[prev in list] [next in list] [prev in thread] [next in thread]
List: fedora-directory-commits
Subject: [389-commits] Branch '389-ds-base-1.3.1' - ldap/servers
From: thierry bordaz <tbordaz () fedoraproject ! org>
Date: 2013-06-24 16:33:19
Message-ID: 20130624163319.99DF760DE4 () fedorahosted ! org
[Download RAW message or body]
ldap/servers/slapd/back-ldbm/back-ldbm.h | 15 ++++++++-------
ldap/servers/slapd/back-ldbm/import-threads.c | 2 ++
ldap/servers/slapd/back-ldbm/ldbm_config.c | 21 +++++++++++++++++++++
ldap/servers/slapd/back-ldbm/ldbm_config.h | 1 +
4 files changed, 32 insertions(+), 7 deletions(-)
New commits:
commit 46ced87650f310b18bb9fbde3d20a1e9cb2e0d9f
Author: Thierry bordaz (tbordaz) <tbordaz@redhat.com>
Date: Mon Jun 17 14:42:34 2013 +0200
Ticket 47393 - Attribute are not encrypted on a consumer after a full \
initialization
Bug Description:
During online initialization of a replica encrypted attributes are not encrypted \
by the import. This is because the import job flag job->encrypt is not set.
Fix Description:
The fix consist to add the config backend attribute \
"nsslapd-online-import-encrypt" that is by default set to "on".
During online 'ldbm_back_wire_import' the config attribute is set into the \
pblock and set into the job->encrypt
https://bugzilla.redhat.com/show_bug.cgi?id=893178
Reviewed by: Rich Meggison (thanks Rich)
Platforms tested: fedora 17
Flag Day: no
Doc impact: no
diff --git a/ldap/servers/slapd/back-ldbm/back-ldbm.h \
b/ldap/servers/slapd/back-ldbm/back-ldbm.h index 871d489..64b636f 100644
--- a/ldap/servers/slapd/back-ldbm/back-ldbm.h
+++ b/ldap/servers/slapd/back-ldbm/back-ldbm.h
@@ -645,13 +645,14 @@ struct ldbminfo {
int li_fat_lock; /* 608146 -- make this configurable, first */
int li_legacy_errcode; /* 615428 -- in case legacy err code is expected */
Slapi_Counter *li_global_usn_counter; /* global USN counter */
- int li_reslimit_allids_handle; /* allids aka idlistscan */
- int li_pagedlookthroughlimit;
- int li_pagedallidsthreshold;
- int li_reslimit_pagedlookthrough_handle;
- int li_reslimit_pagedallids_handle; /* allids aka idlistscan */
- int li_rangelookthroughlimit;
- int li_reslimit_rangelookthrough_handle;
+ int li_reslimit_allids_handle; /* allids aka idlistscan */
+ int li_pagedlookthroughlimit;
+ int li_pagedallidsthreshold;
+ int li_reslimit_pagedlookthrough_handle;
+ int li_reslimit_pagedallids_handle; /* allids aka idlistscan */
+ int li_rangelookthroughlimit;
+ int li_reslimit_rangelookthrough_handle;
+ int li_online_import_encrypt; /* toggle attribute encryption during \
ldbm_back_wire_import */ };
/* li_flags could store these bits defined in ../slapi-plugin.h
diff --git a/ldap/servers/slapd/back-ldbm/import-threads.c \
b/ldap/servers/slapd/back-ldbm/import-threads.c index d9ab51f..5cb5663 100644
--- a/ldap/servers/slapd/back-ldbm/import-threads.c
+++ b/ldap/servers/slapd/back-ldbm/import-threads.c
@@ -3080,6 +3080,7 @@ static int bulk_import_start(Slapi_PBlock *pb)
}
slapi_pblock_get(pb, SLAPI_BACKEND, &be);
+ slapi_pblock_get(pb, SLAPI_LDIF2DB_ENCRYPT, &job->encrypt);
PR_ASSERT(be != NULL);
li = (struct ldbminfo *)(be->be_database->plg_private);
job->inst = (ldbm_instance *)be->be_instance_info;
@@ -3411,6 +3412,7 @@ int ldbm_back_wire_import(Slapi_PBlock *pb)
PR_ASSERT(be != NULL);
li = (struct ldbminfo *)(be->be_database->plg_private);
slapi_pblock_get(pb, SLAPI_BULK_IMPORT_STATE, &state);
+ slapi_pblock_set(pb, SLAPI_LDIF2DB_ENCRYPT, &li->li_online_import_encrypt);
if (state == SLAPI_BI_STATE_START) {
/* starting a new import */
int rc = bulk_import_start(pb);
diff --git a/ldap/servers/slapd/back-ldbm/ldbm_config.c \
b/ldap/servers/slapd/back-ldbm/ldbm_config.c index 232af54..eeae22b 100644
--- a/ldap/servers/slapd/back-ldbm/ldbm_config.c
+++ b/ldap/servers/slapd/back-ldbm/ldbm_config.c
@@ -865,6 +865,26 @@ static int ldbm_config_db_private_mem_set(void *arg, void \
*value, char *errorbuf return retval;
}
+static void *ldbm_config_db_online_import_encrypt_get(void *arg)
+{
+ struct ldbminfo *li = (struct ldbminfo *) arg;
+
+ return (void *) ((uintptr_t)li->li_online_import_encrypt);
+}
+
+static int ldbm_config_db_online_import_encrypt_set(void *arg, void *value, char \
*errorbuf, int phase, int apply) +{
+ struct ldbminfo *li = (struct ldbminfo *) arg;
+ int retval = LDAP_SUCCESS;
+ int val = (int) ((uintptr_t)value);
+
+ if (apply) {
+ li->li_online_import_encrypt = val;
+ }
+
+ return retval;
+}
+
static void *ldbm_config_db_private_import_mem_get(void *arg)
{
struct ldbminfo *li = (struct ldbminfo *) arg;
@@ -1339,6 +1359,7 @@ static config_info ldbm_config[] = {
{CONFIG_DB_LOCK, CONFIG_TYPE_INT, "10000", &ldbm_config_db_lock_get, \
&ldbm_config_db_lock_set, 0},
{CONFIG_DB_PRIVATE_MEM, CONFIG_TYPE_ONOFF, "off", \
&ldbm_config_db_private_mem_get, &ldbm_config_db_private_mem_set, 0}, \
{CONFIG_DB_PRIVATE_IMPORT_MEM, CONFIG_TYPE_ONOFF, "on", \
&ldbm_config_db_private_import_mem_get, &ldbm_config_db_private_import_mem_set, \
CONFIG_FLAG_ALWAYS_SHOW|CONFIG_FLAG_ALLOW_RUNNING_CHANGE}, + \
{CONDIF_DB_ONLINE_IMPORT_ENCRYPT, CONFIG_TYPE_ONOFF, "on", \
&ldbm_config_db_online_import_encrypt_get, &ldbm_config_db_online_import_encrypt_set, \
0},
{CONFIG_DB_SHM_KEY, CONFIG_TYPE_LONG, "389389", &ldbm_config_db_shm_key_get, \
&ldbm_config_db_shm_key_set, 0},
{CONFIG_DB_CACHE, CONFIG_TYPE_INT, "0", &ldbm_config_db_cache_get, \
&ldbm_config_db_cache_set, 0},
{CONFIG_DB_DEBUG_CHECKPOINTING, CONFIG_TYPE_ONOFF, "off", \
&ldbm_config_db_debug_checkpointing_get, \
&ldbm_config_db_debug_checkpointing_set, 0},
diff --git a/ldap/servers/slapd/back-ldbm/ldbm_config.h \
b/ldap/servers/slapd/back-ldbm/ldbm_config.h index a5830e3..33eb078 100644
--- a/ldap/servers/slapd/back-ldbm/ldbm_config.h
+++ b/ldap/servers/slapd/back-ldbm/ldbm_config.h
@@ -136,6 +136,7 @@ struct config_info {
#define CONFIG_DB_HOME_DIRECTORY "nsslapd-db-home-directory"
#define CONFIG_DB_LOCKDOWN "nsslapd-db-lockdown"
#define CONFIG_DB_TX_MAX "nsslapd-db-tx-max"
+#define CONDIF_DB_ONLINE_IMPORT_ENCRYPT "nsslapd-online-import-encrypt"
#define CONFIG_IDL_SWITCH "nsslapd-idl-switch"
#define CONFIG_BYPASS_FILTER_TEST "nsslapd-search-bypass-filter-test"
--
389 commits mailing list
389-commits@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-commits
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic