geos_one/archie
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
d896ff745c
archie/prospero/doc/protocol.tex
Mario Fetka d71d446104 Intial commit
2024-05-27 16:13:40 +02:00

2448 lines
103 KiB
TeX
Raw Blame History

% If you somehow got this file without fullpage.sty, delete
% ``fullpage'' from the list of style options. It just pulls out the
% margins a bit.
\documentstyle[11pt,twoside,fullpage]{report}
% New commands
%-------------
% for meta-symbols
\newcommand{\meta}[1]{{\bf \mbox{\(<\)#1\(>\)}}}
% for literal tokens.
\newcommand{\lit}[1]{{\tt \mbox{#1}}}
%for attributes
\newcommand{\atr}[1]{\mbox{\sc #1}}
% for identifying text
\newcommand{\text}[1]{{\em #1}\/}
% Start and end of One or More
\newcommand{\ooms}{\([\,\)}
\newcommand{\oome}{\(\,]^+\)}
% start and end of zero or more
\newcommand{\zoms}{\([\,\)}
\newcommand{\zome}{\(\,]^*\)}
% Start and end of zero or one
\newcommand{\zoos}{\([\,\)}
\newcommand{\zooe}{\(\,]\)}
% start an OR
\newcommand{\ors}{{\bf (\,}}
\newcommand{\ore}{{\bf \,) }}
\newcommand{\metaor}{{\em \,or\, }}
\newcommand{\hexnum}[1]{\(\mbox{#1}_{16}\)}
\newcommand{\unix}{{\sc unix}}
\newcommand{\selectlines}{\zoms\meta{LF} \\ \lit{SELECT} \meta{applies-to}
\ors\lit{FIELD} \metaor \lit{INTRINSIC}
\metaor \lit{APPLICATION}\ore \meta{attribute-name}
\meta{attribute-value-type}\ore
\zoms\meta{value-tuple-element}\zome\zome}
\newenvironment{command}{\begin{verse}\sloppy}{\end{verse}}
\newcommand{\commandsize}{\large}
%\newtheorem{example}{Example}
% Uncomment this for almost-double spacing
%\renewcommand{\baselinestretch}{1.7}
%\newcommand{\hozline}{\rule{\textwidth}{0.3mm}}
%\newcommand{\hozline}{\makebox[\textwidth]{\hrulefill}}
%\newcommand{\bex}{\begin{example} \begin{rm}}
%\newcommand{\eex}{$\Box$ \end{rm} \end{example}}
%\newcommand{\cbs}{\chgbarbegin}
%\newcommand{\cbe}{\chgbarend}
%\newcommand{\cbs}{}
%\newcommand{\cbe}{}
%\newcommand{\ptag}{\begin{flushright} {\rm ($P$)} \end{flushright} }
\begin{document}
\pagenumbering{arabic}
\pagestyle{plain}
\renewcommand{\thepage}{\arabic{page}}
%\title{The Prospero Protocol, version 5\thanks{
% This research was supported in part by the National Science
% Foundation (Grant No. CCR-8619663), the Washington Technology Center,
% Digital Equipment Corporation, and the Defense Advanced Research
% Projects Agency under NASA Cooperative Agreement NCC-2-539}
%}
%
%\author{B. Clifford Neuman\thanks{
% To Contact the Authors: \protect\\
%Electronic Mail: \protect\mbox{\protect\verb"info-prospero@isi.edu"} \\
% Telephone: +1 (310) 822-1511 \protect\\
% Mail: USC Information Sciences Institute \\
% 4676 Admiralty Way \\
% Marina del Rey, California 90292--6695 U.S.A. }
% \and Steven Seger Augart
%\and Information Sciences Institute \\
% University of Southern California
%}
%%
%%
%\date{
%\maketitle
\begin{titlepage}
\renewcommand{\thefootnote}{}
\footnotetext{\hspace*{-21pt}
Digital copies of the latest revision of this document may be obtained
through Prospero as
\mbox{\verb"/papers/subjects/operating-systems/prospero/doc/protocol.PS.Z"},
in the \mbox{\tt \#/INET/EDU/ISI/swa} virtual system, or through
Anonymous FTP from \mbox{\tt PROSPERO.ISI.EDU} as
\mbox{\verb"/pub/prospero/doc/prospero-protocol.PS.Z"}
}
\footnotetext{\hspace*{-21pt}
This work was supported in part by the National Science
Foundation (Grant No. CCR-8619663), the Washington Technology Center,
Digital Equipment Corporation, and the Defense Advance Research
Projects Agency under NASA Cooperative Agreement NCC-2-539.
The views and conclusions contained in
this document are those of the authors and should not be interpreted as
representing the official policies, either expressed or implied, of
any of the funding agencies.
The authors may be reached
at USC/ISI, 4676 Admiralty Way, Marina del Rey, California\ \ 90292-6695, USA.
Telephone +1 (310) 822-1511, email \mbox{\verb"info-prospero@isi.edu"}. }
\renewcommand{\thefootnote}{\arabic{footnote}}
\vspace*{\fill}
\begin{center}
\LARGE The Prospero Protocol\\
\Large Version 5\\
\vskip 1.5em
{\large Draft of 12 June 1993} \\
{\large Document Revision No. 0.3} \\
\end{center}
\vspace{.5in}
\Large \hspace*{\fill} B. Clifford Neuman
%\footnotetext{\hspace*{-18pt}
% To Contact the Authors: \\
% Electronic Mail: \mbox{\verb"info-prospero@isi.edu"} \\
% Telephone: +1 (310) 822-1511 \\
% Mail: USC Information Sciences Institute, 4676 Admiralty Way,
% Marina del Rey, California 90292--6695\ \ U.S.A.
%}
\hfill Steven Seger Augart \hspace*{\fill} \\
\vspace{.2in}
\begin{center}
\Large Information Sciences Institute \\
University of Southern California
\end{center}
\vspace*{1.2in}
\vspace*{\fill}
\end{titlepage}
\tableofcontents
\chapter{Introduction}
This document describes version 5 of the Prospero protocol.
Communication with directory servers uses a reliable delivery protocol
described in Appendix~\ref{ardp}.
Requests and responses are human readable commands and multiple
commands may be sent in a single message.
Prospero is implemented on top of a message-based protocol to reduce the
overhead that would otherwise be incurred when establishing
connections to multiple directory servers. The decision to use a
message protocol directly, instead of through a higher level
mechanism such as remote procedure call, was made for reasons of
portability. We did not want Prospero to depend on another protocol,
software package, or other resource, unless that resource was almost
universally supported by every computer on the Internet.
The use of humanly readable commands in the protocol has several
advantages. It eliminates problems with byte ordering, and it makes
future changes or additions to the protocol easier to incorporate
while maintaining compatibility across versions; new commands or
additional options to existing commands can be easily added.
The ability to request multiple operations in a single message
improves performance, and it provides a simple way to request that a
collection of operations (on a single server) be performed atomically.
The concept of an ``attribute'' appears frequently in the following
command description. For a discussion of attributes, read
appendix~\ref{db} of this document.
\section{Additional Documents}
The Prospero documentation series will include the following:
\begin{description}
\item[Prospero Protocol Specification] You're reading it. Right now,
this is the most current document we have, but it will eventually be
re-targeted towards a more specialized audience when the other guides
in the series are written and revised.
\item[Prospero System User's Guide] This will describe the general
features of the Prospero system that will be common to almost all user
interfaces, such as ACL types and filters.
\item[Prospero Command-Line Client User's Guide] Describes the
command-line client package; this is the client that's been shipped
with all Prospero releases.
\item[Prospero Gopher Client User's Guide] This describes the
Gopher menu-based client package, which is in progress.
%\item[Prospero World-Wide Web Client User's Guide] This describes the
%World-Wide Web hypertext client package, which hasn't yet been written
%but is going to be done Real Soon Now.
\item[Prospero Programmer's Manual] This describes the \lit{pfs}
and \lit{pcompat} libraries, which Prospero applications programmers
use to interface with Prospero.
\end{description}
\chapter{Command Introduction}
\section{Spaces, quoting, and line-feeds}
Prospero messages are divided into lines. Lines are divided into
tokens. Commands and lines sent in response are separated by an
unquoted {\sc ASCII} \meta{LF} character.
Within a line, tokens are separated by unquoted horizontal whitespace
(one or more {\sc ASCII} spaces and/or tabs). Client and server
implementations are not required to accept lines which begin or end
with horizontal whitespace, but are encouraged to do so. Similarly,
implementations are encouraged to accept \meta{CR} or
\meta{CR}\meta{LF} as alternative acceptable line terminators, but are
not required to do so.
% ``Be conservative in what you send, generous
%in what you accept.'' (J. Postel)
Special characters within a command token, or null tokens, can be
quoted using single quotes (\lit{'}).
While inside quotes, a quote can be included by doubling it. The only
character that cannot be quoted is the ASCII null character
(character code zero; \verb"'\0'" for C programmers). This is really
a limitation of the server implementation, which passes Prospero
packets, commands, and tokens around internally as null-terminated
C strings.\footnote{If you wish to send binary data around, we
recommend that you
encode it into a null-less form using the \lit{pfs} library's
\lit{binencode()} and \lit{bindecode()} routines.}
Any token may be quoted (although most will not need quoting), except
for literal command tokens (\lit{VERSION}, \lit{ID}, etc.).
Also, the \meta{multi-component} token uses the quoting system in a
special way --- see the \lit{LIST} command for details.
\section{Options}
Many Prospero Protocol commands take options. If multiple options are
to be specified for a single command, the options are separated by a
``\lit{+}''. If no options are specified, then the null string should be
sent to indicate this. The null string will need to be quoted, like
so: \lit{'{}'}
\section{Metasyntax}
In this document, we will use some meta-syntactic features to describe
commands. Literal tokens (such as \lit{LITERAL-TOKEN}) appear in a
typewriter font. Non-terminals look like this: \meta{non-terminal}.
The line-feed, carriage-return, and space characters are represented
as \meta{LF}, \meta{CR}, and \meta{SPC}, respectively. Alternation
(choice among two or more possibilities) looks like:
\ors\meta{option1} \metaor \meta{option2} \ore
We also use
the following meta-syntactic constructs:
%\begin{table}[htb]
\begin{center}
\begin{tabular}{|c|c|l|} \hline
\multicolumn{3}{|c|}{Metasyntax used to describe commands} \\ \hline
Start & End & \multicolumn{1}{c|}{Meaning} \\ \hline
[ & ] & One or zero repetitions. \\ \hline
[ & \(]^*\) & Zero or more repetitions. \\ \hline
[ & \(]^+\) & One repetition or more. \\ \hline
\end{tabular}
\end{center}
%\end{table}
\section{Objects}
A Prospero object is anything to which a normal link (\meta{link-type} =
\lit{L}) can be made, except for \lit{EXTERNAL} objects.
\subsection{Base Type\label{base type}}
Every Prospero object has one or more base types associated with it.
All Prospero objects have a base type of OBJECT. This means that they
can have attributes attached to them. In addition, objects with a base
type of FILE can store data, and objects with a base type of DIRECTORY
can store directory information.
\begin{sloppypar}
The base type of a Prospero object is accessible
through the \atr{base-type} intrinsic attribute. The primitive
value for \atr{base-type} is \lit{OBJECT}. If an object's
\atr{base-type} attribute has a value of %\linebreak[3]
\lit{OBJECT+FILE+DIRECTORY},
then the object can have attributes attached to it, can contain data,
and can contain links. As a shorthand, since all objects have
\lit{OBJECT} as one of their base types, an object with more than one
base type can have the \lit{OBJECT} implied, so that the \atr{base-type}
value \lit{OBJECT+FILE+DIRECTORY} is equivalent to the value
\lit{FILE+DIRECTORY} and the value \lit{FILE} is equivalent to the
value \lit{FILE+OBJECT}. The order of values in the \atr{base-type}
attribute is unimportant, so \lit{DIRECTORY+FILE} is equivalent to
\lit{FILE+DIRECTORY}.
\end{sloppypar}
In the rest of this document, when
we say ``directory,'', we mean ``an object which has
\lit{DIRECTORY} as part of its \atr{base-type}.'' When we say ``file,''
we mean ``an object which has \lit{FILE} as part of its \atr{base-type}.''
One may use \lit{EDIT-OBJECT-INFO} to edit the \atr{base-type}
attribute to remove the \lit{FILE} type from it only if the file is
empty (zero length), and one may remove the \lit{DIRECTORY} type from
it only if the directory is empty (contains no links). To add a type
to the \atr{base-type}, one must use the \lit{ADD} option to
\lit{CREATE-OBJECT}.
\subsection{Host-Specific Object Names ({\sc hsoname}s)}
Every Prospero object has an
\meta{hsoname}. {\sc hsoname}s are not guaranteed to be unique across time; if
an object is deleted,
a new
object may be created that re-uses the old object's handle. However,
at any particular moment, two Prospero objects on the same server are
guaranteed to have unique hsonames, unless they are different versions
of the same object (i.e., unless their \atr{version-number} fields are
different.)
Two objects on different servers might have identical
hsonames.
In the current server implementation, the \meta{hsoname-type} is always
\lit{ASCII} and the \meta{hsoname} is almost always a full
(i.e., starting with a slash (\lit{/})) \unix\
filesystem pathname. See appendix~\ref{conventions} for more
discussion of this.
The \meta{hsoname-type} token exists because some special
filesystems may have non-\lit{ASCII} \meta{hsoname}s.
\subsection{Versions\label{object version numbers}}
We intend to allow versioned objects. All objects, including
directories, have a
\atr{version-number} field. In the current server
implementation, the \atr{version-number} field is always zero, which means
``unversioned''. It need not be in future server implementations.
In commands and responses, providing a zero value for the
\meta{object-version} token means to retrieve the current version of
the object. Specifying explicit values means that a particular
version of the object is required. Explicit object version numbers
(when they are established) will always be positive integers.
\subsection{Object \lit{ID} fields}
The \lit{ID} field is a unique (or nearly unique)
identifier for an object. If the underlying object changes (such as
by editing), then some types of \lit{ID}s will change and
others will not. If two
objects have the same \lit{ID}, then they are considered by Prospero
to be the same object. This is useful for distinguishing between two
cases: (a) two
links which happen to have the same \meta{name-component} but
different storage locations (a different host and handle pair), and which
do not actually represent the same object, and (b) two links which have the
same \meta{name-component} and same \lit{ID}, but possibly different storage
locations --- in case (b), the objects are replicas and the client
should access whichever one it
chooses to. (Code is currently under development to enable
servers to return a list of replicas in order of nearness to
the client.) Two links with the same \meta{name-component} and no
\lit{ID} specification are considered by Prospero to be different
objects, not replicas of one another.
A problem with the \lit{ID} field is that there is not an accepted
standard for universal document identifiers. An IETF working group has
been formed to consider such identifiers, and the \lit{ID}
field exists in anticipation of their eventual agreement upon a standard.
We expect that there will be more than one type of universal document
identifier; therefore, there will be more than one \meta{id-type}.
Prospero supports objects with several possible \lit{ID}s.%
\footnote{This will go into the user's manual when we revise it. The
user-level names for two links distinguished only by their \lit{ID}
fields are:
\begin{command}
\ors\meta{name-component}\lit{\#}\lit{\#}\(\mbox{\meta{id-type}}_1\)\lit{\#}\(\mbox{\meta{id-value-token}}_{1,1}\)\lit{\#}\(\mbox{\meta{id-value-token}}_{1,2}\)\ldots % permit a line break here
\lit{\#}\lit{\#}\(\mbox{\meta{id-type}}_2\)\lit{\#}\(\mbox{\meta{id-value-token}}_{2,1}\)\lit{\#}\(\mbox{\meta{id-value-token}}_{2,2}\)\ldots \\
\metaor \meta{name-component}\lit{\#}\(\mbox{\meta{id-value-token}}_1\)\lit{\#}\meta{id-value-token$_2$}\ldots \ore
\end{command}
The second form matches any \meta{id-type}. The first form is used to
explicitly specify one or more \meta{id-type}s.
}
For now, there are only two \meta{id-type}s defined. The \lit{REMOTE}
\meta{id-type} is used by the server when it has magic
knowledge (perhaps through a local database) that
two objects are the same. The \lit{REMOTE} id type is a single
element which is the printed decimal representation of a positive
integer. This positive integer should be able to be stored in a 32
bit integer. A \lit{REMOTE} id value of 0 means ``unspecified''.
The \lit{REMOTE}
\meta{id-type} cannot be sent across the network by clients in
queries.%
\footnote{The \meta{id-value} of the \lit{REMOTE} type
is the same as the \meta{magic-no} token specified in version 1 of the
Prospero protocol.} It is not guaranteed to be consistent across different
queries to the server, but server implementors are encouraged to make
the \meta{id-value} token consistent across queries.
Many clients will locally generate \lit{ID} fields to
help the human user differentiate between conflicting links. These
\lit{ID} fields will have an \meta{id-type} of \lit{LOCAL} and an
arbitrarily generated string as their \meta{id-value}. They may not be
sent over the network, and are not guaranteed to be unique from
directory read to directory read, although implementors are encouraged
to make them so. All available \lit{ID} fields will be returned with
every \lit{LIST} operation.
\chapter{Commands Reference}
All Prospero commands are listed below.
\section{VERSION}
\begin{command}
\commandsize \lit{VERSION} \meta{version-number}
\zoos\meta{software-identifier}\zooe
\end{command}
This command requests or specifies the protocol version number. If
the specified protocol version number is not supported, the response
will be:
\begin{command}
\lit{VERSION-NOT-SUPPORTED TRY} \meta{min-version-number}\lit{-}\meta{max-version-number}
\end{command}
or
\begin{command}
\lit{VERSION-NOT-SUPPORTED TRY} \meta{version-number}
\end{command}
Where \meta{version-number} or
\meta{min-version-number}\lit{-}\meta{max-version-number} are those
versions that are supported.
If no arguments are supplied (or if the argument is not a
number), then the \lit{VERSION} command will return the current
protocol version number being used by the server in the form:
\begin{command}
\lit{VERSION} \meta{version-number} \zoos\meta{software-identifier}\zooe
\end{command}
If the \meta{software-identifier} is specified, it identifies
the software and version of the software that is generating the
message.\footnote{Software developers wishing to obtain software
identifiers should send electronic mail to {\tt pfs-administrator@isi.edu}.}
\section{AUTHENTICATE}
\begin{command}
\commandsize \lit{AUTHENTICATE} \meta{options} \meta{authenticator-type}
\meta{authentication-data} \zoms\meta{principal-name}\zome
\end{command}
This command authenticates the principal making the request. The
\meta{authenticator-type} is the type of the authenticator. It might
be a password, a Kerberos
authenticator, or data used by an alternative authentication
mechanism. The currently supported values for
\meta{authenticator-type} are \lit{UNAUTHENTICATED}, \lit{KERBEROS},
and \lit{HANDLE}.
If the \meta{authenticator-type} is \lit{UNAUTHENTICATED}, this is
honored by the \lit{ASRTHOST} ACL type. It is also honored by the \lit{TRSTHOST} ACL
type if the client is
using a privileged port. If the \meta{authenticator-type} is
\lit{UNAUTHENTICATED}, then the \meta{authentication-data} should be
the username of the user running the client. This username is be the
principal referred to by the ACL.
If the \meta{authenticator-type} is \lit{KERBEROS}, then the
\meta{authentication-data} is a Kerberos authentication message
authenticating the
principal to the Prospero server. The ACL principal will be the same as the
Kerberos principal. The ACL type will be \lit{AUTHENT} \lit{KERBEROS}.
If the \meta{authenticator-type} is \lit{HANDLE}, then the
\meta{authentication-data} is a handle returned in response to a
previous \lit{AUTHENTICATE} command.
The optional \meta{principal-name}s are informational only for some
authentication types, and exist only for human convenience. The
server will extract the principal names from the
\meta{authentication-data}, but the names might be encrypted in the
\meta{authentication-data} or otherwise represented in a way that
humans cannot easily decipher them. (For instance, this is the case
with Kerberos version 5.) In the case of the \lit{P\_PASSWORD}
authentication type, the \meta{principal-name}s are not optional.
More than one \lit{AUTHENTICATE} command may be sent in a single
message. This can be used both to authenticate oneself as multiple
simultaneous principals and to authenticate oneself using several methods.
The response may take one of several forms. If the authentication
fails, then the response is:
\begin{command}
\lit{FAILURE} \lit{AUTHENTICATION-DATA} \zoos\text{explanatory text}\zooe
\end{command}
One might get this response if an authentication handle has expired.
If it is computationally expensive for the server to validate the
authentication data, it may want to cache the fact that the data has
been validated, and return a handle that the client may use in future
requests to the server:
\begin{command}
\lit{AUTHENTICATED} \zoos\meta{authentication-handle}
\zoos\meta{handle-expiration-time}\zooe \zooe
\end{command}
The \meta{handle-expiration-time}, if provided, is in ASN-TIME format.
The response may be another \lit {AUTHENTICATE} command if the server
needs to authenticate itself to the client.\footnote{XXX: Not
currently implemented.} The response may simply be:
\begin{command}
\lit{AUTHENTICATED}
\end{command}
to indicate that the authentication succeeded. If other commands are
included in the same packet as the \lit{AUTHENTICATE} request (this
will almost always be the case), then successful execution of theose
other commands implies that the authentication succeeded; in this case,
the server is not required to include the \lit{AUTHENTICATED} response.
Currently, no options are defined, so the \meta{options} token is
always the null string.
\section{DIRECTORY}
\begin{command}
\commandsize \lit{DIRECTORY} \meta{hsoname-type} \meta{hsoname}
\zoos\meta{object-version}\zooe \selectlines
\end{command}
This command specifies the directory to be read or modified by the
commands that follow as part of the same request. This command
does not generate a response unless the selected directory is not a
directory. In that case, the response:
\begin{command}
\lit{FAILURE NOT-A-DIRECTORY}
\end{command}
is returned, and the remainder of the request ignored.
\section{ATOMIC}
\begin{command}
\commandsize \lit{ATOMIC}
\end{command}
This command specifies that all commands that follow are to be
completed atomically. If one of the commands fails, then none of the
commands are to have an effect. This may require undoing the effects
of commands which have already completed. Note that this command works
only for requests issued in the same message, and all commands must
be executable on the single server to which the message was sent.
This command is not currently implemented.
\section{LIST}
\begin{command}
\commandsize \lit{LIST} \meta{options} \lit{COMPONENTS}
\zoms\meta{name-component}\zome\selectlines\meta{LF}\\
\lit{FILTER} ...
\end{command}
\lit{LIST} is used to look up information stored in a directory. It
must be preceded by a \lit{DIRECTORY} command in the same request. Each
optional \meta{name-component} is a component of a
multiple-component name relative to the directory specified in the
\lit{DIRECTORY} command. The last component may include wildcards. If no
\meta{name-component} is specified, the wildcard ``*'' is implied
(i.e., all listable components in the directory will be listed).\footnote{
The protocol is currently in transition. The old format was as
follows:
Multiple component names are allowed, and are specified as a single
token following the \meta{name-component}. The multiple components within
a single name are separated by the unquoted slash (\lit{/}). Servers
and clients for now are accepting both versions of the protocol
message, which means that the 1st component of a multiple-component
name must be quoted if it contains a slash.}
If the result of
the lookup of one component is another directory at the same storage
site, then the directory server will repeat the process and look up
the next component. When a lookup results in a dead-end, or a
directory at another site, the server will return an \lit{UNRESOLVED}
message, indicating which components remain to be resolved by the client.
If a space, tab, slash, or \meta{LF} is to be included in a component
of a single-component or multi-component name, the component must be
quoted. Quoting a slash in a single-component or multi-component name
means that the slash is not considered to separate components of a
multi-component name, but rather to be a part of a single component.
This somewhat awkward syntax allows us to have single components
which contain slashes or horizontal whitespace or \meta{LF}s.
\subsection{Wildcards}
The \meta{name} tokens in the \lit{LIST} command are the
only places in the Prospero protocol where components may be specified
with wildcards. There are two wildcard characters supported:
\begin{description}
\item[\lit{*}] Match zero or more characters.
\item[\lit{?}] Match exactly one character.
\end{description}
Wildcards may only be used to expand at a single-component level; by
this, we mean that the wildcarded \meta{name}
\lit{foo?bar} would match the single-component name whose name in
the current directory was \lit{foo-bar},
but would not match the object whose multiple-component name in the
current directory was \verb"foo/bar".
One may also wildcard a name by giving a full regular expression. To
do this, the regular expression should be enclosed within parentheses.
For instance, specifying (Anne.*) is equivalent to specifying the
wildcarded name 'Anne*'.
In addition to any wildcards specified, a literal match for the
wildcard will also happen.
\subsection{Options}
\meta{options} contains a (possibly empty) list of options to the
\lit{LIST} command. If no options are specified, an empty
list of options should be sent as
a null token (\lit{'{}'}.)
\subsubsection{Miscellaneous Options}
Among the options supported are \lit{EXPAND} which tells the remote directory
server to expand any union entries in the directory. By default, the
response will contain the names of union links to be included, and the
client must submit a new query. A directory server can ignore the
\lit{EXPAND} option to the list command if it so desires. The \lit{LEXPAND}
option is the same as \lit{EXPAND}, but indicates that the server should
only expand union entries for local directories. The \lit{LEXPAND} option
is implied if a multiple component name is being resolved.
The \lit{VERIFY} option tells the remote server that the purpose of the
query is to verify whether the remote directory exists and is a
directory. No components are to be returned; instead, the message
returned on success is \lit{NONE-FOUND}.
\subsubsection{\protect\lit{ATTRIBUTES} option}
The \lit{ATTRIBUTES} option indicates that the attributes associated with
the link are to be returned. (If the object is on the same host as
the directory, then the server may ignore CACHED attributes and return
OBJECT attributes instead.
\lit{ATTRIBUTES} is optionally immediately
followed by an argument list, which is a parenthesized \mbox{\lit{+}-se}para\-ted
list of attributes to be
returned. If the \lit{ATTRIBUTES} option is specified without any
attributes requested, then it is just the same as if one had specified
\lit{ATTRIBUTES(\#INTERESTING)}. Note that union links do not
normally have any interesting attributes attached to them, except
for \lit{FILTER}.
\lit{ATTRIBUTES(ID+FILTER)} is always implied. For \lit{EXTERNAL}
links, \lit{ATTRIBUTES(ACCESS-METHOD)} is always implied.\footnote{
This restriction seems odd, but it makes certain details of
programming the client libraries much easier.}
There are some special arguments to the
\lit{ATTRIBUTES} option. It is not a good idea for application-defined
attributes to have names that conflict with these special arguments; if
there are such application-defined attributes, you may have to use the
\lit{\#ALL} special argument to look at their values. More than one
special argument may be specified, and one may mix special and
non-special arguments. Also, note that it is never erroneous
for a server to return more attributes
than were asked for, nor is it erroneous for a server to return
attribute information even if no \lit{ATTRIBUTES} option was specified
to the \lit{LIST} command. A server that always behaved as if the
\lit{ATTRIBUTES(\#ALL)} option were specified would be behaving
legally, although it would not be terribly efficient.
\begin{description}
\item[\lit{\#INTERESTING}] Return only interesting attributes. What
constitutes an ``interesting'' attribute is server-dependent.
This allows one to use Prospero for special applications.
\item[\lit{\#ALL}] If this argument is specified, and the object resides
on the same host as
the link, then the attributes stored with the object referenced by the
link will be returned in addition to those stored with the link, and
no cached attributes will be returned (they would be irrelevant). If
the object resides on a host different from the link, then all
attributes stored with the link are returned, but not those stored
with the object referenced by the link.
\item[\lit{\#CACHED}] Return all attributes of type \lit{CACHED}.
If you specify \lit{\#CACHED} with \lit{\#ALL}, the server will return cached
attributes in addition to those that would be returned if you'd just
specified \lit{\#ALL}. It is not clear how useful this behavior is.
\item[\lit{\#OBJECT}] Return all attributes of type \lit{OBJECT}. Note that
this will not work if the object does not reside on the same host as
the link.
\item[\lit{\#ADDITIONAL}] Return all \lit{ADDITIONAL} attributes
\item[\lit{\#REPLACEMENT}] Return all \lit{REPLACEMENT} attributes.
\item[\lit{\#LINK}] Return all \lit{LINK} attributes.
\item[\lit{\#FIELD}] Return all fields (all system-defined standard
attributes), except for ones that have already been returned as part of
the \lit{LINK} response, such as \atr{host}, \atr{handle}, and
\atr{dest-exp}.
\item[\lit{\#\#FIELD}] Return all fields. (This option will be
rarely used.)
\item[\lit{\#APPLICATION}] Return all application-defined
attributes.
\end{description}
\subsubsection{\protect\lit{FILTER} option}
If the \lit{FILTER} option is specified, the \lit{LIST} command will
be followed by one or more lines representing one or more
\lit{PREDEFINED} filters to
be applied at the server.
The filters are applied in the order in which they follow the
\lit{LIST} command. Their format is just like that of
\lit{FILTER} information returned from the \lit{LIST} command (see
subsection~\ref{filter}), except that the \meta{execution-location} field must always
be \lit{SERVER}, and the first four tokens (``\lit{ATTRIBUTE LINK
FIELD FILTER}'') are omitted. The format is:
\begin{command}
\lit{FILTER} \meta{filter-type} \lit{SERVER} \meta{pre-or-post}
\lit{PREDEFINED} \meta{filter-name} \\
\zoos \lit{ARGS} \zoms\meta{filter-arg}\zome \zooe
\end{command}
The server will know that there are no more filter-specifying lines
either when the end of the message is reached or it encounters a line
that does not begin with the token \lit{FILTER}.
\subsection{Returned Information}
On failure, a standard error response will be returned. On success,
the response will be a sequence of entries containing information
about the requested files.
\subsubsection{Links}
\begin{command}
\lit{LINK} \meta{link-type} \meta{target} \meta{name-component} \meta{host-type} \meta{host-name}
\meta{hsoname-type} \meta{hsoname} \meta{object-version}
[ \lit{DEST-EXP} \meta{dest-expiration} ]
\end{command}
In the case of links to objects, \meta{dest-expiration} is the value
of the object's \atr{dest-exp} field.
The \meta{link-type}
token is defined as follows:
\begin{description}
\item[\lit{L}] Normal link (Symbolic link, link to a Prospero object,
or link to an external object)
\item[\lit{U}] Union link to a directory
\end{description}
The \meta{target} token is defined as follows: \label{target-token}(Also see
the discussion of this in section~\ref{target-attribute}.
A link may be a link to an object. In this case, the value of the
\meta{target} token will be the same as the value of the
object's \atr{base-type} attribute\footnote{For an explanation, see
section~\ref{base type}.}
(that is, \lit{OBJECT}, \lit{FILE},
\lit{DIRECTORY}, or \lit{DIRECTORY+FILE}.) Other values for
\meta{target} are:
\begin{description}
\item[\lit{SYMBOLIC}] Symbolic link. The \meta{host-type} token will be
\lit{VIRTUAL-SYSTEM}, the \meta{host-name} token will be the name of
the virtual system being linked to (specified as a path within the
current virtual system --- we usually use the conventional ugly-name of
the virtual system), the \meta{hsoname-type} will be \lit{ASCII},
and the \meta{hsoname} will be
the full pathname of the object being linked to within the virtual
system.
\item[\lit{EXTERNAL}] This is a link to an object which is not stored on a
host running Prospero. Unlike other types of links, \lit{EXTERNAL}
links have an \atr{access-method}%
\footnote{See
section~\ref{access-method} for a description of the
\atr{access-method} field.}
attribute which is returned as a cached attribute.
This is because \lit{EXTERNAL} links
cannot have any object attributes. Therefore, if one wishes to add
attributes to an \lit{EXTERNAL} link that would normally be object
attributes, one must specify them as \lit{CACHED}, \lit{ADDITIONAL}, or
\lit{REPLACEMENT} attributes.
\end{description}
If the principal requesting the listing has no read access to a link,
all fields in the link except for \meta{name-component} will be
returned with the token \lit{NULL}, which is not otherwise valid in a
returned link.
\subsubsection{Link Attributes\label{Link Attributes}}
If attributes were requested, the link will be followed by lines that
specify the values of the requested attributes. The form of the
response will depend on whether the attribute is associated with the
link, or with the actual object. If the attribute is associated with
the link, the \meta{applies-to} token indicates whether it applies to the
\lit{LINK} or the object, and if the object whether it is a \lit{CACHED}
attribute, a \lit{REPLACEMENT} attribute, or an \lit{ADDITIONAL} attribute. In
case of conflicts between attributes associated with the link and
those associated with the object, a cached attribute is superseded, a
replacement attribute takes precedence, and an additional attributes
leaves both intact.
Attributes may sometimes be returned even if they were not explicitly
requested. As a case of this, the \atr{ACCESS-METHOD} attribute is
always returned for \lit{EXTERNAL} links.
\begin{command}
\ors \lit{ATTRIBUTE} \meta{applies-to}
\lit{FIELD} \meta{attribute-name}
\ooms\meta{value-tuple-element}\oome%
\\
\metaor \\
\lit{ATTRIBUTE} \meta{applies-to}
\ors \lit{APPLICATION} \metaor \lit{INTRINSIC} \ore
\meta{attribute-name} \meta{attribute-value-type}
\ooms\meta{value-tuple-element}\oome \ore
\end{command}
\footnote{{\bf CHANGE IN FORMAT}: It used to be the case that the
line returned for FIELD attributes did not include an
\meta{attribute-type} token. This has been changed. The older
format will continue to work until all Prospero applications before
Alpha.5.1 are gone.
}
Attributes may have multiple values, in which case one \lit{ATTRIBUTE}
line is returned for each value. In the case of multiple values, the
order in which attributes is returned may be significant to the
application. The Prospero server will maintain the order
of attributes.
\meta{attribute-value-type}s are \lit{SEQUENCE},
\lit{LINK}, and \lit{FILTER}. \lit{SEQUENCE} is the most general
\meta{attribute-value-type}. It is a sequence of zero or more ASCII
strings, and all other attribute value types are subtypes of it.
Since application attributes are, by definition, application-specific,
we are not constraining the form of a sequence. However, if an
application wishes to use application-specific subtypes of
\lit{SEQUENCE}, we encourage application authors to use the first
element of the attribute's value as a keyword describing the particular
subtype of \lit{SEQUENCE}.
One possible \meta{attribute-value-type} is \lit{LINK}. The
\meta{value-tuple-element} tokens returned in this case are the same as
the \lit{LINK} response to the \lit{LIST} command.
In that
case, the \meta{name-component} token will be ignored, and will usually be
a zero-length string (\lit{'{}'}).) The return format would be:
\begin{command}
\lit{ATTRIBUTE} \meta{applies-to} \lit{APPLICATION} \meta{attribute-name}
\lit{LINK} \ors \lit{L} \metaor \lit{U}\ore \meta{target} \meta{name-component} \meta{host-type} \meta{host-name}
\meta{hsoname-type} \meta{hsoname} \meta{object-version}
\zoos \lit{DEST-EXP} \meta{dest-expiration} \zooe
\end{command}
If the value of an attribute is a link, the link might itself have
attributes. When such sub-attributes are returned, the word
\lit{ATTRIBUTE} is immediately followed by \lit{>} signs to the
appropriate nexting level. If a link attribute has sub-attributes,
they will all be sent with the link.
All available \lit{ID} fields will always be returned with
every \lit{LIST} operation, using the \lit{ID} return
format.\footnote{Please note again that ID fields have not been
fully implemented, in the absence of an appropriate standard; comments about them in this document are subject to
change.}
\subsubsection{Filters\label{filter}}
User-defined attributes and the field \atr{filter} may have the
\meta{attribute-value-type} of \lit{FILTER}.\footnote{
XXX: This should go into the attribute documentation
} If a link has one or more filters attached to it, they are
specified as one or more instances of the link's \atr{filter} field.
One \lit{ATTRIBUTE} line will always be returned for each
filter. The
lines are returned in the same order in which the filters will be
applied to the link. The return format is:
\begin{command}
\lit{ATTRIBUTE}\zoms\lit{>}\zome \lit{LINK FIELD FILTER} \meta{filter-type}
\meta{execution-location} \meta{pre-or-post} \\
\ors\lit{PREDEFINED} \meta{filter-name} \\
\metaor\
\lit{LINK} \lit{L} \meta{target} \meta{name-component} \meta{host-type} \meta{host-name}
\meta{hsoname-type} \meta{hsoname} \meta{object-version}
\zoos \lit{DEST-EXP} \meta{dest-expiration} \zooe \ore
\zoms\lit{ID} \meta{id} \meta{info}\zome \\
\zoos \lit{ARGS} \zoms\meta{filter-arg}\zome \zooe
\end{command}
The values for \meta{filter-type} are: \lit{DIRECTORY}, filter is
applied to the
current directory; \lit{HIERARCHY}, filter is applied to all directories
reachable through the filtered link; \lit{OBJECT} filter is applied to an
object other than a directory; \lit{UPDATE}, filter is applied when
updating the directory.
\meta{execution-location} refers to where the filter will be executed.
Filters are usually executed on the \lit{CLIENT}, but may be executed
on the \lit{SERVER}.
\meta{pre-or-post} is \lit{PRE} if the filter is to be applied before
union links are expanded and \lit{POST} if the filter is to be applied
after union links are expanded. \lit{POST} is the common case for
client filters. Server filters must be \lit{PRE} at this time, since
the server does not yet perform remote expansion of union links.
Filters may be \lit{PREDEFINED}, which means that it is expected that
the appropriate client or server will understand the predefined name, or
they may be \lit{LOADABLE}, which means that they are object
code that will be dynamically linked with the client or
server.\footnote{
The security issues with loadable filters have
not yet been fully addressed. Partly because of this, right now, all
implementations except for the VAX implementation will only support
\lit{PREDEFINED} filters, and even the VAX implementation is not
configured to support loadable filters unless you specially compile it
to do so.
}
There may also be server-specific \lit{PREDEFINED} filters
for special applications (such as Archie). Their
\meta{execution-location} will always be \lit{SERVER}.
One may specify zero or more arguments to the filter, following the
\lit{ARGS} keyword.
\subsubsection{Unresolved Components}
An \lit{UNRESOLVED} response lists the components of the name that must be
further resolved relative to the immediately preceding \lit{LINK}
response or responses, and is used when not all components of a
multiple-component name were resolved.
\begin{command}
\lit{UNRESOLVED} \meta{components}
\end{command}
The text of the \meta{components} must be a proper suffix of
multiple-component name sent across as an argument to the \lit{LIST}
command. For instance, to the command
\begin{command}
\lit{LIST '' COMPONENTS ulink-test2/murali/ROOT}
\end{command}
the only two legal \lit{UNRESOLVED} responses are
\begin{command}
\lit{UNRESOLVED} \lit{murali/ROOT}
\lit{UNRESOLVED} \lit{ROOT}
\end{command}
\subsubsection{No files found}
If no files are found, the reply will be:
\begin{command}
\lit{NONE-FOUND}
\end{command}
\section{LIST-ACL}
\begin{command}
\commandsize
\lit{LIST-ACL} \meta{options} \zoos\meta{name-component}\zooe\selectlines
\end{command}
This request is used to list the access control list for the directory
specified in the previous \lit{DIRECTORY} command, or for a link within the
directory. The optional component is required only if requesting the
\lit{ACL} for a link within the directory (option = \lit{LINK}). It is to be left
out when requesting the \lit{ACL} for the directory itself
(option = \lit{DIRECTORY}).
The response will be zero or more lines of the form:
\begin{command}
\lit{ACL} \meta{entry-type} \zoos\meta{authentication-type}
\zoos\meta{rights} \zoms\meta{principal-name}\zome\zooe\zooe
\end{command}
If no \lit{ACL} entries are listed, then the response is \lit{SUCCESS}.
Fields inappropriate to a particular \meta{entry-type} need not be
sent, but if they are sent, they should be sent as a zero-length
string. For instance, the \lit{DEFAULT}, \lit{SYSTEM}, and
\lit{DIRECTORY} ACL types do not use the \meta{authentication-type},
\meta{rights}, and \meta{principal-name} fields.
If the ACL's permissions state that it cannot be viewed (\lit{v} or
\lit{V} permission), then the
response is
\begin{command}
\lit{FAILURE} \lit{NOT-AUTHORIZED} \zoos\text{optional multi-token explanatory text.}\zooe
\end{command}
Possible values for \meta{entry-type} include \lit{NONE} (allows
access to no principals; in other words, it's a no-op), \lit{ANY}
(grants access to all
principals), \lit{OWNER} (grants access to the principal specified by
the link or object's \atr{owner} field; i.e., the one who owns the
link or object),
\lit{NAMED}, %(formerly called \lit{LGROUP}),
\lit{GROUP} (In this case, the \meta{authentication-type} token
represents the group certification method),
\lit{DIRECTORY}, \lit{DEFAULT}, \lit{SYSTEM}, \lit{AUTHENT} (means
that an
authentication method is used; the \meta{authentication-type} token
specifies the
authentication method. The only currently supported value for
\meta{authentication-type} is \lit{KERBEROS}.), \lit{ASRTHOST}, and
\lit{TRSTHOST}. An example:
\begin{command}
\tt
ACL ANY '{}' rlvY \\
ACL ASRTHOST '{}' ALRMDI prospero \\
ACL AUTHENT KERBEROS ALRMDI swa@ISI.EDU bcn@ISI.EDU \\
ACL DEFAULT '{}' '{}' \\
ACL SYSTEM '{}' '{}' \\
\end{command}
We interpret a null link ACL as the \lit{DIRECTORY} ACL.
We interpret a null directory ACL as the \lit{DEFAULT} ACL.
See the Prospero User's Manual for a discussion of the order of
evaluation of ACLs.
If we want to find out the value of a \lit{NAMED} ACL (named ACLs are
shorthand for longer lists, and are local to the server) (\lit{XXX} this
should go into the user's manual), then we use
the \lit{NAMED} option, and the
\meta{name-component} is replaced with the (possibly quoted) name
of the named ACL. Note that named ACLs are not currently supported.
If we want to find out the value of an included ACL (Currently, the
only included ACLs are \lit{SYSTEM}, \lit{DEFAULT}, and \lit{OVERRIDE}. \lit{DIRECTORY} is
also an included ACL for the purposes of the protocol, but the value
of the \lit{DIRECTORY} ACL will change from directory to directory, and
therefore it is not a server-wide stable name.) \footnote{XXX: this
information will go into the user's manual when we revise it}, then we use
the \lit{INCLUDED} option, and the
\meta{name-component} is replaced with the name
of the included ACL. Note that retrieval of included ACLs is not
currently supported.
If we want the ACL for a filesystem object (instead of for a link or
directory), then we use the \lit{OBJECT} option, and the
\meta{name-component} is replaced with \meta{hsoname-type}
\meta{hsoname} \zoos\meta{object-version}\zooe. Object ACLs are not currently implemented, because
they wouldn't do anything useful --- we currently do not have an
access method which understands Prospero ACLs.
Within the Prospero protocol, the quoting mechanism works on principal
names, and works recursively for distinguishing components of
principal names. (This is currently only used by Kerberos, but may also
be needed by other authentication mechanisms.)
See the Prospero User's manual for a further discussion of ACLs.
\section{GET-OBJECT-INFO}
\begin{command}
\commandsize
\lit{GET-OBJECT-INFO} \meta{requested-attributes}
\meta{hsoname-type} \meta{hsoname}
\meta{object-version}\selectlines
\end{command}
This command requests information about an object.
\meta{requested-attributes} is a list of those attributes
that are desired. Multiple attributes may be separated by ``\lit{+}'' signs
(with no intervening white space), just as options lists are
separated.
Special attribute names may be specified, just as they may be for the
\lit{LIST} command. The special names are: \lit{\#OBJECT} (synonymous
with \lit{\#ALL}), \lit{\#FIELD}, \lit{\#INTERESTING}, \lit{\#ALL}, and
\lit{\#APPLICATION}.
The response can be multiple lines, each containing a value for an
attribute. The response will be the same as for the \lit{ATTRIBUTE}
option to the \lit{LIST} command. However, the \meta{applies-to}
field will always be \lit{OBJECT}
An object that has migrated to another host may have its
\atr{forwarding-pointer} attribute queried with \lit{GET-OBJECT-INFO},
but attempts to retrieve any other attributes will return a
\lit{FORWARDED} message.
If no matching attributes for the object were found, the response is
\lit{NONE-FOUND}.
\section{EDIT-OBJECT-INFO}
\begin{command}
\commandsize
\lit{EDIT-OBJECT-INFO} \meta{modification-request}
\meta{hsoname-type} \meta{hsoname}
\end{command}
This command is used to change the attributes of a Prospero object.
It is followed by an arbitrary (zero or more) number of
\lit{ATTRIBUTE} specification lines. See the
\lit{LIST} command for a definition of these lines. The
\meta{applies-to} will always be \lit{OBJECT}.
In the command, one may request to add a new instance of an attribute, delete
an instance, delete all instances, or replace all instances. The
\meta{modification-request} will be \lit{ADD}, \lit{DELETE},
\lit{DELETE-ALL}, or \lit{REPLACE}. If you want to do more than one
thing to an object in
the same request (e.g., if you want to add one attribute instance and
replace another), and you want to avoid letting the object exist in an
intermediate and possibly inconsistent state, then you can send two
\lit{EDIT-OBJECT-INFO} commands in the same message, along with the
\lit{ATOMIC} command.
If you are deleting all instances of an attribute, then the
\meta{attribute-value} you specify in your \lit{ATTRIBUTE}
specification lines will be ignored, and will usually just be the null
string. \lit{DELETE-ALL} just checks for matches on the attribute
name and the attribute namespace (\lit{APPLICATION}, \lit{FIELD}, or
\lit{INTRINSIC}).
\lit{DELETE}, on the other hand, checks for an exact match on the
attribute name, namespace, type, and value. (The current
implementation does not check for sub-attributes of a value of type
link.
\lit{REPLACE} may
be specified even if the attribute does not yet have any instances
specified for it.
One may use \lit{EDIT-OBJECT-INFO} to edit the \atr{base-type}
attribute to remove the \lit{FILE} type from it only if the file is
empty (zero length), and one may remove the \lit{DIRECTORY} type from
it only if the directory is empty (contains no links).
\section{CREATE-LINK}
\begin{command}
\commandsize
\lit{CREATE-LINK} \meta{options} \ors \lit{L} \metaor \lit{U} \ore
\meta{name-component}
\meta{target} \meta{host-type} \meta{host-name} \meta{hsoname-type}
\meta{hsoname} \meta{object-version}
\zoos\lit{ID} \meta{id-type} \meta{id-value}\zooe
\end{command}
This command creates a new link in the current directory. The
\meta{name-component} may not be null, even if the link is a union link.
If filters
or other information must be added, the \lit{EDIT-LINK-INFO} command should be
used once the link has been created.
The \meta{options} may include \lit{REPLICA} to add
a link to a directory that already contains a link with the same
\meta{name-component}. \lit{REPLICA} indicates that the new link
and the existing link or links with which it conflicts are replicas.
Normally, if one attempts to add a link with a conflicting
\meta{name-component}, the response is:
\begin{command}
\lit{FAILURE ALREADY-EXISTS}
\end{command}
if the new link duplicates an existing link (if all of the arguments
to it are the same as those of an existing link), and
\begin{command}
\lit{FAILURE NAME-CONFLICT}
\end{command}
if the new link has information which conflicts with an existing link.
If \lit{CONFLICT} is among the options, then conflicting links will be
inserted into the directory anyway.
For directories whose \atr{directory-ordering} is \lit{UNSORTED},
one of these three additional options may be specified:
\begin{description}
\item[\lit{BEFORE}] The \lit{CREATE-LINK} command is immediately
followed by a \lit{LINK} line, describing the link before which the
new link is to be inserted in the directory listing.
\item[\lit{AFTER}] Same as above, but the new link is inserted after the
specified link rather than before it.
\item[\lit{LAST}] This is the default. The new link will be the last
item in the directory.
\end{description}
\section{DELETE-LINK}
\begin{command}
\commandsize
\lit{DELETE-LINK} \meta{options} \meta{name-component} \selectlines
\end{command}
This command is used to remove an entry from a directory. The options
are currently blank.
If the \lit{SELECT} lines are not specified and there are multiple
links with the same \meta{name-component}, the first one matching will
be deleted.
\section{EDIT-LINK-INFO}
\begin{command}
\commandsize
\lit{EDIT-LINK-INFO} \meta{modification-request} \meta{name-component}
\zoos\lit{ID} \meta{id-type} \meta{id-value}\zooe
\end{command}
\begin{sloppypar}
This command modifies information associated with a link.
The interpretation of the %\ \linebreak[3]
\meta{modification-request} and of
subsequent lines is exactly the same as in the \lit{EDIT-OBJECT-INFO} command.
\end{sloppypar}
%\vspace{-.1in}
\section{EDIT-ACL}
\begin{command}
\commandsize
\lit{EDIT-ACL}
\ors \lit{LINK+}\meta{options} \meta{name-component} \\
\hspace{.6in} \metaor \lit{OBJECT+}\meta{options}
\meta{hsoname-type} \meta{hsoname} \\
\hspace{.6in} \metaor \lit{DIRECTORY+}\meta{options}
\ore \\
\zoos\lit{ID} \meta{id-type} \meta{id-value}\zooe \meta{LF} \\
\lit{ACL} \meta{entry-type} \meta{authentication-type} \meta{rights}
\meta{principal}
\end{command}
This command is used to modify an access control list for a directory,
for a link within a directory, or for an object. If modifying the ACL
for a directory or for a link within a directory, the directory is
specified in the previous \lit{DIRECTORY} command.
Another option indicates the operations to be
performed (one of \lit{ADD}, \lit{SUBTRACT}, \lit{INSERT}, \lit{DELETE}, \lit{SET} or \lit{DEFAULT}), and
whether to override the automatic inclusion of the system
ACL (\lit{NOSYSTEM}), or limited administer access for the client
(\lit{NOSELF}).
The server will return \lit{SUCCESS}, \lit{FAILURE}, or
\lit{FORWARDED}, as appropriate.
\section{CREATE-OBJECT}
\begin{command}
\commandsize \ors\lit{CREATE-OBJECT} \lit{PHYSICAL+}\meta{options}
\zoos\meta{hsoname-type} \meta{hsoname}\zooe \\
\metaor \lit{CREATE-OBJECT} \lit{ADD+}\meta{options}
\zoos\meta{hsoname-type} \meta{hsoname}\zooe \\
\metaor \lit{CREATE-OBJECT} \lit{VIRTUAL+}\meta{options}
\meta{name-component}\ore \meta{LF} \\
\zoms\lit{ATTRIBUTE}
\meta{attribute-specifying-tokens}\meta{LF}\zome \\
\zoms\lit{ACL} \meta{ACL-specifying-tokens}\meta{LF}\zome
\end{command}
This command will create an object with the specified
\meta{name-component} and will
return the identifier that can be used to open it. The
\meta{options} may include any or all of
\lit{DIRECTORY}, \lit{FILE}, and \lit{OBJECT}.
If the \lit{FILE} option is specified, the new file is
created empty. If the \lit{DIRECTORY} option is specified, the
new directory is created empty (i.e., not containing any links.).
The object will be created with whatever attributes present that are
specified in the \lit{ATTRIBUTE} lines.
If \meta{options} includes \lit{VIRTUAL}, then
\meta{name-component} is a name relative to the current directory, and a
link to the new object is added to the current directory.
If the \lit{ADD} option is specified, then one is adding a base type to
an already created object. Exactly one of the \lit{ADD},
\lit{VIRTUAL}, and \lit{PHYSICAL} options must be specified.
\begin{sloppypar}
If the \lit{PHYSICAL} option and a \meta{hsoname-type}
\meta{hsoname} pair are specified, then the server will attempt to create an object with that
\meta{hsoname-type} \meta{handle-pair}. If the \lit{PHYSICAL} option
without a following pair is
specified
then the server will choose a free \meta{hsoname-type}
\meta{hsoname} pair.
\end{sloppypar}
Upon success, the server will return:
\begin{command}
\lit{CREATED} \meta{hsoname-type} \meta{hsoname}
\end{command}
It is up to the application to create a link to the new object.
\subsection{Specifying Attributes}
The new object's fields will be set to system defaults, but
specifying a following series of \lit{ATTRIBUTE} descriptions allows
the creator of a file to override those defaults, and to specify any
application-defined attributes. The form for each \lit{ATTRIBUTE} line is
the same as that returned by the
\lit{LIST} command.
\subsection{ACLs}
If creating an object with the \lit{VIRTUAL} option, the access
control list for the new object will initially be a copy of the access control
list for its containing directory. If creating an object with the
\lit{PHYSICAL} option, the access control list for the new object will
contain the \lit{DEFAULT} ACL and the \lit{SYSTEM} ACL.
In addition,
for both options, one or more entries will be automatically added to the ACL
granting its creator all rights. The entry authentication type or types
will be appropriate for whatever the user used to authenticate himself
or herself. (Either \lit{AUTHENT} \lit{KERBEROS} or \lit{ASRTHOST} or
\lit{TRSTHOST}.)
If the \lit{LPRIV} option is
specified for a directory, instead of this entry, only those rights needed to
allow the creator to set up the directory (list, read, insert, and
administer) will be added, and (if \lit{VIRTUAL} was specified), only
if the creator does not already have such rights through the ACL that
was included from the parent directory.\footnote{If you really want to shoot yourself in the foot, you can
then call \lit{EDIT-ACL} to remove these few rights. We will let you
do this, but we are not making it easy for you.}
If \lit{VIRTUAL} was specified, the ACL for the new link will
by default be empty, which means that the default rights for the
directory will apply to the link.
After the ACL entries mentioned above are installed, the ACL
entries specified as part of the \lit{CREATE-OBJECT} command will
be added to the front of the list.
\subsection{Some Error Conditions}
If the user attempted to set a
field whose name the server does not recognize, or to set a
application-defined attribute to a type that the server does not recognize,
or to set the value of any attribute with a string that the server
cannot convert into the data type the server expects (e.g., too few
tokens when setting an attribute of type \lit{LINK}), or to set an
unrecognized ACL type,
the response is:
\begin{command}
\lit{ERROR} \text{explanatory text}
\end{command}
If the user specified an explicit \meta{hsoname-type} and
\meta{hsoname} with the \lit{PHYSICAL} option, but they were
already in use, or if the user specified a component with
\lit{VIRTUAL}, but the component is already in use, the error message is:
\begin{command}
\lit{FAILURE} \lit{NAME-CONFLICT} \zoos\text{explanatory text}\zooe
\end{command}
\subsection{No \protect\lit{DELETE-OBJECT} command}
Although there is a \lit{DELETE-LINK} command, there is {\em no \/}
\lit{DELETE-OBJECT} command. That's because Prospero objects will have
their storage reclaimed when their TTL expires (when no link to them
is refreshed before their expiration date). At the moment, this
storage reclamation feature is not implemented.) \footnote{XXX: This
feature must be specified. In addition, we must specify methods for
refreshing links, garbage collection, and notification of the
impending demise of objects.}
\section{UPDATE}
\begin{command}
\commandsize
\lit{UPDATE} \meta{options} \lit{COMPONENTS} \zoms\meta{name-component}\zome
\end{command}
This command tells the server to check each of the named components in
the current directory for forwarding pointers. If the referenced
object has moved, the link will be updated. The server will send
Prospero protocol messages across the network to the targets of links
to Prospero objects in order to check whether the target of a link has
moved. (External links and symbolic links will not be checked.) If
no components were specified, all components in the
directory will be checked. Each \meta{name-component} may contain
wild cards.
On success, the \lit{UPDATE} command returns the
number of links that were modified.
\begin{command}
\lit{UPDATED} \meta{number} \lit{LINKS}
\end{command}
On failure, the \lit{UPDATE} command returns the number of links it
was unable to update.\footnote{
This error message may change in response to future needs.}
\begin{command}
\lit{FAILED TO UPDATE} \meta{number} \lit{LINKS}
\end{command}
Wildcards
\section{STATUS}
This command requests the current status of the server. A humanly
readable multiple line response is returned. The response may be
presented to the user without additional processing. The response
must conform to the following requirements so that it may be read by a
program if desired.
The first line must include the server's software version
identification enclosed in parenthesis, and the host name of the
server. The name of the host should be the name that appears on local
links generated by the server; it might not be the primary name of the
host. The version identifier must be the first string that appears in
parenthesis, and the host name must be the string that immediately
follows the version identifier.
If a line contains a colon (:), the string preceding the colon
identifies the meaning of the text that follows the colon. Reserved
identifiers include \lit{Contact}, \lit{Started}, \lit{Memory},
\lit{Data}, \lit{Root}, \lit{AFTP}, \lit{AFS}, and \lit{DB}. The
identifiers are case insensitive. If present, \lit{AFTP}
identifies the part of the file system accessible by anonymous \lit{FTP}.
More than one \lit{DB} line may be present. A \lit{DB} line may
contain more than
one item on it; if it does, the items must be separated by spaces.
Each item on a \lit{DB} line is an initial prefix which this particular
server recognizes to mean that, if this server receives a system-level
name with this prefix followed by a slash, the remaining contents of
the line are fed to a database program which translates it into a
reference to a virtual directory.
Other than for the first line of the response, implementations are
free to add or modify lines that do not contain a colons. A sample
status response follows:
\begin{verbatim}
Prospero server (Beta.4.2B) JUNE.CS.WASHINGTON.EDU
Requests since startup 4096 (3609+377+2 67+29+0 9 0+0+0 0 3) OF
Started: 26-Aug-91 15:14:56 UTC
Contact: bcn@cs.washington.edu
Memory: 0(118)vl 0(4)at 0(5)acl 0(1)fi 1(1)pr 2(2)pt 0(711)str
Data: /u1/vfs/pfsdat
Root: /
DB: ARCHIE GOPHER(70) GOPHERGW WAIS
AFTP: /homes/june/ftp
\end{verbatim}
Since the responses to this command are so free in form, it is
unlikely you would want to send additional requests to the Prospero
server along with the \lit{STATUS} request, since it would not be easy for a
program to separate the replies to them from the free-form text.
\chapter{Standard Responses}
\section{SUCCESS}
\begin{command}
\commandsize
\protect\lit{SUCCESS} \zoos\protect\text{identifying-info}\zooe
\end{command}
A command that does not generate any output returns this response if
successful.
\section{FORWARDED}
\begin{command}
\commandsize
\protect\lit{FORWARDED} \protect\meta{host-type} \protect\meta{host-name}
\protect\meta{hsoname-type} \protect\meta{hsoname}
\protect\meta{version} [ \lit{DEST-EXP} \meta{dest-expiration} ] \\
\protect\zoms \protect\lit{ID} \protect\meta{id-type} \protect\meta{id-value}\protect\zome
\end{command}
This response is returned when the object that is the target of an
operation has moved. The client can retry the response using the
corrected information.
\section{ERROR}
\begin{command}
\commandsize
\protect\lit{ERROR} \protect\text{text}
\end{command}
This response is returned to indicate an error encountered when
parsing the request. The error might be a protocol error, or it might
be the result of the server's inability to recognize a keyword or data
type. \text{text} describes the error.
\section{FAILURE}
\begin{command}
\commandsize
\protect\lit{FAILURE} \protect\meta{identifying-info}
\zoos\protect\text{optional text} \zooe
\end{command}
This response is returned when an operation can not be performed. The
defined values for \meta{identifying-info} appear below.
If present, the \text{optional text} provides additional information
about the failure.
\begin{command}
\lit{NOT-FOUND} \ors\lit{FILE} \metaor \lit{ACL} \metaor
\lit{OBJECT} \metaor \lit{FILTER} \metaor \lit{PARAMETER} \metaor
\lit{ATTRIBUTE} \ore \\
\lit{ALREADY-EXISTS} \\
\lit{NAME-CONFLICT} \\
\lit{AUTHENTICATION-REQUIRED} \\
\lit{NOT-A-DIRECTORY} \\
\lit{NOT-AUTHORIZED} \\
\lit{AUTHENTICATION-DATA} \\
\lit{SERVER-FAILED}\footnote{This is used in the following
situations, among others: if
an internal table in the server fills up, or if the server cannot
allocate enough memory to handle the request, or if the server detects
an internal inconsistency in its database, or if the server
has not implemented a command specified in the protocol.}\\
\lit{AMBIGUOUS} \\
\lit{BAD-VALUE} \\
\lit{FILTER-APPLICATION} \\
\end{command}
\section{WARNING}
\begin{command}
\commandsize
\protect\lit{WARNING} \protect\meta{identifying-info}
\zoos\protect\text{optional text}\zooe
\end{command}
This response is returned to indicate a warning condition which does
not affect the correctness of the response. This message can be used
to indicate that the client is using an old version of the protocol
that, while supported, should be phased out. It can also be used to
inform the client of future changes on the server or scheduled
downtime. The defined values for \meta{identifying-info} appear
below. \text{optional text} is optional text that provides additional
information about the warning.
\begin{command}
\lit{OUT-OF-DATE} \\
\lit{MESSAGE} \\
{\em Any \meta{identifying-info} that can follow a \lit{FAILURE} message}
\end{command}
Prospero clients are strongly encouraged to present warnings to the user.
\appendix
\chapter{Directory, Link, and Object Attributes\label{db}}
This appendix describes the object and directory information
maintained by the Prospero file system.
{\bf \large Please note that this appendix is in very rough
form. Many of the attribute definitions have not yet been properly
written. A lot of the attribute documentation can be found in
section~\ref{Link Attributes} of this document.}
Attributes have three namespaces
associated with them: \lit{APPLICATION} attributes, \lit{INTRINSIC}
attributes, and \lit{FIELD}s.
Attributes in the \lit{FIELD} namespace have a registered meaning, and
are understood by all clients and servers that use them.
\lit{APPICATION} attributes are defined by users and application
programs and are unrestricted. Intrinsic attributes have special
registered meanings, providing prossibly transient or derived
information. The server has flexibility about whether it allows you
to change these things. Modifying them may have special implications
--- for instance, setting the \atr{SIZE} of a file to
``\lit{0 bytes}'' will truncate the file. \lit{INTRINSIC} attributes
gare either not modifiable, or else the server uses special mechanisms
to modify them.
In addition, there is a fourth namespace used internally by routines
running on the Prospero server. \lit{INTERNAL} attributes are never
sent across the network; they cannot be read with GET-OBJECT-INFO or
LIST and cannot be modified with EDIT-OBJECT-INFO. However, they do
appear in the server's data files.
\section{Objects}
\subsection{Attributes\label{access-method}}
Valid attributes include {\sc access-method,
closure, description, forwarding-pointer, keywords, last-referenced,
last-writer, locks, owner, replicas, size, storage-location, ttl,
ttl-expires. version-number, virt-sys, well-known-names,} and {\sc
write-date}.
Prospero maintains the following system defined attributes for each
Prospero object:
\begin{description}
\item[\atr{base-type}] See section~\ref{base type} for a description of
this attribute.
\footnotetext{
{\bf RATIONALE}: Under the version 1 protocol, the means of obtaining the
access method information for \lit{EXTERNAL} and \lit{FILE} links was
different; this made the code more complicated than it needed to be.
The reader may well ask why the host should be specified in
the value of the \atr{access-method} field. Isn't the host name
already specified in the \atr{host} field? Including the host
name as part of the attribute's value has some advantages:
\begin{itemize}
\item The value of the \atr{access-method} field is all one needs in
order to retrieve the file.
\item One might have a Prospero server running on only one host in a
cluster, where the objects themselves are actually stored on another
fileserver. Then, one would want to be able to have the
\atr{access-method} host be different from the host which is listed
as the one having the final word on the status of the object.
\item This system also allows us to have a gateway server, which is able to
translate directory formats from other distributed file systems (e.g.,
gopher), but directs the client to retrieve the files themselves from
a host that is not the gateway server.
\end{itemize}
}
\item[\atr{access-method}\footnotemark]
This is a tuple of at least 5 elements. The first element is the name
of the access method. Currently supported values are \lit{AFTP}, \lit{GOPHER},
\lit{AFS}, \lit{NFS}, \lit{FTP}, \lit{WAIS}, and \lit{LOCAL}.
The next 2 elements are the \meta{host-type} and \meta{host-name} of
the host to which the access method should connect in order to
retrieve the object. A port number may be included as part of the
hostname, if relevant. If they are zero-length tokens (\lit{'{}'}), then
they default to the \meta{host-type} and \meta{host-name} specified in
the link. The next 2 elements are the \meta{hsoname-type} and
\meta{hsoname} which the access method will use to retrieve the
object. If they are zero-length tokens, then they default to the
\meta{hsoname-type} and \meta{hsoname} specified in the link.
This constraint on format applies to all access methods. If a
particular type of access method doesn't need one of these fields,
then it still must be specified, but the access method is free to ignore it. The whole
point of the \lit{'{}'} shorthand is merely to save bytes in the
protocol messages. It is always appropriate to send them fully
expanded, and not use the \lit{'{}'} shorthand.
The sixth and subsequent elements are dependent upon the particular
access method. For \lit{AFTP} and \lit{FTP}, the sixth element will be
\lit{BINARY} or \lit{TEXT}. For \lit{NFS}, the sixth
element will be the name of the filesystem on the remote host.
\lit{LOCAL}, and \lit{AFS} have only five-element names.
The \lit{GOPHER} access method may have five or six elements in the
name. The actual protocol used to retrieve a document or object
through Gopher varies depending on its Gopher item-type. (See
Internet RFC 1436 for details on the interpretation of the Gopher
item-type characters.). This item type is usually the 1st character
of a Gopher document or object's selector string (the \meta{hsoname}
element of the access method). However, the protocol does not require
that this be the case. If a sixth token is present in a \lit{GOPHER}
access method, it will be treated as the Gopher item-type character;
otherwise, the item-type will be taken from the 1st character of the
\meta{hsoname} element.
Some examples:
\begin{command}
\tt \sloppy ATTRIBUTE FIELD ACCESS-METHOD GOPHER
%\linebreak[2]
INTERNET-D~MERMAID.MICRO.UMN.EDU(150)
ASCII~\mbox{'1/Fun Stuff/Pyrotechnics/PyroGuide\ 1'}%
\footnote{This file recently
disappeared from the server. If you have a copy, please send it to
\verb"swa@isi.edu".}
{\rm \par This access method could also be displayed in the six-token
format as:}
\tt \sloppy ATTRIBUTE FIELD ACCESS-METHOD GOPHER
%\linebreak[2]
INTERNET-D~MERMAID.MICRO.UMN.EDU(150)
ASCII~\mbox{'1/Fun Stuff/Pyrotechnics/PyroGuide\ 1'}~1%
\footnote{This file recently
disappeared from the server. If you have a copy, please send it to
\verb"swa@isi.edu".}
{\rm \par Andrew File System names are the same irrespective of what host
one is using them from. Therefore, the \meta{host-name} token in the
access method is irrelevant and is ignored by the client.}
ATTRIBUTE FIELD ACCESS-METHOD AFS DUMMY DUMMY
ASCII~\mbox{/grand.central.org/doc/afs/dce/usenix90/README}
{\rm \par This file can be retrieved by NFS mounting the {\tt /auto/gum/gum}
filesystem on the host PROSPERO.ISI.EDU. Note that the server is
responsible for knowing which client machines it will allow to NFS
mount that filesystem.}
ATTRIBUTE FIELD ACCESS-METHOD NFS INTERNET-D~PROSPERO.ISI.EDU
ASCII~\mbox{ftp/pub/prospero/README-prospero-documents}
\mbox{/auto/gum/gum}
{\rm \par \meta{hsoname} tokens in the \lit{FTP} access method are full
local hostname paths that one would give when using full FTP to the host.}
ATTRIBUTE FIELD ACCESS-METHOD FTP INTERNET-D~PROSPERO.ISI.EDU
ASCII~\mbox{/ftp/pub/prospero/README-prospero-documents} TEXT
{\rm \par \meta{hsoname} tokens in the \lit{AFTP} access method are
pathnames relative to the root of the anonymous FTP area.}
ATTRIBUTE FIELD ACCESS-METHOD AFTP INTERNET-D~PROSPERO.ISI.EDU
ASCII~\mbox{/pub/prospero/README-prospero-documents} TEXT
{\rm If one is querying from a host which has a file accessible via
the local filesystem, and if the server has knowledge of this fact, a
\lit{LOCAL} access method will also be returned for a file. For the
\lit{LOCAL} access method, the \meta{host-name} token in the access
method is ignored.}
ATTRIBUTE FIELD ACCESS-METHOD LOCAL '' ''
ASCII~\mbox{/auto/gum/gum/ftp/pub/prospero/README-prospero-documents}
\end{command}
\item[\atr{closure}] The \meta{attribute-type} of thie attribute is
\lit{LINK}. It is a link to the virtual system to be
used when resolving names embedded in the object. The link's
\meta{name-component} will be ignored, but by convention it is the
ugly-name of the virtual system.
\item[\atr{owning-virtual-system}] The \meta{attribute-type} of this
attribute is \lit{LINK}. It is a link to the description of the
virtual system which is considered to own the object. (Every virtual
system, by convention, has a link to its description named
\lit{/VS-DESCRIPTION}. For directories, if you are logged into
the directory's \atr{owning-virtual-system}, then if you try to change
the directory, your client will assume that you really want to try to
change the directory. If you are logged into a different virtual
system from the directory's \atr{owning-virtual-system}, then if you
try to change the directory, your client will assume that you really
want to customize your own virtual system, but not affect the master
directory. Your intentions are completely distinct from whether you
actually have write permission on the directory. If you try to change
a directory that you can't write to (if its \atr{owning-virtual-system} is
the same as the virtual system you're logged into, but you don't have
permission to write to it), then the current clients will all give you
a ``permission denied'' error message, and the nice ones will suggest
that you might want to change virtual systems and customize instead.
The link's \meta{name-component} will be ignored, but by convention it is the
ugly-name of the virtual system.
\item[\atr{version-number}] The \meta{attribute-type} of this
attribute is \lit{SEQUENCE}. It is represented in the protocol as a
decimal number. It is currently always zero; see section~\ref{object
version numbers} for further details.
\item[\atr{owner}] The principal responsible for the object. The
\meta{attribute-type} of this attribute is \lit{SEQUENCE}. It is a tuple
of three or more elements. The first element is an ACL
\meta{entry-type} and the second element is an ACL
\meta{authentication-type}. The third and subsequent elements are
\meta{principal-name}s. The first two elements are needed because
they indicate the namespace in which the \meta{principal-name}s are to
be resolved. There may be multiple instances of the \atr{owner}
field, if the owner wants to be registered according to several
authentication systems. For instance, one of the authors of this
document uses an \atr{owner} field that looks like this:
\begin{command}
\lit{ATTRIBUTE FIELD OWNER ASRTHOST '' swa@128.9.*.*} \\
\lit{ATTRIBUTE FIELD OWNER AUTHENT KERBEROS swa@ISI.EDU swa/padmin@ISI.EDU} \\
\end{command}
Although the \atr{owner} field may be referred to with the \lit{OWNER}
ACL type, we don't really encourage people to use it as a shorthand
for granting access rights. Its primary purpose is informational.
\item[\atr{forwarding-pointer}] This attribute has type \lit{LINK}.
The link's \meta{target} is \lit{FP}. It is set for objects that
have migrated to another host. The target of its value is the new
location of the object. If an object has moved to a new host,
its \atr{forwarding-pointer} will be returned in a \lit{FORWARD}
protocol message in response to any attempts to access it.
\item[Last writer, write date, etc.]
\item[Version info] (optional). Number of versions to keep,
version number, etc.
\item[Attributes or keywords] (optional). User specified.
\item[Short description] (optional).
\item[Locks] (optional).
\item[List of replicas] (optional).
\item[Replication type] (optional).
\item[Other replication information] (optional).
\item[Time to live]. The lifetime for newly created or refreshed
links to the object.
\item[\atr{ttl-expires}] This is the \atr{ttl} plus the
time that a link to the object was last created or refreshed.
\item[Back links]. A possibly incomplete list of directories
with links to the object.
\end{description}
Note that the object's name is not one of its attributes. The
object's name is the concatenation of the name components starting from the
active virtual system. An object may have different names in
different virtual systems, or even multiple names within a single
virtual system\footnote{Despite this, well known names from agreed
upon starting points might be entered as application-defined attributes for
objects.}.
\subsection{Objects stored on \unix}
Objects stored on \unix\ servers have the following attributes defined
for them. These are all \lit{INTRINSIC}:
\begin{description}
\item[\atr{size}] A single-element \lit{SEQUENCE} specifying the
number of bytes used to store the object. Its format is
``\meta{number} \lit{bytes}''. Note the embedded space.
\item[\atr{native-owner}] A single-element \lit{SEQUENCE}. The
\unix\ username on the server of the user who owns this file.
\item[\atr{native-owner}] A single-element \lit{SEQUENCE}. The
\unix\ group name on the server of the group associated with this
file.
\item[\atr{last-modified}] A single-element \lit{SEQUENCE}. The
ASN-TIME representation of the last modified time of this object.
\item[\atr{unix-modes}] A single element \lit{SEQUENCE} consisting of
a ten character string. The first character is ``\lit{l}'' for
symbolic links, and ``\lit{-}'' otherwise. The remaining 9 characters
are the user, group, and other protection bits in the standard format
returned by ``\lit{ls -l}''.
\end{description}
\subsection{Persistence}
An object continues to exist until the last non-expired link
referencing the object is removed. If a user wishes to recover the
storage space for an object, it is flagged for removal. When links to
the object are refreshed, notification is sent that the object is
about to disappear, and anyone wanting to maintain their reference
must copy the object elsewhere. Subsequent users have the option of
making their own copy, or updating their link to refer to one of the
new copies.
\subsection{Mobility}
Objects may move from one site to another. If they do, a forwarding
pointer must remain at the old location until the time-to-live
expires. This enables anyone with a non-expired link to the object to
refresh the link and record the object's new location.\footnote{To
place a forwarding pointer, set the old object's
\atr{FORWARDING-POINTER} atribute. It must be manually moved to the
new server at this time.}
\section{Directories}
A directory is an object and as such, everything that applies to
objects also applies to directories. The physical representation of
a directory is interpreted by the Prospero server on the system
storing the directory. The Prospero protocol defines the interface
through which a directory is accessed.
\subsection{Directory Attributes}
The following attributes are defined for directories:
\begin{description}
\item[\atr{directory-ordering} (not yet implemented)] This attribute
is a 3-tuple. The
default value is
\begin{command}
\lit{SORTED NAME-COMPONENT INCREASING}
\end{command}
which means that, by default, directory entries are sorted in increasing
order according to the value of their \atr{name-component}
attribute.
The first element of the tuple is \lit{SORTED} or \lit{UNSORTED}. If
\lit{UNSORTED}, the next two elements must be null. If \lit{SORTED},
the second field specifies an attribute which is the sort key. The
third element is either \lit{INCREASING} or \lit{DECREASING}, meaning
the order of sorting.%
\footnote{In the current implmentation, the only sort keys
that may be specified must have an \meta{attribute-type} of
\lit{ASCII}.}
If the \atr{include-native} attribute is set to any value other than
\lit{NONATIVE}, then the \atr{directory-ordering} cannot be
\lit{UNSORTED}.
\item[\atr{include-native} (not yet implemented)] Whether to include
information from the native filesystem in the directory. If files are
included, they will be included from the real directory on the server
with the same \meta{hsoname} as the Prospero directory. Its
\meta{attribute-type} is a single-element \lit{SEQUENCE}.
Values are:
\begin{description}
\item[\lit{NONATIVE}] Do not include files from native directory.
\item[\lit{INCLNATIVE}] Include all files from native directory.
\item[\lit{INCLREAL}] Smae as above, but (for the \unix\ server) do not
include ``\lit{.}'' and ``\lit{..}''.
\item[\lit{NATIVEONLY}] All entries in directory are from native dir;
no links have been added. For the \unix\ server, ``\lit{.}'' and
``\lit{..}'' are NOT included.
\item[\lit{PSEUDO}] Directory is not real. This is set for all
directories returned from filters and by Archie and Gopher.
\end{description}
\end{description}
\subsection{Link Attributes\label{target-attribute}}
Prospero directories contain links to the objects that are included in
the directory. The following information is maintained for each link.
\begin{description}
\item[\atr{name-component}] This is the single component of the
object's path relative to the current directory. Its
\meta{attribute-type} is \lit{SEQUENCE}.
\item[Short description of link] (Optional).
\item[\atr{link-type}]. The type of a link can be either
normal [L] or union [U]. In the case of a normal link, an entry for
the link is visible when the directory is listed. In the case of a
union link, which can only be made to another directory, the links
from the target directory appear as part of the directory from which
the union link originates when the originating directory is listed.
If multiple objects have the same name, the order in which the union
links appear determines which object is visible.
Two types of links which may appear locally (either in the server, or
on the client) are [-] deleted, and [N] native. It is not legal for
these codes to be sent across the network. Type [N] links are
converted to [L] and type [-] are skipped entirely.
\item[\atr{target}] Target of link: For links in a directory that
don't point to objects, could be \lit{SYMBOLIC} or \lit{EXTERNAL}. For a
forwarding pointer it is \lit{FP}. Links to objects will have a target
field indicating the cached value of the object's \atr{BASE-TYPE}
attribute. When stored on a vlink structure, it may have exactly one
of the following forms: \lit{OBJECT}, \lit{FILE}, \lit{DIRECTORY},
\lit{DIRECTORY+FILE}. There is no guarantee that the type of the target
has not changed. Thus, this field is the cached value of the object's
base type. For union links, this field is always \lit{DIRECTORY} or
\lit{DIRECTORY+FILE}. See section~\ref{target-token} for a further
discussion of this.
\item[Hidden/Not-Hidden/Externally-Hidden\footnote{Not yet implemented}]
By default, a hidden
link is not displayed when a directory is listed. It is, however,
returned by the directory server, and is traversed if the actual name
is specified in a pathname. An Externally-Hidden link is a hidden
link that will be displayed if the current virtual system is the same
as the owning virtual system for the directory containing the link.
The user may override the hidden option, causing hidden links to be
listed. Note that it is also possible to hide a link by
specifying its protection as non-listable. Such links will {\bf only}
be returned by the directory server when the actual name of the link
has been specified.
\item[\atr{filter}] Multiple filters
allowed. The filter attribute is a pointer to a program that can be
used to filter the contents of directories to which links are made.
{\it data} is the set of optional arguments passed to the filter
program. In addition to the linked directory and arguments, the
filter has access to all other information available from the current
directory.
Filters come in several types. By default, a filter is a directory
filter, and is applied when searching directories. A hierarchy filter
is similar to a directory filter. The difference is that a directory
filter is applied to a single directory, while a hierarchy filter is
applied to the entire hierarchy (including subdirectories) reached
through a link. Directory and hierarchy filters come in two types.
The default is post-expansion. The filter is applied after all union
links have been expanded. A pre-expansion filter is applied before
union links are expanded. An object filter is applied when accessing
an object other than a directory, and might be used, for example, to
cause some operation to be performed on the object before it is
accessed. Note, however, that all types of filters are associated
with links.
Filters are applied to a directory in the order of pre-or post
expansion, decreasing depth of the links to which they are attached
(for hierarchy filters), and finally in the order that the filters are
specified on the traversed links.
\item {\bf Attributes} (optional). Application attributes to be
associated with the link. This allows a user or application to add
(or override) attributes to the linked object (which might be owned by
someone else, and thus not modifiable).
\item[\atr{host}] The name of the host on which the
object can be found.
\item[\atr{host-type}] The type of
the hostname. In particular, whether the hostname is an Internet
address, a domain style name, or a name in some other naming system.
Note that a symbolic link is a link where the destination host is a
virtual system, and the destination object name is a name relative to
that virtual system.
\item[\atr{hsoname}] Host-specific object name. The name of the object
relative to the destination system.
\item[\atr{hsoname-type}] The
type of \atr{hsoname}. Different types of names include numerical file IDs,
names relative to the root of the local file system, etc. Right now,
only pathnames are implemented, and their type is \lit{ASCII}.
\item[\atr{object-version}] By specifying a version number
in a directory link, the link is made to a specific version of the
object, and changes to the object will not be visible through the
link.
\item {\bf Access control info} (optional). Allows restrictions on who can
read or modify individual directory entries. These are really
attributes, though they are in fact retrieved and modified with LIST-ACL and
EDIT-ACL, and do not appear on the normal attribute listings.
\item[\atr{dest-exp}] {\bf Destination expiration date and time}. Its
implied type is a single-element {\tt SEQUENCE}, in ASN-TIME format.\footnote{
Implementers should use the {\tt asntotime()} function in the
{\tt pfs} library in order to convert an ASN-TIME string into a
\unix\ timestamp, and the {\tt timetoasn()} function to perform the
reverse conversion. Applications writers are encouraged to use
ASN-TIME format to represent all timestamps sent across the network.
}
This entry indicates how long
the information in the link should be considered valid. When an
object is accessed through a link, the destination expiration date
should be set to the current time plus the destination time-to-live.
Note that expired directory entries do not disappear. Typically they
remain valid. The expiration means that there is no longer a
guarantee that the object originally referenced can still be found.
\item {\bf ID}. When a new object is created, a unique
object identifier may be assigned. This identifier can be included in
links, and used to further verify that the named object is the one
that is actually desired. It allows one to reference objects after
their expiration dates with the guarantee that if these identifiers
match, it is the same object. In the prototype, the object identifier
is a random number of type REMOTE. Other types of object identifiers
will be defined after more work is done by an IETF working group.
\item {\bf Valid-till} (optional). If a link is a cached value, then
this field indicates how long the entry should be considered valid.
For example, a symbolic link may have a corresponding cached hard
link. Until its expiration a cache entry may be used instead of
searching based on the symbolic link. If this field is 0, then the
link is not a cached entry.
\item {\bf Last-update} (optional). This is the time the link was
last updated. Its expected use is for resolving conflicting updates
in replicated directories.
\end{description}
\subsection{Replication}
When support for replication is added to Prospero, a directory might
include multiple links with the same name for the same object. Not all
replicas need be listed, however, because each replica will maintain
its own list of siblings. Multiple entries are important to increase
reliability and availability.
\chapter{Asynchronous Reliable Delivery Protocol\label{ardp}}
This appendix describes the asynchronous reliable delivery protocol
(ARDP) used by Prospero. As used by Prospero, this protocol is
layered on top of the Internet User Datagram Protocol.
% \cite{udp}.
Prospero implements its own ARDP because at the time of initial
development we were unable to find any that were suitable for general
use. Most systems that use any sort of reliably delivered message
protocol implement their own around the specific needs of their
application. Like these other systems, early versions of the Prospero
protocol defined the mechanisms needed for retries and packet
sequencing. As these mechanisms were refined, the functionality was
moved to a separate protocol layer (and is implemented as a separate
library) to improve modularity, and in hope that this general and
simple ARDP can be used for other purposes.
The ARDP protocol is designed for a request/response style of
interaction, where a client sends a request message to a server in one
fell swoop and receives a reply message from the server. The server
can send the packets composing the reply message slowly, as data
becomes available, while it is still processing the rest of a reply.
In the current implementation, each request message sent by a machine
from a particular port has its own connection id.
ARDP was designed so that in the common case, the additional overhead
of guaranteeing reliability is as small as possible. Unless special
processing is required, the header is kept small, and unless a packet
is lost, no additional packets are sent. If a field is not specified,
the default value is used in its place. All fields up to and
including the last field specified must be filled in, but the header
may be truncated at any point, after which all remaining fields take
on their default values. The ARDP header contains the following
fields:
\begin{description}
\item[Octet 0] Version and header length: High order two bits are ARDP
version number mod 4 (this is version 0). Low order six bits are the
header length including octet 0.\footnote{The length of the total
packet, including data, is available via the UDP layer, as are the
port and IP address of the sending host.}
\item[Octets 1--2] Connection ID: Defaults to zero. It must be
specified in the response to any request that specified a non-zero
connection ID.
\item[Octets 3--4] Packet number: Defaults to 1 if not specified. A specified
value of 0 indicates an unsequenced control packet which should not
be passed to the application. Note that unsequenced control packets
cannot request acknowledgements, nor is there any way for the sender
of such a packet to be sure that they have arrived.
\item[Octets 5--6] Total number of packets in this message: Defaults
to 0 if not known, or retains current value if it was provided in any
earlier messages. If the packet number was also not specified, then
it defaults to 1. A specified value of 0 means use the default.
\item[Octets 7--8] Received through: Sequence number through which
all packets have been received by the sender of this packet. Defaults
to current value if specified in previous message. Defaults to 0
otherwise. The recipient's count of packets received through is
normally monotonically increasing; this keeps the count from being set
backwards in case an out-of-order packet is received. However, if the
``reset received through'' option (option 2) is specified in octet 12, then it
means reset to 0 (i.e. it forgot or lost the earlier messages). More
generally, specifying any explicit value for this field along with the
``reset received through'' option resets the peer's count, possibly
backwards. The recipient should not set its internal value of this
field backwards unless the ``reset received through'' option is set.
\item[Octets 9--10] Wait (expected time till response): Defaults to
current value. Specified value of 0 means revert to client-specified
backoff algorithm. Specifying a non-zero value lets the
client know that a request might not be processed for some time and
that the client should not retry the request until the specified time.
The client may retry sooner if it believes
messages are available which have been missed (e.g., gaps in the list
of received packets). This is an unsigned
quantity, measured in seconds, in network octet order (i.e., octet 9 is
more significant than octet 10). A specified value of 65,535
(\(\mbox{FFFF}_{16}\);
all bits turned on) means greater than or equal to 65,535 seconds
until the next packet. (We do not expect that this value will ever be
used, but it is defined for the sake of completeness.)
\item[Octet 11] Flags: Octet 11 is a bit vector specifying option flags.
The flags may themselves require additional
fields specific to the flag. These fields appear at the end of the
header in the order they are needed when reading flags from the low
order bit to the high order bit, followed by any extra fields needed
by the flag specified by the 12th octet.
%%
%% It does not appear to be possible to start a \lit{MINIPAGE} inside
%% a \lit{TABULAR} environment. LaTeX is really awful about not permitting
%% recursive application of its constructs. I wish there were
%% something better out there. --swa
%%
%% & \begin{minipage}
\end{description}
%\begin{table}[h]
\begin{center}
\begin{tabular}{|l|p{3.5in}|p{2.0in}|}
\multicolumn{3}{c}{Value of flags for octet 11} \\ \hline
Bit No. & Meaning & Additional Fields \\ \hline
0 (low order) & Additional Address Information Follows &
Variable length (see below)\\ \hline
1 & Priority Follows & 2 octets (see below)\\ \hline
2 & A Protocol ID for a higher-level protocol follows &
2 octets (see below) \\ \hline
3--5 & Unused & \\ \hline
6 & This packet is a sequenced control packet only; it should
not be returned to the application by the ARDP library. & None \\ \hline
7 (high order) & Please Acknowledge this Packet & None \\ \hline
\end{tabular}
\end{center}
%\end{table}
\begin{description}
\item[Octet 12] More Options: Octet 12 specifies exactly one (1)
of up to 256 other options. The options may themselves require additional
fields specific to the options. (See discussion at Octet 11).
\end{description}
%\begin{table}[h]
\begin{center}
\begin{tabular}{|l|p{3.0in}|p{3.0in}|}
\multicolumn{3}{c}{Value of options for octet 12} \\ \hline
Value & Meaning & Additional Fields \\ \hline
0 & No Option Specified & None \\ \hline
1 & Client to server: Cancel Request. Server to client:
Connection refused. & None \\ \hline
2 & Reset peer's received-through count.
& Specified in octets 7--8 \\ \hline
3 & Packets received beyond received-through
& The rest of the
header after additional data for octet 11 flags is an arbitrary
number of octets. These are bit-vectors specifying which packets
beyond the received-through specified in this packet have been
received by the sender of this packet. For example, if the
received-through is set to 43, then we know that packet 44 has not
been received. The low order bit of the first octet of the additional
field will be turned on if packet 45 has been received, and off if it
has not. The high-order bit will be turned on if packet 52 has been
received, and off if it has not. Similarly, the low-order bit of the
second octet of additional information will be turned on if packet 53
h as been received, and so on. The recipient of this information may
choose to ignore it and use a simpler resend strategy. Similarly,
this information is never required to be sent. \\ \hline
4 & Redirect (used by servers): The client should send any
unacknowledged packets
already sent and all subsequent packets in this message to a new
addresss. This is designed to be used as a load-shedding device. In
one common case, this will be the entire response a server gives to a request,
and the client will resend the entire request to a new server; in
the other common case, this will be used in conjunction with option 6
or 7.
& 6 octets. The first 4 octets are the IP address of the new server,
in network byte order. The next 2 octets are the UDP port to which
the request should be sent, also in network byte order. \\ \hline
5 & Redirect and notify (used by servers). Like option 4, but
the client's network layer should also notify its caller that all
subsequent requests intended for the old server should be sent to the
new server instead. & Same as option 4. \\ \hline
6 & Forwarded: This request was received from a
client, and the sender is a server forwarding it to the recipient for
processing. The recipient should pretend that it received this
message from the sender indicated by the additional fields, not from
the real sender of this message. (If implemented, this request should be accepted only
from one of a group of trusted hosts.) This option is intended to be
used by a central server which distributes requests to several subsidiary
servers which do the actual work of processing the request, but which
use the central server as a contact point. Presumably, it is cheaper
for the central server to forward the request to the subsidiary
servers over a local area network rather than for the client (who may
be quite far away) to retransmit it. The central server has done
the job of notifying the original client (through option 4 or 5) that
further requests and retransmissions should go to the new server.
& 6 octets: The IP address and port of the original sender of
this message, as in number 4. \\ \hline
\end{tabular}
\begin{tabular}{|l|p{3.0in}|p{3.0in}|}
\multicolumn{3}{c}{Value of options for octet 12} \\ \hline
7 & Forwarded; Please notify: Like option 6, but the receiving
server should notify the client of the switch (through option 4 or 5).%
\footnotemark
& 6 octets: The IP address and port of the original sender of
this message, as in number 4. \\ \hline
8-252 & Undefined & Undefined \\ \hline
253 & Request Queue Status & 1 octet. If bit 0 (low order) is
set, the position in the queue is requested. If bit 1 is set, the
estimated time until this request will be completed is requested. The
recipient may ignore this option. \\ \hline
254 & Response to 253. & 1 octet of flags, followed by 1 or 2 additional
fields. If bit 0 (low order) of the flags is set, the position in the
queue is returned as a 2 octet network byte order representation of an
unsigned quantity. A value of \hexnum{FFFF} (all bits turned on) means
a queue position of \hexnum{FFFF} or further. (We do not expect this
value to ever be used, but it is included for the sake of
completeness.) If bit 1 of the flags is set, the estimated
time until this request will be completed is returned as a 4-octet
network byte order unsigned value, representing a time in seconds. A
value of \hexnum{FFFFFFFF} (all bits turned on) means a time of
\hexnum{FFFFFFFF} seconds or more. (We do not expect this to ever be
used). \\ \hline
255 & Reserved for future expansion & Undefined \\ \hline
\end{tabular}
\end{center}
\footnotetext{You might think that the recipient needs to worry
about the IP address of the FORWARD message it sends to the original
client being different from that of the original server (the sender of
this message). However, this is not the case. The existence of
multi-homed hosts means that the sender of a message cannot assume
that the IP address of a reply (as recorded in the UDP packet
encapsulating the response it receives) is the same as the address the
packet was sent to. The sender must use the connection ID to match up
sent messages and received replies.}
%\end{table}
\begin{description}
\item[Octets 13 and above] Fields specific to particular flags and options.
First, additional data fields specific to the flags in octet 11
should be specified.
\item[Next Octets] Additional Address Information (if Additional
Address Information flag specified): The first octet specifies the
type of additional address information. The next octet specifies the
length of the address information, from 0 to 255 octets.\footnote{The
entire 255 octets are not available for address information, since they
are part of the header, and the maximum header length header is
limited to 64 octets.}
Its length
does not include the two octets that specify type and length. The following
octets contain the address information itself, and its format is
dependent upon the type of address information.
\item[Next 2 octets] Priority (if Priority flag specified):
These octets are a signed integer representing the priority of the
request. Not all implementations understand this message, and many
that do will not honor requests for expedited handling. Negative
numbers indicate expedited handling while higher numbers indicate
greater delays. A priority of 0 is normal.
\item[Next 2 octets] Protocol ID (if Protocol ID flag specified):
These octets identify the interpretation of the data carried in the
packet. The default, or an explicitly specified value of 0, mean
that it is not specified, but has been agreed upon externally (i.e.
the applications will know).
\item[Next octets] Any data specific to the option set by octet 12
should be specified. This is the data specified in the ``additional
fields'' column of the table ``Value of flags for octet 12.''
\end{description}
\chapter{Prospero Conventions\label{conventions}}
\section{\protect\meta{hsoname}s}
There are some special \meta{hsoname}s that the current Prospero
server may recognize, if it has been configured appropriately. If an
\meta{hsoname} begins with the string \lit{AFTP/}, it is interpreted
as a path relative to the anonymous FTP directory on that server. If
an \meta{hsoname} begins with the string
\lit{GOPHER}\zoos\lit{(}\meta{gopher-port-number}\lit{)}\zooe, it is
interpreted to refer to GOPHER data files on that host . If an
\meta{hsoname} begins with the string \lit{GOPHER-GW}, it refers
to GOPHER data files on another host. If an \meta{hsoname}
begins with the string \lit{ARCHIE/}, it represents an Archie database
query.
\chapter{Prospero Protocol Changes from Version 1 to Version 5}
Versions 2, 3, and 4 of the Prospero protocol were not used. The
protocol number jumped from version 1 to version 5 to keep the
software number and version number consistent; the first version of
the server to implement version 5 protocol had a software version
number of 5.
For now, all Prospero servers continue to accept Version 1 of the
protocol.
Not all of the protocol changes are listed here.
In version 1, the \lit{EDIT-LINK-INFO} command was called \lit{MODIFY-LINK}.
The syntax of the arguments has also been changed.
The method of specifying attributes to \lit{LIST} has changed. The
lines returned from \lit{LIST} are also in a new format.
The quoting mechanism has been formalized, and extended to apply to
multiple-component directory names. Therefore, the \lit{ONECOMP}
option to \lit{LIST} is now officially dead (it was never implemented
in any server anyway). Note that no Version 1 server ever implemented
quoting properly anyway. Therefore, if a client speaks Version 1
Protocol, it will not be able to access filenames with spaces in them.
The \meta{magic-no} field has been replaced with zero or more
occurrences of the sequence \lit{ID} \meta{id-type} \meta{id-value}.
\lit{GET-OBJECT-INFO} used to have the reserved keyword \lit{ID}, but
this has been flushed.
The syntax of the arguments of
\lit{EDIT-OBJECT-INFO} has been changed, in order to avoid a syntactic
amgiguity.
Many changes have occurred to the arguments of commands.
Filter syntax has changed drastically.
Separate principals are now sent as separate protocol tokens in ACL
and attribute definitions.
The \atr{target} field used to have a possible value of
\lit{SYM-LINK}. This has been changed to \lit{SYMBOLIC}. The
\atr{base-type} field has been introduced.
The syntax of a \meta{target} of \lit{EXTERNAL} has changed
radically. EXTERNAL links now look a lot more like conventional links.
The meaning of the \atr{access-method} attribute has changed radically;
it's now a lot more flexible.
Support for Kerberos has been specified.
\end{document}
Reference in New Issue View Git Blame Copy Permalink