Imported Upstream version 4.2.1

.gitignore

@@ -1,47 +0,0 @@
-*~
-lib*.a
-*.o
-*.lo
-*.la
-*.gmo
-.deps
-.libs
-
-*.patch
-*.rej
-*.orig
-
-Makefile
-Makefile.in
-
-/ABOUT-NLS
-/aclocal.m4
-/autom4te.cache
-/config.guess
-/config.h
-/config.h.in
-/config.log
-/config.rpath
-/config.status
-/config.sub
-/configure
-/depcomp
-/install-sh
-/libtool
-/ltmain.sh
-/m4
-/missing
-/stamp-h1
-/ylwrap
-
-/po/*.header
-/po/*.sed
-/po/*.sin
-/po/Makefile.in.in
-/po/Makevars.template
-/po/POTFILES
-/po/Rules-quot
-/po/stamp-po
-
-/shadow.spec
-/libmisc/getdate.c

ChangeLog

@@ -1,3 +1,17 @@
+2014-05-09  Christian Perrier  <bubulle@debian.org>
+
+	* Include patches only included in Debian for 4.2
+	* man/su.1.xml: Fix typo
+	* etc/login.defs src/newusers.c src/useradd.c libmisc/find_new_sub_uids.c libmisc/find_new_sub_gids.c:
+	  configure userns
+	* po/vi.po: Vietnamese translation update
+	* po/fr.po, man/po/fr.po: French translation update
+	* po/de.po: German translation update
+
+2014-04-30  Christian Perrier  <bubulle@debian.org>
+
+	* Release 4.2 "as is"
+
 2013-08-25  Nicolas François  <nicolas.francois@centraliens.net>
 
 	* src/vipw.c: After waitpid(), use errno only if waitpid returned

Makefile.in

@@ -0,0 +1,831 @@
+# Makefile.in generated by automake 1.13.3 from Makefile.am.
+# @configure_input@
+
+# Copyright (C) 1994-2013 Free Software Foundation, Inc.
+
+# This Makefile.in is free software; the Free Software Foundation
+# gives unlimited permission to copy and/or distribute it,
+# with or without modifications, as long as this notice is preserved.
+
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY, to the extent permitted by law; without
+# even the implied warranty of MERCHANTABILITY or FITNESS FOR A
+# PARTICULAR PURPOSE.
+
+@SET_MAKE@
+VPATH = @srcdir@
+am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)'
+am__make_running_with_option = \
+  case $${target_option-} in \
+      ?) ;; \
+      *) echo "am__make_running_with_option: internal error: invalid" \
+              "target option '$${target_option-}' specified" >&2; \
+         exit 1;; \
+  esac; \
+  has_opt=no; \
+  sane_makeflags=$$MAKEFLAGS; \
+  if $(am__is_gnu_make); then \
+    sane_makeflags=$$MFLAGS; \
+  else \
+    case $$MAKEFLAGS in \
+      *\\[\ \	]*) \
+        bs=\\; \
+        sane_makeflags=`printf '%s\n' "$$MAKEFLAGS" \
+          | sed "s/$$bs$$bs[$$bs $$bs	]*//g"`;; \
+    esac; \
+  fi; \
+  skip_next=no; \
+  strip_trailopt () \
+  { \
+    flg=`printf '%s\n' "$$flg" | sed "s/$$1.*$$//"`; \
+  }; \
+  for flg in $$sane_makeflags; do \
+    test $$skip_next = yes && { skip_next=no; continue; }; \
+    case $$flg in \
+      *=*|--*) continue;; \
+        -*I) strip_trailopt 'I'; skip_next=yes;; \
+      -*I?*) strip_trailopt 'I';; \
+        -*O) strip_trailopt 'O'; skip_next=yes;; \
+      -*O?*) strip_trailopt 'O';; \
+        -*l) strip_trailopt 'l'; skip_next=yes;; \
+      -*l?*) strip_trailopt 'l';; \
+      -[dEDm]) skip_next=yes;; \
+      -[JT]) skip_next=yes;; \
+    esac; \
+    case $$flg in \
+      *$$target_option*) has_opt=yes; break;; \
+    esac; \
+  done; \
+  test $$has_opt = yes
+am__make_dryrun = (target_option=n; $(am__make_running_with_option))
+am__make_keepgoing = (target_option=k; $(am__make_running_with_option))
+pkgdatadir = $(datadir)/@PACKAGE@
+pkgincludedir = $(includedir)/@PACKAGE@
+pkglibdir = $(libdir)/@PACKAGE@
+pkglibexecdir = $(libexecdir)/@PACKAGE@
+am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd
+install_sh_DATA = $(install_sh) -c -m 644
+install_sh_PROGRAM = $(install_sh) -c
+install_sh_SCRIPT = $(install_sh) -c
+INSTALL_HEADER = $(INSTALL_DATA)
+transform = $(program_transform_name)
+NORMAL_INSTALL = :
+PRE_INSTALL = :
+POST_INSTALL = :
+NORMAL_UNINSTALL = :
+PRE_UNINSTALL = :
+POST_UNINSTALL = :
+build_triplet = @build@
+host_triplet = @host@
+subdir = .
+DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \
+	$(top_srcdir)/configure $(am__configure_deps) \
+	$(srcdir)/config.h.in $(top_srcdir)/man/po/Makefile.in \
+	$(srcdir)/shadow.spec.in ABOUT-NLS COPYING ChangeLog NEWS \
+	README TODO config.guess config.rpath config.sub depcomp \
+	install-sh missing ylwrap ltmain.sh
+ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
+am__aclocal_m4_deps = $(top_srcdir)/acinclude.m4 \
+	$(top_srcdir)/configure.in
+am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
+	$(ACLOCAL_M4)
+am__CONFIG_DISTCLEAN_FILES = config.status config.cache config.log \
+ configure.lineno config.status.lineno
+mkinstalldirs = $(install_sh) -d
+CONFIG_HEADER = config.h
+CONFIG_CLEAN_FILES = man/po/Makefile shadow.spec
+CONFIG_CLEAN_VPATH_FILES =
+AM_V_P = $(am__v_P_@AM_V@)
+am__v_P_ = $(am__v_P_@AM_DEFAULT_V@)
+am__v_P_0 = false
+am__v_P_1 = :
+AM_V_GEN = $(am__v_GEN_@AM_V@)
+am__v_GEN_ = $(am__v_GEN_@AM_DEFAULT_V@)
+am__v_GEN_0 = @echo "  GEN     " $@;
+am__v_GEN_1 = 
+AM_V_at = $(am__v_at_@AM_V@)
+am__v_at_ = $(am__v_at_@AM_DEFAULT_V@)
+am__v_at_0 = @
+am__v_at_1 = 
+SOURCES =
+DIST_SOURCES =
+RECURSIVE_TARGETS = all-recursive check-recursive cscopelist-recursive \
+	ctags-recursive dvi-recursive html-recursive info-recursive \
+	install-data-recursive install-dvi-recursive \
+	install-exec-recursive install-html-recursive \
+	install-info-recursive install-pdf-recursive \
+	install-ps-recursive install-recursive installcheck-recursive \
+	installdirs-recursive pdf-recursive ps-recursive \
+	tags-recursive uninstall-recursive
+am__can_run_installinfo = \
+  case $$AM_UPDATE_INFO_DIR in \
+    n|no|NO) false;; \
+    *) (install-info --version) >/dev/null 2>&1;; \
+  esac
+RECURSIVE_CLEAN_TARGETS = mostlyclean-recursive clean-recursive	\
+  distclean-recursive maintainer-clean-recursive
+am__recursive_targets = \
+  $(RECURSIVE_TARGETS) \
+  $(RECURSIVE_CLEAN_TARGETS) \
+  $(am__extra_recursive_targets)
+AM_RECURSIVE_TARGETS = $(am__recursive_targets:-recursive=) TAGS CTAGS \
+	cscope distdir dist dist-all distcheck
+am__tagged_files = $(HEADERS) $(SOURCES) $(TAGS_FILES) \
+	$(LISP)config.h.in
+# Read a list of newline-separated strings from the standard input,
+# and print each of them once, without duplicates.  Input order is
+# *not* preserved.
+am__uniquify_input = $(AWK) '\
+  BEGIN { nonempty = 0; } \
+  { items[$$0] = 1; nonempty = 1; } \
+  END { if (nonempty) { for (i in items) print i; }; } \
+'
+# Make sure the list of sources is unique.  This is necessary because,
+# e.g., the same source file might be shared among _SOURCES variables
+# for different programs/libraries.
+am__define_uniq_tagged_files = \
+  list='$(am__tagged_files)'; \
+  unique=`for i in $$list; do \
+    if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+  done | $(am__uniquify_input)`
+ETAGS = etags
+CTAGS = ctags
+CSCOPE = cscope
+DIST_SUBDIRS = $(SUBDIRS)
+DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
+distdir = $(PACKAGE)-$(VERSION)
+top_distdir = $(distdir)
+am__remove_distdir = \
+  if test -d "$(distdir)"; then \
+    find "$(distdir)" -type d ! -perm -200 -exec chmod u+w {} ';' \
+      && rm -rf "$(distdir)" \
+      || { sleep 5 && rm -rf "$(distdir)"; }; \
+  else :; fi
+am__post_remove_distdir = $(am__remove_distdir)
+am__relativize = \
+  dir0=`pwd`; \
+  sed_first='s,^\([^/]*\)/.*$$,\1,'; \
+  sed_rest='s,^[^/]*/*,,'; \
+  sed_last='s,^.*/\([^/]*\)$$,\1,'; \
+  sed_butlast='s,/*[^/]*$$,,'; \
+  while test -n "$$dir1"; do \
+    first=`echo "$$dir1" | sed -e "$$sed_first"`; \
+    if test "$$first" != "."; then \
+      if test "$$first" = ".."; then \
+        dir2=`echo "$$dir0" | sed -e "$$sed_last"`/"$$dir2"; \
+        dir0=`echo "$$dir0" | sed -e "$$sed_butlast"`; \
+      else \
+        first2=`echo "$$dir2" | sed -e "$$sed_first"`; \
+        if test "$$first2" = "$$first"; then \
+          dir2=`echo "$$dir2" | sed -e "$$sed_rest"`; \
+        else \
+          dir2="../$$dir2"; \
+        fi; \
+        dir0="$$dir0"/"$$first"; \
+      fi; \
+    fi; \
+    dir1=`echo "$$dir1" | sed -e "$$sed_rest"`; \
+  done; \
+  reldir="$$dir2"
+DIST_ARCHIVES = $(distdir).tar.gz $(distdir).tar.bz2
+GZIP_ENV = --best
+DIST_TARGETS = dist-bzip2 dist-gzip
+distuninstallcheck_listfiles = find . -type f -print
+am__distuninstallcheck_listfiles = $(distuninstallcheck_listfiles) \
+  | sed 's|^\./|$(prefix)/|' | grep -v '$(infodir)/dir$$'
+distcleancheck_listfiles = find . -type f -print
+ACLOCAL = @ACLOCAL@
+AMTAR = @AMTAR@
+AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@
+AR = @AR@
+AUTOCONF = @AUTOCONF@
+AUTOHEADER = @AUTOHEADER@
+AUTOMAKE = @AUTOMAKE@
+AWK = @AWK@
+CC = @CC@
+CCDEPMODE = @CCDEPMODE@
+CFLAGS = @CFLAGS@
+CPP = @CPP@
+CPPFLAGS = @CPPFLAGS@
+CYGPATH_W = @CYGPATH_W@
+DEFS = @DEFS@
+DEPDIR = @DEPDIR@
+DLLTOOL = @DLLTOOL@
+DSYMUTIL = @DSYMUTIL@
+DUMPBIN = @DUMPBIN@
+ECHO_C = @ECHO_C@
+ECHO_N = @ECHO_N@
+ECHO_T = @ECHO_T@
+EGREP = @EGREP@
+EXEEXT = @EXEEXT@
+FGREP = @FGREP@
+GETTEXT_MACRO_VERSION = @GETTEXT_MACRO_VERSION@
+GMSGFMT = @GMSGFMT@
+GMSGFMT_015 = @GMSGFMT_015@
+GREP = @GREP@
+GROUP_NAME_MAX_LENGTH = @GROUP_NAME_MAX_LENGTH@
+INSTALL = @INSTALL@
+INSTALL_DATA = @INSTALL_DATA@
+INSTALL_PROGRAM = @INSTALL_PROGRAM@
+INSTALL_SCRIPT = @INSTALL_SCRIPT@
+INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@
+INTLLIBS = @INTLLIBS@
+INTL_MACOSX_LIBS = @INTL_MACOSX_LIBS@
+LD = @LD@
+LDFLAGS = @LDFLAGS@
+LIBACL = @LIBACL@
+LIBATTR = @LIBATTR@
+LIBAUDIT = @LIBAUDIT@
+LIBCRACK = @LIBCRACK@
+LIBCRYPT = @LIBCRYPT@
+LIBICONV = @LIBICONV@
+LIBINTL = @LIBINTL@
+LIBMD = @LIBMD@
+LIBOBJS = @LIBOBJS@
+LIBPAM = @LIBPAM@
+LIBS = @LIBS@
+LIBSELINUX = @LIBSELINUX@
+LIBSEMANAGE = @LIBSEMANAGE@
+LIBSKEY = @LIBSKEY@
+LIBTCB = @LIBTCB@
+LIBTOOL = @LIBTOOL@
+LIPO = @LIPO@
+LN_S = @LN_S@
+LTLIBICONV = @LTLIBICONV@
+LTLIBINTL = @LTLIBINTL@
+LTLIBOBJS = @LTLIBOBJS@
+MAINT = @MAINT@
+MAKEINFO = @MAKEINFO@
+MANIFEST_TOOL = @MANIFEST_TOOL@
+MKDIR_P = @MKDIR_P@
+MSGFMT = @MSGFMT@
+MSGFMT_015 = @MSGFMT_015@
+MSGMERGE = @MSGMERGE@
+NM = @NM@
+NMEDIT = @NMEDIT@
+OBJDUMP = @OBJDUMP@
+OBJEXT = @OBJEXT@
+OTOOL = @OTOOL@
+OTOOL64 = @OTOOL64@
+PACKAGE = @PACKAGE@
+PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@
+PACKAGE_NAME = @PACKAGE_NAME@
+PACKAGE_STRING = @PACKAGE_STRING@
+PACKAGE_TARNAME = @PACKAGE_TARNAME@
+PACKAGE_URL = @PACKAGE_URL@
+PACKAGE_VERSION = @PACKAGE_VERSION@
+PATH_SEPARATOR = @PATH_SEPARATOR@
+POSUB = @POSUB@
+RANLIB = @RANLIB@
+SED = @SED@
+SET_MAKE = @SET_MAKE@
+SHELL = @SHELL@
+STRIP = @STRIP@
+USE_NLS = @USE_NLS@
+VERSION = @VERSION@
+XGETTEXT = @XGETTEXT@
+XGETTEXT_015 = @XGETTEXT_015@
+XGETTEXT_EXTRA_OPTIONS = @XGETTEXT_EXTRA_OPTIONS@
+XMLCATALOG = @XMLCATALOG@
+XML_CATALOG_FILE = @XML_CATALOG_FILE@
+XSLTPROC = @XSLTPROC@
+YACC = @YACC@
+YFLAGS = @YFLAGS@
+abs_builddir = @abs_builddir@
+abs_srcdir = @abs_srcdir@
+abs_top_builddir = @abs_top_builddir@
+abs_top_srcdir = @abs_top_srcdir@
+ac_ct_AR = @ac_ct_AR@
+ac_ct_CC = @ac_ct_CC@
+ac_ct_DUMPBIN = @ac_ct_DUMPBIN@
+am__include = @am__include@
+am__leading_dot = @am__leading_dot@
+am__quote = @am__quote@
+am__tar = @am__tar@
+am__untar = @am__untar@
+bindir = @bindir@
+build = @build@
+build_alias = @build_alias@
+build_cpu = @build_cpu@
+build_os = @build_os@
+build_vendor = @build_vendor@
+builddir = @builddir@
+datadir = @datadir@
+datarootdir = @datarootdir@
+docdir = @docdir@
+dvidir = @dvidir@
+exec_prefix = @exec_prefix@
+host = @host@
+host_alias = @host_alias@
+host_cpu = @host_cpu@
+host_os = @host_os@
+host_vendor = @host_vendor@
+htmldir = @htmldir@
+includedir = @includedir@
+infodir = @infodir@
+install_sh = @install_sh@
+libdir = @libdir@
+libexecdir = @libexecdir@
+localedir = @localedir@
+localstatedir = @localstatedir@
+mandir = @mandir@
+mkdir_p = @mkdir_p@
+oldincludedir = @oldincludedir@
+pdfdir = @pdfdir@
+prefix = @prefix@
+program_transform_name = @program_transform_name@
+psdir = @psdir@
+sbindir = @sbindir@
+sharedstatedir = @sharedstatedir@
+srcdir = @srcdir@
+sysconfdir = @sysconfdir@
+target_alias = @target_alias@
+top_build_prefix = @top_build_prefix@
+top_builddir = @top_builddir@
+top_srcdir = @top_srcdir@
+EXTRA_DIST = NEWS README TODO shadow.spec.in
+AUTOMAKE_OPTIONS = 1.5 dist-bzip2 foreign
+SUBDIRS = po man libmisc lib src \
+	contrib doc etc
+
+all: config.h
+	$(MAKE) $(AM_MAKEFLAGS) all-recursive
+
+.SUFFIXES:
+am--refresh: Makefile
+	@:
+$(srcdir)/Makefile.in: @MAINTAINER_MODE_TRUE@ $(srcdir)/Makefile.am  $(am__configure_deps)
+	@for dep in $?; do \
+	  case '$(am__configure_deps)' in \
+	    *$$dep*) \
+	      echo ' cd $(srcdir) && $(AUTOMAKE) --foreign'; \
+	      $(am__cd) $(srcdir) && $(AUTOMAKE) --foreign \
+		&& exit 0; \
+	      exit 1;; \
+	  esac; \
+	done; \
+	echo ' cd $(top_srcdir) && $(AUTOMAKE) --foreign Makefile'; \
+	$(am__cd) $(top_srcdir) && \
+	  $(AUTOMAKE) --foreign Makefile
+.PRECIOUS: Makefile
+Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
+	@case '$?' in \
+	  *config.status*) \
+	    echo ' $(SHELL) ./config.status'; \
+	    $(SHELL) ./config.status;; \
+	  *) \
+	    echo ' cd $(top_builddir) && $(SHELL) ./config.status $@ $(am__depfiles_maybe)'; \
+	    cd $(top_builddir) && $(SHELL) ./config.status $@ $(am__depfiles_maybe);; \
+	esac;
+
+$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES)
+	$(SHELL) ./config.status --recheck
+
+$(top_srcdir)/configure: @MAINTAINER_MODE_TRUE@ $(am__configure_deps)
+	$(am__cd) $(srcdir) && $(AUTOCONF)
+$(ACLOCAL_M4): @MAINTAINER_MODE_TRUE@ $(am__aclocal_m4_deps)
+	$(am__cd) $(srcdir) && $(ACLOCAL) $(ACLOCAL_AMFLAGS)
+$(am__aclocal_m4_deps):
+
+config.h: stamp-h1
+	@if test ! -f $@; then rm -f stamp-h1; else :; fi
+	@if test ! -f $@; then $(MAKE) $(AM_MAKEFLAGS) stamp-h1; else :; fi
+
+stamp-h1: $(srcdir)/config.h.in $(top_builddir)/config.status
+	@rm -f stamp-h1
+	cd $(top_builddir) && $(SHELL) ./config.status config.h
+$(srcdir)/config.h.in: @MAINTAINER_MODE_TRUE@ $(am__configure_deps) 
+	($(am__cd) $(top_srcdir) && $(AUTOHEADER))
+	rm -f stamp-h1
+	touch $@
+
+distclean-hdr:
+	-rm -f config.h stamp-h1
+man/po/Makefile: $(top_builddir)/config.status $(top_srcdir)/man/po/Makefile.in
+	cd $(top_builddir) && $(SHELL) ./config.status $@
+shadow.spec: $(top_builddir)/config.status $(srcdir)/shadow.spec.in
+	cd $(top_builddir) && $(SHELL) ./config.status $@
+
+mostlyclean-libtool:
+	-rm -f *.lo
+
+clean-libtool:
+	-rm -rf .libs _libs
+
+distclean-libtool:
+	-rm -f libtool config.lt
+
+# This directory's subdirectories are mostly independent; you can cd
+# into them and run 'make' without going through this Makefile.
+# To change the values of 'make' variables: instead of editing Makefiles,
+# (1) if the variable is set in 'config.status', edit 'config.status'
+#     (which will cause the Makefiles to be regenerated when you run 'make');
+# (2) otherwise, pass the desired values on the 'make' command line.
+$(am__recursive_targets):
+	@fail=; \
+	if $(am__make_keepgoing); then \
+	  failcom='fail=yes'; \
+	else \
+	  failcom='exit 1'; \
+	fi; \
+	dot_seen=no; \
+	target=`echo $@ | sed s/-recursive//`; \
+	case "$@" in \
+	  distclean-* | maintainer-clean-*) list='$(DIST_SUBDIRS)' ;; \
+	  *) list='$(SUBDIRS)' ;; \
+	esac; \
+	for subdir in $$list; do \
+	  echo "Making $$target in $$subdir"; \
+	  if test "$$subdir" = "."; then \
+	    dot_seen=yes; \
+	    local_target="$$target-am"; \
+	  else \
+	    local_target="$$target"; \
+	  fi; \
+	  ($(am__cd) $$subdir && $(MAKE) $(AM_MAKEFLAGS) $$local_target) \
+	  || eval $$failcom; \
+	done; \
+	if test "$$dot_seen" = "no"; then \
+	  $(MAKE) $(AM_MAKEFLAGS) "$$target-am" || exit 1; \
+	fi; test -z "$$fail"
+
+ID: $(am__tagged_files)
+	$(am__define_uniq_tagged_files); mkid -fID $$unique
+tags: tags-recursive
+TAGS: tags
+
+tags-am: $(TAGS_DEPENDENCIES) $(am__tagged_files)
+	set x; \
+	here=`pwd`; \
+	if ($(ETAGS) --etags-include --version) >/dev/null 2>&1; then \
+	  include_option=--etags-include; \
+	  empty_fix=.; \
+	else \
+	  include_option=--include; \
+	  empty_fix=; \
+	fi; \
+	list='$(SUBDIRS)'; for subdir in $$list; do \
+	  if test "$$subdir" = .; then :; else \
+	    test ! -f $$subdir/TAGS || \
+	      set "$$@" "$$include_option=$$here/$$subdir/TAGS"; \
+	  fi; \
+	done; \
+	$(am__define_uniq_tagged_files); \
+	shift; \
+	if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \
+	  test -n "$$unique" || unique=$$empty_fix; \
+	  if test $$# -gt 0; then \
+	    $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
+	      "$$@" $$unique; \
+	  else \
+	    $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
+	      $$unique; \
+	  fi; \
+	fi
+ctags: ctags-recursive
+
+CTAGS: ctags
+ctags-am: $(TAGS_DEPENDENCIES) $(am__tagged_files)
+	$(am__define_uniq_tagged_files); \
+	test -z "$(CTAGS_ARGS)$$unique" \
+	  || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \
+	     $$unique
+
+GTAGS:
+	here=`$(am__cd) $(top_builddir) && pwd` \
+	  && $(am__cd) $(top_srcdir) \
+	  && gtags -i $(GTAGS_ARGS) "$$here"
+cscope: cscope.files
+	test ! -s cscope.files \
+	  || $(CSCOPE) -b -q $(AM_CSCOPEFLAGS) $(CSCOPEFLAGS) -i cscope.files $(CSCOPE_ARGS)
+clean-cscope:
+	-rm -f cscope.files
+cscope.files: clean-cscope cscopelist
+cscopelist: cscopelist-recursive
+
+cscopelist-am: $(am__tagged_files)
+	list='$(am__tagged_files)'; \
+	case "$(srcdir)" in \
+	  [\\/]* | ?:[\\/]*) sdir="$(srcdir)" ;; \
+	  *) sdir=$(subdir)/$(srcdir) ;; \
+	esac; \
+	for i in $$list; do \
+	  if test -f "$$i"; then \
+	    echo "$(subdir)/$$i"; \
+	  else \
+	    echo "$$sdir/$$i"; \
+	  fi; \
+	done >> $(top_builddir)/cscope.files
+
+distclean-tags:
+	-rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags
+	-rm -f cscope.out cscope.in.out cscope.po.out cscope.files
+
+distdir: $(DISTFILES)
+	$(am__remove_distdir)
+	test -d "$(distdir)" || mkdir "$(distdir)"
+	@srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
+	topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
+	list='$(DISTFILES)'; \
+	  dist_files=`for file in $$list; do echo $$file; done | \
+	  sed -e "s|^$$srcdirstrip/||;t" \
+	      -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \
+	case $$dist_files in \
+	  */*) $(MKDIR_P) `echo "$$dist_files" | \
+			   sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \
+			   sort -u` ;; \
+	esac; \
+	for file in $$dist_files; do \
+	  if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \
+	  if test -d $$d/$$file; then \
+	    dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \
+	    if test -d "$(distdir)/$$file"; then \
+	      find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \
+	    fi; \
+	    if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \
+	      cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \
+	      find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \
+	    fi; \
+	    cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \
+	  else \
+	    test -f "$(distdir)/$$file" \
+	    || cp -p $$d/$$file "$(distdir)/$$file" \
+	    || exit 1; \
+	  fi; \
+	done
+	@list='$(DIST_SUBDIRS)'; for subdir in $$list; do \
+	  if test "$$subdir" = .; then :; else \
+	    $(am__make_dryrun) \
+	      || test -d "$(distdir)/$$subdir" \
+	      || $(MKDIR_P) "$(distdir)/$$subdir" \
+	      || exit 1; \
+	    dir1=$$subdir; dir2="$(distdir)/$$subdir"; \
+	    $(am__relativize); \
+	    new_distdir=$$reldir; \
+	    dir1=$$subdir; dir2="$(top_distdir)"; \
+	    $(am__relativize); \
+	    new_top_distdir=$$reldir; \
+	    echo " (cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) top_distdir="$$new_top_distdir" distdir="$$new_distdir" \\"; \
+	    echo "     am__remove_distdir=: am__skip_length_check=: am__skip_mode_fix=: distdir)"; \
+	    ($(am__cd) $$subdir && \
+	      $(MAKE) $(AM_MAKEFLAGS) \
+	        top_distdir="$$new_top_distdir" \
+	        distdir="$$new_distdir" \
+		am__remove_distdir=: \
+		am__skip_length_check=: \
+		am__skip_mode_fix=: \
+	        distdir) \
+	      || exit 1; \
+	  fi; \
+	done
+	-test -n "$(am__skip_mode_fix)" \
+	|| find "$(distdir)" -type d ! -perm -755 \
+		-exec chmod u+rwx,go+rx {} \; -o \
+	  ! -type d ! -perm -444 -links 1 -exec chmod a+r {} \; -o \
+	  ! -type d ! -perm -400 -exec chmod a+r {} \; -o \
+	  ! -type d ! -perm -444 -exec $(install_sh) -c -m a+r {} {} \; \
+	|| chmod -R a+r "$(distdir)"
+dist-gzip: distdir
+	tardir=$(distdir) && $(am__tar) | GZIP=$(GZIP_ENV) gzip -c >$(distdir).tar.gz
+	$(am__post_remove_distdir)
+dist-bzip2: distdir
+	tardir=$(distdir) && $(am__tar) | BZIP2=$${BZIP2--9} bzip2 -c >$(distdir).tar.bz2
+	$(am__post_remove_distdir)
+
+dist-lzip: distdir
+	tardir=$(distdir) && $(am__tar) | lzip -c $${LZIP_OPT--9} >$(distdir).tar.lz
+	$(am__post_remove_distdir)
+
+dist-xz: distdir
+	tardir=$(distdir) && $(am__tar) | XZ_OPT=$${XZ_OPT--e} xz -c >$(distdir).tar.xz
+	$(am__post_remove_distdir)
+
+dist-tarZ: distdir
+	tardir=$(distdir) && $(am__tar) | compress -c >$(distdir).tar.Z
+	$(am__post_remove_distdir)
+
+dist-shar: distdir
+	shar $(distdir) | GZIP=$(GZIP_ENV) gzip -c >$(distdir).shar.gz
+	$(am__post_remove_distdir)
+
+dist-zip: distdir
+	-rm -f $(distdir).zip
+	zip -rq $(distdir).zip $(distdir)
+	$(am__post_remove_distdir)
+
+dist dist-all:
+	$(MAKE) $(AM_MAKEFLAGS) $(DIST_TARGETS) am__post_remove_distdir='@:'
+	$(am__post_remove_distdir)
+
+# This target untars the dist file and tries a VPATH configuration.  Then
+# it guarantees that the distribution is self-contained by making another
+# tarfile.
+distcheck: dist
+	case '$(DIST_ARCHIVES)' in \
+	*.tar.gz*) \
+	  GZIP=$(GZIP_ENV) gzip -dc $(distdir).tar.gz | $(am__untar) ;;\
+	*.tar.bz2*) \
+	  bzip2 -dc $(distdir).tar.bz2 | $(am__untar) ;;\
+	*.tar.lz*) \
+	  lzip -dc $(distdir).tar.lz | $(am__untar) ;;\
+	*.tar.xz*) \
+	  xz -dc $(distdir).tar.xz | $(am__untar) ;;\
+	*.tar.Z*) \
+	  uncompress -c $(distdir).tar.Z | $(am__untar) ;;\
+	*.shar.gz*) \
+	  GZIP=$(GZIP_ENV) gzip -dc $(distdir).shar.gz | unshar ;;\
+	*.zip*) \
+	  unzip $(distdir).zip ;;\
+	esac
+	chmod -R a-w $(distdir)
+	chmod u+w $(distdir)
+	mkdir $(distdir)/_build $(distdir)/_inst
+	chmod a-w $(distdir)
+	test -d $(distdir)/_build || exit 0; \
+	dc_install_base=`$(am__cd) $(distdir)/_inst && pwd | sed -e 's,^[^:\\/]:[\\/],/,'` \
+	  && dc_destdir="$${TMPDIR-/tmp}/am-dc-$$$$/" \
+	  && am__cwd=`pwd` \
+	  && $(am__cd) $(distdir)/_build \
+	  && ../configure --srcdir=.. --prefix="$$dc_install_base" \
+	    $(AM_DISTCHECK_CONFIGURE_FLAGS) \
+	    $(DISTCHECK_CONFIGURE_FLAGS) \
+	  && $(MAKE) $(AM_MAKEFLAGS) \
+	  && $(MAKE) $(AM_MAKEFLAGS) dvi \
+	  && $(MAKE) $(AM_MAKEFLAGS) check \
+	  && $(MAKE) $(AM_MAKEFLAGS) install \
+	  && $(MAKE) $(AM_MAKEFLAGS) installcheck \
+	  && $(MAKE) $(AM_MAKEFLAGS) uninstall \
+	  && $(MAKE) $(AM_MAKEFLAGS) distuninstallcheck_dir="$$dc_install_base" \
+	        distuninstallcheck \
+	  && chmod -R a-w "$$dc_install_base" \
+	  && ({ \
+	       (cd ../.. && umask 077 && mkdir "$$dc_destdir") \
+	       && $(MAKE) $(AM_MAKEFLAGS) DESTDIR="$$dc_destdir" install \
+	       && $(MAKE) $(AM_MAKEFLAGS) DESTDIR="$$dc_destdir" uninstall \
+	       && $(MAKE) $(AM_MAKEFLAGS) DESTDIR="$$dc_destdir" \
+	            distuninstallcheck_dir="$$dc_destdir" distuninstallcheck; \
+	      } || { rm -rf "$$dc_destdir"; exit 1; }) \
+	  && rm -rf "$$dc_destdir" \
+	  && $(MAKE) $(AM_MAKEFLAGS) dist \
+	  && rm -rf $(DIST_ARCHIVES) \
+	  && $(MAKE) $(AM_MAKEFLAGS) distcleancheck \
+	  && cd "$$am__cwd" \
+	  || exit 1
+	$(am__post_remove_distdir)
+	@(echo "$(distdir) archives ready for distribution: "; \
+	  list='$(DIST_ARCHIVES)'; for i in $$list; do echo $$i; done) | \
+	  sed -e 1h -e 1s/./=/g -e 1p -e 1x -e '$$p' -e '$$x'
+distuninstallcheck:
+	@test -n '$(distuninstallcheck_dir)' || { \
+	  echo 'ERROR: trying to run $@ with an empty' \
+	       '$$(distuninstallcheck_dir)' >&2; \
+	  exit 1; \
+	}; \
+	$(am__cd) '$(distuninstallcheck_dir)' || { \
+	  echo 'ERROR: cannot chdir into $(distuninstallcheck_dir)' >&2; \
+	  exit 1; \
+	}; \
+	test `$(am__distuninstallcheck_listfiles) | wc -l` -eq 0 \
+	   || { echo "ERROR: files left after uninstall:" ; \
+	        if test -n "$(DESTDIR)"; then \
+	          echo "  (check DESTDIR support)"; \
+	        fi ; \
+	        $(distuninstallcheck_listfiles) ; \
+	        exit 1; } >&2
+distcleancheck: distclean
+	@if test '$(srcdir)' = . ; then \
+	  echo "ERROR: distcleancheck can only run from a VPATH build" ; \
+	  exit 1 ; \
+	fi
+	@test `$(distcleancheck_listfiles) | wc -l` -eq 0 \
+	  || { echo "ERROR: files left in build directory after distclean:" ; \
+	       $(distcleancheck_listfiles) ; \
+	       exit 1; } >&2
+check-am: all-am
+check: check-recursive
+all-am: Makefile config.h
+installdirs: installdirs-recursive
+installdirs-am:
+install: install-recursive
+install-exec: install-exec-recursive
+install-data: install-data-recursive
+uninstall: uninstall-recursive
+
+install-am: all-am
+	@$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am
+
+installcheck: installcheck-recursive
+install-strip:
+	if test -z '$(STRIP)'; then \
+	  $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
+	    install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
+	      install; \
+	else \
+	  $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
+	    install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
+	    "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'" install; \
+	fi
+mostlyclean-generic:
+
+clean-generic:
+
+distclean-generic:
+	-test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES)
+	-test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES)
+
+maintainer-clean-generic:
+	@echo "This command is intended for maintainers to use"
+	@echo "it deletes files that may require special tools to rebuild."
+clean: clean-recursive
+
+clean-am: clean-generic clean-libtool mostlyclean-am
+
+distclean: distclean-recursive
+	-rm -f $(am__CONFIG_DISTCLEAN_FILES)
+	-rm -f Makefile
+distclean-am: clean-am distclean-generic distclean-hdr \
+	distclean-libtool distclean-tags
+
+dvi: dvi-recursive
+
+dvi-am:
+
+html: html-recursive
+
+html-am:
+
+info: info-recursive
+
+info-am:
+
+install-data-am:
+
+install-dvi: install-dvi-recursive
+
+install-dvi-am:
+
+install-exec-am:
+
+install-html: install-html-recursive
+
+install-html-am:
+
+install-info: install-info-recursive
+
+install-info-am:
+
+install-man:
+
+install-pdf: install-pdf-recursive
+
+install-pdf-am:
+
+install-ps: install-ps-recursive
+
+install-ps-am:
+
+installcheck-am:
+
+maintainer-clean: maintainer-clean-recursive
+	-rm -f $(am__CONFIG_DISTCLEAN_FILES)
+	-rm -rf $(top_srcdir)/autom4te.cache
+	-rm -f Makefile
+maintainer-clean-am: distclean-am maintainer-clean-generic
+
+mostlyclean: mostlyclean-recursive
+
+mostlyclean-am: mostlyclean-generic mostlyclean-libtool
+
+pdf: pdf-recursive
+
+pdf-am:
+
+ps: ps-recursive
+
+ps-am:
+
+uninstall-am:
+
+.MAKE: $(am__recursive_targets) all install-am install-strip
+
+.PHONY: $(am__recursive_targets) CTAGS GTAGS TAGS all all-am \
+	am--refresh check check-am clean clean-cscope clean-generic \
+	clean-libtool cscope cscopelist-am ctags ctags-am dist \
+	dist-all dist-bzip2 dist-gzip dist-lzip dist-shar dist-tarZ \
+	dist-xz dist-zip distcheck distclean distclean-generic \
+	distclean-hdr distclean-libtool distclean-tags distcleancheck \
+	distdir distuninstallcheck dvi dvi-am html html-am info \
+	info-am install install-am install-data install-data-am \
+	install-dvi install-dvi-am install-exec install-exec-am \
+	install-html install-html-am install-info install-info-am \
+	install-man install-pdf install-pdf-am install-ps \
+	install-ps-am install-strip installcheck installcheck-am \
+	installdirs installdirs-am maintainer-clean \
+	maintainer-clean-generic mostlyclean mostlyclean-generic \
+	mostlyclean-libtool pdf pdf-am ps ps-am tags tags-am uninstall \
+	uninstall-am
+
+
+# Tell versions [3.59,3.63) of GNU make to not export all variables.
+# Otherwise a system limit (for SysV at least) may be exceeded.
+.NOEXPORT:

NEWS

@@ -1,6 +1,18 @@
 $Id$
 
-shadow-4.1.5.1 -> shadow-4.2					UNRELEASED
+shadow-4.2 -> shadow-4.2.1					UNRELEASED
+
+*** general
+  * Properly release with a generated configure script, built manpages
+  * Include the configure_userns patch from Debian
+
+*** translation
+  * Vietnamese translation update
+  * French man pages translation update
+  * French translation update
+  * Typo fixes in German translation
+
+shadow-4.1.5.1 -> shadow-4.2					2013-04-30
 
 *** general
   * Handle libc whose crypt() returns NULL when passed a salt that

autogen.sh

@@ -1,12 +0,0 @@
-#! /bin/sh
-
-autoreconf -v -f --install || exit 1
-
-./configure \
-	CFLAGS="-O2 -Wall" \
-	--enable-man \
-	--enable-maintainer-mode \
-	--disable-shared \
-	--without-libpam \
-	--with-selinux \
-	"$@"

config.h.in

@@ -0,0 +1,598 @@
+/* config.h.in.  Generated from configure.in by autoheader.  */
+
+/* Define if account management tools should be installed setuid and
+   authenticate the callers */
+#undef ACCT_TOOLS_SETUID
+
+/* Define to 1 if translation of program messages to the user's native
+   language is requested. */
+#undef ENABLE_NLS
+
+/* Define to support the subordinate IDs. */
+#undef ENABLE_SUBIDS
+
+/* Path for faillog file. */
+#undef FAILLOG_FILE
+
+/* Define to the type of elements in the array set by `getgroups'. Usually
+   this is either `int' or `gid_t'. */
+#undef GETGROUPS_T
+
+/* max group name length */
+#undef GROUP_NAME_MAX_LENGTH
+
+/* Define to 1 if you have the declaration of 'pam_fail_delay' */
+#undef HAS_PAM_FAIL_DELAY
+
+/* Define to 1 if you have the <acl/libacl.h> header file. */
+#undef HAVE_ACL_LIBACL_H
+
+/* Define to 1 if you have the <attr/error_context.h> header file. */
+#undef HAVE_ATTR_ERROR_CONTEXT_H
+
+/* Define to 1 if you have the <attr/libattr.h> header file. */
+#undef HAVE_ATTR_LIBATTR_H
+
+/* Define to 1 if you have the Mac OS X function CFLocaleCopyCurrent in the
+   CoreFoundation framework. */
+#undef HAVE_CFLOCALECOPYCURRENT
+
+/* Define to 1 if you have the Mac OS X function CFPreferencesCopyAppValue in
+   the CoreFoundation framework. */
+#undef HAVE_CFPREFERENCESCOPYAPPVALUE
+
+/* Define if the GNU dcgettext() function is already present or preinstalled.
+   */
+#undef HAVE_DCGETTEXT
+
+/* Define to 1 if you have the declaration of `PAM_DATA_SILENT', and to 0 if
+   you don't. */
+#undef HAVE_DECL_PAM_DATA_SILENT
+
+/* Define to 1 if you have the declaration of `PAM_DELETE_CRED', and to 0 if
+   you don't. */
+#undef HAVE_DECL_PAM_DELETE_CRED
+
+/* Define to 1 if you have the declaration of `PAM_ESTABLISH_CRED', and to 0
+   if you don't. */
+#undef HAVE_DECL_PAM_ESTABLISH_CRED
+
+/* Define to 1 if you have the declaration of `PAM_NEW_AUTHTOK_REQD', and to 0
+   if you don't. */
+#undef HAVE_DECL_PAM_NEW_AUTHTOK_REQD
+
+/* Define to 1 if you have the <dirent.h> header file, and it defines `DIR'.
+   */
+#undef HAVE_DIRENT_H
+
+/* Define to 1 if you have the <dlfcn.h> header file. */
+#undef HAVE_DLFCN_H
+
+/* Define to 1 if you have the <errno.h> header file. */
+#undef HAVE_ERRNO_H
+
+/* Define to 1 if you have the `fchmod' function. */
+#undef HAVE_FCHMOD
+
+/* Define to 1 if you have the `fchown' function. */
+#undef HAVE_FCHOWN
+
+/* Define to 1 if you have the <fcntl.h> header file. */
+#undef HAVE_FCNTL_H
+
+/* Define to 1 if you have the `fsync' function. */
+#undef HAVE_FSYNC
+
+/* Define to 1 if you have the `futimes' function. */
+#undef HAVE_FUTIMES
+
+/* Define to 1 if you have the `getaddrinfo' function. */
+#undef HAVE_GETADDRINFO
+
+/* Define to 1 if you have the `getgrgid_r' function. */
+#undef HAVE_GETGRGID_R
+
+/* Define to 1 if you have the `getgrnam_r' function. */
+#undef HAVE_GETGRNAM_R
+
+/* Define to 1 if you have the `getgroups' function. */
+#undef HAVE_GETGROUPS
+
+/* Define to 1 if you have the `gethostname' function. */
+#undef HAVE_GETHOSTNAME
+
+/* Define to 1 if you have the `getpwnam_r' function. */
+#undef HAVE_GETPWNAM_R
+
+/* Define to 1 if you have the `getpwuid_r' function. */
+#undef HAVE_GETPWUID_R
+
+/* Define to 1 if you have the `getspnam' function. */
+#undef HAVE_GETSPNAM
+
+/* Define to 1 if you have the `getspnam_r' function. */
+#undef HAVE_GETSPNAM_R
+
+/* Define if the GNU gettext() function is already present or preinstalled. */
+#undef HAVE_GETTEXT
+
+/* Define to 1 if you have the `gettimeofday' function. */
+#undef HAVE_GETTIMEOFDAY
+
+/* Define to 1 if you have the `getusershell' function. */
+#undef HAVE_GETUSERSHELL
+
+/* Define to 1 if you have the `getutent' function. */
+#undef HAVE_GETUTENT
+
+/* Define to 1 if you have the <gshadow.h> header file. */
+#undef HAVE_GSHADOW_H
+
+/* Define if you have the iconv() function and it works. */
+#undef HAVE_ICONV
+
+/* Define to 1 if you have the `initgroups' function. */
+#undef HAVE_INITGROUPS
+
+/* Define to 1 if you have the `innetgr' function. */
+#undef HAVE_INNETGR
+
+/* Define to 1 if you have the <inttypes.h> header file. */
+#undef HAVE_INTTYPES_H
+
+/* Define to 1 if you have the `l64a' function. */
+#undef HAVE_L64A
+
+/* Define to 1 if you have the <lastlog.h> header file. */
+#undef HAVE_LASTLOG_H
+
+/* Define to 1 if you have the `lchown' function. */
+#undef HAVE_LCHOWN
+
+/* Define to 1 if you have the `lckpwdf' function. */
+#undef HAVE_LCKPWDF
+
+/* Defined if you have libcrack. */
+#undef HAVE_LIBCRACK
+
+/* Defined if you have the ts&szs cracklib. */
+#undef HAVE_LIBCRACK_HIST
+
+/* Defined if it includes *Pw functions. */
+#undef HAVE_LIBCRACK_PW
+
+/* Define to 1 if you have the <limits.h> header file. */
+#undef HAVE_LIMITS_H
+
+/* Define if struct lastlog has ll_host */
+#undef HAVE_LL_HOST
+
+/* Define to 1 if you have the <locale.h> header file. */
+#undef HAVE_LOCALE_H
+
+/* Define to 1 if you have the `lstat' function. */
+#undef HAVE_LSTAT
+
+/* Define to 1 if you have the `lutimes' function. */
+#undef HAVE_LUTIMES
+
+/* Define to 1 if you have the `memcpy' function. */
+#undef HAVE_MEMCPY
+
+/* Define to 1 if you have the <memory.h> header file. */
+#undef HAVE_MEMORY_H
+
+/* Define to 1 if you have the `memset' function. */
+#undef HAVE_MEMSET
+
+/* Define to 1 if you have the `mkdir' function. */
+#undef HAVE_MKDIR
+
+/* Define to 1 if you have the <ndir.h> header file, and it defines `DIR'. */
+#undef HAVE_NDIR_H
+
+/* Define to 1 if you have the <netdb.h> header file. */
+#undef HAVE_NETDB_H
+
+/* Define to 1 if you have the <paths.h> header file. */
+#undef HAVE_PATHS_H
+
+/* Define to 1 if you have the `putgrent' function. */
+#undef HAVE_PUTGRENT
+
+/* Define to 1 if you have the `putpwent' function. */
+#undef HAVE_PUTPWENT
+
+/* Define to 1 if you have the `putspent' function. */
+#undef HAVE_PUTSPENT
+
+/* Define to 1 if you have the `rename' function. */
+#undef HAVE_RENAME
+
+/* Define to 1 if you have the `rmdir' function. */
+#undef HAVE_RMDIR
+
+/* Define to 1 if you have the <rpc/key_prot.h> header file. */
+#undef HAVE_RPC_KEY_PROT_H
+
+/* Define to 1 if you have the `ruserok' function. */
+#undef HAVE_RUSEROK
+
+/* Define to 1 if you have the <security/openpam.h> header file. */
+#undef HAVE_SECURITY_OPENPAM_H
+
+/* Define to 1 if you have the <security/pam_misc.h> header file. */
+#undef HAVE_SECURITY_PAM_MISC_H
+
+/* Define to 1 if you have the <selinux/selinux.h> header file. */
+#undef HAVE_SELINUX_SELINUX_H
+
+/* Define to 1 if you have the <semanage/semanage.h> header file. */
+#undef HAVE_SEMANAGE_SEMANAGE_H
+
+/* Define to 1 if you have the `setgroups' function. */
+#undef HAVE_SETGROUPS
+
+/* Define to 1 if you have the `sgetgrent' function. */
+#undef HAVE_SGETGRENT
+
+/* Define to 1 if you have the `sgetpwent' function. */
+#undef HAVE_SGETPWENT
+
+/* Define to 1 if you have the `sgetspent' function. */
+#undef HAVE_SGETSPENT
+
+/* Define to 1 if you have the <sgtty.h> header file. */
+#undef HAVE_SGTTY_H
+
+/* Have working shadow group support in libc */
+#undef HAVE_SHADOWGRP
+
+/* Define to 1 if you have the `sigaction' function. */
+#undef HAVE_SIGACTION
+
+/* Define to 1 if you have the `snprintf' function. */
+#undef HAVE_SNPRINTF
+
+/* Define to 1 if stdbool.h conforms to C99. */
+#undef HAVE_STDBOOL_H
+
+/* Define to 1 if you have the <stdint.h> header file. */
+#undef HAVE_STDINT_H
+
+/* Define to 1 if you have the <stdlib.h> header file. */
+#undef HAVE_STDLIB_H
+
+/* Define to 1 if you have the `strcasecmp' function. */
+#undef HAVE_STRCASECMP
+
+/* Define to 1 if you have the `strchr' function. */
+#undef HAVE_STRCHR
+
+/* Define to 1 if you have the `strdup' function. */
+#undef HAVE_STRDUP
+
+/* Define to 1 if you have the `strerror' function. */
+#undef HAVE_STRERROR
+
+/* Define to 1 if you have the `strftime' function. */
+#undef HAVE_STRFTIME
+
+/* Define to 1 if you have the <strings.h> header file. */
+#undef HAVE_STRINGS_H
+
+/* Define to 1 if you have the <string.h> header file. */
+#undef HAVE_STRING_H
+
+/* Define to 1 if you have the `strstr' function. */
+#undef HAVE_STRSTR
+
+/* Define to 1 if `st_atim' is a member of `struct stat'. */
+#undef HAVE_STRUCT_STAT_ST_ATIM
+
+/* Define to 1 if `st_atimensec' is a member of `struct stat'. */
+#undef HAVE_STRUCT_STAT_ST_ATIMENSEC
+
+/* Define to 1 if `st_mtim' is a member of `struct stat'. */
+#undef HAVE_STRUCT_STAT_ST_MTIM
+
+/* Define to 1 if `st_mtimensec' is a member of `struct stat'. */
+#undef HAVE_STRUCT_STAT_ST_MTIMENSEC
+
+/* Define to 1 if `st_rdev' is a member of `struct stat'. */
+#undef HAVE_STRUCT_STAT_ST_RDEV
+
+/* Define to 1 if `ut_addr' is a member of `struct utmpx'. */
+#undef HAVE_STRUCT_UTMPX_UT_ADDR
+
+/* Define to 1 if `ut_addr_v6' is a member of `struct utmpx'. */
+#undef HAVE_STRUCT_UTMPX_UT_ADDR_V6
+
+/* Define to 1 if `ut_host' is a member of `struct utmpx'. */
+#undef HAVE_STRUCT_UTMPX_UT_HOST
+
+/* Define to 1 if `ut_name' is a member of `struct utmpx'. */
+#undef HAVE_STRUCT_UTMPX_UT_NAME
+
+/* Define to 1 if `ut_syslen' is a member of `struct utmpx'. */
+#undef HAVE_STRUCT_UTMPX_UT_SYSLEN
+
+/* Define to 1 if `ut_time' is a member of `struct utmpx'. */
+#undef HAVE_STRUCT_UTMPX_UT_TIME
+
+/* Define to 1 if `ut_xtime' is a member of `struct utmpx'. */
+#undef HAVE_STRUCT_UTMPX_UT_XTIME
+
+/* Define to 1 if `ut_addr' is a member of `struct utmp'. */
+#undef HAVE_STRUCT_UTMP_UT_ADDR
+
+/* Define to 1 if `ut_addr_v6' is a member of `struct utmp'. */
+#undef HAVE_STRUCT_UTMP_UT_ADDR_V6
+
+/* Define to 1 if `ut_host' is a member of `struct utmp'. */
+#undef HAVE_STRUCT_UTMP_UT_HOST
+
+/* Define to 1 if `ut_id' is a member of `struct utmp'. */
+#undef HAVE_STRUCT_UTMP_UT_ID
+
+/* Define to 1 if `ut_name' is a member of `struct utmp'. */
+#undef HAVE_STRUCT_UTMP_UT_NAME
+
+/* Define to 1 if `ut_syslen' is a member of `struct utmp'. */
+#undef HAVE_STRUCT_UTMP_UT_SYSLEN
+
+/* Define to 1 if `ut_time' is a member of `struct utmp'. */
+#undef HAVE_STRUCT_UTMP_UT_TIME
+
+/* Define to 1 if `ut_tv' is a member of `struct utmp'. */
+#undef HAVE_STRUCT_UTMP_UT_TV
+
+/* Define to 1 if `ut_type' is a member of `struct utmp'. */
+#undef HAVE_STRUCT_UTMP_UT_TYPE
+
+/* Define to 1 if `ut_user' is a member of `struct utmp'. */
+#undef HAVE_STRUCT_UTMP_UT_USER
+
+/* Define to 1 if `ut_xtime' is a member of `struct utmp'. */
+#undef HAVE_STRUCT_UTMP_UT_XTIME
+
+/* Define to 1 if you have the <syslog.h> header file. */
+#undef HAVE_SYSLOG_H
+
+/* Define to 1 if you have the <sys/dir.h> header file, and it defines `DIR'.
+   */
+#undef HAVE_SYS_DIR_H
+
+/* Define to 1 if you have the <sys/ioctl.h> header file. */
+#undef HAVE_SYS_IOCTL_H
+
+/* Define to 1 if you have the <sys/ndir.h> header file, and it defines `DIR'.
+   */
+#undef HAVE_SYS_NDIR_H
+
+/* Define to 1 if you have the <sys/resource.h> header file. */
+#undef HAVE_SYS_RESOURCE_H
+
+/* Define to 1 if you have the <sys/stat.h> header file. */
+#undef HAVE_SYS_STAT_H
+
+/* Define to 1 if you have the <sys/time.h> header file. */
+#undef HAVE_SYS_TIME_H
+
+/* Define to 1 if you have the <sys/types.h> header file. */
+#undef HAVE_SYS_TYPES_H
+
+/* Define to 1 if you have <sys/wait.h> that is POSIX.1 compatible. */
+#undef HAVE_SYS_WAIT_H
+
+/* Define to 1 if you have the <tcb.h> header file. */
+#undef HAVE_TCB_H
+
+/* Define to 1 if you have the <termios.h> header file. */
+#undef HAVE_TERMIOS_H
+
+/* Define to 1 if you have the <termio.h> header file. */
+#undef HAVE_TERMIO_H
+
+/* Define to 1 if you have the <ulimit.h> header file. */
+#undef HAVE_ULIMIT_H
+
+/* Define to 1 if you have the <unistd.h> header file. */
+#undef HAVE_UNISTD_H
+
+/* Define to 1 if you have the `updwtmp' function. */
+#undef HAVE_UPDWTMP
+
+/* Define to 1 if you have the `updwtmpx' function. */
+#undef HAVE_UPDWTMPX
+
+/* Define to 1 if you have the <utime.h> header file. */
+#undef HAVE_UTIME_H
+
+/* Define to 1 if `utime(file, NULL)' sets file's timestamp to the present. */
+#undef HAVE_UTIME_NULL
+
+/* Define to 1 if you have the <utmpx.h> header file. */
+#undef HAVE_UTMPX_H
+
+/* Define to 1 if you have the <utmp.h> header file. */
+#undef HAVE_UTMP_H
+
+/* Define to 1 if the system has the type `_Bool'. */
+#undef HAVE__BOOL
+
+/* Path for lastlog file. */
+#undef LASTLOG_FILE
+
+/* Define to the sub-directory in which libtool stores uninstalled libraries.
+   */
+#undef LT_OBJDIR
+
+/* Location of system mail spool directory. */
+#undef MAIL_SPOOL_DIR
+
+/* Name of user's mail spool file if stored in user's home directory. */
+#undef MAIL_SPOOL_FILE
+
+/* Name of package */
+#undef PACKAGE
+
+/* Define to the address where bug reports for this package should be sent. */
+#undef PACKAGE_BUGREPORT
+
+/* Define to the full name of this package. */
+#undef PACKAGE_NAME
+
+/* Define to the full name and version of this package. */
+#undef PACKAGE_STRING
+
+/* Define to the one symbol short name of this package. */
+#undef PACKAGE_TARNAME
+
+/* Define to the home page for this package. */
+#undef PACKAGE_URL
+
+/* Define to the version of this package. */
+#undef PACKAGE_VERSION
+
+/* Path to passwd program. */
+#undef PASSWD_PROGRAM
+
+/* Define as the return type of signal handlers (`int' or `void'). */
+#undef RETSIGTYPE
+
+/* Define if login should support the -r flag for rlogind. */
+#undef RLOGIN
+
+/* Define to the ruserok() "success" return value (0 or 1). */
+#undef RUSEROK
+
+/* Define to support the shadow group file. */
+#undef SHADOWGRP
+
+/* PAM converstation to use */
+#undef SHADOW_PAM_CONVERSATION
+
+/* The default shell. */
+#undef SHELL
+
+/* Define to support S/Key logins. */
+#undef SKEY
+
+/* Define to support newer BSD S/Key API */
+#undef SKEY_BSD_STYLE
+
+/* Define to 1 if the `S_IS*' macros in <sys/stat.h> do not work properly. */
+#undef STAT_MACROS_BROKEN
+
+/* Define to 1 if you have the ANSI C header files. */
+#undef STDC_HEADERS
+
+/* Define to support /etc/suauth su access control. */
+#undef SU_ACCESS
+
+/* Define to 1 if you can safely include both <sys/time.h> and <time.h>. */
+#undef TIME_WITH_SYS_TIME
+
+/* Define to 1 if your <sys/time.h> declares `struct tm'. */
+#undef TM_IN_SYS_TIME
+
+/* Define to support flushing of nscd caches */
+#undef USE_NSCD
+
+/* Define to support Pluggable Authentication Modules */
+#undef USE_PAM
+
+/* Define to allow the SHA256 and SHA512 password encryption algorithms */
+#undef USE_SHA_CRYPT
+
+/* Define to use syslog(). */
+#undef USE_SYSLOG
+
+/* Enable extensions on AIX 3, Interix.  */
+#ifndef _ALL_SOURCE
+# undef _ALL_SOURCE
+#endif
+/* Enable GNU extensions on systems that have them.  */
+#ifndef _GNU_SOURCE
+# undef _GNU_SOURCE
+#endif
+/* Enable threading extensions on Solaris.  */
+#ifndef _POSIX_PTHREAD_SEMANTICS
+# undef _POSIX_PTHREAD_SEMANTICS
+#endif
+/* Enable extensions on HP NonStop.  */
+#ifndef _TANDEM_SOURCE
+# undef _TANDEM_SOURCE
+#endif
+/* Enable general extensions on Solaris.  */
+#ifndef __EXTENSIONS__
+# undef __EXTENSIONS__
+#endif
+
+
+/* Define if utmpx should be used */
+#undef USE_UTMPX
+
+/* Version number of package */
+#undef VERSION
+
+/* Build shadow with ACL support */
+#undef WITH_ACL
+
+/* Build shadow with Extended Attributes support */
+#undef WITH_ATTR
+
+/* Define if you want to enable Audit messages */
+#undef WITH_AUDIT
+
+/* Build shadow with SELinux support */
+#undef WITH_SELINUX
+
+/* Build shadow with tcb support (incomplete) */
+#undef WITH_TCB
+
+/* Enable large inode numbers on Mac OS X 10.5.  */
+#ifndef _DARWIN_USE_64_BIT_INODE
+# define _DARWIN_USE_64_BIT_INODE 1
+#endif
+
+/* Number of bits in a file offset, on hosts where this is settable. */
+#undef _FILE_OFFSET_BITS
+
+/* Define for large files, on AIX-style hosts. */
+#undef _LARGE_FILES
+
+/* Define to 1 if on MINIX. */
+#undef _MINIX
+
+/* Define to 2 if the system does not provide POSIX.1 features except with
+   this defined. */
+#undef _POSIX_1_SOURCE
+
+/* Define to 1 if you need to in order for `stat' and other things to work. */
+#undef _POSIX_SOURCE
+
+/* Path for utmp file. */
+#undef _UTMP_FILE
+
+/* Path for wtmp file. */
+#undef _WTMP_FILE
+
+/* Define to empty if `const' does not conform to ANSI C. */
+#undef const
+
+/* Define to `int' if <sys/types.h> doesn't define. */
+#undef gid_t
+
+/* Define to `int' if <sys/types.h> does not define. */
+#undef mode_t
+
+/* Define to `long int' if <sys/types.h> does not define. */
+#undef off_t
+
+/* Define to `int' if <sys/types.h> does not define. */
+#undef pid_t
+
+/* Define to `int' if <sys/types.h> doesn't define. */
+#undef uid_t

config.rpath

@@ -0,0 +1,614 @@
+#! /bin/sh
+# Output a system dependent set of variables, describing how to set the
+# run time search path of shared libraries in an executable.
+#
+#   Copyright 1996-2006 Free Software Foundation, Inc.
+#   Taken from GNU libtool, 2001
+#   Originally by Gordon Matzigkeit <gord@gnu.ai.mit.edu>, 1996
+#
+#   This file is free software; the Free Software Foundation gives
+#   unlimited permission to copy and/or distribute it, with or without
+#   modifications, as long as this notice is preserved.
+#
+# The first argument passed to this file is the canonical host specification,
+#    CPU_TYPE-MANUFACTURER-OPERATING_SYSTEM
+# or
+#    CPU_TYPE-MANUFACTURER-KERNEL-OPERATING_SYSTEM
+# The environment variables CC, GCC, LDFLAGS, LD, with_gnu_ld
+# should be set by the caller.
+#
+# The set of defined variables is at the end of this script.
+
+# Known limitations:
+# - On IRIX 6.5 with CC="cc", the run time search patch must not be longer
+#   than 256 bytes, otherwise the compiler driver will dump core. The only
+#   known workaround is to choose shorter directory names for the build
+#   directory and/or the installation directory.
+
+# All known linkers require a `.a' archive for static linking (except MSVC,
+# which needs '.lib').
+libext=a
+shrext=.so
+
+host="$1"
+host_cpu=`echo "$host" | sed 's/^\([^-]*\)-\([^-]*\)-\(.*\)$/\1/'`
+host_vendor=`echo "$host" | sed 's/^\([^-]*\)-\([^-]*\)-\(.*\)$/\2/'`
+host_os=`echo "$host" | sed 's/^\([^-]*\)-\([^-]*\)-\(.*\)$/\3/'`
+
+# Code taken from libtool.m4's _LT_CC_BASENAME.
+
+for cc_temp in $CC""; do
+  case $cc_temp in
+    compile | *[\\/]compile | ccache | *[\\/]ccache ) ;;
+    distcc | *[\\/]distcc | purify | *[\\/]purify ) ;;
+    \-*) ;;
+    *) break;;
+  esac
+done
+cc_basename=`echo "$cc_temp" | sed -e 's%^.*/%%'`
+
+# Code taken from libtool.m4's AC_LIBTOOL_PROG_COMPILER_PIC.
+
+wl=
+if test "$GCC" = yes; then
+  wl='-Wl,'
+else
+  case "$host_os" in
+    aix*)
+      wl='-Wl,'
+      ;;
+    darwin*)
+      case $cc_basename in
+        xlc*)
+          wl='-Wl,'
+          ;;
+      esac
+      ;;
+    mingw* | pw32* | os2*)
+      ;;
+    hpux9* | hpux10* | hpux11*)
+      wl='-Wl,'
+      ;;
+    irix5* | irix6* | nonstopux*)
+      wl='-Wl,'
+      ;;
+    newsos6)
+      ;;
+    linux*)
+      case $cc_basename in
+        icc* | ecc*)
+          wl='-Wl,'
+          ;;
+        pgcc | pgf77 | pgf90)
+          wl='-Wl,'
+          ;;
+        ccc*)
+          wl='-Wl,'
+          ;;
+        como)
+          wl='-lopt='
+          ;;
+        *)
+          case `$CC -V 2>&1 | sed 5q` in
+            *Sun\ C*)
+              wl='-Wl,'
+              ;;
+          esac
+          ;;
+      esac
+      ;;
+    osf3* | osf4* | osf5*)
+      wl='-Wl,'
+      ;;
+    sco3.2v5*)
+      ;;
+    solaris*)
+      wl='-Wl,'
+      ;;
+    sunos4*)
+      wl='-Qoption ld '
+      ;;
+    sysv4 | sysv4.2uw2* | sysv4.3* | sysv5*)
+      wl='-Wl,'
+      ;;
+    sysv4*MP*)
+      ;;
+    unicos*)
+      wl='-Wl,'
+      ;;
+    uts4*)
+      ;;
+  esac
+fi
+
+# Code taken from libtool.m4's AC_LIBTOOL_PROG_LD_SHLIBS.
+
+hardcode_libdir_flag_spec=
+hardcode_libdir_separator=
+hardcode_direct=no
+hardcode_minus_L=no
+
+case "$host_os" in
+  cygwin* | mingw* | pw32*)
+    # FIXME: the MSVC++ port hasn't been tested in a loooong time
+    # When not using gcc, we currently assume that we are using
+    # Microsoft Visual C++.
+    if test "$GCC" != yes; then
+      with_gnu_ld=no
+    fi
+    ;;
+  interix*)
+    # we just hope/assume this is gcc and not c89 (= MSVC++)
+    with_gnu_ld=yes
+    ;;
+  openbsd*)
+    with_gnu_ld=no
+    ;;
+esac
+
+ld_shlibs=yes
+if test "$with_gnu_ld" = yes; then
+  # Set some defaults for GNU ld with shared library support. These
+  # are reset later if shared libraries are not supported. Putting them
+  # here allows them to be overridden if necessary.
+  # Unlike libtool, we use -rpath here, not --rpath, since the documented
+  # option of GNU ld is called -rpath, not --rpath.
+  hardcode_libdir_flag_spec='${wl}-rpath ${wl}$libdir'
+  case "$host_os" in
+    aix3* | aix4* | aix5*)
+      # On AIX/PPC, the GNU linker is very broken
+      if test "$host_cpu" != ia64; then
+        ld_shlibs=no
+      fi
+      ;;
+    amigaos*)
+      hardcode_libdir_flag_spec='-L$libdir'
+      hardcode_minus_L=yes
+      # Samuel A. Falvo II <kc5tja@dolphin.openprojects.net> reports
+      # that the semantics of dynamic libraries on AmigaOS, at least up
+      # to version 4, is to share data among multiple programs linked
+      # with the same dynamic library.  Since this doesn't match the
+      # behavior of shared libraries on other platforms, we cannot use
+      # them.
+      ld_shlibs=no
+      ;;
+    beos*)
+      if $LD --help 2>&1 | grep ': supported targets:.* elf' > /dev/null; then
+        :
+      else
+        ld_shlibs=no
+      fi
+      ;;
+    cygwin* | mingw* | pw32*)
+      # hardcode_libdir_flag_spec is actually meaningless, as there is
+      # no search path for DLLs.
+      hardcode_libdir_flag_spec='-L$libdir'
+      if $LD --help 2>&1 | grep 'auto-import' > /dev/null; then
+        :
+      else
+        ld_shlibs=no
+      fi
+      ;;
+    interix3*)
+      hardcode_direct=no
+      hardcode_libdir_flag_spec='${wl}-rpath,$libdir'
+      ;;
+    linux*)
+      if $LD --help 2>&1 | grep ': supported targets:.* elf' > /dev/null; then
+        :
+      else
+        ld_shlibs=no
+      fi
+      ;;
+    netbsd*)
+      ;;
+    solaris*)
+      if $LD -v 2>&1 | grep 'BFD 2\.8' > /dev/null; then
+        ld_shlibs=no
+      elif $LD --help 2>&1 | grep ': supported targets:.* elf' > /dev/null; then
+        :
+      else
+        ld_shlibs=no
+      fi
+      ;;
+    sysv5* | sco3.2v5* | sco5v6* | unixware* | OpenUNIX*)
+      case `$LD -v 2>&1` in
+        *\ [01].* | *\ 2.[0-9].* | *\ 2.1[0-5].*)
+          ld_shlibs=no
+          ;;
+        *)
+          if $LD --help 2>&1 | grep ': supported targets:.* elf' > /dev/null; then
+            hardcode_libdir_flag_spec='`test -z "$SCOABSPATH" && echo ${wl}-rpath,$libdir`'
+          else
+            ld_shlibs=no
+          fi
+          ;;
+      esac
+      ;;
+    sunos4*)
+      hardcode_direct=yes
+      ;;
+    *)
+      if $LD --help 2>&1 | grep ': supported targets:.* elf' > /dev/null; then
+        :
+      else
+        ld_shlibs=no
+      fi
+      ;;
+  esac
+  if test "$ld_shlibs" = no; then
+    hardcode_libdir_flag_spec=
+  fi
+else
+  case "$host_os" in
+    aix3*)
+      # Note: this linker hardcodes the directories in LIBPATH if there
+      # are no directories specified by -L.
+      hardcode_minus_L=yes
+      if test "$GCC" = yes; then
+        # Neither direct hardcoding nor static linking is supported with a
+        # broken collect2.
+        hardcode_direct=unsupported
+      fi
+      ;;
+    aix4* | aix5*)
+      if test "$host_cpu" = ia64; then
+        # On IA64, the linker does run time linking by default, so we don't
+        # have to do anything special.
+        aix_use_runtimelinking=no
+      else
+        aix_use_runtimelinking=no
+        # Test if we are trying to use run time linking or normal
+        # AIX style linking. If -brtl is somewhere in LDFLAGS, we
+        # need to do runtime linking.
+        case $host_os in aix4.[23]|aix4.[23].*|aix5*)
+          for ld_flag in $LDFLAGS; do
+            if (test $ld_flag = "-brtl" || test $ld_flag = "-Wl,-brtl"); then
+              aix_use_runtimelinking=yes
+              break
+            fi
+          done
+          ;;
+        esac
+      fi
+      hardcode_direct=yes
+      hardcode_libdir_separator=':'
+      if test "$GCC" = yes; then
+        case $host_os in aix4.[012]|aix4.[012].*)
+          collect2name=`${CC} -print-prog-name=collect2`
+          if test -f "$collect2name" && \
+            strings "$collect2name" | grep resolve_lib_name >/dev/null
+          then
+            # We have reworked collect2
+            hardcode_direct=yes
+          else
+            # We have old collect2
+            hardcode_direct=unsupported
+            hardcode_minus_L=yes
+            hardcode_libdir_flag_spec='-L$libdir'
+            hardcode_libdir_separator=
+          fi
+          ;;
+        esac
+      fi
+      # Begin _LT_AC_SYS_LIBPATH_AIX.
+      echo 'int main () { return 0; }' > conftest.c
+      ${CC} ${LDFLAGS} conftest.c -o conftest
+      aix_libpath=`dump -H conftest 2>/dev/null | sed -n -e '/Import File Strings/,/^$/ { /^0/ { s/^0  *\(.*\)$/\1/; p; }
+}'`
+      if test -z "$aix_libpath"; then
+        aix_libpath=`dump -HX64 conftest 2>/dev/null | sed -n -e '/Import File Strings/,/^$/ { /^0/ { s/^0  *\(.*\)$/\1/; p; }
+}'`
+      fi
+      if test -z "$aix_libpath"; then
+        aix_libpath="/usr/lib:/lib"
+      fi
+      rm -f conftest.c conftest
+      # End _LT_AC_SYS_LIBPATH_AIX.
+      if test "$aix_use_runtimelinking" = yes; then
+        hardcode_libdir_flag_spec='${wl}-blibpath:$libdir:'"$aix_libpath"
+      else
+        if test "$host_cpu" = ia64; then
+          hardcode_libdir_flag_spec='${wl}-R $libdir:/usr/lib:/lib'
+        else
+          hardcode_libdir_flag_spec='${wl}-blibpath:$libdir:'"$aix_libpath"
+        fi
+      fi
+      ;;
+    amigaos*)
+      hardcode_libdir_flag_spec='-L$libdir'
+      hardcode_minus_L=yes
+      # see comment about different semantics on the GNU ld section
+      ld_shlibs=no
+      ;;
+    bsdi[45]*)
+      ;;
+    cygwin* | mingw* | pw32*)
+      # When not using gcc, we currently assume that we are using
+      # Microsoft Visual C++.
+      # hardcode_libdir_flag_spec is actually meaningless, as there is
+      # no search path for DLLs.
+      hardcode_libdir_flag_spec=' '
+      libext=lib
+      ;;
+    darwin* | rhapsody*)
+      hardcode_direct=no
+      if test "$GCC" = yes ; then
+        :
+      else
+        case $cc_basename in
+          xlc*)
+            ;;
+          *)
+            ld_shlibs=no
+            ;;
+        esac
+      fi
+      ;;
+    dgux*)
+      hardcode_libdir_flag_spec='-L$libdir'
+      ;;
+    freebsd1*)
+      ld_shlibs=no
+      ;;
+    freebsd2.2*)
+      hardcode_libdir_flag_spec='-R$libdir'
+      hardcode_direct=yes
+      ;;
+    freebsd2*)
+      hardcode_direct=yes
+      hardcode_minus_L=yes
+      ;;
+    freebsd* | kfreebsd*-gnu | dragonfly*)
+      hardcode_libdir_flag_spec='-R$libdir'
+      hardcode_direct=yes
+      ;;
+    hpux9*)
+      hardcode_libdir_flag_spec='${wl}+b ${wl}$libdir'
+      hardcode_libdir_separator=:
+      hardcode_direct=yes
+      # hardcode_minus_L: Not really in the search PATH,
+      # but as the default location of the library.
+      hardcode_minus_L=yes
+      ;;
+    hpux10*)
+      if test "$with_gnu_ld" = no; then
+        hardcode_libdir_flag_spec='${wl}+b ${wl}$libdir'
+        hardcode_libdir_separator=:
+        hardcode_direct=yes
+        # hardcode_minus_L: Not really in the search PATH,
+        # but as the default location of the library.
+        hardcode_minus_L=yes
+      fi
+      ;;
+    hpux11*)
+      if test "$with_gnu_ld" = no; then
+        hardcode_libdir_flag_spec='${wl}+b ${wl}$libdir'
+        hardcode_libdir_separator=:
+        case $host_cpu in
+          hppa*64*|ia64*)
+            hardcode_direct=no
+            ;;
+          *)
+            hardcode_direct=yes
+            # hardcode_minus_L: Not really in the search PATH,
+            # but as the default location of the library.
+            hardcode_minus_L=yes
+            ;;
+        esac
+      fi
+      ;;
+    irix5* | irix6* | nonstopux*)
+      hardcode_libdir_flag_spec='${wl}-rpath ${wl}$libdir'
+      hardcode_libdir_separator=:
+      ;;
+    netbsd*)
+      hardcode_libdir_flag_spec='-R$libdir'
+      hardcode_direct=yes
+      ;;
+    newsos6)
+      hardcode_direct=yes
+      hardcode_libdir_flag_spec='${wl}-rpath ${wl}$libdir'
+      hardcode_libdir_separator=:
+      ;;
+    openbsd*)
+      hardcode_direct=yes
+      if test -z "`echo __ELF__ | $CC -E - | grep __ELF__`" || test "$host_os-$host_cpu" = "openbsd2.8-powerpc"; then
+        hardcode_libdir_flag_spec='${wl}-rpath,$libdir'
+      else
+        case "$host_os" in
+          openbsd[01].* | openbsd2.[0-7] | openbsd2.[0-7].*)
+            hardcode_libdir_flag_spec='-R$libdir'
+            ;;
+          *)
+            hardcode_libdir_flag_spec='${wl}-rpath,$libdir'
+            ;;
+        esac
+      fi
+      ;;
+    os2*)
+      hardcode_libdir_flag_spec='-L$libdir'
+      hardcode_minus_L=yes
+      ;;
+    osf3*)
+      hardcode_libdir_flag_spec='${wl}-rpath ${wl}$libdir'
+      hardcode_libdir_separator=:
+      ;;
+    osf4* | osf5*)
+      if test "$GCC" = yes; then
+        hardcode_libdir_flag_spec='${wl}-rpath ${wl}$libdir'
+      else
+        # Both cc and cxx compiler support -rpath directly
+        hardcode_libdir_flag_spec='-rpath $libdir'
+      fi
+      hardcode_libdir_separator=:
+      ;;
+    solaris*)
+      hardcode_libdir_flag_spec='-R$libdir'
+      ;;
+    sunos4*)
+      hardcode_libdir_flag_spec='-L$libdir'
+      hardcode_direct=yes
+      hardcode_minus_L=yes
+      ;;
+    sysv4)
+      case $host_vendor in
+        sni)
+          hardcode_direct=yes # is this really true???
+          ;;
+        siemens)
+          hardcode_direct=no
+          ;;
+        motorola)
+          hardcode_direct=no #Motorola manual says yes, but my tests say they lie
+          ;;
+      esac
+      ;;
+    sysv4.3*)
+      ;;
+    sysv4*MP*)
+      if test -d /usr/nec; then
+        ld_shlibs=yes
+      fi
+      ;;
+    sysv4*uw2* | sysv5OpenUNIX* | sysv5UnixWare7.[01].[10]* | unixware7*)
+      ;;
+    sysv5* | sco3.2v5* | sco5v6*)
+      hardcode_libdir_flag_spec='`test -z "$SCOABSPATH" && echo ${wl}-R,$libdir`'
+      hardcode_libdir_separator=':'
+      ;;
+    uts4*)
+      hardcode_libdir_flag_spec='-L$libdir'
+      ;;
+    *)
+      ld_shlibs=no
+      ;;
+  esac
+fi
+
+# Check dynamic linker characteristics
+# Code taken from libtool.m4's AC_LIBTOOL_SYS_DYNAMIC_LINKER.
+libname_spec='lib$name'
+case "$host_os" in
+  aix3*)
+    ;;
+  aix4* | aix5*)
+    ;;
+  amigaos*)
+    ;;
+  beos*)
+    ;;
+  bsdi[45]*)
+    ;;
+  cygwin* | mingw* | pw32*)
+    shrext=.dll
+    ;;
+  darwin* | rhapsody*)
+    shrext=.dylib
+    ;;
+  dgux*)
+    ;;
+  freebsd1*)
+    ;;
+  kfreebsd*-gnu)
+    ;;
+  freebsd* | dragonfly*)
+    ;;
+  gnu*)
+    ;;
+  hpux9* | hpux10* | hpux11*)
+    case $host_cpu in
+      ia64*)
+        shrext=.so
+        ;;
+      hppa*64*)
+        shrext=.sl
+        ;;
+      *)
+        shrext=.sl
+        ;;
+    esac
+    ;;
+  interix3*)
+    ;;
+  irix5* | irix6* | nonstopux*)
+    case "$host_os" in
+      irix5* | nonstopux*)
+        libsuff= shlibsuff=
+        ;;
+      *)
+        case $LD in
+          *-32|*"-32 "|*-melf32bsmip|*"-melf32bsmip ") libsuff= shlibsuff= ;;
+          *-n32|*"-n32 "|*-melf32bmipn32|*"-melf32bmipn32 ") libsuff=32 shlibsuff=N32 ;;
+          *-64|*"-64 "|*-melf64bmip|*"-melf64bmip ") libsuff=64 shlibsuff=64 ;;
+          *) libsuff= shlibsuff= ;;
+        esac
+        ;;
+    esac
+    ;;
+  linux*oldld* | linux*aout* | linux*coff*)
+    ;;
+  linux*)
+    ;;
+  knetbsd*-gnu)
+    ;;
+  netbsd*)
+    ;;
+  newsos6)
+    ;;
+  nto-qnx*)
+    ;;
+  openbsd*)
+    ;;
+  os2*)
+    libname_spec='$name'
+    shrext=.dll
+    ;;
+  osf3* | osf4* | osf5*)
+    ;;
+  solaris*)
+    ;;
+  sunos4*)
+    ;;
+  sysv4 | sysv4.3*)
+    ;;
+  sysv4*MP*)
+    ;;
+  sysv5* | sco3.2v5* | sco5v6* | unixware* | OpenUNIX* | sysv4*uw2*)
+    ;;
+  uts4*)
+    ;;
+esac
+
+sed_quote_subst='s/\(["`$\\]\)/\\\1/g'
+escaped_wl=`echo "X$wl" | sed -e 's/^X//' -e "$sed_quote_subst"`
+shlibext=`echo "$shrext" | sed -e 's,^\.,,'`
+escaped_hardcode_libdir_flag_spec=`echo "X$hardcode_libdir_flag_spec" | sed -e 's/^X//' -e "$sed_quote_subst"`
+
+LC_ALL=C sed -e 's/^\([a-zA-Z0-9_]*\)=/acl_cv_\1=/' <<EOF
+
+# How to pass a linker flag through the compiler.
+wl="$escaped_wl"
+
+# Static library suffix (normally "a").
+libext="$libext"
+
+# Shared library suffix (normally "so").
+shlibext="$shlibext"
+
+# Flag to hardcode \$libdir into a binary during linking.
+# This must work even if \$libdir does not exist.
+hardcode_libdir_flag_spec="$escaped_hardcode_libdir_flag_spec"
+
+# Whether we need a single -rpath flag with a separated argument.
+hardcode_libdir_separator="$hardcode_libdir_separator"
+
+# Set to yes if using DIR/libNAME.so during linking hardcodes DIR into the
+# resulting binary.
+hardcode_direct="$hardcode_direct"
+
+# Set to yes if using the -LDIR flag during linking hardcodes DIR into the
+# resulting binary.
+hardcode_minus_L="$hardcode_minus_L"
+
+EOF

configure.in

@@ -1,6 +1,6 @@
 dnl Process this file with autoconf to produce a configure script.
 AC_INIT
-AM_INIT_AUTOMAKE(shadow, 4.2)
+AM_INIT_AUTOMAKE(shadow, 4.2.1)
 AC_CONFIG_HEADERS([config.h])
 
 dnl Some hacks...

contrib/Makefile.in

@@ -0,0 +1,461 @@
+# Makefile.in generated by automake 1.13.3 from Makefile.am.
+# @configure_input@
+
+# Copyright (C) 1994-2013 Free Software Foundation, Inc.
+
+# This Makefile.in is free software; the Free Software Foundation
+# gives unlimited permission to copy and/or distribute it,
+# with or without modifications, as long as this notice is preserved.
+
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY, to the extent permitted by law; without
+# even the implied warranty of MERCHANTABILITY or FITNESS FOR A
+# PARTICULAR PURPOSE.
+
+@SET_MAKE@
+
+# This is a dummy Makefile.am to get automake work flawlessly,
+# and also cooperate to make a distribution for `make dist'
+VPATH = @srcdir@
+am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)'
+am__make_running_with_option = \
+  case $${target_option-} in \
+      ?) ;; \
+      *) echo "am__make_running_with_option: internal error: invalid" \
+              "target option '$${target_option-}' specified" >&2; \
+         exit 1;; \
+  esac; \
+  has_opt=no; \
+  sane_makeflags=$$MAKEFLAGS; \
+  if $(am__is_gnu_make); then \
+    sane_makeflags=$$MFLAGS; \
+  else \
+    case $$MAKEFLAGS in \
+      *\\[\ \	]*) \
+        bs=\\; \
+        sane_makeflags=`printf '%s\n' "$$MAKEFLAGS" \
+          | sed "s/$$bs$$bs[$$bs $$bs	]*//g"`;; \
+    esac; \
+  fi; \
+  skip_next=no; \
+  strip_trailopt () \
+  { \
+    flg=`printf '%s\n' "$$flg" | sed "s/$$1.*$$//"`; \
+  }; \
+  for flg in $$sane_makeflags; do \
+    test $$skip_next = yes && { skip_next=no; continue; }; \
+    case $$flg in \
+      *=*|--*) continue;; \
+        -*I) strip_trailopt 'I'; skip_next=yes;; \
+      -*I?*) strip_trailopt 'I';; \
+        -*O) strip_trailopt 'O'; skip_next=yes;; \
+      -*O?*) strip_trailopt 'O';; \
+        -*l) strip_trailopt 'l'; skip_next=yes;; \
+      -*l?*) strip_trailopt 'l';; \
+      -[dEDm]) skip_next=yes;; \
+      -[JT]) skip_next=yes;; \
+    esac; \
+    case $$flg in \
+      *$$target_option*) has_opt=yes; break;; \
+    esac; \
+  done; \
+  test $$has_opt = yes
+am__make_dryrun = (target_option=n; $(am__make_running_with_option))
+am__make_keepgoing = (target_option=k; $(am__make_running_with_option))
+pkgdatadir = $(datadir)/@PACKAGE@
+pkgincludedir = $(includedir)/@PACKAGE@
+pkglibdir = $(libdir)/@PACKAGE@
+pkglibexecdir = $(libexecdir)/@PACKAGE@
+am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd
+install_sh_DATA = $(install_sh) -c -m 644
+install_sh_PROGRAM = $(install_sh) -c
+install_sh_SCRIPT = $(install_sh) -c
+INSTALL_HEADER = $(INSTALL_DATA)
+transform = $(program_transform_name)
+NORMAL_INSTALL = :
+PRE_INSTALL = :
+POST_INSTALL = :
+NORMAL_UNINSTALL = :
+PRE_UNINSTALL = :
+POST_UNINSTALL = :
+build_triplet = @build@
+host_triplet = @host@
+subdir = contrib
+DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am README
+ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
+am__aclocal_m4_deps = $(top_srcdir)/acinclude.m4 \
+	$(top_srcdir)/configure.in
+am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
+	$(ACLOCAL_M4)
+mkinstalldirs = $(install_sh) -d
+CONFIG_HEADER = $(top_builddir)/config.h
+CONFIG_CLEAN_FILES =
+CONFIG_CLEAN_VPATH_FILES =
+AM_V_P = $(am__v_P_@AM_V@)
+am__v_P_ = $(am__v_P_@AM_DEFAULT_V@)
+am__v_P_0 = false
+am__v_P_1 = :
+AM_V_GEN = $(am__v_GEN_@AM_V@)
+am__v_GEN_ = $(am__v_GEN_@AM_DEFAULT_V@)
+am__v_GEN_0 = @echo "  GEN     " $@;
+am__v_GEN_1 = 
+AM_V_at = $(am__v_at_@AM_V@)
+am__v_at_ = $(am__v_at_@AM_DEFAULT_V@)
+am__v_at_0 = @
+am__v_at_1 = 
+SOURCES =
+DIST_SOURCES =
+am__can_run_installinfo = \
+  case $$AM_UPDATE_INFO_DIR in \
+    n|no|NO) false;; \
+    *) (install-info --version) >/dev/null 2>&1;; \
+  esac
+am__tagged_files = $(HEADERS) $(SOURCES) $(TAGS_FILES) $(LISP)
+DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
+ACLOCAL = @ACLOCAL@
+AMTAR = @AMTAR@
+AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@
+AR = @AR@
+AUTOCONF = @AUTOCONF@
+AUTOHEADER = @AUTOHEADER@
+AUTOMAKE = @AUTOMAKE@
+AWK = @AWK@
+CC = @CC@
+CCDEPMODE = @CCDEPMODE@
+CFLAGS = @CFLAGS@
+CPP = @CPP@
+CPPFLAGS = @CPPFLAGS@
+CYGPATH_W = @CYGPATH_W@
+DEFS = @DEFS@
+DEPDIR = @DEPDIR@
+DLLTOOL = @DLLTOOL@
+DSYMUTIL = @DSYMUTIL@
+DUMPBIN = @DUMPBIN@
+ECHO_C = @ECHO_C@
+ECHO_N = @ECHO_N@
+ECHO_T = @ECHO_T@
+EGREP = @EGREP@
+EXEEXT = @EXEEXT@
+FGREP = @FGREP@
+GETTEXT_MACRO_VERSION = @GETTEXT_MACRO_VERSION@
+GMSGFMT = @GMSGFMT@
+GMSGFMT_015 = @GMSGFMT_015@
+GREP = @GREP@
+GROUP_NAME_MAX_LENGTH = @GROUP_NAME_MAX_LENGTH@
+INSTALL = @INSTALL@
+INSTALL_DATA = @INSTALL_DATA@
+INSTALL_PROGRAM = @INSTALL_PROGRAM@
+INSTALL_SCRIPT = @INSTALL_SCRIPT@
+INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@
+INTLLIBS = @INTLLIBS@
+INTL_MACOSX_LIBS = @INTL_MACOSX_LIBS@
+LD = @LD@
+LDFLAGS = @LDFLAGS@
+LIBACL = @LIBACL@
+LIBATTR = @LIBATTR@
+LIBAUDIT = @LIBAUDIT@
+LIBCRACK = @LIBCRACK@
+LIBCRYPT = @LIBCRYPT@
+LIBICONV = @LIBICONV@
+LIBINTL = @LIBINTL@
+LIBMD = @LIBMD@
+LIBOBJS = @LIBOBJS@
+LIBPAM = @LIBPAM@
+LIBS = @LIBS@
+LIBSELINUX = @LIBSELINUX@
+LIBSEMANAGE = @LIBSEMANAGE@
+LIBSKEY = @LIBSKEY@
+LIBTCB = @LIBTCB@
+LIBTOOL = @LIBTOOL@
+LIPO = @LIPO@
+LN_S = @LN_S@
+LTLIBICONV = @LTLIBICONV@
+LTLIBINTL = @LTLIBINTL@
+LTLIBOBJS = @LTLIBOBJS@
+MAINT = @MAINT@
+MAKEINFO = @MAKEINFO@
+MANIFEST_TOOL = @MANIFEST_TOOL@
+MKDIR_P = @MKDIR_P@
+MSGFMT = @MSGFMT@
+MSGFMT_015 = @MSGFMT_015@
+MSGMERGE = @MSGMERGE@
+NM = @NM@
+NMEDIT = @NMEDIT@
+OBJDUMP = @OBJDUMP@
+OBJEXT = @OBJEXT@
+OTOOL = @OTOOL@
+OTOOL64 = @OTOOL64@
+PACKAGE = @PACKAGE@
+PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@
+PACKAGE_NAME = @PACKAGE_NAME@
+PACKAGE_STRING = @PACKAGE_STRING@
+PACKAGE_TARNAME = @PACKAGE_TARNAME@
+PACKAGE_URL = @PACKAGE_URL@
+PACKAGE_VERSION = @PACKAGE_VERSION@
+PATH_SEPARATOR = @PATH_SEPARATOR@
+POSUB = @POSUB@
+RANLIB = @RANLIB@
+SED = @SED@
+SET_MAKE = @SET_MAKE@
+SHELL = @SHELL@
+STRIP = @STRIP@
+USE_NLS = @USE_NLS@
+VERSION = @VERSION@
+XGETTEXT = @XGETTEXT@
+XGETTEXT_015 = @XGETTEXT_015@
+XGETTEXT_EXTRA_OPTIONS = @XGETTEXT_EXTRA_OPTIONS@
+XMLCATALOG = @XMLCATALOG@
+XML_CATALOG_FILE = @XML_CATALOG_FILE@
+XSLTPROC = @XSLTPROC@
+YACC = @YACC@
+YFLAGS = @YFLAGS@
+abs_builddir = @abs_builddir@
+abs_srcdir = @abs_srcdir@
+abs_top_builddir = @abs_top_builddir@
+abs_top_srcdir = @abs_top_srcdir@
+ac_ct_AR = @ac_ct_AR@
+ac_ct_CC = @ac_ct_CC@
+ac_ct_DUMPBIN = @ac_ct_DUMPBIN@
+am__include = @am__include@
+am__leading_dot = @am__leading_dot@
+am__quote = @am__quote@
+am__tar = @am__tar@
+am__untar = @am__untar@
+bindir = @bindir@
+build = @build@
+build_alias = @build_alias@
+build_cpu = @build_cpu@
+build_os = @build_os@
+build_vendor = @build_vendor@
+builddir = @builddir@
+datadir = @datadir@
+datarootdir = @datarootdir@
+docdir = @docdir@
+dvidir = @dvidir@
+exec_prefix = @exec_prefix@
+host = @host@
+host_alias = @host_alias@
+host_cpu = @host_cpu@
+host_os = @host_os@
+host_vendor = @host_vendor@
+htmldir = @htmldir@
+includedir = @includedir@
+infodir = @infodir@
+install_sh = @install_sh@
+libdir = @libdir@
+libexecdir = @libexecdir@
+localedir = @localedir@
+localstatedir = @localstatedir@
+mandir = @mandir@
+mkdir_p = @mkdir_p@
+oldincludedir = @oldincludedir@
+pdfdir = @pdfdir@
+prefix = @prefix@
+program_transform_name = @program_transform_name@
+psdir = @psdir@
+sbindir = @sbindir@
+sharedstatedir = @sharedstatedir@
+srcdir = @srcdir@
+sysconfdir = @sysconfdir@
+target_alias = @target_alias@
+top_build_prefix = @top_build_prefix@
+top_builddir = @top_builddir@
+top_srcdir = @top_srcdir@
+EXTRA_DIST = README adduser.c adduser-old.c adduser.sh adduser2.sh \
+ atudel groupmems.shar pwdauth.c shadow-anonftp.patch \
+ udbachk.tgz
+
+all: all-am
+
+.SUFFIXES:
+$(srcdir)/Makefile.in: @MAINTAINER_MODE_TRUE@ $(srcdir)/Makefile.am  $(am__configure_deps)
+	@for dep in $?; do \
+	  case '$(am__configure_deps)' in \
+	    *$$dep*) \
+	      ( cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh ) \
+	        && { if test -f $@; then exit 0; else break; fi; }; \
+	      exit 1;; \
+	  esac; \
+	done; \
+	echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu contrib/Makefile'; \
+	$(am__cd) $(top_srcdir) && \
+	  $(AUTOMAKE) --gnu contrib/Makefile
+.PRECIOUS: Makefile
+Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
+	@case '$?' in \
+	  *config.status*) \
+	    cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \
+	  *) \
+	    echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \
+	    cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \
+	esac;
+
+$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES)
+	cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+
+$(top_srcdir)/configure: @MAINTAINER_MODE_TRUE@ $(am__configure_deps)
+	cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+$(ACLOCAL_M4): @MAINTAINER_MODE_TRUE@ $(am__aclocal_m4_deps)
+	cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+$(am__aclocal_m4_deps):
+
+mostlyclean-libtool:
+	-rm -f *.lo
+
+clean-libtool:
+	-rm -rf .libs _libs
+tags TAGS:
+
+ctags CTAGS:
+
+cscope cscopelist:
+
+
+distdir: $(DISTFILES)
+	@srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
+	topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
+	list='$(DISTFILES)'; \
+	  dist_files=`for file in $$list; do echo $$file; done | \
+	  sed -e "s|^$$srcdirstrip/||;t" \
+	      -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \
+	case $$dist_files in \
+	  */*) $(MKDIR_P) `echo "$$dist_files" | \
+			   sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \
+			   sort -u` ;; \
+	esac; \
+	for file in $$dist_files; do \
+	  if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \
+	  if test -d $$d/$$file; then \
+	    dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \
+	    if test -d "$(distdir)/$$file"; then \
+	      find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \
+	    fi; \
+	    if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \
+	      cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \
+	      find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \
+	    fi; \
+	    cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \
+	  else \
+	    test -f "$(distdir)/$$file" \
+	    || cp -p $$d/$$file "$(distdir)/$$file" \
+	    || exit 1; \
+	  fi; \
+	done
+check-am: all-am
+check: check-am
+all-am: Makefile
+installdirs:
+install: install-am
+install-exec: install-exec-am
+install-data: install-data-am
+uninstall: uninstall-am
+
+install-am: all-am
+	@$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am
+
+installcheck: installcheck-am
+install-strip:
+	if test -z '$(STRIP)'; then \
+	  $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
+	    install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
+	      install; \
+	else \
+	  $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
+	    install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
+	    "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'" install; \
+	fi
+mostlyclean-generic:
+
+clean-generic:
+
+distclean-generic:
+	-test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES)
+	-test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES)
+
+maintainer-clean-generic:
+	@echo "This command is intended for maintainers to use"
+	@echo "it deletes files that may require special tools to rebuild."
+clean: clean-am
+
+clean-am: clean-generic clean-libtool mostlyclean-am
+
+distclean: distclean-am
+	-rm -f Makefile
+distclean-am: clean-am distclean-generic
+
+dvi: dvi-am
+
+dvi-am:
+
+html: html-am
+
+html-am:
+
+info: info-am
+
+info-am:
+
+install-data-am:
+
+install-dvi: install-dvi-am
+
+install-dvi-am:
+
+install-exec-am:
+
+install-html: install-html-am
+
+install-html-am:
+
+install-info: install-info-am
+
+install-info-am:
+
+install-man:
+
+install-pdf: install-pdf-am
+
+install-pdf-am:
+
+install-ps: install-ps-am
+
+install-ps-am:
+
+installcheck-am:
+
+maintainer-clean: maintainer-clean-am
+	-rm -f Makefile
+maintainer-clean-am: distclean-am maintainer-clean-generic
+
+mostlyclean: mostlyclean-am
+
+mostlyclean-am: mostlyclean-generic mostlyclean-libtool
+
+pdf: pdf-am
+
+pdf-am:
+
+ps: ps-am
+
+ps-am:
+
+uninstall-am:
+
+.MAKE: install-am install-strip
+
+.PHONY: all all-am check check-am clean clean-generic clean-libtool \
+	cscopelist-am ctags-am distclean distclean-generic \
+	distclean-libtool distdir dvi dvi-am html html-am info info-am \
+	install install-am install-data install-data-am install-dvi \
+	install-dvi-am install-exec install-exec-am install-html \
+	install-html-am install-info install-info-am install-man \
+	install-pdf install-pdf-am install-ps install-ps-am \
+	install-strip installcheck installcheck-am installdirs \
+	maintainer-clean maintainer-clean-generic mostlyclean \
+	mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \
+	tags-am uninstall uninstall-am
+
+
+# Tell versions [3.59,3.63) of GNU make to not export all variables.
+# Otherwise a system limit (for SysV at least) may be exceeded.
+.NOEXPORT:

debian/Makefile

@@ -1,16 +0,0 @@
-PKG=shadow
-SITE=ftp://pkg-shadow.alioth.debian.org/pub/pkg-shadow/
-
-deb:: check_cheese
-
-include /usr/share/quilt/quilt.debbuild.mk
-
-check_cheese:
-	@dpkg-parsechangelog | grep -q "\* The \".*\".* release\." || { \
-		echo ""; \
-		echo " **                                  **"; \
-		echo " **  Warning: not a cheesy release!  **"; \
-		echo " **                                  **"; \
-		echo ""; \
-		exit 1; \
-	}

debian/NEWS

@@ -1,36 +0,0 @@
-shadow (1:4.0.15-5) unstable; urgency=low
-
-  * commands passed in argument to su must use su's -c option and must quote
-    the command if it contains a space, as in:
-        su - root -c "ls -l /"
-    The following commands won't work anymore:
-        su - root -c ls -l /
-        su - root "ls -l /"
-        su - root ls -l /
-
- -- Christian Perrier <bubulle@debian.org>  Sat,  8 Apr 2006 20:11:38 +0200
-
-shadow (1:4.0.14-1) unstable; urgency=low
-
-  * passwd does not support the -f, -s, and -g options anymore. You should use
-    the chfn, chsh and gpasswd utilities instead.
-  * login now distributes the nologin utility, which can be used as a shell
-    to politely refuse a login
-
- -- Christian Perrier <bubulle@debian.org>  Thu,  5 Jan 2006 08:47:44 +0100
-
-shadow (1:4.0.12-1) unstable; urgency=low
-
-  CLOSE_SESSIONS and other variables are not used anymore in
-  /etc/login/defs.
-  As shadow utilities which use this file now warn about unknown
-  entries there, administrators should remove such unknown entries.
-  The supplied login.defs file does not include them anymore.
-
-  dpasswd is no more distributed by upstream. Login do not support
-  dialup password anymore.  Re-introducing this functionality in
-  upstream is not trivial.
-
-
- -- Christian Perrier <bubulle@debian.org>  Thu, 25 Aug 2005 08:38:47 +0200
-

debian/README.debian

@@ -1,62 +0,0 @@
-Read this file first for a brief overview of the new versions of login
-and passwd.
-
-
----Shadow passwords
-
-The command `shadowconfig on' will turn on shadow password support.
-`shadowconfig off' will turn it back off.  If you turn on shadow
-password support, you'll gain the ability to set password ages and
-expirations with chage(1).
-
-NOTE: If you use the nscd package, you may have problems with a
-slight delay in updating the password information. You may notice
-this during upgrades of certain packages that try to add a system
-user and then access the users information immediately afterwards.
-To avoid this, it is suggested that you stop the nscd daemon before
-upgrades, then restart it again.
-
----General configuration
-
-Most of the configuration for the shadow utilities is in
-/etc/login.defs.  See login.defs(5).  The defaults are quite
-reasonable.
-
-Also see the /etc/pam.d/* files for each program to configure the PAM
-support. PAM documentation is available in several formats in the
-libpam-doc package.
-
-
----MD5 Encryption
-
-This is enabled now using the /etc/pam.d/* files. Examples are given.
-
-
----Adding users and groups
-
-Though you may add users and groups with the SysV type commands,
-useradd and groupadd, I recommend you add them with Debian adduser
-version 3+.  adduser gives you more configuration and conforms to the
-Debian UID and GID allocation.
-
-Editing user and group parameters can be done with usermod and
-groupmod.  Removing users and groups can be done with userdel and
-groupdel.
-
-
---- Group administration
-
-Local group allocation is much easier.  With gpasswd(1) you can
-designate users to administer groups.  They can then securely add or
-remove users from the group.
-
-
---- What to read next?
-
-Read the manpages, the other files in this directory, and the Shadow
-Password HOWTO (included in the doc-linux package).  A large portion
-of these files deals with getting shadow installed.  You can, of
-course, ignore those parts.
-
-Also, the libpam-doc package will go a long way to allowing you to take
-full advantage of the PAM authentication scheme.

debian/README.source

@@ -1,17 +0,0 @@
-This package uses quilt to patch the upstream source.
-
-You can find some info on how to generate the patched source, add a new
-modification, and remove an existing modification on:
-	/usr/share/doc/quilt/README.source
-
-================================================================================
-
-To package a new upstream release, you can use the Makefile:
-	svn://svn.debian.org/svn/pkg-shadow/debian/trunk/Makefile
-
-================================================================================
-
-A testsuite is also available. Instruction on how to run this testsuite
-are available on:
-	svn://svn.debian.org/svn/pkg-shadow/debian/trunk/tests/README
-

debian/TODO

@@ -1,19 +0,0 @@
-Things that should be done:
- * Verify the files left in debian/tmp
-   + e.g. /etc/default/adduser should be installed
- * Check the build system: rebuilding the package twoce in the same tree
-   doubles the size of the diff.gz file
-
-Other points (not related to the release of a syncronized shadow):
- * compare the source with the usages and man pages
-   + probably add a sentence to chsh/chfn's manpages about authentication
-     required for ordinary users
- * do something (a tool) for the variables in login.defs
-   In Debian, some tools are not compiled with the PAM support, so upstream
-   getdef.c won't be OK.
-   It should be nice to see in each man page the set of variables used.
-   The Debian package can now compile (export DEB_BUILD_OPTIONS='nostrip debug')
-   with the debugging informations. This may be used to extract the set of
-   variables used in Debian/for each tools.
- * verify all the patches around (I've found patches for at least RedHat,
-   OWL, LFS, Mandriva, Gentoo; are they already applied?)

debian/bugs-usertags

@@ -1,25 +0,0 @@
-This described the usertags used by the team.
-
-For usertags documentation, see
-http://lists.debian.org/debian-devel-announce/2005/09/msg00002.html
-
-All bugs tagged by team members must be tagged with 
-"user pkg-shadow-devel@lists.alioth.debian.org"
-
-Tags list
----------
-
-toclose:         This bug has been announced to be closed in case no more news
-                 or information is received from the bug submitter or someone
-                 else until the delay specified in the limits_YYYYMMDD tag
-
-limits-YYYYMMDD: combine it with "toclose". Specifies the date after which
-                 bugs can be closed without other action in case no news 
-                 is received
-
-manpages-replace A bug reported angainst a manpages-xx package to indicate
-                 conflicting man pages. This tag can be used to tune the
-                 Replaces fields.
-
-su-transition:   This bug is related to the su transition (#276419)
-

debian/compat

@@ -1 +0,0 @@
-6

debian/control

@@ -1,43 +0,0 @@
-Source: shadow
-Section: admin
-Priority: required
-Maintainer: Shadow package maintainers <pkg-shadow-devel@lists.alioth.debian.org>
-Standards-Version: 3.9.5
-Uploaders: Christian Perrier <bubulle@debian.org>, Nicolas FRANCOIS (Nekral) <nicolas.francois@centraliens.net>
-Build-Depends: dh-autoreconf, gettext, libpam0g-dev, debhelper (>= 6.0.7~), quilt, dpkg-dev (>= 1.13.5), xsltproc, docbook-xsl, docbook-xml, libxml2-utils, cdbs, libselinux1-dev [linux-any], libsemanage1-dev [linux-any], gnome-doc-utils (>= 0.4.3), bison, libaudit-dev [linux-any]
-Vcs-Git: git://anonscm.debian.org/git/pkg-shadow/shadow.git
-Vcs-Browser: http://anonscm.debian.org/gitweb/?p=pkg-shadow/shadow.git;a=summary
-Homepage: http://pkg-shadow.alioth.debian.org/
-
-Package: passwd
-Architecture: any
-Depends: ${shlibs:Depends}, ${misc:Depends}, libpam-modules, debianutils (>= 2.15.2)
-Replaces: manpages-tr (<<1.0.5), manpages-zh (<<1.5.1-1)
-Multi-Arch: foreign
-Description: change and administer password and group data
- This package includes passwd, chsh, chfn, and many other programs to
- maintain password and group data.
- .
- Shadow passwords are supported.  See /usr/share/doc/passwd/README.Debian
-
-Package: login
-Architecture: any
-Pre-Depends: ${shlibs:Depends}, ${misc:Depends}, libpam-runtime, libpam-modules (>= 1.1.8-1)
-Conflicts: gnunet (<< 0.7.0c-2), amavisd-new (<<2.3.3-8), python-4suite (<< 0.99cvs20060405-1), backupninja (<< 0.9.3-5), echolot (<< 2.1.8-4)
-Breaks: coreutils (<< 8.21~) [hurd-any], passwd (<< 1:4.1.5.1-2~) [hurd-any], hurd (<< 20140206~) [hurd-any]
-Replaces: manpages-de (<< 0.5-3), manpages-tr (<<1.0.5), manpages-zh (<<1.5.1-1), passwd (<< 1:4.1.5.1-2~) [hurd-any], coreutils (<< 8.21~) [hurd-any], hurd (<< 20140206~) [hurd-any]
-Essential: yes
-Description: system login tools
- These tools are required to be able to login and use your system. The
- login program invokes your user shell and enables command execution. The
- newgrp program is used to change your effective group ID (useful for
- workgroup type situations). The su program allows changing your effective
- user ID (useful being able to execute commands as another user).
-
-Package: uidmap
-Priority: optional
-Depends: ${shlibs:Depends}, ${misc:Depends}
-Architecture: any
-Description: programs to help use subuids
- These programs help unprivileged users to create uid and gid mappings in
- user namespaces.

debian/copyright

@@ -1,103 +0,0 @@
-This is Debian GNU/Linux's prepackaged version of the shadow utilities.
-
-It was downloaded from: <ftp://ftp.pld.org.pl/software/shadow/>. 
-As of May 2007, this site is no longer available.
-
-Copyright:
-
-Parts of this software are copyright 1988 - 1994, Julianne Frances Haugh.
-All rights reserved.
-
-Parts of this software are copyright 1997 - 2001, Marek Michałkiewicz.
-All rights reserved.
-
-Parts of this software are copyright 2001 - 2004, Andrzej Krzysztofowicz
-All rights reserved.
-
-Parts of this software are copyright 2000 - 2007, Tomasz Kłoczko.
-All rights reserved.
-
-Redistribution and use in source and binary forms, with or without
-modification, are permitted provided that the following conditions
-are met:
-1. Redistributions of source code must retain the above copyright
-   notice, this list of conditions and the following disclaimer.
-2. Redistributions in binary form must reproduce the above copyright
-   notice, this list of conditions and the following disclaimer in the
-   documentation and/or other materials provided with the distribution.
-3. Neither the name of Julianne F. Haugh nor the names of its contributors
-   may be used to endorse or promote products derived from this software
-   without specific prior written permission.
-
-THIS SOFTWARE IS PROVIDED BY JULIE HAUGH AND CONTRIBUTORS ``AS IS'' AND
-ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-ARE DISCLAIMED.  IN NO EVENT SHALL JULIE HAUGH OR CONTRIBUTORS BE LIABLE
-FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-SUCH DAMAGE.
-
-This source code is currently archived on ftp.uu.net in the
-comp.sources.misc portion of the USENET archives.  You may also contact
-the author, Julianne F. Haugh, at jockgrrl@ix.netcom.com if you have
-any questions regarding this package.
-
-THIS SOFTWARE IS BEING DISTRIBUTED AS-IS.  THE AUTHORS DISCLAIM ALL
-LIABILITY FOR ANY CONSEQUENCES OF USE.  THE USER IS SOLELY RESPONSIBLE
-FOR THE MAINTENANCE OF THIS SOFTWARE PACKAGE.  THE AUTHORS ARE UNDER NO
-OBLIGATION TO PROVIDE MODIFICATIONS OR IMPROVEMENTS.  THE USER IS
-ENCOURAGED TO TAKE ANY AND ALL STEPS NEEDED TO PROTECT AGAINST ACCIDENTAL
-LOSS OF INFORMATION OR MACHINE RESOURCES.
-
-Special thanks are due to Chip Rosenthal for his fine testing efforts;
-to Steve Simmons for his work in porting this code to BSD; and to Bill
-Kennedy for his contributions of LaserJet printer time and energies.
-Also, thanks for Dennis L. Mumaugh for the initial shadow password
-information and to Tony Walton (olapw@olgb1.oliv.co.uk) for the System
-V Release 4 changes.  Effort in porting to SunOS has been contributed
-by Dr. Michael Newberry (miken@cs.adfa.oz.au) and Micheal J. Miller, Jr.
-(mke@kaberd.rain.com).  Effort in porting to AT&T UNIX System V Release
-4 has been provided by Andrew Herbert (andrew@werple.pub.uu.oz.au).
-Special thanks to Marek Michalkiewicz (marekm@i17linuxb.ists.pwr.wroc.pl)
-for taking over the Linux port of this software.
-
-Source files: login_access.c, login_desrpc.c, login_krb.c are derived
-from the logdaemon-5.0 package, which is under the following license:
-
-/************************************************************************
-* Copyright 1995 by Wietse Venema.  All rights reserved. Individual files
-* may be covered by other copyrights (as noted in the file itself.)
-*
-* This material was originally written and compiled by Wietse Venema at
-* Eindhoven University of Technology, The Netherlands, in 1990, 1991,
-* 1992, 1993, 1994 and 1995.
-*
-* Redistribution and use in source and binary forms are permitted
-* provided that this entire copyright notice is duplicated in all such
-* copies.  
-*
-* This software is provided "as is" and without any expressed or implied
-* warranties, including, without limitation, the implied warranties of
-* merchantibility and fitness for any particular purpose.
-************************************************************************/
-
-Some parts substantially in src/su.c derived from an ancestor of
-su for GNU.  Run a shell with substitute user and group IDs.
-Copyright (C) 1992-2003 Free Software Foundation, Inc.
-
-   This program is free software; you can redistribute it and/or modify
-   it under the terms of the GNU General Public License as published by
-   the Free Software Foundation; either version 2, or (at your option)
-   any later version.
-
-   This program is distributed in the hope that it will be useful,
-   but WITHOUT ANY WARRANTY; without even the implied warranty of
-   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-   GNU General Public License for more details.
-
-   On Debian GNU/Linux systems, the complete text of the GNU General Public
-   License can be found in '/usr/share/common-licenses/GPL-2'

debian/cpgr.8

@@ -1 +0,0 @@
-.so man8/cppw.8

debian/cppw.8

@@ -1,27 +0,0 @@
-.TH CPPW 8 "7 Apr 2005"
-.SH NAME
-cppw, cpgr \- copy with locking the given file to the password or group file
-.SH SYNOPSIS
-\fBcppw\fR [\fB\-h\fR] [\fB\-s\fR] password_file
-.br
-\fBcpgr\fR [\fB\-h\fR] [\fB\-s\fR] group_file
-
-.SH DESCRIPTION
-.BR cppw " and " cpgr
-will copy, with locking, the given file to
-.IR /etc/passwd " and " /etc/group ", respectively."
-With the \fB\-s\fR flag, they will copy the shadow versions of those files,
-.IR /etc/shadow " and " /etc/gshadow ", respectively."
-
-With the \fB\-h\fR flag, the commands display a short help message and exit
-silently.
-.SH "SEE ALSO"
-.BR vipw (8),
-.BR vigr (8),
-.BR group (5),
-.BR passwd (5),
-.BR shadow (5),
-.BR gshadow (5)
-.SH AUTHOR
-\fBcppw\fR and \fBcpgr\fR were written by Stephen Frost, based on
-\fBvipw\fR and \fBvigr\fR written by Guy Maor.

debian/dependencies

@@ -1,94 +0,0 @@
-Build-Depends:
-==============
- * autoconf
- * automake1.9
-   works with 1.7 or 1.9 (at least)
- * libtool
- * gettext
-   POT, PO, GMO regenerated?
- * libpam0g-dev
-   OK
- * debhelper (>= 4.1.16)
- * po-debconf
-   OK
- * quilt
-   patch system
- * dpkg-dev (>= 1.13.5)
- * xsltproc
-   used to generate the manpages
- * docbook-xsl
-   needed for /usr/share/xml/docbook/stylesheet/nwalsh/manpages/docbook.xsl
- * docbook-xml
-   manpages/docbook.xsl includes html/docbook.xsl
-   (But it is not strictly needed. The generated manpages are identical.
-   Without it, a warning is generated.)
-   Needed by JH_CHECK_XML_CATALOG([-//OASIS//DTD DocBook XML V4.1.2//EN], [DocBook XML DTD V4.1.2], [], enable_man=no)
- * libxml2-utils
-   needed by the JH_CHECK_XML_CATALOG macros
- * cdbs
-   used in debian/rules
- * libselinux1-dev [!hurd-i386 !kfreebsd-i386 !kfreebsd-amd64]
- * gnome-doc-utils (>= 0.4.3-1)
-   xml2po, 0.4.3-1 needed for the -l switch.
-
-passwd Depends:
-===============
- * ${shlibs:Depends}
-   OK
- * ${loginpam}
-   - hurd
-     login
-     libpam-modules (>= 0.72-5)
-   - other archs
-     + login (>= 970502-1)
-       login is needed because some passwd utils need /etc/login.defs
-       login is Essential, so this is just to enforce the version
-     + libpam-modules (>= 0.72-5)
- * debianutils (>= 2.15.2)
-   After 1:4.0.12-6, {add,remove}-shell are distributed in debianutils (2.15)
-   /etc/shell was forgotten and introduced in debianutils in 2.15.2
-
-passwd Conflicts:
-=================
-
-passwd Replaces:
-================
-   Some of the passwd man pages are also distributed in some manpages* packages.
-   Look at the debian/02/run test to optimize these dependencies.
-   NOTE: Not all maintainers have been notified.
- * manpages-de (<< 0.4-9), manpages-fi (<< 0.2-4), manpages-fr (<<1.64.0-1), manpages-hu (<< 20010119-5), manpages-it (<< 0.3.4-3), manpages-ja (<< 0.5.0.0.20050915-1), manpages-ko (<< 20050219-2), manpages-es (<< 1.55-4), manpages-es-extra (<< 0.8a-15), manpages-ru (<< 0.98-3)
-   All those packages have been updated during sarge->etch. So these Replaces
-   should be removed after lenny release
- * manpages-tr, manpages-zh
-   Those packages are still in etch, so the Replaces should be kept even
-   after lenny release
-
-login Pre-Depends:
-==================
- * ${shlibs:Depends}
- * libpam-runtime (>= 0.76-14)
-   sarge contained 0.76-22
-
-Why Pre-Depends? (because it's an essential package?)
-
-login Depends:
-==============
- * libpam-modules (>= 0.72-5)
-   libpam-modules is needed.
-   potato contained 0.72-9
-
-login Conflicts:
-================
-
-login Replaces:
-===============
- * Some of the login man pages are also distributed in some manpages* packages.
-   Look at the debian/02/run test to optimize these dependencies.
-   NOTE: Not all maintainers have been notified.
-   - manpages-fi, manpages-fr (<<1.64.0-1), manpages-hu, manpages-it, manpages-ko, manpages-ja (<< 0.5.0.0.20050915-1), manpages-de (<< 0.4-10), manpages-es-extra (<<0.8a-15) 
-     Those are packages that have been updated during sarge->etch. These
-     Replaces should be removed after lenny
-   - manpages-tr, manpages-zh
-     Those packages are still in etch, so the Replaces should be kept even
-     after lenny release
-

debian/login.defs

@@ -1,340 +0,0 @@
-#
-# /etc/login.defs - Configuration control definitions for the login package.
-#
-# Three items must be defined:  MAIL_DIR, ENV_SUPATH, and ENV_PATH.
-# If unspecified, some arbitrary (and possibly incorrect) value will
-# be assumed.  All other items are optional - if not specified then
-# the described action or option will be inhibited.
-#
-# Comment lines (lines beginning with "#") and blank lines are ignored.
-#
-# Modified for Linux.  --marekm
-
-# REQUIRED for useradd/userdel/usermod
-#   Directory where mailboxes reside, _or_ name of file, relative to the
-#   home directory.  If you _do_ define MAIL_DIR and MAIL_FILE,
-#   MAIL_DIR takes precedence.
-#
-#   Essentially:
-#      - MAIL_DIR defines the location of users mail spool files
-#        (for mbox use) by appending the username to MAIL_DIR as defined
-#        below.
-#      - MAIL_FILE defines the location of the users mail spool files as the
-#        fully-qualified filename obtained by prepending the user home
-#        directory before $MAIL_FILE
-#
-# NOTE: This is no more used for setting up users MAIL environment variable
-#       which is, starting from shadow 4.0.12-1 in Debian, entirely the
-#       job of the pam_mail PAM modules
-#       See default PAM configuration files provided for
-#       login, su, etc.
-#
-# This is a temporary situation: setting these variables will soon
-# move to /etc/default/useradd and the variables will then be
-# no more supported
-MAIL_DIR        /var/mail
-#MAIL_FILE      .mail
-
-#
-# Enable logging and display of /var/log/faillog login failure info.
-# This option conflicts with the pam_tally PAM module.
-#
-FAILLOG_ENAB		yes
-
-#
-# Enable display of unknown usernames when login failures are recorded.
-#
-# WARNING: Unknown usernames may become world readable. 
-# See #290803 and #298773 for details about how this could become a security
-# concern
-LOG_UNKFAIL_ENAB	no
-
-#
-# Enable logging of successful logins
-#
-LOG_OK_LOGINS		no
-
-#
-# Enable "syslog" logging of su activity - in addition to sulog file logging.
-# SYSLOG_SG_ENAB does the same for newgrp and sg.
-#
-SYSLOG_SU_ENAB		yes
-SYSLOG_SG_ENAB		yes
-
-#
-# If defined, all su activity is logged to this file.
-#
-#SULOG_FILE	/var/log/sulog
-
-#
-# If defined, file which maps tty line to TERM environment parameter.
-# Each line of the file is in a format something like "vt100  tty01".
-#
-#TTYTYPE_FILE	/etc/ttytype
-
-#
-# If defined, login failures will be logged here in a utmp format
-# last, when invoked as lastb, will read /var/log/btmp, so...
-#
-FTMP_FILE	/var/log/btmp
-
-#
-# If defined, the command name to display when running "su -".  For
-# example, if this is defined as "su" then a "ps" will display the
-# command is "-su".  If not defined, then "ps" would display the
-# name of the shell actually being run, e.g. something like "-sh".
-#
-SU_NAME		su
-
-#
-# If defined, file which inhibits all the usual chatter during the login
-# sequence.  If a full pathname, then hushed mode will be enabled if the
-# user's name or shell are found in the file.  If not a full pathname, then
-# hushed mode will be enabled if the file exists in the user's home directory.
-#
-HUSHLOGIN_FILE	.hushlogin
-#HUSHLOGIN_FILE	/etc/hushlogins
-
-#
-# *REQUIRED*  The default PATH settings, for superuser and normal users.
-#
-# (they are minimal, add the rest in the shell startup files)
-ENV_SUPATH	PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
-ENV_PATH	PATH=/usr/local/bin:/usr/bin:/bin:/usr/local/games:/usr/games
-
-#
-# Terminal permissions
-#
-#	TTYGROUP	Login tty will be assigned this group ownership.
-#	TTYPERM		Login tty will be set to this permission.
-#
-# If you have a "write" program which is "setgid" to a special group
-# which owns the terminals, define TTYGROUP to the group number and
-# TTYPERM to 0620.  Otherwise leave TTYGROUP commented out and assign
-# TTYPERM to either 622 or 600.
-#
-# In Debian /usr/bin/bsd-write or similar programs are setgid tty
-# However, the default and recommended value for TTYPERM is still 0600
-# to not allow anyone to write to anyone else console or terminal
-
-# Users can still allow other people to write them by issuing 
-# the "mesg y" command.
-
-TTYGROUP	tty
-TTYPERM		0600
-
-#
-# Login configuration initializations:
-#
-#	ERASECHAR	Terminal ERASE character ('\010' = backspace).
-#	KILLCHAR	Terminal KILL character ('\025' = CTRL/U).
-#	UMASK		Default "umask" value.
-#
-# The ERASECHAR and KILLCHAR are used only on System V machines.
-# 
-# UMASK is the default umask value for pam_umask and is used by
-# useradd and newusers to set the mode of the new home directories.
-# 022 is the "historical" value in Debian for UMASK
-# 027, or even 077, could be considered better for privacy
-# There is no One True Answer here : each sysadmin must make up his/her
-# mind.
-#
-# If USERGROUPS_ENAB is set to "yes", that will modify this UMASK default value
-# for private user groups, i. e. the uid is the same as gid, and username is
-# the same as the primary group name: for these, the user permissions will be
-# used as group permissions, e. g. 022 will become 002.
-#
-# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
-#
-ERASECHAR	0177
-KILLCHAR	025
-UMASK		022
-
-#
-# Password aging controls:
-#
-#	PASS_MAX_DAYS	Maximum number of days a password may be used.
-#	PASS_MIN_DAYS	Minimum number of days allowed between password changes.
-#	PASS_WARN_AGE	Number of days warning given before a password expires.
-#
-PASS_MAX_DAYS	99999
-PASS_MIN_DAYS	0
-PASS_WARN_AGE	7
-
-#
-# Min/max values for automatic uid selection in useradd
-#
-UID_MIN			 1000
-UID_MAX			60000
-# System accounts
-#SYS_UID_MIN		  100
-#SYS_UID_MAX		  999
-
-#
-# Min/max values for automatic gid selection in groupadd
-#
-GID_MIN			 1000
-GID_MAX			60000
-# System accounts
-#SYS_GID_MIN		  100
-#SYS_GID_MAX		  999
-
-#
-# Max number of login retries if password is bad. This will most likely be
-# overriden by PAM, since the default pam_unix module has it's own built
-# in of 3 retries. However, this is a safe fallback in case you are using
-# an authentication module that does not enforce PAM_MAXTRIES.
-#
-LOGIN_RETRIES		5
-
-#
-# Max time in seconds for login
-#
-LOGIN_TIMEOUT		60
-
-#
-# Which fields may be changed by regular users using chfn - use
-# any combination of letters "frwh" (full name, room number, work
-# phone, home phone).  If not defined, no changes are allowed.
-# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
-# 
-CHFN_RESTRICT		rwh
-
-#
-# Should login be allowed if we can't cd to the home directory?
-# Default in no.
-#
-DEFAULT_HOME	yes
-
-#
-# If defined, this command is run when removing a user.
-# It should remove any at/cron/print jobs etc. owned by
-# the user to be removed (passed as the first argument).
-#
-#USERDEL_CMD	/usr/sbin/userdel_local
-
-#
-# If set to yes, userdel will remove the user´s group if it contains no
-# more members, and useradd will create by default a group with the name
-# of the user.
-#
-# Other former uses of this variable such as setting the umask when
-# user==primary group are not used in PAM environments, such as Debian
-#
-USERGROUPS_ENAB yes
-
-#
-# Instead of the real user shell, the program specified by this parameter
-# will be launched, although its visible name (argv[0]) will be the shell's.
-# The program may do whatever it wants (logging, additional authentification,
-# banner, ...) before running the actual shell.
-#
-# FAKE_SHELL /bin/fakeshell
-
-#
-# If defined, either full pathname of a file containing device names or
-# a ":" delimited list of device names.  Root logins will be allowed only
-# upon these devices.
-#
-# This variable is used by login and su.
-#
-#CONSOLE	/etc/consoles
-#CONSOLE	console:tty01:tty02:tty03:tty04
-
-#
-# List of groups to add to the user's supplementary group set
-# when logging in on the console (as determined by the CONSOLE
-# setting).  Default is none.
-#
-# Use with caution - it is possible for users to gain permanent
-# access to these groups, even when not logged in on the console.
-# How to do it is left as an exercise for the reader...
-#
-# This variable is used by login and su.
-#
-#CONSOLE_GROUPS		floppy:audio:cdrom
-
-#
-# If set to "yes", new passwords will be encrypted using the MD5-based
-# algorithm compatible with the one used by recent releases of FreeBSD.
-# It supports passwords of unlimited length and longer salt strings.
-# Set to "no" if you need to copy encrypted passwords to other systems
-# which don't understand the new algorithm.  Default is "no".
-#
-# This variable is deprecated. You should use ENCRYPT_METHOD.
-#
-#MD5_CRYPT_ENAB	no
-
-#
-# If set to MD5 , MD5-based algorithm will be used for encrypting password
-# If set to SHA256, SHA256-based algorithm will be used for encrypting password
-# If set to SHA512, SHA512-based algorithm will be used for encrypting password
-# If set to DES, DES-based algorithm will be used for encrypting password (default)
-# Overrides the MD5_CRYPT_ENAB option
-#
-# Note: It is recommended to use a value consistent with
-# the PAM modules configuration.
-#
-ENCRYPT_METHOD SHA512
-
-#
-# Only used if ENCRYPT_METHOD is set to SHA256 or SHA512.
-#
-# Define the number of SHA rounds.
-# With a lot of rounds, it is more difficult to brute forcing the password.
-# But note also that it more CPU resources will be needed to authenticate
-# users.
-#
-# If not specified, the libc will choose the default number of rounds (5000).
-# The values must be inside the 1000-999999999 range.
-# If only one of the MIN or MAX values is set, then this value will be used.
-# If MIN > MAX, the highest value will be used.
-#
-# SHA_CRYPT_MIN_ROUNDS 5000
-# SHA_CRYPT_MAX_ROUNDS 5000
-
-################# OBSOLETED BY PAM ##############
-#						#
-# These options are now handled by PAM. Please	#
-# edit the appropriate file in /etc/pam.d/ to	#
-# enable the equivelants of them.
-#
-###############
-
-#MOTD_FILE
-#DIALUPS_CHECK_ENAB
-#LASTLOG_ENAB
-#MAIL_CHECK_ENAB
-#OBSCURE_CHECKS_ENAB
-#PORTTIME_CHECKS_ENAB
-#SU_WHEEL_ONLY
-#CRACKLIB_DICTPATH
-#PASS_CHANGE_TRIES
-#PASS_ALWAYS_WARN
-#ENVIRON_FILE
-#NOLOGINS_FILE
-#ISSUE_FILE
-#PASS_MIN_LEN
-#PASS_MAX_LEN
-#ULIMIT
-#ENV_HZ
-#CHFN_AUTH
-#CHSH_AUTH
-#FAIL_DELAY
-
-################# OBSOLETED #######################
-#						  #
-# These options are no more handled by shadow.    #
-#                                                 #
-# Shadow utilities will display a warning if they #
-# still appear.                                   #
-#                                                 #
-###################################################
-
-# CLOSE_SESSIONS
-# LOGIN_STRING
-# NO_PASSWORD_CONSOLE
-# QMAIL_DIR
-
-
-

debian/login.dirs

@@ -1 +0,0 @@
-usr/share/lintian/overrides

debian/login.install

@@ -1,25 +0,0 @@
-usr/share/locale/*/LC_MESSAGES/shadow.mo
-usr/share/man/*/man1/login.1
-usr/share/man/*/man1/newgrp.1
-usr/share/man/*/man1/sg.1
-usr/share/man/*/man1/su.1
-usr/share/man/*/man5/faillog.5
-usr/share/man/*/man5/login.defs.5
-usr/share/man/*/man8/faillog.8
-usr/share/man/*/man8/lastlog.8
-usr/share/man/*/man8/nologin.8
-usr/share/man/man1/login.1
-usr/share/man/man1/newgrp.1
-usr/share/man/man1/sg.1
-usr/share/man/man1/su.1
-usr/share/man/man5/faillog.5
-usr/share/man/man5/login.defs.5
-usr/share/man/man8/faillog.8
-usr/share/man/man8/lastlog.8
-usr/share/man/man8/nologin.8
-usr/sbin/nologin
-usr/bin/faillog
-usr/bin/lastlog
-usr/bin/newgrp
-bin/login
-bin/su

debian/login.links

@@ -1 +0,0 @@
-usr/bin/newgrp usr/bin/sg

debian/login.lintian-overrides

@@ -1,3 +0,0 @@
-login: setuid-binary usr/bin/newgrp 4755 root/root
-login: setuid-binary bin/su 4755 root/root
-login: possible-missing-colon-in-closes l667:closes bug 336321

debian/login.pam

@@ -1,111 +0,0 @@
-#
-# The PAM configuration file for the Shadow `login' service
-#
-
-# Enforce a minimal delay in case of failure (in microseconds).
-# (Replaces the `FAIL_DELAY' setting from login.defs)
-# Note that other modules may require another minimal delay. (for example,
-# to disable any delay, you should add the nodelay option to pam_unix)
-auth       optional   pam_faildelay.so  delay=3000000
-
-# Outputs an issue file prior to each login prompt (Replaces the
-# ISSUE_FILE option from login.defs). Uncomment for use
-# auth       required   pam_issue.so issue=/etc/issue
-
-# Disallows root logins except on tty's listed in /etc/securetty
-# (Replaces the `CONSOLE' setting from login.defs)
-#
-# With the default control of this module:
-#   [success=ok new_authtok_reqd=ok ignore=ignore user_unknown=bad default=die]
-# root will not be prompted for a password on insecure lines.
-# if an invalid username is entered, a password is prompted (but login
-# will eventually be rejected)
-#
-# You can change it to a "requisite" module if you think root may mis-type
-# her login and should not be prompted for a password in that case. But
-# this will leave the system as vulnerable to user enumeration attacks.
-#
-# You can change it to a "required" module if you think it permits to
-# guess valid user names of your system (invalid user names are considered
-# as possibly being root on insecure lines), but root passwords may be
-# communicated over insecure lines.
-auth [success=ok new_authtok_reqd=ok ignore=ignore user_unknown=bad default=die] pam_securetty.so
-
-# Disallows other than root logins when /etc/nologin exists
-# (Replaces the `NOLOGINS_FILE' option from login.defs)
-auth       requisite  pam_nologin.so
-
-# SELinux needs to be the first session rule. This ensures that any 
-# lingering context has been cleared. Without out this it is possible 
-# that a module could execute code in the wrong domain.
-# When the module is present, "required" would be sufficient (When SELinux
-# is disabled, this returns success.)
-session [success=ok ignore=ignore module_unknown=ignore default=bad] pam_selinux.so close
-
-# This module parses environment configuration file(s)
-# and also allows you to use an extended config
-# file /etc/security/pam_env.conf.
-# 
-# parsing /etc/environment needs "readenv=1"
-session       required   pam_env.so readenv=1
-# locale variables are also kept into /etc/default/locale in etch
-# reading this file *in addition to /etc/environment* does not hurt
-session       required   pam_env.so readenv=1 envfile=/etc/default/locale
-
-# Standard Un*x authentication.
-@include common-auth
-
-# This allows certain extra groups to be granted to a user
-# based on things like time of day, tty, service, and user.
-# Please edit /etc/security/group.conf to fit your needs
-# (Replaces the `CONSOLE_GROUPS' option in login.defs)
-auth       optional   pam_group.so
-
-# Uncomment and edit /etc/security/time.conf if you need to set
-# time restrainst on logins.
-# (Replaces the `PORTTIME_CHECKS_ENAB' option from login.defs
-# as well as /etc/porttime)
-# account    requisite  pam_time.so
-
-# Uncomment and edit /etc/security/access.conf if you need to
-# set access limits.
-# (Replaces /etc/login.access file)
-# account  required       pam_access.so
-
-# Sets up user limits according to /etc/security/limits.conf
-# (Replaces the use of /etc/limits in old login)
-session    required   pam_limits.so
-
-# Prints the last login info upon succesful login
-# (Replaces the `LASTLOG_ENAB' option from login.defs)
-session    optional   pam_lastlog.so
-
-# Prints the message of the day upon succesful login.
-# (Replaces the `MOTD_FILE' option in login.defs)
-session    optional   pam_exec.so type=open_session stdout /bin/uname -snrvm
-session    optional   pam_motd.so
-
-# Prints the status of the user's mailbox upon succesful login
-# (Replaces the `MAIL_CHECK_ENAB' option from login.defs). 
-#
-# This also defines the MAIL environment variable
-# However, userdel also needs MAIL_DIR and MAIL_FILE variables
-# in /etc/login.defs to make sure that removing a user 
-# also removes the user's mail spool file.
-# See comments in /etc/login.defs
-session    optional   pam_mail.so standard
-
-# Sets the loginuid process attribute
-session    required     pam_loginuid.so
-
-# Standard Un*x account and session
-@include common-account
-@include common-session
-@include common-password
-
-# SELinux needs to intervene at login time to ensure that the process
-# starts in the proper default security context. Only sessions which are
-# intended to run in the user's context should be run after this.
-session [success=ok ignore=ignore module_unknown=ignore default=bad] pam_selinux.so open
-# When the module is present, "required" would be sufficient (When SELinux
-# is disabled, this returns success.)

debian/login.postinst

@@ -1,44 +0,0 @@
-#!/bin/sh
-
-set -e
-
-if test "$1" = configure
-then
-	if test -f /etc/init.d/logoutd
-	then 
-		if test "$(md5sum /etc/init.d/logoutd)" = "9080f92783dd53f6f2108e698c06bd53  /etc/init.d/logoutd"
-		then	
-			echo "removing logoutd cruft"
-			rm /etc/init.d/logoutd
-			update-rc.d logoutd remove
-		fi
-	fi
-fi
-rm -f /etc/pam.d/login.pre-upgrade 2>/dev/null
-
-if [ "$1" = "configure" ] && [ "$2" = "" ]
-then
-	# Install faillog during initial installs only
-	if [ ! -f /var/log/faillog ] ; then
-		touch /var/log/faillog
-		chown root:root /var/log/faillog
-		chmod 644 /var/log/faillog
-	fi
-fi
-
-        # Create subuid/subgid if missing
-        if [ ! -e /etc/subuid ]; then
-                touch /etc/subuid
-                chown root:root /etc/subuid
-                chmod 644 /etc/subuid
-        fi
-
-        if [ ! -e /etc/subgid ]; then
-                touch /etc/subgid
-                chown root:root /etc/subgid
-                chmod 644 /etc/subgid
-        fi
-
-#DEBHELPER#
-
-exit 0

debian/login.preinst

@@ -1,52 +0,0 @@
-#! /bin/sh
-
-#
-# see: dh_installdeb(1)
-
-set -e
-
-# summary of how this script can be called:
-#        * <new-preinst> `install'
-#        * <new-preinst> `install' <old-version>
-#        * <new-preinst> `upgrade' <old-version>
-#        * <old-preinst> `abort-upgrade' <new-version>
-#
-# for details, see http://www.debian.org/doc/debian-policy/ or
-# the debian-policy package
-
-remove_md5() {
-    if md5sum $1 2>/dev/null |grep -q $2; then
-	cp $1 $1.pre-upgrade
-	sed -e '/^[^#][ \t]*assword[ \t]*required[ \t]*pam_unix.so/ s/ md5$//' $1 >$1.post-upgrade \
-	    && mv $1.post-upgrade $1
-    fi
-    }
-
-
-case "$1" in
-    install|upgrade)
-        if [ "x$2" != "x" ] ; then
-	    if dpkg --compare-versions $2 lt 1:4.0.3 ; then
-		remove_md5 /etc/pam.d/login 5e61c3334e25625fe1fa4d79cf9123ff
-		fi
-	    fi
-	    
-    ;;
-
-    abort-upgrade)
-    ;;
-
-    *)
-        echo "preinst called with unknown argument \`$1'" >&2
-        exit 1
-    ;;
-esac
-
-# dh_installdeb will replace this with shell code automatically
-# generated by other debhelper scripts.
-
-#DEBHELPER#
-
-exit 0
-
-

debian/login.su.pam

@@ -1,61 +0,0 @@
-#
-# The PAM configuration file for the Shadow `su' service
-#
-
-# This allows root to su without passwords (normal operation)
-auth       sufficient pam_rootok.so
-
-# Uncomment this to force users to be a member of group root
-# before they can use `su'. You can also add "group=foo"
-# to the end of this line if you want to use a group other
-# than the default "root" (but this may have side effect of
-# denying "root" user, unless she's a member of "foo" or explicitly
-# permitted earlier by e.g. "sufficient pam_rootok.so").
-# (Replaces the `SU_WHEEL_ONLY' option from login.defs)
-# auth       required   pam_wheel.so
-
-# Uncomment this if you want wheel members to be able to
-# su without a password.
-# auth       sufficient pam_wheel.so trust
-
-# Uncomment this if you want members of a specific group to not
-# be allowed to use su at all.
-# auth       required   pam_wheel.so deny group=nosu
-
-# Uncomment and edit /etc/security/time.conf if you need to set
-# time restrainst on su usage.
-# (Replaces the `PORTTIME_CHECKS_ENAB' option from login.defs
-# as well as /etc/porttime)
-# account    requisite  pam_time.so
-
-# This module parses environment configuration file(s)
-# and also allows you to use an extended config
-# file /etc/security/pam_env.conf.
-# 
-# parsing /etc/environment needs "readenv=1"
-session       required   pam_env.so readenv=1
-# locale variables are also kept into /etc/default/locale in etch
-# reading this file *in addition to /etc/environment* does not hurt
-session       required   pam_env.so readenv=1 envfile=/etc/default/locale
-
-# Defines the MAIL environment variable
-# However, userdel also needs MAIL_DIR and MAIL_FILE variables
-# in /etc/login.defs to make sure that removing a user 
-# also removes the user's mail spool file.
-# See comments in /etc/login.defs
-#
-# "nopen" stands to avoid reporting new mail when su'ing to another user
-session    optional   pam_mail.so nopen
-
-# Sets up user limits according to /etc/security/limits.conf
-# (Replaces the use of /etc/limits in old login)
-session    required   pam_limits.so
-
-# The standard Unix authentication modules, used with
-# NIS (man nsswitch) as well as normal /etc/passwd and
-# /etc/shadow entries.
-@include common-auth
-@include common-account
-@include common-session
-
-

debian/passwd.chage.pam

@@ -1,8 +0,0 @@
-# The PAM configuration file for the Shadow 'chage' service
-#
-
-# This allows root to change password aging being prompted for a password
-auth		sufficient	pam_rootok.so
-
-# checks for account validity
-account	required	pam_permit.so

debian/passwd.chfn.pam

@@ -1,16 +0,0 @@
-#
-# The PAM configuration file for the Shadow `chfn' service
-#
-
-# This allows root to change user infomation without being
-# prompted for a password
-auth		sufficient	pam_rootok.so
-
-# The standard Unix authentication modules, used with
-# NIS (man nsswitch) as well as normal /etc/passwd and
-# /etc/shadow entries.
-@include common-auth
-@include common-account
-@include common-session
-
-

debian/passwd.chpasswd.pam

@@ -1,5 +0,0 @@
-# The PAM configuration file for the Shadow 'chpasswd' service
-#
-
-@include common-password
-

debian/passwd.chsh.pam

@@ -1,20 +0,0 @@
-#
-# The PAM configuration file for the Shadow `chsh' service
-#
-
-# This will not allow a user to change their shell unless
-# their current one is listed in /etc/shells. This keeps
-# accounts with special shells from changing them.
-auth       required   pam_shells.so
-
-# This allows root to change user shell without being
-# prompted for a password
-auth		sufficient	pam_rootok.so
-
-# The standard Unix authentication modules, used with
-# NIS (man nsswitch) as well as normal /etc/passwd and
-# /etc/shadow entries.
-@include common-auth
-@include common-account
-@include common-session
-

debian/passwd.cron.daily

@@ -1,9 +0,0 @@
-#!/bin/sh
-
-cd /var/backups || exit 0
-
-for FILE in passwd group shadow gshadow; do
-        test -f /etc/$FILE              || continue
-        cmp -s $FILE.bak /etc/$FILE     && continue
-        cp -p /etc/$FILE $FILE.bak && chmod 600 $FILE.bak
-done

debian/passwd.dirs

@@ -1,2 +0,0 @@
-usr/share/lintian/overrides
-etc/default

debian/passwd.examples

@@ -1 +0,0 @@
-debian/passwd.expire.cron

debian/passwd.expire.cron

@@ -1,57 +0,0 @@
-#!/usr/bin/perl
-#
-# passwd.expire.cron: sample expiry notification script for use as a cronjob
-#
-# Copyright 1999 by Ben Collins <bcollins@debian.org>, complete rights granted
-# for use, distribution, modification, etc.
-#
-# Usage:
-#	edit the listed options, including the actual email, then rename to
-#	/etc/cron.daily/passwd
-#
-#	If your users don't have a valid login shell (ie. they are ftp or mail
-#	users only), they will need some other way to change their password
-#	(telnet will work since login will handle password aging, or a poppasswd
-#	program, if they are mail users).
-
-# <CONFIG> #
-
-# should be same as /etc/adduser.conf
-$LOW_UID=1000;
-$HIGH_UID=29999;
-
-# this let's the MTA handle the domain,
-# set it manually if you want. Make sure
-# you also add the @ like "\@domain.com"
-$MAIL_DOM="";
-
-# </CONFIG> #
-
-# Set the current day reference
-$curdays = int(time() / (60 * 60 * 24));
-
-# Now go through the list
-
-open(SH, "< /etc/shadow");
-while (<SH>) {
-    @shent = split(':', $_);
-    @userent = getpwnam($shent[0]);
-    if ($userent[2] >= $LOW_UID && $userent[2] <= $HIGH_UID) {
-	if ($curdays > $shent[2] + $shent[4] - $shent[5] &&
-		$shent[4] != -1 && $shent[4] != 0 &&
-		$shent[5] != -1 && $shent[5] != 0) {
-	    $daysleft = ($shent[2] + $shent[4]) - $curdays;
-	    if ($daysleft == 1) { $days = "day"; } else {$days = "days"; }
-            if ($daysleft < 0) { next; }
-	    open (MAIL, "| mail -s '[WARNING] account will expire in $daysleft $days' $shent[0]${MAIL_DOM}");
-	    print MAIL <<EOF;
-Your account will expire in $daysleft $days. Please change your password before
-then or your account will expire
-EOF
-	    close (MAIL);
-	    # This makes sure we also get a list of almost expired users
-	    print "$shent[0]'s account will expire in $daysleft days\n";
-	}
-    }
-    @userent = getpwent();
-}

debian/passwd.groupadd.pam

@@ -1,8 +0,0 @@
-# The PAM configuration file for the Shadow 'groupadd' service
-#
-
-# This allows root to add groups without being prompted for a password
-auth		sufficient	pam_rootok.so
-
-# checks for account validity
-account	required	pam_permit.so

debian/passwd.groupdel.pam

@@ -1,8 +0,0 @@
-# The PAM configuration file for the Shadow 'groupdel' service
-#
-
-# This allows root to remove groups without being prompted for a password
-auth		sufficient	pam_rootok.so
-
-# checks for account validity
-account	required	pam_permit.so

debian/passwd.groupmod.pam

@@ -1,8 +0,0 @@
-# The PAM configuration file for the Shadow 'groupmod' service
-#
-
-# This allows root to modify groups without being prompted for a password
-auth		sufficient	pam_rootok.so
-
-# checks for account validity
-account	required	pam_permit.so

debian/passwd.install

@@ -1,78 +0,0 @@
-usr/bin/chage
-usr/bin/chfn
-usr/bin/chsh
-usr/bin/expiry
-usr/bin/gpasswd
-usr/bin/passwd
-usr/sbin/chpasswd
-usr/sbin/chgpasswd
-usr/sbin/cppw
-usr/sbin/groupadd
-usr/sbin/groupdel
-usr/sbin/groupmod
-usr/sbin/grpck
-usr/sbin/grpconv
-usr/sbin/grpunconv
-usr/sbin/newusers
-usr/sbin/pwck
-usr/sbin/pwconv
-usr/sbin/pwunconv
-usr/sbin/useradd
-usr/sbin/userdel
-usr/sbin/usermod
-usr/sbin/vipw
-usr/share/man/*/man1/chage.1
-usr/share/man/*/man1/chfn.1
-usr/share/man/*/man1/chsh.1
-usr/share/man/*/man1/expiry.1
-usr/share/man/*/man1/gpasswd.1
-usr/share/man/*/man1/passwd.1
-usr/share/man/*/man5/passwd.5
-usr/share/man/*/man5/shadow.5
-usr/share/man/*/man5/gshadow.5
-usr/share/man/*/man8/chpasswd.8
-usr/share/man/*/man8/groupadd.8
-usr/share/man/*/man8/groupdel.8
-usr/share/man/*/man8/groupmod.8
-usr/share/man/*/man8/grpck.8
-usr/share/man/*/man8/grpconv.8
-usr/share/man/*/man8/grpunconv.8
-usr/share/man/*/man8/newusers.8
-usr/share/man/*/man8/pwck.8
-usr/share/man/*/man8/pwconv.8
-usr/share/man/*/man8/pwunconv.8
-usr/share/man/*/man8/useradd.8
-usr/share/man/*/man8/userdel.8
-usr/share/man/*/man8/usermod.8
-usr/share/man/*/man8/vigr.8
-usr/share/man/*/man8/vipw.8
-usr/share/man/man1/chage.1
-usr/share/man/man1/chfn.1
-usr/share/man/man1/chsh.1
-usr/share/man/man1/expiry.1
-usr/share/man/man1/gpasswd.1
-usr/share/man/man1/passwd.1
-usr/share/man/man5/passwd.5
-usr/share/man/man5/shadow.5
-usr/share/man/man5/gshadow.5
-usr/share/man/man5/subuid.5
-usr/share/man/man5/subgid.5
-usr/share/man/man5/subgid.5
-usr/share/man/man5/subuid.5
-usr/share/man/man8/chgpasswd.8
-usr/share/man/man8/chpasswd.8
-usr/share/man/man8/groupadd.8
-usr/share/man/man8/groupdel.8
-usr/share/man/man8/groupmod.8
-usr/share/man/man8/grpck.8
-usr/share/man/man8/grpconv.8
-usr/share/man/man8/grpunconv.8
-usr/share/man/man8/newusers.8
-usr/share/man/man8/pwck.8
-usr/share/man/man8/pwconv.8
-usr/share/man/man8/pwunconv.8
-usr/share/man/man8/useradd.8
-usr/share/man/man8/userdel.8
-usr/share/man/man8/usermod.8
-usr/share/man/man8/vigr.8
-usr/share/man/man8/vipw.8

debian/passwd.links

@@ -1,2 +0,0 @@
-usr/sbin/vipw usr/sbin/vigr
-usr/sbin/cppw usr/sbin/cpgr

debian/passwd.lintian-overrides

@@ -1,6 +0,0 @@
-passwd: setgid-binary usr/bin/chage 2755 root/shadow
-passwd: setuid-binary usr/bin/chfn 4755 root/root
-passwd: setuid-binary usr/bin/chsh 4755 root/root
-passwd: setgid-binary usr/bin/expiry 2755 root/shadow
-passwd: setuid-binary usr/bin/gpasswd 4755 root/root
-passwd: setuid-binary usr/bin/passwd 4755 root/root

debian/passwd.newusers.pam

@@ -1,5 +0,0 @@
-# The PAM configuration file for the Shadow 'newusers' service
-#
-
-@include common-password
-

debian/passwd.passwd.pam

@@ -1,6 +0,0 @@
-#
-# The PAM configuration file for the Shadow `passwd' service
-#
-
-@include common-password
-

debian/passwd.postinst

@@ -1,44 +0,0 @@
-#!/bin/sh
-
-set -e
-
-case "$1" in
-configure)
-    # Fix permissions on various log files from old versions of the debian
-    # installer, some unrelated to passwd but we decided to put the fix
-    # here since there was no better place. This can safely be removed
-    # after etch is released.
-    if dpkg --compare-versions "$2" lt "1:4.0.14-9"; then
-	    for log in /var/log/base-config* \
-		    $(find /var/log/debian-installer/ /var/log/installer/ -type f 2>/dev/null ); do
-		if [ -e "$log" ]; then
-			chmod 600 "$log"
-		fi
-            done
-    fi
-
-    rm -f /etc/pam.d/passwd.pre-upgrade 2>/dev/null
-	if ! getent group shadow | grep -q '^shadow:[^:]*:42'
-	then
-		groupadd -g 42 shadow || (
-    			cat <<EOF
-Group ID 42 has been allocated for the shadow group.  You have either
-used 42 yourself or created a shadow group with a different ID.
-Please correct this problem and reconfigure with ``dpkg --configure passwd''.
-
-Note that both user and group IDs in the range 0-99 are globally
-allocated by the Debian project and must be the same on every Debian
-system.
-EOF
-    			exit 1
-		)
-	fi
-    ;;
-esac
-
-# Run shadowconfig only on new installs
-[ -z "$2" ] && shadowconfig on
-
-#DEBHELPER#
-
-exit 0

debian/passwd.preinst

@@ -1,51 +0,0 @@
-#! /bin/sh
-
-#
-# see: dh_installdeb(1)
-
-set -e
-
-# summary of how this script can be called:
-#        * <new-preinst> `install'
-#        * <new-preinst> `install' <old-version>
-#        * <new-preinst> `upgrade' <old-version>
-#        * <old-preinst> `abort-upgrade' <new-version>
-#
-# for details, see http://www.debian.org/doc/debian-policy/ or
-# the debian-policy package
-
-remove_md5() {
-    if md5sum $1 2>/dev/null |grep -q $2; then
-	cp $1 $1.pre-upgrade
-	sed -e '/^[^#]*[ \t]*password[ \t]*required[ \t]*pam_unix.so/ s/ md5$//' $1 >$1.post-upgrade \
-	    && mv $1.post-upgrade $1
-    fi
-    }
-
-
-case "$1" in
-    install|upgrade)
-        if [ "x$2" != "x" ] ; then
-	    if dpkg --compare-versions $2 lt 1:4.0.3 ; then
-		remove_md5 /etc/pam.d/passwd 23a5d1465bbc1e39ca6e0c32f22a75c9
-	    fi
-	fi
-    ;;
-
-    abort-upgrade)
-    ;;
-
-    *)
-        echo "preinst called with unknown argument \`$1'" >&2
-        exit 1
-    ;;
-esac
-
-# dh_installdeb will replace this with shell code automatically
-# generated by other debhelper scripts.
-
-#DEBHELPER#
-
-exit 0
-
-

debian/passwd.useradd.pam

@@ -1,8 +0,0 @@
-# The PAM configuration file for the Shadow 'useradd' service
-#
-
-# This allows root to add users without being prompted for a password
-auth		sufficient	pam_rootok.so
-
-# checks for account validity
-account	required	pam_permit.so

debian/passwd.userdel.pam

@@ -1,8 +0,0 @@
-# The PAM configuration file for the Shadow 'userdel' service
-#
-
-# This allows root to remove users without being prompted for a password
-auth		sufficient	pam_rootok.so
-
-# checks for account validity
-account	required	pam_permit.so

debian/passwd.usermod.pam

@@ -1,8 +0,0 @@
-# The PAM configuration file for the Shadow 'groupdel' service
-#
-
-# This allows root to remove groups without being prompted for a password
-auth		sufficient	pam_rootok.so
-
-# checks for account validity
-account	required	pam_permit.so

debian/patches/008_login_log_failure_in_FTMP

@@ -1,55 +0,0 @@
-Goal: Log login failures to the btmp file
-
-Notes:
- * I'm not sure login should add an entry in the FTMP file when PAM is used.
-   (but nothing in /etc/login.defs indicates that the failure is not logged)
-
-Index: git/src/login.c
-===================================================================
---- git.orig/src/login.c
-+++ git/src/login.c
-@@ -831,6 +831,24 @@
- 			(void) puts ("");
- 			(void) puts (_("Login incorrect"));
- 
-+			if (getdef_str("FTMP_FILE") != NULL) {
-+#ifdef USE_UTMPX
-+				struct utmpx *failent =
-+					prepare_utmpx (failent_user,
-+					               tty,
-+					/* FIXME: or fromhost? */hostname,
-+					               utent);
-+#else				/* !USE_UTMPX */
-+				struct utmp *failent =
-+					prepare_utmp (failent_user,
-+					              tty,
-+					              hostname,
-+					              utent);
-+#endif				/* !USE_UTMPX */
-+				failtmp (failent_user, failent);
-+				free (failent);
-+			}
-+
- 			if (failcount >= retries) {
- 				SYSLOG ((LOG_NOTICE,
- 				         "TOO MANY LOGIN TRIES (%u)%s FOR '%s'",
-Index: git/lib/getdef.c
-===================================================================
---- git.orig/lib/getdef.c
-+++ git/lib/getdef.c
-@@ -62,6 +62,7 @@
- 	{"ERASECHAR", NULL},
- 	{"FAIL_DELAY", NULL},
- 	{"FAKE_SHELL", NULL},
-+	{"FTMP_FILE", NULL},
- 	{"GID_MAX", NULL},
- 	{"GID_MIN", NULL},
- 	{"HUSHLOGIN_FILE", NULL},
-@@ -109,7 +110,6 @@
- 	{"ENVIRON_FILE", NULL},
- 	{"ENV_TZ", NULL},
- 	{"FAILLOG_ENAB", NULL},
--	{"FTMP_FILE", NULL},
- 	{"ISSUE_FILE", NULL},
- 	{"LASTLOG_ENAB", NULL},
- 	{"LOGIN_STRING", NULL},

debian/patches/1000_configure_userns

@@ -1,93 +0,0 @@
-=== modified file 'etc/login.defs'
-Index: git/etc/login.defs
-===================================================================
---- git.orig/etc/login.defs
-+++ git/etc/login.defs
-@@ -229,7 +229,7 @@
- # Extra per user uids
- SUB_UID_MIN		   100000
- SUB_UID_MAX		600100000
--SUB_UID_COUNT		    10000
-+SUB_UID_COUNT		    65536
- 
- #
- # Min/max values for automatic gid selection in groupadd(8)
-@@ -242,7 +242,7 @@
- # Extra per user group ids
- SUB_GID_MIN		   100000
- SUB_GID_MAX		600100000
--SUB_GID_COUNT		    10000
-+SUB_GID_COUNT		    65536
- 
- #
- # Max number of login(1) retries if password is bad
-Index: git/src/newusers.c
-===================================================================
---- git.orig/src/newusers.c
-+++ git/src/newusers.c
-@@ -988,8 +988,8 @@
- 	is_shadow_grp = sgr_file_present ();
- #endif
- #ifdef ENABLE_SUBIDS
--	is_sub_uid = sub_uid_file_present ();
--	is_sub_gid = sub_gid_file_present ();
-+	is_sub_uid = sub_uid_file_present () && !rflg;
-+	is_sub_gid = sub_gid_file_present () && !rflg;
- #endif				/* ENABLE_SUBIDS */
- 
- 	open_files ();
-Index: git/src/useradd.c
-===================================================================
---- git.orig/src/useradd.c
-+++ git/src/useradd.c
-@@ -1994,6 +1994,10 @@
- #endif				/* USE_PAM */
- #endif				/* ACCT_TOOLS_SETUID */
- 
-+	/* Needed for userns check */
-+	uid_t uid_min = (uid_t) getdef_ulong ("UID_MIN", 1000UL);
-+	uid_t uid_max = (uid_t) getdef_ulong ("UID_MAX", 60000UL);
-+
- 	/*
- 	 * Get my name so that I can use it to report errors.
- 	 */
-@@ -2023,8 +2027,10 @@
- 	is_shadow_grp = sgr_file_present ();
- #endif
- #ifdef ENABLE_SUBIDS
--	is_sub_uid = sub_uid_file_present ();
--	is_sub_gid = sub_gid_file_present ();
-+	is_sub_uid = sub_uid_file_present () && !rflg &&
-+	    (!user_id || (user_id <= uid_max && user_id >= uid_min));
-+	is_sub_gid = sub_gid_file_present () && !rflg &&
-+	    (!user_id || (user_id <= uid_max && user_id >= uid_min));
- #endif				/* ENABLE_SUBIDS */
- 
- 	get_defaults ();
- 
-Index: git/libmisc/find_new_sub_uids.c
-===================================================================
---- git.orig/libmisc/find_new_sub_uids.c
-+++ git/libmisc/find_new_sub_uids.c
-@@ -58,7 +58,7 @@
- 
- 	min = getdef_ulong ("SUB_UID_MIN", 100000UL);
- 	max = getdef_ulong ("SUB_UID_MAX", 600100000UL);
--	count = getdef_ulong ("SUB_UID_COUNT", 10000);
-+	count = getdef_ulong ("SUB_UID_COUNT", 65536);
- 
- 	if (min > max || count >= max || (min + count - 1) > max) {
- 		(void) fprintf (stderr,
-Index: git/libmisc/find_new_sub_gids.c
-===================================================================
---- git.orig/libmisc/find_new_sub_gids.c
-+++ git/libmisc/find_new_sub_gids.c
-@@ -58,7 +58,7 @@
- 
- 	min = getdef_ulong ("SUB_GID_MIN", 100000UL);
- 	max = getdef_ulong ("SUB_GID_MAX", 600100000UL);
--	count = getdef_ulong ("SUB_GID_COUNT", 10000);
-+	count = getdef_ulong ("SUB_GID_COUNT", 65536);
- 
- 	if (min > max || count >= max || (min + count - 1) > max) {
- 		(void) fprintf (stderr,

debian/patches/401_cppw_src.dpatch

@@ -1,282 +0,0 @@
-#! /bin/sh /usr/share/dpatch/dpatch-run
-## 401_cppw_src.dpatch by  Nicolas FRANCOIS <nicolas.francois@centraliens.net>
-##
-## All lines beginning with `## DP:' are a description of the patch.
-## DP: Add cppw / cpgr
-
-@DPATCH@
-Index: git/src/cppw.c
-===================================================================
---- /dev/null
-+++ git/src/cppw.c
-@@ -0,0 +1,238 @@
-+/*
-+  cppw, cpgr  copy with locking given file over the password or group file
-+  with -s will copy with locking given file over shadow or gshadow file
-+
-+  Copyright (C) 1999 Stephen Frost <sfrost@snowman.net>
-+
-+  Based on vipw, vigr by:
-+  Copyright (C) 1997 Guy Maor <maor@ece.utexas.edu>
-+
-+  This program is free software; you can redistribute it and/or modify
-+  it under the terms of the GNU General Public License as published by
-+  the Free Software Foundation; either version 2 of the License, or
-+  (at your option) any later version.
-+
-+  This program is distributed in the hope that it will be useful, but
-+  WITHOUT ANY WARRANTY; without even the implied warranty of
-+  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
-+  General Public License for more details.
-+
-+  You should have received a copy of the GNU General Public License
-+  along with this program; if not, write to the Free Software
-+  Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
-+
-+  */
-+
-+#include <config.h>
-+#include "defines.h"
-+
-+#include <errno.h>
-+#include <sys/stat.h>
-+#include <unistd.h>
-+#include <stdio.h>
-+#include <stdlib.h>
-+#include <sys/types.h>
-+#include <signal.h>
-+#include <utime.h>
-+#include "exitcodes.h"
-+#include "prototypes.h"
-+#include "pwio.h"
-+#include "shadowio.h"
-+#include "groupio.h"
-+#include "sgroupio.h"
-+
-+
-+const char *Prog;
-+
-+const char *filename, *filenewname;
-+static bool filelocked = false;
-+static int (*unlock) (void);
-+
-+/* local function prototypes */
-+static int create_copy (FILE *fp, const char *dest, struct stat *sb);
-+static void cppwexit (const char *msg, int syserr, int ret);
-+static void cppwcopy (const char *file,
-+                      const char *in_file,
-+                      int (*file_lock) (void),
-+                      int (*file_unlock) (void));
-+
-+static int create_copy (FILE *fp, const char *dest, struct stat *sb)
-+{
-+	struct utimbuf ub;
-+	FILE *bkfp;
-+	int c;
-+	mode_t mask;
-+
-+	mask = umask (077);
-+	bkfp = fopen (dest, "w");
-+	(void) umask (mask);
-+	if (NULL == bkfp) {
-+		return -1;
-+	}
-+
-+	rewind (fp);
-+	while ((c = getc (fp)) != EOF) {
-+		if (putc (c, bkfp) == EOF) {
-+			break;
-+		}
-+	}
-+
-+	if (   (c != EOF)
-+	    || (fflush (bkfp) != 0)) {
-+		(void) fclose (bkfp);
-+		(void) unlink (dest);
-+		return -1;
-+	}
-+	if (   (fsync (fileno (bkfp)) != 0)
-+	    || (fclose (bkfp) != 0)) {
-+		(void) unlink (dest);
-+		return -1;
-+	}
-+
-+	ub.actime = sb->st_atime;
-+	ub.modtime = sb->st_mtime;
-+	if (   (utime (dest, &ub) != 0)
-+	    || (chmod (dest, sb->st_mode) != 0)
-+	    || (chown (dest, sb->st_uid, sb->st_gid) != 0)) {
-+		(void) unlink (dest);
-+		return -1;
-+	}
-+	return 0;
-+}
-+
-+static void cppwexit (const char *msg, int syserr, int ret)
-+{
-+	int err = errno;
-+	if (filelocked) {
-+		(*unlock) ();
-+	}
-+	if (NULL != msg) {
-+		fprintf (stderr, "%s: %s", Prog, msg);
-+		if (0 != syserr) {
-+			fprintf (stderr, ": %s", strerror (err));
-+		}
-+		(void) fputs ("\n", stderr);
-+	}
-+	if (NULL != filename) {
-+		fprintf (stderr, _("%s: %s is unchanged\n"), Prog, filename);
-+	} else {
-+		fprintf (stderr, _("%s: no changes\n"), Prog);
-+	}
-+
-+	exit (ret);
-+}
-+
-+static void cppwcopy (const char *file,
-+                      const char *in_file,
-+                      int (*file_lock) (void),
-+                      int (*file_unlock) (void))
-+{
-+	struct stat st1;
-+	FILE *f;
-+	char filenew[1024];
-+
-+	snprintf (filenew, sizeof filenew, "%s.new", file);
-+	unlock = file_unlock;
-+	filename = file;
-+	filenewname = filenew;
-+
-+	if (access (file, F_OK) != 0) {
-+		cppwexit (file, 1, 1);
-+	}
-+	if (file_lock () == 0) {
-+		cppwexit (_("Couldn't lock file"), 0, 5);
-+	}
-+	filelocked = true;
-+
-+	/* file to copy has same owners, perm */
-+	if (stat (file, &st1) != 0) {
-+		cppwexit (file, 1, 1);
-+	}
-+	f = fopen (in_file, "r");
-+	if (NULL == f) {
-+		cppwexit (in_file, 1, 1);
-+	}
-+	if (create_copy (f, filenew, &st1) != 0) {
-+		cppwexit (_("Couldn't make copy"), errno, 1);
-+	}
-+
-+	/* XXX - here we should check filenew for errors; if there are any,
-+	 * fail w/ an appropriate error code and let the user manually fix
-+	 * it. Use pwck or grpck to do the check.  - Stephen (Shamelessly
-+	 * stolen from '--marekm's comment) */
-+
-+	if (rename (filenew, file) != 0) {
-+		fprintf (stderr, _("%s: can't copy %s: %s)\n"),
-+                         Prog, filenew, strerror (errno));
-+		cppwexit (NULL,0,1);
-+	}
-+
-+	(*file_unlock) ();
-+}
-+
-+int main (int argc, char **argv)
-+{
-+	int flag;
-+	bool cpshadow = false;
-+	char *in_file;
-+	int e = E_USAGE;
-+	bool do_cppw = true;
-+
-+	(void) setlocale (LC_ALL, "");
-+	(void) bindtextdomain (PACKAGE, LOCALEDIR);
-+	(void) textdomain (PACKAGE);
-+
-+	Prog = Basename (argv[0]);
-+	if (strcmp (Prog, "cpgr") == 0) {
-+		do_cppw = false;
-+	}
-+
-+	while ((flag = getopt (argc, argv, "ghps")) != EOF) {
-+		switch (flag) {
-+		case 'p':
-+			do_cppw = true;
-+			break;
-+		case 'g':
-+			do_cppw = false;
-+			break;
-+		case 's':
-+			cpshadow = true;
-+			break;
-+		case 'h':
-+			e = E_SUCCESS;
-+			/*pass through*/
-+		default:
-+			(void) fputs (_("Usage:\n\
-+`cppw <file>' copys over /etc/passwd   `cppw -s <file>' copys over /etc/shadow\n\
-+`cpgr <file>' copys over /etc/group    `cpgr -s <file>' copys over /etc/gshadow\n\
-+"), (E_SUCCESS != e) ? stderr : stdout);
-+			exit (e);
-+		}
-+	}
-+
-+	if (argc != optind + 1) {
-+		cppwexit (_("wrong number of arguments, -h for usage"),0,1);
-+	}
-+
-+	in_file = argv[optind];
-+
-+	if (do_cppw) {
-+		if (cpshadow) {
-+			cppwcopy (SHADOW_FILE, in_file, spw_lock, spw_unlock);
-+		} else {
-+			cppwcopy (PASSWD_FILE, in_file, pw_lock, pw_unlock);
-+		}
-+	} else {
-+#ifdef SHADOWGRP
-+		if (cpshadow) {
-+			cppwcopy (SGROUP_FILE, in_file, sgr_lock, sgr_unlock);
-+		} else
-+#endif				/* SHADOWGRP */
-+		{
-+			cppwcopy (GROUP_FILE, in_file, gr_lock, gr_unlock);
-+		}
-+	}
-+
-+	return 0;
-+}
-+
-Index: git/src/Makefile.am
-===================================================================
---- git.orig/src/Makefile.am
-+++ git/src/Makefile.am
-@@ -29,6 +29,7 @@
- ubin_PROGRAMS += newgidmap newuidmap
- endif
- usbin_PROGRAMS = \
-+	cppw \
- 	chgpasswd \
- 	chpasswd \
- 	groupadd \
-@@ -87,6 +88,7 @@
- chgpasswd_LDADD = $(LDADD) $(LIBPAM_SUID) $(LIBSELINUX) $(LIBCRYPT)
- chsh_LDADD     = $(LDADD) $(LIBPAM) $(LIBSELINUX) $(LIBCRYPT_NOPAM) $(LIBSKEY) $(LIBMD)
- chpasswd_LDADD = $(LDADD) $(LIBPAM) $(LIBSELINUX) $(LIBCRYPT)
-+cppw_LDADD     = $(LDADD) $(LIBSELINUX)
- gpasswd_LDADD  = $(LDADD) $(LIBAUDIT) $(LIBSELINUX) $(LIBCRYPT)
- groupadd_LDADD = $(LDADD) $(LIBPAM_SUID) $(LIBAUDIT) $(LIBSELINUX)
- groupdel_LDADD = $(LDADD) $(LIBPAM_SUID) $(LIBAUDIT) $(LIBSELINUX)
-Index: git/po/POTFILES.in
-===================================================================
---- git.orig/po/POTFILES.in
-+++ git/po/POTFILES.in
-@@ -85,6 +85,7 @@
- src/chgpasswd.c
- src/chpasswd.c
- src/chsh.c
-+src/cppw.c
- src/expiry.c
- src/faillog.c
- src/gpasswd.c

debian/patches/402_cppw_selinux

@@ -1,64 +0,0 @@
-Goal: Add selinux support to cppw
-
-Fix:
-
-Status wrt upstream: cppw is not available upstream.
-                     The patch was made based on the
-                     302_vim_selinux_support patch. It needs to be
-                     reviewed by an SE-Linux aware person.
-
-Depends on 401_cppw_src.dpatch
-
-Index: git/src/cppw.c
-===================================================================
---- git.orig/src/cppw.c
-+++ git/src/cppw.c
-@@ -34,6 +34,9 @@
- #include <sys/types.h>
- #include <signal.h>
- #include <utime.h>
-+#ifdef WITH_SELINUX
-+#include <selinux/selinux.h>
-+#endif				/* WITH_SELINUX */
- #include "exitcodes.h"
- #include "prototypes.h"
- #include "pwio.h"
-@@ -139,6 +142,22 @@
- 	if (access (file, F_OK) != 0) {
- 		cppwexit (file, 1, 1);
- 	}
-+#ifdef WITH_SELINUX
-+	/* if SE Linux is enabled then set the context of all new files
-+	 * to be the context of the file we are editing */
-+	if (is_selinux_enabled () > 0) {
-+		security_context_t passwd_context=NULL;
-+		int ret = 0;
-+		if (getfilecon (file, &passwd_context) < 0) {
-+			cppwexit (_("Couldn't get file context"), errno, 1);
-+		}
-+		ret = setfscreatecon (passwd_context);
-+		freecon (passwd_context);
-+		if (0 != ret) {
-+			cppwexit (_("setfscreatecon () failed"), errno, 1);
-+		}
-+	}
-+#endif				/* WITH_SELINUX */
- 	if (file_lock () == 0) {
- 		cppwexit (_("Couldn't lock file"), 0, 5);
- 	}
-@@ -167,6 +186,15 @@
- 		cppwexit (NULL,0,1);
- 	}
- 
-+#ifdef WITH_SELINUX
-+	/* unset the fscreatecon */
-+	if (is_selinux_enabled () > 0) {
-+		if (setfscreatecon (NULL)) {
-+		cppwexit (_("setfscreatecon() failed"), errno, 1);
-+		}
-+	}
-+#endif				/* WITH_SELINUX */
-+
- 	(*file_unlock) ();
- }
- 

debian/patches/429_login_FAILLOG_ENAB

@@ -1,96 +0,0 @@
-Goal: Re-enable logging and displaying failures on login when login is
-      compiled with PAM and when FAILLOG_ENAB is set to yes. And create the
-      faillog file if it does not exist on postinst (as on Woody).
-Depends: 008_login_more_LOG_UNKFAIL_ENAB
-Fixes: #192849
-
-Note: It could be removed if pam_tally could report the number of failures
-      preceding a successful login.
-
-Index: git/src/login.c
-===================================================================
---- git.orig/src/login.c
-+++ git/src/login.c
-@@ -131,9 +131,9 @@
-                          const char *host,
-                          /*@null@*/const struct utmp *utent);
- 
--#ifndef USE_PAM
- static struct faillog faillog;
- 
-+#ifndef USE_PAM
- static void bad_time_notify (void);
- static void check_nologin (bool login_to_root);
- #else
-@@ -791,6 +791,9 @@
- 				SYSLOG ((LOG_NOTICE,
- 				         "TOO MANY LOGIN TRIES (%u)%s FOR '%s'",
- 				         failcount, fromhost, failent_user));
-+				if ((NULL != pwd) && getdef_bool("FAILLOG_ENAB")) {
-+					failure (pwd->pw_uid, tty, &faillog);
-+				}
- 				fprintf (stderr,
- 				         _("Maximum number of tries exceeded (%u)\n"),
- 				         failcount);
-@@ -808,6 +811,14 @@
- 				         pam_strerror (pamh, retcode)));
- 				failed = true;
- 			}
-+			if (   (NULL != pwd)
-+			    && getdef_bool("FAILLOG_ENAB")
-+			    && ! failcheck (pwd->pw_uid, &faillog, failed)) {
-+				SYSLOG((LOG_CRIT,
-+				        "exceeded failure limit for `%s' %s",
-+				        failent_user, fromhost));
-+				failed = 1;
-+			}
- 
- 			if (!failed) {
- 				break;
-@@ -831,6 +842,10 @@
- 			(void) puts ("");
- 			(void) puts (_("Login incorrect"));
- 
-+			if ((NULL != pwd) && getdef_bool("FAILLOG_ENAB")) {
-+				failure (pwd->pw_uid, tty, &faillog);
-+			}
-+
- 			if (getdef_str("FTMP_FILE") != NULL) {
- #ifdef USE_UTMPX
- 				struct utmpx *failent =
-@@ -1285,6 +1300,7 @@
- 		 */
- #ifndef USE_PAM
- 		motd ();	/* print the message of the day */
-+#endif
- 		if (   getdef_bool ("FAILLOG_ENAB")
- 		    && (0 != faillog.fail_cnt)) {
- 			failprint (&faillog);
-@@ -1297,6 +1313,7 @@
- 				         username, (int) faillog.fail_cnt));
- 			}
- 		}
-+#ifndef USE_PAM
- 		if (   getdef_bool ("LASTLOG_ENAB")
- 		    && (ll.ll_time != 0)) {
- 			time_t ll_time = ll.ll_time;
-Index: git/lib/getdef.c
-===================================================================
---- git.orig/lib/getdef.c
-+++ git/lib/getdef.c
-@@ -61,6 +61,7 @@
- 	{"ENV_SUPATH", NULL},
- 	{"ERASECHAR", NULL},
- 	{"FAIL_DELAY", NULL},
-+	{"FAILLOG_ENAB", NULL},
- 	{"FAKE_SHELL", NULL},
- 	{"FTMP_FILE", NULL},
- 	{"GID_MAX", NULL},
-@@ -109,7 +110,6 @@
- 	{"ENV_HZ", NULL},
- 	{"ENVIRON_FILE", NULL},
- 	{"ENV_TZ", NULL},
--	{"FAILLOG_ENAB", NULL},
- 	{"ISSUE_FILE", NULL},
- 	{"LASTLOG_ENAB", NULL},
- 	{"LOGIN_STRING", NULL},

debian/patches/463_login_delay_obeys_to_PAM

@@ -1,109 +0,0 @@
-Goal: Do not hardcode pam_fail_delay and let pam_unix do its
-      job to set a delay...or not
-
-Fixes: #87648
-
-Status wrt upstream: Forwarded but not applied yet
-
-Note: If removed, FAIL_DELAY must be re-added to /etc/login.defs
-
-Index: git/src/login.c
-===================================================================
---- git.orig/src/login.c
-+++ git/src/login.c
-@@ -525,7 +525,6 @@
- #if defined(HAVE_STRFTIME) && !defined(USE_PAM)
- 	char ptime[80];
- #endif
--	unsigned int delay;
- 	unsigned int retries;
- 	bool subroot = false;
- #ifndef USE_PAM
-@@ -545,6 +544,7 @@
- 	pid_t child;
- 	char *pam_user = NULL;
- #else
-+	unsigned int delay;
- 	struct spwd *spwd = NULL;
- #endif
- 	/*
-@@ -705,7 +705,6 @@
- 	}
- 
- 	environ = newenvp;	/* make new environment active */
--	delay   = getdef_unum ("FAIL_DELAY", 1);
- 	retries = getdef_unum ("LOGIN_RETRIES", RETRIES);
- 
- #ifdef USE_PAM
-@@ -721,8 +720,7 @@
- 
- 	/*
- 	 * hostname & tty are either set to NULL or their correct values,
--	 * depending on how much we know. We also set PAM's fail delay to
--	 * ours.
-+	 * depending on how much we know.
- 	 *
- 	 * PAM_RHOST and PAM_TTY are used for authentication, only use
- 	 * information coming from login or from the caller (e.g. no utmp)
-@@ -731,10 +729,6 @@
- 	PAM_FAIL_CHECK;
- 	retcode = pam_set_item (pamh, PAM_TTY, tty);
- 	PAM_FAIL_CHECK;
--#ifdef HAS_PAM_FAIL_DELAY
--	retcode = pam_fail_delay (pamh, 1000000 * delay);
--	PAM_FAIL_CHECK;
--#endif
- 	/* if fflg, then the user has already been authenticated */
- 	if (!fflg) {
- 		unsigned int failcount = 0;
-@@ -775,12 +769,6 @@
- 			bool failed = false;
- 
- 			failcount++;
--#ifdef HAS_PAM_FAIL_DELAY
--			if (delay > 0) {
--				retcode = pam_fail_delay(pamh, 1000000*delay);
--				PAM_FAIL_CHECK;
--			}
--#endif
- 
- 			retcode = pam_authenticate (pamh, 0);
- 
-@@ -1103,14 +1091,17 @@
- 		free (username);
- 		username = NULL;
- 
-+#ifndef USE_PAM
- 		/*
- 		 * Wait a while (a la SVR4 /usr/bin/login) before attempting
- 		 * to login the user again. If the earlier alarm occurs
- 		 * before the sleep() below completes, login will exit.
- 		 */
-+		delay = getdef_unum ("FAIL_DELAY", 1);
- 		if (delay > 0) {
- 			(void) sleep (delay);
- 		}
-+#endif
- 
- 		(void) puts (_("Login incorrect"));
- 
-Index: git/lib/getdef.c
-===================================================================
---- git.orig/lib/getdef.c
-+++ git/lib/getdef.c
-@@ -60,7 +60,6 @@
- 	{"ENV_PATH", NULL},
- 	{"ENV_SUPATH", NULL},
- 	{"ERASECHAR", NULL},
--	{"FAIL_DELAY", NULL},
- 	{"FAILLOG_ENAB", NULL},
- 	{"FAKE_SHELL", NULL},
- 	{"FTMP_FILE", NULL},
-@@ -110,6 +109,7 @@
- 	{"ENV_HZ", NULL},
- 	{"ENVIRON_FILE", NULL},
- 	{"ENV_TZ", NULL},
-+	{"FAIL_DELAY", NULL},
- 	{"ISSUE_FILE", NULL},
- 	{"LASTLOG_ENAB", NULL},
- 	{"LOGIN_STRING", NULL},

debian/patches/501_commonio_group_shadow

@@ -1,39 +0,0 @@
-Goal: save the [g]shadow files with the 'shadow' group and mode 0440
-
-Fixes: #166793
-
-Index: git/lib/commonio.c
-===================================================================
---- git.orig/lib/commonio.c
-+++ git/lib/commonio.c
-@@ -44,6 +44,7 @@
- #include <errno.h>
- #include <stdio.h>
- #include <signal.h>
-+#include <grp.h>
- #include "nscd.h"
- #ifdef WITH_TCB
- #include <tcb.h>
-@@ -966,13 +967,20 @@
- 			goto fail;
- 		}
- 	} else {
-+		struct group *grp;
- 		/*
- 		 * Default permissions for new [g]shadow files.
- 		 * (passwd and group always exist...)
- 		 */
--		sb.st_mode = 0400;
-+		sb.st_mode = 0440;
- 		sb.st_uid = 0;
--		sb.st_gid = 0;
-+		/*
-+		 * Try to retrieve the shadow's GID, and fall back to GID 0.
-+		 */
-+		if ((grp = getgrnam("shadow")) != NULL)
-+			sb.st_gid = grp->gr_gid;
-+		else
-+			sb.st_gid = 0;
- 	}
- 
- 	snprintf (buf, sizeof buf, "%s+", db->filename);

debian/patches/503_shadowconfig.8

@@ -1,201 +0,0 @@
-Goal: Document the shadowconfig utility
-
-Status wrt upstream: The shadowconfig utility is debian specific.
-                     Its man page also (but it used to be distributed)
-
-Index: git/man/shadowconfig.8
-===================================================================
---- /dev/null
-+++ git/man/shadowconfig.8
-@@ -0,0 +1,41 @@
-+.\"Generated by db2man.xsl. Don't modify this, modify the source.
-+.de Sh \" Subsection
-+.br
-+.if t .Sp
-+.ne 5
-+.PP
-+\fB\\$1\fR
-+.PP
-+..
-+.de Sp \" Vertical space (when we can't use .PP)
-+.if t .sp .5v
-+.if n .sp
-+..
-+.de Ip \" List item
-+.br
-+.ie \\n(.$>=3 .ne \\$3
-+.el .ne 3
-+.IP "\\$1" \\$2
-+..
-+.TH "SHADOWCONFIG" 8 "19 Apr 1997" "" ""
-+.SH NAME
-+shadowconfig \- toggle shadow passwords on and off
-+.SH "SYNOPSIS"
-+.ad l
-+.hy 0
-+.HP 13
-+\fBshadowconfig\fR \fB\fIon\fR\fR | \fB\fIoff\fR\fR
-+.ad
-+.hy
-+
-+.SH "DESCRIPTION"
-+
-+.PP
-+\fBshadowconfig\fR on will turn shadow passwords on; \fIshadowconfig off\fR will turn shadow passwords off\&. \fBshadowconfig\fR will print an error message and exit with a nonzero code if it finds anything awry\&. If that happens, you should correct the error and run it again\&. Turning shadow passwords on when they are already on, or off when they are already off, is harmless\&.
-+
-+.PP
-+Read \fI/usr/share/doc/passwd/README\&.Debian\fR for a brief introduction to shadow passwords and related features\&.
-+
-+.PP
-+Note that turning shadow passwords off and on again will lose all password aging information\&.
-+
-Index: git/man/shadowconfig.8.xml
-===================================================================
---- /dev/null
-+++ git/man/shadowconfig.8.xml
-@@ -0,0 +1,52 @@
-+<?xml version="1.0" encoding="UTF-8"?>
-+<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.3//EN"
-+		"http://www.oasis-open.org/docbook/xml/4.3/docbookx.dtd">
-+<refentry id='shadowconfig.8'>
-+  <!-- $Id: shadowconfig.8.xml,v 1.6 2005/06/15 12:39:27 kloczek Exp $ -->
-+  <refentryinfo>
-+    <date>19 Apr 1997</date>
-+  </refentryinfo>
-+  <refmeta>
-+    <refentrytitle>shadowconfig</refentrytitle>
-+    <manvolnum>8</manvolnum>
-+    <refmiscinfo class='date'>19 Apr 1997</refmiscinfo>
-+    <refmiscinfo class='source'>Debian GNU/Linux</refmiscinfo>
-+  </refmeta>
-+  <refnamediv id='name'>
-+    <refname>shadowconfig</refname>
-+    <refpurpose>toggle shadow passwords on and off</refpurpose>
-+  </refnamediv>
-+
-+  <refsynopsisdiv id='synopsis'>
-+    <cmdsynopsis>
-+      <command>shadowconfig</command>
-+      <group choice='plain'>
-+        <arg choice='plain'><replaceable>on</replaceable></arg>
-+        <arg choice='plain'><replaceable>off</replaceable></arg>
-+      </group>
-+    </cmdsynopsis>
-+  </refsynopsisdiv>
-+
-+  <refsect1 id='description'>
-+    <title>DESCRIPTION</title>
-+    <para><command>shadowconfig</command> on will turn shadow passwords on;
-+      <emphasis remap='B'>shadowconfig off</emphasis> will turn shadow
-+      passwords off. <command>shadowconfig</command> will print an error
-+      message and exit with a nonzero code if it finds anything awry. If
-+      that happens, you should correct the error and run it again. Turning
-+      shadow passwords on when they are already on, or off when they are
-+      already off, is harmless.
-+    </para>
-+
-+    <para>
-+      Read <filename>/usr/share/doc/passwd/README.Debian</filename> for a
-+      brief introduction
-+      to shadow passwords and related features.
-+    </para>
-+
-+    <para>Note that turning shadow passwords off and on again will lose all
-+      password
-+      aging information.
-+    </para>
-+  </refsect1>
-+</refentry>
-Index: git/man/fr/shadowconfig.8
-===================================================================
---- /dev/null
-+++ git/man/fr/shadowconfig.8
-@@ -0,0 +1,26 @@
-+.\" This file was generated with po4a. Translate the source file.
-+.\"
-+.\"$Id: shadowconfig.8,v 1.4 2001/08/23 23:10:48 kloczek Exp $
-+.TH SHADOWCONFIG 8 "19 avril 1997" "Debian GNU/Linux"
-+.SH NOM
-+shadowconfig \- active ou désactive les mots de passe cachés
-+.SH SYNOPSIS
-+\fBshadowconfig\fP \fIon\fP | \fIoff\fP
-+.SH DESCRIPTION
-+.PP
-+\fBshadowconfig on\fP active les mots de passe cachés («\ shadow passwords\ »)\ ; \fBshadowconfig off\fP les désactive. \fBShadowconfig\fP affiche un message
-+d'erreur et quitte avec une valeur de retour non nulle s'il rencontre
-+quelque chose d'inattendu. Dans ce cas, vous devrez corriger l'erreur avant
-+de recommencer.
-+
-+Activer les mots de passe cachés lorsqu'ils sont déjà activés, ou les
-+désactiver lorsqu'ils ne sont pas actifs est sans effet.
-+
-+Lisez \fI/usr/share/doc/passwd/README.Debian\fP pour une brève introduction aux
-+mots de passe cachés et à leurs fonctionnalités.
-+
-+Notez que désactiver puis réactiver les mots de passe cachés aura pour
-+conséquence la perte des informations d'âge sur les mots de passe.
-+.SH TRADUCTION
-+Nicolas FRANÇOIS, 2004.
-+Veuillez signaler toute erreur à <\fIdebian\-l10\-french@lists.debian.org\fR>.
-Index: git/man/ja/shadowconfig.8
-===================================================================
---- /dev/null
-+++ git/man/ja/shadowconfig.8
-@@ -0,0 +1,25 @@
-+.\"     all right reserved,
-+.\" Translated Tue Oct 30 11:59:11 JST 2001
-+.\" by Maki KURODA <mkuroda@aisys-jp.com>
-+.\"
-+.TH SHADOWCONFIG 8 "19 Apr 1997" "Debian GNU/Linux"
-+.SH 名前
-+shadowconfig \- shadow パスワードの設定をオン及びオフに切替える
-+.SH 書式
-+.B "shadowconfig"
-+.IR on " | " off
-+.SH 説明
-+.PP
-+.B shadowconfig on
-+は shadow パスワードを有効にする。
-+.B shadowconfig off
-+は shadow パスワードを無効にする。
-+.B shadowconfig
-+は何らかの間違いがあると、エラーメッセージを表示し、
-+ゼロではない返り値を返す。
-+もしそのようなことが起こった場合、エラーを修正し、再度実行しなければならない。
-+shadow パスワードの設定がすでにオンの場合にオンに設定したり、
-+すでにオフの場合にオフに設定しても、何の影響もない。
-+
-+.I /usr/share/doc/passwd/README.debian.gz
-+には shadow パスワードとそれに関する特徴の簡単な紹介が書かれている。
-Index: git/man/pl/shadowconfig.8
-===================================================================
---- /dev/null
-+++ git/man/pl/shadowconfig.8
-@@ -0,0 +1,27 @@
-+.\" $Id: shadowconfig.8,v 1.3 2001/08/23 23:10:51 kloczek Exp $
-+.\" {PTM/WK/1999-09-14}
-+.TH SHADOWCONFIG 8 "19 kwietnia 1997" "Debian GNU/Linux"
-+.SH NAZWA
-+shadowconfig - przełącza ochronę haseł i grup przez pliki shadow
-+.SH SKŁADNIA
-+.B "shadowconfig"
-+.IR on " | " off
-+.SH OPIS
-+.PP
-+.B shadowconfig on
-+włącza ochronę haseł i grup przez dodatkowe, przesłaniane pliki (shadow);
-+.B shadowconfig off
-+wyłącza dodatkowe pliki haseł i grup.
-+.B shadowconfig
-+wyświetla komunikat o błędzie i kończy pracę z niezerowym kodem jeśli
-+znajdzie coś nieprawidłowego. W takim wypadku powinieneś poprawić błąd
-+.\" if it finds anything awry.
-+i uruchomić program ponownie.
-+
-+Włączenie ochrony haseł, gdy jest ona już włączona lub jej wyłączenie,
-+gdy jest wyłączona jest nieszkodliwe.
-+
-+Przeczytaj
-+.IR /usr/share/doc/passwd/README.debian.gz ,
-+gdzie znajdziesz krótkie wprowadzenie do ochrony haseł z użyciem dodatkowych
-+plików haseł przesłanianych (shadow passwords) i związanych tematów.

debian/patches/505_useradd_recommend_adduser

@@ -1,40 +0,0 @@
-Goal: Recommend using adduser and deluser.
-
-Fixes: #406046
-
-Status wrt upstream: Debian specific patch.
-
-Index: git/man/useradd.8.xml
-===================================================================
---- git.orig/man/useradd.8.xml
-+++ git/man/useradd.8.xml
-@@ -105,6 +105,12 @@
-   <refsect1 id='description'>
-     <title>DESCRIPTION</title>
-       <para>
-+	<command>useradd</command> is a low level utility for adding
-+	users.  On Debian, administrators should usually use
-+	<citerefentry><refentrytitle>adduser</refentrytitle>
-+	<manvolnum>8</manvolnum></citerefentry> instead.
-+      </para>
-+      <para>
- 	When invoked without the <option>-D</option> option, the
- 	<command>useradd</command> command creates a new user account using
- 	the values specified on the command line plus the default values from
-Index: git/man/userdel.8.xml
-===================================================================
---- git.orig/man/userdel.8.xml
-+++ git/man/userdel.8.xml
-@@ -83,6 +83,12 @@
-   <refsect1 id='description'>
-     <title>DESCRIPTION</title>
-     <para>
-+      <command>userdel</command> is a low level utility for removing
-+      users.  On Debian, administrators should usually use
-+      <citerefentry><refentrytitle>deluser</refentrytitle>
-+      <manvolnum>8</manvolnum></citerefentry> instead.
-+    </para>
-+    <para>
-       The <command>userdel</command> command modifies the system account
-       files, deleting all entries that refer to the user name <emphasis
-       remap='I'>LOGIN</emphasis>. The named user must exist.

debian/patches/506_relaxed_usernames

@@ -1,106 +0,0 @@
-Goal: Relaxed usernames/groupnames checking patch.
-
-Status wrt upstream: Debian specific. Not to be used upstream
-
-Details:
- Allows any non-empty user/grounames that don't contain ':', ',' or '\n'
- characters and don't start with '-', '+', or '~'. This patch is more
- restrictive than original Karl's version. closes: #264879
- Also closes: #377844
- 
- Comments from Karl Ramm (shadow 1:4.0.3-9, 20 Aug 2003 02:06:50 -0400):
- 
- I can't come up with a good justification as to why characters other
- than ':'s and '\0's should be disallowed in group and usernames (other
- than '-' as the leading character).  Thus, the maintenance tools don't
- anymore.  closes: #79682, #166798, #171179
-
-Index: git/libmisc/chkname.c
-===================================================================
---- git.orig/libmisc/chkname.c
-+++ git/libmisc/chkname.c
-@@ -48,6 +48,7 @@
- 
- static bool is_valid_name (const char *name)
- {
-+#if 0
- 	/*
- 	 * User/group names must match [a-z_][a-z0-9_-]*[$]
- 	 */
-@@ -66,6 +67,26 @@
- 			return false;
- 		}
- 	}
-+#endif
-+	/*
-+	 * POSIX indicate that usernames are composed of characters from the
-+	 * portable filename character set [A-Za-z0-9._-], and that the hyphen
-+	 * should not be used as the first character of a portable user name.
-+	 *
-+	 * Allow more relaxed user/group names in Debian -- ^[^-~+:,\s][^:,\s]*$
-+	 */
-+	if (   ('\0' == *name)
-+	    || ('-'  == *name)
-+	    || ('~'  == *name)
-+	    || ('+'  == *name)) {
-+		return false;
-+	}
-+	do {
-+		if ((':' == *name) || (',' == *name) || isspace(*name)) {
-+			return false;
-+		}
-+		name++;
-+	} while ('\0' != *name);
- 
- 	return true;
- }
-Index: git/man/useradd.8.xml
-===================================================================
---- git.orig/man/useradd.8.xml
-+++ git/man/useradd.8.xml
-@@ -633,12 +633,20 @@
-     </para>
- 
-     <para>
--      Usernames must start with a lower case letter or an underscore,
-+      It is usually recommended to only use usernames that begin with a lower case letter or an underscore,
-       followed by lower case letters, digits, underscores, or dashes.
-       They can end with a dollar sign.
-       In regular expression terms: [a-z_][a-z0-9_-]*[$]?
-     </para>
-     <para>
-+      On Debian, the only constraints are that usernames must neither start
-+      with a dash ('-') nor plus ('+') nor tilde ('~') nor contain a
-+      colon (':'), a comma (','), or a whitespace (space: ' ',
-+      end of line: '\n', tabulation: '\t', etc.). Note that using a slash
-+      ('/') may break the default algorithm for the definition of the
-+      user's home directory.
-+    </para>
-+    <para>
-       Usernames may only be up to 32 characters long.
-     </para>
-   </refsect1>
-Index: git/man/groupadd.8.xml
-===================================================================
---- git.orig/man/groupadd.8.xml
-+++ git/man/groupadd.8.xml
-@@ -256,12 +256,18 @@
-    <refsect1 id='caveats'>
-      <title>CAVEATS</title>
-      <para>
--       Groupnames must start with a lower case letter or an underscore,
-+       It is usually recommended to only use groupnames that begin with a lower case letter or an underscore,
-        followed by lower case letters, digits, underscores, or dashes.
-        They can end with a dollar sign.
-        In regular expression terms: [a-z_][a-z0-9_-]*[$]?
-      </para>
-      <para>
-+       On Debian, the only constraints are that groupnames must neither start
-+       with a dash ('-') nor plus ('+') nor tilde ('~') nor contain a
-+       colon (':'), a comma (','), or a whitespace (space:' ',
-+       end of line: '\n', tabulation: '\t', etc.).
-+     </para>
-+     <para>
-        Groupnames may only be up to &GROUP_NAME_MAX_LENGTH; characters long.
-      </para>
-      <para>

debian/patches/508_nologin_in_usr_sbin

@@ -1,20 +0,0 @@
-Index: git/src/Makefile.am
-===================================================================
---- git.orig/src/Makefile.am
-+++ git/src/Makefile.am
-@@ -23,7 +23,6 @@
- # $prefix/bin and $prefix/sbin, no install-data hacks...)
- 
- bin_PROGRAMS   = groups login su
--sbin_PROGRAMS  = nologin
- ubin_PROGRAMS  = faillog lastlog chage chfn chsh expiry gpasswd newgrp passwd
- if ENABLE_SUBIDS
- ubin_PROGRAMS += newgidmap newuidmap
-@@ -41,6 +40,7 @@
- 	grpunconv \
- 	logoutd \
- 	newusers \
-+	nologin \
- 	pwck \
- 	pwconv \
- 	pwunconv \

debian/patches/523_su_arguments_are_concatenated

@@ -1,50 +0,0 @@
-Goal: Concatenate the non-su arguments and provide them to the shell with
-      the -c option
-Fixes: #317264
-       see also #276419
-
-Status wrt upstream: This is a Debian specific patch.
-
-Note: the fix of the man page is still missing.
-      (to be taken from the trunk)
-
-Index: git/src/su.c
-===================================================================
---- git.orig/src/su.c
-+++ git/src/su.c
-@@ -1152,6 +1152,35 @@
- 			argv[0] = "-c";
- 			argv[1] = command;
- 		}
-+		/* On Debian, the arguments are concatenated and the
-+		 * resulting string is always given to the shell with its
-+		 * -c option.
-+		 */
-+		{
-+			char **parg;
-+			unsigned int cmd_len = 0;
-+			char *cmd = NULL;
-+			if (strcmp(argv[0], "-c") != 0) {
-+				argv--;
-+				argv[0] = "-c";
-+			}
-+			/* Now argv[0] is always -c, and other arguments
-+			 * can be concatenated
-+			 */
-+			cmd_len = 1; /* finale '\0' */
-+			for (parg = &argv[1]; *parg; parg++) {
-+				cmd_len += strlen (*parg) + 1;
-+			}
-+			cmd = (char *) xmalloc (sizeof (char) * cmd_len);
-+			cmd[0] = '\0';
-+			for (parg = &argv[1]; *parg; parg++) {
-+				strcat (cmd, " ");
-+				strcat (cmd, *parg);
-+			}
-+			cmd[cmd_len - 1] = '\0';
-+			argv[1] = &cmd[1]; /* do not take first space */
-+			argv[2] = NULL;
-+		}
- 		/*
- 		 * Use the shell and create an argv
- 		 * with the rest of the command line included.

debian/patches/523_su_arguments_are_no_more_concatenated_by_default

@@ -1,52 +0,0 @@
-Goal: Do not concatenate the additional arguments, and support an
-      environment variable to revert to the old Debian's su behavior.
-
-This patch needs the su_arguments_are_concatenated patch.
-
-This patch, and su_arguments_are_concatenated should be dropped after
-Etch.
-
-Status wrt upstream: This patch is Debian specific.
-
-Index: git/src/su.c
-===================================================================
---- git.orig/src/su.c
-+++ git/src/su.c
-@@ -104,6 +104,19 @@
- /* If nonzero, change some environment vars to indicate the user su'd to. */
- static bool change_environment = true;
- 
-+/*
-+ * If nonzero, keep the old Debian behavior:
-+ *   * concatenate all the arguments and provide them to the -c option of
-+ *     the shell
-+ *   * If there are some additional arguments, but no -c, add a -c
-+ *     argument anyway
-+ * Drawbacks:
-+ *   * you can't provide options to the shell (other than -c)
-+ *   * you can't rely on the argument count
-+ * See http://bugs.debian.org/276419
-+ */
-+static int old_debian_behavior;
-+
- #ifdef USE_PAM
- static pam_handle_t *pamh = NULL;
- static int caught = 0;
-@@ -949,6 +962,8 @@
- 	int ret;
- #endif				/* USE_PAM */
- 
-+	old_debian_behavior = (getenv("SU_NO_SHELL_ARGS") != NULL);
-+
- 	(void) setlocale (LC_ALL, "");
- 	(void) bindtextdomain (PACKAGE, LOCALEDIR);
- 	(void) textdomain (PACKAGE);
-@@ -1156,7 +1171,7 @@
- 		 * resulting string is always given to the shell with its
- 		 * -c option.
- 		 */
--		{
-+		if (old_debian_behavior) {
- 			char **parg;
- 			unsigned int cmd_len = 0;
- 			char *cmd = NULL;

debian/patches/542_useradd-O_option

@@ -1,47 +0,0 @@
-Goal: accepts the -O flag for backward compatibility. (was used by adduser?)
-
-Note: useradd.8 needs to be regenerated.
-
-Status wrt upstream: not included as this is just specific 
-                     backward compatibility for Debian
-
-Index: git/man/useradd.8.xml
-===================================================================
---- git.orig/man/useradd.8.xml
-+++ git/man/useradd.8.xml
-@@ -329,6 +329,11 @@
- 	    databases are resetted to avoid reusing the entry from a previously
- 	    deleted user.
- 	  </para>
-+          <para>
-+            For the compatibility with previous Debian's
-+            <command>useradd</command>, the <option>-O</option> option is
-+            also supported.
-+          </para>
- 	</listitem>
-       </varlistentry>
-       <varlistentry>
-Index: git/src/useradd.c
-===================================================================
---- git.orig/src/useradd.c
-+++ git/src/useradd.c
-@@ -1056,9 +1056,9 @@
- 		};
- 		while ((c = getopt_long (argc, argv,
- #ifdef WITH_SELINUX
--		                         "b:c:d:De:f:g:G:hk:K:lmMNop:rR:s:u:UZ:",
-+		                         "b:c:d:De:f:g:G:hk:O:K:lmMNop:rR:s:u:UZ:",
- #else				/* !WITH_SELINUX */
--		                         "b:c:d:De:f:g:G:hk:K:lmMNop:rR:s:u:U",
-+		                         "b:c:d:De:f:g:G:hk:O:K:lmMNop:rR:s:u:U",
- #endif				/* !WITH_SELINUX */
- 		                         long_options, NULL)) != -1) {
- 			switch (c) {
-@@ -1181,6 +1181,7 @@
- 				kflg = true;
- 				break;
- 			case 'K':
-+			case 'O': /* compatibility with previous Debian useradd */
- 				/*
- 				 * override login.defs defaults (-K name=value)
- 				 * example: -K UID_MIN=100 -K UID_MAX=499

debian/patches/900_testsuite_groupmems

@@ -1,81 +0,0 @@
---- a/debian/passwd.install
-+++ b/debian/passwd.install
-@@ -9,6 +9,7 @@
- usr/sbin/cppw
- usr/sbin/groupadd
- usr/sbin/groupdel
-+usr/sbin/groupmems
- usr/sbin/groupmod
- usr/sbin/grpck
- usr/sbin/grpconv
-@@ -33,6 +34,7 @@
- usr/share/man/*/man8/chpasswd.8
- usr/share/man/*/man8/groupadd.8
- usr/share/man/*/man8/groupdel.8
-+usr/share/man/*/man8/groupmems.8
- usr/share/man/*/man8/groupmod.8
- usr/share/man/*/man8/grpck.8
- usr/share/man/*/man8/grpconv.8
-@@ -59,6 +61,7 @@
- usr/share/man/man8/chpasswd.8
- usr/share/man/man8/groupadd.8
- usr/share/man/man8/groupdel.8
-+usr/share/man/man8/groupmems.8
- usr/share/man/man8/groupmod.8
- usr/share/man/man8/grpck.8
- usr/share/man/man8/grpconv.8
---- a/debian/passwd.postinst
-+++ b/debian/passwd.postinst
-@@ -31,6 +31,24 @@
-     			exit 1
- 		)
- 	fi
-+	if ! getent group groupmems | grep -q '^groupmems:[^:]*:99'
-+	then
-+		groupadd -g 99 groupmems || (
-+    			cat <<EOF
-+************************  TESTSUITE  *****************************
-+Group ID 99 has been allocated for the groupmems group.  You have either
-+used 99 yourself or created a groupmems group with a different ID.
-+Please correct this problem and reconfigure with ``dpkg --configure passwd''.
-+
-+Note that both user and group IDs in the range 0-99 are globally
-+allocated by the Debian project and must be the same on every Debian
-+system.
-+EOF
-+    			exit 1
-+		)
-+# FIXME
-+		chgrp groupmems /usr/sbin/groupmems
-+	fi
-     ;;
- esac
- 
---- a/debian/rules
-+++ b/debian/rules
-@@ -60,6 +60,7 @@
- 	dh_installpam -p passwd --name=chsh
- 	dh_installpam -p passwd --name=chpasswd
- 	dh_installpam -p passwd --name=newusers
-+	dh_installpam -p passwd --name=groupmems
- ifeq ($(DEB_HOST_ARCH_OS),hurd)
- # login is not built on The Hurd, but some utilities of passwd depends on
- # /etc/login.defs.
-@@ -87,3 +88,6 @@
- 	chgrp shadow debian/passwd/usr/bin/expiry
- 	chmod g+s debian/passwd/usr/bin/chage
- 	chmod g+s debian/passwd/usr/bin/expiry
-+	chgrp groupmems debian/passwd/usr/sbin/groupmems
-+	chmod u+s debian/passwd/usr/sbin/groupmems
-+	chmod o-x debian/passwd/usr/sbin/groupmems
---- /dev/null
-+++ b/debian/passwd.groupmems.pam
-@@ -0,0 +1,8 @@
-+# The PAM configuration file for the Shadow 'groupmod' service
-+#
-+
-+# This allows root to modify groups without being prompted for a password
-+auth		sufficient	pam_rootok.so
-+
-+@include common-auth
-+@include common-account

debian/patches/901_testsuite_gcov

@@ -1,76 +0,0 @@
---- a/lib/Makefile.am
-+++ b/lib/Makefile.am
-@@ -1,6 +1,8 @@
- 
- AUTOMAKE_OPTIONS = 1.0 foreign
- 
-+CFLAGS += -fprofile-arcs -ftest-coverage
-+
- DEFS = 
- 
- noinst_LTLIBRARIES = libshadow.la
---- a/libmisc/Makefile.am
-+++ b/libmisc/Makefile.am
-@@ -1,6 +1,8 @@
- 
- EXTRA_DIST = .indent.pro xgetXXbyYY.c
- 
-+CFLAGS += -fprofile-arcs -ftest-coverage
-+
- INCLUDES = -I$(top_srcdir)/lib
- 
- noinst_LIBRARIES = libmisc.a
---- a/src/Makefile.am
-+++ b/src/Makefile.am
-@@ -7,6 +7,8 @@
- suidperms = 4755
- sgidperms = 2755
- 
-+CFLAGS += -fprofile-arcs -ftest-coverage
-+
- INCLUDES = \
- 	-I${top_srcdir}/lib \
- 	-I$(top_srcdir)/libmisc
---- a/debian/rules
-+++ b/debian/rules
-@@ -40,6 +40,12 @@
- endif
- export CFLAGS
- 
-+clean:: clean_gcov
-+
-+clean_gcov:
-+	find . -name "*.gcda" -delete
-+	find . -name "*.gcno" -delete
-+
- # Add extras to the install process:
- binary-install/login::
- 	dh_installpam -p login
---- a/lib/defines.h
-+++ b/lib/defines.h
-@@ -174,23 +174,9 @@
-    trust the formatted time received from the unix domain (or worse,
-    UDP) socket.  -MM */
- /* Avoid translated PAM error messages: Set LC_ALL to "C".
-+ * This is disabled for coverage testing
-  * --Nekral */
--#define SYSLOG(x)							\
--	do {								\
--		char *old_locale = setlocale (LC_ALL, NULL);		\
--		char *saved_locale = NULL;				\
--		if (NULL != old_locale) {				\
--			saved_locale = strdup (old_locale);		\
--		}							\
--		if (NULL != saved_locale) {				\
--			(void) setlocale (LC_ALL, "C");			\
--		}							\
--		syslog x ;						\
--		if (NULL != saved_locale) {				\
--			(void) setlocale (LC_ALL, saved_locale);	\
--			free (saved_locale);				\
--		}							\
--	} while (false)
-+#define SYSLOG(x) syslog x
- #else				/* !ENABLE_NLS */
- #define SYSLOG(x) syslog x
- #endif				/* !ENABLE_NLS */

debian/patches/README.patches

@@ -1,71 +0,0 @@
-Small intro to the system for numbering the patches here...
-
--The 0xx series of patches are patches isolated from the latest
- version of the shadow Debian package not using quilt in order to
- separate upstream from Debian-specific stuff.
-
- NO MORE PATCHES SHOULD BE ADDED IN THESE SERIES
-
--The 1xx series are l10n patches to upstream 4.0.18.1. As upstream has
- adopted Debian translations, it is very likely that these patches
- will become useless when we will have synced with upstream
-
--The 2xx series are patches for manual pages translations to upstream
- 4.0.18.1.
-
--The 3xx series are patches which have been temporarily applied to 
- Debian's shadow while we *know* they have been applied upstream as well
- These patches should NOT be kept when we will sync with upstream
-
--The 4xx series are patches which have been applied to Debian's shadow
- and have NOT been accepted and/or applied upstream. These patches MUST be kept
- even after resynced with upstream
-
--The 5xx series are patches which are applied to Debian's shadow
- and will never be proposed upstream because they're too specific
- This list SHOULD BE AS SHORT AS POSSIBLE
-
-In short, while we are working towards synchronisation with upstream,
-our goal is to make 0xx patches disappear by moving them either to 3xx
-series (things already implemented upstream) or to 4xx series
-(Debian-specific patches).
-
-
-Short HOWTO for quilt
-=====================
-
-The quilt system can be assimilated to a Pile Of Patches management system.
-Patches live in debian/patches, the working directory is "."
-
-The basic commands are (abbreviation accepted):
-quilt push (asks to apply the next patch in the pile)
-quilt pop  (removes the current patch and go up in the pile)
-quilt refresh (take the current changes in tree onto the patch)
-
-When a file is changed by a patch, quilt saves it somewhere under .pc on
-application. This is how it can refresh it afterward (comparing the version
-in .pc and the one you currently have in your working dir).
-
-There are three common pitfalls with quilt:
- - doing "quilt pop" without doing "quilt refresh". The version of current
-     dir is replaced with the version of the .pc dir. Your changes are lost.
-   Quilt wont let you do so, but you can force it with '-f' if you're fool.
- - editing a file with is not in the patch yet. Quilt didn't do any previous
-     backup.
-   Use "quilt add" to add files to patches.
-   Set $EDITOR and use "quilt edit" to edit a file, and add it onto the
-     patch if needed.
- - If you update your working directory, patches may not revert cleanly.
-   It is thus recommended to use "quilt pop -a" before updating with
-   "svn up".
-   If you forget (and run into trouble), you may want to remove the whole
-   shadow-?.?.? directory. If you use the makefile which is in the upper
-   directory (trunk/), shadow-?.?.?/debian/patches is a link to
-   debian/patches, so this dirctory does not contain any valuable info.
-
-The documentation is quite well done, I think. "quilt -h" will list you the
-commands. "quilt <cmd> -h" will give you some hints about it. "man quilt" is
-a reference documentation. /usr/share/doc/quilt/quilt.pdf.gz is a complete
-manual, with tutorial.
-
-

debian/patches/series

@@ -1,36 +0,0 @@
-# These patches are only for the testsuite:
-#900_testsuite_groupmems
-#901_testsuite_gcov
-
-503_shadowconfig.8
-008_login_log_failure_in_FTMP
-429_login_FAILLOG_ENAB
-401_cppw_src.dpatch
-# 402 should be merged in 401, but should be reviewed by SE Linux experts first
-402_cppw_selinux
-506_relaxed_usernames
-542_useradd-O_option
-501_commonio_group_shadow
-463_login_delay_obeys_to_PAM
-523_su_arguments_are_concatenated
-523_su_arguments_are_no_more_concatenated_by_default
-508_nologin_in_usr_sbin
-505_useradd_recommend_adduser
-#userns/01_userns_doc
-#userns/02_userns_doc_login.defs
-#userns/03_userns_implement_commonio_append
-#userns/04_userns_add_backend_support
-#userns/05_userns_implemend_find_new_sub_xids
-#userns/06_userns_userdel
-#userns/07_userns_useradd
-#userns/08_userns_detect_busy_subids
-#userns/09_userns_usermod
-#userns/10_userns_newusers
-#userns/11_userns_newxidmap
-#userns/12_userns_selinuxlibs
-#userns/13_subordinate_parse_static_buf
-#userns/14_fix_getopt
-#userns/manpagetypo
-#userns/16_add-argument-sanity-checking.patch
-1000_configure_userns
-1010_vietnamese_translation

debian/patches/userns/01_userns_doc

@@ -1,334 +0,0 @@
-From ebiederm@xmission.com  Tue Jan 22 09:14:18 2013
-Return-Path: <ebiederm@xmission.com>
-X-Original-To: serge@hallyn.com
-Delivered-To: serge@hallyn.com
-Received: by mail.hallyn.com (Postfix, from userid 5001)
-	id DAC33C80F4; Tue, 22 Jan 2013 09:14:18 +0000 (UTC)
-X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on mail
-X-Spam-Level: 
-X-Spam-Status: No, score=0.1 required=8.0 tests=BAD_ENC_HEADER,BAYES_00
-	autolearn=no version=3.3.1
-Received: from out02.mta.xmission.com (out02.mta.xmission.com [166.70.13.232])
-	(using TLSv1 with cipher AES256-SHA (256/256 bits))
-	(No client certificate requested)
-	by mail.hallyn.com (Postfix) with ESMTPS id 274ACC80D1
-	for <serge@hallyn.com>; Tue, 22 Jan 2013 09:14:14 +0000 (UTC)
-Received: from out01.mta.xmission.com ([166.70.13.231])
-	by out02.mta.xmission.com with esmtps (TLS1.0:RSA_AES_256_CBC_SHA1:32)
-	(Exim 4.76)
-	(envelope-from <ebiederm@xmission.com>)
-	id 1TxZuB-0006Xm-N5; Tue, 22 Jan 2013 02:12:31 -0700
-Received: from in02.mta.xmission.com ([166.70.13.52])
-	by out01.mta.xmission.com with esmtps (TLS1.0:RSA_AES_256_CBC_SHA1:32)
-	(Exim 4.76)
-	(envelope-from <ebiederm@xmission.com>)
-	id 1TxZuA-0005NR-BQ; Tue, 22 Jan 2013 02:12:30 -0700
-Received: from c-98-207-153-68.hsd1.ca.comcast.net ([98.207.153.68] helo=eric-ThinkPad-X220.xmission.com)
-	by in02.mta.xmission.com with esmtpsa (TLS1.0:DHE_RSA_AES_128_CBC_SHA1:16)
-	(Exim 4.76)
-	(envelope-from <ebiederm@xmission.com>)
-	id 1TxZu7-0004Pj-Ec; Tue, 22 Jan 2013 02:12:30 -0700
-From: ebiederm@xmission.com (Eric W. Biederman)
-To: Nicolas =?utf-8?Q?Fran=C3=A7ois?= <nicolas.francois@centraliens.net>
-Cc: <Pkg-shadow-devel@lists.alioth.debian.org>,  Linux Containers <containers@lists.linux-foundation.org>,  "Michael Kerrisk \(man-pages\)" <mtk.manpages@gmail.com>,  "Serge E. Hallyn" <serge@hallyn.com>
-References: <87d2wxshu0.fsf@xmission.com>
-Date: Tue, 22 Jan 2013 01:12:23 -0800
-In-Reply-To: <87d2wxshu0.fsf@xmission.com> (Eric W. Biederman's message of
-	"Tue, 22 Jan 2013 01:11:19 -0800")
-Message-ID: <877gn5shs8.fsf@xmission.com>
-User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/24.1 (gnu/linux)
-MIME-Version: 1.0
-Content-Type: text/plain
-X-XM-AID: U2FsdGVkX18YouPWtKNAX3LovSW2+p/ONbuCHMFEQpM=
-X-SA-Exim-Connect-IP: 98.207.153.68
-X-SA-Exim-Mail-From: ebiederm@xmission.com
-Subject: [PATCH 01/11] Documentation for /etc/subuid and /etc/subgid
-X-SA-Exim-Version: 4.2.1 (built Wed, 14 Nov 2012 14:26:46 -0700)
-X-SA-Exim-Scanned: Yes (on in02.mta.xmission.com)
-X-UID: 2071                                                  
-Status: RO
-Content-Length: 9835
-Lines: 286
-
-
-Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com>
----
- man/Makefile.am  |    4 ++
- man/subgid.5.xml |  120 ++++++++++++++++++++++++++++++++++++++++++++++++++++++
- man/subuid.5.xml |  120 ++++++++++++++++++++++++++++++++++++++++++++++++++++++
- 3 files changed, 244 insertions(+), 0 deletions(-)
- create mode 100644 man/subgid.5.xml
- create mode 100644 man/subuid.5.xml
-
-Index: shadow/man/Makefile.am
-===================================================================
---- shadow.orig/man/Makefile.am	2013-02-01 15:26:14.428082026 -0600
-+++ shadow/man/Makefile.am	2013-02-01 15:27:37.000000000 -0600
-@@ -43,6 +43,8 @@
- 	man5/shadow.5 \
- 	man1/su.1 \
- 	man5/suauth.5 \
-+	man5/subgid.5 \
-+	man5/subuid.5 \
- 	man8/useradd.8 \
- 	man8/userdel.8 \
- 	man8/usermod.8 \
-@@ -94,6 +96,8 @@
- 	sg.1.xml \
- 	su.1.xml \
- 	suauth.5.xml \
-+	subgid.5.xml \
-+	subuid.5.xml \
- 	useradd.8.xml \
- 	userdel.8.xml \
- 	usermod.8.xml \
-Index: shadow/man/subgid.5.xml
-===================================================================
---- /dev/null	1970-01-01 00:00:00.000000000 +0000
-+++ shadow/man/subgid.5.xml	2013-02-01 15:26:14.424082026 -0600
-@@ -0,0 +1,120 @@
-+<?xml version="1.0" encoding="UTF-8"?>
-+<!--
-+   Copyright (c) 2013 Eric W. Biederman
-+   All rights reserved.
-+  
-+   Redistribution and use in source and binary forms, with or without
-+   modification, are permitted provided that the following conditions
-+   are met:
-+   1. Redistributions of source code must retain the above copyright
-+      notice, this list of conditions and the following disclaimer.
-+   2. Redistributions in binary form must reproduce the above copyright
-+      notice, this list of conditions and the following disclaimer in the
-+      documentation and/or other materials provided with the distribution.
-+   3. The name of the copyright holders or contributors may not be used to
-+      endorse or promote products derived from this software without
-+      specific prior written permission.
-+  
-+   THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
-+   ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
-+   LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
-+   PARTICULAR PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE COPYRIGHT
-+   HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-+   SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
-+   LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
-+   DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
-+   THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
-+   (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
-+   OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
-+-->
-+<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook V4.5//EN"
-+  "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
-+<!-- SHADOW-CONFIG-HERE -->
-+]>
-+<refentry id='subgid.5'>
-+  <refmeta>
-+    <refentrytitle>subgid</refentrytitle>
-+    <manvolnum>5</manvolnum>
-+    <refmiscinfo class="sectdesc">File Formats and Conversions</refmiscinfo>
-+    <refmiscinfo class="source">shadow-utils</refmiscinfo>
-+    <refmiscinfo class="version">&SHADOW_UTILS_VERSION;</refmiscinfo>
-+  </refmeta>
-+  <refnamediv id='name'>
-+    <refname>subgid</refname>
-+    <refpurpose>the subordinate gid file</refpurpose>
-+  </refnamediv>
-+
-+  <refsect1 id='description'>
-+    <title>DESCRIPTION</title>
-+    <para>
-+      Each line in <filename>/etc/subgid</filename> contains
-+      a user id and a range of suboridinate user ids that user
-+      is allowed to use.
-+
-+      This is specified with three fields delimited by colons
-+      (<quote>:</quote>).
-+      These fields are:
-+    </para>
-+    <itemizedlist mark='bullet'>
-+      <listitem>
-+	<para>login name</para>
-+      </listitem>
-+      <listitem>
-+	<para>numerical subordinate user ID</para>
-+      </listitem>
-+      <listitem>
-+	<para>numerical subordinate user ID count</para>
-+      </listitem>
-+    </itemizedlist>
-+
-+    <para>
-+      This file specifies the group IDs to be that each user may use
-+      with the <command>newgidmap</command> command that ordinary users can use to
-+      configure gid mapping in a user namespace.
-+    </para>
-+
-+    <para>
-+      Multiple ranges may be specified per user ID.
-+    </para>
-+
-+  </refsect1>
-+
-+  <refsect1 id='files'>
-+    <title>FILES</title>
-+    <variablelist>
-+      <varlistentry>
-+	<term><filename>/etc/subgid</filename></term>
-+	<listitem>
-+	  <para>Per user subordinate group IDs.</para>
-+	</listitem>
-+      </varlistentry>
-+      <varlistentry>
-+	<term><filename>/etc/subgid-</filename></term>
-+	<listitem>
-+	  <para>Backup file for /etc/subgid.</para>
-+	</listitem>
-+      </varlistentry>
-+    </variablelist>
-+  </refsect1>
-+
-+  <refsect1 id='see_also'>
-+    <title>SEE ALSO</title>
-+    <para>
-+      <citerefentry>
-+	<refentrytitle>subuid</refentrytitle><manvolnum>5</manvolnum>
-+      </citerefentry>,
-+      <citerefentry>
-+	<refentrytitle>logindefs</refentrytitle><manvolnum>5</manvolnum>
-+      </citerefentry>,
-+      <citerefentry>
-+	<refentrytitle>newuidmap</refentrytitle><manvolnum>1</manvolnum>
-+      </citerefentry>,
-+      <citerefentry>
-+	<refentrytitle>newgidmap</refentrytitle><manvolnum>1</manvolnum>
-+      </citerefentry>,
-+      <citerefentry>
-+	<refentrytitle>usermod</refentrytitle><manvolnum>8</manvolnum>
-+      </citerefentry>,
-+    </para>
-+  </refsect1>
-+</refentry>
-Index: shadow/man/subuid.5.xml
-===================================================================
---- /dev/null	1970-01-01 00:00:00.000000000 +0000
-+++ shadow/man/subuid.5.xml	2013-02-01 15:26:14.424082026 -0600
-@@ -0,0 +1,120 @@
-+<?xml version="1.0" encoding="UTF-8"?>
-+<!--
-+   Copyright (c) 2013 Eric W. Biederman
-+   All rights reserved.
-+  
-+   Redistribution and use in source and binary forms, with or without
-+   modification, are permitted provided that the following conditions
-+   are met:
-+   1. Redistributions of source code must retain the above copyright
-+      notice, this list of conditions and the following disclaimer.
-+   2. Redistributions in binary form must reproduce the above copyright
-+      notice, this list of conditions and the following disclaimer in the
-+      documentation and/or other materials provided with the distribution.
-+   3. The name of the copyright holders or contributors may not be used to
-+      endorse or promote products derived from this software without
-+      specific prior written permission.
-+  
-+   THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
-+   ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
-+   LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
-+   PARTICULAR PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE COPYRIGHT
-+   HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-+   SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
-+   LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
-+   DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
-+   THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
-+   (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
-+   OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
-+-->
-+<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook V4.5//EN"
-+  "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
-+<!-- SHADOW-CONFIG-HERE -->
-+]>
-+<refentry id='subuid.5'>
-+  <refmeta>
-+    <refentrytitle>subuid</refentrytitle>
-+    <manvolnum>5</manvolnum>
-+    <refmiscinfo class="sectdesc">File Formats and Conversions</refmiscinfo>
-+    <refmiscinfo class="source">shadow-utils</refmiscinfo>
-+    <refmiscinfo class="version">&SHADOW_UTILS_VERSION;</refmiscinfo>
-+  </refmeta>
-+  <refnamediv id='name'>
-+    <refname>subuid</refname>
-+    <refpurpose>the subordinate uid file</refpurpose>
-+  </refnamediv>
-+
-+  <refsect1 id='description'>
-+    <title>DESCRIPTION</title>
-+    <para>
-+      Each line in <filename>/etc/subuid</filename> contains
-+      a user id and a range of suboridinate user ids that user
-+      is allowed to use.
-+
-+      This is specified with three fields delimited by colons
-+      (<quote>:</quote>).
-+      These fields are:
-+    </para>
-+    <itemizedlist mark='bullet'>
-+      <listitem>
-+	<para>login name</para>
-+      </listitem>
-+      <listitem>
-+	<para>numerical subordinate user ID</para>
-+      </listitem>
-+      <listitem>
-+	<para>numerical subordinate user ID count</para>
-+      </listitem>
-+    </itemizedlist>
-+
-+    <para>
-+      This file specifies the user IDs to be that each user may use
-+      with the <command>newuidmap</command> command that ordinary users can use to
-+      configure uid mapping in a user namespace.
-+    </para>
-+
-+    <para>
-+      Multiple ranges may be specified per user ID.
-+    </para>
-+
-+  </refsect1>
-+
-+  <refsect1 id='files'>
-+    <title>FILES</title>
-+    <variablelist>
-+      <varlistentry>
-+	<term><filename>/etc/subuid</filename></term>
-+	<listitem>
-+	  <para>Per user subordinate user IDs.</para>
-+	</listitem>
-+      </varlistentry>
-+      <varlistentry>
-+	<term><filename>/etc/subuid-</filename></term>
-+	<listitem>
-+	  <para>Backup file for /etc/subuid.</para>
-+	</listitem>
-+      </varlistentry>
-+    </variablelist>
-+  </refsect1>
-+
-+  <refsect1 id='see_also'>
-+    <title>SEE ALSO</title>
-+    <para>
-+      <citerefentry>
-+	<refentrytitle>subgid</refentrytitle><manvolnum>5</manvolnum>
-+      </citerefentry>,
-+      <citerefentry>
-+	<refentrytitle>logindefs</refentrytitle><manvolnum>5</manvolnum>
-+      </citerefentry>,
-+      <citerefentry>
-+	<refentrytitle>newuidmap</refentrytitle><manvolnum>1</manvolnum>
-+      </citerefentry>,
-+      <citerefentry>
-+	<refentrytitle>newgidmap</refentrytitle><manvolnum>1</manvolnum>
-+      </citerefentry>,
-+      <citerefentry>
-+	<refentrytitle>usermod</refentrytitle><manvolnum>8</manvolnum>
-+      </citerefentry>,
-+    </para>
-+  </refsect1>
-+</refentry>

debian/patches/userns/02_userns_doc_login.defs

@@ -1,218 +0,0 @@
-From ebiederm@xmission.com  Tue Jan 22 09:14:55 2013
-Return-Path: <ebiederm@xmission.com>
-X-Original-To: serge@hallyn.com
-Delivered-To: serge@hallyn.com
-Received: by mail.hallyn.com (Postfix, from userid 5001)
-	id 140DBC80F4; Tue, 22 Jan 2013 09:14:55 +0000 (UTC)
-X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on mail
-X-Spam-Level: 
-X-Spam-Status: No, score=0.1 required=8.0 tests=BAD_ENC_HEADER,BAYES_00
-	autolearn=no version=3.3.1
-Received: from out02.mta.xmission.com (out02.mta.xmission.com [166.70.13.232])
-	(using TLSv1 with cipher AES256-SHA (256/256 bits))
-	(No client certificate requested)
-	by mail.hallyn.com (Postfix) with ESMTPS id 5D815C80D1
-	for <serge@hallyn.com>; Tue, 22 Jan 2013 09:14:50 +0000 (UTC)
-Received: from out03.mta.xmission.com ([166.70.13.233])
-	by out02.mta.xmission.com with esmtps (TLS1.0:RSA_AES_256_CBC_SHA1:32)
-	(Exim 4.76)
-	(envelope-from <ebiederm@xmission.com>)
-	id 1TxZum-0006il-0f; Tue, 22 Jan 2013 02:13:08 -0700
-Received: from in02.mta.xmission.com ([166.70.13.52])
-	by out03.mta.xmission.com with esmtps (TLS1.0:RSA_AES_256_CBC_SHA1:32)
-	(Exim 4.76)
-	(envelope-from <ebiederm@xmission.com>)
-	id 1TxZul-0004GF-Id; Tue, 22 Jan 2013 02:13:07 -0700
-Received: from c-98-207-153-68.hsd1.ca.comcast.net ([98.207.153.68] helo=eric-ThinkPad-X220.xmission.com)
-	by in02.mta.xmission.com with esmtpsa (TLS1.0:DHE_RSA_AES_128_CBC_SHA1:16)
-	(Exim 4.76)
-	(envelope-from <ebiederm@xmission.com>)
-	id 1TxZuf-0004T0-MS; Tue, 22 Jan 2013 02:13:07 -0700
-From: ebiederm@xmission.com (Eric W. Biederman)
-To: Nicolas =?utf-8?Q?Fran=C3=A7ois?= <nicolas.francois@centraliens.net>
-Cc: <Pkg-shadow-devel@lists.alioth.debian.org>,  Linux Containers <containers@lists.linux-foundation.org>,  "Michael Kerrisk \(man-pages\)" <mtk.manpages@gmail.com>,  "Serge E. Hallyn" <serge@hallyn.com>
-References: <87d2wxshu0.fsf@xmission.com>
-Date: Tue, 22 Jan 2013 01:12:58 -0800
-In-Reply-To: <87d2wxshu0.fsf@xmission.com> (Eric W. Biederman's message of
-	"Tue, 22 Jan 2013 01:11:19 -0800")
-Message-ID: <871uddshr9.fsf@xmission.com>
-User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/24.1 (gnu/linux)
-MIME-Version: 1.0
-Content-Type: text/plain
-X-XM-AID: U2FsdGVkX19iYyOCEx6dl2v1Ya/KIGpixG5+3MVA1bY=
-X-SA-Exim-Connect-IP: 98.207.153.68
-X-SA-Exim-Mail-From: ebiederm@xmission.com
-Subject: [PATCH 02/11] login.defs.5: Document the new variables in login.defs
-X-SA-Exim-Version: 4.2.1 (built Wed, 14 Nov 2012 14:26:46 -0700)
-X-SA-Exim-Scanned: Yes (on in02.mta.xmission.com)
-X-UID: 2072                                                  
-Status: RO
-Content-Length: 7615
-Lines: 170
-
-
-Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com>
----
- man/Makefile.am                    |    2 +
- man/login.defs.5.xml               |    8 ++++++
- man/login.defs.d/SUB_GID_COUNT.xml |   46 ++++++++++++++++++++++++++++++++++++
- man/login.defs.d/SUB_UID_COUNT.xml |   46 ++++++++++++++++++++++++++++++++++++
- 4 files changed, 102 insertions(+), 0 deletions(-)
- create mode 100644 man/login.defs.d/SUB_GID_COUNT.xml
- create mode 100644 man/login.defs.d/SUB_UID_COUNT.xml
-
-Index: shadow/man/Makefile.am
-===================================================================
---- shadow.orig/man/Makefile.am	2013-02-01 15:27:51.048080390 -0600
-+++ shadow/man/Makefile.am	2013-02-01 15:27:51.040080390 -0600
-@@ -163,6 +163,8 @@
- 	USERDEL_CMD.xml \
- 	USERGROUPS_ENAB.xml \
- 	USE_TCB.xml \
-+	SUB_GID_COUNT.xml \
-+	SUB_UID_COUNT.xml \
- 	SYS_GID_MAX.xml \
- 	SYS_UID_MAX.xml
- 
-Index: shadow/man/login.defs.5.xml
-===================================================================
---- shadow.orig/man/login.defs.5.xml	2013-02-01 15:27:51.048080390 -0600
-+++ shadow/man/login.defs.5.xml	2013-02-01 15:27:51.044080390 -0600
-@@ -78,6 +78,8 @@
- <!ENTITY SULOG_FILE            SYSTEM "login.defs.d/SULOG_FILE.xml">
- <!ENTITY SU_NAME               SYSTEM "login.defs.d/SU_NAME.xml">
- <!ENTITY SU_WHEEL_ONLY         SYSTEM "login.defs.d/SU_WHEEL_ONLY.xml">
-+<!ENTITY SUB_GID_COUNT         SYSTEM "login.defs.d/SUB_GID_COUNT.xml">
-+<!ENTITY SUB_UID_COUNT         SYSTEM "login.defs.d/SUB_UID_COUNT.xml">
- <!ENTITY SYS_GID_MAX           SYSTEM "login.defs.d/SYS_GID_MAX.xml">
- <!ENTITY SYSLOG_SG_ENAB        SYSTEM "login.defs.d/SYSLOG_SG_ENAB.xml">
- <!ENTITY SYSLOG_SU_ENAB        SYSTEM "login.defs.d/SYSLOG_SU_ENAB.xml">
-@@ -216,6 +218,8 @@
-       &SULOG_FILE;
-       &SU_NAME;
-       &SU_WHEEL_ONLY;
-+      &SUB_GID_COUNT; <!-- documents also SUB_GID_MIN SUB_GID_MAX -->
-+      &SUB_UID_COUNT; <!-- documents also SUB_UID_MIN SUB_UID_MAX -->
-       &SYS_GID_MAX; <!-- documents also SYS_GID_MIN -->
-       &SYS_UID_MAX; <!-- documents also SYS_UID_MIN -->
-       &SYSLOG_SG_ENAB;
-@@ -393,6 +397,8 @@
- 	    PASS_MAX_DAYS PASS_MIN_DAYS PASS_WARN_AGE
- 	    <phrase condition="sha_crypt">SHA_CRYPT_MAX_ROUNDS
- 	    SHA_CRYPT_MIN_ROUNDS</phrase>
-+	    SUB_GID_COUNT SUB_GID_MAX SUB_GID_MIN
-+	    SUB_UID_COUNT SUB_UID_MAX SUB_UID_MIN
- 	    SYS_GID_MAX SYS_GID_MIN SYS_UID_MAX SYS_UID_MIN UID_MAX UID_MIN
- 	    UMASK
- 	  </para>
-@@ -470,6 +476,8 @@
- 	    GID_MAX GID_MIN
- 	    MAIL_DIR MAX_MEMBERS_PER_GROUP
- 	    PASS_MAX_DAYS PASS_MIN_DAYS PASS_WARN_AGE
-+	    SUB_GID_COUNT SUB_GID_MAX SUB_GID_MIN
-+	    SUB_UID_COUNT SUB_UID_MAX SUB_UID_MIN
- 	    SYS_GID_MAX SYS_GID_MIN SYS_UID_MAX SYS_UID_MIN UID_MAX UID_MIN
- 	    UMASK
- 	    <phrase condition="tcb">TCB_AUTH_GROUP TCB_SYMLINK USE_TCB</phrase>
-Index: shadow/man/login.defs.d/SUB_GID_COUNT.xml
-===================================================================
---- /dev/null	1970-01-01 00:00:00.000000000 +0000
-+++ shadow/man/login.defs.d/SUB_GID_COUNT.xml	2013-02-01 15:27:51.044080390 -0600
-@@ -0,0 +1,46 @@
-+<!--
-+   Copyright (c) 2013, Eric W. Biederman
-+   All rights reserved.
-+  
-+   Redistribution and use in source and binary forms, with or without
-+   modification, are permitted provided that the following conditions
-+   are met:
-+   1. Redistributions of source code must retain the above copyright
-+      notice, this list of conditions and the following disclaimer.
-+   2. Redistributions in binary form must reproduce the above copyright
-+      notice, this list of conditions and the following disclaimer in the
-+      documentation and/or other materials provided with the distribution.
-+   3. The name of the copyright holders or contributors may not be used to
-+      endorse or promote products derived from this software without
-+      specific prior written permission.
-+  
-+   THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
-+   ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
-+   LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
-+   PARTICULAR PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE COPYRIGHT
-+   HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-+   SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
-+   LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
-+   DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
-+   THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
-+   (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
-+   OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
-+-->
-+<varlistentry>
-+  <term><option>SUB_GID_MIN</option> (number)</term>
-+  <term><option>SUB_GID_MAX</option> (number)</term>
-+  <term><option>SUB_GID_COUNT</option> (number)</term>
-+  <listitem>
-+    <para>
-+      The commands <command>useradd</command> and <command>newusers</command>
-+      allocate <option>SUB_GID_COUNT</option> unused group IDs from the range
-+      <option>SUB_GID_MIN</option> to <option>SUB_GID_MAX</option> for each
-+      new user.
-+    </para>
-+    <para>
-+      The default values for <option>SUB_GID_MAN</option>,
-+      <option>SUB_GID_MIN</option>, <option>SUB_GID_COUNT</option>
-+      are respectively 100000, 600100000 and 10000.
-+    </para>
-+  </listitem>
-+</varlistentry>
-Index: shadow/man/login.defs.d/SUB_UID_COUNT.xml
-===================================================================
---- /dev/null	1970-01-01 00:00:00.000000000 +0000
-+++ shadow/man/login.defs.d/SUB_UID_COUNT.xml	2013-02-01 15:27:51.044080390 -0600
-@@ -0,0 +1,46 @@
-+<!--
-+   Copyright (c) 2013, Eric W. Biederman
-+   All rights reserved.
-+  
-+   Redistribution and use in source and binary forms, with or without
-+   modification, are permitted provided that the following conditions
-+   are met:
-+   1. Redistributions of source code must retain the above copyright
-+      notice, this list of conditions and the following disclaimer.
-+   2. Redistributions in binary form must reproduce the above copyright
-+      notice, this list of conditions and the following disclaimer in the
-+      documentation and/or other materials provided with the distribution.
-+   3. The name of the copyright holders or contributors may not be used to
-+      endorse or promote products derived from this software without
-+      specific prior written permission.
-+  
-+   THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
-+   ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
-+   LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
-+   PARTICULAR PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE COPYRIGHT
-+   HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-+   SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
-+   LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
-+   DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
-+   THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
-+   (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
-+   OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
-+-->
-+<varlistentry>
-+  <term><option>SUB_UID_MIN</option> (number)</term>
-+  <term><option>SUB_UID_MAX</option> (number)</term>
-+  <term><option>SUB_UID_COUNT</option> (number)</term>
-+  <listitem>
-+    <para>
-+      The commands <command>useradd</command> and <command>newusers</command>
-+      allocate <option>SUB_UID_COUNT</option> unused user IDs from the range
-+      <option>SUB_UID_MIN</option> to <option>SUB_UID_MAX</option> for each
-+      new user.
-+    </para>
-+    <para>
-+      The default values for <option>SUB_GID_MAN</option>,
-+      <option>SUB_GID_MIN</option>, <option>SUB_GID_COUNT</option>
-+      are respectively 100000, 600100000 and 10000.
-+    </para>
-+  </listitem>
-+</varlistentry>

debian/patches/userns/03_userns_implement_commonio_append

@@ -1,110 +0,0 @@
-From ebiederm@xmission.com  Tue Jan 22 09:15:19 2013
-Return-Path: <ebiederm@xmission.com>
-X-Original-To: serge@hallyn.com
-Delivered-To: serge@hallyn.com
-Received: by mail.hallyn.com (Postfix, from userid 5001)
-	id CAFA8C80F6; Tue, 22 Jan 2013 09:15:19 +0000 (UTC)
-X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on mail
-X-Spam-Level: 
-X-Spam-Status: No, score=0.1 required=8.0 tests=BAD_ENC_HEADER,BAYES_00
-	autolearn=no version=3.3.1
-Received: from out02.mta.xmission.com (out02.mta.xmission.com [166.70.13.232])
-	(using TLSv1 with cipher AES256-SHA (256/256 bits))
-	(No client certificate requested)
-	by mail.hallyn.com (Postfix) with ESMTPS id 43FAEC80D1
-	for <serge@hallyn.com>; Tue, 22 Jan 2013 09:15:15 +0000 (UTC)
-Received: from in02.mta.xmission.com ([166.70.13.52])
-	by out02.mta.xmission.com with esmtps (TLS1.0:RSA_AES_256_CBC_SHA1:32)
-	(Exim 4.76)
-	(envelope-from <ebiederm@xmission.com>)
-	id 1TxZvA-0006sA-Pq; Tue, 22 Jan 2013 02:13:32 -0700
-Received: from c-98-207-153-68.hsd1.ca.comcast.net ([98.207.153.68] helo=eric-ThinkPad-X220.xmission.com)
-	by in02.mta.xmission.com with esmtpsa (TLS1.0:DHE_RSA_AES_128_CBC_SHA1:16)
-	(Exim 4.76)
-	(envelope-from <ebiederm@xmission.com>)
-	id 1TxZv8-0004VI-Fi; Tue, 22 Jan 2013 02:13:32 -0700
-From: ebiederm@xmission.com (Eric W. Biederman)
-To: Nicolas =?utf-8?Q?Fran=C3=A7ois?= <nicolas.francois@centraliens.net>
-Cc: <Pkg-shadow-devel@lists.alioth.debian.org>,  Linux Containers <containers@lists.linux-foundation.org>,  "Michael Kerrisk \(man-pages\)" <mtk.manpages@gmail.com>,  "Serge E. Hallyn" <serge@hallyn.com>
-References: <87d2wxshu0.fsf@xmission.com>
-Date: Tue, 22 Jan 2013 01:13:26 -0800
-In-Reply-To: <87d2wxshu0.fsf@xmission.com> (Eric W. Biederman's message of
-	"Tue, 22 Jan 2013 01:11:19 -0800")
-Message-ID: <87vcapr361.fsf@xmission.com>
-User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/24.1 (gnu/linux)
-MIME-Version: 1.0
-Content-Type: text/plain
-X-XM-AID: U2FsdGVkX1++0A/mQBimfZkeNedO095IfnCYGQfIolI=
-X-SA-Exim-Connect-IP: 98.207.153.68
-X-SA-Exim-Mail-From: ebiederm@xmission.com
-Subject: [PATCH 03/11] Implement commonio_append.
-X-SA-Exim-Version: 4.2.1 (built Wed, 14 Nov 2012 14:26:46 -0700)
-X-SA-Exim-Scanned: Yes (on in02.mta.xmission.com)
-X-UID: 2073                                                  
-Status: RO
-Content-Length: 1874
-Lines: 65
-
-
-To support files that do not have a simple unique key implement
-commonio_append to allow new entries to be added.
-
-Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com>
----
- lib/commonio.c |   30 ++++++++++++++++++++++++++++++
- lib/commonio.h |    1 +
- 2 files changed, 31 insertions(+), 0 deletions(-)
-
-Index: shadow/lib/commonio.c
-===================================================================
---- shadow.orig/lib/commonio.c	2013-02-01 15:27:51.376080384 -0600
-+++ shadow/lib/commonio.c	2013-02-01 15:27:51.368080384 -0600
-@@ -1121,6 +1121,36 @@
- 	return 1;
- }
- 
-+int commonio_append (struct commonio_db *db, const void *eptr)
-+{
-+	struct commonio_entry *p;
-+	void *nentry;
-+
-+	if (!db->isopen || db->readonly) {
-+		errno = EINVAL;
-+		return 0;
-+	}
-+	nentry = db->ops->dup (eptr);
-+	if (NULL == nentry) {
-+		errno = ENOMEM;
-+		return 0;
-+	}
-+	/* new entry */
-+	p = (struct commonio_entry *) malloc (sizeof *p);
-+	if (NULL == p) {
-+		db->ops->free (nentry);
-+		errno = ENOMEM;
-+		return 0;
-+	}
-+
-+	p->eptr = nentry;
-+	p->line = NULL;
-+	p->changed = true;
-+	add_one_entry (db, p);
-+
-+	db->changed = true;
-+	return 1;
-+}
- 
- void commonio_del_entry (struct commonio_db *db, const struct commonio_entry *p)
- {
-Index: shadow/lib/commonio.h
-===================================================================
---- shadow.orig/lib/commonio.h	2013-02-01 15:27:51.376080384 -0600
-+++ shadow/lib/commonio.h	2013-02-01 15:27:51.368080384 -0600
-@@ -146,6 +146,7 @@
- extern int commonio_open (struct commonio_db *, int);
- extern /*@observer@*/ /*@null@*/const void *commonio_locate (struct commonio_db *, const char *);
- extern int commonio_update (struct commonio_db *, const void *);
-+extern int commonio_append (struct commonio_db *, const void *);
- extern int commonio_remove (struct commonio_db *, const char *);
- extern int commonio_rewind (struct commonio_db *);
- extern /*@observer@*/ /*@null@*/const void *commonio_next (struct commonio_db *);

debian/patches/userns/04_userns_add_backend_support

@@ -1,685 +0,0 @@
-From ebiederm@xmission.com  Tue Jan 22 09:16:29 2013
-Return-Path: <ebiederm@xmission.com>
-X-Original-To: serge@hallyn.com
-Delivered-To: serge@hallyn.com
-Received: by mail.hallyn.com (Postfix, from userid 5001)
-	id AF9A9C80F4; Tue, 22 Jan 2013 09:16:29 +0000 (UTC)
-X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on mail
-X-Spam-Level: 
-X-Spam-Status: No, score=0.1 required=8.0 tests=BAD_ENC_HEADER,BAYES_00
-	autolearn=no version=3.3.1
-Received: from out02.mta.xmission.com (out02.mta.xmission.com [166.70.13.232])
-	(using TLSv1 with cipher AES256-SHA (256/256 bits))
-	(No client certificate requested)
-	by mail.hallyn.com (Postfix) with ESMTPS id EDF70C80D1
-	for <serge@hallyn.com>; Tue, 22 Jan 2013 09:16:24 +0000 (UTC)
-Received: from out01.mta.xmission.com ([166.70.13.231])
-	by out02.mta.xmission.com with esmtps (TLS1.0:RSA_AES_256_CBC_SHA1:32)
-	(Exim 4.76)
-	(envelope-from <ebiederm@xmission.com>)
-	id 1TxZwI-0007HS-Mn; Tue, 22 Jan 2013 02:14:42 -0700
-Received: from in02.mta.xmission.com ([166.70.13.52])
-	by out01.mta.xmission.com with esmtps (TLS1.0:RSA_AES_256_CBC_SHA1:32)
-	(Exim 4.76)
-	(envelope-from <ebiederm@xmission.com>)
-	id 1TxZwI-0005wP-8E; Tue, 22 Jan 2013 02:14:42 -0700
-Received: from c-98-207-153-68.hsd1.ca.comcast.net ([98.207.153.68] helo=eric-ThinkPad-X220.xmission.com)
-	by in02.mta.xmission.com with esmtpsa (TLS1.0:DHE_RSA_AES_128_CBC_SHA1:16)
-	(Exim 4.76)
-	(envelope-from <ebiederm@xmission.com>)
-	id 1TxZwE-0004bA-Mv; Tue, 22 Jan 2013 02:14:42 -0700
-From: ebiederm@xmission.com (Eric W. Biederman)
-To: Nicolas =?utf-8?Q?Fran=C3=A7ois?= <nicolas.francois@centraliens.net>
-Cc: <Pkg-shadow-devel@lists.alioth.debian.org>,  Linux Containers <containers@lists.linux-foundation.org>,  "Michael Kerrisk \(man-pages\)" <mtk.manpages@gmail.com>,  "Serge E. Hallyn" <serge@hallyn.com>
-References: <87d2wxshu0.fsf@xmission.com>
-Date: Tue, 22 Jan 2013 01:14:35 -0800
-In-Reply-To: <87d2wxshu0.fsf@xmission.com> (Eric W. Biederman's message of
-	"Tue, 22 Jan 2013 01:11:19 -0800")
-Message-ID: <87liblr344.fsf@xmission.com>
-User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/24.1 (gnu/linux)
-MIME-Version: 1.0
-Content-Type: text/plain
-X-XM-AID: U2FsdGVkX1/3QOlmT6VsAuzQbs/RJ/nb1IrpO++QYVA=
-X-SA-Exim-Connect-IP: 98.207.153.68
-X-SA-Exim-Mail-From: ebiederm@xmission.com
-Subject: [PATCH 04/11] Add backend support for suboridnate uids and gids
-X-SA-Exim-Version: 4.2.1 (built Wed, 14 Nov 2012 14:26:46 -0700)
-X-SA-Exim-Scanned: Yes (on in02.mta.xmission.com)
-X-UID: 2074                                                  
-Status: RO
-X-Status: A
-Content-Length: 15967
-Lines: 636
-
-
-These files list the set of subordinate uids and gids that users are allowed
-to use.   The expect use case is with the user namespace but other uses are
-allowed.
-
-Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com>
----
- etc/login.defs      |    8 +
- lib/Makefile.am     |    2 +
- lib/getdef.c        |    6 +
- lib/subordinateio.c |  512 +++++++++++++++++++++++++++++++++++++++++++++++++++
- lib/subordinateio.h |   38 ++++
- 5 files changed, 566 insertions(+), 0 deletions(-)
- create mode 100644 lib/subordinateio.c
- create mode 100644 lib/subordinateio.h
-
-Index: shadow/etc/login.defs
-===================================================================
---- shadow.orig/etc/login.defs	2013-02-01 15:27:51.684080379 -0600
-+++ shadow/etc/login.defs	2013-02-01 15:27:51.676080379 -0600
-@@ -226,6 +226,10 @@
- # System accounts
- SYS_UID_MIN		  101
- SYS_UID_MAX		  999
-+# Extra per user uids
-+SUB_UID_MIN		   100000
-+SUB_UID_MAX		600100000
-+SUB_UID_COUNT		    10000
- 
- #
- # Min/max values for automatic gid selection in groupadd
-@@ -235,6 +239,10 @@
- # System accounts
- SYS_GID_MIN		  101
- SYS_GID_MAX		  999
-+# Extra per user group ids
-+SUB_GID_MIN		   100000
-+SUB_GID_MAX		600100000
-+SUB_GID_COUNT		    10000
- 
- #
- # Max number of login retries if password is bad
-Index: shadow/lib/Makefile.am
-===================================================================
---- shadow.orig/lib/Makefile.am	2013-02-01 15:27:51.684080379 -0600
-+++ shadow/lib/Makefile.am	2013-02-01 15:27:51.676080379 -0600
-@@ -39,6 +39,8 @@
- 	pwio.c \
- 	pwio.h \
- 	pwmem.c \
-+	subordinateio.h \
-+	subordinateio.c \
- 	selinux.c \
- 	semanage.c \
- 	sgetgrent.c \
-Index: shadow/lib/getdef.c
-===================================================================
---- shadow.orig/lib/getdef.c	2013-02-01 15:27:51.684080379 -0600
-+++ shadow/lib/getdef.c	2013-02-01 15:27:51.680080379 -0600
-@@ -82,6 +82,12 @@
- 	{"SHA_CRYPT_MAX_ROUNDS", NULL},
- 	{"SHA_CRYPT_MIN_ROUNDS", NULL},
- #endif
-+	{"SUB_GID_COUNT", NULL},
-+	{"SUB_GID_MAX", NULL},
-+	{"SUB_GID_MIN", NULL},
-+	{"SUB_UID_COUNT", NULL},
-+	{"SUB_UID_MAX", NULL},
-+	{"SUB_UID_MIN", NULL},
- 	{"SULOG_FILE", NULL},
- 	{"SU_NAME", NULL},
- 	{"SYS_GID_MAX", NULL},
-Index: shadow/lib/subordinateio.c
-===================================================================
---- /dev/null	1970-01-01 00:00:00.000000000 +0000
-+++ shadow/lib/subordinateio.c	2013-02-01 15:27:51.680080379 -0600
-@@ -0,0 +1,512 @@
-+/*
-+ * Copyright (c) 2012 - Eric Biederman
-+ */
-+
-+#include <config.h>
-+#include "prototypes.h"
-+#include "defines.h"
-+#include <stdio.h>
-+#include "commonio.h"
-+#include "subordinateio.h"
-+
-+struct subordinate_range {
-+	const char *owner;
-+	unsigned long start;
-+	unsigned long count;
-+};
-+
-+#define NFIELDS 3
-+
-+static /*@null@*/ /*@only@*/void *subordinate_dup (const void *ent)
-+{
-+	const struct subordinate_range *rangeent = ent;
-+	struct subordinate_range *range;
-+
-+	range = (struct subordinate_range *) malloc (sizeof *range);
-+	if (NULL == range) {
-+		return NULL;
-+	}
-+	range->owner = strdup (rangeent->owner);
-+	if (NULL == range->owner) {
-+		free(range);
-+		return NULL;
-+	}
-+	range->start = rangeent->start;
-+	range->count = rangeent->count;
-+
-+	return range;
-+}
-+
-+static void subordinate_free (/*@out@*/ /*@only@*/void *ent)
-+{
-+	struct subordinate_range *rangeent = ent;
-+	
-+	free ((void *)(rangeent->owner));
-+	free (rangeent);
-+}
-+
-+static void *subordinate_parse (const char *line)
-+{
-+	static struct subordinate_range range;
-+	char rangebuf[1024];
-+	int i;
-+	char *cp;
-+	char *fields[NFIELDS];
-+
-+	/*
-+	 * Copy the string to a temporary buffer so the substrings can
-+	 * be modified to be NULL terminated.
-+	 */
-+	if (strlen (line) >= sizeof rangebuf)
-+		return NULL;	/* fail if too long */
-+	strcpy (rangebuf, line);
-+
-+	/*
-+	 * Save a pointer to the start of each colon separated
-+	 * field.  The fields are converted into NUL terminated strings.
-+	 */
-+
-+	for (cp = rangebuf, i = 0; (i < NFIELDS) && (NULL != cp); i++) {
-+		fields[i] = cp;
-+		while (('\0' != *cp) && (':' != *cp)) {
-+			cp++;
-+		}
-+
-+		if ('\0' != *cp) {
-+			*cp = '\0';
-+			cp++;
-+		} else {
-+			cp = NULL;
-+		}
-+	}
-+
-+	/*
-+	 * There must be exactly NFIELDS colon separated fields or
-+	 * the entry is invalid.  Also, fields must be non-blank.
-+	 */
-+	if (i != NFIELDS || *fields[0] == '\0' || *fields[1] == '\0' || *fields[2] == '\0')
-+		return NULL;
-+	range.owner = fields[0];
-+	if (getulong (fields[1], &range.start) == 0)
-+		return NULL;
-+	if (getulong (fields[2], &range.count) == 0)
-+		return NULL;
-+
-+	return &range;
-+}
-+
-+static int subordinate_put (const void *ent, FILE * file)
-+{
-+	const struct subordinate_range *range = ent;
-+
-+	return fprintf(file, "%s:%lu:%lu\n",
-+			       range->owner,
-+			       range->start,
-+			       range->count) < 0 ? -1  : 0;
-+}
-+
-+static struct commonio_ops subordinate_ops = {
-+	subordinate_dup,	/* dup */
-+	subordinate_free,	/* free */
-+	NULL,			/* getname */
-+	subordinate_parse,	/* parse */
-+	subordinate_put,	/* put */
-+	fgets,			/* fgets */
-+	fputs,			/* fputs */
-+	NULL,			/* open_hook */
-+	NULL,			/* close_hook */
-+};
-+
-+static /*@observer@*/ /*@null*/const struct subordinate_range *subordinate_next(struct commonio_db *db)
-+{
-+	commonio_next (db);
-+}
-+
-+static bool is_range_free(struct commonio_db *db, unsigned long start,
-+			  unsigned long count)
-+{
-+	const struct subordinate_range *range;
-+	unsigned long end = start + count - 1;
-+
-+	commonio_rewind(db);
-+	while ((range = commonio_next(db)) != NULL) {
-+		unsigned long first = range->start;
-+		unsigned long last = first + range->count - 1;
-+
-+		if ((end >= first) && (start <= last))
-+			return false;
-+	}
-+	return true;
-+}
-+
-+static const bool range_exists(struct commonio_db *db, const char *owner)
-+{
-+	const struct subordinate_range *range;
-+	commonio_rewind(db);
-+	while ((range = commonio_next(db)) != NULL) {
-+		unsigned long first = range->start;
-+		unsigned long last = first + range->count - 1;
-+
-+		if (0 == strcmp(range->owner, owner))
-+			return true;
-+	}
-+	return false;
-+}
-+
-+static const struct subordinate_range *find_range(struct commonio_db *db,
-+						  const char *owner, unsigned long val)
-+{
-+	const struct subordinate_range *range;
-+	commonio_rewind(db);
-+	while ((range = commonio_next(db)) != NULL) {
-+		unsigned long first = range->start;
-+		unsigned long last = first + range->count - 1;
-+
-+		if (0 != strcmp(range->owner, owner))
-+			continue;
-+
-+		if ((val >= first) && (val <= last))
-+			return range;
-+	}
-+	return NULL;
-+}
-+
-+static bool have_range(struct commonio_db *db,
-+		       const char *owner, unsigned long start, unsigned long count)
-+{
-+	const struct subordinate_range *range;
-+	unsigned long end;
-+
-+	if (count == 0)
-+		return false;
-+
-+	end = start + count - 1;
-+	range = find_range (db, owner, start);
-+	while (range) {
-+		unsigned long last; 
-+
-+		last = range->start + range->count - 1;
-+		if (last >= (start + count - 1))
-+			return true;
-+
-+		count = end - last;
-+		start = last + 1;
-+		range = find_range(db, owner, start);
-+	}
-+	return false;
-+}
-+
-+static int subordinate_range_cmp (const void *p1, const void *p2)
-+{
-+	struct subordinate_range *range1, *range2;
-+
-+	if ((*(struct commonio_entry **) p1)->eptr == NULL)
-+		return 1;
-+	if ((*(struct commonio_entry **) p2)->eptr == NULL)
-+		return -1;
-+
-+	range1 = ((struct subordinate_range *) (*(struct commonio_entry **) p1)->eptr);
-+	range2 = ((struct subordinate_range *) (*(struct commonio_entry **) p2)->eptr);
-+
-+	if (range1->start < range2->start)
-+		return -1;
-+	else if (range1->start > range2->start)
-+		return 1;
-+	else if (range1->count < range2->count)
-+		return -1;
-+	else if (range1->count > range2->count)
-+		return 1;
-+	else
-+		return strcmp(range1->owner, range2->owner);
-+}
-+
-+static unsigned long find_free_range(struct commonio_db *db,
-+				     unsigned long min, unsigned long max,
-+				     unsigned long count)
-+{
-+	const struct subordinate_range *range;
-+	unsigned long low, high;
-+
-+	/* When given invalid parameters fail */
-+	if ((count == 0) || (max <= min))
-+		goto fail;
-+
-+	/* Sort by range than by owner */
-+	commonio_sort (db, subordinate_range_cmp);
-+	commonio_rewind(db);
-+
-+	low = min;
-+	while ((range = commonio_next(db)) != NULL) {
-+		unsigned long first = range->start;
-+		unsigned long last = first + range->count - 1;
-+
-+		/* Find the top end of the hole before this range */
-+		high = first;
-+		if (high > max)
-+			high = max;
-+
-+		/* Is the hole before this range large enough? */
-+		if ((high > low) && (((high - low) + 1) >= count))
-+			return low;
-+
-+		/* Compute the low end of the next hole */
-+		if (low < (last + 1))
-+			low = last + 1;
-+		if (low > max)
-+			goto fail;
-+	}
-+
-+	/* Is the remaining unclaimed area large enough? */
-+	if (((max - low) + 1) >= count)
-+		return low;
-+fail:
-+	return ULONG_MAX;
-+}
-+
-+static int add_range(struct commonio_db *db,
-+	const char *owner, unsigned long start, unsigned long count)
-+{
-+	struct subordinate_range range;
-+	range.owner = owner;
-+	range.start = start;
-+	range.count = count;
-+
-+	/* See if the range is already present */
-+	if (have_range(db, owner, start, count))
-+		return 1;
-+
-+	/* Oterwise append the range */
-+	return commonio_append(db, &range);
-+}
-+
-+static int remove_range(struct commonio_db *db,
-+	const char *owner, unsigned long start, unsigned long count)
-+{
-+	struct commonio_entry *ent;
-+	unsigned long end;
-+
-+	if (count == 0)
-+		return 1;
-+
-+	end = start + count - 1;
-+	for (ent = db->head; ent; ent = ent->next) {
-+		struct subordinate_range *range = ent->eptr;
-+		unsigned long first;
-+		unsigned long last;
-+
-+		/* Skip unparsed entries */
-+		if (!range)
-+			continue;
-+
-+		first = range->start;
-+		last = first + range->count - 1;
-+
-+		/* Skip entries with a different owner */
-+		if (0 != strcmp(range->owner, owner))
-+			continue;
-+
-+		/* Skip entries outside of the range to remove */
-+		if ((end < first) || (start > last))
-+			continue;
-+
-+		/* Is entry completely contained in the range to remove? */
-+		if ((start <= first) && (end >= last)) {
-+			commonio_del_entry (db, ent);
-+		} 
-+		/* Is just the start of the entry removed? */
-+		else if ((start <= first) && (end < last)) {
-+			range->start = end + 1;
-+			range->count = (last - range->start) + 1;
-+
-+			ent->changed = true;
-+		}
-+		/* Is just the end of the entry removed? */
-+		else if ((start > first) && (end >= last)) {
-+			range->count = (start - range->start) + 1;
-+
-+			ent->changed = true;
-+		}
-+		/* The middle of the range is removed */
-+		else {
-+			struct subordinate_range tail;
-+			tail.owner = range->owner;
-+			tail.start = end + 1;
-+			tail.count = (last - tail.start) + 1;
-+
-+			if (!commonio_append(db, &tail))
-+				return 0;
-+
-+			range->count = (start - range->start) + 1;
-+
-+			ent->changed = true;
-+		}
-+	}
-+
-+	return 1;
-+}
-+
-+static struct commonio_db subordinate_uid_db = {
-+	"/etc/subuid",		/* filename */
-+	&subordinate_ops,	/* ops */
-+	NULL,			/* fp */
-+#ifdef WITH_SELINUX
-+	NULL,			/* scontext */
-+#endif
-+	NULL,			/* head */
-+	NULL,			/* tail */
-+	NULL,			/* cursor */
-+	false,			/* changed */
-+	false,			/* isopen */
-+	false,			/* locked */
-+	false			/* readonly */
-+};
-+
-+int sub_uid_setdbname (const char *filename)
-+{
-+	return commonio_setname (&subordinate_uid_db, filename);
-+}
-+
-+/*@observer@*/const char *sub_uid_dbname (void)
-+{
-+	return subordinate_uid_db.filename;
-+}
-+
-+bool sub_uid_file_present (void)
-+{
-+	return commonio_present (&subordinate_uid_db);
-+}
-+
-+int sub_uid_lock (void)
-+{
-+	return commonio_lock (&subordinate_uid_db);
-+}
-+
-+int sub_uid_open (int mode)
-+{
-+	return commonio_open (&subordinate_uid_db, mode);
-+}
-+
-+bool is_sub_uid_range_free(uid_t start, unsigned long count)
-+{
-+	return is_range_free (&subordinate_uid_db, start, count);
-+}
-+
-+bool sub_uid_assigned(const char *owner)
-+{
-+	return range_exists (&subordinate_uid_db, owner);
-+}
-+
-+bool have_sub_uids(const char *owner, uid_t start, unsigned long count)
-+{
-+	return have_range (&subordinate_uid_db, owner, start, count);
-+}
-+
-+int sub_uid_add (const char *owner, uid_t start, unsigned long count)
-+{
-+	return add_range (&subordinate_uid_db, owner, start, count);
-+}
-+
-+int sub_uid_remove (const char *owner, uid_t start, unsigned long count)
-+{
-+	return remove_range (&subordinate_uid_db, owner, start, count);
-+}
-+
-+int sub_uid_close (void)
-+{
-+	return commonio_close (&subordinate_uid_db);
-+}
-+
-+int sub_uid_unlock (void)
-+{
-+	return commonio_unlock (&subordinate_uid_db);
-+}
-+
-+uid_t sub_uid_find_free_range(uid_t min, uid_t max, unsigned long count)
-+{
-+	unsigned long start;
-+	start = find_free_range (&subordinate_uid_db, min, max, count);
-+	return start == ULONG_MAX ? (uid_t) -1 : start;
-+}
-+
-+static struct commonio_db subordinate_gid_db = {
-+	"/etc/subgid",		/* filename */
-+	&subordinate_ops,	/* ops */
-+	NULL,			/* fp */
-+#ifdef WITH_SELINUX
-+	NULL,			/* scontext */
-+#endif
-+	NULL,			/* head */
-+	NULL,			/* tail */
-+	NULL,			/* cursor */
-+	false,			/* changed */
-+	false,			/* isopen */
-+	false,			/* locked */
-+	false			/* readonly */
-+};
-+
-+int sub_gid_setdbname (const char *filename)
-+{
-+	return commonio_setname (&subordinate_gid_db, filename);
-+}
-+
-+/*@observer@*/const char *sub_gid_dbname (void)
-+{
-+	return subordinate_gid_db.filename;
-+}
-+
-+bool sub_gid_file_present (void)
-+{
-+	return commonio_present (&subordinate_gid_db);
-+}
-+
-+int sub_gid_lock (void)
-+{
-+	return commonio_lock (&subordinate_gid_db);
-+}
-+
-+int sub_gid_open (int mode)
-+{
-+	return commonio_open (&subordinate_gid_db, mode);
-+}
-+
-+bool is_sub_gid_range_free(gid_t start, unsigned long count)
-+{
-+	return is_range_free (&subordinate_gid_db, start, count);
-+}
-+
-+bool have_sub_gids(const char *owner, gid_t start, unsigned long count)
-+{
-+	return have_range(&subordinate_gid_db, owner, start, count);
-+}
-+
-+bool sub_gid_assigned(const char *owner)
-+{
-+	return range_exists (&subordinate_gid_db, owner);
-+}
-+
-+int sub_gid_add (const char *owner, gid_t start, unsigned long count)
-+{
-+	return add_range (&subordinate_gid_db, owner, start, count);
-+}
-+
-+int sub_gid_remove (const char *owner, gid_t start, unsigned long count)
-+{
-+	return remove_range (&subordinate_gid_db, owner, start, count);
-+}
-+
-+int sub_gid_close (void)
-+{
-+	return commonio_close (&subordinate_gid_db);
-+}
-+
-+int sub_gid_unlock (void)
-+{
-+	return commonio_unlock (&subordinate_gid_db);
-+}
-+
-+gid_t sub_gid_find_free_range(gid_t min, gid_t max, unsigned long count)
-+{
-+	unsigned long start;
-+	start = find_free_range (&subordinate_gid_db, min, max, count);
-+	return start == ULONG_MAX ? (gid_t) -1 : start;
-+}
-Index: shadow/lib/subordinateio.h
-===================================================================
---- /dev/null	1970-01-01 00:00:00.000000000 +0000
-+++ shadow/lib/subordinateio.h	2013-02-01 15:27:51.680080379 -0600
-@@ -0,0 +1,38 @@
-+/*
-+ * Copyright (c) 2012- Eric W. Biederman
-+ */
-+
-+#ifndef _SUBORDINATEIO_H
-+#define _SUBORDINATEIO_H
-+
-+#include <sys/types.h>
-+
-+extern int sub_uid_close(void);
-+extern bool is_sub_uid_range_free(uid_t start, unsigned long count);
-+extern bool have_sub_uids(const char *owner, uid_t start, unsigned long count);
-+extern bool sub_uid_file_present (void);
-+extern bool sub_uid_assigned(const char *owner);
-+extern int sub_uid_lock (void);
-+extern int sub_uid_setdbname (const char *filename);
-+extern /*@observer@*/const char *sub_uid_dbname (void);
-+extern int sub_uid_open (int mode);
-+extern int sub_uid_unlock (void);
-+extern int sub_uid_add (const char *owner, uid_t start, unsigned long count);
-+extern int sub_uid_remove (const char *owner, uid_t start, unsigned long count);
-+extern uid_t sub_uid_find_free_range(uid_t min, uid_t max, unsigned long count);
-+
-+extern int sub_gid_close(void);
-+extern bool is_sub_gid_range_free(gid_t start, unsigned long count);
-+extern bool have_sub_gids(const char *owner, gid_t start, unsigned long count);
-+extern bool sub_gid_file_present (void);
-+extern bool sub_gid_assigned(const char *owner);
-+extern int sub_gid_lock (void);
-+extern int sub_gid_setdbname (const char *filename);
-+extern /*@observer@*/const char *sub_gid_dbname (void);
-+extern int sub_gid_open (int mode);
-+extern int sub_gid_unlock (void);
-+extern int sub_gid_add (const char *owner, gid_t start, unsigned long count);
-+extern int sub_gid_remove (const char *owner, gid_t start, unsigned long count);
-+extern uid_t sub_gid_find_free_range(gid_t min, gid_t max, unsigned long count);
-+
-+#endif

debian/patches/userns/05_userns_implemend_find_new_sub_xids

@@ -1,283 +0,0 @@
-From ebiederm@xmission.com  Tue Jan 22 09:17:02 2013
-Return-Path: <ebiederm@xmission.com>
-X-Original-To: serge@hallyn.com
-Delivered-To: serge@hallyn.com
-Received: by mail.hallyn.com (Postfix, from userid 5001)
-	id 480ABC80F4; Tue, 22 Jan 2013 09:17:02 +0000 (UTC)
-X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on mail
-X-Spam-Level: 
-X-Spam-Status: No, score=0.1 required=8.0 tests=BAD_ENC_HEADER,BAYES_00
-	autolearn=no version=3.3.1
-Received: from out02.mta.xmission.com (out02.mta.xmission.com [166.70.13.232])
-	(using TLSv1 with cipher AES256-SHA (256/256 bits))
-	(No client certificate requested)
-	by mail.hallyn.com (Postfix) with ESMTPS id 90ACFC80D1
-	for <serge@hallyn.com>; Tue, 22 Jan 2013 09:16:57 +0000 (UTC)
-Received: from out01.mta.xmission.com ([166.70.13.231])
-	by out02.mta.xmission.com with esmtps (TLS1.0:RSA_AES_256_CBC_SHA1:32)
-	(Exim 4.76)
-	(envelope-from <ebiederm@xmission.com>)
-	id 1TxZwp-0007cg-9X; Tue, 22 Jan 2013 02:15:15 -0700
-Received: from in02.mta.xmission.com ([166.70.13.52])
-	by out01.mta.xmission.com with esmtps (TLS1.0:RSA_AES_256_CBC_SHA1:32)
-	(Exim 4.76)
-	(envelope-from <ebiederm@xmission.com>)
-	id 1TxZwo-0006DN-OT; Tue, 22 Jan 2013 02:15:14 -0700
-Received: from c-98-207-153-68.hsd1.ca.comcast.net ([98.207.153.68] helo=eric-ThinkPad-X220.xmission.com)
-	by in02.mta.xmission.com with esmtpsa (TLS1.0:DHE_RSA_AES_128_CBC_SHA1:16)
-	(Exim 4.76)
-	(envelope-from <ebiederm@xmission.com>)
-	id 1TxZwj-0004g0-9e; Tue, 22 Jan 2013 02:15:14 -0700
-From: ebiederm@xmission.com (Eric W. Biederman)
-To: Nicolas =?utf-8?Q?Fran=C3=A7ois?= <nicolas.francois@centraliens.net>
-Cc: <Pkg-shadow-devel@lists.alioth.debian.org>,  Linux Containers <containers@lists.linux-foundation.org>,  "Michael Kerrisk \(man-pages\)" <mtk.manpages@gmail.com>,  "Serge E. Hallyn" <serge@hallyn.com>
-References: <87d2wxshu0.fsf@xmission.com>
-Date: Tue, 22 Jan 2013 01:15:05 -0800
-In-Reply-To: <87d2wxshu0.fsf@xmission.com> (Eric W. Biederman's message of
-	"Tue, 22 Jan 2013 01:11:19 -0800")
-Message-ID: <87fw1tr33a.fsf@xmission.com>
-User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/24.1 (gnu/linux)
-MIME-Version: 1.0
-Content-Type: text/plain
-X-XM-AID: U2FsdGVkX19KHX5xUOkaLY5iIEqDVLxZKDTByyA0Xk8=
-X-SA-Exim-Connect-IP: 98.207.153.68
-X-SA-Exim-Mail-From: ebiederm@xmission.com
-Subject: [PATCH 05/11] Implement find_new_sub_uids find_new_sub_gids
-X-SA-Exim-Version: 4.2.1 (built Wed, 14 Nov 2012 14:26:46 -0700)
-X-SA-Exim-Scanned: Yes (on in02.mta.xmission.com)
-X-UID: 2075                                                  
-Status: RO
-Content-Length: 8108
-Lines: 235
-
-
-Functions for finding new subordinate uid and gids ranges for use
-with useradd.
-
-Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com>
----
- lib/prototypes.h            |    9 ++++
- libmisc/Makefile.am         |    2 +
- libmisc/find_new_sub_gids.c |   87 +++++++++++++++++++++++++++++++++++++++++++
- libmisc/find_new_sub_uids.c |   87 +++++++++++++++++++++++++++++++++++++++++++
- 4 files changed, 185 insertions(+), 0 deletions(-)
- create mode 100644 libmisc/find_new_sub_gids.c
- create mode 100644 libmisc/find_new_sub_uids.c
-
-Index: shadow/lib/prototypes.h
-===================================================================
---- shadow.orig/lib/prototypes.h	2013-02-01 15:27:52.044080373 -0600
-+++ shadow/lib/prototypes.h	2013-02-01 15:27:52.040080373 -0600
-@@ -149,6 +149,15 @@
-                          uid_t *uid,
-                          /*@null@*/uid_t const *preferred_uid);
- 
-+/* find_new_sub_gids.c */
-+extern int find_new_sub_gids (const char *owner,
-+			      gid_t *range_start, unsigned long *range_count);
-+
-+/* find_new_sub_uids.c */
-+extern int find_new_sub_uids (const char *owner,
-+			      uid_t *range_start, unsigned long *range_count);
-+
-+
- /* get_gid.c */
- extern int get_gid (const char *gidstr, gid_t *gid);
- 
-Index: shadow/libmisc/Makefile.am
-===================================================================
---- shadow.orig/libmisc/Makefile.am	2013-02-01 15:27:52.044080373 -0600
-+++ shadow/libmisc/Makefile.am	2013-02-01 15:27:52.040080373 -0600
-@@ -25,6 +25,8 @@
- 	failure.h \
- 	find_new_gid.c \
- 	find_new_uid.c \
-+	find_new_sub_gids.c \
-+	find_new_sub_uids.c \
- 	getdate.h \
- 	getdate.y \
- 	getgr_nam_gid.c \
-Index: shadow/libmisc/find_new_sub_gids.c
-===================================================================
---- /dev/null	1970-01-01 00:00:00.000000000 +0000
-+++ shadow/libmisc/find_new_sub_gids.c	2013-02-01 15:27:52.040080373 -0600
-@@ -0,0 +1,87 @@
-+/*
-+ * Copyright (c) 2012 Eric Biederman
-+ *
-+ * Redistribution and use in source and binary forms, with or without
-+ * modification, are permitted provided that the following conditions
-+ * are met:
-+ * 1. Redistributions of source code must retain the above copyright
-+ *    notice, this list of conditions and the following disclaimer.
-+ * 2. Redistributions in binary form must reproduce the above copyright
-+ *    notice, this list of conditions and the following disclaimer in the
-+ *    documentation and/or other materials provided with the distribution.
-+ * 3. The name of the copyright holders or contributors may not be used to
-+ *    endorse or promote products derived from this software without
-+ *    specific prior written permission.
-+ *
-+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
-+ * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
-+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
-+ * PARTICULAR PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE COPYRIGHT
-+ * HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
-+ * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
-+ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
-+ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
-+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
-+ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
-+ */
-+
-+#include <config.h>
-+
-+#include <assert.h>
-+#include <stdio.h>
-+#include <errno.h>
-+
-+#include "prototypes.h"
-+#include "subordinateio.h"
-+#include "getdef.h"
-+
-+/*
-+ * find_new_sub_gids - Find a new unused range of GIDs.
-+ *
-+ * If successful, find_new_sub_gids provides a range of unused
-+ * user IDs in the [SUB_GID_MIN:SUB_GID_MAX] range.
-+ * 
-+ * Return 0 on success, -1 if no unused GIDs are available.
-+ */
-+int find_new_sub_gids (const char *owner,
-+		       gid_t *range_start, unsigned long *range_count)
-+{
-+	unsigned long min, max;
-+	unsigned long count;
-+	gid_t start;
-+
-+	assert (range_start != NULL);
-+	assert (range_count != NULL);
-+
-+	min = getdef_ulong ("SUB_GID_MIN", 100000UL);
-+	max = getdef_ulong ("SUB_GID_MAX", 600100000UL);
-+	count = getdef_ulong ("SUB_GID_COUNT", 10000);
-+
-+	/* Is there a preferred range that works? */
-+	if ((*range_count != 0) &&
-+	    (*range_start >= min) &&
-+	    (((*range_start) + (*range_count) - 1) <= max) &&
-+	    is_sub_gid_range_free(*range_start, *range_count)) {
-+		return 0;
-+	}
-+
-+	if (max < (min + count)) {
-+		(void) fprintf (stderr,
-+				_("%s: Invalid configuration: SUB_GID_MIN (%lu), SUB_GID_MAX (%lu)\n"),
-+			Prog, min, max);
-+		return -1;
-+	}
-+	start = sub_gid_find_free_range(min, max, count);
-+	if (start == (gid_t)-1) {
-+		fprintf (stderr,
-+		         _("%s: Can't get unique secondary GID range\n"),
-+		         Prog);
-+		SYSLOG ((LOG_WARN, "no more available secondary GIDs on the system"));
-+		return -1;
-+	}
-+	*range_start = start;
-+	*range_count = count;
-+	return 0;
-+}
-+
-Index: shadow/libmisc/find_new_sub_uids.c
-===================================================================
---- /dev/null	1970-01-01 00:00:00.000000000 +0000
-+++ shadow/libmisc/find_new_sub_uids.c	2013-02-01 15:27:52.040080373 -0600
-@@ -0,0 +1,87 @@
-+/*
-+ * Copyright (c) 2012 Eric Biederman
-+ *
-+ * Redistribution and use in source and binary forms, with or without
-+ * modification, are permitted provided that the following conditions
-+ * are met:
-+ * 1. Redistributions of source code must retain the above copyright
-+ *    notice, this list of conditions and the following disclaimer.
-+ * 2. Redistributions in binary form must reproduce the above copyright
-+ *    notice, this list of conditions and the following disclaimer in the
-+ *    documentation and/or other materials provided with the distribution.
-+ * 3. The name of the copyright holders or contributors may not be used to
-+ *    endorse or promote products derived from this software without
-+ *    specific prior written permission.
-+ *
-+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
-+ * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
-+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
-+ * PARTICULAR PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE COPYRIGHT
-+ * HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
-+ * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
-+ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
-+ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
-+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
-+ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
-+ */
-+
-+#include <config.h>
-+
-+#include <assert.h>
-+#include <stdio.h>
-+#include <errno.h>
-+
-+#include "prototypes.h"
-+#include "subordinateio.h"
-+#include "getdef.h"
-+
-+/*
-+ * find_new_sub_uids - Find a new unused range of UIDs.
-+ *
-+ * If successful, find_new_sub_uids provides a range of unused
-+ * user IDs in the [SUB_UID_MIN:SUB_UID_MAX] range.
-+ * 
-+ * Return 0 on success, -1 if no unused UIDs are available.
-+ */
-+int find_new_sub_uids (const char *owner,
-+		       uid_t *range_start, unsigned long *range_count)
-+{
-+	unsigned long min, max;
-+	unsigned long count;
-+	uid_t start;
-+
-+	assert (range_start != NULL);
-+	assert (range_count != NULL);
-+
-+	min = getdef_ulong ("SUB_UID_MIN", 100000UL);
-+	max = getdef_ulong ("SUB_UID_MAX", 600100000UL);
-+	count = getdef_ulong ("SUB_UID_COUNT", 10000);
-+
-+	/* Is there a preferred range that works? */
-+	if ((*range_count != 0) &&
-+	    (*range_start >= min) &&
-+	    (((*range_start) + (*range_count) - 1) <= max) &&
-+	    is_sub_uid_range_free(*range_start, *range_count)) {
-+		return 0;
-+	}
-+
-+	if (max < (min + count)) {
-+		(void) fprintf (stderr,
-+				_("%s: Invalid configuration: SUB_UID_MIN (%lu), SUB_UID_MAX (%lu)\n"),
-+			Prog, min, max);
-+		return -1;
-+	}
-+	start = sub_uid_find_free_range(min, max, count);
-+	if (start == (uid_t)-1) {
-+		fprintf (stderr,
-+		         _("%s: Can't get unique secondary UID range\n"),
-+		         Prog);
-+		SYSLOG ((LOG_WARN, "no more available secondary UIDs on the system"));
-+		return -1;
-+	}
-+	*range_start = start;
-+	*range_count = count;
-+	return 0;
-+}
-+

debian/patches/userns/06_userns_userdel

@@ -1,236 +0,0 @@
-From ebiederm@xmission.com  Tue Jan 22 09:18:47 2013
-Return-Path: <ebiederm@xmission.com>
-X-Original-To: serge@hallyn.com
-Delivered-To: serge@hallyn.com
-Received: by mail.hallyn.com (Postfix, from userid 5001)
-	id F2E6AC80F6; Tue, 22 Jan 2013 09:18:46 +0000 (UTC)
-X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on mail
-X-Spam-Level: 
-X-Spam-Status: No, score=0.1 required=8.0 tests=BAD_ENC_HEADER,BAYES_00
-	autolearn=no version=3.3.1
-Received: from out02.mta.xmission.com (out02.mta.xmission.com [166.70.13.232])
-	(using TLSv1 with cipher AES256-SHA (256/256 bits))
-	(No client certificate requested)
-	by mail.hallyn.com (Postfix) with ESMTPS id 996B1C80D1
-	for <serge@hallyn.com>; Tue, 22 Jan 2013 09:18:42 +0000 (UTC)
-Received: from out03.mta.xmission.com ([166.70.13.233])
-	by out02.mta.xmission.com with esmtps (TLS1.0:RSA_AES_256_CBC_SHA1:32)
-	(Exim 4.76)
-	(envelope-from <ebiederm@xmission.com>)
-	id 1TxZyW-0008Bi-3X; Tue, 22 Jan 2013 02:17:00 -0700
-Received: from in02.mta.xmission.com ([166.70.13.52])
-	by out03.mta.xmission.com with esmtps (TLS1.0:RSA_AES_256_CBC_SHA1:32)
-	(Exim 4.76)
-	(envelope-from <ebiederm@xmission.com>)
-	id 1TxZyU-0005NA-Qm; Tue, 22 Jan 2013 02:16:59 -0700
-Received: from c-98-207-153-68.hsd1.ca.comcast.net ([98.207.153.68] helo=eric-ThinkPad-X220.xmission.com)
-	by in02.mta.xmission.com with esmtpsa (TLS1.0:DHE_RSA_AES_128_CBC_SHA1:16)
-	(Exim 4.76)
-	(envelope-from <ebiederm@xmission.com>)
-	id 1TxZyQ-0004qs-T1; Tue, 22 Jan 2013 02:16:58 -0700
-From: ebiederm@xmission.com (Eric W. Biederman)
-To: Nicolas =?utf-8?Q?Fran=C3=A7ois?= <nicolas.francois@centraliens.net>
-Cc: <Pkg-shadow-devel@lists.alioth.debian.org>,  Linux Containers <containers@lists.linux-foundation.org>,  "Michael Kerrisk \(man-pages\)" <mtk.manpages@gmail.com>,  "Serge E. Hallyn" <serge@hallyn.com>
-References: <87d2wxshu0.fsf@xmission.com>
-Date: Tue, 22 Jan 2013 01:16:51 -0800
-In-Reply-To: <87d2wxshu0.fsf@xmission.com> (Eric W. Biederman's message of
-	"Tue, 22 Jan 2013 01:11:19 -0800")
-Message-ID: <878v7lr30c.fsf@xmission.com>
-User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/24.1 (gnu/linux)
-MIME-Version: 1.0
-Content-Type: text/plain
-X-XM-AID: U2FsdGVkX1/1l7dElNy9uNLAXx8eC28OMs/pxPM8NEo=
-X-SA-Exim-Connect-IP: 98.207.153.68
-X-SA-Exim-Mail-From: ebiederm@xmission.com
-Subject: [PATCH 06/11] userdel: Add support for removing subordinate user and group ids.
-X-SA-Exim-Version: 4.2.1 (built Wed, 14 Nov 2012 14:26:46 -0700)
-X-SA-Exim-Scanned: Yes (on in02.mta.xmission.com)
-X-UID: 2076                                        
-Status: O
-Content-Length: 5573
-Lines: 186
-
-
-Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com>
----
- src/userdel.c |  115 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++
- 1 files changed, 115 insertions(+), 0 deletions(-)
-
-Index: shadow/src/userdel.c
-===================================================================
---- shadow.orig/src/userdel.c	2013-02-01 15:27:52.380080367 -0600
-+++ shadow/src/userdel.c	2013-02-01 15:27:52.372080367 -0600
-@@ -65,6 +65,7 @@
- #endif				/* WITH_TCB */
- /*@-exitarg@*/
- #include "exitcodes.h"
-+#include "subordinateio.h"
- 
- /*
-  * exit status values
-@@ -75,6 +76,8 @@
- #define E_GRP_UPDATE	10	/* can't update group file */
- #define E_HOMEDIR	12	/* can't remove home directory */
- #define E_SE_UPDATE	14	/* can't update SELinux user mapping */
-+#define E_SUB_UID_UPDATE 16	/* can't update the subordinate uid file */
-+#define E_SUB_GID_UPDATE 18	/* can't update the subordinate gid file */
- 
- /*
-  * Global variables
-@@ -96,9 +99,13 @@
- static bool is_shadow_grp;
- static bool sgr_locked = false;
- #endif				/* SHADOWGRP */
-+static bool is_sub_uid;
-+static bool is_sub_gid;
- static bool pw_locked  = false;
- static bool gr_locked   = false;
- static bool spw_locked  = false;
-+static bool sub_uid_locked = false;
-+static bool sub_gid_locked = false;
- 
- /* local function prototypes */
- static void usage (int status);
-@@ -437,6 +444,34 @@
- 		sgr_locked = false;
- 	}
- #endif				/* SHADOWGRP */
-+
-+	if (is_sub_uid) {
-+		if (sub_uid_close () == 0) {
-+			fprintf (stderr, _("%s: failure while writing changes to %s\n"), Prog, sub_uid_dbname ());
-+			SYSLOG ((LOG_ERR, "failure while writing changes to %s", sub_uid_dbname ()));
-+			fail_exit (E_SUB_UID_UPDATE);
-+		}
-+		if (sub_uid_unlock () == 0) {
-+			fprintf (stderr, _("%s: failed to unlock %s\n"), Prog, sub_uid_dbname ());
-+			SYSLOG ((LOG_ERR, "failed to unlock %s", sub_uid_dbname ()));
-+			/* continue */
-+		}
-+		sub_uid_locked = false;
-+	}
-+
-+	if (is_sub_gid) {
-+		if (sub_gid_close () == 0) {
-+			fprintf (stderr, _("%s: failure while writing changes to %s\n"), Prog, sub_gid_dbname ());
-+			SYSLOG ((LOG_ERR, "failure while writing changes to %s", sub_gid_dbname ()));
-+			fail_exit (E_SUB_GID_UPDATE);
-+		}
-+		if (sub_gid_unlock () == 0) {
-+			fprintf (stderr, _("%s: failed to unlock %s\n"), Prog, sub_gid_dbname ());
-+			SYSLOG ((LOG_ERR, "failed to unlock %s", sub_gid_dbname ()));
-+			/* continue */
-+		}
-+		sub_gid_locked = false;
-+	}
- }
- 
- /*
-@@ -474,6 +509,20 @@
- 		}
- 	}
- #endif				/* SHADOWGRP */
-+	if (sub_uid_locked) {
-+		if (sub_uid_unlock () == 0) {
-+			fprintf (stderr, _("%s: failed to unlock %s\n"), Prog, sub_uid_dbname ());
-+			SYSLOG ((LOG_ERR, "failed to unlock %s", sub_uid_dbname ()));
-+			/* continue */
-+		}
-+	}
-+	if (sub_gid_locked) {
-+		if (sub_gid_unlock () == 0) {
-+			fprintf (stderr, _("%s: failed to unlock %s\n"), Prog, sub_gid_dbname ());
-+			SYSLOG ((LOG_ERR, "failed to unlock %s", sub_gid_dbname ()));
-+			/* continue */
-+		}
-+	}
- 
- #ifdef WITH_AUDIT
- 	audit_logger (AUDIT_DEL_USER, Prog,
-@@ -595,6 +644,58 @@
- 		}
- 	}
- #endif				/* SHADOWGRP */
-+	if (is_sub_uid) {
-+		if (sub_uid_lock () == 0) {
-+			fprintf (stderr,
-+				_("%s: cannot lock %s; try again later.\n"),
-+				Prog, sub_uid_dbname ());
-+#ifdef WITH_AUDIT
-+			audit_logger (AUDIT_DEL_USER, Prog,
-+				"locking subordinate user file",
-+				user_name, (unsigned int) user_id,
-+				SHADOW_AUDIT_FAILURE);
-+#endif				/* WITH_AUDIT */
-+			fail_exit (E_SUB_UID_UPDATE);
-+		}
-+		sub_uid_locked = true;
-+		if (sub_uid_open (O_RDWR) == 0) {
-+			fprintf (stderr,
-+				_("%s: cannot open %s\n"), Prog, sub_uid_dbname ());
-+#ifdef WITH_AUDIT
-+			audit_logger (AUDIT_DEL_USER, Prog,
-+				"opening subordinate user file",
-+				user_name, (unsigned int) user_id,
-+				SHADOW_AUDIT_FAILURE);
-+#endif				/* WITH_AUDIT */
-+			fail_exit (E_SUB_UID_UPDATE);
-+		}
-+	}
-+	if (is_sub_gid) {
-+		if (sub_gid_lock () == 0) {
-+			fprintf (stderr,
-+				_("%s: cannot lock %s; try again later.\n"),
-+				Prog, sub_gid_dbname ());
-+#ifdef WITH_AUDIT
-+			audit_logger (AUDIT_DEL_USER, Prog,
-+				"locking subordinate group file",
-+				user_name, (unsigned int) user_id,
-+				SHADOW_AUDIT_FAILURE);
-+#endif				/* WITH_AUDIT */
-+			fail_exit (E_SUB_GID_UPDATE);
-+		}
-+		sub_gid_locked = true;
-+		if (sub_gid_open (O_RDWR) == 0) {
-+			fprintf (stderr,
-+				_("%s: cannot open %s\n"), Prog, sub_gid_dbname ());
-+#ifdef WITH_AUDIT
-+			audit_logger (AUDIT_DEL_USER, Prog,
-+				"opening subordinate group file",
-+				user_name, (unsigned int) user_id,
-+				SHADOW_AUDIT_FAILURE);
-+#endif				/* WITH_AUDIT */
-+			fail_exit (E_SUB_GID_UPDATE);
-+		}
-+	}
- }
- 
- /*
-@@ -619,6 +720,18 @@
- 		         Prog, user_name, spw_dbname ());
- 		fail_exit (E_PW_UPDATE);
- 	}
-+	if (is_sub_uid && sub_uid_remove(user_name, 0, ULONG_MAX) == 0) {
-+		fprintf (stderr,
-+			_("%s: cannot remove entry %lu from %s\n"),
-+			Prog, (unsigned long)user_id, sub_uid_dbname ());
-+		fail_exit (E_SUB_UID_UPDATE);
-+	}
-+	if (is_sub_gid && sub_gid_remove(user_name, 0, ULONG_MAX) == 0) {
-+		fprintf (stderr,
-+			_("%s: cannot remove entry %lu from %s\n"),
-+			Prog, (unsigned long)user_id, sub_gid_dbname ());
-+		fail_exit (E_SUB_GID_UPDATE);
-+	}
- #ifdef WITH_AUDIT
- 	audit_logger (AUDIT_DEL_USER, Prog,
- 	              "deleting user entries",
-@@ -966,6 +1079,8 @@
- #ifdef SHADOWGRP
- 	is_shadow_grp = sgr_file_present ();
- #endif				/* SHADOWGRP */
-+	is_sub_uid = sub_uid_file_present ();
-+	is_sub_gid = sub_gid_file_present ();
- 
- 	/*
- 	 * Start with a quick check to see if the user exists.

debian/patches/userns/07_userns_useradd

@@ -1,285 +0,0 @@
-From ebiederm@xmission.com  Tue Jan 22 09:19:29 2013
-Return-Path: <ebiederm@xmission.com>
-X-Original-To: serge@hallyn.com
-Delivered-To: serge@hallyn.com
-Received: by mail.hallyn.com (Postfix, from userid 5001)
-	id 61652C80DB; Tue, 22 Jan 2013 09:19:29 +0000 (UTC)
-X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on mail
-X-Spam-Level: 
-X-Spam-Status: No, score=0.1 required=8.0 tests=BAD_ENC_HEADER,BAYES_00
-	autolearn=no version=3.3.1
-Received: from out02.mta.xmission.com (out02.mta.xmission.com [166.70.13.232])
-	(using TLSv1 with cipher AES256-SHA (256/256 bits))
-	(No client certificate requested)
-	by mail.hallyn.com (Postfix) with ESMTPS id E0ABBC80F4
-	for <serge@hallyn.com>; Tue, 22 Jan 2013 09:19:23 +0000 (UTC)
-Received: from out03.mta.xmission.com ([166.70.13.233])
-	by out02.mta.xmission.com with esmtps (TLS1.0:RSA_AES_256_CBC_SHA1:32)
-	(Exim 4.76)
-	(envelope-from <ebiederm@xmission.com>)
-	id 1TxZzB-0008QG-Kq; Tue, 22 Jan 2013 02:17:41 -0700
-Received: from in02.mta.xmission.com ([166.70.13.52])
-	by out03.mta.xmission.com with esmtps (TLS1.0:RSA_AES_256_CBC_SHA1:32)
-	(Exim 4.76)
-	(envelope-from <ebiederm@xmission.com>)
-	id 1TxZz7-0005Ui-1H; Tue, 22 Jan 2013 02:17:37 -0700
-Received: from c-98-207-153-68.hsd1.ca.comcast.net ([98.207.153.68] helo=eric-ThinkPad-X220.xmission.com)
-	by in02.mta.xmission.com with esmtpsa (TLS1.0:DHE_RSA_AES_128_CBC_SHA1:16)
-	(Exim 4.76)
-	(envelope-from <ebiederm@xmission.com>)
-	id 1TxZz4-0004tF-BP; Tue, 22 Jan 2013 02:17:36 -0700
-From: ebiederm@xmission.com (Eric W. Biederman)
-To: Nicolas =?utf-8?Q?Fran=C3=A7ois?= <nicolas.francois@centraliens.net>
-Cc: <Pkg-shadow-devel@lists.alioth.debian.org>,  Linux Containers <containers@lists.linux-foundation.org>,  "Michael Kerrisk \(man-pages\)" <mtk.manpages@gmail.com>,  "Serge E. Hallyn" <serge@hallyn.com>
-References: <87d2wxshu0.fsf@xmission.com>
-Date: Tue, 22 Jan 2013 01:17:30 -0800
-In-Reply-To: <87d2wxshu0.fsf@xmission.com> (Eric W. Biederman's message of
-	"Tue, 22 Jan 2013 01:11:19 -0800")
-Message-ID: <8738xtr2z9.fsf@xmission.com>
-User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/24.1 (gnu/linux)
-MIME-Version: 1.0
-Content-Type: text/plain
-X-XM-AID: U2FsdGVkX1/Jm5H2PcjgcLXEyKh9YL3DVs2WZBJhDB8=
-X-SA-Exim-Connect-IP: 98.207.153.68
-X-SA-Exim-Mail-From: ebiederm@xmission.com
-Subject: [PATCH 07/11] useradd: Add support for subordinate user identifiers
-X-SA-Exim-Version: 4.2.1 (built Wed, 14 Nov 2012 14:26:46 -0700)
-X-SA-Exim-Scanned: Yes (on in02.mta.xmission.com)
-X-UID: 2077                                                  
-Status: RO
-Content-Length: 6886
-Lines: 235
-
-
-Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com>
----
- src/useradd.c |  141 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++-
- 1 files changed, 140 insertions(+), 1 deletions(-)
-
-Index: shadow/src/useradd.c
-===================================================================
---- shadow.orig/src/useradd.c	2013-02-01 15:27:52.668080362 -0600
-+++ shadow/src/useradd.c	2013-02-01 15:27:52.660080362 -0600
-@@ -65,6 +65,7 @@
- #include "sgroupio.h"
- #endif
- #include "shadowio.h"
-+#include "subordinateio.h"
- #ifdef WITH_TCB
- #include "tcbfuncs.h"
- #endif
-@@ -121,12 +122,20 @@
- static bool is_shadow_grp;
- static bool sgr_locked = false;
- #endif
-+static bool is_sub_uid = false;
-+static bool is_sub_gid = false;
- static bool pw_locked = false;
- static bool gr_locked = false;
- static bool spw_locked = false;
-+static bool sub_uid_locked = false;
-+static bool sub_gid_locked = false;
- static char **user_groups;	/* NULL-terminated list */
- static long sys_ngroups;
- static bool do_grp_update = false;	/* group files need to be updated */
-+static uid_t sub_uid_start;	/* New subordinate uid range */
-+static unsigned long sub_uid_count;
-+static gid_t sub_gid_start;	/* New subordinate gid range */
-+static unsigned long sub_gid_count;
- 
- static bool
-     bflg = false,		/* new default root of home directory */
-@@ -168,6 +177,8 @@
- #define E_GRP_UPDATE	10	/* can't update group file */
- #define E_HOMEDIR	12	/* can't create home directory */
- #define E_SE_UPDATE	14	/* can't update SELinux user mapping */
-+#define E_SUB_UID_UPDATE 16	/* can't update the subordinate uid file */
-+#define E_SUB_GID_UPDATE 18	/* can't update the subordinate gid file */
- 
- #define DGROUP			"GROUP="
- #define DHOME			"HOME="
-@@ -268,6 +279,32 @@
- 		}
- 	}
- #endif
-+	if (sub_uid_locked) {
-+		if (sub_uid_unlock () == 0) {
-+			fprintf (stderr, _("%s: failed to unlock %s\n"), Prog, sub_uid_dbname ());
-+			SYSLOG ((LOG_ERR, "failed to unlock %s", sub_uid_dbname ()));
-+#ifdef WITH_AUDIT
-+			audit_logger (AUDIT_ADD_USER, Prog,
-+			              "unlocking subodinate user file",
-+			              user_name, AUDIT_NO_ID,
-+			              SHADOW_AUDIT_FAILURE);
-+#endif
-+			/* continue */
-+		}
-+	}
-+	if (sub_gid_locked) {
-+		if (sub_gid_unlock () == 0) {
-+			fprintf (stderr, _("%s: failed to unlock %s\n"), Prog, sub_gid_dbname ());
-+			SYSLOG ((LOG_ERR, "failed to unlock %s", sub_gid_dbname ()));
-+#ifdef WITH_AUDIT
-+			audit_logger (AUDIT_ADD_USER, Prog,
-+			              "unlocking subodinate group file",
-+			              user_name, AUDIT_NO_ID,
-+			              SHADOW_AUDIT_FAILURE);
-+#endif
-+			/* continue */
-+		}
-+	}
- 
- #ifdef WITH_AUDIT
- 	audit_logger (AUDIT_ADD_USER, Prog,
-@@ -1379,6 +1416,18 @@
- 		}
- #endif
- 	}
-+	if (is_sub_uid  && (sub_uid_close () == 0)) {
-+		fprintf (stderr,
-+		         _("%s: failure while writing changes to %s\n"), Prog, sub_uid_dbname ());
-+		SYSLOG ((LOG_ERR, "failure while writing changes to %s", sub_uid_dbname ()));
-+		fail_exit (E_SUB_UID_UPDATE);
-+	}
-+	if (is_sub_gid  && (sub_gid_close () == 0)) {
-+		fprintf (stderr,
-+		         _("%s: failure while writing changes to %s\n"), Prog, sub_gid_dbname ());
-+		SYSLOG ((LOG_ERR, "failure while writing changes to %s", sub_gid_dbname ()));
-+		fail_exit (E_SUB_GID_UPDATE);
-+	}
- 	if (is_shadow_pwd) {
- 		if (spw_unlock () == 0) {
- 			fprintf (stderr, _("%s: failed to unlock %s\n"), Prog, spw_dbname ());
-@@ -1433,6 +1482,34 @@
- 		sgr_locked = false;
- 	}
- #endif
-+	if (is_sub_uid) {
-+		if (sub_uid_unlock () == 0) {
-+			fprintf (stderr, _("%s: failed to unlock %s\n"), Prog, sub_uid_dbname ());
-+			SYSLOG ((LOG_ERR, "failed to unlock %s", sub_uid_dbname ()));
-+#ifdef WITH_AUDIT
-+			audit_logger (AUDIT_ADD_USER, Prog,
-+				"unlocking subordinate user file",
-+				user_name, AUDIT_NO_ID,
-+				SHADOW_AUDIT_FAILURE);
-+#endif
-+			/* continue */
-+		}
-+		sub_uid_locked = false;
-+	}
-+	if (is_sub_gid) {
-+		if (sub_gid_unlock () == 0) {
-+			fprintf (stderr, _("%s: failed to unlock %s\n"), Prog, sub_gid_dbname ());
-+			SYSLOG ((LOG_ERR, "failed to unlock %s", sub_gid_dbname ()));
-+#ifdef WITH_AUDIT
-+			audit_logger (AUDIT_ADD_USER, Prog,
-+				"unlocking subordinate group file",
-+				user_name, AUDIT_NO_ID,
-+				SHADOW_AUDIT_FAILURE);
-+#endif
-+			/* continue */
-+		}
-+		sub_gid_locked = false;
-+	}
- }
- 
- /*
-@@ -1487,6 +1564,36 @@
- 		}
- 	}
- #endif
-+	if (is_sub_uid) {
-+		if (sub_uid_lock () == 0) {
-+			fprintf (stderr,
-+			         _("%s: cannot lock %s; try again later.\n"),
-+			         Prog, sub_uid_dbname ());
-+			fail_exit (E_SUB_UID_UPDATE);
-+		}
-+		sub_uid_locked = true;
-+		if (sub_uid_open (O_RDWR) == 0) {
-+			fprintf (stderr,
-+			         _("%s: cannot open %s\n"),
-+			         Prog, sub_uid_dbname ());
-+			fail_exit (E_SUB_UID_UPDATE);
-+		}
-+	}
-+	if (is_sub_gid) {
-+		if (sub_gid_lock () == 0) {
-+			fprintf (stderr,
-+			         _("%s: cannot lock %s; try again later.\n"),
-+			         Prog, sub_gid_dbname ());
-+			fail_exit (E_SUB_GID_UPDATE);
-+		}
-+		sub_gid_locked = true;
-+		if (sub_gid_open (O_RDWR) == 0) {
-+			fprintf (stderr,
-+			         _("%s: cannot open %s\n"),
-+			         Prog, sub_gid_dbname ());
-+			fail_exit (E_SUB_GID_UPDATE);
-+		}
-+	}
- }
- 
- static void open_shadow (void)
-@@ -1733,13 +1840,27 @@
- #endif
- 		fail_exit (E_PW_UPDATE);
- 	}
-+	if (is_sub_uid &&
-+	    (sub_uid_add(user_name, sub_uid_start, sub_uid_count) == 0)) {
-+		fprintf (stderr,
-+		         _("%s: failed to prepare the new %s entry\n"),
-+		         Prog, sub_uid_dbname ());
-+		fail_exit (E_SUB_UID_UPDATE);
-+	}
-+	if (is_sub_gid &&
-+	    (sub_gid_add(user_name, sub_gid_start, sub_gid_count) == 0)) {
-+		fprintf (stderr,
-+		         _("%s: failed to prepare the new %s entry\n"),
-+		         Prog, sub_uid_dbname ());
-+		fail_exit (E_SUB_GID_UPDATE);
-+	}
-+
- #ifdef WITH_AUDIT
- 	audit_logger (AUDIT_ADD_USER, Prog,
- 	              "adding user",
- 	              user_name, (unsigned int) user_id,
- 	              SHADOW_AUDIT_SUCCESS);
- #endif
--
- 	/*
- 	 * Do any group file updates for this user.
- 	 */
-@@ -1885,6 +2006,8 @@
- #ifdef SHADOWGRP
- 	is_shadow_grp = sgr_file_present ();
- #endif
-+	is_sub_uid = sub_uid_file_present ();
-+	is_sub_gid = sub_gid_file_present ();
- 
- 	get_defaults ();
- 
-@@ -2035,6 +2158,22 @@
- 		grp_add ();
- 	}
- 
-+	if (is_sub_uid) {
-+		if (find_new_sub_uids(user_name, &sub_uid_start, &sub_uid_count) < 0) {
-+			fprintf (stderr,
-+				_("%s: can't find subordinate user range\n"),
-+				Prog);
-+			fail_exit(E_SUB_UID_UPDATE);
-+		}
-+	}
-+	if (is_sub_gid) {
-+		if (find_new_sub_gids(user_name, &sub_gid_start, &sub_gid_count) < 0) {
-+			fprintf (stderr,
-+				_("%s: can't find subordinate group range\n"),
-+				Prog);
-+			fail_exit(E_SUB_GID_UPDATE);
-+		}
-+	}
- 	usr_update ();
- 
- 	if (mflg) {

debian/patches/userns/08_userns_detect_busy_subids

@@ -1,133 +0,0 @@
-From ebiederm@xmission.com  Tue Jan 22 09:19:49 2013
-Return-Path: <ebiederm@xmission.com>
-X-Original-To: serge@hallyn.com
-Delivered-To: serge@hallyn.com
-Received: by mail.hallyn.com (Postfix, from userid 5001)
-	id E0EA3C80F4; Tue, 22 Jan 2013 09:19:49 +0000 (UTC)
-X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on mail
-X-Spam-Level: 
-X-Spam-Status: No, score=-2.2 required=8.0 tests=BAD_ENC_HEADER,BAYES_00,
-	RCVD_IN_DNSWL_MED autolearn=ham version=3.3.1
-Received: from out02.mta.xmission.com (out02.mta.xmission.com [166.70.13.232])
-	(using TLSv1 with cipher AES256-SHA (256/256 bits))
-	(No client certificate requested)
-	by mail.hallyn.com (Postfix) with ESMTPS id 1A2C7C80D1
-	for <serge@hallyn.com>; Tue, 22 Jan 2013 09:19:46 +0000 (UTC)
-Received: from out03.mta.xmission.com ([166.70.13.233])
-	by out02.mta.xmission.com with esmtps (TLS1.0:RSA_AES_256_CBC_SHA1:32)
-	(Exim 4.76)
-	(envelope-from <ebiederm@xmission.com>)
-	id 1TxZzX-00006D-G7; Tue, 22 Jan 2013 02:18:03 -0700
-Received: from in02.mta.xmission.com ([166.70.13.52])
-	by out03.mta.xmission.com with esmtps (TLS1.0:RSA_AES_256_CBC_SHA1:32)
-	(Exim 4.76)
-	(envelope-from <ebiederm@xmission.com>)
-	id 1TxZzV-0005Zh-Qq; Tue, 22 Jan 2013 02:18:02 -0700
-Received: from c-98-207-153-68.hsd1.ca.comcast.net ([98.207.153.68] helo=eric-ThinkPad-X220.xmission.com)
-	by in02.mta.xmission.com with esmtpsa (TLS1.0:DHE_RSA_AES_128_CBC_SHA1:16)
-	(Exim 4.76)
-	(envelope-from <ebiederm@xmission.com>)
-	id 1TxZzN-0004ul-H6; Tue, 22 Jan 2013 02:18:01 -0700
-From: ebiederm@xmission.com (Eric W. Biederman)
-To: Nicolas =?utf-8?Q?Fran=C3=A7ois?= <nicolas.francois@centraliens.net>
-Cc: <Pkg-shadow-devel@lists.alioth.debian.org>,  Linux Containers <containers@lists.linux-foundation.org>,  "Michael Kerrisk \(man-pages\)" <mtk.manpages@gmail.com>,  "Serge E. Hallyn" <serge@hallyn.com>
-References: <87d2wxshu0.fsf@xmission.com>
-Date: Tue, 22 Jan 2013 01:17:50 -0800
-In-Reply-To: <87d2wxshu0.fsf@xmission.com> (Eric W. Biederman's message of
-	"Tue, 22 Jan 2013 01:11:19 -0800")
-Message-ID: <87y5flpoe9.fsf@xmission.com>
-User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/24.1 (gnu/linux)
-MIME-Version: 1.0
-Content-Type: text/plain
-X-XM-AID: U2FsdGVkX1/ZWJZMWIVV2ekPIrRQjHLl4Oh/kdyWJUw=
-X-SA-Exim-Connect-IP: 98.207.153.68
-X-SA-Exim-Mail-From: ebiederm@xmission.com
-Subject: [PATCH 08/11] Add support for detecting busy subordinate user ids
-X-SA-Exim-Version: 4.2.1 (built Wed, 14 Nov 2012 14:26:46 -0700)
-X-SA-Exim-Scanned: Yes (on in02.mta.xmission.com)
-X-UID: 2078                                        
-Status: RO
-Content-Length: 2655
-Lines: 83
-
-
-Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com>
----
- libmisc/user_busy.c |   18 +++++++++++++-----
- 1 files changed, 13 insertions(+), 5 deletions(-)
-
-Index: shadow/libmisc/user_busy.c
-===================================================================
---- shadow.orig/libmisc/user_busy.c	2013-02-01 15:27:52.952080357 -0600
-+++ shadow/libmisc/user_busy.c	2013-02-01 15:27:52.948080357 -0600
-@@ -38,11 +38,13 @@
- #include <stdio.h>
- #include <sys/types.h>
- #include <dirent.h>
-+#include <fcntl.h>
- #include "defines.h"
- #include "prototypes.h"
-+#include "subordinateio.h"
- 
- #ifdef __linux__
--static int check_status (const char *sname, uid_t uid);
-+static int check_status (const char *name, const char *sname, uid_t uid);
- static int user_busy_processes (const char *name, uid_t uid);
- #else				/* !__linux__ */
- static int user_busy_utmp (const char *name);
-@@ -102,7 +104,7 @@
- #endif				/* !__linux__ */
- 
- #ifdef __linux__
--static int check_status (const char *sname, uid_t uid)
-+static int check_status (const char *name, const char *sname, uid_t uid)
- {
- 	/* 40: /proc/xxxxxxxxxx/task/xxxxxxxxxx/status + \0 */
- 	char status[40];
-@@ -125,7 +127,10 @@
- 			            &ruid, &euid, &suid) == 3) {
- 				if (   (ruid == (unsigned long) uid)
- 				    || (euid == (unsigned long) uid)
--				    || (suid == (unsigned long) uid)) {
-+				    || (suid == (unsigned long) uid)
-+				    || have_sub_uids(name, ruid, 1)
-+				    || have_sub_uids(name, euid, 1)
-+				    || have_sub_uids(name, suid, 1)) {
- 					(void) fclose (sfile);
- 					return 1;
- 				}
-@@ -153,6 +158,8 @@
- 	struct stat sbroot;
- 	struct stat sbroot_process;
- 
-+	sub_uid_open (O_RDONLY);
-+
- 	proc = opendir ("/proc");
- 	if (proc == NULL) {
- 		perror ("opendir /proc");
-@@ -196,7 +203,7 @@
- 			continue;
- 		}
- 
--		if (check_status (tmp_d_name, uid) != 0) {
-+		if (check_status (name, tmp_d_name, uid) != 0) {
- 			(void) closedir (proc);
- 			fprintf (stderr,
- 			         _("%s: user %s is currently used by process %d\n"),
-@@ -216,7 +223,7 @@
- 				if (tid == pid) {
- 					continue;
- 				}
--				if (check_status (task_path+6, uid) != 0) {
-+				if (check_status (name, task_path+6, uid) != 0) {
- 					(void) closedir (proc);
- 					fprintf (stderr,
- 					         _("%s: user %s is currently used by process %d\n"),
-@@ -231,6 +238,7 @@
- 	}
- 
- 	(void) closedir (proc);
-+	sub_uid_close();
- 	return 0;
- }
- #endif				/* __linux__ */

debian/patches/userns/09_userns_usermod

@@ -1,536 +0,0 @@
-From ebiederm@xmission.com  Tue Jan 22 09:20:27 2013
-Return-Path: <ebiederm@xmission.com>
-X-Original-To: serge@hallyn.com
-Delivered-To: serge@hallyn.com
-Received: by mail.hallyn.com (Postfix, from userid 5001)
-	id 8625BC80F4; Tue, 22 Jan 2013 09:20:27 +0000 (UTC)
-X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on mail
-X-Spam-Level: 
-X-Spam-Status: No, score=0.1 required=8.0 tests=BAD_ENC_HEADER,BAYES_00
-	autolearn=no version=3.3.1
-Received: from out02.mta.xmission.com (out02.mta.xmission.com [166.70.13.232])
-	(using TLSv1 with cipher AES256-SHA (256/256 bits))
-	(No client certificate requested)
-	by mail.hallyn.com (Postfix) with ESMTPS id 69CACC80D1
-	for <serge@hallyn.com>; Tue, 22 Jan 2013 09:20:23 +0000 (UTC)
-Received: from in02.mta.xmission.com ([166.70.13.52])
-	by out02.mta.xmission.com with esmtps (TLS1.0:RSA_AES_256_CBC_SHA1:32)
-	(Exim 4.76)
-	(envelope-from <ebiederm@xmission.com>)
-	id 1Txa08-0000JL-Uo; Tue, 22 Jan 2013 02:18:41 -0700
-Received: from c-98-207-153-68.hsd1.ca.comcast.net ([98.207.153.68] helo=eric-ThinkPad-X220.xmission.com)
-	by in02.mta.xmission.com with esmtpsa (TLS1.0:DHE_RSA_AES_128_CBC_SHA1:16)
-	(Exim 4.76)
-	(envelope-from <ebiederm@xmission.com>)
-	id 1TxZzw-0004wm-8g; Tue, 22 Jan 2013 02:18:40 -0700
-From: ebiederm@xmission.com (Eric W. Biederman)
-To: Nicolas =?utf-8?Q?Fran=C3=A7ois?= <nicolas.francois@centraliens.net>
-Cc: <Pkg-shadow-devel@lists.alioth.debian.org>,  Linux Containers <containers@lists.linux-foundation.org>,  "Michael Kerrisk \(man-pages\)" <mtk.manpages@gmail.com>,  "Serge E. Hallyn" <serge@hallyn.com>
-References: <87d2wxshu0.fsf@xmission.com>
-Date: Tue, 22 Jan 2013 01:18:24 -0800
-In-Reply-To: <87d2wxshu0.fsf@xmission.com> (Eric W. Biederman's message of
-	"Tue, 22 Jan 2013 01:11:19 -0800")
-Message-ID: <87sj5tpodb.fsf@xmission.com>
-User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/24.1 (gnu/linux)
-MIME-Version: 1.0
-Content-Type: text/plain
-X-XM-AID: U2FsdGVkX1/EkNiL4owL54HOscHbdbK8RucFTofOBo8=
-X-SA-Exim-Connect-IP: 98.207.153.68
-X-SA-Exim-Mail-From: ebiederm@xmission.com
-Subject: [PATCH 09/11] usermod: Add support for subordinate uids and gids.
-X-SA-Exim-Version: 4.2.1 (built Wed, 14 Nov 2012 14:26:46 -0700)
-X-SA-Exim-Scanned: Yes (on in02.mta.xmission.com)
-X-UID: 2079                                        
-Status: O
-Content-Length: 15455
-Lines: 491
-
-
-Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com>
----
- man/usermod.8.xml |   80 +++++++++++++++++
- src/usermod.c     |  255 ++++++++++++++++++++++++++++++++++++++++++++++++++++-
- 2 files changed, 332 insertions(+), 3 deletions(-)
-
-Index: shadow/man/usermod.8.xml
-===================================================================
---- shadow.orig/man/usermod.8.xml	2013-02-01 15:27:53.240080352 -0600
-+++ shadow/man/usermod.8.xml	2013-02-01 15:27:53.232080353 -0600
-@@ -391,6 +391,86 @@
-       </varlistentry>
-       <varlistentry>
- 	<term>
-+	  <option>-v</option>, <option>--add-sub-uids</option>
-+	  <replaceable>FIRST</replaceable>-<replaceable>LAST</replaceable>
-+	</term>
-+	<listitem>
-+	  <para>
-+	    Add a range of subordinate uids to the users account. 
-+	  </para>
-+	  <para>
-+	    This option may be specified multiple times to add multiple ranges to a users account.
-+	  </para>
-+	  <para>
-+	     No checks will be performed with regard to
-+	     <option>SUB_UID_MIN</option>, <option>SUB_UID_MAX</option>, or
-+	     <option>SUB_UID_COUNT</option> from /etc/login.defs.
-+	  </para>
-+	</listitem>
-+      </varlistentry>
-+      <varlistentry>
-+	<term>
-+	  <option>-V</option>, <option>--del-sub-uids</option>
-+	  <replaceable>FIRST</replaceable>-<replaceable>LAST</replaceable>
-+	</term>
-+	<listitem>
-+	  <para>
-+	    Remove a range of subordinate uids from the users account.
-+	  </para>
-+	  <para>
-+	    This option may be specified multiple times to remove multiple ranges to a users account.
-+	    When both <option>--del-sub-uids</option> and <option>--add-sub-uids</option> are specified
-+	    remove of all subordinate uid ranges happens before any subordinate uid ranges are added.
-+	  </para>
-+	  <para>
-+	     No checks will be performed with regard to
-+	     <option>SUB_UID_MIN</option>, <option>SUB_UID_MAX</option>, or
-+	     <option>SUB_UID_COUNT</option> from /etc/login.defs.
-+	  </para>
-+	</listitem>
-+      </varlistentry>
-+      <varlistentry>
-+	<term>
-+	  <option>-w</option>, <option>--add-sub-gids</option>
-+	  <replaceable>FIRST</replaceable>-<replaceable>LAST</replaceable>
-+	</term>
-+	<listitem>
-+	  <para>
-+	    Add a range of subordinate gids to the users account.
-+	  </para>
-+	  <para>
-+	    This option may be specified multiple times to add multiple ranges to a users account.
-+	  </para>
-+	  <para>
-+	     No checks will be performed with regard to
-+	     <option>SUB_GID_MIN</option>, <option>SUB_GID_MAX</option>, or
-+	     <option>SUB_GID_COUNT</option> from /etc/login.defs.
-+	  </para>
-+	</listitem>
-+      </varlistentry>
-+      <varlistentry>
-+	<term>
-+	  <option>-W</option>, <option>--del-sub-gids</option>
-+	  <replaceable>FIRST</replaceable>-<replaceable>LAST</replaceable>
-+	</term>
-+	<listitem>
-+	  <para>
-+	    Remove a range of subordinate gids from the users account.
-+	  </para>
-+	  <para>
-+	    This option may be specified multiple times to remove multiple ranges to a users account.
-+	    When both <option>--del-sub-gids</option> and <option>--add-sub-gids</option> are specified
-+	    remove of all subordinate gid ranges happens before any subordinate gid ranges are added.
-+	  </para>
-+	  <para>
-+	     No checks will be performed with regard to
-+	     <option>SUB_GID_MIN</option>, <option>SUB_GID_MAX</option>, or
-+	     <option>SUB_GID_COUNT</option> from /etc/login.defs.
-+	  </para>
-+	</listitem>
-+      </varlistentry>
-+      <varlistentry>
-+	<term>
- 	  <option>-Z</option>, <option>--selinux-user</option>
- 	  <replaceable>SEUSER</replaceable>
- 	</term>
-Index: shadow/src/usermod.c
-===================================================================
---- shadow.orig/src/usermod.c	2013-02-01 15:27:53.240080352 -0600
-+++ shadow/src/usermod.c	2013-02-01 15:27:53.236080353 -0600
-@@ -63,6 +63,7 @@
- #include "sgroupio.h"
- #endif
- #include "shadowio.h"
-+#include "subordinateio.h"
- #ifdef WITH_TCB
- #include "tcbfuncs.h"
- #endif
-@@ -86,6 +87,8 @@
- /* #define E_NOSPACE	11	   insufficient space to move home dir */
- #define E_HOMEDIR	12	/* unable to complete home dir move */
- #define E_SE_UPDATE	13	/* can't update SELinux user mapping */
-+#define E_SUB_UID_UPDATE 16	/* can't update the subordinate uid file */
-+#define E_SUB_GID_UPDATE 18	/* can't update the subordinate gid file */
- #define	VALID(s)	(strcspn (s, ":\n") == strlen (s))
- /*
-  * Global variables
-@@ -133,7 +136,11 @@
-     Zflg = false,		/* new selinux user */
- #endif
-     uflg = false,		/* specify new user ID */
--    Uflg = false;		/* unlock the password */
-+    Uflg = false,		/* unlock the password */
-+    vflg = false,		/*    add subordinate uids */
-+    Vflg = false,		/* delete subordinate uids */
-+    wflg = false,		/*    add subordinate gids */
-+    Wflg = false;		/* delete subordinate gids */
- 
- static bool is_shadow_pwd;
- 
-@@ -141,12 +148,17 @@
- static bool is_shadow_grp;
- #endif
- 
-+static bool is_sub_uid = false;
-+static bool is_sub_gid = false;
-+
- static bool pw_locked  = false;
- static bool spw_locked = false;
- static bool gr_locked  = false;
- #ifdef SHADOWGRP
- static bool sgr_locked = false;
- #endif
-+static bool sub_uid_locked = false;
-+static bool sub_gid_locked = false;
- 
- 
- /* local function prototypes */
-@@ -302,6 +314,69 @@
- 	return 0;
- }
- 
-+struct ulong_range
-+{
-+	unsigned long first;
-+	unsigned long last;
-+};
-+
-+static struct ulong_range getulong_range(const char *str)
-+{
-+	struct ulong_range result = { .first = ULONG_MAX, .last = 0 };
-+	unsigned long long first, last;
-+	char *pos;
-+
-+	errno = 0;
-+	first = strtoll(str, &pos, 10);
-+	if (('\0' == *str) || ('-' != *pos ) || (ERANGE == errno) ||
-+	    (first != (unsigned long int)first))
-+		goto out;
-+
-+	errno = 0;
-+	last = strtoul(pos + 1, &pos, 10);
-+	if (('\0' != *pos ) || (ERANGE == errno) ||
-+	    (last != (unsigned long int)last))
-+		goto out;
-+
-+	if (first > last)
-+		goto out;
-+
-+	result.first = (unsigned long int)first;
-+	result.last = (unsigned long int)last;
-+out:
-+	return result;
-+	
-+}
-+
-+struct ulong_range_list_entry {
-+	struct ulong_range_list_entry *next;
-+	struct ulong_range range;
-+};
-+
-+static struct ulong_range_list_entry *add_sub_uids = NULL, *del_sub_uids = NULL;
-+static struct ulong_range_list_entry *add_sub_gids = NULL, *del_sub_gids = NULL;
-+
-+static int prepend_range(const char *str, struct ulong_range_list_entry **head)
-+{
-+	struct ulong_range range;
-+	struct ulong_range_list_entry *entry;
-+	range = getulong_range(str);
-+	if (range.first > range.last)
-+		return 0;
-+
-+	entry = malloc(sizeof(*entry));
-+	if (!entry) {
-+		fprintf (stderr,
-+			_("%s: failed to allocate memory: %s\n"),
-+			Prog, strerror (errno));
-+		return 0;
-+	}
-+	entry->next = *head;
-+	entry->range = range;
-+	*head = entry;
-+	return 1;
-+}
-+
- /*
-  * usage - display usage message and exit
-  */
-@@ -334,6 +409,10 @@
- 	(void) fputs (_("  -s, --shell SHELL             new login shell for the user account\n"), usageout);
- 	(void) fputs (_("  -u, --uid UID                 new UID for the user account\n"), usageout);
- 	(void) fputs (_("  -U, --unlock                  unlock the user account\n"), usageout);
-+	(void) fputs (_("  -v, --add-subuids FIRST-LAST  add range of subordinate uids\n"), usageout);
-+	(void) fputs (_("  -V, --del-subuids FIRST-LAST  remvoe range of subordinate uids\n"), usageout);
-+	(void) fputs (_("  -w, --add-subgids FIRST-LAST  add range of subordinate gids\n"), usageout);
-+	(void) fputs (_("  -W, --del-subgids FIRST-LAST  remvoe range of subordinate gids\n"), usageout);
- #ifdef WITH_SELINUX
- 	(void) fputs (_("  -Z, --selinux-user SEUSER     new SELinux user mapping for the user account\n"), usageout);
- #endif				/* WITH_SELINUX */
-@@ -590,6 +669,20 @@
- 			/* continue */
- 		}
- 	}
-+	if (sub_uid_locked) {
-+		if (sub_uid_unlock () == 0) {
-+			fprintf (stderr, _("%s: failed to unlock %s\n"), Prog, sub_uid_dbname ());
-+			SYSLOG ((LOG_ERR, "failed to unlock %s", sub_uid_dbname ()));
-+			/* continue */
-+		}
-+	}
-+	if (sub_gid_locked) {
-+		if (sub_gid_unlock () == 0) {
-+			fprintf (stderr, _("%s: failed to unlock %s\n"), Prog, sub_gid_dbname ());
-+			SYSLOG ((LOG_ERR, "failed to unlock %s", sub_gid_dbname ()));
-+			/* continue */
-+		}
-+	}
- 
- #ifdef WITH_AUDIT
- 	audit_logger (AUDIT_USER_CHAUTHTOK, Prog,
-@@ -889,6 +982,10 @@
- 			{"shell",        required_argument, NULL, 's'},
- 			{"uid",          required_argument, NULL, 'u'},
- 			{"unlock",       no_argument,       NULL, 'U'},
-+			{"add-subuids",  required_argument, NULL, 'v'},
-+			{"del-subuids",  required_argument, NULL, 'V'},
-+ 			{"add-subgids",  required_argument, NULL, 'w'},
-+ 			{"del-subgids",  required_argument, NULL, 'W'},
- #ifdef WITH_SELINUX
- 			{"selinux-user", required_argument, NULL, 'Z'},
- #endif				/* WITH_SELINUX */
-@@ -1018,6 +1115,41 @@
- 			case 'U':
- 				Uflg = true;
- 				break;
-+			case 'v':
-+				if (prepend_range (optarg, &add_sub_uids) == 0) {
-+					fprintf (stderr,
-+						_("%s: invalid subordinate uid range '%s'\n"),
-+						Prog, optarg);
-+					exit(E_BAD_ARG);
-+				}
-+				vflg = true;
-+				break;
-+			case 'V':
-+				if (prepend_range (optarg, &del_sub_uids) == 0) {
-+					fprintf (stderr,
-+						_("%s: invalid subordinate uid range '%s'\n"),
-+						Prog, optarg);
-+					exit(E_BAD_ARG);
-+				}
-+				Vflg = true;
-+				break;
-+			case 'w':
-+				if (prepend_range (optarg, &add_sub_gids) == 0) {
-+					fprintf (stderr,
-+						_("%s: invalid subordinate gid range '%s'\n"),
-+						Prog, optarg);
-+					exit(E_BAD_ARG);
-+				}
-+				wflg = true;
-+			case 'W':
-+				if (prepend_range (optarg, &del_sub_gids) == 0) {
-+					fprintf (stderr,
-+						_("%s: invalid subordinate gid range '%s'\n"),
-+						Prog, optarg);
-+					exit(E_BAD_ARG);
-+				}
-+				Wflg = true;
-+				break;
- #ifdef WITH_SELINUX
- 			case 'Z':
- 				if (is_selinux_enabled () > 0) {
-@@ -1170,6 +1302,7 @@
- 
- 	if (!(Uflg || uflg || sflg || pflg || mflg || Lflg ||
- 	      lflg || Gflg || gflg || fflg || eflg || dflg || cflg
-+	      || vflg || Vflg || wflg || Wflg
- #ifdef WITH_SELINUX
- 	      || Zflg
- #endif				/* WITH_SELINUX */
-@@ -1200,6 +1333,7 @@
- 		         Prog, (unsigned long) user_newid);
- 		exit (E_UID_IN_USE);
- 	}
-+
- }
- 
- /*
-@@ -1248,6 +1382,10 @@
- 				         sgr_dbname ()));
- 				fail_exit (E_GRP_UPDATE);
- 			}
-+		}
-+#endif
-+#ifdef SHADOWGRP
-+		if (is_shadow_grp) {
- 			if (sgr_unlock () == 0) {
- 				fprintf (stderr,
- 				         _("%s: failed to unlock %s\n"),
-@@ -1296,6 +1434,33 @@
- 	sgr_locked = false;
- #endif
- 
-+	if (vflg || Vflg) {
-+		if (!is_sub_uid || (sub_uid_close () == 0)) {
-+			fprintf (stderr, _("%s: failure while writing changes to %s\n"), Prog, sub_uid_dbname ());
-+			SYSLOG ((LOG_ERR, "failure while writing changes to %s", sub_uid_dbname ()));
-+			fail_exit (E_SUB_UID_UPDATE);
-+		}
-+		if (!is_sub_uid || (sub_uid_unlock () == 0)) {
-+			fprintf (stderr, _("%s: failed to unlock %s\n"), Prog, sub_uid_dbname ());
-+			SYSLOG ((LOG_ERR, "failed to unlock %s", sub_uid_dbname ()));
-+			/* continue */
-+		}
-+		sub_uid_locked = false;
-+	}
-+	if (wflg || Wflg) {
-+		if (!is_sub_gid || (sub_gid_close () == 0)) {
-+			fprintf (stderr, _("%s: failure while writing changes to %s\n"), Prog, sub_gid_dbname ());
-+			SYSLOG ((LOG_ERR, "failure while writing changes to %s", sub_gid_dbname ()));
-+			fail_exit (E_SUB_GID_UPDATE);
-+		}
-+		if (!is_sub_gid || (sub_gid_unlock () == 0)) {
-+			fprintf (stderr, _("%s: failed to unlock %s\n"), Prog, sub_gid_dbname ());
-+			SYSLOG ((LOG_ERR, "failed to unlock %s", sub_gid_dbname ()));
-+			/* continue */
-+		}
-+		sub_gid_locked = false;
-+	}
-+
- 	/*
- 	 * Close the DBM and/or flat files
- 	 */
-@@ -1375,6 +1540,36 @@
- 		}
- #endif
- 	}
-+	if (vflg || Vflg) {
-+		if (!is_sub_uid || (sub_uid_lock () == 0)) {
-+			fprintf (stderr,
-+			         _("%s: cannot lock %s; try again later.\n"),
-+			         Prog, sub_uid_dbname ());
-+			fail_exit (E_SUB_UID_UPDATE);
-+		}
-+		sub_uid_locked = true;
-+		if (!is_sub_uid || (sub_uid_open (O_RDWR) == 0)) {
-+			fprintf (stderr,
-+			         _("%s: cannot open %s\n"),
-+			         Prog, sub_uid_dbname ());
-+			fail_exit (E_SUB_UID_UPDATE);
-+		}
-+	}
-+	if (wflg || Wflg) {
-+		if (!is_sub_gid || (sub_gid_lock () == 0)) {
-+			fprintf (stderr,
-+			         _("%s: cannot lock %s; try again later.\n"),
-+			         Prog, sub_gid_dbname ());
-+			fail_exit (E_SUB_GID_UPDATE);
-+		}
-+		sub_gid_locked = true;
-+		if (!is_sub_gid || (sub_gid_open (O_RDWR) == 0)) {
-+			fprintf (stderr,
-+			         _("%s: cannot open %s\n"),
-+			         Prog, sub_gid_dbname ());
-+			fail_exit (E_SUB_GID_UPDATE);
-+		}
-+	}
- }
- 
- /*
-@@ -1476,6 +1671,58 @@
- 			fail_exit (E_PW_UPDATE);
- 		}
- 	}
-+	if (Vflg) {
-+		struct ulong_range_list_entry *ptr;
-+		for (ptr = del_sub_uids; ptr != NULL; ptr = ptr->next) {
-+			unsigned long count = ptr->range.last - ptr->range.first + 1;
-+			if (sub_uid_remove(user_name, ptr->range.first, count) == 0) {
-+				fprintf (stderr,
-+					_("%s: failed to remove uid range %lu-%lu from '%s'\n"),
-+					Prog, ptr->range.first, ptr->range.last, 
-+					sub_uid_dbname ());
-+				fail_exit (E_SUB_UID_UPDATE);
-+			}
-+		}
-+	}
-+	if (vflg) {
-+		struct ulong_range_list_entry *ptr;
-+		for (ptr = add_sub_uids; ptr != NULL; ptr = ptr->next) {
-+			unsigned long count = ptr->range.last - ptr->range.first + 1;
-+			if (sub_uid_add(user_name, ptr->range.first, count) == 0) {
-+				fprintf (stderr,
-+					_("%s: failed to add uid range %lu-%lu from '%s'\n"),
-+					Prog, ptr->range.first, ptr->range.last, 
-+					sub_uid_dbname ());
-+				fail_exit (E_SUB_UID_UPDATE);
-+			}
-+		}
-+	}
-+	if (Wflg) {
-+		struct ulong_range_list_entry *ptr;
-+		for (ptr = del_sub_gids; ptr != NULL; ptr = ptr->next) {
-+			unsigned long count = ptr->range.last - ptr->range.first + 1;
-+			if (sub_gid_remove(user_name, ptr->range.first, count) == 0) {
-+				fprintf (stderr,
-+					_("%s: failed to remove gid range %lu-%lu from '%s'\n"),
-+					Prog, ptr->range.first, ptr->range.last, 
-+					sub_gid_dbname ());
-+				fail_exit (E_SUB_GID_UPDATE);
-+			}
-+		}
-+	}
-+	if (wflg) {
-+		struct ulong_range_list_entry *ptr;
-+		for (ptr = add_sub_gids; ptr != NULL; ptr = ptr->next) {
-+			unsigned long count = ptr->range.last - ptr->range.first + 1;
-+			if (sub_gid_add(user_name, ptr->range.first, count) == 0) {
-+				fprintf (stderr,
-+					_("%s: failed to add gid range %lu-%lu from '%s'\n"),
-+					Prog, ptr->range.first, ptr->range.last, 
-+					sub_gid_dbname ());
-+				fail_exit (E_SUB_GID_UPDATE);
-+			}
-+		}
-+	}
- }
- 
- /*
-@@ -1811,6 +2058,8 @@
- #ifdef SHADOWGRP
- 	is_shadow_grp = sgr_file_present ();
- #endif
-+	is_sub_uid = sub_uid_file_present ();
-+	is_sub_gid = sub_gid_file_present ();
- 
- 	process_flags (argc, argv);
- 
-@@ -1818,7 +2067,7 @@
- 	 * The home directory, the username and the user's UID should not
- 	 * be changed while the user is logged in.
- 	 */
--	if (   (uflg || lflg || dflg)
-+	if (   (uflg || lflg || dflg || Vflg || Wflg)
- 	    && (user_busy (user_name, user_id) != 0)) {
- 		exit (E_USER_BUSY);
- 	}
-@@ -1871,7 +2120,7 @@
- 	 */
- 	open_files ();
- 	if (   cflg || dflg || eflg || fflg || gflg || Lflg || lflg || pflg
--	    || sflg || uflg || Uflg) {
-+	    || sflg || uflg || Uflg || vflg || Vflg || wflg || Wflg) {
- 		usr_update ();
- 	}
- 	if (Gflg || lflg) {

debian/patches/userns/10_userns_newusers

@@ -1,256 +0,0 @@
-From ebiederm@xmission.com  Tue Jan 22 09:21:21 2013
-Return-Path: <ebiederm@xmission.com>
-X-Original-To: serge@hallyn.com
-Delivered-To: serge@hallyn.com
-Received: by mail.hallyn.com (Postfix, from userid 5001)
-	id ADE59C80F5; Tue, 22 Jan 2013 09:21:21 +0000 (UTC)
-X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on mail
-X-Spam-Level: 
-X-Spam-Status: No, score=-2.2 required=8.0 tests=BAD_ENC_HEADER,BAYES_00,
-	RCVD_IN_DNSWL_MED autolearn=ham version=3.3.1
-Received: from out02.mta.xmission.com (out02.mta.xmission.com [166.70.13.232])
-	(using TLSv1 with cipher AES256-SHA (256/256 bits))
-	(No client certificate requested)
-	by mail.hallyn.com (Postfix) with ESMTPS id D56AEC80DB
-	for <serge@hallyn.com>; Tue, 22 Jan 2013 09:21:17 +0000 (UTC)
-Received: from out03.mta.xmission.com ([166.70.13.233])
-	by out02.mta.xmission.com with esmtps (TLS1.0:RSA_AES_256_CBC_SHA1:32)
-	(Exim 4.76)
-	(envelope-from <ebiederm@xmission.com>)
-	id 1Txa11-0000bo-MQ; Tue, 22 Jan 2013 02:19:35 -0700
-Received: from in02.mta.xmission.com ([166.70.13.52])
-	by out03.mta.xmission.com with esmtps (TLS1.0:RSA_AES_256_CBC_SHA1:32)
-	(Exim 4.76)
-	(envelope-from <ebiederm@xmission.com>)
-	id 1Txa11-0005wx-1p; Tue, 22 Jan 2013 02:19:35 -0700
-Received: from c-98-207-153-68.hsd1.ca.comcast.net ([98.207.153.68] helo=eric-ThinkPad-X220.xmission.com)
-	by in02.mta.xmission.com with esmtpsa (TLS1.0:DHE_RSA_AES_128_CBC_SHA1:16)
-	(Exim 4.76)
-	(envelope-from <ebiederm@xmission.com>)
-	id 1Txa0y-000519-2O; Tue, 22 Jan 2013 02:19:34 -0700
-From: ebiederm@xmission.com (Eric W. Biederman)
-To: Nicolas =?utf-8?Q?Fran=C3=A7ois?= <nicolas.francois@centraliens.net>
-Cc: <Pkg-shadow-devel@lists.alioth.debian.org>,  Linux Containers <containers@lists.linux-foundation.org>,  "Michael Kerrisk \(man-pages\)" <mtk.manpages@gmail.com>,  "Serge E. Hallyn" <serge@hallyn.com>
-References: <87d2wxshu0.fsf@xmission.com>
-Date: Tue, 22 Jan 2013 01:19:28 -0800
-In-Reply-To: <87d2wxshu0.fsf@xmission.com> (Eric W. Biederman's message of
-	"Tue, 22 Jan 2013 01:11:19 -0800")
-Message-ID: <87k3r5pobj.fsf@xmission.com>
-User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/24.1 (gnu/linux)
-MIME-Version: 1.0
-Content-Type: text/plain
-X-XM-AID: U2FsdGVkX1+qhualZ5pxk+DVqanIJA7JrJwlPXicL8c=
-X-SA-Exim-Connect-IP: 98.207.153.68
-X-SA-Exim-Mail-From: ebiederm@xmission.com
-Subject: [PATCH 10/11] newusers: Add support for assiging subordinate uids and gids.
-X-SA-Exim-Version: 4.2.1 (built Wed, 14 Nov 2012 14:26:46 -0700)
-X-SA-Exim-Scanned: Yes (on in02.mta.xmission.com)
-X-UID: 2080                                        
-Status: O
-Content-Length: 5597
-Lines: 206
-
-
-Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com>
----
- src/newusers.c |  124 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++
- 1 files changed, 124 insertions(+), 0 deletions(-)
-
-Index: shadow/src/newusers.c
-===================================================================
---- shadow.orig/src/newusers.c	2013-02-01 15:27:53.548080347 -0600
-+++ shadow/src/newusers.c	2013-02-01 15:27:53.540080347 -0600
-@@ -65,6 +65,7 @@
- #include "pwio.h"
- #include "sgroupio.h"
- #include "shadowio.h"
-+#include "subordinateio.h"
- #include "chkname.h"
- 
- /*
-@@ -82,6 +83,8 @@
- #endif				/* USE_SHA_CRYPT */
- #endif				/* !USE_PAM */
- 
-+static bool is_sub_uid = false;
-+static bool is_sub_gid = false;
- static bool is_shadow;
- #ifdef SHADOWGRP
- static bool is_shadow_grp;
-@@ -90,6 +93,8 @@
- static bool pw_locked = false;
- static bool gr_locked = false;
- static bool spw_locked = false;
-+static bool sub_uid_locked = false;
-+static bool sub_gid_locked = false;
- 
- /* local function prototypes */
- static void usage (int status);
-@@ -178,6 +183,20 @@
- 		}
- 	}
- #endif
-+	if (sub_uid_locked) {
-+		if (sub_uid_unlock () == 0) {
-+			fprintf (stderr, _("%s: failed to unlock %s\n"), Prog, sub_uid_dbname ());
-+			SYSLOG ((LOG_ERR, "failed to unlock %s", sub_uid_dbname ()));
-+			/* continue */
-+		}
-+	}
-+	if (sub_gid_locked) {
-+		if (sub_gid_unlock () == 0) {
-+			fprintf (stderr, _("%s: failed to unlock %s\n"), Prog, sub_gid_dbname ());
-+			SYSLOG ((LOG_ERR, "failed to unlock %s", sub_gid_dbname ()));
-+			/* continue */
-+		}
-+	}
- 
- 	exit (code);
- }
-@@ -732,6 +751,24 @@
- 		sgr_locked = true;
- 	}
- #endif
-+	if (is_sub_uid) {
-+		if (sub_uid_lock () == 0) {
-+			fprintf (stderr,
-+			         _("%s: cannot lock %s; try again later.\n"),
-+			         Prog, sub_uid_dbname ());
-+			fail_exit (EXIT_FAILURE);
-+		}
-+		sub_uid_locked = true;
-+	}
-+	if (is_sub_gid) {
-+		if (sub_gid_lock () == 0) {
-+			fprintf (stderr,
-+			         _("%s: cannot lock %s; try again later.\n"),
-+			         Prog, sub_gid_dbname ());
-+			fail_exit (EXIT_FAILURE);
-+		}
-+		sub_gid_locked = true;
-+	}
- 
- 	if (pw_open (O_RDWR) == 0) {
- 		fprintf (stderr, _("%s: cannot open %s\n"), Prog, pw_dbname ());
-@@ -751,6 +788,22 @@
- 		fail_exit (EXIT_FAILURE);
- 	}
- #endif
-+	if (is_sub_uid) {
-+		if (sub_uid_open (O_RDWR) == 0) {
-+			fprintf (stderr,
-+			         _("%s: cannot open %s\n"),
-+			         Prog, sub_uid_dbname ());
-+			fail_exit (EXIT_FAILURE);
-+		}
-+	}
-+	if (is_sub_gid) {
-+		if (sub_gid_open (O_RDWR) == 0) {
-+			fprintf (stderr,
-+			         _("%s: cannot open %s\n"),
-+			         Prog, sub_gid_dbname ());
-+			fail_exit (EXIT_FAILURE);
-+		}
-+	}
- }
- 
- /*
-@@ -795,6 +848,19 @@
- 		SYSLOG ((LOG_ERR, "failure while writing changes to %s", gr_dbname ()));
- 		fail_exit (EXIT_FAILURE);
- 	}
-+	if (is_sub_uid  && (sub_uid_close () == 0)) {
-+		fprintf (stderr,
-+		         _("%s: failure while writing changes to %s\n"), Prog, sub_uid_dbname ());
-+		SYSLOG ((LOG_ERR, "failure while writing changes to %s", sub_uid_dbname ()));
-+		fail_exit (EXIT_FAILURE);
-+	}
-+	if (is_sub_gid  && (sub_gid_close () == 0)) {
-+		fprintf (stderr,
-+		         _("%s: failure while writing changes to %s\n"), Prog, sub_gid_dbname ());
-+		SYSLOG ((LOG_ERR, "failure while writing changes to %s", sub_gid_dbname ()));
-+		fail_exit (EXIT_FAILURE);
-+	}
-+
- 	if (gr_unlock () == 0) {
- 		fprintf (stderr,
- 		         _("%s: failed to unlock %s\n"),
-@@ -823,6 +889,22 @@
- 		sgr_locked = false;
- 	}
- #endif
-+	if (is_sub_uid) {
-+		if (sub_uid_unlock () == 0) {
-+			fprintf (stderr, _("%s: failed to unlock %s\n"), Prog, sub_uid_dbname ());
-+			SYSLOG ((LOG_ERR, "failed to unlock %s", sub_uid_dbname ()));
-+			/* continue */
-+		}
-+		sub_uid_locked = false;
-+	}
-+	if (is_sub_gid) {
-+		if (sub_gid_unlock () == 0) {
-+			fprintf (stderr, _("%s: failed to unlock %s\n"), Prog, sub_gid_dbname ());
-+			SYSLOG ((LOG_ERR, "failed to unlock %s", sub_gid_dbname ()));
-+			/* continue */
-+		}
-+		sub_gid_locked = false;
-+	}
- }
- 
- int main (int argc, char **argv)
-@@ -864,6 +946,8 @@
- #ifdef SHADOWGRP
- 	is_shadow_grp = sgr_file_present ();
- #endif
-+	is_sub_uid = sub_uid_file_present ();
-+	is_sub_gid = sub_gid_file_present ();
- 
- 	open_files ();
- 
-@@ -1044,6 +1128,46 @@
- 			errors++;
- 			continue;
- 		}
-+
-+		/*
-+		 * Add subordinate uids if the user does not have them.
-+		 */
-+		if (is_sub_uid && !sub_uid_assigned(fields[0])) {
-+			uid_t sub_uid_start = 0;
-+			unsigned long sub_uid_count = 0;
-+			if (find_new_sub_uids(fields[0], &sub_uid_start, &sub_uid_count) == 0) {
-+				if (sub_uid_add(fields[0], sub_uid_start, sub_uid_count) == 0) {
-+					fprintf (stderr,
-+						_("%s: failed to prepare new %s entry\n"),
-+						Prog, sub_uid_dbname ());
-+				}
-+			} else {
-+				fprintf (stderr,
-+					_("%s: can't find subordinate user range\n"),
-+					Prog);
-+				errors++;
-+			}
-+		}
-+	
-+		/*
-+		 * Add subordinate gids if the user does not have them.
-+		 */
-+		if (is_sub_gid && !sub_gid_assigned(fields[0])) {
-+			gid_t sub_gid_start = 0;
-+			unsigned long sub_gid_count = 0;
-+			if (find_new_sub_gids(fields[0], &sub_gid_start, &sub_gid_count) == 0) {
-+				if (sub_gid_add(fields[0], sub_gid_start, sub_gid_count) == 0) {
-+					fprintf (stderr,
-+						_("%s: failed to prepare new %s entry\n"),
-+						Prog, sub_uid_dbname ());
-+				}
-+			} else {
-+				fprintf (stderr,
-+					_("%s: can't find subordinate group range\n"),
-+					Prog);
-+				errors++;
-+			}
-+		}
- 	}
- 
- 	/*

debian/patches/userns/12_userns_selinuxlibs

@@ -1,13 +0,0 @@
-Index: shadow-4.1.5.1/src/Makefile.am
-===================================================================
---- shadow-4.1.5.1.orig/src/Makefile.am	2013-02-04 11:56:40.485335430 -0600
-+++ shadow-4.1.5.1/src/Makefile.am	2013-02-04 11:57:49.525334261 -0600
-@@ -80,6 +80,8 @@
- endif
- 
- chage_LDADD    = $(LDADD) $(LIBPAM_SUID) $(LIBAUDIT) $(LIBSELINUX)
-+newuidmap_LDADD    = $(LDADD) $(LIBSELINUX)
-+newgidmap_LDADD    = $(LDADD) $(LIBSELINUX)
- chfn_LDADD     = $(LDADD) $(LIBPAM) $(LIBSELINUX) $(LIBCRYPT_NOPAM) $(LIBSKEY) $(LIBMD)
- chgpasswd_LDADD = $(LDADD) $(LIBPAM_SUID) $(LIBSELINUX) $(LIBCRYPT)
- chsh_LDADD     = $(LDADD) $(LIBPAM) $(LIBSELINUX) $(LIBCRYPT_NOPAM) $(LIBSKEY) $(LIBMD)

debian/patches/userns/13_subordinate_parse_static_buf

@@ -1,23 +0,0 @@
-Description: subordinateio: Fix subordinate_parse to have an internal static buffer
- subordinate_parse is supposed to return a static structure that
- represents one line in /etc/subuid or /etc/subgid.  I goofed and
- failed to make the variable rangebuf that holds the username of
- in the returned structure static.
- .
- Add this missing static specification.
-Author: <Eric W. Biederman" <ebiederm@xmission.com>
-Origin: upstream
-Forwarded: no
-Index: shadow-4.1.5.1/lib/subordinateio.c
-===================================================================
---- shadow-4.1.5.1.orig/lib/subordinateio.c	2013-02-04 11:56:40.265335433 -0600
-+++ shadow-4.1.5.1/lib/subordinateio.c	2013-02-04 12:32:46.653298752 -0600
-@@ -48,7 +48,7 @@
- static void *subordinate_parse (const char *line)
- {
- 	static struct subordinate_range range;
--	char rangebuf[1024];
-+	static char rangebuf[1024];
- 	int i;
- 	char *cp;
- 	char *fields[NFIELDS];

debian/patches/userns/14_fix_getopt

@@ -1,24 +0,0 @@
-Index: shadow-userns/src/usermod.c
-===================================================================
---- shadow-userns.orig/src/usermod.c	2013-02-05 16:35:10.608485591 +0000
-+++ shadow-userns/src/usermod.c	2013-02-05 17:16:20.540485591 +0000
-@@ -993,9 +993,9 @@
- 		};
- 		while ((c = getopt_long (argc, argv,
- #ifdef WITH_SELINUX
--			                 "ac:d:e:f:g:G:hl:Lmop:R:s:u:UZ:",
-+			                 "ac:d:e:f:g:G:hl:Lmop:R:s:u:UZ:v:w:V:W:",
- #else				/* !WITH_SELINUX */
--			                 "ac:d:e:f:g:G:hl:Lmop:R:s:u:U",
-+			                 "ac:d:e:f:g:G:hl:Lmop:R:s:u:Uv:w:V:W:",
- #endif				/* !WITH_SELINUX */
- 			                 long_options, NULL)) != -1) {
- 			switch (c) {
-@@ -1141,6 +1141,7 @@
- 					exit(E_BAD_ARG);
- 				}
- 				wflg = true;
-+                break;
- 			case 'W':
- 				if (prepend_range (optarg, &del_sub_gids) == 0) {
- 					fprintf (stderr,

debian/patches/userns/16_add-argument-sanity-checking.patch

@@ -1,80 +0,0 @@
-From df3c8c1f7f47ceff607595067458f1d8e53eaab8 Mon Sep 17 00:00:00 2001
-From: Serge Hallyn <serge.hallyn@ubuntu.com>
-Date: Fri, 21 Jun 2013 11:47:36 -0500
-Subject: [PATCH 1/1] userns: add argument sanity checking
-
-In find_new_sub_{u,g}ids, check for min, count and max values.
-
-In idmapping.c:get_map_ranges(), make sure that the value passed
-in for ranges did not overflow.  Couldn't happen with the current
-code, but this is a sanity check for any future potential mis-uses.
-
-Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>
----
- libmisc/find_new_sub_gids.c |  8 ++++++++
- libmisc/find_new_sub_uids.c |  8 ++++++++
- libmisc/idmapping.c         | 10 ++++++++++
- 3 files changed, 26 insertions(+)
-
-diff --git a/libmisc/find_new_sub_gids.c b/libmisc/find_new_sub_gids.c
-index 68046ac..fd44978 100644
---- a/libmisc/find_new_sub_gids.c
-+++ b/libmisc/find_new_sub_gids.c
-@@ -58,6 +58,14 @@ int find_new_sub_gids (const char *owner,
- 	max = getdef_ulong ("SUB_GID_MAX", 600100000UL);
- 	count = getdef_ulong ("SUB_GID_COUNT", 10000);
- 
-+	if (min >= max || count >= max || (min + count) >= max) {
-+		(void) fprintf (stderr,
-+				_("%s: Invalid configuration: SUB_GID_MIN (%lu),"
-+				  " SUB_GID_MAX (%lu), SUB_GID_COUNT (%lu)\n"),
-+			Prog, min, max, count);
-+		return -1;
-+	}
-+
- 	/* Is there a preferred range that works? */
- 	if ((*range_count != 0) &&
- 	    (*range_start >= min) &&
-diff --git a/libmisc/find_new_sub_uids.c b/libmisc/find_new_sub_uids.c
-index f1720f9..b608c59 100644
---- a/libmisc/find_new_sub_uids.c
-+++ b/libmisc/find_new_sub_uids.c
-@@ -58,6 +58,14 @@ int find_new_sub_uids (const char *owner,
- 	max = getdef_ulong ("SUB_UID_MAX", 600100000UL);
- 	count = getdef_ulong ("SUB_UID_COUNT", 10000);
- 
-+	if (min >= max || count >= max || (min + count) >= max) {
-+		(void) fprintf (stderr,
-+				_("%s: Invalid configuration: SUB_UID_MIN (%lu),"
-+				  " SUB_UID_MAX (%lu), SUB_UID_COUNT (%lu)\n"),
-+			Prog, min, max, count);
-+		return -1;
-+	}
-+
- 	/* Is there a preferred range that works? */
- 	if ((*range_count != 0) &&
- 	    (*range_start >= min) &&
-diff --git a/libmisc/idmapping.c b/libmisc/idmapping.c
-index cb9e898..4147796 100644
---- a/libmisc/idmapping.c
-+++ b/libmisc/idmapping.c
-@@ -41,6 +41,16 @@ struct map_range *get_map_ranges(int ranges, int argc, char **argv)
- 	struct map_range *mappings, *mapping;
- 	int idx, argidx;
- 
-+	if (ranges < 0 || argc < 0) {
-+		fprintf(stderr, "%s: error calculating number of arguments\n", Prog);
-+		return NULL;
-+	}
-+
-+	if (ranges != ((argc - 2) + 2) / 3) {
-+		fprintf(stderr, "%s: ranges: %u is wrong for argc: %d\n", Prog, ranges, argc);
-+		return NULL;
-+	}
-+
- 	if ((ranges * 3) > argc) {
- 		fprintf(stderr, "ranges: %u argc: %d\n",
- 			ranges, argc);
--- 
-1.8.1.2
-

debian/patches/userns/manpagetypo

@@ -1,26 +0,0 @@
-Index: shadow/man/subgid.5.xml
-===================================================================
---- shadow.orig/man/subgid.5.xml	2013-03-06 15:19:23.848386200 -0600
-+++ shadow/man/subgid.5.xml	2013-03-06 15:19:51.240386816 -0600
-@@ -104,7 +104,7 @@
- 	<refentrytitle>subuid</refentrytitle><manvolnum>5</manvolnum>
-       </citerefentry>,
-       <citerefentry>
--	<refentrytitle>logindefs</refentrytitle><manvolnum>5</manvolnum>
-+	<refentrytitle>login.defs</refentrytitle><manvolnum>5</manvolnum>
-       </citerefentry>,
-       <citerefentry>
- 	<refentrytitle>newuidmap</refentrytitle><manvolnum>1</manvolnum>
-Index: shadow/man/subuid.5.xml
-===================================================================
---- shadow.orig/man/subuid.5.xml	2013-03-06 15:19:09.660385881 -0600
-+++ shadow/man/subuid.5.xml	2013-03-06 15:19:44.956386675 -0600
-@@ -104,7 +104,7 @@
- 	<refentrytitle>subgid</refentrytitle><manvolnum>5</manvolnum>
-       </citerefentry>,
-       <citerefentry>
--	<refentrytitle>logindefs</refentrytitle><manvolnum>5</manvolnum>
-+	<refentrytitle>login.defs</refentrytitle><manvolnum>5</manvolnum>
-       </citerefentry>,
-       <citerefentry>
- 	<refentrytitle>newuidmap</refentrytitle><manvolnum>1</manvolnum>

debian/rules

@@ -1,79 +0,0 @@
-#!/usr/bin/make -f
-# -*- mode: makefile; coding: utf-8 -*-
-
-DEB_HOST_ARCH_OS := $(shell dpkg-architecture -qDEB_HOST_ARCH_OS)
-
-# Enable PIE, BINDNOW, and possible future flags.
-export DEB_BUILD_MAINT_OPTIONS = hardening=+all
-
-# Call autoreconf since we need to regenerate all the autofoo files
-include /usr/share/cdbs/1/rules/autoreconf.mk
-include /usr/share/cdbs/1/rules/debhelper.mk
-# Specify where dh_install will find the files that it needs to move:
-DEB_DH_INSTALL_SOURCEDIR=debian/tmp
-# Specify the destination of shadow's "make install"
-# (This is only needed on The Hurd, where only one package is built. On
-# the other arch, DEB_DESTDIR already points to debian/tmp)
-DEB_DESTDIR=$(CURDIR)/debian/tmp
-
-include /usr/share/cdbs/1/class/autotools.mk
-
-# Adds extra options when calling the configure script:
-DEB_CONFIGURE_EXTRA_FLAGS := --disable-shared --without-libcrack --mandir=/usr/share/man --with-libpam --enable-shadowgrp --enable-man --disable-account-tools-setuid --with-group-name-max-length=32 --without-acl --without-attr --without-tcb
-ifneq ($(DEB_BUILD_GNU_TYPE),$(DEB_HOST_GNU_TYPE))
-  DEB_CONFIGURE_EXTRA_FLAGS += --host=$(DEB_HOST_GNU_TYPE)
-endif
-
-# Set the default editor for vipw/vigr
-CFLAGS += -DDEFAULT_EDITOR=\\\"sensible-editor\\\"
-
-# Add extras to the install process:
-binary-install/login::
-ifeq ($(DEB_HOST_ARCH_OS),hurd)
-	# /bin/login is provided by the hurd package.
-	rm -f debian/login/bin/login
-endif
-	dh_installpam -p login
-	dh_installpam -p login --name=su
-	install -c -m 444 debian/login.defs debian/login/etc/login.defs
-	install -c -m 444 debian/securetty.$(DEB_HOST_ARCH_OS) debian/login/etc/securetty
-	dh_lintian -p login
-
-binary-install/passwd::
-	install -c -m 444 man/shadowconfig.8 debian/passwd/usr/share/man/man8
-	install -c -m 444 man/ja/shadowconfig.8 debian/passwd/usr/share/man/ja/man8
-	install -c -m 444 man/pl/shadowconfig.8 debian/passwd/usr/share/man/pl/man8
-	install -c -m 444 man/fr/shadowconfig.8 debian/passwd/usr/share/man/fr/man8
-	# Distribute the pam.d files; unless for the commands with disabled PAM
-	# support
-	dh_installpam -p passwd --name=passwd
-	dh_installpam -p passwd --name=chfn
-	dh_installpam -p passwd --name=chsh
-	dh_installpam -p passwd --name=chpasswd
-	dh_installpam -p passwd --name=newusers
-	install -c -m 644 debian/useradd.default debian/passwd/etc/default/useradd
-	install -d debian/passwd/sbin
-	install -c -m 555 debian/shadowconfig.sh debian/passwd/sbin/shadowconfig
-	install -c -m 444 debian/cpgr.8 debian/passwd/usr/share/man/man8
-	install -c -m 444 debian/cppw.8 debian/passwd/usr/share/man/man8
-	dh_lintian -p passwd
-
-binary-predeb/uidmap::
-	chmod u+s debian/uidmap/usr/bin/newuidmap
-	chmod u+s debian/uidmap/usr/bin/newgidmap
-
-binary-predeb/login::
-	# No real need for login to be setuid root
-	# chmod u+s debian/login/bin/login
-	chmod u+s debian/login/bin/su
-	chmod u+s debian/login/usr/bin/newgrp
-
-binary-predeb/passwd::
-	chmod u+s debian/passwd/usr/bin/chfn
-	chmod u+s debian/passwd/usr/bin/chsh
-	chmod u+s debian/passwd/usr/bin/gpasswd
-	chmod u+s debian/passwd/usr/bin/passwd
-	chgrp shadow debian/passwd/usr/bin/chage
-	chgrp shadow debian/passwd/usr/bin/expiry
-	chmod g+s debian/passwd/usr/bin/chage
-	chmod g+s debian/passwd/usr/bin/expiry

debian/securetty.hurd

@@ -1,71 +0,0 @@
-# /etc/securetty: list of terminals on which root is allowed to login.
-# See securetty(5) and login(1).
-console
-
-# for people with serial port consoles
-com0
-
-# Standard consoles
-tty1
-tty2
-tty3
-tty4
-tty5
-tty6
-tty7
-tty8
-tty9
-tty10
-tty11
-tty12
-tty13
-tty14
-tty15
-tty16
-tty17
-tty18
-tty19
-tty20
-tty21
-tty22
-tty23
-tty24
-tty25
-tty26
-tty27
-tty28
-tty29
-tty30
-tty31
-tty32
-tty33
-tty34
-tty35
-tty36
-tty37
-tty38
-tty39
-tty40
-tty41
-tty42
-tty43
-tty44
-tty45
-tty46
-tty47
-tty48
-tty49
-tty50
-tty51
-tty52
-tty53
-tty54
-tty55
-tty56
-tty57
-tty58
-tty59
-tty60
-tty61
-tty62
-tty63

debian/securetty.kfreebsd

@@ -1,24 +0,0 @@
-# /etc/securetty: list of terminals on which root is allowed to login.
-# See securetty(5) and login(1).
-console
-
-# for people with serial port consoles
-ttyd0
-ttyd1
-
-# Standard consoles
-ttyv0
-ttyv1
-ttyv2
-ttyv3
-ttyv4
-ttyv5
-ttyv6
-ttyv7
-ttyva
-ttyvb
-ttyvc
-ttyvd
-ttyve
-ttyvf
-

debian/securetty.knetbsd

@@ -1,12 +0,0 @@
-# /etc/securetty: list of terminals on which root is allowed to login.
-# See securetty(5) and login(1).
-console
-
-# for people with serial port consoles
-tty00
-
-# Standard consoles
-ttyE0
-ttyE1
-ttyE2
-ttyE3

debian/securetty.linux

@@ -1,400 +0,0 @@
-# /etc/securetty: list of terminals on which root is allowed to login.
-# See securetty(5) and login(1).
-
-console
-
-# Local X displays (allows empty passwords with pam_unix's nullok_secure)
-:0
-:0.0
-:0.1
-:1
-:1.0
-:1.1
-:2
-:2.0
-:2.1
-:3
-:3.0
-:3.1
-#...
-
-
-# ==========================================================
-#
-# TTYs sorted by major number according to Documentation/devices.txt
-#
-# ==========================================================
-
-# Virtual consoles
-tty1
-tty2
-tty3
-tty4
-tty5
-tty6
-tty7
-tty8
-tty9
-tty10
-tty11
-tty12
-tty13
-tty14
-tty15
-tty16
-tty17
-tty18
-tty19
-tty20
-tty21
-tty22
-tty23
-tty24
-tty25
-tty26
-tty27
-tty28
-tty29
-tty30
-tty31
-tty32
-tty33
-tty34
-tty35
-tty36
-tty37
-tty38
-tty39
-tty40
-tty41
-tty42
-tty43
-tty44
-tty45
-tty46
-tty47
-tty48
-tty49
-tty50
-tty51
-tty52
-tty53
-tty54
-tty55
-tty56
-tty57
-tty58
-tty59
-tty60
-tty61
-tty62
-tty63
-
-# UART serial ports
-ttyS0
-ttyS1
-ttyS2
-ttyS3
-ttyS4
-ttyS5
-#...ttyS191
-
-# Serial Mux devices	(Linux/PA-RISC only)
-ttyB0
-ttyB1
-#...
-
-# Chase serial card
-ttyH0
-ttyH1
-#...
-
-# Cyclades serial cards
-ttyC0
-ttyC1
-#...ttyC31
-
-# Digiboard serial cards
-ttyD0
-ttyD1
-#...
-
-# Stallion serial cards
-ttyE0
-ttyE1
-#...ttyE255
-
-# Specialix serial cards
-ttyX0
-ttyX1
-#...
-
-# Comtrol Rocketport serial cards
-ttyR0
-ttyR1
-#...
-
-# SDL RISCom serial cards
-ttyL0
-ttyL1
-#...
-
-# Hayes ESP serial card
-ttyP0
-ttyP1
-#...
-
-# Computone IntelliPort II serial card
-ttyF0
-ttyF1
-#...ttyF255
-
-# Specialix IO8+ serial card
-ttyW0
-ttyW1
-#...
-
-# Comtrol VS-1000 serial controller
-ttyV0
-ttyV1
-#...
-
-# ISI serial card
-ttyM0
-ttyM1
-#...
-
-# Technology Concepts serial card
-ttyT0
-ttyT1
-#...
-
-# Specialix RIO serial card
-ttySR0
-ttySR1
-#...ttySR511
-
-# Chase Research AT/PCI-Fast serial card
-ttyCH0
-ttyCH1
-#...ttyCH63
-
-# Moxa Intellio serial card
-ttyMX0
-ttyMX1
-#...ttyMX127
-
-# SmartIO serial card
-ttySI0
-ttySI1
-#...
-
-# USB dongles
-ttyUSB0
-ttyUSB1
-ttyUSB2
-#...
-
-# LinkUp Systems L72xx UARTs
-ttyLU0
-ttyLU1
-ttyLU2
-ttyLU3
-
-# StrongARM builtin serial ports
-ttySA0
-ttySA1
-ttySA2
-
-# SCI serial port (SuperH) ports and SC26xx serial ports
-ttySC0
-ttySC1
-ttySC2
-ttySC3
-
-# ARM "AMBA" serial ports
-ttyAM0
-ttyAM1
-ttyAM2
-ttyAM3
-ttyAM4
-ttyAM5
-ttyAM6
-ttyAM7
-ttyAM8
-ttyAM9
-ttyAM10
-ttyAM11
-ttyAM12
-ttyAM13
-ttyAM14
-ttyAM15
-
-# Embedded ARM AMBA PL011 ports (e.g. emulated by QEMU)
-ttyAMA0
-ttyAMA1
-ttyAMA2
-ttyAMA3
-
-# DataBooster serial ports
-ttyDB0
-ttyDB1
-ttyDB2
-ttyDB3
-ttyDB4
-ttyDB5
-ttyDB6
-ttyDB7
-
-# SGI Altix console ports
-ttySG0
-
-# Motorola i.MX ports
-ttySMX0
-ttySMX1
-ttySMX2
-
-# Marvell MPSC ports
-ttyMM0
-ttyMM1
-
-# PPC CPM (SCC or SMC) ports
-ttyCPM0
-ttyCPM1
-ttyCPM2
-ttyCPM3
-ttyCPM4
-ttyCPM5
-
-# Altix serial cards
-ttyIOC0
-ttyIOC1
-#...ttyIOC31
-
-# NEC VR4100 series SIU
-ttyVR0
-
-# NEC VR4100 series SSIU
-ttyVR1
-
-# Altix ioc4 serial cards
-ttyIOC84
-ttyIOC85
-#...ttyIOC115
-
-# Altix ioc3 serial cards
-ttySIOC0
-ttySIOC1
-#...ttySIOC31
-
-# PPC PSC ports
-ttyPSC0
-ttyPSC1
-ttyPSC2
-ttyPSC3
-ttyPSC4
-ttyPSC5
-
-# ATMEL serial ports
-ttyAT0
-ttyAT1
-#...ttyAT15
-
-# Hilscher netX serial port
-ttyNX0
-ttyNX1
-#...ttyNX15
-
-# Xilinx uartlite - port
-ttyUL0
-ttyUL1
-ttyUL2
-ttyUL3
-
-# Xen virtual console - port 0
-xvc0
-
-# pmac_zilog - port
-ttyPZ0
-ttyPZ1
-ttyPZ2
-ttyPZ3
-
-# TX39/49 serial port
-ttyTX0
-ttyTX1
-ttyTX2
-ttyTX3
-ttyTX4
-ttyTX5
-ttyTX6
-ttyTX7
-
-# SC26xx serial ports (see SCI serial ports (SuperH))
-
-# MAX3100 serial ports
-ttyMAX0
-ttyMAX1
-ttyMAX2
-ttyMAX3
-
-# OMAP serial ports
-ttyO0
-ttyO1
-ttyO2
-ttyO3
-
-# User space serial ports
-ttyU0
-ttyU1
-
-# A2232 serial card
-ttyY0
-ttyY1
-
-# IBM 3270 terminal Unix tty access
-3270/tty1
-3270/tty2
-#...
-
-# IBM iSeries/pSeries virtual console
-hvc0
-hvc1
-#...
-#IBM pSeries console ports
-hvsi0
-hvsi1
-hvsi2
-
-# Equinox SST multi-port serial boards
-ttyEQ0
-ttyEQ1
-#...ttyEQ1027
-
-# ==========================================================
-#
-# Not in Documentation/Devices.txt
-#
-# ==========================================================
-
-# Embedded Freescale i.MX ports
-ttymxc0
-ttymxc1
-ttymxc2
-ttymxc3
-ttymxc4
-ttymxc5
-
-# LXC (Linux Containers)
-lxc/console
-lxc/tty1
-lxc/tty2
-lxc/tty3
-lxc/tty4
-
-# Serial Console for MIPS Swarm
-duart0
-duart1
-
-# s390 and s390x ports in LPAR mode
-ttysclp0

debian/shadowconfig.sh

@@ -1,49 +0,0 @@
-#!/bin/sh
-# turn shadow passwords on or off on a Debian system
-
-set -e
-
-shadowon () {
-    set -e
-    pwck -q -r
-    grpck -r
-    pwconv
-    grpconv
-    chown root:root /etc/passwd /etc/group
-    chmod 644 /etc/passwd /etc/group
-    chown root:shadow /etc/shadow /etc/gshadow
-    chmod 640 /etc/shadow /etc/gshadow
-}
-
-shadowoff () {
-    set -e
-    pwck -q -r
-    grpck -r
-    pwunconv
-    grpunconv
-    # sometimes the passwd perms get munged
-    chown root:root /etc/passwd /etc/group
-    chmod 644 /etc/passwd /etc/group
-}
-
-case "$1" in
-    "on")
-	if shadowon ; then
-	    echo Shadow passwords are now on.
-	else
-	    echo Please correct the error and rerun \`$0 on\'
-	    exit 1
-	fi
-	;;
-    "off")
-	if shadowoff ; then
-	    echo Shadow passwords are now off.
-	else
-	    echo Please correct the error and rerun \`$0 off\'
-	    exit 1
-	fi
-	;;
-     *)
-	echo Usage: $0 on \| off
-	;;
-esac

debian/source/format

@@ -1 +0,0 @@
-3.0 (quilt)

debian/uidmap.install

@@ -1,4 +0,0 @@
-usr/bin/newuidmap
-usr/bin/newgidmap
-usr/share/man/man1/newuidmap.1
-usr/share/man/man1/newgidmap.1