dropbear: sysoptions.h annotate

annotate sysoptions.h @ 1665:7c17995bcdfb

Improve address logging on early exit messages (#83) Change 'Early exit' and 'Exit before auth' messages to include the IP address & port as part of the message. This allows log scanning utilities such as 'fail2ban' to obtain the offending IP address as part of the failure event instead of extracting the PID from the message and then scanning the log again for match 'child connection from' messages Signed-off-by: Kevin Darbyshire-Bryant <[email protected]>

author	Kevin Darbyshire-Bryant <6500011+ldir-EDB0@users.noreply.github.com>
date	Wed, 18 Mar 2020 15:28:56 +0000
parents	d32bcb5c557d
children	3a97f14c0235 ba6fc7afe1c5

rev	line source
499 f3ca5ebc319a Split options.h out into sysoptions.h for options that aren't usually Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1 /*******************************************************************
f3ca5ebc319a Split options.h out into sysoptions.h for options that aren't usually Matt Johnston <matt@ucc.asn.au> parents: diff changeset	2 * You shouldn't edit this file unless you know you need to.
f3ca5ebc319a Split options.h out into sysoptions.h for options that aren't usually Matt Johnston <matt@ucc.asn.au> parents: diff changeset	3 * This file is only included from options.h
f3ca5ebc319a Split options.h out into sysoptions.h for options that aren't usually Matt Johnston <matt@ucc.asn.au> parents: diff changeset	4 *******************************************************************/
f3ca5ebc319a Split options.h out into sysoptions.h for options that aren't usually Matt Johnston <matt@ucc.asn.au> parents: diff changeset	5
f3ca5ebc319a Split options.h out into sysoptions.h for options that aren't usually Matt Johnston <matt@ucc.asn.au> parents: diff changeset	6 #ifndef DROPBEAR_VERSION
1650 009d52ae26d3 Bump to 2019.78 Matt Johnston <matt@ucc.asn.au> parents: 1646 diff changeset	7 #define DROPBEAR_VERSION "2019.78"
499 f3ca5ebc319a Split options.h out into sysoptions.h for options that aren't usually Matt Johnston <matt@ucc.asn.au> parents: diff changeset	8 #endif
f3ca5ebc319a Split options.h out into sysoptions.h for options that aren't usually Matt Johnston <matt@ucc.asn.au> parents: diff changeset	9
f3ca5ebc319a Split options.h out into sysoptions.h for options that aren't usually Matt Johnston <matt@ucc.asn.au> parents: diff changeset	10 #define LOCAL_IDENT "SSH-2.0-dropbear_" DROPBEAR_VERSION
f3ca5ebc319a Split options.h out into sysoptions.h for options that aren't usually Matt Johnston <matt@ucc.asn.au> parents: diff changeset	11 #define PROGNAME "dropbear"
f3ca5ebc319a Split options.h out into sysoptions.h for options that aren't usually Matt Johnston <matt@ucc.asn.au> parents: diff changeset	12
f3ca5ebc319a Split options.h out into sysoptions.h for options that aren't usually Matt Johnston <matt@ucc.asn.au> parents: diff changeset	13 /* Spec recommends after one hour or 1 gigabyte of data. One hour
f3ca5ebc319a Split options.h out into sysoptions.h for options that aren't usually Matt Johnston <matt@ucc.asn.au> parents: diff changeset	14 * is a bit too verbose, so we try 8 hours */
f3ca5ebc319a Split options.h out into sysoptions.h for options that aren't usually Matt Johnston <matt@ucc.asn.au> parents: diff changeset	15 #ifndef KEX_REKEY_TIMEOUT
f3ca5ebc319a Split options.h out into sysoptions.h for options that aren't usually Matt Johnston <matt@ucc.asn.au> parents: diff changeset	16 #define KEX_REKEY_TIMEOUT (3600 * 8)
f3ca5ebc319a Split options.h out into sysoptions.h for options that aren't usually Matt Johnston <matt@ucc.asn.au> parents: diff changeset	17 #endif
f3ca5ebc319a Split options.h out into sysoptions.h for options that aren't usually Matt Johnston <matt@ucc.asn.au> parents: diff changeset	18 #ifndef KEX_REKEY_DATA
887 0459ff21e320 Back out accidentally committed files Matt Johnston <matt@ucc.asn.au> parents: 886 diff changeset	19 #define KEX_REKEY_DATA (1<<30) /* 2^30 == 1GB, this value must be < INT_MAX */
499 f3ca5ebc319a Split options.h out into sysoptions.h for options that aren't usually Matt Johnston <matt@ucc.asn.au> parents: diff changeset	20 #endif
f3ca5ebc319a Split options.h out into sysoptions.h for options that aren't usually Matt Johnston <matt@ucc.asn.au> parents: diff changeset	21 /* Close connections to clients which haven't authorised after AUTH_TIMEOUT */
f3ca5ebc319a Split options.h out into sysoptions.h for options that aren't usually Matt Johnston <matt@ucc.asn.au> parents: diff changeset	22 #ifndef AUTH_TIMEOUT
f3ca5ebc319a Split options.h out into sysoptions.h for options that aren't usually Matt Johnston <matt@ucc.asn.au> parents: diff changeset	23 #define AUTH_TIMEOUT 300 /* we choose 5 minutes */
f3ca5ebc319a Split options.h out into sysoptions.h for options that aren't usually Matt Johnston <matt@ucc.asn.au> parents: diff changeset	24 #endif
f3ca5ebc319a Split options.h out into sysoptions.h for options that aren't usually Matt Johnston <matt@ucc.asn.au> parents: diff changeset	25
1514 6c16a05023aa rename some options and move some to sysoptions.h Matt Johnston <matt@ucc.asn.au> parents: 1499 diff changeset	26 #define DROPBEAR_SVR_PUBKEY_OPTIONS_BUILT ((DROPBEAR_SVR_PUBKEY_AUTH) && (DROPBEAR_SVR_PUBKEY_OPTIONS))
6c16a05023aa rename some options and move some to sysoptions.h Matt Johnston <matt@ucc.asn.au> parents: 1499 diff changeset	27
6c16a05023aa rename some options and move some to sysoptions.h Matt Johnston <matt@ucc.asn.au> parents: 1499 diff changeset	28 #if !(NON_INETD_MODE \|\| INETD_MODE)
6c16a05023aa rename some options and move some to sysoptions.h Matt Johnston <matt@ucc.asn.au> parents: 1499 diff changeset	29 #error "NON_INETD_MODE or INETD_MODE (or both) must be enabled."
6c16a05023aa rename some options and move some to sysoptions.h Matt Johnston <matt@ucc.asn.au> parents: 1499 diff changeset	30 #endif
1295 750ec4ec4cbe Convert #ifdef to #if, other build changes Matt Johnston <matt@ucc.asn.au> parents: 1294 diff changeset	31
746 465fefc4f6e0 Put some #ifdef options around first-follows options in case they Matt Johnston <matt@ucc.asn.au> parents: 745 diff changeset	32 /* A client should try and send an initial key exchange packet guessing
465fefc4f6e0 Put some #ifdef options around first-follows options in case they Matt Johnston <matt@ucc.asn.au> parents: 745 diff changeset	33 * the algorithm that will match - saves a round trip connecting, has little
465fefc4f6e0 Put some #ifdef options around first-follows options in case they Matt Johnston <matt@ucc.asn.au> parents: 745 diff changeset	34 * overhead if the guess was "wrong". */
1295 750ec4ec4cbe Convert #ifdef to #if, other build changes Matt Johnston <matt@ucc.asn.au> parents: 1294 diff changeset	35 #ifndef DROPBEAR_KEX_FIRST_FOLLOWS
750ec4ec4cbe Convert #ifdef to #if, other build changes Matt Johnston <matt@ucc.asn.au> parents: 1294 diff changeset	36 #define DROPBEAR_KEX_FIRST_FOLLOWS 1
750ec4ec4cbe Convert #ifdef to #if, other build changes Matt Johnston <matt@ucc.asn.au> parents: 1294 diff changeset	37 #endif
746 465fefc4f6e0 Put some #ifdef options around first-follows options in case they Matt Johnston <matt@ucc.asn.au> parents: 745 diff changeset	38 /* Use protocol extension to allow "first follows" to succeed more frequently.
465fefc4f6e0 Put some #ifdef options around first-follows options in case they Matt Johnston <matt@ucc.asn.au> parents: 745 diff changeset	39 * This is currently Dropbear-specific but will gracefully fallback when connecting
465fefc4f6e0 Put some #ifdef options around first-follows options in case they Matt Johnston <matt@ucc.asn.au> parents: 745 diff changeset	40 * to other implementations. */
1295 750ec4ec4cbe Convert #ifdef to #if, other build changes Matt Johnston <matt@ucc.asn.au> parents: 1294 diff changeset	41 #ifndef DROPBEAR_KEXGUESS2
750ec4ec4cbe Convert #ifdef to #if, other build changes Matt Johnston <matt@ucc.asn.au> parents: 1294 diff changeset	42 #define DROPBEAR_KEXGUESS2 1
750ec4ec4cbe Convert #ifdef to #if, other build changes Matt Johnston <matt@ucc.asn.au> parents: 1294 diff changeset	43 #endif
746 465fefc4f6e0 Put some #ifdef options around first-follows options in case they Matt Johnston <matt@ucc.asn.au> parents: 745 diff changeset	44
499 f3ca5ebc319a Split options.h out into sysoptions.h for options that aren't usually Matt Johnston <matt@ucc.asn.au> parents: diff changeset	45 /* Minimum key sizes for DSS and RSA */
f3ca5ebc319a Split options.h out into sysoptions.h for options that aren't usually Matt Johnston <matt@ucc.asn.au> parents: diff changeset	46 #ifndef MIN_DSS_KEYLEN
1414 9236e7120c3e increase min DSS and RSA lengths Matt Johnston <matt@ucc.asn.au> parents: 1342 diff changeset	47 #define MIN_DSS_KEYLEN 1024
499 f3ca5ebc319a Split options.h out into sysoptions.h for options that aren't usually Matt Johnston <matt@ucc.asn.au> parents: diff changeset	48 #endif
f3ca5ebc319a Split options.h out into sysoptions.h for options that aren't usually Matt Johnston <matt@ucc.asn.au> parents: diff changeset	49 #ifndef MIN_RSA_KEYLEN
1414 9236e7120c3e increase min DSS and RSA lengths Matt Johnston <matt@ucc.asn.au> parents: 1342 diff changeset	50 #define MIN_RSA_KEYLEN 1024
499 f3ca5ebc319a Split options.h out into sysoptions.h for options that aren't usually Matt Johnston <matt@ucc.asn.au> parents: diff changeset	51 #endif
f3ca5ebc319a Split options.h out into sysoptions.h for options that aren't usually Matt Johnston <matt@ucc.asn.au> parents: diff changeset	52
f3ca5ebc319a Split options.h out into sysoptions.h for options that aren't usually Matt Johnston <matt@ucc.asn.au> parents: diff changeset	53 #define MAX_BANNER_SIZE 2000 /* this is 2580 chars, any more is foolish /
f3ca5ebc319a Split options.h out into sysoptions.h for options that aren't usually Matt Johnston <matt@ucc.asn.au> parents: diff changeset	54 #define MAX_BANNER_LINES 20 /* How many lines the client will display */
f3ca5ebc319a Split options.h out into sysoptions.h for options that aren't usually Matt Johnston <matt@ucc.asn.au> parents: diff changeset	55
f3ca5ebc319a Split options.h out into sysoptions.h for options that aren't usually Matt Johnston <matt@ucc.asn.au> parents: diff changeset	56 /* the number of NAME=VALUE pairs to malloc for environ, if we don't have
f3ca5ebc319a Split options.h out into sysoptions.h for options that aren't usually Matt Johnston <matt@ucc.asn.au> parents: diff changeset	57 * the clearenv() function */
f3ca5ebc319a Split options.h out into sysoptions.h for options that aren't usually Matt Johnston <matt@ucc.asn.au> parents: diff changeset	58 #define ENV_SIZE 100
f3ca5ebc319a Split options.h out into sysoptions.h for options that aren't usually Matt Johnston <matt@ucc.asn.au> parents: diff changeset	59
1138 cc3916a7afd9 increase MAX_CMD_LEN to 9000 Matt Johnston <matt@ucc.asn.au> parents: 1084 diff changeset	60 #define MAX_CMD_LEN 9000 /* max length of a command */
499 f3ca5ebc319a Split options.h out into sysoptions.h for options that aren't usually Matt Johnston <matt@ucc.asn.au> parents: diff changeset	61 #define MAX_TERM_LEN 200 /* max length of TERM name */
f3ca5ebc319a Split options.h out into sysoptions.h for options that aren't usually Matt Johnston <matt@ucc.asn.au> parents: diff changeset	62
f3ca5ebc319a Split options.h out into sysoptions.h for options that aren't usually Matt Johnston <matt@ucc.asn.au> parents: diff changeset	63 #define MAX_HOST_LEN 254 /* max hostname len for tcp fwding */
f3ca5ebc319a Split options.h out into sysoptions.h for options that aren't usually Matt Johnston <matt@ucc.asn.au> parents: diff changeset	64 #define MAX_IP_LEN 15 /* strlen("255.255.255.255") == 15 */
f3ca5ebc319a Split options.h out into sysoptions.h for options that aren't usually Matt Johnston <matt@ucc.asn.au> parents: diff changeset	65
f3ca5ebc319a Split options.h out into sysoptions.h for options that aren't usually Matt Johnston <matt@ucc.asn.au> parents: diff changeset	66 #define DROPBEAR_MAX_PORTS 10 /* max number of ports which can be specified,
f3ca5ebc319a Split options.h out into sysoptions.h for options that aren't usually Matt Johnston <matt@ucc.asn.au> parents: diff changeset	67 ipv4 and ipv6 don't count twice */
f3ca5ebc319a Split options.h out into sysoptions.h for options that aren't usually Matt Johnston <matt@ucc.asn.au> parents: diff changeset	68
f3ca5ebc319a Split options.h out into sysoptions.h for options that aren't usually Matt Johnston <matt@ucc.asn.au> parents: diff changeset	69 /* Each port might have at least a v4 and a v6 address */
f3ca5ebc319a Split options.h out into sysoptions.h for options that aren't usually Matt Johnston <matt@ucc.asn.au> parents: diff changeset	70 #define MAX_LISTEN_ADDR (DROPBEAR_MAX_PORTS*3)
f3ca5ebc319a Split options.h out into sysoptions.h for options that aren't usually Matt Johnston <matt@ucc.asn.au> parents: diff changeset	71
f3ca5ebc319a Split options.h out into sysoptions.h for options that aren't usually Matt Johnston <matt@ucc.asn.au> parents: diff changeset	72 #define _PATH_TTY "/dev/tty"
f3ca5ebc319a Split options.h out into sysoptions.h for options that aren't usually Matt Johnston <matt@ucc.asn.au> parents: diff changeset	73
f3ca5ebc319a Split options.h out into sysoptions.h for options that aren't usually Matt Johnston <matt@ucc.asn.au> parents: diff changeset	74 #define _PATH_CP "/bin/cp"
f3ca5ebc319a Split options.h out into sysoptions.h for options that aren't usually Matt Johnston <matt@ucc.asn.au> parents: diff changeset	75
722 4a274f47eabd Add ~. and ~^Z handling to exit/suspend dbclient Matt Johnston <matt@ucc.asn.au> parents: 718 diff changeset	76 #define DROPBEAR_ESCAPE_CHAR '~'
4a274f47eabd Add ~. and ~^Z handling to exit/suspend dbclient Matt Johnston <matt@ucc.asn.au> parents: 718 diff changeset	77
499 f3ca5ebc319a Split options.h out into sysoptions.h for options that aren't usually Matt Johnston <matt@ucc.asn.au> parents: diff changeset	78 /* success/failure defines */
f3ca5ebc319a Split options.h out into sysoptions.h for options that aren't usually Matt Johnston <matt@ucc.asn.au> parents: diff changeset	79 #define DROPBEAR_SUCCESS 0
f3ca5ebc319a Split options.h out into sysoptions.h for options that aren't usually Matt Johnston <matt@ucc.asn.au> parents: diff changeset	80 #define DROPBEAR_FAILURE -1
1295 750ec4ec4cbe Convert #ifdef to #if, other build changes Matt Johnston <matt@ucc.asn.au> parents: 1294 diff changeset	81
750ec4ec4cbe Convert #ifdef to #if, other build changes Matt Johnston <matt@ucc.asn.au> parents: 1294 diff changeset	82 #define DROPBEAR_PASSWORD_ENV "DROPBEAR_PASSWORD"
499 f3ca5ebc319a Split options.h out into sysoptions.h for options that aren't usually Matt Johnston <matt@ucc.asn.au> parents: diff changeset	83
1537 6a83b1944432 Fix restricted group code for BSDs, move to separate function Matt Johnston <matt@ucc.asn.au> parents: 1517 diff changeset	84 #define DROPBEAR_NGROUP_MAX 1024
6a83b1944432 Fix restricted group code for BSDs, move to separate function Matt Johnston <matt@ucc.asn.au> parents: 1517 diff changeset	85
499 f3ca5ebc319a Split options.h out into sysoptions.h for options that aren't usually Matt Johnston <matt@ucc.asn.au> parents: diff changeset	86 /* Required for pubkey auth */
1295 750ec4ec4cbe Convert #ifdef to #if, other build changes Matt Johnston <matt@ucc.asn.au> parents: 1294 diff changeset	87 #define DROPBEAR_SIGNKEY_VERIFY ((DROPBEAR_SVR_PUBKEY_AUTH) \|\| (DROPBEAR_CLIENT))
499 f3ca5ebc319a Split options.h out into sysoptions.h for options that aren't usually Matt Johnston <matt@ucc.asn.au> parents: diff changeset	88
1640 228b086794b7 limit password length to 100 Matt Johnston <matt@ucc.asn.au> parents: 1617 diff changeset	89 #define DROPBEAR_MAX_PASSWORD_LEN 100
228b086794b7 limit password length to 100 Matt Johnston <matt@ucc.asn.au> parents: 1617 diff changeset	90
499 f3ca5ebc319a Split options.h out into sysoptions.h for options that aren't usually Matt Johnston <matt@ucc.asn.au> parents: diff changeset	91 #define SHA1_HASH_SIZE 20
f3ca5ebc319a Split options.h out into sysoptions.h for options that aren't usually Matt Johnston <matt@ucc.asn.au> parents: diff changeset	92 #define MD5_HASH_SIZE 16
855 04ede40a529a - Some fixes for old compilers like tru64 v4 from Daniel Richard G. Matt Johnston <matt@ucc.asn.au> parents: 850 diff changeset	93 #define MAX_HASH_SIZE 64 /* sha512 */
499 f3ca5ebc319a Split options.h out into sysoptions.h for options that aren't usually Matt Johnston <matt@ucc.asn.au> parents: diff changeset	94
f3ca5ebc319a Split options.h out into sysoptions.h for options that aren't usually Matt Johnston <matt@ucc.asn.au> parents: diff changeset	95 #define MAX_KEY_LEN 32 /* 256 bits for aes256 etc */
762 a78a38e402d1 - Fix various hardcoded uses of SHA1 Matt Johnston <matt@ucc.asn.au> parents: 761 diff changeset	96 #define MAX_IV_LEN 20 /* must be same as max blocksize, */
715 cd3d3c63d189 Make hmac-sha2-256 and hmac-sha2-512 work Matt Johnston <matt@ucc.asn.au> parents: 710 diff changeset	97
1295 750ec4ec4cbe Convert #ifdef to #if, other build changes Matt Johnston <matt@ucc.asn.au> parents: 1294 diff changeset	98 #if DROPBEAR_SHA2_512_HMAC
715 cd3d3c63d189 Make hmac-sha2-256 and hmac-sha2-512 work Matt Johnston <matt@ucc.asn.au> parents: 710 diff changeset	99 #define MAX_MAC_LEN 64
1295 750ec4ec4cbe Convert #ifdef to #if, other build changes Matt Johnston <matt@ucc.asn.au> parents: 1294 diff changeset	100 #elif DROPBEAR_SHA2_256_HMAC
715 cd3d3c63d189 Make hmac-sha2-256 and hmac-sha2-512 work Matt Johnston <matt@ucc.asn.au> parents: 710 diff changeset	101 #define MAX_MAC_LEN 32
679 03073a27abb3 - Add hmac-sha2-256 and hmac-sha2-512. Needs debugging, seems to be Matt Johnston <matt@ucc.asn.au> parents: 668 diff changeset	102 #else
715 cd3d3c63d189 Make hmac-sha2-256 and hmac-sha2-512 work Matt Johnston <matt@ucc.asn.au> parents: 710 diff changeset	103 #define MAX_MAC_LEN 20
679 03073a27abb3 - Add hmac-sha2-256 and hmac-sha2-512. Needs debugging, seems to be Matt Johnston <matt@ucc.asn.au> parents: 668 diff changeset	104 #endif
499 f3ca5ebc319a Split options.h out into sysoptions.h for options that aren't usually Matt Johnston <matt@ucc.asn.au> parents: diff changeset	105
1517 7c7c5326ad73 clean up some default options Matt Johnston <matt@ucc.asn.au> parents: 1514 diff changeset	106 /* sha2-512 is not necessary unless unforseen problems arise with sha2-256 */
7c7c5326ad73 clean up some default options Matt Johnston <matt@ucc.asn.au> parents: 1514 diff changeset	107 #ifndef DROPBEAR_SHA2_512_HMAC
7c7c5326ad73 clean up some default options Matt Johnston <matt@ucc.asn.au> parents: 1514 diff changeset	108 #define DROPBEAR_SHA2_512_HMAC 0
7c7c5326ad73 clean up some default options Matt Johnston <matt@ucc.asn.au> parents: 1514 diff changeset	109 #endif
7c7c5326ad73 clean up some default options Matt Johnston <matt@ucc.asn.au> parents: 1514 diff changeset	110
7c7c5326ad73 clean up some default options Matt Johnston <matt@ucc.asn.au> parents: 1514 diff changeset	111 /* might be needed for compatibility with very old implementations */
7c7c5326ad73 clean up some default options Matt Johnston <matt@ucc.asn.au> parents: 1514 diff changeset	112 #ifndef DROPBEAR_MD5_HMAC
7c7c5326ad73 clean up some default options Matt Johnston <matt@ucc.asn.au> parents: 1514 diff changeset	113 #define DROPBEAR_MD5_HMAC 0
7c7c5326ad73 clean up some default options Matt Johnston <matt@ucc.asn.au> parents: 1514 diff changeset	114 #endif
7c7c5326ad73 clean up some default options Matt Johnston <matt@ucc.asn.au> parents: 1514 diff changeset	115
7c7c5326ad73 clean up some default options Matt Johnston <matt@ucc.asn.au> parents: 1514 diff changeset	116 /* Twofish counter mode is disabled by default because it
7c7c5326ad73 clean up some default options Matt Johnston <matt@ucc.asn.au> parents: 1514 diff changeset	117 has not been tested for interoperability with other SSH implementations.
7c7c5326ad73 clean up some default options Matt Johnston <matt@ucc.asn.au> parents: 1514 diff changeset	118 If you test it please contact the Dropbear author */
7c7c5326ad73 clean up some default options Matt Johnston <matt@ucc.asn.au> parents: 1514 diff changeset	119 #ifndef DROPBEAR_TWOFISH_CTR
7c7c5326ad73 clean up some default options Matt Johnston <matt@ucc.asn.au> parents: 1514 diff changeset	120 #define DROPBEAR_TWOFISH_CTR 0
7c7c5326ad73 clean up some default options Matt Johnston <matt@ucc.asn.au> parents: 1514 diff changeset	121 #endif
7c7c5326ad73 clean up some default options Matt Johnston <matt@ucc.asn.au> parents: 1514 diff changeset	122
1295 750ec4ec4cbe Convert #ifdef to #if, other build changes Matt Johnston <matt@ucc.asn.au> parents: 1294 diff changeset	123
750ec4ec4cbe Convert #ifdef to #if, other build changes Matt Johnston <matt@ucc.asn.au> parents: 1294 diff changeset	124 #define DROPBEAR_ECC ((DROPBEAR_ECDH) \|\| (DROPBEAR_ECDSA))
750ec4ec4cbe Convert #ifdef to #if, other build changes Matt Johnston <matt@ucc.asn.au> parents: 1294 diff changeset	125
838 4365e12c68e6 A few small fixes for ECC compilation Matt Johnston <matt@ucc.asn.au> parents: 835 diff changeset	126 /* Debian doesn't define this in system headers */
1295 750ec4ec4cbe Convert #ifdef to #if, other build changes Matt Johnston <matt@ucc.asn.au> parents: 1294 diff changeset	127 #if !defined(LTM_DESC) && (DROPBEAR_ECC)
750ec4ec4cbe Convert #ifdef to #if, other build changes Matt Johnston <matt@ucc.asn.au> parents: 1294 diff changeset	128 #define LTM_DESC
869 c63e7644db60 Only define LTM_DESC if it isn't already Matt Johnston <matt@ucc.asn.au> parents: 861 diff changeset	129 #endif
755 b07eb3dc23ec refactor kexdh code a bit, start working on ecdh etc Matt Johnston <matt@ucc.asn.au> parents: 722 diff changeset	130
1295 750ec4ec4cbe Convert #ifdef to #if, other build changes Matt Johnston <matt@ucc.asn.au> parents: 1294 diff changeset	131 #define DROPBEAR_ECC_256 (DROPBEAR_ECC)
750ec4ec4cbe Convert #ifdef to #if, other build changes Matt Johnston <matt@ucc.asn.au> parents: 1294 diff changeset	132 #define DROPBEAR_ECC_384 (DROPBEAR_ECC)
750ec4ec4cbe Convert #ifdef to #if, other build changes Matt Johnston <matt@ucc.asn.au> parents: 1294 diff changeset	133 #define DROPBEAR_ECC_521 (DROPBEAR_ECC)
756 bf9dc2d9c2b1 more bits on ecc branch Matt Johnston <matt@ucc.asn.au> parents: 755 diff changeset	134
1295 750ec4ec4cbe Convert #ifdef to #if, other build changes Matt Johnston <matt@ucc.asn.au> parents: 1294 diff changeset	135 #define DROPBEAR_LTC_PRNG (DROPBEAR_ECC)
761 ac2158e3e403 ecc kind of works, needs fixing/testing Matt Johnston <matt@ucc.asn.au> parents: 759 diff changeset	136
850 7507b174bba0 - Make curve25519 work after fixing a typo, interoperates with OpenSSH Matt Johnston <matt@ucc.asn.au> parents: 847 diff changeset	137 /* RSA can be vulnerable to timing attacks which use the time required for
7507b174bba0 - Make curve25519 work after fixing a typo, interoperates with OpenSSH Matt Johnston <matt@ucc.asn.au> parents: 847 diff changeset	138 * signing to guess the private key. Blinding avoids this attack, though makes
7507b174bba0 - Make curve25519 work after fixing a typo, interoperates with OpenSSH Matt Johnston <matt@ucc.asn.au> parents: 847 diff changeset	139 * signing operations slightly slower. */
1295 750ec4ec4cbe Convert #ifdef to #if, other build changes Matt Johnston <matt@ucc.asn.au> parents: 1294 diff changeset	140 #define DROPBEAR_RSA_BLINDING 1
850 7507b174bba0 - Make curve25519 work after fixing a typo, interoperates with OpenSSH Matt Johnston <matt@ucc.asn.au> parents: 847 diff changeset	141
847 f4bb964c8678 Add '-R' for delayed hostkey option Matt Johnston <matt@ucc.asn.au> parents: 838 diff changeset	142 /* hashes which will be linked and registered */
1295 750ec4ec4cbe Convert #ifdef to #if, other build changes Matt Johnston <matt@ucc.asn.au> parents: 1294 diff changeset	143 #define DROPBEAR_SHA256 ((DROPBEAR_SHA2_256_HMAC) \|\| (DROPBEAR_ECC_256) \
750ec4ec4cbe Convert #ifdef to #if, other build changes Matt Johnston <matt@ucc.asn.au> parents: 1294 diff changeset	144 \|\| (DROPBEAR_CURVE25519) \|\| (DROPBEAR_DH_GROUP14_SHA256))
750ec4ec4cbe Convert #ifdef to #if, other build changes Matt Johnston <matt@ucc.asn.au> parents: 1294 diff changeset	145 #define DROPBEAR_SHA384 (DROPBEAR_ECC_384)
847 f4bb964c8678 Add '-R' for delayed hostkey option Matt Johnston <matt@ucc.asn.au> parents: 838 diff changeset	146 /* LTC SHA384 depends on SHA512 */
1295 750ec4ec4cbe Convert #ifdef to #if, other build changes Matt Johnston <matt@ucc.asn.au> parents: 1294 diff changeset	147 #define DROPBEAR_SHA512 ((DROPBEAR_SHA2_512_HMAC) \|\| (DROPBEAR_ECC_521) \
1659 d32bcb5c557d Add Ed25519 support (#91) Vladislav Grishenko <themiron@users.noreply.github.com> parents: 1654 diff changeset	148 \|\| (DROPBEAR_SHA384) \|\| (DROPBEAR_DH_GROUP16) \
d32bcb5c557d Add Ed25519 support (#91) Vladislav Grishenko <themiron@users.noreply.github.com> parents: 1654 diff changeset	149 \|\| (DROPBEAR_ED25519))
1295 750ec4ec4cbe Convert #ifdef to #if, other build changes Matt Johnston <matt@ucc.asn.au> parents: 1294 diff changeset	150 #define DROPBEAR_MD5 (DROPBEAR_MD5_HMAC)
759 76fba0856749 More changes for KEX and ECDH. Set up hash descriptors, make ECC code work, Matt Johnston <matt@ucc.asn.au> parents: 756 diff changeset	151
1295 750ec4ec4cbe Convert #ifdef to #if, other build changes Matt Johnston <matt@ucc.asn.au> parents: 1294 diff changeset	152 #define DROPBEAR_DH_GROUP14 ((DROPBEAR_DH_GROUP14_SHA256) \|\| (DROPBEAR_DH_GROUP14_SHA1))
1294 56aba7dedbea options for disabling "normal" DH Matt Johnston <matt@ucc.asn.au> parents: 1293 diff changeset	153
1295 750ec4ec4cbe Convert #ifdef to #if, other build changes Matt Johnston <matt@ucc.asn.au> parents: 1294 diff changeset	154 #define DROPBEAR_NORMAL_DH ((DROPBEAR_DH_GROUP1) \|\| (DROPBEAR_DH_GROUP14) \|\| (DROPBEAR_DH_GROUP16))
1248 739b3909c499 Get rid of group15, move group16 to sha512. Matt Johnston <matt@ucc.asn.au> parents: 1230 diff changeset	155
847 f4bb964c8678 Add '-R' for delayed hostkey option Matt Johnston <matt@ucc.asn.au> parents: 838 diff changeset	156 /* roughly 2x 521 bits */
755 b07eb3dc23ec refactor kexdh code a bit, start working on ecdh etc Matt Johnston <matt@ucc.asn.au> parents: 722 diff changeset	157 #define MAX_ECC_SIZE 140
b07eb3dc23ec refactor kexdh code a bit, start working on ecdh etc Matt Johnston <matt@ucc.asn.au> parents: 722 diff changeset	158
499 f3ca5ebc319a Split options.h out into sysoptions.h for options that aren't usually Matt Johnston <matt@ucc.asn.au> parents: diff changeset	159 #define MAX_NAME_LEN 64 /* maximum length of a protocol name, isn't
f3ca5ebc319a Split options.h out into sysoptions.h for options that aren't usually Matt Johnston <matt@ucc.asn.au> parents: diff changeset	160 explicitly specified for all protocols (just
f3ca5ebc319a Split options.h out into sysoptions.h for options that aren't usually Matt Johnston <matt@ucc.asn.au> parents: diff changeset	161 for algos) but seems valid */
f3ca5ebc319a Split options.h out into sysoptions.h for options that aren't usually Matt Johnston <matt@ucc.asn.au> parents: diff changeset	162
f3ca5ebc319a Split options.h out into sysoptions.h for options that aren't usually Matt Johnston <matt@ucc.asn.au> parents: diff changeset	163 #define MAX_PROPOSED_ALGO 20
f3ca5ebc319a Split options.h out into sysoptions.h for options that aren't usually Matt Johnston <matt@ucc.asn.au> parents: diff changeset	164
f3ca5ebc319a Split options.h out into sysoptions.h for options that aren't usually Matt Johnston <matt@ucc.asn.au> parents: diff changeset	165 /* size/count limits */
603 3aa74a4d83ae Refer to RFCs rather than drafts, update some section references Matt Johnston <matt@ucc.asn.au> parents: 598 diff changeset	166 /* From transport rfc */
499 f3ca5ebc319a Split options.h out into sysoptions.h for options that aren't usually Matt Johnston <matt@ucc.asn.au> parents: diff changeset	167 #define MIN_PACKET_LEN 16
f3ca5ebc319a Split options.h out into sysoptions.h for options that aren't usually Matt Johnston <matt@ucc.asn.au> parents: diff changeset	168
f3ca5ebc319a Split options.h out into sysoptions.h for options that aren't usually Matt Johnston <matt@ucc.asn.au> parents: diff changeset	169 #define RECV_MAX_PACKET_LEN (MAX(35000, ((RECV_MAX_PAYLOAD_LEN)+100)))
f3ca5ebc319a Split options.h out into sysoptions.h for options that aren't usually Matt Johnston <matt@ucc.asn.au> parents: diff changeset	170
f3ca5ebc319a Split options.h out into sysoptions.h for options that aren't usually Matt Johnston <matt@ucc.asn.au> parents: diff changeset	171 /* for channel code */
f3ca5ebc319a Split options.h out into sysoptions.h for options that aren't usually Matt Johnston <matt@ucc.asn.au> parents: diff changeset	172 #define TRANS_MAX_WINDOW 500000000 /* 500MB is sufficient, stopping overflow */
f3ca5ebc319a Split options.h out into sysoptions.h for options that aren't usually Matt Johnston <matt@ucc.asn.au> parents: diff changeset	173 #define TRANS_MAX_WIN_INCR 500000000 /* overflow prevention */
f3ca5ebc319a Split options.h out into sysoptions.h for options that aren't usually Matt Johnston <matt@ucc.asn.au> parents: diff changeset	174
f3ca5ebc319a Split options.h out into sysoptions.h for options that aren't usually Matt Johnston <matt@ucc.asn.au> parents: diff changeset	175 #define RECV_WINDOWEXTEND (opts.recv_window / 3) /* We send a "window extend" every
f3ca5ebc319a Split options.h out into sysoptions.h for options that aren't usually Matt Johnston <matt@ucc.asn.au> parents: diff changeset	176 RECV_WINDOWEXTEND bytes */
f3ca5ebc319a Split options.h out into sysoptions.h for options that aren't usually Matt Johnston <matt@ucc.asn.au> parents: diff changeset	177 #define MAX_RECV_WINDOW (10241024) / 1 MB should be enough */
f3ca5ebc319a Split options.h out into sysoptions.h for options that aren't usually Matt Johnston <matt@ucc.asn.au> parents: diff changeset	178
1169 41a5820cab8b Increase channel limit to 1000 Matt Johnston <matt@ucc.asn.au> parents: 1147 diff changeset	179 #define MAX_CHANNELS 1000 /* simple mem restriction, includes each tcp/x11
499 f3ca5ebc319a Split options.h out into sysoptions.h for options that aren't usually Matt Johnston <matt@ucc.asn.au> parents: diff changeset	180 connection, so can't be _too_ small */
f3ca5ebc319a Split options.h out into sysoptions.h for options that aren't usually Matt Johnston <matt@ucc.asn.au> parents: diff changeset	181
1138 cc3916a7afd9 increase MAX_CMD_LEN to 9000 Matt Johnston <matt@ucc.asn.au> parents: 1084 diff changeset	182 #define MAX_STRING_LEN (MAX(MAX_CMD_LEN, 2400)) /* Sun SSH needs 2400 for algos,
cc3916a7afd9 increase MAX_CMD_LEN to 9000 Matt Johnston <matt@ucc.asn.au> parents: 1084 diff changeset	183 MAX_CMD_LEN is usually longer */
499 f3ca5ebc319a Split options.h out into sysoptions.h for options that aren't usually Matt Johnston <matt@ucc.asn.au> parents: diff changeset	184
f3ca5ebc319a Split options.h out into sysoptions.h for options that aren't usually Matt Johnston <matt@ucc.asn.au> parents: diff changeset	185 /* For a 4096 bit DSS key, empirically determined */
f3ca5ebc319a Split options.h out into sysoptions.h for options that aren't usually Matt Johnston <matt@ucc.asn.au> parents: diff changeset	186 #define MAX_PUBKEY_SIZE 1700
f3ca5ebc319a Split options.h out into sysoptions.h for options that aren't usually Matt Johnston <matt@ucc.asn.au> parents: diff changeset	187 /* For a 4096 bit DSS key, empirically determined */
f3ca5ebc319a Split options.h out into sysoptions.h for options that aren't usually Matt Johnston <matt@ucc.asn.au> parents: diff changeset	188 #define MAX_PRIVKEY_SIZE 1700
f3ca5ebc319a Split options.h out into sysoptions.h for options that aren't usually Matt Johnston <matt@ucc.asn.au> parents: diff changeset	189
1659 d32bcb5c557d Add Ed25519 support (#91) Vladislav Grishenko <themiron@users.noreply.github.com> parents: 1654 diff changeset	190 #define MAX_HOSTKEYS 4
795 7f604f9b3756 ecdsa is working Matt Johnston <matt@ucc.asn.au> parents: 794 diff changeset	191
499 f3ca5ebc319a Split options.h out into sysoptions.h for options that aren't usually Matt Johnston <matt@ucc.asn.au> parents: diff changeset	192 /* The maximum size of the bignum portion of the kexhash buffer */
603 3aa74a4d83ae Refer to RFCs rather than drafts, update some section references Matt Johnston <matt@ucc.asn.au> parents: 598 diff changeset	193 /* Sect. 8 of the transport rfc 4253, K_S + e + f + K */
499 f3ca5ebc319a Split options.h out into sysoptions.h for options that aren't usually Matt Johnston <matt@ucc.asn.au> parents: diff changeset	194 #define KEXHASHBUF_MAX_INTS (1700 + 130 + 130 + 130)
f3ca5ebc319a Split options.h out into sysoptions.h for options that aren't usually Matt Johnston <matt@ucc.asn.au> parents: diff changeset	195
f3ca5ebc319a Split options.h out into sysoptions.h for options that aren't usually Matt Johnston <matt@ucc.asn.au> parents: diff changeset	196 #define DROPBEAR_MAX_SOCKS 2 /* IPv4, IPv6 are all we'll get for now. Revisit
f3ca5ebc319a Split options.h out into sysoptions.h for options that aren't usually Matt Johnston <matt@ucc.asn.au> parents: diff changeset	197 in a few years time.... */
f3ca5ebc319a Split options.h out into sysoptions.h for options that aren't usually Matt Johnston <matt@ucc.asn.au> parents: diff changeset	198
f3ca5ebc319a Split options.h out into sysoptions.h for options that aren't usually Matt Johnston <matt@ucc.asn.au> parents: diff changeset	199 #define DROPBEAR_MAX_CLI_PASS 1024
f3ca5ebc319a Split options.h out into sysoptions.h for options that aren't usually Matt Johnston <matt@ucc.asn.au> parents: diff changeset	200
f3ca5ebc319a Split options.h out into sysoptions.h for options that aren't usually Matt Johnston <matt@ucc.asn.au> parents: diff changeset	201 #define DROPBEAR_MAX_CLI_INTERACT_PROMPTS 80 /* The number of prompts we'll
f3ca5ebc319a Split options.h out into sysoptions.h for options that aren't usually Matt Johnston <matt@ucc.asn.au> parents: diff changeset	202 accept for keyb-interactive
f3ca5ebc319a Split options.h out into sysoptions.h for options that aren't usually Matt Johnston <matt@ucc.asn.au> parents: diff changeset	203 auth */
f3ca5ebc319a Split options.h out into sysoptions.h for options that aren't usually Matt Johnston <matt@ucc.asn.au> parents: diff changeset	204
883 ff597bf2cfb0 DROPBEAR_CLI_AUTH_IMMEDIATE fixed, now enabled by default Matt Johnston <matt@ucc.asn.au> parents: 878 diff changeset	205
1295 750ec4ec4cbe Convert #ifdef to #if, other build changes Matt Johnston <matt@ucc.asn.au> parents: 1294 diff changeset	206 #define DROPBEAR_AES ((DROPBEAR_AES256) \|\| (DROPBEAR_AES128))
499 f3ca5ebc319a Split options.h out into sysoptions.h for options that aren't usually Matt Johnston <matt@ucc.asn.au> parents: diff changeset	207
1295 750ec4ec4cbe Convert #ifdef to #if, other build changes Matt Johnston <matt@ucc.asn.au> parents: 1294 diff changeset	208 #define DROPBEAR_TWOFISH ((DROPBEAR_TWOFISH256) \|\| (DROPBEAR_TWOFISH128))
499 f3ca5ebc319a Split options.h out into sysoptions.h for options that aren't usually Matt Johnston <matt@ucc.asn.au> parents: diff changeset	209
1295 750ec4ec4cbe Convert #ifdef to #if, other build changes Matt Johnston <matt@ucc.asn.au> parents: 1294 diff changeset	210 #define DROPBEAR_CLI_ANYTCPFWD ((DROPBEAR_CLI_REMOTETCPFWD) \|\| (DROPBEAR_CLI_LOCALTCPFWD))
499 f3ca5ebc319a Split options.h out into sysoptions.h for options that aren't usually Matt Johnston <matt@ucc.asn.au> parents: diff changeset	211
1295 750ec4ec4cbe Convert #ifdef to #if, other build changes Matt Johnston <matt@ucc.asn.au> parents: 1294 diff changeset	212 #define DROPBEAR_TCP_ACCEPT ((DROPBEAR_CLI_LOCALTCPFWD) \|\| (DROPBEAR_SVR_REMOTETCPFWD))
499 f3ca5ebc319a Split options.h out into sysoptions.h for options that aren't usually Matt Johnston <matt@ucc.asn.au> parents: diff changeset	213
1295 750ec4ec4cbe Convert #ifdef to #if, other build changes Matt Johnston <matt@ucc.asn.au> parents: 1294 diff changeset	214 #define DROPBEAR_LISTENERS \
750ec4ec4cbe Convert #ifdef to #if, other build changes Matt Johnston <matt@ucc.asn.au> parents: 1294 diff changeset	215 ((DROPBEAR_CLI_REMOTETCPFWD) \|\| (DROPBEAR_CLI_LOCALTCPFWD) \|\| \
750ec4ec4cbe Convert #ifdef to #if, other build changes Matt Johnston <matt@ucc.asn.au> parents: 1294 diff changeset	216 (DROPBEAR_SVR_REMOTETCPFWD) \|\| (DROPBEAR_SVR_LOCALTCPFWD) \|\| \
750ec4ec4cbe Convert #ifdef to #if, other build changes Matt Johnston <matt@ucc.asn.au> parents: 1294 diff changeset	217 (DROPBEAR_SVR_AGENTFWD) \|\| (DROPBEAR_X11FWD))
499 f3ca5ebc319a Split options.h out into sysoptions.h for options that aren't usually Matt Johnston <matt@ucc.asn.au> parents: diff changeset	218
1295 750ec4ec4cbe Convert #ifdef to #if, other build changes Matt Johnston <matt@ucc.asn.au> parents: 1294 diff changeset	219 #define DROPBEAR_CLI_MULTIHOP ((DROPBEAR_CLI_NETCAT) && (DROPBEAR_CLI_PROXYCMD))
499 f3ca5ebc319a Split options.h out into sysoptions.h for options that aren't usually Matt Johnston <matt@ucc.asn.au> parents: diff changeset	220
1499 2d450c1056e3 options: Complete the transition to numeric toggles (`#if') Michael Witten <mfwitten@gmail.com> parents: 1477 diff changeset	221 #define ENABLE_CONNECT_UNIX ((DROPBEAR_CLI_AGENTFWD) \|\| (DROPBEAR_USE_PRNGD))
547 cf376c696dfc Make it compile, update for changes in channel structure. Matt Johnston <matt@ucc.asn.au> parents: 521 diff changeset	222
1295 750ec4ec4cbe Convert #ifdef to #if, other build changes Matt Johnston <matt@ucc.asn.au> parents: 1294 diff changeset	223 /* if we're using authorized_keys or known_hosts */
750ec4ec4cbe Convert #ifdef to #if, other build changes Matt Johnston <matt@ucc.asn.au> parents: 1294 diff changeset	224 #define DROPBEAR_KEY_LINES ((DROPBEAR_CLIENT) \|\| (DROPBEAR_SVR_PUBKEY_AUTH))
499 f3ca5ebc319a Split options.h out into sysoptions.h for options that aren't usually Matt Johnston <matt@ucc.asn.au> parents: diff changeset	225
605 53c21d4ec98a - Don't allow setting memLevel since that doesn't work properly Matt Johnston <matt@ucc.asn.au> parents: 598 diff changeset	226 /* Changing this is inadvisable, it appears to have problems
53c21d4ec98a - Don't allow setting memLevel since that doesn't work properly Matt Johnston <matt@ucc.asn.au> parents: 598 diff changeset	227 * with flushing compressed data */
53c21d4ec98a - Don't allow setting memLevel since that doesn't work properly Matt Johnston <matt@ucc.asn.au> parents: 598 diff changeset	228 #define DROPBEAR_ZLIB_MEM_LEVEL 8
53c21d4ec98a - Don't allow setting memLevel since that doesn't work properly Matt Johnston <matt@ucc.asn.au> parents: 598 diff changeset	229
1295 750ec4ec4cbe Convert #ifdef to #if, other build changes Matt Johnston <matt@ucc.asn.au> parents: 1294 diff changeset	230 #if (DROPBEAR_SVR_PASSWORD_AUTH) && (DROPBEAR_SVR_PAM_AUTH)
1615 cd23631dab5c fix error message to say localoptions.h Matt Johnston <matt@ucc.asn.au> parents: 1554 diff changeset	231 #error "You can't turn on PASSWORD and PAM auth both at once. Fix it in localoptions.h"
499 f3ca5ebc319a Split options.h out into sysoptions.h for options that aren't usually Matt Johnston <matt@ucc.asn.au> parents: diff changeset	232 #endif
f3ca5ebc319a Split options.h out into sysoptions.h for options that aren't usually Matt Johnston <matt@ucc.asn.au> parents: diff changeset	233
1514 6c16a05023aa rename some options and move some to sysoptions.h Matt Johnston <matt@ucc.asn.au> parents: 1499 diff changeset	234 /* PAM requires ./configure --enable-pam */
6c16a05023aa rename some options and move some to sysoptions.h Matt Johnston <matt@ucc.asn.au> parents: 1499 diff changeset	235 #if !defined(HAVE_LIBPAM) && DROPBEAR_SVR_PAM_AUTH
6c16a05023aa rename some options and move some to sysoptions.h Matt Johnston <matt@ucc.asn.au> parents: 1499 diff changeset	236 #error "DROPBEAR_SVR_PATM_AUTH requires PAM headers. Perhaps ./configure --enable-pam ?"
6c16a05023aa rename some options and move some to sysoptions.h Matt Johnston <matt@ucc.asn.au> parents: 1499 diff changeset	237 #endif
6c16a05023aa rename some options and move some to sysoptions.h Matt Johnston <matt@ucc.asn.au> parents: 1499 diff changeset	238
6c16a05023aa rename some options and move some to sysoptions.h Matt Johnston <matt@ucc.asn.au> parents: 1499 diff changeset	239 #if DROPBEAR_SVR_PASSWORD_AUTH && !HAVE_CRYPT
6c16a05023aa rename some options and move some to sysoptions.h Matt Johnston <matt@ucc.asn.au> parents: 1499 diff changeset	240 #error "DROPBEAR_SVR_PASSWORD_AUTH requires `crypt()'."
6c16a05023aa rename some options and move some to sysoptions.h Matt Johnston <matt@ucc.asn.au> parents: 1499 diff changeset	241 #endif
6c16a05023aa rename some options and move some to sysoptions.h Matt Johnston <matt@ucc.asn.au> parents: 1499 diff changeset	242
6c16a05023aa rename some options and move some to sysoptions.h Matt Johnston <matt@ucc.asn.au> parents: 1499 diff changeset	243 #if !(DROPBEAR_SVR_PASSWORD_AUTH \|\| DROPBEAR_SVR_PAM_AUTH \|\| DROPBEAR_SVR_PUBKEY_AUTH)
6c16a05023aa rename some options and move some to sysoptions.h Matt Johnston <matt@ucc.asn.au> parents: 1499 diff changeset	244 #error "At least one server authentication type must be enabled. DROPBEAR_SVR_PUBKEY_AUTH and DROPBEAR_SVR_PASSWORD_AUTH are recommended."
6c16a05023aa rename some options and move some to sysoptions.h Matt Johnston <matt@ucc.asn.au> parents: 1499 diff changeset	245 #endif
6c16a05023aa rename some options and move some to sysoptions.h Matt Johnston <matt@ucc.asn.au> parents: 1499 diff changeset	246
1654 cc0fc5131c5c Rename EPKA -> Plugin Matt Johnston <matt@ucc.asn.au> parents: 1653 diff changeset	247 #if (DROPBEAR_PLUGIN && !DROPBEAR_SVR_PUBKEY_AUTH)
cc0fc5131c5c Rename EPKA -> Plugin Matt Johnston <matt@ucc.asn.au> parents: 1653 diff changeset	248 #error "You must define DROPBEAR_SVR_PUBKEY_AUTH in order to use plugins"
1653 76189c9ffea2 External Public-Key Authentication API (#72) fabriziobertocci <fabriziobertocci@gmail.com> parents: 1650 diff changeset	249 #endif
1514 6c16a05023aa rename some options and move some to sysoptions.h Matt Johnston <matt@ucc.asn.au> parents: 1499 diff changeset	250
6c16a05023aa rename some options and move some to sysoptions.h Matt Johnston <matt@ucc.asn.au> parents: 1499 diff changeset	251 #if !(DROPBEAR_AES128 \|\| DROPBEAR_3DES \|\| DROPBEAR_AES256 \|\| DROPBEAR_BLOWFISH \
6c16a05023aa rename some options and move some to sysoptions.h Matt Johnston <matt@ucc.asn.au> parents: 1499 diff changeset	252 \|\| DROPBEAR_TWOFISH256 \|\| DROPBEAR_TWOFISH128)
6c16a05023aa rename some options and move some to sysoptions.h Matt Johnston <matt@ucc.asn.au> parents: 1499 diff changeset	253 #error "At least one encryption algorithm must be enabled. AES128 is recommended."
6c16a05023aa rename some options and move some to sysoptions.h Matt Johnston <matt@ucc.asn.au> parents: 1499 diff changeset	254 #endif
6c16a05023aa rename some options and move some to sysoptions.h Matt Johnston <matt@ucc.asn.au> parents: 1499 diff changeset	255
1659 d32bcb5c557d Add Ed25519 support (#91) Vladislav Grishenko <themiron@users.noreply.github.com> parents: 1654 diff changeset	256 #if !(DROPBEAR_RSA \|\| DROPBEAR_DSS \|\| DROPBEAR_ECDSA \|\| DROPBEAR_ED25519)
1514 6c16a05023aa rename some options and move some to sysoptions.h Matt Johnston <matt@ucc.asn.au> parents: 1499 diff changeset	257 #error "At least one hostkey or public-key algorithm must be enabled; RSA is recommended."
6c16a05023aa rename some options and move some to sysoptions.h Matt Johnston <matt@ucc.asn.au> parents: 1499 diff changeset	258 #endif
6c16a05023aa rename some options and move some to sysoptions.h Matt Johnston <matt@ucc.asn.au> parents: 1499 diff changeset	259
6c16a05023aa rename some options and move some to sysoptions.h Matt Johnston <matt@ucc.asn.au> parents: 1499 diff changeset	260 /* Source for randomness. This must be able to provide hundreds of bytes per SSH
6c16a05023aa rename some options and move some to sysoptions.h Matt Johnston <matt@ucc.asn.au> parents: 1499 diff changeset	261 * connection without blocking. */
6c16a05023aa rename some options and move some to sysoptions.h Matt Johnston <matt@ucc.asn.au> parents: 1499 diff changeset	262 #ifndef DROPBEAR_URANDOM_DEV
6c16a05023aa rename some options and move some to sysoptions.h Matt Johnston <matt@ucc.asn.au> parents: 1499 diff changeset	263 #define DROPBEAR_URANDOM_DEV "/dev/urandom"
6c16a05023aa rename some options and move some to sysoptions.h Matt Johnston <matt@ucc.asn.au> parents: 1499 diff changeset	264 #endif
6c16a05023aa rename some options and move some to sysoptions.h Matt Johnston <matt@ucc.asn.au> parents: 1499 diff changeset	265
6c16a05023aa rename some options and move some to sysoptions.h Matt Johnston <matt@ucc.asn.au> parents: 1499 diff changeset	266 /* client keyboard interactive authentication is often used for password auth.
6c16a05023aa rename some options and move some to sysoptions.h Matt Johnston <matt@ucc.asn.au> parents: 1499 diff changeset	267 rfc4256 */
6c16a05023aa rename some options and move some to sysoptions.h Matt Johnston <matt@ucc.asn.au> parents: 1499 diff changeset	268 #define DROPBEAR_CLI_INTERACT_AUTH (DROPBEAR_CLI_PASSWORD_AUTH)
6c16a05023aa rename some options and move some to sysoptions.h Matt Johnston <matt@ucc.asn.au> parents: 1499 diff changeset	269
499 f3ca5ebc319a Split options.h out into sysoptions.h for options that aren't usually Matt Johnston <matt@ucc.asn.au> parents: diff changeset	270 /* We use dropbear_client and dropbear_server as shortcuts to avoid redundant
f3ca5ebc319a Split options.h out into sysoptions.h for options that aren't usually Matt Johnston <matt@ucc.asn.au> parents: diff changeset	271 * code, if we're just compiling as client or server */
1295 750ec4ec4cbe Convert #ifdef to #if, other build changes Matt Johnston <matt@ucc.asn.au> parents: 1294 diff changeset	272 #if (DROPBEAR_SERVER) && (DROPBEAR_CLIENT)
499 f3ca5ebc319a Split options.h out into sysoptions.h for options that aren't usually Matt Johnston <matt@ucc.asn.au> parents: diff changeset	273
f3ca5ebc319a Split options.h out into sysoptions.h for options that aren't usually Matt Johnston <matt@ucc.asn.au> parents: diff changeset	274 #define IS_DROPBEAR_SERVER (ses.isserver == 1)
f3ca5ebc319a Split options.h out into sysoptions.h for options that aren't usually Matt Johnston <matt@ucc.asn.au> parents: diff changeset	275 #define IS_DROPBEAR_CLIENT (ses.isserver == 0)
f3ca5ebc319a Split options.h out into sysoptions.h for options that aren't usually Matt Johnston <matt@ucc.asn.au> parents: diff changeset	276
1295 750ec4ec4cbe Convert #ifdef to #if, other build changes Matt Johnston <matt@ucc.asn.au> parents: 1294 diff changeset	277 #elif DROPBEAR_SERVER
499 f3ca5ebc319a Split options.h out into sysoptions.h for options that aren't usually Matt Johnston <matt@ucc.asn.au> parents: diff changeset	278
f3ca5ebc319a Split options.h out into sysoptions.h for options that aren't usually Matt Johnston <matt@ucc.asn.au> parents: diff changeset	279 #define IS_DROPBEAR_SERVER 1
f3ca5ebc319a Split options.h out into sysoptions.h for options that aren't usually Matt Johnston <matt@ucc.asn.au> parents: diff changeset	280 #define IS_DROPBEAR_CLIENT 0
f3ca5ebc319a Split options.h out into sysoptions.h for options that aren't usually Matt Johnston <matt@ucc.asn.au> parents: diff changeset	281
1295 750ec4ec4cbe Convert #ifdef to #if, other build changes Matt Johnston <matt@ucc.asn.au> parents: 1294 diff changeset	282 #elif DROPBEAR_CLIENT
499 f3ca5ebc319a Split options.h out into sysoptions.h for options that aren't usually Matt Johnston <matt@ucc.asn.au> parents: diff changeset	283
f3ca5ebc319a Split options.h out into sysoptions.h for options that aren't usually Matt Johnston <matt@ucc.asn.au> parents: diff changeset	284 #define IS_DROPBEAR_SERVER 0
f3ca5ebc319a Split options.h out into sysoptions.h for options that aren't usually Matt Johnston <matt@ucc.asn.au> parents: diff changeset	285 #define IS_DROPBEAR_CLIENT 1
f3ca5ebc319a Split options.h out into sysoptions.h for options that aren't usually Matt Johnston <matt@ucc.asn.au> parents: diff changeset	286
f3ca5ebc319a Split options.h out into sysoptions.h for options that aren't usually Matt Johnston <matt@ucc.asn.au> parents: diff changeset	287 #else
521 cc2dff9bd671 - Allow building with neither server nor client specified Matt Johnston <matt@ucc.asn.au> parents: 516 diff changeset	288 /* Just building key utils? */
cc2dff9bd671 - Allow building with neither server nor client specified Matt Johnston <matt@ucc.asn.au> parents: 516 diff changeset	289 #define IS_DROPBEAR_SERVER 0
cc2dff9bd671 - Allow building with neither server nor client specified Matt Johnston <matt@ucc.asn.au> parents: 516 diff changeset	290 #define IS_DROPBEAR_CLIENT 0
cc2dff9bd671 - Allow building with neither server nor client specified Matt Johnston <matt@ucc.asn.au> parents: 516 diff changeset	291
667 fc7ae88e63b3 Rename HAVE_FORK to USE_VFORK Matt Johnston <matt@ucc.asn.au> parents: 661 diff changeset	292 #endif /* neither DROPBEAR_SERVER nor DROPBEAR_CLIENT */
fc7ae88e63b3 Rename HAVE_FORK to USE_VFORK Matt Johnston <matt@ucc.asn.au> parents: 661 diff changeset	293
1295 750ec4ec4cbe Convert #ifdef to #if, other build changes Matt Johnston <matt@ucc.asn.au> parents: 1294 diff changeset	294 #ifdef HAVE_FORK
750ec4ec4cbe Convert #ifdef to #if, other build changes Matt Johnston <matt@ucc.asn.au> parents: 1294 diff changeset	295 #define DROPBEAR_VFORK 0
750ec4ec4cbe Convert #ifdef to #if, other build changes Matt Johnston <matt@ucc.asn.au> parents: 1294 diff changeset	296 #else
750ec4ec4cbe Convert #ifdef to #if, other build changes Matt Johnston <matt@ucc.asn.au> parents: 1294 diff changeset	297 #define DROPBEAR_VFORK 1
750ec4ec4cbe Convert #ifdef to #if, other build changes Matt Johnston <matt@ucc.asn.au> parents: 1294 diff changeset	298 #endif
667 fc7ae88e63b3 Rename HAVE_FORK to USE_VFORK Matt Johnston <matt@ucc.asn.au> parents: 661 diff changeset	299
1440 8b74d5f876a7 sysoptions.h: Add ability to override DROPBEAR_LISTEN_BACKLOG Ben Gardner <bgardner@wabtec.com> parents: 1342 diff changeset	300 #ifndef DROPBEAR_LISTEN_BACKLOG
936 d93a6bcf616f Improve handling lots of concurrent forwarded connections. Increase Matt Johnston <matt@ucc.asn.au> parents: 902 diff changeset	301 #if MAX_UNAUTH_CLIENTS > MAX_CHANNELS
d93a6bcf616f Improve handling lots of concurrent forwarded connections. Increase Matt Johnston <matt@ucc.asn.au> parents: 902 diff changeset	302 #define DROPBEAR_LISTEN_BACKLOG MAX_UNAUTH_CLIENTS
d93a6bcf616f Improve handling lots of concurrent forwarded connections. Increase Matt Johnston <matt@ucc.asn.au> parents: 902 diff changeset	303 #else
d93a6bcf616f Improve handling lots of concurrent forwarded connections. Increase Matt Johnston <matt@ucc.asn.au> parents: 902 diff changeset	304 #define DROPBEAR_LISTEN_BACKLOG MAX_CHANNELS
d93a6bcf616f Improve handling lots of concurrent forwarded connections. Increase Matt Johnston <matt@ucc.asn.au> parents: 902 diff changeset	305 #endif
1440 8b74d5f876a7 sysoptions.h: Add ability to override DROPBEAR_LISTEN_BACKLOG Ben Gardner <bgardner@wabtec.com> parents: 1342 diff changeset	306 #endif
936 d93a6bcf616f Improve handling lots of concurrent forwarded connections. Increase Matt Johnston <matt@ucc.asn.au> parents: 902 diff changeset	307
1040 2b4fd440399d Free memory before exiting. Based on patch from Thorsten Horstmann. Matt Johnston <matt@ucc.asn.au> parents: 1009 diff changeset	308 /* free memory before exiting */
1295 750ec4ec4cbe Convert #ifdef to #if, other build changes Matt Johnston <matt@ucc.asn.au> parents: 1294 diff changeset	309 #define DROPBEAR_CLEANUP 1
1040 2b4fd440399d Free memory before exiting. Based on patch from Thorsten Horstmann. Matt Johnston <matt@ucc.asn.au> parents: 1009 diff changeset	310
970 0bb16232e7c4 Make keepalive handling more robust, this should now match what OpenSSH does Matt Johnston <matt@ucc.asn.au> parents: 965 diff changeset	311 /* Use this string since some implementations might special-case it */
0bb16232e7c4 Make keepalive handling more robust, this should now match what OpenSSH does Matt Johnston <matt@ucc.asn.au> parents: 965 diff changeset	312 #define DROPBEAR_KEEPALIVE_STRING "[email protected]"
0bb16232e7c4 Make keepalive handling more robust, this should now match what OpenSSH does Matt Johnston <matt@ucc.asn.au> parents: 965 diff changeset	313
1084 2265d7ebfdeb separate client/server fastopen options Matt Johnston <matt@ucc.asn.au> parents: 1049 diff changeset	314 /* Linux will attempt TCP fast open, falling back if not supported by the kernel.
2265d7ebfdeb separate client/server fastopen options Matt Johnston <matt@ucc.asn.au> parents: 1049 diff changeset	315 * Currently server is enabled but client is disabled by default until there
2265d7ebfdeb separate client/server fastopen options Matt Johnston <matt@ucc.asn.au> parents: 1049 diff changeset	316 * is further compatibility testing */
1033 ca71904cf3ee Fixes for backwards compatibility Matt Johnston <matt@ucc.asn.au> parents: 1009 diff changeset	317 #ifdef __linux__
1295 750ec4ec4cbe Convert #ifdef to #if, other build changes Matt Johnston <matt@ucc.asn.au> parents: 1294 diff changeset	318 #define DROPBEAR_SERVER_TCP_FAST_OPEN 1
750ec4ec4cbe Convert #ifdef to #if, other build changes Matt Johnston <matt@ucc.asn.au> parents: 1294 diff changeset	319 #define DROPBEAR_CLIENT_TCP_FAST_OPEN 0
750ec4ec4cbe Convert #ifdef to #if, other build changes Matt Johnston <matt@ucc.asn.au> parents: 1294 diff changeset	320 #else
750ec4ec4cbe Convert #ifdef to #if, other build changes Matt Johnston <matt@ucc.asn.au> parents: 1294 diff changeset	321 #define DROPBEAR_SERVER_TCP_FAST_OPEN 0
750ec4ec4cbe Convert #ifdef to #if, other build changes Matt Johnston <matt@ucc.asn.au> parents: 1294 diff changeset	322 #define DROPBEAR_CLIENT_TCP_FAST_OPEN 0
1033 ca71904cf3ee Fixes for backwards compatibility Matt Johnston <matt@ucc.asn.au> parents: 1009 diff changeset	323 #endif
ca71904cf3ee Fixes for backwards compatibility Matt Johnston <matt@ucc.asn.au> parents: 1009 diff changeset	324
1569 c42e8ff42bd1 Only use malloc wrapper if fuzzing Matt Johnston <matt@ucc.asn.au> parents: 1554 diff changeset	325 #define DROPBEAR_TRACKING_MALLOC (DROPBEAR_FUZZ)
c42e8ff42bd1 Only use malloc wrapper if fuzzing Matt Johnston <matt@ucc.asn.au> parents: 1554 diff changeset	326
1596 60fceff95858 workaround memory sanitizer FD_ZERO false positives Matt Johnston <matt@ucc.asn.au> parents: 1569 diff changeset	327 /* Used to work around Memory Sanitizer false positives */
60fceff95858 workaround memory sanitizer FD_ZERO false positives Matt Johnston <matt@ucc.asn.au> parents: 1569 diff changeset	328 #if defined(__has_feature)
60fceff95858 workaround memory sanitizer FD_ZERO false positives Matt Johnston <matt@ucc.asn.au> parents: 1569 diff changeset	329 # if __has_feature(memory_sanitizer)
60fceff95858 workaround memory sanitizer FD_ZERO false positives Matt Johnston <matt@ucc.asn.au> parents: 1569 diff changeset	330 # define DROPBEAR_MSAN 1
60fceff95858 workaround memory sanitizer FD_ZERO false positives Matt Johnston <matt@ucc.asn.au> parents: 1569 diff changeset	331 # endif
60fceff95858 workaround memory sanitizer FD_ZERO false positives Matt Johnston <matt@ucc.asn.au> parents: 1569 diff changeset	332 #endif
60fceff95858 workaround memory sanitizer FD_ZERO false positives Matt Johnston <matt@ucc.asn.au> parents: 1569 diff changeset	333 #ifndef DROPBEAR_MSAN
60fceff95858 workaround memory sanitizer FD_ZERO false positives Matt Johnston <matt@ucc.asn.au> parents: 1569 diff changeset	334 #define DROPBEAR_MSAN 0
60fceff95858 workaround memory sanitizer FD_ZERO false positives Matt Johnston <matt@ucc.asn.au> parents: 1569 diff changeset	335 #endif
60fceff95858 workaround memory sanitizer FD_ZERO false positives Matt Johnston <matt@ucc.asn.au> parents: 1569 diff changeset	336
60fceff95858 workaround memory sanitizer FD_ZERO false positives Matt Johnston <matt@ucc.asn.au> parents: 1569 diff changeset	337
667 fc7ae88e63b3 Rename HAVE_FORK to USE_VFORK Matt Johnston <matt@ucc.asn.au> parents: 661 diff changeset	338 /* no include guard for this file */

Mercurial > dropbear

annotate sysoptions.h @ 1665:7c17995bcdfb