From: Andreas Schneider <asn@samba.org>
Date: Wed, 6 Aug 2025 12:42:51 +0000 (+0200)
Subject: auth:creds: Allow to reset the principal by passing NULL to set_principal
X-Git-Tag: samba-4.23.0rc3~16
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=8f98180ed716e94332bb856a9da418905abc949b;p=thirdparty%2Fsamba.git

auth:creds: Allow to reset the principal by passing NULL to set_principal

We do that e.g. in cli_credentials_set_anonymous()

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15893

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
(cherry picked from commit 67c2feba290764c62ab01602d5bc9d4d122c2c12)
---

diff --git a/auth/credentials/credentials.c b/auth/credentials/credentials.c
index a558aada67c..1992b1c6a74 100644
--- a/auth/credentials/credentials.c
+++ b/auth/credentials/credentials.c
@@ -432,12 +432,15 @@ _PUBLIC_ bool cli_credentials_set_principal(struct cli_credentials *cred,
 				   enum credentials_obtained obtained)
 {
 	if (obtained >= cred->principal_obtained) {
-		cred->principal = talloc_strdup(cred, val);
-		if (cred->principal == NULL) {
-			return false;
+		/* If `val = NULL` is passed, principal is reset */
+		cred->principal = NULL;
+		if (val != NULL) {
+			cred->principal = talloc_strdup(cred, val);
+			if (cred->principal == NULL) {
+				return false;
+			}
 		}
 		cred->principal_obtained = obtained;
-
 		cli_credentials_invalidate_ccache(cred, cred->principal_obtained);
 		return true;
 	}
@@ -1553,7 +1556,9 @@ _PUBLIC_ void cli_credentials_get_ntlm_username_domain(struct cli_credentials *c
 					      const char **username,
 					      const char **domain)
 {
-	if (cred->principal_obtained >= cred->username_obtained) {
+	if (!cli_credentials_is_anonymous(cred) &&
+	    cred->principal_obtained >= cred->username_obtained)
+	{
 		*domain = talloc_strdup(mem_ctx, "");
 		*username = cli_credentials_get_principal(cred, mem_ctx);
 	} else {