ua_services_session.c 7.3 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152
  1. #include "ua_services.h"
  2. #include "ua_server_internal.h"
  3. #include "ua_session_manager.h"
  4. #include "ua_types_generated_encoding_binary.h"
  5. void Service_CreateSession(UA_Server *server, UA_SecureChannel *channel,
  6. const UA_CreateSessionRequest *request,
  7. UA_CreateSessionResponse *response) {
  8. if(channel->securityToken.channelId == 0) {
  9. response->responseHeader.serviceResult = UA_STATUSCODE_BADSECURECHANNELIDINVALID;
  10. return;
  11. }
  12. /* Copy the server's endpoint into the response */
  13. response->responseHeader.serviceResult =
  14. UA_Array_copy(server->endpointDescriptions, server->endpointDescriptionsSize,
  15. (void**)&response->serverEndpoints, &UA_TYPES[UA_TYPES_ENDPOINTDESCRIPTION]);
  16. if(response->responseHeader.serviceResult != UA_STATUSCODE_GOOD)
  17. return;
  18. response->serverEndpointsSize = server->endpointDescriptionsSize;
  19. /* Mirror back the endpointUrl */
  20. for(size_t i = 0; i < response->serverEndpointsSize; i++)
  21. UA_String_copy(&request->endpointUrl, &response->serverEndpoints[i].endpointUrl);
  22. UA_Session *newSession;
  23. response->responseHeader.serviceResult =
  24. UA_SessionManager_createSession(&server->sessionManager, channel, request, &newSession);
  25. if(response->responseHeader.serviceResult != UA_STATUSCODE_GOOD) {
  26. UA_LOG_DEBUG_CHANNEL(server->config.logger, channel, "Processing CreateSessionRequest failed");
  27. return;
  28. }
  29. newSession->maxResponseMessageSize = request->maxResponseMessageSize;
  30. newSession->maxRequestMessageSize = channel->connection->localConf.maxMessageSize;
  31. response->sessionId = newSession->sessionId;
  32. response->revisedSessionTimeout = (UA_Double)newSession->timeout;
  33. response->authenticationToken = newSession->authenticationToken;
  34. response->responseHeader.serviceResult = UA_String_copy(&request->sessionName, &newSession->sessionName);
  35. if(server->endpointDescriptionsSize > 0)
  36. response->responseHeader.serviceResult |=
  37. UA_ByteString_copy(&server->endpointDescriptions->serverCertificate,
  38. &response->serverCertificate);
  39. if(response->responseHeader.serviceResult != UA_STATUSCODE_GOOD) {
  40. UA_SessionManager_removeSession(&server->sessionManager, &newSession->authenticationToken);
  41. return;
  42. }
  43. UA_LOG_DEBUG_CHANNEL(server->config.logger, channel, "Session " UA_PRINTF_GUID_FORMAT " created",
  44. UA_PRINTF_GUID_DATA(newSession->sessionId.identifier.guid));
  45. }
  46. void
  47. Service_ActivateSession(UA_Server *server, UA_SecureChannel *channel,
  48. UA_Session *session, const UA_ActivateSessionRequest *request,
  49. UA_ActivateSessionResponse *response) {
  50. if(session->validTill < UA_DateTime_nowMonotonic()) {
  51. UA_LOG_INFO_SESSION(server->config.logger, session, "ActivateSession: SecureChannel %i wants "
  52. "to activate, but the session has timed out", channel->securityToken.channelId);
  53. response->responseHeader.serviceResult = UA_STATUSCODE_BADSESSIONIDINVALID;
  54. return;
  55. }
  56. if(request->userIdentityToken.encoding < UA_EXTENSIONOBJECT_DECODED ||
  57. (request->userIdentityToken.content.decoded.type != &UA_TYPES[UA_TYPES_ANONYMOUSIDENTITYTOKEN] &&
  58. request->userIdentityToken.content.decoded.type != &UA_TYPES[UA_TYPES_USERNAMEIDENTITYTOKEN])) {
  59. UA_LOG_INFO_SESSION(server->config.logger, session, "ActivateSession: SecureChannel %i wants "
  60. "to activate, but the UserIdentify token is invalid", channel->securityToken.channelId);
  61. response->responseHeader.serviceResult = UA_STATUSCODE_BADIDENTITYTOKENINVALID;
  62. return;
  63. }
  64. UA_String ap = UA_STRING(ANONYMOUS_POLICY);
  65. UA_String up = UA_STRING(USERNAME_POLICY);
  66. /* Compatibility notice: Siemens OPC Scout v10 provides an empty policyId,
  67. this is not okay For compatibility we will assume that empty policyId == ANONYMOUS_POLICY
  68. if(token.policyId->data == NULL)
  69. response->responseHeader.serviceResult = UA_STATUSCODE_BADIDENTITYTOKENINVALID;
  70. */
  71. if(server->config.enableAnonymousLogin &&
  72. request->userIdentityToken.content.decoded.type == &UA_TYPES[UA_TYPES_ANONYMOUSIDENTITYTOKEN]) {
  73. /* anonymous login */
  74. const UA_AnonymousIdentityToken *token = request->userIdentityToken.content.decoded.data;
  75. if(token->policyId.data && !UA_String_equal(&token->policyId, &ap)) {
  76. response->responseHeader.serviceResult = UA_STATUSCODE_BADIDENTITYTOKENINVALID;
  77. return;
  78. }
  79. } else if(server->config.enableUsernamePasswordLogin &&
  80. request->userIdentityToken.content.decoded.type == &UA_TYPES[UA_TYPES_USERNAMEIDENTITYTOKEN]) {
  81. /* username login */
  82. const UA_UserNameIdentityToken *token = request->userIdentityToken.content.decoded.data;
  83. if(!UA_String_equal(&token->policyId, &up)) {
  84. response->responseHeader.serviceResult = UA_STATUSCODE_BADIDENTITYTOKENINVALID;
  85. return;
  86. }
  87. if(token->encryptionAlgorithm.length > 0) {
  88. /* we don't support encryption */
  89. response->responseHeader.serviceResult = UA_STATUSCODE_BADIDENTITYTOKENINVALID;
  90. return;
  91. }
  92. if(token->userName.length == 0 && token->password.length == 0) {
  93. /* empty username and password */
  94. response->responseHeader.serviceResult = UA_STATUSCODE_BADIDENTITYTOKENINVALID;
  95. return;
  96. }
  97. /* trying to match pw/username */
  98. UA_Boolean match = false;
  99. for(size_t i = 0; i < server->config.usernamePasswordLoginsSize; i++) {
  100. UA_String *user = &server->config.usernamePasswordLogins[i].username;
  101. UA_String *pw = &server->config.usernamePasswordLogins[i].password;
  102. if(UA_String_equal(&token->userName, user) && UA_String_equal(&token->password, pw)) {
  103. match = true;
  104. break;
  105. }
  106. }
  107. if(!match) {
  108. UA_LOG_INFO_SESSION(server->config.logger, session,
  109. "ActivateSession: Did not find matching username/password");
  110. response->responseHeader.serviceResult = UA_STATUSCODE_BADUSERACCESSDENIED;
  111. return;
  112. }
  113. } else {
  114. /* Unsupported token type */
  115. response->responseHeader.serviceResult = UA_STATUSCODE_BADIDENTITYTOKENINVALID;
  116. return;
  117. }
  118. /* Detach the old SecureChannel */
  119. if(session->channel && session->channel != channel) {
  120. UA_LOG_INFO_SESSION(server->config.logger, session, "ActivateSession: Detach from old channel");
  121. UA_SecureChannel_detachSession(session->channel, session);
  122. }
  123. /* Attach to the SecureChannel and activate */
  124. UA_SecureChannel_attachSession(channel, session);
  125. session->activated = true;
  126. UA_Session_updateLifetime(session);
  127. UA_LOG_INFO_SESSION(server->config.logger, session, "ActivateSession: Session activated");
  128. }
  129. void
  130. Service_CloseSession(UA_Server *server, UA_Session *session, const UA_CloseSessionRequest *request,
  131. UA_CloseSessionResponse *response) {
  132. UA_LOG_INFO_SESSION(server->config.logger, session, "CloseSession");
  133. response->responseHeader.serviceResult =
  134. UA_SessionManager_removeSession(&server->sessionManager, &session->authenticationToken);
  135. }