CLEANACCESS Archives

December 2006

CLEANACCESS@LISTSERV.MIAMIOH.EDU
Options: Use Monospaced Font
Show Text Part by Default
Show All Mail Headers

Message: [<< First] [< Prev] [Next >] [Last >>]
Topic: [<< First] [< Prev] [Next >] [Last >>]
Author: [<< First] [< Prev] [Next >] [Last >>]

Print Reply
Subject:
Re: 4.1 and API
From:
"Lanstein, Alex C" <[log in to unmask]>
Reply To:
Cisco Clean Access Users and Administrators <[log in to unmask]>
Date:
Fri, 1 Dec 2006 11:49:19 -0500
Content-Type:
text/plain
Parts/Attachments:
text/plain (428 lines) 
I don't think you're posting to the cisco_api.jsp file.  That looks like the login page (which you'd get redirected to with a bad url).  The test string uses the getoob function...maybe you guys arent running out of band.  So i'd try two things

1) try changing $post to something like "op=adminlogin"
2) after $data gets built, echo it out.  it should look something like:
/admin/cisco_api.jsp?op=adminlogin&user=admin&passwd=pass

try to surf to that page from a web browser...it should just bring up a list of the normal api


Regards,

Alex Lanstein
Senior Software Engineer, Transitional Data Services
Help Desk/Network Junkie, Connecticut College
Chief Coffee Drinker, LBCCHosting
860-625-4277
[log in to unmask]



-----Original Message-----
From: Cisco Clean Access Users and Administrators on behalf of Brad Kramer
Sent: Fri 12/1/2006 9:52 AM
To: [log in to unmask]
Subject: Re: 4.1 and API
 
If I don't get this figured out today, I would love to continue this via
private email, and we could possibly discuss VPN, but in the mean time,
tried the script you sent, I put my username/password in there, and I get
some funny output... Check this out:

-------begin source dump---------



<pre>HTTP/1.1 200 OK
Date: Fri, 01 Dec 2006 14:46:38 GMT
Server: Apache
Set-Cookie: JSESSIONID=6BAE2D1B0D775D82AEEA58AE82C2E9B1; Path=/admin; Secure
Content-Length: 1726
Connection: close
Content-Type: text/html;charset=ISO-8859-1





 

<script>
<br /><br />
function sf(){document.f.admin.focus();}

function doUpdateWarning()
{
    alert("The system detects that it has just been upgraded to a newer
version. It is now trying to connect to the Cisco server to get the
checks/rules and AV/AS support list update. It might take a few minutes.");
    return true;
}

</script>
<html>
<head>
    
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
<meta http-equiv="Cache-Control" content="no-cache">
<link rel="STYLESHEET" type="text/css" href="admin.css" />

    <script language="javascript">
    <br /><br />
        parent.admin_header.location="/admin/header.jsp"
        parent.nav.location="/admin/nav.jsp"
    //
    </script>
</head>
<body onload=sf() >

<br><br>
<center>
<form action="/admin/login.jsp" method="post" name="f">
<table border="1" cellpadding="0" cellspacing="0" width="60%"><tr><td
width="100%">
<table border="0" cellpadding="4" cellspacing="0" style="font-family:
verdana; font-size: 9pt; margin-left: 9px; width:300pt">
    <tr>
        <td colspan="2"><font color="red"></font></td>
    </tr>
    <tr>
        <td width="40%">Admin User Name</td>
        <td width="60%"><input type="text" name="admin" size="24" /></td>
    </tr>
    <tr>
        <td width="40%">Password</td>
        <td width="60%"><input type="password" name="passwd" size="24"
/></td>
    </tr>
    <tr>
        <td width="40%">&nbsp;</td>
        <td width="60%"><input type="submit" name="login" value="     Login
"  /></td>
    </tr>
</table>
</td></tr></table>
</form>
</center>

</table>

<script language="javascript">
<br /><br />
top.nav.highlightByRightFramePage(document.location.pathname, "m_default");
//
</script>

</body>
</html>




------- end dump---------


That is the source of the html that gets returned to me.... It is telling me
in a script that it has been upgraded recently, and that it needs to
download new rules, I manually did that, and it is still giving me the same
message... Anyone have any ideas???

Thanks for your help!


--Brad





On 11/30/06 1:07 PM, "Lanstein, Alex C" <[log in to unmask]> wrote:

> Hey Brad,
>  
> That all looks right, and certainly if it worked on the old box there should
> be no coding issues.  So what we know is that it is posting via SSL and
> getting response, so SSL issues can pretty much be ruled out.
>  
> Things I would check for:
> a) make sure that it is definitely pointing at the cam, not a cas
> b) try using the username and password you use to log into the web interface
> of the cam to make changes.  For us the username is admin, although I don't
> know if we set that or if that was a default thing
> c) try running the script from the console (ssh wherever the script runs and
> just say `php scriptname.php`)
> d) trying forcing the post to be http 1.1 instead of 1.0
> e) make sure that the box youre on can resolve the hostname of the cam, and
> that it is properly registered in dns.  it could cause an issue if the box was
> bob.yourschool.edu but it resolved to www.bob.yourschool.edu.
>  
> I cut out as much as possible to make a test script with php:
> http://oak.conncoll.edu/~aclan/public/code_samples/nofrills_api.phps
>  
> Ah, here's a good test!  I was typing up about writing a authentcation by
> session demo tomorrow then it got me to thinking.  Is the auth failing when
> you try to run your function (ie add a mac with "auth by function"), or on
> actual login (adminlogin function)?  If you do a:
> 
> <?
> echo <pre>";
> print_r($buffer);
> ?>
>  
> somewhere before the output starts to get parsed you can see the raw stuff
> sent from the server.  Is it setting the session id at all?
>  
> I don't know what your school's security policy is, but if all else fails I'd
> be more than happy to vpn in and troubleshoot for you.  kinda curious if
> nothing else.
>  
> We're not running 4.1 here and don't have plans to do it in the immediate
> future, although it maybe something that gets kicked around for the december
> break.  
> Regards,
> 
> Alex Lanstein
> Senior Software Engineer, Transitional Data Services
> Help Desk/Network Junkie, Connecticut College
> Chief Coffee Drinker, LBCCHosting
> 860-625-4277
> [log in to unmask]
> 
> ________________________________
> 
> From: Cisco Clean Access Users and Administrators on behalf of Brad Kramer
> Sent: Thu 11/30/2006 11:19 AM
> To: [log in to unmask]
> Subject: Re: 4.1 and API
> 
> 
> Sorry-
> I had posted on the wrong thread at first---
> 
> Anyways- 
> 
> This code has worked in the past, and just to be sure I restored it from
> backup. The code is located on another server, I would rather not put my
> personal code on the CCA servers, I am trying to keep it with the web server.
> Anyways, the code included, is an included file that has all the functions I
> have ever used with the cam api. ALL of them had been working prior to 4.1.
> There is probably something I am missing, but I cant figure it out. The
> example perl script that I posted on Monday or Tuesday works fine from the
> same machine, so I know it isnt because the scripts are on a different
> machine.
> 
> 
> By the way, I don't remember whose code this is, but I know I got it from
> someone on this list, and again thanks for it, it has saved my bacon numerous
> times.
> 
> -----begin attached code-----
> 
> <?php
> 
> ##
> ## CAM/CCA functions in PHP.
> ##
> 
> #include_once('functions.php');
> #db_connect();
> 
> function cam_post_data_to_manager($post)
> {
> 
> // in my CAM stuff I actually keep it all in a database
> // fetch CAM login credentials from db->config
> /*
> $query = mysql_query("SELECT
> cam_admin_username,cam_admin_password,cam_hostname FROM config WHERE id =
> '1'");
> $row = mysql_fetch_row($query);
> $cam_admin_username = $row[0];
> $cam_admin_password = $row[1];
> $cam_hostname       = $row[2];
> */
> // the format here is very important
> $cam_admin_username = "xxxxxxxx";
> $cam_admin_password = "xxxxxxxx";
> ### EX: hostname.yourschool.edu
> $cam_hostname       = "xxxxxxxxxxxxxx";
> $file="/admin/cisco_api.jsp?";
> $login_by_function="&admin=" . $cam_admin_username . "&passwd=" .
> $cam_admin_password;
> // use the standard POST format.  file.php?var1=test&var2=anything&var3=1337
> $data = $file . $post . $login_by_function;
> // Build the header
> $header = "POST $data HTTP/1.0\r\n";
> $header .= "Host: $cam_hostname\r\n";
> $header .= "Content-type: text/html\r\n";
> ### this is necessary for the RFC
> ### but it slows it down by a factor of 50.
> ### splain that one, cisco.
> #$header .= "Content-length: " . strlen($data) . "\r\n";
> $header .= "Connection: close\r\n\r\n";
> 
> $connection = pfsockopen("ssl://$cam_hostname", 443, $errno, $errstr);
> if ($connection)
> { 
>         // fwrite() does the actual work
>         fwrite($connection, $header);
>         // while there is data, loop and add it to $buffer
>         while (!feof($connection)) $buffer .= fgets($connection,128);
>         fclose($connection);
>         // clean up the output.  CAM displays output in 'hidden' html comments
>         $buffer = str_replace("<!--", "<br /><br />", $buffer);
>         $buffer = str_replace("-->", "", $buffer);
>         return array ("TRUE", "$buffer");
> }
> else 
>         return array ("FALSE", "$errno---$errstr");
> } // close cam_post_data_to_manager()
> 
> function cam_add_local_user($dest,$carrier) {
> include_once('sms_functions.php');
> srand((double)microtime()*1000000);
> $pass =  rand(0,100000);
> $user = "Guest" . rand(0,1000);
> 
> $post = "op=addlocaluser&username=$user&userpass=$pass&userrole=Guest";
> 
> list ($return, $output) = cam_post_data_to_manager($post);
> $return = send_sms_msg($dest,$user,$pass,$carrier);
>         return $user;
> }
> 
> function delete_local_user($username)
> {
> $post = "op=deletelocaluser&qtype=name&qval=$username";
> list ($return, $output) = cam_post_data_to_manager($post);
>         return $post;
> #       return $output;
> }
> 
> 
> function cam_get_user_info_by_mac_address($mac_address)
> {
> $post = "op=getuserinfo&qtype=mac&qval=$mac_address";
> list ($return, $output) = cam_post_data_to_manager($post);
>         return cam_get_comma_seperated_information_only($output);
> } // close cam_get_user_info_by_mac_address()
> 
> function cam_get_user_info_by_ip_address($ip_address)
> {
> $post = "op=getuserinfo&qtype=ip&qval=$ip_address";
> list ($return, $output) = cam_post_data_to_manager($post);
>         return cam_get_comma_seperated_information_only($output);
> } // close cam_get_user_info_by_mac_address()
> 
> function cam_kick_user_by_ip_address($ip_address)
> {
> $post = "op=kickuser&ip=$ip_address";
> list ($return, $output) = cam_post_data_to_manager($post);
>         return $output;
> } 
> 
> function cam_add_exempted_device($mac_address, $description)
> {
> $post = 
> "op=addmac&mac=$mac_address&type=userole&role=gaming&desc=$description";
> list ($return, $output) = cam_post_data_to_manager($post);
>         return $post;
> #       return $output;
> } 
> 
> function cam_get_comma_seperated_information_only($string)
> {
> $string = substr($string, strpos($string, "IP="), strlen($string));
> if ( (!strstr($string, "MAC=")) && (!strstr($string, "IP=")) )
>         return "NOT LOGGED IN";
> else
> {
>         $cam_returned_string = split(",", $string);
>         return $cam_returned_string;
> }
> }
> 
> function get_ip_address_from_computer_accessing_this_page()
> {
> return $_SERVER["REMOTE_ADDR"];
> }
> 
> 
> ?>
> 
> 
> On 11/30/06 11:01 AM, "John Truelove" <[log in to unmask]> wrote:
> 
> 
> 
> Did you place your registration page on the CAM ?
> 
> Are you using https for your registration page ?
> 
> If so, then the ssl.conf on the 4.1 CAM will need to be changed to reflect
> those pages.
> /perfigo/control/apache/conf/ssl.conf   I think is the location.
> 
> What, if any, error messages are you getting ?
> 
> Sample of your code would help.
> 
> John
> 
> 
> 
> John Truelove
> OIT Network Engineer - CCNP
> Indiana State University
> 210 N 7th Street, Tirey Hall Rm 65
> Terre Haute, IN 47809
> 812-237-4921
> 
> ******************************************************************************
> *************************************************************************
> This email, and any attachments, thereto, is intended only for use by the
> addressee(s) named herein and may contain privileged
> and/or confidential information.  If you are not the intended recipient of
> this email, you are hereby notified that any dissemination,
> distribution or copying of this email, and any attachments thereto, is
> strictly prohibited.
> ******************************************************************************
> *************************************************************************
> 
> 
>>>> Brad Kramer <[log in to unmask]> 11/30/2006 10:01 AM >>>
> OK, as far as my API is concerned, I have gotten the perl calls to work and I
> have restored my confidence that my API is not FUBAR, but heres the issue,
> I am not a coder and well, the wonderful web based registration page that I
> have made to register xBoxes PS2's and everything else still doesn't work.
> Does anyone have any examples that they would be willing to share?
> 
> Thanks!
> 
> 
> -------------
> Bradley W. Kramer
> Network Analyst
> Ashland University
> (419) 289-5405
> [log in to unmask]
> 
> 
> 
> 
> 
> 
> -------------
> Bradley W. Kramer
> Network Analyst
> Ashland University
> (419) 289-5405
> [log in to unmask]

-------------
Bradley W. Kramer
Network Analyst
Ashland University
(419) 289-5405
[log in to unmask]

ATOM RSS1 RSS2