mirror of
https://github.com/curl/curl.git
synced 2024-11-27 05:50:21 +08:00
9ad282b1ae
This is just fundamentally broken. SPNEGO (RFC4178) is a protocol which allows client and server to negotiate the underlying mechanism which will actually be used to authenticate. This is *often* Kerberos, and can also be NTLM and other things. And to complicate matters, there are various different OIDs which can be used to specify the Kerberos mechanism too. A SPNEGO exchange will identify *which* GSSAPI mechanism is being used, and will exchange GSSAPI tokens which are appropriate for that mechanism. But this SPNEGO implementation just strips the incoming SPNEGO packet and extracts the token, if any. And completely discards the information about *which* mechanism is being used. Then we *assume* it was Kerberos, and feed the token into gss_init_sec_context() with the default mechanism (GSS_S_NO_OID for the mech_type argument). Furthermore... broken as this code is, it was never even *used* for input tokens anyway, because higher layers of curl would just bail out if the server actually said anything *back* to us in the negotiation. We assume that we send a single token to the server, and it accepts it. If the server wants to continue the exchange (as is required for NTLM and for SPNEGO to do anything useful), then curl was broken anyway. So the only bit which actually did anything was the bit in Curl_output_negotiate(), which always generates an *initial* SPNEGO token saying "Hey, I support only the Kerberos mechanism and this is its token". You could have done that by manually just prefixing the Kerberos token with the appropriate bytes, if you weren't going to do any proper SPNEGO handling. There's no need for the FBOpenSSL library at all. The sane way to do SPNEGO is just to *ask* the GSSAPI library to do SPNEGO. That's what the 'mech_type' argument to gss_init_sec_context() is for. And then it should all Just Work™. That 'sane way' will be added in a subsequent patch, as will bug fixes for our failure to handle any exchange other than a single outbound token to the server which results in immediate success. |
||
---|---|---|
.. | ||
.gitignore | ||
10-at-a-time.c | ||
adddocsref.pl | ||
anyauthput.c | ||
asiohiper.cpp | ||
cacertinmem.c | ||
certinfo.c | ||
chkspeed.c | ||
cookie_interface.c | ||
curlgtk.c | ||
curlx.c | ||
debug.c | ||
evhiperfifo.c | ||
externalsocket.c | ||
fileupload.c | ||
fopen.c | ||
ftp-wildcard.c | ||
ftpget.c | ||
ftpgetinfo.c | ||
ftpgetresp.c | ||
ftpsget.c | ||
ftpupload.c | ||
ftpuploadresume.c | ||
getinfo.c | ||
getinmemory.c | ||
ghiper.c | ||
hiperfifo.c | ||
href_extractor.c | ||
htmltidy.c | ||
htmltitle.cpp | ||
http-post.c | ||
httpcustomheader.c | ||
httpput.c | ||
https.c | ||
imap-append.c | ||
imap-copy.c | ||
imap-create.c | ||
imap-delete.c | ||
imap-examine.c | ||
imap-fetch.c | ||
imap-list.c | ||
imap-lsub.c | ||
imap-multi.c | ||
imap-noop.c | ||
imap-search.c | ||
imap-ssl.c | ||
imap-store.c | ||
imap-tls.c | ||
Makefile.am | ||
makefile.dj | ||
Makefile.example | ||
Makefile.inc | ||
Makefile.m32 | ||
Makefile.netware | ||
multi-app.c | ||
multi-debugcallback.c | ||
multi-double.c | ||
multi-post.c | ||
multi-single.c | ||
multi-uv.c | ||
multithread.c | ||
opensslthreadlock.c | ||
persistant.c | ||
pop3-dele.c | ||
pop3-list.c | ||
pop3-multi.c | ||
pop3-noop.c | ||
pop3-retr.c | ||
pop3-ssl.c | ||
pop3-stat.c | ||
pop3-tls.c | ||
pop3-top.c | ||
pop3-uidl.c | ||
post-callback.c | ||
postinmemory.c | ||
postit2.c | ||
progressfunc.c | ||
README | ||
resolve.c | ||
rtsp.c | ||
sampleconv.c | ||
sendrecv.c | ||
sepheaders.c | ||
sessioninfo.c | ||
sftpget.c | ||
simple.c | ||
simplepost.c | ||
simplessl.c | ||
smooth-gtk-thread.c | ||
smtp-expn.c | ||
smtp-mail.c | ||
smtp-multi.c | ||
smtp-ssl.c | ||
smtp-tls.c | ||
smtp-vrfy.c | ||
synctime.c | ||
threaded-ssl.c | ||
url2file.c | ||
usercertinmem.c | ||
version-check.pl | ||
xmlstream.c |
_ _ ____ _ ___| | | | _ \| | / __| | | | |_) | | | (__| |_| | _ <| |___ \___|\___/|_| \_\_____| This directory is for libcurl programming examples. They are meant to show some simple steps on how you can build your own application to take full advantage of libcurl. If you end up with other small but still useful example sources, please mail them for submission in future packages and on the web site. BUILDING The Makefile.example is an example makefile that could be used to build these examples. Just edit the file according to your system and requirements first. Most examples should build fine using a command line like this: $ `curl-config --cc --cflags --libs` -o example example.c Some compilers don't like having the arguments in this order but instead want you do reorganize them like: $ `curl-config --cc` -o example example.c `curl-config --cflags --libs` *PLEASE* do not use the curl.haxx.se site as a test target for your libcurl applications/experiments. Even if some of the examples use that site as a URL at some places, it doesn't mean that the URLs work or that we expect you to actually torture our web site with your tests! Thanks. EXAMPLES anyauthput.c - HTTP PUT using "any" authentication method cacertinmem.c - Use a built-in PEM certificate to retrieve a https page cookie_interface.c - shows usage of simple cookie interface curlgtk.c - download using a GTK progress bar curlx.c - getting file info from the remote cert data debug.c - showing how to use the debug callback fileupload.c - uploading to a file:// URL fopen.c - fopen() layer that supports opening URLs and files ftpget.c - simple getting a file from FTP ftpgetresp.c - get the response strings from the FTP server ftpupload.c - upload a file to an FTP server ftpuploadresume.c - resume an upload to an FTP server getinfo.c - get the Content-Type from the recent transfer getinmemory.c - download a file to memory only ghiper.c - curl_multi_socket() using code with glib-2 hiperfifo.c - downloads all URLs written to the fifo, using curl_multi_socket() and libevent htmltidy.c - download a document and use libtidy to parse the HTML htmltitle.cc - download a HTML file and extract the <title> tag from a HTML page using libxml http-post.c - HTTP POST httpput.c - HTTP PUT a local file https.c - simple HTTPS transfer imap.c - simple IMAP transfer multi-app.c - a multi-interface app multi-debugcallback.c - a multi-interface app using the debug callback multi-double.c - a multi-interface app doing two simultaneous transfers multi-post.c - a multi-interface app doing a multipart formpost multi-single.c - a multi-interface app getting a single file multi-uv.c - a multi-interface app using libuv multithread.c - an example using multi-treading transferring multiple files opensslthreadlock.c - show how to do locking when using OpenSSL multi-threaded persistant.c - request two URLs with a persistent connection pop3s.c - POP3S transfer pop3slist.c - POP3S LIST post-callback.c - send a HTTP POST using a callback postit2.c - send a HTTP multipart formpost sampleconv.c - showing how a program on a non-ASCII platform would invoke callbacks to do its own codeset conversions instead of using the built-in iconv functions in libcurl sepheaders.c - download headers to a separate file simple.c - the most simple download a URL source simplepost.c - HTTP POST simplessl.c - HTTPS example with certificates many options set synctime.c - Sync local time by extracting date from remote HTTP servers url2file.c - download a document and store it in a file xmlstream.c - Stream-parse a document using the streaming Expat parser 10-at-a-time.c - Download many files simultaneously, 10 at a time.