Reply
Accepted Solution

Perl CGI WAPI script help with cookies

mmacdonald70
Techie
Posts: 3
5722     0

First off, I appoligize if this has been asked and answered.  I tried searching the forums and Google for several days but I'm having issues finding help.

 

We have somewhat frequent requests to delete a large number of leases from our Infoblox DHCP grid.  These usually ask for "all hostname that start with X" and can be several thousand.

 

I hacked together a basic script that finds all leases that start with X and deletes them one by one, but the script is not very user friendly and has to made several thousand delete WAPI calls which each need to be authenticated.

 

I was hoping to create a CGI script where a user can log in, search for matching leases and then delete them.  I keep hearing about the ibapauth cookie but I'm having issues figuring out how to implement it into a WAPI script so that we could minimize the authentication calls.

 

Any help would be appreciated.  I have a decent understanding of perl but I haven't worked with LWP, CGI or cookies much.

Re: Perl CGI WAPI script help with cookies

[ Edited ]
GHorne Community Manager
Community Manager
Posts: 254
5722     0

A) I have a helper perl library that talks to the WAPI interface, this may solve most of your problems if you are just looking for a quick solution.

 

b) The IBAPAUTH cookie is sent back by the server to avoid repeat authentication requests. It is sent as an HTTPONLY,SECURE cookie. This means that:

 - a browser or javascript can't modify it

 - it will only be saved if the conection was using HTTPS

 

If a request is then sent with this cookie, the WAPI will ignore any authentication headers (including incorrect username or password) and just check the cookie (until it expires).

 

So, if you are using a script (perl) and not a browser, then you can get to the cookie and work with it. But you have to be careful if you de-authenticate a user, to also manually delete the cookie.

 

c) To code all this in perl, it is built into LWP, you just have to enable cookie handling:

 

# create a Useragent that can handle cookies:

my $ua = LWP::UserAgent->new;
      $ua->cookie_jar({});

That's it, you should find IBAPAUTH being sent and received with all your requests.

Re: Perl CGI WAPI script help with cookies

mmacdonald70
Techie
Posts: 3
5722     0

Thanks for the great answer.  That explains a lot.

 

I'm just a little confused about the "not a browser" part.  If I wanted to turn this script into a CGI, would I still be able to work with the cookie?

Highlighted

Re: Perl CGI WAPI script help with cookies

GHorne Community Manager
Community Manager
Posts: 254
5722     0

Yes, this will still work with a CGI, but you are introducing dangerous messy layers.

 

If I understand you right you have client -> CGI(perl) -> WAPI.

 

And this would imply that you have to proxy the authentication through the CGI layer and risk caching credentials at that CGI layer. (At a minimum, you now have a CGI script that has a cached IPAPAUTH cookie that could be used by anyone hitting that CGI).

 

You either need to make sure you pass that cookie back through the CGI layer to the client (this takes extra work with perl CGI) or find a way to eliminate the CGI layer entirely and just get the client to speak directly to the WAPI.

Re: Perl CGI WAPI script help with cookies

[ Edited ]
tzh
Not applicable
Posts: 0
5723     0

Scratch that...figured it out!

Showing results for 
Search instead for 
Do you mean 

Recommended for You