Patchwork [07/11] nsdbc: Handle LDAP_CONFIDENTIALITY_REQUIRED

login
register
mail settings
Submitter Chuck Lever
Date Jan. 24, 2013, 6:35 p.m.
Message ID <20130124183531.13601.70474.stgit@seurat.1015granger.net>
Download mbox | patch
Permalink /patch/215470/
State Accepted
Headers show

Comments

Chuck Lever - Jan. 24, 2013, 6:35 p.m.
If an NSDB is configured to reject FEDFS_SEC_NONE requests, but our
client is configured to use FEDFS_SEC_NONE, libnsdb will return
FEDFS_ERR_NSDB_LDAP_VAL with the LDAP error code
LDAP_CONFIDENTIALITY_REQUIRED.

Update the NSDB client tools to report this error meaningfully.

Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
---

 src/nfsref/lookup.c          |   18 ++++++++++++------
 src/nfsref/remove.c          |   21 +++++++++++++++++----
 src/nsdbc/nsdb-annotate.c    |    4 ++++
 src/nsdbc/nsdb-create-fsl.c  |   12 +++++++++---
 src/nsdbc/nsdb-create-fsn.c  |   12 +++++++++---
 src/nsdbc/nsdb-delete-fsl.c  |   12 +++++++++---
 src/nsdbc/nsdb-delete-fsn.c  |   18 +++++++++++++-----
 src/nsdbc/nsdb-delete-nsdb.c |   12 +++++++++---
 src/nsdbc/nsdb-describe.c    |    4 ++++
 src/nsdbc/nsdb-list.c        |   18 ++++++++++++------
 src/nsdbc/nsdb-nces.c        |   12 +++++++++---
 src/nsdbc/nsdb-remove-nci.c  |   12 +++++++++---
 src/nsdbc/nsdb-resolve-fsn.c |   18 ++++++++++++------
 src/nsdbc/nsdb-simple-nce.c  |   12 +++++++++---
 src/nsdbc/nsdb-update-fsl.c  |   12 +++++++++---
 src/nsdbc/nsdb-update-nci.c  |   12 +++++++++---
 src/plug-ins/nfs-plugin.c    |   22 ++++++++++++++--------
 17 files changed, 169 insertions(+), 62 deletions(-)

Patch

diff --git a/src/nfsref/lookup.c b/src/nfsref/lookup.c
index cc3e293..5d1817e 100644
--- a/src/nfsref/lookup.c
+++ b/src/nfsref/lookup.c
@@ -392,14 +392,20 @@  again:
 			__func__, fsn_uuid);
 		break;
 	case FEDFS_ERR_NSDB_LDAP_VAL:
-		if (ldap_err == LDAP_REFERRAL) {
+		switch (ldap_err) {
+		case LDAP_REFERRAL:
 			retval = nfsref_lookup_follow_ldap_referral(&host);
-			if (retval != FEDFS_OK)
-				break;
-			goto again;
+			if (retval == FEDFS_OK)
+				goto again;
+			break;
+		case LDAP_CONFIDENTIALITY_REQUIRED:
+			xlog(L_ERROR, "TLS security required for %s:%u",
+				nsdb_hostname(host), nsdb_port(host));
+			break;
+		default:
+			xlog(L_ERROR, "%s: NSDB operation failed with %s",
+				__func__, ldap_err2string(ldap_err));
 		}
-		xlog(L_ERROR, "%s: NSDB operation failed with %s",
-			__func__, ldap_err2string(ldap_err));
 		break;
 	default:
 		xlog(L_ERROR, "%s: Failed to resolve FSN %s: %s",
diff --git a/src/nfsref/remove.c b/src/nfsref/remove.c
index a7bfca0..f7da1fc 100644
--- a/src/nfsref/remove.c
+++ b/src/nfsref/remove.c
@@ -230,10 +230,23 @@  nfsref_remove_delete_fsn(const char *junct_path)
 		xlog(L_ERROR, "FSN %s still has FSL entries", fsn_uuid);
 		break;
 	case FEDFS_ERR_NSDB_LDAP_VAL:
-		/* XXX: "Operation not allowed on non-leaf" means
-		 *	this FSN still has children FSLs. */
-		xlog(L_ERROR, "Failed to delete FSN %s: %s",
-			fsn_uuid, ldap_err2string(ldap_err));
+		switch (ldap_err) {
+		case LDAP_REFERRAL:
+			xlog(L_ERROR, "Encountered LDAP referral on %s:%u",
+				nsdb_hostname(host), nsdb_port(host));
+			break;
+		case LDAP_CONFIDENTIALITY_REQUIRED:
+			xlog(L_ERROR, "TLS security required for %s:%u",
+				nsdb_hostname(host), nsdb_port(host));
+			break;
+		case LDAP_NOT_ALLOWED_ON_NONLEAF:
+			xlog(L_ERROR, "Failed to delete: "
+				"this FSN may have children");
+			break;
+		default:
+			xlog(L_ERROR, "Failed to delete FSN %s: %s",
+				fsn_uuid, ldap_err2string(ldap_err));
+		}
 		break;
 	default:
 		xlog(L_ERROR, "Failed to delete FSN %s: %s",
diff --git a/src/nsdbc/nsdb-annotate.c b/src/nsdbc/nsdb-annotate.c
index acf6a94..c14b8f5 100644
--- a/src/nsdbc/nsdb-annotate.c
+++ b/src/nsdbc/nsdb-annotate.c
@@ -315,6 +315,10 @@  main(int argc, char **argv)
 			fprintf(stderr, "Encountered LDAP referral on %s:%u\n",
 				nsdbname, nsdbport);
 			break;
+		case LDAP_CONFIDENTIALITY_REQUIRED:
+			fprintf(stderr, "TLS security required for %s:%u\n",
+				nsdbname, nsdbport);
+			break;
 		case LDAP_NO_SUCH_ATTRIBUTE:
 			fprintf(stderr, "Annotation \"%s\" = \"%s\" not found\n",
 				keyword, value);
diff --git a/src/nsdbc/nsdb-create-fsl.c b/src/nsdbc/nsdb-create-fsl.c
index 573d99b..0e15e15 100644
--- a/src/nsdbc/nsdb-create-fsl.c
+++ b/src/nsdbc/nsdb-create-fsl.c
@@ -300,13 +300,19 @@  main(int argc, char **argv)
 			fprintf(stderr, "NCE %s does not exist\n", nce);
 		break;
 	case FEDFS_ERR_NSDB_LDAP_VAL:
-		if (ldap_err == LDAP_REFERRAL) {
+		switch (ldap_err) {
+		case LDAP_REFERRAL:
 			fprintf(stderr, "Encountered LDAP referral on %s:%u\n",
 				nsdbname, nsdbport);
 			break;
+		case LDAP_CONFIDENTIALITY_REQUIRED:
+			fprintf(stderr, "TLS security required for %s:%u\n",
+				nsdbname, nsdbport);
+			break;
+		default:
+			fprintf(stderr, "Failed to create FSL %s: %s\n",
+				fsl_uuid, ldap_err2string(ldap_err));
 		}
-		fprintf(stderr, "Failed to create FSL %s: %s\n",
-			fsl_uuid, ldap_err2string(ldap_err));
 		break;
 	default:
 		fprintf(stderr, "Failed to create FSL %s: %s\n",
diff --git a/src/nsdbc/nsdb-create-fsn.c b/src/nsdbc/nsdb-create-fsn.c
index 48e0099..5f8fd21 100644
--- a/src/nsdbc/nsdb-create-fsn.c
+++ b/src/nsdbc/nsdb-create-fsn.c
@@ -277,13 +277,19 @@  main(int argc, char **argv)
 			fprintf(stderr, "NCE %s does not exist\n", nce);
 		break;
 	case FEDFS_ERR_NSDB_LDAP_VAL:
-		if (ldap_err == LDAP_REFERRAL) {
+		switch (ldap_err) {
+		case LDAP_REFERRAL:
 			fprintf(stderr, "Encountered LDAP referral on %s:%u\n",
 				nsdbname, nsdbport);
 			break;
+		case LDAP_CONFIDENTIALITY_REQUIRED:
+			fprintf(stderr, "TLS security required for %s:%u\n",
+				nsdbname, nsdbport);
+			break;
+		default:
+			fprintf(stderr, "Failed to create FSN: %s\n",
+				ldap_err2string(ldap_err));
 		}
-		fprintf(stderr, "Failed to create FSN: %s\n",
-			ldap_err2string(ldap_err));
 		break;
 	default:
 		fprintf(stderr, "Failed to create FSN: %s\n",
diff --git a/src/nsdbc/nsdb-delete-fsl.c b/src/nsdbc/nsdb-delete-fsl.c
index d051da2..9355606 100644
--- a/src/nsdbc/nsdb-delete-fsl.c
+++ b/src/nsdbc/nsdb-delete-fsl.c
@@ -263,13 +263,19 @@  main(int argc, char **argv)
 			nsdbname, nsdbport, fsl_uuid);
 		break;
 	case FEDFS_ERR_NSDB_LDAP_VAL:
-		if (ldap_err == LDAP_REFERRAL) {
+		switch (ldap_err) {
+		case LDAP_REFERRAL:
 			fprintf(stderr, "Encountered LDAP referral on %s:%u\n",
 				nsdbname, nsdbport);
 			break;
+		case LDAP_CONFIDENTIALITY_REQUIRED:
+			fprintf(stderr, "TLS security required for %s:%u\n",
+				nsdbname, nsdbport);
+			break;
+		default:
+			fprintf(stderr, "Failed to delete FSL %s: %s\n",
+				fsl_uuid, ldap_err2string(ldap_err));
 		}
-		fprintf(stderr, "Failed to delete FSL %s: %s\n",
-			fsl_uuid, ldap_err2string(ldap_err));
 		break;
 	default:
 		fprintf(stderr, "Failed to delete FSL %s: %s\n",
diff --git a/src/nsdbc/nsdb-delete-fsn.c b/src/nsdbc/nsdb-delete-fsn.c
index f52bd24..20518bf 100644
--- a/src/nsdbc/nsdb-delete-fsn.c
+++ b/src/nsdbc/nsdb-delete-fsn.c
@@ -272,15 +272,23 @@  main(int argc, char **argv)
 		fprintf(stderr, "FSN %s still has FSL entries\n", fsn_uuid);
 		break;
 	case FEDFS_ERR_NSDB_LDAP_VAL:
-		if (ldap_err == LDAP_REFERRAL) {
+		switch (ldap_err) {
+		case LDAP_REFERRAL:
 			fprintf(stderr, "Encountered LDAP referral on %s:%u\n",
 				nsdbname, nsdbport);
 			break;
+		case LDAP_CONFIDENTIALITY_REQUIRED:
+			fprintf(stderr, "TLS security required for %s:%u\n",
+				nsdbname, nsdbport);
+			break;
+		case LDAP_NOT_ALLOWED_ON_NONLEAF:
+			fprintf(stderr, "Failed to delete: "
+				"this FSN may have children\n");
+			break;
+		default:
+			fprintf(stderr, "Failed to delete FSN %s: %s\n",
+				fsn_uuid, ldap_err2string(ldap_err));
 		}
-		/* XXX: "Operation not allowed on non-leaf" means
-		 *	this FSN still has children FSLs. */
-		fprintf(stderr, "Failed to delete FSN %s: %s\n",
-			fsn_uuid, ldap_err2string(ldap_err));
 		break;
 	default:
 		fprintf(stderr, "Failed to delete FSN %s: %s\n",
diff --git a/src/nsdbc/nsdb-delete-nsdb.c b/src/nsdbc/nsdb-delete-nsdb.c
index 5f330f6..2e25a31 100644
--- a/src/nsdbc/nsdb-delete-nsdb.c
+++ b/src/nsdbc/nsdb-delete-nsdb.c
@@ -229,13 +229,19 @@  main(int argc, char **argv)
 		fprintf(stderr, "NCE %s does not exist\n", nce);
 		break;
 	case FEDFS_ERR_NSDB_LDAP_VAL:
-		if (ldap_err == LDAP_REFERRAL) {
+		switch (ldap_err) {
+		case LDAP_REFERRAL:
 			fprintf(stderr, "Encountered LDAP referral on %s:%u\n",
 				nsdbname, nsdbport);
 			break;
+		case LDAP_CONFIDENTIALITY_REQUIRED:
+			fprintf(stderr, "TLS security required for %s:%u\n",
+				nsdbname, nsdbport);
+			break;
+		default:
+			fprintf(stderr, "Failed to remove NCE %s: %s\n",
+				nce, ldap_err2string(ldap_err));
 		}
-		fprintf(stderr, "Failed to remove NCE %s: %s\n",
-			nce, ldap_err2string(ldap_err));
 		break;
 	default:
 		fprintf(stderr, "Failed to remove NCE %s: %s\n",
diff --git a/src/nsdbc/nsdb-describe.c b/src/nsdbc/nsdb-describe.c
index 70b9eee..deaec2d 100644
--- a/src/nsdbc/nsdb-describe.c
+++ b/src/nsdbc/nsdb-describe.c
@@ -258,6 +258,10 @@  main(int argc, char **argv)
 			fprintf(stderr, "Encountered LDAP referral on %s:%u\n",
 				nsdbname, nsdbport);
 			break;
+		case LDAP_CONFIDENTIALITY_REQUIRED:
+			fprintf(stderr, "TLS security required for %s:%u\n",
+				nsdbname, nsdbport);
+			break;
 		case LDAP_NO_SUCH_OBJECT:
 			fprintf(stderr, "Entry \"%s\" not found\n", entry);
 			break;
diff --git a/src/nsdbc/nsdb-list.c b/src/nsdbc/nsdb-list.c
index 5659a44..72b05a2 100644
--- a/src/nsdbc/nsdb-list.c
+++ b/src/nsdbc/nsdb-list.c
@@ -328,14 +328,20 @@  again:
 			fprintf(stderr, "NCE %s does not exist\n", nce);
 		break;
 	case FEDFS_ERR_NSDB_LDAP_VAL:
-		if (ldap_err == LDAP_REFERRAL) {
+		switch (ldap_err) {
+		case LDAP_REFERRAL:
 			retval = nsdb_list_follow_ldap_referral(&host);
-			if (retval != FEDFS_OK)
-				break;
-			goto again;
+			if (retval == FEDFS_OK)
+				goto again;
+			break;
+		case LDAP_CONFIDENTIALITY_REQUIRED:
+			fprintf(stderr, "TLS security required for %s:%u\n",
+				nsdbname, nsdbport);
+			break;
+		default:
+			fprintf(stderr, "Failed to list FSNs: %s\n",
+				ldap_err2string(ldap_err));
 		}
-		fprintf(stderr, "Failed to list FSNs: %s\n",
-			ldap_err2string(ldap_err));
 		break;
 	default:
 		fprintf(stderr, "Failed to list FSNs: %s\n",
diff --git a/src/nsdbc/nsdb-nces.c b/src/nsdbc/nsdb-nces.c
index 77b00f1..d31cacc 100644
--- a/src/nsdbc/nsdb-nces.c
+++ b/src/nsdbc/nsdb-nces.c
@@ -200,13 +200,19 @@  main(int argc, char **argv)
 	case FEDFS_OK:
 		break;
 	case FEDFS_ERR_NSDB_LDAP_VAL:
-		if (ldap_err == LDAP_REFERRAL) {
+		switch (ldap_err) {
+		case LDAP_REFERRAL:
 			fprintf(stderr, "Encountered LDAP referral on %s:%u\n",
 				nsdbname, nsdbport);
 			break;
+		case LDAP_CONFIDENTIALITY_REQUIRED:
+			fprintf(stderr, "TLS security required for %s:%u\n",
+				nsdbname, nsdbport);
+			break;
+		default:
+			fprintf(stderr, "Failed to list NCEs: %s\n",
+				ldap_err2string(ldap_err));
 		}
-		fprintf(stderr, "Failed to list NCEs: %s\n",
-			ldap_err2string(ldap_err));
 		goto out_close;
 	default:
 		fprintf(stderr, "Failed to list NCEs: %s\n",
diff --git a/src/nsdbc/nsdb-remove-nci.c b/src/nsdbc/nsdb-remove-nci.c
index 2e0dcad..0224314 100644
--- a/src/nsdbc/nsdb-remove-nci.c
+++ b/src/nsdbc/nsdb-remove-nci.c
@@ -226,13 +226,19 @@  main(int argc, char **argv)
 		fprintf(stderr, "NCE %s does not exist\n", nce);
 		break;
 	case FEDFS_ERR_NSDB_LDAP_VAL:
-		if (ldap_err == LDAP_REFERRAL) {
+		switch (ldap_err) {
+		case LDAP_REFERRAL:
 			fprintf(stderr, "Encountered LDAP referral on %s:%u\n",
 				nsdbname, nsdbport);
 			break;
+		case LDAP_CONFIDENTIALITY_REQUIRED:
+			fprintf(stderr, "TLS security required for %s:%u\n",
+				nsdbname, nsdbport);
+			break;
+		default:
+			fprintf(stderr, "Failed to remove NCI for NCE %s: %s\n",
+				nce, ldap_err2string(ldap_err));
 		}
-		fprintf(stderr, "Failed to remove NCI for NCE %s: %s\n",
-			nce, ldap_err2string(ldap_err));
 		break;
 	default:
 		fprintf(stderr, "Failed to remove NCI for NCE %s: %s\n",
diff --git a/src/nsdbc/nsdb-resolve-fsn.c b/src/nsdbc/nsdb-resolve-fsn.c
index efeb327..5a004fb 100644
--- a/src/nsdbc/nsdb-resolve-fsn.c
+++ b/src/nsdbc/nsdb-resolve-fsn.c
@@ -380,14 +380,20 @@  again:
 		fprintf(stderr, "Failed to find FSN %s\n", fsn_uuid);
 		goto out_close;
 	case FEDFS_ERR_NSDB_LDAP_VAL:
-		if (ldap_err == LDAP_REFERRAL) {
+		switch (ldap_err) {
+		case LDAP_REFERRAL:
 			retval = nsdb_resolve_fsn_follow_ldap_referral(&host);
-			if (retval != FEDFS_OK)
-				goto out_close;
-			goto again;
+			if (retval == FEDFS_OK)
+				goto again;
+			break;
+		case LDAP_CONFIDENTIALITY_REQUIRED:
+			fprintf(stderr, "TLS security required for %s:%u\n",
+				nsdbname, nsdbport);
+			break;
+		default:
+			fprintf(stderr, "NSDB LDAP error: %s\n",
+				ldap_err2string(ldap_err));
 		}
-		fprintf(stderr, "NSDB LDAP error: %s\n",
-			ldap_err2string(ldap_err));
 		goto out_close;
 	default:
 		fprintf(stderr, "FedFsStatus code "
diff --git a/src/nsdbc/nsdb-simple-nce.c b/src/nsdbc/nsdb-simple-nce.c
index c7174c0..e70c604 100644
--- a/src/nsdbc/nsdb-simple-nce.c
+++ b/src/nsdbc/nsdb-simple-nce.c
@@ -240,13 +240,19 @@  main(int argc, char **argv)
 			"for this NSDB\n", nce);
 		break;
 	case FEDFS_ERR_NSDB_LDAP_VAL:
-		if (ldap_err == LDAP_REFERRAL) {
+		switch (ldap_err) {
+		case LDAP_REFERRAL:
 			fprintf(stderr, "Encountered LDAP referral on %s:%u\n",
 				nsdbname, nsdbport);
 			break;
+		case LDAP_CONFIDENTIALITY_REQUIRED:
+			fprintf(stderr, "TLS security required for %s:%u\n",
+				nsdbname, nsdbport);
+			break;
+		default:
+			fprintf(stderr, "Failed to update NCI: %s\n",
+				ldap_err2string(ldap_err));
 		}
-		fprintf(stderr, "Failed to update NCI: %s\n",
-			ldap_err2string(ldap_err));
 		break;
 	default:
 		fprintf(stderr, "Failed to update NCI: %s\n",
diff --git a/src/nsdbc/nsdb-update-fsl.c b/src/nsdbc/nsdb-update-fsl.c
index e2fb2f0..406373d 100644
--- a/src/nsdbc/nsdb-update-fsl.c
+++ b/src/nsdbc/nsdb-update-fsl.c
@@ -271,13 +271,19 @@  main(int argc, char **argv)
 			fprintf(stderr, "NCE %s does not exist\n", nce);
 		break;
 	case FEDFS_ERR_NSDB_LDAP_VAL:
-		if (ldap_err == LDAP_REFERRAL) {
+		switch (ldap_err) {
+		case LDAP_REFERRAL:
 			fprintf(stderr, "Encountered LDAP referral on %s:%u\n",
 				nsdbname, nsdbport);
 			break;
+		case LDAP_CONFIDENTIALITY_REQUIRED:
+			fprintf(stderr, "TLS security required for %s:%u\n",
+				nsdbname, nsdbport);
+			break;
+		default:
+			fprintf(stderr, "Failed to update FSL %s: %s\n",
+				fsl_uuid, ldap_err2string(ldap_err));
 		}
-		fprintf(stderr, "Failed to update FSL %s: %s\n",
-			fsl_uuid, ldap_err2string(ldap_err));
 		break;
 	default:
 		fprintf(stderr, "Failed to update FSL %s: %s\n",
diff --git a/src/nsdbc/nsdb-update-nci.c b/src/nsdbc/nsdb-update-nci.c
index e2c0b37..1d3c833 100644
--- a/src/nsdbc/nsdb-update-nci.c
+++ b/src/nsdbc/nsdb-update-nci.c
@@ -245,13 +245,19 @@  main(int argc, char **argv)
 			"for this NSDB\n", nce);
 		break;
 	case FEDFS_ERR_NSDB_LDAP_VAL:
-		if (ldap_err == LDAP_REFERRAL) {
+		switch (ldap_err) {
+		case LDAP_REFERRAL:
 			fprintf(stderr, "Encountered LDAP referral on %s:%u\n",
 				nsdbname, nsdbport);
 			break;
+		case LDAP_CONFIDENTIALITY_REQUIRED:
+			fprintf(stderr, "TLS security required for %s:%u\n",
+				nsdbname, nsdbport);
+			break;
+		default:
+			fprintf(stderr, "Failed to update NCI: %s\n",
+				ldap_err2string(ldap_err));
 		}
-		fprintf(stderr, "Failed to update NCI: %s\n",
-			ldap_err2string(ldap_err));
 		break;
 	default:
 		fprintf(stderr, "Failed to update NCI: %s\n",
diff --git a/src/plug-ins/nfs-plugin.c b/src/plug-ins/nfs-plugin.c
index c50c648..7f0127f 100644
--- a/src/plug-ins/nfs-plugin.c
+++ b/src/plug-ins/nfs-plugin.c
@@ -413,8 +413,20 @@  again:
 			__func__, fsn_uuid);
 		goto out_close;
 	case FEDFS_ERR_NSDB_LDAP_VAL:
-		nfs_jp_debug("%s: NSDB operation failed with %s\n",
-			__func__, ldap_err2string(ldap_err));
+		switch (ldap_err) {
+		case LDAP_REFERRAL:
+			retval = nfs_jp_follow_ldap_referral(&host);
+			if (retval == FEDFS_OK)
+				goto again;
+			break;
+		case LDAP_CONFIDENTIALITY_REQUIRED:
+			nfs_jp_debug("TLS security required for %s:%u\n",
+				nsdb_hostname(host), nsdb_port(host));
+			break;
+		default:
+			nfs_jp_debug("%s: NSDB operation failed with %s\n",
+				__func__, ldap_err2string(ldap_err));
+		}
 		goto out_close;
 	default:
 		nfs_jp_debug("%s: Failed to resolve FSN %s: %s\n",
@@ -441,12 +453,6 @@  again:
 			__func__, fsn_uuid);
 		break;
 	case FEDFS_ERR_NSDB_LDAP_VAL:
-		if (ldap_err == LDAP_REFERRAL) {
-			retval = nfs_jp_follow_ldap_referral(&host);
-			if (retval != FEDFS_OK)
-				break;
-			goto again;
-		}
 		nfs_jp_debug("%s: NSDB operation failed with %s\n",
 			__func__, ldap_err2string(ldap_err));
 		break;