ERP: Add ERP_FLUSH for hostapd

This can be used to drop any pending ERP key from both the internal AP
authentication server and RADIUS server use of hostapd.

Signed-off-by: Jouni Malinen <j@w1.fi>
This commit is contained in:
Jouni Malinen 2014-12-14 13:31:12 +02:00
parent 777bbe7a3c
commit 2c6411edd0
6 changed files with 46 additions and 14 deletions

View file

@ -2019,7 +2019,11 @@ static void hostapd_ctrl_iface_receive(int sock, void *eloop_ctx,
} else if (os_strncmp(buf, "VENDOR ", 7) == 0) { } else if (os_strncmp(buf, "VENDOR ", 7) == 0) {
reply_len = hostapd_ctrl_iface_vendor(hapd, buf + 7, reply, reply_len = hostapd_ctrl_iface_vendor(hapd, buf + 7, reply,
reply_size); reply_size);
} else if (os_strcmp(buf, "ERP_FLUSH") == 0) {
ieee802_1x_erp_flush(hapd);
#ifdef RADIUS_SERVER
radius_server_erp_flush(hapd->radius_srv);
#endif /* RADIUS_SERVER */
} else { } else {
os_memcpy(reply, "UNKNOWN COMMAND\n", 16); os_memcpy(reply, "UNKNOWN COMMAND\n", 16);
reply_len = 16; reply_len = 16;

View file

@ -1002,6 +1002,13 @@ static int hostapd_cli_cmd_vendor(struct wpa_ctrl *ctrl, int argc, char *argv[])
} }
static int hostapd_cli_cmd_erp_flush(struct wpa_ctrl *ctrl, int argc,
char *argv[])
{
return wpa_ctrl_command(ctrl, "ERP_FLUSH");
}
struct hostapd_cli_cmd { struct hostapd_cli_cmd {
const char *cmd; const char *cmd;
int (*handler)(struct wpa_ctrl *ctrl, int argc, char *argv[]); int (*handler)(struct wpa_ctrl *ctrl, int argc, char *argv[]);
@ -1055,6 +1062,7 @@ static struct hostapd_cli_cmd hostapd_cli_commands[] = {
{ "enable", hostapd_cli_cmd_enable }, { "enable", hostapd_cli_cmd_enable },
{ "reload", hostapd_cli_cmd_reload }, { "reload", hostapd_cli_cmd_reload },
{ "disable", hostapd_cli_cmd_disable }, { "disable", hostapd_cli_cmd_disable },
{ "erp_flush", hostapd_cli_cmd_erp_flush },
{ NULL, NULL } { NULL, NULL }
}; };

View file

@ -2151,10 +2151,20 @@ int ieee802_1x_init(struct hostapd_data *hapd)
} }
void ieee802_1x_deinit(struct hostapd_data *hapd) void ieee802_1x_erp_flush(struct hostapd_data *hapd)
{ {
struct eap_server_erp_key *erp; struct eap_server_erp_key *erp;
while ((erp = dl_list_first(&hapd->erp_keys, struct eap_server_erp_key,
list)) != NULL) {
dl_list_del(&erp->list);
bin_clear_free(erp, sizeof(*erp));
}
}
void ieee802_1x_deinit(struct hostapd_data *hapd)
{
eloop_cancel_timeout(ieee802_1x_rekey, hapd, NULL); eloop_cancel_timeout(ieee802_1x_rekey, hapd, NULL);
if (hapd->driver != NULL && if (hapd->driver != NULL &&
@ -2164,11 +2174,7 @@ void ieee802_1x_deinit(struct hostapd_data *hapd)
eapol_auth_deinit(hapd->eapol_auth); eapol_auth_deinit(hapd->eapol_auth);
hapd->eapol_auth = NULL; hapd->eapol_auth = NULL;
while ((erp = dl_list_first(&hapd->erp_keys, struct eap_server_erp_key, ieee802_1x_erp_flush(hapd);
list)) != NULL) {
dl_list_del(&erp->list);
bin_clear_free(erp, sizeof(*erp));
}
} }

View file

@ -29,6 +29,7 @@ void ieee802_1x_set_sta_authorized(struct hostapd_data *hapd,
struct sta_info *sta, int authorized); struct sta_info *sta, int authorized);
void ieee802_1x_dump_state(FILE *f, const char *prefix, struct sta_info *sta); void ieee802_1x_dump_state(FILE *f, const char *prefix, struct sta_info *sta);
int ieee802_1x_init(struct hostapd_data *hapd); int ieee802_1x_init(struct hostapd_data *hapd);
void ieee802_1x_erp_flush(struct hostapd_data *hapd);
void ieee802_1x_deinit(struct hostapd_data *hapd); void ieee802_1x_deinit(struct hostapd_data *hapd);
int ieee802_1x_tx_status(struct hostapd_data *hapd, struct sta_info *sta, int ieee802_1x_tx_status(struct hostapd_data *hapd, struct sta_info *sta,
const u8 *buf, size_t len, int ack); const u8 *buf, size_t len, int ack);

View file

@ -1819,14 +1819,30 @@ radius_server_init(struct radius_server_conf *conf)
} }
/**
* radius_server_erp_flush - Flush all ERP keys
* @data: RADIUS server context from radius_server_init()
*/
void radius_server_erp_flush(struct radius_server_data *data)
{
struct eap_server_erp_key *erp;
if (data == NULL)
return;
while ((erp = dl_list_first(&data->erp_keys, struct eap_server_erp_key,
list)) != NULL) {
dl_list_del(&erp->list);
bin_clear_free(erp, sizeof(*erp));
}
}
/** /**
* radius_server_deinit - Deinitialize RADIUS server * radius_server_deinit - Deinitialize RADIUS server
* @data: RADIUS server context from radius_server_init() * @data: RADIUS server context from radius_server_init()
*/ */
void radius_server_deinit(struct radius_server_data *data) void radius_server_deinit(struct radius_server_data *data)
{ {
struct eap_server_erp_key *erp;
if (data == NULL) if (data == NULL)
return; return;
@ -1856,11 +1872,7 @@ void radius_server_deinit(struct radius_server_data *data)
sqlite3_close(data->db); sqlite3_close(data->db);
#endif /* CONFIG_SQLITE */ #endif /* CONFIG_SQLITE */
while ((erp = dl_list_first(&data->erp_keys, struct eap_server_erp_key, radius_server_erp_flush(data);
list)) != NULL) {
dl_list_del(&erp->list);
bin_clear_free(erp, sizeof(*erp));
}
os_free(data); os_free(data);
} }

View file

@ -235,6 +235,7 @@ struct radius_server_conf {
struct radius_server_data * struct radius_server_data *
radius_server_init(struct radius_server_conf *conf); radius_server_init(struct radius_server_conf *conf);
void radius_server_erp_flush(struct radius_server_data *data);
void radius_server_deinit(struct radius_server_data *data); void radius_server_deinit(struct radius_server_data *data);
int radius_server_get_mib(struct radius_server_data *data, char *buf, int radius_server_get_mib(struct radius_server_data *data, char *buf,