add --without-ssh1 option to configure

Allows disabling support for SSH protocol 1.

5 files changed, 33 insertions, 2 deletions

diff --git a/auth-rh-rsa.c b/auth-rh-rsa.c
index b7fd064e7..2e20396ea 100644
--- a/auth-rh-rsa.c
+++ b/auth-rh-rsa.c
@@ -15,6 +15,8 @@
 
 #include "includes.h"
 
+#ifdef WITH_SSH1
+
 #include <sys/types.h>
 
 #include <pwd.h>
@@ -102,3 +104,5 @@ auth_rhosts_rsa(Authctxt *authctxt, char *cuser, Key *client_host_key)
         packet_send_debug("Rhosts with RSA host authentication accepted.");
         return 1;
 }
+
+#endif /* WITH_SSH1 */
diff --git a/auth-rsa.c b/auth-rsa.c
index ff7a13221..422c196cf 100644
--- a/auth-rsa.c
+++ b/auth-rsa.c
@@ -16,6 +16,8 @@
 
 #include "includes.h"
 
+#ifdef WITH_SSH1
+
 #include <sys/types.h>
 #include <sys/stat.h>
 
@@ -342,3 +344,5 @@ auth_rsa(Authctxt *authctxt, BIGNUM *client_n)
         packet_send_debug("RSA authentication accepted.");
         return (1);
 }
+
+#endif /* WITH_SSH1 */
diff --git a/auth1.c b/auth1.c
index 50388285c..5073c49bb 100644
--- a/auth1.c
+++ b/auth1.c
@@ -12,6 +12,8 @@
 
 #include "includes.h"
 
+#ifdef WITH_SSH1
+
 #include <sys/types.h>
 
 #include <stdarg.h>
@@ -438,3 +440,5 @@ do_authentication(Authctxt *authctxt)
         packet_send();
         packet_write_wait();
 }
+
+#endif /* WITH_SSH1 */
diff --git a/configure.ac b/configure.ac
index 5f5905b36..13e25e98f 100644
--- a/configure.ac
+++ b/configure.ac
@@ -121,6 +121,22 @@ AC_CHECK_DECL([PR_SET_NO_NEW_PRIVS], [have_linux_no_new_privs=1], , [
         #include <linux/prctl.h>
 ])
 
+ssh1=yes
+AC_ARG_WITH([ssh1],
+        [  --without-ssh1          Disable support for SSH protocol 1],
+        [  if test "x$withval" = "xno" ; then
+                ssh1=no
+           fi
+        ]
+)
+AC_MSG_CHECKING([whether SSH protocol 1 support is enabled])
+if test "x$ssh1" = "xyes" ; then
+        AC_MSG_RESULT([yes])
+        AC_DEFINE_UNQUOTED([WITH_SSH1], [1], [include SSH protocol version 1 support])
+else
+        AC_MSG_RESULT([no])
+fi
+
 use_stack_protector=1
 use_toolchain_hardening=1
 AC_ARG_WITH([stackprotect],
@@ -1523,7 +1539,7 @@ AC_ARG_WITH([audit],
 )
 
 AC_ARG_WITH([pie],
-    [  --with-pie           Build Position Independent Executables if possible], [
+    [  --with-pie              Build Position Independent Executables if possible], [
         if test "x$withval" = "xno"; then
                 use_pie=no
         fi
@@ -2314,7 +2330,6 @@ AC_RUN_IFELSE(
 
 # XXX make --without-openssl work
 AC_DEFINE_UNQUOTED([WITH_OPENSSL], [1], [use libcrypto for cryptography])
-AC_DEFINE_UNQUOTED([WITH_SSH1], [1], [include SSH protocol version 1 support])
 
 AC_ARG_WITH([openssl-header-check],
         [  --without-openssl-header-check Disable OpenSSL version consistency check],
diff --git a/sshconnect1.c b/sshconnect1.c
index dd12a3af2..08589f5ee 100644
--- a/sshconnect1.c
+++ b/sshconnect1.c
@@ -15,6 +15,8 @@
 
 #include "includes.h"
 
+#ifdef WITH_SSH1
+
 #include <sys/types.h>
 #include <sys/socket.h>
 
@@ -755,3 +757,5 @@ ssh_userauth1(const char *local_user, const char *server_user, char *host,
  success:
         return; /* need statement after label */
 }
+
+#endif /* WITH_SSH1 */