CLEANACCESS Archives

November 2006

CLEANACCESS@LISTSERV.MIAMIOH.EDU
Options: Use Monospaced Font
Show Text Part by Default
Show All Mail Headers

Message: [<< First] [< Prev] [Next >] [Last >>]
Topic: [<< First] [< Prev] [Next >] [Last >>]
Author: [<< First] [< Prev] [Next >] [Last >>]

Print Reply
Subject:
Re: 4.1 and API
From:
"Lanstein, Alex C" <[log in to unmask]>
Reply To:
Cisco Clean Access Users and Administrators <[log in to unmask]>
Date:
Thu, 30 Nov 2006 13:07:57 -0500
Content-Type:
text/plain
Parts/Attachments:
text/plain (243 lines) 
Hey Brad,
 
That all looks right, and certainly if it worked on the old box there should be no coding issues.  So what we know is that it is posting via SSL and getting response, so SSL issues can pretty much be ruled out.  
 
Things I would check for:
a) make sure that it is definitely pointing at the cam, not a cas
b) try using the username and password you use to log into the web interface of the cam to make changes.  For us the username is admin, although I don't know if we set that or if that was a default thing
c) try running the script from the console (ssh wherever the script runs and just say `php scriptname.php`)
d) trying forcing the post to be http 1.1 instead of 1.0
e) make sure that the box youre on can resolve the hostname of the cam, and that it is properly registered in dns.  it could cause an issue if the box was bob.yourschool.edu but it resolved to www.bob.yourschool.edu.  
 
I cut out as much as possible to make a test script with php:
http://oak.conncoll.edu/~aclan/public/code_samples/nofrills_api.phps
 
Ah, here's a good test!  I was typing up about writing a authentcation by session demo tomorrow then it got me to thinking.  Is the auth failing when you try to run your function (ie add a mac with "auth by function"), or on actual login (adminlogin function)?  If you do a:

<?
echo <pre>";
print_r($buffer);
?>
 
somewhere before the output starts to get parsed you can see the raw stuff sent from the server.  Is it setting the session id at all?  
 
I don't know what your school's security policy is, but if all else fails I'd be more than happy to vpn in and troubleshoot for you.  kinda curious if nothing else.
 
We're not running 4.1 here and don't have plans to do it in the immediate future, although it maybe something that gets kicked around for the december break.  
Regards,

Alex Lanstein
Senior Software Engineer, Transitional Data Services
Help Desk/Network Junkie, Connecticut College
Chief Coffee Drinker, LBCCHosting
860-625-4277
[log in to unmask]

________________________________

From: Cisco Clean Access Users and Administrators on behalf of Brad Kramer
Sent: Thu 11/30/2006 11:19 AM
To: [log in to unmask]
Subject: Re: 4.1 and API


Sorry-
I had posted on the wrong thread at first---

Anyways- 

This code has worked in the past, and just to be sure I restored it from backup. The code is located on another server, I would rather not put my personal code on the CCA servers, I am trying to keep it with the web server. Anyways, the code included, is an included file that has all the functions I have ever used with the cam api. ALL of them had been working prior to 4.1. There is probably something I am missing, but I cant figure it out. The example perl script that I posted on Monday or Tuesday works fine from the same machine, so I know it isnt because the scripts are on a different machine.


By the way, I don't remember whose code this is, but I know I got it from someone on this list, and again thanks for it, it has saved my bacon numerous times.

-----begin attached code-----

<?php

##
## CAM/CCA functions in PHP.
##

#include_once('functions.php');
#db_connect();

function cam_post_data_to_manager($post)
{

// in my CAM stuff I actually keep it all in a database
// fetch CAM login credentials from db->config
/*
$query = mysql_query("SELECT cam_admin_username,cam_admin_password,cam_hostname FROM config WHERE id = '1'");
$row = mysql_fetch_row($query);
$cam_admin_username = $row[0];
$cam_admin_password = $row[1];
$cam_hostname       = $row[2];
*/
// the format here is very important
$cam_admin_username = "xxxxxxxx";
$cam_admin_password = "xxxxxxxx";
### EX: hostname.yourschool.edu
$cam_hostname       = "xxxxxxxxxxxxxx";
$file="/admin/cisco_api.jsp?";
$login_by_function="&admin=" . $cam_admin_username . "&passwd=" . $cam_admin_password;
// use the standard POST format.  file.php?var1=test&var2=anything&var3=1337
$data = $file . $post . $login_by_function;
// Build the header
$header = "POST $data HTTP/1.0\r\n";
$header .= "Host: $cam_hostname\r\n";
$header .= "Content-type: text/html\r\n";
### this is necessary for the RFC
### but it slows it down by a factor of 50.
### splain that one, cisco.
#$header .= "Content-length: " . strlen($data) . "\r\n";
$header .= "Connection: close\r\n\r\n";

$connection = pfsockopen("ssl://$cam_hostname", 443, $errno, $errstr);
if ($connection)
{ 
        // fwrite() does the actual work
        fwrite($connection, $header);
        // while there is data, loop and add it to $buffer
        while (!feof($connection)) $buffer .= fgets($connection,128);
        fclose($connection);
        // clean up the output.  CAM displays output in 'hidden' html comments
        $buffer = str_replace("<!--", "<br /><br />", $buffer);
        $buffer = str_replace("-->", "", $buffer);
        return array ("TRUE", "$buffer");
}
else 
        return array ("FALSE", "$errno---$errstr");
} // close cam_post_data_to_manager()

function cam_add_local_user($dest,$carrier) {
include_once('sms_functions.php');
srand((double)microtime()*1000000);  
$pass =  rand(0,100000); 
$user = "Guest" . rand(0,1000);

$post = "op=addlocaluser&username=$user&userpass=$pass&userrole=Guest";

list ($return, $output) = cam_post_data_to_manager($post);
$return = send_sms_msg($dest,$user,$pass,$carrier);
        return $user;
}

function delete_local_user($username)
{
$post = "op=deletelocaluser&qtype=name&qval=$username";
list ($return, $output) = cam_post_data_to_manager($post);
        return $post;
#       return $output;
}


function cam_get_user_info_by_mac_address($mac_address)
{
$post = "op=getuserinfo&qtype=mac&qval=$mac_address";
list ($return, $output) = cam_post_data_to_manager($post);
        return cam_get_comma_seperated_information_only($output);
} // close cam_get_user_info_by_mac_address()

function cam_get_user_info_by_ip_address($ip_address)
{
$post = "op=getuserinfo&qtype=ip&qval=$ip_address";
list ($return, $output) = cam_post_data_to_manager($post);
        return cam_get_comma_seperated_information_only($output);
} // close cam_get_user_info_by_mac_address()

function cam_kick_user_by_ip_address($ip_address)
{
$post = "op=kickuser&ip=$ip_address";
list ($return, $output) = cam_post_data_to_manager($post);
        return $output;
} 

function cam_add_exempted_device($mac_address, $description)
{
$post = "op=addmac&mac=$mac_address&type=userole&role=gaming&desc=$description";
list ($return, $output) = cam_post_data_to_manager($post);
        return $post;
#       return $output;
} 

function cam_get_comma_seperated_information_only($string)
{
$string = substr($string, strpos($string, "IP="), strlen($string));
if ( (!strstr($string, "MAC=")) && (!strstr($string, "IP=")) )
        return "NOT LOGGED IN";
else
{
        $cam_returned_string = split(",", $string);
        return $cam_returned_string;
}
}

function get_ip_address_from_computer_accessing_this_page()
{
return $_SERVER["REMOTE_ADDR"];
}


?>


On 11/30/06 11:01 AM, "John Truelove" <[log in to unmask]> wrote:



	Did you place your registration page on the CAM ?
	 
	Are you using https for your registration page ?
	 
	If so, then the ssl.conf on the 4.1 CAM will need to be changed to reflect those pages.
	/perfigo/control/apache/conf/ssl.conf   I think is the location.
	 
	What, if any, error messages are you getting ?
	 
	Sample of your code would help.
	 
	John
	 
	 
	 
	John Truelove
	OIT Network Engineer - CCNP
	Indiana State University
	210 N 7th Street, Tirey Hall Rm 65
	Terre Haute, IN 47809
	812-237-4921
	
	*******************************************************************************************************************************************************
	This email, and any attachments, thereto, is intended only for use by the addressee(s) named herein and may contain privileged 
	and/or confidential information.  If you are not the intended recipient of this email, you are hereby notified that any dissemination, 
	distribution or copying of this email, and any attachments thereto, is strictly prohibited.
	*******************************************************************************************************************************************************
	
	
	>>> Brad Kramer <[log in to unmask]> 11/30/2006 10:01 AM >>>
	OK, as far as my API is concerned, I have gotten the perl calls to work and I have restored my confidence that my API is not FUBAR, but heres the issue,
	I am not a coder and well, the wonderful web based registration page that I have made to register xBoxes PS2's and everything else still doesn't work. Does anyone have any examples that they would be willing to share?
	
	Thanks!
	
	
	-------------
	Bradley W. Kramer
	Network Analyst
	Ashland University
	(419) 289-5405
	[log in to unmask]
	
	
	



-------------
Bradley W. Kramer
Network Analyst
Ashland University
(419) 289-5405
[log in to unmask]

ATOM RSS1 RSS2