From 340cdb96014910791a48301ea64f7267311bb25f Mon Sep 17 00:00:00 2001 From: Alexander Bokovoy Date: Thu, 7 May 2015 14:12:03 +0000 Subject: [PATCH] auth/credentials: if credentials have principal set, they are not anonymous anymore When dealing with Kerberos, we cannot consider credentials anonymous if credentials were obtained properly. Signed-off: Alexander Bokovoy --- auth/credentials/credentials.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/auth/credentials/credentials.c b/auth/credentials/credentials.c index 42aa2a3..2b3bf23 100644 --- a/auth/credentials/credentials.c +++ b/auth/credentials/credentials.c @@ -966,6 +966,11 @@ _PUBLIC_ bool cli_credentials_is_anonymous(struct cli_credentials *cred) cred->machine_account_pending_lp_ctx); } + /* if principal is set, it's not anonymous */ + if ((cred->principal != NULL) && cred->principal_obtained >= cred->username_obtained) { + return false; + } + username = cli_credentials_get_username(cred); /* Yes, it is deliberate that we die if we have a NULL pointer -- 2.1.0