diff options
author | Steve Holme <steve_holme@hotmail.com> | 2016-08-21 11:56:23 +0100 |
---|---|---|
committer | Steve Holme <steve_holme@hotmail.com> | 2016-08-21 11:56:23 +0100 |
commit | a78c61a4bf5b7eb90b0945d94568b7b3b1f23c6e (patch) | |
tree | 3b487b79f4a429d0ae8ba1ef28f184c4b983d65a /lib/curl_sasl.c | |
parent | 43dbd766164153d49ab266355d2f35e6bf010b30 (diff) | |
download | curl-a78c61a4bf5b7eb90b0945d94568b7b3b1f23c6e.tar.gz |
sasl: Don't use GSSAPI authentication when domain name not specified
Only choose the GSSAPI authentication mechanism when the user name
contains a Windows domain name or the user is a valid UPN.
Fixes #718
Diffstat (limited to 'lib/curl_sasl.c')
-rw-r--r-- | lib/curl_sasl.c | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/lib/curl_sasl.c b/lib/curl_sasl.c index 68a0b9320..65fa52932 100644 --- a/lib/curl_sasl.c +++ b/lib/curl_sasl.c @@ -288,7 +288,8 @@ CURLcode Curl_sasl_start(struct SASL *sasl, struct connectdata *conn, } else if(conn->bits.user_passwd) { #if defined(USE_KERBEROS5) - if((enabledmechs & SASL_MECH_GSSAPI) && Curl_auth_is_gssapi_supported()) { + if((enabledmechs & SASL_MECH_GSSAPI) && Curl_auth_is_gssapi_supported() && + Curl_auth_user_contains_domain(conn->user)) { sasl->mutual_auth = FALSE; /* TODO: Calculate mutual authentication */ mech = SASL_MECH_STRING_GSSAPI; state1 = SASL_GSSAPI; |