Provide connection context in user authorization callback mechanism

Description

Provide context on the connection concerned in the S2OPC user authorization callback to compute access right for an operation on address space.

Detailed description

SOPC_UserAuthorization_Manager shall be configured in the server to manage user authorization access. This authorization manager calls the configured SOPC_UserAuthorization_AuthorizeOperation_Func callback for each access control operation on address space.

In order to compute access control rights it might be interesting to provide context on the connection that initiated the operation, indeed the new RolePermissions mechanism allow the use of criteria based on application identity and it should be available in the callback for similar criteria (application certificate thumbprint, application description).

Note: when using XML users configuration file, this is automatically configured to manage global access rights for configured users and this new parameter will be ignored.

Code version identification

2554226f

Security impact

No security impact

Implementation

Add const SOPC_CallContext* parameter to SOPC_UserAuthorization_AuthorizeOperation_Func and SOPC_UserAuthorization_IsAuthorizedOperation.
Provide the current SOPC_CallContext when calling SOPC_UserAuthorization_IsAuthorizedOperation from B model.
Add some context in the session and SOPC_CallContext:
- Client certificate thumbprint
- Client application description

Known limitations

N.A.

Edited Oct 29, 2025 by Vincent Monfort