12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061626364656667686970717273747576777879808182838485868788899091929394959697 |
- /* This Source Code Form is subject to the terms of the Mozilla Public
- * License, v. 2.0. If a copy of the MPL was not distributed with this
- * file, You can obtain one at http://mozilla.org/MPL/2.0/.
- *
- * Copyright 2017 (c) Fraunhofer IOSB (Author: Julius Pfrommer)
- * Copyright 2017 (c) Stefan Profanter, fortiss GmbH
- */
- #ifndef UA_PLUGIN_ACCESS_CONTROL_H_
- #define UA_PLUGIN_ACCESS_CONTROL_H_
- #include "ua_types.h"
- #include "ua_server.h"
- _UA_BEGIN_DECLS
- struct UA_AccessControl;
- typedef struct UA_AccessControl UA_AccessControl;
- /**
- * .. _access-control:
- *
- * Access Control Plugin API
- * =========================
- * The access control callback is used to authenticate sessions and grant access
- * rights accordingly. */
- struct UA_AccessControl {
- void *context;
- void (*deleteMembers)(UA_AccessControl *ac);
- /* Supported login mechanisms. The server endpoints are created from here. */
- size_t userTokenPoliciesSize;
- UA_UserTokenPolicy *userTokenPolicies;
-
- /* Authenticate a session. The session context is attached to the session
- * and later passed into the node-based access control callbacks. The new
- * session is rejected if a StatusCode other than UA_STATUSCODE_GOOD is
- * returned. */
- UA_StatusCode (*activateSession)(UA_Server *server, UA_AccessControl *ac,
- const UA_EndpointDescription *endpointDescription,
- const UA_ByteString *secureChannelRemoteCertificate,
- const UA_NodeId *sessionId,
- const UA_ExtensionObject *userIdentityToken,
- void **sessionContext);
- /* Deauthenticate a session and cleanup */
- void (*closeSession)(UA_Server *server, UA_AccessControl *ac,
- const UA_NodeId *sessionId, void *sessionContext);
- /* Access control for all nodes*/
- UA_UInt32 (*getUserRightsMask)(UA_Server *server, UA_AccessControl *ac,
- const UA_NodeId *sessionId, void *sessionContext,
- const UA_NodeId *nodeId, void *nodeContext);
- /* Additional access control for variable nodes */
- UA_Byte (*getUserAccessLevel)(UA_Server *server, UA_AccessControl *ac,
- const UA_NodeId *sessionId, void *sessionContext,
- const UA_NodeId *nodeId, void *nodeContext);
- /* Additional access control for method nodes */
- UA_Boolean (*getUserExecutable)(UA_Server *server, UA_AccessControl *ac,
- const UA_NodeId *sessionId, void *sessionContext,
- const UA_NodeId *methodId, void *methodContext);
- /* Additional access control for calling a method node in the context of a
- * specific object */
- UA_Boolean (*getUserExecutableOnObject)(UA_Server *server, UA_AccessControl *ac,
- const UA_NodeId *sessionId, void *sessionContext,
- const UA_NodeId *methodId, void *methodContext,
- const UA_NodeId *objectId, void *objectContext);
- /* Allow adding a node */
- UA_Boolean (*allowAddNode)(UA_Server *server, UA_AccessControl *ac,
- const UA_NodeId *sessionId, void *sessionContext,
- const UA_AddNodesItem *item);
- /* Allow adding a reference */
- UA_Boolean (*allowAddReference)(UA_Server *server, UA_AccessControl *ac,
- const UA_NodeId *sessionId, void *sessionContext,
- const UA_AddReferencesItem *item);
- /* Allow deleting a node */
- UA_Boolean (*allowDeleteNode)(UA_Server *server, UA_AccessControl *ac,
- const UA_NodeId *sessionId, void *sessionContext,
- const UA_DeleteNodesItem *item);
- /* Allow deleting a reference */
- UA_Boolean (*allowDeleteReference)(UA_Server *server, UA_AccessControl *ac,
- const UA_NodeId *sessionId, void *sessionContext,
- const UA_DeleteReferencesItem *item);
- };
- _UA_END_DECLS
- #endif /* UA_PLUGIN_ACCESS_CONTROL_H_ */
|