From 76c0480a85675f03a1376167cb686abed01a3583 Mon Sep 17 00:00:00 2001
From: Damien Miller <djm@mindrot.org>
Date: Tue, 13 Jan 2015 19:38:18 +1100
Subject: add --without-ssh1 option to configure

Allows disabling support for SSH protocol 1.
---
 auth-rh-rsa.c |  4 ++++
 auth-rsa.c    |  4 ++++
 auth1.c       |  4 ++++
 configure.ac  | 19 +++++++++++++++++--
 sshconnect1.c |  4 ++++
 5 files changed, 33 insertions(+), 2 deletions(-)

diff --git a/auth-rh-rsa.c b/auth-rh-rsa.c
index b7fd064e7..2e20396ea 100644
--- a/auth-rh-rsa.c
+++ b/auth-rh-rsa.c
@@ -15,6 +15,8 @@
 
 #include "includes.h"
 
+#ifdef WITH_SSH1
+
 #include <sys/types.h>
 
 #include <pwd.h>
@@ -102,3 +104,5 @@ auth_rhosts_rsa(Authctxt *authctxt, char *cuser, Key *client_host_key)
 	packet_send_debug("Rhosts with RSA host authentication accepted.");
 	return 1;
 }
+
+#endif /* WITH_SSH1 */
diff --git a/auth-rsa.c b/auth-rsa.c
index ff7a13221..422c196cf 100644
--- a/auth-rsa.c
+++ b/auth-rsa.c
@@ -16,6 +16,8 @@
 
 #include "includes.h"
 
+#ifdef WITH_SSH1
+
 #include <sys/types.h>
 #include <sys/stat.h>
 
@@ -342,3 +344,5 @@ auth_rsa(Authctxt *authctxt, BIGNUM *client_n)
 	packet_send_debug("RSA authentication accepted.");
 	return (1);
 }
+
+#endif /* WITH_SSH1 */
diff --git a/auth1.c b/auth1.c
index 50388285c..5073c49bb 100644
--- a/auth1.c
+++ b/auth1.c
@@ -12,6 +12,8 @@
 
 #include "includes.h"
 
+#ifdef WITH_SSH1
+
 #include <sys/types.h>
 
 #include <stdarg.h>
@@ -438,3 +440,5 @@ do_authentication(Authctxt *authctxt)
 	packet_send();
 	packet_write_wait();
 }
+
+#endif /* WITH_SSH1 */
diff --git a/configure.ac b/configure.ac
index 5f5905b36..13e25e98f 100644
--- a/configure.ac
+++ b/configure.ac
@@ -121,6 +121,22 @@ AC_CHECK_DECL([PR_SET_NO_NEW_PRIVS], [have_linux_no_new_privs=1], , [
 	#include <linux/prctl.h>
 ])
 
+ssh1=yes
+AC_ARG_WITH([ssh1],
+	[  --without-ssh1          Disable support for SSH protocol 1],
+	[  if test "x$withval" = "xno" ; then
+		ssh1=no
+	   fi
+	]
+)
+AC_MSG_CHECKING([whether SSH protocol 1 support is enabled])
+if test "x$ssh1" = "xyes" ; then
+	AC_MSG_RESULT([yes])
+	AC_DEFINE_UNQUOTED([WITH_SSH1], [1], [include SSH protocol version 1 support])
+else
+	AC_MSG_RESULT([no])
+fi
+
 use_stack_protector=1
 use_toolchain_hardening=1
 AC_ARG_WITH([stackprotect],
@@ -1523,7 +1539,7 @@ AC_ARG_WITH([audit],
 )
 
 AC_ARG_WITH([pie],
-    [  --with-pie           Build Position Independent Executables if possible], [
+    [  --with-pie              Build Position Independent Executables if possible], [
 	if test "x$withval" = "xno"; then
 		use_pie=no
 	fi
@@ -2314,7 +2330,6 @@ AC_RUN_IFELSE(
 
 # XXX make --without-openssl work
 AC_DEFINE_UNQUOTED([WITH_OPENSSL], [1], [use libcrypto for cryptography])
-AC_DEFINE_UNQUOTED([WITH_SSH1], [1], [include SSH protocol version 1 support])
 
 AC_ARG_WITH([openssl-header-check],
 	[  --without-openssl-header-check Disable OpenSSL version consistency check],
diff --git a/sshconnect1.c b/sshconnect1.c
index dd12a3af2..08589f5ee 100644
--- a/sshconnect1.c
+++ b/sshconnect1.c
@@ -15,6 +15,8 @@
 
 #include "includes.h"
 
+#ifdef WITH_SSH1
+
 #include <sys/types.h>
 #include <sys/socket.h>
 
@@ -755,3 +757,5 @@ ssh_userauth1(const char *local_user, const char *server_user, char *host,
  success:
 	return;	/* need statement after label */
 }
+
+#endif /* WITH_SSH1 */
-- 
cgit v1.2.3