shadow-utils/shadow-4.14.0-account-tools-setuid.patch

diff --git a/src/chpasswd.c b/src/chpasswd.c
index 3a4bd4fe..246e4176 100644
--- a/src/chpasswd.c
+++ b/src/chpasswd.c
@@ -443,9 +443,11 @@ int main (int argc, char **argv)
 	char *cp;
 	const char *salt;
 
+#ifdef ACCT_TOOLS_SETUID
 #ifdef USE_PAM
 	bool use_pam = true;
 #endif				/* USE_PAM */
+#endif /* ACCT_TOOLS_SETUID */
 
 	int errors = 0;
 	int line = 0;
@@ -470,19 +472,23 @@ int main (int argc, char **argv)
 	process_root_flag ("-R", argc, argv);
 	prefix = process_prefix_flag ("-P", argc, argv);
 
+#ifdef ACCT_TOOLS_SETUID
 #ifdef USE_PAM
 	if (md5flg || eflg || cflg || prefix[0]) {
 		use_pam = false;
 	}
 #endif				/* USE_PAM */
+#endif /* ACCT_TOOLS_SETUID */
 
 	OPENLOG ("chpasswd");
 
 	check_perms ();
 
+#ifdef ACCT_TOOLS_SETUID
 #ifdef USE_PAM
 	if (!use_pam)
 #endif				/* USE_PAM */
+#endif /* ACCT_TOOLS_SETUID */
 	{
 		is_shadow_pwd = spw_file_present ();
 
@@ -544,6 +550,7 @@ int main (int argc, char **argv)
 		}
 		newpwd = cp;
 
+#ifdef ACCT_TOOLS_SETUID
 #ifdef USE_PAM
 		if (use_pam) {
 			if (do_pam_passwd_non_interactive ("chpasswd", name, newpwd) != 0) {
@@ -554,6 +561,7 @@ int main (int argc, char **argv)
 			}
 		} else
 #endif				/* USE_PAM */
+#endif /* ACCT_TOOLS_SETUID */
 		{
 		const struct spwd *sp;
 		struct spwd newsp;
@@ -673,9 +681,11 @@ int main (int argc, char **argv)
 	 * password database.
 	 */
 	if (0 != errors) {
+#ifdef ACCT_TOOLS_SETUID
 #ifdef USE_PAM
 		if (!use_pam)
 #endif				/* USE_PAM */
+#endif /* ACCT_TOOLS_SETUID */
 		{
 			fprintf (stderr,
 			         _("%s: error detected, changes ignored\n"),
@@ -684,9 +694,11 @@ int main (int argc, char **argv)
 		fail_exit (1);
 	}
 
+#ifdef ACCT_TOOLS_SETUID
 #ifdef USE_PAM
 	if (!use_pam)
 #endif				/* USE_PAM */
+#endif /* ACCT_TOOLS_SETUID */
 	{
 	/* Save the changes */
 		close_files ();
diff --git a/src/groupmems.c b/src/groupmems.c
index 63a1601c..73f7310e 100644
--- a/src/groupmems.c
+++ b/src/groupmems.c
@@ -14,9 +14,11 @@
 #include <grp.h>
 #include <stdio.h>
 #include <sys/types.h>
+#ifdef ACCT_TOOLS_SETUID
 #ifdef USE_PAM
 #include "pam_defs.h"
 #endif				/* USE_PAM */
+#endif /* ACCT_TOOLS_SETUID */
 #include <pwd.h>
 
 #include "alloc.h"
@@ -430,6 +432,7 @@ static void process_flags (int argc, char **argv)
 static void check_perms (void)
 {
 	if (!list) {
+#ifdef ACCT_TOOLS_SETUID
 #ifdef USE_PAM
 		pam_handle_t *pamh = NULL;
 		int retval;
@@ -463,7 +466,8 @@ static void check_perms (void)
 			fail_exit (1);
 		}
 		(void) pam_end (pamh, retval);
-#endif
+#endif /* USE_PAM */
+#endif /* ACCT_TOOLS_SETUID */
 	}
 }
 
diff --git a/src/newusers.c b/src/newusers.c
index 09e14a48..96b60de2 100644
--- a/src/newusers.c
+++ b/src/newusers.c
@@ -59,6 +59,7 @@
 const char *Prog;
 
 static bool rflg = false;	/* create a system account */
+#ifndef ACCT_TOOLS_SETUID
 #ifndef USE_PAM
 static /*@null@*//*@observer@*/char *crypt_method = NULL;
 #define cflg (NULL != crypt_method)
@@ -75,6 +76,7 @@ static long bcrypt_rounds = 13;
 static long yescrypt_cost = 5;
 #endif				/* USE_YESCRYPT */
 #endif				/* !USE_PAM */
+#endif /* !ACCT_TOOLS_SETUID */
 
 static bool is_shadow;
 #ifdef SHADOWGRP
@@ -97,9 +99,11 @@ NORETURN static void fail_exit (int);
 static int add_group (const char *, const char *, gid_t *, gid_t);
 static int get_user_id (const char *, uid_t *);
 static int add_user (const char *, uid_t, gid_t);
+#ifndef ACCT_TOOLS_SETUID
 #ifndef USE_PAM
 static int update_passwd (struct passwd *, const char *);
 #endif				/* !USE_PAM */
+#endif /* !ACCT_TOOLS_SETUID */
 static int add_passwd (struct passwd *, const char *);
 static void process_flags (int argc, char **argv);
 static void check_flags (void);
@@ -121,6 +125,7 @@ static void usage (int status)
 	                  "Options:\n"),
 	                Prog);
 	(void) fputs (_("  -b, --badname                 allow bad names\n"), usageout);
+#ifndef ACCT_TOOLS_SETUID
 #ifndef USE_PAM
 	(void) fprintf (usageout,
 	                _("  -c, --crypt-method METHOD     the crypt method (one of %s)\n"),
@@ -136,9 +141,11 @@ static void usage (int status)
 #endif
 	               );
 #endif				/* !USE_PAM */
+#endif /* !ACCT_TOOLS_SETUID */
 	(void) fputs (_("  -h, --help                    display this help message and exit\n"), usageout);
 	(void) fputs (_("  -r, --system                  create system accounts\n"), usageout);
 	(void) fputs (_("  -R, --root CHROOT_DIR         directory to chroot into\n"), usageout);
+#ifndef ACCT_TOOLS_SETUID
 #ifndef USE_PAM
 #if defined(USE_SHA_CRYPT) || defined(USE_BCRYPT) || defined(USE_YESCRYPT)
 	(void) fputs (_("  -s, --sha-rounds              number of rounds for the SHA, BCRYPT\n"
@@ -146,6 +153,7 @@ static void usage (int status)
 	              usageout);
 #endif				/* USE_SHA_CRYPT || USE_BCRYPT || USE_YESCRYPT */
 #endif				/* !USE_PAM */
+#endif /* !ACCT_TOOLS_SETUID */
 	(void) fputs ("\n", usageout);
 
 	exit (status);
@@ -405,6 +413,7 @@ static int add_user (const char *name, uid_t uid, gid_t gid)
 	return (pw_update (&pwent) == 0) ? -1 : 0;
 }
 
+#ifndef ACCT_TOOLS_SETUID
 #ifndef USE_PAM
 /*
  * update_passwd - update the password in the passwd entry
@@ -457,6 +466,7 @@ static int update_passwd (struct passwd *pwd, const char *password)
 	return 0;
 }
 #endif				/* !USE_PAM */
+#endif /* !ACCT_TOOLS_SETUID */
 
 /*
  * add_passwd - add or update the encrypted password
@@ -465,10 +475,13 @@ static int add_passwd (struct passwd *pwd, const char *password)
 {
 	const struct spwd *sp;
 	struct spwd spent;
+#ifndef ACCT_TOOLS_SETUID
 #ifndef USE_PAM
 	char *cp;
 #endif				/* !USE_PAM */
+#endif /* !ACCT_TOOLS_SETUID */
 
+#ifndef ACCT_TOOLS_SETUID
 #ifndef USE_PAM
 	void *crypt_arg = NULL;
 	if (NULL != crypt_method) {
@@ -505,13 +518,14 @@ static int add_passwd (struct passwd *pwd, const char *password)
 		return update_passwd (pwd, password);
 	}
 #endif				/* USE_PAM */
+#endif /* !ACCT_TOOLS_SETUID */
 
 	/*
 	 * Do the first and easiest shadow file case. The user already
 	 * exists in the shadow password file.
 	 */
 	sp = spw_locate (pwd->pw_name);
-#ifndef USE_PAM
+#if !defined(ACCT_TOOLS_SETUID) && !defined(USE_PAM)
 	if (NULL != sp) {
 		spent = *sp;
 		if (   (NULL != crypt_method)
@@ -547,7 +561,7 @@ static int add_passwd (struct passwd *pwd, const char *password)
 	if (strcmp (pwd->pw_passwd, "x") != 0) {
 		return update_passwd (pwd, password);
 	}
-#else				/* USE_PAM */
+#else				/* !ACCT_TOOLS_SETUID && !USE_PAM */
 	/*
 	 * If there is already a shadow entry, do not touch it.
 	 * If there is already a passwd entry with a password, do not
@@ -558,14 +572,14 @@ static int add_passwd (struct passwd *pwd, const char *password)
 	    || (strcmp (pwd->pw_passwd, "x") != 0)) {
 		return 0;
 	}
-#endif				/* USE_PAM */
+#endif				/* !ACCT_TOOLS_SETUID && !USE_PAM */
 
 	/*
 	 * Now the really hard case - I need to create an entirely new
 	 * shadow password file entry.
 	 */
 	spent.sp_namp = pwd->pw_name;
-#ifndef USE_PAM
+#if !defined(ACCT_TOOLS_SETUID) && !defined(USE_PAM)
 	if ((crypt_method != NULL) && (0 == strcmp(crypt_method, "NONE"))) {
 		spent.sp_pwdp = (char *)password;
 	} else {
@@ -610,35 +624,41 @@ static int add_passwd (struct passwd *pwd, const char *password)
 static void process_flags (int argc, char **argv)
 {
 	int c;
+#ifndef ACCT_TOOLS_SETUID
 #ifndef USE_PAM
 #if defined(USE_SHA_CRYPT) || defined(USE_BCRYPT) || defined(USE_YESCRYPT)
         int bad_s;
 #endif				/* USE_SHA_CRYPT || USE_BCRYPT || USE_YESCRYPT */
 #endif 				/* !USE_PAM */
+#endif /* !ACCT_TOOLS_SETUID */
 	static struct option long_options[] = {
 		{"badname",      no_argument,       NULL, 'b'},
+#ifndef ACCT_TOOLS_SETUID
 #ifndef USE_PAM
 		{"crypt-method", required_argument, NULL, 'c'},
 #endif				/* !USE_PAM */
+#endif /* !ACCT_TOOLS_SETUID */
 		{"help",         no_argument,       NULL, 'h'},
 		{"system",       no_argument,       NULL, 'r'},
 		{"root",         required_argument, NULL, 'R'},
+#ifndef ACCT_TOOLS_SETUID
 #ifndef USE_PAM
 #if defined(USE_SHA_CRYPT) || defined(USE_BCRYPT) || defined(USE_YESCRYPT)
 		{"sha-rounds",   required_argument, NULL, 's'},
 #endif				/* USE_SHA_CRYPT || USE_BCRYPT || USE_YESCRYPT */
 #endif				/* !USE_PAM */
+#endif /* !ACCT_TOOLS_SETUID */
 		{NULL, 0, NULL, '\0'}
 	};
 
 	while ((c = getopt_long (argc, argv,
-#ifndef USE_PAM
+#if !defined(ACCT_TOOLS_SETUID) && !defined(USE_PAM)
 #if defined(USE_SHA_CRYPT) || defined(USE_BCRYPT) || defined(USE_YESCRYPT)
 	                         "c:bhrs:",
 #else				/* !USE_SHA_CRYPT && !USE_BCRYPT && !USE_YESCRYPT */
 	                         "c:bhr",
 #endif				/* USE_SHA_CRYPT || USE_BCRYPT || USE_YESCRYPT */
-#else				/* USE_PAM */
+#else				/* !ACCT_TOOLS_SETUID && !USE_PAM */
 	                         "bhr",
 #endif
 	                         long_options, NULL)) != -1) {
@@ -646,11 +666,13 @@ static void process_flags (int argc, char **argv)
 		case 'b':
 			allow_bad_names = true;
 			break;
+#ifndef ACCT_TOOLS_SETUID
 #ifndef USE_PAM
 		case 'c':
 			crypt_method = optarg;
 			break;
 #endif				/* !USE_PAM */
+#endif /* !ACCT_TOOLS_SETUID */
 		case 'h':
 			usage (EXIT_SUCCESS);
 			break;
@@ -659,6 +681,7 @@ static void process_flags (int argc, char **argv)
 			break;
 		case 'R': /* no-op, handled in process_root_flag () */
 			break;
+#ifndef ACCT_TOOLS_SETUID
 #ifndef USE_PAM
 #if defined(USE_SHA_CRYPT) || defined(USE_BCRYPT) || defined(USE_YESCRYPT)
 		case 's':
@@ -698,6 +721,7 @@ static void process_flags (int argc, char **argv)
 			break;
 #endif				/* USE_SHA_CRYPT || USE_BCRYPT || USE_YESCRYPT */
 #endif				/* !USE_PAM */
+#endif /* !ACCT_TOOLS_SETUID */
 		default:
 			usage (EXIT_FAILURE);
 			break;
@@ -730,6 +754,7 @@ static void process_flags (int argc, char **argv)
  */
 static void check_flags (void)
 {
+#ifndef ACCT_TOOLS_SETUID
 #ifndef USE_PAM
 #if defined(USE_SHA_CRYPT) || defined(USE_BCRYPT) || defined(USE_YESCRYPT)
 	if (sflg && !cflg) {
@@ -762,6 +787,7 @@ static void check_flags (void)
 		}
 	}
 #endif				/* !USE_PAM */
+#endif /* !ACCT_TOOLS_SETUID */
 }
 
 /*
@@ -1052,12 +1078,14 @@ int main (int argc, char **argv)
 	int line = 0;
 	uid_t uid;
 	gid_t gid;
+#ifdef ACCT_TOOLS_SETUID
 #ifdef USE_PAM
 	int *lines = NULL;
 	char **usernames = NULL;
 	char **passwords = NULL;
 	unsigned int nusers = 0;
 #endif				/* USE_PAM */
+#endif /* ACCT_TOOLS_SETUID */
 
 	Prog = Basename (argv[0]);
 	log_set_progname(Prog);
@@ -1196,6 +1224,7 @@ int main (int argc, char **argv)
 		}
 		newpw = *pw;
 
+#ifdef ACCT_TOOLS_SETUID
 #ifdef USE_PAM
 		/* keep the list of user/password for later update by PAM */
 		nusers++;
@@ -1212,6 +1241,7 @@ int main (int argc, char **argv)
 		usernames[nusers-1] = strdup (fields[0]);
 		passwords[nusers-1] = strdup (fields[1]);
 #endif				/* USE_PAM */
+#endif /* ACCT_TOOLS_SETUID */
 		if (add_passwd (&newpw, fields[1]) != 0) {
 			fprintf (stderr,
 			         _("%s: line %d: can't update password\n"),
@@ -1328,6 +1358,7 @@ int main (int argc, char **argv)
 	nscd_flush_cache ("group");
 	sssd_flush_cache (SSSD_DB_PASSWD | SSSD_DB_GROUP);
 
+#ifdef ACCT_TOOLS_SETUID
 #ifdef USE_PAM
 	unsigned int i;
 	/* Now update the passwords using PAM */
@@ -1340,6 +1371,7 @@ int main (int argc, char **argv)
 		}
 	}
 #endif				/* USE_PAM */
+#endif /* ACCT_TOOLS_SETUID */
 
 	exit (EXIT_SUCCESS);
 }
passwd: Provide binary from this package Provide binary from this package. Enable libpam and disable account-tools-setuid. Provide passwd PAM service file. Finally, provide --stdin option in passwd. Resolves: #2233275 Signed-off-by: Iker Pedrosa <ipedrosa@redhat.com> 2023-11-27 10:51:16 +00:00			`diff --git a/src/chpasswd.c b/src/chpasswd.c`
			`index 3a4bd4fe..246e4176 100644`
			`--- a/src/chpasswd.c`
			`+++ b/src/chpasswd.c`
			`@@ -443,9 +443,11 @@ int main (int argc, char **argv)`
			`char *cp;`
			`const char *salt;`

			`+#ifdef ACCT_TOOLS_SETUID`
			`#ifdef USE_PAM`
			`bool use_pam = true;`
			`#endif /* USE_PAM */`
			`+#endif /* ACCT_TOOLS_SETUID */`

			`int errors = 0;`
			`int line = 0;`
			`@@ -470,19 +472,23 @@ int main (int argc, char **argv)`
			`process_root_flag ("-R", argc, argv);`
			`prefix = process_prefix_flag ("-P", argc, argv);`

			`+#ifdef ACCT_TOOLS_SETUID`
			`#ifdef USE_PAM`
			`if (md5flg \|\| eflg \|\| cflg \|\| prefix[0]) {`
			`use_pam = false;`
			`}`
			`#endif /* USE_PAM */`
			`+#endif /* ACCT_TOOLS_SETUID */`

			`OPENLOG ("chpasswd");`

			`check_perms ();`

			`+#ifdef ACCT_TOOLS_SETUID`
			`#ifdef USE_PAM`
			`if (!use_pam)`
			`#endif /* USE_PAM */`
			`+#endif /* ACCT_TOOLS_SETUID */`
			`{`
			`is_shadow_pwd = spw_file_present ();`

			`@@ -544,6 +550,7 @@ int main (int argc, char **argv)`
			`}`
			`newpwd = cp;`

			`+#ifdef ACCT_TOOLS_SETUID`
			`#ifdef USE_PAM`
			`if (use_pam) {`
			`if (do_pam_passwd_non_interactive ("chpasswd", name, newpwd) != 0) {`
			`@@ -554,6 +561,7 @@ int main (int argc, char **argv)`
			`}`
			`} else`
			`#endif /* USE_PAM */`
			`+#endif /* ACCT_TOOLS_SETUID */`
			`{`
			`const struct spwd *sp;`
			`struct spwd newsp;`
			`@@ -673,9 +681,11 @@ int main (int argc, char **argv)`
			`* password database.`
			`*/`
			`if (0 != errors) {`
			`+#ifdef ACCT_TOOLS_SETUID`
			`#ifdef USE_PAM`
			`if (!use_pam)`
			`#endif /* USE_PAM */`
			`+#endif /* ACCT_TOOLS_SETUID */`
			`{`
			`fprintf (stderr,`
			`_("%s: error detected, changes ignored\n"),`
			`@@ -684,9 +694,11 @@ int main (int argc, char **argv)`
			`fail_exit (1);`
			`}`

			`+#ifdef ACCT_TOOLS_SETUID`
			`#ifdef USE_PAM`
			`if (!use_pam)`
			`#endif /* USE_PAM */`
			`+#endif /* ACCT_TOOLS_SETUID */`
			`{`
			`/* Save the changes */`
			`close_files ();`
			`diff --git a/src/groupmems.c b/src/groupmems.c`
			`index 63a1601c..73f7310e 100644`
			`--- a/src/groupmems.c`
			`+++ b/src/groupmems.c`
			`@@ -14,9 +14,11 @@`
			`#include <grp.h>`
			`#include <stdio.h>`
			`#include <sys/types.h>`
			`+#ifdef ACCT_TOOLS_SETUID`
			`#ifdef USE_PAM`
			`#include "pam_defs.h"`
			`#endif /* USE_PAM */`
			`+#endif /* ACCT_TOOLS_SETUID */`
			`#include <pwd.h>`

			`#include "alloc.h"`
			`@@ -430,6 +432,7 @@ static void process_flags (int argc, char **argv)`
			`static void check_perms (void)`
			`{`
			`if (!list) {`
			`+#ifdef ACCT_TOOLS_SETUID`
			`#ifdef USE_PAM`
			`pam_handle_t *pamh = NULL;`
			`int retval;`
			`@@ -463,7 +466,8 @@ static void check_perms (void)`
			`fail_exit (1);`
			`}`
			`(void) pam_end (pamh, retval);`
			`-#endif`
			`+#endif /* USE_PAM */`
			`+#endif /* ACCT_TOOLS_SETUID */`
			`}`
			`}`

			`diff --git a/src/newusers.c b/src/newusers.c`
			`index 09e14a48..96b60de2 100644`
			`--- a/src/newusers.c`
			`+++ b/src/newusers.c`
			`@@ -59,6 +59,7 @@`
			`const char *Prog;`

			`static bool rflg = false; /* create a system account */`
			`+#ifndef ACCT_TOOLS_SETUID`
			`#ifndef USE_PAM`
			`static /@null@//@observer@/char *crypt_method = NULL;`
			`#define cflg (NULL != crypt_method)`
			`@@ -75,6 +76,7 @@ static long bcrypt_rounds = 13;`
			`static long yescrypt_cost = 5;`
			`#endif /* USE_YESCRYPT */`
			`#endif /* !USE_PAM */`
			`+#endif /* !ACCT_TOOLS_SETUID */`

			`static bool is_shadow;`
			`#ifdef SHADOWGRP`
			`@@ -97,9 +99,11 @@ NORETURN static void fail_exit (int);`
			`static int add_group (const char , const char , gid_t *, gid_t);`
			`static int get_user_id (const char , uid_t );`
			`static int add_user (const char *, uid_t, gid_t);`
			`+#ifndef ACCT_TOOLS_SETUID`
			`#ifndef USE_PAM`
			`static int update_passwd (struct passwd , const char );`
			`#endif /* !USE_PAM */`
			`+#endif /* !ACCT_TOOLS_SETUID */`
			`static int add_passwd (struct passwd , const char );`
			`static void process_flags (int argc, char **argv);`
			`static void check_flags (void);`
			`@@ -121,6 +125,7 @@ static void usage (int status)`
			`"Options:\n"),`
			`Prog);`
			`(void) fputs (_(" -b, --badname allow bad names\n"), usageout);`
			`+#ifndef ACCT_TOOLS_SETUID`
			`#ifndef USE_PAM`
			`(void) fprintf (usageout,`
			`_(" -c, --crypt-method METHOD the crypt method (one of %s)\n"),`
			`@@ -136,9 +141,11 @@ static void usage (int status)`
			`#endif`
			`);`
			`#endif /* !USE_PAM */`
			`+#endif /* !ACCT_TOOLS_SETUID */`
			`(void) fputs (_(" -h, --help display this help message and exit\n"), usageout);`
			`(void) fputs (_(" -r, --system create system accounts\n"), usageout);`
			`(void) fputs (_(" -R, --root CHROOT_DIR directory to chroot into\n"), usageout);`
			`+#ifndef ACCT_TOOLS_SETUID`
			`#ifndef USE_PAM`
			`#if defined(USE_SHA_CRYPT) \|\| defined(USE_BCRYPT) \|\| defined(USE_YESCRYPT)`
			`(void) fputs (_(" -s, --sha-rounds number of rounds for the SHA, BCRYPT\n"`
			`@@ -146,6 +153,7 @@ static void usage (int status)`
			`usageout);`
			`#endif /* USE_SHA_CRYPT \|\| USE_BCRYPT \|\| USE_YESCRYPT */`
			`#endif /* !USE_PAM */`
			`+#endif /* !ACCT_TOOLS_SETUID */`
			`(void) fputs ("\n", usageout);`

			`exit (status);`
			`@@ -405,6 +413,7 @@ static int add_user (const char *name, uid_t uid, gid_t gid)`
			`return (pw_update (&pwent) == 0) ? -1 : 0;`
			`}`

			`+#ifndef ACCT_TOOLS_SETUID`
			`#ifndef USE_PAM`
			`/*`
			`* update_passwd - update the password in the passwd entry`
			`@@ -457,6 +466,7 @@ static int update_passwd (struct passwd pwd, const char password)`
			`return 0;`
			`}`
			`#endif /* !USE_PAM */`
			`+#endif /* !ACCT_TOOLS_SETUID */`

			`/*`
			`* add_passwd - add or update the encrypted password`
			`@@ -465,10 +475,13 @@ static int add_passwd (struct passwd pwd, const char password)`
			`{`
			`const struct spwd *sp;`
			`struct spwd spent;`
			`+#ifndef ACCT_TOOLS_SETUID`
			`#ifndef USE_PAM`
			`char *cp;`
			`#endif /* !USE_PAM */`
			`+#endif /* !ACCT_TOOLS_SETUID */`

			`+#ifndef ACCT_TOOLS_SETUID`
			`#ifndef USE_PAM`
			`void *crypt_arg = NULL;`
			`if (NULL != crypt_method) {`
			`@@ -505,13 +518,14 @@ static int add_passwd (struct passwd pwd, const char password)`
			`return update_passwd (pwd, password);`
			`}`
			`#endif /* USE_PAM */`
			`+#endif /* !ACCT_TOOLS_SETUID */`

			`/*`
			`* Do the first and easiest shadow file case. The user already`
			`* exists in the shadow password file.`
			`*/`
			`sp = spw_locate (pwd->pw_name);`
			`-#ifndef USE_PAM`
			`+#if !defined(ACCT_TOOLS_SETUID) && !defined(USE_PAM)`
			`if (NULL != sp) {`
			`spent = *sp;`
			`if ( (NULL != crypt_method)`
			`@@ -547,7 +561,7 @@ static int add_passwd (struct passwd pwd, const char password)`
			`if (strcmp (pwd->pw_passwd, "x") != 0) {`
			`return update_passwd (pwd, password);`
			`}`
			`-#else /* USE_PAM */`
			`+#else /* !ACCT_TOOLS_SETUID && !USE_PAM */`
			`/*`
			`* If there is already a shadow entry, do not touch it.`
			`* If there is already a passwd entry with a password, do not`
			`@@ -558,14 +572,14 @@ static int add_passwd (struct passwd pwd, const char password)`
			`\|\| (strcmp (pwd->pw_passwd, "x") != 0)) {`
			`return 0;`
			`}`
			`-#endif /* USE_PAM */`
			`+#endif /* !ACCT_TOOLS_SETUID && !USE_PAM */`

			`/*`
			`* Now the really hard case - I need to create an entirely new`
			`* shadow password file entry.`
			`*/`
			`spent.sp_namp = pwd->pw_name;`
			`-#ifndef USE_PAM`
			`+#if !defined(ACCT_TOOLS_SETUID) && !defined(USE_PAM)`
			`if ((crypt_method != NULL) && (0 == strcmp(crypt_method, "NONE"))) {`
			`spent.sp_pwdp = (char *)password;`
			`} else {`
			`@@ -610,35 +624,41 @@ static int add_passwd (struct passwd pwd, const char password)`
			`static void process_flags (int argc, char **argv)`
			`{`
			`int c;`
			`+#ifndef ACCT_TOOLS_SETUID`
			`#ifndef USE_PAM`
			`#if defined(USE_SHA_CRYPT) \|\| defined(USE_BCRYPT) \|\| defined(USE_YESCRYPT)`
			`int bad_s;`
			`#endif /* USE_SHA_CRYPT \|\| USE_BCRYPT \|\| USE_YESCRYPT */`
			`#endif /* !USE_PAM */`
			`+#endif /* !ACCT_TOOLS_SETUID */`
			`static struct option long_options[] = {`
			`{"badname", no_argument, NULL, 'b'},`
			`+#ifndef ACCT_TOOLS_SETUID`
			`#ifndef USE_PAM`
			`{"crypt-method", required_argument, NULL, 'c'},`
			`#endif /* !USE_PAM */`
			`+#endif /* !ACCT_TOOLS_SETUID */`
			`{"help", no_argument, NULL, 'h'},`
			`{"system", no_argument, NULL, 'r'},`
			`{"root", required_argument, NULL, 'R'},`
			`+#ifndef ACCT_TOOLS_SETUID`
			`#ifndef USE_PAM`
			`#if defined(USE_SHA_CRYPT) \|\| defined(USE_BCRYPT) \|\| defined(USE_YESCRYPT)`
			`{"sha-rounds", required_argument, NULL, 's'},`
			`#endif /* USE_SHA_CRYPT \|\| USE_BCRYPT \|\| USE_YESCRYPT */`
			`#endif /* !USE_PAM */`
			`+#endif /* !ACCT_TOOLS_SETUID */`
			`{NULL, 0, NULL, '\0'}`
			`};`

			`while ((c = getopt_long (argc, argv,`
			`-#ifndef USE_PAM`
			`+#if !defined(ACCT_TOOLS_SETUID) && !defined(USE_PAM)`
			`#if defined(USE_SHA_CRYPT) \|\| defined(USE_BCRYPT) \|\| defined(USE_YESCRYPT)`
			`"c:bhrs:",`
			`#else /* !USE_SHA_CRYPT && !USE_BCRYPT && !USE_YESCRYPT */`
			`"c:bhr",`
			`#endif /* USE_SHA_CRYPT \|\| USE_BCRYPT \|\| USE_YESCRYPT */`
			`-#else /* USE_PAM */`
			`+#else /* !ACCT_TOOLS_SETUID && !USE_PAM */`
			`"bhr",`
			`#endif`
			`long_options, NULL)) != -1) {`
			`@@ -646,11 +666,13 @@ static void process_flags (int argc, char **argv)`
			`case 'b':`
			`allow_bad_names = true;`
			`break;`
			`+#ifndef ACCT_TOOLS_SETUID`
			`#ifndef USE_PAM`
			`case 'c':`
			`crypt_method = optarg;`
			`break;`
			`#endif /* !USE_PAM */`
			`+#endif /* !ACCT_TOOLS_SETUID */`
			`case 'h':`
			`usage (EXIT_SUCCESS);`
			`break;`
			`@@ -659,6 +681,7 @@ static void process_flags (int argc, char **argv)`
			`break;`
			`case 'R': /* no-op, handled in process_root_flag () */`
			`break;`
			`+#ifndef ACCT_TOOLS_SETUID`
			`#ifndef USE_PAM`
			`#if defined(USE_SHA_CRYPT) \|\| defined(USE_BCRYPT) \|\| defined(USE_YESCRYPT)`
			`case 's':`
			`@@ -698,6 +721,7 @@ static void process_flags (int argc, char **argv)`
			`break;`
			`#endif /* USE_SHA_CRYPT \|\| USE_BCRYPT \|\| USE_YESCRYPT */`
			`#endif /* !USE_PAM */`
			`+#endif /* !ACCT_TOOLS_SETUID */`
			`default:`
			`usage (EXIT_FAILURE);`
			`break;`
			`@@ -730,6 +754,7 @@ static void process_flags (int argc, char **argv)`
			`*/`
			`static void check_flags (void)`
			`{`
			`+#ifndef ACCT_TOOLS_SETUID`
			`#ifndef USE_PAM`
			`#if defined(USE_SHA_CRYPT) \|\| defined(USE_BCRYPT) \|\| defined(USE_YESCRYPT)`
			`if (sflg && !cflg) {`
			`@@ -762,6 +787,7 @@ static void check_flags (void)`
			`}`
			`}`
			`#endif /* !USE_PAM */`
			`+#endif /* !ACCT_TOOLS_SETUID */`
			`}`

			`/*`
			`@@ -1052,12 +1078,14 @@ int main (int argc, char **argv)`
			`int line = 0;`
			`uid_t uid;`
			`gid_t gid;`
			`+#ifdef ACCT_TOOLS_SETUID`
			`#ifdef USE_PAM`
			`int *lines = NULL;`
			`char **usernames = NULL;`
			`char **passwords = NULL;`
			`unsigned int nusers = 0;`
			`#endif /* USE_PAM */`
			`+#endif /* ACCT_TOOLS_SETUID */`

			`Prog = Basename (argv[0]);`
			`log_set_progname(Prog);`
			`@@ -1196,6 +1224,7 @@ int main (int argc, char **argv)`
			`}`
			`newpw = *pw;`

			`+#ifdef ACCT_TOOLS_SETUID`
			`#ifdef USE_PAM`
			`/* keep the list of user/password for later update by PAM */`
			`nusers++;`
			`@@ -1212,6 +1241,7 @@ int main (int argc, char **argv)`
			`usernames[nusers-1] = strdup (fields[0]);`
			`passwords[nusers-1] = strdup (fields[1]);`
			`#endif /* USE_PAM */`
			`+#endif /* ACCT_TOOLS_SETUID */`
			`if (add_passwd (&newpw, fields[1]) != 0) {`
			`fprintf (stderr,`
			`_("%s: line %d: can't update password\n"),`
			`@@ -1328,6 +1358,7 @@ int main (int argc, char **argv)`
			`nscd_flush_cache ("group");`
			`sssd_flush_cache (SSSD_DB_PASSWD \| SSSD_DB_GROUP);`

			`+#ifdef ACCT_TOOLS_SETUID`
			`#ifdef USE_PAM`
			`unsigned int i;`
			`/* Now update the passwords using PAM */`
			`@@ -1340,6 +1371,7 @@ int main (int argc, char **argv)`
			`}`
			`}`
			`#endif /* USE_PAM */`
			`+#endif /* ACCT_TOOLS_SETUID */`

			`exit (EXIT_SUCCESS);`
			`}`