#47393 Attribute are not encrypted on a consumer after a full initialization
Closed: Fixed None Opened 6 years ago by tbordaz.

The test case is

- Using master branch, I reproduced the reported issue (at least something very close)
  2 MMR not initialized - encrypted attribute (telephonenumber).
  I created an entry on master1 then update it to add a telephonenumber =123.
  Telephonenumber was encrypted on Master1 (id2entry/index). The entry can be found with telephonenumber=123. And value 123 is returned as attribute value.

  Then initializing Master2
  Telephonenumber is NOT encrypted on Master2 (identry/index). The entry can NOT be found with telephonenumber=123. And the value 123 is returned as attribute value.

   When replication is up and running, add a new entry with telephonenumber.
   The telephonenumber is encrypted on both Masters. The entry can be found on both with telephonenumber=<value>. And the <value> is returned as attribute value.


- On the server that was initialized (master2), the first lookup of the entry telephonenumber=123 triggers this errors:

[14/Jun/2013:17:13:35 +0200] attrcrypt - _back_crypt_crypto_op failed on cipher AES : -8188 - security library has experienced an input length error.
[14/Jun/2013:17:13:35 +0200] - attrcrypt_decrypt_entry: FAILING because decryption operation failed
[14/Jun/2013:17:13:35 +0200] id2entry - attrcrypt_decrypt_entry failed in id2entry


Linked to Bugzilla bug: https://bugzilla.redhat.com/show_bug.cgi?id=974875 (''Red Hat Enterprise Linux 6'')

Push on Master

git merge bug893178

Updating 5337dcf..e024b67
Fast-forward
ldap/servers/slapd/back-ldbm/back-ldbm.h | 1 +
ldap/servers/slapd/back-ldbm/import-threads.c | 2 ++
ldap/servers/slapd/back-ldbm/ldbm_config.c | 21 +++++++++++++++++++++
ldap/servers/slapd/back-ldbm/ldbm_config.h | 1 +
4 files changed, 25 insertions(+)

git push origin master

Enter passphrase for key '/home/tbordaz/.ssh/id_rsa_fedora':
Counting objects: 19, done.
Delta compression using up to 4 threads.
Compressing objects: 100% (10/10), done.
Writing objects: 100% (10/10), 1.47 KiB, done.
Total 10 (delta 8), reused 0 (delta 0)
To ssh://git.fedorahosted.org/git/389/ds.git
5337dcf..e024b67 master -> master

commit e024b67
Author: Thierry bordaz (tbordaz) tbordaz@redhat.com
Date: Mon Jun 17 14:42:34 2013 +0200

'''push on origin/389-ds-base-1.2.11'''

git push origin 389-ds-base-1.2.11
Enter passphrase for key '/home/tbordaz/.ssh/id_rsa_fedora':
Counting objects: 19, done.
Delta compression using up to 4 threads.
Compressing objects: 100% (10/10), done.
Writing objects: 100% (10/10), 1.51 KiB, done.
Total 10 (delta 8), reused 0 (delta 0)
To ssh://git.fedorahosted.org/git/389/ds.git
d1d6245..856cdf8 389-ds-base-1.2.11 -> 389-ds-base-1.2.11

commit 856cdf8
Author: Thierry bordaz (tbordaz) tbordaz@redhat.com
Date: Mon Jun 17 14:42:34 2013 +0200

'''push on origin 389-ds-base-1.3.0'''

git push origin 389-ds-base-1.3.0
Counting objects: 19, done.
Delta compression using up to 4 threads.
Compressing objects: 100% (10/10), done.
Writing objects: 100% (10/10), 1.50 KiB, done.
Total 10 (delta 8), reused 0 (delta 0)
To ssh://git.fedorahosted.org/git/389/ds.git
dfc38d5..693b9f3 389-ds-base-1.3.0 -> 389-ds-base-1.3.0

'''push on origin 389-ds-base-1.3.1'''

git push origin 389-ds-base-1.3.1
Counting objects: 19, done.
Delta compression using up to 4 threads.
Compressing objects: 100% (10/10), done.
Writing objects: 100% (10/10), 1.51 KiB, done.
Total 10 (delta 8), reused 0 (delta 0)
To ssh://git.fedorahosted.org/git/389/ds.git
869a184..46ced87 389-ds-base-1.3.1 -> 389-ds-base-1.3.1

Metadata Update from @tbordaz:
- Issue assigned to tbordaz
- Issue set to the milestone: 1.2.11.22

2 years ago

Login to comment on this ticket.

Metadata