diff options
Diffstat (limited to 'src/common.c')
| -rw-r--r-- | src/common.c | 85 |
1 files changed, 64 insertions, 21 deletions
diff --git a/src/common.c b/src/common.c index 568e4d0..8d7d651 100644 --- a/src/common.c +++ b/src/common.c @@ -27,7 +27,7 @@ loadFile (const char *const path) FILE *fp = fopen (path, "rb"); if (!fp) { - /* fopen sets errno on failure. Callers like createSecureServer use + /* fopen sets errno on failure. Callers like createServer use loadFile for optional trustlist entries where a missing file is not an error. Clear errno so open62541's logging does not pick up a stale value and emit misleading error messages. */ @@ -153,7 +153,7 @@ freeTrustStore (char **paths, size_t size) } /* ======================================================================== - * Security Helpers + * Parsing Helpers * ======================================================================== */ int @@ -176,6 +176,42 @@ parseLogLevel (const char *name) return -1; } +int +parseAuthConfig (const Config *cfg, const char *program, + UA_Boolean *allowAnonymous, const char **username, + const char **password) +{ + const char *authMode = configRequire (cfg, "authMode", program); + if (!authMode) + return -1; + + *username = NULL; + *password = NULL; + + if (strcmp (authMode, "anonymous") == 0) + { + if (allowAnonymous) + *allowAnonymous = true; + return 0; + } + + if (strcmp (authMode, "user") == 0) + { + if (allowAnonymous) + *allowAnonymous = false; + *username = configRequire (cfg, "username", program); + *password = configRequire (cfg, "password", program); + if (!*username || !*password) + return -1; + return 0; + } + + UA_LOG_FATAL (UA_Log_Stdout, UA_LOGCATEGORY_USERLAND, + "%s: unknown auth mode '%s' (expected 'anonymous' or 'user')", + program, authMode); + return -1; +} + UA_MessageSecurityMode parseSecurityMode (const char *name) { @@ -308,29 +344,36 @@ printEndpoint (const UA_EndpointDescription *endpoint, size_t index) * ======================================================================== */ UA_Server * -createSecureServer (UA_UInt16 port, const char *applicationUri, - const char *certPath, const char *keyPath, - char **trustPaths, size_t trustSize, UA_StatusCode *retval) +createServer (UA_UInt16 port, const char *applicationUri, const char *certPath, + const char *keyPath, char **trustPaths, size_t trustSize, + UA_StatusCode *retval) { - UA_ByteString certificate = loadFile (certPath); - UA_ByteString privateKey = loadFile (keyPath); - - /* +1: UA_STACKARRAY requires a strictly positive size for VLA. */ - UA_STACKARRAY (UA_ByteString, trustList, trustSize + 1); - for (size_t i = 0; i < trustSize; i++) - trustList[i] = loadFile (trustPaths[i]); - UA_Server *server = UA_Server_new (); UA_ServerConfig *config = UA_Server_getConfig (server); - *retval = UA_ServerConfig_setDefaultWithSecurityPolicies ( - config, port, &certificate, &privateKey, trustList, trustSize, NULL, 0, - NULL, 0); - - UA_ByteString_clear (&certificate); - UA_ByteString_clear (&privateKey); - for (size_t i = 0; i < trustSize; i++) - UA_ByteString_clear (&trustList[i]); + if (certPath) + { + UA_ByteString certificate = loadFile (certPath); + UA_ByteString privateKey = loadFile (keyPath); + + /* +1: UA_STACKARRAY requires a strictly positive size for VLA. */ + UA_STACKARRAY (UA_ByteString, trustList, trustSize + 1); + for (size_t i = 0; i < trustSize; i++) + trustList[i] = loadFile (trustPaths[i]); + + *retval = UA_ServerConfig_setDefaultWithSecurityPolicies ( + config, port, &certificate, &privateKey, trustList, trustSize, NULL, + 0, NULL, 0); + + UA_ByteString_clear (&certificate); + UA_ByteString_clear (&privateKey); + for (size_t i = 0; i < trustSize; i++) + UA_ByteString_clear (&trustList[i]); + } + else + { + *retval = UA_ServerConfig_setMinimal (config, port, NULL); + } if (*retval != UA_STATUSCODE_GOOD) { |