/* The request/response are casted to the header (first element of their struct) */
static void invoke_service(UA_Server *server, UA_SecureChannel *channel,
UA_UInt32 requestId, UA_RequestHeader *request, const UA_DataType *responseType,
void (*service)(UA_Server*, UA_Session*, void*, void*)) {
UA_ResponseHeader *response = UA_alloca(responseType->memSize);
UA_init(response, responseType);
init_response_header(request, response);
/* try to get the session from the securechannel first */
UA_Session *session = UA_SecureChannel_getSession(channel, &request->authenticationToken);
if(!session)
session = UA_SessionManager_getSession(&server->sessionManager, &request->authenticationToken);
if(!session)
response->serviceResult = UA_STATUSCODE_BADSESSIONIDINVALID;
else if(session->activated == UA_FALSE) {
response->serviceResult = UA_STATUSCODE_BADSESSIONNOTACTIVATED;
/* the session is invalidated FIXME: do this delayed*/
UA_SessionManager_removeSession(&server->sessionManager, &request->authenticationToken);
} else if(session->channel != channel) {
response->serviceResult = UA_STATUSCODE_BADSESSIONIDINVALID;
} else {
UA_Session_updateLifetime(session);
service(server, session, request, response);
}
UA_SecureChannel_sendBinaryMessage(channel, requestId, response, responseType);
UA_deleteMembers(response, responseType);
}
void Service_CloseSession(UA_Server *server, UA_Session *session, const UA_CloseSessionRequest *request,
UA_CloseSessionResponse *response) {
UA_Session *foundSession =
UA_SessionManager_getSession(&server->sessionManager,
(const UA_NodeId*)&request->requestHeader.authenticationToken);
if(foundSession == UA_NULL)
response->responseHeader.serviceResult = UA_STATUSCODE_BADSESSIONIDINVALID;
else
response->responseHeader.serviceResult =
UA_SessionManager_removeSession(&server->sessionManager, server, &session->authenticationToken);
}
static void
processMSG(UA_Server *server, UA_SecureChannel *channel,
UA_UInt32 requestId, const UA_ByteString *msg) {
/* At 0, the nodeid starts... */
size_t ppos = 0;
size_t *offset = &ppos;
/* Decode the nodeid */
UA_NodeId requestTypeId;
UA_StatusCode retval = UA_NodeId_decodeBinary(msg, offset, &requestTypeId);
if(retval != UA_STATUSCODE_GOOD)
return;
if(requestTypeId.identifierType != UA_NODEIDTYPE_NUMERIC)
UA_NodeId_deleteMembers(&requestTypeId); /* leads to badserviceunsupported */
/* Store the start-position of the request */
size_t requestPos = *offset;
/* Get the service pointers */
UA_Service service = NULL;
const UA_DataType *requestType = NULL;
const UA_DataType *responseType = NULL;
UA_Boolean sessionRequired = true;
getServicePointers(requestTypeId.identifier.numeric, &requestType,
&responseType, &service, &sessionRequired);
if(!requestType) {
if(requestTypeId.identifier.numeric == 787) {
UA_LOG_INFO_CHANNEL(server->config.logger, channel,
"Client requested a subscription, " \
"but those are not enabled in the build");
} else {
UA_LOG_INFO_CHANNEL(server->config.logger, channel, "Unknown request %i",
requestTypeId.identifier.numeric);
}
sendError(channel, msg, requestPos, &UA_TYPES[UA_TYPES_SERVICEFAULT],
requestId, UA_STATUSCODE_BADSERVICEUNSUPPORTED);
return;
}
UA_assert(responseType);
#ifdef UA_ENABLE_NONSTANDARD_STATELESS
/* Stateless extension: Sessions are optional */
sessionRequired = false;
#endif
/* Decode the request */
void *request = UA_alloca(requestType->memSize);
UA_RequestHeader *requestHeader = (UA_RequestHeader*)request;
retval = UA_decodeBinary(msg, offset, request, requestType);
if(retval != UA_STATUSCODE_GOOD) {
UA_LOG_DEBUG_CHANNEL(server->config.logger, channel, "Could not decode the request");
sendError(channel, msg, requestPos, responseType, requestId, retval);
return;
}
/* Prepare the respone */
void *response = UA_alloca(responseType->memSize);
UA_init(response, responseType);
UA_Session *session = NULL; /* must be initialized before goto send_response */
/* CreateSession doesn't need a session */
if(requestType == &UA_TYPES[UA_TYPES_CREATESESSIONREQUEST]) {
Service_CreateSession(server, channel, request, response);
goto send_response;
}
/* Find the matching session */
session = UA_SecureChannel_getSession(channel, &requestHeader->authenticationToken);
if(!session)
session = UA_SessionManager_getSession(&server->sessionManager,
&requestHeader->authenticationToken);
if(requestType == &UA_TYPES[UA_TYPES_ACTIVATESESSIONREQUEST]) {
if(!session) {
UA_LOG_DEBUG_CHANNEL(server->config.logger, channel,
"Trying to activate a session that is " \
"not known in the server");
sendError(channel, msg, requestPos, responseType,
requestId, UA_STATUSCODE_BADSESSIONIDINVALID);
UA_deleteMembers(request, requestType);
return;
}
Service_ActivateSession(server, channel, session, request, response);
goto send_response;
}
/* Set an anonymous, inactive session for services that need no session */
UA_Session anonymousSession;
if(!session) {
if(sessionRequired) {
UA_LOG_INFO_CHANNEL(server->config.logger, channel,
"Service request %i without a valid session",
requestType->binaryEncodingId);
sendError(channel, msg, requestPos, responseType,
requestId, UA_STATUSCODE_BADSESSIONIDINVALID);
UA_deleteMembers(request, requestType);
return;
}
UA_Session_init(&anonymousSession);
anonymousSession.sessionId = UA_NODEID_GUID(0, UA_GUID_NULL);
anonymousSession.channel = channel;
session = &anonymousSession;
}
/* Trying to use a non-activated session? */
if(sessionRequired && !session->activated) {
UA_LOG_INFO_SESSION(server->config.logger, session,
"Calling service %i on a non-activated session",
requestType->binaryEncodingId);
sendError(channel, msg, requestPos, responseType,
requestId, UA_STATUSCODE_BADSESSIONNOTACTIVATED);
UA_SessionManager_removeSession(&server->sessionManager,
&session->authenticationToken);
UA_deleteMembers(request, requestType);
return;
}
/* The session is bound to another channel */
if(session->channel != channel) {
UA_LOG_DEBUG_CHANNEL(server->config.logger, channel,
"Client tries to use an obsolete securechannel");
sendError(channel, msg, requestPos, responseType,
requestId, UA_STATUSCODE_BADSECURECHANNELIDINVALID);
UA_deleteMembers(request, requestType);
return;
}
/* Update the session lifetime */
UA_Session_updateLifetime(session);
#ifdef UA_ENABLE_SUBSCRIPTIONS
/* The publish request is not answered immediately */
if(requestType == &UA_TYPES[UA_TYPES_PUBLISHREQUEST]) {
Service_Publish(server, session, request, requestId);
UA_deleteMembers(request, requestType);
return;
}
#endif
/* Call the service */
UA_assert(service); /* For all services besides publish, the service pointer is non-NULL*/
service(server, session, request, response);
send_response:
/* Send the response */
((UA_ResponseHeader*)response)->requestHandle = requestHeader->requestHandle;
((UA_ResponseHeader*)response)->timestamp = UA_DateTime_now();
retval = UA_SecureChannel_sendBinaryMessage(channel, requestId, response, responseType);
if(retval != UA_STATUSCODE_GOOD)
UA_LOG_INFO_CHANNEL(server->config.logger, channel, "Could not send the message over "
"the SecureChannel with error code 0x%08x", retval);
/* Clean up */
UA_deleteMembers(request, requestType);
UA_deleteMembers(response, responseType);
}
void Service_ActivateSession(UA_Server *server, UA_SecureChannel *channel,
const UA_ActivateSessionRequest *request,
UA_ActivateSessionResponse *response) {
// make the channel know about the session
UA_Session *foundSession =
UA_SessionManager_getSession(&server->sessionManager,
(const UA_NodeId*)&request->requestHeader.authenticationToken);
if(foundSession == UA_NULL) {
response->responseHeader.serviceResult = UA_STATUSCODE_BADSESSIONIDINVALID;
return;
} else if(foundSession->validTill < UA_DateTime_now()) {
response->responseHeader.serviceResult = UA_STATUSCODE_BADSESSIONIDINVALID;
return;
}
UA_UserIdentityToken token;
UA_UserIdentityToken_init(&token);
size_t offset = 0;
UA_UserIdentityToken_decodeBinary(&request->userIdentityToken.body, &offset, &token);
UA_UserNameIdentityToken username_token;
UA_UserNameIdentityToken_init(&username_token);
UA_String ap = UA_STRING(ANONYMOUS_POLICY);
UA_String up = UA_STRING(USERNAME_POLICY);
//(Compatibility notice)
//Siemens OPC Scout v10 provides an empty policyId, this is not okay
//For compatibility we will assume that empty policyId == ANONYMOUS_POLICY
//if(token.policyId.data == UA_NULL) {
// /* 1) no policy defined */
// response->responseHeader.serviceResult = UA_STATUSCODE_BADIDENTITYTOKENINVALID;
//} else
//(End Compatibility notice)
if(server->config.Login_enableAnonymous && (token.policyId.data == UA_NULL || UA_String_equal(&token.policyId, &ap))) {
/* 2) anonymous logins */
if(foundSession->channel && foundSession->channel != channel)
UA_SecureChannel_detachSession(foundSession->channel, foundSession);
UA_SecureChannel_attachSession(channel, foundSession);
foundSession->activated = UA_TRUE;
UA_Session_updateLifetime(foundSession);
} else if(server->config.Login_enableUsernamePassword && UA_String_equal(&token.policyId, &up)) {
/* 3) username logins */
offset = 0;
UA_UserNameIdentityToken_decodeBinary(&request->userIdentityToken.body, &offset, &username_token);
if(username_token.encryptionAlgorithm.data != UA_NULL) {
/* 3.1) we only support encryption */
response->responseHeader.serviceResult = UA_STATUSCODE_BADIDENTITYTOKENINVALID;
} else if(username_token.userName.length == -1 && username_token.password.length == -1){
/* 3.2) empty username and password */
response->responseHeader.serviceResult = UA_STATUSCODE_BADIDENTITYTOKENINVALID;
} else {
/* 3.3) ok, trying to match the username */
UA_UInt32 i = 0;
for(; i < server->config.Login_loginsCount; ++i) {
UA_String user = UA_STRING(server->config.Login_usernames[i]);
UA_String pw = UA_STRING(server->config.Login_passwords[i]);
if(UA_String_equal(&username_token.userName, &user) &&
UA_String_equal(&username_token.password, &pw)) {
/* success - activate */
if(foundSession->channel && foundSession->channel != channel)
UA_SecureChannel_detachSession(foundSession->channel, foundSession);
UA_SecureChannel_attachSession(channel, foundSession);
foundSession->activated = UA_TRUE;
UA_Session_updateLifetime(foundSession);
break;
}
}
/* no username/pass matched */
if(i >= server->config.Login_loginsCount)
response->responseHeader.serviceResult = UA_STATUSCODE_BADUSERACCESSDENIED;
}
} else {
response->responseHeader.serviceResult = UA_STATUSCODE_BADIDENTITYTOKENINVALID;
}
UA_UserIdentityToken_deleteMembers(&token);
UA_UserNameIdentityToken_deleteMembers(&username_token);
return;
}
