Fix ap_sta_disconnect() to clear EAPOL/WPA authenticator state

Number of places in hostapd use ap_sta_disconnect() instead of
ap_sta_disassociate() or ap_sta_deauthenticate(). There are some
differences between these functions, e.g., in the area how quickly
the EAPOL state machines get deinitialized. This can result in
somewhat unexpected events since the EAPOL/WPA authenticator
state machines could remain running after deauthentication.

Address this by forcing EAPOL/WPA authenticator state machines
to disabled state whenever ap_sta_disconnect() is called instead
of waiting for the deauthentication callback or other timeout
to clear the STA.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>

diff --git a/src/ap/sta_info.c b/src/ap/sta_info.c
index 0366e40..38f18e7 100644 (file)
--- a/src/ap/sta_info.c
+++ b/src/ap/sta_info.c
@@ -851,6 +851,8 @@ void ap_sta_disconnect(struct hostapd_data *hapd, struct sta_info *sta,
        if (sta == NULL)
                return;
        ap_sta_set_authorized(hapd, sta, 0);
+       wpa_auth_sm_event(sta->wpa_sm, WPA_DEAUTH);
+       ieee802_1x_notify_port_enabled(sta->eapol_sm, 0);
        sta->flags &= ~(WLAN_STA_AUTH | WLAN_STA_ASSOC);
        eloop_cancel_timeout(ap_handle_timer, hapd, sta);
        eloop_register_timeout(AP_MAX_INACTIVITY_AFTER_DEAUTH, 0,