comparison options.h @ 293:9d110777f345 contrib-blacklist

propagate from branch 'au.asn.ucc.matt.dropbear' (head 7ad1775ed65e75dbece27fe6b65bf1a234db386a) to branch 'au.asn.ucc.matt.dropbear.contrib.blacklist' (head 1d86a4f0a401cc68c2670d821a2f6366c37af143)
author Matt Johnston <matt@ucc.asn.au>
date Fri, 10 Mar 2006 06:31:29 +0000
parents c07de41b53d7 55a99934db87
children
comparison
equal deleted inserted replaced
247:c07de41b53d7 293:9d110777f345
128 * a simple "Login: " "Password: " (you can edit the strings in svr-authpam.c). 128 * a simple "Login: " "Password: " (you can edit the strings in svr-authpam.c).
129 * It's useful for systems like OS X where standard password crypts don't work, 129 * It's useful for systems like OS X where standard password crypts don't work,
130 * but there's an interface via a PAM module - don't bother using it otherwise. 130 * but there's an interface via a PAM module - don't bother using it otherwise.
131 * You can't enable both PASSWORD and PAM. */ 131 * You can't enable both PASSWORD and PAM. */
132 132
133 //#define ENABLE_SVR_PASSWORD_AUTH 133 #define ENABLE_SVR_PASSWORD_AUTH
134 #define ENABLE_SVR_PAM_AUTH 134 /* #define ENABLE_SVR_PAM_AUTH */ /* requires ./configure --enable-pam */
135 #define ENABLE_SVR_PUBKEY_AUTH 135 #define ENABLE_SVR_PUBKEY_AUTH
136 136
137 #define ENABLE_CLI_PASSWORD_AUTH 137 #define ENABLE_CLI_PASSWORD_AUTH
138 #define ENABLE_CLI_PUBKEY_AUTH 138 #define ENABLE_CLI_PUBKEY_AUTH
139 #define ENABLE_CLI_INTERACT_AUTH
139 140
140 /* Define this (as well as ENABLE_CLI_PASSWORD_AUTH) to allow the use of 141 /* Define this (as well as ENABLE_CLI_PASSWORD_AUTH) to allow the use of
141 * a helper program for the ssh client. The helper program should be 142 * a helper program for the ssh client. The helper program should be
142 * specified in the SSH_ASKPASS environment variable, and dbclient 143 * specified in the SSH_ASKPASS environment variable, and dbclient
143 * should be run with DISPLAY set and no tty. The program should 144 * should be run with DISPLAY set and no tty. The program should
161 /* prngd must be manually set up to produce output */ 162 /* prngd must be manually set up to produce output */
162 /*#define DROPBEAR_PRNGD_SOCKET "/var/run/dropbear-rng"*/ 163 /*#define DROPBEAR_PRNGD_SOCKET "/var/run/dropbear-rng"*/
163 164
164 /* Specify the number of clients we will allow to be connected but 165 /* Specify the number of clients we will allow to be connected but
165 * not yet authenticated. After this limit, connections are rejected */ 166 * not yet authenticated. After this limit, connections are rejected */
167 /* The first setting is per-IP, to avoid denial of service */
168 #ifndef MAX_UNAUTH_PER_IP
169 #define MAX_UNAUTH_PER_IP 5
170 #endif
171
172 /* And then a global limit to avoid chewing memory if connections
173 * come from many IPs */
166 #ifndef MAX_UNAUTH_CLIENTS 174 #ifndef MAX_UNAUTH_CLIENTS
167 #define MAX_UNAUTH_CLIENTS 30 175 #define MAX_UNAUTH_CLIENTS 30
168 #endif 176 #endif
169 177
170 /* Maximum number of failed authentication tries (server option) */ 178 /* Maximum number of failed authentication tries (server option) */
200 /******************************************************************* 208 /*******************************************************************
201 * You shouldn't edit below here unless you know you need to. 209 * You shouldn't edit below here unless you know you need to.
202 *******************************************************************/ 210 *******************************************************************/
203 211
204 #ifndef DROPBEAR_VERSION 212 #ifndef DROPBEAR_VERSION
205 #define DROPBEAR_VERSION "0.46" 213 #define DROPBEAR_VERSION "0.48"
206 #endif 214 #endif
207 215
208 #define LOCAL_IDENT "SSH-2.0-dropbear_" DROPBEAR_VERSION 216 #define LOCAL_IDENT "SSH-2.0-dropbear_" DROPBEAR_VERSION
209 #define PROGNAME "dropbear" 217 #define PROGNAME "dropbear"
210 218
244 252
245 #define DROPBEAR_MAX_PORTS 10 /* max number of ports which can be specified, 253 #define DROPBEAR_MAX_PORTS 10 /* max number of ports which can be specified,
246 ipv4 and ipv6 don't count twice */ 254 ipv4 and ipv6 don't count twice */
247 255
248 #define _PATH_TTY "/dev/tty" 256 #define _PATH_TTY "/dev/tty"
257
258 #define _PATH_CP "/bin/cp"
249 259
250 /* Timeouts in seconds */ 260 /* Timeouts in seconds */
251 #define SELECT_TIMEOUT 20 261 #define SELECT_TIMEOUT 20
252 262
253 /* success/failure defines */ 263 /* success/failure defines */
306 #define MAX_TRANS_WIN_INCR 500000000 /* overflow prevention */ 316 #define MAX_TRANS_WIN_INCR 500000000 /* overflow prevention */
307 317
308 #define MAX_STRING_LEN 1400 /* ~= MAX_PROPOSED_ALGO * MAX_NAME_LEN, also 318 #define MAX_STRING_LEN 1400 /* ~= MAX_PROPOSED_ALGO * MAX_NAME_LEN, also
309 is the max length for a password etc */ 319 is the max length for a password etc */
310 320
311 /* For a 4096 bit DSS key, empirically determined to be 1590 bytes */ 321 /* For a 4096 bit DSS key, empirically determined */
312 #define MAX_PUBKEY_SIZE 1600 322 #define MAX_PUBKEY_SIZE 1700
313 /* For a 4096 bit DSS key, empirically determined to be 1590 bytes */ 323 /* For a 4096 bit DSS key, empirically determined */
314 #define MAX_PRIVKEY_SIZE 1600 324 #define MAX_PRIVKEY_SIZE 1700
325
326 /* The maximum size of the bignum portion of the kexhash buffer */
327 /* Sect. 8 of the transport draft, K_S + e + f + K */
328 #define KEXHASHBUF_MAX_INTS (1700 + 130 + 130 + 130)
315 329
316 #define DROPBEAR_MAX_SOCKS 2 /* IPv4, IPv6 are all we'll get for now. Revisit 330 #define DROPBEAR_MAX_SOCKS 2 /* IPv4, IPv6 are all we'll get for now. Revisit
317 in a few years time.... */ 331 in a few years time.... */
318 332
319 #define DROPBEAR_MAX_CLI_PASS 1024 333 #define DROPBEAR_MAX_CLI_PASS 1024
334
335 #define DROPBEAR_MAX_CLI_INTERACT_PROMPTS 80 /* The number of prompts we'll
336 accept for keyb-interactive
337 auth */
320 338
321 #if defined(DROPBEAR_AES256_CBC) || defined(DROPBEAR_AES128_CBC) 339 #if defined(DROPBEAR_AES256_CBC) || defined(DROPBEAR_AES128_CBC)
322 #define DROPBEAR_AES_CBC 340 #define DROPBEAR_AES_CBC
323 #endif 341 #endif
324 342