shadow/old/config.h.linux

/*
 * Copyright 1989 - 1994, Julianne Frances Haugh
 * All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 * 1. Redistributions of source code must retain the above copyright
 *    notice, this list of conditions and the following disclaimer.
 * 2. Redistributions in binary form must reproduce the above copyright
 *    notice, this list of conditions and the following disclaimer in the
 *    documentation and/or other materials provided with the distribution.
 * 3. Neither the name of Julianne F. Haugh nor the names of its contributors
 *    may be used to endorse or promote products derived from this software
 *    without specific prior written permission.
 *
 * THIS SOFTWARE IS PROVIDED BY JULIE HAUGH AND CONTRIBUTORS ``AS IS'' AND
 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
 * ARE DISCLAIMED.  IN NO EVENT SHALL JULIE HAUGH OR CONTRIBUTORS BE LIABLE
 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 * SUCH DAMAGE.
 */

/*
 * Configuration file for login.
 *
 *	$Id: config.h.linux,v 1.2 1997/05/01 23:11:57 marekm Exp $
 */

#ifndef _CONFIG_H
#define _CONFIG_H

#ifdef	__linux__
#include <sys/types.h>
#include <sys/param.h>
#include <stdio.h>
#endif

/*
 * Pathname to the run-time configuration definitions file.
 */

#define LOGINDEFS "/etc/login.defs"

/*
 * Define SHADOWPWD to use shadow [ unreadable ] password file.
 * Release 3 has a requirement that SHADOWPWD always be defined.
 */

#define	SHADOWPWD

/*
 * Define AUTOSHADOW to have root always copy sp_pwdp to pw_passwd
 * for getpwuid() and getpwnam().  This provides compatibility for
 * privileged applications which are shadow-ignorant.  YOU ARE
 * ENCOURAGED TO NOT USE THIS OPTION UNLESS ABSOLUTELY NECESSARY.
 */
/*
 * Yes, don't do it (and don't build libc with the SHADOW_COMPAT=true
 * option) unless you REALLY know what you're doing.  It might work,
 * but can lead to unshadowing your passwords.  This is not the right
 * way to support shadow passwords!  You have been warned.  --marekm
 */

#undef	AUTOSHADOW

/*
 * Define SHADOWGRP to user shadowed group files.  This feature adds
 * the concept of a group administrator.  You MUST NOT define this
 * if you disable SHADOWPWD.
 */

#define	SHADOWGRP /**/

/*
 * Define these if you have shadow password/group support functions in
 * your version of libc.  This removes these functions from libshadow.a
 * (the ones from libc will be used instead).
 *
 * Finally upgraded to ELF, so...
 */
#define HAVE_SHADOWPWD
#define HAVE_SHADOWGRP

/*
 * Define MD5_CRYPT to support the MD5-based password hashing algorithm
 * compatible with FreeBSD.  All programs using pw_encrypt() instead of
 * crypt() will understand both styles: old (standard, DES-based), and
 * new (MD5-based).
 *
 * This means that it is possible to copy encrypted passwords from FreeBSD.
 * Programs to change passwords (like passwd) will still use the old style
 * crypt() for compatibility.
 *
 * To enable the use of the new crypt() for new passwords (if you don't
 * need to copy them to other systems, except FreeBSD and Linux), set the
 * MD5_CRYPT option in /etc/login.defs to "yes".
 *
 * This algorithm supports passwords of any length (the getpass() limit
 * is 127 on Linux) and salt strings up to 8 (instead of 2) characters.
 *
 * This is experimental, and currently requires that all programs use
 * pw_encrypt() from libshadow.a instead of crypt() from libc.  This is
 * problematic especially on ELF systems (libc5 has getspnam() so there
 * is otherwise no need to link with the static libshadow.a).  On most
 * a.out systems you have to link with libshadow.a anyway, no problem.
 */

#define MD5_CRYPT

/*
 * Define DOUBLESIZE to use 16 character passwords.  Define SW_CRYPT
 * to use 80 character passwords with SecureWare[tm]'s method of
 * generating ciphertext.
 * Not recommended because of some potential weaknesses.  --marekm
 */

#undef DOUBLESIZE
#undef SW_CRYPT

/*
 * Define SKEY to allow dual-mode SKEY/normal logins
 */

#undef	SKEY

/*
 * Define AGING if you want the password aging checks made.
 * Release 3 has a requirement that AGING always be defined.
 */

#define	AGING

/*
 * Pick your version of DBM.  If you define either DBM or NDBM, you must
 * define GETPWENT.  If you define NDBM you must define GETGRENT as well.
 */

/*
 * DBM support is untested, not recommended yet.  It might make more
 * sense if someone could add it to getpwnam() etc. in libc so that all
 * programs (such as ls) can benefit from it.  Any volunteers?
 *
 * The old DBM (as opposed to NDBM) support may be removed in a future
 * release if no one complains.  It's too braindamaged for the number
 * of #ifdefs it adds (only one database per process at a time).
 *
 * On Linux, NDBM is actually implemented using GDBM, which is licensed
 * under the GPL (not LGPL!) - I'm not sure if it is legal to link it
 * with non-GPL code (such as the shadow suite).  Consult your lawyers,
 * or just modify the code to use db instead.  Welcome to the wonderful
 * world of copyrights.  Yuck!
 *
 * The current DBM support code has a subtle design flaw.  See my
 * comment in pwdbm.c for details...
 *
 * Unless you have 2000 users or so, DBM probably doesn't make things
 * much faster, and it does make things more complicated (= possibly
 * more buggy).  Do it only if you know what you're doing!  --marekm
 */

#undef	DBM
#undef	NDBM

/*
 * Define USE_SYSLOG if you want to have SYSLOG functions included in your code.
 */

#define	USE_SYSLOG

/*
 * Enable RLOGIN to support the "-r" and "-h" options.
 * Also enable UT_HOST if your /etc/utmp provides for a host name.
 */

#define RLOGIN
#define UT_HOST

/*
 * Define NO_RFLG to remove support for login -r flag if your system has
 * a new-style rlogind which doesn't need it.  --marekm
 */

#define NO_RFLG

/*
 * Define the "success" code from ruserok().  Most modern systems use 0
 * for success and -1 for failure, while certain older versions use 1
 * for success and 0 for failure.  Please check your manpage to be sure.
 */

#define	RUSEROK	0

/*
 * Select one of the following
 */

#undef DIR_XENIX	/* include <sys/ndir.h>, use (struct direct)	*/
#undef DIR_BSD		/* include <ndir.h>, use (struct direct)	*/
#define DIR_SYSV	/* include <dirent.h>, use (struct dirent)	*/

/*
 * Various system environment definitions.
 */

/*
 * Define if you have sgetgrent() in libc, to remove this function from
 * libshadow.a (some versions of libc5 reportedly have it, most reports
 * so far are from Red Hat 2.1 users, more information is welcome).
 */
#undef HAVE_SGETGRENT

/*
 * Only important if you compile with GETGRENT defined (use my getgr*()
 * but still use fgetgrent() from libc if HAVE_FGETGRENT defined).
 */
#undef HAVE_FGETGRENT

#define HAVE_SIGACTION
#define HAVE_GETUSERSHELL /* Define if your UNIX supports getusershell() */
#define HAVE_LL_HOST	/* Define if "struct lastlog" contains ll_host */
#define	HAVE_ULIMIT	/* Define if your UNIX supports ulimit()	*/
#define	HAVE_RLIMIT	/* Define if your UNIX supports setrlimit()     */
#undef	GETPWENT	/* Define if you want my GETPWENT(3) routines	*/
#undef	GETGRENT	/* Define if you want my GETGRENT(3) routines	*/
#define	NEED_AL64	/* Define if library does not include a64l()	*/
#undef	NEED_MKDIR	/* Define if system does not have mkdir()	*/
#undef	NEED_RMDIR	/* Define if system does not have rmdir()	*/
#undef	NEED_RENAME	/* Define if system does not have rename()	*/
#undef	NEED_STRSTR	/* Define if library does not include strstr()	*/
#undef	NEED_PUTPWENT	/* Define if library does not include putpwent()*/
#define	SIGTYPE	void	/* Type returned by signal()                    */

/*
 * These definitions MUST agree with the values defined in <pwd.h>.
 */

#undef	BSD_QUOTA	/* the pw_quota field exists */
#undef	ATT_AGE		/* the pw_age field exists */
#undef	ATT_COMMENT	/* the pw_comment field exists */

#define	UID_T	uid_t	/* set to be the type of UID's */
#define	GID_T	gid_t	/* set to be the type of GID's */

#ifndef	UID_T
#if defined(SVR4) || defined(_POSIX_SOURCE)
#define	UID_T	uid_t
#else
#define	UID_T	int
#endif
#endif

#ifndef	GID_T
#if defined(SVR4) || defined(_POSIX_SOURCE)
#define	GID_T	gid_t
#else
#define	GID_T	int
#endif
#endif

/*
 * Define NDEBUG for production versions
 */

#define	NDEBUG

/*
 * Define PWDFILE and GRPFILE to the names of the password and
 * group files. //jiivee
 */

#define	PASSWD_FILE	"/etc/passwd"
#define	PASSWD_PAG_FILE	"/etc/passwd.pag"
#define	GROUP_FILE	"/etc/group"
#define	GROUP_PAG_FILE	"/etc/group.pag"

#ifdef SHADOWPWD
#define SHADOW_FILE	"/etc/shadow"
#define SHADOW_PAG_FILE	"/etc/shadow.pag"
#ifdef SHADOWGRP
#define SGROUP_FILE	"/etc/gshadow"
#define SGROUP_PAG_FILE	"/etc/gshadow.pag"
#endif
#endif

/*
 * The structure of the utmp file.  There are two kinds of UTMP files,
 * "BSD" and "USG".  "BSD" has no PID or type information, "USG" does.
 * If you define neither of these, the type will be defaulted by using
 * BSD, SUN, SYS3 and USG defines.
 */

#define _UTMP_FILE "/var/run/utmp"
#define _WTMP_FILE "/var/log/wtmp"

#define USG_UTMP	/**/
/* #define BSD_UTMP	*/

#if !defined(USG_UTMP) && !defined(BSD_UTMP)
#if defined(BSD) || defined(SYS3) || defined(SUN)
#define	BSD_UTMP
#else
#define USG_UTMP
#endif	/* BSD || SYS3 || SUN */
#endif /* !USG_UTMP || !BSD_UTMP */

/*
 * From where to look for legal user shells
 */

#ifndef SHELLS_FILE
#define SHELLS_FILE "/etc/shells"
#endif

/*
 * Default issue file location
 */

#ifndef ISSUE_FILE
#define ISSUE_FILE "/etc/issue"
#endif

/*
 * Logoutd message file
 */

#define	HUP_MESG_FILE	"/etc/logoutd.mesg"

/*
 * Mail spool directory. This is used if mailspool cannot be located otherwise
 */

#ifndef MAIL_SPOOL_DIR
#define MAIL_SPOOL_DIR "/var/spool/mail"
#endif

/*
 * Where are new user default setup files kept
 */

#define SKEL_DIR "/etc/skel"

/*
 * New user defaults. The NEW_USER_FILE must have 6 X's in the end of name
 */

#define USER_DEFAULTS_FILE	"/etc/default/useradd"
#define NEW_USER_FILE		"/etc/default/nuaddXXXXXX"

/*
 * Telinit program.  If your system uses /etc/telinit to change run
 * level, define TELINIT and then define the RUNLEVEL macro to be the
 * run-level to switch INIT to.  This is used by sulogin to change
 * from single user to multi-user mode.
 *
 * From bluca@www.polimi.it: instead, set up /etc/inittab properly
 * ~0:S:wait:/sbin/sulogin
 * ~9:S:wait:/sbin/telinit -t0 2
 */

#undef	TELINIT
#undef PATH_TELINIT	"/sbin/telinit"
#undef	RUNLEVEL	"2"

/*
 * Crontab and atrm.  Used in userdel.c - see user_cancel().  Verify
 * that these are correct for your distribution.  --marekm
 */

#if 0  /* old Slackware */
#define CRONTAB_COMMAND "/usr/bin/crontab -d -u %s"
#define CRONTAB_FILE "/var/cron/tabs/%s"
#else
/* Debian 0.93R6 (marekm): */
#define	CRONTAB_COMMAND "/usr/bin/crontab -r -u %s"
#define CRONTAB_FILE "/var/spool/cron/crontabs/%s"
/* Red Hat 2.1 (jiivee@iki.fi): */
/* #define CRONTAB_FILE "/var/spool/cron/%s" */
#endif

/*
 * Hmmm, had to #undef this since at-2.8a on Linux doesn't have an option
 * to remove all jobs owned by some user.
 *
 * Fortunately, atrun will not run any at jobs for users not listed in
 * /etc/passwd.  Unfortunately, if you remove a user and add a new user
 * with the same UID before it is time to run the old at job, atrun will
 * not notice this and run the old job.  Not good.  The best fix right
 * now is to remove any at jobs left over by hand, and not reuse any
 * previously used UID values.
 *
 * We probably should discuss this with the at maintainer...  It might
 * be better to store at jobs by user names, not UIDs.  --marekm
 */

#undef ATRM_COMMAND

/*
 * Login times log file location.
 */

#define LASTLOG_FILE "/var/log/lastlog"

/*
 * Linux FSSTND recommends that the chfn, chsh, gpasswd, passwd commands
 * are in /usr/bin, not /bin (not needed before mounting /usr).  --marekm
 */

#define CHFN_PROGRAM "/usr/bin/chfn"
#define CHSH_PROGRAM "/usr/bin/chsh"
#define GPASSWD_PROGRAM "/usr/bin/gpasswd"
#define PASSWD_PROGRAM "/usr/bin/passwd"

/*
 * On most Linux systems, the login prompt is "hostname login: ".  Some
 * automatic login scripts depend on it.  If not defined, the default is
 * just "login: ".  %s is replaced by the hostname.  --marekm
 */

#define LOGIN_PROMPT "%s login: "

/*
 * Define to enable (warning: completely unsupported by me) administrator
 * defined authentication methods.  Most programs are not aware of them,
 * so we can remove some code and possibly some bugs :-).  PAM (when done)
 * will replace much of this anyway...  --marekm
 */

/* #define AUTH_METHODS */

/*
 * Define to enable detailed login access control (a la logdaemon/FreeBSD)
 * and su access control (much more powerful/fascist than the traditional
 * BSD-style "wheel group" feature).  Any volunteers to convince the GNU
 * folks that they should add access control to their version of su?
 * Call me a fascist, but then I'll have to call you a communist :-).
 */

#define LOGIN_ACCESS
#define SU_ACCESS

/* see faillog.h for more info what it is */
#define FAILLOG_LOCKTIME

/* see lmain.c and login.defs.linux */
#define CONSOLE_GROUPS

#endif /* _CONFIG_H */