|
 |
95ea96 |
From 2461d69242108fe6f4bc067cc8255e41f66c58aa Mon Sep 17 00:00:00 2001
|
|
|
95ea96 |
From: Armando Neto <neto.armando@gmail.com>
|
|
|
95ea96 |
Date: Mon, 18 Jun 2018 18:26:01 -0300
|
|
|
95ea96 |
Subject: [PATCH] ipaserver config plugin: Increase search records minimum
|
|
|
95ea96 |
limit
|
|
|
95ea96 |
|
|
|
95ea96 |
Check if the given search records value is greater than an arbitrary number that is not so close to zero.
|
|
|
95ea96 |
|
|
|
95ea96 |
https://pagure.io/freeipa/issue/6617
|
|
|
95ea96 |
|
|
|
95ea96 |
Reviewed-By: Rob Crittenden <rcritten@redhat.com>
|
|
|
95ea96 |
---
|
|
|
95ea96 |
ipaserver/plugins/config.py | 14 +++++-
|
|
|
95ea96 |
ipatests/test_xmlrpc/test_config_plugin.py | 76 ++++++++++++++++++++++++++++++
|
|
|
95ea96 |
2 files changed, 89 insertions(+), 1 deletion(-)
|
|
|
95ea96 |
|
|
|
95ea96 |
diff --git a/ipaserver/plugins/config.py b/ipaserver/plugins/config.py
|
|
|
95ea96 |
index 33ed38ba016567b9df57503f2f8418cf7c7fc794..d367c3c5aa421bb22d1630c88bbac846e7d84386 100644
|
|
|
95ea96 |
--- a/ipaserver/plugins/config.py
|
|
|
95ea96 |
+++ b/ipaserver/plugins/config.py
|
|
|
95ea96 |
@@ -85,6 +85,18 @@ EXAMPLES:
|
|
|
95ea96 |
|
|
|
95ea96 |
register = Registry()
|
|
|
95ea96 |
|
|
|
95ea96 |
+
|
|
|
95ea96 |
+def validate_search_records_limit(ugettext, value):
|
|
|
95ea96 |
+ """Check if value is greater than a realistic minimum.
|
|
|
95ea96 |
+
|
|
|
95ea96 |
+ Values 0 and -1 are valid, as they represent unlimited.
|
|
|
95ea96 |
+ """
|
|
|
95ea96 |
+ if value in {-1, 0}:
|
|
|
95ea96 |
+ return
|
|
|
95ea96 |
+ if value < 10:
|
|
|
95ea96 |
+ return _('must be at least 10')
|
|
|
95ea96 |
+
|
|
|
95ea96 |
+
|
|
|
95ea96 |
@register()
|
|
|
95ea96 |
class config(LDAPObject):
|
|
|
95ea96 |
"""
|
|
|
95ea96 |
@@ -161,10 +173,10 @@ class config(LDAPObject):
|
|
|
95ea96 |
minvalue=-1,
|
|
|
95ea96 |
),
|
|
|
95ea96 |
Int('ipasearchrecordslimit',
|
|
|
95ea96 |
+ validate_search_records_limit,
|
|
|
95ea96 |
cli_name='searchrecordslimit',
|
|
|
95ea96 |
label=_('Search size limit'),
|
|
|
95ea96 |
doc=_('Maximum number of records to search (-1 or 0 is unlimited)'),
|
|
|
95ea96 |
- minvalue=-1,
|
|
|
95ea96 |
),
|
|
|
95ea96 |
IA5Str('ipausersearchfields',
|
|
|
95ea96 |
cli_name='usersearch',
|
|
|
95ea96 |
diff --git a/ipatests/test_xmlrpc/test_config_plugin.py b/ipatests/test_xmlrpc/test_config_plugin.py
|
|
|
95ea96 |
index c037224162e2c29f6dd76eabefe7fededc6f882d..666b7c2c87b4f0a1f7bde18c78780a1ea6072b71 100644
|
|
|
95ea96 |
--- a/ipatests/test_xmlrpc/test_config_plugin.py
|
|
|
95ea96 |
+++ b/ipatests/test_xmlrpc/test_config_plugin.py
|
|
|
95ea96 |
@@ -211,4 +211,80 @@ class test_config(Declarative):
|
|
|
95ea96 |
summary=None,
|
|
|
95ea96 |
),
|
|
|
95ea96 |
),
|
|
|
95ea96 |
+ dict(
|
|
|
95ea96 |
+ desc='Set the number of search records to -1 (unlimited)',
|
|
|
95ea96 |
+ command=(
|
|
|
95ea96 |
+ 'config_mod', [], {
|
|
|
95ea96 |
+ 'ipasearchrecordslimit': u'-1',
|
|
|
95ea96 |
+ },
|
|
|
95ea96 |
+ ),
|
|
|
95ea96 |
+ expected={
|
|
|
95ea96 |
+ 'result': lambda d: d['ipasearchrecordslimit'] == (u'-1',),
|
|
|
95ea96 |
+ 'summary': None,
|
|
|
95ea96 |
+ 'value': None,
|
|
|
95ea96 |
+ },
|
|
|
95ea96 |
+ ),
|
|
|
95ea96 |
+ dict(
|
|
|
95ea96 |
+ desc='Set the number of search records to greater than 10',
|
|
|
95ea96 |
+ command=(
|
|
|
95ea96 |
+ 'config_mod', [], {
|
|
|
95ea96 |
+ 'ipasearchrecordslimit': u'100',
|
|
|
95ea96 |
+ },
|
|
|
95ea96 |
+ ),
|
|
|
95ea96 |
+ expected={
|
|
|
95ea96 |
+ 'result': lambda d: d['ipasearchrecordslimit'] == (u'100',),
|
|
|
95ea96 |
+ 'summary': None,
|
|
|
95ea96 |
+ 'value': None,
|
|
|
95ea96 |
+ },
|
|
|
95ea96 |
+ ),
|
|
|
95ea96 |
+ dict(
|
|
|
95ea96 |
+ desc='Set the number of search records to lower than -1',
|
|
|
95ea96 |
+ command=(
|
|
|
95ea96 |
+ 'config_mod', [], {
|
|
|
95ea96 |
+ 'ipasearchrecordslimit': u'-10',
|
|
|
95ea96 |
+ },
|
|
|
95ea96 |
+ ),
|
|
|
95ea96 |
+ expected=errors.ValidationError(
|
|
|
95ea96 |
+ name=u'searchrecordslimit',
|
|
|
95ea96 |
+ error=u'must be at least 10',
|
|
|
95ea96 |
+ ),
|
|
|
95ea96 |
+ ),
|
|
|
95ea96 |
+ dict(
|
|
|
95ea96 |
+ desc='Set the number of search records to lower than 10',
|
|
|
95ea96 |
+ command=(
|
|
|
95ea96 |
+ 'config_mod', [], {
|
|
|
95ea96 |
+ 'ipasearchrecordslimit': u'1',
|
|
|
95ea96 |
+ },
|
|
|
95ea96 |
+ ),
|
|
|
95ea96 |
+ expected=errors.ValidationError(
|
|
|
95ea96 |
+ name=u'searchrecordslimit',
|
|
|
95ea96 |
+ error=u'must be at least 10',
|
|
|
95ea96 |
+ ),
|
|
|
95ea96 |
+ ),
|
|
|
95ea96 |
+ dict(
|
|
|
95ea96 |
+ desc='Set the number of search records to zero (unlimited)',
|
|
|
95ea96 |
+ command=(
|
|
|
95ea96 |
+ 'config_mod', [], {
|
|
|
95ea96 |
+ 'ipasearchrecordslimit': u'0',
|
|
|
95ea96 |
+ },
|
|
|
95ea96 |
+ ),
|
|
|
95ea96 |
+ expected={
|
|
|
95ea96 |
+ 'result': lambda d: d['ipasearchrecordslimit'] == (u'-1',),
|
|
|
95ea96 |
+ 'summary': None,
|
|
|
95ea96 |
+ 'value': None,
|
|
|
95ea96 |
+ },
|
|
|
95ea96 |
+ ),
|
|
|
95ea96 |
+ dict(
|
|
|
95ea96 |
+ desc='Set the number of search records back to 100',
|
|
|
95ea96 |
+ command=(
|
|
|
95ea96 |
+ 'config_mod', [], {
|
|
|
95ea96 |
+ 'ipasearchrecordslimit': u'100',
|
|
|
95ea96 |
+ },
|
|
|
95ea96 |
+ ),
|
|
|
95ea96 |
+ expected={
|
|
|
95ea96 |
+ 'result': lambda d: d['ipasearchrecordslimit'] == (u'100',),
|
|
|
95ea96 |
+ 'summary': None,
|
|
|
95ea96 |
+ 'value': None,
|
|
|
95ea96 |
+ },
|
|
|
95ea96 |
+ ),
|
|
|
95ea96 |
]
|
|
|
95ea96 |
--
|
|
|
95ea96 |
2.14.4
|
|
|
95ea96 |
|