[389-commits] ldap/servers

[Noriko Hosoi]

 ldap/servers/slapd/back-ldbm/id2entry.c |   15 +++++++++------
 1 file changed, 9 insertions(+), 6 deletions(-)

New commits:
commit 220bfa6843f5655ddb3bb6f44c0e6890c95080cc
Author: Noriko Hosoi <nhosoi at redhat.com>
Date:   Tue Nov 9 12:02:30 2010 -0800

    Bug 651571 - When attrcrypt is on, entrydn is stored in the backend db
    
    https://bugzilla.redhat.com/show_bug.cgi?id=651571
    
    Description: If an entry contains a to-be-encrypted attribute,
    id2entry_add_ext handles a copy of the entry in which the attribute
    is encrypted, then the copy is being stored in the backend db.
    On the other hand, an entrydn attribute is supposed to remove from
    the entry before storing the entry in the db.  There was a bug
    there: the removal was done on the original entry, but not on the
    encrypted copy.  This patch correctly removes the entrydn attribute
    from the encrypted entry to be stored in the db.

diff --git a/ldap/servers/slapd/back-ldbm/id2entry.c b/ldap/servers/slapd/back-ldbm/id2entry.c
index 71ea940..57ada09 100644
--- a/ldap/servers/slapd/back-ldbm/id2entry.c
+++ b/ldap/servers/slapd/back-ldbm/id2entry.c
@@ -98,7 +98,7 @@ id2entry_add_ext( backend *be, struct backentry *e, back_txn *txn, int encrypt
             Slapi_Attr *eattr = NULL;
             struct backdn *oldbdn = NULL;
             Slapi_DN *sdn =
-                          slapi_sdn_dup(slapi_entry_get_sdn_const(e->ep_entry));
+                         slapi_sdn_dup(slapi_entry_get_sdn_const(entry_to_use));
             struct backdn *bdn = backdn_init(sdn, e->ep_id, 0);
             options |= SLAPI_DUMP_RDN_ENTRY;
 
@@ -117,15 +117,15 @@ id2entry_add_ext( backend *be, struct backentry *e, back_txn *txn, int encrypt
             }
 
             CACHE_RETURN(&inst->inst_dncache, &bdn);
-            LDAPDebug( LDAP_DEBUG_TRACE,
+            LDAPDebug2Args( LDAP_DEBUG_TRACE,
                    "=> id2entry_add (dncache) ( %lu, \"%s\" )\n",
-                   (u_long)e->ep_id, slapi_entry_get_dn_const(e->ep_entry), 0 );
+                   (u_long)e->ep_id, slapi_entry_get_dn_const(entry_to_use) );
             /* If entrydn exists in the entry, we have to remove it before
              * writing the entry to the database. */
-            if (0 == slapi_entry_attr_find(e->ep_entry,
+            if (0 == slapi_entry_attr_find(entry_to_use,
                                            LDBM_ENTRYDN_STR, &eattr)) {
                 /* entrydn exists in the entry.  let's removed it. */
-                slapi_entry_delete_values(e->ep_entry, LDBM_ENTRYDN_STR, NULL);
+                slapi_entry_delete_values(entry_to_use, LDBM_ENTRYDN_STR, NULL);
             }
         }
         data.dptr = slapi_entry2str_with_options(entry_to_use, &len, options);
@@ -148,6 +148,8 @@ id2entry_add_ext( backend *be, struct backentry *e, back_txn *txn, int encrypt
 
     if (0 == rc)
     {
+        /* Putting the entry into the entry cache.  
+         * We don't use the encrypted entry here. */
         if (entryrdn_get_switch()) {
             struct backentry *parententry = NULL;
             ID parentid = slapi_entry_attr_get_ulong(e->ep_entry, "parentid");
@@ -207,7 +209,8 @@ id2entry_add_ext( backend *be, struct backentry *e, back_txn *txn, int encrypt
     }
 
 done:
-    /* If we had an encrypted entry, we no longer need it */
+    /* If we had an encrypted entry, we no longer need it.
+     * Note: encrypted_entry is not in the entry cache. */
     if (encrypted_entry) {
         backentry_free(&encrypted_entry);
     }