LU-18145 gss: fix key unlink for regular user
In case a key is unlinked for a regular user, it can be necessary to
switch credentials to find a valid keyring for that user, which
implies changing the user namespace as well. This needs a reference
drop on the original namespace, as a ref was taken by prepare_creds(),
and also to take a reference on the newly set namespace, as a ref will
be dropped when put_cred() is finally called.
Because of the user switch, calling get_user_keyring() also adds one
more ref on the user keyring, for kernel implementation based on user
keyring pinned from the user_struct struct. This extra ref needs to be
dropped, but just for this specific case.
Test-Parameters: trivial
Test-Parameters: testgroup=review-dne-selinux-ssk-part-1
Test-Parameters: testgroup=review-dne-selinux-ssk-part-2
Test-Parameters: kerberos=true testlist=sanity-krb5
Fixes:
bc740feeaa ("LU-17714 gss: support revoked session keyring")
Signed-off-by: Sebastien Buisson <sbuisson@ddn.com>
Change-Id: I4d8fb354394a9f97dedf8aca84e4e3381a98fc60
Reviewed-on: https://review.whamcloud.com/c/fs/lustre-release/+/56053
Reviewed-by: Andreas Dilger <adilger@whamcloud.com>
Reviewed-by: Oleg Drokin <green@whamcloud.com>
Reviewed-by: Bruno Faccini <bfaccini@nvidia.com>
Tested-by: jenkins <devops@whamcloud.com>
Tested-by: Maloo <maloo@whamcloud.com>