If an NSDB is configured to reject FEDFS_SEC_NONE requests, but our client is configured to use FEDFS_SEC_NONE, libnsdb will return FEDFS_ERR_NSDB_LDAP_VAL with the LDAP error code LDAP_CONFIDENTIALITY_REQUIRED.
Update the NSDB client tools to report this error meaningfully. Signed-off-by: Chuck Lever <[email protected]> --- src/nfsref/lookup.c | 18 ++++++++++++------ src/nfsref/remove.c | 21 +++++++++++++++++---- src/nsdbc/nsdb-annotate.c | 4 ++++ src/nsdbc/nsdb-create-fsl.c | 12 +++++++++--- src/nsdbc/nsdb-create-fsn.c | 12 +++++++++--- src/nsdbc/nsdb-delete-fsl.c | 12 +++++++++--- src/nsdbc/nsdb-delete-fsn.c | 18 +++++++++++++----- src/nsdbc/nsdb-delete-nsdb.c | 12 +++++++++--- src/nsdbc/nsdb-describe.c | 4 ++++ src/nsdbc/nsdb-list.c | 18 ++++++++++++------ src/nsdbc/nsdb-nces.c | 12 +++++++++--- src/nsdbc/nsdb-remove-nci.c | 12 +++++++++--- src/nsdbc/nsdb-resolve-fsn.c | 18 ++++++++++++------ src/nsdbc/nsdb-simple-nce.c | 12 +++++++++--- src/nsdbc/nsdb-update-fsl.c | 12 +++++++++--- src/nsdbc/nsdb-update-nci.c | 12 +++++++++--- src/plug-ins/nfs-plugin.c | 22 ++++++++++++++-------- 17 files changed, 169 insertions(+), 62 deletions(-) diff --git a/src/nfsref/lookup.c b/src/nfsref/lookup.c index cc3e293..5d1817e 100644 --- a/src/nfsref/lookup.c +++ b/src/nfsref/lookup.c @@ -392,14 +392,20 @@ again: __func__, fsn_uuid); break; case FEDFS_ERR_NSDB_LDAP_VAL: - if (ldap_err == LDAP_REFERRAL) { + switch (ldap_err) { + case LDAP_REFERRAL: retval = nfsref_lookup_follow_ldap_referral(&host); - if (retval != FEDFS_OK) - break; - goto again; + if (retval == FEDFS_OK) + goto again; + break; + case LDAP_CONFIDENTIALITY_REQUIRED: + xlog(L_ERROR, "TLS security required for %s:%u", + nsdb_hostname(host), nsdb_port(host)); + break; + default: + xlog(L_ERROR, "%s: NSDB operation failed with %s", + __func__, ldap_err2string(ldap_err)); } - xlog(L_ERROR, "%s: NSDB operation failed with %s", - __func__, ldap_err2string(ldap_err)); break; default: xlog(L_ERROR, "%s: Failed to resolve FSN %s: %s", diff --git a/src/nfsref/remove.c b/src/nfsref/remove.c index a7bfca0..f7da1fc 100644 --- a/src/nfsref/remove.c +++ b/src/nfsref/remove.c @@ -230,10 +230,23 @@ nfsref_remove_delete_fsn(const char *junct_path) xlog(L_ERROR, "FSN %s still has FSL entries", fsn_uuid); break; case FEDFS_ERR_NSDB_LDAP_VAL: - /* XXX: "Operation not allowed on non-leaf" means - * this FSN still has children FSLs. */ - xlog(L_ERROR, "Failed to delete FSN %s: %s", - fsn_uuid, ldap_err2string(ldap_err)); + switch (ldap_err) { + case LDAP_REFERRAL: + xlog(L_ERROR, "Encountered LDAP referral on %s:%u", + nsdb_hostname(host), nsdb_port(host)); + break; + case LDAP_CONFIDENTIALITY_REQUIRED: + xlog(L_ERROR, "TLS security required for %s:%u", + nsdb_hostname(host), nsdb_port(host)); + break; + case LDAP_NOT_ALLOWED_ON_NONLEAF: + xlog(L_ERROR, "Failed to delete: " + "this FSN may have children"); + break; + default: + xlog(L_ERROR, "Failed to delete FSN %s: %s", + fsn_uuid, ldap_err2string(ldap_err)); + } break; default: xlog(L_ERROR, "Failed to delete FSN %s: %s", diff --git a/src/nsdbc/nsdb-annotate.c b/src/nsdbc/nsdb-annotate.c index acf6a94..c14b8f5 100644 --- a/src/nsdbc/nsdb-annotate.c +++ b/src/nsdbc/nsdb-annotate.c @@ -315,6 +315,10 @@ main(int argc, char **argv) fprintf(stderr, "Encountered LDAP referral on %s:%u\n", nsdbname, nsdbport); break; + case LDAP_CONFIDENTIALITY_REQUIRED: + fprintf(stderr, "TLS security required for %s:%u\n", + nsdbname, nsdbport); + break; case LDAP_NO_SUCH_ATTRIBUTE: fprintf(stderr, "Annotation \"%s\" = \"%s\" not found\n", keyword, value); diff --git a/src/nsdbc/nsdb-create-fsl.c b/src/nsdbc/nsdb-create-fsl.c index 573d99b..0e15e15 100644 --- a/src/nsdbc/nsdb-create-fsl.c +++ b/src/nsdbc/nsdb-create-fsl.c @@ -300,13 +300,19 @@ main(int argc, char **argv) fprintf(stderr, "NCE %s does not exist\n", nce); break; case FEDFS_ERR_NSDB_LDAP_VAL: - if (ldap_err == LDAP_REFERRAL) { + switch (ldap_err) { + case LDAP_REFERRAL: fprintf(stderr, "Encountered LDAP referral on %s:%u\n", nsdbname, nsdbport); break; + case LDAP_CONFIDENTIALITY_REQUIRED: + fprintf(stderr, "TLS security required for %s:%u\n", + nsdbname, nsdbport); + break; + default: + fprintf(stderr, "Failed to create FSL %s: %s\n", + fsl_uuid, ldap_err2string(ldap_err)); } - fprintf(stderr, "Failed to create FSL %s: %s\n", - fsl_uuid, ldap_err2string(ldap_err)); break; default: fprintf(stderr, "Failed to create FSL %s: %s\n", diff --git a/src/nsdbc/nsdb-create-fsn.c b/src/nsdbc/nsdb-create-fsn.c index 48e0099..5f8fd21 100644 --- a/src/nsdbc/nsdb-create-fsn.c +++ b/src/nsdbc/nsdb-create-fsn.c @@ -277,13 +277,19 @@ main(int argc, char **argv) fprintf(stderr, "NCE %s does not exist\n", nce); break; case FEDFS_ERR_NSDB_LDAP_VAL: - if (ldap_err == LDAP_REFERRAL) { + switch (ldap_err) { + case LDAP_REFERRAL: fprintf(stderr, "Encountered LDAP referral on %s:%u\n", nsdbname, nsdbport); break; + case LDAP_CONFIDENTIALITY_REQUIRED: + fprintf(stderr, "TLS security required for %s:%u\n", + nsdbname, nsdbport); + break; + default: + fprintf(stderr, "Failed to create FSN: %s\n", + ldap_err2string(ldap_err)); } - fprintf(stderr, "Failed to create FSN: %s\n", - ldap_err2string(ldap_err)); break; default: fprintf(stderr, "Failed to create FSN: %s\n", diff --git a/src/nsdbc/nsdb-delete-fsl.c b/src/nsdbc/nsdb-delete-fsl.c index d051da2..9355606 100644 --- a/src/nsdbc/nsdb-delete-fsl.c +++ b/src/nsdbc/nsdb-delete-fsl.c @@ -263,13 +263,19 @@ main(int argc, char **argv) nsdbname, nsdbport, fsl_uuid); break; case FEDFS_ERR_NSDB_LDAP_VAL: - if (ldap_err == LDAP_REFERRAL) { + switch (ldap_err) { + case LDAP_REFERRAL: fprintf(stderr, "Encountered LDAP referral on %s:%u\n", nsdbname, nsdbport); break; + case LDAP_CONFIDENTIALITY_REQUIRED: + fprintf(stderr, "TLS security required for %s:%u\n", + nsdbname, nsdbport); + break; + default: + fprintf(stderr, "Failed to delete FSL %s: %s\n", + fsl_uuid, ldap_err2string(ldap_err)); } - fprintf(stderr, "Failed to delete FSL %s: %s\n", - fsl_uuid, ldap_err2string(ldap_err)); break; default: fprintf(stderr, "Failed to delete FSL %s: %s\n", diff --git a/src/nsdbc/nsdb-delete-fsn.c b/src/nsdbc/nsdb-delete-fsn.c index f52bd24..20518bf 100644 --- a/src/nsdbc/nsdb-delete-fsn.c +++ b/src/nsdbc/nsdb-delete-fsn.c @@ -272,15 +272,23 @@ main(int argc, char **argv) fprintf(stderr, "FSN %s still has FSL entries\n", fsn_uuid); break; case FEDFS_ERR_NSDB_LDAP_VAL: - if (ldap_err == LDAP_REFERRAL) { + switch (ldap_err) { + case LDAP_REFERRAL: fprintf(stderr, "Encountered LDAP referral on %s:%u\n", nsdbname, nsdbport); break; + case LDAP_CONFIDENTIALITY_REQUIRED: + fprintf(stderr, "TLS security required for %s:%u\n", + nsdbname, nsdbport); + break; + case LDAP_NOT_ALLOWED_ON_NONLEAF: + fprintf(stderr, "Failed to delete: " + "this FSN may have children\n"); + break; + default: + fprintf(stderr, "Failed to delete FSN %s: %s\n", + fsn_uuid, ldap_err2string(ldap_err)); } - /* XXX: "Operation not allowed on non-leaf" means - * this FSN still has children FSLs. */ - fprintf(stderr, "Failed to delete FSN %s: %s\n", - fsn_uuid, ldap_err2string(ldap_err)); break; default: fprintf(stderr, "Failed to delete FSN %s: %s\n", diff --git a/src/nsdbc/nsdb-delete-nsdb.c b/src/nsdbc/nsdb-delete-nsdb.c index 5f330f6..2e25a31 100644 --- a/src/nsdbc/nsdb-delete-nsdb.c +++ b/src/nsdbc/nsdb-delete-nsdb.c @@ -229,13 +229,19 @@ main(int argc, char **argv) fprintf(stderr, "NCE %s does not exist\n", nce); break; case FEDFS_ERR_NSDB_LDAP_VAL: - if (ldap_err == LDAP_REFERRAL) { + switch (ldap_err) { + case LDAP_REFERRAL: fprintf(stderr, "Encountered LDAP referral on %s:%u\n", nsdbname, nsdbport); break; + case LDAP_CONFIDENTIALITY_REQUIRED: + fprintf(stderr, "TLS security required for %s:%u\n", + nsdbname, nsdbport); + break; + default: + fprintf(stderr, "Failed to remove NCE %s: %s\n", + nce, ldap_err2string(ldap_err)); } - fprintf(stderr, "Failed to remove NCE %s: %s\n", - nce, ldap_err2string(ldap_err)); break; default: fprintf(stderr, "Failed to remove NCE %s: %s\n", diff --git a/src/nsdbc/nsdb-describe.c b/src/nsdbc/nsdb-describe.c index 70b9eee..deaec2d 100644 --- a/src/nsdbc/nsdb-describe.c +++ b/src/nsdbc/nsdb-describe.c @@ -258,6 +258,10 @@ main(int argc, char **argv) fprintf(stderr, "Encountered LDAP referral on %s:%u\n", nsdbname, nsdbport); break; + case LDAP_CONFIDENTIALITY_REQUIRED: + fprintf(stderr, "TLS security required for %s:%u\n", + nsdbname, nsdbport); + break; case LDAP_NO_SUCH_OBJECT: fprintf(stderr, "Entry \"%s\" not found\n", entry); break; diff --git a/src/nsdbc/nsdb-list.c b/src/nsdbc/nsdb-list.c index 5659a44..72b05a2 100644 --- a/src/nsdbc/nsdb-list.c +++ b/src/nsdbc/nsdb-list.c @@ -328,14 +328,20 @@ again: fprintf(stderr, "NCE %s does not exist\n", nce); break; case FEDFS_ERR_NSDB_LDAP_VAL: - if (ldap_err == LDAP_REFERRAL) { + switch (ldap_err) { + case LDAP_REFERRAL: retval = nsdb_list_follow_ldap_referral(&host); - if (retval != FEDFS_OK) - break; - goto again; + if (retval == FEDFS_OK) + goto again; + break; + case LDAP_CONFIDENTIALITY_REQUIRED: + fprintf(stderr, "TLS security required for %s:%u\n", + nsdbname, nsdbport); + break; + default: + fprintf(stderr, "Failed to list FSNs: %s\n", + ldap_err2string(ldap_err)); } - fprintf(stderr, "Failed to list FSNs: %s\n", - ldap_err2string(ldap_err)); break; default: fprintf(stderr, "Failed to list FSNs: %s\n", diff --git a/src/nsdbc/nsdb-nces.c b/src/nsdbc/nsdb-nces.c index 77b00f1..d31cacc 100644 --- a/src/nsdbc/nsdb-nces.c +++ b/src/nsdbc/nsdb-nces.c @@ -200,13 +200,19 @@ main(int argc, char **argv) case FEDFS_OK: break; case FEDFS_ERR_NSDB_LDAP_VAL: - if (ldap_err == LDAP_REFERRAL) { + switch (ldap_err) { + case LDAP_REFERRAL: fprintf(stderr, "Encountered LDAP referral on %s:%u\n", nsdbname, nsdbport); break; + case LDAP_CONFIDENTIALITY_REQUIRED: + fprintf(stderr, "TLS security required for %s:%u\n", + nsdbname, nsdbport); + break; + default: + fprintf(stderr, "Failed to list NCEs: %s\n", + ldap_err2string(ldap_err)); } - fprintf(stderr, "Failed to list NCEs: %s\n", - ldap_err2string(ldap_err)); goto out_close; default: fprintf(stderr, "Failed to list NCEs: %s\n", diff --git a/src/nsdbc/nsdb-remove-nci.c b/src/nsdbc/nsdb-remove-nci.c index 2e0dcad..0224314 100644 --- a/src/nsdbc/nsdb-remove-nci.c +++ b/src/nsdbc/nsdb-remove-nci.c @@ -226,13 +226,19 @@ main(int argc, char **argv) fprintf(stderr, "NCE %s does not exist\n", nce); break; case FEDFS_ERR_NSDB_LDAP_VAL: - if (ldap_err == LDAP_REFERRAL) { + switch (ldap_err) { + case LDAP_REFERRAL: fprintf(stderr, "Encountered LDAP referral on %s:%u\n", nsdbname, nsdbport); break; + case LDAP_CONFIDENTIALITY_REQUIRED: + fprintf(stderr, "TLS security required for %s:%u\n", + nsdbname, nsdbport); + break; + default: + fprintf(stderr, "Failed to remove NCI for NCE %s: %s\n", + nce, ldap_err2string(ldap_err)); } - fprintf(stderr, "Failed to remove NCI for NCE %s: %s\n", - nce, ldap_err2string(ldap_err)); break; default: fprintf(stderr, "Failed to remove NCI for NCE %s: %s\n", diff --git a/src/nsdbc/nsdb-resolve-fsn.c b/src/nsdbc/nsdb-resolve-fsn.c index efeb327..5a004fb 100644 --- a/src/nsdbc/nsdb-resolve-fsn.c +++ b/src/nsdbc/nsdb-resolve-fsn.c @@ -380,14 +380,20 @@ again: fprintf(stderr, "Failed to find FSN %s\n", fsn_uuid); goto out_close; case FEDFS_ERR_NSDB_LDAP_VAL: - if (ldap_err == LDAP_REFERRAL) { + switch (ldap_err) { + case LDAP_REFERRAL: retval = nsdb_resolve_fsn_follow_ldap_referral(&host); - if (retval != FEDFS_OK) - goto out_close; - goto again; + if (retval == FEDFS_OK) + goto again; + break; + case LDAP_CONFIDENTIALITY_REQUIRED: + fprintf(stderr, "TLS security required for %s:%u\n", + nsdbname, nsdbport); + break; + default: + fprintf(stderr, "NSDB LDAP error: %s\n", + ldap_err2string(ldap_err)); } - fprintf(stderr, "NSDB LDAP error: %s\n", - ldap_err2string(ldap_err)); goto out_close; default: fprintf(stderr, "FedFsStatus code " diff --git a/src/nsdbc/nsdb-simple-nce.c b/src/nsdbc/nsdb-simple-nce.c index c7174c0..e70c604 100644 --- a/src/nsdbc/nsdb-simple-nce.c +++ b/src/nsdbc/nsdb-simple-nce.c @@ -240,13 +240,19 @@ main(int argc, char **argv) "for this NSDB\n", nce); break; case FEDFS_ERR_NSDB_LDAP_VAL: - if (ldap_err == LDAP_REFERRAL) { + switch (ldap_err) { + case LDAP_REFERRAL: fprintf(stderr, "Encountered LDAP referral on %s:%u\n", nsdbname, nsdbport); break; + case LDAP_CONFIDENTIALITY_REQUIRED: + fprintf(stderr, "TLS security required for %s:%u\n", + nsdbname, nsdbport); + break; + default: + fprintf(stderr, "Failed to update NCI: %s\n", + ldap_err2string(ldap_err)); } - fprintf(stderr, "Failed to update NCI: %s\n", - ldap_err2string(ldap_err)); break; default: fprintf(stderr, "Failed to update NCI: %s\n", diff --git a/src/nsdbc/nsdb-update-fsl.c b/src/nsdbc/nsdb-update-fsl.c index e2fb2f0..406373d 100644 --- a/src/nsdbc/nsdb-update-fsl.c +++ b/src/nsdbc/nsdb-update-fsl.c @@ -271,13 +271,19 @@ main(int argc, char **argv) fprintf(stderr, "NCE %s does not exist\n", nce); break; case FEDFS_ERR_NSDB_LDAP_VAL: - if (ldap_err == LDAP_REFERRAL) { + switch (ldap_err) { + case LDAP_REFERRAL: fprintf(stderr, "Encountered LDAP referral on %s:%u\n", nsdbname, nsdbport); break; + case LDAP_CONFIDENTIALITY_REQUIRED: + fprintf(stderr, "TLS security required for %s:%u\n", + nsdbname, nsdbport); + break; + default: + fprintf(stderr, "Failed to update FSL %s: %s\n", + fsl_uuid, ldap_err2string(ldap_err)); } - fprintf(stderr, "Failed to update FSL %s: %s\n", - fsl_uuid, ldap_err2string(ldap_err)); break; default: fprintf(stderr, "Failed to update FSL %s: %s\n", diff --git a/src/nsdbc/nsdb-update-nci.c b/src/nsdbc/nsdb-update-nci.c index e2c0b37..1d3c833 100644 --- a/src/nsdbc/nsdb-update-nci.c +++ b/src/nsdbc/nsdb-update-nci.c @@ -245,13 +245,19 @@ main(int argc, char **argv) "for this NSDB\n", nce); break; case FEDFS_ERR_NSDB_LDAP_VAL: - if (ldap_err == LDAP_REFERRAL) { + switch (ldap_err) { + case LDAP_REFERRAL: fprintf(stderr, "Encountered LDAP referral on %s:%u\n", nsdbname, nsdbport); break; + case LDAP_CONFIDENTIALITY_REQUIRED: + fprintf(stderr, "TLS security required for %s:%u\n", + nsdbname, nsdbport); + break; + default: + fprintf(stderr, "Failed to update NCI: %s\n", + ldap_err2string(ldap_err)); } - fprintf(stderr, "Failed to update NCI: %s\n", - ldap_err2string(ldap_err)); break; default: fprintf(stderr, "Failed to update NCI: %s\n", diff --git a/src/plug-ins/nfs-plugin.c b/src/plug-ins/nfs-plugin.c index c50c648..7f0127f 100644 --- a/src/plug-ins/nfs-plugin.c +++ b/src/plug-ins/nfs-plugin.c @@ -413,8 +413,20 @@ again: __func__, fsn_uuid); goto out_close; case FEDFS_ERR_NSDB_LDAP_VAL: - nfs_jp_debug("%s: NSDB operation failed with %s\n", - __func__, ldap_err2string(ldap_err)); + switch (ldap_err) { + case LDAP_REFERRAL: + retval = nfs_jp_follow_ldap_referral(&host); + if (retval == FEDFS_OK) + goto again; + break; + case LDAP_CONFIDENTIALITY_REQUIRED: + nfs_jp_debug("TLS security required for %s:%u\n", + nsdb_hostname(host), nsdb_port(host)); + break; + default: + nfs_jp_debug("%s: NSDB operation failed with %s\n", + __func__, ldap_err2string(ldap_err)); + } goto out_close; default: nfs_jp_debug("%s: Failed to resolve FSN %s: %s\n", @@ -441,12 +453,6 @@ again: __func__, fsn_uuid); break; case FEDFS_ERR_NSDB_LDAP_VAL: - if (ldap_err == LDAP_REFERRAL) { - retval = nfs_jp_follow_ldap_referral(&host); - if (retval != FEDFS_OK) - break; - goto again; - } nfs_jp_debug("%s: NSDB operation failed with %s\n", __func__, ldap_err2string(ldap_err)); break; _______________________________________________ fedfs-utils-devel mailing list [email protected] https://oss.oracle.com/mailman/listinfo/fedfs-utils-devel
