From 1bbf7e6c2ff571b2e26b643a7e86e35790b91875 Mon Sep 17 00:00:00 2001
From: Thomas Vanbesien <tvanbesi@proton.me>
Date: Tue, 17 Feb 2026 03:23:19 +0100
Subject: Add username/password authentication to servers and client

Disallow anonymous sessions on both the LDS and registering server by
configuring UA_AccessControl_default with a hardcoded user/password
credential pair.  Set UA_ClientConfig_setAuthenticationUsername on the
client configs used for register, re-register, and deregister calls.
Use UA_Client_connectUsername in the FindServers client when reading
server time.
---
 src/server_lds.c | 14 ++++++++++++++
 1 file changed, 14 insertions(+)

(limited to 'src/server_lds.c')

diff --git a/src/server_lds.c b/src/server_lds.c
index a7794aa..12dfe59 100644
--- a/src/server_lds.c
+++ b/src/server_lds.c
@@ -10,6 +10,7 @@
 
 #include "common.h"
 
+#include <open62541/plugin/accesscontrol_default.h>
 #include <open62541/plugin/log_stdout.h>
 #include <open62541/server.h>
 #include <open62541/server_config_default.h>
@@ -66,6 +67,19 @@ main (int argc, char *argv[])
 
   UA_ServerConfig *serverConfig = UA_Server_getConfig (server);
 
+  /* Disallow anonymous sessions.
+     UA_ServerConfig_setDefaultWithSecurityPolicies (called by
+     createSecureServer) resets access control, so this must come after server
+     creation.  The static credential list is deep-copied. */
+  UA_UsernamePasswordLogin logins[]
+      = { { UA_STRING_STATIC ("user"), UA_STRING_STATIC ("password") } };
+  retval = UA_AccessControl_default (serverConfig, false, NULL, 1, logins);
+  if (retval != UA_STATUSCODE_GOOD)
+    {
+      UA_Server_delete (server);
+      return EXIT_FAILURE;
+    }
+
   /* Mark this server as a Discovery Server so clients can identify it. */
   serverConfig->applicationDescription.applicationType
       = UA_APPLICATIONTYPE_DISCOVERYSERVER;
-- 
cgit v1.2.3