[389-devel] Please Review: Skip syntax check when importing pre-encrypted attributes

Nathan Kinder <nkinder@xxxxxxxxxx> · Mon, 20 Jul 2009 09:35:58 -0700

>From 654c62253e13df368be9a2e1b89e03771e363041 Mon Sep 17 00:00:00 2001
From: Nathan Kinder <nkinder@xxxxxxxxxxxxxxxxxxx>
Date: Mon, 20 Jul 2009 09:30:15 -0700
Subject: [PATCH] Skip syntax check of encrypted attributes during import.

When importing an ldif with pre-encrypted attributes, we
need to skip the syntax check to avoid the import of those
entries being skipped.  The fix makes a copy of an entry
with encrypted attributes, removes the encrypted attribtues,
and uses this trimmed copy for the syntax check.
---
 ldap/servers/slapd/back-ldbm/import-threads.c |   45 ++++++++++++++++++++++++-
 1 files changed, 44 insertions(+), 1 deletions(-)

diff --git a/ldap/servers/slapd/back-ldbm/import-threads.c b/ldap/servers/slapd/back-ldbm/import-threads.c
index e0f0075..b5e4e07 100644
--- a/ldap/servers/slapd/back-ldbm/import-threads.c
+++ b/ldap/servers/slapd/back-ldbm/import-threads.c
@@ -359,6 +359,7 @@ void import_producer(void *param)
     Slapi_Entry *e = NULL;
     struct backentry *ep = NULL, *old_ep = NULL;
     ldbm_instance *inst = job->inst;
+    backend *be = inst->inst_be;
     PRIntervalTime sleeptime;
     char *estr = NULL;
     int str2entry_flags =
@@ -406,6 +407,7 @@ void import_producer(void *param)
         int flags = 0;
         int prev_lineno = 0;
         int lines_in_entry = 0;
+        int syntax_err = 0;
 
         if (job->flags & FLAG_ABORT) { 
             goto error;
@@ -546,8 +548,49 @@ void import_producer(void *param)
             continue;
         }
 
+        /* If we are importing pre-encrypted attributes, we need
+         * to skip syntax checks for the encrypted values. */
+        if (!(job->encrypt) && inst->attrcrypt_configured) {
+            Slapi_Attr *attr = NULL;
+            Slapi_Entry *e_copy = NULL;
+
+            /* Scan through the entry to see if any present
+             * attributes are configured for encryption. */
+            slapi_entry_first_attr(e, &attr);
+            while (attr) {
+                char *type = NULL;
+                struct attrinfo *ai = NULL;
+
+                slapi_attr_get_type(attr, &type);
+
+                /* Check if this type is configured for encryption. */
+                ainfo_get(be, type, &ai);
+                if (ai->ai_attrcrypt != NULL) {
+                    /* Make a copy of the entry to use for syntax
+                     * checking if a copy has not been made yet. */
+                    if (e_copy == NULL) {
+                        e_copy = slapi_entry_dup(e);
+                    }
+
+                    /* Delete the enrypted attribute from the copy. */
+                    slapi_entry_attr_delete(e_copy, type);
+                }
+
+                slapi_entry_next_attr(e, attr, &attr);
+            }
+
+            if (e_copy) {
+                syntax_err = slapi_entry_syntax_check(NULL, e_copy, 0);
+                slapi_entry_free(e_copy);
+            } else {
+                syntax_err = slapi_entry_syntax_check(NULL, e, 0);
+            }
+        } else {
+            syntax_err = slapi_entry_syntax_check(NULL, e, 0);
+        }
+
         /* Check attribute syntax */
-        if (slapi_entry_syntax_check(NULL, e, 0) != 0)
+        if (syntax_err != 0)
         {
             char ebuf[BUFSIZ];
             import_log_notice(job, "WARNING: skipping entry \"%s\" which "
-- 
1.6.2.5

--
389-devel mailing list
389-devel@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-directory-devel




