Linux: setpag() may replace credentials

For recent Linux. setpag() may replace the current process' cred structure with a new one. This is not a problem for most callers, but in the case of processing a SetTokens2 pioctl with the setpag option, the new credentials should be used to determine the target for the token. Change-Id: I4441349b8a72eac7d56276abcdf243b2ffd21b98 Reviewed-on: http://gerrit.openafs.org/8924 Reviewed-by: Chas Williams - CONTRACTOR <chas@cmf.nrl.navy.mil> Tested-by: BuildBot <buildbot@rampaginggeek.com> Reviewed-by: Derrick Brashear <shadow@your-file-system.com>
2025-01-18 15:00:12 +00:00 · 2013-01-18 22:40:03 -05:00 · 2013-01-18 22:40:03 -05:00 · b61eac783e
commit b61eac783e
parent 07d83cd473
1 changed files with 8 additions and 0 deletions
--- a/src/afs/afs_pioctl.c
+++ b/src/afs/afs_pioctl.c
@ -5328,7 +5328,15 @@ DECL_PIOCTL(PSetTokens2)
    }

    if (tokenSet.flags & AFSTOKEN_EX_SETPAG) {
+#if defined(AFS_LINUX26_ENV)
+	afs_ucred_t *old_cred = *acred;
+#endif
 	if (_settok_setParentPag(acred) == 0) {
+#if defined(AFS_LINUX26_ENV)
+	    /* setpag() may have changed our credentials */
+	    *acred = crref();
+	    crfree(old_cred);
+#endif
 	    afs_InitReq(&treq, *acred);
 	    areq = &treq;
 	}