Security

Reply
Contributor I
Posts: 25
Registered: ‎05-27-2014

Clearpass XML API and Python 3

Hi,

 

I'm trying to access the Clearpass XML API to retrieve information about Endpoints.

 

I'm trying to use the following python 3 script:

 

import urllib.request
import xml.etree

 

theurl = 'http://<server>/tipsapi/config/read/Endpoint'
username = '<user>
password = '<secret>'

xml_string = '''
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<TipsApiRequest xmlns="http://www.avendasys.com/tipsapiDefs/1.0">
<TipsHeader version="3.0" source="Endpoint"/>
<Filter entity="Endpoint">
<Criteria fieldName="macAddress" filterString="a82066166659" match="equals" />
</Filter>
</TipsApiRequest>
'''

 

passman = urllib.request.HTTPPasswordMgrWithDefaultRealm()
# this creates a password manager

 

passman.add_password(None, theurl, username, password)
# Because with have put None at the start it will always
# use this username/password combination for urls
# for which 'theurl' is a super-urllib

 

authhandler = urllib.request.HTTPBasicAuthHandler(passman)
# create the authhandler

 

opener = urllib.request.build_opener(authhandler)

urllib.request.install_opener(opener)
# All calls to urllib.urlopen will now use our handler
# Make sure not to include the protocol in the URL, or
# HTTPPasswordMgrWithDefaultRealm will be very confused.
# You must (of course) use it when fetching the page though.

 

xml_string = xml_string.encode('utf-8')

req = urllib.request.Request(theurl)
req.add_header("Content-Type", "application/xml")

pagehandle = urllib.request.urlopen(req, xml_string)
# authentication automatically handled for username

 

print(pagehandle.read().decode('utf-8'))

 

The script runs, but returns a list of all endpoints, not just the one I'm searching for.

 

It's either a python 3 issue, or a filter issue, I can't determine which.

 

Thanks in advance.

-Neil

 

--
Neil Johnson
Contributor I
Posts: 25
Registered: ‎05-27-2014

Re: Clearpass XML API and Python 3

Well it was a python 3 issue:

 

Here is the working script:

 

import urllib.request
import urllib.parse

 

theurl = 'https://<SERVER>/tipsapi/config/read/Endpoint'
username = '<username>'
password = '<password>'

 

# Note: no return after ''' or you will have issues.

xml_string = '''<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<TipsApiRequest xmlns="http://www.avendasys.com/tipsapiDefs/1.0">
<TipsHeader version="6.4" source="Endpoint"/>
<Filter entity="Endpoint">
<Criteria fieldName="macAddress" filterString="a82066166659" match="equals"/>
</Filter>
</TipsApiRequest>'''

 

passman = urllib.request.HTTPPasswordMgrWithDefaultRealm()

# this creates a password manager

 

passman.add_password(None, theurl, username, password)\

# Because with have put None at the start it will always
# use this username/password combination for urls
# for which 'theurl' is a super-urllib

 

authhandler = urllib.request.HTTPBasicAuthHandler(passman)
# create the authhandler

 

opener = urllib.request.build_opener(authhandler)

urllib.request.install_opener(opener)
# All calls to urllib.urlopen will now use our handler
# Make sure not to include the protocol in the URL, or
# HTTPPasswordMgrWithDefaultRealm will be very confused.
# You must (of course) use it when fetching the page though.

 

data = xml_string.encode('utf-8')

# Convert Python3 String to Bytes

 

req = urllib.request.Request(theurl, data)
req.add_header("Content-Type","application/x-www-form-urlencoded;charset=utf-8")

 

pagehandle = urllib.request.urlopen(req)
# authentication automatically handled for username

 

print(pagehandle.read().decode('utf-8'))

# print results

 

--
Neil Johnson
Contributor I
Posts: 25
Registered: ‎05-27-2014

Re: Clearpass XML API and Python 3

[ Edited ]

Attached are three python 3 CGI scripts to enable, disable, and find disabled  hosts using the clearpass XMI API.

 

They're pretty crude, but enough for a proof of concept.

 

Enjoy.

--
Neil Johnson
Search Airheads
Showing results for 
Search instead for 
Did you mean: