Remove the NO_SECURITY compile-time option.

It's had its day. It was there to support pre-WinNT platforms, on
which the security APIs don't exist - but more specifically, it was
there to support _build tools_ that only knew about pre-WinNT versions
of Windows, so that you couldn't even compile a program that would
_try_ to refer to the interprocess security APIs.

But we don't support those build systems any more in any case: more
recent changes like the assumption of (most of) C99 will have stopped
this code from building with compilers that old. So there's no reason
to clutter the code with backwards compatibility features that won't
help.

I left NO_SECURITY in place during the CMake migration, so that _just_
in case it needs resurrecting, some version of it will be available in
the git history. But I don't expect it to be needed, and I'm deleting
the whole thing now.

The _runtime_ check for interprocess security libraries is still in
place. So PuTTY tools built with a modern toolchain can still at least
try to run on the Win95/98/ME series, and they should detect that
those system DLLs don't exist and proceed sensibly in their absence.
That may also be a thing to throw out sooner or later, but I haven't
thrown it out as part of this commit.

cmake/platforms/windows.cmake

@@ -1,16 +1,5 @@
 set(PLATFORM_SUBDIRS windows)
 
-# I copied this over from the pre-CMake build system just to prove it
-# still worked, but I should probably remove it now, together with all
-# the #ifdefs that depend on it.
-#
-# Rationale: it was there so that you could do dev builds of PuTTY on
-# compilers designed for the pre-NT single-user versions of Windows
-# (Win95, Win98 etc). But we're not supporting those development
-# environments any more!
-set(PUTTY_NO_SECURITY OFF
-  CACHE BOOL "OBSOLETE AND DANGEROUS - DO NOT DEFINE! \
-Build PuTTY without any use of the Windows security APIs.")
 set(PUTTY_MINEFIELD OFF
   CACHE BOOL "Build PuTTY with its built-in memory debugger 'Minefield'")
 set(PUTTY_GSSAPI ON

misc.c

@@ -337,9 +337,6 @@ char *buildinfo(const char *newline)
 #if defined _WINDOWS && defined MINEFIELD
     strbuf_catf(buf, "%sBuild option: MINEFIELD", newline);
 #endif
-#ifdef NO_SECURITY
-    strbuf_catf(buf, "%sBuild option: NO_SECURITY", newline);
-#endif
 #ifdef NO_SECUREZEROMEMORY
     strbuf_catf(buf, "%sBuild option: NO_SECUREZEROMEMORY", newline);
 #endif

windows/wincapi.c

@@ -4,8 +4,6 @@
 
 #include "putty.h"
 
-#if !defined NO_SECURITY
-
 #include "putty.h"
 #include "ssh.h"
 
@@ -85,5 +83,3 @@ char *capi_obfuscate_string(const char *realname)
 
     return dupstr(retbuf);
 }
-
-#endif /* !defined NO_SECURITY */

windows/wincapi.h

@@ -5,8 +5,6 @@
  * in turn.
  */
 
-#if !defined NO_SECURITY
-
 DECL_WINDOWS_FUNCTION(extern, BOOL, CryptProtectMemory, (LPVOID,DWORD,DWORD));
 
 bool got_crypt(void);
@@ -27,5 +25,3 @@ bool got_crypt(void);
  * The returned string is dynamically allocated.
  */
 char *capi_obfuscate_string(const char *realname);
-
-#endif

windows/winnpc.c

@@ -11,8 +11,6 @@
 #include "proxy.h"
 #include "ssh.h"
 
-#if !defined NO_SECURITY
-
 #include "winsecur.h"
 
 HANDLE connect_to_named_pipe(const char *pipename, char **err)
@@ -94,5 +92,3 @@ Socket *new_named_pipe_client(const char *pipename, Plug *plug)
     else
         return make_handle_socket(pipehandle, pipehandle, NULL, plug, true);
 }
-
-#endif /* !defined NO_SECURITY */

windows/winnps.c

@@ -11,8 +11,6 @@
 #include "proxy.h"
 #include "ssh.h"
 
-#if !defined NO_SECURITY
-
 #include "winsecur.h"
 
 typedef struct NamedPipeServerSocket {
@@ -236,5 +234,3 @@ Socket *new_named_pipe_listener(const char *pipename, Plug *plug)
   cleanup:
     return &ret->sock;
 }
-
-#endif /* !defined NO_SECURITY */

windows/winpgnt.c

@@ -21,13 +21,11 @@
 
 #include <shellapi.h>
 
-#ifndef NO_SECURITY
 #include <aclapi.h>
 #ifdef DEBUG_IPC
 #define _WIN32_WINNT 0x0500            /* for ConvertSidToStringSid */
 #include <sddl.h>
 #endif
-#endif
 
 #define WM_SYSTRAY   (WM_APP + 6)
 #define WM_SYSTRAY2  (WM_APP + 7)
@@ -816,7 +814,6 @@ static void update_sessions(void)
     }
 }
 
-#ifndef NO_SECURITY
 /*
  * Versions of Pageant prior to 0.61 expected this SID on incoming
  * communications. For backwards compatibility, and more particularly
@@ -861,7 +858,6 @@ PSID get_default_sid(void)
 
     return ret;
 }
-#endif
 
 struct WmCopydataTransaction {
     char *length, *body;
@@ -970,12 +966,10 @@ static char *answer_filemapping_message(const char *mapname)
     size_t mapsize;
     unsigned msglen;
 
-#ifndef NO_SECURITY
     PSID mapsid = NULL;
     PSID expectedsid = NULL;
     PSID expectedsid_bc = NULL;
     PSECURITY_DESCRIPTOR psd = NULL;
-#endif
 
     wmct.length = wmct.body = NULL;
 
@@ -994,7 +988,6 @@ static char *answer_filemapping_message(const char *mapname)
     debug("maphandle = %p\n", maphandle);
 #endif
 
-#ifndef NO_SECURITY
     if (has_security) {
         DWORD retd;
 
@@ -1037,7 +1030,6 @@ static char *answer_filemapping_message(const char *mapname)
             goto cleanup;
         }
     } else
-#endif /* NO_SECURITY */
     {
 #ifdef DEBUG_IPC
         debug("security APIs not present\n");
@@ -1395,7 +1387,6 @@ int WINAPI WinMain(HINSTANCE inst, HINSTANCE prev, LPSTR cmdline, int show)
     has_security = (osPlatformId == VER_PLATFORM_WIN32_NT);
 
     if (has_security) {
-#ifndef NO_SECURITY
         /*
          * Attempt to get the security API we need.
          */
@@ -1406,13 +1397,6 @@ int WINAPI WinMain(HINSTANCE inst, HINSTANCE prev, LPSTR cmdline, int show)
                        "Pageant Fatal Error", MB_ICONERROR | MB_OK);
             return 1;
         }
-#else
-        MessageBox(NULL,
-                   "This program has been compiled for Win9X and will\n"
-                   "not run on NT, in case it causes a security breach.",
-                   "Pageant Fatal Error", MB_ICONERROR | MB_OK);
-        return 1;
-#endif
     }
 
     /*
@@ -1543,8 +1527,6 @@ int WINAPI WinMain(HINSTANCE inst, HINSTANCE prev, LPSTR cmdline, int show)
         return 0;
     }
 
-#if !defined NO_SECURITY
-
     /*
      * Set up a named-pipe listener.
      */
@@ -1567,8 +1549,6 @@ int WINAPI WinMain(HINSTANCE inst, HINSTANCE prev, LPSTR cmdline, int show)
         sfree(pipename);
     }
 
-#endif /* !defined NO_SECURITY */
-
     /*
      * Set up window classes for two hidden windows: one that receives
      * all the messages to do with our presence in the system tray,

windows/winpgntc.c

@@ -9,10 +9,8 @@
 #include "putty.h"
 #include "pageant.h" /* for AGENT_MAX_MSGLEN */
 
-#ifndef NO_SECURITY
 #include "winsecur.h"
 #include "wincapi.h"
-#endif
 
 #define AGENT_COPYDATA_ID 0x804e50ba   /* random goop */
 
@@ -50,7 +48,6 @@ static void wm_copydata_agent_query(strbuf *query, void **out, int *outlen)
     mapname = dupprintf("PageantRequest%08x", (unsigned)GetCurrentThreadId());
 
     psa = NULL;
-#ifndef NO_SECURITY
     if (got_advapi()) {
         /*
          * Make the file mapping we create for communication with
@@ -81,7 +78,6 @@ static void wm_copydata_agent_query(strbuf *query, void **out, int *outlen)
             }
         }
     }
-#endif /* NO_SECURITY */
 
     filemap = CreateFileMapping(INVALID_HANDLE_VALUE, psa, PAGE_READWRITE,
                                 0, AGENT_MAX_MSGLEN, mapname);
@@ -129,8 +125,6 @@ static void wm_copydata_agent_query(strbuf *query, void **out, int *outlen)
         LocalFree(psd);
 }
 
-#ifndef NO_SECURITY
-
 char *agent_named_pipe_name(void)
 {
     char *username, *suffix, *pipename;
@@ -303,39 +297,3 @@ agent_pending_query *agent_query(
     wm_copydata_agent_query(query, out, outlen);
     return NULL;
 }
-
-#else /* NO_SECURITY */
-
-Socket *agent_connect(void *vctx, Plug *plug)
-{
-    unreachable("no agent_connect_ctx can be constructed on this platform");
-}
-
-agent_connect_ctx *agent_get_connect_ctx(void)
-{
-    return NULL;
-}
-
-void agent_free_connect_ctx(agent_connect_ctx *ctx)
-{
-}
-
-bool agent_exists(void)
-{
-    return wm_copydata_agent_exists();
-}
-
-agent_pending_query *agent_query(
-    strbuf *query, void **out, int *outlen,
-    void (*callback)(void *, void *, int), void *callback_ctx)
-{
-    wm_copydata_agent_query(query, out, outlen);
-    return NULL;
-}
-
-void agent_cancel_query(agent_pending_query *q)
-{
-    unreachable("Windows agent queries are never asynchronous!");
-}
-
-#endif /* NO_SECURITY */

windows/winsecur.c

@@ -7,8 +7,6 @@
 
 #include "putty.h"
 
-#if !defined NO_SECURITY
-
 #include "winsecur.h"
 
 /* Initialised once, then kept around to reuse forever */
@@ -299,7 +297,6 @@ static bool really_restrict_process_acl(char **error)
     }
     return ret;
 }
-#endif /* !defined NO_SECURITY */
 
 /*
  * Lock down our process's ACL, to present an obstacle to malware
@@ -323,12 +320,7 @@ void restrict_process_acl(void)
     char *error = NULL;
     bool ret;
 
-#if !defined NO_SECURITY
     ret = really_restrict_process_acl(&error);
-#else
-    ret = false;
-    error = dupstr("ACL restrictions not compiled into this binary");
-#endif
     if (!ret)
         modalfatalbox("Could not restrict process ACL: %s", error);
 }

windows/winsecur.h

@@ -4,8 +4,6 @@
  * centralises the machinery for dynamically loading that library.
  */
 
-#if !defined NO_SECURITY
-
 #include <aclapi.h>
 
 /*
@@ -49,5 +47,3 @@ PSID get_user_sid(void);
  */
 bool make_private_security_descriptor(
     DWORD permissions, PSECURITY_DESCRIPTOR *psd, PACL *acl, char **error);
-
-#endif

windows/winshare.c

@@ -5,8 +5,6 @@
 #include <stdio.h>
 #include <assert.h>
 
-#if !defined NO_SECURITY
-
 #include "tree234.h"
 #include "putty.h"
 #include "network.h"
@@ -143,9 +141,3 @@ int platform_ssh_share(const char *pi_name, Conf *conf,
 void platform_ssh_share_cleanup(const char *name)
 {
 }
-
-#else /* !defined NO_SECURITY */
-
-#include "noshare.c"
-
-#endif /* !defined NO_SECURITY */