Copy stable/10@r272459 to releng/10.1 as part of
the 10.1-RELEASE process.

Approved by: re (implicit)
Sponsored by: The FreeBSD Foundation

Copy head (r256279) to stable/10 as part of the 10.0-RELEASE cycle.

Approved by: re (implicit)
Sponsored by: The FreeBSD Foundation

Build usr.bin/ with WARNS=6 by default.

Also add some missing $FreeBSD$ to keep svn happy.

Teach login(1) about the make.conf NO_AUDIT variable. This allows us to
conditionally build in audit support.

Submitted by: bz
MFC after: 1 week

Add missing library dependencies.

Reimplementation of world/kernel build options. For details, see:

http://lists.freebsd.org/pipermail/freebsd-current/2006-March/061725.html

The src.conf(5) manpage is to follow in a few days.

Brought to you by: imp, jhb, kris, phk, ru (all bugs are mine)

Since the whole login.access feature has moved to PAM,
login.access.5 will be installed from the respective PAM
module's src directory.

MFC after: 3 days

Make login audit-enabled, submitting audit records for the login and logout
events. The specifics of submitting the records is contained within
login_audit.c.
Document the auditing behavior in the man page.

Obtained from: TrustedBSD Project, Apple Computer, Inc.
Approved by: rwatson (mentor)

Introduce the PRECIOUSPROG knob in bsd.prog.mk, similar
to PRECIOUSLIB from bsd.lib.mk. The side effect of this
is making installing the world under jail(8) possible by
using another knob, NOFSCHG.

Reviewed by: oliver

Fixed style bugs in previous commit (.ifndef instead of .if defined(),
and tab lossage).

Garbage-collected NEED_LIBNAMES.

I am a moron.

Re-add the setuid bit, conditional on NO_SETUID_LOGIN being undefined.

Cut through the bikeshed and remove login(1)'s setuid bit. It has no
business trying to impersonate su(1), and it does not need to be setuid
to function properly when invoked by getty(8) or telnetd(8).

GC (now unused here) -lcrypt.

Fixed some style bugs ("From:" in vendor id line, disordered MAN line, and
blank lines).

Not unapproved of by: markm

Remove NO_WERRORs and WARNS=n's. To be revisited after GCC3.

Still with asbestos longjohns on, completely PAMify login(1) and remove
code made redundant by various PAM modules (primarily pam_unix(8)).

Sponsored by: DARPA, NAI Labs

Work around world breakage in previous commit. The bug is in
<security/pam_misc.h>. It declares a function parameter named 'send',
so nothing that includes both <unistd.h> (which declares send(2)) and
<security/pam_misc.h> be compiled with WARNS=2 unless NO_WERRROR is
set.

Fixed order of WARNS.

WARNS=2 fixes.

Reviewed by: bde (a while back)

Set BINOWN=root explicitly for setuid root binaries.

This is not "useless", as one may have non-default
setting for BINOWN in make.conf, and we still want
these to be installed setuid root in this case.

Like su(1), make PAM use mandatory. Remove parts of the authentication
logic that are handled by PAM. Fix documentation to reflect this.

Clean out some cruft that has been put in a better (central) place.

Enable (optional) static linking.

Add full PAM support for account management and sessions.

The PAM_FAIL_CHECK and PAM_END macros in su.c came from the util-linux
package's PAM patches to the BSD login.c

Submitted by: "David J. MacKenzie" <djm@web.us.uu.net>

MAN[1-9] -> MAN.

Revert the libcrypt/libmd stuff back to how it was. This should not have
happened as it was working around problems elsewhere (ie: binutils/ld
not doing the right thing according to the ELF design). libcrypt has
been adjusted to not need the runtime -lmd. It's still not quite right
(ld is supposed to work damnit) but at least it doesn't impact all the
users of libcrypt in Marcel's cross-build model.

Add libmd (or move it after libcrypt). We don't want the linker to be
smart because it will definitely get it wrong. This popped up during
cross-linking.

$Id$ -> $FreeBSD$

Force <bsd.libnames.mk> to be included, regardless of the object
format. This fixes the undefined symbols when building login for
a.out.

Allow login to be linked statically even when PAM is used, since
there is now a static version of libpam.

Add a compile knob to avoid using PAM code (login will use standard Unix
authentication only). This comes handy when you're tight on space.

Submitted by: mostly John Baldwin <jobaldwi@vt.edu>
Reviewed by: John D. Polstra <jdp@polstra.com>

Work around the problem that login won't link if NOSHARED=yes,
because libpam is built shared only. There is a way to build PAM
into a static library that contains all (or a selected subset) of
the modules. But our Makefiles don't support that yet. Until I get
that working, just force NOSHARED=no in login's Makefile. Of
course, it still won't work if NOPIC is set.

Submitted by: bde

ATTENTION: INSTALL "/etc/pam.conf" FROM "src/etc"!!!

Change login to use PAM for authentication. I kept the built-in
passwd/NIS authentication support, to handle cases where the system
is missing its "/etc/pam.conf" file. S/Key and KerberosIV
authentication methods are removed from the login program, but
still available in PAM modules.

unifdef -DLOGIN_CAP. After almost 2 years, I think we can assume
it's here to stay.

This code is starting to look almost reasonable again.

Remove support for LOGIN_CAP_AUTH. It was never enabled, it was
not complete, and it hasn't been touched for 18 months. All the
ifdefs obfuscate the code. I discussed the LOGIN_CAP_AUTH support
with its author and he agreed that it is a dead end. I am bringing
PAM into the tree within the next two weeks. It is much more
flexible than LOGIN_CAP_AUTH, and will serve as a superior replacement
for it.

Remove useless `BINOWN=root' now that it is the default.

Fix LIBDIR (for aout/ELF).

Changes for KTH KerberosIV.
Also quieten -Wall a bit.

"lmd" -> "-lmd"
Submitted by: Vincent Poy <vince@venus.gaianet.net>

If building elf, don't link in libmd.a just for libskey.so to use. Under
elf, libskey.so will not expose it's implementation on it's caller.

Revert $FreeBSD$ to $Id$

Make the long-awaited change from $Id$ to $FreeBSD$

This will make a number of things easier in the future, as well as (finally!)
avoiding the Id-smashing problem which has plagued developers for so long.

Boy, I'm glad we're not using sup anymore. This update would have been
insane otherwise.

Makes login login_cap-savvy.

Note that LOGIN_CAP_AUTH code (login authentication) is not (yet) enabled
and requires /usr/libexec/login_<style> authentication program support to
be added at a later date. The Makefile contains a macro LC_AUTH to turn
it on and prevent unnecessarily linking against skey/krb libs and the
addition of klogin.c module.

All other aspects of login_cap support are fully functional.

Remove trailing whitespace.

Change the library order so libcrypt is the last library in the list.
libskey contains references to _crypt and can't resolve it unless
-lcrypt occurs after it in the link command. This only occurs when
linking statically.

Modify klogin to:

1) Don't spit out an error message if Kerberos is installed but not yet
set up.

2) Don't attempt to verify the ticket you got back, as workstations
are not intended to have srvtab files of their own.

Both behaviors can be re-enabled with KLOGIN_PARANOID.

Add distribution=krb for P-HK

Include most of the logdaemon v4.4 S/key changes

Undo damage done between revisions 1.6 and 1.7
(Guys, please don't DAMAGE commits that have just gone in.)

Install support for skey and login.access

First level of changes for bringing in eBones (kerberos).
- Get rid of inverse logic (NOKERBEROS and NOEBONES) in src/makefile,
and replace with MAKE_KERBEROS and MAKE_EBONES. (Far fewer contortions,
and both default to off.) IF YOU WANT KERBEROS, YOU HAVE TO EXPLICITLY
DEFINE ONE OF THESE.
- Make Makefiles kerberos-aware.

Implemnet fbtab ala SunOS (thanks to WZV, see login_fbtab.c)
Reviewed by:
Submitted by: guido

Add skey supprot
Reviewed by:
Submitted by: guido

LDADD= -lcrypt
Submitted by: Geoff

Don't compile with kerberos yet, we aren't ready.

This commit was generated by cvs2svn to compensate for changes in r1590,
which included commits to RCS files with non-trunk default branches.

BSD 4.4 Lite Usr.bin Sources