Windows: Remove High Security Integrated Logon

High security mode for integrated logon never was high security.
It use was deprecated in the 1.5 series and it has no use at all
in the afs redirector world.  Remove it.

FIXES: 21702

Change-Id: I019b4fecc430517d29195e79e39529a782c88073
Reviewed-on: http://gerrit.openafs.org/7285
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Tested-by: Jeffrey Altman <jaltman@secure-endpoints.com>
Reviewed-by: Jeffrey Altman <jaltman@secure-endpoints.com>

diff --git a/doc/xml/ReleaseNotesWindows/relnotes.xml b/doc/xml/ReleaseNotesWindows/relnotes.xml
index 93de755..04aa503 100644 (file)
--- a/doc/xml/ReleaseNotesWindows/relnotes.xml
+++ b/doc/xml/ReleaseNotesWindows/relnotes.xml
@@ -4669,16 +4669,8 @@ NSIS: %WINDIR%\SYSTEM32\afslogon.dll</para>
                 <simplelist type="vert">
                   <member>0x00 - Integrated Logon is not used </member>
                   <member> 0x01 - Integrated Logon is used </member>
-                  <member> 0x02 - High Security Mode is used (deprecated) </member>
-                  <member> 0x03 - Integrated Logon with High Security Mode is used (deprecated)
-                  </member>
                 </simplelist>
               </para>
-              <para>High Security Mode generates random SMB names for the creation of Drive
-                Mappings. This mode should not be used without Integrated Logon.</para>
-              <para>As of 1.3.65 the SMB server supports SMB authentication. The High Security Mode
-                should not be used when using SMB authentication (SMBAuthType setting is non
-                zero).</para>
             </section>
             <section>
               <title id="Domain_Specific_Regkeys_FailLoginsSilently">Value:

diff --git a/src/WINNT/afsd/afslogon.c b/src/WINNT/afsd/afslogon.c
index 38f7499..571dd78 100644 (file)
--- a/src/WINNT/afsd/afslogon.c
+++ b/src/WINNT/afsd/afslogon.c
@@ -476,13 +476,7 @@ GetDomainLogonOptions( PLUID lpLogonId, char * username, char * domain, LogonOpt
     }
 
     /* come up with SMB username */
-    if(ISHIGHSECURITY(opt->LogonOption)) {
-        DebugEvent0("High Security Mode active");
-        opt->smbName = malloc( MAXRANDOMNAMELEN );
-        if (opt->smbName == NULL)
-            goto cleanup;
-        GenRandomName(opt->smbName);
-    } else if (lpLogonId) {
+    if (lpLogonId) {
         /* username and domain for logon session is not necessarily the same as
            username and domain passed into network provider. */
         PSECURITY_LOGON_SESSION_DATA plsd=NULL;
@@ -568,14 +562,7 @@ GetDomainLogonOptions( PLUID lpLogonId, char * username, char * domain, LogonOpt
             hkTemp = hkDoms;
             DebugEvent0("Located logon script in hkDoms");
         }
-        /* Note that the LogonScript in the NP key is only used if we are doing high security. */
-        else if(hkNp && ISHIGHSECURITY(opt->LogonOption)) {
-            rv = RegQueryValueExW(hkNp, REG_CLIENT_LOGON_SCRIPT_PARMW, 0, &dwType, NULL, &dwSize);
-            if(rv == ERROR_SUCCESS && !hkTemp && (dwType == REG_SZ || dwType == REG_EXPAND_SZ)) {
-                hkTemp = hkNp;
-                DebugEvent0("Located logon script in hkNp");
-            }
-        }
+        /* Note that the LogonScript in the NP key not used. */
     }
 
     if(hkTemp) {

diff --git a/src/WINNT/afsd/afslogon.h b/src/WINNT/afsd/afslogon.h
index bbac07d..ff3f48a 100644 (file)
--- a/src/WINNT/afsd/afslogon.h
+++ b/src/WINNT/afsd/afslogon.h
@@ -58,7 +58,6 @@ SOFTWARE.
 #define ISLOGONTRACE(v) ( ((v) & TRACE_OPTION_EVENT)==TRACE_OPTION_EVENT)
 
 #define ISLOGONINTEGRATED(v) ( ((v) & LOGON_OPTION_INTEGRATED)==LOGON_OPTION_INTEGRATED)
-#define ISHIGHSECURITY(v) ( ((v) & LOGON_OPTION_HIGHSECURITY)==LOGON_OPTION_HIGHSECURITY)
 
 #define ISREMOTE(v) ( ((v) & LOGON_FLAG_REMOTE)==LOGON_FLAG_REMOTE)
 #define ISADREALM(v) ( ((v) & LOGON_FLAG_AD_REALM)==LOGON_FLAG_AD_REALM)

diff --git a/src/WINNT/client_config/drivemap.cpp b/src/WINNT/client_config/drivemap.cpp
index 1769d5d..9e1a7da 100644 (file)
--- a/src/WINNT/client_config/drivemap.cpp
+++ b/src/WINNT/client_config/drivemap.cpp
@@ -1149,8 +1149,6 @@ BOOL TestAndDoMapShare(DWORD dwState)
        return TRUE;
     }
     dwOldState=SERVICE_RUNNING;
-    if (RWLogonOption(TRUE,LOGON_OPTION_HIGHSECURITY))
-       return (DoMapShare() && GlobalMountDrive());
     return GlobalMountDrive();
 }
 
@@ -1175,9 +1173,7 @@ BOOL IsServiceActive()
 
 void TestAndDoUnMapShare()
 {
-    if (!RWLogonOption(TRUE,LOGON_OPTION_HIGHSECURITY))
-       return;
-    DoUnMapShare(FALSE);
+    return;
 }
 
 void DoUnMapShare(BOOL drivemap)       //disconnect drivemap
@@ -1287,16 +1283,7 @@ BOOL DoMapShareChange(BOOL removeUnknown)
     DWORD cbUser=MAXRANDOMNAMELEN-1;
     CHAR szUser[MAXRANDOMNAMELEN];
     CHAR * pUser = NULL;
-    if (WNetGetUser(szPath,(LPSTR)szUser,&cbUser)!=NO_ERROR) {
-        if (RWLogonOption(TRUE,LOGON_OPTION_HIGHSECURITY)) {
-            if (!pUserName[0]) {
-                GenRandomName(szUser,MAXRANDOMNAMELEN-1);
-                pUser = szUser;
-            } else {
-                pUser = pUserName;
-            }
-        }
-    } else {
+    if (WNetGetUser(szPath,(LPSTR)szUser,&cbUser)==NO_ERROR) {
        if ((pUser=strchr(szUser,'\\'))!=NULL)
             pUser++;
     }
@@ -1332,16 +1319,7 @@ BOOL DoMapShare()
     DWORD cbUser=MAXRANDOMNAMELEN-1;
     CHAR szUser[MAXRANDOMNAMELEN];
     CHAR * pUser = NULL;
-    if (WNetGetUser(szPath,(LPSTR)szUser,&cbUser)!=NO_ERROR) {
-        if (RWLogonOption(TRUE,LOGON_OPTION_HIGHSECURITY)) {
-            if (!pUserName[0]) {
-                GenRandomName(szUser,MAXRANDOMNAMELEN-1);
-                pUser = szUser;
-            } else {
-                pUser = pUserName;
-            }
-        }
-    } else {
+    if (WNetGetUser(szPath,(LPSTR)szUser,&cbUser)==NO_ERROR) {
        if ((pUser=strchr(szUser,'\\'))!=NULL)
             pUser++;
     }
@@ -1376,8 +1354,6 @@ BOOL DoMapShare()
                 continue;
 
             BOOL fPersistent = List.aDriveMap[chDrive-chDRIVE_A].fPersistent;
-            if (RWLogonOption(TRUE,LOGON_OPTION_HIGHSECURITY))
-                fPersistent = FALSE;
            DWORD res=MountDOSDrive(chDrive
                                     ,szSubmount
                                     ,fPersistent,pUser);

diff --git a/src/WINNT/client_creds/main.cpp b/src/WINNT/client_creds/main.cpp
index 1ada86e..b3d554c 100644 (file)
--- a/src/WINNT/client_creds/main.cpp
+++ b/src/WINNT/client_creds/main.cpp
@@ -86,7 +86,6 @@ extern "C" int WINAPI WinMain (HINSTANCE hInst, HINSTANCE hPrev, LPSTR pCmdLine,
    return 0;
 }
 
-#define ISHIGHSECURITY(v) ( ((v) & LOGON_OPTION_HIGHSECURITY)==LOGON_OPTION_HIGHSECURITY)
 #define REG_CLIENT_PROVIDER_KEY "SYSTEM\\CurrentControlSet\\Services\\TransarcAFSDaemon\\NetworkProvider"
 
 BOOL InitApp (LPSTR pszCmdLineA)
@@ -156,8 +155,8 @@ BOOL InitApp (LPSTR pszCmdLineA)
 
          case ':':
              CopyAnsiToString(g.SmbName,pszCmdLineA);
-                        MapShareName(pszCmdLineA);
-                        break;
+             MapShareName(pszCmdLineA);
+             break;
 
          case 'z':
          case 'Z':

diff --git a/src/rxkad/rxkad.p.h b/src/rxkad/rxkad.p.h
index 91d1f52..55cfcfa 100644 (file)
--- a/src/rxkad/rxkad.p.h
+++ b/src/rxkad/rxkad.p.h
@@ -28,7 +28,6 @@
 #define MAXSMBNAMELEN    256   /* max length of an SMB name */
 
 #define LOGON_OPTION_INTEGRATED 1
-#define LOGON_OPTION_HIGHSECURITY 2
 
 /*
  * Define ticket types. For Kerberos V4 tickets, this is overloaded as