auth: we do not support a security layer after kerberos authentication

author Patrick Monnerat <patrick@monnerat.net>

Mon, 16 Aug 2021 06:35:22 +0000 (08:35 +0200)

committer Daniel Stenberg <daniel@haxx.se>

Mon, 16 Aug 2021 06:36:03 +0000 (08:36 +0200)
author Patrick Monnerat <patrick@monnerat.net>
Mon, 16 Aug 2021 06:35:22 +0000 (08:35 +0200)
committer Daniel Stenberg <daniel@haxx.se>
Mon, 16 Aug 2021 06:36:03 +0000 (08:36 +0200)
diff --git a/lib/vauth/krb5_gssapi.c b/lib/vauth/krb5_gssapi.c

index 58d835b5f7a5da5aa6ab4dbc553c860a811dc41d..ea4995c72ddc80fbd9640e8517605096780a9bfa 100644 (file)
--- a/lib/vauth/krb5_gssapi.c
+++ b/lib/vauth/krb5_gssapi.c
@@ -257,6 +257,7 @@ CURLcode Curl_auth_create_gssapi_security_message(struct Curl_easy *data,
      gss_release_buffer(&unused_status, &username_token);
      return CURLE_BAD_CONTENT_ENCODING;
    }
+  sec_layer &= GSSAUTH_P_NONE;  /* We do not support a security layer */
  
    /* Process the maximum message size the server can receive */
    if(max_size > 0) {
diff --git a/lib/vauth/krb5_sspi.c b/lib/vauth/krb5_sspi.c

index 983171c8ed2e64165836822d94367785e5ff4b47..08644d79c242df2eb68a49b90348a6008711f308 100644 (file)
--- a/lib/vauth/krb5_sspi.c
+++ b/lib/vauth/krb5_sspi.c
@@ -338,6 +338,7 @@ CURLcode Curl_auth_create_gssapi_security_message(struct Curl_easy *data,
      infof(data, "GSSAPI handshake failure (invalid security layer)");
      return CURLE_BAD_CONTENT_ENCODING;
    }
+  sec_layer &= KERB_WRAP_NO_ENCRYPT;  /* We do not support a security layer */
  
    /* Process the maximum message size the server can receive */
    if(max_size > 0) {
author	Patrick Monnerat <patrick@monnerat.net>
	Mon, 16 Aug 2021 06:35:22 +0000 (08:35 +0200)
committer	Daniel Stenberg <daniel@haxx.se>
	Mon, 16 Aug 2021 06:36:03 +0000 (08:36 +0200)
lib/vauth/krb5_gssapi.c		patch \| blob \| blame \| history
lib/vauth/krb5_sspi.c		patch \| blob \| blame \| history