/* This Source Code Form is subject to the terms of the Mozilla Public * License, v. 2.0. If a copy of the MPL was not distributed with this * file, You can obtain one at http://mozilla.org/MPL/2.0/. * * Copyright 2017 (c) Fraunhofer IOSB (Author: Julius Pfrommer) * Copyright 2017 (c) Stefan Profanter, fortiss GmbH */ #ifndef UA_PLUGIN_ACCESS_CONTROL_H_ #define UA_PLUGIN_ACCESS_CONTROL_H_ #include "ua_types.h" #include "ua_server.h" _UA_BEGIN_DECLS struct UA_AccessControl; typedef struct UA_AccessControl UA_AccessControl; /** * .. _access-control: * * Access Control Plugin API * ========================= * The access control callback is used to authenticate sessions and grant access * rights accordingly. */ struct UA_AccessControl { void *context; void (*deleteMembers)(UA_AccessControl *ac); /* Supported login mechanisms. The server endpoints are created from here. */ size_t userTokenPoliciesSize; UA_UserTokenPolicy *userTokenPolicies; /* Authenticate a session. The session context is attached to the session * and later passed into the node-based access control callbacks. The new * session is rejected if a StatusCode other than UA_STATUSCODE_GOOD is * returned. */ UA_StatusCode (*activateSession)(UA_Server *server, UA_AccessControl *ac, const UA_EndpointDescription *endpointDescription, const UA_ByteString *secureChannelRemoteCertificate, const UA_NodeId *sessionId, const UA_ExtensionObject *userIdentityToken, void **sessionContext); /* Deauthenticate a session and cleanup */ void (*closeSession)(UA_Server *server, UA_AccessControl *ac, const UA_NodeId *sessionId, void *sessionContext); /* Access control for all nodes*/ UA_UInt32 (*getUserRightsMask)(UA_Server *server, UA_AccessControl *ac, const UA_NodeId *sessionId, void *sessionContext, const UA_NodeId *nodeId, void *nodeContext); /* Additional access control for variable nodes */ UA_Byte (*getUserAccessLevel)(UA_Server *server, UA_AccessControl *ac, const UA_NodeId *sessionId, void *sessionContext, const UA_NodeId *nodeId, void *nodeContext); /* Additional access control for method nodes */ UA_Boolean (*getUserExecutable)(UA_Server *server, UA_AccessControl *ac, const UA_NodeId *sessionId, void *sessionContext, const UA_NodeId *methodId, void *methodContext); /* Additional access control for calling a method node in the context of a * specific object */ UA_Boolean (*getUserExecutableOnObject)(UA_Server *server, UA_AccessControl *ac, const UA_NodeId *sessionId, void *sessionContext, const UA_NodeId *methodId, void *methodContext, const UA_NodeId *objectId, void *objectContext); /* Allow adding a node */ UA_Boolean (*allowAddNode)(UA_Server *server, UA_AccessControl *ac, const UA_NodeId *sessionId, void *sessionContext, const UA_AddNodesItem *item); /* Allow adding a reference */ UA_Boolean (*allowAddReference)(UA_Server *server, UA_AccessControl *ac, const UA_NodeId *sessionId, void *sessionContext, const UA_AddReferencesItem *item); /* Allow deleting a node */ UA_Boolean (*allowDeleteNode)(UA_Server *server, UA_AccessControl *ac, const UA_NodeId *sessionId, void *sessionContext, const UA_DeleteNodesItem *item); /* Allow deleting a reference */ UA_Boolean (*allowDeleteReference)(UA_Server *server, UA_AccessControl *ac, const UA_NodeId *sessionId, void *sessionContext, const UA_DeleteReferencesItem *item); /* Allow insert,replace,update of historical data */ UA_Boolean (*allowHistoryUpdateUpdateData)(UA_Server *server, UA_AccessControl *ac, const UA_NodeId *sessionId, void *sessionContext, const UA_NodeId *nodeId, UA_PerformUpdateType performInsertReplace, const UA_DataValue *value); /* Allow delete of historical data */ UA_Boolean (*allowHistoryUpdateDeleteRawModified)(UA_Server *server, UA_AccessControl *ac, const UA_NodeId *sessionId, void *sessionContext, const UA_NodeId *nodeId, UA_DateTime startTimestamp, UA_DateTime endTimestamp, bool isDeleteModified); }; _UA_END_DECLS #endif /* UA_PLUGIN_ACCESS_CONTROL_H_ */