The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

API2 call 'park' with root permissions

Discussion in 'cPanel Developers' started by bmett, Sep 20, 2010.

  1. bmett

    bmett Well-Known Member

    Joined:
    Aug 5, 2010
    Messages:
    63
    Likes Received:
    0
    Trophy Points:
    6
    Location:
    Brisbane, AU
    Hi guys,

    I got a problem when using the API2 call park, to park a domain. Since I have to include an account_name in the API2 call, it looks like the permissions for this account are checked when creating a parked domain.

    E.G. the account itself has no permission to create a parked or addon domain. Thats why my park API2 call failed. But as a root in cPanel I can easily created parked domains etc for domains which are connected to that account.

    Can somebody explain this to me? I thought I authenticate my API call with root permissions? Why can't I created parked domains through the API2 call?

    Thanks
    Bjorn
     
    #1 bmett, Sep 20, 2010
    Last edited: Sep 20, 2010
  2. cPanelDavidN

    cPanelDavidN Integration Developer
    Staff Member

    Joined:
    Dec 17, 2009
    Messages:
    571
    Likes Received:
    1
    Trophy Points:
    18
    Location:
    Houston, TX
    cPanel Access Level:
    Root Administrator
    Hi Bjorn,

    The following worked for me using the xml-api PHP client class

    Authenticating as root
    PHP:
    <?php
    // we will park 'xmlapitest1.net' on top of the primary domain belonging to user 'parktest'

    include("xmlapi.php");

    $ip "10.1.1.1";
    $root_pass "S3cr3t!";
    $user='parktest';

    $xmlapi = new xmlapi($ip);
    $xmlapi->password_auth("root",$root_pass);
    //$xmlapi->set_port('2087'); // port 2087 is set by default
    //$xmlapi->set_debug(1);

    $args = array(
            
    'domain'    =>'xmlapitest1.net',        
            
    'topdomain' =>'',
            );
            
    $xmlapi->api2_query($user,'Park','park',$args);

    Authenticating as user 'parktest'
    PHP:
    <?php
    // we will park 'xmlapitest2.net' on top of the primary domain belonging to user 'parktest'
    // Obviously, the user will need park domain allowance for this to work
    include("xmlapi.php");

    $ip "10.1.1.1";
    $user='parktest';
    $upass='S3cr3t!';

    $xmlapi = new xmlapi($ip);

    $xmlapi->password_auth($user,$upass);
    $xmlapi->set_port('2083');
    //$xmlapi->set_debug(1);

    $args = array(
            
    'domain'    =>'xmlapitest2.net',
            
    'topdomain' =>'',
            );
            
    $xmlapi->api2_query($user,'Park','park',$args);

    The only two differences I can see calling this as root or the user:

    1) The port needs to be appropriate. All root authenticated requests via XML-API should be done on port 2087 & 2086, all user authenticated requests use 2083 & 2082.

    2) The 'topdomain' parameter is taken (ever so slightly) differently.

    For a user authenticated request:
    the 'topdomain' is treated as an optional parameter. So, if not provided , the primary domain will be the target. If you set to blank, like in my example, then it will use the primary domain as the target.

    For a root requests:
    The parameter is mandatory. If you do not pass the 'topdomain' key, it will fail. If you pass a blank valueit will use the primary domain as the target.

    ---.---
    For either user or root:
    If you provide a value other than empty/blank for 'topdomain', it will be treated as a subdomain reference. Example 'topdomain=here' will target 'here.domain.ttl' (which will fail if you haven't already established the 'here' subdomain).
    ---.---

    Best Regards,
    -DavidN
     
  3. bmett

    bmett Well-Known Member

    Joined:
    Aug 5, 2010
    Messages:
    63
    Likes Received:
    0
    Trophy Points:
    6
    Location:
    Brisbane, AU
    Hi David,

    Thanks for your reply. My first mistake was to use the second parameter (topdomain) wrong. I provided a full URI which of course didn't work.

    Unfortunately I still get the following error:
    I use the following function to do the API call:

    PHP:
    function parkADomain($dom_name,$acc_name){
        include(
    "xmlapi.php");
        
        
    $ip "123.123.123.123";
        
        
    $root_hash "xxx";     # some hash value

        
    $xmlapi = new xmlapi($ip);
        
    $xmlapi->hash_auth("root",$root_hash);
        
    //$xmlapi->set_debug(1);
        
    $result $xmlapi->api2_query($acc_name"Park""park", array(domain=>$dom_nametopdomain=>''));
        return 
    $result;    
    }
    So I do authenticate as root but still get a permissions error. How can that be? The user and domain are properly passed to the function.

    Hope you can help.

    Cheers,
    Bjorn
     
  4. cPanelDavidN

    cPanelDavidN Integration Developer
    Staff Member

    Joined:
    Dec 17, 2009
    Messages:
    571
    Likes Received:
    1
    Trophy Points:
    18
    Location:
    Houston, TX
    cPanel Access Level:
    Root Administrator
    Hi Bjorn,

    I re-ran my tests against the most current NIGHTLY and CURRENT builds and was able to reproduce the situation you describe. My previous test was just against the NIGHTLY build, which has updated in the interim. I must have hit a bug (that is now fixed), which would explain why I didn't initially get the error that you are reporting.

    After reviewing the implementation for this functionality in WHM and the XML-API/API2, it has become clear to me that what we're observing is expected for two reasons:

    1) Any execution of an API1/API2 call via the XML-API (whether as root or user), is performed as the user. The fact that I was able to execute the call with success on an account that was at or beyond the Max Park Domain limit should have been a red flag for me but I just assumed the code operated contra item 2

    2) The WHM interface for parking a domain is a different code path than that used by the API2 call. It's unique and cannot be accessed other than via the WHM UI (at this time).

    So, there are a few ways to resolve this issue, albeit all inelegant:
    A) script against a browser interaction (for php, either fopen or cURL). This would be a fragile situation since GET/POST on the UI templates is not supported; the UI changes and programmatic browser interaction is always victim to dynamic content and element rendering/manipulate by JS.

    B) modify the accounts Max Park Domain property, either prior to or after a failed attempt to park to a value that will permit the call to succeed.

    C) modify the accounts Max Park Domain property, incrementing by 1, add the park, and then decrement by 1. This would yield a notice in the cPanel user interface "Park Domain", and potential place the user into an 'exceeds Max Park Domain' situation (if you monitor for that). However, the parked domain in question should still operate. The end result would be the same as if you were to have just used the WHM UI to add the park for an account: basically a disregard to the Max Park Domain property.

    I think the situation is clear now, but sorry for the initial run around.

    Best Regards,
    -DavidN
     
  5. bmett

    bmett Well-Known Member

    Joined:
    Aug 5, 2010
    Messages:
    63
    Likes Received:
    0
    Trophy Points:
    6
    Location:
    Brisbane, AU
    Hi David,

    Once again, thank you very much for the follow-up. You have been a great help.

    Although I have to admit, I should have come up with the solution myself.

    Using another API call to modify the account before parking the domain is just to easy. :D Since nearly none of our clients have access to their cPanel account, its not a big deal.

    Thanks again,
    Bjorn
     
  6. cPanelDavidN

    cPanelDavidN Integration Developer
    Staff Member

    Joined:
    Dec 17, 2009
    Messages:
    571
    Likes Received:
    1
    Trophy Points:
    18
    Location:
    Houston, TX
    cPanel Access Level:
    Root Administrator
    Glad to help.

    -DavidN
     
  7. cbsgroup

    cbsgroup Registered

    Joined:
    Oct 19, 2010
    Messages:
    1
    Likes Received:
    0
    Trophy Points:
    1
    I have a very similar issue whereby I need to park a subdomain from one account to another. For example, I need to park x.example.com to another account on the same server, say example2.com.

    Using the API I get an error "x.example.com is controlled by another user. You cannot park it." even though I have authenticated as root.

    As David points out, this is because the API runs as the user. Will it ever be possible to do this with the API or is there another (easy) way to do this automatically without cURLing the WHM pages?

    My end goal is to have a subdomain created that can point to an account who's primary domain name hasn't propagated yet. Basically I want to have a "pretty" URL to mask the http://example.com/~username URL.


    Any help is greatly appreciated!
     
  8. cPanelDavidN

    cPanelDavidN Integration Developer
    Staff Member

    Joined:
    Dec 17, 2009
    Messages:
    571
    Likes Received:
    1
    Trophy Points:
    18
    Location:
    Houston, TX
    cPanel Access Level:
    Root Administrator
    Hi cbsgroup,

    1) I know that there's been a few requests, over in the Feature Request forum, for changes to addon/park domains, but I don't think there's been one specifically for the issue covered in this post. I recommend doing a quick query and, if necessary, spawning a new request thread. The way I see it, the most straight forward (or ideal) request would be to have native functions within the XML-API that are for addon/park domains. This feature would, essentially, be an programmatic way to perform the utility offered in WHM to root (or a privileged reseller) user.

    2) Off the top of my head, I can't think of a better way.

    Cheers,
    -DavidN
     
  9. jazo10

    jazo10 Registered

    Joined:
    Oct 20, 2010
    Messages:
    1
    Likes Received:
    0
    Trophy Points:
    1
    When you've posted the request could you put the link here so we can track it?

    I was also interested in this feature and slightly disappointed when i found out the API did not provide it.

    Here's a post describing the practical method.

    http://www.wenderhost.com/2008/01/howto-setup-a-whm-account-alias/

    The first part is simple via the API however the second part, located in WHM is not.
     
    #9 jazo10, Oct 20, 2010
    Last edited: Oct 20, 2010
Loading...

Share This Page