[Freeipa-devel] XML-RPC interface review
Rob Crittenden
rcritten at redhat.com
Thu Nov 29 15:54:18 UTC 2007
Some concerns had been raised privately about the XML-RPC interface and
extra munging some non-IPA clients may be required to perform.
The issue was the data wrapping and unwrapping. This is actually the way
that binary data is to be transported via RPC according to the spec.
Here is a piece of what we return in a call to find_users() for user
'test'. The first entry in the array means that there was 1 entry
returned. The second is the actual user.
<methodResponse>
<params>
<param>
<value><array><data>
<value><int>1</int></value>
<value><struct>
<member>
<name>dn</name>
<value><string>uid=test,cn=users,cn=accounts,dc=freeipa,dc=org</string></value>
</member>
<member>
<name>krbprincipalkey</name>
<value><base64>
MIICA6ADAgEBoQMCAQGiAwIBAaMDAgEApIIB6zCCAecwX6AaMBigAwIBAKERBA9GUkVFSVBBLk9S
R3Rlc3ShQTA/oAMCARChOAQ2GAAXqvtk8/KHlizZXp5sBnPQusNu5VnPlFeXilaB+akpTl3zQlZP
ueh63aVdWOg04Q/kwotIMFegGjAYoAMCAQChEQQPRlJFRUlQQS5PUkd0ZXN0oTkwN6ADAgEXoTAE
LhAAYS32ZyIyYLm4FYps6mHUORQ9HC7ygZ0hXsRPVGF0Eh59hbqeMpKy5oYvadUwT6AaMBigAwIB
AKERBA9GUkVFSVBBLk9SR3Rlc3ShMTAvoAMCAQihKAQmCADWQ7Wn53Iy79jtsiCq2X14Y2VpEhzQ
You35RQUoZTL11bopWYwT6AaMBigAwIBAKERBA9GUkVFSVBBLk9SR3Rlc3ShMTAvoAMCAQOhKAQm
CADAzkVMiW/FGeiX/Qw2EC0o7oZtupk4NKNgzdVeHO+f5OBbFEowPKAHMAWgAwIBAaExMC+gAwIB
AaEoBCYIAJEau67fAkurabNWTgT2gUig5bd1y4XuIKFeu09Mb4c9ISQOOjBLoBYwFKADAgEFoQ0E
C0ZSRUVJUEEuT1JHoTEwL6ADAgEBoSgEJggABrj6CWbC5MoMA4/2HAURfSIor3wtSXHmrQZGsBCV
fazPDb86
</base64></value>
...
...
Our RPC client automatically decodes this but it is the proper way to
return binary data.
Now one thing I did find that needs to change is the use of None in the
API. I'd rather not turn on support for NULL values as it seems very
non-standard.
The way I work around it is to use a special value __NONE__ but this
isn't necessary for any other random XML-RPC client. They simply need to
provide every field. I'm going to go ahead and remove None from the
published API because that is truly bad. All arguments will be required.
I'm still going to leave the __NONE__ munging in though. If other
clients want to take advantage of it then great, but they don't have to,
they just need to supply a value.
We still need to do an API review to ensure consistent naming, return
types, etc.
rob
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3245 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20071129/1ddb221c/attachment.bin>
More information about the Freeipa-devel
mailing list