mka: Stop trying to generate and distribute new SAK when not key server
It was possible for a participant to first be elected as a key server and schedule a new SAK to be generated and distributed just to be followed by another participant being elected as the key server. That did not stop the participant that disabled key server functionality to stop generating the new SAK and then trying to distribute it. That is not correct behavior, so make these steps conditional on the participant still being a key server when going through the timer. Signed-off-by: Jouni Malinen <j@w1.fi>
This commit is contained in:
parent
4060cb272b
commit
626bc1fac2
1 changed files with 3 additions and 2 deletions
|
@ -1528,7 +1528,8 @@ static Boolean
|
|||
ieee802_1x_mka_dist_sak_body_present(
|
||||
struct ieee802_1x_mka_participant *participant)
|
||||
{
|
||||
return participant->to_dist_sak && participant->new_key;
|
||||
return participant->is_key_server && participant->to_dist_sak &&
|
||||
participant->new_key;
|
||||
}
|
||||
|
||||
|
||||
|
@ -2584,7 +2585,7 @@ static void ieee802_1x_participant_timer(void *eloop_ctx, void *timeout_ctx)
|
|||
}
|
||||
}
|
||||
|
||||
if (participant->new_sak) {
|
||||
if (participant->new_sak && participant->is_key_server) {
|
||||
if (!ieee802_1x_kay_generate_new_sak(participant))
|
||||
participant->to_dist_sak = TRUE;
|
||||
|
||||
|
|
Loading…
Reference in a new issue