-
Notifications
You must be signed in to change notification settings - Fork 2k
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge pull request #13082 from HendrikVE/password_protected_shell
sys/shell: new module shell_lock
- Loading branch information
Showing
15 changed files
with
529 additions
and
1 deletion.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,84 @@ | ||
/* | ||
* Copyright (C) 2020 Freie Universität Berlin | ||
* | ||
* This file is subject to the terms and conditions of the GNU Lesser | ||
* General Public License v2.1. See the file LICENSE in the top level | ||
* directory for more details. | ||
*/ | ||
|
||
/** | ||
* @defgroup sys_shell_lock Shell lock | ||
* @ingroup sys | ||
* @brief Simple module to provide a password protection for the shell. | ||
* @experimental This module is an experimental feature and only shows as a proof of concept how | ||
* the shell could be protected with a password. Do not expect relevant security from | ||
* it for production, since Man-in-the-Middle attacks are possible depending on the | ||
* used connection method! | ||
* | ||
* @{ | ||
* | ||
* @file | ||
* @brief Shell interface definition | ||
*/ | ||
|
||
#ifndef SHELL_LOCK_H | ||
#define SHELL_LOCK_H | ||
|
||
#ifdef __cplusplus | ||
extern "C" { | ||
#endif | ||
|
||
#include "shell.h" | ||
|
||
#ifdef MODULE_SHELL_LOCK | ||
#ifndef CONFIG_SHELL_LOCK_PASSWORD | ||
#error Using MODULE_SHELL_LOCK requires defining CONFIG_SHELL_LOCK_PASSWORD | ||
#endif /* CONFIG_SHELL_LOCK_PASSWORD */ | ||
#endif /* MODULE_SHELL_LOCK */ | ||
|
||
/** | ||
* @brief Lock the login process after given attempts of failed logins for | ||
* a few seconds | ||
*/ | ||
#define CONFIG_SHELL_LOCK_ATTEMPTS_BEFORE_TIME_LOCK 3 | ||
|
||
#ifndef CONFIG_SHELL_LOCK_AUTO_LOCK_TIMEOUT_MS | ||
/** | ||
* @brief Lock the shell after this time span without user input | ||
* Defaults to 5 minutes but can be overwritten in the applications | ||
* Makefile. | ||
*/ | ||
#define CONFIG_SHELL_LOCK_AUTO_LOCK_TIMEOUT_MS (5 * 60 * 1000) | ||
#endif | ||
|
||
/** | ||
* @brief Entry point for the lock mechanism. If locked, the user will | ||
* be asked for a password. This function won't return until the | ||
* correct password has been entered. | ||
* | ||
* @param[in] line_buf Buffer for reading in the password from stdin | ||
* @param[in] buf_size Buffer size | ||
*/ | ||
void shell_lock_checkpoint(char *line_buf, int buf_size); | ||
|
||
/** | ||
* @brief Returns true, if the shell is in the locked state. | ||
* | ||
* @return Whether the shell is locked or not. | ||
*/ | ||
bool shell_lock_is_locked(void); | ||
|
||
#ifdef MODULE_SHELL_LOCK_AUTO_LOCKING | ||
/** | ||
* @brief Restart the timeout interval before the shell is locked | ||
* automatically. | ||
*/ | ||
void shell_lock_auto_lock_refresh(void); | ||
#endif /* MODULE_SHELL_LOCK_AUTO_LOCKING */ | ||
|
||
#ifdef __cplusplus | ||
} | ||
#endif | ||
|
||
#endif /* SHELL_LOCK_H */ | ||
/** @} */ |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1 @@ | ||
include $(RIOTBASE)/Makefile.base |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,4 @@ | ||
$(shell $(COLOR_ECHO) "$(COLOR_YELLOW)shell_lock is an experimental feature and only shows as a \ | ||
proof of concept how the shell could be protected with a password. Do not expect relevant \ | ||
security from it for production, since Man-in-the-Middle attacks are possible depending on the \ | ||
used connection method!$(COLOR_RESET)" 1>&2) |
Oops, something went wrong.