consider that SUGROUP and ROOTAUTH group contain the names of
users and groups. If user is not found in the list check_ingroup()
recurses on each member until either user is found or end of chain
is reached.
The above allows su's use of the wheel group to be extended to a large
number of users without necessarily putting them in group wheel, and
in a way that will work over NIS that simply extending the line length
limit in getgrent.c cannot.
adding support for Heimdal/KTH Kerberos where easy to do so. Eliminate
bsd.crypto.mk.
There is still a bunch more work to do, but crypto is now more-or-less
fully merged into the base NetBSD distribution.
The appropriate entry in /etc/group as returned by getgrnam() is
used to determine if 'su root' may be permitted, rather than
checking if membership exists in the result of getgroups().
The following changes were made regarding the behaviour of the special
group for 'su root'
* allow for definition of SUGROUP (defaults to "wheel") to override group name.
* use getgrnam(SUGROUP) instead of getgrgid(0).
* only scan getgrnam(SUGROUP)->gr_mem when checking for group membership.
* be more specific as to why 'su root' failed
NOTE: If a user's primary group is SUGROUP, and they're not a member
of SUGROUP in /etc/group, they will not be able to su.
Fix PR/2839: su will not build with Kerberos.
- Also:
-Don't coredump when $TERM is not set.
-Add prototypes, remove local old style declarations of system
functions.
-Recognize shells that contain "csh" as being csh alike.
-Don't build with SKEY unconditionally. Obey bsd.own.mk.