CLEANACCESS Archives

December 2006

CLEANACCESS@LISTSERV.MIAMIOH.EDU
Options: Use Monospaced Font
Show Text Part by Default
Show All Mail Headers

Message: [<< First] [< Prev] [Next >] [Last >>]
Topic: [<< First] [< Prev] [Next >] [Last >>]
Author: [<< First] [< Prev] [Next >] [Last >>]

Print Reply
Subject:
Re: 4.1 and API
From:
Brad Kramer <[log in to unmask]>
Reply To:
Cisco Clean Access Users and Administrators <[log in to unmask]>
Date:
Tue, 5 Dec 2006 10:43:34 -0500
Content-Type:
text/plain
Parts/Attachments:
text/plain (579 lines) 
John-

Thanks a ton! I guess I could have used curl, that would have made so much
more sense than what I was doing. I really appreciate all your help and
assistance!!

Thanks again!

-Brad Kramer


On 12/5/06 8:43 AM, "John Truelove" <[log in to unmask]> wrote:

> Brad,
>  
> It took me some searching, I knew I had some code that I used like this
> before (from 2003).
>  
> This basically calls the /admin/login.jsp file with id, passwd, and the
> submit button.
> Once logged in then it calls the cisco_api.jsp
>  
> I will leave the rest up to you.
> 
>  
> <?
> session_start();
>  
> $id =    "youradmin";
> $pw =    "yourpassword";
> $btn =   "login";
> $host =  "ipaddress or hostname";
> $op =    "getuserinfo";
> $qtype = "all";
> $qval =  "all";
>  
> $ch = curl_init();
> curl_setopt($ch, CURLOPT_COOKIEJAR, "host.cookie");
> curl_setopt($ch, CURLOPT_COOKIEFILE, "host.cookie");
> curl_setopt($ch, CURLOPT_URL,"https://$host/admin/login.jsp");
> curl_setopt($ch, CURLOPT_POST, 1);
> curl_setopt($ch, CURLOPT_POSTFIELDS,
> "admin=$id&passwd=$pw&$btn=login");
> curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, FALSE);
>  
> ob_start();
> $result = curl_exec ($ch);
> ob_end_clean();
>  
> curl_close ($ch);
>  
> $apiUrl = "https://$host/admin/cisco_api.jsp?";
> $params = "op=$op&qtype=$qtype&qval=$qval&admin=$id&passwd=$pw&";
>  
> $ch = curl_init();
> curl_setopt($ch, CURLOPT_COOKIEFILE, "host.cookie");
> curl_setopt($ch, CURLOPT_URL,"$apiUrl$params");
> curl_setopt($ch, CURLOPT_POST, 1);
> curl_setopt($ch, CURLOPT_POSTFIELDS,
> "admin=$id&passwd=$pw&$btn=login");
> curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, FALSE);
>  
> $result = curl_exec ($ch);
>  
> curl_close ($ch);
>  
> print $result;
>  
> ?>
> It worked on my setup.  Hope that helps.
>  
>  
> John
>  
>  
>  
> 
> Well, to be honest, I am glad it isn't just me having problems with
> that
> script... I appreciate any help you can give me, but I don't want you
> to
> have to spend a ton of time on it. I am in the same boat where PERL
> scripts
> work fine, but none of the PHP scripts work well.
> 
> Let me know what you find out, I am going to be spending a lot of time
> on it
> today, so if I find anything out I will let you know.
> 
> -Brad
> 
> 
> On 12/1/06 7:45 PM, "John Truelove" <[log in to unmask]>
> wrote:
> 
>> Brad,
>> 
>> I tried putting your code on one of my servers and I am getting the
> same
>> thing.
>> 
>> I have Perl scripts that work fine with the 4.1 API.  I ran out of
> time
>> (Friday 4:30pm thing).
>> The logs on the CAM for the POST look the same for both Perl and PHP,
> so
>> I am not sure what is going on.
>> 
>> I will try working with the PHP code on Monday.
>> 
>> John
>> 
>> 
>> 
>> John Truelove
>> OIT Network Engineer - CCNP
>> Indiana State University
>> 210 N 7th Street, Rankin Rm 54
>> Terre Haute, IN 47809
>> 812-237-4921
>> 
>> 
> ******************************************************************************
>> 
> *************************************************************************
>> This email, and any attachments, thereto, is intended only for use
> by
>> the addressee(s) named herein and may contain privileged
>> and/or confidential information.  If you are not the intended
> recipient
>> of this email, you are hereby notified that any dissemination,
>> distribution or copying of this email, and any attachments thereto,
> is
>> strictly prohibited.
>> 
> ******************************************************************************
>> 
> *************************************************************************
>> 
>  
> John Truelove
> OIT Network Engineer - CCNP
> Indiana State University
> 210 N 7th Street, Tirey Hall Rm 65
> Terre Haute, IN 47809
> 812-237-4921
> 
> ******************************************************************************
> *************************************************************************
> This email, and any attachments, thereto, is intended only for use by
> the addressee(s) named herein and may contain privileged
> and/or confidential information.  If you are not the intended recipient
> of this email, you are hereby notified that any dissemination,
> distribution or copying of this email, and any attachments thereto, is
> strictly prohibited.
> ******************************************************************************
> *************************************************************************
> 
>>>>> Brad Kramer <[log in to unmask]> 12/01/06 2:43 PM >>>
>> Still no dice---
>> The API command line looks good, I am wondering if my API has
> something
>> bad
>> going on inside it... From the apache logs on the CAM, I get the
> full
>> post
>> message, I just don't understand it, can anyone send me the api jsp
> via
>> private email??
>> 
>> Thanks!
>> 
>> -Brad
>> 
>> 
>> On 12/1/06 11:49 AM, "Lanstein, Alex C" <[log in to unmask]> wrote:
>> 
>>> I don't think you're posting to the cisco_api.jsp file.  That looks
>> like the
>>> login page (which you'd get redirected to with a bad url).  The
> test
>> string
>>> uses the getoob function...maybe you guys arent running out of
> band.
>> So i'd
>>> try two things
>>> 
>>> 1) try changing $post to something like "op=adminlogin"
>>> 2) after $data gets built, echo it out.  it should look something
>> like:
>>> /admin/cisco_api.jsp?op=adminlogin&user=admin&passwd=pass
>>> 
>>> try to surf to that page from a web browser...it should just bring
> up
>> a list
>>> of the normal api
>>> 
>>> 
>>> Regards,
>>> 
>>> Alex Lanstein
>>> Senior Software Engineer, Transitional Data Services
>>> Help Desk/Network Junkie, Connecticut College
>>> Chief Coffee Drinker, LBCCHosting
>>> 860-625-4277
>>> [log in to unmask]
>>> 
>>> 
>>> 
>>> -----Original Message-----
>>> From: Cisco Clean Access Users and Administrators on behalf of Brad
>> Kramer
>>> Sent: Fri 12/1/2006 9:52 AM
>>> To: [log in to unmask]
>>> Subject: Re: 4.1 and API
>>>  
>>> If I don't get this figured out today, I would love to continue
> this
>> via
>>> private email, and we could possibly discuss VPN, but in the mean
>> time,
>>> tried the script you sent, I put my username/password in there, and
> I
>> get
>>> some funny output... Check this out:
>>> 
>>> -------begin source dump---------
>>> 
>>> 
>>> 
>>> <pre>HTTP/1.1 200 OK
>>> Date: Fri, 01 Dec 2006 14:46:38 GMT
>>> Server: Apache
>>> Set-Cookie: JSESSIONID=6BAE2D1B0D775D82AEEA58AE82C2E9B1;
> Path=/admin;
>> Secure
>>> Content-Length: 1726
>>> Connection: close
>>> Content-Type: text/html;charset=ISO-8859-1
>>> 
>>> 
>>> 
>>> 
>>> 
>>>  
>>> 
>>> <!-- pt>
>>> <br /><br />
>>> function sf(){document.f.admin.focus();}
>>> 
>>> function doUpdateWarning()
>>> {
>>>     alert("The system detects that it has just been upgraded to a
>> newer
>>> version. It is now trying to connect to the Cisco server to get the
>>> checks/rules and AV/AS support list update. It might take a few
>> minutes.");
>>>     return true;
>>> }
>>> 
>>> </scr -->
>>> <html>
>>> <head>
>>>     
>>> <meta http-equiv="Content-Type" content="text/html;
>> charset=ISO-8859-1">
>>> <meta http-equiv="Cache-Control" content="no-cache">
>>> <link rel="STYLESHEET" type="text/css" href="admin.css" />
>>> 
>>>     <!-- pt language="javascript">
>>>     <br /><br />
>>>         parent.admin_header.location="/admin/header.jsp"
>>>         parent.nav.location="/admin/nav.jsp"
>>>     //
>>>     </scr -->
>>> </head>
>>> <body onload=sf() >
>>> 
>>> <br><br>
>>> <center>
>>> <form action="/admin/login.jsp" method="post" name="f">
>>> <table border="1" cellpadding="0" cellspacing="0"
> width="60%"><tr><td
>>> width="100%">
>>> <table border="0" cellpadding="4" cellspacing="0"
> style="font-family:
>>> verdana; font-size: 9pt; margin-left: 9px; width:300pt">
>>>     <tr>
>>>         <td colspan="2"><font color="red"></font></td>
>>>     </tr>
>>>     <tr>
>>>         <td width="40%">Admin User Name</td>
>>>         <td width="60%"><input type="text" name="admin" size="24"
>> /></td>
>>>     </tr>
>>>     <tr>
>>>         <td width="40%">Password</td>
>>>         <td width="60%"><input type="password" name="passwd"
> size="24"
>>> /></td>
>>>     </tr>
>>>     <tr>
>>>         <td width="40%"> </td>
>>>         <td width="60%"><input type="submit" name="login" value="
>> Login
>>> "  /></td>
>>>     </tr>
>>> </table>
>>> </td></tr></table>
>>> </form>
>>> </center>
>>> 
>>> </table>
>>> 
>>> <!-- pt language="javascript">
>>> <br /><br />
>>> top.nav.highlightByRightFramePage(document.location.pathname,
>> "m_default");
>>> //
>>> </scr -->
>>> 
>>> </body>
>>> </html>
>>> 
>>> 
>>> 
>>> 
>>> ------- end dump---------
>>> 
>>> 
>>> That is the source of the html that gets returned to me.... It is
>> telling me
>>> in a script that it has been upgraded recently, and that it needs
> to
>>> download new rules, I manually did that, and it is still giving me
> the
>> same
>>> message... Anyone have any ideas???
>>> 
>>> Thanks for your help!
>>> 
>>> 
>>> --Brad
>>> 
>>> 
>>> 
>>> 
>>> 
>>> On 11/30/06 1:07 PM, "Lanstein, Alex C" <[log in to unmask]> wrote:
>>> 
>>>> Hey Brad,
>>>>  
>>>> That all looks right, and certainly if it worked on the old box
> there
>> should
>>>> be no coding issues.  So what we know is that it is posting via
> SSL
>> and
>>>> getting response, so SSL issues can pretty much be ruled out.
>>>>  
>>>> Things I would check for:
>>>> a) make sure that it is definitely pointing at the cam, not a cas
>>>> b) try using the username and password you use to log into the web
>> interface
>>>> of the cam to make changes.  For us the username is admin, although
> I
>> don't
>>>> know if we set that or if that was a default thing
>>>> c) try running the script from the console (ssh wherever the
> script
>> runs and
>>>> just say `php scriptname.php`)
>>>> d) trying forcing the post to be http 1.1 instead of 1.0
>>>> e) make sure that the box youre on can resolve the hostname of the
>> cam, and
>>>> that it is properly registered in dns.  it could cause an issue if
>> the box
>>>> was
>>>> bob.yourschool.edu but it resolved to www.bob.yourschool.edu.
>>>>  
>>>> I cut out as much as possible to make a test script with php:
>>>> 
> http://oak.conncoll.edu/~aclan/public/code_samples/nofrills_api.phps
> 
>>>>  
>>>> Ah, here's a good test!  I was typing up about writing a
>> authentcation by
>>>> session demo tomorrow then it got me to thinking.  Is the auth
>> failing when
>>>> you try to run your function (ie add a mac with "auth by
> function"),
>> or on
>>>> actual login (adminlogin function)?  If you do a:
>>>> 
>>>> <?
>>>> echo <pre>";
>>>> print_r($buffer);
>>>> ?>
>>>>  
>>>> somewhere before the output starts to get parsed you can see the
> raw
>> stuff
>>>> sent from the server.  Is it setting the session id at all?
>>>>  
>>>> I don't know what your school's security policy is, but if all
> else
>> fails I'd
>>>> be more than happy to vpn in and troubleshoot for you.  kinda
> curious
>> if
>>>> nothing else.
>>>>  
>>>> We're not running 4.1 here and don't have plans to do it in the
>> immediate
>>>> future, although it maybe something that gets kicked around for
> the
>> december
>>>> break.  
>>>> Regards,
>>>> 
>>>> Alex Lanstein
>>>> Senior Software Engineer, Transitional Data Services
>>>> Help Desk/Network Junkie, Connecticut College
>>>> Chief Coffee Drinker, LBCCHosting
>>>> 860-625-4277
>>>> [log in to unmask]
>>>> 
>>>> ________________________________
>>>> 
>>>> From: Cisco Clean Access Users and Administrators on behalf of
> Brad
>> Kramer
>>>> Sent: Thu 11/30/2006 11:19 AM
>>>> To: [log in to unmask]
>>>> Subject: Re: 4.1 and API
>>>> 
>>>> 
>>>> Sorry-
>>>> I had posted on the wrong thread at first---
>>>> 
>>>> Anyways- 
>>>> 
>>>> This code has worked in the past, and just to be sure I restored
> it
>> from
>>>> backup. The code is located on another server, I would rather not
> put
>> my
>>>> personal code on the CCA servers, I am trying to keep it with the
> web
>> server.
>>>> Anyways, the code included, is an included file that has all the
>> functions I
>>>> have ever used with the cam api. ALL of them had been working
> prior
>> to 4.1.
>>>> There is probably something I am missing, but I cant figure it
> out.
>> The
>>>> example perl script that I posted on Monday or Tuesday works fine
>> from the
>>>> same machine, so I know it isnt because the scripts are on a
>> different
>>>> machine.
>>>> 
>>>> 
>>>> By the way, I don't remember whose code this is, but I know I got
> it
>> from
>>>> someone on this list, and again thanks for it, it has saved my
> bacon
>> numerous
>>>> times.
>>>> 
>>>> -----begin attached code-----
>>>> 
>>>> <?php
>>>> 
>>>> ##
>>>> ## CAM/CCA functions in PHP.
>>>> ##
>>>> 
>>>> #include_once('functions.php');
>>>> #db_connect();
>>>> 
>>>> function cam_post_data_to_manager($post)
>>>> {
>>>> 
>>>> // in my CAM stuff I actually keep it all in a database
>>>> // fetch CAM login credentials from db->config
>>>> /*
>>>> $query = mysql_query("SELECT
>>>> cam_admin_username,cam_admin_password,cam_hostname FROM config
> WHERE
>> id =
>>>> '1'");
>>>> $row = mysql_fetch_row($query);
>>>> $cam_admin_username = $row[0];
>>>> $cam_admin_password = $row[1];
>>>> $cam_hostname       = $row[2];
>>>> */
>>>> // the format here is very important
>>>> $cam_admin_username = "xxxxxxxx";
>>>> $cam_admin_password = "xxxxxxxx";
>>>> ### EX: hostname.yourschool.edu
>>>> $cam_hostname       = "xxxxxxxxxxxxxx";
>>>> $file="/admin/cisco_api.jsp?";
>>>> $login_by_function="&admin=" . $cam_admin_username . "&passwd=" .
>>>> $cam_admin_password;
>>>> // use the standard POST format.
>> file.php?var1=test&var2=anything&var3=1337
>>>> $data = $file . $post . $login_by_function;
>>>> // Build the header
>>>> $header = "POST $data HTTP/1.0\r\n";
>>>> $header .= "Host: $cam_hostname\r\n";
>>>> $header .= "Content-type: text/html\r\n";
>>>> ### this is necessary for the RFC
>>>> ### but it slows it down by a factor of 50.
>>>> ### splain that one, cisco.
>>>> #$header .= "Content-length: " . strlen($data) . "\r\n";
>>>> $header .= "Connection: close\r\n\r\n";
>>>> 
>>>> $connection = pfsockopen("ssl://$cam_hostname", 443, $errno,
>> $errstr);
>>>> if ($connection)
>>>> { 
>>>>         // fwrite() does the actual work
>>>>         fwrite($connection, $header);
>>>>         // while there is data, loop and add it to $buffer
>>>>         while (!feof($connection)) $buffer .=
> fgets($connection,128);
>>>>         fclose($connection);
>>>>         // clean up the output.  CAM displays output in 'hidden'
> html
>>>> comments
>>>>         $buffer = str_replace("<!--", "<br /><br />", $buffer);
>>>>         $buffer = str_replace("-->", "", $buffer);
>>>>         return array ("TRUE", "$buffer");
>>>> }
>>>> else 
>>>>         return array ("FALSE", "$errno---$errstr");
>>>> } // close cam_post_data_to_manager()
>>>> 
>>>> function cam_add_local_user($dest,$carrier) {
>>>> include_once('sms_functions.php');
>>>> srand((double)microtime()*1000000);
>>>> $pass =  rand(0,100000);
>>>> $user = "Guest" . rand(0,1000);
>>>> 
>>>> $post =
>> "op=addlocaluser&username=$user&userpass=$pass&userrole=Guest";
>>>> 
>>>> list ($return, $output) = cam_post_data_to_manager($post);
>>>> $return = send_sms_msg($dest,$user,$pass,$carrier);
>>>>         return $user;
>>>> }
>>>> 
>>>> function delete_local_user($username)
>>>> {
>>>> $post = "op=deletelocaluser&qtype=name&qval=$username";
>>>> list ($return, $output) = cam_post_data_to_manager($post);
>>>>         return $post;
>>>> #       return $output;
>>>> }
>>>> 
>>>> 
>>>> function cam_get_user_info_by_mac_address($mac_address)
>>>> {
>>>> $post = "op=getuserinfo&qtype=mac&qval=$mac_address";
>>>> list ($return, $output) = cam_post_data_to_manager($post);
>>>>         r

-------------
Bradley W. Kramer
Network Analyst
Ashland University
(419) 289-5405
[log in to unmask]

ATOM RSS1 RSS2