diff --git a/build.rs b/build.rs index 6394643..52ba140 100644 --- a/build.rs +++ b/build.rs @@ -1,4 +1,5 @@ fn main() { + ::capnpc::CompilerCommand::new().file("schema/connection.capnp").run().unwrap(); ::capnpc::CompilerCommand::new().file("schema/api.capnp").run().unwrap(); ::capnpc::CompilerCommand::new().file("schema/auth.capnp").run().unwrap(); } diff --git a/connection-state.dot b/connection-state.dot new file mode 100644 index 0000000..5806f85 --- /dev/null +++ b/connection-state.dot @@ -0,0 +1,34 @@ +strict digraph connection { + Establish [label="TCP/SCTP connection established"]; + Closed [label="TCP/SCTP connection closed"]; + + Establish -> Open [label=open]; + + Open -> Closed [label=close]; + + Open -> SASL [label=auth]; + SASL -> SASL [label=step]; + // Authentication fails + SASL -> Closed [label=fails]; + // Authentication succeeds + SASL -> Authenticated [label=successful]; + + Open -> STARTTLS [label=starttls]; + // TLS wrapping succeeds + STARTTLS -> Encrypted [label=successful]; + // TLS wrapping fails + STARTTLS -> Closed [label=fails]; + + Authenticated -> SASL_TLS [label=starttls]; + SASL_TLS -> Closed [label=fails]; + SASL_TLS -> AuthEnc [label=successful]; + + Encrypted -> TLS_SASL [label=auth]; + TLS_SASL -> TLS_SASL [label=step]; + TLS_SASL -> Closed [label=fails]; + TLS_SASL -> AuthEnc [label=successful]; + + // Only authenticated connections may open RPC. For "unauth", use the `Anonymous` SASL method. + AuthEnc -> RPC [label=bootstrap]; + Authenticated -> RPC [label=bootstrap]; +} diff --git a/schema b/schema index 16a4aba..120ee4e 160000 --- a/schema +++ b/schema @@ -1 +1 @@ -Subproject commit 16a4aba76abc2667cce80d2937ca923bce225817 +Subproject commit 120ee4ea804a2da703a61f2a7e0d011a69140aa4 diff --git a/src/connection.rs b/src/connection.rs new file mode 100644 index 0000000..af15a73 --- /dev/null +++ b/src/connection.rs @@ -0,0 +1,4 @@ +pub mod gen { + include!(concat!(env!("OUT_DIR"), "/schema/connection_capnp.rs")); +} + diff --git a/src/main.rs b/src/main.rs index 89503fa..4c4ec23 100644 --- a/src/main.rs +++ b/src/main.rs @@ -12,6 +12,7 @@ mod api; mod config; mod error; mod machine; +mod connection; use signal_hook::iterator::Signals; @@ -43,6 +44,7 @@ use error::Error; // `crate::_capnp` hierarchy. use api::gen as api_capnp; use auth::gen as auth_capnp; +use connection::gen as connection_capnp; // Returning a `Result` from `main` allows us to use the `?` shorthand. // In the case of an Err it will be printed using `fmt::Debug`