release 4.14.0

Signed-off-by: Serge Hallyn <serge@hallyn.com>
pre-release 4.14.0-rc5
2023-08-15 21:38:30 -05:00 · 2023-08-14 11:51:36 -05:00 · 2023-08-14 09:08:35 -05:00 · 2023-08-14 07:06:51 -05:00 · 2023-08-12 23:17:52 -05:00 · 2023-08-12 23:16:56 -05:00
1052 changed files with 36133 additions and 25305 deletions
@@ -0,0 +1,34 @@
 image: alpine/latest
 # apk add --update alpine-sdk
 packages:
  - cmd:setcap
  - autoconf
  - automake
  - byacc
  - expect
  - gettext
  - gettext-dev
  - gettext-lang
  - libbsd-dev
  - libcap-dev
  - libtool
  - linux-pam-dev
  - pkgconf
  - sed
 sources:
  - https://github.com/shadow-maint/shadow
 tasks:
  - build: |
      cd shadow
      ./autogen.sh --without-selinux --disable-man --disable-nls
      grep ENABLE_ config.status
  - tasks: |
      cd shadow
      cat /proc/self/uid_map
      cat /proc/self/status
      make
      make DESTDIR=/tmp/shadow-inst install
      sudo make install
      #TODO - fix up the tests.  Let's merge what's here now as it
      #at least tests build.
      #(cd tests; sudo ./run_some || { cat testsuite.log; false; })
@@ -0,0 +1,33 @@
 image: fedora/latest
 packages:
  - autoconf
  - automake
  - byacc
  - expect
  - findutils
  - gettext
  - gettext-devel
  - git
  - libbsd-devel
  - libselinux-devel
  - libsemanage-devel
  - libtool
  - libxslt
  - pkgconf
 sources:
  - https://github.com/shadow-maint/shadow
 tasks:
  - build: |
      cd shadow
      ./autogen.sh --with-selinux --enable-man
      grep ENABLE_ config.status
  - tasks: |
      cd shadow
      cat /proc/self/uid_map
      cat /proc/self/status
      make
      make DESTDIR=/tmp/shadow-inst install
      sudo make install
      #TODO - fix up the tests.  Let's merge what's here now as it
      #at least tests build.
      #(cd tests; sudo ./run_some || { cat testsuite.log; false; })
@@ -0,0 +1,28 @@
 image: ubuntu/focal
 packages:
  - automake
  - autopoint
  - xsltproc
  - libbsd-dev
  - libselinux1-dev
  - gettext
  - expect
  - byacc
  - libtool
  - pkgconf
 sources:
  - https://github.com/shadow-maint/shadow
 tasks:
  - build: |
      cd shadow
      ./autogen.sh --without-selinux --disable-man
      grep ENABLE_ config.status
  - tasks: |
      cd shadow
      cat /proc/self/uid_map
      cat /proc/self/status
      systemd-detect-virt
      make
      make DESTDIR=/tmp/shadow-inst install
      sudo make install
      (cd tests; sudo ./run_some || { cat testsuite.log; false; })
@@ -0,0 +1,28 @@
 image: ubuntu/22.04
 packages:
  - automake
  - autopoint
  - xsltproc
  - libbsd-dev
  - libselinux1-dev
  - gettext
  - expect
  - byacc
  - libtool
  - pkgconf
 sources:
  - https://github.com/shadow-maint/shadow
 tasks:
  - build: |
      cd shadow
      ./autogen.sh --without-selinux --enable-man
      grep ENABLE_ config.status
  - tasks: |
      cat /proc/self/uid_map
      cat /proc/self/status
      systemd-detect-virt
      cd shadow
      make
      make DESTDIR=/tmp/shadow-inst install
      sudo make install
      (cd tests; sudo ./run_some || { cat testsuite.log; false; })
@@ -0,0 +1,4 @@
 root = true
 [*.{c,h}]
 indent_style = tab
@@ -0,0 +1,12 @@
 name: 'Install dependencies'
 description: 'Install dependencies to build shadow-utils'
 runs:
  using: "composite"
  steps:
  - shell: bash
    run: |
      sudo apt-get update -y
      sudo apt-get install -y ubuntu-dev-tools libbsd-dev
      sudo sed -Ei 's/^# deb-src /deb-src /' /etc/apt/sources.list
      sudo apt-get update -y
      sudo apt-get -y build-dep shadow
@@ -0,0 +1,108 @@
 name: CI
 on:
  push:
    branches: [ master ]
  pull_request:
    branches: [ master ]
  # Allows you to run this workflow manually from the Actions tab
  workflow_dispatch:
 jobs:
  build:
    runs-on: ubuntu-latest
    steps:
    - uses: actions/checkout@v3
    - name: debug
      run: |
        id
        which bash
        whoami
        env
        ps -ef
        pwd
        cat /proc/self/uid_map
        cat /proc/self/status
        systemd-detect-virt
    - name: Install dependencies
      run: |
        sudo cat /etc/apt/sources.list
        sudo sed -i '/deb-src/d' /etc/apt/sources.list
        sudo sed -i '/^deb /p;s/ /-src /' /etc/apt/sources.list
        export DEBIAN_PRIORITY=critical
        export DEBIAN_FRONTEND=noninteractive
        # let's try to work around upgrade breakage in a pkg we don't care about
        sudo apt-mark hold grub-efi-amd64-bin grub-efi-amd64-signed
        sudo apt-get update
        sudo apt-get -y dist-upgrade
        sudo apt-get -y install ubuntu-dev-tools automake autopoint xsltproc gettext expect byacc libtool libbsd-dev pkgconf
        sudo apt-get -y build-dep shadow
    - name: configure
      run: |
        autoreconf -v -f --install
        ./autogen.sh --without-selinux --disable-man --with-yescrypt
    - run: make
    - run: make install DESTDIR=${HOME}/rootfs
    - run: sudo make install
    - name: run tests in shell with tty
      shell: 'script -q -e -c "bash {0}"'
      run: |
        set -e
        cd tests
        sudo ./run_some
        cat testsuite.log
  # Make sure that 'make dist' makes a usable tarball with no missing files
  dist-build:
    runs-on: ubuntu-latest
    steps:
    - name: Checkout repository
      uses: actions/checkout@v3
    - name: Install dependencies
      run: |
        sudo cat /etc/apt/sources.list
        sudo sed -i '/deb-src/d' /etc/apt/sources.list
        sudo sed -i '/^deb /p;s/ /-src /' /etc/apt/sources.list
        export DEBIAN_PRIORITY=critical
        export DEBIAN_FRONTEND=noninteractive
        # let's try to work around upgrade breakage in a pkg we don't care about
        sudo apt-mark hold grub-efi-amd64-bin grub-efi-amd64-signed
        sudo apt-get update
        sudo apt-get -y dist-upgrade
        sudo apt-get -y install ubuntu-dev-tools automake autopoint xsltproc gettext expect byacc libtool libbsd-dev pkgconf
        sudo apt-get -y build-dep shadow
    - name: Test make dist
      run: |
        ./autogen.sh
        make dist
        f=shadow-*.tar.gz
        tar -zxf $f
        d=$(basename $f .tar.gz)
        cd $d
        ./configure
        make -j5
  container-build:
    runs-on: ubuntu-latest
    strategy:
      matrix:
        os: [alpine, debian, fedora]
    steps:
    - name: Checkout repository
      uses: actions/checkout@v3
    - name: Build container
      run: |
        docker buildx build -f ./share/containers/${{ matrix.os }}.dockerfile . --output build-out
    - name: Store artifacts
      uses: actions/upload-artifact@v3
      with:
        name: ${{ matrix.os }}-build
        path: |
          ./build-out/config.log
          ./build-out/config.h
        if-no-files-found: ignore
@@ -0,0 +1,61 @@
 name: "Static code analysis"
 on:
  push:
    branches: [master]
  pull_request:
    branches: [master]
  schedule:
    # Everyday at midnight
    - cron: '0 0 * * *'
 jobs:
  codeql:
    runs-on: ubuntu-latest
    permissions:
      security-events: write
    steps:
    - name: Checkout repository
      uses: actions/checkout@v3
    - name: Install dependencies
      id: dependencies
      uses: ./.github/actions/install-dependencies
    - name: Initialize CodeQL
      uses: github/codeql-action/init@v2
      with:
        languages: cpp
        queries: +security-and-quality
    - name: Configure shadow-utils
      run: ./autogen.sh --without-selinux --disable-man
    - name: Build shadow-utils
      run: |
        PROCESSORS=$(/usr/bin/getconf _NPROCESSORS_ONLN)
        make -kj$PROCESSORS || true
    - name: Check build errors
      run: make
    - name: Perform CodeQL Analysis
      uses: github/codeql-action/analyze@v2
  differential-shellcheck:
    runs-on: ubuntu-latest
    permissions:
      contents: read
      security-events: write
    steps:
      - name: Checkout repository
        uses: actions/checkout@v3
        with:
          fetch-depth: 0
      # Doc: https://github.com/redhat-plumbers-in-action/differential-shellcheck#usage
      - name: Differential ShellCheck
        uses: redhat-plumbers-in-action/differential-shellcheck@v3
        with:
          severity: warning
          token: ${{ secrets.GITHUB_TOKEN }}
@@ -48,3 +48,4 @@ Makefile.in
 /shadow.spec
 /shadow-*.tar.*
 /libmisc/getdate.c
 /libsubid/subid.h
@@ -36,7 +36,7 @@ addons:
    notification_email: christian.brauner@ubuntu.com,serge@hallyn.com
    build_command_prepend: "./autogen.sh --without-selinux --disable-man"
-    build_command: "make -j4"
+    build_command: "make -kj4 || make"
    branch_pattern: master
 script:
@@ -0,0 +1,90 @@
 Thanks to at least the following people for sending patches, bug
 reports and various comments. This list may be incomplete, I received
 a lot of mail...
 # Maintainers
 * Marek Michałkiewicz <marekm72@gmail.com> (1995-2000)
 * Tomasz Kłoczko <kloczek@pld.org.pl> (2000-2007)
 * Nicolas François <nicolas.francois@centraliens.net> (2007-2014)
 * Serge E. Hallyn <serge@hallyn.com> (2014-now)
 * Christian Brauner <christian@brauner.io> (2019-now)
 * Iker Pedrosa <ipedrosa@redhat.com> (2022-now)
 # Authors and contributors
 * Adam Rudnicki <adam@v-lo.krakow.pl>
 * Alan Curry <pacman@tardis.mars.net>
 * Aleksa Sarai <cyphar@cyphar.com>
 * Alexander O. Yuriev <alex@bach.cis.temple.edu>
 * Algis Rudys <arudys@rice.edu>
 * Andreas Jaeger <aj@arthur.rhein-neckar.de>
 * Andy Zaugg <andy.zaugg@gmail.com>
 * Aniello Del Sorbo <anidel@edu-gw.dia.unisa.it>
 * Anton Gluck <gluc@midway.uchicago.edu>
 * Arkadiusz Miskiewicz <misiek@pld.org.pl>
 * Ben Collins <bcollins@debian.org>
 * Brian R. Gaeke <brg@dgate.org>
 * Calle Karlsson <ckn@kash.se>
 * Chip Rosenthal <chip@unicom.com>
 * Chris Evans <lady0110@sable.ox.ac.uk>
 * Chris Lamb <chris@chris-lamb.co.uk>
 * Cristian Gafton <gafton@sorosis.ro>
 * Dan Walsh <dwalsh@redhat.com>
 * Darcy Boese <possum@chardonnay.niagara.com>
 * Dave Hagewood <admin@arrowweb.com>
 * David A. Holland <dholland@hcs.harvard.edu>
 * David Frey <David.Frey@lugs.ch>
 * Ed Carp <ecarp@netcom.com>
 * Ed Neville <ed@s5h.net>
 * Eric W. Biederman" <ebiederm@xmission.com>
 * Floody <flood@evcom.net>
 * Frank Denis <j@4u.net>
 * George Kraft IV <gk4@us.ibm.com>
 * Greg Mortensen <loki@world.std.com>
 * Guido van Rooij
 * Guy Maor <maor@debian.org>
 * Hrvoje Dogan <hdogan@bjesomar.srce.hr>
 * Jakub Hrozek <jhrozek@redhat.com>
 * Janos Farkas <chexum@bankinf.banki.hu>
 * Jason Franklin <jason.franklin@quoininc.com>
 * Jay Soffian <jay@lw.net>
 * Jesse Thilo <Jesse.Thilo@pobox.com>
 * Joey Hess <joey@kite.ml.org>
 * John Adelsberger <jja@umr.edu>
 * Jonathan Hankins <jhankins@mailserv.homewood.k12.al.us>
 * Jon Lewis <jlewis@lewis.org>
 * Joshua Cowan <jcowan@hermit.reslife.okstate.edu>
 * Judd Bourgeois <shagboy@bluesky.net>
 * Juergen Heinzl <unicorn@noris.net>
 * Juha Virtanen <jiivee@iki.fi>
 * Julian Pidancet <julian.pidancet@gmail.com>
 * Julianne Frances Haugh <julie78787@gmail.com>
 * Leonard N. Zubkoff <lnz@dandelion.com>
 * Luca Berra <bluca@www.polimi.it>
 * Lukáš Kuklínek <lkukline@redhat.com>
 * Lutz Schwalowsky <schwalow@mineralogie.uni-hamburg.de>
 * Marc Ewing <marc@redhat.com>
 * Martin Bene <mb@sime.com>
 * Martin Mares <mj@gts.cz>
 * Michael Meskes <meskes@topsystem.de>
 * Michael Talbot-Wilson <mike@calypso.bns.com.au>
 * Michael Vetter <jubalh@iodoru.org>
 * Mike Frysinger <vapier@gentoo.org>
 * Mike Pakovic <mpakovic@users.southeast.net>
 * Nicolas François <nicolas.francois@centraliens.net>
 * Nikos Mavroyanopoulos <nmav@i-net.paiko.gr>
 * Pavel Machek <pavel@bug.ucw.cz>
 * Peter Vrabec <pvrabec@redhat.com>
 * Phillip Street
 * Rafał Maszkowski <rzm@icm.edu.pl>
 * Rani Chouha <ranibey@smartec.com>
 * Sami Kerola <kerolasa@rocketmail.com>
 * Scott Garman <scott.a.garman@intel.com>
 * Sebastian Rick Rijkers <srrijkers@gmail.com>
 * Seraphim Mellos <mellos@ceid.upatras.gr>
 * Shane Watts <shane@nexus.mlckew.edu.au>
 * Steve M. Robbins <steve@nyongwa.montreal.qc.ca>
 * Thorsten Kukuk <kukuk@suse.de>
 * Tim Hockin <thockin@eagle.ais.net>
 * Timo Karjalainen <timok@iki.fi>
 * Ulisses Alonso Camaro <ulisses@pusa.eleinf.uv.es>
 * Werner Fink <werner@suse.de>
@@ -1,118 +1,41 @@
-NOTE:
+SPDX-License-Identifier: BSD-3-Clause
  This license has been obsoleted by the change to the BSD-style copyright.
  You may continue to use this license if you wish, but you are under no
  obligation to do so.
-(*
+All files under this project either
 This document is freely plagiarised from the 'Artistic Licence',
 distributed as part of the Perl v4.0 kit by Larry Wall, which is
 available from most major archive sites.  I stole it from CrackLib.
-	$Id$
+1. fall under the BSD 3 clause license (by default).
 *)
-This documents purpose is to state the conditions under which this
+2. carry an SPDX header declaring what license applies.
 Package (See definition below) viz: "Shadow", the Shadow Password Suite
 which is held by Julianne Frances Haugh, may be copied, such that the
 copyright holder maintains some semblance of artistic control over the
 development of the package, while giving the users of the package the
 right to use and distribute the Package in a more-or-less customary
 fashion, plus the right to make reasonable modifications. 
-So there.
+or
-***************************************************************************
+3. list a full custom license
-Definitions:
+This software is originally
 * Copyright (c) 1989 - 1994, Julianne Frances Haugh
-A "Package" refers to the collection of files distributed by the
+ * All rights reserved.
-Copyright Holder, and derivatives of that collection of files created
+ *
-through textual modification, or segments thereof. 
+ * Redistribution and use in source and binary forms, with or without
-
+ * modification, are permitted provided that the following conditions
-"Standard Version" refers to such a Package if it has not been modified,
+ * are met:
-or has been modified in accordance with the wishes of the Copyright
+ * 1. Redistributions of source code must retain the above copyright
-Holder.
+ *    notice, this list of conditions and the following disclaimer.
-
+ * 2. Redistributions in binary form must reproduce the above copyright
-"Copyright Holder" is whoever is named in the copyright or copyrights
+ *    notice, this list of conditions and the following disclaimer in the
-for the package.
+ *    documentation and/or other materials provided with the distribution.
-
+ * 3. The name of the copyright holders or contributors may not be used to
-"You" is you, if you're thinking about copying or distributing this
+ *    endorse or promote products derived from this software without
-Package.
+ *    specific prior written permission.
-
+ *
-"Reasonable copying fee" is whatever you can justify on the basis of
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
-media cost, duplication charges, time of people involved, and so on.
+ * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
-(You will not be required to justify it to the Copyright Holder, but
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
-only to the computing community at large as a market that must bear the
+ * PARTICULAR PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE COPYRIGHT
-fee.)
+ * HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
-"Freely Available" means that no fee is charged for the item itself,
+ * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
-though there may be fees involved in handling the item.  It also means
+ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
-that recipients of the item may redistribute it under the same
+ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
-conditions they received it.
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
-
+ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 1.  You may make and give away verbatim copies of the source form of the
 Standard Version of this Package without restriction, provided that you
 duplicate all of the original copyright notices and associated
 disclaimers.
 2.  You may apply bug fixes, portability fixes and other modifications
 derived from the Public Domain or from the Copyright Holder.  A Package
 modified in such a way shall still be considered the Standard Version.
 3.  You may otherwise modify your copy of this Package in any way,
 provided that you insert a prominent notice in each changed file stating
 how and when AND WHY you changed that file, and provided that you do at
 least ONE of the following:
 a) place your modifications in the Public Domain or otherwise make them
 Freely Available, such as by posting said modifications to Usenet or an
 equivalent medium, or placing the modifications on a major archive site
 such as uunet.uu.net, or by allowing the Copyright Holder to include
 your modifications in the Standard Version of the Package.
 b) use the modified Package only within your corporation or organization.
 c) rename any non-standard executables so the names do not conflict with
 standard executables, which must also be provided, and provide separate
 documentation for each non-standard executable that clearly documents
 how it differs from the Standard Version.
 d) make other distribution arrangements with the Copyright Holder.
 4.  You may distribute the programs of this Package in object code or
 executable form, provided that you do at least ONE of the following:
 a) distribute a Standard Version of the executables and library files,
 together with instructions (in the manual page or equivalent) on where
 to get the Standard Version.
 b) accompany the distribution with the machine-readable source of the
 Package with your modifications.
 c) accompany any non-standard executables with their corresponding
 Standard Version executables, giving the non-standard executables
 non-standard names, and clearly documenting the differences in manual
 pages (or equivalent), together with instructions on where to get the
 Standard Version.
 d) make other distribution arrangements with the Copyright Holder.
 5.  You may charge a reasonable copying fee for any distribution of this
 Package.  You may charge any fee you choose for support of this Package. 
 YOU MAY NOT CHARGE A FEE FOR THIS PACKAGE ITSELF.  However, you may
 distribute this Package in aggregate with other (possibly commercial)
 programs as part of a larger (possibly commercial) software distribution
 provided that YOU DO NOT ADVERTISE this package as a product of your
 own. 
 6.  The name of the Copyright Holder may not be used to endorse or
 promote products derived from this software without specific prior
 written permission.
 7.  THIS PACKAGE IS PROVIDED "AS IS" AND WITHOUT ANY EXPRESS OR IMPLIED
 WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF
 MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
 				The End
@@ -1,3 +1,161 @@
 2022-11-08  Serge Hallyn <serge@hallyn.com>
 	* useradd.8: fix default group ID (Tim Biermann)
 	* Revert drop of subid_init() (Serge Hallyn)
 	* Georgian translation (NorwayFun)
 	* useradd: Avoid taking unneeded space: do not reset non-existent data
 	  in lastlog (David Kalnischkies)
 	* relax username restrictions (Alexander Kanavin)
 	* selinux: check MLS enabled before setting serange (genBTC)
 	* copy_tree: use fchmodat instead of chmod (Samanta Navarro)
 	* copy_tree: don't block on FIFOs (Samanta Navarro)
 	* add shell linter (Jan Macku)
 	* copy_tree: carefully treat permissions (Samanta Navarro)
 	* lib/commonio: make lock failures more detailed (Luca BRUNO)
 	* lib: use strzero and memzero where applicable (Christian Göttsche)
 	* Update Dutch translation (Frans Spiesschaert)
 	* Don't test for NULL before calling free (Alex Colomar)
 	* Use libc MAX() and MIN() (Alejandro Colomar)
 	* chage: Fix regression in print_date (Xiami)
 	* usermod: report error if homedir does not exist (Iker Pedrosa)
 	* libmisc: minimum id check for system accounts (Iker Pedrosa)
 	* fix usermod -rG x y wrongly adding a group (xyz)
 	* man: add missing space in useradd.8.xml (Iker Pedrosa)
 	* lastlog: check for localtime() return value (Iker Pedrosa)
 	* Raise limit for passwd and shadow entry length (Iker Pedrosa)
 	* Remove adduser-old.c (Alejandro Colomar)
 	* useradd: Fix buffer overflow when using a prefix (David Michael)
 	* Don't warn when failed to open /etc/nsswitch.conf (Serge Hallyn)
 2022-08-15  Serge Hallyn <serge@hallyn.com>
 	* Address CVE-2013-4235 (TOCTTOU when copying directories)
 	  (Christian Göttsche)
 2022-08-15  Serge Hallyn <serge@hallyn.com>
 	* Fix uk manpages
 2022-08-08  Serge Hallyn <serge@hallyn.com>
 	* Add absolute path hint to --root (Celeste Liu)
 	* Various cleanups (Christian Göttsche)
 	* Fix Ubuntu release used in CI tests (Jeremy Whiting)
 	* add -F options to useradd (and tests) (Masatake YAMATO)
 	* useradd manpage updates (Masatake YAMATO and Alexander Zhang))
 	* Check for ownerid (not just username) in subid ranges (Iker Pedrosa)
 2022-07-04  Serge Hallyn <serge@hallyn.com>
 	* Declare file local functions static (Christian Göttsche)
 	* Use strict prototypes (Christian Göttsche)
 	* Do not drop const qualifier for Basename (Christian Göttsche)
 	* Constify various pointers (Christian Göttsche)
 	* Don't return uninitialized memory (Christian Göttsche)
 	* Don't let compiler optimize away memory cleaning (Christian Göttsche)
 	* Remove many obsolete compatibility checks  and defines (Alejandro Colomar)
 	* Modify ID range check in useradd (Iker Pedrosa)
 	* Use "extern "C"" to make libsubid easier to use from C++ (Alois Wohlschlager)
 	* French translation updates (bubu)
 	* Fix s/with-pam/with-libpam/ (serge)
 	* Spanish translation updates (Fernando)
 	* French translation fixes (Balint Reczey)
 	* Default max group name length to 32 (Jami Kettunen)
 	* Fix PAM service files without-selinux (Ali Riza KESKIN)
 	* Improve manpages (Markus Hiereth)
 	  - groupadd, useradd, usermod
 	  - groups and id
 	  - pwck
 	* Add fedora to CI builds (Iker Pedrosa)
 	* Fix condition under which pw_dir check happens (Ed Neville)
 	* logoutd: switch to strncat (Steve Grubb)
 	* AUTHORS: improve markdown output (Iker Pedrosa)
 	* Handle ERANGE errors correctly (Niko)
 	* Check for fopen NULL return (juyin)
 	* Split get_salt() into its own fn juyin)
 	* Get salt before chroot to ensure /dev/urandom. (juyin)
 	* Chpasswd code cleanup (juyin)
 	* Work around git safe.directory enforcement (serge)
 	* Alphabetize order in usermod help (Matheus Marques)
 	* Erase password copy on error branches (Christian Göttsche)
 	* Suggest using --badname if needed (Iker Pedrosa)
 	* Update translation files (Iker Pedrosa)
 	* Correct badnames option to badname (Iker Pedrosa)
 	* configure: replace obsolete autoconf macros (Christian Göttsche)
 	* tests: replace egrep with grep -E (Sam James)
 	* Update Ukrainian translations (Yuri Chornoivan)
 	* Cleanups (Iker Pedrosa)
 	  - Remove redeclared variable
 	  - Remove commented out code and FIXMEs
 	  - Add header guards
 	  - Initialize local variables
 	* CI updates (Iker Pedrosa)
 	  - Create github workflow to install dependencies
 	  - Enable CodeQL
 	  - Update actions version
 	* libmisc: use /dev/urandom as fallback if other methods fail (Xi Ruoyao)
 2022-01-02  Serge Hallyn <serge@hallyn.com>
 	* build: include lib/shadowlog_internal.h in dist tarballs (Sam James)
 2022-01-02  Serge Hallyn <serge@hallyn.com>
 	* Handle possible TOCTTOU issues in usermod/userdel (edneville)
 	  * (CVE-2013-4235)
 	  * Use O_NOFOLLOW when copying file
 	  * Kill all user tasks in userdel
 	* Fix useradd -D segfault (Xi Ruoyao)
 	* Clean up obsolete libc feature-check ifdefs (Alejandro Colomar)
 	* Fix -fno-common build breaks due to duplicate Prog declarations
 	  (Adam Sampson)
 	* Have single date_to_str definition (Alejandro Colomar)
 	* Fix libsubid SONAME version (Sam James)
 2021-12-19  Serge Hallyn <serge@hallyn.com>
 	Note: From this release forward, su from this package should be
 	considered deprecated.  Please replace any users of it with su from
 	util-linux.  Please open an issue if there is a problem with that.
 	We intend to remove it in an upcoming release.
 	* libsubid fixes (Xi Ruoyao, Serge Hallyn, Iker Pedrosa, Mike Gilbert,
 	  GalaxyMaster, and Luís Ferreira)
 	* Rename the test program list_subid_ranges to getsubids, write
 	  a manpage, so distros can ship it. (Iker Pedrosa)
 	* Add libeconf dep for new*idmap (Iker Pedrosa)
 	* Allow all group types with usermod -G (Iker Pedrosa)
 	* Avoid useradd generating empty subid range (Iker Pedrosa)
 	* Handle NULL pw_passwd (Jaroslav Jindrak)
 	* Fix default value SHA_get_salt_rounds (Mike Gilbert)
 	* Use https where possible in README (Paul Menzel)
 	* Update content and format of README (Iker Pedrosa)
 	* Translation updates (Balint Reczey, Frans Spiesschaert)
 	* Switch from xml2po to itstool in 'make dist' (Serge Hallyn)
 	* Fix double frees (Michael Vetter)
 	* Add LOG_INIT configurable to useradd (Andy Zaugg)
 	* Add CREATE_MAIL_SPOOL documentation (Andy Zaugg)
 	* Create a security.md
 	* Fix su never being SIGKILLd when trapping TERM (Ruihan li)
 	* Fix wrong SELinux labels in several possible cases (Iker Pedrosa)
 	* Fix missing chmod in chadowtb_move (GalaxyMaster)
 	* Handle malformed hushlogins entries (Tobias Stoeckmann)
 	* Fix groupdel segv when passwd does not exist (François Rigault)
 	* Fix covscan-found newgrp segfault (Iker Pedrosa)
 	* Remove trailing slash on hoedir (Ed Neville)
 	* Fix passwd -l message - it does not change expirey (Ed Neville)
 	* Fix SIGCHLD handling bugs in su and vipw (Tobias Stoeckmann)
 	* Remove special case for "" in usermod (Alejandro Colomar)
 	* Implement usermod -rG to remove a specific group
 	  (Andy Zaugg)
 	* call pam_end() after fork in child path for su and login
 	  (Björn Fischer)
 	* useradd: In absence of /etc/passwd, assume 0 == root
 	  (Ludwig Nussel)
 	* lib: check NULL before freeing data (Iker Pedrosa)
 	* Fix pwck segfault (Iker Pedrosa)
 2021-07-22  Serge Hallyn <serge@hallyn.com>
 	* Updated translations (Björn Esser, Juergen Hoetzel)
@@ -9400,7 +9558,7 @@
 	* NEWS: release date corrected.
 	* NEWS, src/su.c:
-	fixed set enviroment too early when using PAM, so move it to !USE_PAM
+	fixed set environment too early when using PAM, so move it to !USE_PAM
 	(patch submitted by Mike Frysinger <vapier@gentoo.org>).
 2006-07-30  Tomasz Kłoczko  <kloczek@pld.org.pl>
@@ -10087,7 +10245,7 @@
 	* NEWS: cleanups.
 	* autogen.sh:
-	by default in development enviroment use CFLAGS="-O2 -Wall".
+	by default in development environment use CFLAGS="-O2 -Wall".
 	* src/chgpasswd.c (main): remove two unused variables (newgr and now).
@@ -11496,7 +11654,7 @@
 	in OPTIONS section). Describe -a and -k options.
 	* NEWS, src/su.c:
-	fixed twice copy enviroment which causes auth problems (bug was introduced in 4.0.12;
+	fixed twice copy environment which causes auth problems (bug was introduced in 4.0.12;
 	fix by Nicolas François <nicolas.francois@centraliens.net>).
 	* src/passwd.c, po/ja.po, po/ko.po, po/nb.po, po/nl.po, po/nn.po, po/pl.po, po/pt.po, po/pt_BR.po, po/ro.po, po/ru.po, po/sk.po, po/sq.po, po/sv.po, po/tl.po, po/tr.po, po/uk.po, po/vi.po, po/zh_CN.po, po/zh_TW.po, po/bs.po, po/ca.po, po/cs.po, po/da.po, po/de.po, po/el.po, po/es.po, po/eu.po, po/fi.po, po/fr.po, po/he.po, po/id.po, po/it.po:
@@ -12426,7 +12584,7 @@
 	http://bugs.debian.org/48002
 	* src/login.c, NEWS:
-	fixed loggin of username on succesful login (was using the normal username,
+	fixed loggin of username on successful login (was using the normal username,
 	when it should have used pam_user) http://bugs.debian.org/47819
 2005-06-02  Tomasz Kłoczko  <kloczek@pld.org.pl>
@@ -12871,7 +13029,7 @@
 	* man/pl/usermod.8: finish sync with english version.
 	* man/hu/login.1, man/pl/login.1, NEWS, man/Attic/login.1, man/de/login.1:
-	removed fragment about abilities pass enviroment variables in login prompt.
+	removed fragment about abilities pass environment variables in login prompt.
 	* man/Attic/gpasswd.1, man/Attic/newgrp.1:
 	fixes by Nicolas Nicolas François <nicolas.francois@centraliens.net> (not all
@@ -13350,7 +13508,7 @@
 	removed not used translations.
 	* NEWS, src/su.c:
-	fix adding of pam_env env variables to enviroment (Martin Schlemmer <azarah@nosferatu.za.org>).
+	fix adding of pam_env env variables to environment (Martin Schlemmer <azarah@nosferatu.za.org>).
 	* NEWS, configure.in:
 	fixed filling MAIL_SPOOL_DIR and MAIL_SPOOL_FILE variables which was allways
@@ -13447,7 +13605,7 @@
 	* NEWS, src/su.c:
 	add pam_open_session() support. If builded without PAM support
-	propagate $DISPLAY and $XAUTHORITY enviroment variables.
+	propagate $DISPLAY and $XAUTHORITY environment variables.
 	Based on http://www.gentoo.org/cgi-bin/viewcvs.cgi/sys-apps/shadow/files/shadow-4.0.4.1-su-pam_open_session.patch?rev=1.1
 2004-10-23  Tomasz Kłoczko  <kloczek@pld.org.pl>
@@ -696,7 +696,7 @@ shadow-4.0.18 -> shadow-4.0.18.1					03-08-2006
 shadow-4.0.17 -> shadow-4.0.18						01-08-2006
 *** general:
- su: fixed set enviroment too early when using PAM, so move it to !USE_PAM
+- su: fixed set environment too early when using PAM, so move it to !USE_PAM
  (patch submitted by Mike Frysinger <vapier@gentoo.org>),
 - groupadd, groupmod, useradd, usermod: fixed UID/GID overflow (fixed
  http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=198920)
@@ -855,7 +855,7 @@ shadow-4.0.14 -> shadow-4.0.15						13-03-2006
 - su: move exit() outside libmisc/shell.c::shell() for handle shell() errors
  on higher level (now is better visable where some programs exit with 126
  and 127 exit codes); added new shell() parameter (char *const envp[])
-  which allow fix preserving enviroment in su on using -p, (patch by
+  which allow fix preserving environment in su on using -p, (patch by
  Alexander Gattin <xrgtn@yandex.ru>),
 - su: added handle -c,--command option for GNU su compliance (merge
  437_su_-c_option Debian patch),
@@ -966,7 +966,7 @@ shadow-4.0.12 -> shadow-4.0.13						10-10-2005
  to example described in ident(1) man page (modern compilers like latest GCC
  removes not used functions by global optimization).
  So "ident /usr/bin/passwd" will show again some useable informations
- su: fixed twice copy enviroment which causes auth problems
+- su: fixed twice copy environment which causes auth problems
  (bug was introduced in 4.0.12; fix by Nicolas François <nicolas.francois@centraliens.net>),
 - chage: differentiate the different failure causes by the exit value
  This will permit to adduser Debian script to detect if chage failed because the
@@ -1133,7 +1133,7 @@ shadow-4.0.9 -> shadow-4.0.10						28-06-2005
  http://bugs.debian.org/53702
 - login: check for hushed login and pass PAM_SILENT if true,
  http://bugs.debian.org/48002
- login: fixed username on succesful login (was using the normal username,
+- login: fixed username on successful login (was using the normal username,
  when it should have used pam_user) http://bugs.debian.org/47819
 - remove using SHADOWPWD #define so now shadow is always built with shadow
  password support,
@@ -1212,7 +1212,7 @@ shadow-4.0.7 -> shadow-4.0.8						26-04-2005
  (without gshadow) doesn't permit to use newgrp,
 - newgrp(1): newgrp uses /bin/sh (not bash),
 - faillog(8): updated after rewritten faillog command for use getopt_long(),
- login(1): removed fragment about abilities pass enviroment variables in login prompt,
+- login(1): removed fragment about abilities pass environment variables in login prompt,
 - gshadow(5): new file (by Nicolas Nicolas François <nicolas.francois@centraliens.net>),
 - usermod(8): fixed #302388 Debian bug: added separated -o option description,
@@ -1242,7 +1242,7 @@ shadow-4.0.6 -> shadow-4.0.7						26-01-2005
 shadow-4.0.5 -> shadow-4.0.6						08-11-2004
- su: fixed adding of pam_env env variables to enviroment
+- su: fixed adding of pam_env env variables to environment
  (Martin Schlemmer <azarah@nosferatu.za.org>),
 - autoconf: fixed filling MAIL_SPOOL_DIR and MAIL_SPOOL_FILE variables
  which was always empty (Gregorio Guidi <g.guidi@sns.it>),
@@ -1275,7 +1275,7 @@ shadow-4.0.4.1 -> shadow-4.0.5						27-10-2004
  including symlinks placed into /etc/skel/public_html for example.
  http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=66819
 - su: add pam_open_session() support. If built without PAM support
-  propagate $DISPLAY and $XAUTHORITY enviroment variables.
+  propagate $DISPLAY and $XAUTHORITY environment variables.
  Based on http://www.gentoo.org/cgi-bin/viewcvs.cgi/sys-apps/shadow/files/shadow-4.0.4.1-su-pam_open_session.patch?rev=1.1
 - applied 036_pam_access_with_preauth.patch Debian patch submited by Bjorn
  Torkelsson <Bjorn.Torkelsson@hpc2n.umu.se>: add support for PAM account
@@ -1,124 +0,0 @@
 Shadow SITES
 ============
 Homepage
 	http://github.com/shadow-maint/shadow
 Issue tracker
 	http://github.com/shadow-maint/shadow/issues
 Releases
 	https://github.com/shadow-maint/shadow/releases
 Mailing lists
 	for general discuss: pkg-shadow-devel@alioth-lists.debian.net
 	commit list: pkg-shadow-commits@alioth-lists.debian.net
 Mailing lists subscription
 	http://alioth-lists.debian.net/mailman/listinfo/pkg-shadow-devel
 	http://alioth-lists.debian.net/mailman/listinfo/pkg-shadow-commits
 Mailing lists archives:
 	http://alioth-lists.debian.net/pipermail/pkg-shadow-devel/
 	http://alioth-lists.debian.net/pipermail/pkg-shadow-commits/
 S/Key support:
 	Shadow can be built with S/Key support using the S/Key package from:
 	http://cvsweb.netbsd.org/bsdweb.cgi/src/lib/libskey/
 	or
 	http://gentoo.osuosl.org/distfiles/skey-1.1.5.tar.bz2
 Authors and contributors
 ========================
 Thanks to at least the following people for sending patches, bug
 reports and various comments.  This list may be incomplete, I received
 a lot of mail...
 Adam Rudnicki <adam@v-lo.krakow.pl>
 Alan Curry <pacman@tardis.mars.net>
 Aleksa Sarai <cyphar@cyphar.com>
 Alexander O. Yuriev <alex@bach.cis.temple.edu>
 Algis Rudys <arudys@rice.edu>
 Andreas Jaeger <aj@arthur.rhein-neckar.de>
 Aniello Del Sorbo <anidel@edu-gw.dia.unisa.it>
 Anton Gluck <gluc@midway.uchicago.edu>
 Arkadiusz Miskiewicz <misiek@pld.org.pl>
 Ben Collins <bcollins@debian.org>
 Brian R. Gaeke <brg@dgate.org>
 Calle Karlsson <ckn@kash.se>
 Chip Rosenthal <chip@unicom.com>
 Chris Evans <lady0110@sable.ox.ac.uk>
 Chris Lamb <chris@chris-lamb.co.uk>
 Cristian Gafton <gafton@sorosis.ro>
 Dan Walsh <dwalsh@redhat.com>
 Darcy Boese <possum@chardonnay.niagara.com>
 Dave Hagewood <admin@arrowweb.com>
 David A. Holland <dholland@hcs.harvard.edu>
 David Frey <David.Frey@lugs.ch>
 Ed Carp <ecarp@netcom.com>
 Ed Neville <ed@s5h.net>
 Eric W. Biederman" <ebiederm@xmission.com>
 Floody <flood@evcom.net>
 Frank Denis <j@4u.net>
 George Kraft IV <gk4@us.ibm.com>
 Greg Mortensen <loki@world.std.com>
 Guido van Rooij
 Guy Maor <maor@debian.org>
 Hrvoje Dogan <hdogan@bjesomar.srce.hr>
 Jakub Hrozek <jhrozek@redhat.com>
 Janos Farkas <chexum@bankinf.banki.hu>
 Jason Franklin <jason.franklin@quoininc.com>
 Jay Soffian <jay@lw.net>
 Jesse Thilo <Jesse.Thilo@pobox.com>
 Joey Hess <joey@kite.ml.org>
 John Adelsberger <jja@umr.edu>
 Jonathan Hankins <jhankins@mailserv.homewood.k12.al.us>
 Jon Lewis <jlewis@lewis.org>
 Joshua Cowan <jcowan@hermit.reslife.okstate.edu>
 Judd Bourgeois <shagboy@bluesky.net>
 Juergen Heinzl <unicorn@noris.net>
 Juha Virtanen <jiivee@iki.fi>
 Julian Pidancet <julian.pidancet@gmail.com>
 Julianne Frances Haugh <jockgrrl@ix.netcom.com>
 Leonard N. Zubkoff <lnz@dandelion.com>
 Luca Berra <bluca@www.polimi.it>
 Lukáš Kuklínek <lkukline@redhat.com>
 Lutz Schwalowsky <schwalow@mineralogie.uni-hamburg.de>
 Marc Ewing <marc@redhat.com>
 Martin Bene <mb@sime.com>
 Martin Mares <mj@gts.cz>
 Michael Meskes <meskes@topsystem.de>
 Michael Talbot-Wilson <mike@calypso.bns.com.au>
 Michael Vetter <jubalh@iodoru.org>
 Mike Frysinger <vapier@gentoo.org>
 Mike Pakovic <mpakovic@users.southeast.net>
 Nicolas François <nicolas.francois@centraliens.net>
 Nikos Mavroyanopoulos <nmav@i-net.paiko.gr>
 Pavel Machek <pavel@bug.ucw.cz>
 Peter Vrabec <pvrabec@redhat.com>
 Phillip Street
 Rafał Maszkowski <rzm@icm.edu.pl>
 Rani Chouha <ranibey@smartec.com>
 Sami Kerola <kerolasa@rocketmail.com>
 Scott Garman <scott.a.garman@intel.com>
 Sebastian Rick Rijkers <srrijkers@gmail.com>
 Seraphim Mellos <mellos@ceid.upatras.gr>
 Shane Watts <shane@nexus.mlckew.edu.au>
 Steve M. Robbins <steve@nyongwa.montreal.qc.ca>
 Thorsten Kukuk <kukuk@suse.de>
 Tim Hockin <thockin@eagle.ais.net>
 Timo Karjalainen <timok@iki.fi>
 Ulisses Alonso Camaro <ulisses@pusa.eleinf.uv.es>
 Werner Fink <werner@suse.de>
 Maintainers
 ===========
 Tomasz Kłoczko <kloczek@pld.org.pl> (2000-2007)
 Nicolas François <nicolas.francois@centraliens.net> (2007-2014)
 Serge E. Hallyn <serge@hallyn.com> (2014-now)
 Christian Brauner <christian@brauner.io> (2019-now)
@@ -0,0 +1 @@
 README.md
@@ -0,0 +1,41 @@
 # shadow-utils
 ## Introduction
 The shadow-utils package includes the necessary programs for
 converting UNIX password files to the shadow password format, plus
 programs for managing user and group accounts. The pwconv command
 converts passwords to the shadow password format. The pwunconv command
 unconverts shadow passwords and generates a passwd file (a standard
 UNIX password file). The pwck command checks the integrity of password
 and shadow files. The lastlog command prints out the last login times
 for all users. The useradd, userdel, and usermod commands are used for
 managing user accounts. The groupadd, groupdel, and groupmod commands
 are used for managing group accounts.
 ## Sites
 * [Homepage](https://github.com/shadow-maint/shadow)
 * [Issue tracker](https://github.com/shadow-maint/shadow/issues)
 * [Releases](https://github.com/shadow-maint/shadow/releases)
 ## Contacts
 There are several ways to contact us:
 * [the general discussion mailing list](
  https://alioth-lists.debian.net/mailman/listinfo/pkg-shadow-devel)
 * the #shadow IRC channel on libera.chat:
  * irc://irc.libera.chat/shadow
 ### Mailing archives
 * [the general discussion mailing list archive](
  https://alioth-lists.debian.net/pipermail/pkg-shadow-devel/)
 * [the commit mailing list archive](
  https://alioth-lists-archive.debian.net/pipermail/pkg-shadow-commits/),
  only used for historical purposes
 ## Contributions
 Contributions are welcome. Follow the
 [guidelines](doc/contributions/introduction.md) before posting any patches.
 ## Authors and maintainers
 Authors and maintainers are listed in [AUTHORS.md](
 https://github.com/shadow-maint/shadow/blob/master/AUTHORS.md).
@@ -0,0 +1,12 @@
 # Security Policy
 ## Supported Versions
 At the moment only the latest release is supported.
 ## Reporting a Vulnerability
 Security vulnerabilities may be reported to
 * Serge Hallyn <serge@hallyn.com> (B175CFA98F192AF2)
 * Christian Brauner <christian@brauner.io> (4880B8C9BD0E5106FC070F4F7B3C391EFEA93624)
 * Iker Pedrosa <ipedrosa@redhat.com> (4E80EF49C7987B6DE2F81F5005079C6C3A653E57)
@@ -6,7 +6,7 @@ AC_DEFUN([JH_PATH_XML_CATALOG],
 [
  # check for the presence of the XML catalog
  AC_ARG_WITH([xml-catalog],
-              AC_HELP_STRING([--with-xml-catalog=CATALOG],
+              AS_HELP_STRING([--with-xml-catalog=CATALOG],
                             [path to xml catalog to use]),,
              [with_xml_catalog=/etc/xml/catalog])
  jh_found_xmlcatalog=true
@@ -4,6 +4,7 @@ autoreconf -v -f --install || exit 1
 ./configure \
 	CFLAGS="-O2 -Wall" \
 	--enable-lastlog \
 	--enable-man \
 	--enable-maintainer-mode \
 	--enable-shared \
@@ -1,10 +1,10 @@
 dnl Process this file with autoconf to produce a configure script.
 AC_PREREQ([2.69])
-m4_define([libsubid_abi_major], 3)
+m4_define([libsubid_abi_major], 4)
 m4_define([libsubid_abi_minor], 0)
 m4_define([libsubid_abi_micro], 0)
 m4_define([libsubid_abi], [libsubid_abi_major.libsubid_abi_minor.libsubid_abi_micro])
-AC_INIT([shadow], [4.9], [pkg-shadow-devel@lists.alioth.debian.org], [],
+AC_INIT([shadow], [4.14.0], [pkg-shadow-devel@lists.alioth.debian.org], [],
 	[https://github.com/shadow-maint/shadow])
 AM_INIT_AUTOMAKE([1.11 foreign dist-xz])
 AC_CONFIG_MACRO_DIRS([m4])
@@ -20,59 +20,41 @@ dnl Some hacks...
 test "$prefix" = "NONE" && prefix="/usr"
 test "$prefix" = "/usr" && exec_prefix=""
-AC_GNU_SOURCE
+AC_USE_SYSTEM_EXTENSIONS
-AM_ENABLE_STATIC
+AC_ENABLE_STATIC
-AM_ENABLE_SHARED
+AC_ENABLE_SHARED
 AM_MAINTAINER_MODE
 dnl Checks for programs.
 AC_PROG_CC
 AC_ISC_POSIX
 AC_PROG_LN_S
 AC_PROG_YACC
-AM_PROG_LIBTOOL
+LT_INIT
 dnl Checks for libraries.
 dnl Checks for header files.
-AC_HEADER_DIRENT
+AC_CHECK_HEADERS(crypt.h utmp.h \
-AC_HEADER_STDC
+	termio.h sgtty.h sys/ioctl.h paths.h \
-AC_HEADER_SYS_WAIT
+	sys/capability.h sys/random.h \
-AC_HEADER_STDBOOL
+	gshadow.h lastlog.h rpc/key_prot.h acl/libacl.h \
 AC_CHECK_HEADERS(crypt.h errno.h fcntl.h limits.h unistd.h sys/time.h utmp.h \
 	utmpx.h termios.h termio.h sgtty.h sys/ioctl.h syslog.h paths.h \
 	utime.h ulimit.h sys/capability.h sys/random.h sys/resource.h \
 	gshadow.h lastlog.h locale.h rpc/key_prot.h netdb.h acl/libacl.h \
 	attr/libattr.h attr/error_context.h)
 dnl shadow now uses the libc's shadow implementation
 AC_CHECK_HEADER([shadow.h],,[AC_MSG_ERROR([You need a libc with shadow.h])])
-AC_CHECK_FUNCS(arc4random_buf l64a fchmod fchown fsync futimes getgroups \
+AC_CHECK_FUNCS(arc4random_buf futimes \
-	gethostname getentropy getrandom getspnam gettimeofday getusershell \
+	getentropy getrandom getspnam getusershell \
-	getutent initgroups lchown lckpwdf lstat lutimes memcpy memset \
+	initgroups lckpwdf lutimes mempcpy \
-	setgroups sigaction strchr updwtmp updwtmpx innetgr getpwnam_r \
+	setgroups updwtmp updwtmpx innetgr \
-	getpwuid_r getgrnam_r getgrgid_r getspnam_r getaddrinfo ruserok \
+	getspnam_r \
-	dlopen)
+	rpmatch \
 	memset_explicit explicit_bzero stpecpy stpeprintf)
 AC_SYS_LARGEFILE
 dnl Checks for typedefs, structures, and compiler characteristics.
 AC_C_CONST
 AC_TYPE_UID_T
 AC_TYPE_OFF_T
 AC_TYPE_PID_T
 AC_TYPE_MODE_T
 AC_HEADER_STAT
 AC_CHECK_MEMBERS([struct stat.st_rdev])
 AC_CHECK_MEMBERS([struct stat.st_atim])
 AC_CHECK_MEMBERS([struct stat.st_atimensec])
 AC_CHECK_MEMBERS([struct stat.st_mtim])
 AC_CHECK_MEMBERS([struct stat.st_mtimensec])
 AC_HEADER_TIME
 AC_STRUCT_TM
 AC_CHECK_MEMBERS([struct utmp.ut_type,
                  struct utmp.ut_id,
@@ -86,39 +68,11 @@ AC_CHECK_MEMBERS([struct utmp.ut_type,
                  struct utmp.ut_xtime,
                  struct utmp.ut_tv],,,[[#include <utmp.h>]])
 AC_CHECK_MEMBERS([struct utmpx.ut_name,
                  struct utmpx.ut_host,
                  struct utmpx.ut_syslen,
                  struct utmpx.ut_addr,
                  struct utmpx.ut_addr_v6,
                  struct utmpx.ut_time,
                  struct utmpx.ut_xtime],,,[[#include <utmpx.h>]])
 if test "$ac_cv_header_lastlog_h" = "yes"; then
 	AC_CACHE_CHECK(for ll_host in struct lastlog,
 		ac_cv_struct_lastlog_ll_host,
 		AC_COMPILE_IFELSE([AC_LANG_PROGRAM([#include <lastlog.h>],
 					[struct lastlog ll; char *cp = ll.ll_host;]
 				)],
 			[ac_cv_struct_lastlog_ll_host=yes],
 			[ac_cv_struct_lastlog_ll_host=no]
 		)
 	)
 	if test "$ac_cv_struct_lastlog_ll_host" = "yes"; then
 		AC_DEFINE(HAVE_LL_HOST, 1,
 			[Define if struct lastlog has ll_host])
 	fi
 fi
 dnl Checks for library functions.
 AC_TYPE_GETGROUPS
 AC_TYPE_SIGNAL
 AC_FUNC_UTIME_NULL
-AC_FUNC_STRFTIME
+AC_REPLACE_FUNCS(putgrent putpwent putspent)
 AC_REPLACE_FUNCS(mkdir putgrent putpwent putspent rename rmdir)
 AC_REPLACE_FUNCS(sgetgrent sgetpwent sgetspent)
 AC_REPLACE_FUNCS(snprintf strcasecmp strdup strerror strstr)
 AC_CHECK_FUNC(setpgrp)
 AC_CHECK_FUNC(secure_getenv, [AC_DEFINE(HAS_SECURE_GETENV,
@@ -130,6 +84,10 @@ if test "$ac_cv_header_shadow_h" = "yes"; then
 		ac_cv_libc_shadowgrp,
 		AC_RUN_IFELSE([AC_LANG_SOURCE([
 				#include <shadow.h>
 				#ifdef HAVE_GSHADOW_H
 				#include <gshadow.h>
 				#endif
 				int
 				main()
 				{
 					struct sgrp *sg = sgetsgent("test:x::");
@@ -205,14 +163,14 @@ AC_DEFINE_UNQUOTED(PASSWD_PROGRAM, "$shadow_cv_passwd_dir/passwd",
 	[Path to passwd program.])
 dnl XXX - quick hack, should disappear before anyone notices :).
-AC_DEFINE(USE_SYSLOG, 1, [Define to use syslog().])
+dnl XXX - I just read the above message :).
 if test "$ac_cv_func_ruserok" = "yes"; then
 	AC_DEFINE(RLOGIN, 1, [Define if login should support the -r flag for rlogind.])
 	AC_DEFINE(RUSEROK, 0, [Define to the ruserok() "success" return value (0 or 1).])
 fi
 AC_ARG_ENABLE(shadowgrp,
-	[AC_HELP_STRING([--enable-shadowgrp], [enable shadow group support @<:@default=yes@:>@])],
+	[AS_HELP_STRING([--enable-shadowgrp], [enable shadow group support @<:@default=yes@:>@])],
 	[case "${enableval}" in
 	 yes) enable_shadowgrp="yes" ;;
 	  no) enable_shadowgrp="no" ;;
@@ -222,15 +180,15 @@ AC_ARG_ENABLE(shadowgrp,
 )
 AC_ARG_ENABLE(man,
-	[AC_HELP_STRING([--enable-man],
+	[AS_HELP_STRING([--enable-man],
 		[regenerate roff man pages from Docbook @<:@default=no@:>@])],
 	[enable_man="${enableval}"],
 	[enable_man="no"]
 )
 AC_ARG_ENABLE(account-tools-setuid,
-	[AC_HELP_STRING([--enable-account-tools-setuid],
+	[AS_HELP_STRING([--enable-account-tools-setuid],
-		[Install the user and group management tools setuid and authenticate the callers. This requires --with-pam.])],
+		[Install the user and group management tools setuid and authenticate the callers. This requires --with-libpam.])],
 	[case "${enableval}" in
 	 yes) enable_acct_tools_setuid="yes" ;;
 	  no) enable_acct_tools_setuid="no" ;;
@@ -240,77 +198,83 @@ AC_ARG_ENABLE(account-tools-setuid,
 	[enable_acct_tools_setuid="no"]
 )
 AC_ARG_ENABLE(utmpx,
 	[AC_HELP_STRING([--enable-utmpx],
 	                [enable loggin in utmpx / wtmpx @<:@default=no@:>@])],
 	[case "${enableval}" in
 	 yes) enable_utmpx="yes" ;;
 	  no) enable_utmpx="no" ;;
 	   *) AC_MSG_ERROR(bad value ${enableval} for --enable-utmpx) ;;
 	 esac],
 	[enable_utmpx="no"]
 )
 AC_ARG_ENABLE(subordinate-ids,
-	[AC_HELP_STRING([--enable-subordinate-ids],
+	[AS_HELP_STRING([--enable-subordinate-ids],
 		[support subordinate ids @<:@default=yes@:>@])],
 	[enable_subids="${enableval}"],
 	[enable_subids="maybe"]
 )
 AC_ARG_ENABLE(lastlog,
 	[AS_HELP_STRING([--enable-lastlog],
 		[enable lastlog @<:@default=no@:>@])],
 	[enable_lastlog="${enableval}"],
 	[enable_lastlog="no"]
 )
 AC_ARG_ENABLE(logind,
 	[AS_HELP_STRING([--enable-logind],
 		[enable logind @<:@default=yes@:>@])],
 	[enable_logind="${enableval}"],
 	[enable_logind="yes"]
 )
 AC_ARG_WITH(audit,
-	[AC_HELP_STRING([--with-audit], [use auditing support @<:@default=yes if found@:>@])],
+	[AS_HELP_STRING([--with-audit], [use auditing support @<:@default=yes if found@:>@])],
 	[with_audit=$withval], [with_audit=maybe])
 AC_ARG_WITH(libpam,
-	[AC_HELP_STRING([--with-libpam], [use libpam for PAM support @<:@default=yes if found@:>@])],
+	[AS_HELP_STRING([--with-libpam], [use libpam for PAM support @<:@default=yes if found@:>@])],
 	[with_libpam=$withval], [with_libpam=maybe])
 AC_ARG_WITH(btrfs,
-	[AC_HELP_STRING([--with-btrfs], [add BtrFS support @<:@default=yes if found@:>@])],
+	[AS_HELP_STRING([--with-btrfs], [add BtrFS support @<:@default=yes if found@:>@])],
 	[with_btrfs=$withval], [with_btrfs=maybe])
 AC_ARG_WITH(selinux,
-	[AC_HELP_STRING([--with-selinux], [use SELinux support @<:@default=yes if found@:>@])],
+	[AS_HELP_STRING([--with-selinux], [use SELinux support @<:@default=yes if found@:>@])],
 	[with_selinux=$withval], [with_selinux=maybe])
 AC_ARG_WITH(acl,
-	[AC_HELP_STRING([--with-acl], [use ACL support @<:@default=yes if found@:>@])],
+	[AS_HELP_STRING([--with-acl], [use ACL support @<:@default=yes if found@:>@])],
 	[with_acl=$withval], [with_acl=maybe])
 AC_ARG_WITH(attr,
-	[AC_HELP_STRING([--with-attr], [use Extended Attribute support @<:@default=yes if found@:>@])],
+	[AS_HELP_STRING([--with-attr], [use Extended Attribute support @<:@default=yes if found@:>@])],
 	[with_attr=$withval], [with_attr=maybe])
 AC_ARG_WITH(skey,
-	[AC_HELP_STRING([--with-skey], [use S/Key support @<:@default=no@:>@])],
+	[AS_HELP_STRING([--with-skey], [use S/Key support @<:@default=no@:>@])],
 	[with_skey=$withval], [with_skey=no])
 AC_ARG_WITH(tcb,
-	[AC_HELP_STRING([--with-tcb], [use tcb support (incomplete) @<:@default=yes if found@:>@])],
+	[AS_HELP_STRING([--with-tcb], [use tcb support (incomplete) @<:@default=yes if found@:>@])],
 	[with_tcb=$withval], [with_tcb=maybe])
 AC_ARG_WITH(libcrack,
-	[AC_HELP_STRING([--with-libcrack], [use libcrack @<:@default=no@:>@])],
+	[AS_HELP_STRING([--with-libcrack], [use libcrack @<:@default=no@:>@])],
 	[with_libcrack=$withval], [with_libcrack=no])
 AC_ARG_WITH(sha-crypt,
-	[AC_HELP_STRING([--with-sha-crypt], [allow the SHA256 and SHA512 password encryption algorithms @<:@default=yes@:>@])],
+	[AS_HELP_STRING([--with-sha-crypt], [allow the SHA256 and SHA512 password encryption algorithms @<:@default=yes@:>@])],
 	[with_sha_crypt=$withval], [with_sha_crypt=yes])
 AC_ARG_WITH(bcrypt,
-	[AC_HELP_STRING([--with-bcrypt], [allow the bcrypt password encryption algorithm @<:@default=no@:>@])],
+	[AS_HELP_STRING([--with-bcrypt], [allow the bcrypt password encryption algorithm @<:@default=no@:>@])],
 	[with_bcrypt=$withval], [with_bcrypt=no])
 AC_ARG_WITH(yescrypt,
-	[AC_HELP_STRING([--with-yescrypt], [allow the yescrypt password encryption algorithm @<:@default=no@:>@])],
+	[AS_HELP_STRING([--with-yescrypt], [allow the yescrypt password encryption algorithm @<:@default=no@:>@])],
 	[with_yescrypt=$withval], [with_yescrypt=no])
 AC_ARG_WITH(nscd,
-	[AC_HELP_STRING([--with-nscd], [enable support for nscd @<:@default=yes@:>@])],
+	[AS_HELP_STRING([--with-nscd], [enable support for nscd @<:@default=yes@:>@])],
 	[with_nscd=$withval], [with_nscd=yes])
 AC_ARG_WITH(sssd,
-	[AC_HELP_STRING([--with-sssd], [enable support for flushing sssd caches @<:@default=yes@:>@])],
+	[AS_HELP_STRING([--with-sssd], [enable support for flushing sssd caches @<:@default=yes@:>@])],
 	[with_sssd=$withval], [with_sssd=yes])
 AC_ARG_WITH(group-name-max-length,
-	[AC_HELP_STRING([--with-group-name-max-length], [set max group name length @<:@default=16@:>@])],
+	[AS_HELP_STRING([--with-group-name-max-length], [set max group name length @<:@default=32@:>@])],
 	[with_group_name_max_length=$withval], [with_group_name_max_length=yes])
 AC_ARG_WITH(su,
-	[AC_HELP_STRING([--with-su], [build and install su program and man page @<:@default=yes@:>@])],
+	[AS_HELP_STRING([--with-su], [build and install su program and man page @<:@default=yes@:>@])],
 	[with_su=$withval], [with_su=yes])
 AC_ARG_WITH(libbsd,
 	[AS_HELP_STRING([--with-libbsd], [use libbsd support @<:@default=yes if found@:>@])],
 	[with_libbsd=$withval], [with_libbsd=yes])
 if test "$with_group_name_max_length" = "no" ; then
 	with_group_name_max_length=0
 elif test "$with_group_name_max_length" = "yes" ; then
-	with_group_name_max_length=16
+	with_group_name_max_length=32
 fi
 AC_DEFINE_UNQUOTED(GROUP_NAME_MAX_LENGTH, $with_group_name_max_length, [max group name length])
 AC_SUBST(GROUP_NAME_MAX_LENGTH)
@@ -343,19 +307,19 @@ if test "$with_sssd" = "yes"; then
 	              [AC_MSG_ERROR([posix_spawn is needed for sssd support])])
 fi
-AS_IF([test "$with_su" != "no"], AC_DEFINE(WITH_SU, 1, [Build with su])])
+AS_IF([test "$with_su" != "no"], AC_DEFINE(WITH_SU, 1, [Build with su]))
 AM_CONDITIONAL([WITH_SU], [test "x$with_su" != "xno"])
 dnl Check for some functions in libc first, only if not found check for
 dnl other libraries.  This should prevent linking libnsl if not really
 dnl needed (Linux glibc, Irix), but still link it if needed (Solaris).
 AC_SEARCH_LIBS(inet_ntoa, inet)
 AC_SEARCH_LIBS(socket, socket)
 AC_SEARCH_LIBS(gethostbyname, nsl)
 AC_CHECK_LIB([econf],[econf_readDirs],[LIBECONF="-leconf"],[LIBECONF=""])
 if test -n "$LIBECONF"; then
        AC_DEFINE_UNQUOTED([VENDORDIR], ["$enable_vendordir"],
 					[Directory for distribution provided configuration files])
 	ECONF_CPPFLAGS="-DUSE_ECONF=1"
 	AC_ARG_ENABLE([vendordir],
 		AS_HELP_STRING([--enable-vendordir=DIR], [Directory for distribution provided configuration files]),,[])
@@ -363,6 +327,9 @@ fi
 AC_SUBST(ECONF_CPPFLAGS)
 AC_SUBST(LIBECONF)
 AC_SUBST([VENDORDIR], [$enable_vendordir])
 if test "x$enable_vendordir" != x; then
 	AC_DEFINE(HAVE_VENDORDIR, 1, [Define to support vendor settings.])
 fi
 AM_CONDITIONAL([HAVE_VENDORDIR], [test "x$enable_vendordir" != x])
 if test "$enable_shadowgrp" = "yes"; then
@@ -407,6 +374,39 @@ if test "$enable_subids" != "no"; then
 fi
 AM_CONDITIONAL(ENABLE_SUBIDS, test "x$enable_subids" != "xno")
 if test "$enable_lastlog" = "yes" && test "$ac_cv_header_lastlog_h" = "yes"; then
 	AC_CACHE_CHECK(for ll_host in struct lastlog,
 		ac_cv_struct_lastlog_ll_host,
 		AC_COMPILE_IFELSE([AC_LANG_PROGRAM([#include <lastlog.h>],
 					[struct lastlog ll; char *cp = ll.ll_host;]
 				)],
 			[ac_cv_struct_lastlog_ll_host=yes],
 			[ac_cv_struct_lastlog_ll_host=no]
 		)
 	)
 	if test "$ac_cv_struct_lastlog_ll_host" = "yes"; then
 		AC_DEFINE(HAVE_LL_HOST, 1,
 			[Define if struct lastlog has ll_host])
 		AC_DEFINE(ENABLE_LASTLOG, 1, [Define to support lastlog.])
 		enable_lastlog="yes"
 	else
 		AC_MSG_ERROR([Cannot enable support for lastlog on systems where the data structures aren't available])
 		enable_subids="no"
 	fi
 fi
 AM_CONDITIONAL(ENABLE_LASTLOG, test "x$enable_lastlog" != "xno")
 AC_SUBST(LIBSYSTEMD)
 if test "$enable_logind" = "yes"; then
 	AC_CHECK_LIB(systemd, sd_session_get_remote_host,
 		[enable_logind="yes"; [LIBSYSTEMD=-lsystemd];
 		AC_DEFINE(ENABLE_LOGIND, 1,
 			[Define to manage session support with logind.])],
 		[enable_logind="no"])
 fi
 AM_CONDITIONAL(ENABLE_LOGIND, test "x$enable_logind" != "xno")
 AC_SUBST(LIBCRYPT)
 AC_CHECK_LIB(crypt, crypt, [LIBCRYPT=-lcrypt],
 	[AC_MSG_ERROR([crypt() not found])])
@@ -415,6 +415,29 @@ AC_SUBST(LIYESCRYPT)
 AC_CHECK_LIB(crypt, crypt, [LIYESCRYPT=-lcrypt],
 	[AC_MSG_ERROR([crypt() not found])])
 AC_SUBST(LIBBSD)
 if test "$with_libbsd" != "no"; then
 	AC_SEARCH_LIBS([readpassphrase], [bsd], [], [
 		AC_MSG_ERROR([readpassphrase() is missing, either from libc or libbsd])
 	])
 	AS_IF([test "$ac_cv_search_readpassphrase" = "-lbsd"], [
 		PKG_CHECK_MODULES([LIBBSD], [libbsd-overlay])
 	])
 	dnl Make sure either the libc or libbsd provide the header.
 	save_CFLAGS="$CFLAGS"
 	CFLAGS="$CFLAGS $LIBBSD_CFLAGS"
 	AC_CHECK_HEADERS([readpassphrase.h])
 	AS_IF([test "$ac_cv_header_readpassphrase_h" != "yes"], [
 		AC_MSG_ERROR([readpassphrase.h is missing])
 	])
 	CFLAGS="$save_CFLAGS"
 	AC_DEFINE(WITH_LIBBSD, 1, [Build shadow with libbsd support])
 else
 	AC_DEFINE(WITH_LIBBSD, 0, [Build shadow without libbsd support])
 	AC_CHECK_FUNC(strlcpy, [], [AC_MSG_ERROR([strlcpy is required from glibc >= 2.38 or libbsd])])
 fi
 AM_CONDITIONAL(WITH_LIBBSD, test x$with_libbsd = xyes)
 AC_SUBST(LIBACL)
 if test "$with_acl" != "no"; then
 	AC_CHECK_HEADERS(acl/libacl.h attr/error_context.h, [acl_header="yes"], [acl_header="no"])
@@ -670,7 +693,7 @@ AM_CONDITIONAL(ACCT_TOOLS_SETUID, test "x$enable_acct_tools_setuid" = "xyes")
 AC_ARG_WITH(fcaps,
-	[AC_HELP_STRING([--with-fcaps], [use file capabilities instead of suid binaries for newuidmap/newgidmap @<:@default=no@:>@])],
+	[AS_HELP_STRING([--with-fcaps], [use file capabilities instead of suid binaries for newuidmap/newgidmap @<:@default=no@:>@])],
 	[with_fcaps=$withval], [with_fcaps=no])
 AM_CONDITIONAL(FCAPS, test "x$with_fcaps" = "xyes")
@@ -688,26 +711,19 @@ if test "$with_skey" = "yes"; then
 	AC_CHECK_LIB(skey, skeychallenge, [LIBSKEY=-lskey],
 		[AC_MSG_ERROR([liskey missing. You can download S/Key source code from http://rsync1.it.gentoo.org/gentoo/distfiles/skey-1.1.5.tar.bz2])])
 	AC_DEFINE(SKEY, 1, [Define to support S/Key logins.])
-	AC_TRY_COMPILE([
+	AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
 		#include <stdio.h>
 		#include <skey.h>
-	],[
+	]], [[
 		skeychallenge((void*)0, (void*)0, (void*)0, 0);
-	],[AC_DEFINE(SKEY_BSD_STYLE, 1, [Define to support newer BSD S/Key API])])
+	]])],[AC_DEFINE(SKEY_BSD_STYLE, 1, [Define to support newer BSD S/Key API])],[])
 fi
-if test "$enable_utmpx" = "yes"; then
+AC_CHECK_FUNC(fgetpwent_r, [AC_DEFINE(HAVE_FGETPWENT_R, 1, [Defined to 1 if you have the declaration of 'fgetpwent_r'])])
 	if test "$ac_cv_header_utmpx_h" != "yes"; then
 		AC_MSG_ERROR([The utmpx.h header file is required for utmpx support.])
 	fi
 	AC_DEFINE(USE_UTMPX,
 	          1,
 	          [Define if utmpx should be used])
 fi
 AC_DEFINE_UNQUOTED(SHELL, ["$SHELL"], [The default shell.])
-AM_GNU_GETTEXT_VERSION(0.16)
+AM_GNU_GETTEXT_VERSION([0.19])
 AM_GNU_GETTEXT([external], [need-ngettext])
 AM_CONDITIONAL(USE_NLS, test "x$USE_NLS" = "xyes")
@@ -734,15 +750,18 @@ AC_CONFIG_FILES([
 	man/ru/Makefile
 	man/sv/Makefile
 	man/tr/Makefile
 	man/uk/Makefile
 	man/zh_CN/Makefile
 	man/zh_TW/Makefile
 	libmisc/Makefile
 	lib/Makefile
 	libsubid/Makefile
 	libsubid/subid.h
 	src/Makefile
 	contrib/Makefile
 	etc/Makefile
 	etc/pam.d/Makefile
 	etc/shadow-maint/Makefile
 	shadow.spec
 ])
 AC_OUTPUT
@@ -769,6 +788,9 @@ echo "	yescrypt passwords encryption:	$with_yescrypt"
 echo "	nscd support:			$with_nscd"
 echo "	sssd support:			$with_sssd"
 echo "	subordinate IDs support:	$enable_subids"
 echo "	enable lastlog:			$enable_lastlog"
 echo "	enable logind:			$enable_logind"
 echo "	use file caps:			$with_fcaps"
 echo "	install su:			$with_su"
 echo "	enabled vendor dir:             $enable_vendordir"
 echo
@@ -1,6 +1,6 @@
 # This is a dummy Makefile.am to get automake work flawlessly,
 # and also cooperate to make a distribution for `make dist'
-EXTRA_DIST = README adduser.c adduser-old.c adduser.sh adduser2.sh \
+EXTRA_DIST = README adduser.c adduser.sh adduser2.sh \
- atudel groupmems.shar pwdauth.c shadow-anonftp.patch \
+ atudel groupmems.shar shadow-anonftp.patch \
 udbachk.tgz
@@ -1,300 +0,0 @@
 /****
 ** 03/17/96
 ** hacked a bit more, removed unused code, cleaned up for gcc -Wall.
 ** --marekm
 **
 ** 02/26/96
 ** modified to call shadow utils (useradd,chage,passwd) on shadowed 
 ** systems - Cristian Gafton, gafton@sorosis.ro
 **
 ** 6/27/95
 ** shadow-adduser 1.4:
 **
 ** now it copies the /etc/skel dir into the person's dir, 
 ** makes the mail folders, changed some defaults and made a 'make 
 ** install' just for the hell of it.
 **
 ** Greg Gallagher
 ** CIN.Net
 **
 ** 1/28/95
 ** shadow-adduser 1.3:
 ** 
 ** Basically a bug-fix on my additions in 1.2.  Thanks to Terry Stewart 
 ** (stew@texas.net) for pointing out one of the many idiotic bugs I introduced.
 ** It was such a stupid bug that I would have never seen it myself.
 **
 **                                Brandon
 *****
 ** 01/27/95
 ** 
 ** shadow-adduser 1.2:
 ** I took the C source from adduser-shadow (credits are below) and made
 ** it a little more worthwhile.  Many small changes... Here's
 ** the ones I can remember:
 ** 
 ** Removed support for non-shadowed systems (if you don't have shadow,
 **     use the original adduser, don't get this shadow version!)
 ** Added support for the correct /etc/shadow fields (Min days before
 **     password change, max days before password change, Warning days,
 **     and how many days from expiry date does the account go invalid)
 **     The previous version just left all of those fields blank.
 **     There is still one field left (expiry date for the account, period)
 **     which I have left blank because I do not use it and didn't want to
 **     spend any more time on this.  I'm sure someone will put it in and
 **     tack another plethora of credits on here. :)
 ** Added in the password date field, which should always reflect the last
 **     date the password was changed, for expiry purposes.  "passwd" always
 **     updates this field, so the adduser program should set it up right
 **     initially (or a user could keep thier initial password forever ;)
 **     The number is in days since Jan 1st, 1970.
 **
 **                       Have fun with it, and someone please make
 **                       a real version(this is still just a hack)
 **                       for us all to use (and Email it to me???)
 **
 **                               Brandon
 **                                  photon@usis.com
 **
 ***** 
 ** adduser 1.0: add a new user account (For systems not using shadow)
 ** With a nice little interface and a will to do all the work for you.
 **
 ** Craig Hagan
 ** hagan@opine.cs.umass.edu
 **
 ** Modified to really work, look clean, and find unused uid by Chris Cappuccio
 ** chris@slinky.cs.umass.edu
 **
 *****
 **
 ** 01/19/95
 **
 ** FURTHER modifications to enable shadow passwd support (kludged, but
 ** no more so than the original)  by Dan Crowson - dcrowson@mo.net
 **
 ** Search on DAN for all changes...
 **
 *****
 **
 ** cc -O -o adduser adduser.c
 ** Use gcc if you have it... (political reasons beyond my control) (chris)
 **
 ** I've gotten this program to work with success under Linux (without
 ** shadow) and SunOS 4.1.3. I would assume it should work pretty well
 ** on any system that uses no shadow. (chris)
 **
 ** If you have no crypt() then try
 ** cc -DNO_CRYPT -O -o adduser adduser.c xfdes.c
 ** I'm not sure how login operates with no crypt()... I guess
 ** the same way we're doing it here.
 */
 #include <pwd.h>
 #include <grp.h>
 #include <ctype.h>
 #include <stdio.h>
 #include <stdlib.h>
 #include <string.h>
 #include <unistd.h>
 #include <time.h>
 #include <sys/types.h>
 #include <sys/timeb.h>
 #include <sys/time.h>
 #include <sys/stat.h>
 #define DEFAULT_SHELL	"/bin/bash"  /* because BASH is your friend */
 #define DEFAULT_HOME	"/home"
 #define USERADD_PATH	"/usr/sbin/useradd"
 #define CHAGE_PATH	"/usr/sbin/chage"
 #define PASSWD_PATH	"/usr/bin/passwd"
 #define DEFAULT_GROUP	100
 #define DEFAULT_MAX_PASS 60
 #define DEFAULT_WARN_PASS 10
 /* if you use this feature, you will get a lot of complaints from users
   who rarely use their accounts :)  (something like 3 months would be
   more reasonable)  --marekm */
 #define DEFAULT_USER_DIE /* 10 */ 0
 void main()
 {
 	char foo[32];			
 	char uname[9],person[32],dir[32],shell[32];
 	unsigned int group,min_pass,max_pass,warn_pass,user_die;
 	/* the group and uid of the new user */
 	int bad=0,done=0,correct=0,gets_warning=0;
 	char cmd[255];
 	struct group *grp;
 	/* flags, in order:
 	* bad to see if the username is in /etc/passwd, or if strange stuff has
 	* been typed if the user might be put in group 0
 	* done allows the program to exit when a user has been added
 	* correct loops until a password is found that isn't in /etc/passwd
 	* gets_warning allows the fflush to be skipped for the first gets
 	* so that output is still legible
 	*/
 	/* The real program starts HERE! */
 	if(geteuid()!=0)
 	{
 		printf("It seems you don't have access to add a new user.  Try\n");
 		printf("logging in as root or su root to gain super-user access.\n");
 		exit(1);
 	}
 	/* Sanity checks
 	*/
 	if (!(grp=getgrgid(DEFAULT_GROUP))){
 		printf("Error: the default group %d does not exist on this system!\n",
 				DEFAULT_GROUP);
 		printf("adduser must be recompiled.\n");
 		exit(1);
 	}; 
 	while(!correct) {		/* loop until a "good" uname is chosen */
 		while(!done) {
 			printf("\nLogin to add (^C to quit): ");
 			if(gets_warning)	/* if the warning was already shown */
 				fflush(stdout);	/* fflush stdout, otherwise set the flag */
 			else
 				gets_warning=1;
 			gets(uname);
 			if(!strlen(uname)) {
 				printf("Empty input.\n");
 				done=0;
 				continue;
 			};
 			/* what I saw here before made me think maybe I was running DOS */
 			/* might this be a solution? (chris) */
 			if (getpwnam(uname) != NULL) {
 				printf("That name is in use, choose another.\n");
 				done=0;
 			} else
 				done=1;
 		}; /* done, we have a valid new user name */
 		/* all set, get the rest of the stuff */
 		printf("\nEditing information for new user [%s]\n",uname);
 		printf("\nFull Name [%s]: ",uname);
 		gets(person);
 		if (!strlen(person)) {
 			bzero(person,sizeof(person));
 			strcpy(person,uname);
 		};
 		do {
 			bad=0; 
 			printf("GID [%d]: ",DEFAULT_GROUP);
 			gets(foo);
 			if (!strlen(foo))
 				group=DEFAULT_GROUP;
 			else
 				if (isdigit (*foo)) {
 					group = atoi(foo);
 					if (! (grp = getgrgid (group))) {
 						printf("unknown gid %s\n",foo);
 						group=DEFAULT_GROUP;
 						bad=1;
 					};
 			} else
 				if ((grp = getgrnam (foo)))
 					group = grp->gr_gid;
 				else {
 					printf("unknown group %s\n",foo);
 					group=DEFAULT_GROUP;
 					bad=1;
 				}
 			if (group==0){	/* You're not allowed to make root group users! */
 				printf("Creation of root group users not allowed (must be done by hand)\n");
 				group=DEFAULT_GROUP;
 				bad=1;
 			};
 		} while(bad);
 		fflush(stdin);
 		printf("\nIf home dir ends with a / then [%s] will be appended to it\n",uname);
 		printf("Home Directory [%s/%s]: ",DEFAULT_HOME,uname);
 		fflush(stdout);
 		gets(dir);
 		if (!strlen(dir)) { /* hit return */
 			sprintf(dir,"%s/%s",DEFAULT_HOME,uname);
 			fflush(stdin);
 		} else
 			if (dir[strlen(dir)-1]=='/')
 				sprintf(dir+strlen(dir),"%s",uname);
 		printf("\nShell [%s]: ",DEFAULT_SHELL);
 		fflush(stdout);
 		gets(shell);
 		if (!strlen(shell))
 			sprintf(shell,"%s",DEFAULT_SHELL);
 		printf("\nMin. Password Change Days [0]: ");
 		gets(foo);
 		min_pass=atoi(foo);
 		printf("Max. Password Change Days [%d]: ",DEFAULT_MAX_PASS);
 		gets(foo);
 		if (strlen(foo) > 1)
 			max_pass = atoi(foo);
 		else
 			max_pass = DEFAULT_MAX_PASS;
 		printf("Password Warning Days [%d]: ",DEFAULT_WARN_PASS);
 		gets(foo);
 		warn_pass = atoi(foo);
 		if (warn_pass==0)
 			warn_pass = DEFAULT_WARN_PASS;
 		printf("Days after Password Expiry for Account Locking [%d]: ",DEFAULT_USER_DIE);
 		gets(foo);
 		user_die = atoi(foo);
 		if (user_die == 0)
 			user_die = DEFAULT_USER_DIE;
 		printf("\nInformation for new user [%s] [%s]:\n",uname,person);
 		printf("Home directory: [%s] Shell: [%s]\n",dir,shell);
 		printf("GID: [%d]\n",group);
 		printf("MinPass: [%d] MaxPass: [%d] WarnPass: [%d] UserExpire: [%d]\n",
 				min_pass,max_pass,warn_pass,user_die);
 		printf("\nIs this correct? [y/N]: ");
 		fflush(stdout);
 		gets(foo);
 		done=bad=correct=(foo[0]=='y'||foo[0]=='Y');
 		if(bad!=1)
 			printf("\nUser [%s] not added\n",uname);
    }
 	bzero(cmd,sizeof(cmd));
 	sprintf(cmd,"%s -g %d -d %s -s %s -c \"%s\" -m -k /etc/skel %s",
 			USERADD_PATH,group,dir,shell,person,uname);
 	printf("Calling useradd to add new user:\n%s\n",cmd);  
 	if(system(cmd)){
 		printf("User add failed!\n");
 		exit(errno);
 	};
 	bzero(cmd,sizeof(cmd));
 	sprintf(cmd,"%s -m %d -M %d -W %d -I %d %s", CHAGE_PATH,
 			min_pass,max_pass,warn_pass,user_die,uname);
 	printf("%s\n",cmd);
 	if(system(cmd)){
 		printf("There was an error setting password expire values\n");
 		exit(errno);
 	};
 	bzero(cmd,sizeof(cmd));
 	sprintf(cmd,"%s %s",PASSWD_PATH,uname);
 	system(cmd);
 	printf("\nDone.\n");
 }
@@ -60,7 +60,7 @@
 ** Added in the password date field, which should always reflect the last
 **     date the password was changed, for expiry purposes.  "passwd" always
 **     updates this field, so the adduser program should set it up right
-**     initially (or a user could keep thier initial password forever ;)
+**     initially (or a user could keep their initial password forever ;)
 **     The number is in days since Jan 1st, 1970.
 **
 **                       Have fun with it, and someone please make
@@ -489,7 +489,7 @@ safeget (char *buf, int maxlen)
  while ((c = getc (stdin)) != EOF && (c != '\n') && (++i < maxlen))
    {
      bad = (!isalnum (c) && (c != '_') && (c != ' '));
-      *(buf++) = (char) c;
+      *(buf++) = c;
    }
  *buf = '\0';
@@ -1,34 +1,7 @@
 #!/usr/bin/perl
 #
-# Copyright (c) 1996 Brian R. Gaeke
+# SPDX-FileCopyrightText: 1996 Brian R. Gaeke
-# All rights reserved.
+# SPDX-License-Identifier: BSD-4-Clause
 #
 # Redistribution and use in source and binary forms, with or without
 # modification, are permitted provided that the following conditions
 # are met:
 # 1. Redistributions of source code must retain the above copyright
 #    notice, this list of conditions and the following disclaimer.
 # 2. Redistributions in binary form must reproduce the above copyright
 #    notice, this list of conditions and the following disclaimer in the
 #    documentation and/or other materials provided with the distribution.
 # 3. All advertising materials mentioning features or use of this software
 #    must display the following acknowledgement:
 #    This product includes software developed by Brian R. Gaeke.
 # 4. The name of the author, Brian R. Gaeke, may not be used to endorse
 #    or promote products derived from this software without specific
 #    prior written permission.
 #
 # THIS SOFTWARE IS PROVIDED BY BRIAN R. GAEKE ``AS IS'' AND ANY EXPRESS
 # OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
 # WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
 # DISCLAIMED.  IN NO EVENT SHALL BRIAN R. GAEKE BE LIABLE FOR ANY DIRECT,
 # INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
 # (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
 # SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
 # HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
 # STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING
 # IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
 # POSSIBILITY OF SUCH DAMAGE.
 #
 # Additionally:
 #
@@ -76,36 +76,9 @@ else
  $echo 'x -' extracting 'Makefile' '(text)'
  sed 's/^X//' << 'SHAR_EOF' > 'Makefile' &&
 /*
-# Copyright 2000, International Business Machines, Inc.
+# SPDX-FileCopyrightText: 2000, International Business Machines, Inc.
-# All rights reserved.
+# SPDX-FileCopyrightText: 2000, George Kraft IV, gk4@us.ibm.com
-#
+# SPDX-License-Identifier: BSD-3-Clause
 # original author: George Kraft IV, gk4@us.ibm.com
 #
 # Redistribution and use in source and binary forms, with or without
 # modification, are permitted provided that the following conditions
 # are met:
 #
 # 1. Redistributions of source code must retain the above copyright
 #    notice, this list of conditions and the following disclaimer.
 # 2. Redistributions in binary form must reproduce the above copyright
 #    notice, this list of conditions and the following disclaimer in the
 #    documentation and/or other materials provided with the distribution.
 # 3. Neither the name of International Business Machines, Inc., nor the 
 #    names of its contributors may be used to endorse or promote products 
 #    derived from this software without specific prior written permission.
 #
 # THIS SOFTWARE IS PROVIDED BY INTERNATIONAL BUSINESS MACHINES, INC. AND
 # CONTRIBUTORS ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, 
 # BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS 
 # FOR A PARTICULAR PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL 
 # INTERNATIONAL BUSINESS MACHINES, INC. OR CONTRIBUTORS BE LIABLE
 # FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
 # DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
 # OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
 # HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
 # LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
 # OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 # SUCH DAMAGE.
 # 
 X
 all: groupmems
@@ -143,36 +116,9 @@ else
  $echo 'x -' extracting 'groupmems.c' '(text)'
  sed 's/^X//' << 'SHAR_EOF' > 'groupmems.c' &&
 /*
-X * Copyright 2000, International Business Machines, Inc.
+X * SPDX-FileCopyrightText: 2000, International Business Machines, Inc.
-X * All rights reserved.
+X * SPDX-FileCopyrightText: 2000, George Kraft IV, gk4@us.ibm.com
-X *
+X * SPDX-License-Identifier: BSD-3-Clause
 X * original author: George Kraft IV, gk4@us.ibm.com
 X *
 X * Redistribution and use in source and binary forms, with or without
 X * modification, are permitted provided that the following conditions
 X * are met:
 X *
 X * 1. Redistributions of source code must retain the above copyright
 X *    notice, this list of conditions and the following disclaimer.
 X * 2. Redistributions in binary form must reproduce the above copyright
 X *    notice, this list of conditions and the following disclaimer in the
 X *    documentation and/or other materials provided with the distribution.
 X * 3. Neither the name of International Business Machines, Inc., nor the 
 X *    names of its contributors may be used to endorse or promote products 
 X *    derived from this software without specific prior written permission.
 X *
 X * THIS SOFTWARE IS PROVIDED BY INTERNATIONAL BUSINESS MACHINES, INC. AND
 X * CONTRIBUTORS ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, 
 X * BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS 
 X * FOR A PARTICULAR PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL 
 X * INTERNATIONAL BUSINESS MACHINES, INC. OR CONTRIBUTORS BE LIABLE
 X * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
 X * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
 X * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
 X * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
 X * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
 X * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 X * SUCH DAMAGE.
 X */
 /*
 **
@@ -436,36 +382,9 @@ else
  $echo 'x -' extracting 'groupmems.8' '(text)'
  sed 's/^X//' << 'SHAR_EOF' > 'groupmems.8' &&
 X.\"
-X.\" Copyright 2000, International Business Machines, Inc.
+X.\" SPDX-FileCopyrightText: 2000, International Business Machines, Inc.
-X.\" All rights reserved.
+X.\" SPDX-FileCopyrightText: 2000, George Kraft IV, gk4@us.ibm.com
-X.\"
+X.\" SPDX-License-Identifier: BSD-3-Clause
 X.\" original author: George Kraft IV, gk4@us.ibm.com
 X.\"
 X.\" Redistribution and use in source and binary forms, with or without
 X.\" modification, are permitted provided that the following conditions
 X.\" are met:
 X.\"
 X.\" 1. Redistributions of source code must retain the above copyright
 X.\"    notice, this list of conditions and the following disclaimer.
 X.\" 2. Redistributions in binary form must reproduce the above copyright
 X.\"    notice, this list of conditions and the following disclaimer in the
 X.\"    documentation and/or other materials provided with the distribution.
 X.\" 3. Neither the name of International Business Machines, Inc., nor the 
 X.\"    names of its contributors may be used to endorse or promote products 
 X.\"    derived from this software without specific prior written permission.
 X.\"
 X.\" THIS SOFTWARE IS PROVIDED BY INTERNATIONAL BUSINESS MACHINES, INC. AND
 X.\" CONTRIBUTORS ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, 
 X.\" BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS 
 X.\" FOR A PARTICULAR PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL 
 X.\" INTERNATIONAL BUSINESS MACHINES, INC. OR CONTRIBUTORS BE LIABLE
 X.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
 X.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
 X.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
 X.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
 X.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
 X.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 X.\" SUCH DAMAGE.
 X.\"
 X.\" $Id$
 X.\"
@@ -1,308 +0,0 @@
 /*
 * pwdauth.c - program to verify a given username/password pair.
 *
 * Run it with username in argv[1] (may be omitted - default is the
 * current user), and send it the password over a pipe on stdin.
 * Exit status: 0 - correct password, 1 - wrong password, >1 - other
 * errors.  For use with shadow passwords, this program should be
 * installed setuid root.
 *
 * This can be used, for example, by xlock - you don't have to install
 * this large and complex (== possibly insecure) program setuid root,
 * just modify it to run this simple program to do the authentication.
 *
 * Recent versions (xlockmore-3.9) are cleaner, and drop privileges as
 * soon as possible after getting the user's encrypted password.
 * Using this program probably doesn't make it more secure, and has one
 * disadvantage: since we don't get the encrypted user's password at
 * startup (but at the time the user is authenticated), it is not clear
 * how we should handle errors (like getpwnam() returning NULL).
 * - fail the authentication?  Problem: no way to unlock (other than kill
 *   the process from somewhere else) if the NIS server stops responding.
 * - succeed and unlock?  Problem: it's too easy to unlock by unplugging
 *   the box from the network and waiting until NIS times out...
 *
 * This program is Copyright (C) 1996 Marek Michalkiewicz
 * <marekm@i17linuxb.ists.pwr.wroc.pl>.
 *
 * It may be used and distributed freely for any purposes.  There is no
 * warranty - use at your own risk.  I am not liable for any damages etc.
 * If you improve it, please send me your changes.
 */
 static char rcsid[] = "$Id$";
 /*
 * Define USE_SYSLOG to use syslog() to log successful and failed
 * authentication.  This should be safe even if your system has
 * the infamous syslog buffer overrun security problem...
 */
 #define USE_SYSLOG
 /*
 * Define HAVE_GETSPNAM to get shadow passwords using getspnam().
 * Some systems don't have getspnam(), but getpwnam() returns
 * encrypted passwords only if running as root.
 *
 * According to the xlock source (not tested, except Linux) -
 * define: Linux, Solaris 2.x, SVR4, ...
 * undef: HP-UX with Secured Passwords, FreeBSD, NetBSD, QNX.
 * Known not supported (yet): Ultrix, OSF/1, SCO.
 */
 #define HAVE_GETSPNAM
 /*
 * Define HAVE_PW_ENCRYPT to use pw_encrypt() instead of crypt().
 * pw_encrypt() is like the standard crypt(), except that it may
 * support better password hashing algorithms.
 *
 * Define if linking with libshadow.a from the shadow password
 * suite (Linux, SunOS 4.x?).
 */
 #undef HAVE_PW_ENCRYPT
 /*
 * Define HAVE_AUTH_METHODS to support the shadow suite specific
 * extension: the encrypted password field contains a list of
 * administrator defined authentication methods, separated by
 * semicolons.  This program only supports the standard password
 * authentication method (a string that doesn't start with '@').
 */
 #undef HAVE_AUTH_METHODS
 /*
 * FAIL_DELAY - number of seconds to sleep before exiting if the
 * password was wrong, to slow down password guessing attempts.
 */
 #define FAIL_DELAY 2
 /* No user-serviceable parts below :-).  */
 #include <stdio.h>
 #include <stdlib.h>
 #include <string.h>
 #include <sys/types.h>
 #include <sys/wait.h>
 #include <unistd.h>
 #include <pwd.h>
 #ifdef USE_SYSLOG
 #include <syslog.h>
 #ifndef LOG_AUTHPRIV
 #define LOG_AUTHPRIV LOG_AUTH
 #endif
 #endif
 #ifdef HAVE_GETSPNAM
 #include <shadow.h>
 #endif
 #ifdef HAVE_PW_ENCRYPT
 extern char *pw_encrypt();
 #define crypt pw_encrypt
 #endif
 /*
 * Read the password (one line) from fp.  We don't turn off echo
 * because we expect input from a pipe.
 */
 static char *
 get_line(fp)
 	FILE *fp;
 {
 	static char buf[128];
 	char *cp;
 	int ch;
 	cp = buf;
 	while ((ch = getc(fp)) != EOF && ch != '\0' && ch != '\n') {
 		if (cp >= buf + sizeof buf - 1)
 			break;
 		*cp++ = ch;
 	}
 	*cp = '\0';
 	return buf;
 }
 /*
 * Get the password file entry for the current user.  If the name
 * returned by getlogin() is correct (matches the current real uid),
 * return the entry for that user.  Otherwise, return the entry (if
 * any) matching the current real uid.  Return NULL on failure.
 */
 static struct passwd *
 get_my_pwent()
 {
 	uid_t uid = getuid();
 	char *name = getlogin();
 	if (name && *name) {
 		struct passwd *pw = getpwnam(name);
 		if (pw && pw->pw_uid == uid)
 			return pw;
 	}
 	return getpwuid(uid);
 }
 /*
 * Verify the password.  The system-dependent shadow support is here.
 */
 static int
 password_auth_ok(pw, pass)
 	const struct passwd *pw;
 	const char *pass;
 {
 	int result;
 	char *cp;
 #ifdef HAVE_AUTH_METHODS
 	char *buf;
 #endif
 #ifdef HAVE_GETSPNAM
 	struct spwd *sp;
 #endif
 	if (pw) {
 #ifdef HAVE_GETSPNAM
 		sp = getspnam(pw->pw_name);
 		if (sp)
 			cp = sp->sp_pwdp;
 		else
 #endif
 			cp = pw->pw_passwd;
 	} else
 		cp = "xx";
 #ifdef HAVE_AUTH_METHODS
 	buf = strdup(cp);  /* will be modified by strtok() */
 	if (!buf) {
 		fprintf(stderr, "Out of memory.\n");
 		exit(13);
 	}
 	cp = strtok(buf, ";");
 	while (cp && *cp == '@')
 		cp = strtok(NULL, ";");
 	/* fail if no password authentication for this user */
 	if (!cp)
 		cp = "xx";
 #endif
 	if (*pass || *cp)
 		result = (strcmp(crypt(pass, cp), cp) == 0);
 	else
 		result = 1;  /* user with no password */
 #ifdef HAVE_AUTH_METHODS
 	free(buf);
 #endif
 	return result;
 }
 /*
 * Main program.
 */
 int
 main(argc, argv)
 	int argc;
 	char **argv;
 {
 	struct passwd *pw;
 	char *pass, *name;
 	char myname[32];
 #ifdef USE_SYSLOG
 	openlog("pwdauth", LOG_PID | LOG_CONS, LOG_AUTHPRIV);
 #endif
 	pw = get_my_pwent();
 	if (!pw) {
 #ifdef USE_SYSLOG
 		syslog(LOG_ERR, "can't get login name for uid %d.\n",
 		       (int) getuid());
 #endif
 		fprintf(stderr, "Who are you?\n");
 		exit(2);
 	}
 	strncpy(myname, pw->pw_name, sizeof myname - 1);
 	myname[sizeof myname - 1] = '\0';
 	name = myname;
 	if (argc > 1) {
 		name = argv[1];
 		pw = getpwnam(name);
 	}
 	pass = get_line(stdin);
 	if (password_auth_ok(pw, pass)) {
 #ifdef USE_SYSLOG
 		syslog(pw->pw_uid ? LOG_INFO : LOG_NOTICE,
 		       "user `%s' entered correct password for `%.32s'.\n",
 		       myname, name);
 #endif
 		exit(0);
 	}
 #ifdef USE_SYSLOG
 	/* be careful not to overrun the syslog buffer */
 	syslog((!pw || pw->pw_uid) ? LOG_NOTICE : LOG_WARNING,
 	       "user `%s' entered incorrect password for `%.32s'.\n",
 	       myname, name);
 #endif
 #ifdef FAIL_DELAY
 	sleep(FAIL_DELAY);
 #endif
 	fprintf(stderr, "Wrong password.\n");
 	exit(1);
 }
 #if 0
 /*
 * You can use code similar to the following to run this program.
 * Return values: >=0 - program exit status (use the <sys/wait.h>
 * macros to get the exit code, it is shifted left by 8 bits),
 * -1 - check errno.
 */
 int
 verify_password(const char *username, const char *password)
 {
 	int pipe_fd[2];
 	int pid, wpid, status;
 	if (pipe(pipe_fd))
 		return -1;
 	if ((pid = fork()) == 0) {
 		char *arg[3];
 		char *env[1];
 		/* child */
 		close(pipe_fd[1]);
 		if (pipe_fd[0] != 0) {
 			if (dup2(pipe_fd[0], 0) != 0)
 				_exit(127);
 			close(pipe_fd[0]);
 		}
 		arg[0] = "/usr/bin/pwdauth";
 		arg[1] = username;
 		arg[2] = NULL;
 		env[0] = NULL;
 		execve(arg[0], arg, env);
 		_exit(127);
 	} else if (pid == -1) {
 		/* error */
 		close(pipe_fd[0]);
 		close(pipe_fd[1]);
 		return -1;
 	}
 	/* parent */
 	close(pipe_fd[0]);
 	write(pipe_fd[1], password, strlen(password));
 	write(pipe_fd[1], "\n", 1);
 	close(pipe_fd[1]);
 	while ((wpid = wait(&status)) != pid) {
 		if (wpid == -1)
 			return -1;
 	}
 	return status;
 }
 #endif
@@ -1311,7 +1311,7 @@
  This means that fred's password is valid, it was last changed on
  03/04/96, it can be changed at any time, it expires after 60 days,
-  fred will not be warned, and and the account won't be disabled when
+  fred will not be warned, and the account won't be disabled when
  the password expires.
  This simply means that if fred logs in after the password expires, he
@@ -1487,7 +1487,7 @@
  If a user logs into a line that is listed in /etc/dialups, and his
  shell is listed in the file /etc/d_passwd he will be allowed access
-  only by suppling the correct password.
+  only by supplying the correct password.
  Another useful purpose for using dial-up passwords might be to setup a
  line that only allows a certain type of connect (perhaps a PPP or UUCP
@@ -63,4 +63,3 @@ To completely disable limits for a user, a single dash (-) will do.
 Also, please note that all limit settings are set PER LOGIN.  They are
 not global, nor are they permanent.  Perhaps global limits will come, but
 for now this will have to do ;)
@@ -0,0 +1,4 @@
 # S/Key support
 shadow-utils can be built with S/Key support using the S/Key package from:
 * http://cvsweb.netbsd.org/bsdweb.cgi/src/lib/libskey/ or
 * https://gentoo.osuosl.org/distfiles/skey-1.1.5.tar.bz2
@@ -26,7 +26,6 @@ New ideas to add to this list are welcome, too.  --marekm
 - vipw: check password files for errors after editing
 - add "maximum time users allowed to stay logged in" limit option to logoutd
 - handle quotes in /etc/environment like the shell does (but sshd doesn't...)
 - better utmpx support (logoutd, ...)
 - better OPIE support (report number of logins left, etc.)
 - new option for /etc/suauth: don't load user's environment (force "su -")
  suggested by Ulisses Alonso Camaro
@@ -37,4 +36,3 @@ New ideas to add to this list are welcome, too.  --marekm
  per-user configuration, to be executed with run-parts. Some hooks should
  be executed at package install time for existing users, likewise for
  package removal and possibly modification.  (Debian Bug#36019)
@@ -0,0 +1,73 @@
 # Build & install
 The following page explains how to build and install the shadow project.
 Additional information on how to do this in a container environment is provided
 at the end of the page.
 ## Local
 ### Dependency installation
 This projects depends on other software packages that need to be installed
 before building it. We recommend using the dependency installation commands
 provided by the distributions to install them. Some examples below.
 Debian:
 ```
 apt-get build-dep shadow
 ```
 Fedora:
 ```
 dnf builddep shadow-utils
 ```
 An alternative would be to take a look at the CI workflow [file](../../.github/workflows/runner.yml)
 and get the package names from there. This has the advantage that it
 also includes new dependencies needed for the development version
 which might have not been present in the last release.
 ### Configure
 The first step is to configure it. You can use the
 `autogen.sh` script provided by the project. Example:
 ```
 ./autogen.sh --without-selinux --enable-man --with-yescrypt
 ```
 ### Build
 The next step is to build the project:
 ```
 make -j4
 ```
 ### Install
 The last step is to install it. We recommend avoiding this step and using a
 disposable system like a VM or a container instead.
 ```
 make install
 ```
 ## Containers
 Alternatively, you can use any of the preconfigured container images builders
 to build and install shadow.
 You can either generate a single image by running the following command from
 the root folder of the project (i.e. Alpine):
 ```
 docker build -f share/containers/alpine.dockerfile . --output build-out/alpine
 ```
 Or generate all of the images with the `container-build.sh` script, as if you
 were running some of the CI checks locally:
 ```
 share/container-build.sh
 ```
@@ -0,0 +1,25 @@
 # Continuous Integration (CI)
 Shadow runs a CI workflow every time a pull-request (PR) is updated. This
 workflow contains several checks to assure the quality of the project, and
 only pull-requests with green results are merged.
 ## Build & install
 The project is built & installed on Ubuntu, Alpine, Debian and Fedora. The last
 three distributions are built & installed on containers, and the workflow can
 be triggered locally by following the instructions specified in the
 [Build & install](build_install.md#containers) page.
 ## System tests
 The project is tested on Ubuntu. For that purpose it is built & installed in
 this distribution in a VM. You can run this step locally by following the
 instructions provided in the [Tests](tests.md#system-tests) page.
 ## Static code analysis
 C and shell static code analysis is also executed. For that purpose
 [CodeQL](https://codeql.github.com/) and
 [Differential ShellCheck](https://github.com/marketplace/actions/differential-shellcheck)
 are used.
@@ -0,0 +1,12 @@
 # Coding style
 * For a general guidance refer to the
 [Linux kernel coding style](https://www.kernel.org/doc/html/latest/process/coding-style.html)
 * Patches that change the existing coding style are not welcome, as they make
 downstream porting harder for the distributions
 ## Indentation
 Tabs are preferred over spaces for indentation. Loading the `.editorconfig`
 file in your preferred IDE may help you configure it.
@@ -0,0 +1,77 @@
 # Introduction
 ## Git and Github
 We recommend you to get familiar with the
 [git](https://guides.github.com/introduction/git-handbook) and
 [Github](https://guides.github.com) workflows before posting any changes.
 ### Set up in a nut shell
 The following steps describe the process in a nut shell to provide you a basic
 template:
 * Create an account on [GitHub](https://github.com)
 * Fork the [shadow repository](https://github.com/shadow-maint/shadow)
 * Clone the shadow repository
 ```
 git clone https://github.com/shadow-maint/shadow.git
 ```
 * Add your fork as an extra remote
 ```
 git remote add $ghusername git@github.com:$ghusername/shadow.git
 ```
 * Setup your name contact e-mail that you want to use for the development
 ```
 git config user.name "John Smith"
 git config user.email "john.smith@home.com"
 ```
 **Note**: this will setup the user information only for this repository. You
 can also add `--global` switch to the `git config` command to setup these
 options globally and thus making them available in every git repository.
 * Create a working branch
 ```
 git checkout -b my-changes
 ```
 * Commit changes
 ```
 vim change-what-you-need
 git commit -s
 ```
 Check
 [the kernel patches guide](https://www.kernel.org/doc/html/v4.14/process/submitting-patches.html#describe-your-changes)
 to get an idea on how to write a good commit message.
 * Push your changes to your GitHub repository
 ```
 git push $ghusername my-changes --force
 ```
 * Open a Pull Request against shadow project by clicking on the link provided
 in the output of the previous step
 * Make sure that all Continuous Integration checks are green and wait review
 ## Internal guidelines
 Additionally, you should also check the following internal guidelines to
 understand the project's development model:
 * [Build & install](build_install.md)
 * [Coding style](coding_style.md)
 * [Tests](tests.md)
 * [Continuous Integration](CI.md)
 * [Releases](releases.md)
 * [License](license.md)
@@ -0,0 +1,10 @@
 # License
 All new source code committed to the shadow project is assumed to be made
 available under the [BSD-3-Clause](../../COPYING) license unless the submitter
 specifies another license at that time. The shadow maintainers reserve the
 right to refuse a submission if the license is deemed incompatible with the
 goals of the project.
 **Note**: old code may be made available under another license, check the
 license tag for each file to get additional information.
@@ -0,0 +1,7 @@
 # Releases
 The shadow project doesn't follow any specific timeline to release new software
 versions. Usually, they are released when a major milestone is finished.
 Released source code, alongside the release notes, are provided in the
 [release Github page](https://github.com/shadow-maint/shadow/releases).
@@ -0,0 +1,18 @@
 # Tests
 Currently, shadow only provides system tests.
 ## System tests
 These type of tests are written in shell. Unfortunately, the testing framework
 is tightly coupled to the Ubuntu distribution and it can only be run in this
 distribution. Besides, if anything fails during the execution the system can
 be left in an unstable state. Taking that into account you shouldn't run this
 workflow in your host machine, we recommend to use a disposable system like a
 VM or a container instead.
 You can execute system tests by running:
 ```
 cd tests && ./run_all`.
 ```
@@ -1,15 +0,0 @@
 <HEAD>
 <title>shadow - Welcome</title>
 </head>
 <body>
 <h2> Welcome!</h2>
 <p> This is the shadow tool suite home page. </p>
 <p>
 You can find releases <a href="https://github.com/shadow-maint/shadow/releases">here</a>.
 </p>
 <p>
 Raise issues, request features, and report bugs <a href="https://github.com/shadow-maint/shadow/issues">here</a>.
 </p>
 </body>
@@ -20,4 +20,4 @@ EXTRA_DIST = \
 	$(sysconf_DATA) \
 	$(default_DATA)
-SUBDIRS = pam.d
+SUBDIRS = pam.d shadow-maint
@@ -465,7 +465,6 @@ USERGROUPS_ENAB yes
 # Set to "yes" to prevent for all accounts
 # Set to "superuser" to prevent for UID 0 / root (default)
 # Set to "no" to not prevent for any account (dangerous, historical default)
 PREVENT_NO_AUTH superuser
 #
@@ -4,8 +4,8 @@ auth		include		system-auth
 account		required	pam_nologin.so
 account		include		system-auth
 password	include		system-auth
-session		required	pam_selinux.so close
+session [success=ok ignore=ignore module_unknown=ignore default=bad] pam_selinux.so close
 session		include		system-auth
 session		required	pam_loginuid.so
 session		optional	pam_console.so
-session		required	pam_selinux.so open
+session [success=ok ignore=ignore module_unknown=ignore default=bad] pam_selinux.so open
@@ -7,7 +7,7 @@ auth		required	pam_wheel.so use_uid
 auth		include		system-auth
 account		include		system-auth
 password	include		system-auth
-session		required	pam_selinux.so close
+session [success=ok ignore=ignore module_unknown=ignore default=bad] pam_selinux.so close
 session		include		system-auth
-session		required	pam_selinux.so open multiple
+session [success=ok ignore=ignore module_unknown=ignore default=bad] pam_selinux.so open
 session		optional	pam_xauth.so
@@ -0,0 +1,5 @@
 shadowmaint_files = \
 	groupdel-pre.d/01-kill_group_procs.sh \
 	userdel-pre.d/01-kill_user_procs.sh
 EXTRA_DIST = $(shadowmaint_files)
@@ -0,0 +1,26 @@
 #!/bin/sh
 PATH="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
 GROUPID=`awk -F: '$1 == "'"${SUBJECT}"'" { print $3 }' /etc/group`
 if [ "${GROUPID}" = "" ]; then
    exit 0
 fi
 for status in /proc/*/status; do
    # either this isn't a process or its already dead since expanding the list
    [ -f "$status" ] || continue
    tbuf=${status%/status}
    pid=${tbuf#/proc/}
    case "$pid" in
        "$$") continue;;
        [0-9]*) :;;
        *) continue
    esac
    grep -q '^Groups:.*\b'"${GROUPID}"'\b.*' "/proc/$pid/status" || continue
    kill -9 "$pid" || echo "cannot kill $pid" 1>&2
 done
@@ -0,0 +1,31 @@
 #!/bin/sh
 PATH="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
 # Check user exists, and if so, send sigkill to processes that the user owns
 ps -eo user >/dev/null 2>&1
 if [ $? -eq 0 ]; then
    RUNNING=`ps -eo user | grep -Fx "$SUBJECT" | wc -l`
    # if the user does not exist, RUNNING will be 0
    if [ "${RUNNING}x" = "0x" ]; then
        exit 0
    fi
 fi
 # If there is no ps -eo, traverse the process directly.
 ls -1 /proc | while IFS= read -r PROC; do
  echo "$PROC" | grep -E '^[0-9]+$' >/dev/null
  if [ $? -ne 0 ]; then
    continue
  fi
  if [ -d "/proc/${PROC}" ]; then
    USR=`stat -c "%U" /proc/${PROC}`
    if [ "${USR}" = "${SUBJECT}" ]; then
      echo "Killing ${SUBJECT} owned ${PROC}"
      kill -9 "${PROC}"
    fi
  fi
 done
@@ -10,6 +10,9 @@ if HAVE_VENDORDIR
 libshadow_la_CPPFLAGS += -DVENDORDIR=\"$(VENDORDIR)\"
 endif
 libshadow_la_CPPFLAGS += -I$(top_srcdir)
 libshadow_la_CFLAGS = $(LIBBSD_CFLAGS)
 libshadow_la_SOURCES = \
 	commonio.c \
 	commonio.h \
@@ -34,6 +37,9 @@ libshadow_la_SOURCES = \
 	nss.c \
 	nscd.c \
 	nscd.h \
 	shadowlog.c \
 	shadowlog.h \
 	shadowlog_internal.h \
 	sssd.c \
 	sssd.h \
 	pam_defs.h \
@@ -61,7 +67,7 @@ libshadow_la_SOURCES = \
 	shadowio.h \
 	shadowmem.c \
 	spawn.c \
-	utent.c
+	write_full.c
 if WITH_TCB
 libshadow_la_SOURCES += tcbfuncs.c tcbfuncs.h
@@ -0,0 +1,115 @@
 /*
 * SPDX-FileCopyrightText:  2023, Alejandro Colomar <alx@kernel.org>
 *
 * SPDX-License-Identifier:  BSD-3-Clause
 */
 #ifndef SHADOW_INCLUDE_LIB_MALLOC_H_
 #define SHADOW_INCLUDE_LIB_MALLOC_H_
 #include <config.h>
 #include <assert.h>
 #include <errno.h>
 #include <stddef.h>
 #include <stdint.h>
 #include <stdlib.h>
 #include "defines.h"
 #define CALLOC(n, type)   ((type *) calloc(n, sizeof(type)))
 #define XCALLOC(n, type)  ((type *) xcalloc(n, sizeof(type)))
 #define MALLOC(n, type)   ((type *) mallocarray(n, sizeof(type)))
 #define XMALLOC(n, type)  ((type *) xmallocarray(n, sizeof(type)))
 #define REALLOC(ptr, n, type)                                                 \
 ({                                                                            \
 	__auto_type  p_ = (ptr);                                              \
                                                                              \
 	static_assert(__builtin_types_compatible_p(typeof(p_), type *), "");  \
                                                                              \
 	(type *) reallocarray(p_, n, sizeof(type));                           \
 })
 #define REALLOCF(ptr, n, type)                                                \
 ({                                                                            \
 	__auto_type  p_ = (ptr);                                              \
                                                                              \
 	static_assert(__builtin_types_compatible_p(typeof(p_), type *), "");  \
                                                                              \
 	(type *) reallocarrayf(p_, n, sizeof(type));                          \
 })
 #define XREALLOC(ptr, n, type)                                                \
 ({                                                                            \
 	__auto_type  p_ = (ptr);                                              \
                                                                              \
 	static_assert(__builtin_types_compatible_p(typeof(p_), type *), "");  \
                                                                              \
 	(type *) xreallocarray(p_, n, sizeof(type));                          \
 })
 ATTR_MALLOC(free)
 inline void *xmalloc(size_t size);
 ATTR_MALLOC(free)
 inline void *xmallocarray(size_t nmemb, size_t size);
 ATTR_MALLOC(free)
 inline void *mallocarray(size_t nmemb, size_t size);
 ATTR_MALLOC(free)
 inline void *reallocarrayf(void *p, size_t nmemb, size_t size);
 ATTR_MALLOC(free)
 inline char *xstrdup(const char *str);
 ATTR_MALLOC(free)
 void *xcalloc(size_t nmemb, size_t size);
 ATTR_MALLOC(free)
 void *xreallocarray(void *p, size_t nmemb, size_t size);
 inline void *
 xmalloc(size_t size)
 {
 	return xmallocarray(1, size);
 }
 inline void *
 xmallocarray(size_t nmemb, size_t size)
 {
 	return xreallocarray(NULL, nmemb, size);
 }
 inline void *
 mallocarray(size_t nmemb, size_t size)
 {
 	return reallocarray(NULL, nmemb, size);
 }
 inline void *
 reallocarrayf(void *p, size_t nmemb, size_t size)
 {
 	void  *q;
 	q = reallocarray(p, nmemb, size);
 	/* realloc(p, 0) is equivalent to free(p);  avoid double free.  */
 	if (q == NULL && nmemb != 0 && size != 0)
 		free(p);
 	return q;
 }
 inline char *
 xstrdup(const char *str)
 {
 	return strcpy(XMALLOC(strlen(str) + 1, char), str);
 }
 #endif  // include guard
@@ -0,0 +1,53 @@
 /*
 * SPDX-FileCopyrightText:  2022 - 2023, Alejandro Colomar <alx@kernel.org>
 *
 * SPDX-License-Identifier:  BSD-3-Clause
 */
 #ifndef SHADOW_INCLUDE_LIB_BIT_H_
 #define SHADOW_INCLUDE_LIB_BIT_H_
 #include <config.h>
 #include <limits.h>
 #ifndef ULONG_WIDTH
 #define ULONG_WIDTH (sizeof(unsigned long) * CHAR_BIT)
 #endif
 inline unsigned long bit_ceilul(unsigned long x);
 inline unsigned long bit_ceil_wrapul(unsigned long x);
 inline int leading_zerosul(unsigned long x);
 /* stdc_bit_ceilul(3) */
 inline unsigned long
 bit_ceilul(unsigned long x)
 {
 	return 1 + (ULONG_MAX >> leading_zerosul(x));
 }
 /* stdc_bit_ceilul(3), but wrap instead of having Undefined Behavior */
 inline unsigned long
 bit_ceil_wrapul(unsigned long x)
 {
 	if (x == 0)
 		return 0;
 	return bit_ceilul(x);
 }
 /* stdc_leading_zerosul(3) */
 inline int
 leading_zerosul(unsigned long x)
 {
 	return (x == 0) ? ULONG_WIDTH : __builtin_clzl(x);
 }
 #endif  // include guard
@@ -1,33 +1,10 @@
 /*
- * Copyright (c) 1990 - 1994, Julianne Frances Haugh
+ * SPDX-FileCopyrightText: 1990 - 1994, Julianne Frances Haugh
- * Copyright (c) 1996 - 2001, Marek Michałkiewicz
+ * SPDX-FileCopyrightText: 1996 - 2001, Marek Michałkiewicz
- * Copyright (c) 2001 - 2006, Tomasz Kłoczko
+ * SPDX-FileCopyrightText: 2001 - 2006, Tomasz Kłoczko
- * Copyright (c) 2007 - 2011, Nicolas François
+ * SPDX-FileCopyrightText: 2007 - 2011, Nicolas François
 * All rights reserved.
 *
- * Redistribution and use in source and binary forms, with or without
+ * SPDX-License-Identifier: BSD-3-Clause
 * modification, are permitted provided that the following conditions
 * are met:
 * 1. Redistributions of source code must retain the above copyright
 *    notice, this list of conditions and the following disclaimer.
 * 2. Redistributions in binary form must reproduce the above copyright
 *    notice, this list of conditions and the following disclaimer in the
 *    documentation and/or other materials provided with the distribution.
 * 3. The name of the copyright holders or contributors may not be used to
 *    endorse or promote products derived from this software without
 *    specific prior written permission.
 *
 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
 * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
 * PARTICULAR PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE COPYRIGHT
 * HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
 * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
 * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 */
 #include <config.h>
@@ -44,6 +21,8 @@
 #include <errno.h>
 #include <stdio.h>
 #include <signal.h>
 #include "alloc.h"
 #include "nscd.h"
 #include "sssd.h"
 #ifdef WITH_TCB
@@ -51,10 +30,11 @@
 #endif				/* WITH_TCB */
 #include "prototypes.h"
 #include "commonio.h"
 #include "shadowlog_internal.h"
 /* local function prototypes */
 static int lrename (const char *, const char *);
-static int check_link_count (const char *file);
+static int check_link_count (const char *file, bool log);
 static int do_lock_file (const char *file, const char *lock, bool log);
 static /*@null@*/ /*@dependent@*/FILE *fopen_set_perms (
 	const char *name,
@@ -87,7 +67,6 @@ int lrename (const char *old, const char *new)
 	int res;
 	char *r = NULL;
 #if defined(S_ISLNK)
 #ifndef __GLIBC__
 	char resolved_path[PATH_MAX];
 #endif				/* !__GLIBC__ */
@@ -104,28 +83,35 @@ int lrename (const char *old, const char *new)
 			new = r;
 		}
 	}
 #endif				/* S_ISLNK */
 	res = rename (old, new);
 #ifdef __GLIBC__
-	if (NULL != r) {
+	free (r);
 		free (r);
 	}
 #endif				/* __GLIBC__ */
 	return res;
 }
-static int check_link_count (const char *file)
+static int check_link_count (const char *file, bool log)
 {
 	struct stat sb;
 	if (stat (file, &sb) != 0) {
 		if (log) {
 			(void) fprintf (shadow_logfd,
 			                "%s: %s file stat error: %s\n",
 			                shadow_progname, file, strerror (errno));
 		}
 		return 0;
 	}
 	if (sb.st_nlink != 2) {
 		if (log) {
 			(void) fprintf (shadow_logfd,
 			                "%s: %s: lock file already used (nlink: %u)\n",
 			                shadow_progname, file, sb.st_nlink);
 		}
 		return 0;
 	}
@@ -146,7 +132,7 @@ static int do_lock_file (const char *file, const char *lock, bool log)
 		if (log) {
 			(void) fprintf (shadow_logfd,
 			                "%s: %s: %s\n",
-			                Prog, file, strerror (errno));
+			                shadow_progname, file, strerror (errno));
 		}
 		return 0;
 	}
@@ -154,11 +140,11 @@ static int do_lock_file (const char *file, const char *lock, bool log)
 	pid = getpid ();
 	snprintf (buf, sizeof buf, "%lu", (unsigned long) pid);
 	len = (ssize_t) strlen (buf) + 1;
-	if (write (fd, buf, (size_t) len) != len) {
+	if (write_full (fd, buf, (size_t) len) != len) {
 		if (log) {
 			(void) fprintf (shadow_logfd,
 			                "%s: %s file write error: %s\n",
-			                Prog, file, strerror (errno));
+			                shadow_progname, file, strerror (errno));
 		}
 		(void) close (fd);
 		unlink (file);
@@ -168,7 +154,7 @@ static int do_lock_file (const char *file, const char *lock, bool log)
 		if (log) {
 			(void) fprintf (shadow_logfd,
 			                "%s: %s file sync error: %s\n",
-			                Prog, file, strerror (errno));
+			                shadow_progname, file, strerror (errno));
 		}
 		(void) close (fd);
 		unlink (file);
@@ -177,12 +163,7 @@ static int do_lock_file (const char *file, const char *lock, bool log)
 	close (fd);
 	if (link (file, lock) == 0) {
-		retval = check_link_count (file);
+		retval = check_link_count (file, log);
 		if ((0==retval) && log) {
 			(void) fprintf (shadow_logfd,
 			                "%s: %s: lock file already used\n",
 			                Prog, file);
 		}
 		unlink (file);
 		return retval;
 	}
@@ -192,7 +173,7 @@ static int do_lock_file (const char *file, const char *lock, bool log)
 		if (log) {
 			(void) fprintf (shadow_logfd,
 			                "%s: %s: %s\n",
-			                Prog, lock, strerror (errno));
+			                shadow_progname, lock, strerror (errno));
 		}
 		unlink (file);
 		errno = EINVAL;
@@ -204,7 +185,7 @@ static int do_lock_file (const char *file, const char *lock, bool log)
 		if (log) {
 			(void) fprintf (shadow_logfd,
 			                "%s: existing lock file %s without a PID\n",
-			                Prog, lock);
+			                shadow_progname, lock);
 		}
 		unlink (file);
 		errno = EINVAL;
@@ -215,7 +196,7 @@ static int do_lock_file (const char *file, const char *lock, bool log)
 		if (log) {
 			(void) fprintf (shadow_logfd,
 			                "%s: existing lock file %s with an invalid PID '%s'\n",
-			                Prog, lock, buf);
+			                shadow_progname, lock, buf);
 		}
 		unlink (file);
 		errno = EINVAL;
@@ -225,7 +206,7 @@ static int do_lock_file (const char *file, const char *lock, bool log)
 		if (log) {
 			(void) fprintf (shadow_logfd,
 			                "%s: lock %s already used by PID %lu\n",
-			                Prog, lock, (unsigned long) pid);
+			                shadow_progname, lock, (unsigned long) pid);
 		}
 		unlink (file);
 		errno = EEXIST;
@@ -235,7 +216,7 @@ static int do_lock_file (const char *file, const char *lock, bool log)
 		if (log) {
 			(void) fprintf (shadow_logfd,
 			                "%s: cannot get lock %s: %s\n",
-			                Prog, lock, strerror (errno));
+			                shadow_progname, lock, strerror (errno));
 		}
 		unlink (file);
 		return 0;
@@ -243,17 +224,12 @@ static int do_lock_file (const char *file, const char *lock, bool log)
 	retval = 0;
 	if (link (file, lock) == 0) {
-		retval = check_link_count (file);
+		retval = check_link_count (file, log);
 		if ((0==retval) && log) {
 			(void) fprintf (shadow_logfd,
 			                "%s: %s: lock file already used\n",
 			                Prog, file);
 		}
 	} else {
 		if (log) {
 			(void) fprintf (shadow_logfd,
 			                "%s: cannot get lock %s: %s\n",
-			                Prog, lock, strerror (errno));
+			                shadow_progname, lock, strerror (errno));
 		}
 	}
@@ -277,25 +253,13 @@ static /*@null@*/ /*@dependent@*/FILE *fopen_set_perms (
 		return NULL;
 	}
 #ifdef HAVE_FCHOWN
 	if (fchown (fileno (fp), sb->st_uid, sb->st_gid) != 0) {
 		goto fail;
 	}
 #else				/* !HAVE_FCHOWN */
 	if (chown (name, sb->st_mode) != 0) {
 		goto fail;
 	}
 #endif				/* !HAVE_FCHOWN */
 #ifdef HAVE_FCHMOD
 	if (fchmod (fileno (fp), sb->st_mode & 0664) != 0) {
 		goto fail;
 	}
-#else				/* !HAVE_FCHMOD */
+
 	if (chmod (name, sb->st_mode & 0664) != 0) {
 		goto fail;
 	}
 #endif				/* !HAVE_FCHMOD */
 	return fp;
      fail:
@@ -361,9 +325,7 @@ static void free_linked_list (struct commonio_db *db)
 		p = db->head;
 		db->head = p->next;
-		if (NULL != p->line) {
+		free (p->line);
 			free (p->line);
 		}
 		if (NULL != p->eptr) {
 			db->ops->free (p->eptr);
@@ -402,12 +364,12 @@ int commonio_lock_nowait (struct commonio_db *db, bool log)
 	}
 	file_len = strlen(db->filename) + 11;/* %lu max size */
 	lock_file_len = strlen(db->filename) + 6; /* sizeof ".lock" */
-	file = (char*)malloc(file_len);
+	file = MALLOC(file_len, char);
-	if(file == NULL) {
+	if (file == NULL) {
 		goto cleanup_ENOMEM;
 	}
-	lock = (char*)malloc(lock_file_len);
+	lock = MALLOC(lock_file_len, char);
-	if(lock == NULL) {
+	if (lock == NULL) {
 		goto cleanup_ENOMEM;
 	}
 	snprintf (file, file_len, "%s.%lu",
@@ -419,10 +381,8 @@ int commonio_lock_nowait (struct commonio_db *db, bool log)
 		err = 1;
 	}
 cleanup_ENOMEM:
-	if(file)
+	free(file);
-		free(file);
+	free(lock);
 	if(lock)
 		free(lock);
 	return err;
 }
@@ -448,7 +408,7 @@ int commonio_lock (struct commonio_db *db)
 				if (geteuid () != 0) {
 					(void) fprintf (shadow_logfd,
 					                "%s: Permission denied.\n",
-					                Prog);
+					                shadow_progname);
 				}
 				return 0;	/* failure */
 			}
@@ -483,7 +443,7 @@ int commonio_lock (struct commonio_db *db)
 		/* no unnecessary retries on "permission denied" errors */
 		if (geteuid () != 0) {
 			(void) fprintf (shadow_logfd, "%s: Permission denied.\n",
-			                Prog);
+			                shadow_progname);
 			return 0;
 		}
 	}
@@ -648,7 +608,7 @@ int commonio_open (struct commonio_db *db, int mode)
 	fd = open (db->filename,
 	             (db->readonly ? O_RDONLY : O_RDWR)
-	           | O_NOCTTY | O_NONBLOCK | O_NOFOLLOW);
+	           | O_NOCTTY | O_NONBLOCK | O_NOFOLLOW | O_CLOEXEC);
 	saved_errno = errno;
 	db->fp = NULL;
 	if (fd >= 0) {
@@ -679,22 +639,19 @@ int commonio_open (struct commonio_db *db, int mode)
 		return 0;
 	}
 	/* Do not inherit fd in spawned processes (e.g. nscd) */
 	fcntl (fileno (db->fp), F_SETFD, FD_CLOEXEC);
 	buflen = BUFLEN;
-	buf = (char *) malloc (buflen);
+	buf = MALLOC(buflen, char);
 	if (NULL == buf) {
 		goto cleanup_ENOMEM;
 	}
-	while (db->ops->fgets (buf, (int) buflen, db->fp) == buf) {
+	while (db->ops->fgets (buf, buflen, db->fp) == buf) {
 		while (   ((cp = strrchr (buf, '\n')) == NULL)
 		       && (feof (db->fp) == 0)) {
 			size_t len;
 			buflen += BUFLEN;
-			cp = (char *) realloc (buf, buflen);
+			cp = REALLOC(buf, buflen, char);
 			if (NULL == cp) {
 				goto cleanup_buf;
 			}
@@ -728,7 +685,7 @@ int commonio_open (struct commonio_db *db, int mode)
 			}
 		}
-		p = (struct commonio_entry *) malloc (sizeof *p);
+		p = MALLOC(1, struct commonio_entry);
 		if (NULL == p) {
 			goto cleanup_entry;
 		}
@@ -805,7 +762,7 @@ commonio_sort (struct commonio_db *db, int (*cmp) (const void *, const void *))
 		return 0;
 	}
-	entries = malloc (n * sizeof (struct commonio_entry *));
+	entries = MALLOC(n, struct commonio_entry *);
 	if (entries == NULL) {
 		return -1;
 	}
@@ -1028,13 +985,11 @@ int commonio_close (struct commonio_db *db)
 	if (fflush (db->fp) != 0) {
 		errors++;
 	}
-#ifdef HAVE_FSYNC
+
 	if (fsync (fileno (db->fp)) != 0) {
 		errors++;
 	}
-#else				/* !HAVE_FSYNC */
+
 	sync ();
 #endif				/* !HAVE_FSYNC */
 	if (fclose (db->fp) != 0) {
 		errors++;
 	}
@@ -1126,7 +1081,7 @@ int commonio_update (struct commonio_db *db, const void *eptr)
 		return 1;
 	}
 	/* not found, new entry */
-	p = (struct commonio_entry *) malloc (sizeof *p);
+	p = MALLOC(1, struct commonio_entry);
 	if (NULL == p) {
 		db->ops->free (nentry);
 		errno = ENOMEM;
@@ -1163,7 +1118,7 @@ int commonio_append (struct commonio_db *db, const void *eptr)
 		return 0;
 	}
 	/* new entry */
-	p = (struct commonio_entry *) malloc (sizeof *p);
+	p = MALLOC(1, struct commonio_entry);
 	if (NULL == p) {
 		db->ops->free (nentry);
 		errno = ENOMEM;
@@ -1224,14 +1179,14 @@ int commonio_remove (struct commonio_db *db, const char *name)
 	commonio_del_entry (db, p);
-	if (NULL != p->line) {
+	free (p->line);
 		free (p->line);
 	}
 	if (NULL != p->eptr) {
 		db->ops->free (p->eptr);
 	}
 	free(p);
 	return 1;
 }
@@ -1,33 +1,10 @@
 /*
- * Copyright (c) 1990 - 1994, Julianne Frances Haugh
+ * SPDX-FileCopyrightText: 1990 - 1994, Julianne Frances Haugh
- * Copyright (c) 1996 - 2000, Marek Michałkiewicz
+ * SPDX-FileCopyrightText: 1996 - 2000, Marek Michałkiewicz
- * Copyright (c) 2001 - 2005, Tomasz Kłoczko
+ * SPDX-FileCopyrightText: 2001 - 2005, Tomasz Kłoczko
- * Copyright (c) 2007 - 2010, Nicolas François
+ * SPDX-FileCopyrightText: 2007 - 2010, Nicolas François
 * All rights reserved.
 *
- * Redistribution and use in source and binary forms, with or without
+ * SPDX-License-Identifier: BSD-3-Clause
 * modification, are permitted provided that the following conditions
 * are met:
 * 1. Redistributions of source code must retain the above copyright
 *    notice, this list of conditions and the following disclaimer.
 * 2. Redistributions in binary form must reproduce the above copyright
 *    notice, this list of conditions and the following disclaimer in the
 *    documentation and/or other materials provided with the distribution.
 * 3. The name of the copyright holders or contributors may not be used to
 *    endorse or promote products derived from this software without
 *    specific prior written permission.
 *
 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
 * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
 * PARTICULAR PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE COPYRIGHT
 * HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
 * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
 * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 */
 /* $Id$ */
@@ -146,6 +123,7 @@ extern int commonio_setname (struct commonio_db *, const char *);
 extern bool commonio_present (const struct commonio_db *db);
 extern int commonio_lock (struct commonio_db *);
 extern int commonio_lock_nowait (struct commonio_db *, bool log);
 extern int do_fcntl_lock (const char *file, bool log, short type);
 extern int commonio_open (struct commonio_db *, int);
 extern /*@observer@*/ /*@null@*/const void *commonio_locate (struct commonio_db *, const char *);
 extern int commonio_update (struct commonio_db *, const void *);
@@ -6,43 +6,8 @@
 #include "config.h"
-#if HAVE_STDBOOL_H
+#include <stdbool.h>
-# include <stdbool.h>
+#include <locale.h>
 #else
 # if ! HAVE__BOOL
 #  ifdef __cplusplus
 typedef bool _Bool;
 #  else
 typedef unsigned char _Bool;
 #  endif
 # endif
 # define bool _Bool
 # define false (0)
 # define true  (1)
 # define __bool_true_false_are_defined 1
 #endif
 #define ISDIGIT_LOCALE(c) (IN_CTYPE_DOMAIN (c) && isdigit (c))
 /* Take care of NLS matters.  */
 #ifdef S_SPLINT_S
 extern char *setlocale(int categories, const char *locale);
 # define LC_ALL		(6)
 extern char * bindtextdomain (const char * domainname, const char * dirname);
 extern char * textdomain (const char * domainname);
 # define _(Text) Text
 # define ngettext(Msgid1, Msgid2, N) \
    ((N) == 1 ? (const char *) (Msgid1) : (const char *) (Msgid2))
 #else
 #ifdef HAVE_LOCALE_H
 # include <locale.h>
 #else
 # undef setlocale
 # define setlocale(category, locale)	(NULL)
 # ifndef LC_ALL
 #  define LC_ALL	6
 # endif
 #endif
 #define gettext_noop(String) (String)
 /* #define gettext_def(String) "#define String" */
@@ -59,42 +24,17 @@ extern char * textdomain (const char * domainname);
 # define ngettext(Msgid1, Msgid2, N) \
    ((N) == 1 ? (const char *) (Msgid1) : (const char *) (Msgid2))
 #endif
 #endif
-#if STDC_HEADERS
+#include <stdlib.h>
-# include <stdlib.h>
+#include <string.h>
 # include <string.h>
 #else				/* not STDC_HEADERS */
 # ifndef HAVE_STRCHR
 #  define strchr index
 #  define strrchr rindex
 # endif
 char *strchr (), *strrchr (), *strtok ();
-# ifndef HAVE_MEMCPY
+#include <errno.h>
 #  define memcpy(d, s, n) bcopy((s), (d), (n))
 # endif
 #endif				/* not STDC_HEADERS */
 #if HAVE_ERRNO_H
 # include <errno.h>
 #endif
 #include <sys/stat.h>
 #include <sys/types.h>
-#if HAVE_SYS_WAIT_H
+#include <sys/wait.h>
 # include <sys/wait.h>
 #endif
 #ifndef WEXITSTATUS
 # define WEXITSTATUS(stat_val) ((unsigned)(stat_val) >> 8)
 #endif
 #ifndef WIFEXITED
 # define WIFEXITED(stat_val) (((stat_val) & 255) == 0)
 #endif
-#if HAVE_UNISTD_H
+#include <unistd.h>
 # include <unistd.h>
 #endif
 /*
 * crypt(3), crypt_gensalt(3), and their
@@ -104,39 +44,24 @@ char *strchr (), *strrchr (), *strtok ();
 # include <crypt.h>
 #endif
-#if TIME_WITH_SYS_TIME
+#include <sys/time.h>
-# include <sys/time.h>
+#include <time.h>
-# include <time.h>
+
-#else				/* not TIME_WITH_SYS_TIME */
+#ifdef HAVE_MEMSET_EXPLICIT
-# if HAVE_SYS_TIME_H
+# define memzero(ptr, size) memset_explicit((ptr), 0, (size))
-#  include <sys/time.h>
+#elif defined HAVE_EXPLICIT_BZERO	/* !HAVE_MEMSET_S */
-# else
+# define memzero(ptr, size) explicit_bzero((ptr), (size))
-#  include <time.h>
+#else					/* !HAVE_MEMSET_S && HAVE_EXPLICIT_BZERO */
-# endif
+static inline void memzero(void *ptr, size_t size)
-#endif				/* not TIME_WITH_SYS_TIME */
+{
 	ptr = memset(ptr, '\0', size);
 	__asm__ __volatile__ ("" : : "r"(ptr) : "memory");
 }
 #endif					/* !HAVE_MEMSET_S && !HAVE_EXPLICIT_BZERO */
 #ifdef HAVE_MEMSET
 # define memzero(ptr, size) memset((void *)(ptr), 0, (size))
 #else
 # define memzero(ptr, size) bzero((char *)(ptr), (size))
 #endif
 #define strzero(s) memzero(s, strlen(s))	/* warning: evaluates twice */
-#ifdef HAVE_DIRENT_H		/* DIR_SYSV */
+#include <dirent.h>
 # include <dirent.h>
 # define DIRECT dirent
 #else
 # ifdef HAVE_SYS_NDIR_H		/* DIR_XENIX */
 #  include <sys/ndir.h>
 # endif
 # ifdef HAVE_SYS_DIR_H		/* DIR_??? */
 #  include <sys/dir.h>
 # endif
 # ifdef HAVE_NDIR_H		/* DIR_BSD */
 #  include <ndir.h>
 # endif
 # define DIRECT direct
 #endif
 /*
 * Possible cases:
@@ -158,7 +83,6 @@ char *strchr (), *strrchr (), *strtok ();
 #endif
 #endif
 #ifdef USE_SYSLOG
 #include <syslog.h>
 #ifndef LOG_WARN
@@ -205,14 +129,6 @@ char *strchr (), *strrchr (), *strtok ();
 #define SYSLOG(x) syslog x
 #endif				/* !ENABLE_NLS */
 #else				/* !USE_SYSLOG */
 #define SYSLOG(x)		/* empty */
 #define openlog(a,b,c)		/* empty */
 #define closelog()		/* empty */
 #endif				/* !USE_SYSLOG */
 /* The default syslog settings can now be changed here,
   in just one place.  */
@@ -227,57 +143,10 @@ char *strchr (), *strrchr (), *strtok ();
 #define OPENLOG(progname) openlog(progname, SYSLOG_OPTIONS, SYSLOG_FACILITY)
-#ifndef F_OK
+#include <termios.h>
-# define F_OK 0
+#define STTY(fd, termio) tcsetattr(fd, TCSANOW, termio)
-# define X_OK 1
+#define GTTY(fd, termio) tcgetattr(fd, termio)
-# define W_OK 2
+#define TERMIO struct termios
 # define R_OK 4
 #endif
 #ifndef SEEK_SET
 # define SEEK_SET 0
 # define SEEK_CUR 1
 # define SEEK_END 2
 #endif
 #ifdef STAT_MACROS_BROKEN
 # define S_ISDIR(x) ((x) & S_IFMT) == S_IFDIR)
 # define S_ISREG(x) ((x) & S_IFMT) == S_IFREG)
 # ifdef S_IFLNK
 #  define S_ISLNK(x) ((x) & S_IFMT) == S_IFLNK)
 # endif
 #endif
 #ifndef S_ISLNK
 #define S_ISLNK(x) (0)
 #endif
 #if HAVE_LCHOWN
 #define LCHOWN lchown
 #else
 #define LCHOWN chown
 #endif
 #if HAVE_LSTAT
 #define LSTAT lstat
 #else
 #define LSTAT stat
 #endif
 #if HAVE_TERMIOS_H
 # include <termios.h>
 # define STTY(fd, termio) tcsetattr(fd, TCSANOW, termio)
 # define GTTY(fd, termio) tcgetattr(fd, termio)
 # define TERMIO struct termios
 # define USE_TERMIOS
 #else				/* assumed HAVE_TERMIO_H */
 # include <sys/ioctl.h>
 # include <termio.h>
 # define STTY(fd, termio) ioctl(fd, TCSETA, termio)
 # define GTTY(fd, termio) ioctl(fd, TCGETA, termio)
 # define TEMRIO struct termio
 # define USE_TERMIO
 #endif
 /*
 * Password aging constants
@@ -300,6 +169,10 @@ char *strchr (), *strrchr (), *strtok ();
 #define SCALE DAY
 #endif
 #define WIDTHOF(x)   (sizeof(x) * CHAR_BIT)
 #define NITEMS(arr)  (sizeof((arr)) / sizeof((arr)[0]))
 #define STRLEN(s)    (NITEMS(s) - 1)
 /* Copy string pointed by B to array A with size checking.  It was originally
   in lmain.c but is _very_ useful elsewhere.  Some setuid root programs with
   very sloppy coding used to assume that BUFSIZ will always be enough...  */
@@ -326,18 +199,6 @@ char *strchr (), *strrchr (), *strtok ();
 #endif
 #endif
 #ifndef NULL
 #define NULL ((void *) 0)
 #endif
 #ifdef sun			/* hacks for compiling on SunOS */
 # ifndef SOLARIS
 extern int fputs ();
 extern char *strdup ();
 extern char *strerror ();
 # endif
 #endif
 /*
 * string to use for the pw_passwd field in /etc/passwd when using
 * shadow passwords - most systems use "x" but there are a few
@@ -362,34 +223,22 @@ extern char *strerror ();
 /* To be used for verified unused parameters */
 #if defined(__GNUC__) && !defined(__STRICT_ANSI__)
-# define unused __attribute__((unused))
+# define unused    __attribute__((unused))
 # define NORETURN  __attribute__((__noreturn__))
 # define format_attr(type, index, check) __attribute__((format (type, index, check)))
 #else
 # define unused
 # define NORETURN
 # define format_attr(type, index, check)
 #endif
-/* ! Arguments evaluated twice ! */
+/* Maximum length of passwd entry */
-#ifndef MIN
+#define PASSWD_ENTRY_MAX_LENGTH 32768
 #define MIN(a,b) (((a) < (b)) ? (a) : (b))
 #endif
 #ifndef MAX
 #define MAX(x,y) (((x) > (y)) ? (x) : (y))
 #endif
-/* Maximum length of usernames */
+#if (__GNUC__ >= 11) && !defined(__clang__)
-#ifdef HAVE_UTMPX_H
+# define ATTR_MALLOC(deallocator)  [[gnu::malloc(deallocator)]]
 # include <utmpx.h>
 # define USER_NAME_MAX_LENGTH (sizeof (((struct utmpx *)NULL)->ut_user))
 #else
-# include <utmp.h>
+# define ATTR_MALLOC(deallocator)
 # ifdef HAVE_STRUCT_UTMP_UT_USER
 #  define USER_NAME_MAX_LENGTH (sizeof (((struct utmp *)NULL)->ut_user))
 # else
 #  ifdef HAVE_STRUCT_UTMP_UT_NAME
 #   define USER_NAME_MAX_LENGTH (sizeof (((struct utmp *)NULL)->ut_name))
 #  else
 #   define USER_NAME_MAX_LENGTH 32
 #  endif
 # endif
 #endif
 #ifdef HAVE_SECURE_GETENV
@@ -1,33 +1,10 @@
 /*
- * Copyright (c) 1990 - 1993, Julianne Frances Haugh
+ * SPDX-FileCopyrightText: 1990 - 1993, Julianne Frances Haugh
- * Copyright (c) 1996 - 2000, Marek Michałkiewicz
+ * SPDX-FileCopyrightText: 1996 - 2000, Marek Michałkiewicz
- * Copyright (c) 2005       , Tomasz Kłoczko
+ * SPDX-FileCopyrightText: 2005       , Tomasz Kłoczko
- * Copyright (c) 2007 - 2010, Nicolas François
+ * SPDX-FileCopyrightText: 2007 - 2010, Nicolas François
 * All rights reserved.
 *
- * Redistribution and use in source and binary forms, with or without
+ * SPDX-License-Identifier: BSD-3-Clause
 * modification, are permitted provided that the following conditions
 * are met:
 * 1. Redistributions of source code must retain the above copyright
 *    notice, this list of conditions and the following disclaimer.
 * 2. Redistributions in binary form must reproduce the above copyright
 *    notice, this list of conditions and the following disclaimer in the
 *    documentation and/or other materials provided with the distribution.
 * 3. The name of the copyright holders or contributors may not be used to
 *    endorse or promote products derived from this software without
 *    specific prior written permission.
 *
 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
 * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
 * PARTICULAR PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE COPYRIGHT
 * HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
 * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
 * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 */
 #include <config.h>
@@ -39,6 +16,7 @@
 #include "prototypes.h"
 #include "defines.h"
 #include "shadowlog_internal.h"
 /*@exposed@*//*@null@*/char *pw_encrypt (const char *clear, const char *salt)
 {
@@ -1,30 +1,7 @@
 /*
- * Copyright (c) 2005 - 2006, Tomasz Kłoczko
+ * SPDX-FileCopyrightText: 2005 - 2006, Tomasz Kłoczko
 * All rights reserved.
 *
- * Redistribution and use in source and binary forms, with or without
+ * SPDX-License-Identifier: BSD-3-Clause
 * modification, are permitted provided that the following conditions
 * are met:
 * 1. Redistributions of source code must retain the above copyright
 *    notice, this list of conditions and the following disclaimer.
 * 2. Redistributions in binary form must reproduce the above copyright
 *    notice, this list of conditions and the following disclaimer in the
 *    documentation and/or other materials provided with the distribution.
 * 3. The name of the copyright holders or contributors may not be used to
 *    endorse or promote products derived from this software without
 *    specific prior written permission.
 *
 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
 * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
 * PARTICULAR PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE COPYRIGHT
 * HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
 * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
 * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 */
 /* $Id$ */
@@ -1,32 +1,9 @@
 /*
- * Copyright (c) 1989 - 1994, Julianne Frances Haugh
+ * SPDX-FileCopyrightText: 1989 - 1994, Julianne Frances Haugh
- * Copyright (c) 1996 - 1997, Marek Michałkiewicz
+ * SPDX-FileCopyrightText: 1996 - 1997, Marek Michałkiewicz
- * Copyright (c) 2005       , Tomasz Kłoczko
+ * SPDX-FileCopyrightText: 2005       , Tomasz Kłoczko
 * All rights reserved.
 *
- * Redistribution and use in source and binary forms, with or without
+ * SPDX-License-Identifier: BSD-3-Clause
 * modification, are permitted provided that the following conditions
 * are met:
 * 1. Redistributions of source code must retain the above copyright
 *    notice, this list of conditions and the following disclaimer.
 * 2. Redistributions in binary form must reproduce the above copyright
 *    notice, this list of conditions and the following disclaimer in the
 *    documentation and/or other materials provided with the distribution.
 * 3. The name of the copyright holders or contributors may not be used to
 *    endorse or promote products derived from this software without
 *    specific prior written permission.
 *
 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
 * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
 * PARTICULAR PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE COPYRIGHT
 * HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
 * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
 * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 */
 /*
@@ -45,8 +22,8 @@
 struct faillog {
 	short fail_cnt;		/* failures since last success */
 	short fail_max;		/* failures before turning account off */
-	char fail_line[12];	/* last failure occured here */
+	char fail_line[12];	/* last failure occurred here */
-	time_t fail_time;	/* last failure occured then */
+	time_t fail_time;	/* last failure occurred then */
 	/*
 	 * If nonzero, the account will be re-enabled if there are no
 	 * failures for fail_locktime seconds since last failure.
@@ -1,33 +1,10 @@
 /*
- * Copyright (c) 1990       , Julianne Frances Haugh
+ * SPDX-FileCopyrightText: 1990       , Julianne Frances Haugh
- * Copyright (c) 1996 - 1997, Marek Michałkiewicz
+ * SPDX-FileCopyrightText: 1996 - 1997, Marek Michałkiewicz
- * Copyright (c) 2003 - 2005, Tomasz Kłoczko
+ * SPDX-FileCopyrightText: 2003 - 2005, Tomasz Kłoczko
- * Copyright (c) 2007       , Nicolas François
+ * SPDX-FileCopyrightText: 2007       , Nicolas François
 * All rights reserved.
 *
- * Redistribution and use in source and binary forms, with or without
+ * SPDX-License-Identifier: BSD-3-Clause
 * modification, are permitted provided that the following conditions
 * are met:
 * 1. Redistributions of source code must retain the above copyright
 *    notice, this list of conditions and the following disclaimer.
 * 2. Redistributions in binary form must reproduce the above copyright
 *    notice, this list of conditions and the following disclaimer in the
 *    documentation and/or other materials provided with the distribution.
 * 3. The name of the copyright holders or contributors may not be used to
 *    endorse or promote products derived from this software without
 *    specific prior written permission.
 *
 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
 * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
 * PARTICULAR PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE COPYRIGHT
 * HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
 * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
 * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 */
 #include <config.h>
@@ -44,9 +21,9 @@
 *
 * The supplied field is scanned for non-printable and other illegal
 * characters.
- *  + -1 is returned if an illegal character is present.
+ *  + -1 is returned if an illegal or control character is present.
- *  +  1 is returned if no illegal characters are present, but the field
+ *  +  1 is returned if no illegal or control characters are present,
- *       contains a non-printable character.
+ *       but the field contains a non-printable character.
 *  +  0 is returned otherwise.
 */
 int valid_field (const char *field, const char *illegal)
@@ -60,20 +37,19 @@ int valid_field (const char *field, const char *illegal)
 	/* For each character of field, search if it appears in the list
 	 * of illegal characters. */
-	for (cp = field; '\0' != *cp; cp++) {
+	if (illegal && NULL != strpbrk (field, illegal)) {
-		if (strchr (illegal, *cp) != NULL) {
+		return -1;
 			err = -1;
 			break;
 		}
 	}
-	if (0 == err) {
+	/* Search if there are non-printable or control characters */
-		/* Search if there are some non-printable characters */
+	for (cp = field; '\0' != *cp; cp++) {
-		for (cp = field; '\0' != *cp; cp++) {
+		unsigned char c = *cp;
-			if (!isprint (*cp)) {
+		if (!isprint (c)) {
-				err = 1;
+			err = 1;
-				break;
+		}
-			}
+		if (iscntrl (c)) {
 			err = -1;
 			break;
 		}
 	}
@@ -97,7 +73,7 @@ void change_field (char *buf, size_t maxsize, const char *prompt)
 	printf ("\t%s [%s]: ", prompt, buf);
 	(void) fflush (stdout);
-	if (fgets (newf, (int) maxsize, stdin) != newf) {
+	if (fgets (newf, maxsize, stdin) != newf) {
 		return;
 	}
@@ -114,17 +90,16 @@ void change_field (char *buf, size_t maxsize, const char *prompt)
 		 * entering a space.  --marekm
 		 */
-		while (--cp >= newf && isspace (*cp));
+		while (newf < cp && isspace (cp[-1])) {
-		cp++;
+			cp--;
 		}
 		*cp = '\0';
 		cp = newf;
-		while (('\0' != *cp) && isspace (*cp)) {
+		while (isspace (*cp)) {
 			cp++;
 		}
-		strncpy (buf, cp, maxsize - 1);
+		strcpy (buf, cp);
 		buf[maxsize - 1] = '\0';
 	}
 }
@@ -1,33 +1,10 @@
 /*
- * Copyright (c) 1990 - 1994, Julianne Frances Haugh
+ * SPDX-FileCopyrightText: 1990 - 1994, Julianne Frances Haugh
- * Copyright (c) 1996 - 1999, Marek Michałkiewicz
+ * SPDX-FileCopyrightText: 1996 - 1999, Marek Michałkiewicz
- * Copyright (c) 2005       , Tomasz Kłoczko
+ * SPDX-FileCopyrightText: 2005       , Tomasz Kłoczko
- * Copyright (c) 2008       , Nicolas François
+ * SPDX-FileCopyrightText: 2008       , Nicolas François
 * All rights reserved.
 *
- * Redistribution and use in source and binary forms, with or without
+ * SPDX-License-Identifier: BSD-3-Clause
 * modification, are permitted provided that the following conditions
 * are met:
 * 1. Redistributions of source code must retain the above copyright
 *    notice, this list of conditions and the following disclaimer.
 * 2. Redistributions in binary form must reproduce the above copyright
 *    notice, this list of conditions and the following disclaimer in the
 *    documentation and/or other materials provided with the distribution.
 * 3. The name of the copyright holders or contributors may not be used to
 *    endorse or promote products derived from this software without
 *    specific prior written permission.
 *
 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
 * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
 * PARTICULAR PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE COPYRIGHT
 * HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
 * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
 * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 */
 #include <config.h>
@@ -1,30 +1,7 @@
 /*
- * Copyright (c) 2009       , Nicolas François
+ * SPDX-FileCopyrightText: 2009       , Nicolas François
 * All rights reserved.
 *
- * Redistribution and use in source and binary forms, with or without
+ * SPDX-License-Identifier: BSD-3-Clause
 * modification, are permitted provided that the following conditions
 * are met:
 * 1. Redistributions of source code must retain the above copyright
 *    notice, this list of conditions and the following disclaimer.
 * 2. Redistributions in binary form must reproduce the above copyright
 *    notice, this list of conditions and the following disclaimer in the
 *    documentation and/or other materials provided with the distribution.
 * 3. The name of the copyright holders or contributors may not be used to
 *    endorse or promote products derived from this software without
 *    specific prior written permission.
 *
 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
 * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
 * PARTICULAR PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE COPYRIGHT
 * HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
 * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
 * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 */
 #include <config.h>
@@ -48,7 +25,7 @@ int get_gid (const char *gidstr, gid_t *gid)
 		return 0;
 	}
-	*gid = (gid_t)val;
+	*gid = val;
 	return 1;
 }
@@ -1,30 +1,7 @@
 /*
- * Copyright (c) 2009       , Nicolas François
+ * SPDX-FileCopyrightText: 2009       , Nicolas François
 * All rights reserved.
 *
- * Redistribution and use in source and binary forms, with or without
+ * SPDX-License-Identifier: BSD-3-Clause
 * modification, are permitted provided that the following conditions
 * are met:
 * 1. Redistributions of source code must retain the above copyright
 *    notice, this list of conditions and the following disclaimer.
 * 2. Redistributions in binary form must reproduce the above copyright
 *    notice, this list of conditions and the following disclaimer in the
 *    documentation and/or other materials provided with the distribution.
 * 3. The name of the copyright holders or contributors may not be used to
 *    endorse or promote products derived from this software without
 *    specific prior written permission.
 *
 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
 * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
 * PARTICULAR PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE COPYRIGHT
 * HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
 * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
 * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 */
 #include <config.h>
@@ -33,6 +10,9 @@
 #include "prototypes.h"
 #include "defines.h"
 #include <sys/types.h>
 #include <sys/stat.h>
 #include <fcntl.h>
 int get_pid (const char *pidstr, pid_t *pid)
 {
@@ -44,11 +24,79 @@ int get_pid (const char *pidstr, pid_t *pid)
 	if (   ('\0' == *pidstr)
 	    || ('\0' != *endptr)
 	    || (ERANGE == errno)
 	    || (val < 1)
 	    || (/*@+longintegral@*/val != (pid_t)val)/*@=longintegral@*/) {
 		return 0;
 	}
-	*pid = (pid_t)val;
+	*pid = val;
 	return 1;
 }
 /*
 * If use passed in fd:4 as an argument, then return the
 * value '4', the fd to use.
 * On error, return -1.
 */
 int get_pidfd_from_fd(const char *pidfdstr)
 {
 	long long int val;
 	char *endptr;
 	struct stat st;
 	dev_t proc_st_dev, proc_st_rdev;
 	errno = 0;
 	val = strtoll (pidfdstr, &endptr, 10);
 	if (   ('\0' == *pidfdstr)
 	    || ('\0' != *endptr)
 	    || (ERANGE == errno)
 	    || (val < 0)
 	    || (/*@+longintegral@*/val != (int)val)/*@=longintegral@*/) {
 		return -1;
 	}
 	if (stat("/proc/self/uid_map", &st) < 0) {
 		return -1;
 	}
 	proc_st_dev = st.st_dev;
 	proc_st_rdev = st.st_rdev;
 	if (fstat(val, &st) < 0) {
 		return -1;
 	}
 	if (st.st_dev != proc_st_dev || st.st_rdev != proc_st_rdev) {
 		return -1;
 	}
 	return (int)val;
 }
 int open_pidfd(const char *pidstr)
 {
 	int proc_dir_fd;
 	int written;
 	char proc_dir_name[32];
 	pid_t target;
 	if (get_pid(pidstr, &target) == 0)
 		return -ENOENT;
 	/* max string length is 6 + 10 + 1 + 1 = 18, allocate 32 bytes */
 	written = snprintf(proc_dir_name, sizeof(proc_dir_name), "/proc/%u/",
 		target);
 	if ((written <= 0) || ((size_t)written >= sizeof(proc_dir_name))) {
 		fprintf(stderr, "snprintf of proc path failed for %u: %s\n",
 			target, strerror(errno));
 		return -EINVAL;
 	}
 	proc_dir_fd = open(proc_dir_name, O_DIRECTORY);
 	if (proc_dir_fd < 0) {
 		fprintf(stderr, _("Could not open proc directory for target %u: %s\n"),
 			target, strerror(errno));
 		return -EINVAL;
 	}
 	return proc_dir_fd;
 }
@@ -1,30 +1,7 @@
 /*
- * Copyright (c) 2009       , Nicolas François
+ * SPDX-FileCopyrightText: 2009       , Nicolas François
 * All rights reserved.
 *
- * Redistribution and use in source and binary forms, with or without
+ * SPDX-License-Identifier: BSD-3-Clause
 * modification, are permitted provided that the following conditions
 * are met:
 * 1. Redistributions of source code must retain the above copyright
 *    notice, this list of conditions and the following disclaimer.
 * 2. Redistributions in binary form must reproduce the above copyright
 *    notice, this list of conditions and the following disclaimer in the
 *    documentation and/or other materials provided with the distribution.
 * 3. The name of the copyright holders or contributors may not be used to
 *    endorse or promote products derived from this software without
 *    specific prior written permission.
 *
 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
 * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
 * PARTICULAR PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE COPYRIGHT
 * HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
 * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
 * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 */
 #include <config.h>
@@ -48,7 +25,7 @@ int get_uid (const char *uidstr, uid_t *uid)
 		return 0;
 	}
-	*uid = (uid_t)val;
+	*uid = val;
 	return 1;
 }
@@ -1,33 +1,10 @@
 /*
- * Copyright (c) 1991 - 1994, Julianne Frances Haugh
+ * SPDX-FileCopyrightText: 1991 - 1994, Julianne Frances Haugh
- * Copyright (c) 1996 - 2000, Marek Michałkiewicz
+ * SPDX-FileCopyrightText: 1996 - 2000, Marek Michałkiewicz
- * Copyright (c) 2002 - 2006, Tomasz Kłoczko
+ * SPDX-FileCopyrightText: 2002 - 2006, Tomasz Kłoczko
- * Copyright (c) 2007 - 2008, Nicolas François
+ * SPDX-FileCopyrightText: 2007 - 2008, Nicolas François
 * All rights reserved.
 *
- * Redistribution and use in source and binary forms, with or without
+ * SPDX-License-Identifier: BSD-3-Clause
 * modification, are permitted provided that the following conditions
 * are met:
 * 1. Redistributions of source code must retain the above copyright
 *    notice, this list of conditions and the following disclaimer.
 * 2. Redistributions in binary form must reproduce the above copyright
 *    notice, this list of conditions and the following disclaimer in the
 *    documentation and/or other materials provided with the distribution.
 * 3. The name of the copyright holders or contributors may not be used to
 *    endorse or promote products derived from this software without
 *    specific prior written permission.
 *
 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
 * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
 * PARTICULAR PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE COPYRIGHT
 * HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
 * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
 * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 */
 #include <config.h>
@@ -36,6 +13,7 @@
 #include "prototypes.h"
 #include "defines.h"
 #include <stddef.h>
 #include <stdio.h>
 #include <stdlib.h>
 #include <ctype.h>
@@ -43,7 +21,11 @@
 #ifdef USE_ECONF
 #include <libeconf.h>
 #endif
 #include "alloc.h"
 #include "getdef.h"
 #include "shadowlog_internal.h"
 /*
 * A configuration item definition.
 */
@@ -154,10 +136,8 @@ static struct itemdef def_table[] = {
 #ifndef USE_PAM
 	PAMDEFS
 #endif
 #ifdef USE_SYSLOG
 	{"SYSLOG_SG_ENAB", NULL},
 	{"SYSLOG_SU_ENAB", NULL},
 #endif
 #ifdef WITH_TCB
 	{"TCB_AUTH_GROUP", NULL},
 	{"TCB_SYMLINKS", NULL},
@@ -215,7 +195,7 @@ static void def_load (void);
 	}
 	d = def_find (item);
-	return ((NULL == d)? (const char *) NULL : d->value);
+	return (NULL == d) ? NULL : d->value;
 }
@@ -273,7 +253,7 @@ int getdef_num (const char *item, int dflt)
 		return dflt;
 	}
-	return (int) val;
+	return val;
 }
@@ -308,7 +288,7 @@ unsigned int getdef_unum (const char *item, unsigned int dflt)
 		return dflt;
 	}
-	return (unsigned int) val;
+	return val;
 }
@@ -367,7 +347,6 @@ unsigned long getdef_ulong (const char *item, unsigned long dflt)
 	}
 	if (getulong (d->value, &val) == 0) {
 		/* FIXME: we should have a getulong */
 		fprintf (shadow_logfd,
 		         _("configuration error - cannot parse %s value: '%s'"),
 		         item, d->value);
@@ -411,10 +390,7 @@ int putdef_str (const char *name, const char *value)
 		return -1;
 	}
-	if (NULL != d->value) {
+	free (d->value);
 		free (d->value);
 	}
 	d->value = cp;
 	return 0;
 }
@@ -456,7 +432,7 @@ static /*@observer@*/ /*@null@*/struct itemdef *def_find (const char *name)
 	SYSLOG ((LOG_CRIT, "unknown configuration item `%s'", name));
 out:
-	return (struct itemdef *) NULL;
+	return NULL;
 }
 /*
@@ -472,14 +448,14 @@ void setdef_config_file (const char* file)
 	char* cp;
 	len = strlen(file) + strlen(sysconfdir) + 2;
-	cp = malloc(len);
+	cp = MALLOC(len, char);
 	if (cp == NULL)
 		exit (13);
 	snprintf(cp, len, "%s/%s", file, sysconfdir);
 	sysconfdir = cp;
 #ifdef VENDORDIR
 	len = strlen(file) + strlen(vendordir) + 2;
-	cp = malloc(len);
+	cp = MALLOC(len, char);
 	if (cp == NULL)
 		exit (13);
 	snprintf(cp, len, "%s/%s", file, vendordir);
@@ -496,18 +472,13 @@ void setdef_config_file (const char* file)
 * Loads the user-configured options from the default configuration file
 */
 #ifdef USE_ECONF
 static void def_load (void)
 {
 #ifdef USE_ECONF
 	econf_file *defs_file = NULL;
 	econf_err error;
 	char **keys;
 	size_t key_number;
 #else
 	int i;
 	FILE *fp;
 	char buf[1024], *name, *value, *s;
 #endif
 	/*
 	 * Set the initialized flag.
@@ -515,8 +486,6 @@ static void def_load (void)
 	 */
 	def_loaded = true;
 #ifdef USE_ECONF
 	error = econf_readDirs (&defs_file, vendordir, sysconfdir, "login", "defs", " \t", "#");
 	if (error) {
 		if (error == ECONF_NOFILE)
@@ -536,7 +505,12 @@ static void def_load (void)
 	for (size_t i = 0; i < key_number; i++) {
 		char *value;
-		econf_getStringValue(defs_file, NULL, keys[i], &value);
+		error = econf_getStringValue(defs_file, NULL, keys[i], &value);
 		if (error) {
 			SYSLOG ((LOG_CRIT, "failed reading key %zu from econf [%s]",
 				i, econf_errString(error)));
 			exit (EXIT_FAILURE);
 		}
 		/*
 		 * Store the value in def_table.
@@ -546,11 +520,26 @@ static void def_load (void)
 		 * syslog. The tools will just use their default values.
 		 */
 		(void)putdef_str (keys[i], value);
 		free(value);
 	}
 	econf_free (keys);
 	econf_free (defs_file);
-#else
+}
 #else /* USE_ECONF */
 static void def_load (void)
 {
 	int i;
 	FILE *fp;
 	char buf[1024], *name, *value, *s;
 	/*
 	 * Set the initialized flag.
 	 * (do it early to prevent recursion in putdef_str())
 	 */
 	def_loaded = true;
 	/*
 	 * Open the configuration definitions file.
 	 */
@@ -568,12 +557,12 @@ static void def_load (void)
 	/*
 	 * Go through all of the lines in the file.
 	 */
-	while (fgets (buf, (int) sizeof (buf), fp) != NULL) {
+	while (fgets (buf, sizeof (buf), fp) != NULL) {
 		/*
 		 * Trim trailing whitespace.
 		 */
-		for (i = (int) strlen (buf) - 1; i >= 0; --i) {
+		for (i = (ptrdiff_t) strlen (buf) - 1; i >= 0; --i) {
 			if (!isspace (buf[i])) {
 				break;
 			}
@@ -614,8 +603,8 @@ static void def_load (void)
 	}
 	(void) fclose (fp);
 #endif
 }
 #endif /* USE_ECONF */
 #ifdef CKDEFS
@@ -1,33 +1,10 @@
 /*
- * Copyright (c) 1991 - 1994, Julianne Frances Haugh
+ * SPDX-FileCopyrightText: 1991 - 1994, Julianne Frances Haugh
- * Copyright (c) 1996 - 2000, Marek Michałkiewicz
+ * SPDX-FileCopyrightText: 1996 - 2000, Marek Michałkiewicz
- * Copyright (c) 2002 - 2006, Tomasz Kłoczko
+ * SPDX-FileCopyrightText: 2002 - 2006, Tomasz Kłoczko
- * Copyright (c) 2008       , Nicolas François
+ * SPDX-FileCopyrightText: 2008       , Nicolas François
 * All rights reserved.
 *
- * Redistribution and use in source and binary forms, with or without
+ * SPDX-License-Identifier: BSD-3-Clause
 * modification, are permitted provided that the following conditions
 * are met:
 * 1. Redistributions of source code must retain the above copyright
 *    notice, this list of conditions and the following disclaimer.
 * 2. Redistributions in binary form must reproduce the above copyright
 *    notice, this list of conditions and the following disclaimer in the
 *    documentation and/or other materials provided with the distribution.
 * 3. The name of the copyright holders or contributors may not be used to
 *    endorse or promote products derived from this software without
 *    specific prior written permission.
 *
 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
 * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
 * PARTICULAR PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE COPYRIGHT
 * HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
 * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
 * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 */
 #ifndef _GETDEF_H
 #define _GETDEF_H
@@ -1,30 +1,7 @@
 /*
- * Copyright (c) 2007 - 2009, Nicolas François
+ * SPDX-FileCopyrightText: 2007 - 2009, Nicolas François
 * All rights reserved.
 *
- * Redistribution and use in source and binary forms, with or without
+ * SPDX-License-Identifier: BSD-3-Clause
 * modification, are permitted provided that the following conditions
 * are met:
 * 1. Redistributions of source code must retain the above copyright
 *    notice, this list of conditions and the following disclaimer.
 * 2. Redistributions in binary form must reproduce the above copyright
 *    notice, this list of conditions and the following disclaimer in the
 *    documentation and/or other materials provided with the distribution.
 * 3. The name of the copyright holders or contributors may not be used to
 *    endorse or promote products derived from this software without
 *    specific prior written permission.
 *
 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
 * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
 * PARTICULAR PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE COPYRIGHT
 * HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
 * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
 * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 */
 #include <config.h>
@@ -1,30 +1,7 @@
 /*
- * Copyright (c) 2007 - 2009, Nicolas François
+ * SPDX-FileCopyrightText: 2007 - 2009, Nicolas François
 * All rights reserved.
 *
- * Redistribution and use in source and binary forms, with or without
+ * SPDX-License-Identifier: BSD-3-Clause
 * modification, are permitted provided that the following conditions
 * are met:
 * 1. Redistributions of source code must retain the above copyright
 *    notice, this list of conditions and the following disclaimer.
 * 2. Redistributions in binary form must reproduce the above copyright
 *    notice, this list of conditions and the following disclaimer in the
 *    documentation and/or other materials provided with the distribution.
 * 3. The name of the copyright holders or contributors may not be used to
 *    endorse or promote products derived from this software without
 *    specific prior written permission.
 *
 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
 * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
 * PARTICULAR PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE COPYRIGHT
 * HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
 * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
 * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 */
 #include <config.h>
@@ -1,34 +1,11 @@
 /*
- * Copyright (c) 1990 - 1994, Julianne Frances Haugh
+ * SPDX-FileCopyrightText: 1990 - 1994, Julianne Frances Haugh
- * Copyright (c) 1996 - 2000, Marek Michałkiewicz
+ * SPDX-FileCopyrightText: 1996 - 2000, Marek Michałkiewicz
- * Copyright (c) 2001       , Michał Moskal
+ * SPDX-FileCopyrightText: 2001       , Michał Moskal
- * Copyright (c) 2005       , Tomasz Kłoczko
+ * SPDX-FileCopyrightText: 2005       , Tomasz Kłoczko
- * Copyright (c) 2007 - 2010, Nicolas François
+ * SPDX-FileCopyrightText: 2007 - 2010, Nicolas François
 * All rights reserved.
 *
- * Redistribution and use in source and binary forms, with or without
+ * SPDX-License-Identifier: BSD-3-Clause
 * modification, are permitted provided that the following conditions
 * are met:
 * 1. Redistributions of source code must retain the above copyright
 *    notice, this list of conditions and the following disclaimer.
 * 2. Redistributions in binary form must reproduce the above copyright
 *    notice, this list of conditions and the following disclaimer in the
 *    documentation and/or other materials provided with the distribution.
 * 3. The name of the copyright holders or contributors may not be used to
 *    endorse or promote products derived from this software without
 *    specific prior written permission.
 *
 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
 * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
 * PARTICULAR PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE COPYRIGHT
 * HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
 * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
 * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 */
 #include <config.h>
@@ -38,6 +15,7 @@
 #include <assert.h>
 #include <stdio.h>
 #include "alloc.h"
 #include "prototypes.h"
 #include "defines.h"
 #include "commonio.h"
@@ -73,7 +51,7 @@ static const char *group_getname (const void *ent)
 static void *group_parse (const char *line)
 {
-	return (void *) sgetgrent (line);
+	return sgetgrent (line);
 }
 static int group_put (const void *ent, FILE * file)
@@ -182,7 +160,7 @@ int gr_open (int mode)
 int gr_update (const struct group *gr)
 {
-	return commonio_update (&group_db, (const void *) gr);
+	return commonio_update (&group_db, gr);
 }
 int gr_remove (const char *name)
@@ -270,8 +248,8 @@ static int group_open_hook (void)
 	for (gr1 = group_db.head; NULL != gr1; gr1 = gr1->next) {
 		for (gr2 = gr1->next; NULL != gr2; gr2 = gr2->next) {
-			struct group *g1 = (struct group *)gr1->eptr;
+			struct group *g1 = gr1->eptr;
-			struct group *g2 = (struct group *)gr2->eptr;
+			struct group *g2 = gr2->eptr;
 			if (NULL != g1 &&
 			    NULL != g2 &&
 			    0 == strcmp (g1->gr_name, g2->gr_name) &&
@@ -325,8 +303,8 @@ static /*@null@*/struct commonio_entry *merge_group_entries (
 		return NULL;
 	}
-	gptr1 = (struct group *)gr1->eptr;
+	gptr1 = gr1->eptr;
-	gptr2 = (struct group *)gr2->eptr;
+	gptr2 = gr2->eptr;
 	if (NULL == gptr2 || NULL == gptr1) {
 		errno = EINVAL;
 		return NULL;
@@ -334,9 +312,8 @@ static /*@null@*/struct commonio_entry *merge_group_entries (
 	/* Concatenate the 2 lines */
 	new_line_len = strlen (gr1->line) + strlen (gr2->line) +1;
-	new_line = (char *)malloc (new_line_len + 1);
+	new_line = MALLOC(new_line_len + 1, char);
 	if (NULL == new_line) {
 		errno = ENOMEM;
 		return NULL;
 	}
 	snprintf(new_line, new_line_len + 1, "%s\n%s", gr1->line, gr2->line);
@@ -356,10 +333,9 @@ static /*@null@*/struct commonio_entry *merge_group_entries (
 			members++;
 		}
 	}
-	new_members = (char **)calloc ( (members+1), sizeof(char*) );
+	new_members = CALLOC (members + 1, char *);
 	if (NULL == new_members) {
 		free (new_line);
 		errno = ENOMEM;
 		return NULL;
 	}
 	for (i=0; NULL != gptr1->gr_mem[i]; i++) {
@@ -400,7 +376,7 @@ static int split_groups (unsigned int max_members)
 	struct commonio_entry *gr;
 	for (gr = group_db.head; NULL != gr; gr = gr->next) {
-		struct group *gptr = (struct group *)gr->eptr;
+		struct group *gptr = gr->eptr;
 		struct commonio_entry *new;
 		struct group *new_gptr;
 		unsigned int members = 0;
@@ -418,9 +394,8 @@ static int split_groups (unsigned int max_members)
 			continue;
 		}
-		new = (struct commonio_entry *) malloc (sizeof *new);
+		new = MALLOC(1, struct commonio_entry);
 		if (NULL == new) {
 			errno = ENOMEM;
 			return 0;
 		}
 		new->eptr = group_dup(gr->eptr);
@@ -429,7 +404,7 @@ static int split_groups (unsigned int max_members)
 			errno = ENOMEM;
 			return 0;
 		}
-		new_gptr = (struct group *)new->eptr;
+		new_gptr = new->eptr;
 		new->line = NULL;
 		new->changed = true;
@@ -441,9 +416,7 @@ static int split_groups (unsigned int max_members)
 		/* Shift all the members */
 		/* The number of members in new_gptr will be check later */
 		for (i = 0; NULL != new_gptr->gr_mem[i + max_members]; i++) {
-			if (NULL != new_gptr->gr_mem[i]) {
+			free (new_gptr->gr_mem[i]);
 				free (new_gptr->gr_mem[i]);
 			}
 			new_gptr->gr_mem[i] = new_gptr->gr_mem[i + max_members];
 			new_gptr->gr_mem[i + max_members] = NULL;
 		}
@@ -1,34 +1,11 @@
 /*
- * Copyright (c) 1990 - 1994, Julianne Frances Haugh
+ * SPDX-FileCopyrightText: 1990 - 1994, Julianne Frances Haugh
- * Copyright (c) 1996 - 2000, Marek Michałkiewicz
+ * SPDX-FileCopyrightText: 1996 - 2000, Marek Michałkiewicz
- * Copyright (c) 2001       , Michał Moskal
+ * SPDX-FileCopyrightText: 2001       , Michał Moskal
- * Copyright (c) 2005       , Tomasz Kłoczko
+ * SPDX-FileCopyrightText: 2005       , Tomasz Kłoczko
- * Copyright (c) 2008       , Nicolas François
+ * SPDX-FileCopyrightText: 2008       , Nicolas François
 * All rights reserved.
 *
- * Redistribution and use in source and binary forms, with or without
+ * SPDX-License-Identifier: BSD-3-Clause
 * modification, are permitted provided that the following conditions
 * are met:
 * 1. Redistributions of source code must retain the above copyright
 *    notice, this list of conditions and the following disclaimer.
 * 2. Redistributions in binary form must reproduce the above copyright
 *    notice, this list of conditions and the following disclaimer in the
 *    documentation and/or other materials provided with the distribution.
 * 3. The name of the copyright holders or contributors may not be used to
 *    endorse or promote products derived from this software without
 *    specific prior written permission.
 *
 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
 * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
 * PARTICULAR PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE COPYRIGHT
 * HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
 * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
 * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 */
 /* $Id$ */
@@ -1,40 +1,18 @@
 /*
- * Copyright (c) 1990 - 1994, Julianne Frances Haugh
+ * SPDX-FileCopyrightText: 1990 - 1994, Julianne Frances Haugh
- * Copyright (c) 1996 - 2000, Marek Michałkiewicz
+ * SPDX-FileCopyrightText: 1996 - 2000, Marek Michałkiewicz
- * Copyright (c) 2001       , Michał Moskal
+ * SPDX-FileCopyrightText: 2001       , Michał Moskal
- * Copyright (c) 2005       , Tomasz Kłoczko
+ * SPDX-FileCopyrightText: 2005       , Tomasz Kłoczko
- * Copyright (c) 2007 - 2013, Nicolas François
+ * SPDX-FileCopyrightText: 2007 - 2013, Nicolas François
 * All rights reserved.
 *
- * Redistribution and use in source and binary forms, with or without
+ * SPDX-License-Identifier: BSD-3-Clause
 * modification, are permitted provided that the following conditions
 * are met:
 * 1. Redistributions of source code must retain the above copyright
 *    notice, this list of conditions and the following disclaimer.
 * 2. Redistributions in binary form must reproduce the above copyright
 *    notice, this list of conditions and the following disclaimer in the
 *    documentation and/or other materials provided with the distribution.
 * 3. The name of the copyright holders or contributors may not be used to
 *    endorse or promote products derived from this software without
 *    specific prior written permission.
 *
 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
 * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
 * PARTICULAR PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE COPYRIGHT
 * HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
 * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
 * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 */
 #include <config.h>
 #ident "$Id$"
 #include "alloc.h"
 #include "prototypes.h"
 #include "defines.h"
 #include "groupio.h"
@@ -44,7 +22,7 @@
 	struct group *gr;
 	int i;
-	gr = (struct group *) malloc (sizeof *gr);
+	gr = MALLOC(1, struct group);
 	if (NULL == gr) {
 		return NULL;
 	}
@@ -69,7 +47,7 @@
 	for (i = 0; grent->gr_mem[i]; i++);
 	/*@-mustfreeonly@*/
-	gr->gr_mem = (char **) malloc ((i + 1) * sizeof (char *));
+	gr->gr_mem = MALLOC(i + 1, char *);
 	/*@=mustfreeonly@*/
 	if (NULL == gr->gr_mem) {
 		gr_free(gr);
@@ -103,39 +81,9 @@ void gr_free (/*@out@*/ /*@only@*/struct group *grent)
 {
 	free (grent->gr_name);
 	if (NULL != grent->gr_passwd) {
-		memzero (grent->gr_passwd, strlen (grent->gr_passwd));
+		strzero (grent->gr_passwd);
 		free (grent->gr_passwd);
 	}
 	gr_free_members(grent);
 	free (grent);
 }
 bool gr_append_member(struct group *grp, char *member)
 {
 	int i;
 	if (NULL == grp->gr_mem || grp->gr_mem[0] == NULL) {
 		grp->gr_mem = (char **)malloc(2 * sizeof(char *));
 		if (!grp->gr_mem) {
 			return false;
 		}
 		grp->gr_mem[0] = strdup(member);
 		if (!grp->gr_mem[0]) {
 			return false;
 		}
 		grp->gr_mem[1] = NULL;
 		return true;
 	}
 	for (i = 0; grp->gr_mem[i]; i++) ;
 	grp->gr_mem = realloc(grp->gr_mem, (i + 2) * sizeof(char *));
 	if (NULL == grp->gr_mem) {
 		return false;
 	}
 	grp->gr_mem[i] = strdup(member);
 	if (NULL == grp->gr_mem[i]) {
 		return false;
 	}
 	grp->gr_mem[i + 1] = NULL;
 	return true;
 }
@@ -1,33 +1,10 @@
 /*
- * Copyright (c) 1990 - 1994, Julianne Frances Haugh
+ * SPDX-FileCopyrightText: 1990 - 1994, Julianne Frances Haugh
- * Copyright (c) 1996 - 1998, Marek Michałkiewicz
+ * SPDX-FileCopyrightText: 1996 - 1998, Marek Michałkiewicz
- * Copyright (c) 2005       , Tomasz Kłoczko
+ * SPDX-FileCopyrightText: 2005       , Tomasz Kłoczko
- * Copyright (c) 2008 - 2009, Nicolas François
+ * SPDX-FileCopyrightText: 2008 - 2009, Nicolas François
 * All rights reserved.
 *
- * Redistribution and use in source and binary forms, with or without
+ * SPDX-License-Identifier: BSD-3-Clause
 * modification, are permitted provided that the following conditions
 * are met:
 * 1. Redistributions of source code must retain the above copyright
 *    notice, this list of conditions and the following disclaimer.
 * 2. Redistributions in binary form must reproduce the above copyright
 *    notice, this list of conditions and the following disclaimer in the
 *    documentation and/or other materials provided with the distribution.
 * 3. The name of the copyright holders or contributors may not be used to
 *    endorse or promote products derived from this software without
 *    specific prior written permission.
 *
 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
 * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
 * PARTICULAR PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE COPYRIGHT
 * HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
 * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
 * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 */
 #include <config.h>
@@ -38,8 +15,12 @@
 #ident "$Id$"
 #include <stdio.h>
 #include <string.h>
 #include "alloc.h"
 #include "prototypes.h"
 #include "defines.h"
 static /*@null@*/FILE *shadow;
 static /*@null@*//*@only@*/char **members = NULL;
 static size_t nmembers = 0;
@@ -85,7 +66,7 @@ static /*@null@*/char **build_list (char *s, char **list[], size_t * nlist)
 	while (s != NULL && *s != '\0') {
 		size = (nelem + 1) * sizeof (ptr);
-		ptr = realloc (*list, size);
+		ptr = REALLOC(*list, size, char *);
 		if (NULL != ptr) {
 			ptr[nelem] = s;
 			nelem++;
@@ -99,7 +80,7 @@ static /*@null@*/char **build_list (char *s, char **list[], size_t * nlist)
 		}
 	}
 	size = (nelem + 1) * sizeof (ptr);
-	ptr = realloc (*list, size);
+	ptr = REALLOC(*list, size, char *);
 	if (NULL != ptr) {
 		ptr[nelem] = NULL;
 		*list = ptr;
@@ -125,7 +106,7 @@ void endsgent (void)
 		(void) fclose (shadow);
 	}
-	shadow = (FILE *) 0;
+	shadow = NULL;
 }
 /*@observer@*//*@null@*/struct sgrp *sgetsgent (const char *string)
@@ -139,7 +120,7 @@ void endsgent (void)
 	size_t len = strlen (string) + 1;
 	if (len > sgrbuflen) {
-		char *buf = (char *) realloc (sgrbuf, sizeof (char) * len);
+		char *buf = REALLOC(sgrbuf, len, char);
 		if (NULL == buf) {
 			return NULL;
 		}
@@ -147,8 +128,7 @@ void endsgent (void)
 		sgrbuflen = len;
 	}
-	strncpy (sgrbuf, string, len);
+	strcpy (sgrbuf, string);
 	sgrbuf[len-1] = '\0';
 	cp = strrchr (sgrbuf, '\n');
 	if (NULL != cp) {
@@ -218,7 +198,7 @@ void endsgent (void)
 	char *cp;
 	if (0 == buflen) {
-		buf = (char *) malloc (BUFSIZ);
+		buf = MALLOC(BUFSIZ, char);
 		if (NULL == buf) {
 			return NULL;
 		}
@@ -230,16 +210,16 @@ void endsgent (void)
 	}
 #ifdef	USE_NIS
-	while (fgetsx (buf, (int) buflen, fp) == buf)
+	while (fgetsx (buf, buflen, fp) == buf)
 #else
-	if (fgetsx (buf, (int) buflen, fp) == buf)
+	if (fgetsx (buf, buflen, fp) == buf)
 #endif
 	{
 		while (   ((cp = strrchr (buf, '\n')) == NULL)
 		       && (feof (fp) == 0)) {
 			size_t len;
-			cp = (char *) realloc (buf, buflen*2);
+			cp = REALLOC(buf, buflen * 2, char);
 			if (NULL == cp) {
 				return NULL;
 			}
@@ -422,7 +402,7 @@ void endsgent (void)
 		nis_disabled = true;
 	}
 #endif
-	while ((sgrp = getsgent ()) != (struct sgrp *) 0) {
+	while ((sgrp = getsgent ()) != NULL) {
 		if (strcmp (name, sgrp->sg_name) == 0) {
 			break;
 		}
@@ -460,7 +440,7 @@ int putsgent (const struct sgrp *sgrp, FILE * fp)
 		size += strlen (sgrp->sg_mem[i]) + 1;
 	}
-	buf = malloc (size);
+	buf = MALLOC(size, char);
 	if (NULL == buf) {
 		return -1;
 	}
@@ -525,5 +505,5 @@ int putsgent (const struct sgrp *sgrp, FILE * fp)
 	return 0;
 }
 #else
-extern int errno;		/* warning: ANSI C forbids an empty source file */
+extern int ISO_C_forbids_an_empty_translation_unit;
 #endif				/*} SHADOWGRP */
@@ -1,32 +1,9 @@
 /*
- * Copyright (c) 1988 - 1994, Julianne Frances Haugh
+ * SPDX-FileCopyrightText: 1988 - 1994, Julianne Frances Haugh
- * Copyright (c) 1996 - 1997, Marek Michałkiewicz
+ * SPDX-FileCopyrightText: 1996 - 1997, Marek Michałkiewicz
- * Copyright (c) 2003 - 2005, Tomasz Kłoczko
+ * SPDX-FileCopyrightText: 2003 - 2005, Tomasz Kłoczko
 * All rights reserved.
 *
- * Redistribution and use in source and binary forms, with or without
+ * SPDX-License-Identifier: BSD-3-Clause
 * modification, are permitted provided that the following conditions
 * are met:
 * 1. Redistributions of source code must retain the above copyright
 *    notice, this list of conditions and the following disclaimer.
 * 2. Redistributions in binary form must reproduce the above copyright
 *    notice, this list of conditions and the following disclaimer in the
 *    documentation and/or other materials provided with the distribution.
 * 3. The name of the copyright holders or contributors may not be used to
 *    endorse or promote products derived from this software without
 *    specific prior written permission.
 *
 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
 * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
 * PARTICULAR PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE COPYRIGHT
 * HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
 * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
 * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 */
 /*
@@ -1,32 +1,9 @@
 /*
- * Copyright (c) 1992       , Julianne Frances Haugh
+ * SPDX-FileCopyrightText: 1992       , Julianne Frances Haugh
- * Copyright (c) 1996 - 1998, Marek Michałkiewicz
+ * SPDX-FileCopyrightText: 1996 - 1998, Marek Michałkiewicz
- * Copyright (c) 2005       , Tomasz Kłoczko
+ * SPDX-FileCopyrightText: 2005       , Tomasz Kłoczko
 * All rights reserved.
 *
- * Redistribution and use in source and binary forms, with or without
+ * SPDX-License-Identifier: BSD-3-Clause
 * modification, are permitted provided that the following conditions
 * are met:
 * 1. Redistributions of source code must retain the above copyright
 *    notice, this list of conditions and the following disclaimer.
 * 2. Redistributions in binary form must reproduce the above copyright
 *    notice, this list of conditions and the following disclaimer in the
 *    documentation and/or other materials provided with the distribution.
 * 3. The name of the copyright holders or contributors may not be used to
 *    endorse or promote products derived from this software without
 *    specific prior written permission.
 *
 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
 * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
 * PARTICULAR PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE COPYRIGHT
 * HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
 * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
 * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 */
 #include <config.h>
@@ -104,5 +81,5 @@ int ulckpwdf (void)
 	return (pw_unlock () && spw_unlock ())? 0 : -1;
 }
 #else
-extern int errno;		/* warning: ANSI C forbids an empty source file */
+extern int ISO_C_forbids_an_empty_translation_unit;
 #endif
@@ -0,0 +1,31 @@
 /*
 * SPDX-FileCopyrightText:  2023, Alejandro Colomar <alx@kernel.org>
 *
 * SPDX-License-Identifier:  BSD-3-Clause
 */
 #ifndef SHADOW_INCLUDE_LIB_MEMPCPY_H_
 #define SHADOW_INCLUDE_LIB_MEMPCPY_H_
 #include <config.h>
 #if !defined(HAVE_MEMPCPY)
 #include <stddef.h>
 #include <string.h>
 inline void *mempcpy(void *restrict dst, const void *restrict src, size_t n);
 inline void *
 mempcpy(void *restrict dst, const void *restrict src, size_t n)
 {
 	return memcpy(dst, src, n) + n;
 }
 #endif  // !HAVE_MEMPCPY
 #endif  // include guard
@@ -10,6 +10,7 @@
 #include "defines.h"
 #include "prototypes.h"
 #include "nscd.h"
 #include "shadowlog_internal.h"
 #define MSG_NSCD_FLUSH_CACHE_FAILED "%s: Failed to flush the nscd cache.\n"
@@ -25,7 +26,7 @@ int nscd_flush_cache (const char *service)
 	if (run_command (cmd, spawnedArgs, spawnedEnv, &status) != 0) {
 		/* run_command writes its own more detailed message. */
-		(void) fprintf (shadow_logfd, _(MSG_NSCD_FLUSH_CACHE_FAILED), Prog);
+		(void) fprintf (shadow_logfd, _(MSG_NSCD_FLUSH_CACHE_FAILED), shadow_progname);
 		return -1;
 	}
@@ -33,7 +34,7 @@ int nscd_flush_cache (const char *service)
 	if (!WIFEXITED (status)) {
 		(void) fprintf (shadow_logfd,
 		                _("%s: nscd did not terminate normally (signal %d)\n"),
-		                Prog, WTERMSIG (status));
+		                shadow_progname, WTERMSIG (status));
 		return -1;
 	} else if (code == E_CMD_NOTFOUND) {
 		/* nscd is not installed, or it is installed but uses an
@@ -44,14 +45,14 @@ int nscd_flush_cache (const char *service)
 		return 0;
 	} else if (code != 0) {
 		(void) fprintf (shadow_logfd, _("%s: nscd exited with status %d\n"),
-		                Prog, code);
+		                shadow_progname, code);
-		(void) fprintf (shadow_logfd, _(MSG_NSCD_FLUSH_CACHE_FAILED), Prog);
+		(void) fprintf (shadow_logfd, _(MSG_NSCD_FLUSH_CACHE_FAILED), shadow_progname);
 		return -1;
 	}
 	return 0;
 }
 #else				/* USE_NSCD */
-extern int errno;		/* warning: ANSI C forbids an empty source file */
+extern int ISO_C_forbids_an_empty_translation_unit;
 #endif				/* USE_NSCD */
@@ -6,8 +6,12 @@
 #include <strings.h>
 #include <ctype.h>
 #include <stdatomic.h>
 #include "alloc.h"
 #include "prototypes.h"
 #include "../libsubid/subid.h"
 #include "shadowlog_internal.h"
 #include "shadowlog.h"
 #define NSSWITCH "/etc/nsswitch.conf"
@@ -28,7 +32,7 @@ bool nss_is_initialized() {
 	return atomic_load(&nss_init_completed);
 }
-void nss_exit() {
+static void nss_exit(void) {
 	if (nss_is_initialized() && subid_nss) {
 		dlclose(subid_nss->handle);
 		free(subid_nss);
@@ -37,10 +41,13 @@ void nss_exit() {
 }
 // nsswitch_path is an argument only to support testing.
-void nss_init(char *nsswitch_path) {
+void nss_init(const char *nsswitch_path) {
 	FILE *nssfp = NULL;
 	char *line = NULL, *p, *token, *saveptr;
 	size_t len = 0;
 	FILE *shadow_logfd = log_get_logfd();
 	char libname[65];
 	void *h;
 	if (atomic_flag_test_and_set(&nss_init_started)) {
 		// Another thread has started nss_init, wait for it to complete
@@ -56,83 +63,78 @@ void nss_init(char *nsswitch_path) {
 	//   subid:	files
 	nssfp = fopen(nsswitch_path, "r");
 	if (!nssfp) {
-		fprintf(shadow_logfd, "Failed opening %s: %m", nsswitch_path);
+		if (errno != ENOENT)
 			fprintf(shadow_logfd, "Failed opening %s: %m\n", nsswitch_path);
 		atomic_store(&nss_init_completed, true);
 		return;
 	}
-	while ((getline(&line, &len, nssfp)) != -1) {
+	p = NULL;
-		if (line[0] == '\0' || line[0] == '#')
+	while (getline(&line, &len, nssfp) != -1) {
 		if (line[0] == '#')
 			continue;
 		if (strlen(line) < 8)
 			continue;
 		if (strncasecmp(line, "subid:", 6) != 0)
 			continue;
 		p = &line[6];
-		while ((*p) && isspace(*p))
+		while (isspace(*p))
 			p++;
-		if (!*p)
+		if (*p != '\0')
-			continue;
+			break;
-		for (token = strtok_r(p, " \n\t", &saveptr);
+		p = NULL;
-		     token;
+	}
-		     token = strtok_r(NULL, " \n\t", &saveptr)) {
+	if (p == NULL) {
-			char libname[65];
+		goto null_subid;
-			void *h;
+	}
-			if (strcmp(token, "files") == 0) {
+	token = strtok_r(p, " \n\t", &saveptr);
-				subid_nss = NULL;
+	if (token == NULL) {
 				goto done;
 			}
 			if (strlen(token) > 50) {
 				fprintf(shadow_logfd, "Subid NSS module name too long (longer than 50 characters): %s\n", token);
 				fprintf(shadow_logfd, "Using files\n");
 				subid_nss = NULL;
 				goto done;
 			}
 			snprintf(libname, 64,  "libsubid_%s.so", token);
 			h = dlopen(libname, RTLD_LAZY);
 			if (!h) {
 				fprintf(shadow_logfd, "Error opening %s: %s\n", libname, dlerror());
 				fprintf(shadow_logfd, "Using files\n");
 				subid_nss = NULL;
 				goto done;
 			}
 			subid_nss = malloc(sizeof(*subid_nss));
 			if (!subid_nss) {
 				dlclose(h);
 				goto done;
 			}
 			subid_nss->has_range = dlsym(h, "shadow_subid_has_range");
 			if (!subid_nss->has_range) {
 				fprintf(shadow_logfd, "%s did not provide @has_range@\n", libname);
 				dlclose(h);
 				free(subid_nss);
 				subid_nss = NULL;
 				goto done;
 			}
 			subid_nss->list_owner_ranges = dlsym(h, "shadow_subid_list_owner_ranges");
 			if (!subid_nss->list_owner_ranges) {
 				fprintf(shadow_logfd, "%s did not provide @list_owner_ranges@\n", libname);
 				dlclose(h);
 				free(subid_nss);
 				subid_nss = NULL;
 				goto done;
 			}
 			subid_nss->find_subid_owners = dlsym(h, "shadow_subid_find_subid_owners");
 			if (!subid_nss->find_subid_owners) {
 				fprintf(shadow_logfd, "%s did not provide @find_subid_owners@\n", libname);
 				dlclose(h);
 				free(subid_nss);
 				subid_nss = NULL;
 				goto done;
 			}
 			subid_nss->handle = h;
 			goto done;
 		}
 		fprintf(shadow_logfd, "No usable subid NSS module found, using files\n");
 		// subid_nss has to be null here, but to ease reviews:
-		free(subid_nss);
+		goto null_subid;
 		subid_nss = NULL;
 		goto done;
 	}
 	if (strcmp(token, "files") == 0) {
 		goto null_subid;
 	}
 	if (strlen(token) > 50) {
 		fprintf(shadow_logfd, "Subid NSS module name too long (longer than 50 characters): %s\n", token);
 		fprintf(shadow_logfd, "Using files\n");
 		goto null_subid;
 	}
 	snprintf(libname, 64,  "libsubid_%s.so", token);
 	h = dlopen(libname, RTLD_LAZY);
 	if (!h) {
 		fprintf(shadow_logfd, "Error opening %s: %s\n", libname, dlerror());
 		fprintf(shadow_logfd, "Using files\n");
 		goto null_subid;
 	}
 	subid_nss = MALLOC(1, struct subid_nss_ops);
 	if (!subid_nss) {
 		goto close_lib;
 	}
 	subid_nss->has_range = dlsym(h, "shadow_subid_has_range");
 	if (!subid_nss->has_range) {
 		fprintf(shadow_logfd, "%s did not provide @has_range@\n", libname);
 		goto close_lib;
 	}
 	subid_nss->list_owner_ranges = dlsym(h, "shadow_subid_list_owner_ranges");
 	if (!subid_nss->list_owner_ranges) {
 		fprintf(shadow_logfd, "%s did not provide @list_owner_ranges@\n", libname);
 		goto close_lib;
 	}
 	subid_nss->find_subid_owners = dlsym(h, "shadow_subid_find_subid_owners");
 	if (!subid_nss->find_subid_owners) {
 		fprintf(shadow_logfd, "%s did not provide @find_subid_owners@\n", libname);
 		goto close_lib;
 	}
 	subid_nss->handle = h;
 	goto done;
 close_lib:
 	dlclose(h);
 	free(subid_nss);
 null_subid:
 	subid_nss = NULL;
 done:
 	atomic_store(&nss_init_completed, true);
@@ -1,31 +1,8 @@
 /*
- * Copyright (c) 1999       , Marek Michałkiewicz
+ * SPDX-FileCopyrightText: 1999       , Marek Michałkiewicz
- * Copyright (c) 2001 - 2005, Tomasz Kłoczko
+ * SPDX-FileCopyrightText: 2001 - 2005, Tomasz Kłoczko
 * All rights reserved.
 *
- * Redistribution and use in source and binary forms, with or without
+ * SPDX-License-Identifier: BSD-3-Clause
 * modification, are permitted provided that the following conditions
 * are met:
 * 1. Redistributions of source code must retain the above copyright
 *    notice, this list of conditions and the following disclaimer.
 * 2. Redistributions in binary form must reproduce the above copyright
 *    notice, this list of conditions and the following disclaimer in the
 *    documentation and/or other materials provided with the distribution.
 * 3. The name of the copyright holders or contributors may not be used to
 *    endorse or promote products derived from this software without
 *    specific prior written permission.
 *
 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
 * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
 * PARTICULAR PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE COPYRIGHT
 * HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
 * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
 * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 */
 #include <config.h>
@@ -38,7 +15,7 @@
 #endif
-static struct pam_conv conv = {
+static const struct pam_conv conv = {
 	SHADOW_PAM_CONVERSATION,
 	NULL
 };
@@ -1,33 +1,10 @@
 /*
- * Copyright (c) 1989 - 1994, Julianne Frances Haugh
+ * SPDX-FileCopyrightText: 1989 - 1994, Julianne Frances Haugh
- * Copyright (c) 1996 - 1997, Marek Michałkiewicz
+ * SPDX-FileCopyrightText: 1996 - 1997, Marek Michałkiewicz
- * Copyright (c) 2005       , Tomasz Kłoczko
+ * SPDX-FileCopyrightText: 2005       , Tomasz Kłoczko
- * Copyright (c) 2008       , Nicolas François
+ * SPDX-FileCopyrightText: 2008       , Nicolas François
 * All rights reserved.
 *
- * Redistribution and use in source and binary forms, with or without
+ * SPDX-License-Identifier: BSD-3-Clause
 * modification, are permitted provided that the following conditions
 * are met:
 * 1. Redistributions of source code must retain the above copyright
 *    notice, this list of conditions and the following disclaimer.
 * 2. Redistributions in binary form must reproduce the above copyright
 *    notice, this list of conditions and the following disclaimer in the
 *    documentation and/or other materials provided with the distribution.
 * 3. The name of the copyright holders or contributors may not be used to
 *    endorse or promote products derived from this software without
 *    specific prior written permission.
 *
 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
 * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
 * PARTICULAR PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE COPYRIGHT
 * HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
 * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
 * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 */
 #include <config.h>
@@ -102,7 +79,7 @@ static void endportent (void)
 		(void) fclose (ports);
 	}
-	ports = (FILE *) 0;
+	ports = NULL;
 }
 /*
@@ -153,11 +130,11 @@ static struct port *getportent (void)
      again:
 	/*
-	 * Get the next line and remove the last character, which
+	 * Get the next line and remove optional trailing '\n'.
-	 * is a '\n'.  Lines which begin with '#' are all ignored.
+	 * Lines which begin with '#' are all ignored.
 	 */
-	if (fgets (buf, (int) sizeof buf, ports) == 0) {
+	if (fgets (buf, sizeof buf, ports) == 0) {
 		errno = saveerr;
 		return 0;
 	}
@@ -172,7 +149,7 @@ static struct port *getportent (void)
 	 * TTY devices.
 	 */
-	buf[strlen (buf) - 1] = 0;
+	buf[strcspn (buf, "\n")] = 0;
 	port.pt_names = ttys;
 	for (cp = buf, j = 0; j < PORT_TTY; j++) {
@@ -195,13 +172,13 @@ static struct port *getportent (void)
 	}
 	*cp = '\0';
 	cp++;
-	port.pt_names[j + 1] = (char *) 0;
+	port.pt_names[j + 1] = NULL;
 	/*
 	 * Get the list of user names.  It is the second colon
 	 * separated field, and is a comma separated list of user
 	 * names.  The entry '*' is used to specify all usernames.
-	 * The last entry in the list is a (char *) 0 pointer.
+	 * The last entry in the list is a NULL pointer.
 	 */
 	if (':' != *cp) {
@@ -266,9 +243,7 @@ static struct port *getportent (void)
 		 * week or the other two values.
 		 */
-		for (i = 0;
+		for (i = 0; isalpha(cp[i]) && ('\0' != cp[i + 1]); i += 2) {
 		     ('\0' != cp[i]) && ('\0' != cp[i + 1]) && isalpha (cp[i]);
 		     i += 2) {
 			switch ((cp[i] << 8) | (cp[i + 1])) {
 			case ('S' << 8) | 'u':
 				port.pt_times[j].t_days |= 01;
@@ -317,7 +292,7 @@ static struct port *getportent (void)
 		 * representing the times of day.
 		 */
-		for (dtime = 0; ('\0' != cp[i]) && isdigit (cp[i]); i++) {
+		for (dtime = 0; isdigit (cp[i]); i++) {
 			dtime = dtime * 10 + cp[i] - '0';
 		}
@@ -327,9 +302,7 @@ static struct port *getportent (void)
 		port.pt_times[j].t_start = dtime;
 		cp = cp + i + 1;
-		for (dtime = 0, i = 0;
+		for (dtime = 0, i = 0; isdigit (cp[i]); i++) {
 		     ('\0' != cp[i]) && isdigit (cp[i]);
 		     i++) {
 			dtime = dtime * 10 + cp[i] - '0';
 		}
@@ -1,32 +1,9 @@
 /*
- * Copyright (c) 1989 - 1991, Julianne Frances Haugh
+ * SPDX-FileCopyrightText: 1989 - 1991, Julianne Frances Haugh
- * Copyright (c) 1996 - 1997, Marek Michałkiewicz
+ * SPDX-FileCopyrightText: 1996 - 1997, Marek Michałkiewicz
- * Copyright (c) 2005       , Tomasz Kłoczko
+ * SPDX-FileCopyrightText: 2005       , Tomasz Kłoczko
 * All rights reserved.
 *
- * Redistribution and use in source and binary forms, with or without
+ * SPDX-License-Identifier: BSD-3-Clause
 * modification, are permitted provided that the following conditions
 * are met:
 * 1. Redistributions of source code must retain the above copyright
 *    notice, this list of conditions and the following disclaimer.
 * 2. Redistributions in binary form must reproduce the above copyright
 *    notice, this list of conditions and the following disclaimer in the
 *    documentation and/or other materials provided with the distribution.
 * 3. The name of the copyright holders or contributors may not be used to
 *    endorse or promote products derived from this software without
 *    specific prior written permission.
 *
 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
 * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
 * PARTICULAR PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE COPYRIGHT
 * HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
 * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
 * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 */
 /*
@@ -1,33 +1,10 @@
 /*
- * Copyright (c) 1990 - 1994, Julianne Frances Haugh
+ * SPDX-FileCopyrightText: 1990 - 1994, Julianne Frances Haugh
- * Copyright (c) 1996 - 2000, Marek Michałkiewicz
+ * SPDX-FileCopyrightText: 1996 - 2000, Marek Michałkiewicz
- * Copyright (c) 2003 - 2006, Tomasz Kłoczko
+ * SPDX-FileCopyrightText: 2003 - 2006, Tomasz Kłoczko
- * Copyright (c) 2007 - 2010, Nicolas François
+ * SPDX-FileCopyrightText: 2007 - 2010, Nicolas François
 * All rights reserved.
 *
- * Redistribution and use in source and binary forms, with or without
+ * SPDX-License-Identifier: BSD-3-Clause
 * modification, are permitted provided that the following conditions
 * are met:
 * 1. Redistributions of source code must retain the above copyright
 *    notice, this list of conditions and the following disclaimer.
 * 2. Redistributions in binary form must reproduce the above copyright
 *    notice, this list of conditions and the following disclaimer in the
 *    documentation and/or other materials provided with the distribution.
 * 3. The name of the copyright holders or contributors may not be used to
 *    endorse or promote products derived from this software without
 *    specific prior written permission.
 *
 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
 * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
 * PARTICULAR PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE COPYRIGHT
 * HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
 * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
 * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 */
 /*
@@ -44,24 +21,19 @@
 #include <config.h>
 #include <sys/socket.h>
 #include <sys/stat.h>
 #ifdef USE_UTMPX
 #include <utmpx.h>
 #else
 #include <utmp.h>
 #endif
 #include <sys/types.h>
 #include <pwd.h>
 #include <grp.h>
 #include <shadow.h>
 #ifdef ENABLE_LASTLOG
 #include <lastlog.h>
 #endif /* ENABLE_LASTLOG */
 #include "defines.h"
 #include "commonio.h"
 extern /*@observer@*/ const char *Prog; /* Program name showed in error messages */
 extern FILE *shadow_logfd;  /* file descripter to which error messages are printed */
 /* addgrps.c */
 #if defined (HAVE_SETGROUPS) && ! defined (USE_PAM)
 extern int add_groups (const char *);
@@ -70,6 +42,12 @@ extern int add_groups (const char *);
 /* age.c */
 extern void agecheck (/*@null@*/const struct spwd *);
 extern int expire (const struct passwd *, /*@null@*/const struct spwd *);
 /* agetpass.c */
 extern void erase_pass(char *pass);
 ATTR_MALLOC(erase_pass)
 extern char *agetpass(const char *prompt);
 /* isexpired.c */
 extern int isexpired (const struct passwd *, /*@null@*/const struct spwd *);
@@ -134,6 +112,9 @@ extern int copy_tree (const char *src_root, const char *dst_root,
                      uid_t old_uid, uid_t new_uid,
                      gid_t old_gid, gid_t new_gid);
 /* date_to_str.c */
 extern void date_to_str (size_t size, char buf[size], long date);
 /* encrypt.c */
 extern /*@exposed@*//*@null@*/char *pw_encrypt (const char *, const char *);
@@ -180,14 +161,16 @@ extern int getlong (const char *numstr, /*@out@*/long int *result);
 /* get_pid.c */
 extern int get_pid (const char *pidstr, pid_t *pid);
 extern int get_pidfd_from_fd(const char *pidfdstr);
 extern int open_pidfd(const char *pidstr);
 /* getrange */
-extern int getrange (char *range,
+extern int getrange (const char *range,
                     unsigned long *min, bool *has_min,
                     unsigned long *max, bool *has_max);
 /* gettime.c */
-extern time_t gettime ();
+extern time_t gettime (void);
 /* get_uid.c */
 extern int get_uid (const char *uidstr, uid_t *uid);
@@ -209,7 +192,6 @@ extern void __gr_set_changed (void);
 extern /*@null@*/ /*@only@*/struct group *__gr_dup (const struct group *grent);
 extern void gr_free_members (struct group *grent);
 extern void gr_free (/*@out@*/ /*@only@*/struct group *grent);
 extern bool gr_append_member (struct group *grp, char *member);
 /* hushed.c */
 extern bool hushed (const char *username);
@@ -241,18 +223,20 @@ extern /*@only@*/ /*@out@*/char **dup_list (char *const *);
 extern bool is_on_list (char *const *list, const char *member);
 extern /*@only@*/char **comma_to_list (const char *);
 #ifdef ENABLE_LASTLOG
 /* log.c */
 extern void dolastlog (
 	struct lastlog *ll,
 	const struct passwd *pw,
 	/*@unique@*/const char *line,
 	/*@unique@*/const char *host);
 #endif /* ENABLE_LASTLOG */
 /* login_nopam.c */
 extern int login_access (const char *user, const char *from);
 /* loginprompt.c */
-extern void login_prompt (const char *, char *, int);
+extern void login_prompt (char *, int);
 /* mail.c */
 extern void mailcheck (void);
@@ -265,8 +249,8 @@ extern /*@null@*//*@only@*/struct passwd *get_my_pwent (void);
 /* nss.c */
 #include <libsubid/subid.h>
-extern void nss_init(char *nsswitch_path);
+extern void nss_init(const char *nsswitch_path);
-extern bool nss_is_initialized();
+extern bool nss_is_initialized(void);
 struct subid_nss_ops {
 	/*
@@ -316,7 +300,7 @@ struct subid_nss_ops {
 	void *handle;
 };
-extern struct subid_nss_ops *get_subid_nss_handle();
+extern struct subid_nss_ops *get_subid_nss_handle(void);
 /* pam_pass_non_interactive.c */
@@ -327,9 +311,7 @@ extern int do_pam_passwd_non_interactive (const char *pam_service,
 #endif				/* USE_PAM */
 /* obscure.c */
 #ifndef USE_PAM
 extern bool obscure (const char *, const char *, const struct passwd *);
 #endif
 /* pam_pass.c */
 #ifdef USE_PAM
@@ -345,19 +327,21 @@ extern struct group *prefix_getgrnam(const char *name);
 extern struct group *prefix_getgrgid(gid_t gid);
 extern struct passwd *prefix_getpwuid(uid_t uid);
 extern struct passwd *prefix_getpwnam(const char* name);
 #if HAVE_FGETPWENT_R
 extern int prefix_getpwnam_r(const char* name, struct passwd* pwd,
                             char* buf, size_t buflen, struct passwd** result);
 #endif
 extern struct spwd *prefix_getspnam(const char* name);
 extern struct group *prefix_getgr_nam_gid(const char *grname);
-extern void prefix_setpwent();
+extern void prefix_setpwent(void);
-extern struct passwd* prefix_getpwent();
+extern struct passwd* prefix_getpwent(void);
-extern void prefix_endpwent();
+extern void prefix_endpwent(void);
-extern void prefix_setgrent();
+extern void prefix_setgrent(void);
-extern struct group* prefix_getgrent();
+extern struct group* prefix_getgrent(void);
-extern void prefix_endgrent();
+extern void prefix_endgrent(void);
 /* pwd2spwd.c */
 #ifndef USE_PAM
 extern struct spwd *pwd_to_spwd (const struct passwd *);
 #endif
 /* pwdcheck.c */
 #ifndef USE_PAM
@@ -376,6 +360,11 @@ extern /*@dependent@*/ /*@null@*/struct commonio_entry *__pw_get_head (void);
 extern /*@null@*/ /*@only@*/struct passwd *__pw_dup (const struct passwd *pwent);
 extern void pw_free (/*@out@*/ /*@only@*/struct passwd *pwent);
 /* csrand.c */
 unsigned long csrand (void);
 unsigned long csrand_uniform (unsigned long n);
 unsigned long csrand_interval (unsigned long min, unsigned long max);
 /* remove_tree.c */
 extern int remove_tree (const char *root, bool remove_root);
@@ -392,13 +381,14 @@ extern /*@observer@*/const char *crypt_make_salt (/*@null@*//*@observer@*/const
 /* selinux.c */
 #ifdef WITH_SELINUX
 extern int set_selinux_file_context (const char *dst_name, mode_t mode);
 extern void reset_selinux_handle (void);
 extern int reset_selinux_file_context (void);
 extern int check_selinux_permit (const char *perm_name);
 #endif
 /* semanage.c */
 #ifdef WITH_SELINUX
-extern int set_seuser(const char *login_name, const char *seuser_name);
+extern int set_seuser(const char *login_name, const char *seuser_name, const char *serange);
 extern int del_seuser(const char *login_name);
 #endif
@@ -481,34 +471,68 @@ extern int set_filesize_limit (int blocks);
 /* user_busy.c */
 extern int user_busy (const char *name, uid_t uid);
-/* utmp.c */
+/*
-#ifndef USE_UTMPX
+ * Session management: utmp.c or logind.c
-extern /*@null@*/struct utmp *get_current_utmp (void);
+ */
-extern struct utmp *prepare_utmp (const char *name,
+
-                                  const char *line,
+/**
-                                  const char *host,
+ * @brief Get host for the current session
-                                  /*@null@*/const struct utmp *ut);
+ *
-extern int setutmp (struct utmp *ut);
+ * @param[out] out Host name
-#else
+ *
-extern /*@null@*/struct utmpx *get_current_utmp (void);
+ * @return 0 or a positive integer if the host was obtained properly,
-extern struct utmpx *prepare_utmpx (const char *name,
+ *         another value on error.
-                                    const char *line,
+ */
-                                    const char *host,
+extern int get_session_host (char **out);
-                                    /*@null@*/const struct utmpx *ut);
+#ifndef ENABLE_LOGIND
-extern int setutmpx (struct utmpx *utx);
+/**
-#endif				/* USE_UTMPX */
+ * @brief Update or create an utmp entry in utmp, wtmp, utmpw, or wtmpx
 *
 * @param[in] user username
 * @param[in] tty tty
 * @param[in] host hostname
 *
 * @return 0 if utmp was updated properly,
 *         1 on error.
 */
 extern int update_utmp (const char *user,
                        const char *tty,
                        const char *host);
 /**
 * @brief Update the cumulative failure log
 *
 * @param[in] failent_user username
 * @param[in] tty tty
 * @param[in] host hostname
 *
 */
 extern void record_failure(const char *failent_user,
                           const char *tty,
                           const char *hostname);
 #endif /* ENABLE_LOGIND */
 /**
 * @brief Number of active user sessions
 *
 * @param[in] name username
 * @param[in] limit maximum number of active sessions
 *
 * @return number of active sessions.
 *
 */
 extern unsigned long active_sessions_count(const char *name,
                                           unsigned long limit);
 /* valid.c */
 extern bool valid (const char *, const struct passwd *);
-/* xmalloc.c */
+/* write_full.c */
-extern /*@maynotreturn@*/ /*@only@*//*@out@*//*@notnull@*/char *xmalloc (size_t size)
+extern ssize_t write_full(int fd, const void *buf, size_t count);
  /*@ensures MaxSet(result) == (size - 1); @*/;
 extern /*@maynotreturn@*/ /*@only@*//*@notnull@*/char *xstrdup (const char *);
 extern void xfree(void *ap);
 /* xgetpwnam.c */
 extern /*@null@*/ /*@only@*/struct passwd *xgetpwnam (const char *);
 /* xprefix_getpwnam.c */
 extern /*@null@*/ /*@only@*/struct passwd *xprefix_getpwnam (const char *);
 /* xgetpwuid.c */
 extern /*@null@*/ /*@only@*/struct passwd *xgetpwuid (uid_t);
 /* xgetgrnam.c */
@@ -1,33 +1,10 @@
 /*
- * Copyright (c) 1992 - 1994, Julianne Frances Haugh
+ * SPDX-FileCopyrightText: 1992 - 1994, Julianne Frances Haugh
- * Copyright (c) 1996 - 2000, Marek Michałkiewicz
+ * SPDX-FileCopyrightText: 1996 - 2000, Marek Michałkiewicz
- * Copyright (c) 2003 - 2006, Tomasz Kłoczko
+ * SPDX-FileCopyrightText: 2003 - 2006, Tomasz Kłoczko
- * Copyright (c) 2008 - 2009, Nicolas François
+ * SPDX-FileCopyrightText: 2008 - 2009, Nicolas François
 * All rights reserved.
 *
- * Redistribution and use in source and binary forms, with or without
+ * SPDX-License-Identifier: BSD-3-Clause
 * modification, are permitted provided that the following conditions
 * are met:
 * 1. Redistributions of source code must retain the above copyright
 *    notice, this list of conditions and the following disclaimer.
 * 2. Redistributions in binary form must reproduce the above copyright
 *    notice, this list of conditions and the following disclaimer in the
 *    documentation and/or other materials provided with the distribution.
 * 3. The name of the copyright holders or contributors may not be used to
 *    endorse or promote products derived from this software without
 *    specific prior written permission.
 *
 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
 * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
 * PARTICULAR PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE COPYRIGHT
 * HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
 * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
 * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 */
 #include <config.h>
@@ -127,7 +104,7 @@ int pw_auth (const char *cipher,
 #ifdef	SKEY
 	/*
 	 * If the user has an S/KEY entry show them the pertinent info
-	 * and then we can try validating the created cyphertext and the SKEY.
+	 * and then we can try validating the created ciphertext and the SKEY.
 	 * If there is no SKEY information we default to not using SKEY.
 	 */
@@ -230,5 +207,5 @@ int pw_auth (const char *cipher,
 	return retval;
 }
 #else				/* !USE_PAM */
-extern int errno;		/* warning: ANSI C forbids an empty source file */
+extern int ISO_C_forbids_an_empty_translation_unit;
 #endif				/* !USE_PAM */
@@ -1,39 +1,19 @@
 /*
- * Copyright (c) 1992 - 1993, Julianne Frances Haugh
+ * SPDX-FileCopyrightText: 1992 - 1993, Julianne Frances Haugh
- * Copyright (c) 1996 - 1997, Marek Michałkiewicz
+ * SPDX-FileCopyrightText: 1996 - 1997, Marek Michałkiewicz
- * Copyright (c) 2003 - 2005, Tomasz Kłoczko
+ * SPDX-FileCopyrightText: 2003 - 2005, Tomasz Kłoczko
- * Copyright (c) 2009       , Nicolas François
+ * SPDX-FileCopyrightText: 2009       , Nicolas François
 * All rights reserved.
 *
- * Redistribution and use in source and binary forms, with or without
+ * SPDX-License-Identifier: BSD-3-Clause
 * modification, are permitted provided that the following conditions
 * are met:
 * 1. Redistributions of source code must retain the above copyright
 *    notice, this list of conditions and the following disclaimer.
 * 2. Redistributions in binary form must reproduce the above copyright
 *    notice, this list of conditions and the following disclaimer in the
 *    documentation and/or other materials provided with the distribution.
 * 3. The name of the copyright holders or contributors may not be used to
 *    endorse or promote products derived from this software without
 *    specific prior written permission.
 *
 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
 * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
 * PARTICULAR PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE COPYRIGHT
 * HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
 * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
 * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 */
 /*
 *	$Id$
 */
 #ifndef _PWAUTH_H
 #define _PWAUTH_H
 #ifndef USE_PAM
 int pw_auth (const char *cipher,
             const char *user,
@@ -64,3 +44,5 @@ int pw_auth (const char *cipher,
 #define	PW_RLOGIN	202
 #define	PW_FTP		203
 #define	PW_REXEC	204
 #endif /* _PWAUTH_H */
@@ -1,34 +1,11 @@
 /*
- * Copyright (c) 1990 - 1994, Julianne Frances Haugh
+ * SPDX-FileCopyrightText: 1990 - 1994, Julianne Frances Haugh
- * Copyright (c) 1996 - 2000, Marek Michałkiewicz
+ * SPDX-FileCopyrightText: 1996 - 2000, Marek Michałkiewicz
- * Copyright (c) 2001       , Michał Moskal
+ * SPDX-FileCopyrightText: 2001       , Michał Moskal
- * Copyright (c) 2003 - 2005, Tomasz Kłoczko
+ * SPDX-FileCopyrightText: 2003 - 2005, Tomasz Kłoczko
- * Copyright (c) 2007 - 2009, Nicolas François
+ * SPDX-FileCopyrightText: 2007 - 2009, Nicolas François
 * All rights reserved.
 *
- * Redistribution and use in source and binary forms, with or without
+ * SPDX-License-Identifier: BSD-3-Clause
 * modification, are permitted provided that the following conditions
 * are met:
 * 1. Redistributions of source code must retain the above copyright
 *    notice, this list of conditions and the following disclaimer.
 * 2. Redistributions in binary form must reproduce the above copyright
 *    notice, this list of conditions and the following disclaimer in the
 *    documentation and/or other materials provided with the distribution.
 * 3. The name of the copyright holders or contributors may not be used to
 *    endorse or promote products derived from this software without
 *    specific prior written permission.
 *
 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
 * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
 * PARTICULAR PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE COPYRIGHT
 * HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
 * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
 * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 */
 #include <config.h>
@@ -65,7 +42,7 @@ static const char *passwd_getname (const void *ent)
 static void *passwd_parse (const char *line)
 {
-	return (void *) sgetpwent (line);
+	return sgetpwent (line);
 }
 static int passwd_put (const void *ent, FILE * file)
@@ -79,7 +56,10 @@ static int passwd_put (const void *ent, FILE * file)
 	    || (pw->pw_gid == (gid_t)-1)
 	    || (valid_field (pw->pw_gecos, ":\n") == -1)
 	    || (valid_field (pw->pw_dir, ":\n") == -1)
-	    || (valid_field (pw->pw_shell, ":\n") == -1)) {
+	    || (valid_field (pw->pw_shell, ":\n") == -1)
 	    || (strlen (pw->pw_name) + strlen (pw->pw_passwd) +
 	        strlen (pw->pw_gecos) + strlen (pw->pw_dir) +
 	        strlen (pw->pw_shell) + 100 > PASSWD_ENTRY_MAX_LENGTH)) {
 		return -1;
 	}
@@ -157,7 +137,7 @@ int pw_open (int mode)
 int pw_update (const struct passwd *pw)
 {
-	return commonio_update (&passwd_db, (const void *) pw);
+	return commonio_update (&passwd_db, pw);
 }
 int pw_remove (const char *name)
@@ -1,34 +1,11 @@
 /*
- * Copyright (c) 1990 - 1994, Julianne Frances Haugh
+ * SPDX-FileCopyrightText: 1990 - 1994, Julianne Frances Haugh
- * Copyright (c) 1996 - 2000, Marek Michałkiewicz
+ * SPDX-FileCopyrightText: 1996 - 2000, Marek Michałkiewicz
- * Copyright (c) 2005       , Michał Moskal
+ * SPDX-FileCopyrightText: 2005       , Michał Moskal
- * Copyright (c) 2005       , Tomasz Kłoczko
+ * SPDX-FileCopyrightText: 2005       , Tomasz Kłoczko
- * Copyright (c) 2008       , Nicolas François
+ * SPDX-FileCopyrightText: 2008       , Nicolas François
 * All rights reserved.
 *
- * Redistribution and use in source and binary forms, with or without
+ * SPDX-License-Identifier: BSD-3-Clause
 * modification, are permitted provided that the following conditions
 * are met:
 * 1. Redistributions of source code must retain the above copyright
 *    notice, this list of conditions and the following disclaimer.
 * 2. Redistributions in binary form must reproduce the above copyright
 *    notice, this list of conditions and the following disclaimer in the
 *    documentation and/or other materials provided with the distribution.
 * 3. The name of the copyright holders or contributors may not be used to
 *    endorse or promote products derived from this software without
 *    specific prior written permission.
 *
 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
 * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
 * PARTICULAR PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE COPYRIGHT
 * HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
 * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
 * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 */
 /* $Id$ */
@@ -1,34 +1,11 @@
 /*
- * Copyright (c) 1990 - 1994, Julianne Frances Haugh
+ * SPDX-FileCopyrightText: 1990 - 1994, Julianne Frances Haugh
- * Copyright (c) 1996 - 2000, Marek Michałkiewicz
+ * SPDX-FileCopyrightText: 1996 - 2000, Marek Michałkiewicz
- * Copyright (c) 2001       , Michał Moskal
+ * SPDX-FileCopyrightText: 2001       , Michał Moskal
- * Copyright (c) 2003 - 2005, Tomasz Kłoczko
+ * SPDX-FileCopyrightText: 2003 - 2005, Tomasz Kłoczko
- * Copyright (c) 2007 - 2013, Nicolas François
+ * SPDX-FileCopyrightText: 2007 - 2013, Nicolas François
 * All rights reserved.
 *
- * Redistribution and use in source and binary forms, with or without
+ * SPDX-License-Identifier: BSD-3-Clause
 * modification, are permitted provided that the following conditions
 * are met:
 * 1. Redistributions of source code must retain the above copyright
 *    notice, this list of conditions and the following disclaimer.
 * 2. Redistributions in binary form must reproduce the above copyright
 *    notice, this list of conditions and the following disclaimer in the
 *    documentation and/or other materials provided with the distribution.
 * 3. The name of the copyright holders or contributors may not be used to
 *    endorse or promote products derived from this software without
 *    specific prior written permission.
 *
 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
 * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
 * PARTICULAR PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE COPYRIGHT
 * HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
 * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
 * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 */
 #include <config.h>
@@ -36,6 +13,8 @@
 #ident "$Id$"
 #include <stdio.h>
 #include "alloc.h"
 #include "defines.h"
 #include "prototypes.h"
 #include "pwio.h"
@@ -44,12 +23,11 @@
 {
 	struct passwd *pw;
-	pw = (struct passwd *) malloc (sizeof *pw);
+	pw = CALLOC (1, struct passwd);
 	if (NULL == pw) {
 		return NULL;
 	}
 	/* The libc might define other fields. They won't be copied. */
 	memset (pw, 0, sizeof *pw);
 	pw->pw_uid = pwent->pw_uid;
 	pw->pw_gid = pwent->pw_gid;
 	/*@-mustfreeonly@*/
@@ -93,14 +71,16 @@
 void pw_free (/*@out@*/ /*@only@*/struct passwd *pwent)
 {
-	free (pwent->pw_name);
+	if (pwent != NULL) {
-	if (pwent->pw_passwd) {
+		free (pwent->pw_name);
-		memzero (pwent->pw_passwd, strlen (pwent->pw_passwd));
+		if (pwent->pw_passwd) {
-		free (pwent->pw_passwd);
+			strzero (pwent->pw_passwd);
 			free (pwent->pw_passwd);
 		}
 		free (pwent->pw_gecos);
 		free (pwent->pw_dir);
 		free (pwent->pw_shell);
 		free (pwent);
 	}
 	free (pwent->pw_gecos);
 	free (pwent->pw_dir);
 	free (pwent->pw_shell);
 	free (pwent);
 }
@@ -9,7 +9,11 @@
 #include <unistd.h>
 #include <lib/prototypes.h>
-int run_part (char *script_path, char *name, char *action)
+#include "alloc.h"
 #include "run_part.h"
 #include "shadowlog_internal.h"
 int run_part (char *script_path, const char *name, const char *action)
 {
 	int pid;
 	int wait_status;
@@ -17,7 +21,7 @@ int run_part (char *script_path, char *name, char *action)
 	char *args[] = { script_path, NULL };
 	pid=fork();
-	if (pid==-1){
+	if (pid==-1) {
 		perror ("Could not fork");
 		return 1;
 	}
@@ -38,15 +42,15 @@ int run_part (char *script_path, char *name, char *action)
 	return (1);
 }
-int run_parts (char *directory, char *name, char *action)
+int run_parts (const char *directory, const char *name, const char *action)
 {
 	struct dirent **namelist;
 	int scanlist;
 	int n;
-	int execute_result;
+	int execute_result = 0;
 	scanlist = scandir (directory, &namelist, 0, alphasort);
-	if (scanlist<0) {
+	if (scanlist<=0) {
 		return (0);
 	}
@@ -55,7 +59,7 @@ int run_parts (char *directory, char *name, char *action)
 		struct stat sb;
 		path_length=strlen(directory) + strlen(namelist[n]->d_name) + 2;
-		char *s = (char*)malloc(path_length);
+		char *s = MALLOC(path_length, char);
 		if (!s) {
 			printf ("could not allocate memory\n");
 			for (; n<scanlist; n++) {
@@ -1,2 +1,7 @@
-int run_part (char *script_path, char *name, char *action);
+#ifndef _RUN_PART_H
-int run_parts (char *directory, char *name, char *action);
+#define _RUN_PART_H
 int run_part (char *script_path, const char *name, const char *action);
 int run_parts (const char *directory, const char *name, const char *action);
 #endif /* _RUN_PART_H */
@@ -1,30 +1,7 @@
 /*
- * Copyright (c) 2011       , Peter Vrabec <pvrabec@redhat.com>
+ * SPDX-FileCopyrightText: 2011       , Peter Vrabec <pvrabec@redhat.com>
 * All rights reserved.
 *
- * Redistribution and use in source and binary forms, with or without
+ * SPDX-License-Identifier: BSD-3-Clause
 * modification, are permitted provided that the following conditions
 * are met:
 * 1. Redistributions of source code must retain the above copyright
 *    notice, this list of conditions and the following disclaimer.
 * 2. Redistributions in binary form must reproduce the above copyright
 *    notice, this list of conditions and the following disclaimer in the
 *    documentation and/or other materials provided with the distribution.
 * 3. The name of the copyright holders or contributors may not be used to
 *    endorse or promote products derived from this software without
 *    specific prior written permission.
 *
 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
 * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
 * PARTICULAR PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE COPYRIGHT
 * HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
 * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
 * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 */
 #include <config.h>
@@ -38,6 +15,8 @@
 #include <selinux/label.h>
 #include "prototypes.h"
 #include "shadowlog_internal.h"
 static bool selinux_checked = false;
 static bool selinux_enabled;
 static /*@null@*/struct selabel_handle *selabel_hnd = NULL;
@@ -50,6 +29,11 @@ static void cleanup(void)
 	}
 }
 void reset_selinux_handle (void)
 {
    cleanup();
 }
 /*
 * set_selinux_file_context - Set the security context before any file or
 *                            directory creation.
@@ -125,7 +109,7 @@ int reset_selinux_file_context (void)
 /*
 *  Log callback for libselinux internal error reporting.
 */
-__attribute__((__format__ (printf, 2, 3)))
+format_attr(printf, 2, 3)
 static int selinux_log_cb (int type, const char *fmt, ...) {
 	va_list ap;
 	char *buf;
@@ -204,12 +188,12 @@ int check_selinux_permit (const char *perm_name)
 		return 0;
 	}
-	selinux_set_callback (SELINUX_CB_LOG, (union selinux_callback) selinux_log_cb);
+	selinux_set_callback (SELINUX_CB_LOG, (union selinux_callback) { .func_log = selinux_log_cb });
 	if (getprevcon_raw (&user_context_raw) != 0) {
 		fprintf (shadow_logfd,
 		    _("%s: can not get previous SELinux process context: %s\n"),
-		    Prog, strerror (errno));
+		    shadow_progname, strerror (errno));
 		SYSLOG ((LOG_WARN,
 		    "can not get previous SELinux process context: %s",
 		    strerror (errno)));
@@ -222,5 +206,5 @@ int check_selinux_permit (const char *perm_name)
 }
 #else				/* !WITH_SELINUX */
-extern int errno;		/* warning: ANSI C forbids an empty source file */
+extern int ISO_C_forbids_an_empty_translation_unit;
 #endif				/* !WITH_SELINUX */
@@ -1,31 +1,8 @@
 /*
- * Copyright (c) 2010       , Jakub Hrozek <jhrozek@redhat.com>
+ * SPDX-FileCopyrightText: 2010       , Jakub Hrozek <jhrozek@redhat.com>
- * Copyright (c) 2011       , Peter Vrabec <pvrabec@redhat.com>
+ * SPDX-FileCopyrightText: 2011       , Peter Vrabec <pvrabec@redhat.com>
 * All rights reserved.
 *
- * Redistribution and use in source and binary forms, with or without
+ * SPDX-License-Identifier: BSD-3-Clause
 * modification, are permitted provided that the following conditions
 * are met:
 * 1. Redistributions of source code must retain the above copyright
 *    notice, this list of conditions and the following disclaimer.
 * 2. Redistributions in binary form must reproduce the above copyright
 *    notice, this list of conditions and the following disclaimer in the
 *    documentation and/or other materials provided with the distribution.
 * 3. The name of the copyright holders or contributors may not be used to
 *    endorse or promote products derived from this software without
 *    specific prior written permission.
 *
 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
 * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
 * PARTICULAR PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE COPYRIGHT
 * HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
 * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
 * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 */
 #include <config.h>
@@ -43,12 +20,10 @@
 #include <semanage/semanage.h>
 #include "prototypes.h"
-
+#include "shadowlog_internal.h"
 #ifndef DEFAULT_SERANGE
 #define DEFAULT_SERANGE "s0"
 #endif
 format_attr(printf, 3, 4)
 static void semanage_error_callback (unused void *varg,
                                     semanage_handle_t *handle,
                                     const char *fmt, ...)
@@ -122,6 +97,8 @@ static semanage_handle_t *semanage_init (void)
 	return handle;
 fail:
 	if (handle)
 		semanage_disconnect (handle);
 	semanage_handle_destroy (handle);
 	return NULL;
 }
@@ -130,7 +107,8 @@ fail:
 static int semanage_user_mod (semanage_handle_t *handle,
                              semanage_seuser_key_t *key,
                              const char *login_name,
-                              const char *seuser_name)
+                              const char *seuser_name,
                              const char *serange)
 {
 	int ret;
 	semanage_seuser_t *seuser = NULL;
@@ -143,12 +121,15 @@ static int semanage_user_mod (semanage_handle_t *handle,
 		goto done;
 	}
-	ret = semanage_seuser_set_mlsrange (handle, seuser, DEFAULT_SERANGE);
+	if (serange && semanage_mls_enabled(handle)) {
-	if (ret != 0) {
+		ret = semanage_seuser_set_mlsrange (handle, seuser, serange);
-		fprintf (shadow_logfd,
+		if (ret != 0) {
-		         _("Could not set serange for %s\n"), login_name);
+			fprintf (shadow_logfd,
-		ret = 1;
+			         _("Could not set serange for %s to %s\n"),
-		goto done;
+			         login_name, serange);
 			ret = 1;
 			goto done;
 		}
 	}
 	ret = semanage_seuser_set_sename (handle, seuser, seuser_name);
@@ -177,9 +158,10 @@ done:
 static int semanage_user_add (semanage_handle_t *handle,
-                             semanage_seuser_key_t *key,
+                             const semanage_seuser_key_t *key,
                             const char *login_name,
-                             const char *seuser_name)
+                             const char *seuser_name,
                             const char *serange)
 {
 	int ret;
 	semanage_seuser_t *seuser = NULL;
@@ -200,13 +182,15 @@ static int semanage_user_add (semanage_handle_t *handle,
 		goto done;
 	}
-	ret = semanage_seuser_set_mlsrange (handle, seuser, DEFAULT_SERANGE);
+	if (serange && semanage_mls_enabled(handle)) {
-	if (ret != 0) {
+		ret = semanage_seuser_set_mlsrange (handle, seuser, serange);
-		fprintf (shadow_logfd,
+		if (ret != 0) {
-		         _("Could not set serange for %s\n"),
+			fprintf (shadow_logfd,
-		         login_name);
+			         _("Could not set serange for %s to %s\n"),
-		ret = 1;
+			         login_name, serange);
-		goto done;
+			ret = 1;
 			goto done;
 		}
 	}
 	ret = semanage_seuser_set_sename (handle, seuser, seuser_name);
@@ -234,7 +218,7 @@ done:
 }
-int set_seuser (const char *login_name, const char *seuser_name)
+int set_seuser (const char *login_name, const char *seuser_name, const char *serange)
 {
 	semanage_handle_t *handle = NULL;
 	semanage_seuser_key_t *key = NULL;
@@ -268,7 +252,7 @@ int set_seuser (const char *login_name, const char *seuser_name)
 	}
 	if (0 != seuser_exists) {
-		ret = semanage_user_mod (handle, key, login_name, seuser_name);
+		ret = semanage_user_mod (handle, key, login_name, seuser_name, serange);
 		if (ret != 0) {
 			fprintf (shadow_logfd,
 			         _("Cannot modify SELinux user mapping\n"));
@@ -276,7 +260,7 @@ int set_seuser (const char *login_name, const char *seuser_name)
 			goto done;
 		}
 	} else {
-		ret = semanage_user_add (handle, key, login_name, seuser_name);
+		ret = semanage_user_add (handle, key, login_name, seuser_name, serange);
 		if (ret != 0) {
 			fprintf (shadow_logfd,
 			         _("Cannot add SELinux user mapping\n"));
@@ -293,9 +277,12 @@ int set_seuser (const char *login_name, const char *seuser_name)
 	}
 	ret = 0;
 	reset_selinux_handle();
 done:
 	semanage_seuser_key_free (key);
 	if (handle)
 		semanage_disconnect (handle);
 	semanage_handle_destroy (handle);
 	return ret;
 }
@@ -370,9 +357,12 @@ int del_seuser (const char *login_name)
 	ret = 0;
 done:
 	semanage_seuser_key_free (key);
 	if (handle)
 		semanage_disconnect (handle);
 	semanage_handle_destroy (handle);
 	return ret;
 }
 #else				/* !WITH_SELINUX */
-extern int errno;		/* warning: ANSI C forbids an empty source file */
+extern int ISO_C_forbids_an_empty_translation_unit;
 #endif				/* !WITH_SELINUX */
@@ -1,33 +1,10 @@
 /*
- * Copyright (c) 1990 - 1994, Julianne Frances Haugh
+ * SPDX-FileCopyrightText: 1990 - 1994, Julianne Frances Haugh
- * Copyright (c) 1996 - 1998, Marek Michałkiewicz
+ * SPDX-FileCopyrightText: 1996 - 1998, Marek Michałkiewicz
- * Copyright (c) 2005       , Tomasz Kłoczko
+ * SPDX-FileCopyrightText: 2005       , Tomasz Kłoczko
- * Copyright (c) 2008       , Nicolas François
+ * SPDX-FileCopyrightText: 2008       , Nicolas François
 * All rights reserved.
 *
- * Redistribution and use in source and binary forms, with or without
+ * SPDX-License-Identifier: BSD-3-Clause
 * modification, are permitted provided that the following conditions
 * are met:
 * 1. Redistributions of source code must retain the above copyright
 *    notice, this list of conditions and the following disclaimer.
 * 2. Redistributions in binary form must reproduce the above copyright
 *    notice, this list of conditions and the following disclaimer in the
 *    documentation and/or other materials provided with the distribution.
 * 3. The name of the copyright holders or contributors may not be used to
 *    endorse or promote products derived from this software without
 *    specific prior written permission.
 *
 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
 * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
 * PARTICULAR PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE COPYRIGHT
 * HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
 * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
 * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 */
 #include <config.h>
@@ -37,6 +14,8 @@
 #include <stdio.h>
 #include <sys/types.h>
 #include <grp.h>
 #include "alloc.h"
 #include "defines.h"
 #include "prototypes.h"
@@ -57,10 +36,9 @@
 */
 static char **list (char *s)
 {
-	static char **members = 0;
+	static char **members = NULL;
 	static int size = 0;	/* max members + 1 */
 	int i;
 	char **rbuf;
 	i = 0;
 	for (;;) {
@@ -68,22 +46,9 @@ static char **list (char *s)
 		   member name, or terminating NULL).  */
 		if (i >= size) {
 			size = i + 100;	/* at least: i + 1 */
-			if (members) {
+			members = REALLOCF(members, size, char *);
-				rbuf =
+			if (!members)
-				    realloc (members, size * sizeof (char *));
+				return NULL;
 			} else {
 				/* for old (before ANSI C) implementations of
 				   realloc() that don't handle NULL properly */
 				rbuf = malloc (size * sizeof (char *));
 			}
 			if (!rbuf) {
 				if (members)
 					free (members);
 				members = 0;
 				size = 0;
 				return (char **) 0;
 			}
 			members = rbuf;
 		}
 		if (!s || s[0] == '\0')
 			break;
@@ -95,14 +60,14 @@ static char **list (char *s)
 			*s++ = '\0';
 		}
 	}
-	members[i] = (char *) 0;
+	members[i] = NULL;
 	return members;
 }
 struct group *sgetgrent (const char *buf)
 {
-	static char *grpbuf = 0;
+	static char *grpbuf = NULL;
 	static size_t size = 0;
 	static char *grpfields[NFIELDS];
 	static struct group grent;
@@ -112,13 +77,12 @@ struct group *sgetgrent (const char *buf)
 	if (strlen (buf) + 1 > size) {
 		/* no need to use realloc() here - just free it and
 		   allocate a larger block */
-		if (grpbuf)
+		free (grpbuf);
 			free (grpbuf);
 		size = strlen (buf) + 1000;	/* at least: strlen(buf) + 1 */
-		grpbuf = malloc (size);
+		grpbuf = MALLOC(size, char);
-		if (!grpbuf) {
+		if (grpbuf == NULL) {
 			size = 0;
-			return 0;
+			return NULL;
 		}
 	}
 	strcpy (grpbuf, buf);
@@ -137,16 +101,16 @@ struct group *sgetgrent (const char *buf)
 		}
 	}
 	if (i < (NFIELDS - 1) || *grpfields[2] == '\0' || cp != NULL) {
-		return (struct group *) 0;
+		return NULL;
 	}
 	grent.gr_name = grpfields[0];
 	grent.gr_passwd = grpfields[1];
 	if (get_gid (grpfields[2], &grent.gr_gid) == 0) {
-		return (struct group *) 0;
+		return NULL;
 	}
 	grent.gr_mem = list (grpfields[3]);
 	if (NULL == grent.gr_mem) {
-		return (struct group *) 0;	/* out of memory */
+		return NULL;	/* out of memory */
 	}
 	return &grent;
@@ -1,33 +1,10 @@
 /*
- * Copyright (c) 1989 - 1994, Julianne Frances Haugh
+ * SPDX-FileCopyrightText: 1989 - 1994, Julianne Frances Haugh
- * Copyright (c) 1996 - 1998, Marek Michałkiewicz
+ * SPDX-FileCopyrightText: 1996 - 1998, Marek Michałkiewicz
- * Copyright (c) 2003 - 2005, Tomasz Kłoczko
+ * SPDX-FileCopyrightText: 2003 - 2005, Tomasz Kłoczko
- * Copyright (c) 2008       , Nicolas François
+ * SPDX-FileCopyrightText: 2008       , Nicolas François
 * All rights reserved.
 *
- * Redistribution and use in source and binary forms, with or without
+ * SPDX-License-Identifier: BSD-3-Clause
 * modification, are permitted provided that the following conditions
 * are met:
 * 1. Redistributions of source code must retain the above copyright
 *    notice, this list of conditions and the following disclaimer.
 * 2. Redistributions in binary form must reproduce the above copyright
 *    notice, this list of conditions and the following disclaimer in the
 *    documentation and/or other materials provided with the distribution.
 * 3. The name of the copyright holders or contributors may not be used to
 *    endorse or promote products derived from this software without
 *    specific prior written permission.
 *
 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
 * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
 * PARTICULAR PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE COPYRIGHT
 * HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
 * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
 * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 */
 #include <config.h>
@@ -39,6 +16,7 @@
 #include <stdio.h>
 #include <pwd.h>
 #include "prototypes.h"
 #include "shadowlog_internal.h"
 #define	NFIELDS	7
@@ -57,9 +35,9 @@
 struct passwd *sgetpwent (const char *buf)
 {
 	static struct passwd pwent;
-	static char pwdbuf[1024];
+	static char pwdbuf[PASSWD_ENTRY_MAX_LENGTH];
-	register int i;
+	int i;
-	register char *cp;
+	char *cp;
 	char *fields[NFIELDS];
 	/*
@@ -67,8 +45,12 @@ struct passwd *sgetpwent (const char *buf)
 	 * the password structure remain valid.
 	 */
-	if (strlen (buf) >= sizeof pwdbuf)
+	if (strlen (buf) >= sizeof pwdbuf) {
 		fprintf (shadow_logfd,
 		         "%s: Too long passwd entry encountered, file corruption?\n",
 		         shadow_progname);
 		return 0;	/* fail if too long */
 	}
 	strcpy (pwdbuf, buf);
 	/*
@@ -91,7 +73,7 @@ struct passwd *sgetpwent (const char *buf)
 	}
 	/* something at the end, columns over shot */
-	if( cp != NULL ) {
+	if ( cp != NULL ) {
 		return( NULL );
 	}
@@ -1,33 +1,10 @@
 /*
- * Copyright (c) 1989 - 1994, Julianne Frances Haugh
+ * SPDX-FileCopyrightText: 1989 - 1994, Julianne Frances Haugh
- * Copyright (c) 1996 - 1998, Marek Michałkiewicz
+ * SPDX-FileCopyrightText: 1996 - 1998, Marek Michałkiewicz
- * Copyright (c) 2003 - 2005, Tomasz Kłoczko
+ * SPDX-FileCopyrightText: 2003 - 2005, Tomasz Kłoczko
- * Copyright (c) 2009       , Nicolas François
+ * SPDX-FileCopyrightText: 2009       , Nicolas François
 * All rights reserved.
 *
- * Redistribution and use in source and binary forms, with or without
+ * SPDX-License-Identifier: BSD-3-Clause
 * modification, are permitted provided that the following conditions
 * are met:
 * 1. Redistributions of source code must retain the above copyright
 *    notice, this list of conditions and the following disclaimer.
 * 2. Redistributions in binary form must reproduce the above copyright
 *    notice, this list of conditions and the following disclaimer in the
 *    documentation and/or other materials provided with the distribution.
 * 3. The name of the copyright holders or contributors may not be used to
 *    endorse or promote products derived from this software without
 *    specific prior written permission.
 *
 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
 * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
 * PARTICULAR PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE COPYRIGHT
 * HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
 * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
 * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 */
 #include <config.h>
@@ -39,6 +16,7 @@
 #include <sys/types.h>
 #include "prototypes.h"
 #include "shadowlog_internal.h"
 #include "defines.h"
 #include <stdio.h>
 #define	FIELDS	9
@@ -48,7 +26,7 @@
 */
 struct spwd *sgetspent (const char *string)
 {
-	static char spwbuf[1024];
+	static char spwbuf[PASSWD_ENTRY_MAX_LENGTH];
 	static struct spwd spwd;
 	char *fields[FIELDS];
 	char *cp;
@@ -60,6 +38,9 @@ struct spwd *sgetspent (const char *string)
 	 */
 	if (strlen (string) >= sizeof spwbuf) {
 		fprintf (shadow_logfd,
 		         "%s: Too long passwd entry encountered, file corruption?\n",
 		         shadow_progname);
 		return 0;	/* fail if too long */
 	}
 	strcpy (spwbuf, string);
@@ -194,14 +175,13 @@ struct spwd *sgetspent (const char *string)
 	if (fields[8][0] == '\0') {
 		spwd.sp_flag = SHADOW_SP_FLAG_UNSET;
-	} else if (getlong (fields[8], &spwd.sp_flag) == 0) {
+	} else if (getulong (fields[8], &spwd.sp_flag) == 0) {
 		/* FIXME: add a getulong function */
 		return 0;
 	}
 	return (&spwd);
 }
 #else
-extern int errno;		/* warning: ANSI C forbids an empty source file */
+extern int ISO_C_forbids_an_empty_translation_unit;
 #endif
@@ -1,34 +1,11 @@
 /*
- * Copyright (c) 1990 - 1994, Julianne Frances Haugh
+ * SPDX-FileCopyrightText: 1990 - 1994, Julianne Frances Haugh
- * Copyright (c) 1996 - 2000, Marek Michałkiewicz
+ * SPDX-FileCopyrightText: 1996 - 2000, Marek Michałkiewicz
- * Copyright (c) 2001       , Michał Moskal
+ * SPDX-FileCopyrightText: 2001       , Michał Moskal
- * Copyright (c) 2005       , Tomasz Kłoczko
+ * SPDX-FileCopyrightText: 2005       , Tomasz Kłoczko
- * Copyright (c) 2007 - 2013, Nicolas François
+ * SPDX-FileCopyrightText: 2007 - 2013, Nicolas François
 * All rights reserved.
 *
- * Redistribution and use in source and binary forms, with or without
+ * SPDX-License-Identifier: BSD-3-Clause
 * modification, are permitted provided that the following conditions
 * are met:
 * 1. Redistributions of source code must retain the above copyright
 *    notice, this list of conditions and the following disclaimer.
 * 2. Redistributions in binary form must reproduce the above copyright
 *    notice, this list of conditions and the following disclaimer in the
 *    documentation and/or other materials provided with the distribution.
 * 3. The name of the copyright holders or contributors may not be used to
 *    endorse or promote products derived from this software without
 *    specific prior written permission.
 *
 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
 * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
 * PARTICULAR PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE COPYRIGHT
 * HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
 * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
 * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 */
 #include <config.h>
@@ -37,6 +14,7 @@
 #ident "$Id$"
 #include "alloc.h"
 #include "prototypes.h"
 #include "defines.h"
 #include "commonio.h"
@@ -48,13 +26,12 @@
 	struct sgrp *sg;
 	int i;
-	sg = (struct sgrp *) malloc (sizeof *sg);
+	sg = CALLOC (1, struct sgrp);
 	if (NULL == sg) {
 		return NULL;
 	}
 	/* Do the same as the other _dup function, even if we know the
 	 * structure. */
 	memset (sg, 0, sizeof *sg);
 	/*@-mustfreeonly@*/
 	sg->sg_name = strdup (sgent->sg_name);
 	/*@=mustfreeonly@*/
@@ -73,7 +50,7 @@
 	for (i = 0; NULL != sgent->sg_adm[i]; i++);
 	/*@-mustfreeonly@*/
-	sg->sg_adm = (char **) malloc ((i + 1) * sizeof (char *));
+	sg->sg_adm = MALLOC(i + 1, char *);
 	/*@=mustfreeonly@*/
 	if (NULL == sg->sg_adm) {
 		free (sg->sg_passwd);
@@ -98,7 +75,7 @@
 	for (i = 0; NULL != sgent->sg_mem[i]; i++);
 	/*@-mustfreeonly@*/
-	sg->sg_mem = (char **) malloc ((i + 1) * sizeof (char *));
+	sg->sg_mem = MALLOC(i + 1, char *);
 	/*@=mustfreeonly@*/
 	if (NULL == sg->sg_mem) {
 		for (i = 0; NULL != sg->sg_adm[i]; i++) {
@@ -151,7 +128,7 @@ void sgr_free (/*@out@*/ /*@only@*/struct sgrp *sgent)
 	size_t i;
 	free (sgent->sg_name);
 	if (NULL != sgent->sg_passwd) {
-		memzero (sgent->sg_passwd, strlen (sgent->sg_passwd));
+		strzero (sgent->sg_passwd);
 		free (sgent->sg_passwd);
 	}
 	for (i = 0; NULL != sgent->sg_adm[i]; i++) {
@@ -174,7 +151,7 @@ static const char *gshadow_getname (const void *ent)
 static void *gshadow_parse (const char *line)
 {
-	return (void *) sgetsgent (line);
+	return sgetsgent (line);
 }
 static int gshadow_put (const void *ent, FILE * file)
@@ -276,7 +253,7 @@ int sgr_open (int mode)
 int sgr_update (const struct sgrp *sg)
 {
-	return commonio_update (&gshadow_db, (const void *) sg);
+	return commonio_update (&gshadow_db, sg);
 }
 int sgr_remove (const char *name)
@@ -325,5 +302,5 @@ int sgr_sort ()
 	return commonio_sort_wrt (&gshadow_db, __gr_get_db ());
 }
 #else
-extern int errno;		/* warning: ANSI C forbids an empty source file */
+extern int ISO_C_forbids_an_empty_translation_unit;
 #endif
@@ -1,34 +1,11 @@
 /*
- * Copyright (c) 1990 - 1994, Julianne Frances Haugh
+ * SPDX-FileCopyrightText: 1990 - 1994, Julianne Frances Haugh
- * Copyright (c) 1996 - 2000, Marek Michałkiewicz
+ * SPDX-FileCopyrightText: 1996 - 2000, Marek Michałkiewicz
- * Copyright (c) 2001       , Michał Moskal
+ * SPDX-FileCopyrightText: 2001       , Michał Moskal
- * Copyright (c) 2005       , Tomasz Kłoczko
+ * SPDX-FileCopyrightText: 2005       , Tomasz Kłoczko
- * Copyright (c) 2008       , Nicolas François
+ * SPDX-FileCopyrightText: 2008       , Nicolas François
 * All rights reserved.
 *
- * Redistribution and use in source and binary forms, with or without
+ * SPDX-License-Identifier: BSD-3-Clause
 * modification, are permitted provided that the following conditions
 * are met:
 * 1. Redistributions of source code must retain the above copyright
 *    notice, this list of conditions and the following disclaimer.
 * 2. Redistributions in binary form must reproduce the above copyright
 *    notice, this list of conditions and the following disclaimer in the
 *    documentation and/or other materials provided with the distribution.
 * 3. The name of the copyright holders or contributors may not be used to
 *    endorse or promote products derived from this software without
 *    specific prior written permission.
 *
 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
 * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
 * PARTICULAR PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE COPYRIGHT
 * HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
 * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
 * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 */
 /* $Id$ */
@@ -1,33 +1,10 @@
 /*
- * Copyright (c) 1989 - 1994, Julianne Frances Haugh
+ * SPDX-FileCopyrightText: 1989 - 1994, Julianne Frances Haugh
- * Copyright (c) 1996 - 1998, Marek Michałkiewicz
+ * SPDX-FileCopyrightText: 1996 - 1998, Marek Michałkiewicz
- * Copyright (c) 2003 - 2005, Tomasz Kłoczko
+ * SPDX-FileCopyrightText: 2003 - 2005, Tomasz Kłoczko
- * Copyright (c) 2009       , Nicolas François
+ * SPDX-FileCopyrightText: 2009       , Nicolas François
 * All rights reserved.
 *
- * Redistribution and use in source and binary forms, with or without
+ * SPDX-License-Identifier: BSD-3-Clause
 * modification, are permitted provided that the following conditions
 * are met:
 * 1. Redistributions of source code must retain the above copyright
 *    notice, this list of conditions and the following disclaimer.
 * 2. Redistributions in binary form must reproduce the above copyright
 *    notice, this list of conditions and the following disclaimer in the
 *    documentation and/or other materials provided with the distribution.
 * 3. The name of the copyright holders or contributors may not be used to
 *    endorse or promote products derived from this software without
 *    specific prior written permission.
 *
 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
 * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
 * PARTICULAR PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE COPYRIGHT
 * HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
 * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
 * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 */
 #include <config.h>
@@ -117,7 +94,7 @@ void endspent (void)
 		(void) fclose (shadow);
 	}
-	shadow = (FILE *) 0;
+	shadow = NULL;
 }
 /*
@@ -328,8 +305,7 @@ static struct spwd *my_sgetspent (const char *string)
 	if (fields[8][0] == '\0') {
 		spwd.sp_flag = SHADOW_SP_FLAG_UNSET;
 	} else {
-		if (getlong (fields[8], &spwd.sp_flag) == 0) {
+		if (getulong (fields[8], &spwd.sp_flag) == 0) {
 			/* FIXME: add a getulong function */
 #ifdef	USE_NIS
 			if (nis_used) {
 				spwd.sp_flag = SHADOW_SP_FLAG_UNSET;
@@ -360,9 +336,9 @@ struct spwd *fgetspent (FILE * fp)
 	}
 #ifdef	USE_NIS
-	while (fgets (buf, (int) sizeof buf, fp) != (char *) 0)
+	while (fgets (buf, sizeof buf, fp) != NULL)
 #else
-	if (fgets (buf, (int) sizeof buf, fp) != (char *) 0)
+	if (fgets (buf, sizeof buf, fp) != NULL)
 #endif
 	{
 		cp = strchr (buf, '\n');
@@ -535,7 +511,7 @@ struct spwd *getspnam (const char *name)
 		nis_disabled = true;
 	}
 #endif
-	while ((sp = getspent ()) != (struct spwd *) 0) {
+	while ((sp = getspent ()) != NULL) {
 		if (strcmp (name, sp->sp_namp) == 0) {
 			break;
 		}
@@ -549,6 +525,6 @@ struct spwd *getspnam (const char *name)
 	return (sp);
 }
 #else
-extern int errno;		/* warning: ANSI C forbids an empty source file */
+extern int ISO_C_forbids_an_empty_translation_unit;
 #endif
@@ -1,34 +1,11 @@
 /*
- * Copyright (c) 1990 - 1994, Julianne Frances Haugh
+ * SPDX-FileCopyrightText: 1990 - 1994, Julianne Frances Haugh
- * Copyright (c) 1996 - 2000, Marek Michałkiewicz
+ * SPDX-FileCopyrightText: 1996 - 2000, Marek Michałkiewicz
- * Copyright (c) 2001       , Michał Moskal
+ * SPDX-FileCopyrightText: 2001       , Michał Moskal
- * Copyright (c) 2005       , Tomasz Kłoczko
+ * SPDX-FileCopyrightText: 2005       , Tomasz Kłoczko
- * Copyright (c) 2007 - 2009, Nicolas François
+ * SPDX-FileCopyrightText: 2007 - 2009, Nicolas François
 * All rights reserved.
 *
- * Redistribution and use in source and binary forms, with or without
+ * SPDX-License-Identifier: BSD-3-Clause
 * modification, are permitted provided that the following conditions
 * are met:
 * 1. Redistributions of source code must retain the above copyright
 *    notice, this list of conditions and the following disclaimer.
 * 2. Redistributions in binary form must reproduce the above copyright
 *    notice, this list of conditions and the following disclaimer in the
 *    documentation and/or other materials provided with the distribution.
 * 3. The name of the copyright holders or contributors may not be used to
 *    endorse or promote products derived from this software without
 *    specific prior written permission.
 *
 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
 * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
 * PARTICULAR PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE COPYRIGHT
 * HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
 * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
 * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 */
 #include <config.h>
@@ -70,7 +47,7 @@ static const char *shadow_getname (const void *ent)
 static void *shadow_parse (const char *line)
 {
-	return (void *) sgetspent (line);
+	return sgetspent (line);
 }
 static int shadow_put (const void *ent, FILE * file)
@@ -79,7 +56,9 @@ static int shadow_put (const void *ent, FILE * file)
 	if (   (NULL == sp)
 	    || (valid_field (sp->sp_namp, ":\n") == -1)
-	    || (valid_field (sp->sp_pwdp, ":\n") == -1)) {
+	    || (valid_field (sp->sp_pwdp, ":\n") == -1)
 	    || (strlen (sp->sp_namp) + strlen (sp->sp_pwdp) +
 	        1000 > PASSWD_ENTRY_MAX_LENGTH)) {
 		return -1;
 	}
@@ -185,7 +164,7 @@ int spw_open (int mode)
 int spw_update (const struct spwd *sp)
 {
-	return commonio_update (&shadow_db, (const void *) sp);
+	return commonio_update (&shadow_db, sp);
 }
 int spw_remove (const char *name)
@@ -1,33 +1,10 @@
 /*
- * Copyright (c) 1990 - 1994, Julianne Frances Haugh
+ * SPDX-FileCopyrightText: 1990 - 1994, Julianne Frances Haugh
- * Copyright (c) 1996 - 2000, Marek Michałkiewicz
+ * SPDX-FileCopyrightText: 1996 - 2000, Marek Michałkiewicz
- * Copyright (c) 2001 - 2005, Tomasz Kłoczko
+ * SPDX-FileCopyrightText: 2001 - 2005, Tomasz Kłoczko
- * Copyright (c) 2008       , Nicolas François
+ * SPDX-FileCopyrightText: 2008       , Nicolas François
 * All rights reserved.
 *
- * Redistribution and use in source and binary forms, with or without
+ * SPDX-License-Identifier: BSD-3-Clause
 * modification, are permitted provided that the following conditions
 * are met:
 * 1. Redistributions of source code must retain the above copyright
 *    notice, this list of conditions and the following disclaimer.
 * 2. Redistributions in binary form must reproduce the above copyright
 *    notice, this list of conditions and the following disclaimer in the
 *    documentation and/or other materials provided with the distribution.
 * 3. The name of the copyright holders or contributors may not be used to
 *    endorse or promote products derived from this software without
 *    specific prior written permission.
 *
 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
 * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
 * PARTICULAR PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE COPYRIGHT
 * HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
 * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
 * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 */
 /* $Id$ */
@@ -0,0 +1,31 @@
 #include "shadowlog.h"
 #include "lib/shadowlog_internal.h"
 const char *shadow_progname = "libshadow";
 FILE *shadow_logfd = NULL;
 void log_set_progname(const char *progname)
 {
 	shadow_progname = progname;
 }
 const char *log_get_progname(void)
 {
 	return shadow_progname;
 }
 void log_set_logfd(FILE *fd)
 {
 	if (NULL != fd)
 		shadow_logfd = fd;
 	else
 		shadow_logfd = stderr;
 }
 FILE *log_get_logfd(void)
 {
 	if (shadow_logfd != NULL)
 		return shadow_logfd;
 	return stderr;
 }
@@ -1,7 +1,5 @@
 /*
- * Copyright (c) 1993 - 1994, Julianne Frances Haugh
+ * Copyright (c) 2021       , Serge Hallyn
 * Copyright (c) 1996 - 1998, Marek Michałkiewicz
 * Copyright (c) 2005       , Tomasz Kłoczko
 * All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
@@ -29,65 +27,14 @@
 * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 */
-#include <config.h>
+/* $Id$ */
-
+#ifndef _LOG_H
-#ifndef	HAVE_GETUTENT
+#define _LOG_H
 #include "defines.h"
 #include <stdio.h>
 #include <fcntl.h>
 #include <utmp.h>
-#ifndef	lint
+extern void log_set_progname(const char *);
-static char rcsid[] = "$Id$";
+extern const char *log_get_progname(void);
-#endif
+extern void log_set_logfd(FILE *fd);
-
+extern FILE *log_get_logfd(void);
-static int utmp_fd = -1;
+
 static struct utmp utmp_buf;
 /*
 * setutent - open or rewind the utmp file
 */
 void setutent (void)
 {
 	if (utmp_fd == -1)
 		if ((utmp_fd = open (_UTMP_FILE, O_RDWR)) == -1)
 			utmp_fd = open (_UTMP_FILE, O_RDONLY);
 	if (utmp_fd != -1)
 		lseek (utmp_fd, (off_t) 0L, SEEK_SET);
 }
 /*
 * endutent - close the utmp file
 */
 void endutent (void)
 {
 	if (utmp_fd != -1)
 		close (utmp_fd);
 	utmp_fd = -1;
 }
 /*
 * getutent - get the next record from the utmp file
 */
 struct utmp *getutent (void)
 {
 	if (utmp_fd == -1)
 		setutent ();
 	if (utmp_fd == -1)
 		return 0;
 	if (read (utmp_fd, &utmp_buf, sizeof utmp_buf) != sizeof utmp_buf)
 		return 0;
 	return &utmp_buf;
 }
 #else
 extern int errno;		/* warning: ANSI C forbids an empty source file */
 #endif
@@ -0,0 +1,7 @@
 #ifndef _SHADOWLOG_INTERNAL_H
 #define _SHADOWLOG_INTERNAL_H
 extern const char *shadow_progname; /* Program name showed in error messages */
 extern FILE *shadow_logfd;  /* file descriptor to which error messages are printed */
 #endif /* _SHADOWLOG_INTERNAL_H */
@@ -1,34 +1,11 @@
 /*
- * Copyright (c) 1990 - 1994, Julianne Frances Haugh
+ * SPDX-FileCopyrightText: 1990 - 1994, Julianne Frances Haugh
- * Copyright (c) 1996 - 2000, Marek Michałkiewicz
+ * SPDX-FileCopyrightText: 1996 - 2000, Marek Michałkiewicz
- * Copyright (c) 2001       , Michał Moskal
+ * SPDX-FileCopyrightText: 2001       , Michał Moskal
- * Copyright (c) 2005       , Tomasz Kłoczko
+ * SPDX-FileCopyrightText: 2005       , Tomasz Kłoczko
- * Copyright (c) 2007 - 2013, Nicolas François
+ * SPDX-FileCopyrightText: 2007 - 2013, Nicolas François
 * All rights reserved.
 *
- * Redistribution and use in source and binary forms, with or without
+ * SPDX-License-Identifier: BSD-3-Clause
 * modification, are permitted provided that the following conditions
 * are met:
 * 1. Redistributions of source code must retain the above copyright
 *    notice, this list of conditions and the following disclaimer.
 * 2. Redistributions in binary form must reproduce the above copyright
 *    notice, this list of conditions and the following disclaimer in the
 *    documentation and/or other materials provided with the distribution.
 * 3. The name of the copyright holders or contributors may not be used to
 *    endorse or promote products derived from this software without
 *    specific prior written permission.
 *
 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
 * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
 * PARTICULAR PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE COPYRIGHT
 * HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
 * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
 * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 */
 #include <config.h>
@@ -39,18 +16,19 @@
 #include "defines.h"
 #include <shadow.h>
 #include <stdio.h>
 #include "alloc.h"
 #include "shadowio.h"
 /*@null@*/ /*@only@*/struct spwd *__spw_dup (const struct spwd *spent)
 {
 	struct spwd *sp;
-	sp = (struct spwd *) malloc (sizeof *sp);
+	sp = CALLOC (1, struct spwd);
 	if (NULL == sp) {
 		return NULL;
 	}
 	/* The libc might define other fields. They won't be copied. */
 	memset (sp, 0, sizeof *sp);
 	sp->sp_lstchg = spent->sp_lstchg;
 	sp->sp_min    = spent->sp_min;
 	sp->sp_max    = spent->sp_max;
@@ -79,11 +57,13 @@
 void spw_free (/*@out@*/ /*@only@*/struct spwd *spent)
 {
-	free (spent->sp_namp);
+	if (spent != NULL) {
-	if (NULL != spent->sp_pwdp) {
+		free (spent->sp_namp);
-		memzero (spent->sp_pwdp, strlen (spent->sp_pwdp));
+		if (NULL != spent->sp_pwdp) {
-		free (spent->sp_pwdp);
+			strzero (spent->sp_pwdp);
 			free (spent->sp_pwdp);
 		}
 		free (spent);
 	}
 	free (spent);
 }
@@ -1,30 +1,7 @@
 /*
- * Copyright (c) 2011       , Jonathan Nieder
+ * SPDX-FileCopyrightText: 2011       , Jonathan Nieder
 * All rights reserved.
 *
- * Redistribution and use in source and binary forms, with or without
+ * SPDX-License-Identifier: BSD-3-Clause
 * modification, are permitted provided that the following conditions
 * are met:
 * 1. Redistributions of source code must retain the above copyright
 *    notice, this list of conditions and the following disclaimer.
 * 2. Redistributions in binary form must reproduce the above copyright
 *    notice, this list of conditions and the following disclaimer in the
 *    documentation and/or other materials provided with the distribution.
 * 3. The name of the copyright holders or contributors may not be used to
 *    endorse or promote products derived from this software without
 *    specific prior written permission.
 *
 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
 * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
 * PARTICULAR PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE COPYRIGHT
 * HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
 * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
 * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 */
 #include <config.h>
@@ -38,6 +15,8 @@
 #include "exitcodes.h"
 #include "prototypes.h"
 #include "shadowlog_internal.h"
 int run_command (const char *cmd, const char *argv[],
                 /*@null@*/const char *envp[], /*@out@*/int *status)
 {
@@ -58,11 +37,11 @@ int run_command (const char *cmd, const char *argv[],
 			exit (E_CMD_NOTFOUND);
 		}
 		fprintf (shadow_logfd, "%s: cannot execute %s: %s\n",
-		         Prog, cmd, strerror (errno));
+		         shadow_progname, cmd, strerror (errno));
 		exit (E_CMD_NOEXEC);
 	} else if ((pid_t)-1 == pid) {
 		fprintf (shadow_logfd, "%s: cannot execute %s: %s\n",
-		         Prog, cmd, strerror (errno));
+		         shadow_progname, cmd, strerror (errno));
 		return -1;
 	}
@@ -75,7 +54,7 @@ int run_command (const char *cmd, const char *argv[],
 	if ((pid_t)-1 == wpid) {
 		fprintf (shadow_logfd, "%s: waitpid (status: %d): %s\n",
-		         Prog, *status, strerror (errno));
+		         shadow_progname, *status, strerror (errno));
 		return -1;
 	}
@@ -4,25 +4,35 @@
 #ifdef USE_SSSD
 #include <stdio.h>
 #include <sys/stat.h>
 #include <sys/wait.h>
 #include <sys/types.h>
 #include "alloc.h"
 #include "exitcodes.h"
 #include "defines.h"
 #include "prototypes.h"
 #include "sssd.h"
 #include "shadowlog_internal.h"
 #define MSG_SSSD_FLUSH_CACHE_FAILED "%s: Failed to flush the sssd cache."
 int sssd_flush_cache (int dbflags)
 {
 	int status, code, rv;
 	const char *cmd = "/usr/sbin/sss_cache";
 	struct stat sb;
 	char *sss_cache_args = NULL;
 	const char *spawnedArgs[] = {"sss_cache", NULL, NULL};
 	const char *spawnedEnv[] = {NULL};
 	int i = 0;
-	sss_cache_args = malloc(4);
+	rv = stat(cmd, &sb);
 	if (rv == -1 && errno == ENOENT)
 		return 0;
 	sss_cache_args = MALLOC(4, char);
 	if (sss_cache_args == NULL) {
 	    return -1;
 	}
@@ -46,28 +56,28 @@ int sssd_flush_cache (int dbflags)
 	free(sss_cache_args);
 	if (rv != 0) {
 		/* run_command writes its own more detailed message. */
-		SYSLOG ((LOG_WARN, MSG_SSSD_FLUSH_CACHE_FAILED, Prog));
+		SYSLOG ((LOG_WARN, MSG_SSSD_FLUSH_CACHE_FAILED, shadow_progname));
 		return -1;
 	}
 	code = WEXITSTATUS (status);
 	if (!WIFEXITED (status)) {
 		SYSLOG ((LOG_WARN, "%s: sss_cache did not terminate normally (signal %d)",
-			Prog, WTERMSIG (status)));
+			shadow_progname, WTERMSIG (status)));
 		return -1;
 	} else if (code == E_CMD_NOTFOUND) {
 		/* sss_cache is not installed, or it is installed but uses an
 		   interpreter that is missing.  Probably the former. */
 		return 0;
 	} else if (code != 0) {
-		SYSLOG ((LOG_WARN, "%s: sss_cache exited with status %d", Prog, code));
+		SYSLOG ((LOG_WARN, "%s: sss_cache exited with status %d", shadow_progname, code));
-		SYSLOG ((LOG_WARN, MSG_SSSD_FLUSH_CACHE_FAILED, Prog));
+		SYSLOG ((LOG_WARN, MSG_SSSD_FLUSH_CACHE_FAILED, shadow_progname));
 		return -1;
 	}
 	return 0;
 }
 #else				/* USE_SSSD */
-extern int errno;		/* warning: ANSI C forbids an empty source file */
+extern int ISO_C_forbids_an_empty_translation_unit;
 #endif				/* USE_SSSD */
--- a/Show More
+++ b/Show More