Update auth

2025-03-12 14:51:42 +01:00 · 2020-10-23 10:28:41 +02:00 · 2020-10-23 10:28:41 +02:00 · 43aaac69a0
commit 43aaac69a0
parent 9fb856a4db
2 changed files with 33 additions and 29 deletions
--- a/auth.capnp
+++ b/auth.capnp
@ -28,24 +28,23 @@ $Rust.parentModule("schema");
 using CSharp = import "csharp.capnp";
 $CSharp.namespace("FabAccessAPI.Schema");

-struct AuthMessage {
-    union {
-        mechanisms @0 :List(Text);
-        # Message sent by a server supplying the list of available mechanisms.
+interface Authentication {
+    mechanisms @0 () -> ( mechs :List(Text) );
+    # Get the list of mechanisms supported by the server

-        request @1 :Request;    # Authentication initiation sent by the client.
-        challenge @2 :Data;     # Challenge sent by the server to the client
-        response @3 :Data;      # Response sent by the client to the server
-        outcome @4 :Outcome;    # Final outcome sent by the server
+    start @1 ( request :Request ) -> ( response :Response );
+    # Initiate an authentication exchange

-        abort @5 :Void;
+    step @2 ( response :Data ) -> ( response :Response );
+    # Respond to a challenge with more data
+
+    abort @3 () -> ();
    # Abort the current exchange. This may be sent by both client and server
    # at any point during the exchange. It MUST not be sent by a server
    # after sending an outcome or by a client after receiving an outcome.
    # A server receiving an abort after sending an outcome but before
    # receiving any non-authentication message MUST respect the abort.
 }
-}

 struct Request {
    mechanism @0 :Text; # The SASL mechanism name.
@ -66,7 +65,7 @@ struct Request {
    }
 }

-struct Outcome {
+struct Response {
    enum Result {
        # Result code of the outcome
        successful @0;
@ -121,22 +120,27 @@ struct Outcome {
        # should notify the responsible system administrator.
    }

-    result @0 :Result; # Result code
+    union {
+        challence @0 :Data;
+        outcome :group {
+            result @1 :Result; # Result code

-    action @1 :Action; # Hints for the client how to proceed in case of an error
+            action @2 :Action; # Hints for the client how to proceed in case of an error

-    helpText @2 :Text; # Human-readable further information in case of an error
+            helpText @3 :Text; # Human-readable further information in case of an error

            additionalData :union {
                # Additional data that may be sent by the server to the client after a
                # successful authentication exchange.

-        none @3 :Void;
+                none @4 :Void;
                # No additional data is being sent. This MUST be set on unsuccessful
                # outcomes.

-        additional @4 :Data;
+                additional @5 :Data;
                # Additional data may be any sequence of octets, including zero-length
                # sequences and zero-value octets.
            }
        }
+    }
+}
--- a/connection.capnp
+++ b/connection.capnp
@ -38,7 +38,7 @@ struct Message {

        leave @1 :Leave;

-        auth @2 :Auth.AuthMessage;
+        auth @2 :Auth.Authentication;
        # Start an authenticaion exchange

        # TODO: RPC bootstrapping