move access control to a separate plugin

CMakeLists.txt

@@ -236,6 +236,7 @@ set(exported_headers ${PROJECT_BINARY_DIR}/src_generated/ua_config.h
                      ${PROJECT_BINARY_DIR}/src_generated/ua_types_generated_handling.h
                      ${PROJECT_SOURCE_DIR}/include/ua_plugin_network.h
                      ${PROJECT_SOURCE_DIR}/include/ua_plugin_log.h
+                     ${PROJECT_SOURCE_DIR}/include/ua_plugin_access_control.h
                      ${PROJECT_SOURCE_DIR}/include/ua_server.h
                      ${PROJECT_SOURCE_DIR}/include/ua_client.h
                      ${PROJECT_SOURCE_DIR}/include/ua_client_highlevel.h

doc/CMakeLists.txt

@@ -25,6 +25,7 @@ generate_rst(${PROJECT_SOURCE_DIR}/include/ua_client.h ${DOC_SRC_DIR}/client.rst
 generate_rst(${PROJECT_SOURCE_DIR}/include/ua_client_highlevel.h ${DOC_SRC_DIR}/client_highlevel.rst)
 generate_rst(${PROJECT_SOURCE_DIR}/include/ua_plugin_log.h ${DOC_SRC_DIR}/plugin_log.rst)
 generate_rst(${PROJECT_SOURCE_DIR}/include/ua_plugin_network.h ${DOC_SRC_DIR}/plugin_network.rst)
+generate_rst(${PROJECT_SOURCE_DIR}/include/ua_plugin_access_control.h ${DOC_SRC_DIR}/plugin_access_control.rst)
 generate_rst(${PROJECT_SOURCE_DIR}/src/server/ua_services.h ${DOC_SRC_DIR}/services.rst)
 generate_rst(${PROJECT_SOURCE_DIR}/src/server/ua_nodestore.h ${DOC_SRC_DIR}/nodestore.rst)
 generate_rst(${PROJECT_SOURCE_DIR}/src/server/ua_nodes.h ${DOC_SRC_DIR}/information_modelling.rst)
@@ -43,7 +44,8 @@ add_custom_target(doc_latex ${SPHINX_EXECUTABLE}
   -b latex "${DOC_SRC_DIR}" "${DOC_LATEX_DIR}"
   DEPENDS ${DOC_SRC_DIR}/types.rst ${DOC_SRC_DIR}/constants.rst ${DOC_SRC_DIR}/types_generated.rst
           ${DOC_SRC_DIR}/server.rst ${DOC_SRC_DIR}/client.rst ${DOC_SRC_DIR}/client_highlevel.rst
-          ${DOC_SRC_DIR}/plugin_log.rst ${DOC_SRC_DIR}/plugin_network.rst ${DOC_SRC_DIR}/services.rst
+          ${DOC_SRC_DIR}/plugin_log.rst ${DOC_SRC_DIR}/plugin_network.rst
+          ${DOC_SRC_DIR}/services.rst ${DOC_SRC_DIR}/plugin_access_control.rst
           ${DOC_SRC_DIR}/nodestore.rst ${DOC_SRC_DIR}/information_modelling.rst
           ${DOC_SRC_DIR}/protocol.rst
           ${DOC_SRC_DIR}/tutorial_datatypes.rst
@@ -69,7 +71,8 @@ add_custom_target(doc ${SPHINX_EXECUTABLE}
   -b html "${DOC_SRC_DIR}" "${DOC_HTML_DIR}"
   DEPENDS ${DOC_SRC_DIR}/types.rst ${DOC_SRC_DIR}/constants.rst ${DOC_SRC_DIR}/types_generated.rst
           ${DOC_SRC_DIR}/server.rst ${DOC_SRC_DIR}/client.rst ${DOC_SRC_DIR}/client_highlevel.rst
-          ${DOC_SRC_DIR}/plugin_log.rst ${DOC_SRC_DIR}/plugin_network.rst ${DOC_SRC_DIR}/services.rst
+          ${DOC_SRC_DIR}/plugin_log.rst ${DOC_SRC_DIR}/plugin_network.rst
+          ${DOC_SRC_DIR}/services.rst ${DOC_SRC_DIR}/plugin_access_control.rst
           ${DOC_SRC_DIR}/nodestore.rst ${DOC_SRC_DIR}/information_modelling.rst
           ${DOC_SRC_DIR}/protocol.rst
           ${DOC_SRC_DIR}/tutorial_datatypes.rst

doc/internal.rst

@@ -4,5 +4,6 @@ Internals
 .. toctree::
 
    plugin_network
+   plugin_access_control
    plugin_log
    nodestore

include/ua_plugin_access_control.h

@@ -0,0 +1,82 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#ifndef UA_PLUGIN_ACCESS_CONTROL_H_
+#define UA_PLUGIN_ACCESS_CONTROL_H_
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+#include "ua_types.h"
+
+/**
+ * Access Control Plugin API
+ * =========================
+ * The access control callback is used to authenticate sessions and grant access
+ * rights accordingly. */
+
+typedef struct {
+    /* These booleans are used to create endpoints for the possible
+     * authentication methods */
+    UA_Boolean enableAnonymousLogin;
+    UA_Boolean enableUsernamePasswordLogin;
+
+    /* Authenticate a session. The session handle is attached to the session and
+     * later passed into the node-based access control callbacks. */
+    UA_StatusCode (*activateSession)(const UA_NodeId *sessionId,
+                                     const UA_ExtensionObject *userIdentityToken,
+                                     void **sessionHandle);
+
+    /* Deauthenticate a session and cleanup */
+    void (*closeSession)(const UA_NodeId *sessionId, void *sessionHandle);
+
+    /* Access control for all nodes*/
+    UA_UInt32 (*getUserRightsMask)(const UA_NodeId *sessionId,
+                                   void *sessionHandle,
+                                   const UA_NodeId *nodeId);
+
+    /* Additional access control for variable nodes */
+    UA_Byte (*getUserAccessLevel)(const UA_NodeId *sessionId,
+                                  void *sessionHandle,
+                                  const UA_NodeId *nodeId);
+
+    /* Additional access control for method nodes */
+    UA_Boolean (*getUserExecutable)(const UA_NodeId *sessionId,
+                                    void *sessionHandle,
+                                    const UA_NodeId *methodId);
+
+    /* Additional access control for calling a method node in the context of a
+     * specific object */
+    UA_Boolean (*getUserExecutableOnObject)(const UA_NodeId *sessionId,
+                                            void *sessionHandle,
+                                            const UA_NodeId *methodId,
+                                            const UA_NodeId *objectId);
+
+    /* Allow adding a node */
+    UA_Boolean (*allowAddNode)(const UA_NodeId *sessionId,
+                               void *sessionHandle,
+                               const UA_AddNodesItem *item);
+
+    /* Allow adding a reference */
+    UA_Boolean (*allowAddReference)(const UA_NodeId *sessionId,
+                                    void *sessionHandle,
+                                    const UA_AddReferencesItem *item);
+
+    /* Allow deleting a node */
+    UA_Boolean (*allowDeleteNode)(const UA_NodeId *sessionId,
+                                  void *sessionHandle,
+                                  const UA_DeleteNodesItem *item);
+
+    /* Allow deleting a reference */
+    UA_Boolean (*allowDeleteReference)(const UA_NodeId *sessionId,
+                                       void *sessionHandle,
+                                       const UA_DeleteReferencesItem *item);
+} UA_AccessControl;
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* UA_PLUGIN_ACCESS_CONTROL_H_ */

include/ua_server.h

@@ -9,13 +9,13 @@
 extern "C" {
 #endif
 
-#include "ua_config.h"
 #include "ua_types.h"
 #include "ua_types_generated.h"
 #include "ua_types_generated_handling.h"
 #include "ua_nodeids.h"
 #include "ua_plugin_log.h"
 #include "ua_plugin_network.h"
+#include "ua_plugin_access_control.h"
 
 /**
  * .. _server:
@@ -23,78 +23,10 @@ extern "C" {
  * Server
  * ======
  *
- * Access Control
- * --------------
- * The access control callback is used to authenticate sessions and grant access
- * rights accordingly. */
-typedef struct {
-    /* These booleans are used to create endpoints for the possible
-     * authentication methods */
-    UA_Boolean enableAnonymousLogin;
-    UA_Boolean enableUsernamePasswordLogin;
-
-    /* Authenticate a session. The session handle is attached to the session and
-     * passed into the node-based access control callbacks. */
-    UA_StatusCode (*activateSession)(const UA_NodeId *sessionId,
-                                     const UA_ExtensionObject *userIdentityToken,
-                                     void **sessionHandle);
-
-    /* Deauthenticate a session and cleanup */
-    void (*closeSession)(const UA_NodeId *sessionId, void *sessionHandle);
-
-    /* Access control for all nodes*/
-    UA_UInt32 (*getUserRightsMask)(const UA_NodeId *sessionId,
-                                   void *sessionHandle,
-                                   const UA_NodeId *nodeId);
-
-    /* Additional access control for variable nodes */
-    UA_Byte (*getUserAccessLevel)(const UA_NodeId *sessionId,
-                                  void *sessionHandle,
-                                  const UA_NodeId *nodeId);
-
-    /* Additional access control for method nodes */
-    UA_Boolean (*getUserExecutable)(const UA_NodeId *sessionId,
-                                    void *sessionHandle,
-                                    const UA_NodeId *methodId);
-
-    /* Additional access control for calling a method node in the context of a
-     * specific object */
-    UA_Boolean (*getUserExecutableOnObject)(const UA_NodeId *sessionId,
-                                            void *sessionHandle,
-                                            const UA_NodeId *methodId,
-                                            const UA_NodeId *objectId);
-
-    /* Allow adding a node */
-    UA_Boolean (*allowAddNode)(const UA_NodeId *sessionId,
-                               void *sessionHandle,
-                               const UA_AddNodesItem *item);
-
-    /* Allow adding a reference */
-    UA_Boolean (*allowAddReference)(const UA_NodeId *sessionId,
-                                    void *sessionHandle,
-                                    const UA_AddReferencesItem *item);
-
-    /* Allow deleting a node */
-    UA_Boolean (*allowDeleteNode)(const UA_NodeId *sessionId,
-                                  void *sessionHandle,
-                                  const UA_DeleteNodesItem *item);
-
-    /* Allow deleting a reference */
-    UA_Boolean (*allowDeleteReference)(const UA_NodeId *sessionId,
-                                       void *sessionHandle,
-                                       const UA_DeleteReferencesItem *item);
-} UA_AccessControl;
-
-/**
  * Server Configuration
  * --------------------
  * The configuration structure is passed to the server during initialization. */
 
-typedef struct {
-    UA_String username;
-    UA_String password;
-} UA_UsernamePasswordLogin;
-
 typedef struct {
     UA_UInt32 min;
     UA_UInt32 max;

plugins/ua_accesscontrol_default.c

@@ -15,6 +15,11 @@
 const UA_String anonymous_policy = UA_STRING_STATIC(ANONYMOUS_POLICY);
 const UA_String username_policy = UA_STRING_STATIC(USERNAME_POLICY);
 
+typedef struct {
+    UA_String username;
+    UA_String password;
+} UA_UsernamePasswordLogin;
+
 const size_t usernamePasswordsSize = 2;
 UA_UsernamePasswordLogin usernamePasswords[2] = {
     { UA_STRING_STATIC("user1"), UA_STRING_STATIC("password") },