diff options
author | Noriko Hosoi <nhosoi@redhat.com> | 2010-01-22 09:47:52 -0800 |
---|---|---|
committer | Noriko Hosoi <nhosoi@jiji.localdomain> | 2010-01-22 10:36:16 -0800 |
commit | b5e653a844af60596f9bc6b16349ee902ddb51f5 (patch) | |
tree | d22f47113e303de236e9a9b01376cb6e3d14486f /ldap/servers/slapd/back-ldbm/ldbm_attrcrypt.c | |
parent | 4d93699a71acb061c5787d2b8b61a0417ce02808 (diff) | |
download | ds-b5e653a844af60596f9bc6b16349ee902ddb51f5.tar.gz ds-b5e653a844af60596f9bc6b16349ee902ddb51f5.tar.xz ds-b5e653a844af60596f9bc6b16349ee902ddb51f5.zip |
Allow modrdn to move subtree and rename non-leaf node
This patch includes
- replacing the entrydn index with the entryrdn index
- replacing a full DN in each entry in the DB with an RDN
- extending Slapi_Entry, entry2str, and str2entry to absorb the changes
made on the entry
- adding DN/RDN helper functions
- adding DN cache
- adding a utility and a migration script to convert the DN format database
to the RDN format
- extending a database dump utility dbscan to support the entryrdn
- slapi_dn_syntax_check by nkinder@redhat.com is added to check the dn before
modify operations
- big fix for 171338 - Enhancement: winsync modrdn not synced
In addition to the above, compile warnings and memory leaks found in testing
the new feature are fixed.
For more details, see the feature design document at:
http://directory.fedoraproject.org/wiki/Subtree_Rename
and bugzilla at:
https://bugzilla.redhat.com/show_bug.cgi?id=171338
Diffstat (limited to 'ldap/servers/slapd/back-ldbm/ldbm_attrcrypt.c')
-rw-r--r-- | ldap/servers/slapd/back-ldbm/ldbm_attrcrypt.c | 47 |
1 files changed, 46 insertions, 1 deletions
diff --git a/ldap/servers/slapd/back-ldbm/ldbm_attrcrypt.c b/ldap/servers/slapd/back-ldbm/ldbm_attrcrypt.c index 6a935496..d281506e 100644 --- a/ldap/servers/slapd/back-ldbm/ldbm_attrcrypt.c +++ b/ldap/servers/slapd/back-ldbm/ldbm_attrcrypt.c @@ -916,7 +916,7 @@ attrcrypt_encrypt_entry(backend *be, const struct backentry *in, struct backentr /* * Encrypt an index key. There is never any need to decrypt index keys since - * we only ever look them up using plain text. + * we only ever look them up using plain text (except entryrdn). */ int attrcrypt_encrypt_index_key(backend *be, struct attrinfo *ai, const struct berval *in, struct berval **out) @@ -947,3 +947,48 @@ attrcrypt_encrypt_index_key(backend *be, struct attrinfo *ai, const struct berva return ret; } +/* + * Decrypt index key + * needed by entryrdn (subtree-rename) + */ +int +attrcrypt_decrypt_index_key(backend *be, + struct attrinfo *ai, + const struct berval *in, + struct berval **out) +{ + int rc = 0; /* success */ + + if (ai->ai_attrcrypt) { + Slapi_Value *value = NULL; + rc = -1; + if (NULL == in || NULL == out) { + LDAPDebug1Arg(LDAP_DEBUG_ANY, + "attrcrypt_decrypt_index_key: Empty %s\n", + NULL==in?"in":NULL==out?"out":"unknown"); + return rc; + } + value = slapi_value_new_berval(in); + LDAPDebug0Args(LDAP_DEBUG_TRACE,"-> attrcrypt_decrypt_index_key\n"); + /* Decrypt the input values in place on the original entry */ + rc = attrcrypt_crypto_op_value_replace(ai->ai_attrcrypt, be, ai, + value, 0 /* decrypt */); + if (0 == rc) { + const struct berval *out_bv = + slapi_value_get_berval((const Slapi_Value *)value); + if (NULL == out_bv) { + rc = -1; + goto bail; + } + (*out) = ber_bvdup(out_bv); + if (NULL == *out) { + rc = -1; + } + } +bail: + LDAPDebug0Args(LDAP_DEBUG_TRACE,"<- attrcrypt_decrypt_index_key\n"); + slapi_value_free(&value); + } + + return rc; +} |