Mercurial > dropbear
comparison sysoptions.h @ 1514:6c16a05023aa
rename some options and move some to sysoptions.h
author | Matt Johnston <matt@ucc.asn.au> |
---|---|
date | Sun, 18 Feb 2018 00:29:17 +0800 |
parents | 2d450c1056e3 |
children | 7c7c5326ad73 |
comparison
equal
deleted
inserted
replaced
1513:c7675aa88880 | 1514:6c16a05023aa |
---|---|
21 /* Close connections to clients which haven't authorised after AUTH_TIMEOUT */ | 21 /* Close connections to clients which haven't authorised after AUTH_TIMEOUT */ |
22 #ifndef AUTH_TIMEOUT | 22 #ifndef AUTH_TIMEOUT |
23 #define AUTH_TIMEOUT 300 /* we choose 5 minutes */ | 23 #define AUTH_TIMEOUT 300 /* we choose 5 minutes */ |
24 #endif | 24 #endif |
25 | 25 |
26 #define DROPBEAR_SVR_PUBKEY_OPTIONS_BUILT ((DROPBEAR_SVR_PUBKEY_AUTH) && (DROPBEAR_SVR_PUBKEY_OPTIONS)) | 26 #define DROPBEAR_SVR_PUBKEY_OPTIONS_BUILT ((DROPBEAR_SVR_PUBKEY_AUTH) && (DROPBEAR_SVR_PUBKEY_OPTIONS)) |
27 | |
28 #if !(NON_INETD_MODE || INETD_MODE) | |
29 #error "NON_INETD_MODE or INETD_MODE (or both) must be enabled." | |
30 #endif | |
27 | 31 |
28 /* A client should try and send an initial key exchange packet guessing | 32 /* A client should try and send an initial key exchange packet guessing |
29 * the algorithm that will match - saves a round trip connecting, has little | 33 * the algorithm that will match - saves a round trip connecting, has little |
30 * overhead if the guess was "wrong". */ | 34 * overhead if the guess was "wrong". */ |
31 #ifndef DROPBEAR_KEX_FIRST_FOLLOWS | 35 #ifndef DROPBEAR_KEX_FIRST_FOLLOWS |
203 | 207 |
204 #if (DROPBEAR_SVR_PASSWORD_AUTH) && (DROPBEAR_SVR_PAM_AUTH) | 208 #if (DROPBEAR_SVR_PASSWORD_AUTH) && (DROPBEAR_SVR_PAM_AUTH) |
205 #error "You can't turn on PASSWORD and PAM auth both at once. Fix it in options.h" | 209 #error "You can't turn on PASSWORD and PAM auth both at once. Fix it in options.h" |
206 #endif | 210 #endif |
207 | 211 |
212 /* PAM requires ./configure --enable-pam */ | |
213 #if !defined(HAVE_LIBPAM) && DROPBEAR_SVR_PAM_AUTH | |
214 #error "DROPBEAR_SVR_PATM_AUTH requires PAM headers. Perhaps ./configure --enable-pam ?" | |
215 #endif | |
216 | |
217 #if DROPBEAR_SVR_PASSWORD_AUTH && !HAVE_CRYPT | |
218 #error "DROPBEAR_SVR_PASSWORD_AUTH requires `crypt()'." | |
219 #endif | |
220 | |
221 #if !(DROPBEAR_SVR_PASSWORD_AUTH || DROPBEAR_SVR_PAM_AUTH || DROPBEAR_SVR_PUBKEY_AUTH) | |
222 #error "At least one server authentication type must be enabled. DROPBEAR_SVR_PUBKEY_AUTH and DROPBEAR_SVR_PASSWORD_AUTH are recommended." | |
223 #endif | |
224 | |
225 | |
226 #if !(DROPBEAR_AES128 || DROPBEAR_3DES || DROPBEAR_AES256 || DROPBEAR_BLOWFISH \ | |
227 || DROPBEAR_TWOFISH256 || DROPBEAR_TWOFISH128) | |
228 #error "At least one encryption algorithm must be enabled. AES128 is recommended." | |
229 #endif | |
230 | |
231 #if !(DROPBEAR_RSA || DROPBEAR_DSS || DROPBEAR_ECDSA) | |
232 #error "At least one hostkey or public-key algorithm must be enabled; RSA is recommended." | |
233 #endif | |
234 | |
235 /* Source for randomness. This must be able to provide hundreds of bytes per SSH | |
236 * connection without blocking. */ | |
237 #ifndef DROPBEAR_URANDOM_DEV | |
238 #define DROPBEAR_URANDOM_DEV "/dev/urandom" | |
239 #endif | |
240 | |
241 /* client keyboard interactive authentication is often used for password auth. | |
242 rfc4256 */ | |
243 #define DROPBEAR_CLI_INTERACT_AUTH (DROPBEAR_CLI_PASSWORD_AUTH) | |
244 | |
208 /* We use dropbear_client and dropbear_server as shortcuts to avoid redundant | 245 /* We use dropbear_client and dropbear_server as shortcuts to avoid redundant |
209 * code, if we're just compiling as client or server */ | 246 * code, if we're just compiling as client or server */ |
210 #if (DROPBEAR_SERVER) && (DROPBEAR_CLIENT) | 247 #if (DROPBEAR_SERVER) && (DROPBEAR_CLIENT) |
211 | 248 |
212 #define IS_DROPBEAR_SERVER (ses.isserver == 1) | 249 #define IS_DROPBEAR_SERVER (ses.isserver == 1) |