ua_accesscontrol_default.c 5.1 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146
  1. /* This work is licensed under a Creative Commons CCZero 1.0 Universal License.
  2. * See http://creativecommons.org/publicdomain/zero/1.0/ for more information. */
  3. #include "ua_accesscontrol_default.h"
  4. /* Example access control management. Anonymous and username / password login.
  5. * The access rights are maximally permissive. */
  6. #define ANONYMOUS_POLICY "open62541-anonymous-policy"
  7. #define USERNAME_POLICY "open62541-username-policy"
  8. // TODO: There should be one definition of these strings in the endpoint.
  9. // Put the endpoint definition in the access control struct?
  10. #define UA_STRING_STATIC(s) {sizeof(s)-1, (UA_Byte*)s}
  11. const UA_String anonymous_policy = UA_STRING_STATIC(ANONYMOUS_POLICY);
  12. const UA_String username_policy = UA_STRING_STATIC(USERNAME_POLICY);
  13. typedef struct {
  14. UA_String username;
  15. UA_String password;
  16. } UA_UsernamePasswordLogin;
  17. const size_t usernamePasswordsSize = 2;
  18. UA_UsernamePasswordLogin usernamePasswords[2] = {
  19. { UA_STRING_STATIC("user1"), UA_STRING_STATIC("password") },
  20. { UA_STRING_STATIC("user2"), UA_STRING_STATIC("password1") } };
  21. UA_StatusCode
  22. activateSession_default(const UA_NodeId *sessionId,
  23. const UA_ExtensionObject *userIdentityToken,
  24. void **sessionContext) {
  25. /* Could the token be decoded? */
  26. if(userIdentityToken->encoding < UA_EXTENSIONOBJECT_DECODED)
  27. return UA_STATUSCODE_BADIDENTITYTOKENINVALID;
  28. /* Anonymous login */
  29. if(userIdentityToken->content.decoded.type ==
  30. &UA_TYPES[UA_TYPES_ANONYMOUSIDENTITYTOKEN]) {
  31. const UA_AnonymousIdentityToken *token =
  32. (UA_AnonymousIdentityToken*)userIdentityToken->content.decoded.data;
  33. /* Compatibility notice: Siemens OPC Scout v10 provides an empty
  34. * policyId. This is not compliant. For compatibility, assume that empty
  35. * policyId == ANONYMOUS_POLICY */
  36. if(token->policyId.data &&
  37. !UA_String_equal(&token->policyId, &anonymous_policy))
  38. return UA_STATUSCODE_BADIDENTITYTOKENINVALID;
  39. /* No userdata atm */
  40. *sessionContext = NULL;
  41. return UA_STATUSCODE_GOOD;
  42. }
  43. /* Username and password */
  44. if(userIdentityToken->content.decoded.type ==
  45. &UA_TYPES[UA_TYPES_USERNAMEIDENTITYTOKEN]) {
  46. const UA_UserNameIdentityToken *token =
  47. (UA_UserNameIdentityToken*)userIdentityToken->content.decoded.data;
  48. if(!UA_String_equal(&token->policyId, &username_policy))
  49. return UA_STATUSCODE_BADIDENTITYTOKENINVALID;
  50. /* TODO: Support encrypted username/password over unencrypted SecureChannels */
  51. if(token->encryptionAlgorithm.length > 0)
  52. return UA_STATUSCODE_BADIDENTITYTOKENINVALID;
  53. /* Empty username and password */
  54. if(token->userName.length == 0 && token->password.length == 0)
  55. return UA_STATUSCODE_BADIDENTITYTOKENINVALID;
  56. /* Try to match username/pw */
  57. UA_Boolean match = false;
  58. for(size_t i = 0; i < usernamePasswordsSize; i++) {
  59. const UA_String *user = &usernamePasswords[i].username;
  60. const UA_String *pw = &usernamePasswords[i].password;
  61. if(UA_String_equal(&token->userName, user) &&
  62. UA_String_equal(&token->password, pw)) {
  63. match = true;
  64. break;
  65. }
  66. }
  67. if(!match)
  68. return UA_STATUSCODE_BADUSERACCESSDENIED;
  69. /* No userdata atm */
  70. *sessionContext = NULL;
  71. return UA_STATUSCODE_GOOD;
  72. }
  73. /* Unsupported token type */
  74. return UA_STATUSCODE_BADIDENTITYTOKENINVALID;
  75. }
  76. void
  77. closeSession_default(const UA_NodeId *sessionId, void *sessionContext) {
  78. /* no context to clean up */
  79. }
  80. UA_UInt32
  81. getUserRightsMask_default(const UA_NodeId *sessionId, void *sessionContext,
  82. const UA_NodeId *nodeId, void *nodeContext) {
  83. return 0xFFFFFFFF;
  84. }
  85. UA_Byte
  86. getUserAccessLevel_default(const UA_NodeId *sessionId, void *sessionContext,
  87. const UA_NodeId *nodeId, void *nodeContext) {
  88. return 0xFF;
  89. }
  90. UA_Boolean
  91. getUserExecutable_default(const UA_NodeId *sessionId, void *sessionContext,
  92. const UA_NodeId *methodId, void *methodContext) {
  93. return true;
  94. }
  95. UA_Boolean
  96. getUserExecutableOnObject_default(const UA_NodeId *sessionId, void *sessionContext,
  97. const UA_NodeId *methodId, void *methodContext,
  98. const UA_NodeId *objectId, void *objectContext) {
  99. return true;
  100. }
  101. UA_Boolean
  102. allowAddNode_default(const UA_NodeId *sessionId, void *sessionContext,
  103. const UA_AddNodesItem *item) {
  104. return true;
  105. }
  106. UA_Boolean
  107. allowAddReference_default(const UA_NodeId *sessionId, void *sessionContext,
  108. const UA_AddReferencesItem *item) {
  109. return true;
  110. }
  111. UA_Boolean
  112. allowDeleteNode_default(const UA_NodeId *sessionId, void *sessionContext,
  113. const UA_DeleteNodesItem *item) {
  114. return true;
  115. }
  116. UA_Boolean
  117. allowDeleteReference_default(const UA_NodeId *sessionId, void *sessionContext,
  118. const UA_DeleteReferencesItem *item) {
  119. return true;
  120. }