David Woodhouse 9ad282b1ae Remove all traces of FBOpenSSL SPNEGO support
This is just fundamentally broken. SPNEGO (RFC4178) is a protocol which
allows client and server to negotiate the underlying mechanism which will
actually be used to authenticate. This is *often* Kerberos, and can also
be NTLM and other things. And to complicate matters, there are various
different OIDs which can be used to specify the Kerberos mechanism too.

A SPNEGO exchange will identify *which* GSSAPI mechanism is being used,
and will exchange GSSAPI tokens which are appropriate for that mechanism.

But this SPNEGO implementation just strips the incoming SPNEGO packet
and extracts the token, if any. And completely discards the information
about *which* mechanism is being used. Then we *assume* it was Kerberos,
and feed the token into gss_init_sec_context() with the default
mechanism (GSS_S_NO_OID for the mech_type argument).

Furthermore... broken as this code is, it was never even *used* for input
tokens anyway, because higher layers of curl would just bail out if the
server actually said anything *back* to us in the negotiation. We assume
that we send a single token to the server, and it accepts it. If the server
wants to continue the exchange (as is required for NTLM and for SPNEGO
to do anything useful), then curl was broken anyway.

So the only bit which actually did anything was the bit in
Curl_output_negotiate(), which always generates an *initial* SPNEGO
token saying "Hey, I support only the Kerberos mechanism and this is its
token".

You could have done that by manually just prefixing the Kerberos token
with the appropriate bytes, if you weren't going to do any proper SPNEGO
handling. There's no need for the FBOpenSSL library at all.

The sane way to do SPNEGO is just to *ask* the GSSAPI library to do
SPNEGO. That's what the 'mech_type' argument to gss_init_sec_context()
is for. And then it should all Just Work™.

That 'sane way' will be added in a subsequent patch, as will bug fixes
for our failure to handle any exchange other than a single outbound
token to the server which results in immediate success.
2014-07-16 17:26:08 +02:00
..
2014-01-29 10:22:40 +01:00
2011-03-10 12:04:33 +01:00
2011-06-28 19:08:51 +02:00
2013-01-30 18:14:00 +01:00
2012-07-04 17:03:52 +02:00
2012-04-13 17:59:49 +02:00
2011-06-28 19:08:51 +02:00
2012-07-04 17:03:52 +02:00
2011-03-10 12:04:33 +01:00
2013-09-29 00:16:21 +02:00
2011-03-10 12:04:33 +01:00
2012-07-12 02:02:57 +02:00
2014-02-16 00:09:22 +00:00
2014-01-05 14:22:35 +00:00
2011-04-07 15:16:38 +02:00
2014-02-16 00:09:22 +00:00
2013-03-27 15:39:42 +01:00
2011-03-10 12:04:33 +01:00
2012-07-04 17:03:52 +02:00
2014-01-05 13:59:21 +00:00
2014-01-05 12:17:15 +00:00
2014-01-05 14:26:51 +00:00
2014-01-05 14:26:51 +00:00
2014-01-05 13:16:41 +00:00
2014-01-05 12:31:28 +00:00
2013-09-29 00:12:30 +02:00
2012-07-04 17:03:52 +02:00
2011-03-10 12:04:33 +01:00
2012-04-13 17:59:49 +02:00
2012-08-27 14:42:56 +02:00
2012-07-04 17:03:52 +02:00
2011-03-10 12:04:33 +01:00
2011-12-30 03:36:18 +01:00

                                  _   _ ____  _
                              ___| | | |  _ \| |
                             / __| | | | |_) | |
                            | (__| |_| |  _ <| |___
                             \___|\___/|_| \_\_____|

This directory is for libcurl programming examples. They are meant to show
some simple steps on how you can build your own application to take full
advantage of libcurl.

If you end up with other small but still useful example sources, please mail
them for submission in future packages and on the web site.

BUILDING

The Makefile.example is an example makefile that could be used to build these
examples. Just edit the file according to your system and requirements first.

Most examples should build fine using a command line like this:

  $ `curl-config --cc --cflags --libs` -o example example.c

Some compilers don't like having the arguments in this order but instead
want you do reorganize them like:

  $ `curl-config --cc` -o example example.c `curl-config --cflags --libs`

*PLEASE* do not use the curl.haxx.se site as a test target for your libcurl
applications/experiments. Even if some of the examples use that site as a URL
at some places, it doesn't mean that the URLs work or that we expect you to
actually torture our web site with your tests!  Thanks.

EXAMPLES

anyauthput.c   - HTTP PUT using "any" authentication method
cacertinmem.c  - Use a built-in PEM certificate to retrieve a https page
cookie_interface.c - shows usage of simple cookie interface
curlgtk.c      - download using a GTK progress bar
curlx.c        - getting file info from the remote cert data
debug.c        - showing how to use the debug callback
fileupload.c   - uploading to a file:// URL
fopen.c        - fopen() layer that supports opening URLs and files
ftpget.c       - simple getting a file from FTP
ftpgetresp.c   - get the response strings from the FTP server
ftpupload.c    - upload a file to an FTP server
ftpuploadresume.c - resume an upload to an FTP server
getinfo.c      - get the Content-Type from the recent transfer
getinmemory.c  - download a file to memory only
ghiper.c       - curl_multi_socket() using code with glib-2
hiperfifo.c    - downloads all URLs written to the fifo, using
                 curl_multi_socket() and libevent
htmltidy.c     - download a document and use libtidy to parse the HTML
htmltitle.cc   - download a HTML file and extract the <title> tag from a HTML
                 page using libxml
http-post.c    - HTTP POST
httpput.c      - HTTP PUT a local file
https.c        - simple HTTPS transfer
imap.c         - simple IMAP transfer
multi-app.c    - a multi-interface app
multi-debugcallback.c - a multi-interface app using the debug callback
multi-double.c - a multi-interface app doing two simultaneous transfers
multi-post.c   - a multi-interface app doing a multipart formpost
multi-single.c - a multi-interface app getting a single file
multi-uv.c     - a multi-interface app using libuv
multithread.c  - an example using multi-treading transferring multiple files
opensslthreadlock.c - show how to do locking when using OpenSSL multi-threaded
persistant.c   - request two URLs with a persistent connection
pop3s.c        - POP3S transfer
pop3slist.c    - POP3S LIST
post-callback.c - send a HTTP POST using a callback
postit2.c      - send a HTTP multipart formpost
sampleconv.c   - showing how a program on a non-ASCII platform would invoke
                 callbacks to do its own codeset conversions instead of using
                 the built-in iconv functions in libcurl
sepheaders.c   - download headers to a separate file
simple.c       - the most simple download a URL source
simplepost.c   - HTTP POST
simplessl.c    - HTTPS example with certificates many options set
synctime.c     - Sync local time by extracting date from remote HTTP servers
url2file.c     - download a document and store it in a file
xmlstream.c    - Stream-parse a document using the streaming Expat parser
10-at-a-time.c - Download many files simultaneously, 10 at a time.