hostap/src/utils/ext_password_i.h

34 lines
844 B
C
Raw Normal View History

/*
* External password backend - internal definitions
* Copyright (c) 2012, Jouni Malinen <j@w1.fi>
*
* This software may be distributed under the terms of the BSD license.
* See README for more details.
*/
#ifndef EXT_PASSWORD_I_H
#define EXT_PASSWORD_I_H
#include "ext_password.h"
struct ext_password_backend {
const char *name;
void * (*init)(const char *params);
void (*deinit)(void *ctx);
struct wpabuf * (*get)(void *ctx, const char *name);
};
struct wpabuf * ext_password_alloc(size_t len);
/* Available ext_password backends */
#ifdef CONFIG_EXT_PASSWORD_TEST
extern const struct ext_password_backend ext_password_test;
#endif /* CONFIG_EXT_PASSWORD_TEST */
ext_password: Implement new file-based backend It was not easily possible to separate configuration of an interface and credentials when using the configuration file instead of the control interface or D-Bus interface for setting up the network profiles. This makes it hard to distribute configuration across a set of nodes which use wpa_supplicant without also having to store credentials in the same file. While this can be solved via scripting, having a native way to achieve this would be preferable. Turns out there already is a framework to have external password storages. It only had a single "test" backend though, which is kind of an in-memory store which gets initialized with all passwords up front and is mainly for testing purposes. This isn't really suitable for the above use case: the backend cannot be initialized as part of the central configuration given that it needs the credentials, and we want to avoid scripting. This commit thus extends the infrastructure to implement a new backend, which instead uses a simple configuration file containing key-value pairs. The file follows the format which wpa_supplicant.conf(5) uses: empty lines and comments are ignored, while passwords can be specified with simple `password-name=password-value` assignments. With this new backend, splitting up credentials and configuration becomes trivial: # /etc/wpa_supplicant/wpa_supplicant.conf ext_password_backend=file:/etc/wpa_supplicant/psk.conf network={ ssid="foobar" psk=ext:foobar } # /etc/wpa_supplicant/psk.conf foobar=ecdabff9c80632ec6fcffc4a8875e95d45cf93376d3b99da6881298853dc686b Alternative approaches would be to support including other configuration files in the main configuration, such that common configuration and network declarations including credentials are split up into separate files. But the implementation would probably have been more complex compared to reusing the already-existing framework for external password backends. Signed-off-by: Patrick Steinhardt <ps@pks.im>
2021-02-14 12:16:33 +01:00
#ifdef CONFIG_EXT_PASSWORD_FILE
extern const struct ext_password_backend ext_password_file;
#endif /* CONFIG_EXT_PASSWORD_FILE */
#endif /* EXT_PASSWORD_I_H */