ViewMTN: Diff from [75ed8083..] to [d815305b..]

The unified diff between revisions [75ed8083..] and [d815305b..] is displayed below. It can also be downloaded as a raw diff.
This diff has been restricted to the following files: 'options.h'
#
#
# patch "options.h"
#  from [4f331e42fbe00636bb01fb871ce8cbdf673852c8]
#    to [10960130a5d973ea77ade620de02bc4373ff9ad4]
#
============================================================
--- options.h	4f331e42fbe00636bb01fb871ce8cbdf673852c8
+++ options.h	10960130a5d973ea77ade620de02bc4373ff9ad4
@@ -96,9 +96,7 @@ etc) slower (perhaps by 50%). Recommende
  * if the random number source isn't good. In general this isn't required */
 /* #define DSS_PROTOK */

-/* Whether to do reverse DNS lookups. This is advisable, though will add
- * code size with gethostbyname() etc, so for very small environments where
- * you are statically linking, you might want to undefine this */
+/* Whether to do reverse DNS lookups. */
 #define DO_HOST_LOOKUP

 /* Whether to print the message of the day (MOTD). This doesn't add much code
@@ -113,13 +111,11 @@ etc) slower (perhaps by 50%). Recommende
 /* Authentication Types - at least one required.
    RFC Draft requires pubkey auth, and recommends password */

-/* PAM auth is quite simple, and only works for PAM modules which just do a
- * simple "Login: " "Password: " (or something like that - if your module is
- * similar but not quite like that, edit the strings in svr-authpam.c).
- * Basically, it's useful for systems like OS X where standard password crypts
- * don't work, but there's an interface via a PAM module. You'll need to
- * configure with --enable-pam as well, since it's off by default. And you
- * should only enable either PASSWORD _or_ PAM auth, not both. */
+/* Note: PAM auth is quite simple, and only works for PAM modules which just do
+ * a simple "Login: " "Password: " (you can edit the strings in svr-authpam.c).
+ * It's useful for systems like OS X where standard password crypts don't work,
+ * but there's an interface via a PAM module - don't bother using it otherwise.
+ * You can't enable both PASSWORD and PAM. */

 #define ENABLE_SVR_PASSWORD_AUTH
 /*#define ENABLE_SVR_PAM_AUTH*/
@@ -128,6 +124,13 @@ etc) slower (perhaps by 50%). Recommende
 #define ENABLE_CLI_PASSWORD_AUTH
 #define ENABLE_CLI_PUBKEY_AUTH

+/* Define this (as well as ENABLE_CLI_PASSWORD_AUTH) to allow the use of
+ * a helper program for the ssh client. The helper program should be
+ * specified in the SSH_ASKPASS environment variable, and dbclient
+ * should be run with DISPLAY set and no tty. The program should
+ * return the password on standard output */
+/*#define ENABLE_CLI_ASKPASS_HELPER*/
+
 /* Random device to use - define either DROPBEAR_RANDOM_DEV or
  * DROPBEAR_PRNGD_SOCKET.
  * DROPBEAR_RANDOM_DEV is recommended on hosts with a good /dev/(u)random,
@@ -138,7 +141,8 @@ etc) slower (perhaps by 50%). Recommende
 /* If you are lacking entropy on the system then using /dev/urandom
  * will prevent Dropbear from blocking on the device. This could
  * however significantly reduce the security of your ssh connections
- * if the PRNG state becomes simpler. */
+ * if the PRNG state becomes guessable - make sure you know what you are
+ * doing if you change this. */
 #define DROPBEAR_RANDOM_DEV "/dev/random"

 /* prngd must be manually set up to produce output */
@@ -185,7 +189,7 @@ etc) slower (perhaps by 50%). Recommende
  *******************************************************************/

 #ifndef DROPBEAR_VERSION
-#define DROPBEAR_VERSION "0.44"
+#define DROPBEAR_VERSION "0.45"
 #endif

 #define LOCAL_IDENT "SSH-2.0-dropbear_" DROPBEAR_VERSION
@@ -299,6 +303,8 @@ etc) slower (perhaps by 50%). Recommende
 #define DROPBEAR_MAX_SOCKS 2 /* IPv4, IPv6 are all we'll get for now. Revisit
 								in a few years time.... */

+#define DROPBEAR_MAX_CLI_PASS 1024
+
 #ifndef ENABLE_X11FWD
 #define DISABLE_X11FWD
 #endif