mirror of
https://salsa.debian.org/freeipa-team/freeipa.git
synced 2025-01-12 09:11:55 -06:00
cert: fix search limit handling in cert-find
If search limits are not specified in cert-find, use the configured limits. This applies to the certificate search in the CA as well. Detect and report if size limit was exceeded in the certificate search in the CA. Do not apply limits to the internal ca-find call. https://fedorahosted.org/freeipa/ticket/6564 Reviewed-By: Tomas Krizek <tkrizek@redhat.com>
This commit is contained in:
parent
d84edc43e5
commit
85834abad6
@ -1304,8 +1304,10 @@ class cert_find(Search, CertMethod):
|
||||
elif isinstance(value, DN):
|
||||
value = unicode(value)
|
||||
ra_options[name] = value
|
||||
if sizelimit:
|
||||
ra_options['sizelimit'] = sizelimit
|
||||
if sizelimit > 0:
|
||||
# Dogtag doesn't tell that the size limit was exceeded
|
||||
# search for one more entry so that we can tell ourselves
|
||||
ra_options['sizelimit'] = sizelimit + 1
|
||||
if exactly:
|
||||
ra_options['exactly'] = True
|
||||
|
||||
@ -1319,11 +1321,16 @@ class cert_find(Search, CertMethod):
|
||||
raise
|
||||
return result, False, complete
|
||||
|
||||
ca_objs = self.api.Command.ca_find()['result']
|
||||
ca_objs = self.api.Command.ca_find(timelimit=0, sizelimit=0)['result']
|
||||
ca_objs = {DN(ca['ipacasubjectdn'][0]): ca for ca in ca_objs}
|
||||
|
||||
ra = self.api.Backend.ra
|
||||
for ra_obj in ra.find(ra_options):
|
||||
if sizelimit > 0 and len(result) >= sizelimit:
|
||||
self.add_message(messages.SearchResultTruncated(
|
||||
reason=errors.SizeLimitExceeded()))
|
||||
break
|
||||
|
||||
issuer = DN(ra_obj['issuer'])
|
||||
serial_number = ra_obj['serial_number']
|
||||
|
||||
@ -1453,6 +1460,12 @@ class cert_find(Search, CertMethod):
|
||||
if criteria is not None:
|
||||
return dict(result=[], count=0, truncated=False)
|
||||
|
||||
# respect the configured search limits
|
||||
if timelimit is None:
|
||||
timelimit = self.api.Backend.ldap2.time_limit
|
||||
if sizelimit is None:
|
||||
sizelimit = self.api.Backend.ldap2.size_limit
|
||||
|
||||
result = collections.OrderedDict()
|
||||
truncated = False
|
||||
complete = False
|
||||
@ -1470,7 +1483,7 @@ class cert_find(Search, CertMethod):
|
||||
**options)
|
||||
|
||||
if sub_complete:
|
||||
sizelimit = None
|
||||
sizelimit = 0
|
||||
|
||||
for key in tuple(result):
|
||||
if key not in sub_result:
|
||||
|
Loading…
Reference in New Issue
Block a user