curl/docs/examples/Makefile.netware
David Woodhouse 9ad282b1ae Remove all traces of FBOpenSSL SPNEGO support
This is just fundamentally broken. SPNEGO (RFC4178) is a protocol which
allows client and server to negotiate the underlying mechanism which will
actually be used to authenticate. This is *often* Kerberos, and can also
be NTLM and other things. And to complicate matters, there are various
different OIDs which can be used to specify the Kerberos mechanism too.

A SPNEGO exchange will identify *which* GSSAPI mechanism is being used,
and will exchange GSSAPI tokens which are appropriate for that mechanism.

But this SPNEGO implementation just strips the incoming SPNEGO packet
and extracts the token, if any. And completely discards the information
about *which* mechanism is being used. Then we *assume* it was Kerberos,
and feed the token into gss_init_sec_context() with the default
mechanism (GSS_S_NO_OID for the mech_type argument).

Furthermore... broken as this code is, it was never even *used* for input
tokens anyway, because higher layers of curl would just bail out if the
server actually said anything *back* to us in the negotiation. We assume
that we send a single token to the server, and it accepts it. If the server
wants to continue the exchange (as is required for NTLM and for SPNEGO
to do anything useful), then curl was broken anyway.

So the only bit which actually did anything was the bit in
Curl_output_negotiate(), which always generates an *initial* SPNEGO
token saying "Hey, I support only the Kerberos mechanism and this is its
token".

You could have done that by manually just prefixing the Kerberos token
with the appropriate bytes, if you weren't going to do any proper SPNEGO
handling. There's no need for the FBOpenSSL library at all.

The sane way to do SPNEGO is just to *ask* the GSSAPI library to do
SPNEGO. That's what the 'mech_type' argument to gss_init_sec_context()
is for. And then it should all Just Work™.

That 'sane way' will be added in a subsequent patch, as will bug fixes
for our failure to handle any exchange other than a single outbound
token to the server which results in immediate success.
2014-07-16 17:26:08 +02:00

435 lines
11 KiB
Makefile

#################################################################
#
## Makefile for building curl.nlm (NetWare version - gnu make)
## Use: make -f Makefile.netware
##
## Comments to: Guenter Knauf http://www.gknw.net/phpbb
#
#################################################################
# Edit the path below to point to the base of your Novell NDK.
ifndef NDKBASE
NDKBASE = c:/novell
endif
# Edit the path below to point to the base of your Zlib sources.
ifndef ZLIB_PATH
ZLIB_PATH = ../../../zlib-1.2.8
endif
# Edit the path below to point to the base of your OpenSSL package.
ifndef OPENSSL_PATH
OPENSSL_PATH = ../../../openssl-0.9.8y
endif
# Edit the path below to point to the base of your LibSSH2 package.
ifndef LIBSSH2_PATH
LIBSSH2_PATH = ../../../libssh2-1.4.3
endif
# Edit the path below to point to the base of your axTLS package.
ifndef AXTLS_PATH
AXTLS_PATH = ../../../axTLS-1.2.7
endif
# Edit the path below to point to the base of your libidn package.
ifndef LIBIDN_PATH
LIBIDN_PATH = ../../../libidn-1.18
endif
# Edit the path below to point to the base of your librtmp package.
ifndef LIBRTMP_PATH
LIBRTMP_PATH = ../../../librtmp-2.3
endif
# Edit the path below to point to the base of your fbopenssl package.
ifndef FBOPENSSL_PATH
FBOPENSSL_PATH = ../../fbopenssl-0.4
endif
# Edit the path below to point to the base of your c-ares package.
ifndef LIBCARES_PATH
LIBCARES_PATH = ../../ares
endif
ifndef INSTDIR
INSTDIR = ..$(DS)..$(DS)curl-$(LIBCURL_VERSION_STR)-bin-nw
endif
# Edit the vars below to change NLM target settings.
TARGET = examples
VERSION = $(LIBCURL_VERSION)
COPYR = Copyright (C) $(LIBCURL_COPYRIGHT_STR)
DESCR = cURL ($(LIBARCH))
MTSAFE = YES
STACK = 8192
SCREEN = Example Program
# Comment the line below if you dont want to load protected automatically.
# LDRING = 3
# Uncomment the next line to enable linking with POSIX semantics.
# POSIXFL = 1
# Edit the var below to point to your lib architecture.
ifndef LIBARCH
LIBARCH = LIBC
endif
# must be equal to NDEBUG or DEBUG, CURLDEBUG
ifndef DB
DB = NDEBUG
endif
# Optimization: -O<n> or debugging: -g
ifeq ($(DB),NDEBUG)
OPT = -O2
OBJDIR = release
else
OPT = -g
OBJDIR = debug
endif
# The following lines defines your compiler.
ifdef CWFolder
METROWERKS = $(CWFolder)
endif
ifdef METROWERKS
# MWCW_PATH = $(subst \,/,$(METROWERKS))/Novell Support
MWCW_PATH = $(subst \,/,$(METROWERKS))/Novell Support/Metrowerks Support
CC = mwccnlm
else
CC = gcc
endif
PERL = perl
# Here you can find a native Win32 binary of the original awk:
# http://www.gknw.net/development/prgtools/awk-20100523.zip
AWK = awk
CP = cp -afv
MKDIR = mkdir
# RM = rm -f
# If you want to mark the target as MTSAFE you will need a tool for
# generating the xdc data for the linker; here's a minimal tool:
# http://www.gknw.net/development/prgtools/mkxdc.zip
MPKXDC = mkxdc
# LIBARCH_U = $(shell $(AWK) 'BEGIN {print toupper(ARGV[1])}' $(LIBARCH))
LIBARCH_L = $(shell $(AWK) 'BEGIN {print tolower(ARGV[1])}' $(LIBARCH))
# Include the version info retrieved from curlver.h
-include $(OBJDIR)/version.inc
# Global flags for all compilers
CFLAGS += $(OPT) -D$(DB) -DNETWARE -DHAVE_CONFIG_H -nostdinc
ifeq ($(CC),mwccnlm)
LD = mwldnlm
LDFLAGS = -nostdlib $< $(PRELUDE) $(LDLIBS) -o $@ -commandfile
LIBEXT = lib
CFLAGS += -gccinc -inline off -opt nointrinsics -proc 586
CFLAGS += -relax_pointers
#CFLAGS += -w on
ifeq ($(LIBARCH),LIBC)
ifeq ($(POSIXFL),1)
PRELUDE = $(NDK_LIBC)/imports/posixpre.o
else
PRELUDE = $(NDK_LIBC)/imports/libcpre.o
endif
CFLAGS += -align 4
else
# PRELUDE = $(NDK_CLIB)/imports/clibpre.o
# to avoid the __init_* / __deinit_* whoes dont use prelude from NDK
PRELUDE = "$(MWCW_PATH)/libraries/runtime/prelude.obj"
# CFLAGS += -include "$(MWCW_PATH)/headers/nlm_clib_prefix.h"
CFLAGS += -align 1
endif
else
LD = nlmconv
LDFLAGS = -T
LIBEXT = a
CFLAGS += -m32
CFLAGS += -fno-builtin -fno-strict-aliasing
ifeq ($(findstring gcc,$(CC)),gcc)
CFLAGS += -fpcc-struct-return
endif
CFLAGS += -Wall # -pedantic
ifeq ($(LIBARCH),LIBC)
ifeq ($(POSIXFL),1)
PRELUDE = $(NDK_LIBC)/imports/posixpre.gcc.o
else
PRELUDE = $(NDK_LIBC)/imports/libcpre.gcc.o
endif
else
# PRELUDE = $(NDK_CLIB)/imports/clibpre.gcc.o
# to avoid the __init_* / __deinit_* whoes dont use prelude from NDK
# http://www.gknw.net/development/mk_nlm/gcc_pre.zip
PRELUDE = $(NDK_ROOT)/pre/prelude.o
CFLAGS += -include $(NDKBASE)/nlmconv/genlm.h
endif
endif
NDK_ROOT = $(NDKBASE)/ndk
ifndef NDK_CLIB
NDK_CLIB = $(NDK_ROOT)/nwsdk
endif
ifndef NDK_LIBC
NDK_LIBC = $(NDK_ROOT)/libc
endif
ifndef NDK_LDAP
NDK_LDAP = $(NDK_ROOT)/cldapsdk/netware
endif
CURL_INC = ../../include
CURL_LIB = ../../lib
INCLUDES = -I$(CURL_INC)
ifeq ($(findstring -static,$(CFG)),-static)
LINK_STATIC = 1
endif
ifeq ($(findstring -ares,$(CFG)),-ares)
WITH_ARES = 1
endif
ifeq ($(findstring -rtmp,$(CFG)),-rtmp)
WITH_RTMP = 1
WITH_SSL = 1
WITH_ZLIB = 1
endif
ifeq ($(findstring -ssh2,$(CFG)),-ssh2)
WITH_SSH2 = 1
WITH_SSL = 1
WITH_ZLIB = 1
endif
ifeq ($(findstring -axtls,$(CFG)),-axtls)
WITH_AXTLS = 1
WITH_SSL =
else
ifeq ($(findstring -ssl,$(CFG)),-ssl)
WITH_SSL = 1
endif
endif
ifeq ($(findstring -zlib,$(CFG)),-zlib)
WITH_ZLIB = 1
endif
ifeq ($(findstring -idn,$(CFG)),-idn)
WITH_IDN = 1
endif
ifeq ($(findstring -ipv6,$(CFG)),-ipv6)
ENABLE_IPV6 = 1
endif
ifdef LINK_STATIC
LDLIBS = $(CURL_LIB)/libcurl.$(LIBEXT)
ifdef WITH_ARES
LDLIBS += $(LIBCARES_PATH)/libcares.$(LIBEXT)
endif
else
MODULES = libcurl.nlm
IMPORTS = @$(CURL_LIB)/libcurl.imp
endif
ifdef WITH_SSH2
# INCLUDES += -I$(LIBSSH2_PATH)/include
ifdef LINK_STATIC
LDLIBS += $(LIBSSH2_PATH)/nw/libssh2.$(LIBEXT)
else
MODULES += libssh2.nlm
IMPORTS += @$(LIBSSH2_PATH)/nw/libssh2.imp
endif
endif
ifdef WITH_RTMP
# INCLUDES += -I$(LIBRTMP_PATH)
ifdef LINK_STATIC
LDLIBS += $(LIBRTMP_PATH)/librtmp/librtmp.$(LIBEXT)
endif
endif
ifdef WITH_SSL
INCLUDES += -I$(OPENSSL_PATH)/outinc_nw_$(LIBARCH_L)
LDLIBS += $(OPENSSL_PATH)/out_nw_$(LIBARCH_L)/ssl.$(LIBEXT)
LDLIBS += $(OPENSSL_PATH)/out_nw_$(LIBARCH_L)/crypto.$(LIBEXT)
IMPORTS += GetProcessSwitchCount RunningProcess
else
ifdef WITH_AXTLS
INCLUDES += -I$(AXTLS_PATH)/inc
ifdef LINK_STATIC
LDLIBS += $(AXTLS_PATH)/lib/libaxtls.$(LIBEXT)
else
MODULES += libaxtls.nlm
IMPORTS += $(AXTLS_PATH)/lib/libaxtls.imp
endif
endif
endif
ifdef WITH_ZLIB
# INCLUDES += -I$(ZLIB_PATH)
ifdef LINK_STATIC
LDLIBS += $(ZLIB_PATH)/nw/$(LIBARCH)/libz.$(LIBEXT)
else
MODULES += libz.nlm
IMPORTS += @$(ZLIB_PATH)/nw/$(LIBARCH)/libz.imp
endif
endif
ifdef WITH_IDN
# INCLUDES += -I$(LIBIDN_PATH)/include
LDLIBS += $(LIBIDN_PATH)/lib/libidn.$(LIBEXT)
endif
ifeq ($(LIBARCH),LIBC)
INCLUDES += -I$(NDK_LIBC)/include
# INCLUDES += -I$(NDK_LIBC)/include/nks
# INCLUDES += -I$(NDK_LIBC)/include/winsock
CFLAGS += -D_POSIX_SOURCE
else
INCLUDES += -I$(NDK_CLIB)/include/nlm
# INCLUDES += -I$(NDK_CLIB)/include
endif
ifndef DISABLE_LDAP
# INCLUDES += -I$(NDK_LDAP)/$(LIBARCH_L)/inc
endif
CFLAGS += $(INCLUDES)
ifeq ($(MTSAFE),YES)
XDCOPT = -n
endif
ifeq ($(MTSAFE),NO)
XDCOPT = -u
endif
ifdef XDCOPT
XDCDATA = $(OBJDIR)/$(TARGET).xdc
endif
ifeq ($(findstring /sh,$(SHELL)),/sh)
DL = '
DS = /
PCT = %
#-include $(NDKBASE)/nlmconv/ncpfs.inc
else
DS = \\
PCT = %%
endif
# Makefile.inc provides the CSOURCES and HHEADERS defines
include Makefile.inc
check_PROGRAMS := $(patsubst %,%.nlm,$(strip $(check_PROGRAMS)))
.PRECIOUS: $(OBJDIR)/%.o $(OBJDIR)/%.def $(OBJDIR)/%.xdc
all: prebuild $(check_PROGRAMS)
prebuild: $(OBJDIR) $(OBJDIR)/version.inc
$(OBJDIR)/%.o: %.c
@echo Compiling $<
$(CC) $(CFLAGS) -c $< -o $@
$(OBJDIR)/version.inc: $(CURL_INC)/curl/curlver.h $(OBJDIR)
@echo Creating $@
@$(AWK) -f ../../packages/NetWare/get_ver.awk $< > $@
install: $(INSTDIR) all
@$(CP) $(check_PROGRAMS) $(INSTDIR)
clean:
-$(RM) -r $(OBJDIR)
distclean vclean: clean
-$(RM) $(check_PROGRAMS)
$(OBJDIR) $(INSTDIR):
@$(MKDIR) $@
%.nlm: $(OBJDIR)/%.o $(OBJDIR)/%.def $(XDCDATA)
@echo Linking $@
@-$(RM) $@
@$(LD) $(LDFLAGS) $(OBJDIR)/$(@:.nlm=.def)
$(OBJDIR)/%.xdc: Makefile.netware
@echo Creating $@
@$(MPKXDC) $(XDCOPT) $@
$(OBJDIR)/%.def: Makefile.netware
@echo $(DL)# DEF file for linking with $(LD)$(DL) > $@
@echo $(DL)# Do not edit this file - it is created by Make!$(DL) >> $@
@echo $(DL)# All your changes will be lost!!$(DL) >> $@
@echo $(DL)#$(DL) >> $@
@echo $(DL)copyright "$(COPYR)"$(DL) >> $@
@echo $(DL)description "$(DESCR) $(notdir $(@:.def=)) Example"$(DL) >> $@
@echo $(DL)version $(VERSION)$(DL) >> $@
ifdef NLMTYPE
@echo $(DL)type $(NLMTYPE)$(DL) >> $@
endif
ifdef STACK
@echo $(DL)stack $(STACK)$(DL) >> $@
endif
ifdef SCREEN
@echo $(DL)screenname "$(DESCR) $(notdir $(@:.def=)) $(SCREEN)"$(DL) >> $@
else
@echo $(DL)screenname "DEFAULT"$(DL) >> $@
endif
ifneq ($(DB),NDEBUG)
@echo $(DL)debug$(DL) >> $@
endif
@echo $(DL)threadname "_$(notdir $(@:.def=))"$(DL) >> $@
ifdef XDCDATA
@echo $(DL)xdcdata $(XDCDATA)$(DL) >> $@
endif
ifeq ($(LDRING),0)
@echo $(DL)flag_on 16$(DL) >> $@
endif
ifeq ($(LDRING),3)
@echo $(DL)flag_on 512$(DL) >> $@
endif
ifeq ($(LIBARCH),CLIB)
@echo $(DL)start _Prelude$(DL) >> $@
@echo $(DL)exit _Stop$(DL) >> $@
@echo $(DL)import @$(NDK_CLIB)/imports/clib.imp$(DL) >> $@
@echo $(DL)import @$(NDK_CLIB)/imports/threads.imp$(DL) >> $@
@echo $(DL)import @$(NDK_CLIB)/imports/nlmlib.imp$(DL) >> $@
@echo $(DL)import @$(NDK_CLIB)/imports/socklib.imp$(DL) >> $@
@echo $(DL)module clib$(DL) >> $@
ifndef DISABLE_LDAP
@echo $(DL)import @$(NDK_LDAP)/clib/imports/ldapsdk.imp$(DL) >> $@
@echo $(DL)import @$(NDK_LDAP)/clib/imports/ldapssl.imp$(DL) >> $@
# @echo $(DL)import @$(NDK_LDAP)/clib/imports/ldapx.imp$(DL) >> $@
@echo $(DL)module ldapsdk ldapssl$(DL) >> $@
endif
else
ifeq ($(POSIXFL),1)
@echo $(DL)flag_on 4194304$(DL) >> $@
endif
@echo $(DL)flag_on 64$(DL) >> $@
@echo $(DL)pseudopreemption$(DL) >> $@
ifeq ($(findstring posixpre,$(PRELUDE)),posixpre)
@echo $(DL)start POSIX_Start$(DL) >> $@
@echo $(DL)exit POSIX_Stop$(DL) >> $@
@echo $(DL)check POSIX_CheckUnload$(DL) >> $@
else
@echo $(DL)start _LibCPrelude$(DL) >> $@
@echo $(DL)exit _LibCPostlude$(DL) >> $@
@echo $(DL)check _LibCCheckUnload$(DL) >> $@
endif
@echo $(DL)import @$(NDK_LIBC)/imports/libc.imp$(DL) >> $@
@echo $(DL)import @$(NDK_LIBC)/imports/netware.imp$(DL) >> $@
@echo $(DL)module libc$(DL) >> $@
ifndef DISABLE_LDAP
@echo $(DL)import @$(NDK_LDAP)/libc/imports/lldapsdk.imp$(DL) >> $@
@echo $(DL)import @$(NDK_LDAP)/libc/imports/lldapssl.imp$(DL) >> $@
# @echo $(DL)import @$(NDK_LDAP)/libc/imports/lldapx.imp$(DL) >> $@
@echo $(DL)module lldapsdk lldapssl$(DL) >> $@
endif
endif
ifdef MODULES
@echo $(DL)module $(MODULES)$(DL) >> $@
endif
ifdef EXPORTS
@echo $(DL)export $(EXPORTS)$(DL) >> $@
endif
ifdef IMPORTS
@echo $(DL)import $(IMPORTS)$(DL) >> $@
endif
ifeq ($(findstring nlmconv,$(LD)),nlmconv)
@echo $(DL)input $(PRELUDE)$(DL) >> $@
@echo $(DL)input $(@:.def=.o)$(DL) >> $@
ifdef LDLIBS
@echo $(DL)input $(LDLIBS)$(DL) >> $@
endif
@echo $(DL)output $(notdir $(@:.def=.nlm))$(DL) >> $@
endif