OpenAFS Master Repository branch, master, updated. openafs-devel-1_5_66-93-g7b27217

Gerrit Code Review gerrit@openafs.org
Sun, 22 Nov 2009 20:45:06 -0800 (PST) 

The following commit has been merged in the master branch:
commit 7b272177de4c6f78db7f2315f4e30e85ab7660bb
Author: Marc Dionne <marc.c.dionne@gmail.com>
Date:   Sat Oct 24 22:10:46 2009 -0400

    Linux: Keyrings PAG handling changes
    
    We can take advantage of the fact that PagInCred now receives
    a kernel credentials structure as an argument (including any session
    keyring) to make some improvements in the handling of PAGs
    when keyrings are in use.
    
    These changes are effective only if keyrings are in use and we
    have a recent enough kernel where we can use the kernel
    credentials structure.
    
    1 - Search the session keyring of the passed credentials instead of
    the current process' to determine the PAG, if any.  This was always
    not really correct, and now we're able to do the right thing.
    In some situations such as background writeback and pre-fetching,
    this means that we'll now do it with the right credentials, even when
    in a PAG.
    
    2 - Don't use groups at all to determine PAG membership.  Doing so
    can lead to some inconsistent situations such as the one described
    in RT 125198, where a process gets access through a soon to be
    deleted PAG.  Make PagInCred look exclusively at the keyrings.
    Groups are still updated to try to reflect the current PAG for now,
    if the passed credentials belong to the current process.
    
    Note that a process can no longer get a PAG's privileges simply by
    adding the corresponding groups to its group list.
    
    No behaviour change for kernels prior to 2.6.29.
    
    FIXES 125198
    
    Change-Id: Ifb171993cc9ca9d6a97fb7312909485ec0666efb
    Reviewed-on: http://gerrit.openafs.org/730
    Reviewed-by: Derrick Brashear <shadow@dementia.org>
    Tested-by: Derrick Brashear <shadow@dementia.org>

 src/afs/LINUX/osi_groups.c     |   36 ++++++++++++++++++++++
 src/afs/LINUX/osi_prototypes.h |    1 +
 src/afs/afs_osi_pag.c          |   66 +++++++++++++++++++--------------------
 3 files changed, 69 insertions(+), 34 deletions(-)

-- 
OpenAFS Master Repository