auth: we do not support a security layer after kerberos authentication

Closes #7008
author: Patrick Monnerat <patrick@monnerat.net> 2021-08-16 08:35:22 +0200
committer: Daniel Stenberg <daniel@haxx.se> 2021-08-16 08:36:03 +0200
commit: 0a1c85e39b0fcbfd67a185af63133de485560ee0 (patch)
tree: cc00efcababa37a029ee92f4f7f222e06152a380 /lib/vauth
parent: 3f9b1d0c9d0d16ddfcfbab50d4cb152620e11e65 (diff)
download: curl-0a1c85e39b0fcbfd67a185af63133de485560ee0.tar.gz
2 files changed, 2 insertions, 0 deletions
diff --git a/lib/vauth/krb5_gssapi.c b/lib/vauth/krb5_gssapi.c
index 58d835b5f..ea4995c72 100644
--- a/lib/vauth/krb5_gssapi.c
+++ b/lib/vauth/krb5_gssapi.c
@@ -257,6 +257,7 @@ CURLcode Curl_auth_create_gssapi_security_message(struct Curl_easy *data,
     gss_release_buffer(&unused_status, &username_token);
     return CURLE_BAD_CONTENT_ENCODING;
   }
+  sec_layer &= GSSAUTH_P_NONE;  /* We do not support a security layer */
 
   /* Process the maximum message size the server can receive */
   if(max_size > 0) {
diff --git a/lib/vauth/krb5_sspi.c b/lib/vauth/krb5_sspi.c
index 983171c8e..08644d79c 100644
--- a/lib/vauth/krb5_sspi.c
+++ b/lib/vauth/krb5_sspi.c
@@ -338,6 +338,7 @@ CURLcode Curl_auth_create_gssapi_security_message(struct Curl_easy *data,
     infof(data, "GSSAPI handshake failure (invalid security layer)");
     return CURLE_BAD_CONTENT_ENCODING;
   }
+  sec_layer &= KERB_WRAP_NO_ENCRYPT;  /* We do not support a security layer */
 
   /* Process the maximum message size the server can receive */
   if(max_size > 0) {
author	Patrick Monnerat <patrick@monnerat.net>	2021-08-16 08:35:22 +0200
committer	Daniel Stenberg <daniel@haxx.se>	2021-08-16 08:36:03 +0200
commit	0a1c85e39b0fcbfd67a185af63133de485560ee0 (patch)
tree	cc00efcababa37a029ee92f4f7f222e06152a380 /lib/vauth
parent	3f9b1d0c9d0d16ddfcfbab50d4cb152620e11e65 (diff)
download	curl-0a1c85e39b0fcbfd67a185af63133de485560ee0.tar.gz