#47393 Attribute are not encrypted on a consumer after a full initialization
Closed: wontfix None Opened 9 years ago by tbordaz.

The test case is

- Using master branch, I reproduced the reported issue (at least something very close)
  2 MMR not initialized - encrypted attribute (telephonenumber).
  I created an entry on master1 then update it to add a telephonenumber =123.
  Telephonenumber was encrypted on Master1 (id2entry/index). The entry can be found with telephonenumber=123. And value 123 is returned as attribute value.

  Then initializing Master2
  Telephonenumber is NOT encrypted on Master2 (identry/index). The entry can NOT be found with telephonenumber=123. And the value 123 is returned as attribute value.

   When replication is up and running, add a new entry with telephonenumber.
   The telephonenumber is encrypted on both Masters. The entry can be found on both with telephonenumber=<value>. And the <value> is returned as attribute value.


- On the server that was initialized (master2), the first lookup of the entry telephonenumber=123 triggers this errors:

[14/Jun/2013:17:13:35 +0200] attrcrypt - _back_crypt_crypto_op failed on cipher AES : -8188 - security library has experienced an input length error.
[14/Jun/2013:17:13:35 +0200] - attrcrypt_decrypt_entry: FAILING because decryption operation failed
[14/Jun/2013:17:13:35 +0200] id2entry - attrcrypt_decrypt_entry failed in id2entry


Linked to Bugzilla bug: https://bugzilla.redhat.com/show_bug.cgi?id=974875 (''Red Hat Enterprise Linux 6'')

Push on Master

git merge bug893178

Updating 5337dcf..e024b67
Fast-forward
ldap/servers/slapd/back-ldbm/back-ldbm.h | 1 +
ldap/servers/slapd/back-ldbm/import-threads.c | 2 ++
ldap/servers/slapd/back-ldbm/ldbm_config.c | 21 +++++++++++++++++++++
ldap/servers/slapd/back-ldbm/ldbm_config.h | 1 +
4 files changed, 25 insertions(+)

git push origin master

Enter passphrase for key '/home/tbordaz/.ssh/id_rsa_fedora':
Counting objects: 19, done.
Delta compression using up to 4 threads.
Compressing objects: 100% (10/10), done.
Writing objects: 100% (10/10), 1.47 KiB, done.
Total 10 (delta 8), reused 0 (delta 0)
To ssh://git.fedorahosted.org/git/389/ds.git
5337dcf..e024b67 master -> master

commit e024b67
Author: Thierry bordaz (tbordaz) tbordaz@redhat.com
Date: Mon Jun 17 14:42:34 2013 +0200

'''push on origin/389-ds-base-1.2.11'''

git push origin 389-ds-base-1.2.11
Enter passphrase for key '/home/tbordaz/.ssh/id_rsa_fedora':
Counting objects: 19, done.
Delta compression using up to 4 threads.
Compressing objects: 100% (10/10), done.
Writing objects: 100% (10/10), 1.51 KiB, done.
Total 10 (delta 8), reused 0 (delta 0)
To ssh://git.fedorahosted.org/git/389/ds.git
d1d6245..856cdf8 389-ds-base-1.2.11 -> 389-ds-base-1.2.11

commit 856cdf8
Author: Thierry bordaz (tbordaz) tbordaz@redhat.com
Date: Mon Jun 17 14:42:34 2013 +0200

'''push on origin 389-ds-base-1.3.0'''

git push origin 389-ds-base-1.3.0
Counting objects: 19, done.
Delta compression using up to 4 threads.
Compressing objects: 100% (10/10), done.
Writing objects: 100% (10/10), 1.50 KiB, done.
Total 10 (delta 8), reused 0 (delta 0)
To ssh://git.fedorahosted.org/git/389/ds.git
dfc38d5..693b9f3 389-ds-base-1.3.0 -> 389-ds-base-1.3.0

'''push on origin 389-ds-base-1.3.1'''

git push origin 389-ds-base-1.3.1
Counting objects: 19, done.
Delta compression using up to 4 threads.
Compressing objects: 100% (10/10), done.
Writing objects: 100% (10/10), 1.51 KiB, done.
Total 10 (delta 8), reused 0 (delta 0)
To ssh://git.fedorahosted.org/git/389/ds.git
869a184..46ced87 389-ds-base-1.3.1 -> 389-ds-base-1.3.1

Metadata Update from @tbordaz:
- Issue assigned to tbordaz
- Issue set to the milestone: 1.2.11.22

5 years ago

389-ds-base is moving from Pagure to Github. This means that new issues and pull requests
will be accepted only in 389-ds-base's github repository.

This issue has been cloned to Github and is available here:
- https://github.com/389ds/389-ds-base/issues/730

If you want to receive further updates on the issue, please navigate to the github issue
and click on subscribe button.

Thank you for understanding. We apologize for all inconvenience.

Metadata Update from @spichugi:
- Issue close_status updated to: wontfix (was: Fixed)

2 years ago

Login to comment on this ticket.

Metadata