cPanel Blog

Integration

Making your script work with security tokens in cPanel & WHM

By Dan Muey on January 12, 2012 7:51 AM

What is a security token?

“Security token” URLs were added in cPanel & WHM 11.25 as a security measure, and they were enabled by default in version 11.28. They help combat a common type of attack called a Cross-Site Request Forgery (XSRF).

So, what does a “security token” look like? Take, for example, this URL:

https://example.com:2087/i/love/cpanel

With security tokens enabled, this would become:

https://example.com:2087/cpsessYYYYYYY/i/love/cpanel

In that example, cpsessYYYYYYY is the token unique to that logged-in user on that browser.

(You can learn more about security tokens in cPanel & WHM by reading our Security Tokens white paper.)

In order for your custom script to work with cPanel & WHM, every URL involved needs to be compatible with the security token.

Creating security token-compatible URLs

Fortunately, it is very easy to do!

The token is available in the environment variable 'cp_security_token'.

If security tokens are not in use, 'cp_security_token' will be an empty string.

If security tokens are in use, 'cp_security_token' will be, in terms of the above example: /cpsessYYYYYYY

Note the preceding slash! Since the variable has that slash, the examples will work whether cPanel & WHM has security tokens enabled or disabled.

Here's how you'd use it in Perl code that calls one of our API URLS.

Simply change this:

my $APIurl = "http://127.0.0.1:2087/xml-api/$url";

to this:

my $APIurl = "http://127.0.0.1:2087$ENV{'cp_security_token'}/xml-api/$url";
Here's how you might use it in JavaScript for, say, an AJAX call.

First, make it available to your JavaScript. For example:

print <<"END_SECURITY_TOKEN_JAVASCRIPT"; <script type="text/javascript"> if ( !("CPANEL" in window) ) CPANEL = {}; CPANEL.security_token = "$ENV{'cp_security_token'}"; </script> END_SECURITY_TOKEN_JAVASCRIPT

Next, make your URLs compatible by changing this:

var ajaxURL = '/3rdparty/ZZZ/zzz.cgi';

to this:

var ajaxURL = CPANEL.security_token + '/3rdparty/ZZZ/zzz.cgi';

LivePHP

By Matt Dees on October 5, 2011 1:44 PM

Currently, if you want to write a Plugin for cPanel, you can write it in either LivePHP or cPPHP. Last year, we put some major effort into refactoring LivePHP. We added better debugging information, optimized the socket communication protocol, and added a few other tweaks. After a year of vetting by external developers, I can say with confidence: there is no longer any reason to use cPPHP when developing your application.

Why you should use RPMs to distribute your application

By Matt Dees on September 14, 2011 1:02 PM

As a developer, it is important to understand who you are developing for. When developing an application for cPanel & WHM servers, there are 5 potential customer profiles to be aware of:

Data centers
Developers
Website owners
System administrators
Hosting providers

Understanding these profiles will help you scope and define a project.

In this article, we will focus on Data centers and the various problems you might encounter when working with them.

Spotlight On: Creating DNS Modules

By Matt Dees on August 24, 2011 10:59 AM

In cPanel & WHM 11.30, we added the ability to add 3rd party systems to your DNS cluster. With this ability, we added functionality that allows you to create dnsadmin plugins. You can use these plugins to control and configure remote nodes of your DNS cluster. The plugins themselves consist of a few Perl modules. Creating a dnsadmin plugin will require some familiarity with Perl.

To begin building a dnsadmin plugin, please read the documentation.

Enkompass 2.0, now with new integration features...

By Tom Green on June 17, 2011 3:54 PM

Announcement:

With the release of Enkompass 2.0 on Tuesday, several exciting new integration features are now available.

XML API for Enkompass - Crafted to be familiar to our existing cPanel XML API users. We provide comparable functionality. Extensions to the API for the Enkompass specific functionally.

XML API Developer Page - Try out the API calls from the developer page access in System Administration Interface (SAI) by logging in with your account and using this link:

http://<your Enkompass server>:2086/API/xml-api/

These developer pages include complete self-documentation for this API as well as test pages for each available function.

Remote Access Keys - A new interface for configuring remote access keys for XML API authentication have been added to the System Administration Interface. To access this tool, type "remote access" in the find box of the System Administration Interface. Remote access keys can be setup for any account in Enkompass. These keys have an added security feature, you can set a start and end date for the key allowing you to provide limited time access to the XML API.

Hooks for the Enkompass API - We designed a framework for intercepting pre and post API calls to the Enkompass Core services. The framework we developed comes with two out of the box solutions: Command Hooks and URL Hooks. If these implementations do not meet your needs, the framework was designed with extensibility in mind. For more information check out the documentation at:

http://go.cPanel.net/enkwcfhooks

Coming Soon:

The Enkompass team is hard at work building the Addin interface for the Enkompass applications. With the Addin system, third party tools designed to work with Enkompass can be added to the System Administration Interface, Web Site Owner Interface, and Mail Owner Interface. I'll have more information on this soon.

BETA Release of PublicAPI PHP, the cPanel PHP Library, and cPanel PEAR

By David N. on April 8, 2011 8:52 AM

We are pleased to announce that our PublicAPI PHP client is ready! This API query client is the sibling to Cpanel::PublicAPI that was announced last month.

You can download the PublicAPI PHP client at our github repository as well as the new cPanel PEAR channel.

One of the key distinctions of the PublicAPI PHP client class is that it's distributed as part of the cPanel PHP Library. The cPanel PHP library is a collection of PHP classes for interfacing with cPanel systems.

Introduction to cPanel & WHM APIs

By David N. on March 25, 2011 6:45 AM

Application Programming Interfaces (APIs) are fundamental to the cPanel & WHM product. APIs allow developers to perform actions (functions) that source and manipulate data related to cPanel accounts and system utilities. Our APIs are used by the cPanel developers when designing new features and interfaces but are also available to 3rd-party developers. In this post, we'll review the various APIs associated with cPanel and WHM and how you can use them in your own development.

cPanel::PublicAPI

By Matt Dees on March 7, 2011 11:42 AM

Today I posted cPanel::PublicAPI to github.  This is a set of perl modules that allows for easy access into cPanel's APIs from a simple object interface.  This module offers several great features:

* Auto-detection of credentials (when available)

* Support for cPanel's DNS Clustering API

* Support for: cPanel, WHM, webmail and non-cPanel services.

* Minimal dependencies

* BSD Licensed

To get started, you can install cPanel::PublicAPI via CPAN the source is also available on our github repository if you wish to submit patches/changes. I strongly suggest reading the documentation on CPAN to get started.

cPanel 11.30

By Matt Dees on February 25, 2011 3:48 PM

The release of cPanel & WHM version 11.30 in EDGE is right around the corner. With this release we have made numerous changes, added a few features and fixed some bugs. Predominantly, these changes can be encompassed in a few bullet points:

Complete rewrite of update system
Addition of Cpanel::PublicAPI
Removal of Legacy Themes
Several new API calls

Though each of these changes may seem small when listed as bullet points, there are a few details that you, as someone who customizes or integrates with cPanel & WHM should be aware of.

Upcoming Improvements to LivePHP

By Matt Dees on October 18, 2010 4:07 PM

This past week, we have been working to improve livePHP. For those of you not familiar with livePHP, it is a PHP class that allows access to the cPanel & WHM API1 and API2 system within an object-oriented PHP environment.

We improved the backend of the livePHP system to use JSON for socket communication, which utilizes PHP’s native JSON internally. Our testing shows that this is a great deal faster (3X) than the previous XML-based serialization with custom PHP parsing functions.

Our intent has been to maintain compatibility with the legacy interface provided by the cpanel.php class. However when changes of this nature are made, there is always a possibility of conflict. If you have an application, either for your internal use or public distribution, then we would love to get feedback on how this change has improved your product. We recommend that you submit a support request directly to us, so that we can help coordinate your testing. Please reference this article so that we can ensure your request gets the priority it deserves.

It should be noted that this is not available in public builds yet, so a ticket will need to be opened in order to coordinate your testing.

How to integrate applications with cPanel/WHM

By Matt Dees on July 23, 2010 12:03 PM

Do you have a product or service offering that you would like to integrate with cPanel? I can help you with that. We are frequently approached by companies and individuals who have realized the incredible opportunity presented by integrating their offerings with the cPanel & WHM control panel. We are committed to providing a product that can easilybe extended to meet your needs. The sections below contain more information about integrating with cPanel and WHM.

Skipping the WHM Getting Started Wizard

By Matt Dees on May 14, 2010 10:40 AM

In this article we detail the steps required to remove the Getting Started Wizard. Someone may want to do this for the purpose of delivering servers in a "Configured" state.

Spotlight On: API Docs & Writing a cPanel Plugin

By Matt Dees on April 15, 2010 1:43 PM

As of today, cPanel’s API1 and API2 are fully documented. cPanel’s x3 interface is entirely API-driven, meaning that every action you can perform in the cPanel interface is now documented and can be automated through our XML-API or reimplemented in a unique theme.
Accompanying the complete release of our API documentation is a guide called Writing cPanel Plugins. These documents cover all of the steps required to create a cPanel plugin, in addition to some tools you can use.
These tools include:
LivePHP - A PHP class that allows you to use object-oriented programming to access cPanel's APIs
cPanel Template Toolkit (cptt tags) - A template-driven API2 parser that utilizes the Template::Toolkit library, making API2 easier to use.
As always, if you need help, don’t hesitate to post in the Developer Discussion forum.

A General Overview of Database Mapping

By Matt Dees on April 14, 2010 2:28 PM

Inside of 11.25.1 we are introducing a new feature called “database mapping” . Despite the vague name, this feature has huge implications for integrated applications, transfers from non-cPanel servers and custom themes. What this does is remove the restraint of MySQL database and usernames having to be prefixed by the cPanel account’s username.

The benefit of the DB Mapping feature is that when transferring accounts from non-cpanel systems, the database name will now be preserved rather than having to hunt it down in configuration files and waste extra time on account migrations. The other benefit is that users will not longer have the confusion of having their username automatically prefixed to the database name. When they create a database it will be the string that they type into cPanel.

The core DB Mapping functionality has been factored into the cPanel code, however the new behavior is not exposed in the cPanel interface until you enable it, i.e. ‘opt-in.’ This design provides two key benefits. 1) If you’re migrating from a non-cPanel system the database names will stay perfectly intact and 2) It eases the transition from the old, username prefixes, to the new non-prefix database names; you can chose when the best time is to offer this functionality and it’s just a click away.

To enable DB Mapping and remove the prefix behavior, a Tweak Settings toggle as been added. Enabling ones cPanel system will have no effect on pre-existing databases. CPanel interfaces and database creation will still continue to function as it has until you ‘opt-in’ from this Tweak Setting.

The affect of this on themes and integrated applications is that there will be the addition of new API calls to handle the new system of managing databases. Some backwards compatibility may be broken in the move to the new system, so please beware!

We will have a blog post detailing the technical details of this system around the same time that we release 11.25.1 to EDGE.

cPanel Auto Provisioning through Kickstart

By Matt Dees on March 3, 2010 1:52 PM

In my last post I talked about how to create the CentOS/cPanel installer ISO. This information is good, but what if you want to do something more? What if you wanted to pre-configure cPanel? What if you wanted cPanel to automatically use a certain EasyApache profile?

You can easily accomplish this in a way that can be used with any kickstart-based deployment method, not just the ISO image method.

Kickstart works by passing a kickstart file to anaconda (the Red Hat® installer application). This application specifies certain installation options, such as what packages need to be installed, the partitioning layout, etc. Red Hat has documentation on this here and CentOS has a nice “Tips and Tricks” guide here.

These articles cover how to handle the OS configuration aspect of kickstart. But what about the cPanel configuration?

Details

The way that cPanel installs inside of the cpanel-ks.cfg file that we provide is by executing a script on first boot if /var/cpanel does not exist:

cat <<EOM >> /etc/rc.local
    if [ ! -d "/var/cpanel" ]; then
        nohup /home/cpinst/CDinstaller.sh & > /dev/null
    fi
EOM

We will make most of our changes to CDinstaller.sh, where it is embedded inside cpanel-ks.cfg after %post. This way, we can ensure that installation actions are performed at the correct point (e.g. before or after the cPanel installation).

Here is a copy of the CDInstaller.sh file that appears within cpanel-ks.cfg, with comments to show where you should add the pre- and post-installation actions.

cat <<EOM >> /home/cpinst/CDinstaller.sh
#!/bin/bash
function messenger {
echo \$1 >> /dev/console
wall \$1
echo \$1 >> /var/log/cpanel-install-autoinstaller.log
}
if ! nc -z httpupdate.cpanel.net 80 -w 10 > /dev/null; then
messenger "Could not reach httpupdate.cpanel.net, aborting installation. Please resolve this issue and reboot to proceed with installation."
exit
fi
touch /var/log/cpanel-install-thread0.log
touch /var/log/cpanel-install-thread1.log
messenger "Starting CentOS system update"
yum update -y
messenger "Finished CentOS system update, starting cPanel installation"
cd /home/cpinst
## PRE INSTALLATION SECTION
wget http://httpupdate.cpanel.net/latest
mkdir -p /usr/local/cpanel/logs
CPANEL_LOGGER_FILE:/usr/local/cpanel/logs/cpanel-install-autoinstaller.log
sh latest
if [ -d "/var/cpanel" ]; then
mv /etc/motd.orig /etc/motd
messenger "cPanel installation Complete"
fi
## POST INSTALLATION SECTION
EOM

Within the CDinstaller.sh file, we have an additional function that we should note: “messenger”. This function is used for providing status updates to the shell and logs. Anytime an action is added, the messenger function should be used to send a status update.

Setting your branch

The most basic of tasks would be to add a branch. You can easily accomplish this by echoing the string “CPANEL=$branch” to /etc/cpupdate.conf. For example, in the pre-installation section of cpanel-ks.cfg you would add:

messenger “Setting cPanel branch to stable”
echo “CPANEL=stable” > /etc/cpupdate.conf

This will make the installer automatically install cPanel’s stable branch. Valid strings for this parameter are: edge, current, release (The default cPanel installation branch) and stable. You can also disable automatic updates by adding “-manual” to the end of this string (e.g. “CPANEL=stable-manual”).

Configuring cPanel

cPanel’s Tweak Settings configuration is handled by /var/cpanel/cpanel.config. This controls options such as which webmail clients are installed, which nameserver and SMTP dameons to use, and memory limits (see: http://docs.cpanel.net/twiki/bin/view/AllDocumentation/InstallationGuide/AdvancedOptions for more information). To control these settings before installing cPanel, you will need to create the /root/cpanel_profile/cpanel.config file. To view available options, you can look at /var/cpanel/cpanel.config on an existing system.

There are two logical ways to populate the cpanel.config file:

One method of setting options within cpanel.config would be to simply echo values into the file:

mkdir -p /root/cpanel_profile/
messenger “Setting cPanel to use Courier”
echo “mailserver=courier” >> /root/cpanel_profile/cpanel.config

cpanel.config is portable from system to system as it contains no-system specific information. This means that you can generate cpanel.config on anexisting cPanel server, host it on an accessible web server, and use it with CDinstaller.sh:

messenger “Downloading cPanel Profile”
mkdir -p /root/cpanel_profile/
wget -O /root/cpanel_profile/cpanel.config http://somehost/cpanel.config

Warning: It is important to note that the installer is not normally tested with all possible permutations of cpanel.config. Please be aware of this fact and test your configuration before production deployment.

EasyApache Profiles

One thing that I find annoying about provisioning a cPanel server is having to recompile Apache/PHP after cPanel has been installed. Luckily, the installer can provide an EasyApache profile so that Apache/PHP/etc are built with your desired settings when cPanel is installed. The first step to doing this is that you need to generate an EA3 profile on an existing cPanel server:

Log in to WHM.

Click on EasyApache (Apache Update).

Click Start Customizing Based on Profile.

Go through the steps until you reach step 5, and click on Exhaustive options list (at the bottom).

At the very bottom of the exhaustive options list, you will see Save Selections as Custom Profile. Fill out this information, then click on Save Only (DO NOT BUILD).

Click on Go back to profile screen.

Click on More Info next to the profile you created.

Click on Download profile.

This will provide you with an EasyApache profile you can use during the installation of your system. At this point in the pre-installation section of CDinstaller.sh, you can use wget to download the /etc/cp_easyapache_profile.yaml to your system.

messenger “Downloading EA3 Profile”
wget -O /etc/cp_easyapache_profile.yaml http://somehost/someprofile.yaml

Installation of Third-Party Software

I know that a lot of our customers use third-party software (this blog *is* about product integration, isn’t it?). When setting up a server, it would be handy to have some software automatically installed. For example, you can automatically have CSF (ConfigServer’s excellent free firewall for cPanel/WHM) installed by specifying a few extra steps in the %post-installation section:

messenger “Installing CSF”
wget http://www.configserver.com/free/csf.tgz
tar vzxf csf.tgz
cd csf
./install.cpanel.sh
perl -i -pe 's/TESTING\ =\ \"1\"/TESTING\ =\ \"0\"/' /etc/csf/csf.conf
csf -r
cd -

This will install CSF and disable testing mode automatically (which should be fine on a fresh server).

That covers all of the points we will discuss regarding kickstart provisioning in this blog post. In the next post of this series, I will discuss how to automate the Getting Started Wizard in WHM.

« Enkompass | Plugins » | Back to Blog

cPanel Blog

Categories

Recent Entries

Monthly Archives