LISTSERV - CLEANACCESS Archives - LISTSERV.MIAMIOH.EDU

CLEANACCESS Archives

June 2007

CLEANACCESS@LISTSERV.MIAMIOH.EDU

	LISTSERV Archives
	CLEANACCESS Home
	CLEANACCESS June 2007

	Log In
	Register

	Subscribe or Unsubscribe

	Search Archives

Options:	Use Monospaced Font Show Text Part by Default Show All Mail Headers
Message:	[<< First] [< Prev] [Next >] [Last >>]
Topic:	[<< First] [< Prev] [Next >] [Last >>]
Author:	[<< First] [< Prev] [Next >] [Last >>]

Subject:	Re: new API function - getrolelist
From:	"Lanstein, Alex C" <[log in to unmask]>
Reply To:	Cisco Clean Access Users and Administrators <[log in to unmask]>
Date:	Fri, 22 Jun 2007 12:29:20 -0400
Content-Type:	text/plain
Parts/Attachments:	text/plain (124 lines)

sorry, copied the wrong version in.  the only change is this that it cuts off the colon on front of the vlan id.
 
else if (fDel && oper.equals("getrolelist"))
    {
        Iterator iter = rim.getRoleInfoList();
        int count = 0;
        String output = "";
        String ipstr = "";
        iter = rim.getRoleInfoList();
        while( iter.hasNext() )
        {
                RoleInfo ri = null;
                ri = (RoleInfo) iter.next();
                int roamPolicy = ri.getRoamPolicy();
                 int ipsec = ri.getIPSecPolicy();
                if(ipsec == RoleInfo.IPSEC_DENY)
                     ipstr = "deny";
                else if(ipsec == RoleInfo.IPSEC_ENFORCE)
                        ipstr = "enforce";
                else
                        ipstr = "allow";
                // assumed name,roam/ipsec policy aren't empty
                output += "<!--NAME=" + (ri.getName()).replaceAll(",", "\\\\,") + ",IPSEC=" + ipstr + ",ROAM=" + ((roamPolicy==RoleInfo.ROAM_ALLOW)?"allow":"deny") + ",VLAN=" + ((ri.getComboVlan().equals(""))?"undefined":ri.getComboVlan().replaceAll(":","")) + ",DESCRIPTION=" + ((ri.getDescription().equals(""))?"undefined":ri.getDescription().replaceAll(",", "\\\\,")) + "-->";
                count++;
        }
        if(count == 0)
        {
                // i dont think this is possible
        %><!--error=There are no roles present-->  <%
        }
        else
        %><!--mesg=0--><!--count=<%=count%>--><!--<%=output%>--><%
 
    }

 
Regards, 
 
Alex Lanstein 
Network and Systems Administrator, FireEye, Inc.
BOFH, LBCCHosting 
860-625-4277 
[log in to unmask]

________________________________

From: Lanstein, Alex C
Sent: Fri 6/22/2007 12:27 PM
To: Cisco Clean Access Users and Administrators
Subject: new API function - getrolelist


I'm switching to a job out in menlo park, ca come monday and the bossman made a list of things he needs done before I take off.  One of them is eliminating calls to postgres on the CAM.  It just causes too many problems everytime we upgrade.  In that regard I've been moving over my calls to it - the reporting API is nice, thanks guys.
 
In an effort to use the local user database to it's fullest, we're writing a little standalone app to register guest users.  The problem is that there's no way to pull down a list of roles that the guest can join (the form will be used by admins/helpdesk, so we're not worried about a guest choosing the admin role and then getting into the admin vlan).  I added an API function that lists the roles and some information about them.  The diff is below, and the "official" documentation is below that:
 
[root@smmanager admin]# diff cisco_api.jsp cisco_api_acl.jsp
1667a1668,1703
>
>     else if (fDel && oper.equals("getrolelist"))
>     {
>       Iterator iter = rim.getRoleInfoList();
>       int count = 0;
>       String output = "";
>       String ipstr = "";
>       iter = rim.getRoleInfoList();
>       while( iter.hasNext() )
>       {
>               RoleInfo ri = null;
>               ri = (RoleInfo) iter.next();
>               int roamPolicy = ri.getRoamPolicy();
>                int ipsec = ri.getIPSecPolicy();
>               if(ipsec == RoleInfo.IPSEC_DENY)
>                    ipstr = "deny";
>               else if(ipsec == RoleInfo.IPSEC_ENFORCE)
>                       ipstr = "enforce";
>               else
>                       ipstr = "allow";
>               // assumed name,roam/ipsec policy aren't empty
>               output += "<!--NAME=" + (ri.getName()).replaceAll(",", "\\\\,") + ",IPSEC=" + ipstr + ",ROAM=" + ((roamPolicy==RoleInfo.ROAM_ALLOW)?"allow":"deny") + ",VLAN=" + ((ri.getComboVlan().equals(""))?"undefined":ri.getComboVlan()) + ",DESCRIPTION=" + ((ri.getDescription().equals(""))?"undefined":ri.getDescription().replaceAll(",", "\\\\,")) + "-->";
>               count++;
>       }
>       if(count == 0)
>         {
>               // i dont think this is possible
>       %><!--error=There are no roles present-->  <%
>         }
>         else
>       %><!--mesg=0--><!--count=<%=count%>--><!--<%=output%>--><%
>
>
>
>     }
>
[root@smmanager admin]#



Operation Name: getrolelist
Description: Returns list of roles and information about each

In Params: 

*	op (required) : getlocaluserlist 
*	admin (optional) : admin account user name. This parameter is not needed if using authentication by session. 
*	passwd (optional) : password for admin account. This parameter is not needed if using authentication by session. 

Out Params: 

*	Comment of form <!--error=mesg--> is returned. If mesg value is 0 then operation is success or else there will be an error string. 
*	If mesg value is 0, a comment of form <!--count=10--> shows the number of roles returned, Following same number of comments of form <!--NAME=role_name,IPSEC=ipsec policy for role,ROAM=roam policy for role,VLAN=vlan id for role.  "undefined" for empty when not defined or in band, DESCRIPTION=description of role. 

 
As always, YMMV.  I'll be sending along the finished guest access piece and a couple screenshots later on today for any who are interested.
 
 
Regards, 
 
Alex Lanstein 
Network and Systems Administrator, FireEye, Inc.
BOFH, LBCCHosting 
860-625-4277 
[log in to unmask]

ATOM RSS1 RSS2

LISTSERV.MIAMIOH.EDU