[PATCH 4/5] PMKSA: Flush AP/mesh PMKSA cache by PMKSA_FLUSH command

Masashi Honma masashi.honma at gmail.com
Wed Mar 9 01:16:13 PST 2016 

Signed-off-by: Masashi Honma <masashi.honma at gmail.com>
---
 src/ap/ctrl_iface_ap.c      |  5 +++++
 src/ap/ctrl_iface_ap.h      |  1 +
 src/ap/pmksa_cache_auth.c   | 14 ++++++++++++++
 src/ap/pmksa_cache_auth.h   |  1 +
 src/ap/wpa_auth.c           |  6 ++++++
 src/ap/wpa_auth.h           |  1 +
 wpa_supplicant/ap.c         | 16 ++++++++++++++++
 wpa_supplicant/ap.h         |  1 +
 wpa_supplicant/ctrl_iface.c |  9 ++++++++-
 9 files changed, 53 insertions(+), 1 deletion(-)

diff --git a/src/ap/ctrl_iface_ap.c b/src/ap/ctrl_iface_ap.c
index 8ac8d52..c2db8bf 100644
--- a/src/ap/ctrl_iface_ap.c
+++ b/src/ap/ctrl_iface_ap.c
@@ -560,3 +560,8 @@ int hostapd_ctrl_iface_pmksa_list(struct hostapd_data *hapd, char *buf,
 {
 	return wpa_auth_pmksa_list(hapd->wpa_auth, buf, len);
 }
+
+void hostapd_ctrl_iface_pmksa_flush(struct hostapd_data *hapd)
+{
+	wpa_auth_pmksa_flush(hapd->wpa_auth);
+}
diff --git a/src/ap/ctrl_iface_ap.h b/src/ap/ctrl_iface_ap.h
index 43c9f7c..3ad622f 100644
--- a/src/ap/ctrl_iface_ap.h
+++ b/src/ap/ctrl_iface_ap.h
@@ -26,5 +26,6 @@ int hostapd_parse_csa_settings(const char *pos,
 int hostapd_ctrl_iface_stop_ap(struct hostapd_data *hapd);
 int hostapd_ctrl_iface_pmksa_list(struct hostapd_data *hapd, char *buf,
 				  size_t len);
+void hostapd_ctrl_iface_pmksa_flush(struct hostapd_data *hapd);
 
 #endif /* CTRL_IFACE_AP_H */
diff --git a/src/ap/pmksa_cache_auth.c b/src/ap/pmksa_cache_auth.c
index 9fdaead..1728eca 100644
--- a/src/ap/pmksa_cache_auth.c
+++ b/src/ap/pmksa_cache_auth.c
@@ -92,6 +92,20 @@ void pmksa_cache_free_entry(struct rsn_pmksa_cache *pmksa,
 }
 
 
+/**
+ * pmksa_cache_auth_flush - Flush all PMKSA cache entries
+ * @pmksa: Pointer to PMKSA cache data from pmksa_cache_auth_init()
+ */
+void pmksa_cache_auth_flush(struct rsn_pmksa_cache *pmksa)
+{
+	while (pmksa->pmksa) {
+		wpa_printf(MSG_DEBUG, "RSN: Flush PMKSA cache entry for "
+			   MACSTR, MAC2STR(pmksa->pmksa->spa));
+		pmksa_cache_free_entry(pmksa, pmksa->pmksa);
+	}
+}
+
+
 static void pmksa_cache_expire(void *eloop_ctx, void *timeout_ctx)
 {
 	struct rsn_pmksa_cache *pmksa = eloop_ctx;
diff --git a/src/ap/pmksa_cache_auth.h b/src/ap/pmksa_cache_auth.h
index aa6f4cd..d8d9c5a 100644
--- a/src/ap/pmksa_cache_auth.h
+++ b/src/ap/pmksa_cache_auth.h
@@ -64,5 +64,6 @@ void pmksa_cache_free_entry(struct rsn_pmksa_cache *pmksa,
 int pmksa_cache_auth_radius_das_disconnect(struct rsn_pmksa_cache *pmksa,
 					   struct radius_das_attrs *attr);
 int pmksa_cache_auth_list(struct rsn_pmksa_cache *pmksa, char *buf, size_t len);
+void pmksa_cache_auth_flush(struct rsn_pmksa_cache *pmksa);
 
 #endif /* PMKSA_CACHE_H */
diff --git a/src/ap/wpa_auth.c b/src/ap/wpa_auth.c
index 885c44f..b6a1568 100644
--- a/src/ap/wpa_auth.c
+++ b/src/ap/wpa_auth.c
@@ -3366,6 +3366,12 @@ int wpa_auth_pmksa_list(struct wpa_authenticator *wpa_auth, char *buf,
 }
 
 
+void wpa_auth_pmksa_flush(struct wpa_authenticator *wpa_auth)
+{
+	pmksa_cache_auth_flush(wpa_auth->pmksa);
+}
+
+
 /*
  * Remove and free the group from wpa_authenticator. This is triggered by a
  * callback to make sure nobody is currently iterating the group list while it
diff --git a/src/ap/wpa_auth.h b/src/ap/wpa_auth.h
index 9b9a61c..35bf604 100644
--- a/src/ap/wpa_auth.h
+++ b/src/ap/wpa_auth.h
@@ -291,6 +291,7 @@ void wpa_auth_pmksa_remove(struct wpa_authenticator *wpa_auth,
 			   const u8 *sta_addr);
 int wpa_auth_pmksa_list(struct wpa_authenticator *wpa_auth, char *buf,
 			size_t len);
+void wpa_auth_pmksa_flush(struct wpa_authenticator *wpa_auth);
 int wpa_auth_sta_set_vlan(struct wpa_state_machine *sm, int vlan_id);
 void wpa_auth_eapol_key_tx_status(struct wpa_authenticator *wpa_auth,
 				  struct wpa_state_machine *sm, int ack);
diff --git a/wpa_supplicant/ap.c b/wpa_supplicant/ap.c
index 50a7a26..5efc7de 100644
--- a/wpa_supplicant/ap.c
+++ b/wpa_supplicant/ap.c
@@ -1395,6 +1395,22 @@ int wpas_ap_pmksa_cache_list(struct wpa_supplicant *wpa_s, char *buf,
 }
 
 
+void wpas_ap_pmksa_cache_flush(struct wpa_supplicant *wpa_s)
+{
+	size_t i;
+
+	if (wpa_s->ap_iface) {
+		for (i = 0; i < wpa_s->ap_iface->num_bss; i++) {
+			hostapd_ctrl_iface_pmksa_flush(wpa_s->ap_iface->bss[i]);
+		}
+	}
+
+	if (wpa_s->ifmsh) {
+		hostapd_ctrl_iface_pmksa_flush(wpa_s->ifmsh->bss[0]);
+	}
+}
+
+
 #ifdef NEED_AP_MLME
 void wpas_event_dfs_radar_detected(struct wpa_supplicant *wpa_s,
 				   struct dfs_event *radar)
diff --git a/wpa_supplicant/ap.h b/wpa_supplicant/ap.h
index c3c1d9f..5a59ddc 100644
--- a/wpa_supplicant/ap.h
+++ b/wpa_supplicant/ap.h
@@ -84,6 +84,7 @@ int wpas_ap_stop_ap(struct wpa_supplicant *wpa_s);
 
 int wpas_ap_pmksa_cache_list(struct wpa_supplicant *wpa_s, char *buf,
 			     size_t len);
+void wpas_ap_pmksa_cache_flush(struct wpa_supplicant *wpa_s);
 
 void wpas_event_dfs_radar_detected(struct wpa_supplicant *wpa_s,
 				   struct dfs_event *radar);
diff --git a/wpa_supplicant/ctrl_iface.c b/wpa_supplicant/ctrl_iface.c
index 3cee2ea..07ae965 100644
--- a/wpa_supplicant/ctrl_iface.c
+++ b/wpa_supplicant/ctrl_iface.c
@@ -8336,6 +8336,13 @@ static int wpa_supplicant_ctrl_iface_pmksa(struct wpa_supplicant *wpa_s,
 }
 
 
+static void wpa_supplicant_ctrl_iface_pmksa_flush(struct wpa_supplicant *wpa_s)
+{
+	wpa_sm_pmksa_cache_flush(wpa_s->wpa, NULL);
+	wpas_ap_pmksa_cache_flush(wpa_s);
+}
+
+
 static int wpas_ctrl_cmd_debug_level(const char *cmd)
 {
 	if (os_strcmp(cmd, "PING") == 0 ||
@@ -8410,7 +8417,7 @@ char * wpa_supplicant_ctrl_iface_process(struct wpa_supplicant *wpa_s,
 		reply_len = wpa_supplicant_ctrl_iface_pmksa(
 			wpa_s, reply, reply_size);
 	} else if (os_strcmp(buf, "PMKSA_FLUSH") == 0) {
-		wpa_sm_pmksa_cache_flush(wpa_s->wpa, NULL);
+		wpa_supplicant_ctrl_iface_pmksa_flush(wpa_s);
 	} else if (os_strncmp(buf, "SET ", 4) == 0) {
 		if (wpa_supplicant_ctrl_iface_set(wpa_s, buf + 4))
 			reply_len = -1;
-- 
2.5.0

More information about the Hostap mailing list