[PATCH v2 0/2] File-backed external password store
Patrick Steinhardt
ps at pks.im
Sun Feb 14 06:16:24 EST 2021
Hi,
this is v2 of my patch series to implement a file-backed external
password store.
Changes compared to v1:
- Retained copyright on moved code.
- Adapted both Android.mk and VS2005 build instructions to include
the shared config parsing code as well as the new backend. Note
that because I do not have any setups for those environments,
those changes are untested. I'd welcome it if somebody could
verify those changes for me.
- Password lines are no longer logged in case anything goes wrong.
Instead, onyl their line number is logged now.
- Allocation errors of the path now get detected correctly.
- The password buffer now gets cleared on exit.
- defconfig was amended to contain the new CONFIG_EXT_PASSWORD_FILE
key.
- wpa_supplicant.conf now contains an example for
`ext_password_backend=file`.
Thanks for your feedback, Jouni!
Patrick
Patrick Steinhardt (2):
wpa_supplicant: Move `wpa_config_get_line()` into utils
ext_password: Implement new file-based backend
src/utils/config.c | 97 +++++++++++++
src/utils/config.h | 31 ++++
src/utils/ext_password.c | 3 +
src/utils/ext_password_file.c | 133 ++++++++++++++++++
src/utils/ext_password_i.h | 4 +
wpa_supplicant/Android.mk | 7 +
wpa_supplicant/Makefile | 8 ++
wpa_supplicant/config_file.c | 100 +------------
wpa_supplicant/defconfig | 2 +
.../vs2005/eapol_test/eapol_test.vcproj | 4 +
.../wpa_supplicant/wpa_supplicant.vcproj | 4 +
wpa_supplicant/vs2005/wpasvc/wpasvc.vcproj | 4 +
wpa_supplicant/wpa_supplicant.conf | 7 +
13 files changed, 305 insertions(+), 99 deletions(-)
create mode 100644 src/utils/config.c
create mode 100644 src/utils/config.h
create mode 100644 src/utils/ext_password_file.c
Range-diff against v1:
1: 0748b785b ! 1: c0db0abb7 wpa_supplicant: Move `wpa_config_get_line()` into utils
@@ src/utils/config.c (new)
@@
+/*
+ * Configuration parsing
-+ * Copyright (c) 2021, Patrick Steinhardt <ps at pks.im>
++ * Copyright (c) 2003-2019, Jouni Malinen <j at w1.fi>
+ *
+ * This software may be distributed under the terms of the BSD license.
+ * See README for more details.
@@ src/utils/config.h (new)
@@
+/*
+ * Configuration parsing
-+ * Copyright (c) 2021, Patrick Steinhardt <ps at pks.im>
++ * Copyright (c) 2003-2019, Jouni Malinen <j at w1.fi>
+ *
+ * This software may be distributed under the terms of the BSD license.
+ * See README for more details.
@@ src/utils/config.h (new)
+
+#endif /* UTILS_CONFIG_H */
+ ## wpa_supplicant/Android.mk ##
+@@ wpa_supplicant/Android.mk: OBJS += notify.c
+ OBJS += bss.c
+ OBJS += eap_register.c
+ OBJS += src/utils/common.c
++OBJS += src/utils/config.o
+ OBJS += src/utils/wpa_debug.c
+ OBJS += src/utils/wpabuf.c
+ OBJS += src/utils/bitfield.c
+
## wpa_supplicant/Makefile ##
@@ wpa_supplicant/Makefile: OBJS += notify.o
OBJS += bss.o
@@ wpa_supplicant/config_file.c
static int wpa_config_validate_network(struct wpa_ssid *ssid, int line)
+
+ ## wpa_supplicant/vs2005/eapol_test/eapol_test.vcproj ##
+@@
+ RelativePath="..\..\..\src\utils\common.c"
+ >
+ </File>
++ <File
++ RelativePath="..\..\..\src\utils\config.c"
++ >
++ </File>
+ <File
+ RelativePath="..\..\config.c"
+ >
+
+ ## wpa_supplicant/vs2005/wpa_supplicant/wpa_supplicant.vcproj ##
+@@
+ RelativePath="..\..\..\src\utils\common.c"
+ >
+ </File>
++ <File
++ RelativePath="..\..\..\src\utils\config.c"
++ >
++ </File>
+ <File
+ RelativePath="..\..\config.c"
+ >
+
+ ## wpa_supplicant/vs2005/wpasvc/wpasvc.vcproj ##
+@@
+ RelativePath="..\..\..\src\utils\common.c"
+ >
+ </File>
++ <File
++ RelativePath="..\..\..\src\utils\config.c"
++ >
++ </File>
+ <File
+ RelativePath="..\..\config.c"
+ >
2: 99f02abf9 ! 2: 0ec799a93 ext_password: Implement new file-based backend
@@ src/utils/ext_password_file.c (new)
+
+#include "includes.h"
+
++#include "utils/config.h"
+#include "common.h"
+#include "ext_password_i.h"
-+#include "utils/config.h"
+
+
+/**
@@ src/utils/ext_password_file.c (new)
+ data = os_zalloc(sizeof(*data));
+ if (data == NULL)
+ return NULL;
++
+ data->path = os_strdup(params);
++ if (data->path == NULL) {
++ os_free(data);
++ return NULL;
++ }
+
+ return data;
+}
@@ src/utils/ext_password_file.c (new)
+ while (wpa_config_get_line(buf, sizeof(buf), f, &line, &pos)) {
+ char *sep = os_strchr(pos, '=');
+ if (!sep) {
-+ wpa_printf(MSG_ERROR, "Invalid password line %d: '%s'.",
-+ line, buf);
++ wpa_printf(MSG_ERROR, "Invalid password line %d.", line);
+ continue;
+ }
+
+ if (!sep[1]) {
-+ wpa_printf(MSG_ERROR, "No password for line %d: '%s'.",
-+ line, buf);
++ wpa_printf(MSG_ERROR, "No password for line %d.", line);
+ continue;
+
+ }
@@ src/utils/ext_password_file.c (new)
+ wpa_printf(MSG_ERROR, "Password for '%s' was not found.", name);
+
+done:
++ forced_memzero(buf, sizeof(buf));
+ fclose(f);
+ return password;
+}
@@ src/utils/ext_password_i.h: struct wpabuf * ext_password_alloc(size_t len);
+
#endif /* EXT_PASSWORD_I_H */
+ ## wpa_supplicant/Android.mk ##
+@@ wpa_supplicant/Android.mk: L_CFLAGS += -DCONFIG_EXT_PASSWORD_TEST
+ NEED_EXT_PASSWORD=y
+ endif
+
++ifdef CONFIG_EXT_PASSWORD_FILE
++OBJS += src/utils/ext_password_file.c
++L_CFLAGS += -DCONFIG_EXT_PASSWORD_FILE
++NEED_EXT_PASSWORD=y
++endif
++
+ ifdef NEED_EXT_PASSWORD
+ OBJS += src/utils/ext_password.c
+ L_CFLAGS += -DCONFIG_EXT_PASSWORD
+
## wpa_supplicant/Makefile ##
@@ wpa_supplicant/Makefile: CFLAGS += -DCONFIG_EXT_PASSWORD_TEST
NEED_EXT_PASSWORD=y
@@ wpa_supplicant/Makefile: CFLAGS += -DCONFIG_EXT_PASSWORD_TEST
ifdef NEED_EXT_PASSWORD
OBJS += ../src/utils/ext_password.o
CFLAGS += -DCONFIG_EXT_PASSWORD
+
+ ## wpa_supplicant/defconfig ##
+@@ wpa_supplicant/defconfig: CONFIG_WIFI_DISPLAY=y
+ #
+ # External password backend for testing purposes (developer use)
+ #CONFIG_EXT_PASSWORD_TEST=y
++# File-based backend to read passwords from an external file.
++#CONFIG_EXT_PASSWORD_FILE=y
+
+ # Enable Fast Session Transfer (FST)
+ #CONFIG_FST=y
+
+ ## wpa_supplicant/wpa_supplicant.conf ##
+@@ wpa_supplicant/wpa_supplicant.conf: fast_reauth=1
+
+ # Password (and passphrase, etc.) backend for external storage
+ # format: <backend name>[:<optional backend parameters>]
++# Test backend which stores passwords in memory. Should only be used for
++# development purposes.
+ #ext_password_backend=test:pw1=password|pw2=testing
++# File-based backend which reads passwords from a file. The parameter
++# identifies the file to read passwords from. The password file follows the
++# format of wpa_supplicant.conf and accepts simple `key=passphrase` formatted
++# passwords.
++#ext_password_backend=file:/path/to/passwords.conf
+
+
+ # Disable P2P functionality
--
2.30.1
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <http://lists.infradead.org/pipermail/hostap/attachments/20210214/832fdfdc/attachment-0001.sig>
More information about the Hostap
mailing list