- Copy stable/10@285827 to releng/10.2 in preparation for 10.2-RC1
builds.
- Update newvers.sh to reflect RC1.
- Update __FreeBSD_version to reflect 10.2.
- Update default pkg(8) configuration to use the quarterly branch.[1]

Discussed with: re, portmgr [1]
Approved by: re (implicit)
Sponsored by: The FreeBSD Foundation

Copy head (r256279) to stable/10 as part of the 10.0-RELEASE cycle.

Approved by: re (implicit)
Sponsored by: The FreeBSD Foundation

Undo r226423.

It seems su does build without warnings, but it requires a small fix to
libbsm headers, which I have not committed to SVN yet.

Remove WARNS line. This tool builds with WARNS=6 properly.

Build usr.bin/ with WARNS=6 by default.

Also add some missing $FreeBSD$ to keep svn happy.

Integrate audit_submit(3) bits into su. This means that records for
successful and failed su attempts will be recorded using the AUE_su
event type (login or lo class) if auditing is present in the system.
Currently, the records will have a header, subject, text (with the
actual diagnostics), a return and trailer token.

See audit_submit(3) for more information.

Reviewed by: rwatson
Obtained from: TrustedBSD Project

Introduce the PRECIOUSPROG knob in bsd.prog.mk, similar
to PRECIOUSLIB from bsd.lib.mk. The side effect of this
is making installing the world under jail(8) possible by
using another knob, NOFSCHG.

Reviewed by: oliver

Fixed style of assignments.

Remove to-be-default WARNS?=2

Set BINOWN=root explicitly for setuid root binaries.

This is not "useless", as one may have non-default
setting for BINOWN in make.conf, and we still want
these to be installed setuid root in this case.

Reinstate complete (and now correctly functioning) WARNS=2.

Back out (with prejudice) the last WARNS=2 fix. I cannot understand
its failure mode, and will revisit it later.

WARNS=2 fixes.

The remaining problem of converting highly incompatible pointer types
is done by "laundering" the value through a union.

This solves the problem (in my own mind) of how a "const char *" _ever_
actually gets a value in a WARNS=2 world.

WARNS=2 type cleanup.

WARNS=2 cannot be enable because of an unresolvable conflict in arg 2
of execv(). Document this in the Makefile.

Reviewed by: bde (su.c only)

Deconvolute the authentication mess, and hand total responsiblity
for authentication to PAM. This meens that WHEELSU-type logic can
now be effected in the pam.conf "su" configuration stack. While here,
clean up the mess that the code had assumed over years of hacking by
folks using different styles. ANSIfy.

There is more policy in here that can be handed over to PAM. This will
be revisited.

Dike out Kerberos(IV) support on the grounds that better kerberos
support can be gotten via PAM.

Add full PAM support for account management and sessions.

The PAM_FAIL_CHECK and PAM_END macros in su.c came from the util-linux
package's PAM patches to the BSD login.c

Submitted by: "David J. MacKenzie" <djm@web.us.uu.net>

Use libcrypto in place of libdes.

Revert the libcrypt/libmd stuff back to how it was. This should not have
happened as it was working around problems elsewhere (ie: binutils/ld
not doing the right thing according to the ELF design). libcrypt has
been adjusted to not need the runtime -lmd. It's still not quite right
(ld is supposed to work damnit) but at least it doesn't impact all the
users of libcrypt in Marcel's cross-build model.

Add libmd (or move it after libcrypt). We don't want the linker to be
smart because it will definitely get it wrong. This popped up during
cross-linking.

Change edistribution to krb4 in preaparation for K5

Fix Common Error brokenness.

$Id$ -> $FreeBSD$

Fixed editing error in previous commit. `-lmd' (link libmd) became `-md'
(emulate the 'd' linker (?)). This was most harmful for the NOSHARED=yes
case since libskey.o isn't linked to libmd.a.

Fixed the usual disorder of DPADD and LDADD, and some tab lossage.

Axe LOGIN_CAP_AUTH.

PR: 10115
Reported by: Gene Skonicki <gene@cif.rochester.edu>
Requested by: jdp

Remove useless `BINOWN=root' now that it is the default.

Removed a buggy ifdef for not linking libmd explicitly. Explicit
linkage is needed for the NOSHARED=YES case, so it is simplest to
never depend on the automagic linkage for elf shared libraries.

Reviewed by: jdp

Add $Id$

Still need -lmd on the alpha as it doesn't have shlibs yet

BINFORMAT -> OBJFORMAT ready for E-day.

Fix LIBDIR (for aout/ELF).

Changes for KTH KerberosIV.
Quieten -Wall a bit.

From Joe Traister:
The previous patch did not propogate the KRBTKFILE environment variable
into the new environment when -l is given to su, making it impossible
for kdestroy to find the ticket file. This patch corrects that problem
as well as the original segfault problem.
(Fixes PR 3903)

If elf, don't add libmd.a just because we link against libskey.so.
A

Move libmd after all libraries to keep natural libraries order

Make su login_cap savvy.
As with login(1), LOGIN_CAP_AUTH is not yet enabled since we don't
yet have authorisation modules.

Better integrate kerberos into su so that if an incorrect Kerberos
password is entered, the user is not prompted for a password a second
time.

This closes pr-bin/1006.

Make it possible to enable WHEELSU from /etc/make.conf.

Remove trailing whitespace.

Change the library order so libcrypt is the last library in the list.
libskey contains references to _crypt and can't resolve it unless
-lcrypt occurs after it in the link command. This only occurs when
linking statically.

Add distribution=krb for P-HK

Include most of the logdaemon v4.4 S/key changes

Add support for s/keys

First level of changes for bringing in eBones (kerberos).
- Get rid of inverse logic (NOKERBEROS and NOEBONES) in src/makefile,
and replace with MAKE_KERBEROS and MAKE_EBONES. (Far fewer contortions,
and both default to off.) IF YOU WANT KERBEROS, YOU HAVE TO EXPLICITLY
DEFINE ONE OF THESE.
- Make Makefiles kerberos-aware.

LDADD= -lcrypt
Submitted by: Geoff

Don't use kerberos yet, we aren't ready.

This commit was generated by cvs2svn to compensate for changes in r1590,
which included commits to RCS files with non-trunk default branches.

BSD 4.4 Lite Usr.bin Sources