From 27d62bb27eb369294989cf7117b7e89c1d8c367c Mon Sep 17 00:00:00 2001
From: Luke Howard <lukeh@padl.com>
Date: Sat, 8 Jan 2022 10:12:07 +1100
Subject: [PATCH] gss: avoid showing PAC in test_context if anon

The Heimdal KDC does not add a PAC if an anonymous ticket was issued. As such,
test_context should not expect PAC naming attributes to be present if the
--anonymous option was passed. (This is irrelevant for now as GSS_C_ANON_FLAG
is not honored by the krb5 mechanism.)
---
 lib/gssapi/test_context.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/lib/gssapi/test_context.c b/lib/gssapi/test_context.c
index 9301b5b36..37cc41ac2 100644
--- a/lib/gssapi/test_context.c
+++ b/lib/gssapi/test_context.c
@@ -499,7 +499,8 @@ loop(gss_OID mechoid,
         } else
             warnx("display_name: %s",
                  gssapi_err(maj_stat, min_stat, GSS_C_NO_OID));
-	if (gss_oid_equal(actual_mech_server, GSS_KRB5_MECHANISM))
+	if (!anon_flag &&
+	    gss_oid_equal(actual_mech_server, GSS_KRB5_MECHANISM))
 	    show_pac_client_info(src_name);
     }
     gss_release_name(&min_stat, &src_name);