move username definitions to the access control plugin; clean up

include/ua_server.h

@@ -75,10 +75,13 @@ struct UA_ServerNetworkLayer {
  * The access control callback is used to authenticate sessions and grant access
  * rights accordingly. */
 typedef struct {
+    /* These booleans are used to create endpoints for the possible
+     * authentication methods */
     UA_Boolean enableAnonymousLogin;
     UA_Boolean enableUsernamePasswordLogin;
-    
-    /* Authenticate a session */
+
+    /* Authenticate a session. The session handle is attached to the session and
+     * passed into the node-based access control callbacks. */
     UA_StatusCode (*activateSession)(const UA_NodeId *sessionId,
                                      const UA_ExtensionObject *userIdentityToken,
                                      void **sessionHandle);
@@ -205,7 +208,8 @@ typedef struct {
 } UA_ServerConfig;
 
 /* Add a new namespace to the server. Returns the index of the new namespace */
-UA_UInt16 UA_EXPORT UA_Server_addNamespace(UA_Server *server, const char* name);
+UA_UInt16 UA_EXPORT
+UA_Server_addNamespace(UA_Server *server, const char* name);
 
 /**
  * .. _server-lifecycle:

plugins/ua_accesscontrol_default.c

@@ -3,55 +3,68 @@
 
 #include "ua_accesscontrol_default.h"
 
-/* We allow login anonymous and with the following username / password. The
- * access rights are maximally permissive in this example plugin. */
+/* Example access control management. Anonymous and username / password login.
+ * The access rights are maximally permissive. */
 
 #define ANONYMOUS_POLICY "open62541-anonymous-policy"
 #define USERNAME_POLICY "open62541-username-policy"
 
+// TODO: There should be one definition of these strings in the endpoint.
+// Put the endpoint definition in the access control struct?
 #define UA_STRING_STATIC(s) {sizeof(s)-1, (UA_Byte*)s}
 const UA_String anonymous_policy = UA_STRING_STATIC(ANONYMOUS_POLICY);
 const UA_String username_policy = UA_STRING_STATIC(USERNAME_POLICY);
 
+const size_t usernamePasswordsSize = 2;
+UA_UsernamePasswordLogin usernamePasswords[2] = {
+    { UA_STRING_STATIC("user1"), UA_STRING_STATIC("password") },
+    { UA_STRING_STATIC("user2"), UA_STRING_STATIC("password1") } };
+
 UA_StatusCode
-activateSession_default(const UA_NodeId *sessionId, const UA_ExtensionObject *userIdentityToken,
+activateSession_default(const UA_NodeId *sessionId,
+                        const UA_ExtensionObject *userIdentityToken,
                         void **sessionHandle) {
     /* Could the token be decoded? */
     if(userIdentityToken->encoding < UA_EXTENSIONOBJECT_DECODED)
         return UA_STATUSCODE_BADIDENTITYTOKENINVALID;
 
-    /* anonymous login */
-    if(enableAnonymousLogin &&
-       userIdentityToken->content.decoded.type == &UA_TYPES[UA_TYPES_ANONYMOUSIDENTITYTOKEN]) {
-        const UA_AnonymousIdentityToken *token = (UA_AnonymousIdentityToken *)userIdentityToken->content.decoded.data;
+    /* Anonymous login */
+    if(userIdentityToken->content.decoded.type ==
+       &UA_TYPES[UA_TYPES_ANONYMOUSIDENTITYTOKEN]) {
+        const UA_AnonymousIdentityToken *token =
+            (UA_AnonymousIdentityToken*)userIdentityToken->content.decoded.data;
 
         /* Compatibility notice: Siemens OPC Scout v10 provides an empty
-         * policyId. This is not compliant. For compatibility we will assume
-         * that empty policyId == ANONYMOUS_POLICY */
-        if(token->policyId.data && !UA_String_equal(&token->policyId, &anonymous_policy))
+         * policyId. This is not compliant. For compatibility, assume that empty
+         * policyId == ANONYMOUS_POLICY */
+        if(token->policyId.data &&
+           !UA_String_equal(&token->policyId, &anonymous_policy))
             return UA_STATUSCODE_BADIDENTITYTOKENINVALID;
 
+        /* No userdata atm */
         *sessionHandle = NULL;
         return UA_STATUSCODE_GOOD;
     }
 
-    /* username and password */
-    if(enableUsernamePasswordLogin &&
-       userIdentityToken->content.decoded.type == &UA_TYPES[UA_TYPES_USERNAMEIDENTITYTOKEN]) {
-        const UA_UserNameIdentityToken *token = (UA_UserNameIdentityToken *)userIdentityToken->content.decoded.data;
+    /* Username and password */
+    if(userIdentityToken->content.decoded.type ==
+       &UA_TYPES[UA_TYPES_USERNAMEIDENTITYTOKEN]) {
+        const UA_UserNameIdentityToken *token =
+            (UA_UserNameIdentityToken*)userIdentityToken->content.decoded.data;
         if(!UA_String_equal(&token->policyId, &username_policy))
             return UA_STATUSCODE_BADIDENTITYTOKENINVALID;
 
-        /* empty username and password */
+        /* Empty username and password */
         if(token->userName.length == 0 && token->password.length == 0)
             return UA_STATUSCODE_BADIDENTITYTOKENINVALID;
 
-        /* trying to match pw/username */
+        /* Try to match username/pw */
         UA_Boolean match = false;
         for(size_t i = 0; i < usernamePasswordsSize; i++) {
             const UA_String *user = &usernamePasswords[i].username;
             const UA_String *pw = &usernamePasswords[i].password;
-            if(UA_String_equal(&token->userName, user) && UA_String_equal(&token->password, pw)) {
+            if(UA_String_equal(&token->userName, user) &&
+               UA_String_equal(&token->password, pw)) {
                 match = true;
                 break;
             }
@@ -59,6 +72,7 @@ activateSession_default(const UA_NodeId *sessionId, const UA_ExtensionObject *us
         if(!match)
             return UA_STATUSCODE_BADUSERACCESSDENIED;
 
+        /* No userdata atm */
         *sessionHandle = NULL;
         return UA_STATUSCODE_GOOD;
     }
@@ -68,47 +82,64 @@ activateSession_default(const UA_NodeId *sessionId, const UA_ExtensionObject *us
 }
 
 void
-closeSession_default(const UA_NodeId *sessionId, void *sessionHandle) {
+closeSession_default(const UA_NodeId *sessionId,
+                     void *sessionHandle) {
     /* no handle to clean up */
 }
 
 UA_UInt32
-getUserRightsMask_default(const UA_NodeId *sessionId, void *sessionHandle, const UA_NodeId *nodeId) {
+getUserRightsMask_default(const UA_NodeId *sessionId,
+                          void *sessionHandle,
+                          const UA_NodeId *nodeId) {
     return 0xFFFFFFFF;
 }
 
 UA_Byte
-getUserAccessLevel_default(const UA_NodeId *sessionId, void *sessionHandle, const UA_NodeId *nodeId) {
+getUserAccessLevel_default(const UA_NodeId *sessionId,
+                           void *sessionHandle,
+                           const UA_NodeId *nodeId) {
     return 0xFF;
 }
 
 UA_Boolean
-getUserExecutable_default(const UA_NodeId *sessionId, void *sessionHandle, const UA_NodeId *nodeId) {
+getUserExecutable_default(const UA_NodeId *sessionId,
+                          void *sessionHandle,
+                          const UA_NodeId *nodeId) {
     return true;
 }
 
 UA_Boolean
-getUserExecutableOnObject_default(const UA_NodeId *sessionId, void *sessionHandle,
-                                  const UA_NodeId *methodId, const UA_NodeId *objectId) {
+getUserExecutableOnObject_default(const UA_NodeId *sessionId,
+                                  void *sessionHandle,
+                                  const UA_NodeId *methodId,
+                                  const UA_NodeId *objectId) {
     return true;
 }
 
 UA_Boolean
-allowAddNode_default(const UA_NodeId *sessionId, void *sessionHandle, const UA_AddNodesItem *item) {
+allowAddNode_default(const UA_NodeId *sessionId,
+                     void *sessionHandle,
+                     const UA_AddNodesItem *item) {
     return true;
 }
 
 UA_Boolean
-allowAddReference_default(const UA_NodeId *sessionId, void *sessionHandle, const UA_AddReferencesItem *item) {
+allowAddReference_default(const UA_NodeId *sessionId,
+                          void *sessionHandle,
+                          const UA_AddReferencesItem *item) {
     return true;
 }
 
 UA_Boolean
-allowDeleteNode_default(const UA_NodeId *sessionId, void *sessionHandle, const UA_DeleteNodesItem *item) {
+allowDeleteNode_default(const UA_NodeId *sessionId,
+                        void *sessionHandle,
+                        const UA_DeleteNodesItem *item) {
     return true;
 }
       
 UA_Boolean
-allowDeleteReference_default(const UA_NodeId *sessionId, void *sessionHandle, const UA_DeleteReferencesItem *item) {
+allowDeleteReference_default(const UA_NodeId *sessionId,
+                             void *sessionHandle,
+                             const UA_DeleteReferencesItem *item) {
     return true;
 }

plugins/ua_accesscontrol_default.h

@@ -10,41 +10,47 @@
 extern "C" {
 #endif
 
-extern const UA_Boolean enableAnonymousLogin;
-extern const UA_Boolean enableUsernamePasswordLogin;
-extern const size_t usernamePasswordsSize;
-extern const UA_UsernamePasswordLogin *usernamePasswords;
+UA_StatusCode UA_EXPORT
+activateSession_default(const UA_NodeId *sessionId,
+                        const UA_ExtensionObject *userIdentityToken,
+                        void **sessionHandle);
 
-UA_EXPORT UA_StatusCode
-activateSession_default(const UA_NodeId *sessionId, const UA_ExtensionObject *userIdentityToken, void **sessionHandle);
-
-UA_EXPORT void
+void UA_EXPORT
 closeSession_default(const UA_NodeId *sessionId, void *sessionHandle);
 
-UA_EXPORT UA_UInt32
-getUserRightsMask_default(const UA_NodeId *sessionId, void *sessionHandle, const UA_NodeId *nodeId);
+UA_UInt32 UA_EXPORT
+getUserRightsMask_default(const UA_NodeId *sessionId, void *sessionHandle,
+                          const UA_NodeId *nodeId);
+
+UA_Byte UA_EXPORT
+getUserAccessLevel_default(const UA_NodeId *sessionId, void *sessionHandle,
+                           const UA_NodeId *nodeId);
 
-UA_EXPORT UA_Byte
-getUserAccessLevel_default(const UA_NodeId *sessionId, void *sessionHandle, const UA_NodeId *nodeId);
+UA_Boolean UA_EXPORT
+getUserExecutable_default(const UA_NodeId *sessionId, void *sessionHandle,
+                          const UA_NodeId *nodeId);
 
-UA_EXPORT UA_Boolean
-getUserExecutable_default(const UA_NodeId *sessionId, void *sessionHandle, const UA_NodeId *nodeId);
+UA_Boolean UA_EXPORT
+getUserExecutableOnObject_default(const UA_NodeId *sessionId,
+                                  void *sessionHandle,
+                                  const UA_NodeId *methodId,
+                                  const UA_NodeId *objectId);
 
-UA_EXPORT UA_Boolean
-getUserExecutableOnObject_default(const UA_NodeId *sessionId, void *sessionHandle,
-                                  const UA_NodeId *methodId, const UA_NodeId *objectId);
+UA_Boolean UA_EXPORT
+allowAddNode_default(const UA_NodeId *sessionId, void *sessionHandle,
+                     const UA_AddNodesItem *item);
 
-UA_EXPORT UA_Boolean
-allowAddNode_default(const UA_NodeId *sessionId, void *sessionHandle, const UA_AddNodesItem *item);
+UA_Boolean UA_EXPORT
+allowAddReference_default(const UA_NodeId *sessionId, void *sessionHandle,
+                          const UA_AddReferencesItem *item);
 
-UA_EXPORT UA_Boolean
-allowAddReference_default(const UA_NodeId *sessionId, void *sessionHandle, const UA_AddReferencesItem *item);
+UA_Boolean UA_EXPORT
+allowDeleteNode_default(const UA_NodeId *sessionId, void *sessionHandle,
+                        const UA_DeleteNodesItem *item);
 
-UA_EXPORT UA_Boolean
-allowDeleteNode_default(const UA_NodeId *sessionId, void *sessionHandle, const UA_DeleteNodesItem *item);
-      
-UA_EXPORT UA_Boolean
-allowDeleteReference_default(const UA_NodeId *sessionId, void *sessionHandle, const UA_DeleteReferencesItem *item);
+UA_Boolean UA_EXPORT
+allowDeleteReference_default(const UA_NodeId *sessionId, void *sessionHandle,
+                             const UA_DeleteReferencesItem *item);
 
 #ifdef __cplusplus
 }

plugins/ua_config_standard.c

@@ -34,19 +34,6 @@ const UA_EXPORT UA_ConnectionConfig UA_ConnectionConfig_standard = {
 #define VERSION(MAJOR, MINOR, PATCH, LABEL) \
     STRINGIFY(MAJOR) "." STRINGIFY(MINOR) "." STRINGIFY(PATCH) LABEL
 
-/* Access Control. The following definitions are defined as "extern" in
-   ua_accesscontrol_default.h */
-#define ENABLEANONYMOUSLOGIN true
-#define ENABLEUSERNAMEPASSWORDLOGIN true
-const UA_Boolean enableAnonymousLogin = ENABLEANONYMOUSLOGIN;
-const UA_Boolean enableUsernamePasswordLogin = ENABLEUSERNAMEPASSWORDLOGIN;
-const size_t usernamePasswordsSize = 2;
-
-UA_UsernamePasswordLogin UsernamePasswordLogin[2] = {
-    { UA_STRING_STATIC("user1"), UA_STRING_STATIC("password") },
-    { UA_STRING_STATIC("user2"), UA_STRING_STATIC("password1") } };
-const UA_UsernamePasswordLogin *usernamePasswords = UsernamePasswordLogin;
-
 const UA_EXPORT UA_ServerConfig UA_ServerConfig_standard = {
     1, /* .nThreads */
     UA_Log_Stdout, /* .logger */
@@ -82,7 +69,7 @@ const UA_EXPORT UA_ServerConfig UA_ServerConfig_standard = {
     NULL, /* .networkLayers */
 
     /* Access Control */
-    {ENABLEANONYMOUSLOGIN, ENABLEUSERNAMEPASSWORDLOGIN,
+    {true, true,
      activateSession_default, closeSession_default,
      getUserRightsMask_default, getUserAccessLevel_default,
      getUserExecutable_default, getUserExecutableOnObject_default,