curl/docs/examples/Makefile.m32
David Woodhouse 9ad282b1ae Remove all traces of FBOpenSSL SPNEGO support
This is just fundamentally broken. SPNEGO (RFC4178) is a protocol which
allows client and server to negotiate the underlying mechanism which will
actually be used to authenticate. This is *often* Kerberos, and can also
be NTLM and other things. And to complicate matters, there are various
different OIDs which can be used to specify the Kerberos mechanism too.

A SPNEGO exchange will identify *which* GSSAPI mechanism is being used,
and will exchange GSSAPI tokens which are appropriate for that mechanism.

But this SPNEGO implementation just strips the incoming SPNEGO packet
and extracts the token, if any. And completely discards the information
about *which* mechanism is being used. Then we *assume* it was Kerberos,
and feed the token into gss_init_sec_context() with the default
mechanism (GSS_S_NO_OID for the mech_type argument).

Furthermore... broken as this code is, it was never even *used* for input
tokens anyway, because higher layers of curl would just bail out if the
server actually said anything *back* to us in the negotiation. We assume
that we send a single token to the server, and it accepts it. If the server
wants to continue the exchange (as is required for NTLM and for SPNEGO
to do anything useful), then curl was broken anyway.

So the only bit which actually did anything was the bit in
Curl_output_negotiate(), which always generates an *initial* SPNEGO
token saying "Hey, I support only the Kerberos mechanism and this is its
token".

You could have done that by manually just prefixing the Kerberos token
with the appropriate bytes, if you weren't going to do any proper SPNEGO
handling. There's no need for the FBOpenSSL library at all.

The sane way to do SPNEGO is just to *ask* the GSSAPI library to do
SPNEGO. That's what the 'mech_type' argument to gss_init_sec_context()
is for. And then it should all Just Work™.

That 'sane way' will be added in a subsequent patch, as will bug fixes
for our failure to handle any exchange other than a single outbound
token to the server which results in immediate success.
2014-07-16 17:26:08 +02:00

277 lines
7.1 KiB
Makefile

#***************************************************************************
# _ _ ____ _
# Project ___| | | | _ \| |
# / __| | | | |_) | |
# | (__| |_| | _ <| |___
# \___|\___/|_| \_\_____|
#
# Copyright (C) 1998 - 2011, Daniel Stenberg, <daniel@haxx.se>, et al.
#
# This software is licensed as described in the file COPYING, which
# you should have received as part of this distribution. The terms
# are also available at http://curl.haxx.se/docs/copyright.html.
#
# You may opt to use, copy, modify, merge, publish, distribute and/or sell
# copies of the Software, and permit persons to whom the Software is
# furnished to do so, under the terms of the COPYING file.
#
# This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
# KIND, either express or implied.
#
###########################################################################
#
## Makefile for building curl examples with MingW (GCC-3.2 or later)
## and optionally OpenSSL (0.9.8), libssh2 (1.3), zlib (1.2.5), librtmp (2.3)
##
## Usage: mingw32-make -f Makefile.m32 CFG=-feature1[-feature2][-feature3][...]
## Example: mingw32-make -f Makefile.m32 CFG=-zlib-ssl-spi-winidn
##
## Hint: you can also set environment vars to control the build, f.e.:
## set ZLIB_PATH=c:/zlib-1.2.8
## set ZLIB=1
#
###########################################################################
# Edit the path below to point to the base of your Zlib sources.
ifndef ZLIB_PATH
ZLIB_PATH = ../../../zlib-1.2.8
endif
# Edit the path below to point to the base of your OpenSSL package.
ifndef OPENSSL_PATH
OPENSSL_PATH = ../../../openssl-0.9.8y
endif
# Edit the path below to point to the base of your LibSSH2 package.
ifndef LIBSSH2_PATH
LIBSSH2_PATH = ../../../libssh2-1.4.3
endif
# Edit the path below to point to the base of your librtmp package.
ifndef LIBRTMP_PATH
LIBRTMP_PATH = ../../../librtmp-2.3
endif
# Edit the path below to point to the base of your libidn package.
ifndef LIBIDN_PATH
LIBIDN_PATH = ../../../libidn-1.18
endif
# Edit the path below to point to the base of your MS IDN package.
# Microsoft Internationalized Domain Names (IDN) Mitigation APIs 1.1
# http://www.microsoft.com/downloads/en/details.aspx?FamilyID=ad6158d7-ddba-416a-9109-07607425a815
ifndef WINIDN_PATH
WINIDN_PATH = ../../../Microsoft IDN Mitigation APIs
endif
# Edit the path below to point to the base of your Novell LDAP NDK.
ifndef LDAP_SDK
LDAP_SDK = c:/novell/ndk/cldapsdk/win32
endif
PROOT = ../..
# Edit the path below to point to the base of your c-ares package.
ifndef LIBCARES_PATH
LIBCARES_PATH = $(PROOT)/ares
endif
# Edit the var below to set to your architecture or set environment var.
ifndef ARCH
ARCH = w32
endif
CC = $(CROSSPREFIX)gcc
CFLAGS = -g -O2 -Wall
CFLAGS += -fno-strict-aliasing
ifeq ($(ARCH),w64)
CFLAGS += -D_AMD64_
endif
# comment LDFLAGS below to keep debug info
LDFLAGS = -s
RC = $(CROSSPREFIX)windres
RCFLAGS = --include-dir=$(PROOT)/include -O COFF -i
# Platform-dependent helper tool macros
ifeq ($(findstring /sh,$(SHELL)),/sh)
DEL = rm -f $1
RMDIR = rm -fr $1
MKDIR = mkdir -p $1
COPY = -cp -afv $1 $2
#COPYR = -cp -afr $1/* $2
COPYR = -rsync -aC $1/* $2
TOUCH = touch $1
CAT = cat
ECHONL = echo ""
DL = '
else
ifeq "$(OS)" "Windows_NT"
DEL = -del 2>NUL /q /f $(subst /,\,$1)
RMDIR = -rd 2>NUL /q /s $(subst /,\,$1)
else
DEL = -del 2>NUL $(subst /,\,$1)
RMDIR = -deltree 2>NUL /y $(subst /,\,$1)
endif
MKDIR = -md 2>NUL $(subst /,\,$1)
COPY = -copy 2>NUL /y $(subst /,\,$1) $(subst /,\,$2)
COPYR = -xcopy 2>NUL /q /y /e $(subst /,\,$1) $(subst /,\,$2)
TOUCH = copy 2>&1>NUL /b $(subst /,\,$1) +,,
CAT = type
ECHONL = $(ComSpec) /c echo.
endif
########################################################
## Nothing more to do below this line!
ifeq ($(findstring -dyn,$(CFG)),-dyn)
DYN = 1
endif
ifeq ($(findstring -ares,$(CFG)),-ares)
ARES = 1
endif
ifeq ($(findstring -rtmp,$(CFG)),-rtmp)
RTMP = 1
SSL = 1
ZLIB = 1
endif
ifeq ($(findstring -ssh2,$(CFG)),-ssh2)
SSH2 = 1
SSL = 1
ZLIB = 1
endif
ifeq ($(findstring -ssl,$(CFG)),-ssl)
SSL = 1
endif
ifeq ($(findstring -zlib,$(CFG)),-zlib)
ZLIB = 1
endif
ifeq ($(findstring -idn,$(CFG)),-idn)
IDN = 1
endif
ifeq ($(findstring -winidn,$(CFG)),-winidn)
WINIDN = 1
endif
ifeq ($(findstring -sspi,$(CFG)),-sspi)
SSPI = 1
endif
ifeq ($(findstring -ldaps,$(CFG)),-ldaps)
LDAPS = 1
endif
ifeq ($(findstring -ipv6,$(CFG)),-ipv6)
IPV6 = 1
endif
ifeq ($(findstring -metalink,$(CFG)),-metalink)
METALINK = 1
endif
ifeq ($(findstring -winssl,$(CFG)),-winssl)
SCHANNEL = 1
SSPI = 1
endif
INCLUDES = -I. -I$(PROOT) -I$(PROOT)/include -I$(PROOT)/lib
ifdef DYN
curl_DEPENDENCIES = $(PROOT)/lib/libcurldll.a $(PROOT)/lib/libcurl.dll
curl_LDADD = -L$(PROOT)/lib -lcurldll
else
curl_DEPENDENCIES = $(PROOT)/lib/libcurl.a
curl_LDADD = -L$(PROOT)/lib -lcurl
CFLAGS += -DCURL_STATICLIB
LDFLAGS += -static
endif
ifdef ARES
ifndef DYN
curl_DEPENDENCIES += $(LIBCARES_PATH)/libcares.a
endif
CFLAGS += -DUSE_ARES
curl_LDADD += -L"$(LIBCARES_PATH)" -lcares
endif
ifdef RTMP
CFLAGS += -DUSE_LIBRTMP
curl_LDADD += -L"$(LIBRTMP_PATH)/librtmp" -lrtmp -lwinmm
endif
ifdef SSH2
CFLAGS += -DUSE_LIBSSH2 -DHAVE_LIBSSH2_H
curl_LDADD += -L"$(LIBSSH2_PATH)/win32" -lssh2
endif
ifdef SSL
ifndef OPENSSL_LIBPATH
OPENSSL_LIBS = -lssl -lcrypto
ifeq "$(wildcard $(OPENSSL_PATH)/out)" "$(OPENSSL_PATH)/out"
OPENSSL_LIBPATH = $(OPENSSL_PATH)/out
ifdef DYN
OPENSSL_LIBS = -lssl32 -leay32
endif
endif
ifeq "$(wildcard $(OPENSSL_PATH)/lib)" "$(OPENSSL_PATH)/lib"
OPENSSL_LIBPATH = $(OPENSSL_PATH)/lib
endif
endif
ifndef DYN
OPENSSL_LIBS += -lgdi32 -lcrypt32
endif
CFLAGS += -DUSE_SSLEAY
curl_LDADD += -L"$(OPENSSL_LIBPATH)" $(OPENSSL_LIBS)
endif
ifdef ZLIB
INCLUDES += -I"$(ZLIB_PATH)"
CFLAGS += -DHAVE_LIBZ -DHAVE_ZLIB_H
curl_LDADD += -L"$(ZLIB_PATH)" -lz
endif
ifdef IDN
CFLAGS += -DUSE_LIBIDN
curl_LDADD += -L"$(LIBIDN_PATH)/lib" -lidn
else
ifdef WINIDN
CFLAGS += -DUSE_WIN32_IDN
curl_LDADD += -L"$(WINIDN_PATH)" -lnormaliz
endif
endif
ifdef SSPI
CFLAGS += -DUSE_WINDOWS_SSPI
ifdef SCHANNEL
CFLAGS += -DUSE_SCHANNEL
endif
endif
ifdef IPV6
CFLAGS += -DENABLE_IPV6 -D_WIN32_WINNT=0x0501
endif
ifdef LDAPS
CFLAGS += -DHAVE_LDAP_SSL
endif
ifdef USE_LDAP_NOVELL
CFLAGS += -DCURL_HAS_NOVELL_LDAPSDK
curl_LDADD += -L"$(LDAP_SDK)/lib/mscvc" -lldapsdk -lldapssl -lldapx
endif
ifdef USE_LDAP_OPENLDAP
CFLAGS += -DCURL_HAS_OPENLDAP_LDAPSDK
curl_LDADD += -L"$(LDAP_SDK)/lib" -lldap -llber
endif
ifndef USE_LDAP_NOVELL
ifndef USE_LDAP_OPENLDAP
curl_LDADD += -lwldap32
endif
endif
curl_LDADD += -lws2_32
# Makefile.inc provides the check_PROGRAMS and COMPLICATED_EXAMPLES defines
include Makefile.inc
check_PROGRAMS := $(patsubst %,%.exe,$(strip $(check_PROGRAMS)))
check_PROGRAMS += ftpuploadresume.exe synctime.exe
.PRECIOUS: %.o
all: $(check_PROGRAMS)
%.exe: %.o $(curl_DEPENDENCIES)
$(CC) $(LDFLAGS) -o $@ $< $(curl_LDADD)
%.o: %.c
$(CC) $(INCLUDES) $(CFLAGS) -c $<
%.res: %.rc
$(RC) $(RCFLAGS) $< -o $@
clean:
@$(call DEL, $(check_PROGRAMS:.exe=.o))
distclean vclean: clean
@$(call DEL, $(check_PROGRAMS))