1
# Copyright (C) 2006 Canonical Ltd
3
# This program is free software; you can redistribute it and/or modify
4
# it under the terms of the GNU General Public License as published by
5
# the Free Software Foundation; either version 2 of the License, or
6
# (at your option) any later version.
8
# This program is distributed in the hope that it will be useful,
9
# but WITHOUT ANY WARRANTY; without even the implied warranty of
10
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
11
# GNU General Public License for more details.
13
# You should have received a copy of the GNU General Public License
14
# along with this program; if not, write to the Free Software
15
# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
17
"""Smart-server protocol, client and server.
19
Requests are sent as a command and list of arguments, followed by optional
20
bulk body data. Responses are similarly a response and list of arguments,
21
followed by bulk body data. ::
24
Fields are separated by Ctrl-A.
25
BULK_DATA := CHUNK TRAILER
26
Chunks can be repeated as many times as necessary.
27
CHUNK := CHUNK_LEN CHUNK_BODY
28
CHUNK_LEN := DIGIT+ NEWLINE
29
Gives the number of bytes in the following chunk.
30
CHUNK_BODY := BYTE[chunk_len]
31
TRAILER := SUCCESS_TRAILER | ERROR_TRAILER
32
SUCCESS_TRAILER := 'done' NEWLINE
35
Paths are passed across the network. The client needs to see a namespace that
36
includes any repository that might need to be referenced, and the client needs
37
to know about a root directory beyond which it cannot ascend.
39
Servers run over ssh will typically want to be able to access any path the user
40
can access. Public servers on the other hand (which might be over http, ssh
41
or tcp) will typically want to restrict access to only a particular directory
42
and its children, so will want to do a software virtual root at that level.
43
In other words they'll want to rewrite incoming paths to be under that level
44
(and prevent escaping using ../ tricks.)
46
URLs that include ~ should probably be passed across to the server verbatim
47
and the server can expand them. This will proably not be meaningful when
48
limited to a directory?
50
At the bottom level socket, pipes, HTTP server. For sockets, we have the idea
51
that you have multiple requests and get a read error because the other side did
52
shutdown. For pipes we have read pipe which will have a zero read which marks
53
end-of-file. For HTTP server environment there is not end-of-stream because
54
each request coming into the server is independent.
56
So we need a wrapper around pipes and sockets to seperate out requests from
57
substrate and this will give us a single model which is consist for HTTP,
63
MEDIUM (factory for protocol, reads bytes & pushes to protocol,
64
uses protocol to detect end-of-request, sends written
65
bytes to client) e.g. socket, pipe, HTTP request handler.
70
PROTOCOL (serialization, deserialization) accepts bytes for one
71
request, decodes according to internal state, pushes
72
structured data to handler. accepts structured data from
73
handler and encodes and writes to the medium. factory for
79
HANDLER (domain logic) accepts structured data, operates state
80
machine until the request can be satisfied,
81
sends structured data to the protocol.
87
CLIENT domain logic, accepts domain requests, generated structured
88
data, reads structured data from responses and turns into
89
domain data. Sends structured data to the protocol.
90
Operates state machines until the request can be delivered
91
(e.g. reading from a bundle generated in bzrlib to deliver a
94
Possibly this should just be RemoteBzrDir, RemoteTransport,
100
PROTOCOL (serialization, deserialization) accepts structured data for one
101
request, encodes and writes to the medium. Reads bytes from the
102
medium, decodes and allows the client to read structured data.
107
MEDIUM (accepts bytes from the protocol & delivers to the remote server.
108
Allows the potocol to read bytes e.g. socket, pipe, HTTP request.
111
# TODO: _translate_error should be on the client, not the transport because
112
# error coding is wire protocol specific.
114
# TODO: A plain integer from query_version is too simple; should give some
117
# TODO: Server should probably catch exceptions within itself and send them
118
# back across the network. (But shouldn't catch KeyboardInterrupt etc)
119
# Also needs to somehow report protocol errors like bad requests. Need to
120
# consider how we'll handle error reporting, e.g. if we get halfway through a
121
# bulk transfer and then something goes wrong.
123
# TODO: Standard marker at start of request/response lines?
125
# TODO: Make each request and response self-validatable, e.g. with checksums.
127
# TODO: get/put objects could be changed to gradually read back the data as it
128
# comes across the network
130
# TODO: What should the server do if it hits an error and has to terminate?
132
# TODO: is it useful to allow multiple chunks in the bulk data?
134
# TODO: If we get an exception during transmission of bulk data we can't just
135
# emit the exception because it won't be seen.
136
# John proposes: I think it would be worthwhile to have a header on each
137
# chunk, that indicates it is another chunk. Then you can send an 'error'
138
# chunk as long as you finish the previous chunk.
140
# TODO: Clone method on Transport; should work up towards parent directory;
141
# unclear how this should be stored or communicated to the server... maybe
142
# just pass it on all relevant requests?
144
# TODO: Better name than clone() for changing between directories. How about
145
# open_dir or change_dir or chdir?
147
# TODO: Is it really good to have the notion of current directory within the
148
# connection? Perhaps all Transports should factor out a common connection
149
# from the thing that has the directory context?
151
# TODO: Pull more things common to sftp and ssh to a higher level.
153
# TODO: The server that manages a connection should be quite small and retain
154
# minimum state because each of the requests are supposed to be stateless.
155
# Then we can write another implementation that maps to http.
157
# TODO: What to do when a client connection is garbage collected? Maybe just
158
# abruptly drop the connection?
160
# TODO: Server in some cases will need to restrict access to files outside of
161
# a particular root directory. LocalTransport doesn't do anything to stop you
162
# ascending above the base directory, so we need to prevent paths
163
# containing '..' in either the server or transport layers. (Also need to
164
# consider what happens if someone creates a symlink pointing outside the
167
# TODO: Server should rebase absolute paths coming across the network to put
168
# them under the virtual root, if one is in use. LocalTransport currently
169
# doesn't do that; if you give it an absolute path it just uses it.
171
# XXX: Arguments can't contain newlines or ascii; possibly we should e.g.
172
# urlescape them instead. Indeed possibly this should just literally be
175
# FIXME: This transport, with several others, has imperfect handling of paths
176
# within urls. It'd probably be better for ".." from a root to raise an error
177
# rather than return the same directory as we do at present.
179
# TODO: Rather than working at the Transport layer we want a Branch,
180
# Repository or BzrDir objects that talk to a server.
182
# TODO: Probably want some way for server commands to gradually produce body
183
# data rather than passing it as a string; they could perhaps pass an
184
# iterator-like callback that will gradually yield data; it probably needs a
185
# close() method that will always be closed to do any necessary cleanup.
187
# TODO: Split the actual smart server from the ssh encoding of it.
189
# TODO: Perhaps support file-level readwrite operations over the transport
192
# TODO: SmartBzrDir class, proxying all Branch etc methods across to another
193
# branch doing file-level operations.
added
removed
bzrlib/smart/__init__.py
