@@ -392,14 +392,20 @@ again:
__func__, fsn_uuid);
break;
case FEDFS_ERR_NSDB_LDAP_VAL:
- if (ldap_err == LDAP_REFERRAL) {
+ switch (ldap_err) {
+ case LDAP_REFERRAL:
retval = nfsref_lookup_follow_ldap_referral(&host);
- if (retval != FEDFS_OK)
- break;
- goto again;
+ if (retval == FEDFS_OK)
+ goto again;
+ break;
+ case LDAP_CONFIDENTIALITY_REQUIRED:
+ xlog(L_ERROR, "TLS security required for %s:%u",
+ nsdb_hostname(host), nsdb_port(host));
+ break;
+ default:
+ xlog(L_ERROR, "%s: NSDB operation failed with %s",
+ __func__, ldap_err2string(ldap_err));
}
- xlog(L_ERROR, "%s: NSDB operation failed with %s",
- __func__, ldap_err2string(ldap_err));
break;
default:
xlog(L_ERROR, "%s: Failed to resolve FSN %s: %s",
@@ -230,10 +230,23 @@ nfsref_remove_delete_fsn(const char *junct_path)
xlog(L_ERROR, "FSN %s still has FSL entries", fsn_uuid);
break;
case FEDFS_ERR_NSDB_LDAP_VAL:
- /* XXX: "Operation not allowed on non-leaf" means
- * this FSN still has children FSLs. */
- xlog(L_ERROR, "Failed to delete FSN %s: %s",
- fsn_uuid, ldap_err2string(ldap_err));
+ switch (ldap_err) {
+ case LDAP_REFERRAL:
+ xlog(L_ERROR, "Encountered LDAP referral on %s:%u",
+ nsdb_hostname(host), nsdb_port(host));
+ break;
+ case LDAP_CONFIDENTIALITY_REQUIRED:
+ xlog(L_ERROR, "TLS security required for %s:%u",
+ nsdb_hostname(host), nsdb_port(host));
+ break;
+ case LDAP_NOT_ALLOWED_ON_NONLEAF:
+ xlog(L_ERROR, "Failed to delete: "
+ "this FSN may have children");
+ break;
+ default:
+ xlog(L_ERROR, "Failed to delete FSN %s: %s",
+ fsn_uuid, ldap_err2string(ldap_err));
+ }
break;
default:
xlog(L_ERROR, "Failed to delete FSN %s: %s",
@@ -315,6 +315,10 @@ main(int argc, char **argv)
fprintf(stderr, "Encountered LDAP referral on %s:%u\n",
nsdbname, nsdbport);
break;
+ case LDAP_CONFIDENTIALITY_REQUIRED:
+ fprintf(stderr, "TLS security required for %s:%u\n",
+ nsdbname, nsdbport);
+ break;
case LDAP_NO_SUCH_ATTRIBUTE:
fprintf(stderr, "Annotation \"%s\" = \"%s\" not found\n",
keyword, value);
@@ -300,13 +300,19 @@ main(int argc, char **argv)
fprintf(stderr, "NCE %s does not exist\n", nce);
break;
case FEDFS_ERR_NSDB_LDAP_VAL:
- if (ldap_err == LDAP_REFERRAL) {
+ switch (ldap_err) {
+ case LDAP_REFERRAL:
fprintf(stderr, "Encountered LDAP referral on %s:%u\n",
nsdbname, nsdbport);
break;
+ case LDAP_CONFIDENTIALITY_REQUIRED:
+ fprintf(stderr, "TLS security required for %s:%u\n",
+ nsdbname, nsdbport);
+ break;
+ default:
+ fprintf(stderr, "Failed to create FSL %s: %s\n",
+ fsl_uuid, ldap_err2string(ldap_err));
}
- fprintf(stderr, "Failed to create FSL %s: %s\n",
- fsl_uuid, ldap_err2string(ldap_err));
break;
default:
fprintf(stderr, "Failed to create FSL %s: %s\n",
@@ -277,13 +277,19 @@ main(int argc, char **argv)
fprintf(stderr, "NCE %s does not exist\n", nce);
break;
case FEDFS_ERR_NSDB_LDAP_VAL:
- if (ldap_err == LDAP_REFERRAL) {
+ switch (ldap_err) {
+ case LDAP_REFERRAL:
fprintf(stderr, "Encountered LDAP referral on %s:%u\n",
nsdbname, nsdbport);
break;
+ case LDAP_CONFIDENTIALITY_REQUIRED:
+ fprintf(stderr, "TLS security required for %s:%u\n",
+ nsdbname, nsdbport);
+ break;
+ default:
+ fprintf(stderr, "Failed to create FSN: %s\n",
+ ldap_err2string(ldap_err));
}
- fprintf(stderr, "Failed to create FSN: %s\n",
- ldap_err2string(ldap_err));
break;
default:
fprintf(stderr, "Failed to create FSN: %s\n",
@@ -263,13 +263,19 @@ main(int argc, char **argv)
nsdbname, nsdbport, fsl_uuid);
break;
case FEDFS_ERR_NSDB_LDAP_VAL:
- if (ldap_err == LDAP_REFERRAL) {
+ switch (ldap_err) {
+ case LDAP_REFERRAL:
fprintf(stderr, "Encountered LDAP referral on %s:%u\n",
nsdbname, nsdbport);
break;
+ case LDAP_CONFIDENTIALITY_REQUIRED:
+ fprintf(stderr, "TLS security required for %s:%u\n",
+ nsdbname, nsdbport);
+ break;
+ default:
+ fprintf(stderr, "Failed to delete FSL %s: %s\n",
+ fsl_uuid, ldap_err2string(ldap_err));
}
- fprintf(stderr, "Failed to delete FSL %s: %s\n",
- fsl_uuid, ldap_err2string(ldap_err));
break;
default:
fprintf(stderr, "Failed to delete FSL %s: %s\n",
@@ -272,15 +272,23 @@ main(int argc, char **argv)
fprintf(stderr, "FSN %s still has FSL entries\n", fsn_uuid);
break;
case FEDFS_ERR_NSDB_LDAP_VAL:
- if (ldap_err == LDAP_REFERRAL) {
+ switch (ldap_err) {
+ case LDAP_REFERRAL:
fprintf(stderr, "Encountered LDAP referral on %s:%u\n",
nsdbname, nsdbport);
break;
+ case LDAP_CONFIDENTIALITY_REQUIRED:
+ fprintf(stderr, "TLS security required for %s:%u\n",
+ nsdbname, nsdbport);
+ break;
+ case LDAP_NOT_ALLOWED_ON_NONLEAF:
+ fprintf(stderr, "Failed to delete: "
+ "this FSN may have children\n");
+ break;
+ default:
+ fprintf(stderr, "Failed to delete FSN %s: %s\n",
+ fsn_uuid, ldap_err2string(ldap_err));
}
- /* XXX: "Operation not allowed on non-leaf" means
- * this FSN still has children FSLs. */
- fprintf(stderr, "Failed to delete FSN %s: %s\n",
- fsn_uuid, ldap_err2string(ldap_err));
break;
default:
fprintf(stderr, "Failed to delete FSN %s: %s\n",
@@ -229,13 +229,19 @@ main(int argc, char **argv)
fprintf(stderr, "NCE %s does not exist\n", nce);
break;
case FEDFS_ERR_NSDB_LDAP_VAL:
- if (ldap_err == LDAP_REFERRAL) {
+ switch (ldap_err) {
+ case LDAP_REFERRAL:
fprintf(stderr, "Encountered LDAP referral on %s:%u\n",
nsdbname, nsdbport);
break;
+ case LDAP_CONFIDENTIALITY_REQUIRED:
+ fprintf(stderr, "TLS security required for %s:%u\n",
+ nsdbname, nsdbport);
+ break;
+ default:
+ fprintf(stderr, "Failed to remove NCE %s: %s\n",
+ nce, ldap_err2string(ldap_err));
}
- fprintf(stderr, "Failed to remove NCE %s: %s\n",
- nce, ldap_err2string(ldap_err));
break;
default:
fprintf(stderr, "Failed to remove NCE %s: %s\n",
@@ -258,6 +258,10 @@ main(int argc, char **argv)
fprintf(stderr, "Encountered LDAP referral on %s:%u\n",
nsdbname, nsdbport);
break;
+ case LDAP_CONFIDENTIALITY_REQUIRED:
+ fprintf(stderr, "TLS security required for %s:%u\n",
+ nsdbname, nsdbport);
+ break;
case LDAP_NO_SUCH_OBJECT:
fprintf(stderr, "Entry \"%s\" not found\n", entry);
break;
@@ -328,14 +328,20 @@ again:
fprintf(stderr, "NCE %s does not exist\n", nce);
break;
case FEDFS_ERR_NSDB_LDAP_VAL:
- if (ldap_err == LDAP_REFERRAL) {
+ switch (ldap_err) {
+ case LDAP_REFERRAL:
retval = nsdb_list_follow_ldap_referral(&host);
- if (retval != FEDFS_OK)
- break;
- goto again;
+ if (retval == FEDFS_OK)
+ goto again;
+ break;
+ case LDAP_CONFIDENTIALITY_REQUIRED:
+ fprintf(stderr, "TLS security required for %s:%u\n",
+ nsdbname, nsdbport);
+ break;
+ default:
+ fprintf(stderr, "Failed to list FSNs: %s\n",
+ ldap_err2string(ldap_err));
}
- fprintf(stderr, "Failed to list FSNs: %s\n",
- ldap_err2string(ldap_err));
break;
default:
fprintf(stderr, "Failed to list FSNs: %s\n",
@@ -200,13 +200,19 @@ main(int argc, char **argv)
case FEDFS_OK:
break;
case FEDFS_ERR_NSDB_LDAP_VAL:
- if (ldap_err == LDAP_REFERRAL) {
+ switch (ldap_err) {
+ case LDAP_REFERRAL:
fprintf(stderr, "Encountered LDAP referral on %s:%u\n",
nsdbname, nsdbport);
break;
+ case LDAP_CONFIDENTIALITY_REQUIRED:
+ fprintf(stderr, "TLS security required for %s:%u\n",
+ nsdbname, nsdbport);
+ break;
+ default:
+ fprintf(stderr, "Failed to list NCEs: %s\n",
+ ldap_err2string(ldap_err));
}
- fprintf(stderr, "Failed to list NCEs: %s\n",
- ldap_err2string(ldap_err));
goto out_close;
default:
fprintf(stderr, "Failed to list NCEs: %s\n",
@@ -226,13 +226,19 @@ main(int argc, char **argv)
fprintf(stderr, "NCE %s does not exist\n", nce);
break;
case FEDFS_ERR_NSDB_LDAP_VAL:
- if (ldap_err == LDAP_REFERRAL) {
+ switch (ldap_err) {
+ case LDAP_REFERRAL:
fprintf(stderr, "Encountered LDAP referral on %s:%u\n",
nsdbname, nsdbport);
break;
+ case LDAP_CONFIDENTIALITY_REQUIRED:
+ fprintf(stderr, "TLS security required for %s:%u\n",
+ nsdbname, nsdbport);
+ break;
+ default:
+ fprintf(stderr, "Failed to remove NCI for NCE %s: %s\n",
+ nce, ldap_err2string(ldap_err));
}
- fprintf(stderr, "Failed to remove NCI for NCE %s: %s\n",
- nce, ldap_err2string(ldap_err));
break;
default:
fprintf(stderr, "Failed to remove NCI for NCE %s: %s\n",
@@ -380,14 +380,20 @@ again:
fprintf(stderr, "Failed to find FSN %s\n", fsn_uuid);
goto out_close;
case FEDFS_ERR_NSDB_LDAP_VAL:
- if (ldap_err == LDAP_REFERRAL) {
+ switch (ldap_err) {
+ case LDAP_REFERRAL:
retval = nsdb_resolve_fsn_follow_ldap_referral(&host);
- if (retval != FEDFS_OK)
- goto out_close;
- goto again;
+ if (retval == FEDFS_OK)
+ goto again;
+ break;
+ case LDAP_CONFIDENTIALITY_REQUIRED:
+ fprintf(stderr, "TLS security required for %s:%u\n",
+ nsdbname, nsdbport);
+ break;
+ default:
+ fprintf(stderr, "NSDB LDAP error: %s\n",
+ ldap_err2string(ldap_err));
}
- fprintf(stderr, "NSDB LDAP error: %s\n",
- ldap_err2string(ldap_err));
goto out_close;
default:
fprintf(stderr, "FedFsStatus code "
@@ -240,13 +240,19 @@ main(int argc, char **argv)
"for this NSDB\n", nce);
break;
case FEDFS_ERR_NSDB_LDAP_VAL:
- if (ldap_err == LDAP_REFERRAL) {
+ switch (ldap_err) {
+ case LDAP_REFERRAL:
fprintf(stderr, "Encountered LDAP referral on %s:%u\n",
nsdbname, nsdbport);
break;
+ case LDAP_CONFIDENTIALITY_REQUIRED:
+ fprintf(stderr, "TLS security required for %s:%u\n",
+ nsdbname, nsdbport);
+ break;
+ default:
+ fprintf(stderr, "Failed to update NCI: %s\n",
+ ldap_err2string(ldap_err));
}
- fprintf(stderr, "Failed to update NCI: %s\n",
- ldap_err2string(ldap_err));
break;
default:
fprintf(stderr, "Failed to update NCI: %s\n",
@@ -271,13 +271,19 @@ main(int argc, char **argv)
fprintf(stderr, "NCE %s does not exist\n", nce);
break;
case FEDFS_ERR_NSDB_LDAP_VAL:
- if (ldap_err == LDAP_REFERRAL) {
+ switch (ldap_err) {
+ case LDAP_REFERRAL:
fprintf(stderr, "Encountered LDAP referral on %s:%u\n",
nsdbname, nsdbport);
break;
+ case LDAP_CONFIDENTIALITY_REQUIRED:
+ fprintf(stderr, "TLS security required for %s:%u\n",
+ nsdbname, nsdbport);
+ break;
+ default:
+ fprintf(stderr, "Failed to update FSL %s: %s\n",
+ fsl_uuid, ldap_err2string(ldap_err));
}
- fprintf(stderr, "Failed to update FSL %s: %s\n",
- fsl_uuid, ldap_err2string(ldap_err));
break;
default:
fprintf(stderr, "Failed to update FSL %s: %s\n",
@@ -245,13 +245,19 @@ main(int argc, char **argv)
"for this NSDB\n", nce);
break;
case FEDFS_ERR_NSDB_LDAP_VAL:
- if (ldap_err == LDAP_REFERRAL) {
+ switch (ldap_err) {
+ case LDAP_REFERRAL:
fprintf(stderr, "Encountered LDAP referral on %s:%u\n",
nsdbname, nsdbport);
break;
+ case LDAP_CONFIDENTIALITY_REQUIRED:
+ fprintf(stderr, "TLS security required for %s:%u\n",
+ nsdbname, nsdbport);
+ break;
+ default:
+ fprintf(stderr, "Failed to update NCI: %s\n",
+ ldap_err2string(ldap_err));
}
- fprintf(stderr, "Failed to update NCI: %s\n",
- ldap_err2string(ldap_err));
break;
default:
fprintf(stderr, "Failed to update NCI: %s\n",
@@ -413,8 +413,20 @@ again:
__func__, fsn_uuid);
goto out_close;
case FEDFS_ERR_NSDB_LDAP_VAL:
- nfs_jp_debug("%s: NSDB operation failed with %s\n",
- __func__, ldap_err2string(ldap_err));
+ switch (ldap_err) {
+ case LDAP_REFERRAL:
+ retval = nfs_jp_follow_ldap_referral(&host);
+ if (retval == FEDFS_OK)
+ goto again;
+ break;
+ case LDAP_CONFIDENTIALITY_REQUIRED:
+ nfs_jp_debug("TLS security required for %s:%u\n",
+ nsdb_hostname(host), nsdb_port(host));
+ break;
+ default:
+ nfs_jp_debug("%s: NSDB operation failed with %s\n",
+ __func__, ldap_err2string(ldap_err));
+ }
goto out_close;
default:
nfs_jp_debug("%s: Failed to resolve FSN %s: %s\n",
@@ -441,12 +453,6 @@ again:
__func__, fsn_uuid);
break;
case FEDFS_ERR_NSDB_LDAP_VAL:
- if (ldap_err == LDAP_REFERRAL) {
- retval = nfs_jp_follow_ldap_referral(&host);
- if (retval != FEDFS_OK)
- break;
- goto again;
- }
nfs_jp_debug("%s: NSDB operation failed with %s\n",
__func__, ldap_err2string(ldap_err));
break;
If an NSDB is configured to reject FEDFS_SEC_NONE requests, but our client is configured to use FEDFS_SEC_NONE, libnsdb will return FEDFS_ERR_NSDB_LDAP_VAL with the LDAP error code LDAP_CONFIDENTIALITY_REQUIRED. Update the NSDB client tools to report this error meaningfully. Signed-off-by: Chuck Lever <chuck.lever@oracle.com> --- src/nfsref/lookup.c | 18 ++++++++++++------ src/nfsref/remove.c | 21 +++++++++++++++++---- src/nsdbc/nsdb-annotate.c | 4 ++++ src/nsdbc/nsdb-create-fsl.c | 12 +++++++++--- src/nsdbc/nsdb-create-fsn.c | 12 +++++++++--- src/nsdbc/nsdb-delete-fsl.c | 12 +++++++++--- src/nsdbc/nsdb-delete-fsn.c | 18 +++++++++++++----- src/nsdbc/nsdb-delete-nsdb.c | 12 +++++++++--- src/nsdbc/nsdb-describe.c | 4 ++++ src/nsdbc/nsdb-list.c | 18 ++++++++++++------ src/nsdbc/nsdb-nces.c | 12 +++++++++--- src/nsdbc/nsdb-remove-nci.c | 12 +++++++++--- src/nsdbc/nsdb-resolve-fsn.c | 18 ++++++++++++------ src/nsdbc/nsdb-simple-nce.c | 12 +++++++++--- src/nsdbc/nsdb-update-fsl.c | 12 +++++++++--- src/nsdbc/nsdb-update-nci.c | 12 +++++++++--- src/plug-ins/nfs-plugin.c | 22 ++++++++++++++-------- 17 files changed, 169 insertions(+), 62 deletions(-)