[fedfs-utils] [PATCH 3/4] rpc.fedfsd: SET_NSDB_PARAMS should not return NSDB_LDAP_VAL

Chuck Lever chuck.lever at oracle.com
Tue Dec 10 10:16:22 PST 2013 

FEDFS_ERR_NSDB_LDAP_VAL is allowed by the spec only for the
FEDFS_LOOKUP_JUNCTION and FEDFS_LOOKUP_REPLICATION operations.  And
besides, there's no room in the FEDFS_SET_NSDB_PARAMS result for an
LDAP error side car value.

Still, it would be nice to report that an NSDB is not reachable
when it is added to a fileserver's NSDB connection parameters
database.  It's a good sanity check that junctions created on that
fileserver that target that NSDB will be resolvable.

The ADMIN protocol spec, however, does not allow the
FEDFS_SET_NSDB_PARAMS operation to return any status code that
signifies whether fedfsd was able to connect with or verify the
passed-in NSDB.

For now, rpc.fedfsd will return FEDFS_ERR_NSDB_CONN if it cannot
reach the NSDB, or FEDFS_ERR_NSDB_AUTH if the client has not
provided a certificate and the NSDB requires TLS.  If the LDAP
server is reachable but does not contain an NSDB Container Entry
rpc.fedfsd will return FEDFS_ERR_NSDB_NONCE.

This behavior is useful, in my opinion, but it clearly does not
comply with the ADMIN protocol specification.  I don't see how it
would greatly harm interoperability, however.  If there are clients
that balk, I will remove the NSDB ping test entirely.

fedfsd_test_nsdb() was added in commit b055c16b "rpc.fedfsd:
SET_NSDB_PARAMS should fail if LDAP server isn't an NSDB", Sep 3
12:11:11 2011.

Signed-off-by: Chuck Lever <chuck.lever at oracle.com>
---
 src/fedfsd/svc.c |    5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/src/fedfsd/svc.c b/src/fedfsd/svc.c
index e99bd4c..218ef24 100644
--- a/src/fedfsd/svc.c
+++ b/src/fedfsd/svc.c
@@ -967,12 +967,14 @@ fedfsd_test_nsdb(const char *hostname, unsigned short port)
 	case FEDFS_ERR_NSDB_LDAP_VAL:
 		xlog(D_GENERAL, "%s: failed to ping NSDB %s:%u: %s\n",
 			__func__, hostname, port,
-		ldap_err2string(ldap_err));
+			ldap_err2string(ldap_err));
+		retval = FEDFS_ERR_NSDB_CONN;
 		break;
 	default:
 		xlog(D_GENERAL, "%s: failed to ping NSDB %s:%u: %s",
 			__func__, hostname, port,
 			nsdb_display_fedfsstatus(retval));
+		retval = FEDFS_ERR_NSDB_CONN;
 	}
 
 	return retval;
@@ -1018,7 +1020,6 @@ fedfsd_svc_set_nsdb_params_1(SVCXPRT *xprt)
 		case FEDFS_ERR_NSDB_AUTH:
 			if (args.params.secType == FEDFS_SEC_NONE)
 				goto out;
-			result = FEDFS_OK;
 			break;
 		default:
 			goto out;

More information about the fedfs-utils-devel mailing list