I am attempting to use the cpanel api2 to modify the zone file for one of the cpanel accounts. Below is the code I'm executing.
$xmlapi = new xmlapi($ip);
$xmlapi->set_host("192.168.1.1");
$xmlapi->set_port("2087");
$xmlapi->set_protocol('https');
$xmlapi->password_auth($cpusername,$cpuserpwd);
$xmlapi->hash_auth("root",$root_hash);
#print_r ($xmlapi);
$xmlapi->set_output("json");
$xmlapi->set_debug(1);
$xmlapi->api2_query($cpaccount, "ZoneEdit", "add_zone_record" , array($domain, $subdomain, $type, $ipaddr, $ttl));
The commented code authenticates using the system hash. The other using password authentication. I get the same error on both authentication methods.
When I set the user id and account to root, I get an internal 500 error:
Internal Server Error 500
Could not setuid to root at /usr/local/cpanel/Whostmgr/XMLUI/cPanel.pm line 82.
If I change the userid and the account that the zone file is for, I get the message:
{
"cpanelresult":{
"apiversion":2,
"func":"add_zone_record",
"data":[{
"result":{
"status":0,
"statusmsg":"You do not have permission to read the zone for : "
}
}],
"event":{
"result":1
},
"module":"ZoneEdit"
}
}
I'm stumped on what do next. When I login at the command line as one of the non-root accounts, I can su to root once I enter the root password.
Any assistance would be appreciated.
To close this out. With no solution in site, ended up writing a php script to generate the zone file from scratch with appropriate SOA serial number management, and scheduling a cron job to run as root to replace the zone file and reload it.
Put another way, never got the Cpanel interface to work so write it from scratch.
And if anyone is curious about the final generalized implementation, it is the smartDNS feature on my website and described in the blog.
Related
We are having some difficulty when adding basic authentication to Solr 8.6.1. We are following this document, and we have created security.json file, which is successful (since Solr instance will ask userId and password when it starts.) Our difficulty happens when trying to enable the global authentication settings: we did pass the -Dsolr.httpclient.builder.factory=org.apache.solr.client.solrj.impl.PreemptiveBasicAuthClientBuilderFactory system property,and we also set the -Dbasicauth=username:password property as follows:
// the following is the last time of our Solr Dockerfile:
CMD ["solr-foreground", "-Dsolr.httpclient.builder.factory=org.apache.solr.client.solrj.impl.PreemptiveBasicAuthClientBuilderFactory", "-Dbasicauth=username:secret"]
However, the calls to retrieve data from Solr all come back with Error 401 require authentication.
Could someone please kindly let us know what did we miss?
You'll have to set the correct options on the client - not on the server. This is a setting that affects how the client that connects to Solr authenticates.
So when running your application, give the parameter to the java command (or configure it to be the default parameter through ant/maven/gradle/etc.
Setting it on the docker container will not do anything useful.
I'm working on an apache module that can check the libipset API to test if an IP is in a list. This is being used as a backup firewall for proxied connections.
I've managed to get everything working up until the C script calls type = ipset_type_get(session, cmd);. After testing, I believe the main problem is that libipset requires higher permissions. I'm not getting a permission error, just a null value. However, when I run the C script directly using apache as the user, I can get it to work when I grant sudo privileges to apache for the script.
I've tried 1 and 2 in the answers here and they've both failed. Is there any other way to force root for the ipset API call?
This action might need cap_net_admin.
If using systemd to control the process, you can add it like this:
[Service]
...
CapabilityBoundingSet=CAP_NET_ADMIN
Another approach would be to set the binary executable's capabilities.
setcap cap_net_admin=ep /usr/sbin/apache2
If using apparmour, you coould instead set up a profile for apache and include the line
capability net_admin,
in the file ( /etc/apparmor.d/usr.sbin.apache2 )
( see here : https://serverfault.com/questions/932410/enabling-apparmor-for-apache2-in-ubuntu-18-04 )
I enabled user authentication on Node Red. but when I restart the service the user is still logged in
I have done some searches. there is some suggestions around changing the machine key every time the service restarts.
does anyone have any suggestions about what exactly should I do ?
As mentioned in the docs on securing Node-RED the authentication tokens generated last for 7 days.
You can change this by editing the settings.js file
The expiration time can be customised by setting the sessionExpiryTime
property of the adminAuth setting. This defines, in seconds, how long
a token is valid for. For example, to set the tokens to expire after 1
day:
adminAuth: {
sessionExpiryTime: 86400,
...
}
EDIT:
The session tokens on the backend are (when using the default storage plugin) stored in a file called .sessions.json in the userDir (as logged on startup). If you want to log out all users on a restart then you will need to delete this file before starting Node-RED.
i have the following simple script to list the ftp accounts
but i am unable to get it to work as i have the following error as soon as it tries to call the constructor
include '/usr/local/cpanel/php/cpanel.php';
$cpanel = new CPANEL(); // Connect to cPanel - only do this once.
// List FTP account information.
$list_ftp_accts = $cpanel->uapi('Ftp', 'list_ftp');
echo "<pre>";
print_r($list_ftp_accts);
Fatal error: Uncaught exception 'RuntimeException' with message 'There
was a problem fetching the env variable containing the path to the
socket' in /usr/local/cpanel/php/cpanel.php:146 Stack trace: #0
/public_html/uapi.php(4): CPANEL->__construct() #1
{main} thrown in /usr/local/cpanel/php/cpanel.php on line 146
Line 146 in cpanel.php
$socketfile = getenv('CPANEL_PHPCONNECT_SOCKET');
According to a post on the cPanel forums, you can only use LiveAPI from within cPanel's document root, meaning your code would need to be in either /usr/local/cpanel/base/frontend/ or /usr/local/cpanel/base/3rdparty/. I ran into this while trying to use it in a WHM plugin (which would reside in /usr/local/cpanel/whostmgr/docroot/), and apparently that causes the same problem. If you're trying to run this from within cPanel or WHM, this page has some debugging steps you can try walking through.
If you're trying to run this code on a different server or from within a normal website's hosting account, you'll definitely need to use a different interface, such as the XML or JSON API. These are unfortunately somewhat confusingly documented, but the Guide to WHM API 1 page should get you started.
Me too got the same error.
Try changing your file extension to your_file.live.php, instead of your_file.php. It solved the issue for me.
Referred the documentation here.
My Kohana app runs perfectly on my local machine.
When I deployed my app to a server (and adjust the config files appropriately), I can no longer log into the app.
I've traced through the app login routine on both my local version and the server version and they both agree with each other all the way through until you get to the auth.php controller logged_in() routine where suddenly, at line 140 - the is_object($this->user) test - the $user object no longer exists!?!?!?
The login() function call that calls the logged_in() function successfully passes the following test, which causes a redirect to the logged_in() function.
if(Auth::instance()->login($user, $post['password']))
Yes, the password and hash, etc all work perfectly.
Here is the offending code:
public function logged_in()
{
if ( ! is_object($this->user))
{
// No user is currently logged in
url::redirect('auth/login');
}
etc...
}
As the code is the same between my local installation and the server, I reckon it must be some server setting that is messing with me.
FYI: All the rest of the code works because I have a temporary backdoor available that allows me to use the application (view pages of tables, etc) without being logged in.
Any ideas?
I solved the problem (DUH!).
The answer was that the cookie.php config file had $config['domain'] = 'localhost'. Setting this to the actual domain that the app is installed in magically made my life happy again!
Thanks everyone for your help and interest.