1 files changed, 51 insertions, 13 deletions

diff --git a/src/server_lds.c b/src/server_lds.c
index 12dfe59..fc51596 100644
--- a/src/server_lds.c
+++ b/src/server_lds.c
@@ -33,14 +33,17 @@ main (int argc, char *argv[])
   signal (SIGINT, stopHandler);
   signal (SIGTERM, stopHandler);
 
-  if (argc < 6)
+  if (argc < 7)
     {
       UA_LOG_FATAL (UA_Log_Stdout, UA_LOGCATEGORY_USERLAND,
                     "Usage: %s\n"
                     "  <port> <applicationUri>\n"
                     "  <server-certificate.der> <private-key.der>\n"
                     "  <cleanup-timeout-seconds>\n"
-                    "  [<trustlist1.der>, ...]",
+                    "  <auth-mode> [<username> <password>]\n"
+                    "  [<trustlist1.der>, ...]\n"
+                    "\n"
+                    "Auth modes: anonymous, user",
                     argv[0]);
       return EXIT_FAILURE;
     }
@@ -57,27 +60,62 @@ main (int argc, char *argv[])
                     cleanupTimeout);
       return EXIT_FAILURE;
     }
-  size_t trustSize = (argc > 6) ? (size_t)argc - 6 : 0;
+
+  int idx = 6;
+  const char *authMode = argv[idx++];
+  UA_Boolean allowAnonymous;
+  char *username = NULL, *password = NULL;
+
+  if (strcmp (authMode, "anonymous") == 0)
+    {
+      allowAnonymous = true;
+    }
+  else if (strcmp (authMode, "user") == 0)
+    {
+      if (idx + 2 > argc)
+        {
+          UA_LOG_FATAL (UA_Log_Stdout, UA_LOGCATEGORY_USERLAND,
+                        "Auth mode 'user' requires <username> <password>");
+          return EXIT_FAILURE;
+        }
+      allowAnonymous = false;
+      username = argv[idx++];
+      password = argv[idx++];
+    }
+  else
+    {
+      UA_LOG_FATAL (UA_Log_Stdout, UA_LOGCATEGORY_USERLAND,
+                    "Unknown auth mode: %s "
+                    "(expected 'anonymous' or 'user')",
+                    authMode);
+      return EXIT_FAILURE;
+    }
+
+  size_t trustSize = (idx < argc) ? (size_t)(argc - idx) : 0;
 
   UA_StatusCode retval;
   UA_Server *server = createSecureServer (port, argv[2], argv[3], argv[4],
-                                          argv + 6, trustSize, &retval);
+                                          argv + idx, trustSize, &retval);
   if (!server)
     return EXIT_FAILURE;
 
   UA_ServerConfig *serverConfig = UA_Server_getConfig (server);
 
-  /* Disallow anonymous sessions.
+  /* Configure access control after server creation because
      UA_ServerConfig_setDefaultWithSecurityPolicies (called by
-     createSecureServer) resets access control, so this must come after server
-     creation.  The static credential list is deep-copied. */
-  UA_UsernamePasswordLogin logins[]
-      = { { UA_STRING_STATIC ("user"), UA_STRING_STATIC ("password") } };
-  retval = UA_AccessControl_default (serverConfig, false, NULL, 1, logins);
-  if (retval != UA_STATUSCODE_GOOD)
+     createSecureServer) resets the access control plugin.  The credential
+     list is deep-copied by UA_AccessControl_default. */
+  if (!allowAnonymous)
     {
-      UA_Server_delete (server);
-      return EXIT_FAILURE;
+      UA_UsernamePasswordLogin logins[1];
+      logins[0].username = UA_STRING (username);
+      logins[0].password = UA_STRING (password);
+      retval = UA_AccessControl_default (serverConfig, false, NULL, 1, logins);
+      if (retval != UA_STATUSCODE_GOOD)
+        {
+          UA_Server_delete (server);
+          return EXIT_FAILURE;
+        }
     }
 
   /* Mark this server as a Discovery Server so clients can identify it. */