ua_accesscontrol_default.c 5.0 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142
  1. /* This work is licensed under a Creative Commons CCZero 1.0 Universal License.
  2. * See http://creativecommons.org/publicdomain/zero/1.0/ for more information. */
  3. #include "ua_accesscontrol_default.h"
  4. /* Example access control management. Anonymous and username / password login.
  5. * The access rights are maximally permissive. */
  6. #define ANONYMOUS_POLICY "open62541-anonymous-policy"
  7. #define USERNAME_POLICY "open62541-username-policy"
  8. // TODO: There should be one definition of these strings in the endpoint.
  9. // Put the endpoint definition in the access control struct?
  10. #define UA_STRING_STATIC(s) {sizeof(s)-1, (UA_Byte*)s}
  11. const UA_String anonymous_policy = UA_STRING_STATIC(ANONYMOUS_POLICY);
  12. const UA_String username_policy = UA_STRING_STATIC(USERNAME_POLICY);
  13. typedef struct {
  14. UA_String username;
  15. UA_String password;
  16. } UA_UsernamePasswordLogin;
  17. const size_t usernamePasswordsSize = 2;
  18. UA_UsernamePasswordLogin usernamePasswords[2] = {
  19. { UA_STRING_STATIC("user1"), UA_STRING_STATIC("password") },
  20. { UA_STRING_STATIC("user2"), UA_STRING_STATIC("password1") } };
  21. UA_StatusCode
  22. activateSession_default(const UA_NodeId *sessionId,
  23. const UA_ExtensionObject *userIdentityToken,
  24. void **sessionContext) {
  25. /* Could the token be decoded? */
  26. if(userIdentityToken->encoding < UA_EXTENSIONOBJECT_DECODED)
  27. return UA_STATUSCODE_BADIDENTITYTOKENINVALID;
  28. /* Anonymous login */
  29. if(userIdentityToken->content.decoded.type ==
  30. &UA_TYPES[UA_TYPES_ANONYMOUSIDENTITYTOKEN]) {
  31. const UA_AnonymousIdentityToken *token =
  32. (UA_AnonymousIdentityToken*)userIdentityToken->content.decoded.data;
  33. /* Compatibility notice: Siemens OPC Scout v10 provides an empty
  34. * policyId. This is not compliant. For compatibility, assume that empty
  35. * policyId == ANONYMOUS_POLICY */
  36. if(token->policyId.data &&
  37. !UA_String_equal(&token->policyId, &anonymous_policy))
  38. return UA_STATUSCODE_BADIDENTITYTOKENINVALID;
  39. /* No userdata atm */
  40. *sessionContext = NULL;
  41. return UA_STATUSCODE_GOOD;
  42. }
  43. /* Username and password */
  44. if(userIdentityToken->content.decoded.type ==
  45. &UA_TYPES[UA_TYPES_USERNAMEIDENTITYTOKEN]) {
  46. const UA_UserNameIdentityToken *token =
  47. (UA_UserNameIdentityToken*)userIdentityToken->content.decoded.data;
  48. if(!UA_String_equal(&token->policyId, &username_policy) || token->encryptionAlgorithm.length > 0)
  49. return UA_STATUSCODE_BADIDENTITYTOKENINVALID;
  50. /* Empty username and password */
  51. if(token->userName.length == 0 && token->password.length == 0)
  52. return UA_STATUSCODE_BADIDENTITYTOKENINVALID;
  53. /* Try to match username/pw */
  54. UA_Boolean match = false;
  55. for(size_t i = 0; i < usernamePasswordsSize; i++) {
  56. const UA_String *user = &usernamePasswords[i].username;
  57. const UA_String *pw = &usernamePasswords[i].password;
  58. if(UA_String_equal(&token->userName, user) &&
  59. UA_String_equal(&token->password, pw)) {
  60. match = true;
  61. break;
  62. }
  63. }
  64. if(!match)
  65. return UA_STATUSCODE_BADUSERACCESSDENIED;
  66. /* No userdata atm */
  67. *sessionContext = NULL;
  68. return UA_STATUSCODE_GOOD;
  69. }
  70. /* Unsupported token type */
  71. return UA_STATUSCODE_BADIDENTITYTOKENINVALID;
  72. }
  73. void
  74. closeSession_default(const UA_NodeId *sessionId, void *sessionContext) {
  75. /* no context to clean up */
  76. }
  77. UA_UInt32
  78. getUserRightsMask_default(const UA_NodeId *sessionId, void *sessionContext,
  79. const UA_NodeId *nodeId, void *nodeContext) {
  80. return 0xFFFFFFFF;
  81. }
  82. UA_Byte
  83. getUserAccessLevel_default(const UA_NodeId *sessionId, void *sessionContext,
  84. const UA_NodeId *nodeId, void *nodeContext) {
  85. return 0xFF;
  86. }
  87. UA_Boolean
  88. getUserExecutable_default(const UA_NodeId *sessionId, void *sessionContext,
  89. const UA_NodeId *methodId, void *methodContext) {
  90. return true;
  91. }
  92. UA_Boolean
  93. getUserExecutableOnObject_default(const UA_NodeId *sessionId, void *sessionContext,
  94. const UA_NodeId *methodId, void *methodContext,
  95. const UA_NodeId *objectId, void *objectContext) {
  96. return true;
  97. }
  98. UA_Boolean
  99. allowAddNode_default(const UA_NodeId *sessionId, void *sessionContext,
  100. const UA_AddNodesItem *item) {
  101. return true;
  102. }
  103. UA_Boolean
  104. allowAddReference_default(const UA_NodeId *sessionId, void *sessionContext,
  105. const UA_AddReferencesItem *item) {
  106. return true;
  107. }
  108. UA_Boolean
  109. allowDeleteNode_default(const UA_NodeId *sessionId, void *sessionContext,
  110. const UA_DeleteNodesItem *item) {
  111. return true;
  112. }
  113. UA_Boolean
  114. allowDeleteReference_default(const UA_NodeId *sessionId, void *sessionContext,
  115. const UA_DeleteReferencesItem *item) {
  116. return true;
  117. }