03-10-2013 06:50 PM
Hi Everyone.
I have been playing with a script to effectively write my own PAN user agent for a rather specific reason.
I can confirm that my script generates a valid xml script and I can post it via the api browser and see that the IP address and new username correlate.
The bit where I get stuck is getting cURL to post the the xml file to the api. I am using the following command:
curl --insecure --form file=@output.xml "https://192.168.1.1/api/?type=user-id&action=set&key=INSERT-KEY-HERE"
and receive the following error back:
<response status = 'error' code = '400'><result><msg>No file uploaded</msg></result></response>
any help would be much appreciated thanks!
03-10-2013 07:00 PM
also, when I try this:
wget --no-check-certificate --post-file output.xml "https://192.168.1.1/api/?type=user-id&action=set&client=wget&file-name=output.xml"
the file is processed by the api and I can see the user to ip mapping, however wget continues to retry the command as it is expecting a response
03-10-2013 07:17 PM
I know this is a ridiculous sounding hack, but couldn't you simply set wget's 'retries' option to 1 and call it a day?
‘-t number’ ‘--tries=number’ Set number of retries to number. Specify 0 or ‘inf’ for infinite retrying. The default is to retry 20 times, with the exception of fatal errors like “connection refused” or “not found” (404), which are not retried.
03-10-2013 07:20 PM
definitely wont be calling it a day, but this *may* get me out of the woods for now and only because I am in a hurry
03-10-2013 07:30 PM
Yes I meant "call it a day" as a relative term, just to get it temporarily working 
I suppose the response from the PA should be a 200 'OK' that curl or wget never receives... might be a bug report you have to end up working with support on
03-10-2013 07:32 PM
Looks like a '201 Created' is the correct response to a POST:
asp.net mvc - What is the correct response to an HTTP POST request? - Stack Overflow
If you can get a pcap of the request/response from and to the PA device (you could even pull down the SSL certificate and load it into Wireshark to decrypt the SSL session), and show that the PA never responds appropriately to the HTTP POST that might help your case with support too
03-11-2013 08:05 AM
The behavior you are seeing with cURL is a known issue which has been fixed and is currently targeted to be included in PAN-OS 5.0.4. The open bug number is 48966.
03-11-2013 08:08 AM
Just out of curiosity what's the fix? Is it to respond with an HTTP status code after the POST succeeds?
03-11-2013 08:21 AM
I don't have much detail, but it is related to some validation checks being applied incorrectly when cURL was used. Due to the failed check the device would ignore the uploaded file and not create a user mapping based on the file.
03-11-2013 01:54 PM
Would it be also fair to say that the wget waiting for a response from the PAN and not getting one could be related to this as well?
also, do we have a rough eta on a release date for 5.0.4?
03-11-2013 03:59 PM
ffs 5.0.3 is just out and you already want 5.0.4?
03-11-2013 04:06 PM
There is no ETA on 5.0.4 at this time.
03-11-2013 04:09 PM
only because the fix is described (hopefully) in 5.0.4 
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
