The _kdc_is_anonymous() helper function must take into account
that principals of type NT-UNKNOWN can match any other principal
type including NT-WELLKNOWN.
Change-Id: I6085b9471f6f1d662119e359491bbdce629ef048
krb5_boolean
_kdc_is_anonymous(krb5_context context, krb5_principal principal)
{
- if (principal->name.name_type != KRB5_NT_WELLKNOWN ||
+ if ((principal->name.name_type != KRB5_NT_WELLKNOWN &&
+ principal->name.name_type != KRB5_NT_UNKNOWN) ||
principal->name.name_string.len != 2 ||
strcmp(principal->name.name_string.val[0], KRB5_WELLKNOWN_NAME) != 0 ||
strcmp(principal->name.name_string.val[1], KRB5_ANON_NAME) != 0)