Mercurial > dropbear

comparison sysoptions.h @ 499:f3ca5ebc319a

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Split options.h out into sysoptions.h for options that aren't usually user-changed
author Matt Johnston <matt@ucc.asn.au>
date Tue, 23 Sep 2008 16:02:51 +0000
parents
children d58c478bd399
comparison
equal deleted inserted replaced
498:3c0dc22bda20 499:f3ca5ebc319a
1 /*******************************************************************
2 * You shouldn't edit this file unless you know you need to.
3 * This file is only included from options.h
4 *******************************************************************/
5
6 #ifndef DROPBEAR_VERSION
7 #define DROPBEAR_VERSION "0.51"
8 #endif
9
10 #define LOCAL_IDENT "SSH-2.0-dropbear_" DROPBEAR_VERSION
11 #define PROGNAME "dropbear"
12
13 /* Spec recommends after one hour or 1 gigabyte of data. One hour
14 * is a bit too verbose, so we try 8 hours */
15 #ifndef KEX_REKEY_TIMEOUT
16 #define KEX_REKEY_TIMEOUT (3600 * 8)
17 #endif
18 #ifndef KEX_REKEY_DATA
19 #define KEX_REKEY_DATA (1<<30) /* 2^30 == 1GB, this value must be < INT_MAX */
20 #endif
21 /* Close connections to clients which haven't authorised after AUTH_TIMEOUT */
22 #ifndef AUTH_TIMEOUT
23 #define AUTH_TIMEOUT 300 /* we choose 5 minutes */
24 #endif
25
26 /* Minimum key sizes for DSS and RSA */
27 #ifndef MIN_DSS_KEYLEN
28 #define MIN_DSS_KEYLEN 512
29 #endif
30 #ifndef MIN_RSA_KEYLEN
31 #define MIN_RSA_KEYLEN 512
32 #endif
33
34 #define MAX_BANNER_SIZE 2000 /* this is 25*80 chars, any more is foolish */
35 #define MAX_BANNER_LINES 20 /* How many lines the client will display */
36
37 /* the number of NAME=VALUE pairs to malloc for environ, if we don't have
38 * the clearenv() function */
39 #define ENV_SIZE 100
40
41 #define MAX_CMD_LEN 1024 /* max length of a command */
42 #define MAX_TERM_LEN 200 /* max length of TERM name */
43
44 #define MAX_HOST_LEN 254 /* max hostname len for tcp fwding */
45 #define MAX_IP_LEN 15 /* strlen("255.255.255.255") == 15 */
46
47 #define DROPBEAR_MAX_PORTS 10 /* max number of ports which can be specified,
48 ipv4 and ipv6 don't count twice */
49
50 /* Each port might have at least a v4 and a v6 address */
51 #define MAX_LISTEN_ADDR (DROPBEAR_MAX_PORTS*3)
52
53 #define _PATH_TTY "/dev/tty"
54
55 #define _PATH_CP "/bin/cp"
56
57 /* success/failure defines */
58 #define DROPBEAR_SUCCESS 0
59 #define DROPBEAR_FAILURE -1
60
61 /* various algorithm identifiers */
62 #define DROPBEAR_KEX_DH_GROUP1 0
63
64 #define DROPBEAR_SIGNKEY_ANY 0
65 #define DROPBEAR_SIGNKEY_RSA 1
66 #define DROPBEAR_SIGNKEY_DSS 2
67 #define DROPBEAR_SIGNKEY_NONE 3
68
69 #define DROPBEAR_COMP_NONE 0
70 #define DROPBEAR_COMP_ZLIB 1
71
72 /* Required for pubkey auth */
73 #if defined(ENABLE_SVR_PUBKEY_AUTH) || defined(DROPBEAR_CLIENT)
74 #define DROPBEAR_SIGNKEY_VERIFY
75 #endif
76
77 /* SHA1 is 20 bytes == 160 bits */
78 #define SHA1_HASH_SIZE 20
79 /* SHA512 is 64 bytes == 512 bits */
80 #define SHA512_HASH_SIZE 64
81 /* MD5 is 16 bytes = 128 bits */
82 #define MD5_HASH_SIZE 16
83
84 /* largest of MD5 and SHA1 */
85 #define MAX_MAC_LEN SHA1_HASH_SIZE
86
87
88 #define MAX_KEY_LEN 32 /* 256 bits for aes256 etc */
89 #define MAX_IV_LEN 20 /* must be same as max blocksize,
90 and >= SHA1_HASH_SIZE */
91 #define MAX_MAC_KEY 20
92
93 #define MAX_NAME_LEN 64 /* maximum length of a protocol name, isn't
94 explicitly specified for all protocols (just
95 for algos) but seems valid */
96
97 #define MAX_PROPOSED_ALGO 20
98
99 /* size/count limits */
100 #define MIN_PACKET_LEN 16
101
102 #define RECV_MAX_PACKET_LEN (MAX(35000, ((RECV_MAX_PAYLOAD_LEN)+100)))
103
104 /* for channel code */
105 #define TRANS_MAX_WINDOW 500000000 /* 500MB is sufficient, stopping overflow */
106 #define TRANS_MAX_WIN_INCR 500000000 /* overflow prevention */
107
108 #define RECV_WINDOWEXTEND (opts.recv_window / 3) /* We send a "window extend" every
109 RECV_WINDOWEXTEND bytes */
110 #define MAX_RECV_WINDOW (1024*1024) /* 1 MB should be enough */
111
112 #define MAX_CHANNELS 100 /* simple mem restriction, includes each tcp/x11
113 connection, so can't be _too_ small */
114
115 #define MAX_STRING_LEN 1400 /* ~= MAX_PROPOSED_ALGO * MAX_NAME_LEN, also
116 is the max length for a password etc */
117
118 /* For a 4096 bit DSS key, empirically determined */
119 #define MAX_PUBKEY_SIZE 1700
120 /* For a 4096 bit DSS key, empirically determined */
121 #define MAX_PRIVKEY_SIZE 1700
122
123 /* The maximum size of the bignum portion of the kexhash buffer */
124 /* Sect. 8 of the transport draft, K_S + e + f + K */
125 #define KEXHASHBUF_MAX_INTS (1700 + 130 + 130 + 130)
126
127 #define DROPBEAR_MAX_SOCKS 2 /* IPv4, IPv6 are all we'll get for now. Revisit
128 in a few years time.... */
129
130 #define DROPBEAR_MAX_CLI_PASS 1024
131
132 #define DROPBEAR_MAX_CLI_INTERACT_PROMPTS 80 /* The number of prompts we'll
133 accept for keyb-interactive
134 auth */
135
136 #if defined(DROPBEAR_AES256_CBC) || defined(DROPBEAR_AES128_CBC)
137 #define DROPBEAR_AES_CBC
138 #endif
139
140 #if defined(DROPBEAR_TWOFISH256_CBC) || defined(DROPBEAR_TWOFISH128_CBC)
141 #define DROPBEAR_TWOFISH_CBC
142 #endif
143
144 #ifndef ENABLE_X11FWD
145 #define DISABLE_X11FWD
146 #endif
147
148 #ifndef ENABLE_AGENTFWD
149 #define DISABLE_AGENTFWD
150 #endif
151
152 #if defined(ENABLE_CLI_REMOTETCPFWD) || defined(ENABLE_CLI_LOCALTCPFWD)
153 #define ENABLE_CLI_ANYTCPFWD
154 #endif
155
156 #if defined(ENABLE_CLI_LOCALTCPFWD) || defined(ENABLE_SVR_REMOTETCPFWD)
157 #define DROPBEAR_TCP_ACCEPT
158 #endif
159
160 #if defined(ENABLE_CLI_REMOTETCPFWD) || defined(ENABLE_CLI_LOCALTCPFWD) || \
161 defined(ENABLE_SVR_REMOTETCPFWD) || defined(ENABLE_SVR_LOCALTCPFWD) || \
162 defined(ENABLE_AGENTFWD) || defined(ENABLE_X11FWD)
163 #define USING_LISTENERS
164 #endif
165
166 #if defined(ENABLE_CLI_NETCAT) && defined(ENABLE_CLI_PROXYCMD)
167 #define ENABLE_CLI_MULTIHOP
168 #endif
169
170 #if defined(DROPBEAR_CLIENT) || defined(ENABLE_SVR_PUBKEY_AUTH)
171 #define DROPBEAR_KEY_LINES /* ie we're using authorized_keys or known_hosts */
172 #endif
173
174 #if defined(ENABLE_SVR_PASSWORD_AUTH) && defined(ENABLE_SVR_PAM_AUTH)
175 #error "You can't turn on PASSWORD and PAM auth both at once. Fix it in options.h"
176 #endif
177
178 #if defined(DROPBEAR_RANDOM_DEV) && defined(DROPBEAR_PRNGD_SOCKET)
179 #error "You can't turn on DROPBEAR_PRNGD_SOCKET and DROPBEAR_RANDOM_DEV at once"
180 #endif
181
182 #if !defined(DROPBEAR_RANDOM_DEV) && !defined(DROPBEAR_PRNGD_SOCKET)
183 #error "You must choose one of DROPBEAR_PRNGD_SOCKET or DROPBEAR_RANDOM_DEV in options.h"
184 #endif
185
186 /* We use dropbear_client and dropbear_server as shortcuts to avoid redundant
187 * code, if we're just compiling as client or server */
188 #if defined(DROPBEAR_SERVER) && defined(DROPBEAR_CLIENT)
189
190 #define IS_DROPBEAR_SERVER (ses.isserver == 1)
191 #define IS_DROPBEAR_CLIENT (ses.isserver == 0)
192
193 #elif defined(DROPBEAR_SERVER)
194
195 #define IS_DROPBEAR_SERVER 1
196 #define IS_DROPBEAR_CLIENT 0
197
198 #elif defined(DROPBEAR_CLIENT)
199
200 #define IS_DROPBEAR_SERVER 0
201 #define IS_DROPBEAR_CLIENT 1
202
203 #else
204 #error You must compiled with either DROPBEAR_CLIENT or DROPBEAR_SERVER selected
205 #endif