S2OPC OPCUA Toolkit
|
Defines the user manager, the applicative interface used to authenticate users, and authorize read/write operations in the address space. More...
#include <stdbool.h>
#include "sopc_builtintypes.h"
#include "sopc_pki_decl.h"
#include "sopc_user.h"
Go to the source code of this file.
Data Structures | |
struct | SOPC_UserAuthentication_Functions |
struct | SOPC_UserAuthorization_Functions |
struct | SOPC_UserAuthentication_Manager |
struct | SOPC_UserAuthorization_Manager |
Enumerations | |
enum | SOPC_UserAuthorization_OperationType { SOPC_USER_AUTHORIZATION_OPERATION_READ, SOPC_USER_AUTHORIZATION_OPERATION_WRITE, SOPC_USER_AUTHORIZATION_OPERATION_EXECUTABLE, SOPC_USER_AUTHORIZATION_OPERATION_ADDNODE } |
The operation type to authorize, see SOPC_UserAuthorization_IsAuthorizedOperation . More... | |
enum | SOPC_UserAuthentication_Status { SOPC_USER_AUTHENTICATION_INVALID_TOKEN, SOPC_USER_AUTHENTICATION_REJECTED_TOKEN, SOPC_USER_AUTHENTICATION_ACCESS_DENIED, SOPC_USER_AUTHENTICATION_SIGNATURE_INVALID, SOPC_USER_AUTHENTICATION_OK } |
The user authentication status code, see SOPC_UserAuthentication_IsValidUserIdentity . More... | |
Defines the user manager, the applicative interface used to authenticate users, and authorize read/write operations in the address space.
These structures are only used on the server side.
The developer shall follow these steps to use the user authentication and authorization:
typedef struct SOPC_UserAuthentication_Manager SOPC_UserAuthentication_Manager |
typedef struct SOPC_UserAuthorization_Manager SOPC_UserAuthorization_Manager |
typedef struct SOPC_UserWithAuthorization SOPC_UserWithAuthorization |
The server-side user with an authorization manager. The authorization manager is borrowed when the structure is created.
typedef void SOPC_UserAuthentication_Free_Func(SOPC_UserAuthentication_Manager *authenticationManager) |
typedef SOPC_ReturnStatus SOPC_UserAuthentication_ValidateUserIdentity_Func(SOPC_UserAuthentication_Manager *authenticationManager, const SOPC_ExtensionObject *pUser, SOPC_UserAuthentication_Status *pUserAuthenticated) |
typedef void SOPC_UserAuthorization_Free_Func(SOPC_UserAuthorization_Manager *authorizationManager) |
typedef SOPC_ReturnStatus SOPC_UserAuthorization_AuthorizeOperation_Func(SOPC_UserAuthorization_Manager *authorizationManager, SOPC_UserAuthorization_OperationType operationType, const SOPC_NodeId *nodeId, uint32_t attributeId, const SOPC_User *pUser, bool *pbOperationAuthorized) |
typedef struct SOPC_UserAuthorization_Functions SOPC_UserAuthorization_Functions |
The operation type to authorize, see SOPC_UserAuthorization_IsAuthorizedOperation
.
The user authentication status code, see SOPC_UserAuthentication_IsValidUserIdentity
.
SOPC_ReturnStatus SOPC_UserAuthentication_IsValidUserIdentity | ( | SOPC_UserAuthentication_Manager * | authenticationManager, |
const SOPC_ExtensionObject * | pUser, | ||
SOPC_UserAuthentication_Status * | pUserAuthenticated | ||
) |
Authenticate a user with the chosen authentication manager.
authenticationManager | The SOPC_UserAuthentication_Manager instance. |
pUser | The user identity token which was received in the ActivateSession request. |
pUserAuthenticated | A valid pointer to the uninitialized result of the operation. The callback sets it to one of the following values:
|
pbUserAuthenticated
was set. SOPC_ReturnStatus SOPC_UserAuthorization_IsAuthorizedOperation | ( | SOPC_UserWithAuthorization * | userWithAuthorization, |
SOPC_UserAuthorization_OperationType | operationType, | ||
const SOPC_NodeId * | nodeId, | ||
uint32_t | attributeId, | ||
bool * | pbOperationAuthorized | ||
) |
Authorize an operation with the chosen authorization manager.
userWithAuthorization | The user and authorization manager to use. |
operationType | Set to SOPC_USER_AUTHORIZATION_OPERATION_READ for a read operation, or SOPC_USER_AUTHORIZATION_OPERATION_WRITE for a write operation. |
nodeId | The operation reads/write this NodeId. |
attributeId | The operation reads/write this attribute. |
pbOperationAuthorized | A valid pointer to the uninitialized result of the operation. The callback shall set it to false when the operation is refused. |
pbUserAuthorized
was set. void SOPC_UserAuthentication_FreeManager | ( | SOPC_UserAuthentication_Manager ** | ppAuthenticationManager | ) |
Deletes a SOPC_UserAuthentication_Manager using its pFuncFree.
void SOPC_UserAuthorization_FreeManager | ( | SOPC_UserAuthorization_Manager ** | ppAuthorizationManager | ) |
Deletes a SOPC_UserAuthorization_Manager using its pFuncFree.
SOPC_UserAuthentication_Manager* SOPC_UserAuthentication_CreateManager_AllowAll | ( | void | ) |
A helper implementation that always authentication positively a user.
SOPC_UserAuthorization_Manager* SOPC_UserAuthorization_CreateManager_AllowAll | ( | void | ) |
A helper implementation that always authorize an operation.
SOPC_UserWithAuthorization* SOPC_UserWithAuthorization_CreateFromIdentityToken | ( | const SOPC_ExtensionObject * | pUserIdentity, |
SOPC_UserAuthorization_Manager * | authorizationManager | ||
) |
Creates a SOPC_UserWithAuthorization
from an OpcUa_IdentityToken and an authorization manager.
SOPC_UserWithAuthorization
, whereas the manager is not.pUserIdentity | The user identity supported by an extension object, either a OpcUa_AnonymousIdentityToken or a OpcUa_UserNameIdentityToken . |
authorizationManager | A borrowed reference to an authorization manager, may be NULL. |
SOPC_UserWithAuthorization* SOPC_UserWithAuthorization_CreateLocal | ( | SOPC_UserAuthorization_Manager * | authorizationManager | ) |
Creates a SOPC_UserWithAuthorization
for a local user.
authorizationManager | A borrowed reference to an authorization manager, may be NULL. |
SOPC_UserAuthorization_Manager* SOPC_UserWithAuthorization_GetManager | ( | SOPC_UserWithAuthorization * | userWithAuthorization | ) |
Return the user part of the user with authorization manager.
const SOPC_User* SOPC_UserWithAuthorization_GetUser | ( | SOPC_UserWithAuthorization * | userWithAuthorization | ) |
Return the authorization manager associated with the user.
void SOPC_UserWithAuthorization_Free | ( | SOPC_UserWithAuthorization ** | ppUserWithAuthorization | ) |
Free a SOPC_UserWithAuthorization
and its embedded user when needed.