1This is cvsclient.info, produced by makeinfo version 4.0 from
2cvsclient.texi.
3
4INFO-DIR-SECTION Programming
5START-INFO-DIR-ENTRY
6* cvsclient: (cvsclient). The CVS client/server protocol.
7END-INFO-DIR-ENTRY
8
9�
10File: cvsclient.info, Node: Top, Next: Introduction, Up: (dir)
11
12CVS Client/Server
13*****************
14
15 This document describes the client/server protocol used by CVS. It
16does not describe how to use or administer client/server CVS; see the
17regular CVS manual for that. This is version 1.11.1p1 of the protocol
18specification--*Note Introduction::, for more on what this version
19number means.
20
21* Menu:
22
23* Introduction:: What is CVS and what is the client/server protocol for?
24* Goals:: Basic design decisions, requirements, scope, etc.
25* Connection and Authentication:: Various ways to connect to the server
26* Password scrambling:: Scrambling used by pserver
27* Protocol:: Complete description of the protocol
28* Protocol Notes:: Possible enhancements, limitations, etc. of the protocol
29
30�
31File: cvsclient.info, Node: Introduction, Next: Goals, Prev: Top, Up: Top
32
33Introduction
34************
35
36 CVS is a version control system (with some additional configuration
37management functionality). It maintains a central "repository" which
38stores files (often source code), including past versions, information
39about who modified them and when, and so on. People who wish to look
40at or modify those files, known as "developers", use CVS to "check out"
41a "working directory" from the repository, to "check in" new versions
42of files to the repository, and other operations such as viewing the
43modification history of a file. If developers are connected to the
44repository by a network, particularly a slow or flaky one, the most
45efficient way to use the network is with the CVS-specific protocol
46described in this document.
47
48 Developers, using the machine on which they store their working
49directory, run the CVS "client" program. To perform operations which
50cannot be done locally, it connects to the CVS "server" program, which
51maintains the repository. For more information on how to connect see
52*Note Connection and Authentication::.
53
54 This document describes the CVS protocol. Unfortunately, it does not
55yet completely document one aspect of the protocol--the detailed
56operation of each CVS command and option--and one must look at the CVS
57user documentation, `cvs.texinfo', for that information. The protocol
58is non-proprietary (anyone who wants to is encouraged to implement it)
59and an implementation, known as CVS, is available under the GNU Public
60License. The CVS distribution, containing this implementation,
61`cvs.texinfo', and a copy (possibly more or less up to date than what
62you are reading now) of this document, `cvsclient.texi', can be found
63at the usual GNU FTP sites, with a filename such as
64`cvs-VERSION.tar.gz'.
65
66 This is version 1.11.1p1 of the protocol specification. This
67version number is intended only to aid in distinguishing different
68versions of this specification. Although the specification is currently
69maintained in conjunction with the CVS implementation, and carries the
70same version number, it also intends to document what is involved with
71interoperating with other implementations (such as other versions of
72CVS); see *Note Requirements::. This version number should not be used
73by clients or servers to determine what variant of the protocol to
74speak; they should instead use the `valid-requests' and
75`Valid-responses' mechanism (*note Protocol::), which is more flexible.
76
77�
78File: cvsclient.info, Node: Goals, Next: Connection and Authentication, Prev: Introduction, Up: Top
79
80Goals
81*****
82
83 * Do not assume any access to the repository other than via this
84 protocol. It does not depend on NFS, rdist, etc.
85
86 * Providing a reliable transport is outside this protocol. The
87 protocol expects a reliable transport that is transparent (that
88 is, there is no translation of characters, including characters
89 such as such as linefeeds or carriage returns), and can transmit
90 all 256 octets (for example for proper handling of binary files,
91 compression, and encryption). The encoding of characters
92 specified by the protocol (the names of requests and so on) is the
93 invariant ISO 646 character set (a subset of most popular
94 character sets including ASCII and others). For more details on
95 running the protocol over the TCP reliable transport, see *Note
96 Connection and Authentication::.
97
98 * Security and authentication are handled outside this protocol (but
99 see below about `cvs kserver' and `cvs pserver').
100
101 * The protocol makes it possible for updates to be atomic with
102 respect to checkins; that is if someone commits changes to several
103 files in one cvs command, then an update by someone else would
104 either get all the changes, or none of them. The current CVS
105 server can't do this, but that isn't the protocol's fault.
106
107 * The protocol is, with a few exceptions, transaction-based. That
108 is, the client sends all its requests (without waiting for server
109 responses), and then waits for the server to send back all
110 responses (without waiting for further client requests). This has
111 the advantage of minimizing network turnarounds and the
112 disadvantage of sometimes transferring more data than would be
113 necessary if there were a richer interaction. Another, more
114 subtle, advantage is that there is no need for the protocol to
115 provide locking for features such as making checkins atomic with
116 respect to updates. Any such locking can be handled entirely by
117 the server. A good server implementation (such as the current CVS
118 server) will make sure that it does not have any such locks in
119 place whenever it is waiting for communication with the client;
120 this prevents one client on a slow or flaky network from
121 interfering with the work of others.
122
123 * It is a general design goal to provide only one way to do a given
124 operation (where possible). For example, implementations have no
125 choice about whether to terminate lines with linefeeds or some
126 other character(s), and request and response names are
127 case-sensitive. This is to enhance interoperability. If a
128 protocol allows more than one way to do something, it is all too
129 easy for some implementations to support only some of them
130 (perhaps accidentally).
131
132�
133File: cvsclient.info, Node: Connection and Authentication, Next: Password scrambling, Prev: Goals, Up: Top
134
135How to Connect to and Authenticate Oneself to the CVS server
136************************************************************
137
138 Connection and authentication occurs before the CVS protocol itself
139is started. There are several ways to connect.
140
141server
142 If the client has a way to execute commands on the server, and
143 provide input to the commands and output from them, then it can
144 connect that way. This could be the usual rsh (port 514)
145 protocol, Kerberos rsh, SSH, or any similar mechanism. The client
146 may allow the user to specify the name of the server program; the
147 default is `cvs'. It is invoked with one argument, `server'.
148 Once it invokes the server, the client proceeds to start the cvs
149 protocol.
150
151kserver
152 The kerberized server listens on a port (in the current
153 implementation, by having inetd call "cvs kserver") which defaults
154 to 1999. The client connects, sends the usual kerberos
155 authentication information, and then starts the cvs protocol.
156 Note: port 1999 is officially registered for another use, and in
157 any event one cannot register more than one port for CVS, so
158 GSS-API (see below) is recommended instead of kserver as a way to
159 support kerberos.
160
161pserver
162 The name "pserver" is somewhat confusing. It refers to both a
163 generic framework which allows the CVS protocol to support several
164 authentication mechanisms, and a name for a specific mechanism
165 which transfers a username and a cleartext password. Servers need
166 not support all mechanisms, and in fact servers will typically
167 want to support only those mechanisms which meet the relevant
168 security needs.
169
170 The pserver server listens on a port (in the current
171 implementation, by having inetd call "cvs pserver") which defaults
172 to 2401 (this port is officially registered). The client
173 connects, and sends the following:
174
175 * the string `BEGIN AUTH REQUEST', a linefeed,
176
177 * the cvs root, a linefeed,
178
179 * the username, a linefeed,
180
181 * the password trivially encoded (see *Note Password
182 scrambling::), a linefeed,
183
184 * the string `END AUTH REQUEST', and a linefeed.
185
186 The client must send the identical string for cvs root both here
187 and later in the `Root' request of the cvs protocol itself.
188 Servers are encouraged to enforce this restriction. The possible
189 server responses (each of which is followed by a linefeed) are the
190 following. Note that although there is a small similarity between
191 this authentication protocol and the cvs protocol, they are
192 separate.
193
194 `I LOVE YOU'
195 The authentication is successful. The client proceeds with
196 the cvs protocol itself.
197
198 `I HATE YOU'
199 The authentication fails. After sending this response, the
200 server may close the connection. It is up to the server to
201 decide whether to give this response, which is generic, or a
202 more specific response using `E' and/or `error'.
203
204 `E TEXT'
205 Provide a message for the user. After this reponse, the
206 authentication protocol continues with another response.
207 Typically the server will provide a series of `E' responses
208 followed by `error'. Compatibility note: CVS 1.9.10 and
209 older clients will print `unrecognized auth response' and
210 TEXT, and then exit, upon receiving this response.
211
212 `error CODE TEXT'
213 The authentication fails. After sending this response, the
214 server may close the connection. The CODE is a code
215 describing why it failed, intended for computer consumption.
216 The only code currently defined is `0' which is nonspecific,
217 but clients must silently treat any unrecognized codes as
218 nonspecific. The TEXT should be supplied to the user.
219 Compatibility note: CVS 1.9.10 and older clients will print
220 `unrecognized auth response' and TEXT, and then exit, upon
221 receiving this response. Note that TEXT for this response,
222 or the TEXT in an `E' response, is not designed for machine
223 parsing. More vigorous use of CODE, or future extensions,
224 will be needed to prove a cleaner machine-parseable
225 indication of what the error was.
226
227 If the client wishes to merely authenticate without starting the
228 cvs protocol, the procedure is the same, except BEGIN AUTH REQUEST
229 is replaced with BEGIN VERIFICATION REQUEST, END AUTH REQUEST is
230 replaced with END VERIFICATION REQUEST, and upon receipt of I LOVE
231 YOU the connection is closed rather than continuing.
232
233 Another mechanism is GSSAPI authentication. GSSAPI is a generic
234 interface to security services such as kerberos. GSSAPI is
235 specified in RFC2078 (GSSAPI version 2) and RFC1508 (GSSAPI
236 version 1); we are not aware of differences between the two which
237 affect the protocol in incompatible ways, so we make no attempt to
238 specify one version or the other. The procedure here is to start
239 with `BEGIN GSSAPI REQUEST'. GSSAPI authentication information is
240 then exchanged between the client and the server. Each packet of
241 information consists of a two byte big endian length, followed by
242 that many bytes of data. After the GSSAPI authentication is
243 complete, the server continues with the responses described above
244 (`I LOVE YOU', etc.).
245
246future possibilities
247 There are a nearly unlimited number of ways to connect and
248 authenticate. One might want to allow access based on IP address
249 (similar to the usual rsh protocol but with different/no
250 restrictions on ports < 1024), to adopt mechanisms such as
251 Pluggable Authentication Modules (PAM), to allow users to run
252 their own servers under their own usernames without root access,
253 or any number of other possibilities. The way to add future
254 mechanisms, for the most part, should be to continue to use port
255 2401, but to use different strings in place of `BEGIN AUTH
256 REQUEST'.
257
258�
259File: cvsclient.info, Node: Password scrambling, Next: Protocol, Prev: Connection and Authentication, Up: Top
260
261Password scrambling algorithm
262*****************************
263
264 The pserver authentication protocol, as described in *Note
265Connection and Authentication::, trivially encodes the passwords. This
266is only to prevent inadvertent compromise; it provides no protection
267against even a relatively unsophisticated attacker. For comparison,
268HTTP Basic Authentication (as described in RFC2068) uses BASE64 for a
269similar purpose. CVS uses its own algorithm, described here.
270
271 The scrambled password starts with `A', which serves to identify the
272scrambling algorithm in use. After that follows a single octet for
273each character in the password, according to a fixed encoding. The
274values are shown here, with the encoded values in decimal. Control
275characters, space, and characters outside the invariant ISO 646
276character set are not shown; such characters are not recommended for use
277in passwords. There is a long discussion of character set issues in
278*Note Protocol Notes::.
279
280 0 111 P 125 p 58
281 ! 120 1 52 A 57 Q 55 a 121 q 113
282 " 53 2 75 B 83 R 54 b 117 r 32
283 3 119 C 43 S 66 c 104 s 90
284 4 49 D 46 T 124 d 101 t 44
285 % 109 5 34 E 102 U 126 e 100 u 98
286 & 72 6 82 F 40 V 59 f 69 v 60
287 ' 108 7 81 G 89 W 47 g 73 w 51
288 ( 70 8 95 H 38 X 92 h 99 x 33
289 ) 64 9 65 I 103 Y 71 i 63 y 97
290 * 76 : 112 J 45 Z 115 j 94 z 62
291 + 67 ; 86 K 50 k 93
292 , 116 < 118 L 42 l 39
293 - 74 = 110 M 123 m 37
294 . 68 > 122 N 91 n 61
295 / 87 ? 105 O 35 _ 56 o 48
296
297�
298File: cvsclient.info, Node: Protocol, Next: Protocol Notes, Prev: Password scrambling, Up: Top
299
300The CVS client/server protocol
301******************************
302
303 In the following, `\n' refers to a linefeed and `\t' refers to a
304horizontal tab; "requests" are what the client sends and "responses"
305are what the server sends. In general, the connection is governed by
306the client--the server does not send responses without first receiving
307requests to do so; see *Note Response intro:: for more details of this
308convention.
309
310 It is typical, early in the connection, for the client to transmit a
311`Valid-responses' request, containing all the responses it supports,
312followed by a `valid-requests' request, which elicits from the server a
313`Valid-requests' response containing all the requests it understands.
314In this way, the client and server each find out what the other
315supports before exchanging large amounts of data (such as file
316contents).
317
318* Menu:
319
320
321General protocol conventions:
322
323* Entries Lines:: Transmitting RCS data
324* File Modes:: Read, write, execute, and possibly more...
325* Filenames:: Conventions regarding filenames
326* File transmissions:: How file contents are transmitted
327* Strings:: Strings in various requests and responses
328* Dates:: Times and dates
329
330The protocol itself:
331
332* Request intro:: General conventions relating to requests
333* Requests:: List of requests
334* Response intro:: General conventions relating to responses
335* Response pathnames:: The "pathname" in responses
336* Responses:: List of responses
337* Text tags:: More details about the MT response
338
339An example session, and some further observations:
340
341* Example:: A conversation between client and server
342* Requirements:: Things not to omit from an implementation
343* Obsolete:: Former protocol features
344
345�
346File: cvsclient.info, Node: Entries Lines, Next: File Modes, Up: Protocol
347
348Entries Lines
349=============
350
351 Entries lines are transmitted as:
352
353 / NAME / VERSION / CONFLICT / OPTIONS / TAG_OR_DATE
354
355 TAG_OR_DATE is either `T' TAG or `D' DATE or empty. If it is
356followed by a slash, anything after the slash shall be silently ignored.
357
358 VERSION can be empty, or start with `0' or `-', for no user file,
359new user file, or user file to be removed, respectively.
360
361 CONFLICT, if it starts with `+', indicates that the file had
362conflicts in it. The rest of CONFLICT is `=' if the timestamp matches
363the file, or anything else if it doesn't. If CONFLICT does not start
364with a `+', it is silently ignored.
365
366 OPTIONS signifies the keyword expansion options (for example `-ko').
367In an `Entry' request, this indicates the options that were specified
368with the file from the previous file updating response (*note Response
369intro::, for a list of file updating responses); if the client is
370specifying the `-k' or `-A' option to `update', then it is the server
371which figures out what overrides what.
372
373�
374File: cvsclient.info, Node: File Modes, Next: Filenames, Prev: Entries Lines, Up: Protocol
375
376File Modes
377==========
378
379 A mode is any number of repetitions of
380
381 MODE-TYPE = DATA
382
383 separated by `,'.
384
385 MODE-TYPE is an identifier composed of alphanumeric characters.
386Currently specified: `u' for user, `g' for group, `o' for other (see
387below for discussion of whether these have their POSIX meaning or are
388more loose). Unrecognized values of MODE-TYPE are silently ignored.
389
390 DATA consists of any data not containing `,', `\0' or `\n'. For
391`u', `g', and `o' mode types, data consists of alphanumeric characters,
392where `r' means read, `w' means write, `x' means execute, and
393unrecognized letters are silently ignored.
394
395 The two most obvious ways in which the mode matters are: (1) is it
396writeable? This is used by the developer communication features, and
397is implemented even on OS/2 (and could be implemented on DOS), whose
398notion of mode is limited to a readonly bit. (2) is it executable?
399Unix CVS users need CVS to store this setting (for shell scripts and
400the like). The current CVS implementation on unix does a little bit
401more than just maintain these two settings, but it doesn't really have
402a nice general facility to store or version control the mode, even on
403unix, much less across operating systems with diverse protection
404features. So all the ins and outs of what the mode means across
405operating systems haven't really been worked out (e.g. should the VMS
406port use ACLs to get POSIX semantics for groups?).
407
408�
409File: cvsclient.info, Node: Filenames, Next: File transmissions, Prev: File Modes, Up: Protocol
410
411Conventions regarding transmission of file names
412================================================
413
414 In most contexts, `/' is used to separate directory and file names
415in filenames, and any use of other conventions (for example, that the
416user might type on the command line) is converted to that form. The
417only exceptions might be a few cases in which the server provides a
418magic cookie which the client then repeats verbatim, but as the server
419has not yet been ported beyond unix, the two rules provide the same
420answer (and what to do if future server ports are operating on a
421repository like e:/foo or CVS_ROOT:[FOO.BAR] has not been carefully
422thought out).
423
424 Characters outside the invariant ISO 646 character set should be
425avoided in filenames. This restriction may need to be relaxed to allow
426for characters such as `[' and `]' (see above about non-unix servers);
427this has not been carefully considered (and currently implementations
428probably use whatever character sets that the operating systems they
429are running on allow, and/or that users specify). Of course the most
430portable practice is to restrict oneself further, to the POSIX portable
431filename character set as specified in POSIX.1.
432
433�
434File: cvsclient.info, Node: File transmissions, Next: Strings, Prev: Filenames, Up: Protocol
435
436File transmissions
437==================
438
439 File contents (noted below as FILE TRANSMISSION) can be sent in one
440of two forms. The simpler form is a number of bytes, followed by a
441linefeed, followed by the specified number of bytes of file contents.
442These are the entire contents of the specified file. Second, if both
443client and server support `gzip-file-contents', a `z' may precede the
444length, and the `file contents' sent are actually compressed with
445`gzip' (RFC1952/1951) compression. The length specified is that of the
446compressed version of the file.
447
448 In neither case are the file content followed by any additional data.
449The transmission of a file will end with a linefeed iff that file (or
450its compressed form) ends with a linefeed.
451
452 The encoding of file contents depends on the value for the `-k'
453option. If the file is binary (as specified by the `-kb' option in the
454appropriate place), then it is just a certain number of octets, and the
455protocol contributes nothing towards determining the encoding (using
456the file name is one widespread, if not universally popular, mechanism).
457If the file is text (not binary), then the file is sent as a series of
458lines, separated by linefeeds. If the keyword expansion is set to
459something other than `-ko', then it is expected that the file conform
460to the RCS expectations regarding keyword expansion--in particular,
461that it is in a character set such as ASCII in which 0x24 is a dollar
462sign (`$').
463
464�
465File: cvsclient.info, Node: Strings, Next: Dates, Prev: File transmissions, Up: Protocol
466
467Strings
468=======
469
470 In various contexts, for example the `Argument' request and the `M'
471response, one transmits what is essentially an arbitrary string. Often
472this will have been supplied by the user (for example, the `-m' option
473to the `ci' request). The protocol has no mechanism to specify the
474character set of such strings; it would be fairly safe to stick to the
475invariant ISO 646 character set but the existing practice is probably
476to just transmit whatever the user specifies, and hope that everyone
477involved agrees which character set is in use, or sticks to a common
478subset.
479
480�
481File: cvsclient.info, Node: Dates, Next: Request intro, Prev: Strings, Up: Protocol
482
483Dates
484=====
485
486 The protocol contains times and dates in various places.
487
488 For the `-D' option to the `annotate', `co', `diff', `export',
489`history', `rannotate', `rdiff', `rtag', `tag', and `update' requests,
490the server should support two formats:
491
492 26 May 1997 13:01:40 -0000 ; RFC 822 as modified by RFC 1123
493 5/26/1997 13:01:40 GMT ; traditional
494
495 The former format is preferred; the latter however is sent by the CVS
496command line client (versions 1.5 through at least 1.9).
497
498 For the `-d' option to the `log' and `rlog' requests, servers should
499at least support RFC 822/1123 format. Clients are encouraged to use
500this format too (the command line CVS client, version 1.10 and older,
501just passed along the date format specified by the user, however).
502
503 The `Mod-time' response and `Checkin-time' request use RFC 822/1123
504format (see the descriptions of that response and request for details).
505
506 For `Notify', see the description of that request.
507
508�
509File: cvsclient.info, Node: Request intro, Next: Requests, Prev: Dates, Up: Protocol
510
511Request intro
512=============
513
514 By convention, requests which begin with a capital letter do not
515elicit a response from the server, while all others do - save one. The
516exception is `gzip-file-contents'. Unrecognized requests will always
517elicit a response from the server, even if that request begins with a
518capital letter.
519
520 The term "command" means a request which expects a response (except
521`valid-requests'). The general model is that the client transmits a
522great number of requests, but nothing happens until the very end when
523the client transmits a command. Although the intention is that
524transmitting several commands in one connection should be legal,
525existing servers probably have some bugs with some combinations of more
526than one command, and so clients may find it necessary to make several
527connections in some cases. This should be thought of as a workaround
528rather than a desired attribute of the protocol.
529
530