From c89c41b523dfeec992fde31f490d639adf7905a7 Mon Sep 17 00:00:00 2001
From: Arthur de Jong <arthur@arthurdejong.org>
Date: Sat, 5 Jan 2013 22:49:39 +0000
Subject: save the old password if either the authentication or the
 authorisation response is NEW_AUTHTOK_REQD

git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1899 ef36b2f9-881f-0410-afb5-c4e39611909c
---
 pam/pam.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

(limited to 'pam/pam.c')

diff --git a/pam/pam.c b/pam/pam.c
index 32cd98b..9947d52 100644
--- a/pam/pam.c
+++ b/pam/pam.c
@@ -2,7 +2,7 @@
    pam.c - pam module functions
 
    Copyright (C) 2009 Howard Chu
-   Copyright (C) 2009, 2010, 2011, 2012 Arthur de Jong
+   Copyright (C) 2009, 2010, 2011, 2012, 2013 Arthur de Jong
 
    This library is free software; you can redistribute it and/or
    modify it under the terms of the GNU Lesser General Public
@@ -503,7 +503,7 @@ int pam_sm_authenticate(pam_handle_t *pamh, int flags,
   if (cfg.debug)
     pam_syslog(pamh, LOG_DEBUG, "authentication succeeded");
   /* if password change is required, save old password in context */
-  if (resp.res == PAM_NEW_AUTHTOK_REQD)
+  if ((resp.res == PAM_NEW_AUTHTOK_REQD) || (ctx->saved_authz.res == PAM_NEW_AUTHTOK_REQD))
     ctx->oldpassword = strdup(passwd);
   /* update caller's idea of the user name */
   if ((resp.msg[0] != '\0') && (strcmp(resp.msg, username) != 0))
-- 
cgit v1.2.3