6 files changed, 46 insertions, 14 deletions

diff --git a/hostapd/ctrl_iface.c b/hostapd/ctrl_iface.c
index 4ed3dec..52e7a43 100644
--- a/hostapd/ctrl_iface.c
+++ b/hostapd/ctrl_iface.c
@@ -2019,7 +2019,11 @@ static void hostapd_ctrl_iface_receive(int sock, void *eloop_ctx,
 	} else if (os_strncmp(buf, "VENDOR ", 7) == 0) {
 		reply_len = hostapd_ctrl_iface_vendor(hapd, buf + 7, reply,
 						      reply_size);
-
+	} else if (os_strcmp(buf, "ERP_FLUSH") == 0) {
+		ieee802_1x_erp_flush(hapd);
+#ifdef RADIUS_SERVER
+		radius_server_erp_flush(hapd->radius_srv);
+#endif /* RADIUS_SERVER */
 	} else {
 		os_memcpy(reply, "UNKNOWN COMMAND\n", 16);
 		reply_len = 16;
diff --git a/hostapd/hostapd_cli.c b/hostapd/hostapd_cli.c
index 7faa324..7009184 100644
--- a/hostapd/hostapd_cli.c
+++ b/hostapd/hostapd_cli.c
@@ -1002,6 +1002,13 @@ static int hostapd_cli_cmd_vendor(struct wpa_ctrl *ctrl, int argc, char *argv[])
 }
 
 
+static int hostapd_cli_cmd_erp_flush(struct wpa_ctrl *ctrl, int argc,
+				     char *argv[])
+{
+	return wpa_ctrl_command(ctrl, "ERP_FLUSH");
+}
+
+
 struct hostapd_cli_cmd {
 	const char *cmd;
 	int (*handler)(struct wpa_ctrl *ctrl, int argc, char *argv[]);
@@ -1055,6 +1062,7 @@ static struct hostapd_cli_cmd hostapd_cli_commands[] = {
 	{ "enable", hostapd_cli_cmd_enable },
 	{ "reload", hostapd_cli_cmd_reload },
 	{ "disable", hostapd_cli_cmd_disable },
+	{ "erp_flush", hostapd_cli_cmd_erp_flush },
 	{ NULL, NULL }
 };
 
diff --git a/src/ap/ieee802_1x.c b/src/ap/ieee802_1x.c
index 1810925..2287b28 100644
--- a/src/ap/ieee802_1x.c
+++ b/src/ap/ieee802_1x.c
@@ -2151,10 +2151,20 @@ int ieee802_1x_init(struct hostapd_data *hapd)
 }
 
 
-void ieee802_1x_deinit(struct hostapd_data *hapd)
+void ieee802_1x_erp_flush(struct hostapd_data *hapd)
 {
 	struct eap_server_erp_key *erp;
 
+	while ((erp = dl_list_first(&hapd->erp_keys, struct eap_server_erp_key,
+				    list)) != NULL) {
+		dl_list_del(&erp->list);
+		bin_clear_free(erp, sizeof(*erp));
+	}
+}
+
+
+void ieee802_1x_deinit(struct hostapd_data *hapd)
+{
 	eloop_cancel_timeout(ieee802_1x_rekey, hapd, NULL);
 
 	if (hapd->driver != NULL &&
@@ -2164,11 +2174,7 @@ void ieee802_1x_deinit(struct hostapd_data *hapd)
 	eapol_auth_deinit(hapd->eapol_auth);
 	hapd->eapol_auth = NULL;
 
-	while ((erp = dl_list_first(&hapd->erp_keys, struct eap_server_erp_key,
-				    list)) != NULL) {
-		dl_list_del(&erp->list);
-		bin_clear_free(erp, sizeof(*erp));
-	}
+	ieee802_1x_erp_flush(hapd);
 }
 
 
diff --git a/src/ap/ieee802_1x.h b/src/ap/ieee802_1x.h
index e1df940..de6e0e7 100644
--- a/src/ap/ieee802_1x.h
+++ b/src/ap/ieee802_1x.h
@@ -29,6 +29,7 @@ void ieee802_1x_set_sta_authorized(struct hostapd_data *hapd,
 				   struct sta_info *sta, int authorized);
 void ieee802_1x_dump_state(FILE *f, const char *prefix, struct sta_info *sta);
 int ieee802_1x_init(struct hostapd_data *hapd);
+void ieee802_1x_erp_flush(struct hostapd_data *hapd);
 void ieee802_1x_deinit(struct hostapd_data *hapd);
 int ieee802_1x_tx_status(struct hostapd_data *hapd, struct sta_info *sta,
 			 const u8 *buf, size_t len, int ack);
diff --git a/src/radius/radius_server.c b/src/radius/radius_server.c
index b315277..85a485e 100644
--- a/src/radius/radius_server.c
+++ b/src/radius/radius_server.c
@@ -1820,15 +1820,31 @@ radius_server_init(struct radius_server_conf *conf)
 
 
 /**
- * radius_server_deinit - Deinitialize RADIUS server
+ * radius_server_erp_flush - Flush all ERP keys
  * @data: RADIUS server context from radius_server_init()
  */
-void radius_server_deinit(struct radius_server_data *data)
+void radius_server_erp_flush(struct radius_server_data *data)
 {
 	struct eap_server_erp_key *erp;
 
 	if (data == NULL)
 		return;
+	while ((erp = dl_list_first(&data->erp_keys, struct eap_server_erp_key,
+				    list)) != NULL) {
+		dl_list_del(&erp->list);
+		bin_clear_free(erp, sizeof(*erp));
+	}
+}
+
+
+/**
+ * radius_server_deinit - Deinitialize RADIUS server
+ * @data: RADIUS server context from radius_server_init()
+ */
+void radius_server_deinit(struct radius_server_data *data)
+{
+	if (data == NULL)
+		return;
 
 	if (data->auth_sock >= 0) {
 		eloop_unregister_read_sock(data->auth_sock);
@@ -1856,11 +1872,7 @@ void radius_server_deinit(struct radius_server_data *data)
 		sqlite3_close(data->db);
 #endif /* CONFIG_SQLITE */
 
-	while ((erp = dl_list_first(&data->erp_keys, struct eap_server_erp_key,
-				    list)) != NULL) {
-		dl_list_del(&erp->list);
-		bin_clear_free(erp, sizeof(*erp));
-	}
+	radius_server_erp_flush(data);
 
 	os_free(data);
 }
diff --git a/src/radius/radius_server.h b/src/radius/radius_server.h
index 1b8967c..ca4e38c 100644
--- a/src/radius/radius_server.h
+++ b/src/radius/radius_server.h
@@ -235,6 +235,7 @@ struct radius_server_conf {
 struct radius_server_data *
 radius_server_init(struct radius_server_conf *conf);
 
+void radius_server_erp_flush(struct radius_server_data *data);
 void radius_server_deinit(struct radius_server_data *data);
 
 int radius_server_get_mib(struct radius_server_data *data, char *buf,