ua_services_session.c 6.7 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138
  1. #include "ua_services.h"
  2. #include "ua_server_internal.h"
  3. #include "ua_session_manager.h"
  4. #include "ua_types_generated_encoding_binary.h"
  5. void Service_CreateSession(UA_Server *server, UA_SecureChannel *channel,
  6. const UA_CreateSessionRequest *request, UA_CreateSessionResponse *response) {
  7. if(channel->securityToken.channelId == 0) {
  8. response->responseHeader.serviceResult = UA_STATUSCODE_BADSECURECHANNELIDINVALID;
  9. return;
  10. }
  11. response->responseHeader.serviceResult =
  12. UA_Array_copy(server->endpointDescriptions, server->endpointDescriptionsSize,
  13. (void**)&response->serverEndpoints, &UA_TYPES[UA_TYPES_ENDPOINTDESCRIPTION]);
  14. if(response->responseHeader.serviceResult != UA_STATUSCODE_GOOD)
  15. return;
  16. response->serverEndpointsSize = server->endpointDescriptionsSize;
  17. UA_Session *newSession;
  18. response->responseHeader.serviceResult =
  19. UA_SessionManager_createSession(&server->sessionManager, channel, request, &newSession);
  20. if(response->responseHeader.serviceResult != UA_STATUSCODE_GOOD) {
  21. UA_LOG_DEBUG_CHANNEL(server->config.logger, channel, "Processing CreateSessionRequest failed");
  22. return;
  23. }
  24. newSession->maxResponseMessageSize = request->maxResponseMessageSize;
  25. newSession->maxRequestMessageSize = channel->connection->localConf.maxMessageSize;
  26. response->sessionId = newSession->sessionId;
  27. response->revisedSessionTimeout = (UA_Double)newSession->timeout;
  28. response->authenticationToken = newSession->authenticationToken;
  29. response->responseHeader.serviceResult = UA_String_copy(&request->sessionName, &newSession->sessionName);
  30. if(server->endpointDescriptions)
  31. response->responseHeader.serviceResult |=
  32. UA_ByteString_copy(&server->endpointDescriptions->serverCertificate,
  33. &response->serverCertificate);
  34. if(response->responseHeader.serviceResult != UA_STATUSCODE_GOOD) {
  35. UA_SessionManager_removeSession(&server->sessionManager, &newSession->authenticationToken);
  36. return;
  37. }
  38. UA_LOG_DEBUG_CHANNEL(server->config.logger, channel, "Session %i created",
  39. newSession->sessionId.identifier.numeric);
  40. }
  41. void
  42. Service_ActivateSession(UA_Server *server, UA_SecureChannel *channel, UA_Session *session,
  43. const UA_ActivateSessionRequest *request, UA_ActivateSessionResponse *response) {
  44. if(session->validTill < UA_DateTime_now()) {
  45. UA_LOG_INFO_SESSION(server->config.logger, session, "ActivateSession: SecureChannel %i wants "
  46. "to activate, but the session has timed out", channel->securityToken.channelId);
  47. response->responseHeader.serviceResult = UA_STATUSCODE_BADSESSIONIDINVALID;
  48. return;
  49. }
  50. if(request->userIdentityToken.encoding < UA_EXTENSIONOBJECT_DECODED ||
  51. (request->userIdentityToken.content.decoded.type != &UA_TYPES[UA_TYPES_ANONYMOUSIDENTITYTOKEN] &&
  52. request->userIdentityToken.content.decoded.type != &UA_TYPES[UA_TYPES_USERNAMEIDENTITYTOKEN])) {
  53. UA_LOG_INFO_SESSION(server->config.logger, session, "ActivateSession: SecureChannel %i wants "
  54. "to activate, but the UserIdentify token is invalid",
  55. channel->securityToken.channelId);
  56. response->responseHeader.serviceResult = UA_STATUSCODE_BADINTERNALERROR;
  57. return;
  58. }
  59. UA_String ap = UA_STRING(ANONYMOUS_POLICY);
  60. UA_String up = UA_STRING(USERNAME_POLICY);
  61. /* Compatibility notice: Siemens OPC Scout v10 provides an empty policyId,
  62. this is not okay For compatibility we will assume that empty policyId == ANONYMOUS_POLICY
  63. if(token.policyId->data == NULL)
  64. response->responseHeader.serviceResult = UA_STATUSCODE_BADIDENTITYTOKENINVALID;
  65. */
  66. if(server->config.enableAnonymousLogin &&
  67. request->userIdentityToken.content.decoded.type == &UA_TYPES[UA_TYPES_ANONYMOUSIDENTITYTOKEN]) {
  68. /* anonymous login */
  69. const UA_AnonymousIdentityToken *token = request->userIdentityToken.content.decoded.data;
  70. if(token->policyId.data && !UA_String_equal(&token->policyId, &ap)) {
  71. response->responseHeader.serviceResult = UA_STATUSCODE_BADIDENTITYTOKENINVALID;
  72. return;
  73. }
  74. } else if(server->config.enableUsernamePasswordLogin &&
  75. request->userIdentityToken.content.decoded.type == &UA_TYPES[UA_TYPES_USERNAMEIDENTITYTOKEN]) {
  76. /* username login */
  77. const UA_UserNameIdentityToken *token = request->userIdentityToken.content.decoded.data;
  78. if(!UA_String_equal(&token->policyId, &up)) {
  79. response->responseHeader.serviceResult = UA_STATUSCODE_BADIDENTITYTOKENINVALID;
  80. return;
  81. }
  82. if(token->encryptionAlgorithm.length > 0) {
  83. /* we don't support encryption */
  84. response->responseHeader.serviceResult = UA_STATUSCODE_BADIDENTITYTOKENINVALID;
  85. return;
  86. }
  87. /* trying to match pw/username */
  88. UA_Boolean match = false;
  89. for(size_t i = 0; i < server->config.usernamePasswordLoginsSize; i++) {
  90. UA_String *user = &server->config.usernamePasswordLogins[i].username;
  91. UA_String *pw = &server->config.usernamePasswordLogins[i].password;
  92. if(UA_String_equal(&token->userName, user) && UA_String_equal(&token->password, pw)) {
  93. match = true;
  94. break;
  95. }
  96. }
  97. if(!match) {
  98. UA_LOG_INFO_SESSION(server->config.logger, session, "ActivateSession: Did not find matching username/password");
  99. response->responseHeader.serviceResult = UA_STATUSCODE_BADUSERACCESSDENIED;
  100. return;
  101. }
  102. } else {
  103. /* Unsupported token type */
  104. response->responseHeader.serviceResult = UA_STATUSCODE_BADIDENTITYTOKENINVALID;
  105. return;
  106. }
  107. /* Detach the old SecureChannel */
  108. if(session->channel && session->channel != channel) {
  109. UA_LOG_INFO_SESSION(server->config.logger, session, "ActivateSession: Detach from old channel");
  110. UA_SecureChannel_detachSession(session->channel, session);
  111. }
  112. /* Attach to the SecureChannel and activate */
  113. UA_SecureChannel_attachSession(channel, session);
  114. session->activated = true;
  115. UA_Session_updateLifetime(session);
  116. UA_LOG_INFO_SESSION(server->config.logger, session, "ActivateSession: Session activated");
  117. }
  118. void
  119. Service_CloseSession(UA_Server *server, UA_Session *session, const UA_CloseSessionRequest *request,
  120. UA_CloseSessionResponse *response) {
  121. UA_LOG_INFO_SESSION(server->config.logger, session, "CloseSession");
  122. response->responseHeader.serviceResult =
  123. UA_SessionManager_removeSession(&server->sessionManager, &session->authenticationToken);
  124. }