ua_plugin_access_control.h 4.0 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596
  1. /* This Source Code Form is subject to the terms of the Mozilla Public
  2. * License, v. 2.0. If a copy of the MPL was not distributed with this
  3. * file, You can obtain one at http://mozilla.org/MPL/2.0/.
  4. *
  5. * Copyright 2017 (c) Fraunhofer IOSB (Author: Julius Pfrommer)
  6. * Copyright 2017 (c) Stefan Profanter, fortiss GmbH
  7. */
  8. #ifndef UA_PLUGIN_ACCESS_CONTROL_H_
  9. #define UA_PLUGIN_ACCESS_CONTROL_H_
  10. #ifdef __cplusplus
  11. extern "C" {
  12. #endif
  13. #include "ua_types.h"
  14. /**
  15. * .. _access-control:
  16. *
  17. * Access Control Plugin API
  18. * =========================
  19. * The access control callback is used to authenticate sessions and grant access
  20. * rights accordingly. */
  21. struct UA_AccessControl;
  22. typedef struct UA_AccessControl UA_AccessControl;
  23. struct UA_AccessControl {
  24. void *context;
  25. void (*deleteMembers)(UA_AccessControl *ac);
  26. /* Supported login mechanisms. The server endpoints are created from here. */
  27. size_t userTokenPoliciesSize;
  28. UA_UserTokenPolicy *userTokenPolicies;
  29. /* Authenticate a session. The session context is attached to the session and
  30. * later passed into the node-based access control callbacks. */
  31. UA_StatusCode (*activateSession)(UA_Server *server, UA_AccessControl *ac,
  32. const UA_NodeId *sessionId,
  33. const UA_ExtensionObject *userIdentityToken,
  34. void **sessionContext);
  35. /* Deauthenticate a session and cleanup */
  36. void (*closeSession)(UA_Server *server, UA_AccessControl *ac,
  37. const UA_NodeId *sessionId, void *sessionContext);
  38. /* Access control for all nodes*/
  39. UA_UInt32 (*getUserRightsMask)(UA_Server *server, UA_AccessControl *ac,
  40. const UA_NodeId *sessionId, void *sessionContext,
  41. const UA_NodeId *nodeId, void *nodeContext);
  42. /* Additional access control for variable nodes */
  43. UA_Byte (*getUserAccessLevel)(UA_Server *server, UA_AccessControl *ac,
  44. const UA_NodeId *sessionId, void *sessionContext,
  45. const UA_NodeId *nodeId, void *nodeContext);
  46. /* Additional access control for method nodes */
  47. UA_Boolean (*getUserExecutable)(UA_Server *server, UA_AccessControl *ac,
  48. const UA_NodeId *sessionId, void *sessionContext,
  49. const UA_NodeId *methodId, void *methodContext);
  50. /* Additional access control for calling a method node in the context of a
  51. * specific object */
  52. UA_Boolean (*getUserExecutableOnObject)(UA_Server *server, UA_AccessControl *ac,
  53. const UA_NodeId *sessionId, void *sessionContext,
  54. const UA_NodeId *methodId, void *methodContext,
  55. const UA_NodeId *objectId, void *objectContext);
  56. /* Allow adding a node */
  57. UA_Boolean (*allowAddNode)(UA_Server *server, UA_AccessControl *ac,
  58. const UA_NodeId *sessionId, void *sessionContext,
  59. const UA_AddNodesItem *item);
  60. /* Allow adding a reference */
  61. UA_Boolean (*allowAddReference)(UA_Server *server, UA_AccessControl *ac,
  62. const UA_NodeId *sessionId, void *sessionContext,
  63. const UA_AddReferencesItem *item);
  64. /* Allow deleting a node */
  65. UA_Boolean (*allowDeleteNode)(UA_Server *server, UA_AccessControl *ac,
  66. const UA_NodeId *sessionId, void *sessionContext,
  67. const UA_DeleteNodesItem *item);
  68. /* Allow deleting a reference */
  69. UA_Boolean (*allowDeleteReference)(UA_Server *server, UA_AccessControl *ac,
  70. const UA_NodeId *sessionId, void *sessionContext,
  71. const UA_DeleteReferencesItem *item);
  72. };
  73. #ifdef __cplusplus
  74. }
  75. #endif
  76. #endif /* UA_PLUGIN_ACCESS_CONTROL_H_ */