diff options
| author | Thomas Vanbesien <tvanbesi@proton.me> | 2026-02-19 00:38:47 +0100 |
|---|---|---|
| committer | Thomas Vanbesien <tvanbesi@proton.me> | 2026-02-19 00:38:47 +0100 |
| commit | 9fe1d1f41069eda254e11746512d6be032db81d5 (patch) | |
| tree | 2e22ba30d3c50bb11e49bb38615215434b250a49 /src | |
| parent | 3ba285caf93d0c44815dd507a2b5de2ac40222c3 (diff) | |
| download | BobinkCOpcUa-9fe1d1f41069eda254e11746512d6be032db81d5.tar.gz BobinkCOpcUa-9fe1d1f41069eda254e11746512d6be032db81d5.zip | |
Drop auth parameter from create_unsecure_client_config
Credentials over plaintext SecurityPolicy#None are insecure, so the
unsecure client path now always uses anonymous authentication.
Diffstat (limited to 'src')
| -rw-r--r-- | src/bobink_opcua_client.c | 4 | ||||
| -rw-r--r-- | src/common.c | 16 | ||||
| -rw-r--r-- | src/common.h | 9 | ||||
| -rw-r--r-- | src/server_register.c | 2 |
4 files changed, 8 insertions, 23 deletions
diff --git a/src/bobink_opcua_client.c b/src/bobink_opcua_client.c index 35a3e6f..79edef6 100644 --- a/src/bobink_opcua_client.c +++ b/src/bobink_opcua_client.c @@ -342,13 +342,13 @@ main (int argc, char **argv) UA_StatusCode retval; if (op == OP_DOWNLOAD_CERT) retval = create_unsecure_client_config (UA_Client_getConfig (client), - application_uri, NULL); + application_uri); else if (sec.cert_path) retval = create_secure_client_config (UA_Client_getConfig (client), application_uri, &sec, &auth); else retval = create_unsecure_client_config (UA_Client_getConfig (client), - application_uri, &auth); + application_uri); if (retval != UA_STATUSCODE_GOOD) { diff --git a/src/common.c b/src/common.c index 8f141d7..7964d62 100644 --- a/src/common.c +++ b/src/common.c @@ -379,7 +379,7 @@ print_application_description (const UA_ApplicationDescription *description, } void -print_endpoint (const UA_EndpointDescription *endpoint, size_t index) +print_endpoint_description (const UA_EndpointDescription *endpoint, size_t index) { const char *mode = "Unknown"; switch (endpoint->securityMode) @@ -484,16 +484,8 @@ create_server (UA_UInt16 port, const char *application_uri, UA_StatusCode create_unsecure_client_config (UA_ClientConfig *cc, - const char *application_uri, - const auth_config *auth) + const char *application_uri) { - if (auth && auth->mode == AUTH_CERT) - { - UA_LOG_ERROR (UA_Log_Stdout, UA_LOGCATEGORY_APPLICATION, - "Certificate authentication requires encryption"); - return UA_STATUSCODE_BADINVALIDARGUMENT; - } - UA_StatusCode retval = UA_ClientConfig_setDefault (cc); if (retval != UA_STATUSCODE_GOOD) return retval; @@ -505,10 +497,6 @@ create_unsecure_client_config (UA_ClientConfig *cc, UA_String_clear (&cc->securityPolicyUri); UA_String_copy (&UA_SECURITY_POLICY_NONE_URI, &cc->securityPolicyUri); - if (auth && auth->mode == AUTH_USER) - UA_ClientConfig_setAuthenticationUsername (cc, auth->user.username, - auth->user.password); - return UA_STATUSCODE_GOOD; } diff --git a/src/common.h b/src/common.h index 0196e06..66bf905 100644 --- a/src/common.h +++ b/src/common.h @@ -215,18 +215,15 @@ UA_Server *create_server (UA_UInt16 port, const char *application_uri, * * Sets up a default client config with SecurityPolicy#None and the given * application URI. Explicitly sets securityMode and securityPolicyUri so - * that internal endpoint negotiation matches None endpoints. When @p auth - * is non-NULL and mode is AUTH_USER, configures username/password - * authentication. AUTH_CERT returns an error (requires encryption). + * that internal endpoint negotiation matches None endpoints. Always uses + * anonymous authentication (credentials over plaintext are insecure). * * @param cc Pointer to a zero-initialized UA_ClientConfig. * @param application_uri OPC UA application URI. - * @param auth Authentication config, or NULL for anonymous. * @return UA_STATUSCODE_GOOD on success, error code otherwise. */ UA_StatusCode create_unsecure_client_config (UA_ClientConfig *cc, - const char *application_uri, - const auth_config *auth); + const char *application_uri); /** * @brief Initializes a UA_ClientConfig with encryption. diff --git a/src/server_register.c b/src/server_register.c index b675e2f..b1d87fd 100644 --- a/src/server_register.c +++ b/src/server_register.c @@ -59,7 +59,7 @@ _s_make_lds_client_config (UA_ClientConfig *cc, const lds_client_params *p) if (p->sec.cert_path) rv = create_secure_client_config (cc, p->app_uri, &p->sec, &p->auth); else - rv = create_unsecure_client_config (cc, p->app_uri, &p->auth); + rv = create_unsecure_client_config (cc, p->app_uri); if (rv != UA_STATUSCODE_GOOD) return rv; cc->logging->context = (void *)(uintptr_t)p->log_level; |