Make authentication mode and credentials configurable via CLI

Replace hardcoded user/password credentials with a new <auth-mode>
parameter that accepts "anonymous" or "user".  When "user" is chosen,
two additional <username> <password> arguments are required.

ServerRegister accepts two independent auth modes: one for its own
server-side access control and one for authenticating to the LDS when
registering.  ClientFindServers passes credentials to readServerTime,
which selects UA_Client_connectUsername or UA_Client_connect accordingly.

Update CLAUDE.md running examples and add an auth modes table.

1 files changed, 44 insertions, 8 deletions

diff --git a/src/client_find_servers.c b/src/client_find_servers.c
index 4789b38..21d48ca 100644
--- a/src/client_find_servers.c
+++ b/src/client_find_servers.c
@@ -129,11 +129,14 @@ getServersEndpoints (UA_Client *client,
  * @param applicationDescriptionArray Array of server descriptions from
  * FindServers.
  * @param applicationDescriptionArraySize Number of servers in the array.
+ * @param username Username for session auth, or NULL for anonymous.
+ * @param password Password for session auth (ignored when username is NULL).
  */
 static void
 readServerTime (UA_Client *client,
                 UA_ApplicationDescription *applicationDescriptionArray,
-                size_t applicationDescriptionArraySize)
+                size_t applicationDescriptionArraySize, const char *username,
+                const char *password)
 {
   for (size_t i = 0; i < applicationDescriptionArraySize; i++)
     {
@@ -160,8 +163,11 @@ readServerTime (UA_Client *client,
       UA_LOG_INFO (UA_Log_Stdout, UA_LOGCATEGORY_CLIENT,
                    "Connecting to %s to read current time...", url);
 
-      UA_StatusCode retval
-          = UA_Client_connectUsername (client, url, "user", "password");
+      UA_StatusCode retval;
+      if (username)
+        retval = UA_Client_connectUsername (client, url, username, password);
+      else
+        retval = UA_Client_connect (client, url);
       UA_free (url);
       if (retval != UA_STATUSCODE_GOOD)
         {
@@ -204,19 +210,21 @@ readServerTime (UA_Client *client,
 int
 main (int argc, char **argv)
 {
-  if (argc < 7)
+  if (argc < 8)
     {
       UA_LOG_FATAL (UA_Log_Stdout, UA_LOGCATEGORY_USERLAND,
                     "Usage: %s <discovery-server-endpoint>\n"
                     "  <applicationUri>\n"
                     "  <certificate.der> <private-key.der>\n"
                     "  <security-mode> <security-policy>\n"
+                    "  <auth-mode> [<username> <password>]\n"
                     "  [<trustlist1.der>, ...]\n"
                     "\n"
                     "Security modes : None, Sign, SignAndEncrypt\n"
                     "Security policies: None, Basic256Sha256, "
                     "Aes256_Sha256_RsaPss,\n"
-                    "                   Aes128_Sha256_RsaOaep, ECC_nistP256",
+                    "                   Aes128_Sha256_RsaOaep, ECC_nistP256\n"
+                    "Auth modes     : anonymous, user",
                     argv[0]);
       return EXIT_FAILURE;
     }
@@ -242,8 +250,36 @@ main (int argc, char **argv)
       return EXIT_FAILURE;
     }
 
-  char **trustPaths = argv + 7;
-  size_t trustSize = (argc > 7) ? (size_t)argc - 7 : 0;
+  int idx = 7;
+  const char *authMode = argv[idx++];
+  const char *username = NULL, *password = NULL;
+
+  if (strcmp (authMode, "anonymous") == 0)
+    {
+      /* No extra args needed */
+    }
+  else if (strcmp (authMode, "user") == 0)
+    {
+      if (idx + 2 > argc)
+        {
+          UA_LOG_FATAL (UA_Log_Stdout, UA_LOGCATEGORY_USERLAND,
+                        "Auth mode 'user' requires <username> <password>");
+          return EXIT_FAILURE;
+        }
+      username = argv[idx++];
+      password = argv[idx++];
+    }
+  else
+    {
+      UA_LOG_FATAL (UA_Log_Stdout, UA_LOGCATEGORY_USERLAND,
+                    "Unknown auth mode: %s "
+                    "(expected 'anonymous' or 'user')",
+                    authMode);
+      return EXIT_FAILURE;
+    }
+
+  char **trustPaths = argv + idx;
+  size_t trustSize = (idx < argc) ? (size_t)(argc - idx) : 0;
 
   UA_Client *client = UA_Client_new ();
   UA_StatusCode retval = createSecureClientConfig (
@@ -271,7 +307,7 @@ main (int argc, char **argv)
                        applicationDescriptionArraySize);
 
   readServerTime (client, applicationDescriptionArray,
-                  applicationDescriptionArraySize);
+                  applicationDescriptionArraySize, username, password);
 
   UA_Client_delete (client);
   UA_Array_delete (applicationDescriptionArray,