aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorJouni Malinen <j@w1.fi>2014-12-14 11:31:12 (GMT)
committerJouni Malinen <j@w1.fi>2014-12-14 13:47:04 (GMT)
commit2c6411edd052117b221c36775b53088f7d5d707a (patch)
tree405336b9cff3dd7d3847966cd036bfc3f08b87d7
parent777bbe7a3c7f9f93e03b8302c2169b5041013ad5 (diff)
downloadhostap-2c6411edd052117b221c36775b53088f7d5d707a.zip
hostap-2c6411edd052117b221c36775b53088f7d5d707a.tar.gz
hostap-2c6411edd052117b221c36775b53088f7d5d707a.tar.bz2
ERP: Add ERP_FLUSH for hostapd
This can be used to drop any pending ERP key from both the internal AP authentication server and RADIUS server use of hostapd. Signed-off-by: Jouni Malinen <j@w1.fi>
-rw-r--r--hostapd/ctrl_iface.c6
-rw-r--r--hostapd/hostapd_cli.c8
-rw-r--r--src/ap/ieee802_1x.c18
-rw-r--r--src/ap/ieee802_1x.h1
-rw-r--r--src/radius/radius_server.c26
-rw-r--r--src/radius/radius_server.h1
6 files changed, 46 insertions, 14 deletions
diff --git a/hostapd/ctrl_iface.c b/hostapd/ctrl_iface.c
index 4ed3dec..52e7a43 100644
--- a/hostapd/ctrl_iface.c
+++ b/hostapd/ctrl_iface.c
@@ -2019,7 +2019,11 @@ static void hostapd_ctrl_iface_receive(int sock, void *eloop_ctx,
} else if (os_strncmp(buf, "VENDOR ", 7) == 0) {
reply_len = hostapd_ctrl_iface_vendor(hapd, buf + 7, reply,
reply_size);
-
+ } else if (os_strcmp(buf, "ERP_FLUSH") == 0) {
+ ieee802_1x_erp_flush(hapd);
+#ifdef RADIUS_SERVER
+ radius_server_erp_flush(hapd->radius_srv);
+#endif /* RADIUS_SERVER */
} else {
os_memcpy(reply, "UNKNOWN COMMAND\n", 16);
reply_len = 16;
diff --git a/hostapd/hostapd_cli.c b/hostapd/hostapd_cli.c
index 7faa324..7009184 100644
--- a/hostapd/hostapd_cli.c
+++ b/hostapd/hostapd_cli.c
@@ -1002,6 +1002,13 @@ static int hostapd_cli_cmd_vendor(struct wpa_ctrl *ctrl, int argc, char *argv[])
}
+static int hostapd_cli_cmd_erp_flush(struct wpa_ctrl *ctrl, int argc,
+ char *argv[])
+{
+ return wpa_ctrl_command(ctrl, "ERP_FLUSH");
+}
+
+
struct hostapd_cli_cmd {
const char *cmd;
int (*handler)(struct wpa_ctrl *ctrl, int argc, char *argv[]);
@@ -1055,6 +1062,7 @@ static struct hostapd_cli_cmd hostapd_cli_commands[] = {
{ "enable", hostapd_cli_cmd_enable },
{ "reload", hostapd_cli_cmd_reload },
{ "disable", hostapd_cli_cmd_disable },
+ { "erp_flush", hostapd_cli_cmd_erp_flush },
{ NULL, NULL }
};
diff --git a/src/ap/ieee802_1x.c b/src/ap/ieee802_1x.c
index 1810925..2287b28 100644
--- a/src/ap/ieee802_1x.c
+++ b/src/ap/ieee802_1x.c
@@ -2151,10 +2151,20 @@ int ieee802_1x_init(struct hostapd_data *hapd)
}
-void ieee802_1x_deinit(struct hostapd_data *hapd)
+void ieee802_1x_erp_flush(struct hostapd_data *hapd)
{
struct eap_server_erp_key *erp;
+ while ((erp = dl_list_first(&hapd->erp_keys, struct eap_server_erp_key,
+ list)) != NULL) {
+ dl_list_del(&erp->list);
+ bin_clear_free(erp, sizeof(*erp));
+ }
+}
+
+
+void ieee802_1x_deinit(struct hostapd_data *hapd)
+{
eloop_cancel_timeout(ieee802_1x_rekey, hapd, NULL);
if (hapd->driver != NULL &&
@@ -2164,11 +2174,7 @@ void ieee802_1x_deinit(struct hostapd_data *hapd)
eapol_auth_deinit(hapd->eapol_auth);
hapd->eapol_auth = NULL;
- while ((erp = dl_list_first(&hapd->erp_keys, struct eap_server_erp_key,
- list)) != NULL) {
- dl_list_del(&erp->list);
- bin_clear_free(erp, sizeof(*erp));
- }
+ ieee802_1x_erp_flush(hapd);
}
diff --git a/src/ap/ieee802_1x.h b/src/ap/ieee802_1x.h
index e1df940..de6e0e7 100644
--- a/src/ap/ieee802_1x.h
+++ b/src/ap/ieee802_1x.h
@@ -29,6 +29,7 @@ void ieee802_1x_set_sta_authorized(struct hostapd_data *hapd,
struct sta_info *sta, int authorized);
void ieee802_1x_dump_state(FILE *f, const char *prefix, struct sta_info *sta);
int ieee802_1x_init(struct hostapd_data *hapd);
+void ieee802_1x_erp_flush(struct hostapd_data *hapd);
void ieee802_1x_deinit(struct hostapd_data *hapd);
int ieee802_1x_tx_status(struct hostapd_data *hapd, struct sta_info *sta,
const u8 *buf, size_t len, int ack);
diff --git a/src/radius/radius_server.c b/src/radius/radius_server.c
index b315277..85a485e 100644
--- a/src/radius/radius_server.c
+++ b/src/radius/radius_server.c
@@ -1820,15 +1820,31 @@ radius_server_init(struct radius_server_conf *conf)
/**
- * radius_server_deinit - Deinitialize RADIUS server
+ * radius_server_erp_flush - Flush all ERP keys
* @data: RADIUS server context from radius_server_init()
*/
-void radius_server_deinit(struct radius_server_data *data)
+void radius_server_erp_flush(struct radius_server_data *data)
{
struct eap_server_erp_key *erp;
if (data == NULL)
return;
+ while ((erp = dl_list_first(&data->erp_keys, struct eap_server_erp_key,
+ list)) != NULL) {
+ dl_list_del(&erp->list);
+ bin_clear_free(erp, sizeof(*erp));
+ }
+}
+
+
+/**
+ * radius_server_deinit - Deinitialize RADIUS server
+ * @data: RADIUS server context from radius_server_init()
+ */
+void radius_server_deinit(struct radius_server_data *data)
+{
+ if (data == NULL)
+ return;
if (data->auth_sock >= 0) {
eloop_unregister_read_sock(data->auth_sock);
@@ -1856,11 +1872,7 @@ void radius_server_deinit(struct radius_server_data *data)
sqlite3_close(data->db);
#endif /* CONFIG_SQLITE */
- while ((erp = dl_list_first(&data->erp_keys, struct eap_server_erp_key,
- list)) != NULL) {
- dl_list_del(&erp->list);
- bin_clear_free(erp, sizeof(*erp));
- }
+ radius_server_erp_flush(data);
os_free(data);
}
diff --git a/src/radius/radius_server.h b/src/radius/radius_server.h
index 1b8967c..ca4e38c 100644
--- a/src/radius/radius_server.h
+++ b/src/radius/radius_server.h
@@ -235,6 +235,7 @@ struct radius_server_conf {
struct radius_server_data *
radius_server_init(struct radius_server_conf *conf);
+void radius_server_erp_flush(struct radius_server_data *data);
void radius_server_deinit(struct radius_server_data *data);
int radius_server_get_mib(struct radius_server_data *data, char *buf,