Олег Давидович: 1 версия импортирована

2024-10-21T08:51:25Z

1 версия импортирована

← Предыдущая версия	Версия от 08:51, 21 октября 2024
(нет различий)

1>Tsala: category edit

2010-02-18T20:19:06Z

category edit

Новая страница

This page lists the services (and methods in that service) that are available to MNet clients. Services are MNet's way of grouping methods, and allowing MNet sites to publish and/or subscribe to services. The descriptions are not complete. Please help fill it out!

== System ==

Implemented in /mnet/xmlrpc/server.php, this provides basic information about the MNet server. These methods may also be called as "system.*" in addition to the "system/*" pattern common to the other method names. The system/listMethods, system/methodSignature, and system/methodHelp methods are based on [http://xmlrpc-c.sourceforge.net/introspection.html XML-RPC Introspection].

This service is not returned by system/listServices, nor are any of the methods listed by the XML-RPC Introspection methods.

=== system/listMethods ===
Lists the available methods.

==== Parameters ====
* service name(string) (optional): If provided, list only the methods provided by the given service. If not specified, list all available methods. (This parameter is not present in XML-RPC Introspection.)

==== Return value ====
* array of strings, giving the method names

==== Security ====
Only lists methods that the client is allowed to execute.

=== system/methodSignature ===
Gives the method signature of the requested method.

==== Parameters ====
* method name(string): The name of the method to provide the method signature for.

==== Return value ====
* array, giving the method signature(s). Note: the format is different from the one specified in the XML-RPC Introspection spec.
** Each array element is itself an array
*** Each array element is a struct, with fields "type" and "description", and values being strings.
*** The first array element represents the return value. Subsequent array elements represent the parameters.

==== Security ====
If the client is not allowed to execute the method, returns an empty array.

=== system/methodHelp ===
Give a textual description of the requested method.

==== Parameters ====
* method name(string): The name of the method to provide help for.

==== Return value ====
* string, a description of the method.

==== Security ====
If the client is not allowed to execute the method, returns server fault 7019.

=== system/listServices ===
List the available services.

==== Parameters ====
none

==== Return value ====
* array, giving the service names, versions, and publish/subscription status. Each array element is a struct with the following keys:
** name(string): the name of the service
** apiversion(integer): the API version provided
** publish(integer): whether the server is publishing this service to the client
** subscribe(integer): whether the server is subscribing to this service from the client

==== Security ====
Only services that are published or subscribed are returned.

=== system/keySwap ===
Swap public keys via X509 certificates.

==== Parameters ====
* wwwroot(string): the client's wwwroot.
* certificate(string): the client's X509 certificate, in PEM format
* application(string): the application type

==== Return value ====
* (string) the server's X509 certificate, in PEM format

==== Security ====
This is the only MNet method that can be called from all hosts without encryption and signing (since that is the only way to bootstrap the process).

You really shouldn't be trusting the client's parameters, as these can be easily forged. If the certificate differs from the certificate you have stored for the given wwwroot, you should double-check by doing your own system/keySwap call, or trying to send an encrypted and signed XML-RPC request to the client. In this way, a successful attack would require at least DNS hijacking and/or a man-in-the-middle attack, both of which break MNet's security anyways.

== sso_idp (version 1) ==
Identity provider for single sign on.

=== auth/mnet/auth.php/user_authorise ===
(note UK spelling of "authorise") Return user data for the provided token, compare with user_agent string.

==== Parameters ====
* token(string): token provided by the IdP
* user agent(string): SHA-1 hash of the user's user agent string

==== Return value ====
* struct, containing the user's profile data. The fields provided are: username, email, auth (="mnet"), confirmed, deleted, firstname, lastname, city, country, lang, timezone, description, mailformat, maildigest, maildisplay, htmleditor, wwwroot (the IdP's wwwroot), session.gc_maxlifetime, picture (integer/boolean), imagehash (if picture != 0; sha1 hash of profile picture file), myhosts (an array describing how many courses the user is enrolled in, in all known hosts)

=== auth/mnet/auth.php/keepalive_server ===
"Receives an array of usernames from a remote machine and prods their sessions to keep them alive"

==== Parameters ====
* array of usernames

==== Return value ====
* struct:
** if success:
*** code (int): 0
*** message (string): "All ok"
*** last_log_id (int): the ID of the last log entry received from auth/mnet/auth.php/refresh_log
** if error:
**** code (int): 1
**** message (string): "We failed to refresh the session for the following usernames: ..."
**** last_log_id (int): the ID of the last log entry received from auth/mnet/auth.php/refresh_log

=== auth/mnet/auth.php/kill_children ===
"The IdP uses this function to kill child sessions on other hosts"

never seems to be called by Moodle networks (called on logout instead)

=== auth/mnet/auth.php/refresh_log ===
=== auth/mnet/auth.php/fetch_user_image ===
"Returns the user's image as a base64 encoded string."

==== Parameters ====
* username (string)
==== Return value ====
* false on error, otherwise struct:
** f1 (string): base64 encoded copy of user's f1.jpg
** f2 (string): base64 encoded copy of user's f2.jpg

=== auth/mnet/auth.php/fetch_theme_info ===
"Returns the theme information and logo url as strings."

==== Parameters ====
none

==== Return value ====
* struct:
** themename (string)
** logourl (string): Url for theme logo
** auth/mnet/auth.php/update_enrolments

== sso_sp (version 1) ==
Service provider for single sign on.

=== auth/mnet/auth.php/keepalive_client ===
"Poll the IdP server to let it know that a user it has authenticated is still online" No, I don't know what that means either.

never seems to be called by Moodle networks (called by cron instead)
calls auth/mnet/auth.php/keepalive_server on each IdP that has local users logged in
==== Parameters ====
none

==== Return Value ====
none

=== auth/mnet/auth.php/kill_child ===
Requests that the SP ends the user's session. Used for single sign off.

==== Parameters ====
* username(string)
* useragent(string): SHA-1 hash of the user's user agent string

Note that the calling IdP is identified through MNet signatures

==== Return Value ====
* true on success (boolean)

== mnet_enrol (version 1) ==
Moodle networks enrolments. Enable remote administrators to enrol users in local courses.

=== enrol/mnet/enrol.php/available_courses ===
=== enrol/mnet/enrol.php/user_enrolments ===
=== enrol/mnet/enrol.php/enrol_user ===
=== enrol/mnet/enrol.php/unenrol_user ===
=== enrol/mnet/enrol.php/course_enrolments ===

[[Category:MNet]]

Development:MNet services - История изменений

Олег Давидович: 1 версия импортирована

1>Tsala: category edit