Mercurial > dropbear
comparison options.h @ 511:582cb38e4eb5 insecure-nocrypto
propagate from branch 'au.asn.ucc.matt.dropbear' (head cdcc3c729e29544e8b98a408e2dc60e4483dfd2a)
to branch 'au.asn.ucc.matt.dropbear.insecure-nocrypto' (head 0ca38a1cf349f7426ac9de34ebe4c3e3735effab)
author | Matt Johnston <matt@ucc.asn.au> |
---|---|
date | Thu, 06 Nov 2008 13:16:55 +0000 |
parents | 461c4b1fb35f b85507ade010 |
children | 0129fd8ccc71 |
comparison
equal
deleted
inserted
replaced
361:461c4b1fb35f | 511:582cb38e4eb5 |
---|---|
12 | 12 |
13 #ifndef DROPBEAR_DEFPORT | 13 #ifndef DROPBEAR_DEFPORT |
14 #define DROPBEAR_DEFPORT "22" | 14 #define DROPBEAR_DEFPORT "22" |
15 #endif | 15 #endif |
16 | 16 |
17 #ifndef DROPBEAR_DEFADDRESS | |
18 /* Listen on all interfaces */ | |
19 #define DROPBEAR_DEFADDRESS "" | |
20 #endif | |
21 | |
17 /* Default hostkey paths - these can be specified on the command line */ | 22 /* Default hostkey paths - these can be specified on the command line */ |
18 #ifndef DSS_PRIV_FILENAME | 23 #ifndef DSS_PRIV_FILENAME |
19 #define DSS_PRIV_FILENAME "/etc/dropbear/dropbear_dss_host_key" | 24 #define DSS_PRIV_FILENAME "/etc/dropbear/dropbear_dss_host_key" |
20 #endif | 25 #endif |
21 #ifndef RSA_PRIV_FILENAME | 26 #ifndef RSA_PRIV_FILENAME |
59 #define ENABLE_SVR_REMOTETCPFWD | 64 #define ENABLE_SVR_REMOTETCPFWD |
60 | 65 |
61 /* Enable Authentication Agent Forwarding - server only for now */ | 66 /* Enable Authentication Agent Forwarding - server only for now */ |
62 #define ENABLE_AGENTFWD | 67 #define ENABLE_AGENTFWD |
63 | 68 |
69 | |
70 /* Note: Both ENABLE_CLI_PROXYCMD and ENABLE_CLI_NETCAT must be set to | |
71 * allow multihop dbclient connections */ | |
72 | |
73 /* Allow using -J <proxycommand> to run the connection through a | |
74 pipe to a program, rather the normal TCP connection */ | |
75 #define ENABLE_CLI_PROXYCMD | |
76 | |
77 /* Enable "Netcat mode" option. This will forward standard input/output | |
78 * to a remote TCP-forwarded connection */ | |
79 #define ENABLE_CLI_NETCAT | |
80 | |
64 /* Encryption - at least one required. | 81 /* Encryption - at least one required. |
65 * RFC Draft requires 3DES and recommends AES128 for interoperability. | 82 * Protocol RFC requires 3DES and recommends AES128 for interoperability. |
66 * Including multiple keysize variants the same cipher | 83 * Including multiple keysize variants the same cipher |
67 * (eg AES256 as well as AES128) will result in a minimal size increase.*/ | 84 * (eg AES256 as well as AES128) will result in a minimal size increase.*/ |
68 /* | 85 #define DROPBEAR_AES128 |
69 #define DROPBEAR_AES128_CBC | 86 #define DROPBEAR_3DES |
70 #define DROPBEAR_3DES_CBC | 87 #define DROPBEAR_AES256 |
71 #define DROPBEAR_AES256_CBC | 88 #define DROPBEAR_BLOWFISH |
72 #define DROPBEAR_BLOWFISH_CBC | 89 #define DROPBEAR_TWOFISH256 |
73 #define DROPBEAR_TWOFISH256_CBC | 90 #define DROPBEAR_TWOFISH128 |
74 #define DROPBEAR_TWOFISH128_CBC | 91 |
75 */ | 92 /* Enable "Counter Mode" for ciphers. This is more secure than normal |
76 | 93 * CBC mode against certain attacks. This adds around 1kB to binary |
94 * size and is recommended for most cases */ | |
95 #define DROPBEAR_ENABLE_CTR_MODE | |
77 /* You can compile with no encryption if you want. In some circumstances | 96 /* You can compile with no encryption if you want. In some circumstances |
78 * this could be safe securitywise, though make sure you know what | 97 * this could be safe securitywise, though make sure you know what |
79 * you're doing. Anyone can see everything that goes over the wire, so | 98 * you're doing. Anyone can see everything that goes over the wire, so |
80 * the only safe auth method is public key. You'll have to disable all other | 99 * the only safe auth method is public key. You'll have to disable all other |
81 * ciphers above in the client if you want to use this, or implement cipher | 100 * ciphers above in the client if you want to use this, or implement cipher |
85 * all ciphers including "none" as the server, then recompile a special | 104 * all ciphers including "none" as the server, then recompile a special |
86 * "dbclient-insecure" client. */ | 105 * "dbclient-insecure" client. */ |
87 #define DROPBEAR_NONE_CIPHER | 106 #define DROPBEAR_NONE_CIPHER |
88 | 107 |
89 /* Message Integrity - at least one required. | 108 /* Message Integrity - at least one required. |
90 * RFC Draft requires sha1 and recommends sha1-96. | 109 * Protocol RFC requires sha1 and recommends sha1-96. |
91 * sha1-96 may be of use for slow links, as it has a smaller overhead. | 110 * sha1-96 may be of use for slow links, as it has a smaller overhead. |
92 * | 111 * |
93 * Note: there's no point disabling sha1 to save space, since it's used | 112 * Note: there's no point disabling sha1 to save space, since it's used |
94 * for the random number generator and public-key cryptography anyway. | 113 * for the random number generator and public-key cryptography anyway. |
95 * Disabling it here will just stop it from being used as the integrity portion | 114 * Disabling it here will just stop it from being used as the integrity portion |
146 * It's useful for systems like OS X where standard password crypts don't work, | 165 * It's useful for systems like OS X where standard password crypts don't work, |
147 * but there's an interface via a PAM module - don't bother using it otherwise. | 166 * but there's an interface via a PAM module - don't bother using it otherwise. |
148 * You can't enable both PASSWORD and PAM. */ | 167 * You can't enable both PASSWORD and PAM. */ |
149 | 168 |
150 #define ENABLE_SVR_PASSWORD_AUTH | 169 #define ENABLE_SVR_PASSWORD_AUTH |
151 /* #define ENABLE_SVR_PAM_AUTH */ /* requires ./configure --enable-pam */ | 170 /* PAM requires ./configure --enable-pam */ |
171 /*#define ENABLE_SVR_PAM_AUTH*/ | |
152 #define ENABLE_SVR_PUBKEY_AUTH | 172 #define ENABLE_SVR_PUBKEY_AUTH |
173 | |
174 /* Wether to ake public key options in authorized_keys file into account */ | |
175 #ifdef ENABLE_SVR_PUBKEY_AUTH | |
176 #define ENABLE_SVR_PUBKEY_OPTIONS | |
177 #endif | |
153 | 178 |
154 #define ENABLE_CLI_PASSWORD_AUTH | 179 #define ENABLE_CLI_PASSWORD_AUTH |
155 #define ENABLE_CLI_PUBKEY_AUTH | 180 #define ENABLE_CLI_PUBKEY_AUTH |
156 #define ENABLE_CLI_INTERACT_AUTH | 181 #define ENABLE_CLI_INTERACT_AUTH |
182 | |
183 /* This variable can be used to set a password for client | |
184 * authentication on the commandline. Beware of platforms | |
185 * that don't protect environment variables of processes etc. Also | |
186 * note that it will be provided for all "hidden" client-interactive | |
187 * style prompts - if you want something more sophisticated, use | |
188 * SSH_ASKPASS instead. Comment out this var to remove this functionality.*/ | |
189 #define DROPBEAR_PASSWORD_ENV "DROPBEAR_PASSWORD" | |
157 | 190 |
158 /* Define this (as well as ENABLE_CLI_PASSWORD_AUTH) to allow the use of | 191 /* Define this (as well as ENABLE_CLI_PASSWORD_AUTH) to allow the use of |
159 * a helper program for the ssh client. The helper program should be | 192 * a helper program for the ssh client. The helper program should be |
160 * specified in the SSH_ASKPASS environment variable, and dbclient | 193 * specified in the SSH_ASKPASS environment variable, and dbclient |
161 * should be run with DISPLAY set and no tty. The program should | 194 * should be run with DISPLAY set and no tty. The program should |
167 * DROPBEAR_RANDOM_DEV is recommended on hosts with a good /dev/(u)random, | 200 * DROPBEAR_RANDOM_DEV is recommended on hosts with a good /dev/(u)random, |
168 * otherwise use run prngd (or egd if you want), specifying the socket. | 201 * otherwise use run prngd (or egd if you want), specifying the socket. |
169 * The device will be queried for a few dozen bytes of seed a couple of times | 202 * The device will be queried for a few dozen bytes of seed a couple of times |
170 * per session (or more for very long-lived sessions). */ | 203 * per session (or more for very long-lived sessions). */ |
171 | 204 |
172 /* If you are lacking entropy on the system then using /dev/urandom | 205 /* We'll use /dev/urandom by default, since /dev/random is too much hassle. |
173 * will prevent Dropbear from blocking on the device. This could | 206 * If system developers aren't keeping seeds between boots nor getting |
174 * however significantly reduce the security of your ssh connections | 207 * any entropy from somewhere it's their own fault. */ |
175 * if the PRNG state becomes guessable - make sure you know what you are | 208 #define DROPBEAR_RANDOM_DEV "/dev/urandom" |
176 * doing if you change this. */ | |
177 #define DROPBEAR_RANDOM_DEV "/dev/random" | |
178 | 209 |
179 /* prngd must be manually set up to produce output */ | 210 /* prngd must be manually set up to produce output */ |
180 /*#define DROPBEAR_PRNGD_SOCKET "/var/run/dropbear-rng"*/ | 211 /*#define DROPBEAR_PRNGD_SOCKET "/var/run/dropbear-rng"*/ |
181 | 212 |
182 /* Specify the number of clients we will allow to be connected but | 213 /* Specify the number of clients we will allow to be connected but |
195 /* Maximum number of failed authentication tries (server option) */ | 226 /* Maximum number of failed authentication tries (server option) */ |
196 #ifndef MAX_AUTH_TRIES | 227 #ifndef MAX_AUTH_TRIES |
197 #define MAX_AUTH_TRIES 10 | 228 #define MAX_AUTH_TRIES 10 |
198 #endif | 229 #endif |
199 | 230 |
200 /* The file to store the daemon's process ID, for shutdown scripts etc */ | 231 /* The default file to store the daemon's process ID, for shutdown |
232 scripts etc. This can be overridden with the -P flag */ | |
201 #ifndef DROPBEAR_PIDFILE | 233 #ifndef DROPBEAR_PIDFILE |
202 #define DROPBEAR_PIDFILE "/var/run/dropbear.pid" | 234 #define DROPBEAR_PIDFILE "/var/run/dropbear.pid" |
203 #endif | 235 #endif |
204 | 236 |
205 /* The command to invoke for xauth when using X11 forwarding. | 237 /* The command to invoke for xauth when using X11 forwarding. |
217 | 249 |
218 /* This is used by the scp binary when used as a client binary. If you're | 250 /* This is used by the scp binary when used as a client binary. If you're |
219 * not using the Dropbear client, you'll need to change it */ | 251 * not using the Dropbear client, you'll need to change it */ |
220 #define _PATH_SSH_PROGRAM "/usr/bin/dbclient" | 252 #define _PATH_SSH_PROGRAM "/usr/bin/dbclient" |
221 | 253 |
222 /* Multi-purpose binary configuration has now moved. Look at the top | 254 /* Whether to log commands executed by a client. This only logs the |
223 * of the Makefile for instructions, or INSTALL */ | 255 * (single) command sent to the server, not what a user did in a |
224 | 256 * shell/sftp session etc. */ |
225 /******************************************************************* | 257 /* #define LOG_COMMANDS */ |
226 * You shouldn't edit below here unless you know you need to. | 258 |
227 *******************************************************************/ | 259 /* Window size limits. These tend to be a trade-off between memory |
228 | 260 usage and network performance: */ |
229 #ifndef DROPBEAR_VERSION | 261 /* Size of the network receive window. This amount of memory is allocated |
230 #define DROPBEAR_VERSION "0.48" | 262 as a per-channel receive buffer. Increasing this value can make a |
231 #endif | 263 significant difference to network performance. 24kB was empirically |
232 | 264 chosen for a 100mbit ethernet network. The value can be altered at |
233 #define LOCAL_IDENT "SSH-2.0-dropbear_" DROPBEAR_VERSION | 265 runtime with the -W argument. */ |
234 #define PROGNAME "dropbear" | 266 #define DEFAULT_RECV_WINDOW 24576 |
235 | 267 /* Maximum size of a received SSH data packet - this _MUST_ be >= 32768 |
236 /* Spec recommends after one hour or 1 gigabyte of data. One hour | 268 in order to interoperate with other implementations */ |
237 * is a bit too verbose, so we try 8 hours */ | 269 #define RECV_MAX_PAYLOAD_LEN 32768 |
238 #ifndef KEX_REKEY_TIMEOUT | 270 /* Maximum size of a transmitted data packet - this can be any value, |
239 #define KEX_REKEY_TIMEOUT (3600 * 8) | 271 though increasing it may not make a significant difference. */ |
240 #endif | 272 #define TRANS_MAX_PAYLOAD_LEN 16384 |
241 #ifndef KEX_REKEY_DATA | 273 |
242 #define KEX_REKEY_DATA (1<<30) /* 2^30 == 1GB, this value must be < INT_MAX */ | 274 /* Ensure that data is transmitted every KEEPALIVE seconds. This can |
243 #endif | 275 be overridden at runtime with -K. 0 disables keepalives */ |
244 /* Close connections to clients which haven't authorised after AUTH_TIMEOUT */ | 276 #define DEFAULT_KEEPALIVE 0 |
245 #ifndef AUTH_TIMEOUT | 277 |
246 #define AUTH_TIMEOUT 300 /* we choose 5 minutes */ | 278 /* The default path. This will often get replaced by the shell */ |
247 #endif | 279 #define DEFAULT_PATH "/usr/bin:/bin" |
248 | 280 |
249 /* Minimum key sizes for DSS and RSA */ | 281 /* Some other defines (that mostly should be left alone) are defined |
250 #ifndef MIN_DSS_KEYLEN | 282 * in sysoptions.h */ |
251 #define MIN_DSS_KEYLEN 512 | 283 #include "sysoptions.h" |
252 #endif | |
253 #ifndef MIN_RSA_KEYLEN | |
254 #define MIN_RSA_KEYLEN 512 | |
255 #endif | |
256 | |
257 #define MAX_BANNER_SIZE 2000 /* this is 25*80 chars, any more is foolish */ | |
258 #define MAX_BANNER_LINES 20 /* How many lines the client will display */ | |
259 | |
260 /* the number of NAME=VALUE pairs to malloc for environ, if we don't have | |
261 * the clearenv() function */ | |
262 #define ENV_SIZE 100 | |
263 | |
264 #define MAX_CMD_LEN 1024 /* max length of a command */ | |
265 #define MAX_TERM_LEN 200 /* max length of TERM name */ | |
266 | |
267 #define MAX_HOST_LEN 254 /* max hostname len for tcp fwding */ | |
268 #define MAX_IP_LEN 15 /* strlen("255.255.255.255") == 15 */ | |
269 | |
270 #define DROPBEAR_MAX_PORTS 10 /* max number of ports which can be specified, | |
271 ipv4 and ipv6 don't count twice */ | |
272 | |
273 #define _PATH_TTY "/dev/tty" | |
274 | |
275 #define _PATH_CP "/bin/cp" | |
276 | |
277 /* Timeouts in seconds */ | |
278 #define SELECT_TIMEOUT 20 | |
279 | |
280 /* success/failure defines */ | |
281 #define DROPBEAR_SUCCESS 0 | |
282 #define DROPBEAR_FAILURE -1 | |
283 | |
284 /* various algorithm identifiers */ | |
285 #define DROPBEAR_KEX_DH_GROUP1 0 | |
286 | |
287 #define DROPBEAR_SIGNKEY_ANY 0 | |
288 #define DROPBEAR_SIGNKEY_RSA 1 | |
289 #define DROPBEAR_SIGNKEY_DSS 2 | |
290 #define DROPBEAR_SIGNKEY_NONE 3 | |
291 | |
292 #define DROPBEAR_COMP_NONE 0 | |
293 #define DROPBEAR_COMP_ZLIB 1 | |
294 | |
295 /* Required for pubkey auth */ | |
296 #if defined(ENABLE_SVR_PUBKEY_AUTH) || defined(DROPBEAR_CLIENT) | |
297 #define DROPBEAR_SIGNKEY_VERIFY | |
298 #endif | |
299 | |
300 /* SHA1 is 20 bytes == 160 bits */ | |
301 #define SHA1_HASH_SIZE 20 | |
302 /* SHA512 is 64 bytes == 512 bits */ | |
303 #define SHA512_HASH_SIZE 64 | |
304 /* MD5 is 16 bytes = 128 bits */ | |
305 #define MD5_HASH_SIZE 16 | |
306 | |
307 /* largest of MD5 and SHA1 */ | |
308 #define MAX_MAC_LEN SHA1_HASH_SIZE | |
309 | |
310 | |
311 #define MAX_KEY_LEN 32 /* 256 bits for aes256 etc */ | |
312 #define MAX_IV_LEN 20 /* must be same as max blocksize, | |
313 and >= SHA1_HASH_SIZE */ | |
314 #define MAX_MAC_KEY 20 | |
315 | |
316 #define MAX_NAME_LEN 64 /* maximum length of a protocol name, isn't | |
317 explicitly specified for all protocols (just | |
318 for algos) but seems valid */ | |
319 | |
320 #define MAX_PROPOSED_ALGO 20 | |
321 | |
322 /* size/count limits */ | |
323 #define MAX_LISTEN_ADDR 10 | |
324 | |
325 #define MAX_PACKET_LEN 35000 | |
326 #define MIN_PACKET_LEN 16 | |
327 #define MAX_PAYLOAD_LEN 32768 | |
328 | |
329 #define MAX_TRANS_PAYLOAD_LEN 32768 | |
330 #define MAX_TRANS_PACKET_LEN (MAX_TRANS_PAYLOAD_LEN+50) | |
331 | |
332 #define MAX_TRANS_WINDOW 500000000 /* 500MB is sufficient, stopping overflow */ | |
333 #define MAX_TRANS_WIN_INCR 500000000 /* overflow prevention */ | |
334 | |
335 #define MAX_STRING_LEN 1400 /* ~= MAX_PROPOSED_ALGO * MAX_NAME_LEN, also | |
336 is the max length for a password etc */ | |
337 | |
338 /* For a 4096 bit DSS key, empirically determined */ | |
339 #define MAX_PUBKEY_SIZE 1700 | |
340 /* For a 4096 bit DSS key, empirically determined */ | |
341 #define MAX_PRIVKEY_SIZE 1700 | |
342 | |
343 /* The maximum size of the bignum portion of the kexhash buffer */ | |
344 /* Sect. 8 of the transport draft, K_S + e + f + K */ | |
345 #define KEXHASHBUF_MAX_INTS (1700 + 130 + 130 + 130) | |
346 | |
347 #define DROPBEAR_MAX_SOCKS 2 /* IPv4, IPv6 are all we'll get for now. Revisit | |
348 in a few years time.... */ | |
349 | |
350 #define DROPBEAR_MAX_CLI_PASS 1024 | |
351 | |
352 #define DROPBEAR_MAX_CLI_INTERACT_PROMPTS 80 /* The number of prompts we'll | |
353 accept for keyb-interactive | |
354 auth */ | |
355 | |
356 #if defined(DROPBEAR_AES256_CBC) || defined(DROPBEAR_AES128_CBC) | |
357 #define DROPBEAR_AES_CBC | |
358 #endif | |
359 | |
360 #if defined(DROPBEAR_TWOFISH256_CBC) || defined(DROPBEAR_TWOFISH128_CBC) | |
361 #define DROPBEAR_TWOFISH_CBC | |
362 #endif | |
363 | |
364 #ifndef ENABLE_X11FWD | |
365 #define DISABLE_X11FWD | |
366 #endif | |
367 | |
368 #ifndef ENABLE_AGENTFWD | |
369 #define DISABLE_AGENTFWD | |
370 #endif | |
371 | |
372 #if defined(ENABLE_CLI_REMOTETCPFWD) || defined(ENABLE_CLI_LOCALTCPFWD) | |
373 #define ENABLE_CLI_ANYTCPFWD | |
374 #endif | |
375 | |
376 #if defined(ENABLE_CLI_LOCALTCPFWD) || defined(ENABLE_SVR_REMOTETCPFWD) | |
377 #define DROPBEAR_TCP_ACCEPT | |
378 #endif | |
379 | |
380 #if defined(ENABLE_CLI_REMOTETCPFWD) || defined(ENABLE_CLI_LOCALTCPFWD) || \ | |
381 defined(ENABLE_SVR_REMOTETCPFWD) || defined(ENABLE_SVR_LOCALTCPFWD) || \ | |
382 defined(ENABLE_AGENTFWD) || defined(ENABLE_X11FWD) | |
383 #define USING_LISTENERS | |
384 #endif | |
385 | |
386 #if defined(DROPBEAR_CLIENT) || defined(ENABLE_SVR_PUBKEY_AUTH) | |
387 #define DROPBEAR_KEY_LINES /* ie we're using authorized_keys or known_hosts */ | |
388 #endif | |
389 | |
390 #if defined(ENABLE_SVR_PASSWORD_AUTH) && defined(ENABLE_SVR_PAM_AUTH) | |
391 #error "You can't turn on PASSWORD and PAM auth both at once. Fix it in options.h" | |
392 #endif | |
393 | |
394 #if defined(DROPBEAR_RANDOM_DEV) && defined(DROPBEAR_PRNGD_SOCKET) | |
395 #error "You can't turn on DROPBEAR_PRNGD_SOCKET and DROPBEAR_RANDOM_DEV at once" | |
396 #endif | |
397 | |
398 #if !defined(DROPBEAR_RANDOM_DEV) && !defined(DROPBEAR_PRNGD_SOCKET) | |
399 #error "You must choose one of DROPBEAR_PRNGD_SOCKET or DROPBEAR_RANDOM_DEV in options.h" | |
400 #endif | |
401 | |
402 /* We use dropbear_client and dropbear_server as shortcuts to avoid redundant | |
403 * code, if we're just compiling as client or server */ | |
404 #if defined(DROPBEAR_SERVER) && defined(DROPBEAR_CLIENT) | |
405 | |
406 #define IS_DROPBEAR_SERVER (ses.isserver == 1) | |
407 #define IS_DROPBEAR_CLIENT (ses.isserver == 0) | |
408 | |
409 #elif defined(DROPBEAR_SERVER) | |
410 | |
411 #define IS_DROPBEAR_SERVER 1 | |
412 #define IS_DROPBEAR_CLIENT 0 | |
413 | |
414 #elif defined(DROPBEAR_CLIENT) | |
415 | |
416 #define IS_DROPBEAR_SERVER 0 | |
417 #define IS_DROPBEAR_CLIENT 1 | |
418 | |
419 #else | |
420 #error You must compiled with either DROPBEAR_CLIENT or DROPBEAR_SERVER selected | |
421 #endif | |
422 | 284 |
423 #endif /* _OPTIONS_H_ */ | 285 #endif /* _OPTIONS_H_ */ |