sasl: Don't use GSSAPI authentication when domain name not specified

Only choose the GSSAPI authentication mechanism when the user name contains a Windows domain name or the user is a valid UPN. Fixes #718
author: Steve Holme <steve_holme@hotmail.com> 2016-08-21 11:56:23 +0100
committer: Steve Holme <steve_holme@hotmail.com> 2016-08-21 11:56:23 +0100
commit: a78c61a4bf5b7eb90b0945d94568b7b3b1f23c6e (patch)
tree: 3b487b79f4a429d0ae8ba1ef28f184c4b983d65a /lib/curl_sasl.c
parent: 43dbd766164153d49ab266355d2f35e6bf010b30 (diff)
download: gnurl-a78c61a4bf5b7eb90b0945d94568b7b3b1f23c6e.tar.gz
gnurl-a78c61a4bf5b7eb90b0945d94568b7b3b1f23c6e.tar.bz2
gnurl-a78c61a4bf5b7eb90b0945d94568b7b3b1f23c6e.zip
1 files changed, 2 insertions, 1 deletions
diff --git a/lib/curl_sasl.c b/lib/curl_sasl.c
index 68a0b9320..65fa52932 100644
--- a/lib/curl_sasl.c
+++ b/lib/curl_sasl.c
@@ -288,7 +288,8 @@ CURLcode Curl_sasl_start(struct SASL *sasl, struct connectdata *conn,
   }
   else if(conn->bits.user_passwd) {
 #if defined(USE_KERBEROS5)
-    if((enabledmechs & SASL_MECH_GSSAPI) && Curl_auth_is_gssapi_supported()) {
+    if((enabledmechs & SASL_MECH_GSSAPI) && Curl_auth_is_gssapi_supported() &&
+       Curl_auth_user_contains_domain(conn->user)) {
       sasl->mutual_auth = FALSE; /* TODO: Calculate mutual authentication */
       mech = SASL_MECH_STRING_GSSAPI;
       state1 = SASL_GSSAPI;
author	Steve Holme <steve_holme@hotmail.com>	2016-08-21 11:56:23 +0100
committer	Steve Holme <steve_holme@hotmail.com>	2016-08-21 11:56:23 +0100
commit	a78c61a4bf5b7eb90b0945d94568b7b3b1f23c6e (patch)
tree	3b487b79f4a429d0ae8ba1ef28f184c4b983d65a /lib/curl_sasl.c
parent	43dbd766164153d49ab266355d2f35e6bf010b30 (diff)
download	gnurl-a78c61a4bf5b7eb90b0945d94568b7b3b1f23c6e.tar.gz gnurl-a78c61a4bf5b7eb90b0945d94568b7b3b1f23c6e.tar.bz2 gnurl-a78c61a4bf5b7eb90b0945d94568b7b3b1f23c6e.zip