ua_accesscontrol_default.c 4.3 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118
  1. /* This Source Code Form is subject to the terms of the Mozilla Public
  2. * License, v. 2.0. If a copy of the MPL was not distributed with this
  3. * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
  4. /* This work is licensed under a Creative Commons CCZero 1.0 Universal License.
  5. * See http://creativecommons.org/publicdomain/zero/1.0/ for more information. */
  6. #include "ua_accesscontrol_default.h"
  7. /* We allow login anonymous and with the following username / password. The
  8. * access rights are maximally permissive in this example plugin. */
  9. #define ANONYMOUS_POLICY "open62541-anonymous-policy"
  10. #define USERNAME_POLICY "open62541-username-policy"
  11. #define UA_STRING_STATIC(s) {sizeof(s)-1, (UA_Byte*)s}
  12. const UA_String anonymous_policy = UA_STRING_STATIC(ANONYMOUS_POLICY);
  13. const UA_String username_policy = UA_STRING_STATIC(USERNAME_POLICY);
  14. UA_StatusCode
  15. activateSession_default(const UA_NodeId *sessionId, const UA_ExtensionObject *userIdentityToken,
  16. void **sessionHandle) {
  17. /* Could the token be decoded? */
  18. if(userIdentityToken->encoding < UA_EXTENSIONOBJECT_DECODED)
  19. return UA_STATUSCODE_BADIDENTITYTOKENINVALID;
  20. /* anonymous login */
  21. if(enableAnonymousLogin &&
  22. userIdentityToken->content.decoded.type == &UA_TYPES[UA_TYPES_ANONYMOUSIDENTITYTOKEN]) {
  23. const UA_AnonymousIdentityToken *token = (UA_AnonymousIdentityToken *)userIdentityToken->content.decoded.data;
  24. /* Compatibility notice: Siemens OPC Scout v10 provides an empty
  25. * policyId. This is not compliant. For compatibility we will assume
  26. * that empty policyId == ANONYMOUS_POLICY */
  27. if(token->policyId.data && !UA_String_equal(&token->policyId, &anonymous_policy))
  28. return UA_STATUSCODE_BADIDENTITYTOKENINVALID;
  29. *sessionHandle = NULL;
  30. return UA_STATUSCODE_GOOD;
  31. }
  32. /* username and password */
  33. if(enableUsernamePasswordLogin &&
  34. userIdentityToken->content.decoded.type == &UA_TYPES[UA_TYPES_USERNAMEIDENTITYTOKEN]) {
  35. const UA_UserNameIdentityToken *token = (UA_UserNameIdentityToken *)userIdentityToken->content.decoded.data;
  36. if(!UA_String_equal(&token->policyId, &username_policy))
  37. return UA_STATUSCODE_BADIDENTITYTOKENINVALID;
  38. /* empty username and password */
  39. if(token->userName.length == 0 && token->password.length == 0)
  40. return UA_STATUSCODE_BADIDENTITYTOKENINVALID;
  41. /* trying to match pw/username */
  42. UA_Boolean match = false;
  43. for(size_t i = 0; i < usernamePasswordsSize; i++) {
  44. const UA_String *user = &usernamePasswords[i].username;
  45. const UA_String *pw = &usernamePasswords[i].password;
  46. if(UA_String_equal(&token->userName, user) && UA_String_equal(&token->password, pw)) {
  47. match = true;
  48. break;
  49. }
  50. }
  51. if(!match)
  52. return UA_STATUSCODE_BADUSERACCESSDENIED;
  53. *sessionHandle = NULL;
  54. return UA_STATUSCODE_GOOD;
  55. }
  56. /* Unsupported token type */
  57. return UA_STATUSCODE_BADIDENTITYTOKENINVALID;
  58. }
  59. void
  60. closeSession_default(const UA_NodeId *sessionId, void *sessionHandle) {
  61. /* no handle to clean up */
  62. }
  63. UA_UInt32
  64. getUserRightsMask_default(const UA_NodeId *sessionId, void *sessionHandle, const UA_NodeId *nodeId) {
  65. return 0xFFFFFFFF;
  66. }
  67. UA_Byte
  68. getUserAccessLevel_default(const UA_NodeId *sessionId, void *sessionHandle, const UA_NodeId *nodeId) {
  69. return 0xFF;
  70. }
  71. UA_Boolean
  72. getUserExecutable_default(const UA_NodeId *sessionId, void *sessionHandle, const UA_NodeId *nodeId) {
  73. return true;
  74. }
  75. UA_Boolean
  76. getUserExecutableOnObject_default(const UA_NodeId *sessionId, void *sessionHandle,
  77. const UA_NodeId *methodId, const UA_NodeId *objectId) {
  78. return true;
  79. }
  80. UA_Boolean
  81. allowAddNode_default(const UA_NodeId *sessionId, void *sessionHandle, const UA_AddNodesItem *item) {
  82. return true;
  83. }
  84. UA_Boolean
  85. allowAddReference_default(const UA_NodeId *sessionId, void *sessionHandle, const UA_AddReferencesItem *item) {
  86. return true;
  87. }
  88. UA_Boolean
  89. allowDeleteNode_default(const UA_NodeId *sessionId, void *sessionHandle, const UA_DeleteNodesItem *item) {
  90. return true;
  91. }
  92. UA_Boolean
  93. allowDeleteReference_default(const UA_NodeId *sessionId, void *sessionHandle, const UA_DeleteReferencesItem *item) {
  94. return true;
  95. }