ua_accesscontrol_default.c 5.1 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151
  1. /* This work is licensed under a Creative Commons CCZero 1.0 Universal License.
  2. * See http://creativecommons.org/publicdomain/zero/1.0/ for more information. */
  3. #include "ua_accesscontrol_default.h"
  4. /* Example access control management. Anonymous and username / password login.
  5. * The access rights are maximally permissive. */
  6. #define ANONYMOUS_POLICY "open62541-anonymous-policy"
  7. #define USERNAME_POLICY "open62541-username-policy"
  8. // TODO: There should be one definition of these strings in the endpoint.
  9. // Put the endpoint definition in the access control struct?
  10. #define UA_STRING_STATIC(s) {sizeof(s)-1, (UA_Byte*)s}
  11. const UA_String anonymous_policy = UA_STRING_STATIC(ANONYMOUS_POLICY);
  12. const UA_String username_policy = UA_STRING_STATIC(USERNAME_POLICY);
  13. typedef struct {
  14. UA_String username;
  15. UA_String password;
  16. } UA_UsernamePasswordLogin;
  17. const size_t usernamePasswordsSize = 2;
  18. UA_UsernamePasswordLogin usernamePasswords[2] = {
  19. { UA_STRING_STATIC("user1"), UA_STRING_STATIC("password") },
  20. { UA_STRING_STATIC("user2"), UA_STRING_STATIC("password1") } };
  21. UA_StatusCode
  22. activateSession_default(const UA_NodeId *sessionId,
  23. const UA_ExtensionObject *userIdentityToken,
  24. void **sessionHandle) {
  25. /* Could the token be decoded? */
  26. if(userIdentityToken->encoding < UA_EXTENSIONOBJECT_DECODED)
  27. return UA_STATUSCODE_BADIDENTITYTOKENINVALID;
  28. /* Anonymous login */
  29. if(userIdentityToken->content.decoded.type ==
  30. &UA_TYPES[UA_TYPES_ANONYMOUSIDENTITYTOKEN]) {
  31. const UA_AnonymousIdentityToken *token =
  32. (UA_AnonymousIdentityToken*)userIdentityToken->content.decoded.data;
  33. /* Compatibility notice: Siemens OPC Scout v10 provides an empty
  34. * policyId. This is not compliant. For compatibility, assume that empty
  35. * policyId == ANONYMOUS_POLICY */
  36. if(token->policyId.data &&
  37. !UA_String_equal(&token->policyId, &anonymous_policy))
  38. return UA_STATUSCODE_BADIDENTITYTOKENINVALID;
  39. /* No userdata atm */
  40. *sessionHandle = NULL;
  41. return UA_STATUSCODE_GOOD;
  42. }
  43. /* Username and password */
  44. if(userIdentityToken->content.decoded.type ==
  45. &UA_TYPES[UA_TYPES_USERNAMEIDENTITYTOKEN]) {
  46. const UA_UserNameIdentityToken *token =
  47. (UA_UserNameIdentityToken*)userIdentityToken->content.decoded.data;
  48. if(!UA_String_equal(&token->policyId, &username_policy) || token->encryptionAlgorithm.length > 0)
  49. return UA_STATUSCODE_BADIDENTITYTOKENINVALID;
  50. /* Empty username and password */
  51. if(token->userName.length == 0 && token->password.length == 0)
  52. return UA_STATUSCODE_BADIDENTITYTOKENINVALID;
  53. /* Try to match username/pw */
  54. UA_Boolean match = false;
  55. for(size_t i = 0; i < usernamePasswordsSize; i++) {
  56. const UA_String *user = &usernamePasswords[i].username;
  57. const UA_String *pw = &usernamePasswords[i].password;
  58. if(UA_String_equal(&token->userName, user) &&
  59. UA_String_equal(&token->password, pw)) {
  60. match = true;
  61. break;
  62. }
  63. }
  64. if(!match)
  65. return UA_STATUSCODE_BADUSERACCESSDENIED;
  66. /* No userdata atm */
  67. *sessionHandle = NULL;
  68. return UA_STATUSCODE_GOOD;
  69. }
  70. /* Unsupported token type */
  71. return UA_STATUSCODE_BADIDENTITYTOKENINVALID;
  72. }
  73. void
  74. closeSession_default(const UA_NodeId *sessionId,
  75. void *sessionHandle) {
  76. /* no handle to clean up */
  77. }
  78. UA_UInt32
  79. getUserRightsMask_default(const UA_NodeId *sessionId,
  80. void *sessionHandle,
  81. const UA_NodeId *nodeId) {
  82. return 0xFFFFFFFF;
  83. }
  84. UA_Byte
  85. getUserAccessLevel_default(const UA_NodeId *sessionId,
  86. void *sessionHandle,
  87. const UA_NodeId *nodeId) {
  88. return 0xFF;
  89. }
  90. UA_Boolean
  91. getUserExecutable_default(const UA_NodeId *sessionId,
  92. void *sessionHandle,
  93. const UA_NodeId *nodeId) {
  94. return true;
  95. }
  96. UA_Boolean
  97. getUserExecutableOnObject_default(const UA_NodeId *sessionId,
  98. void *sessionHandle,
  99. const UA_NodeId *methodId,
  100. const UA_NodeId *objectId) {
  101. return true;
  102. }
  103. UA_Boolean
  104. allowAddNode_default(const UA_NodeId *sessionId,
  105. void *sessionHandle,
  106. const UA_AddNodesItem *item) {
  107. return true;
  108. }
  109. UA_Boolean
  110. allowAddReference_default(const UA_NodeId *sessionId,
  111. void *sessionHandle,
  112. const UA_AddReferencesItem *item) {
  113. return true;
  114. }
  115. UA_Boolean
  116. allowDeleteNode_default(const UA_NodeId *sessionId,
  117. void *sessionHandle,
  118. const UA_DeleteNodesItem *item) {
  119. return true;
  120. }
  121. UA_Boolean
  122. allowDeleteReference_default(const UA_NodeId *sessionId,
  123. void *sessionHandle,
  124. const UA_DeleteReferencesItem *item) {
  125. return true;
  126. }