diff options
Diffstat (limited to 'src/server_lds.c')
| -rw-r--r-- | src/server_lds.c | 65 |
1 files changed, 25 insertions, 40 deletions
diff --git a/src/server_lds.c b/src/server_lds.c index 3307073..311be4b 100644 --- a/src/server_lds.c +++ b/src/server_lds.c @@ -67,24 +67,6 @@ main (int argc, char *argv[]) return EXIT_FAILURE; } - /* Security configuration (optional). When certificate, privateKey, and - trustStore are all omitted the server runs with SecurityPolicy#None - only. When any of the three is present, all three are required. */ - const char *certPath = configGet (&cfg, "certificate"); - const char *keyPath = configGet (&cfg, "privateKey"); - const char *trustStore = configGet (&cfg, "trustStore"); - UA_Boolean secure - = (certPath != NULL || keyPath != NULL || trustStore != NULL); - - if (secure && (!certPath || !keyPath || !trustStore)) - { - UA_LOG_FATAL (UA_Log_Stdout, UA_LOGCATEGORY_USERLAND, - "Incomplete security config: certificate, privateKey, and " - "trustStore must all be set, or all omitted"); - configFree (&cfg); - return EXIT_FAILURE; - } - /* The OPC UA specification requires the cleanup timeout to exceed the register-server interval. open62541 enforces a floor of 10 seconds. */ if (cleanupTimeout <= 10) @@ -96,31 +78,27 @@ main (int argc, char *argv[]) return EXIT_FAILURE; } - UA_Boolean allowAnonymous; - const char *username = NULL, *password = NULL; - if (parseAuthConfig (&cfg, "ServerLDS", &allowAnonymous, &username, - &password, NULL) - != 0) + SecurityConfig sec; + if (parseSecurityConfig (&cfg, "ServerLDS", false, &sec) != 0) { configFree (&cfg); return EXIT_FAILURE; } - char **trustPaths = NULL; - size_t trustSize = 0; - if (secure && loadTrustStore (trustStore, &trustPaths, &trustSize) != 0) + AuthConfig auth; + if (parseAuthConfig (&cfg, "ServerLDS", &auth) != 0) { + freeTrustStore (sec.trustPaths, sec.trustSize); configFree (&cfg); return EXIT_FAILURE; } UA_StatusCode retval; - UA_Server *server - = createServer ((UA_UInt16)port, applicationUri, certPath, keyPath, - trustPaths, trustSize, true, &retval); + UA_Server *server = createServer ((UA_UInt16)port, applicationUri, + sec.certPath ? &sec : NULL, true, &retval); if (!server) { - freeTrustStore (trustPaths, trustSize); + freeTrustStore (sec.trustPaths, sec.trustSize); configFree (&cfg); return EXIT_FAILURE; } @@ -136,21 +114,28 @@ main (int argc, char *argv[]) /* Configure access control. UA_ServerConfig_setDefaultWithSecure- SecurityPolicies sets certificate-only auth by default, so we must always call UA_AccessControl_default to get the desired policy. */ - if (allowAnonymous) + switch (auth.mode) { + case AUTH_ANONYMOUS: retval = UA_AccessControl_default (serverConfig, true, NULL, 0, NULL); - } - else - { - UA_UsernamePasswordLogin logins[1]; - logins[0].username = UA_STRING ((char *)username); - logins[0].password = UA_STRING ((char *)password); - retval = UA_AccessControl_default (serverConfig, false, NULL, 1, logins); + break; + case AUTH_USER: + { + UA_UsernamePasswordLogin logins[1]; + logins[0].username = UA_STRING ((char *)auth.user.username); + logins[0].password = UA_STRING ((char *)auth.user.password); + retval + = UA_AccessControl_default (serverConfig, false, NULL, 1, logins); + break; + } + case AUTH_CERT: + retval = UA_AccessControl_default (serverConfig, false, NULL, 0, NULL); + break; } if (retval != UA_STATUSCODE_GOOD) { UA_Server_delete (server); - freeTrustStore (trustPaths, trustSize); + freeTrustStore (sec.trustPaths, sec.trustSize); configFree (&cfg); return EXIT_FAILURE; } @@ -166,7 +151,7 @@ main (int argc, char *argv[]) retval = UA_Server_run (server, &running); UA_Server_delete (server); - freeTrustStore (trustPaths, trustSize); + freeTrustStore (sec.trustPaths, sec.trustSize); configFree (&cfg); return retval == UA_STATUSCODE_GOOD ? EXIT_SUCCESS : EXIT_FAILURE; } |