diff options
Diffstat (limited to 'src/server_register.c')
| -rw-r--r-- | src/server_register.c | 111 |
1 files changed, 73 insertions, 38 deletions
diff --git a/src/server_register.c b/src/server_register.c index ec5045f..817169f 100644 --- a/src/server_register.c +++ b/src/server_register.c @@ -62,9 +62,23 @@ static UA_StatusCode makeLdsClientConfig (UA_ClientConfig *cc, const LdsClientParams *p) { memset (cc, 0, sizeof (UA_ClientConfig)); - UA_StatusCode rv = createSecureClientConfig ( - cc, p->appUri, p->certPath, p->keyPath, p->trustPaths, p->trustSize, - p->securityMode, p->securityPolicyUri); + UA_StatusCode rv; + if (p->certPath) + { + rv = createSecureClientConfig (cc, p->appUri, p->certPath, p->keyPath, + p->trustPaths, p->trustSize, + p->securityMode, p->securityPolicyUri); + } + else + { + rv = UA_ClientConfig_setDefault (cc); + if (rv == UA_STATUSCODE_GOOD) + { + UA_String_clear (&cc->clientDescription.applicationUri); + cc->clientDescription.applicationUri + = UA_String_fromChars (p->appUri); + } + } if (rv != UA_STATUSCODE_GOOD) return rv; cc->logging->context = (void *)(uintptr_t)p->logLevel; @@ -165,33 +179,60 @@ main (int argc, char **argv) const char *clientAppUri = configRequire (&clientCfg, "applicationUri", "ServerRegister"); - const char *clientCertPath - = configRequire (&clientCfg, "certificate", "ServerRegister"); - const char *clientKeyPath - = configRequire (&clientCfg, "privateKey", "ServerRegister"); - const char *securityModeStr - = configRequire (&clientCfg, "securityMode", "ServerRegister"); - const char *securityPolicyStr - = configRequire (&clientCfg, "securityPolicy", "ServerRegister"); - - if (!clientAppUri || !clientCertPath || !clientKeyPath || !securityModeStr - || !securityPolicyStr) + if (!clientAppUri) goto cleanup; - UA_MessageSecurityMode securityMode = parseSecurityMode (securityModeStr); - if (securityMode == UA_MESSAGESECURITYMODE_INVALID) + /* Security configuration (optional). When certificate, privateKey, and + trustStore are all omitted the client connects without encryption. + When any of the three is present, all three are required. */ + const char *clientCertPath = configGet (&clientCfg, "certificate"); + const char *clientKeyPath = configGet (&clientCfg, "privateKey"); + const char *clientTrustStore = configGet (&clientCfg, "trustStore"); + UA_Boolean clientSecure = (clientCertPath != NULL || clientKeyPath != NULL + || clientTrustStore != NULL); + + if (clientSecure && (!clientCertPath || !clientKeyPath || !clientTrustStore)) { UA_LOG_FATAL (UA_Log_Stdout, UA_LOGCATEGORY_USERLAND, - "Unknown security mode: %s", securityModeStr); + "Incomplete client security config: certificate, " + "privateKey, and trustStore must all be set, or all " + "omitted"); goto cleanup; } - const char *securityPolicyUri = resolveSecurityPolicyUri (securityPolicyStr); - if (!securityPolicyUri) + UA_MessageSecurityMode securityMode = UA_MESSAGESECURITYMODE_NONE; + const char *securityPolicyUri + = "http://opcfoundation.org/UA/SecurityPolicy#None"; + + if (clientSecure) { - UA_LOG_FATAL (UA_Log_Stdout, UA_LOGCATEGORY_USERLAND, - "Unknown security policy: %s", securityPolicyStr); - goto cleanup; + const char *securityModeStr + = configRequire (&clientCfg, "securityMode", "ServerRegister"); + const char *securityPolicyStr + = configRequire (&clientCfg, "securityPolicy", "ServerRegister"); + if (!securityModeStr || !securityPolicyStr) + goto cleanup; + + securityMode = parseSecurityMode (securityModeStr); + if (securityMode == UA_MESSAGESECURITYMODE_INVALID) + { + UA_LOG_FATAL (UA_Log_Stdout, UA_LOGCATEGORY_USERLAND, + "Unknown security mode: %s", securityModeStr); + goto cleanup; + } + + securityPolicyUri = resolveSecurityPolicyUri (securityPolicyStr); + if (!securityPolicyUri) + { + UA_LOG_FATAL (UA_Log_Stdout, UA_LOGCATEGORY_USERLAND, + "Unknown security policy: %s", securityPolicyStr); + goto cleanup; + } + + if (loadTrustStore (clientTrustStore, &clientTrustPaths, + &clientTrustSize) + != 0) + goto cleanup; } const char *clientUsername = NULL, *clientPassword = NULL; @@ -200,15 +241,6 @@ main (int argc, char **argv) != 0) goto cleanup; - const char *clientTrustStore - = configRequire (&clientCfg, "trustStore", "ServerRegister"); - if (!clientTrustStore) - goto cleanup; - - if (loadTrustStore (clientTrustStore, &clientTrustPaths, &clientTrustSize) - != 0) - goto cleanup; - /* ── Create and configure server ────────────────────────────── */ UA_StatusCode retval; @@ -221,19 +253,22 @@ main (int argc, char **argv) UA_ServerConfig *serverConfig = UA_Server_getConfig (server); serverConfig->logging->context = (void *)(uintptr_t)logLevel; - /* Configure access control after server creation because both - UA_ServerConfig_setDefaultWithSecurityPolicies and - UA_ServerConfig_setMinimal reset the access control plugin. The - credential list is deep-copied by UA_AccessControl_default. */ - if (!serverAllowAnonymous) + /* Configure access control. UA_ServerConfig_setDefaultWithSecure- + SecurityPolicies sets certificate-only auth by default, so we must + always call UA_AccessControl_default to get the desired policy. */ + if (serverAllowAnonymous) + { + retval = UA_AccessControl_default (serverConfig, true, NULL, 0, NULL); + } + else { UA_UsernamePasswordLogin logins[1]; logins[0].username = UA_STRING ((char *)serverUsername); logins[0].password = UA_STRING ((char *)serverPassword); retval = UA_AccessControl_default (serverConfig, false, NULL, 1, logins); - if (retval != UA_STATUSCODE_GOOD) - goto cleanup; } + if (retval != UA_STATUSCODE_GOOD) + goto cleanup; serverConfig->applicationDescription.applicationType = UA_APPLICATIONTYPE_SERVER; |