API2 call 'park' with root permissions

[bmett]

Hi guys,

I got a problem when using the API2 call park, to park a domain. Since I have to include an account_name in the API2 call, it looks like the permissions for this account are checked when creating a parked domain.

E.G. the account itself has no permission to create a parked or addon domain. Thats why my park API2 call failed. But as a root in cPanel I can easily created parked domains etc for domains which are connected to that account.

Can somebody explain this to me? I thought I authenticate my API call with root permissions? Why can't I created parked domains through the API2 call?

Thanks
Bjorn

 

[cPanelDavidN]

Hi Bjorn,

The following worked for me using the xml-api PHP client class

Authenticating as root

<?php
// we will park 'xmlapitest1.net' on top of the primary domain belonging to user 'parktest'

include("xmlapi.php");

$ip = "10.1.1.1";
$root_pass = "S3cr3t!";
$user='parktest';

$xmlapi = new xmlapi($ip);
$xmlapi->password_auth("root",$root_pass);
//$xmlapi->set_port('2087'); // port 2087 is set by default
//$xmlapi->set_debug(1);

$args = array(
		'domain'	=>'xmlapitest1.net',		
		'topdomain' =>'',
		);
		
$xmlapi->api2_query($user,'Park','park',$args);

Authenticating as user 'parktest'

<?php
// we will park 'xmlapitest2.net' on top of the primary domain belonging to user 'parktest'
// Obviously, the user will need park domain allowance for this to work
include("xmlapi.php");

$ip = "10.1.1.1";
$user='parktest';
$upass='S3cr3t!';

$xmlapi = new xmlapi($ip);

$xmlapi->password_auth($user,$upass);
$xmlapi->set_port('2083');
//$xmlapi->set_debug(1);

$args = array(
		'domain'	=>'xmlapitest2.net',
        'topdomain' =>'',
		);
		
$xmlapi->api2_query($user,'Park','park',$args);

The only two differences I can see calling this as root or the user:

1) The port needs to be appropriate. All root authenticated requests via XML-API should be done on port 2087 & 2086, all user authenticated requests use 2083 & 2082.

2) The 'topdomain' parameter is taken (ever so slightly) differently.

For a user authenticated request:
the 'topdomain' is treated as an optional parameter. So, if not provided , the primary domain will be the target. If you set to blank, like in my example, then it will use the primary domain as the target.

For a root requests:
The parameter is mandatory. If you do not pass the 'topdomain' key, it will fail. If you pass a blank valueit will use the primary domain as the target.

---.---
For either user or root:
If you provide a value other than empty/blank for 'topdomain', it will be treated as a subdomain reference. Example 'topdomain=here' will target 'here.domain.ttl' (which will fail if you haven't already established the 'here' subdomain).
---.---

Best Regards,
-DavidN

 

[bmett]

Hi David,

Thanks for your reply. My first mistake was to use the second parameter (topdomain) wrong. I provided a full URI which of course didn't work.

Unfortunately I still get the following error:

Error from park wrapper: Sorry, you are not allowed to add any more than (0) parked domains!

I use the following function to do the API call:

function parkADomain($dom_name,$acc_name){
    include("xmlapi.php");
    
    $ip = "123.123.123.123";
    
    $root_hash = "xxx";     # some hash value

    $xmlapi = new xmlapi($ip);
    $xmlapi->hash_auth("root",$root_hash);
    //$xmlapi->set_debug(1);
    $result = $xmlapi->api2_query($acc_name, "Park", "park", array(domain=>$dom_name, topdomain=>''));
	return $result;    
}

So I do authenticate as root but still get a permissions error. How can that be? The user and domain are properly passed to the function.

Hope you can help.

Cheers,
Bjorn

 

[cPanelDavidN]

Hi Bjorn,

I re-ran my tests against the most current NIGHTLY and CURRENT builds and was able to reproduce the situation you describe. My previous test was just against the NIGHTLY build, which has updated in the interim. I must have hit a bug (that is now fixed), which would explain why I didn't initially get the error that you are reporting.

After reviewing the implementation for this functionality in WHM and the XML-API/API2, it has become clear to me that what we're observing is expected for two reasons:

1) Any execution of an API1/API2 call via the XML-API (whether as root or user), is performed as the user. The fact that I was able to execute the call with success on an account that was at or beyond the Max Park Domain limit should have been a red flag for me but I just assumed the code operated contra item 2

2) The WHM interface for parking a domain is a different code path than that used by the API2 call. It's unique and cannot be accessed other than via the WHM UI (at this time).

So, there are a few ways to resolve this issue, albeit all inelegant:
A) script against a browser interaction (for php, either fopen or cURL). This would be a fragile situation since GET/POST on the UI templates is not supported; the UI changes and programmatic browser interaction is always victim to dynamic content and element rendering/manipulate by JS.

B) modify the accounts Max Park Domain property, either prior to or after a failed attempt to park to a value that will permit the call to succeed.

C) modify the accounts Max Park Domain property, incrementing by 1, add the park, and then decrement by 1. This would yield a notice in the cPanel user interface "Park Domain", and potential place the user into an 'exceeds Max Park Domain' situation (if you monitor for that). However, the parked domain in question should still operate. The end result would be the same as if you were to have just used the WHM UI to add the park for an account: basically a disregard to the Max Park Domain property.

I think the situation is clear now, but sorry for the initial run around.

Best Regards,
-DavidN

 

[bmett]

Hi David,

Once again, thank you very much for the follow-up. You have been a great help.

Although I have to admit, I should have come up with the solution myself.

Using another API call to modify the account before parking the domain is just to easy. :D Since nearly none of our clients have access to their cPanel account, its not a big deal.

Thanks again,
Bjorn

 

[cPanelDavidN]

Glad to help.

-DavidN

 

[cbsgroup]

1) Any execution of an API1/API2 call via the XML-API (whether as root or user), is performed as the user. The fact that I was able to execute the call with success on an account that was at or beyond the Max Park Domain limit should have been a red flag for me but I just assumed the code operated contra item 2

2) The WHM interface for parking a domain is a different code path than that used by the API2 call. It's unique and cannot be accessed other than via the WHM UI (at this time).

I have a very similar issue whereby I need to park a subdomain from one account to another. For example, I need to park x.example.com to another account on the same server, say example2.com.

Using the API I get an error "x.example.com is controlled by another user. You cannot park it." even though I have authenticated as root.

As David points out, this is because the API runs as the user. Will it ever be possible to do this with the API or is there another (easy) way to do this automatically without cURLing the WHM pages?

My end goal is to have a subdomain created that can point to an account who's primary domain name hasn't propagated yet. Basically I want to have a "pretty" URL to mask the http://example.com/~username URL.


Any help is greatly appreciated!

 

[cPanelDavidN]

Hi cbsgroup,

1) I know that there's been a few requests, over in the Feature Request forum, for changes to addon/park domains, but I don't think there's been one specifically for the issue covered in this post. I recommend doing a quick query and, if necessary, spawning a new request thread. The way I see it, the most straight forward (or ideal) request would be to have native functions within the XML-API that are for addon/park domains. This feature would, essentially, be an programmatic way to perform the utility offered in WHM to root (or a privileged reseller) user.

2) Off the top of my head, I can't think of a better way.

Cheers,
-DavidN

 

[jazo10]

When you've posted the request could you put the link here so we can track it?

I was also interested in this feature and slightly disappointed when i found out the API did not provide it.

Here's a post describing the practical method.

http://www.wenderhost.com/2008/01/howto-setup-a-whm-account-alias/

The first part is simple via the API however the second part, located in WHM is not.