2021-02-01 23:23:12 +01:00
|
|
|
@0xb9cffd29ac983e9f;
|
2020-04-23 12:52:32 +02:00
|
|
|
|
2021-02-01 23:23:12 +01:00
|
|
|
using CSharp = import "programming_language/csharp.capnp";
|
2020-10-19 01:52:15 +02:00
|
|
|
$CSharp.namespace("FabAccessAPI.Schema");
|
|
|
|
|
|
2021-09-23 22:33:56 +02:00
|
|
|
using L10NString = import "utils.capnp".L10NString;
|
2021-10-01 20:06:06 +02:00
|
|
|
using Session = import "main.capnp".Session;
|
2020-04-23 12:52:32 +02:00
|
|
|
|
2020-10-23 10:28:41 +02:00
|
|
|
struct Response {
|
2021-10-18 11:29:25 +02:00
|
|
|
enum Reason {
|
2021-09-23 22:33:56 +02:00
|
|
|
aborted @0;
|
|
|
|
|
# This authentication exchange was aborted by either side.
|
2020-04-23 12:52:32 +02:00
|
|
|
|
2020-05-27 15:43:06 +02:00
|
|
|
badMechanism @1;
|
|
|
|
|
# The server does not support this mechanism in this context.
|
|
|
|
|
|
|
|
|
|
unwilling @2;
|
2021-09-23 22:33:56 +02:00
|
|
|
# Generic "I'm sorry dave, I can't do that" response. MAY be set for any reason, all reasons
|
|
|
|
|
# or no reason at all. This code will for example be used if a client is being rate limited.
|
|
|
|
|
# A server SHOULD set the `action` and `description` fields as appropiate.
|
2020-04-23 12:52:32 +02:00
|
|
|
# This code SHOULD only be sent if no other value is more fitting.
|
|
|
|
|
|
2020-05-27 15:43:06 +02:00
|
|
|
invalidCredentials @3;
|
2021-09-23 22:33:56 +02:00
|
|
|
# The exchange was valid, but the provided credentials are invalid. This may mean that the
|
|
|
|
|
# authcid is not known to the server or that the password/certificate/key/ticket/etc is not
|
|
|
|
|
# correct.
|
2020-04-23 12:52:32 +02:00
|
|
|
|
2020-05-27 15:43:06 +02:00
|
|
|
unauthorized @4;
|
2021-09-23 22:33:56 +02:00
|
|
|
# The given authcid is not authorized to act as the requested authzid. This MAY also be
|
|
|
|
|
# returned for the cases `authzid == NULL` or `authzid == authcid`, for example because
|
|
|
|
|
# login is disabled for that authcid.
|
2020-04-23 12:52:32 +02:00
|
|
|
|
2022-11-01 11:03:26 +01:00
|
|
|
failed @5;
|
2021-09-23 22:33:56 +02:00
|
|
|
# A generic failed result. A server sending this result MUST set the `action` field to
|
|
|
|
|
# indicate whether this is a temporary or permanent failure and SHOULD set `description` to
|
|
|
|
|
# a human-readable error message.
|
2020-04-23 12:52:32 +02:00
|
|
|
}
|
|
|
|
|
enum Action {
|
|
|
|
|
# In case of a unsuccessful outcome, how should a client proceed?
|
|
|
|
|
|
|
|
|
|
unset @0;
|
2021-09-23 22:33:56 +02:00
|
|
|
# The server doesn't know either. A client SHOULD treat this either as as `retry` or as
|
|
|
|
|
# `wait`.
|
2020-04-23 12:52:32 +02:00
|
|
|
|
2020-05-11 16:20:02 +02:00
|
|
|
retry @1;
|
2021-09-23 22:33:56 +02:00
|
|
|
# A client SHOULD try again, depending on the `Error` after prompting the user for their
|
|
|
|
|
# credentials once more.
|
2020-04-23 12:52:32 +02:00
|
|
|
|
|
|
|
|
wait @2;
|
2021-09-23 22:33:56 +02:00
|
|
|
# The client SHOULD wait and retry after a grace period. A client MUST wait at least 500ms
|
|
|
|
|
# and SHOULD implement exponential backoff up to no less than 64s.
|
|
|
|
|
# This MAY mean that whatever failure happened was temporary or the server is applying
|
2020-04-23 12:52:32 +02:00
|
|
|
# rate-limiting to the connection.
|
|
|
|
|
|
|
|
|
|
permanent @3;
|
2021-09-23 22:33:56 +02:00
|
|
|
# The issue appears to the server as being permanent. Another try is very likely to return
|
|
|
|
|
# the exact same result. In most cases the user should notify the responsible system
|
|
|
|
|
# administrator. A client SHOULD NOT try to authenticate to the server again until the user
|
|
|
|
|
# manually indicates a retry.
|
2020-04-23 12:52:32 +02:00
|
|
|
}
|
|
|
|
|
|
2020-10-23 10:28:41 +02:00
|
|
|
union {
|
2021-09-23 22:33:56 +02:00
|
|
|
error :group {
|
|
|
|
|
# Some kind of error happened. This in the first entry in the union because it is the
|
|
|
|
|
# default set value meaning if a server fails to set any of the values, indicating some
|
|
|
|
|
# pretty severe server bugs, it is parsed as an "aborted" error.
|
|
|
|
|
|
2021-10-18 11:29:25 +02:00
|
|
|
reason @0 :Reason;
|
2021-09-23 22:33:56 +02:00
|
|
|
action @1 :Action;
|
|
|
|
|
description @2 :L10NString;
|
|
|
|
|
# A human-readable error description that is designed to be shown to the user in case of
|
|
|
|
|
# failure. Clients MAY NOT display this message if they understand the error e.g. for
|
|
|
|
|
# the error/action "invalidCredentials/retry".
|
|
|
|
|
}
|
|
|
|
|
challenge @3 :Data;
|
|
|
|
|
# The data provided so far is not enough to authenticate the user. The data MAY be a
|
|
|
|
|
# NULL-ptr or a non-NULL list ptr of zero bytes which clients MUST pass to their SASL
|
|
|
|
|
# implementation as "no data" and "some data of zero length" respectively.
|
|
|
|
|
successful :group {
|
|
|
|
|
# The exchange was successful and a new session has been created for the authzid that
|
|
|
|
|
# was established by the SASL exchange.
|
|
|
|
|
|
|
|
|
|
session @4 :Session;
|
2021-09-23 23:02:04 +02:00
|
|
|
# The session that was created. It grants access to all capabilities the connecting
|
|
|
|
|
# party has permissions for.
|
|
|
|
|
|
2021-09-23 22:33:56 +02:00
|
|
|
additionalData @5 :Data;
|
|
|
|
|
# SASL may send additional data with the successful result. This MAY be a NULL-ptr or a
|
|
|
|
|
# non-NULL list ptr of zero bytes which clients MUST pass to their SASL implementation
|
|
|
|
|
# as "no additional data" and "some additional data of zero length" respectively.
|
2020-10-23 10:28:41 +02:00
|
|
|
}
|
2020-04-23 12:52:32 +02:00
|
|
|
}
|
|
|
|
|
}
|
2021-09-23 22:33:56 +02:00
|
|
|
|
|
|
|
|
interface Authentication {
|
2021-10-02 12:18:28 +02:00
|
|
|
step @0 ( data :Data ) -> Response;
|
2021-09-23 22:33:56 +02:00
|
|
|
# Respond to a challenge with more data. A client MUST NOT call this after having received an
|
|
|
|
|
# "successful" response.
|
|
|
|
|
|
|
|
|
|
abort @1 () -> ();
|
|
|
|
|
# Abort the current exchange. This will invalidate the Authentication making all further calls
|
|
|
|
|
# to `step` return an error response. A client MUST NOT call this function after
|
|
|
|
|
# having received an "successful" response.
|
|
|
|
|
# A server will indicate that they have aborted an authentication exchange by replying with an
|
|
|
|
|
# "aborted" Error to the next `step` call. A server SHOULD directly terminate the underlying stream
|
|
|
|
|
# after sending this response. The server MAY after a short grace period terminate the stream
|
|
|
|
|
# without sending a response if no call to `step` was received by the client.
|
|
|
|
|
}
|
