📄 rfc2244.txt
字号:
This response code is returned on a tagged NO result from an
AUTHENTICATE command. It indicates that site security policy
requires the use of a strong encryption mechanism for the
specified authentication identity and mechanism.
INVALID
This response code indicates that a STORE command included
data which the server implementation does not permit. It
MUST NOT be used unless the dataset class specification for
the attribute in question explicitly permits enforced server
validation. The argument is the attribute which was invalid.
MODIFIED
This response code indicates that a conditional store failed
because the modtime on the entry is later than the modtime
specified with the STORE command UNCHANGEDSINCE modifier.
The argument is the entry which had been modified.
NOEXIST
This response code indicates that a search or NOCREATE store
failed because a specified dataset did not exist. The
argument is the dataset which does not exist.
PERMISSION
A command failed due to insufficient permission based on the
access control list or implicit rights. The argument is the
acl-object which caused the permission failure.
QUOTA
A STORE or SETACL command which would have increased the size
of the dataset failed due to insufficient quota.
REFER
This response code may be returned in a tagged NO response to
any command that takes a dataset name as a parameter. It has
one or more arguments with the syntax of relative URLs. It
is a referral, indicating that the command should be retried
using one of the relative URLs.
Newman & Myers Standards Track [Page 19]
RFC 2244 ACAP November 1997
SASL This response code can occur in the tagged OK response to a
successful AUTHENTICATE command and includes the optional
final server response data from the server as specified by
SASL [SASL].
TOOMANY
This response code may be returned in a tagged OK response to
a SEARCH command which includes the LIMIT modifier. The
argument returns the total number of matching entries.
TOOOLD
The modtime specified in the DELETEDSINCE command is too old,
so deletedsince information is no longer available.
TRANSITION-NEEDED
This response code occurs on a NO response to an AUTHENTICATE
command. It indicates that the user name is valid, but the
entry in the authentication database needs to be updated in
order to permit authentication with the specified mechanism.
This can happen if a user has an entry in a system
authentication database such as Unix /etc/passwd, but does
not have credentials suitable for use by the specified
mechanism.
TRYLATER
A command failed due to a temporary server failure. The
client MAY continue using local information and try the
command later.
TRYFREECONTEXT
This response code may be returned in a tagged NO response to
a SEARCH command which includes the MAKECONTEXT modifier. It
indicates that a new context may not be created due to the
server's limit on the number of existing contexts.
WAYTOOMANY
This response code may be returned in a tagged NO response to
a SEARCH command which includes a HARDLIMIT search modifier.
It indicates that the SEARCH would have returned more entries
than the HARDLIMIT permitted.
Additional response codes MUST be registered with IANA according
to the proceedures in section 7.2. Client implementations MUST
tolerate response codes that they do not recognize.
Newman & Myers Standards Track [Page 20]
RFC 2244 ACAP November 1997
4. Namespace Conventions
4.1. Dataset Namespace
The dataset namespace is a slash-separated hierarchy. The first
component of the dataset namespace is a dataset class. Dataset
classes MUST have a vendor prefix (vendor.<vendor/product>) or be
specified in a standards track or IESG approved experimental RFC.
See section 7.3 for the registration template.
The second component of the dataset name is "site", "group", "host",
or "user" referring to server-wide data, administrative group data,
per-host data and per-user data respectively.
For "group", "host", and "user" areas, the third component of the
path is the group name, the fully qualified host domain name, or the
user name. A path of the form "/<dataset-class>/~/" is a convenient
abbreviation for "/<dataset-class>/user/<current-user>/".
Dataset names which begin with "/byowner/" are reserved as an
alternate view of the namespace. This provides a way to see all the
dataset classes which a particular owner uses. For example,
"/byowner/~/<dataset-class>/" is an alternate name for
"/<dataset-class>/~/". Byowner provides a way to view a list of
dataset classes owned by a given user; this is done using the dataset
"/byowner/user/<current-user>/" with the NOINHERIT SEARCH modifier.
The dataset "/" may be used to find all dataset classes visible to
the current user. A dataset of the form "/<dataset-class>/user/" may
be used to find all users which have made a dataset or entry of that
class visible to the current user.
The formal syntax for a dataset name is defined by the "dataset-name"
rule in section 4.3.
4.2. Attribute Namespace
Attribute names which do not contain a dot (".") are reserved for
standardized attributes which have meaning in any dataset. In order
to simplify client implementations, the attribute namespace is
intended to be unique across all datasets. To achieve this,
attribute names are prefixed with the dataset class name followed by
a dot ("."). Attributes which affect management of the dataset are
prefixed with "dataset.". In addition, a subtree of the "vendor."
attribute namespace may be registered with IANA according to the
rules in section 7.4. ACAP implementors are encouraged to help
define interoperable dataset classes specifications rather than using
the private attribute namespace.
Newman & Myers Standards Track [Page 21]
RFC 2244 ACAP November 1997
Some users or sites may wish to add their own private attributes to
certain dataset classes. In order to enable this, the "user.<user-
name>." and "site." subtrees of the attribute namespace are reserved
for user-specific and site-specific attributes respectively and will
not be standardized. Such attributes are not interoperable so are
discouraged in favor of defining standard attributes. A future
extension is expected to permit discovery of syntax for user or
site-specific attributes. Clients wishing to support display of user
or site-specific attributes should display the value of any non-NIL
single-valued "user.<user-name>." or "site." attribute which has
valid UTF-8 syntax.
The formal syntax for an attribute name is defined by the
"attribute-name" rule in the next section.
4.3. Formal Syntax for Dataset and Attribute Namespace
The naming conventions for datasets and attributes are defined by the
following ABNF. Note that this grammar is not part of the ACAP
protocol syntax in section 8, as dataset names and attribute names
are encoded as strings within the ACAP protocol.
attribute-dacl = "dataset.acl" *("." name-component)
attribute-dset = dataset-std 1*("." name-component)
;; MUST be defined in a dataset class specification
attribute-name = attribute-std / attr-site / attr-user / vendor-name
attribute-std = "entry" / "subdataset" / "modtime" /
"dataset.inherit" / attribute-dacl / attribute-dset
attr-site = "site" 1*("." name-component)
attr-user = "user." name-component 1*("." name-component)
byowner = "/byowner/" owner "/"
[dataset-class "/" dataset-sub]
dataset-class = dataset-std / vendor-name
dataset-normal = "/" [dataset-class "/"
(owner-prefix / dataset-tail)]
dataset-name = byowner / dataset-normal
Newman & Myers Standards Track [Page 22]
RFC 2244 ACAP November 1997
dataset-std = name-component
;; MUST be registered with IANA and the spec MUST
;; be published as a standards track or
;; IESG-approved experimental RFC
dataset-sub = *(dname-component "/")
;; The rules for this portion of the namespace may
;; be further restricted by the dataset class
;; specification.
dataset-tail = owner "/" dataset-sub
dname-component = 1*UTF8-CHAR
;; MUST NOT begin with "." or contain "/"
name-component = 1*UTF8-CHAR
;; MUST NOT contain ".", "/", "%", or "*"
owner = "site" / owner-host / owner-group /
owner-user / "~"
owner-group = "group/" dname-component
owner-host = "host/" dname-component
owner-prefix = "group/" / "host/" / "user/"
owner-user = "user/" dname-component
vendor-name = vendor-token *("." name-component)
vendor-token = "vendor." name-component
;; MUST be registered with IANA
5. Dataset Management
The entry with an empty name ("") in the dataset is used to hold
management information for the dataset as a whole.
5.1. Dataset Inheritance
It is possible for one dataset to inherit data from another. The
dataset from which the data is inherited is called the base dataset.
Data in the base dataset appears in the inheriting dataset, except
when overridden by a STORE to the inheriting dataset.
Newman & Myers Standards Track [Page 23]
RFC 2244 ACAP November 1997
The base dataset is usually a system-wide or group-wide set of
defaults. A system-wide dataset usually has one inheriting dataset
per user, allowing each user to add to or modify the defaults as
appropriate.
An entry which exists in both the inheriting and base dataset
inherits a modtime equal to the greater of the two modtimes. An
attribute in such an entry is inherited from the base dataset if it
was never modified by a STORE command in the inheriting dataset or if
DEFAULT was stored to that attribute. This permits default entries
to be amended rather than replaced in the inheriting dataset.
The "subdataset" attribute is not directly inherited. If the base
dataset includes a "subdataset" attribute and the inheriting dataset
does not, then the "subdataset" attribute will inherit a virtual
value of a list containing a ".". The subdataset at that node is
said to be a "virtual" dataset as it is simply a virtual copy of the
appropriate base dataset with all "subdataset" attributes changed to
a list containing a ".". A virtual dataset is not visible if
NOINHERIT is specified on the SEARCH command.
Servers MUST support at least two levels of inheritance. This
permits a user's dataset such as "/options/user/fred/common" to
inherit from a group dataset such as "/options/group/dinosaur
operators/common" which in turn inherits from a server-wide dataset
such as "/options/site/common".
5.2. Dataset Attributes
The following attributes apply to management of the dataset when
stored in the "" entry of a dataset. These attributes are not
inherited.
dataset.acl
This holds the default access control list for the dataset.
This attribute is validated, so an invalid access control list
in a STORE command will result in a NO response⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -