Fixed showing the last iteration status message.

[pwmd.git] / COMMANDS

The data is stored in an AES-256-CBC encrypted XML file. A client connects to
the server and issues commands that manipulate the data. Through the use of
shared memory a file cache is created so passwords do not need to be issued
for each file each time a client connects.

The server uses a protocol provided by libassuan to communicate with a client.
An OK response is returned if a command succeeded or ERR along with an error
code, if not. When a command requests data for retrieval (i.e., GET) the
output is prefixed with D then a SPACE then the actual data followed by an OK
response. Read the libassuan docs for more info.

Protocol commands:

OPEN <filename> [<key>]
    Opens <filename> using <key>. If file is not found on the file-system, then
    a new document will be created. If the file is found, it is looked for in
    the file cache for an existing key. When found, the existing key will be
    used for decryption. If the cached key fails then the <key>, if specified,
    will be tried. When the command succeeds, a status message is sent with
    the keyword CACHE.


SAVE [<key>]
    Encrypts and writes any changes to the file to disk. If <key> is not
    specified then the currently cached key will be used. If the file is a new
    file or the file isn't found in the file cache, <key> is required.


ISCACHED <filename>
    A response code of OK will be returned if the specified file is in the
    file cache. If not in the cache or the file doesn't exist on the
    file-system or has a size of 0, an ERR response is returned.


CLEARCACHE [<filename>]
    Clears a file cache entry. This will forget the timeout and key for all or
    the specified file. When the command succeeds, a status message is sent
    with the keyword CACHE.


CACHETIMEOUT <seconds> <filename>
    Specify the number of seconds the specified file will be cached. -1 will
    keep the cache entry forever, 0 will require the key each time the OPEN or
    SAVE commands are used. When the command succeeds, a status message is
    sent with the keyword CACHE.


LIST [[!]element[<TAB>[!]element[...]]]
    If no element path is given then a list of root elements is returned with
    the data response code. If given, then the entire element tree for the
    specified element path is returned including elements with a "target"
    attribute. Each element in the path is prefixed with the literal '!'
    character when the element contains no "target" attribute.

    If only a single element is specified and without the literal '!' prefix,
    both the literal element tree and the element target (if any) tree will be
    shown.


REALPATH [!]element[<TAB>[!]element[...]]
    Resolves all "target" attributes of the specified element path and returns
    the result with a data response.


STORE [!]element[[<TAB>[!]element[...]]<TAB>[content]]
    PWMD reads the element path from the client via the Assuan INQUIRE
    protocol response. The STORE command is sent by itself without arguments,
    then the server responds with INQUIRE. The client then sends the element
    path prefixed by a 'D<space>' client response. When finished, the client
    sends 'END' on an empty line. This is needed so an element path and value
    can be more than 1000 bytes long.

    This command creates a new element tree or modifies the content of an
    existing element path. If only a single element is specified, a new
    element tree is created. Otherwise, elements are TAB delimited and the
    content will be set to the last TAB delimited argument. If no content is
    specified after the last TAB then the content for the last specified
    element will be removed or the content will be empty if creating a new
    element.
    
    The only restriction of element names is that they not begin with a
    punctuation character (the literal '!' character is an exception) or digit
    and not contain any whitespace. There is no whitespace between the TAB
    delimited elements. It is recommended that the value be base 64 encoded to
    prevent libXML and pwmd parsing errors.
    

DELETE [!]element[<TAB>[!]element[...]]
    Removes an element tree from the specified element path.


GET [!]element[<TAB>[!]element[...]]
    Retrieves the content of the specified element path. The data is returned
    with the data response code.


ATTR SET|GET|DELETE|LIST [<attribute>] [!]<arg1> [!][arg2]
    ATTR SET attribute [!]element[<TAB>[!]element[...]] attribute_value
        Stores or updates an attribute value to an element path.

    ATTR DELETE attribute [!]element[<TAB>[!]element[...]]
        Removes an attribute from an element path.

    ATTR LIST [!]element[<TAB>[!]element[...]]
        Gets a list of attributes from an element path.

    ATTR GET attribute [!]element[<TAB>[!]element[...]]
        Gets the value of an attribute from an element path.

    The "name" attribute (case sensitive) cannot be ATTR DELETE'd if the
    element path is only a single element. Although it can be ATTR SET to
    change the root element name.

    See THE TARGET ATTRIBUTE below.


DUMP
    Shows the in memory XML document. Hard to read unless you use pwmc
    included with libpwmd: echo dump | pwmc <filename>


GETCONFIG <parameter>
    Returns the value of a pwmd configuration variable with a data response.
    If no file is open then the default value will be returned. The 'key' and
    'key_file' variables are ignored.


BYE
    Closes the connection. Use the SAVE command before this command as any
    changes will be lost.


If a command fails then the ERR response is returned followed by a protocol
error code and description. See src/pwmd_error.h or libpwmd/libpwmd.h for
error codes.


THE TARGET ATTRIBUTE
--------------------
There is a special attribute "target" (case sensitive) that can be set with
ATTR SET. The value of this attribute is an element path somewhere else in the
document:

ATTR SET target [!]element[<TAB>[!]element[..]] [!]element[<TAB>[!]element[..]]
                   arg1^^^^^^^^^^^^^^^^^^^^^^^^    arg2^^^^^^^^^^^^^^^^^^^^^^^^

If the element path of the "target" attribute doesn't exist, it is created.
This is the only time the ATTR command will create elements.

When a protocol command requests <arg1> as the element path, the remaining
elements after the element with the "target" attribute will be appended to
<arg2>. This is useful if you have elements that share the same data. If the
target is modified, the other elements "pointing" to the target will have the
same content. To get the real or literal element and ignore any "target"
attributes, prefix an element with a '!' character. Here's an example:

    C> STORE
    S> INQUIRE STORE
    C> D host1<TAB>username<TAB>original username
    C> END
    S> OK
    C> STORE
    S> INQUIRE STORE
    C> D host2<TAB>smtp<TAB>username<TAB>someuser
    C> END
    S> OK
    C> ATTR SET target host1<TAB>username host2<TAB>smtp<TAB>username
    S> OK

Now host1's "target" attribute will be used:

    C> GET host1<TAB>username
    S> D someuser
    S> OK

If you want host1's username, prefix the element path of the GET (or other
command) element path with a '!':

    C> GET !host1<TAB>username
    S> D original username
    S> OK

The target value (<arg2>) element can also have a "target" attribute:

    C> ATTR SET target new_account host1
    S> OK
    C> GET new_account<TAB>username
    S> D someuser
    S> OK

The value of the "target" attribute may also be prefixed with a '!' to set the
target to the actual element path and not a target of the element path:

    C> ATTR DELETE target !new_account
    S> OK
    C> ATTR SET target new_account<TAB>username !host1<TAB>username
    S> OK
    C> GET new_account<TAB>username
    S> D original username
    S> OK

If the target element has been renamed or deleted afterwards, the command will
fail.

Client's should be careful of creating target loops (a target that references
itself). There's no way to break out of it unless the client disconnects or
until memory runs out.


Questions, bugs or feature requests can be sent to Ben Kibbey
<bjk@luxsci.net>.