Mercurial > dropbear
comparison options.h @ 118:5312ca05ed48 private-rez
propagate of 717950f4061f1123659ee87c7c168805af920ab7 and 839f98f136788cc1466e4641bf796f96040a085d from branch 'matt.dbclient.authpam' to 'matt.dbclient.rez'
| author | Matt Johnston <matt@ucc.asn.au> |
|---|---|
| date | Sun, 12 Sep 2004 04:56:50 +0000 |
| parents | 3b2a5a1c4347 cca368f09f4f |
| children | 3394a7cb30cd |
comparison
equal
deleted
inserted
replaced
| 57:3b2a5a1c4347 | 118:5312ca05ed48 |
|---|---|
| 1 /* | 1 /* Dropbear SSH |
| 2 * Dropbear - a SSH2 server | |
| 3 * | |
| 4 * Copyright (c) 2002,2003 Matt Johnston | 2 * Copyright (c) 2002,2003 Matt Johnston |
| 5 * All rights reserved. | 3 * All rights reserved. See LICENSE for the license. */ |
| 6 * | |
| 7 * Permission is hereby granted, free of charge, to any person obtaining a copy | |
| 8 * of this software and associated documentation files (the "Software"), to deal | |
| 9 * in the Software without restriction, including without limitation the rights | |
| 10 * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell | |
| 11 * copies of the Software, and to permit persons to whom the Software is | |
| 12 * furnished to do so, subject to the following conditions: | |
| 13 * | |
| 14 * The above copyright notice and this permission notice shall be included in | |
| 15 * all copies or substantial portions of the Software. | |
| 16 * | |
| 17 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR | |
| 18 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, | |
| 19 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE | |
| 20 * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER | |
| 21 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, | |
| 22 * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE | |
| 23 * SOFTWARE. */ | |
| 24 | 4 |
| 25 #ifndef _OPTIONS_H_ | 5 #ifndef _OPTIONS_H_ |
| 26 #define _OPTIONS_H_ | 6 #define _OPTIONS_H_ |
| 27 | 7 |
| 28 /****************************************************************** | 8 /****************************************************************** |
| 29 * Define compile-time options below - the "#ifndef DROPBEAR_XXX .... #endif" | 9 * Define compile-time options below - the "#ifndef DROPBEAR_XXX .... #endif" |
| 30 * parts are to allow for commandline -DDROPBEAR_XXX options etc. | 10 * parts are to allow for commandline -DDROPBEAR_XXX options etc. |
| 31 ******************************************************************/ | 11 ******************************************************************/ |
| 32 | 12 |
| 33 #ifndef DROPBEAR_PORT | 13 #ifndef DROPBEAR_DEFPORT |
| 34 #define DROPBEAR_PORT 22 | 14 #define DROPBEAR_DEFPORT "22" |
| 35 #endif | 15 #endif |
| 36 | 16 |
| 37 /* Default hostkey paths - these can be specified on the command line */ | 17 /* Default hostkey paths - these can be specified on the command line */ |
| 38 #ifndef DSS_PRIV_FILENAME | 18 #ifndef DSS_PRIV_FILENAME |
| 39 #define DSS_PRIV_FILENAME "/etc/dropbear/dropbear_dss_host_key" | 19 #define DSS_PRIV_FILENAME "/etc/dropbear/dropbear_dss_host_key" |
| 40 #endif | 20 #endif |
| 41 #ifndef RSA_PRIV_FILENAME | 21 #ifndef RSA_PRIV_FILENAME |
| 42 #define RSA_PRIV_FILENAME "/etc/dropbear/dropbear_rsa_host_key" | 22 #define RSA_PRIV_FILENAME "/etc/dropbear/dropbear_rsa_host_key" |
| 43 #endif | 23 #endif |
| 24 | |
| 25 /* Set NON_INETD_MODE if you require daemon functionality (ie Dropbear listens | |
| 26 * on chosen ports and keeps accepting connections. This is the default. | |
| 27 * | |
| 28 * Set INETD_MODE if you want to be able to run Dropbear with inetd (or | |
| 29 * similar), where it will use stdin/stdout for connections, and each process | |
| 30 * lasts for a single connection. Dropbear should be invoked with the -i flag | |
| 31 * for inetd, and can only accept IPv4 connections. | |
| 32 * | |
| 33 * Both of these flags can be defined at once, don't compile without at least | |
| 34 * one of them. */ | |
| 35 #define NON_INETD_MODE | |
| 36 #define INETD_MODE | |
| 44 | 37 |
| 45 /* Setting this disables the fast exptmod bignum code. It saves ~5kB, but is | 38 /* Setting this disables the fast exptmod bignum code. It saves ~5kB, but is |
| 46 * perhaps 20% slower for pubkey operations (it is probably worth experimenting | 39 * perhaps 20% slower for pubkey operations (it is probably worth experimenting |
| 47 * if you want to use this) */ | 40 * if you want to use this) */ |
| 48 /*#define NO_FAST_EXPTMOD*/ | 41 /*#define NO_FAST_EXPTMOD*/ |
| 49 | 42 |
| 50 /* Enable X11 Forwarding */ | 43 /* Set this if you want to use the DROPBEAR_SMALL_CODE option. This can save |
| 44 several kB in binary size, however will make the symmetrical ciphers (AES, DES | |
| 45 etc) slower (perhaps by 50%). Recommended for most small systems. */ | |
| 46 #define DROPBEAR_SMALL_CODE | |
| 47 | |
| 48 /* Enable X11 Forwarding - server only */ | |
| 51 #define ENABLE_X11FWD | 49 #define ENABLE_X11FWD |
| 52 | 50 |
| 53 /* Enable TCP Fowarding */ | 51 /* Enable TCP Fowarding */ |
| 54 /* OpenSSH's "-L" style forwarding (client port forwarded via server) */ | 52 /* 'Local' is "-L" style (client listening port forwarded via server) |
| 55 #define ENABLE_LOCALTCPFWD | 53 * 'Remote' is "-R" style (server listening port forwarded via client) */ |
| 56 /* OpenSSH's "-R" style forwarding (server port forwarded via client) */ | 54 |
| 57 #define ENABLE_REMOTETCPFWD | 55 #define ENABLE_CLI_LOCALTCPFWD |
| 58 | 56 #define ENABLE_CLI_REMOTETCPFWD |
| 59 /* Enable Authentication Agent Forwarding */ | 57 |
| 58 #define ENABLE_SVR_LOCALTCPFWD | |
| 59 #define ENABLE_SVR_REMOTETCPFWD | |
| 60 | |
| 61 /* Enable Authentication Agent Forwarding - server only for now */ | |
| 60 #define ENABLE_AGENTFWD | 62 #define ENABLE_AGENTFWD |
| 61 | 63 |
| 62 /* Encryption - at least one required. | 64 /* Encryption - at least one required. |
| 63 * RFC Draft requires 3DES, and recommends Blowfish, AES128 & Twofish128 */ | 65 * RFC Draft requires 3DES, and recommends Blowfish, AES128 & Twofish128 */ |
| 64 #define DROPBEAR_AES128_CBC | 66 #define DROPBEAR_AES128_CBC |
| 113 //#define DROPBEAR_PASSWORD_AUTH | 115 //#define DROPBEAR_PASSWORD_AUTH |
| 114 /* Only set PAM auth if you aren't using PASSWORD auth. Also, you'll need | 116 /* Only set PAM auth if you aren't using PASSWORD auth. Also, you'll need |
| 115 * to make sure PAM libraries etc are installed */ | 117 * to make sure PAM libraries etc are installed */ |
| 116 #define DROPBEAR_PAM_AUTH | 118 #define DROPBEAR_PAM_AUTH |
| 117 #define DROPBEAR_PUBKEY_AUTH | 119 #define DROPBEAR_PUBKEY_AUTH |
| 120 #define ENABLE_SVR_PASSWORD_AUTH | |
| 121 #define ENABLE_SVR_PUBKEY_AUTH | |
| 122 | |
| 123 #define ENABLE_CLI_PASSWORD_AUTH | |
| 124 #define ENABLE_CLI_PUBKEY_AUTH | |
| 118 | 125 |
| 119 /* Random device to use - you must specify _one only_. | 126 /* Random device to use - you must specify _one only_. |
| 120 * DEV_RANDOM is recommended on hosts with a good /dev/urandom, otherwise use | 127 * DEV_URANDOM is recommended on hosts with a good /dev/urandom, otherwise use |
| 121 * PRNGD and run prngd, specifying the socket. This device must be able to | 128 * PRNGD and run prngd, specifying the socket. This device must be able to |
| 122 * produce a large amount of random data, so using /dev/random or Entropy | 129 * produce a large amount of random data, so using /dev/random or Entropy |
| 123 * Gathering Daemon (egd) may result in halting, as it waits for more random | 130 * Gathering Daemon (egd) may result in halting, as it waits for more random |
| 124 * data */ | 131 * data */ |
| 125 #define DROPBEAR_DEV_URANDOM /* use /dev/urandom */ | 132 #define DROPBEAR_DEV_URANDOM /* use /dev/urandom */ |
| 134 * not yet authenticated. After this limit, connections are rejected */ | 141 * not yet authenticated. After this limit, connections are rejected */ |
| 135 #ifndef MAX_UNAUTH_CLIENTS | 142 #ifndef MAX_UNAUTH_CLIENTS |
| 136 #define MAX_UNAUTH_CLIENTS 30 | 143 #define MAX_UNAUTH_CLIENTS 30 |
| 137 #endif | 144 #endif |
| 138 | 145 |
| 139 /* Maximum number of failed authentication tries */ | 146 /* Maximum number of failed authentication tries (server option) */ |
| 140 #ifndef MAX_AUTH_TRIES | 147 #ifndef MAX_AUTH_TRIES |
| 141 #define MAX_AUTH_TRIES 10 | 148 #define MAX_AUTH_TRIES 10 |
| 142 #endif | 149 #endif |
| 143 | 150 |
| 144 /* The file to store the daemon's process ID, for shutdown scripts etc */ | 151 /* The file to store the daemon's process ID, for shutdown scripts etc */ |
| 157 * be enabled */ | 164 * be enabled */ |
| 158 #ifndef SFTPSERVER_PATH | 165 #ifndef SFTPSERVER_PATH |
| 159 #define SFTPSERVER_PATH "/usr/libexec/sftp-server" | 166 #define SFTPSERVER_PATH "/usr/libexec/sftp-server" |
| 160 #endif | 167 #endif |
| 161 | 168 |
| 162 /* This is used by the scp binary when used as a client binary */ | 169 /* This is used by the scp binary when used as a client binary. If you're |
| 163 #define _PATH_SSH_PROGRAM "/usr/bin/ssh" | 170 * not using the Dropbear client, you'll need to change it */ |
| 171 #define _PATH_SSH_PROGRAM "/usr/bin/dbclient" | |
| 164 | 172 |
| 165 /* Multi-purpose binary configuration has now moved. Look at the top | 173 /* Multi-purpose binary configuration has now moved. Look at the top |
| 166 * of the Makefile for instructions, or INSTALL */ | 174 * of the Makefile for instructions, or INSTALL */ |
| 167 | 175 |
| 168 /******************************************************************* | 176 /******************************************************************* |
| 169 * You shouldn't edit below here unless you know you need to. | 177 * You shouldn't edit below here unless you know you need to. |
| 170 *******************************************************************/ | 178 *******************************************************************/ |
| 171 | 179 |
| 172 #ifndef DROPBEAR_VERSION | 180 #ifndef DROPBEAR_VERSION |
| 173 #define DROPBEAR_VERSION "0.41-and-client" | 181 #define DROPBEAR_VERSION "0.44test3" |
| 174 #endif | 182 #endif |
| 175 | 183 |
| 176 #define LOCAL_IDENT "SSH-2.0-dropbear_" DROPBEAR_VERSION | 184 #define LOCAL_IDENT "SSH-2.0-dropbear_" DROPBEAR_VERSION |
| 177 #define PROGNAME "dropbear" | 185 #define PROGNAME "dropbear" |
| 178 | 186 |
| 234 | 242 |
| 235 #define DROPBEAR_COMP_NONE 0 | 243 #define DROPBEAR_COMP_NONE 0 |
| 236 #define DROPBEAR_COMP_ZLIB 1 | 244 #define DROPBEAR_COMP_ZLIB 1 |
| 237 | 245 |
| 238 /* Required for pubkey auth */ | 246 /* Required for pubkey auth */ |
| 239 #if defined(DROPBEAR_PUBKEY_AUTH) || defined(DROPBEAR_CLIENT) | 247 #if defined(ENABLE_SVR_PUBKEY_AUTH) || defined(DROPBEAR_CLIENT) |
| 240 #define DROPBEAR_SIGNKEY_VERIFY | 248 #define DROPBEAR_SIGNKEY_VERIFY |
| 241 #endif | 249 #endif |
| 242 | 250 |
| 243 /* SHA1 is 20 bytes == 160 bits */ | 251 /* SHA1 is 20 bytes == 160 bits */ |
| 244 #define SHA1_HASH_SIZE 20 | 252 #define SHA1_HASH_SIZE 20 |
| 281 /* For a 4096 bit DSS key, empirically determined to be 1590 bytes */ | 289 /* For a 4096 bit DSS key, empirically determined to be 1590 bytes */ |
| 282 #define MAX_PUBKEY_SIZE 1600 | 290 #define MAX_PUBKEY_SIZE 1600 |
| 283 /* For a 4096 bit DSS key, empirically determined to be 1590 bytes */ | 291 /* For a 4096 bit DSS key, empirically determined to be 1590 bytes */ |
| 284 #define MAX_PRIVKEY_SIZE 1600 | 292 #define MAX_PRIVKEY_SIZE 1600 |
| 285 | 293 |
| 294 #define DROPBEAR_MAX_SOCKS 2 /* IPv4, IPv6 are all we'll get for now. Revisit | |
| 295 in a few years time.... */ | |
| 296 | |
| 286 #ifndef ENABLE_X11FWD | 297 #ifndef ENABLE_X11FWD |
| 287 #define DISABLE_X11FWD | 298 #define DISABLE_X11FWD |
| 288 #endif | 299 #endif |
| 289 | 300 |
| 290 #ifndef ENABLE_AGENTFWD | 301 #ifndef ENABLE_AGENTFWD |
| 295 #define DISABLE_TCPDIRECT | 306 #define DISABLE_TCPDIRECT |
| 296 #endif | 307 #endif |
| 297 | 308 |
| 298 #ifndef ENABLE_REMOTETCPFWD | 309 #ifndef ENABLE_REMOTETCPFWD |
| 299 #define DISABLE_REMOTETCPFWD | 310 #define DISABLE_REMOTETCPFWD |
| 311 #endif | |
| 312 | |
| 313 #if defined(ENABLE_CLI_REMOTETCPFWD) || defined(ENABLE_CLI_LOCALTCPFWD) | |
| 314 #define ENABLE_CLI_ANYTCPFWD | |
| 315 #endif | |
| 316 | |
| 317 #if defined(ENABLE_CLI_LOCALTCPFWD) || defined(ENABLE_SVR_REMOTETCPFWD) | |
| 318 #define DROPBEAR_TCP_ACCEPT | |
| 300 #endif | 319 #endif |
| 301 | 320 |
| 302 #if defined(ENABLE_REMOTETCPFWD) || defined(ENABLE_LOCALTCPFWD) || \ | 321 #if defined(ENABLE_REMOTETCPFWD) || defined(ENABLE_LOCALTCPFWD) || \ |
| 303 defined(ENABLE_AGENTFWD) || defined(ENABLE_X11FWD) | 322 defined(ENABLE_AGENTFWD) || defined(ENABLE_X11FWD) |
| 304 #define USING_LISTENERS | 323 #define USING_LISTENERS |
| 305 #endif | 324 #endif |
| 306 | 325 |
| 307 #if defined(DROPBEAR_CLIENT) || defined(DROPBEAR_PUBKEY_AUTH) | 326 #if defined(DROPBEAR_CLIENT) || defined(ENABLE_SVR_PUBKEY_AUTH) |
| 308 #define DROPBEAR_KEY_LINES /* ie we're using authorized_keys or known_hosts */ | 327 #define DROPBEAR_KEY_LINES /* ie we're using authorized_keys or known_hosts */ |
| 309 #endif | 328 #endif |
| 310 | 329 |
| 311 /* We use dropbear_client and dropbear_server as shortcuts to avoid redundant | 330 /* We use dropbear_client and dropbear_server as shortcuts to avoid redundant |
| 312 * code, if we're just compiling as client or server */ | 331 * code, if we're just compiling as client or server */ |