lib/run_part: Use correct data types

Signed-off-by: Tobias Stoeckmann <tobias@stoeckmann.org>

Fix typos

Typos in comments and configure output, i.e. no functional change.

Signed-off-by: Tobias Stoeckmann <tobias@stoeckmann.org>

useradd: fix write_full() return value

write_full() returns -1 on error and useradd was checking another value.

Closes: https://github.com/shadow-maint/shadow/issues/1072
Fixes: f45498a6c286 ("libmisc/write_full.c: Improve write_full()")
Reported-by: <https://github.com/brown-midas>
Suggested-by: <https://github.com/brown-midas>
Reviewed-by: Alejandro Colomar <alx@kernel.org>
Reviewed-by: Iker Pedrosa <ipedrosa@redhat.com>

lib/user_busy.c: Include <utmpx.h>

Since:
- utmpx APIs are used in non-Linux code blocks
- <utmpx.h> is already unconditionally included in Linux parts in other
  files
then unconditionally include it in this file as well.

Signed-off-by: Pino Toscano <toscano.pino@tiscali.it>

src/: Recommend --badname only if it is useful

(Review with -w (--ignore-all-space).)

Closes: <https://github.com/shadow-maint/shadow/issues/1067>
Reported-by: Anselm Schüler <mail@anselmschueler.com>
Signed-off-by: Alejandro Colomar <alx@kernel.org>

src/: Invert logic to improve readability

And remove the (now) redundant comments.

Signed-off-by: Alejandro Colomar <alx@kernel.org>

lib/chkname.c: is_valid_{user,group}_name(): Set errno to distinguish the reasons

Signed-off-by: Alejandro Colomar <alx@kernel.org>

man/userdel.8.xml: Reword '-f'

The previous wording seemed to say that -f implied -r.  It doesn't; -f
only skips safety checks, so reword accordingly.

Closes: <https://github.com/shadow-maint/shadow/issues/1062>
Reported-by: Martin von Wittich <martin.von.wittich@iserv.eu>
Cc: "Serge E. Hallyn" <serge@hallyn.com>
Signed-off-by: Alejandro Colomar <alx@kernel.org>

lib/: Chain free(strzero(s))

This reduces the repetition of the argument, which could be error-prone.

Signed-off-by: Alejandro Colomar <alx@kernel.org>

lib/string/memset/: memzero(), strzero(): Return the pointer

This allows chaining with free(3) on the same line.

Signed-off-by: Alejandro Colomar <alx@kernel.org>

lib/: Move memzero.[ch] under lib/string/memset/

Signed-off-by: Alejandro Colomar <alx@kernel.org>

po/es.po: wsfix

Signed-off-by: Alejandro Colomar <alx@kernel.org>

lib/string/strftime.h: STRFTIME(): Tighten macro definition

strftime(3) is not a variadic function; there's exactly one argument
after the format string.

Signed-off-by: Alejandro Colomar <alx@kernel.org>

src/chage.c: print_day_as_date(): Handle errors from strfime(3)

Just like we do in day_to_str().

Signed-off-by: Alejandro Colomar <alx@kernel.org>

src/chage.c: print_day_as_date(): Simplify error handling

If localtime_r(3) fails, just print future, as we do in day_to_str().
It should only fail for unrealistic dates, if at all.

Signed-off-by: Alejandro Colomar <alx@kernel.org>

lib/, src/: Use %F instead of %Y-%m-%d with strftime(3)

%F is specified by ISO C99.  It adds semantic meaning as printing an
ISO 8601 date.

Scripted change:

$ cat ~/tmp/spatch/strftime_F.sp
@@
@@

- "%Y-%m-%d"
+ "%F"
$ find contrib/ lib* src/ -type f \
| xargs spatch --sp-file ~/tmp/spatch/strftime_F.sp --in-place

Signed-off-by: Alejandro Colomar <alx@kernel.org>

Remove references to cppw, cpgr

cppw, cpgr were Debian-only tools, which I've dropped in a recent upload.

Upstream should have never had tests for them.

Signed-off-by: Chris Hofstaedtler <zeha@debian.org>

Update Catalan translation

lib/, src/: Use local time for human-readable dates

That is, use localtime_r(3) instead of gmtime_r(3).

Closes: <https://github.com/shadow-maint/shadow/issues/1057>
Reported-by: Gus Kenion <https://github.com/kenion>
Cc: Serge Hallyn <serge@hallyn.com>
Cc: Paul Eggert <eggert@cs.ucla.edu>
Signed-off-by: Alejandro Colomar <alx@kernel.org>

doc(login.defs): fix type of TTYPERM

share/containers: remove unused dockerfiles

Signed-off-by: Iker Pedrosa <ipedrosa@redhat.com>

CI: use Ansible build in Github Action

Signed-off-by: Iker Pedrosa <ipedrosa@redhat.com>

doc: update documentation to use Ansible build

Signed-off-by: Iker Pedrosa <ipedrosa@redhat.com>

share/container-build.sh: update to use Ansible build

Signed-off-by: Iker Pedrosa <ipedrosa@redhat.com>

share/ansible: implement distribution selection

Distribution to run can be selected when running `ansible-playbook` by
appending `-e 'distribution=fedora'` to the command.

Signed-off-by: Iker Pedrosa <ipedrosa@redhat.com>

share/ansible: convert alpine dockerfile to ansible

Signed-off-by: Iker Pedrosa <ipedrosa@redhat.com>

share/ansible: convert debian dockerfile to ansible

Signed-off-by: Iker Pedrosa <ipedrosa@redhat.com>

share/ansible: move fedora ci_run to its own file

Signed-off-by: Iker Pedrosa <ipedrosa@redhat.com>

share/.gitignore: add build-out folder

Signed-off-by: Iker Pedrosa <ipedrosa@redhat.com>

share/ansible: create roles

Create `build_container` and `ci_run` roles and move the fedora target
to them.

Signed-off-by: Iker Pedrosa <ipedrosa@redhat.com>

share/ansible: convert fedora dockerfile to ansible

Using a dockerfile to build, install and test the code can be
problematic as we can't capture the log files to check what failed in
case of failure. This PR converts the fedora dockerfile to Ansible, an
open source IT automation tool. The tool can be used on the developers
and the CI system to check whether a piece of code can be built,
installed and tested.

This is the first patch in a series, where I will convert the existing
PR workflows to use Ansible instead of dockerfiles.

Signed-off-by: Iker Pedrosa <ipedrosa@redhat.com>

Makefile.am: avoid warning: EXTRA_DIST multiply defined

automake complained about duplicate definitions of EXTRA_DIST:

autoreconf: running: automake --add-missing --copy --no-force
Makefile.am:19: warning: EXTRA_DIST multiply defined in condition TRUE ...
Makefile.am:3: ... 'EXTRA_DIST' previously defined here
autoreconf: Leaving directory '.'

Signed-off-by: Chris Hofstaedtler <zeha@debian.org>

tests/libsubid/04_nss: fix setting basedir

Align on variable name BUILD_BASE_DIR for overriding the toplevel
directory. This is the same name as accepted by tests/common/config.sh.

Without this, the test libsubid/04_nss fails in Debian's autopkgtests.

Signed-off-by: Chris Hofstaedtler <zeha@debian.org>

man: groupmod: remove misleading -N option

The extra paragraph for --users mentions a -N option. groupmod has no -N
option.

Prevent confusion and remove its appearance.

Signed-off-by: Sebastian Gross <sgross@emlix.com>

man: group(add|mod): clarify list format

The --users list option expect a string of comma separated values.
While this might be obvious to some others it is certainly not for others.

Remove this ambiguity.

Closes #848

Signed-off-by: Sebastian Gross <sgross@emlix.com>

man: groupmod: fix misleading param

--append has no argument in groupmod.c but the man pages states GID as
parameter.

In order to avoid confusion remove it from man page.

Signed-off-by: Sebastian Gross <sgross@emlix.com>

lib/chkname.c: An object cannot expand further than the universe in which it resides

If you want a larger object, you'll have to wait at least until the
universe expands so much.

If an implementation doesn't recognize its own limitations, its a bug,
not a feature.

Closes: <https://github.com/shadow-maint/shadow/issues/1052>
Cc: Tobias Stoeckmann <tobias@stoeckmann.org>
Signed-off-by: Alejandro Colomar <alx@kernel.org>

lib/atoi/strtoi/, tests/: strto[iu]_(): 1 is an invalid base

Signed-off-by: Alejandro Colomar <alx@kernel.org>

lib/atoi/, *: Split files

src/usermod.c: Use id_t for parsing uid_t and gid_t

Use a static_assert(3) to make sure that id_t == uid_t == gid_t.

And use uintmax_t to print it, since on Linux they are unsigned types.

Link: <https://github.com/shadow-maint/shadow/pull/951>
Reviewed-by: Tycho Andersen <tycho@tycho.pizza>
Cc: Serge Hallyn <serge@hallyn.com>
Signed-off-by: Alejandro Colomar <alx@kernel.org>

src/usermod.c: Rename identifiers ralated to [ug]id's

It was unclear why this code is using ulong.  Since these only handle
uid's and gid's, rename the identifiers accordingly, after id_t.

Link: <https://github.com/shadow-maint/shadow/pull/951>
Signed-off-by: Alejandro Colomar <alx@kernel.org>

lib/idmapping.c: get_map_ranges(): Don't exit() from a library function

Fixes: ff2baed5dbf8 ("idmapping: add more checks for overflow")
Link: <https://github.com/shadow-maint/shadow/commit/ff2baed5dbf81e8967b805889f565fedb48600df#r136635300>
Reported-by: Alejandro Colomar <alx@kernel.org>
Suggested-by: Serge Hallyn <serge@hallyn.com>
Signed-off-by: Alejandro Colomar <alx@kernel.org>

lib/idmapping.c: get_map_ranges(): Simplify iterator variables

Merge two iterator variables into one, and reduce its scope.

Signed-off-by: Alejandro Colomar <alx@kernel.org>

lib/idmapping.c: get_map_ranges(): Remove dead code

This test is impossible.  The limits specified in a2ul() already cover
this.

Link: <https://github.com/shadow-maint/shadow/commit/ff2baed5dbf81e8967b805889f565fedb48600df#r136635300>
Cc: Serge Hallyn <serge@hallyn.com>
Signed-off-by: Alejandro Colomar <alx@kernel.org>

lib/idmapping.c: get_map_ranges(): Move range check to a2ul() call

Link: <https://github.com/shadow-maint/shadow/commit/ff2baed5dbf81e8967b805889f565fedb48600df#r136635300>
Cc: Serge Hallyn <serge@hallyn.com>
Signed-off-by: Alejandro Colomar <alx@kernel.org>

lib/idmapping.c: get_map_ranges(): Move range check to a2ul() call

Link: <https://github.com/shadow-maint/shadow/commit/ff2baed5dbf81e8967b805889f565fedb48600df#r136635300>
Cc: Serge Hallyn <serge@hallyn.com>
Signed-off-by: Alejandro Colomar <alx@kernel.org>

lib/idmapping.c: get_map_ranges(): Move range check to a2ul() calls

Link: <https://github.com/shadow-maint/shadow/commit/ff2baed5dbf81e8967b805889f565fedb48600df#r136635300>
Cc: Serge Hallyn <serge@hallyn.com>
Signed-off-by: Alejandro Colomar <alx@kernel.org>

lib/idmapping.c: get_map_ranges(): Rename local variable

For a pointer iterator used often, a single-letter identifier is more
appropriate.  That reduces the length of lines considerably, avoiding
unnecessary line breaks.  And since we initialize it with

m = mappings;

it's clear what it is.

Link: <https://github.com/shadow-maint/shadow/commit/ff2baed5dbf81e8967b805889f565fedb48600df#r136635300>
Cc: Serge Hallyn <serge@hallyn.com>
Signed-off-by: Alejandro Colomar <alx@kernel.org>

lib/limits.c: check_logins(): Report LOGIN_ERROR_LOGIN if str2ul() ERANGE

Fixes: 10396f953613 ("* libmisc/limits.c: Parse the limits, umask, nice, maxlogin, file limit with getlog() / getulong().")
Link: <https://github.com/shadow-maint/shadow/pull/893/commits/882cf59459bc4501b0882a7f02d36c8ce28a30f2>
Cc: Iker Pedrosa <ipedrosa@redhat.com>
Signed-off-by: Alejandro Colomar <alx@kernel.org>

src/login_nopam.c: login_access(): Use stpsep() to simplify

Signed-off-by: Alejandro Colomar <alx@kernel.org>

src/useradd.c: Use stpsep() to simplify

This allows using plain strcmp(3) instead of MATCH().

Signed-off-by: Alejandro Colomar <alx@kernel.org>

lib/nss.c: nss_init(): Use stpsep() instead of strtok_r(3)

Signed-off-by: Alejandro Colomar <alx@kernel.org>

src/suauth.c: check_su_auth(): Use stpsep() to simplify

Signed-off-by: Alejandro Colomar <alx@kernel.org>

lib/string/strchr/stpcspn.[ch]: stpcspn(): Remove unused function

Signed-off-by: Alejandro Colomar <alx@kernel.org>

lib/attr.h: ATTR_STRING(): It only accepts one argument

Signed-off-by: Alejandro Colomar <alx@kernel.org>

lib/, src/: Use stpsep() instead of its pattern

Signed-off-by: Alejandro Colomar <alx@kernel.org>

lib/string/strtok/stpsep.[ch]: stpsep(): Add function

This function is somewhat simpler to use than strsep(3) in some cases.

Signed-off-by: Alejandro Colomar <alx@kernel.org>

lib/find_new_[gu]id.c: include stdint.h for UINT16_MAX/UINT32_MAX

Signed-off-by: Chris Hofstaedtler <zeha@debian.org>

lib/port.c: getportent(): Use strsep(3) instead of its pattern

Signed-off-by: Alejandro Colomar <alx@kernel.org>

lib/port.c: getportent(): Align variables

Signed-off-by: Alejandro Colomar <alx@kernel.org>

lib/port.c: getttyuser(): Use pointer arithmetic to simplify

Signed-off-by: Alejandro Colomar <alx@kernel.org>

lib/port.c: getportent(): Use equivalent code to parse equally-formatted fields

The tty names field and the user names field have the same formatting:
a CSV terminated by a ':'.  Thus, we can --and should-- use the same
exact code for parsing both.

Signed-off-by: Alejandro Colomar <alx@kernel.org>

lib/port.c: getportent(): Make sure the aren't too many fields in the CSV

Otherwise, the line is invalidly formatted, and we ignore it.

Detailed explanation:

There are two conditions on which we break out of the loops that precede
these added checks:

-  j is too big (we've exhausted the space in the static arrays)

$ grep -r -e PORT_TTY -e PORT_IDS lib/port.*
lib/port.c: static char *ttys[PORT_TTY + 1]; /* some pointers to tty names     */
lib/port.c: static char *users[PORT_IDS + 1]; /* some pointers to user ids     */
lib/port.c: for (cp = buf, j = 0; j < PORT_TTY; j++) {
lib/port.c: if ((',' == *cp) && (j < PORT_IDS)) {
lib/port.h: * PORT_IDS - Allowable number of IDs per entry.
lib/port.h: * PORT_TTY - Allowable number of TTYs per entry.
lib/port.h:#define PORT_IDS 64
lib/port.h:#define PORT_TTY 64

-  strpbrk(3) found a ':', which signals the end of the comma-sepatated
   list, and the start of the next colon-separated field.

If the first character in the remainder of the string is not a ':', it
means we've exhausted the array size, but the CSV list was longer, so
we'd be truncating it.  Consider the entire line invalid, and skip it.

Signed-off-by: Alejandro Colomar <alx@kernel.org>

lib/port.c: getportent(): Make sure there are at least 2 ':' in the line

Otherwise, the line is invalidly formatted, and we ignore it.

Closes: <https://github.com/shadow-maint/shadow/issues/1036>
Signed-off-by: Alejandro Colomar <alx@kernel.org>

lib/port.c: getportent(): Remove obvious comments

And do some style changes on the corresponding code.

Signed-off-by: Alejandro Colomar <alx@kernel.org>

lib/port.c: getportent(): Rename goto label

This label means we detected a bogus line, and want to skip it and jump
to the next one; rename it accordingly.  'again' seemed to say that it
was somehow looping on the same line.

Signed-off-by: Alejandro Colomar <alx@kernel.org>

lib/port.c: getttyuser(): Use goto to break out of nested loops

Signed-off-by: Alejandro Colomar <alx@kernel.org>

lib/port.c: getttyuser(): Remove dead code

port.pt_names cannot be NULL; it always points to the static array ttys.

$ grep -rn pt_names
lib/port.c:157: port.pt_names = ttys;
lib/port.c:159: port.pt_names[j] = cp;
lib/port.c:172: port.pt_names[j] = NULL;
lib/port.c:344: for (i = 0; NULL != port->pt_names[i]; i++) {
lib/port.c:345: if (portcmp (port->pt_names[i], tty) == 0) {
lib/port.c:350: if (port->pt_names[i] == 0) {
lib/port.h:39: * pt_names - pointer to array of device names in /dev/
lib/port.h:45: char **pt_names;

Signed-off-by: Alejandro Colomar <alx@kernel.org>

contrib/adduser.c: main(): Use strcpy/cat(3) instead of their pattern

Signed-off-by: Alejandro Colomar <alx@kernel.org>

contrib, lib/, src/, tests/: Use stpcpy(3) instead of its pattern

Signed-off-by: Alejandro Colomar <alx@kernel.org>

lib/, src/: Use strrspn() instead of its pattern

This requires changing isspace(3) calls to an explicit accept string,
and I chose " \t\n" for it (as is done in other parts of this project),
which isn't exactly the same, but we probably don't want other
isspace(3) characters in those files, so it should work.

Signed-off-by: Alejandro Colomar <alx@kernel.org>

lib/sssd.c: Style fixes

Signed-off-by: Alejandro Colomar <alx@kernel.org>

src/login_nopam.c: login_access(): Simplify, calling strchr(3)

Signed-off-by: Alejandro Colomar <alx@kernel.org>

lib/getdef.c: def_load(): Use stp[c]spn() instead of their patterns

Signed-off-by: Alejandro Colomar <alx@kernel.org>

lib/string/strchr/: stp[c]spn(), strrspn(), strnul(): Add macros and functions

Often, a pointer is more useful than a length when calling these.

Link: <https://docs.oracle.com/cd/E86824_01/html/E54769/strrspn-3gen.html>
Signed-off-by: Alejandro Colomar <alx@kernel.org>

src/chage.c: Simplify, by calling a2sl() instead of str2sl()

Reviewed-by: "Serge E. Hallyn" <serge@hallyn.com>
Signed-off-by: Alejandro Colomar <alx@kernel.org>

src/faillog.c: Simplify, by calling str2sh() instead of str2sl()

Reviewed-by: "Serge E. Hallyn" <serge@hallyn.com>
Signed-off-by: Alejandro Colomar <alx@kernel.org>

src/usermod.c: Simplify, by calling a2sl() instead of str2sl()

Reviewed-by: "Serge E. Hallyn" <serge@hallyn.com>
Signed-off-by: Alejandro Colomar <alx@kernel.org>

src/passwd.c: Simplify, by calling a2sl() instead of str2sl()

Reviewed-by: "Serge E. Hallyn" <serge@hallyn.com>
Signed-off-by: Alejandro Colomar <alx@kernel.org>

src/useradd.c: Simplify, by calling a2sl() instead of str2sl()

Reviewed-by: "Serge E. Hallyn" <serge@hallyn.com>
Signed-off-by: Alejandro Colomar <alx@kernel.org>

src/: Use get_[ug]id() where appropriate

Reviewed-by: "Serge E. Hallyn" <serge@hallyn.com>
Signed-off-by: Alejandro Colomar <alx@kernel.org>

lib/shadow.c: my_sgetspent(): Simplify error handling

Handle negative values as errors from a2sl(), and reuse its
error-handling code.

Cc: Iker Pedrosa <ipedrosa@redhat.com>
Reviewed-by: "Serge E. Hallyn" <serge@hallyn.com>
Signed-off-by: Alejandro Colomar <alx@kernel.org>

lib/shadow.c: my_sgetspent(): Remove dead code

spwd.sp_flag is an unsigned long, which can never be negative.

Reviewed-by: "Serge E. Hallyn" <serge@hallyn.com>
Signed-off-by: Alejandro Colomar <alx@kernel.org>

lib/shadow.c: my_sgetspent(): Merge 'else {if}' into 'else if'

This reduces indentation.

Reviewed-by: "Serge E. Hallyn" <serge@hallyn.com>
Signed-off-by: Alejandro Colomar <alx@kernel.org>

lib/sgetspent.c: sgetspent(): Simplify, by calling a2sl() instead of str2sl()

Reviewed-by: "Serge E. Hallyn" <serge@hallyn.com>
Signed-off-by: Alejandro Colomar <alx@kernel.org>

lib/limits.c: setup_limits(): Simplify, by calling str2i(mode_t, ) instead of str2ul()

Reviewed-by: "Serge E. Hallyn" <serge@hallyn.com>
Signed-off-by: Alejandro Colomar <alx@kernel.org>

lib/limits.c: setup_limits(): Simplify, by calling str2si() instead of str2sl()

Reviewed-by: "Serge E. Hallyn" <serge@hallyn.com>
Signed-off-by: Alejandro Colomar <alx@kernel.org>

lib/limits.c: setup_limits(): Simplify, by calling a2si() instead of str2sl()

Reviewed-by: "Serge E. Hallyn" <serge@hallyn.com>
Signed-off-by: Alejandro Colomar <alx@kernel.org>

lib/limits.c: set_umask(): Simplify, by calling str2i(mode_t, ) instead of str2ul()

Reviewed-by: "Serge E. Hallyn" <serge@hallyn.com>
Signed-off-by: Alejandro Colomar <alx@kernel.org>

lib/limits.c: set_prio(): Simplify, by calling str2si() instead of str2sl()

Reviewed-by: "Serge E. Hallyn" <serge@hallyn.com>
Signed-off-by: Alejandro Colomar <alx@kernel.org>

lib/getdef.c: getdef_long(): Simplify, by calling a2sl() instead of str2sl()

Reviewed-by: "Serge E. Hallyn" <serge@hallyn.com>
Signed-off-by: Alejandro Colomar <alx@kernel.org>

lib/getdef.c: getdef_unum(): Fix wrong limit check

The limit, since it's an unsigned int, should have been UINT_MAX, not
INT_MAX.  By calling a2ui() we can fix that and simplify too.

Reviewed-by: "Serge E. Hallyn" <serge@hallyn.com>
Signed-off-by: Alejandro Colomar <alx@kernel.org>

lib/getdef.c: getdef_num(): Simplify, by calling a2si() instead of str2sl()

Reviewed-by: "Serge E. Hallyn" <serge@hallyn.com>
Signed-off-by: Alejandro Colomar <alx@kernel.org>

Remove groups(1)

Signed-off-by: Alejandro Colomar <alx@kernel.org>

Remove id(1)

Distributions use id(1) from GNU coreutils or BusyBox.  Drop ours.

Closes: <https://github.com/shadow-maint/shadow/issues/1005>
Suggested-by: dkwo <nicolopiazzalunga@gmail.com>
Cc: "Serge E. Hallyn" <serge@hallyn.com>
Cc: Iker Pedrosa <ipedrosa@redhat.com>
Cc: Michael Vetter <jubalh@iodoru.org>
Cc: Sam James <sam@gentoo.org>
Signed-off-by: Alejandro Colomar <alx@kernel.org>

lib/idmapping.c: Use long constants in prctl(2), and remove 0s

The prctl(2) system-call wrapper is implemented as a variadic function.
This makes it important to pass arguments to it of the right type (and
more importantly of the right width), to avoid undefined behavior.

While at it, check errors with ==-1, not <0, which is more explicit.

Also, PR_SET_KEEPCAPS(2const) doesn't need all arguments, so it can be
called with just two of them; remove unnecessary 0s.

See-also: prctl(2), PR_SET_KEEPCAPS(2const)
Link: <https://lore.kernel.org/linux-man/ddbdyaiptesjalgfmztxideej67e3yaob7ucsmbf6qvriwxiif@dohhxrqgwhrf/T/#med306b5b003f9cc7cc2de69fcdd7ee2d056d0954>
Cc: Xi Ruoyao <xry111@xry111.site>
Cc: Lukas Slebodnik <lslebodn@fedoraproject.org>
Signed-off-by: Alejandro Colomar <alx@kernel.org>

lib/attr.h: Use C23-style attributes

They're stricter.  The GNU attributes are too lazy, and can be misused
more easily.  Also, mixing both has its own problems.

Link: <https://gcc.gnu.org/bugzilla/show_bug.cgi?id=108796>
Signed-off-by: Alejandro Colomar <alx@kernel.org>

lib/gshadow.c: Use XREALLOC() instead of silently continuing on ENOMEM

We should do better, and correctly handle errors, since this is library
code.  However, I'm lazy right now, so let's die hard, and let us
improve this later.

Link: <https://github.com/shadow-maint/shadow/pull/991#discussion_r1660308154>
Reported-by: Serge Hallyn <serge@hallyn.com>
Signed-off-by: Alejandro Colomar <alx@kernel.org>

src/: Remove dead code

FIRST_MEMBER_IS_ADMIN was never enabled.  And BTW, that code had been
broken for a long time, so probably nobody should manually enable it.

Link: <https://github.com/shadow-maint/shadow/pull/991#discussion_r1660308748>
Reported-by: Serge Hallyn <serge@hallyn.com>
Signed-off-by: Alejandro Colomar <alx@kernel.org>

lib/: Use [[gnu::alloc_size(...)]] on allocation functions

Suggested-by: Martin Uecker <uecker@tugraz.at>
Signed-off-by: Alejandro Colomar <alx@kernel.org>