ua_plugin_access_control.h 4.3 KB

12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061626364656667686970717273747576777879808182838485868788899091929394959697
  1. /* This Source Code Form is subject to the terms of the Mozilla Public
  2. * License, v. 2.0. If a copy of the MPL was not distributed with this
  3. * file, You can obtain one at http://mozilla.org/MPL/2.0/.
  4. *
  5. * Copyright 2017 (c) Fraunhofer IOSB (Author: Julius Pfrommer)
  6. * Copyright 2017 (c) Stefan Profanter, fortiss GmbH
  7. */
  8. #ifndef UA_PLUGIN_ACCESS_CONTROL_H_
  9. #define UA_PLUGIN_ACCESS_CONTROL_H_
  10. #include "ua_types.h"
  11. #include "ua_server.h"
  12. _UA_BEGIN_DECLS
  13. struct UA_AccessControl;
  14. typedef struct UA_AccessControl UA_AccessControl;
  15. /**
  16. * .. _access-control:
  17. *
  18. * Access Control Plugin API
  19. * =========================
  20. * The access control callback is used to authenticate sessions and grant access
  21. * rights accordingly. */
  22. struct UA_AccessControl {
  23. void *context;
  24. void (*deleteMembers)(UA_AccessControl *ac);
  25. /* Supported login mechanisms. The server endpoints are created from here. */
  26. size_t userTokenPoliciesSize;
  27. UA_UserTokenPolicy *userTokenPolicies;
  28. /* Authenticate a session. The session context is attached to the session
  29. * and later passed into the node-based access control callbacks. The new
  30. * session is rejected if a StatusCode other than UA_STATUSCODE_GOOD is
  31. * returned. */
  32. UA_StatusCode (*activateSession)(UA_Server *server, UA_AccessControl *ac,
  33. const UA_EndpointDescription *endpointDescription,
  34. const UA_ByteString *secureChannelRemoteCertificate,
  35. const UA_NodeId *sessionId,
  36. const UA_ExtensionObject *userIdentityToken,
  37. void **sessionContext);
  38. /* Deauthenticate a session and cleanup */
  39. void (*closeSession)(UA_Server *server, UA_AccessControl *ac,
  40. const UA_NodeId *sessionId, void *sessionContext);
  41. /* Access control for all nodes*/
  42. UA_UInt32 (*getUserRightsMask)(UA_Server *server, UA_AccessControl *ac,
  43. const UA_NodeId *sessionId, void *sessionContext,
  44. const UA_NodeId *nodeId, void *nodeContext);
  45. /* Additional access control for variable nodes */
  46. UA_Byte (*getUserAccessLevel)(UA_Server *server, UA_AccessControl *ac,
  47. const UA_NodeId *sessionId, void *sessionContext,
  48. const UA_NodeId *nodeId, void *nodeContext);
  49. /* Additional access control for method nodes */
  50. UA_Boolean (*getUserExecutable)(UA_Server *server, UA_AccessControl *ac,
  51. const UA_NodeId *sessionId, void *sessionContext,
  52. const UA_NodeId *methodId, void *methodContext);
  53. /* Additional access control for calling a method node in the context of a
  54. * specific object */
  55. UA_Boolean (*getUserExecutableOnObject)(UA_Server *server, UA_AccessControl *ac,
  56. const UA_NodeId *sessionId, void *sessionContext,
  57. const UA_NodeId *methodId, void *methodContext,
  58. const UA_NodeId *objectId, void *objectContext);
  59. /* Allow adding a node */
  60. UA_Boolean (*allowAddNode)(UA_Server *server, UA_AccessControl *ac,
  61. const UA_NodeId *sessionId, void *sessionContext,
  62. const UA_AddNodesItem *item);
  63. /* Allow adding a reference */
  64. UA_Boolean (*allowAddReference)(UA_Server *server, UA_AccessControl *ac,
  65. const UA_NodeId *sessionId, void *sessionContext,
  66. const UA_AddReferencesItem *item);
  67. /* Allow deleting a node */
  68. UA_Boolean (*allowDeleteNode)(UA_Server *server, UA_AccessControl *ac,
  69. const UA_NodeId *sessionId, void *sessionContext,
  70. const UA_DeleteNodesItem *item);
  71. /* Allow deleting a reference */
  72. UA_Boolean (*allowDeleteReference)(UA_Server *server, UA_AccessControl *ac,
  73. const UA_NodeId *sessionId, void *sessionContext,
  74. const UA_DeleteReferencesItem *item);
  75. };
  76. _UA_END_DECLS
  77. #endif /* UA_PLUGIN_ACCESS_CONTROL_H_ */