git.openafs.org Git - openafs.git/commit

author	Andrew Deason <adeason@sinenomine.net>
	Fri, 12 Aug 2011 19:50:26 +0000 (14:50 -0500)
committer	Derrick Brashear <shadow@dementix.org>
	Sun, 23 Oct 2011 23:21:44 +0000 (16:21 -0700)
commit	ee2fbffb04bb8b5098354646e262afa90c1b6f59
tree	a020473e6058e0e9085ce3b239c9d368fe3af33a	tree \| snapshot
parent	dd831c09602f1ef16cc7dece84aeff638cce7272	commit \| diff

LINUX: Revert group changes on keyring failure

On Linux kernels that support keyrings, when we setpag we try to add
the PAG to the session keyring and to the supplemental group list.
Currently, if we fail to add the PAG to the keyring (which may happen
due to key quotas, or possibly other reasons), we return failure but
the group list is still modified with the new PAG in it.

Therefore, if the keyring-based approach fails, the new PAG may still
be in use, but there are no keyring keys associated with that PAG, so
the PAG may never get destroyed. This can cause a large number of PAGs
to accumulate over time, causing performance problems.

So, change this so that, in the event that keyring installation fails,
we revert the group list back to what it was before we touched it.
Also mark all unixusers with the new PAG as expired, in case one got
created during processing. Thus, the new PAG never gets used.

Change-Id: I61993edf705209e1a5d8dee638a9003690017c35
Reviewed-on: http://gerrit.openafs.org/5238
Tested-by: Derrick Brashear <shadow@dementix.org>
Reviewed-by: Derrick Brashear <shadow@dementix.org>

src/afs/LINUX/osi_groups.c		diff \| blob \| history
src/afs/LINUX/osi_prototypes.h		diff \| blob \| history