[Freeipa-devel] [PATCH] 0050 Fail on unknown Command options
Martin Kosek
mkosek at redhat.com
Wed May 16 07:58:09 UTC 2012
On Tue, 2012-05-15 at 13:35 +0200, Petr Viktorin wrote:
> On 05/15/2012 09:55 AM, Martin Kosek wrote:
> > On Mon, 2012-05-14 at 14:47 +0200, Petr Viktorin wrote:
> >> The final part of rejecting unknown Command arguments: enable the
> >> validation, add tests.
> >> Also fix up things that were changed since the previous patches.
> >>
> >> https://fedorahosted.org/freeipa/ticket/2509
> >>
> >
> > The patch looks OK so far. I just found an error in permission/aci
> > plugin - --subtree does not work when it matches a result:
> >
> > # ipa permission-find --subtree=foo
> > ---------------------
> > 0 permissions matched
> > ---------------------
> > ----------------------------
> > Number of entries returned 0
> > ----------------------------
> >
> > ipa permission-find
> > --subtree='ldap:///ipauniqueid=*,cn=hbac,dc=idm,dc=lab,dc=bos,dc=redhat,dc=Com'
> > ipa: ERROR: Unknown option: subtree
>
> Attaching fixed patch.
>
> > We should not pass **options to aci_show, it is too risky. There may be
> > other places where we don't use an option-safe approach that we want to
> > have fixed.
>
> We shouldn't really pass **options to any command; listing everything
> explicitly would be much safer. Unfortunately, in a lot of cases where
> commands call other commands, it's currently done this way.
>
There is something wrong with the patch you sent (seen on F16 and F17):
$ git apply ~/freeipa-pviktori-0050-02-Fail-on-unknown-Command-options.patch
fatal: corrupt patch at line 129
Martin
More information about the Freeipa-devel
mailing list