From patchwork Wed Nov 13 21:54:24 2013 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Chuck Lever X-Patchwork-Id: 291060 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Received: from aserp1040.oracle.com (aserp1040.oracle.com [141.146.126.69]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client CN "aserp1040.oracle.com", Issuer "VeriSign Class 3 International Server CA - G3" (not verified)) by ozlabs.org (Postfix) with ESMTPS id 8A8A72C00AB for ; Thu, 14 Nov 2013 08:54:37 +1100 (EST) Received: from acsinet22.oracle.com (acsinet22.oracle.com [141.146.126.238]) by aserp1040.oracle.com (Sentrion-MTA-4.3.1/Sentrion-MTA-4.3.1) with ESMTP id rADLsY50024286 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK); Wed, 13 Nov 2013 21:54:34 GMT Received: from oss.oracle.com (oss-external.oracle.com [137.254.96.51]) by acsinet22.oracle.com (8.14.4+Sun/8.14.4) with ESMTP id rADLsYTU000325 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Wed, 13 Nov 2013 21:54:34 GMT Received: from localhost ([127.0.0.1] helo=oss.oracle.com) by oss.oracle.com with esmtp (Exim 4.63) (envelope-from ) id 1VgiOP-0006zI-TR; Wed, 13 Nov 2013 13:54:33 -0800 Received: from ucsinet21.oracle.com ([156.151.31.93]) by oss.oracle.com with esmtp (Exim 4.63) (envelope-from ) id 1VgiOK-0006xZ-2L for fedfs-utils-devel@oss.oracle.com; Wed, 13 Nov 2013 13:54:28 -0800 Received: from aserp1020.oracle.com (aserp1020.oracle.com [141.146.126.67]) by ucsinet21.oracle.com (8.14.4+Sun/8.14.4) with ESMTP id rADLsRnv012800 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK) for ; Wed, 13 Nov 2013 21:54:27 GMT Received: from mail-yh0-f53.google.com (mail-yh0-f53.google.com [209.85.213.53]) by aserp1020.oracle.com (Sentrion-MTA-4.3.1/Sentrion-MTA-4.3.1) with ESMTP id rADLsQmA017386 (version=TLSv1/SSLv3 cipher=RC4-SHA bits=128 verify=OK) for ; Wed, 13 Nov 2013 21:54:26 GMT Received: by mail-yh0-f53.google.com with SMTP id z20so575029yhz.40 for ; Wed, 13 Nov 2013 13:54:26 -0800 (PST) X-Received: by 10.236.130.52 with SMTP id j40mr549016yhi.151.1384379666165; Wed, 13 Nov 2013 13:54:26 -0800 (PST) Received: from seurat.1015granger.net ([2604:8800:100:81fc:20c:29ff:fe44:ec31]) by mx.google.com with ESMTPSA id u52sm16186881yhg.5.2013.11.13.13.54.25 for (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Wed, 13 Nov 2013 13:54:25 -0800 (PST) To: fedfs-utils-devel@oss.oracle.com From: Chuck Lever Date: Wed, 13 Nov 2013 16:54:24 -0500 Message-ID: <20131113215424.23593.48548.stgit@seurat.1015granger.net> In-Reply-To: <20131113214635.23593.36381.stgit@seurat.1015granger.net> References: <20131113214635.23593.36381.stgit@seurat.1015granger.net> User-Agent: StGit/0.16 MIME-Version: 1.0 X-Flow-Control-Info: class=Pass-to-MM reputation=ipRisk-All ip=209.85.213.53 ct-class=R5 ct-vol1=0 ct-vol2=7 ct-vol3=7 ct-risk=48 ct-spam1=76 ct-spam2=8 ct-bulk=3 rcpts=1 size=4097 X-SPF-Info: PASS::mail-yh0-f53.google.com X-Sendmail-CM-Score: 0.00% X-Sendmail-CM-Analysis: v=2.1 cv=CtqGLBID c=1 sm=1 tr=0 a=aKxchOAWre9dvOBHvnlo6g==:117 a=dzsqy3y4QnMA:10 a=UubmfqIzQU4A:10 a=dPGociXpb70A:10 a=IkcTkHD0fZMA:10 a=xqWC_Br6kY4A:10 a=yPCof4ZbAAAA:8 a=Lb1rMZzfAAAA:8 a=1XWaLZrsAAAA:8 a=eJekyWtaTQYA:10 a=gmrVzlcIyS5UQ l7KEC4A:9 a=QEXdDO2ut3YA:10 a=7DSvI1NPTFQA:10 X-Sendmail-CT-Classification: not spam X-Sendmail-CT-RefID: str=0001.0A090204.5283F513.0003, ss=1, re=0.000, recu=0.000, reip=0.000, cl=1, cld=1, fgs=0 Subject: [fedfs-utils] [PATCH 6/8] libnsdb: Avoid constructing the FSN DN on NSDB clients X-BeenThere: fedfs-utils-devel@oss.oracle.com X-Mailman-Version: 2.1.9 Precedence: list Reply-To: fedfs-utils Developers List-Id: fedfs-utils Developers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: fedfs-utils-devel-bounces@oss.oracle.com Errors-To: fedfs-utils-devel-bounces@oss.oracle.com X-Source-IP: acsinet22.oracle.com [141.146.126.238] The LDAP community prefers that LDAP clients do not construct Distinguished Names. Rather, they should obtain DNs from servers, whenever possible. Instead of constructing the FSN record's DN on the client, we could query the server for the FSN object, and then use ldap_get_dn() to derive the DN for the search base for the FSN's FSLs. A second query would then retrieve the children of the FSN record via a query of scope ONE, using the FSN DN as search base. However, this adds extra query steps. FSL records already have the parent's FSN UUID as one of their attributes. We get the same results as above by performing a subtree query using the NCE as the search base, and filtering on the value of the fedfsFsnUuid attribute. This matches similar logic in administrator.c. The original queries were based on the LDAP URI specified in section 5.2.2 of the NSDB protocol I-D. Signed-off-by: Chuck Lever --- src/libnsdb/fileserver.c | 48 ++++++++++++++++++++++++++++++---------------- 1 file changed, 31 insertions(+), 17 deletions(-) diff --git a/src/libnsdb/fileserver.c b/src/libnsdb/fileserver.c index 814bce3..4cda9d7 100644 --- a/src/libnsdb/fileserver.c +++ b/src/libnsdb/fileserver.c @@ -1010,7 +1010,7 @@ nsdb_resolve_fsn_parse_entry(LDAP *ld, LDAPMessage *entry, * * @verbatim - ldapsearch -b fedfsFsnUuid="fsn_uuid","nce" -s one (objectClass=fedfsFsl) + ldapsearch -b "nce" -s subtree (&(objectClass=fedfsFsl)(fedfsFsnUuid="uuid")) @endverbatim */ static FedFsStatus @@ -1021,19 +1021,26 @@ nsdb_resolve_fsn_find_entry_s(nsdb_t host, const char *nce, const char *fsn_uuid LDAP *ld = host->fn_ldap; struct fedfs_fsl *tmp; FedFsStatus retval; - char base[256]; + char *filter; int len, rc; - /* watch out for buffer overflow */ - len = snprintf(base, sizeof(base), - "fedfsFsnUuid=%s,%s", fsn_uuid,nce); - if (len < 0 || (size_t)len > sizeof(base)) { - xlog(D_GENERAL, "%s: base DN is too long", __func__); + filter = malloc(128); + if (filter == NULL) { + xlog(D_GENERAL, "%s: failed to allocate buffer", __func__); + return FEDFS_ERR_SVRFAULT; + } + + len = snprintf(filter, 127, + "(&(objectClass=fedfsFsl)(fedfsFsnUuid=%s))", fsn_uuid); + if (len < 0 || len > 127) { + xlog(D_GENERAL, "%s: invalid FSN UUID", __func__); + free(filter); return FEDFS_ERR_INVAL; } - rc = nsdb_search_nsdb_all_s(ld, base, LDAP_SCOPE_ONE, - "(objectClass=fedfsFsl)", &response); + rc = nsdb_search_nsdb_all_s(ld, nce, LDAP_SCOPE_SUBTREE, + filter, &response); + free(filter); switch (rc) { case LDAP_SUCCESS: case LDAP_REFERRAL: @@ -1322,7 +1329,7 @@ nsdb_get_fsn_parse_entry(LDAP *ld, LDAPMessage *entry, * * @verbatim - ldapsearch -b fedfsFsnUuid="fsn_uuid","nce" -s one (objectClass=fedfsFsn) + ldapsearch -b "nce" -s one (&(objectClass=fedfsFsn)(fedfsFsnUuid="uuid")) @endverbatim */ static FedFsStatus @@ -1333,18 +1340,25 @@ nsdb_get_fsn_find_entry_s(nsdb_t host, const char *nce, const char *fsn_uuid, LDAP *ld = host->fn_ldap; struct fedfs_fsn *tmp; FedFsStatus retval; - char base[256]; + char *filter; int len, rc; - /* watch out for buffer overflow */ - len = snprintf(base, sizeof(base), "fedfsFsnUuid=%s,%s", fsn_uuid, nce); - if (len < 0 || (size_t)len > sizeof(base)) { - xlog(D_GENERAL, "%s: base DN is too long", __func__); + filter = malloc(128); + if (filter == NULL) { + xlog(D_GENERAL, "%s: failed to allocate buffer", __func__); + return FEDFS_ERR_SVRFAULT; + } + + len = snprintf(filter, 127, + "(&(objectClass=fedfsFsn)(fedfsFsnUuid=%s))", fsn_uuid); + if (len < 0 || len > 127) { + xlog(D_GENERAL, "%s: invalid FSN UUID", __func__); + free(filter); return FEDFS_ERR_INVAL; } - rc = nsdb_search_nsdb_all_s(ld, base, LDAP_SCOPE_ONE, - "(objectClass=fedfsFsn)", &response); + rc = nsdb_search_nsdb_all_s(ld, nce, LDAP_SCOPE_ONE, filter, &response); + free(filter); switch (rc) { case LDAP_SUCCESS: case LDAP_REFERRAL: