Still no dice---
The API command line looks good, I am wondering if my API has something bad
going on inside it... From the apache logs on the CAM, I get the full post
message, I just don't understand it, can anyone send me the api jsp via
private email??
Thanks!
-Brad
On 12/1/06 11:49 AM, "Lanstein, Alex C" <[log in to unmask]> wrote:
> I don't think you're posting to the cisco_api.jsp file. That looks like the
> login page (which you'd get redirected to with a bad url). The test string
> uses the getoob function...maybe you guys arent running out of band. So i'd
> try two things
>
> 1) try changing $post to something like "op=adminlogin"
> 2) after $data gets built, echo it out. it should look something like:
> /admin/cisco_api.jsp?op=adminlogin&user=admin&passwd=pass
>
> try to surf to that page from a web browser...it should just bring up a list
> of the normal api
>
>
> Regards,
>
> Alex Lanstein
> Senior Software Engineer, Transitional Data Services
> Help Desk/Network Junkie, Connecticut College
> Chief Coffee Drinker, LBCCHosting
> 860-625-4277
> [log in to unmask]
>
>
>
> -----Original Message-----
> From: Cisco Clean Access Users and Administrators on behalf of Brad Kramer
> Sent: Fri 12/1/2006 9:52 AM
> To: [log in to unmask]
> Subject: Re: 4.1 and API
>
> If I don't get this figured out today, I would love to continue this via
> private email, and we could possibly discuss VPN, but in the mean time,
> tried the script you sent, I put my username/password in there, and I get
> some funny output... Check this out:
>
> -------begin source dump---------
>
>
>
> <pre>HTTP/1.1 200 OK
> Date: Fri, 01 Dec 2006 14:46:38 GMT
> Server: Apache
> Set-Cookie: JSESSIONID=6BAE2D1B0D775D82AEEA58AE82C2E9B1; Path=/admin; Secure
> Content-Length: 1726
> Connection: close
> Content-Type: text/html;charset=ISO-8859-1
>
>
>
>
>
>
>
> <script>
> <br /><br />
> function sf(){document.f.admin.focus();}
>
> function doUpdateWarning()
> {
> alert("The system detects that it has just been upgraded to a newer
> version. It is now trying to connect to the Cisco server to get the
> checks/rules and AV/AS support list update. It might take a few minutes.");
> return true;
> }
>
> </script>
> <html>
> <head>
>
> <meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
> <meta http-equiv="Cache-Control" content="no-cache">
> <link rel="STYLESHEET" type="text/css" href="admin.css" />
>
> <script language="javascript">
> <br /><br />
> parent.admin_header.location="/admin/header.jsp"
> parent.nav.location="/admin/nav.jsp"
> //
> </script>
> </head>
> <body onload=sf() >
>
> <br><br>
> <center>
> <form action="/admin/login.jsp" method="post" name="f">
> <table border="1" cellpadding="0" cellspacing="0" width="60%"><tr><td
> width="100%">
> <table border="0" cellpadding="4" cellspacing="0" style="font-family:
> verdana; font-size: 9pt; margin-left: 9px; width:300pt">
> <tr>
> <td colspan="2"><font color="red"></font></td>
> </tr>
> <tr>
> <td width="40%">Admin User Name</td>
> <td width="60%"><input type="text" name="admin" size="24" /></td>
> </tr>
> <tr>
> <td width="40%">Password</td>
> <td width="60%"><input type="password" name="passwd" size="24"
> /></td>
> </tr>
> <tr>
> <td width="40%"> </td>
> <td width="60%"><input type="submit" name="login" value=" Login
> " /></td>
> </tr>
> </table>
> </td></tr></table>
> </form>
> </center>
>
> </table>
>
> <script language="javascript">
> <br /><br />
> top.nav.highlightByRightFramePage(document.location.pathname, "m_default");
> //
> </script>
>
> </body>
> </html>
>
>
>
>
> ------- end dump---------
>
>
> That is the source of the html that gets returned to me.... It is telling me
> in a script that it has been upgraded recently, and that it needs to
> download new rules, I manually did that, and it is still giving me the same
> message... Anyone have any ideas???
>
> Thanks for your help!
>
>
> --Brad
>
>
>
>
>
> On 11/30/06 1:07 PM, "Lanstein, Alex C" <[log in to unmask]> wrote:
>
>> Hey Brad,
>>
>> That all looks right, and certainly if it worked on the old box there should
>> be no coding issues. So what we know is that it is posting via SSL and
>> getting response, so SSL issues can pretty much be ruled out.
>>
>> Things I would check for:
>> a) make sure that it is definitely pointing at the cam, not a cas
>> b) try using the username and password you use to log into the web interface
>> of the cam to make changes. For us the username is admin, although I don't
>> know if we set that or if that was a default thing
>> c) try running the script from the console (ssh wherever the script runs and
>> just say `php scriptname.php`)
>> d) trying forcing the post to be http 1.1 instead of 1.0
>> e) make sure that the box youre on can resolve the hostname of the cam, and
>> that it is properly registered in dns. it could cause an issue if the box
>> was
>> bob.yourschool.edu but it resolved to www.bob.yourschool.edu.
>>
>> I cut out as much as possible to make a test script with php:
>> http://oak.conncoll.edu/~aclan/public/code_samples/nofrills_api.phps
>>
>> Ah, here's a good test! I was typing up about writing a authentcation by
>> session demo tomorrow then it got me to thinking. Is the auth failing when
>> you try to run your function (ie add a mac with "auth by function"), or on
>> actual login (adminlogin function)? If you do a:
>>
>> <?
>> echo <pre>";
>> print_r($buffer);
>> ?>
>>
>> somewhere before the output starts to get parsed you can see the raw stuff
>> sent from the server. Is it setting the session id at all?
>>
>> I don't know what your school's security policy is, but if all else fails I'd
>> be more than happy to vpn in and troubleshoot for you. kinda curious if
>> nothing else.
>>
>> We're not running 4.1 here and don't have plans to do it in the immediate
>> future, although it maybe something that gets kicked around for the december
>> break.
>> Regards,
>>
>> Alex Lanstein
>> Senior Software Engineer, Transitional Data Services
>> Help Desk/Network Junkie, Connecticut College
>> Chief Coffee Drinker, LBCCHosting
>> 860-625-4277
>> [log in to unmask]
>>
>> ________________________________
>>
>> From: Cisco Clean Access Users and Administrators on behalf of Brad Kramer
>> Sent: Thu 11/30/2006 11:19 AM
>> To: [log in to unmask]
>> Subject: Re: 4.1 and API
>>
>>
>> Sorry-
>> I had posted on the wrong thread at first---
>>
>> Anyways-
>>
>> This code has worked in the past, and just to be sure I restored it from
>> backup. The code is located on another server, I would rather not put my
>> personal code on the CCA servers, I am trying to keep it with the web server.
>> Anyways, the code included, is an included file that has all the functions I
>> have ever used with the cam api. ALL of them had been working prior to 4.1.
>> There is probably something I am missing, but I cant figure it out. The
>> example perl script that I posted on Monday or Tuesday works fine from the
>> same machine, so I know it isnt because the scripts are on a different
>> machine.
>>
>>
>> By the way, I don't remember whose code this is, but I know I got it from
>> someone on this list, and again thanks for it, it has saved my bacon numerous
>> times.
>>
>> -----begin attached code-----
>>
>> <?php
>>
>> ##
>> ## CAM/CCA functions in PHP.
>> ##
>>
>> #include_once('functions.php');
>> #db_connect();
>>
>> function cam_post_data_to_manager($post)
>> {
>>
>> // in my CAM stuff I actually keep it all in a database
>> // fetch CAM login credentials from db->config
>> /*
>> $query = mysql_query("SELECT
>> cam_admin_username,cam_admin_password,cam_hostname FROM config WHERE id =
>> '1'");
>> $row = mysql_fetch_row($query);
>> $cam_admin_username = $row[0];
>> $cam_admin_password = $row[1];
>> $cam_hostname = $row[2];
>> */
>> // the format here is very important
>> $cam_admin_username = "xxxxxxxx";
>> $cam_admin_password = "xxxxxxxx";
>> ### EX: hostname.yourschool.edu
>> $cam_hostname = "xxxxxxxxxxxxxx";
>> $file="/admin/cisco_api.jsp?";
>> $login_by_function="&admin=" . $cam_admin_username . "&passwd=" .
>> $cam_admin_password;
>> // use the standard POST format. file.php?var1=test&var2=anything&var3=1337
>> $data = $file . $post . $login_by_function;
>> // Build the header
>> $header = "POST $data HTTP/1.0\r\n";
>> $header .= "Host: $cam_hostname\r\n";
>> $header .= "Content-type: text/html\r\n";
>> ### this is necessary for the RFC
>> ### but it slows it down by a factor of 50.
>> ### splain that one, cisco.
>> #$header .= "Content-length: " . strlen($data) . "\r\n";
>> $header .= "Connection: close\r\n\r\n";
>>
>> $connection = pfsockopen("ssl://$cam_hostname", 443, $errno, $errstr);
>> if ($connection)
>> {
>> // fwrite() does the actual work
>> fwrite($connection, $header);
>> // while there is data, loop and add it to $buffer
>> while (!feof($connection)) $buffer .= fgets($connection,128);
>> fclose($connection);
>> // clean up the output. CAM displays output in 'hidden' html
>> comments
>> $buffer = str_replace("<!--", "<br /><br />", $buffer);
>> $buffer = str_replace("-->", "", $buffer);
>> return array ("TRUE", "$buffer");
>> }
>> else
>> return array ("FALSE", "$errno---$errstr");
>> } // close cam_post_data_to_manager()
>>
>> function cam_add_local_user($dest,$carrier) {
>> include_once('sms_functions.php');
>> srand((double)microtime()*1000000);
>> $pass = rand(0,100000);
>> $user = "Guest" . rand(0,1000);
>>
>> $post = "op=addlocaluser&username=$user&userpass=$pass&userrole=Guest";
>>
>> list ($return, $output) = cam_post_data_to_manager($post);
>> $return = send_sms_msg($dest,$user,$pass,$carrier);
>> return $user;
>> }
>>
>> function delete_local_user($username)
>> {
>> $post = "op=deletelocaluser&qtype=name&qval=$username";
>> list ($return, $output) = cam_post_data_to_manager($post);
>> return $post;
>> # return $output;
>> }
>>
>>
>> function cam_get_user_info_by_mac_address($mac_address)
>> {
>> $post = "op=getuserinfo&qtype=mac&qval=$mac_address";
>> list ($return, $output) = cam_post_data_to_manager($post);
>> return cam_get_comma_seperated_information_only($output);
>> } // close cam_get_user_info_by_mac_address()
>>
>> function cam_get_user_info_by_ip_address($ip_address)
>> {
>> $post = "op=getuserinfo&qtype=ip&qval=$ip_address";
>> list ($return, $output) = cam_post_data_to_manager($post);
>> return cam_get_comma_seperated_information_only($output);
>> } // close cam_get_user_info_by_mac_address()
>>
>> function cam_kick_user_by_ip_address($ip_address)
>> {
>> $post = "op=kickuser&ip=$ip_address";
>> list ($return, $output) = cam_post_data_to_manager($post);
>> return $output;
>> }
>>
>> function cam_add_exempted_device($mac_address, $description)
>> {
>> $post =
>> "op=addmac&mac=$mac_address&type=userole&role=gaming&desc=$description";
>> list ($return, $output) = cam_post_data_to_manager($post);
>> return $post;
>> # return $output;
>> }
>>
>> function cam_get_comma_seperated_information_only($string)
>> {
>> $string = substr($string, strpos($string, "IP="), strlen($string));
>> if ( (!strstr($string, "MAC=")) && (!strstr($string, "IP=")) )
>> return "NOT LOGGED IN";
>> else
>> {
>> $cam_returned_string = split(",", $string);
>> return $cam_returned_string;
>> }
>> }
>>
>> function get_ip_address_from_computer_accessing_this_page()
>> {
>> return $_SERVER["REMOTE_ADDR"];
>> }
>>
>>
>> ?>
>>
>>
>> On 11/30/06 11:01 AM, "John Truelove" <[log in to unmask]> wrote:
>>
>>
>>
>> Did you place your registration page on the CAM ?
>>
>> Are you using https for your registration page ?
>>
>> If so, then the ssl.conf on the 4.1 CAM will need to be changed to reflect
>> those pages.
>> /perfigo/control/apache/conf/ssl.conf I think is the location.
>>
>> What, if any, error messages are you getting ?
>>
>> Sample of your code would help.
>>
>> John
>>
>>
>>
>> John Truelove
>> OIT Network Engineer - CCNP
>> Indiana State University
>> 210 N 7th Street, Tirey Hall Rm 65
>> Terre Haute, IN 47809
>> 812-237-4921
>>
>>
*****************************************************************************>>
*
>> *************************************************************************
>> This email, and any attachments, thereto, is intended only for use by the
>> addressee(s) named herein and may contain privileged
>> and/or confidential information. If you are not the intended recipient of
>> this email, you are hereby notified that any dissemination,
>> distribution or copying of this email, and any attachments thereto, is
>> strictly prohibited.
>>
*****************************************************************************>>
*
>> *************************************************************************
>>
>>
>>>>> Brad Kramer <[log in to unmask]> 11/30/2006 10:01 AM >>>
>> OK, as far as my API is concerned, I have gotten the perl calls to work and I
>> have restored my confidence that my API is not FUBAR, but heres the issue,
>> I am not a coder and well, the wonderful web based registration page that I
>> have made to register xBoxes PS2's and everything else still doesn't work.
>> Does anyone have any examples that they would be willing to share?
>>
>> Thanks!
>>
>>
>> -------------
>> Bradley W. Kramer
>> Network Analyst
>> Ashland University
>> (419) 289-5405
>> [log in to unmask]
>>
>>
>>
>>
>>
>>
>> -------------
>> Bradley W. Kramer
>> Network Analyst
>> Ashland University
>> (419) 289-5405
>> [log in to unmask]
>
> -------------
> Bradley W. Kramer
> Network Analyst
> Ashland University
> (419) 289-5405
> [log in to unmask]
>
-------------
Bradley W. Kramer
Network Analyst
Ashland University
(419) 289-5405
[log in to unmask]
|