Mercurial > dropbear

comparison sysoptions.h @ 1295:750ec4ec4cbe

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Convert #ifdef to #if, other build changes
author Matt Johnston <matt@ucc.asn.au>
date Wed, 04 May 2016 15:33:40 +0200
parents 56aba7dedbea
children 2c9dac2d6707
comparison
equal deleted inserted replaced
1294:56aba7dedbea 1295:750ec4ec4cbe
21 /* Close connections to clients which haven't authorised after AUTH_TIMEOUT */ 21 /* Close connections to clients which haven't authorised after AUTH_TIMEOUT */
22 #ifndef AUTH_TIMEOUT 22 #ifndef AUTH_TIMEOUT
23 #define AUTH_TIMEOUT 300 /* we choose 5 minutes */ 23 #define AUTH_TIMEOUT 300 /* we choose 5 minutes */
24 #endif 24 #endif
25 25
26 #define DROPBEAR_SVR_PUBKEY_OPTIONS_BUILT ((DROPBEAR_SVR_PUBKEY_AUTH) && (DROPBEAR_SVR_PUBKEY_OPTIONS))
27
26 /* A client should try and send an initial key exchange packet guessing 28 /* A client should try and send an initial key exchange packet guessing
27 * the algorithm that will match - saves a round trip connecting, has little 29 * the algorithm that will match - saves a round trip connecting, has little
28 * overhead if the guess was "wrong". */ 30 * overhead if the guess was "wrong". */
29 #define USE_KEX_FIRST_FOLLOWS 31 #ifndef DROPBEAR_KEX_FIRST_FOLLOWS
32 #define DROPBEAR_KEX_FIRST_FOLLOWS 1
33 #endif
30 /* Use protocol extension to allow "first follows" to succeed more frequently. 34 /* Use protocol extension to allow "first follows" to succeed more frequently.
31 * This is currently Dropbear-specific but will gracefully fallback when connecting 35 * This is currently Dropbear-specific but will gracefully fallback when connecting
32 * to other implementations. */ 36 * to other implementations. */
33 #define USE_KEXGUESS2 37 #ifndef DROPBEAR_KEXGUESS2
38 #define DROPBEAR_KEXGUESS2 1
39 #endif
34 40
35 /* Minimum key sizes for DSS and RSA */ 41 /* Minimum key sizes for DSS and RSA */
36 #ifndef MIN_DSS_KEYLEN 42 #ifndef MIN_DSS_KEYLEN
37 #define MIN_DSS_KEYLEN 512 43 #define MIN_DSS_KEYLEN 512
38 #endif 44 #endif
66 #define DROPBEAR_ESCAPE_CHAR '~' 72 #define DROPBEAR_ESCAPE_CHAR '~'
67 73
68 /* success/failure defines */ 74 /* success/failure defines */
69 #define DROPBEAR_SUCCESS 0 75 #define DROPBEAR_SUCCESS 0
70 #define DROPBEAR_FAILURE -1 76 #define DROPBEAR_FAILURE -1
77
78 #define DROPBEAR_PASSWORD_ENV "DROPBEAR_PASSWORD"
71 79
72 /* Required for pubkey auth */ 80 /* Required for pubkey auth */
73 #if defined(ENABLE_SVR_PUBKEY_AUTH) || defined(DROPBEAR_CLIENT) 81 #define DROPBEAR_SIGNKEY_VERIFY ((DROPBEAR_SVR_PUBKEY_AUTH) || (DROPBEAR_CLIENT))
74 #define DROPBEAR_SIGNKEY_VERIFY
75 #endif
76 82
77 #define SHA1_HASH_SIZE 20 83 #define SHA1_HASH_SIZE 20
78 #define MD5_HASH_SIZE 16 84 #define MD5_HASH_SIZE 16
79 #define MAX_HASH_SIZE 64 /* sha512 */ 85 #define MAX_HASH_SIZE 64 /* sha512 */
80 86
81 #define MAX_KEY_LEN 32 /* 256 bits for aes256 etc */ 87 #define MAX_KEY_LEN 32 /* 256 bits for aes256 etc */
82 #define MAX_IV_LEN 20 /* must be same as max blocksize, */ 88 #define MAX_IV_LEN 20 /* must be same as max blocksize, */
83 89
84 #if defined(DROPBEAR_SHA2_512_HMAC) 90 #if DROPBEAR_SHA2_512_HMAC
85 #define MAX_MAC_LEN 64 91 #define MAX_MAC_LEN 64
86 #elif defined(DROPBEAR_SHA2_256_HMAC) 92 #elif DROPBEAR_SHA2_256_HMAC
87 #define MAX_MAC_LEN 32 93 #define MAX_MAC_LEN 32
88 #else 94 #else
89 #define MAX_MAC_LEN 20 95 #define MAX_MAC_LEN 20
90 #endif 96 #endif
91 97
92 #if defined(DROPBEAR_ECDH) || defined (DROPBEAR_ECDSA) 98
93 #define DROPBEAR_ECC 99 #define DROPBEAR_ECC ((DROPBEAR_ECDH) || (DROPBEAR_ECDSA))
100
94 /* Debian doesn't define this in system headers */ 101 /* Debian doesn't define this in system headers */
95 #ifndef LTM_DESC 102 #if !defined(LTM_DESC) && (DROPBEAR_ECC)
96 #define LTM_DESC 103 #define LTM_DESC
97 #endif 104 #endif
98 #endif 105
99 106 #define DROPBEAR_ECC_256 (DROPBEAR_ECC)
100 #ifdef DROPBEAR_ECC 107 #define DROPBEAR_ECC_384 (DROPBEAR_ECC)
101 #define DROPBEAR_ECC_256 108 #define DROPBEAR_ECC_521 (DROPBEAR_ECC)
102 #define DROPBEAR_ECC_384 109
103 #define DROPBEAR_ECC_521 110 #define DROPBEAR_LTC_PRNG (DROPBEAR_ECC)
104 #endif
105
106 #ifdef DROPBEAR_ECC
107 #define DROPBEAR_LTC_PRNG
108 #endif
109 111
110 /* RSA can be vulnerable to timing attacks which use the time required for 112 /* RSA can be vulnerable to timing attacks which use the time required for
111 * signing to guess the private key. Blinding avoids this attack, though makes 113 * signing to guess the private key. Blinding avoids this attack, though makes
112 * signing operations slightly slower. */ 114 * signing operations slightly slower. */
113 #define RSA_BLINDING 115 #define DROPBEAR_RSA_BLINDING 1
114 116
115 /* hashes which will be linked and registered */ 117 /* hashes which will be linked and registered */
116 #if defined(DROPBEAR_SHA2_256_HMAC) || defined(DROPBEAR_ECC_256) || defined(DROPBEAR_CURVE25519) || DROPBEAR_DH_GROUP14_SHA256 118 #define DROPBEAR_SHA256 ((DROPBEAR_SHA2_256_HMAC) || (DROPBEAR_ECC_256) \
117 #define DROPBEAR_SHA256 119 || (DROPBEAR_CURVE25519) || (DROPBEAR_DH_GROUP14_SHA256))
118 #endif 120 #define DROPBEAR_SHA384 (DROPBEAR_ECC_384)
119 #if defined(DROPBEAR_ECC_384)
120 #define DROPBEAR_SHA384
121 #endif
122 /* LTC SHA384 depends on SHA512 */ 121 /* LTC SHA384 depends on SHA512 */
123 #if defined(DROPBEAR_SHA2_512_HMAC) || defined(DROPBEAR_ECC_521) || defined(DROPBEAR_ECC_384) || DROPBEAR_DH_GROUP16 122 #define DROPBEAR_SHA512 ((DROPBEAR_SHA2_512_HMAC) || (DROPBEAR_ECC_521) \
124 #define DROPBEAR_SHA512 123 || (DROPBEAR_SHA384) || (DROPBEAR_DH_GROUP16))
125 #endif 124 #define DROPBEAR_MD5 (DROPBEAR_MD5_HMAC)
126 #if defined(DROPBEAR_MD5_HMAC) 125
127 #define DROPBEAR_MD5 126 #define DROPBEAR_DH_GROUP14 ((DROPBEAR_DH_GROUP14_SHA256) || (DROPBEAR_DH_GROUP14_SHA1))
128 #endif 127
129 128 #define DROPBEAR_NORMAL_DH ((DROPBEAR_DH_GROUP1) || (DROPBEAR_DH_GROUP14) || (DROPBEAR_DH_GROUP16))
130 #if DROPBEAR_DH_GROUP14_SHA256 || DROPBEAR_DH_GROUP14_SHA1
131 #define DROPBEAR_DH_GROUP14 1
132 #endif
133
134 #if DROPBEAR_DH_GROUP1 || DROPBEAR_DH_GROUP14 || DROPBEAR_DH_GROUP16
135 #define DROPBEAR_NORMAL_DH 1
136 #endif
137 129
138 /* roughly 2x 521 bits */ 130 /* roughly 2x 521 bits */
139 #define MAX_ECC_SIZE 140 131 #define MAX_ECC_SIZE 140
140 132
141 #define MAX_NAME_LEN 64 /* maximum length of a protocol name, isn't 133 #define MAX_NAME_LEN 64 /* maximum length of a protocol name, isn't
183 #define DROPBEAR_MAX_CLI_INTERACT_PROMPTS 80 /* The number of prompts we'll 175 #define DROPBEAR_MAX_CLI_INTERACT_PROMPTS 80 /* The number of prompts we'll
184 accept for keyb-interactive 176 accept for keyb-interactive
185 auth */ 177 auth */
186 178
187 179
188 #if defined(DROPBEAR_AES256) || defined(DROPBEAR_AES128) 180 #define DROPBEAR_AES ((DROPBEAR_AES256) || (DROPBEAR_AES128))
189 #define DROPBEAR_AES 181
190 #endif 182 #define DROPBEAR_TWOFISH ((DROPBEAR_TWOFISH256) || (DROPBEAR_TWOFISH128))
191 183
192 #if defined(DROPBEAR_TWOFISH256) || defined(DROPBEAR_TWOFISH128) 184 #define DROPBEAR_CLI_ANYTCPFWD ((DROPBEAR_CLI_REMOTETCPFWD) || (DROPBEAR_CLI_LOCALTCPFWD))
193 #define DROPBEAR_TWOFISH 185
194 #endif 186 #define DROPBEAR_TCP_ACCEPT ((DROPBEAR_CLI_LOCALTCPFWD) || (DROPBEAR_SVR_REMOTETCPFWD))
195 187
196 #ifndef ENABLE_X11FWD 188 #define DROPBEAR_LISTENERS \
197 #define DISABLE_X11FWD 189 ((DROPBEAR_CLI_REMOTETCPFWD) || (DROPBEAR_CLI_LOCALTCPFWD) || \
198 #endif 190 (DROPBEAR_SVR_REMOTETCPFWD) || (DROPBEAR_SVR_LOCALTCPFWD) || \
199 191 (DROPBEAR_SVR_AGENTFWD) || (DROPBEAR_X11FWD))
200 #if defined(ENABLE_CLI_REMOTETCPFWD) || defined(ENABLE_CLI_LOCALTCPFWD) 192
201 #define ENABLE_CLI_ANYTCPFWD 193 #define DROPBEAR_CLI_MULTIHOP ((DROPBEAR_CLI_NETCAT) && (DROPBEAR_CLI_PROXYCMD))
202 #endif 194
203 195 #define ENABLE_CONNECT_UNIX ((DROPBEAR_CLI_AGENTFWD) || (DROPBEAR_PRNGD_SOCKET))
204 #if defined(ENABLE_CLI_LOCALTCPFWD) || defined(ENABLE_SVR_REMOTETCPFWD) 196
205 #define DROPBEAR_TCP_ACCEPT 197 /* if we're using authorized_keys or known_hosts */
206 #endif 198 #define DROPBEAR_KEY_LINES ((DROPBEAR_CLIENT) || (DROPBEAR_SVR_PUBKEY_AUTH))
207
208 #if defined(ENABLE_CLI_REMOTETCPFWD) || defined(ENABLE_CLI_LOCALTCPFWD) || \
209 defined(ENABLE_SVR_REMOTETCPFWD) || defined(ENABLE_SVR_LOCALTCPFWD) || \
210 defined(ENABLE_SVR_AGENTFWD) || defined(ENABLE_X11FWD)
211 #define USING_LISTENERS
212 #endif
213
214 #if defined(ENABLE_CLI_NETCAT) && defined(ENABLE_CLI_PROXYCMD)
215 #define ENABLE_CLI_MULTIHOP
216 #endif
217
218 #if defined(ENABLE_CLI_AGENTFWD) || defined(DROPBEAR_PRNGD_SOCKET)
219 #define ENABLE_CONNECT_UNIX
220 #endif
221
222 #if defined(DROPBEAR_CLIENT) || defined(ENABLE_SVR_PUBKEY_AUTH)
223 #define DROPBEAR_KEY_LINES /* ie we're using authorized_keys or known_hosts */
224 #endif
225 199
226 /* Changing this is inadvisable, it appears to have problems 200 /* Changing this is inadvisable, it appears to have problems
227 * with flushing compressed data */ 201 * with flushing compressed data */
228 #define DROPBEAR_ZLIB_MEM_LEVEL 8 202 #define DROPBEAR_ZLIB_MEM_LEVEL 8
229 203
230 #if defined(ENABLE_SVR_PASSWORD_AUTH) && defined(ENABLE_SVR_PAM_AUTH) 204 #if (DROPBEAR_SVR_PASSWORD_AUTH) && (DROPBEAR_SVR_PAM_AUTH)
231 #error "You can't turn on PASSWORD and PAM auth both at once. Fix it in options.h" 205 #error "You can't turn on PASSWORD and PAM auth both at once. Fix it in options.h"
232 #endif 206 #endif
233 207
234 /* We use dropbear_client and dropbear_server as shortcuts to avoid redundant 208 /* We use dropbear_client and dropbear_server as shortcuts to avoid redundant
235 * code, if we're just compiling as client or server */ 209 * code, if we're just compiling as client or server */
236 #if defined(DROPBEAR_SERVER) && defined(DROPBEAR_CLIENT) 210 #if (DROPBEAR_SERVER) && (DROPBEAR_CLIENT)
237 211
238 #define IS_DROPBEAR_SERVER (ses.isserver == 1) 212 #define IS_DROPBEAR_SERVER (ses.isserver == 1)
239 #define IS_DROPBEAR_CLIENT (ses.isserver == 0) 213 #define IS_DROPBEAR_CLIENT (ses.isserver == 0)
240 214
241 #elif defined(DROPBEAR_SERVER) 215 #elif DROPBEAR_SERVER
242 216
243 #define IS_DROPBEAR_SERVER 1 217 #define IS_DROPBEAR_SERVER 1
244 #define IS_DROPBEAR_CLIENT 0 218 #define IS_DROPBEAR_CLIENT 0
245 219
246 #elif defined(DROPBEAR_CLIENT) 220 #elif DROPBEAR_CLIENT
247 221
248 #define IS_DROPBEAR_SERVER 0 222 #define IS_DROPBEAR_SERVER 0
249 #define IS_DROPBEAR_CLIENT 1 223 #define IS_DROPBEAR_CLIENT 1
250 224
251 #else 225 #else
253 #define IS_DROPBEAR_SERVER 0 227 #define IS_DROPBEAR_SERVER 0
254 #define IS_DROPBEAR_CLIENT 0 228 #define IS_DROPBEAR_CLIENT 0
255 229
256 #endif /* neither DROPBEAR_SERVER nor DROPBEAR_CLIENT */ 230 #endif /* neither DROPBEAR_SERVER nor DROPBEAR_CLIENT */
257 231
258 #ifndef HAVE_FORK 232 #ifdef HAVE_FORK
259 #define USE_VFORK 233 #define DROPBEAR_VFORK 0
260 #endif /* don't HAVE_FORK */ 234 #else
235 #define DROPBEAR_VFORK 1
236 #endif
261 237
262 #if MAX_UNAUTH_CLIENTS > MAX_CHANNELS 238 #if MAX_UNAUTH_CLIENTS > MAX_CHANNELS
263 #define DROPBEAR_LISTEN_BACKLOG MAX_UNAUTH_CLIENTS 239 #define DROPBEAR_LISTEN_BACKLOG MAX_UNAUTH_CLIENTS
264 #else 240 #else
265 #define DROPBEAR_LISTEN_BACKLOG MAX_CHANNELS 241 #define DROPBEAR_LISTEN_BACKLOG MAX_CHANNELS
266 #endif 242 #endif
267 243
244 #ifndef DROPBEAR_NONE_CIPHER
245 #define DROPBEAR_NONE_CIPHER 0
246 #endif
247
268 /* free memory before exiting */ 248 /* free memory before exiting */
269 #define DROPBEAR_CLEANUP 249 #define DROPBEAR_CLEANUP 1
270 250
271 /* Use this string since some implementations might special-case it */ 251 /* Use this string since some implementations might special-case it */
272 #define DROPBEAR_KEEPALIVE_STRING "[email protected]" 252 #define DROPBEAR_KEEPALIVE_STRING "[email protected]"
273 253
274 /* Linux will attempt TCP fast open, falling back if not supported by the kernel. 254 /* Linux will attempt TCP fast open, falling back if not supported by the kernel.
275 * Currently server is enabled but client is disabled by default until there 255 * Currently server is enabled but client is disabled by default until there
276 * is further compatibility testing */ 256 * is further compatibility testing */
277 #ifdef __linux__ 257 #ifdef __linux__
278 #define DROPBEAR_SERVER_TCP_FAST_OPEN 258 #define DROPBEAR_SERVER_TCP_FAST_OPEN 1
279 /* #define DROPBEAR_CLIENT_TCP_FAST_OPEN */ 259 #define DROPBEAR_CLIENT_TCP_FAST_OPEN 0
260 #else
261 #define DROPBEAR_SERVER_TCP_FAST_OPEN 0
262 #define DROPBEAR_CLIENT_TCP_FAST_OPEN 0
280 #endif 263 #endif
281 264
282 /* no include guard for this file */ 265 /* no include guard for this file */