lib/port.c: getttyuser(): Remove dead code

port.pt_names cannot be NULL; it always points to the static array ttys.

$ grep -rn pt_names
lib/port.c:157: port.pt_names = ttys;
lib/port.c:159: port.pt_names[j] = cp;
lib/port.c:172: port.pt_names[j] = NULL;
lib/port.c:344: for (i = 0; NULL != port->pt_names[i]; i++) {
lib/port.c:345: if (portcmp (port->pt_names[i], tty) == 0) {
lib/port.c:350: if (port->pt_names[i] == 0) {
lib/port.h:39: * pt_names - pointer to array of device names in /dev/
lib/port.h:45: char **pt_names;

Signed-off-by: Alejandro Colomar <alx@kernel.org>

contrib/adduser.c: main(): Use strcpy/cat(3) instead of their pattern

Signed-off-by: Alejandro Colomar <alx@kernel.org>

contrib, lib/, src/, tests/: Use stpcpy(3) instead of its pattern

Signed-off-by: Alejandro Colomar <alx@kernel.org>

lib/, src/: Use strrspn() instead of its pattern

This requires changing isspace(3) calls to an explicit accept string,
and I chose " \t\n" for it (as is done in other parts of this project),
which isn't exactly the same, but we probably don't want other
isspace(3) characters in those files, so it should work.

Signed-off-by: Alejandro Colomar <alx@kernel.org>

lib/sssd.c: Style fixes

Signed-off-by: Alejandro Colomar <alx@kernel.org>

src/login_nopam.c: login_access(): Simplify, calling strchr(3)

Signed-off-by: Alejandro Colomar <alx@kernel.org>

lib/getdef.c: def_load(): Use stp[c]spn() instead of their patterns

Signed-off-by: Alejandro Colomar <alx@kernel.org>

lib/string/strchr/: stp[c]spn(), strrspn(), strnul(): Add macros and functions

Often, a pointer is more useful than a length when calling these.

Link: <https://docs.oracle.com/cd/E86824_01/html/E54769/strrspn-3gen.html>
Signed-off-by: Alejandro Colomar <alx@kernel.org>

src/chage.c: Simplify, by calling a2sl() instead of str2sl()

Reviewed-by: "Serge E. Hallyn" <serge@hallyn.com>
Signed-off-by: Alejandro Colomar <alx@kernel.org>

src/faillog.c: Simplify, by calling str2sh() instead of str2sl()

Reviewed-by: "Serge E. Hallyn" <serge@hallyn.com>
Signed-off-by: Alejandro Colomar <alx@kernel.org>

src/usermod.c: Simplify, by calling a2sl() instead of str2sl()

Reviewed-by: "Serge E. Hallyn" <serge@hallyn.com>
Signed-off-by: Alejandro Colomar <alx@kernel.org>

src/passwd.c: Simplify, by calling a2sl() instead of str2sl()

Reviewed-by: "Serge E. Hallyn" <serge@hallyn.com>
Signed-off-by: Alejandro Colomar <alx@kernel.org>

src/useradd.c: Simplify, by calling a2sl() instead of str2sl()

Reviewed-by: "Serge E. Hallyn" <serge@hallyn.com>
Signed-off-by: Alejandro Colomar <alx@kernel.org>

src/: Use get_[ug]id() where appropriate

Reviewed-by: "Serge E. Hallyn" <serge@hallyn.com>
Signed-off-by: Alejandro Colomar <alx@kernel.org>

lib/shadow.c: my_sgetspent(): Simplify error handling

Handle negative values as errors from a2sl(), and reuse its
error-handling code.

Cc: Iker Pedrosa <ipedrosa@redhat.com>
Reviewed-by: "Serge E. Hallyn" <serge@hallyn.com>
Signed-off-by: Alejandro Colomar <alx@kernel.org>

lib/shadow.c: my_sgetspent(): Remove dead code

spwd.sp_flag is an unsigned long, which can never be negative.

Reviewed-by: "Serge E. Hallyn" <serge@hallyn.com>
Signed-off-by: Alejandro Colomar <alx@kernel.org>

lib/shadow.c: my_sgetspent(): Merge 'else {if}' into 'else if'

This reduces indentation.

Reviewed-by: "Serge E. Hallyn" <serge@hallyn.com>
Signed-off-by: Alejandro Colomar <alx@kernel.org>

lib/sgetspent.c: sgetspent(): Simplify, by calling a2sl() instead of str2sl()

Reviewed-by: "Serge E. Hallyn" <serge@hallyn.com>
Signed-off-by: Alejandro Colomar <alx@kernel.org>

lib/limits.c: setup_limits(): Simplify, by calling str2i(mode_t, ) instead of str2ul()

Reviewed-by: "Serge E. Hallyn" <serge@hallyn.com>
Signed-off-by: Alejandro Colomar <alx@kernel.org>

lib/limits.c: setup_limits(): Simplify, by calling str2si() instead of str2sl()

Reviewed-by: "Serge E. Hallyn" <serge@hallyn.com>
Signed-off-by: Alejandro Colomar <alx@kernel.org>

lib/limits.c: setup_limits(): Simplify, by calling a2si() instead of str2sl()

Reviewed-by: "Serge E. Hallyn" <serge@hallyn.com>
Signed-off-by: Alejandro Colomar <alx@kernel.org>

lib/limits.c: set_umask(): Simplify, by calling str2i(mode_t, ) instead of str2ul()

Reviewed-by: "Serge E. Hallyn" <serge@hallyn.com>
Signed-off-by: Alejandro Colomar <alx@kernel.org>

lib/limits.c: set_prio(): Simplify, by calling str2si() instead of str2sl()

Reviewed-by: "Serge E. Hallyn" <serge@hallyn.com>
Signed-off-by: Alejandro Colomar <alx@kernel.org>

lib/getdef.c: getdef_long(): Simplify, by calling a2sl() instead of str2sl()

Reviewed-by: "Serge E. Hallyn" <serge@hallyn.com>
Signed-off-by: Alejandro Colomar <alx@kernel.org>

lib/getdef.c: getdef_unum(): Fix wrong limit check

The limit, since it's an unsigned int, should have been UINT_MAX, not
INT_MAX.  By calling a2ui() we can fix that and simplify too.

Reviewed-by: "Serge E. Hallyn" <serge@hallyn.com>
Signed-off-by: Alejandro Colomar <alx@kernel.org>

lib/getdef.c: getdef_num(): Simplify, by calling a2si() instead of str2sl()

Reviewed-by: "Serge E. Hallyn" <serge@hallyn.com>
Signed-off-by: Alejandro Colomar <alx@kernel.org>

Remove groups(1)

Signed-off-by: Alejandro Colomar <alx@kernel.org>

Remove id(1)

Distributions use id(1) from GNU coreutils or BusyBox.  Drop ours.

Closes: <https://github.com/shadow-maint/shadow/issues/1005>
Suggested-by: dkwo <nicolopiazzalunga@gmail.com>
Cc: "Serge E. Hallyn" <serge@hallyn.com>
Cc: Iker Pedrosa <ipedrosa@redhat.com>
Cc: Michael Vetter <jubalh@iodoru.org>
Cc: Sam James <sam@gentoo.org>
Signed-off-by: Alejandro Colomar <alx@kernel.org>

lib/idmapping.c: Use long constants in prctl(2), and remove 0s

The prctl(2) system-call wrapper is implemented as a variadic function.
This makes it important to pass arguments to it of the right type (and
more importantly of the right width), to avoid undefined behavior.

While at it, check errors with ==-1, not <0, which is more explicit.

Also, PR_SET_KEEPCAPS(2const) doesn't need all arguments, so it can be
called with just two of them; remove unnecessary 0s.

See-also: prctl(2), PR_SET_KEEPCAPS(2const)
Link: <https://lore.kernel.org/linux-man/ddbdyaiptesjalgfmztxideej67e3yaob7ucsmbf6qvriwxiif@dohhxrqgwhrf/T/#med306b5b003f9cc7cc2de69fcdd7ee2d056d0954>
Cc: Xi Ruoyao <xry111@xry111.site>
Cc: Lukas Slebodnik <lslebodn@fedoraproject.org>
Signed-off-by: Alejandro Colomar <alx@kernel.org>

lib/attr.h: Use C23-style attributes

They're stricter.  The GNU attributes are too lazy, and can be misused
more easily.  Also, mixing both has its own problems.

Link: <https://gcc.gnu.org/bugzilla/show_bug.cgi?id=108796>
Signed-off-by: Alejandro Colomar <alx@kernel.org>

lib/gshadow.c: Use XREALLOC() instead of silently continuing on ENOMEM

We should do better, and correctly handle errors, since this is library
code.  However, I'm lazy right now, so let's die hard, and let us
improve this later.

Link: <https://github.com/shadow-maint/shadow/pull/991#discussion_r1660308154>
Reported-by: Serge Hallyn <serge@hallyn.com>
Signed-off-by: Alejandro Colomar <alx@kernel.org>

src/: Remove dead code

FIRST_MEMBER_IS_ADMIN was never enabled.  And BTW, that code had been
broken for a long time, so probably nobody should manually enable it.

Link: <https://github.com/shadow-maint/shadow/pull/991#discussion_r1660308748>
Reported-by: Serge Hallyn <serge@hallyn.com>
Signed-off-by: Alejandro Colomar <alx@kernel.org>

lib/: Use [[gnu::alloc_size(...)]] on allocation functions

Suggested-by: Martin Uecker <uecker@tugraz.at>
Signed-off-by: Alejandro Colomar <alx@kernel.org>

lib/: Use multi-line macro definitions

This reduces the complexity of those nested parentheses.

Signed-off-by: Alejandro Colomar <alx@kernel.org>

lib/alloc/, lib/, src/, tests/: Organize the allocation APIs in a new subdirectory

Signed-off-by: Alejandro Colomar <alx@kernel.org>

lib/alloc.[ch]: xmalloc(): Remove unused function

Signed-off-by: Alejandro Colomar <alx@kernel.org>

lib/string/strdup/xstrdup.[ch], lib/, src/: Move xstrdup() to its own file

Signed-off-by: Alejandro Colomar <alx@kernel.org>

lib/string/strcpy/zustr2stp.[ch], tests/: Remove ZUSTR2STP()

Signed-off-by: Alejandro Colomar <alx@kernel.org>

src/logoutd.c: Use STRNCAT() instead of its pattern

Signed-off-by: Alejandro Colomar <alx@kernel.org>

src/logoutd.c: Use STRNDUPA() instead of its pattern

STRNDUPA() is equivalent to automatic storage allocation (alloca(3))
+ ZUSTR2STP().

The benefits of this refactor are:

-  The allocation size is always correct, and needs no comments, since
   it's now automatically calculated by the macro.

-  STRNDUPA() is probably more familiar, since
   -  strndupa(3) is a libc function,
   -  STRNDUPA() is the obvious wrapper that
      calculates the size based on the input array.

-  We can remove ZUSTR2STP().

Signed-off-by: Alejandro Colomar <alx@kernel.org>

src/newusers.c: Exit on ENOMEM, by calling xstrdup() instead of strdup(3)

The program was happily ignoring ENOMEM errors.

Fixes: 7f9e19690333 ("* NEWS, src/newusers.c, src/Makefile.am: Added support for")
Signed-off-by: Alejandro Colomar <alx@kernel.org>

lib/utmp.c: prepare_utmp(): Use xstrdup() instead of its pattern

Signed-off-by: Alejandro Colomar <alx@kernel.org>

lib/utmp.c: Use XSTRNDUP() instead of its pattern

Signed-off-by: Alejandro Colomar <alx@kernel.org>

lib/string/strdup/: XSTRNDUP(), STRNDUPA(): Add macros

Signed-off-by: Alejandro Colomar <alx@kernel.org>

lib/string/strcpy/strncat.[ch]: STRNCAT(): Add macro

Signed-off-by: Alejandro Colomar <alx@kernel.org>

src/: Use xasprintf() instead of its pattern

Signed-off-by: Alejandro Colomar <alx@kernel.org>

src/groupmems.c: Fix number of elements in allocation

We are setting `sgrent.sg_adm[1] = NULL;`, so we need 2 elements.

Fixes: 87b56b19fb72 ("* NEWS, src/groupmems.c, man/groupmems.8.xml: Added support for [...]")
Signed-off-by: Alejandro Colomar <alx@kernel.org>

lib/gshadow.c: build_list(): Fix REALLOC() nmemb calculation

Fixes: efbbcade43ff ("Use safer allocation macros")
Signed-off-by: Alejandro Colomar <alx@kernel.org>

lib/gshadow.c: build_list(): Fix forever loop on ENOMEM

Before this patch, the function looped while (s != NULL && *s != '\0').
However, nothing was modifying that string if REALLOC() failed, so the
loop was forever.

Fixes: 8e167d28afd6 ("[svn-upgrade] Integrating new upstream version, shadow (4.0.8)")
Signed-off-by: Alejandro Colomar <alx@kernel.org>

lib/, src/: Use strsep(3) instead of its pattern

Signed-off-by: Alejandro Colomar <alx@kernel.org>

src/useradd.c: tallylog_reset(): Use Basename() instead of its pattern

Signed-off-by: Alejandro Colomar <alx@kernel.org>

lib/, src/: Use strchrnul(3) instead of its pattern

In the files where #include <string.h> is missing, add it, and sort the
includes.

Signed-off-by: Alejandro Colomar <alx@kernel.org>

lib/commonio.c: commonio_open(): MALLOC() and REALLOCF() already set ENOMEM

We don't need to set ENOMEM on failure of those functions.

Signed-off-by: Alejandro Colomar <alx@kernel.org>

lib/: Use REALLOCF() instead of its pattern

Signed-off-by: Alejandro Colomar <alx@kernel.org>

lib/, src/: Add missing include

Signed-off-by: Alejandro Colomar <alx@kernel.org>

lib/failure.c: failprint(): Remove dead code

This should have gone into the #else'd branch in 8451bed8b06d, and
should have been removed in 3e602b58a2aa.

Fixes: 8451bed8b06d ("[svn-upgrade] Integrating new upstream version, shadow (4.0.13)")
Fixes: 3e602b58a2aa ("Remove HAVE_STRFTIME ifdefs")
Signed-off-by: Alejandro Colomar <alx@kernel.org>

lib/, src/: Always pass NULL to time(2)

See time(2):

BUGS
     Error returns from this system  call  are  indistinguishable  from
     successful  reports  that  the  time  is  a few seconds before the
     Epoch, so the C library wrapper function never sets errno as a re‐
     sult of this call.

     The tloc argument is obsolescent and should always be NULL in  new
     code.  When tloc is NULL, the call cannot fail.

Fixes: 45c6603cc86c ("[svn-upgrade] Integrating new upstream version, shadow (19990709)")
Signed-off-by: Alejandro Colomar <alx@kernel.org>

lib/getdate.y: NULL doesn't need a cast

Signed-off-by: Alejandro Colomar <alx@kernel.org>

lib/shadow.c: my_sgetspent(): Clarify that we're assigning an empty string

Signed-off-by: Alejandro Colomar <alx@kernel.org>

lib/, src/: Reduce scope of local variables

Signed-off-by: Alejandro Colomar <alx@kernel.org>

src/login.c: Remove dead code

The functions that set these strings --do_rlogin() and login_prompt()--
make sure to terminate them with a NUL.

Fixes: 3704745289f5 ("* lib/defines.h: Define USER_NAME_MAX_LENGTH, based on utmp and [...]")
Signed-off-by: Alejandro Colomar <alx@kernel.org>

src/logoutd.c: Remove unused variable

wait(2) accepts NULL if the status won't be read.  Simplify.

Signed-off-by: Alejandro Colomar <alx@kernel.org>

src/su.c: save_caller_context(): Remove unused parameter

Fixes: e6c2e4393784 ("Hardcoding Prog to known value")
Signed-off-by: Alejandro Colomar <alx@kernel.org>

lib/string/strcpy/, lib/, src/, tests/: Move all copying APIs to a subdirectory

Signed-off-by: Alejandro Colomar <alx@kernel.org>

lib/string/sprintf/, lib/, src/, tests/: Move all sprintf(3)-like APIs to a subdirectory

And have a separate file for each pair of APIs.

Signed-off-by: Alejandro Colomar <alx@kernel.org>

src/get_subid_owners.c: Use uid_t for holding UIDs (and GIDs)

Suggested-by: "Serge E. Hallyn" <serge@hallyn.com>
Signed-off-by: Alejandro Colomar <alx@kernel.org>

src/usermod.c: Fix const correctness

Now that we use liba2i's const-generic macros, we can (and must) use a
'const char **' endp where the input string is 'const char *'.

Reviewed-by: "Serge E. Hallyn" <serge@hallyn.com>
Signed-off-by: Alejandro Colomar <alx@kernel.org>

lib/limits.c: setrlimit_value(): Reimplement in terms of a2i()

Reviewed-by: "Serge E. Hallyn" <serge@hallyn.com>
Signed-off-by: Alejandro Colomar <alx@kernel.org>

lib/, po/, src/: get_uid(): Move function to "atoi/getnum.h"

Implement it as an inline function, and add restrict and ATTR_STRING()
and ATTR_ACCESS() as appropriate.

Reviewed-by: "Serge E. Hallyn" <serge@hallyn.com>
Signed-off-by: Alejandro Colomar <alx@kernel.org>

lib/get_uid.c: get_uid(): Reimplement in terms of a2i()

Reviewed-by: "Serge E. Hallyn" <serge@hallyn.com>
Signed-off-by: Alejandro Colomar <alx@kernel.org>

src/usermod.c: getulong_range(): Reimplement in terms of a2ul()

Reviewed-by: "Serge E. Hallyn" <serge@hallyn.com>
Signed-off-by: Alejandro Colomar <alx@kernel.org>

lib/get_pid.c: get_pidfd_from_fd(): Don't open-code get_fd()

Reviewed-by: "Serge E. Hallyn" <serge@hallyn.com>
Signed-off-by: Alejandro Colomar <alx@kernel.org>

lib/atoi/getnum.[ch]: get_fd(): Add function for parsing a file descriptor from a string

Reviewed-by: "Serge E. Hallyn" <serge@hallyn.com>
Signed-off-by: Alejandro Colomar <alx@kernel.org>

lib/: get_pid(): Move function to "atoi/getnum.h"

Implement it as an inline function, and add restrict and ATTR_STRING()
and ATTR_ACCESS() as appropriate.

Reviewed-by: "Serge E. Hallyn" <serge@hallyn.com>
Signed-off-by: Alejandro Colomar <alx@kernel.org>

lib/get_pid.c: get_pid(): Reimplement in terms of a2i()

Reviewed-by: "Serge E. Hallyn" <serge@hallyn.com>
Signed-off-by: Alejandro Colomar <alx@kernel.org>

lib/: Don't open-code get_gid()

These functions were open-coding get_gid().  Use the actual function.

Reviewed-by: "Serge E. Hallyn" <serge@hallyn.com>
Signed-off-by: Alejandro Colomar <alx@kernel.org>

lib/, libsubid/, po/, src/: get_gid(): Move function to "atoi/getnum.h"

Implement it as an inline function, and add restrict and ATTR_STRING()
and ATTR_ACCESS() as appropriate.

Reviewed-by: "Serge E. Hallyn" <serge@hallyn.com>
Signed-off-by: Alejandro Colomar <alx@kernel.org>

lib/get_gid.c: get_gid(): Reimplement in terms of a2i()

Reviewed-by: "Serge E. Hallyn" <serge@hallyn.com>
Signed-off-by: Alejandro Colomar <alx@kernel.org>

src/: Use str2[u]l() instead of atoi(3)

atoi(3) easily triggers Undefined Behavior.  Replace it by str2[u]l(),
which are safe from that, and add type safety too.

Reviewed-by: "Serge E. Hallyn" <serge@hallyn.com>
Signed-off-by: Alejandro Colomar <alx@kernel.org>

tests/unit/test_typetraits.c: Add tests for typetraits.h macros

Suggested-by: "Serge E. Hallyn" <serge@hallyn.com>
Signed-off-by: Alejandro Colomar <alx@kernel.org>

lib/typetraits.h: Add macros that give information about a type

In the case of is_unsigned() and is_signed(), the natural thing would be
to compare to 0:

#define is_unsigned(x)  (((typeof(x)) -1) > 0)
#define is_signed(x)    (((typeof(x)) -1) < 0)

However, that would trigger -Wtype-limits, so we compare against 1,
which silences that, and does the same job.

Signed-off-by: Alejandro Colomar <alx@kernel.org>

tests/run_some: make sure unshared root user can descend build dir

This was causing errors in my local testing in vms.

Signed-off-by: Serge Hallyn <serge@hallyn.com>

Makefile.am: Use 'dist-hook' to clean up <tests/unit/Makefile>

Closes: <https://github.com/shadow-maint/shadow/issues/1027>
Reported-by: Chris Hofstaedtler <zeha@debian.org>
Cc: Iker Pedrosa <ipedrosa@redhat.com>
Co-developed-by: Serge Hallyn <shallyn@cisco.com>
Signed-off-by: Serge Hallyn <shallyn@cisco.com>
Co-developed-by: Alejandro Colomar <alx@kernel.org>
Signed-off-by: Alejandro Colomar <alx@kernel.org>

have_range: open the subid db if needed

When we run for instance

  check_subid_range ubuntu u 100000 65536

when ubuntu user is defined and has that range, it returns no entries
because the subid db is not opened.  Open it in have_range if needed.

I haven't figured out why this ever worked.

Signed-off-by: Serge Hallyn <serge@hallyn.com>

libsubid test makefile: fix a typo

Fix a missing space after the -I path

Signed-off-by: Serge Hallyn <serge@hallyn.com>

tests/unit/test_xasprintf.c: Fix use of volatile pointer

volatile needs to be casted away behind a [[gnu::noipa]] function, to
make that invisible to the compiler.  Otherwise, the compiler can see
that it is being discarded, and is free to abuse Undefined Behavior.

Closes: <https://github.com/shadow-maint/shadow/issues/1028>
Reported-by: Chris Hofstaedtler <zeha@debian.org>
Tested-by: Chris Hofstaedtler <zeha@debian.org>
Reviewed-by: Chris Hofstaedtler <zeha@debian.org>
Signed-off-by: Alejandro Colomar <alx@kernel.org>

tests/unit/test_xasprintf.c: Cosmetic

This is in preparation for the following commit.

Signed-off-by: Alejandro Colomar <alx@kernel.org>

tests/: Support run_some from exported tarball

common/config.sh currently tries to find the top directory by looking
for .git.  There are also many places under tests/ where we use
hard-coded ../../.. to find things like ${TOP_DIR}/lib.

We don't actually ship the tests with 'make dist'.  So we will
be exporting tests/ as a separate tarball.  In particular, I want
to then import this in the debian package.  However, there it will
be under shadow.git/debian/tests, not shadow.git/tests.

To support this, accept the environment variable BUILD_BASE_DIR,
which should point to shadow.git.

An alternative would be to move the tests to their own git
tree.  However, keeping tests in separate git tree tends to
lead to repos getting out of sync.  And we'd still need to accept
something like BUILD_BASE_DIR.

Note there are a lot of tests under run-all, which I'm not converting
as they currently are not being run in CI, so I'm more likely to
break something.

Changelog:
  2024 05 26: Incorporate feedback from alejandro-colomar

Link: <https://salsa.debian.org/debian/shadow/-/merge_requests/21>
Link: <https://salsa.debian.org/debian/shadow/-/merge_requests/22>
Cc: Chris Hofstaedtler <zeha@debian.org>
Signed-off-by: Serge Hallyn <serge@hallyn.com>
Signed-off-by: Alejandro Colomar <alx@kernel.org>

lib/csrand.c: Fix the lower part of the domain of csrand_uniform()

I accidentally broke this code during an un-optimization.  We need to
start from a random value of the width of the limit, that is, 32 bits.

Thanks to Jason for pointing to his similar code in the kernel, which
made me see my mistake.

Fixes: 2a61122b5e8f ("Unoptimize the higher part of the domain of csrand_uniform()")
Closes: <https://github.com/shadow-maint/shadow/issues/1015>
Reported-by: Michael Brunnbauer <https://github.com/michaelbrunnbauer>
Link: <https://git.zx2c4.com/linux-rng/tree/drivers/char/random.c#n535>
Cc: "Jason A. Donenfeld" <Jason@zx2c4.com>
Link: <https://github.com/shadow-maint/shadow/pull/638>
Link: <https://github.com/shadow-maint/shadow/issues/634>
Link: <https://github.com/shadow-maint/shadow/pull/624>
Tested-by: Michael Brunnbauer <https://github.com/michaelbrunnbauer>
Reviewed-by: Michael Brunnbauer <https://github.com/michaelbrunnbauer>
Signed-off-by: Alejandro Colomar <alx@kernel.org>

configure.ac: release 4.16.0

Signed-off-by: Serge Hallyn <serge@hallyn.com>

release 4.16.0-rc1

Signed-off-by: Serge Hallyn <serge@hallyn.com>

configure.ac: specify tar-pax to avoid 99 char filename limit

Signed-off-by: Serge Hallyn <serge@hallyn.com>

Remove support for rlogind in login(1), that is, remove the '-r' flag

The "quick hack" finally disappeared.  Probably nobody noticed.  ;)
(See the changes in <configure.ac> for the context of this pun.)

Probably everybody uses SSH these days for remote login.  Let's remove
this insecure method.

Closes: <https://github.com/shadow-maint/shadow/issues/992>
Reviewed-by: dkwo <nicolopiazzalunga@gmail.com>
Reviewed-by: Iker Pedrosa <ipedrosa@redhat.com>
Cc: "Serge E. Hallyn" <serge@hallyn.com>
Cc: Michael Vetter <jubalh@iodoru.org>
Cc: Sam James <sam@gentoo.org>
Cc: Benedikt Brinkmann <datacobra@thinkbot.de>
Signed-off-by: Alejandro Colomar <alx@kernel.org>

libsubid: Fix code style issues

libsubid: Fail on plugin loading if no subid_free provided

libsubid: Apply minor fixes

libsubid: Add routine to free allocated memory

libsubid: Dealocate memory on exit

src/groupmod.c: delete gr_free_members(&grp) to avoid double free

Groupmod -U may cause crashes because of double free. If without -a, the first free of (*ogrp).gr_mem is in gr_free_members(&grp), and then in gr_update without -n or gr_remove with -n.
Considering the minimal impact of modifications on existing code, delete gr_free_members(&grp) to avoid double free.Although this may seem reckless, the second free in two different positions will definitely be triggered, and the following two test cases can be used to illustrate the situation :

[root@localhost src]# ./useradd u1
[root@localhost src]# ./useradd u2
[root@localhost src]# ./useradd u3
[root@localhost src]# ./groupadd -U u1,u2,u3 g1
[root@localhost src]# ./groupmod -n g2 -U u1,u2 g1
Segmentation fault

This case would free (*ogrp).gr_mem in gr_free_members(&grp) due to assignment statements grp = *ogrp, then in if (nflg && (gr_remove (group_name) == 0)), which finally calls gr_free_members(grent) to free (*ogrp).gr_mem again.

[root@localhost src]# ./useradd u1
[root@localhost src]# ./useradd u2
[root@localhost src]# ./useradd u3
[root@localhost src]# ./groupadd -U u1,u2,u3 g1
[root@localhost src]# ./groupmod -U u1,u2 g1
Segmentation fault

The other case would free (*ogrp).gr_mem in gr_free_members(&grp) too, then in if (gr_update (&grp) == 0), which finally calls gr_free_members(grent) too to free (*ogrp).gr_mem again.

So the first free is unnecessary, maybe we can drop it.

Fixes: 342c934a3590 ("add -U option to groupadd and groupmod")
Closes: <https://github.com/shadow-maint/shadow/issues/1013>
Link: <https://github.com/shadow-maint/shadow/pull/1007>
Link: <https://github.com/shadow-maint/shadow/pull/271>
Link: <https://github.com/shadow-maint/shadow/issues/265>
Cc: "Serge E. Hallyn" <serge@hallyn.com>
Reviewed-by: Alejandro Colomar <alx@kernel.org>
Signed-off-by: lixinyun <li.xinyun@h3c.com>

man/lastlog: remove wrong use of keyword term

Per https://tdg.docbook.org/tdg/4.5/term, term is a word being
defined in a varlistentry.  The 'high uid' description is not a
varlistentry, so <term> and </term> show up in the processed
manpage.  See debian Bug#1072297.

Signed-off-by: Serge Hallyn <serge@hallyn.com>