|
 |
dc8c34 |
From 4da5a8086797d0584fdf5e5d222c531dc3369b9f Mon Sep 17 00:00:00 2001
|
|
|
dc8c34 |
From: "Thierry bordaz (tbordaz)" <tbordaz@redhat.com>
|
|
|
dc8c34 |
Date: Mon, 17 Jun 2013 14:42:34 +0200
|
|
|
dc8c34 |
Subject: [PATCH 74/99] Ticket 47393 - Attribute are not encrypted on a
|
|
|
dc8c34 |
consumer after a full initialization
|
|
|
dc8c34 |
|
|
|
dc8c34 |
Bug Description:
|
|
|
dc8c34 |
During online initialization of a replica encrypted attributes are not encrypted by the import.
|
|
|
dc8c34 |
This is because the import job flag job->encrypt is not set.
|
|
|
dc8c34 |
|
|
|
dc8c34 |
Fix Description:
|
|
|
dc8c34 |
The fix consist to add the config backend attribute "nsslapd-online-import-encrypt" that is by default set to "on".
|
|
|
dc8c34 |
During online 'ldbm_back_wire_import' the config attribute is set into the pblock and set into the job->encrypt
|
|
|
dc8c34 |
|
|
|
dc8c34 |
https://bugzilla.redhat.com/show_bug.cgi?id=893178
|
|
|
dc8c34 |
|
|
|
dc8c34 |
Reviewed by: Rich Meggison (thanks Rich)
|
|
|
dc8c34 |
|
|
|
dc8c34 |
Platforms tested: fedora 17
|
|
|
dc8c34 |
|
|
|
dc8c34 |
Flag Day: no
|
|
|
dc8c34 |
|
|
|
dc8c34 |
Doc impact: no
|
|
|
dc8c34 |
(cherry picked from commit 856cdf8ac5e3730335332d6a122262ee10abc59a)
|
|
|
dc8c34 |
---
|
|
|
dc8c34 |
ldap/servers/slapd/back-ldbm/back-ldbm.h | 16 +++++++++-------
|
|
|
dc8c34 |
ldap/servers/slapd/back-ldbm/import-threads.c | 2 ++
|
|
|
dc8c34 |
ldap/servers/slapd/back-ldbm/ldbm_config.c | 21 +++++++++++++++++++++
|
|
|
dc8c34 |
ldap/servers/slapd/back-ldbm/ldbm_config.h | 1 +
|
|
|
dc8c34 |
4 files changed, 33 insertions(+), 7 deletions(-)
|
|
|
dc8c34 |
|
|
|
dc8c34 |
diff --git a/ldap/servers/slapd/back-ldbm/back-ldbm.h b/ldap/servers/slapd/back-ldbm/back-ldbm.h
|
|
|
dc8c34 |
index aed57cf..3330449 100644
|
|
|
dc8c34 |
--- a/ldap/servers/slapd/back-ldbm/back-ldbm.h
|
|
|
dc8c34 |
+++ b/ldap/servers/slapd/back-ldbm/back-ldbm.h
|
|
|
dc8c34 |
@@ -644,13 +644,15 @@ struct ldbminfo {
|
|
|
dc8c34 |
int li_fat_lock; /* 608146 -- make this configurable, first */
|
|
|
dc8c34 |
int li_legacy_errcode; /* 615428 -- in case legacy err code is expected */
|
|
|
dc8c34 |
Slapi_Counter *li_global_usn_counter; /* global USN counter */
|
|
|
dc8c34 |
- int li_reslimit_allids_handle; /* allids aka idlistscan */
|
|
|
dc8c34 |
- int li_pagedlookthroughlimit;
|
|
|
dc8c34 |
- int li_pagedallidsthreshold;
|
|
|
dc8c34 |
- int li_reslimit_pagedlookthrough_handle;
|
|
|
dc8c34 |
- int li_reslimit_pagedallids_handle; /* allids aka idlistscan */
|
|
|
dc8c34 |
- int li_rangelookthroughlimit;
|
|
|
dc8c34 |
- int li_reslimit_rangelookthrough_handle;
|
|
|
dc8c34 |
+ int li_reslimit_allids_handle; /* allids aka idlistscan */
|
|
|
dc8c34 |
+ int li_pagedlookthroughlimit;
|
|
|
dc8c34 |
+ int li_pagedallidsthreshold;
|
|
|
dc8c34 |
+ int li_reslimit_pagedlookthrough_handle;
|
|
|
dc8c34 |
+ int li_reslimit_pagedallids_handle; /* allids aka idlistscan */
|
|
|
dc8c34 |
+ int li_rangelookthroughlimit;
|
|
|
dc8c34 |
+ int li_reslimit_rangelookthrough_handle;
|
|
|
dc8c34 |
+ int li_online_import_encrypt; /* toggle attribute encryption during ldbm_back_wire_import */
|
|
|
dc8c34 |
+
|
|
|
dc8c34 |
};
|
|
|
dc8c34 |
|
|
|
dc8c34 |
/* li_flags could store these bits defined in ../slapi-plugin.h
|
|
|
dc8c34 |
diff --git a/ldap/servers/slapd/back-ldbm/import-threads.c b/ldap/servers/slapd/back-ldbm/import-threads.c
|
|
|
dc8c34 |
index 60dbb5f..b85f073 100644
|
|
|
dc8c34 |
--- a/ldap/servers/slapd/back-ldbm/import-threads.c
|
|
|
dc8c34 |
+++ b/ldap/servers/slapd/back-ldbm/import-threads.c
|
|
|
dc8c34 |
@@ -2715,6 +2715,7 @@ static int bulk_import_start(Slapi_PBlock *pb)
|
|
|
dc8c34 |
}
|
|
|
dc8c34 |
|
|
|
dc8c34 |
slapi_pblock_get(pb, SLAPI_BACKEND, &be);
|
|
|
dc8c34 |
+ slapi_pblock_get(pb, SLAPI_LDIF2DB_ENCRYPT, &job->encrypt);
|
|
|
dc8c34 |
PR_ASSERT(be != NULL);
|
|
|
dc8c34 |
li = (struct ldbminfo *)(be->be_database->plg_private);
|
|
|
dc8c34 |
job->inst = (ldbm_instance *)be->be_instance_info;
|
|
|
dc8c34 |
@@ -3046,6 +3047,7 @@ int ldbm_back_wire_import(Slapi_PBlock *pb)
|
|
|
dc8c34 |
PR_ASSERT(be != NULL);
|
|
|
dc8c34 |
li = (struct ldbminfo *)(be->be_database->plg_private);
|
|
|
dc8c34 |
slapi_pblock_get(pb, SLAPI_BULK_IMPORT_STATE, &state);
|
|
|
dc8c34 |
+ slapi_pblock_set(pb, SLAPI_LDIF2DB_ENCRYPT, &li->li_online_import_encrypt);
|
|
|
dc8c34 |
if (state == SLAPI_BI_STATE_START) {
|
|
|
dc8c34 |
/* starting a new import */
|
|
|
dc8c34 |
int rc = bulk_import_start(pb);
|
|
|
dc8c34 |
diff --git a/ldap/servers/slapd/back-ldbm/ldbm_config.c b/ldap/servers/slapd/back-ldbm/ldbm_config.c
|
|
|
dc8c34 |
index 232af54..eeae22b 100644
|
|
|
dc8c34 |
--- a/ldap/servers/slapd/back-ldbm/ldbm_config.c
|
|
|
dc8c34 |
+++ b/ldap/servers/slapd/back-ldbm/ldbm_config.c
|
|
|
dc8c34 |
@@ -865,6 +865,26 @@ static int ldbm_config_db_private_mem_set(void *arg, void *value, char *errorbuf
|
|
|
dc8c34 |
return retval;
|
|
|
dc8c34 |
}
|
|
|
dc8c34 |
|
|
|
dc8c34 |
+static void *ldbm_config_db_online_import_encrypt_get(void *arg)
|
|
|
dc8c34 |
+{
|
|
|
dc8c34 |
+ struct ldbminfo *li = (struct ldbminfo *) arg;
|
|
|
dc8c34 |
+
|
|
|
dc8c34 |
+ return (void *) ((uintptr_t)li->li_online_import_encrypt);
|
|
|
dc8c34 |
+}
|
|
|
dc8c34 |
+
|
|
|
dc8c34 |
+static int ldbm_config_db_online_import_encrypt_set(void *arg, void *value, char *errorbuf, int phase, int apply)
|
|
|
dc8c34 |
+{
|
|
|
dc8c34 |
+ struct ldbminfo *li = (struct ldbminfo *) arg;
|
|
|
dc8c34 |
+ int retval = LDAP_SUCCESS;
|
|
|
dc8c34 |
+ int val = (int) ((uintptr_t)value);
|
|
|
dc8c34 |
+
|
|
|
dc8c34 |
+ if (apply) {
|
|
|
dc8c34 |
+ li->li_online_import_encrypt = val;
|
|
|
dc8c34 |
+ }
|
|
|
dc8c34 |
+
|
|
|
dc8c34 |
+ return retval;
|
|
|
dc8c34 |
+}
|
|
|
dc8c34 |
+
|
|
|
dc8c34 |
static void *ldbm_config_db_private_import_mem_get(void *arg)
|
|
|
dc8c34 |
{
|
|
|
dc8c34 |
struct ldbminfo *li = (struct ldbminfo *) arg;
|
|
|
dc8c34 |
@@ -1339,6 +1359,7 @@ static config_info ldbm_config[] = {
|
|
|
dc8c34 |
{CONFIG_DB_LOCK, CONFIG_TYPE_INT, "10000", &ldbm_config_db_lock_get, &ldbm_config_db_lock_set, 0},
|
|
|
dc8c34 |
{CONFIG_DB_PRIVATE_MEM, CONFIG_TYPE_ONOFF, "off", &ldbm_config_db_private_mem_get, &ldbm_config_db_private_mem_set, 0},
|
|
|
dc8c34 |
{CONFIG_DB_PRIVATE_IMPORT_MEM, CONFIG_TYPE_ONOFF, "on", &ldbm_config_db_private_import_mem_get, &ldbm_config_db_private_import_mem_set, CONFIG_FLAG_ALWAYS_SHOW|CONFIG_FLAG_ALLOW_RUNNING_CHANGE},
|
|
|
dc8c34 |
+ {CONDIF_DB_ONLINE_IMPORT_ENCRYPT, CONFIG_TYPE_ONOFF, "on", &ldbm_config_db_online_import_encrypt_get, &ldbm_config_db_online_import_encrypt_set, 0},
|
|
|
dc8c34 |
{CONFIG_DB_SHM_KEY, CONFIG_TYPE_LONG, "389389", &ldbm_config_db_shm_key_get, &ldbm_config_db_shm_key_set, 0},
|
|
|
dc8c34 |
{CONFIG_DB_CACHE, CONFIG_TYPE_INT, "0", &ldbm_config_db_cache_get, &ldbm_config_db_cache_set, 0},
|
|
|
dc8c34 |
{CONFIG_DB_DEBUG_CHECKPOINTING, CONFIG_TYPE_ONOFF, "off", &ldbm_config_db_debug_checkpointing_get, &ldbm_config_db_debug_checkpointing_set, 0},
|
|
|
dc8c34 |
diff --git a/ldap/servers/slapd/back-ldbm/ldbm_config.h b/ldap/servers/slapd/back-ldbm/ldbm_config.h
|
|
|
dc8c34 |
index a5830e3..33eb078 100644
|
|
|
dc8c34 |
--- a/ldap/servers/slapd/back-ldbm/ldbm_config.h
|
|
|
dc8c34 |
+++ b/ldap/servers/slapd/back-ldbm/ldbm_config.h
|
|
|
dc8c34 |
@@ -136,6 +136,7 @@ struct config_info {
|
|
|
dc8c34 |
#define CONFIG_DB_HOME_DIRECTORY "nsslapd-db-home-directory"
|
|
|
dc8c34 |
#define CONFIG_DB_LOCKDOWN "nsslapd-db-lockdown"
|
|
|
dc8c34 |
#define CONFIG_DB_TX_MAX "nsslapd-db-tx-max"
|
|
|
dc8c34 |
+#define CONDIF_DB_ONLINE_IMPORT_ENCRYPT "nsslapd-online-import-encrypt"
|
|
|
dc8c34 |
|
|
|
dc8c34 |
#define CONFIG_IDL_SWITCH "nsslapd-idl-switch"
|
|
|
dc8c34 |
#define CONFIG_BYPASS_FILTER_TEST "nsslapd-search-bypass-filter-test"
|
|
|
dc8c34 |
--
|
|
|
dc8c34 |
1.8.1.4
|
|
|
dc8c34 |
|