diff options
| author | Rich Megginson <rmeggins@redhat.com> | 2009-07-14 12:50:36 -0600 |
|---|---|---|
| committer | Rich Megginson <rmeggins@redhat.com> | 2009-07-14 14:41:45 -0600 |
| commit | bea97a2d7b6437419cc5649645f0c58b6966a46e (patch) | |
| tree | 9baee3513c3905affd830a36a5813e3cfc84a304 /ldap/servers/slapd/back-ldbm/dblayer.c | |
| parent | a4240192f344a1a172cfdf8609661b90435b5db3 (diff) | |
| download | ds-bea97a2d7b6437419cc5649645f0c58b6966a46e.tar.gz ds-bea97a2d7b6437419cc5649645f0c58b6966a46e.tar.xz ds-bea97a2d7b6437419cc5649645f0c58b6966a46e.zip | |
Fix attrcrypt usage of nsSymmetricKey
The current attrcrypt is failing because it attempts to store the encryption
symkey in the nsSymmetricKey attribute. This attribute is not defined in the
schema, so it defaults to DirectoryString syntax. Storing the value then fails
syntax validation because the binary values in the key do not conform to
DirectoryString. The code was poorly designed to handle and report errors of
this nature. The real fix is to add nsSymmetricKey as a BINARY syntax
attribute. I also cleaned up the error detection and reporting for this case.
Reviewed by: nkinder (Thanks!)
Diffstat (limited to 'ldap/servers/slapd/back-ldbm/dblayer.c')
| -rw-r--r-- | ldap/servers/slapd/back-ldbm/dblayer.c | 7 |
1 files changed, 6 insertions, 1 deletions
diff --git a/ldap/servers/slapd/back-ldbm/dblayer.c b/ldap/servers/slapd/back-ldbm/dblayer.c index 4eeb93c1..42642b24 100644 --- a/ldap/servers/slapd/back-ldbm/dblayer.c +++ b/ldap/servers/slapd/back-ldbm/dblayer.c @@ -1837,7 +1837,12 @@ int dblayer_instance_start(backend *be, int mode) return 0; } - attrcrypt_init(inst); + if (attrcrypt_init(inst)) { + LDAPDebug(LDAP_DEBUG_ANY, + "Error: unable to initialize attrcrypt system for %s\n", + inst->inst_name, 0, 0); + return -1; + } /* Get the name of the directory that holds index files * for this instance. */ |