dropbear: sysoptions.h annotate

annotate sysoptions.h @ 1653:76189c9ffea2

External Public-Key Authentication API (#72) * Implemented dynamic loading of an external plug-in shared library to delegate public key authentication * Moved conditional compilation of the plugin infrastructure into the configure.ac script to be able to add -ldl to dropbear build only when the flag is enabled * Added tags file to the ignore list * Updated API to have the constructor to return function pointers in the pliugin instance. Added support for passing user name to the checkpubkey function. Added options to the session returned by the plugin and have dropbear to parse and process them * Added -rdynamic to the linker flags when EPKA is enabled * Changed the API to pass a previously created session to the checkPubKey function (created during preauth) * Added documentation to the API * Added parameter addrstring to plugin creation function * Modified the API to retrieve the auth options. Instead of having them as field of the EPKASession struct, they are stored internally (plugin-dependent) in the plugin/session and retrieved through a pointer to a function (in the session) * Changed option string to be a simple char * instead of unsigned char *

author	fabriziobertocci <fabriziobertocci@gmail.com>
date	Wed, 15 May 2019 09:43:57 -0400
parents	009d52ae26d3
children	cc0fc5131c5c

rev	line source
499 f3ca5ebc319a Split options.h out into sysoptions.h for options that aren't usually Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1 /*******************************************************************
f3ca5ebc319a Split options.h out into sysoptions.h for options that aren't usually Matt Johnston <matt@ucc.asn.au> parents: diff changeset	2 * You shouldn't edit this file unless you know you need to.
f3ca5ebc319a Split options.h out into sysoptions.h for options that aren't usually Matt Johnston <matt@ucc.asn.au> parents: diff changeset	3 * This file is only included from options.h
f3ca5ebc319a Split options.h out into sysoptions.h for options that aren't usually Matt Johnston <matt@ucc.asn.au> parents: diff changeset	4 *******************************************************************/
f3ca5ebc319a Split options.h out into sysoptions.h for options that aren't usually Matt Johnston <matt@ucc.asn.au> parents: diff changeset	5
f3ca5ebc319a Split options.h out into sysoptions.h for options that aren't usually Matt Johnston <matt@ucc.asn.au> parents: diff changeset	6 #ifndef DROPBEAR_VERSION
1650 009d52ae26d3 Bump to 2019.78 Matt Johnston <matt@ucc.asn.au> parents: 1646 diff changeset	7 #define DROPBEAR_VERSION "2019.78"
499 f3ca5ebc319a Split options.h out into sysoptions.h for options that aren't usually Matt Johnston <matt@ucc.asn.au> parents: diff changeset	8 #endif
f3ca5ebc319a Split options.h out into sysoptions.h for options that aren't usually Matt Johnston <matt@ucc.asn.au> parents: diff changeset	9
f3ca5ebc319a Split options.h out into sysoptions.h for options that aren't usually Matt Johnston <matt@ucc.asn.au> parents: diff changeset	10 #define LOCAL_IDENT "SSH-2.0-dropbear_" DROPBEAR_VERSION
f3ca5ebc319a Split options.h out into sysoptions.h for options that aren't usually Matt Johnston <matt@ucc.asn.au> parents: diff changeset	11 #define PROGNAME "dropbear"
f3ca5ebc319a Split options.h out into sysoptions.h for options that aren't usually Matt Johnston <matt@ucc.asn.au> parents: diff changeset	12
f3ca5ebc319a Split options.h out into sysoptions.h for options that aren't usually Matt Johnston <matt@ucc.asn.au> parents: diff changeset	13 /* Spec recommends after one hour or 1 gigabyte of data. One hour
f3ca5ebc319a Split options.h out into sysoptions.h for options that aren't usually Matt Johnston <matt@ucc.asn.au> parents: diff changeset	14 * is a bit too verbose, so we try 8 hours */
f3ca5ebc319a Split options.h out into sysoptions.h for options that aren't usually Matt Johnston <matt@ucc.asn.au> parents: diff changeset	15 #ifndef KEX_REKEY_TIMEOUT
f3ca5ebc319a Split options.h out into sysoptions.h for options that aren't usually Matt Johnston <matt@ucc.asn.au> parents: diff changeset	16 #define KEX_REKEY_TIMEOUT (3600 * 8)
f3ca5ebc319a Split options.h out into sysoptions.h for options that aren't usually Matt Johnston <matt@ucc.asn.au> parents: diff changeset	17 #endif
f3ca5ebc319a Split options.h out into sysoptions.h for options that aren't usually Matt Johnston <matt@ucc.asn.au> parents: diff changeset	18 #ifndef KEX_REKEY_DATA
887 0459ff21e320 Back out accidentally committed files Matt Johnston <matt@ucc.asn.au> parents: 886 diff changeset	19 #define KEX_REKEY_DATA (1<<30) /* 2^30 == 1GB, this value must be < INT_MAX */
499 f3ca5ebc319a Split options.h out into sysoptions.h for options that aren't usually Matt Johnston <matt@ucc.asn.au> parents: diff changeset	20 #endif
f3ca5ebc319a Split options.h out into sysoptions.h for options that aren't usually Matt Johnston <matt@ucc.asn.au> parents: diff changeset	21 /* Close connections to clients which haven't authorised after AUTH_TIMEOUT */
f3ca5ebc319a Split options.h out into sysoptions.h for options that aren't usually Matt Johnston <matt@ucc.asn.au> parents: diff changeset	22 #ifndef AUTH_TIMEOUT
f3ca5ebc319a Split options.h out into sysoptions.h for options that aren't usually Matt Johnston <matt@ucc.asn.au> parents: diff changeset	23 #define AUTH_TIMEOUT 300 /* we choose 5 minutes */
f3ca5ebc319a Split options.h out into sysoptions.h for options that aren't usually Matt Johnston <matt@ucc.asn.au> parents: diff changeset	24 #endif
f3ca5ebc319a Split options.h out into sysoptions.h for options that aren't usually Matt Johnston <matt@ucc.asn.au> parents: diff changeset	25
1514 6c16a05023aa rename some options and move some to sysoptions.h Matt Johnston <matt@ucc.asn.au> parents: 1499 diff changeset	26 #define DROPBEAR_SVR_PUBKEY_OPTIONS_BUILT ((DROPBEAR_SVR_PUBKEY_AUTH) && (DROPBEAR_SVR_PUBKEY_OPTIONS))
6c16a05023aa rename some options and move some to sysoptions.h Matt Johnston <matt@ucc.asn.au> parents: 1499 diff changeset	27
6c16a05023aa rename some options and move some to sysoptions.h Matt Johnston <matt@ucc.asn.au> parents: 1499 diff changeset	28 #if !(NON_INETD_MODE \|\| INETD_MODE)
6c16a05023aa rename some options and move some to sysoptions.h Matt Johnston <matt@ucc.asn.au> parents: 1499 diff changeset	29 #error "NON_INETD_MODE or INETD_MODE (or both) must be enabled."
6c16a05023aa rename some options and move some to sysoptions.h Matt Johnston <matt@ucc.asn.au> parents: 1499 diff changeset	30 #endif
1295 750ec4ec4cbe Convert #ifdef to #if, other build changes Matt Johnston <matt@ucc.asn.au> parents: 1294 diff changeset	31
746 465fefc4f6e0 Put some #ifdef options around first-follows options in case they Matt Johnston <matt@ucc.asn.au> parents: 745 diff changeset	32 /* A client should try and send an initial key exchange packet guessing
465fefc4f6e0 Put some #ifdef options around first-follows options in case they Matt Johnston <matt@ucc.asn.au> parents: 745 diff changeset	33 * the algorithm that will match - saves a round trip connecting, has little
465fefc4f6e0 Put some #ifdef options around first-follows options in case they Matt Johnston <matt@ucc.asn.au> parents: 745 diff changeset	34 * overhead if the guess was "wrong". */
1295 750ec4ec4cbe Convert #ifdef to #if, other build changes Matt Johnston <matt@ucc.asn.au> parents: 1294 diff changeset	35 #ifndef DROPBEAR_KEX_FIRST_FOLLOWS
750ec4ec4cbe Convert #ifdef to #if, other build changes Matt Johnston <matt@ucc.asn.au> parents: 1294 diff changeset	36 #define DROPBEAR_KEX_FIRST_FOLLOWS 1
750ec4ec4cbe Convert #ifdef to #if, other build changes Matt Johnston <matt@ucc.asn.au> parents: 1294 diff changeset	37 #endif
746 465fefc4f6e0 Put some #ifdef options around first-follows options in case they Matt Johnston <matt@ucc.asn.au> parents: 745 diff changeset	38 /* Use protocol extension to allow "first follows" to succeed more frequently.
465fefc4f6e0 Put some #ifdef options around first-follows options in case they Matt Johnston <matt@ucc.asn.au> parents: 745 diff changeset	39 * This is currently Dropbear-specific but will gracefully fallback when connecting
465fefc4f6e0 Put some #ifdef options around first-follows options in case they Matt Johnston <matt@ucc.asn.au> parents: 745 diff changeset	40 * to other implementations. */
1295 750ec4ec4cbe Convert #ifdef to #if, other build changes Matt Johnston <matt@ucc.asn.au> parents: 1294 diff changeset	41 #ifndef DROPBEAR_KEXGUESS2
750ec4ec4cbe Convert #ifdef to #if, other build changes Matt Johnston <matt@ucc.asn.au> parents: 1294 diff changeset	42 #define DROPBEAR_KEXGUESS2 1
750ec4ec4cbe Convert #ifdef to #if, other build changes Matt Johnston <matt@ucc.asn.au> parents: 1294 diff changeset	43 #endif
746 465fefc4f6e0 Put some #ifdef options around first-follows options in case they Matt Johnston <matt@ucc.asn.au> parents: 745 diff changeset	44
499 f3ca5ebc319a Split options.h out into sysoptions.h for options that aren't usually Matt Johnston <matt@ucc.asn.au> parents: diff changeset	45 /* Minimum key sizes for DSS and RSA */
f3ca5ebc319a Split options.h out into sysoptions.h for options that aren't usually Matt Johnston <matt@ucc.asn.au> parents: diff changeset	46 #ifndef MIN_DSS_KEYLEN
1414 9236e7120c3e increase min DSS and RSA lengths Matt Johnston <matt@ucc.asn.au> parents: 1342 diff changeset	47 #define MIN_DSS_KEYLEN 1024
499 f3ca5ebc319a Split options.h out into sysoptions.h for options that aren't usually Matt Johnston <matt@ucc.asn.au> parents: diff changeset	48 #endif
f3ca5ebc319a Split options.h out into sysoptions.h for options that aren't usually Matt Johnston <matt@ucc.asn.au> parents: diff changeset	49 #ifndef MIN_RSA_KEYLEN
1414 9236e7120c3e increase min DSS and RSA lengths Matt Johnston <matt@ucc.asn.au> parents: 1342 diff changeset	50 #define MIN_RSA_KEYLEN 1024
499 f3ca5ebc319a Split options.h out into sysoptions.h for options that aren't usually Matt Johnston <matt@ucc.asn.au> parents: diff changeset	51 #endif
f3ca5ebc319a Split options.h out into sysoptions.h for options that aren't usually Matt Johnston <matt@ucc.asn.au> parents: diff changeset	52
f3ca5ebc319a Split options.h out into sysoptions.h for options that aren't usually Matt Johnston <matt@ucc.asn.au> parents: diff changeset	53 #define MAX_BANNER_SIZE 2000 /* this is 2580 chars, any more is foolish /
f3ca5ebc319a Split options.h out into sysoptions.h for options that aren't usually Matt Johnston <matt@ucc.asn.au> parents: diff changeset	54 #define MAX_BANNER_LINES 20 /* How many lines the client will display */
f3ca5ebc319a Split options.h out into sysoptions.h for options that aren't usually Matt Johnston <matt@ucc.asn.au> parents: diff changeset	55
f3ca5ebc319a Split options.h out into sysoptions.h for options that aren't usually Matt Johnston <matt@ucc.asn.au> parents: diff changeset	56 /* the number of NAME=VALUE pairs to malloc for environ, if we don't have
f3ca5ebc319a Split options.h out into sysoptions.h for options that aren't usually Matt Johnston <matt@ucc.asn.au> parents: diff changeset	57 * the clearenv() function */
f3ca5ebc319a Split options.h out into sysoptions.h for options that aren't usually Matt Johnston <matt@ucc.asn.au> parents: diff changeset	58 #define ENV_SIZE 100
f3ca5ebc319a Split options.h out into sysoptions.h for options that aren't usually Matt Johnston <matt@ucc.asn.au> parents: diff changeset	59
1138 cc3916a7afd9 increase MAX_CMD_LEN to 9000 Matt Johnston <matt@ucc.asn.au> parents: 1084 diff changeset	60 #define MAX_CMD_LEN 9000 /* max length of a command */
499 f3ca5ebc319a Split options.h out into sysoptions.h for options that aren't usually Matt Johnston <matt@ucc.asn.au> parents: diff changeset	61 #define MAX_TERM_LEN 200 /* max length of TERM name */
f3ca5ebc319a Split options.h out into sysoptions.h for options that aren't usually Matt Johnston <matt@ucc.asn.au> parents: diff changeset	62
f3ca5ebc319a Split options.h out into sysoptions.h for options that aren't usually Matt Johnston <matt@ucc.asn.au> parents: diff changeset	63 #define MAX_HOST_LEN 254 /* max hostname len for tcp fwding */
f3ca5ebc319a Split options.h out into sysoptions.h for options that aren't usually Matt Johnston <matt@ucc.asn.au> parents: diff changeset	64 #define MAX_IP_LEN 15 /* strlen("255.255.255.255") == 15 */
f3ca5ebc319a Split options.h out into sysoptions.h for options that aren't usually Matt Johnston <matt@ucc.asn.au> parents: diff changeset	65
f3ca5ebc319a Split options.h out into sysoptions.h for options that aren't usually Matt Johnston <matt@ucc.asn.au> parents: diff changeset	66 #define DROPBEAR_MAX_PORTS 10 /* max number of ports which can be specified,
f3ca5ebc319a Split options.h out into sysoptions.h for options that aren't usually Matt Johnston <matt@ucc.asn.au> parents: diff changeset	67 ipv4 and ipv6 don't count twice */
f3ca5ebc319a Split options.h out into sysoptions.h for options that aren't usually Matt Johnston <matt@ucc.asn.au> parents: diff changeset	68
f3ca5ebc319a Split options.h out into sysoptions.h for options that aren't usually Matt Johnston <matt@ucc.asn.au> parents: diff changeset	69 /* Each port might have at least a v4 and a v6 address */
f3ca5ebc319a Split options.h out into sysoptions.h for options that aren't usually Matt Johnston <matt@ucc.asn.au> parents: diff changeset	70 #define MAX_LISTEN_ADDR (DROPBEAR_MAX_PORTS*3)
f3ca5ebc319a Split options.h out into sysoptions.h for options that aren't usually Matt Johnston <matt@ucc.asn.au> parents: diff changeset	71
f3ca5ebc319a Split options.h out into sysoptions.h for options that aren't usually Matt Johnston <matt@ucc.asn.au> parents: diff changeset	72 #define _PATH_TTY "/dev/tty"
f3ca5ebc319a Split options.h out into sysoptions.h for options that aren't usually Matt Johnston <matt@ucc.asn.au> parents: diff changeset	73
f3ca5ebc319a Split options.h out into sysoptions.h for options that aren't usually Matt Johnston <matt@ucc.asn.au> parents: diff changeset	74 #define _PATH_CP "/bin/cp"
f3ca5ebc319a Split options.h out into sysoptions.h for options that aren't usually Matt Johnston <matt@ucc.asn.au> parents: diff changeset	75
722 4a274f47eabd Add ~. and ~^Z handling to exit/suspend dbclient Matt Johnston <matt@ucc.asn.au> parents: 718 diff changeset	76 #define DROPBEAR_ESCAPE_CHAR '~'
4a274f47eabd Add ~. and ~^Z handling to exit/suspend dbclient Matt Johnston <matt@ucc.asn.au> parents: 718 diff changeset	77
499 f3ca5ebc319a Split options.h out into sysoptions.h for options that aren't usually Matt Johnston <matt@ucc.asn.au> parents: diff changeset	78 /* success/failure defines */
f3ca5ebc319a Split options.h out into sysoptions.h for options that aren't usually Matt Johnston <matt@ucc.asn.au> parents: diff changeset	79 #define DROPBEAR_SUCCESS 0
f3ca5ebc319a Split options.h out into sysoptions.h for options that aren't usually Matt Johnston <matt@ucc.asn.au> parents: diff changeset	80 #define DROPBEAR_FAILURE -1
1295 750ec4ec4cbe Convert #ifdef to #if, other build changes Matt Johnston <matt@ucc.asn.au> parents: 1294 diff changeset	81
750ec4ec4cbe Convert #ifdef to #if, other build changes Matt Johnston <matt@ucc.asn.au> parents: 1294 diff changeset	82 #define DROPBEAR_PASSWORD_ENV "DROPBEAR_PASSWORD"
499 f3ca5ebc319a Split options.h out into sysoptions.h for options that aren't usually Matt Johnston <matt@ucc.asn.au> parents: diff changeset	83
1537 6a83b1944432 Fix restricted group code for BSDs, move to separate function Matt Johnston <matt@ucc.asn.au> parents: 1517 diff changeset	84 #define DROPBEAR_NGROUP_MAX 1024
6a83b1944432 Fix restricted group code for BSDs, move to separate function Matt Johnston <matt@ucc.asn.au> parents: 1517 diff changeset	85
499 f3ca5ebc319a Split options.h out into sysoptions.h for options that aren't usually Matt Johnston <matt@ucc.asn.au> parents: diff changeset	86 /* Required for pubkey auth */
1295 750ec4ec4cbe Convert #ifdef to #if, other build changes Matt Johnston <matt@ucc.asn.au> parents: 1294 diff changeset	87 #define DROPBEAR_SIGNKEY_VERIFY ((DROPBEAR_SVR_PUBKEY_AUTH) \|\| (DROPBEAR_CLIENT))
499 f3ca5ebc319a Split options.h out into sysoptions.h for options that aren't usually Matt Johnston <matt@ucc.asn.au> parents: diff changeset	88
1640 228b086794b7 limit password length to 100 Matt Johnston <matt@ucc.asn.au> parents: 1617 diff changeset	89 #define DROPBEAR_MAX_PASSWORD_LEN 100
228b086794b7 limit password length to 100 Matt Johnston <matt@ucc.asn.au> parents: 1617 diff changeset	90
499 f3ca5ebc319a Split options.h out into sysoptions.h for options that aren't usually Matt Johnston <matt@ucc.asn.au> parents: diff changeset	91 #define SHA1_HASH_SIZE 20
f3ca5ebc319a Split options.h out into sysoptions.h for options that aren't usually Matt Johnston <matt@ucc.asn.au> parents: diff changeset	92 #define MD5_HASH_SIZE 16
855 04ede40a529a - Some fixes for old compilers like tru64 v4 from Daniel Richard G. Matt Johnston <matt@ucc.asn.au> parents: 850 diff changeset	93 #define MAX_HASH_SIZE 64 /* sha512 */
499 f3ca5ebc319a Split options.h out into sysoptions.h for options that aren't usually Matt Johnston <matt@ucc.asn.au> parents: diff changeset	94
f3ca5ebc319a Split options.h out into sysoptions.h for options that aren't usually Matt Johnston <matt@ucc.asn.au> parents: diff changeset	95 #define MAX_KEY_LEN 32 /* 256 bits for aes256 etc */
762 a78a38e402d1 - Fix various hardcoded uses of SHA1 Matt Johnston <matt@ucc.asn.au> parents: 761 diff changeset	96 #define MAX_IV_LEN 20 /* must be same as max blocksize, */
715 cd3d3c63d189 Make hmac-sha2-256 and hmac-sha2-512 work Matt Johnston <matt@ucc.asn.au> parents: 710 diff changeset	97
1295 750ec4ec4cbe Convert #ifdef to #if, other build changes Matt Johnston <matt@ucc.asn.au> parents: 1294 diff changeset	98 #if DROPBEAR_SHA2_512_HMAC
715 cd3d3c63d189 Make hmac-sha2-256 and hmac-sha2-512 work Matt Johnston <matt@ucc.asn.au> parents: 710 diff changeset	99 #define MAX_MAC_LEN 64
1295 750ec4ec4cbe Convert #ifdef to #if, other build changes Matt Johnston <matt@ucc.asn.au> parents: 1294 diff changeset	100 #elif DROPBEAR_SHA2_256_HMAC
715 cd3d3c63d189 Make hmac-sha2-256 and hmac-sha2-512 work Matt Johnston <matt@ucc.asn.au> parents: 710 diff changeset	101 #define MAX_MAC_LEN 32
679 03073a27abb3 - Add hmac-sha2-256 and hmac-sha2-512. Needs debugging, seems to be Matt Johnston <matt@ucc.asn.au> parents: 668 diff changeset	102 #else
715 cd3d3c63d189 Make hmac-sha2-256 and hmac-sha2-512 work Matt Johnston <matt@ucc.asn.au> parents: 710 diff changeset	103 #define MAX_MAC_LEN 20
679 03073a27abb3 - Add hmac-sha2-256 and hmac-sha2-512. Needs debugging, seems to be Matt Johnston <matt@ucc.asn.au> parents: 668 diff changeset	104 #endif
499 f3ca5ebc319a Split options.h out into sysoptions.h for options that aren't usually Matt Johnston <matt@ucc.asn.au> parents: diff changeset	105
1517 7c7c5326ad73 clean up some default options Matt Johnston <matt@ucc.asn.au> parents: 1514 diff changeset	106 /* sha2-512 is not necessary unless unforseen problems arise with sha2-256 */
7c7c5326ad73 clean up some default options Matt Johnston <matt@ucc.asn.au> parents: 1514 diff changeset	107 #ifndef DROPBEAR_SHA2_512_HMAC
7c7c5326ad73 clean up some default options Matt Johnston <matt@ucc.asn.au> parents: 1514 diff changeset	108 #define DROPBEAR_SHA2_512_HMAC 0
7c7c5326ad73 clean up some default options Matt Johnston <matt@ucc.asn.au> parents: 1514 diff changeset	109 #endif
7c7c5326ad73 clean up some default options Matt Johnston <matt@ucc.asn.au> parents: 1514 diff changeset	110
7c7c5326ad73 clean up some default options Matt Johnston <matt@ucc.asn.au> parents: 1514 diff changeset	111 /* might be needed for compatibility with very old implementations */
7c7c5326ad73 clean up some default options Matt Johnston <matt@ucc.asn.au> parents: 1514 diff changeset	112 #ifndef DROPBEAR_MD5_HMAC
7c7c5326ad73 clean up some default options Matt Johnston <matt@ucc.asn.au> parents: 1514 diff changeset	113 #define DROPBEAR_MD5_HMAC 0
7c7c5326ad73 clean up some default options Matt Johnston <matt@ucc.asn.au> parents: 1514 diff changeset	114 #endif
7c7c5326ad73 clean up some default options Matt Johnston <matt@ucc.asn.au> parents: 1514 diff changeset	115
7c7c5326ad73 clean up some default options Matt Johnston <matt@ucc.asn.au> parents: 1514 diff changeset	116 /* Twofish counter mode is disabled by default because it
7c7c5326ad73 clean up some default options Matt Johnston <matt@ucc.asn.au> parents: 1514 diff changeset	117 has not been tested for interoperability with other SSH implementations.
7c7c5326ad73 clean up some default options Matt Johnston <matt@ucc.asn.au> parents: 1514 diff changeset	118 If you test it please contact the Dropbear author */
7c7c5326ad73 clean up some default options Matt Johnston <matt@ucc.asn.au> parents: 1514 diff changeset	119 #ifndef DROPBEAR_TWOFISH_CTR
7c7c5326ad73 clean up some default options Matt Johnston <matt@ucc.asn.au> parents: 1514 diff changeset	120 #define DROPBEAR_TWOFISH_CTR 0
7c7c5326ad73 clean up some default options Matt Johnston <matt@ucc.asn.au> parents: 1514 diff changeset	121 #endif
7c7c5326ad73 clean up some default options Matt Johnston <matt@ucc.asn.au> parents: 1514 diff changeset	122
1295 750ec4ec4cbe Convert #ifdef to #if, other build changes Matt Johnston <matt@ucc.asn.au> parents: 1294 diff changeset	123
750ec4ec4cbe Convert #ifdef to #if, other build changes Matt Johnston <matt@ucc.asn.au> parents: 1294 diff changeset	124 #define DROPBEAR_ECC ((DROPBEAR_ECDH) \|\| (DROPBEAR_ECDSA))
750ec4ec4cbe Convert #ifdef to #if, other build changes Matt Johnston <matt@ucc.asn.au> parents: 1294 diff changeset	125
838 4365e12c68e6 A few small fixes for ECC compilation Matt Johnston <matt@ucc.asn.au> parents: 835 diff changeset	126 /* Debian doesn't define this in system headers */
1295 750ec4ec4cbe Convert #ifdef to #if, other build changes Matt Johnston <matt@ucc.asn.au> parents: 1294 diff changeset	127 #if !defined(LTM_DESC) && (DROPBEAR_ECC)
750ec4ec4cbe Convert #ifdef to #if, other build changes Matt Johnston <matt@ucc.asn.au> parents: 1294 diff changeset	128 #define LTM_DESC
869 c63e7644db60 Only define LTM_DESC if it isn't already Matt Johnston <matt@ucc.asn.au> parents: 861 diff changeset	129 #endif
755 b07eb3dc23ec refactor kexdh code a bit, start working on ecdh etc Matt Johnston <matt@ucc.asn.au> parents: 722 diff changeset	130
1295 750ec4ec4cbe Convert #ifdef to #if, other build changes Matt Johnston <matt@ucc.asn.au> parents: 1294 diff changeset	131 #define DROPBEAR_ECC_256 (DROPBEAR_ECC)
750ec4ec4cbe Convert #ifdef to #if, other build changes Matt Johnston <matt@ucc.asn.au> parents: 1294 diff changeset	132 #define DROPBEAR_ECC_384 (DROPBEAR_ECC)
750ec4ec4cbe Convert #ifdef to #if, other build changes Matt Johnston <matt@ucc.asn.au> parents: 1294 diff changeset	133 #define DROPBEAR_ECC_521 (DROPBEAR_ECC)
756 bf9dc2d9c2b1 more bits on ecc branch Matt Johnston <matt@ucc.asn.au> parents: 755 diff changeset	134
1295 750ec4ec4cbe Convert #ifdef to #if, other build changes Matt Johnston <matt@ucc.asn.au> parents: 1294 diff changeset	135 #define DROPBEAR_LTC_PRNG (DROPBEAR_ECC)
761 ac2158e3e403 ecc kind of works, needs fixing/testing Matt Johnston <matt@ucc.asn.au> parents: 759 diff changeset	136
850 7507b174bba0 - Make curve25519 work after fixing a typo, interoperates with OpenSSH Matt Johnston <matt@ucc.asn.au> parents: 847 diff changeset	137 /* RSA can be vulnerable to timing attacks which use the time required for
7507b174bba0 - Make curve25519 work after fixing a typo, interoperates with OpenSSH Matt Johnston <matt@ucc.asn.au> parents: 847 diff changeset	138 * signing to guess the private key. Blinding avoids this attack, though makes
7507b174bba0 - Make curve25519 work after fixing a typo, interoperates with OpenSSH Matt Johnston <matt@ucc.asn.au> parents: 847 diff changeset	139 * signing operations slightly slower. */
1295 750ec4ec4cbe Convert #ifdef to #if, other build changes Matt Johnston <matt@ucc.asn.au> parents: 1294 diff changeset	140 #define DROPBEAR_RSA_BLINDING 1
850 7507b174bba0 - Make curve25519 work after fixing a typo, interoperates with OpenSSH Matt Johnston <matt@ucc.asn.au> parents: 847 diff changeset	141
847 f4bb964c8678 Add '-R' for delayed hostkey option Matt Johnston <matt@ucc.asn.au> parents: 838 diff changeset	142 /* hashes which will be linked and registered */
1295 750ec4ec4cbe Convert #ifdef to #if, other build changes Matt Johnston <matt@ucc.asn.au> parents: 1294 diff changeset	143 #define DROPBEAR_SHA256 ((DROPBEAR_SHA2_256_HMAC) \|\| (DROPBEAR_ECC_256) \
750ec4ec4cbe Convert #ifdef to #if, other build changes Matt Johnston <matt@ucc.asn.au> parents: 1294 diff changeset	144 \|\| (DROPBEAR_CURVE25519) \|\| (DROPBEAR_DH_GROUP14_SHA256))
750ec4ec4cbe Convert #ifdef to #if, other build changes Matt Johnston <matt@ucc.asn.au> parents: 1294 diff changeset	145 #define DROPBEAR_SHA384 (DROPBEAR_ECC_384)
847 f4bb964c8678 Add '-R' for delayed hostkey option Matt Johnston <matt@ucc.asn.au> parents: 838 diff changeset	146 /* LTC SHA384 depends on SHA512 */
1295 750ec4ec4cbe Convert #ifdef to #if, other build changes Matt Johnston <matt@ucc.asn.au> parents: 1294 diff changeset	147 #define DROPBEAR_SHA512 ((DROPBEAR_SHA2_512_HMAC) \|\| (DROPBEAR_ECC_521) \
750ec4ec4cbe Convert #ifdef to #if, other build changes Matt Johnston <matt@ucc.asn.au> parents: 1294 diff changeset	148 \|\| (DROPBEAR_SHA384) \|\| (DROPBEAR_DH_GROUP16))
750ec4ec4cbe Convert #ifdef to #if, other build changes Matt Johnston <matt@ucc.asn.au> parents: 1294 diff changeset	149 #define DROPBEAR_MD5 (DROPBEAR_MD5_HMAC)
759 76fba0856749 More changes for KEX and ECDH. Set up hash descriptors, make ECC code work, Matt Johnston <matt@ucc.asn.au> parents: 756 diff changeset	150
1295 750ec4ec4cbe Convert #ifdef to #if, other build changes Matt Johnston <matt@ucc.asn.au> parents: 1294 diff changeset	151 #define DROPBEAR_DH_GROUP14 ((DROPBEAR_DH_GROUP14_SHA256) \|\| (DROPBEAR_DH_GROUP14_SHA1))
1294 56aba7dedbea options for disabling "normal" DH Matt Johnston <matt@ucc.asn.au> parents: 1293 diff changeset	152
1295 750ec4ec4cbe Convert #ifdef to #if, other build changes Matt Johnston <matt@ucc.asn.au> parents: 1294 diff changeset	153 #define DROPBEAR_NORMAL_DH ((DROPBEAR_DH_GROUP1) \|\| (DROPBEAR_DH_GROUP14) \|\| (DROPBEAR_DH_GROUP16))
1248 739b3909c499 Get rid of group15, move group16 to sha512. Matt Johnston <matt@ucc.asn.au> parents: 1230 diff changeset	154
847 f4bb964c8678 Add '-R' for delayed hostkey option Matt Johnston <matt@ucc.asn.au> parents: 838 diff changeset	155 /* roughly 2x 521 bits */
755 b07eb3dc23ec refactor kexdh code a bit, start working on ecdh etc Matt Johnston <matt@ucc.asn.au> parents: 722 diff changeset	156 #define MAX_ECC_SIZE 140
b07eb3dc23ec refactor kexdh code a bit, start working on ecdh etc Matt Johnston <matt@ucc.asn.au> parents: 722 diff changeset	157
499 f3ca5ebc319a Split options.h out into sysoptions.h for options that aren't usually Matt Johnston <matt@ucc.asn.au> parents: diff changeset	158 #define MAX_NAME_LEN 64 /* maximum length of a protocol name, isn't
f3ca5ebc319a Split options.h out into sysoptions.h for options that aren't usually Matt Johnston <matt@ucc.asn.au> parents: diff changeset	159 explicitly specified for all protocols (just
f3ca5ebc319a Split options.h out into sysoptions.h for options that aren't usually Matt Johnston <matt@ucc.asn.au> parents: diff changeset	160 for algos) but seems valid */
f3ca5ebc319a Split options.h out into sysoptions.h for options that aren't usually Matt Johnston <matt@ucc.asn.au> parents: diff changeset	161
f3ca5ebc319a Split options.h out into sysoptions.h for options that aren't usually Matt Johnston <matt@ucc.asn.au> parents: diff changeset	162 #define MAX_PROPOSED_ALGO 20
f3ca5ebc319a Split options.h out into sysoptions.h for options that aren't usually Matt Johnston <matt@ucc.asn.au> parents: diff changeset	163
f3ca5ebc319a Split options.h out into sysoptions.h for options that aren't usually Matt Johnston <matt@ucc.asn.au> parents: diff changeset	164 /* size/count limits */
603 3aa74a4d83ae Refer to RFCs rather than drafts, update some section references Matt Johnston <matt@ucc.asn.au> parents: 598 diff changeset	165 /* From transport rfc */
499 f3ca5ebc319a Split options.h out into sysoptions.h for options that aren't usually Matt Johnston <matt@ucc.asn.au> parents: diff changeset	166 #define MIN_PACKET_LEN 16
f3ca5ebc319a Split options.h out into sysoptions.h for options that aren't usually Matt Johnston <matt@ucc.asn.au> parents: diff changeset	167
f3ca5ebc319a Split options.h out into sysoptions.h for options that aren't usually Matt Johnston <matt@ucc.asn.au> parents: diff changeset	168 #define RECV_MAX_PACKET_LEN (MAX(35000, ((RECV_MAX_PAYLOAD_LEN)+100)))
f3ca5ebc319a Split options.h out into sysoptions.h for options that aren't usually Matt Johnston <matt@ucc.asn.au> parents: diff changeset	169
f3ca5ebc319a Split options.h out into sysoptions.h for options that aren't usually Matt Johnston <matt@ucc.asn.au> parents: diff changeset	170 /* for channel code */
f3ca5ebc319a Split options.h out into sysoptions.h for options that aren't usually Matt Johnston <matt@ucc.asn.au> parents: diff changeset	171 #define TRANS_MAX_WINDOW 500000000 /* 500MB is sufficient, stopping overflow */
f3ca5ebc319a Split options.h out into sysoptions.h for options that aren't usually Matt Johnston <matt@ucc.asn.au> parents: diff changeset	172 #define TRANS_MAX_WIN_INCR 500000000 /* overflow prevention */
f3ca5ebc319a Split options.h out into sysoptions.h for options that aren't usually Matt Johnston <matt@ucc.asn.au> parents: diff changeset	173
f3ca5ebc319a Split options.h out into sysoptions.h for options that aren't usually Matt Johnston <matt@ucc.asn.au> parents: diff changeset	174 #define RECV_WINDOWEXTEND (opts.recv_window / 3) /* We send a "window extend" every
f3ca5ebc319a Split options.h out into sysoptions.h for options that aren't usually Matt Johnston <matt@ucc.asn.au> parents: diff changeset	175 RECV_WINDOWEXTEND bytes */
f3ca5ebc319a Split options.h out into sysoptions.h for options that aren't usually Matt Johnston <matt@ucc.asn.au> parents: diff changeset	176 #define MAX_RECV_WINDOW (10241024) / 1 MB should be enough */
f3ca5ebc319a Split options.h out into sysoptions.h for options that aren't usually Matt Johnston <matt@ucc.asn.au> parents: diff changeset	177
1169 41a5820cab8b Increase channel limit to 1000 Matt Johnston <matt@ucc.asn.au> parents: 1147 diff changeset	178 #define MAX_CHANNELS 1000 /* simple mem restriction, includes each tcp/x11
499 f3ca5ebc319a Split options.h out into sysoptions.h for options that aren't usually Matt Johnston <matt@ucc.asn.au> parents: diff changeset	179 connection, so can't be _too_ small */
f3ca5ebc319a Split options.h out into sysoptions.h for options that aren't usually Matt Johnston <matt@ucc.asn.au> parents: diff changeset	180
1138 cc3916a7afd9 increase MAX_CMD_LEN to 9000 Matt Johnston <matt@ucc.asn.au> parents: 1084 diff changeset	181 #define MAX_STRING_LEN (MAX(MAX_CMD_LEN, 2400)) /* Sun SSH needs 2400 for algos,
cc3916a7afd9 increase MAX_CMD_LEN to 9000 Matt Johnston <matt@ucc.asn.au> parents: 1084 diff changeset	182 MAX_CMD_LEN is usually longer */
499 f3ca5ebc319a Split options.h out into sysoptions.h for options that aren't usually Matt Johnston <matt@ucc.asn.au> parents: diff changeset	183
f3ca5ebc319a Split options.h out into sysoptions.h for options that aren't usually Matt Johnston <matt@ucc.asn.au> parents: diff changeset	184 /* For a 4096 bit DSS key, empirically determined */
f3ca5ebc319a Split options.h out into sysoptions.h for options that aren't usually Matt Johnston <matt@ucc.asn.au> parents: diff changeset	185 #define MAX_PUBKEY_SIZE 1700
f3ca5ebc319a Split options.h out into sysoptions.h for options that aren't usually Matt Johnston <matt@ucc.asn.au> parents: diff changeset	186 /* For a 4096 bit DSS key, empirically determined */
f3ca5ebc319a Split options.h out into sysoptions.h for options that aren't usually Matt Johnston <matt@ucc.asn.au> parents: diff changeset	187 #define MAX_PRIVKEY_SIZE 1700
f3ca5ebc319a Split options.h out into sysoptions.h for options that aren't usually Matt Johnston <matt@ucc.asn.au> parents: diff changeset	188
795 7f604f9b3756 ecdsa is working Matt Johnston <matt@ucc.asn.au> parents: 794 diff changeset	189 #define MAX_HOSTKEYS 3
7f604f9b3756 ecdsa is working Matt Johnston <matt@ucc.asn.au> parents: 794 diff changeset	190
499 f3ca5ebc319a Split options.h out into sysoptions.h for options that aren't usually Matt Johnston <matt@ucc.asn.au> parents: diff changeset	191 /* The maximum size of the bignum portion of the kexhash buffer */
603 3aa74a4d83ae Refer to RFCs rather than drafts, update some section references Matt Johnston <matt@ucc.asn.au> parents: 598 diff changeset	192 /* Sect. 8 of the transport rfc 4253, K_S + e + f + K */
499 f3ca5ebc319a Split options.h out into sysoptions.h for options that aren't usually Matt Johnston <matt@ucc.asn.au> parents: diff changeset	193 #define KEXHASHBUF_MAX_INTS (1700 + 130 + 130 + 130)
f3ca5ebc319a Split options.h out into sysoptions.h for options that aren't usually Matt Johnston <matt@ucc.asn.au> parents: diff changeset	194
f3ca5ebc319a Split options.h out into sysoptions.h for options that aren't usually Matt Johnston <matt@ucc.asn.au> parents: diff changeset	195 #define DROPBEAR_MAX_SOCKS 2 /* IPv4, IPv6 are all we'll get for now. Revisit
f3ca5ebc319a Split options.h out into sysoptions.h for options that aren't usually Matt Johnston <matt@ucc.asn.au> parents: diff changeset	196 in a few years time.... */
f3ca5ebc319a Split options.h out into sysoptions.h for options that aren't usually Matt Johnston <matt@ucc.asn.au> parents: diff changeset	197
f3ca5ebc319a Split options.h out into sysoptions.h for options that aren't usually Matt Johnston <matt@ucc.asn.au> parents: diff changeset	198 #define DROPBEAR_MAX_CLI_PASS 1024
f3ca5ebc319a Split options.h out into sysoptions.h for options that aren't usually Matt Johnston <matt@ucc.asn.au> parents: diff changeset	199
f3ca5ebc319a Split options.h out into sysoptions.h for options that aren't usually Matt Johnston <matt@ucc.asn.au> parents: diff changeset	200 #define DROPBEAR_MAX_CLI_INTERACT_PROMPTS 80 /* The number of prompts we'll
f3ca5ebc319a Split options.h out into sysoptions.h for options that aren't usually Matt Johnston <matt@ucc.asn.au> parents: diff changeset	201 accept for keyb-interactive
f3ca5ebc319a Split options.h out into sysoptions.h for options that aren't usually Matt Johnston <matt@ucc.asn.au> parents: diff changeset	202 auth */
f3ca5ebc319a Split options.h out into sysoptions.h for options that aren't usually Matt Johnston <matt@ucc.asn.au> parents: diff changeset	203
883 ff597bf2cfb0 DROPBEAR_CLI_AUTH_IMMEDIATE fixed, now enabled by default Matt Johnston <matt@ucc.asn.au> parents: 878 diff changeset	204
1295 750ec4ec4cbe Convert #ifdef to #if, other build changes Matt Johnston <matt@ucc.asn.au> parents: 1294 diff changeset	205 #define DROPBEAR_AES ((DROPBEAR_AES256) \|\| (DROPBEAR_AES128))
499 f3ca5ebc319a Split options.h out into sysoptions.h for options that aren't usually Matt Johnston <matt@ucc.asn.au> parents: diff changeset	206
1295 750ec4ec4cbe Convert #ifdef to #if, other build changes Matt Johnston <matt@ucc.asn.au> parents: 1294 diff changeset	207 #define DROPBEAR_TWOFISH ((DROPBEAR_TWOFISH256) \|\| (DROPBEAR_TWOFISH128))
499 f3ca5ebc319a Split options.h out into sysoptions.h for options that aren't usually Matt Johnston <matt@ucc.asn.au> parents: diff changeset	208
1295 750ec4ec4cbe Convert #ifdef to #if, other build changes Matt Johnston <matt@ucc.asn.au> parents: 1294 diff changeset	209 #define DROPBEAR_CLI_ANYTCPFWD ((DROPBEAR_CLI_REMOTETCPFWD) \|\| (DROPBEAR_CLI_LOCALTCPFWD))
499 f3ca5ebc319a Split options.h out into sysoptions.h for options that aren't usually Matt Johnston <matt@ucc.asn.au> parents: diff changeset	210
1295 750ec4ec4cbe Convert #ifdef to #if, other build changes Matt Johnston <matt@ucc.asn.au> parents: 1294 diff changeset	211 #define DROPBEAR_TCP_ACCEPT ((DROPBEAR_CLI_LOCALTCPFWD) \|\| (DROPBEAR_SVR_REMOTETCPFWD))
499 f3ca5ebc319a Split options.h out into sysoptions.h for options that aren't usually Matt Johnston <matt@ucc.asn.au> parents: diff changeset	212
1295 750ec4ec4cbe Convert #ifdef to #if, other build changes Matt Johnston <matt@ucc.asn.au> parents: 1294 diff changeset	213 #define DROPBEAR_LISTENERS \
750ec4ec4cbe Convert #ifdef to #if, other build changes Matt Johnston <matt@ucc.asn.au> parents: 1294 diff changeset	214 ((DROPBEAR_CLI_REMOTETCPFWD) \|\| (DROPBEAR_CLI_LOCALTCPFWD) \|\| \
750ec4ec4cbe Convert #ifdef to #if, other build changes Matt Johnston <matt@ucc.asn.au> parents: 1294 diff changeset	215 (DROPBEAR_SVR_REMOTETCPFWD) \|\| (DROPBEAR_SVR_LOCALTCPFWD) \|\| \
750ec4ec4cbe Convert #ifdef to #if, other build changes Matt Johnston <matt@ucc.asn.au> parents: 1294 diff changeset	216 (DROPBEAR_SVR_AGENTFWD) \|\| (DROPBEAR_X11FWD))
499 f3ca5ebc319a Split options.h out into sysoptions.h for options that aren't usually Matt Johnston <matt@ucc.asn.au> parents: diff changeset	217
1295 750ec4ec4cbe Convert #ifdef to #if, other build changes Matt Johnston <matt@ucc.asn.au> parents: 1294 diff changeset	218 #define DROPBEAR_CLI_MULTIHOP ((DROPBEAR_CLI_NETCAT) && (DROPBEAR_CLI_PROXYCMD))
499 f3ca5ebc319a Split options.h out into sysoptions.h for options that aren't usually Matt Johnston <matt@ucc.asn.au> parents: diff changeset	219
1499 2d450c1056e3 options: Complete the transition to numeric toggles (`#if') Michael Witten <mfwitten@gmail.com> parents: 1477 diff changeset	220 #define ENABLE_CONNECT_UNIX ((DROPBEAR_CLI_AGENTFWD) \|\| (DROPBEAR_USE_PRNGD))
547 cf376c696dfc Make it compile, update for changes in channel structure. Matt Johnston <matt@ucc.asn.au> parents: 521 diff changeset	221
1295 750ec4ec4cbe Convert #ifdef to #if, other build changes Matt Johnston <matt@ucc.asn.au> parents: 1294 diff changeset	222 /* if we're using authorized_keys or known_hosts */
750ec4ec4cbe Convert #ifdef to #if, other build changes Matt Johnston <matt@ucc.asn.au> parents: 1294 diff changeset	223 #define DROPBEAR_KEY_LINES ((DROPBEAR_CLIENT) \|\| (DROPBEAR_SVR_PUBKEY_AUTH))
499 f3ca5ebc319a Split options.h out into sysoptions.h for options that aren't usually Matt Johnston <matt@ucc.asn.au> parents: diff changeset	224
605 53c21d4ec98a - Don't allow setting memLevel since that doesn't work properly Matt Johnston <matt@ucc.asn.au> parents: 598 diff changeset	225 /* Changing this is inadvisable, it appears to have problems
53c21d4ec98a - Don't allow setting memLevel since that doesn't work properly Matt Johnston <matt@ucc.asn.au> parents: 598 diff changeset	226 * with flushing compressed data */
53c21d4ec98a - Don't allow setting memLevel since that doesn't work properly Matt Johnston <matt@ucc.asn.au> parents: 598 diff changeset	227 #define DROPBEAR_ZLIB_MEM_LEVEL 8
53c21d4ec98a - Don't allow setting memLevel since that doesn't work properly Matt Johnston <matt@ucc.asn.au> parents: 598 diff changeset	228
1295 750ec4ec4cbe Convert #ifdef to #if, other build changes Matt Johnston <matt@ucc.asn.au> parents: 1294 diff changeset	229 #if (DROPBEAR_SVR_PASSWORD_AUTH) && (DROPBEAR_SVR_PAM_AUTH)
1615 cd23631dab5c fix error message to say localoptions.h Matt Johnston <matt@ucc.asn.au> parents: 1554 diff changeset	230 #error "You can't turn on PASSWORD and PAM auth both at once. Fix it in localoptions.h"
499 f3ca5ebc319a Split options.h out into sysoptions.h for options that aren't usually Matt Johnston <matt@ucc.asn.au> parents: diff changeset	231 #endif
f3ca5ebc319a Split options.h out into sysoptions.h for options that aren't usually Matt Johnston <matt@ucc.asn.au> parents: diff changeset	232
1514 6c16a05023aa rename some options and move some to sysoptions.h Matt Johnston <matt@ucc.asn.au> parents: 1499 diff changeset	233 /* PAM requires ./configure --enable-pam */
6c16a05023aa rename some options and move some to sysoptions.h Matt Johnston <matt@ucc.asn.au> parents: 1499 diff changeset	234 #if !defined(HAVE_LIBPAM) && DROPBEAR_SVR_PAM_AUTH
6c16a05023aa rename some options and move some to sysoptions.h Matt Johnston <matt@ucc.asn.au> parents: 1499 diff changeset	235 #error "DROPBEAR_SVR_PATM_AUTH requires PAM headers. Perhaps ./configure --enable-pam ?"
6c16a05023aa rename some options and move some to sysoptions.h Matt Johnston <matt@ucc.asn.au> parents: 1499 diff changeset	236 #endif
6c16a05023aa rename some options and move some to sysoptions.h Matt Johnston <matt@ucc.asn.au> parents: 1499 diff changeset	237
6c16a05023aa rename some options and move some to sysoptions.h Matt Johnston <matt@ucc.asn.au> parents: 1499 diff changeset	238 #if DROPBEAR_SVR_PASSWORD_AUTH && !HAVE_CRYPT
6c16a05023aa rename some options and move some to sysoptions.h Matt Johnston <matt@ucc.asn.au> parents: 1499 diff changeset	239 #error "DROPBEAR_SVR_PASSWORD_AUTH requires `crypt()'."
6c16a05023aa rename some options and move some to sysoptions.h Matt Johnston <matt@ucc.asn.au> parents: 1499 diff changeset	240 #endif
6c16a05023aa rename some options and move some to sysoptions.h Matt Johnston <matt@ucc.asn.au> parents: 1499 diff changeset	241
6c16a05023aa rename some options and move some to sysoptions.h Matt Johnston <matt@ucc.asn.au> parents: 1499 diff changeset	242 #if !(DROPBEAR_SVR_PASSWORD_AUTH \|\| DROPBEAR_SVR_PAM_AUTH \|\| DROPBEAR_SVR_PUBKEY_AUTH)
6c16a05023aa rename some options and move some to sysoptions.h Matt Johnston <matt@ucc.asn.au> parents: 1499 diff changeset	243 #error "At least one server authentication type must be enabled. DROPBEAR_SVR_PUBKEY_AUTH and DROPBEAR_SVR_PASSWORD_AUTH are recommended."
6c16a05023aa rename some options and move some to sysoptions.h Matt Johnston <matt@ucc.asn.au> parents: 1499 diff changeset	244 #endif
6c16a05023aa rename some options and move some to sysoptions.h Matt Johnston <matt@ucc.asn.au> parents: 1499 diff changeset	245
1653 76189c9ffea2 External Public-Key Authentication API (#72) fabriziobertocci <fabriziobertocci@gmail.com> parents: 1650 diff changeset	246 #if (DROPBEAR_EPKA && !DROPBEAR_SVR_PUBKEY_AUTH)
76189c9ffea2 External Public-Key Authentication API (#72) fabriziobertocci <fabriziobertocci@gmail.com> parents: 1650 diff changeset	247 #error "You must define DROPBEAR_SVR_PUBKEY_AUTH in order to use External Public Key Authentication (EPKA)"
76189c9ffea2 External Public-Key Authentication API (#72) fabriziobertocci <fabriziobertocci@gmail.com> parents: 1650 diff changeset	248 #endif
1514 6c16a05023aa rename some options and move some to sysoptions.h Matt Johnston <matt@ucc.asn.au> parents: 1499 diff changeset	249
6c16a05023aa rename some options and move some to sysoptions.h Matt Johnston <matt@ucc.asn.au> parents: 1499 diff changeset	250 #if !(DROPBEAR_AES128 \|\| DROPBEAR_3DES \|\| DROPBEAR_AES256 \|\| DROPBEAR_BLOWFISH \
6c16a05023aa rename some options and move some to sysoptions.h Matt Johnston <matt@ucc.asn.au> parents: 1499 diff changeset	251 \|\| DROPBEAR_TWOFISH256 \|\| DROPBEAR_TWOFISH128)
6c16a05023aa rename some options and move some to sysoptions.h Matt Johnston <matt@ucc.asn.au> parents: 1499 diff changeset	252 #error "At least one encryption algorithm must be enabled. AES128 is recommended."
6c16a05023aa rename some options and move some to sysoptions.h Matt Johnston <matt@ucc.asn.au> parents: 1499 diff changeset	253 #endif
6c16a05023aa rename some options and move some to sysoptions.h Matt Johnston <matt@ucc.asn.au> parents: 1499 diff changeset	254
6c16a05023aa rename some options and move some to sysoptions.h Matt Johnston <matt@ucc.asn.au> parents: 1499 diff changeset	255 #if !(DROPBEAR_RSA \|\| DROPBEAR_DSS \|\| DROPBEAR_ECDSA)
6c16a05023aa rename some options and move some to sysoptions.h Matt Johnston <matt@ucc.asn.au> parents: 1499 diff changeset	256 #error "At least one hostkey or public-key algorithm must be enabled; RSA is recommended."
6c16a05023aa rename some options and move some to sysoptions.h Matt Johnston <matt@ucc.asn.au> parents: 1499 diff changeset	257 #endif
6c16a05023aa rename some options and move some to sysoptions.h Matt Johnston <matt@ucc.asn.au> parents: 1499 diff changeset	258
6c16a05023aa rename some options and move some to sysoptions.h Matt Johnston <matt@ucc.asn.au> parents: 1499 diff changeset	259 /* Source for randomness. This must be able to provide hundreds of bytes per SSH
6c16a05023aa rename some options and move some to sysoptions.h Matt Johnston <matt@ucc.asn.au> parents: 1499 diff changeset	260 * connection without blocking. */
6c16a05023aa rename some options and move some to sysoptions.h Matt Johnston <matt@ucc.asn.au> parents: 1499 diff changeset	261 #ifndef DROPBEAR_URANDOM_DEV
6c16a05023aa rename some options and move some to sysoptions.h Matt Johnston <matt@ucc.asn.au> parents: 1499 diff changeset	262 #define DROPBEAR_URANDOM_DEV "/dev/urandom"
6c16a05023aa rename some options and move some to sysoptions.h Matt Johnston <matt@ucc.asn.au> parents: 1499 diff changeset	263 #endif
6c16a05023aa rename some options and move some to sysoptions.h Matt Johnston <matt@ucc.asn.au> parents: 1499 diff changeset	264
6c16a05023aa rename some options and move some to sysoptions.h Matt Johnston <matt@ucc.asn.au> parents: 1499 diff changeset	265 /* client keyboard interactive authentication is often used for password auth.
6c16a05023aa rename some options and move some to sysoptions.h Matt Johnston <matt@ucc.asn.au> parents: 1499 diff changeset	266 rfc4256 */
6c16a05023aa rename some options and move some to sysoptions.h Matt Johnston <matt@ucc.asn.au> parents: 1499 diff changeset	267 #define DROPBEAR_CLI_INTERACT_AUTH (DROPBEAR_CLI_PASSWORD_AUTH)
6c16a05023aa rename some options and move some to sysoptions.h Matt Johnston <matt@ucc.asn.au> parents: 1499 diff changeset	268
499 f3ca5ebc319a Split options.h out into sysoptions.h for options that aren't usually Matt Johnston <matt@ucc.asn.au> parents: diff changeset	269 /* We use dropbear_client and dropbear_server as shortcuts to avoid redundant
f3ca5ebc319a Split options.h out into sysoptions.h for options that aren't usually Matt Johnston <matt@ucc.asn.au> parents: diff changeset	270 * code, if we're just compiling as client or server */
1295 750ec4ec4cbe Convert #ifdef to #if, other build changes Matt Johnston <matt@ucc.asn.au> parents: 1294 diff changeset	271 #if (DROPBEAR_SERVER) && (DROPBEAR_CLIENT)
499 f3ca5ebc319a Split options.h out into sysoptions.h for options that aren't usually Matt Johnston <matt@ucc.asn.au> parents: diff changeset	272
f3ca5ebc319a Split options.h out into sysoptions.h for options that aren't usually Matt Johnston <matt@ucc.asn.au> parents: diff changeset	273 #define IS_DROPBEAR_SERVER (ses.isserver == 1)
f3ca5ebc319a Split options.h out into sysoptions.h for options that aren't usually Matt Johnston <matt@ucc.asn.au> parents: diff changeset	274 #define IS_DROPBEAR_CLIENT (ses.isserver == 0)
f3ca5ebc319a Split options.h out into sysoptions.h for options that aren't usually Matt Johnston <matt@ucc.asn.au> parents: diff changeset	275
1295 750ec4ec4cbe Convert #ifdef to #if, other build changes Matt Johnston <matt@ucc.asn.au> parents: 1294 diff changeset	276 #elif DROPBEAR_SERVER
499 f3ca5ebc319a Split options.h out into sysoptions.h for options that aren't usually Matt Johnston <matt@ucc.asn.au> parents: diff changeset	277
f3ca5ebc319a Split options.h out into sysoptions.h for options that aren't usually Matt Johnston <matt@ucc.asn.au> parents: diff changeset	278 #define IS_DROPBEAR_SERVER 1
f3ca5ebc319a Split options.h out into sysoptions.h for options that aren't usually Matt Johnston <matt@ucc.asn.au> parents: diff changeset	279 #define IS_DROPBEAR_CLIENT 0
f3ca5ebc319a Split options.h out into sysoptions.h for options that aren't usually Matt Johnston <matt@ucc.asn.au> parents: diff changeset	280
1295 750ec4ec4cbe Convert #ifdef to #if, other build changes Matt Johnston <matt@ucc.asn.au> parents: 1294 diff changeset	281 #elif DROPBEAR_CLIENT
499 f3ca5ebc319a Split options.h out into sysoptions.h for options that aren't usually Matt Johnston <matt@ucc.asn.au> parents: diff changeset	282
f3ca5ebc319a Split options.h out into sysoptions.h for options that aren't usually Matt Johnston <matt@ucc.asn.au> parents: diff changeset	283 #define IS_DROPBEAR_SERVER 0
f3ca5ebc319a Split options.h out into sysoptions.h for options that aren't usually Matt Johnston <matt@ucc.asn.au> parents: diff changeset	284 #define IS_DROPBEAR_CLIENT 1
f3ca5ebc319a Split options.h out into sysoptions.h for options that aren't usually Matt Johnston <matt@ucc.asn.au> parents: diff changeset	285
f3ca5ebc319a Split options.h out into sysoptions.h for options that aren't usually Matt Johnston <matt@ucc.asn.au> parents: diff changeset	286 #else
521 cc2dff9bd671 - Allow building with neither server nor client specified Matt Johnston <matt@ucc.asn.au> parents: 516 diff changeset	287 /* Just building key utils? */
cc2dff9bd671 - Allow building with neither server nor client specified Matt Johnston <matt@ucc.asn.au> parents: 516 diff changeset	288 #define IS_DROPBEAR_SERVER 0
cc2dff9bd671 - Allow building with neither server nor client specified Matt Johnston <matt@ucc.asn.au> parents: 516 diff changeset	289 #define IS_DROPBEAR_CLIENT 0
cc2dff9bd671 - Allow building with neither server nor client specified Matt Johnston <matt@ucc.asn.au> parents: 516 diff changeset	290
667 fc7ae88e63b3 Rename HAVE_FORK to USE_VFORK Matt Johnston <matt@ucc.asn.au> parents: 661 diff changeset	291 #endif /* neither DROPBEAR_SERVER nor DROPBEAR_CLIENT */
fc7ae88e63b3 Rename HAVE_FORK to USE_VFORK Matt Johnston <matt@ucc.asn.au> parents: 661 diff changeset	292
1295 750ec4ec4cbe Convert #ifdef to #if, other build changes Matt Johnston <matt@ucc.asn.au> parents: 1294 diff changeset	293 #ifdef HAVE_FORK
750ec4ec4cbe Convert #ifdef to #if, other build changes Matt Johnston <matt@ucc.asn.au> parents: 1294 diff changeset	294 #define DROPBEAR_VFORK 0
750ec4ec4cbe Convert #ifdef to #if, other build changes Matt Johnston <matt@ucc.asn.au> parents: 1294 diff changeset	295 #else
750ec4ec4cbe Convert #ifdef to #if, other build changes Matt Johnston <matt@ucc.asn.au> parents: 1294 diff changeset	296 #define DROPBEAR_VFORK 1
750ec4ec4cbe Convert #ifdef to #if, other build changes Matt Johnston <matt@ucc.asn.au> parents: 1294 diff changeset	297 #endif
667 fc7ae88e63b3 Rename HAVE_FORK to USE_VFORK Matt Johnston <matt@ucc.asn.au> parents: 661 diff changeset	298
1440 8b74d5f876a7 sysoptions.h: Add ability to override DROPBEAR_LISTEN_BACKLOG Ben Gardner <bgardner@wabtec.com> parents: 1342 diff changeset	299 #ifndef DROPBEAR_LISTEN_BACKLOG
936 d93a6bcf616f Improve handling lots of concurrent forwarded connections. Increase Matt Johnston <matt@ucc.asn.au> parents: 902 diff changeset	300 #if MAX_UNAUTH_CLIENTS > MAX_CHANNELS
d93a6bcf616f Improve handling lots of concurrent forwarded connections. Increase Matt Johnston <matt@ucc.asn.au> parents: 902 diff changeset	301 #define DROPBEAR_LISTEN_BACKLOG MAX_UNAUTH_CLIENTS
d93a6bcf616f Improve handling lots of concurrent forwarded connections. Increase Matt Johnston <matt@ucc.asn.au> parents: 902 diff changeset	302 #else
d93a6bcf616f Improve handling lots of concurrent forwarded connections. Increase Matt Johnston <matt@ucc.asn.au> parents: 902 diff changeset	303 #define DROPBEAR_LISTEN_BACKLOG MAX_CHANNELS
d93a6bcf616f Improve handling lots of concurrent forwarded connections. Increase Matt Johnston <matt@ucc.asn.au> parents: 902 diff changeset	304 #endif
1440 8b74d5f876a7 sysoptions.h: Add ability to override DROPBEAR_LISTEN_BACKLOG Ben Gardner <bgardner@wabtec.com> parents: 1342 diff changeset	305 #endif
936 d93a6bcf616f Improve handling lots of concurrent forwarded connections. Increase Matt Johnston <matt@ucc.asn.au> parents: 902 diff changeset	306
1040 2b4fd440399d Free memory before exiting. Based on patch from Thorsten Horstmann. Matt Johnston <matt@ucc.asn.au> parents: 1009 diff changeset	307 /* free memory before exiting */
1295 750ec4ec4cbe Convert #ifdef to #if, other build changes Matt Johnston <matt@ucc.asn.au> parents: 1294 diff changeset	308 #define DROPBEAR_CLEANUP 1
1040 2b4fd440399d Free memory before exiting. Based on patch from Thorsten Horstmann. Matt Johnston <matt@ucc.asn.au> parents: 1009 diff changeset	309
970 0bb16232e7c4 Make keepalive handling more robust, this should now match what OpenSSH does Matt Johnston <matt@ucc.asn.au> parents: 965 diff changeset	310 /* Use this string since some implementations might special-case it */
0bb16232e7c4 Make keepalive handling more robust, this should now match what OpenSSH does Matt Johnston <matt@ucc.asn.au> parents: 965 diff changeset	311 #define DROPBEAR_KEEPALIVE_STRING "[email protected]"
0bb16232e7c4 Make keepalive handling more robust, this should now match what OpenSSH does Matt Johnston <matt@ucc.asn.au> parents: 965 diff changeset	312
1084 2265d7ebfdeb separate client/server fastopen options Matt Johnston <matt@ucc.asn.au> parents: 1049 diff changeset	313 /* Linux will attempt TCP fast open, falling back if not supported by the kernel.
2265d7ebfdeb separate client/server fastopen options Matt Johnston <matt@ucc.asn.au> parents: 1049 diff changeset	314 * Currently server is enabled but client is disabled by default until there
2265d7ebfdeb separate client/server fastopen options Matt Johnston <matt@ucc.asn.au> parents: 1049 diff changeset	315 * is further compatibility testing */
1033 ca71904cf3ee Fixes for backwards compatibility Matt Johnston <matt@ucc.asn.au> parents: 1009 diff changeset	316 #ifdef __linux__
1295 750ec4ec4cbe Convert #ifdef to #if, other build changes Matt Johnston <matt@ucc.asn.au> parents: 1294 diff changeset	317 #define DROPBEAR_SERVER_TCP_FAST_OPEN 1
750ec4ec4cbe Convert #ifdef to #if, other build changes Matt Johnston <matt@ucc.asn.au> parents: 1294 diff changeset	318 #define DROPBEAR_CLIENT_TCP_FAST_OPEN 0
750ec4ec4cbe Convert #ifdef to #if, other build changes Matt Johnston <matt@ucc.asn.au> parents: 1294 diff changeset	319 #else
750ec4ec4cbe Convert #ifdef to #if, other build changes Matt Johnston <matt@ucc.asn.au> parents: 1294 diff changeset	320 #define DROPBEAR_SERVER_TCP_FAST_OPEN 0
750ec4ec4cbe Convert #ifdef to #if, other build changes Matt Johnston <matt@ucc.asn.au> parents: 1294 diff changeset	321 #define DROPBEAR_CLIENT_TCP_FAST_OPEN 0
1033 ca71904cf3ee Fixes for backwards compatibility Matt Johnston <matt@ucc.asn.au> parents: 1009 diff changeset	322 #endif
ca71904cf3ee Fixes for backwards compatibility Matt Johnston <matt@ucc.asn.au> parents: 1009 diff changeset	323
1569 c42e8ff42bd1 Only use malloc wrapper if fuzzing Matt Johnston <matt@ucc.asn.au> parents: 1554 diff changeset	324 #define DROPBEAR_TRACKING_MALLOC (DROPBEAR_FUZZ)
c42e8ff42bd1 Only use malloc wrapper if fuzzing Matt Johnston <matt@ucc.asn.au> parents: 1554 diff changeset	325
1596 60fceff95858 workaround memory sanitizer FD_ZERO false positives Matt Johnston <matt@ucc.asn.au> parents: 1569 diff changeset	326 /* Used to work around Memory Sanitizer false positives */
60fceff95858 workaround memory sanitizer FD_ZERO false positives Matt Johnston <matt@ucc.asn.au> parents: 1569 diff changeset	327 #if defined(__has_feature)
60fceff95858 workaround memory sanitizer FD_ZERO false positives Matt Johnston <matt@ucc.asn.au> parents: 1569 diff changeset	328 # if __has_feature(memory_sanitizer)
60fceff95858 workaround memory sanitizer FD_ZERO false positives Matt Johnston <matt@ucc.asn.au> parents: 1569 diff changeset	329 # define DROPBEAR_MSAN 1
60fceff95858 workaround memory sanitizer FD_ZERO false positives Matt Johnston <matt@ucc.asn.au> parents: 1569 diff changeset	330 # endif
60fceff95858 workaround memory sanitizer FD_ZERO false positives Matt Johnston <matt@ucc.asn.au> parents: 1569 diff changeset	331 #endif
60fceff95858 workaround memory sanitizer FD_ZERO false positives Matt Johnston <matt@ucc.asn.au> parents: 1569 diff changeset	332 #ifndef DROPBEAR_MSAN
60fceff95858 workaround memory sanitizer FD_ZERO false positives Matt Johnston <matt@ucc.asn.au> parents: 1569 diff changeset	333 #define DROPBEAR_MSAN 0
60fceff95858 workaround memory sanitizer FD_ZERO false positives Matt Johnston <matt@ucc.asn.au> parents: 1569 diff changeset	334 #endif
60fceff95858 workaround memory sanitizer FD_ZERO false positives Matt Johnston <matt@ucc.asn.au> parents: 1569 diff changeset	335
60fceff95858 workaround memory sanitizer FD_ZERO false positives Matt Johnston <matt@ucc.asn.au> parents: 1569 diff changeset	336
667 fc7ae88e63b3 Rename HAVE_FORK to USE_VFORK Matt Johnston <matt@ucc.asn.au> parents: 661 diff changeset	337 /* no include guard for this file */

Mercurial > dropbear

annotate sysoptions.h @ 1653:76189c9ffea2