[PATCH 0/2] File-backed external password store

[Patrick Steinhardt]

Hi,

I've recently tried to somehow split up configuration and credentials
such that I can deploy configuration to multiple nodes while credentials
are stored separately. Could very well be I'm blind, but I didn't find
any straight-forward way to do this with wpa_supplicant.

To fix this, I've thus implemented a new external password backend which
reads passwords from a separate file. This piggy-backs on the external
password framework which already exists.

This series is rather a RFC to see whether there's any interest. The
code works and I'm currently using it, but documentation is still
missing. So if there's any interest, I'll create a v2 with missing docs
amended. I think usage should be clear enough with the description in
patch 2/2 for now.

Patrick

Patrick Steinhardt (2):
  wpa_supplicant: Move `wpa_config_get_line()` into utils
  ext_password: Implement new file-based backend

 src/utils/config.c            |  97 +++++++++++++++++++++++++
 src/utils/config.h            |  31 ++++++++
 src/utils/ext_password.c      |   3 +
 src/utils/ext_password_file.c | 129 ++++++++++++++++++++++++++++++++++
 src/utils/ext_password_i.h    |   4 ++
 wpa_supplicant/Makefile       |   8 +++
 wpa_supplicant/config_file.c  | 100 +-------------------------
 7 files changed, 273 insertions(+), 99 deletions(-)
 create mode 100644 src/utils/config.c
 create mode 100644 src/utils/config.h
 create mode 100644 src/utils/ext_password_file.c

-- 
2.30.0

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <http://lists.infradead.org/pipermail/hostap/attachments/20210207/cbe5404c/attachment.sig>