auth/credentials: if credentials have principal set, they are not anonymous anymore

When dealing with Kerberos, we cannot consider credentials anonymous
if credentials were obtained properly.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11265

Signed-off-by: Alexander Bokovoy <ab@samba.org>
Reviewed-by: Stefan (metze) Metzmacher <metze@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
Autobuild-User(master): Alexander Bokovoy <ab@samba.org>
Autobuild-Date(master): Wed Jul 15 16:32:55 CEST 2015 on sn-devel-104

diff --git a/auth/credentials/credentials.c b/auth/credentials/credentials.c
index df188b0f09e202e4cc675a04c20d6e27adf2dcf1..3b7d42a29a5a0b525b687a11c71a196f96c86855 100644 (file)
--- a/auth/credentials/credentials.c
+++ b/auth/credentials/credentials.c
@@ -967,6 +967,11 @@ _PUBLIC_ bool cli_credentials_is_anonymous(struct cli_credentials *cred)
                                                    cred->machine_account_pending_lp_ctx);
        }
 
+       /* if principal is set, it's not anonymous */
+       if ((cred->principal != NULL) && cred->principal_obtained >= cred->username_obtained) {
+               return false;
+       }
+
        username = cli_credentials_get_username(cred);
        
        /* Yes, it is deliberate that we die if we have a NULL pointer