ua_accesscontrol_default.c 4.1 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115
  1. /* This work is licensed under a Creative Commons CCZero 1.0 Universal License.
  2. * See http://creativecommons.org/publicdomain/zero/1.0/ for more information. */
  3. #include "ua_accesscontrol_default.h"
  4. /* We allow login anonymous and with the following username / password. The
  5. * access rights are maximally permissive in this example plugin. */
  6. #define ANONYMOUS_POLICY "open62541-anonymous-policy"
  7. #define USERNAME_POLICY "open62541-username-policy"
  8. #define UA_STRING_STATIC(s) {sizeof(s)-1, (UA_Byte*)s}
  9. const UA_String anonymous_policy = UA_STRING_STATIC(ANONYMOUS_POLICY);
  10. const UA_String username_policy = UA_STRING_STATIC(USERNAME_POLICY);
  11. UA_StatusCode
  12. activateSession_default(const UA_NodeId *sessionId, const UA_ExtensionObject *userIdentityToken,
  13. void **sessionHandle) {
  14. /* Could the token be decoded? */
  15. if(userIdentityToken->encoding < UA_EXTENSIONOBJECT_DECODED)
  16. return UA_STATUSCODE_BADIDENTITYTOKENINVALID;
  17. /* anonymous login */
  18. if(enableAnonymousLogin &&
  19. userIdentityToken->content.decoded.type == &UA_TYPES[UA_TYPES_ANONYMOUSIDENTITYTOKEN]) {
  20. const UA_AnonymousIdentityToken *token = userIdentityToken->content.decoded.data;
  21. /* Compatibility notice: Siemens OPC Scout v10 provides an empty
  22. * policyId. This is not compliant. For compatibility we will assume
  23. * that empty policyId == ANONYMOUS_POLICY */
  24. if(token->policyId.data && !UA_String_equal(&token->policyId, &anonymous_policy))
  25. return UA_STATUSCODE_BADIDENTITYTOKENINVALID;
  26. *sessionHandle = NULL;
  27. return UA_STATUSCODE_GOOD;
  28. }
  29. /* username and password */
  30. if(enableUsernamePasswordLogin &&
  31. userIdentityToken->content.decoded.type == &UA_TYPES[UA_TYPES_USERNAMEIDENTITYTOKEN]) {
  32. const UA_UserNameIdentityToken *token = userIdentityToken->content.decoded.data;
  33. if(!UA_String_equal(&token->policyId, &username_policy))
  34. return UA_STATUSCODE_BADIDENTITYTOKENINVALID;
  35. /* empty username and password */
  36. if(token->userName.length == 0 && token->password.length == 0)
  37. return UA_STATUSCODE_BADIDENTITYTOKENINVALID;
  38. /* trying to match pw/username */
  39. UA_Boolean match = false;
  40. for(size_t i = 0; i < usernamePasswordsSize; i++) {
  41. const UA_String *user = &usernamePasswords[i].username;
  42. const UA_String *pw = &usernamePasswords[i].password;
  43. if(UA_String_equal(&token->userName, user) && UA_String_equal(&token->password, pw)) {
  44. match = true;
  45. break;
  46. }
  47. }
  48. if(!match)
  49. return UA_STATUSCODE_BADUSERACCESSDENIED;
  50. *sessionHandle = NULL;
  51. return UA_STATUSCODE_GOOD;
  52. }
  53. /* Unsupported token type */
  54. return UA_STATUSCODE_BADIDENTITYTOKENINVALID;
  55. }
  56. void
  57. closeSession_default(const UA_NodeId *sessionId, void *sessionHandle) {
  58. /* no handle to clean up */
  59. }
  60. UA_UInt32
  61. getUserRightsMask_default(const UA_NodeId *sessionId, void *sessionHandle, const UA_NodeId *nodeId) {
  62. return 0xFFFFFFFF;
  63. }
  64. UA_Byte
  65. getUserAccessLevel_default(const UA_NodeId *sessionId, void *sessionHandle, const UA_NodeId *nodeId) {
  66. return 0xFF;
  67. }
  68. UA_Boolean
  69. getUserExecutable_default(const UA_NodeId *sessionId, void *sessionHandle, const UA_NodeId *nodeId) {
  70. return true;
  71. }
  72. UA_Boolean
  73. getUserExecutableOnObject_default(const UA_NodeId *sessionId, void *sessionHandle,
  74. const UA_NodeId *methodId, const UA_NodeId *objectId) {
  75. return true;
  76. }
  77. UA_Boolean
  78. allowAddNode_default(const UA_NodeId *sessionId, void *sessionHandle, const UA_AddNodesItem *item) {
  79. return true;
  80. }
  81. UA_Boolean
  82. allowAddReference_default(const UA_NodeId *sessionId, void *sessionHandle, const UA_AddReferencesItem *item) {
  83. return true;
  84. }
  85. UA_Boolean
  86. allowDeleteNode_default(const UA_NodeId *sessionId, void *sessionHandle, const UA_DeleteNodesItem *item) {
  87. return true;
  88. }
  89. UA_Boolean
  90. allowDeleteReference_default(const UA_NodeId *sessionId, void *sessionHandle, const UA_DeleteReferencesItem *item) {
  91. return true;
  92. }