diff options
| author | Nathan Kinder <nkinder@boraras.localdomain> | 2009-07-20 09:30:15 -0700 |
|---|---|---|
| committer | Nathan Kinder <nkinder@boraras.localdomain> | 2009-07-20 09:30:15 -0700 |
| commit | 654c62253e13df368be9a2e1b89e03771e363041 (patch) | |
| tree | 228ae58bd87438a188503bd301e5ad6f51dcb79c /ldap/servers/slapd/back-ldbm/import-threads.c | |
| parent | f1b25be262ac07cd366814e4920a22f1852d737f (diff) | |
| download | ds-654c62253e13df368be9a2e1b89e03771e363041.tar.gz ds-654c62253e13df368be9a2e1b89e03771e363041.tar.xz ds-654c62253e13df368be9a2e1b89e03771e363041.zip | |
Skip syntax check of encrypted attributes during import.
When importing an ldif with pre-encrypted attributes, we
need to skip the syntax check to avoid the import of those
entries being skipped. The fix makes a copy of an entry
with encrypted attributes, removes the encrypted attribtues,
and uses this trimmed copy for the syntax check.
Diffstat (limited to 'ldap/servers/slapd/back-ldbm/import-threads.c')
| -rw-r--r-- | ldap/servers/slapd/back-ldbm/import-threads.c | 45 |
1 files changed, 44 insertions, 1 deletions
diff --git a/ldap/servers/slapd/back-ldbm/import-threads.c b/ldap/servers/slapd/back-ldbm/import-threads.c index e0f00750..b5e4e07f 100644 --- a/ldap/servers/slapd/back-ldbm/import-threads.c +++ b/ldap/servers/slapd/back-ldbm/import-threads.c @@ -359,6 +359,7 @@ void import_producer(void *param) Slapi_Entry *e = NULL; struct backentry *ep = NULL, *old_ep = NULL; ldbm_instance *inst = job->inst; + backend *be = inst->inst_be; PRIntervalTime sleeptime; char *estr = NULL; int str2entry_flags = @@ -406,6 +407,7 @@ void import_producer(void *param) int flags = 0; int prev_lineno = 0; int lines_in_entry = 0; + int syntax_err = 0; if (job->flags & FLAG_ABORT) { goto error; @@ -546,8 +548,49 @@ void import_producer(void *param) continue; } + /* If we are importing pre-encrypted attributes, we need + * to skip syntax checks for the encrypted values. */ + if (!(job->encrypt) && inst->attrcrypt_configured) { + Slapi_Attr *attr = NULL; + Slapi_Entry *e_copy = NULL; + + /* Scan through the entry to see if any present + * attributes are configured for encryption. */ + slapi_entry_first_attr(e, &attr); + while (attr) { + char *type = NULL; + struct attrinfo *ai = NULL; + + slapi_attr_get_type(attr, &type); + + /* Check if this type is configured for encryption. */ + ainfo_get(be, type, &ai); + if (ai->ai_attrcrypt != NULL) { + /* Make a copy of the entry to use for syntax + * checking if a copy has not been made yet. */ + if (e_copy == NULL) { + e_copy = slapi_entry_dup(e); + } + + /* Delete the enrypted attribute from the copy. */ + slapi_entry_attr_delete(e_copy, type); + } + + slapi_entry_next_attr(e, attr, &attr); + } + + if (e_copy) { + syntax_err = slapi_entry_syntax_check(NULL, e_copy, 0); + slapi_entry_free(e_copy); + } else { + syntax_err = slapi_entry_syntax_check(NULL, e, 0); + } + } else { + syntax_err = slapi_entry_syntax_check(NULL, e, 0); + } + /* Check attribute syntax */ - if (slapi_entry_syntax_check(NULL, e, 0) != 0) + if (syntax_err != 0) { char ebuf[BUFSIZ]; import_log_notice(job, "WARNING: skipping entry \"%s\" which " |