Mercurial > dropbear
comparison sysoptions.h @ 1546:bb8eaa26bc93 fuzz
merge from main
| author | Matt Johnston <matt@ucc.asn.au> |
|---|---|
| date | Mon, 26 Feb 2018 22:44:48 +0800 |
| parents | 6a83b1944432 |
| children | 1c66ca4f3791 |
comparison
equal
deleted
inserted
replaced
| 1530:63fa53d3b6c7 | 1546:bb8eaa26bc93 |
|---|---|
| 21 /* Close connections to clients which haven't authorised after AUTH_TIMEOUT */ | 21 /* Close connections to clients which haven't authorised after AUTH_TIMEOUT */ |
| 22 #ifndef AUTH_TIMEOUT | 22 #ifndef AUTH_TIMEOUT |
| 23 #define AUTH_TIMEOUT 300 /* we choose 5 minutes */ | 23 #define AUTH_TIMEOUT 300 /* we choose 5 minutes */ |
| 24 #endif | 24 #endif |
| 25 | 25 |
| 26 #define DROPBEAR_SVR_PUBKEY_OPTIONS_BUILT ((DROPBEAR_SVR_PUBKEY_AUTH) && (DROPBEAR_SVR_PUBKEY_OPTIONS)) | 26 #define DROPBEAR_SVR_PUBKEY_OPTIONS_BUILT ((DROPBEAR_SVR_PUBKEY_AUTH) && (DROPBEAR_SVR_PUBKEY_OPTIONS)) |
| 27 | |
| 28 #if !(NON_INETD_MODE || INETD_MODE) | |
| 29 #error "NON_INETD_MODE or INETD_MODE (or both) must be enabled." | |
| 30 #endif | |
| 27 | 31 |
| 28 /* A client should try and send an initial key exchange packet guessing | 32 /* A client should try and send an initial key exchange packet guessing |
| 29 * the algorithm that will match - saves a round trip connecting, has little | 33 * the algorithm that will match - saves a round trip connecting, has little |
| 30 * overhead if the guess was "wrong". */ | 34 * overhead if the guess was "wrong". */ |
| 31 #ifndef DROPBEAR_KEX_FIRST_FOLLOWS | 35 #ifndef DROPBEAR_KEX_FIRST_FOLLOWS |
| 75 #define DROPBEAR_SUCCESS 0 | 79 #define DROPBEAR_SUCCESS 0 |
| 76 #define DROPBEAR_FAILURE -1 | 80 #define DROPBEAR_FAILURE -1 |
| 77 | 81 |
| 78 #define DROPBEAR_PASSWORD_ENV "DROPBEAR_PASSWORD" | 82 #define DROPBEAR_PASSWORD_ENV "DROPBEAR_PASSWORD" |
| 79 | 83 |
| 84 #define DROPBEAR_NGROUP_MAX 1024 | |
| 85 | |
| 80 /* Required for pubkey auth */ | 86 /* Required for pubkey auth */ |
| 81 #define DROPBEAR_SIGNKEY_VERIFY ((DROPBEAR_SVR_PUBKEY_AUTH) || (DROPBEAR_CLIENT)) | 87 #define DROPBEAR_SIGNKEY_VERIFY ((DROPBEAR_SVR_PUBKEY_AUTH) || (DROPBEAR_CLIENT)) |
| 82 | 88 |
| 83 #define SHA1_HASH_SIZE 20 | 89 #define SHA1_HASH_SIZE 20 |
| 84 #define MD5_HASH_SIZE 16 | 90 #define MD5_HASH_SIZE 16 |
| 91 #define MAX_MAC_LEN 64 | 97 #define MAX_MAC_LEN 64 |
| 92 #elif DROPBEAR_SHA2_256_HMAC | 98 #elif DROPBEAR_SHA2_256_HMAC |
| 93 #define MAX_MAC_LEN 32 | 99 #define MAX_MAC_LEN 32 |
| 94 #else | 100 #else |
| 95 #define MAX_MAC_LEN 20 | 101 #define MAX_MAC_LEN 20 |
| 102 #endif | |
| 103 | |
| 104 /* sha2-512 is not necessary unless unforseen problems arise with sha2-256 */ | |
| 105 #ifndef DROPBEAR_SHA2_512_HMAC | |
| 106 #define DROPBEAR_SHA2_512_HMAC 0 | |
| 107 #endif | |
| 108 | |
| 109 /* might be needed for compatibility with very old implementations */ | |
| 110 #ifndef DROPBEAR_MD5_HMAC | |
| 111 #define DROPBEAR_MD5_HMAC 0 | |
| 112 #endif | |
| 113 | |
| 114 /* Twofish counter mode is disabled by default because it | |
| 115 has not been tested for interoperability with other SSH implementations. | |
| 116 If you test it please contact the Dropbear author */ | |
| 117 #ifndef DROPBEAR_TWOFISH_CTR | |
| 118 #define DROPBEAR_TWOFISH_CTR 0 | |
| 96 #endif | 119 #endif |
| 97 | 120 |
| 98 | 121 |
| 99 #define DROPBEAR_ECC ((DROPBEAR_ECDH) || (DROPBEAR_ECDSA)) | 122 #define DROPBEAR_ECC ((DROPBEAR_ECDH) || (DROPBEAR_ECDSA)) |
| 100 | 123 |
| 203 | 226 |
| 204 #if (DROPBEAR_SVR_PASSWORD_AUTH) && (DROPBEAR_SVR_PAM_AUTH) | 227 #if (DROPBEAR_SVR_PASSWORD_AUTH) && (DROPBEAR_SVR_PAM_AUTH) |
| 205 #error "You can't turn on PASSWORD and PAM auth both at once. Fix it in options.h" | 228 #error "You can't turn on PASSWORD and PAM auth both at once. Fix it in options.h" |
| 206 #endif | 229 #endif |
| 207 | 230 |
| 231 /* PAM requires ./configure --enable-pam */ | |
| 232 #if !defined(HAVE_LIBPAM) && DROPBEAR_SVR_PAM_AUTH | |
| 233 #error "DROPBEAR_SVR_PATM_AUTH requires PAM headers. Perhaps ./configure --enable-pam ?" | |
| 234 #endif | |
| 235 | |
| 236 #if DROPBEAR_SVR_PASSWORD_AUTH && !HAVE_CRYPT | |
| 237 #error "DROPBEAR_SVR_PASSWORD_AUTH requires `crypt()'." | |
| 238 #endif | |
| 239 | |
| 240 #if !(DROPBEAR_SVR_PASSWORD_AUTH || DROPBEAR_SVR_PAM_AUTH || DROPBEAR_SVR_PUBKEY_AUTH) | |
| 241 #error "At least one server authentication type must be enabled. DROPBEAR_SVR_PUBKEY_AUTH and DROPBEAR_SVR_PASSWORD_AUTH are recommended." | |
| 242 #endif | |
| 243 | |
| 244 | |
| 245 #if !(DROPBEAR_AES128 || DROPBEAR_3DES || DROPBEAR_AES256 || DROPBEAR_BLOWFISH \ | |
| 246 || DROPBEAR_TWOFISH256 || DROPBEAR_TWOFISH128) | |
| 247 #error "At least one encryption algorithm must be enabled. AES128 is recommended." | |
| 248 #endif | |
| 249 | |
| 250 #if !(DROPBEAR_RSA || DROPBEAR_DSS || DROPBEAR_ECDSA) | |
| 251 #error "At least one hostkey or public-key algorithm must be enabled; RSA is recommended." | |
| 252 #endif | |
| 253 | |
| 254 /* Source for randomness. This must be able to provide hundreds of bytes per SSH | |
| 255 * connection without blocking. */ | |
| 256 #ifndef DROPBEAR_URANDOM_DEV | |
| 257 #define DROPBEAR_URANDOM_DEV "/dev/urandom" | |
| 258 #endif | |
| 259 | |
| 260 /* client keyboard interactive authentication is often used for password auth. | |
| 261 rfc4256 */ | |
| 262 #define DROPBEAR_CLI_INTERACT_AUTH (DROPBEAR_CLI_PASSWORD_AUTH) | |
| 263 | |
| 208 /* We use dropbear_client and dropbear_server as shortcuts to avoid redundant | 264 /* We use dropbear_client and dropbear_server as shortcuts to avoid redundant |
| 209 * code, if we're just compiling as client or server */ | 265 * code, if we're just compiling as client or server */ |
| 210 #if (DROPBEAR_SERVER) && (DROPBEAR_CLIENT) | 266 #if (DROPBEAR_SERVER) && (DROPBEAR_CLIENT) |
| 211 | 267 |
| 212 #define IS_DROPBEAR_SERVER (ses.isserver == 1) | 268 #define IS_DROPBEAR_SERVER (ses.isserver == 1) |