X-Git-Url: https://git.sur5r.net/?a=blobdiff_plain;ds=inline;f=servers%2Fslapd%2Fback-bdb%2Finit.c;h=3b4d42672c0ef45369690c50b593d1f67b482669;hb=66913bd9dfc01b978f5624e082d90f9a3f58350c;hp=552540112fbb2459444becfc78e24d9c2e41d352;hpb=3c38e5f6875397d1584e9108c0b8bf14d1c5eab9;p=openldap

diff --git a/servers/slapd/back-bdb/init.c b/servers/slapd/back-bdb/init.c
index 552540112f..3b4d42672c 100644
--- a/servers/slapd/back-bdb/init.c
+++ b/servers/slapd/back-bdb/init.c
@@ -279,6 +279,18 @@ shm_retry:
 
 	bdb->bi_dbenv->set_lk_detect( bdb->bi_dbenv, bdb->bi_lock_detect );
 
+	if ( !BER_BVISNULL( &bdb->bi_db_crypt_key )) {
+		rc = bdb->bi_dbenv->set_encrypt( bdb->bi_dbenv, bdb->bi_db_crypt_key.bv_val,
+			DB_ENCRYPT_AES );
+		if ( rc ) {
+			Debug( LDAP_DEBUG_ANY,
+				LDAP_XSTRING(bdb_db_open) ": database \"%s\": "
+				"dbenv set_encrypt failed: %s (%d).\n",
+				be->be_suffix[0].bv_val, db_strerror(rc), rc );
+			goto fail;
+		}
+	}
+
 	/* One long-lived TXN per thread, two TXNs per write op */
 	bdb->bi_dbenv->set_tx_max( bdb->bi_dbenv, connection_pool_max * 3 );
 
@@ -390,6 +402,20 @@ shm_retry:
 			goto fail;
 		}
 
+		if( !BER_BVISNULL( &bdb->bi_db_crypt_key )) {
+			rc = db->bdi_db->set_flags( db->bdi_db, DB_ENCRYPT );
+			if ( rc ) {
+				snprintf(cr->msg, sizeof(cr->msg),
+					"database \"%s\": db set_flags(DB_ENCRYPT)(%s) failed: %s (%d).",
+					be->be_suffix[0].bv_val, 
+					bdb->bi_dbenv_home, db_strerror(rc), rc );
+				Debug( LDAP_DEBUG_ANY,
+					LDAP_XSTRING(bdb_db_open) ": %s\n",
+					cr->msg, 0, 0 );
+				goto fail;
+			}
+		}
+
 		if( i == BDB_ID2ENTRY ) {
 			if ( slapMode & SLAP_TOOL_MODE )
 				db->bdi_db->mpf->set_priority( db->bdi_db->mpf,