CLEANACCESS Archives

December 2006

CLEANACCESS@LISTSERV.MIAMIOH.EDU
Options: Use Monospaced Font
Show Text Part by Default
Show All Mail Headers

Message: [<< First] [< Prev] [Next >] [Last >>]
Topic: [<< First] [< Prev] [Next >] [Last >>]
Author: [<< First] [< Prev] [Next >] [Last >>]

Print Reply
Subject:
Re: 4.1 and API
From:
John Truelove <[log in to unmask]>
Reply To:
Cisco Clean Access Users and Administrators <[log in to unmask]>
Date:
Fri, 1 Dec 2006 19:45:12 -0500
Content-Type:
text/plain
Parts/Attachments:
text/plain (554 lines) 
Brad,

I tried putting your code on one of my servers and I am getting the same
thing.

I have Perl scripts that work fine with the 4.1 API.  I ran out of time
(Friday 4:30pm thing).
The logs on the CAM for the POST look the same for both Perl and PHP, so
I am not sure what is going on.

I will try working with the PHP code on Monday.

John



John Truelove
OIT Network Engineer - CCNP
Indiana State University
210 N 7th Street, Rankin Rm 54
Terre Haute, IN 47809
812-237-4921

*******************************************************************************************************************************************************
This email, and any attachments, thereto, is intended only for use by
the addressee(s) named herein and may contain privileged 
and/or confidential information.  If you are not the intended recipient
of this email, you are hereby notified that any dissemination, 
distribution or copying of this email, and any attachments thereto, is
strictly prohibited.
*******************************************************************************************************************************************************

>>> Brad Kramer <[log in to unmask]> 12/01/06 2:43 PM >>>
Still no dice---
The API command line looks good, I am wondering if my API has something
bad
going on inside it... From the apache logs on the CAM, I get the full
post
message, I just don't understand it, can anyone send me the api jsp via
private email??

Thanks!

-Brad


On 12/1/06 11:49 AM, "Lanstein, Alex C" <[log in to unmask]> wrote:

> I don't think you're posting to the cisco_api.jsp file.  That looks
like the
> login page (which you'd get redirected to with a bad url).  The test
string
> uses the getoob function...maybe you guys arent running out of band. 
So i'd
> try two things
> 
> 1) try changing $post to something like "op=adminlogin"
> 2) after $data gets built, echo it out.  it should look something
like:
> /admin/cisco_api.jsp?op=adminlogin&user=admin&passwd=pass
> 
> try to surf to that page from a web browser...it should just bring up
a list
> of the normal api
> 
> 
> Regards,
> 
> Alex Lanstein
> Senior Software Engineer, Transitional Data Services
> Help Desk/Network Junkie, Connecticut College
> Chief Coffee Drinker, LBCCHosting
> 860-625-4277
> [log in to unmask]
> 
> 
> 
> -----Original Message-----
> From: Cisco Clean Access Users and Administrators on behalf of Brad
Kramer
> Sent: Fri 12/1/2006 9:52 AM
> To: [log in to unmask]
> Subject: Re: 4.1 and API
>  
> If I don't get this figured out today, I would love to continue this
via
> private email, and we could possibly discuss VPN, but in the mean
time,
> tried the script you sent, I put my username/password in there, and I
get
> some funny output... Check this out:
> 
> -------begin source dump---------
> 
> 
> 
> <pre>HTTP/1.1 200 OK
> Date: Fri, 01 Dec 2006 14:46:38 GMT
> Server: Apache
> Set-Cookie: JSESSIONID=6BAE2D1B0D775D82AEEA58AE82C2E9B1; Path=/admin;
Secure
> Content-Length: 1726
> Connection: close
> Content-Type: text/html;charset=ISO-8859-1
> 
> 
> 
> 
> 
>  
> 
> <!-- pt>
> <br /><br />
> function sf(){document.f.admin.focus();}
> 
> function doUpdateWarning()
> {
>     alert("The system detects that it has just been upgraded to a
newer
> version. It is now trying to connect to the Cisco server to get the
> checks/rules and AV/AS support list update. It might take a few
minutes.");
>     return true;
> }
> 
> </scr -->
> <html>
> <head>
>     
> <meta http-equiv="Content-Type" content="text/html;
charset=ISO-8859-1">
> <meta http-equiv="Cache-Control" content="no-cache">
> <link rel="STYLESHEET" type="text/css" href="admin.css" />
> 
>     <!-- pt language="javascript">
>     <br /><br />
>         parent.admin_header.location="/admin/header.jsp"
>         parent.nav.location="/admin/nav.jsp"
>     //
>     </scr -->
> </head>
> <body onload=sf() >
> 
> <br><br>
> <center>
> <form action="/admin/login.jsp" method="post" name="f">
> <table border="1" cellpadding="0" cellspacing="0" width="60%"><tr><td
> width="100%">
> <table border="0" cellpadding="4" cellspacing="0" style="font-family:
> verdana; font-size: 9pt; margin-left: 9px; width:300pt">
>     <tr>
>         <td colspan="2"><font color="red"></font></td>
>     </tr>
>     <tr>
>         <td width="40%">Admin User Name</td>
>         <td width="60%"><input type="text" name="admin" size="24"
/></td>
>     </tr>
>     <tr>
>         <td width="40%">Password</td>
>         <td width="60%"><input type="password" name="passwd" size="24"
> /></td>
>     </tr>
>     <tr>
>         <td width="40%"> </td>
>         <td width="60%"><input type="submit" name="login" value="    
Login
> "  /></td>
>     </tr>
> </table>
> </td></tr></table>
> </form>
> </center>
> 
> </table>
> 
> <!-- pt language="javascript">
> <br /><br />
> top.nav.highlightByRightFramePage(document.location.pathname,
"m_default");
> //
> </scr -->
> 
> </body>
> </html>
> 
> 
> 
> 
> ------- end dump---------
> 
> 
> That is the source of the html that gets returned to me.... It is
telling me
> in a script that it has been upgraded recently, and that it needs to
> download new rules, I manually did that, and it is still giving me the
same
> message... Anyone have any ideas???
> 
> Thanks for your help!
> 
> 
> --Brad
> 
> 
> 
> 
> 
> On 11/30/06 1:07 PM, "Lanstein, Alex C" <[log in to unmask]> wrote:
> 
>> Hey Brad,
>>  
>> That all looks right, and certainly if it worked on the old box there
should
>> be no coding issues.  So what we know is that it is posting via SSL
and
>> getting response, so SSL issues can pretty much be ruled out.
>>  
>> Things I would check for:
>> a) make sure that it is definitely pointing at the cam, not a cas
>> b) try using the username and password you use to log into the web
interface
>> of the cam to make changes.  For us the username is admin, although I
don't
>> know if we set that or if that was a default thing
>> c) try running the script from the console (ssh wherever the script
runs and
>> just say `php scriptname.php`)
>> d) trying forcing the post to be http 1.1 instead of 1.0
>> e) make sure that the box youre on can resolve the hostname of the
cam, and
>> that it is properly registered in dns.  it could cause an issue if
the box
>> was
>> bob.yourschool.edu but it resolved to www.bob.yourschool.edu.
>>  
>> I cut out as much as possible to make a test script with php:
>> http://oak.conncoll.edu/~aclan/public/code_samples/nofrills_api.phps
>>  
>> Ah, here's a good test!  I was typing up about writing a
authentcation by
>> session demo tomorrow then it got me to thinking.  Is the auth
failing when
>> you try to run your function (ie add a mac with "auth by function"),
or on
>> actual login (adminlogin function)?  If you do a:
>> 
>> <?
>> echo <pre>";
>> print_r($buffer);
>> ?>
>>  
>> somewhere before the output starts to get parsed you can see the raw
stuff
>> sent from the server.  Is it setting the session id at all?
>>  
>> I don't know what your school's security policy is, but if all else
fails I'd
>> be more than happy to vpn in and troubleshoot for you.  kinda curious
if
>> nothing else.
>>  
>> We're not running 4.1 here and don't have plans to do it in the
immediate
>> future, although it maybe something that gets kicked around for the
december
>> break.  
>> Regards,
>> 
>> Alex Lanstein
>> Senior Software Engineer, Transitional Data Services
>> Help Desk/Network Junkie, Connecticut College
>> Chief Coffee Drinker, LBCCHosting
>> 860-625-4277
>> [log in to unmask]
>> 
>> ________________________________
>> 
>> From: Cisco Clean Access Users and Administrators on behalf of Brad
Kramer
>> Sent: Thu 11/30/2006 11:19 AM
>> To: [log in to unmask]
>> Subject: Re: 4.1 and API
>> 
>> 
>> Sorry-
>> I had posted on the wrong thread at first---
>> 
>> Anyways- 
>> 
>> This code has worked in the past, and just to be sure I restored it
from
>> backup. The code is located on another server, I would rather not put
my
>> personal code on the CCA servers, I am trying to keep it with the web
server.
>> Anyways, the code included, is an included file that has all the
functions I
>> have ever used with the cam api. ALL of them had been working prior
to 4.1.
>> There is probably something I am missing, but I cant figure it out.
The
>> example perl script that I posted on Monday or Tuesday works fine
from the
>> same machine, so I know it isnt because the scripts are on a
different
>> machine.
>> 
>> 
>> By the way, I don't remember whose code this is, but I know I got it
from
>> someone on this list, and again thanks for it, it has saved my bacon
numerous
>> times.
>> 
>> -----begin attached code-----
>> 
>> <?php
>> 
>> ##
>> ## CAM/CCA functions in PHP.
>> ##
>> 
>> #include_once('functions.php');
>> #db_connect();
>> 
>> function cam_post_data_to_manager($post)
>> {
>> 
>> // in my CAM stuff I actually keep it all in a database
>> // fetch CAM login credentials from db->config
>> /*
>> $query = mysql_query("SELECT
>> cam_admin_username,cam_admin_password,cam_hostname FROM config WHERE
id =
>> '1'");
>> $row = mysql_fetch_row($query);
>> $cam_admin_username = $row[0];
>> $cam_admin_password = $row[1];
>> $cam_hostname       = $row[2];
>> */
>> // the format here is very important
>> $cam_admin_username = "xxxxxxxx";
>> $cam_admin_password = "xxxxxxxx";
>> ### EX: hostname.yourschool.edu
>> $cam_hostname       = "xxxxxxxxxxxxxx";
>> $file="/admin/cisco_api.jsp?";
>> $login_by_function="&admin=" . $cam_admin_username . "&passwd=" .
>> $cam_admin_password;
>> // use the standard POST format. 
file.php?var1=test&var2=anything&var3=1337
>> $data = $file . $post . $login_by_function;
>> // Build the header
>> $header = "POST $data HTTP/1.0\r\n";
>> $header .= "Host: $cam_hostname\r\n";
>> $header .= "Content-type: text/html\r\n";
>> ### this is necessary for the RFC
>> ### but it slows it down by a factor of 50.
>> ### splain that one, cisco.
>> #$header .= "Content-length: " . strlen($data) . "\r\n";
>> $header .= "Connection: close\r\n\r\n";
>> 
>> $connection = pfsockopen("ssl://$cam_hostname", 443, $errno,
$errstr);
>> if ($connection)
>> { 
>>         // fwrite() does the actual work
>>         fwrite($connection, $header);
>>         // while there is data, loop and add it to $buffer
>>         while (!feof($connection)) $buffer .= fgets($connection,128);
>>         fclose($connection);
>>         // clean up the output.  CAM displays output in 'hidden' html
>> comments
>>         $buffer = str_replace("<!--", "<br /><br />", $buffer);
>>         $buffer = str_replace("-->", "", $buffer);
>>         return array ("TRUE", "$buffer");
>> }
>> else 
>>         return array ("FALSE", "$errno---$errstr");
>> } // close cam_post_data_to_manager()
>> 
>> function cam_add_local_user($dest,$carrier) {
>> include_once('sms_functions.php');
>> srand((double)microtime()*1000000);
>> $pass =  rand(0,100000);
>> $user = "Guest" . rand(0,1000);
>> 
>> $post =
"op=addlocaluser&username=$user&userpass=$pass&userrole=Guest";
>> 
>> list ($return, $output) = cam_post_data_to_manager($post);
>> $return = send_sms_msg($dest,$user,$pass,$carrier);
>>         return $user;
>> }
>> 
>> function delete_local_user($username)
>> {
>> $post = "op=deletelocaluser&qtype=name&qval=$username";
>> list ($return, $output) = cam_post_data_to_manager($post);
>>         return $post;
>> #       return $output;
>> }
>> 
>> 
>> function cam_get_user_info_by_mac_address($mac_address)
>> {
>> $post = "op=getuserinfo&qtype=mac&qval=$mac_address";
>> list ($return, $output) = cam_post_data_to_manager($post);
>>         return cam_get_comma_seperated_information_only($output);
>> } // close cam_get_user_info_by_mac_address()
>> 
>> function cam_get_user_info_by_ip_address($ip_address)
>> {
>> $post = "op=getuserinfo&qtype=ip&qval=$ip_address";
>> list ($return, $output) = cam_post_data_to_manager($post);
>>         return cam_get_comma_seperated_information_only($output);
>> } // close cam_get_user_info_by_mac_address()
>> 
>> function cam_kick_user_by_ip_address($ip_address)
>> {
>> $post = "op=kickuser&ip=$ip_address";
>> list ($return, $output) = cam_post_data_to_manager($post);
>>         return $output;
>> } 
>> 
>> function cam_add_exempted_device($mac_address, $description)
>> {
>> $post = 
>>
"op=addmac&mac=$mac_address&type=userole&role=gaming&desc=$description";
>> list ($return, $output) = cam_post_data_to_manager($post);
>>         return $post;
>> #       return $output;
>> } 
>> 
>> function cam_get_comma_seperated_information_only($string)
>> {
>> $string = substr($string, strpos($string, "IP="), strlen($string));
>> if ( (!strstr($string, "MAC=")) && (!strstr($string, "IP=")) )
>>         return "NOT LOGGED IN";
>> else
>> {
>>         $cam_returned_string = split(",", $string);
>>         return $cam_returned_string;
>> }
>> }
>> 
>> function get_ip_address_from_computer_accessing_this_page()
>> {
>> return $_SERVER["REMOTE_ADDR"];
>> }
>> 
>> 
>> ?>
>> 
>> 
>> On 11/30/06 11:01 AM, "John Truelove" <[log in to unmask]>
wrote:
>> 
>> 
>> 
>> Did you place your registration page on the CAM ?
>> 
>> Are you using https for your registration page ?
>> 
>> If so, then the ssl.conf on the 4.1 CAM will need to be changed to
reflect
>> those pages.
>> /perfigo/control/apache/conf/ssl.conf   I think is the location.
>> 
>> What, if any, error messages are you getting ?
>> 
>> Sample of your code would help.
>> 
>> John
>> 
>> 
>> 
>> John Truelove
>> OIT Network Engineer - CCNP
>> Indiana State University
>> 210 N 7th Street, Tirey Hall Rm 65
>> Terre Haute, IN 47809
>> 812-237-4921
>> 
>> 
*****************************************************************************>>
*
>>
*************************************************************************
>> This email, and any attachments, thereto, is intended only for use by
the
>> addressee(s) named herein and may contain privileged
>> and/or confidential information.  If you are not the intended
recipient of
>> this email, you are hereby notified that any dissemination,
>> distribution or copying of this email, and any attachments thereto,
is
>> strictly prohibited.
>> 
*****************************************************************************>>
*
>>
*************************************************************************
>> 
>> 
>>>>> Brad Kramer <[log in to unmask]> 11/30/2006 10:01 AM >>>
>> OK, as far as my API is concerned, I have gotten the perl calls to
work and I
>> have restored my confidence that my API is not FUBAR, but heres the
issue,
>> I am not a coder and well, the wonderful web based registration page
that I
>> have made to register xBoxes PS2's and everything else still doesn't
work.
>> Does anyone have any examples that they would be willing to share?
>> 
>> Thanks!
>> 
>> 
>> -------------
>> Bradley W. Kramer
>> Network Analyst
>> Ashland University
>> (419) 289-5405
>> [log in to unmask]
>> 
>> 
>> 
>> 
>> 
>> 
>> -------------
>> Bradley W. Kramer
>> Network Analyst
>> Ashland University
>> (419) 289-5405
>> [log in to unmask]
> 
> -------------
> Bradley W. Kramer
> Network Analyst
> Ashland University
> (419) 289-5405
> [log in to unmask]
> 

-------------
Bradley W. Kramer
Network Analyst
Ashland University
(419) 289-5405
[log in to unmask]

ATOM RSS1 RSS2