Linux: setpag() may replace credentials

For recent Linux. setpag() may replace the current process' cred
structure with a new one.  This is not a problem for most callers,
but in the case of processing a SetTokens2 pioctl with the setpag
option, the new credentials should be used to determine the target
for the token.

Reviewed-on: http://gerrit.openafs.org/8924
Reviewed-by: Chas Williams - CONTRACTOR <chas@cmf.nrl.navy.mil>
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Derrick Brashear <shadow@your-file-system.com>
(cherry picked from commit b61eac783e8c092cd4ba9f53a2b5ca7d43e08b1b)

Change-Id: I66b5f171318964ff40fe78be24e75519183c3a82
Reviewed-on: http://gerrit.openafs.org/8948
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Andrew Deason <adeason@sinenomine.net>
Reviewed-by: Paul Smeddle <paul.smeddle@gmail.com>
Reviewed-by: Ken Dreyer <ktdreyer@ktdreyer.com>
Reviewed-by: Stephan Wiesand <stephan.wiesand@desy.de>

diff --git a/src/afs/afs_pioctl.c b/src/afs/afs_pioctl.c
index 3c01be5f06ec2599fcbbb1c6ac7b98fafdc3020c..98919a3442b8d31d39b90dd95c674f50307655df 100644 (file)
--- a/src/afs/afs_pioctl.c
+++ b/src/afs/afs_pioctl.c
@@ -1859,6 +1859,9 @@ DECL_PIOCTL(PSetTokens)
     afs_PutCell(tcell, READ_LOCK);
     if (set_parent_pag) {
        afs_uint32 pag;
+#if defined(AFS_LINUX26_ENV)
+       afs_ucred_t *old_cred = *acred;
+#endif
 #if defined(AFS_DARWIN_ENV) || defined(AFS_XBSD_ENV)
        char procname[256];
        osi_procname(procname, 256);
@@ -1867,6 +1870,11 @@ DECL_PIOCTL(PSetTokens)
        if (!setpag(osi_curproc(), acred, -1, &pag, 1)) {
 #else
        if (!setpag(acred, -1, &pag, 1)) {
+#endif
+#if defined(AFS_LINUX26_ENV)
+           /* setpag() may have changed our credentials */
+           *acred = crref();
+           crfree(old_cred);
 #endif
            afs_InitReq(&treq, *acred);
            areq = &treq;