Home Verkennen Help
Inloggen
opc-ua
/
open62541
Volgen 2
Ster 0
Vork 0
Bestanden Kwesties 0 Pull-aanvragen 0 Wiki
Boom: 454c6ed8a3
Aftakkingen Labels
open62541
/
plugins
/
ua_accesscontrol_default.c

ua_accesscontrol_default.c 5.0 KB
Geschiedenis Ruwe

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151 
  1. /* This work is licensed under a Creative Commons CCZero 1.0 Universal License.
    2. 

  2.  * See http://creativecommons.org/publicdomain/zero/1.0/ for more information. */
    3. 

  3. 

  4. #include "ua_accesscontrol_default.h"
    5. 

  5. 

  6. /* Example access control management. Anonymous and username / password login.
    7. 

  7.  * The access rights are maximally permissive. */
    8. 

  8. 

  9. #define ANONYMOUS_POLICY "open62541-anonymous-policy"
    10. 

  10. #define USERNAME_POLICY "open62541-username-policy"
    11. 

  11. 

  12. // TODO: There should be one definition of these strings in the endpoint.
    13. 

  13. // Put the endpoint definition in the access control struct?
    14. 

  14. #define UA_STRING_STATIC(s) {sizeof(s)-1, (UA_Byte*)s}
    15. 

  15. const UA_String anonymous_policy = UA_STRING_STATIC(ANONYMOUS_POLICY);
    16. 

  16. const UA_String username_policy = UA_STRING_STATIC(USERNAME_POLICY);
    17. 

  17. 

  18. typedef struct {
    19. 

  19.     UA_String username;
    20. 

  20.     UA_String password;
    21. 

  21. } UA_UsernamePasswordLogin;
    22. 

  22. 

  23. const size_t usernamePasswordsSize = 2;
    24. 

  24. UA_UsernamePasswordLogin usernamePasswords[2] = {
    25. 

  25.     { UA_STRING_STATIC("user1"), UA_STRING_STATIC("password") },
    26. 

  26.     { UA_STRING_STATIC("user2"), UA_STRING_STATIC("password1") } };
    27. 

  27. 

  28. UA_StatusCode
    29. 

  29. activateSession_default(const UA_NodeId *sessionId,
    30. 

  30.                         const UA_ExtensionObject *userIdentityToken,
    31. 

  31.                         void **sessionHandle) {
    32. 

  32.     /* Could the token be decoded? */
    33. 

  33.     if(userIdentityToken->encoding < UA_EXTENSIONOBJECT_DECODED)
    34. 

  34.         return UA_STATUSCODE_BADIDENTITYTOKENINVALID;
    35. 

  35. 

  36.     /* Anonymous login */
    37. 

  37.     if(userIdentityToken->content.decoded.type ==
    38. 

  38.        &UA_TYPES[UA_TYPES_ANONYMOUSIDENTITYTOKEN]) {
    39. 

  39.         const UA_AnonymousIdentityToken *token =
    40. 

  40.             (UA_AnonymousIdentityToken*)userIdentityToken->content.decoded.data;
    41. 

  41. 

  42.         /* Compatibility notice: Siemens OPC Scout v10 provides an empty
    43. 

  43.          * policyId. This is not compliant. For compatibility, assume that empty
    44. 

  44.          * policyId == ANONYMOUS_POLICY */
    45. 

  45.         if(token->policyId.data &&
    46. 

  46.            !UA_String_equal(&token->policyId, &anonymous_policy))
    47. 

  47.             return UA_STATUSCODE_BADIDENTITYTOKENINVALID;
    48. 

  48. 

  49.         /* No userdata atm */
    50. 

  50.         *sessionHandle = NULL;
    51. 

  51.         return UA_STATUSCODE_GOOD;
    52. 

  52.     }
    53. 

  53. 

  54.     /* Username and password */
    55. 

  55.     if(userIdentityToken->content.decoded.type ==
    56. 

  56.        &UA_TYPES[UA_TYPES_USERNAMEIDENTITYTOKEN]) {
    57. 

  57.         const UA_UserNameIdentityToken *token =
    58. 

  58.             (UA_UserNameIdentityToken*)userIdentityToken->content.decoded.data;
    59. 

  59.         if(!UA_String_equal(&token->policyId, &username_policy))
    60. 

  60.             return UA_STATUSCODE_BADIDENTITYTOKENINVALID;
    61. 

  61. 

  62.         /* Empty username and password */
    63. 

  63.         if(token->userName.length == 0 && token->password.length == 0)
    64. 

  64.             return UA_STATUSCODE_BADIDENTITYTOKENINVALID;
    65. 

  65. 

  66.         /* Try to match username/pw */
    67. 

  67.         UA_Boolean match = false;
    68. 

  68.         for(size_t i = 0; i < usernamePasswordsSize; i++) {
    69. 

  69.             const UA_String *user = &usernamePasswords[i].username;
    70. 

  70.             const UA_String *pw = &usernamePasswords[i].password;
    71. 

  71.             if(UA_String_equal(&token->userName, user) &&
    72. 

  72.                UA_String_equal(&token->password, pw)) {
    73. 

  73.                 match = true;
    74. 

  74.                 break;
    75. 

  75.             }
    76. 

  76.         }
    77. 

  77.         if(!match)
    78. 

  78.             return UA_STATUSCODE_BADUSERACCESSDENIED;
    79. 

  79. 

  80.         /* No userdata atm */
    81. 

  81.         *sessionHandle = NULL;
    82. 

  82.         return UA_STATUSCODE_GOOD;
    83. 

  83.     }
    84. 

  84. 

  85.     /* Unsupported token type */
    86. 

  86.     return UA_STATUSCODE_BADIDENTITYTOKENINVALID;
    87. 

  87. }
    88. 

  88. 

  89. void
    90. 

  90. closeSession_default(const UA_NodeId *sessionId,
    91. 

  91.                      void *sessionHandle) {
    92. 

  92.     /* no handle to clean up */
    93. 

  93. }
    94. 

  94. 

  95. UA_UInt32
    96. 

  96. getUserRightsMask_default(const UA_NodeId *sessionId,
    97. 

  97.                           void *sessionHandle,
    98. 

  98.                           const UA_NodeId *nodeId) {
    99. 

  99.     return 0xFFFFFFFF;
    100. 

  100. }
    101. 

  101. 

  102. UA_Byte
    103. 

  103. getUserAccessLevel_default(const UA_NodeId *sessionId,
    104. 

  104.                            void *sessionHandle,
    105. 

  105.                            const UA_NodeId *nodeId) {
    106. 

  106.     return 0xFF;
    107. 

  107. }
    108. 

  108. 

  109. UA_Boolean
    110. 

  110. getUserExecutable_default(const UA_NodeId *sessionId,
    111. 

  111.                           void *sessionHandle,
    112. 

  112.                           const UA_NodeId *nodeId) {
    113. 

  113.     return true;
    114. 

  114. }
    115. 

  115. 

  116. UA_Boolean
    117. 

  117. getUserExecutableOnObject_default(const UA_NodeId *sessionId,
    118. 

  118.                                   void *sessionHandle,
    119. 

  119.                                   const UA_NodeId *methodId,
    120. 

  120.                                   const UA_NodeId *objectId) {
    121. 

  121.     return true;
    122. 

  122. }
    123. 

  123. 

  124. UA_Boolean
    125. 

  125. allowAddNode_default(const UA_NodeId *sessionId,
    126. 

  126.                      void *sessionHandle,
    127. 

  127.                      const UA_AddNodesItem *item) {
    128. 

  128.     return true;
    129. 

  129. }
    130. 

  130. 

  131. UA_Boolean
    132. 

  132. allowAddReference_default(const UA_NodeId *sessionId,
    133. 

  133.                           void *sessionHandle,
    134. 

  134.                           const UA_AddReferencesItem *item) {
    135. 

  135.     return true;
    136. 

  136. }
    137. 

  137. 

  138. UA_Boolean
    139. 

  139. allowDeleteNode_default(const UA_NodeId *sessionId,
    140. 

  140.                         void *sessionHandle,
    141. 

  141.                         const UA_DeleteNodesItem *item) {
    142. 

  142.     return true;
    143. 

  143. }
    144. 

  144.       
    145. 

  145. UA_Boolean
    146. 

  146. allowDeleteReference_default(const UA_NodeId *sessionId,
    147. 

  147.                              void *sessionHandle,
    148. 

  148.                              const UA_DeleteReferencesItem *item) {
    149. 

  149.     return true;
    150. 

  150. }
    151. 

  151.