Skip to content

How to implement the security ID check #782

New issue
New issue
Open
#783
Open
How to implement the security ID check#782
#783
@okyame

Description

@okyame
okyame
opened on Jan 10, 2019

I have to setup a server that allows clients to login only with username and password.
It work with the example file below.
But I can not disable the Anonymous connection.

import time

from opcua import ua, Server
from opcua.server.user_manager import UserManager

# users database
users_db = {
    'user1': 'passwd1',
    'user2': 'passwd2',
    'user3': 'passwd3',
}


# user manager
def user_manager(isession, username, password):
    print(isession, username, password)
    isession.user = UserManager.User
    return username in users_db and password == users_db[username]


if __name__ == "__main__":

    # setup our server
    server = Server()
    server.set_endpoint("opc.tcp://0.0.0.0:4840/freeopcua/server/")

    # load server certificate and private key. This enables endpoints
    # with signing and encryption.
    server.load_certificate("certificate-example.der")
    server.load_private_key("private-key-example.pem")

    # set all possible endpoint policies for clients to connect through
    server.set_security_policy([
        # ua.SecurityPolicyType.NoSecurity,
        ua.SecurityPolicyType.Basic256Sha256_SignAndEncrypt,
        # ua.SecurityPolicyType.Basic256Sha256_Sign,
    ])

    # set the security endpoints for identification of clients
    # self.server.set_security_IDs(["Anonymous", "Basic256Sha256", "Username"])
    server.set_security_IDs(["Username"])

    # set the user_manager function
    server.user_manager.set_user_manager(user_manager)

    # starting!
    server.start()

    print("Endpoints : ", str(server.get_endpoints()).replace(',', '\n'))

    try:
        while True:
            time.sleep(5)
    finally:
        # close connection, remove subscriptions, etc
        server.stop()

In the server.py file, it's written that :

    def set_security_IDs(self, policyIDs):
        """
            Method setting up the security endpoints for identification
            of clients. During server object initialization, all possible
            endpoints are enabled:

            self._policyIDs = ["Anonymous", "Basic256Sha256", "Username"]

            E.g. to limit the number of IDs and disable anonymous clients:

                set_security_policy(["Basic256Sha256"])

            (Implementation for ID check is currently not finalized...)

        """
        self._policyIDs = policyIDs

Someone can tell me where to look to implement this ? (I'm new in opc ua world)

Thanks

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions