From 3425cddd75fa105b940c8c0afe4a63065c446515 Mon Sep 17 00:00:00 2001 From: Thomas Vanbesien Date: Tue, 17 Feb 2026 03:31:40 +0100 Subject: Make authentication mode and credentials configurable via CLI Replace hardcoded user/password credentials with a new parameter that accepts "anonymous" or "user". When "user" is chosen, two additional arguments are required. ServerRegister accepts two independent auth modes: one for its own server-side access control and one for authenticating to the LDS when registering. ClientFindServers passes credentials to readServerTime, which selects UA_Client_connectUsername or UA_Client_connect accordingly. Update CLAUDE.md running examples and add an auth modes table. --- src/client_find_servers.c | 52 +++++++++++++++++++++++++++++++++++++++-------- 1 file changed, 44 insertions(+), 8 deletions(-) (limited to 'src/client_find_servers.c') diff --git a/src/client_find_servers.c b/src/client_find_servers.c index 4789b38..21d48ca 100644 --- a/src/client_find_servers.c +++ b/src/client_find_servers.c @@ -129,11 +129,14 @@ getServersEndpoints (UA_Client *client, * @param applicationDescriptionArray Array of server descriptions from * FindServers. * @param applicationDescriptionArraySize Number of servers in the array. + * @param username Username for session auth, or NULL for anonymous. + * @param password Password for session auth (ignored when username is NULL). */ static void readServerTime (UA_Client *client, UA_ApplicationDescription *applicationDescriptionArray, - size_t applicationDescriptionArraySize) + size_t applicationDescriptionArraySize, const char *username, + const char *password) { for (size_t i = 0; i < applicationDescriptionArraySize; i++) { @@ -160,8 +163,11 @@ readServerTime (UA_Client *client, UA_LOG_INFO (UA_Log_Stdout, UA_LOGCATEGORY_CLIENT, "Connecting to %s to read current time...", url); - UA_StatusCode retval - = UA_Client_connectUsername (client, url, "user", "password"); + UA_StatusCode retval; + if (username) + retval = UA_Client_connectUsername (client, url, username, password); + else + retval = UA_Client_connect (client, url); UA_free (url); if (retval != UA_STATUSCODE_GOOD) { @@ -204,19 +210,21 @@ readServerTime (UA_Client *client, int main (int argc, char **argv) { - if (argc < 7) + if (argc < 8) { UA_LOG_FATAL (UA_Log_Stdout, UA_LOGCATEGORY_USERLAND, "Usage: %s \n" " \n" " \n" " \n" + " [ ]\n" " [, ...]\n" "\n" "Security modes : None, Sign, SignAndEncrypt\n" "Security policies: None, Basic256Sha256, " "Aes256_Sha256_RsaPss,\n" - " Aes128_Sha256_RsaOaep, ECC_nistP256", + " Aes128_Sha256_RsaOaep, ECC_nistP256\n" + "Auth modes : anonymous, user", argv[0]); return EXIT_FAILURE; } @@ -242,8 +250,36 @@ main (int argc, char **argv) return EXIT_FAILURE; } - char **trustPaths = argv + 7; - size_t trustSize = (argc > 7) ? (size_t)argc - 7 : 0; + int idx = 7; + const char *authMode = argv[idx++]; + const char *username = NULL, *password = NULL; + + if (strcmp (authMode, "anonymous") == 0) + { + /* No extra args needed */ + } + else if (strcmp (authMode, "user") == 0) + { + if (idx + 2 > argc) + { + UA_LOG_FATAL (UA_Log_Stdout, UA_LOGCATEGORY_USERLAND, + "Auth mode 'user' requires "); + return EXIT_FAILURE; + } + username = argv[idx++]; + password = argv[idx++]; + } + else + { + UA_LOG_FATAL (UA_Log_Stdout, UA_LOGCATEGORY_USERLAND, + "Unknown auth mode: %s " + "(expected 'anonymous' or 'user')", + authMode); + return EXIT_FAILURE; + } + + char **trustPaths = argv + idx; + size_t trustSize = (idx < argc) ? (size_t)(argc - idx) : 0; UA_Client *client = UA_Client_new (); UA_StatusCode retval = createSecureClientConfig ( @@ -271,7 +307,7 @@ main (int argc, char **argv) applicationDescriptionArraySize); readServerTime (client, applicationDescriptionArray, - applicationDescriptionArraySize); + applicationDescriptionArraySize, username, password); UA_Client_delete (client); UA_Array_delete (applicationDescriptionArray, -- cgit v1.2.3