URL: https://github.com/freeipa/freeipa/pull/634 Author: HonzaCholasta Title: #634: cert: do not limit internal searches in cert-find Action: synchronized
To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/634/head:pr634 git checkout pr634
From 57e64d33172061fef8602a4ff403f3f1abbdac7f Mon Sep 17 00:00:00 2001 From: Jan Cholasta <jchol...@redhat.com> Date: Wed, 22 Mar 2017 06:58:25 +0000 Subject: [PATCH] cert: do not limit internal searches in cert-find Instead, apply the limits on the combined result. This fixes (absence of) `--sizelimit` leading to strange behavior, such as `cert-find --users user` returning a non-empty result only with `--sizelimit 0`. https://pagure.io/freeipa/issue/6716 --- ipaserver/plugins/cert.py | 28 ++++++++++------------------ 1 file changed, 10 insertions(+), 18 deletions(-) diff --git a/ipaserver/plugins/cert.py b/ipaserver/plugins/cert.py index 9f90107..1a6d045 100644 --- a/ipaserver/plugins/cert.py +++ b/ipaserver/plugins/cert.py @@ -1324,7 +1324,7 @@ def _cert_search(self, all, raw, pkey_only, **options): return result, False, True - def _ca_search(self, all, raw, pkey_only, sizelimit, exactly, **options): + def _ca_search(self, all, raw, pkey_only, exactly, **options): ra_options = {} for name in ('revocation_reason', 'issuer', @@ -1343,10 +1343,6 @@ def _ca_search(self, all, raw, pkey_only, sizelimit, exactly, **options): elif isinstance(value, DN): value = unicode(value) ra_options[name] = value - if sizelimit > 0: - # Dogtag doesn't tell that the size limit was exceeded - # search for one more entry so that we can tell ourselves - ra_options['sizelimit'] = sizelimit + 1 if exactly: ra_options['exactly'] = True @@ -1369,11 +1365,6 @@ def _ca_search(self, all, raw, pkey_only, sizelimit, exactly, **options): ra = self.api.Backend.ra for ra_obj in ra.find(ra_options): - if sizelimit > 0 and len(result) >= sizelimit: - self.add_message(messages.SearchResultTruncated( - reason=errors.SizeLimitExceeded())) - break - issuer = DN(ra_obj['issuer']) serial_number = ra_obj['serial_number'] @@ -1411,8 +1402,7 @@ def _ca_search(self, all, raw, pkey_only, sizelimit, exactly, **options): return result, False, complete - def _ldap_search(self, all, raw, pkey_only, no_members, timelimit, - sizelimit, **options): + def _ldap_search(self, all, raw, pkey_only, no_members, **options): ldap = self.api.Backend.ldap2 filters = [] @@ -1453,8 +1443,8 @@ def _ldap_search(self, all, raw, pkey_only, no_members, timelimit, base_dn=self.api.env.basedn, filter=filter, attrs_list=['usercertificate'], - time_limit=timelimit, - size_limit=sizelimit, + time_limit=0, + size_limit=0, ) except errors.EmptyResult: entries = [] @@ -1527,13 +1517,9 @@ def execute(self, criteria=None, all=False, raw=False, pkey_only=False, raw=raw, pkey_only=pkey_only, no_members=no_members, - timelimit=timelimit, - sizelimit=sizelimit, **options) if sub_complete: - sizelimit = 0 - for key in tuple(result): if key not in sub_result: del result[key] @@ -1552,6 +1538,12 @@ def execute(self, criteria=None, all=False, raw=False, pkey_only=False, complete = complete or sub_complete result = list(six.itervalues(result)) + if sizelimit > 0 and len(result) > sizelimit: + if not truncated: + self.add_message(messages.SearchResultTruncated( + reason=errors.SizeLimitExceeded())) + result = result[:sizelimit] + truncated = True ret = dict( result=result
-- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
