/* loginLib.c - user login/password subroutine library *//* Copyright 1984-1992 Wind River Systems, Inc. */#include "copyright_wrs.h"/*modification history--------------------02a,26may99,pfl  fixed login password encryption (SPR 9584)01z,14mar99,jdi  doc: removed refs to config.h and/or configAll.h (SPR 25663).01y,14jul97,dgp  doc: change ^D to CTRL-D in loginPrompt01x,10jul97,dgp  doc: fix SPR 8303, loginUserAdd() saves address of password01w,01aug96,sgv  fix for spr #4971, passwd set in loginPrompt.01v,13oct95,jdi  fixed vxencrypt pathnames; changed refs to UNIX to "host".01u,14mar93,jdi  fixed typo.01t,20jan93,jdi  documentation cleanup for 5.1.01s,20jul92,jmm  added group parameter to symAdd call01r,18jul92,smb  Changed errno.h to errnoLib.h.01q,26may92,rrr  the tree shuffle01p,13dec91,gae  ANSI cleanup.01o,19nov91,rrr  shut up some ansi warnings.01n,14nov91,jpb  fixed problem with logout trashing user name.		 moved all references to originalUser and originalPasswd		 from loginLib.c to shellLib.c (local). see spr 916 and 1100.01m,04oct91,rrr  passed through the ansification filter                  -changed functions to ansi style		  -changed includes to have absolute path from h/		  -changed VOID to void		  -changed copyright notice01l,13may91,shl  undo'ed 01j.01k,01may91,jdi  documentation tweaks.01j,29apr91,shl  added call to save machine name, user and group ids (spr 916).01i,05apr91,jdi	 documentation -- removed header parens and x-ref numbers;		 doc review by shl.01h,11feb91,jaa	 documentation cleanup.01g,08oct90,shl  fixed to set NULL password correctly in remCurIdSet().01f,04oct90,shl  fixed loginPrompt() to save original and install		 new user name and password after successful rlogin.01e,10aug90,dnw  made loginDefaultEncrypt be default implicitly by setting		   encryptRtn to loginDefaultEncrypt;		 cleaned-up documentation.01d,15jul90,gae  made loginPrompt check userName against NULL -- bug fix.01c,09may90,shl  fixed loginStringSet to copy MAX_LOGIN_NAME_LEN bytes.01b,19apr90,shl  de-linted.01a,03feb90,shl  written.*//*DESCRIPTIONThis library provides a login/password facility for network access to theVxWorks shell.  When installed, it requires a user name and password matchto gain access to the VxWorks shell from rlogin or telnet.  Therefore VxWorkscan be used in secure environments where access must be restricted.Routines are provided to prompt for the user name and password, and verify the response by looking up the name/password pair in a login usertable.  This table contains a list of user names and encrypted passwordsthat will be allowed to log in to the VxWorks shell remotely.  Routines areprovided to add, delete, and access the login user table.  The list ofuser names can be displayed with loginUserShow().INSTALLATIONThe login security feature is initialized by the root task, usrRoot(), inusrConfig.c, if the configuration macro INCLUDE_SECURITY is defined.  Defining this macro also adds a single default user to the login table.The default user and password are defined as LOGIN_USER_NAMEand LOGIN_PASSWORD.  These can be set to any desired name and password.More users can be added by making additional calls to loginUserAdd().  IfINCLUDE_SECURITY is not defined, access to VxWorks will not be restrictedand secure.The name/password pairs are added to the table by calling loginUserAdd(),which takes the name and an encrypted password as arguments.  The VxWorkshost tool vxencrypt is used to generate the encrypted form of a password.For example, to add a user name of "fred" and password of "flintstone",first run vxencrypt on the host to find the encryption of "flintstone" asfollows:.CS    % vxencrypt    please enter password: flintstone    encrypted password is ScebRezb9c.CEThen invoke the routine loginUserAdd() in VxWorks:.CS	loginUserAdd ("fred", "ScebRezb9c");.CEThis can be done from the shell, a start-up script, or application code.LOGGING INWhen the login security facility is installed, every attempt to rloginor telnet to the VxWorks shell will first prompt for a user name and password..CS    % rlogin target    VxWorks login: fred    Password: flintstone    ->.CEThe delay in prompting between unsuccessful logins is increased linearly withthe number of attempts, in order to slow down password-guessing programs.ENCRYPTION ALGORITHMThis library provides a simple default encryption routine,loginDefaultEncrypt().  This algorithm requires thatpasswords be at least 8 characters and no more than 40 characters.The routine loginEncryptInstall() allows a user-specified encryptionfunction to be used instead of the default.INCLUDE FILES: loginLib.hSEE ALSO: shellLib, vxencrypt,.pG "Shell"*/#include "vxWorks.h"#include "stdlib.h"#include "semLib.h"#include "string.h"#include "lstLib.h"#include "loginLib.h"#include "ioLib.h"#include "symLib.h"#include "symbol.h"#include "remLib.h"#include "errnoLib.h"#include "stdio.h"#include "unistd.h"#include "sysLib.h"#include "tickLib.h"/* global variables */int     loginTimeOutInSecond = 60;    /* number of seconds before timing out *//* local variables */LOCAL char    	loginString [MAX_LOGIN_NAME_LEN + 1] = "VxWorks login: ";LOCAL SYMTAB_ID loginSymTbl;LOCAL FUNCPTR 	encryptRtn = loginDefaultEncrypt; /* encryption function */LOCAL int     	encryptVar;			  /* and its argument *//* forward static functions */static BOOL loginPrintName (char *name, int val, SYM_TYPE type, char *string);static STATUS loginNameGet (char *name);static STATUS loginPasswdGet (char *passwd);static STATUS loginEncrypt (char *in, char *out);/********************************************************************************* loginInit - initialize the login table** This routine must be called to initialize the login data structure used by* routines throughout this module.  If the configuration macro INCLUDE_SECURITY* is defined, it is called by usrRoot() in usrConfig.c, before any other* routines in this module.** RETURNS: N/A*/void loginInit (void)    {    static BOOL loginInitialized = FALSE;    if (!loginInitialized)        {        loginInitialized = TRUE;	loginSymTbl 	 = symTblCreate (6, FALSE, memSysPartId);					/* make 64 entry hash table */	}    }/********************************************************************************* loginUserAdd - add a user to the login table** This routine adds a user name and password entry to the login table.* Note that what is saved in the login table is the user name and the* address of <passwd>, not the actual password.** The length of user names should not exceed MAX_LOGIN_NAME_LEN, while* the length of passwords depends on the encryption routine used.  For the* default encryption routine, passwords should be at least 8 characters long* and no more than 40 characters.** The procedure for adding a new user to login table is as follows:* .IP (1) 4* Generate the encrypted password by invoking vxencrypt* in \f3host/<hostOs>/bin\fP.* .IP (2)* Add a user by invoking loginUserAdd() in the VxWorks shell* with the user name and the encrypted password.* .LP* The password of a user can be changed by first deleting the user entry,* then adding the user entry again with the new encrypted password.** EXAMPLE*.CS*    -> loginUserAdd "peter", "RRdRd9Qbyz"*    value = 0 = 0x0*    -> loginUserAdd "robin", "bSzyydqbSb"*    value = 0 = 0x0*    -> loginUserShow**      User Name*      =========*      peter*      robin*    value = 0 = 0x0*    ->*.CE** RETURNS: OK, or ERROR if the user name has already been entered.** SEE ALSO: vxencrypt*/STATUS loginUserAdd    (    char  name[MAX_LOGIN_NAME_LEN+1],   /* user name */    char  passwd[80]                    /* user password */    )    {    char     *value;    SYM_TYPE  type;			/* login type */    if (symFindByName (loginSymTbl, name, &value, &type) == OK)	{	errnoSet (S_loginLib_USER_ALREADY_EXISTS);	return (ERROR);	}    else        if (symAdd (loginSymTbl, name, passwd, type, symGroupDefault) != OK)	    return (ERROR);    return (OK);    }/********************************************************************************* loginUserDelete - delete a user entry from the login table** This routine deletes an entry in the login table.* Both the user name and password must be specified to remove an entry* from the login table.** RETURNS: OK, or ERROR if the specified user or password is incorrect.*/STATUS loginUserDelete    (    char  *name,                /* user name */    char  *passwd               /* user password */    )    {    char      encryptBuf [80+1];    char     *value;    SYM_TYPE  type;    if (loginEncrypt (passwd, encryptBuf) == ERROR)        return (ERROR);    if (symFindByName (loginSymTbl, name, &value, &type) == OK)	{	if (symRemove (loginSymTbl, name, type) == OK)	    return (OK);   	}    errnoSet (S_loginLib_UNKNOWN_USER);    return (ERROR);    }/********************************************************************************* loginUserVerify - verify a user name and password in the login table** This routine verifies a user entry in the login table.** RETURNS: OK, or ERROR if the user name or password is not found.*/STATUS loginUserVerify    (    char  *name,                /* name of user */    char  *passwd               /* password of user */    )    {    char      encryptBuf[80+1];    char     *value;    SYM_TYPE  type;    if (loginEncrypt (passwd, encryptBuf) == ERROR)	return (ERROR);    if (symFindByName (loginSymTbl, name, &value, &type) == ERROR)        {        errnoSet(S_loginLib_UNKNOWN_USER);        return (ERROR);        }    if (strcmp (value, encryptBuf) == 0)	/* verify password */	return (OK);    else	{	errnoSet (S_loginLib_INVALID_PASSWORD);	return (ERROR);	}    }/********************************************************************************* loginPrintName - display a single user entry** ARGSUSED1*/LOCAL BOOL loginPrintName    (    char     *name,    int       val,    SYM_TYPE  type,    char     *string    )    {    printf ("  %-15s\n", name);    return (TRUE);    }/********************************************************************************* loginUserShow - display the user login table** This routine displays valid user names.** EXAMPLE*.CS*     -> loginUserShow ()**       User Name*       =========*       peter*       robin*     value = 0 = 0x0*.CE** RETURNS: N/A*/void loginUserShow (void)    {    char  *string;    string = "";    printf ("\n%s\n", "  User Name");    printf (  "%s\n", "  =========");    (void)symEach (loginSymTbl, (FUNCPTR)loginPrintName, (int)string);    }/******************************************************************************* loginNameGet - prompt user for login name** RETURNS: OK if <name> is at least 1 byte long, or ERROR if less.*/LOCAL STATUS loginNameGet    (    char *name          /* buffer for user name */    )    {    int   nbytes 	  = 0;		/* bytes read */