disallow CoA for fake packets. Fixes #4929

The CoA handling in process.c requires that the CoA packet be
associated with a "real" request.  i.e. one that was received from
the network, and is therefore long-lived.

"fake" packets, such as ones sent to a virtual home server, or
packets used in the "inner-tunnel" virtual server can't do CoA.

This is because the fake packets are freed immediately after they
are processed, and there is no way for them to push the CoA child
into the main event loop.

diff --git a/src/main/map.c b/src/main/map.c
index a1464e3de5439e2e3f1f88bb5649f486b98acb8f..ffee770ffffd17fd51307a2bd04a5d17e9daf8b5 100644 (file)
--- a/src/main/map.c
+++ b/src/main/map.c
@@ -1108,6 +1108,11 @@ int map_to_request(REQUEST *request, vp_map_t const *map, radius_map_getvalue_t
         */
        if (((map->lhs->tmpl_list == PAIR_LIST_COA) ||
             (map->lhs->tmpl_list == PAIR_LIST_DM)) && !request->coa) {
+               if (request->parent) {
+                       REDEBUG("You can only do 'update coa' when processing a packet which was received from the network");
+                       return -2;
+               }
+
                if ((request->packet->code == PW_CODE_COA_REQUEST) ||
                    (request->packet->code == PW_CODE_DISCONNECT_REQUEST)) {
                        REDEBUG("You cannot do 'update coa' when processing a CoA / Disconnect request.  Use 'update request' instead.");