From: Alan T. DeKok Date: Sun, 17 Sep 2023 21:37:52 +0000 (-0400) Subject: Revert "remove tmpl_tokenize_all_nested" X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=6737af4ea004575994073a9c4310e4fdc38cbb81;p=thirdparty%2Ffreeradius-server.git Revert "remove tmpl_tokenize_all_nested" This reverts commit 861c6a07630b4b6c32bcbc4994b07803e0ed84a8. let's see if this causes CI to pass? --- diff --git a/raddb/radiusd.conf.in b/raddb/radiusd.conf.in index b38ea5e673d..508c9c48c8b 100644 --- a/raddb/radiusd.conf.in +++ b/raddb/radiusd.conf.in @@ -597,6 +597,12 @@ global { # `-S flag=value`. # migrate { + # + # tmpl_tokenize_all_nested:: Create all internal "tmpl" data + # structures as using nested structures instead of flat ones. + # + tmpl_tokenize_all_nested = false + # # rewrite_update:: Rewrite old `update` sections to use the new # "edit" code. diff --git a/src/lib/server/main_config.c b/src/lib/server/main_config.c index 8fe1c685cdd..7819ae8fd6e 100644 --- a/src/lib/server/main_config.c +++ b/src/lib/server/main_config.c @@ -188,6 +188,7 @@ static const CONF_PARSER thread_config[] = { * Migration configuration. */ static const CONF_PARSER migrate_config[] = { + { FR_CONF_OFFSET("tmpl_tokenize_all_nested", FR_TYPE_BOOL | FR_TYPE_HIDDEN, main_config_t, tmpl_tokenize_all_nested) }, { FR_CONF_OFFSET("rewrite_update", FR_TYPE_BOOL | FR_TYPE_HIDDEN, main_config_t, rewrite_update) }, { FR_CONF_OFFSET("forbid_update", FR_TYPE_BOOL | FR_TYPE_HIDDEN, main_config_t, forbid_update) }, @@ -1473,6 +1474,7 @@ void main_config_hup(main_config_t *config) } static fr_table_num_ordered_t config_arg_table[] = { + { L("tmpl_tokenize_all_nested"), offsetof(main_config_t, tmpl_tokenize_all_nested) }, { L("rewrite_update"), offsetof(main_config_t, rewrite_update) }, { L("forbid_update"), offsetof(main_config_t, forbid_update) }, }; diff --git a/src/lib/server/main_config.h b/src/lib/server/main_config.h index df667cf0dc6..791ea6987a8 100644 --- a/src/lib/server/main_config.h +++ b/src/lib/server/main_config.h @@ -159,6 +159,7 @@ struct main_config_s { /* * Migration tools */ + bool tmpl_tokenize_all_nested; //!< tmpl_tokenize will create nested tmpls instead of flat ones bool rewrite_update; //!< rewrite "update" to be new edit sections bool forbid_update; //!< forbid "update" sections }; diff --git a/src/lib/server/tmpl_tokenize.c b/src/lib/server/tmpl_tokenize.c index f269dcbaf43..3822a9771c0 100644 --- a/src/lib/server/tmpl_tokenize.c +++ b/src/lib/server/tmpl_tokenize.c @@ -1916,10 +1916,33 @@ do_suffix: case FR_TYPE_VSA: is_union: /* - * These structural types are always nested. Both for parenting, and for - * namespace. + * Omit nesting types where the relationship is already + * described by the dictionaries and there's no filter. + * + * These attribute references would just use additional + * memory for no real purpose. + * + * Because we pre-allocate an attribute reference in + * each tmpl talloc pool, unless the attribute + * reference list contains a group, there's no performance + * penalty in repeatedly allocating and freeing this ar. + * + * Flatten / nested migration hack. :( + */ + if (1 && main_config && main_config->tmpl_tokenize_all_nested) { + our_parent = da; /* Only update the parent if we're not stripping */ + + } else if (ar_filter_is_none(ar) && ar_is_normal(ar)) { + TALLOC_FREE(ar); + } else { + our_parent = da; /* Only update the parent if we're not stripping */ + } + + /* + * The child might not go into the parent list, but the child definitely is in + * the parents namespace. */ - namespace = our_parent = da; + namespace = da; break; default: diff --git a/src/tests/auth/unit_test_module.conf b/src/tests/auth/unit_test_module.conf index 4eaebaaacac..4e55db882eb 100644 --- a/src/tests/auth/unit_test_module.conf +++ b/src/tests/auth/unit_test_module.conf @@ -13,6 +13,10 @@ security { allow_vulnerable_openssl = yes } +migrate { + tmpl_tokenize_all_nested = true +} + modules { $INCLUDE ${raddb}/mods-enabled/always diff --git a/src/tests/digest/config/digest.conf b/src/tests/digest/config/digest.conf index bb326f99974..db30c1bb93b 100644 --- a/src/tests/digest/config/digest.conf +++ b/src/tests/digest/config/digest.conf @@ -29,6 +29,10 @@ security { allow_vulnerable_openssl = yes } +migrate { + tmpl_tokenize_all_nested = true +} + policy { files.authorize { if (&User-Name == "bob") { diff --git a/src/tests/keywords/all.mk b/src/tests/keywords/all.mk index af7ebfeddf3..aeadc394b98 100644 --- a/src/tests/keywords/all.mk +++ b/src/tests/keywords/all.mk @@ -78,10 +78,10 @@ ifneq "$(findstring ${1}, update-to-edit $(KEYWORD_UPDATE_TESTS) xlat-unknown )" $(OUTPUT)/${1}: NEW_COND= else ifneq "$(findstring ${1}, $(KEYWORD_UPDATE_REWRITE_TESTS))" "" -$(OUTPUT)/${1}: NEW_COND=-S rewrite_update=yes +$(OUTPUT)/${1}: NEW_COND=-S rewrite_update=yes -S tmpl_tokenize_all_nested=yes else -$(OUTPUT)/${1}: NEW_COND=-S forbid_update=yes +$(OUTPUT)/${1}: NEW_COND=-S forbid_update=yes -S tmpl_tokenize_all_nested=yes ifeq "${1}" "mschap" $(OUTPUT)/${1}: $(BUILD_DIR)/lib/local/rlm_mschap.la $(BUILD_DIR)/lib/rlm_mschap.la diff --git a/src/tests/keywords/pairs b/src/tests/keywords/pairs index e35b15d946b..603356e1901 100644 --- a/src/tests/keywords/pairs +++ b/src/tests/keywords/pairs @@ -32,9 +32,10 @@ if !(&Tmp-String-3 == 'Tmp-String-0 = "This is a string", Tmp-String-0 = "This i } # -# Must be nested +# Allow old-style, and with -S tmpl_tokenize_all_nested=yes # -if !(&Tmp-String-4 == 'Password = { Cleartext = "hello" }') { +if !((&Tmp-String-4 == 'Password.Cleartext = "hello"') || + (&Tmp-String-4 == 'Password = { Cleartext = "hello" }')) { test_fail } diff --git a/src/tests/ldap_sync/active_directory/config/radiusd.conf b/src/tests/ldap_sync/active_directory/config/radiusd.conf index 225562b6816..6882486a626 100644 --- a/src/tests/ldap_sync/active_directory/config/radiusd.conf +++ b/src/tests/ldap_sync/active_directory/config/radiusd.conf @@ -29,6 +29,11 @@ security { allow_vulnerable_openssl = yes } +# Only during migration +migrate { + tmpl_tokenize_all_nested = yes +} + global { ldap { ldap_debug = 0x0801 diff --git a/src/tests/ldap_sync/persistent_search/config/radiusd.conf b/src/tests/ldap_sync/persistent_search/config/radiusd.conf index 5020fdf8857..80548b02b48 100644 --- a/src/tests/ldap_sync/persistent_search/config/radiusd.conf +++ b/src/tests/ldap_sync/persistent_search/config/radiusd.conf @@ -29,6 +29,11 @@ security { allow_vulnerable_openssl = yes } +# Only during migration +migrate { + tmpl_tokenize_all_nested = yes +} + global { ldap { ldap_debug = 0x0801 diff --git a/src/tests/ldap_sync/rfc4533/config/radiusd.conf b/src/tests/ldap_sync/rfc4533/config/radiusd.conf index 142042feb36..a3b5fa5421a 100644 --- a/src/tests/ldap_sync/rfc4533/config/radiusd.conf +++ b/src/tests/ldap_sync/rfc4533/config/radiusd.conf @@ -29,6 +29,11 @@ security { allow_vulnerable_openssl = yes } +# Only during migration +migrate { + tmpl_tokenize_all_nested = yes +} + global { ldap { ldap_debug = 0x0801 diff --git a/src/tests/modules/imap/imap_opt_tls/global.conf b/src/tests/modules/imap/imap_opt_tls/global.conf index e69de29bb2d..655a2e0f6d4 100644 --- a/src/tests/modules/imap/imap_opt_tls/global.conf +++ b/src/tests/modules/imap/imap_opt_tls/global.conf @@ -0,0 +1,5 @@ +# Needed during migration to nested attributes +# to check TLS-Certificate.Issuer +migrate { + tmpl_tokenize_all_nested = yes +} diff --git a/src/tests/modules/imap/imap_tls/global.conf b/src/tests/modules/imap/imap_tls/global.conf index e69de29bb2d..655a2e0f6d4 100644 --- a/src/tests/modules/imap/imap_tls/global.conf +++ b/src/tests/modules/imap/imap_tls/global.conf @@ -0,0 +1,5 @@ +# Needed during migration to nested attributes +# to check TLS-Certificate.Issuer +migrate { + tmpl_tokenize_all_nested = yes +} diff --git a/src/tests/modules/smtp/smtp_authenticate/global.conf b/src/tests/modules/smtp/smtp_authenticate/global.conf index e69de29bb2d..655a2e0f6d4 100644 --- a/src/tests/modules/smtp/smtp_authenticate/global.conf +++ b/src/tests/modules/smtp/smtp_authenticate/global.conf @@ -0,0 +1,5 @@ +# Needed during migration to nested attributes +# to check TLS-Certificate.Issuer +migrate { + tmpl_tokenize_all_nested = yes +} diff --git a/src/tests/modules/smtp/smtp_crln/global.conf b/src/tests/modules/smtp/smtp_crln/global.conf index e69de29bb2d..655a2e0f6d4 100644 --- a/src/tests/modules/smtp/smtp_crln/global.conf +++ b/src/tests/modules/smtp/smtp_crln/global.conf @@ -0,0 +1,5 @@ +# Needed during migration to nested attributes +# to check TLS-Certificate.Issuer +migrate { + tmpl_tokenize_all_nested = yes +} diff --git a/src/tests/modules/smtp/smtp_stringparse/global.conf b/src/tests/modules/smtp/smtp_stringparse/global.conf index e69de29bb2d..655a2e0f6d4 100644 --- a/src/tests/modules/smtp/smtp_stringparse/global.conf +++ b/src/tests/modules/smtp/smtp_stringparse/global.conf @@ -0,0 +1,5 @@ +# Needed during migration to nested attributes +# to check TLS-Certificate.Issuer +migrate { + tmpl_tokenize_all_nested = yes +} diff --git a/src/tests/modules/unit_test_module.conf b/src/tests/modules/unit_test_module.conf index dfd169b415e..594a7d98560 100644 --- a/src/tests/modules/unit_test_module.conf +++ b/src/tests/modules/unit_test_module.conf @@ -12,6 +12,14 @@ security { allow_vulnerable_openssl = yes } +# +# @todo - set all of these flags! +# +#migrate { +# tmpl_tokenize_all_nested = true +# forbid_update = true +#} + delete_from_radacct = "DELETE FROM radcheck WHERE AcctSessionId =" delete_from_radcheck = "DELETE FROM radcheck WHERE username =" delete_from_radreply = "DELETE FROM radreply WHERE username =" diff --git a/src/tests/xlat/unit_test_module.conf b/src/tests/xlat/unit_test_module.conf index 03bd37fda18..265c1a11def 100644 --- a/src/tests/xlat/unit_test_module.conf +++ b/src/tests/xlat/unit_test_module.conf @@ -13,6 +13,10 @@ security { allow_core_dumps = yes } +migrate { + tmpl_tokenize_all_nested = true +} + modules { $INCLUDE ${raddb}/mods-enabled/always