455 lines
13 KiB
Plaintext
455 lines
13 KiB
Plaintext
/*
|
|
* Copyright 1989 - 1994, Julianne Frances Haugh
|
|
* All rights reserved.
|
|
*
|
|
* Redistribution and use in source and binary forms, with or without
|
|
* modification, are permitted provided that the following conditions
|
|
* are met:
|
|
* 1. Redistributions of source code must retain the above copyright
|
|
* notice, this list of conditions and the following disclaimer.
|
|
* 2. Redistributions in binary form must reproduce the above copyright
|
|
* notice, this list of conditions and the following disclaimer in the
|
|
* documentation and/or other materials provided with the distribution.
|
|
* 3. Neither the name of Julianne F. Haugh nor the names of its contributors
|
|
* may be used to endorse or promote products derived from this software
|
|
* without specific prior written permission.
|
|
*
|
|
* THIS SOFTWARE IS PROVIDED BY JULIE HAUGH AND CONTRIBUTORS ``AS IS'' AND
|
|
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
|
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
|
|
* ARE DISCLAIMED. IN NO EVENT SHALL JULIE HAUGH OR CONTRIBUTORS BE LIABLE
|
|
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
|
|
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
|
|
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
|
|
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
|
|
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
|
|
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
|
* SUCH DAMAGE.
|
|
*/
|
|
|
|
/*
|
|
* Configuration file for login.
|
|
*
|
|
* $Id: config.h.linux,v 1.2 1997/05/01 23:11:57 marekm Exp $
|
|
*/
|
|
|
|
#ifndef _CONFIG_H
|
|
#define _CONFIG_H
|
|
|
|
#ifdef __linux__
|
|
#include <sys/types.h>
|
|
#include <sys/param.h>
|
|
#include <stdio.h>
|
|
#endif
|
|
|
|
/*
|
|
* Pathname to the run-time configuration definitions file.
|
|
*/
|
|
|
|
#define LOGINDEFS "/etc/login.defs"
|
|
|
|
/*
|
|
* Define SHADOWPWD to use shadow [ unreadable ] password file.
|
|
* Release 3 has a requirement that SHADOWPWD always be defined.
|
|
*/
|
|
|
|
#define SHADOWPWD
|
|
|
|
/*
|
|
* Define AUTOSHADOW to have root always copy sp_pwdp to pw_passwd
|
|
* for getpwuid() and getpwnam(). This provides compatibility for
|
|
* privileged applications which are shadow-ignorant. YOU ARE
|
|
* ENCOURAGED TO NOT USE THIS OPTION UNLESS ABSOLUTELY NECESSARY.
|
|
*/
|
|
/*
|
|
* Yes, don't do it (and don't build libc with the SHADOW_COMPAT=true
|
|
* option) unless you REALLY know what you're doing. It might work,
|
|
* but can lead to unshadowing your passwords. This is not the right
|
|
* way to support shadow passwords! You have been warned. --marekm
|
|
*/
|
|
|
|
#undef AUTOSHADOW
|
|
|
|
/*
|
|
* Define SHADOWGRP to user shadowed group files. This feature adds
|
|
* the concept of a group administrator. You MUST NOT define this
|
|
* if you disable SHADOWPWD.
|
|
*/
|
|
|
|
#define SHADOWGRP /**/
|
|
|
|
/*
|
|
* Define these if you have shadow password/group support functions in
|
|
* your version of libc. This removes these functions from libshadow.a
|
|
* (the ones from libc will be used instead).
|
|
*
|
|
* Finally upgraded to ELF, so...
|
|
*/
|
|
#define HAVE_SHADOWPWD
|
|
#define HAVE_SHADOWGRP
|
|
|
|
/*
|
|
* Define MD5_CRYPT to support the MD5-based password hashing algorithm
|
|
* compatible with FreeBSD. All programs using pw_encrypt() instead of
|
|
* crypt() will understand both styles: old (standard, DES-based), and
|
|
* new (MD5-based).
|
|
*
|
|
* This means that it is possible to copy encrypted passwords from FreeBSD.
|
|
* Programs to change passwords (like passwd) will still use the old style
|
|
* crypt() for compatibility.
|
|
*
|
|
* To enable the use of the new crypt() for new passwords (if you don't
|
|
* need to copy them to other systems, except FreeBSD and Linux), set the
|
|
* MD5_CRYPT option in /etc/login.defs to "yes".
|
|
*
|
|
* This algorithm supports passwords of any length (the getpass() limit
|
|
* is 127 on Linux) and salt strings up to 8 (instead of 2) characters.
|
|
*
|
|
* This is experimental, and currently requires that all programs use
|
|
* pw_encrypt() from libshadow.a instead of crypt() from libc. This is
|
|
* problematic especially on ELF systems (libc5 has getspnam() so there
|
|
* is otherwise no need to link with the static libshadow.a). On most
|
|
* a.out systems you have to link with libshadow.a anyway, no problem.
|
|
*/
|
|
|
|
#define MD5_CRYPT
|
|
|
|
/*
|
|
* Define DOUBLESIZE to use 16 character passwords. Define SW_CRYPT
|
|
* to use 80 character passwords with SecureWare[tm]'s method of
|
|
* generating ciphertext.
|
|
* Not recommended because of some potential weaknesses. --marekm
|
|
*/
|
|
|
|
#undef DOUBLESIZE
|
|
#undef SW_CRYPT
|
|
|
|
/*
|
|
* Define SKEY to allow dual-mode SKEY/normal logins
|
|
*/
|
|
|
|
#undef SKEY
|
|
|
|
/*
|
|
* Define AGING if you want the password aging checks made.
|
|
* Release 3 has a requirement that AGING always be defined.
|
|
*/
|
|
|
|
#define AGING
|
|
|
|
/*
|
|
* Pick your version of DBM. If you define either DBM or NDBM, you must
|
|
* define GETPWENT. If you define NDBM you must define GETGRENT as well.
|
|
*/
|
|
|
|
/*
|
|
* DBM support is untested, not recommended yet. It might make more
|
|
* sense if someone could add it to getpwnam() etc. in libc so that all
|
|
* programs (such as ls) can benefit from it. Any volunteers?
|
|
*
|
|
* The old DBM (as opposed to NDBM) support may be removed in a future
|
|
* release if no one complains. It's too braindamaged for the number
|
|
* of #ifdefs it adds (only one database per process at a time).
|
|
*
|
|
* On Linux, NDBM is actually implemented using GDBM, which is licensed
|
|
* under the GPL (not LGPL!) - I'm not sure if it is legal to link it
|
|
* with non-GPL code (such as the shadow suite). Consult your lawyers,
|
|
* or just modify the code to use db instead. Welcome to the wonderful
|
|
* world of copyrights. Yuck!
|
|
*
|
|
* The current DBM support code has a subtle design flaw. See my
|
|
* comment in pwdbm.c for details...
|
|
*
|
|
* Unless you have 2000 users or so, DBM probably doesn't make things
|
|
* much faster, and it does make things more complicated (= possibly
|
|
* more buggy). Do it only if you know what you're doing! --marekm
|
|
*/
|
|
|
|
#undef DBM
|
|
#undef NDBM
|
|
|
|
/*
|
|
* Define USE_SYSLOG if you want to have SYSLOG functions included in your code.
|
|
*/
|
|
|
|
#define USE_SYSLOG
|
|
|
|
/*
|
|
* Enable RLOGIN to support the "-r" and "-h" options.
|
|
* Also enable UT_HOST if your /etc/utmp provides for a host name.
|
|
*/
|
|
|
|
#define RLOGIN
|
|
#define UT_HOST
|
|
|
|
/*
|
|
* Define NO_RFLG to remove support for login -r flag if your system has
|
|
* a new-style rlogind which doesn't need it. --marekm
|
|
*/
|
|
|
|
#define NO_RFLG
|
|
|
|
/*
|
|
* Define the "success" code from ruserok(). Most modern systems use 0
|
|
* for success and -1 for failure, while certain older versions use 1
|
|
* for success and 0 for failure. Please check your manpage to be sure.
|
|
*/
|
|
|
|
#define RUSEROK 0
|
|
|
|
/*
|
|
* Select one of the following
|
|
*/
|
|
|
|
#undef DIR_XENIX /* include <sys/ndir.h>, use (struct direct) */
|
|
#undef DIR_BSD /* include <ndir.h>, use (struct direct) */
|
|
#define DIR_SYSV /* include <dirent.h>, use (struct dirent) */
|
|
|
|
/*
|
|
* Various system environment definitions.
|
|
*/
|
|
|
|
/*
|
|
* Define if you have sgetgrent() in libc, to remove this function from
|
|
* libshadow.a (some versions of libc5 reportedly have it, most reports
|
|
* so far are from Red Hat 2.1 users, more information is welcome).
|
|
*/
|
|
#undef HAVE_SGETGRENT
|
|
|
|
/*
|
|
* Only important if you compile with GETGRENT defined (use my getgr*()
|
|
* but still use fgetgrent() from libc if HAVE_FGETGRENT defined).
|
|
*/
|
|
#undef HAVE_FGETGRENT
|
|
|
|
#define HAVE_SIGACTION
|
|
#define HAVE_GETUSERSHELL /* Define if your UNIX supports getusershell() */
|
|
#define HAVE_LL_HOST /* Define if "struct lastlog" contains ll_host */
|
|
#define HAVE_ULIMIT /* Define if your UNIX supports ulimit() */
|
|
#define HAVE_RLIMIT /* Define if your UNIX supports setrlimit() */
|
|
#undef GETPWENT /* Define if you want my GETPWENT(3) routines */
|
|
#undef GETGRENT /* Define if you want my GETGRENT(3) routines */
|
|
#define NEED_AL64 /* Define if library does not include a64l() */
|
|
#undef NEED_MKDIR /* Define if system does not have mkdir() */
|
|
#undef NEED_RMDIR /* Define if system does not have rmdir() */
|
|
#undef NEED_RENAME /* Define if system does not have rename() */
|
|
#undef NEED_STRSTR /* Define if library does not include strstr() */
|
|
#undef NEED_PUTPWENT /* Define if library does not include putpwent()*/
|
|
#define SIGTYPE void /* Type returned by signal() */
|
|
|
|
/*
|
|
* These definitions MUST agree with the values defined in <pwd.h>.
|
|
*/
|
|
|
|
#undef BSD_QUOTA /* the pw_quota field exists */
|
|
#undef ATT_AGE /* the pw_age field exists */
|
|
#undef ATT_COMMENT /* the pw_comment field exists */
|
|
|
|
#define UID_T uid_t /* set to be the type of UID's */
|
|
#define GID_T gid_t /* set to be the type of GID's */
|
|
|
|
#ifndef UID_T
|
|
#if defined(SVR4) || defined(_POSIX_SOURCE)
|
|
#define UID_T uid_t
|
|
#else
|
|
#define UID_T int
|
|
#endif
|
|
#endif
|
|
|
|
#ifndef GID_T
|
|
#if defined(SVR4) || defined(_POSIX_SOURCE)
|
|
#define GID_T gid_t
|
|
#else
|
|
#define GID_T int
|
|
#endif
|
|
#endif
|
|
|
|
/*
|
|
* Define NDEBUG for production versions
|
|
*/
|
|
|
|
#define NDEBUG
|
|
|
|
/*
|
|
* Define PWDFILE and GRPFILE to the names of the password and
|
|
* group files. //jiivee
|
|
*/
|
|
|
|
#define PASSWD_FILE "/etc/passwd"
|
|
#define PASSWD_PAG_FILE "/etc/passwd.pag"
|
|
#define GROUP_FILE "/etc/group"
|
|
#define GROUP_PAG_FILE "/etc/group.pag"
|
|
|
|
#ifdef SHADOWPWD
|
|
#define SHADOW_FILE "/etc/shadow"
|
|
#define SHADOW_PAG_FILE "/etc/shadow.pag"
|
|
#ifdef SHADOWGRP
|
|
#define SGROUP_FILE "/etc/gshadow"
|
|
#define SGROUP_PAG_FILE "/etc/gshadow.pag"
|
|
#endif
|
|
#endif
|
|
|
|
/*
|
|
* The structure of the utmp file. There are two kinds of UTMP files,
|
|
* "BSD" and "USG". "BSD" has no PID or type information, "USG" does.
|
|
* If you define neither of these, the type will be defaulted by using
|
|
* BSD, SUN, SYS3 and USG defines.
|
|
*/
|
|
|
|
#define _UTMP_FILE "/var/run/utmp"
|
|
#define _WTMP_FILE "/var/log/wtmp"
|
|
|
|
#define USG_UTMP /**/
|
|
/* #define BSD_UTMP */
|
|
|
|
#if !defined(USG_UTMP) && !defined(BSD_UTMP)
|
|
#if defined(BSD) || defined(SYS3) || defined(SUN)
|
|
#define BSD_UTMP
|
|
#else
|
|
#define USG_UTMP
|
|
#endif /* BSD || SYS3 || SUN */
|
|
#endif /* !USG_UTMP || !BSD_UTMP */
|
|
|
|
/*
|
|
* From where to look for legal user shells
|
|
*/
|
|
|
|
#ifndef SHELLS_FILE
|
|
#define SHELLS_FILE "/etc/shells"
|
|
#endif
|
|
|
|
/*
|
|
* Default issue file location
|
|
*/
|
|
|
|
#ifndef ISSUE_FILE
|
|
#define ISSUE_FILE "/etc/issue"
|
|
#endif
|
|
|
|
/*
|
|
* Logoutd message file
|
|
*/
|
|
|
|
#define HUP_MESG_FILE "/etc/logoutd.mesg"
|
|
|
|
/*
|
|
* Mail spool directory. This is used if mailspool cannot be located otherwise
|
|
*/
|
|
|
|
#ifndef MAIL_SPOOL_DIR
|
|
#define MAIL_SPOOL_DIR "/var/spool/mail"
|
|
#endif
|
|
|
|
/*
|
|
* Where are new user default setup files kept
|
|
*/
|
|
|
|
#define SKEL_DIR "/etc/skel"
|
|
|
|
/*
|
|
* New user defaults. The NEW_USER_FILE must have 6 X's in the end of name
|
|
*/
|
|
|
|
#define USER_DEFAULTS_FILE "/etc/default/useradd"
|
|
#define NEW_USER_FILE "/etc/default/nuaddXXXXXX"
|
|
|
|
/*
|
|
* Telinit program. If your system uses /etc/telinit to change run
|
|
* level, define TELINIT and then define the RUNLEVEL macro to be the
|
|
* run-level to switch INIT to. This is used by sulogin to change
|
|
* from single user to multi-user mode.
|
|
*
|
|
* From bluca@www.polimi.it: instead, set up /etc/inittab properly
|
|
* ~0:S:wait:/sbin/sulogin
|
|
* ~9:S:wait:/sbin/telinit -t0 2
|
|
*/
|
|
|
|
#undef TELINIT
|
|
#undef PATH_TELINIT "/sbin/telinit"
|
|
#undef RUNLEVEL "2"
|
|
|
|
/*
|
|
* Crontab and atrm. Used in userdel.c - see user_cancel(). Verify
|
|
* that these are correct for your distribution. --marekm
|
|
*/
|
|
|
|
#if 0 /* old Slackware */
|
|
#define CRONTAB_COMMAND "/usr/bin/crontab -d -u %s"
|
|
#define CRONTAB_FILE "/var/cron/tabs/%s"
|
|
#else
|
|
/* Debian 0.93R6 (marekm): */
|
|
#define CRONTAB_COMMAND "/usr/bin/crontab -r -u %s"
|
|
#define CRONTAB_FILE "/var/spool/cron/crontabs/%s"
|
|
/* Red Hat 2.1 (jiivee@iki.fi): */
|
|
/* #define CRONTAB_FILE "/var/spool/cron/%s" */
|
|
#endif
|
|
|
|
/*
|
|
* Hmmm, had to #undef this since at-2.8a on Linux doesn't have an option
|
|
* to remove all jobs owned by some user.
|
|
*
|
|
* Fortunately, atrun will not run any at jobs for users not listed in
|
|
* /etc/passwd. Unfortunately, if you remove a user and add a new user
|
|
* with the same UID before it is time to run the old at job, atrun will
|
|
* not notice this and run the old job. Not good. The best fix right
|
|
* now is to remove any at jobs left over by hand, and not reuse any
|
|
* previously used UID values.
|
|
*
|
|
* We probably should discuss this with the at maintainer... It might
|
|
* be better to store at jobs by user names, not UIDs. --marekm
|
|
*/
|
|
|
|
#undef ATRM_COMMAND
|
|
|
|
/*
|
|
* Login times log file location.
|
|
*/
|
|
|
|
#define LASTLOG_FILE "/var/log/lastlog"
|
|
|
|
/*
|
|
* Linux FSSTND recommends that the chfn, chsh, gpasswd, passwd commands
|
|
* are in /usr/bin, not /bin (not needed before mounting /usr). --marekm
|
|
*/
|
|
|
|
#define CHFN_PROGRAM "/usr/bin/chfn"
|
|
#define CHSH_PROGRAM "/usr/bin/chsh"
|
|
#define GPASSWD_PROGRAM "/usr/bin/gpasswd"
|
|
#define PASSWD_PROGRAM "/usr/bin/passwd"
|
|
|
|
/*
|
|
* On most Linux systems, the login prompt is "hostname login: ". Some
|
|
* automatic login scripts depend on it. If not defined, the default is
|
|
* just "login: ". %s is replaced by the hostname. --marekm
|
|
*/
|
|
|
|
#define LOGIN_PROMPT "%s login: "
|
|
|
|
/*
|
|
* Define to enable (warning: completely unsupported by me) administrator
|
|
* defined authentication methods. Most programs are not aware of them,
|
|
* so we can remove some code and possibly some bugs :-). PAM (when done)
|
|
* will replace much of this anyway... --marekm
|
|
*/
|
|
|
|
/* #define AUTH_METHODS */
|
|
|
|
/*
|
|
* Define to enable detailed login access control (a la logdaemon/FreeBSD)
|
|
* and su access control (much more powerful/fascist than the traditional
|
|
* BSD-style "wheel group" feature). Any volunteers to convince the GNU
|
|
* folks that they should add access control to their version of su?
|
|
* Call me a fascist, but then I'll have to call you a communist :-).
|
|
*/
|
|
|
|
#define LOGIN_ACCESS
|
|
#define SU_ACCESS
|
|
|
|
/* see faillog.h for more info what it is */
|
|
#define FAILLOG_LOCKTIME
|
|
|
|
/* see lmain.c and login.defs.linux */
|
|
#define CONSOLE_GROUPS
|
|
|
|
#endif /* _CONFIG_H */
|