Catch SIGABRT, but not SIGUSR2.

[pwmd.git] / doc / COMMANDS

The server uses a protocol provided by libassuan to communicate with the
client. An OK response is returned when a command succeeds or ERR along with
an error code and description, if not. When a command requests data for
retrieval (e.g., GET) the output is prefixed with D then a single SPACE then
the actual data followed by a response. Read the libassuan docs for more info
about the protocol.


PROTOCOL COMMANDS
-----------------
OPEN <filename> [<key>]
    Opens <filename> using <key>. If the filename is not found on the
    file-system, then a new document will be created. If the file is found, it
    is looked for in the file cache for an existing key. When found and no key
    was specified, the cached key will be used for decryption (if encrypted).
    When not found, pinentry(1) will be used to retrieve the key (see OPTIONS
    below). You can also open a different file using the same connection. When
    using an empty or NULL key and you want to avoid the pinentry dialog, set
    PINENTRY to 0 (see OPTIONS below).


SAVE [<key>]
    Writes the XML document to disk. The file written to is the file that was
    opened using the OPEN command. If <key> is not specified then the
    currently cached key will be used. If the file is a new file or the file
    isn't found in the file cache, <key> will be used. If <key> is not
    specified then pinentry(1) will be used to retrieve the key (see OPTIONS
    below). If you want to use and empty key and want to avoid the pinentry
    dialog, set PINENTRY to 0 (see OPTIONS below).


ISCACHED <filename>
    An OK response is returned if the specified file is found in the file
    cache or ERR if not.


CLEARCACHE [<filename>]
    Clears a file cache entry. This will forget the timeout and key for all or
    the specified file. Always returns an OK response.


CACHETIMEOUT <seconds> <filename>
    Specify the number of seconds the specified file will be cached. -1 will
    keep the cache entry forever, 0 will require the key each time the OPEN or
    SAVE commands are used. Also see the "cache_timeout" configuration
    parameter. Returns ERR if the filename isn't cached or if the timeout is
    invalid. OK otherwise.


LIST [[!]element[<TAB>[!]element[...]]]
    If no element path is given then a list of root elements is returned with
    the data response. If given, then all reachable elements for the
    specified element path are returned. Each element in the path is prefixed
    with the literal '!' character when the element contains no "target"
    attribute (See THE TARGET ATTRIBUTE below).


REALPATH [!]element[<TAB>[!]element[...]]
    Resolves all "target" attributes of the specified element path and returns
    the result with a data response.


STORE [!]element[[<TAB>[!]element[...]]<TAB>[content]]
    Creates a new element tree or modifies the content of an existing element
    path. If only a single element is specified, a new root element is
    created. Otherwise, elements are TAB delimited and the content will be set
    to the last TAB delimited argument. If no content is specified after the
    last TAB then the content for the last specified element will be removed
    or empty if creating a new element.
    
    The only restriction of element names is that they not begin with a
    punctuation character (the literal '!' character is an exception) or digit
    and not contain any whitespace. There is no whitespace between the TAB
    delimited elements. It is recommended that the value be base 64 encoded to
    prevent XML and pwmd parsing errors.
    
    PWMD reads the element path from the client via the Assuan INQUIRE
    protocol response. The STORE command is sent by itself without arguments,
    then the server responds with INQUIRE. The client then sends the element
    path prefixed with a "D " data response. The element path may extend
    multiple lines but each must be prefixed with the data "D " response. When
    finished, the client sends "END" on an empty line. This is needed so an
    element path and value can be more than 1000 bytes long, the Assuan
    protocol line limit.


DELETE [!]element[<TAB>[!]element[...]]
    Removes an element tree from the specified element path.


GET [!]element[<TAB>[!]element[...]]
    Retrieves the content or text node of the specified element path. The data
    is returned with a data response.


ATTR SET|GET|DELETE|LIST [<attribute>] [!]<arg1> [!][arg2]
    ATTR SET attribute [!]element[<TAB>[!]element[...]] attribute_value
        Stores or updates an attribute value of an element path.

    ATTR DELETE attribute [!]element[<TAB>[!]element[...]]
        Removes an attribute from an element path.

    ATTR LIST [!]element[<TAB>[!]element[...]]
        Gets a list of attributes from an element path.

    ATTR GET attribute [!]element[<TAB>[!]element[...]]
        Gets the value of an attribute from an element path.

    The "name" attribute (case sensitive) cannot be removed with ATTR DELETE
    if the element path is the root element. Although it can be SET to change
    the root element name.

    Also see THE TARGET ATTRIBUTE below.


XPATH <expression>[<TAB>[value]]
    Evaluates an XPath expression. If no value argument is specified, it is
    assumed the expression is a request to return a result. Otherwise, the
    result is set to the value argument and the document is updated. If there
    is no value after the <TAB> character, the value is assumed to be empty
    and the document is updated.


IMPORT [!]element[<TAB>[!]element[...]] <content>
    Like the STORE command (an INQUIRE), but the content argument is raw XML
    data. The content is created as a child of the specified element path. If
    an element of the element path does not exist, it is created.

    Note that the new content must begin with an element node. Also note that
    an existing child node of the same element name as the root node of the
    imported content will be overwritten.


DUMP
    Shows the in memory XML document with indenting. To dump a specific
    element tree, use the XPATH command.


LOCK
    Locks the mutex associated with the opened file. This prevents other
    clients from sending commands to the same opened file until the client
    that sent this command either disconnects or sends the UNLOCK command.


UNLOCK
    Unlocks the mutex which was locked with the LOCK command.


GETPID
    Retrieves the process id of the server.


GETCONFIG [filename] <parameter>
    Returns the value of a pwmd configuration variable with a data response.
    If no file is open then the specified files value or the default ("global"
    section) will be returned. If there is no such parameter defined,
    GPG_ERR_NO_VALUE is returned.


VERSION
    Returns the server version number with a data response.


OPTION <NAME>=<VALUE>
    Sets an option NAME to VALUE. See OPTIONS below for available options.


BYE
    Closes the connection disconnecting the client. Unless the SAVE command
    had been sent, any changes to the document will be lost.


OPTIONS
-------
Commands that require a key that is neither cached nor specified will use
pinentry(1) to retrieve the key. Pinentry options can be set with the OPTION
command followed by the option name and value. Below are the available
pwmd options:

    NAME       VALUE      Description
    ---------|----------|----------------------------------------------------
    PINENTRY   0|1        When 0, disable use of pinentry. The default is 1.
    TIMEOUT    <integer>  The number of seconds before the pinentry process
                          will terminate while waiting for a passphrase. The
                          default is 20, 0 disables.
    PATH       <string>   Full path to the pinentry binary. The default is
                          specified at compile time.
    TTYNAME    <string>   Same as the --ttyname option to pinentry(1).
    TTYTYPE    <string>   Same as the --ttytype option to pinentry(1).
    DISPLAY    <string>   Same as the --display option to pinentry(1).
    TITLE      <string>   Sets the title string of the pinentry dialog.
    PROMPT     <string>   Sets the prompt string of the pinentry dialog.
    DESC       <string>   Sets the error or description string of the pinenry
    LC_CTYPE   <string>   Same as the --lc-ctype option to pinentry(1).
    LC_MESSAGES <string>  Same as the --lc-messages option to pinentry(1).
    ITERATIONS <integer>  The number of encryption iterations to do when the
                          SAVE command is sent. When set, the configured
                          value will be updated to this value for the opened
                          file, or the "global" default if no file has been
                          opened yet. When setting this option before opening
                          a file, this option is reset to the data files
                          setting after opening. The CONFIG status message is
                          sent after receiving this command.
    CLIENT     <string>   See below.

When pinentry is used with the SAVE command the passphrase will be asked for
confirmation. If the confirmation fails, the process is started over again
until either the passphrases match or until Cancel is selected. The OPEN
command will only ask for the passphrase once without retrying on failure. It
is up to the client to retry the OPEN command. Empty keys are allowed. To
prevent pinentry asking for an (empty) passphrase, set OPTION PINENTRY=0.

There is also a CLIENT option that contains other sub-options. The format is
OPTION CLIENT NAME=VALUE, where the option NAME is one of:

    NAME       VALUE      Description
    ---------|----------|----------------------------------------------------
    NAME      <string>   Associates the thread ID of the connection with the
                         specified textual representation. Useful for
                         debugging log messages.


STATUS MESSAGES
---------------
Some commands send a status message to the client when successful or as a
progress indicator. Status messages begin with a KEYWORD (see below) followed
by the status description. What messages are sent, when, and how often, depend
on configuration settings:

    COMMAND             KEYWORD
    --------------------------------
    <ALL>               LOCKED

    OPEN                DECRYPT
                        DECOMPRESS
                        CACHE

    SAVE                COMPRESS
                        ENCRYPT
                        CACHE

    CLEARCACHE          CACHE

    CACHETIMEOUT        CACHE


    KEYWORD             OUTPUT FORMAT
    ---------------------------------
    CACHE               <slots used>
                        Sent to each client after the file cache changes.
    ENCRYPT             <iterations so far> <total iterations>
    DECRYPT             <iterations so far> <total iterations>
    COMPRESS            <bytes so far> <total bytes>
    DECOMPRESS          <bytes so far> <total bytes>
    LOCKED              When another thread owns the file/key cache mutex
                        lock, this is sent at some interval and the thread
                        will block until the lock can be obtained.
    KEEPALIVE           Sent to each client after every configured amount of
                        seconds. This lets the client know that the connection
                        is still active for commands that take awhile to
                        complete.
    CONFIG              Sent to each client after the configuration file has
                        been reloaded or has had a value changed.
    CLIENTS             Sent to each client after a client connects or
                        disconnects.
 

THE TARGET ATTRIBUTE
--------------------
There is a special attribute "target" (case sensitive) that can be set with
ATTR SET. The value of this attribute is an element path that is located
somewhere else in the XML document and are alot like how XPath treats
entities, but is needed do to how pwmd commands are implemented. The syntax
is as follows:

ATTR SET target [!]element[<TAB>[!]element[..]] [!]element[<TAB>[!]element[..]]
                arg1^^^^^^^^^^^^^^^^^^^^^^^^^^^ arg2^^^^^^^^^^^^^^^^^^^^^^^^^^^

If the element path of the "target" attribute (arg1) doesn't exist, it is
created. This is the only time the ATTR command will create elements.

When a protocol command requests <arg1> as the element path, the remaining
elements after the element with the "target" attribute will be appended to
<arg2>. This is useful if you have elements that share the same data. If the
target is modified, the other elements "pointing" to the target will have the
same content. To get the real or literal element and ignore any "target"
attributes, prefix the element with a '!' character. Here's an example:

    C> STORE
    S> INQUIRE STORE
    C> D host1<TAB>username<TAB>original username
    C> END
    S> OK
    C> STORE
    S> INQUIRE STORE
    C> D host2<TAB>smtp<TAB>username<TAB>someuser
    C> END
    S> OK
    C> ATTR SET target host1<TAB>username host2<TAB>smtp<TAB>username
    S> OK

Now host1's "target" attribute will be used:

    C> GET host1<TAB>username
    S> D someuser
    S> OK

If you want host1's username, prefix the element of the "target" attribute
with a '!':

    C> GET host1<TAB>!username
    S> D original username
    S> OK

The target value (arg2) element can also have a "target" attribute:

    C> ATTR SET target new_account host1
    S> OK
    C> GET new_account<TAB>username
    S> D someuser
    S> OK

The value of the "target" attribute may also be prefixed with a '!' to set the
target to the actual element path and not a target of the element path:

    C> ATTR DELETE target !new_account
    S> OK
    C> ATTR SET target new_account<TAB>username host1<TAB>!username
    S> OK
    C> GET new_account<TAB>username
    S> D original username
    S> OK

The "target" attribute is considered for all commands that support an element
path. If the target element has been renamed or deleted afterwards, the
command will fail.

Clients should be careful of creating target loops. See the "recursion_depth"
configuration parameter for details.


XML DOCUMENT STRUCTURE
----------------------
When importing an XML data file with the -I command line option, the document
should have the following DTD:

    <?xml version="1.0"?>
    <!DOCTYPE pwmd [
    <!ELEMENT pwmd (root*)>
    <!ATTLIST root name CDATA #REQUIRED>
    ]>

The "pwmd" element is the document root node while the first element of an
element path specified in protocol commands use the "root" element. So if you
specify the command "LIST isp", "isp" is really a "root" element that has a
"name" attribute with the value "isp". Any following elements are children of
the "root" element:

    <pwmd>
        <root name="isp">
        [...]
        </root>
    </pwmd>

The remaining <TAB> delimited elements (e.g., "LIST isp<TAB>SMTP") are regular
elements and are not treated specially in the XML document.

The DUMP command might be useful to show the document structure.


DESIGN
------
The key cache is protected with a mutex and is locked with each access. Each
cache entry also contains a mutex for the opened file and a reference count
which is adjusted each time a client connects or disconnects. This allows
client A to issue commands that aren't related to the file opened by client B.
The refcount is needed to prevent the mutex being overwritten when the entry
needs to be reset (CACHETIMEOUT for example) and there are any clients
connected.

The client_thread() uses an event to wait for the client FD to become ready
for reading. When ready, it uses the libassuan external IO loop functions to
prevent blocking letting other threads do their work.

When a key is required for the OPEN or SAVE commands, and OPTION PINENTRY=1,
pinentry(1) is used to retrieve the key. This is done by creating a pipe()
with the client_thread(), then pth_fork()'s the pinentry process which will
write the key or error to the pipe that client_thread() will read from. After
the read, the pinentry will have exited and client_thread() calls the
finalization function for the original command.

           -------------       ---------------
           [server_loop]-_-_-_-[accept_thread]
           -------------       ---------------
       not joinable :                |
    ---------------------     ---------------
    [adjust_timer_thread]  |--[client_thread]<----------=====
    ---------------------  |  --------------- |   |    |    =
            ---------------|   | |     ---------  |    |    =
            |      ------------------  [command]  |    |    =
            |      [command finalize]  ---------  |    |    = pipe()
            |      ------------------    |   |    |    |    =
  -------------------                    |  ---------  |    =
  |client_msg_thread|                    |  [INQUIRE]  |    =
  -------------------                    |  ---------  |    =
                                         |    -----------   =
                                         |----[OPEN/SAVE]   = 
                                              -----------   =
                                                   : fork() =
                                               ----------   =
                                               [pinentry]====
                                               ----------

There is also a library libpwmd which makes it easy for applications to use
the server. It supports it's own key retrieval (for clients that need it) and
asynchronous interaction with pwmd. It also includes a command line client for
sending commands to pwmd.

The latest version of both pwmd and libpwmd can be obtained from
http://bjk.sourceforge.net/pwmd/. Feel free to send me any questions, bug
reports, patches or feature requests.

Ben Kibbey <bjk@luxsci.net>