From f553064ad85a2cdbbabcdd534d3d4f402d0117ec Mon Sep 17 00:00:00 2001
From: Alexander Bokovoy <ab@samba.org>
Date: Thu, 7 May 2015 14:12:03 +0000
Subject: [PATCH] auth/credentials: if credentials have principal set, they are
 not anonymous anymore

When dealing with Kerberos, we cannot consider credentials anonymous
if credentials were obtained properly.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11265

Signed-off-by: Alexander Bokovoy <ab@samba.org>
Reviewed-by: Stefan (metze) Metzmacher <metze@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>

Autobuild-User(master): Alexander Bokovoy <ab@samba.org>
Autobuild-Date(master): Wed Jul 15 16:32:55 CEST 2015 on sn-devel-104

(cherry picked from commit a0d2dd0e01618346b4ad8ea9da3f7ce4eb0364b0)
---
 auth/credentials/credentials.c | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/auth/credentials/credentials.c b/auth/credentials/credentials.c
index 78b5955..e988d2d 100644
--- a/auth/credentials/credentials.c
+++ b/auth/credentials/credentials.c
@@ -921,6 +921,11 @@ _PUBLIC_ bool cli_credentials_is_anonymous(struct cli_credentials *cred)
 						    cred->machine_account_pending_lp_ctx);
 	}
 
+	/* if principal is set, it's not anonymous */
+	if ((cred->principal != NULL) && cred->principal_obtained >= cred->username_obtained) {
+		return false;
+	}
+
 	username = cli_credentials_get_username(cred);
 	
 	/* Yes, it is deliberate that we die if we have a NULL pointer
-- 
2.4.3