IntenseWebs/freeipa
3
0
Fork 0
mirror of https://salsa.debian.org/freeipa-team/freeipa.git synced 2025-02-25 18:55:28 -06:00
Code Issues Packages Projects Releases Wiki Activity

permission-find: fix a sizelimit off-by-one bug

Browse Source 
permission-find: sizelimit option set to number of permissions -1
could return all permissions anyway

https://fedorahosted.org/freeipa/ticket/5640

Reviewed-By: Jan Cholasta <jcholast@redhat.com>
This commit is contained in:
Stanislav Laznicka
2016-08-17 13:35:04 +02:00
committed by Jan Cholasta
parent 29aa4877ee
commit 2663a966da
1 changed files with 9 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

18
ipaserver/plugins/permission.py
View File

@@ -1296,6 +1296,10 @@ class permission_find(baseldap.LDAPSearch):
else:
max_entries = self.api.Backend.ldap2.size_limit
if max_entries > 0:
# should we get more entries than current sizelimit, fail
assert len(entries) <= max_entries
filters = ['(objectclass=ipaPermission)',
'(!(ipaPermissionType=V2))']
if 'name' in options:
@@ -1320,15 +1324,6 @@ class permission_find(baseldap.LDAPSearch):
for entry in legacy_entries:
if entry.single_value['cn'] in nonlegacy_names:
continue
if max_entries > 0 and len(entries) > max_entries:
# We've over the limit, pop the last entry and set
# truncated flag
# (this is easier to do than checking before adding
# the entry to results)
# (max_entries <= 0 means unlimited)
entries.pop()
truncated = True
break
self.obj.upgrade_permission(entry, output_only=True,
cached_acientry=root_entry)
# If all given options match, include the entry
@@ -1354,6 +1349,11 @@ class permission_find(baseldap.LDAPSearch):
for value in values):
break
else:
if max_entries > 0 and len(entries) == max_entries:
# We've reached the limit, set truncated flag
# (max_entries <= 0 means unlimited)
truncated = True
break
entries.append(entry)
for entry in entries: