curl/lib/Makefile.m32
David Woodhouse 9ad282b1ae Remove all traces of FBOpenSSL SPNEGO support
This is just fundamentally broken. SPNEGO (RFC4178) is a protocol which
allows client and server to negotiate the underlying mechanism which will
actually be used to authenticate. This is *often* Kerberos, and can also
be NTLM and other things. And to complicate matters, there are various
different OIDs which can be used to specify the Kerberos mechanism too.

A SPNEGO exchange will identify *which* GSSAPI mechanism is being used,
and will exchange GSSAPI tokens which are appropriate for that mechanism.

But this SPNEGO implementation just strips the incoming SPNEGO packet
and extracts the token, if any. And completely discards the information
about *which* mechanism is being used. Then we *assume* it was Kerberos,
and feed the token into gss_init_sec_context() with the default
mechanism (GSS_S_NO_OID for the mech_type argument).

Furthermore... broken as this code is, it was never even *used* for input
tokens anyway, because higher layers of curl would just bail out if the
server actually said anything *back* to us in the negotiation. We assume
that we send a single token to the server, and it accepts it. If the server
wants to continue the exchange (as is required for NTLM and for SPNEGO
to do anything useful), then curl was broken anyway.

So the only bit which actually did anything was the bit in
Curl_output_negotiate(), which always generates an *initial* SPNEGO
token saying "Hey, I support only the Kerberos mechanism and this is its
token".

You could have done that by manually just prefixing the Kerberos token
with the appropriate bytes, if you weren't going to do any proper SPNEGO
handling. There's no need for the FBOpenSSL library at all.

The sane way to do SPNEGO is just to *ask* the GSSAPI library to do
SPNEGO. That's what the 'mech_type' argument to gss_init_sec_context()
is for. And then it should all Just Work™.

That 'sane way' will be added in a subsequent patch, as will bug fixes
for our failure to handle any exchange other than a single outbound
token to the server which results in immediate success.
2014-07-16 17:26:08 +02:00

307 lines
8.1 KiB
Makefile

###########################################################################
#
## Makefile for building libcurl.a with MingW (GCC-3.2 or later)
## and optionally OpenSSL (0.9.8), libssh2 (1.3), zlib (1.2.5), librtmp (2.3)
##
## Usage: mingw32-make -f Makefile.m32 CFG=-feature1[-feature2][-feature3][...]
## Example: mingw32-make -f Makefile.m32 CFG=-zlib-ssl-sspi-winidn
##
## Hint: you can also set environment vars to control the build, f.e.:
## set ZLIB_PATH=c:/zlib-1.2.8
## set ZLIB=1
#
###########################################################################
# Edit the path below to point to the base of your Zlib sources.
ifndef ZLIB_PATH
ZLIB_PATH = ../../zlib-1.2.8
endif
# Edit the path below to point to the base of your OpenSSL package.
ifndef OPENSSL_PATH
OPENSSL_PATH = ../../openssl-0.9.8y
endif
# Edit the path below to point to the base of your LibSSH2 package.
ifndef LIBSSH2_PATH
LIBSSH2_PATH = ../../libssh2-1.4.3
endif
# Edit the path below to point to the base of your librtmp package.
ifndef LIBRTMP_PATH
LIBRTMP_PATH = ../../librtmp-2.3
endif
# Edit the path below to point to the base of your libidn package.
ifndef LIBIDN_PATH
LIBIDN_PATH = ../../libidn-1.18
endif
# Edit the path below to point to the base of your MS IDN package.
# Microsoft Internationalized Domain Names (IDN) Mitigation APIs 1.1
# http://www.microsoft.com/downloads/en/details.aspx?FamilyID=ad6158d7-ddba-416a-9109-07607425a815
ifndef WINIDN_PATH
WINIDN_PATH = ../../Microsoft IDN Mitigation APIs
endif
# Edit the path below to point to the base of your Novell LDAP NDK.
ifndef LDAP_SDK
LDAP_SDK = c:/novell/ndk/cldapsdk/win32
endif
PROOT = ..
# Edit the path below to point to the base of your c-ares package.
ifndef LIBCARES_PATH
LIBCARES_PATH = $(PROOT)/ares
endif
# Edit the var below to set to your architecture or set environment var.
ifndef ARCH
ARCH = w32
endif
CC = $(CROSSPREFIX)gcc
CFLAGS = -g -O2 -Wall
CFLAGS += -fno-strict-aliasing
ifeq ($(ARCH),w64)
CFLAGS += -D_AMD64_
endif
# comment LDFLAGS below to keep debug info
LDFLAGS = -s
AR = $(CROSSPREFIX)ar
RANLIB = $(CROSSPREFIX)ranlib
RC = $(CROSSPREFIX)windres
RCFLAGS = --include-dir=$(PROOT)/include -DDEBUGBUILD=0 -O COFF -i
STRIP = $(CROSSPREFIX)strip -g
# Platform-dependent helper tool macros
ifeq ($(findstring /sh,$(SHELL)),/sh)
DEL = rm -f $1
RMDIR = rm -fr $1
MKDIR = mkdir -p $1
COPY = -cp -afv $1 $2
#COPYR = -cp -afr $1/* $2
COPYR = -rsync -aC $1/* $2
TOUCH = touch $1
CAT = cat
ECHONL = echo ""
DL = '
else
ifeq "$(OS)" "Windows_NT"
DEL = -del 2>NUL /q /f $(subst /,\,$1)
RMDIR = -rd 2>NUL /q /s $(subst /,\,$1)
else
DEL = -del 2>NUL $(subst /,\,$1)
RMDIR = -deltree 2>NUL /y $(subst /,\,$1)
endif
MKDIR = -md 2>NUL $(subst /,\,$1)
COPY = -copy 2>NUL /y $(subst /,\,$1) $(subst /,\,$2)
COPYR = -xcopy 2>NUL /q /y /e $(subst /,\,$1) $(subst /,\,$2)
TOUCH = copy 2>&1>NUL /b $(subst /,\,$1) +,,
CAT = type
ECHONL = $(ComSpec) /c echo.
endif
########################################################
## Nothing more to do below this line!
ifeq ($(findstring -dyn,$(CFG)),-dyn)
DYN = 1
endif
ifeq ($(findstring -ares,$(CFG)),-ares)
ARES = 1
endif
ifeq ($(findstring -sync,$(CFG)),-sync)
SYNC = 1
endif
ifeq ($(findstring -rtmp,$(CFG)),-rtmp)
RTMP = 1
SSL = 1
ZLIB = 1
endif
ifeq ($(findstring -ssh2,$(CFG)),-ssh2)
SSH2 = 1
SSL = 1
ZLIB = 1
endif
ifeq ($(findstring -ssl,$(CFG)),-ssl)
SSL = 1
endif
ifeq ($(findstring -srp,$(CFG)),-srp)
SRP = 1
endif
ifeq ($(findstring -zlib,$(CFG)),-zlib)
ZLIB = 1
endif
ifeq ($(findstring -idn,$(CFG)),-idn)
IDN = 1
endif
ifeq ($(findstring -winidn,$(CFG)),-winidn)
WINIDN = 1
endif
ifeq ($(findstring -sspi,$(CFG)),-sspi)
SSPI = 1
endif
ifeq ($(findstring -ldaps,$(CFG)),-ldaps)
LDAPS = 1
endif
ifeq ($(findstring -ipv6,$(CFG)),-ipv6)
IPV6 = 1
endif
ifeq ($(findstring -winssl,$(CFG)),-winssl)
WINSSL = 1
SSPI = 1
endif
INCLUDES = -I. -I../include
CFLAGS += -DBUILDING_LIBCURL
ifdef SYNC
CFLAGS += -DUSE_SYNC_DNS
else
ifdef ARES
INCLUDES += -I"$(LIBCARES_PATH)"
CFLAGS += -DUSE_ARES -DCARES_STATICLIB
DLL_LIBS += -L"$(LIBCARES_PATH)" -lcares
libcurl_dll_DEPENDENCIES = $(LIBCARES_PATH)/libcares.a
endif
endif
ifdef RTMP
INCLUDES += -I"$(LIBRTMP_PATH)"
CFLAGS += -DUSE_LIBRTMP
DLL_LIBS += -L"$(LIBRTMP_PATH)/librtmp" -lrtmp -lwinmm
endif
ifdef SSH2
INCLUDES += -I"$(LIBSSH2_PATH)/include" -I"$(LIBSSH2_PATH)/win32"
CFLAGS += -DUSE_LIBSSH2 -DHAVE_LIBSSH2_H
DLL_LIBS += -L"$(LIBSSH2_PATH)/win32" -lssh2
endif
ifdef SSL
ifndef OPENSSL_INCLUDE
ifeq "$(wildcard $(OPENSSL_PATH)/outinc)" "$(OPENSSL_PATH)/outinc"
OPENSSL_INCLUDE = $(OPENSSL_PATH)/outinc
endif
ifeq "$(wildcard $(OPENSSL_PATH)/include)" "$(OPENSSL_PATH)/include"
OPENSSL_INCLUDE = $(OPENSSL_PATH)/include
endif
endif
ifneq "$(wildcard $(OPENSSL_INCLUDE)/openssl/opensslv.h)" "$(OPENSSL_INCLUDE)/openssl/opensslv.h"
$(error Invalid path to OpenSSL package: $(OPENSSL_PATH))
endif
ifndef OPENSSL_LIBPATH
ifeq "$(wildcard $(OPENSSL_PATH)/out)" "$(OPENSSL_PATH)/out"
OPENSSL_LIBPATH = $(OPENSSL_PATH)/out
OPENSSL_LIBS = -leay32 -lssl32
endif
ifeq "$(wildcard $(OPENSSL_PATH)/lib)" "$(OPENSSL_PATH)/lib"
OPENSSL_LIBPATH = $(OPENSSL_PATH)/lib
OPENSSL_LIBS = -lcrypto -lssl
endif
endif
INCLUDES += -I"$(OPENSSL_INCLUDE)"
CFLAGS += -DUSE_SSLEAY -DUSE_OPENSSL -DHAVE_OPENSSL_ENGINE_H -DHAVE_OPENSSL_PKCS12_H \
-DHAVE_ENGINE_LOAD_BUILTIN_ENGINES -DOPENSSL_NO_KRB5 \
-DCURL_WANTS_CA_BUNDLE_ENV
DLL_LIBS += -L"$(OPENSSL_LIBPATH)" $(OPENSSL_LIBS)
ifdef SRP
ifeq "$(wildcard $(OPENSSL_INCLUDE)/openssl/srp.h)" "$(OPENSSL_INCLUDE)/openssl/srp.h"
CFLAGS += -DHAVE_SSLEAY_SRP -DUSE_TLS_SRP
endif
endif
endif
ifdef ZLIB
INCLUDES += -I"$(ZLIB_PATH)"
CFLAGS += -DHAVE_LIBZ -DHAVE_ZLIB_H
DLL_LIBS += -L"$(ZLIB_PATH)" -lz
endif
ifdef IDN
INCLUDES += -I"$(LIBIDN_PATH)/include"
CFLAGS += -DUSE_LIBIDN
DLL_LIBS += -L"$(LIBIDN_PATH)/lib" -lidn
else
ifdef WINIDN
CFLAGS += -DUSE_WIN32_IDN
CFLAGS += -DWANT_IDN_PROTOTYPES
DLL_LIBS += -L"$(WINIDN_PATH)" -lnormaliz
endif
endif
ifdef SSPI
CFLAGS += -DUSE_WINDOWS_SSPI
ifdef WINSSL
CFLAGS += -DUSE_SCHANNEL
endif
endif
ifdef SPNEGO
CFLAGS += -DHAVE_SPNEGO
endif
ifdef IPV6
CFLAGS += -DENABLE_IPV6 -D_WIN32_WINNT=0x0501
endif
ifdef LDAPS
CFLAGS += -DHAVE_LDAP_SSL
endif
ifdef USE_LDAP_NOVELL
INCLUDES += -I"$(LDAP_SDK)/inc"
CFLAGS += -DCURL_HAS_NOVELL_LDAPSDK
DLL_LIBS += -L"$(LDAP_SDK)/lib/mscvc" -lldapsdk -lldapssl -lldapx
endif
ifdef USE_LDAP_OPENLDAP
INCLUDES += -I"$(LDAP_SDK)/include"
CFLAGS += -DCURL_HAS_OPENLDAP_LDAPSDK
DLL_LIBS += -L"$(LDAP_SDK)/lib" -lldap -llber
endif
ifndef USE_LDAP_NOVELL
ifndef USE_LDAP_OPENLDAP
DLL_LIBS += -lwldap32
endif
endif
DLL_LIBS += -lws2_32
# Makefile.inc provides the CSOURCES and HHEADERS defines
include Makefile.inc
libcurl_dll_LIBRARY = libcurl.dll
libcurl_dll_a_LIBRARY = libcurldll.a
libcurl_a_LIBRARY = libcurl.a
libcurl_a_OBJECTS := $(patsubst %.c,%.o,$(strip $(CSOURCES)))
libcurl_a_DEPENDENCIES := $(strip $(CSOURCES) $(HHEADERS))
RESOURCE = libcurl.res
all: $(libcurl_a_LIBRARY) $(libcurl_dll_LIBRARY)
$(libcurl_a_LIBRARY): $(libcurl_a_OBJECTS) $(libcurl_a_DEPENDENCIES)
@$(call DEL, $@)
$(AR) cru $@ $(libcurl_a_OBJECTS)
$(RANLIB) $@
$(STRIP) $@
# remove the last line above to keep debug info
$(libcurl_dll_LIBRARY): $(libcurl_a_OBJECTS) $(RESOURCE) $(libcurl_dll_DEPENDENCIES)
@$(call DEL, $@)
$(CC) $(LDFLAGS) -shared -o $@ \
-Wl,--output-def,$(@:.dll=.def),--out-implib,$(libcurl_dll_a_LIBRARY) \
$(libcurl_a_OBJECTS) $(RESOURCE) $(DLL_LIBS)
%.o: %.c $(PROOT)/include/curl/curlbuild.h
$(CC) $(INCLUDES) $(CFLAGS) -c $< -o $@
%.res: %.rc
$(RC) $(RCFLAGS) $< -o $@
clean:
ifeq "$(wildcard $(PROOT)/include/curl/curlbuild.h.dist)" "$(PROOT)/include/curl/curlbuild.h.dist"
@$(call DEL, $(PROOT)/include/curl/curlbuild.h)
endif
@$(call DEL, $(libcurl_a_OBJECTS) $(RESOURCE))
distclean vclean: clean
@$(call DEL, $(libcurl_a_LIBRARY) $(libcurl_dll_LIBRARY) $(libcurl_dll_LIBRARY:.dll=.def) $(libcurl_dll_a_LIBRARY))
$(PROOT)/include/curl/curlbuild.h:
@echo Creating $@
@$(call COPY, $@.dist, $@)
$(LIBCARES_PATH)/libcares.a:
$(MAKE) -C $(LIBCARES_PATH) -f Makefile.m32