#include "lutil.h"
#include "ldap_rq.h"
-
static ConfigDriver mdb_cf_gen;
static ConfigDriver mdb_bk_cfg;
MDB_SSTACK,
MDB_MULTIVAL,
MDB_IDLEXP,
+#ifdef MDB_ENCRYPT
+ MDB_CRYPTO,
+ MDB_ENCKEY,
+#endif
};
static ConfigTable mdbcfg[] = {
"DESC 'Depth of search stack in IDLs' "
"EQUALITY integerMatch "
"SYNTAX OMsInteger SINGLE-VALUE )", NULL, NULL },
+#ifdef MDB_ENCRYPT
+ { "crypto", "module", 2, 2, 0, ARG_STRING|ARG_MAGIC|MDB_CRYPTO,
+ mdb_cf_gen, "( OLcfgDbAt:12.7 NAME 'olcDbCryptoModule' "
+ "DESC 'Encryption module to load' "
+ "EQUALITY caseExactMatch "
+ "SYNTAX OMsDirectoryString SINGLE-VALUE )", NULL, NULL },
+ { "passphrase", "pass", 2, 2, 0, ARG_STRING|ARG_MAGIC|MDB_ENCKEY,
+ mdb_cf_gen, "( OLcfgDbAt:12.8 NAME 'olcDbPassphrase' "
+ "DESC 'Encryption passphrase' "
+ "EQUALITY caseExactMatch "
+ "SYNTAX OMsDirectoryString SINGLE-VALUE )", NULL, NULL },
+#endif
{ NULL, NULL, 0, 0, 0, ARG_IGNORED,
NULL, NULL, NULL, NULL }
};
"DESC 'MDB database configuration' "
"SUP olcDatabaseConfig "
"MUST olcDbDirectory "
- "MAY ( olcDbCheckpoint $ olcDbEnvFlags $ "
- "olcDbNoSync $ olcDbIndex $ olcDbMaxReaders $ olcDbMaxSize $ "
- "olcDbMode $ olcDbSearchStack $ olcDbMaxEntrySize $ olcDbRtxnSize $ "
- "olcDbMultival ) )",
+ "MAY ( olcDbCheckpoint $ olcDbEnvFlags "
+ "$ olcDbNoSync $ olcDbIndex $ olcDbMaxReaders $ olcDbMaxSize "
+ "$ olcDbMode $ olcDbSearchStack $ olcDbMaxEntrySize $ olcDbRtxnSize "
+ "$ olcDbMultival "
+#ifdef MDB_ENCRYPT
+ "$ olcDbCryptoModule $ olcDbPassphrase "
+#endif
+ ") )",
Cft_Database, mdbcfg+1 },
{ NULL, 0, NULL }
};
}
if ( mdb->mi_flags & MDB_RE_OPEN ) {
+ void *key = mdb->mi_dbenv;
mdb->mi_flags ^= MDB_RE_OPEN;
rc = c->be->bd_info->bi_db_close( c->be, &c->reply );
+ ldap_pvt_thread_pool_purgekey( key );
if ( rc == 0 )
rc = c->be->bd_info->bi_db_open( c->be, &c->reply );
/* If this fails, we need to restart */
}
break;
+#ifdef MDB_ENCRYPT
+ case MDB_CRYPTO:
+ if ( mdb->mi_dbenv_crypto ) {
+ c->value_string = ch_strdup( mdb->mi_dbenv_crypto );
+ } else {
+ rc = 1;
+ }
+ break;
+
+ case MDB_ENCKEY:
+ if ( mdb->mi_dbenv_enckey ) {
+ c->value_string = ch_strdup( mdb->mi_dbenv_enckey );
+ } else {
+ rc = 1;
+ }
+ break;
+#endif /* MDB_ENCRYPT */
+
case MDB_DBNOSYNC:
if ( mdb->mi_dbenv_flags & MDB_NOSYNC )
c->value_int = 1;
ch_free( mdb->mi_dbenv_home );
mdb->mi_dbenv_home = NULL;
config_push_cleanup( c, mdb_cf_cleanup );
- ldap_pvt_thread_pool_purgekey( mdb->mi_dbenv );
break;
+#ifdef MDB_ENCRYPT
+ case MDB_CRYPTO:
+ mdb->mi_flags |= MDB_RE_OPEN;
+ ch_free( mdb->mi_dbenv_crypto );
+ mdb->mi_dbenv_crypto = NULL;
+ config_push_cleanup( c, mdb_cf_cleanup );
+ break;
+ case MDB_ENCKEY:
+ mdb->mi_flags |= MDB_RE_OPEN;
+ ch_free( mdb->mi_dbenv_enckey );
+ mdb->mi_dbenv_enckey = NULL;
+ config_push_cleanup( c, mdb_cf_cleanup );
+ break;
+#endif /* MDB_ENCRYPT */
+
case MDB_DBNOSYNC:
mdb_env_set_flags( mdb->mi_dbenv, MDB_NOSYNC, 0 );
mdb->mi_dbenv_flags &= ~MDB_NOSYNC;
}
break;
+#ifdef MDB_ENCRYPT
+ case MDB_CRYPTO:
+ if ( mdb->mi_dbenv_crypto ) {
+ ch_free( mdb->mi_dbenv_crypto );
+ mdb->mi_dbenv_crypto = NULL;
+ }
+ if ( mdb->mi_dbenv_encmodule )
+ mdb_modunload( mdb->mi_dbenv_encmodule );
+ {
+ char *errmsg = NULL;
+ MDB_crypto_funcs *mcf = NULL;
+
+ mdb->mi_dbenv_encmodule = mdb_modload( c->value_string, NULL, &mcf, &errmsg );
+ if ( !mdb->mi_dbenv_encmodule ) {
+ snprintf( c->cr_msg, sizeof( c->cr_msg ), "%s: couldn't load crypto module: %s",
+ c->log, errmsg );
+ Debug( LDAP_DEBUG_ANY, "%s\n", c->cr_msg );
+ return -1;
+ }
+ mdb->mi_dbenv_encfuncs = mcf;
+ }
+ mdb->mi_dbenv_crypto = c->value_string;
+ break;
+
+ case MDB_ENCKEY:
+ if ( mdb->mi_dbenv_enckey )
+ ch_free( mdb->mi_dbenv_enckey );
+ mdb->mi_dbenv_enckey = c->value_string;
+ break;
+#endif /* MDB_ENCRYPT */
+
case MDB_DBNOSYNC:
if ( c->value_int )
mdb->mi_dbenv_flags |= MDB_NOSYNC;
projects / thirdparty / openldap.git / commitdiff
