High security mode for integrated logon never was high security.
It use was deprecated in the 1.5 series and it has no use at all
in the afs redirector world. Remove it.
FIXES: 21702
Change-Id: I019b4fecc430517d29195e79e39529a782c88073
Reviewed-on: http://gerrit.openafs.org/7285
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Tested-by: Jeffrey Altman <jaltman@secure-endpoints.com>
Reviewed-by: Jeffrey Altman <jaltman@secure-endpoints.com>
<simplelist type="vert">
<member>0x00 - Integrated Logon is not used </member>
<member> 0x01 - Integrated Logon is used </member>
- <member> 0x02 - High Security Mode is used (deprecated) </member>
- <member> 0x03 - Integrated Logon with High Security Mode is used (deprecated)
- </member>
</simplelist>
</para>
- <para>High Security Mode generates random SMB names for the creation of Drive
- Mappings. This mode should not be used without Integrated Logon.</para>
- <para>As of 1.3.65 the SMB server supports SMB authentication. The High Security Mode
- should not be used when using SMB authentication (SMBAuthType setting is non
- zero).</para>
</section>
<section>
<title id="Domain_Specific_Regkeys_FailLoginsSilently">Value:
}
/* come up with SMB username */
- if(ISHIGHSECURITY(opt->LogonOption)) {
- DebugEvent0("High Security Mode active");
- opt->smbName = malloc( MAXRANDOMNAMELEN );
- if (opt->smbName == NULL)
- goto cleanup;
- GenRandomName(opt->smbName);
- } else if (lpLogonId) {
+ if (lpLogonId) {
/* username and domain for logon session is not necessarily the same as
username and domain passed into network provider. */
PSECURITY_LOGON_SESSION_DATA plsd=NULL;
hkTemp = hkDoms;
DebugEvent0("Located logon script in hkDoms");
}
- /* Note that the LogonScript in the NP key is only used if we are doing high security. */
- else if(hkNp && ISHIGHSECURITY(opt->LogonOption)) {
- rv = RegQueryValueExW(hkNp, REG_CLIENT_LOGON_SCRIPT_PARMW, 0, &dwType, NULL, &dwSize);
- if(rv == ERROR_SUCCESS && !hkTemp && (dwType == REG_SZ || dwType == REG_EXPAND_SZ)) {
- hkTemp = hkNp;
- DebugEvent0("Located logon script in hkNp");
- }
- }
+ /* Note that the LogonScript in the NP key not used. */
}
if(hkTemp) {
#define ISLOGONTRACE(v) ( ((v) & TRACE_OPTION_EVENT)==TRACE_OPTION_EVENT)
#define ISLOGONINTEGRATED(v) ( ((v) & LOGON_OPTION_INTEGRATED)==LOGON_OPTION_INTEGRATED)
-#define ISHIGHSECURITY(v) ( ((v) & LOGON_OPTION_HIGHSECURITY)==LOGON_OPTION_HIGHSECURITY)
#define ISREMOTE(v) ( ((v) & LOGON_FLAG_REMOTE)==LOGON_FLAG_REMOTE)
#define ISADREALM(v) ( ((v) & LOGON_FLAG_AD_REALM)==LOGON_FLAG_AD_REALM)
return TRUE;
}
dwOldState=SERVICE_RUNNING;
- if (RWLogonOption(TRUE,LOGON_OPTION_HIGHSECURITY))
- return (DoMapShare() && GlobalMountDrive());
return GlobalMountDrive();
}
void TestAndDoUnMapShare()
{
- if (!RWLogonOption(TRUE,LOGON_OPTION_HIGHSECURITY))
- return;
- DoUnMapShare(FALSE);
+ return;
}
void DoUnMapShare(BOOL drivemap) //disconnect drivemap
DWORD cbUser=MAXRANDOMNAMELEN-1;
CHAR szUser[MAXRANDOMNAMELEN];
CHAR * pUser = NULL;
- if (WNetGetUser(szPath,(LPSTR)szUser,&cbUser)!=NO_ERROR) {
- if (RWLogonOption(TRUE,LOGON_OPTION_HIGHSECURITY)) {
- if (!pUserName[0]) {
- GenRandomName(szUser,MAXRANDOMNAMELEN-1);
- pUser = szUser;
- } else {
- pUser = pUserName;
- }
- }
- } else {
+ if (WNetGetUser(szPath,(LPSTR)szUser,&cbUser)==NO_ERROR) {
if ((pUser=strchr(szUser,'\\'))!=NULL)
pUser++;
}
DWORD cbUser=MAXRANDOMNAMELEN-1;
CHAR szUser[MAXRANDOMNAMELEN];
CHAR * pUser = NULL;
- if (WNetGetUser(szPath,(LPSTR)szUser,&cbUser)!=NO_ERROR) {
- if (RWLogonOption(TRUE,LOGON_OPTION_HIGHSECURITY)) {
- if (!pUserName[0]) {
- GenRandomName(szUser,MAXRANDOMNAMELEN-1);
- pUser = szUser;
- } else {
- pUser = pUserName;
- }
- }
- } else {
+ if (WNetGetUser(szPath,(LPSTR)szUser,&cbUser)==NO_ERROR) {
if ((pUser=strchr(szUser,'\\'))!=NULL)
pUser++;
}
continue;
BOOL fPersistent = List.aDriveMap[chDrive-chDRIVE_A].fPersistent;
- if (RWLogonOption(TRUE,LOGON_OPTION_HIGHSECURITY))
- fPersistent = FALSE;
DWORD res=MountDOSDrive(chDrive
,szSubmount
,fPersistent,pUser);
return 0;
}
-#define ISHIGHSECURITY(v) ( ((v) & LOGON_OPTION_HIGHSECURITY)==LOGON_OPTION_HIGHSECURITY)
#define REG_CLIENT_PROVIDER_KEY "SYSTEM\\CurrentControlSet\\Services\\TransarcAFSDaemon\\NetworkProvider"
BOOL InitApp (LPSTR pszCmdLineA)
case ':':
CopyAnsiToString(g.SmbName,pszCmdLineA);
- MapShareName(pszCmdLineA);
- break;
+ MapShareName(pszCmdLineA);
+ break;
case 'z':
case 'Z':
#define MAXSMBNAMELEN 256 /* max length of an SMB name */
#define LOGON_OPTION_INTEGRATED 1
-#define LOGON_OPTION_HIGHSECURITY 2
/*
* Define ticket types. For Kerberos V4 tickets, this is overloaded as