--- /dev/null
+From eced8077b57946fe0b723e7c6c510e8f344ce89b Mon Sep 17 00:00:00 2001
+From: Serge Hallyn <serge@hallyn.com>
+Date: Fri, 23 Jul 2021 17:51:13 -0500
+Subject: [PATCH] Fix out of tree builds with respect to libsubid includes
+
+There's a better way to do this, and I hope to clean that up,
+but this fixes out of tree builds for me right now.
+
+Closes #386
+
+Signed-off-by: Serge Hallyn <serge@hallyn.com>
+Upstream-Status: Backport [https://github.com/shadow-maint/shadow/commit/537b8cd90be7b47b45c45cfd27765ef85eb0ebf1]
+Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com>
+---
+ lib/Makefile.am | 2 ++
+ libmisc/Makefile.am | 2 +-
+ libsubid/Makefile.am | 4 ++--
+ src/Makefile.am | 6 ++++++
+ 4 files changed, 11 insertions(+), 3 deletions(-)
+
+diff --git a/lib/Makefile.am b/lib/Makefile.am
+index ecf3ee25..5ac2e111 100644
+--- a/lib/Makefile.am
++++ b/lib/Makefile.am
+@@ -10,6 +10,8 @@ if HAVE_VENDORDIR
+ libshadow_la_CPPFLAGS += -DVENDORDIR=\"$(VENDORDIR)\"
+ endif
+
++libshadow_la_CPPFLAGS += -I$(top_srcdir)
++
+ libshadow_la_SOURCES = \
+ commonio.c \
+ commonio.h \
+diff --git a/libmisc/Makefile.am b/libmisc/Makefile.am
+index 9766a7ec..9f237e0d 100644
+--- a/libmisc/Makefile.am
++++ b/libmisc/Makefile.am
+@@ -1,7 +1,7 @@
+
+ EXTRA_DIST = .indent.pro xgetXXbyYY.c
+
+-AM_CPPFLAGS = -I$(top_srcdir)/lib $(ECONF_CPPFLAGS)
++AM_CPPFLAGS = -I$(top_srcdir)/lib -I$(top_srcdir) $(ECONF_CPPFLAGS)
+
+ noinst_LTLIBRARIES = libmisc.la
+
+diff --git a/libsubid/Makefile.am b/libsubid/Makefile.am
+index 189165b0..cdc41fe6 100644
+--- a/libsubid/Makefile.am
++++ b/libsubid/Makefile.am
+@@ -19,8 +19,8 @@ MISCLIBS = \
+ $(LIBTCB)
+
+ libsubid_la_LIBADD = \
+- $(top_srcdir)/lib/libshadow.la \
+- $(top_srcdir)/libmisc/libmisc.la \
++ $(top_builddir)/lib/libshadow.la \
++ $(top_builddir)/libmisc/libmisc.la \
+ $(MISCLIBS) -ldl
+
+ AM_CPPFLAGS = \
+diff --git a/src/Makefile.am b/src/Makefile.am
+index 35027013..7c1a3491 100644
+--- a/src/Makefile.am
++++ b/src/Makefile.am
+@@ -10,6 +10,7 @@ sgidperms = 2755
+ AM_CPPFLAGS = \
+ -I${top_srcdir}/lib \
+ -I$(top_srcdir)/libmisc \
++ -I$(top_srcdir) \
+ -DLOCALEDIR=\"$(datadir)/locale\"
+
+ # XXX why are login and su in /bin anyway (other than for
+@@ -183,6 +184,7 @@ list_subid_ranges_LDADD = \
+ list_subid_ranges_CPPFLAGS = \
+ -I$(top_srcdir)/lib \
+ -I$(top_srcdir)/libmisc \
++ -I$(top_srcdir) \
+ -I$(top_srcdir)/libsubid
+
+ get_subid_owners_LDADD = \
+@@ -194,11 +196,13 @@ get_subid_owners_LDADD = \
+ get_subid_owners_CPPFLAGS = \
+ -I$(top_srcdir)/lib \
+ -I$(top_srcdir)/libmisc \
++ -I$(top_srcdir) \
+ -I$(top_srcdir)/libsubid
+
+ new_subid_range_CPPFLAGS = \
+ -I$(top_srcdir)/lib \
+ -I$(top_srcdir)/libmisc \
++ -I$(top_srcdir) \
+ -I$(top_srcdir)/libsubid
+
+ new_subid_range_LDADD = \
+@@ -210,6 +214,7 @@ new_subid_range_LDADD = \
+ free_subid_range_CPPFLAGS = \
+ -I$(top_srcdir)/lib \
+ -I$(top_srcdir)/libmisc \
++ -I$(top_srcdir) \
+ -I$(top_srcdir)/libsubid
+
+ free_subid_range_LDADD = \
+@@ -220,6 +225,7 @@ free_subid_range_LDADD = \
+
+ check_subid_range_CPPFLAGS = \
+ -I$(top_srcdir)/lib \
++ -I$(top_srcdir) \
+ -I$(top_srcdir)/libmisc
+
+ check_subid_range_LDADD = \
+--
+2.31.1
+
+++ /dev/null
-From a7d995228491ad5255ad86c1f04ba071f6880897 Mon Sep 17 00:00:00 2001
-From: Chen Qi <Qi.Chen@windriver.com>
-Date: Sat, 16 Nov 2013 15:27:47 +0800
-Subject: [PATCH] Allow for setting password in clear text
-
-Upstream-Status: Inappropriate [OE specific]
-
-Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
-
----
- src/Makefile.am | 8 ++++----
- src/groupadd.c | 20 +++++++++++++++-----
- src/groupmod.c | 20 +++++++++++++++-----
- src/useradd.c | 21 +++++++++++++++------
- src/usermod.c | 20 +++++++++++++++-----
- 5 files changed, 64 insertions(+), 25 deletions(-)
-
-diff --git a/src/Makefile.am b/src/Makefile.am
-index f31fd7a..4a317a3 100644
---- a/src/Makefile.am
-+++ b/src/Makefile.am
-@@ -103,10 +103,10 @@ chsh_LDADD = $(LDADD) $(LIBPAM) $(LIBAUDIT) $(LIBSELINUX) $(LIBCRYPT_NOPAM)
- chpasswd_LDADD = $(LDADD) $(LIBPAM) $(LIBAUDIT) $(LIBSELINUX) $(LIBCRYPT) $(LIBECONF)
- expiry_LDADD = $(LDADD) $(LIBECONF)
- gpasswd_LDADD = $(LDADD) $(LIBAUDIT) $(LIBSELINUX) $(LIBCRYPT) $(LIBECONF)
--groupadd_LDADD = $(LDADD) $(LIBPAM_SUID) $(LIBAUDIT) $(LIBSELINUX) $(LIBECONF)
-+groupadd_LDADD = $(LDADD) $(LIBPAM_SUID) $(LIBAUDIT) $(LIBSELINUX) $(LIBECONF) $(LIBCRYPT)
- groupdel_LDADD = $(LDADD) $(LIBPAM_SUID) $(LIBAUDIT) $(LIBSELINUX) $(LIBECONF)
- groupmems_LDADD = $(LDADD) $(LIBPAM) $(LIBAUDIT) $(LIBSELINUX) $(LIBECONF)
--groupmod_LDADD = $(LDADD) $(LIBPAM_SUID) $(LIBAUDIT) $(LIBSELINUX) $(LIBECONF)
-+groupmod_LDADD = $(LDADD) $(LIBPAM_SUID) $(LIBAUDIT) $(LIBSELINUX) $(LIBECONF) $(LIBCRYPT)
- grpck_LDADD = $(LDADD) $(LIBAUDIT) $(LIBSELINUX) $(LIBECONF)
- grpconv_LDADD = $(LDADD) $(LIBAUDIT) $(LIBSELINUX) $(LIBECONF)
- grpunconv_LDADD = $(LDADD) $(LIBAUDIT) $(LIBSELINUX) $(LIBECONF)
-@@ -127,9 +127,9 @@ su_SOURCES = \
- suauth.c
- su_LDADD = $(LDADD) $(LIBPAM) $(LIBAUDIT) $(LIBCRYPT_NOPAM) $(LIBSKEY) $(LIBMD) $(LIBECONF)
- sulogin_LDADD = $(LDADD) $(LIBCRYPT) $(LIBECONF)
--useradd_LDADD = $(LDADD) $(LIBPAM_SUID) $(LIBAUDIT) $(LIBSELINUX) $(LIBSEMANAGE) $(LIBACL) $(LIBATTR) $(LIBECONF)
-+useradd_LDADD = $(LDADD) $(LIBPAM_SUID) $(LIBAUDIT) $(LIBSELINUX) $(LIBSEMANAGE) $(LIBACL) $(LIBATTR) $(LIBECONF) $(LIBCRYPT)
- userdel_LDADD = $(LDADD) $(LIBPAM_SUID) $(LIBAUDIT) $(LIBSELINUX) $(LIBSEMANAGE) $(LIBECONF)
--usermod_LDADD = $(LDADD) $(LIBPAM_SUID) $(LIBAUDIT) $(LIBSELINUX) $(LIBSEMANAGE) $(LIBACL) $(LIBATTR) $(LIBECONF)
-+usermod_LDADD = $(LDADD) $(LIBPAM_SUID) $(LIBAUDIT) $(LIBSELINUX) $(LIBSEMANAGE) $(LIBACL) $(LIBATTR) $(LIBECONF) $(LIBCRYPT)
- vipw_LDADD = $(LDADD) $(LIBAUDIT) $(LIBSELINUX) $(LIBECONF)
-
- install-am: all-am
-diff --git a/src/groupadd.c b/src/groupadd.c
-index e9c4bb7..d572c00 100644
---- a/src/groupadd.c
-+++ b/src/groupadd.c
-@@ -127,9 +127,10 @@ static /*@noreturn@*/void usage (int status)
- (void) fputs (_(" -o, --non-unique allow to create groups with duplicate\n"
- " (non-unique) GID\n"), usageout);
- (void) fputs (_(" -p, --password PASSWORD use this encrypted password for the new group\n"), usageout);
-+ (void) fputs (_(" -P, --clear-password PASSWORD use this clear password for the new group\n"), usageout);
- (void) fputs (_(" -r, --system create a system account\n"), usageout);
- (void) fputs (_(" -R, --root CHROOT_DIR directory to chroot into\n"), usageout);
-- (void) fputs (_(" -P, --prefix PREFIX_DIR directory prefix\n"), usageout);
-+ (void) fputs (_(" -A, --prefix PREFIX_DIR directory prefix\n"), usageout);
- (void) fputs ("\n", usageout);
- exit (status);
- }
-@@ -391,13 +392,14 @@ static void process_flags (int argc, char **argv)
- {"key", required_argument, NULL, 'K'},
- {"non-unique", no_argument, NULL, 'o'},
- {"password", required_argument, NULL, 'p'},
-+ {"clear-password", required_argument, NULL, 'P'},
- {"system", no_argument, NULL, 'r'},
- {"root", required_argument, NULL, 'R'},
-- {"prefix", required_argument, NULL, 'P'},
-+ {"prefix", required_argument, NULL, 'A'},
- {NULL, 0, NULL, '\0'}
- };
-
-- while ((c = getopt_long (argc, argv, "fg:hK:op:rR:P:",
-+ while ((c = getopt_long (argc, argv, "fg:hK:op:P:rR:A:",
- long_options, NULL)) != -1) {
- switch (c) {
- case 'f':
-@@ -449,12 +451,20 @@ static void process_flags (int argc, char **argv)
- pflg = true;
- group_passwd = optarg;
- break;
-+ case 'P':
-+ pflg = true;
-+ group_passwd = pw_encrypt (optarg, crypt_make_salt (NULL, NULL));
-+ break;
- case 'r':
- rflg = true;
- break;
- case 'R': /* no-op, handled in process_root_flag () */
- break;
-- case 'P': /* no-op, handled in process_prefix_flag () */
-+ case 'A': /* no-op, handled in process_prefix_flag () */
-+ fprintf (stderr,
-+ _("%s: -A is deliberately not supported \n"),
-+ Prog);
-+ exit (E_BAD_ARG);
- break;
- default:
- usage (E_USAGE);
-@@ -588,7 +598,7 @@ int main (int argc, char **argv)
- (void) textdomain (PACKAGE);
-
- process_root_flag ("-R", argc, argv);
-- prefix = process_prefix_flag ("-P", argc, argv);
-+ prefix = process_prefix_flag ("-A", argc, argv);
-
- OPENLOG ("groupadd");
- #ifdef WITH_AUDIT
-diff --git a/src/groupmod.c b/src/groupmod.c
-index bc14438..25ccb44 100644
---- a/src/groupmod.c
-+++ b/src/groupmod.c
-@@ -138,8 +138,9 @@ static void usage (int status)
- (void) fputs (_(" -o, --non-unique allow to use a duplicate (non-unique) GID\n"), usageout);
- (void) fputs (_(" -p, --password PASSWORD change the password to this (encrypted)\n"
- " PASSWORD\n"), usageout);
-+ (void) fputs (_(" -P, --clear-password PASSWORD change the password to this clear PASSWORD\n"), usageout);
- (void) fputs (_(" -R, --root CHROOT_DIR directory to chroot into\n"), usageout);
-- (void) fputs (_(" -P, --prefix PREFIX_DIR prefix directory where are located the /etc/* files\n"), usageout);
-+ (void) fputs (_(" -A, --prefix PREFIX_DIR prefix directory where are located the /etc/* files\n"), usageout);
- (void) fputs ("\n", usageout);
- exit (status);
- }
-@@ -387,11 +388,12 @@ static void process_flags (int argc, char **argv)
- {"new-name", required_argument, NULL, 'n'},
- {"non-unique", no_argument, NULL, 'o'},
- {"password", required_argument, NULL, 'p'},
-+ {"clear-password", required_argument, NULL, 'P'},
- {"root", required_argument, NULL, 'R'},
-- {"prefix", required_argument, NULL, 'P'},
-+ {"prefix", required_argument, NULL, 'A'},
- {NULL, 0, NULL, '\0'}
- };
-- while ((c = getopt_long (argc, argv, "g:hn:op:R:P:",
-+ while ((c = getopt_long (argc, argv, "g:hn:op:P:R:A:",
- long_options, NULL)) != -1) {
- switch (c) {
- case 'g':
-@@ -418,9 +420,17 @@ static void process_flags (int argc, char **argv)
- group_passwd = optarg;
- pflg = true;
- break;
-+ case 'P':
-+ group_passwd = pw_encrypt (optarg, crypt_make_salt (NULL, NULL));
-+ pflg = true;
-+ break;
- case 'R': /* no-op, handled in process_root_flag () */
- break;
-- case 'P': /* no-op, handled in process_prefix_flag () */
-+ case 'A': /* no-op, handled in process_prefix_flag () */
-+ fprintf (stderr,
-+ _("%s: -A is deliberately not supported \n"),
-+ Prog);
-+ exit (E_BAD_ARG);
- break;
- default:
- usage (E_USAGE);
-@@ -761,7 +771,7 @@ int main (int argc, char **argv)
- (void) textdomain (PACKAGE);
-
- process_root_flag ("-R", argc, argv);
-- prefix = process_prefix_flag ("-P", argc, argv);
-+ prefix = process_prefix_flag ("-A", argc, argv);
-
- OPENLOG ("groupmod");
- #ifdef WITH_AUDIT
-diff --git a/src/useradd.c b/src/useradd.c
-index 1b7bf06..44f09e2 100644
---- a/src/useradd.c
-+++ b/src/useradd.c
-@@ -853,9 +853,10 @@ static void usage (int status)
- (void) fputs (_(" -o, --non-unique allow to create users with duplicate\n"
- " (non-unique) UID\n"), usageout);
- (void) fputs (_(" -p, --password PASSWORD encrypted password of the new account\n"), usageout);
-+ (void) fputs (_(" -P, --clear-password PASSWORD clear password of the new account\n"), usageout);
- (void) fputs (_(" -r, --system create a system account\n"), usageout);
- (void) fputs (_(" -R, --root CHROOT_DIR directory to chroot into\n"), usageout);
-- (void) fputs (_(" -P, --prefix PREFIX_DIR prefix directory where are located the /etc/* files\n"), usageout);
-+ (void) fputs (_(" -A, --prefix PREFIX_DIR prefix directory where are located the /etc/* files\n"), usageout);
- (void) fputs (_(" -s, --shell SHELL login shell of the new account\n"), usageout);
- (void) fputs (_(" -u, --uid UID user ID of the new account\n"), usageout);
- (void) fputs (_(" -U, --user-group create a group with the same name as the user\n"), usageout);
-@@ -1133,9 +1134,10 @@ static void process_flags (int argc, char **argv)
- {"no-user-group", no_argument, NULL, 'N'},
- {"non-unique", no_argument, NULL, 'o'},
- {"password", required_argument, NULL, 'p'},
-+ {"clear-password", required_argument, NULL, 'P'},
- {"system", no_argument, NULL, 'r'},
- {"root", required_argument, NULL, 'R'},
-- {"prefix", required_argument, NULL, 'P'},
-+ {"prefix", required_argument, NULL, 'A'},
- {"shell", required_argument, NULL, 's'},
- {"uid", required_argument, NULL, 'u'},
- {"user-group", no_argument, NULL, 'U'},
-@@ -1146,9 +1148,9 @@ static void process_flags (int argc, char **argv)
- };
- while ((c = getopt_long (argc, argv,
- #ifdef WITH_SELINUX
-- "b:c:d:De:f:g:G:hk:K:lmMNop:rR:P:s:u:UZ:",
-+ "b:c:d:De:f:g:G:hk:K:lmMNop:P:rR:A:s:u:UZ:",
- #else /* !WITH_SELINUX */
-- "b:c:d:De:f:g:G:hk:K:lmMNop:rR:P:s:u:U",
-+ "b:c:d:De:f:g:G:hk:K:lmMNop:P:rR:A:s:u:U",
- #endif /* !WITH_SELINUX */
- long_options, NULL)) != -1) {
- switch (c) {
-@@ -1320,12 +1322,19 @@ static void process_flags (int argc, char **argv)
- }
- user_pass = optarg;
- break;
-+ case 'P': /* set clear text password */
-+ user_pass = pw_encrypt (optarg, crypt_make_salt (NULL, NULL));
-+ break;
- case 'r':
- rflg = true;
- break;
- case 'R': /* no-op, handled in process_root_flag () */
- break;
-- case 'P': /* no-op, handled in process_prefix_flag () */
-+ case 'A': /* no-op, handled in process_prefix_flag () */
-+ fprintf (stderr,
-+ _("%s: -A is deliberately not supported \n"),
-+ Prog);
-+ exit (E_BAD_ARG);
- break;
- case 's':
- if ( ( !VALID (optarg) )
-@@ -2257,7 +2266,7 @@ int main (int argc, char **argv)
-
- process_root_flag ("-R", argc, argv);
-
-- prefix = process_prefix_flag("-P", argc, argv);
-+ prefix = process_prefix_flag("-A", argc, argv);
-
- OPENLOG ("useradd");
- #ifdef WITH_AUDIT
-diff --git a/src/usermod.c b/src/usermod.c
-index 21c6da9..cffdb3e 100644
---- a/src/usermod.c
-+++ b/src/usermod.c
-@@ -431,8 +431,9 @@ static /*@noreturn@*/void usage (int status)
- " new location (use only with -d)\n"), usageout);
- (void) fputs (_(" -o, --non-unique allow using duplicate (non-unique) UID\n"), usageout);
- (void) fputs (_(" -p, --password PASSWORD use encrypted password for the new password\n"), usageout);
-+ (void) fputs (_(" -P, --clear-password PASSWORD use clear password for the new password\n"), usageout);
- (void) fputs (_(" -R, --root CHROOT_DIR directory to chroot into\n"), usageout);
-- (void) fputs (_(" -P, --prefix PREFIX_DIR prefix directory where are located the /etc/* files\n"), usageout);
-+ (void) fputs (_(" -A, --prefix PREFIX_DIR prefix directory where are located the /etc/* files\n"), usageout);
- (void) fputs (_(" -s, --shell SHELL new login shell for the user account\n"), usageout);
- (void) fputs (_(" -u, --uid UID new UID for the user account\n"), usageout);
- (void) fputs (_(" -U, --unlock unlock the user account\n"), usageout);
-@@ -1010,8 +1011,9 @@ static void process_flags (int argc, char **argv)
- {"move-home", no_argument, NULL, 'm'},
- {"non-unique", no_argument, NULL, 'o'},
- {"password", required_argument, NULL, 'p'},
-+ {"clear-password", required_argument, NULL, 'P'},
- {"root", required_argument, NULL, 'R'},
-- {"prefix", required_argument, NULL, 'P'},
-+ {"prefix", required_argument, NULL, 'A'},
- {"shell", required_argument, NULL, 's'},
- {"uid", required_argument, NULL, 'u'},
- {"unlock", no_argument, NULL, 'U'},
-@@ -1027,7 +1029,7 @@ static void process_flags (int argc, char **argv)
- {NULL, 0, NULL, '\0'}
- };
- while ((c = getopt_long (argc, argv,
-- "abc:d:e:f:g:G:hl:Lmop:R:s:u:UP:"
-+ "abc:d:e:f:g:G:hl:Lmop:P:R:s:u:UA:"
- #ifdef ENABLE_SUBIDS
- "v:w:V:W:"
- #endif /* ENABLE_SUBIDS */
-@@ -1130,9 +1132,17 @@ static void process_flags (int argc, char **argv)
- user_pass = optarg;
- pflg = true;
- break;
-+ case 'P':
-+ user_pass = pw_encrypt (optarg, crypt_make_salt (NULL, NULL));
-+ pflg = true;
-+ break;
- case 'R': /* no-op, handled in process_root_flag () */
- break;
-- case 'P': /* no-op, handled in process_prefix_flag () */
-+ case 'A': /* no-op, handled in process_prefix_flag () */
-+ fprintf (stderr,
-+ _("%s: -A is deliberately not supported \n"),
-+ Prog);
-+ exit (E_BAD_ARG);
- break;
- case 's':
- if (!VALID (optarg)) {
-@@ -2127,7 +2137,7 @@ int main (int argc, char **argv)
- (void) textdomain (PACKAGE);
-
- process_root_flag ("-R", argc, argv);
-- prefix = process_prefix_flag ("-P", argc, argv);
-+ prefix = process_prefix_flag ("-A", argc, argv);
-
- OPENLOG ("usermod");
- #ifdef WITH_AUDIT
