From: Simon Wilkinson <sxw@inf.ed.ac.uk>
Date: Mon, 11 May 2009 15:55:38 +0000 (+0000)
Subject: STABLE14-linux26-defer-cred-changing-20090511
X-Git-Tag: openafs-stable-1_4_11pre1~57
X-Git-Url: https://git.michaelhowe.org/gitweb/?a=commitdiff_plain;h=f6e029fc2e51811e9ba4971038e39010aba4ce04;p=packages%2Fo%2Fopenafs.git

STABLE14-linux26-defer-cred-changing-20090511

LICENSE IPL10
FIXES 124737

Newer Linux kernels differentiate between the real and effective
credentials of a process, and prevent a process's credentials from being
change when the effective credentials have been set to a different value.
When AFS notices a keyring PAG exists but no group-based PAG does, the
attempt to rectify this, if done in a VFS call (which changes effective creds)
triggers this issue. We defer the change to the groups to avoid it.


(cherry picked from commit 7d530b9080f6dd4d7f7e4555ed6ce855ff81bcaa)
---

diff --git a/src/afs/LINUX/osi_cred.c b/src/afs/LINUX/osi_cred.c
index 22f4bb53f..8642a9fa4 100644
--- a/src/afs/LINUX/osi_cred.c
+++ b/src/afs/LINUX/osi_cred.c
@@ -104,6 +104,12 @@ crset(cred_t * cr)
 #if defined(STRUCT_TASK_HAS_CRED)
     struct cred *new_creds;
 
+    /* If our current task doesn't have identical real and effective
+     * credentials, commit_cred won't let us change them, so we just
+     * bail here.
+     */
+    if (current->cred != current->real_cred)
+        return;
     new_creds = prepare_creds();
     new_creds->fsuid = cr->cr_uid;
     new_creds->uid = cr->cr_ruid;