Relevant BUGIDs: rhbz#443667

Purpose of commit: bugfix

Commit summary:
---------------
2008-04-22  Tomas Mraz <t8m@centrum.cz>

        * modules/pam_selinux/pam_selinux.c(pam_sm_close_sesion): Fix
        regression from the change from 2008-03-20. setexeccon() must be
        called also with NULL prev_context.

2 files changed, 13 insertions, 7 deletions

diff --git a/ChangeLog b/ChangeLog
index c8901a4d..f1537404 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,9 @@
+2008-04-22  Tomas Mraz <t8m@centrum.cz>
+
+	* modules/pam_selinux/pam_selinux.c(pam_sm_close_sesion): Fix
+	regression from the change from 2008-03-20. setexeccon() must be
+	called also with NULL prev_context.
+
 2008-04-21  Thorsten Kukuk  <kukuk@thkukuk.de>
 
 	* modules/pam_access/access.conf.5.xml: Document changed behavior
diff --git a/modules/pam_selinux/pam_selinux.c b/modules/pam_selinux/pam_selinux.c
index f679e33d..da49f3f9 100644
--- a/modules/pam_selinux/pam_selinux.c
+++ b/modules/pam_selinux/pam_selinux.c
@@ -702,21 +702,21 @@ pam_sm_close_session(pam_handle_t *pamh, int flags UNUSED,
     free(ttyn);
     ttyn=NULL;
   }
-  if (prev_user_context) {
-    if (setexeccon(prev_user_context)) {
+
+  if (setexeccon(prev_user_context)) {
       pam_syslog(pamh, LOG_ERR, "Unable to restore executable context %s.",
-	       prev_user_context);
+	       prev_user_context ? prev_user_context : "");
       if (security_getenforce() == 1)
          status = PAM_AUTH_ERR;
       else
          status = PAM_SUCCESS;
-    }
+  } else if (debug)
+      pam_syslog(pamh, LOG_NOTICE, "Executable context back to original");
+
+  if (prev_user_context) {
     freecon(prev_user_context);
     prev_user_context = NULL;
   }
 
-  if (debug)
-    pam_syslog(pamh, LOG_NOTICE, "setcontext back to orginal");
-
   return status;
 }