hardening session management, username/passwords were changed to match CCT

(cherry picked from commit 508249e8508f488b89bbdb05a1d250c5ac17ebf1)

src/server/ua_server.c

@@ -11,9 +11,9 @@ const UA_ServerConfig UA_ServerConfig_standard = {
         UA_TRUE,
 
         UA_TRUE,
-        (char *[]){"username"},
-        (char *[]){"password"},
-        1,
+        (char *[]){"user1","user2"},
+        (char *[]){"password","password1"},
+        2,
 
         "urn:unconfigured:open62541:open62541Server"
 };

src/server/ua_server_binary.c

@@ -128,16 +128,18 @@ static void init_response_header(const UA_RequestHeader *p, UA_ResponseHeader *r
         UA_##TYPE##Response r;                                          \
         if(UA_##TYPE##Request_decodeBinary(msg, pos, &p))               \
             return;                                                     \
-        if(clientChannel->session &&                                    \
-           UA_NodeId_equal(&clientChannel->session->authenticationToken, \
-                           &p.requestHeader.authenticationToken))       \
-            clientSession = clientChannel->session;                     \
         UA_##TYPE##Response_init(&r);                                   \
         init_response_header(&p.requestHeader, &r.responseHeader);      \
-        if(!clientSession)                                              \
+        if(!clientChannel->session || !UA_NodeId_equal(&clientChannel->session->authenticationToken,\
+                &p.requestHeader.authenticationToken))                  \
+            r.responseHeader.serviceResult = UA_STATUSCODE_BADSESSIONIDINVALID;     \
+        else if(clientChannel->session->activated == UA_FALSE){         \
+            UA_SessionManager_removeSession(&server->sessionManager, &clientChannel->session->sessionId); \
             r.responseHeader.serviceResult = UA_STATUSCODE_BADSESSIONNOTACTIVATED; \
-        else                                                            \
+        }else{                                                          \
+            clientSession = clientChannel->session;                     \
             Service_##TYPE(server, clientSession, &p, &r);              \
+        }                                                               \
         UA_##TYPE##Request_deleteMembers(&p);                           \
         retval = connection->getBuffer(connection, &message, headerSize + UA_##TYPE##Response_calcSizeBinary(&r)); \
         if(retval != UA_STATUSCODE_GOOD) {                              \

src/server/ua_services_attribute.c

@@ -341,6 +341,7 @@ static void readValue(UA_Server *server, UA_TimestampsToReturn timestamps,
 
 void Service_Read(UA_Server *server, UA_Session *session, const UA_ReadRequest *request,
                   UA_ReadResponse *response) {
+
     if(request->nodesToReadSize <= 0) {
         response->responseHeader.serviceResult = UA_STATUSCODE_BADNOTHINGTODO;
         return;

src/server/ua_services_session.c

@@ -23,6 +23,9 @@ void Service_CreateSession(UA_Server *server, UA_SecureChannel *channel,
 	if(response->responseHeader.serviceResult != UA_STATUSCODE_GOOD)
 		return;
 
+	//bind session to channel
+	channel->session = newSession;
+
     //TODO get maxResponseMessageSize internally
     newSession->maxResponseMessageSize = request->maxResponseMessageSize;
     response->sessionId = newSession->sessionId;
@@ -54,12 +57,10 @@ void Service_ActivateSession(UA_Server *server,UA_SecureChannel *channel,
                                         &foundSession);
 
 	if(foundSession == UA_NULL){
-        response->responseHeader.serviceResult = UA_STATUSCODE_BADIDENTITYTOKENINVALID;
+        response->responseHeader.serviceResult = UA_STATUSCODE_BADSESSIONIDINVALID;
         return;
 	}
 
-
-
     UA_UserIdentityToken token;
     UA_UserIdentityToken_init(&token);
     size_t offset = 0;
@@ -78,8 +79,9 @@ void Service_ActivateSession(UA_Server *server,UA_SecureChannel *channel,
 
     //anonymous logins
     if(server->config.Login_enableAnonymous && UA_String_equalchars(&token.policyId, ANONYMOUS_POLICY)){
-        //success - bind session to the channel
+        //success - activate
         channel->session = foundSession;
+        channel->session->activated = UA_TRUE;
         RETURN;
     //username logins
     }else if(server->config.Login_enableUsernamePassword && UA_String_equalchars(&token.policyId, USERNAME_POLICY)){
@@ -100,8 +102,9 @@ void Service_ActivateSession(UA_Server *server,UA_SecureChannel *channel,
         for(UA_UInt32 i=0;i<server->config.Login_loginsCount;++i){
             if(UA_String_equalchars(&username_token.userName, server->config.Login_usernames[i])
             && UA_String_equalchars(&username_token.password, server->config.Login_passwords[i])){
-                //success - bind session to the channel
+                //success - activate
                 channel->session = foundSession;
+                channel->session->activated = UA_TRUE;
                 RETURN;
             }
         }

src/ua_session.c

@@ -40,6 +40,7 @@ static UA_StatusCode UA_Session_generateToken(UA_NodeId *newToken, UA_UInt32 *se
 
 void UA_Session_init(UA_Session *session) {
     UA_ApplicationDescription_init(&session->clientDescription);
+    session->activated = UA_FALSE;
     UA_NodeId_init(&session->authenticationToken);
     UA_NodeId_init(&session->sessionId);
     UA_String_init(&session->sessionName);

src/ua_session.h

@@ -21,6 +21,7 @@ struct ContinuationPointEntry {
 
 struct UA_Session {
     UA_ApplicationDescription clientDescription;
+    UA_Boolean        activated;
     UA_String         sessionName;
     UA_NodeId         authenticationToken;
     UA_NodeId         sessionId;