comparison sysoptions.h @ 1514:6c16a05023aa

rename some options and move some to sysoptions.h
author Matt Johnston <matt@ucc.asn.au>
date Sun, 18 Feb 2018 00:29:17 +0800
parents 2d450c1056e3
children 7c7c5326ad73
comparison
equal deleted inserted replaced
1513:c7675aa88880 1514:6c16a05023aa
21 /* Close connections to clients which haven't authorised after AUTH_TIMEOUT */ 21 /* Close connections to clients which haven't authorised after AUTH_TIMEOUT */
22 #ifndef AUTH_TIMEOUT 22 #ifndef AUTH_TIMEOUT
23 #define AUTH_TIMEOUT 300 /* we choose 5 minutes */ 23 #define AUTH_TIMEOUT 300 /* we choose 5 minutes */
24 #endif 24 #endif
25 25
26 #define DROPBEAR_SVR_PUBKEY_OPTIONS_BUILT ((DROPBEAR_SVR_PUBKEY_AUTH) && (DROPBEAR_SVR_PUBKEY_OPTIONS)) 26 #define DROPBEAR_SVR_PUBKEY_OPTIONS_BUILT ((DROPBEAR_SVR_PUBKEY_AUTH) && (DROPBEAR_SVR_PUBKEY_OPTIONS))
27
28 #if !(NON_INETD_MODE || INETD_MODE)
29 #error "NON_INETD_MODE or INETD_MODE (or both) must be enabled."
30 #endif
27 31
28 /* A client should try and send an initial key exchange packet guessing 32 /* A client should try and send an initial key exchange packet guessing
29 * the algorithm that will match - saves a round trip connecting, has little 33 * the algorithm that will match - saves a round trip connecting, has little
30 * overhead if the guess was "wrong". */ 34 * overhead if the guess was "wrong". */
31 #ifndef DROPBEAR_KEX_FIRST_FOLLOWS 35 #ifndef DROPBEAR_KEX_FIRST_FOLLOWS
203 207
204 #if (DROPBEAR_SVR_PASSWORD_AUTH) && (DROPBEAR_SVR_PAM_AUTH) 208 #if (DROPBEAR_SVR_PASSWORD_AUTH) && (DROPBEAR_SVR_PAM_AUTH)
205 #error "You can't turn on PASSWORD and PAM auth both at once. Fix it in options.h" 209 #error "You can't turn on PASSWORD and PAM auth both at once. Fix it in options.h"
206 #endif 210 #endif
207 211
212 /* PAM requires ./configure --enable-pam */
213 #if !defined(HAVE_LIBPAM) && DROPBEAR_SVR_PAM_AUTH
214 #error "DROPBEAR_SVR_PATM_AUTH requires PAM headers. Perhaps ./configure --enable-pam ?"
215 #endif
216
217 #if DROPBEAR_SVR_PASSWORD_AUTH && !HAVE_CRYPT
218 #error "DROPBEAR_SVR_PASSWORD_AUTH requires `crypt()'."
219 #endif
220
221 #if !(DROPBEAR_SVR_PASSWORD_AUTH || DROPBEAR_SVR_PAM_AUTH || DROPBEAR_SVR_PUBKEY_AUTH)
222 #error "At least one server authentication type must be enabled. DROPBEAR_SVR_PUBKEY_AUTH and DROPBEAR_SVR_PASSWORD_AUTH are recommended."
223 #endif
224
225
226 #if !(DROPBEAR_AES128 || DROPBEAR_3DES || DROPBEAR_AES256 || DROPBEAR_BLOWFISH \
227 || DROPBEAR_TWOFISH256 || DROPBEAR_TWOFISH128)
228 #error "At least one encryption algorithm must be enabled. AES128 is recommended."
229 #endif
230
231 #if !(DROPBEAR_RSA || DROPBEAR_DSS || DROPBEAR_ECDSA)
232 #error "At least one hostkey or public-key algorithm must be enabled; RSA is recommended."
233 #endif
234
235 /* Source for randomness. This must be able to provide hundreds of bytes per SSH
236 * connection without blocking. */
237 #ifndef DROPBEAR_URANDOM_DEV
238 #define DROPBEAR_URANDOM_DEV "/dev/urandom"
239 #endif
240
241 /* client keyboard interactive authentication is often used for password auth.
242 rfc4256 */
243 #define DROPBEAR_CLI_INTERACT_AUTH (DROPBEAR_CLI_PASSWORD_AUTH)
244
208 /* We use dropbear_client and dropbear_server as shortcuts to avoid redundant 245 /* We use dropbear_client and dropbear_server as shortcuts to avoid redundant
209 * code, if we're just compiling as client or server */ 246 * code, if we're just compiling as client or server */
210 #if (DROPBEAR_SERVER) && (DROPBEAR_CLIENT) 247 #if (DROPBEAR_SERVER) && (DROPBEAR_CLIENT)
211 248
212 #define IS_DROPBEAR_SERVER (ses.isserver == 1) 249 #define IS_DROPBEAR_SERVER (ses.isserver == 1)