Linux: setpag() may replace credentials

For recent Linux. setpag() may replace the current process' cred
structure with a new one.  This is not a problem for most callers,
but in the case of processing a SetTokens2 pioctl with the setpag
option, the new credentials should be used to determine the target
for the token.

Change-Id: I4441349b8a72eac7d56276abcdf243b2ffd21b98
Reviewed-on: http://gerrit.openafs.org/8924
Reviewed-by: Chas Williams - CONTRACTOR <chas@cmf.nrl.navy.mil>
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Derrick Brashear <shadow@your-file-system.com>

diff --git a/src/afs/afs_pioctl.c b/src/afs/afs_pioctl.c
index 0d7747186898bd6ed1a85c8c67bf64e8fab5cb02..b6b2009347777efad96afa9ad4b1be77d12e6123 100644 (file)
--- a/src/afs/afs_pioctl.c
+++ b/src/afs/afs_pioctl.c
@@ -5328,7 +5328,15 @@ DECL_PIOCTL(PSetTokens2)
     }
 
     if (tokenSet.flags & AFSTOKEN_EX_SETPAG) {
+#if defined(AFS_LINUX26_ENV)
+       afs_ucred_t *old_cred = *acred;
+#endif
        if (_settok_setParentPag(acred) == 0) {
+#if defined(AFS_LINUX26_ENV)
+           /* setpag() may have changed our credentials */
+           *acred = crref();
+           crfree(old_cred);
+#endif
            afs_InitReq(&treq, *acred);
            areq = &treq;
        }