From b61eac783e8c092cd4ba9f53a2b5ca7d43e08b1b Mon Sep 17 00:00:00 2001
From: Marc Dionne <marc.c.dionne@gmail.com>
Date: Fri, 18 Jan 2013 22:40:03 -0500
Subject: [PATCH] Linux: setpag() may replace credentials

For recent Linux. setpag() may replace the current process' cred
structure with a new one.  This is not a problem for most callers,
but in the case of processing a SetTokens2 pioctl with the setpag
option, the new credentials should be used to determine the target
for the token.

Change-Id: I4441349b8a72eac7d56276abcdf243b2ffd21b98
Reviewed-on: http://gerrit.openafs.org/8924
Reviewed-by: Chas Williams - CONTRACTOR <chas@cmf.nrl.navy.mil>
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Derrick Brashear <shadow@your-file-system.com>
---
 src/afs/afs_pioctl.c | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/src/afs/afs_pioctl.c b/src/afs/afs_pioctl.c
index 0d77471868..b6b2009347 100644
--- a/src/afs/afs_pioctl.c
+++ b/src/afs/afs_pioctl.c
@@ -5328,7 +5328,15 @@ DECL_PIOCTL(PSetTokens2)
     }
 
     if (tokenSet.flags & AFSTOKEN_EX_SETPAG) {
+#if defined(AFS_LINUX26_ENV)
+	afs_ucred_t *old_cred = *acred;
+#endif
 	if (_settok_setParentPag(acred) == 0) {
+#if defined(AFS_LINUX26_ENV)
+	    /* setpag() may have changed our credentials */
+	    *acred = crref();
+	    crfree(old_cred);
+#endif
 	    afs_InitReq(&treq, *acred);
 	    areq = &treq;
 	}