Hello,
I am currently using the ANSI C sdk evaluation. in the third server lesson security 3 I have done as described but when i log in Anonymously. I see the three variables and can edit them all. I didn't edit the code i just moved UA Expert Certificated from rejected to trusted/certs .The server is running on Debian virtual machine and UA Expert on windows host machine. I have checked the "group" and "passwd" files, they are both on the same folder as server executable. any ideas what could I be doing wrong ?
thanks
Security Lesson 3: Assigning Access Rights to Nodes
Moderator: uasdkc
-
- Jr. Member
- Posts: 2
- Joined: 02 Feb 2017, 11:03
- Support Team
- Hero Member
- Posts: 3070
- Joined: 18 Mar 2011, 15:09
Re: Security Lesson 3: Assigning Access Rights to Nodes
Hello FaMo,
thank you for informing us about this issue. The reason for this behaviour is that we changed the default root and anonymous user IDs in version 1.7.0 of the SDK to be consistent with our other SDKs. Unfortunately, the used IDs in security lesson 03 are hard coded and have not been adapted. We will change the lesson to use the user names instead in the next version of the SDK.
Until then you can replace the function CustomProvider_CreateSampleNodes in lesson_security03/custom_provider.c with following version to resolve the issue:
thank you for informing us about this issue. The reason for this behaviour is that we changed the default root and anonymous user IDs in version 1.7.0 of the SDK to be consistent with our other SDKs. Unfortunately, the used IDs in security lesson 03 are hard coded and have not been adapted. We will change the lesson to use the user names instead in the next version of the SDK.
Until then you can replace the function CustomProvider_CreateSampleNodes in lesson_security03/custom_provider.c with following version to resolve the issue:
Code: Select all
OpcUa_StatusCode CustomProvider_CreateSampleNodes(OpcUa_BaseNode *a_pOwner, OpcUa_NodeId *a_pStartingNodeId)
{
/*! [CreateSampleNodes prototype] */
OpcUa_DataVariable *pVariable = OpcUa_Null;
OpcUa_Variant *pValue = OpcUa_Null;
UaServer_AddressSpace *pAddressSpace = &g_pCustomProvider->AddressSpace;
UaServer_AddressSpace *pServerAddressSpace = OpcUa_Null;
OpcUa_NodeId nodeId, referenceNodeId, typeNodeId;
OpcUa_uid_t uidAnonymous = 0, uidRoot = 0;
OpcUa_gid_t gidAnonymous = 0, gidRoot = 0;
OpcUa_InitializeStatus(OpcUa_Module_Server, "CustomProvider_CreateSampleNodes");
OpcUa_ReturnErrorIfArgumentNull(a_pOwner);
OpcUa_ReturnErrorIfArgumentNull(a_pStartingNodeId);
UaServer_AddressSpace_Get(0, &pServerAddressSpace);
OpcUa_NodeId_Initialize(&nodeId);
OpcUa_NodeId_Initialize(&referenceNodeId);
OpcUa_NodeId_Initialize(&typeNodeId);
uStatus = UaServer_GetUserId(OpcUa_String_FromCString("anonymous"), &uidAnonymous, &gidAnonymous);
OpcUa_GotoErrorIfBad(uStatus);
uStatus = UaServer_GetUserId(OpcUa_String_FromCString("root"), &uidRoot, &gidRoot);
OpcUa_GotoErrorIfBad(uStatus);
/*! [RW all] */
/* Create variable that is read- and writable by all users */
a_pStartingNodeId->Identifier.Numeric++;
uStatus = UaServer_CreateDataVariable(pAddressSpace,
&pVariable,
a_pOwner,
a_pStartingNodeId->Identifier.Numeric,
g_uCustomProvider_NamespaceIndex,
"Sample_WriteAll_ReadAll");
OpcUa_GotoErrorIfBad(uStatus);
OpcUa_Variable_SetDataType_Numeric(pVariable, OpcUaId_UInt32, 0);
pValue = OpcUa_Variable_GetValue(pVariable);
pValue->Datatype = OpcUaType_UInt32;
pValue->Value.UInt32 = 100;
UaServer_UserMgt_SetPermissions((OpcUa_BaseNode*)pVariable,
uidAnonymous,
gidAnonymous,
0x0FFF);
/*! [RW all] */
/*! [R all RW root] */
/* Create variable that is readable by all users and only writable by user 'root' */
a_pStartingNodeId->Identifier.Numeric++;
uStatus = UaServer_CreateDataVariable(pAddressSpace,
&pVariable,
a_pOwner,
a_pStartingNodeId->Identifier.Numeric,
g_uCustomProvider_NamespaceIndex,
"Sample_WriteRoot_ReadAll");
OpcUa_GotoErrorIfBad(uStatus);
OpcUa_Variable_SetDataType_Numeric(pVariable, OpcUaId_UInt32, 0);
pValue = OpcUa_Variable_GetValue(pVariable);
pValue->Datatype = OpcUaType_UInt32;
pValue->Value.UInt32 = 100;
UaServer_UserMgt_SetPermissions((OpcUa_BaseNode*)pVariable,
uidRoot,
gidRoot,
UA_USER_ATTRWRITABLE | UA_USER_WRITABLE | UA_USER_READABLE | UA_USER_BROWSEABLE |
UA_GROUP_READABLE | UA_GROUP_BROWSEABLE |
UA_OTHER_READABLE | UA_OTHER_BROWSEABLE);
/*! [R all RW root] */
/*! [RW root] */
/* Create variable that is read- and writable only by user 'root' */
a_pStartingNodeId->Identifier.Numeric++;
uStatus = UaServer_CreateDataVariable(pAddressSpace,
&pVariable,
a_pOwner,
a_pStartingNodeId->Identifier.Numeric,
g_uCustomProvider_NamespaceIndex,
"Sample_WriteRoot_ReadRoot");
OpcUa_GotoErrorIfBad(uStatus);
OpcUa_Variable_SetDataType_Numeric(pVariable, OpcUaId_UInt32, 0);
pValue = OpcUa_Variable_GetValue(pVariable);
pValue->Datatype = OpcUaType_UInt32;
pValue->Value.UInt32 = 100;
UaServer_UserMgt_SetPermissions((OpcUa_BaseNode*)pVariable,
uidRoot,
gidRoot,
UA_USER_ATTRWRITABLE | UA_USER_WRITABLE | UA_USER_READABLE | UA_USER_BROWSEABLE);
/*! [RW root] */
OpcUa_ReturnStatusCode;
OpcUa_BeginErrorHandling;
OpcUa_FinishErrorHandling;
}
Best regards
Unified Automation Support Team
Unified Automation Support Team