xref: /netbsd-src/external/mpl/dhcp/dist/doc/api+protocol (revision 6fb29d29285c26a62fae51364e3aa9f51d403424)

This file documents the protocol that the ISC DHCP server and ISC
Object Management clients (clients that use the ISC Object Management
API) speak between one another.

Protocol:

All multi-byte numbers are represented in network byte order.

On startup, each side sends a status message indicating what version
of the protocol they are speaking.   The status message looks like
this:

+---------+---------+
| version | hlength |
+---------+---------+

version - a 32-bit fixed-point number with the decimal point between
	  the third and second decimal digits from the left,
	  representing the version of the protocol.   The current
	  protocol version is 1.00.   If the field were considered as
	  a 32-bit integer, this would correspond to a value of 100
	  decimal, or 0x64.

hlength - a 32-bit integer representing the length of the fixed-length
	  header in subsequent messages.   This is normally 56, but
	  can be changed to a value larger than 56 by either side
	  without upgrading the revision number.


The startup message is not authenticated.   Either side may reject the
other side's startup message as invalid by simply closing the
connection.   The only fixed part of the startup message is the
version number - future versions may delete hlength, or add further
startup information.

Following the startup message, all messages have the same format.
Currently, the format includes a fixed-length header (the length in
hlength, above)

+--------+----+--------+----+-----+---------+------------+------------+-----+
| authid | op | handle | id | rid | authlen | msg values | obj values | sig |
+--------+----+--------+----+-----+---------+------------+------------+-----+

The fixed-length header consists of:

authid = a 32-bit authenticator handle.
	For an original message (one not in response to some other
	message), this will be chosen by the originator.   For a
	message in response to another message, the authenticator for
	that message is used, except if the response is an error
	message indicating that the authenticator used was unknown,
	in which case the null authenticator is used.   Messages that
	are generated as the result of a notify registration use the
	authenticator used in the original notify registration.
	The authenticator itself is generated by having one side of
	the connection send an object of type "authenticator" to the
	other side with values that indicate what kind of
	authentication mechanism to use and what key to use.   The two
	most likely things here are a Kerberos V principal name or the
	name of a shared secret that can be used to calculate an MD5
	hash.   The mechanism for doing this has yet to be finalized.
	If authid is zero, the message is not authenticated.

op = 32-bit opcode, one of:
	open = 1
	refresh = 2
	update = 3
	notify = 4
	error = 5
	delete = 6
handle = 32-bit object handle
	A handle on the object being opened, created, refreshed or
	updated.   If no handle is yet available (e.g., with open and
	new), then the value zero is sent.
id = 32-bit transaction id of the message - a monotonically increasing
     number that starts with some randomly chosen number at the
     beginning of the life of the connection.   The value should never
     be zero.
rid = 32-bit transaction ID of the message to which this message is a
      response, or zero if this message is not in response to a
      message from the other side.

authlen = a 32-bit number representing the length of the authenticator

msg values = a series of name+value pairs, specific to this message.
	 Each name+value pair starts with a 16-bit name length,
	 followed by that many bytes of name, followed by a 32-bit
	 value length, followed by that many bytes of value.   If the
	 length is zero, this is a value of the blank string.   If the
	 length is all ones (2^32-1), then there is no value - for an
	 update, this means the value for this name and the name
	 itself should be deleted from the object, which may or may
	 not be possible.   The list of name/value pairs ends with a
	 zero-length name, which is not followed by a value
	 length/value pair.

obj values = a series of name+value pairs, as above, specific to the
	object being created, updated or refreshed.

signature = authlen bytes of data signing the message.   The signature
	    algorithm is a property of the authenticator handle.

Message types:

1: open
   relevant input values:
	object-type = the name of the type of object
	open:create = boolean - create the object if it doesn't yet exist
	open:exclusive = boolean - don't open the object if it does exist
	open:update = boolean - update the object with included values
		      if it matches.
	the handle should always be the null handle

   The input value must also contain key information for the type of
   object being searched that uniquely identifies an object, or search
   information that matches only one object.  Each object has a key
   specification (a key is something that uniquely identifies an
   object), so see the key specification for that object to see
   what to send here.   An open message with the create flag set must
   specify a key, and not merely matching criteria.   Some objects may
   allow more than one key, and it may be that the union of those keys
   is required to uniquely identify the object, or it may be that any
   one such key will uniquely identify the object.   The documentation
   for the type of object will specify this.

   An open message will result in an immediate response message whose
   opcode will either be "error" or "update".   The error message may
   include an error:reason value containing a text string explaining
   the error, and will always include an error:code value which will
   be the numeric error code for what went wrong.   Possible error
   codes are:

	not found - no such object exists
	already exists - object already exists, and exclusive flag was
			 set.
	not unique - more than one object matching the specification
		     exists.
	permission denied - the authenticator ID specified does not
			    have authorization to access this object,
			    or if the update flag was specified, to
			    update the object.

   If the response is an update message, the update message will
   include the object handle and all of the name/value pairs
   associated with that object.

2: refresh

   no input values except the handle need be specified.   The null
   handle may not be specified.   If the handle is valid, and the
   authenticator ID specified has permission to examine the object,
   then an update message will be sent for that object.   Otherwise,
   one of the following errors will be sent:

	invalid handle - the handle does not refer to a known object
	permisson denied - the handle refers to an object that the
			   requestor does not have permission to
			   examine.

3: update

   Requests that the contents of the specified object be updated with
   the values included.   Values that are not specified are not
   updated.   The response will be either an error message or an
   update-ok message.   If rid is nonzero, no response will be
   generated, even if there was an error.   Possible errors include:

	invalid handle - no such object was found
	permission denied - the handle refers to an object that the
			    requestor does not have permission to
			    modify.
	not confirmed - the update could not be committed due to some
			kind of resource problem, for example
			insufficient memory or a disk failure.

4: notify

   Requests that whenever the object with the specified handle is
   modified, an update be sent.   If there is something wrong with the
   request, an error message will be returned immediately.
   Otherwise, whenever a change is made to the object, an update
   message will be sent containing whatever changes were made (or
   possibly all the values associated with the object, depending on
   the implementation).   Possible errors:

	invalid handle
	permission denied - the handle refers to an object that the
			    requestor does not have permission to
			    examine.
	not supported - the object implementation does not support
			notifications

5: status

   Sends a status code in response to a message.  Always sent in
   response to a message sent by the other side.  There should never
   be a response to this message.

6: delete

   Deletes the specified object.   Response will be either request-ok,
   or error.   Possible errors include:

	invalid handle - no such object was found
	permission denied - the handle refers to an object that the
			    requestor does not have permission to
			    modify.
	not confirmed - the deletion could not be committed due to
			some kind of resource problem, for example
			insufficient memory or a disk failure.

7: notify-cancel

   Like notify, but requests that an existing notification be cancelled.

8: notify-cancelled

   Indicates that because of a local change, a notification that had
   been registered can no longer be performed.   This could be as a
   result of the permissions on a object changing, or an object being
   deleted.   There should never be a response to this message.

internals:

Both client and server use same protocol and infrastructure.   There
are many object types, each of which is stored in a registry.
Objects whose type is not recognized can either be handled by the
generic object type, which is registered with the type "*".   If no
generic object type is registered, then objects with unknown types are
simply not supported.   On the client, there are probably no special
object handlers (although this is by no means forbidden).   On the
server, probably everything is a special object.

Each object type has the following methods:




dhcpctl_status dhcpctl_connect (dhcpctl_handle *connection,
				char *server_name, int port,
				dhcpctl_handle *authinfo)
	synchronous
	returns nonzero status code if it didn't connect, zero otherwise
	stores connection handle through connection, which can be used
	for subsequent access to the specified server.
	server_name is the name of the server, and port is the TCP
	port on which it is listening.
	authinfo is the handle to an object containing authentication
	information.

dhcpctl_status dhcpctl_open_object (dhcpctl_handle h,
				    dhcpctl_handle connection,
				    int flags)
	asynchronous - just queues the request
	returns nonzero status code if open couldn't be queued
	returns zero if open was queued
	h is a handle to an object created by dhcpctl_new_object
	connection is a connection to a DHCP server
	flags include:
	   DHCPCTL_CREATE - if the object doesn't exist, create it
	   DHCPCTL_UPDATE - update the object on the server using the
			    attached parameters
	   DHCPCTL_EXCL - error if the object exists and DHCPCTL_CREATE
			  was also specified

dhcpctl_status dhcpctl_new_object (dhcpctl_handle *h,
				   dhcpctl_handle connection,
				   char *object_type)
	synchronous - creates a local handle for a host entry.
	returns nonzero status code if the local host entry couldn't
	be created
	stores handle to host through h if successful, and returns zero.
	object_type is a pointer to a NUL-terminated string containing
	the ascii name of the type of object being accessed - e.g., "host"

dhcpctl_status dhcpctl_set_callback (dhcpctl_handle h, void *data,
				     void (*callback) (dhcpctl_handle,
						       dhcpctl_status, void *))
	synchronous, with asynchronous aftereffect
	handle is some object upon which some kind of process has been
	started - e.g., an open, an update or a refresh.
	data is an anonymous pointer containing some information that
	the callback will use to figure out what event completed.
	return value of 0 means callback was successfully set, a nonzero
	status code is returned otherwise.
	Upon completion of whatever task is in process, the callback
	will be passed the handle to the object, a status code
	indicating what happened, and the anonymous pointer passed to

dhcpctl_status dhcpctl_wait_for_completion (dhcpctl_handle h,
					    dhcpctl_status *s)
	synchronous
	returns zero if the callback completes, a nonzero status if
	there was some problem relating to the wait operation.   The
	status of the queued request will be stored through s, and
	will also be either zero for success or nonzero for some kind
	of failure.    Never returns until completion or until the
	connection to the server is lost.   This performs the same
	function as dhcpctl_set_callback and the subsequent callback,
	for programs that want to do inline execution instead of using
	callbacks.

dhcpctl_status dhcpctl_get_value (data_string *result,
				  dhcpctl_handle h, char *value_name)
	synchronous
	returns zero if the call succeeded, a nonzero status code if
	it didn't.
	result is the address of an empty data string (initialized
	with bzero or cleared with data_string_forget).   On
	successful completion, the addressed data string will contain
	the value that was fetched.
	dhcpctl_handle refers to some dhcpctl item
	value_name refers to some value related to that item - e.g.,
	for a handle associated with a completed host lookup, value
	could be one of "hardware-address", "dhcp-client-identifier",
	"known" or "client-hostname".

dhcpctl_status dhcpctl_get_boolean (int *result,
				    dhcpctl_handle h, char *value_name)
	like dhcpctl_get_value, but more convenient for boolean
	values, since no data_string needs to be dealt with.

dhcpctl_status dhcpctl_set_value (dhcpctl_handle h, data_string value,
				  char *value_name)
	Sets a value on an object referred to by a dhcpctl_handle.
	The opposite of dhcpctl_get_value.   Does not update the
	server - just sets the value on the handle.

dhcpctl_status dhcpctl_set_string_value (dhcpctl_handle h, char *value,
					 char *value_name)
	Sets a NUL-terminated ASCII value on an object referred to by
	a dhcpctl_handle.   like dhcpctl_set_value, but saves the
	trouble of creating a data_string for a NUL-terminated string.
	Does not update the server - just sets the value on the handle.

dhcpctl_status dhcpctl_set_boolean (dhcpctl_handle h, int value,
				    char *value_name)
	Sets a boolean value on an object - like dhcpctl_set_value,
	only more convenient for booleans.

dhcpctl_status dhcpctl_object_update (dhcpctl_handle h)
	Queues an update on the object referenced by the handle (there
	can't be any other work in progress on the handle).   An
	update means local parameters will be sent to the server.

dhcpctl_status dhcpctl_object_refresh (dhcpctl_handle h)
	Queues an update on the object referenced by the handle (there
	can't be any other work in progress on the handle).   An
	update means local parameters will be sent to the server.

dhcpctl_status dhcpctl_object_delete (dhcpctl_handle h)
	Queues a delete of the object referenced by the handle (there
	can't be any other work in progress on the handle).   A
	delete means that the object will be permanently deleted on
	the remote end, assuming the remote end supports object
	persistence.

So a sample program that would update a host declaration would look
something like this:

	/* Create a local object into which to store authentication
	   information. */
	if ((status = dhcpctl_new_object (&auth, dhcpctl_null_handle,
					  "authentication-information")))
		dhcpctl_error ("Can't create authentication information: %m");

	/* Set up the authenticator with an algorithm type, user name and
	   password. */
	if ((status = dhcpctl_set_string_value (&auth, "mellon", "username")))
		dhcpctl_error ("Can't set username: %m", status);
	if ((status = dhcpctl_set_string_value (&auth, "three blind mice",
						"password")))
		dhcpctl_error ("Can't set password: %m", status);
	if ((status = dhcpctl_set_string_value (&auth, "md5-hash",
						"algorithm")))
		dhcpctl_error ("Can't set authentication algorithm: %m.",
			       status);

	/* Connect to the server. */
	if ((status = dhcpctl_connect (&c, "dhcp.server.com", 612, &auth)))

		dhcpctl_error ("Can't connect to dhcp.server.com: %m",
			       status);

	/* Create a host object. */
	if ((status = dhcpctl_new_object (&hp, c, "host")))
		dhcpctl_error ("Host create failed: %m", status);

	/* Create a data_string to contain the host's client
	   identifier, and set it. */
	if ((status =
	     data_string_create_from_hex (&client_id,
					  "1:08:00:2b:34:1a:c3")))
		dhcpctl_error ("Can't create client identifier: %m");
	if ((status = dhcpctl_set_value (hp, client_id,
					 "dhcp-client-identifier")))
		dhcpctl_error ("Host client identifier set failed.");
	/* Set the known flag to 1. */
	if ((status = dhcpctl_set_boolean (hp, 1, "known")))
		dhcpctl_error ("Host known set failed.");

	/* Open an existing host object that matches the client identifier,
	   and update it from the local context, or if no host entry
	   yet exists matching the identifier, create one and
	   initialize it. */
	if ((status = dhcpctl_open_object (&hp, c,
					   DHCPCTL_CREATE | DHCPCTL_UPDATE)))
		dhcpctl_error ("Can't open host: %m", status);

	/* Wait for the process to complete, check status. */
	if ((status = dhcpctl_wait_for_completion (hp, &wait_status)))
		dhcpctl_error ("Host create/lookup wait failed: %m", status);
	if (waitstatus)
		dhcpctl_error ("Host create/lookup failed: %m", status);

The API is a bit complicated, for a couple of reasons.   I want to
make it general, so that there aren't a bazillion functions to call,
one for each data type.   I want it to be thread-safe, which is why
each function returns a status and the error printer requires a status
code for input.   I want it to be possible to make it asynchronous, so
that it can work in tandem with, for example, an X toolkit.   If
you're just writing a simple update cgi program, you probably won't
want to bother to use the asynchronous callbacks, and indeed the above
example doesn't.

I glossed over data strings above - basically, they're objects with a
pointer to a reference-counted buffer structure, an offset into that
buffer, and a length.   These are used within the DHCP server, so you
can get an idea of how they work - basically, they're a convenient and
efficient way to store a string with a length such that substrings can
easily be taken and such that more than one user at a time can have a
pointer to the string.

I will also probably add locking primitives, so that you can get the
value of something and be sure that some other updator process won't
modify it while you have the lock.