open62541pp/open62541/accesscontrol_8h_source.html

/** This Source Code Form is subject to the terms of the Mozilla Public

 * License, v. 2.0. If a copy of the MPL was not distributed with this

 * file, You can obtain one at http://mozilla.org/MPL/2.0/.

 *

 *    Copyright 2017 (c) Fraunhofer IOSB (Author: Julius Pfrommer)

 *    Copyright 2017 (c) Stefan Profanter, fortiss GmbH

 */


#ifndef UA_PLUGIN_ACCESS_CONTROL_H_

#define UA_PLUGIN_ACCESS_CONTROL_H_


#include <open62541/util.h>


_UA_BEGIN_DECLS


struct UA_AccessControl;

typedef struct UA_AccessControl UA_AccessControl;


struct UA_AccessControl {

    void *context;

    void (*clear)(UA_AccessControl *ac);


    /* Supported login mechanisms. The server endpoints are created from here. */

    size_t userTokenPoliciesSize;

    UA_UserTokenPolicy *userTokenPolicies;


    /* Authenticate a session. The session context is attached to the session

     * and later passed into the node-based access control callbacks. The new

     * session is rejected if a StatusCode other than UA_STATUSCODE_GOOD is

     * returned.

     *

     * Note that this callback can be called several times for a Session. For

     * example when a Session is recovered (activated) on a new

     * SecureChannel. */

    UA_StatusCode (*activateSession)(UA_Server *server, UA_AccessControl *ac,

                                     const UA_EndpointDescription *endpointDescription,

                                     const UA_ByteString *secureChannelRemoteCertificate,

                                     const UA_NodeId *sessionId,

                                     const UA_ExtensionObject *userIdentityToken,

                                     void **sessionContext);


    /* Deauthenticate a session and cleanup */

    void (*closeSession)(UA_Server *server, UA_AccessControl *ac,

                         const UA_NodeId *sessionId, void *sessionContext);


    /* Access control for all nodes*/

    UA_UInt32 (*getUserRightsMask)(UA_Server *server, UA_AccessControl *ac,

                                   const UA_NodeId *sessionId, void *sessionContext,

                                   const UA_NodeId *nodeId, void *nodeContext);


    /* Additional access control for variable nodes */

    UA_Byte (*getUserAccessLevel)(UA_Server *server, UA_AccessControl *ac,

                                  const UA_NodeId *sessionId, void *sessionContext,

                                  const UA_NodeId *nodeId, void *nodeContext);


    /* Additional access control for method nodes */

    UA_Boolean (*getUserExecutable)(UA_Server *server, UA_AccessControl *ac,

                                    const UA_NodeId *sessionId, void *sessionContext,

                                    const UA_NodeId *methodId, void *methodContext);


    /* Additional access control for calling a method node in the context of a

     * specific object */

    UA_Boolean (*getUserExecutableOnObject)(UA_Server *server, UA_AccessControl *ac,

                                            const UA_NodeId *sessionId, void *sessionContext,

                                            const UA_NodeId *methodId, void *methodContext,

                                            const UA_NodeId *objectId, void *objectContext);


    /* Allow adding a node */

    UA_Boolean (*allowAddNode)(UA_Server *server, UA_AccessControl *ac,

                               const UA_NodeId *sessionId, void *sessionContext,

                               const UA_AddNodesItem *item);


    /* Allow adding a reference */

    UA_Boolean (*allowAddReference)(UA_Server *server, UA_AccessControl *ac,

                                    const UA_NodeId *sessionId, void *sessionContext,

                                    const UA_AddReferencesItem *item);


    /* Allow deleting a node */

    UA_Boolean (*allowDeleteNode)(UA_Server *server, UA_AccessControl *ac,

                                  const UA_NodeId *sessionId, void *sessionContext,

                                  const UA_DeleteNodesItem *item);


    /* Allow deleting a reference */

    UA_Boolean (*allowDeleteReference)(UA_Server *server, UA_AccessControl *ac,

                                       const UA_NodeId *sessionId, void *sessionContext,

                                       const UA_DeleteReferencesItem *item);


    /* Allow browsing a node */

    UA_Boolean (*allowBrowseNode)(UA_Server *server, UA_AccessControl *ac,

                                  const UA_NodeId *sessionId, void *sessionContext,

                                  const UA_NodeId *nodeId, void *nodeContext);


#ifdef UA_ENABLE_SUBSCRIPTIONS

    /* Allow transfer of a subscription to another session. The Server shall

     * validate that the Client of that Session is operating on behalf of the

     * same user */

    UA_Boolean (*allowTransferSubscription)(UA_Server *server, UA_AccessControl *ac,

                                            const UA_NodeId *oldSessionId, void *oldSessionContext,

                                            const UA_NodeId *newSessionId, void *newSessionContext);

#endif


#ifdef UA_ENABLE_HISTORIZING

    /* Allow insert,replace,update of historical data */

    UA_Boolean (*allowHistoryUpdateUpdateData)(UA_Server *server, UA_AccessControl *ac,

                                               const UA_NodeId *sessionId, void *sessionContext,

                                               const UA_NodeId *nodeId,

                                               UA_PerformUpdateType performInsertReplace,

                                               const UA_DataValue *value);


    /* Allow delete of historical data */

    UA_Boolean (*allowHistoryUpdateDeleteRawModified)(UA_Server *server, UA_AccessControl *ac,

                                                      const UA_NodeId *sessionId, void *sessionContext,

                                                      const UA_NodeId *nodeId,

                                                      UA_DateTime startTimestamp,

                                                      UA_DateTime endTimestamp,

                                                      bool isDeleteModified);

#endif

};


_UA_END_DECLS


#endif /* UA_PLUGIN_ACCESS_CONTROL_H_ */

UA_Server
struct UA_Server UA_Server
Definition common.h:198

_UA_BEGIN_DECLS
#define _UA_BEGIN_DECLS
#undef UA_DEBUG_DUMP_PKGS
Definition config.h:100

_UA_END_DECLS
#define _UA_END_DECLS
Definition config.h:107

UA_AccessControl
Definition accesscontrol.h:21

UA_AccessControl::closeSession
void(* closeSession)(UA_Server *server, UA_AccessControl *ac, const UA_NodeId *sessionId, void *sessionContext)
Definition accesscontrol.h:45

UA_AccessControl::clear
void(* clear)(UA_AccessControl *ac)
Definition accesscontrol.h:23

UA_AccessControl::getUserExecutable
UA_Boolean(* getUserExecutable)(UA_Server *server, UA_AccessControl *ac, const UA_NodeId *sessionId, void *sessionContext, const UA_NodeId *methodId, void *methodContext)
Definition accesscontrol.h:59

UA_AccessControl::context
void * context
Definition accesscontrol.h:22

UA_AccessControl::allowTransferSubscription
UA_Boolean(* allowTransferSubscription)(UA_Server *server, UA_AccessControl *ac, const UA_NodeId *oldSessionId, void *oldSessionContext, const UA_NodeId *newSessionId, void *newSessionContext)
Definition accesscontrol.h:99

UA_AccessControl::getUserAccessLevel
UA_Byte(* getUserAccessLevel)(UA_Server *server, UA_AccessControl *ac, const UA_NodeId *sessionId, void *sessionContext, const UA_NodeId *nodeId, void *nodeContext)
Definition accesscontrol.h:54

UA_AccessControl::userTokenPoliciesSize
size_t userTokenPoliciesSize
Definition accesscontrol.h:26

UA_AccessControl::getUserExecutableOnObject
UA_Boolean(* getUserExecutableOnObject)(UA_Server *server, UA_AccessControl *ac, const UA_NodeId *sessionId, void *sessionContext, const UA_NodeId *methodId, void *methodContext, const UA_NodeId *objectId, void *objectContext)
Definition accesscontrol.h:65

UA_AccessControl::allowBrowseNode
UA_Boolean(* allowBrowseNode)(UA_Server *server, UA_AccessControl *ac, const UA_NodeId *sessionId, void *sessionContext, const UA_NodeId *nodeId, void *nodeContext)
Definition accesscontrol.h:91

UA_AccessControl::allowAddReference
UA_Boolean(* allowAddReference)(UA_Server *server, UA_AccessControl *ac, const UA_NodeId *sessionId, void *sessionContext, const UA_AddReferencesItem *item)
Definition accesscontrol.h:76

UA_AccessControl::allowDeleteReference
UA_Boolean(* allowDeleteReference)(UA_Server *server, UA_AccessControl *ac, const UA_NodeId *sessionId, void *sessionContext, const UA_DeleteReferencesItem *item)
Definition accesscontrol.h:86

UA_AccessControl::allowHistoryUpdateDeleteRawModified
UA_Boolean(* allowHistoryUpdateDeleteRawModified)(UA_Server *server, UA_AccessControl *ac, const UA_NodeId *sessionId, void *sessionContext, const UA_NodeId *nodeId, UA_DateTime startTimestamp, UA_DateTime endTimestamp, bool isDeleteModified)
Definition accesscontrol.h:113

UA_AccessControl::getUserRightsMask
UA_UInt32(* getUserRightsMask)(UA_Server *server, UA_AccessControl *ac, const UA_NodeId *sessionId, void *sessionContext, const UA_NodeId *nodeId, void *nodeContext)
Definition accesscontrol.h:49

UA_AccessControl::allowDeleteNode
UA_Boolean(* allowDeleteNode)(UA_Server *server, UA_AccessControl *ac, const UA_NodeId *sessionId, void *sessionContext, const UA_DeleteNodesItem *item)
Definition accesscontrol.h:81

UA_AccessControl::allowAddNode
UA_Boolean(* allowAddNode)(UA_Server *server, UA_AccessControl *ac, const UA_NodeId *sessionId, void *sessionContext, const UA_AddNodesItem *item)
Definition accesscontrol.h:71

UA_AccessControl::activateSession
UA_StatusCode(* activateSession)(UA_Server *server, UA_AccessControl *ac, const UA_EndpointDescription *endpointDescription, const UA_ByteString *secureChannelRemoteCertificate, const UA_NodeId *sessionId, const UA_ExtensionObject *userIdentityToken, void **sessionContext)
Definition accesscontrol.h:37

UA_AccessControl::userTokenPolicies
UA_UserTokenPolicy * userTokenPolicies
Definition accesscontrol.h:27

UA_AccessControl::allowHistoryUpdateUpdateData
UA_Boolean(* allowHistoryUpdateUpdateData)(UA_Server *server, UA_AccessControl *ac, const UA_NodeId *sessionId, void *sessionContext, const UA_NodeId *nodeId, UA_PerformUpdateType performInsertReplace, const UA_DataValue *value)
Definition accesscontrol.h:106

UA_AddNodesItem
AddNodesItem.
Definition types_generated.h:1926

UA_AddReferencesItem
AddReferencesItem.
Definition types_generated.h:1967

UA_DataValue
Definition types.h:758

UA_DeleteNodesItem
DeleteNodesItem.
Definition types_generated.h:1999

UA_DeleteReferencesItem
DeleteReferencesItem.
Definition types_generated.h:2027

UA_EndpointDescription
EndpointDescription.
Definition types_generated.h:1421

UA_ExtensionObject
Definition types.h:720

UA_NodeId
Definition types.h:277

UA_String
Definition types.h:119

UA_UserTokenPolicy
UserTokenPolicy.
Definition types_generated.h:1410

nodeId
char id nodeId
Definition types.h:440

UA_Boolean
_UA_BEGIN_DECLS typedef bool UA_Boolean
This Source Code Form is subject to the terms of the Mozilla Public License, v.
Definition types.h:27

UA_UInt32
uint32_t UA_UInt32
Definition types.h:57

UA_StatusCode
uint32_t UA_StatusCode
Definition types.h:82

UA_Byte
uint8_t UA_Byte
Definition types.h:37

UA_PerformUpdateType
UA_PerformUpdateType
PerformUpdateType.
Definition types_generated.h:2710

util.h