Revert "remove tmpl_tokenize_all_nested"

This reverts commit 861c6a07630b4b6c32bcbc4994b07803e0ed84a8.

let's see if this causes CI to pass?

diff --git a/raddb/radiusd.conf.in b/raddb/radiusd.conf.in
index b38ea5e673dfa45d86979121925ed84c48a8c089..508c9c48c8b9591c42ac4d56217d29e93ffcfd22 100644 (file)
--- a/raddb/radiusd.conf.in
+++ b/raddb/radiusd.conf.in
@@ -597,6 +597,12 @@ global {
 #  `-S flag=value`.
 #
 migrate {
+       #
+       #  tmpl_tokenize_all_nested:: Create all internal "tmpl" data
+       #  structures as using nested structures instead of flat ones.
+       #
+       tmpl_tokenize_all_nested = false
+
        #
        #  rewrite_update:: Rewrite old `update` sections to use the new
        #  "edit" code.

diff --git a/src/lib/server/main_config.c b/src/lib/server/main_config.c
index 8fe1c685cddfee1daf9bb975a45129d407ee8d66..7819ae8fd6e58f294c21d4a8e98783c3d9481250 100644 (file)
--- a/src/lib/server/main_config.c
+++ b/src/lib/server/main_config.c
@@ -188,6 +188,7 @@ static const CONF_PARSER thread_config[] = {
  *     Migration configuration.
  */
 static const CONF_PARSER migrate_config[] = {
+       { FR_CONF_OFFSET("tmpl_tokenize_all_nested", FR_TYPE_BOOL | FR_TYPE_HIDDEN, main_config_t, tmpl_tokenize_all_nested) },
        { FR_CONF_OFFSET("rewrite_update", FR_TYPE_BOOL | FR_TYPE_HIDDEN, main_config_t, rewrite_update) },
        { FR_CONF_OFFSET("forbid_update", FR_TYPE_BOOL | FR_TYPE_HIDDEN, main_config_t, forbid_update) },
 
@@ -1473,6 +1474,7 @@ void main_config_hup(main_config_t *config)
 }
 
 static fr_table_num_ordered_t config_arg_table[] = {
+       { L("tmpl_tokenize_all_nested"), offsetof(main_config_t, tmpl_tokenize_all_nested) },
        { L("rewrite_update"),           offsetof(main_config_t, rewrite_update) },
        { L("forbid_update"),            offsetof(main_config_t, forbid_update) },
 };

diff --git a/src/lib/server/main_config.h b/src/lib/server/main_config.h
index df667cf0dc666209742853abcb450c07260a0545..791ea6987a80b82a195cfeca8d862057068af806 100644 (file)
--- a/src/lib/server/main_config.h
+++ b/src/lib/server/main_config.h
@@ -159,6 +159,7 @@ struct main_config_s {
        /*
         *      Migration tools
         */
+       bool            tmpl_tokenize_all_nested;       //!< tmpl_tokenize will create nested tmpls instead of flat ones
        bool            rewrite_update;                 //!< rewrite "update" to be new edit sections
        bool            forbid_update;                  //!< forbid "update" sections
 };

diff --git a/src/lib/server/tmpl_tokenize.c b/src/lib/server/tmpl_tokenize.c
index f269dcbaf431d98bb0d658cf924600f2739ef56f..3822a9771c06ab0cb7b9cbe66d4a50d62fe88280 100644 (file)
--- a/src/lib/server/tmpl_tokenize.c
+++ b/src/lib/server/tmpl_tokenize.c
@@ -1916,10 +1916,33 @@ do_suffix:
                case FR_TYPE_VSA:
                is_union:
                        /*
-                        *      These structural types are always nested.  Both for parenting, and for
-                        *      namespace.
+                        *      Omit nesting types where the relationship is already
+                        *      described by the dictionaries and there's no filter.
+                        *
+                        *      These attribute references would just use additional
+                        *      memory for no real purpose.
+                        *
+                        *      Because we pre-allocate an attribute reference in
+                        *      each tmpl talloc pool, unless the attribute
+                        *      reference list contains a group, there's no performance
+                        *      penalty in repeatedly allocating and freeing this ar.
+                        *
+                        *      Flatten / nested migration hack. :(
+                        */
+                       if (1 && main_config && main_config->tmpl_tokenize_all_nested) {
+                               our_parent = da;        /* Only update the parent if we're not stripping */
+
+                       } else if (ar_filter_is_none(ar) && ar_is_normal(ar)) {
+                               TALLOC_FREE(ar);
+                       } else {
+                               our_parent = da;        /* Only update the parent if we're not stripping */
+                       }
+
+                       /*
+                        *      The child might not go into the parent list, but the child definitely is in
+                        *      the parents namespace.
                         */
-                       namespace = our_parent = da;
+                       namespace = da;
                        break;
 
                default:

diff --git a/src/tests/auth/unit_test_module.conf b/src/tests/auth/unit_test_module.conf
index 4eaebaaacacdeb33a96237c768b76a0a0164020c..4e55db882eb2b1679edce1d6fae05db3d7db3caa 100644 (file)
--- a/src/tests/auth/unit_test_module.conf
+++ b/src/tests/auth/unit_test_module.conf
@@ -13,6 +13,10 @@ security {
        allow_vulnerable_openssl = yes
 }
 
+migrate {
+       tmpl_tokenize_all_nested = true
+}
+
 modules {
        $INCLUDE ${raddb}/mods-enabled/always
 

diff --git a/src/tests/digest/config/digest.conf b/src/tests/digest/config/digest.conf
index bb326f99974c74662dbe80a9823ed2c9dddc40b2..db30c1bb93b311f1721ac01e452a4d7dd018c84f 100644 (file)
--- a/src/tests/digest/config/digest.conf
+++ b/src/tests/digest/config/digest.conf
@@ -29,6 +29,10 @@ security {
        allow_vulnerable_openssl = yes
 }
 
+migrate {
+       tmpl_tokenize_all_nested = true
+}
+
 policy {
        files.authorize {
                if (&User-Name == "bob") {

diff --git a/src/tests/keywords/all.mk b/src/tests/keywords/all.mk
index af7ebfeddf35ef90ff43bd3493a13ce9ef135d73..aeadc394b98b9f93a31df19f2360cbb2bee59e7c 100644 (file)
--- a/src/tests/keywords/all.mk
+++ b/src/tests/keywords/all.mk
@@ -78,10 +78,10 @@ ifneq "$(findstring ${1}, update-to-edit $(KEYWORD_UPDATE_TESTS) xlat-unknown )"
 $(OUTPUT)/${1}: NEW_COND=
 
 else ifneq "$(findstring ${1}, $(KEYWORD_UPDATE_REWRITE_TESTS))" ""
-$(OUTPUT)/${1}: NEW_COND=-S rewrite_update=yes
+$(OUTPUT)/${1}: NEW_COND=-S rewrite_update=yes -S tmpl_tokenize_all_nested=yes
 
 else
-$(OUTPUT)/${1}: NEW_COND=-S forbid_update=yes
+$(OUTPUT)/${1}: NEW_COND=-S forbid_update=yes -S tmpl_tokenize_all_nested=yes
 
 ifeq "${1}" "mschap"
 $(OUTPUT)/${1}: $(BUILD_DIR)/lib/local/rlm_mschap.la $(BUILD_DIR)/lib/rlm_mschap.la

diff --git a/src/tests/keywords/pairs b/src/tests/keywords/pairs
index e35b15d946bbd09fc8acd21e38ff054645ffc2f2..603356e1901c002c3326d81c168493ac34a9b382 100644 (file)
--- a/src/tests/keywords/pairs
+++ b/src/tests/keywords/pairs
@@ -32,9 +32,10 @@ if !(&Tmp-String-3 == 'Tmp-String-0 = "This is a string", Tmp-String-0 = "This i
 }
 
 #
-#  Must be nested
+#  Allow old-style, and with -S tmpl_tokenize_all_nested=yes
 #
-if !(&Tmp-String-4 == 'Password = { Cleartext = "hello" }') {
+if !((&Tmp-String-4 == 'Password.Cleartext = "hello"') ||
+     (&Tmp-String-4 == 'Password = { Cleartext = "hello" }')) {
        test_fail
 }
 

diff --git a/src/tests/ldap_sync/active_directory/config/radiusd.conf b/src/tests/ldap_sync/active_directory/config/radiusd.conf
index 225562b68164bccbbc1d6a9d12eedbeeee60d11a..6882486a6268d94ca007c9e0bc19d721d9332a69 100644 (file)
--- a/src/tests/ldap_sync/active_directory/config/radiusd.conf
+++ b/src/tests/ldap_sync/active_directory/config/radiusd.conf
@@ -29,6 +29,11 @@ security {
        allow_vulnerable_openssl = yes
 }
 
+#  Only during migration
+migrate {
+       tmpl_tokenize_all_nested = yes
+}
+
 global {
        ldap {
                ldap_debug = 0x0801

diff --git a/src/tests/ldap_sync/persistent_search/config/radiusd.conf b/src/tests/ldap_sync/persistent_search/config/radiusd.conf
index 5020fdf8857e2d27100779ac32a3459d128351fb..80548b02b48e0cef71139d5df47e637d1ad87653 100644 (file)
--- a/src/tests/ldap_sync/persistent_search/config/radiusd.conf
+++ b/src/tests/ldap_sync/persistent_search/config/radiusd.conf
@@ -29,6 +29,11 @@ security {
        allow_vulnerable_openssl = yes
 }
 
+#  Only during migration
+migrate {
+       tmpl_tokenize_all_nested = yes
+}
+
 global {
        ldap {
                ldap_debug = 0x0801

diff --git a/src/tests/ldap_sync/rfc4533/config/radiusd.conf b/src/tests/ldap_sync/rfc4533/config/radiusd.conf
index 142042feb36cf8178772aafefb1c235e7de58cb5..a3b5fa5421a6a026caf77a46f72a3ca2fbdb817e 100644 (file)
--- a/src/tests/ldap_sync/rfc4533/config/radiusd.conf
+++ b/src/tests/ldap_sync/rfc4533/config/radiusd.conf
@@ -29,6 +29,11 @@ security {
        allow_vulnerable_openssl = yes
 }
 
+#  Only during migration
+migrate {
+       tmpl_tokenize_all_nested = yes
+}
+
 global {
        ldap {
                ldap_debug = 0x0801

diff --git a/src/tests/modules/imap/imap_opt_tls/global.conf b/src/tests/modules/imap/imap_opt_tls/global.conf
index e69de29bb2d1d6434b8b29ae775ad8c2e48c5391..655a2e0f6d45f18176d135eaae22d5161000009e 100644 (file)
--- a/src/tests/modules/imap/imap_opt_tls/global.conf
+++ b/src/tests/modules/imap/imap_opt_tls/global.conf
@@ -0,0 +1,5 @@
+# Needed during migration to nested attributes
+# to check TLS-Certificate.Issuer
+migrate {
+       tmpl_tokenize_all_nested = yes
+}

diff --git a/src/tests/modules/imap/imap_tls/global.conf b/src/tests/modules/imap/imap_tls/global.conf
index e69de29bb2d1d6434b8b29ae775ad8c2e48c5391..655a2e0f6d45f18176d135eaae22d5161000009e 100644 (file)
--- a/src/tests/modules/imap/imap_tls/global.conf
+++ b/src/tests/modules/imap/imap_tls/global.conf
@@ -0,0 +1,5 @@
+# Needed during migration to nested attributes
+# to check TLS-Certificate.Issuer
+migrate {
+       tmpl_tokenize_all_nested = yes
+}

diff --git a/src/tests/modules/smtp/smtp_authenticate/global.conf b/src/tests/modules/smtp/smtp_authenticate/global.conf
index e69de29bb2d1d6434b8b29ae775ad8c2e48c5391..655a2e0f6d45f18176d135eaae22d5161000009e 100644 (file)
--- a/src/tests/modules/smtp/smtp_authenticate/global.conf
+++ b/src/tests/modules/smtp/smtp_authenticate/global.conf
@@ -0,0 +1,5 @@
+# Needed during migration to nested attributes
+# to check TLS-Certificate.Issuer
+migrate {
+       tmpl_tokenize_all_nested = yes
+}

diff --git a/src/tests/modules/smtp/smtp_crln/global.conf b/src/tests/modules/smtp/smtp_crln/global.conf
index e69de29bb2d1d6434b8b29ae775ad8c2e48c5391..655a2e0f6d45f18176d135eaae22d5161000009e 100644 (file)
--- a/src/tests/modules/smtp/smtp_crln/global.conf
+++ b/src/tests/modules/smtp/smtp_crln/global.conf
@@ -0,0 +1,5 @@
+# Needed during migration to nested attributes
+# to check TLS-Certificate.Issuer
+migrate {
+       tmpl_tokenize_all_nested = yes
+}

diff --git a/src/tests/modules/smtp/smtp_stringparse/global.conf b/src/tests/modules/smtp/smtp_stringparse/global.conf
index e69de29bb2d1d6434b8b29ae775ad8c2e48c5391..655a2e0f6d45f18176d135eaae22d5161000009e 100644 (file)
--- a/src/tests/modules/smtp/smtp_stringparse/global.conf
+++ b/src/tests/modules/smtp/smtp_stringparse/global.conf
@@ -0,0 +1,5 @@
+# Needed during migration to nested attributes
+# to check TLS-Certificate.Issuer
+migrate {
+       tmpl_tokenize_all_nested = yes
+}

diff --git a/src/tests/modules/unit_test_module.conf b/src/tests/modules/unit_test_module.conf
index dfd169b415e2c628e566cb1d85c1e6db7c852f1f..594a7d98560a98ac4d198066d9371d98009e238c 100644 (file)
--- a/src/tests/modules/unit_test_module.conf
+++ b/src/tests/modules/unit_test_module.conf
@@ -12,6 +12,14 @@ security {
        allow_vulnerable_openssl = yes
 }
 
+#
+#  @todo - set all of these flags!
+#
+#migrate {
+#      tmpl_tokenize_all_nested = true
+#      forbid_update = true
+#}
+
 delete_from_radacct = "DELETE FROM radcheck WHERE AcctSessionId ="
 delete_from_radcheck = "DELETE FROM radcheck WHERE username ="
 delete_from_radreply = "DELETE FROM radreply WHERE username ="

diff --git a/src/tests/xlat/unit_test_module.conf b/src/tests/xlat/unit_test_module.conf
index 03bd37fda18a75bf7755b1498ee23da7d5401903..265c1a11defd9ffb5674b5e254eadf90e15e8640 100644 (file)
--- a/src/tests/xlat/unit_test_module.conf
+++ b/src/tests/xlat/unit_test_module.conf
@@ -13,6 +13,10 @@ security {
     allow_core_dumps = yes
 }
 
+migrate {
+       tmpl_tokenize_all_nested = true
+}
+
 modules {
        $INCLUDE ${raddb}/mods-enabled/always