Kaynağa Gözat

added documentation on auth option

stefan 9 ay önce
ebeveyn
işleme
f6c6a311ec
3 değiştirilmiş dosya ile 88 ekleme ve 1 silme
  1. 1 1
      api/shellmatta.h
  2. 10 0
      doc/shellmatta.dox
  3. 77 0
      doc/shellmatta_auth.dox

+ 1 - 1
api/shellmatta.h

@@ -126,7 +126,7 @@ typedef struct
  * @brief custom shellmatta authentication method
  * @param[in]   userId      user id to log in (name of the user role)
  * @param[in]   password    password for the login
- * @return      #SHELLMATTA_OK if the username and password is correct
+ * @return      userId if password was correct - otherwise 0
  */
 typedef shellmatta_retCode_t (*shellmatta_auth_check_t)(const uint32_t userId, const char* password);
 

+ 10 - 0
doc/shellmatta.dox

@@ -24,6 +24,10 @@
             App -> Shellmatta: shellmatta_addCmd(command)
         end
 
+        alt Authentication enabled
+            App -> Shellmatta: shellmatta_auth_init()
+        end
+
         loop until finished
             IO -> Shellmatta: shellmatta_processData(data)
             Shellmatta -> App: call command function
@@ -32,4 +36,10 @@
         end
     @enduml
 
+    @section shellmatta_options Shellmatta options
+
+    The Shellmatta comes with some features which can be opted in:
+
+    @subpage shellmatta_auth
+
 */

+ 77 - 0
doc/shellmatta_auth.dox

@@ -0,0 +1,77 @@
+/**
+
+    @page shellmatta_auth Shellmatta Authentication
+
+    The shellmatta comes with a simple authentication mechanism.
+    It can be used to hide certain (or all) commands from users without
+    permission.
+
+    Ther permissions can be set per command.
+
+    To enable the shellmatta auth module you have to include the file
+    shellmatta_auth.c into your build and set the define
+    ``SHELLMATTA_AUTHENTICATION``.
+
+    Unfortunately the structure of each command has to be altered to include
+    the additional information required by the auth module.
+    Please add another NULL to the initializers of every command of type
+    #shellmatta_cmd_t.
+
+
+        shellmatta_cmd_t exampleCmd = { "example",
+                                        "e",
+                                        "example command",
+                                        "example [options]\n"
+                                        "\t-v, --version - print the version of the command",
+                                        exampleCmdFct,
+                                        NULL,
+                                        NULL};
+
+    After initializing the shellmatta instance you have to setup users with
+    username and password:
+
+        shellmatta_auth_user_t userList[] = {
+            {1, "shimatta", "12345678"},
+            {2, "not_shimatta", "87654321"}
+        };
+
+    Every command can get a permission matrix - the perm lists can be reused for
+    multiple users with the same permissions.
+
+        uint32_t exampleCmdPerms[] = {1};
+        shellmatta_auth_perm_t permList[] = {
+            {"adoSome2", exampleCmdPerms, sizeof(exampleCmdPerms)/sizeof(exampleCmdPerms[0])}
+        };
+
+    Now call the #shellmatta_auth_init method and pass the user and permissions
+    lists.
+    It is possible to register optional callbacks for a custom password check
+    and a log function which is called on every authentication event.
+
+        shellmatta_auth_init(handle, userList, 2, permList, 2, false, NULL, NULL);
+
+
+    @section shellmatta_auth_custom_login Custom login
+
+    By default the shellmatta uses plain text passwords.
+    This of course is not state of the art and usually highly insecure.
+
+    As most of the fancy password hashing systems are platform dependant none of
+    those is included to keep up the compatibility with as many platforms as
+    possible (sacrificing security).
+
+    To overcome this limitation you can register your own function to check the
+    credentials.
+
+    Just implement a function of type #shellmatta_auth_check_t and pass it to
+    the #shellmatta_auth_init method during initialization.
+
+        shellmatta_retCode_t custom_auth_check(const uint32_t userId, const char* password) {
+            /‌/ Check if the passed userID matches the passed password.
+            if (password_matches()) {
+                return userId;
+            }
+            return 0;
+        }
+
+*/