|
|
@@ -434,6 +434,57 @@ setInformationModel(UA_Server *server) {
|
|
|
#endif
|
|
|
}
|
|
|
|
|
|
+static void
|
|
|
+disableAnonymous(UA_ServerConfig *config) {
|
|
|
+ for(size_t i = 0; i < config->endpointsSize; i++) {
|
|
|
+ UA_EndpointDescription *ep = &config->endpoints[i];
|
|
|
+
|
|
|
+ for(size_t j = 0; j < ep->userIdentityTokensSize; j++) {
|
|
|
+ UA_UserTokenPolicy *utp = &ep->userIdentityTokens[j];
|
|
|
+ if(utp->tokenType != UA_USERTOKENTYPE_ANONYMOUS)
|
|
|
+ continue;
|
|
|
+
|
|
|
+ UA_UserTokenPolicy_clear(utp);
|
|
|
+ /* Move the last to this position */
|
|
|
+ if(j + 1 < ep->userIdentityTokensSize) {
|
|
|
+ ep->userIdentityTokens[j] = ep->userIdentityTokens[ep->userIdentityTokensSize-1];
|
|
|
+ j--;
|
|
|
+ }
|
|
|
+ ep->userIdentityTokensSize--;
|
|
|
+ }
|
|
|
+
|
|
|
+ /* Delete the entire array if the last UserTokenPolicy was removed */
|
|
|
+ if(ep->userIdentityTokensSize == 0) {
|
|
|
+ UA_free(ep->userIdentityTokens);
|
|
|
+ ep->userIdentityTokens = NULL;
|
|
|
+ }
|
|
|
+ }
|
|
|
+}
|
|
|
+
|
|
|
+#ifdef UA_ENABLE_ENCRYPTION
|
|
|
+static void
|
|
|
+disableUnencrypted(UA_ServerConfig *config) {
|
|
|
+ for(size_t i = 0; i < config->endpointsSize; i++) {
|
|
|
+ UA_EndpointDescription *ep = &config->endpoints[i];
|
|
|
+ if(ep->securityMode != UA_MESSAGESECURITYMODE_NONE)
|
|
|
+ continue;
|
|
|
+
|
|
|
+ UA_EndpointDescription_clear(ep);
|
|
|
+ /* Move the last to this position */
|
|
|
+ if(i + 1 < config->endpointsSize) {
|
|
|
+ config->endpoints[i] = config->endpoints[config->endpointsSize-1];
|
|
|
+ i--;
|
|
|
+ }
|
|
|
+ config->endpointsSize--;
|
|
|
+ }
|
|
|
+ /* Delete the entire array if the last Endpoint was removed */
|
|
|
+ if(config->endpointsSize== 0) {
|
|
|
+ UA_free(config->endpoints);
|
|
|
+ config->endpoints = NULL;
|
|
|
+ }
|
|
|
+}
|
|
|
+#endif
|
|
|
+
|
|
|
UA_Boolean running = true;
|
|
|
|
|
|
static void
|
|
|
@@ -446,10 +497,16 @@ static void
|
|
|
usage(void) {
|
|
|
UA_LOG_WARNING(UA_Log_Stdout, UA_LOGCATEGORY_USERLAND,
|
|
|
"Usage:\n"
|
|
|
+#ifndef UA_ENABLE_ENCRYPTION
|
|
|
+ "server_ctt [<server-certificate.der>]\n"
|
|
|
+#else
|
|
|
"server_ctt <server-certificate.der> <private-key.der>\n"
|
|
|
- "[--trustlist <tl1.ctl> <tl2.ctl> ... ]\n"
|
|
|
- "[--issuerlist <il1.der> <il2.der> ... ]\n"
|
|
|
- "[--revocationlist <rv1.crl> <rv2.crl> ...]\n");
|
|
|
+ "\t[--trustlist <tl1.ctl> <tl2.ctl> ... ]\n"
|
|
|
+ "\t[--issuerlist <il1.der> <il2.der> ... ]\n"
|
|
|
+ "\t[--revocationlist <rv1.crl> <rv2.crl> ...]\n"
|
|
|
+ "\t[--enableUnencrypted]\n"
|
|
|
+#endif
|
|
|
+ "\t[--enableAnonymous]\n");
|
|
|
}
|
|
|
|
|
|
int main(int argc, char **argv) {
|
|
|
@@ -469,125 +526,151 @@ int main(int argc, char **argv) {
|
|
|
return EXIT_FAILURE;
|
|
|
UA_ServerConfig *config = UA_Server_getConfig(server);
|
|
|
|
|
|
-#ifdef UA_ENABLE_ENCRYPTION
|
|
|
- if(argc < 3) {
|
|
|
- usage();
|
|
|
- UA_ServerConfig_setDefault(config);
|
|
|
- } else {
|
|
|
- /* Load certificate and private key */
|
|
|
- UA_ByteString certificate = loadFile(argv[1]);
|
|
|
+ /* Load certificate */
|
|
|
+ size_t pos = 1;
|
|
|
+ UA_ByteString certificate = UA_BYTESTRING_NULL;
|
|
|
+ if((size_t)argc >= pos + 1) {
|
|
|
+ certificate = loadFile(argv[1]);
|
|
|
if(certificate.length == 0) {
|
|
|
UA_LOG_FATAL(UA_Log_Stdout, UA_LOGCATEGORY_USERLAND,
|
|
|
- "Unable to load file %s.", argv[1]);
|
|
|
+ "Unable to load file %s.", argv[pos]);
|
|
|
return EXIT_FAILURE;
|
|
|
}
|
|
|
- UA_ByteString privateKey = loadFile(argv[2]);
|
|
|
+ pos++;
|
|
|
+ }
|
|
|
+
|
|
|
+#ifdef UA_ENABLE_ENCRYPTION
|
|
|
+ /* Load the private key */
|
|
|
+ UA_ByteString privateKey = UA_BYTESTRING_NULL;
|
|
|
+ if((size_t)argc >= pos + 1) {
|
|
|
+ privateKey = loadFile(argv[2]);
|
|
|
if(privateKey.length == 0) {
|
|
|
UA_LOG_FATAL(UA_Log_Stdout, UA_LOGCATEGORY_USERLAND,
|
|
|
- "Unable to load file %s.", argv[2]);
|
|
|
+ "Unable to load file %s.", argv[pos]);
|
|
|
return EXIT_FAILURE;
|
|
|
}
|
|
|
+ pos++;
|
|
|
+ }
|
|
|
|
|
|
- UA_ByteString trustList[100];
|
|
|
- size_t trustListSize = 0;
|
|
|
- UA_ByteString issuerList[100];
|
|
|
- size_t issuerListSize = 0;
|
|
|
- UA_ByteString revocationList[100];
|
|
|
- size_t revocationListSize = 0;
|
|
|
- char filetype = ' '; /* t==trustlist, l == issuerList, r==revocationlist */
|
|
|
- for(int i = 3; i < argc; i++) {
|
|
|
- if(strcmp(argv[i], "--trustlist") == 0) {
|
|
|
- filetype = 't';
|
|
|
- continue;
|
|
|
- }
|
|
|
+ UA_ByteString trustList[100];
|
|
|
+ size_t trustListSize = 0;
|
|
|
+ UA_ByteString issuerList[100];
|
|
|
+ size_t issuerListSize = 0;
|
|
|
+ UA_ByteString revocationList[100];
|
|
|
+ size_t revocationListSize = 0;
|
|
|
+ char filetype = ' '; /* t==trustlist, l == issuerList, r==revocationlist */
|
|
|
+ UA_Boolean enableUnencr = false;
|
|
|
+#endif
|
|
|
|
|
|
- if(strcmp(argv[i], "--issuerlist") == 0) {
|
|
|
- filetype = 'l';
|
|
|
- continue;
|
|
|
- }
|
|
|
+ UA_Boolean enableAnon = false;
|
|
|
|
|
|
- if(strcmp(argv[i], "--revocationlist") == 0) {
|
|
|
- filetype = 'r';
|
|
|
- continue;
|
|
|
- }
|
|
|
+ /* Loop over the remaining arguments */
|
|
|
+ for(; pos < (size_t)argc; pos++) {
|
|
|
|
|
|
- if(filetype == 't') {
|
|
|
- if(trustListSize >= 100) {
|
|
|
- UA_LOG_FATAL(UA_Log_Stdout, UA_LOGCATEGORY_USERLAND,
|
|
|
- "Too many trust lists");
|
|
|
- return EXIT_FAILURE;
|
|
|
- }
|
|
|
- trustList[trustListSize] = loadFile(argv[i]);
|
|
|
- if(trustList[trustListSize].data == NULL) {
|
|
|
- UA_LOG_FATAL(UA_Log_Stdout, UA_LOGCATEGORY_USERLAND,
|
|
|
- "Unable to load trust list %s", argv[i]);
|
|
|
- return EXIT_FAILURE;
|
|
|
- }
|
|
|
- trustListSize++;
|
|
|
- continue;
|
|
|
- }
|
|
|
+ if(strcmp(argv[pos], "--enableAnonymous") == 0) {
|
|
|
+ enableAnon = true;
|
|
|
+ continue;
|
|
|
+ }
|
|
|
|
|
|
- if(filetype == 'l') {
|
|
|
- if(issuerListSize >= 100) {
|
|
|
- UA_LOG_FATAL(UA_Log_Stdout, UA_LOGCATEGORY_USERLAND,
|
|
|
- "Too many trust lists");
|
|
|
- return EXIT_FAILURE;
|
|
|
- }
|
|
|
- issuerList[issuerListSize] = loadFile(argv[i]);
|
|
|
- if(issuerList[issuerListSize].data == NULL) {
|
|
|
- UA_LOG_FATAL(UA_Log_Stdout, UA_LOGCATEGORY_USERLAND,
|
|
|
- "Unable to load trust list %s", argv[i]);
|
|
|
- return EXIT_FAILURE;
|
|
|
- }
|
|
|
- issuerListSize++;
|
|
|
- continue;
|
|
|
+#ifdef UA_ENABLE_ENCRYPTION
|
|
|
+ if(strcmp(argv[pos], "--enableUnencrypted") == 0) {
|
|
|
+ enableUnencr = true;
|
|
|
+ continue;
|
|
|
+ }
|
|
|
+
|
|
|
+ if(strcmp(argv[pos], "--trustlist") == 0) {
|
|
|
+ filetype = 't';
|
|
|
+ continue;
|
|
|
+ }
|
|
|
+
|
|
|
+ if(strcmp(argv[pos], "--issuerlist") == 0) {
|
|
|
+ filetype = 'l';
|
|
|
+ continue;
|
|
|
+ }
|
|
|
+
|
|
|
+ if(strcmp(argv[pos], "--revocationlist") == 0) {
|
|
|
+ filetype = 'r';
|
|
|
+ continue;
|
|
|
+ }
|
|
|
+
|
|
|
+ if(filetype == 't') {
|
|
|
+ if(trustListSize >= 100) {
|
|
|
+ UA_LOG_FATAL(UA_Log_Stdout, UA_LOGCATEGORY_USERLAND,
|
|
|
+ "Too many trust lists");
|
|
|
+ return EXIT_FAILURE;
|
|
|
+ }
|
|
|
+ trustList[trustListSize] = loadFile(argv[pos]);
|
|
|
+ if(trustList[trustListSize].data == NULL) {
|
|
|
+ UA_LOG_FATAL(UA_Log_Stdout, UA_LOGCATEGORY_USERLAND,
|
|
|
+ "Unable to load trust list %s", argv[pos]);
|
|
|
+ return EXIT_FAILURE;
|
|
|
}
|
|
|
+ trustListSize++;
|
|
|
+ continue;
|
|
|
+ }
|
|
|
|
|
|
- if(filetype == 'r') {
|
|
|
- if(revocationListSize >= 100) {
|
|
|
- UA_LOG_FATAL(UA_Log_Stdout, UA_LOGCATEGORY_USERLAND,
|
|
|
- "Too many revocation lists");
|
|
|
- return EXIT_FAILURE;
|
|
|
- }
|
|
|
- if(revocationList[revocationListSize].data == NULL) {
|
|
|
- UA_LOG_FATAL(UA_Log_Stdout, UA_LOGCATEGORY_USERLAND,
|
|
|
- "Unable to load revocationlist %s", argv[i]);
|
|
|
- return EXIT_FAILURE;
|
|
|
- }
|
|
|
- revocationList[revocationListSize] = loadFile(argv[i]);
|
|
|
- revocationListSize++;
|
|
|
- continue;
|
|
|
+ if(filetype == 'l') {
|
|
|
+ if(issuerListSize >= 100) {
|
|
|
+ UA_LOG_FATAL(UA_Log_Stdout, UA_LOGCATEGORY_USERLAND,
|
|
|
+ "Too many trust lists");
|
|
|
+ return EXIT_FAILURE;
|
|
|
}
|
|
|
+ issuerList[issuerListSize] = loadFile(argv[pos]);
|
|
|
+ if(issuerList[issuerListSize].data == NULL) {
|
|
|
+ UA_LOG_FATAL(UA_Log_Stdout, UA_LOGCATEGORY_USERLAND,
|
|
|
+ "Unable to load trust list %s", argv[pos]);
|
|
|
+ return EXIT_FAILURE;
|
|
|
+ }
|
|
|
+ issuerListSize++;
|
|
|
+ continue;
|
|
|
+ }
|
|
|
|
|
|
- usage();
|
|
|
- return EXIT_FAILURE;
|
|
|
+ if(filetype == 'r') {
|
|
|
+ if(revocationListSize >= 100) {
|
|
|
+ UA_LOG_FATAL(UA_Log_Stdout, UA_LOGCATEGORY_USERLAND,
|
|
|
+ "Too many revocation lists");
|
|
|
+ return EXIT_FAILURE;
|
|
|
+ }
|
|
|
+ if(revocationList[revocationListSize].data == NULL) {
|
|
|
+ UA_LOG_FATAL(UA_Log_Stdout, UA_LOGCATEGORY_USERLAND,
|
|
|
+ "Unable to load revocationlist %s", argv[pos]);
|
|
|
+ return EXIT_FAILURE;
|
|
|
+ }
|
|
|
+ revocationList[revocationListSize] = loadFile(argv[pos]);
|
|
|
+ revocationListSize++;
|
|
|
+ continue;
|
|
|
}
|
|
|
+#endif
|
|
|
|
|
|
- UA_ServerConfig_setDefaultWithSecurityPolicies(config, 4840,
|
|
|
- &certificate, &privateKey,
|
|
|
- trustList, trustListSize,
|
|
|
- issuerList, issuerListSize,
|
|
|
- revocationList, revocationListSize);
|
|
|
-
|
|
|
- UA_ByteString_clear(&certificate);
|
|
|
- UA_ByteString_clear(&privateKey);
|
|
|
- for(size_t i = 0; i < trustListSize; i++)
|
|
|
- UA_ByteString_clear(&trustList[i]);
|
|
|
- for(size_t i = 0; i < issuerListSize; i++)
|
|
|
- UA_ByteString_clear(&issuerList[i]);
|
|
|
- for(size_t i = 0; i < revocationListSize; i++)
|
|
|
- UA_ByteString_clear(&revocationList[i]);
|
|
|
+ usage();
|
|
|
+ return EXIT_FAILURE;
|
|
|
}
|
|
|
+
|
|
|
+#ifdef UA_ENABLE_ENCRYPTION
|
|
|
+ UA_ServerConfig_setDefaultWithSecurityPolicies(config, 4840,
|
|
|
+ &certificate, &privateKey,
|
|
|
+ trustList, trustListSize,
|
|
|
+ issuerList, issuerListSize,
|
|
|
+ revocationList, revocationListSize);
|
|
|
+ if(!enableUnencr)
|
|
|
+ disableUnencrypted(config);
|
|
|
#else
|
|
|
- UA_ByteString certificate = UA_BYTESTRING_NULL;
|
|
|
- if(argc < 2) {
|
|
|
- UA_LOG_WARNING(UA_Log_Stdout, UA_LOGCATEGORY_USERLAND,
|
|
|
- "Missing argument for the server certificate");
|
|
|
- } else {
|
|
|
- certificate = loadFile(argv[1]);
|
|
|
- }
|
|
|
- UA_ServerConfig_setDefault(config);
|
|
|
+ UA_ServerConfig_setMinimal(config, 4840, &certificate);
|
|
|
+#endif
|
|
|
+
|
|
|
+ if(!enableAnon)
|
|
|
+ disableAnonymous(config);
|
|
|
+
|
|
|
+ /* Clean up temp values */
|
|
|
UA_ByteString_clear(&certificate);
|
|
|
+#ifdef UA_ENABLE_ENCRYPTION
|
|
|
+ UA_ByteString_clear(&privateKey);
|
|
|
+ for(size_t i = 0; i < trustListSize; i++)
|
|
|
+ UA_ByteString_clear(&trustList[i]);
|
|
|
+ for(size_t i = 0; i < issuerListSize; i++)
|
|
|
+ UA_ByteString_clear(&issuerList[i]);
|
|
|
+ for(size_t i = 0; i < revocationListSize; i++)
|
|
|
+ UA_ByteString_clear(&revocationList[i]);
|
|
|
#endif
|
|
|
|
|
|
/* Override with a custom access control policy */
|
Julius Pfrommer