首頁 探索 說明
登入
thomas
/
open62541
關註 1
讚好 0
複刻 0
檔案 問題管理 0 合併請求 0 Wiki
目錄樹: 3e41a753b1
分支列表 標籤列表
open62541
/
plugins
/
ua_accesscontrol_default.c

ua_accesscontrol_default.c 5.0 KB
文件歷史 原始文件

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142 
  1. /* This work is licensed under a Creative Commons CCZero 1.0 Universal License.
    2. 

  2.  * See http://creativecommons.org/publicdomain/zero/1.0/ for more information. */
    3. 

  3. 

  4. #include "ua_accesscontrol_default.h"
    5. 

  5. 

  6. /* Example access control management. Anonymous and username / password login.
    7. 

  7.  * The access rights are maximally permissive. */
    8. 

  8. 

  9. #define ANONYMOUS_POLICY "open62541-anonymous-policy"
    10. 

  10. #define USERNAME_POLICY "open62541-username-policy"
    11. 

  11. 

  12. // TODO: There should be one definition of these strings in the endpoint.
    13. 

  13. // Put the endpoint definition in the access control struct?
    14. 

  14. #define UA_STRING_STATIC(s) {sizeof(s)-1, (UA_Byte*)s}
    15. 

  15. const UA_String anonymous_policy = UA_STRING_STATIC(ANONYMOUS_POLICY);
    16. 

  16. const UA_String username_policy = UA_STRING_STATIC(USERNAME_POLICY);
    17. 

  17. 

  18. typedef struct {
    19. 

  19.     UA_String username;
    20. 

  20.     UA_String password;
    21. 

  21. } UA_UsernamePasswordLogin;
    22. 

  22. 

  23. const size_t usernamePasswordsSize = 2;
    24. 

  24. UA_UsernamePasswordLogin usernamePasswords[2] = {
    25. 

  25.     { UA_STRING_STATIC("user1"), UA_STRING_STATIC("password") },
    26. 

  26.     { UA_STRING_STATIC("user2"), UA_STRING_STATIC("password1") } };
    27. 

  27. 

  28. UA_StatusCode
    29. 

  29. activateSession_default(const UA_NodeId *sessionId,
    30. 

  30.                         const UA_ExtensionObject *userIdentityToken,
    31. 

  31.                         void **sessionContext) {
    32. 

  32.     /* Could the token be decoded? */
    33. 

  33.     if(userIdentityToken->encoding < UA_EXTENSIONOBJECT_DECODED)
    34. 

  34.         return UA_STATUSCODE_BADIDENTITYTOKENINVALID;
    35. 

  35. 

  36.     /* Anonymous login */
    37. 

  37.     if(userIdentityToken->content.decoded.type ==
    38. 

  38.        &UA_TYPES[UA_TYPES_ANONYMOUSIDENTITYTOKEN]) {
    39. 

  39.         const UA_AnonymousIdentityToken *token =
    40. 

  40.             (UA_AnonymousIdentityToken*)userIdentityToken->content.decoded.data;
    41. 

  41. 

  42.         /* Compatibility notice: Siemens OPC Scout v10 provides an empty
    43. 

  43.          * policyId. This is not compliant. For compatibility, assume that empty
    44. 

  44.          * policyId == ANONYMOUS_POLICY */
    45. 

  45.         if(token->policyId.data &&
    46. 

  46.            !UA_String_equal(&token->policyId, &anonymous_policy))
    47. 

  47.             return UA_STATUSCODE_BADIDENTITYTOKENINVALID;
    48. 

  48. 

  49.         /* No userdata atm */
    50. 

  50.         *sessionContext = NULL;
    51. 

  51.         return UA_STATUSCODE_GOOD;
    52. 

  52.     }
    53. 

  53. 

  54.     /* Username and password */
    55. 

  55.     if(userIdentityToken->content.decoded.type ==
    56. 

  56.        &UA_TYPES[UA_TYPES_USERNAMEIDENTITYTOKEN]) {
    57. 

  57.         const UA_UserNameIdentityToken *token =
    58. 

  58.             (UA_UserNameIdentityToken*)userIdentityToken->content.decoded.data;
    59. 

  59.         if(!UA_String_equal(&token->policyId, &username_policy) || token->encryptionAlgorithm.length > 0)
    60. 

  60.             return UA_STATUSCODE_BADIDENTITYTOKENINVALID;
    61. 

  61. 

  62.         /* Empty username and password */
    63. 

  63.         if(token->userName.length == 0 && token->password.length == 0)
    64. 

  64.             return UA_STATUSCODE_BADIDENTITYTOKENINVALID;
    65. 

  65. 

  66.         /* Try to match username/pw */
    67. 

  67.         UA_Boolean match = false;
    68. 

  68.         for(size_t i = 0; i < usernamePasswordsSize; i++) {
    69. 

  69.             const UA_String *user = &usernamePasswords[i].username;
    70. 

  70.             const UA_String *pw = &usernamePasswords[i].password;
    71. 

  71.             if(UA_String_equal(&token->userName, user) &&
    72. 

  72.                UA_String_equal(&token->password, pw)) {
    73. 

  73.                 match = true;
    74. 

  74.                 break;
    75. 

  75.             }
    76. 

  76.         }
    77. 

  77.         if(!match)
    78. 

  78.             return UA_STATUSCODE_BADUSERACCESSDENIED;
    79. 

  79. 

  80.         /* No userdata atm */
    81. 

  81.         *sessionContext = NULL;
    82. 

  82.         return UA_STATUSCODE_GOOD;
    83. 

  83.     }
    84. 

  84. 

  85.     /* Unsupported token type */
    86. 

  86.     return UA_STATUSCODE_BADIDENTITYTOKENINVALID;
    87. 

  87. }
    88. 

  88. 

  89. void
    90. 

  90. closeSession_default(const UA_NodeId *sessionId, void *sessionContext) {
    91. 

  91.     /* no context to clean up */
    92. 

  92. }
    93. 

  93. 

  94. UA_UInt32
    95. 

  95. getUserRightsMask_default(const UA_NodeId *sessionId, void *sessionContext,
    96. 

  96.                           const UA_NodeId *nodeId, void *nodeContext) {
    97. 

  97.     return 0xFFFFFFFF;
    98. 

  98. }
    99. 

  99. 

  100. UA_Byte
    101. 

  101. getUserAccessLevel_default(const UA_NodeId *sessionId, void *sessionContext,
    102. 

  102.                            const UA_NodeId *nodeId, void *nodeContext) {
    103. 

  103.     return 0xFF;
    104. 

  104. }
    105. 

  105. 

  106. UA_Boolean
    107. 

  107. getUserExecutable_default(const UA_NodeId *sessionId, void *sessionContext,
    108. 

  108.                           const UA_NodeId *methodId, void *methodContext) {
    109. 

  109.     return true;
    110. 

  110. }
    111. 

  111. 

  112. UA_Boolean
    113. 

  113. getUserExecutableOnObject_default(const UA_NodeId *sessionId, void *sessionContext,
    114. 

  114.                                   const UA_NodeId *methodId, void *methodContext,
    115. 

  115.                                   const UA_NodeId *objectId, void *objectContext) {
    116. 

  116.     return true;
    117. 

  117. }
    118. 

  118. 

  119. UA_Boolean
    120. 

  120. allowAddNode_default(const UA_NodeId *sessionId, void *sessionContext,
    121. 

  121.                      const UA_AddNodesItem *item) {
    122. 

  122.     return true;
    123. 

  123. }
    124. 

  124. 

  125. UA_Boolean
    126. 

  126. allowAddReference_default(const UA_NodeId *sessionId, void *sessionContext,
    127. 

  127.                           const UA_AddReferencesItem *item) {
    128. 

  128.     return true;
    129. 

  129. }
    130. 

  130. 

  131. UA_Boolean
    132. 

  132. allowDeleteNode_default(const UA_NodeId *sessionId, void *sessionContext,
    133. 

  133.                         const UA_DeleteNodesItem *item) {
    134. 

  134.     return true;
    135. 

  135. }
    136. 

  136.       
    137. 

  137. UA_Boolean
    138. 

  138. allowDeleteReference_default(const UA_NodeId *sessionId, void *sessionContext,
    139. 

  139.                              const UA_DeleteReferencesItem *item) {
    140. 

  140.     return true;
    141. 

  141. }
    142. 

  142.