Copy stable/10@r272459 to releng/10.1 as part of
the 10.1-RELEASE process.

Approved by: re (implicit)
Sponsored by: The FreeBSD Foundation

Copy head (r256279) to stable/10 as part of the 10.0-RELEASE cycle.

Approved by: re (implicit)
Sponsored by: The FreeBSD Foundation

Fix NULL ptr dereference in setusercontext if pwd is null,
LOGIN_SETPRIORITY is set, and setting the priority (rtprio or
setpriority) fails.

PR: kern/164238
Submitted by: Alexander Wittig <alexander@wittig.name>
Reviewed by: des
Approved by: cperciva
MFC after: 1 month

Add two new system calls, setloginclass(2) and getloginclass(2). This makes
it possible for the kernel to track login class the process is assigned to,
which is required for RCTL. This change also make setusercontext(3) call
setloginclass(2) and makes it possible to retrieve current login class using
id(1).

Reviewed by: kib (as part of a larger patch)

In setusercontext(), do not apply user settings unless running as the
user in question (usually but not necessarily because we were called
with LOGIN_SETUSER). This plugs a hole where users could raise their
resource limits and expand their CPU mask.

MFC after: 3 weeks

Usermode portion of the support for swap allocation accounting:
- update for getrlimit(2) manpage;
- support for setting RLIMIT_SWAP in login class;
- addition to the limits(1) and sh and csh limit-setting builtins;
- tuning(7) documentation on the sysctls controlling overcommit.

In collaboration with: pho
Reviewed by: alc
Approved by: re (kensmith)

Avoid assigning a const char * to a char *.

MFC after: 3 weeks

Parenthesize return values.

include and whitespace cleanup.

Integrate the new MPSAFE TTY layer to the FreeBSD operating system.

The last half year I've been working on a replacement TTY layer for the
FreeBSD kernel. The new TTY layer was designed to improve the following:

- Improved driver model:

The old TTY layer has a driver model that is not abstract enough to
make it friendly to use. A good example is the output path, where the
device drivers directly access the output buffers. This means that an
in-kernel PPP implementation must always convert network buffers into
TTY buffers.

If a PPP implementation would be built on top of the new TTY layer
(still needs a hooks layer, though), it would allow the PPP
implementation to directly hand the data to the TTY driver.

- Improved hotplugging:

With the old TTY layer, it isn't entirely safe to destroy TTY's from
the system. This implementation has a two-step destructing design,
where the driver first abandons the TTY. After all threads have left
the TTY, the TTY layer calls a routine in the driver, which can be
used to free resources (unit numbers, etc).

The pts(4) driver also implements this feature, which means
posix_openpt() will now return PTY's that are created on the fly.

- Improved performance:

One of the major improvements is the per-TTY mutex, which is expected
to improve scalability when compared to the old Giant locking.
Another change is the unbuffered copying to userspace, which is both
used on TTY device nodes and PTY masters.

Upgrading should be quite straightforward. Unlike previous versions,
existing kernel configuration files do not need to be changed, except
when they reference device drivers that are listed in UPDATING.

Obtained from: //depot/projects/mpsafetty/...
Approved by: philip (ex-mentor)
Discussed: on the lists, at BSDCan, at the DevSummit
Sponsored by: Snow B.V., the Netherlands
dcons(4) fixed by: kan

Add support for a new login capability, cpumask which allows login
sessions to be pinned to cpus by login class.

Fix one kind of style(9) bug and a typo in a comment.

Tested with: md5(1)

Remove __NETBSD_SYSCALLS.

ANSIfy, WARNSify, CONSTify. Bit of style(9)-ify.

Tidy up. Sort headers.

Add LOGIN_SETMAC to the list of flags that can't be set without class
information, since we rely on the pwd entry to know what MAC labels
to set as part of the login process.

Obtained from: TrustedBSD Project
Sponsored by: DARPA, Network Associates Laboratories

If LOGIN_SETMAC is set and MAC is enabled in the kernel, then see
if the user has a 'label' entry in their login class. If so, attempt
to set that label on the process as part of the credential setup. If
we're unable to parse the label, or unable to set the label, fail.
In the future, we may also want to warn if a label is set but the
kernel doesn't support MAC.

Approved by: re
Obtained from: TrustedBSD Project
Sponsored by: DARPA, Network Associates Laboratories

Add additional field 'overwrite' to login_vars. It mainly needed to handle
"term" according to manpage, i.e. not overwrite it, if already present in
environment.

Make libutil aware of vmemoryuse in its login.conf cap processing (aka
sshd, /usr/bin/login, etc)

Const poisoning.

Add __FBSDID()s to libutil

Make sbsize a size instead of a number. This allows the usual suffixes
to be applied to the value given. This does not break installed
/etc/login.conf files, since un-suffixed numbers are interpreted as
they were before.

PR: 19750
Submitted by: Paul Herman <pherman@frenchfries.net>

Do not set the default terminal type to "su", leave it empty.

PR: bin/5084
Reviewed by: asmodai, davidn, sef

This implements the RLIMIT_SBSIZE ("sbsize") administrative limits for
userland. Currently, it can be enforced by login and csh. More
shells supporting sbsize are welcome.

$Id$ -> $FreeBSD$

fix potential memory overwrite in escape parsing

PR: 11687
Submitted by: Don Lewis <Don.Lewis@tsc.tdk.com>

Print uid/gid as u_long per bde suggestion

cast arg to (long) to match format

If using NetBSD syscalls the rtprio syscall doesn't exist, so just
don't try to use it to set special priorities.

Allow setting of idle or realtime processing priorities per
login class.

PR: 6636
Submitted by: Jason Young <doogie@forbidden-donut.anet-stl.com>

Summary of login.conf support changes:

o Incorporated BSDI code and enhancements, better logging for error
checking (which has been shown to be a problem, and is therefore
justified, imho); also some minor things we were missing, including
better quad_t math, which checks for under/overflows.

o setusercontext() now allows user resource limit overrides, but
does this AFTER dropping root privs, to restrict the user to
droping hard limits and set soft limits within the kernel's
allowed user limits.

o umask() only set once, and only if requested.

o add _secure_path(), and use in login.conf to guard against
symlinks etc. and non-root owned or non-user owned files being
used. Derived from BSDI contributed code.

o revamped authentication code to BSDI's latest api, which
includes deleting authenticate() and adding auth_check()
and a few other functions. This is still marked as depecated
in BSDI, but is included for completeness. No other source
in the tree uses this anyway, so it is now bracketed with
#ifdef LOGIN_CAP_AUTH which is by default not defined. Only
auth_checknologin() and auth_cat() are actually used in
module login_auth.c.

o AUTH_NONE definition removed (collided with other includes
in the tree). [bde]

o BSDI's login_getclass() now accepts a char *classname
parameter rather than struct passwd *pwd. We now do likewise,
but added login_getpwclass() for (sort of) backwards
compatiblity, namely because we handle root as a special
case for the default class. This will require quite a few
changes elsewhere in the source tree.

o We no longer pretend to support rlim_t as a long type.

o Revised code formatting to be more bsd-ish style.

Revert $FreeBSD$ to $Id$

#include <sys/stat.h> for umask() prototype.

Make the long-awaited change from $Id$ to $FreeBSD$

This will make a number of things easier in the future, as well as (finally!)
avoiding the Id-smashing problem which has plagued developers for so long.

Boy, I'm glad we're not using sup anymore. This update would have been
insane otherwise.

Various bugfixes.

Library functions relating to the login class capabilities database,
including manpages.
See also login_cap.h.