From: Alan T. DeKok Date: Wed, 26 Nov 2025 14:05:29 +0000 (-0500) Subject: limit where ALIASes can go. X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=50d67ba06ea0df98debed60d8932a7caa311f580;p=thirdparty%2Ffreeradius-server.git limit where ALIASes can go. because it doesn't make sense to have them in 'group', for example --- diff --git a/src/lib/util/dict_tokenize.c b/src/lib/util/dict_tokenize.c index 25c1038af29..d2bc4b0cab7 100644 --- a/src/lib/util/dict_tokenize.c +++ b/src/lib/util/dict_tokenize.c @@ -1395,6 +1395,24 @@ static int dict_read_process_alias(dict_tokenize_ctx_t *dctx, char **argv, int a return -1; } + /* + * Internally we can add aliases to STRUCTs. But the poor user can't. + * + * This limitation is mainly so that we can differentiate automatically added aliases (which + * point to unions), from ones added by users. If we make dict_attr_acopy_aliases() a little + * smarter, then we can relax those checks. + */ + switch (parent->type) { + case FR_TYPE_TLV: + case FR_TYPE_VSA: + case FR_TYPE_VENDOR: + break; + + default: + fr_strerror_printf("ALIAS cannot be added to data type '%s'", fr_type_to_str(parent->type)); + return -1; + } + /* * Relative refs get resolved from the current namespace. */ diff --git a/src/lib/util/dict_util.c b/src/lib/util/dict_util.c index aedf5f7b488..494eaac6a1e 100644 --- a/src/lib/util/dict_util.c +++ b/src/lib/util/dict_util.c @@ -1410,11 +1410,17 @@ int dict_attr_alias_add(fr_dict_attr_t const *parent, char const *alias, fr_dict break; default: - fr_strerror_printf("Cannot add ALIAS to %s of data type '%s'", + fr_strerror_printf("Cannot add ALIAS to parent attribute %s of data type '%s'", parent->name, fr_type_to_str(parent->type)); return -1; } + if ((ref->type == FR_TYPE_UNION) || fr_dict_attr_is_key_field(ref)) { + fr_strerror_printf("Cannot add ALIAS to target attribute %s of data type '%s'", + ref->name, fr_type_to_str(ref->type)); + return -1; + } + da = dict_attr_by_name(NULL, parent, alias); if (da) { fr_strerror_printf("ALIAS '%s' conflicts with another attribute in namespace %s",