Commit 517a8377 authored by Ivan Tyagov's avatar Ivan Tyagov

Access control

See merge request nexedi/osie!11
parents 4b21b84c 787609c2
...@@ -22,6 +22,7 @@ ...@@ -22,6 +22,7 @@
#include <signal.h> #include <signal.h>
#include "open62541.h" #include "open62541.h"
#include <argp.h> #include <argp.h>
#include <string.h>
// The default port of OPC-UA server // The default port of OPC-UA server
const int DEFAULT_OPC_UA_PORT = 4840; const int DEFAULT_OPC_UA_PORT = 4840;
...@@ -38,6 +39,8 @@ static struct argp_option options[] = { ...@@ -38,6 +39,8 @@ static struct argp_option options[] = {
{ "slave-address-list", 's', "0x58", 0, "Comma separated list of slave I2C addresses."}, { "slave-address-list", 's', "0x58", 0, "Comma separated list of slave I2C addresses."},
{ "mode", 'm', "0", 0, "Set different modes of operation of coupler. Default (0) is set attached \ { "mode", 'm', "0", 0, "Set different modes of operation of coupler. Default (0) is set attached \
I2C's state state. Virtual (1) which does NOT set any I2C slaves' state."}, I2C's state state. Virtual (1) which does NOT set any I2C slaves' state."},
{ "username", 'u', "", 0, "Username."},
{ "password", 'w', "", 0, "Password."},
{ 0 } { 0 }
}; };
...@@ -46,6 +49,8 @@ struct arguments { ...@@ -46,6 +49,8 @@ struct arguments {
int port; int port;
char *device; char *device;
char *slave_address_list; char *slave_address_list;
char *username;
char *password;
}; };
static error_t parse_opt(int key, char *arg, struct argp_state *state) { static error_t parse_opt(int key, char *arg, struct argp_state *state) {
...@@ -53,19 +58,22 @@ static error_t parse_opt(int key, char *arg, struct argp_state *state) { ...@@ -53,19 +58,22 @@ static error_t parse_opt(int key, char *arg, struct argp_state *state) {
switch (key) { switch (key) {
case 'p': case 'p':
arguments->port = arg ? atoi (arg) : DEFAULT_OPC_UA_PORT; arguments->port = arg ? atoi (arg) : DEFAULT_OPC_UA_PORT;
//printf("got arg port=%s\n", arg);
break; break;
case 'd': case 'd':
arguments->device = arg; arguments->device = arg;
//printf("got arg device=%s\n", arg);
break; break;
case 's': case 's':
arguments->slave_address_list = arg; arguments->slave_address_list = arg;
//printf("got arg slave_address_list=%s\n", arg);
break; break;
case 'm': case 'm':
arguments->mode = arg ? atoi (arg) : DEFAULT_MODE; arguments->mode = arg ? atoi (arg) : DEFAULT_MODE;
break; break;
case 'u':
arguments->username = arg;
break;
case 'w':
arguments->password = arg;
break;
case ARGP_KEY_ARG: case ARGP_KEY_ARG:
return 0; return 0;
default: default:
...@@ -457,6 +465,8 @@ int main(int argc, char **argv) { ...@@ -457,6 +465,8 @@ int main(int argc, char **argv) {
arguments.mode = DEFAULT_MODE; arguments.mode = DEFAULT_MODE;
arguments.device = DEFAULT_I2C_BLOCK_DEVICE_NAME; arguments.device = DEFAULT_I2C_BLOCK_DEVICE_NAME;
arguments.slave_address_list = DEFAULT_I2C_0_ADDR; arguments.slave_address_list = DEFAULT_I2C_0_ADDR;
arguments.username = "";
arguments.password = "";
argp_parse(&argp, argc, argv, 0, 0, &arguments); argp_parse(&argp, argc, argv, 0, 0, &arguments);
printf("Mode=%d\n", arguments.mode); printf("Mode=%d\n", arguments.mode);
printf("Listening port=%d\n", arguments.port); printf("Listening port=%d\n", arguments.port);
...@@ -489,11 +499,24 @@ int main(int argc, char **argv) { ...@@ -489,11 +499,24 @@ int main(int argc, char **argv) {
UA_ServerConfig* config = UA_Server_getConfig(server); UA_ServerConfig* config = UA_Server_getConfig(server);
config->verifyRequestTimestamp = UA_RULEHANDLING_ACCEPT; config->verifyRequestTimestamp = UA_RULEHANDLING_ACCEPT;
// add variables representing physical relarys / inputs, etc
addVariable(server); addVariable(server);
addValueCallbackToCurrentTimeVariable(server); addValueCallbackToCurrentTimeVariable(server);
/* Disable anonymous logins, enable two user/password logins */
if (strlen(arguments.username) > 0 && strlen(arguments.password) > 0){
char *username = arguments.username;
char *password = arguments.password;
UA_UsernamePasswordLogin logins[1] = {
{UA_STRING(arguments.username), UA_STRING(arguments.password)},
};
config->accessControl.clear(&config->accessControl);
UA_StatusCode retval1 = UA_AccessControl_default(config, false, NULL,
&config->securityPolicies[config->securityPoliciesSize-1].policyUri, 1, logins);
}
// run server
UA_StatusCode retval = UA_Server_run(server, &running); UA_StatusCode retval = UA_Server_run(server, &running);
UA_Server_delete(server); UA_Server_delete(server);
// always leave attached slaves to a known safe shutdown state // always leave attached slaves to a known safe shutdown state
......
...@@ -3,7 +3,7 @@ filename = instance-modbus.cfg.in ...@@ -3,7 +3,7 @@ filename = instance-modbus.cfg.in
md5sum = 8637c6b714a0bb9f27c86f3928049b98 md5sum = 8637c6b714a0bb9f27c86f3928049b98
filename = instance-opc-ua.cfg.in filename = instance-opc-ua.cfg.in
md5sum = b6cf47dc85a0c1086cca5e3edcf969ab md5sum = 38e19f425129df64066f34e5ac06f5dd
filename = instance-opc-ua-virtual.cfg.in filename = instance-opc-ua-virtual.cfg.in
md5sum = 49f84a499d258771651983dec90e98c1 md5sum = 6277def85d4b602bba40c868e2daa779
...@@ -21,7 +21,7 @@ extends = {{ template_monitor }} ...@@ -21,7 +21,7 @@ extends = {{ template_monitor }}
recipe = slapos.cookbook:wrapper recipe = slapos.cookbook:wrapper
# start with defaults # start with defaults
command-line = command-line =
{{ buildout['bin-directory'] }}/server -d ${instance-parameter:configuration.coupler_block_device} -s ${instance-parameter:configuration.coupler_i2c_slave_list} -m 1 -p ${instance-parameter:configuration.opc_ua_port} {{ buildout['bin-directory'] }}/server -d ${instance-parameter:configuration.coupler_block_device} -s ${instance-parameter:configuration.coupler_i2c_slave_list} -m 1 -p ${instance-parameter:configuration.opc_ua_port} -u ${instance-parameter:username} -w ${instance-parameter:password}
wrapper-path = ${directory:service}/coupler-opc-ua-virtual wrapper-path = ${directory:service}/coupler-opc-ua-virtual
...@@ -49,6 +49,8 @@ configuration.coupler_i2c_slave_list = 0x58 ...@@ -49,6 +49,8 @@ configuration.coupler_i2c_slave_list = 0x58
# In our use case, we are expecting from the user to specify one (optional) parameter: "name". We put the default value here if he doesn't specify it, so that it doesn't crash. # In our use case, we are expecting from the user to specify one (optional) parameter: "name". We put the default value here if he doesn't specify it, so that it doesn't crash.
configuration.interface = 0.0.0.0 configuration.interface = 0.0.0.0
configuration.opc_ua_port = 4840 configuration.opc_ua_port = 4840
configuration.username =
configuration.password =
# If our use case requires that the user can specify a mail address so that his instance can mail to him (for example), we can do: # If our use case requires that the user can specify a mail address so that his instance can mail to him (for example), we can do:
# configuration.mail-address = # configuration.mail-address =
# If the user doesn't specify it, it won't break and the recipe can handle it (i.e don't send any mail for example). # If the user doesn't specify it, it won't break and the recipe can handle it (i.e don't send any mail for example).
......
...@@ -21,7 +21,7 @@ extends = {{ template_monitor }} ...@@ -21,7 +21,7 @@ extends = {{ template_monitor }}
recipe = slapos.cookbook:wrapper recipe = slapos.cookbook:wrapper
# start with defaults # start with defaults
command-line = command-line =
{{ buildout['bin-directory'] }}/server -d ${instance-parameter:configuration.coupler_block_device} -s ${instance-parameter:configuration.coupler_i2c_slave_list} -p ${instance-parameter:configuration.opc_ua_port} {{ buildout['bin-directory'] }}/server -d ${instance-parameter:configuration.coupler_block_device} -s ${instance-parameter:configuration.coupler_i2c_slave_list} -p ${instance-parameter:configuration.opc_ua_port} -u ${instance-parameter:username} -w ${instance-parameter:password}
wrapper-path = ${directory:service}/coupler-opc-ua wrapper-path = ${directory:service}/coupler-opc-ua
...@@ -42,6 +42,8 @@ cert = ${slap-connection:cert-file} ...@@ -42,6 +42,8 @@ cert = ${slap-connection:cert-file}
configuration.coupler_block_device = /dev/i2c-1 configuration.coupler_block_device = /dev/i2c-1
configuration.coupler_i2c_slave_list = 0x58 configuration.coupler_i2c_slave_list = 0x58
configuration.username =
configuration.password =
# Define default parameter(s) that will be used later, in case user didn't # Define default parameter(s) that will be used later, in case user didn't
# specify it. # specify it.
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment