Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

User manager and permission ruleset fix #352

Merged
merged 3 commits into from Dec 7, 2020
Merged

User manager and permission ruleset fix #352

merged 3 commits into from Dec 7, 2020

Conversation

Marco9412
Copy link
Contributor

Hello,
I noticed two bugs in UserManager and PermissionRuleSet handling:

  1. the user-defined PermissionRuleset is now propagated and used also into the server endpoint with NoSecurity; without this fix a valid user has full acess to the server if uses an unencrypted connection;
  2. a clear password is now passed to the user-defined UserManager.get_user when using a Basic256Sha256SignAndEncrypt endpoint.

Marco Panato added 2 commits December 4, 2020 16:20
User-defined PermissionRuleset is now propagated to all InternalServe…
1f70165 
…rs Endpoinds (also with the one with SecurityPolicy#None)
Fixed check_user_token method of InternalServer and activate_session …
1cb3e77 
…of InternalSession to provide an encrypted password to the user-defined UserManager
@oroulet
Copy link
Member

oroulet commented Dec 7, 2020

before we can consider to merge that work you need to fix the tests. obvisouly these changes break everything so something is wrong with the patch

@Marco9412
Copy link
Contributor Author

@oroulet I added a check to password which is not provided in many tests, now all tests pass correctly.

JoeyFaulkner
JoeyFaulkner approved these changes Dec 7, 2020
View reviewed changes
Copy link
Member

@JoeyFaulkner JoeyFaulkner left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

looks good to me!

@oroulet oroulet merged commit ac4373e into FreeOpcUa:master Dec 7, 2020
AndreasHeine pushed a commit that referenced this pull request Feb 5, 2021
@Marco9412 @AndreasHeine
User manager and permission ruleset fix (#352)
eb38670 
* User-defined PermissionRuleset is now propagated to all InternalServers Endpoinds (also with the one with SecurityPolicy#None)

* Fixed check_user_token method of InternalServer and activate_session of InternalSession to provide an encrypted password to the user-defined UserManager

* Fixed bug in InternalServer when password is not provided

Co-authored-by: Marco Panato <marco.panato_01@univr.it>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@JoeyFaulkner JoeyFaulkner JoeyFaulkner approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@Marco9412 @oroulet @JoeyFaulkner