Commit Graph

165 Commits

Author SHA1 Message Date
David Woodhouse
9ad282b1ae Remove all traces of FBOpenSSL SPNEGO support
This is just fundamentally broken. SPNEGO (RFC4178) is a protocol which
allows client and server to negotiate the underlying mechanism which will
actually be used to authenticate. This is *often* Kerberos, and can also
be NTLM and other things. And to complicate matters, there are various
different OIDs which can be used to specify the Kerberos mechanism too.

A SPNEGO exchange will identify *which* GSSAPI mechanism is being used,
and will exchange GSSAPI tokens which are appropriate for that mechanism.

But this SPNEGO implementation just strips the incoming SPNEGO packet
and extracts the token, if any. And completely discards the information
about *which* mechanism is being used. Then we *assume* it was Kerberos,
and feed the token into gss_init_sec_context() with the default
mechanism (GSS_S_NO_OID for the mech_type argument).

Furthermore... broken as this code is, it was never even *used* for input
tokens anyway, because higher layers of curl would just bail out if the
server actually said anything *back* to us in the negotiation. We assume
that we send a single token to the server, and it accepts it. If the server
wants to continue the exchange (as is required for NTLM and for SPNEGO
to do anything useful), then curl was broken anyway.

So the only bit which actually did anything was the bit in
Curl_output_negotiate(), which always generates an *initial* SPNEGO
token saying "Hey, I support only the Kerberos mechanism and this is its
token".

You could have done that by manually just prefixing the Kerberos token
with the appropriate bytes, if you weren't going to do any proper SPNEGO
handling. There's no need for the FBOpenSSL library at all.

The sane way to do SPNEGO is just to *ask* the GSSAPI library to do
SPNEGO. That's what the 'mech_type' argument to gss_init_sec_context()
is for. And then it should all Just Work™.

That 'sane way' will be added in a subsequent patch, as will bug fixes
for our failure to handle any exchange other than a single outbound
token to the server which results in immediate success.
2014-07-16 17:26:08 +02:00
Guenter Knauf
e9b9e287c1 Fix NetWare build for vtls files. 2014-01-02 20:40:33 +01:00
Guenter Knauf
ae26ee3489 Updated zlib version in build files. 2013-05-11 17:08:00 +02:00
Guenter Knauf
5be2499e16 Updated dependency libs. 2013-02-09 01:35:11 +01:00
Guenter Knauf
0494da830b Updated dependency libs. 2013-01-28 01:25:39 +01:00
Yang Tse
4a5aa6682d Revert changes relative to lib/*.[ch] recent renaming
This reverts renaming and usage of lib/*.h header files done
28-12-2012, reverting 2 commits:

  f871de0... build: make use of 76 lib/*.h renamed files
  ffd8e12... build: rename 76 lib/*.h files

This also reverts removal of redundant include guard (redundant thanks
to changes in above commits) done 2-12-2013, reverting 1 commit:

  c087374... curl_setup.h: remove redundant include guard

This also reverts renaming and usage of lib/*.c source files done
3-12-2013, reverting 3 commits:

  13606bb... build: make use of 93 lib/*.c renamed files
  5b6e792... build: rename 93 lib/*.c files
  7d83dff... build: commit 13606bbfde follow-up 1

Start of related discussion thread:

  http://curl.haxx.se/mail/lib-2013-01/0012.html

Asking for confirmation on pushing this revertion commit:

  http://curl.haxx.se/mail/lib-2013-01/0048.html

Confirmation summary:

  http://curl.haxx.se/mail/lib-2013-01/0079.html

NOTICE: The list of 2 files that have been modified by other
intermixed commits, while renamed, and also by at least one
of the 6 commits this one reverts follows below. These 2 files
will exhibit a hole in history unless git's '--follow' option
is used when viewing logs.

  lib/curl_imap.h
  lib/curl_smtp.h
2013-01-06 18:20:27 +01:00
Yang Tse
7d83dfff9c build: commit 13606bbfde follow-up 1 2013-01-03 10:54:18 +01:00
Guenter Knauf
dce2e1aa0f Added missing dependency to export list. 2012-07-11 16:52:48 +02:00
Guenter Knauf
d8ce83e73a Fixed export list path. 2012-07-11 16:01:48 +02:00
Guenter Knauf
33eac5f7fd Changed NetWare build to generate export list. 2012-07-11 15:48:02 +02:00
Guenter Knauf
d4bade7a4e Small NetWare makefile tweak. 2012-07-11 11:54:49 +02:00
Guenter Knauf
1c58f291cc Updated dependency libary versions. 2012-05-22 04:15:37 +02:00
Guenter Knauf
1beda0cbb7 Updated dependency lib versions. 2012-04-26 14:40:50 +02:00
Guenter Knauf
0f54880277 Updated dependency lib versions. 2012-04-20 13:33:54 +02:00
Guenter Knauf
82306ebfba Updated dependency lib versions (2nd try). 2012-04-12 20:51:29 +02:00
Guenter Knauf
03d4b9f078 Updated dependency lib versions. 2012-04-12 20:44:50 +02:00
Guenter Knauf
b4fccc1d8e Added SPNEGO to NetWare build. 2011-09-27 16:02:07 +02:00
Guenter Knauf
230459dd00 NetWare makefile tweaks to select different builds. 2011-09-25 16:29:08 +02:00
Guenter Knauf
2a9fec16cc Updated makefiles to latest libssh2. 2011-09-11 16:50:30 +02:00
Guenter Knauf
2be65bb0c5 Updated dependecies versions. 2011-09-03 14:01:09 +02:00
Yang Tse
ef2176109f errno.h inclusion conditionally done in setup_once.h 2011-07-24 04:39:43 +02:00
Guenter Knauf
24667466f0 Updated default (recommended) dependency versions. 2011-04-19 14:26:51 +02:00
Guenter Knauf
827f0a318c Set -fpcc-struct-return only for gcc compiler. 2011-02-17 11:46:41 +01:00
Guenter Knauf
c2dff28c41 Added -m32 to CFLAGS to compile with x86_64 gcc. 2011-02-13 14:31:22 +01:00
Guenter Knauf
e36c039a07 Updated OpenSSL version, added links to docu. 2011-02-13 12:13:21 +01:00
Guenter Knauf
5f829456c1 Added support for axTLS to NetWare build. 2010-12-22 04:45:41 +01:00
Guenter Knauf
63598059cd Updated OpenSSL version. 2010-12-05 10:59:58 +01:00
Yang Tse
81c16c2e30 build: provide SIZEOF_SIZE_T netware definition 2010-12-02 20:53:42 +01:00
Guenter Knauf
331531f70e Added build bits for librtmp to NetWare makefiles. 2010-10-12 04:31:56 +02:00
Guenter Knauf
81e107010e Some NetWare makefile tweaks.
Renamed SDK_* to NDK_*; made NDK_* defines overwriteable from
environment; removed now obsolete YACC macro;
moved some curl_config.h defines to IPv6 section since they
are only needed when IPv6 is enabled - this makes libcurl compile
with older NDKs too which were not IPv6-aware.
2010-10-03 23:02:41 +02:00
Guenter Knauf
8f6189600f Syncroniszed vclean target; fixed some comments. 2010-08-15 16:56:03 +02:00
Guenter Knauf
11958ed331 Block created curlbuild.h for NetWare to avoid usage from other platforms. 2010-08-07 01:29:04 +02:00
Guenter Knauf
7738b15977 Updated library versions. 2010-07-22 04:34:54 +02:00
Guenter Knauf
07f45946b5 encourage users to take latest lib dependencies. 2010-04-24 17:48:09 +02:00
Guenter Knauf
909fdc07bf make folks use latest available dependent libraries. 2010-03-31 01:10:09 +02:00
Daniel Stenberg
2309b4e330 remove the CVSish $Id$ lines 2010-03-24 11:02:54 +01:00
Yang Tse
cef95aadeb Added SIZEOF_INT and SIZEOF_SHORT definitions for non-configure systems 2010-02-26 18:32:46 +00:00
Gunter Knauf
3c199daa95 changed NetWare makefiles to rely on SHELL rather than OSTYPE since we can have a sh-like shell also on Windows (MSYS, Cygwin). 2009-09-07 19:34:03 +00:00
Gunter Knauf
f671d0513c renamed generated config.h to curl_config.h in order to avoid clashes when libcurl is used with other projects which also have a config.h. 2009-07-14 13:25:14 +00:00
Yang Tse
9137e717b0 Use build-time configured curl_socklen_t instead of socklen_t 2009-05-02 02:37:32 +00:00
Yang Tse
dd50e5bdf2 Use 'unsigned int' instead of size_t attempting to avoid header inclusion 2009-04-30 01:34:04 +00:00
Yang Tse
504ecd5f7a NetWare LibC's getpeername() third argument data type is size_t 2009-04-30 00:11:20 +00:00
Yang Tse
01dabb774a curl_socklen_t NetWare follow-up 2009-04-29 17:07:19 +00:00
Gunter Knauf
f7400212fc moved HAVE_LIMITS_H to common defines (no idea why I didnt this initially already) 2009-04-15 04:11:33 +00:00
Yang Tse
6434b42481 HAVE_LIMITS_H definition for NetWare CLIB 2009-04-14 23:51:12 +00:00
Gunter Knauf
4cd950900b some minor Makefile tweaks for latest libssh2. 2009-04-09 02:50:09 +00:00
Gunter Knauf
41f76801eb some minor Makefile tweaks. 2009-03-29 19:40:00 +00:00
Gunter Knauf
d839230402 added HAVE_SOCKADDR_IN6_SIN6_SCOPE_ID to ares Makefile.netware and sync'd with other Makefile.netware. 2008-12-30 08:16:24 +00:00
Gunter Knauf
1cc50d31f9 changed HAVE_SIN6_SCOPE_ID define to HAVE_SOCKADDR_IN6_SIN6_SCOPE_ID since just found that ares already uses this define. 2008-12-30 08:05:38 +00:00
Gunter Knauf
104377d718 added HAVE_SIN6_SCOPE_ID define to all non-configure platforms which seem to be IPv6-aware. 2008-12-30 07:31:04 +00:00