The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

xmlapi and tokens? + incorrect shebang?

Discussion in 'cPanel Developers' started by CaMer0n, Jun 15, 2010.

  1. CaMer0n

    CaMer0n Well-Known Member

    Joined:
    Nov 8, 2004
    Messages:
    59
    Likes Received:
    0
    Trophy Points:
    6
    Hi all,

    Can someone help me?

    I've checked through all the docs and searched the provided examples and can find no reference to how to use tokens with the xmlapi?

    I get this error with the code below:

    Warning: file_get_contents(https://myhost.org:2087/xml-api/cpanel) [function.file-get-contents]: failed to open stream: No such file or directory in /usr/local/cpanel/whostmgr/docroot/cgi/xmlapi.php on line 724

    ..and upon checking the generated URL (from file_get_contents) I see this:

    "Token denied" .

    Code:
    $xmlapi = new xmlapi($_SERVER["HTTP_HOST"]);
    $xmlapi->set_port(2087);
    $hash = file_get_contents('/root/.accesshash');
    $xmlapi->set_user('root');
    $xmlapi->set_hash($hash);
    $xmlapi->return_xml(1);
    $xmlapi->api1_query($user, 'Mysql', 'adddb', array('mydbname'));
    
    If I add my current token to the generated URL, I then get this:
    api call failed. Module name is required..

    If anyone could shed some light, that would be great.

    Thanks

    ps: It would be great if at least one of the example files that come with the API included the correct shebang to use:

    #!/usr/local/cpanel/3rdparty/bin/php-cgi

    as they are now - most of the exec(), system(), passthru() functions fail on any hardened PHP machine.
     
  2. MattDees

    MattDees cPanel Product Owner
    Staff Member

    Joined:
    Apr 29, 2005
    Messages:
    417
    Likes Received:
    1
    Trophy Points:
    18
    Location:
    Houston, TX
    cPanel Access Level:
    Root Administrator
    Alright, you have afew issues here:

    1.) using the cpanel PHP parser isn't always the correct path. This class may be run on non-cpanel systems, etc. Thus why the shebang is excluded.

    2.) The issue you are having is one I actually encountered last week. What is happening is that your system is having issues querying the xmlapi PHP class via the fopen method. If your system's PHP parser has curl enabled - I would advise using /usr/bin/php-cgi which should allow access to curl (which is used by default with the class, so no other changes should be required).

    A fix is coming for this issue.
     
  3. CaMer0n

    CaMer0n Well-Known Member

    Joined:
    Nov 8, 2004
    Messages:
    59
    Likes Received:
    0
    Trophy Points:
    6
    Thanks Matt,

    I need access to exec() and other functions that are very often disabled in a hardened PHP environment, hence my need to use the cpanel PHP configuration /usr/local/cpanel/3rdparty/bin/php-cgi and not /usr/bin/php-cgi.

    The class appears to work (it returns XML), but the token is not included.
    I believe "failed to open stream" is caused by the missing token in the URL, not the fopen() method itself. It would seem the xmlapi class does not take tokens into consideration at all?

    Unfortunately, development of my plugin is now at a stand-still until I can get past these issues.

    Any help you can give would be much appreciated.

    Thanks
     
  4. cPanelDavidN

    cPanelDavidN Integration Developer
    Staff Member

    Joined:
    Dec 17, 2009
    Messages:
    571
    Likes Received:
    1
    Trophy Points:
    18
    Location:
    Houston, TX
    cPanel Access Level:
    Root Administrator
    If tokens were your issue, you'd get this response:
    Code:
    <cpanelresult>
        <data>
            <result>0</result>
            <reason>Token denied</reason>
        </data>
    </cpanelresult>
    
    I've confirmed on both 11.25.0 and 11.25.1 that cURL and PHP work fine with tokens enabled.

    The way that tokens are handled by the xml-api binary, it is not necessary for the xmlapi client class to know about them in the requesting URL. The authentication is in the header.
    ...anyone from cPanel can correct me if I'm wrong on the way tokens are handled in the xml-api binary, but I'm pretty sure it's just that simple.

    And yes, as Matt has pointed out, there appears to be some discrepancy in how some builds of 11.25.0 parses the headers generate by PHP's fopen(). In 11.25.1 both cURL and fopen seem to function equally fine.

    Regards,
    -DavidN
     
  5. CaMer0n

    CaMer0n Well-Known Member

    Joined:
    Nov 8, 2004
    Messages:
    59
    Likes Received:
    0
    Trophy Points:
    6
    Thanks David,

    Indeed, I get exactly that response.

    I'm using the latest stable release: cPanel 11.25.0-S46156 - WHM 11.25.0 - X 3.9 so maybe that's my problem.
    Looking forward to the next stable release that might fix the issue.

    Thanks
     
  6. MattDees

    MattDees cPanel Product Owner
    Staff Member

    Joined:
    Apr 29, 2005
    Messages:
    417
    Likes Received:
    1
    Trophy Points:
    18
    Location:
    Houston, TX
    cPanel Access Level:
    Root Administrator
    Cameron,
    That's... unusual, could we have access to the server and a copy of the script causing this issue?

    tickets.cpanel.net/submit/

    There is something else going on here and I would like to investigate the problem, however looking at the token code.. I don't see how that is the case.
     
  7. Infopro

    Infopro cPanel Sr. Product Evangelist
    Staff Member

    Joined:
    May 20, 2003
    Messages:
    14,453
    Likes Received:
    195
    Trophy Points:
    63
    Location:
    Pennsylvania
    cPanel Access Level:
    Root Administrator
    Twitter:
    Important cPanel/WHM Version Number Designation Change

    Please Note: Important cPanel/WHM Version Number Designation Change

    As of July 28, 2010 the cPanel/WHM version number designations have been officially changed.

    Version 11.25.1 is now designated 11.28 and version 11.25.2 is now designated 11.30.

    These new changes were explained in some detail recently at the July 2010 - Quarterly Road map - Webinar direct from cPanel's PodCast Studio in Houston, Texas with speakers David Grega and Mario Rodriguez.

    An official press release about these changes is forthcoming and can be accessed at this link as soon as it's made available to the Forum Team:
    Important cPanel/WHM Version Number Designation Change (To be updated)

    This post serves to update users who are subscribed to threads (where this message is posted) looking forward to upcoming enhancements in future versions of cPanel.
     
Loading...

Share This Page