From 43aaac69a040880293ac90e9145520af06897e1f Mon Sep 17 00:00:00 2001 From: Gregor Reitzenstein Date: Fri, 23 Oct 2020 10:28:41 +0200 Subject: [PATCH] Update auth --- auth.capnp | 60 ++++++++++++++++++++++++++---------------------- connection.capnp | 2 +- 2 files changed, 33 insertions(+), 29 deletions(-) diff --git a/auth.capnp b/auth.capnp index 6eb4aec..0630b22 100644 --- a/auth.capnp +++ b/auth.capnp @@ -28,23 +28,22 @@ $Rust.parentModule("schema"); using CSharp = import "csharp.capnp"; $CSharp.namespace("FabAccessAPI.Schema"); -struct AuthMessage { - union { - mechanisms @0 :List(Text); - # Message sent by a server supplying the list of available mechanisms. +interface Authentication { + mechanisms @0 () -> ( mechs :List(Text) ); + # Get the list of mechanisms supported by the server - request @1 :Request; # Authentication initiation sent by the client. - challenge @2 :Data; # Challenge sent by the server to the client - response @3 :Data; # Response sent by the client to the server - outcome @4 :Outcome; # Final outcome sent by the server + start @1 ( request :Request ) -> ( response :Response ); + # Initiate an authentication exchange - abort @5 :Void; - # Abort the current exchange. This may be sent by both client and server - # at any point during the exchange. It MUST not be sent by a server - # after sending an outcome or by a client after receiving an outcome. - # A server receiving an abort after sending an outcome but before - # receiving any non-authentication message MUST respect the abort. - } + step @2 ( response :Data ) -> ( response :Response ); + # Respond to a challenge with more data + + abort @3 () -> (); + # Abort the current exchange. This may be sent by both client and server + # at any point during the exchange. It MUST not be sent by a server + # after sending an outcome or by a client after receiving an outcome. + # A server receiving an abort after sending an outcome but before + # receiving any non-authentication message MUST respect the abort. } struct Request { @@ -66,7 +65,7 @@ struct Request { } } -struct Outcome { +struct Response { enum Result { # Result code of the outcome successful @0; @@ -121,22 +120,27 @@ struct Outcome { # should notify the responsible system administrator. } - result @0 :Result; # Result code + union { + challence @0 :Data; + outcome :group { + result @1 :Result; # Result code - action @1 :Action; # Hints for the client how to proceed in case of an error + action @2 :Action; # Hints for the client how to proceed in case of an error - helpText @2 :Text; # Human-readable further information in case of an error + helpText @3 :Text; # Human-readable further information in case of an error - additionalData :union { - # Additional data that may be sent by the server to the client after a - # successful authentication exchange. + additionalData :union { + # Additional data that may be sent by the server to the client after a + # successful authentication exchange. - none @3 :Void; - # No additional data is being sent. This MUST be set on unsuccessful - # outcomes. + none @4 :Void; + # No additional data is being sent. This MUST be set on unsuccessful + # outcomes. - additional @4 :Data; - # Additional data may be any sequence of octets, including zero-length - # sequences and zero-value octets. + additional @5 :Data; + # Additional data may be any sequence of octets, including zero-length + # sequences and zero-value octets. + } + } } } diff --git a/connection.capnp b/connection.capnp index a3626f7..6a1adb9 100644 --- a/connection.capnp +++ b/connection.capnp @@ -38,7 +38,7 @@ struct Message { leave @1 :Leave; - auth @2 :Auth.AuthMessage; + auth @2 :Auth.Authentication; # Start an authenticaion exchange # TODO: RPC bootstrapping