ua_services_session.c 8.1 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155
  1. #include "ua_services.h"
  2. #include "ua_server_internal.h"
  3. #include "ua_session_manager.h"
  4. #include "ua_types_generated_encoding_binary.h"
  5. void Service_CreateSession(UA_Server *server, UA_SecureChannel *channel,
  6. const UA_CreateSessionRequest *request,
  7. UA_CreateSessionResponse *response) {
  8. response->responseHeader.serviceResult =
  9. UA_Array_copy(server->endpointDescriptions, server->endpointDescriptionsSize,
  10. (void**)&response->serverEndpoints, &UA_TYPES[UA_TYPES_ENDPOINTDESCRIPTION]);
  11. if(response->responseHeader.serviceResult != UA_STATUSCODE_GOOD)
  12. return;
  13. response->serverEndpointsSize = server->endpointDescriptionsSize;
  14. UA_Session *newSession;
  15. response->responseHeader.serviceResult = UA_SessionManager_createSession(&server->sessionManager,
  16. channel, request, &newSession);
  17. if(response->responseHeader.serviceResult != UA_STATUSCODE_GOOD) {
  18. UA_LOG_DEBUG(server->logger, UA_LOGCATEGORY_SESSION,
  19. "Processing CreateSessionRequest on SecureChannel %i failed",
  20. channel->securityToken.channelId);
  21. return;
  22. }
  23. //TODO get maxResponseMessageSize internally
  24. newSession->maxResponseMessageSize = request->maxResponseMessageSize;
  25. response->sessionId = newSession->sessionId;
  26. response->revisedSessionTimeout = (UA_Double)newSession->timeout;
  27. response->authenticationToken = newSession->authenticationToken;
  28. response->responseHeader.serviceResult = UA_String_copy(&request->sessionName, &newSession->sessionName);
  29. if(server->endpointDescriptions)
  30. response->responseHeader.serviceResult |=
  31. UA_ByteString_copy(&server->endpointDescriptions->serverCertificate, &response->serverCertificate);
  32. if(response->responseHeader.serviceResult != UA_STATUSCODE_GOOD) {
  33. UA_SessionManager_removeSession(&server->sessionManager, server, &newSession->authenticationToken);
  34. return;
  35. }
  36. UA_LOG_DEBUG(server->logger, UA_LOGCATEGORY_SESSION,
  37. "Processing CreateSessionRequest on SecureChannel %i succeeded, created Session (ns=%i,i=%i)",
  38. channel->securityToken.channelId, response->sessionId.namespaceIndex,
  39. response->sessionId.identifier.numeric);
  40. }
  41. void Service_ActivateSession(UA_Server *server, UA_SecureChannel *channel,
  42. const UA_ActivateSessionRequest *request,
  43. UA_ActivateSessionResponse *response) {
  44. // make the channel know about the session
  45. UA_Session *foundSession = UA_SessionManager_getSession(&server->sessionManager,
  46. &request->requestHeader.authenticationToken);
  47. if(!foundSession) {
  48. response->responseHeader.serviceResult = UA_STATUSCODE_BADSESSIONIDINVALID;
  49. UA_LOG_DEBUG(server->logger, UA_LOGCATEGORY_SESSION,
  50. "Processing ActivateSessionRequest on SecureChannel %i, but no session found for the authentication token",
  51. channel->securityToken.channelId);
  52. return;
  53. }
  54. if(foundSession->validTill < UA_DateTime_now()) {
  55. UA_LOG_DEBUG(server->logger, UA_LOGCATEGORY_SESSION,
  56. "Processing ActivateSessionRequest on SecureChannel %i, but the session has timed out",
  57. channel->securityToken.channelId);
  58. response->responseHeader.serviceResult = UA_STATUSCODE_BADSESSIONIDINVALID;
  59. return;
  60. }
  61. if(request->userIdentityToken.encoding < UA_EXTENSIONOBJECT_DECODED ||
  62. (request->userIdentityToken.content.decoded.type != &UA_TYPES[UA_TYPES_ANONYMOUSIDENTITYTOKEN] &&
  63. request->userIdentityToken.content.decoded.type != &UA_TYPES[UA_TYPES_USERNAMEIDENTITYTOKEN])) {
  64. UA_LOG_DEBUG(server->logger, UA_LOGCATEGORY_SESSION,
  65. "Invalided UserIdentityToken on SecureChannel %i for Session (ns=%i,i=%i)",
  66. channel->securityToken.channelId, foundSession->sessionId.namespaceIndex,
  67. foundSession->sessionId.identifier.numeric);
  68. response->responseHeader.serviceResult = UA_STATUSCODE_BADINTERNALERROR;
  69. return;
  70. }
  71. UA_LOG_DEBUG(server->logger, UA_LOGCATEGORY_SESSION,
  72. "Processing ActivateSessionRequest on SecureChannel %i for Session (ns=%i,i=%i)",
  73. channel->securityToken.channelId, foundSession->sessionId.namespaceIndex,
  74. foundSession->sessionId.identifier.numeric);
  75. UA_String ap = UA_STRING(ANONYMOUS_POLICY);
  76. UA_String up = UA_STRING(USERNAME_POLICY);
  77. /* Compatibility notice: Siemens OPC Scout v10 provides an empty policyId,
  78. this is not okay For compatibility we will assume that empty policyId ==
  79. ANONYMOUS_POLICY
  80. if(token.policyId->data == NULL)
  81. response->responseHeader.serviceResult = UA_STATUSCODE_BADIDENTITYTOKENINVALID;
  82. */
  83. /* anonymous login */
  84. if(server->config.Login_enableAnonymous &&
  85. request->userIdentityToken.content.decoded.type == &UA_TYPES[UA_TYPES_ANONYMOUSIDENTITYTOKEN]) {
  86. const UA_AnonymousIdentityToken *token = request->userIdentityToken.content.decoded.data;
  87. if(token->policyId.data && !UA_String_equal(&token->policyId, &ap)) {
  88. response->responseHeader.serviceResult = UA_STATUSCODE_BADIDENTITYTOKENINVALID;
  89. return;
  90. }
  91. if(foundSession->channel && foundSession->channel != channel)
  92. UA_SecureChannel_detachSession(foundSession->channel, foundSession);
  93. UA_SecureChannel_attachSession(channel, foundSession);
  94. foundSession->activated = UA_TRUE;
  95. UA_Session_updateLifetime(foundSession);
  96. return;
  97. }
  98. /* username login */
  99. if(server->config.Login_enableUsernamePassword &&
  100. request->userIdentityToken.content.decoded.type == &UA_TYPES[UA_TYPES_USERNAMEIDENTITYTOKEN]) {
  101. const UA_UserNameIdentityToken *token = request->userIdentityToken.content.decoded.data;
  102. if(!UA_String_equal(&token->policyId, &up)) {
  103. response->responseHeader.serviceResult = UA_STATUSCODE_BADIDENTITYTOKENINVALID;
  104. return;
  105. }
  106. if(token->encryptionAlgorithm.data) {
  107. /* we don't support encryption */
  108. response->responseHeader.serviceResult = UA_STATUSCODE_BADIDENTITYTOKENINVALID;
  109. } else if(!token->userName.data && !token->password.data) {
  110. /* empty username and password */
  111. response->responseHeader.serviceResult = UA_STATUSCODE_BADIDENTITYTOKENINVALID;
  112. } else {
  113. /* ok, trying to match the username */
  114. for(size_t i = 0; i < server->config.Login_loginsCount; ++i) {
  115. UA_String user = UA_STRING(server->config.Login_usernames[i]);
  116. UA_String pw = UA_STRING(server->config.Login_passwords[i]);
  117. if(!UA_String_equal(&token->userName, &user) || !UA_String_equal(&token->password, &pw))
  118. continue;
  119. /* success - activate */
  120. if(foundSession->channel && foundSession->channel != channel)
  121. UA_SecureChannel_detachSession(foundSession->channel, foundSession);
  122. UA_SecureChannel_attachSession(channel, foundSession);
  123. foundSession->activated = UA_TRUE;
  124. UA_Session_updateLifetime(foundSession);
  125. return;
  126. }
  127. /* no match */
  128. response->responseHeader.serviceResult = UA_STATUSCODE_BADUSERACCESSDENIED;
  129. }
  130. return;
  131. }
  132. response->responseHeader.serviceResult = UA_STATUSCODE_BADIDENTITYTOKENINVALID;
  133. }
  134. void Service_CloseSession(UA_Server *server, UA_Session *session, const UA_CloseSessionRequest *request,
  135. UA_CloseSessionResponse *response) {
  136. UA_LOG_DEBUG(server->logger, UA_LOGCATEGORY_SESSION,
  137. "Processing CloseSessionRequest for Session (ns=%i,i=%i)",
  138. session->sessionId.namespaceIndex, session->sessionId.identifier.numeric);
  139. response->responseHeader.serviceResult =
  140. UA_SessionManager_removeSession(&server->sessionManager, server, &session->authenticationToken);
  141. }