comparison options.h @ 1318:10e2a7727253 coverity

merge coverity
author Matt Johnston <matt@ucc.asn.au>
date Fri, 22 Jul 2016 00:08:02 +0800
parents 750ec4ec4cbe
children 4f8eb331174f
comparison
equal deleted inserted replaced
1286:7d02b83c61fd 1318:10e2a7727253
1 /* Dropbear SSH 1 #ifndef DROPBEAR_OPTIONS_H
2 * Copyright (c) 2002,2003 Matt Johnston 2 #define DROPBEAR_OPTIONS_H
3 * All rights reserved. See LICENSE for the license. */
4 3
5 #ifndef DROPBEAR_OPTIONS_H_ 4 /*
6 #define DROPBEAR_OPTIONS_H_ 5 Local compile-time configuration should be defined in localoptions.h
6 See default_options.h.in for a description of the available options.
7 */
7 8
8 /* Define compile-time options below - the "#ifndef DROPBEAR_XXX .... #endif" 9 #ifdef LOCALOPTIONS_H_EXISTS
9 * parts are to allow for commandline -DDROPBEAR_XXX options etc. */ 10 #include "localoptions.h"
10
11 /* IMPORTANT: Many options will require "make clean" after changes */
12
13 #ifndef DROPBEAR_DEFPORT
14 #define DROPBEAR_DEFPORT "22"
15 #endif 11 #endif
16 12
17 #ifndef DROPBEAR_DEFADDRESS 13 #include "default_options.h"
18 /* Listen on all interfaces */
19 #define DROPBEAR_DEFADDRESS ""
20 #endif
21 14
22 /* Default hostkey paths - these can be specified on the command line */ 15 /* Some other defines that mostly should be left alone are defined
23 #ifndef DSS_PRIV_FILENAME
24 #define DSS_PRIV_FILENAME "/etc/dropbear/dropbear_dss_host_key"
25 #endif
26 #ifndef RSA_PRIV_FILENAME
27 #define RSA_PRIV_FILENAME "/etc/dropbear/dropbear_rsa_host_key"
28 #endif
29 #ifndef ECDSA_PRIV_FILENAME
30 #define ECDSA_PRIV_FILENAME "/etc/dropbear/dropbear_ecdsa_host_key"
31 #endif
32
33 /* Set NON_INETD_MODE if you require daemon functionality (ie Dropbear listens
34 * on chosen ports and keeps accepting connections. This is the default.
35 *
36 * Set INETD_MODE if you want to be able to run Dropbear with inetd (or
37 * similar), where it will use stdin/stdout for connections, and each process
38 * lasts for a single connection. Dropbear should be invoked with the -i flag
39 * for inetd, and can only accept IPv4 connections.
40 *
41 * Both of these flags can be defined at once, don't compile without at least
42 * one of them. */
43 #define NON_INETD_MODE
44 #define INETD_MODE
45
46 /* Setting this disables the fast exptmod bignum code. It saves ~5kB, but is
47 * perhaps 20% slower for pubkey operations (it is probably worth experimenting
48 * if you want to use this) */
49 /*#define NO_FAST_EXPTMOD*/
50
51 /* Set this if you want to use the DROPBEAR_SMALL_CODE option. This can save
52 several kB in binary size however will make the symmetrical ciphers and hashes
53 slower, perhaps by 50%. Recommended for small systems that aren't doing
54 much traffic. */
55 #define DROPBEAR_SMALL_CODE
56
57 /* Enable X11 Forwarding - server only */
58 #define ENABLE_X11FWD
59
60 /* Enable TCP Fowarding */
61 /* 'Local' is "-L" style (client listening port forwarded via server)
62 * 'Remote' is "-R" style (server listening port forwarded via client) */
63
64 #define ENABLE_CLI_LOCALTCPFWD
65 #define ENABLE_CLI_REMOTETCPFWD
66
67 #define ENABLE_SVR_LOCALTCPFWD
68 #define ENABLE_SVR_REMOTETCPFWD
69
70 /* Enable Authentication Agent Forwarding */
71 #define ENABLE_SVR_AGENTFWD
72 #define ENABLE_CLI_AGENTFWD
73
74
75 /* Note: Both ENABLE_CLI_PROXYCMD and ENABLE_CLI_NETCAT must be set to
76 * allow multihop dbclient connections */
77
78 /* Allow using -J <proxycommand> to run the connection through a
79 pipe to a program, rather the normal TCP connection */
80 #define ENABLE_CLI_PROXYCMD
81
82 /* Enable "Netcat mode" option. This will forward standard input/output
83 * to a remote TCP-forwarded connection */
84 #define ENABLE_CLI_NETCAT
85
86 /* Whether to support "-c" and "-m" flags to choose ciphers/MACs at runtime */
87 #define ENABLE_USER_ALGO_LIST
88
89 /* Encryption - at least one required.
90 * Protocol RFC requires 3DES and recommends AES128 for interoperability.
91 * Including multiple keysize variants the same cipher
92 * (eg AES256 as well as AES128) will result in a minimal size increase.*/
93 #define DROPBEAR_AES128
94 #define DROPBEAR_3DES
95 #define DROPBEAR_AES256
96 /* Compiling in Blowfish will add ~6kB to runtime heap memory usage */
97 /*#define DROPBEAR_BLOWFISH*/
98 #define DROPBEAR_TWOFISH256
99 #define DROPBEAR_TWOFISH128
100
101 /* Enable CBC mode for ciphers. This has security issues though
102 * is the most compatible with older SSH implementations */
103 #define DROPBEAR_ENABLE_CBC_MODE
104
105 /* Enable "Counter Mode" for ciphers. This is more secure than normal
106 * CBC mode against certain attacks. It is recommended for security
107 * and forwards compatibility */
108 #define DROPBEAR_ENABLE_CTR_MODE
109
110 /* Twofish counter mode is disabled by default because it
111 has not been tested for interoperability with other SSH implementations.
112 If you test it please contact the Dropbear author */
113 /* #define DROPBEAR_TWOFISH_CTR */
114
115 /* You can compile with no encryption if you want. In some circumstances
116 * this could be safe security-wise, though make sure you know what
117 * you're doing. Anyone can see everything that goes over the wire, so
118 * the only safe auth method is public key. */
119 /* #define DROPBEAR_NONE_CIPHER */
120
121 /* Message Integrity - at least one required.
122 * Protocol RFC requires sha1 and recommends sha1-96.
123 * sha1-96 is of use for slow links as it has a smaller overhead.
124 *
125 * There's no reason to disable sha1 or sha1-96 to save space since it's
126 * used for the random number generator and public-key cryptography anyway.
127 * Disabling it here will just stop it from being used as the integrity portion
128 * of the ssh protocol.
129 *
130 * These hashes are also used for public key fingerprints in logs.
131 * If you disable MD5, Dropbear will fall back to SHA1 fingerprints,
132 * which are not the standard form. */
133 #define DROPBEAR_SHA1_HMAC
134 #define DROPBEAR_SHA1_96_HMAC
135 #define DROPBEAR_SHA2_256_HMAC
136 #define DROPBEAR_SHA2_512_HMAC
137 #define DROPBEAR_MD5_HMAC
138
139 /* You can also disable integrity. Don't bother disabling this if you're
140 * still using a cipher, it's relatively cheap. If you disable this it's dead
141 * simple for an attacker to run arbitrary commands on the remote host. Beware. */
142 /* #define DROPBEAR_NONE_INTEGRITY */
143
144 /* Hostkey/public key algorithms - at least one required, these are used
145 * for hostkey as well as for verifying signatures with pubkey auth.
146 * Removing either of these won't save very much space.
147 * SSH2 RFC Draft requires dss, recommends rsa */
148 #define DROPBEAR_RSA
149 #define DROPBEAR_DSS
150 /* ECDSA is significantly faster than RSA or DSS. Compiling in ECC
151 * code (either ECDSA or ECDH) increases binary size - around 30kB
152 * on x86-64 */
153 #define DROPBEAR_ECDSA
154
155 /* Generate hostkeys as-needed when the first connection using that key type occurs.
156 This avoids the need to otherwise run "dropbearkey" and avoids some problems
157 with badly seeded /dev/urandom when systems first boot.
158 This also requires a runtime flag "-R". This adds ~4kB to binary size (or hardly
159 anything if dropbearkey is linked in a "dropbearmulti" binary) */
160 #define DROPBEAR_DELAY_HOSTKEY
161
162 /* Enable Curve25519 for key exchange. This is another elliptic
163 * curve method with good security properties. Increases binary size
164 * by ~8kB on x86-64 */
165 #define DROPBEAR_CURVE25519
166
167 /* Enable elliptic curve Diffie Hellman key exchange, see note about
168 * ECDSA above */
169 #define DROPBEAR_ECDH
170
171 /* Group14 (2048 bit) is recommended. Group1 is less secure (1024 bit) though
172 is the only option for interoperability with some older SSH programs */
173 #define DROPBEAR_DH_GROUP1 1
174 #define DROPBEAR_DH_GROUP14 1
175
176 /* Control the memory/performance/compression tradeoff for zlib.
177 * Set windowBits=8 for least memory usage, see your system's
178 * zlib.h for full details.
179 * Default settings (windowBits=15) will use 256kB for compression
180 * windowBits=8 will use 129kB for compression.
181 * Both modes will use ~35kB for decompression (using windowBits=15 for
182 * interoperability) */
183 #ifndef DROPBEAR_ZLIB_WINDOW_BITS
184 #define DROPBEAR_ZLIB_WINDOW_BITS 15
185 #endif
186
187 /* Server won't allow zlib compression until after authentication. Prevents
188 flaws in the zlib library being unauthenticated exploitable flaws.
189 Some old ssh clients may not support the alternative [email protected] method */
190 #define DROPBEAR_SERVER_DELAY_ZLIB 1
191
192 /* Whether to do reverse DNS lookups. */
193 /*#define DO_HOST_LOOKUP */
194
195 /* Whether to print the message of the day (MOTD). This doesn't add much code
196 * size */
197 #define DO_MOTD
198
199 /* The MOTD file path */
200 #ifndef MOTD_FILENAME
201 #define MOTD_FILENAME "/etc/motd"
202 #endif
203
204 /* Authentication Types - at least one required.
205 RFC Draft requires pubkey auth, and recommends password */
206
207 /* Note: PAM auth is quite simple and only works for PAM modules which just do
208 * a simple "Login: " "Password: " (you can edit the strings in svr-authpam.c).
209 * It's useful for systems like OS X where standard password crypts don't work
210 * but there's an interface via a PAM module. It won't work for more complex
211 * PAM challenge/response.
212 * You can't enable both PASSWORD and PAM. */
213
214 /* This requires crypt() */
215 #ifdef HAVE_CRYPT
216 #define ENABLE_SVR_PASSWORD_AUTH
217 #endif
218 /* PAM requires ./configure --enable-pam */
219 /*#define ENABLE_SVR_PAM_AUTH */
220 #define ENABLE_SVR_PUBKEY_AUTH
221
222 /* Whether to take public key options in
223 * authorized_keys file into account */
224 #ifdef ENABLE_SVR_PUBKEY_AUTH
225 #define ENABLE_SVR_PUBKEY_OPTIONS
226 #endif
227
228 /* This requires getpass. */
229 #ifdef HAVE_GETPASS
230 #define ENABLE_CLI_PASSWORD_AUTH
231 #define ENABLE_CLI_INTERACT_AUTH
232 #endif
233 #define ENABLE_CLI_PUBKEY_AUTH
234
235 /* A default argument for dbclient -i <privatekey>.
236 Homedir is prepended unless path begins with / */
237 #define DROPBEAR_DEFAULT_CLI_AUTHKEY ".ssh/id_dropbear"
238
239 /* This variable can be used to set a password for client
240 * authentication on the commandline. Beware of platforms
241 * that don't protect environment variables of processes etc. Also
242 * note that it will be provided for all "hidden" client-interactive
243 * style prompts - if you want something more sophisticated, use
244 * SSH_ASKPASS instead. Comment out this var to remove this functionality.*/
245 #define DROPBEAR_PASSWORD_ENV "DROPBEAR_PASSWORD"
246
247 /* Define this (as well as ENABLE_CLI_PASSWORD_AUTH) to allow the use of
248 * a helper program for the ssh client. The helper program should be
249 * specified in the SSH_ASKPASS environment variable, and dbclient
250 * should be run with DISPLAY set and no tty. The program should
251 * return the password on standard output */
252 /*#define ENABLE_CLI_ASKPASS_HELPER*/
253
254 /* Save a network roundtrip by sendng a real auth request immediately after
255 * sending a query for the available methods. It is at the expense of < 100
256 * bytes of extra network traffic. This is not yet enabled by default since it
257 * could cause problems with non-compliant servers */
258 /* #define DROPBEAR_CLI_IMMEDIATE_AUTH */
259
260 /* Source for randomness. This must be able to provide hundreds of bytes per SSH
261 * connection without blocking. In addition /dev/random is used for seeding
262 * rsa/dss key generation */
263 #define DROPBEAR_URANDOM_DEV "/dev/urandom"
264
265 /* Set this to use PRNGD or EGD instead of /dev/urandom or /dev/random */
266 /*#define DROPBEAR_PRNGD_SOCKET "/var/run/dropbear-rng"*/
267
268
269 /* Specify the number of clients we will allow to be connected but
270 * not yet authenticated. After this limit, connections are rejected */
271 /* The first setting is per-IP, to avoid denial of service */
272 #ifndef MAX_UNAUTH_PER_IP
273 #define MAX_UNAUTH_PER_IP 5
274 #endif
275
276 /* And then a global limit to avoid chewing memory if connections
277 * come from many IPs */
278 #ifndef MAX_UNAUTH_CLIENTS
279 #define MAX_UNAUTH_CLIENTS 30
280 #endif
281
282 /* Maximum number of failed authentication tries (server option) */
283 #ifndef MAX_AUTH_TRIES
284 #define MAX_AUTH_TRIES 10
285 #endif
286
287 /* The default file to store the daemon's process ID, for shutdown
288 scripts etc. This can be overridden with the -P flag */
289 #ifndef DROPBEAR_PIDFILE
290 #define DROPBEAR_PIDFILE "/var/run/dropbear.pid"
291 #endif
292
293 /* The command to invoke for xauth when using X11 forwarding.
294 * "-q" for quiet */
295 #ifndef XAUTH_COMMAND
296 #define XAUTH_COMMAND "/usr/bin/xauth -q"
297 #endif
298
299 /* if you want to enable running an sftp server (such as the one included with
300 * OpenSSH), set the path below. If the path isn't defined, sftp will not
301 * be enabled */
302 #ifndef SFTPSERVER_PATH
303 #define SFTPSERVER_PATH "/usr/libexec/sftp-server"
304 #endif
305
306 /* This is used by the scp binary when used as a client binary. If you're
307 * not using the Dropbear client, you'll need to change it */
308 #define DROPBEAR_PATH_SSH_PROGRAM "/usr/bin/dbclient"
309
310 /* Whether to log commands executed by a client. This only logs the
311 * (single) command sent to the server, not what a user did in a
312 * shell/sftp session etc. */
313 /* #define LOG_COMMANDS */
314
315 /* Window size limits. These tend to be a trade-off between memory
316 usage and network performance: */
317 /* Size of the network receive window. This amount of memory is allocated
318 as a per-channel receive buffer. Increasing this value can make a
319 significant difference to network performance. 24kB was empirically
320 chosen for a 100mbit ethernet network. The value can be altered at
321 runtime with the -W argument. */
322 #ifndef DEFAULT_RECV_WINDOW
323 #define DEFAULT_RECV_WINDOW 24576
324 #endif
325 /* Maximum size of a received SSH data packet - this _MUST_ be >= 32768
326 in order to interoperate with other implementations */
327 #ifndef RECV_MAX_PAYLOAD_LEN
328 #define RECV_MAX_PAYLOAD_LEN 32768
329 #endif
330 /* Maximum size of a transmitted data packet - this can be any value,
331 though increasing it may not make a significant difference. */
332 #ifndef TRANS_MAX_PAYLOAD_LEN
333 #define TRANS_MAX_PAYLOAD_LEN 16384
334 #endif
335
336 /* Ensure that data is transmitted every KEEPALIVE seconds. This can
337 be overridden at runtime with -K. 0 disables keepalives */
338 #define DEFAULT_KEEPALIVE 0
339
340 /* If this many KEEPALIVES are sent with no packets received from the
341 other side, exit. Not run-time configurable - if you have a need
342 for runtime configuration please mail the Dropbear list */
343 #define DEFAULT_KEEPALIVE_LIMIT 3
344
345 /* Ensure that data is received within IDLE_TIMEOUT seconds. This can
346 be overridden at runtime with -I. 0 disables idle timeouts */
347 #define DEFAULT_IDLE_TIMEOUT 0
348
349 /* The default path. This will often get replaced by the shell */
350 #define DEFAULT_PATH "/usr/bin:/bin"
351
352 /* Some other defines (that mostly should be left alone) are defined
353 * in sysoptions.h */ 16 * in sysoptions.h */
354 #include "sysoptions.h" 17 #include "sysoptions.h"
355 18
356 #endif /* DROPBEAR_OPTIONS_H_ */ 19 #endif /* DROPBEAR_OPTIONS_H */