High Performance OPC UA Server SDK
1.7.1.383
|
This backend implements RolePermissions as described by the OPC Specification, Part 18 Role-Based Security. More...
Data Structures | |
struct | ua_nodepermission_idx |
struct | ua_nodepermissions_static |
struct | ua_role |
This struct represents a role inside the server. More... | |
struct | ua_role_numeric_identity |
struct to use with ua_role_add_numeric_identities More... | |
Enumerations | |
enum | ua_role_flag { UA_ROLE_FLAG_SOURCE_CONFIGFILE = 1, UA_ROLE_FLAG_SOURCE_ADDRSPACE = 2, UA_ROLE_FLAG_SOURCE_STATIC_ADDRSPACE = 4 } |
Flags a role might have. More... | |
enum | ua_role_mode { UA_ROLE_MODE_IGNORE = 0, UA_ROLE_MODE_INCLUDE = 1, UA_ROLE_MODE_EXCLUDE = 2 } |
Mode for the endpoints/applications array of a role. More... | |
enum | ua_role_property { UA_ROLE_PROPERTY_IDENTITIES = 1, UA_ROLE_PROPERTY_APPLICATIONS = 2, UA_ROLE_PROPERTY_APPLICATIONS_EXCLUDE = 3, UA_ROLE_PROPERTY_ENDPOINTS = 4, UA_ROLE_PROPERTY_ENDPOINTS_EXCLUDE = 5, UA_ROLE_PROPERTY_CUSTOM_CONFIGURATION = 6 } |
Functions | |
SERVER_NO_EXPORT int | ua_role_find_roles_for_user (struct ua_user_ctx *user_ctx, const struct uasession_user_info *user_info, const struct uasession_session *session, const struct uasession_channel *channel, const struct uasession_msg_ctxt *msg_ctx) |
SERVER_EXPORT int | ua_nodepermissions_register_static (const struct ua_nodepermissions_static *static_perm) |
Register a static nodepermission table. More... | |
SERVER_EXPORT SDK_INTERNAL int | ua_nodepermissions_init (void) |
SERVER_EXPORT SDK_INTERNAL void | ua_nodepermissions_clear (void) |
SERVER_EXPORT int | ua_role_add_role (const struct ua_nodeid *role_nodeid) |
Add a new role to the internal role management. More... | |
SERVER_EXPORT int | ua_role_set_name (int role_id, const char *name, uint16_t nsidx) |
Set the name of a role. More... | |
SERVER_EXPORT const struct ua_role * | ua_role_get_roles (uint32_t *num_roles) |
Returns the array of internal roles. More... | |
SERVER_EXPORT int | ua_role_add_identity (int role_id, enum ua_identitycriteriatype type, const char *criteria) |
Add an additional identity to a role. | |
SERVER_EXPORT int | ua_role_add_numeric_identities (const struct ua_role_numeric_identity *identities, uint32_t num_identities, bool create_role) |
Helper function to add identities for roles with numeric Nodeids from code. More... | |
SERVER_EXPORT int | ua_role_set_identities (int role_id, const struct ua_identitymappingruletype *identities, uint32_t num_identities) |
Get the identies which the roles is mapped to. More... | |
SERVER_EXPORT const struct ua_identitymappingruletype * | ua_role_get_identities (int role_id, uint32_t *num_identities) |
Get the identies which the roles is mapped to. More... | |
SERVER_EXPORT int | ua_role_set_flag (int role_id, enum ua_role_flag flag) |
Add the given flag to the flags member of the role. | |
SERVER_EXPORT int | ua_role_get_flags (int role_id) |
Returns the flags set at a role. More... | |
SERVER_EXPORT bool | ua_role_has_flag (int role_id, enum ua_role_flag flag) |
Returns true if the given flag is set at the role. | |
SERVER_EXPORT int | ua_role_set_ignore_permissions (int role_id, bool ignore_permissions) |
If true permission checks are ignored and all permissions are granted to users having this role. More... | |
SERVER_EXPORT bool | ua_role_get_ignore_permissions (int role_id) |
Get the value of ignore_permissions for a role. | |
SERVER_EXPORT int | ua_role_set_custom_configuration (int role_id, bool custom_configuration) |
Set the value of the custom_configuration member of a role. More... | |
SERVER_EXPORT bool | ua_role_get_custom_configuration (int role_id) |
Get the value of custom_configuration for a role. | |
SERVER_EXPORT int | ua_role_set_endpoints (int role_id, const struct ua_endpointtype *endpoints, uint32_t num_endpoints, enum ua_role_mode endpoints_mode) |
Set the endpoints array of a role. | |
SERVER_EXPORT const struct ua_endpointtype * | ua_role_get_endpoints (int role_id, uint32_t *num_endpoints, enum ua_role_mode *endpoints_mode) |
Get the endpoints array of a role. | |
SERVER_EXPORT int | ua_role_set_applications (int role_id, const struct ua_string *applications, uint32_t num_applications, enum ua_role_mode applications_mode) |
Set the applications array of a role. | |
SERVER_EXPORT const struct ua_string * | ua_role_get_applications (int role_id, uint32_t *num_applications, enum ua_role_mode *applications_mode) |
Get the applications array of a role. | |
SERVER_EXPORT int | ua_role_load_from_addressspace (void) |
Iterate through all roles in the address space and create local roles that do not already exist. More... | |
SERVER_EXPORT int | ua_role_synchronize_roles (void) |
Synchronize and validate the internal roles with the role objects in the address space. More... | |
SERVER_NO_EXPORT ua_statuscode | ua_role_read_property (int role_id, enum ua_role_property property, struct ua_variant *result) |
SERVER_NO_EXPORT struct util_vector * | ua_role_get_roles_internal (void) |
SERVER_NO_EXPORT int | ua_role_init (void) |
SERVER_NO_EXPORT void | ua_role_clear (void) |
SERVER_EXPORT int | ua_rolestorage_load_from_file (const char *filename) |
Loads the role configuration from a suitable configuration file into the local role management. More... | |
SERVER_EXPORT int | ua_rolestorage_save_to_file (const char *filename, const struct ua_role *roles, uint32_t num_roles) |
Save an array of roles to a file. More... | |
This backend implements RolePermissions as described by the OPC Specification, Part 18 Role-Based Security.
enum ua_role_flag |
enum ua_role_mode |
Mode for the endpoints/applications array of a role.
SERVER_EXPORT int ua_nodepermissions_register_static | ( | const struct ua_nodepermissions_static * | static_perm | ) |
Register a static nodepermission table.
This function is called from code generated by the xml2c tool, it should not be necessary to it from normal application code.
This function can only be called once and only before dynamic nodepermissions are registered.
static_perm | Structure with the table information. |
SERVER_EXPORT int ua_role_add_numeric_identities | ( | const struct ua_role_numeric_identity * | identities, |
uint32_t | num_identities, | ||
bool | create_role | ||
) |
Helper function to add identities for roles with numeric Nodeids from code.
This function is recommended when the roles configuration file cannot be used to load the identity mappings.
SERVER_EXPORT int ua_role_add_role | ( | const struct ua_nodeid * | role_nodeid | ) |
Add a new role to the internal role management.
New roles are created with the follwing defaults for its members:
If a role with the same nodeid already exists, it is not created but instead the role_id of the existing role is returned.
If a matching role object does not exist in the address space, at least the name of the role must be set with ua_role_set_name and if the role is added after server initialization ua_role_synchronize_roles must be called.
role_nodeid | The nodeid is the unique identifer of the role and is assigned to the role object in the address space when it is created. |
SERVER_EXPORT int ua_role_get_flags | ( | int | role_id | ) |
Returns the flags set at a role.
SERVER_EXPORT const struct ua_identitymappingruletype* ua_role_get_identities | ( | int | role_id, |
uint32_t * | num_identities | ||
) |
Get the identies which the roles is mapped to.
SERVER_EXPORT const struct ua_role* ua_role_get_roles | ( | uint32_t * | num_roles | ) |
Returns the array of internal roles.
This array must not be modified and it is only valid in the synchronous result. For accessing members of a role the respective getter/setter function should be used instead, this function should only be used if the complete raw array is needed e.g. for ua_rolestorage_save_to_file.
num_roles | Returns the number of roles in the array. |
SERVER_EXPORT int ua_role_load_from_addressspace | ( | void | ) |
Iterate through all roles in the address space and create local roles that do not already exist.
SERVER_EXPORT int ua_role_set_custom_configuration | ( | int | role_id, |
bool | custom_configuration | ||
) |
Set the value of the custom_configuration member of a role.
This value is only used for the CustomConfiguration Property of that role in the address space, it does not change any behavior in the SDK. For more information on that Property see the OPC Specification, Part 18 Role-Based Security.
SERVER_EXPORT int ua_role_set_identities | ( | int | role_id, |
const struct ua_identitymappingruletype * | identities, | ||
uint32_t | num_identities | ||
) |
Get the identies which the roles is mapped to.
SERVER_EXPORT int ua_role_set_ignore_permissions | ( | int | role_id, |
bool | ignore_permissions | ||
) |
If true permission checks are ignored and all permissions are granted to users having this role.
Note: Use with care.
AccessRestrictions are still applied, so access to certain nodes may still not be possible, even though ignore_permissions is true for a user.
SERVER_EXPORT int ua_role_set_name | ( | int | role_id, |
const char * | name, | ||
uint16_t | nsidx | ||
) |
Set the name of a role.
The name is used as the browsename for the role object in the address space.
role_id | The internal id of the role. |
name | Text part of the browsename. |
nsidx | namespace index of the browsename. |
SERVER_EXPORT int ua_role_synchronize_roles | ( | void | ) |
Synchronize and validate the internal roles with the role objects in the address space.
This function is called by the SDK during uaserver_init after the user_management callback is called, so it is usually not necessay for applications to call this function. However if roles are added after startup, either by adding roles to the server internal role management or by adding roles in the address space, it should be called manually.
This function does a few things:
SERVER_EXPORT int ua_rolestorage_load_from_file | ( | const char * | filename | ) |
Loads the role configuration from a suitable configuration file into the local role management.
In case of an error already loaded roles and properties are not reverted.
filename | Path of the configuration file. |
SERVER_EXPORT int ua_rolestorage_save_to_file | ( | const char * | filename, |
const struct ua_role * | roles, | ||
uint32_t | num_roles | ||
) |
Save an array of roles to a file.
To store the current local roles use ua_role_get_roles to retrive these and pass them to this function.
filename | Path to save role configuration to. |
roles | Array of roles to save. |
num_roles | Number of roles to save. |