ldap/servers/slapd/back-ldbm/back-ldbm.h | 1 +
ldap/servers/slapd/back-ldbm/import-threads.c | 2 ++
ldap/servers/slapd/back-ldbm/ldbm_config.c | 21 +++++++++++++++++++++
ldap/servers/slapd/back-ldbm/ldbm_config.h | 1 +
4 files changed, 25 insertions(+)
New commits:
commit e024b676c8cc91e27b2ce720d99a71d40922a513
Author: Thierry bordaz (tbordaz) <tbordaz(a)redhat.com>
Date: Mon Jun 17 14:42:34 2013 +0200
Ticket 47393 - Attribute are not encrypted on a consumer after a full initialization
Bug Description:
During online initialization of a replica encrypted attributes are not encrypted by
the import.
This is because the import job flag job->encrypt is not set.
Fix Description:
The fix consist to add the config backend attribute
"nsslapd-online-import-encrypt" that is by default set to "on".
During online 'ldbm_back_wire_import' the config attribute is set into the
pblock and set into the job->encrypt
https://bugzilla.redhat.com/show_bug.cgi?id=893178
Reviewed by: Rich Meggison (thanks Rich)
Platforms tested: fedora 17
Flag Day: no
Doc impact: no
diff --git a/ldap/servers/slapd/back-ldbm/back-ldbm.h
b/ldap/servers/slapd/back-ldbm/back-ldbm.h
index 4645561..19c64ac 100644
--- a/ldap/servers/slapd/back-ldbm/back-ldbm.h
+++ b/ldap/servers/slapd/back-ldbm/back-ldbm.h
@@ -654,6 +654,7 @@ struct ldbminfo {
int li_reslimit_rangelookthrough_handle;
int li_idl_update;
int li_old_idl_maxids;
+ int li_online_import_encrypt; /* toggle attribute encryption during
ldbm_back_wire_import */
#define BACKEND_OPT_NO_RUV_UPDATE 0x01
#define BACKEND_OPT_DBLOCK_INSIDE_TXN 0x02
#define BACKEND_OPT_MANAGE_ENTRY_BEFORE_DBLOCK 0x04
diff --git a/ldap/servers/slapd/back-ldbm/import-threads.c
b/ldap/servers/slapd/back-ldbm/import-threads.c
index d9ab51f..5cb5663 100644
--- a/ldap/servers/slapd/back-ldbm/import-threads.c
+++ b/ldap/servers/slapd/back-ldbm/import-threads.c
@@ -3080,6 +3080,7 @@ static int bulk_import_start(Slapi_PBlock *pb)
}
slapi_pblock_get(pb, SLAPI_BACKEND, &be);
+ slapi_pblock_get(pb, SLAPI_LDIF2DB_ENCRYPT, &job->encrypt);
PR_ASSERT(be != NULL);
li = (struct ldbminfo *)(be->be_database->plg_private);
job->inst = (ldbm_instance *)be->be_instance_info;
@@ -3411,6 +3412,7 @@ int ldbm_back_wire_import(Slapi_PBlock *pb)
PR_ASSERT(be != NULL);
li = (struct ldbminfo *)(be->be_database->plg_private);
slapi_pblock_get(pb, SLAPI_BULK_IMPORT_STATE, &state);
+ slapi_pblock_set(pb, SLAPI_LDIF2DB_ENCRYPT, &li->li_online_import_encrypt);
if (state == SLAPI_BI_STATE_START) {
/* starting a new import */
int rc = bulk_import_start(pb);
diff --git a/ldap/servers/slapd/back-ldbm/ldbm_config.c
b/ldap/servers/slapd/back-ldbm/ldbm_config.c
index ae2e8fc..a10f0c7 100644
--- a/ldap/servers/slapd/back-ldbm/ldbm_config.c
+++ b/ldap/servers/slapd/back-ldbm/ldbm_config.c
@@ -913,6 +913,26 @@ static int ldbm_config_db_private_mem_set(void *arg, void *value,
char *errorbuf
return retval;
}
+static void *ldbm_config_db_online_import_encrypt_get(void *arg)
+{
+ struct ldbminfo *li = (struct ldbminfo *) arg;
+
+ return (void *) ((uintptr_t)li->li_online_import_encrypt);
+}
+
+static int ldbm_config_db_online_import_encrypt_set(void *arg, void *value, char
*errorbuf, int phase, int apply)
+{
+ struct ldbminfo *li = (struct ldbminfo *) arg;
+ int retval = LDAP_SUCCESS;
+ int val = (int) ((uintptr_t)value);
+
+ if (apply) {
+ li->li_online_import_encrypt = val;
+ }
+
+ return retval;
+}
+
static void *ldbm_config_db_private_import_mem_get(void *arg)
{
struct ldbminfo *li = (struct ldbminfo *) arg;
@@ -1410,6 +1430,7 @@ static config_info ldbm_config[] = {
{CONFIG_DB_LOCK, CONFIG_TYPE_INT, "10000", &ldbm_config_db_lock_get,
&ldbm_config_db_lock_set, 0},
{CONFIG_DB_PRIVATE_MEM, CONFIG_TYPE_ONOFF, "off",
&ldbm_config_db_private_mem_get, &ldbm_config_db_private_mem_set, 0},
{CONFIG_DB_PRIVATE_IMPORT_MEM, CONFIG_TYPE_ONOFF, "on",
&ldbm_config_db_private_import_mem_get, &ldbm_config_db_private_import_mem_set,
CONFIG_FLAG_ALWAYS_SHOW|CONFIG_FLAG_ALLOW_RUNNING_CHANGE},
+ {CONDIF_DB_ONLINE_IMPORT_ENCRYPT, CONFIG_TYPE_ONOFF, "on",
&ldbm_config_db_online_import_encrypt_get,
&ldbm_config_db_online_import_encrypt_set, 0},
{CONFIG_DB_SHM_KEY, CONFIG_TYPE_LONG, "389389",
&ldbm_config_db_shm_key_get, &ldbm_config_db_shm_key_set, 0},
{CONFIG_DB_CACHE, CONFIG_TYPE_INT, "0", &ldbm_config_db_cache_get,
&ldbm_config_db_cache_set, 0},
{CONFIG_DB_DEBUG_CHECKPOINTING, CONFIG_TYPE_ONOFF, "off",
&ldbm_config_db_debug_checkpointing_get, &ldbm_config_db_debug_checkpointing_set,
0},
diff --git a/ldap/servers/slapd/back-ldbm/ldbm_config.h
b/ldap/servers/slapd/back-ldbm/ldbm_config.h
index af6b2d0..b0a7fab 100644
--- a/ldap/servers/slapd/back-ldbm/ldbm_config.h
+++ b/ldap/servers/slapd/back-ldbm/ldbm_config.h
@@ -139,6 +139,7 @@ struct config_info {
#define CONFIG_DB_HOME_DIRECTORY "nsslapd-db-home-directory"
#define CONFIG_DB_LOCKDOWN "nsslapd-db-lockdown"
#define CONFIG_DB_TX_MAX "nsslapd-db-tx-max"
+#define CONDIF_DB_ONLINE_IMPORT_ENCRYPT "nsslapd-online-import-encrypt"
#define CONFIG_IDL_SWITCH "nsslapd-idl-switch"
#define CONFIG_IDL_UPDATE "nsslapd-idl-update"