Mercurial > dropbear
comparison options.h @ 293:9d110777f345 contrib-blacklist
propagate from branch 'au.asn.ucc.matt.dropbear' (head 7ad1775ed65e75dbece27fe6b65bf1a234db386a)
to branch 'au.asn.ucc.matt.dropbear.contrib.blacklist' (head 1d86a4f0a401cc68c2670d821a2f6366c37af143)
| author | Matt Johnston <matt@ucc.asn.au> |
|---|---|
| date | Fri, 10 Mar 2006 06:31:29 +0000 |
| parents | c07de41b53d7 55a99934db87 |
| children |
comparison
equal
deleted
inserted
replaced
| 247:c07de41b53d7 | 293:9d110777f345 |
|---|---|
| 128 * a simple "Login: " "Password: " (you can edit the strings in svr-authpam.c). | 128 * a simple "Login: " "Password: " (you can edit the strings in svr-authpam.c). |
| 129 * It's useful for systems like OS X where standard password crypts don't work, | 129 * It's useful for systems like OS X where standard password crypts don't work, |
| 130 * but there's an interface via a PAM module - don't bother using it otherwise. | 130 * but there's an interface via a PAM module - don't bother using it otherwise. |
| 131 * You can't enable both PASSWORD and PAM. */ | 131 * You can't enable both PASSWORD and PAM. */ |
| 132 | 132 |
| 133 //#define ENABLE_SVR_PASSWORD_AUTH | 133 #define ENABLE_SVR_PASSWORD_AUTH |
| 134 #define ENABLE_SVR_PAM_AUTH | 134 /* #define ENABLE_SVR_PAM_AUTH */ /* requires ./configure --enable-pam */ |
| 135 #define ENABLE_SVR_PUBKEY_AUTH | 135 #define ENABLE_SVR_PUBKEY_AUTH |
| 136 | 136 |
| 137 #define ENABLE_CLI_PASSWORD_AUTH | 137 #define ENABLE_CLI_PASSWORD_AUTH |
| 138 #define ENABLE_CLI_PUBKEY_AUTH | 138 #define ENABLE_CLI_PUBKEY_AUTH |
| 139 #define ENABLE_CLI_INTERACT_AUTH | |
| 139 | 140 |
| 140 /* Define this (as well as ENABLE_CLI_PASSWORD_AUTH) to allow the use of | 141 /* Define this (as well as ENABLE_CLI_PASSWORD_AUTH) to allow the use of |
| 141 * a helper program for the ssh client. The helper program should be | 142 * a helper program for the ssh client. The helper program should be |
| 142 * specified in the SSH_ASKPASS environment variable, and dbclient | 143 * specified in the SSH_ASKPASS environment variable, and dbclient |
| 143 * should be run with DISPLAY set and no tty. The program should | 144 * should be run with DISPLAY set and no tty. The program should |
| 161 /* prngd must be manually set up to produce output */ | 162 /* prngd must be manually set up to produce output */ |
| 162 /*#define DROPBEAR_PRNGD_SOCKET "/var/run/dropbear-rng"*/ | 163 /*#define DROPBEAR_PRNGD_SOCKET "/var/run/dropbear-rng"*/ |
| 163 | 164 |
| 164 /* Specify the number of clients we will allow to be connected but | 165 /* Specify the number of clients we will allow to be connected but |
| 165 * not yet authenticated. After this limit, connections are rejected */ | 166 * not yet authenticated. After this limit, connections are rejected */ |
| 167 /* The first setting is per-IP, to avoid denial of service */ | |
| 168 #ifndef MAX_UNAUTH_PER_IP | |
| 169 #define MAX_UNAUTH_PER_IP 5 | |
| 170 #endif | |
| 171 | |
| 172 /* And then a global limit to avoid chewing memory if connections | |
| 173 * come from many IPs */ | |
| 166 #ifndef MAX_UNAUTH_CLIENTS | 174 #ifndef MAX_UNAUTH_CLIENTS |
| 167 #define MAX_UNAUTH_CLIENTS 30 | 175 #define MAX_UNAUTH_CLIENTS 30 |
| 168 #endif | 176 #endif |
| 169 | 177 |
| 170 /* Maximum number of failed authentication tries (server option) */ | 178 /* Maximum number of failed authentication tries (server option) */ |
| 200 /******************************************************************* | 208 /******************************************************************* |
| 201 * You shouldn't edit below here unless you know you need to. | 209 * You shouldn't edit below here unless you know you need to. |
| 202 *******************************************************************/ | 210 *******************************************************************/ |
| 203 | 211 |
| 204 #ifndef DROPBEAR_VERSION | 212 #ifndef DROPBEAR_VERSION |
| 205 #define DROPBEAR_VERSION "0.46" | 213 #define DROPBEAR_VERSION "0.48" |
| 206 #endif | 214 #endif |
| 207 | 215 |
| 208 #define LOCAL_IDENT "SSH-2.0-dropbear_" DROPBEAR_VERSION | 216 #define LOCAL_IDENT "SSH-2.0-dropbear_" DROPBEAR_VERSION |
| 209 #define PROGNAME "dropbear" | 217 #define PROGNAME "dropbear" |
| 210 | 218 |
| 244 | 252 |
| 245 #define DROPBEAR_MAX_PORTS 10 /* max number of ports which can be specified, | 253 #define DROPBEAR_MAX_PORTS 10 /* max number of ports which can be specified, |
| 246 ipv4 and ipv6 don't count twice */ | 254 ipv4 and ipv6 don't count twice */ |
| 247 | 255 |
| 248 #define _PATH_TTY "/dev/tty" | 256 #define _PATH_TTY "/dev/tty" |
| 257 | |
| 258 #define _PATH_CP "/bin/cp" | |
| 249 | 259 |
| 250 /* Timeouts in seconds */ | 260 /* Timeouts in seconds */ |
| 251 #define SELECT_TIMEOUT 20 | 261 #define SELECT_TIMEOUT 20 |
| 252 | 262 |
| 253 /* success/failure defines */ | 263 /* success/failure defines */ |
| 306 #define MAX_TRANS_WIN_INCR 500000000 /* overflow prevention */ | 316 #define MAX_TRANS_WIN_INCR 500000000 /* overflow prevention */ |
| 307 | 317 |
| 308 #define MAX_STRING_LEN 1400 /* ~= MAX_PROPOSED_ALGO * MAX_NAME_LEN, also | 318 #define MAX_STRING_LEN 1400 /* ~= MAX_PROPOSED_ALGO * MAX_NAME_LEN, also |
| 309 is the max length for a password etc */ | 319 is the max length for a password etc */ |
| 310 | 320 |
| 311 /* For a 4096 bit DSS key, empirically determined to be 1590 bytes */ | 321 /* For a 4096 bit DSS key, empirically determined */ |
| 312 #define MAX_PUBKEY_SIZE 1600 | 322 #define MAX_PUBKEY_SIZE 1700 |
| 313 /* For a 4096 bit DSS key, empirically determined to be 1590 bytes */ | 323 /* For a 4096 bit DSS key, empirically determined */ |
| 314 #define MAX_PRIVKEY_SIZE 1600 | 324 #define MAX_PRIVKEY_SIZE 1700 |
| 325 | |
| 326 /* The maximum size of the bignum portion of the kexhash buffer */ | |
| 327 /* Sect. 8 of the transport draft, K_S + e + f + K */ | |
| 328 #define KEXHASHBUF_MAX_INTS (1700 + 130 + 130 + 130) | |
| 315 | 329 |
| 316 #define DROPBEAR_MAX_SOCKS 2 /* IPv4, IPv6 are all we'll get for now. Revisit | 330 #define DROPBEAR_MAX_SOCKS 2 /* IPv4, IPv6 are all we'll get for now. Revisit |
| 317 in a few years time.... */ | 331 in a few years time.... */ |
| 318 | 332 |
| 319 #define DROPBEAR_MAX_CLI_PASS 1024 | 333 #define DROPBEAR_MAX_CLI_PASS 1024 |
| 334 | |
| 335 #define DROPBEAR_MAX_CLI_INTERACT_PROMPTS 80 /* The number of prompts we'll | |
| 336 accept for keyb-interactive | |
| 337 auth */ | |
| 320 | 338 |
| 321 #if defined(DROPBEAR_AES256_CBC) || defined(DROPBEAR_AES128_CBC) | 339 #if defined(DROPBEAR_AES256_CBC) || defined(DROPBEAR_AES128_CBC) |
| 322 #define DROPBEAR_AES_CBC | 340 #define DROPBEAR_AES_CBC |
| 323 #endif | 341 #endif |
| 324 | 342 |