LPC1768_Nano3_Shell Rights Management

Created at 2020-12-10 17:20:03

Finsh Shell Rights Management
Summary: This article introduces the important settings of Shell to turn on password support, points out the shortcomings in the existing code, and improves it slightly, mainly by adding support for password entry back, adding custom rights management, so that users can use it according to their own needs. To better protect Shell from clutter, an example of exposing only a single portal is provided.

Shell is something that can be easily debugged and has two sides to everything. When we provide an interface to some very important functions, we should protect it as much as possible from illegal users.

Open password support function (bring your own) said in front, this side appears something, RT-Thread Nano's own config template is not, to add manually, rest assured, I tried, the kernel inside is supported. First open the programming manual, look at the document Finsh Shell section, and see a bunch of macro options.

#defineFINSH_USING_AUTH
#defineFINSH_DEFAULT_PASSWORD "yourpswd"
1.jpg

It turns on authentication If the one below is not defined, it will use password "rtthread" by default(prompt "FINSH_DEFAULT_PASSWORD")

11.jpg

Default the location of the password, let's see the effects first, when entering the password it turns to"*".

2.jpg

Add an export function (custom function)
Take a look at what functions are printed on the shell, and then, find, navigate to the function definition, which is the key thing to export below information!

3.jpg

see what functions there are

4.jpg

check out list_thread
Now write a function yourself, print a line of information, export it, see if it works, the effect is As shown in Figure 3-6.

/*--------------------------------BEGIN---------------------*/int logoff(int argc,char** argv){  rt_kprintf("logon off ok!\n");  return 0;}MSH_CMD_EXPORT(logoff, exit for the logon user);/*--------------------------------END---------------------*/

5.jpg

manually adds an export function
Add Password Input
What's wrong with password input? Simulate and see where the program is going, and you'll know. Copy that code, modify it, and you'll get it done!

6.jpg

Check out “FINSH_USING_AUTH”
Add a few break point simulations and see where it goes, as shown below

7.jpg

Code runs to the finsh_wait_authfinsh_wait_auth function, runs again, finds that it didn't come out, well, we found, that's the function, let's take a look.

8.jpg

Password input prompt originally stuck here, has been reading input characters! Well, the password display must be here too!

9.jpg

why is this like this? You can open putty, disconnect the serial port, and then enter the character to try, the screen did not print any information out, indicating that the display here requires serial back, send back what will show, we want to protect the password, then write a "*" . When in the test, found that the password was wrong, there is no way to delete! What a headache! Come on, fix it, what are we going to do? Add that code to judge it, don't know what the value is, simulate it!

  else if(ch == 0x7f || ch == 0x08)             {        if(cur_pos != 0)        {                    cur_pos--;          password[cur_pos] = 0;                        rt_kprintf("\b \b");                       }      }         
  

10.jpg

Add password deletion
This is not enough, there are a few arrow key, a series of several yards over, how to do? Also handle and hide them, as shown below

//-----------------For Password Input---------------
static__inline int read_inputdat(rt_uint8_t *password)
{
char ch;
rt_bool_t input_finish = RT_FALSE;
rt_size_t cur_pos = 0;

while (!input_finish)
{

/* wait receive */
if (rt_sem_take(&shell->rx_sem, RT_WAITING_FOREVER) != RT_EOK)
  continue;
/* read one character from device */
while (rt_device_read(shell->device, 0, &ch, 1) == 1)
{
  {  //--------------------
    /*
    * handle control key
    * up key  : 0x1b 0x5b 0x41
    * down key: 0x1b 0x5b 0x42
    * right key:0x1b 0x5b 0x43
    * left key: 0x1b 0x5b 0x44
    */
    if (ch == 0x1b)
    {
      shell->stat = WAIT_SPEC_KEY;
      continue;
    }
    else if (shell->stat == WAIT_SPEC_KEY)
    {
      if (ch == 0x5b)
      {
        shell->stat = WAIT_FUNC_KEY;
        continue;
      }
      shell->stat = WAIT_NORMAL;
    }
    else if (shell->stat == WAIT_FUNC_KEY)
    {
      shell->stat = WAIT_NORMAL;
      continue;
    }
  }//--------------------
  //
  //---------------------Read valid characters
  if (ch >= ' ' && ch <= '~' && cur_pos < RT_USER_PWD_SIZE)
  {
    /* change the printable characters to'*' */
    rt_kprintf("*");
    password[cur_pos++] = ch;
  }
  else if(ch == 0x7f || ch == 0x08)      //Fix an error that the password input cannot be deleted
  {
    if(cur_pos != 0)
    {         
      cur_pos--;
      password[cur_pos] = 0;              //Note that the previously written value is to clear to 0
      rt_kprintf("\b \b");                //The screen is cleared
    }
  }
  else if (ch == '\r' || ch == '\n')
  {
    rt_kprintf("\n");
    input_finish = RT_TRUE;
    break;
  }
  else if (cur_pos >= RT_USER_PWD_SIZE )
  {
    rt_kprintf("\n[error]---->inputis more than 16 byte!\n");
    input_finish = RT_TRUE;
    break;
  }
}

}
return 0;
}
//
static__inline void rt_input_username(void)
{
//--------------------------------------------username
rt_kprintf("please inputthe username:");
rt_memset(rt_inputwd,0,sizeof(rt_inputwd));
read_inputdat(rt_inputwd);
}
//
static__inline void rt_input_password(void)
{
rt_kprintf("please inputthe password:");
rt_memset(rt_inputwd,0,sizeof(rt_inputwd));
read_inputdat(rt_inputwd);
}
//

At this point, rt_input_username and rt_input_password can be used to enter the password. Remember to put an extern struct finsh_shell *shell.

Add Rights Management
Rights management, simply put, is the right to enter a username and password, and set a flag for it. In order to better implement operational rights control, different users, the flag is not the same, so that you can achieve grouping.
Here is essentially a comparison of strings, there is nothing to say, after the comparison, give the variable a value. Look at the code.
Function Entry Add Permission Control
At the entrance of the function, the permission flag is judged, the permission is too low, the direct exit can achieve protection.
Function entrances are not allowed to be seen
Idea: Provides a function entry that calls the real function as an argument, does not display the portal directly, and provides command tips to the administrator by helping the file.

12.jpg

Code Details as shown above.

Running Environment
MDK 5, LPC17xx pack, RT-Thread Nano v3.0.3

0 Answer

Create
Post