[Freeipa-devel] [PATCH] 0050 Fail on unknown Command options
Petr Viktorin
pviktori at redhat.com
Tue May 15 11:35:55 UTC 2012
On 05/15/2012 09:55 AM, Martin Kosek wrote:
> On Mon, 2012-05-14 at 14:47 +0200, Petr Viktorin wrote:
>> The final part of rejecting unknown Command arguments: enable the
>> validation, add tests.
>> Also fix up things that were changed since the previous patches.
>>
>> https://fedorahosted.org/freeipa/ticket/2509
>>
>
> The patch looks OK so far. I just found an error in permission/aci
> plugin - --subtree does not work when it matches a result:
>
> # ipa permission-find --subtree=foo
> ---------------------
> 0 permissions matched
> ---------------------
> ----------------------------
> Number of entries returned 0
> ----------------------------
>
> ipa permission-find
> --subtree='ldap:///ipauniqueid=*,cn=hbac,dc=idm,dc=lab,dc=bos,dc=redhat,dc=Com'
> ipa: ERROR: Unknown option: subtree
Attaching fixed patch.
> We should not pass **options to aci_show, it is too risky. There may be
> other places where we don't use an option-safe approach that we want to
> have fixed.
We shouldn't really pass **options to any command; listing everything
explicitly would be much safer. Unfortunately, in a lot of cases where
commands call other commands, it's currently done this way.
--
Petr³
-------------- next part --------------
A non-text attachment was scrubbed...
Name: freeipa-pviktori-0050-02-Fail-on-unknown-Command-options.patch
Type: text/x-patch
Size: 16112 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20120515/e481bab4/attachment.bin>
More information about the Freeipa-devel
mailing list