/* The request/response are casted to the header (first element of their struct) */ static void invoke_service(UA_Server *server, UA_SecureChannel *channel, UA_UInt32 requestId, UA_RequestHeader *request, const UA_DataType *responseType, void (*service)(UA_Server*, UA_Session*, void*, void*)) { UA_ResponseHeader *response = UA_alloca(responseType->memSize); UA_init(response, responseType); init_response_header(request, response); /* try to get the session from the securechannel first */ UA_Session *session = UA_SecureChannel_getSession(channel, &request->authenticationToken); if(!session) session = UA_SessionManager_getSession(&server->sessionManager, &request->authenticationToken); if(!session) response->serviceResult = UA_STATUSCODE_BADSESSIONIDINVALID; else if(session->activated == UA_FALSE) { response->serviceResult = UA_STATUSCODE_BADSESSIONNOTACTIVATED; /* the session is invalidated FIXME: do this delayed*/ UA_SessionManager_removeSession(&server->sessionManager, &request->authenticationToken); } else if(session->channel != channel) { response->serviceResult = UA_STATUSCODE_BADSESSIONIDINVALID; } else { UA_Session_updateLifetime(session); service(server, session, request, response); } UA_SecureChannel_sendBinaryMessage(channel, requestId, response, responseType); UA_deleteMembers(response, responseType); }
void Service_CloseSession(UA_Server *server, UA_Session *session, const UA_CloseSessionRequest *request, UA_CloseSessionResponse *response) { UA_Session *foundSession = UA_SessionManager_getSession(&server->sessionManager, (const UA_NodeId*)&request->requestHeader.authenticationToken); if(foundSession == UA_NULL) response->responseHeader.serviceResult = UA_STATUSCODE_BADSESSIONIDINVALID; else response->responseHeader.serviceResult = UA_SessionManager_removeSession(&server->sessionManager, server, &session->authenticationToken); }
static void processMSG(UA_Server *server, UA_SecureChannel *channel, UA_UInt32 requestId, const UA_ByteString *msg) { /* At 0, the nodeid starts... */ size_t ppos = 0; size_t *offset = &ppos; /* Decode the nodeid */ UA_NodeId requestTypeId; UA_StatusCode retval = UA_NodeId_decodeBinary(msg, offset, &requestTypeId); if(retval != UA_STATUSCODE_GOOD) return; if(requestTypeId.identifierType != UA_NODEIDTYPE_NUMERIC) UA_NodeId_deleteMembers(&requestTypeId); /* leads to badserviceunsupported */ /* Store the start-position of the request */ size_t requestPos = *offset; /* Get the service pointers */ UA_Service service = NULL; const UA_DataType *requestType = NULL; const UA_DataType *responseType = NULL; UA_Boolean sessionRequired = true; getServicePointers(requestTypeId.identifier.numeric, &requestType, &responseType, &service, &sessionRequired); if(!requestType) { if(requestTypeId.identifier.numeric == 787) { UA_LOG_INFO_CHANNEL(server->config.logger, channel, "Client requested a subscription, " \ "but those are not enabled in the build"); } else { UA_LOG_INFO_CHANNEL(server->config.logger, channel, "Unknown request %i", requestTypeId.identifier.numeric); } sendError(channel, msg, requestPos, &UA_TYPES[UA_TYPES_SERVICEFAULT], requestId, UA_STATUSCODE_BADSERVICEUNSUPPORTED); return; } UA_assert(responseType); #ifdef UA_ENABLE_NONSTANDARD_STATELESS /* Stateless extension: Sessions are optional */ sessionRequired = false; #endif /* Decode the request */ void *request = UA_alloca(requestType->memSize); UA_RequestHeader *requestHeader = (UA_RequestHeader*)request; retval = UA_decodeBinary(msg, offset, request, requestType); if(retval != UA_STATUSCODE_GOOD) { UA_LOG_DEBUG_CHANNEL(server->config.logger, channel, "Could not decode the request"); sendError(channel, msg, requestPos, responseType, requestId, retval); return; } /* Prepare the respone */ void *response = UA_alloca(responseType->memSize); UA_init(response, responseType); UA_Session *session = NULL; /* must be initialized before goto send_response */ /* CreateSession doesn't need a session */ if(requestType == &UA_TYPES[UA_TYPES_CREATESESSIONREQUEST]) { Service_CreateSession(server, channel, request, response); goto send_response; } /* Find the matching session */ session = UA_SecureChannel_getSession(channel, &requestHeader->authenticationToken); if(!session) session = UA_SessionManager_getSession(&server->sessionManager, &requestHeader->authenticationToken); if(requestType == &UA_TYPES[UA_TYPES_ACTIVATESESSIONREQUEST]) { if(!session) { UA_LOG_DEBUG_CHANNEL(server->config.logger, channel, "Trying to activate a session that is " \ "not known in the server"); sendError(channel, msg, requestPos, responseType, requestId, UA_STATUSCODE_BADSESSIONIDINVALID); UA_deleteMembers(request, requestType); return; } Service_ActivateSession(server, channel, session, request, response); goto send_response; } /* Set an anonymous, inactive session for services that need no session */ UA_Session anonymousSession; if(!session) { if(sessionRequired) { UA_LOG_INFO_CHANNEL(server->config.logger, channel, "Service request %i without a valid session", requestType->binaryEncodingId); sendError(channel, msg, requestPos, responseType, requestId, UA_STATUSCODE_BADSESSIONIDINVALID); UA_deleteMembers(request, requestType); return; } UA_Session_init(&anonymousSession); anonymousSession.sessionId = UA_NODEID_GUID(0, UA_GUID_NULL); anonymousSession.channel = channel; session = &anonymousSession; } /* Trying to use a non-activated session? */ if(sessionRequired && !session->activated) { UA_LOG_INFO_SESSION(server->config.logger, session, "Calling service %i on a non-activated session", requestType->binaryEncodingId); sendError(channel, msg, requestPos, responseType, requestId, UA_STATUSCODE_BADSESSIONNOTACTIVATED); UA_SessionManager_removeSession(&server->sessionManager, &session->authenticationToken); UA_deleteMembers(request, requestType); return; } /* The session is bound to another channel */ if(session->channel != channel) { UA_LOG_DEBUG_CHANNEL(server->config.logger, channel, "Client tries to use an obsolete securechannel"); sendError(channel, msg, requestPos, responseType, requestId, UA_STATUSCODE_BADSECURECHANNELIDINVALID); UA_deleteMembers(request, requestType); return; } /* Update the session lifetime */ UA_Session_updateLifetime(session); #ifdef UA_ENABLE_SUBSCRIPTIONS /* The publish request is not answered immediately */ if(requestType == &UA_TYPES[UA_TYPES_PUBLISHREQUEST]) { Service_Publish(server, session, request, requestId); UA_deleteMembers(request, requestType); return; } #endif /* Call the service */ UA_assert(service); /* For all services besides publish, the service pointer is non-NULL*/ service(server, session, request, response); send_response: /* Send the response */ ((UA_ResponseHeader*)response)->requestHandle = requestHeader->requestHandle; ((UA_ResponseHeader*)response)->timestamp = UA_DateTime_now(); retval = UA_SecureChannel_sendBinaryMessage(channel, requestId, response, responseType); if(retval != UA_STATUSCODE_GOOD) UA_LOG_INFO_CHANNEL(server->config.logger, channel, "Could not send the message over " "the SecureChannel with error code 0x%08x", retval); /* Clean up */ UA_deleteMembers(request, requestType); UA_deleteMembers(response, responseType); }
void Service_ActivateSession(UA_Server *server, UA_SecureChannel *channel, const UA_ActivateSessionRequest *request, UA_ActivateSessionResponse *response) { // make the channel know about the session UA_Session *foundSession = UA_SessionManager_getSession(&server->sessionManager, (const UA_NodeId*)&request->requestHeader.authenticationToken); if(foundSession == UA_NULL) { response->responseHeader.serviceResult = UA_STATUSCODE_BADSESSIONIDINVALID; return; } else if(foundSession->validTill < UA_DateTime_now()) { response->responseHeader.serviceResult = UA_STATUSCODE_BADSESSIONIDINVALID; return; } UA_UserIdentityToken token; UA_UserIdentityToken_init(&token); size_t offset = 0; UA_UserIdentityToken_decodeBinary(&request->userIdentityToken.body, &offset, &token); UA_UserNameIdentityToken username_token; UA_UserNameIdentityToken_init(&username_token); UA_String ap = UA_STRING(ANONYMOUS_POLICY); UA_String up = UA_STRING(USERNAME_POLICY); //(Compatibility notice) //Siemens OPC Scout v10 provides an empty policyId, this is not okay //For compatibility we will assume that empty policyId == ANONYMOUS_POLICY //if(token.policyId.data == UA_NULL) { // /* 1) no policy defined */ // response->responseHeader.serviceResult = UA_STATUSCODE_BADIDENTITYTOKENINVALID; //} else //(End Compatibility notice) if(server->config.Login_enableAnonymous && (token.policyId.data == UA_NULL || UA_String_equal(&token.policyId, &ap))) { /* 2) anonymous logins */ if(foundSession->channel && foundSession->channel != channel) UA_SecureChannel_detachSession(foundSession->channel, foundSession); UA_SecureChannel_attachSession(channel, foundSession); foundSession->activated = UA_TRUE; UA_Session_updateLifetime(foundSession); } else if(server->config.Login_enableUsernamePassword && UA_String_equal(&token.policyId, &up)) { /* 3) username logins */ offset = 0; UA_UserNameIdentityToken_decodeBinary(&request->userIdentityToken.body, &offset, &username_token); if(username_token.encryptionAlgorithm.data != UA_NULL) { /* 3.1) we only support encryption */ response->responseHeader.serviceResult = UA_STATUSCODE_BADIDENTITYTOKENINVALID; } else if(username_token.userName.length == -1 && username_token.password.length == -1){ /* 3.2) empty username and password */ response->responseHeader.serviceResult = UA_STATUSCODE_BADIDENTITYTOKENINVALID; } else { /* 3.3) ok, trying to match the username */ UA_UInt32 i = 0; for(; i < server->config.Login_loginsCount; ++i) { UA_String user = UA_STRING(server->config.Login_usernames[i]); UA_String pw = UA_STRING(server->config.Login_passwords[i]); if(UA_String_equal(&username_token.userName, &user) && UA_String_equal(&username_token.password, &pw)) { /* success - activate */ if(foundSession->channel && foundSession->channel != channel) UA_SecureChannel_detachSession(foundSession->channel, foundSession); UA_SecureChannel_attachSession(channel, foundSession); foundSession->activated = UA_TRUE; UA_Session_updateLifetime(foundSession); break; } } /* no username/pass matched */ if(i >= server->config.Login_loginsCount) response->responseHeader.serviceResult = UA_STATUSCODE_BADUSERACCESSDENIED; } } else { response->responseHeader.serviceResult = UA_STATUSCODE_BADIDENTITYTOKENINVALID; } UA_UserIdentityToken_deleteMembers(&token); UA_UserNameIdentityToken_deleteMembers(&username_token); return; }