From 2c6411edd052117b221c36775b53088f7d5d707a Mon Sep 17 00:00:00 2001
From: Jouni Malinen <j@w1.fi>
Date: Sun, 14 Dec 2014 13:31:12 +0200
Subject: [PATCH] ERP: Add ERP_FLUSH for hostapd

This can be used to drop any pending ERP key from both the internal AP
authentication server and RADIUS server use of hostapd.

Signed-off-by: Jouni Malinen <j@w1.fi>
---
 hostapd/ctrl_iface.c       |  6 +++++-
 hostapd/hostapd_cli.c      |  8 ++++++++
 src/ap/ieee802_1x.c        | 18 ++++++++++++------
 src/ap/ieee802_1x.h        |  1 +
 src/radius/radius_server.c | 26 +++++++++++++++++++-------
 src/radius/radius_server.h |  1 +
 6 files changed, 46 insertions(+), 14 deletions(-)

diff --git a/hostapd/ctrl_iface.c b/hostapd/ctrl_iface.c
index 4ed3decf7..52e7a43b7 100644
--- a/hostapd/ctrl_iface.c
+++ b/hostapd/ctrl_iface.c
@@ -2019,7 +2019,11 @@ static void hostapd_ctrl_iface_receive(int sock, void *eloop_ctx,
 	} else if (os_strncmp(buf, "VENDOR ", 7) == 0) {
 		reply_len = hostapd_ctrl_iface_vendor(hapd, buf + 7, reply,
 						      reply_size);
-
+	} else if (os_strcmp(buf, "ERP_FLUSH") == 0) {
+		ieee802_1x_erp_flush(hapd);
+#ifdef RADIUS_SERVER
+		radius_server_erp_flush(hapd->radius_srv);
+#endif /* RADIUS_SERVER */
 	} else {
 		os_memcpy(reply, "UNKNOWN COMMAND\n", 16);
 		reply_len = 16;
diff --git a/hostapd/hostapd_cli.c b/hostapd/hostapd_cli.c
index 7faa3240b..700918421 100644
--- a/hostapd/hostapd_cli.c
+++ b/hostapd/hostapd_cli.c
@@ -1002,6 +1002,13 @@ static int hostapd_cli_cmd_vendor(struct wpa_ctrl *ctrl, int argc, char *argv[])
 }
 
 
+static int hostapd_cli_cmd_erp_flush(struct wpa_ctrl *ctrl, int argc,
+				     char *argv[])
+{
+	return wpa_ctrl_command(ctrl, "ERP_FLUSH");
+}
+
+
 struct hostapd_cli_cmd {
 	const char *cmd;
 	int (*handler)(struct wpa_ctrl *ctrl, int argc, char *argv[]);
@@ -1055,6 +1062,7 @@ static struct hostapd_cli_cmd hostapd_cli_commands[] = {
 	{ "enable", hostapd_cli_cmd_enable },
 	{ "reload", hostapd_cli_cmd_reload },
 	{ "disable", hostapd_cli_cmd_disable },
+	{ "erp_flush", hostapd_cli_cmd_erp_flush },
 	{ NULL, NULL }
 };
 
diff --git a/src/ap/ieee802_1x.c b/src/ap/ieee802_1x.c
index 181092547..2287b281d 100644
--- a/src/ap/ieee802_1x.c
+++ b/src/ap/ieee802_1x.c
@@ -2151,10 +2151,20 @@ int ieee802_1x_init(struct hostapd_data *hapd)
 }
 
 
-void ieee802_1x_deinit(struct hostapd_data *hapd)
+void ieee802_1x_erp_flush(struct hostapd_data *hapd)
 {
 	struct eap_server_erp_key *erp;
 
+	while ((erp = dl_list_first(&hapd->erp_keys, struct eap_server_erp_key,
+				    list)) != NULL) {
+		dl_list_del(&erp->list);
+		bin_clear_free(erp, sizeof(*erp));
+	}
+}
+
+
+void ieee802_1x_deinit(struct hostapd_data *hapd)
+{
 	eloop_cancel_timeout(ieee802_1x_rekey, hapd, NULL);
 
 	if (hapd->driver != NULL &&
@@ -2164,11 +2174,7 @@ void ieee802_1x_deinit(struct hostapd_data *hapd)
 	eapol_auth_deinit(hapd->eapol_auth);
 	hapd->eapol_auth = NULL;
 
-	while ((erp = dl_list_first(&hapd->erp_keys, struct eap_server_erp_key,
-				    list)) != NULL) {
-		dl_list_del(&erp->list);
-		bin_clear_free(erp, sizeof(*erp));
-	}
+	ieee802_1x_erp_flush(hapd);
 }
 
 
diff --git a/src/ap/ieee802_1x.h b/src/ap/ieee802_1x.h
index e1df94057..de6e0e75f 100644
--- a/src/ap/ieee802_1x.h
+++ b/src/ap/ieee802_1x.h
@@ -29,6 +29,7 @@ void ieee802_1x_set_sta_authorized(struct hostapd_data *hapd,
 				   struct sta_info *sta, int authorized);
 void ieee802_1x_dump_state(FILE *f, const char *prefix, struct sta_info *sta);
 int ieee802_1x_init(struct hostapd_data *hapd);
+void ieee802_1x_erp_flush(struct hostapd_data *hapd);
 void ieee802_1x_deinit(struct hostapd_data *hapd);
 int ieee802_1x_tx_status(struct hostapd_data *hapd, struct sta_info *sta,
 			 const u8 *buf, size_t len, int ack);
diff --git a/src/radius/radius_server.c b/src/radius/radius_server.c
index b315277b0..85a485e91 100644
--- a/src/radius/radius_server.c
+++ b/src/radius/radius_server.c
@@ -1819,14 +1819,30 @@ radius_server_init(struct radius_server_conf *conf)
 }
 
 
+/**
+ * radius_server_erp_flush - Flush all ERP keys
+ * @data: RADIUS server context from radius_server_init()
+ */
+void radius_server_erp_flush(struct radius_server_data *data)
+{
+	struct eap_server_erp_key *erp;
+
+	if (data == NULL)
+		return;
+	while ((erp = dl_list_first(&data->erp_keys, struct eap_server_erp_key,
+				    list)) != NULL) {
+		dl_list_del(&erp->list);
+		bin_clear_free(erp, sizeof(*erp));
+	}
+}
+
+
 /**
  * radius_server_deinit - Deinitialize RADIUS server
  * @data: RADIUS server context from radius_server_init()
  */
 void radius_server_deinit(struct radius_server_data *data)
 {
-	struct eap_server_erp_key *erp;
-
 	if (data == NULL)
 		return;
 
@@ -1856,11 +1872,7 @@ void radius_server_deinit(struct radius_server_data *data)
 		sqlite3_close(data->db);
 #endif /* CONFIG_SQLITE */
 
-	while ((erp = dl_list_first(&data->erp_keys, struct eap_server_erp_key,
-				    list)) != NULL) {
-		dl_list_del(&erp->list);
-		bin_clear_free(erp, sizeof(*erp));
-	}
+	radius_server_erp_flush(data);
 
 	os_free(data);
 }
diff --git a/src/radius/radius_server.h b/src/radius/radius_server.h
index 1b8967c26..ca4e38c12 100644
--- a/src/radius/radius_server.h
+++ b/src/radius/radius_server.h
@@ -235,6 +235,7 @@ struct radius_server_conf {
 struct radius_server_data *
 radius_server_init(struct radius_server_conf *conf);
 
+void radius_server_erp_flush(struct radius_server_data *data);
 void radius_server_deinit(struct radius_server_data *data);
 
 int radius_server_get_mib(struct radius_server_data *data, char *buf,