[fedfs-utils] [PATCH 4/5] rpc.fedfsd: SET_NSDB_PARAMS should not return FEDFS_ERR_NSDB_LDAP_VAL

Thu, 21 Nov 2013 16:40:39 -0800 

FEDFS_ERR_NSDB_LDAP_VAL is allowed by the spec only for the
FEDFS_LOOKUP_JUNCTION and FEDFS_LOOKUP_REPLICATION operations.  And
besides, there's no room in the FEDFS_SET_NSDB_PARAMS result for an
LDAP error side car value.

Still, it would be nice to report that an NSDB is not reachable
when it is added to a fileserver's NSDB connection parameters
database.  It's a good sanity check that junctions created on that
fileserver that target that NSDB will be resolvable.

The ADMIN protocol spec, however, does not allow the
FEDFS_SET_NSDB_PARAMS operation to return any status code that
signifies whether fedfsd was able to connect with or verify the
passed-in NSDB.

For now, rpc.fedfsd will return FEDFS_ERR_NSDB_CONN if it cannot
reach the NSDB, or FEDFS_ERR_NSDB_AUTH if the client has not
provided a certificate and the NSDB requires TLS.  If the LDAP
server is reachable but does not contain an NSDB Container Entry
rpc.fedfsd will return FEDFS_ERR_NSDB_NONCE.

This behavior is useful, in my opinion, but it clearly does not
comply with the ADMIN protocol specification.  I don't see how it
would greatly harm interoperability, however.  If there are clients
that balk, I will remove the NSDB ping test entirely.

fedfsd_test_nsdb() was added in commit b055c16b "rpc.fedfsd:
SET_NSDB_PARAMS should fail if LDAP server isn't an NSDB", Sep 3
12:11:11 2011.

Signed-off-by: Chuck Lever <[email protected]>
---
 src/fedfsd/svc.c |    5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/src/fedfsd/svc.c b/src/fedfsd/svc.c
index e99bd4c..218ef24 100644
--- a/src/fedfsd/svc.c
+++ b/src/fedfsd/svc.c
@@ -967,12 +967,14 @@ fedfsd_test_nsdb(const char *hostname, unsigned short 
port)
        case FEDFS_ERR_NSDB_LDAP_VAL:
                xlog(D_GENERAL, "%s: failed to ping NSDB %s:%u: %s\n",
                        __func__, hostname, port,
-               ldap_err2string(ldap_err));
+                       ldap_err2string(ldap_err));
+               retval = FEDFS_ERR_NSDB_CONN;
                break;
        default:
                xlog(D_GENERAL, "%s: failed to ping NSDB %s:%u: %s",
                        __func__, hostname, port,
                        nsdb_display_fedfsstatus(retval));
+               retval = FEDFS_ERR_NSDB_CONN;
        }
 
        return retval;
@@ -1018,7 +1020,6 @@ fedfsd_svc_set_nsdb_params_1(SVCXPRT *xprt)
                case FEDFS_ERR_NSDB_AUTH:
                        if (args.params.secType == FEDFS_SEC_NONE)
                                goto out;
-                       result = FEDFS_OK;
                        break;
                default:
                        goto out;


_______________________________________________
fedfs-utils-devel mailing list
[email protected]
https://oss.oracle.com/mailman/listinfo/fedfs-utils-devel

Reply via email to