Mercurial > dropbear
comparison sysoptions.h @ 1514:6c16a05023aa
rename some options and move some to sysoptions.h
| author | Matt Johnston <matt@ucc.asn.au> |
|---|---|
| date | Sun, 18 Feb 2018 00:29:17 +0800 |
| parents | 2d450c1056e3 |
| children | 7c7c5326ad73 |
comparison
equal
deleted
inserted
replaced
| 1513:c7675aa88880 | 1514:6c16a05023aa |
|---|---|
| 21 /* Close connections to clients which haven't authorised after AUTH_TIMEOUT */ | 21 /* Close connections to clients which haven't authorised after AUTH_TIMEOUT */ |
| 22 #ifndef AUTH_TIMEOUT | 22 #ifndef AUTH_TIMEOUT |
| 23 #define AUTH_TIMEOUT 300 /* we choose 5 minutes */ | 23 #define AUTH_TIMEOUT 300 /* we choose 5 minutes */ |
| 24 #endif | 24 #endif |
| 25 | 25 |
| 26 #define DROPBEAR_SVR_PUBKEY_OPTIONS_BUILT ((DROPBEAR_SVR_PUBKEY_AUTH) && (DROPBEAR_SVR_PUBKEY_OPTIONS)) | 26 #define DROPBEAR_SVR_PUBKEY_OPTIONS_BUILT ((DROPBEAR_SVR_PUBKEY_AUTH) && (DROPBEAR_SVR_PUBKEY_OPTIONS)) |
| 27 | |
| 28 #if !(NON_INETD_MODE || INETD_MODE) | |
| 29 #error "NON_INETD_MODE or INETD_MODE (or both) must be enabled." | |
| 30 #endif | |
| 27 | 31 |
| 28 /* A client should try and send an initial key exchange packet guessing | 32 /* A client should try and send an initial key exchange packet guessing |
| 29 * the algorithm that will match - saves a round trip connecting, has little | 33 * the algorithm that will match - saves a round trip connecting, has little |
| 30 * overhead if the guess was "wrong". */ | 34 * overhead if the guess was "wrong". */ |
| 31 #ifndef DROPBEAR_KEX_FIRST_FOLLOWS | 35 #ifndef DROPBEAR_KEX_FIRST_FOLLOWS |
| 203 | 207 |
| 204 #if (DROPBEAR_SVR_PASSWORD_AUTH) && (DROPBEAR_SVR_PAM_AUTH) | 208 #if (DROPBEAR_SVR_PASSWORD_AUTH) && (DROPBEAR_SVR_PAM_AUTH) |
| 205 #error "You can't turn on PASSWORD and PAM auth both at once. Fix it in options.h" | 209 #error "You can't turn on PASSWORD and PAM auth both at once. Fix it in options.h" |
| 206 #endif | 210 #endif |
| 207 | 211 |
| 212 /* PAM requires ./configure --enable-pam */ | |
| 213 #if !defined(HAVE_LIBPAM) && DROPBEAR_SVR_PAM_AUTH | |
| 214 #error "DROPBEAR_SVR_PATM_AUTH requires PAM headers. Perhaps ./configure --enable-pam ?" | |
| 215 #endif | |
| 216 | |
| 217 #if DROPBEAR_SVR_PASSWORD_AUTH && !HAVE_CRYPT | |
| 218 #error "DROPBEAR_SVR_PASSWORD_AUTH requires `crypt()'." | |
| 219 #endif | |
| 220 | |
| 221 #if !(DROPBEAR_SVR_PASSWORD_AUTH || DROPBEAR_SVR_PAM_AUTH || DROPBEAR_SVR_PUBKEY_AUTH) | |
| 222 #error "At least one server authentication type must be enabled. DROPBEAR_SVR_PUBKEY_AUTH and DROPBEAR_SVR_PASSWORD_AUTH are recommended." | |
| 223 #endif | |
| 224 | |
| 225 | |
| 226 #if !(DROPBEAR_AES128 || DROPBEAR_3DES || DROPBEAR_AES256 || DROPBEAR_BLOWFISH \ | |
| 227 || DROPBEAR_TWOFISH256 || DROPBEAR_TWOFISH128) | |
| 228 #error "At least one encryption algorithm must be enabled. AES128 is recommended." | |
| 229 #endif | |
| 230 | |
| 231 #if !(DROPBEAR_RSA || DROPBEAR_DSS || DROPBEAR_ECDSA) | |
| 232 #error "At least one hostkey or public-key algorithm must be enabled; RSA is recommended." | |
| 233 #endif | |
| 234 | |
| 235 /* Source for randomness. This must be able to provide hundreds of bytes per SSH | |
| 236 * connection without blocking. */ | |
| 237 #ifndef DROPBEAR_URANDOM_DEV | |
| 238 #define DROPBEAR_URANDOM_DEV "/dev/urandom" | |
| 239 #endif | |
| 240 | |
| 241 /* client keyboard interactive authentication is often used for password auth. | |
| 242 rfc4256 */ | |
| 243 #define DROPBEAR_CLI_INTERACT_AUTH (DROPBEAR_CLI_PASSWORD_AUTH) | |
| 244 | |
| 208 /* We use dropbear_client and dropbear_server as shortcuts to avoid redundant | 245 /* We use dropbear_client and dropbear_server as shortcuts to avoid redundant |
| 209 * code, if we're just compiling as client or server */ | 246 * code, if we're just compiling as client or server */ |
| 210 #if (DROPBEAR_SERVER) && (DROPBEAR_CLIENT) | 247 #if (DROPBEAR_SERVER) && (DROPBEAR_CLIENT) |
| 211 | 248 |
| 212 #define IS_DROPBEAR_SERVER (ses.isserver == 1) | 249 #define IS_DROPBEAR_SERVER (ses.isserver == 1) |