shellmatta_auth.dox 3.0 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081
  1. /**
  2. @page shellmatta_auth Shellmatta Authentication
  3. The shellmatta comes with a simple authentication mechanism.
  4. It can be used to hide certain (or all) commands from users without
  5. permission.
  6. Ther permissions can be set per command.
  7. To enable the shellmatta auth module you have to include the file
  8. shellmatta_auth.c into your build and set the define
  9. ``SHELLMATTA_AUTHENTICATION``.
  10. Unfortunately the structure of each command has to be altered to include
  11. the additional information required by the auth module.
  12. Please add another NULL to the initializers of every command of type
  13. #shellmatta_cmd_t.
  14. shellmatta_cmd_t exampleCmd = { "example",
  15. "e",
  16. "example command",
  17. "example [options]\n"
  18. "\t-v, --version - print the version of the command",
  19. exampleCmdFct,
  20. NULL,
  21. NULL};
  22. After initializing the shellmatta instance you have to setup users with
  23. username and password:
  24. shellmatta_auth_user_t userList[] = {
  25. {1, "shimatta", "12345678"},
  26. {2, "not_shimatta", "87654321"}
  27. };
  28. Every command can get a permission matrix - the perm lists can be reused for
  29. multiple users with the same permissions.
  30. When no entry is found for a command in the permission list the command
  31. default to be public.
  32. It is also possible to use the userID 0 to hide a command when logged in.
  33. uint32_t exampleCmdPerms[] = {1};
  34. shellmatta_auth_perm_t permList[] = {
  35. {"adoSome2", exampleCmdPerms, sizeof(exampleCmdPerms)/sizeof(exampleCmdPerms[0])}
  36. };
  37. Now call the #shellmatta_auth_init method and pass the user and permissions
  38. lists.
  39. It is possible to register optional callbacks for a custom password check
  40. and a log function which is called on every authentication event.
  41. shellmatta_auth_init(handle, userList, 2, permList, 2, false, NULL, NULL);
  42. @section shellmatta_auth_custom_login Custom login
  43. By default the shellmatta uses plain text passwords.
  44. This of course is not state of the art and usually highly insecure.
  45. As most of the fancy password hashing systems are platform dependant none of
  46. those is included to keep up the compatibility with as many platforms as
  47. possible (sacrificing security).
  48. To overcome this limitation you can register your own function to check the
  49. credentials.
  50. Just implement a function of type #shellmatta_auth_check_t and pass it to
  51. the #shellmatta_auth_init method during initialization.
  52. shellmatta_retCode_t custom_auth_check(const uint32_t userId, const char* password) {
  53. /‌/ Check if the passed userID matches the passed password.
  54. if (password_matches()) {
  55. return userId;
  56. }
  57. return 0;
  58. }
  59. */