sysoptions.h

   1 /*******************************************************************
   2  * You shouldn't edit this file unless you know you need to.
   3  * This file is only included from options.h
   4  *******************************************************************/
   5
   6 #ifndef DROPBEAR_VERSION
   7 #define DROPBEAR_VERSION "0.52"
   8 #endif
   9
  10 #define LOCAL_IDENT "SSH-2.0-dropbear_" DROPBEAR_VERSION
  11 #define PROGNAME "dropbear"
  12
  13 /* Spec recommends after one hour or 1 gigabyte of data. One hour
  14  * is a bit too verbose, so we try 8 hours */
  15 #ifndef KEX_REKEY_TIMEOUT
  16 #define KEX_REKEY_TIMEOUT (3600 * 8)
  17 #endif
  18 #ifndef KEX_REKEY_DATA
  19 #define KEX_REKEY_DATA (1<<30) /* 2^30 == 1GB, this value must be < INT_MAX */
  20 #endif
  21 /* Close connections to clients which haven't authorised after AUTH_TIMEOUT */
  22 #ifndef AUTH_TIMEOUT
  23 #define AUTH_TIMEOUT 300 /* we choose 5 minutes */
  24 #endif
  25
  26 /* Minimum key sizes for DSS and RSA */
  27 #ifndef MIN_DSS_KEYLEN
  28 #define MIN_DSS_KEYLEN 512
  29 #endif
  30 #ifndef MIN_RSA_KEYLEN
  31 #define MIN_RSA_KEYLEN 512
  32 #endif
  33
  34 #define MAX_BANNER_SIZE 2000 /* this is 25*80 chars, any more is foolish */
  35 #define MAX_BANNER_LINES 20 /* How many lines the client will display */
  36
  37 /* the number of NAME=VALUE pairs to malloc for environ, if we don't have
  38  * the clearenv() function */
  39 #define ENV_SIZE 100
  40
  41 #define MAX_CMD_LEN 1024 /* max length of a command */
  42 #define MAX_TERM_LEN 200 /* max length of TERM name */
  43
  44 #define MAX_HOST_LEN 254 /* max hostname len for tcp fwding */
  45 #define MAX_IP_LEN 15 /* strlen("255.255.255.255") == 15 */
  46
  47 #define DROPBEAR_MAX_PORTS 10 /* max number of ports which can be specified,
  48                                                                  ipv4 and ipv6 don't count twice */
  49
  50 /* Each port might have at least a v4 and a v6 address */
  51 #define MAX_LISTEN_ADDR (DROPBEAR_MAX_PORTS*3)
  52
  53 #define _PATH_TTY "/dev/tty"
  54
  55 #define _PATH_CP "/bin/cp"
  56
  57 /* success/failure defines */
  58 #define DROPBEAR_SUCCESS 0
  59 #define DROPBEAR_FAILURE -1
  60
  61 /* various algorithm identifiers */
  62 #define DROPBEAR_KEX_DH_GROUP1 0
  63
  64 #define DROPBEAR_SIGNKEY_ANY 0
  65 #define DROPBEAR_SIGNKEY_RSA 1
  66 #define DROPBEAR_SIGNKEY_DSS 2
  67 #define DROPBEAR_SIGNKEY_NONE 3
  68
  69 #define DROPBEAR_COMP_NONE 0
  70 #define DROPBEAR_COMP_ZLIB 1
  71 #define DROPBEAR_COMP_ZLIB_DELAY 2
  72
  73 /* Required for pubkey auth */
  74 #if defined(ENABLE_SVR_PUBKEY_AUTH) || defined(DROPBEAR_CLIENT)
  75 #define DROPBEAR_SIGNKEY_VERIFY
  76 #endif
  77
  78 /* SHA1 is 20 bytes == 160 bits */
  79 #define SHA1_HASH_SIZE 20
  80 /* SHA512 is 64 bytes == 512 bits */
  81 #define SHA512_HASH_SIZE 64
  82 /* MD5 is 16 bytes = 128 bits */
  83 #define MD5_HASH_SIZE 16
  84
  85 /* largest of MD5 and SHA1 */
  86 #define MAX_MAC_LEN SHA1_HASH_SIZE
  87
  88
  89 #define MAX_KEY_LEN 32 /* 256 bits for aes256 etc */
  90 #define MAX_IV_LEN 20 /* must be same as max blocksize,
  91                                                  and >= SHA1_HASH_SIZE */
  92 #define MAX_MAC_KEY 20
  93
  94 #define MAX_NAME_LEN 64 /* maximum length of a protocol name, isn't
  95                                                    explicitly specified for all protocols (just
  96                                                    for algos) but seems valid */
  97
  98 #define MAX_PROPOSED_ALGO 20
  99
 100 /* size/count limits */
 101 #define MIN_PACKET_LEN 16
 102
 103 #define RECV_MAX_PACKET_LEN (MAX(35000, ((RECV_MAX_PAYLOAD_LEN)+100)))
 104
 105 /* for channel code */
 106 #define TRANS_MAX_WINDOW 500000000 /* 500MB is sufficient, stopping overflow */
 107 #define TRANS_MAX_WIN_INCR 500000000 /* overflow prevention */
 108
 109 #define RECV_WINDOWEXTEND (opts.recv_window / 3) /* We send a "window extend" every
 110                                                                 RECV_WINDOWEXTEND bytes */
 111 #define MAX_RECV_WINDOW (1024*1024) /* 1 MB should be enough */
 112
 113 #define MAX_CHANNELS 100 /* simple mem restriction, includes each tcp/x11
 114                                                         connection, so can't be _too_ small */
 115
 116 #define MAX_STRING_LEN 1400 /* ~= MAX_PROPOSED_ALGO * MAX_NAME_LEN, also
 117                                                            is the max length for a password etc */
 118
 119 /* For a 4096 bit DSS key, empirically determined */
 120 #define MAX_PUBKEY_SIZE 1700
 121 /* For a 4096 bit DSS key, empirically determined */
 122 #define MAX_PRIVKEY_SIZE 1700
 123
 124 /* The maximum size of the bignum portion of the kexhash buffer */
 125 /* Sect. 8 of the transport draft, K_S + e + f + K */
 126 #define KEXHASHBUF_MAX_INTS (1700 + 130 + 130 + 130)
 127
 128 #define DROPBEAR_MAX_SOCKS 2 /* IPv4, IPv6 are all we'll get for now. Revisit
 129                                                                 in a few years time.... */
 130
 131 #define DROPBEAR_MAX_CLI_PASS 1024
 132
 133 #define DROPBEAR_MAX_CLI_INTERACT_PROMPTS 80 /* The number of prompts we'll
 134                                                                                                 accept for keyb-interactive
 135                                                                                                 auth */
 136
 137 #if defined(DROPBEAR_AES256) || defined(DROPBEAR_AES128)
 138 #define DROPBEAR_AES
 139 #endif
 140
 141 #if defined(DROPBEAR_TWOFISH256) || defined(DROPBEAR_TWOFISH128)
 142 #define DROPBEAR_TWOFISH
 143 #endif
 144
 145 #ifndef ENABLE_X11FWD
 146 #define DISABLE_X11FWD
 147 #endif
 148
 149 #if defined(ENABLE_CLI_REMOTETCPFWD) || defined(ENABLE_CLI_LOCALTCPFWD)
 150 #define ENABLE_CLI_ANYTCPFWD
 151 #endif
 152
 153 #if defined(ENABLE_CLI_LOCALTCPFWD) || defined(ENABLE_SVR_REMOTETCPFWD)
 154 #define DROPBEAR_TCP_ACCEPT
 155 #endif
 156
 157 #if defined(ENABLE_CLI_REMOTETCPFWD) || defined(ENABLE_CLI_LOCALTCPFWD) || \
 158         defined(ENABLE_SVR_REMOTETCPFWD) || defined(ENABLE_SVR_LOCALTCPFWD) || \
 159         defined(ENABLE_SVR_AGENTFWD) || defined(ENABLE_X11FWD)
 160 #define USING_LISTENERS
 161 #endif
 162
 163 #if defined(ENABLE_CLI_NETCAT) && defined(ENABLE_CLI_PROXYCMD)
 164 #define ENABLE_CLI_MULTIHOP
 165 #endif
 166
 167 #if defined(ENABLE_CLI_AGENTFWD) || defined(DROPBEAR_PRNGD_SOCKET)
 168 #define ENABLE_CONNECT_UNIX
 169 #endif
 170
 171 #if defined(DROPBEAR_CLIENT) || defined(ENABLE_SVR_PUBKEY_AUTH)
 172 #define DROPBEAR_KEY_LINES /* ie we're using authorized_keys or known_hosts */
 173 #endif
 174
 175 #if defined(ENABLE_SVR_PASSWORD_AUTH) && defined(ENABLE_SVR_PAM_AUTH)
 176 #error "You can't turn on PASSWORD and PAM auth both at once. Fix it in options.h"
 177 #endif
 178
 179 #if defined(DROPBEAR_RANDOM_DEV) && defined(DROPBEAR_PRNGD_SOCKET)
 180 #error "You can't turn on DROPBEAR_PRNGD_SOCKET and DROPBEAR_RANDOM_DEV at once"
 181 #endif
 182
 183 #if !defined(DROPBEAR_RANDOM_DEV) && !defined(DROPBEAR_PRNGD_SOCKET)
 184 #error "You must choose one of DROPBEAR_PRNGD_SOCKET or DROPBEAR_RANDOM_DEV in options.h"
 185 #endif
 186
 187 /* We use dropbear_client and dropbear_server as shortcuts to avoid redundant
 188  * code, if we're just compiling as client or server */
 189 #if defined(DROPBEAR_SERVER) && defined(DROPBEAR_CLIENT)
 190
 191 #define IS_DROPBEAR_SERVER (ses.isserver == 1)
 192 #define IS_DROPBEAR_CLIENT (ses.isserver == 0)
 193
 194 #elif defined(DROPBEAR_SERVER)
 195
 196 #define IS_DROPBEAR_SERVER 1
 197 #define IS_DROPBEAR_CLIENT 0
 198
 199 #elif defined(DROPBEAR_CLIENT)
 200
 201 #define IS_DROPBEAR_SERVER 0
 202 #define IS_DROPBEAR_CLIENT 1
 203
 204 #else
 205 /* Just building key utils? */
 206 #define IS_DROPBEAR_SERVER 0
 207 #define IS_DROPBEAR_CLIENT 0
 208
 209 #endif