[Freeipa-devel] XML-RPC interface review

Rob Crittenden rcritten at redhat.com
Thu Nov 29 15:54:18 UTC 2007


Some concerns had been raised privately about the XML-RPC interface and 
extra munging some non-IPA clients may be required to perform.

The issue was the data wrapping and unwrapping. This is actually the way 
that binary data is to be transported via RPC according to the spec.

Here is a piece of what we return in a call to find_users() for user 
'test'. The first entry in the array means that there was 1 entry 
returned. The second is the actual user.

<methodResponse>
<params>
<param>
<value><array><data>
<value><int>1</int></value>
<value><struct>
<member>
<name>dn</name>
<value><string>uid=test,cn=users,cn=accounts,dc=freeipa,dc=org</string></value>
</member>
<member>
<name>krbprincipalkey</name>
<value><base64>
MIICA6ADAgEBoQMCAQGiAwIBAaMDAgEApIIB6zCCAecwX6AaMBigAwIBAKERBA9GUkVFSVBBLk9S
R3Rlc3ShQTA/oAMCARChOAQ2GAAXqvtk8/KHlizZXp5sBnPQusNu5VnPlFeXilaB+akpTl3zQlZP
ueh63aVdWOg04Q/kwotIMFegGjAYoAMCAQChEQQPRlJFRUlQQS5PUkd0ZXN0oTkwN6ADAgEXoTAE
LhAAYS32ZyIyYLm4FYps6mHUORQ9HC7ygZ0hXsRPVGF0Eh59hbqeMpKy5oYvadUwT6AaMBigAwIB
AKERBA9GUkVFSVBBLk9SR3Rlc3ShMTAvoAMCAQihKAQmCADWQ7Wn53Iy79jtsiCq2X14Y2VpEhzQ
You35RQUoZTL11bopWYwT6AaMBigAwIBAKERBA9GUkVFSVBBLk9SR3Rlc3ShMTAvoAMCAQOhKAQm
CADAzkVMiW/FGeiX/Qw2EC0o7oZtupk4NKNgzdVeHO+f5OBbFEowPKAHMAWgAwIBAaExMC+gAwIB
AaEoBCYIAJEau67fAkurabNWTgT2gUig5bd1y4XuIKFeu09Mb4c9ISQOOjBLoBYwFKADAgEFoQ0E
C0ZSRUVJUEEuT1JHoTEwL6ADAgEBoSgEJggABrj6CWbC5MoMA4/2HAURfSIor3wtSXHmrQZGsBCV
fazPDb86
</base64></value>
...
...

Our RPC client automatically decodes this but it is the proper way to 
return binary data.

Now one thing I did find that needs to change is the use of None in the 
API. I'd rather not turn on support for NULL values as it seems very 
non-standard.

The way I work around it is to use a special value __NONE__ but this 
isn't necessary for any other random XML-RPC client. They simply need to 
provide every field. I'm going to go ahead and remove None from the 
published API because that is truly bad. All arguments will be required.

I'm still going to leave the __NONE__ munging in though. If other 
clients want to take advantage of it then great, but they don't have to, 
they just need to supply a value.

We still need to do an API review to ensure consistent naming, return 
types, etc.

rob
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3245 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20071129/1ddb221c/attachment.bin>


More information about the Freeipa-devel mailing list