lib: Automated cleanup of cdefs and other formatting

Apply the following automated changes to try to eliminate
no-longer-needed sys/cdefs.h includes as well as now-empty
blank lines in a row.

Remove /^#if.*\n#endif.*\n#include\s+<sys/cdefs.h>.*\n/
Remove /\n+#include\s+<sys/cdefs.h>.*\n+#if.*\n#endif.*\n+/
Remove /\n+#if.*\n#endif.*\n+/
Remove /^#if.*\n#endif.*\n/
Remove /\n+#include\s+<sys/cdefs.h>\n#include\s+<sys/types.h>/
Remove /\n+#include\s+<sys/cdefs.h>\n#include\s+<sys/param.h>/
Remove /\n+#include\s+<sys/cdefs.h>\n#include\s+<sys/capsicum.h>/

Sponsored by: Netflix

Remove $FreeBSD$: one-line .c pattern

Remove /^[\s*]*__FBSDID\("\$FreeBSD\$"\);?\s*\n/

pam_login_access: Fix negative entry matching logic

PR: 252194
Approved by: so
Security: CVE-2020-25580
Security: FreeBSD-SA-21:03.pam_login_access

This commit makes significant changes to pam_login_access(8) to bring it
up to par with the Linux pam_access(8).

Like the Linux pam_access(8) our pam_login_access(8) is a service module
for pam(3) that allows a administrator to limit access from specified
remote hosts or terminals. Unlike the Linux pam_access, pam_login_access
is missing some features which are added by this commit:

Access file can now be specified. The default remains /etc/access.conf.
The syntax is consistent with Linux pam_access.

By default usernames are matched. If the username fails to match a match
against a group name is attempted. The new nodefgroup module option will
only match a username and no attempt to match a group name is made.
Group names must be specified in brackets, "()" when nodefgroup is
specified. Otherwise the old backward compatible behavior is used.
This is consistent with Linux pam_access.

A new field separator module option allows the replacement of the default
colon (:) with any other character. This facilitates potential future
specification of X displays. This is also consistent with Linux pam_access.

A new list separator module option to replace the default space/comma/tab
with another character. This too is consistent with Linux pam_access.

Linux pam_access options not implemented in this commit are the debug
and audit options. These will be implemented at a later date.

Reviewed by: bjk, bcr (for manpages)
Approved by: des (blanket, implicit)
MFC after: 1 month
Differential Revision: https://reviews.freebsd.org/D23198

strchr() returns a pointer not an int.

Reported by: bjk
Approved by: des (blanket, implicit)
MFC after: 3 days

When pam_login_access(5) fails to match a username it attempts to
match the primary group a user belongs to. This commit extends the
match to secondary groups a user belongs to as well, just as the Linux
pam_access(5) does.

Approved by: des (implicit, blanket)

The words ALL, LOCAL, and EXCEPT have special meaning and are documented
as in the login.access(5) man page. However strcasecmp() is used to compare
for these special strings. Because of this User accounts and groups with
the corresponding lowercase names are misintrepreted to have special
whereas they should not.

This commit fixes this, conforming to the man page and to how the Linux
pam_access(8) handles these special words.

Approved by: des (implicit, blanket)

libpam: replace 0 with NULL for pointers.

Found with devel/coccinelle.

Reviewed by: des

A new jail(8) with a configuration file, to replace the work currently done
by /etc/rc.d/jail.

Create the altix project branch. The altix project will add support
for the SGI Altix 350 to FreeBSD/ia64. The hardware used for porting
is a two-module system, consisting of a base compute module and a
CPU expansion module. SGI's NUMAFlex architecture can be an excellent
platform to test CPU affinity and NUMA-aware features in FreeBSD.

- Import the HEAD csup code which is the basis for the cvsmode work.

Re-add support for NIS netgroups (heavily modified from patch in PR)

PR: bin/112955
Submitted by: A. Blake Cooper <blake@cluebie.net>
MFC after: 3 weeks

Make NULL a (void*)0 whereever possible, and fix the warnings(-Werror)
that this provokes. "Wherever possible" means "In the kernel OR NOT
C++" (implying C).

There are places where (void *) pointers are not valid, such as for
function pointers, but in the special case of (void *)0, agreement
settles on it being OK.

Most of the fixes were NULL where an integer zero was needed; many
of the fixes were NULL where ascii <nul> ('\0') was needed, and a
few were just "other".

Tested on: i386 sparc64

WARNS=n fixes (and some stylistic issues).

Post-repocopy cleanup.

Sponsored by: DARPA, NAI Labs

Still with asbestos longjohns on, completely PAMify login(1) and remove
code made redundant by various PAM modules (primarily pam_unix(8)).

Sponsored by: DARPA, NAI Labs

Style improvements recommended by Bruce as a follow up to some
of the recent WARNS commits. The idea is:

1) FreeBSD id tags should follow vendor tags.
2) Vendor tags should not be compiled (though copyrights probably should).
3) There should be no blank line between including cdefs and __FBSDIF.

Use __FBSDID(). Also do a bit of cosmetic #if and header-order
cleaning-up.

Style fixups.

Sort function declarations, includes. Make consistent WRT use of _P()
macro (ugh!)

Inspired by: bde

WARNS=2 fixes.

Reviewed by: bde (a while back)

Changes for KTH KerberosIV.
Also quieten -Wall a bit.

Cruft cleanup to eliminate useless warnings

Remove trailing whitespace.

Add skey supprot
Reviewed by:
Submitted by: guido