Mercurial > dropbear
annotate sysoptions.h @ 661:c015af8a71cf
2012.55
author | Matt Johnston <matt@ucc.asn.au> |
---|---|
date | Wed, 22 Feb 2012 22:12:15 +0800 |
parents | 3f12086c2ef2 |
children | fc7ae88e63b3 |
rev | line source |
---|---|
499
f3ca5ebc319a
Split options.h out into sysoptions.h for options that aren't usually
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1 /******************************************************************* |
f3ca5ebc319a
Split options.h out into sysoptions.h for options that aren't usually
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
2 * You shouldn't edit this file unless you know you need to. |
f3ca5ebc319a
Split options.h out into sysoptions.h for options that aren't usually
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
3 * This file is only included from options.h |
f3ca5ebc319a
Split options.h out into sysoptions.h for options that aren't usually
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
4 *******************************************************************/ |
f3ca5ebc319a
Split options.h out into sysoptions.h for options that aren't usually
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
5 |
f3ca5ebc319a
Split options.h out into sysoptions.h for options that aren't usually
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
6 #ifndef DROPBEAR_VERSION |
661 | 7 #define DROPBEAR_VERSION "2012.55" |
499
f3ca5ebc319a
Split options.h out into sysoptions.h for options that aren't usually
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
8 #endif |
f3ca5ebc319a
Split options.h out into sysoptions.h for options that aren't usually
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
9 |
f3ca5ebc319a
Split options.h out into sysoptions.h for options that aren't usually
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
10 #define LOCAL_IDENT "SSH-2.0-dropbear_" DROPBEAR_VERSION |
f3ca5ebc319a
Split options.h out into sysoptions.h for options that aren't usually
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
11 #define PROGNAME "dropbear" |
f3ca5ebc319a
Split options.h out into sysoptions.h for options that aren't usually
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
12 |
f3ca5ebc319a
Split options.h out into sysoptions.h for options that aren't usually
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
13 /* Spec recommends after one hour or 1 gigabyte of data. One hour |
f3ca5ebc319a
Split options.h out into sysoptions.h for options that aren't usually
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
14 * is a bit too verbose, so we try 8 hours */ |
f3ca5ebc319a
Split options.h out into sysoptions.h for options that aren't usually
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
15 #ifndef KEX_REKEY_TIMEOUT |
f3ca5ebc319a
Split options.h out into sysoptions.h for options that aren't usually
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
16 #define KEX_REKEY_TIMEOUT (3600 * 8) |
f3ca5ebc319a
Split options.h out into sysoptions.h for options that aren't usually
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
17 #endif |
f3ca5ebc319a
Split options.h out into sysoptions.h for options that aren't usually
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
18 #ifndef KEX_REKEY_DATA |
f3ca5ebc319a
Split options.h out into sysoptions.h for options that aren't usually
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
19 #define KEX_REKEY_DATA (1<<30) /* 2^30 == 1GB, this value must be < INT_MAX */ |
f3ca5ebc319a
Split options.h out into sysoptions.h for options that aren't usually
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
20 #endif |
f3ca5ebc319a
Split options.h out into sysoptions.h for options that aren't usually
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
21 /* Close connections to clients which haven't authorised after AUTH_TIMEOUT */ |
f3ca5ebc319a
Split options.h out into sysoptions.h for options that aren't usually
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
22 #ifndef AUTH_TIMEOUT |
f3ca5ebc319a
Split options.h out into sysoptions.h for options that aren't usually
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
23 #define AUTH_TIMEOUT 300 /* we choose 5 minutes */ |
f3ca5ebc319a
Split options.h out into sysoptions.h for options that aren't usually
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
24 #endif |
f3ca5ebc319a
Split options.h out into sysoptions.h for options that aren't usually
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
25 |
f3ca5ebc319a
Split options.h out into sysoptions.h for options that aren't usually
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
26 /* Minimum key sizes for DSS and RSA */ |
f3ca5ebc319a
Split options.h out into sysoptions.h for options that aren't usually
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
27 #ifndef MIN_DSS_KEYLEN |
f3ca5ebc319a
Split options.h out into sysoptions.h for options that aren't usually
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
28 #define MIN_DSS_KEYLEN 512 |
f3ca5ebc319a
Split options.h out into sysoptions.h for options that aren't usually
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
29 #endif |
f3ca5ebc319a
Split options.h out into sysoptions.h for options that aren't usually
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
30 #ifndef MIN_RSA_KEYLEN |
f3ca5ebc319a
Split options.h out into sysoptions.h for options that aren't usually
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
31 #define MIN_RSA_KEYLEN 512 |
f3ca5ebc319a
Split options.h out into sysoptions.h for options that aren't usually
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
32 #endif |
f3ca5ebc319a
Split options.h out into sysoptions.h for options that aren't usually
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
33 |
f3ca5ebc319a
Split options.h out into sysoptions.h for options that aren't usually
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
34 #define MAX_BANNER_SIZE 2000 /* this is 25*80 chars, any more is foolish */ |
f3ca5ebc319a
Split options.h out into sysoptions.h for options that aren't usually
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
35 #define MAX_BANNER_LINES 20 /* How many lines the client will display */ |
f3ca5ebc319a
Split options.h out into sysoptions.h for options that aren't usually
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
36 |
f3ca5ebc319a
Split options.h out into sysoptions.h for options that aren't usually
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
37 /* the number of NAME=VALUE pairs to malloc for environ, if we don't have |
f3ca5ebc319a
Split options.h out into sysoptions.h for options that aren't usually
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
38 * the clearenv() function */ |
f3ca5ebc319a
Split options.h out into sysoptions.h for options that aren't usually
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
39 #define ENV_SIZE 100 |
f3ca5ebc319a
Split options.h out into sysoptions.h for options that aren't usually
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
40 |
f3ca5ebc319a
Split options.h out into sysoptions.h for options that aren't usually
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
41 #define MAX_CMD_LEN 1024 /* max length of a command */ |
f3ca5ebc319a
Split options.h out into sysoptions.h for options that aren't usually
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
42 #define MAX_TERM_LEN 200 /* max length of TERM name */ |
f3ca5ebc319a
Split options.h out into sysoptions.h for options that aren't usually
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
43 |
f3ca5ebc319a
Split options.h out into sysoptions.h for options that aren't usually
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
44 #define MAX_HOST_LEN 254 /* max hostname len for tcp fwding */ |
f3ca5ebc319a
Split options.h out into sysoptions.h for options that aren't usually
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
45 #define MAX_IP_LEN 15 /* strlen("255.255.255.255") == 15 */ |
f3ca5ebc319a
Split options.h out into sysoptions.h for options that aren't usually
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
46 |
f3ca5ebc319a
Split options.h out into sysoptions.h for options that aren't usually
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
47 #define DROPBEAR_MAX_PORTS 10 /* max number of ports which can be specified, |
f3ca5ebc319a
Split options.h out into sysoptions.h for options that aren't usually
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
48 ipv4 and ipv6 don't count twice */ |
f3ca5ebc319a
Split options.h out into sysoptions.h for options that aren't usually
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
49 |
f3ca5ebc319a
Split options.h out into sysoptions.h for options that aren't usually
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
50 /* Each port might have at least a v4 and a v6 address */ |
f3ca5ebc319a
Split options.h out into sysoptions.h for options that aren't usually
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
51 #define MAX_LISTEN_ADDR (DROPBEAR_MAX_PORTS*3) |
f3ca5ebc319a
Split options.h out into sysoptions.h for options that aren't usually
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
52 |
f3ca5ebc319a
Split options.h out into sysoptions.h for options that aren't usually
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
53 #define _PATH_TTY "/dev/tty" |
f3ca5ebc319a
Split options.h out into sysoptions.h for options that aren't usually
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
54 |
f3ca5ebc319a
Split options.h out into sysoptions.h for options that aren't usually
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
55 #define _PATH_CP "/bin/cp" |
f3ca5ebc319a
Split options.h out into sysoptions.h for options that aren't usually
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
56 |
f3ca5ebc319a
Split options.h out into sysoptions.h for options that aren't usually
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
57 /* success/failure defines */ |
f3ca5ebc319a
Split options.h out into sysoptions.h for options that aren't usually
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
58 #define DROPBEAR_SUCCESS 0 |
f3ca5ebc319a
Split options.h out into sysoptions.h for options that aren't usually
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
59 #define DROPBEAR_FAILURE -1 |
f3ca5ebc319a
Split options.h out into sysoptions.h for options that aren't usually
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
60 |
f3ca5ebc319a
Split options.h out into sysoptions.h for options that aren't usually
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
61 /* various algorithm identifiers */ |
f3ca5ebc319a
Split options.h out into sysoptions.h for options that aren't usually
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
62 #define DROPBEAR_KEX_DH_GROUP1 0 |
595
2895626d864f
Add diffie-hellman-group14-sha1 KEX method
Matt Johnston <matt@ucc.asn.au>
parents:
547
diff
changeset
|
63 #define DROPBEAR_KEX_DH_GROUP14 1 |
499
f3ca5ebc319a
Split options.h out into sysoptions.h for options that aren't usually
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
64 |
f3ca5ebc319a
Split options.h out into sysoptions.h for options that aren't usually
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
65 #define DROPBEAR_SIGNKEY_ANY 0 |
f3ca5ebc319a
Split options.h out into sysoptions.h for options that aren't usually
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
66 #define DROPBEAR_SIGNKEY_RSA 1 |
f3ca5ebc319a
Split options.h out into sysoptions.h for options that aren't usually
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
67 #define DROPBEAR_SIGNKEY_DSS 2 |
f3ca5ebc319a
Split options.h out into sysoptions.h for options that aren't usually
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
68 #define DROPBEAR_SIGNKEY_NONE 3 |
f3ca5ebc319a
Split options.h out into sysoptions.h for options that aren't usually
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
69 |
f3ca5ebc319a
Split options.h out into sysoptions.h for options that aren't usually
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
70 #define DROPBEAR_COMP_NONE 0 |
f3ca5ebc319a
Split options.h out into sysoptions.h for options that aren't usually
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
71 #define DROPBEAR_COMP_ZLIB 1 |
501
d58c478bd399
Add support for [email protected] delayed compression.
Matt Johnston <matt@ucc.asn.au>
parents:
499
diff
changeset
|
72 #define DROPBEAR_COMP_ZLIB_DELAY 2 |
499
f3ca5ebc319a
Split options.h out into sysoptions.h for options that aren't usually
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
73 |
f3ca5ebc319a
Split options.h out into sysoptions.h for options that aren't usually
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
74 /* Required for pubkey auth */ |
f3ca5ebc319a
Split options.h out into sysoptions.h for options that aren't usually
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
75 #if defined(ENABLE_SVR_PUBKEY_AUTH) || defined(DROPBEAR_CLIENT) |
f3ca5ebc319a
Split options.h out into sysoptions.h for options that aren't usually
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
76 #define DROPBEAR_SIGNKEY_VERIFY |
f3ca5ebc319a
Split options.h out into sysoptions.h for options that aren't usually
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
77 #endif |
f3ca5ebc319a
Split options.h out into sysoptions.h for options that aren't usually
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
78 |
f3ca5ebc319a
Split options.h out into sysoptions.h for options that aren't usually
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
79 /* SHA1 is 20 bytes == 160 bits */ |
f3ca5ebc319a
Split options.h out into sysoptions.h for options that aren't usually
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
80 #define SHA1_HASH_SIZE 20 |
f3ca5ebc319a
Split options.h out into sysoptions.h for options that aren't usually
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
81 /* SHA512 is 64 bytes == 512 bits */ |
f3ca5ebc319a
Split options.h out into sysoptions.h for options that aren't usually
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
82 #define SHA512_HASH_SIZE 64 |
f3ca5ebc319a
Split options.h out into sysoptions.h for options that aren't usually
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
83 /* MD5 is 16 bytes = 128 bits */ |
f3ca5ebc319a
Split options.h out into sysoptions.h for options that aren't usually
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
84 #define MD5_HASH_SIZE 16 |
f3ca5ebc319a
Split options.h out into sysoptions.h for options that aren't usually
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
85 |
f3ca5ebc319a
Split options.h out into sysoptions.h for options that aren't usually
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
86 /* largest of MD5 and SHA1 */ |
f3ca5ebc319a
Split options.h out into sysoptions.h for options that aren't usually
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
87 #define MAX_MAC_LEN SHA1_HASH_SIZE |
f3ca5ebc319a
Split options.h out into sysoptions.h for options that aren't usually
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
88 |
f3ca5ebc319a
Split options.h out into sysoptions.h for options that aren't usually
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
89 |
f3ca5ebc319a
Split options.h out into sysoptions.h for options that aren't usually
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
90 #define MAX_KEY_LEN 32 /* 256 bits for aes256 etc */ |
f3ca5ebc319a
Split options.h out into sysoptions.h for options that aren't usually
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
91 #define MAX_IV_LEN 20 /* must be same as max blocksize, |
f3ca5ebc319a
Split options.h out into sysoptions.h for options that aren't usually
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
92 and >= SHA1_HASH_SIZE */ |
f3ca5ebc319a
Split options.h out into sysoptions.h for options that aren't usually
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
93 #define MAX_MAC_KEY 20 |
f3ca5ebc319a
Split options.h out into sysoptions.h for options that aren't usually
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
94 |
f3ca5ebc319a
Split options.h out into sysoptions.h for options that aren't usually
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
95 #define MAX_NAME_LEN 64 /* maximum length of a protocol name, isn't |
f3ca5ebc319a
Split options.h out into sysoptions.h for options that aren't usually
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
96 explicitly specified for all protocols (just |
f3ca5ebc319a
Split options.h out into sysoptions.h for options that aren't usually
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
97 for algos) but seems valid */ |
f3ca5ebc319a
Split options.h out into sysoptions.h for options that aren't usually
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
98 |
f3ca5ebc319a
Split options.h out into sysoptions.h for options that aren't usually
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
99 #define MAX_PROPOSED_ALGO 20 |
f3ca5ebc319a
Split options.h out into sysoptions.h for options that aren't usually
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
100 |
f3ca5ebc319a
Split options.h out into sysoptions.h for options that aren't usually
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
101 /* size/count limits */ |
603
3aa74a4d83ae
Refer to RFCs rather than drafts, update some section references
Matt Johnston <matt@ucc.asn.au>
parents:
598
diff
changeset
|
102 /* From transport rfc */ |
499
f3ca5ebc319a
Split options.h out into sysoptions.h for options that aren't usually
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
103 #define MIN_PACKET_LEN 16 |
f3ca5ebc319a
Split options.h out into sysoptions.h for options that aren't usually
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
104 |
f3ca5ebc319a
Split options.h out into sysoptions.h for options that aren't usually
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
105 #define RECV_MAX_PACKET_LEN (MAX(35000, ((RECV_MAX_PAYLOAD_LEN)+100))) |
f3ca5ebc319a
Split options.h out into sysoptions.h for options that aren't usually
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
106 |
f3ca5ebc319a
Split options.h out into sysoptions.h for options that aren't usually
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
107 /* for channel code */ |
f3ca5ebc319a
Split options.h out into sysoptions.h for options that aren't usually
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
108 #define TRANS_MAX_WINDOW 500000000 /* 500MB is sufficient, stopping overflow */ |
f3ca5ebc319a
Split options.h out into sysoptions.h for options that aren't usually
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
109 #define TRANS_MAX_WIN_INCR 500000000 /* overflow prevention */ |
f3ca5ebc319a
Split options.h out into sysoptions.h for options that aren't usually
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
110 |
f3ca5ebc319a
Split options.h out into sysoptions.h for options that aren't usually
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
111 #define RECV_WINDOWEXTEND (opts.recv_window / 3) /* We send a "window extend" every |
f3ca5ebc319a
Split options.h out into sysoptions.h for options that aren't usually
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
112 RECV_WINDOWEXTEND bytes */ |
f3ca5ebc319a
Split options.h out into sysoptions.h for options that aren't usually
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
113 #define MAX_RECV_WINDOW (1024*1024) /* 1 MB should be enough */ |
f3ca5ebc319a
Split options.h out into sysoptions.h for options that aren't usually
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
114 |
f3ca5ebc319a
Split options.h out into sysoptions.h for options that aren't usually
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
115 #define MAX_CHANNELS 100 /* simple mem restriction, includes each tcp/x11 |
f3ca5ebc319a
Split options.h out into sysoptions.h for options that aren't usually
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
116 connection, so can't be _too_ small */ |
f3ca5ebc319a
Split options.h out into sysoptions.h for options that aren't usually
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
117 |
f3ca5ebc319a
Split options.h out into sysoptions.h for options that aren't usually
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
118 #define MAX_STRING_LEN 1400 /* ~= MAX_PROPOSED_ALGO * MAX_NAME_LEN, also |
f3ca5ebc319a
Split options.h out into sysoptions.h for options that aren't usually
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
119 is the max length for a password etc */ |
f3ca5ebc319a
Split options.h out into sysoptions.h for options that aren't usually
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
120 |
f3ca5ebc319a
Split options.h out into sysoptions.h for options that aren't usually
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
121 /* For a 4096 bit DSS key, empirically determined */ |
f3ca5ebc319a
Split options.h out into sysoptions.h for options that aren't usually
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
122 #define MAX_PUBKEY_SIZE 1700 |
f3ca5ebc319a
Split options.h out into sysoptions.h for options that aren't usually
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
123 /* For a 4096 bit DSS key, empirically determined */ |
f3ca5ebc319a
Split options.h out into sysoptions.h for options that aren't usually
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
124 #define MAX_PRIVKEY_SIZE 1700 |
f3ca5ebc319a
Split options.h out into sysoptions.h for options that aren't usually
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
125 |
f3ca5ebc319a
Split options.h out into sysoptions.h for options that aren't usually
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
126 /* The maximum size of the bignum portion of the kexhash buffer */ |
603
3aa74a4d83ae
Refer to RFCs rather than drafts, update some section references
Matt Johnston <matt@ucc.asn.au>
parents:
598
diff
changeset
|
127 /* Sect. 8 of the transport rfc 4253, K_S + e + f + K */ |
499
f3ca5ebc319a
Split options.h out into sysoptions.h for options that aren't usually
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
128 #define KEXHASHBUF_MAX_INTS (1700 + 130 + 130 + 130) |
f3ca5ebc319a
Split options.h out into sysoptions.h for options that aren't usually
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
129 |
f3ca5ebc319a
Split options.h out into sysoptions.h for options that aren't usually
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
130 #define DROPBEAR_MAX_SOCKS 2 /* IPv4, IPv6 are all we'll get for now. Revisit |
f3ca5ebc319a
Split options.h out into sysoptions.h for options that aren't usually
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
131 in a few years time.... */ |
f3ca5ebc319a
Split options.h out into sysoptions.h for options that aren't usually
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
132 |
f3ca5ebc319a
Split options.h out into sysoptions.h for options that aren't usually
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
133 #define DROPBEAR_MAX_CLI_PASS 1024 |
f3ca5ebc319a
Split options.h out into sysoptions.h for options that aren't usually
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
134 |
f3ca5ebc319a
Split options.h out into sysoptions.h for options that aren't usually
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
135 #define DROPBEAR_MAX_CLI_INTERACT_PROMPTS 80 /* The number of prompts we'll |
f3ca5ebc319a
Split options.h out into sysoptions.h for options that aren't usually
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
136 accept for keyb-interactive |
f3ca5ebc319a
Split options.h out into sysoptions.h for options that aren't usually
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
137 auth */ |
f3ca5ebc319a
Split options.h out into sysoptions.h for options that aren't usually
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
138 |
502 | 139 #if defined(DROPBEAR_AES256) || defined(DROPBEAR_AES128) |
140 #define DROPBEAR_AES | |
499
f3ca5ebc319a
Split options.h out into sysoptions.h for options that aren't usually
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
141 #endif |
f3ca5ebc319a
Split options.h out into sysoptions.h for options that aren't usually
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
142 |
502 | 143 #if defined(DROPBEAR_TWOFISH256) || defined(DROPBEAR_TWOFISH128) |
144 #define DROPBEAR_TWOFISH | |
499
f3ca5ebc319a
Split options.h out into sysoptions.h for options that aren't usually
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
145 #endif |
f3ca5ebc319a
Split options.h out into sysoptions.h for options that aren't usually
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
146 |
f3ca5ebc319a
Split options.h out into sysoptions.h for options that aren't usually
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
147 #ifndef ENABLE_X11FWD |
f3ca5ebc319a
Split options.h out into sysoptions.h for options that aren't usually
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
148 #define DISABLE_X11FWD |
f3ca5ebc319a
Split options.h out into sysoptions.h for options that aren't usually
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
149 #endif |
f3ca5ebc319a
Split options.h out into sysoptions.h for options that aren't usually
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
150 |
f3ca5ebc319a
Split options.h out into sysoptions.h for options that aren't usually
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
151 #if defined(ENABLE_CLI_REMOTETCPFWD) || defined(ENABLE_CLI_LOCALTCPFWD) |
f3ca5ebc319a
Split options.h out into sysoptions.h for options that aren't usually
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
152 #define ENABLE_CLI_ANYTCPFWD |
f3ca5ebc319a
Split options.h out into sysoptions.h for options that aren't usually
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
153 #endif |
f3ca5ebc319a
Split options.h out into sysoptions.h for options that aren't usually
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
154 |
f3ca5ebc319a
Split options.h out into sysoptions.h for options that aren't usually
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
155 #if defined(ENABLE_CLI_LOCALTCPFWD) || defined(ENABLE_SVR_REMOTETCPFWD) |
f3ca5ebc319a
Split options.h out into sysoptions.h for options that aren't usually
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
156 #define DROPBEAR_TCP_ACCEPT |
f3ca5ebc319a
Split options.h out into sysoptions.h for options that aren't usually
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
157 #endif |
f3ca5ebc319a
Split options.h out into sysoptions.h for options that aren't usually
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
158 |
f3ca5ebc319a
Split options.h out into sysoptions.h for options that aren't usually
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
159 #if defined(ENABLE_CLI_REMOTETCPFWD) || defined(ENABLE_CLI_LOCALTCPFWD) || \ |
f3ca5ebc319a
Split options.h out into sysoptions.h for options that aren't usually
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
160 defined(ENABLE_SVR_REMOTETCPFWD) || defined(ENABLE_SVR_LOCALTCPFWD) || \ |
547
cf376c696dfc
Make it compile, update for changes in channel structure.
Matt Johnston <matt@ucc.asn.au>
parents:
521
diff
changeset
|
161 defined(ENABLE_SVR_AGENTFWD) || defined(ENABLE_X11FWD) |
499
f3ca5ebc319a
Split options.h out into sysoptions.h for options that aren't usually
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
162 #define USING_LISTENERS |
f3ca5ebc319a
Split options.h out into sysoptions.h for options that aren't usually
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
163 #endif |
f3ca5ebc319a
Split options.h out into sysoptions.h for options that aren't usually
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
164 |
604
810dfc792ca9
Compile fix for when both client and server agent forwarding is disabled
Matt Johnston <matt@ucc.asn.au>
parents:
603
diff
changeset
|
165 #if defined(ENABLE_SVR_AGENTFWD) || defined(ENABLE_CLI_LOCALTCPFWD) |
810dfc792ca9
Compile fix for when both client and server agent forwarding is disabled
Matt Johnston <matt@ucc.asn.au>
parents:
603
diff
changeset
|
166 #define ENABLE_AGENTFWD |
810dfc792ca9
Compile fix for when both client and server agent forwarding is disabled
Matt Johnston <matt@ucc.asn.au>
parents:
603
diff
changeset
|
167 #endif |
810dfc792ca9
Compile fix for when both client and server agent forwarding is disabled
Matt Johnston <matt@ucc.asn.au>
parents:
603
diff
changeset
|
168 |
499
f3ca5ebc319a
Split options.h out into sysoptions.h for options that aren't usually
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
169 #if defined(ENABLE_CLI_NETCAT) && defined(ENABLE_CLI_PROXYCMD) |
f3ca5ebc319a
Split options.h out into sysoptions.h for options that aren't usually
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
170 #define ENABLE_CLI_MULTIHOP |
f3ca5ebc319a
Split options.h out into sysoptions.h for options that aren't usually
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
171 #endif |
f3ca5ebc319a
Split options.h out into sysoptions.h for options that aren't usually
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
172 |
547
cf376c696dfc
Make it compile, update for changes in channel structure.
Matt Johnston <matt@ucc.asn.au>
parents:
521
diff
changeset
|
173 #if defined(ENABLE_CLI_AGENTFWD) || defined(DROPBEAR_PRNGD_SOCKET) |
cf376c696dfc
Make it compile, update for changes in channel structure.
Matt Johnston <matt@ucc.asn.au>
parents:
521
diff
changeset
|
174 #define ENABLE_CONNECT_UNIX |
cf376c696dfc
Make it compile, update for changes in channel structure.
Matt Johnston <matt@ucc.asn.au>
parents:
521
diff
changeset
|
175 #endif |
cf376c696dfc
Make it compile, update for changes in channel structure.
Matt Johnston <matt@ucc.asn.au>
parents:
521
diff
changeset
|
176 |
499
f3ca5ebc319a
Split options.h out into sysoptions.h for options that aren't usually
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
177 #if defined(DROPBEAR_CLIENT) || defined(ENABLE_SVR_PUBKEY_AUTH) |
f3ca5ebc319a
Split options.h out into sysoptions.h for options that aren't usually
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
178 #define DROPBEAR_KEY_LINES /* ie we're using authorized_keys or known_hosts */ |
f3ca5ebc319a
Split options.h out into sysoptions.h for options that aren't usually
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
179 #endif |
f3ca5ebc319a
Split options.h out into sysoptions.h for options that aren't usually
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
180 |
605
53c21d4ec98a
- Don't allow setting memLevel since that doesn't work properly
Matt Johnston <matt@ucc.asn.au>
parents:
598
diff
changeset
|
181 /* Changing this is inadvisable, it appears to have problems |
53c21d4ec98a
- Don't allow setting memLevel since that doesn't work properly
Matt Johnston <matt@ucc.asn.au>
parents:
598
diff
changeset
|
182 * with flushing compressed data */ |
53c21d4ec98a
- Don't allow setting memLevel since that doesn't work properly
Matt Johnston <matt@ucc.asn.au>
parents:
598
diff
changeset
|
183 #define DROPBEAR_ZLIB_MEM_LEVEL 8 |
53c21d4ec98a
- Don't allow setting memLevel since that doesn't work properly
Matt Johnston <matt@ucc.asn.au>
parents:
598
diff
changeset
|
184 |
499
f3ca5ebc319a
Split options.h out into sysoptions.h for options that aren't usually
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
185 #if defined(ENABLE_SVR_PASSWORD_AUTH) && defined(ENABLE_SVR_PAM_AUTH) |
f3ca5ebc319a
Split options.h out into sysoptions.h for options that aren't usually
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
186 #error "You can't turn on PASSWORD and PAM auth both at once. Fix it in options.h" |
f3ca5ebc319a
Split options.h out into sysoptions.h for options that aren't usually
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
187 #endif |
f3ca5ebc319a
Split options.h out into sysoptions.h for options that aren't usually
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
188 |
f3ca5ebc319a
Split options.h out into sysoptions.h for options that aren't usually
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
189 #if defined(DROPBEAR_RANDOM_DEV) && defined(DROPBEAR_PRNGD_SOCKET) |
f3ca5ebc319a
Split options.h out into sysoptions.h for options that aren't usually
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
190 #error "You can't turn on DROPBEAR_PRNGD_SOCKET and DROPBEAR_RANDOM_DEV at once" |
f3ca5ebc319a
Split options.h out into sysoptions.h for options that aren't usually
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
191 #endif |
f3ca5ebc319a
Split options.h out into sysoptions.h for options that aren't usually
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
192 |
f3ca5ebc319a
Split options.h out into sysoptions.h for options that aren't usually
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
193 #if !defined(DROPBEAR_RANDOM_DEV) && !defined(DROPBEAR_PRNGD_SOCKET) |
f3ca5ebc319a
Split options.h out into sysoptions.h for options that aren't usually
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
194 #error "You must choose one of DROPBEAR_PRNGD_SOCKET or DROPBEAR_RANDOM_DEV in options.h" |
f3ca5ebc319a
Split options.h out into sysoptions.h for options that aren't usually
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
195 #endif |
f3ca5ebc319a
Split options.h out into sysoptions.h for options that aren't usually
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
196 |
f3ca5ebc319a
Split options.h out into sysoptions.h for options that aren't usually
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
197 /* We use dropbear_client and dropbear_server as shortcuts to avoid redundant |
f3ca5ebc319a
Split options.h out into sysoptions.h for options that aren't usually
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
198 * code, if we're just compiling as client or server */ |
f3ca5ebc319a
Split options.h out into sysoptions.h for options that aren't usually
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
199 #if defined(DROPBEAR_SERVER) && defined(DROPBEAR_CLIENT) |
f3ca5ebc319a
Split options.h out into sysoptions.h for options that aren't usually
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
200 |
f3ca5ebc319a
Split options.h out into sysoptions.h for options that aren't usually
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
201 #define IS_DROPBEAR_SERVER (ses.isserver == 1) |
f3ca5ebc319a
Split options.h out into sysoptions.h for options that aren't usually
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
202 #define IS_DROPBEAR_CLIENT (ses.isserver == 0) |
f3ca5ebc319a
Split options.h out into sysoptions.h for options that aren't usually
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
203 |
f3ca5ebc319a
Split options.h out into sysoptions.h for options that aren't usually
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
204 #elif defined(DROPBEAR_SERVER) |
f3ca5ebc319a
Split options.h out into sysoptions.h for options that aren't usually
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
205 |
f3ca5ebc319a
Split options.h out into sysoptions.h for options that aren't usually
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
206 #define IS_DROPBEAR_SERVER 1 |
f3ca5ebc319a
Split options.h out into sysoptions.h for options that aren't usually
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
207 #define IS_DROPBEAR_CLIENT 0 |
f3ca5ebc319a
Split options.h out into sysoptions.h for options that aren't usually
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
208 |
f3ca5ebc319a
Split options.h out into sysoptions.h for options that aren't usually
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
209 #elif defined(DROPBEAR_CLIENT) |
f3ca5ebc319a
Split options.h out into sysoptions.h for options that aren't usually
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
210 |
f3ca5ebc319a
Split options.h out into sysoptions.h for options that aren't usually
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
211 #define IS_DROPBEAR_SERVER 0 |
f3ca5ebc319a
Split options.h out into sysoptions.h for options that aren't usually
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
212 #define IS_DROPBEAR_CLIENT 1 |
f3ca5ebc319a
Split options.h out into sysoptions.h for options that aren't usually
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
213 |
f3ca5ebc319a
Split options.h out into sysoptions.h for options that aren't usually
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
214 #else |
521
cc2dff9bd671
- Allow building with neither server nor client specified
Matt Johnston <matt@ucc.asn.au>
parents:
516
diff
changeset
|
215 /* Just building key utils? */ |
cc2dff9bd671
- Allow building with neither server nor client specified
Matt Johnston <matt@ucc.asn.au>
parents:
516
diff
changeset
|
216 #define IS_DROPBEAR_SERVER 0 |
cc2dff9bd671
- Allow building with neither server nor client specified
Matt Johnston <matt@ucc.asn.au>
parents:
516
diff
changeset
|
217 #define IS_DROPBEAR_CLIENT 0 |
cc2dff9bd671
- Allow building with neither server nor client specified
Matt Johnston <matt@ucc.asn.au>
parents:
516
diff
changeset
|
218 |
499
f3ca5ebc319a
Split options.h out into sysoptions.h for options that aren't usually
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
219 #endif |