comparison options.h @ 511:582cb38e4eb5 insecure-nocrypto

propagate from branch 'au.asn.ucc.matt.dropbear' (head cdcc3c729e29544e8b98a408e2dc60e4483dfd2a) to branch 'au.asn.ucc.matt.dropbear.insecure-nocrypto' (head 0ca38a1cf349f7426ac9de34ebe4c3e3735effab)
author Matt Johnston <matt@ucc.asn.au>
date Thu, 06 Nov 2008 13:16:55 +0000
parents 461c4b1fb35f b85507ade010
children 0129fd8ccc71
comparison
equal deleted inserted replaced
361:461c4b1fb35f 511:582cb38e4eb5
12 12
13 #ifndef DROPBEAR_DEFPORT 13 #ifndef DROPBEAR_DEFPORT
14 #define DROPBEAR_DEFPORT "22" 14 #define DROPBEAR_DEFPORT "22"
15 #endif 15 #endif
16 16
17 #ifndef DROPBEAR_DEFADDRESS
18 /* Listen on all interfaces */
19 #define DROPBEAR_DEFADDRESS ""
20 #endif
21
17 /* Default hostkey paths - these can be specified on the command line */ 22 /* Default hostkey paths - these can be specified on the command line */
18 #ifndef DSS_PRIV_FILENAME 23 #ifndef DSS_PRIV_FILENAME
19 #define DSS_PRIV_FILENAME "/etc/dropbear/dropbear_dss_host_key" 24 #define DSS_PRIV_FILENAME "/etc/dropbear/dropbear_dss_host_key"
20 #endif 25 #endif
21 #ifndef RSA_PRIV_FILENAME 26 #ifndef RSA_PRIV_FILENAME
59 #define ENABLE_SVR_REMOTETCPFWD 64 #define ENABLE_SVR_REMOTETCPFWD
60 65
61 /* Enable Authentication Agent Forwarding - server only for now */ 66 /* Enable Authentication Agent Forwarding - server only for now */
62 #define ENABLE_AGENTFWD 67 #define ENABLE_AGENTFWD
63 68
69
70 /* Note: Both ENABLE_CLI_PROXYCMD and ENABLE_CLI_NETCAT must be set to
71 * allow multihop dbclient connections */
72
73 /* Allow using -J <proxycommand> to run the connection through a
74 pipe to a program, rather the normal TCP connection */
75 #define ENABLE_CLI_PROXYCMD
76
77 /* Enable "Netcat mode" option. This will forward standard input/output
78 * to a remote TCP-forwarded connection */
79 #define ENABLE_CLI_NETCAT
80
64 /* Encryption - at least one required. 81 /* Encryption - at least one required.
65 * RFC Draft requires 3DES and recommends AES128 for interoperability. 82 * Protocol RFC requires 3DES and recommends AES128 for interoperability.
66 * Including multiple keysize variants the same cipher 83 * Including multiple keysize variants the same cipher
67 * (eg AES256 as well as AES128) will result in a minimal size increase.*/ 84 * (eg AES256 as well as AES128) will result in a minimal size increase.*/
68 /* 85 #define DROPBEAR_AES128
69 #define DROPBEAR_AES128_CBC 86 #define DROPBEAR_3DES
70 #define DROPBEAR_3DES_CBC 87 #define DROPBEAR_AES256
71 #define DROPBEAR_AES256_CBC 88 #define DROPBEAR_BLOWFISH
72 #define DROPBEAR_BLOWFISH_CBC 89 #define DROPBEAR_TWOFISH256
73 #define DROPBEAR_TWOFISH256_CBC 90 #define DROPBEAR_TWOFISH128
74 #define DROPBEAR_TWOFISH128_CBC 91
75 */ 92 /* Enable "Counter Mode" for ciphers. This is more secure than normal
76 93 * CBC mode against certain attacks. This adds around 1kB to binary
94 * size and is recommended for most cases */
95 #define DROPBEAR_ENABLE_CTR_MODE
77 /* You can compile with no encryption if you want. In some circumstances 96 /* You can compile with no encryption if you want. In some circumstances
78 * this could be safe securitywise, though make sure you know what 97 * this could be safe securitywise, though make sure you know what
79 * you're doing. Anyone can see everything that goes over the wire, so 98 * you're doing. Anyone can see everything that goes over the wire, so
80 * the only safe auth method is public key. You'll have to disable all other 99 * the only safe auth method is public key. You'll have to disable all other
81 * ciphers above in the client if you want to use this, or implement cipher 100 * ciphers above in the client if you want to use this, or implement cipher
85 * all ciphers including "none" as the server, then recompile a special 104 * all ciphers including "none" as the server, then recompile a special
86 * "dbclient-insecure" client. */ 105 * "dbclient-insecure" client. */
87 #define DROPBEAR_NONE_CIPHER 106 #define DROPBEAR_NONE_CIPHER
88 107
89 /* Message Integrity - at least one required. 108 /* Message Integrity - at least one required.
90 * RFC Draft requires sha1 and recommends sha1-96. 109 * Protocol RFC requires sha1 and recommends sha1-96.
91 * sha1-96 may be of use for slow links, as it has a smaller overhead. 110 * sha1-96 may be of use for slow links, as it has a smaller overhead.
92 * 111 *
93 * Note: there's no point disabling sha1 to save space, since it's used 112 * Note: there's no point disabling sha1 to save space, since it's used
94 * for the random number generator and public-key cryptography anyway. 113 * for the random number generator and public-key cryptography anyway.
95 * Disabling it here will just stop it from being used as the integrity portion 114 * Disabling it here will just stop it from being used as the integrity portion
146 * It's useful for systems like OS X where standard password crypts don't work, 165 * It's useful for systems like OS X where standard password crypts don't work,
147 * but there's an interface via a PAM module - don't bother using it otherwise. 166 * but there's an interface via a PAM module - don't bother using it otherwise.
148 * You can't enable both PASSWORD and PAM. */ 167 * You can't enable both PASSWORD and PAM. */
149 168
150 #define ENABLE_SVR_PASSWORD_AUTH 169 #define ENABLE_SVR_PASSWORD_AUTH
151 /* #define ENABLE_SVR_PAM_AUTH */ /* requires ./configure --enable-pam */ 170 /* PAM requires ./configure --enable-pam */
171 /*#define ENABLE_SVR_PAM_AUTH*/
152 #define ENABLE_SVR_PUBKEY_AUTH 172 #define ENABLE_SVR_PUBKEY_AUTH
173
174 /* Wether to ake public key options in authorized_keys file into account */
175 #ifdef ENABLE_SVR_PUBKEY_AUTH
176 #define ENABLE_SVR_PUBKEY_OPTIONS
177 #endif
153 178
154 #define ENABLE_CLI_PASSWORD_AUTH 179 #define ENABLE_CLI_PASSWORD_AUTH
155 #define ENABLE_CLI_PUBKEY_AUTH 180 #define ENABLE_CLI_PUBKEY_AUTH
156 #define ENABLE_CLI_INTERACT_AUTH 181 #define ENABLE_CLI_INTERACT_AUTH
182
183 /* This variable can be used to set a password for client
184 * authentication on the commandline. Beware of platforms
185 * that don't protect environment variables of processes etc. Also
186 * note that it will be provided for all "hidden" client-interactive
187 * style prompts - if you want something more sophisticated, use
188 * SSH_ASKPASS instead. Comment out this var to remove this functionality.*/
189 #define DROPBEAR_PASSWORD_ENV "DROPBEAR_PASSWORD"
157 190
158 /* Define this (as well as ENABLE_CLI_PASSWORD_AUTH) to allow the use of 191 /* Define this (as well as ENABLE_CLI_PASSWORD_AUTH) to allow the use of
159 * a helper program for the ssh client. The helper program should be 192 * a helper program for the ssh client. The helper program should be
160 * specified in the SSH_ASKPASS environment variable, and dbclient 193 * specified in the SSH_ASKPASS environment variable, and dbclient
161 * should be run with DISPLAY set and no tty. The program should 194 * should be run with DISPLAY set and no tty. The program should
167 * DROPBEAR_RANDOM_DEV is recommended on hosts with a good /dev/(u)random, 200 * DROPBEAR_RANDOM_DEV is recommended on hosts with a good /dev/(u)random,
168 * otherwise use run prngd (or egd if you want), specifying the socket. 201 * otherwise use run prngd (or egd if you want), specifying the socket.
169 * The device will be queried for a few dozen bytes of seed a couple of times 202 * The device will be queried for a few dozen bytes of seed a couple of times
170 * per session (or more for very long-lived sessions). */ 203 * per session (or more for very long-lived sessions). */
171 204
172 /* If you are lacking entropy on the system then using /dev/urandom 205 /* We'll use /dev/urandom by default, since /dev/random is too much hassle.
173 * will prevent Dropbear from blocking on the device. This could 206 * If system developers aren't keeping seeds between boots nor getting
174 * however significantly reduce the security of your ssh connections 207 * any entropy from somewhere it's their own fault. */
175 * if the PRNG state becomes guessable - make sure you know what you are 208 #define DROPBEAR_RANDOM_DEV "/dev/urandom"
176 * doing if you change this. */
177 #define DROPBEAR_RANDOM_DEV "/dev/random"
178 209
179 /* prngd must be manually set up to produce output */ 210 /* prngd must be manually set up to produce output */
180 /*#define DROPBEAR_PRNGD_SOCKET "/var/run/dropbear-rng"*/ 211 /*#define DROPBEAR_PRNGD_SOCKET "/var/run/dropbear-rng"*/
181 212
182 /* Specify the number of clients we will allow to be connected but 213 /* Specify the number of clients we will allow to be connected but
195 /* Maximum number of failed authentication tries (server option) */ 226 /* Maximum number of failed authentication tries (server option) */
196 #ifndef MAX_AUTH_TRIES 227 #ifndef MAX_AUTH_TRIES
197 #define MAX_AUTH_TRIES 10 228 #define MAX_AUTH_TRIES 10
198 #endif 229 #endif
199 230
200 /* The file to store the daemon's process ID, for shutdown scripts etc */ 231 /* The default file to store the daemon's process ID, for shutdown
232 scripts etc. This can be overridden with the -P flag */
201 #ifndef DROPBEAR_PIDFILE 233 #ifndef DROPBEAR_PIDFILE
202 #define DROPBEAR_PIDFILE "/var/run/dropbear.pid" 234 #define DROPBEAR_PIDFILE "/var/run/dropbear.pid"
203 #endif 235 #endif
204 236
205 /* The command to invoke for xauth when using X11 forwarding. 237 /* The command to invoke for xauth when using X11 forwarding.
217 249
218 /* This is used by the scp binary when used as a client binary. If you're 250 /* This is used by the scp binary when used as a client binary. If you're
219 * not using the Dropbear client, you'll need to change it */ 251 * not using the Dropbear client, you'll need to change it */
220 #define _PATH_SSH_PROGRAM "/usr/bin/dbclient" 252 #define _PATH_SSH_PROGRAM "/usr/bin/dbclient"
221 253
222 /* Multi-purpose binary configuration has now moved. Look at the top 254 /* Whether to log commands executed by a client. This only logs the
223 * of the Makefile for instructions, or INSTALL */ 255 * (single) command sent to the server, not what a user did in a
224 256 * shell/sftp session etc. */
225 /******************************************************************* 257 /* #define LOG_COMMANDS */
226 * You shouldn't edit below here unless you know you need to. 258
227 *******************************************************************/ 259 /* Window size limits. These tend to be a trade-off between memory
228 260 usage and network performance: */
229 #ifndef DROPBEAR_VERSION 261 /* Size of the network receive window. This amount of memory is allocated
230 #define DROPBEAR_VERSION "0.48" 262 as a per-channel receive buffer. Increasing this value can make a
231 #endif 263 significant difference to network performance. 24kB was empirically
232 264 chosen for a 100mbit ethernet network. The value can be altered at
233 #define LOCAL_IDENT "SSH-2.0-dropbear_" DROPBEAR_VERSION 265 runtime with the -W argument. */
234 #define PROGNAME "dropbear" 266 #define DEFAULT_RECV_WINDOW 24576
235 267 /* Maximum size of a received SSH data packet - this _MUST_ be >= 32768
236 /* Spec recommends after one hour or 1 gigabyte of data. One hour 268 in order to interoperate with other implementations */
237 * is a bit too verbose, so we try 8 hours */ 269 #define RECV_MAX_PAYLOAD_LEN 32768
238 #ifndef KEX_REKEY_TIMEOUT 270 /* Maximum size of a transmitted data packet - this can be any value,
239 #define KEX_REKEY_TIMEOUT (3600 * 8) 271 though increasing it may not make a significant difference. */
240 #endif 272 #define TRANS_MAX_PAYLOAD_LEN 16384
241 #ifndef KEX_REKEY_DATA 273
242 #define KEX_REKEY_DATA (1<<30) /* 2^30 == 1GB, this value must be < INT_MAX */ 274 /* Ensure that data is transmitted every KEEPALIVE seconds. This can
243 #endif 275 be overridden at runtime with -K. 0 disables keepalives */
244 /* Close connections to clients which haven't authorised after AUTH_TIMEOUT */ 276 #define DEFAULT_KEEPALIVE 0
245 #ifndef AUTH_TIMEOUT 277
246 #define AUTH_TIMEOUT 300 /* we choose 5 minutes */ 278 /* The default path. This will often get replaced by the shell */
247 #endif 279 #define DEFAULT_PATH "/usr/bin:/bin"
248 280
249 /* Minimum key sizes for DSS and RSA */ 281 /* Some other defines (that mostly should be left alone) are defined
250 #ifndef MIN_DSS_KEYLEN 282 * in sysoptions.h */
251 #define MIN_DSS_KEYLEN 512 283 #include "sysoptions.h"
252 #endif
253 #ifndef MIN_RSA_KEYLEN
254 #define MIN_RSA_KEYLEN 512
255 #endif
256
257 #define MAX_BANNER_SIZE 2000 /* this is 25*80 chars, any more is foolish */
258 #define MAX_BANNER_LINES 20 /* How many lines the client will display */
259
260 /* the number of NAME=VALUE pairs to malloc for environ, if we don't have
261 * the clearenv() function */
262 #define ENV_SIZE 100
263
264 #define MAX_CMD_LEN 1024 /* max length of a command */
265 #define MAX_TERM_LEN 200 /* max length of TERM name */
266
267 #define MAX_HOST_LEN 254 /* max hostname len for tcp fwding */
268 #define MAX_IP_LEN 15 /* strlen("255.255.255.255") == 15 */
269
270 #define DROPBEAR_MAX_PORTS 10 /* max number of ports which can be specified,
271 ipv4 and ipv6 don't count twice */
272
273 #define _PATH_TTY "/dev/tty"
274
275 #define _PATH_CP "/bin/cp"
276
277 /* Timeouts in seconds */
278 #define SELECT_TIMEOUT 20
279
280 /* success/failure defines */
281 #define DROPBEAR_SUCCESS 0
282 #define DROPBEAR_FAILURE -1
283
284 /* various algorithm identifiers */
285 #define DROPBEAR_KEX_DH_GROUP1 0
286
287 #define DROPBEAR_SIGNKEY_ANY 0
288 #define DROPBEAR_SIGNKEY_RSA 1
289 #define DROPBEAR_SIGNKEY_DSS 2
290 #define DROPBEAR_SIGNKEY_NONE 3
291
292 #define DROPBEAR_COMP_NONE 0
293 #define DROPBEAR_COMP_ZLIB 1
294
295 /* Required for pubkey auth */
296 #if defined(ENABLE_SVR_PUBKEY_AUTH) || defined(DROPBEAR_CLIENT)
297 #define DROPBEAR_SIGNKEY_VERIFY
298 #endif
299
300 /* SHA1 is 20 bytes == 160 bits */
301 #define SHA1_HASH_SIZE 20
302 /* SHA512 is 64 bytes == 512 bits */
303 #define SHA512_HASH_SIZE 64
304 /* MD5 is 16 bytes = 128 bits */
305 #define MD5_HASH_SIZE 16
306
307 /* largest of MD5 and SHA1 */
308 #define MAX_MAC_LEN SHA1_HASH_SIZE
309
310
311 #define MAX_KEY_LEN 32 /* 256 bits for aes256 etc */
312 #define MAX_IV_LEN 20 /* must be same as max blocksize,
313 and >= SHA1_HASH_SIZE */
314 #define MAX_MAC_KEY 20
315
316 #define MAX_NAME_LEN 64 /* maximum length of a protocol name, isn't
317 explicitly specified for all protocols (just
318 for algos) but seems valid */
319
320 #define MAX_PROPOSED_ALGO 20
321
322 /* size/count limits */
323 #define MAX_LISTEN_ADDR 10
324
325 #define MAX_PACKET_LEN 35000
326 #define MIN_PACKET_LEN 16
327 #define MAX_PAYLOAD_LEN 32768
328
329 #define MAX_TRANS_PAYLOAD_LEN 32768
330 #define MAX_TRANS_PACKET_LEN (MAX_TRANS_PAYLOAD_LEN+50)
331
332 #define MAX_TRANS_WINDOW 500000000 /* 500MB is sufficient, stopping overflow */
333 #define MAX_TRANS_WIN_INCR 500000000 /* overflow prevention */
334
335 #define MAX_STRING_LEN 1400 /* ~= MAX_PROPOSED_ALGO * MAX_NAME_LEN, also
336 is the max length for a password etc */
337
338 /* For a 4096 bit DSS key, empirically determined */
339 #define MAX_PUBKEY_SIZE 1700
340 /* For a 4096 bit DSS key, empirically determined */
341 #define MAX_PRIVKEY_SIZE 1700
342
343 /* The maximum size of the bignum portion of the kexhash buffer */
344 /* Sect. 8 of the transport draft, K_S + e + f + K */
345 #define KEXHASHBUF_MAX_INTS (1700 + 130 + 130 + 130)
346
347 #define DROPBEAR_MAX_SOCKS 2 /* IPv4, IPv6 are all we'll get for now. Revisit
348 in a few years time.... */
349
350 #define DROPBEAR_MAX_CLI_PASS 1024
351
352 #define DROPBEAR_MAX_CLI_INTERACT_PROMPTS 80 /* The number of prompts we'll
353 accept for keyb-interactive
354 auth */
355
356 #if defined(DROPBEAR_AES256_CBC) || defined(DROPBEAR_AES128_CBC)
357 #define DROPBEAR_AES_CBC
358 #endif
359
360 #if defined(DROPBEAR_TWOFISH256_CBC) || defined(DROPBEAR_TWOFISH128_CBC)
361 #define DROPBEAR_TWOFISH_CBC
362 #endif
363
364 #ifndef ENABLE_X11FWD
365 #define DISABLE_X11FWD
366 #endif
367
368 #ifndef ENABLE_AGENTFWD
369 #define DISABLE_AGENTFWD
370 #endif
371
372 #if defined(ENABLE_CLI_REMOTETCPFWD) || defined(ENABLE_CLI_LOCALTCPFWD)
373 #define ENABLE_CLI_ANYTCPFWD
374 #endif
375
376 #if defined(ENABLE_CLI_LOCALTCPFWD) || defined(ENABLE_SVR_REMOTETCPFWD)
377 #define DROPBEAR_TCP_ACCEPT
378 #endif
379
380 #if defined(ENABLE_CLI_REMOTETCPFWD) || defined(ENABLE_CLI_LOCALTCPFWD) || \
381 defined(ENABLE_SVR_REMOTETCPFWD) || defined(ENABLE_SVR_LOCALTCPFWD) || \
382 defined(ENABLE_AGENTFWD) || defined(ENABLE_X11FWD)
383 #define USING_LISTENERS
384 #endif
385
386 #if defined(DROPBEAR_CLIENT) || defined(ENABLE_SVR_PUBKEY_AUTH)
387 #define DROPBEAR_KEY_LINES /* ie we're using authorized_keys or known_hosts */
388 #endif
389
390 #if defined(ENABLE_SVR_PASSWORD_AUTH) && defined(ENABLE_SVR_PAM_AUTH)
391 #error "You can't turn on PASSWORD and PAM auth both at once. Fix it in options.h"
392 #endif
393
394 #if defined(DROPBEAR_RANDOM_DEV) && defined(DROPBEAR_PRNGD_SOCKET)
395 #error "You can't turn on DROPBEAR_PRNGD_SOCKET and DROPBEAR_RANDOM_DEV at once"
396 #endif
397
398 #if !defined(DROPBEAR_RANDOM_DEV) && !defined(DROPBEAR_PRNGD_SOCKET)
399 #error "You must choose one of DROPBEAR_PRNGD_SOCKET or DROPBEAR_RANDOM_DEV in options.h"
400 #endif
401
402 /* We use dropbear_client and dropbear_server as shortcuts to avoid redundant
403 * code, if we're just compiling as client or server */
404 #if defined(DROPBEAR_SERVER) && defined(DROPBEAR_CLIENT)
405
406 #define IS_DROPBEAR_SERVER (ses.isserver == 1)
407 #define IS_DROPBEAR_CLIENT (ses.isserver == 0)
408
409 #elif defined(DROPBEAR_SERVER)
410
411 #define IS_DROPBEAR_SERVER 1
412 #define IS_DROPBEAR_CLIENT 0
413
414 #elif defined(DROPBEAR_CLIENT)
415
416 #define IS_DROPBEAR_SERVER 0
417 #define IS_DROPBEAR_CLIENT 1
418
419 #else
420 #error You must compiled with either DROPBEAR_CLIENT or DROPBEAR_SERVER selected
421 #endif
422 284
423 #endif /* _OPTIONS_H_ */ 285 #endif /* _OPTIONS_H_ */