[PATCH 1/4] eap: initialize vendor_id/vendor_type to zero

[PATCH 1/4] eap: initialize vendor_id/vendor_type to zero

[James Prestwood]

This fixes a compiler warning, specifically on ARM/GCC 12.2.0

src/eap.c: In function ‘eap_rx_packet’:
src/eap.c:419:57: error: ‘vendor_type’ may be used uninitialized [-Werror=maybe-uninitialized]
  419 |         (type == EAP_TYPE_EXPANDED && vendor_id == (id) && vendor_type == (t))
      |                                                         ^~
src/eap.c:429:18: note: ‘vendor_type’ was declared here
  429 |         uint32_t vendor_type;
      |                  ^~~~~~~~~~~
src/eap.c:419:49: error: ‘vendor_id’ may be used uninitialized [-Werror=maybe-uninitialized]
  419 |         (type == EAP_TYPE_EXPANDED && vendor_id == (id) && vendor_type == (t))
      |                                                 ^~
src/eap.c:428:18: note: ‘vendor_id’ was declared here
  428 |         uint32_t vendor_id;
      |                  ^~~~~~~~~
---
 src/eap.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/eap.c b/src/eap.c
index 9e924577..1a03fbcb 100644
--- a/src/eap.c
+++ b/src/eap.c
@@ -425,8 +425,8 @@ static void eap_handle_response(struct eap_state *eap, const uint8_t *pkt,
 				size_t len)
 {
 	enum eap_type type;
-	uint32_t vendor_id;
-	uint32_t vendor_type;
+	uint32_t vendor_id = 0;
+	uint32_t vendor_type = 0;
 	enum eap_type our_type = eap->method->request_type;
 	uint32_t our_vendor_id = (eap->method->vendor_id[0] << 16) |
 				(eap->method->vendor_id[1] << 8) |
-- 
2.34.1

[PATCH 2/4] netdev: fail the connection if sending external auth fails

[James Prestwood]

This prevents IWD from hanging after external auth fails. In addition
(as described in the comment) unless IWD actually issues a disconnect
the driver/kernel gets into a state where it no longer accepts any
commands, for example:

Received error during CMD_TRIGGER_SCAN: Resource temporarily unavailable (11)
---
 src/netdev.c | 13 ++++++++++++-
 1 file changed, 12 insertions(+), 1 deletion(-)

diff --git a/src/netdev.c b/src/netdev.c
index 7af3c39a..611fb597 100644
--- a/src/netdev.c
+++ b/src/netdev.c
@@ -3468,11 +3468,22 @@ static void netdev_external_auth_sae_tx_authenticate(const uint8_t *body,
 
 static void netdev_external_auth_cb(struct l_genl_msg *msg, void *user_data)
 {
+	struct netdev *netdev = user_data;
 	int error = l_genl_msg_get_error(msg);
 
-	if (error < 0)
+	if (error < 0) {
 		l_debug("Failed to send External Auth: %s(%d)",
 				strerror(-error), -error);
+
+		/*
+		 * Without an explicit disconnect here brcmfmac gets into a
+		 * broken state and returns "Resource temporarily unavailable
+		 * for any subsequent scans/commands
+		 */
+		netdev_disconnect_and_fail_connection(netdev,
+					NETDEV_RESULT_AUTHENTICATION_FAILED,
+					MMPDU_REASON_CODE_UNSPECIFIED);
+	}
 }
 
 static void netdev_send_external_auth(struct netdev *netdev,
-- 
2.34.1

[PATCH 3/4] wiphy: clean up some spammy prints

[James Prestwood]

First, wiphy_select_akm is called multiple times for any connection
so we shouldn't be printing in here as its redundant.

Second, the external auth print was in a similar situation but this
would even print when scanning, which really clouds the logs.
---
 src/wiphy.c | 6 ------
 1 file changed, 6 deletions(-)

diff --git a/src/wiphy.c b/src/wiphy.c
index 3d761251..c7df648a 100644
--- a/src/wiphy.c
+++ b/src/wiphy.c
@@ -245,10 +245,6 @@ static bool wiphy_can_connect_sae(struct wiphy *wiphy)
 			return true;
 
 		/* Case 3 */
-		iwd_notice(IWD_NOTICE_CONNECT_INFO,
-			"FullMAC driver: %s using SAE.  Expect EXTERNAL_AUTH",
-			wiphy->driver_str);
-
 		return true;
 	}
 
@@ -312,8 +308,6 @@ enum ie_rsn_akm_suite wiphy_select_akm(struct wiphy *wiphy,
 		 * met, we can fallback to WPA2 (if the AKM is present).
 		 */
 		if (ie_rsne_is_wpa3_personal(info)) {
-			l_debug("Network is WPA3-Personal...");
-
 			if (!wiphy_can_connect_sae(wiphy)) {
 				l_debug("Can't use SAE, trying WPA2");
 				goto wpa2_personal;
-- 
2.34.1

[PATCH 4/4] station: print security of network when connecting

[James Prestwood]

After removing the debug log in wiphy_select_akm we still should
log this information. Now it will just be logged once per connection
attempt.
---
 src/station.c | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/src/station.c b/src/station.c
index 5403c332..bb6debb9 100644
--- a/src/station.c
+++ b/src/station.c
@@ -3809,11 +3809,15 @@ int __station_connect_network(struct station *station, struct network *network,
 	}
 
 	iwd_notice(IWD_NOTICE_CONNECT_INFO, "ssid: %s, bss: "MAC", "
-					"signal: %d, load: %d/255",
+					"signal: %d, load: %d/255, "
+					"security: %s",
 					network_get_ssid(network),
 					MAC_STR(bss->addr),
 					bss->signal_strength / 100,
-					bss->utilization);
+					bss->utilization,
+					diagnostic_akm_suite_to_security(
+								hs->akm_suite,
+								hs->wpa_ie));
 
 	station->connected_bss = bss;
 	station->connected_network = network;
-- 
2.34.1