| /* This Source Code Form is subject to the terms of the Mozilla Public |
| * License, v. 2.0. If a copy of the MPL was not distributed with this |
| * file, You can obtain one at http://mozilla.org/MPL/2.0/. |
| * |
| * Copyright 2017 (c) Fraunhofer IOSB (Author: Julius Pfrommer) |
| * Copyright 2017 (c) Stefan Profanter, fortiss GmbH |
| */ |
| |
| #ifndef UA_PLUGIN_ACCESS_CONTROL_H_ |
| #define UA_PLUGIN_ACCESS_CONTROL_H_ |
| |
| #include <open62541/server.h> |
| |
| _UA_BEGIN_DECLS |
| |
| struct UA_AccessControl; |
| typedef struct UA_AccessControl UA_AccessControl; |
| |
| /** |
| * .. _access-control: |
| * |
| * Access Control Plugin API |
| * ========================= |
| * The access control callback is used to authenticate sessions and grant access |
| * rights accordingly. */ |
| |
| struct UA_AccessControl { |
| void *context; |
| void (*deleteMembers)(UA_AccessControl *ac); |
| |
| /* Supported login mechanisms. The server endpoints are created from here. */ |
| size_t userTokenPoliciesSize; |
| UA_UserTokenPolicy *userTokenPolicies; |
| |
| /* Authenticate a session. The session context is attached to the session |
| * and later passed into the node-based access control callbacks. The new |
| * session is rejected if a StatusCode other than UA_STATUSCODE_GOOD is |
| * returned. */ |
| UA_StatusCode (*activateSession)(UA_Server *server, UA_AccessControl *ac, |
| const UA_EndpointDescription *endpointDescription, |
| const UA_ByteString *secureChannelRemoteCertificate, |
| const UA_NodeId *sessionId, |
| const UA_ExtensionObject *userIdentityToken, |
| void **sessionContext); |
| |
| /* Deauthenticate a session and cleanup */ |
| void (*closeSession)(UA_Server *server, UA_AccessControl *ac, |
| const UA_NodeId *sessionId, void *sessionContext); |
| |
| /* Access control for all nodes*/ |
| UA_UInt32 (*getUserRightsMask)(UA_Server *server, UA_AccessControl *ac, |
| const UA_NodeId *sessionId, void *sessionContext, |
| const UA_NodeId *nodeId, void *nodeContext); |
| |
| /* Additional access control for variable nodes */ |
| UA_Byte (*getUserAccessLevel)(UA_Server *server, UA_AccessControl *ac, |
| const UA_NodeId *sessionId, void *sessionContext, |
| const UA_NodeId *nodeId, void *nodeContext); |
| |
| /* Additional access control for method nodes */ |
| UA_Boolean (*getUserExecutable)(UA_Server *server, UA_AccessControl *ac, |
| const UA_NodeId *sessionId, void *sessionContext, |
| const UA_NodeId *methodId, void *methodContext); |
| |
| /* Additional access control for calling a method node in the context of a |
| * specific object */ |
| UA_Boolean (*getUserExecutableOnObject)(UA_Server *server, UA_AccessControl *ac, |
| const UA_NodeId *sessionId, void *sessionContext, |
| const UA_NodeId *methodId, void *methodContext, |
| const UA_NodeId *objectId, void *objectContext); |
| |
| /* Allow adding a node */ |
| UA_Boolean (*allowAddNode)(UA_Server *server, UA_AccessControl *ac, |
| const UA_NodeId *sessionId, void *sessionContext, |
| const UA_AddNodesItem *item); |
| |
| /* Allow adding a reference */ |
| UA_Boolean (*allowAddReference)(UA_Server *server, UA_AccessControl *ac, |
| const UA_NodeId *sessionId, void *sessionContext, |
| const UA_AddReferencesItem *item); |
| |
| /* Allow deleting a node */ |
| UA_Boolean (*allowDeleteNode)(UA_Server *server, UA_AccessControl *ac, |
| const UA_NodeId *sessionId, void *sessionContext, |
| const UA_DeleteNodesItem *item); |
| |
| /* Allow deleting a reference */ |
| UA_Boolean (*allowDeleteReference)(UA_Server *server, UA_AccessControl *ac, |
| const UA_NodeId *sessionId, void *sessionContext, |
| const UA_DeleteReferencesItem *item); |
| #ifdef UA_ENABLE_HISTORIZING |
| /* Allow insert,replace,update of historical data */ |
| UA_Boolean (*allowHistoryUpdateUpdateData)(UA_Server *server, UA_AccessControl *ac, |
| const UA_NodeId *sessionId, void *sessionContext, |
| const UA_NodeId *nodeId, |
| UA_PerformUpdateType performInsertReplace, |
| const UA_DataValue *value); |
| |
| /* Allow delete of historical data */ |
| UA_Boolean (*allowHistoryUpdateDeleteRawModified)(UA_Server *server, UA_AccessControl *ac, |
| const UA_NodeId *sessionId, void *sessionContext, |
| const UA_NodeId *nodeId, |
| UA_DateTime startTimestamp, |
| UA_DateTime endTimestamp, |
| bool isDeleteModified); |
| #endif |
| }; |
| |
| _UA_END_DECLS |
| |
| #endif /* UA_PLUGIN_ACCESS_CONTROL_H_ */ |