Well, to be honest, I am glad it isn't just me having problems with that
script... I appreciate any help you can give me, but I don't want you to
have to spend a ton of time on it. I am in the same boat where PERL scripts
work fine, but none of the PHP scripts work well.
Let me know what you find out, I am going to be spending a lot of time on it
today, so if I find anything out I will let you know.
-Brad
On 12/1/06 7:45 PM, "John Truelove" <[log in to unmask]> wrote:
> Brad,
>
> I tried putting your code on one of my servers and I am getting the same
> thing.
>
> I have Perl scripts that work fine with the 4.1 API. I ran out of time
> (Friday 4:30pm thing).
> The logs on the CAM for the POST look the same for both Perl and PHP, so
> I am not sure what is going on.
>
> I will try working with the PHP code on Monday.
>
> John
>
>
>
> John Truelove
> OIT Network Engineer - CCNP
> Indiana State University
> 210 N 7th Street, Rankin Rm 54
> Terre Haute, IN 47809
> 812-237-4921
>
> ******************************************************************************
> *************************************************************************
> This email, and any attachments, thereto, is intended only for use by
> the addressee(s) named herein and may contain privileged
> and/or confidential information. If you are not the intended recipient
> of this email, you are hereby notified that any dissemination,
> distribution or copying of this email, and any attachments thereto, is
> strictly prohibited.
> ******************************************************************************
> *************************************************************************
>
>>>> Brad Kramer <[log in to unmask]> 12/01/06 2:43 PM >>>
> Still no dice---
> The API command line looks good, I am wondering if my API has something
> bad
> going on inside it... From the apache logs on the CAM, I get the full
> post
> message, I just don't understand it, can anyone send me the api jsp via
> private email??
>
> Thanks!
>
> -Brad
>
>
> On 12/1/06 11:49 AM, "Lanstein, Alex C" <[log in to unmask]> wrote:
>
>> I don't think you're posting to the cisco_api.jsp file. That looks
> like the
>> login page (which you'd get redirected to with a bad url). The test
> string
>> uses the getoob function...maybe you guys arent running out of band.
> So i'd
>> try two things
>>
>> 1) try changing $post to something like "op=adminlogin"
>> 2) after $data gets built, echo it out. it should look something
> like:
>> /admin/cisco_api.jsp?op=adminlogin&user=admin&passwd=pass
>>
>> try to surf to that page from a web browser...it should just bring up
> a list
>> of the normal api
>>
>>
>> Regards,
>>
>> Alex Lanstein
>> Senior Software Engineer, Transitional Data Services
>> Help Desk/Network Junkie, Connecticut College
>> Chief Coffee Drinker, LBCCHosting
>> 860-625-4277
>> [log in to unmask]
>>
>>
>>
>> -----Original Message-----
>> From: Cisco Clean Access Users and Administrators on behalf of Brad
> Kramer
>> Sent: Fri 12/1/2006 9:52 AM
>> To: [log in to unmask]
>> Subject: Re: 4.1 and API
>>
>> If I don't get this figured out today, I would love to continue this
> via
>> private email, and we could possibly discuss VPN, but in the mean
> time,
>> tried the script you sent, I put my username/password in there, and I
> get
>> some funny output... Check this out:
>>
>> -------begin source dump---------
>>
>>
>>
>> <pre>HTTP/1.1 200 OK
>> Date: Fri, 01 Dec 2006 14:46:38 GMT
>> Server: Apache
>> Set-Cookie: JSESSIONID=6BAE2D1B0D775D82AEEA58AE82C2E9B1; Path=/admin;
> Secure
>> Content-Length: 1726
>> Connection: close
>> Content-Type: text/html;charset=ISO-8859-1
>>
>>
>>
>>
>>
>>
>>
>> <!-- pt>
>> <br /><br />
>> function sf(){document.f.admin.focus();}
>>
>> function doUpdateWarning()
>> {
>> alert("The system detects that it has just been upgraded to a
> newer
>> version. It is now trying to connect to the Cisco server to get the
>> checks/rules and AV/AS support list update. It might take a few
> minutes.");
>> return true;
>> }
>>
>> </scr -->
>> <html>
>> <head>
>>
>> <meta http-equiv="Content-Type" content="text/html;
> charset=ISO-8859-1">
>> <meta http-equiv="Cache-Control" content="no-cache">
>> <link rel="STYLESHEET" type="text/css" href="admin.css" />
>>
>> <!-- pt language="javascript">
>> <br /><br />
>> parent.admin_header.location="/admin/header.jsp"
>> parent.nav.location="/admin/nav.jsp"
>> //
>> </scr -->
>> </head>
>> <body onload=sf() >
>>
>> <br><br>
>> <center>
>> <form action="/admin/login.jsp" method="post" name="f">
>> <table border="1" cellpadding="0" cellspacing="0" width="60%"><tr><td
>> width="100%">
>> <table border="0" cellpadding="4" cellspacing="0" style="font-family:
>> verdana; font-size: 9pt; margin-left: 9px; width:300pt">
>> <tr>
>> <td colspan="2"><font color="red"></font></td>
>> </tr>
>> <tr>
>> <td width="40%">Admin User Name</td>
>> <td width="60%"><input type="text" name="admin" size="24"
> /></td>
>> </tr>
>> <tr>
>> <td width="40%">Password</td>
>> <td width="60%"><input type="password" name="passwd" size="24"
>> /></td>
>> </tr>
>> <tr>
>> <td width="40%"> </td>
>> <td width="60%"><input type="submit" name="login" value="
> Login
>> " /></td>
>> </tr>
>> </table>
>> </td></tr></table>
>> </form>
>> </center>
>>
>> </table>
>>
>> <!-- pt language="javascript">
>> <br /><br />
>> top.nav.highlightByRightFramePage(document.location.pathname,
> "m_default");
>> //
>> </scr -->
>>
>> </body>
>> </html>
>>
>>
>>
>>
>> ------- end dump---------
>>
>>
>> That is the source of the html that gets returned to me.... It is
> telling me
>> in a script that it has been upgraded recently, and that it needs to
>> download new rules, I manually did that, and it is still giving me the
> same
>> message... Anyone have any ideas???
>>
>> Thanks for your help!
>>
>>
>> --Brad
>>
>>
>>
>>
>>
>> On 11/30/06 1:07 PM, "Lanstein, Alex C" <[log in to unmask]> wrote:
>>
>>> Hey Brad,
>>>
>>> That all looks right, and certainly if it worked on the old box there
> should
>>> be no coding issues. So what we know is that it is posting via SSL
> and
>>> getting response, so SSL issues can pretty much be ruled out.
>>>
>>> Things I would check for:
>>> a) make sure that it is definitely pointing at the cam, not a cas
>>> b) try using the username and password you use to log into the web
> interface
>>> of the cam to make changes. For us the username is admin, although I
> don't
>>> know if we set that or if that was a default thing
>>> c) try running the script from the console (ssh wherever the script
> runs and
>>> just say `php scriptname.php`)
>>> d) trying forcing the post to be http 1.1 instead of 1.0
>>> e) make sure that the box youre on can resolve the hostname of the
> cam, and
>>> that it is properly registered in dns. it could cause an issue if
> the box
>>> was
>>> bob.yourschool.edu but it resolved to www.bob.yourschool.edu.
>>>
>>> I cut out as much as possible to make a test script with php:
>>> http://oak.conncoll.edu/~aclan/public/code_samples/nofrills_api.phps
>>>
>>> Ah, here's a good test! I was typing up about writing a
> authentcation by
>>> session demo tomorrow then it got me to thinking. Is the auth
> failing when
>>> you try to run your function (ie add a mac with "auth by function"),
> or on
>>> actual login (adminlogin function)? If you do a:
>>>
>>> <?
>>> echo <pre>";
>>> print_r($buffer);
>>> ?>
>>>
>>> somewhere before the output starts to get parsed you can see the raw
> stuff
>>> sent from the server. Is it setting the session id at all?
>>>
>>> I don't know what your school's security policy is, but if all else
> fails I'd
>>> be more than happy to vpn in and troubleshoot for you. kinda curious
> if
>>> nothing else.
>>>
>>> We're not running 4.1 here and don't have plans to do it in the
> immediate
>>> future, although it maybe something that gets kicked around for the
> december
>>> break.
>>> Regards,
>>>
>>> Alex Lanstein
>>> Senior Software Engineer, Transitional Data Services
>>> Help Desk/Network Junkie, Connecticut College
>>> Chief Coffee Drinker, LBCCHosting
>>> 860-625-4277
>>> [log in to unmask]
>>>
>>> ________________________________
>>>
>>> From: Cisco Clean Access Users and Administrators on behalf of Brad
> Kramer
>>> Sent: Thu 11/30/2006 11:19 AM
>>> To: [log in to unmask]
>>> Subject: Re: 4.1 and API
>>>
>>>
>>> Sorry-
>>> I had posted on the wrong thread at first---
>>>
>>> Anyways-
>>>
>>> This code has worked in the past, and just to be sure I restored it
> from
>>> backup. The code is located on another server, I would rather not put
> my
>>> personal code on the CCA servers, I am trying to keep it with the web
> server.
>>> Anyways, the code included, is an included file that has all the
> functions I
>>> have ever used with the cam api. ALL of them had been working prior
> to 4.1.
>>> There is probably something I am missing, but I cant figure it out.
> The
>>> example perl script that I posted on Monday or Tuesday works fine
> from the
>>> same machine, so I know it isnt because the scripts are on a
> different
>>> machine.
>>>
>>>
>>> By the way, I don't remember whose code this is, but I know I got it
> from
>>> someone on this list, and again thanks for it, it has saved my bacon
> numerous
>>> times.
>>>
>>> -----begin attached code-----
>>>
>>> <?php
>>>
>>> ##
>>> ## CAM/CCA functions in PHP.
>>> ##
>>>
>>> #include_once('functions.php');
>>> #db_connect();
>>>
>>> function cam_post_data_to_manager($post)
>>> {
>>>
>>> // in my CAM stuff I actually keep it all in a database
>>> // fetch CAM login credentials from db->config
>>> /*
>>> $query = mysql_query("SELECT
>>> cam_admin_username,cam_admin_password,cam_hostname FROM config WHERE
> id =
>>> '1'");
>>> $row = mysql_fetch_row($query);
>>> $cam_admin_username = $row[0];
>>> $cam_admin_password = $row[1];
>>> $cam_hostname = $row[2];
>>> */
>>> // the format here is very important
>>> $cam_admin_username = "xxxxxxxx";
>>> $cam_admin_password = "xxxxxxxx";
>>> ### EX: hostname.yourschool.edu
>>> $cam_hostname = "xxxxxxxxxxxxxx";
>>> $file="/admin/cisco_api.jsp?";
>>> $login_by_function="&admin=" . $cam_admin_username . "&passwd=" .
>>> $cam_admin_password;
>>> // use the standard POST format.
> file.php?var1=test&var2=anything&var3=1337
>>> $data = $file . $post . $login_by_function;
>>> // Build the header
>>> $header = "POST $data HTTP/1.0\r\n";
>>> $header .= "Host: $cam_hostname\r\n";
>>> $header .= "Content-type: text/html\r\n";
>>> ### this is necessary for the RFC
>>> ### but it slows it down by a factor of 50.
>>> ### splain that one, cisco.
>>> #$header .= "Content-length: " . strlen($data) . "\r\n";
>>> $header .= "Connection: close\r\n\r\n";
>>>
>>> $connection = pfsockopen("ssl://$cam_hostname", 443, $errno,
> $errstr);
>>> if ($connection)
>>> {
>>> // fwrite() does the actual work
>>> fwrite($connection, $header);
>>> // while there is data, loop and add it to $buffer
>>> while (!feof($connection)) $buffer .= fgets($connection,128);
>>> fclose($connection);
>>> // clean up the output. CAM displays output in 'hidden' html
>>> comments
>>> $buffer = str_replace("<!--", "<br /><br />", $buffer);
>>> $buffer = str_replace("-->", "", $buffer);
>>> return array ("TRUE", "$buffer");
>>> }
>>> else
>>> return array ("FALSE", "$errno---$errstr");
>>> } // close cam_post_data_to_manager()
>>>
>>> function cam_add_local_user($dest,$carrier) {
>>> include_once('sms_functions.php');
>>> srand((double)microtime()*1000000);
>>> $pass = rand(0,100000);
>>> $user = "Guest" . rand(0,1000);
>>>
>>> $post =
> "op=addlocaluser&username=$user&userpass=$pass&userrole=Guest";
>>>
>>> list ($return, $output) = cam_post_data_to_manager($post);
>>> $return = send_sms_msg($dest,$user,$pass,$carrier);
>>> return $user;
>>> }
>>>
>>> function delete_local_user($username)
>>> {
>>> $post = "op=deletelocaluser&qtype=name&qval=$username";
>>> list ($return, $output) = cam_post_data_to_manager($post);
>>> return $post;
>>> # return $output;
>>> }
>>>
>>>
>>> function cam_get_user_info_by_mac_address($mac_address)
>>> {
>>> $post = "op=getuserinfo&qtype=mac&qval=$mac_address";
>>> list ($return, $output) = cam_post_data_to_manager($post);
>>> return cam_get_comma_seperated_information_only($output);
>>> } // close cam_get_user_info_by_mac_address()
>>>
>>> function cam_get_user_info_by_ip_address($ip_address)
>>> {
>>> $post = "op=getuserinfo&qtype=ip&qval=$ip_address";
>>> list ($return, $output) = cam_post_data_to_manager($post);
>>> return cam_get_comma_seperated_information_only($output);
>>> } // close cam_get_user_info_by_mac_address()
>>>
>>> function cam_kick_user_by_ip_address($ip_address)
>>> {
>>> $post = "op=kickuser&ip=$ip_address";
>>> list ($return, $output) = cam_post_data_to_manager($post);
>>> return $output;
>>> }
>>>
>>> function cam_add_exempted_device($mac_address, $description)
>>> {
>>> $post =
>>>
> "op=addmac&mac=$mac_address&type=userole&role=gaming&desc=$description";
>>> list ($return, $output) = cam_post_data_to_manager($post);
>>> return $post;
>>> # return $output;
>>> }
>>>
>>> function cam_get_comma_seperated_information_only($string)
>>> {
>>> $string = substr($string, strpos($string, "IP="), strlen($string));
>>> if ( (!strstr($string, "MAC=")) && (!strstr($string, "IP=")) )
>>> return "NOT LOGGED IN";
>>> else
>>> {
>>> $cam_returned_string = split(",", $string);
>>> return $cam_returned_string;
>>> }
>>> }
>>>
>>> function get_ip_address_from_computer_accessing_this_page()
>>> {
>>> return $_SERVER["REMOTE_ADDR"];
>>> }
>>>
>>>
>>> ?>
>>>
>>>
>>> On 11/30/06 11:01 AM, "John Truelove" <[log in to unmask]>
> wrote:
>>>
>>>
>>>
>>> Did you place your registration page on the CAM ?
>>>
>>> Are you using https for your registration page ?
>>>
>>> If so, then the ssl.conf on the 4.1 CAM will need to be changed to
> reflect
>>> those pages.
>>> /perfigo/control/apache/conf/ssl.conf I think is the location.
>>>
>>> What, if any, error messages are you getting ?
>>>
>>> Sample of your code would help.
>>>
>>> John
>>>
>>>
>>>
>>> John Truelove
>>> OIT Network Engineer - CCNP
>>> Indiana State University
>>> 210 N 7th Street, Tirey Hall Rm 65
>>> Terre Haute, IN 47809
>>> 812-237-4921
>>>
>>>
>
*****************************************************************************>>
>
> *
>>>
> *************************************************************************
>>> This email, and any attachments, thereto, is intended only for use by
> the
>>> addressee(s) named herein and may contain privileged
>>> and/or confidential information. If you are not the intended
> recipient of
>>> this email, you are hereby notified that any dissemination,
>>> distribution or copying of this email, and any attachments thereto,
> is
>>> strictly prohibited.
>>>
>
*****************************************************************************>>
>
> *
>>>
> *************************************************************************
>>>
>>>
>>>>>> Brad Kramer <[log in to unmask]> 11/30/2006 10:01 AM >>>
>>> OK, as far as my API is concerned, I have gotten the perl calls to
> work and I
>>> have restored my confidence that my API is not FUBAR, but heres the
> issue,
>>> I am not a coder and well, the wonderful web based registration page
> that I
>>> have made to register xBoxes PS2's and everything else still doesn't
> work.
>>> Does anyone have any examples that they would be willing to share?
>>>
>>> Thanks!
>>>
>>>
>>> -------------
>>> Bradley W. Kramer
>>> Network Analyst
>>> Ashland University
>>> (419) 289-5405
>>> [log in to unmask]
>>>
>>>
>>>
>>>
>>>
>>>
>>> -------------
>>> Bradley W. Kramer
>>> Network Analyst
>>> Ashland University
>>> (419) 289-5405
>>> [log in to unmask]
>>
>> -------------
>> Bradley W. Kramer
>> Network Analyst
>> Ashland University
>> (419) 289-5405
>> [log in to unmask]
>>
>
> -------------
> Bradley W. Kramer
> Network Analyst
> Ashland University
> (419) 289-5405
> [log in to unmask]
-------------
Bradley W. Kramer
Network Analyst
Ashland University
(419) 289-5405
[log in to unmask]
|
