Note: FEDFS_NULL does not return a status code, so it cannot return FEDFS_ERR_DELAY. Logic to handle that case is removed.
Signed-off-by: Chuck Lever <[email protected]> --- doc/man/fedfs-null.8 | 50 +++++++++++++--- src/fedfsc/fedfs-null.c | 144 +++++++++++++++++++++++++++++------------------ 2 files changed, 128 insertions(+), 66 deletions(-) diff --git a/doc/man/fedfs-null.8 b/doc/man/fedfs-null.8 index a1e773e..028ba30 100644 --- a/doc/man/fedfs-null.8 +++ b/doc/man/fedfs-null.8 @@ -5,7 +5,7 @@ .\" .\" -.\" Copyright 2011 Oracle. All rights reserved. +.\" Copyright 2011, 2013 Oracle. All rights reserved. .\" .\" This file is part of fedfs-utils. .\" @@ -33,6 +33,8 @@ fedfs-null \- send a FEDFS_NULL ADMIN protocol request .IR nettype ] .RB [ \-h .IR hostname ] +.RB [ \-s +.IR security ] .SH INTRODUCTION RFC 5716 introduces the Federated File System (FedFS, for short). FedFS is an extensible standardized mechanism @@ -83,15 +85,21 @@ If this option is not specified, the default value is See .BR rpc (3t) for details. -.SH EXIT CODES -The remote administration service returns a value that reflects the -success of the requested operation. -.TP -.B FEDFS_OK -The operation succeeded. -.TP -.B FEDFS_ERR_NOTSUPP -The remote server does not support the specified procedure. +.IP "\fB\-s, \-\-security=\fIflavor\fP" +Specifies the security flavor to use +when contacting the remote FedFS ADMIN service. +Valid flavors are +.BR sys , +.BR unix , +.BR krb5 , +.BR krb5i ", and" +.BR krb5p . +If this option is not specified, the +.B unix +flavor is used. +See the +.B SECURITY +section of this man page for details. .SH EXAMPLES Suppose you are the FedFS administrator of the .I example.net @@ -106,10 +114,30 @@ $ fedfs-null -h fs.example.net Call completed successfully .RE .SH SECURITY -RPCSEC GSSAPI authentication has not yet been implemented for this command. +By default, or if the +.B sys +and +.B unix +flavors are specified with the +.BI \-\-security= flavor +option, the +.BR fedfs-create-junction (8) +command uses AUTH_SYS security for the Remote Procedure Call. +AUTH_SYS has known weaknesses and should be avoided on untrusted networks. +.P +The RPC client uses the Kerberos v5 GSS mechanism +if a Kerberos security flavor is specified. +When specifying a Kerberos security flavor, +the user must first obtain a valid Kerberos ticket using +.BR kinit (1) +before running +.BR fedfs-create-junction (8). +.P +The AUTH_NONE security flavor is no longer supported by this implementation. .SH "SEE ALSO" .BR fedfs (7), .BR rpc.fedfsd (8), +.BR kinit (1), .BR rpc (3t) .sp RFC 5716 for FedFS requirements and overview diff --git a/src/fedfsc/fedfs-null.c b/src/fedfsc/fedfs-null.c index 05cf9a9..8e63b7d 100644 --- a/src/fedfsc/fedfs-null.c +++ b/src/fedfsc/fedfs-null.c @@ -4,7 +4,7 @@ */ /* - * Copyright 2010 Oracle. All rights reserved. + * Copyright 2010, 2013 Oracle. All rights reserved. * * This file is part of fedfs-utils. * @@ -26,28 +26,22 @@ #include <sys/types.h> #include <sys/stat.h> -#include <fcntl.h> +#include <stdlib.h> #include <unistd.h> #include <errno.h> #include <getopt.h> #include <locale.h> -#include <rpc/clnt.h> - #include "fedfs.h" #include "fedfs_admin.h" +#include "admin.h" #include "xlog.h" #include "gpl-boiler.h" /** - * Default RPC request timeout - */ -static struct timeval fedfs_null_timeout = { 25, 0 }; - -/** * Short form command line options */ -static const char fedfs_null_opts[] = "?dh:n:"; +static const char fedfs_null_opts[] = "?dh:n:s:"; /** * Long form command line options @@ -57,6 +51,7 @@ static const struct option fedfs_null_longopts[] = { { "help", 0, NULL, '?', }, { "hostname", 1, NULL, 'h', }, { "nettype", 1, NULL, 'n', }, + { "security", 1, NULL, 's', }, { NULL, 0, NULL, 0, }, }; @@ -64,8 +59,9 @@ static const struct option fedfs_null_longopts[] = { * Display program synopsis * * @param progname NUL-terminated C string containing name of program + * @return program exit status */ -static void +static int fedfs_null_usage(const char *progname) { fprintf(stderr, "\n%s version " VERSION "\n", progname); @@ -76,11 +72,56 @@ fedfs_null_usage(const char *progname) fprintf(stderr, "\t-d, --debug Enable debug messages\n"); fprintf(stderr, "\t-n, --nettype RPC transport (default: 'netpath')\n"); fprintf(stderr, "\t-h, --hostname ADMIN server hostname (default: 'localhost')\n"); + fprintf(stderr, "\t-s, --security RPC security level\n"); fflush(stderr); fprintf(stderr, "%s", fedfs_gpl_boilerplate); - exit((int)FEDFS_ERR_INVAL); + return EXIT_FAILURE; +} + +/** + * Send a NULL ADMIN request (ping) to a remote fileserver + * + * @param host an initialized and opened admin_t + * @return program exit status + */ +static FedFsStatus +fedfs_null_try(admin_t host) +{ + int status, err; + + status = EXIT_FAILURE; + err = admin_null(host); + switch (err) { + case 0: + break; + case EACCES: + xlog(L_ERROR, "%s: access denied", admin_hostname(host)); + xlog(D_GENERAL, "%s", + admin_perror(host, admin_hostname(host))); + goto out; + case EIO: + xlog(L_ERROR, "%s", + admin_perror(host, admin_hostname(host))); + goto out; + default: + xlog(L_ERROR, "Client failed: %s", strerror(err)); + goto out; + } + + switch (admin_status(host)) { + case FEDFS_OK: + printf("ADMIN service on %s responded to ping\n", + admin_hostname(host)); + status = EXIT_SUCCESS; + break; + default: + nsdb_print_fedfsstatus(admin_status(host)); + } + +out: + return status; } /** @@ -88,36 +129,37 @@ fedfs_null_usage(const char *progname) * * @param hostname NUL-terminated UTF-8 string containing ADMIN server's hostname * @param nettype NUL-terminated C string containing nettype to use for connection - * @return a FedFsStatus code + * @param security NUL-terminated C string containing RPC security mode + * @return program exit status */ -static FedFsStatus -fedfs_null_call(const char *hostname, const char *nettype) +static int +fedfs_null_host(const char *hostname, const char *nettype, + const char *security) { - FedFsStatus exit_status; - enum clnt_stat status; - CLIENT *client; - char result; - - client = clnt_create(hostname, FEDFS_PROG, FEDFS_V1, nettype); - if (client == NULL) { - clnt_pcreateerror("Failed to create FEDFS client"); - return -1; + admin_t host; + int status; + + status = EXIT_FAILURE; + switch (admin_create(hostname, nettype, security, &host)) { + case 0: + status = fedfs_null_try(host); + admin_release(host); + break; + case EINVAL: + xlog(L_ERROR, "Invalid command line parameter"); + break; + case EACCES: + xlog(L_ERROR, "Failed to authenticate server"); + break; + case EKEYEXPIRED: + xlog(L_ERROR, "User credentials not found"); + break; + default: + xlog(L_ERROR, "%s", + admin_open_perror(admin_hostname(host))); } - exit_status = FEDFS_OK; - memset((char *)&result, 0, sizeof(result)); - status = clnt_call(client, FEDFS_NULL, - (xdrproc_t)xdr_void, (caddr_t)NULL, - (xdrproc_t)xdr_void, (caddr_t)&result, - fedfs_null_timeout); - if (status != RPC_SUCCESS) { - clnt_perror(client, "FEDFS_NULL call failed"); - exit_status = FEDFS_ERR_SVRFAULT; - } else - printf("Call completed successfully\n"); - - (void)clnt_destroy(client); - return exit_status; + return status; } /** @@ -127,12 +169,9 @@ fedfs_null_call(const char *hostname, const char *nettype) * @param argv array of NUL-terminated C strings containing command line arguments * @return program exit status */ -int -main(int argc, char **argv) +int main(int argc, char **argv) { - char *progname, *hostname, *nettype; - unsigned int seconds; - FedFsStatus status; + char *progname, *hostname, *nettype, *security; int arg; (void)setlocale(LC_ALL, ""); @@ -151,6 +190,7 @@ main(int argc, char **argv) hostname = "localhost"; nettype = "netpath"; + security = "unix"; while ((arg = getopt_long(argc, argv, fedfs_null_opts, fedfs_null_longopts, NULL)) != -1) { switch (arg) { case 'd': @@ -162,23 +202,17 @@ main(int argc, char **argv) case 'n': nettype = optarg; break; + case 's': + security = optarg; + break; default: fprintf(stderr, "Invalid command line argument: %c\n", (char)arg); case '?': - fedfs_null_usage(progname); + return fedfs_null_usage(progname); } } if (optind != argc) - fedfs_null_usage(progname); - - for (seconds = FEDFS_DELAY_MIN_SECS;; seconds = fedfs_delay(seconds)) { - status = fedfs_null_call(hostname, nettype); - if (status != FEDFS_ERR_DELAY) - break; + return fedfs_null_usage(progname); - xlog(D_GENERAL, "Delaying %u seconds...", seconds); - if (sleep(seconds) != 0) - break; - } - return (int)status; + return fedfs_null_host(hostname, nettype, security); } _______________________________________________ fedfs-utils-devel mailing list [email protected] https://oss.oracle.com/mailman/listinfo/fedfs-utils-devel
