are no more supported on PAM
    enabled systems.
 - grpck
  * Warn if a group has an entry in group and gshadow, and the password
    field in group is not 'x'.
 - login
  * Do not trust the current utmp entry's ut_line to set PAM_TTY. This could
    lead to DOS attacks.
  * (PAM) Even if the user was already authenticated (-f flag), ask the
    user to update his authentication token if needed.
 - lastlog
  * Fix regression causing empty reports.
 - newusers
  * Change the passwords using PAM. This permits to define the password
    policy in a central place. The -c/--crypt-method and -s/--sha-rounds
    options are no more supported on PAM enabled systems.
 - pwck
  * Warn if an user has an entry in passwd and shadow, and the password
    field in passwd is not 'x'.
 *** translation
 - Updated Czech translation
 - Updated French translation
 - Updated German translation
 - Updated Japanese translation
 - Updated Korean translation
 - Updated Portuguese translation
 - Updated Russian translation
 shadow-4.1.3 -> shadow-4.1.3.1						2009-04-15
 *** security:
 - Due to bad parsing of octal permissions, the permissions on tty (login)
  but also UMASK were set wrongly (and weirdly). Only shadow-4.1.3 was
  affected.
 *** general
 - login
  * Fix regression when no user is specified on the command line.
 - userdel
  * Fixed SE Linux support
 - vipw
  * SE Linux: Set the default context to the context of the file being
    edited. This ensures that the backup file inherit from the file's
    context.
 *** translation
 - Updated Norwegian Bokmål translation
 shadow-4.1.2.2 -> shadow-4.1.3						2009-04-12
 *** general:
 - packaging
  * Fixed support for OpenPAM.
  * Fixed support for uclibc.
  * Added configure --enable-account-tools-setuid (default) /
    --disable-account-tools-setuid options. This permits to disable the
    PAM authentication of the caller for chage, chgpasswd, chpasswd,
    groupadd, groupdel, groupmod, newusers, useradd, userdel, and usermod.
    This authentication is not necessary when these tools are not
    installed setuid root.
  * Added configure --with-group-name-max-length (default) /
    --without-group-name-max-length options. This permits to configure the maximum length allowed for group names:
      <no option> -> default of 16 (like today)
      --with-group-name-max-length -> default of 16
      --without-group-name-max-length -> no max length
      --with-group-name-max-length=n > max is set to n
    No sanity checking is performed on n so people could do
    something neat like --with-group-name-max-length=MAX_INT
 - addition of users or groups
  * Speed improvement in case UID_MAX/SYS_UID_MAX/GID_MAX/SYS_GID_MAX is
    used for an user/group. This should be noticeable in case of LDAP
    configured systems. This should impact useradd, groupadd, and newusers
 - error handling improvement
  * Make sure errors and incomplete changes are reported to syslog and
    audit in case of unexpected failures.
  * Report system inconsistencies to syslog and audit.
  * Only report success to syslog and audit if the changes are really
    performed in the system databases.
    This is still not complete.
 - /etc/login.defs
  * New CREATE_HOME variable to tell useradd to create a home directory by
    default.
 - Translations
  * New Kazakh translation.
  * Spanish manpages are no more distributed. They are outdated. Please
    contact pkg-shadow-devel@lists.alioth.debian.org if you wish to
    provide updates.
 - faillog
  * Accept users specified as a numerical UID, or ranges of users (-user,
    user-, user1-user2).
  * -l, -m, and -r now apply not only to existing users, but to all the
    specified UIDs.
  * Options can be specified in any order.
 - gpasswd
  * Added support for long options --add (-a), --delete (-d),
    --remove-password (-r), --restrict (-R), --administrators (-A), and
    --members (-M).
  * Added support for usernames with arbitrary length.
  * audit logging improvements.
  * error handling improvement (see above).
  * Log permission denied to syslog and audit.
 - groupadd
  * audit logging improvements.
  * error handling improvement (see above).
  * Speedup (see "addition of users or groups" above).
  * do not create groups with GID set to (gid_t)-1.
  * Allocate system group GIDs in reverse order. This could be useful
    later to increase the static IDs range.
 - groupdel
  * audit logging improvements.
  * error handling improvement (see above).
 - groupmems
  * Check if user exist before they are added to groups.
  * Avoid segfault in case the specified group does not exist in /etc/group.
  * Everybody is allowed to list the users of a group.
  * /etc/group is open readonly when one just wants to list the users of a
    group.
  * Added syslog support.
  * Use the groupmems PAM service name instead of groupmod.
  * Fix segmentation faults when adding or removing users from a group.
  * Added support for shadow groups.
  * Added support long options --add (-a), --delete (-d), --purge (-p),
    --list (-l), --group (-g).
 - groupmod
  * audit logging improvements.
  * error handling improvement (see above).
  * do not create groups with GID set to (gid_t)-1.
 - grpck
  * warn for groups with GID set to (gid_t)-1.
 - login
  * Restore the echoctl, echoke, onclr flags to the terminal termio flags.
    Reset echoprt, noflsh, tostop. This behavior seems to have change by
    mistake in earlier releases (4.0.8, for no obvious reason).
 - newusers
  * Implement the -r, --system option.
  * Speedup (see "addition of users or groups" above).
  * do not create users with UID set to (gid_t)-1.
  * do not create groups with GID set to (gid_t)-1.
  * Allocate system account UIDs/GIDs in reverse order. This could be useful
    later to increase the static IDs range.
 - passwd
  * For compatibility with other passwd version, the --lock an --unlock
    options do not lock or unlock the user account anymore.  They only
    lock or unlock the user's password.
 - pwck
  * warn for users with UID set to (uid_t)-1.
 - su
  * Preserve COLORTERM in addition to TERM when su is called with the -l
    option.
 - useradd
  * audit logging improvements.
  * Speedup (see "addition of users or groups" above).
  * See CREATE_HOME above.
  * New -M/--no-create-home option to disable CREATE_HOME.
  * do not create users with UID set to (gid_t)-1.
  * Added -Z option to map SELinux user for user's login.
  * Allocate system user UIDs in reverse order. This could be useful
    later to increase the static IDs range.
 - userdel
  * audit logging improvements.
  * Do not fail if the removed user is not in the shadow database.
  * When the user's group shall be removed, do not fail if this group is
    not in the gshadow file.
  * Delete the SELinux user mapping for user's login.
 - usermod
  * Allow adding LDAP users (or any user not present in the local passwd
    file) to local groups
  * do not create users with UID set to (gid_t)-1.
  * Added -Z option to map SELinux user for user's login.
 shadow-4.1.2.1 -> shadow-4.1.2.2					23-11-2008
 *** security
 - Fix a race condition in login that could lead to gaining ownership or
  changing mode of arbitrary files.
 - Fix a possible login DOS, which could be caused by injecting forged
  entries in utmp.
 shadow-4.1.2 -> shadow-4.1.2.1						26-06-2008
 *** security
@@ -511,7 +74,7 @@ shadow-4.1.0 -> shadow-4.1.1						02-04-2008
    faillog faster.
 - gpasswd
  * Fix failures when the gshadow file is not present.
-  * When a password is moved to the gshadow file, use "x" instead of "!"
+  * When a password is moved to the gshadow file, use "x" instead of "x"
    to indicate that the password is shadowed (consistency with grpconv).
  * Make sure the group and gshadow files are unlocked on exit.
 - groupadd
@@ -654,9 +217,9 @@ shadow-4.0.18.2 -> shadow-4.1.0						09-12-2007
 - Use MD5_CRYPT_ENAB, ENCRYPT_METHOD, SHA_CRYPT_MIN_ROUNDS, and
  SHA_CRYPT_MAX_ROUNDS to define the default encryption algorithm for the
  passwords.
- chpasswd, chgpasswd, newusers: New options -c/--crypt-method and
+- chpaswd, chgpasswd, newusers: New options -c/--crypt-method and
  -s/--sha-rounds to supersede the system default encryption algorithm.
- chpasswd, chgpasswd, newusers: DES is no more the default algorithm. They
+- chpaswd, chgpasswd, newusers: DES is no more the default algorithm. They
  will respect the system default configured in /etc/login.defs
 *** documentation:
@@ -696,19 +259,19 @@ shadow-4.0.18 -> shadow-4.0.18.1					03-08-2006
 shadow-4.0.17 -> shadow-4.0.18						01-08-2006
 *** general:
- su: fixed set environment too early when using PAM, so move it to !USE_PAM
+- su: fixed set enviroment too early when using PAM, so move it to !USE_PAM
  (patch submitted by Mike Frysinger <vapier@gentoo.org>),
 - groupadd, groupmod, useradd, usermod: fixed UID/GID overflow (fixed
  http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=198920)
 - passwd, useradd, usermod: fixed inactive/mindays/warndays/maxdays overflow
-  (similar to RH#198920),
+  (simillar to RH#198920),
- groupmems: rewritten for use PAM and getopt_long() and now it is enabled
+- groupmems: rewrited for use PAM and getopt_long() and now it is enabled
  for build and install (patch by George Kraft <gk4@swbell.net>),
 - S/Key: removed assign getpass() to libshadow_getpass() on autoconf level
  (patch by Ulrich Mueller <ulm@kph.uni-mainz.de>; http://bugs.gentoo.org/139966),
 - usermod: back to previous -a option semantics and clarify -a behavior
  on documentation level (by Greg Schafer <gschafer@zip.com.au>),
- chsh, groupmod: rewritten for use getopt_long().
+- chsh, groupmod: rewrited for use getopt_long().
 - updated translations: ca, cs, da, eu, fr, gl, hu, ko, pl, pt, ru, sv, tr, uk, vi.
 *** documentation:
 - fr and ru man pages are up to date,
@@ -743,7 +306,7 @@ shadow-4.0.15 -> shadow-4.0.16						05-06-2006
 *** general:
 - userdel: better fix for old CERT VU#312962 (which was fixed in shadow 4.0.8):
-  fixed forgotten checking of the return value from fchown() before
+  fixed forgoten checking of the return value from fchown() before
  proceeding with the fchmod() (based on Owl patch prepared by
  Rafal Wojtczuk <nergal@owl.openwall.com>),
 - userdel: use login.defs::MAIL_DIR instead hardcoded /var/mail in created
@@ -755,7 +318,7 @@ shadow-4.0.15 -> shadow-4.0.16						05-06-2006
  passwords and libshadow_getpass() is used only because libc getpass()
  do not handles password prompting with echo enabled,
 - move login.defs::MD5_CRYPT_ENAB to non-PAM part,
- userdel: rewritten for use getopt_log(),
+- userdel: rewrited for use getopt_log(),
 - install default/template configuration files:
 -- if shadow is configured with use PAM install /etc/pam.d/* files,
 -- if shadow do not uses PAM install /etc/{limits,login.acces} files,
@@ -793,7 +356,7 @@ shadow-4.0.15 -> shadow-4.0.16						05-06-2006
 - updated ru login.defs(5), passwd(1), userdel(8), usermod(8) man pages,
 - pw_auth(3) man page removed (outdated),
 - install limits(5), login.access(5) and porttime(5) man pages only when
-  shadow is built with PAM support disabled,
+  shadow is builded with PAM support disabled,
 - passwd(1): better document how password strength is checked
  (fixed http://bugs.debian.org/115380),
 - usermod(8): added missing -a option description
@@ -816,7 +379,7 @@ shadow-4.0.14 -> shadow-4.0.15						13-03-2006
 - login: default UMASK if not specified in login.defs is 022 (pointed by
  Peter Vrabec <pvrabec@redhat.com>),
 - chgpasswd: new tool (by Jonas Meurer <mejo@debian.org>),
- lastlog: print the usage and exit if an additional argument is provided to
+- lastlog: print the usage and exit if an additional argument is profided to
  lastlog (merge 488_laslog_verify_arguments Debian patch),
 - login, newgrp, nologin, su: do not link with libselinux (merge
  490_link_selinux_only_when_needed Debian patch),
@@ -830,9 +393,9 @@ shadow-4.0.14 -> shadow-4.0.15						13-03-2006
    tries exceeded,
  - always prints the number of tries in the syslog entry.
  - add special handling for PAM_ABORT
-  - add an entry to faillog, as when USE_PAM is not defined. (#53164)
+  - add an entry to failog, as when USE_PAM is not defined. (#53164)
  - changed pam_end to PAM_END. This is certainly was a mistake.  PAM_END is
-    pam_close_session + pam_end. Here, the session is still not open, we
+    pam_close_seesion + pam_end. Here, the session is still not open, we
    don't have to close it.
  - a HAVE_PAM_FAIL_DELAY is missing,
 - su: fixed pam session support (patch from Topi Miettinen; fixed #57526,
@@ -840,7 +403,7 @@ shadow-4.0.14 -> shadow-4.0.15						13-03-2006
 - userdel: user's group is already removed by update_groups().
  remove_group() is not needed (bug introduced in 4.0.14 on merge FC fixes).
  Fixed by Nicolas François <nicolas.francois@centraliens.net>,
- useradd: always remove group and gshadow databases lock, Fixed by Nicolas
+- useradd: allways remove group and gshadow databases lock, Fixed by Nicolas
  François <nicolas.francois@centraliens.net>
  (http://bugs.debian.org/348250)
 - auditing fixes:
@@ -848,14 +411,14 @@ shadow-4.0.14 -> shadow-4.0.15						13-03-2006
    added audit_logger() prototype),
  - useradd: fixed excess audit_logger() argument,
 - chage: added missing \n on display password status if password must be
-  changed,
+  chaged,
 - useradd: fixed allow non-unique UID (http://bugs.debian.org/351281),
- various code cleanups for make possible compilation of shadow with -Wall
+- variouse code cleanups for make possible compilation of shadow with -Wall
  -Werror (by Alexander Gattin <xrgtn@yandex.ru>),
 - su: move exit() outside libmisc/shell.c::shell() for handle shell() errors
  on higher level (now is better visable where some programs exit with 126
  and 127 exit codes); added new shell() parameter (char *const envp[])
-  which allow fix preserving environment in su on using -p, (patch by
+  which allow fix preserving enviloment in su on using -p, (patch by
  Alexander Gattin <xrgtn@yandex.ru>),
 - su: added handle -c,--command option for GNU su compliance (merge
  437_su_-c_option Debian patch),
@@ -903,7 +466,7 @@ shadow-4.0.13 -> shadow-4.0.14						03-01-2006
 - userdel: make the -f option force the removal of the user's group (even if it
  is the primary group of another user)
  (merge 453_userdel_-f_removes_group Debian patch),
- usermod: rewritten for use getopt_long() (Christian Perrier <bubulle@kheops.frmug.org>),
+- usermod: rewrited for use getopt_long() (Christian Perrier <bubulle@kheops.frmug.org>),
 - grpck: fixed segmentation fault on using -s when /etc/gshadow is empty (fix by
  Tomasz Lemiech <szpajder@staszic.waw.pl>),
 - passwd: remove handle -f, -g and -s options.
@@ -912,7 +475,7 @@ shadow-4.0.13 -> shadow-4.0.14						03-01-2006
  Nicolas François <nicolas.francois@centraliens.net>)
 - su: export $USER and $SHELL as well as $HOME (http://bugs.debian.org/11003 and
  http://bugs.debian.org/11189),
- su, vipw: rewritten for use getopt_long(),
+- su, vipw: rewrited for use getopt_long(),
 - su: log successful/failed through syslog (http://bugs.debian.org/190215),
 - updated translations: ca, cs, da, eu, fi, fr, it, pl, pt, ru, sv, tl, vi,
 - new translations: gl.
@@ -946,7 +509,7 @@ shadow-4.0.12 -> shadow-4.0.13						10-10-2005
 *** general:
 - chage: removed duplicated pam_start(),
- chfn, chsh: finished PAM support using pam_start() and co.,
+- chfn, chsh: finished PAM support usin pam_start() and co.,
 - userdel: userdel should not remove the group which is primary for someone else
  (fix by Nicolas François <nicolas.francois@centraliens.net>
  http://bugs.debian.org/295416),
@@ -955,7 +518,7 @@ shadow-4.0.12 -> shadow-4.0.13						10-10-2005
 - fixedlib/commonio.c: don't assume selinux is enabled if is_selinux_enabled()
  returns -1 (merge isSelinuxEnabled FC patch by Jeremy Katz <katzj@redhat.com>),
 - login, su (non-PAM case): fixed setup max address space limits (added missing break
-  statement in case) spotted by Lasse Collin <lasse.collin@tukaani.org>,
+  statement in case) spoted by Lasse Collin <lasse.collin@tukaani.org>,
 - auditing support added. Patch prepared by Peter Vrabec <pvrabec@redhat.com> basing
  on work by Steve Grubb from http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=159215
  Now auditing support have commands: chage, gpasswd, groupadd, groupdel, groupmod,
@@ -966,18 +529,18 @@ shadow-4.0.12 -> shadow-4.0.13						10-10-2005
  to example described in ident(1) man page (modern compilers like latest GCC
  removes not used functions by global optimization).
  So "ident /usr/bin/passwd" will show again some useable informations
- su: fixed twice copy environment which causes auth problems
+- su: fixed twice copy enviroment which causes auth problems
  (bug was introduced in 4.0.12; fix by Nicolas François <nicolas.francois@centraliens.net>),
 - chage: differentiate the different failure causes by the exit value
  This will permit to adduser Debian script to detect if chage failed because the
  system doesn't have shadowed passwords (fix for http://bugs.debian.org/317012),
 - merge 010_more-i18ned-messages Debian patch which adds i18n support for few
-  more messages (originally patch was prepared by Guillem Jover <guillem@debian.org>),
+  more messages (orginaly patch was prepared by Guillem Jover <guillem@debian.org>),
 - lastlog: added handle -b option which allow print only lastlog records older than
  specified DAYS (fix by <miles@lubin.us>),
 - chpasswd, gpasswd, newusers: fixed libmisc/salt.c for use login.defs::MD5_CRYPT_ENAB
  only if PAM support is disabled (fix by John Gatewood Ham <zappaman@buraphalinux.org>),
- passwd: rewritten for use getopt_long(),
+- passwd: rewrited for use getopt_long(),
 - newgrp: when newgrp process sits between parent and child shells, it should
  propagate STOPs from child to parent and CONTs from parent to child,
  otherwise e.g. bash's "suspend" command won't work
@@ -987,11 +550,11 @@ shadow-4.0.12 -> shadow-4.0.13						10-10-2005
 - chsh(1), groupadd(8), newusers(8), pwconv(8), useradd(8), userdel(8), usermod(8):
  added missing references to /etc/login.defs and login.defs(5)
  (Christian Perrier <bubulle@kheops.frmug.org>),
- passwd(5): rewritten based on work by Greg Wooledge <greg@wooledge.org>
+- passwd(5): rewrited based on work by Greg Wooledge <greg@wooledge.org>
  http://bugs.debian.org/328113
 - login(1): added securetty(5) to SEE ALSO section
  (fixed Debian bug http://bugs.debian.org/325773),
- groupadd(8), useradd(8): fix regular expression describing allowed login/group
+- groupadd(8), useradd(8): fix regular expression describing alloved login/group
  names (pointed by Nicolas François <nicolas.francois@centraliens.net>)
  (correct is [a-z_][a-z0-9_-]*[$]),
 - groupadd(8), useradd(8): documents in CAVEATS section the limitations shadow
@@ -1001,9 +564,9 @@ shadow-4.0.12 -> shadow-4.0.13						10-10-2005
 shadow-4.0.11.1 -> shadow-4.0.12					22-08-2005
 *** general:
- newgrp, login: remove using login.defs::CLOSE_SESSIONS variable and always
+- newgrp, login: remove using login.defs::CLOSE_SESSIONS variable and allways 
  close PAM session,
- fixed configure.in: really enable shadow group support by default (pointed by
+- fixed configure.in: realy enable shadow group support by default (pointed by 
  Greg Schafer <gschafer@zip.com.au> and Peter Vrabec <pvrabec@redhat.com>),
 - login.defs: removed handle QMAIL_DIR variable,
 - login: allow regular user to login on read-only root file system (not only for root)
@@ -1028,9 +591,9 @@ shadow-4.0.11.1 -> shadow-4.0.12					22-08-2005
  period and permit brute-force attacks (fixed http://bugs.debian.org/288827),
 - uClibc fixes (by Martin Schlemmer <azarah@nosferatu.za.org>):
  added require ngettext (added [need-ngettext] to AM_GNU_GETTEXT() parameters)
-  and stub prototype for ngettext() in lib/prototypes.h (necessary if shadow
+  and stub prototype for ngettext() in lib/prototypes.h (neccessary if shadow
  compiled with disabled NLS support)
- groupadd: rewritten for use getopt_long(),
+- groupadd: rewrited for use getopt_long(),
 - groupadd, groupdel, groupmod, userdel: do OPENLOG() before pam_start(),
 - groupadd: fixed double OPENLOG(),
 - removed lib/{grpack,gspack,pwpack,sppack}.c and prototypes from lib/prototypes.h
@@ -1066,7 +629,7 @@ shadow-4.0.10 -> shadow-4.0.11						18-07-2005
 - su: ignore SIGINT while authenticating. A ^C could defeat the waiting period and
  permit brute-force attacks. Also ignore SIGQUIT.
  Fixed: http://bugs.debian.org/52372 and http://bugs.debian.org/288827
- useradd: rewritten for use getopt_long(),
+- useradd: rewrited for use getopt_long(),
 - newgrp: add fix for handle splitted NIS groups: extends the functionality that,
  if the requested group is given, all groups of the same GID are tested for
  membership of the requesting user.
@@ -1097,7 +660,7 @@ shadow-4.0.10 -> shadow-4.0.11						18-07-2005
 - updated translations: cs, da, de, es, fi, pl, pt, ro, ru, sk.
 *** documentation:
 - pwck(8): document -q option (based on Debian patch for fix http://bugs.debian.org/309408)
- pwck(8): rewritten OPTIONS section and better SYNOPSIS,
+- pwck(8): rewrited OPTIONS section and better SYNOPSIS,
 - lastlog(8): document that lastlog is a sparse file, and don't need to be rotated
  http://bugs.debian.org/219321
 - login(8): better explain the respective roles of login, init and getty with regards
@@ -1111,12 +674,12 @@ shadow-4.0.9 -> shadow-4.0.10						28-06-2005
 *** general:
 - mkpasswd: removed,
- userdel: now deletes user groups from /etc/gshadow as well as /etc/group.
+- userdel: now deletes user groups from /etc/gshdow as well as /etc/group.
  Fix by Nicolas François <nicolas.francois@centraliens.net>.
  http://bugs.debian.org/99442
 - usermod: when relocating a user's home directory, don't fail and remove the new
  home directory if we can't remove the old home directory for some
-  reason; the results can be spectacularly poor if, for instance, only
+  reason; the results can be spectularly poort if, for instance, only
  the rmdir() fails. Patch prepared by Timo Lindfors <lindi-spamtrap@newmail.com>.
  http://bugs.debian.org/166369
 - su: fix syslogs to be less ambiguous. Use old:new format instead of old-new
@@ -1124,7 +687,7 @@ shadow-4.0.9 -> shadow-4.0.10						28-06-2005
  http://bugs.debian.org/213592
 - removed not used now libmisc/setup.c,
 - login: use also UTMPX API instead UTMP on failure (login was affected for this
-  when shadow was built without PAM support)
+  when shadow was builded without PAM support)
  patch by Nicolas François <nicolas.francois@centraliens.net>
 - login: the PAM session needs to be closed as root, thus before change_uid()
  http://bugs.debian.org/53570 http://bugs.debian.org/195048 http://bugs.debian.org/211884
@@ -1133,14 +696,14 @@ shadow-4.0.9 -> shadow-4.0.10						28-06-2005
  http://bugs.debian.org/53702 
 - login: check for hushed login and pass PAM_SILENT if true,
  http://bugs.debian.org/48002
- login: fixed username on successful login (was using the normal username,
+- login: fixed username on succesful login (was using the normal username,
  when it should have used pam_user) http://bugs.debian.org/47819
- remove using SHADOWPWD #define so now shadow is always built with shadow
+- remove using SHADOWPWD #define so now shadow is allways builded with shadow
-  password support,
+  passwowd support,
- chage: rewritten for use getopt_long(),
+- chage: rewrited for use getopt_long(),
 - updated translations: ca, cs, da, fi, pl, ru, zh_TW.
 *** documentation:
- most of the man pages now are generated from XML files so in case submitting any
+- most of the man pages now are generated from XML files so in case submiting any
  chages to this resources please make diff to XML files,
 - chfn: give more details about the influence of login.defs on what's allowed to
  users.
@@ -1148,7 +711,7 @@ shadow-4.0.9 -> shadow-4.0.10						28-06-2005
 shadow-4.0.8 -> shadow-4.0.9						23-05-2005
 *** general:
- passwd: fixed segfault in non-PAM configuration
+- passwd: fixed segfault in non-PAM connfiguration
  (submited by Greg Schafer <gschafer@zip.com.au>),
 - newgrp: fixed NULL pointer dereference - getlogin() and ttyname() can
  return NULL which is not checked (http://bugs.debian.org/162303),
@@ -1170,15 +733,15 @@ shadow-4.0.7 -> shadow-4.0.8						26-04-2005
 - configure.in: add using AC_GNU_SOURCE macro for kill compilation warnings about
  implicit declaration of function `fseeko',
 - faillog: changed faillog record display format for allow fit in 80 columns all
-  faillog attributes,
+  faillog atributies,
 - removed NDBM code (unused),
- fixed use of SU_WHEEL_ONLY in su. Now su really is available for wheel group
+- fixed use of SU_WHEEL_ONLY in su. Now su realy is avalaible for wheel group
  members. Thanks to Mike Frysinger <vapier@gentoo.org> for report:
  http://bugs.gentoo.org/show_bug.cgi?id=80345
 - drop never finished kerberos and des_rpc support (for kerberos support back firs
  must be prepared modularization),
 - fixed UTMP path detection (by Kelledin <kelledin@users.sf.net>),
- useradd: rewritten group count to dynamic (by John Newbigin
+- useradd: rewrited group count to dynamic (by John Newbigin
  <jnewbigin@ict.swin.edu.au>),
 - login: fixed create lastlog entry fo users never loged in on non-PAM
  variant of login (fix by <oracular@ziplip.com>),
@@ -1193,7 +756,7 @@ shadow-4.0.7 -> shadow-4.0.8						26-04-2005
  fchmod() is executed. (Actually, we could also pass the final "mode" to
  the open() call and then save the consequent fchmod().)
 - SELinux changes: added changes in chage, chfn, chsh, passwd for allow
-  construct more grained user password/account properties on SELinux
+  construct more grained user password/accuunt properties on SELinux
  policies level. Patch originally based on RH changes (submited by Chris
  PeBenito <pebenito@gentoo.org>),
 - added SELinux changes: in libmisc/copydir.c (based on Fedora patch),
@@ -1211,8 +774,8 @@ shadow-4.0.7 -> shadow-4.0.8						26-04-2005
 - newgrp(1): fix #251926, #166173, #113191 Debian bugs: explain why editing /etc/group   
  (without gshadow) doesn't permit to use newgrp,
 - newgrp(1): newgrp uses /bin/sh (not bash),
- faillog(8): updated after rewritten faillog command for use getopt_long(),
+- faillog(8): updated after rewrited faillog command for use getopt_long(),
- login(1): removed fragment about abilities pass environment variables in login prompt,
+- login(1): removed fragment about abilities pass enviroment variables in login prompt,
 - gshadow(5): new file (by Nicolas Nicolas François <nicolas.francois@centraliens.net>),
 - usermod(8): fixed #302388 Debian bug: added separated -o option description,
@@ -1229,24 +792,24 @@ shadow-4.0.6 -> shadow-4.0.7						26-01-2005
 -- use fseeko() instead fseek() and remove casting file offsets to unsigned
   long.
 - lastlog:
-- rewritten source code using the same style as in chpasswd.c,
+-- rewrited source code using the same style as in chpasswd.c,
-- open lastlog file after finish parse commandline options
+-- open lastlog file after finish parse comman line optiomns
-   (now --help output can be displayed for users without lastlog
+   (now --help otput can be displayd for users without lastlog
   file read permission),
 -- cleanups in lastlog(8) man page using the same style as in
   chpasswd(8).
 - chpasswd:
 -- switch chpasswd to use getopt_long() and adds a --md5 option
   (by Ian Gulliver <ian@penguinhosting.net>),
-- rewritten chpasswd(8) man page.
+-- rewrited chpasswd(8) man page.  
 shadow-4.0.5 -> shadow-4.0.6						08-11-2004
- su: fixed adding of pam_env env variables to environment
+- su: fixed adding of pam_env env variables to enviroment
  (Martin Schlemmer <azarah@nosferatu.za.org>),
 - autoconf: fixed filling MAIL_SPOOL_DIR and MAIL_SPOOL_FILE variables
-  which was always empty (Gregorio Guidi <g.guidi@sns.it>),
+  which was allways empty (Gregorio Guidi <g.guidi@sns.it>),
- really close security bug in libmisc/pwdcheck.c,
+- realuy closse security bug in libmisc/pwdcheck.c,
 - added missing template/example PAM service config files for chfn, chsh and
  userdel,
 - do not translate variable names from /etc/default/useradd during
@@ -1257,10 +820,10 @@ shadow-4.0.4.1 -> shadow-4.0.5						27-10-2004
 - change libmisc to private static library,
 - added SELinux support (basing on patch from Gentoo),
 - chage: more verbose/human readable -l output. This output is much more
-  better for send directly via email for each users as message with account
+  beter for send directly via email for each users as message with account
  status (for example as message with warning about account/password expiration),
 - login: fixed handle -f option: now it works correctly without specify "-h
-  <host>" if open login session locally is required (thanks for help
+  <host>" if open login session localy is required (thanks for help
  investigate bug for Krzysztof Kotlenga),
 - userdel: when removing a user with userdel, userdel was always exits with 1 (fixed).
  Based on http://bugs.gentoo.org/show_bug.cgi?id=66687,
@@ -1274,8 +837,8 @@ shadow-4.0.4.1 -> shadow-4.0.5						27-10-2004
  makes httpd Option SymlinkIfOwnerMatch break for default weg pages
  including symlinks placed into /etc/skel/public_html for example.
  http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=66819
- su: add pam_open_session() support. If built without PAM support
+- su: add pam_open_session() support. If builded without PAM support
-  propagate $DISPLAY and $XAUTHORITY environment variables.
+  propagate $DISPLAY and $XAUTHORITY enviroment variables.
  Based on http://www.gentoo.org/cgi-bin/viewcvs.cgi/sys-apps/shadow/files/shadow-4.0.4.1-su-pam_open_session.patch?rev=1.1
 - applied 036_pam_access_with_preauth.patch Debian patch submited by Bjorn
  Torkelsson <Bjorn.Torkelsson@hpc2n.umu.se>: add support for PAM account
@@ -1287,11 +850,11 @@ shadow-4.0.4.1 -> shadow-4.0.5						27-10-2004
    Use constant strings rather than argv[0] for syslog ident in the user
    management commands,
  shadow-4.0.4.1-owl-tmp.diff:
-    Remove using mktemp() if mkstemp() prototype not found (use always mkstemp()),
+    Remove using mktemp() if mkstemp() prototype not found (use allways mkstemp()),
  shadow-4.0.4.1-owl-check-reads.diff:
    Add checking for read errors in commonio and vipw/vigr (not doing so could
    result in data loss when the records are written back),
- fixed security bug in libmisc/pwdcheck.c which allow unauthorized
+- fixed securirty bug in libmisc/pwdcheck.c which allow unauthorized
  account properties modification.
  Affected tools: chfn and chsh.
  Bug was discovered by Martin Schulze <joey@infodrom.org>.
@@ -1307,12 +870,12 @@ shadow-4.0.4.1 -> shadow-4.0.5						27-10-2004
 shadow-4.0.4 => shadow-4.0.4.1						14-01-2004
 - bug fixes in automake files for generate correct tar ball on "make dist":
-  added missing "EXTRA_DIST = $(man_MANS)" in man/*/Makefile.am.
+  added mising "EXTRA_DIST = $(man_MANS)" in man/*/Makefile.am.
 shadow-4.0.3 => shadow-4.0.4						14-01-2004	
 *** general:
- added missing information about -f options in groupadd usage message
+- added missing information about -f options in groupadd usage mesage
  (document this also in man page),
 - removed TCFS support (tcfs is dead),
 - convert all po/*.po files to utf-8,
@@ -1320,7 +883,7 @@ shadow-4.0.3 => shadow-4.0.4						14-01-2004
  per service flushing method instead HUPing nscd process),
 - removed old AUTH_METHODS dependent code,
 - chage: now all code depend on SHADOWPWD. If shadow will not be configured
-  on autoconf level for using shadow password chage is olny stub which
+  on autoconf level for using shadow possword chage is olny stub which
  informs "chage not configured for shadow password support."
 - dpasswd: removed,
 - login: remove handle login.defs::DIALUPS_CHECK_ENAB code,
@@ -1328,7 +891,7 @@ shadow-4.0.3 => shadow-4.0.4						14-01-2004
 - ALL tools, libraries: remove old SVR4, SVR4_SI86_EUA BSD_QUOTA and ATT_AGE
  dependent code,
 - ALL: ready for gettext 0.11.5, automake 1.7.4, autoconf 2.57,
- logoutd, userd: handle also utmpx if available,
+- logoutd, userd: handle also utmpx if avalaile,
 - newgrp: fix for non-PAM version
  Use CLOSE_SESSIONS depending code only when USE_PAM.
  The problem was reported by Mattias Webjorn Eriksson using Slackware
@@ -1356,7 +919,7 @@ shadow-4.0.3 => shadow-4.0.4						14-01-2004
 shadow-4.0.2 => shadow-4.0.3						 13-03-2002
- added various cs, de, fr, id, it, ko man pages found mainly in national
+- added variouse cs, de, fr, id, it, ko man pages found mainly in national
  man pages translations projects (this documents are not synced with
  current en version but you know .. "Documentations is lik sex. When it is
  good it very very good. Whet it is bad it is better than nothing."). Any
@@ -1372,9 +935,9 @@ shadow-4.0.2 => shadow-4.0.3						 13-03-2002
 shadow-4.0.1 => shadow-4.0.2						 17-02-2002
 - resolve many fuzzy translations also all this which may cause problems on
-  displaying long uid/gid,
+  displaing long uid/gid,
- allow use "$" on ending in created by useradd username accounts for allow
+- allow use "$" on ending in cereated by useradd usermname accounts for allow
-  create machine accounts for samba (thanks to Jerome Borsboom
+  create machine acounts for samba (thanks to Jerome Borsboom
  <borsboom@tch.fgg.eur.nl> for point this problem in 4.0.1),
 - fix small but ugly bug in configure.in in libpam_mics library detection.
@@ -1394,7 +957,7 @@ shadow-4.0.0 => shadow-4.0.1
    as root.  If root does read-only, there's no lock needed. Added missing
    "#include <errno.h>" for above (me).
  shadow-4.0.0-owl-warnings.diff
-    Olny one fix from this patch was applied because other was fixed few days
+    Olny one fix from this patch was aplayd because other was fixed few days
    before :)
  shadow-4.0.0-owl-check_names.diff
    Merge only prat this patch with checking login name matching; checking
@@ -1402,7 +965,7 @@ shadow-4.0.0 => shadow-4.0.1
    probably _POSIX_LOGIN_NAME_MAX from <bits/posix1_lim.h>,
  shadow-4.0.0-owl-chage-drop-priv.diff
  shadow-4.0.0-owl-pam-auth.diff
-    Merge part with reorder initialize PAM and checking if chage is runed by
+    Merge part with reorder initialize PAM and checkin is chage is runed by
    root or not - now chage can be runed from non-root account for checking
    by user own account information (if PAM enabled).
 - fixes for handle/print correctly 32bit uid/gid (Thorsten Kukuk <kukuk@suse.de>),
@@ -1446,30 +1009,30 @@ shadow-20001016 => shadow-4.0.0						 06-01-2002
 - much better automake support,
 - added pt_BR man pages for gpasswd(1), groupadd(8), groupdel(8),
  groupmod(8), shadow(5) (man pages for other nations also are welcome),
- many small fixes and updates nad improvements in man pages,
+- mamny small fixes and updates nad improvements in man pages,
- applied Debian patch to man pages for shadowconfig,
+- aplayed Debian patch to man pages for shadowconfig,
 - remove limit to 6 chars logged tty name (012_libmisc_sulog.c.diff Debian
  patch).
 shadow-20001012 -> shadow-20001016:
- conditionally disabled body reload_nscd() because not every
+- conditionaly disabled body reload_nscd() because not every
  version of nscd can handle it (this can be enabled by define
  ENABLE_NSCD_SIGHUP) (Marek Michałkiewicz  <marekm@linux.org.pl>)
 - fixes on autoconf/automake level for dist target,
- Julianne F. Haugh new contact address.
+- Julianne F. Haugh new contact adress.
 shadow-20000902 => shadow-20001012
- removed /redhat directory with obsoleted files (partially rewritten spec
+- removed /redhat directory with obsoleted files (partialy rewrited spec
  file is now in root directory),
- applied shadow-19990827-group.patch patch from RH wich prevents adduser
+- aplayed shadow-19990827-group.patch patch from RH wich prevents adduser
  overwrite previously existing groups in adduser,
 - added PAM support for chage (bind to "chage" PAM config file) also
  added PAM support for all other small tools like chpasswd, groupadd,
  groupdel, groupmod, newusers, useradd, userdel, usermod (bind to common 
-  "shadow" PAM config file) - this modifications mainly based on
+  "shadow" PAM config file) - this modificaytions mainly based on
  modifications prepared by Janek Rękojarski <baggins@pld.org.pl>,
- many small fixes and improvements in automake (mow "make dist"
+- many small fixes and improvments in automake (mow "make dist"
  works correctly),
 - added cs translation (Jiri Pavlovsky <Jiri.Pavlovsky@ff.cuni.cz>).
@@ -1 +0,0 @@
 README.md
@@ -0,0 +1,106 @@
 Shadow SITES
 ============
 FTP site
 	ftp://pkg-shadow.alioth.debian.org/pub/pkg-shadow
 SVN repository
 	anonymous read only access: svn://svn.debian.org/pkg-shadow/
 SVN web interface
 	http://svn.debian.org/wsvn/pkg-shadow
 Mailing lists
 	for general discuss: pkg-shadow-devel@lists.alioth.debian.org
 	commit list: pkg-shadow-commits@lists.alioth.debian.org
 Mailing lists subscription
 	http://lists.alioth.debian.org/mailman/listinfo/pkg-shadow-devel
 	http://lists.alioth.debian.org/mailman/listinfo/pkg-shadow-commits
 Mailing lists archives:
 	http://lists.alioth.debian.org/pipermail/pkg-shadow-devel/
 	http://lists.alioth.debian.org/pipermail/pkg-shadow-commits/
 S/Key support:
 	Shadow can be built with S/Key support using the S/Key package from:
 	http://cvsweb.netbsd.org/bsdweb.cgi/src/lib/libskey/
 	or
 	http://gentoo.osuosl.org/distfiles/skey-1.1.5.tar.bz2
 Authors and contributors
 ========================
 Thanks to at least the following people for sending me patches, bug
 reports and various comments.  This list may be incomplete, I received
 a lot of mail...
 Adam Rudnicki <adam@v-lo.krakow.pl>
 Alan Curry <pacman@tardis.mars.net>
 Alexander O. Yuriev <alex@bach.cis.temple.edu>
 Algis Rudys <arudys@rice.edu>
 Andreas Jaeger <aj@arthur.rhein-neckar.de>
 Aniello Del Sorbo <anidel@edu-gw.dia.unisa.it>
 Anton Gluck <gluc@midway.uchicago.edu>
 Arkadiusz Miskiewicz <misiek@pld.org.pl>
 Ben Collins <bcollins@debian.org>
 Brian R. Gaeke <brg@dgate.org>
 Calle Karlsson <ckn@kash.se>
 Chip Rosenthal <chip@unicom.com>
 Chris Evans <lady0110@sable.ox.ac.uk>
 Cristian Gafton <gafton@sorosis.ro>
 Darcy Boese <possum@chardonnay.niagara.com>
 Dave Hagewood <admin@arrowweb.com>
 David A. Holland <dholland@hcs.harvard.edu>
 David Frey <David.Frey@lugs.ch>
 Ed Carp <ecarp@netcom.com>
 Floody <flood@evcom.net>
 Frank Denis <j@4u.net>
 George Kraft IV <gk4@us.ibm.com>
 Greg Mortensen <loki@world.std.com>
 Guido van Rooij
 Guy Maor <maor@debian.org>
 Hrvoje Dogan <hdogan@bjesomar.srce.hr>
 Janos Farkas <chexum@bankinf.banki.hu>
 Jay Soffian <jay@lw.net>
 Jesse Thilo <Jesse.Thilo@pobox.com>
 Joey Hess <joey@kite.ml.org>
 John Adelsberger <jja@umr.edu>
 Jonathan Hankins <jhankins@mailserv.homewood.k12.al.us>
 Jon Lewis <jlewis@lewis.org>
 Joshua Cowan <jcowan@hermit.reslife.okstate.edu>
 Judd Bourgeois <shagboy@bluesky.net>
 Juergen Heinzl <unicorn@noris.net>
 Juha Virtanen <jiivee@iki.fi>
 Julianne Frances Haugh <jockgrrl@ix.netcom.com>
 Leonard N. Zubkoff <lnz@dandelion.com>
 Luca Berra <bluca@www.polimi.it>
 Lutz Schwalowsky <schwalow@mineralogie.uni-hamburg.de>
 Marc Ewing <marc@redhat.com>
 Martin Bene <mb@sime.com>
 Martin Mares <mj@gts.cz>
 Michael Meskes <meskes@topsystem.de>
 Michael Talbot-Wilson <mike@calypso.bns.com.au>
 Mike Pakovic <mpakovic@users.southeast.net>
 Nicolas François <nicolas.francois@centraliens.net>
 Nikos Mavroyanopoulos <nmav@i-net.paiko.gr>
 Pavel Machek <pavel@bug.ucw.cz>
 Phillip Street
 Rafał Maszkowski <rzm@icm.edu.pl>
 Rani Chouha <ranibey@smartec.com>
 Sami Kerola <kerolasa@rocketmail.com>
 Shane Watts <shane@nexus.mlckew.edu.au>
 Steve M. Robbins <steve@nyongwa.montreal.qc.ca>
 Thorsten Kukuk <kukuk@suse.de>
 Tim Hockin <thockin@eagle.ais.net>
 Timo Karjalainen <timok@iki.fi>
 Ulisses Alonso Camaro <ulisses@pusa.eleinf.uv.es>
 Werner Fink <werner@suse.de>
 Maintainers
 ===========
 Tomasz Kłoczko <kloczek@pld.org.pl> (2000-2006)
@@ -1,47 +0,0 @@
 # shadow-utils
 ## Introduction
 The shadow-utils package includes the necessary programs for
 converting UNIX password files to the shadow password format, plus
 programs for managing user and group accounts. The pwconv command
 converts passwords to the shadow password format. The pwunconv command
 unconverts shadow passwords and generates a passwd file (a standard
 UNIX password file). The pwck command checks the integrity of password
 and shadow files. The lastlog command prints out the last login times
 for all users. The useradd, userdel, and usermod commands are used for
 managing user accounts. The groupadd, groupdel, and groupmod commands
 are used for managing group accounts.
 ## Sites
 * [Homepage](https://github.com/shadow-maint/shadow)
 * [Issue tracker](https://github.com/shadow-maint/shadow/issues)
 * [Releases](https://github.com/shadow-maint/shadow/releases)
 ## Code
 The main development branch is at [https://github.com/shadow-maint/shadow.git](https://github.com/shadow-maint/shadow)
 See [STABLE.md](https://github.com/shadow-maint/shadow/blob/master/STABLE.md) for a list of supported stable branches.
 ## Contacts
 There are several ways to contact us:
 * [the general discussion mailing list](
  https://alioth-lists.debian.net/mailman/listinfo/pkg-shadow-devel)
 * the #shadow IRC channel on libera.chat:
  * irc://irc.libera.chat/shadow
 ### Mailing archives
 * [the general discussion mailing list archive](
  https://alioth-lists.debian.net/pipermail/pkg-shadow-devel/)
 * [the commit mailing list archive](
  https://alioth-lists-archive.debian.net/pipermail/pkg-shadow-commits/),
  only used for historical purposes
 ## Contributions
 Contributions are welcome. Follow the
 [guidelines](doc/contributions/introduction.md) before posting any patches.
 ## Authors and maintainers
 Authors and maintainers are listed in [AUTHORS.md](
 https://github.com/shadow-maint/shadow/blob/master/AUTHORS.md).
@@ -1,12 +0,0 @@
 # Security Policy
 ## Supported Versions
 At the moment only the latest release is supported.
 ## Reporting a Vulnerability
 Security vulnerabilities may be reported to
 * Serge Hallyn <serge@hallyn.com> (B175CFA98F192AF2)
 * Christian Brauner <christian@brauner.io> (4880B8C9BD0E5106FC070F4F7B3C391EFEA93624)
 * Iker Pedrosa <ipedrosa@redhat.com> (4E80EF49C7987B6DE2F81F5005079C6C3A653E57)
@@ -1,11 +0,0 @@
 # Supported stable branches
 The following stable branches are kindly maintained by trusted volunteers:
 -  4.15.x
   -  git
      -  [main](https://www.alejandro-colomar.es/src/alx/shadow/stable/shadow.git/log/?h=4.15.x)
      -  [mirror](https://github.com/shadow-maint/shadow/tree/4.15.x)
   -  tarballs
      -  [main](https://www.alejandro-colomar.es/share/dist/shadow/4/4.15/)
      -  [mirror](https://github.com/shadow-maint/shadow/releases/)
@@ -0,0 +1,86 @@
 passwd -l should lock the password, not the account.
 vipw: Test SHADOWGRP support before using gshadow features.
 PAM: add support for customization of the PAM support (i.e. support the
 Debian PAM configuration)
 PAM: check if a non-interactive conversation function could be used to 
 WITH_SELINUX
  - review all tools to check that the strategies are consistent
 chage, chfn, chsh: same change needed as in passwd.
  - probably need moving check_selinux_access to a separate file.
 man useradd
 	document default behavior for GROUP
 	remove "The default group number is 1 or whatever is..."
 useradd manpage
  - add -k option
  - mention that -o require -u
 testsuite
 - newgrp
   - test with unknown user's GID
 newusers
 - add logging to SYSLOG & AUDIT
 faillog
 - accept numerical user and range of users
 Document when/where option appeared, document whether an option is standard
 or not.
 depends rules for the manpages
 Check all the expiry semantics
 Add options --crypt-method and --sha-rounds to gpasswd
 ALL:
 - move base passwd/shadow/group/gshadow operation to module for allow write
  different backend modules for db, NIS, LDAP and others. Default backend it
  will be goot if will be chosen depending on /etc/nsswitch.conf and allow
  override this by -r <repository> options (where the <repository> can be
  file, db, nis nisplus, ldap .. like on /etc/nsswitch.conf in service column).
  passwd have old piece of code with handling -r option and it will be good
  finish this and propagate on other shadow tools for allow operate on other
  user databases by well known tools.
 - useradd:
  - add handle create user mail spool in maildir format.
 - add handle -n switch in groups and id command for allow query is
  group/user with specified id/gid exist - this will be very usable
  on automation in packages for query/check is group/user exist in system
  or not,
 - groupmems: 
  - need some work on add PAM and i18n support.
 - userdel:
  - add backup option for the removal of user resources,
  - add lookop and remove per user group.
  - user_busy: check that the user is not running any processes.
 - passwd:
  - check combination of options (e.g. -u/-l)
 - newgrp: check the USE_PAM section.
 - groupmems: check reason for isgroup
 - newusers: doc for pw_gid not clear. Differentiate
            pw_gid specified and exist
            pw_gid specified but does not exist
             * name
             * number
            pw_gid not specified.
 - newusers: document what happens when no uid is specified.
 - newusers: add option --system?
 -Documentation:
 * document when options were added.
@@ -6,7 +6,7 @@ AC_DEFUN([JH_PATH_XML_CATALOG],
 [
  # check for the presence of the XML catalog
  AC_ARG_WITH([xml-catalog],
-              AS_HELP_STRING([--with-xml-catalog=CATALOG],
+              AC_HELP_STRING([--with-xml-catalog=CATALOG],
                             [path to xml catalog to use]),,
              [with_xml_catalog=/etc/xml/catalog])
  jh_found_xmlcatalog=true
@@ -1,24 +1,10 @@
 #! /bin/sh
-
+autoreconf -v -f --install || exit 1
-autoreconf -v -f --install "$(dirname "$0")" || exit 1
+./configure \
-
+	CFLAGS="-O2 -Wall" \
 CFLAGS="-O2"
 CFLAGS="$CFLAGS -Wall"
 CFLAGS="$CFLAGS -Wextra"
 CFLAGS="$CFLAGS -Werror=implicit-function-declaration"
 CFLAGS="$CFLAGS -Werror=implicit-int"
 CFLAGS="$CFLAGS -Werror=incompatible-pointer-types"
 CFLAGS="$CFLAGS -Werror=int-conversion"
 CFLAGS="$CFLAGS -Wno-expansion-to-defined"
 CFLAGS="$CFLAGS -Wno-unknown-attributes"
 CFLAGS="$CFLAGS -Wno-unknown-warning-option"
 "$(dirname "$0")"/configure \
 	CFLAGS="$CFLAGS" \
 	--enable-lastlog \
 	--enable-man \
 	--enable-maintainer-mode \
-	--enable-shared \
+	--disable-shared \
 	--without-libpam \
 	--with-selinux \
 	"$@"
@@ -1,774 +0,0 @@
 dnl Process this file with autoconf to produce a configure script.
 AC_PREREQ([2.69])
 m4_define([libsubid_abi_major], 5)
 m4_define([libsubid_abi_minor], 0)
 m4_define([libsubid_abi_micro], 0)
 m4_define([libsubid_abi], [libsubid_abi_major.libsubid_abi_minor.libsubid_abi_micro])
 AC_INIT([shadow], [4.17.2], [pkg-shadow-devel@lists.alioth.debian.org], [],
 	[https://github.com/shadow-maint/shadow])
 AM_INIT_AUTOMAKE([1.11 foreign dist-xz subdir-objects tar-pax])
 AC_CONFIG_MACRO_DIRS([m4])
 AM_SILENT_RULES([yes])
 AC_CONFIG_HEADERS([config.h])
 AC_SUBST([LIBSUBID_ABI_MAJOR], [libsubid_abi_major])
 AC_SUBST([LIBSUBID_ABI_MINOR], [libsubid_abi_minor])
 AC_SUBST([LIBSUBID_ABI_MICRO], [libsubid_abi_micro])
 AC_SUBST([LIBSUBID_ABI], [libsubid_abi])
 dnl Some hacks...
 test "$prefix" = "NONE" && prefix="/usr"
 test "$prefix" = "/usr" && exec_prefix=""
 AC_USE_SYSTEM_EXTENSIONS
 AC_ENABLE_STATIC
 AC_ENABLE_SHARED
 AM_MAINTAINER_MODE
 dnl Checks for programs.
 AC_PROG_CC
 AC_PROG_LN_S
 AC_PROG_YACC
 LT_INIT
 LT_LIB_DLLOAD
 dnl Checks for libraries.
 dnl Checks for header files.
 AC_CHECK_HEADERS(crypt.h utmp.h \
 	termio.h sgtty.h sys/ioctl.h paths.h \
 	sys/capability.h sys/random.h \
 	gshadow.h lastlog.h rpc/key_prot.h acl/libacl.h \
 	attr/libattr.h attr/error_context.h)
 dnl shadow now uses the libc's shadow implementation
 AC_CHECK_HEADER([shadow.h],,[AC_MSG_ERROR([You need a libc with shadow.h])])
 AC_CHECK_FUNCS(arc4random_buf futimes \
 	getentropy getrandom getspnam getusershell \
 	initgroups lckpwdf lutimes \
 	setgroups updwtmpx innetgr \
 	getspnam_r \
 	rpmatch \
 	memset_explicit explicit_bzero stpecpy stpeprintf)
 AC_SYS_LARGEFILE
 dnl Checks for typedefs, structures, and compiler characteristics.
 AC_CHECK_MEMBERS([struct utmpx.ut_name,
                  struct utmpx.ut_host,
                  struct utmpx.ut_syslen,
                  struct utmpx.ut_addr,
                  struct utmpx.ut_addr_v6,
                  struct utmpx.ut_time,
                  struct utmpx.ut_xtime],,,[[#include <utmpx.h>]])
 dnl Checks for library functions.
 AC_TYPE_GETGROUPS
 AC_FUNC_UTIME_NULL
 AC_REPLACE_FUNCS(putgrent putpwent putspent)
 AC_REPLACE_FUNCS(sgetgrent sgetpwent sgetspent)
 AC_CHECK_FUNC(setpgrp)
 AC_CHECK_FUNC(secure_getenv, [AC_DEFINE(HAS_SECURE_GETENV,
                                        1,
                                        [Defined to 1 if you have the declaration of 'secure_getenv'])])
 if test "$ac_cv_header_shadow_h" = "yes"; then
 	AC_CACHE_CHECK(for working shadow group support,
 		ac_cv_libc_shadowgrp,
 		AC_RUN_IFELSE([AC_LANG_SOURCE([
 				#include <shadow.h>
 				#ifdef HAVE_GSHADOW_H
 				#include <gshadow.h>
 				#endif
 				int
 				main()
 				{
 					struct sgrp *sg = sgetsgent("test:x::");
 					/* NYS libc on Red Hat 3.0.3 has broken shadow group support */
 					return !sg || !sg->sg_adm || !sg->sg_mem;
 				}]
 			)],
 			[ac_cv_libc_shadowgrp=yes],
 			[ac_cv_libc_shadowgrp=no],
 			[ac_cv_libc_shadowgrp=no]
 		)
 	)
 	if test "$ac_cv_libc_shadowgrp" = "yes"; then
 		AC_DEFINE(HAVE_SHADOWGRP, 1, [Have working shadow group support in libc])
 	fi
 fi
 AC_CACHE_CHECK([location of shared mail directory], shadow_cv_maildir,
 [for shadow_cv_maildir in /var/mail /var/spool/mail /usr/spool/mail /usr/mail none; do
 	if test -d $shadow_cv_maildir; then
 		break
 	fi
 done])
 if test $shadow_cv_maildir != none; then
 	AC_DEFINE_UNQUOTED(MAIL_SPOOL_DIR, "$shadow_cv_maildir",
 		[Location of system mail spool directory.])
 fi
 AC_CACHE_CHECK([location of user mail file], shadow_cv_mailfile,
 [for shadow_cv_mailfile in Mailbox mailbox Mail mail .mail none; do
 	if test -f $HOME/$shadow_cv_mailfile; then
 		break
 	fi
 done])
 if test $shadow_cv_mailfile != none; then
 	AC_DEFINE_UNQUOTED(MAIL_SPOOL_FILE, "$shadow_cv_mailfile",
 		[Name of user's mail spool file if stored in user's home directory.])
 fi
 AC_CACHE_CHECK([location of utmp], shadow_cv_utmpdir,
 [for shadow_cv_utmpdir in /var/run /var/adm /usr/adm /etc none; do
 	if test -f $shadow_cv_utmpdir/utmp; then
 		break
 	fi
 done])
 if test "$shadow_cv_utmpdir" = "none"; then
 	AC_MSG_WARN(utmp file not found)
 fi
 AC_DEFINE_UNQUOTED(_UTMP_FILE, "$shadow_cv_utmpdir/utmp",
 	[Path for utmp file.])
 AC_CACHE_CHECK([location of faillog/lastlog/wtmp], shadow_cv_logdir,
 [for shadow_cv_logdir in /var/log /var/adm /usr/adm /etc; do
 	if test -d $shadow_cv_logdir; then
 		break
 	fi
 done])
 AC_DEFINE_UNQUOTED(_WTMP_FILE, "$shadow_cv_logdir/wtmp",
 	[Path for wtmp file.])
 AC_DEFINE_UNQUOTED(LASTLOG_FILE, "$shadow_cv_logdir/lastlog",
 	[Path for lastlog file.])
 AC_DEFINE_UNQUOTED(FAILLOG_FILE, "$shadow_cv_logdir/faillog",
 	[Path for faillog file.])
 AC_CACHE_CHECK([location of the passwd program], shadow_cv_passwd_dir,
 [if test -f /usr/bin/passwd; then
 	shadow_cv_passwd_dir=/usr/bin
 else
 	shadow_cv_passwd_dir=/bin
 fi])
 AC_DEFINE_UNQUOTED(PASSWD_PROGRAM, "$shadow_cv_passwd_dir/passwd",
 	[Path to passwd program.])
 AC_ARG_ENABLE(shadowgrp,
 	[AS_HELP_STRING([--enable-shadowgrp], [enable shadow group support @<:@default=yes@:>@])],
 	[case "${enableval}" in
 	 yes) enable_shadowgrp="yes" ;;
 	  no) enable_shadowgrp="no" ;;
 	   *) AC_MSG_ERROR(bad value ${enableval} for --enable-shadowgrp) ;;
 	 esac],
 	[enable_shadowgrp="yes"]
 )
 AC_ARG_ENABLE(man,
 	[AS_HELP_STRING([--enable-man],
 		[regenerate roff man pages from Docbook @<:@default=no@:>@])],
 	[enable_man="${enableval}"],
 	[enable_man="no"]
 )
 AC_ARG_ENABLE(account-tools-setuid,
 	[AS_HELP_STRING([--enable-account-tools-setuid],
 		[Install the user and group management tools setuid and authenticate the callers. This requires --with-libpam.])],
 	[case "${enableval}" in
 	 yes) enable_acct_tools_setuid="yes" ;;
 	  no) enable_acct_tools_setuid="no" ;;
 	   *) AC_MSG_ERROR(bad value ${enableval} for --enable-account-tools-setuid)
 	   ;;
 	 esac],
 	[enable_acct_tools_setuid="no"]
 )
 AC_ARG_ENABLE(subordinate-ids,
 	[AS_HELP_STRING([--enable-subordinate-ids],
 		[support subordinate ids @<:@default=yes@:>@])],
 	[enable_subids="${enableval}"],
 	[enable_subids="maybe"]
 )
 AC_ARG_ENABLE(lastlog,
 	[AS_HELP_STRING([--enable-lastlog],
 		[enable lastlog @<:@default=no@:>@])],
 	[enable_lastlog="${enableval}"],
 	[enable_lastlog="no"]
 )
 AC_ARG_ENABLE(logind,
 	[AS_HELP_STRING([--enable-logind],
 		[enable logind @<:@default=yes@:>@])],
 	[enable_logind="${enableval}"],
 	[enable_logind="yes"]
 )
 AC_ARG_WITH(audit,
 	[AS_HELP_STRING([--with-audit], [use auditing support @<:@default=yes if found@:>@])],
 	[with_audit=$withval], [with_audit=maybe])
 AC_ARG_WITH(libpam,
 	[AS_HELP_STRING([--with-libpam], [use libpam for PAM support @<:@default=yes if found@:>@])],
 	[with_libpam=$withval], [with_libpam=maybe])
 AC_ARG_WITH(btrfs,
 	[AS_HELP_STRING([--with-btrfs], [add BtrFS support @<:@default=yes if found@:>@])],
 	[with_btrfs=$withval], [with_btrfs=maybe])
 AC_ARG_WITH(selinux,
 	[AS_HELP_STRING([--with-selinux], [use SELinux support @<:@default=yes if found@:>@])],
 	[with_selinux=$withval], [with_selinux=maybe])
 AC_ARG_WITH(acl,
 	[AS_HELP_STRING([--with-acl], [use ACL support @<:@default=yes if found@:>@])],
 	[with_acl=$withval], [with_acl=maybe])
 AC_ARG_WITH(attr,
 	[AS_HELP_STRING([--with-attr], [use Extended Attribute support @<:@default=yes if found@:>@])],
 	[with_attr=$withval], [with_attr=maybe])
 AC_ARG_WITH(skey,
 	[AS_HELP_STRING([--with-skey], [use S/Key support @<:@default=no@:>@])],
 	[with_skey=$withval], [with_skey=no])
 AC_ARG_WITH(tcb,
 	[AS_HELP_STRING([--with-tcb], [use tcb support (incomplete) @<:@default=yes if found@:>@])],
 	[with_tcb=$withval], [with_tcb=maybe])
 AC_ARG_WITH(sha-crypt,
 	[AS_HELP_STRING([--with-sha-crypt], [allow the SHA256 and SHA512 password encryption algorithms @<:@default=yes@:>@])],
 	[with_sha_crypt=$withval], [with_sha_crypt=yes])
 AC_ARG_WITH(bcrypt,
 	[AS_HELP_STRING([--with-bcrypt], [allow the bcrypt password encryption algorithm @<:@default=no@:>@])],
 	[with_bcrypt=$withval], [with_bcrypt=no])
 AC_ARG_WITH(yescrypt,
 	[AS_HELP_STRING([--with-yescrypt], [allow the yescrypt password encryption algorithm @<:@default=no@:>@])],
 	[with_yescrypt=$withval], [with_yescrypt=no])
 AC_ARG_WITH(nscd,
 	[AS_HELP_STRING([--with-nscd], [enable support for nscd @<:@default=yes@:>@])],
 	[with_nscd=$withval], [with_nscd=yes])
 AC_ARG_WITH(sssd,
 	[AS_HELP_STRING([--with-sssd], [enable support for flushing sssd caches @<:@default=yes@:>@])],
 	[with_sssd=$withval], [with_sssd=yes])
 AC_ARG_WITH(group-name-max-length,
 	[AS_HELP_STRING([--with-group-name-max-length], [set max group name length @<:@default=32@:>@])],
 	[with_group_name_max_length=$withval], [with_group_name_max_length=yes])
 AC_ARG_WITH(su,
 	[AS_HELP_STRING([--with-su], [build and install su program and man page @<:@default=yes@:>@])],
 	[with_su=$withval], [with_su=yes])
 AC_ARG_WITH(libbsd,
 	[AS_HELP_STRING([--with-libbsd], [use libbsd support @<:@default=yes if found@:>@])],
 	[with_libbsd=$withval], [with_libbsd=yes])
 if test "$with_group_name_max_length" = "no" ; then
 	with_group_name_max_length=0
 elif test "$with_group_name_max_length" = "yes" ; then
 	with_group_name_max_length=32
 fi
 AC_DEFINE_UNQUOTED(GROUP_NAME_MAX_LENGTH, $with_group_name_max_length, [max group name length])
 AC_SUBST(GROUP_NAME_MAX_LENGTH)
 GROUP_NAME_MAX_LENGTH="$with_group_name_max_length"
 AM_CONDITIONAL(USE_SHA_CRYPT, test "x$with_sha_crypt" = "xyes")
 if test "$with_sha_crypt" = "yes"; then
 	AC_DEFINE(USE_SHA_CRYPT, 1, [Define to allow the SHA256 and SHA512 password encryption algorithms])
 fi
 AM_CONDITIONAL(USE_BCRYPT, test "x$with_bcrypt" = "xyes")
 if test "$with_bcrypt" = "yes"; then
 	AC_DEFINE(USE_BCRYPT, 1, [Define to allow the bcrypt password encryption algorithm])
 fi
 AM_CONDITIONAL(USE_YESCRYPT, test "x$with_yescrypt" = "xyes")
 if test "$with_yescrypt" = "yes"; then
 	AC_DEFINE(USE_YESCRYPT, 1, [Define to allow the yescrypt password encryption algorithm])
 fi
 if test "$with_nscd" = "yes"; then
 	AC_CHECK_FUNC(posix_spawn,
 	              [AC_DEFINE(USE_NSCD, 1, [Define to support flushing of nscd caches])],
 	              [AC_MSG_ERROR([posix_spawn is needed for nscd support])])
 fi
 if test "$with_sssd" = "yes"; then
 	AC_CHECK_FUNC(posix_spawn,
 	              [AC_DEFINE(USE_SSSD, 1, [Define to support flushing of sssd caches])],
 	              [AC_MSG_ERROR([posix_spawn is needed for sssd support])])
 fi
 AS_IF([test "$with_su" != "no"], AC_DEFINE(WITH_SU, 1, [Build with su]))
 AM_CONDITIONAL([WITH_SU], [test "x$with_su" != "xno"])
 dnl Check for some functions in libc first, only if not found check for
 dnl other libraries.  This should prevent linking libnsl if not really
 dnl needed (Linux glibc, Irix), but still link it if needed (Solaris).
 AC_SEARCH_LIBS(gethostbyname, nsl)
 PKG_CHECK_MODULES([CMOCKA], [cmocka], [have_cmocka="yes"],
 	[AC_MSG_WARN([libcmocka not found, cmocka tests will not be built])])
 AM_CONDITIONAL([HAVE_CMOCKA], [test x$have_cmocka = xyes])
 AC_CHECK_LIB([econf],[econf_readDirs],[LIBECONF="-leconf"],[LIBECONF=""])
 if test -n "$LIBECONF"; then
        AC_DEFINE_UNQUOTED([VENDORDIR], ["$enable_vendordir"],
 					[Directory for distribution provided configuration files])
 	ECONF_CPPFLAGS="-DUSE_ECONF=1"
 	AC_ARG_ENABLE([vendordir],
 		AS_HELP_STRING([--enable-vendordir=DIR], [Directory for distribution provided configuration files]),,[])
 fi
 AC_SUBST(ECONF_CPPFLAGS)
 AC_SUBST(LIBECONF)
 AC_SUBST([VENDORDIR], [$enable_vendordir])
 if test "x$enable_vendordir" != x; then
 	AC_DEFINE(HAVE_VENDORDIR, 1, [Define to support vendor settings.])
 fi
 AM_CONDITIONAL([HAVE_VENDORDIR], [test "x$enable_vendordir" != x])
 if test "$enable_shadowgrp" = "yes"; then
 	AC_DEFINE(SHADOWGRP, 1, [Define to support the shadow group file.])
 fi
 AM_CONDITIONAL(SHADOWGRP, test "x$enable_shadowgrp" = "xyes")
 if test "$enable_man" = "yes"; then
 	dnl
 	dnl Check for xsltproc
 	dnl
 	AC_PATH_PROG([XSLTPROC], [xsltproc])
 	if test -z "$XSLTPROC"; then
 		enable_man=no
 		AC_MSG_ERROR([xsltproc is missing.])
 	fi
 	dnl check for DocBook DTD and stylesheets in the local catalog.
 	JH_CHECK_XML_CATALOG([-//OASIS//DTD DocBook XML V4.5//EN],
 		[DocBook XML DTD V4.5], [], enable_man=no)
 	JH_CHECK_XML_CATALOG([http://docbook.sourceforge.net/release/xsl/current/manpages/docbook.xsl],
 		[DocBook XSL Stylesheets >= 1.70.1], [], enable_man=no)
 fi
 AM_CONDITIONAL(ENABLE_REGENERATE_MAN, test "x$enable_man" != "xno")
 if test "$enable_subids" != "no"; then
 	dnl
 	dnl FIXME: check if 32 bit UIDs/GIDs are supported by libc
 	dnl
 	AC_CHECK_SIZEOF([uid_t],, [#include "sys/types.h"])
 	AC_CHECK_SIZEOF([gid_t],, [#include "sys/types.h"])
 	if test "$ac_cv_sizeof_uid_t" -ge 4 && test "$ac_cv_sizeof_gid_t" -ge 4; then
 		AC_DEFINE(ENABLE_SUBIDS, 1, [Define to support the subordinate IDs.])
 		enable_subids="yes"
 	else
 		if test "x$enable_subids" = "xyes"; then
 			AC_MSG_ERROR([Cannot enable support the subordinate IDs on systems where gid_t or uid_t has less than 32 bits])
 		fi
 		enable_subids="no"
 	fi
 fi
 AM_CONDITIONAL(ENABLE_SUBIDS, test "x$enable_subids" != "xno")
 if test "$enable_lastlog" = "yes" && test "$ac_cv_header_lastlog_h" = "yes"; then
 	AC_CACHE_CHECK(for ll_host in struct lastlog,
 		ac_cv_struct_lastlog_ll_host,
 		AC_COMPILE_IFELSE([AC_LANG_PROGRAM([#include <lastlog.h>],
 					[struct lastlog ll; char *cp = ll.ll_host;]
 				)],
 			[ac_cv_struct_lastlog_ll_host=yes],
 			[ac_cv_struct_lastlog_ll_host=no]
 		)
 	)
 	if test "$ac_cv_struct_lastlog_ll_host" = "yes"; then
 		AC_DEFINE(HAVE_LL_HOST, 1,
 			[Define if struct lastlog has ll_host])
 		AC_DEFINE(ENABLE_LASTLOG, 1, [Define to support lastlog.])
 		enable_lastlog="yes"
 	else
 		AC_MSG_ERROR([Cannot enable support for lastlog on systems where the data structures aren't available])
 		enable_subids="no"
 	fi
 fi
 AM_CONDITIONAL(ENABLE_LASTLOG, test "x$enable_lastlog" != "xno")
 AC_SUBST(LIBSYSTEMD)
 if test "$enable_logind" = "yes"; then
 	AC_CHECK_LIB(systemd, sd_session_get_remote_host,
 		[enable_logind="yes"; [LIBSYSTEMD=-lsystemd];
 		AC_DEFINE(ENABLE_LOGIND, 1,
 			[Define to manage session support with logind.])],
 		[enable_logind="no"])
 fi
 AM_CONDITIONAL(ENABLE_LOGIND, test "x$enable_logind" != "xno")
 AC_SUBST(LIBCRYPT)
 AC_CHECK_LIB(crypt, crypt, [LIBCRYPT=-lcrypt],
 	[AC_MSG_ERROR([crypt() not found])])
 AC_SUBST(LIYESCRYPT)
 AC_CHECK_LIB(crypt, crypt, [LIYESCRYPT=-lcrypt],
 	[AC_MSG_ERROR([crypt() not found])])
 AC_SUBST(LIBBSD)
 if test "$with_libbsd" != "no"; then
 	AC_SEARCH_LIBS([readpassphrase], [bsd], [], [
 		AC_MSG_ERROR([readpassphrase() is missing, either from libc or libbsd])
 	])
 	AS_IF([test "$ac_cv_search_readpassphrase" = "-lbsd"], [
 		PKG_CHECK_MODULES([LIBBSD], [libbsd-overlay])
 	])
 	dnl Make sure either the libc or libbsd provide the header.
 	save_CFLAGS="$CFLAGS"
 	CFLAGS="$CFLAGS $LIBBSD_CFLAGS"
 	AC_CHECK_HEADERS([readpassphrase.h])
 	AS_IF([test "$ac_cv_header_readpassphrase_h" != "yes"], [
 		AC_MSG_ERROR([readpassphrase.h is missing])
 	])
 	CFLAGS="$save_CFLAGS"
 	AC_DEFINE(WITH_LIBBSD, 1, [Build shadow with libbsd support])
 else
 	AC_DEFINE(WITH_LIBBSD, 0, [Build shadow without libbsd support])
 fi
 AM_CONDITIONAL(WITH_LIBBSD, test x$with_libbsd = xyes)
 AC_SUBST(LIBACL)
 if test "$with_acl" != "no"; then
 	AC_CHECK_HEADERS(acl/libacl.h attr/error_context.h, [acl_header="yes"], [acl_header="no"])
 	if test "$acl_header$with_acl" = "noyes" ; then
 		AC_MSG_ERROR([acl/libacl.h or attr/error_context.h is missing])
 	elif test "$acl_header" = "yes" ; then
 		AC_CHECK_LIB(acl, perm_copy_file,
 		             [AC_CHECK_LIB(acl, perm_copy_fd,
 		                           [acl_lib="yes"],
 		                           [acl_lib="no"])],
 		             [acl_lib="no"])
 		if test "$acl_lib$with_acl" = "noyes" ; then
 			AC_MSG_ERROR([libacl not found])
 		elif test "$acl_lib" = "no" ; then
 			with_acl="no"
 		else
 			AC_DEFINE(WITH_ACL, 1,
 			          [Build shadow with ACL support])
 			LIBACL="-lacl"
 			with_acl="yes"
 		fi
 	else
 		with_acl="no"
 	fi
 fi
 AC_SUBST(LIBATTR)
 if test "$with_attr" != "no"; then
 	AC_CHECK_HEADERS(attr/libattr.h attr/error_context.h, [attr_header="yes"], [attr_header="no"])
 	if test "$attr_header$with_attr" = "noyes" ; then
 		AC_MSG_ERROR([attr/libattr.h or attr/error_context.h is missing])
 	elif test "$attr_header" = "yes" ; then
 		AC_CHECK_LIB(attr, attr_copy_file,
 		             [AC_CHECK_LIB(attr, attr_copy_fd,
 		                           [attr_lib="yes"],
 		                           [attr_lib="no"])],
 		             [attr_lib="no"])
 		if test "$attr_lib$with_attr" = "noyes" ; then
 			AC_MSG_ERROR([libattr not found])
 		elif test "$attr_lib" = "no" ; then
 			with_attr="no"
 		else
 			AC_DEFINE(WITH_ATTR, 1,
 			          [Build shadow with Extended Attributes support])
 			LIBATTR="-lattr"
 			with_attr="yes"
 		fi
 	else
 		with_attr="no"
 	fi
 fi
 AC_SUBST(LIBAUDIT)
 if test "$with_audit" != "no"; then
 	AC_CHECK_HEADER(libaudit.h, [audit_header="yes"], [audit_header="no"])
 	if test "$audit_header$with_audit" = "noyes" ; then
 		AC_MSG_ERROR([libaudit.h is missing])
 	elif test "$audit_header" = "yes"; then
 		AC_CHECK_DECL(AUDIT_ADD_USER,,[audit_header="no"],[#include <libaudit.h>])
 		AC_CHECK_DECL(AUDIT_DEL_USER,,[audit_header="no"],[#include <libaudit.h>])
 		AC_CHECK_DECL(AUDIT_ADD_GROUP,,[audit_header="no"],[#include <libaudit.h>])
 		AC_CHECK_DECL(AUDIT_DEL_GROUP,,[audit_header="no"],[#include <libaudit.h>])
 		if test "$audit_header$with_audit" = "noyes" ; then
 			AC_MSG_ERROR([AUDIT_ADD_USER AUDIT_DEL_USER AUDIT_ADD_GROUP or AUDIT_DEL_GROUP missing from libaudit.h])
 		fi
 	fi
 	if test "$audit_header" = "yes"; then
 		AC_CHECK_LIB(audit, audit_log_acct_message,
 		             [audit_lib="yes"], [audit_lib="no"])
 		if test "$audit_lib$with_audit" = "noyes" ; then
 			AC_MSG_ERROR([libaudit not found])
 		elif test "$audit_lib" = "no" ; then
 			with_audit="no"
 		else
 			AC_DEFINE(WITH_AUDIT, 1,
 			          [Define if you want to enable Audit messages])
 			LIBAUDIT="-laudit"
 			with_audit="yes"
 		fi
 	else
 		with_audit="no"
 	fi
 fi
 if test "$with_btrfs" != "no"; then
 	AC_CHECK_HEADERS([sys/statfs.h linux/magic.h linux/btrfs_tree.h], \
 		[btrfs_headers="yes"], [btrfs_headers="no"])
 	if test "$btrfs_headers$with_btrfs" = "noyes" ; then
 		AC_MSG_ERROR([One of sys/statfs.h linux/magic.h linux/btrfs_tree.h is missing])
 	fi
 	if test "$btrfs_headers" = "yes" ; then
 		AC_DEFINE(WITH_BTRFS, 1, [Build shadow with BtrFS support])
 		with_btrfs="yes"
 	fi
 fi
 AM_CONDITIONAL(WITH_BTRFS, test x$with_btrfs = xyes)
 AC_SUBST(LIBSELINUX)
 AC_SUBST(LIBSEMANAGE)
 if test "$with_selinux" != "no"; then
 	AC_CHECK_HEADERS(selinux/selinux.h, [selinux_header="yes"], [selinux_header="no"])
 	if test "$selinux_header$with_selinux" = "noyes" ; then
 		AC_MSG_ERROR([selinux/selinux.h is missing])
 	fi
 	AC_CHECK_HEADERS(semanage/semanage.h, [semanage_header="yes"], [semanage_header="no"])
 	if test "$semanage_header$with_selinux" = "noyes" ; then
 		AC_MSG_ERROR([semanage/semanage.h is missing])
 	fi
 	if test "$selinux_header$semanage_header" = "yesyes" ; then
 		AC_CHECK_LIB(selinux, is_selinux_enabled, [selinux_lib="yes"], [selinux_lib="no"])
 		if test "$selinux_lib$with_selinux" = "noyes" ; then
 			AC_MSG_ERROR([libselinux not found])
 		fi
 		AC_CHECK_LIB(semanage, semanage_connect, [semanage_lib="yes"], [semanage_lib="no"])
 		if test "$semanage_lib$with_selinux" = "noyes" ; then
 			AC_MSG_ERROR([libsemanage not found])
 		fi
 		if test "$selinux_lib$semanage_lib" = "yesyes" ; then
 			AC_DEFINE(WITH_SELINUX, 1,
 			          [Build shadow with SELinux support])
 			LIBSELINUX="-lselinux"
 			LIBSEMANAGE="-lsemanage"
 			with_selinux="yes"
 		else
 			with_selinux="no"
 		fi
 	else
 		with_selinux="no"
 	fi
 fi
 AC_SUBST(LIBTCB)
 if test "$with_tcb" != "no"; then
 	AC_CHECK_HEADERS(tcb.h, [tcb_header="yes"], [tcb_header="no"])
 	if test "$tcb_header$with_tcb" = "noyes" ; then
 		AC_MSG_ERROR([tcb.h is missing])
 	elif test "$tcb_header" = "yes" ; then
 		AC_CHECK_LIB(tcb, tcb_is_suspect, [tcb_lib="yes"], [tcb_lib="no"])
 		if test "$tcb_lib$with_tcb" = "noyes" ; then
 			AC_MSG_ERROR([libtcb not found])
 		elif test "$tcb_lib" = "no" ; then
 			with_tcb="no"
 		else
 			AC_DEFINE(WITH_TCB, 1, [Build shadow with tcb support (incomplete)])
 			LIBTCB="-ltcb"
 			with_tcb="yes"
 		fi
 	else
 		with_tcb="no"
 	fi
 fi
 AM_CONDITIONAL(WITH_TCB, test x$with_tcb = xyes)
 AC_SUBST(LIBPAM)
 if test "$with_libpam" != "no"; then
 	AC_CHECK_LIB(pam, pam_start,
 	             [pam_lib="yes"], [pam_lib="no"])
 	if test "$pam_lib$with_libpam" = "noyes" ; then
 		AC_MSG_ERROR(libpam not found)
 	fi
 	LIBPAM="-lpam"
 	pam_conv_function="no"
 	AC_CHECK_LIB(pam, openpam_ttyconv,
 	             [pam_conv_function="openpam_ttyconv"],
 	             AC_CHECK_LIB(pam_misc, misc_conv,
 	                          [pam_conv_function="misc_conv"; LIBPAM="$LIBPAM -lpam_misc"])
 	            )
 	if test "$pam_conv_function$with_libpam" = "noyes" ; then
 		AC_MSG_ERROR(PAM conversation function not found)
 	fi
 	pam_headers_found=no
 	AC_CHECK_HEADERS( [security/openpam.h security/pam_misc.h],
 	                 [ pam_headers_found=yes ; break ], [],
 	                 [ #include <security/pam_appl.h> ] )
 	if test "$pam_headers_found$with_libpam" = "noyes" ; then
 	                AC_MSG_ERROR(PAM headers not found)
 	fi
 	if test "$pam_lib$pam_headers_found" = "yesyes" -a "$pam_conv_function" != "no" ; then
 		with_libpam="yes"
 	else
 		with_libpam="no"
 		unset LIBPAM
 	fi
 fi
 dnl Now with_libpam is either yes or no
 if test "$with_libpam" = "yes"; then
 	AC_CHECK_DECLS([PAM_ESTABLISH_CRED,
 	                PAM_DELETE_CRED,
 	                PAM_NEW_AUTHTOK_REQD,
 	                PAM_DATA_SILENT],
 	               [], [], [#include <security/pam_appl.h>])
 	save_libs=$LIBS
 	LIBS="$LIBS $LIBPAM"
 	# We do not use AC_CHECK_FUNCS to avoid duplicated definition with
 	# Linux PAM.
 	AC_CHECK_FUNC(pam_fail_delay, [AC_DEFINE(HAS_PAM_FAIL_DELAY, 1, [Define to 1 if you have the declaration of 'pam_fail_delay'])])
 	LIBS=$save_libs
 	AC_DEFINE(USE_PAM, 1, [Define to support Pluggable Authentication Modules])
 	AC_DEFINE_UNQUOTED(SHADOW_PAM_CONVERSATION, [$pam_conv_function],[PAM conversation to use])
 	AM_CONDITIONAL(USE_PAM, [true])
 	AC_MSG_CHECKING(use login and su access checking if PAM not used)
 	AC_MSG_RESULT(no)
 else
 	AC_DEFINE(SU_ACCESS, 1, [Define to support /etc/suauth su access control.])
 	AM_CONDITIONAL(USE_PAM, [false])
 	AC_MSG_CHECKING(use login and su access checking if PAM not used)
 	AC_MSG_RESULT(yes)
 fi
 if test "$enable_acct_tools_setuid" != "no"; then
 	if test "$with_libpam" != "yes"; then
 		if test "$enable_acct_tools_setuid" = "yes"; then
 			AC_MSG_ERROR(PAM support is required for --enable-account-tools-setuid)
 		else
 			enable_acct_tools_setuid="no"
 		fi
 	else
 		enable_acct_tools_setuid="yes"
 	fi
 	if test "$enable_acct_tools_setuid" = "yes"; then
 		AC_DEFINE(ACCT_TOOLS_SETUID,
 		          1,
 		          [Define if account management tools should be installed setuid and authenticate the callers])
 	fi
 fi
 AM_CONDITIONAL(ACCT_TOOLS_SETUID, test "x$enable_acct_tools_setuid" = "xyes")
 AC_ARG_WITH(fcaps,
 	[AS_HELP_STRING([--with-fcaps], [use file capabilities instead of suid binaries for newuidmap/newgidmap @<:@default=no@:>@])],
 	[with_fcaps=$withval], [with_fcaps=no])
 AM_CONDITIONAL(FCAPS, test "x$with_fcaps" = "xyes")
 if test "x$with_fcaps" = "xyes"; then
 	AC_CHECK_PROGS(capcmd, "setcap")
 	if test "x$capcmd" = "x" ; then
 		AC_MSG_ERROR([setcap command not available])
 	fi
 fi
 AC_SUBST(LIBSKEY)
 AC_SUBST(LIBMD)
 if test "$with_skey" = "yes"; then
 	AC_CHECK_LIB(md, MD5Init, [LIBMD=-lmd])
 	AC_CHECK_LIB(skey, skeychallenge, [LIBSKEY=-lskey],
 		[AC_MSG_ERROR([libskey missing. You can download S/Key source code from http://rsync1.it.gentoo.org/gentoo/distfiles/skey-1.1.5.tar.bz2])])
 	AC_DEFINE(SKEY, 1, [Define to support S/Key logins.])
 	AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
 		#include <stdio.h>
 		#include <skey.h>
 	]], [[
 		skeychallenge((void*)0, (void*)0, (void*)0, 0);
 	]])],[AC_DEFINE(SKEY_BSD_STYLE, 1, [Define to support newer BSD S/Key API])],[])
 fi
 AC_CHECK_FUNC(fgetpwent_r, [AC_DEFINE(HAVE_FGETPWENT_R, 1, [Defined to 1 if you have the declaration of 'fgetpwent_r'])])
 AC_DEFINE_UNQUOTED(SHELL, ["$SHELL"], [The default shell.])
 AM_GNU_GETTEXT_VERSION([0.19])
 AM_GNU_GETTEXT([external], [need-ngettext])
 AM_CONDITIONAL(USE_NLS, test "x$USE_NLS" = "xyes")
 AC_CONFIG_FILES([
 	Makefile
 	po/Makefile.in
 	doc/Makefile
 	man/Makefile
 	man/config.xml
 	man/po/Makefile
 	man/cs/Makefile
 	man/da/Makefile
 	man/de/Makefile
 	man/es/Makefile
 	man/fi/Makefile
 	man/fr/Makefile
 	man/hu/Makefile
 	man/id/Makefile
 	man/it/Makefile
 	man/ja/Makefile
 	man/ko/Makefile
 	man/pl/Makefile
 	man/pt_BR/Makefile
 	man/ru/Makefile
 	man/sv/Makefile
 	man/tr/Makefile
 	man/uk/Makefile
 	man/zh_CN/Makefile
 	man/zh_TW/Makefile
 	lib/Makefile
 	libsubid/Makefile
 	libsubid/subid.h
 	src/Makefile
 	contrib/Makefile
 	etc/Makefile
 	etc/pam.d/Makefile
 	etc/shadow-maint/Makefile
 	tests/unit/Makefile
 ])
 AC_OUTPUT
 echo
 echo "shadow will be compiled with the following features:"
 echo
 echo "	auditing support:		$with_audit"
 echo "	PAM support:			$with_libpam"
 if test "$with_libpam" = "yes"; then
 echo "	suid account management tools:	$enable_acct_tools_setuid"
 fi
 echo "	SELinux support:		$with_selinux"
 echo "	BtrFS support:			$with_btrfs"
 echo "	ACL support:			$with_acl"
 echo "	Extended Attributes support:	$with_attr"
 echo "	tcb support (incomplete):	$with_tcb"
 echo "	shadow group support:		$enable_shadowgrp"
 echo "	S/Key support:			$with_skey"
 echo "	SHA passwords encryption:	$with_sha_crypt"
 echo "	bcrypt passwords encryption:	$with_bcrypt"
 echo "	yescrypt passwords encryption:	$with_yescrypt"
 echo "	nscd support:			$with_nscd"
 echo "	sssd support:			$with_sssd"
 echo "	subordinate IDs support:	$enable_subids"
 echo "	enable lastlog:			$enable_lastlog"
 echo "	enable logind:			$enable_logind"
 echo "	use file caps:			$with_fcaps"
 echo "	install su:			$with_su"
 echo "	enabled vendor dir:             $enable_vendordir"
 echo
@@ -0,0 +1,430 @@
 dnl Process this file with autoconf to produce a configure script.
 AC_INIT
 AM_INIT_AUTOMAKE(shadow, 4.1.2.1)
 AC_CONFIG_HEADERS([config.h])
 dnl Some hacks...
 test "$prefix" = "NONE" && prefix="/usr"
 test "$prefix" = "/usr" && exec_prefix=""
 AC_GNU_SOURCE
 AM_DISABLE_SHARED
 AM_ENABLE_STATIC
 AM_MAINTAINER_MODE
 dnl Checks for programs.
 AC_PROG_CC
 AC_ISC_POSIX
 AC_PROG_LN_S
 AC_PROG_YACC
 AM_C_PROTOTYPES
 AM_PROG_LIBTOOL
 dnl Checks for libraries.
 dnl Checks for header files.
 AC_HEADER_DIRENT
 AC_HEADER_STDC
 AC_HEADER_SYS_WAIT
 AC_CHECK_HEADERS(errno.h fcntl.h limits.h unistd.h sys/time.h utmp.h \
 	utmpx.h termios.h termio.h sgtty.h sys/ioctl.h syslog.h paths.h \
 	utime.h ulimit.h sys/resource.h gshadow.h lastlog.h \
 	locale.h rpc/key_prot.h netdb.h)
 dnl shadow now uses the libc's shadow implementation
 AC_CHECK_HEADER([shadow.h],,[AC_MSG_ERROR([You need a libc with shadow.h])])
 AC_CHECK_FUNCS(l64a fchmod fchown fsync getgroups gethostname getspnam \
 	gettimeofday getusershell getutent initgroups lchown lckpwdf lstat \
 	memcpy memset setgroups sigaction strchr updwtmp updwtmpx innetgr \
 	getpwnam_r getpwuid_r getgrnam_r getgrgid_r getspnam_r)
 AC_SYS_LARGEFILE
 dnl Checks for typedefs, structures, and compiler characteristics.
 AC_C_CONST
 AC_TYPE_UID_T
 AC_TYPE_OFF_T
 AC_TYPE_PID_T
 AC_TYPE_MODE_T
 AC_HEADER_STAT
 AC_CHECK_MEMBERS([struct stat.st_rdev])
 AC_HEADER_TIME
 AC_STRUCT_TM
 if test "$ac_cv_header_utmp_h" = "yes"; then
 	AC_CACHE_CHECK(for ut_host in struct utmp,
 		ac_cv_struct_utmp_ut_host,
 		AC_COMPILE_IFELSE(
 			[AC_LANG_PROGRAM([#include <utmp.h>],
 				[struct utmp ut; char *cp = ut.ut_host;]
 			)],
 			[ac_cv_struct_utmp_ut_host=yes],
 			[ac_cv_struct_utmp_ut_host=no]
 		)
 	)
 	if test "$ac_cv_struct_utmp_ut_host" = "yes"; then
 		AC_DEFINE(UT_HOST, 1, [Define if you have ut_host in struct utmp.])
 	fi
 	AC_CACHE_CHECK(for ut_user in struct utmp,
 		ac_cv_struct_utmp_ut_user,
 		AC_COMPILE_IFELSE([AC_LANG_PROGRAM([#include <utmp.h>],
 				[struct utmp ut; char *cp = ut.ut_user;]
 			)],
 			[ac_cv_struct_utmp_ut_user=yes],
 			[ac_cv_struct_utmp_ut_user=no]
 		)
 	)
 	if test "$ac_cv_struct_utmp_ut_user" = "no"; then
 		AC_DEFINE(ut_user, ut_name,
 			[Define to ut_name if struct utmp has ut_name (not ut_user).])
 	fi
 fi
 if test "$ac_cv_header_lastlog_h" = "yes"; then
 	AC_CACHE_CHECK(for ll_host in struct lastlog,
 		ac_cv_struct_lastlog_ll_host,
 		AC_COMPILE_IFELSE([AC_LANG_PROGRAM([#include <lastlog.h>],
 					[struct lastlog ll; char *cp = ll.ll_host;]
 				)],
 			[ac_cv_struct_lastlog_ll_host=yes],
 			[ac_cv_struct_lastlog_ll_host=no]
 		)
 	)
 	if test "$ac_cv_struct_lastlog_ll_host" = "yes"; then
 		AC_DEFINE(HAVE_LL_HOST, 1,
 			[Define if struct lastlog has ll_host])
 	fi
 fi
 dnl Checks for library functions.
 AC_TYPE_GETGROUPS
 AC_TYPE_SIGNAL
 AC_FUNC_UTIME_NULL
 AC_FUNC_STRFTIME
 AC_REPLACE_FUNCS(mkdir putgrent putpwent putspent rename rmdir)
 AC_REPLACE_FUNCS(sgetgrent sgetpwent sgetspent)
 AC_REPLACE_FUNCS(snprintf strcasecmp strdup strerror strstr)
 AC_CHECK_FUNC(setpgrp)
 AC_FUNC_SETPGRP
 if test "$ac_cv_header_shadow_h" = "yes"; then
 	AC_CACHE_CHECK(for working shadow group support,
 		ac_cv_libc_shadowgrp,
 		AC_RUN_IFELSE([AC_LANG_SOURCE([
 				#include <shadow.h>
 				main()
 				{
 					struct sgrp *sg = sgetsgent("test:x::");
 					/* NYS libc on Red Hat 3.0.3 has broken shadow group support */
 					return !sg || !sg->sg_adm || !sg->sg_mem;
 				}]
 			)],
 			[ac_cv_libc_shadowgrp=yes],
 			[ac_cv_libc_shadowgrp=no],
 			[ac_cv_libc_shadowgrp=no]
 		)
 	)
 	if test "$ac_cv_libc_shadowgrp" = "yes"; then
 		AC_DEFINE(HAVE_SHADOWGRP, 1, [Have working shadow group support in libc])
 	fi
 fi
 AC_CACHE_CHECK([location of shared mail directory], shadow_cv_maildir,
 [for shadow_cv_maildir in /var/mail /var/spool/mail /usr/spool/mail /usr/mail none; do
 	if test -d $shadow_cv_maildir; then
 		break
 	fi
 done])
 if test $shadow_cv_maildir != none; then
 	AC_DEFINE_UNQUOTED(MAIL_SPOOL_DIR, "$shadow_cv_maildir",
 		[Location of system mail spool directory.])
 fi
 AC_CACHE_CHECK([location of user mail file], shadow_cv_mailfile,
 [for shadow_cv_mailfile in Mailbox mailbox Mail mail .mail none; do
 	if test -f $HOME/$shadow_cv_mailfile; then
 		break
 	fi
 done])
 if test $shadow_cv_mailfile != none; then
 	AC_DEFINE_UNQUOTED(MAIL_SPOOL_FILE, "$shadow_cv_mailfile",
 		[Name of user's mail spool file if stored in user's home directory.])
 fi
 AC_CACHE_CHECK([location of utmp], shadow_cv_utmpdir,
 [for shadow_cv_utmpdir in /var/run /var/adm /usr/adm /etc none; do
 	if test -f $shadow_cv_utmpdir/utmp; then
 		break
 	fi
 done])
 if test "$shadow_cv_utmpdir" = "none"; then
 	AC_MSG_WARN(utmp file not found)
 fi
 AC_DEFINE_UNQUOTED(_UTMP_FILE, "$shadow_cv_utmpdir/utmp",
 	[Path for utmp file.])
 AC_CACHE_CHECK([location of faillog/lastlog/wtmp], shadow_cv_logdir,
 [for shadow_cv_logdir in /var/log /var/adm /usr/adm /etc; do
 	if test -d $shadow_cv_logdir; then
 		break
 	fi
 done])
 AC_DEFINE_UNQUOTED(_WTMP_FILE, "$shadow_cv_logdir/wtmp",
 	[Path for wtmp file.])
 AC_DEFINE_UNQUOTED(LASTLOG_FILE, "$shadow_cv_logdir/lastlog",
 	[Path for lastlog file.])
 AC_DEFINE_UNQUOTED(FAILLOG_FILE, "$shadow_cv_logdir/faillog",
 	[Path for faillog file.])
 AC_CACHE_CHECK([location of the passwd program], shadow_cv_passwd_dir,
 [if test -f /usr/bin/passwd; then
 	shadow_cv_passwd_dir=/usr/bin
 else
 	shadow_cv_passwd_dir=/bin
 fi])
 AC_DEFINE_UNQUOTED(PASSWD_PROGRAM, "$shadow_cv_passwd_dir/passwd",
 	[Path to passwd program.])
 dnl XXX - quick hack, should disappear before anyone notices :).
 AC_DEFINE(USE_SYSLOG, 1, [Define to use syslog().])
 AC_DEFINE(RLOGIN, 1, [Define if login should support the -r flag for rlogind.])
 AC_DEFINE(RUSEROK, 0, [Define to the ruserok() "success" return value (0 or 1).])
 AC_ARG_ENABLE(shadowgrp,
 	[AC_HELP_STRING([--enable-shadowgrp], [enable shadow group support @<:@default=yes@:>@])],
 	[case "${enableval}" in
 	 yes) enable_shadowgrp="yes" ;;
 	  no) enable_shadowgrp="no" ;;
 	   *) AC_MSG_ERROR(bad value ${enableval} for --enable-shadowgrp) ;;
 	 esac],
 	[enable_shadowgrp="yes"]
 )
 AC_ARG_ENABLE(man,
 	[AC_HELP_STRING([--enable-man],
 		[regenerate roff man pages from Docbook @<:@default=no@:>@])],
 	[enable_man=yes],
        [enable_man=no]
 )
 AC_ARG_WITH(audit, 
 	[AC_HELP_STRING([--with-audit], [use auditing support @<:@default=yes if found@:>@])],
 	[with_audit=$withval], [with_audit=maybe])
 AC_ARG_WITH(libpam,
 	[AC_HELP_STRING([--with-libpam], [use libpam for PAM support @<:@default=yes if found@:>@])],
 	[with_libpam=$withval], [with_libpam=maybe])
 AC_ARG_WITH(selinux,
 	[AC_HELP_STRING([--with-selinux], [use SELinux support @<:@default=yes if found@:>@])],
 	[with_selinux=$withval], [with_selinux=maybe])
 AC_ARG_WITH(skey,
 	[AC_HELP_STRING([--with-skey], [use S/Key support @<:@default=no@:>@])],
 	[with_skey=$withval], [with_skey=no])
 AC_ARG_WITH(libcrack,
 	[AC_HELP_STRING([--with-libcrack], [use libcrack @<:@default=yes if found and if PAM not enabled@:>@])],
 	[with_libcrack=$withval], [with_libcrack=no])
 AC_ARG_WITH(sha-crypt,
 	[AC_HELP_STRING([--with-sha-crypt], [allow the SHA256 and SHA512 password encryption algorithms @<:@default=yes@:>@])],
 	[with_sha_crypt=$withval], [with_sha_crypt=yes])
 AM_CONDITIONAL(USE_SHA_CRYPT, test "x$with_sha_crypt" = "xyes")
 if test "$with_sha_crypt" = "yes"; then
 		AC_DEFINE(USE_SHA_CRYPT, 1, [Define to allow the SHA256 and SHA512 password encryption algorithms])
 fi
 dnl Check for some functions in libc first, only if not found check for
 dnl other libraries.  This should prevent linking libnsl if not really
 dnl needed (Linux glibc, Irix), but still link it if needed (Solaris).
 AC_SEARCH_LIBS(inet_ntoa, inet)
 AC_SEARCH_LIBS(socket, socket)
 AC_SEARCH_LIBS(gethostbyname, nsl)
 if test "$enable_shadowgrp" = "yes"; then
 	AC_DEFINE(SHADOWGRP, 1, [Define to support the shadow group file.])
 fi
 AM_CONDITIONAL(SHADOWGRP, test "x$enable_shadowgrp" = "xyes")
 if test "$enable_man" = "yes"; then
 	dnl
 	dnl Check for xsltproc
 	dnl
 	AC_PATH_PROG([XSLTPROC], [xsltproc])
 	if test -z "$XSLTPROC"; then
 		enable_man=no
 	fi
 	dnl check for DocBook DTD and stylesheets in the local catalog.
 	JH_CHECK_XML_CATALOG([-//OASIS//DTD DocBook XML V4.1.2//EN],
 		[DocBook XML DTD V4.1.2], [], enable_man=no)
 	JH_CHECK_XML_CATALOG([http://docbook.sourceforge.net/release/xsl/current/manpages/docbook.xsl],
 		[DocBook XSL Stylesheets >= 1.70.1], [], enable_man=no)
 fi
 AM_CONDITIONAL(ENABLE_REGENERATE_MAN, test x$enable_man != xno)
 AC_SUBST(LIBCRYPT)
 AC_CHECK_LIB(crypt, crypt, [LIBCRYPT=-lcrypt],
 	[AC_MSG_ERROR([crypt() not found])])
 AC_SUBST(LIBAUDIT)
 if test "$with_audit" != "no"; then
 	AC_CHECK_HEADER(libaudit.h, [audit_header="yes"], [audit_header="no"])
 	if test "$audit_header$with_audit" = "noyes" ; then
 		AC_MSG_ERROR([libaudit.h is missing])
 	elif test "$audit_header" = "yes"; then
 		AC_CHECK_LIB(audit, audit_log_acct_message,
 		             [audit_lib="yes"], [audit_lib="no"])
 		if test "$audit_lib$with_audit" = "noyes" ; then
 			AC_MSG_ERROR([libaudit not found])
 		elif test "$audit_lib" = "no" ; then
 			with_audit="no"
 		else
 			AC_DEFINE(WITH_AUDIT, 1,
 			          [Define if you want to enable Audit messages])
 			LIBAUDIT="-laudit"
 			with_audit="yes"
 		fi
 	else
 		with_audit="no"
 	fi
 fi
 AC_SUBST(LIBCRACK)
 if test "$with_libcrack" = "yes"; then
 	echo "checking cracklib flavour, don't be surprised by the results"
 	AC_CHECK_LIB(crack, FascistCheck,
 		[LIBCRACK=-lcrack AC_DEFINE(HAVE_LIBCRACK, 1, [Defined if you have libcrack.])])
 	AC_CHECK_LIB(crack, FascistHistory,
 		AC_DEFINE(HAVE_LIBCRACK_HIST, 1, [Defined if you have the ts&szs cracklib.]))
 	AC_CHECK_LIB(crack, FascistHistoryPw,
 		AC_DEFINE(HAVE_LIBCRACK_PW, 1, [Defined if it includes *Pw functions.]))
 fi
 AC_SUBST(LIBSELINUX)
 if test "$with_selinux" != "no"; then
 	AC_CHECK_HEADERS(selinux/selinux.h, [selinux_header="yes"], [selinux_header="no"])
 	if test "$selinux_header$with_selinux" = "noyes" ; then
 		AC_MSG_ERROR([selinux/selinux.h is missing])
 	elif test "$selinux_header" = "yes" ; then
 		AC_CHECK_LIB(selinux, is_selinux_enabled,
 		             [selinux_lib="yes"], [selinux_lib="no"])
 		if test "$selinux_lib$with_selinux" = "noyes" ; then
 			AC_MSG_ERROR([libselinux not found])
 		elif test "$selinux_lib" = "no" ; then
 			with_selinux="no"
 		else
 			AC_DEFINE(WITH_SELINUX, 1,
 			          [Build shadow with SELinux support])
 			LIBSELINUX="-lselinux"
 			with_selinux="yes"
 		fi
 	else
 		with_selinux="no"
 	fi
 fi
 AC_SUBST(LIBPAM)
 if test "$with_libpam" != "no"; then
 	AC_CHECK_LIB(pam, pam_start,
 	             [pam_lib="yes"], [pam_lib="no"])
 	if test "$pam_lib$with_libpam" = "noyes" ; then
 		AC_MSG_ERROR(libpam not found)
 	fi
 	AC_CHECK_LIB(pam_misc, main,
 	             [pam_misc_lib="yes"], [pam_misc_lib="no"])
 	if test "$pam_misc_lib$with_libpam" = "noyes" ; then
 		AC_MSG_ERROR(libpam_misc not found)
 	fi
 	if test "$pam_lib$pam_misc_lib" = "yesyes" ; then
 		with_libpam="yes"
 	else
 		with_libpam="no"
 	fi
 fi
 dnl Now with_libpam is either yes or no
 if test "$with_libpam" = "yes"; then
 	AC_DEFINE(USE_PAM, 1, [Define to support Pluggable Authentication Modules])
 	AM_CONDITIONAL(USE_PAM, [true])
 	LIBPAM="-lpam -lpam_misc"
 	AC_MSG_CHECKING(use login and su access checking if PAM not used)
 	AC_MSG_RESULT(no)
 else
 	AC_DEFINE(SU_ACCESS, 1, [Define to support /etc/suauth su access control.])
 	AM_CONDITIONAL(USE_PAM, [false])
 	AC_MSG_CHECKING(use login and su access checking if PAM not used)
 	AC_MSG_RESULT(yes)
 fi
 AC_SUBST(LIBSKEY)
 AC_SUBST(LIBMD)
 if test "$with_skey" = "yes"; then
 	AC_CHECK_LIB(md, MD5Init, [LIBMD=-lmd])
 	AC_CHECK_LIB(skey, skeychallenge, [LIBSKEY=-lskey],
 		[AC_MSG_ERROR([liskey missing. You can download S/Key source code from http://rsync1.it.gentoo.org/gentoo/distfiles/skey-1.1.5.tar.bz2])])
 	AC_DEFINE(SKEY, 1, [Define to support S/Key logins.])
 	AC_TRY_COMPILE([
 		#include <stdio.h>
 		#include <skey.h>
 	],[
 		skeychallenge((void*)0, (void*)0, (void*)0, 0);
 	],[AC_DEFINE(SKEY_BSD_STYLE, 1, [Define to support newer BSD S/Key API])])
 fi
 AM_GNU_GETTEXT_VERSION(0.16)
 AM_GNU_GETTEXT([external], [need-ngettext])
 AM_CONDITIONAL(USE_NLS, test "x$USE_NLS" = "xyes")
 AC_CONFIG_FILES([
 	Makefile
 	po/Makefile.in
 	doc/Makefile
 	man/Makefile
 	man/po/Makefile.in
 	man/cs/Makefile
 	man/de/Makefile
 	man/es/Makefile
 	man/fi/Makefile
 	man/fr/Makefile
 	man/hu/Makefile
 	man/id/Makefile
 	man/it/Makefile
 	man/ja/Makefile
 	man/ko/Makefile
 	man/pl/Makefile
 	man/pt_BR/Makefile
 	man/ru/Makefile
 	man/sv/Makefile
 	man/tr/Makefile
 	man/zh_CN/Makefile
 	man/zh_TW/Makefile
 	libmisc/Makefile
 	lib/Makefile
 	src/Makefile
 	contrib/Makefile
 	etc/Makefile
 	etc/pam.d/Makefile
 	shadow.spec
 ])
 AC_OUTPUT
 echo
 echo "shadow will be compiled with the following features:"
 echo
 echo "	auditing support:		$with_audit"
 echo "	CrackLib support:		$with_libcrack"
 echo "	PAM support:			$with_libpam"
 echo "	SELinux support:		$with_selinux"
 echo "	shadow group support:		$enable_shadowgrp"
 echo "	S/Key support:			$with_skey"
 echo "	SHA passwords encryption:	$with_sha_crypt"
 echo
@@ -1,4 +1,6 @@
 # This is a dummy Makefile.am to get automake work flawlessly,
 # and also cooperate to make a distribution for `make dist'
-EXTRA_DIST = README adduser.c adduser.sh adduser2.sh
+EXTRA_DIST = README adduser.c adduser-old.c adduser.sh adduser2.sh \
 atudel groupmems.shar pwdauth.c shadow-anonftp.patch \
 udbachk.tgz
@@ -2,6 +2,9 @@ People keep sending various adduser programs and scripts...  They are
 all in this directory.  I haven't tested them, use at your own risk.
 Anyway, the best one I've seen so far is adduser-3.x from Debian.
 atudel is a perl script to remove at jobs owned by the specified user
 (atrm in at-2.9 for Linux can't do that).
 udbachk.tgz is a passwd/group/shadow file integrity checker.
 --marekm
@@ -0,0 +1,300 @@
 /****
 ** 03/17/96
 ** hacked a bit more, removed unused code, cleaned up for gcc -Wall.
 ** --marekm
 **
 ** 02/26/96
 ** modified to call shadow utils (useradd,chage,passwd) on shadowed 
 ** systems - Cristian Gafton, gafton@sorosis.ro
 **
 ** 6/27/95
 ** shadow-adduser 1.4:
 **
 ** now it copies the /etc/skel dir into the person's dir, 
 ** makes the mail folders, changed some defaults and made a 'make 
 ** install' just for the hell of it.
 **
 ** Greg Gallagher
 ** CIN.Net
 **
 ** 1/28/95
 ** shadow-adduser 1.3:
 ** 
 ** Basically a bug-fix on my additions in 1.2.  Thanx to Terry Stewart 
 ** (stew@texas.net) for pointing out one of the many idiotic bugs I introduced.
 ** It was such a stupid bug that I would have never seen it myself.
 **
 **                                Brandon
 *****
 ** 01/27/95
 ** 
 ** shadow-adduser 1.2:
 ** I took the C source from adduser-shadow (credits are below) and made
 ** it a little more worthwhile.  Many small changes... Here's
 ** the ones I can remember:
 ** 
 ** Removed support for non-shadowed systems (if you don't have shadow,
 **     use the original adduser, don't get this shadow version!)
 ** Added support for the correct /etc/shadow fields (Min days before
 **     password change, max days before password change, Warning days,
 **     and how many days from expiry date does the account go invalid)
 **     The previous version just left all of those fields blank.
 **     There is still one field left (expiry date for the account, period)
 **     which I have left blank because I do not use it and didn't want to
 **     spend any more time on this.  I'm sure someone will put it in and
 **     tack another plethora of credits on here. :)
 ** Added in the password date field, which should always reflect the last
 **     date the password was changed, for expiry purposes.  "passwd" always
 **     updates this field, so the adduser program should set it up right
 **     initially (or a user could keep thier initial password forever ;)
 **     The number is in days since Jan 1st, 1970.
 **
 **                       Have fun with it, and someone please make
 **                       a real version(this is still just a hack)
 **                       for us all to use (and Email it to me???)
 **
 **                               Brandon
 **                                  photon@usis.com
 **
 ***** 
 ** adduser 1.0: add a new user account (For systems not using shadow)
 ** With a nice little interface and a will to do all the work for you.
 **
 ** Craig Hagan
 ** hagan@opine.cs.umass.edu
 **
 ** Modified to really work, look clean, and find unused uid by Chris Cappuccio
 ** chris@slinky.cs.umass.edu
 **
 *****
 **
 ** 01/19/95
 **
 ** FURTHER modifications to enable shadow passwd support (kludged, but
 ** no more so than the original)  by Dan Crowson - dcrowson@mo.net
 **
 ** Search on DAN for all changes...
 **
 *****
 **
 ** cc -O -o adduser adduser.c
 ** Use gcc if you have it... (political reasons beyond my control) (chris)
 **
 ** I've gotten this program to work with success under Linux (without
 ** shadow) and SunOS 4.1.3. I would assume it should work pretty well
 ** on any system that uses no shadow. (chris)
 **
 ** If you have no crypt() then try
 ** cc -DNO_CRYPT -O -o adduser adduser.c xfdes.c
 ** I'm not sure how login operates with no crypt()... I guess
 ** the same way we're doing it here.
 */
 #include <pwd.h>
 #include <grp.h>
 #include <ctype.h>
 #include <stdio.h>
 #include <stdlib.h>
 #include <string.h>
 #include <unistd.h>
 #include <time.h>
 #include <sys/types.h>
 #include <sys/timeb.h>
 #include <sys/time.h>
 #include <sys/stat.h>
 #define DEFAULT_SHELL	"/bin/bash"  /* because BASH is your friend */
 #define DEFAULT_HOME	"/home"
 #define USERADD_PATH	"/usr/sbin/useradd"
 #define CHAGE_PATH	"/usr/sbin/chage"
 #define PASSWD_PATH	"/usr/bin/passwd"
 #define DEFAULT_GROUP	100
 #define DEFAULT_MAX_PASS 60
 #define DEFAULT_WARN_PASS 10
 /* if you use this feature, you will get a lot of complaints from users
   who rarely use their accounts :)  (something like 3 months would be
   more reasonable)  --marekm */
 #define DEFAULT_USER_DIE /* 10 */ 0
 void main()
 {
 	char foo[32];			
 	char uname[9],person[32],dir[32],shell[32];
 	unsigned int group,min_pass,max_pass,warn_pass,user_die;
 	/* the group and uid of the new user */
 	int bad=0,done=0,correct=0,gets_warning=0;
 	char cmd[255];
 	struct group *grp;
 	/* flags, in order:
 	* bad to see if the username is in /etc/passwd, or if strange stuff has
 	* been typed if the user might be put in group 0
 	* done allows the program to exit when a user has been added
 	* correct loops until a password is found that isn't in /etc/passwd
 	* gets_warning allows the fflush to be skipped for the first gets
 	* so that output is still legible
 	*/
 	/* The real program starts HERE! */
 	if(geteuid()!=0)
 	{
 		printf("It seems you don't have access to add a new user.  Try\n");
 		printf("logging in as root or su root to gain super-user access.\n");
 		exit(1);
 	}
 	/* Sanity checks
 	*/
 	if (!(grp=getgrgid(DEFAULT_GROUP))){
 		printf("Error: the default group %d does not exist on this system!\n",
 				DEFAULT_GROUP);
 		printf("adduser must be recompiled.\n");
 		exit(1);
 	}; 
 	while(!correct) {		/* loop until a "good" uname is chosen */
 		while(!done) {
 			printf("\nLogin to add (^C to quit): ");
 			if(gets_warning)	/* if the warning was already shown */
 				fflush(stdout);	/* fflush stdout, otherwise set the flag */
 			else
 				gets_warning=1;
 			gets(uname);
 			if(!strlen(uname)) {
 				printf("Empty input.\n");
 				done=0;
 				continue;
 			};
 			/* what I saw here before made me think maybe I was running DOS */
 			/* might this be a solution? (chris) */
 			if (getpwnam(uname) != NULL) {
 				printf("That name is in use, choose another.\n");
 				done=0;
 			} else
 				done=1;
 		}; /* done, we have a valid new user name */
 		/* all set, get the rest of the stuff */
 		printf("\nEditing information for new user [%s]\n",uname);
 		printf("\nFull Name [%s]: ",uname);
 		gets(person);
 		if (!strlen(person)) {
 			bzero(person,sizeof(person));
 			strcpy(person,uname);
 		};
 		do {
 			bad=0; 
 			printf("GID [%d]: ",DEFAULT_GROUP);
 			gets(foo);
 			if (!strlen(foo))
 				group=DEFAULT_GROUP;
 			else
 				if (isdigit (*foo)) {
 					group = atoi(foo);
 					if (! (grp = getgrgid (group))) {
 						printf("unknown gid %s\n",foo);
 						group=DEFAULT_GROUP;
 						bad=1;
 					};
 			} else
 				if ((grp = getgrnam (foo)))
 					group = grp->gr_gid;
 				else {
 					printf("unknown group %s\n",foo);
 					group=DEFAULT_GROUP;
 					bad=1;
 				}
 			if (group==0){	/* You're not allowed to make root group users! */
 				printf("Creation of root group users not allowed (must be done by hand)\n");
 				group=DEFAULT_GROUP;
 				bad=1;
 			};
 		} while(bad);
 		fflush(stdin);
 		printf("\nIf home dir ends with a / then [%s] will be appended to it\n",uname);
 		printf("Home Directory [%s/%s]: ",DEFAULT_HOME,uname);
 		fflush(stdout);
 		gets(dir);
 		if (!strlen(dir)) { /* hit return */
 			sprintf(dir,"%s/%s",DEFAULT_HOME,uname);
 			fflush(stdin);
 		} else
 			if (dir[strlen(dir)-1]=='/')
 				sprintf(dir,"%s%s",dir,uname);
 		printf("\nShell [%s]: ",DEFAULT_SHELL);
 		fflush(stdout);
 		gets(shell);
 		if (!strlen(shell))
 			sprintf(shell,"%s",DEFAULT_SHELL);
 		printf("\nMin. Password Change Days [0]: ");
 		gets(foo);
 		min_pass=atoi(foo);
 		printf("Max. Password Change Days [%d]: ",DEFAULT_MAX_PASS);
 		gets(foo);
 		if (strlen(foo) > 1)
 			max_pass = atoi(foo);
 		else
 			max_pass = DEFAULT_MAX_PASS;
 		printf("Password Warning Days [%d]: ",DEFAULT_WARN_PASS);
 		gets(foo);
 		warn_pass = atoi(foo);
 		if (warn_pass==0)
 			warn_pass = DEFAULT_WARN_PASS;
 		printf("Days after Password Expiry for Account Locking [%d]: ",DEFAULT_USER_DIE);
 		gets(foo);
 		user_die = atoi(foo);
 		if (user_die == 0)
 			user_die = DEFAULT_USER_DIE;
 		printf("\nInformation for new user [%s] [%s]:\n",uname,person);
 		printf("Home directory: [%s] Shell: [%s]\n",dir,shell);
 		printf("GID: [%d]\n",group);
 		printf("MinPass: [%d] MaxPass: [%d] WarnPass: [%d] UserExpire: [%d]\n",
 				min_pass,max_pass,warn_pass,user_die);
 		printf("\nIs this correct? [y/N]: ");
 		fflush(stdout);
 		gets(foo);
 		done=bad=correct=(foo[0]=='y'||foo[0]=='Y');
 		if(bad!=1)
 			printf("\nUser [%s] not added\n",uname);
    }
 	bzero(cmd,sizeof(cmd));
 	sprintf(cmd,"%s -g %d -d %s -s %s -c \"%s\" -m -k /etc/skel %s",
 			USERADD_PATH,group,dir,shell,person,uname);
 	printf("Calling useradd to add new user:\n%s\n",cmd);  
 	if(system(cmd)){
 		printf("User add failed!\n");
 		exit(errno);
 	};
 	bzero(cmd,sizeof(cmd));
 	sprintf(cmd,"%s -m %d -M %d -W %d -I %d %s", CHAGE_PATH,
 			min_pass,max_pass,warn_pass,user_die,uname);
 	printf("%s\n",cmd);
 	if(system(cmd)){
 		printf("There was an error setting password expire values\n");
 		exit(errno);
 	};
 	bzero(cmd,sizeof(cmd));
 	sprintf(cmd,"%s %s",PASSWD_PATH,uname);
 	system(cmd);
 	printf("\nDone.\n");
 }
@@ -34,7 +34,7 @@
 ** 1/28/95
 ** shadow-adduser 1.3:
 ** 
-** Basically a bug-fix on my additions in 1.2.  Thanks to Terry Stewart 
+** Basically a bug-fix on my additions in 1.2.  Thanx to Terry Stewart 
 ** (stew@texas.net) for pointing out one of the many idiotic bugs I introduced.
 ** It was such a stupid bug that I would have never seen it myself.
 **
@@ -60,7 +60,7 @@
 ** Added in the password date field, which should always reflect the last
 **     date the password was changed, for expiry purposes.  "passwd" always
 **     updates this field, so the adduser program should set it up right
-**     initially (or a user could keep their initial password forever ;)
+**     initially (or a user could keep thier initial password forever ;)
 **     The number is in days since Jan 1st, 1970.
 **
 **                       Have fun with it, and someone please make
@@ -118,9 +118,6 @@
 #include <sys/stat.h>
 #include <syslog.h>
 #include "string/strcmp/streq.h"
 #define IMMEDIATE_CHANGE	/* Expire newly created password, must be changed
 				 * immediately upon next login */
 #define HAVE_QUOTAS		/* Obvious */
@@ -294,10 +291,12 @@ main (void)
 	  printf ("Home Directory [%s/%s]: ", DEFAULT_HOME, usrname);
 	  fflush (stdout);
 	  safeget (dir, sizeof (dir));
-	  if (!strlen(dir))  /* hit return */
+	  if (!strlen (dir))
-	    sprintf(dir, "%s/%s", DEFAULT_HOME, usrname);
+	    {			/* hit return */
 	      sprintf (dir, "%s/%s", DEFAULT_HOME, usrname);
 	    }
 	  else if (dir[strlen (dir) - 1] == '/')
-	    strcat(dir, usrname);
+	    sprintf (dir, "%s%s", dir, usrname);
 	}
      else
 	{
@@ -309,7 +308,7 @@ main (void)
      fflush (stdout);
      safeget (shell, sizeof (shell));
      if (!strlen (shell))
-	strcpy(shell, DEFAULT_SHELL);
+	sprintf (shell, "%s", DEFAULT_SHELL);
      else
 	{
 	  char *sh;
@@ -317,7 +316,7 @@ main (void)
 #ifdef HAVE_GETUSERSHELL
 	  setusershell ();
 	  while ((sh = getusershell ()) != NULL)
-	    if (streq(shell, sh))
+	    if (!strcmp (shell, sh))
 	      ok = 1;
 	  endusershell ();
 #endif
@@ -328,7 +327,7 @@ main (void)
 	      else
 		{
 		  printf ("Shell NOT in /etc/shells, DEFAULT used\n");
-		  strcpy(shell, DEFAULT_SHELL);
+		  sprintf (shell, "%s", DEFAULT_SHELL);
 		}
 	    }
 	}
@@ -490,14 +489,14 @@ safeget (char *buf, int maxlen)
  while ((c = getc (stdin)) != EOF && (c != '\n') && (++i < maxlen))
    {
      bad = (!isalnum (c) && (c != '_') && (c != ' '));
-      *(buf++) = c;
+      *(buf++) = (char) c;
    }
-  stpcpy(buf, "");
+  *buf = '\0';
  if (bad)
    {
      printf ("\nString contained banned character. Please stick to alphanumerics.\n");
-      stpcpy(bstart, "");
+      *bstart = '\0';
    }
 }
@@ -32,7 +32,7 @@ def_home_dir=/home/users
 # default shell
 def_shell=/bin/tcsh
-# Default expiration date (mm/dd/yy)
+# Defaul expiration date (mm/dd/yy)
 def_expire=""
 # default dates
@@ -0,0 +1,85 @@
 #!/usr/bin/perl
 #
 # Copyright (c) 1996 Brian R. Gaeke
 # All rights reserved.
 #
 # Redistribution and use in source and binary forms, with or without
 # modification, are permitted provided that the following conditions
 # are met:
 # 1. Redistributions of source code must retain the above copyright
 #    notice, this list of conditions and the following disclaimer.
 # 2. Redistributions in binary form must reproduce the above copyright
 #    notice, this list of conditions and the following disclaimer in the
 #    documentation and/or other materials provided with the distribution.
 # 3. All advertising materials mentioning features or use of this software
 #    must display the following acknowledgement:
 #    This product includes software developed by Brian R. Gaeke.
 # 4. The name of the author, Brian R. Gaeke, may not be used to endorse
 #    or promote products derived from this software without specific
 #    prior written permission.
 #
 # THIS SOFTWARE IS PROVIDED BY BRIAN R. GAEKE ``AS IS'' AND ANY EXPRESS
 # OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
 # WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
 # DISCLAIMED.  IN NO EVENT SHALL BRIAN R. GAEKE BE LIABLE FOR ANY DIRECT,
 # INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
 # (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
 # SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
 # HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
 # STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING
 # IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
 # POSSIBILITY OF SUCH DAMAGE.
 #
 # Additionally:
 #
 # This software is provided without support and without any obligation
 # on the part of Brian R. Gaeke to assist in its use, correction,
 # modification or enhancement.
 #
 #######################################################################
 #
 # this is atudel, version 2, by Brian R. Gaeke <brg@dgate.org>
 #
 require "getopts.pl";
 &Getopts('v');
 $username = shift(@ARGV);
 &usage unless $username;
 sub usage
 {
 	print STDERR "atudel - remove all at jobs owned by a user\n";
 	print STDERR "usage: $0 [-v] username\n";
 	exit(1);
 }
 # odd. unless getpwnam($uname) doesn't seem to work for $uname eq "root" on
 # my linux system. but this does.
 die "user $username does not exist; stopping"
 	unless defined(getpwnam($username));
 print "searching for at jobs owned by user $username ..." if $opt_v;
 chdir "/var/spool/atjobs" ||
 	die "can't chdir to /var/spool/atjobs: $!\nstopping";
 opendir(DIR,".") || die "can't opendir(/var/spool/atjobs): $!\nstopping";
@files = grep(!/^\./,grep(-f,readdir(DIR)));
 closedir DIR;
 foreach $x (@files)
 {
 	$owner = (getpwuid((stat($x))[4]))[0];
 	push(@nuke_bait,$x) if $owner eq $username;
 }
 if (@nuke_bait)
 {
 	print "removed jobIDs: @{nuke_bait}.\n" if $opt_v;
 	unlink @nuke_bait;
 }
 elsif ($opt_v)
 {
 	print "\n";
 }
 exit 0;
@@ -0,0 +1,546 @@
 #!/bin/sh
 # This is a shell archive (produced by GNU sharutils 4.2.1).
 # To extract the files from this archive, save it to some FILE, remove
 # everything before the `!/bin/sh' line above, then type `sh FILE'.
 #
 # Made on 2000-05-25 14:41 CDT by <gk4@gnu.austin.ibm.com>.
 # Source directory was `/home/gk4/src/groupmem'.
 #
 # Existing files will *not* be overwritten unless `-c' is specified.
 #
 # This shar contains:
 # length mode       name
 # ------ ---------- ------------------------------------------
 #   1960 -rw-r--r-- Makefile
 #   6348 -rw-r--r-- groupmems.c
 #   3372 -rw------- groupmems.8
 #
 save_IFS="${IFS}"
 IFS="${IFS}:"
 gettext_dir=FAILED
 locale_dir=FAILED
 first_param="$1"
 for dir in $PATH
 do
  if test "$gettext_dir" = FAILED && test -f $dir/gettext \
     && ($dir/gettext --version >/dev/null 2>&1)
  then
    set `$dir/gettext --version 2>&1`
    if test "$3" = GNU
    then
      gettext_dir=$dir
    fi
  fi
  if test "$locale_dir" = FAILED && test -f $dir/shar \
     && ($dir/shar --print-text-domain-dir >/dev/null 2>&1)
  then
    locale_dir=`$dir/shar --print-text-domain-dir`
  fi
 done
 IFS="$save_IFS"
 if test "$locale_dir" = FAILED || test "$gettext_dir" = FAILED
 then
  echo=echo
 else
  TEXTDOMAINDIR=$locale_dir
  export TEXTDOMAINDIR
  TEXTDOMAIN=sharutils
  export TEXTDOMAIN
  echo="$gettext_dir/gettext -s"
 fi
 if touch -am -t 200112312359.59 $$.touch >/dev/null 2>&1 && test ! -f 200112312359.59 -a -f $$.touch; then
  shar_touch='touch -am -t $1$2$3$4$5$6.$7 "$8"'
 elif touch -am 123123592001.59 $$.touch >/dev/null 2>&1 && test ! -f 123123592001.59 -a ! -f 123123592001.5 -a -f $$.touch; then
  shar_touch='touch -am $3$4$5$6$1$2.$7 "$8"'
 elif touch -am 1231235901 $$.touch >/dev/null 2>&1 && test ! -f 1231235901 -a -f $$.touch; then
  shar_touch='touch -am $3$4$5$6$2 "$8"'
 else
  shar_touch=:
  echo
  $echo 'WARNING: not restoring timestamps.  Consider getting and'
  $echo "installing GNU \`touch', distributed in GNU File Utilities..."
  echo
 fi
 rm -f 200112312359.59 123123592001.59 123123592001.5 1231235901 $$.touch
 #
 if mkdir _sh10937; then
  $echo 'x -' 'creating lock directory'
 else
  $echo 'failed to create lock directory'
  exit 1
 fi
 # ============= Makefile ==============
 if test -f 'Makefile' && test "$first_param" != -c; then
  $echo 'x -' SKIPPING 'Makefile' '(file already exists)'
 else
  $echo 'x -' extracting 'Makefile' '(text)'
  sed 's/^X//' << 'SHAR_EOF' > 'Makefile' &&
 /*
 # Copyright 2000, International Business Machines, Inc.
 # All rights reserved.
 #
 # original author: George Kraft IV, gk4@us.ibm.com
 #
 # Redistribution and use in source and binary forms, with or without
 # modification, are permitted provided that the following conditions
 # are met:
 #
 # 1. Redistributions of source code must retain the above copyright
 #    notice, this list of conditions and the following disclaimer.
 # 2. Redistributions in binary form must reproduce the above copyright
 #    notice, this list of conditions and the following disclaimer in the
 #    documentation and/or other materials provided with the distribution.
 # 3. Neither the name of International Business Machines, Inc., nor the 
 #    names of its contributors may be used to endorse or promote products 
 #    derived from this software without specific prior written permission.
 #
 # THIS SOFTWARE IS PROVIDED BY INTERNATIONAL BUSINESS MACHINES, INC. AND
 # CONTRIBUTORS ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, 
 # BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS 
 # FOR A PARTICULAR PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL 
 # INTERNATIONAL BUSINESS MACHINES, INC. OR CONTRIBUTORS BE LIABLE
 # FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
 # DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
 # OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
 # HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
 # LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
 # OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 # SUCH DAMAGE.
 # 
 X
 all: groupmems
 X
 groupmems: groupmems.c
 X	cc -g -o groupmems groupmems.c -L. -lshadow
 X
 install: groupmems
 X	-/usr/sbin/groupadd groups
 X	install -o root -g groups -m 4770 groupmems /usr/bin
 X
 install.man: groupmems.8
 X	install -o root -g root -m 644 groupmems.8 /usr/man/man8
 X
 SHAR_EOF
  (set 20 00 05 25 14 40 28 'Makefile'; eval "$shar_touch") &&
  chmod 0644 'Makefile' ||
  $echo 'restore of' 'Makefile' 'failed'
  if ( md5sum --help 2>&1 | grep 'sage: md5sum \[' ) >/dev/null 2>&1 \
  && ( md5sum --version 2>&1 | grep -v 'textutils 1.12' ) >/dev/null; then
    md5sum -c << SHAR_EOF >/dev/null 2>&1 \
    || $echo 'Makefile:' 'MD5 check failed'
 b46cf7ef8d59149093c011ced3f3103c  Makefile
 SHAR_EOF
  else
    shar_count="`LC_ALL= LC_CTYPE= LANG= wc -c < 'Makefile'`"
    test 1960 -eq "$shar_count" ||
    $echo 'Makefile:' 'original size' '1960,' 'current size' "$shar_count!"
  fi
 fi
 # ============= groupmems.c ==============
 if test -f 'groupmems.c' && test "$first_param" != -c; then
  $echo 'x -' SKIPPING 'groupmems.c' '(file already exists)'
 else
  $echo 'x -' extracting 'groupmems.c' '(text)'
  sed 's/^X//' << 'SHAR_EOF' > 'groupmems.c' &&
 /*
 X * Copyright 2000, International Business Machines, Inc.
 X * All rights reserved.
 X *
 X * original author: George Kraft IV, gk4@us.ibm.com
 X *
 X * Redistribution and use in source and binary forms, with or without
 X * modification, are permitted provided that the following conditions
 X * are met:
 X *
 X * 1. Redistributions of source code must retain the above copyright
 X *    notice, this list of conditions and the following disclaimer.
 X * 2. Redistributions in binary form must reproduce the above copyright
 X *    notice, this list of conditions and the following disclaimer in the
 X *    documentation and/or other materials provided with the distribution.
 X * 3. Neither the name of International Business Machines, Inc., nor the 
 X *    names of its contributors may be used to endorse or promote products 
 X *    derived from this software without specific prior written permission.
 X *
 X * THIS SOFTWARE IS PROVIDED BY INTERNATIONAL BUSINESS MACHINES, INC. AND
 X * CONTRIBUTORS ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, 
 X * BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS 
 X * FOR A PARTICULAR PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL 
 X * INTERNATIONAL BUSINESS MACHINES, INC. OR CONTRIBUTORS BE LIABLE
 X * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
 X * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
 X * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
 X * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
 X * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
 X * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 X * SUCH DAMAGE.
 X */
 /*
 **
 **	Utility "groupmem" adds and deletes members from a user's group.
 **	
 **	Setup (as "root"):
 **	
 **		groupadd -r groups 
 **		chmod 2770 groupmems
 **		chown root.groups groupmems
 **		groupmems -g groups -a gk4
 **	
 **	Usage (as "gk4"):
 **	
 **		groupmems -a olive
 **		groupmems -a jordan
 **		groupmems -a meghan
 **		groupmems -a morgan
 **		groupmems -a jake
 **		groupmems -l 
 **		groupmems -d jake
 **		groupmems -l 
 */
 X
 #include <stdio.h>
 #include <pwd.h>
 #include <grp.h>
 #include <sys/types.h>
 #include <sys/stat.h>
 #include <fcntl.h>
 #include "defines.h"
 #include "groupio.h"
 X
 /* Exit Status Values */
 X
 #define EXIT_SUCCESS		0	/* success */
 #define EXIT_USAGE		1	/* invalid command syntax */
 #define EXIT_GROUP_FILE		2	/* group file access problems */
 #define EXIT_NOT_ROOT		3	/* not superuser  */
 #define EXIT_NOT_EROOT		4	/* not effective superuser  */
 #define EXIT_NOT_PRIMARY	5	/* not primary owner of group  */
 #define EXIT_NOT_MEMBER		6	/* member of group does not exist */
 #define EXIT_MEMBER_EXISTS	7	/* member of group already exists */
 X
 #define TRUE 1
 #define FALSE 0
 X
 /* Globals */
 X
 extern int optind;
 extern char *optarg;
 static char *adduser = NULL;
 static char *deluser = NULL;
 static char *thisgroup = NULL;
 static int purge = FALSE;
 static int list = FALSE;
 static int exclusive = 0;
 X
 static int isroot(void) {
 X	return getuid() ? FALSE : TRUE;
 }
 X
 static int isgroup(void) {
 X	gid_t g = getgid();
 X	struct group *grp = getgrgid(g);
 X
 X	return TRUE;
 }
 X
 static char *whoami(void) {
 X	struct group *grp = getgrgid(getgid());
 X	struct passwd *usr = getpwuid(getuid());
 X
 X	if (0 == strcmp(usr->pw_name, grp->gr_name)) {
 X		return (char *)strdup(usr->pw_name);
 X	} else {
 X		return NULL;
 X	} 
 }
 X
 static void
 addtogroup(char *user, char **members) {
 X	int i;
 X	char **pmembers;
 X
 X	for (i = 0; NULL != members[i]; i++ ) {
 X		if (0 == strcmp(user, members[i])) {
 X			fprintf(stderr, "Member already exists\n");
 X			exit(EXIT_MEMBER_EXISTS);
 X		}
 X	}
 X
 X	if (0 == i) {
 X		pmembers = (char **)calloc(2, sizeof(char *));
 X	} else {
 X		pmembers = (char **)realloc(members, sizeof(char *)*(i+1));
 X	}
 X
 X	*members = *pmembers;
 X	members[i] = user;
 X	members[i+1] = NULL;
 }
 X
 static void
 rmfromgroup(char *user, char **members) {
 X	int i;
 X	int found = FALSE;
 X
 X	i = 0;
 X	while (!found && NULL != members[i]) {
 X		if (0 == strcmp(user, members[i])) {
 X			found = TRUE;
 X		} else {
 X			i++;
 X		}
 X	}
 X
 X	while (found && NULL != members[i]) {
 X		members[i] = members[++i];
 X	}
 X
 X	if (!found) {
 X		fprintf(stderr, "Member to remove could not be found\n");
 X		exit(EXIT_NOT_MEMBER);
 X	}
 }
 X
 static void
 nomembers(char **members) {
 X	int i;
 X
 X	for (i = 0; NULL != members[i]; i++ ) {
 X		members[i] = NULL;
 X	}
 }
 X
 static void
 members(char **members) {
 X	int i;
 X
 X	for (i = 0; NULL != members[i]; i++ ) {
 X		printf("%s ", members[i]);
 X
 X		if (NULL == members[i+1]) {
 X			printf("\n");
 X		} else {
 X			printf(" ");
 X		}
 X	}
 }
 X
 static void usage(void) {
 X	fprintf(stderr, "usage: groupmems -a username | -d username | -D | -l [-g groupname]\n");
 X	exit(EXIT_USAGE);
 }
 X
 main(int argc, char **argv) {
 X	int arg, i;
 X	char *name;
 X	struct group *grp;
 X
 X	while ((arg = getopt(argc, argv, "a:d:g:Dl")) != EOF) {
 X		switch (arg) {
 X		case 'a':
 X			adduser = strdup(optarg);
 X			++exclusive;
 X			break;
 X		case 'd':
 X			deluser = strdup(optarg);
 X			++exclusive;
 X			break;
 X		case 'g':
 X			thisgroup = strdup(optarg);
 X			break;
 X		case 'D':
 X			purge = TRUE;
 X			++exclusive;
 X			break;
 X		case 'l':
 X			list = TRUE;
 X			++exclusive;
 X			break;
 X		default:
 X			usage();
 X		}
 X	}
 X
 X	if (exclusive > 1 || optind < argc) {
 X		usage();
 X	}
 X
 X	if (!isroot() && NULL != thisgroup) {
 X		fprintf(stderr, "Only root can add members to different groups\n");
 X		exit(EXIT_NOT_ROOT);
 X	} else if (isroot() && NULL != thisgroup) {
 X		name = thisgroup;
 X	} else if (!isgroup()) {
 X		fprintf(stderr, "Group access is required\n");
 X		exit(EXIT_NOT_EROOT);
 X	} else if (NULL == (name = whoami())) {
 X		fprintf(stderr, "Not primary owner of current group\n");
 X		exit(EXIT_NOT_PRIMARY);
 X	}
 X
 X	if (!gr_lock()) {
 X		fprintf(stderr, "Unable to lock group file\n");
 X		exit(EXIT_GROUP_FILE);
 X	}
 X
 X	if (!gr_open(O_RDWR)) {
 X		fprintf(stderr, "Unable to open group file\n");
 X		exit(EXIT_GROUP_FILE);
 X	}
 X
 X	grp = (struct group *)gr_locate(name);
 X
 X	if (NULL != adduser) {
 X		addtogroup(adduser, grp->gr_mem);
 X		gr_update(grp);
 X	} else if (NULL != deluser) {
 X		rmfromgroup(deluser, grp->gr_mem);
 X		gr_update(grp);
 X	} else if (purge) {
 X		nomembers(grp->gr_mem);
 X		gr_update(grp);
 X	} else if (list) {
 X		members(grp->gr_mem);
 X	}
 X
 X	if (!gr_close()) {
 X		fprintf(stderr, "Cannot close group file\n");
 X		exit(EXIT_GROUP_FILE);
 X	}
 X
 X	gr_unlock();
 X
 X	exit(EXIT_SUCCESS);
 }
 X
 /* EOF */
 SHAR_EOF
  (set 20 00 05 25 14 36 38 'groupmems.c'; eval "$shar_touch") &&
  chmod 0644 'groupmems.c' ||
  $echo 'restore of' 'groupmems.c' 'failed'
  if ( md5sum --help 2>&1 | grep 'sage: md5sum \[' ) >/dev/null 2>&1 \
  && ( md5sum --version 2>&1 | grep -v 'textutils 1.12' ) >/dev/null; then
    md5sum -c << SHAR_EOF >/dev/null 2>&1 \
    || $echo 'groupmems.c:' 'MD5 check failed'
 f0dd68f8d762d89d24d3ce1f4141f981  groupmems.c
 SHAR_EOF
  else
    shar_count="`LC_ALL= LC_CTYPE= LANG= wc -c < 'groupmems.c'`"
    test 6348 -eq "$shar_count" ||
    $echo 'groupmems.c:' 'original size' '6348,' 'current size' "$shar_count!"
  fi
 fi
 # ============= groupmems.8 ==============
 if test -f 'groupmems.8' && test "$first_param" != -c; then
  $echo 'x -' SKIPPING 'groupmems.8' '(file already exists)'
 else
  $echo 'x -' extracting 'groupmems.8' '(text)'
  sed 's/^X//' << 'SHAR_EOF' > 'groupmems.8' &&
 X.\"
 X.\" Copyright 2000, International Business Machines, Inc.
 X.\" All rights reserved.
 X.\"
 X.\" original author: George Kraft IV, gk4@us.ibm.com
 X.\"
 X.\" Redistribution and use in source and binary forms, with or without
 X.\" modification, are permitted provided that the following conditions
 X.\" are met:
 X.\"
 X.\" 1. Redistributions of source code must retain the above copyright
 X.\"    notice, this list of conditions and the following disclaimer.
 X.\" 2. Redistributions in binary form must reproduce the above copyright
 X.\"    notice, this list of conditions and the following disclaimer in the
 X.\"    documentation and/or other materials provided with the distribution.
 X.\" 3. Neither the name of International Business Machines, Inc., nor the 
 X.\"    names of its contributors may be used to endorse or promote products 
 X.\"    derived from this software without specific prior written permission.
 X.\"
 X.\" THIS SOFTWARE IS PROVIDED BY INTERNATIONAL BUSINESS MACHINES, INC. AND
 X.\" CONTRIBUTORS ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, 
 X.\" BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS 
 X.\" FOR A PARTICULAR PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL 
 X.\" INTERNATIONAL BUSINESS MACHINES, INC. OR CONTRIBUTORS BE LIABLE
 X.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
 X.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
 X.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
 X.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
 X.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
 X.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 X.\" SUCH DAMAGE.
 X.\"
 X.\" $Id$
 X.\"
 X.TH GROUPMEMS 8
 X.SH NAME
 groupmems \- Administer members of a user's primary group
 X.SH SYNOPSIS
 X.B groupmems
 \fB-a\fI user_name \fR |
 \fB-d\fI user_name \fR |
 \fB-l\fR |
 \fB-D\fR |
 [\fB-g\fI group_name \fR]
 X.SH DESCRIPTION
 The \fBgroupmems\fR utility allows a user to administer his/her own
 group membership list without the requirement of superuser privileges.
 The \fBgroupmems\fR utility is for systems that configure its users to
 be in their own name sake primary group (i.e., guest / guest).
 X.P
 Only the superuser, as administrator, can use \fBgroupmems\fR to alter
 the memberships of other groups.
 X.IP "\fB-a \fIuser_name\fR"
 Add a new user to the group membership list.
 X.IP "\fB-d \fIuser_name\fR"
 Delete a user from the group membership list.
 X.IP "\fB-l\fR"
 List the group membership list.
 X.IP "\fB-D\fR"
 Delete all users from the group membership list.
 X.IP "\fB-g \fIgroup_name\fR"
 The superuser can specify which group membership list to modify.
 X.SH SETUP
 The \fBgroupmems\fR executable should be in mode \fB2770\fR as user \fBroot\fR
 and in group \fBgroups\fR.   The system administrator can add users to
 group groups to allow or disallow them using the  \fBgroupmems\fR utility
 to manager their own group membership list.
 X.P
 X     $ groupadd -r groups
 X.br
 X     $ chmod 2770 groupmems
 X.br
 X     $ chown root.groups groupmems
 X.br
 X     $ groupmems -g groups -a gk4
 X.SH FILES
 /etc/group
 X.br
 /etc/gshadow
 X.SH SEE ALSO
 X.BR chfn (1),
 X.BR chsh (1),
 X.BR useradd (8),
 X.BR userdel (8),
 X.BR usermod (8),
 X.BR passwd (1),
 X.BR groupadd (8),
 X.BR groupdel (8)
 X.SH AUTHOR
 George Kraft IV (gk4@us.ibm.com)
 X.\" EOF
 SHAR_EOF
  (set 20 00 05 25 14 38 23 'groupmems.8'; eval "$shar_touch") &&
  chmod 0600 'groupmems.8' ||
  $echo 'restore of' 'groupmems.8' 'failed'
  if ( md5sum --help 2>&1 | grep 'sage: md5sum \[' ) >/dev/null 2>&1 \
  && ( md5sum --version 2>&1 | grep -v 'textutils 1.12' ) >/dev/null; then
    md5sum -c << SHAR_EOF >/dev/null 2>&1 \
    || $echo 'groupmems.8:' 'MD5 check failed'
 181e6cd3a3c9d3df320197fa2cde2b4a  groupmems.8
 SHAR_EOF
  else
    shar_count="`LC_ALL= LC_CTYPE= LANG= wc -c < 'groupmems.8'`"
    test 3372 -eq "$shar_count" ||
    $echo 'groupmems.8:' 'original size' '3372,' 'current size' "$shar_count!"
  fi
 fi
 rm -fr _sh10937
 exit 0
@@ -0,0 +1,308 @@
 /*
 * pwdauth.c - program to verify a given username/password pair.
 *
 * Run it with username in argv[1] (may be omitted - default is the
 * current user), and send it the password over a pipe on stdin.
 * Exit status: 0 - correct password, 1 - wrong password, >1 - other
 * errors.  For use with shadow passwords, this program should be
 * installed setuid root.
 *
 * This can be used, for example, by xlock - you don't have to install
 * this large and complex (== possibly insecure) program setuid root,
 * just modify it to run this simple program to do the authentication.
 *
 * Recent versions (xlockmore-3.9) are cleaner, and drop privileges as
 * soon as possible after getting the user's encrypted password.
 * Using this program probably doesn't make it more secure, and has one
 * disadvantage: since we don't get the encrypted user's password at
 * startup (but at the time the user is authenticated), it is not clear
 * how we should handle errors (like getpwnam() returning NULL).
 * - fail the authentication?  Problem: no way to unlock (other than kill
 *   the process from somewhere else) if the NIS server stops responding.
 * - succeed and unlock?  Problem: it's too easy to unlock by unplugging
 *   the box from the network and waiting until NIS times out...
 *
 * This program is Copyright (C) 1996 Marek Michalkiewicz
 * <marekm@i17linuxb.ists.pwr.wroc.pl>.
 *
 * It may be used and distributed freely for any purposes.  There is no
 * warranty - use at your own risk.  I am not liable for any damages etc.
 * If you improve it, please send me your changes.
 */
 static char rcsid[] = "$Id$";
 /*
 * Define USE_SYSLOG to use syslog() to log successful and failed
 * authentication.  This should be safe even if your system has
 * the infamous syslog buffer overrun security problem...
 */
 #define USE_SYSLOG
 /*
 * Define HAVE_GETSPNAM to get shadow passwords using getspnam().
 * Some systems don't have getspnam(), but getpwnam() returns
 * encrypted passwords only if running as root.
 *
 * According to the xlock source (not tested, except Linux) -
 * define: Linux, Solaris 2.x, SVR4, ...
 * undef: HP-UX with Secured Passwords, FreeBSD, NetBSD, QNX.
 * Known not supported (yet): Ultrix, OSF/1, SCO.
 */
 #define HAVE_GETSPNAM
 /*
 * Define HAVE_PW_ENCRYPT to use pw_encrypt() instead of crypt().
 * pw_encrypt() is like the standard crypt(), except that it may
 * support better password hashing algorithms.
 *
 * Define if linking with libshadow.a from the shadow password
 * suite (Linux, SunOS 4.x?).
 */
 #undef HAVE_PW_ENCRYPT
 /*
 * Define HAVE_AUTH_METHODS to support the shadow suite specific
 * extension: the encrypted password field contains a list of
 * administrator defined authentication methods, separated by
 * semicolons.  This program only supports the standard password
 * authentication method (a string that doesn't start with '@').
 */
 #undef HAVE_AUTH_METHODS
 /*
 * FAIL_DELAY - number of seconds to sleep before exiting if the
 * password was wrong, to slow down password guessing attempts.
 */
 #define FAIL_DELAY 2
 /* No user-serviceable parts below :-).  */
 #include <stdio.h>
 #include <stdlib.h>
 #include <string.h>
 #include <sys/types.h>
 #include <sys/wait.h>
 #include <unistd.h>
 #include <pwd.h>
 #ifdef USE_SYSLOG
 #include <syslog.h>
 #ifndef LOG_AUTHPRIV
 #define LOG_AUTHPRIV LOG_AUTH
 #endif
 #endif
 #ifdef HAVE_GETSPNAM
 #include <shadow.h>
 #endif
 #ifdef HAVE_PW_ENCRYPT
 extern char *pw_encrypt();
 #define crypt pw_encrypt
 #endif
 /*
 * Read the password (one line) from fp.  We don't turn off echo
 * because we expect input from a pipe.
 */
 static char *
 get_line(fp)
 	FILE *fp;
 {
 	static char buf[128];
 	char *cp;
 	int ch;
 	cp = buf;
 	while ((ch = getc(fp)) != EOF && ch != '\0' && ch != '\n') {
 		if (cp >= buf + sizeof buf - 1)
 			break;
 		*cp++ = ch;
 	}
 	*cp = '\0';
 	return buf;
 }
 /*
 * Get the password file entry for the current user.  If the name
 * returned by getlogin() is correct (matches the current real uid),
 * return the entry for that user.  Otherwise, return the entry (if
 * any) matching the current real uid.  Return NULL on failure.
 */
 static struct passwd *
 get_my_pwent()
 {
 	uid_t uid = getuid();
 	char *name = getlogin();
 	if (name && *name) {
 		struct passwd *pw = getpwnam(name);
 		if (pw && pw->pw_uid == uid)
 			return pw;
 	}
 	return getpwuid(uid);
 }
 /*
 * Verify the password.  The system-dependent shadow support is here.
 */
 static int
 password_auth_ok(pw, pass)
 	const struct passwd *pw;
 	const char *pass;
 {
 	int result;
 	char *cp;
 #ifdef HAVE_AUTH_METHODS
 	char *buf;
 #endif
 #ifdef HAVE_GETSPNAM
 	struct spwd *sp;
 #endif
 	if (pw) {
 #ifdef HAVE_GETSPNAM
 		sp = getspnam(pw->pw_name);
 		if (sp)
 			cp = sp->sp_pwdp;
 		else
 #endif
 			cp = pw->pw_passwd;
 	} else
 		cp = "xx";
 #ifdef HAVE_AUTH_METHODS
 	buf = strdup(cp);  /* will be modified by strtok() */
 	if (!buf) {
 		fprintf(stderr, "Out of memory.\n");
 		exit(13);
 	}
 	cp = strtok(buf, ";");
 	while (cp && *cp == '@')
 		cp = strtok(NULL, ";");
 	/* fail if no password authentication for this user */
 	if (!cp)
 		cp = "xx";
 #endif
 	if (*pass || *cp)
 		result = (strcmp(crypt(pass, cp), cp) == 0);
 	else
 		result = 1;  /* user with no password */
 #ifdef HAVE_AUTH_METHODS
 	free(buf);
 #endif
 	return result;
 }
 /*
 * Main program.
 */
 int
 main(argc, argv)
 	int argc;
 	char **argv;
 {
 	struct passwd *pw;
 	char *pass, *name;
 	char myname[32];
 #ifdef USE_SYSLOG
 	openlog("pwdauth", LOG_PID | LOG_CONS, LOG_AUTHPRIV);
 #endif
 	pw = get_my_pwent();
 	if (!pw) {
 #ifdef USE_SYSLOG
 		syslog(LOG_ERR, "can't get login name for uid %d.\n",
 		       (int) getuid());
 #endif
 		fprintf(stderr, "Who are you?\n");
 		exit(2);
 	}
 	strncpy(myname, pw->pw_name, sizeof myname - 1);
 	myname[sizeof myname - 1] = '\0';
 	name = myname;
 	if (argc > 1) {
 		name = argv[1];
 		pw = getpwnam(name);
 	}
 	pass = get_line(stdin);
 	if (password_auth_ok(pw, pass)) {
 #ifdef USE_SYSLOG
 		syslog(pw->pw_uid ? LOG_INFO : LOG_NOTICE,
 		       "user `%s' entered correct password for `%.32s'.\n",
 		       myname, name);
 #endif
 		exit(0);
 	}
 #ifdef USE_SYSLOG
 	/* be careful not to overrun the syslog buffer */
 	syslog((!pw || pw->pw_uid) ? LOG_NOTICE : LOG_WARNING,
 	       "user `%s' entered incorrect password for `%.32s'.\n",
 	       myname, name);
 #endif
 #ifdef FAIL_DELAY
 	sleep(FAIL_DELAY);
 #endif
 	fprintf(stderr, "Wrong password.\n");
 	exit(1);
 }
 #if 0
 /*
 * You can use code similar to the following to run this program.
 * Return values: >=0 - program exit status (use the <sys/wait.h>
 * macros to get the exit code, it is shifted left by 8 bits),
 * -1 - check errno.
 */
 int
 verify_password(const char *username, const char *password)
 {
 	int pipe_fd[2];
 	int pid, wpid, status;
 	if (pipe(pipe_fd))
 		return -1;
 	if ((pid = fork()) == 0) {
 		char *arg[3];
 		char *env[1];
 		/* child */
 		close(pipe_fd[1]);
 		if (pipe_fd[0] != 0) {
 			if (dup2(pipe_fd[0], 0) != 0)
 				_exit(127);
 			close(pipe_fd[0]);
 		}
 		arg[0] = "/usr/bin/pwdauth";
 		arg[1] = username;
 		arg[2] = NULL;
 		env[0] = NULL;
 		execve(arg[0], arg, env);
 		_exit(127);
 	} else if (pid == -1) {
 		/* error */
 		close(pipe_fd[0]);
 		close(pipe_fd[1]);
 		return -1;
 	}
 	/* parent */
 	close(pipe_fd[0]);
 	write(pipe_fd[1], password, strlen(password));
 	write(pipe_fd[1], "\n", 1);
 	close(pipe_fd[1]);
 	while ((wpid = wait(&status)) != pid) {
 		if (wpid == -1)
 			return -1;
 	}
 	return status;
 }
 #endif
@@ -0,0 +1,147 @@
 Hello Marek,
 I have created a diffile against the 980403 release that adds
 functionality to newusers for automatic handling of users with only
 anonomous ftp login (using the guestgroup feature in ftpaccess, which
 means that the users home directory looks like '/home/user/./'). It also
 adds a commandline argument to specify an initial directory structure
 for such users, with a tarball normally containing the bin,lib,etc
 directories used in the chrooted environment.
 I am using it to automatically create chunks of users with only ftp
 access for a webserver.
 I have tried to follow your coding standards and I believe it is bug
 free but.. well, who knows. :) It's not much code however.
 I hope you find it useful. Do what you like with it, feel free to ask if
 anything is unclear.
 Best rgds,
  Calle Karlsson
  ckn@kash.se
 diff -uNr shadow-980403.orig/src/newusers.c shadow-980403/src/newusers.c
 --- shadow-980403.orig/src/newusers.c	Fri Jan 30 00:22:43 1998
 +++ shadow-980403/src/newusers.c	Fri Apr 17 16:55:33 1998
@@ -76,11 +76,35 @@
 static void
 usage(void)
 {
 -	fprintf(stderr, "Usage: %s [ input ]\n", Prog);
 +	fprintf (stderr, "Usage: %s [-p prototype tarfile] [ input ]\n", Prog);
 +	fprintf (stderr, "The prototype tarfile is only used for users\n");
 +	fprintf (stderr, "marked as anonymous ftp users. It must be a full pathname.\n");
 	exit(1);
 }
 /*
 + * createuserdir - create a directory and chmod it
 + */
 +
 +static int
 +createuserdir (char * dir, int uid, int gid, int line)
 +{
 +	if (mkdir (dir, 0777 & ~getdef_num("UMASK", 077))) {
 +		fprintf (stderr, "%s: line %d: mkdir %s failed\n",
 +			 Prog, line, dir);
 +		return -1;
 +	}
 +
 +	if (chown (dir, uid, gid)) {
 +		fprintf (stderr, "%s: line %d: chown %s failed\n",
 +			 Prog, line, dir);
 +		return -1;
 +	}
 +
 +	return 0;
 +}
 +
 +/*
  * add_group - create a new group or add a user to an existing group
  */
@@ -328,6 +352,8 @@
 main(int argc, char **argv)
 {
 	char	buf[BUFSIZ];
 +	char	anonproto[BUFSIZ];
 +	int	flag;
 	char	*fields[8];
 	int	nfields;
 	char	*cp;
@@ -340,12 +366,23 @@
 	Prog = Basename(argv[0]);
 -	if (argc > 1 && argv[1][0] == '-')
 -		usage ();
 +	* anonproto = '\0';
 +
 +	while ((flag = getopt (argc, argv, "p:h")) != EOF) {
 +		switch (flag) {
 +		case 'p':
 +			STRFCPY(anonproto, optarg);
 +			break;
 +		case 'h':
 +		default:
 +			usage ();
 +			break;
 +		}
 +	}
 -	if (argc == 2) {
 -		if (! freopen (argv[1], "r", stdin)) {
 -			snprintf(buf, sizeof buf, "%s: %s", Prog, argv[1]);
 +	if (optind < argc) {
 +		if (! freopen (argv[optind], "r", stdin)) {
 +			snprintf(buf, sizeof buf, "%s: %s", Prog, argv[optind]);
 			perror (buf);
 			exit (1);
 		}
@@ -499,15 +536,36 @@
 		if (fields[6][0])
 			newpw.pw_shell = fields[6];
 -		if (newpw.pw_dir[0] && access(newpw.pw_dir, F_OK)) {
 -			if (mkdir (newpw.pw_dir,
 -					0777 & ~getdef_num("UMASK", 077)))
 -				fprintf (stderr, "%s: line %d: mkdir failed\n",
 -					Prog, line);
 -			else if (chown (newpw.pw_dir,
 -					newpw.pw_uid, newpw.pw_gid))
 -				fprintf (stderr, "%s: line %d: chown failed\n",
 -					Prog, line);
 +		if (newpw.pw_dir[0]) {
 +		        char * userdir = strdup (newpw.pw_dir);
 +			char * anonpart;
 +			int rc;
 +
 +			if ((anonpart = strstr (userdir, "/./"))) {
 +			        * anonpart = '\0';
 +				anonpart += 2;
 +			}
 +			
 +			if (access(userdir, F_OK))
 +				rc = createuserdir (userdir, newpw.pw_uid, newpw.pw_gid, line);
 +			else
 +				rc = 0;
 +
 +			if (rc == 0 && anonpart) {
 +				if (* anonproto) {
 +					char cmdbuf [BUFSIZ];
 +					snprintf(cmdbuf, sizeof cmdbuf,
 +						 "cd %s; tar xf %s",
 +						 userdir, anonproto);
 +					system (cmdbuf);
 +				}
 +				if (strlen (anonpart) > 1) {
 +					strcat (userdir, anonpart);
 +					if (access (userdir, F_OK))
 +						createuserdir (userdir, newpw.pw_uid, newpw.pw_gid, line);
 +				}
 +			}
 +			free (userdir);
 		}
 		/*
@@ -471,12 +471,12 @@
  The Shadow Suite contains replacement programs for:
-  su, login, passwd, newgrp, chfn, chsh
+  su, login, passwd, newgrp, chfn, chsh, and id
  The package also contains the new programs:
  chage, newusers, dpasswd, gpasswd, useradd, userdel, usermod,
-  groupadd, groupdel, groupmod, pwck, grpck, lastlog, pwconv,
+  groupadd, groupdel, groupmod, groups, pwck, grpck, lastlog, pwconv,
  and pwunconv
  Additionally, the library: libshadow.a is included for writing and/or
@@ -586,6 +586,8 @@
  ·  /usr/bin/chsh
  ·  /usr/bin/id
  The BETA package has a save target in the Makefile, but it's commented
  out because different distributions place the programs in different
  places.
@@ -635,6 +637,8 @@
  ·  /usr/man/man1/chsh.1.gz
  ·  /usr/man/man1/id.1.gz
  ·  /usr/man/man1/login.1.gz
  ·  /usr/man/man1/passwd.1.gz
@@ -1307,7 +1311,7 @@
  This means that fred's password is valid, it was last changed on
  03/04/96, it can be changed at any time, it expires after 60 days,
-  fred will not be warned, and the account won't be disabled when
+  fred will not be warned, and and the account won't be disabled when
  the password expires.
  This simply means that if fred logs in after the password expires, he
@@ -1373,7 +1377,7 @@
  users or changing the group password, the /etc/gshadow file will be
  changed.
-  The programs groupadd, groupmod, and groupdel are provided as
+  The programs groups, groupadd, groupmod, and groupdel are provided as
  part of the Shadow Suite to modify groups.
  The format of the /etc/group file is as follows:
@@ -1483,7 +1487,7 @@
  If a user logs into a line that is listed in /etc/dialups, and his
  shell is listed in the file /etc/d_passwd he will be allowed access
-  only by supplying the correct password.
+  only by suppling the correct password.
  Another useful purpose for using dial-up passwords might be to setup a
  line that only allows a certain type of connect (perhaps a PPP or UUCP
@@ -1,4 +1,5 @@
 # This is a dummy Makefile.am to get automake work flawlessly,
 # and also cooperate to make a distribution for `make dist'
-EXTRA_DIST = HOWTO README.limits
+EXTRA_DIST = HOWTO README.limits \
    README.platforms WISHLIST console.c.spec.txt cracklib26.diff
@@ -15,7 +15,7 @@ Changes:
 		- code merged into lmain.c --cristiang
 TODO:	- support groups in the limits file
-	  (only usernames are supported at this moment :-( )
+	  (only usernames are supported at this momment :-( )
 Setting user limits for shadow login program
@@ -63,3 +63,4 @@ To completely disable limits for a user, a single dash (-) will do.
 Also, please note that all limit settings are set PER LOGIN.  They are
 not global, nor are they permanent.  Perhaps global limits will come, but
 for now this will have to do ;)
@@ -0,0 +1,33 @@
 # $Id$
 #
 # This is the current (still incomplete) list of platforms this
 # package has been verified to work on.  Additions (preferably
 # in the format as described below) are welcome.  Thanks!
 # 
 # V: last version reported to work
 # H: host type
 # L: Linux libc version
 # D: Linux distribution, or other OS name and version
 # C: changes (if any)
 # R: reported by
 V: 980529
 H: sparc-unknown-linux-gnu
 L: glibc-2.0.7
 D: Ultrapenguin-1.0.9
 C: had to explicitly disable desrpc.
 R: Bjorn Christianson <bjorn@cascade.psychology.mcmaster.ca>
 V: 980724
 H: i486-pc-linux-gnulibc1
 L: libc-5.4.33
 D: Debian-1.3.1.r6
 C: none (use dpkg-buildpackage)
 R: Marek Michalkiewicz <marekm@linux.org.pl>
 V: current
 H: i686-pc-linux-gnu
 L: glibc-2.0.7.19981211
 D: Debian-2.1
 C: none (use dpkg-buildpackage)
 R: Marek Michalkiewicz <marekm@linux.org.pl>
@@ -1,4 +0,0 @@
 # S/Key support
 shadow-utils can be built with S/Key support using the S/Key package from:
 * http://cvsweb.netbsd.org/bsdweb.cgi/src/lib/libskey/ or
 * https://gentoo.osuosl.org/distfiles/skey-1.1.5.tar.bz2
@@ -0,0 +1,42 @@
 $Id$
 This is my wishlist for the shadow suite, in no particular order.  Feel
 free to do anything from this list and mail me the diffs :-).
 Patches in diff -u format, against the latest version (sometimes in the
 "beta" directory) are preferred and make my job easier.  Please, no
 MIME, base64, quoted-printable, or HTML.  For very big patches, or if
 your mailer can corrupt them, please use gzip and uuencode.  Thanks!
 New ideas to add to this list are welcome, too.  --marekm
 - fix all the bugs, of course
 - implement "su only" accounts (no logins, only su from other account)
 - rewrite getdef.c to be more general? (no hardcoded names)
 - patch for rlogind/telnetd to create utmp entry and fill in ut_addr
 - option to specify encrypted password in passwd (for yppasswdd, so it
  doesn't need to know about shadow/non-shadow); should probably use a pipe
  (less insecure than command line arguments)
 - add support for changing NIS passwords
 - add option to check passwords by piping them to external programs
 - add functionality of the contrib/rpasswd.c wrapper to passwd
 - option to generate pronounceable passwords (like on SCO), external program?
 - poppassd (remote password change for eudora etc.)
 - add support for passwd/shadow db files (glibc)
 - vipw: check password files for errors after editing
 - add "maximum time users allowed to stay logged in" limit option to logoutd
 - handle quotes in /etc/environment like the shell does (but sshd doesn't...)
 - better utmpx support (logoutd, ...)
 - better OPIE support (report number of logins left, etc.)
 - new option for /etc/suauth: don't load user's environment (force "su -")
  suggested by Ulisses Alonso Camaro
 - find out why recent releases won't compile on Solaris
 - newusers UID/GID selection algorithm should be the same as useradd
  (and use UID_MIN, UID_MAX from login.defs)
 - newusers should be able to copy /etc/skel to the new home directory
  (like useradd)
 - add directories where other packages can add hooks for package-specific
  per-user configuration, to be executed with run-parts. Some hooks should
  be executed at package install time for existing users, likewise for
  package removal and possibly modification.  (Debian Bug#36019)
@@ -0,0 +1,36 @@
 $Id$
 Specification for console.c source file --
 input values --
 	tty -- character pointer to device name with leading "/dev/"
 	       removed.
 return values --
 	0 -- false
 	1 -- true
 int console (char * tty)
 	if "CONSOLE" string value is not present in login.defs
 		return true
 	if the first character of "CONSOLE" string value is not "/"
 		treat the string as a ":" delimited list of device
 		names and search for the value of tty in that
 		tokenized list.
 		if a match is found
 			return true
 		return false
 	if the file named by "CONSOLE" cannot be opened
 		return true
 	scan the file looking for a match between the input line
 	and the value of tty
 	if a match is found
 		return true
 	return false
@@ -1,75 +0,0 @@
 # Build & install
 The following page explains how to build and install the shadow project.
 Additional information on how to do this in a container environment is provided
 at the end of the page.
 ## Local
 ### Dependency installation
 This projects depends on other software packages that need to be installed
 before building it. We recommend using the dependency installation commands
 provided by the distributions to install them. Some examples below.
 Debian:
 ```
 apt-get build-dep shadow
 ```
 Fedora:
 ```
 dnf builddep shadow-utils
 ```
 An alternative would be to take a look at the CI workflow [file](../../.github/workflows/runner.yml)
 and get the package names from there. This has the advantage that it
 also includes new dependencies needed for the development version
 which might have not been present in the last release.
 ### Configure
 The first step is to configure it. You can use the
 `autogen.sh` script provided by the project. Example:
 ```
 ./autogen.sh --without-selinux --enable-man --with-yescrypt
 ```
 ### Build
 The next step is to build the project:
 ```
 make -j4
 ```
 ### Install
 The last step is to install it. We recommend avoiding this step and using a
 disposable system like a VM or a container instead.
 ```
 make install
 ```
 ## Containers
 Alternatively, you can use any of the preconfigured container images builders
 to build and install shadow.
 You can either generate a single image by running the following command from
 the root folder of the project (i.e. Alpine):
 ```
 ansible-playbook share/ansible/playbook.yml -i share/ansible/inventory.ini -e 'distribution=alpine'
 ```
 **Note**: you'll need to install ansible to run this automation.
 Or generate all of the images with the `container-build.sh` script, as if you
 were running some of the CI checks locally:
 ```
 share/container-build.sh
 ```
@@ -1,25 +0,0 @@
 # Continuous Integration (CI)
 Shadow runs a CI workflow every time a pull-request (PR) is updated. This
 workflow contains several checks to assure the quality of the project, and
 only pull-requests with green results are merged.
 ## Build & install
 The project is built & installed on Ubuntu, Alpine, Debian and Fedora. The last
 three distributions are built & installed on containers, and the workflow can
 be triggered locally by following the instructions specified in the
 [Build & install](build_install.md#containers) page.
 ## System tests
 The project is tested on Ubuntu. For that purpose it is built & installed in
 this distribution in a VM. You can run this step locally by following the
 instructions provided in the [Tests](tests.md#system-tests) page.
 ## Static code analysis
 C and shell static code analysis is also executed. For that purpose
 [CodeQL](https://codeql.github.com/) and
 [Differential ShellCheck](https://github.com/marketplace/actions/differential-shellcheck)
 are used.
@@ -1,12 +0,0 @@
 # Coding style
 * For a general guidance refer to the
 [Linux kernel coding style](https://www.kernel.org/doc/html/latest/process/coding-style.html)
 * Patches that change the existing coding style are not welcome, as they make
 downstream porting harder for the distributions
 ## Indentation
 Tabs are preferred over spaces for indentation. Loading the `.editorconfig`
 file in your preferred IDE may help you configure it.
@@ -1,77 +0,0 @@
 # Introduction
 ## Git and Github
 We recommend you to get familiar with the
 [git](https://guides.github.com/introduction/git-handbook) and
 [Github](https://guides.github.com) workflows before posting any changes.
 ### Set up in a nut shell
 The following steps describe the process in a nut shell to provide you a basic
 template:
 * Create an account on [GitHub](https://github.com)
 * Fork the [shadow repository](https://github.com/shadow-maint/shadow)
 * Clone the shadow repository
 ```
 git clone https://github.com/shadow-maint/shadow.git
 ```
 * Add your fork as an extra remote
 ```
 git remote add $ghusername git@github.com:$ghusername/shadow.git
 ```
 * Setup your name contact e-mail that you want to use for the development
 ```
 git config user.name "John Smith"
 git config user.email "john.smith@home.com"
 ```
 **Note**: this will setup the user information only for this repository. You
 can also add `--global` switch to the `git config` command to setup these
 options globally and thus making them available in every git repository.
 * Create a working branch
 ```
 git checkout -b my-changes
 ```
 * Commit changes
 ```
 vim change-what-you-need
 git commit -s
 ```
 Check
 [the kernel patches guide](https://www.kernel.org/doc/html/v4.14/process/submitting-patches.html#describe-your-changes)
 to get an idea on how to write a good commit message.
 * Push your changes to your GitHub repository
 ```
 git push $ghusername my-changes --force
 ```
 * Open a Pull Request against shadow project by clicking on the link provided
 in the output of the previous step
 * Make sure that all Continuous Integration checks are green and wait review
 ## Internal guidelines
 Additionally, you should also check the following internal guidelines to
 understand the project's development model:
 * [Build & install](build_install.md)
 * [Coding style](coding_style.md)
 * [Tests](tests.md)
 * [Continuous Integration](ci.md)
 * [Releases](releases.md)
 * [License](license.md)
@@ -1,10 +0,0 @@
 # License
 All new source code committed to the shadow project is assumed to be made
 available under the [BSD-3-Clause](../../COPYING) license unless the submitter
 specifies another license at that time. The shadow maintainers reserve the
 right to refuse a submission if the license is deemed incompatible with the
 goals of the project.
 **Note**: old code may be made available under another license, check the
 license tag for each file to get additional information.
@@ -1,7 +0,0 @@
 # Releases
 The shadow project doesn't follow any specific timeline to release new software
 versions. Usually, they are released when a major milestone is finished.
 Released source code, alongside the release notes, are provided in the
 [release Github page](https://github.com/shadow-maint/shadow/releases).
@@ -1,34 +0,0 @@
 # Tests
 Currently, shadow provides unit and system tests.
 ## Unit tests
 Unit testing is provided by the [cmocka](https://cmocka.org/) framework. It's
 recommended to read the
 [basics](https://cmocka.org/talks/cmocka_unit_testing_and_mocking.pdf) and
 [API](https://api.cmocka.org/) before writing any test case.
 In addition, you can check [test_logind.c](../../tests/unit/test_logind.c) to
 get a general idea on how to implement unit tests for shadow using cmocka.
 You can execute unit tests by running:
 ```
 make check
 ```
 ## System tests
 These type of tests are written in shell. Unfortunately, the testing framework
 is tightly coupled to the Ubuntu distribution and it can only be run in this
 distribution. Besides, if anything fails during the execution the system can
 be left in an unstable state. Taking that into account you shouldn't run this
 workflow in your host machine, we recommend to use a disposable system like a
 VM or a container instead.
 You can execute system tests by running:
 ```
 cd tests && ./run_all`.
 ```
@@ -0,0 +1,340 @@
 diff -ur orig/cracklib26_small/cracklib/fascist.c cracklib26_small/cracklib/fascist.c
 --- orig/cracklib26_small/cracklib/fascist.c	Mon Dec 15 02:56:55 1997
 +++ cracklib26_small/cracklib/fascist.c	Sat Apr  4 22:14:45 1998
@@ -12,6 +12,7 @@
 #include <ctype.h>
 #include <sys/types.h>
 #include <pwd.h>
 +#include <string.h>
 #define ISSKIP(x) (isspace(x) || ispunct(x))
@@ -460,28 +461,27 @@
 }
 char *
 -FascistGecos(password, uid)
 +FascistGecosPw(password, pwd)
     char *password;
 -    int uid;
 +    struct passwd *pwd;
 {
     int i;
     int j;
     int wc;
     char *ptr;
 -    struct passwd *pwp;
     char gbuffer[STRINGSIZE];
     char tbuffer[STRINGSIZE];
     char *uwords[STRINGSIZE];
     char longbuffer[STRINGSIZE * 2];
 -    if (!(pwp = getpwuid(uid)))
 +    if (!pwd)
     {
 	return ("you are not registered in the password file");
     }
     /* lets get really paranoid and assume a dangerously long gecos entry */
 -    strncpy(tbuffer, pwp->pw_name, STRINGSIZE);
 +    strncpy(tbuffer, pwd->pw_name, STRINGSIZE);
     tbuffer[STRINGSIZE-1] = '\0';
     if (GTry(tbuffer, password))
     {
@@ -490,12 +490,13 @@
     /* it never used to be that you got passwd strings > 1024 chars, but now... */
 -    strncpy(tbuffer, pwp->pw_gecos, STRINGSIZE);
 +    strncpy(tbuffer, pwd->pw_gecos, STRINGSIZE);
     tbuffer[STRINGSIZE-1] = '\0';
     strcpy(gbuffer, Lowercase(tbuffer));
     wc = 0;
     ptr = gbuffer;
 +    uwords[0] = (char *) 0;
     while (*ptr)
     {
@@ -530,6 +531,8 @@
 	    *(ptr++) = '\0';
 	}
     }
 +    if (!uwords[0])
 +	return ((char *) 0);  /* empty gecos */
 #ifdef DEBUG
     for (i = 0; uwords[i]; i++)
     {
@@ -586,9 +589,10 @@
 }
 char *
 -FascistLook(pwp, instring)
 +FascistLookPw(pwp, instring, pwd)
     PWDICT *pwp;
     char *instring;
 +    struct passwd *pwd;
 {
     int i;
     char *ptr;
@@ -667,7 +671,7 @@
 	return ("it looks like a National Insurance number.");
     }
 -    if (ptr = FascistGecos(password, getuid()))
 +    if (ptr = FascistGecosPw(password, pwd ? pwd : getpwuid(getuid())))
     {
 	return (ptr);
     }
@@ -715,9 +719,10 @@
 }
 char *
 -FascistCheck(password, path)
 +FascistCheckPw(password, path, pwd)
     char *password;
     char *path;
 +    struct passwd *pwd;
 {
     static char lastpath[STRINGSIZE];
     static PWDICT *pwp;
@@ -750,5 +755,29 @@
 	strncpy(lastpath, path, STRINGSIZE);
     }
 -    return (FascistLook(pwp, pwtrunced));
 +    return (FascistLookPw(pwp, pwtrunced, pwd));
 +}
 +
 +char *
 +FascistGecos(password, uid)
 +    char *password;
 +    int uid;
 +{
 +    return (FascistGecosPw(password, getpwuid(uid)));
 +}
 +
 +char *
 +FascistLook(pwp, instring)
 +    PWDICT *pwp;
 +    char *instring;
 +{
 +    return (FascistLookPw(pwp, instring, (char *) 0));
 +}
 +
 +char *
 +FascistCheck(password, path)
 +    char *password;
 +    char *path;
 +{
 +    return (FascistCheckPw(password, path, (char *) 0));
 }
 diff -ur orig/cracklib26_small/cracklib/packer.h cracklib26_small/cracklib/packer.h
 --- orig/cracklib26_small/cracklib/packer.h	Mon Dec 15 00:09:30 1997
 +++ cracklib26_small/cracklib/packer.h	Sat Jan 10 22:13:46 1998
@@ -34,6 +34,7 @@
     FILE *dfp;
     FILE *wfp;
 +    int canfree;
     int32 flags;
 #define PFOR_WRITE	0x0001
 #define PFOR_FLUSH	0x0002
 diff -ur orig/cracklib26_small/cracklib/packlib.c cracklib26_small/cracklib/packlib.c
 --- orig/cracklib26_small/cracklib/packlib.c	Fri Jul  9 22:22:58 1993
 +++ cracklib26_small/cracklib/packlib.c	Sat Jan 10 22:28:49 1998
@@ -16,7 +16,7 @@
     char *mode;
 {
     int32 i;
 -    static PWDICT pdesc;
 +    PWDICT *pdesc;
     char iname[STRINGSIZE];
     char dname[STRINGSIZE];
     char wname[STRINGSIZE];
@@ -25,92 +25,94 @@
     FILE *ifp;
     FILE *wfp;
 -    if (pdesc.header.pih_magic == PIH_MAGIC)
 -    {
 -	fprintf(stderr, "%s: another dictionary already open\n", prefix);
 +    if ((pdesc = (PWDICT *) malloc(sizeof(PWDICT))) == 0)
 	return ((PWDICT *) 0);
 -    }
 -    memset(&pdesc, '\0', sizeof(pdesc));
 +    memset(pdesc, '\0', sizeof(*pdesc));
     sprintf(iname, "%s.pwi", prefix);
     sprintf(dname, "%s.pwd", prefix);
     sprintf(wname, "%s.hwm", prefix);
 -    if (!(pdesc.dfp = fopen(dname, mode)))
 +    if (!(pdesc->dfp = fopen(dname, mode)))
     {
 	perror(dname);
 +	free(pdesc);
 	return ((PWDICT *) 0);
     }
 -    if (!(pdesc.ifp = fopen(iname, mode)))
 +    if (!(pdesc->ifp = fopen(iname, mode)))
     {
 -	fclose(pdesc.dfp);
 +	fclose(pdesc->dfp);
 	perror(iname);
 +	free(pdesc);
 	return ((PWDICT *) 0);
     }
 -    if (pdesc.wfp = fopen(wname, mode))
 +    if (pdesc->wfp = fopen(wname, mode))
     {
 -	pdesc.flags |= PFOR_USEHWMS;
 +	pdesc->flags |= PFOR_USEHWMS;
     }
 -    ifp = pdesc.ifp;
 -    dfp = pdesc.dfp;
 -    wfp = pdesc.wfp;
 +    ifp = pdesc->ifp;
 +    dfp = pdesc->dfp;
 +    wfp = pdesc->wfp;
     if (mode[0] == 'w')
     {
 -	pdesc.flags |= PFOR_WRITE;
 -	pdesc.header.pih_magic = PIH_MAGIC;
 -	pdesc.header.pih_blocklen = NUMWORDS;
 -	pdesc.header.pih_numwords = 0;
 +	pdesc->flags |= PFOR_WRITE;
 +	pdesc->header.pih_magic = PIH_MAGIC;
 +	pdesc->header.pih_blocklen = NUMWORDS;
 +	pdesc->header.pih_numwords = 0;
 -	fwrite((char *) &pdesc.header, sizeof(pdesc.header), 1, ifp);
 +	fwrite((char *) &pdesc->header, sizeof(pdesc->header), 1, ifp);
     } else
     {
 -	pdesc.flags &= ~PFOR_WRITE;
 +	pdesc->flags &= ~PFOR_WRITE;
 -	if (!fread((char *) &pdesc.header, sizeof(pdesc.header), 1, ifp))
 +	if (!fread((char *) &pdesc->header, sizeof(pdesc->header), 1, ifp))
 	{
 	    fprintf(stderr, "%s: error reading header\n", prefix);
 -	    pdesc.header.pih_magic = 0;
 +	    pdesc->header.pih_magic = 0;
 	    fclose(ifp);
 	    fclose(dfp);
 +	    free(pdesc);
 	    return ((PWDICT *) 0);
 	}
 -	if (pdesc.header.pih_magic != PIH_MAGIC)
 +	if (pdesc->header.pih_magic != PIH_MAGIC)
 	{
 	    fprintf(stderr, "%s: magic mismatch\n", prefix);
 -	    pdesc.header.pih_magic = 0;
 +	    pdesc->header.pih_magic = 0;
 	    fclose(ifp);
 	    fclose(dfp);
 +	    free(pdesc);
 	    return ((PWDICT *) 0);
 	}
 -	if (pdesc.header.pih_blocklen != NUMWORDS)
 +	if (pdesc->header.pih_blocklen != NUMWORDS)
 	{
 	    fprintf(stderr, "%s: size mismatch\n", prefix);
 -	    pdesc.header.pih_magic = 0;
 +	    pdesc->header.pih_magic = 0;
 	    fclose(ifp);
 	    fclose(dfp);
 +	    free(pdesc);
 	    return ((PWDICT *) 0);
 	}
 -	if (pdesc.flags & PFOR_USEHWMS)
 +	if (pdesc->flags & PFOR_USEHWMS)
 	{
 -	    if (fread(pdesc.hwms, 1, sizeof(pdesc.hwms), wfp) != sizeof(pdesc.hwms))
 +	    if (fread(pdesc->hwms, 1, sizeof(pdesc->hwms), wfp) != sizeof(pdesc->hwms))
 	    {
 -		pdesc.flags &= ~PFOR_USEHWMS;
 +		pdesc->flags &= ~PFOR_USEHWMS;
 	    }
 	}
     }
 -
 -    return (&pdesc);
 +    pdesc->canfree = 1;
 +    return (pdesc);
 }
 int
@@ -159,8 +161,13 @@
     fclose(pwp->ifp);
     fclose(pwp->dfp);
 +    if (pwp->wfp)
 +	fclose(pwp->wfp);
 -    pwp->header.pih_magic = 0;
 +    if (pwp->canfree)
 +	free(pwp);
 +    else
 +	pwp->header.pih_magic = 0;
     return (0);
 }
@@ -307,6 +314,11 @@
     register char *this;
     int idx;
 +/*
 + * comment in npasswd-2.0beta4 says this:
 + * This does not work under all circumstances, so don't bother
 + */
 +#if 0
     if (pwp->flags & PFOR_USEHWMS)
     {
 	idx = string[0] & 0xff;
@@ -317,6 +329,10 @@
     	lwm = 0;
     	hwm = PW_WORDS(pwp) - 1;
     }
 +#else
 +    lwm = 0;
 +    hwm = PW_WORDS(pwp);
 +#endif
 #ifdef DEBUG
     printf("---- %lu, %lu ----\n", lwm, hwm);
 diff -ur orig/cracklib26_small/util/mkdict cracklib26_small/util/mkdict
 --- orig/cracklib26_small/util/mkdict	Fri Jul  9 22:23:03 1993
 +++ cracklib26_small/util/mkdict	Sat Apr  4 22:31:45 1998
@@ -14,9 +14,16 @@
 SORT="sort"
 ###SORT="sort -T /tmp"
 -cat $* |
 +### Use zcat to read compressed (as well as uncompressed) dictionaries.
 +### Compressed dictionaries can save quite a lot of disk space.
 +
 +CAT="gzip -cdf"
 +###CAT="zcat"
 +###CAT="cat"
 +
 +$CAT $* |
 	tr '[A-Z]' '[a-z]' |
 -	tr -cd '[\012a-z0-9]' |
 +	tr -cd '\012[a-z][0-9]' |
 	$SORT |
 	uniq |
 	grep -v '^#' |
@@ -4,7 +4,8 @@
 sysconf_DATA = login.defs
 defaultdir = $(sysconfdir)/default
-default_DATA =
+default_DATA = \
 	useradd
 nonpam_files = \
 	limits \
@@ -20,4 +21,4 @@ EXTRA_DIST = \
 	$(sysconf_DATA) \
 	$(default_DATA)
-SUBDIRS = pam.d shadow-maint
+SUBDIRS = pam.d
@@ -6,18 +6,16 @@
 #
 # Delay in seconds before being allowed another attempt after a login failure
 # Note: When PAM is used, some modules may enforce a minimum delay (e.g.
 #       pam_unix(8) enforces a 2s delay)
 #
 FAIL_DELAY		3
 #
-# Enable logging and display of /var/log/faillog login(1) failure info.
+# Enable logging and display of /var/log/faillog login failure info.
 #
 FAILLOG_ENAB		yes
 #
-# Enable display of unknown usernames when login(1) failures are recorded.
+# Enable display of unknown usernames when login failures are recorded.
 #
 LOG_UNKFAIL_ENAB	no
@@ -27,19 +25,10 @@ LOG_UNKFAIL_ENAB	no
 LOG_OK_LOGINS		no
 #
-# Enable logging and display of /var/log/lastlog login(1) time info.
+# Enable logging and display of /var/log/lastlog login time info.
 #
 LASTLOG_ENAB		yes
 #
 # Limit the highest user ID number for which the lastlog entries should
 # be updated.
 #
 # No LASTLOG_UID_MAX means that there is no user ID limit for writing
 # lastlog entries.
 #
 #LASTLOG_UID_MAX
 #
 # Enable checking and display of mailbox status upon login.
 #
@@ -59,13 +48,13 @@ OBSCURE_CHECKS_ENAB	yes
 PORTTIME_CHECKS_ENAB	yes
 #
-# Enable setting of ulimit, umask, and niceness from passwd(5) gecos field.
+# Enable setting of ulimit, umask, and niceness from passwd gecos field.
 #
 QUOTAS_ENAB		yes
 #
-# Enable "syslog" logging of su(1) activity - in addition to sulog file logging.
+# Enable "syslog" logging of su activity - in addition to sulog file logging.
-# SYSLOG_SG_ENAB does the same for newgrp(1) and sg(1).
+# SYSLOG_SG_ENAB does the same for newgrp and sg.
 #
 SYSLOG_SU_ENAB		yes
 SYSLOG_SG_ENAB		yes
@@ -73,13 +62,13 @@ SYSLOG_SG_ENAB		yes
 #
 # If defined, either full pathname of a file containing device names or
 # a ":" delimited list of device names.  Root logins will be allowed only
-# from these devices.
+# upon these devices.
 #
 CONSOLE		/etc/securetty
 #CONSOLE	console:tty01:tty02:tty03:tty04
 #
-# If defined, all su(1) activity is logged to this file.
+# If defined, all su activity is logged to this file.
 #
 #SULOG_FILE	/var/log/sulog
@@ -91,33 +80,33 @@ MOTD_FILE	/etc/motd
 #MOTD_FILE	/etc/motd:/usr/lib/news/news-motd
 #
-# If defined, this file will be output before each login(1) prompt.
+# If defined, this file will be output before each login prompt.
 #
 #ISSUE_FILE	/etc/issue
 #
 # If defined, file which maps tty line to TERM environment parameter.
-# Each line of the file is in a format similar to "vt100  tty01".
+# Each line of the file is in a format something like "vt100  tty01".
 #
 #TTYTYPE_FILE	/etc/ttytype
 #
-# If defined, login(1) failures will be logged here in a utmp format.
+# If defined, login failures will be logged here in a utmp format.
-# last(1), when invoked as lastb(1), will read /var/log/btmp, so...
+# last, when invoked as lastb, will read /var/log/btmp, so...
 #
 FTMP_FILE	/var/log/btmp
 #
-# If defined, name of file whose presence will inhibit non-root
+# If defined, name of file whose presence which will inhibit non-root
-# logins.  The content of this file should be a message indicating
+# logins.  The contents of this file should be a message indicating
 # why logins are inhibited.
 #
 NOLOGINS_FILE	/etc/nologin
 #
 # If defined, the command name to display when running "su -".  For
-# example, if this is defined as "su" then ps(1) will display the
+# example, if this is defined as "su" then a "ps" will display the
-# command as "-su".  If not defined, then ps(1) will display the
+# command is "-su".  If not defined, then "ps" would display the
 # name of the shell actually being run, e.g. something like "-sh".
 #
 SU_NAME		su
@@ -167,10 +156,10 @@ ENV_PATH	PATH=/bin:/usr/bin
 #	TTYGROUP	Login tty will be assigned this group ownership.
 #	TTYPERM		Login tty will be set to this permission.
 #
-# If you have a write(1) program which is "setgid" to a special group
+# If you have a "write" program which is "setgid" to a special group
-# which owns the terminals, define TTYGROUP as the number of such group
+# which owns the terminals, define TTYGROUP to the group number and
-# and TTYPERM as 0620.  Otherwise leave TTYGROUP commented out and
+# TTYPERM to 0620.  Otherwise leave TTYGROUP commented out and assign
-# set TTYPERM to either 622 or 600.
+# TTYPERM to either 622 or 600.
 #
 TTYGROUP	tty
 TTYPERM		0600
@@ -180,6 +169,7 @@ TTYPERM		0600
 #
 #	ERASECHAR	Terminal ERASE character ('\010' = backspace).
 #	KILLCHAR	Terminal KILL character ('\025' = CTRL/U).
 #	UMASK		Default "umask" value.
 #	ULIMIT		Default "ulimit" value.
 #
 # The ERASECHAR and KILLCHAR are used only on System V machines.
@@ -190,21 +180,8 @@ TTYPERM		0600
 #
 ERASECHAR	0177
 KILLCHAR	025
 #ULIMIT		2097152
 # Default initial "umask" value used by login(1) on non-PAM enabled systems.
 # Default "umask" value for pam_umask(8) on PAM enabled systems.
 # UMASK is also used by useradd(8) and newusers(8) to set the mode for new
 # home directories if HOME_MODE is not set.
 # 022 is the default value, but 027, or even 077, could be considered
 # for increased privacy. There is no One True Answer here: each sysadmin
 # must make up their mind.
 UMASK		022
-
+#ULIMIT		2097152
 # HOME_MODE is used by useradd(8) and newusers(8) to set the mode for new
 # home directories.
 # If HOME_MODE is not set, the value of UMASK is used to create the mode.
 #HOME_MODE	0700
 #
 # Password aging controls:
@@ -228,38 +205,35 @@ PASS_WARN_AGE	7
 SU_WHEEL_ONLY	no
 #
-# Min/max values for automatic uid selection in useradd(8)
+# If compiled with cracklib support, where are the dictionaries
 #
 CRACKLIB_DICTPATH	/var/cache/cracklib/cracklib_dict
 #
 # Min/max values for automatic uid selection in useradd
 #
 UID_MIN			 1000
 UID_MAX			60000
 # System accounts
-SYS_UID_MIN		  101
+SYS_UID_MIN		  100
 SYS_UID_MAX		  999
 # Extra per user uids
 SUB_UID_MIN		   100000
 SUB_UID_MAX		600100000
 SUB_UID_COUNT		    65536
 #
-# Min/max values for automatic gid selection in groupadd(8)
+# Min/max values for automatic gid selection in groupadd
 #
 GID_MIN			 1000
 GID_MAX			60000
 # System accounts
-SYS_GID_MIN		  101
+SYS_GID_MIN		  100
 SYS_GID_MAX		  999
 # Extra per user group ids
 SUB_GID_MIN		   100000
 SUB_GID_MAX		600100000
 SUB_GID_COUNT		    65536
 #
-# Max number of login(1) retries if password is bad
+# Max number of login retries if password is bad
 #
 LOGIN_RETRIES		5
 #
-# Max time in seconds for login(1)
+# Max time in seconds for login
 #
 LOGIN_TIMEOUT		60
@@ -281,12 +255,12 @@ PASS_ALWAYS_WARN	yes
 #PASS_MAX_LEN		8
 #
-# Require password before chfn(1)/chsh(1) can make any changes.
+# Require password before chfn/chsh can make any changes.
 #
 CHFN_AUTH		yes
 #
-# Which fields may be changed by regular users using chfn(1) - use
+# Which fields may be changed by regular users using chfn - use
 # any combination of letters "frwh" (full name, room number, work
 # phone, home phone).  If not defined, no changes are allowed.
 # For backward compatibility, "yes" = "rwh" and "no" = "frwh".
@@ -311,19 +285,16 @@ CHFN_RESTRICT		rwh
 # Note: If you use PAM, it is recommended to use a value consistent with
 # the PAM modules configuration.
 #
-# This variable is deprecated. You should use ENCRYPT_METHOD instead.
+# This variable is deprecated. You should use ENCRYPT_METHOD.
 #
 #MD5_CRYPT_ENAB	no
 #
 # Only works if compiled with ENCRYPTMETHOD_SELECT defined:
-# If set to MD5, MD5-based algorithm will be used for encrypting password
+# If set to MD5 , MD5-based algorithm will be used for encrypting password
 # If set to SHA256, SHA256-based algorithm will be used for encrypting password
 # If set to SHA512, SHA512-based algorithm will be used for encrypting password
 # If set to BCRYPT, BCRYPT-based algorithm will be used for encrypting password
 # If set to YESCRYPT, YESCRYPT-based algorithm will be used for encrypting password
 # If set to DES, DES-based algorithm will be used for encrypting password (default)
 # MD5 and DES should not be used for new hashes, see crypt(5) for recommendations.
 # Overrides the MD5_CRYPT_ENAB option
 #
 # Note: If you use PAM, it is recommended to use a value consistent with
@@ -335,72 +306,35 @@ CHFN_RESTRICT		rwh
 # Only works if ENCRYPT_METHOD is set to SHA256 or SHA512.
 #
 # Define the number of SHA rounds.
-# With a lot of rounds, it is more difficult to brute-force the password.
+# With a lot of rounds, it is more difficult to brute forcing the password.
-# However, more CPU resources will be needed to authenticate users if
+# But note also that it more CPU resources will be needed to authenticate
-# this value is increased.
+# users.
 #
-# If not specified, the libc will choose the default number of rounds (5000),
+# If not specified, the libc will choose the default number of rounds (5000).
-# which is orders of magnitude too low for modern hardware.
+# The values must be inside the 1000-999999999 range.
 # The values must be within the 1000-999999999 range.
 # If only one of the MIN or MAX values is set, then this value will be used.
 # If MIN > MAX, the highest value will be used.
 #
-#SHA_CRYPT_MIN_ROUNDS 5000
+# SHA_CRYPT_MIN_ROUNDS 5000
-#SHA_CRYPT_MAX_ROUNDS 5000
+# SHA_CRYPT_MAX_ROUNDS 5000
 #
 # Only works if ENCRYPT_METHOD is set to BCRYPT.
 #
 # Define the number of BCRYPT rounds.
 # With a lot of rounds, it is more difficult to brute-force the password.
 # However, more CPU resources will be needed to authenticate users if
 # this value is increased.
 #
 # If not specified, 13 rounds will be attempted.
 # If only one of the MIN or MAX values is set, then this value will be used.
 # If MIN > MAX, the highest value will be used.
 #
 #BCRYPT_MIN_ROUNDS 13
 #BCRYPT_MAX_ROUNDS 13
 #
 # Only works if ENCRYPT_METHOD is set to YESCRYPT.
 #
 # Define the YESCRYPT cost factor.
 # With a higher cost factor, it is more difficult to brute-force the password.
 # However, more CPU time and more memory will be needed to authenticate users
 # if this value is increased.
 #
 # If not specified, a cost factor of 5 will be used.
 # The value must be within the 1-11 range.
 #
 #YESCRYPT_COST_FACTOR 5
 #
 # List of groups to add to the user's supplementary group set
-# when logging in from the console (as determined by the CONSOLE
+# when logging in on the console (as determined by the CONSOLE
 # setting).  Default is none.
 #
 # Use with caution - it is possible for users to gain permanent
-# access to these groups, even when not logged in from the console.
+# access to these groups, even when not logged in on the console.
 # How to do it is left as an exercise for the reader...
 #
 #CONSOLE_GROUPS		floppy:audio:cdrom
 #
 # Should login be allowed if we can't cd to the home directory?
-# Default is no.
+# Default in no.
 #
 DEFAULT_HOME	yes
 #
 # The pwck(8) utility emits a warning for any system account with a home
 # directory that does not exist.  Some system accounts intentionally do
 # not have a home directory.  Such accounts may have this string as
 # their home directory in /etc/passwd to avoid a spurious warning.
 #
 NONEXISTENT	/nonexistent
 #
 # If this file exists and is readable, login environment will be
 # read from it.  Every line should be in the form name=value.
@@ -419,55 +353,17 @@ ENVIRON_FILE	/etc/environment
 # (examples: 022 -> 002, 077 -> 007) for non-root users, if the uid is
 # the same as gid, and username is the same as the primary group name.
 #
-# This also enables userdel(8) to remove user groups if no members exist.
+# This also enables userdel to remove user groups if no members exist.
 #
 USERGROUPS_ENAB yes
 #
-# If set to a non-zero number, the shadow utilities will make sure that
+# If set to a non-nul number, the shadow utilities will make sure that
 # groups never have more than this number of users on one line.
-# This permits to support split groups (groups split into multiple lines,
+# This permit to support split groups (groups split into multiple lines,
 # with the same group ID, to avoid limitation of the line length in the
 # group file).
 #
 # 0 is the default value and disables this feature.
 #
 #MAX_MEMBERS_PER_GROUP	0
 #
 # If useradd(8) should create home directories for users by default (non
 # system users only).
 # This option is overridden with the -M or -m flags on the useradd(8)
 # command-line.
 #
 #CREATE_HOME     yes
 #
 # Force use shadow, even if shadow passwd & shadow group files are
 # missing.
 #
 #FORCE_SHADOW    yes
 #
 # Allow newuidmap and newgidmap when running under an alternative
 # primary group.
 #
 #GRANT_AUX_GROUP_SUBIDS yes
 #
 # Prevents an empty password field to be interpreted as "no authentication
 # required".
 # Set to "yes" to prevent for all accounts
 # Set to "superuser" to prevent for UID 0 / root (default)
 # Set to "no" to not prevent for any account (dangerous, historical default)
 PREVENT_NO_AUTH superuser
 #
 # Select the HMAC cryptography algorithm.
 # Used in pam_timestamp module to calculate the keyed-hash message
 # authentication code.
 #
 # Note: It is recommended to check hmac(3) to see the possible algorithms
 # that are available in your system.
 #
 #HMAC_CRYPTO_ALGO SHA512
@@ -2,20 +2,19 @@
 # and also cooperate to make a distribution for `make dist'
 pamd_files = \
 	chpasswd \
 	chfn \
 	chsh \
 	groupmems \
 	login \
 	newusers \
 	passwd
 pamd_acct_tools_files = \
 	chage \
 	chfn \
 	chgpasswd \
 	chpasswd \
 	chsh \
 	groupadd \
 	groupdel \
 	groupmems \
 	groupmod \
 	login \
 	newusers \
 	passwd \
 	su \
 	useradd \
 	userdel \
 	usermod
@@ -23,13 +22,6 @@ pamd_acct_tools_files = \
 if USE_PAM
 pamddir = $(sysconfdir)/pam.d
 pamd_DATA = $(pamd_files)
 if ACCT_TOOLS_SETUID
 pamd_DATA += $(pamd_acct_tools_files)
 endif
 endif
-if WITH_SU
+EXTRA_DIST = $(pamd_files)
 pamd_files += su
 endif
 EXTRA_DIST = $(pamd_files) $(pamd_acct_tools_files)
@@ -4,8 +4,8 @@ auth		include		system-auth
 account		required	pam_nologin.so
 account		include		system-auth
 password	include		system-auth
-session [success=ok ignore=ignore module_unknown=ignore default=bad] pam_selinux.so close
+session		required	pam_selinux.so close
 session		include		system-auth
 session		required	pam_loginuid.so
 session		optional	pam_console.so
-session [success=ok ignore=ignore module_unknown=ignore default=bad] pam_selinux.so open
+session		required	pam_selinux.so open
@@ -7,7 +7,7 @@ auth		required	pam_wheel.so use_uid
 auth		include		system-auth
 account		include		system-auth
 password	include		system-auth
-session [success=ok ignore=ignore module_unknown=ignore default=bad] pam_selinux.so close
+session		required	pam_selinux.so close
 session		include		system-auth
-session [success=ok ignore=ignore module_unknown=ignore default=bad] pam_selinux.so open
+session		required	pam_selinux.so open multiple
 session		optional	pam_xauth.so
@@ -1,5 +0,0 @@
 shadowmaint_files = \
 	groupdel-pre.d/01-kill_group_procs.sh \
 	userdel-pre.d/01-kill_user_procs.sh
 EXTRA_DIST = $(shadowmaint_files)
@@ -1,26 +0,0 @@
 #!/bin/sh
 PATH="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
 GROUPID=`awk -F: '$1 == "'"${SUBJECT}"'" { print $3 }' /etc/group`
 if [ "${GROUPID}" = "" ]; then
    exit 0
 fi
 for status in /proc/*/status; do
    # either this isn't a process or its already dead since expanding the list
    [ -f "$status" ] || continue
    tbuf=${status%/status}
    pid=${tbuf#/proc/}
    case "$pid" in
        "$$") continue;;
        [0-9]*) :;;
        *) continue
    esac
    grep -q '^Groups:.*\b'"${GROUPID}"'\b.*' "/proc/$pid/status" || continue
    kill -9 "$pid" || echo "cannot kill $pid" 1>&2
 done
@@ -1,31 +0,0 @@
 #!/bin/sh
 PATH="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
 # Check user exists, and if so, send sigkill to processes that the user owns
 ps -eo user >/dev/null 2>&1
 if [ $? -eq 0 ]; then
    RUNNING=`ps -eo user | grep -Fx "$SUBJECT" | wc -l`
    # if the user does not exist, RUNNING will be 0
    if [ "${RUNNING}x" = "0x" ]; then
        exit 0
    fi
 fi
 # If there is no ps -eo, traverse the process directly.
 ls -1 /proc | while IFS= read -r PROC; do
  echo "$PROC" | grep -E '^[0-9]+$' >/dev/null
  if [ $? -ne 0 ]; then
    continue
  fi
  if [ -d "/proc/${PROC}" ]; then
    USR=`stat -c "%U" /proc/${PROC}`
    if [ "${USR}" = "${SUBJECT}" ]; then
      echo "Killing ${SUBJECT} owned ${PROC}"
      kill -9 "${PROC}"
    fi
  fi
 done
@@ -0,0 +1,8 @@
 # useradd defaults file
 GROUP=1000
 HOME=/home
 INACTIVE=-1
 EXPIRE=
 SHELL=/bin/bash
 SKEL=/etc/skel
 CREATE_MAIL_SPOOL=yes
@@ -1,58 +0,0 @@
 -----BEGIN PGP PUBLIC KEY BLOCK-----
 mQINBGG8mOoBEADeiVXeiQGVydXf6J/VpVjh9L2Q8drC8esi0zrMGO07TExJ+A/u
 h1wLDfArQWhkoKqoSpbEynYyXubuZ1VIDtV61Vjglm28uCVuWPBk1AoQLe6erENk
 d/b6IFJ0+OwFqqN0/0erqzTMaAM7rhE+3t4Uuqi2D259UVZRRXkld4AMztkYVxK2
 dPQOhddZSN+didG/pVDP3q5t9bLpOYd8DL3reIgoFsvfKbmbTFU+ymT1Pgdd+Fvr
 g1Xs7lL8l8P0u9lrm7YSaJkk0mqUooE05oc/yeXWJKun8EqQRyMQmkL/nLzlFx8r
 Kjlq1fMiOKDFYzDAGyac7XDGGIYeNPBrSxu5XVgRfywgoAZzEI4cR0ZvMpO7cG0q
 +DWZ0mFvAxZ5kE3gNgTb2YM59PaS86Wu0E+4WAbu/60mcv/llRAd7JLcvQcJjK0R
 /BgPIujfkAeU06TzqVKeb9+DJ5jlzRkthROO/K9RPJMwDANRfkmHZoSQXuAOWKP2
 KC8uh7N/Xy0NKP7xnffXeI0494Xg4uCjRROw3H7ZZnAiyRYM+d0cYFRF4Q7n9hy6
 Umwb6yrFxhP4gRCN+HbE2Q5Ot4OsaU9KrczmXGbjbm88o5UDmHTGAssdmEWG/IFP
 s5tJi/TwhXVBLxQWCDfHKl3/LCb2Xd0IWQs9W/8vMaZxYl0x6nuSOE1rFwARAQAB
 tCJJa2VyIFBlZHJvc2EgPGlwZWRyb3NhQHJlZGhhdC5jb20+iQJSBBMBCAA8FiEE
 ToDvSceYe23i+B9QBQecbDplPlcFAmG8mOoCGwMFCwkIBwIDIgIBBhUKCQgLAgQW
 AgMBAh4HAheAAAoJEAUHnGw6ZT5XfGYP/2jIKN2QtK0+lNltlwPEjKODRxIhnlGa
 nx3vmFkcQg66VoxV16FhAtuXuNMfRXZLDj+ky0aYxdpI/dGBjssFWsFum9HAXwjW
 F3V71tPlneYJR+EoCwX08qUDhouODT1jl7j0ZoF2YOoZZ32K6DZ5/Zjw1/WBh7Dm
 dUig9hQMME+2A6fUD6oRRGMDaz7a5Ce+iqCkTqcbqwZ+YkebHozprm58NH8dUIrf
 Fn9kCLAqNRjGs4oQTBjBWEl4EC+ysCGR9Y4UWDhvkQbfgqxyKtht/fiCTEwYSS2t
 w9JOxTCINuI49anIjljGTrFmKvNz1XgGUiU8Y42ZIvppVviTHEPYHQ6ECbgE9vKG
 4r1Qvg3FLos0yqcuwOn/w1DtIxvC/3/tNlh/ZtCWdfM4ZRtxu4J1qqHnjsRcDbPs
 FvJf5gQNZ3vVqaH84E+N8GwTt4iXH9c5s8j77hRq7RjJwCy4t//yq3Ot38vz1IiH
 4w2DJynSVhZ75c6/UcDCdU9bcWfDfbvyRfTEqsDZ9M36M82r+L4Mzuj+Q9zCpuaR
 TafPZuB02Yt97nIk06VxxehffJjjRTplt8oMlILkyX3rlhMnnQlTysdTL3rEG/Xa
 h05rPuLLSRwo8KrCIXrVbXK9YSzqYJ6EdUmOpvbiQIv8SmWmVyIPs7ZtgefM+BWW
 WcrXeHNy9I+FiQEzBBABCgAdFiEEZtA4fbhdMg+ECBZtsXXPqY8ZKvIFAmU61cQA
 CgkQsXXPqY8ZKvI01Qf8CXnTPsmeIf546qUGnXiVbdwxR8Mk3DDQZ5aKHmCO3Ksq
 ly5T0JoyJCycR873zbeo4Hp9xRftioJvFHo95l/9aW7bMSCH6bJlGZm4+7ZXszc8
 Cq75YCkO9+e63xTFbmb+56TMoILwyBgRzpwHTdkHpvZf/mZonsvOkhqM4OU/Vq8C
 TeQluNypr/d1oPidR/b8WPMbseaGOmhN3EogUyOFasbn3JCtETYTp0FeVJvrVvnN
 ih7lQq2Kt4z6WsG+wf25sIoMqC//g579wDX74J1pfIiOKWMHEeUF0mKJOI2z8+gD
 WRk7ZSPT3zFdhU1FLRNbiTT7bWEj5qaJlELhHs1m2bkCDQRhvJjqARAApG8OF2WU
 Qp5JWei313GjoZLIBwywGRtGdjcZVRb46uDyw6+N1NMi005MroWkyTC5A3cUr+Iu
 QYAzox6sIWhaue8CLh+sSpS0eaf+tJgQkb81y8vDBTG4Fh3FmKub5DGZmgzVhzLS
 gfFCtgnNp5BujVijwNmHSI2aNqVrcr1GFuOefmphvG44uyPHdw5MovUML2AUmkiQ
 F445grST81RwpoNLHIBNsZWd0HQU81CXB3ZiVzuVoDmpcMtK6lqg3ni9Hf7O2nUo
 Jj6rW2GlczFkKepd7/J5BiIjVopAQzO/TDQAq3gXw549qxwBnvjx6iw8MhWj0VQO
 Be0uKDVa3rE07yj1UF23q7KoNYChr694nB8ZTVk8Ve1lamNDSAJJZwk1dmtb8aA8
 f9b8dPwKdR+XE9lkdfiYeM8imZslx3KJH8ZnybJ+EN15tIAGqxpHEllrXfBxvUiB
 Gs3JIQy81H5bpcHUTjhFQegMmr95Hz/y5YrrbMb4reUg8k4DULAcbU0MKCJaaHe3
 tM5kRWrH1BM8CBwDI8jZ1bpn9d6xtFG6T0FRGiY7u/F7wzBHwoLZ5nfWJnZoQPNg
 5GePRy5uBl3dk6A5ejL96HP/ry9DtdKpR44sju4X94MxvdBXgDQjgq0rnjyuhFLx
 piH2u7H4xlfaB2J4P16ucxUUqRd9bVXsT80AEQEAAYkCNgQYAQgAIBYhBE6A70nH
 mHtt4vgfUAUHnGw6ZT5XBQJhvJjqAhsMAAoJEAUHnGw6ZT5XQHUP/jjL2xAqupWw
 LROWvFVwX8M5ALt3mm61/j2RhSj3CPyv7c/A0tOlAM7PmFH8KG3VZT3iBSYsPi/X
 j20S0r5/yaPzgqRQCdfE1KWDF0/NRs+FVP9syGYL5etgdOgQIsIplQuB2wudYpxJ
 xj/tXCcFpVlirobXPjKRye40buiopQsh0RAzUox1UAXBuphqA8Z+u3vyfQovreRM
 b808GqWRuqfQtieSdyOdCHQMJ87YOrr5VusGtXycG80Wxuj5m+VGyLevmXPEbcV4
 7nIqY+pOqYP852nzEilKujBkEPAc+kWUV3uwYWy4nLu3xFvSySBoBnT+ztE2ysxz
 gBNNyrTL/ihfCrK/uUdBnHWr/Wf834FQGQm2g2yHMan5XsLCJUu5P4MiOY6Fekah
 4jXSkOmMZJ0ZK444qP5J6zscZcLJ3ANdHPeW8U6Ey81UtgSdoF0RFniTFbvtT+3v
 rdCEQZUr2N87fFMp4ygMipZgtXNrI810QROLxJCFE+ZCn28T4yZzciVV7f1vRm5Q
 +VUD2tFeQbJJqUsMqos4umU2pNosQyE2W5mMhjlZQi0+ZajjiEZs+plVZ1JSEvgZ
 3r+yagFOArK8ZyCzsL9u4ZFhomQNUKskSK01zbjWv4/mSdxS7U+citNKFsDuhq9P
 wc44x8aaET0FtmmJmRfxzQSEkczkR4AM
 =K+Fs
 -----END PGP PUBLIC KEY BLOCK-----
@@ -1,185 +0,0 @@
 -----BEGIN PGP PUBLIC KEY BLOCK-----
 mQENBE+oKZQBCACz5WylGAr+eitZjuSigzR+y30W3E+gkU0DSNlBB3WlorOtmzMX
 9F2d+z+ozJuez4NPqwfQ5y2ExKSbL8i1rwYmExZIzTDpm1Q6N3hG+vLbxwbrbsKT
 qW9rPiXriU5yRwuvVJl4NOU6T/Pau3/VD8iFN7U4mVpNFVPlB8vCvDJ+07Z0xIH9
 MXe8uaERG3v2EL7Mv8L5w05XEeuTT/CJiw6NdzwjZc1FymVoFjntetl8HaJ+5JCB
 2ylAbnw/wZJHORgsLxZhOL6/zrJRG8GvjgB+1l8izgl4n0DOqjyyoQIZJ+mfuHR0
 6wDqwvP5F9RZqCh8Md4hYujop5a0BKfAzLfdABEBAAG0IFNlcmdlIEhhbGx5biA8
 c2VyZ2VoQGtlcm5lbC5vcmc+iQFOBBMBCgA4FiEEZtA4fbhdMg+ECBZtsXXPqY8Z
 KvIFAl2r0d0CGwMFCwkIBwMFFQoJCAsFFgIDAQACHgECF4AACgkQsXXPqY8ZKvIM
 nAgAiTpLlXuzyD4C+9I/yCA9N/BqK43jnMfJOl/Ky56vgJ/WbrFJLuO3wubMlRLD
 3jurC6SK2g0TpygyoX2MjwZVT60Sq3ZcgIh71yyWHhtZ29NuUiKsKnajb9IlP+AM
 1V0g9py41YdDUmAuC/5crqyK+8u1CVrB/is7Eym598gIl9nyGvaZrzgjG1cRCjzf
 ZU8pRG+VPMr5Xla8rDKBZl+LcusV90eAUa0E/KVFS5N1dQ6HKckYXPSBN3DKHZy+
 qKa1k7Dq0CnkTjQmjaMu3j5sdOXg4QUfhCHeLDFAtadNdP04I6g5KZRvC44XdQ1A
 bxFMLyObhCsq/QxSh/nYrKsw0okCMwQQAQgAHRYhBFthJl4sTzRNQx3P6R5EEKQC
 S8bwBQJfcizvAAoJEB5EEKQCS8bwYiEP/Ax0AQmfXibQixFkH8At4dsSOtL9kyzn
 SJfDg7+q47BtjCKDrx+ecX22ilfjBNymoZo/N6JYDbOh7Z6nHC10IrguGIxM/Ynp
 R5axA+5VVuEvc1x9SDyBw9MZcC9QkF10AmISzvgJ2OPJlH7uCPrBvrsjy7WuPn/6
 l91tUGem/iThccog1IxNHLDWmCUI09hD+txTNyf4vJvkGP7Omqwy+DwFyWdWtDYm
 Mg/mRkUnU38gZ0UqPlYIUVujZjGy9MQGwtfFtfEAfp0EXruw1KLchsLa0PIaWc+R
 qkmlk5L+GMq0qAdJMUmeHZZx3jKYQFeo/PI++3fJg1kD0ncwx0sQ4SaKZoiU8oB7
 mT3jYwrz+2cJsnS07fhDu7tLq3mqNzJSux5cgJvlCM1N01lQcuFyl9PaCNha/z1Q
 piFdtA4MM4a2QcUPEcfh532/thfnM4NP3IEm0EXSGs51Xh7NNILx7YRZ3V4xfqvg
 EaPs6+2vsEP6SsZ+icwaklzKh/I1Jni3CZFtsiBO1hCRO6yIKlvQCq6wtZa7QMZa
 65fvESoLM/dRZRMNqgUp1KFhMndpenQJDAKG7w9SdKDkXx7WGrBUDVBbm8tN13Fo
 WPmbMmmNPreMQ2LEXN9HentYVxZXcW3q7KnSCuWGc0lxM9jDwE6W/Zm84dsLAdlP
 JdoeKv4fnhoZiQEzBBMBCgAdFiEEDnKQYQ0vbcTWXqkhmjFOxfRwoKwFAl9yMrYA
 CgkQmjFOxfRwoKwSfgf7B+OaMOtQksO88589TB3mP4tMg4fFSmayenLHRRpslgyH
 f2Vnwq0/8qhR4KYapQ3vICy14KhCChWsPV1U0H44eR0R7FVHoW2xt/QCtFsxoBvP
 zNcLFbc5CUN+7Ff4ybvwSRYNBwYktiXRQOHeeli/i534+kNkQo9zYsn2ej7diaLg
 8x35UV93BmmWb7aJVj1nrZ5Nj7BzBiakkWlAj9qb7xeS7lcwvgcOP8qEpPh1FRgL
 eR+2WjueArNTNS5w3X945EHWi6mtzKLiHMC8T0k/9WmmPiKe+LWudRrZazFhairt
 18dlMtm5aLU75iDufblQnaAMGfNlkwpCw8jwwox+c4kCMwQQAQgAHRYhBHEAqt+u
 bm6UDS4K1lXkWlroynyKBQJfcmGfAAoJEFXkWlroynyKg0wP/2weLgYIzUvBs7WA
 pU3a/JuSRSoQ5iyUk4TN8UD2pXR4f5G/vDIkxEMLsFjQVJSOZyrsJlS6s32Oc4Ku
 vrVFrjFSqkuLbA06fUxihXozdH7hfqSVl1nZIftCo1Y47PmRNyW59mqhi3OkeXJZ
 hkMLL/g57Hv9rlKPi8ujb3SjSltaK0TFjT4IdrQVNgit3zw8ic+roS28rHwmXmy7
 MXgVwFY0d4Tg5SX3KgjuiGK+fhbv59LBpM2uUwSQ2Q0IbyLuUkVK3LBmQmISR2lT
 0hNsV8Xr6dL/EF8+e9O8pxwI03i56hktCXrBiwbgDiYxJcaPyb7Nw2KNY2xtIebQ
 xMgdY02PLiAJVNYiZPLr1Ro4p0kIChbjdPapzoVaoBpMBWm6lKVIMH0UnnzsduPg
 pZ+YBBYSwUkFmfe6cFf+Jg4jSNIoFThEzum5Jzw1gra1Wu96KrvnESBfuEUPXQcB
 fCQ6KNVrdOY/SMPHt9MAPaovES+bXNS8/k7/y5Xtzv39l6M6o8xChEbYHINGJgWx
 hTtGi+NVQyD6Q2paDPnt3hHXQfrDq/8r5zQZ0+NO3ay+DZTyH54F13YGlYeT+PWM
 gbh1UOfZADP/kXpTMvALsMTPZrvHf3/1RrPIa9aRL8C3T6a6ixz0n+MVX4XoYWR1
 NcB7TxK1foFwnkbWxPvfpA5aCZ10tCxTZXJnZSBIYWxseW4gKGtlcm5lbC5vcmcp
 IDxzZXJnZUBoYWxseW4uY29tPokBOAQTAQIAIgUCT6gplAIbAwYLCQgHAwIGFQgC
 CQoLBBYCAwECHgECF4AACgkQsXXPqY8ZKvJh8QgAm+I4djDNeOcdauxtBDvmsmrb
 BDg2UzkVGWOyS58Je0jP8NSkopPdqobfLvLC0TCXh4+h8mYtsLQ7ltkX1uWBJIJX
 TbPMZ15SiwAmzG6ZgdWL0JEdayIBo0xfyCJ/294+rP+Jj9xo9LjDiAFckry8vC/F
 OgjgJkPAiUyQyi///cdDm/k4p96psDWuewYjvi9TD1m39KqC53Pltjrnr3c6p5FF
 ZTq04fzOjgeQV7Dbph2HzSoCfVHsAueTrzPB9ePy93JH1/Tl0SpuD/i2FlZyNYL8
 WudA6NxPAq7kOdQIT3ftrUw/O3i3UUJhQeupws3327Ma44Pjaj39L4kBrYdaF4kC
 HAQQAQIABgUCT6ixnAAKCRCJcvTf3G3AJjknD/9zVnKUb5DnZLmplTCdAAFTMu2I
 +ZfDyp9otlLOid4AVco7UjwtYA9+qkBi62QC9qcNoImuiSrwZEhCb4hepcTZU5sb
 fBZ/DFIm3y3sAxroCTiCEUH5LS5xRBjphtuM9iq1++i4X96OLgXVbC3XPajxmv3x
 V3rtcKHA9Yb6KmSDL+pkD+1qg3jYZqpXykgg5C4U8ypnlPyuBAY0yUxRRqF3rHmx
 F+ro31mReqmAIAUd0PgwKFrEp1GpJdGyeJriL+8yznttihvRy7OookTFc5HKZ6qE
 GjTl4pDz28FQoL7QIDePoRTQTcfcaA2sFvW+4Pvo6PrE4mtL4nXVidznrsU4sjJw
 h8U09XJQ/7cvNmQ4Wt5XaS5BgLRkSKp7otGnp56NHbaL+zo9L7p50j2p688Imlb5
 FTqQBHY6pZfMHL3QPk3eUXcakJz3uyS4DlTVmlXhpfHloL1sY9n39iqKwpb8ItVJ
 kxb6f8eqAJk1H3CoABEMSLGQQz3DAn0lqGIGzzm9H90uhyiCcPq21zwN2pXhoHfP
 d0BBb45u+EryJ5JfUFEpeRw3QFHUFrdyY8e/INYnctUOaChFsjvd5Vv/A7OXEzkl
 p4yCD7Yo/2d6e2m3bvSKkU/t7DwysqwwkWx1eVPQN4eR/LxddZ9cIF/9C0f3epP/
 MGpK2dfHD0yxte1OfokCHAQQAQIABgUCT6iu+wAKCRBP++TpLv3qcrq6D/9+RLUF
 HyDgrnhjwBZlN47nh363cpQwuFFrIWi1SCnRrkvYtHYA7QVnPw/Wa/6FKO4gAJ4z
 KJg4RByw8+Ehk7LyhWqAaqs2fQExLHBtmS2rSj2j2ztKKNq7oEHfTHXIrFGqYoBG
 BS98uVdIrjtsfuWhpyFojQcLCmAGoZMCtJJWdROR5KZDbCk7fZrjq6W/xYxQm8I8
 ywmQyYoq9yOdqb+8aP871/a5TDxnbOAuObxCko+uG7fKm8FxvDGkAFC0TnX6cyww
 jmIcsIVYjZGfD5lpp4S6y6pWZ17s773SSJF3xiQ04HbBv38HtfZPZPofioz2DAx+
 fZS5ilZCBf1bZpIUJLBaKonnxa3S8Elxnia2wjAMSY7mDs1TSilkkwQyrELqKIQB
 fyQtKeti8qSWxjhkBaHEQwD5qZr5B1a57AbgLDFjaa4lst1fcgHbBPY/5jkqh1dE
 OkZJACt5YGaHOucqeKZbYWUBDtbdd0UMl8CX0TrzcUg5SYEVFKFQbdYh/fs0cKKA
 AxtQ53QEU8+XcX6UM8UHJJASui7o56+2IJECCKm7r8Uqi8E93GJUDsbij1Gd+Rl2
 rjBWa4P/hhUYG38tZUhng95olgu4/x1BfHihrHKd8LLnb3zgYtRl5Z2ANDcUYnye
 4gbkeIK0bPaoZ+7ioibzfjaLt//NFp36iNfKfIkCHAQQAQIABgUCT6ivNgAKCRB1
 gM7ry4iwi2KjEACa/zVC3Qm2zNgKu4lO/ELFNZHjKeoY+lsELb3TAyO7Kd32zgYZ
 a/QEfq9GTGffQgu8W1jNhvhFVq3OhFWsC4zl1znjGGINYWx2UiIGvu4Yh7LHItQu
 B/xPqL2rlyFEi751Mc7HYQXv+BIXU5y6NnjyAzuv0h0LQzcmaJKL6WkJUtxBy0Ux
 A7l3aT+2tpEaU6lkMXsBLppc9HqGXfNld5wR2CHqwIGFlu+SSgmADK4AZMQ11SnU
 RLBzAW+Rz4u94JZevTPQx3sWJNlONef6SVZ6B49YZ7IbUZMVDQZZwSQUWrjgKMv2
 QjW4jitGfqxnwU3egzRASbpIVoXsthkAGLyQAwcyq/K/sumwOJBA+nh3h+HLJ88K
 oYHqhYsnlJdRLo4lbXIvXnhgtnWT2i1tYiD7st7f15zn1Bu4edhItXK7un7In3Nq
 RHOjwCbOJOlMfOsdDxE75RffbDHIHRuNhSRa1tQzvs5HricPpw+HC86sKwhqyYa1
 zvpFyLN4dn4mqANvmEAKL+s1KH9vZcGpihJJwATRgVL9wQrTE7CcwmTpWRVFsHtQ
 LjUCVLN9UdFq1vKJfgScKpB2PdLt3PP480lcSlpTD5ngeTopDyezpF1bEzMdVXRE
 mFN/2UvSpqQJIKVcteeneWu+jGiMGb/sS8DMRhEsx9cWJgSkiTiAIcQklYkCHAQQ
 AQIABgUCT62IbgAKCRB6I+Rm1KK4HkJbD/95poXt7poScmgTrp0T1Tssnc4bbLAV
 zuQspbmR7aPodnnbp4U6a4bIwb+NwxHxb43ttJh1LpVYxV9xzNNwSih9K/ggkCjz
 H9tTelclkjYql0zEkfJBoIKy1r6csEdzDMMTuOPYNTtDTU/Ax4ERwBTF/X8GjnS5
 SQ3gnBmpxrxXwC2+9NRzEPCNw+MUPgoAJpwSqrmoNVd2I39MzKo19LAZKJ45vQY5
 hfeuPnn+RpcnRtjcwFUqakr2mzipFdFQGZTtjbYYEapRXSy8jvvp0k5cCreU+cxR
 T9nVfySHXBF4ySHqpIoqko3+QtqPLI++C5wugoYiJL/bVB058MxzxWm6KKGgjcAe
 62qQsTNXoPErp/Z6J3TGdxwuIcJjEVRKkNaFRb/rSBYw1L/qdW3qEVBB22l16lfa
 1Pdd3IhpQHVGQnKdebCu+BAW+egF8SULgLnBPZKj6rhI9z9gOgHyzXJGzPoIk9+/
 O/D23w9pUmumOP5s6LGcTFGkumG3TjJat/SjUQC7mlEDO/rOzJ31mLdmgXtvpSct
 3BRUZsPjqcw3eYTMJql2PkpHM+Mrljtm48z8394vB5Fv6MrRDppwXSBMSyxoZ1Cg
 sx7AKWPBWeVMQO5fxblBmKfyOd4ee4UdVsL9qjosfkf22/meyg1M/yUH9qbHffMN
 kAmrW5h2LYxqiYkCMwQQAQgAHRYhBFthJl4sTzRNQx3P6R5EEKQCS8bwBQJfciz2
 AAoJEB5EEKQCS8bwe6sP/0BFyE1KWVcJjR4iH3QKzrxzoQunSbLUGrb9i+TrwQD1
 VETGu8KzcZ+BSod/mYaYq39r5NHczrPgmlkHgZ/qTu9ufvBdSPiTbpTU8enoiZvG
 2PZyjF626MWzeljzn5wKjxZo/4+sRd9dzZTl6xG4N5crctcriWllO3zDmrsnNQBT
 E4AXmCnOCgbuFhA8NCun/NyXsYrTu5nKXictwR8VhyH/HdML7VRqe3SsLIfbyB6/
 M+8H7/CYzBCokZEgFmFwC0gxt4rbP5KkBxZUPJLISpGcYO7tXMuXq/vRrsHFlUnB
 d5MW8mKF12cnky9YFIeW0bXxMPcy8tdPnDI+LSGgt55RzDDvWheoQsCkPf4nqp3Z
 uLL5XahXvREsDZUya03fXyOoiHqskqdu9KjoKiJMW0ZKYtSZ/UvMb5J6fbw9xR6Y
 G+fLINZuee6sP+2Hk4n8rZLg2mdxKh/nclXE0yFy2O+jLAiz3mMvzVxHKUCegAn5
 N/l3ecutmWrOdjMN8Dn21iwgWxCGeuXUkswKyOmWnV3hVNjlKHq2x9q6abrk6Wx2
 duJorBbtAKjeLaSmXr85BS4ljzV0I8g4P/qmC+6uFNI166vzeLlbaGcNeNJaDtuC
 Z9ut9YD8bH3IEviczW3nz7IREbZV0t2771alqUomZbFS46kyMEs6MQ6IRQybD36M
 iQEzBBMBCgAdFiEEDnKQYQ0vbcTWXqkhmjFOxfRwoKwFAl9yMrYACgkQmjFOxfRw
 oKzxmAgAsZkOt2eAk3b0z/seDMEqs8MVaT9Tt1nWkN2Jj2j7ns9dFLKOhbiBshke
 86rApWVxMZWT9io8qJZj6V9uNMc9g6ujaEISzzYuI+mlwm2Myfg+62b3aE8C+m87
 jLcUk57BB7Fsv0VZZJGz/dxpCUyGbvNqIHXx4irwhnN6GMBnbHrUQQb3erGeaq0/
 EM9umQ3oyi734EYmRKXkCBMon5YsEt3pJyZZLe4S2zxPUQZ0Qh87DJib4giGFOgw
 sKY36VI+clHh3aZ5XAoGR8FF95cP/vb3x7cClMydLogO0LS8gy7bBQpxJwahH201
 M2NnJJtA4g+gzgbjh+PqLy3zW/cK6okCMwQQAQgAHRYhBHEAqt+ubm6UDS4K1lXk
 WlroynyKBQJfcmGjAAoJEFXkWlroynyKIfwP/0MCTmvNrsVMxf9N6RP1bpeN8/ZJ
 I3l4CKVGM2U1cDapALYqgXwptaCbJWw+xw96fxlHN3QlDbd9sp9R0IWma4qZ61B8
 XXNr2UgbvIoQ+KKhbrtSQqyU4kYTSpOXMofvrkA54G+sWbGqRivjRUJU1kC0UamU
 LRy5DkPULumYh04eDfJkFxEJQWztV0zoJc75Ed9ESGrd6kMzj4FQeUjK4yr+sN/P
 eLDU9yCgVYMQCgO1BM353SK/Iw+1YbugjmxP33l+6PpLvSSwfDMVWT6L4M3TUK0Q
 aWPJThrXxQMLs85tVbTKxjBnlPhlXYJgFRAl6pAToMaCsawg/zcDPeSdW/1koxtL
 3IlL1YXWxt67waD+qxKMCJdUmqF33fa962LAYNGsjCOngBYVK6jNUCSzRvAIoDBz
 XJBqdsAsWRaLfp/lffEycYbcX8NRkTRxWTVJgh5qwzyLQyoJdJa+879WZ9SzDdhi
 vw+K57M7Di90ycjsP+6iSTKTXwcC9KSZ+Z50IqTT42ZMc5wHepK2ce90PjAnLM0P
 j57LzMCjNylC74rjmuf5ooZ1F9Qz6YR7mnM8wBiiKjSAOkLviZ71+ZUBSompLQ27
 +r/2RMn4BMRFxkAePeA3mA/K19jXQpHSo9GAasHZifQcPW701dEStN+QdDY+KeTe
 AF6v87OszaOUiefauQENBE+oKZQBCADc9sYSnWAj3y6QE9sGNDUFaKpAFUsprpQ8
 LeA05nh3RUxYDd75qc0ewtGR1+SlgpehKQfSXVQT254jM5lJanNDPYffk9k9lMwg
 SVoTP2QaszfDgir7WKKQuj3dBwnmYHdIY2mq+eaAh/1cCU//ggdaATo4ENQhKTAI
 iuviGKBpYX/zHAlPIvyFjERsBmq0woQKvDGsoQEObx1zu1GaTWeTSIEnHyRhajMQ
 rKUAxSCh9Th2Vj6xOhvx9TK6li+ecxYuuBVP0Xllg1GdoQBC8KWITDOrU18suj1v
 EGK4YOzQQPxANs6I81SvVddd2bh71cyAjhHr1kugw3PWQvLe4yHHABEBAAGJAR8E
 GAECAAkFAk+oKZQCGwwACgkQsXXPqY8ZKvJrVAgAi7CVXJt8mZiN+yzwiZVlzrkR
 QduB2cgvGZD6Hm3MJc1aVA3Gh0tJcLo+SdutCOzKSmPRSsnWT19EKxpDMrc9j97P
 i9SDrGyUOx7Bz8gKjTI6BcfPNAhAyIr5Gr9SDyTx6tUduSmmErrvjYWP1/Jz7spI
 nN2wQd5ZVRSvS/rNZGh1NU31oeWlbpkU0JpGbZkMXv4JIy+1caH5zzrcRMC9JFxf
 m/bYdaq+jHhMufnSy0Qa3QgJkKvzxzvlIG9BaUmuNeR+XoA9ISEMQzAYXqxJQSL2
 8Er9IVaNgtz5mqCMf8vuDTPGpkYyqGnOjtQNF695wiA7CAr3/WTeiEl6kKsBFrkB
 DQRdq+CmAQgA6Tx0yBi7hDuFTjrUQL8y3EiLBIPyLuWLNQHxLPEU+fJaCS8bYWKT
 mVSIMmYSy0t0Kbd2lqmIm53NxOCX0BujjGCir5VspEI+TTTXskTZs1JsXdObGFoc
 AeIG+FT9T6RHP6UOdQTVKaHMZ3XKfWQK+Yb0yZaOJA+Qb28vHd3joMGeoc7rCfUA
 V4qIq7IKzWKC+1ParP7b6LNj23J36zY73n7UINCyWpDwhA0/TRwVMmWOyTd2ZldB
 vpKTHFM0b4T/a8x1RmFRtvtQgVQ6YV6Rm8Zkwh/2w0wkYJUg36/IwyETUwDXuIkb
 G0AVWp4w3jAD34wDjPm52R6B1vGdbEu2DQARAQABiQJsBBgBCgAgFiEEZtA4fbhd
 Mg+ECBZtsXXPqY8ZKvIFAl2r4KYCGwIBQAkQsXXPqY8ZKvLAdCAEGQEKAB0WIQSp
 vT/xcHK223gPz5Q1cNoXJwrOJAUCXavgpgAKCRA1cNoXJwrOJPZ8B/4+BLTyb1SK
 Sz0tYCn0GlqJWfRJfH9diFMmZGvvxSsIeiBmy0ARPaFoupbAwijI6mJ7lW63GLZZ
 dC3OwnUEdX0sH80/ecVP8/1qxlfMW0EFFCwPDFbmKLbSGQcobXQzb5AaILSyx+LX
 ONAUpto6nG+i7k+L7MFC5PVFDrk1CsVhAjjN3ItueeJfYRmkOKksUl4azzzUdC3t
 GPBJS0CNdb0z+lBAOn8lYSOnoPdHjKzT9jhwluUJyLmszxSf9pW9dgYGoSmx12Ef
 3EamTQlNa0YB/DVrSi9G/f0PW7Aby5dNCJQNMYaWWVeHOkuRwkG1PxV6iCIAZkL3
 2ls1bkFTxxsXI4cH/1D8cGYiqaPkxi9BkJD/9x/0B/2Bz6jZgDj8qDalJ/0YpmLN
 3cnw07Tk7phKxeoiwGvaUgaPDiSWQTsbJF38pUxA7GsVj28Vx1LFC6SWcVR6Ifvd
 EU/eex3PD4xGvgdylub0XR8KcHppTWCp/vh7/pCK/p3amrsPPLPHtkKbwFEtPYdl
 sV5hDoax04hiBbNZeq6uT/ryuUTUPsWj0or2Wass7Cuvt7PWk4scDyk8OFmHEjkP
 dmEOwtS7HdxoJR8V0/9WlomKMY1zUdi3yaThTVBvpmVp9NhvvkX13rW/z8z8cBNn
 kqlP2CvRoaR/Cm3MLCUEnzKlxEj0C5RQMJMBcga5AQ0EXavhYgEIAMd+iVOTx6FC
 3Ghv2PASeXsnxtb9Af+aBjNf0m8WKTLgIS9xQbxgNJctG6AEptkBfAStRLIA5qOa
 0iYIpkJynEPbonJ12qvtlJ6b6g1h3AThYXQBjTQ89X+rlFzVGQsieqanjI+fiSNb
 DarOLQUbeJOrkfFukr34o5xloKENL/kwu1lDG/Y2GMxZRLe1aVJUXQg4FiEiaE+L
 NFbrUHxdNR2PE4XuJHetneHEiT/zXpvEF4MCisjJTGAHEC43rl7OqHU/GDdcW0ud
 yf9v33LCFWTRLlgKKHVyUrHVhVzbB2z1+xnxxh/bQXjgttIP3Zqn8LXiLnUNU5+e
 jJiuAwdwcn8AEQEAAYkBNgQYAQoAIBYhBGbQOH24XTIPhAgWbbF1z6mPGSryBQJd
 q+FiAhsMAAoJELF1z6mPGSry9/UH/0vOoYu6b57UxsJNR5dCMhsPYV7FFIX9uj5X
 IDo/bQt2RTMa2PuKMbcDGINsDqHXqOFpZq5WDHhq0cEoIqhlkgj1uC77LLGw7mWy
 iaMbITQDlRzP9c9Qj3NkGNKW6FTwR7LPh43kgXygO1StVADIdHapiw9hI52rF8Fr
 NYy4oNRXhUcDPfn03akuIbF75saCHaYO/xoQeEqE+0qV82V/FT5tISMygkzgq+9z
 UhiA4XQjxiVhSK2cAi0iUTXZecyEueLk6zZ9vkD8JZagSirTFgxtLrnhVpUBJMOg
 ffv5jmO/Sun4s+3JbAdicmsFqw90hWmGNwa0F5HZ20rEVAwkdt25AQ0EXavhqwEI
 AMKECc/f8f0/CenKkz3wXGEtlG46YLjtTt2tWYXdt9Z04ihVaYePanFtvuujyO3I
 3jUQNv2foU1CtOuVyfZqX+TXqs0BUPXWwTCkMOyc/fEQ5u0BFJjWYtmr2sZY4Ag1
 juJsmzI7g3cnMLL9LbjpbHRruFIT5rnv9NwG7PURn1XnCt9tdZ/d0h7vEaNkD37j
 67rjy8UElVVcwVGhsCR8CkqwZ6ZwpQxE9wyq/Txb+v8qEJcohc5SWbYl70AtzHOb
 okkW6cvRjNz+BcEpnPfu10lbPO/8a16B96VDdjDGPj2shfNsFLaT8MtFfDAdjZRG
 lrfv3Wp4qFRlSUGrjInvOLMAEQEAAYkBNgQYAQoAIBYhBGbQOH24XTIPhAgWbbF1
 z6mPGSryBQJdq+GrAhsgAAoJELF1z6mPGSryW4wH/3Xk9x+WUxeJNtm+5hOfe/KB
 sXQUbBz+JHGFjd9YQw98jUvPNN1RfgtKf31b+FDKbk/cu+9bNLSfhKDz2AEREVio
 gKRcVjJDy9XmmWQd1oo+M4GHNYhpIt5ZK1d3CROIiqisLQsih64/gl9gboMcsUuH
 Rkc3hVKUb2umCZPG37hUdAvOmOMS7/0KCGS5pXnfsX+zegSKjps12siExYXiRpkx
 bF9MW7er6/6ukvHLx4jHpgiZ5Sjt/9OqUiAOgUSQfhpAUJlaLxe9E3nj+ABs7LV+
 FOjtI64skqgqbYo5VXobFSJhqFTog1+KmMznfsdKaOZQuZh3v3TtGUzkxoMUHPc=
 =xU87
 -----END PGP PUBLIC KEY BLOCK-----
@@ -1,147 +0,0 @@
 -----BEGIN PGP PUBLIC KEY BLOCK-----
 mQINBGI/tA8BEACYC5fPDOMDrT8SxNlsB9fRj9YAZt7okGtbCIlVuSPs81YMkeJm
 BxtPPnps5Vw2whZS13zaoyPykMg6k+komDWctWQKIF0VgpVYtIuezq4q8kMNmKLc
 MnHiZRKRh8dOqlK6jHcUlF8rBgQhk+RUBUPOqFEYeTveoZ9qqVmWhOVce5uUX01k
 iU2SjoGAGkNDBqmOkhhVUSQg/AVcc4web6Gu184VUbOXx7J5MPpRmXE610fAUeeJ
 1VzyB8U/hgPLrbZX3jQMJbcCSM+Qdxdr/gsptfx1XIm4NsvKXTUOpWg1DQFiQYTJ
 FN6Kz0NKN6MV/3AqbKGtWDqKhFt3u3a7T+uUP/qzi9jma+DruQuzQztI6xnthZCb
 RjFkQ/iUUtuGgmpOB14HrgwNaRjKWddzab+A7BL971Q3fFqDsvrntD+koYVUgTfq
 ErcQo9ZdGRAUL5icyyDg4cC6xgjdmYfnX1s4Rlo3cXJXTZpIOx5AvZV6HYNNm9pu
 EoPm5gjNtk4F+FENNjkB3c2ntFr2prpoxaN9ceNd8a1tkWAgh6ueFVA/tkd1hy+2
 bP7e5+Nk9NjsWLvnL2slep1cX38DU9hx91t21+x/8hCxN4gqtvDJY/eqUZ2d0uAR
 KhPEDZ8GzchxVtX9bGx1HSAVcdnkSzKIGFOJi3ivYqUEihXd5WQE57UovQARAQAB
 tCJBbGVqYW5kcm8gQ29sb21hciA8YWx4QGtlcm5lbC5vcmc+iQJOBBMBCgA4FiEE
 qTSFlM4xKDqCb73Y1XYz1EHiW7UFAmNDAAYCGwEFCwkIBwIGFQoJCAsCBBYCAwEC
 HgECF4AACgkQ1XYz1EHiW7Vm4g/+NDfrYWHAHSMBkQnTZdhrOFCR1tJsWTLABwe1
 fMLBW7djLZMZweDMU76UBrucAEsarKkIHyhqpBES5EXwmlvKSnEhzPjXZ+PoHmM0
 M8Lq7QFZ5IEbrhuJbvpfTCa0gleHKIVYCCeaf2AUpgwX1XMkG2mmRdvUDQ2M8NMH
 ljM/OZ+6tBGpw7zvx1kYsSfBerlHxmLXlRxHrr9nWi7zXa+HrHZQAhopuufIb1we
 8lI/gdfywq7s/e5Xelk4dnr/pEFx56G1vh0bc+zU36+C9gX5IXOJv2WrTmOfG3Am
 gaJgWZapJQlPFEByk+2oJf5UOgPRhdX7qLR8mVnQ4EHM1sr9B6UGwcySZpVwag9n
 51WhjgdqYoSPt9dpPSNfNavLJDR+paM0aEHi3/t3mGJSyOPM4E6ejrYk7791fOJF
 0J3VhKr9KR1rMxQpE1kMs7qO1uUJvnF+opzrueMELffwTfDDyvY1bV/ZNou/MPi4
 EbUJyZDvsq2shaKj/NB4nzYJIoGbUzUrz008buTagf+WZ+uTDIdOJbaVPcUUjtzr
 21KifSWxcokNhqSIrsCLzCJkbiKEK7nUoOvl9q3Wl9L5CWAOflr5499iyGqxlJ+E
 7xzerWy1ZqgQHJ3Zp0wVMgHTKvPsmDvwaXBvEZkrUQ4PnInWTNJ2yiNxJU/we7Xx
 kxo4Qk2JATMEEAEKAB0WIQRm0Dh9uF0yD4QIFm2xdc+pjxkq8gUCZTrVZwAKCRCx
 dc+pjxkq8s7uB/4yKEi2S+So2YHaIstBo0+9Uxcuqy1NUHuDRFTiNhocph+exjbn
 t09TK1NM9Sc3ErwnUoItLp2rW7D81TMXNnUsIfdusKkVkxC5xs4oLTpoIb+uBzDR
 O4KYebALpcPz2Y5I/jI9kiXYxd/pXUeyBQDN3zKwpM6Y8eax0h+EUh904ZGO4BRB
 tl0V1rnQ3AybSIi2dUVn2e8MGEW7hddMc1B85Bf7jCYuesR1FXMcHMs2v/S4kRH1
 179xFi6wxrNwBYY+YRwbX0OjSENls6I9vGC6+UoPaCHDS3MOcNuD77otYLK1Up46
 6G/KfcDLQsWsgPEdION3cE0+JCa3Kz9jn05DtDFBbGVqYW5kcm8gQ29sb21hciBB
 bmRyZXMgPGFseC5tYW5wYWdlc0BnbWFpbC5jb20+iQJOBBMBCgA4FiEEqTSFlM4x
 KDqCb73Y1XYz1EHiW7UFAmI/tA8CGwEFCwkIBwIGFQoJCAsCBBYCAwECHgECF4AA
 CgkQ1XYz1EHiW7U3bA//e10l6Nw6m3mgFoY63ik8DvbD4fZ+/bUuQmTJ3uOI7wuz
 gjRnhWKvzBspNGgz3Hzdu3TuGEiVzXfNrdiubwvOVufrW50RDfjkzcvG+lOF8aXk
 IRz+46+cXkLdGk5FB9xKPtJs1KuH0ocTDHIeBbg7zHKIZDkLOizCsrzaNI1wDN5x
 OpyXkYqQYxuXfCipcfXapkuWXnvRQGGsopEhae+2khiL1hXo00t2A2jfwD6LTdUo
 XhFh7RkWNc72z2xiiSjMv5PDtG9EyYBhntEcxZj2kEgnP2ZaRto5OQa557KQg06t
 SP9s3KYHcHEd/9yLsNlQJTlOPMO0LH2XnL2MPvM5a7CZQfzTVOrNWM3k4t+46ON2
 qoMsOBO4nr9fH9eFtmULiEGN+oVJn+M+PYQJYlnKKu0mS+rbHZnkD42FiW9ZcXbP
 LPohB9T1LBjm1lJI8tYiHyfoFwnvBLimSjxmO0VsGKEgZYglVV34Jg9l0I2vYt6Y
 0Yieku7GI2Z7oDcBWlW3qbRxPDS+CWN3kSaWXRos1ufM038Yb1PwI4wzIaqrIVvG
 UmwCESNOXhsc8JPNqhqvnFFcbAXlPO4vQ26jThedHGMpbWFVSfajwMTvubAbVuq6
 vssZCwK405aSESbK10ohSRagKexZAqVMeusb1fC4AFTCng9qPgHvJgk5mCX4gmmJ
 AjMEEwEIAB0WIQTlIllbUu2k5r/My16FYZkROjXOXgUCYpTOnQAKCRCFYZkROjXO
 XhBrD/wPSTPIlpcHO0MLKeF/hjOYyf48YRvbwZ9Ys1wbjfFX9bL/s3S/zli80dma
 EGXJALcml1WA+LmpTDri3otG70Em5vTdoocnqwgnlXjiKbB4UzDLtwln7wHinQK0
 UaE5R33p8qNZRR9Ydg3C8EFEriZ0/AZkFUE+/Le8+yeGU/Dg//GOt84OzB/GKh+p
 SLwA+bJL9xv7ipGI6kOEzKTYceyqj8+KA0VE+rnLeqIdBsH+fp8iCZ2g0Aobv1IW
 wPvMcYfNYAoza99hfi5NFTmST/gZcE6Jb+U3/KBsCUEWfV6zhGlMcTHEgoCUBoMS
 KWY6nHC/NPSMi2Q3I4l89CCsVcJqABxlY8wrK9axdvv7zPYIpn4JRvGr3HQa5Y5d
 2HhQyHtRhElVXe/3DGiErLkzKJORxbn0miyC/F6WOUMnLQEWqUHqd0VspqavQ3PS
 OjIKShtlXiLX51q8BED+wOhpuafhFcq8NAAUXLBQDHdViVvH6+sazRNUl+vbujod
 eMv7tLtnhpXiwCryb+MPW1alwVcLbnU3xhXazvPRUpG5MtPmir6B++4WtC3El8J/
 szPeGY6MZUyxgEzxAGGIOycS9fB4Gw8cxWpmWwwOF31icb6w5ZIrTD/4Q7DaZ/fy
 qjgS4duDfHur8ajN0FpkHc0LpkUfLl3rOpGxXh9EkAqtNk6kfIkBMwQQAQoAHRYh
 BGbQOH24XTIPhAgWbbF1z6mPGSryBQJlOtVoAAoJELF1z6mPGSryH7IH/A7PoxLI
 Dc1rgbLaGbn1Qrt5AU5IFUVHZh5fW06rDHzEYJjk57f+FNJgz8VfGQ61zk14k1+b
 eboVTUSW2xZuSBQSRsSVOcj05vJHUpdMK0w1l5W5tbOR9nfn1c5qnQ6lhmFNrlJ6
 BEN5IU0swN3s3p7bRl0v0Axx0dZFF41ERDcQ1waqc0Sbp+s4dgdyXhvmu19Vtw6i
 WoMjPhMWCnP0DDjGOKA6ogWRlQcO2DuWGpGqmic5eH4VUheXS7orIATslU9VCvbz
 GmHrHmqTUj2pAkbvbYDycwK0/O317QHXecv5ErtKOdjtzrULlsFzDEt/b3y6bz5/
 YTka4L8CBNzGkye5Ag0EYj+7OQEQAJLWRpWSI3JRdHZEMSKSdnENBThIM8xtIWcy
 Hx8y1k+x77mNFx1gCOuMmWw0nR5Ck0im1Z606AmsgQ7tKCEmt4GYfnHeWviIH+Db
 CJBjUWrJBp5mWFDPkT9T8yj5VanTyHF3nWb03q5kRyMju9396eZMPrw68hsrm67d
 p9iBWye0qKTXndpFyLOXcpPPZryfprjwgw+cGB23V36RB/is50TjBzlR88Hx2EPv
 n4p7sNnI3SWwMmc+kEqKQEHoOOlBAJP2kxriN3BBSMw6unKakvH76Wxxi+Touue7
 dotUy81AqP+BStNu2S5E16XAfIW5ihVoX1rng8d2kTb25aCZ+5Kve0YZxN7YHsIv
 rMibCgqzpR3Naw/PyTS/ZXK9srkk5sGPNEA1TVN1NmXqi3cceOzt9c0eVQqRrtPU
 aOe2yY+WGjLpMJmC4j8ExMZE6qq8n+0LC6uO04HftGJ1Mqu/VxL9Ou6MPhQsWyKE
 jZUFgVti2zYtyXjTwjNKVnYBbokBNihR9LOKrpSsRGxLcKVVzh/X5lDdt1ZCNU52
 q30ZRl4EnTiEkW12tDvU2vOQRfzbaAV0VOArQ3XJk+9+Nz40T2wBdYsVPijoQw7m
 gwVFeYg+gV6sh8i+q3ImL6h0MJoNs7XRZk3sGqVdddlb9sKar28q87M07TMPHPdm
 Oyn4Hn2PABEBAAGJAjwEGAEKACYWIQSpNIWUzjEoOoJvvdjVdjPUQeJbtQUCYj+7
 OQIbDAUJAeEzgAAKCRDVdjPUQeJbtZgLD/0f+BOvEbe6FCP99Hk7okW/Qv2cehGm
 VSCQcBtnMCgfRpFOLxkdj1NX9ub8pvdn8sEj/Tmr1sg3larTfAK+FOAmw/y/X9iY
 GTE16xxYMVPeLssCjsYSxC/MpYGlPPZemn9QcpwZ92FP5i0MjBwDE7NLmon4wHnX
 jSatPF1j921XcUcsI/66gH+digPWPwufZgn8eL5mLtq9o28AglVjrC+bIFsk4chi
 rjb9QO/pNCWCZbCfGq6PbEtH47HL6MsWow19rtDKv3U24xVoiUG3U9pljIIjh8aR
 gxrLfTR+fiW2GRlf033iRQyAFvz8N4JLSreNCD9resub48lAhxBJ9hOqX569V5mO
 hDmnuYT2CUDVGycPfEXaTz2N5eBWOPTN9dr+naYQI9pAZjL+5m8i6yGaE7B8OUPv
 ooPN1YvyNbuLU72aJhZ9qaNzDt/kC9BU6s8D44k8lJkjuKzIuRGYiyReSE0mhEhV
 zRkG+FAU7l2ICl2OLKVnmKUgdqkRIa5F4F6w1hCQcCASVuKaTyOIUYXnxlesB00c
 RduDaIlT8+AAWk0BZL2W6ck0/g09Ai/LRzMBe06t8BUOEa/NiwUv31sYM3smE4Gc
 F11BWGKjOzl8CSlY5YAtgfjhMIF3HUcQeMuWrHf/w/cFXg9KX4lpPjoZov2BfVph
 YJq1nryud52VB7kCDQRiP7d1ARAAq/ZXcWpJDXSqfz3PPn0c50f/m9vQn0FozhL9
 p4wcoUGuQlNfIzE+gyDqJL9r1O8cGjSb4gaLmilgCHuYsmtwVh4UaZOntlp0k/19
 2cZpvDYwWQDFZdSV0v7wxA4VLu+sv2fNmHB2Yudn0V0a948M2v4xhcoy8HptOBvw
 q0vrVB4lnd3G3odPS5UP8ze3DvKDqGGVsqF9BjbV21KL8rLHVLdUTg60lXXvvHnO
 wEJvH4O5kbdxwl4Y8K3S8b6lUYBt8GAkd058y/qxroWMWkxJm3Izy6yqkn2WrbJl
 Yq9SSdgp/DvTbOUTrKp7pWGtH6E6OCw8IKkfNrnpfJhGmREIeAe6G/Jr6jyygR20
 F1XkU8bqi3cnd1v9sruZyFIu5AOgiJuZnSvDE+goh6mGMUA99x0zeDrRaq39028o
 wRucJcwg9pkqxgedhWIK5H0oilwTsYqqBaPvkqStcErhzWtoHtYZCHZRPMBDwwQ0
 kaj7WvLfGWszT7nObUeoNAfyVEyGuq/Gw5OTYDY/I6xqrzL01pfrcXEObmKOTpb3
 YsB8tv2MxA4VnG9ZbNH2kEB59gmBa+kvQHfXTrDCWdhNvSuL/2qRpxhIy6qql1ny
 MTwatNW2WNaUCPH8vjyZKfCB2X0Nka5lBWkjrnyzoEBO3MPI/0sZUnWxawWQO3DH
 xizy09EAEQEAAYkEbAQYAQoAIBYhBKk0hZTOMSg6gm+92NV2M9RB4lu1BQJiP7d1
 AhsCAkAJENV2M9RB4lu1wXQgBBkBCgAdFiEE6jqH8KTroDDkXfJAnowa+77/2zIF
 AmI/t3UACgkQnowa+77/2zJKtw/+PGO4y3yAeY2PXc1QpopG7nsTgG9GA0mUEtz7
 ehpz68iJtYC2kbdI8PB1lSPNGzEb0yryew+/pHOhgiyvdDI8TAXZS/wXwRY/Izbl
 XmjXyO3U26J9JK4uemzCNwHfxu468kXJz60WaP58xinDA1sVd7YGZGpodKR2Fo0r
 bbdH6/Ldql8yu+Fztz51NUZBmNUAJTGvPRSV1Mlvr3hacgCVjVvc2FWrYzyj8jC6
 /CO7fSi474iQQVsBNn214L0+fCKoagAyrfmCXV5TYg9TJ2WgW2wQjuzJ/mhvsgCQ
 SSj6po6DdXTl8tRbbjaxx502CB8qEQ/yEdQ7RMJSGB5YWfvLstq1zzAPyPIUgsRY
 DBCWmPCM3z+PbD78BTHxoJxBZO45kwHMz+68Eng7r0Z1kM7SarvT0Kd1pnpP3mu1
 lfd6wZiOlYqZfD+vZtws0BK57iGVLrbIz9AWolPoRDaF7mZpVdDLZzYsdI9vLEyH
 uPb7W+VE1USYyMMCNQQxrTOFJIo/bTZA5J7a05KQRNzBZPUmIvGgDffZAQjZpMEX
 WNKKcDYRhScARMMnL+yO3e7P2O/WUrmQa4wepweYFPl4dbQ3UGccxy3LZ2dnAIxP
 AXFNsK4GYIVokWe2JSNG6M15ev1SWgFYWVO3+nm5JV0mBScE6wsGpvFW3IKIrpDL
 Hb/N9TZpDw/+LI0iX6KnROJBhx1/0vzf0PC4n5Xn2Iry11/1rRskYLrmB/vGA6hm
 ghnKPCCppUQ4WjBNWnIYzKfzvNPAdq8aIKbC1rtPABeDyfe8NNUX4wa/GgOar2V5
 wnwJ5qUc0Iw64yLjTpXvN+HV7zgADboEdtnQW47+zEbTqV59cIcgBCSMAXgICnvq
 dc8FskDb9hqvvQtCENsOLibKHYzYumMxZ075tx7pZza+LC/sf4vtuIrs9Bn9imxo
 kdhbQsiiHpNDdjQIT6rqCOy9BxD9hSodznhB9GgnRXGX/w8NfX46hETmiYVb0oE7
 1yFYd3ZweHu6pWLDEjUMagnCkA+A+/ZIxazsoMklPusTKb1ELzoheOjKz8fCrX4r
 j07hI4tGNBfas9bub6sHpbIOb6aGtdofaknV/7lim0aqkMeYBxES6E10+2jCmLg1
 N1ADMRBBDml5zrVjZa95+B+8zK2d6r5E0UZhoh/IhpEhZ8Nljt66/35XyEACS0lB
 +ZU5keI/1wTbThkgFimkVNzeXF9sx3EuWMZGgcd7uBMPg6pwTS+qGs6XtYmiKMbM
 gvDDhcqFh5r/4r7+xW6ZFhR4Dfkdp3pyDIh7h0Hf+tv0Qj1RKBpmi/lwn0qZrLWM
 /aYXo0Vuy2nAbeATAle4Iag+r2AkdEAaBDadFeZisl0Oj0djrGERRhu5Ag0EY9v+
 KgEQAMOFV6nHZR7Jwg6nAseVPpxwzjLMhKhuxfJor7fXKL15BlBqCyN2ZRlP+RKE
 cEAfdbhyTFPcycLpkOLS7LM4TgfwjQUg2eF0wnBHo/nYUKLp0SHW2Pg3F5+HVXcf
 5mAhT1W+zrVHuvJur8omotihtvPEG455MzQNttnGj0DQ8ujbCBofFeVgygmuyZNG
 bYvrU3Yvr4ZBY5O/m64eSKs2oX7pP7lQ1gVFU9zojUcsLaLkwXX099yYUMkakjLc
 uoI5JGMsV9EA+a+RCFa7a4K3umgVsN3cuuKVbPZ8VQYVQh+Iej8EXlxQeJH44MPN
 kNfw5Bf2TLB/Gzz7b4yNTWM/kzGi3FEF+31pVu2G0El0sBeJlEjGIHTmfAkzUIyp
 qZ6VYR2Li+u3Btunr//k+Dq3E9dN4/yJy4qSr2FAtx8BTG6tj//Xnan/OXfzZdSj
 HQcid6lVRTLl44ia9Ln9SqHO53z95qpD1BxHY7B50J6TVmTwa+cbPIjbRpoJbZyR
 No2nFxarbyejPboKzGrqCrObDTIar3/88mYi1pHGfG1ounBpfyQ9UUuulYhRZlXo
 OcaVYLKVALAAwmS53kwgFuOgydhLKvdmnyFUs/wFLVYy1CcmSDgWlc2NiV0fbOf3
 jyQHeE+NnINSna3bItHT2DDsD40AaYrnrQOHQlni+arnJ0gFABEBAAGJAjwEGAEK
 ACYWIQSpNIWUzjEoOoJvvdjVdjPUQeJbtQUCY9v+KgIbDAUJAeEzgAAKCRDVdjPU
 QeJbteydD/9yzfrnjkeKuBuSjpywOfrtcvOHdCyNemeN4gJtjcgFgjZL4xo90akA
 /GcBZnJLpX9OZobyznMMRIvGgJxHLCuGH7Bo4EEQySAoT52Qn7LApBVY308hHDIC
 OLK/IQY26flCy+Czpx7uAS41o3lnOPHbVUO6nHrVcO7vWQAX0QT8VQYGPCHcb9al
 TkBNdz9rD822CrBc/tph+eeFZzDuuM6gm3nMYFeDURXE3jVGg4Jeg+8zZTZoeI+n
 O7Co6BM2CFYswKTOMTLTgbMi+Hxl0XDbXp7gQ3P9fz3h3Q4ahhpWXbNUZkyyZvoA
 s1YqOM+RFzyTCowFQR2qTDTJeE4k2suoDBukCTMJIFZkthdvMMY/Ss7ZHZwvtmFi
 XVg3jNOy3tt9V9oZ0UBPw3qTeDKLh6HzgdyN1mPrEkdilIpPVnHi/iAiL1IrAjZN
 xr11YOoWFyLpDfGUeEn9wK0T6Xj6HwytL2XliBremZLFWPQNxkHNHDGoKoAkytIF
 MXg5P7Tx/Mcs/1b0WTxmghpc3kkNYIksIDV19RQ35xjnZ/6yYf2qA5dT80wY8mXG
 debPR0jwOod+kzIAq0gmopFo25PJjiYSIU28XJciPSS7tgHirvsz+NRotABBBpIR
 SmfXBunBhuwLkrImdzqjrrMpv2Ss9brlxqNYiSYJGdsoqt6MeyhzGQ==
 =2CmL
 -----END PGP PUBLIC KEY BLOCK-----
@@ -5,260 +5,43 @@ DEFS =
 noinst_LTLIBRARIES = libshadow.la
-if USE_PAM
+libshadow_la_LDFLAGS = -version-info 0:0:0
 LIBCRYPT_PAM = $(LIBCRYPT)
 else
 LIBCRYPT_PAM =
 endif
 AM_CPPFLAGS = -I$(top_srcdir)/lib -I$(top_srcdir) $(ECONF_CPPFLAGS)
 libshadow_la_CPPFLAGS = $(ECONF_CPPFLAGS)
 if HAVE_VENDORDIR
 libshadow_la_CPPFLAGS += -DVENDORDIR=\"$(VENDORDIR)\"
 endif
 libshadow_la_CPPFLAGS += -I$(top_srcdir)
 libshadow_la_CFLAGS = $(LIBBSD_CFLAGS) $(LIBCRYPT_PAM) $(LIBSYSTEMD)
 libshadow_la_LIBADD = $(LIBADD_DLOPEN)
 libshadow_la_SOURCES = \
 	addgrps.c \
 	adds.c \
 	adds.h \
 	age.c \
 	agetpass.c \
 	agetpass.h \
 	alloc/calloc.c \
 	alloc/calloc.h \
 	alloc/malloc.c \
 	alloc/malloc.h \
 	alloc/realloc.c \
 	alloc/realloc.h \
 	alloc/reallocf.c \
 	alloc/reallocf.h \
 	alloc/x/xcalloc.c \
 	alloc/x/xcalloc.h \
 	alloc/x/xmalloc.c \
 	alloc/x/xmalloc.h \
 	alloc/x/xrealloc.c \
 	alloc/x/xrealloc.h \
 	atoi/a2i/a2i.c \
 	atoi/a2i/a2i.h \
 	atoi/a2i/a2s.c \
 	atoi/a2i/a2s.h \
 	atoi/a2i/a2s_c.c \
 	atoi/a2i/a2s_c.h \
 	atoi/a2i/a2s_nc.c \
 	atoi/a2i/a2s_nc.h \
 	atoi/a2i/a2u.c \
 	atoi/a2i/a2u.h \
 	atoi/a2i/a2u_c.c \
 	atoi/a2i/a2u_c.h \
 	atoi/a2i/a2u_nc.c \
 	atoi/a2i/a2u_nc.h \
 	atoi/getnum.c \
 	atoi/getnum.h \
 	atoi/str2i/str2i.c \
 	atoi/str2i/str2i.h \
 	atoi/str2i/str2s.c \
 	atoi/str2i/str2s.h \
 	atoi/str2i/str2u.c \
 	atoi/str2i/str2u.h \
 	atoi/strtoi/strtoi.c \
 	atoi/strtoi/strtoi.h \
 	atoi/strtoi/strtou.c \
 	atoi/strtoi/strtou.h \
 	atoi/strtoi/strtou_noneg.c \
 	atoi/strtoi/strtou_noneg.h \
 	attr.h \
 	audit_help.c \
 	basename.c \
 	bit.c \
 	bit.h \
 	cast.h \
 	chkname.c \
 	chkname.h \
 	chowndir.c \
 	chowntty.c \
 	cleanup.c \
 	cleanup_group.c \
 	cleanup_user.c \
 	commonio.c \
 	commonio.h \
 	console.c \
 	copydir.c \
 	csrand.c \
 	defines.h \
 	encrypt.c \
 	env.c \
 	exitcodes.h \
 	faillog.h \
 	failure.c \
 	failure.h \
 	fd.c \
 	fields.c \
 	find_new_gid.c \
 	find_new_uid.c \
 	find_new_sub_gids.c \
 	find_new_sub_uids.c \
 	fputsx.c \
 	fs/readlink/areadlink.c \
 	fs/readlink/areadlink.h \
 	fs/readlink/readlinknul.c \
 	fs/readlink/readlinknul.h \
 	get_pid.c \
 	getdate.h \
 	getdate.y \
 	getdef.c \
 	getdef.h \
 	getgr_nam_gid.c \
 	getrange.c \
 	gettime.c \
 	groupio.c \
 	groupmem.c \
 	groupio.h \
 	gshadow.c \
 	hushed.c \
 	idmapping.h \
 	idmapping.c \
 	isexpired.c \
 	limits.c \
 	list.c \
 	lockpw.c \
 	loginprompt.c \
 	mail.c \
 	motd.c \
 	must_be.h \
 	myname.c \
 	nss.c \
 	nscd.c \
 	nscd.h \
 	obscure.c \
 	pam_defs.h \
 	pam_pass.c \
 	pam_pass_non_interactive.c \
 	port.c \
 	port.h \
 	prefix_flag.c \
 	prototypes.h \
 	pwauth.c \
 	pwauth.h \
 	pwio.c \
 	pwio.h \
 	pwd_init.c \
 	pwd2spwd.c \
 	pwdcheck.c \
 	pwmem.c \
 	remove_tree.c \
 	root_flag.c \
 	run_part.h \
 	run_part.c \
 	salt.c \
 	selinux.c \
 	semanage.c \
 	setugid.c \
 	setupenv.c \
 	sgetgrent.c \
 	sgetpwent.c \
 	sgetspent.c \
 	sgroupio.c \
 	sgroupio.h\
 	shadow.c \
 	shadowio.c \
 	shadowio.h \
 	shadowlog.c \
 	shadowlog.h \
 	shadowlog_internal.h \
 	shadowmem.c \
-	shell.c \
+	utent.c
 	sizeof.h \
 	spawn.c \
 	sssd.c \
 	sssd.h \
 	string/memset/memzero.c \
 	string/memset/memzero.h \
 	string/sprintf/snprintf.c \
 	string/sprintf/snprintf.h \
 	string/sprintf/stpeprintf.c \
 	string/sprintf/stpeprintf.h \
 	string/sprintf/xasprintf.c \
 	string/sprintf/xasprintf.h \
 	string/strchr/strchrcnt.c \
 	string/strchr/strchrcnt.h \
 	string/strchr/stpspn.c \
 	string/strchr/stpspn.h \
 	string/strchr/strnul.c \
 	string/strchr/strnul.h \
 	string/strchr/strrspn.c \
 	string/strchr/strrspn.h \
 	string/strcmp/streq.c \
 	string/strcmp/streq.h \
 	string/strcpy/stpecpy.c \
 	string/strcpy/stpecpy.h \
 	string/strcpy/strncat.c \
 	string/strcpy/strncat.h \
 	string/strcpy/strncpy.c \
 	string/strcpy/strncpy.h \
 	string/strcpy/strtcpy.c \
 	string/strcpy/strtcpy.h \
 	string/strdup/strndupa.c \
 	string/strdup/strndupa.h \
 	string/strdup/xstrdup.c \
 	string/strdup/xstrdup.h \
 	string/strdup/xstrndup.c \
 	string/strdup/xstrndup.h \
 	string/strftime.c \
 	string/strftime.h \
 	string/strtok/stpsep.c \
 	string/strtok/stpsep.h \
 	strtoday.c \
 	sub.c \
 	subordinateio.h \
 	subordinateio.c \
 	sulog.c \
 	time/day_to_str.c \
 	time/day_to_str.h \
 	ttytype.c \
 	typetraits.h \
 	tz.c \
 	ulimit.c \
 	user_busy.c \
 	valid.c \
 	write_full.c \
 	xgetpwnam.c \
 	xprefix_getpwnam.c \
 	xgetpwuid.c \
 	xgetgrnam.c \
 	xgetgrgid.c \
 	xgetspnam.c \
 	yesno.c
 if WITH_TCB
 libshadow_la_SOURCES += tcbfuncs.c tcbfuncs.h
 endif
 if WITH_BTRFS
 libshadow_la_SOURCES += btrfs.c
 endif
 if ENABLE_LASTLOG
 libshadow_la_SOURCES += log.c
 endif
 if ENABLE_LOGIND
 libshadow_la_SOURCES += logind.c
 else
 libshadow_la_SOURCES += utmp.c
 endif
 if !WITH_LIBBSD
 libshadow_la_SOURCES += \
 	freezero.h \
 	freezero.c \
 	readpassphrase.h \
 	readpassphrase.c
 endif
 # These files are unneeded for some reason, listed in
 # order of appearance:
@@ -267,5 +50,4 @@ endif
 EXTRA_DIST = \
 	.indent.pro \
-	gshadow_.h \
+	gshadow_.h
 	xgetXXbyYY.c
@@ -1,116 +0,0 @@
 /*
 * SPDX-FileCopyrightText: 1989 - 1994, Julianne Frances Haugh
 * SPDX-FileCopyrightText: 1996 - 1998, Marek Michałkiewicz
 * SPDX-FileCopyrightText: 2001 - 2006, Tomasz Kłoczko
 * SPDX-FileCopyrightText: 2007 - 2009, Nicolas François
 *
 * SPDX-License-Identifier: BSD-3-Clause
 */
 #include <config.h>
 #if defined (HAVE_SETGROUPS) && ! defined (USE_PAM)
 #include "prototypes.h"
 #include "defines.h"
 #include <errno.h>
 #include <grp.h>
 #include <stdio.h>
 #include <string.h>
 #include "alloc/malloc.h"
 #include "alloc/reallocf.h"
 #include "shadowlog.h"
 #ident "$Id$"
 /*
 * Add groups with names from LIST (separated by commas or colons)
 * to the supplementary group set.  Silently ignore groups which are
 * already there.
 */
 int
 add_groups(const char *list)
 {
 	GETGROUPS_T *grouplist;
 	size_t i;
 	int ngroups;
 	bool added;
 	char *g, *p;
 	char buf[1024];
 	int ret;
 	FILE *shadow_logfd = log_get_logfd();
 	if (strlen (list) >= sizeof (buf)) {
 		errno = EINVAL;
 		return -1;
 	}
 	strcpy (buf, list);
 	i = 16;
 	for (;;) {
 		grouplist = MALLOC(i, GETGROUPS_T);
 		if (NULL == grouplist) {
 			return -1;
 		}
 		ngroups = getgroups (i, grouplist);
 		if (   (   (-1 == ngroups)
 		        && (EINVAL != errno))
 		    || (i > (size_t)ngroups)) {
 			/* Unexpected failure of getgroups or successful
 			 * reception of the groups */
 			break;
 		}
 		/* not enough room, so try allocating a larger buffer */
 		free (grouplist);
 		i *= 2;
 	}
 	if (ngroups < 0) {
 		free (grouplist);
 		return -1;
 	}
 	added = false;
 	p = buf;
 	while (NULL != (g = strsep(&p, ",:"))) {
 		struct group *grp;
 		grp = getgrnam(g); /* local, no need for xgetgrnam */
 		if (NULL == grp) {
 			fprintf(shadow_logfd, _("Warning: unknown group %s\n"), g);
 			continue;
 		}
 		for (i = 0; i < (size_t)ngroups && grouplist[i] != grp->gr_gid; i++);
 		if (i < (size_t)ngroups) {
 			continue;
 		}
 		if (ngroups >= sysconf (_SC_NGROUPS_MAX)) {
 			fputs (_("Warning: too many groups\n"), shadow_logfd);
 			break;
 		}
 		grouplist = REALLOCF(grouplist, (size_t) ngroups + 1, GETGROUPS_T);
 		if (grouplist == NULL) {
 			return -1;
 		}
 		grouplist[ngroups] = grp->gr_gid;
 		ngroups++;
 		added = true;
 	}
 	if (added) {
 		ret = setgroups (ngroups, grouplist);
 		free (grouplist);
 		return ret;
 	}
 	free (grouplist);
 	return 0;
 }
 #else				/* HAVE_SETGROUPS && !USE_PAM */
 extern int ISO_C_forbids_an_empty_translation_unit;
 #endif				/* HAVE_SETGROUPS && !USE_PAM */
@@ -1,15 +0,0 @@
 // SPDX-FileCopyrightText: 2023, Alejandro Colomar <alx@kernel.org>
 // SPDX-License-Identifier: BSD-3-Clause
 #include <config.h>
 #include "adds.h"
 #include <stddef.h>
 extern inline long addsl2(long a, long b);
 extern inline long addslN(size_t n, long addend[n]);
 extern inline int cmpl(const void *p1, const void *p2);
@@ -1,86 +0,0 @@
 // SPDX-FileCopyrightText: 2023, Alejandro Colomar <alx@kernel.org>
 // SPDX-License-Identifier: BSD-3-Clause
 #ifndef SHADOW_INCLUDE_LIB_ADDS_H_
 #define SHADOW_INCLUDE_LIB_ADDS_H_
 #include <config.h>
 #include <errno.h>
 #include <limits.h>
 #include <stddef.h>
 #include <stdlib.h>
 #include "sizeof.h"
 #define addsl(a, b, ...)                                                      \
 ({                                                                            \
 	long  addend_[] = {a, b, __VA_ARGS__};                                \
                                                                              \
 	addslN(NITEMS(addend_), addend_);                                     \
 })
 inline long addsl2(long a, long b);
 inline long addslN(size_t n, long addend[n]);
 inline int cmpl(const void *p1, const void *p2);
 inline long
 addsl2(long a, long b)
 {
 	if (a > 0 && b > LONG_MAX - a) {
 		errno = EOVERFLOW;
 		return LONG_MAX;
 	}
 	if (a < 0 && b < LONG_MIN - a) {
 		errno = EOVERFLOW;
 		return LONG_MIN;
 	}
 	return a + b;
 }
 inline long
 addslN(size_t n, long addend[n])
 {
 	int   e;
 	if (n == 0) {
 		errno = EDOM;
 		return 0;
 	}
 	e = errno;
 	while (n > 1) {
 		qsort(addend, n, sizeof(addend[0]), cmpl);
 		errno = 0;
 		addend[0] = addsl2(addend[0], addend[--n]);
 		if (errno == EOVERFLOW)
 			return addend[0];
 	}
 	errno = e;
 	return addend[0];
 }
 inline int
 cmpl(const void *p1, const void *p2)
 {
 	const long  *l1 = p1;
 	const long  *l2 = p2;
 	if (*l1 < *l2)
 		return -1;
 	if (*l1 > *l2)
 		return +1;
 	return 0;
 }
 #endif  // include guard
@@ -1,181 +0,0 @@
 /*
 * SPDX-FileCopyrightText: 1989 - 1994, Julianne Frances Haugh
 * SPDX-FileCopyrightText: 1996 - 1998, Marek Michałkiewicz
 * SPDX-FileCopyrightText: 2001 - 2006, Tomasz Kłoczko
 * SPDX-FileCopyrightText: 2008 - 2009, Nicolas François
 *
 * SPDX-License-Identifier: BSD-3-Clause
 */
 #include <config.h>
 #include <sys/types.h>
 #include <stdio.h>
 #include <time.h>
 #include <errno.h>
 #include <pwd.h>
 #include <grp.h>
 #include "adds.h"
 #include "defines.h"
 #include "exitcodes.h"
 #include "prototypes.h"
 #ident "$Id$"
 #ifndef PASSWD_PROGRAM
 #define PASSWD_PROGRAM "/bin/passwd"
 #endif
 /*
 * expire - force password change if password expired
 *
 *	expire() calls /bin/passwd to change the user's password
 *	if it has expired.
 */
 int expire (const struct passwd *pw, /*@null@*/const struct spwd *sp)
 {
 	int status;
 	pid_t child;
 	pid_t pid;
 	if (NULL == sp) {
 		return 0;
 	}
 	/*
 	 * See if the user's password has expired, and if so
 	 * force them to change their password.
 	 */
 	status = isexpired (pw, sp);
 	switch (status) {
 	case 0:
 		return 0;
 	case 1:
 		(void) fputs (_("Your password has expired."), stdout);
 		break;
 	case 2:
 		(void) fputs (_("Your password is inactive."), stdout);
 		break;
 	case 3:
 		(void) fputs (_("Your login has expired."), stdout);
 		break;
 	}
 	/*
 	 * Setting the maximum valid period to less than the minimum
 	 * valid period means that the minimum period will never
 	 * occur while the password is valid, so the user can never
 	 * change that password.
 	 */
 	if ((status > 1) || (sp->sp_max < sp->sp_min)) {
 		(void) puts (_("  Contact the system administrator."));
 		exit (EXIT_FAILURE);
 	}
 	(void) puts (_("  Choose a new password."));
 	(void) fflush (stdout);
 	/*
 	 * Close all the files so that unauthorized access won't
 	 * occur.  This needs to be done anyway because those files
 	 * might become stale after "passwd" is executed.
 	 */
 	endspent ();
 	endpwent ();
 #ifdef SHADOWGRP
 	endsgent ();
 #endif
 	endgrent ();
 	/*
 	 * Execute the /bin/passwd command.  The exit status will be
 	 * examined to see what the result is.  If there are any
 	 * errors the routine will exit.  This forces the user to
 	 * change their password before being able to use the account.
 	 */
 	pid = fork ();
 	if (0 == pid) {
 		int err;
 		/*
 		 * Set the UID to be that of the user.  This causes
 		 * passwd to work just like it would had they executed
 		 * it from the command line while logged in.
 		 */
 #if defined(HAVE_INITGROUPS) && ! defined(USE_PAM)
 		if (setup_uid_gid (pw, false) != 0)
 #else
 		if (setup_uid_gid (pw) != 0)
 #endif
 		{
 			_exit (126);
 		}
 		(void) execl (PASSWD_PROGRAM, PASSWD_PROGRAM, pw->pw_name, (char *) NULL);
 		err = errno;
 		perror ("Can't execute " PASSWD_PROGRAM);
 		_exit ((ENOENT == err) ? E_CMD_NOTFOUND : E_CMD_NOEXEC);
 	} else if ((pid_t) -1 == pid) {
 		perror ("fork");
 		exit (EXIT_FAILURE);
 	}
 	while (((child = wait (&status)) != pid) && (child != (pid_t)-1));
 	if ((child == pid) && (0 == status)) {
 		return 1;
 	}
 	exit (EXIT_FAILURE);
 /*@notreached@*/}
 /*
 * agecheck - see if warning is needed for password expiration
 *
 *	agecheck sees how many days until the user's password is going
 *	to expire and warns the user of the pending password expiration.
 */
 void agecheck (/*@null@*/const struct spwd *sp)
 {
 	long now = time(NULL) / DAY;
 	long remain;
 	if (NULL == sp) {
 		return;
 	}
 	/*
 	 * The last, max, and warn fields must be supported or the
 	 * warning period cannot be calculated.
 	 */
 	if (   (-1 == sp->sp_lstchg)
 	    || (-1 == sp->sp_max)
 	    || (-1 == sp->sp_warn)) {
 		return;
 	}
 	if (0 == sp->sp_lstchg) {
 		(void) puts (_("You must change your password."));
 		return;
 	}
 	remain = addsl(sp->sp_lstchg, sp->sp_max, -now);
 	if (remain <= sp->sp_warn) {
 		if (remain > 1) {
 			(void) printf (_("Your password will expire in %ld days.\n"),
 			               remain);
 		} else if (1 == remain) {
 			(void) puts (_("Your password will expire tomorrow."));
 		} else if (remain == 0) {
 			(void) puts (_("Your password will expire today."));
 		}
 	}
 }
@@ -1,145 +0,0 @@
 /*
 * SPDX-FileCopyrightText:  2022, Alejandro Colomar <alx@kernel.org>
 *
 * SPDX-License-Identifier:  BSD-3-Clause
 */
 #include <config.h>
 #include "agetpass.h"
 #include <limits.h>
 #include <readpassphrase.h>
 #include <stdlib.h>
 #include <string.h>
 #ident "$Id$"
 #include "alloc/malloc.h"
 #if WITH_LIBBSD == 0
 #include "freezero.h"
 #endif /* WITH_LIBBSD */
 /*
 * SYNOPSIS
 *	[[gnu::malloc(erase_pass)]]
 *	char *agetpass(const char *prompt);
 *	char *agetpass_stdin();
 *
 *	void erase_pass(char *pass);
 *
 * ARGUMENTS
 *   agetpass()
 *	prompt	String to be printed before reading a password.
 *
 *   erase_pass()
 *	pass	password previously returned by agetpass().
 *
 * DESCRIPTION
 *   agetpass()
 *	This function is very similar to getpass(3).  It has several
 *	advantages compared to getpass(3):
 *
 *	- Instead of using a static buffer, agetpass() allocates memory
 *	  through malloc(3).  This makes the function thread-safe, and
 *	  also reduces the visibility of the buffer.
 *
 *	- agetpass() doesn't reallocate internally.  Some
 *	  implementations of getpass(3), such as glibc, do that, as a
 *	  consequence of calling getline(3).  That's a bug in glibc,
 *	  which allows leaking prefixes of passwords in freed memory.
 *
 *	- agetpass() doesn't overrun the output buffer.  If the input
 *	  password is too long, it simply fails.  Some implementations
 *	  of getpass(3), share the same bug that gets(3) has.
 *
 *	As soon as possible, the password obtained from agetpass() be
 *	erased by calling erase_pass(), to avoid possibly leaking the
 *	password.
 *
 *   agetpass_stdin()
 *	This function is the same as previous one (agetpass). Just the
 *	password is read from stdin and terminal is not required.
 *
 *   erase_pass()
 *	This function first clears the password, by calling
 *	explicit_bzero(3) (or an equivalent call), and then frees the
 *	allocated memory by calling free(3).
 *
 *	NULL is a valid input pointer, and in such a case, this call is
 *	a no-op.
 *
 * RETURN VALUE
 *	agetpass() returns a newly allocated buffer containing the
 *	password on success.  On error, errno is set to indicate the
 *	error, and NULL is returned.
 *
 * ERRORS
 *   agetpass()
 *	This function may fail for any errors that malloc(3) or
 *	readpassphrase(3) may fail, and in addition it may fail for the
 *	following errors:
 *
 *	ENOBUFS
 *		The input password was longer than PASS_MAX.
 *
 * CAVEATS
 *	If a password is passed twice to erase_pass(), the behavior is
 *	undefined.
 */
 static char *
 agetpass_internal(const char *prompt, int flags)
 {
 	char    *pass;
 	size_t  len;
 	/*
 	 * Since we want to support passwords upto PASS_MAX, we need
 	 * PASS_MAX bytes for the password itself, and one more byte for
 	 * the terminating '\0'.  We also want to detect truncation, and
 	 * readpassphrase(3) doesn't detect it, so we need some trick.
 	 * Let's add one more byte, and if the password uses it, it
 	 * means the introduced password was longer than PASS_MAX.
 	 */
 	pass = MALLOC(PASS_MAX + 2, char);
 	if (pass == NULL)
 		return NULL;
 	if (readpassphrase(prompt, pass, PASS_MAX + 2, flags) == NULL)
 		goto fail;
 	len = strlen(pass);
 	if (len == PASS_MAX + 1) {
 		errno = ENOBUFS;
 		goto fail;
 	}
 	return pass;
 fail:
 	freezero(pass, PASS_MAX + 2);
 	return NULL;
 }
 char *
 agetpass(const char *prompt)
 {
 	return agetpass_internal(prompt, RPP_REQUIRE_TTY);
 }
 char *
 agetpass_stdin()
 {
 	return agetpass_internal(NULL, RPP_STDIN);
 }
 void
 erase_pass(char *pass)
 {
 	freezero(pass, PASS_MAX + 2);
 }
@@ -1,23 +0,0 @@
 /*
 * SPDX-FileCopyrightText: 2022-2023, Alejandro Colomar <alx@kernel.org>
 * SPDX-License-Identifier: BSD-3-Clause
 */
 #ifndef SHADOW_INCLUDE_LIB_AGETPASS_H_
 #define SHADOW_INCLUDE_LIB_AGETPASS_H_
 #include <config.h>
 #include "attr.h"
 #include "defines.h"
 void erase_pass(char *pass);
 ATTR_MALLOC(erase_pass)
 char *agetpass(const char *prompt);
 char *agetpass_stdin();
 #endif  // include guard
@@ -1,11 +0,0 @@
 // SPDX-FileCopyrightText: 1990-1994, Julianne Frances Haugh
 // SPDX-FileCopyrightText: 1996-1998, Marek Michałkiewicz
 // SPDX-FileCopyrightText: 2003-2006, Tomasz Kłoczko
 // SPDX-FileCopyrightText: 2008     , Nicolas François
 // SPDX-FileCopyrightText: 2023-2024, Alejandro Colomar <alx@kernel.org>
 // SPDX-License-Identifier: BSD-3-Clause
 #include <config.h>
 #include "alloc/calloc.h"
@@ -1,20 +0,0 @@
 // SPDX-FileCopyrightText: 2023-2024, Alejandro Colomar <alx@kernel.org>
 // SPDX-License-Identifier: BSD-3-Clause
 #ifndef SHADOW_INCLUDE_LIB_ALLOC_CALLOC_H_
 #define SHADOW_INCLUDE_LIB_ALLOC_CALLOC_H_
 #include <config.h>
 #include <stdlib.h>
 #define CALLOC(n, type)                                                       \
 (                                                                             \
 	(type *) calloc(n, sizeof(type))                                      \
 )
 #endif  // include guard
@@ -1,16 +0,0 @@
 // SPDX-FileCopyrightText: 1990-1994, Julianne Frances Haugh
 // SPDX-FileCopyrightText: 1996-1998, Marek Michałkiewicz
 // SPDX-FileCopyrightText: 2003-2006, Tomasz Kłoczko
 // SPDX-FileCopyrightText: 2008     , Nicolas François
 // SPDX-FileCopyrightText: 2023-2024, Alejandro Colomar <alx@kernel.org>
 // SPDX-License-Identifier: BSD-3-Clause
 #include <config.h>
 #include "alloc/malloc.h"
 #include <stddef.h>
 extern inline void *mallocarray(size_t nmemb, size_t size);
@@ -1,34 +0,0 @@
 // SPDX-FileCopyrightText: 2023-2024, Alejandro Colomar <alx@kernel.org>
 // SPDX-License-Identifier: BSD-3-Clause
 #ifndef SHADOW_INCLUDE_LIB_ALLOC_MALLOC_H_
 #define SHADOW_INCLUDE_LIB_ALLOC_MALLOC_H_
 #include <config.h>
 #include <stdlib.h>
 #include "attr.h"
 #define MALLOC(n, type)                                                       \
 (                                                                             \
 	(type *) mallocarray(n, sizeof(type))                                 \
 )
 ATTR_ALLOC_SIZE(1, 2)
 ATTR_MALLOC(free)
 inline void *mallocarray(size_t nmemb, size_t size);
 inline void *
 mallocarray(size_t nmemb, size_t size)
 {
 	return reallocarray(NULL, nmemb, size);
 }
 #endif  // include guard
@@ -1,11 +0,0 @@
 // SPDX-FileCopyrightText: 1990-1994, Julianne Frances Haugh
 // SPDX-FileCopyrightText: 1996-1998, Marek Michałkiewicz
 // SPDX-FileCopyrightText: 2003-2006, Tomasz Kłoczko
 // SPDX-FileCopyrightText: 2008     , Nicolas François
 // SPDX-FileCopyrightText: 2023-2024, Alejandro Colomar <alx@kernel.org>
 // SPDX-License-Identifier: BSD-3-Clause
 #include <config.h>
 #include "alloc/realloc.h"
@@ -1,20 +0,0 @@
 // SPDX-FileCopyrightText: 2023-2024, Alejandro Colomar <alx@kernel.org>
 // SPDX-License-Identifier: BSD-3-Clause
 #ifndef SHADOW_INCLUDE_LIB_ALLOC_REALLOC_H_
 #define SHADOW_INCLUDE_LIB_ALLOC_REALLOC_H_
 #include <config.h>
 #include <stdlib.h>
 #define REALLOC(p, n, type)                                                   \
 (                                                                             \
 	_Generic(p, type *: (type *) reallocarray(p, (n) ?: 1, sizeof(type))) \
 )
 #endif  // include guard
@@ -1,16 +0,0 @@
 // SPDX-FileCopyrightText: 1990-1994, Julianne Frances Haugh
 // SPDX-FileCopyrightText: 1996-1998, Marek Michałkiewicz
 // SPDX-FileCopyrightText: 2003-2006, Tomasz Kłoczko
 // SPDX-FileCopyrightText: 2008     , Nicolas François
 // SPDX-FileCopyrightText: 2023-2024, Alejandro Colomar <alx@kernel.org>
 // SPDX-License-Identifier: BSD-3-Clause
 #include <config.h>
 #include "alloc/reallocf.h"
 #include <stddef.h>
 extern inline void *reallocarrayf(void *p, size_t nmemb, size_t size);
@@ -1,41 +0,0 @@
 // SPDX-FileCopyrightText: 2023-2024, Alejandro Colomar <alx@kernel.org>
 // SPDX-License-Identifier: BSD-3-Clause
 #ifndef SHADOW_INCLUDE_LIB_ALLOC_REALLOCF_H_
 #define SHADOW_INCLUDE_LIB_ALLOC_REALLOCF_H_
 #include <config.h>
 #include <stddef.h>
 #include <stdlib.h>
 #include "attr.h"
 #define REALLOCF(p, n, type)                                                  \
 (                                                                             \
 	_Generic(p, type *: (type *) reallocarrayf(p, (n) ?: 1, sizeof(type)))\
 )
 ATTR_ALLOC_SIZE(2, 3)
 ATTR_MALLOC(free)
 inline void *reallocarrayf(void *p, size_t nmemb, size_t size);
 inline void *
 reallocarrayf(void *p, size_t nmemb, size_t size)
 {
 	void  *q;
 	q = reallocarray(p, nmemb ?: 1, size ?: 1);
 	if (q == NULL)
 		free(p);
 	return q;
 }
 #endif  // include guard
@@ -1,36 +0,0 @@
 // SPDX-FileCopyrightText: 1990-1994, Julianne Frances Haugh
 // SPDX-FileCopyrightText: 1996-1998, Marek Michałkiewicz
 // SPDX-FileCopyrightText: 2003-2006, Tomasz Kłoczko
 // SPDX-FileCopyrightText: 2008     , Nicolas François
 // SPDX-FileCopyrightText: 2023-2024, Alejandro Colomar <alx@kernel.org>
 // SPDX-License-Identifier: BSD-3-Clause
 #include <config.h>
 #include "alloc/x/xcalloc.h"
 #include <stddef.h>
 #include <stdlib.h>
 #include <string.h>
 #include "defines.h"
 #include "shadowlog.h"
 void *
 xcalloc(size_t nmemb, size_t size)
 {
 	void  *p;
 	p = calloc(nmemb, size);
 	if (p == NULL)
 		goto x;
 	return p;
 x:
 	fprintf(log_get_logfd(), _("%s: %s\n"),
 	        log_get_progname(), strerror(errno));
 	exit(13);
 }
@@ -1,28 +0,0 @@
 // SPDX-FileCopyrightText: 2023-2024, Alejandro Colomar <alx@kernel.org>
 // SPDX-License-Identifier: BSD-3-Clause
 #ifndef SHADOW_INCLUDE_LIB_ALLOC_X_XCALLOC_H_
 #define SHADOW_INCLUDE_LIB_ALLOC_X_XCALLOC_H_
 #include <config.h>
 #include <stddef.h>
 #include <stdlib.h>
 #include "attr.h"
 #define XCALLOC(n, type)                                                      \
 (                                                                             \
 	(type *) xcalloc(n, sizeof(type))                                     \
 )
 ATTR_ALLOC_SIZE(1, 2)
 ATTR_MALLOC(free)
 void *xcalloc(size_t nmemb, size_t size);
 #endif  // include guard
@@ -1,16 +0,0 @@
 // SPDX-FileCopyrightText: 1990-1994, Julianne Frances Haugh
 // SPDX-FileCopyrightText: 1996-1998, Marek Michałkiewicz
 // SPDX-FileCopyrightText: 2003-2006, Tomasz Kłoczko
 // SPDX-FileCopyrightText: 2008     , Nicolas François
 // SPDX-FileCopyrightText: 2023-2024, Alejandro Colomar <alx@kernel.org>
 // SPDX-License-Identifier: BSD-3-Clause
 #include <config.h>
 #include "alloc/x/xmalloc.h"
 #include <stddef.h>
 extern inline void *xmallocarray(size_t nmemb, size_t size);
@@ -1,35 +0,0 @@
 // SPDX-FileCopyrightText: 2023-2024, Alejandro Colomar <alx@kernel.org>
 // SPDX-License-Identifier: BSD-3-Clause
 #ifndef SHADOW_INCLUDE_LIB_ALLOC_X_XMALLOC_H_
 #define SHADOW_INCLUDE_LIB_ALLOC_X_XMALLOC_H_
 #include <config.h>
 #include <stddef.h>
 #include "alloc/x/xrealloc.h"
 #include "attr.h"
 #define XMALLOC(n, type)                                                      \
 (                                                                             \
 	(type *) xmallocarray(n, sizeof(type))                                \
 )
 ATTR_ALLOC_SIZE(1, 2)
 ATTR_MALLOC(free)
 inline void *xmallocarray(size_t nmemb, size_t size);
 inline void *
 xmallocarray(size_t nmemb, size_t size)
 {
 	return xreallocarray(NULL, nmemb, size);
 }
 #endif  // include guard
@@ -1,35 +0,0 @@
 // SPDX-FileCopyrightText: 1990-1994, Julianne Frances Haugh
 // SPDX-FileCopyrightText: 1996-1998, Marek Michałkiewicz
 // SPDX-FileCopyrightText: 2003-2006, Tomasz Kłoczko
 // SPDX-FileCopyrightText: 2008     , Nicolas François
 // SPDX-FileCopyrightText: 2023-2024, Alejandro Colomar <alx@kernel.org>
 // SPDX-License-Identifier: BSD-3-Clause
 #include <config.h>
 #include "alloc/x/xrealloc.h"
 #include <stddef.h>
 #include <stdlib.h>
 #include <string.h>
 #include "alloc/reallocf.h"
 #include "defines.h"
 #include "shadowlog.h"
 void *
 xreallocarray(void *p, size_t nmemb, size_t size)
 {
 	p = reallocarrayf(p, nmemb, size);
 	if (p == NULL)
 		goto x;
 	return p;
 x:
 	fprintf(log_get_logfd(), _("%s: %s\n"),
 	        log_get_progname(), strerror(errno));
 	exit(13);
 }
@@ -1,31 +0,0 @@
 // SPDX-FileCopyrightText: 2023-2024, Alejandro Colomar <alx@kernel.org>
 // SPDX-License-Identifier: BSD-3-Clause
 #ifndef SHADOW_INCLUDE_LIB_MALLOC_H_
 #define SHADOW_INCLUDE_LIB_MALLOC_H_
 #include <config.h>
 #include <assert.h>
 #include <errno.h>
 #include <stddef.h>
 #include <stdint.h>
 #include <stdlib.h>
 #include "attr.h"
 #define XREALLOC(ptr, n, type)                                                \
 (                                                                             \
 	_Generic(ptr, type *:  (type *) xreallocarray(ptr, n, sizeof(type)))  \
 )
 ATTR_ALLOC_SIZE(2, 3)
 ATTR_MALLOC(free)
 void *xreallocarray(void *p, size_t nmemb, size_t size);
 #endif  // include guard
@@ -1,7 +0,0 @@
 // SPDX-FileCopyrightText: 2023-2024, Alejandro Colomar <alx@kernel.org>
 // SPDX-License-Identifier: BSD-3-Clause
 #include <config.h>
 #include "atoi/a2i/a2i.h"
@@ -1,62 +0,0 @@
 // SPDX-FileCopyrightText: 2023-2024, Alejandro Colomar <alx@kernel.org>
 // SPDX-License-Identifier: BSD-3-Clause
 #ifndef SHADOW_INCLUDE_LIB_ATOI_A2I_A2I_H_
 #define SHADOW_INCLUDE_LIB_ATOI_A2I_A2I_H_
 #include <config.h>
 #include "atoi/a2i/a2s_c.h"
 #include "atoi/a2i/a2s_nc.h"
 #include "atoi/a2i/a2u_c.h"
 #include "atoi/a2i/a2u_nc.h"
 /*
 * See the manual of these macros in liba2i's documentation:
 * <http://www.alejandro-colomar.es/share/dist/liba2i/git/HEAD/liba2i-HEAD.pdf>
 */
 #define a2i(TYPE, n, s, ...)                                                  \
 (                                                                             \
 	_Generic((void (*)(TYPE, typeof(s))) 0,                               \
 		void (*)(short,              const char *):  a2sh_c,          \
 		void (*)(short,              const void *):  a2sh_c,          \
 		void (*)(short,              char *):        a2sh_nc,         \
 		void (*)(short,              void *):        a2sh_nc,         \
 		void (*)(int,                const char *):  a2si_c,          \
 		void (*)(int,                const void *):  a2si_c,          \
 		void (*)(int,                char *):        a2si_nc,         \
 		void (*)(int,                void *):        a2si_nc,         \
 		void (*)(long,               const char *):  a2sl_c,          \
 		void (*)(long,               const void *):  a2sl_c,          \
 		void (*)(long,               char *):        a2sl_nc,         \
 		void (*)(long,               void *):        a2sl_nc,         \
 		void (*)(long long,          const char *):  a2sll_c,         \
 		void (*)(long long,          const void *):  a2sll_c,         \
 		void (*)(long long,          char *):        a2sll_nc,        \
 		void (*)(long long,          void *):        a2sll_nc,        \
 		void (*)(unsigned short,     const char *):  a2uh_c,          \
 		void (*)(unsigned short,     const void *):  a2uh_c,          \
 		void (*)(unsigned short,     char *):        a2uh_nc,         \
 		void (*)(unsigned short,     void *):        a2uh_nc,         \
 		void (*)(unsigned int,       const char *):  a2ui_c,          \
 		void (*)(unsigned int,       const void *):  a2ui_c,          \
 		void (*)(unsigned int,       char *):        a2ui_nc,         \
 		void (*)(unsigned int,       void *):        a2ui_nc,         \
 		void (*)(unsigned long,      const char *):  a2ul_c,          \
 		void (*)(unsigned long,      const void *):  a2ul_c,          \
 		void (*)(unsigned long,      char *):        a2ul_nc,         \
 		void (*)(unsigned long,      void *):        a2ul_nc,         \
 		void (*)(unsigned long long, const char *):  a2ull_c,         \
 		void (*)(unsigned long long, const void *):  a2ull_c,         \
 		void (*)(unsigned long long, char *):        a2ull_nc,        \
 		void (*)(unsigned long long, void *):        a2ull_nc         \
 	)(n, s, __VA_ARGS__)                                                  \
 )
 #endif  // include guard
@@ -1,7 +0,0 @@
 // SPDX-FileCopyrightText: 2023-2024, Alejandro Colomar <alx@kernel.org>
 // SPDX-License-Identifier: BSD-3-Clause
 #include <config.h>
 #include "atoi/a2i/a2s.h"
@@ -1,56 +0,0 @@
 // SPDX-FileCopyrightText: 2023-2024, Alejandro Colomar <alx@kernel.org>
 // SPDX-License-Identifier: BSD-3-Clause
 #ifndef SHADOW_INCLUDE_LIB_ATOI_A2I_A2S_H_
 #define SHADOW_INCLUDE_LIB_ATOI_A2I_A2S_H_
 #include <config.h>
 #include "atoi/a2i/a2s_c.h"
 #include "atoi/a2i/a2s_nc.h"
 #define a2sh(n, s, ...)                                                       \
 (                                                                             \
 	_Generic(s,                                                           \
 		const char *:  a2sh_c,                                        \
 		const void *:  a2sh_c,                                        \
 		char *:        a2sh_nc,                                       \
 		void *:        a2sh_nc                                        \
 	)(n, s, __VA_ARGS__)                                                  \
 )
 #define a2si(n, s, ...)                                                       \
 (                                                                             \
 	_Generic(s,                                                           \
 		const char *:  a2si_c,                                        \
 		const void *:  a2si_c,                                        \
 		char *:        a2si_nc,                                       \
 		void *:        a2si_nc                                        \
 	)(n, s, __VA_ARGS__)                                                  \
 )
 #define a2sl(n, s, ...)                                                       \
 (                                                                             \
 	_Generic(s,                                                           \
 		const char *:  a2sl_c,                                        \
 		const void *:  a2sl_c,                                        \
 		char *:        a2sl_nc,                                       \
 		void *:        a2sl_nc                                        \
 	)(n, s, __VA_ARGS__)                                                  \
 )
 #define a2sll(n, s, ...)                                                      \
 (                                                                             \
 	_Generic(s,                                                           \
 		const char *:  a2sll_c,                                       \
 		const void *:  a2sll_c,                                       \
 		char *:        a2sll_nc,                                      \
 		void *:        a2sll_nc                                       \
 	)(n, s, __VA_ARGS__)                                                  \
 )
 #endif  // include guard
@@ -1,17 +0,0 @@
 // SPDX-FileCopyrightText: 2023-2024, Alejandro Colomar <alx@kernel.org>
 // SPDX-License-Identifier: BSD-3-Clause
 #include <config.h>
 #include "atoi/a2i/a2s_c.h"
 extern inline int a2sh_c(short *restrict n, const char *s,
    const char **restrict endp, int base, short min, short max);
 extern inline int a2si_c(int *restrict n, const char *s,
    const char **restrict endp, int base, int min, int max);
 extern inline int a2sl_c(long *restrict n, const char *s,
    const char **restrict endp, int base, long min, long max);
 extern inline int a2sll_c(long long *restrict n, const char *s,
    const char **restrict endp, int base, long long min, long long max);
@@ -1,64 +0,0 @@
 // SPDX-FileCopyrightText: 2023-2024, Alejandro Colomar <alx@kernel.org>
 // SPDX-License-Identifier: BSD-3-Clause
 #ifndef SHADOW_INCLUDE_LIB_ATOI_A2I_A2S_C_H_
 #define SHADOW_INCLUDE_LIB_ATOI_A2I_A2S_C_H_
 #include <config.h>
 #include <errno.h>
 #include <inttypes.h>
 #include "atoi/a2i/a2s_nc.h"
 #include "attr.h"
 ATTR_STRING(2) ATTR_ACCESS(write_only, 1) ATTR_ACCESS(write_only, 3)
 inline int a2sh_c(short *restrict n, const char *s,
    const char **restrict endp, int base, short min, short max);
 ATTR_STRING(2) ATTR_ACCESS(write_only, 1) ATTR_ACCESS(write_only, 3)
 inline int a2si_c(int *restrict n, const char *s,
    const char **restrict endp, int base, int min, int max);
 ATTR_STRING(2) ATTR_ACCESS(write_only, 1) ATTR_ACCESS(write_only, 3)
 inline int a2sl_c(long *restrict n, const char *s,
    const char **restrict endp, int base, long min, long max);
 ATTR_STRING(2) ATTR_ACCESS(write_only, 1) ATTR_ACCESS(write_only, 3)
 inline int a2sll_c(long long *restrict n, const char *s,
    const char **restrict endp, int base, long long min, long long max);
 inline int
 a2sh_c(short *restrict n, const char *s,
    const char **restrict endp, int base, short min, short max)
 {
 	return a2sh_nc(n, (char *) s, (char **) endp, base, min, max);
 }
 inline int
 a2si_c(int *restrict n, const char *s,
    const char **restrict endp, int base, int min, int max)
 {
 	return a2si_nc(n, (char *) s, (char **) endp, base, min, max);
 }
 inline int
 a2sl_c(long *restrict n, const char *s,
    const char **restrict endp, int base, long min, long max)
 {
 	return a2sl_nc(n, (char *) s, (char **) endp, base, min, max);
 }
 inline int
 a2sll_c(long long *restrict n, const char *s,
    const char **restrict endp, int base, long long min, long long max)
 {
 	return a2sll_nc(n, (char *) s, (char **) endp, base, min, max);
 }
 #endif  // include guard
@@ -1,17 +0,0 @@
 // SPDX-FileCopyrightText: 2023-2024, Alejandro Colomar <alx@kernel.org>
 // SPDX-License-Identifier: BSD-3-Clause
 #include <config.h>
 #include "atoi/a2i/a2s_nc.h"
 extern inline int a2sh_nc(short *restrict n, char *s,
    char **restrict endp, int base, short min, short max);
 extern inline int a2si_nc(int *restrict n, char *s,
    char **restrict endp, int base, int min, int max);
 extern inline int a2sl_nc(long *restrict n, char *s,
    char **restrict endp, int base, long min, long max);
 extern inline int a2sll_nc(long long *restrict n, char *s,
    char **restrict endp, int base, long long min, long long max);
@@ -1,91 +0,0 @@
 // SPDX-FileCopyrightText: 2023-2024, Alejandro Colomar <alx@kernel.org>
 // SPDX-License-Identifier: BSD-3-Clause
 #ifndef SHADOW_INCLUDE_LIB_ATOI_A2I_A2S_NC_H_
 #define SHADOW_INCLUDE_LIB_ATOI_A2I_A2S_NC_H_
 #include <config.h>
 #include <errno.h>
 #include "atoi/strtoi/strtoi.h"
 #include "attr.h"
 ATTR_STRING(2) ATTR_ACCESS(write_only, 1) ATTR_ACCESS(write_only, 3)
 inline int a2sh_nc(short *restrict n, char *s,
    char **restrict endp, int base, short min, short max);
 ATTR_STRING(2) ATTR_ACCESS(write_only, 1) ATTR_ACCESS(write_only, 3)
 inline int a2si_nc(int *restrict n, char *s,
    char **restrict endp, int base, int min, int max);
 ATTR_STRING(2) ATTR_ACCESS(write_only, 1) ATTR_ACCESS(write_only, 3)
 inline int a2sl_nc(long *restrict n, char *s,
    char **restrict endp, int base, long min, long max);
 ATTR_STRING(2) ATTR_ACCESS(write_only, 1) ATTR_ACCESS(write_only, 3)
 inline int a2sll_nc(long long *restrict n, char *s,
    char **restrict endp, int base, long long min, long long max);
 inline int
 a2sh_nc(short *restrict n, char *s,
    char **restrict endp, int base, short min, short max)
 {
 	int  status;
 	*n = strtoi_(s, endp, base, min, max, &status);
 	if (status != 0) {
 		errno = status;
 		return -1;
 	}
 	return 0;
 }
 inline int
 a2si_nc(int *restrict n, char *s,
    char **restrict endp, int base, int min, int max)
 {
 	int  status;
 	*n = strtoi_(s, endp, base, min, max, &status);
 	if (status != 0) {
 		errno = status;
 		return -1;
 	}
 	return 0;
 }
 inline int
 a2sl_nc(long *restrict n, char *s,
    char **restrict endp, int base, long min, long max)
 {
 	int  status;
 	*n = strtoi_(s, endp, base, min, max, &status);
 	if (status != 0) {
 		errno = status;
 		return -1;
 	}
 	return 0;
 }
 inline int
 a2sll_nc(long long *restrict n, char *s,
    char **restrict endp, int base, long long min, long long max)
 {
 	int  status;
 	*n = strtoi_(s, endp, base, min, max, &status);
 	if (status != 0) {
 		errno = status;
 		return -1;
 	}
 	return 0;
 }
 #endif  // include guard
@@ -1,7 +0,0 @@
 // SPDX-FileCopyrightText: 2023-2024, Alejandro Colomar <alx@kernel.org>
 // SPDX-License-Identifier: BSD-3-Clause
 #include <config.h>
 #include "atoi/a2i/a2u.h"
@@ -1,56 +0,0 @@
 // SPDX-FileCopyrightText: 2023-2024, Alejandro Colomar <alx@kernel.org>
 // SPDX-License-Identifier: BSD-3-Clause
 #ifndef SHADOW_INCLUDE_LIB_ATOI_A2I_A2U_H_
 #define SHADOW_INCLUDE_LIB_ATOI_A2I_A2U_H_
 #include <config.h>
 #include "atoi/a2i/a2u_c.h"
 #include "atoi/a2i/a2u_nc.h"
 #define a2uh(n, s, ...)                                                       \
 (                                                                             \
 	_Generic(s,                                                           \
 		const char *:  a2uh_c,                                        \
 		const void *:  a2uh_c,                                        \
 		char *:        a2uh_nc,                                       \
 		void *:        a2uh_nc                                        \
 	)(n, s, __VA_ARGS__)                                                  \
 )
 #define a2ui(n, s, ...)                                                       \
 (                                                                             \
 	_Generic(s,                                                           \
 		const char *:  a2ui_c,                                        \
 		const void *:  a2ui_c,                                        \
 		char *:        a2ui_nc,                                       \
 		void *:        a2ui_nc                                        \
 	)(n, s, __VA_ARGS__)                                                  \
 )
 #define a2ul(n, s, ...)                                                       \
 (                                                                             \
 	_Generic(s,                                                           \
 		const char *:  a2ul_c,                                        \
 		const void *:  a2ul_c,                                        \
 		char *:        a2ul_nc,                                       \
 		void *:        a2ul_nc                                        \
 	)(n, s, __VA_ARGS__)                                                  \
 )
 #define a2ull(n, s, ...)                                                      \
 (                                                                             \
 	_Generic(s,                                                           \
 		const char *:  a2ull_c,                                       \
 		const void *:  a2ull_c,                                       \
 		char *:        a2ull_nc,                                      \
 		void *:        a2ull_nc                                       \
 	)(n, s, __VA_ARGS__)                                                  \
 )
 #endif  // include guard
@@ -1,19 +0,0 @@
 // SPDX-FileCopyrightText: 2023-2024, Alejandro Colomar <alx@kernel.org>
 // SPDX-License-Identifier: BSD-3-Clause
 #include <config.h>
 #include "atoi/a2i/a2u_c.h"
 extern inline int a2uh_c(unsigned short *restrict n, const char *s,
    const char **restrict endp, int base, unsigned short min,
    unsigned short max);
 extern inline int a2ui_c(unsigned int *restrict n, const char *s,
    const char **restrict endp, int base, unsigned int min, unsigned int max);
 extern inline int a2ul_c(unsigned long *restrict n, const char *s,
    const char **restrict endp, int base, unsigned long min, unsigned long max);
 extern inline int a2ull_c(unsigned long long *restrict n, const char *s,
    const char **restrict endp, int base, unsigned long long min,
    unsigned long long max);
@@ -1,65 +0,0 @@
 // SPDX-FileCopyrightText: 2023-2024, Alejandro Colomar <alx@kernel.org>
 // SPDX-License-Identifier: BSD-3-Clause
 #ifndef SHADOW_INCLUDE_LIB_ATOI_A2I_A2U_C_H_
 #define SHADOW_INCLUDE_LIB_ATOI_A2I_A2U_C_H_
 #include <config.h>
 #include "atoi/a2i/a2u_nc.h"
 #include "attr.h"
 ATTR_STRING(2) ATTR_ACCESS(write_only, 1) ATTR_ACCESS(write_only, 3)
 inline int a2uh_c(unsigned short *restrict n, const char *s,
    const char **restrict endp, int base, unsigned short min,
    unsigned short max);
 ATTR_STRING(2) ATTR_ACCESS(write_only, 1) ATTR_ACCESS(write_only, 3)
 inline int a2ui_c(unsigned int *restrict n, const char *s,
    const char **restrict endp, int base, unsigned int min, unsigned int max);
 ATTR_STRING(2) ATTR_ACCESS(write_only, 1) ATTR_ACCESS(write_only, 3)
 inline int a2ul_c(unsigned long *restrict n, const char *s,
    const char **restrict endp, int base, unsigned long min, unsigned long max);
 ATTR_STRING(2) ATTR_ACCESS(write_only, 1) ATTR_ACCESS(write_only, 3)
 inline int a2ull_c(unsigned long long *restrict n, const char *s,
    const char **restrict endp, int base, unsigned long long min,
    unsigned long long max);
 inline int
 a2uh_c(unsigned short *restrict n, const char *s,
    const char **restrict endp, int base, unsigned short min,
    unsigned short max)
 {
 	return a2uh_nc(n, (char *) s, (char **) endp, base, min, max);
 }
 inline int
 a2ui_c(unsigned int *restrict n, const char *s,
    const char **restrict endp, int base, unsigned int min, unsigned int max)
 {
 	return a2ui_nc(n, (char *) s, (char **) endp, base, min, max);
 }
 inline int
 a2ul_c(unsigned long *restrict n, const char *s,
    const char **restrict endp, int base, unsigned long min, unsigned long max)
 {
 	return a2ul_nc(n, (char *) s, (char **) endp, base, min, max);
 }
 inline int
 a2ull_c(unsigned long long *restrict n, const char *s,
    const char **restrict endp, int base, unsigned long long min,
    unsigned long long max)
 {
 	return a2ull_nc(n, (char *) s, (char **) endp, base, min, max);
 }
 #endif  // include guard
@@ -1,18 +0,0 @@
 // SPDX-FileCopyrightText: 2023-2024, Alejandro Colomar <alx@kernel.org>
 // SPDX-License-Identifier: BSD-3-Clause
 #include <config.h>
 #include "atoi/a2i/a2u_nc.h"
 extern inline int a2uh_nc(unsigned short *restrict n, char *s,
    char **restrict endp, int base, unsigned short min, unsigned short max);
 extern inline int a2ui_nc(unsigned int *restrict n, char *s,
    char **restrict endp, int base, unsigned int min, unsigned int max);
 extern inline int a2ul_nc(unsigned long *restrict n, char *s,
    char **restrict endp, int base, unsigned long min, unsigned long max);
 extern inline int a2ull_nc(unsigned long long *restrict n, char *s,
    char **restrict endp, int base, unsigned long long min,
    unsigned long long max);
@@ -1,94 +0,0 @@
 // SPDX-FileCopyrightText: 2023-2024, Alejandro Colomar <alx@kernel.org>
 // SPDX-License-Identifier: BSD-3-Clause
 #ifndef SHADOW_INCLUDE_LIB_ATOI_A2I_A2U_NC_H_
 #define SHADOW_INCLUDE_LIB_ATOI_A2I_A2U_NC_H_
 #include <config.h>
 #include <errno.h>
 #include "atoi/strtoi/strtou_noneg.h"
 #include "attr.h"
 ATTR_STRING(2) ATTR_ACCESS(write_only, 1) ATTR_ACCESS(write_only, 3)
 inline int a2uh_nc(unsigned short *restrict n, char *s,
    char **restrict endp, int base, unsigned short min, unsigned short max);
 ATTR_STRING(2) ATTR_ACCESS(write_only, 1) ATTR_ACCESS(write_only, 3)
 inline int a2ui_nc(unsigned int *restrict n, char *s,
    char **restrict endp, int base, unsigned int min, unsigned int max);
 ATTR_STRING(2) ATTR_ACCESS(write_only, 1) ATTR_ACCESS(write_only, 3)
 inline int a2ul_nc(unsigned long *restrict n, char *s,
    char **restrict endp, int base, unsigned long min, unsigned long max);
 ATTR_STRING(2) ATTR_ACCESS(write_only, 1) ATTR_ACCESS(write_only, 3)
 inline int a2ull_nc(unsigned long long *restrict n, char *s,
    char **restrict endp, int base, unsigned long long min,
    unsigned long long max);
 inline int
 a2uh_nc(unsigned short *restrict n, char *s,
    char **restrict endp, int base, unsigned short min,
    unsigned short max)
 {
 	int  status;
 	*n = strtou_noneg(s, endp, base, min, max, &status);
 	if (status != 0) {
 		errno = status;
 		return -1;
 	}
 	return 0;
 }
 inline int
 a2ui_nc(unsigned int *restrict n, char *s,
    char **restrict endp, int base, unsigned int min, unsigned int max)
 {
 	int  status;
 	*n = strtou_noneg(s, endp, base, min, max, &status);
 	if (status != 0) {
 		errno = status;
 		return -1;
 	}
 	return 0;
 }
 inline int
 a2ul_nc(unsigned long *restrict n, char *s,
    char **restrict endp, int base, unsigned long min, unsigned long max)
 {
 	int  status;
 	*n = strtou_noneg(s, endp, base, min, max, &status);
 	if (status != 0) {
 		errno = status;
 		return -1;
 	}
 	return 0;
 }
 inline int
 a2ull_nc(unsigned long long *restrict n, char *s,
    char **restrict endp, int base, unsigned long long min,
    unsigned long long max)
 {
 	int  status;
 	*n = strtou_noneg(s, endp, base, min, max, &status);
 	if (status != 0) {
 		errno = status;
 		return -1;
 	}
 	return 0;
 }
 #endif  // include guard
@@ -1,16 +0,0 @@
 // SPDX-FileCopyrightText: 2009, Nicolas François
 // SPDX-FileCopyrightText: 2023-2024, Alejandro Colomar <alx@kernel.org>
 // SPDX-License-Identifier: BSD-3-Clause
 #include <config.h>
 #include <sys/types.h>
 #include "atoi/getnum.h"
 extern inline int get_fd(const char *restrict fdstr, int *restrict fd);
 extern inline int get_gid(const char *restrict gidstr, gid_t *restrict gid);
 extern inline int get_pid(const char *restrict pidstr, pid_t *restrict pid);
 extern inline int get_uid(const char *restrict uidstr, uid_t *restrict uid);
@@ -1,60 +0,0 @@
 // SPDX-FileCopyrightText: 2009, Nicolas François
 // SPDX-FileCopyrightText: 2023-2024, Alejandro Colomar <alx@kernel.org>
 // SPDX-License-Identifier: BSD-3-Clause
 #ifndef SHADOW_INCLUDE_LIB_ATOI_GETNUM_H_
 #define SHADOW_INCLUDE_LIB_ATOI_GETNUM_H_
 #include <config.h>
 #include <limits.h>
 #include <stddef.h>
 #include <sys/types.h>
 #include "atoi/a2i/a2i.h"
 #include "atoi/a2i/a2s.h"
 #include "attr.h"
 #include "typetraits.h"
 ATTR_STRING(1) ATTR_ACCESS(write_only, 2)
 inline int get_fd(const char *restrict fdstr, int *restrict fd);
 ATTR_STRING(1) ATTR_ACCESS(write_only, 2)
 inline int get_gid(const char *restrict gidstr, gid_t *restrict gid);
 ATTR_STRING(1) ATTR_ACCESS(write_only, 2)
 inline int get_pid(const char *restrict pidstr, pid_t *restrict pid);
 ATTR_STRING(1) ATTR_ACCESS(write_only, 2)
 inline int get_uid(const char *restrict uidstr, uid_t *restrict uid);
 inline int
 get_fd(const char *restrict fdstr, int *restrict fd)
 {
 	return a2si(fd, fdstr, NULL, 10, 0, INT_MAX);
 }
 inline int
 get_gid(const char *restrict gidstr, gid_t *restrict gid)
 {
 	return a2i(gid_t, gid, gidstr, NULL, 10, type_min(gid_t), type_max(gid_t));
 }
 inline int
 get_pid(const char *restrict pidstr, pid_t *restrict pid)
 {
 	return a2i(pid_t, pid, pidstr, NULL, 10, 1, type_max(pid_t));
 }
 inline int
 get_uid(const char *restrict uidstr, uid_t *restrict uid)
 {
 	return a2i(uid_t, uid, uidstr, NULL, 10, type_min(uid_t), type_max(uid_t));
 }
 #endif  // include guard
@@ -1,8 +0,0 @@
 // SPDX-FileCopyrightText: 2007-2009, Nicolas François
 // SPDX-FileCopyrightText: 2023-2024, Alejandro Colomar <alx@kernel.org>
 // SPDX-License-Identifier: BSD-3-Clause
 #include <config.h>
 #include "atoi/str2i/str2i.h"
@@ -1,31 +0,0 @@
 // SPDX-FileCopyrightText: 2007-2009, Nicolas François
 // SPDX-FileCopyrightText: 2023-2024, Alejandro Colomar <alx@kernel.org>
 // SPDX-License-Identifier: BSD-3-Clause
 #ifndef SHADOW_INCLUDE_LIB_ATOI_STR2I_STR2I_H_
 #define SHADOW_INCLUDE_LIB_ATOI_STR2I_STR2I_H_
 #include <config.h>
 #include "atoi/str2i/str2s.h"
 #include "atoi/str2i/str2u.h"
 #define str2i(TYPE, ...)                                                      \
 (                                                                             \
 	_Generic((TYPE) 0,                                                    \
 		short:              str2sh,                                   \
 		int:                str2si,                                   \
 		long:               str2sl,                                   \
 		long long:          str2sll,                                  \
 		unsigned short:     str2uh,                                   \
 		unsigned int:       str2ui,                                   \
 		unsigned long:      str2ul,                                   \
 		unsigned long long: str2ull                                   \
 	)(__VA_ARGS__)                                                        \
 )
 #endif  // include guard
@@ -1,14 +0,0 @@
 // SPDX-FileCopyrightText: 2007-2009, Nicolas François
 // SPDX-FileCopyrightText: 2023-2024, Alejandro Colomar <alx@kernel.org>
 // SPDX-License-Identifier: BSD-3-Clause
 #include <config.h>
 #include "atoi/str2i/str2s.h"
 extern inline int str2sh(short *restrict n, const char *restrict s);
 extern inline int str2si(int *restrict n, const char *restrict s);
 extern inline int str2sl(long *restrict n, const char *restrict s);
 extern inline int str2sll(long long *restrict n, const char *restrict s);
@@ -1,57 +0,0 @@
 // SPDX-FileCopyrightText: 2007-2009, Nicolas François
 // SPDX-FileCopyrightText: 2023-2024, Alejandro Colomar <alx@kernel.org>
 // SPDX-License-Identifier: BSD-3-Clause
 #ifndef SHADOW_INCLUDE_LIB_ATOI_STR2I_STR2S_H_
 #define SHADOW_INCLUDE_LIB_ATOI_STR2I_STR2S_H_
 #include <config.h>
 #include <limits.h>
 #include <stddef.h>
 #include "atoi/a2i/a2s.h"
 #include "attr.h"
 ATTR_STRING(2) ATTR_ACCESS(write_only, 1)
 inline int str2sh(short *restrict n, const char *restrict s);
 ATTR_STRING(2) ATTR_ACCESS(write_only, 1)
 inline int str2si(int *restrict n, const char *restrict s);
 ATTR_STRING(2) ATTR_ACCESS(write_only, 1)
 inline int str2sl(long *restrict n, const char *restrict s);
 ATTR_STRING(2) ATTR_ACCESS(write_only, 1)
 inline int str2sll(long long *restrict n, const char *restrict s);
 inline int
 str2sh(short *restrict n, const char *restrict s)
 {
 	return a2sh(n, s, NULL, 0, SHRT_MIN, SHRT_MAX);
 }
 inline int
 str2si(int *restrict n, const char *restrict s)
 {
 	return a2si(n, s, NULL, 0, INT_MIN, INT_MAX);
 }
 inline int
 str2sl(long *restrict n, const char *restrict s)
 {
 	return a2sl(n, s, NULL, 0, LONG_MIN, LONG_MAX);
 }
 inline int
 str2sll(long long *restrict n, const char *restrict s)
 {
 	return a2sll(n, s, NULL, 0, LLONG_MIN, LLONG_MAX);
 }
 #endif  // include guard
@@ -1,14 +0,0 @@
 // SPDX-FileCopyrightText: 2007-2009, Nicolas François
 // SPDX-FileCopyrightText: 2023-2024, Alejandro Colomar <alx@kernel.org>
 // SPDX-License-Identifier: BSD-3-Clause
 #include <config.h>
 #include "atoi/str2i/str2u.h"
 extern inline int str2uh(unsigned short *restrict n, const char *restrict s);
 extern inline int str2ui(unsigned int *restrict n, const char *restrict s);
 extern inline int str2ul(unsigned long *restrict n, const char *restrict s);
 extern inline int str2ull(unsigned long long *restrict n, const char *restrict s);
--- a/Show More
+++ b/Show More
Author	SHA1	Message	Date
nekral-guest	2173cd0d33	Move the 4.1.2.1 branch to a tag. The branch is no more needed.	2008-06-26 21:10:10 +00:00
nekral-guest	28f9aed5be	Prepare the 4.1.2.1 release * NEWS: set the release date. * man/po/.po, po/.po: Updated PO files. * configure.in: Set the version to 4.1.2.1.	2008-06-26 20:29:59 +00:00
nekral-guest	3021f35c3a	* NEWS, src/login.c: Fix an "audit log injection" vulnerability in login. This is similar to CVE-2008-1926 (util-linux-ng's login). This vulnerability makes it easier for attackers to hide activities by modifying portions of log events, e.g. by appending an addr= statement to the login name. * lib/prototypes.h: Added definition of AUDIT_NO_ID.	2008-06-26 20:28:31 +00:00
nekral-guest	ad0797f129	Prepare a 4.1.2.1 branch based on release 4.1.2	2008-06-23 23:52:40 +00:00
nekral-guest	b8a41d9480	Tag release 4.1.2	2008-05-25 12:58:59 +00:00