Skip to content

Commit

Permalink
Implement logic for ApplyRestrictionsToBrowse flag in AccessRestricti…
Browse files Browse the repository at this point in the history 
…onType (#1395)
  • Loading branch information
@AlinMoldovean
AlinMoldovean committed May 11, 2021
1 parent 8b9bbe2 commit 49909c6
Showing 1 changed file with 12 additions and 6 deletions.
18 changes: 12 additions & 6 deletions Libraries/Opc.Ua.Server/NodeManager/MasterNodeManager.cs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -325,7 +325,7 @@ public virtual void Startup()
}
}

// update external references.
// update external references.
for (int ii = 0; ii < m_nodeManagers.Count; ii++)
{
INodeManager nodeManager = m_nodeManagers[ii];
Expand Down Expand Up @@ -1102,7 +1102,7 @@ public void RemoveReferences(List<LocalReference> referencesToRemove)
/// <param name="nodesCollection">The collection of nodes on which the service operates uppon</param>
/// <param name="uniqueNodesServiceAttributes">The resulting cache that holds the values of the AccessRestrictions and RolePermissions attributes needed for Read service</param>
private void PrepareValidationCache<T>(List<T> nodesCollection,
out Dictionary<NodeId, List<object>> uniqueNodesServiceAttributes)
out Dictionary<NodeId, List<object>> uniqueNodesServiceAttributes)
{
List<NodeId> uniqueNodes = new List<NodeId>();
for (int i = 0; i < nodesCollection.Count; i++)
Expand Down Expand Up @@ -1524,7 +1524,6 @@ public void RemoveReferences(List<LocalReference> referencesToRemove)
"MasterNodeManager.Read - Count={0}",
nodesToRead.Count);


Dictionary<NodeId, List<object>> uniqueNodesReadAttributes;
PrepareValidationCache(nodesToRead, out uniqueNodesReadAttributes);

Expand Down Expand Up @@ -3069,15 +3068,22 @@ protected static ServiceResult ValidateAccessRestrictions(OperationContext conte
bool encryptionRequired = (restrictions & AccessRestrictionType.EncryptionRequired) == AccessRestrictionType.EncryptionRequired;
bool signingRequired = (restrictions & AccessRestrictionType.SigningRequired) == AccessRestrictionType.SigningRequired;
bool sessionRequired = (restrictions & AccessRestrictionType.SessionRequired) == AccessRestrictionType.SessionRequired;
bool applyRestrictionsToBrowse = (restrictions & AccessRestrictionType.ApplyRestrictionsToBrowse) == AccessRestrictionType.ApplyRestrictionsToBrowse;

bool browseOperation = context.RequestType == RequestType.Browse ||
context.RequestType == RequestType.BrowseNext ||
context.RequestType == RequestType.TranslateBrowsePathsToNodeIds;

if ((encryptionRequired &&
context.ChannelContext.EndpointDescription.SecurityMode != MessageSecurityMode.SignAndEncrypt &&
context.ChannelContext.EndpointDescription.TransportProfileUri != Profiles.HttpsBinaryTransport) ||
context.ChannelContext.EndpointDescription.TransportProfileUri != Profiles.HttpsBinaryTransport &&
((applyRestrictionsToBrowse && browseOperation) || !browseOperation)) ||
(signingRequired &&
context.ChannelContext.EndpointDescription.SecurityMode != MessageSecurityMode.Sign &&
context.ChannelContext.EndpointDescription.SecurityMode != MessageSecurityMode.SignAndEncrypt &&
context.ChannelContext.EndpointDescription.TransportProfileUri != Profiles.HttpsBinaryTransport) ||
(sessionRequired && context.Session == null))
context.ChannelContext.EndpointDescription.TransportProfileUri != Profiles.HttpsBinaryTransport &&
((applyRestrictionsToBrowse && browseOperation) || !browseOperation)) ||
(sessionRequired && context.Session == null))
{
serviceResult = ServiceResult.Create(StatusCodes.BadSecurityModeInsufficient,
"Access restricted to nodeId {0} due to insufficient security mode.", nodeMetadata.NodeId);
Expand Down

0 comments on commit 49909c6

Please sign in to comment.