mka: Fix multiple key server election bugs
1. The comparison between SCI's of two servers with identical priority is broken, and would always return TRUE. Just use os_memcmp(), which provides the ordering we need. 2. If no peer can be key server but this instance can, then become the key server. 3. The ordering of blocks between peer as key server and ourself as key server overwrites settings. Simple reordering fixes this. 4. Default to being the key server, so that we advertise our ability in the MKPDUs we send. That's the only way peers can know we can be key server. Cleared automatically as soon as we find a better peer. Signed-off-by: Sabrina Dubroca <sd@queasysnail.net>
This commit is contained in:
parent
a1979469fd
commit
099613e415
1 changed files with 14 additions and 23 deletions
|
@ -2097,7 +2097,6 @@ ieee802_1x_kay_elect_key_server(struct ieee802_1x_mka_participant *participant)
|
||||||
struct ieee802_1x_kay_peer *key_server = NULL;
|
struct ieee802_1x_kay_peer *key_server = NULL;
|
||||||
struct ieee802_1x_kay *kay = participant->kay;
|
struct ieee802_1x_kay *kay = participant->kay;
|
||||||
Boolean i_is_key_server;
|
Boolean i_is_key_server;
|
||||||
int i;
|
|
||||||
|
|
||||||
if (participant->is_obliged_key_server) {
|
if (participant->is_obliged_key_server) {
|
||||||
participant->new_sak = TRUE;
|
participant->new_sak = TRUE;
|
||||||
|
@ -2122,11 +2121,9 @@ ieee802_1x_kay_elect_key_server(struct ieee802_1x_mka_participant *participant)
|
||||||
key_server = peer;
|
key_server = peer;
|
||||||
} else if (peer->key_server_priority ==
|
} else if (peer->key_server_priority ==
|
||||||
key_server->key_server_priority) {
|
key_server->key_server_priority) {
|
||||||
for (i = 0; i < 6; i++) {
|
if (os_memcmp(peer->sci.addr, key_server->sci.addr,
|
||||||
if (peer->sci.addr[i] <
|
ETH_ALEN) < 0)
|
||||||
key_server->sci.addr[i])
|
key_server = peer;
|
||||||
key_server = peer;
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -2138,20 +2135,12 @@ ieee802_1x_kay_elect_key_server(struct ieee802_1x_mka_participant *participant)
|
||||||
i_is_key_server = TRUE;
|
i_is_key_server = TRUE;
|
||||||
} else if (kay->actor_priority
|
} else if (kay->actor_priority
|
||||||
== key_server->key_server_priority) {
|
== key_server->key_server_priority) {
|
||||||
for (i = 0; i < 6; i++) {
|
if (os_memcmp(kay->actor_sci.addr, key_server->sci.addr,
|
||||||
if (kay->actor_sci.addr[i]
|
ETH_ALEN) < 0)
|
||||||
< key_server->sci.addr[i]) {
|
i_is_key_server = TRUE;
|
||||||
i_is_key_server = TRUE;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
}
|
} else if (participant->can_be_key_server) {
|
||||||
|
i_is_key_server = TRUE;
|
||||||
if (!key_server && !i_is_key_server) {
|
|
||||||
participant->principal = FALSE;
|
|
||||||
participant->is_key_server = FALSE;
|
|
||||||
participant->is_elected = FALSE;
|
|
||||||
return 0;
|
|
||||||
}
|
}
|
||||||
|
|
||||||
if (i_is_key_server) {
|
if (i_is_key_server) {
|
||||||
|
@ -2172,9 +2161,7 @@ ieee802_1x_kay_elect_key_server(struct ieee802_1x_mka_participant *participant)
|
||||||
os_memcpy(&kay->key_server_sci, &kay->actor_sci,
|
os_memcpy(&kay->key_server_sci, &kay->actor_sci,
|
||||||
sizeof(kay->key_server_sci));
|
sizeof(kay->key_server_sci));
|
||||||
kay->key_server_priority = kay->actor_priority;
|
kay->key_server_priority = kay->actor_priority;
|
||||||
}
|
} else if (key_server) {
|
||||||
|
|
||||||
if (key_server) {
|
|
||||||
ieee802_1x_cp_set_electedself(kay->cp, FALSE);
|
ieee802_1x_cp_set_electedself(kay->cp, FALSE);
|
||||||
if (os_memcmp(&kay->key_server_sci, &key_server->sci,
|
if (os_memcmp(&kay->key_server_sci, &key_server->sci,
|
||||||
sizeof(kay->key_server_sci))) {
|
sizeof(kay->key_server_sci))) {
|
||||||
|
@ -2189,6 +2176,10 @@ ieee802_1x_kay_elect_key_server(struct ieee802_1x_mka_participant *participant)
|
||||||
os_memcpy(&kay->key_server_sci, &key_server->sci,
|
os_memcpy(&kay->key_server_sci, &key_server->sci,
|
||||||
sizeof(kay->key_server_sci));
|
sizeof(kay->key_server_sci));
|
||||||
kay->key_server_priority = key_server->key_server_priority;
|
kay->key_server_priority = key_server->key_server_priority;
|
||||||
|
} else {
|
||||||
|
participant->principal = FALSE;
|
||||||
|
participant->is_key_server = FALSE;
|
||||||
|
participant->is_elected = FALSE;
|
||||||
}
|
}
|
||||||
|
|
||||||
return 0;
|
return 0;
|
||||||
|
@ -3320,7 +3311,7 @@ ieee802_1x_kay_create_mka(struct ieee802_1x_kay *kay, struct mka_key_name *ckn,
|
||||||
default:
|
default:
|
||||||
participant->is_obliged_key_server = FALSE;
|
participant->is_obliged_key_server = FALSE;
|
||||||
participant->can_be_key_server = TRUE;
|
participant->can_be_key_server = TRUE;
|
||||||
participant->is_key_server = FALSE;
|
participant->is_key_server = TRUE;
|
||||||
participant->is_elected = FALSE;
|
participant->is_elected = FALSE;
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in a new issue