CCT test section of Security->Name Password passes

include/ua_types.h

@@ -332,7 +332,7 @@ UA_TYPE_HANDLING_FUNCTIONS(UA_DiagnosticInfo)
     allocated. If the memory cannot be allocated, a null-string is returned. */
 UA_String UA_EXPORT UA_String_fromChars(char const *src);
 #define UA_STRING_ALLOC(CHARS) UA_String_fromChars(CHARS)
-#define UA_STRING(CHARS) (const UA_String) {sizeof(CHARS)-1, (UA_Byte*)CHARS }
+#define UA_STRING(CHARS) (const UA_String) {strlen(CHARS), (UA_Byte*)CHARS }
 #define UA_STRING_NULL (UA_String) {-1, (UA_Byte*)0 }
 
 /** Printf a char-array into a UA_String. Memory for the string data is allocated. */

src/server/ua_server_binary.c

@@ -143,7 +143,7 @@ static void init_response_header(const UA_RequestHeader *p, UA_ResponseHeader *r
         UA_##TYPE##Response_init(&r);                                   \
         init_response_header(&p.requestHeader, &r.responseHeader);      \
         if(!clientSession)                                              \
-            r.responseHeader.serviceResult = UA_STATUSCODE_BADSESSIONIDINVALID; \
+            r.responseHeader.serviceResult = UA_STATUSCODE_BADSESSIONNOTACTIVATED; \
         else                                                            \
             Service_##TYPE(server, clientSession, &p, &r);              \
         connection->getBuffer(connection, message, UA_##TYPE##Response_calcSizeBinary(&r)); \

src/server/ua_services_session.c

@@ -83,9 +83,8 @@ void Service_ActivateSession(UA_Server *server,UA_SecureChannel *channel,
         //todo cleanup session
         RETURN;
     }
-
     //username logins
-    if(UA_String_equalchars(&token.policyId, USERNAME_POLICY)){
+    else if(UA_String_equalchars(&token.policyId, USERNAME_POLICY)){
         if(!server->config.Login_enableUsernamePassword){
             response->responseHeader.serviceResult = UA_STATUSCODE_BADIDENTITYTOKENINVALID;
             //todo cleanup session
@@ -99,6 +98,12 @@ void Service_ActivateSession(UA_Server *server,UA_SecureChannel *channel,
             //todo cleanup session
             RETURN;
         }
+        if(username_token.userName.length == -1 && username_token.password.length == -1){
+            //empty username and password
+            response->responseHeader.serviceResult = UA_STATUSCODE_BADIDENTITYTOKENINVALID;
+            //todo cleanup session
+            RETURN;
+        }
         UA_Boolean matched = UA_FALSE;
         for(UA_UInt32 i=0;i<server->config.Login_loginsCount;++i){
             if(UA_String_equalchars(&username_token.userName, server->config.Login_usernames[i])
@@ -109,10 +114,14 @@ void Service_ActivateSession(UA_Server *server,UA_SecureChannel *channel,
         }
         if(!matched){
             //no username/pass matched
-            response->responseHeader.serviceResult = UA_STATUSCODE_BADIDENTITYTOKENINVALID;
+            response->responseHeader.serviceResult = UA_STATUSCODE_BADUSERACCESSDENIED;
             //todo cleanup session
             RETURN;
         }
+   }else{
+       response->responseHeader.serviceResult = UA_STATUSCODE_BADIDENTITYTOKENINVALID;
+       //todo cleanup session
+       RETURN;
    }
 
    //success - bind session to the channel
@@ -130,7 +139,7 @@ void Service_CloseSession(UA_Server *server, UA_Session *session, const UA_Close
 			(const UA_NodeId*)&request->requestHeader.authenticationToken, &foundSession);
 
 	if(foundSession == UA_NULL){
-		response->responseHeader.serviceResult = UA_STATUSCODE_BADIDENTITYTOKENINVALID;
+		response->responseHeader.serviceResult = UA_STATUSCODE_BADSESSIONIDINVALID;
 		return;
 	}