From bdbabe247b454c01a79dbbc108ad4fc9c20065d7 Mon Sep 17 00:00:00 2001
From: Sumit Bose <sbose@redhat.com>
Date: Thu, 7 Jan 2010 10:26:02 +0100
Subject: Fix return value when offline and TGT is valid

Fixes CVE-2010-0014
---
 server/providers/krb5/krb5_auth.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'server')

diff --git a/server/providers/krb5/krb5_auth.c b/server/providers/krb5/krb5_auth.c
index a124371ed..4386a7ede 100644
--- a/server/providers/krb5/krb5_auth.c
+++ b/server/providers/krb5/krb5_auth.c
@@ -939,7 +939,7 @@ static void krb5_resolve_done(struct tevent_req *req)
                 DEBUG(1, ("pam_add_response failed.\n"));
             }
 
-            pam_status = PAM_SUCCESS;
+            pam_status = PAM_AUTHINFO_UNAVAIL;
             dp_err = DP_ERR_OFFLINE;
             goto done;
         }
-- 
cgit