diff options
| author | Matt Johnston <matt@ucc.asn.au> | 2018-01-23 22:46:07 +0800 |
|---|---|---|
| committer | Matt Johnston <matt@ucc.asn.au> | 2018-01-23 22:46:07 +0800 |
| commit | 597f7eb5e921c70545d3f45e2b5e0b19867573e0 (patch) | |
| tree | 5172646de5e5d4c9de17f85cbe24c7db3f165756 | |
| parent | 5cd003d9e6d36fcca0ef40f12b8c8e4e540c58c7 (diff) | |
| parent | ba23b823dcec4203dcee59204f0a7dac1a390d96 (diff) | |
merge up to date
--HG--
branch : fuzz
| -rw-r--r-- | INSTALL | 6 | ||||
| -rw-r--r-- | Makefile.in | 20 | ||||
| -rw-r--r-- | configure.ac | 81 | ||||
| -rw-r--r-- | dbutil.c | 2 | ||||
| -rw-r--r-- | default_options.h | 12 | ||||
| -rw-r--r-- | default_options.h.in | 10 | ||||
| -rw-r--r-- | dropbear.8 | 3 | ||||
| -rw-r--r-- | dropbearkey.c | 5 | ||||
| -rw-r--r-- | gensignkey.c | 21 | ||||
| -rw-r--r-- | gensignkey.h | 1 | ||||
| -rw-r--r-- | libtomcrypt/Makefile.in | 3 | ||||
| -rw-r--r-- | libtommath/Makefile.in | 5 | ||||
| -rw-r--r-- | options.h | 2 | ||||
| -rw-r--r-- | runopts.h | 1 | ||||
| -rw-r--r-- | svr-auth.c | 2 | ||||
| -rw-r--r-- | svr-authpubkey.c | 10 | ||||
| -rw-r--r-- | svr-runopts.c | 17 | ||||
| -rw-r--r-- | sysoptions.h | 2 |
18 files changed, 134 insertions, 69 deletions
@@ -22,7 +22,11 @@ recompiling - bad things will happen otherwise) See MULTI for instructions on making all-in-one binaries. -If you want to compile statically, add "STATIC=1" to the make command-line. +If you want to compile statically use ./configure --enable-static + +By default Dropbear adds various build flags that improve robustness +against programming bugs (good for security) - if these cause problems +they can be disabled with ./configure --disable-harden Binaries can be stripped with "make strip" diff --git a/Makefile.in b/Makefile.in index 0ed124d..1d0a858 100644 --- a/Makefile.in +++ b/Makefile.in @@ -2,12 +2,11 @@ # @configure_input@ # invocation: -# make PROGRAMS="dropbear dbclient scp" MULTI=1 STATIC=1 SCPPROGRESS=1 +# make PROGRAMS="dropbear dbclient scp" MULTI=1 SCPPROGRESS=1 # -# to make a multiple-program statically linked binary "staticdropbearmulti". +# to make a multiple-program binary "dropbearmulti". # This example will include dropbear, scp, dropbearkey, dropbearconvert, and # dbclient functionality, and includes the progress-bar functionality in scp. -# Hopefully that seems intuitive. ifndef PROGRAMS PROGRAMS=dropbear dbclient dropbearkey dropbearconvert @@ -35,7 +34,7 @@ COMMONOBJS=dbutil.o buffer.o dbhelpers.o \ atomicio.o compat.o fake-rfc2553.o \ ltc_prng.o ecc.o ecdsa.o crypto_desc.o \ dbmalloc.o \ - gensignkey.o gendss.o genrsa.o + gensignkey.o gendss.o genrsa.o SVROBJS=svr-kex.o svr-auth.o sshpty.o \ svr-authpasswd.o svr-authpubkey.o svr-authpubkeyoptions.o svr-session.o svr-service.o \ @@ -99,6 +98,8 @@ LDFLAGS=@LDFLAGS@ EXEEXT=@EXEEXT@ +STATIC=@STATIC@ + # whether we're building client, server, or both for the common objects. # evilness so we detect 'dropbear' by itself as a word space:= $(empty) $(empty) @@ -120,7 +121,7 @@ ifeq ($(STATIC), 1) endif ifeq ($(MULTI), 1) - TARGETS=dropbearmulti + TARGETS=dropbearmulti$(EXEEXT) else TARGETS=$(PROGRAMS) endif @@ -137,14 +138,14 @@ strip: $(TARGETS) install: $(addprefix inst_, $(TARGETS)) -insmultidropbear: dropbearmulti +insmultidropbear: dropbearmulti$(EXEEXT) $(INSTALL) -d $(DESTDIR)$(sbindir) -rm -f $(DESTDIR)$(sbindir)/dropbear$(EXEEXT) -ln -s $(bindir)/dropbearmulti$(EXEEXT) $(DESTDIR)$(sbindir)/dropbear$(EXEEXT) $(INSTALL) -d $(DESTDIR)$(mandir)/man8 $(INSTALL) -m 644 $(srcdir)/dropbear.8 $(DESTDIR)$(mandir)/man8/dropbear.8 -insmulti%: dropbearmulti +insmulti%: dropbearmulti$(EXEEXT) $(INSTALL) -d $(DESTDIR)$(bindir) -rm -f $(DESTDIR)$(bindir)/$*$(EXEEXT) -ln -s $(bindir)/dropbearmulti$(EXEEXT) $(DESTDIR)$(bindir)/$*$(EXEEXT) @@ -224,8 +225,9 @@ sizes: dropbear clean: ltc-clean ltm-clean thisclean thisclean: - -rm -f dropbear dbclient dropbearkey dropbearconvert scp scp-progress \ - dropbearmulti *.o *.da *.bb *.bbg *.prof + -rm -f dropbear$(EXEEXT) dbclient$(EXEEXT) dropbearkey$(EXEEXT) \ + dropbearconvert$(EXEEXT) scp$(EXEEXT) scp-progress$(EXEEXT) \ + dropbearmulti$(EXEEXT) *.o *.da *.bb *.bbg *.prof distclean: clean tidy -rm -f config.h diff --git a/configure.ac b/configure.ac index ba7e8dd..9fce477 100644 --- a/configure.ac +++ b/configure.ac @@ -33,9 +33,20 @@ AC_COMPILE_IFELSE([AC_LANG_PROGRAM([])], [AC_MSG_RESULT(no); CFLAGS="$OLDCFLAGS" ] ) +STATIC=0 +AC_ARG_ENABLE(static, + [ --enable-static Build static binaries], + [ + if test "x$enableval" = "xyes"; then + STATIC=1 + AC_MSG_NOTICE(Static Build) + fi + ], []) +AC_SUBST(STATIC) + hardenbuild=1 AC_ARG_ENABLE(harden, - [ --disable-harden Don't set hardened build flags], + [ --disable-harden Don't set hardened build flags], [ if test "x$enableval" = "xno"; then hardenbuild=0 @@ -45,37 +56,40 @@ AC_ARG_ENABLE(harden, if test "$hardenbuild" -eq 1; then AC_MSG_NOTICE(Checking for available hardened build flags:) - # pie - OLDCFLAGS="$CFLAGS" - TESTFLAGS="-fPIE" - CFLAGS="$CFLAGS $TESTFLAGS" - AC_COMPILE_IFELSE([AC_LANG_PROGRAM([])], - [AC_MSG_NOTICE([Setting $TESTFLAGS])], - [AC_MSG_NOTICE([Not setting $TESTFLAGS]); CFLAGS="$OLDCFLAGS" ] - ) - OLDLDFLAGS="$LDFLAGS" - TESTFLAGS="-Wl,-pie" - LDFLAGS="$LDFLAGS $TESTFLAGS" - AC_LINK_IFELSE([AC_LANG_PROGRAM([])], - [AC_MSG_NOTICE([Setting $TESTFLAGS])], - [ - LDFLAGS="$OLDLDFLAGS" - TESTFLAGS="-pie" - LDFLAGS="$LDFLAGS $TESTFLAGS" - AC_LINK_IFELSE([AC_LANG_PROGRAM([])], - [AC_MSG_NOTICE([Setting $TESTFLAGS])], - [AC_MSG_NOTICE([Not setting $TESTFLAGS]); LDFLAGS="$OLDLDFLAGS" ] - ) - ] - ) - # readonly elf relocation sections (relro) - OLDLDFLAGS="$LDFLAGS" - TESTFLAGS="-Wl,-z,now -Wl,-z,relro" - LDFLAGS="$LDFLAGS $TESTFLAGS" - AC_LINK_IFELSE([AC_LANG_PROGRAM([])], - [AC_MSG_NOTICE([Setting $TESTFLAGS])], - [AC_MSG_NOTICE([Not setting $TESTFLAGS]); LDFLAGS="$OLDLDFLAGS" ] - ) + # relocation flags don't make sense for static builds + if test "$STATIC" -ne 1; then + # pie + OLDCFLAGS="$CFLAGS" + TESTFLAGS="-fPIE" + CFLAGS="$CFLAGS $TESTFLAGS" + AC_COMPILE_IFELSE([AC_LANG_PROGRAM([])], + [AC_MSG_NOTICE([Setting $TESTFLAGS])], + [AC_MSG_NOTICE([Not setting $TESTFLAGS]); CFLAGS="$OLDCFLAGS" ] + ) + OLDLDFLAGS="$LDFLAGS" + TESTFLAGS="-Wl,-pie" + LDFLAGS="$LDFLAGS $TESTFLAGS" + AC_LINK_IFELSE([AC_LANG_PROGRAM([])], + [AC_MSG_NOTICE([Setting $TESTFLAGS])], + [ + LDFLAGS="$OLDLDFLAGS" + TESTFLAGS="-pie" + LDFLAGS="$LDFLAGS $TESTFLAGS" + AC_LINK_IFELSE([AC_LANG_PROGRAM([])], + [AC_MSG_NOTICE([Setting $TESTFLAGS])], + [AC_MSG_NOTICE([Not setting $TESTFLAGS]); LDFLAGS="$OLDLDFLAGS" ] + ) + ] + ) + # readonly elf relocation sections (relro) + OLDLDFLAGS="$LDFLAGS" + TESTFLAGS="-Wl,-z,now -Wl,-z,relro" + LDFLAGS="$LDFLAGS $TESTFLAGS" + AC_LINK_IFELSE([AC_LANG_PROGRAM([])], + [AC_MSG_NOTICE([Setting $TESTFLAGS])], + [AC_MSG_NOTICE([Not setting $TESTFLAGS]); LDFLAGS="$OLDLDFLAGS" ] + ) + fi # non-static # stack protector. -strong is good but only in gcc 4.9 or later OLDCFLAGS="$CFLAGS" TESTFLAGS="-fstack-protector-strong" @@ -230,7 +244,7 @@ AC_ARG_WITH(pam, AC_ARG_ENABLE(pam, - [ --enable-pam Try to include PAM support], + [ --enable-pam Try to include PAM support], [ if test "x$enableval" = "xyes"; then AC_CHECK_LIB(pam, pam_authenticate, , AC_MSG_ERROR([*** PAM missing - install first or check config.log ***])) @@ -827,6 +841,7 @@ AS_MKDIR_P(libtomcrypt/src/modes/ecb) AS_MKDIR_P(libtomcrypt/src/modes/ofb) AS_MKDIR_P(libtomcrypt/src/modes/f8) AS_MKDIR_P(libtomcrypt/src/modes/lrw) +AS_MKDIR_P(libtomcrypt/src/modes/xts) AS_MKDIR_P(libtomcrypt/src/pk/asn1/der/bit) AS_MKDIR_P(libtomcrypt/src/pk/asn1/der/boolean) AS_MKDIR_P(libtomcrypt/src/pk/asn1/der/choice) @@ -514,7 +514,7 @@ out: void m_close(int fd) { int val; - if (fd == -1) { + if (fd < 0) { return; } diff --git a/default_options.h b/default_options.h index e59c338..039d785 100644 --- a/default_options.h +++ b/default_options.h @@ -10,7 +10,7 @@ Local customisation should be added to localoptions.h which is used if it exists. Options defined there will override any options in this file (#ifndef guards added by ifndef_wrapper.sh). -Options can also be defined with -DDROPBEAR_XXX Makefile CFLAGS +Options can also be defined with -DDROPBEAR_XXX in Makefile CFLAGS IMPORTANT: Many options will require "make clean" after changes */ @@ -198,6 +198,13 @@ If you test it please contact the Dropbear author */ #define DROPBEAR_ECDSA 1 #endif +/* RSA must be >=1024 */ +#ifndef DROPBEAR_DEFAULT_RSA_SIZE +#define DROPBEAR_DEFAULT_RSA_SIZE 2048 +#endif +/* DSS is always 1024 */ +/* ECDSA defaults to largest size configured, usually 521 */ + /* Add runtime flag "-R" to generate hostkeys as-needed when the first connection using that key type occurs. This avoids the need to otherwise run "dropbearkey" and avoids some problems @@ -373,7 +380,8 @@ Homedir is prepended unless path begins with / */ #define MAX_UNAUTH_CLIENTS 30 #endif -/* Maximum number of failed authentication tries (server option) */ +/* Default maximum number of failed authentication tries (server option) */ +/* -T runtime option overrides */ #ifndef MAX_AUTH_TRIES #define MAX_AUTH_TRIES 10 #endif diff --git a/default_options.h.in b/default_options.h.in index e81eaae..c44fb97 100644 --- a/default_options.h.in +++ b/default_options.h.in @@ -10,7 +10,7 @@ Local customisation should be added to localoptions.h which is used if it exists. Options defined there will override any options in this file (#ifndef guards added by ifndef_wrapper.sh). -Options can also be defined with -DDROPBEAR_XXX Makefile CFLAGS +Options can also be defined with -DDROPBEAR_XXX in Makefile CFLAGS IMPORTANT: Many options will require "make clean" after changes */ @@ -130,6 +130,11 @@ If you test it please contact the Dropbear author */ * on x86-64 */ #define DROPBEAR_ECDSA 1 +/* RSA must be >=1024 */ +#define DROPBEAR_DEFAULT_RSA_SIZE 2048 +/* DSS is always 1024 */ +/* ECDSA defaults to largest size configured, usually 521 */ + /* Add runtime flag "-R" to generate hostkeys as-needed when the first connection using that key type occurs. This avoids the need to otherwise run "dropbearkey" and avoids some problems @@ -253,7 +258,8 @@ Homedir is prepended unless path begins with / */ * come from many IPs */ #define MAX_UNAUTH_CLIENTS 30 -/* Maximum number of failed authentication tries (server option) */ +/* Default maximum number of failed authentication tries (server option) */ +/* -T server option overrides */ #define MAX_AUTH_TRIES 10 /* The default file to store the daemon's process ID, for shutdown @@ -91,6 +91,9 @@ if 0 disables keepalives. If no response is received for 3 consecutive keepalive .B \-I \fIidle_timeout Disconnect the session if no traffic is transmitted or received for \fIidle_timeout\fR seconds. .TP +.B \-T \fImax_authentication_attempts +Set the number of authentication attempts allowed per connection. If unspecified the default is 10 (MAX_AUTH_TRIES) +.TP .B \-c \fIforced_command Disregard the command provided by the user and always run \fIforced_command\fR. This also overrides any authorized_keys command= option. diff --git a/dropbearkey.c b/dropbearkey.c index 5cb12ef..316d27e 100644 --- a/dropbearkey.c +++ b/dropbearkey.c @@ -139,7 +139,7 @@ int main(int argc, char ** argv) { enum signkey_type keytype = DROPBEAR_SIGNKEY_NONE; char * typetext = NULL; char * sizetext = NULL; - unsigned int bits = 0; + unsigned int bits = 0, genbits; int printpub = 0; crypto_init(); @@ -240,7 +240,8 @@ int main(int argc, char ** argv) { check_signkey_bits(keytype, bits);; } - fprintf(stderr, "Generating key, this may take a while...\n"); + genbits = signkey_generate_get_bits(keytype, bits); + fprintf(stderr, "Generating %d bit %s key, this may take a while...\n", genbits, typetext); if (signkey_generate(keytype, bits, filename, 0) == DROPBEAR_FAILURE) { dropbear_exit("Failed to generate key.\n"); diff --git a/gensignkey.c b/gensignkey.c index 4691de0..8317fea 100644 --- a/gensignkey.c +++ b/gensignkey.c @@ -7,9 +7,6 @@ #include "signkey.h" #include "dbrandom.h" -#define RSA_DEFAULT_SIZE 2048 -#define DSS_DEFAULT_SIZE 1024 - /* Returns DROPBEAR_SUCCESS or DROPBEAR_FAILURE */ static int buf_writefile(buffer * buf, const char * filename) { int ret = DROPBEAR_FAILURE; @@ -55,11 +52,12 @@ static int get_default_bits(enum signkey_type keytype) switch (keytype) { #if DROPBEAR_RSA case DROPBEAR_SIGNKEY_RSA: - return RSA_DEFAULT_SIZE; + return DROPBEAR_DEFAULT_RSA_SIZE; #endif #if DROPBEAR_DSS case DROPBEAR_SIGNKEY_DSS: - return DSS_DEFAULT_SIZE; + /* DSS for SSH only defines 1024 bits */ + return 1024; #endif #if DROPBEAR_ECDSA case DROPBEAR_SIGNKEY_ECDSA_KEYGEN: @@ -76,6 +74,14 @@ static int get_default_bits(enum signkey_type keytype) } } +int signkey_generate_get_bits(enum signkey_type keytype, int bits) { + if (bits == 0) + { + bits = get_default_bits(keytype); + } + return bits; +} + /* if skip_exist is set it will silently return if the key file exists */ int signkey_generate(enum signkey_type keytype, int bits, const char* filename, int skip_exist) { @@ -83,10 +89,7 @@ int signkey_generate(enum signkey_type keytype, int bits, const char* filename, buffer *buf = NULL; char *fn_temp = NULL; int ret = DROPBEAR_FAILURE; - if (bits == 0) - { - bits = get_default_bits(keytype); - } + bits = signkey_generate_get_bits(keytype, bits); /* now we can generate the key */ key = new_sign_key(); diff --git a/gensignkey.h b/gensignkey.h index 1cba8d3..73b9c3c 100644 --- a/gensignkey.h +++ b/gensignkey.h @@ -4,5 +4,6 @@ #include "signkey.h" int signkey_generate(enum signkey_type type, int bits, const char* filename, int skip_exist); +int signkey_generate_get_bits(enum signkey_type keytype, int bits); #endif diff --git a/libtomcrypt/Makefile.in b/libtomcrypt/Makefile.in index d9b3668..1c45186 100644 --- a/libtomcrypt/Makefile.in +++ b/libtomcrypt/Makefile.in @@ -9,7 +9,8 @@ VERSION=1.17 PLATFORM := $(shell uname | sed -e 's/_.*//') -srcdir=. +VPATH=@srcdir@ +srcdir=@srcdir@ # Compiler and Linker Names #CC=gcc diff --git a/libtommath/Makefile.in b/libtommath/Makefile.in index dbcd2a0..d2e78fc 100644 --- a/libtommath/Makefile.in +++ b/libtommath/Makefile.in @@ -2,7 +2,8 @@ # #Tom St Denis -srcdir=. +VPATH=@srcdir@ +srcdir=@srcdir@ # So that libtommath can include Dropbear headers for options and m_burn() CFLAGS += -I$(srcdir) -I../libtomcrypt/src/headers/ -I$(srcdir)/../libtomcrypt/src/headers/ -I../ -I$(srcdir)/../ @@ -26,8 +27,6 @@ endif coverage: LIBNAME:=-Wl,--whole-archive $(LIBNAME) -Wl,--no-whole-archive -include makefile.include - LCOV_ARGS=--directory . #START_INS @@ -2,6 +2,8 @@ #define DROPBEAR_OPTIONS_H /* + > > > Don't edit this file any more! < < < + Local compile-time configuration should be defined in localoptions.h See default_options.h.in for a description of the available options. */ @@ -96,6 +96,7 @@ typedef struct svr_runopts { int noauthpass; int norootpass; int allowblankpass; + unsigned int maxauthtries; #if DROPBEAR_SVR_REMOTETCPFWD int noremotetcp; @@ -368,7 +368,7 @@ void send_msg_userauth_failure(int partial, int incrfail) { ses.authstate.failcount++; } - if (ses.authstate.failcount >= MAX_AUTH_TRIES) { + if (ses.authstate.failcount >= svr_opts.maxauthtries) { char * userstr; /* XXX - send disconnect ? */ TRACE(("Max auth tries reached, exiting")) diff --git a/svr-authpubkey.c b/svr-authpubkey.c index fbee63f..1c8b088 100644 --- a/svr-authpubkey.c +++ b/svr-authpubkey.c @@ -196,7 +196,7 @@ static int checkpubkey_line(buffer* line, int line_num, char* filename, int ret = DROPBEAR_FAILURE; if (line->len < MIN_AUTHKEYS_LINE || line->len > MAX_AUTHKEYS_LINE) { - TRACE(("checkpubkey: bad line length %d", line->len)) + TRACE(("checkpubkey_line: bad line length %d", line->len)) return DROPBEAR_FAILURE; } @@ -261,7 +261,7 @@ static int checkpubkey_line(buffer* line, int line_num, char* filename, /* check for space (' ') character */ if (buf_getbyte(line) != ' ') { - TRACE(("checkpubkey: space character expected, isn't there")) + TRACE(("checkpubkey_line: space character expected, isn't there")) goto out; } @@ -273,7 +273,7 @@ static int checkpubkey_line(buffer* line, int line_num, char* filename, buf_setpos(line, pos); buf_setlen(line, line->pos + len); - TRACE(("checkpubkey: line pos = %d len = %d", line->pos, line->len)) + TRACE(("checkpubkey_line: line pos = %d len = %d", line->pos, line->len)) ret = cmp_base64_key(keyblob, keybloblen, (const unsigned char *) algo, algolen, line, NULL); @@ -361,8 +361,8 @@ static int checkpubkey(char* algo, unsigned int algolen, } line_num++; - if (checkpubkey_line(line, line_num, filename, - algo, algolen, keyblob, keybloblen) == DROPBEAR_SUCCESS) { + ret = checkpubkey_line(line, line_num, filename, algo, algolen, keyblob, keybloblen); + if (ret == DROPBEAR_SUCCESS) { break; } diff --git a/svr-runopts.c b/svr-runopts.c index 93058f7..ed485e0 100644 --- a/svr-runopts.c +++ b/svr-runopts.c @@ -73,6 +73,7 @@ static void printhelp(const char * progname) { "-g Disable password logins for root\n" "-B Allow blank password logins\n" #endif + "-T Maximum authentication tries (default %d)\n" #if DROPBEAR_SVR_LOCALTCPFWD "-j Disable local port forwarding\n" #endif @@ -107,6 +108,7 @@ static void printhelp(const char * progname) { #if DROPBEAR_ECDSA ECDSA_PRIV_FILENAME, #endif + MAX_AUTH_TRIES, DROPBEAR_MAX_PORTS, DROPBEAR_DEFPORT, DROPBEAR_PIDFILE, DEFAULT_RECV_WINDOW, DEFAULT_KEEPALIVE, DEFAULT_IDLE_TIMEOUT); } @@ -119,6 +121,7 @@ void svr_getopts(int argc, char ** argv) { char* recv_window_arg = NULL; char* keepalive_arg = NULL; char* idle_timeout_arg = NULL; + char* maxauthtries_arg = NULL; char* keyfile = NULL; char c; @@ -132,6 +135,7 @@ void svr_getopts(int argc, char ** argv) { svr_opts.noauthpass = 0; svr_opts.norootpass = 0; svr_opts.allowblankpass = 0; + svr_opts.maxauthtries = MAX_AUTH_TRIES; svr_opts.inetdmode = 0; svr_opts.portcount = 0; svr_opts.hostkey = NULL; @@ -235,6 +239,9 @@ void svr_getopts(int argc, char ** argv) { case 'I': next = &idle_timeout_arg; break; + case 'T': + next = &maxauthtries_arg; + break; #if DROPBEAR_SVR_PASSWORD_AUTH || DROPBEAR_SVR_PAM_AUTH case 's': svr_opts.noauthpass = 1; @@ -331,6 +338,16 @@ void svr_getopts(int argc, char ** argv) { dropbear_exit("Bad recv window '%s'", recv_window_arg); } } + + if (maxauthtries_arg) { + unsigned int val = 0; + if (m_str_to_uint(maxauthtries_arg, &val) == DROPBEAR_FAILURE + || val == 0) { + dropbear_exit("Bad maxauthtries '%s'", maxauthtries_arg); + } + svr_opts.maxauthtries = val; + } + if (keepalive_arg) { unsigned int val; diff --git a/sysoptions.h b/sysoptions.h index 63e5515..64b149e 100644 --- a/sysoptions.h +++ b/sysoptions.h @@ -235,11 +235,13 @@ #define DROPBEAR_VFORK 1 #endif +#ifndef DROPBEAR_LISTEN_BACKLOG #if MAX_UNAUTH_CLIENTS > MAX_CHANNELS #define DROPBEAR_LISTEN_BACKLOG MAX_UNAUTH_CLIENTS #else #define DROPBEAR_LISTEN_BACKLOG MAX_CHANNELS #endif +#endif #ifndef DROPBEAR_NONE_CIPHER #define DROPBEAR_NONE_CIPHER 0 |