Hello,
I just noticed this problem as well. We are using the API to handle
game console registrations (from Alex Lanstein's Code) and noticed today
that our code too doesn't work. We've tried appending the curl code from
John's email but that doesn't seem to work either. Our setup has the
registration page scripts running on an IIS server, perhaps the code
needs to be modified to reflect that change (although based on the
variables, it looks like it's rather independent).
Any information would be greatly appreciated.
Simon
>>>
From: "Lanstein, Alex C" <[log in to unmask]>
To: <[log in to unmask]>
Date: 12/5/2006 11:36 AM
Subject: Re: 4.1 and API
I did just try your code against our cam (4.0.1.0) and it worked fine.
I called that function to create a local user and it worked without
complaining.
Does the password you're using to authenticate have any funky
characters? There may be a new bug introduced in how the password gets
handled in the api in the new cca. Possibly try it with only
alphanumerics? Just throwing out ideas now.
curl is certainly an option. there are definitely cases where it is
a)necessary or b) way easier, but this isn't really one of them
acl
________________________________
From: Cisco Clean Access Users and Administrators on behalf of Brad
Kramer
Sent: Tue 12/5/2006 10:43 AM
To: [log in to unmask]
Subject: Re: 4.1 and API
John-
Thanks a ton! I guess I could have used curl, that would have made so
much
more sense than what I was doing. I really appreciate all your help
and
assistance!!
Thanks again!
-Brad Kramer
On 12/5/06 8:43 AM, "John Truelove" <[log in to unmask]>
wrote:
> Brad,
>
> It took me some searching, I knew I had some code that I used like
this
> before (from 2003).
>
> This basically calls the /admin/login.jsp file with id, passwd, and
the
> submit button.
> Once logged in then it calls the cisco_api.jsp
>
> I will leave the rest up to you.
>
>
> <?
> session_start();
>
> $id = "youradmin";
> $pw = "yourpassword";
> $btn = "login";
> $host = "ipaddress or hostname";
> $op = "getuserinfo";
> $qtype = "all";
> $qval = "all";
>
> $ch = curl_init();
> curl_setopt($ch, CURLOPT_COOKIEJAR, "host.cookie");
> curl_setopt($ch, CURLOPT_COOKIEFILE, "host.cookie");
> curl_setopt($ch, CURLOPT_URL,"https://$host/admin/login.jsp");
> curl_setopt($ch, CURLOPT_POST, 1);
> curl_setopt($ch, CURLOPT_POSTFIELDS,
> "admin=$id&passwd=$pw&$btn=login");
> curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, FALSE);
>
> ob_start();
> $result = curl_exec ($ch);
> ob_end_clean();
>
> curl_close ($ch);
>
> $apiUrl = "https://$host/admin/cisco_api.jsp?";
> $params = "op=$op&qtype=$qtype&qval=$qval&admin=$id&passwd=$pw&";
>
> $ch = curl_init();
> curl_setopt($ch, CURLOPT_COOKIEFILE, "host.cookie");
> curl_setopt($ch, CURLOPT_URL,"$apiUrl$params");
> curl_setopt($ch, CURLOPT_POST, 1);
> curl_setopt($ch, CURLOPT_POSTFIELDS,
> "admin=$id&passwd=$pw&$btn=login");
> curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, FALSE);
>
> $result = curl_exec ($ch);
>
> curl_close ($ch);
>
> print $result;
>
> ?>
> It worked on my setup. Hope that helps.
>
>
> John
>
>
>
>
> Well, to be honest, I am glad it isn't just me having problems with
> that
> script... I appreciate any help you can give me, but I don't want
you
> to
> have to spend a ton of time on it. I am in the same boat where PERL
> scripts
> work fine, but none of the PHP scripts work well.
>
> Let me know what you find out, I am going to be spending a lot of
time
> on it
> today, so if I find anything out I will let you know.
>
> -Brad
>
>
> On 12/1/06 7:45 PM, "John Truelove" <[log in to unmask]>
> wrote:
>
>> Brad,
>>
>> I tried putting your code on one of my servers and I am getting the
> same
>> thing.
>>
>> I have Perl scripts that work fine with the 4.1 API. I ran out of
> time
>> (Friday 4:30pm thing).
>> The logs on the CAM for the POST look the same for both Perl and
PHP,
> so
>> I am not sure what is going on.
>>
>> I will try working with the PHP code on Monday.
>>
>> John
>>
>>
>>
>> John Truelove
>> OIT Network Engineer - CCNP
>> Indiana State University
>> 210 N 7th Street, Rankin Rm 54
>> Terre Haute, IN 47809
>> 812-237-4921
>>
>>
>
******************************************************************************
>>
>
*************************************************************************
>> This email, and any attachments, thereto, is intended only for use
> by
>> the addressee(s) named herein and may contain privileged
>> and/or confidential information. If you are not the intended
> recipient
>> of this email, you are hereby notified that any dissemination,
>> distribution or copying of this email, and any attachments thereto,
> is
>> strictly prohibited.
>>
>
******************************************************************************
>>
>
*************************************************************************
>>
>
> John Truelove
> OIT Network Engineer - CCNP
> Indiana State University
> 210 N 7th Street, Tirey Hall Rm 65
> Terre Haute, IN 47809
> 812-237-4921
>
>
******************************************************************************
>
*************************************************************************
> This email, and any attachments, thereto, is intended only for use
by
> the addressee(s) named herein and may contain privileged
> and/or confidential information. If you are not the intended
recipient
> of this email, you are hereby notified that any dissemination,
> distribution or copying of this email, and any attachments thereto,
is
> strictly prohibited.
>
******************************************************************************
>
*************************************************************************
>
>>>>> Brad Kramer <[log in to unmask]> 12/01/06 2:43 PM >>>
>> Still no dice---
>> The API command line looks good, I am wondering if my API has
> something
>> bad
>> going on inside it... From the apache logs on the CAM, I get the
> full
>> post
>> message, I just don't understand it, can anyone send me the api jsp
> via
>> private email??
>>
>> Thanks!
>>
>> -Brad
>>
>>
>> On 12/1/06 11:49 AM, "Lanstein, Alex C" <[log in to unmask]> wrote:
>>
>>> I don't think you're posting to the cisco_api.jsp file. That
looks
>> like the
>>> login page (which you'd get redirected to with a bad url). The
> test
>> string
>>> uses the getoob function...maybe you guys arent running out of
> band.
>> So i'd
>>> try two things
>>>
>>> 1) try changing $post to something like "op=adminlogin"
>>> 2) after $data gets built, echo it out. it should look something
>> like:
>>> /admin/cisco_api.jsp?op=adminlogin&user=admin&passwd=pass
>>>
>>> try to surf to that page from a web browser...it should just bring
> up
>> a list
>>> of the normal api
>>>
>>>
>>> Regards,
>>>
>>> Alex Lanstein
>>> Senior Software Engineer, Transitional Data Services
>>> Help Desk/Network Junkie, Connecticut College
>>> Chief Coffee Drinker, LBCCHosting
>>> 860-625-4277
>>> [log in to unmask]
>>>
>>>
>>>
>>> -----Original Message-----
>>> From: Cisco Clean Access Users and Administrators on behalf of
Brad
>> Kramer
>>> Sent: Fri 12/1/2006 9:52 AM
>>> To: [log in to unmask]
>>> Subject: Re: 4.1 and API
>>>
>>> If I don't get this figured out today, I would love to continue
> this
>> via
>>> private email, and we could possibly discuss VPN, but in the mean
>> time,
>>> tried the script you sent, I put my username/password in there,
and
> I
>> get
>>> some funny output... Check this out:
>>>
>>> -------begin source dump---------
>>>
>>>
>>>
>>> <pre>HTTP/1.1 200 OK
>>> Date: Fri, 01 Dec 2006 14:46:38 GMT
>>> Server: Apache
>>> Set-Cookie: JSESSIONID=6BAE2D1B0D775D82AEEA58AE82C2E9B1;
> Path=/admin;
>> Secure
>>> Content-Length: 1726
>>> Connection: close
>>> Content-Type: text/html;charset=ISO-8859-1
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>> <!-- pt>
>>> <br /><br />
>>> function sf(){document.f.admin.focus();}
>>>
>>> function doUpdateWarning()
>>> {
>>> alert("The system detects that it has just been upgraded to a
>> newer
>>> version. It is now trying to connect to the Cisco server to get
the
>>> checks/rules and AV/AS support list update. It might take a few
>> minutes.");
>>> return true;
>>> }
>>>
>>> </scr -->
>>> <html>
>>> <head>
>>>
>>> <meta http-equiv="Content-Type" content="text/html;
>> charset=ISO-8859-1">
>>> <meta http-equiv="Cache-Control" content="no-cache">
>>> <link rel="STYLESHEET" type="text/css" href="admin.css" />
>>>
>>> <!-- pt language="javascript">
>>> <br /><br />
>>> parent.admin_header.location="/admin/header.jsp"
>>> parent.nav.location="/admin/nav.jsp"
>>> //
>>> </scr -->
>>> </head>
>>> <body onload=sf() >
>>>
>>> <br><br>
>>> <center>
>>> <form action="/admin/login.jsp" method="post" name="f">
>>> <table border="1" cellpadding="0" cellspacing="0"
> width="60%"><tr><td
>>> width="100%">
>>> <table border="0" cellpadding="4" cellspacing="0"
> style="font-family:
>>> verdana; font-size: 9pt; margin-left: 9px; width:300pt">
>>> <tr>
>>> <td colspan="2"><font color="red"></font></td>
>>> </tr>
>>> <tr>
>>> <td width="40%">Admin User Name</td>
>>> <td width="60%"><input type="text" name="admin" size="24"
>> /></td>
>>> </tr>
>>> <tr>
>>> <td width="40%">Password</td>
>>> <td width="60%"><input type="password" name="passwd"
> size="24"
>>> /></td>
>>> </tr>
>>> <tr>
>>> <td width="40%"> </td>
>>> <td width="60%"><input type="submit" name="login" value="
>> Login
>>> " /></td>
>>> </tr>
>>> </table>
>>> </td></tr></table>
>>> </form>
>>> </center>
>>>
>>> </table>
>>>
>>> <!-- pt language="javascript">
>>> <br /><br />
>>> top.nav.highlightByRightFramePage(document.location.pathname,
>> "m_default");
>>> //
>>> </scr -->
>>>
>>> </body>
>>> </html>
>>>
>>>
>>>
>>>
>>> ------- end dump---------
>>>
>>>
>>> That is the source of the html that gets returned to me.... It is
>> telling me
>>> in a script that it has been upgraded recently, and that it needs
> to
>>> download new rules, I manually did that, and it is still giving me
> the
>> same
>>> message... Anyone have any ideas???
>>>
>>> Thanks for your help!
>>>
>>>
>>> --Brad
>>>
>>>
>>>
>>>
>>>
>>> On 11/30/06 1:07 PM, "Lanstein, Alex C" <[log in to unmask]>
wrote:
>>>
>>>> Hey Brad,
>>>>
>>>> That all looks right, and certainly if it worked on the old box
> there
>> should
>>>> be no coding issues. So what we know is that it is posting via
> SSL
>> and
>>>> getting response, so SSL issues can pretty much be ruled out.
>>>>
>>>> Things I would check for:
>>>> a) make sure that it is definitely pointing at the cam, not a cas
>>>> b) try using the username and password you use to log into the
web
>> interface
>>>> of the cam to make changes. For us the username is admin,
although
> I
>> don't
>>>> know if we set that or if that was a default thing
>>>> c) try running the script from the console (ssh wherever the
> script
>> runs and
>>>> just say `php scriptname.php`)
>>>> d) trying forcing the post to be http 1.1 instead of 1.0
>>>> e) make sure that the box youre on can resolve the hostname of
the
>> cam, and
>>>> that it is properly registered in dns. it could cause an issue
if
>> the box
>>>> was
>>>> bob.yourschool.edu but it resolved to www.bob.yourschool.edu.
>>>>
>>>> I cut out as much as possible to make a test script with php:
>>>>
> http://oak.conncoll.edu/~aclan/public/code_samples/nofrills_api.phps
>
>>>>
>>>> Ah, here's a good test! I was typing up about writing a
>> authentcation by
>>>> session demo tomorrow then it got me to thinking. Is the auth
>> failing when
>>>> you try to run your function (ie add a mac with "auth by
> function"),
>> or on
>>>> actual login (adminlogin function)? If you do a:
>>>>
>>>> <?
>>>> echo <pre>";
>>>> print_r($buffer);
>>>> ?>
>>>>
>>>> somewhere before the output starts to get parsed you can see the
> raw
>> stuff
>>>> sent from the server. Is it setting the session id at all?
>>>>
>>>> I don't know what your school's security policy is, but if all
> else
>> fails I'd
>>>> be more than happy to vpn in and troubleshoot for you. kinda
> curious
>> if
>>>> nothing else.
>>>>
>>>> We're not running 4.1 here and don't have plans to do it in the
>> immediate
>>>> future, although it maybe something that gets kicked around for
> the
>> december
>>>> break.
>>>> Regards,
>>>>
>>>> Alex Lanstein
>>>> Senior Software Engineer, Transitional Data Services
>>>> Help Desk/Network Junkie, Connecticut College
>>>> Chief Coffee Drinker, LBCCHosting
>>>> 860-625-4277
>>>> [log in to unmask]
>>>>
>>>> ________________________________
>>>>
>>>> From: Cisco Clean Access Users and Administrators on behalf of
> Brad
>> Kramer
>>>> Sent: Thu 11/30/2006 11:19 AM
>>>> To: [log in to unmask]
>>>> Subject: Re: 4.1 and API
>>>>
>>>>
>>>> Sorry-
>>>> I had posted on the wrong thread at first---
>>>>
>>>> Anyways-
>>>>
>>>> This code has worked in the past, and just to be sure I restored
> it
>> from
>>>> backup. The code is located on another server, I would rather not
> put
>> my
>>>> personal code on the CCA servers, I am trying to keep it with the
> web
>> server.
>>>> Anyways, the code included, is an included file that has all the
>> functions I
>>>> have ever used with the cam api. ALL of them had been working
> prior
>> to 4.1.
>>>> There is probably something I am missing, but I cant figure it
> out.
>> The
>>>> example perl script that I posted on Monday or Tuesday works fine
>> from the
>>>> same machine, so I know it isnt because the scripts are on a
>> different
>>>> machine.
>>>>
>>>>
>>>> By the way, I don't remember whose code this is, but I know I got
> it
>> from
>>>> someone on this list, and again thanks for it, it has saved my
> bacon
>> numerous
>>>> times.
>>>>
>>>> -----begin attached code-----
>>>>
>>>> <?php
>>>>
>>>> ##
>>>> ## CAM/CCA functions in PHP.
>>>> ##
>>>>
>>>> #include_once('functions.php');
>>>> #db_connect();
>>>>
>>>> function cam_post_data_to_manager($post)
>>>> {
>>>>
>>>> // in my CAM stuff I actually keep it all in a database
>>>> // fetch CAM login credentials from db->config
>>>> /*
>>>> $query = mysql_query("SELECT
>>>> cam_admin_username,cam_admin_password,cam_hostname FROM config
> WHERE
>> id =
>>>> '1'");
>>>> $row = mysql_fetch_row($query);
>>>> $cam_admin_username = $row[0];
>>>> $cam_admin_password = $row[1];
>>>> $cam_hostname = $row[2];
>>>> */
>>>> // the format here is very important
>>>> $cam_admin_username = "xxxxxxxx";
>>>> $cam_admin_password = "xxxxxxxx";
>>>> ### EX: hostname.yourschool.edu
>>>> $cam_hostname = "xxxxxxxxxxxxxx";
>>>> $file="/admin/cisco_api.jsp?";
>>>> $login_by_function="&admin=" . $cam_admin_username . "&passwd=" .
>>>> $cam_admin_password;
>>>> // use the standard POST format.
>> file.php?var1=test&var2=anything&var3=1337
>>>> $data = $file . $post . $login_by_function;
>>>> // Build the header
>>>> $header = "POST $data HTTP/1.0\r\n";
>>>> $header .= "Host: $cam_hostname\r\n";
>>>> $header .= "Content-type: text/html\r\n";
>>>> ### this is necessary for the RFC
>>>> ### but it slows it down by a factor of 50.
>>>> ### splain that one, cisco.
>>>> #$header .= "Content-length: " . strlen($data) . "\r\n";
>>>> $header .= "Connection: close\r\n\r\n";
>>>>
>>>> $connection = pfsockopen("ssl://$cam_hostname", 443, $errno,
>> $errstr);
>>>> if ($connection)
>>>> {
>>>> // fwrite() does the actual work
>>>> fwrite($connection, $header);
>>>> // while there is data, loop and add it to $buffer
>>>> while (!feof($connection)) $buffer .=
> fgets($connection,128);
>>>> fclose($connection);
>>>> // clean up the output. CAM displays output in 'hidden'
> html
>>>> comments
>>>> $buffer = str_replace("<!--", "<br /><br />", $buffer);
>>>> $buffer = str_replace("-->", "", $buffer);
>>>> return array ("TRUE", "$buffer");
>>>> }
>>>> else
>>>> return array ("FALSE", "$errno---$errstr");
>>>> } // close cam_post_data_to_manager()
>>>>
>>>> function cam_add_local_user($dest,$carrier) {
>>>> include_once('sms_functions.php');
>>>> srand((double)microtime()*1000000);
>>>> $pass = rand(0,100000);
>>>> $user = "Guest" . rand(0,1000);
>>>>
>>>> $post =
>> "op=addlocaluser&username=$user&userpass=$pass&userrole=Guest";
>>>>
>>>> list ($return, $output) = cam_post_data_to_manager($post);
>>>> $return = send_sms_msg($dest,$user,$pass,$carrier);
>>>> return $user;
>>>> }
>>>>
>>>> function delete_local_user($username)
>>>> {
>>>> $post = "op=deletelocaluser&qtype=name&qval=$username";
>>>> list ($return, $output) = cam_post_data_to_manager($post);
>>>> return $post;
>>>> # return $output;
>>>> }
>>>>
>>>>
>>>> function cam_get_user_info_by_mac_address($mac_address)
>>>> {
>>>> $post = "op=getuserinfo&qtype=mac&qval=$mac_address";
>>>> list ($return, $output) = cam_post_data_to_manager($post);
>>>> r
-------------
Bradley W. Kramer
Network Analyst
Ashland University
(419) 289-5405
[log in to unmask]
|
