From patchwork Fri Dec 14 22:38:27 2012 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Chuck Lever X-Patchwork-Id: 206582 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Received: from aserp1040.oracle.com (aserp1040.oracle.com [141.146.126.69]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client CN "aserp1040.oracle.com", Issuer "VeriSign Class 3 International Server CA - G3" (not verified)) by ozlabs.org (Postfix) with ESMTPS id AAE002C0090 for ; Sat, 15 Dec 2012 09:38:38 +1100 (EST) Received: from acsinet22.oracle.com (acsinet22.oracle.com [141.146.126.238]) by aserp1040.oracle.com (Sentrion-MTA-4.2.2/Sentrion-MTA-4.2.2) with ESMTP id qBEMcZpS027626 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK); Fri, 14 Dec 2012 22:38:36 GMT Received: from oss.oracle.com (oss-external.oracle.com [137.254.96.51]) by acsinet22.oracle.com (8.14.4+Sun/8.14.4) with ESMTP id qBEMcZIT004014 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Fri, 14 Dec 2012 22:38:35 GMT Received: from localhost ([127.0.0.1] helo=oss.oracle.com) by oss.oracle.com with esmtp (Exim 4.63) (envelope-from ) id 1Tjdtq-0005wS-V0; Fri, 14 Dec 2012 14:38:34 -0800 Received: from acsinet22.oracle.com ([141.146.126.238]) by oss.oracle.com with esmtp (Exim 4.63) (envelope-from ) id 1Tjdtm-0005wE-75 for fedfs-utils-devel@oss.oracle.com; Fri, 14 Dec 2012 14:38:30 -0800 Received: from aserp1020.oracle.com (aserp1020.oracle.com [141.146.126.67]) by acsinet22.oracle.com (8.14.4+Sun/8.14.4) with ESMTP id qBEMcTq4003910 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK) for ; Fri, 14 Dec 2012 22:38:30 GMT Received: from mail-ia0-f171.google.com (mail-ia0-f171.google.com [209.85.210.171]) by aserp1020.oracle.com (Sentrion-MTA-4.2.2/Sentrion-MTA-4.2.2) with ESMTP id qBEMcTpo006650 (version=TLSv1/SSLv3 cipher=RC4-SHA bits=128 verify=OK) for ; Fri, 14 Dec 2012 22:38:29 GMT Received: by mail-ia0-f171.google.com with SMTP id k27so3643460iad.2 for ; Fri, 14 Dec 2012 14:38:28 -0800 (PST) Received: by 10.42.131.133 with SMTP id z5mr5848477ics.10.1355524708926; Fri, 14 Dec 2012 14:38:28 -0800 (PST) Received: from seurat.1015granger.net ([99.26.161.222]) by mx.google.com with ESMTPS id fv6sm7741844igc.17.2012.12.14.14.38.28 (version=TLSv1/SSLv3 cipher=OTHER); Fri, 14 Dec 2012 14:38:28 -0800 (PST) From: Chuck Lever To: fedfs-utils-devel@oss.oracle.com Date: Fri, 14 Dec 2012 17:38:27 -0500 Message-ID: <20121214223827.22243.40882.stgit@seurat.1015granger.net> In-Reply-To: <20121214221556.22243.9462.stgit@seurat.1015granger.net> References: <20121214221556.22243.9462.stgit@seurat.1015granger.net> User-Agent: StGIT/0.14.3 MIME-Version: 1.0 X-Flow-Control-Info: class=Default reputation=ipRepBelow100 ip=209.85.210.171 ct-class=R5 ct-vol1=0 ct-vol2=8 ct-vol3=7 ct-risk=49 ct-spam1=75 ct-spam2=7 ct-bulk=5 rcpts=1 size=2779 X-MM-CT-Classification: not spam X-MM-CT-RefID: str=0001.0A090206.50CBAA65.00AD,ss=1,re=0.000,fgs=0 Subject: [fedfs-utils] [PATCH 08/11] fedfsd: Follow LDAP referrals when resolving FSNs X-BeenThere: fedfs-utils-devel@oss.oracle.com X-Mailman-Version: 2.1.9 Precedence: list Reply-To: fedfs-utils Developers List-Id: fedfs-utils Developers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: fedfs-utils-devel-bounces@oss.oracle.com Errors-To: fedfs-utils-devel-bounces@oss.oracle.com X-Source-IP: acsinet22.oracle.com [141.146.126.238] FSN resolution is allowed to follow LDAP referrals if the NSDB's "follow referrals" flag is on. Signed-off-by: Chuck Lever --- src/fedfsd/svc.c | 59 +++++++++++++++++++++++++++++++++++++++++++++++++++--- 1 files changed, 56 insertions(+), 3 deletions(-) diff --git a/src/fedfsd/svc.c b/src/fedfsd/svc.c index 6f8f41c..e26da13 100644 --- a/src/fedfsd/svc.c +++ b/src/fedfsd/svc.c @@ -718,6 +718,52 @@ out_free: } /** + * Attempt to follow an LDAP referral to another NSDB + * + * @param host OUT: pointer to an initialized nsdb_t that may be replaced + * @return a FedFsStatus code + */ +static FedFsStatus +fedfsd_follow_ldap_referral(nsdb_t *host) +{ + static unsigned int nest = 0; + FedFsStatus retval; + nsdb_t old, refer; + + old = *host; + if (!nsdb_follow_referrals(old)) { + xlog(D_GENERAL, "LDAP referrals for NSDB %s:%u disallowed\n", + nsdb_hostname(old), nsdb_port(old)); + return FEDFS_ERR_NSDB_LDAP_REFERRAL_NOTFOLLOWED; + } + + if (nest++ > 10) { + xlog(D_GENERAL, "Possible referral loop for NSDB %s:%u\n", + nsdb_hostname(old), nsdb_port(old)); + return FEDFS_ERR_NSDB_LDAP_REFERRAL_NOTFOLLOWED; + } + + retval = nsdb_lookup_nsdb_by_uri(nsdb_referred_to(old), &refer); + switch (retval) { + case FEDFS_OK: + break; + case FEDFS_ERR_NSDB_PARAMS: + xlog(D_GENERAL, "Encountered referral to unrecognized NSDB %s", + nsdb_referred_to(old)); + return FEDFS_ERR_NSDB_LDAP_REFERRAL_NOTFOLLOWED; + default: + xlog(D_GENERAL, "Problem following referral: %s\n", + nsdb_display_fedfsstatus(retval)); + return retval; + } + + nsdb_close_nsdb(old); + nsdb_free_nsdb(old); + *host = refer; + return FEDFS_OK; +} + +/** * Prepare a LOOKUP_NSDB type FEDFS_LOOKUP_JUNCTION reply * * @param fsls a list of struct fedfs_fsl items @@ -823,6 +869,7 @@ fedfsd_svc_lookup_junction_1(SVCXPRT *xprt) goto out; } +again: result.status = fedfsd_nsdb_to_nsdbname(host, &resok->fsn.nsdbName); if (result.status != FEDFS_OK) goto out; @@ -843,11 +890,17 @@ fedfsd_svc_lookup_junction_1(SVCXPRT *xprt) result.status = nsdb_resolve_fsn_s(host, NULL, fsn_uuid, &fsls, &ldap_err); - nsdb_close_nsdb(host); if (result.status == FEDFS_ERR_NSDB_LDAP_VAL) { - result.FedFsLookupRes_u.ldapResultCode = ldap_err; - break; + if (ldap_err != LDAP_REFERRAL) { + result.FedFsLookupRes_u.ldapResultCode = ldap_err; + nsdb_close_nsdb(host); + break; + } + result.status = fedfsd_follow_ldap_referral(&host); + if (result.status == FEDFS_OK) + goto again; } + nsdb_close_nsdb(host); if (result.status != FEDFS_OK) break; result.status = fedfsd_prepare_fedfsfsl_array(fsls, resok);