From ca26e32beb77fbd8fcc66e6eea07c6eeeb9261c9 Mon Sep 17 00:00:00 2001 From: Jan Cholasta Date: Wed, 22 Mar 2017 06:58:25 +0000 Subject: [PATCH] cert: do not limit internal searches in cert-find Instead, apply the limits on the combined result. This fixes (absence of) `--sizelimit` leading to strange behavior, such as `cert-find --users user` returning a non-empty result only with `--sizelimit 0`. https://pagure.io/freeipa/issue/6716 Reviewed-By: Stanislav Laznicka --- ipaserver/plugins/cert.py | 28 ++++++++++------------------ 1 file changed, 10 insertions(+), 18 deletions(-) diff --git a/ipaserver/plugins/cert.py b/ipaserver/plugins/cert.py index 9f901076075809592ad5ddeec8d71c273d4853c9..1a6d04533cebb2eb00022981dae9ffe5b785ba8b 100644 --- a/ipaserver/plugins/cert.py +++ b/ipaserver/plugins/cert.py @@ -1324,7 +1324,7 @@ class cert_find(Search, CertMethod): return result, False, True - def _ca_search(self, all, raw, pkey_only, sizelimit, exactly, **options): + def _ca_search(self, all, raw, pkey_only, exactly, **options): ra_options = {} for name in ('revocation_reason', 'issuer', @@ -1343,10 +1343,6 @@ class cert_find(Search, CertMethod): elif isinstance(value, DN): value = unicode(value) ra_options[name] = value - if sizelimit > 0: - # Dogtag doesn't tell that the size limit was exceeded - # search for one more entry so that we can tell ourselves - ra_options['sizelimit'] = sizelimit + 1 if exactly: ra_options['exactly'] = True @@ -1369,11 +1365,6 @@ class cert_find(Search, CertMethod): ra = self.api.Backend.ra for ra_obj in ra.find(ra_options): - if sizelimit > 0 and len(result) >= sizelimit: - self.add_message(messages.SearchResultTruncated( - reason=errors.SizeLimitExceeded())) - break - issuer = DN(ra_obj['issuer']) serial_number = ra_obj['serial_number'] @@ -1411,8 +1402,7 @@ class cert_find(Search, CertMethod): return result, False, complete - def _ldap_search(self, all, raw, pkey_only, no_members, timelimit, - sizelimit, **options): + def _ldap_search(self, all, raw, pkey_only, no_members, **options): ldap = self.api.Backend.ldap2 filters = [] @@ -1453,8 +1443,8 @@ class cert_find(Search, CertMethod): base_dn=self.api.env.basedn, filter=filter, attrs_list=['usercertificate'], - time_limit=timelimit, - size_limit=sizelimit, + time_limit=0, + size_limit=0, ) except errors.EmptyResult: entries = [] @@ -1527,13 +1517,9 @@ class cert_find(Search, CertMethod): raw=raw, pkey_only=pkey_only, no_members=no_members, - timelimit=timelimit, - sizelimit=sizelimit, **options) if sub_complete: - sizelimit = 0 - for key in tuple(result): if key not in sub_result: del result[key] @@ -1552,6 +1538,12 @@ class cert_find(Search, CertMethod): complete = complete or sub_complete result = list(six.itervalues(result)) + if sizelimit > 0 and len(result) > sizelimit: + if not truncated: + self.add_message(messages.SearchResultTruncated( + reason=errors.SizeLimitExceeded())) + result = result[:sizelimit] + truncated = True ret = dict( result=result -- 2.12.1