You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I get the following messages:
aitor@aitor:~/opcpublisher/src$ ./publisher
[2024-05-14 11:30:30.735 (UTC+0200)] info/eventloop Starting the EventLoop
[2024-05-14 11:30:30.735 (UTC+0200)] warn/server AccessControl: Unconfigured AccessControl. Users have all permissions.
[2024-05-14 11:30:30.735 (UTC+0200)] info/server AccessControl: Anonymous login is enabled
[2024-05-14 11:30:30.735 (UTC+0200)] warn/server x509 Certificate Authentication configured, but no encrypting SecurityPolicy. This can leak credentials on the network.
[2024-05-14 11:30:30.821 (UTC+0200)] warn/userland ServerUrls already set. Overriding.
[2024-05-14 11:30:30.821 (UTC+0200)] warn/server AccessControl: Unconfigured AccessControl. Users have all permissions.
[2024-05-14 11:30:30.821 (UTC+0200)] info/server AccessControl: Anonymous login is enabled
[2024-05-14 11:30:30.821 (UTC+0200)] warn/server x509 Certificate Authentication configured, but no encrypting SecurityPolicy. This can leak credentials on the network.
[2024-05-14 11:30:30.821 (UTC+0200)] warn/server x509 Certificate Authentication configured, but no encrypting SecurityPolicy. This can leak credentials on the network.
[2024-05-14 11:30:30.821 (UTC+0200)] info/pubsub PubSubConnection ns=1;i=58192 | Connection created
[2024-05-14 11:30:30.821 (UTC+0200)] info/pubsub PubSubConnection ns=1;i=58192 | No ReaderGroups configured. Only validate the connection parameters instead of opening a receiving channel.
[2024-05-14 11:30:30.821 (UTC+0200)] info/network UDP 6 | New listen socket for "224.0.0.22" on port 4840
[2024-05-14 11:30:30.821 (UTC+0200)] warn/network UDP 6 | No network interface defined for multicast. That means the first suitable network interface is used.
[2024-05-14 11:30:30.822 (UTC+0200)] info/pubsub PubSubConnection ns=1;i=58192 | No WriterGroups configured. Only validate the connection parameters instead of opening a channel for sending.
[2024-05-14 11:30:30.822 (UTC+0200)] warn/network UDP 6 | No network interface defined for multicast. That means the first suitable network interface is used.
[2024-05-14 11:30:30.822 (UTC+0200)] info/network UDP 6 | Connection validated to "224.0.0.22" on port 4840
[2024-05-14 11:30:30.822 (UTC+0200)] info/pubsub PubSubConnection ns=1;i=58192 | State change: Disabled -> PreOperational
[2024-05-14 11:30:30.822 (UTC+0200)] info/pubsub PublishedDataset ns=1;i=54666 | DataSet created
[2024-05-14 11:30:30.823 (UTC+0200)] info/pubsub PubSubConnection ns=1;i=58192 | WriterGroup ns=1;i=54670 | WriterGroup created
[2024-05-14 11:30:30.823 (UTC+0200)] info/pubsub PubSubConnection ns=1;i=58192 | No ReaderGroups configured. Only validate the connection parameters instead of opening a receiving channel.
[2024-05-14 11:30:30.823 (UTC+0200)] info/network UDP 6 | New listen socket for "224.0.0.22" on port 4840
[2024-05-14 11:30:30.823 (UTC+0200)] warn/network UDP 6 | No network interface defined for multicast. That means the first suitable network interface is used.
[2024-05-14 11:30:30.823 (UTC+0200)] warn/network UDP 6 | No network interface defined for multicast. That means the first suitable network interface is used.
[2024-05-14 11:30:30.823 (UTC+0200)] info/network UDP 6 | New connection to "224.0.0.22" on port 4840
[2024-05-14 11:30:30.823 (UTC+0200)] info/pubsub PubSubConnection ns=1;i=58192 | State change: PreOperational -> Operational
[2024-05-14 11:30:30.823 (UTC+0200)] info/pubsub PubSubConnection ns=1;i=58192 | WriterGroup ns=1;i=54670 | State change: Disabled -> PreOperational
[2024-05-14 11:30:30.823 (UTC+0200)] warn/client skip verifying ApplicationURI for the SecurityPolicy http://opcfoundation.org/UA/SecurityPolicy#None
[2024-05-14 11:30:30.824 (UTC+0200)] info/network TCP 7 | Opening a connection to "localhost" on port 4840
[2024-05-14 11:30:30.824 (UTC+0200)] info/pubsub PubSubConnection ns=1;i=58192 | WriterGroup ns=1;i=54670 | DataSetWriter ns=1;i=54687 | Writer created
[2024-05-14 11:30:30.824 (UTC+0200)] info/pubsub PubSubConnection ns=1;i=58192 | WriterGroup ns=1;i=54670 | DataSetWriter ns=1;i=54687 | State change: Disabled -> PreOperational
[2024-05-14 11:30:30.824 (UTC+0200)] warn/server Maximum SecureChannels count not enough for the maximum Sessions count
[2024-05-14 11:30:30.824 (UTC+0200)] info/network TCP | Listening on all interfaces
[2024-05-14 11:30:30.825 (UTC+0200)] info/network TCP 8 | Creating listen socket for "0.0.0.0" (with local hostname "aitor") on port 4841
[2024-05-14 11:30:30.825 (UTC+0200)] info/server New DiscoveryUrl added: opc.tcp://aitor:4841
[2024-05-14 11:30:30.825 (UTC+0200)] info/network TCP 9 | Creating listen socket for "::" (with local hostname "aitor") on port 4841
[2024-05-14 11:30:30.826 (UTC+0200)] info/channel TCP 7 | SC 6 | SecureChannel opened with SecurityPolicy http://opcfoundation.org/UA/SecurityPolicy#None and a revised lifetime of 300.00s
[2024-05-14 11:30:30.826 (UTC+0200)] info/client Client Status: ChannelState: Open, SessionState: Closed, ConnectStatus: Good
[2024-05-14 11:30:30.826 (UTC+0200)] info/client The initially defined EndpointURL opc.tcp://localhost:4840 is valid for the server
[2024-05-14 11:30:30.828 (UTC+0200)] warn/client The server returned Endpoints with a different EndpointUrl opc.tcp://aitor:4840 than was used to initialize the connection: opc.tcp://localhost:4840. Some servers require a complete match of the EndpointUrl/DiscoveryUrl (including the path) to return all endpoints.
[2024-05-14 11:30:30.828 (UTC+0200)] info/client Rejecting endpoint 0: security mode doesn't match
UserTokenPolicy 0 en endpoint 1
tokenPolicy->tokenType: 1
tokenType actual: 0x5ca14d088910
tokenType esperado para ANONYMOUS: 0x5ca14d0888c8
tokenType esperado para USERNAME: 0x5ca14d088910
tokenType esperado para CERTIFICATE: 0x5ca14d088958
[2024-05-14 11:30:30.829 (UTC+0200)] info/client SecurityPolicy URI: http://opcfoundation.org/UA/SecurityPolicy#Basic256Sha256
[2024-05-14 11:30:30.829 (UTC+0200)] info/client Rejecting endpoint 2: security mode doesn't match
[2024-05-14 11:30:30.829 (UTC+0200)] info/client Rejecting endpoint 3: security policy doesn't match
[2024-05-14 11:30:30.829 (UTC+0200)] info/client Rejecting endpoint 4: security mode doesn't match
[2024-05-14 11:30:30.829 (UTC+0200)] info/client Rejecting endpoint 5: security policy doesn't match
[2024-05-14 11:30:30.829 (UTC+0200)] info/client Selected endpoint 1 in URL opc.tcp://localhost:4840 with SecurityMode SignAndEncrypt and SecurityPolicy http://opcfoundation.org/UA/SecurityPolicy#Basic256Sha256
[2024-05-14 11:30:30.829 (UTC+0200)] info/client Selected UserTokenPolicy open62541-username-policy-sign+encrypt#Basic256Sha256 with UserTokenType UserName and SecurityPolicy http://opcfoundation.org/UA/SecurityPolicy#Basic256Sha256
[2024-05-14 11:30:30.830 (UTC+0200)] info/channel TCP 7 | SC 6 | SecureChannel closed
[2024-05-14 11:30:30.830 (UTC+0200)] warn/client skip verifying ApplicationURI for the SecurityPolicy http://opcfoundation.org/UA/SecurityPolicy#None
[2024-05-14 11:30:30.830 (UTC+0200)] info/network TCP 10 | Opening a connection to "localhost" on port 4840
[2024-05-14 11:30:30.830 (UTC+0200)] info/network TCP 7 | Socket closed
[2024-05-14 11:30:30.940 (UTC+0200)] warn/userland No certificate store configured. Accepting the certificate.
[2024-05-14 11:30:30.985 (UTC+0200)] info/channel TCP 10 | SC 7 | SecureChannel opened with SecurityPolicy http://opcfoundation.org/UA/SecurityPolicy#Basic256Sha256 and a revised lifetime of 300.00s
[2024-05-14 11:30:31.000 (UTC+0200)] info/client Client Status: ChannelState: Open, SessionState: Closed, ConnectStatus: Good
[2024-05-14 11:30:31.057 (UTC+0200)] info/client Client Status: ChannelState: Open, SessionState: Created, ConnectStatus: Good
[2024-05-14 11:30:31.081 (UTC+0200)] info/client Received a ServiceFault response
[2024-05-14 11:30:31.081 (UTC+0200)] error/client Session cannot be activated with StatusCode BadUserAccessDenied. The client cannot recover from this, closing the connection.
[2024-05-14 11:30:31.081 (UTC+0200)] info/client Client Status: ChannelState: Closing, SessionState: Closed, ConnectStatus: BadUserAccessDenied
[2024-05-14 11:30:31.081 (UTC+0200)] error/client SKS Client: Failed to connect SKS server with error: BadUserAccessDenied
I can see that there is not defined a way to control if the username and password are the correct ones, since there isn't anything mentioning any kind of password in the server_pubsub_central_sks.c
I get the error that the user cannot access, and it is supposed that the example code should have worked.
Which could be the problem?
Logs (with UA_LOGLEVEL set as low as necessary) attached
Wireshark network dump attached
Self-contained code example attached
Critical issue
The text was updated successfully, but these errors were encountered:
aitor-garmen
changed the title
BadUserAccessDenied when connecting to the server in the implementation of the examples of pubsub sks.
BadUserAccessDenied when connecting to the server in the implementation of the examples of PubSub SKS
May 14, 2024
I get the following messages:
aitor@aitor:~/opcpublisher/src$ ./publisher
[2024-05-14 11:30:30.735 (UTC+0200)] info/eventloop Starting the EventLoop
[2024-05-14 11:30:30.735 (UTC+0200)] warn/server AccessControl: Unconfigured AccessControl. Users have all permissions.
[2024-05-14 11:30:30.735 (UTC+0200)] info/server AccessControl: Anonymous login is enabled
[2024-05-14 11:30:30.735 (UTC+0200)] warn/server x509 Certificate Authentication configured, but no encrypting SecurityPolicy. This can leak credentials on the network.
[2024-05-14 11:30:30.821 (UTC+0200)] warn/userland ServerUrls already set. Overriding.
[2024-05-14 11:30:30.821 (UTC+0200)] warn/server AccessControl: Unconfigured AccessControl. Users have all permissions.
[2024-05-14 11:30:30.821 (UTC+0200)] info/server AccessControl: Anonymous login is enabled
[2024-05-14 11:30:30.821 (UTC+0200)] warn/server x509 Certificate Authentication configured, but no encrypting SecurityPolicy. This can leak credentials on the network.
[2024-05-14 11:30:30.821 (UTC+0200)] warn/server x509 Certificate Authentication configured, but no encrypting SecurityPolicy. This can leak credentials on the network.
[2024-05-14 11:30:30.821 (UTC+0200)] info/pubsub PubSubConnection ns=1;i=58192 | Connection created
[2024-05-14 11:30:30.821 (UTC+0200)] info/pubsub PubSubConnection ns=1;i=58192 | No ReaderGroups configured. Only validate the connection parameters instead of opening a receiving channel.
[2024-05-14 11:30:30.821 (UTC+0200)] info/network UDP 6 | New listen socket for "224.0.0.22" on port 4840
[2024-05-14 11:30:30.821 (UTC+0200)] warn/network UDP 6 | No network interface defined for multicast. That means the first suitable network interface is used.
[2024-05-14 11:30:30.822 (UTC+0200)] info/pubsub PubSubConnection ns=1;i=58192 | No WriterGroups configured. Only validate the connection parameters instead of opening a channel for sending.
[2024-05-14 11:30:30.822 (UTC+0200)] warn/network UDP 6 | No network interface defined for multicast. That means the first suitable network interface is used.
[2024-05-14 11:30:30.822 (UTC+0200)] info/network UDP 6 | Connection validated to "224.0.0.22" on port 4840
[2024-05-14 11:30:30.822 (UTC+0200)] info/pubsub PubSubConnection ns=1;i=58192 | State change: Disabled -> PreOperational
[2024-05-14 11:30:30.822 (UTC+0200)] info/pubsub PublishedDataset ns=1;i=54666 | DataSet created
[2024-05-14 11:30:30.823 (UTC+0200)] info/pubsub PubSubConnection ns=1;i=58192 | WriterGroup ns=1;i=54670 | WriterGroup created
[2024-05-14 11:30:30.823 (UTC+0200)] info/pubsub PubSubConnection ns=1;i=58192 | No ReaderGroups configured. Only validate the connection parameters instead of opening a receiving channel.
[2024-05-14 11:30:30.823 (UTC+0200)] info/network UDP 6 | New listen socket for "224.0.0.22" on port 4840
[2024-05-14 11:30:30.823 (UTC+0200)] warn/network UDP 6 | No network interface defined for multicast. That means the first suitable network interface is used.
[2024-05-14 11:30:30.823 (UTC+0200)] warn/network UDP 6 | No network interface defined for multicast. That means the first suitable network interface is used.
[2024-05-14 11:30:30.823 (UTC+0200)] info/network UDP 6 | New connection to "224.0.0.22" on port 4840
[2024-05-14 11:30:30.823 (UTC+0200)] info/pubsub PubSubConnection ns=1;i=58192 | State change: PreOperational -> Operational
[2024-05-14 11:30:30.823 (UTC+0200)] info/pubsub PubSubConnection ns=1;i=58192 | WriterGroup ns=1;i=54670 | State change: Disabled -> PreOperational
[2024-05-14 11:30:30.823 (UTC+0200)] warn/client skip verifying ApplicationURI for the SecurityPolicy http://opcfoundation.org/UA/SecurityPolicy#None
[2024-05-14 11:30:30.824 (UTC+0200)] info/network TCP 7 | Opening a connection to "localhost" on port 4840
[2024-05-14 11:30:30.824 (UTC+0200)] info/pubsub PubSubConnection ns=1;i=58192 | WriterGroup ns=1;i=54670 | DataSetWriter ns=1;i=54687 | Writer created
[2024-05-14 11:30:30.824 (UTC+0200)] info/pubsub PubSubConnection ns=1;i=58192 | WriterGroup ns=1;i=54670 | DataSetWriter ns=1;i=54687 | State change: Disabled -> PreOperational
[2024-05-14 11:30:30.824 (UTC+0200)] warn/server Maximum SecureChannels count not enough for the maximum Sessions count
[2024-05-14 11:30:30.824 (UTC+0200)] info/network TCP | Listening on all interfaces
[2024-05-14 11:30:30.825 (UTC+0200)] info/network TCP 8 | Creating listen socket for "0.0.0.0" (with local hostname "aitor") on port 4841
[2024-05-14 11:30:30.825 (UTC+0200)] info/server New DiscoveryUrl added: opc.tcp://aitor:4841
[2024-05-14 11:30:30.825 (UTC+0200)] info/network TCP 9 | Creating listen socket for "::" (with local hostname "aitor") on port 4841
[2024-05-14 11:30:30.826 (UTC+0200)] info/channel TCP 7 | SC 6 | SecureChannel opened with SecurityPolicy http://opcfoundation.org/UA/SecurityPolicy#None and a revised lifetime of 300.00s
[2024-05-14 11:30:30.826 (UTC+0200)] info/client Client Status: ChannelState: Open, SessionState: Closed, ConnectStatus: Good
[2024-05-14 11:30:30.826 (UTC+0200)] info/client The initially defined EndpointURL opc.tcp://localhost:4840 is valid for the server
[2024-05-14 11:30:30.828 (UTC+0200)] warn/client The server returned Endpoints with a different EndpointUrl opc.tcp://aitor:4840 than was used to initialize the connection: opc.tcp://localhost:4840. Some servers require a complete match of the EndpointUrl/DiscoveryUrl (including the path) to return all endpoints.
[2024-05-14 11:30:30.828 (UTC+0200)] info/client Rejecting endpoint 0: security mode doesn't match
UserTokenPolicy 0 en endpoint 1
tokenPolicy->tokenType: 1
tokenType actual: 0x5ca14d088910
tokenType esperado para ANONYMOUS: 0x5ca14d0888c8
tokenType esperado para USERNAME: 0x5ca14d088910
tokenType esperado para CERTIFICATE: 0x5ca14d088958
[2024-05-14 11:30:30.829 (UTC+0200)] info/client SecurityPolicy URI: http://opcfoundation.org/UA/SecurityPolicy#Basic256Sha256
[2024-05-14 11:30:30.829 (UTC+0200)] info/client Rejecting endpoint 2: security mode doesn't match
[2024-05-14 11:30:30.829 (UTC+0200)] info/client Rejecting endpoint 3: security policy doesn't match
[2024-05-14 11:30:30.829 (UTC+0200)] info/client Rejecting endpoint 4: security mode doesn't match
[2024-05-14 11:30:30.829 (UTC+0200)] info/client Rejecting endpoint 5: security policy doesn't match
[2024-05-14 11:30:30.829 (UTC+0200)] info/client Selected endpoint 1 in URL opc.tcp://localhost:4840 with SecurityMode SignAndEncrypt and SecurityPolicy http://opcfoundation.org/UA/SecurityPolicy#Basic256Sha256
[2024-05-14 11:30:30.829 (UTC+0200)] info/client Selected UserTokenPolicy open62541-username-policy-sign+encrypt#Basic256Sha256 with UserTokenType UserName and SecurityPolicy http://opcfoundation.org/UA/SecurityPolicy#Basic256Sha256
[2024-05-14 11:30:30.830 (UTC+0200)] info/channel TCP 7 | SC 6 | SecureChannel closed
[2024-05-14 11:30:30.830 (UTC+0200)] warn/client skip verifying ApplicationURI for the SecurityPolicy http://opcfoundation.org/UA/SecurityPolicy#None
[2024-05-14 11:30:30.830 (UTC+0200)] info/network TCP 10 | Opening a connection to "localhost" on port 4840
[2024-05-14 11:30:30.830 (UTC+0200)] info/network TCP 7 | Socket closed
[2024-05-14 11:30:30.940 (UTC+0200)] warn/userland No certificate store configured. Accepting the certificate.
[2024-05-14 11:30:30.985 (UTC+0200)] info/channel TCP 10 | SC 7 | SecureChannel opened with SecurityPolicy http://opcfoundation.org/UA/SecurityPolicy#Basic256Sha256 and a revised lifetime of 300.00s
[2024-05-14 11:30:31.000 (UTC+0200)] info/client Client Status: ChannelState: Open, SessionState: Closed, ConnectStatus: Good
[2024-05-14 11:30:31.057 (UTC+0200)] info/client Client Status: ChannelState: Open, SessionState: Created, ConnectStatus: Good
[2024-05-14 11:30:31.081 (UTC+0200)] info/client Received a ServiceFault response
[2024-05-14 11:30:31.081 (UTC+0200)] error/client Session cannot be activated with StatusCode BadUserAccessDenied. The client cannot recover from this, closing the connection.
[2024-05-14 11:30:31.081 (UTC+0200)] info/client Client Status: ChannelState: Closing, SessionState: Closed, ConnectStatus: BadUserAccessDenied
[2024-05-14 11:30:31.081 (UTC+0200)] error/client SKS Client: Failed to connect SKS server with error: BadUserAccessDenied
I can see that there is not defined a way to control if the username and password are the correct ones, since there isn't anything mentioning any kind of password in the server_pubsub_central_sks.c
I get the error that the user cannot access, and it is supposed that the example code should have worked.
Which could be the problem?
Description
Background Information / Reproduction Steps
Used CMake options:
Checklist
Please provide the following information:
UA_LOGLEVEL
set as low as necessary) attachedThe text was updated successfully, but these errors were encountered: