1
0
mirror of https://git.tartarus.org/simon/putty.git synced 2025-01-10 01:48:00 +00:00

Remove the NO_SECURITY compile-time option.

It's had its day. It was there to support pre-WinNT platforms, on
which the security APIs don't exist - but more specifically, it was
there to support _build tools_ that only knew about pre-WinNT versions
of Windows, so that you couldn't even compile a program that would
_try_ to refer to the interprocess security APIs.

But we don't support those build systems any more in any case: more
recent changes like the assumption of (most of) C99 will have stopped
this code from building with compilers that old. So there's no reason
to clutter the code with backwards compatibility features that won't
help.

I left NO_SECURITY in place during the CMake migration, so that _just_
in case it needs resurrecting, some version of it will be available in
the git history. But I don't expect it to be needed, and I'm deleting
the whole thing now.

The _runtime_ check for interprocess security libraries is still in
place. So PuTTY tools built with a modern toolchain can still at least
try to run on the Win95/98/ME series, and they should detect that
those system DLLs don't exist and proceed sensibly in their absence.
That may also be a thing to throw out sooner or later, but I haven't
thrown it out as part of this commit.
This commit is contained in:
Simon Tatham 2021-04-10 15:26:53 +01:00
parent c19e7215dd
commit 6c783f9ad0
11 changed files with 0 additions and 112 deletions

View File

@ -1,16 +1,5 @@
set(PLATFORM_SUBDIRS windows)
# I copied this over from the pre-CMake build system just to prove it
# still worked, but I should probably remove it now, together with all
# the #ifdefs that depend on it.
#
# Rationale: it was there so that you could do dev builds of PuTTY on
# compilers designed for the pre-NT single-user versions of Windows
# (Win95, Win98 etc). But we're not supporting those development
# environments any more!
set(PUTTY_NO_SECURITY OFF
CACHE BOOL "OBSOLETE AND DANGEROUS - DO NOT DEFINE! \
Build PuTTY without any use of the Windows security APIs.")
set(PUTTY_MINEFIELD OFF
CACHE BOOL "Build PuTTY with its built-in memory debugger 'Minefield'")
set(PUTTY_GSSAPI ON

3
misc.c
View File

@ -337,9 +337,6 @@ char *buildinfo(const char *newline)
#if defined _WINDOWS && defined MINEFIELD
strbuf_catf(buf, "%sBuild option: MINEFIELD", newline);
#endif
#ifdef NO_SECURITY
strbuf_catf(buf, "%sBuild option: NO_SECURITY", newline);
#endif
#ifdef NO_SECUREZEROMEMORY
strbuf_catf(buf, "%sBuild option: NO_SECUREZEROMEMORY", newline);
#endif

View File

@ -4,8 +4,6 @@
#include "putty.h"
#if !defined NO_SECURITY
#include "putty.h"
#include "ssh.h"
@ -85,5 +83,3 @@ char *capi_obfuscate_string(const char *realname)
return dupstr(retbuf);
}
#endif /* !defined NO_SECURITY */

View File

@ -5,8 +5,6 @@
* in turn.
*/
#if !defined NO_SECURITY
DECL_WINDOWS_FUNCTION(extern, BOOL, CryptProtectMemory, (LPVOID,DWORD,DWORD));
bool got_crypt(void);
@ -27,5 +25,3 @@ bool got_crypt(void);
* The returned string is dynamically allocated.
*/
char *capi_obfuscate_string(const char *realname);
#endif

View File

@ -11,8 +11,6 @@
#include "proxy.h"
#include "ssh.h"
#if !defined NO_SECURITY
#include "winsecur.h"
HANDLE connect_to_named_pipe(const char *pipename, char **err)
@ -94,5 +92,3 @@ Socket *new_named_pipe_client(const char *pipename, Plug *plug)
else
return make_handle_socket(pipehandle, pipehandle, NULL, plug, true);
}
#endif /* !defined NO_SECURITY */

View File

@ -11,8 +11,6 @@
#include "proxy.h"
#include "ssh.h"
#if !defined NO_SECURITY
#include "winsecur.h"
typedef struct NamedPipeServerSocket {
@ -236,5 +234,3 @@ Socket *new_named_pipe_listener(const char *pipename, Plug *plug)
cleanup:
return &ret->sock;
}
#endif /* !defined NO_SECURITY */

View File

@ -21,13 +21,11 @@
#include <shellapi.h>
#ifndef NO_SECURITY
#include <aclapi.h>
#ifdef DEBUG_IPC
#define _WIN32_WINNT 0x0500 /* for ConvertSidToStringSid */
#include <sddl.h>
#endif
#endif
#define WM_SYSTRAY (WM_APP + 6)
#define WM_SYSTRAY2 (WM_APP + 7)
@ -816,7 +814,6 @@ static void update_sessions(void)
}
}
#ifndef NO_SECURITY
/*
* Versions of Pageant prior to 0.61 expected this SID on incoming
* communications. For backwards compatibility, and more particularly
@ -861,7 +858,6 @@ PSID get_default_sid(void)
return ret;
}
#endif
struct WmCopydataTransaction {
char *length, *body;
@ -970,12 +966,10 @@ static char *answer_filemapping_message(const char *mapname)
size_t mapsize;
unsigned msglen;
#ifndef NO_SECURITY
PSID mapsid = NULL;
PSID expectedsid = NULL;
PSID expectedsid_bc = NULL;
PSECURITY_DESCRIPTOR psd = NULL;
#endif
wmct.length = wmct.body = NULL;
@ -994,7 +988,6 @@ static char *answer_filemapping_message(const char *mapname)
debug("maphandle = %p\n", maphandle);
#endif
#ifndef NO_SECURITY
if (has_security) {
DWORD retd;
@ -1037,7 +1030,6 @@ static char *answer_filemapping_message(const char *mapname)
goto cleanup;
}
} else
#endif /* NO_SECURITY */
{
#ifdef DEBUG_IPC
debug("security APIs not present\n");
@ -1395,7 +1387,6 @@ int WINAPI WinMain(HINSTANCE inst, HINSTANCE prev, LPSTR cmdline, int show)
has_security = (osPlatformId == VER_PLATFORM_WIN32_NT);
if (has_security) {
#ifndef NO_SECURITY
/*
* Attempt to get the security API we need.
*/
@ -1406,13 +1397,6 @@ int WINAPI WinMain(HINSTANCE inst, HINSTANCE prev, LPSTR cmdline, int show)
"Pageant Fatal Error", MB_ICONERROR | MB_OK);
return 1;
}
#else
MessageBox(NULL,
"This program has been compiled for Win9X and will\n"
"not run on NT, in case it causes a security breach.",
"Pageant Fatal Error", MB_ICONERROR | MB_OK);
return 1;
#endif
}
/*
@ -1543,8 +1527,6 @@ int WINAPI WinMain(HINSTANCE inst, HINSTANCE prev, LPSTR cmdline, int show)
return 0;
}
#if !defined NO_SECURITY
/*
* Set up a named-pipe listener.
*/
@ -1567,8 +1549,6 @@ int WINAPI WinMain(HINSTANCE inst, HINSTANCE prev, LPSTR cmdline, int show)
sfree(pipename);
}
#endif /* !defined NO_SECURITY */
/*
* Set up window classes for two hidden windows: one that receives
* all the messages to do with our presence in the system tray,

View File

@ -9,10 +9,8 @@
#include "putty.h"
#include "pageant.h" /* for AGENT_MAX_MSGLEN */
#ifndef NO_SECURITY
#include "winsecur.h"
#include "wincapi.h"
#endif
#define AGENT_COPYDATA_ID 0x804e50ba /* random goop */
@ -50,7 +48,6 @@ static void wm_copydata_agent_query(strbuf *query, void **out, int *outlen)
mapname = dupprintf("PageantRequest%08x", (unsigned)GetCurrentThreadId());
psa = NULL;
#ifndef NO_SECURITY
if (got_advapi()) {
/*
* Make the file mapping we create for communication with
@ -81,7 +78,6 @@ static void wm_copydata_agent_query(strbuf *query, void **out, int *outlen)
}
}
}
#endif /* NO_SECURITY */
filemap = CreateFileMapping(INVALID_HANDLE_VALUE, psa, PAGE_READWRITE,
0, AGENT_MAX_MSGLEN, mapname);
@ -129,8 +125,6 @@ static void wm_copydata_agent_query(strbuf *query, void **out, int *outlen)
LocalFree(psd);
}
#ifndef NO_SECURITY
char *agent_named_pipe_name(void)
{
char *username, *suffix, *pipename;
@ -303,39 +297,3 @@ agent_pending_query *agent_query(
wm_copydata_agent_query(query, out, outlen);
return NULL;
}
#else /* NO_SECURITY */
Socket *agent_connect(void *vctx, Plug *plug)
{
unreachable("no agent_connect_ctx can be constructed on this platform");
}
agent_connect_ctx *agent_get_connect_ctx(void)
{
return NULL;
}
void agent_free_connect_ctx(agent_connect_ctx *ctx)
{
}
bool agent_exists(void)
{
return wm_copydata_agent_exists();
}
agent_pending_query *agent_query(
strbuf *query, void **out, int *outlen,
void (*callback)(void *, void *, int), void *callback_ctx)
{
wm_copydata_agent_query(query, out, outlen);
return NULL;
}
void agent_cancel_query(agent_pending_query *q)
{
unreachable("Windows agent queries are never asynchronous!");
}
#endif /* NO_SECURITY */

View File

@ -7,8 +7,6 @@
#include "putty.h"
#if !defined NO_SECURITY
#include "winsecur.h"
/* Initialised once, then kept around to reuse forever */
@ -299,7 +297,6 @@ static bool really_restrict_process_acl(char **error)
}
return ret;
}
#endif /* !defined NO_SECURITY */
/*
* Lock down our process's ACL, to present an obstacle to malware
@ -323,12 +320,7 @@ void restrict_process_acl(void)
char *error = NULL;
bool ret;
#if !defined NO_SECURITY
ret = really_restrict_process_acl(&error);
#else
ret = false;
error = dupstr("ACL restrictions not compiled into this binary");
#endif
if (!ret)
modalfatalbox("Could not restrict process ACL: %s", error);
}

View File

@ -4,8 +4,6 @@
* centralises the machinery for dynamically loading that library.
*/
#if !defined NO_SECURITY
#include <aclapi.h>
/*
@ -49,5 +47,3 @@ PSID get_user_sid(void);
*/
bool make_private_security_descriptor(
DWORD permissions, PSECURITY_DESCRIPTOR *psd, PACL *acl, char **error);
#endif

View File

@ -5,8 +5,6 @@
#include <stdio.h>
#include <assert.h>
#if !defined NO_SECURITY
#include "tree234.h"
#include "putty.h"
#include "network.h"
@ -143,9 +141,3 @@ int platform_ssh_share(const char *pi_name, Conf *conf,
void platform_ssh_share_cleanup(const char *name)
{
}
#else /* !defined NO_SECURITY */
#include "noshare.c"
#endif /* !defined NO_SECURITY */