T(Incomplete)?

GUI RPC protocol

BOINC uses the GUI RPC protocol to make the BOINC Manager communicate with the core client. The protocol is based on XML. Both requests and responses are terminated with the control character 0x03. Requests are inside <boinc_gui_rpc_request> tags, and replies from the client are inside <boinc_gui_rpc_reply> tags. A response is never sent without getting a request first.

Note that the RPC server is the core client, and the RPC client is a GUI or add-on communicating with it (such as BOINC Manager). It may seem confusing. This terminology will be used on the rest of the page.

Authentication

The RPC protocol allows the RPC client to authenticate itself using a password. Most RPC operations can only be done by an authenticated client. Some can be done without authentication, but only by a client running on the same machine.

Authentication on the RPC protocol is based on a challenge-response system. To initiate the authentication process, send an <code><auth1/></code> command:

<boinc_gui_rpc_request>
    <auth1/>
</boinc_gui_rpc_request>

The response will be the authentication challenge:

<boinc_gui_rpc_reply>
    <nonce>1198959933.057125</nonce>
</boinc_gui_rpc_reply>

The value of nonce is to be used as a salt with the password. It is randomly generated for each request. To calculate the response, concatenate the nonce and the password (nonce first), then calculate the MD5 hash of the result, i.e: md5(nonce+password). Finally, send an <auth2> request with the calculated hash, in hexadecimal format.

<boinc_gui_rpc_request>
    <auth2>
        <nonce_hash>d41d8cd98f00b204e9800998ecf8427e</nonce_hash>
    </auth2>
</boinc_gui_rpc_request>

The reply will be either <authorized/> or <unauthorized/>.