ext/open62541/include/open62541/plugin/accesscontrol.h - a71ch-crypto-support - Git at Google

 /* This Source Code Form is subject to the terms of the Mozilla Public
  * License, v. 2.0. If a copy of the MPL was not distributed with this
  * file, You can obtain one at http://mozilla.org/MPL/2.0/.
  *
  *    Copyright 2017 (c) Fraunhofer IOSB (Author: Julius Pfrommer)
  *    Copyright 2017 (c) Stefan Profanter, fortiss GmbH
  */

 #ifndef UA_PLUGIN_ACCESS_CONTROL_H_
 #define UA_PLUGIN_ACCESS_CONTROL_H_

 #include <open62541/server.h>

 _UA_BEGIN_DECLS

 struct UA_AccessControl;
 typedef struct UA_AccessControl UA_AccessControl;

 /**
  * .. _access-control:
  *
  * Access Control Plugin API
  * =========================
  * The access control callback is used to authenticate sessions and grant access
  * rights accordingly. */

 struct UA_AccessControl {
     void *context;
     void (*deleteMembers)(UA_AccessControl *ac);

     /* Supported login mechanisms. The server endpoints are created from here. */
     size_t userTokenPoliciesSize;
     UA_UserTokenPolicy *userTokenPolicies;

     /* Authenticate a session. The session context is attached to the session
      * and later passed into the node-based access control callbacks. The new
      * session is rejected if a StatusCode other than UA_STATUSCODE_GOOD is
      * returned. */
     UA_StatusCode (*activateSession)(UA_Server *server, UA_AccessControl *ac,
                                      const UA_EndpointDescription *endpointDescription,
                                      const UA_ByteString *secureChannelRemoteCertificate,
                                      const UA_NodeId *sessionId,
                                      const UA_ExtensionObject *userIdentityToken,
                                      void **sessionContext);

     /* Deauthenticate a session and cleanup */
     void (*closeSession)(UA_Server *server, UA_AccessControl *ac,
                          const UA_NodeId *sessionId, void *sessionContext);

     /* Access control for all nodes*/
     UA_UInt32 (*getUserRightsMask)(UA_Server *server, UA_AccessControl *ac,
                                    const UA_NodeId *sessionId, void *sessionContext,
                                    const UA_NodeId *nodeId, void *nodeContext);

     /* Additional access control for variable nodes */
     UA_Byte (*getUserAccessLevel)(UA_Server *server, UA_AccessControl *ac,
                                   const UA_NodeId *sessionId, void *sessionContext,
                                   const UA_NodeId *nodeId, void *nodeContext);

     /* Additional access control for method nodes */
     UA_Boolean (*getUserExecutable)(UA_Server *server, UA_AccessControl *ac,
                                     const UA_NodeId *sessionId, void *sessionContext,
                                     const UA_NodeId *methodId, void *methodContext);

     /* Additional access control for calling a method node in the context of a
      * specific object */
     UA_Boolean (*getUserExecutableOnObject)(UA_Server *server, UA_AccessControl *ac,
                                             const UA_NodeId *sessionId, void *sessionContext,
                                             const UA_NodeId *methodId, void *methodContext,
                                             const UA_NodeId *objectId, void *objectContext);

     /* Allow adding a node */
     UA_Boolean (*allowAddNode)(UA_Server *server, UA_AccessControl *ac,
                                const UA_NodeId *sessionId, void *sessionContext,
                                const UA_AddNodesItem *item);

     /* Allow adding a reference */
     UA_Boolean (*allowAddReference)(UA_Server *server, UA_AccessControl *ac,
                                     const UA_NodeId *sessionId, void *sessionContext,
                                     const UA_AddReferencesItem *item);

     /* Allow deleting a node */
     UA_Boolean (*allowDeleteNode)(UA_Server *server, UA_AccessControl *ac,
                                   const UA_NodeId *sessionId, void *sessionContext,
                                   const UA_DeleteNodesItem *item);

     /* Allow deleting a reference */
     UA_Boolean (*allowDeleteReference)(UA_Server *server, UA_AccessControl *ac,
                                        const UA_NodeId *sessionId, void *sessionContext,
                                        const UA_DeleteReferencesItem *item);
 #ifdef UA_ENABLE_HISTORIZING
     /* Allow insert,replace,update of historical data */
     UA_Boolean (*allowHistoryUpdateUpdateData)(UA_Server *server, UA_AccessControl *ac,
                                                const UA_NodeId *sessionId, void *sessionContext,
                                                const UA_NodeId *nodeId,
                                                UA_PerformUpdateType performInsertReplace,
                                                const UA_DataValue *value);

     /* Allow delete of historical data */
     UA_Boolean (*allowHistoryUpdateDeleteRawModified)(UA_Server *server, UA_AccessControl *ac,
                                                       const UA_NodeId *sessionId, void *sessionContext,
                                                       const UA_NodeId *nodeId,
                                                       UA_DateTime startTimestamp,
                                                       UA_DateTime endTimestamp,
                                                       bool isDeleteModified);
 #endif
 };

 _UA_END_DECLS

 #endif /* UA_PLUGIN_ACCESS_CONTROL_H_ */
	/* This Source Code Form is subject to the terms of the Mozilla Public
	* License, v. 2.0. If a copy of the MPL was not distributed with this
	* file, You can obtain one at http://mozilla.org/MPL/2.0/.
	*
	* Copyright 2017 (c) Fraunhofer IOSB (Author: Julius Pfrommer)
	* Copyright 2017 (c) Stefan Profanter, fortiss GmbH
	*/

	#ifndef UA_PLUGIN_ACCESS_CONTROL_H_
	#define UA_PLUGIN_ACCESS_CONTROL_H_

	#include <open62541/server.h>

	_UA_BEGIN_DECLS

	struct UA_AccessControl;
	typedef struct UA_AccessControl UA_AccessControl;

	/**
	* .. _access-control:
	*
	* Access Control Plugin API
	* =========================
	* The access control callback is used to authenticate sessions and grant access
	* rights accordingly. */

	struct UA_AccessControl {
	void *context;
	void (deleteMembers)(UA_AccessControl ac);

	/* Supported login mechanisms. The server endpoints are created from here. */
	size_t userTokenPoliciesSize;
	UA_UserTokenPolicy *userTokenPolicies;

	/* Authenticate a session. The session context is attached to the session
	* and later passed into the node-based access control callbacks. The new
	* session is rejected if a StatusCode other than UA_STATUSCODE_GOOD is
	* returned. */
	UA_StatusCode (activateSession)(UA_Server server, UA_AccessControl *ac,
	const UA_EndpointDescription *endpointDescription,
	const UA_ByteString *secureChannelRemoteCertificate,
	const UA_NodeId *sessionId,
	const UA_ExtensionObject *userIdentityToken,
	void **sessionContext);

	/* Deauthenticate a session and cleanup */
	void (closeSession)(UA_Server server, UA_AccessControl *ac,
	const UA_NodeId sessionId, void sessionContext);

	/* Access control for all nodes*/
	UA_UInt32 (getUserRightsMask)(UA_Server server, UA_AccessControl *ac,
	const UA_NodeId sessionId, void sessionContext,
	const UA_NodeId nodeId, void nodeContext);

	/* Additional access control for variable nodes */
	UA_Byte (getUserAccessLevel)(UA_Server server, UA_AccessControl *ac,
	const UA_NodeId sessionId, void sessionContext,
	const UA_NodeId nodeId, void nodeContext);

	/* Additional access control for method nodes */
	UA_Boolean (getUserExecutable)(UA_Server server, UA_AccessControl *ac,
	const UA_NodeId sessionId, void sessionContext,
	const UA_NodeId methodId, void methodContext);

	/* Additional access control for calling a method node in the context of a
	* specific object */
	UA_Boolean (getUserExecutableOnObject)(UA_Server server, UA_AccessControl *ac,
	const UA_NodeId sessionId, void sessionContext,
	const UA_NodeId methodId, void methodContext,
	const UA_NodeId objectId, void objectContext);

	/* Allow adding a node */
	UA_Boolean (allowAddNode)(UA_Server server, UA_AccessControl *ac,
	const UA_NodeId sessionId, void sessionContext,
	const UA_AddNodesItem *item);

	/* Allow adding a reference */
	UA_Boolean (allowAddReference)(UA_Server server, UA_AccessControl *ac,
	const UA_NodeId sessionId, void sessionContext,
	const UA_AddReferencesItem *item);

	/* Allow deleting a node */
	UA_Boolean (allowDeleteNode)(UA_Server server, UA_AccessControl *ac,
	const UA_NodeId sessionId, void sessionContext,
	const UA_DeleteNodesItem *item);

	/* Allow deleting a reference */
	UA_Boolean (allowDeleteReference)(UA_Server server, UA_AccessControl *ac,
	const UA_NodeId sessionId, void sessionContext,
	const UA_DeleteReferencesItem *item);
	#ifdef UA_ENABLE_HISTORIZING
	/* Allow insert,replace,update of historical data */
	UA_Boolean (allowHistoryUpdateUpdateData)(UA_Server server, UA_AccessControl *ac,
	const UA_NodeId sessionId, void sessionContext,
	const UA_NodeId *nodeId,
	UA_PerformUpdateType performInsertReplace,
	const UA_DataValue *value);

	/* Allow delete of historical data */
	UA_Boolean (allowHistoryUpdateDeleteRawModified)(UA_Server server, UA_AccessControl *ac,
	const UA_NodeId sessionId, void sessionContext,
	const UA_NodeId *nodeId,
	UA_DateTime startTimestamp,
	UA_DateTime endTimestamp,
	bool isDeleteModified);
	#endif
	};

	_UA_END_DECLS

	#endif /* UA_PLUGIN_ACCESS_CONTROL_H_ */