Update changelog for 1:4.19.0-4 release

Import upstream patches to fix hash check
Closes: #1124835
2026-01-08 00:08:53 +01:00 · 2026-01-08 00:08:53 +01:00 · 2026-01-07 11:11:27 +01:00 · 2026-01-07 11:08:05 +01:00 · 2026-01-06 02:38:53 +01:00 · 2026-01-06 02:38:22 +01:00
11080 changed files with 479595 additions and 63971 deletions
@@ -3,11 +3,20 @@ reports and various comments. This list may be incomplete, I received
 a lot of mail...

 # Maintainers
+* Marek Michałkiewicz <marekm72@gmail.com> (1995-2000)
 * Tomasz Kłoczko <kloczek@pld.org.pl> (2000-2007)
 * Nicolas François <nicolas.francois@centraliens.net> (2007-2014)
 * Serge E. Hallyn <serge@hallyn.com> (2014-now)
 * Christian Brauner <christian@brauner.io> (2019-now)
 * Iker Pedrosa <ipedrosa@redhat.com> (2022-now)
+* Alejandro Colomar <alx@kernel.org> (2023-now) (4.14 stable)
+
+To verify signatures on releases, use the following keys under keys/ :
+
+* Serge Hallyn: keys/66D0387DB85D320F8408166DB175CFA98F192AF2.asc
+* Christian Brauner: keys/4880B8C9BD0E5106FC070F4F7B3C391EFEA93624.asc
+* Iker Pedrosa: keys/4E80EF49C7987B6DE2F81F5005079C6C3A653E57.asc
+* Alejandro Colomar: keys/A9348594CE31283A826FBDD8D57633D441E25BB5.asc

 # Authors and contributors
 * Adam Rudnicki <adam@v-lo.krakow.pl>
@@ -1,6 +1,31 @@
-2022-08-22  Serge Hallyn <serge@hallyn.com>
+2022-11-08  Serge Hallyn <serge@hallyn.com>

-	* Revert the removal of subid_init as pointed out by Balint.
+	* useradd.8: fix default group ID (Tim Biermann)
+	* Revert drop of subid_init() (Serge Hallyn)
+	* Georgian translation (NorwayFun)
+	* useradd: Avoid taking unneeded space: do not reset non-existent data
+	  in lastlog (David Kalnischkies)
+	* relax username restrictions (Alexander Kanavin)
+	* selinux: check MLS enabled before setting serange (genBTC)
+	* copy_tree: use fchmodat instead of chmod (Samanta Navarro)
+	* copy_tree: don't block on FIFOs (Samanta Navarro)
+	* add shell linter (Jan Macku)
+	* copy_tree: carefully treat permissions (Samanta Navarro)
+	* lib/commonio: make lock failures more detailed (Luca BRUNO)
+	* lib: use strzero and memzero where applicable (Christian Göttsche)
+	* Update Dutch translation (Frans Spiesschaert)
+	* Don't test for NULL before calling free (Alex Colomar)
+	* Use libc MAX() and MIN() (Alejandro Colomar)
+	* chage: Fix regression in print_date (Xiami)
+	* usermod: report error if homedir does not exist (Iker Pedrosa)
+	* libmisc: minimum id check for system accounts (Iker Pedrosa)
+	* fix usermod -rG x y wrongly adding a group (xyz)
+	* man: add missing space in useradd.8.xml (Iker Pedrosa)
+	* lastlog: check for localtime() return value (Iker Pedrosa)
+	* Raise limit for passwd and shadow entry length (Iker Pedrosa)
+	* Remove adduser-old.c (Alejandro Colomar)
+	* useradd: Fix buffer overflow when using a prefix (David Michael)
+	* Don't warn when failed to open /etc/nsswitch.conf (Serge Hallyn)

 2022-08-15  Serge Hallyn <serge@hallyn.com>

@@ -9533,7 +9558,7 @@
 	* NEWS: release date corrected.

 	* NEWS, src/su.c:
-	fixed set enviroment too early when using PAM, so move it to !USE_PAM
+	fixed set environment too early when using PAM, so move it to !USE_PAM
 	(patch submitted by Mike Frysinger <vapier@gentoo.org>).

 2006-07-30  Tomasz Kłoczko  <kloczek@pld.org.pl>
@@ -10220,7 +10245,7 @@
 	* NEWS: cleanups.

 	* autogen.sh:
-	by default in development enviroment use CFLAGS="-O2 -Wall".
+	by default in development environment use CFLAGS="-O2 -Wall".

 	* src/chgpasswd.c (main): remove two unused variables (newgr and now).

@@ -11629,7 +11654,7 @@
 	in OPTIONS section). Describe -a and -k options.

 	* NEWS, src/su.c:
-	fixed twice copy enviroment which causes auth problems (bug was introduced in 4.0.12;
+	fixed twice copy environment which causes auth problems (bug was introduced in 4.0.12;
 	fix by Nicolas François <nicolas.francois@centraliens.net>).

 	* src/passwd.c, po/ja.po, po/ko.po, po/nb.po, po/nl.po, po/nn.po, po/pl.po, po/pt.po, po/pt_BR.po, po/ro.po, po/ru.po, po/sk.po, po/sq.po, po/sv.po, po/tl.po, po/tr.po, po/uk.po, po/vi.po, po/zh_CN.po, po/zh_TW.po, po/bs.po, po/ca.po, po/cs.po, po/da.po, po/de.po, po/el.po, po/es.po, po/eu.po, po/fi.po, po/fr.po, po/he.po, po/id.po, po/it.po:
@@ -12559,7 +12584,7 @@
 	http://bugs.debian.org/48002

 	* src/login.c, NEWS:
-	fixed loggin of username on succesful login (was using the normal username,
+	fixed loggin of username on successful login (was using the normal username,
 	when it should have used pam_user) http://bugs.debian.org/47819

 2005-06-02  Tomasz Kłoczko  <kloczek@pld.org.pl>
@@ -13004,7 +13029,7 @@
 	* man/pl/usermod.8: finish sync with english version.

 	* man/hu/login.1, man/pl/login.1, NEWS, man/Attic/login.1, man/de/login.1:
-	removed fragment about abilities pass enviroment variables in login prompt.
+	removed fragment about abilities pass environment variables in login prompt.

 	* man/Attic/gpasswd.1, man/Attic/newgrp.1:
 	fixes by Nicolas Nicolas François <nicolas.francois@centraliens.net> (not all
@@ -13483,7 +13508,7 @@
 	removed not used translations.

 	* NEWS, src/su.c:
-	fix adding of pam_env env variables to enviroment (Martin Schlemmer <azarah@nosferatu.za.org>).
+	fix adding of pam_env env variables to environment (Martin Schlemmer <azarah@nosferatu.za.org>).

 	* NEWS, configure.in:
 	fixed filling MAIL_SPOOL_DIR and MAIL_SPOOL_FILE variables which was allways
@@ -13580,7 +13605,7 @@

 	* NEWS, src/su.c:
 	add pam_open_session() support. If builded without PAM support
-	propagate $DISPLAY and $XAUTHORITY enviroment variables.
+	propagate $DISPLAY and $XAUTHORITY environment variables.
 	Based on http://www.gentoo.org/cgi-bin/viewcvs.cgi/sys-apps/shadow/files/shadow-4.0.4.1-su-pam_open_session.patch?rev=1.1

 2004-10-23  Tomasz Kłoczko  <kloczek@pld.org.pl>
@@ -1,15 +1,28 @@
 ## Process this file with automake to produce Makefile.in
+ACLOCAL_AMFLAGS = -I m4

-EXTRA_DIST = NEWS README TODO shadow.spec.in
-
-SUBDIRS = libmisc lib
+SUBDIRS = lib

 if ENABLE_SUBIDS
 SUBDIRS += libsubid
 endif

-SUBDIRS += src po contrib doc etc
+SUBDIRS += src po doc etc tests/unit

 if ENABLE_REGENERATE_MAN
 SUBDIRS += man
 endif
+
+CLEANFILES = man/8.out man/po/remove-potcdate.* man/*/login.defs.d man/*/*.mo
+
+EXTRA_DIST = NEWS README tests/
+
+dist-hook:
+	chmod -R u+w $(distdir)/tests
+	chmod u+w $(distdir)
+	mv $(distdir)/tests/unit $(distdir)/realunittest
+	mv $(distdir)/tests/tests $(distdir)/realtests
+	rm -rf $(distdir)/tests
+	mv $(distdir)/realtests $(distdir)/tests
+	rm -rf $(distdir)/tests/unit $(distdir)/tests/Makefile*
+	mv $(distdir)/realunittest $(distdir)/tests/unit
@@ -108,7 +108,7 @@ am__CONFIG_DISTCLEAN_FILES = config.status config.cache config.log \
 configure.lineno config.status.lineno
 mkinstalldirs = $(install_sh) -d
 CONFIG_HEADER = config.h
-CONFIG_CLEAN_FILES = man/po/Makefile shadow.spec
+CONFIG_CLEAN_FILES = man/po/Makefile
 CONFIG_CLEAN_VPATH_FILES =
 AM_V_P = $(am__v_P_@AM_V@)
 am__v_P_ = $(am__v_P_@AM_DEFAULT_V@)
@@ -163,12 +163,19 @@ am__define_uniq_tagged_files = \
  unique=`for i in $$list; do \
    if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
  done | $(am__uniquify_input)`
-DIST_SUBDIRS = libmisc lib libsubid src po contrib doc etc man
+DIST_SUBDIRS = lib libsubid src po doc etc tests/unit man
 am__DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/config.h.in \
-	$(srcdir)/shadow.spec.in $(top_srcdir)/man/po/Makefile.in \
-	ABOUT-NLS AUTHORS.md COPYING ChangeLog NEWS README TODO \
-	compile config.guess config.rpath config.sub install-sh \
-	ltmain.sh missing
+	$(top_srcdir)/build-aux/compile \
+	$(top_srcdir)/build-aux/config.guess \
+	$(top_srcdir)/build-aux/config.rpath \
+	$(top_srcdir)/build-aux/config.sub \
+	$(top_srcdir)/build-aux/install-sh \
+	$(top_srcdir)/build-aux/ltmain.sh \
+	$(top_srcdir)/build-aux/missing \
+	$(top_srcdir)/man/po/Makefile.in ABOUT-NLS AUTHORS.md COPYING \
+	ChangeLog NEWS README build-aux/compile build-aux/config.guess \
+	build-aux/config.rpath build-aux/config.sub \
+	build-aux/install-sh build-aux/ltmain.sh build-aux/missing
 DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
 distdir = $(PACKAGE)-$(VERSION)
 top_distdir = $(distdir)
@@ -216,6 +223,7 @@ distcleancheck_listfiles = find . -type f -print
 ACLOCAL = @ACLOCAL@
 AMTAR = @AMTAR@
 AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@
+AM_DISTCHECK_CONFIGURE_FLAGS = @AM_DISTCHECK_CONFIGURE_FLAGS@
 AR = @AR@
 AUTOCONF = @AUTOCONF@
 AUTOHEADER = @AUTOHEADER@
@@ -224,6 +232,8 @@ AWK = @AWK@
 CC = @CC@
 CCDEPMODE = @CCDEPMODE@
 CFLAGS = @CFLAGS@
+CMOCKA_CFLAGS = @CMOCKA_CFLAGS@
+CMOCKA_LIBS = @CMOCKA_LIBS@
 CPP = @CPP@
 CPPFLAGS = @CPPFLAGS@
 CSCOPE = @CSCOPE@
@@ -257,9 +267,15 @@ INTL_MACOSX_LIBS = @INTL_MACOSX_LIBS@
 LD = @LD@
 LDFLAGS = @LDFLAGS@
 LIBACL = @LIBACL@
+LIBADD_DL = @LIBADD_DL@
+LIBADD_DLD_LINK = @LIBADD_DLD_LINK@
+LIBADD_DLOPEN = @LIBADD_DLOPEN@
+LIBADD_SHL_LOAD = @LIBADD_SHL_LOAD@
 LIBATTR = @LIBATTR@
 LIBAUDIT = @LIBAUDIT@
-LIBCRACK = @LIBCRACK@
+LIBBSD = @LIBBSD@
+LIBBSD_CFLAGS = @LIBBSD_CFLAGS@
+LIBBSD_LIBS = @LIBBSD_LIBS@
 LIBCRYPT = @LIBCRYPT@
 LIBECONF = @LIBECONF@
 LIBICONV = @LIBICONV@
@@ -275,14 +291,16 @@ LIBSUBID_ABI = @LIBSUBID_ABI@
 LIBSUBID_ABI_MAJOR = @LIBSUBID_ABI_MAJOR@
 LIBSUBID_ABI_MICRO = @LIBSUBID_ABI_MICRO@
 LIBSUBID_ABI_MINOR = @LIBSUBID_ABI_MINOR@
+LIBSYSTEMD = @LIBSYSTEMD@
 LIBTCB = @LIBTCB@
 LIBTOOL = @LIBTOOL@
 LIPO = @LIPO@
-LIYESCRYPT = @LIYESCRYPT@
 LN_S = @LN_S@
 LTLIBICONV = @LTLIBICONV@
 LTLIBINTL = @LTLIBINTL@
 LTLIBOBJS = @LTLIBOBJS@
+LT_DLLOADERS = @LT_DLLOADERS@
+LT_DLPREOPEN = @LT_DLPREOPEN@
 LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@
 MAINT = @MAINT@
 MAKEINFO = @MAKEINFO@
@@ -305,6 +323,9 @@ PACKAGE_TARNAME = @PACKAGE_TARNAME@
 PACKAGE_URL = @PACKAGE_URL@
 PACKAGE_VERSION = @PACKAGE_VERSION@
 PATH_SEPARATOR = @PATH_SEPARATOR@
+PKG_CONFIG = @PKG_CONFIG@
+PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@
+PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
 POSUB = @POSUB@
 RANLIB = @RANLIB@
 SED = @SED@
@@ -320,8 +341,6 @@ XGETTEXT_EXTRA_OPTIONS = @XGETTEXT_EXTRA_OPTIONS@
 XMLCATALOG = @XMLCATALOG@
 XML_CATALOG_FILE = @XML_CATALOG_FILE@
 XSLTPROC = @XSLTPROC@
-YACC = @YACC@
-YFLAGS = @YFLAGS@
 abs_builddir = @abs_builddir@
 abs_srcdir = @abs_srcdir@
 abs_top_builddir = @abs_top_builddir@
@@ -376,9 +395,11 @@ target_alias = @target_alias@
 top_build_prefix = @top_build_prefix@
 top_builddir = @top_builddir@
 top_srcdir = @top_srcdir@
-EXTRA_DIST = NEWS README TODO shadow.spec.in
-SUBDIRS = libmisc lib $(am__append_1) src po contrib doc etc \
+ACLOCAL_AMFLAGS = -I m4
+SUBDIRS = lib $(am__append_1) src po doc etc tests/unit \
 	$(am__append_2)
+CLEANFILES = man/8.out man/po/remove-potcdate.* man/*/login.defs.d man/*/*.mo
+EXTRA_DIST = NEWS README tests/
 all: config.h
 	$(MAKE) $(AM_MAKEFLAGS) all-recursive

@@ -433,8 +454,6 @@ distclean-hdr:
 	-rm -f config.h stamp-h1
 man/po/Makefile: $(top_builddir)/config.status $(top_srcdir)/man/po/Makefile.in
 	cd $(top_builddir) && $(SHELL) ./config.status $@
-shadow.spec: $(top_builddir)/config.status $(srcdir)/shadow.spec.in
-	cd $(top_builddir) && $(SHELL) ./config.status $@

 mostlyclean-libtool:
 	-rm -f *.lo
@@ -610,6 +629,9 @@ distdir-am: $(DISTFILES)
 	      || exit 1; \
 	  fi; \
 	done
+	$(MAKE) $(AM_MAKEFLAGS) \
+	  top_distdir="$(top_distdir)" distdir="$(distdir)" \
+	  dist-hook
 	-test -n "$(am__skip_mode_fix)" \
 	|| find "$(distdir)" -type d ! -perm -755 \
 		-exec chmod u+rwx,go+rx {} \; -o \
@@ -773,6 +795,7 @@ install-strip:
 mostlyclean-generic:

 clean-generic:
+	-test -z "$(CLEANFILES)" || rm -f $(CLEANFILES)

 distclean-generic:
 	-test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES)
@@ -856,8 +879,8 @@ uninstall-am:
 .PHONY: $(am__recursive_targets) CTAGS GTAGS TAGS all all-am \
 	am--refresh check check-am clean clean-cscope clean-generic \
 	clean-libtool cscope cscopelist-am ctags ctags-am dist \
-	dist-all dist-bzip2 dist-gzip dist-lzip dist-shar dist-tarZ \
-	dist-xz dist-zip dist-zstd distcheck distclean \
+	dist-all dist-bzip2 dist-gzip dist-hook dist-lzip dist-shar \
+	dist-tarZ dist-xz dist-zip dist-zstd distcheck distclean \
 	distclean-generic distclean-hdr distclean-libtool \
 	distclean-tags distcleancheck distdir distuninstallcheck dvi \
 	dvi-am html html-am info info-am install install-am \
@@ -873,6 +896,16 @@ uninstall-am:
 .PRECIOUS: Makefile


+dist-hook:
+	chmod -R u+w $(distdir)/tests
+	chmod u+w $(distdir)
+	mv $(distdir)/tests/unit $(distdir)/realunittest
+	mv $(distdir)/tests/tests $(distdir)/realtests
+	rm -rf $(distdir)/tests
+	mv $(distdir)/realtests $(distdir)/tests
+	rm -rf $(distdir)/tests/unit $(distdir)/tests/Makefile*
+	mv $(distdir)/realunittest $(distdir)/tests/unit
+
 # Tell versions [3.59,3.63) of GNU make to not export all variables.
 # Otherwise a system limit (for SysV at least) may be exceeded.
 .NOEXPORT:
@@ -696,7 +696,7 @@ shadow-4.0.18 -> shadow-4.0.18.1					03-08-2006
 shadow-4.0.17 -> shadow-4.0.18						01-08-2006

 *** general:
- su: fixed set enviroment too early when using PAM, so move it to !USE_PAM
+- su: fixed set environment too early when using PAM, so move it to !USE_PAM
  (patch submitted by Mike Frysinger <vapier@gentoo.org>),
 - groupadd, groupmod, useradd, usermod: fixed UID/GID overflow (fixed
  http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=198920)
@@ -855,7 +855,7 @@ shadow-4.0.14 -> shadow-4.0.15						13-03-2006
 - su: move exit() outside libmisc/shell.c::shell() for handle shell() errors
  on higher level (now is better visable where some programs exit with 126
  and 127 exit codes); added new shell() parameter (char *const envp[])
-  which allow fix preserving enviroment in su on using -p, (patch by
+  which allow fix preserving environment in su on using -p, (patch by
  Alexander Gattin <xrgtn@yandex.ru>),
 - su: added handle -c,--command option for GNU su compliance (merge
  437_su_-c_option Debian patch),
@@ -966,7 +966,7 @@ shadow-4.0.12 -> shadow-4.0.13						10-10-2005
  to example described in ident(1) man page (modern compilers like latest GCC
  removes not used functions by global optimization).
  So "ident /usr/bin/passwd" will show again some useable informations
- su: fixed twice copy enviroment which causes auth problems
+- su: fixed twice copy environment which causes auth problems
  (bug was introduced in 4.0.12; fix by Nicolas François <nicolas.francois@centraliens.net>),
 - chage: differentiate the different failure causes by the exit value
  This will permit to adduser Debian script to detect if chage failed because the
@@ -1133,7 +1133,7 @@ shadow-4.0.9 -> shadow-4.0.10						28-06-2005
  http://bugs.debian.org/53702
 - login: check for hushed login and pass PAM_SILENT if true,
  http://bugs.debian.org/48002
- login: fixed username on succesful login (was using the normal username,
+- login: fixed username on successful login (was using the normal username,
  when it should have used pam_user) http://bugs.debian.org/47819
 - remove using SHADOWPWD #define so now shadow is always built with shadow
  password support,
@@ -1212,7 +1212,7 @@ shadow-4.0.7 -> shadow-4.0.8						26-04-2005
  (without gshadow) doesn't permit to use newgrp,
 - newgrp(1): newgrp uses /bin/sh (not bash),
 - faillog(8): updated after rewritten faillog command for use getopt_long(),
- login(1): removed fragment about abilities pass enviroment variables in login prompt,
+- login(1): removed fragment about abilities pass environment variables in login prompt,
 - gshadow(5): new file (by Nicolas Nicolas François <nicolas.francois@centraliens.net>),
 - usermod(8): fixed #302388 Debian bug: added separated -o option description,

@@ -1242,7 +1242,7 @@ shadow-4.0.6 -> shadow-4.0.7						26-01-2005

 shadow-4.0.5 -> shadow-4.0.6						08-11-2004

- su: fixed adding of pam_env env variables to enviroment
+- su: fixed adding of pam_env env variables to environment
  (Martin Schlemmer <azarah@nosferatu.za.org>),
 - autoconf: fixed filling MAIL_SPOOL_DIR and MAIL_SPOOL_FILE variables
  which was always empty (Gregorio Guidi <g.guidi@sns.it>),
@@ -1275,7 +1275,7 @@ shadow-4.0.4.1 -> shadow-4.0.5						27-10-2004
  including symlinks placed into /etc/skel/public_html for example.
  http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=66819
 - su: add pam_open_session() support. If built without PAM support
-  propagate $DISPLAY and $XAUTHORITY enviroment variables.
+  propagate $DISPLAY and $XAUTHORITY environment variables.
  Based on http://www.gentoo.org/cgi-bin/viewcvs.cgi/sys-apps/shadow/files/shadow-4.0.4.1-su-pam_open_session.patch?rev=1.1
 - applied 036_pam_access_with_preauth.patch Debian patch submited by Bjorn
  Torkelsson <Bjorn.Torkelsson@hpc2n.umu.se>: add support for PAM account
@@ -17,6 +17,12 @@ are used for managing group accounts.
 * [Issue tracker](https://github.com/shadow-maint/shadow/issues)
 * [Releases](https://github.com/shadow-maint/shadow/releases)

+## Code
+
+The main development branch is at [https://github.com/shadow-maint/shadow.git](https://github.com/shadow-maint/shadow)
+
+See [STABLE.md](https://github.com/shadow-maint/shadow/blob/master/STABLE.md) for a list of supported stable branches.
+
 ## Contacts
 There are several ways to contact us:
 * [the general discussion mailing list](
@@ -31,6 +37,11 @@ There are several ways to contact us:
  https://alioth-lists-archive.debian.net/pipermail/pkg-shadow-commits/),
  only used for historical purposes

+## Contributions
+
+Contributions are welcome. Follow the
+[guidelines](doc/contributions/introduction.md) before posting any patches.
+
 ## Authors and maintainers
 Authors and maintainers are listed in [AUTHORS.md](
 https://github.com/shadow-maint/shadow/blob/master/AUTHORS.md).
@@ -1,127 +0,0 @@
- * Create a common usage function that'd take the array of
-   long options and an array of descriptions and output that so things would
-   be standardized across the utils.
-   Usage strings should be normalized and split first.
-   Investigate optparse.
-
-
-/etc/default/useradd
- * GROUP=1000 should accept a group name.
-
-Check when RLOGIN is enabled if ruserok() exists
-
-Move selinux_file_context out of libmisc/copydir.c
-
-Review hardcoded root account?
-
-review all call to strto
-
-libmisc/cleanup_user.c
-	cleanup needed (cleanup_report_add_user* not used)
-
-
-libxcrypt support
- * http://wiki.linuxfromscratch.org/patches/browser/trunk/shadow/shadow-4.0.18.1-owl_blowfish-1.patch
-
-implement getlong, getulong.
-	avoid atoi, atol, atoul, strtol, strtoul, ...
-
-manpages: comment the RLOGIN parts
-
-Replace build_list (in lib/gshadow.c) and list (in lib/sgetgrent.c) by
-comma_to_list()
-
-Revert the modified files if all files could not be changed.
-  * or warn and indicate which files were modified and which were not.
-  * check the order the files are modified.
-
-report nscd_flush_cache failures?
-call nscd from the programs or from lib (commonio?)
-
-PAM: check if a non-interactive conversation function could be used to set
-the password in chpasswd and newusers
-
-WITH_SELINUX
-  - review all tools to check that the strategies are consistent
-
-chage, chfn, chsh: same change needed as in passwd.
-  - probably need moving check_selinux_access to a separate file.
-
-testsuite
- - newgrp
-   - test with unknown user's GID
-
-newusers
- - add logging to SYSLOG & AUDIT
- - use CREATE_HOME
- - Add a -Z option (see useradd / usermod)
-
-Document when/where option appeared, document whether an option is standard
-or not.
-
-Check all the expiry semantics
-
-ALL:
- move base passwd/shadow/group/gshadow operation to module for allow write
-  different backend modules for db, NIS, LDAP and others. Default backend it
-  will be goot if will be chosen depending on /etc/nsswitch.conf and allow
-  override this by -r <repository> options (where the <repository> can be
-  file, db, nis nisplus, ldap .. like on /etc/nsswitch.conf in service column).
-  passwd have old piece of code with handling -r option and it will be good
-  finish this and propagate on other shadow tools for allow operate on other
-  user databases by well known tools.
- Protect against signals. Register do_cleanups in a signal handler.
-
- login.defs
-  - generate depending on configuration
-
- useradd:
-  - add handle create user mail spool in maildir format.
-  - Add support for -k in -D mode
-  - Add support for -K in -D mode
-  - Add option to create or not the mail spool (and set the default in -D
-    mode)
-  - Change -l to reset the entry if an entry was already there
-  - set the mask in mkdir?
-
- userdel:
-  - add backup option for the removal of user resources,
-  - user_busy: check that the user is not running any processes.
-  - missing "deleting group" FAILED
-  - home dir removed, but userdel may fail and may leave the user
-    => warning needed
-
- usermod
-  - add an option equivalent to useradd's -l (only when uid is changed)
-  - the mode of new home directories should be set according to the
-    original mode. Does copy_tree does this?
-  - user renamed, order is not kept in /etc/group (see
-    47_usermod-l_no_shadow_file). This is a problem when the first user is
-    considered as the admin.
-  - see mail "user ID change" on  April, 15
-    + fix call to chown (combination of -m and -u/-g)
-    + add tests
-
- passwd:
-  - check combination of options (e.g. -u/-l)
-  - when -u refuse to unlock because it would create an empty password, it
-    should not display "Password changed."
-    exit instead?
-
- newgrp: check the USE_PAM section.
-
- pwck
-  - Add check to move passwd passwords to shadow if there is a shadow
-    entry (with a password).
-  - Add check to move passwd passwords to shadow if there is a shadow
-    file.
-  - Support an alternative /etc/tcb directory as second parameter.
-  - add options -g / -G to specify alternative group / gshadow files
-
- su
-  - add a login.defs configuration parameter to add variables to keep in
-    the environment with "su -l" (TERM/TERMCOLOR/...)
-
- vipw
-  - set ACLs and XATTRs on the temporary file (and backups?)
-  - vipw + selinux -> use lib/selinux.c
@@ -0,0 +1,153 @@
+#! /bin/sh
+# test-driver - basic testsuite driver script.
+
+scriptversion=2018-03-07.03; # UTC
+
+# Copyright (C) 2011-2021 Free Software Foundation, Inc.
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2, or (at your option)
+# any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program.  If not, see <https://www.gnu.org/licenses/>.
+
+# As a special exception to the GNU General Public License, if you
+# distribute this file as part of a program that contains a
+# configuration script generated by Autoconf, you may include it under
+# the same distribution terms that you use for the rest of that program.
+
+# This file is maintained in Automake, please report
+# bugs to <bug-automake@gnu.org> or send patches to
+# <automake-patches@gnu.org>.
+
+# Make unconditional expansion of undefined variables an error.  This
+# helps a lot in preventing typo-related bugs.
+set -u
+
+usage_error ()
+{
+  echo "$0: $*" >&2
+  print_usage >&2
+  exit 2
+}
+
+print_usage ()
+{
+  cat <<END
+Usage:
+  test-driver --test-name NAME --log-file PATH --trs-file PATH
+              [--expect-failure {yes|no}] [--color-tests {yes|no}]
+              [--enable-hard-errors {yes|no}] [--]
+              TEST-SCRIPT [TEST-SCRIPT-ARGUMENTS]
+
+The '--test-name', '--log-file' and '--trs-file' options are mandatory.
+See the GNU Automake documentation for information.
+END
+}
+
+test_name= # Used for reporting.
+log_file=  # Where to save the output of the test script.
+trs_file=  # Where to save the metadata of the test run.
+expect_failure=no
+color_tests=no
+enable_hard_errors=yes
+while test $# -gt 0; do
+  case $1 in
+  --help) print_usage; exit $?;;
+  --version) echo "test-driver $scriptversion"; exit $?;;
+  --test-name) test_name=$2; shift;;
+  --log-file) log_file=$2; shift;;
+  --trs-file) trs_file=$2; shift;;
+  --color-tests) color_tests=$2; shift;;
+  --expect-failure) expect_failure=$2; shift;;
+  --enable-hard-errors) enable_hard_errors=$2; shift;;
+  --) shift; break;;
+  -*) usage_error "invalid option: '$1'";;
+   *) break;;
+  esac
+  shift
+done
+
+missing_opts=
+test x"$test_name" = x && missing_opts="$missing_opts --test-name"
+test x"$log_file"  = x && missing_opts="$missing_opts --log-file"
+test x"$trs_file"  = x && missing_opts="$missing_opts --trs-file"
+if test x"$missing_opts" != x; then
+  usage_error "the following mandatory options are missing:$missing_opts"
+fi
+
+if test $# -eq 0; then
+  usage_error "missing argument"
+fi
+
+if test $color_tests = yes; then
+  # Keep this in sync with 'lib/am/check.am:$(am__tty_colors)'.
+  red='[0;31m' # Red.
+  grn='[0;32m' # Green.
+  lgn='[1;32m' # Light green.
+  blu='[1;34m' # Blue.
+  mgn='[0;35m' # Magenta.
+  std='[m'     # No color.
+else
+  red= grn= lgn= blu= mgn= std=
+fi
+
+do_exit='rm -f $log_file $trs_file; (exit $st); exit $st'
+trap "st=129; $do_exit" 1
+trap "st=130; $do_exit" 2
+trap "st=141; $do_exit" 13
+trap "st=143; $do_exit" 15
+
+# Test script is run here. We create the file first, then append to it,
+# to ameliorate tests themselves also writing to the log file. Our tests
+# don't, but others can (automake bug#35762).
+: >"$log_file"
+"$@" >>"$log_file" 2>&1
+estatus=$?
+
+if test $enable_hard_errors = no && test $estatus -eq 99; then
+  tweaked_estatus=1
+else
+  tweaked_estatus=$estatus
+fi
+
+case $tweaked_estatus:$expect_failure in
+  0:yes) col=$red res=XPASS recheck=yes gcopy=yes;;
+  0:*)   col=$grn res=PASS  recheck=no  gcopy=no;;
+  77:*)  col=$blu res=SKIP  recheck=no  gcopy=yes;;
+  99:*)  col=$mgn res=ERROR recheck=yes gcopy=yes;;
+  *:yes) col=$lgn res=XFAIL recheck=no  gcopy=yes;;
+  *:*)   col=$red res=FAIL  recheck=yes gcopy=yes;;
+esac
+
+# Report the test outcome and exit status in the logs, so that one can
+# know whether the test passed or failed simply by looking at the '.log'
+# file, without the need of also peaking into the corresponding '.trs'
+# file (automake bug#11814).
+echo "$res $test_name (exit status: $estatus)" >>"$log_file"
+
+# Report outcome to console.
+echo "${col}${res}${std}: $test_name"
+
+# Register the test result, and other relevant metadata.
+echo ":test-result: $res" > $trs_file
+echo ":global-test-result: $res" >> $trs_file
+echo ":recheck: $recheck" >> $trs_file
+echo ":copy-in-global-log: $gcopy" >> $trs_file
+
+# Local Variables:
+# mode: shell-script
+# sh-indentation: 2
+# eval: (add-hook 'before-save-hook 'time-stamp)
+# time-stamp-start: "scriptversion="
+# time-stamp-format: "%:y-%02m-%02d.%02H"
+# time-stamp-time-zone: "UTC0"
+# time-stamp-end: "; # UTC"
+# End:
@@ -4,6 +4,12 @@
   authenticate the callers */
 #undef ACCT_TOOLS_SETUID

+/* Define to support lastlog. */
+#undef ENABLE_LASTLOG
+
+/* Define to manage session support with logind. */
+#undef ENABLE_LOGIND
+
 /* Define to 1 if translation of program messages to the user's native
   language is requested. */
 #undef ENABLE_NLS
@@ -14,10 +20,6 @@
 /* Path for faillog file. */
 #undef FAILLOG_FILE

-/* Define to the type of elements in the array set by `getgroups'. Usually
-   this is either `int' or `gid_t'. */
-#undef GETGROUPS_T
-
 /* max group name length */
 #undef GROUP_NAME_MAX_LENGTH

@@ -47,13 +49,14 @@
   the CoreFoundation framework. */
 #undef HAVE_CFPREFERENCESCOPYAPPVALUE

-/* Define to 1 if you have the <crypt.h> header file. */
-#undef HAVE_CRYPT_H
-
 /* Define if the GNU dcgettext() function is already present or preinstalled.
   */
 #undef HAVE_DCGETTEXT

+/* Define to 1 if you have the declaration of `cygwin_conv_path', and to 0 if
+   you don't. */
+#undef HAVE_DECL_CYGWIN_CONV_PATH
+
 /* Define to 1 if you have the declaration of `PAM_DATA_SILENT', and to 0 if
   you don't. */
 #undef HAVE_DECL_PAM_DATA_SILENT
@@ -70,98 +73,53 @@
   if you don't. */
 #undef HAVE_DECL_PAM_NEW_AUTHTOK_REQD

+/* Define if you have the GNU dld library. */
+#undef HAVE_DLD
+
+/* Define to 1 if you have the `dlerror' function. */
+#undef HAVE_DLERROR
+
 /* Define to 1 if you have the <dlfcn.h> header file. */
 #undef HAVE_DLFCN_H

-/* Define to 1 if you have the <errno.h> header file. */
-#undef HAVE_ERRNO_H
+/* Define if you have the _dyld_func_lookup function. */
+#undef HAVE_DYLD

 /* Define to 1 if you have the `explicit_bzero' function. */
 #undef HAVE_EXPLICIT_BZERO

-/* Define to 1 if you have the `fchmod' function. */
-#undef HAVE_FCHMOD
-
-/* Define to 1 if you have the `fchown' function. */
-#undef HAVE_FCHOWN
-
-/* Define to 1 if you have the <fcntl.h> header file. */
-#undef HAVE_FCNTL_H
-
-/* Define to 1 if you have the `fsync' function. */
-#undef HAVE_FSYNC
-
-/* Define to 1 if you have the `futimes' function. */
-#undef HAVE_FUTIMES
+/* Defined to 1 if you have the declaration of 'fgetpwent_r' */
+#undef HAVE_FGETPWENT_R

 /* Define to 1 if you have the `getentropy' function. */
 #undef HAVE_GETENTROPY

-/* Define to 1 if you have the `getgrgid_r' function. */
-#undef HAVE_GETGRGID_R
-
-/* Define to 1 if you have the `getgrnam_r' function. */
-#undef HAVE_GETGRNAM_R
-
-/* Define to 1 if you have the `getpwnam_r' function. */
-#undef HAVE_GETPWNAM_R
-
-/* Define to 1 if you have the `getpwuid_r' function. */
-#undef HAVE_GETPWUID_R
-
 /* Define to 1 if you have the `getrandom' function. */
 #undef HAVE_GETRANDOM

-/* Define to 1 if you have the `getspnam' function. */
-#undef HAVE_GETSPNAM
-
 /* Define to 1 if you have the `getspnam_r' function. */
 #undef HAVE_GETSPNAM_R

 /* Define if the GNU gettext() function is already present or preinstalled. */
 #undef HAVE_GETTEXT

-/* Define to 1 if you have the `getusershell' function. */
-#undef HAVE_GETUSERSHELL
-
-/* Define to 1 if you have the `getutent' function. */
-#undef HAVE_GETUTENT
-
-/* Define to 1 if you have the <gshadow.h> header file. */
-#undef HAVE_GSHADOW_H
-
 /* Define if you have the iconv() function and it works. */
 #undef HAVE_ICONV

-/* Define to 1 if you have the `initgroups' function. */
-#undef HAVE_INITGROUPS
-
 /* Define to 1 if you have the `innetgr' function. */
 #undef HAVE_INNETGR

 /* Define to 1 if you have the <inttypes.h> header file. */
 #undef HAVE_INTTYPES_H

-/* Define to 1 if you have the `l64a' function. */
-#undef HAVE_L64A
-
-/* Define to 1 if you have the <lastlog.h> header file. */
-#undef HAVE_LASTLOG_H
-
 /* Define to 1 if you have the `lckpwdf' function. */
 #undef HAVE_LCKPWDF

-/* Defined if you have libcrack. */
-#undef HAVE_LIBCRACK
+/* Define if you have the libdl library or equivalent. */
+#undef HAVE_LIBDL

-/* Defined if you have the ts&szs cracklib. */
-#undef HAVE_LIBCRACK_HIST
-
-/* Defined if it includes *Pw functions. */
-#undef HAVE_LIBCRACK_PW
-
-/* Define to 1 if you have the <limits.h> header file. */
-#undef HAVE_LIMITS_H
+/* Define if libdlloader will be built on this platform */
+#undef HAVE_LIBDLLOADER

 /* Define to 1 if you have the <linux/btrfs_tree.h> header file. */
 #undef HAVE_LINUX_BTRFS_TREE_H
@@ -172,27 +130,15 @@
 /* Define if struct lastlog has ll_host */
 #undef HAVE_LL_HOST

-/* Define to 1 if you have the <locale.h> header file. */
-#undef HAVE_LOCALE_H
-
 /* Define to 1 if you have the `lutimes' function. */
 #undef HAVE_LUTIMES

-/* Define to 1 if you have the `memset_s' function. */
-#undef HAVE_MEMSET_S
+/* Define to 1 if you have the `memset_explicit' function. */
+#undef HAVE_MEMSET_EXPLICIT

 /* Define to 1 if you have the <minix/config.h> header file. */
 #undef HAVE_MINIX_CONFIG_H

-/* Define to 1 if you have the `mkdir' function. */
-#undef HAVE_MKDIR
-
-/* Define to 1 if you have the <netdb.h> header file. */
-#undef HAVE_NETDB_H
-
-/* Define to 1 if you have the <paths.h> header file. */
-#undef HAVE_PATHS_H
-
 /* Define to 1 if you have the `putgrent' function. */
 #undef HAVE_PUTGRENT

@@ -202,14 +148,11 @@
 /* Define to 1 if you have the `putspent' function. */
 #undef HAVE_PUTSPENT

-/* Define to 1 if you have the `rename' function. */
-#undef HAVE_RENAME
+/* Define to 1 if you have the <readpassphrase.h> header file. */
+#undef HAVE_READPASSPHRASE_H

-/* Define to 1 if you have the `rmdir' function. */
-#undef HAVE_RMDIR
-
-/* Define to 1 if you have the <rpc/key_prot.h> header file. */
-#undef HAVE_RPC_KEY_PROT_H
+/* Define to 1 if you have the `rpmatch' function. */
+#undef HAVE_RPMATCH

 /* Define to 1 if you have the <security/openpam.h> header file. */
 #undef HAVE_SECURITY_OPENPAM_H
@@ -223,9 +166,6 @@
 /* Define to 1 if you have the <semanage/semanage.h> header file. */
 #undef HAVE_SEMANAGE_SEMANAGE_H

-/* Define to 1 if you have the `setgroups' function. */
-#undef HAVE_SETGROUPS
-
 /* Define to 1 if you have the `sgetgrent' function. */
 #undef HAVE_SGETGRENT

@@ -235,17 +175,8 @@
 /* Define to 1 if you have the `sgetspent' function. */
 #undef HAVE_SGETSPENT

-/* Define to 1 if you have the <sgtty.h> header file. */
-#undef HAVE_SGTTY_H
-
-/* Have working shadow group support in libc */
-#undef HAVE_SHADOWGRP
-
-/* Define to 1 if you have the `snprintf' function. */
-#undef HAVE_SNPRINTF
-
-/* Define to 1 if stdbool.h conforms to C99. */
-#undef HAVE_STDBOOL_H
+/* Define if you have the shl_load function. */
+#undef HAVE_SHL_LOAD

 /* Define to 1 if you have the <stdint.h> header file. */
 #undef HAVE_STDINT_H
@@ -256,14 +187,11 @@
 /* Define to 1 if you have the <stdlib.h> header file. */
 #undef HAVE_STDLIB_H

-/* Define to 1 if you have the `strcasecmp' function. */
-#undef HAVE_STRCASECMP
+/* Define to 1 if you have the `stpecpy' function. */
+#undef HAVE_STPECPY

-/* Define to 1 if you have the `strdup' function. */
-#undef HAVE_STRDUP
-
-/* Define to 1 if you have the `strerror' function. */
-#undef HAVE_STRERROR
+/* Define to 1 if you have the `stpeprintf' function. */
+#undef HAVE_STPEPRINTF

 /* Define to 1 if you have the <strings.h> header file. */
 #undef HAVE_STRINGS_H
@@ -271,21 +199,6 @@
 /* Define to 1 if you have the <string.h> header file. */
 #undef HAVE_STRING_H

-/* Define to 1 if you have the `strstr' function. */
-#undef HAVE_STRSTR
-
-/* Define to 1 if `st_atim' is a member of `struct stat'. */
-#undef HAVE_STRUCT_STAT_ST_ATIM
-
-/* Define to 1 if `st_atimensec' is a member of `struct stat'. */
-#undef HAVE_STRUCT_STAT_ST_ATIMENSEC
-
-/* Define to 1 if `st_mtim' is a member of `struct stat'. */
-#undef HAVE_STRUCT_STAT_ST_MTIM
-
-/* Define to 1 if `st_mtimensec' is a member of `struct stat'. */
-#undef HAVE_STRUCT_STAT_ST_MTIMENSEC
-
 /* Define to 1 if `ut_addr' is a member of `struct utmpx'. */
 #undef HAVE_STRUCT_UTMPX_UT_ADDR

@@ -307,84 +220,21 @@
 /* Define to 1 if `ut_xtime' is a member of `struct utmpx'. */
 #undef HAVE_STRUCT_UTMPX_UT_XTIME

-/* Define to 1 if `ut_addr' is a member of `struct utmp'. */
-#undef HAVE_STRUCT_UTMP_UT_ADDR
-
-/* Define to 1 if `ut_addr_v6' is a member of `struct utmp'. */
-#undef HAVE_STRUCT_UTMP_UT_ADDR_V6
-
-/* Define to 1 if `ut_host' is a member of `struct utmp'. */
-#undef HAVE_STRUCT_UTMP_UT_HOST
-
-/* Define to 1 if `ut_id' is a member of `struct utmp'. */
-#undef HAVE_STRUCT_UTMP_UT_ID
-
-/* Define to 1 if `ut_name' is a member of `struct utmp'. */
-#undef HAVE_STRUCT_UTMP_UT_NAME
-
-/* Define to 1 if `ut_syslen' is a member of `struct utmp'. */
-#undef HAVE_STRUCT_UTMP_UT_SYSLEN
-
-/* Define to 1 if `ut_time' is a member of `struct utmp'. */
-#undef HAVE_STRUCT_UTMP_UT_TIME
-
-/* Define to 1 if `ut_tv' is a member of `struct utmp'. */
-#undef HAVE_STRUCT_UTMP_UT_TV
-
-/* Define to 1 if `ut_type' is a member of `struct utmp'. */
-#undef HAVE_STRUCT_UTMP_UT_TYPE
-
-/* Define to 1 if `ut_user' is a member of `struct utmp'. */
-#undef HAVE_STRUCT_UTMP_UT_USER
-
-/* Define to 1 if `ut_xtime' is a member of `struct utmp'. */
-#undef HAVE_STRUCT_UTMP_UT_XTIME
-
-/* Define to 1 if you have the <syslog.h> header file. */
-#undef HAVE_SYSLOG_H
-
-/* Define to 1 if you have the <sys/capability.h> header file. */
-#undef HAVE_SYS_CAPABILITY_H
-
-/* Define to 1 if you have the <sys/ioctl.h> header file. */
-#undef HAVE_SYS_IOCTL_H
-
-/* Define to 1 if you have the <sys/random.h> header file. */
-#undef HAVE_SYS_RANDOM_H
-
-/* Define to 1 if you have the <sys/resource.h> header file. */
-#undef HAVE_SYS_RESOURCE_H
-
 /* Define to 1 if you have the <sys/statfs.h> header file. */
 #undef HAVE_SYS_STATFS_H

 /* Define to 1 if you have the <sys/stat.h> header file. */
 #undef HAVE_SYS_STAT_H

-/* Define to 1 if you have the <sys/time.h> header file. */
-#undef HAVE_SYS_TIME_H
-
 /* Define to 1 if you have the <sys/types.h> header file. */
 #undef HAVE_SYS_TYPES_H

 /* Define to 1 if you have the <tcb.h> header file. */
 #undef HAVE_TCB_H

-/* Define to 1 if you have the <termios.h> header file. */
-#undef HAVE_TERMIOS_H
-
-/* Define to 1 if you have the <termio.h> header file. */
-#undef HAVE_TERMIO_H
-
-/* Define to 1 if you have the <ulimit.h> header file. */
-#undef HAVE_ULIMIT_H
-
 /* Define to 1 if you have the <unistd.h> header file. */
 #undef HAVE_UNISTD_H

-/* Define to 1 if you have the `updwtmp' function. */
-#undef HAVE_UPDWTMP
-
 /* Define to 1 if you have the `updwtmpx' function. */
 #undef HAVE_UPDWTMPX

@@ -394,21 +244,12 @@
 /* Define to 1 if `utime(file, NULL)' sets file's timestamp to the present. */
 #undef HAVE_UTIME_NULL

-/* Define to 1 if you have the <utmpx.h> header file. */
-#undef HAVE_UTMPX_H
-
-/* Define to 1 if you have the <utmp.h> header file. */
-#undef HAVE_UTMP_H
+/* Define to support vendor settings. */
+#undef HAVE_VENDORDIR

 /* Define to 1 if you have the <wchar.h> header file. */
 #undef HAVE_WCHAR_H

-/* Define to 1 if the system has the type `_Bool'. */
-#undef HAVE__BOOL
-
-/* Path for lastlog file. */
-#undef LASTLOG_FILE
-
 /* Define to the sub-directory where libtool stores uninstalled libraries. */
 #undef LT_OBJDIR

@@ -442,12 +283,6 @@
 /* Path to passwd program. */
 #undef PASSWD_PROGRAM

-/* Define if login should support the -r flag for rlogind. */
-#undef RLOGIN
-
-/* Define to the ruserok() "success" return value (0 or 1). */
-#undef RUSEROK
-
 /* Define to support the shadow group file. */
 #undef SHADOWGRP

@@ -477,9 +312,6 @@
 /* Define to support /etc/suauth su access control. */
 #undef SU_ACCESS

-/* Define to 1 if your <sys/time.h> declares `struct tm'. */
-#undef TM_IN_SYS_TIME
-
 /* Define to allow the bcrypt password encryption algorithm */
 #undef USE_BCRYPT

@@ -495,9 +327,6 @@
 /* Define to support flushing of sssd caches */
 #undef USE_SSSD

-/* Define to use syslog(). */
-#undef USE_SYSLOG
-
 /* Enable extensions on AIX 3, Interix.  */
 #ifndef _ALL_SOURCE
 # undef _ALL_SOURCE
@@ -586,12 +415,12 @@
 #endif


-/* Define if utmpx should be used */
-#undef USE_UTMPX
-
 /* Define to allow the yescrypt password encryption algorithm */
 #undef USE_YESCRYPT

+/* Directory for distribution provided configuration files */
+#undef VENDORDIR
+
 /* Version number of package */
 #undef VERSION

@@ -607,6 +436,9 @@
 /* Build shadow with BtrFS support */
 #undef WITH_BTRFS

+/* Build shadow without libbsd support */
+#undef WITH_LIBBSD
+
 /* Build shadow with SELinux support */
 #undef WITH_SELINUX

@@ -621,15 +453,3 @@

 /* Define for large files, on AIX-style hosts. */
 #undef _LARGE_FILES
-
-/* Path for utmp file. */
-#undef _UTMP_FILE
-
-/* Path for wtmp file. */
-#undef _WTMP_FILE
-
-/* Define to `int' if <sys/types.h> doesn't define. */
-#undef gid_t
-
-/* Define to `int' if <sys/types.h> doesn't define. */
-#undef uid_t
@@ -1,6 +0,0 @@
-# This is a dummy Makefile.am to get automake work flawlessly,
-# and also cooperate to make a distribution for `make dist'
-
-EXTRA_DIST = README adduser.c adduser-old.c adduser.sh adduser2.sh \
- atudel groupmems.shar pwdauth.c shadow-anonftp.patch \
- udbachk.tgz
@@ -1,496 +0,0 @@
-# Makefile.in generated by automake 1.16.5 from Makefile.am.
-# @configure_input@
-
-# Copyright (C) 1994-2021 Free Software Foundation, Inc.
-
-# This Makefile.in is free software; the Free Software Foundation
-# gives unlimited permission to copy and/or distribute it,
-# with or without modifications, as long as this notice is preserved.
-
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY, to the extent permitted by law; without
-# even the implied warranty of MERCHANTABILITY or FITNESS FOR A
-# PARTICULAR PURPOSE.
-
-@SET_MAKE@
-
-# This is a dummy Makefile.am to get automake work flawlessly,
-# and also cooperate to make a distribution for `make dist'
-VPATH = @srcdir@
-am__is_gnu_make = { \
-  if test -z '$(MAKELEVEL)'; then \
-    false; \
-  elif test -n '$(MAKE_HOST)'; then \
-    true; \
-  elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \
-    true; \
-  else \
-    false; \
-  fi; \
-}
-am__make_running_with_option = \
-  case $${target_option-} in \
-      ?) ;; \
-      *) echo "am__make_running_with_option: internal error: invalid" \
-              "target option '$${target_option-}' specified" >&2; \
-         exit 1;; \
-  esac; \
-  has_opt=no; \
-  sane_makeflags=$$MAKEFLAGS; \
-  if $(am__is_gnu_make); then \
-    sane_makeflags=$$MFLAGS; \
-  else \
-    case $$MAKEFLAGS in \
-      *\\[\ \	]*) \
-        bs=\\; \
-        sane_makeflags=`printf '%s\n' "$$MAKEFLAGS" \
-          | sed "s/$$bs$$bs[$$bs $$bs	]*//g"`;; \
-    esac; \
-  fi; \
-  skip_next=no; \
-  strip_trailopt () \
-  { \
-    flg=`printf '%s\n' "$$flg" | sed "s/$$1.*$$//"`; \
-  }; \
-  for flg in $$sane_makeflags; do \
-    test $$skip_next = yes && { skip_next=no; continue; }; \
-    case $$flg in \
-      *=*|--*) continue;; \
-        -*I) strip_trailopt 'I'; skip_next=yes;; \
-      -*I?*) strip_trailopt 'I';; \
-        -*O) strip_trailopt 'O'; skip_next=yes;; \
-      -*O?*) strip_trailopt 'O';; \
-        -*l) strip_trailopt 'l'; skip_next=yes;; \
-      -*l?*) strip_trailopt 'l';; \
-      -[dEDm]) skip_next=yes;; \
-      -[JT]) skip_next=yes;; \
-    esac; \
-    case $$flg in \
-      *$$target_option*) has_opt=yes; break;; \
-    esac; \
-  done; \
-  test $$has_opt = yes
-am__make_dryrun = (target_option=n; $(am__make_running_with_option))
-am__make_keepgoing = (target_option=k; $(am__make_running_with_option))
-pkgdatadir = $(datadir)/@PACKAGE@
-pkgincludedir = $(includedir)/@PACKAGE@
-pkglibdir = $(libdir)/@PACKAGE@
-pkglibexecdir = $(libexecdir)/@PACKAGE@
-am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd
-install_sh_DATA = $(install_sh) -c -m 644
-install_sh_PROGRAM = $(install_sh) -c
-install_sh_SCRIPT = $(install_sh) -c
-INSTALL_HEADER = $(INSTALL_DATA)
-transform = $(program_transform_name)
-NORMAL_INSTALL = :
-PRE_INSTALL = :
-POST_INSTALL = :
-NORMAL_UNINSTALL = :
-PRE_UNINSTALL = :
-POST_UNINSTALL = :
-build_triplet = @build@
-host_triplet = @host@
-subdir = contrib
-ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
-am__aclocal_m4_deps = $(top_srcdir)/m4/gettext.m4 \
-	$(top_srcdir)/m4/iconv.m4 $(top_srcdir)/m4/intlmacosx.m4 \
-	$(top_srcdir)/m4/lib-ld.m4 $(top_srcdir)/m4/lib-link.m4 \
-	$(top_srcdir)/m4/lib-prefix.m4 $(top_srcdir)/m4/libtool.m4 \
-	$(top_srcdir)/m4/ltoptions.m4 $(top_srcdir)/m4/ltsugar.m4 \
-	$(top_srcdir)/m4/ltversion.m4 $(top_srcdir)/m4/lt~obsolete.m4 \
-	$(top_srcdir)/m4/nls.m4 $(top_srcdir)/m4/po.m4 \
-	$(top_srcdir)/m4/progtest.m4 $(top_srcdir)/acinclude.m4 \
-	$(top_srcdir)/configure.ac
-am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
-	$(ACLOCAL_M4)
-DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON)
-mkinstalldirs = $(install_sh) -d
-CONFIG_HEADER = $(top_builddir)/config.h
-CONFIG_CLEAN_FILES =
-CONFIG_CLEAN_VPATH_FILES =
-AM_V_P = $(am__v_P_@AM_V@)
-am__v_P_ = $(am__v_P_@AM_DEFAULT_V@)
-am__v_P_0 = false
-am__v_P_1 = :
-AM_V_GEN = $(am__v_GEN_@AM_V@)
-am__v_GEN_ = $(am__v_GEN_@AM_DEFAULT_V@)
-am__v_GEN_0 = @echo "  GEN     " $@;
-am__v_GEN_1 = 
-AM_V_at = $(am__v_at_@AM_V@)
-am__v_at_ = $(am__v_at_@AM_DEFAULT_V@)
-am__v_at_0 = @
-am__v_at_1 = 
-SOURCES =
-DIST_SOURCES =
-am__can_run_installinfo = \
-  case $$AM_UPDATE_INFO_DIR in \
-    n|no|NO) false;; \
-    *) (install-info --version) >/dev/null 2>&1;; \
-  esac
-am__tagged_files = $(HEADERS) $(SOURCES) $(TAGS_FILES) $(LISP)
-am__DIST_COMMON = $(srcdir)/Makefile.in README
-DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
-ACLOCAL = @ACLOCAL@
-AMTAR = @AMTAR@
-AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@
-AR = @AR@
-AUTOCONF = @AUTOCONF@
-AUTOHEADER = @AUTOHEADER@
-AUTOMAKE = @AUTOMAKE@
-AWK = @AWK@
-CC = @CC@
-CCDEPMODE = @CCDEPMODE@
-CFLAGS = @CFLAGS@
-CPP = @CPP@
-CPPFLAGS = @CPPFLAGS@
-CSCOPE = @CSCOPE@
-CTAGS = @CTAGS@
-CYGPATH_W = @CYGPATH_W@
-DEFS = @DEFS@
-DEPDIR = @DEPDIR@
-DLLTOOL = @DLLTOOL@
-DSYMUTIL = @DSYMUTIL@
-DUMPBIN = @DUMPBIN@
-ECHO_C = @ECHO_C@
-ECHO_N = @ECHO_N@
-ECHO_T = @ECHO_T@
-ECONF_CPPFLAGS = @ECONF_CPPFLAGS@
-EGREP = @EGREP@
-ETAGS = @ETAGS@
-EXEEXT = @EXEEXT@
-FGREP = @FGREP@
-GETTEXT_MACRO_VERSION = @GETTEXT_MACRO_VERSION@
-GMSGFMT = @GMSGFMT@
-GMSGFMT_015 = @GMSGFMT_015@
-GREP = @GREP@
-GROUP_NAME_MAX_LENGTH = @GROUP_NAME_MAX_LENGTH@
-INSTALL = @INSTALL@
-INSTALL_DATA = @INSTALL_DATA@
-INSTALL_PROGRAM = @INSTALL_PROGRAM@
-INSTALL_SCRIPT = @INSTALL_SCRIPT@
-INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@
-INTLLIBS = @INTLLIBS@
-INTL_MACOSX_LIBS = @INTL_MACOSX_LIBS@
-LD = @LD@
-LDFLAGS = @LDFLAGS@
-LIBACL = @LIBACL@
-LIBATTR = @LIBATTR@
-LIBAUDIT = @LIBAUDIT@
-LIBCRACK = @LIBCRACK@
-LIBCRYPT = @LIBCRYPT@
-LIBECONF = @LIBECONF@
-LIBICONV = @LIBICONV@
-LIBINTL = @LIBINTL@
-LIBMD = @LIBMD@
-LIBOBJS = @LIBOBJS@
-LIBPAM = @LIBPAM@
-LIBS = @LIBS@
-LIBSELINUX = @LIBSELINUX@
-LIBSEMANAGE = @LIBSEMANAGE@
-LIBSKEY = @LIBSKEY@
-LIBSUBID_ABI = @LIBSUBID_ABI@
-LIBSUBID_ABI_MAJOR = @LIBSUBID_ABI_MAJOR@
-LIBSUBID_ABI_MICRO = @LIBSUBID_ABI_MICRO@
-LIBSUBID_ABI_MINOR = @LIBSUBID_ABI_MINOR@
-LIBTCB = @LIBTCB@
-LIBTOOL = @LIBTOOL@
-LIPO = @LIPO@
-LIYESCRYPT = @LIYESCRYPT@
-LN_S = @LN_S@
-LTLIBICONV = @LTLIBICONV@
-LTLIBINTL = @LTLIBINTL@
-LTLIBOBJS = @LTLIBOBJS@
-LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@
-MAINT = @MAINT@
-MAKEINFO = @MAKEINFO@
-MANIFEST_TOOL = @MANIFEST_TOOL@
-MKDIR_P = @MKDIR_P@
-MSGFMT = @MSGFMT@
-MSGFMT_015 = @MSGFMT_015@
-MSGMERGE = @MSGMERGE@
-NM = @NM@
-NMEDIT = @NMEDIT@
-OBJDUMP = @OBJDUMP@
-OBJEXT = @OBJEXT@
-OTOOL = @OTOOL@
-OTOOL64 = @OTOOL64@
-PACKAGE = @PACKAGE@
-PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@
-PACKAGE_NAME = @PACKAGE_NAME@
-PACKAGE_STRING = @PACKAGE_STRING@
-PACKAGE_TARNAME = @PACKAGE_TARNAME@
-PACKAGE_URL = @PACKAGE_URL@
-PACKAGE_VERSION = @PACKAGE_VERSION@
-PATH_SEPARATOR = @PATH_SEPARATOR@
-POSUB = @POSUB@
-RANLIB = @RANLIB@
-SED = @SED@
-SET_MAKE = @SET_MAKE@
-SHELL = @SHELL@
-STRIP = @STRIP@
-USE_NLS = @USE_NLS@
-VENDORDIR = @VENDORDIR@
-VERSION = @VERSION@
-XGETTEXT = @XGETTEXT@
-XGETTEXT_015 = @XGETTEXT_015@
-XGETTEXT_EXTRA_OPTIONS = @XGETTEXT_EXTRA_OPTIONS@
-XMLCATALOG = @XMLCATALOG@
-XML_CATALOG_FILE = @XML_CATALOG_FILE@
-XSLTPROC = @XSLTPROC@
-YACC = @YACC@
-YFLAGS = @YFLAGS@
-abs_builddir = @abs_builddir@
-abs_srcdir = @abs_srcdir@
-abs_top_builddir = @abs_top_builddir@
-abs_top_srcdir = @abs_top_srcdir@
-ac_ct_AR = @ac_ct_AR@
-ac_ct_CC = @ac_ct_CC@
-ac_ct_DUMPBIN = @ac_ct_DUMPBIN@
-am__include = @am__include@
-am__leading_dot = @am__leading_dot@
-am__quote = @am__quote@
-am__tar = @am__tar@
-am__untar = @am__untar@
-bindir = @bindir@
-build = @build@
-build_alias = @build_alias@
-build_cpu = @build_cpu@
-build_os = @build_os@
-build_vendor = @build_vendor@
-builddir = @builddir@
-capcmd = @capcmd@
-datadir = @datadir@
-datarootdir = @datarootdir@
-docdir = @docdir@
-dvidir = @dvidir@
-exec_prefix = @exec_prefix@
-host = @host@
-host_alias = @host_alias@
-host_cpu = @host_cpu@
-host_os = @host_os@
-host_vendor = @host_vendor@
-htmldir = @htmldir@
-includedir = @includedir@
-infodir = @infodir@
-install_sh = @install_sh@
-libdir = @libdir@
-libexecdir = @libexecdir@
-localedir = @localedir@
-localstatedir = @localstatedir@
-mandir = @mandir@
-mkdir_p = @mkdir_p@
-oldincludedir = @oldincludedir@
-pdfdir = @pdfdir@
-prefix = @prefix@
-program_transform_name = @program_transform_name@
-psdir = @psdir@
-runstatedir = @runstatedir@
-sbindir = @sbindir@
-sharedstatedir = @sharedstatedir@
-srcdir = @srcdir@
-sysconfdir = @sysconfdir@
-target_alias = @target_alias@
-top_build_prefix = @top_build_prefix@
-top_builddir = @top_builddir@
-top_srcdir = @top_srcdir@
-EXTRA_DIST = README adduser.c adduser-old.c adduser.sh adduser2.sh \
- atudel groupmems.shar pwdauth.c shadow-anonftp.patch \
- udbachk.tgz
-
-all: all-am
-
-.SUFFIXES:
-$(srcdir)/Makefile.in: @MAINTAINER_MODE_TRUE@ $(srcdir)/Makefile.am  $(am__configure_deps)
-	@for dep in $?; do \
-	  case '$(am__configure_deps)' in \
-	    *$$dep*) \
-	      ( cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh ) \
-	        && { if test -f $@; then exit 0; else break; fi; }; \
-	      exit 1;; \
-	  esac; \
-	done; \
-	echo ' cd $(top_srcdir) && $(AUTOMAKE) --foreign contrib/Makefile'; \
-	$(am__cd) $(top_srcdir) && \
-	  $(AUTOMAKE) --foreign contrib/Makefile
-Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
-	@case '$?' in \
-	  *config.status*) \
-	    cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \
-	  *) \
-	    echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__maybe_remake_depfiles)'; \
-	    cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__maybe_remake_depfiles);; \
-	esac;
-
-$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES)
-	cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
-
-$(top_srcdir)/configure: @MAINTAINER_MODE_TRUE@ $(am__configure_deps)
-	cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
-$(ACLOCAL_M4): @MAINTAINER_MODE_TRUE@ $(am__aclocal_m4_deps)
-	cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
-$(am__aclocal_m4_deps):
-
-mostlyclean-libtool:
-	-rm -f *.lo
-
-clean-libtool:
-	-rm -rf .libs _libs
-tags TAGS:
-
-ctags CTAGS:
-
-cscope cscopelist:
-
-distdir: $(BUILT_SOURCES)
-	$(MAKE) $(AM_MAKEFLAGS) distdir-am
-
-distdir-am: $(DISTFILES)
-	@srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
-	topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
-	list='$(DISTFILES)'; \
-	  dist_files=`for file in $$list; do echo $$file; done | \
-	  sed -e "s|^$$srcdirstrip/||;t" \
-	      -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \
-	case $$dist_files in \
-	  */*) $(MKDIR_P) `echo "$$dist_files" | \
-			   sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \
-			   sort -u` ;; \
-	esac; \
-	for file in $$dist_files; do \
-	  if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \
-	  if test -d $$d/$$file; then \
-	    dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \
-	    if test -d "$(distdir)/$$file"; then \
-	      find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \
-	    fi; \
-	    if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \
-	      cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \
-	      find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \
-	    fi; \
-	    cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \
-	  else \
-	    test -f "$(distdir)/$$file" \
-	    || cp -p $$d/$$file "$(distdir)/$$file" \
-	    || exit 1; \
-	  fi; \
-	done
-check-am: all-am
-check: check-am
-all-am: Makefile
-installdirs:
-install: install-am
-install-exec: install-exec-am
-install-data: install-data-am
-uninstall: uninstall-am
-
-install-am: all-am
-	@$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am
-
-installcheck: installcheck-am
-install-strip:
-	if test -z '$(STRIP)'; then \
-	  $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
-	    install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
-	      install; \
-	else \
-	  $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
-	    install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
-	    "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'" install; \
-	fi
-mostlyclean-generic:
-
-clean-generic:
-
-distclean-generic:
-	-test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES)
-	-test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES)
-
-maintainer-clean-generic:
-	@echo "This command is intended for maintainers to use"
-	@echo "it deletes files that may require special tools to rebuild."
-clean: clean-am
-
-clean-am: clean-generic clean-libtool mostlyclean-am
-
-distclean: distclean-am
-	-rm -f Makefile
-distclean-am: clean-am distclean-generic
-
-dvi: dvi-am
-
-dvi-am:
-
-html: html-am
-
-html-am:
-
-info: info-am
-
-info-am:
-
-install-data-am:
-
-install-dvi: install-dvi-am
-
-install-dvi-am:
-
-install-exec-am:
-
-install-html: install-html-am
-
-install-html-am:
-
-install-info: install-info-am
-
-install-info-am:
-
-install-man:
-
-install-pdf: install-pdf-am
-
-install-pdf-am:
-
-install-ps: install-ps-am
-
-install-ps-am:
-
-installcheck-am:
-
-maintainer-clean: maintainer-clean-am
-	-rm -f Makefile
-maintainer-clean-am: distclean-am maintainer-clean-generic
-
-mostlyclean: mostlyclean-am
-
-mostlyclean-am: mostlyclean-generic mostlyclean-libtool
-
-pdf: pdf-am
-
-pdf-am:
-
-ps: ps-am
-
-ps-am:
-
-uninstall-am:
-
-.MAKE: install-am install-strip
-
-.PHONY: all all-am check check-am clean clean-generic clean-libtool \
-	cscopelist-am ctags-am distclean distclean-generic \
-	distclean-libtool distdir dvi dvi-am html html-am info info-am \
-	install install-am install-data install-data-am install-dvi \
-	install-dvi-am install-exec install-exec-am install-html \
-	install-html-am install-info install-info-am install-man \
-	install-pdf install-pdf-am install-ps install-ps-am \
-	install-strip installcheck installcheck-am installdirs \
-	maintainer-clean maintainer-clean-generic mostlyclean \
-	mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \
-	tags-am uninstall uninstall-am
-
-.PRECIOUS: Makefile
-
-
-# Tell versions [3.59,3.63) of GNU make to not export all variables.
-# Otherwise a system limit (for SysV at least) may be exceeded.
-.NOEXPORT:
@@ -1,10 +0,0 @@
-People keep sending various adduser programs and scripts...  They are
-all in this directory.  I haven't tested them, use at your own risk.
-Anyway, the best one I've seen so far is adduser-3.x from Debian.
-
-atudel is a perl script to remove at jobs owned by the specified user
-(atrm in at-2.9 for Linux can't do that).
-
-udbachk.tgz is a passwd/group/shadow file integrity checker.
-
--marekm
@@ -1,300 +0,0 @@
-/****
-** 03/17/96
-** hacked a bit more, removed unused code, cleaned up for gcc -Wall.
-** --marekm
-**
-** 02/26/96
-** modified to call shadow utils (useradd,chage,passwd) on shadowed
-** systems - Cristian Gafton, gafton@sorosis.ro
-**
-** 6/27/95
-** shadow-adduser 1.4:
-**
-** now it copies the /etc/skel dir into the person's dir,
-** makes the mail folders, changed some defaults and made a 'make
-** install' just for the hell of it.
-**
-** Greg Gallagher
-** CIN.Net
-**
-** 1/28/95
-** shadow-adduser 1.3:
-**
-** Basically a bug-fix on my additions in 1.2.  Thanks to Terry Stewart
-** (stew@texas.net) for pointing out one of the many idiotic bugs I introduced.
-** It was such a stupid bug that I would have never seen it myself.
-**
-**                                Brandon
-*****
-** 01/27/95
-**
-** shadow-adduser 1.2:
-** I took the C source from adduser-shadow (credits are below) and made
-** it a little more worthwhile.  Many small changes... Here's
-** the ones I can remember:
-**
-** Removed support for non-shadowed systems (if you don't have shadow,
-**     use the original adduser, don't get this shadow version!)
-** Added support for the correct /etc/shadow fields (Min days before
-**     password change, max days before password change, Warning days,
-**     and how many days from expiry date does the account go invalid)
-**     The previous version just left all of those fields blank.
-**     There is still one field left (expiry date for the account, period)
-**     which I have left blank because I do not use it and didn't want to
-**     spend any more time on this.  I'm sure someone will put it in and
-**     tack another plethora of credits on here. :)
-** Added in the password date field, which should always reflect the last
-**     date the password was changed, for expiry purposes.  "passwd" always
-**     updates this field, so the adduser program should set it up right
-**     initially (or a user could keep thier initial password forever ;)
-**     The number is in days since Jan 1st, 1970.
-**
-**                       Have fun with it, and someone please make
-**                       a real version(this is still just a hack)
-**                       for us all to use (and Email it to me???)
-**
-**                               Brandon
-**                                  photon@usis.com
-**
-*****
-** adduser 1.0: add a new user account (For systems not using shadow)
-** With a nice little interface and a will to do all the work for you.
-**
-** Craig Hagan
-** hagan@opine.cs.umass.edu
-**
-** Modified to really work, look clean, and find unused uid by Chris Cappuccio
-** chris@slinky.cs.umass.edu
-**
-*****
-**
-** 01/19/95
-**
-** FURTHER modifications to enable shadow passwd support (kludged, but
-** no more so than the original)  by Dan Crowson - dcrowson@mo.net
-**
-** Search on DAN for all changes...
-**
-*****
-**
-** cc -O -o adduser adduser.c
-** Use gcc if you have it... (political reasons beyond my control) (chris)
-**
-** I've gotten this program to work with success under Linux (without
-** shadow) and SunOS 4.1.3. I would assume it should work pretty well
-** on any system that uses no shadow. (chris)
-**
-** If you have no crypt() then try
-** cc -DNO_CRYPT -O -o adduser adduser.c xfdes.c
-** I'm not sure how login operates with no crypt()... I guess
-** the same way we're doing it here.
-*/
-
-#include <pwd.h>
-#include <grp.h>
-#include <ctype.h>
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include <unistd.h>
-#include <time.h>
-#include <sys/types.h>
-#include <sys/timeb.h>
-#include <sys/time.h>
-#include <sys/stat.h>
-
-#define DEFAULT_SHELL	"/bin/bash"  /* because BASH is your friend */
-#define DEFAULT_HOME	"/home"
-#define USERADD_PATH	"/usr/sbin/useradd"
-#define CHAGE_PATH	"/usr/sbin/chage"
-#define PASSWD_PATH	"/usr/bin/passwd"
-#define DEFAULT_GROUP	100
-
-#define DEFAULT_MAX_PASS 60
-#define DEFAULT_WARN_PASS 10
-/* if you use this feature, you will get a lot of complaints from users
-   who rarely use their accounts :)  (something like 3 months would be
-   more reasonable)  --marekm */
-#define DEFAULT_USER_DIE /* 10 */ 0
-
-void main()
-{
-	char foo[32];
-	char uname[9],person[32],dir[32],shell[32];
-	unsigned int group,min_pass,max_pass,warn_pass,user_die;
-	/* the group and uid of the new user */
-	int bad=0,done=0,correct=0,gets_warning=0;
-	char cmd[255];
-	struct group *grp;
-
-	/* flags, in order:
-	* bad to see if the username is in /etc/passwd, or if strange stuff has
-	* been typed if the user might be put in group 0
-	* done allows the program to exit when a user has been added
-	* correct loops until a password is found that isn't in /etc/passwd
-	* gets_warning allows the fflush to be skipped for the first gets
-	* so that output is still legible
-	*/
-
-	/* The real program starts HERE! */
-
-	if(geteuid()!=0)
-	{
-		printf("It seems you don't have access to add a new user.  Try\n");
-		printf("logging in as root or su root to gain super-user access.\n");
-		exit(1);
-	}
-
-	/* Sanity checks
-	*/
-
-	if (!(grp=getgrgid(DEFAULT_GROUP))){
-		printf("Error: the default group %d does not exist on this system!\n",
-				DEFAULT_GROUP);
-		printf("adduser must be recompiled.\n");
-		exit(1);
-	};
-
-	while(!correct) {		/* loop until a "good" uname is chosen */
-		while(!done) {
-			printf("\nLogin to add (^C to quit): ");
-			if(gets_warning)	/* if the warning was already shown */
-				fflush(stdout);	/* fflush stdout, otherwise set the flag */
-			else
-				gets_warning=1;
-
-			gets(uname);
-			if(!strlen(uname)) {
-				printf("Empty input.\n");
-				done=0;
-				continue;
-			};
-
-			/* what I saw here before made me think maybe I was running DOS */
-			/* might this be a solution? (chris) */
-			if (getpwnam(uname) != NULL) {
-				printf("That name is in use, choose another.\n");
-				done=0;
-			} else
-				done=1;
-		}; /* done, we have a valid new user name */
-
-		/* all set, get the rest of the stuff */
-		printf("\nEditing information for new user [%s]\n",uname);
-
-		printf("\nFull Name [%s]: ",uname);
-		gets(person);
-		if (!strlen(person)) {
-			bzero(person,sizeof(person));
-			strcpy(person,uname);
-		};
-
-		do {
-			bad=0;
-			printf("GID [%d]: ",DEFAULT_GROUP);
-			gets(foo);
-			if (!strlen(foo))
-				group=DEFAULT_GROUP;
-			else
-				if (isdigit (*foo)) {
-					group = atoi(foo);
-					if (! (grp = getgrgid (group))) {
-						printf("unknown gid %s\n",foo);
-						group=DEFAULT_GROUP;
-						bad=1;
-					};
-			} else
-				if ((grp = getgrnam (foo)))
-					group = grp->gr_gid;
-				else {
-					printf("unknown group %s\n",foo);
-					group=DEFAULT_GROUP;
-					bad=1;
-				}
-			if (group==0){	/* You're not allowed to make root group users! */
-				printf("Creation of root group users not allowed (must be done by hand)\n");
-				group=DEFAULT_GROUP;
-				bad=1;
-			};
-		} while(bad);
-
-
-		fflush(stdin);
-
-		printf("\nIf home dir ends with a / then [%s] will be appended to it\n",uname);
-		printf("Home Directory [%s/%s]: ",DEFAULT_HOME,uname);
-		fflush(stdout);
-		gets(dir);
-		if (!strlen(dir)) { /* hit return */
-			sprintf(dir,"%s/%s",DEFAULT_HOME,uname);
-			fflush(stdin);
-		} else
-			if (dir[strlen(dir)-1]=='/')
-				sprintf(dir+strlen(dir),"%s",uname);
-
-		printf("\nShell [%s]: ",DEFAULT_SHELL);
-		fflush(stdout);
-		gets(shell);
-		if (!strlen(shell))
-			sprintf(shell,"%s",DEFAULT_SHELL);
-
-		printf("\nMin. Password Change Days [0]: ");
-		gets(foo);
-		min_pass=atoi(foo);
-
-		printf("Max. Password Change Days [%d]: ",DEFAULT_MAX_PASS);
-		gets(foo);
-		if (strlen(foo) > 1)
-			max_pass = atoi(foo);
-		else
-			max_pass = DEFAULT_MAX_PASS;
-
-		printf("Password Warning Days [%d]: ",DEFAULT_WARN_PASS);
-		gets(foo);
-		warn_pass = atoi(foo);
-		if (warn_pass==0)
-			warn_pass = DEFAULT_WARN_PASS;
-
-		printf("Days after Password Expiry for Account Locking [%d]: ",DEFAULT_USER_DIE);
-		gets(foo);
-		user_die = atoi(foo);
-		if (user_die == 0)
-			user_die = DEFAULT_USER_DIE;
-
-		printf("\nInformation for new user [%s] [%s]:\n",uname,person);
-		printf("Home directory: [%s] Shell: [%s]\n",dir,shell);
-		printf("GID: [%d]\n",group);
-		printf("MinPass: [%d] MaxPass: [%d] WarnPass: [%d] UserExpire: [%d]\n",
-				min_pass,max_pass,warn_pass,user_die);
-		printf("\nIs this correct? [y/N]: ");
-		fflush(stdout);
-		gets(foo);
-
-		done=bad=correct=(foo[0]=='y'||foo[0]=='Y');
-
-		if(bad!=1)
-			printf("\nUser [%s] not added\n",uname);
-    }
-
-	bzero(cmd,sizeof(cmd));
-	sprintf(cmd,"%s -g %d -d %s -s %s -c \"%s\" -m -k /etc/skel %s",
-			USERADD_PATH,group,dir,shell,person,uname);
-	printf("Calling useradd to add new user:\n%s\n",cmd);
-	if(system(cmd)){
-		printf("User add failed!\n");
-		exit(errno);
-	};
-	bzero(cmd,sizeof(cmd));
-	sprintf(cmd,"%s -m %d -M %d -W %d -I %d %s", CHAGE_PATH,
-			min_pass,max_pass,warn_pass,user_die,uname);
-	printf("%s\n",cmd);
-	if(system(cmd)){
-		printf("There was an error setting password expire values\n");
-		exit(errno);
-	};
-	bzero(cmd,sizeof(cmd));
-	sprintf(cmd,"%s %s",PASSWD_PATH,uname);
-	system(cmd);
-	printf("\nDone.\n");
-}
-
@@ -1,502 +0,0 @@
-/****
-** 04/21/96
-** hacked even more, replaced gets() with something slightly harder to buffer
-** overflow. Added support for setting a default quota on new account, with
-** edquota -p. Other cleanups for security, I let some users run adduser suid
-** root to add new accounts. (overflow checks, clobber environment, valid 
-** shell checks, restrictions on gid + home dir settings).
-
-** Added max. username length. Used syslog() a bit for important events. 
-** Support to immediately expire account with passwd -e.
-
-** Called it version 2.0! Because I felt like it!
-
-** -- Chris, chris@ferret.lmh.ox.ac.uk
-
-** 03/17/96
-** hacked a bit more, removed unused code, cleaned up for gcc -Wall.
-** --marekm
-**
-** 02/26/96
-** modified to call shadow utils (useradd,chage,passwd) on shadowed 
-** systems - Cristian Gafton, gafton@sorosis.ro
-**
-** 6/27/95
-** shadow-adduser 1.4:
-**
-** now it copies the /etc/skel dir into the person's dir, 
-** makes the mail folders, changed some defaults and made a 'make 
-** install' just for the hell of it.
-**
-** Greg Gallagher
-** CIN.Net
-**
-** 1/28/95
-** shadow-adduser 1.3:
-** 
-** Basically a bug-fix on my additions in 1.2.  Thanks to Terry Stewart 
-** (stew@texas.net) for pointing out one of the many idiotic bugs I introduced.
-** It was such a stupid bug that I would have never seen it myself.
-**
-**                                Brandon
-*****
-** 01/27/95
-** 
-** shadow-adduser 1.2:
-** I took the C source from adduser-shadow (credits are below) and made
-** it a little more worthwhile.  Many small changes... Here's
-** the ones I can remember:
-** 
-** Removed support for non-shadowed systems (if you don't have shadow,
-**     use the original adduser, don't get this shadow version!)
-** Added support for the correct /etc/shadow fields (Min days before
-**     password change, max days before password change, Warning days,
-**     and how many days from expiry date does the account go invalid)
-**     The previous version just left all of those fields blank.
-**     There is still one field left (expiry date for the account, period)
-**     which I have left blank because I do not use it and didn't want to
-**     spend any more time on this.  I'm sure someone will put it in and
-**     tack another plethora of credits on here. :)
-** Added in the password date field, which should always reflect the last
-**     date the password was changed, for expiry purposes.  "passwd" always
-**     updates this field, so the adduser program should set it up right
-**     initially (or a user could keep thier initial password forever ;)
-**     The number is in days since Jan 1st, 1970.
-**
-**                       Have fun with it, and someone please make
-**                       a real version(this is still just a hack)
-**                       for us all to use (and Email it to me???)
-**
-**                               Brandon
-**                                  photon@usis.com
-**
-***** 
-** adduser 1.0: add a new user account (For systems not using shadow)
-** With a nice little interface and a will to do all the work for you.
-**
-** Craig Hagan
-** hagan@opine.cs.umass.edu
-**
-** Modified to really work, look clean, and find unused uid by Chris Cappuccio
-** chris@slinky.cs.umass.edu
-**
-*****
-**
-** 01/19/95
-**
-** FURTHER modifications to enable shadow passwd support (kludged, but
-** no more so than the original)  by Dan Crowson - dcrowson@mo.net
-**
-** Search on DAN for all changes...
-**
-*****
-**
-** cc -O -o adduser adduser.c
-** Use gcc if you have it... (political reasons beyond my control) (chris)
-**
-** I've gotten this program to work with success under Linux (without
-** shadow) and SunOS 4.1.3. I would assume it should work pretty well
-** on any system that uses no shadow. (chris)
-**
-** If you have no crypt() then try
-** cc -DNO_CRYPT -O -o adduser adduser.c xfdes.c
-** I'm not sure how login operates with no crypt()... I guess
-** the same way we're doing it here.
-*/
-
-#include <unistd.h>
-#include <stdlib.h>
-#include <pwd.h>
-#include <grp.h>
-#include <ctype.h>
-#include <stdio.h>
-#include <string.h>
-#include <time.h>
-#include <sys/types.h>
-#include <sys/timeb.h>
-#include <sys/time.h>
-#include <sys/stat.h>
-#include <syslog.h>
-
-#define IMMEDIATE_CHANGE	/* Expire newly created password, must be changed
-				 * immediately upon next login */
-#define HAVE_QUOTAS		/* Obvious */
-#define EXPIRE_VALS_SET		/* If defined, 'normal' users can't change 
-				 * password expiry values (if running suid root) */
-
-#define HAVE_GETUSERSHELL	/* FIXME: Isn't this defined in config.h too? */
-#define LOGGING			/* If we want to log various things to syslog */
-#define MAX_USRNAME  8		/* Longer usernames seem to work on my system....
-				 * But they're probably a poor idea */
-
-
-#define DEFAULT_SHELL	"/bin/bash"	/* because BASH is your friend */
-#define DEFAULT_HOME	"/home"
-#define USERADD_PATH	"/usr/sbin/useradd"
-#define CHAGE_PATH	"/usr/bin/chage"
-#define PASSWD_PATH	"/usr/bin/passwd"
-#define EDQUOTA_PATH	"/usr/sbin/edquota"
-#define QUOTA_DEFAULT	"defuser"
-#define DEFAULT_GROUP	100
-
-#define DEFAULT_MIN_PASS 0
-#define DEFAULT_MAX_PASS 100
-#define DEFAULT_WARN_PASS 14
-#define DEFAULT_USER_DIE 366
-
-void safeget (char *, int);
-
-void 
-main (void)
-{
-  char foo[32];
-  char usrname[32], person[32], dir[32], shell[32];
-  unsigned int group, min_pass, max_pass, warn_pass, user_die;
-  /* the group and uid of the new user */
-  int bad = 0, done = 0, correct = 0, olduid;
-  char cmd[255];
-  struct group *grp;
-
-  /* flags, in order:
-   * bad to see if the username is in /etc/passwd, or if strange stuff has
-   * been typed if the user might be put in group 0
-   * done allows the program to exit when a user has been added
-   * correct loops until a username is found that isn't in /etc/passwd
-   */
-
-  /* The real program starts HERE! */
-
-  if (geteuid () != 0)
-    {
-      printf ("It seems you don't have access to add a new user.  Try\n");
-      printf ("logging in as root or su root to gain superuser access.\n");
-      exit (1);
-    }
-
-  /* Sanity checks
-   */
-
-#ifdef LOGGING
-  openlog ("adduser", LOG_PID | LOG_CONS | LOG_NOWAIT, LOG_AUTH);
-  syslog (LOG_INFO, "invoked by user %s\n", getpwuid (getuid ())->pw_name);
-#endif
-
-  if (!(grp = getgrgid (DEFAULT_GROUP)))
-    {
-      printf ("Error: the default group %d does not exist on this system!\n",
-	      DEFAULT_GROUP);
-      printf ("adduser must be recompiled.\n");
-#ifdef LOGGING
-      syslog (LOG_ERR, "warning: failed. no such default group\n");
-      closelog ();
-#endif
-      exit (1);
-    };
-
-  while (!correct)
-    {				/* loop until a "good" usrname is chosen */
-      while (!done)
-	{
-	  printf ("\nLogin to add (^C to quit): ");
-	  fflush (stdout);
-
-	  safeget (usrname, sizeof (usrname));
-
-	  if (!strlen (usrname))
-	    {
-	      printf ("Empty input.\n");
-	      done = 0;
-	      continue;
-	    };
-
-	  /* what I saw here before made me think maybe I was running DOS */
-	  /* might this be a solution? (chris) */
-	  if (strlen (usrname) > MAX_USRNAME)
-	    {
-	      printf ("That name is longer than the maximum of %d characters. Choose another.\n", MAX_USRNAME);
-	      done = 0;
-	    }
-	  else if (getpwnam (usrname) != NULL)
-	    {
-	      printf ("That name is in use, choose another.\n");
-	      done = 0;
-	    }
-	  else if (strchr (usrname, ' ') != NULL)
-	    {
-	      printf ("No spaces in username!!\n");
-	      done = 0;
-	    }
-	  else
-	    done = 1;
-	};			/* done, we have a valid new user name */
-
-      /* all set, get the rest of the stuff */
-      printf ("\nEditing information for new user [%s]\n", usrname);
-
-      printf ("\nFull Name [%s]: ", usrname);
-      fflush (stdout);
-      safeget (person, sizeof (person));
-      if (!strlen (person))
-	{
-	  bzero (person, sizeof (person));
-	  strcpy (person, usrname);
-	};
-
-      if (getuid () == 0)
-	{
-	  do
-	    {
-	      bad = 0;
-	      printf ("GID [%d]: ", DEFAULT_GROUP);
-	      fflush (stdout);
-	      safeget (foo, sizeof (foo));
-	      if (!strlen (foo))
-		group = DEFAULT_GROUP;
-	      else if (isdigit (*foo))
-		{
-		  group = atoi (foo);
-		  if (!(grp = getgrgid (group)))
-		    {
-		      printf ("unknown gid %s\n", foo);
-		      group = DEFAULT_GROUP;
-		      bad = 1;
-		    };
-		}
-	      else if ((grp = getgrnam (foo)))
-		group = grp->gr_gid;
-	      else
-		{
-		  printf ("unknown group %s\n", foo);
-		  group = DEFAULT_GROUP;
-		  bad = 1;
-		}
-	      if (group == 0)
-		{		/* You're not allowed to make root group users! */
-		  printf ("Creation of root group users not allowed (must be done by hand)\n");
-		  group = DEFAULT_GROUP;
-		  bad = 1;
-		};
-	    }
-	  while (bad);
-	}
-      else
-	{
-	  printf ("Group will be default of: %d\n", DEFAULT_GROUP);
-	  group = DEFAULT_GROUP;
-	}
-
-      if (getuid () == 0)
-	{
-	  printf ("\nIf home dir ends with a / then '%s' will be appended to it\n", usrname);
-	  printf ("Home Directory [%s/%s]: ", DEFAULT_HOME, usrname);
-	  fflush (stdout);
-	  safeget (dir, sizeof (dir));
-	  if (!strlen (dir))
-	    {			/* hit return */
-	      sprintf (dir, "%s/%s", DEFAULT_HOME, usrname);
-	    }
-	  else if (dir[strlen (dir) - 1] == '/')
-	    sprintf (dir+strlen(dir), "%s", usrname);
-	}
-      else
-	{
-	  printf ("\nHome directory will be %s/%s\n", DEFAULT_HOME, usrname);
-	  sprintf (dir, "%s/%s", DEFAULT_HOME, usrname);
-	}
-
-      printf ("\nShell [%s]: ", DEFAULT_SHELL);
-      fflush (stdout);
-      safeget (shell, sizeof (shell));
-      if (!strlen (shell))
-	sprintf (shell, "%s", DEFAULT_SHELL);
-      else
-	{
-	  char *sh;
-	  int ok = 0;
-#ifdef HAVE_GETUSERSHELL
-	  setusershell ();
-	  while ((sh = getusershell ()) != NULL)
-	    if (!strcmp (shell, sh))
-	      ok = 1;
-	  endusershell ();
-#endif
-	  if (!ok)
-	    {
-	      if (getuid () == 0)
-		printf ("Warning: root allowed non standard shell\n");
-	      else
-		{
-		  printf ("Shell NOT in /etc/shells, DEFAULT used\n");
-		  sprintf (shell, "%s", DEFAULT_SHELL);
-		}
-	    }
-	}
-
-#ifdef EXPIRE_VALS_SET
-      if (getuid () == 0)
-	{
-#endif
-	  printf ("\nMin. Password Change Days [%d]: ", DEFAULT_MIN_PASS);
-	  fflush (stdout);
-	  safeget (foo, sizeof (foo));
-	  if (strlen (foo) > 1)
-	    min_pass = DEFAULT_MIN_PASS;
-	  else
-	    min_pass = atoi (foo);
-
-	  printf ("Max. Password Change Days [%d]: ", DEFAULT_MAX_PASS);
-	  fflush (stdout);
-	  safeget (foo, sizeof (foo));
-	  if (strlen (foo) > 1)
-	    max_pass = atoi (foo);
-	  else
-	    max_pass = DEFAULT_MAX_PASS;
-
-	  printf ("Password Warning Days [%d]: ", DEFAULT_WARN_PASS);
-	  fflush (stdout);
-	  safeget (foo, sizeof (foo));
-	  warn_pass = atoi (foo);
-	  if (warn_pass == 0)
-
-	    warn_pass = DEFAULT_WARN_PASS;
-
-	  printf ("Days after Password Expiry for Account Locking [%d]: ", DEFAULT_USER_DIE);
-	  fflush (stdout);
-	  safeget (foo, sizeof (foo));
-	  user_die = atoi (foo);
-	  if (user_die == 0)
-	    user_die = DEFAULT_USER_DIE;
-
-#ifdef EXPIRE_VALS_SET
-	}
-      else
-	{
-	  printf ("\nSorry, account expiry values are set.\n");
-	  user_die = DEFAULT_USER_DIE;
-	  warn_pass = DEFAULT_WARN_PASS;
-	  max_pass = DEFAULT_MAX_PASS;
-	  min_pass = DEFAULT_MIN_PASS;
-	}
-#endif
-
-      printf ("\nInformation for new user [%s] [%s]:\n", usrname, person);
-      printf ("Home directory: [%s] Shell: [%s]\n", dir, shell);
-      printf ("GID: [%d]\n", group);
-      printf ("MinPass: [%d] MaxPass: [%d] WarnPass: [%d] UserExpire: [%d]\n",
-	      min_pass, max_pass, warn_pass, user_die);
-      printf ("\nIs this correct? [y/N]: ");
-      fflush (stdout);
-      safeget (foo, sizeof (foo));
-
-      done = bad = correct = (foo[0] == 'y' || foo[0] == 'Y');
-
-      if (bad != 1)
-	printf ("\nUser [%s] not added\n", usrname);
-    }
-
-  /* Clobber the environment, I run this suid root sometimes to let 
-   * non root privileged accounts add users --chris */
-
-  *environ = NULL;
-
-  bzero (cmd, sizeof (cmd));
-  sprintf (cmd, "%s -g %d -d %s -s %s -c \"%s\" -m -k /etc/skel %s",
-	   USERADD_PATH, group, dir, shell, person, usrname);
-  printf ("Calling useradd to add new user:\n%s\n", cmd);
-  if (system (cmd))
-    {
-      printf ("User add failed!\n");
-#ifdef LOGGING
-      syslog (LOG_ERR, "could not add new user\n");
-      closelog ();
-#endif
-      exit (errno);
-    };
-
-  olduid = getuid ();	/* chage, passwd, edquota etc. require ruid = root
-			 */
-  setuid (0);
-
-  bzero (cmd, sizeof (cmd));
-
-  /* Chage runs suid root. => we need ruid root to run it with
-   * anything other than chage -l
-   */
-
-  sprintf (cmd, "%s -m %d -M %d -W %d -I %d %s", CHAGE_PATH,
-	   min_pass, max_pass, warn_pass, user_die, usrname);
-  printf ("%s\n", cmd);
-  if (system (cmd))
-    {
-      printf ("There was an error setting password expire values\n");
-#ifdef LOGGING
-      syslog (LOG_ERR, "password expire values could not be set\n");
-#endif
-    };
-
-  /* I want to add a user completely with one easy command --chris */
-
-#ifdef HAVE_QUOTAS
-  bzero (cmd, sizeof (cmd));
-  sprintf (cmd, "%s -p %s -u %s", EDQUOTA_PATH, QUOTA_DEFAULT, usrname);
-  printf ("%s\n", cmd);
-  if (system (cmd))
-    {
-      printf ("\nWarning: error setting quota\n");
-#ifdef LOGGING
-      syslog (LOG_ERR, "warning: account created but NO quotas set!\n");
-#endif /* LOGGING */
-    }
-  else
-    printf ("\nDefault quota set.\n");
-#endif /* HAVE_QUOTAS */
-
-  bzero (cmd, sizeof (cmd));
-  sprintf (cmd, "%s %s", PASSWD_PATH, usrname);
-  if (system (cmd))
-    {
-      printf ("\nWarning: error setting password\n");
-#ifdef LOGGING
-      syslog (LOG_ERR, "warning: password set failed!\n");
-#endif
-    }
-#ifdef IMMEDIATE_CHANGE
-  bzero (cmd, sizeof (cmd));
-  sprintf (cmd, "%s -e %s", PASSWD_PATH, usrname);
-  if (system (cmd))
-    {
-      printf ("\nWarning: error expiring password\n");
-#ifdef LOGGING
-      syslog (LOG_ERR, "warning: password expire failed!\n");
-#endif /* LOGGING */
-    }
-#endif /* IMMEDIATE_CHANGE */
-
-  setuid (olduid);
-
-#ifdef LOGGING
-  closelog ();
-#endif
-
-  printf ("\nDone.\n");
-}
-
-void 
-safeget (char *buf, int maxlen)
-{
-  int c, i = 0, bad = 0;
-  char *bstart = buf;
-  while ((c = getc (stdin)) != EOF && (c != '\n') && (++i < maxlen))
-    {
-      bad = (!isalnum (c) && (c != '_') && (c != ' '));
-      *(buf++) = (char) c;
-    }
-  *buf = '\0';
-
-  if (bad)
-    {
-      printf ("\nString contained banned character. Please stick to alphanumerics.\n");
-      *bstart = '\0';
-    }
-}
-
@@ -1,90 +0,0 @@
-#!/bin/sh
-# adduser script for use with shadow passwords and useradd command.
-# by Hrvoje Dogan <hdogan@student.math.hr>, Dec 1995.
-
-echo -n "Login name for new user []:"
-read LOGIN
-if [ -z $LOGIN ]
-then echo "Come on, man, you can't leave the login field empty...";exit
-fi
-echo
-echo -n "User id for $LOGIN [ defaults to next available]:"
-read ID
-GUID="-u $ID"
-if [ -z $ID ] 
-then GUID=""
-fi
-
-echo
-echo -n "Initial group for $LOGIN [users]:"
-read GID
-GGID="-g $GID"
-if [ -z $GID ]
-then GGID=""
-fi
-
-echo
-echo -n "Additional groups for $LOGIN []:"
-read AGID
-GAGID="-G $AGID"
-if [ -z $AGID ]
-then GAGID=""
-fi
-
-echo
-echo -n "$LOGIN's home directory [/home/$LOGIN]:"
-read HME
-GHME="-d $HME"
-if [ -z $HME ]
-then GHME=""
-fi
-
-echo
-echo -n "$LOGIN's shell [/bin/bash]:"
-read SHL
-GSHL="-s $SHL"
-if [ -z $SHL ]
-then GSHL=""
-fi
-
-echo
-echo -n "$LOGIN's account expiry date (MM/DD/YY) []:"
-read EXP
-GEXP="-e $EXP"
-if [ -z $EXP ]
-then GEXP=""
-fi
-echo
-echo OK, I'm about to make a new account. Here's what you entered so far:
-echo New login name: $LOGIN
-if [ -z $GUID ] 
-then echo New UID: [Next available]
-else echo New UID: $UID
-fi
-if [ -z $GGID ]
-then echo Initial group: users
-else echo Initial group: $GID
-fi
-if [ -z $GAGID ]
-then echo Additional groups: [none]
-else echo Additional groups: $AGID
-fi
-if [ -z $GHME ]
-then echo Home directory: /home/$LOGIN
-else echo Home directory: $HME
-fi
-if [ -z $GSHL ]
-then echo Shell: /bin/bash
-else echo Shell: $SHL
-fi
-if [ -z $GEXP ]
-then echo Expiry date: [no expiration]
-else echo Expiry date: $EXP
-fi
-echo "This is it... if you want to bail out, you'd better do it now."
-read FOO
-echo Making new account...
-/usr/sbin/useradd $GHME -m $GEXP $GGID $GAGID $GSHL $GUID $LOGIN
-/usr/bin/chfn $LOGIN
-/usr/bin/passwd $LOGIN
-echo "Done..."
@@ -1,743 +0,0 @@
-#!/bin/bash
-#
-#  adduser			Interactive user adding program.
-#
-#  Copyright (C) 1996		Petri Mattila, Prihateam Networks
-#				petri@prihateam.fi
-#	
-#  This program is free software; you can redistribute it and/or modify
-#  it under the terms of the GNU General Public License as published by
-#  the Free Software Foundation; either version 2, or (at your option)
-#  any later version.
-#
-# Changes:
-#	220496	v0.01	Initial version
-#	230496	v0.02	More checks, embolden summary
-#	240496		Even more checks
-#	250496 		Help with ?
-#	040596	v0.03	Cleanups
-#	050596	v0.04	Bug fixes, expire date checks
-#	070596	v0.05	Iso-latin-1 names
-#
-
-## Defaults
-
-# default groups
-def_group="users"
-def_other_groups=""
-
-# default home directory
-def_home_dir=/home/users
-
-# default shell
-def_shell=/bin/tcsh
-
-# Default expiration date (mm/dd/yy)
-def_expire=""
-
-# default dates
-def_pwd_min=0
-def_pwd_max=90
-def_pwd_warn=14
-def_pwd_iact=14
-
-
-# possible UIDs
-uid_low=1000
-uid_high=64000
-
-# skel directory
-skel=/etc/skel
-
-# default mode for home directory
-def_mode=711
-
-# Regex, that the login name must meet, only ANSI characters
-login_regex='^[0-9a-zA-Z_-]*$'
-
-# Regex, that the user name must meet
-# ANSI version
-##name_regex='^[0-9a-zA-Z_-\ ]*$'
-# ISO-LATIN-1 version
-name_regex='^[0-9a-zA-ZÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõöùúûüýþÿ_-\ ]*$'
-
-# set PATH
-export PATH="/bin:/sbin:/usr/bin:/usr/sbin"
-
-# Some special characters
-case "$TERM" in
-   vt*|ansi*|con*|xterm*|linux*)
-	S='[1m'	# start embolden
-	E='[m'	# end embolden
-	;;
-   *)	
-	S=''
-	E=''
-	;;
-esac
-
-
-## Functions
-
-check_root() {
-	if test "$EUID" -ne 0
-	then
-		echo "You must be root to run this program."
-		exit 1
-	fi
-}
-
-check_user() {
-	local usr pwd uid gid name home sh
-
-	cat /etc/passwd | (
-		while IFS=":" read usr pwd uid gid name home sh
-		do
-			if test "$1" = "${usr}"
-			then
-				return 1
-			fi
-		done
-		return 0
-	)
-}
-
-check_group() {
-	local read grp pwd gid members
-
-	cat /etc/group | (
-		while IFS=":" read grp pwd gid members
-		do
-			if test "$1" = "${grp}"
-			then
-				return 1
-			fi
-		done
-		return 0
-	)
-}
-
-check_other_groups() {
-	local grp check IFS
-
-	check="$1"
-	IFS=","
-
-	set ${check}
-	for grp
-	do
-		if check_group "${grp}"
-		then
-			echo "Group ${grp} does not exist."
-			return 1
-		fi
-	done
-	return 0
-}		
-
-check_uid() {
-	local usr pwd uid gid name home sh
-	
-	cat /etc/passwd | (
-		while IFS=":" read usr pwd uid gid name home sh
-		do
-			if test "$1" = "${uid}"
-			then
-				return 1
-			fi
-		done
-		return 0
-	)
-}
-
-read_yn() {
-	local ans ynd
-	
-	ynd="$1"
-	
-	while :
-	do
-		read ans	
-		case "${ans}" in
-		      "") return ${ynd} ;;
-		    [nN]) return 1 ;;
-		    [yY]) return 0 ;;
-		       *) echo -n "Y or N, please ? " ;;
-		esac
-	done
-}
-
-read_login() {
-	echo
-	while :
-	do
-		echo -n "Login: ${def_login:+[${def_login}] }"
-		read login
-		
-		if test "${login}" = '?'
-		then
-			less /etc/passwd
-			echo
-			continue
-		fi
-
-		if test -z "${login}" -a -n "${def_login}"
-		then
-			login="${def_login}"
-			echo "Using ${login}"
-			return
-		fi
-		
-		if test "${#login}" -gt 8
-		then
-			echo "Login must be at most 8 characters long"
-			continue
-		fi
-		
-		if test "${#login}" -lt 2
-		then
-			echo "Login must be at least 2 characters long"
-			continue
-		fi
-		
-		if ! expr "${login}" : "${login_regex}" &> /dev/null
-		then
-			echo "Please use letters, numbers and special characters _-,."
-			continue
-		fi
-		
-		if ! check_user "${login}"
-		then
-			echo "Username ${login} is already in use"
-			continue
-		fi
-		
-		def_login="${login}"
-		return
-	done
-}
-
-read_name () {
-	echo
-	while :
-	do
-		echo -n "Real name: ${def_name:+[${def_name}] }"
-		read name
-		
-		if test "${name}" = '?'
-		then
-			less /etc/passwd
-			echo
-			continue
-		fi
-
-		if test -z "${name}" -a -n "${def_name}"
-		then
-			name="${def_name}"
-			echo "Using ${name}"
-		fi
-
-		if test "${#name}" -gt 32
-		then
-			echo "Name should be at most 32 characters long"
-			continue
-		fi
-
-		if ! expr "${name}" : "${name_regex}" &> /dev/null
-		then
-			echo "Please use letters, numbers, spaces and special characters ,._-"
-			continue
-		fi
-		
-		def_name="${name}"
-		return
-	done
-}
-
-read_home() {
-	local x
-	
-	echo
-	while :
-	do
-		echo -n "Home Directory: [${def_home_dir}/${login}] "
-		read home
-		
-		if test -z "${home}"
-		then
-			home="${def_home_dir}/${login}"
-			echo "Using ${home}"
-		fi
-		
-		if ! expr "${home}" : '^[0-9a-zA-Z,._-\/]*$' &> /dev/null
-		then
-			echo "Please use letters, numbers, spaces and special characters ,._-/"
-			continue
-		fi
-		
-		x="$(basename ${home})"
-		if test "${x}" != "${login}"
-		then
-			echo "Warning: you are about to use different login name and home directory."
-		fi
-		
-		x="$(dirname ${home})"
-		if ! test -d "${x}"
-		then
-			echo "Directory ${x} does not exist."
-			echo "If you still want to use it, please make it manually."
-			continue
-		fi
-		
-		def_home_dir="${x}"
-		return
-	done
-}
-
-read_shell () {
-	local x
-
-	echo
-	while :
-	do
-		echo -n "Shell: [${def_shell}] "
-		read shell
-		
-		if test -z "${shell}"
-		then
-			shell="${def_shell}"
-			echo "Using ${shell}"
-		fi
-		
-		for x in $(cat /etc/shells)
-		do
-			if test "${x}" = "${shell}"
-			then
-				def_shell="${shell}"
-				return
-			fi
-		done
-
-		echo "Possible shells are:"
-		cat /etc/shells
-	done
-}
-
-read_group () {
-	echo
-	while :
-	do
-		echo -n "Group: [${def_group}] "
-		read group
-		
-		if test -z "${group}"
-		then
-			group="${def_group}"
-			echo "Using ${group}"
-		fi
-		
-		if test "${group}" = '?'
-		then
-			less /etc/group
-			echo
-			continue
-		fi
-
-		if check_group "${group}"
-		then
-			echo "Group ${group} does not exist."
-			continue
-		fi
-		
-		def_group="${group}"
-		return
-	done
-}
-
-read_other_groups () {
-	echo
-	while :
-	do
-		echo -n "Other groups: [${def_og:-none}] "
-		read other_groups
-		
-		if test "${other_groups}" = '?'
-		then
-			less /etc/group
-			echo
-			continue
-		fi
-
-		if test -z "${other_groups}"
-		then
-			if test -n "${def_og}"
-			then
-				other_groups="${def_og}"
-				echo "Using ${other_groups}"
-			else	
-				echo "No other groups"
-				return
-			fi
-		fi
-		
-		
-		if ! check_other_groups "${other_groups}"
-		then
-			continue
-		fi
-		
-		def_og="${other_groups}"
-		return
-	done
-}
-
-read_uid () {
-	echo
-	while :
-	do
-		echo -n "uid: [first free] "
-		read uid
-			
-		if test -z "${uid}"
-		then
-			echo "Using first free UID."
-			return
-		fi
-		
-		if test "${uid}" = '?'
-		then
-			less /etc/passwd
-			echo
-			continue
-		fi
-
-		if ! expr "${uid}" : '^[0-9]+$' &> /dev/null
-		then
-			echo "Please use numbers only."
-			continue
-		fi
-		if test "${uid}" -lt "${uid_low}"
-		then
-			echo "UID must be greater than ${uid_low}"
-			continue
-		fi
-		if test "${uid}" -gt "${uid_high}"
-		then
-			echo "UID must be smaller than ${uid_high}"
-			continue
-		fi
-		if ! check_uid "${uid}"
-		then
-			echo "UID ${uid} is already in use"
-			continue
-		fi
-		
-		return
-	done
-}
-
-read_max_valid_days() {
-	echo
-	while :
-	do
-		echo -en "Maximum days between password changes: [${def_pwd_max}] "
-		read max_days
-		
-		if test -z "${max_days}"
-		then
-			max_days="${def_pwd_max}"
-			echo "Using ${max_days}"
-			return
-		fi
-		
-		if ! expr "${max_days}" : '^[0-9]+$' &> /dev/null
-		then
-			echo "Please use numbers only."
-			continue
-		fi
-		if test "${max_days}" -lt 7
-		then
-			echo "Warning: you are using a value shorter than a week."
-		fi
-		
-		def_pwd_max="${max_days}"
-		return	
-	done
-}
-
-read_min_valid_days() {
-	echo
-	while :
-	do
-		echo -en "Minimum days between password changes: [${def_pwd_min}] "
-		read min_days
-		
-		if test -z "${min_days}"
-		then
-			min_days="${def_pwd_min}"
-			echo "Using ${min_days}"
-			return
-		fi
-		
-		if ! expr "${min_days}" : '^[0-9]+$' &> /dev/null
-		then
-			echo "Please use numbers only."
-			continue
-		fi
-		if test "${min_days}" -gt 7
-		then
-			echo "Warning: you are using a value longer than a week."
-		fi
-		
-		def_pwd_min="${min_days}"
-		return	
-	done
-}
-
-read_warning_days() {
-	echo
-	while :
-	do
-		echo -en "Number of warning days before password expires: [${def_pwd_warn}] "
-		read warn_days
-		
-		if test -z "${warn_days}"
-		then
-			warn_days="${def_pwd_warn}"
-			echo "Using ${warn_days}"
-		fi
-
-		if ! expr "${warn_days}" : '^[0-9]+$' &> /dev/null
-		then
-			echo "Please use numbers only."
-			continue
-		fi
-		if test "${warn_days}" -gt 14
-		then
-			echo "Warning: you are using a value longer than two week."
-		fi
-		
-		def_pwd_warn="${warn_days}"
-		return	
-	done
-}
-
-
-read_inactive_days() {
-	echo
-	while :
-	do
-		echo -en "Number of usable days after expiration: [${def_pwd_iact}] "
-		read iact_days
-		
-		if test -z "${iact_days}"
-		then
-			iact_days="${def_pwd_iact}"
-			echo "Using ${iact_days}"
-			return
-		fi
-		if ! expr "${iact_days}" : '^[0-9]+$' &> /dev/null
-		then
-			echo "Please use numbers only."
-			continue
-		fi
-		if test "${iact_days}" -gt 14
-		then
-			echo "Warning: you are using a value that is more than two weeks."
-		fi
-		
-		def_pwd_iact="${iact_days}"
-		return	
-	done
-}
-
-read_expire_date() {
-	local ans
-	
-	echo
-	while :
-	do
-		echo -en "Expire date of this account (mm/dd/yy): [${def_expire:-never}] "
-		read ans
-		
-		if test -z "${ans}"
-		then
-			if test -z "${def_expire}"
-			then
-				ans="never"
-			else
-				ans="${def_expire}"
-				echo "Using ${def_expire}"
-			fi
-		fi
-		
-		if test "${ans}" = "never"
-		then
-			echo "Account will never expire."
-			def_expire=""
-			expire=""
-			return
-		fi
-
-		if ! expr "${ans}" : '^[0-9][0-9]/[0-9][0-9]/[0-9][0-9]$' &> /dev/null
-		then
-			echo "Please use format mm/dd/yy"
-			continue
-		fi
-		
-		if ! expire_date="$(date -d ${ans} '+%A, %B %d %Y')"
-		then
-			continue
-		fi
-		
-		def_expire="${expire}"
-		return	
-	done
-}
-
-read_passwd_yn() {
-	echo -en "\nDo you want to set password [Y/n] ? "
-	if read_yn 0
-	then
-		set_pwd="YES"
-	else
-		set_pwd=""
-	fi
-}
-
-
-print_values() {
-
-clear
-cat << EOM
-
-Login:        ${S}${login}${E}
-Group:        ${S}${group}${E}
-Other groups: ${S}${other_groups:-[none]}${E}
-
-Real Name:    ${S}${name}${E}
-
-uid:          ${S}${uid:-[first free]}${E}
-home:         ${S}${home}${E}
-shell:        ${S}${shell}${E}
-
-Account expiration date:                   ${S}${expire_date:-never}${E}
-Minimum days between password changes:     ${S}${min_days}${E}
-Maximum days between password changes:     ${S}${max_days}${E}
-Number of usable days after expiration:    ${S}${iact_days}${E}
-Number of warning days before expiration:  ${S}${warn_days}${E}
-
-${S}${set_pwd:+Set password for this account.}${E}
-
-EOM
-}
-
-set_user() {
-	if ! useradd \
-		-c "${name}" \
-		-d "${home}" \
-		-g "${group}" \
-		-s "${shell}" \
-		${expire:+-e ${expire}} \
-		${uid:+-u ${uid}} \
-		${other_groups:+-G ${other_groups}} \
-		${login}
-	then
-		echo "Error ($?) in useradd...exiting..."
-		exit 1
-	fi
-}
-
-set_aging() {
-	if ! passwd \
-		-x ${max_days} \
-		-n ${min_days} \
-		-w ${warn_days} \
-		-i ${iact_days} \
-		${login}
-	then
-		echo "Error ($?) in setting password aging...exiting..." 
-		exit 1
-	fi
-}
-
-set_password() {
-	if test -n "${set_pwd}"
-	then
-		echo
-		passwd ${login}
-		echo
-	fi
-}	
-
-set_system() {
-	if test -d "${home}"
-	then
-		echo "Directory ${home} already exists."
-		echo "Skeleton files not copied."
-		return
-	fi
-	
-	echo -n "Copying skeleton files..."
-	( 
-	  mkdir ${home}
-	  cd ${skel} && cp -af . ${home}
-	  chmod ${def_mode} ${home}
-	  chown -R ${login}:${group} ${home}
-	)
-	echo "done."
-
-	## Add your own stuff here:
-	echo -n "Setting up other files..."
-	(
-	  mailbox="/var/spool/mail/${login}"
-	  touch ${mailbox}
-	  chown "${login}:mail" ${mailbox}
-	  chmod 600 ${mailbox}
-	)
-	echo "done."
-}
-
-
-read_values() {
-	clear
-	echo -e "\nPlease answer the following questions about the new user to be added."
-	
-	while :
-	do
-		read_login
-		read_name
-		read_group
-		read_other_groups
-		read_home
-		read_shell
-		read_uid
-		read_expire_date
-		read_max_valid_days
-		read_min_valid_days
-		read_warning_days
-		read_inactive_days
-		read_passwd_yn
-
-		print_values
-		
-		echo -n "Is this correct [N/y] ? "
-		read_yn 1 && return
-	done
-}
-
-
-main() {
-	check_root
-	read_values
-	set_user
-	set_aging
-	set_system
-	set_password
-}
-
-
-## Run it 8-)
-main
-
-# End.
@@ -1,465 +0,0 @@
-#!/bin/sh
-# This is a shell archive (produced by GNU sharutils 4.2.1).
-# To extract the files from this archive, save it to some FILE, remove
-# everything before the `!/bin/sh' line above, then type `sh FILE'.
-#
-# Made on 2000-05-25 14:41 CDT by <gk4@gnu.austin.ibm.com>.
-# Source directory was `/home/gk4/src/groupmem'.
-#
-# Existing files will *not* be overwritten unless `-c' is specified.
-#
-# This shar contains:
-# length mode       name
-# ------ ---------- ------------------------------------------
-#   1960 -rw-r--r-- Makefile
-#   6348 -rw-r--r-- groupmems.c
-#   3372 -rw------- groupmems.8
-#
-save_IFS="${IFS}"
-IFS="${IFS}:"
-gettext_dir=FAILED
-locale_dir=FAILED
-first_param="$1"
-for dir in $PATH
-do
-  if test "$gettext_dir" = FAILED && test -f $dir/gettext \
-     && ($dir/gettext --version >/dev/null 2>&1)
-  then
-    set `$dir/gettext --version 2>&1`
-    if test "$3" = GNU
-    then
-      gettext_dir=$dir
-    fi
-  fi
-  if test "$locale_dir" = FAILED && test -f $dir/shar \
-     && ($dir/shar --print-text-domain-dir >/dev/null 2>&1)
-  then
-    locale_dir=`$dir/shar --print-text-domain-dir`
-  fi
-done
-IFS="$save_IFS"
-if test "$locale_dir" = FAILED || test "$gettext_dir" = FAILED
-then
-  echo=echo
-else
-  TEXTDOMAINDIR=$locale_dir
-  export TEXTDOMAINDIR
-  TEXTDOMAIN=sharutils
-  export TEXTDOMAIN
-  echo="$gettext_dir/gettext -s"
-fi
-if touch -am -t 200112312359.59 $$.touch >/dev/null 2>&1 && test ! -f 200112312359.59 -a -f $$.touch; then
-  shar_touch='touch -am -t $1$2$3$4$5$6.$7 "$8"'
-elif touch -am 123123592001.59 $$.touch >/dev/null 2>&1 && test ! -f 123123592001.59 -a ! -f 123123592001.5 -a -f $$.touch; then
-  shar_touch='touch -am $3$4$5$6$1$2.$7 "$8"'
-elif touch -am 1231235901 $$.touch >/dev/null 2>&1 && test ! -f 1231235901 -a -f $$.touch; then
-  shar_touch='touch -am $3$4$5$6$2 "$8"'
-else
-  shar_touch=:
-  echo
-  $echo 'WARNING: not restoring timestamps.  Consider getting and'
-  $echo "installing GNU \`touch', distributed in GNU File Utilities..."
-  echo
-fi
-rm -f 200112312359.59 123123592001.59 123123592001.5 1231235901 $$.touch
-#
-if mkdir _sh10937; then
-  $echo 'x -' 'creating lock directory'
-else
-  $echo 'failed to create lock directory'
-  exit 1
-fi
-# ============= Makefile ==============
-if test -f 'Makefile' && test "$first_param" != -c; then
-  $echo 'x -' SKIPPING 'Makefile' '(file already exists)'
-else
-  $echo 'x -' extracting 'Makefile' '(text)'
-  sed 's/^X//' << 'SHAR_EOF' > 'Makefile' &&
-/*
-# SPDX-FileCopyrightText: 2000, International Business Machines, Inc.
-# SPDX-FileCopyrightText: 2000, George Kraft IV, gk4@us.ibm.com
-# SPDX-License-Identifier: BSD-3-Clause
-# 
-X
-all: groupmems
-X
-groupmems: groupmems.c
-X	cc -g -o groupmems groupmems.c -L. -lshadow
-X
-install: groupmems
-X	-/usr/sbin/groupadd groups
-X	install -o root -g groups -m 4770 groupmems /usr/bin
-X
-install.man: groupmems.8
-X	install -o root -g root -m 644 groupmems.8 /usr/man/man8
-X
-SHAR_EOF
-  (set 20 00 05 25 14 40 28 'Makefile'; eval "$shar_touch") &&
-  chmod 0644 'Makefile' ||
-  $echo 'restore of' 'Makefile' 'failed'
-  if ( md5sum --help 2>&1 | grep 'sage: md5sum \[' ) >/dev/null 2>&1 \
-  && ( md5sum --version 2>&1 | grep -v 'textutils 1.12' ) >/dev/null; then
-    md5sum -c << SHAR_EOF >/dev/null 2>&1 \
-    || $echo 'Makefile:' 'MD5 check failed'
-b46cf7ef8d59149093c011ced3f3103c  Makefile
-SHAR_EOF
-  else
-    shar_count="`LC_ALL= LC_CTYPE= LANG= wc -c < 'Makefile'`"
-    test 1960 -eq "$shar_count" ||
-    $echo 'Makefile:' 'original size' '1960,' 'current size' "$shar_count!"
-  fi
-fi
-# ============= groupmems.c ==============
-if test -f 'groupmems.c' && test "$first_param" != -c; then
-  $echo 'x -' SKIPPING 'groupmems.c' '(file already exists)'
-else
-  $echo 'x -' extracting 'groupmems.c' '(text)'
-  sed 's/^X//' << 'SHAR_EOF' > 'groupmems.c' &&
-/*
-X * SPDX-FileCopyrightText: 2000, International Business Machines, Inc.
-X * SPDX-FileCopyrightText: 2000, George Kraft IV, gk4@us.ibm.com
-X * SPDX-License-Identifier: BSD-3-Clause
-X */
-/*
-**
-**	Utility "groupmem" adds and deletes members from a user's group.
-**	
-**	Setup (as "root"):
-**	
-**		groupadd -r groups 
-**		chmod 2770 groupmems
-**		chown root.groups groupmems
-**		groupmems -g groups -a gk4
-**	
-**	Usage (as "gk4"):
-**	
-**		groupmems -a olive
-**		groupmems -a jordan
-**		groupmems -a meghan
-**		groupmems -a morgan
-**		groupmems -a jake
-**		groupmems -l 
-**		groupmems -d jake
-**		groupmems -l 
-*/
-X
-#include <stdio.h>
-#include <pwd.h>
-#include <grp.h>
-#include <sys/types.h>
-#include <sys/stat.h>
-#include <fcntl.h>
-#include "defines.h"
-#include "groupio.h"
-X
-/* Exit Status Values */
-X
-#define EXIT_SUCCESS		0	/* success */
-#define EXIT_USAGE		1	/* invalid command syntax */
-#define EXIT_GROUP_FILE		2	/* group file access problems */
-#define EXIT_NOT_ROOT		3	/* not superuser  */
-#define EXIT_NOT_EROOT		4	/* not effective superuser  */
-#define EXIT_NOT_PRIMARY	5	/* not primary owner of group  */
-#define EXIT_NOT_MEMBER		6	/* member of group does not exist */
-#define EXIT_MEMBER_EXISTS	7	/* member of group already exists */
-X
-#define TRUE 1
-#define FALSE 0
-X
-/* Globals */
-X
-extern int optind;
-extern char *optarg;
-static char *adduser = NULL;
-static char *deluser = NULL;
-static char *thisgroup = NULL;
-static int purge = FALSE;
-static int list = FALSE;
-static int exclusive = 0;
-X
-static int isroot(void) {
-X	return getuid() ? FALSE : TRUE;
-}
-X
-static int isgroup(void) {
-X	gid_t g = getgid();
-X	struct group *grp = getgrgid(g);
-X
-X	return TRUE;
-}
-X
-static char *whoami(void) {
-X	struct group *grp = getgrgid(getgid());
-X	struct passwd *usr = getpwuid(getuid());
-X
-X	if (0 == strcmp(usr->pw_name, grp->gr_name)) {
-X		return (char *)strdup(usr->pw_name);
-X	} else {
-X		return NULL;
-X	} 
-}
-X
-static void
-addtogroup(char *user, char **members) {
-X	int i;
-X	char **pmembers;
-X
-X	for (i = 0; NULL != members[i]; i++ ) {
-X		if (0 == strcmp(user, members[i])) {
-X			fprintf(stderr, "Member already exists\n");
-X			exit(EXIT_MEMBER_EXISTS);
-X		}
-X	}
-X
-X	if (0 == i) {
-X		pmembers = (char **)calloc(2, sizeof(char *));
-X	} else {
-X		pmembers = (char **)realloc(members, sizeof(char *)*(i+1));
-X	}
-X
-X	*members = *pmembers;
-X	members[i] = user;
-X	members[i+1] = NULL;
-}
-X
-static void
-rmfromgroup(char *user, char **members) {
-X	int i;
-X	int found = FALSE;
-X
-X	i = 0;
-X	while (!found && NULL != members[i]) {
-X		if (0 == strcmp(user, members[i])) {
-X			found = TRUE;
-X		} else {
-X			i++;
-X		}
-X	}
-X
-X	while (found && NULL != members[i]) {
-X		members[i] = members[++i];
-X	}
-X
-X	if (!found) {
-X		fprintf(stderr, "Member to remove could not be found\n");
-X		exit(EXIT_NOT_MEMBER);
-X	}
-}
-X
-static void
-nomembers(char **members) {
-X	int i;
-X
-X	for (i = 0; NULL != members[i]; i++ ) {
-X		members[i] = NULL;
-X	}
-}
-X
-static void
-members(char **members) {
-X	int i;
-X
-X	for (i = 0; NULL != members[i]; i++ ) {
-X		printf("%s ", members[i]);
-X
-X		if (NULL == members[i+1]) {
-X			printf("\n");
-X		} else {
-X			printf(" ");
-X		}
-X	}
-}
-X
-static void usage(void) {
-X	fprintf(stderr, "usage: groupmems -a username | -d username | -D | -l [-g groupname]\n");
-X	exit(EXIT_USAGE);
-}
-X
-main(int argc, char **argv) {
-X	int arg, i;
-X	char *name;
-X	struct group *grp;
-X
-X	while ((arg = getopt(argc, argv, "a:d:g:Dl")) != EOF) {
-X		switch (arg) {
-X		case 'a':
-X			adduser = strdup(optarg);
-X			++exclusive;
-X			break;
-X		case 'd':
-X			deluser = strdup(optarg);
-X			++exclusive;
-X			break;
-X		case 'g':
-X			thisgroup = strdup(optarg);
-X			break;
-X		case 'D':
-X			purge = TRUE;
-X			++exclusive;
-X			break;
-X		case 'l':
-X			list = TRUE;
-X			++exclusive;
-X			break;
-X		default:
-X			usage();
-X		}
-X	}
-X
-X	if (exclusive > 1 || optind < argc) {
-X		usage();
-X	}
-X
-X	if (!isroot() && NULL != thisgroup) {
-X		fprintf(stderr, "Only root can add members to different groups\n");
-X		exit(EXIT_NOT_ROOT);
-X	} else if (isroot() && NULL != thisgroup) {
-X		name = thisgroup;
-X	} else if (!isgroup()) {
-X		fprintf(stderr, "Group access is required\n");
-X		exit(EXIT_NOT_EROOT);
-X	} else if (NULL == (name = whoami())) {
-X		fprintf(stderr, "Not primary owner of current group\n");
-X		exit(EXIT_NOT_PRIMARY);
-X	}
-X
-X	if (!gr_lock()) {
-X		fprintf(stderr, "Unable to lock group file\n");
-X		exit(EXIT_GROUP_FILE);
-X	}
-X
-X	if (!gr_open(O_RDWR)) {
-X		fprintf(stderr, "Unable to open group file\n");
-X		exit(EXIT_GROUP_FILE);
-X	}
-X
-X	grp = (struct group *)gr_locate(name);
-X
-X	if (NULL != adduser) {
-X		addtogroup(adduser, grp->gr_mem);
-X		gr_update(grp);
-X	} else if (NULL != deluser) {
-X		rmfromgroup(deluser, grp->gr_mem);
-X		gr_update(grp);
-X	} else if (purge) {
-X		nomembers(grp->gr_mem);
-X		gr_update(grp);
-X	} else if (list) {
-X		members(grp->gr_mem);
-X	}
-X
-X	if (!gr_close()) {
-X		fprintf(stderr, "Cannot close group file\n");
-X		exit(EXIT_GROUP_FILE);
-X	}
-X
-X	gr_unlock();
-X
-X	exit(EXIT_SUCCESS);
-}
-X
-/* EOF */
-SHAR_EOF
-  (set 20 00 05 25 14 36 38 'groupmems.c'; eval "$shar_touch") &&
-  chmod 0644 'groupmems.c' ||
-  $echo 'restore of' 'groupmems.c' 'failed'
-  if ( md5sum --help 2>&1 | grep 'sage: md5sum \[' ) >/dev/null 2>&1 \
-  && ( md5sum --version 2>&1 | grep -v 'textutils 1.12' ) >/dev/null; then
-    md5sum -c << SHAR_EOF >/dev/null 2>&1 \
-    || $echo 'groupmems.c:' 'MD5 check failed'
-f0dd68f8d762d89d24d3ce1f4141f981  groupmems.c
-SHAR_EOF
-  else
-    shar_count="`LC_ALL= LC_CTYPE= LANG= wc -c < 'groupmems.c'`"
-    test 6348 -eq "$shar_count" ||
-    $echo 'groupmems.c:' 'original size' '6348,' 'current size' "$shar_count!"
-  fi
-fi
-# ============= groupmems.8 ==============
-if test -f 'groupmems.8' && test "$first_param" != -c; then
-  $echo 'x -' SKIPPING 'groupmems.8' '(file already exists)'
-else
-  $echo 'x -' extracting 'groupmems.8' '(text)'
-  sed 's/^X//' << 'SHAR_EOF' > 'groupmems.8' &&
-X.\"
-X.\" SPDX-FileCopyrightText: 2000, International Business Machines, Inc.
-X.\" SPDX-FileCopyrightText: 2000, George Kraft IV, gk4@us.ibm.com
-X.\" SPDX-License-Identifier: BSD-3-Clause
-X.\"
-X.\" $Id$
-X.\"
-X.TH GROUPMEMS 8
-X.SH NAME
-groupmems \- Administer members of a user's primary group
-X.SH SYNOPSIS
-X.B groupmems
-\fB-a\fI user_name \fR |
-\fB-d\fI user_name \fR |
-\fB-l\fR |
-\fB-D\fR |
-[\fB-g\fI group_name \fR]
-X.SH DESCRIPTION
-The \fBgroupmems\fR utility allows a user to administer their own
-group membership list without the requirement of superuser privileges.
-The \fBgroupmems\fR utility is for systems that configure its users to
-be in their own name sake primary group (i.e., guest / guest).
-X.P
-Only the superuser, as administrator, can use \fBgroupmems\fR to alter
-the memberships of other groups.
-X.IP "\fB-a \fIuser_name\fR"
-Add a new user to the group membership list.
-X.IP "\fB-d \fIuser_name\fR"
-Delete a user from the group membership list.
-X.IP "\fB-l\fR"
-List the group membership list.
-X.IP "\fB-D\fR"
-Delete all users from the group membership list.
-X.IP "\fB-g \fIgroup_name\fR"
-The superuser can specify which group membership list to modify.
-X.SH SETUP
-The \fBgroupmems\fR executable should be in mode \fB2770\fR as user \fBroot\fR
-and in group \fBgroups\fR.   The system administrator can add users to
-group groups to allow or disallow them using the  \fBgroupmems\fR utility
-to manager their own group membership list.
-X.P
-X     $ groupadd -r groups
-X.br
-X     $ chmod 2770 groupmems
-X.br
-X     $ chown root.groups groupmems
-X.br
-X     $ groupmems -g groups -a gk4
-X.SH FILES
-/etc/group
-X.br
-/etc/gshadow
-X.SH SEE ALSO
-X.BR chfn (1),
-X.BR chsh (1),
-X.BR useradd (8),
-X.BR userdel (8),
-X.BR usermod (8),
-X.BR passwd (1),
-X.BR groupadd (8),
-X.BR groupdel (8)
-X.SH AUTHOR
-George Kraft IV (gk4@us.ibm.com)
-X.\" EOF
-SHAR_EOF
-  (set 20 00 05 25 14 38 23 'groupmems.8'; eval "$shar_touch") &&
-  chmod 0600 'groupmems.8' ||
-  $echo 'restore of' 'groupmems.8' 'failed'
-  if ( md5sum --help 2>&1 | grep 'sage: md5sum \[' ) >/dev/null 2>&1 \
-  && ( md5sum --version 2>&1 | grep -v 'textutils 1.12' ) >/dev/null; then
-    md5sum -c << SHAR_EOF >/dev/null 2>&1 \
-    || $echo 'groupmems.8:' 'MD5 check failed'
-181e6cd3a3c9d3df320197fa2cde2b4a  groupmems.8
-SHAR_EOF
-  else
-    shar_count="`LC_ALL= LC_CTYPE= LANG= wc -c < 'groupmems.8'`"
-    test 3372 -eq "$shar_count" ||
-    $echo 'groupmems.8:' 'original size' '3372,' 'current size' "$shar_count!"
-  fi
-fi
-rm -fr _sh10937
-exit 0
@@ -1,308 +0,0 @@
-/*
- * pwdauth.c - program to verify a given username/password pair.
- *
- * Run it with username in argv[1] (may be omitted - default is the
- * current user), and send it the password over a pipe on stdin.
- * Exit status: 0 - correct password, 1 - wrong password, >1 - other
- * errors.  For use with shadow passwords, this program should be
- * installed setuid root.
- *
- * This can be used, for example, by xlock - you don't have to install
- * this large and complex (== possibly insecure) program setuid root,
- * just modify it to run this simple program to do the authentication.
- *
- * Recent versions (xlockmore-3.9) are cleaner, and drop privileges as
- * soon as possible after getting the user's encrypted password.
- * Using this program probably doesn't make it more secure, and has one
- * disadvantage: since we don't get the encrypted user's password at
- * startup (but at the time the user is authenticated), it is not clear
- * how we should handle errors (like getpwnam() returning NULL).
- * - fail the authentication?  Problem: no way to unlock (other than kill
- *   the process from somewhere else) if the NIS server stops responding.
- * - succeed and unlock?  Problem: it's too easy to unlock by unplugging
- *   the box from the network and waiting until NIS times out...
- *
- * This program is Copyright (C) 1996 Marek Michalkiewicz
- * <marekm@i17linuxb.ists.pwr.wroc.pl>.
- *
- * It may be used and distributed freely for any purposes.  There is no
- * warranty - use at your own risk.  I am not liable for any damages etc.
- * If you improve it, please send me your changes.
- */
-
-static char rcsid[] = "$Id$";
-
-/*
- * Define USE_SYSLOG to use syslog() to log successful and failed
- * authentication.  This should be safe even if your system has
- * the infamous syslog buffer overrun security problem...
- */
-#define USE_SYSLOG
-
-/*
- * Define HAVE_GETSPNAM to get shadow passwords using getspnam().
- * Some systems don't have getspnam(), but getpwnam() returns
- * encrypted passwords only if running as root.
- *
- * According to the xlock source (not tested, except Linux) -
- * define: Linux, Solaris 2.x, SVR4, ...
- * undef: HP-UX with Secured Passwords, FreeBSD, NetBSD, QNX.
- * Known not supported (yet): Ultrix, OSF/1, SCO.
- */
-#define HAVE_GETSPNAM
-
-/*
- * Define HAVE_PW_ENCRYPT to use pw_encrypt() instead of crypt().
- * pw_encrypt() is like the standard crypt(), except that it may
- * support better password hashing algorithms.
- *
- * Define if linking with libshadow.a from the shadow password
- * suite (Linux, SunOS 4.x?).
- */
-#undef HAVE_PW_ENCRYPT
-
-/*
- * Define HAVE_AUTH_METHODS to support the shadow suite specific
- * extension: the encrypted password field contains a list of
- * administrator defined authentication methods, separated by
- * semicolons.  This program only supports the standard password
- * authentication method (a string that doesn't start with '@').
- */
-#undef HAVE_AUTH_METHODS
-
-/*
- * FAIL_DELAY - number of seconds to sleep before exiting if the
- * password was wrong, to slow down password guessing attempts.
- */
-#define FAIL_DELAY 2
-
-/* No user-serviceable parts below :-).  */
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include <sys/types.h>
-#include <sys/wait.h>
-#include <unistd.h>
-#include <pwd.h>
-
-#ifdef USE_SYSLOG
-#include <syslog.h>
-#ifndef LOG_AUTHPRIV
-#define LOG_AUTHPRIV LOG_AUTH
-#endif
-#endif
-
-#ifdef HAVE_GETSPNAM
-#include <shadow.h>
-#endif
-
-#ifdef HAVE_PW_ENCRYPT
-extern char *pw_encrypt();
-#define crypt pw_encrypt
-#endif
-
-/*
- * Read the password (one line) from fp.  We don't turn off echo
- * because we expect input from a pipe.
- */
-static char *
-get_line(fp)
-	FILE *fp;
-{
-	static char buf[128];
-	char *cp;
-	int ch;
-
-	cp = buf;
-	while ((ch = getc(fp)) != EOF && ch != '\0' && ch != '\n') {
-		if (cp >= buf + sizeof buf - 1)
-			break;
-		*cp++ = ch;
-	}
-	*cp = '\0';
-	return buf;
-}
-
-/*
- * Get the password file entry for the current user.  If the name
- * returned by getlogin() is correct (matches the current real uid),
- * return the entry for that user.  Otherwise, return the entry (if
- * any) matching the current real uid.  Return NULL on failure.
- */
-static struct passwd *
-get_my_pwent()
-{
-	uid_t uid = getuid();
-	char *name = getlogin();
-
-	if (name && *name) {
-		struct passwd *pw = getpwnam(name);
-
-		if (pw && pw->pw_uid == uid)
-			return pw;
-	}
-	return getpwuid(uid);
-}
-
-/*
- * Verify the password.  The system-dependent shadow support is here.
- */
-static int
-password_auth_ok(pw, pass)
-	const struct passwd *pw;
-	const char *pass;
-{
-	int result;
-	char *cp;
-#ifdef HAVE_AUTH_METHODS
-	char *buf;
-#endif
-#ifdef HAVE_GETSPNAM
-	struct spwd *sp;
-#endif
-
-	if (pw) {
-#ifdef HAVE_GETSPNAM
-		sp = getspnam(pw->pw_name);
-		if (sp)
-			cp = sp->sp_pwdp;
-		else
-#endif
-			cp = pw->pw_passwd;
-	} else
-		cp = "xx";
-
-#ifdef HAVE_AUTH_METHODS
-	buf = strdup(cp);  /* will be modified by strtok() */
-	if (!buf) {
-		fprintf(stderr, "Out of memory.\n");
-		exit(13);
-	}
-	cp = strtok(buf, ";");
-	while (cp && *cp == '@')
-		cp = strtok(NULL, ";");
-
-	/* fail if no password authentication for this user */
-	if (!cp)
-		cp = "xx";
-#endif
-
-	if (*pass || *cp)
-		result = (strcmp(crypt(pass, cp), cp) == 0);
-	else
-		result = 1;  /* user with no password */
-
-#ifdef HAVE_AUTH_METHODS
-	free(buf);
-#endif
-	return result;
-}
-
-/*
- * Main program.
- */
-int
-main(argc, argv)
-	int argc;
-	char **argv;
-{
-	struct passwd *pw;
-	char *pass, *name;
-	char myname[32];
-
-#ifdef USE_SYSLOG
-	openlog("pwdauth", LOG_PID | LOG_CONS, LOG_AUTHPRIV);
-#endif
-	pw = get_my_pwent();
-	if (!pw) {
-#ifdef USE_SYSLOG
-		syslog(LOG_ERR, "can't get login name for uid %d.\n",
-		       (int) getuid());
-#endif
-		fprintf(stderr, "Who are you?\n");
-		exit(2);
-	}
-	strncpy(myname, pw->pw_name, sizeof myname - 1);
-	myname[sizeof myname - 1] = '\0';
-	name = myname;
-
-	if (argc > 1) {
-		name = argv[1];
-		pw = getpwnam(name);
-	}
-
-	pass = get_line(stdin);
-	if (password_auth_ok(pw, pass)) {
-#ifdef USE_SYSLOG
-		syslog(pw->pw_uid ? LOG_INFO : LOG_NOTICE,
-		       "user `%s' entered correct password for `%.32s'.\n",
-		       myname, name);
-#endif
-		exit(0);
-	}
-#ifdef USE_SYSLOG
-	/* be careful not to overrun the syslog buffer */
-	syslog((!pw || pw->pw_uid) ? LOG_NOTICE : LOG_WARNING,
-	       "user `%s' entered incorrect password for `%.32s'.\n",
-	       myname, name);
-#endif
-#ifdef FAIL_DELAY
-	sleep(FAIL_DELAY);
-#endif
-	fprintf(stderr, "Wrong password.\n");
-	exit(1);
-}
-
-#if 0
-/*
- * You can use code similar to the following to run this program.
- * Return values: >=0 - program exit status (use the <sys/wait.h>
- * macros to get the exit code, it is shifted left by 8 bits),
- * -1 - check errno.
- */
-int
-verify_password(const char *username, const char *password)
-{
-	int pipe_fd[2];
-	int pid, wpid, status;
-
-	if (pipe(pipe_fd))
-		return -1;
-	
-	if ((pid = fork()) == 0) {
-		char *arg[3];
-		char *env[1];
-
-		/* child */
-		close(pipe_fd[1]);
-		if (pipe_fd[0] != 0) {
-			if (dup2(pipe_fd[0], 0) != 0)
-				_exit(127);
-			close(pipe_fd[0]);
-		}
-		arg[0] = "/usr/bin/pwdauth";
-		arg[1] = username;
-		arg[2] = NULL;
-		env[0] = NULL;
-		execve(arg[0], arg, env);
-		_exit(127);
-	} else if (pid == -1) {
-		/* error */
-		close(pipe_fd[0]);
-		close(pipe_fd[1]);
-		return -1;
-	}
-	/* parent */
-	close(pipe_fd[0]);
-	write(pipe_fd[1], password, strlen(password));
-	write(pipe_fd[1], "\n", 1);
-	close(pipe_fd[1]);
-
-	while ((wpid = wait(&status)) != pid) {
-		if (wpid == -1)
-			return -1;
-	}
-	return status;
-}
-#endif
@@ -1,147 +0,0 @@
-Hello Marek,
-
-I have created a diffile against the 980403 release that adds
-functionality to newusers for automatic handling of users with only
-anonymous ftp login (using the guestgroup feature in ftpaccess, which
-means that the users home directory looks like '/home/user/./'). It also
-adds a commandline argument to specify an initial directory structure
-for such users, with a tarball normally containing the bin,lib,etc
-directories used in the chrooted environment.
-
-I am using it to automatically create chunks of users with only ftp
-access for a webserver.
-
-I have tried to follow your coding standards and I believe it is bug
-free but.. well, who knows. :) It's not much code however.
-
-I hope you find it useful. Do what you like with it, feel free to ask if
-anything is unclear.
-
-Best rgds,
-  Calle Karlsson
-  ckn@kash.se
-
-diff -uNr shadow-980403.orig/src/newusers.c shadow-980403/src/newusers.c
--- shadow-980403.orig/src/newusers.c	Fri Jan 30 00:22:43 1998
-+++ shadow-980403/src/newusers.c	Fri Apr 17 16:55:33 1998
-@@ -76,11 +76,35 @@
- static void
- usage(void)
- {
-	fprintf(stderr, "Usage: %s [ input ]\n", Prog);
-+	fprintf (stderr, "Usage: %s [-p prototype tarfile] [ input ]\n", Prog);
-+	fprintf (stderr, "The prototype tarfile is only used for users\n");
-+	fprintf (stderr, "marked as anonymous ftp users. It must be a full pathname.\n");
- 	exit(1);
- }
- 
- /*
-+ * createuserdir - create a directory and chmod it
-+ */
-+
-+static int
-+createuserdir (char * dir, int uid, int gid, int line)
-+{
-+	if (mkdir (dir, 0777 & ~getdef_num("UMASK", 077))) {
-+		fprintf (stderr, "%s: line %d: mkdir %s failed\n",
-+			 Prog, line, dir);
-+		return -1;
-+	}
-+
-+	if (chown (dir, uid, gid)) {
-+		fprintf (stderr, "%s: line %d: chown %s failed\n",
-+			 Prog, line, dir);
-+		return -1;
-+	}
-+
-+	return 0;
-+}
-+
-+/*
-  * add_group - create a new group or add a user to an existing group
-  */
- 
-@@ -328,6 +352,8 @@
- main(int argc, char **argv)
- {
- 	char	buf[BUFSIZ];
-+	char	anonproto[BUFSIZ];
-+	int	flag;
- 	char	*fields[8];
- 	int	nfields;
- 	char	*cp;
-@@ -340,12 +366,23 @@
- 
- 	Prog = Basename(argv[0]);
- 
-	if (argc > 1 && argv[1][0] == '-')
-		usage ();
-+	* anonproto = '\0';
-+
-+	while ((flag = getopt (argc, argv, "p:h")) != EOF) {
-+		switch (flag) {
-+		case 'p':
-+			STRFCPY(anonproto, optarg);
-+			break;
-+		case 'h':
-+		default:
-+			usage ();
-+			break;
-+		}
-+	}
- 
-	if (argc == 2) {
-		if (! freopen (argv[1], "r", stdin)) {
-			snprintf(buf, sizeof buf, "%s: %s", Prog, argv[1]);
-+	if (optind < argc) {
-+		if (! freopen (argv[optind], "r", stdin)) {
-+			snprintf(buf, sizeof buf, "%s: %s", Prog, argv[optind]);
- 			perror (buf);
- 			exit (1);
- 		}
-@@ -499,15 +536,36 @@
- 		if (fields[6][0])
- 			newpw.pw_shell = fields[6];
- 
-		if (newpw.pw_dir[0] && access(newpw.pw_dir, F_OK)) {
-			if (mkdir (newpw.pw_dir,
-					0777 & ~getdef_num("UMASK", 077)))
-				fprintf (stderr, "%s: line %d: mkdir failed\n",
-					Prog, line);
-			else if (chown (newpw.pw_dir,
-					newpw.pw_uid, newpw.pw_gid))
-				fprintf (stderr, "%s: line %d: chown failed\n",
-					Prog, line);
-+		if (newpw.pw_dir[0]) {
-+		        char * userdir = strdup (newpw.pw_dir);
-+			char * anonpart;
-+			int rc;
-+
-+			if ((anonpart = strstr (userdir, "/./"))) {
-+			        * anonpart = '\0';
-+				anonpart += 2;
-+			}
-+			
-+			if (access(userdir, F_OK))
-+				rc = createuserdir (userdir, newpw.pw_uid, newpw.pw_gid, line);
-+			else
-+				rc = 0;
-+
-+			if (rc == 0 && anonpart) {
-+				if (* anonproto) {
-+					char cmdbuf [BUFSIZ];
-+					snprintf(cmdbuf, sizeof cmdbuf,
-+						 "cd %s; tar xf %s",
-+						 userdir, anonproto);
-+					system (cmdbuf);
-+				}
-+				if (strlen (anonpart) > 1) {
-+					strcat (userdir, anonpart);
-+					if (access (userdir, F_OK))
-+						createuserdir (userdir, newpw.pw_uid, newpw.pw_gid, line);
-+				}
-+			}
-+			free (userdir);
- 		}
- 
- 		/*
@@ -0,0 +1,78 @@
+shadow (1:4.17.0~rc1-1) unstable; urgency=medium
+
+  Username checking now once again follows the upstream rules, for
+  an ecosystem-wide ruleset and security.
+
+ -- Chris Hofstaedtler <zeha@debian.org>  Sun, 22 Dec 2024 20:12:35 +0100
+
+shadow (1:4.16.0-5) unstable; urgency=medium
+
+  /var/log/faillog and the programs to read it are no longer part since
+  1:4.15.2-2.
+  The file isn't cleaned up automatically, which should be done manually,
+  unless it is still needed for special reasons.
+
+ -- Chris Hofstaedtler <zeha@debian.org>  Sat, 16 Nov 2024 15:48:35 +0100
+
+shadow (1:4.13+dfsg1-2) unstable; urgency=medium
+
+  The previous entry falsely states that PREVENT_NO_AUTH in /etc/login.defs
+  affects authentication.  The historical default of letting all users with
+  empty password field in without authentication is still in effect.
+
+ -- Balint Reczey <balint@balintreczey.hu>  Mon, 25 Sep 2023 17:04:09 +0200
+
+shadow (1:4.11.1+dfsg1-0exp1) experimental; urgency=medium
+
+  Login now prevents an empty password field to be interpreted as
+  "no authentication required" for UID 0 (root account).
+  The historical default of letting all users with empty password field
+  in without authentication can be restored in /etc/login.defs setting
+  PREVENT_NO_AUTH to "no".
+
+ -- Balint Reczey <balint@balintreczey.hu>  Sun, 07 Nov 2021 21:51:46 +0100
+
+shadow (1:4.7-1) unstable; urgency=medium
+
+  * /etc/securetty is no longer shipped by this package and it is no longer
+    honored in login's PAM configuration by default. Please see #731656 for the
+    details.
+
+ -- Balint Reczey <rbalint@ubuntu.com>  Thu, 20 Jun 2019 13:46:52 +0200
+
+shadow (1:4.0.15-5) unstable; urgency=low
+
+  * commands passed in argument to su must use su's -c option and must quote
+    the command if it contains a space, as in:
+        su - root -c "ls -l /"
+    The following commands won't work anymore:
+        su - root -c ls -l /
+        su - root "ls -l /"
+        su - root ls -l /
+
+ -- Christian Perrier <bubulle@debian.org>  Sat,  8 Apr 2006 20:11:38 +0200
+
+shadow (1:4.0.14-1) unstable; urgency=low
+
+  * passwd does not support the -f, -s, and -g options anymore. You should use
+    the chfn, chsh and gpasswd utilities instead.
+  * login now distributes the nologin utility, which can be used as a shell
+    to politely refuse a login
+
+ -- Christian Perrier <bubulle@debian.org>  Thu,  5 Jan 2006 08:47:44 +0100
+
+shadow (1:4.0.12-1) unstable; urgency=low
+
+  CLOSE_SESSIONS and other variables are not used anymore in
+  /etc/login/defs.
+  As shadow utilities which use this file now warn about unknown
+  entries there, administrators should remove such unknown entries.
+  The supplied login.defs file does not include them anymore.
+
+  dpasswd is no more distributed by upstream. Login do not support
+  dialup password anymore.  Re-introducing this functionality in
+  upstream is not trivial.
+
+
+ -- Christian Perrier <bubulle@debian.org>  Thu, 25 Aug 2005 08:38:47 +0200
+
@@ -0,0 +1,63 @@
+Read this file first for a brief overview of the current version
+of passwd.
+
+
+---Shadow passwords
+
+The command `shadowconfig on' will turn on shadow password support.
+This is the default. Turning off shadow passwords is not supported
+anymore.
+Together with shadow passwords, you get the ability to set password ages
+and expirations with chage(1).
+
+NOTE: If you use the nscd package, you may have problems with a
+slight delay in updating the password information. You may notice
+this during upgrades of certain packages that try to add a system
+user and then access the users information immediately afterwards.
+To avoid this, it is suggested that you stop the nscd daemon before
+upgrades, then restart it again.
+
+---General configuration
+
+Most of the configuration for the shadow utilities is in
+/etc/login.defs.  See login.defs(5).  The defaults are quite
+reasonable.
+
+Also see the /etc/pam.d/* files for each program to configure the PAM
+support. PAM documentation is available in several formats in the
+libpam-doc package.
+
+
+---Encryption
+
+This is enabled now using the /etc/pam.d/* files. Examples are given.
+
+
+---Adding users and groups
+
+Though you may add users and groups with the SysV type commands,
+useradd and groupadd, I recommend you add them with Debian adduser
+version 3+.  adduser gives you more configuration and conforms to the
+Debian UID and GID allocation.
+
+Editing user and group parameters can be done with usermod and
+groupmod.  Removing users and groups can be done with userdel and
+groupdel.
+
+
+--- Group administration
+
+Local group allocation is much easier.  With gpasswd(1) you can
+designate users to administer groups.  They can then securely add or
+remove users from the group.
+
+
+--- What to read next?
+
+Read the manpages, the other files in this directory, and the Shadow
+Password HOWTO (included in the doc-linux package).  A large portion
+of these files deals with getting shadow installed.  You can, of
+course, ignore those parts.
+
+Also, the libpam-doc package will go a long way to allowing you to take
+full advantage of the PAM authentication scheme.
@@ -0,0 +1,8 @@
+If you update the translation of upsteam files (thank you for that!) please
+submit a pull request upstream instead of filing a bug in the Debian BTS
+to get it reviewed and accepted faster.
+
+A testsuite is also available. Instruction on how to run this testsuite
+are available in tests/README
+
+ -- Balint Reczey <balint@balintreczey.hu>, Mon, 31 Jan 2022 14:07:11 +0100
@@ -0,0 +1,19 @@
+Things that should be done:
+ * Verify the files left in debian/tmp
+   + e.g. /etc/default/adduser should be installed
+ * Check the build system: rebuilding the package twoce in the same tree
+   doubles the size of the diff.gz file
+
+Other points (not related to the release of a syncronized shadow):
+ * compare the source with the usages and man pages
+   + probably add a sentence to chsh/chfn's manpages about authentication
+     required for ordinary users
+ * do something (a tool) for the variables in login.defs
+   In Debian, some tools are not compiled with the PAM support, so upstream
+   getdef.c won't be OK.
+   It should be nice to see in each man page the set of variables used.
+   The Debian package can now compile (export DEB_BUILD_OPTIONS='nostrip debug')
+   with the debugging informations. This may be used to extract the set of
+   variables used in Debian/for each tools.
+ * verify all the patches around (I've found patches for at least RedHat,
+   OWL, LFS, Mandriva, Gentoo; are they already applied?)
@@ -0,0 +1,25 @@
+This described the usertags used by the team.
+
+For usertags documentation, see
+http://lists.debian.org/debian-devel-announce/2005/09/msg00002.html
+
+All bugs tagged by team members must be tagged with 
+"user pkg-shadow-devel@lists.alioth.debian.org"
+
+Tags list
+---------
+
+toclose:         This bug has been announced to be closed in case no more news
+                 or information is received from the bug submitter or someone
+                 else until the delay specified in the limits_YYYYMMDD tag
+
+limits-YYYYMMDD: combine it with "toclose". Specifies the date after which
+                 bugs can be closed without other action in case no news 
+                 is received
+
+manpages-replace A bug reported angainst a manpages-xx package to indicate
+                 conflicting man pages. This tag can be used to tune the
+                 Replaces fields.
+
+su-transition:   This bug is related to the su transition (#276419)
+
@@ -0,0 +1,91 @@
+Source: shadow
+Maintainer: Shadow package maintainers <pkg-shadow-devel@lists.alioth.debian.org>
+Uploaders:
+ Serge Hallyn <serge@hallyn.com>,
+ Chris Hofstaedtler <zeha@debian.org>
+Section: admin
+Priority: required
+Build-Depends:
+ debhelper-compat (= 13),
+ dh-package-notes,
+ dh-sequence-zz-debputy-rrr (>= 0.1.23~),
+ docbook-xml <!nodoc>,
+ docbook-xsl <!nodoc>,
+ gettext,
+ itstool <!nodoc>,
+ libacl1-dev,
+ libattr1-dev,
+ libaudit-dev [linux-any],
+ libbsd-dev,
+ libcrypt-dev,
+ libltdl-dev,
+ libpam0g-dev,
+ libselinux1-dev [linux-any],
+ libsemanage-dev [linux-any],
+ libsystemd-dev [linux-any],
+ libxml2-utils <!nodoc>,
+ pkgconf,
+ systemd-dev [linux-any],
+ xsltproc <!nodoc>
+Standards-Version: 4.7.0
+Vcs-Git: https://salsa.debian.org/debian/shadow.git -b master
+Vcs-Browser: https://salsa.debian.org/debian/shadow
+Homepage: https://github.com/shadow-maint/shadow
+Rules-Requires-Root: no
+
+Package: passwd
+Architecture: any
+Multi-Arch: foreign
+Depends:
+ base-passwd (>= 3.6.4),
+ libpam-modules,
+ login.defs
+Recommends:
+ sensible-utils
+Replaces:
+ login (<< 1:4.16.0-2~)
+Description: change and administer password and group data
+ This package includes passwd, chsh, chfn, and many other programs to
+ maintain password and group data.
+ .
+ Shadow passwords are supported.  See /usr/share/doc/passwd/README.Debian
+
+Package: login.defs
+Architecture: all
+Multi-Arch: foreign
+Replaces:
+ login (<< 1:4.16.0-2~)
+Description: system user management configuration
+ This package provides the login.defs configuration file,
+ used by otherwise unrelated tools managing system users.
+
+Package: uidmap
+Architecture: any
+Multi-Arch: foreign
+Priority: optional
+Description: programs to help use subuids
+ These programs help unprivileged users to create uid and gid mappings in
+ user namespaces.
+
+Package: libsubid5
+Section: libs
+Priority: optional
+Architecture: any
+Multi-Arch: same
+Description: subordinate id handling library -- shared library
+ The library provides an interface for querying, granding and ungranting
+ subordinate user and group ids.
+
+Package: libsubid-dev
+Section: libdevel
+Priority: optional
+Architecture: any
+Multi-Arch: same
+Depends:
+ libsubid5 (= ${binary:Version})
+Description: subordinate id handling library -- shared library
+ The library provides an interface for querying, granding and ungranting
+ subordinate user and group ids.
+ .
+ This package contains the C header files that are
+ needed for applications to use the libsubid library.
@@ -0,0 +1,177 @@
+Format: https://www.debian.org/doc/packaging-manuals/copyright-format/1.0/
+Upstream-Name: Shadow
+Source: https://github.com/shadow-maint/shadow
+
+Files: *
+Copyright: 1989-1994, Julianne Frances Haugh
+           2016-2024, Serge Hallyn <serge@hallyn.com>
+License: BSD-3-clause
+
+Files: man/po/da.po
+       man/po/de.po
+       man/tr/man1/su.1
+       po/da.po
+       po/de.po
+       po/es.po
+       po/eu.po
+       po/fi.po
+       po/gl.po
+       po/it.po
+       po/kk.po
+       po/nb.po
+       po/nl.po
+       po/nn.po
+       po/pl.po
+       po/pt_BR.po
+       po/ru.po
+       po/sq.po
+       po/sv.po
+       po/vi.po
+Copyright: 1999-2015, Free Software Foundation, Inc
+License: BSD-3-clause
+
+Files: man/fi/man1/chfn.1
+       man/id/man1/*
+       man/ko/man1/chfn.1
+       man/ko/man1/chsh.1
+       man/tr/man1/chfn.1
+       man/zh_TW/man1/chfn.1
+       man/zh_TW/man1/chsh.1
+Copyright: 1994, salvatore valente <svalente@athena.mit.edu>
+License: GPL-1
+
+Files: man/pt_BR/man8/*
+       man/zh_TW/man8/usermod.8
+Copyright: 1991-1994, Julianne Frances Haugh
+License: BSD-3-clause
+
+Files: man/hu/man1/gpasswd.1
+       man/ja/man1/gpasswd.1
+       man/pt_BR/man1/*
+Copyright: 1996, Rafal Maszkowski <rzm@pdi.net>
+License: BSD-3-clause
+
+Files: man/id/man1/login.1
+       man/ko/man1/login.1
+       man/tr/man1/login.1
+Copyright: 1993, Rickard E. Faith <faith@cs.unc.edu>
+License: BSD-3-clause
+
+Files: man/ja/man5/limits.5
+       man/ja/man8/vipw.8
+Copyright: 2001, Maki KURODA
+License: BSD-3-clause
+
+Files: man/pt_BR/man5/passwd.5
+       man/tr/man5/passwd.5
+Copyright: 1993, Michael Haardt <michael@moria.de>
+License: GPL-2+
+
+Files: man/ja/man1/chage.1
+       man/ja/man5/suauth.5
+Copyright: 1997, Kazuyoshi Furutaka
+License: BSD-3-clause
+
+Files: man/po/fr.po
+       po/fr.po
+Copyright: 2011-2013, Debian French l10n team <debian-l10n-french@lists.debian.org>
+License: BSD-3-clause
+
+Files: man/zh_TW/man5/*
+Copyright: 1993, Michael Haardt <michael@moria.de>
+           1993, Scorpio, www.linuxforum.net
+License: GPL-2+
+
+Files: man/hu/man5/*
+Copyright: 1993, Michael Haardt <u31b3hs@pool.informatik.rwth-aachen.de>
+License: GPL-2+
+
+Files: lib/subordinateio.h
+Copyright: 2012, Eric W. Biederman
+License: BSD-3-clause
+
+Files: man/hu/man1/su.1
+Copyright: 1999, Ragnar Hojland Espinosa <ragnar@macula.net>
+License: BSD-3-clause
+
+Files: man/ja/man8/pwconv.8
+Copyright: 2001, Yuichi SATO
+License: BSD-3-clause
+
+Files: src/login_nopam.c
+Copyright: 1995, Wietse Venema
+License: BSD-3-clause
+
+Files: src/su.c
+Copyright: 1989 - 1994, Julianne Frances Haugh
+           1996 - 2000, Marek Michałkiewicz
+           2000 - 2006, Tomasz Kłoczko
+           2007 - 2013, Nicolas François
+License: GPL-2+
+
+Files: src/vipw.c
+Copyright: 1997, Guy Maor <maor@ece.utexas.edu>
+           1999 - 2000, Marek Michałkiewicz
+           2002 - 2006, Tomasz Kłoczko
+           2007 - 2013, Nicolas François
+License: GPL-2+
+
+Files: man/ko/man5/*
+Copyright: 2000, ASPLINUX <man@asp-linux.co.kr>
+License: GPL-2+
+
+Files: debian/*
+Copyright: 1999-2001, Ben Collins <bcollins@debian.org>
+           2001-2004 Karl Ramm <kcr@debian.org>
+           2004-2014 Christian Perrier <bubulle@debian.org>
+           2006-2012 Nicolas Francois (Nekral) <nicolas.francois@centraliens.net>
+           2017-2022 Balint Reczey <balint@balintreczey.hu>
+License: BSD-3-clause
+
+Files: debian/passwd.expire.cron
+Copyright: 1999, Ben Collins <bcollins@debian.org>
+License: BSD-3-clause
+
+License: BSD-3-clause
+ All rights reserved.
+ .
+ Redistribution and use in source and binary forms, with or without
+ modification, are permitted provided that the following conditions
+ are met:
+ 1. Redistributions of source code must retain the above copyright
+    notice, this list of conditions and the following disclaimer.
+ 2. Redistributions in binary form must reproduce the above copyright
+    notice, this list of conditions and the following disclaimer in the
+    documentation and/or other materials provided with the distribution.
+ 3. Neither the name of the University nor the names of its contributors
+    may be used to endorse or promote products derived from this software
+    without specific prior written permission.
+ .
+ THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+ ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+ FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ SUCH DAMAGE.
+
+License: GPL-1
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; version 1
+ .
+ On Debian systems, the complete text of version 1 of the GNU General
+ Public License can be found in '/usr/share/common-licenses/GPL-1'.
+
+License: GPL-2+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; version 2 dated June, 1991, or (at
+ your option) any later version.
+ .
+ On Debian systems, the complete text of version 2 of the GNU General
+ Public License can be found in '/usr/share/common-licenses/GPL-2'.
@@ -0,0 +1,24 @@
+manifest-version: '0.1'
+packages:
+  passwd:
+    transformations:
+    - path-metadata:
+        paths:
+        - usr/bin/chfn
+        - usr/bin/chsh
+        - usr/bin/gpasswd
+        - usr/bin/passwd
+        mode: "u=rwxs,go=rx"
+    - path-metadata:
+        paths:
+        - usr/bin/chage
+        - usr/bin/expiry
+        group: "shadow"
+        mode: "u=rwx,go=rxs"
+  uidmap:
+    transformations:
+    - path-metadata:
+        paths:
+        - usr/bin/newgidmap
+        - usr/bin/newuidmap
+        mode: "u=rwxs,go=rx"
@@ -0,0 +1,37 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DSHELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/sh
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+# GROUP=100
+#
+# The default home directory. Same as DHOME for adduser
+# HOME=/home
+#
+# The number of days after a password expires until the account 
+# is permanently disabled
+# INACTIVE=-1
+#
+# The default expire date
+# EXPIRE=
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=no
+
@@ -0,0 +1,16 @@
+Build-Depends:
+==============
+ * gettext
+   POT, PO, GMO regenerated?
+ * xsltproc
+   used to generate the manpages
+ * docbook-xsl
+   needed for /usr/share/xml/docbook/stylesheet/nwalsh/manpages/docbook.xsl
+ * docbook-xml
+   manpages/docbook.xsl includes html/docbook.xsl
+   (But it is not strictly needed. The generated manpages are identical.
+   Without it, a warning is generated.)
+   Needed by JH_CHECK_XML_CATALOG([-//OASIS//DTD DocBook XML V4.1.2//EN], [DocBook XML DTD V4.1.2], [], enable_man=no)
+ * libxml2-utils
+   needed by the JH_CHECK_XML_CATALOG macros
+
@@ -0,0 +1,7 @@
+[DEFAULT]
+upstream-branch = upstream
+pristine-tar = True
+sign-tags = True
+
+[pq]
+patch-numbers = False
@@ -0,0 +1,7 @@
+variables:
+  RELEASE: 'unstable'
+  # workaround for https://salsa.debian.org/salsa-ci-team/pipeline/-/issues/259
+  SALSA_CI_REPROTEST_ARGS: --vary=domain_host.use_sudo=1
+include:
+ - https://salsa.debian.org/salsa-ci-team/pipeline/raw/master/salsa-ci.yml
+ - https://salsa.debian.org/salsa-ci-team/pipeline/raw/master/pipeline-jobs.yml
@@ -0,0 +1,3 @@
+usr/include/*
+usr/lib/*/libsubid.a
+usr/lib/*/libsubid.so
@@ -0,0 +1 @@
+usr/lib/*/libsubid.so.*
@@ -0,0 +1,11 @@
+libsubid.so.5 libsubid5 #MINVER#
+ subid_free@Base 1:4.16.0
+ subid_get_gid_owners@Base 1:4.16.0
+ subid_get_gid_ranges@Base 1:4.16.0
+ subid_get_uid_owners@Base 1:4.16.0
+ subid_get_uid_ranges@Base 1:4.16.0
+ subid_grant_gid_range@Base 1:4.16.0
+ subid_grant_uid_range@Base 1:4.16.0
+ subid_init@Base 1:4.16.0
+ subid_ungrant_gid_range@Base 1:4.16.0
+ subid_ungrant_uid_range@Base 1:4.16.0
@@ -0,0 +1 @@
+etc/login.defs etc
@@ -0,0 +1,2 @@
+usr/share/man/*/man5/login.defs.5
+usr/share/man/man5/login.defs.5
@@ -0,0 +1,26 @@
+#!/bin/sh
+
+set -e
+
+_adopt_conffile() {
+    conffile=$1
+    pkg=$2
+
+    [ -f ${conffile}.dpkg-bak ] || return 0
+
+    md5sum="$(md5sum ${conffile} | sed -e 's/ .*//')"
+    old_md5sum="$(dpkg-query -W -f='${Conffiles}' $pkg | \
+                        sed -n -e "\' ${conffile} ' { s/ obsolete$//; s/.* //; p }")"
+    # On new installs, if the conffile was preserved on upgrade by
+    # dpkg-maintscript helper, copy it back if the new file has not been
+    # modified yet
+    if [ "$md5sum" = "$old_md5sum" ]; then
+        mv ${conffile}.dpkg-bak ${conffile}
+    fi
+}
+
+if [ "$1" = configure ] && [ -z "$2" ]; then
+    _adopt_conffile /etc/login.defs login.defs
+fi
+
+#DEBHELPER#
@@ -0,0 +1,54 @@
+bin/groups
+bin/login
+# Workaround debhelper complaining about login.defs, although we install it.
+etc/login.defs
+etc/pam.d/chfn
+etc/pam.d/chage
+etc/pam.d/chpasswd
+etc/pam.d/chsh
+etc/pam.d/groupadd
+etc/pam.d/groupdel
+etc/pam.d/groupmems
+etc/pam.d/groupmod
+etc/pam.d/login
+etc/pam.d/newusers
+etc/pam.d/passwd
+etc/pam.d/useradd
+etc/pam.d/userdel
+etc/pam.d/usermod
+sbin/nologin
+usr/bin/newgrp
+usr/bin/faillog
+usr/bin/sg
+usr/lib/*/libsubid.la
+usr/sbin/groupmems
+usr/sbin/logoutd
+usr/sbin/vigr
+usr/share/man/*/man1/groups.1
+usr/share/man/*/man1/login.1
+usr/share/man/*/man1/logoutd.1
+usr/share/man/*/man1/newgrp.1
+usr/share/man/*/man1/sg.1
+usr/share/man/*/man1/su.1
+usr/share/man/*/man3/getspnam.3
+usr/share/man/*/man3/shadow.3
+usr/share/man/*/man5/faillog.5
+usr/share/man/*/man5/suauth.5
+usr/share/man/*/man8/faillog.8
+usr/share/man/*/man8/groupmems.8
+usr/share/man/*/man8/logoutd.8
+usr/share/man/*/man8/nologin.8
+usr/share/man/man1/groups.1
+usr/share/man/man1/login.1
+usr/share/man/man1/logoutd.1
+usr/share/man/man1/newgrp.1
+usr/share/man/man1/sg.1
+usr/share/man/man1/su.1
+usr/share/man/man3/getspnam.3
+usr/share/man/man3/shadow.3
+usr/share/man/man5/faillog.5
+usr/share/man/man5/suauth.5
+usr/share/man/man8/faillog.8
+usr/share/man/man8/groupmems.8
+usr/share/man/man8/logoutd.8
+usr/share/man/man8/nologin.8
@@ -0,0 +1,8 @@
+# The PAM configuration file for the Shadow 'chage' service
+#
+
+# This allows root to change password aging being prompted for a password
+auth		sufficient	pam_rootok.so
+
+# checks for account validity
+account	required	pam_permit.so
@@ -0,0 +1,16 @@
+#
+# The PAM configuration file for the Shadow `chfn' service
+#
+
+# This allows root to change user infomation without being
+# prompted for a password
+auth		sufficient	pam_rootok.so
+
+# The standard Unix authentication modules, used with
+# NIS (man nsswitch) as well as normal /etc/passwd and
+# /etc/shadow entries.
+@include common-auth
+@include common-account
+@include common-session
+
+
@@ -0,0 +1,5 @@
+# The PAM configuration file for the Shadow 'chpasswd' service
+#
+
+@include common-password
+
@@ -0,0 +1,20 @@
+#
+# The PAM configuration file for the Shadow `chsh' service
+#
+
+# This will not allow a user to change their shell unless
+# their current one is listed in /etc/shells. This keeps
+# accounts with special shells from changing them.
+auth       required   pam_shells.so
+
+# This allows root to change user shell without being
+# prompted for a password
+auth		sufficient	pam_rootok.so
+
+# The standard Unix authentication modules, used with
+# NIS (man nsswitch) as well as normal /etc/passwd and
+# /etc/shadow entries.
+@include common-auth
+@include common-account
+@include common-session
+
@@ -0,0 +1,2 @@
+etc/default
+usr/share/lintian/overrides
@@ -0,0 +1 @@
+debian/passwd.expire.cron
@@ -0,0 +1,57 @@
+#!/usr/bin/perl
+#
+# passwd.expire.cron: sample expiry notification script for use as a cronjob
+#
+# Copyright 1999 by Ben Collins <bcollins@debian.org>, complete rights granted
+# for use, distribution, modification, etc.
+#
+# Usage:
+#	edit the listed options, including the actual email, then rename to
+#	/etc/cron.daily/passwd
+#
+#	If your users don't have a valid login shell (ie. they are ftp or mail
+#	users only), they will need some other way to change their password
+#	(telnet will work since login will handle password aging, or a poppasswd
+#	program, if they are mail users).
+
+# <CONFIG> #
+
+# should be same as /etc/adduser.conf
+$LOW_UID=1000;
+$HIGH_UID=29999;
+
+# this let's the MTA handle the domain,
+# set it manually if you want. Make sure
+# you also add the @ like "\@domain.com"
+$MAIL_DOM="";
+
+# </CONFIG> #
+
+# Set the current day reference
+$curdays = int(time() / (60 * 60 * 24));
+
+# Now go through the list
+
+open(SH, "< /etc/shadow");
+while (<SH>) {
+    @shent = split(':', $_);
+    @userent = getpwnam($shent[0]);
+    if ($userent[2] >= $LOW_UID && $userent[2] <= $HIGH_UID) {
+	if ($curdays > $shent[2] + $shent[4] - $shent[5] &&
+		$shent[4] != -1 && $shent[4] != 0 &&
+		$shent[5] != -1 && $shent[5] != 0) {
+	    $daysleft = ($shent[2] + $shent[4]) - $curdays;
+	    if ($daysleft == 1) { $days = "day"; } else {$days = "days"; }
+            if ($daysleft < 0) { next; }
+	    open (MAIL, "| mail -s '[WARNING] account will expire in $daysleft $days' $shent[0]${MAIL_DOM}");
+	    print MAIL <<EOF;
+Your account will expire in $daysleft $days. Please change your password before
+then or your account will expire
+EOF
+	    close (MAIL);
+	    # This makes sure we also get a list of almost expired users
+	    print "$shent[0]'s account will expire in $daysleft days\n";
+	}
+    }
+    @userent = getpwent();
+}
@@ -0,0 +1,8 @@
+# The PAM configuration file for the Shadow 'groupadd' service
+#
+
+# This allows root to add groups without being prompted for a password
+auth		sufficient	pam_rootok.so
+
+# checks for account validity
+account	required	pam_permit.so
@@ -0,0 +1,8 @@
+# The PAM configuration file for the Shadow 'groupdel' service
+#
+
+# This allows root to remove groups without being prompted for a password
+auth		sufficient	pam_rootok.so
+
+# checks for account validity
+account	required	pam_permit.so
@@ -0,0 +1,8 @@
+# The PAM configuration file for the Shadow 'groupmod' service
+#
+
+# This allows root to modify groups without being prompted for a password
+auth		sufficient	pam_rootok.so
+
+# checks for account validity
+account	required	pam_permit.so
@@ -0,0 +1,25 @@
+debian/default/useradd etc/default
+debian/shadowconfig usr/sbin
+usr/bin/chage
+usr/bin/chfn
+usr/bin/chsh
+usr/bin/expiry
+usr/bin/gpasswd
+usr/bin/passwd
+usr/sbin/chgpasswd
+usr/sbin/chpasswd
+usr/sbin/groupadd
+usr/sbin/groupdel
+usr/sbin/groupmod
+usr/sbin/grpck
+usr/sbin/grpconv
+usr/sbin/grpunconv
+usr/sbin/newusers
+usr/sbin/pwck
+usr/sbin/pwconv
+usr/sbin/pwunconv
+usr/sbin/useradd
+usr/sbin/userdel
+usr/sbin/usermod
+usr/sbin/vipw
+usr/share/locale/*/LC_MESSAGES/shadow.mo
@@ -0,0 +1 @@
+usr/sbin/vipw usr/sbin/vigr
@@ -0,0 +1,6 @@
+passwd: elevated-privileges 2755 root/shadow [usr/bin/chage]
+passwd: elevated-privileges 4755 root/root [usr/bin/chfn]
+passwd: elevated-privileges 4755 root/root [usr/bin/chsh]
+passwd: elevated-privileges 2755 root/shadow [usr/bin/expiry]
+passwd: elevated-privileges 4755 root/root [usr/bin/gpasswd]
+passwd: elevated-privileges 4755 root/root [usr/bin/passwd]
@@ -0,0 +1 @@
+rm_conffile /etc/cron.daily/passwd 1:4.7-2~
@@ -0,0 +1,57 @@
+usr/share/man/*/man1/chage.1
+usr/share/man/*/man1/chfn.1
+usr/share/man/*/man1/chsh.1
+usr/share/man/*/man1/expiry.1
+usr/share/man/*/man1/gpasswd.1
+usr/share/man/*/man1/passwd.1
+usr/share/man/*/man5/gshadow.5
+usr/share/man/*/man5/passwd.5
+usr/share/man/*/man5/shadow.5
+usr/share/man/*/man5/subgid.5
+usr/share/man/*/man5/subuid.5
+usr/share/man/*/man8/chgpasswd.8
+usr/share/man/*/man8/chpasswd.8
+usr/share/man/*/man8/groupadd.8
+usr/share/man/*/man8/groupdel.8
+usr/share/man/*/man8/groupmod.8
+usr/share/man/*/man8/grpck.8
+usr/share/man/*/man8/grpconv.8
+usr/share/man/*/man8/grpunconv.8
+usr/share/man/*/man8/newusers.8
+usr/share/man/*/man8/pwck.8
+usr/share/man/*/man8/pwconv.8
+usr/share/man/*/man8/pwunconv.8
+usr/share/man/*/man8/useradd.8
+usr/share/man/*/man8/userdel.8
+usr/share/man/*/man8/usermod.8
+usr/share/man/*/man8/vigr.8
+usr/share/man/*/man8/vipw.8
+usr/share/man/man1/chage.1
+usr/share/man/man1/chfn.1
+usr/share/man/man1/chsh.1
+usr/share/man/man1/expiry.1
+usr/share/man/man1/gpasswd.1
+usr/share/man/man1/passwd.1
+usr/share/man/man5/gshadow.5
+usr/share/man/man5/passwd.5
+usr/share/man/man5/shadow.5
+usr/share/man/man5/subgid.5
+usr/share/man/man5/subuid.5
+usr/share/man/man8/chgpasswd.8
+usr/share/man/man8/chpasswd.8
+usr/share/man/man8/groupadd.8
+usr/share/man/man8/groupdel.8
+usr/share/man/man8/groupmod.8
+usr/share/man/man8/grpck.8
+usr/share/man/man8/grpconv.8
+usr/share/man/man8/grpunconv.8
+usr/share/man/man8/newusers.8
+usr/share/man/man8/pwck.8
+usr/share/man/man8/pwconv.8
+usr/share/man/man8/pwunconv.8
+usr/share/man/man8/shadowconfig.8
+usr/share/man/man8/useradd.8
+usr/share/man/man8/userdel.8
+usr/share/man/man8/usermod.8
+usr/share/man/man8/vigr.8
+usr/share/man/man8/vipw.8
@@ -0,0 +1,5 @@
+# The PAM configuration file for the Shadow 'newusers' service
+#
+
+@include common-password
+
@@ -0,0 +1,6 @@
+#
+# The PAM configuration file for the Shadow `passwd' service
+#
+
+@include common-password
+
@@ -0,0 +1,30 @@
+#!/bin/sh
+
+set -e
+
+case "$1" in
+configure)
+	if ! getent group shadow | grep -q '^shadow:[^:]*:42'
+	then
+		groupadd -g 42 shadow || (
+    			cat <<EOF
+Group ID 42 has been allocated for the shadow group.  You have either
+used 42 yourself or created a shadow group with a different ID.
+Please correct this problem and reconfigure with ``dpkg --configure passwd''.
+
+Note that both user and group IDs in the range 0-99 are globally
+allocated by the Debian project and must be the same on every Debian
+system.
+EOF
+    			exit 1
+		)
+	fi
+    ;;
+esac
+
+# Run shadowconfig only on new installs
+[ -z "$2" ] && shadowconfig on
+
+#DEBHELPER#
+
+exit 0
@@ -0,0 +1,8 @@
+# If a password operation is in progress and we lose power, stale lockfiles
+# can be left behind.  Clear them on boot.
+r! /etc/gshadow.lock
+r! /etc/shadow.lock
+r! /etc/passwd.lock
+r! /etc/group.lock
+r! /etc/subuid.lock
+r! /etc/subgid.lock
@@ -0,0 +1,8 @@
+# The PAM configuration file for the Shadow 'useradd' service
+#
+
+# This allows root to add users without being prompted for a password
+auth		sufficient	pam_rootok.so
+
+# checks for account validity
+account	required	pam_permit.so
@@ -0,0 +1,8 @@
+# The PAM configuration file for the Shadow 'userdel' service
+#
+
+# This allows root to remove users without being prompted for a password
+auth		sufficient	pam_rootok.so
+
+# checks for account validity
+account	required	pam_permit.so
@@ -0,0 +1,8 @@
+# The PAM configuration file for the Shadow 'groupdel' service
+#
+
+# This allows root to remove groups without being prompted for a password
+auth		sufficient	pam_rootok.so
+
+# checks for account validity
+account	required	pam_permit.so
@@ -0,0 +1,493 @@
+From: Shadow package maintainers <pkg-shadow-devel@lists.alioth.debian.org>
+Date: Sun, 7 Jul 2024 14:06:39 +0200
+Subject: Adapt login.defs for Debian
+
+Remove settings only applicable to shadow's su, which we do not use.
+Remove settings only applicable without PAM support enabled.
+Remove obscure commented-out settings.
+Remove explanation about write(1), which Debian does not ship anymore.
+---
+ etc/login.defs | 367 ++++-----------------------------------------------------
+ 1 file changed, 25 insertions(+), 342 deletions(-)
+
+diff --git a/etc/login.defs b/etc/login.defs
+index 966724c..94c6af1 100644
+--- a/etc/login.defs
+++ b/etc/login.defs
+@@ -1,133 +1,20 @@
+ #
+ # /etc/login.defs - Configuration control definitions for the shadow package.
+ #
+-#	$Id$
+-#
+-
+-#
+-# Delay in seconds before being allowed another attempt after a login failure
+-# Note: when PAM is used, some modules may enforce a minimum delay (e.g.
+-#       pam_unix(8) enforces a 2s delay)
+-#
+-FAIL_DELAY		3
+-
+-#
+-# Enable logging and display of /var/log/faillog login(1) failure info.
+-#
+-FAILLOG_ENAB		yes
+ 
+ #
+ # Enable display of unknown usernames when login(1) failures are recorded.
+ #
+# WARNING: Unknown usernames may become world readable.
+# See #290803 and #298773 for details about how this could become a security
+# concern
+ LOG_UNKFAIL_ENAB	no
+ 
+-#
+-# Enable logging of successful logins
+-#
+-LOG_OK_LOGINS		no
+-
+-#
+-# Enable logging and display of /var/log/lastlog login(1) time info.
+-#
+-LASTLOG_ENAB		yes
+-
+-#
+-# Limit the highest user ID number for which the lastlog entries should
+-# be updated.
+-#
+-# No LASTLOG_UID_MAX means that there is no user ID limit for writing
+-# lastlog entries.
+-#
+-#LASTLOG_UID_MAX
+-
+-#
+-# Enable checking and display of mailbox status upon login.
+-#
+-# Disable if the shell startup files already check for mail
+-# ("mailx -e" or equivalent).
+-#
+-MAIL_CHECK_ENAB		yes
+-
+-#
+-# Enable additional checks upon password changes.
+-#
+-OBSCURE_CHECKS_ENAB	yes
+-
+-#
+-# Enable checking of time restrictions specified in /etc/porttime.
+-#
+-PORTTIME_CHECKS_ENAB	yes
+-
+-#
+-# Enable setting of ulimit, umask, and niceness from passwd(5) gecos field.
+-#
+-QUOTAS_ENAB		yes
+-
+-#
+-# Enable "syslog" logging of su(1) activity - in addition to sulog file logging.
+-# SYSLOG_SG_ENAB does the same for newgrp(1) and sg(1).
+-#
+-SYSLOG_SU_ENAB		yes
+-SYSLOG_SG_ENAB		yes
+-
+-#
+-# If defined, either full pathname of a file containing device names or
+-# a ":" delimited list of device names.  Root logins will be allowed only
+-# from these devices.
+-#
+-CONSOLE		/etc/securetty
+-#CONSOLE	console:tty01:tty02:tty03:tty04
+-
+-#
+-# If defined, all su(1) activity is logged to this file.
+-#
+-#SULOG_FILE	/var/log/sulog
+-
+-#
+-# If defined, ":" delimited list of "message of the day" files to
+-# be displayed upon login.
+-#
+-MOTD_FILE	/etc/motd
+-#MOTD_FILE	/etc/motd:/usr/lib/news/news-motd
+-
+-#
+-# If defined, this file will be output before each login(1) prompt.
+-#
+-#ISSUE_FILE	/etc/issue
+-
+-#
+-# If defined, file which maps tty line to TERM environment parameter.
+-# Each line of the file is in a format similar to "vt100  tty01".
+-#
+-#TTYTYPE_FILE	/etc/ttytype
+-
+-#
+-# If defined, login(1) failures will be logged here in a utmp format.
+-# last(1), when invoked as lastb(1), will read /var/log/btmp, so...
+-#
+-FTMP_FILE	/var/log/btmp
+-
+-#
+-# If defined, name of file whose presence will inhibit non-root
+-# logins.  The content of this file should be a message indicating
+-# why logins are inhibited.
+-#
+-NOLOGINS_FILE	/etc/nologin
+-
+-#
+-# If defined, the command name to display when running "su -".  For
+-# example, if this is defined as "su" then ps(1) will display the
+-# command as "-su".  If not defined, then ps(1) will display the
+-# name of the shell actually being run, e.g. something like "-sh".
+-#
+-SU_NAME		su
+-
+-#
+-# *REQUIRED*
+# REQUIRED for useradd/userdel/usermod
+ #   Directory where mailboxes reside, _or_ name of file, relative to the
+ #   home directory.  If you _do_ define both, MAIL_DIR takes precedence.
+ #
+-MAIL_DIR	/var/spool/mail
+MAIL_DIR	/var/mail
+ #MAIL_FILE	.mail
+ 
+ #
+@@ -139,40 +26,21 @@ MAIL_DIR	/var/spool/mail
+ HUSHLOGIN_FILE	.hushlogin
+ #HUSHLOGIN_FILE	/etc/hushlogins
+ 
+-#
+-# If defined, either a TZ environment parameter spec or the
+-# fully-rooted pathname of a file containing such a spec.
+-#
+-#ENV_TZ		TZ=CST6CDT
+-#ENV_TZ		/etc/tzname
+-
+-#
+-# If defined, an HZ environment parameter spec.
+-#
+-# for Linux/x86
+-ENV_HZ		HZ=100
+-# For Linux/Alpha...
+-#ENV_HZ		HZ=1024
+-
+ #
+ # *REQUIRED*  The default PATH settings, for superuser and normal users.
+ #
+ # (they are minimal, add the rest in the shell startup files)
+-ENV_SUPATH	PATH=/sbin:/bin:/usr/sbin:/usr/bin
+-ENV_PATH	PATH=/bin:/usr/bin
+ENV_SUPATH	PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+ENV_PATH	PATH=/usr/local/bin:/usr/bin:/bin:/usr/local/games:/usr/games
+ 
+ #
+-# Terminal permissions
+# Terminal permissions for terminals after login(1).
+# These settings are ignored for remote and other logins.
+ #
+ #	TTYGROUP	Login tty will be assigned this group ownership.
+ #	TTYPERM		Login tty will be set to this permission.
+ #
+-# If you have a write(1) program which is "setgid" to a special group
+-# which owns the terminals, define TTYGROUP as the number of such group
+-# and TTYPERM as 0620.  Otherwise leave TTYGROUP commented out and
+-# set TTYPERM to either 622 or 600.
+-#
+-TTYGROUP	tty
+#TTYGROUP	tty
+ TTYPERM		0600
+ 
+ #
+@@ -180,61 +48,35 @@ TTYPERM		0600
+ #
+ #	ERASECHAR	Terminal ERASE character ('\010' = backspace).
+ #	KILLCHAR	Terminal KILL character ('\025' = CTRL/U).
+-#	ULIMIT		Default "ulimit" value.
+ #
+ # The ERASECHAR and KILLCHAR are used only on System V machines.
+-# The ULIMIT is used only if the system supports it.
+-# (now it works with setrlimit too; ulimit is in 512-byte units)
+-#
+-# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
+ #
+ ERASECHAR	0177
+ KILLCHAR	025
+-#ULIMIT		2097152
+-
+-# Default initial "umask" value used by login(1) on non-PAM enabled systems.
+-# Default "umask" value for pam_umask(8) on PAM enabled systems.
+-# UMASK is also used by useradd(8) and newusers(8) to set the mode for new
+-# home directories if HOME_MODE is not set.
+-# 022 is the default value, but 027, or even 077, could be considered
+-# for increased privacy. There is no One True Answer here: each sysadmin
+-# must make up their mind.
+-UMASK		022
+ 
+ # HOME_MODE is used by useradd(8) and newusers(8) to set the mode for new
+ # home directories.
+-# If HOME_MODE is not set, the value of UMASK is used to create the mode.
+-#HOME_MODE	0700
+HOME_MODE	0700
+ 
+ #
+ # Password aging controls:
+ #
+ #	PASS_MAX_DAYS	Maximum number of days a password may be used.
+ #	PASS_MIN_DAYS	Minimum number of days allowed between password changes.
+-#	PASS_MIN_LEN	Minimum acceptable password length.
+ #	PASS_WARN_AGE	Number of days warning given before a password expires.
+ #
+ PASS_MAX_DAYS	99999
+ PASS_MIN_DAYS	0
+-PASS_MIN_LEN	5
+ PASS_WARN_AGE	7
+ 
+-#
+-# If "yes", the user must be listed as a member of the first gid 0 group
+-# in /etc/group (called "root" on most Linux systems) to be able to "su"
+-# to uid 0 accounts.  If the group doesn't exist or is empty, no one
+-# will be able to "su" to uid 0.
+-#
+-SU_WHEEL_ONLY	no
+-
+ #
+ # Min/max values for automatic uid selection in useradd(8)
+ #
+ UID_MIN			 1000
+ UID_MAX			60000
+ # System accounts
+-SYS_UID_MIN		  101
+-SYS_UID_MAX		  999
+#SYS_UID_MIN		  101
+#SYS_UID_MAX		  999
+ # Extra per user uids
+ SUB_UID_MIN		   100000
+ SUB_UID_MAX		600100000
+@@ -246,8 +88,8 @@ SUB_UID_COUNT		    65536
+ GID_MIN			 1000
+ GID_MAX			60000
+ # System accounts
+-SYS_GID_MIN		  101
+-SYS_GID_MAX		  999
+#SYS_GID_MIN		  101
+#SYS_GID_MAX		  999
+ # Extra per user group ids
+ SUB_GID_MIN		   100000
+ SUB_GID_MAX		600100000
+@@ -255,6 +97,9 @@ SUB_GID_COUNT		    65536
+ 
+ #
+ # Max number of login(1) retries if password is bad
+# This will most likely be overriden by PAM, since the default pam_unix module
+# has it's own built in of 3 retries. However, this is a safe fallback in case
+# you are using an authentication module that does not enforce PAM_MAXTRIES.
+ #
+ LOGIN_RETRIES		5
+ 
+@@ -263,28 +108,6 @@ LOGIN_RETRIES		5
+ #
+ LOGIN_TIMEOUT		60
+ 
+-#
+-# Maximum number of attempts to change password if rejected (too easy)
+-#
+-PASS_CHANGE_TRIES	5
+-
+-#
+-# Warn about weak passwords (but still allow them) if you are root.
+-#
+-PASS_ALWAYS_WARN	yes
+-
+-#
+-# Number of significant characters in the password for crypt().
+-# Default is 8, don't change unless your crypt() is better.
+-# Only used for DES encryption algorithm.
+-#
+-#PASS_MAX_LEN		8
+-
+-#
+-# Require password before chfn(1)/chsh(1) can make any changes.
+-#
+-CHFN_AUTH		yes
+-
+ #
+ # Which fields may be changed by regular users using chfn(1) - use
+ # any combination of letters "frwh" (full name, room number, work
+@@ -294,29 +117,6 @@ CHFN_AUTH		yes
+ CHFN_RESTRICT		rwh
+ 
+ #
+-# Password prompt (%s will be replaced by user name).
+-#
+-# XXX - it doesn't work correctly yet, for now leave it commented out
+-# to use the default which is just "Password: ".
+-#LOGIN_STRING		"%s's Password: "
+-
+-#
+-# Only works if compiled with MD5_CRYPT defined:
+-# If set to "yes", new passwords will be encrypted using the MD5-based
+-# algorithm compatible with the one used by recent releases of FreeBSD.
+-# It supports passwords of unlimited length and longer salt strings.
+-# Set to "no" if you need to copy encrypted passwords to other systems
+-# which don't understand the new algorithm.  Default is "no".
+-#
+-# Note: if you use PAM, it is recommended to use a value consistent with
+-# the PAM modules configuration.
+-#
+-# This variable is deprecated. You should use ENCRYPT_METHOD instead.
+-#
+-#MD5_CRYPT_ENAB	no
+-
+-#
+-# Only works if compiled with ENCRYPTMETHOD_SELECT defined:
+ # If set to MD5, MD5-based algorithm will be used for encrypting password
+ # If set to SHA256, SHA256-based algorithm will be used for encrypting password
+ # If set to SHA512, SHA512-based algorithm will be used for encrypting password
+@@ -326,66 +126,10 @@ CHFN_RESTRICT		rwh
+ # MD5 and DES should not be used for new hashes, see crypt(5) for recommendations.
+ # Overrides the MD5_CRYPT_ENAB option
+ #
+-# Note: if you use PAM, it is recommended to use a value consistent with
+# Note: It is recommended to use a value consistent with
+ # the PAM modules configuration.
+ #
+-#ENCRYPT_METHOD DES
+-
+-#
+-# Only works if ENCRYPT_METHOD is set to SHA256 or SHA512.
+-#
+-# Define the number of SHA rounds.
+-# With a lot of rounds, it is more difficult to brute-force the password.
+-# However, more CPU resources will be needed to authenticate users if
+-# this value is increased.
+-#
+-# If not specified, the libc will choose the default number of rounds (5000),
+-# which is orders of magnitude too low for modern hardware.
+-# The values must be within the 1000-999999999 range.
+-# If only one of the MIN or MAX values is set, then this value will be used.
+-# If MIN > MAX, the highest value will be used.
+-#
+-#SHA_CRYPT_MIN_ROUNDS 5000
+-#SHA_CRYPT_MAX_ROUNDS 5000
+-
+-#
+-# Only works if ENCRYPT_METHOD is set to BCRYPT.
+-#
+-# Define the number of BCRYPT rounds.
+-# With a lot of rounds, it is more difficult to brute-force the password.
+-# However, more CPU resources will be needed to authenticate users if
+-# this value is increased.
+-#
+-# If not specified, 13 rounds will be attempted.
+-# If only one of the MIN or MAX values is set, then this value will be used.
+-# If MIN > MAX, the highest value will be used.
+-#
+-#BCRYPT_MIN_ROUNDS 13
+-#BCRYPT_MAX_ROUNDS 13
+-
+-#
+-# Only works if ENCRYPT_METHOD is set to YESCRYPT.
+-#
+-# Define the YESCRYPT cost factor.
+-# With a higher cost factor, it is more difficult to brute-force the password.
+-# However, more CPU time and more memory will be needed to authenticate users
+-# if this value is increased.
+-#
+-# If not specified, a cost factor of 5 will be used.
+-# The value must be within the 1-11 range.
+-#
+-#YESCRYPT_COST_FACTOR 5
+-
+-#
+-# List of groups to add to the user's supplementary group set
+-# when logging in from the console (as determined by the CONSOLE
+-# setting).  Default is none.
+-#
+-# Use with caution - it is possible for users to gain permanent
+-# access to these groups, even when not logged in from the console.
+-# How to do it is left as an exercise for the reader...
+-#
+-#CONSOLE_GROUPS		floppy:audio:cdrom
+ENCRYPT_METHOD YESCRYPT
+ 
+ #
+ # Should login be allowed if we can't cd to the home directory?
+@@ -402,72 +146,11 @@ DEFAULT_HOME	yes
+ NONEXISTENT	/nonexistent
+ 
+ #
+-# If this file exists and is readable, login environment will be
+-# read from it.  Every line should be in the form name=value.
+# If set to yes, userdel(8) will remove the user's group if it contains no more
+# members, and useradd(8) will create by default a group with the name of the
+# user.
+ #
+-ENVIRON_FILE	/etc/environment
+-
+-#
+-# If defined, this command is run when removing a user.
+-# It should remove any at/cron/print jobs etc. owned by
+-# the user to be removed (passed as the first argument).
+-#
+-#USERDEL_CMD	/usr/sbin/userdel_local
+-
+-#
+-# Enable setting of the umask group bits to be the same as owner bits
+-# (examples: 022 -> 002, 077 -> 007) for non-root users, if the uid is
+-# the same as gid, and username is the same as the primary group name.
+-#
+-# This also enables userdel(8) to remove user groups if no members exist.
+# Other former uses of this variable are not used in PAM environments, such as
+# Debian.
+ #
+ USERGROUPS_ENAB yes
+-
+-#
+-# If set to a non-zero number, the shadow utilities will make sure that
+-# groups never have more than this number of users on one line.
+-# This permits to support split groups (groups split into multiple lines,
+-# with the same group ID, to avoid limitation of the line length in the
+-# group file).
+-#
+-# 0 is the default value and disables this feature.
+-#
+-#MAX_MEMBERS_PER_GROUP	0
+-
+-#
+-# If useradd(8) should create home directories for users by default (non
+-# system users only).
+-# This option is overridden with the -M or -m flags on the useradd(8)
+-# command-line.
+-#
+-#CREATE_HOME     yes
+-
+-#
+-# Force use shadow, even if shadow passwd & shadow group files are
+-# missing.
+-#
+-#FORCE_SHADOW    yes
+-
+-#
+-# Allow newuidmap and newgidmap when running under an alternative
+-# primary group.
+-#
+-#GRANT_AUX_GROUP_SUBIDS yes
+-
+-#
+-# Prevents an empty password field to be interpreted as "no authentication
+-# required".
+-# Set to "yes" to prevent for all accounts
+-# Set to "superuser" to prevent for UID 0 / root (default)
+-# Set to "no" to not prevent for any account (dangerous, historical default)
+-PREVENT_NO_AUTH superuser
+-
+-#
+-# Select the HMAC cryptography algorithm.
+-# Used in pam_timestamp module to calculate the keyed-hash message
+-# authentication code.
+-#
+-# Note: it is recommended to check hmac(3) to see the possible algorithms
+-# that are available in your system.
+-#
+-#HMAC_CRYPTO_ALGO SHA512
@@ -0,0 +1,65 @@
+From: Shadow package maintainers <pkg-shadow-devel@lists.alioth.debian.org>
+Date: Sat, 22 Jun 2024 17:39:41 +0200
+Subject: Document the shadowconfig utility
+
+Status wrt upstream: The shadowconfig utility is Debian-specific.
+The man page is Debian-specific, but it used to be distributed by
+upstream.
+---
+ man/Makefile.am         |  1 +
+ man/man8/shadowconfig.8 | 34 ++++++++++++++++++++++++++++++++++
+ 2 files changed, 35 insertions(+)
+ create mode 100644 man/man8/shadowconfig.8
+
+diff --git a/man/Makefile.am b/man/Makefile.am
+index f34ed7a..2523e84 100644
+--- a/man/Makefile.am
+++ b/man/Makefile.am
+@@ -36,6 +36,7 @@ man_MANS = \
+ 	man8/pwck.8 \
+ 	man8/pwconv.8 \
+ 	man8/pwunconv.8 \
+	man8/shadowconfig.8 \
+ 	man1/sg.1 \
+ 	man3/shadow.3 \
+ 	man5/shadow.5 \
+diff --git a/man/man8/shadowconfig.8 b/man/man8/shadowconfig.8
+new file mode 100644
+index 0000000..a463a92
+--- /dev/null
+++ b/man/man8/shadowconfig.8
+@@ -0,0 +1,34 @@
+.TH shadowconfig 8 2025-02-17 "Debian shadow-utils"
+.SH Name
+shadowconfig \- turn shadow passwords on
+.
+.
+.SH Synopsis
+.SY shadowconfig on
+.YS
+.
+.
+.SH Description
+.I shadowconfig\ on
+will turn shadow passwords on.
+.
+.
+.SH Errors
+.B shadowconfig
+will print an error message and exit with a nonzero code
+if it finds anything awry.
+If that happens,
+you should correct the error and run it again.
+Turning shadow passwords on when they are already on
+is harmless.
+.
+.
+.SH Caveats
+Turning shadow passwords off using shadowconfig
+is not supported anymore.
+.
+.
+.SH See also
+Read
+.I /usr/share/doc/passwd/README.Debian
+for a brief introduction to shadow passwords and related features.
@@ -0,0 +1,37 @@
+From: Chris Hofstaedtler <zeha@debian.org>
+Date: Sun, 16 Mar 2025 13:29:45 +0100
+Subject: Exclude Debian-globally allocated UIDs from sys_uid range warning
+
+Bug: http://bugs.debian.org/1100563
+---
+ src/useradd.c | 11 +++++++++--
+ 1 file changed, 9 insertions(+), 2 deletions(-)
+
+diff --git a/src/useradd.c b/src/useradd.c
+index b3ab1c4..bbc9859 100644
+--- a/src/useradd.c
+++ b/src/useradd.c
+@@ -2406,14 +2406,21 @@ static void create_mail(const struct option_flags *flags)
+ #endif
+ }
+ 
+/* See Debian Policy 9.2.2 "UID and GID classes"
+ * https://www.debian.org/doc/debian-policy/ch-opersys.html#uid-and-gid-classes
+ */
+#define DEBIAN_GLOBAL_UID_MIN ((uid_t)60000)
+#define DEBIAN_GLOBAL_UID_MAX ((uid_t)64999)
+
+ static void check_uid_range(int rflg, uid_t user_id)
+ {
+ 	uid_t uid_min ;
+ 	uid_t uid_max ;
+ 	if (rflg) {
+ 		uid_max = getdef_ulong("SYS_UID_MAX",getdef_ulong("UID_MIN",1000UL)-1);
+-		if (user_id > uid_max) {
+-			fprintf(stderr, _("%s warning: %s's uid %d is greater than SYS_UID_MAX %d\n"), Prog, user_name, user_id, uid_max);
+		if (user_id > uid_max
+			&& (!(user_id >= DEBIAN_GLOBAL_UID_MIN && user_id <= DEBIAN_GLOBAL_UID_MAX))) {
+				fprintf(stderr, _("%s warning: %s's uid %d is greater than SYS_UID_MAX %d\n"), Prog, user_name, user_id, uid_max);
+ 		}
+ 	}else{
+ 		uid_min = getdef_ulong("UID_MIN", 1000UL);
@@ -0,0 +1,52 @@
+From: Balint Reczey <balint@balintreczey.hu>
+Date: Sat, 22 Jun 2024 17:39:41 +0200
+Subject: Keep using Debian's adduser defaults
+
+Bug: https://github.com/shadow-maint/shadow/issues/501
+Bug-Debian: https://bugs.debian.org/1004710
+Forwarded: not-needed
+
+Upstream's bbf4b79bc49fd1826eb41f6629669ef0b647267b commit
+in 4.9 merged those values from upstream's default configuration file
+which is not shipped in Debian.
+This patch keeps the program's compiled in defaults in sync with the
+configuration files shipped in Debian (debian/default/useradd).
+---
+ man/useradd.8.xml | 2 +-
+ src/useradd.c     | 4 ++--
+ 2 files changed, 3 insertions(+), 3 deletions(-)
+
+diff --git a/man/useradd.8.xml b/man/useradd.8.xml
+index e6db7f6..2e83b4f 100644
+--- a/man/useradd.8.xml
+++ b/man/useradd.8.xml
+@@ -262,7 +262,7 @@
+ 	    command line), useradd will set the primary group of the new
+ 	    user to the value specified by the <option>GROUP</option>
+ 	    variable in <filename>/etc/default/useradd</filename>, or
+-	    1000 by default.
+	    100 by default.
+ 	  </para>
+ 	</listitem>
+       </varlistentry>
+diff --git a/src/useradd.c b/src/useradd.c
+index 899efe3..b3ab1c4 100644
+--- a/src/useradd.c
+++ b/src/useradd.c
+@@ -106,14 +106,14 @@ static const char Prog[] = "useradd";
+ /*
+  * These defaults are used if there is no defaults file.
+  */
+-static gid_t def_group = 1000;
+static gid_t def_group = 100;
+ static const char *def_groups = "";
+ static const char *def_gname = "other";
+ static const char *def_home = "/home";
+ static const char *def_shell = "/bin/bash";
+ static const char *def_template = SKEL_DIR;
+ static const char *def_usrtemplate = USRSKELDIR;
+-static const char *def_create_mail_spool = "yes";
+static const char *def_create_mail_spool = "no";
+ static const char *def_log_init = "yes";
+ 
+ static long def_inactive = -1;
@@ -0,0 +1,46 @@
+From: Shadow package maintainers <pkg-shadow-devel@lists.alioth.debian.org>
+Date: Sat, 22 Jun 2024 17:39:41 +0200
+Subject: Recommend using adduser and deluser
+
+Fixes: #406046
+
+Status wrt upstream: Debian specific patch.
+---
+ man/useradd.8.xml | 6 ++++++
+ man/userdel.8.xml | 6 ++++++
+ 2 files changed, 12 insertions(+)
+
+diff --git a/man/useradd.8.xml b/man/useradd.8.xml
+index 2e83b4f..67c469a 100644
+--- a/man/useradd.8.xml
+++ b/man/useradd.8.xml
+@@ -82,6 +82,12 @@
+ 
+   <refsect1 id='description'>
+     <title>DESCRIPTION</title>
+      <para>
+	<command>useradd</command> is a low level utility for adding
+	users.  On Debian, administrators should usually use
+	<citerefentry><refentrytitle>adduser</refentrytitle>
+	<manvolnum>8</manvolnum></citerefentry> instead.
+      </para>
+       <para>
+ 	When invoked without the <option>-D</option> option, the
+ 	<command>useradd</command> command creates a new user account using
+diff --git a/man/userdel.8.xml b/man/userdel.8.xml
+index e10a6af..863d3f1 100644
+--- a/man/userdel.8.xml
+++ b/man/userdel.8.xml
+@@ -58,6 +58,12 @@
+ 
+   <refsect1 id='description'>
+     <title>DESCRIPTION</title>
+    <para>
+      <command>userdel</command> is a low level utility for removing
+      users.  On Debian, administrators should usually use
+      <citerefentry><refentrytitle>deluser</refentrytitle>
+      <manvolnum>8</manvolnum></citerefentry> instead.
+    </para>
+     <para>
+       The <command>userdel</command> command modifies the system account
+       files, deleting all entries that refer to the user name <emphasis
@@ -0,0 +1,75 @@
+From: Shadow package maintainers <pkg-shadow-devel@lists.alioth.debian.org>
+Date: Sat, 22 Jun 2024 17:39:41 +0200
+Subject: Set group and mode for [g]shadow files
+
+Set group 'shadow' and mode 0400.
+
+Fixes: #166793
+---
+ lib/commonio.c | 12 ++++++++++++
+ lib/sgroupio.c |  2 +-
+ lib/shadowio.c |  2 +-
+ 3 files changed, 14 insertions(+), 2 deletions(-)
+
+diff --git a/lib/commonio.c b/lib/commonio.c
+index 2c6a1a2..860efb9 100644
+--- a/lib/commonio.c
+++ b/lib/commonio.c
+@@ -22,6 +22,7 @@
+ #include <sys/stat.h>
+ #include <stdlib.h>
+ #include <utime.h>
+#include <grp.h>
+ 
+ #include "alloc/malloc.h"
+ #include "atoi/getnum.h"
+@@ -931,12 +932,23 @@ commonio_close(struct commonio_db *db, MAYBE_UNUSED bool process_selinux)
+ 		if (errors)
+ 			goto fail;
+ 	} else {
+		struct group *grp;
+ 		/*
+ 		 * Default permissions for new [g]shadow files.
+ 		 */
+ 		sb.st_mode = db->st_mode;
+ 		sb.st_uid = db->st_uid;
+ 		sb.st_gid = db->st_gid;
+
+		/*
+		 * Try to retrieve the shadow's GID, and fall back to GID 0.
+		 */
+		if (sb.st_gid == 0) {
+			if ((grp = getgrnam("shadow")) != NULL)
+				sb.st_gid = grp->gr_gid;
+			else
+				sb.st_gid = 0;
+		}
+ 	}
+ 
+ 	if (stprintf_a(buf, "%s+", db->filename) == -1)
+diff --git a/lib/sgroupio.c b/lib/sgroupio.c
+index ad3adc3..527f5be 100644
+--- a/lib/sgroupio.c
+++ b/lib/sgroupio.c
+@@ -213,7 +213,7 @@ static struct commonio_db gshadow_db = {
+ #ifdef WITH_SELINUX
+ 	NULL,			/* scontext */
+ #endif
+-	0400,                   /* st_mode */
+	0440,                   /* st_mode */
+ 	0,                      /* st_uid */
+ 	0,                      /* st_gid */
+ 	NULL,			/* head */
+diff --git a/lib/shadowio.c b/lib/shadowio.c
+index bf87503..be917ac 100644
+--- a/lib/shadowio.c
+++ b/lib/shadowio.c
+@@ -87,7 +87,7 @@ static struct commonio_db shadow_db = {
+ #ifdef WITH_SELINUX
+ 	NULL,			/* scontext */
+ #endif				/* WITH_SELINUX */
+-	0400,                   /* st_mode */
+	0440,                   /* st_mode */
+ 	0,                      /* st_uid */
+ 	0,                      /* st_gid */
+ 	NULL,			/* head */
@@ -0,0 +1,561 @@
+From: Chris Hofstaedtler <zeha@debian.org>
+Date: Tue, 6 Aug 2024 00:27:13 +0200
+Subject: Stop building programs we do not install
+
+---
+ man/Makefile.am       | 15 ---------------
+ man/cs/Makefile.am    |  9 ---------
+ man/da/Makefile.am    |  3 ---
+ man/de/Makefile.am    | 10 ----------
+ man/fr/Makefile.am    | 10 ----------
+ man/hu/Makefile.am    |  3 ---
+ man/id/Makefile.am    |  1 -
+ man/it/Makefile.am    | 10 ----------
+ man/ja/Makefile.am    |  8 --------
+ man/ko/Makefile.am    |  2 --
+ man/pl/Makefile.am    |  6 ------
+ man/ru/Makefile.am    |  9 ---------
+ man/sv/Makefile.am    |  8 --------
+ man/tr/Makefile.am    |  2 --
+ man/uk/Makefile.am    |  9 ---------
+ man/zh_CN/Makefile.am | 10 ----------
+ man/zh_TW/Makefile.am |  2 --
+ src/Makefile.am       |  7 +++----
+ 18 files changed, 3 insertions(+), 121 deletions(-)
+
+diff --git a/man/Makefile.am b/man/Makefile.am
+index 2523e84..05a0c86 100644
+--- a/man/Makefile.am
+++ b/man/Makefile.am
+@@ -13,8 +13,6 @@ man_MANS = \
+ 	man8/chpasswd.8 \
+ 	man1/chsh.1 \
+ 	man1/expiry.1 \
+-	man5/faillog.5 \
+-	man8/faillog.8 \
+ 	man3/getspnam.3 \
+ 	man1/gpasswd.1 \
+ 	man8/groupadd.8 \
+@@ -25,19 +23,14 @@ man_MANS = \
+ 	man8/grpconv.8 \
+ 	man8/grpunconv.8 \
+ 	man5/gshadow.5 \
+-	man1/login.1 \
+ 	man5/login.defs.5 \
+-	man8/logoutd.8 \
+-	man1/newgrp.1 \
+ 	man8/newusers.8 \
+-	man8/nologin.8 \
+ 	man1/passwd.1 \
+ 	man5/passwd.5 \
+ 	man8/pwck.8 \
+ 	man8/pwconv.8 \
+ 	man8/pwunconv.8 \
+ 	man8/shadowconfig.8 \
+-	man1/sg.1 \
+ 	man3/shadow.3 \
+ 	man5/shadow.5 \
+ 	man8/useradd.8 \
+@@ -82,8 +75,6 @@ man_XMANS = \
+ 	chpasswd.8.xml \
+ 	chsh.1.xml \
+ 	expiry.1.xml \
+-	faillog.5.xml \
+-	faillog.8.xml \
+ 	getsubids.1.xml \
+ 	gpasswd.1.xml \
+ 	groupadd.8.xml \
+@@ -96,12 +87,9 @@ man_XMANS = \
+ 	login.1.xml \
+ 	login.access.5.xml \
+ 	login.defs.5.xml \
+-	logoutd.8.xml \
+ 	newgidmap.1.xml \
+-	newgrp.1.xml \
+ 	newuidmap.1.xml \
+ 	newusers.8.xml \
+-	nologin.8.xml \
+ 	passwd.1.xml \
+ 	passwd.5.xml \
+ 	porttime.5.xml \
+@@ -109,9 +97,6 @@ man_XMANS = \
+ 	pwconv.8.xml \
+ 	shadow.3.xml \
+ 	shadow.5.xml \
+-	sg.1.xml \
+-	su.1.xml \
+-	suauth.5.xml \
+ 	subgid.5.xml \
+ 	subuid.5.xml \
+ 	useradd.8.xml \
+diff --git a/man/cs/Makefile.am b/man/cs/Makefile.am
+index 45aec38..e1f9f87 100644
+--- a/man/cs/Makefile.am
+++ b/man/cs/Makefile.am
+@@ -3,25 +3,16 @@ mandir = @mandir@/cs
+ 
+ man_MANS = \
+ 	man1/expiry.1 \
+-	man5/faillog.5 \
+-	man8/faillog.8 \
+ 	man1/gpasswd.1 \
+ 	man8/groupadd.8 \
+ 	man8/groupdel.8 \
+ 	man8/groupmod.8 \
+ 	man8/grpck.8 \
+ 	man5/gshadow.5 \
+-	man8/nologin.8 \
+ 	man5/passwd.5 \
+ 	man5/shadow.5 \
+-	man1/su.1 \
+ 	man8/vipw.8
+ 
+ if ENABLE_LASTLOG
+ man_MANS += man8/lastlog.8
+ endif
+-
+-EXTRA_DIST = $(man_MANS) \
+-	man8/groupmems.8 \
+-	man8/logoutd.8
+-
+diff --git a/man/da/Makefile.am b/man/da/Makefile.am
+index c61b787..12234cb 100644
+--- a/man/da/Makefile.am
+++ b/man/da/Makefile.am
+@@ -6,10 +6,7 @@ man_MANS = \
+ 	man1/chfn.1 \
+ 	man8/groupdel.8 \
+ 	man5/gshadow.5 \
+-	man8/logoutd.8 \
+ 	man1/newgrp.1 \
+-	man8/nologin.8 \
+-	man1/sg.1 \
+ 	man8/vigr.8 \
+ 	man8/vipw.8
+ 
+diff --git a/man/de/Makefile.am b/man/de/Makefile.am
+index d3a6d6c..59602aa 100644
+--- a/man/de/Makefile.am
+++ b/man/de/Makefile.am
+@@ -8,34 +8,24 @@ man_MANS = \
+ 	man8/chpasswd.8 \
+ 	man1/chsh.1 \
+ 	man1/expiry.1 \
+-	man5/faillog.5 \
+-	man8/faillog.8 \
+ 	man3/getspnam.3 \
+ 	man1/gpasswd.1 \
+ 	man8/groupadd.8 \
+ 	man8/groupdel.8 \
+-	man8/groupmems.8 \
+ 	man8/groupmod.8 \
+ 	man8/grpck.8 \
+ 	man8/grpconv.8 \
+ 	man8/grpunconv.8 \
+ 	man5/gshadow.5 \
+-	man1/login.1 \
+ 	man5/login.defs.5 \
+-	man8/logoutd.8 \
+-	man1/newgrp.1 \
+ 	man8/newusers.8 \
+-	man8/nologin.8 \
+ 	man1/passwd.1 \
+ 	man5/passwd.5 \
+ 	man8/pwck.8 \
+ 	man8/pwconv.8 \
+ 	man8/pwunconv.8 \
+-	man1/sg.1 \
+ 	man3/shadow.3 \
+ 	man5/shadow.5 \
+-	man1/su.1 \
+-	man5/suauth.5 \
+ 	man8/useradd.8 \
+ 	man8/userdel.8 \
+ 	man8/usermod.8 \
+diff --git a/man/fr/Makefile.am b/man/fr/Makefile.am
+index 2365e23..6cbaadc 100644
+--- a/man/fr/Makefile.am
+++ b/man/fr/Makefile.am
+@@ -8,34 +8,24 @@ man_MANS = \
+ 	man8/chpasswd.8 \
+ 	man1/chsh.1 \
+ 	man1/expiry.1 \
+-	man5/faillog.5 \
+-	man8/faillog.8 \
+ 	man3/getspnam.3 \
+ 	man1/gpasswd.1 \
+ 	man8/groupadd.8 \
+ 	man8/groupdel.8 \
+-	man8/groupmems.8 \
+ 	man8/groupmod.8 \
+ 	man8/grpck.8 \
+ 	man8/grpconv.8 \
+ 	man8/grpunconv.8 \
+ 	man5/gshadow.5 \
+-	man1/login.1 \
+ 	man5/login.defs.5 \
+-	man8/logoutd.8 \
+-	man1/newgrp.1 \
+ 	man8/newusers.8 \
+-	man8/nologin.8 \
+ 	man1/passwd.1 \
+ 	man5/passwd.5 \
+ 	man8/pwck.8 \
+ 	man8/pwconv.8 \
+ 	man8/pwunconv.8 \
+-	man1/sg.1 \
+ 	man3/shadow.3 \
+ 	man5/shadow.5 \
+-	man1/su.1 \
+-	man5/suauth.5 \
+ 	man8/useradd.8 \
+ 	man8/userdel.8 \
+ 	man8/usermod.8 \
+diff --git a/man/hu/Makefile.am b/man/hu/Makefile.am
+index 6bf68e8..2930da3 100644
+--- a/man/hu/Makefile.am
+++ b/man/hu/Makefile.am
+@@ -4,11 +4,8 @@ mandir = @mandir@/hu
+ man_MANS = \
+ 	man1/chsh.1 \
+ 	man1/gpasswd.1 \
+-	man1/login.1 \
+-	man1/newgrp.1 \
+ 	man1/passwd.1 \
+ 	man5/passwd.5 \
+-	man1/sg.1 \
+ 	man1/su.1
+ 
+ if ENABLE_LASTLOG
+diff --git a/man/id/Makefile.am b/man/id/Makefile.am
+index 21f3dbe..566fa8b 100644
+--- a/man/id/Makefile.am
+++ b/man/id/Makefile.am
+@@ -3,7 +3,6 @@ mandir = @mandir@/id
+ 
+ man_MANS = \
+ 	man1/chsh.1 \
+-	man1/login.1 \
+ 	man8/useradd.8
+ 
+ EXTRA_DIST = $(man_MANS)
+diff --git a/man/it/Makefile.am b/man/it/Makefile.am
+index 736576c..3312232 100644
+--- a/man/it/Makefile.am
+++ b/man/it/Makefile.am
+@@ -8,34 +8,24 @@ man_MANS = \
+ 	man8/chpasswd.8 \
+ 	man1/chsh.1 \
+ 	man1/expiry.1 \
+-	man5/faillog.5 \
+-	man8/faillog.8 \
+ 	man3/getspnam.3 \
+ 	man1/gpasswd.1 \
+ 	man8/groupadd.8 \
+ 	man8/groupdel.8 \
+-	man8/groupmems.8 \
+ 	man8/groupmod.8 \
+ 	man8/grpck.8 \
+ 	man8/grpconv.8 \
+ 	man8/grpunconv.8 \
+ 	man5/gshadow.5 \
+-	man1/login.1 \
+ 	man5/login.defs.5 \
+-	man8/logoutd.8 \
+-	man1/newgrp.1 \
+ 	man8/newusers.8 \
+-	man8/nologin.8 \
+ 	man1/passwd.1 \
+ 	man5/passwd.5 \
+ 	man8/pwck.8 \
+ 	man8/pwconv.8 \
+ 	man8/pwunconv.8 \
+-	man1/sg.1 \
+ 	man3/shadow.3 \
+ 	man5/shadow.5 \
+-	man1/su.1 \
+-	man5/suauth.5 \
+ 	man8/useradd.8 \
+ 	man8/userdel.8 \
+ 	man8/usermod.8 \
+diff --git a/man/ja/Makefile.am b/man/ja/Makefile.am
+index b759726..1e22da2 100644
+--- a/man/ja/Makefile.am
+++ b/man/ja/Makefile.am
+@@ -7,8 +7,6 @@ man_MANS = \
+ 	man8/chpasswd.8 \
+ 	man1/chsh.1 \
+ 	man1/expiry.1 \
+-	man5/faillog.5 \
+-	man8/faillog.8 \
+ 	man1/gpasswd.1 \
+ 	man8/groupadd.8 \
+ 	man8/groupdel.8 \
+@@ -16,20 +14,14 @@ man_MANS = \
+ 	man8/grpck.8 \
+ 	man8/grpconv.8 \
+ 	man8/grpunconv.8 \
+-	man1/login.1 \
+ 	man5/login.defs.5 \
+-	man8/logoutd.8 \
+-	man1/newgrp.1 \
+ 	man8/newusers.8 \
+ 	man1/passwd.1 \
+ 	man5/passwd.5 \
+ 	man8/pwck.8 \
+ 	man8/pwconv.8 \
+ 	man8/pwunconv.8 \
+-	man1/sg.1 \
+ 	man5/shadow.5 \
+-	man1/su.1 \
+-	man5/suauth.5 \
+ 	man8/useradd.8 \
+ 	man8/userdel.8 \
+ 	man8/usermod.8 \
+diff --git a/man/ko/Makefile.am b/man/ko/Makefile.am
+index 4f73651..0f17a17 100644
+--- a/man/ko/Makefile.am
+++ b/man/ko/Makefile.am
+@@ -4,9 +4,7 @@ mandir = @mandir@/ko
+ man_MANS = \
+ 	man1/chfn.1 \
+ 	man1/chsh.1 \
+-	man1/login.1 \
+ 	man5/passwd.5 \
+-	man1/su.1 \
+ 	man8/vigr.8 \
+ 	man8/vipw.8
+ # newgrp.1 must be updated
+diff --git a/man/pl/Makefile.am b/man/pl/Makefile.am
+index 2a015f3..02f4533 100644
+--- a/man/pl/Makefile.am
+++ b/man/pl/Makefile.am
+@@ -6,17 +6,11 @@ man_MANS = \
+ 	man1/chage.1 \
+ 	man1/chsh.1 \
+ 	man1/expiry.1 \
+-	man5/faillog.5 \
+-	man8/faillog.8 \
+ 	man3/getspnam.3 \
+ 	man8/groupadd.8 \
+ 	man8/groupdel.8 \
+-	man8/groupmems.8 \
+ 	man8/groupmod.8 \
+ 	man8/grpck.8 \
+-	man8/logoutd.8 \
+-	man1/newgrp.1 \
+-	man1/sg.1 \
+ 	man3/shadow.3 \
+ 	man8/userdel.8 \
+ 	man8/usermod.8 \
+diff --git a/man/ru/Makefile.am b/man/ru/Makefile.am
+index 845a603..9afcb22 100644
+--- a/man/ru/Makefile.am
+++ b/man/ru/Makefile.am
+@@ -8,22 +8,16 @@ man_MANS = \
+ 	man8/chpasswd.8 \
+ 	man1/chsh.1 \
+ 	man1/expiry.1 \
+-	man5/faillog.5 \
+-	man8/faillog.8 \
+ 	man3/getspnam.3 \
+ 	man1/gpasswd.1 \
+ 	man8/groupadd.8 \
+ 	man8/groupdel.8 \
+-	man8/groupmems.8 \
+ 	man8/groupmod.8 \
+ 	man8/grpck.8 \
+ 	man8/grpconv.8 \
+ 	man8/grpunconv.8 \
+ 	man5/gshadow.5 \
+-	man1/login.1 \
+ 	man5/login.defs.5 \
+-	man8/logoutd.8 \
+-	man1/newgrp.1 \
+ 	man8/newusers.8 \
+ 	man8/nologin.8 \
+ 	man1/passwd.1 \
+@@ -31,11 +25,8 @@ man_MANS = \
+ 	man8/pwck.8 \
+ 	man8/pwconv.8 \
+ 	man8/pwunconv.8 \
+-	man1/sg.1 \
+ 	man3/shadow.3 \
+ 	man5/shadow.5 \
+-	man1/su.1 \
+-	man5/suauth.5 \
+ 	man8/useradd.8 \
+ 	man8/userdel.8 \
+ 	man8/usermod.8 \
+diff --git a/man/sv/Makefile.am b/man/sv/Makefile.am
+index 1918af7..d572c36 100644
+--- a/man/sv/Makefile.am
+++ b/man/sv/Makefile.am
+@@ -5,24 +5,16 @@ man_MANS = \
+ 	man1/chage.1 \
+ 	man1/chsh.1 \
+ 	man1/expiry.1 \
+-	man5/faillog.5 \
+-	man8/faillog.8 \
+ 	man3/getspnam.3 \
+ 	man8/groupadd.8 \
+ 	man8/groupdel.8 \
+-	man8/groupmems.8 \
+ 	man8/groupmod.8 \
+ 	man8/grpck.8 \
+ 	man5/gshadow.5 \
+-	man8/logoutd.8 \
+-	man1/newgrp.1 \
+-	man8/nologin.8 \
+ 	man1/passwd.1 \
+ 	man5/passwd.5 \
+ 	man8/pwck.8 \
+-	man1/sg.1 \
+ 	man3/shadow.3 \
+-	man5/suauth.5 \
+ 	man8/userdel.8 \
+ 	man8/vigr.8 \
+ 	man8/vipw.8
+diff --git a/man/tr/Makefile.am b/man/tr/Makefile.am
+index 8d8b916..8b2aa2d 100644
+--- a/man/tr/Makefile.am
+++ b/man/tr/Makefile.am
+@@ -6,11 +6,9 @@ man_MANS = \
+ 	man8/groupadd.8 \
+ 	man8/groupdel.8 \
+ 	man8/groupmod.8 \
+-	man1/login.1 \
+ 	man1/passwd.1 \
+ 	man5/passwd.5 \
+ 	man5/shadow.5 \
+-	man1/su.1 \
+ 	man8/useradd.8 \
+ 	man8/userdel.8 \
+ 	man8/usermod.8
+diff --git a/man/uk/Makefile.am b/man/uk/Makefile.am
+index a0f106d..f069eea 100644
+--- a/man/uk/Makefile.am
+++ b/man/uk/Makefile.am
+@@ -8,34 +8,25 @@ man_MANS = \
+ 	man8/chpasswd.8 \
+ 	man1/chsh.1 \
+ 	man1/expiry.1 \
+-	man5/faillog.5 \
+-	man8/faillog.8 \
+ 	man3/getspnam.3 \
+ 	man1/gpasswd.1 \
+ 	man8/groupadd.8 \
+ 	man8/groupdel.8 \
+-	man8/groupmems.8 \
+ 	man8/groupmod.8 \
+ 	man8/grpck.8 \
+ 	man8/grpconv.8 \
+ 	man8/grpunconv.8 \
+ 	man5/gshadow.5 \
+-	man1/login.1 \
+ 	man5/login.defs.5 \
+-	man8/logoutd.8 \
+ 	man1/newgrp.1 \
+ 	man8/newusers.8 \
+-	man8/nologin.8 \
+ 	man1/passwd.1 \
+ 	man5/passwd.5 \
+ 	man8/pwck.8 \
+ 	man8/pwconv.8 \
+ 	man8/pwunconv.8 \
+-	man1/sg.1 \
+ 	man3/shadow.3 \
+ 	man5/shadow.5 \
+-	man1/su.1 \
+-	man5/suauth.5 \
+ 	man8/useradd.8 \
+ 	man8/userdel.8 \
+ 	man8/usermod.8 \
+diff --git a/man/zh_CN/Makefile.am b/man/zh_CN/Makefile.am
+index 59d1072..9402a9e 100644
+--- a/man/zh_CN/Makefile.am
+++ b/man/zh_CN/Makefile.am
+@@ -8,34 +8,24 @@ man_MANS = \
+ 	man8/chpasswd.8 \
+ 	man1/chsh.1 \
+ 	man1/expiry.1 \
+-	man5/faillog.5 \
+-	man8/faillog.8 \
+ 	man3/getspnam.3 \
+ 	man1/gpasswd.1 \
+ 	man8/groupadd.8 \
+ 	man8/groupdel.8 \
+-	man8/groupmems.8 \
+ 	man8/groupmod.8 \
+ 	man8/grpck.8 \
+ 	man8/grpconv.8 \
+ 	man8/grpunconv.8 \
+ 	man5/gshadow.5 \
+-	man1/login.1 \
+ 	man5/login.defs.5 \
+-	man8/logoutd.8 \
+-	man1/newgrp.1 \
+ 	man8/newusers.8 \
+-	man8/nologin.8 \
+ 	man1/passwd.1 \
+ 	man5/passwd.5 \
+ 	man8/pwck.8 \
+ 	man8/pwconv.8 \
+ 	man8/pwunconv.8 \
+-	man1/sg.1 \
+ 	man3/shadow.3 \
+ 	man5/shadow.5 \
+-	man1/su.1 \
+-	man5/suauth.5 \
+ 	man8/useradd.8 \
+ 	man8/userdel.8 \
+ 	man8/usermod.8 \
+diff --git a/man/zh_TW/Makefile.am b/man/zh_TW/Makefile.am
+index c36ed2c..6fb6a15 100644
+--- a/man/zh_TW/Makefile.am
+++ b/man/zh_TW/Makefile.am
+@@ -5,12 +5,10 @@ man_MANS = \
+ 	man1/chfn.1 \
+ 	man1/chsh.1 \
+ 	man8/chpasswd.8 \
+-	man1/newgrp.1 \
+ 	man8/groupadd.8 \
+ 	man8/groupdel.8 \
+ 	man8/groupmod.8 \
+ 	man5/passwd.5 \
+-	man1/su.1 \
+ 	man8/useradd.8 \
+ 	man8/userdel.8 \
+ 	man8/usermod.8
+diff --git a/src/Makefile.am b/src/Makefile.am
+index 6981815..5ca78ed 100644
+--- a/src/Makefile.am
+++ b/src/Makefile.am
+@@ -26,8 +26,8 @@ AM_CFLAGS = $(LIBBSD_CFLAGS)
+ # and installation would be much simpler (just two directories,
+ # $prefix/bin and $prefix/sbin, no install-data hacks...)
+ 
+-bin_PROGRAMS   = login
+-sbin_PROGRAMS  = nologin
+bin_PROGRAMS   =
+sbin_PROGRAMS  =
+ ubin_PROGRAMS  = faillog chage chfn chsh expiry gpasswd newgrp passwd
+ if ENABLE_SUBIDS
+ ubin_PROGRAMS += newgidmap newuidmap
+@@ -48,7 +48,6 @@ usbin_PROGRAMS = \
+ 	grpck \
+ 	grpconv \
+ 	grpunconv \
+-	logoutd \
+ 	newusers \
+ 	pwck \
+ 	pwconv \
+@@ -59,7 +58,7 @@ usbin_PROGRAMS = \
+ 	vipw
+ 
+ # sulogin from sysvinit
+-noinst_PROGRAMS = sulogin
+noinst_PROGRAMS =
+ 
+ suidusbins     =
+ suidbins       =
@@ -0,0 +1,104 @@
+From: Chris Hofstaedtler <zeha@debian.org>
+Date: Mon, 17 Feb 2025 18:17:15 +0100
+Subject: Warn when --badname (and variants) are given
+
+Upstream PR 1158 will remove them, probably in the forky timeframe.
+---
+ src/newusers.c | 5 ++++-
+ src/pwck.c     | 5 ++++-
+ src/useradd.c  | 5 ++++-
+ src/usermod.c  | 5 ++++-
+ 4 files changed, 16 insertions(+), 4 deletions(-)
+
+diff --git a/src/newusers.c b/src/newusers.c
+index e9353fd..9054373 100644
+--- a/src/newusers.c
+++ b/src/newusers.c
+@@ -135,7 +135,7 @@ static void usage (int status)
+ 	                  "\n"
+ 	                  "Options:\n"),
+ 	                Prog);
+-	(void) fputs (_("  -b, --badname                 allow bad names\n"), usageout);
+	(void) fputs (_("  -b, --badname                 allow bad names (DEPRECATED)\n"), usageout);
+ #ifndef USE_PAM
+ 	(void) fprintf (usageout,
+ 	                _("  -c, --crypt-method METHOD     the crypt method (one of %s)\n"),
+@@ -668,6 +668,9 @@ static void process_flags (int argc, char **argv, struct option_flags *flags)
+ 		switch (c) {
+ 		case 'b':
+ 			allow_bad_names = true;
+			fprintf (stderr,
+					 _("%s: WARNING: -b and --badname are deprecated and will be removed\n"),
+					 Prog);
+ 			break;
+ #ifndef USE_PAM
+ 		case 'c':
+diff --git a/src/pwck.c b/src/pwck.c
+index c35f03e..81f4ccd 100644
+--- a/src/pwck.c
+++ b/src/pwck.c
+@@ -139,7 +139,7 @@ usage (int status)
+ 		                  "Options:\n"),
+ 		                Prog);
+ 	}
+-	(void) fputs (_("  -b, --badname                 allow bad names\n"), usageout);
+	(void) fputs (_("  -b, --badname                 allow bad names (DEPRECATED)\n"), usageout);
+ 	(void) fputs (_("  -h, --help                    display this help message and exit\n"), usageout);
+ 	(void) fputs (_("  -q, --quiet                   report errors only\n"), usageout);
+ 	(void) fputs (_("  -r, --read-only               display errors and warnings\n"
+@@ -181,6 +181,9 @@ static void process_flags (int argc, char **argv, struct option_flags *flags)
+ 		switch (c) {
+ 		case 'b':
+ 			allow_bad_names = true;
+			fprintf (stderr,
+					 _("%s: WARNING: --badname is deprecated and will be removed\n"),
+					 Prog);
+ 			break;
+ 		case 'h':
+ 			usage (E_SUCCESS);
+diff --git a/src/useradd.c b/src/useradd.c
+index bbc9859..5446f35 100644
+--- a/src/useradd.c
+++ b/src/useradd.c
+@@ -877,7 +877,7 @@ static void usage (int status)
+ 	                  "\n"
+ 	                  "Options:\n"),
+ 	                Prog, Prog, Prog);
+-	(void) fputs (_("      --badname                 do not check for bad names\n"), usageout);
+	(void) fputs (_("      --badname                 do not check for bad names (DEPRECATED)\n"), usageout);
+ 	(void) fputs (_("  -b, --base-dir BASE_DIR       base directory for the home directory of the\n"
+ 	                "                                new account\n"), usageout);
+ #ifdef WITH_BTRFS
+@@ -1200,6 +1200,9 @@ static void process_flags (int argc, char **argv, struct option_flags *flags)
+ 				break;
+ 			case 201:
+ 				allow_bad_names = true;
+				fprintf (stderr,
+					     _("%s: WARNING: --badname is deprecated and will be removed\n"),
+					     Prog);
+ 				break;
+ 			case 'c':
+ 				if (!VALID (optarg)) {
+diff --git a/src/usermod.c b/src/usermod.c
+index e8c9da6..dc88776 100644
+--- a/src/usermod.c
+++ b/src/usermod.c
+@@ -396,7 +396,7 @@ usage (int status)
+ 	(void) fputs (_("  -a, --append                  append the user to the supplemental GROUPS\n"
+ 	                "                                mentioned by the -G option without removing\n"
+ 	                "                                the user from other groups\n"), usageout);
+-	(void) fputs (_("  -b, --badname                 allow bad names\n"), usageout);
+	(void) fputs (_("  -b, --badname                 allow bad names (DEPRECATED)\n"), usageout);
+ 	(void) fputs (_("  -c, --comment COMMENT         new value of the GECOS field\n"), usageout);
+ 	(void) fputs (_("  -d, --home HOME_DIR           new home directory for the user account\n"), usageout);
+ 	(void) fputs (_("  -e, --expiredate EXPIRE_DATE  set account expiration date to EXPIRE_DATE\n"), usageout);
+@@ -1062,6 +1062,9 @@ process_flags(int argc, char **argv, struct option_flags *flags)
+ 				break;
+ 			case 'b':
+ 				allow_bad_names = true;
+				fprintf (stderr,
+					     _("%s: WARNING: -b, --badname and --badnames are deprecated and will be removed\n"),
+					     Prog);
+ 				break;
+ 			case 'c':
+ 				if (!VALID (optarg)) {
@@ -0,0 +1,23 @@
+From: Chris Hofstaedtler <zeha@debian.org>
+Date: Mon, 24 Feb 2025 23:24:41 +0100
+Subject: configure.ac: align exec_prefix with prefix
+
+Hopefully upstream will fix this one day.
+Reported as https://github.com/shadow-maint/shadow/issues/1229
+---
+ configure.ac | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/configure.ac b/configure.ac
+index b3dd34d..bbda154 100644
+--- a/configure.ac
+++ b/configure.ac
+@@ -23,7 +23,7 @@ AC_SUBST([LIBSUBID_ABI], [libsubid_abi])
+ 
+ dnl Some hacks...
+ test "x$prefix" = "xNONE" && prefix="/usr"
+-test "X$prefix" = "X/usr" && exec_prefix=""
+test "X$prefix" = "X/usr" && exec_prefix="/usr"
+ 
+ AC_USE_SYSTEM_EXTENSIONS
+ 
@@ -0,0 +1,39 @@
+From: Alejandro Colomar <alx@kernel.org>
+Date: Wed, 7 Jan 2026 23:44:26 +0100
+Subject: lib/chkhash.c: is_valid_hash(): Accept '*' as the hash
+
+This is widely accepted as an invalid hash, to remove password access
+for an account (that is, no passwords will match the "hash").
+
+Fixes: c44f1e096a19 (2025-07-20; "chpasswd: Check hash before write when using -e")
+Closes: <https://github.com/shadow-maint/shadow/issues/1483>
+Closes: <https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1124835>
+Reported-by: Chris Hofstaedtler <zeha@debian.org>
+Cc: vinz <mmpx09@protonmail.com>
+Signed-off-by: Alejandro Colomar <alx@kernel.org>
+---
+ lib/chkhash.c | 4 ++++
+ 1 file changed, 4 insertions(+)
+
+diff --git a/lib/chkhash.c b/lib/chkhash.c
+index 4bf98f8..46b3863 100644
+--- a/lib/chkhash.c
+++ b/lib/chkhash.c
+@@ -8,6 +8,7 @@
+ #include <string.h>
+ 
+ #include "string/strcmp/strprefix.h"
+#include "string/strcmp/streq.h"
+ 
+ /*
+  * match_regex - return true if match, false if not
+@@ -42,6 +43,9 @@ is_valid_hash(const char *hash)
+ 
+ 	hash = strprefix(hash, "!") ?: hash;
+ 
+	if (streq(hash, "*"))
+		return true;
+
+ 	// Minimum hash length
+ 	if (strlen(hash) < 13)
+ 		return false;
@@ -0,0 +1,89 @@
+From: Serge Hallyn <serge@hallyn.com>
+Date: Thu, 27 Jun 2024 01:23:05 +0200
+Subject: upstream testsuite: disable su tests
+
+Debian uses su from util-linux, pointless/impossible to test shadow's su
+here.
+---
+ tests/run_some | 68 ----------------------------------------------------------
+ 1 file changed, 68 deletions(-)
+
+diff --git a/tests/run_some b/tests/run_some
+index c58f59b..46317eb 100755
+--- a/tests/run_some
+++ b/tests/run_some
+@@ -79,74 +79,6 @@ echo "-: test failed"
+ find "${build_path}" -name "*.gcda" -delete
+ # ignore the result of the first test.  ~magic~
+ run_test ./su/01/su_user.test ignore_failure
+-run_test ./su/01/su_user.test
+-run_test ./su/01/su_root.test
+-find "${build_path}" -name "*.gcda" -exec chmod a+rw {} \;
+-run_test ./su/02/env_FOO-options_--login
+-run_test ./su/02/env_FOO-options_--login_bash
+-run_test ./su/02/env_FOO-options_--preserve-environment
+-run_test ./su/02/env_FOO-options_--preserve-environment_bash
+-run_test ./su/02/env_FOO-options_-
+-run_test ./su/02/env_FOO-options_-_bash
+-run_test ./su/02/env_FOO-options_-l-m
+-run_test ./su/02/env_FOO-options_-l-m_bash
+-run_test ./su/02/env_FOO-options_-l
+-run_test ./su/02/env_FOO-options_-l_bash
+-run_test ./su/02/env_FOO-options_-m_bash
+-run_test ./su/02/env_FOO-options_-m
+-run_test ./su/02/env_FOO-options_-p
+-run_test ./su/02/env_FOO-options_-p_bash
+-run_test ./su/02/env_FOO-options__bash
+-run_test ./su/02/env_FOO-options_
+-run_test ./su/02/env_FOO-options_-p-
+-run_test ./su/02/env_FOO-options_-p-_bash
+-run_test ./su/02/env_special-options_-l-p
+-run_test ./su/02/env_special-options_-l
+-run_test ./su/02/env_special-options_-l-p_bash
+-run_test ./su/02/env_special-options_-l_bash
+-run_test ./su/02/env_special-options_-p
+-run_test ./su/02/env_special-options_-p_bash
+-run_test ./su/02/env_special-options_
+-run_test ./su/02/env_special-options__bash
+-run_test ./su/02/env_special_root-options_-l-p
+-run_test ./su/02/env_special_root-options_-l-p_bash
+-run_test ./su/02/env_special_root-options_-l
+-run_test ./su/02/env_special_root-options_-l_bash
+-run_test ./su/02/env_special_root-options_-p
+-run_test ./su/02/env_special_root-options_-p_bash
+-run_test ./su/02/env_special_root-options_
+-run_test ./su/02/env_special_root-options__bash
+-run_test ./su/03/su_run_command01.test
+-run_test ./su/03/su_run_command02.test
+-run_test ./su/03/su_run_command03.test
+-run_test ./su/03/su_run_command04.test
+-run_test ./su/03/su_run_command05.test
+-run_test ./su/03/su_run_command06.test
+-run_test ./su/03/su_run_command07.test
+-run_test ./su/03/su_run_command08.test
+-run_test ./su/03/su_run_command09.test
+-run_test ./su/03/su_run_command10.test
+-run_test ./su/03/su_run_command11.test
+-run_test ./su/03/su_run_command12.test
+-run_test ./su/03/su_run_command13.test
+-run_test ./su/03/su_run_command14.test
+-run_test ./su/03/su_run_command15.test
+-run_test ./su/03/su_run_command16.test
+-run_test ./su/03/su_run_command17.test
+-run_test ./su/04/su_wrong_user.test
+-run_test ./su/04/su_user_wrong_passwd.test
+-run_test ./su/04/su_user_wrong_passwd_syslog.test
+-run_test ./su/05/su_user_wrong_passwd_syslog.test
+-run_test ./su/06/su_user_syslog.test
+-run_test ./su/07/su_user_syslog.test
+-run_test ./su/08/env_special-options_
+-run_test ./su/08/env_special_root-options_
+-run_test ./su/09/env_special-options_
+-run_test ./su/09/env_special_root-options_
+-run_test ./su/10_su_sulog_success/su.test
+-run_test ./su/11_su_sulog_failure/su.test
+-run_test ./su/12_su_child_failure/su.test
+-run_test ./su/13_su_child_success/su.test
+ run_test ./libsubid/01_list_ranges/list_ranges.test
+ run_test ./libsubid/02_get_subid_owners/get_subid_owners.test
+ run_test ./libsubid/03_add_remove/add_remove_subids.test
@@ -0,0 +1,12 @@
+debian/Set-group-and-mode-for-g-shadow-files.patch
+debian/Keep-using-Debian-adduser-defaults.patch
+debian/Exclude-Debian-globally-allocated-UIDs-from-sys_uid-range.patch
+debian/Document-the-shadowconfig-utility.patch
+debian/Recommend-using-adduser-and-deluser.patch
+debian/tests-disable-su.patch
+debian/Adapt-login.defs-for-Debian.patch
+debian/Stop-building-programs-we-do-not-install.patch
+debian/Warn-when-badname-and-variants-are-given.patch
+debian/configure.ac-align-exec_prefix-with-prefix.patch
+upstream/lib-chkhash.c-is_valid_hash-Accept-a-leading.patch
+debian/lib-chkhash.c-is_valid_hash-Accept-as-the-hash.patch
@@ -0,0 +1,39 @@
+From: Alejandro Colomar <alx@kernel.org>
+Date: Wed, 7 Jan 2026 23:39:53 +0100
+Subject: lib/chkhash.c: is_valid_hash(): Accept a leading '!'
+
+A leading '!' means that the account is locked.
+
+Fixes: c44f1e096a19 (2025-07-20; "chpasswd: Check hash before write when using -e")
+Link: <https://github.com/shadow-maint/shadow/issues/1483>
+Link: <https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1124835>
+Reported-by: Chris Hofstaedtler <zeha@debian.org>
+Cc: vinz <mmpx09@protonmail.com>
+Signed-off-by: Alejandro Colomar <alx@kernel.org>
+---
+ lib/chkhash.c | 5 +++++
+ 1 file changed, 5 insertions(+)
+
+diff --git a/lib/chkhash.c b/lib/chkhash.c
+index 6687050..4bf98f8 100644
+--- a/lib/chkhash.c
+++ b/lib/chkhash.c
+@@ -7,6 +7,7 @@
+ #include <stddef.h>
+ #include <string.h>
+ 
+#include "string/strcmp/strprefix.h"
+ 
+ /*
+  * match_regex - return true if match, false if not
+@@ -37,6 +38,10 @@ match_regex(const char *pattern, const char *string)
+ bool 
+ is_valid_hash(const char *hash) 
+ {
+	const char  *p;
+
+	hash = strprefix(hash, "!") ?: hash;
+
+ 	// Minimum hash length
+ 	if (strlen(hash) < 13)
+ 		return false;
@@ -0,0 +1,64 @@
+#!/usr/bin/make -f
+# -*- mode: makefile; coding: utf-8 -*-
+
+# Enable PIE, BINDNOW, and possible future flags.
+export DEB_BUILD_MAINT_OPTIONS = hardening=+all
+DPKG_EXPORT_BUILDFLAGS = 1
+include /usr/share/dpkg/architecture.mk
+include /usr/share/dpkg/buildflags.mk
+include /usr/share/debhelper/dh_package_notes/package-notes.mk
+
+# Adds extra options when calling the configure script:
+DEB_CONFIGURE_EXTRA_FLAGS := \
+	--bindir=/usr/bin \
+	--sbindir=/usr/sbin \
+	--mandir=/usr/share/man \
+	--with-libpam \
+	--with-yescrypt \
+	--enable-shadowgrp \
+	--enable-subordinate-ids \
+	--enable-lastlog=no \
+	--enable-man \
+	--disable-account-tools-setuid \
+	--with-group-name-max-length=32 \
+	--with-acl \
+	--with-attr \
+	--without-su \
+	--without-tcb \
+
+
+ifeq ($(DEB_HOST_ARCH_OS),linux)
+DEB_CONFIGURE_EXTRA_FLAGS += --with-audit
+DEB_CONFIGURE_EXTRA_FLAGS += --with-btrfs
+else
+DEB_CONFIGURE_EXTRA_FLAGS += --disable-logind
+endif
+
+ifneq ($(filter nodoc,$(DEB_BUILD_PROFILES)),)
+DEB_CONFIGURE_EXTRA_FLAGS += --disable-man
+endif
+
+DEB_CONFIGURE_EXTRA_FLAGS += SHELL=/bin/sh
+
+# Set the default editor for vipw/vigr
+CFLAGS += -DDEFAULT_EDITOR="\"sensible-editor\""
+
+%:
+	dh $@
+
+execute_after_dh_auto_clean:
+	# rebuild lib/getdate.c
+	rm -f lib/getdate.c
+
+override_dh_auto_configure:
+	dh_auto_configure -- $(DEB_CONFIGURE_EXTRA_FLAGS)
+
+override_dh_installpam:
+	# Distribute the pam.d files; unless for the commands with disabled PAM
+	# support
+	dh_installpam -p passwd --name=passwd
+	dh_installpam -p passwd --name=chfn
+	dh_installpam -p passwd --name=chsh
+	dh_installpam -p passwd --name=chpasswd
+	dh_installpam -p passwd --name=newusers
+
@@ -0,0 +1,40 @@
+---
+include: https://salsa.debian.org/salsa-ci-team/pipeline/raw/master/salsa-ci.yml
+
+extract-source:
+  extends: .provisioning-extract-source
+
+variables:
+  RELEASE: 'unstable'
+
+build:
+  extends: .build-package
+
+test-build-any:
+  extends: .test-build-package-any
+
+test-build-all:
+  extends: .test-build-package-all
+
+lintian:
+  extends: .test-lintian
+
+autopkgtest:
+  extends: .test-autopkgtest
+
+blhc:
+  extends: .test-blhc
+
+reprotest:
+  extends: .test-reprotest
+
+variables:
+  SALSA_CI_ENABLE_BUILD_PACKAGE_PROFILES: 1
+
+test-build-profiles:
+  extends: .test-build-package-profiles
+  parallel:
+    matrix:
+      - BUILD_PROFILES: nocheck
+      - BUILD_PROFILES: nodoc
+
@@ -0,0 +1,56 @@
+#!/bin/sh
+# turn shadow passwords on on a Debian system
+
+set -e
+
+shadowon () {
+    set -e
+
+    if [ -n "$DPKG_ROOT" ] \
+        && cmp "${DPKG_ROOT}/etc/passwd" "${DPKG_ROOT}/usr/share/base-passwd/passwd.master" 2>/dev/null \
+        && cmp "${DPKG_ROOT}/etc/group" "${DPKG_ROOT}/usr/share/base-passwd/group.master" 2>/dev/null; then
+        # If dpkg is run with --force-script-chrootless and if /etc/passwd
+        # and /etc/group are unchanged, we avoid the chroot() call by manually
+        # processing the files. This produces bit-by-bit identical results
+        # compared to the normal case as shown by the CI setup at
+        # https://salsa.debian.org/helmutg/dpkg-root-demo/-/jobs
+        for f in passwd group; do
+            cp -a "${DPKG_ROOT}/etc/$f" "${DPKG_ROOT}/etc/$f-"
+        done
+        chmod 600 "${DPKG_ROOT}/etc/passwd-"
+        sed -i 's/^\([^:]\+\):\*:/\1:x:/' "${DPKG_ROOT}/etc/group" "${DPKG_ROOT}/etc/passwd"
+        [ -n "$SOURCE_DATE_EPOCH" ] && epoch=$SOURCE_DATE_EPOCH || epoch=$(date +%s)
+        sed "s/^\([^:]\+\):.*/\1:*:$((epoch/60/60/24)):0:99999:7:::/" "${DPKG_ROOT}/etc/passwd" > "${DPKG_ROOT}/etc/shadow"
+        sed "s/^\([^:]\+\):.*/\1:*::/" "${DPKG_ROOT}/etc/group" > "${DPKG_ROOT}/etc/gshadow"
+        touch "${DPKG_ROOT}/etc/.pwd.lock"
+        chmod 600 "${DPKG_ROOT}/etc/.pwd.lock"
+    else
+        pwck -q -r
+        grpck -r
+        pwconv
+        grpconv
+    fi
+    chown root:root "${DPKG_ROOT}/etc/passwd" "${DPKG_ROOT}/etc/group"
+    chmod 644 "${DPKG_ROOT}/etc/passwd" "${DPKG_ROOT}/etc/group"
+    chown root:shadow "${DPKG_ROOT}/etc/shadow" "${DPKG_ROOT}/etc/gshadow"
+    chmod 640 "${DPKG_ROOT}/etc/shadow" "${DPKG_ROOT}/etc/gshadow"
+}
+
+
+case "$1" in
+    "on")
+	if shadowon ; then
+	    echo Shadow passwords are now on.
+	else
+	    echo Please correct the error and rerun \`$0 on\'
+	    exit 1
+	fi
+	;;
+    "off")
+	echo E: Turning shadow passwords off is no longer supported.
+	exit 1
+	;;
+     *)
+	echo Usage: $0 on
+	;;
+esac
@@ -0,0 +1 @@
+deb: libsubid 5 libsubid5 (= ${binary:Version})
@@ -0,0 +1 @@
+3.0 (quilt)
@@ -0,0 +1,6 @@
+# debputy does not need misc:Depends
+debhelper-but-no-misc-depends libsubid-dev
+debhelper-but-no-misc-depends libsubid5
+debhelper-but-no-misc-depends login.defs
+debhelper-but-no-misc-depends passwd
+debhelper-but-no-misc-depends uidmap
@@ -0,0 +1,10 @@
+Tests: smoke
+Restrictions: needs-root, superficial
+
+Tests: upstream
+Depends:
+ expect,
+ procps,
+ @,
+ @builddeps@
+Restrictions: needs-root, build-needed, breaks-testbed, allow-stderr, isolation-machine
@@ -0,0 +1,24 @@
+#!/bin/sh
+
+set -e
+
+echo "Adding a user works"
+useradd shadow-test-user
+grep '^shadow-test-user:x:' /etc/passwd
+grep '^shadow-test-user:!:' /etc/shadow
+
+# Regression test for #1096187. adduser uses this sequence.
+echo "Changing a users name and work phone number works"
+chfn "-f" "foo" "-r" "" shadow-test-user
+chfn -w "" shadow-test-user
+
+# Regression test for #1095430
+TZ=Asia/Tokyo usermod --expiredate 1970-01-02 shadow-test-user
+TZ=Asia/Tokyo LC_ALL=C chage -l shadow-test-user | grep 'Account expires'
+# We expect 1970-01-02, as passed.
+TZ=Asia/Tokyo LC_ALL=C chage -l shadow-test-user | grep -P '^Account expires.*Jan 02, 1970'
+
+echo "Removing a user works"
+userdel shadow-test-user
+! grep 'shadow-test-user' /etc/passwd
+! grep 'shadow-test-user' /etc/shadow
@@ -0,0 +1,15 @@
+#!/bin/sh
+useradd ubuntu
+
+export BUILD_BASE_DIR=$(pwd)
+
+cd tests
+
+cleanup() {
+  cp testsuite.log $AUTOPKGTEST_ARTIFACTS/
+  cat testsuite.log
+}
+
+trap cleanup TERM EXIT
+
+./run_some 2>&1
@@ -0,0 +1,3 @@
+usr/bin/getsubids
+usr/bin/newgidmap
+usr/bin/newuidmap
@@ -0,0 +1,2 @@
+uidmap: elevated-privileges 4755 root/root [usr/bin/newgidmap]
+uidmap: elevated-privileges 4755 root/root [usr/bin/newuidmap]
@@ -0,0 +1,5 @@
+usr/share/man/*/man1/newgidmap.1
+usr/share/man/*/man1/newuidmap.1
+usr/share/man/man1/getsubids.1
+usr/share/man/man1/newgidmap.1
+usr/share/man/man1/newuidmap.1
@@ -0,0 +1,4 @@
+---
+Bug-Database: https://github.com/shadow-maint/shadow/issues
+Bug-Submit: https://github.com/shadow-maint/shadow/issues/new
+Repository-Browse: https://github.com/shadow-maint/shadow
--- a/Show More
+++ b/Show More
				`@@ -0,0 +1 @@`
				`rm_conffile /etc/cron.daily/passwd 1:4.7-2~`
				`@@ -0,0 +1 @@`
				`deb: libsubid 5 libsubid5 (= ${binary:Version})`