Windows: Remove High Security Integrated Logon

High security mode for integrated logon never was high security.
It use was deprecated in the 1.5 series and it has no use at all
in the afs redirector world.  Remove it.

FIXES: 21702

Change-Id: I019b4fecc430517d29195e79e39529a782c88073
Reviewed-on: http://gerrit.openafs.org/7285
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Tested-by: Jeffrey Altman <jaltman@secure-endpoints.com>
Reviewed-by: Jeffrey Altman <jaltman@secure-endpoints.com>

diff --git a/doc/xml/ReleaseNotesWindows/relnotes.xml b/doc/xml/ReleaseNotesWindows/relnotes.xml
index 93de7556eb4a6ed406dadb2bbd148652faeb39cd..04aa503a6a26779e6c71926175a3e6e68b758b6e 100644 (file)
--- a/doc/xml/ReleaseNotesWindows/relnotes.xml
+++ b/doc/xml/ReleaseNotesWindows/relnotes.xml
@@ -4669,16 +4669,8 @@ NSIS: %WINDIR%\SYSTEM32\afslogon.dll</para>
                 <simplelist type="vert">
                   <member>0x00 - Integrated Logon is not used </member>
                   <member> 0x01 - Integrated Logon is used </member>
-                  <member> 0x02 - High Security Mode is used (deprecated) </member>
-                  <member> 0x03 - Integrated Logon with High Security Mode is used (deprecated)
-                  </member>
                 </simplelist>
               </para>
-              <para>High Security Mode generates random SMB names for the creation of Drive
-                Mappings. This mode should not be used without Integrated Logon.</para>
-              <para>As of 1.3.65 the SMB server supports SMB authentication. The High Security Mode
-                should not be used when using SMB authentication (SMBAuthType setting is non
-                zero).</para>
             </section>
             <section>
               <title id="Domain_Specific_Regkeys_FailLoginsSilently">Value:

diff --git a/src/WINNT/afsd/afslogon.c b/src/WINNT/afsd/afslogon.c
index 38f74997d5f05a42181d53455046c96e78f59ea1..571dd78ed5492613e9f13cd5f2c0e5c0bf03178b 100644 (file)
--- a/src/WINNT/afsd/afslogon.c
+++ b/src/WINNT/afsd/afslogon.c
@@ -476,13 +476,7 @@ GetDomainLogonOptions( PLUID lpLogonId, char * username, char * domain, LogonOpt
     }
 
     /* come up with SMB username */
-    if(ISHIGHSECURITY(opt->LogonOption)) {
-        DebugEvent0("High Security Mode active");
-        opt->smbName = malloc( MAXRANDOMNAMELEN );
-        if (opt->smbName == NULL)
-            goto cleanup;
-        GenRandomName(opt->smbName);
-    } else if (lpLogonId) {
+    if (lpLogonId) {
         /* username and domain for logon session is not necessarily the same as
            username and domain passed into network provider. */
         PSECURITY_LOGON_SESSION_DATA plsd=NULL;
@@ -568,14 +562,7 @@ GetDomainLogonOptions( PLUID lpLogonId, char * username, char * domain, LogonOpt
             hkTemp = hkDoms;
             DebugEvent0("Located logon script in hkDoms");
         }
-        /* Note that the LogonScript in the NP key is only used if we are doing high security. */
-        else if(hkNp && ISHIGHSECURITY(opt->LogonOption)) {
-            rv = RegQueryValueExW(hkNp, REG_CLIENT_LOGON_SCRIPT_PARMW, 0, &dwType, NULL, &dwSize);
-            if(rv == ERROR_SUCCESS && !hkTemp && (dwType == REG_SZ || dwType == REG_EXPAND_SZ)) {
-                hkTemp = hkNp;
-                DebugEvent0("Located logon script in hkNp");
-            }
-        }
+        /* Note that the LogonScript in the NP key not used. */
     }
 
     if(hkTemp) {

diff --git a/src/WINNT/afsd/afslogon.h b/src/WINNT/afsd/afslogon.h
index bbac07d0a784b5230eb91e30a3ab0d3c0a72268f..ff3f48ac45f9eb7bcf34350e61b5e1be0f515ce3 100644 (file)
--- a/src/WINNT/afsd/afslogon.h
+++ b/src/WINNT/afsd/afslogon.h
@@ -58,7 +58,6 @@ SOFTWARE.
 #define ISLOGONTRACE(v) ( ((v) & TRACE_OPTION_EVENT)==TRACE_OPTION_EVENT)
 
 #define ISLOGONINTEGRATED(v) ( ((v) & LOGON_OPTION_INTEGRATED)==LOGON_OPTION_INTEGRATED)
-#define ISHIGHSECURITY(v) ( ((v) & LOGON_OPTION_HIGHSECURITY)==LOGON_OPTION_HIGHSECURITY)
 
 #define ISREMOTE(v) ( ((v) & LOGON_FLAG_REMOTE)==LOGON_FLAG_REMOTE)
 #define ISADREALM(v) ( ((v) & LOGON_FLAG_AD_REALM)==LOGON_FLAG_AD_REALM)

diff --git a/src/WINNT/client_config/drivemap.cpp b/src/WINNT/client_config/drivemap.cpp
index 1769d5d5b7ed045fb9fe0f082ebec3a60610855d..9e1a7da38e9477c2a2f27abc688b16943e2b9d3c 100644 (file)
--- a/src/WINNT/client_config/drivemap.cpp
+++ b/src/WINNT/client_config/drivemap.cpp
@@ -1149,8 +1149,6 @@ BOOL TestAndDoMapShare(DWORD dwState)
        return TRUE;
     }
     dwOldState=SERVICE_RUNNING;
-    if (RWLogonOption(TRUE,LOGON_OPTION_HIGHSECURITY))
-       return (DoMapShare() && GlobalMountDrive());
     return GlobalMountDrive();
 }
 
@@ -1175,9 +1173,7 @@ BOOL IsServiceActive()
 
 void TestAndDoUnMapShare()
 {
-    if (!RWLogonOption(TRUE,LOGON_OPTION_HIGHSECURITY))
-       return;
-    DoUnMapShare(FALSE);
+    return;
 }
 
 void DoUnMapShare(BOOL drivemap)       //disconnect drivemap
@@ -1287,16 +1283,7 @@ BOOL DoMapShareChange(BOOL removeUnknown)
     DWORD cbUser=MAXRANDOMNAMELEN-1;
     CHAR szUser[MAXRANDOMNAMELEN];
     CHAR * pUser = NULL;
-    if (WNetGetUser(szPath,(LPSTR)szUser,&cbUser)!=NO_ERROR) {
-        if (RWLogonOption(TRUE,LOGON_OPTION_HIGHSECURITY)) {
-            if (!pUserName[0]) {
-                GenRandomName(szUser,MAXRANDOMNAMELEN-1);
-                pUser = szUser;
-            } else {
-                pUser = pUserName;
-            }
-        }
-    } else {
+    if (WNetGetUser(szPath,(LPSTR)szUser,&cbUser)==NO_ERROR) {
        if ((pUser=strchr(szUser,'\\'))!=NULL)
             pUser++;
     }
@@ -1332,16 +1319,7 @@ BOOL DoMapShare()
     DWORD cbUser=MAXRANDOMNAMELEN-1;
     CHAR szUser[MAXRANDOMNAMELEN];
     CHAR * pUser = NULL;
-    if (WNetGetUser(szPath,(LPSTR)szUser,&cbUser)!=NO_ERROR) {
-        if (RWLogonOption(TRUE,LOGON_OPTION_HIGHSECURITY)) {
-            if (!pUserName[0]) {
-                GenRandomName(szUser,MAXRANDOMNAMELEN-1);
-                pUser = szUser;
-            } else {
-                pUser = pUserName;
-            }
-        }
-    } else {
+    if (WNetGetUser(szPath,(LPSTR)szUser,&cbUser)==NO_ERROR) {
        if ((pUser=strchr(szUser,'\\'))!=NULL)
             pUser++;
     }
@@ -1376,8 +1354,6 @@ BOOL DoMapShare()
                 continue;
 
             BOOL fPersistent = List.aDriveMap[chDrive-chDRIVE_A].fPersistent;
-            if (RWLogonOption(TRUE,LOGON_OPTION_HIGHSECURITY))
-                fPersistent = FALSE;
            DWORD res=MountDOSDrive(chDrive
                                     ,szSubmount
                                     ,fPersistent,pUser);

diff --git a/src/WINNT/client_creds/main.cpp b/src/WINNT/client_creds/main.cpp
index 1ada86ead79122a81e0ac54668dc6a2e6637c86e..b3d554c7c88a955f5c49153739cb8f4ae037a695 100644 (file)
--- a/src/WINNT/client_creds/main.cpp
+++ b/src/WINNT/client_creds/main.cpp
@@ -86,7 +86,6 @@ extern "C" int WINAPI WinMain (HINSTANCE hInst, HINSTANCE hPrev, LPSTR pCmdLine,
    return 0;
 }
 
-#define ISHIGHSECURITY(v) ( ((v) & LOGON_OPTION_HIGHSECURITY)==LOGON_OPTION_HIGHSECURITY)
 #define REG_CLIENT_PROVIDER_KEY "SYSTEM\\CurrentControlSet\\Services\\TransarcAFSDaemon\\NetworkProvider"
 
 BOOL InitApp (LPSTR pszCmdLineA)
@@ -156,8 +155,8 @@ BOOL InitApp (LPSTR pszCmdLineA)
 
          case ':':
              CopyAnsiToString(g.SmbName,pszCmdLineA);
-                        MapShareName(pszCmdLineA);
-                        break;
+             MapShareName(pszCmdLineA);
+             break;
 
          case 'z':
          case 'Z':

diff --git a/src/rxkad/rxkad.p.h b/src/rxkad/rxkad.p.h
index 91d1f5208782502e79ed63b61b429bfd4a4725a3..55cfcfa74a7274e290bea53d8a690634d59f3b3e 100644 (file)
--- a/src/rxkad/rxkad.p.h
+++ b/src/rxkad/rxkad.p.h
@@ -28,7 +28,6 @@
 #define MAXSMBNAMELEN    256   /* max length of an SMB name */
 
 #define LOGON_OPTION_INTEGRATED 1
-#define LOGON_OPTION_HIGHSECURITY 2
 
 /*
  * Define ticket types. For Kerberos V4 tickets, this is overloaded as