From ca26e32beb77fbd8fcc66e6eea07c6eeeb9261c9 Mon Sep 17 00:00:00 2001

From: Jan Cholasta <jcholast@redhat.com>

Date: Wed, 22 Mar 2017 06:58:25 +0000

Subject: [PATCH] cert: do not limit internal searches in cert-find

Instead, apply the limits on the combined result.

This fixes (absence of) `--sizelimit` leading to strange behavior, such as

`cert-find --users user` returning a non-empty result only with

`--sizelimit 0`.

https://pagure.io/freeipa/issue/6716

Reviewed-By: Stanislav Laznicka <slaznick@redhat.com>

---

 ipaserver/plugins/cert.py | 28 ++++++++++------------------

 1 file changed, 10 insertions(+), 18 deletions(-)

diff --git a/ipaserver/plugins/cert.py b/ipaserver/plugins/cert.py

index 9f901076075809592ad5ddeec8d71c273d4853c9..1a6d04533cebb2eb00022981dae9ffe5b785ba8b 100644

--- a/ipaserver/plugins/cert.py

+++ b/ipaserver/plugins/cert.py

@@ -1324,7 +1324,7 @@ class cert_find(Search, CertMethod):

         return result, False, True

-    def _ca_search(self, all, raw, pkey_only, sizelimit, exactly, **options):

+    def _ca_search(self, all, raw, pkey_only, exactly, **options):

         ra_options = {}

         for name in ('revocation_reason',

                      'issuer',

@@ -1343,10 +1343,6 @@ class cert_find(Search, CertMethod):

             elif isinstance(value, DN):

                 value = unicode(value)

             ra_options[name] = value

-        if sizelimit > 0:

-            # Dogtag doesn't tell that the size limit was exceeded

-            # search for one more entry so that we can tell ourselves

-            ra_options['sizelimit'] = sizelimit + 1

         if exactly:

             ra_options['exactly'] = True

@@ -1369,11 +1365,6 @@ class cert_find(Search, CertMethod):

         ra = self.api.Backend.ra

         for ra_obj in ra.find(ra_options):

-            if sizelimit > 0 and len(result) >= sizelimit:

-                self.add_message(messages.SearchResultTruncated(

-                        reason=errors.SizeLimitExceeded()))

-                break

-

             issuer = DN(ra_obj['issuer'])

             serial_number = ra_obj['serial_number']

@@ -1411,8 +1402,7 @@ class cert_find(Search, CertMethod):

         return result, False, complete

-    def _ldap_search(self, all, raw, pkey_only, no_members, timelimit,

-                     sizelimit, **options):

+    def _ldap_search(self, all, raw, pkey_only, no_members, **options):

         ldap = self.api.Backend.ldap2

         filters = []

@@ -1453,8 +1443,8 @@ class cert_find(Search, CertMethod):

                 base_dn=self.api.env.basedn,

                 filter=filter,

                 attrs_list=['usercertificate'],

-                time_limit=timelimit,

-                size_limit=sizelimit,

+                time_limit=0,

+                size_limit=0,

             )

         except errors.EmptyResult:

             entries = []

@@ -1527,13 +1517,9 @@ class cert_find(Search, CertMethod):

                 raw=raw,

                 pkey_only=pkey_only,

                 no_members=no_members,

-                timelimit=timelimit,

-                sizelimit=sizelimit,

                 **options)

             if sub_complete:

-                sizelimit = 0

-

                 for key in tuple(result):

                     if key not in sub_result:

                         del result[key]

@@ -1552,6 +1538,12 @@ class cert_find(Search, CertMethod):

             complete = complete or sub_complete

         result = list(six.itervalues(result))

+        if sizelimit > 0 and len(result) > sizelimit:

+            if not truncated:

+                self.add_message(messages.SearchResultTruncated(

+                        reason=errors.SizeLimitExceeded()))

+            result = result[:sizelimit]

+            truncated = True

         ret = dict(

             result=result

-- 

2.12.1