mirror of
https://git.tartarus.org/simon/putty.git
synced 2025-01-25 01:02:24 +00:00
Remove the NO_SECURITY compile-time option.
It's had its day. It was there to support pre-WinNT platforms, on which the security APIs don't exist - but more specifically, it was there to support _build tools_ that only knew about pre-WinNT versions of Windows, so that you couldn't even compile a program that would _try_ to refer to the interprocess security APIs. But we don't support those build systems any more in any case: more recent changes like the assumption of (most of) C99 will have stopped this code from building with compilers that old. So there's no reason to clutter the code with backwards compatibility features that won't help. I left NO_SECURITY in place during the CMake migration, so that _just_ in case it needs resurrecting, some version of it will be available in the git history. But I don't expect it to be needed, and I'm deleting the whole thing now. The _runtime_ check for interprocess security libraries is still in place. So PuTTY tools built with a modern toolchain can still at least try to run on the Win95/98/ME series, and they should detect that those system DLLs don't exist and proceed sensibly in their absence. That may also be a thing to throw out sooner or later, but I haven't thrown it out as part of this commit.
This commit is contained in:
parent
c19e7215dd
commit
6c783f9ad0
@ -1,16 +1,5 @@
|
||||
set(PLATFORM_SUBDIRS windows)
|
||||
|
||||
# I copied this over from the pre-CMake build system just to prove it
|
||||
# still worked, but I should probably remove it now, together with all
|
||||
# the #ifdefs that depend on it.
|
||||
#
|
||||
# Rationale: it was there so that you could do dev builds of PuTTY on
|
||||
# compilers designed for the pre-NT single-user versions of Windows
|
||||
# (Win95, Win98 etc). But we're not supporting those development
|
||||
# environments any more!
|
||||
set(PUTTY_NO_SECURITY OFF
|
||||
CACHE BOOL "OBSOLETE AND DANGEROUS - DO NOT DEFINE! \
|
||||
Build PuTTY without any use of the Windows security APIs.")
|
||||
set(PUTTY_MINEFIELD OFF
|
||||
CACHE BOOL "Build PuTTY with its built-in memory debugger 'Minefield'")
|
||||
set(PUTTY_GSSAPI ON
|
||||
|
3
misc.c
3
misc.c
@ -337,9 +337,6 @@ char *buildinfo(const char *newline)
|
||||
#if defined _WINDOWS && defined MINEFIELD
|
||||
strbuf_catf(buf, "%sBuild option: MINEFIELD", newline);
|
||||
#endif
|
||||
#ifdef NO_SECURITY
|
||||
strbuf_catf(buf, "%sBuild option: NO_SECURITY", newline);
|
||||
#endif
|
||||
#ifdef NO_SECUREZEROMEMORY
|
||||
strbuf_catf(buf, "%sBuild option: NO_SECUREZEROMEMORY", newline);
|
||||
#endif
|
||||
|
@ -4,8 +4,6 @@
|
||||
|
||||
#include "putty.h"
|
||||
|
||||
#if !defined NO_SECURITY
|
||||
|
||||
#include "putty.h"
|
||||
#include "ssh.h"
|
||||
|
||||
@ -85,5 +83,3 @@ char *capi_obfuscate_string(const char *realname)
|
||||
|
||||
return dupstr(retbuf);
|
||||
}
|
||||
|
||||
#endif /* !defined NO_SECURITY */
|
||||
|
@ -5,8 +5,6 @@
|
||||
* in turn.
|
||||
*/
|
||||
|
||||
#if !defined NO_SECURITY
|
||||
|
||||
DECL_WINDOWS_FUNCTION(extern, BOOL, CryptProtectMemory, (LPVOID,DWORD,DWORD));
|
||||
|
||||
bool got_crypt(void);
|
||||
@ -27,5 +25,3 @@ bool got_crypt(void);
|
||||
* The returned string is dynamically allocated.
|
||||
*/
|
||||
char *capi_obfuscate_string(const char *realname);
|
||||
|
||||
#endif
|
||||
|
@ -11,8 +11,6 @@
|
||||
#include "proxy.h"
|
||||
#include "ssh.h"
|
||||
|
||||
#if !defined NO_SECURITY
|
||||
|
||||
#include "winsecur.h"
|
||||
|
||||
HANDLE connect_to_named_pipe(const char *pipename, char **err)
|
||||
@ -94,5 +92,3 @@ Socket *new_named_pipe_client(const char *pipename, Plug *plug)
|
||||
else
|
||||
return make_handle_socket(pipehandle, pipehandle, NULL, plug, true);
|
||||
}
|
||||
|
||||
#endif /* !defined NO_SECURITY */
|
||||
|
@ -11,8 +11,6 @@
|
||||
#include "proxy.h"
|
||||
#include "ssh.h"
|
||||
|
||||
#if !defined NO_SECURITY
|
||||
|
||||
#include "winsecur.h"
|
||||
|
||||
typedef struct NamedPipeServerSocket {
|
||||
@ -236,5 +234,3 @@ Socket *new_named_pipe_listener(const char *pipename, Plug *plug)
|
||||
cleanup:
|
||||
return &ret->sock;
|
||||
}
|
||||
|
||||
#endif /* !defined NO_SECURITY */
|
||||
|
@ -21,13 +21,11 @@
|
||||
|
||||
#include <shellapi.h>
|
||||
|
||||
#ifndef NO_SECURITY
|
||||
#include <aclapi.h>
|
||||
#ifdef DEBUG_IPC
|
||||
#define _WIN32_WINNT 0x0500 /* for ConvertSidToStringSid */
|
||||
#include <sddl.h>
|
||||
#endif
|
||||
#endif
|
||||
|
||||
#define WM_SYSTRAY (WM_APP + 6)
|
||||
#define WM_SYSTRAY2 (WM_APP + 7)
|
||||
@ -816,7 +814,6 @@ static void update_sessions(void)
|
||||
}
|
||||
}
|
||||
|
||||
#ifndef NO_SECURITY
|
||||
/*
|
||||
* Versions of Pageant prior to 0.61 expected this SID on incoming
|
||||
* communications. For backwards compatibility, and more particularly
|
||||
@ -861,7 +858,6 @@ PSID get_default_sid(void)
|
||||
|
||||
return ret;
|
||||
}
|
||||
#endif
|
||||
|
||||
struct WmCopydataTransaction {
|
||||
char *length, *body;
|
||||
@ -970,12 +966,10 @@ static char *answer_filemapping_message(const char *mapname)
|
||||
size_t mapsize;
|
||||
unsigned msglen;
|
||||
|
||||
#ifndef NO_SECURITY
|
||||
PSID mapsid = NULL;
|
||||
PSID expectedsid = NULL;
|
||||
PSID expectedsid_bc = NULL;
|
||||
PSECURITY_DESCRIPTOR psd = NULL;
|
||||
#endif
|
||||
|
||||
wmct.length = wmct.body = NULL;
|
||||
|
||||
@ -994,7 +988,6 @@ static char *answer_filemapping_message(const char *mapname)
|
||||
debug("maphandle = %p\n", maphandle);
|
||||
#endif
|
||||
|
||||
#ifndef NO_SECURITY
|
||||
if (has_security) {
|
||||
DWORD retd;
|
||||
|
||||
@ -1037,7 +1030,6 @@ static char *answer_filemapping_message(const char *mapname)
|
||||
goto cleanup;
|
||||
}
|
||||
} else
|
||||
#endif /* NO_SECURITY */
|
||||
{
|
||||
#ifdef DEBUG_IPC
|
||||
debug("security APIs not present\n");
|
||||
@ -1395,7 +1387,6 @@ int WINAPI WinMain(HINSTANCE inst, HINSTANCE prev, LPSTR cmdline, int show)
|
||||
has_security = (osPlatformId == VER_PLATFORM_WIN32_NT);
|
||||
|
||||
if (has_security) {
|
||||
#ifndef NO_SECURITY
|
||||
/*
|
||||
* Attempt to get the security API we need.
|
||||
*/
|
||||
@ -1406,13 +1397,6 @@ int WINAPI WinMain(HINSTANCE inst, HINSTANCE prev, LPSTR cmdline, int show)
|
||||
"Pageant Fatal Error", MB_ICONERROR | MB_OK);
|
||||
return 1;
|
||||
}
|
||||
#else
|
||||
MessageBox(NULL,
|
||||
"This program has been compiled for Win9X and will\n"
|
||||
"not run on NT, in case it causes a security breach.",
|
||||
"Pageant Fatal Error", MB_ICONERROR | MB_OK);
|
||||
return 1;
|
||||
#endif
|
||||
}
|
||||
|
||||
/*
|
||||
@ -1543,8 +1527,6 @@ int WINAPI WinMain(HINSTANCE inst, HINSTANCE prev, LPSTR cmdline, int show)
|
||||
return 0;
|
||||
}
|
||||
|
||||
#if !defined NO_SECURITY
|
||||
|
||||
/*
|
||||
* Set up a named-pipe listener.
|
||||
*/
|
||||
@ -1567,8 +1549,6 @@ int WINAPI WinMain(HINSTANCE inst, HINSTANCE prev, LPSTR cmdline, int show)
|
||||
sfree(pipename);
|
||||
}
|
||||
|
||||
#endif /* !defined NO_SECURITY */
|
||||
|
||||
/*
|
||||
* Set up window classes for two hidden windows: one that receives
|
||||
* all the messages to do with our presence in the system tray,
|
||||
|
@ -9,10 +9,8 @@
|
||||
#include "putty.h"
|
||||
#include "pageant.h" /* for AGENT_MAX_MSGLEN */
|
||||
|
||||
#ifndef NO_SECURITY
|
||||
#include "winsecur.h"
|
||||
#include "wincapi.h"
|
||||
#endif
|
||||
|
||||
#define AGENT_COPYDATA_ID 0x804e50ba /* random goop */
|
||||
|
||||
@ -50,7 +48,6 @@ static void wm_copydata_agent_query(strbuf *query, void **out, int *outlen)
|
||||
mapname = dupprintf("PageantRequest%08x", (unsigned)GetCurrentThreadId());
|
||||
|
||||
psa = NULL;
|
||||
#ifndef NO_SECURITY
|
||||
if (got_advapi()) {
|
||||
/*
|
||||
* Make the file mapping we create for communication with
|
||||
@ -81,7 +78,6 @@ static void wm_copydata_agent_query(strbuf *query, void **out, int *outlen)
|
||||
}
|
||||
}
|
||||
}
|
||||
#endif /* NO_SECURITY */
|
||||
|
||||
filemap = CreateFileMapping(INVALID_HANDLE_VALUE, psa, PAGE_READWRITE,
|
||||
0, AGENT_MAX_MSGLEN, mapname);
|
||||
@ -129,8 +125,6 @@ static void wm_copydata_agent_query(strbuf *query, void **out, int *outlen)
|
||||
LocalFree(psd);
|
||||
}
|
||||
|
||||
#ifndef NO_SECURITY
|
||||
|
||||
char *agent_named_pipe_name(void)
|
||||
{
|
||||
char *username, *suffix, *pipename;
|
||||
@ -303,39 +297,3 @@ agent_pending_query *agent_query(
|
||||
wm_copydata_agent_query(query, out, outlen);
|
||||
return NULL;
|
||||
}
|
||||
|
||||
#else /* NO_SECURITY */
|
||||
|
||||
Socket *agent_connect(void *vctx, Plug *plug)
|
||||
{
|
||||
unreachable("no agent_connect_ctx can be constructed on this platform");
|
||||
}
|
||||
|
||||
agent_connect_ctx *agent_get_connect_ctx(void)
|
||||
{
|
||||
return NULL;
|
||||
}
|
||||
|
||||
void agent_free_connect_ctx(agent_connect_ctx *ctx)
|
||||
{
|
||||
}
|
||||
|
||||
bool agent_exists(void)
|
||||
{
|
||||
return wm_copydata_agent_exists();
|
||||
}
|
||||
|
||||
agent_pending_query *agent_query(
|
||||
strbuf *query, void **out, int *outlen,
|
||||
void (*callback)(void *, void *, int), void *callback_ctx)
|
||||
{
|
||||
wm_copydata_agent_query(query, out, outlen);
|
||||
return NULL;
|
||||
}
|
||||
|
||||
void agent_cancel_query(agent_pending_query *q)
|
||||
{
|
||||
unreachable("Windows agent queries are never asynchronous!");
|
||||
}
|
||||
|
||||
#endif /* NO_SECURITY */
|
||||
|
@ -7,8 +7,6 @@
|
||||
|
||||
#include "putty.h"
|
||||
|
||||
#if !defined NO_SECURITY
|
||||
|
||||
#include "winsecur.h"
|
||||
|
||||
/* Initialised once, then kept around to reuse forever */
|
||||
@ -299,7 +297,6 @@ static bool really_restrict_process_acl(char **error)
|
||||
}
|
||||
return ret;
|
||||
}
|
||||
#endif /* !defined NO_SECURITY */
|
||||
|
||||
/*
|
||||
* Lock down our process's ACL, to present an obstacle to malware
|
||||
@ -323,12 +320,7 @@ void restrict_process_acl(void)
|
||||
char *error = NULL;
|
||||
bool ret;
|
||||
|
||||
#if !defined NO_SECURITY
|
||||
ret = really_restrict_process_acl(&error);
|
||||
#else
|
||||
ret = false;
|
||||
error = dupstr("ACL restrictions not compiled into this binary");
|
||||
#endif
|
||||
if (!ret)
|
||||
modalfatalbox("Could not restrict process ACL: %s", error);
|
||||
}
|
||||
|
@ -4,8 +4,6 @@
|
||||
* centralises the machinery for dynamically loading that library.
|
||||
*/
|
||||
|
||||
#if !defined NO_SECURITY
|
||||
|
||||
#include <aclapi.h>
|
||||
|
||||
/*
|
||||
@ -49,5 +47,3 @@ PSID get_user_sid(void);
|
||||
*/
|
||||
bool make_private_security_descriptor(
|
||||
DWORD permissions, PSECURITY_DESCRIPTOR *psd, PACL *acl, char **error);
|
||||
|
||||
#endif
|
||||
|
@ -5,8 +5,6 @@
|
||||
#include <stdio.h>
|
||||
#include <assert.h>
|
||||
|
||||
#if !defined NO_SECURITY
|
||||
|
||||
#include "tree234.h"
|
||||
#include "putty.h"
|
||||
#include "network.h"
|
||||
@ -143,9 +141,3 @@ int platform_ssh_share(const char *pi_name, Conf *conf,
|
||||
void platform_ssh_share_cleanup(const char *name)
|
||||
{
|
||||
}
|
||||
|
||||
#else /* !defined NO_SECURITY */
|
||||
|
||||
#include "noshare.c"
|
||||
|
||||
#endif /* !defined NO_SECURITY */
|
||||
|
Loading…
Reference in New Issue
Block a user