source: patches/shadow-4.0.18.1-fixes-1.patch@ c30178f

contrib/adduser.c

@@ -169 +169 @@
   if (geteuid () != 0)
     {
       printf ("It seems you don't have access to add a new user.  Try\n");
-      printf ("logging in as root or su root to gain super-user access.\n");
+      printf ("logging in as root or su root to gain superuser access.\n");
       exit (1);
     }
 

contrib/groupmems.shar

@@ -211 +211 @@
 #define EXIT_SUCCESS            0       /* success */
 #define EXIT_USAGE              1       /* invalid command syntax */
 #define EXIT_GROUP_FILE         2       /* group file access problems */
-#define EXIT_NOT_ROOT           3       /* not super user  */
-#define EXIT_NOT_EROOT          4       /* not effective super user  */
+#define EXIT_NOT_ROOT           3       /* not superuser  */
+#define EXIT_NOT_EROOT          4       /* not effective superuser  */
 #define EXIT_NOT_PRIMARY        5       /* not primary owner of group  */
 #define EXIT_NOT_MEMBER         6       /* member of group does not exist */
 #define EXIT_MEMBER_EXISTS      7       /* member of group already exists */
@@ -481 +481 @@
 [\fB-g\fI group_name \fR]
 X.SH DESCRIPTION
 The \fBgroupmems\fR utility allows a user to administer his/her own
-group membership list without the requirement of super user privileges.
+group membership list without the requirement of superuser privileges.
 The \fBgroupmems\fR utility is for systems that configure its users to
 be in their own name sake primary group (i.e., guest / guest).
 X.P
-Only the super user, as administrator, can use \fBgroupmems\fR to alter
+Only the superuser, as administrator, can use \fBgroupmems\fR to alter
 the memberships of other groups.
 X.IP "\fB-a \fIuser_name\fR"
 Add a new user to the group membership list.
@@ -496 +496 @@
 X.IP "\fB-D\fR"
 Delete all users from the group membership list.
 X.IP "\fB-g \fIgroup_name\fR"
-The super user can specify which group membership list to modify.
+The superuser can specify which group membership list to modify.
 X.SH SETUP
 The \fBgroupmems\fR executable should be in mode \fB2770\fR as user \fBroot\fR
 and in group \fBgroups\fR.   The system administrator can add users to

libmisc/chkname.c

@@ -18 +18 @@
 static int good_name (const char *name)
 {
         /*
-         * User/group names must match [a-z_][a-z0-9_-]*[$]
-         */
-        if (!*name || !((*name >= 'a' && *name <= 'z') || *name == '_'))
+         * User/group names must match gnu e-regex:
+         *    [a-zA-Z0-9_.][a-zA-Z0-9_.-]{0,30}[a-zA-Z0-9_.$-]?
+         *
+         * as a non-POSIX, extension, allow "$" as the last char for
+         * sake of Samba 3.x "add machine script"
+         */
+        if (!*name || !((*name >= 'a' && *name <= 'z')
+             || (*name >= 'A' && *name <= 'Z')
+             || (*name >= '0' && *name <= '9')
+             || *name == '_' || *name == '.'))
                 return 0;
 
         while (*++name) {
-                if (!((*name >= 'a' && *name <= 'z') ||
-                      (*name >= '0' && *name <= '9') ||
-                      *name == '_' || *name == '-' ||
-                      (*name == '$' && *(name + 1) == '\0')))
+                if (!(  (*name >= 'a' && *name <= 'z')
+                     || (*name >= 'A' && *name <= 'Z')
+                     || (*name >= '0' && *name <= '9')
+                     || *name == '_' || *name == '.' || *name == '-'
+                     || (*name == '$' && *(name + 1) == '\0')))
                         return 0;
         }
 
@@ -43 +51 @@
 #endif
 
         /*
-         * User names are limited by whatever utmp can
-         * handle (usually max 8 characters).
+         * User names are limited by whatever utmp can handle.
          */
-        if (strlen (name) > sizeof (ut.ut_user))
+        if (strlen(name) + 1 > sizeof(ut.ut_user))
                 return 0;
 
         return good_name (name);
@@ -54 +61 @@
 
 int check_group_name (const char *name)
 {
-        /*
-         * Arbitrary limit for group names - max 16
-         * characters (same as on HP-UX 10).
-         */
-        if (strlen (name) > 16)
+#if HAVE_UTMPX_H
+        struct utmpx ut;
+#else
+        struct utmp ut;
+#endif
+
+        if (strlen(name) + 1 > sizeof(ut.ut_user))
                 return 0;
 
         return good_name (name);

man/chfn.1.xml

@@ -32 +32 @@
       </citerefentry> and similar programs. A normal user may only change
       the fields for her own account, subject to the restrictions in
       <filename>/etc/login.defs</filename>. (The default configuration is to
-      prevent users from changing their fullname.) The super user may change
-      any field for any account. Additionally, only the super user may use
+      prevent users from changing their fullname.) The superuser may change
+      any field for any account. Additionally, only the superuser may use
       the <option>-o</option> option to change the undefined portions of the
       GECOS field.
     </para>

man/chsh.1.xml

@@ -28 +28 @@
     <para>
       <command>chsh</command> changes the user login shell. This determines
       the name of the user's initial login command. A normal user may only
-      change the login shell for her own account, the super user may change
+      change the login shell for her own account, the superuser may change
       the login shell for any account.
     </para>
 
@@ -72 +72 @@
     <para>
       The only restriction placed on the login shell is that the command
       name must be listed in <filename>/etc/shells</filename>, unless the
-      invoker is the super-user, and then any value may be added. An
+      invoker is the superuser, and then any value may be added. An
       account with a restricted login shell may not change her login shell.
       For this reason, placing <filename>/bin/rsh</filename> in
       <filename>/etc/shells</filename> is discouraged since accidentally

man/groupadd.8

@@ -70 +70 @@
 Shadow password suite configuration.
 .SH "CAVEATS"
 .PP
-Groupnames must begin with a lower case letter or an underscore, and only lower case letters, underscores, dashes, and dollar signs may follow. In regular expression terms: [a\-z_][a\-z0\-9_\-]*[$]
-.PP
-Groupnames may only be up to 16 characters long.
+Groupnames may only be up to 32 characters long.
 .PP
 If the groupname already exists in an external group database such as NIS,
 \fBgroupadd\fR
 will deny the group creation request.
-.PP
-Groupnames may only be up to 16 characters long.
 .SH "EXIT VALUES"
 .PP
 The

man/groupadd.8.xml

@@ -29 +29 @@
   <refsect1 id='description'>
     <title>DESCRIPTION</title>
     <para>The <command>groupadd</command> command creates a new group
-      account using the values specified on the command line and the default
+      account using the values specified on the command line plus the default
       values from the system. The new group will be entered into the system
       files as needed.
     </para>
@@ -47 +47 @@
           <option>-f</option>
         </term>
         <listitem>
-          <para>This option causes to just exit with success status if the
-            specified group already exists. With <option>-g</option>, if
-            specified GID already exists, other (unique) GID is chosen (i.e.
+          <para>This option causes the command to simply exit with success
+            status if the
+            specified group already exists. When used with
+            <option>-g</option>, and the
+            specified GID already exists, another (unique) GID is chosen (i.e.
             <option>-g</option> is turned off).
           </para>
         </listitem>
@@ -101 +103 @@
         </term>
         <listitem>
           <para>
-            This option permits to add group with non-unique GID.
+            This option permits to add a group with a non-unique GID.
           </para>
         </listitem>
       </varlistentry>
@@ -138 +140 @@
        only lower case letters, underscores, dashes, and dollar signs may 
        follow. In regular expression terms: [a-z_][a-z0-9_-]*[$]
      </para>
-     <para>Groupnames may only be up to 16 characters long.</para>
-
      <para>
        If the groupname already exists in an external group database
        such as NIS, <command>groupadd</command> will deny the group
        creation request.
      </para>
-
      <para>Groupnames may only be up to 16 characters long.</para>
-
    </refsect1>
 
   <refsect1 id='exit_values'>

man/groupmems.8.xml

@@ -27 +27 @@
     <title>DESCRIPTION</title>
     <para>
       The <command>groupmems</command> utility allows a user to administer
-      his/her own group membership list without the requirement of super
-      user privileges. The <command>groupmems</command> utility is for
+      his/her own group membership list without the requirement of 
+      superuser privileges. The <command>groupmems</command> utility is for
       systems that configure its users to be in their own name sake primary
       group (i.e., guest / guest).
     </para>
 
-    <para>Only the super user, as administrator, can use
+    <para>Only the superuser, as administrator, can use
       <command>groupmems</command> to alter the memberships of other groups.
     </para>
   </refsect1>
@@ -66 +66 @@
       <varlistentry>
         <term><option>-g</option> <replaceable>group_name</replaceable></term>
         <listitem>
-          <para>The super user can specify which group membership
+          <para>The superuser can specify which group membership
             list to modify.
           </para>
         </listitem>

man/groupmod.8.xml

@@ -43 +43 @@
         </term>
         <listitem>
           <para>
-            Specify the new group ID for the <replaceable>GROUP</replaceable>.
-            The numerical value of the <replaceable>GID</replaceable> must be
+            The group ID of the given <replaceable>GROUP</replaceable> will be
+            changed to <replaceable>GID</replaceable>.
+            The value of <replaceable>GID</replaceable> must be
             a non-negative decimal integer. This value must be unique, unless
             the <option>-o</option> option is used. Values between 0 and 999
-            are typically reserved for system groups. Any files which the old
-            group ID is the file group ID must have the file group ID changed
+            are typically reserved for system groups. Any files that have
+            the old group ID and must continue to belong to
+            <replaceable>GROUP</replaceable>, must have their group ID changed
             manually.
           </para>
         </listitem>
@@ -77 +79 @@
         </term>
         <listitem>
           <para>
-            When used with the <option>-g</option> option allow to change the
-            group <replaceable>GID</replaceable> to non-unique value.
+            When used with the <option>-g</option> option, allow to change the
+            group <replaceable>GID</replaceable> to a non-unique value.
           </para>
         </listitem>
       </varlistentry>

man/login.1.xml

@@ -184 +184 @@
     </para>
 
     <para>
-      As any program, <command>login</command> appearance could be faked. 
-      If non-trusted users have a physical access to the machine, an
+      As with any program, <command>login</command>'s appearance can be faked. 
+      If non-trusted users have physical access to a machine, an
       attacker could use this to obtain the password of the next person
-      sitting in front of the machine. Under Linux, the SAK mecanism can be
-      used by users to initiate of a trusted path and prevent this kind of
+      coming to sit in front of the machine. Under Linux, the SAK mechanism can be
+      used by users to initiate a trusted path and prevent this kind of
       attack.
     </para>
 

man/newusers.8.xml

@@ -60 +60 @@
         </term>
         <listitem>
           <para>
-            This field may be the name of an existing group, in which case
-            the named user will be added as a member. If a non-existent
-            numerical group is given, a new group will be created having
-            this number.
+            This field must contain the name (or number) of a group. The user
+            will be added as a member to this group. When a non-existent
+            group name or number is specified, a new group will be created.
+            In the case of a non-existent group number, both the name and the
+            number of the new group will be this number.
           </para>
         </listitem>
       </varlistentry>
@@ -73 +74 @@
         </term>
         <listitem>
           <para>
-            This field will be checked for existence as a directory and a
-            new directory with the same name will be created if it does not
+            This field will be checked for existence as a directory, and a
+            new directory with this name will be created if it does not
             already exist. The ownership of the directory will be set to be
             that of the user being created or updated.
           </para>

man/passwd.1.xml

@@ -28 +28 @@
     <para>
       <command>passwd</command> changes passwords for user accounts.  A
       normal user may only change the password for his/her own account, while 
-      the super user may change the password for any account.
+      the superuser may change the password for any account.
       <command>passwd</command> also changes account information, such as
       the full name of the user, the user's login shell, or his/her password
       expiry date and interval.
@@ -40 +40 @@
         The user is first prompted for his/her old password, if one is
         present. This password is then encrypted and compared against the
         stored password. The user has only one chance to enter the correct
-        password. The super user is permitted to bypass this step so that
+        password. The superuser is permitted to bypass this step so that
         forgotten passwords may be changed.
       </para>
 

man/shadow.3.xml

@@ -163 +163 @@
   <refsect1 id='caveats'>
     <title>CAVEATS</title>
     <para>
-      These routines may only be used by the super user as access to the
+      These routines may only be used by the superuser as access to the
       shadow password file is restricted.
     </para>
   </refsect1>

shadow-4.0.18.1

@@ -8 +8 @@
   </refmeta>
   <refnamediv id='name'>
     <refname>su</refname>
-    <refpurpose>change user ID or become super-user</refpurpose>
+    <refpurpose>change user ID or become superuser</refpurpose>
   </refnamediv>
   <refsynopsisdiv id='synopsis'>
     <cmdsynopsis>
@@ -30 +30 @@
       <command>su</command> is used to become another user during a login
       session. Invoked without a <option>username</option>, 
       <command>su</command> defaults to
-      becoming the super user. The optional argument <option>-</option> may
+      becoming the superuser. The optional argument <option>-</option> may
       be used to provide an environment similar to what the user would
       expect had the user logged in directly.
     </para>
@@ -58 +58 @@
       The current environment is passed to the new shell. The value of
       <envar>$PATH</envar> is reset to <filename>/bin:/usr/bin</filename>
       for normal users, or <filename>/sbin:/bin:/usr/sbin:/usr/bin</filename>
-      for the super user. This may be changed with the
+      for the superuser. This may be changed with the
       <emphasis>ENV_PATH</emphasis> and <emphasis>ENV_SUPATH</emphasis>
       definitions in <filename>/etc/login.defs</filename>.
     </para>
@@ -78 +78 @@
       <varlistentry>
         <term>
           <option>-c</option>, <option>--command</option>
-          <replaceable>SHELL</replaceable>
+          <replaceable>COMMAND</replaceable>
         </term>
         <listitem>
           <para>
@@ -112 +112 @@
         <listitem>
           <para>The shell that will be invoked.</para>
           <para>
-            The invoked shell is choosen among (higest priority first):
+            The invoked shell is chosen from (highest priority first):
             <itemizedlist>
               <listitem>
-                <para>The shell specified with --shell</para>
+                <para>The shell specified with --shell.</para>
               </listitem>
               <listitem>
                 <para>
@@ -141 +141 @@
           <para>
             If the target user has a restricted shell (i.e. the shell field of
             this user's entry in <filename>/etc/passwd</filename> is not
-            specified in <filename>/etc/shell</filename>), then the
+            listed in <filename>/etc/shell</filename>), then the
             <option>--shell</option> option or the <envar>$SHELL</envar>
-            environment variable won't be taken into account unless
-            <command>su</command> is called by the root.
+            environment variable won't be taken into account, unless
+            <command>su</command> is called by root.
           </para>
         </listitem>
       </varlistentry>

shadow-4.0.18.1

@@ -168 +168 @@
 Similarly, if the username already exists in an external user database such as NIS,
 \fBuseradd\fR
 will deny the user account creation request.
-.PP
-Usernames must begin with a lower case letter or an underscore, and only lower case letters, underscores, dashes, and dollar signs may follow. In regular expression terms: [a\-z_][a\-z0\-9_\-]*[$]
 .SH "FILES"
 .TP 3n
 \fI/etc/passwd\fR

man/useradd.8.xml

@@ -36 +36 @@
       <para>
         When invoked without the <option>-D</option> option, the
         <command>useradd</command> command creates a new user account using
-        the values specified on the command line and the default values from
-        the system. Depending on command line options, the useradd command
+        the values specified on the command line plus the default values from
+        the system. Depending on command line options, the
+        <command>useradd</command> command
         will update system files and may also create the new user's home
         directory and copy initial files.
       </para>
@@ -78 +79 @@
       </varlistentry>
       <varlistentry>
         <term>
+          <option>-D</option>
+        </term>
+        <listitem>
+          <para>
+            See below, the subsection "Changing the default values".
+          </para>
+        </listitem>
+      </varlistentry>
+      <varlistentry>
+        <term>
           <option>-d</option>, <option>--home</option>
           <replaceable>HOME_DIR</replaceable>
         </term>
@@ -256 +267 @@
     <refsect2 id='changing_the_default_values'>
       <title>Changing the default values</title>
       <para>
-        When invoked with the <option>-D</option> option,
-        <command>useradd</command> will either display the current default
-        values, or update the default values from the command line. The
-        valid options are
+        When invoked with only the <option>-D</option> option,
+        <command>useradd</command> will display the current default values.
+        When invoked with <option>-D</option> plus other options,
+        <command>useradd</command> will update the default values for the
+        specified options. Valid default-changing options are:
       </para>
       <variablelist remap='IP'>
         <varlistentry>
@@ -269 +281 @@
           </term>
           <listitem>
             <para>
-              The initial path prefix for a new user's home directory. The
+              The path prefix for a new user's home directory. The
               user's name will be affixed to the end of
-              <replaceable>HOME_DIR</replaceable> to create the new
-              directory name if the <option>-d</option> option is not used
+              <replaceable>BASE_DIR</replaceable> to form the new user's
+              home directory name, if the <option>-d</option> option is not used
               when creating a new account.
             </para>
           </listitem>
@@ -318 +330 @@
           </term>
           <listitem>
             <para>
-              The name of the new user's login shell. The named program will
-              be used for all future new user accounts.
+              The name of a new user's login shell.
             </para>
           </listitem>
         </varlistentry>
       </variablelist>
 
-      <para>
-        If no options are specified, <command>useradd</command> displays the
-        current default values.
-      </para>
     </refsect2>
   </refsect1>
 

man/userdel.8.xml

@@ -24 +24 @@
     <title>DESCRIPTION</title>
     <para>
       The <command>userdel</command> command modifies the system account
-      files, deleting all entries that refer to <emphasis
-      remap='I'>login_name</emphasis>. The named user must exist.
+      files, deleting all entries that refer to the user name <emphasis
+      remap='I'>LOGIN</emphasis>. The named user must exist.
     </para>
   </refsect1>
 
@@ -41 +41 @@
         </term>
         <listitem>
           <para>
-            This option forces the removal of the user, even if she is still
+            This option forces the removal of the user account, even if the
+            user is still
             logged in. It also forces <command>userdel</command> to remove
-            the user's home directory or her mail spool, even if another
+            the user's home directory and mail spool, even if another
             user uses the same home directory or if the mail spool is not
             owned by the specified user.  If
             <emphasis>USERGROUPS_ENAB</emphasis> is defined to <emphasis

man/usermod.8.xml

@@ -127 +127 @@
             restrictions as the group given with the <option>-g</option>
             option. If the user is currently a member of a group which is
             not listed, the user will be removed from the group. This
-            behaviour can be changed via <option>-a</option> option, which
-            appends user to the current supplementary group list.
+            behaviour can be changed via the <option>-a</option> option, which
+            appends the user to the current supplementary group list.
           </para>
         </listitem>
       </varlistentry>
@@ -143 +143 @@
             remap='I'>LOGIN</emphasis> to <emphasis
             remap='I'>NEW_LOGIN</emphasis>. Nothing else is changed. In
             particular, the user's home directory name should probably be
-            changed to reflect the new login name.
+            changed manually to reflect the new login name.
           </para>
         </listitem>
       </varlistentry>

src/chgpasswd.c

@@ -243 +243 @@
                 newpwd = cp;
                 if (!eflg) {
                         if (md5flg) {
-                                char salt[12] = "$1$";
+                                char tmp[12];
+                                char salt[15] = "\0";
 
-                                strcat (salt, crypt_make_salt ());
+                                strcpy( tmp, crypt_make_salt ());
+                                if( !strncmp( tmp, "$1$", 3) )
+                                        strcat( salt, "$1$");
+                                strcat( salt, tmp);
                                 cp = pw_encrypt (newpwd, salt);
                         } else
                                 cp = pw_encrypt (newpwd, crypt_make_salt ());

src/chpasswd.c

@@ -239 +239 @@
                 newpwd = cp;
                 if (!eflg) {
                         if (md5flg) {
-                                char salt[12] = "$1$";
+                                char tmp[12];
+                                char salt[15] = "\0";
 
-                                strcat (salt, crypt_make_salt ());
+                                strcpy( tmp, crypt_make_salt ());
+                                if( !strncmp( tmp, "$1$", 3) )
+                                        strcat( salt, "$1$");
+                                strcat( salt, tmp);
                                 cp = pw_encrypt (newpwd, salt);
                         } else
                                 cp = pw_encrypt (newpwd, crypt_make_salt ());

src/groupmems.c

@@ -47 +47 @@
 #define EXIT_SUCCESS            0       /* success */
 #define EXIT_USAGE              1       /* invalid command syntax */
 #define EXIT_GROUP_FILE         2       /* group file access problems */
-#define EXIT_NOT_ROOT           3       /* not super user  */
-#define EXIT_NOT_EROOT          4       /* not effective super user  */
+#define EXIT_NOT_ROOT           3       /* not superuser  */
+#define EXIT_NOT_EROOT          4       /* not effective superuser  */
 #define EXIT_NOT_PRIMARY        5       /* not primary owner of group  */
 #define EXIT_NOT_MEMBER         6       /* member of group does not exist */
 #define EXIT_MEMBER_EXISTS      7       /* member of group already exists */

shadow-4.0.18.1

@@ -203 +203 @@
         long gid;
         char *errptr;
 
+        struct group* grp = getgrnam (grname);
+        if (grp)
+                return grp;
+
         gid = strtol (grname, &errptr, 10);
-        if (*errptr || errno == ERANGE || gid < 0) {
-                fprintf (stderr,
-                         _("%s: invalid numeric argument '%s'\n"), Prog, grname);
-                exit (E_BAD_ARG);
-        }
-        return getgrnam (grname);
+        if (*grname != '\0' && *errptr == '\0' && errno != ERANGE && gid >= 0)
+                return getgrgid (gid);
+        return getgrgid (gid);
 }
 
 static long get_number (const char *numstr)

shadow-4.0.18.1

@@ -165 +165 @@
         long val;
         char *errptr;
 
+        struct group* grp = getgrnam (grname);
+        if (grp)
+                return grp;
+
         val = strtol (grname, &errptr, 10);
-        if (*errptr || errno == ERANGE || val < 0) {
-                fprintf (stderr, _("%s: invalid numeric argument '%s'\n"), Prog,
-                         grname);
-                exit (E_BAD_ARG);
-        }
-        return getgrnam (grname);
+        if (*grname != '\0' && *errptr == '\0' && errno != ERANGE && val >= 0)
+                return getgrgid (val);
+        return getgrgid (val);
 }
 
 /*
@@ -908 +909 @@
                  */
                 int c;
                 static struct option long_options[] = {
-                        {"append", required_argument, NULL, 'a'},
+                        {"append", no_argument, NULL, 'a'},
                         {"comment", required_argument, NULL, 'c'},
                         {"home", required_argument, NULL, 'd'},
                         {"expiredate", required_argument, NULL, 'e'},