1<?php 2 3require('config.php'); 4 5$db = new PDO($osu_db); 6if (!$db) { 7 die($sqliteerror); 8} 9 10if (isset($_GET["id"])) { 11 $id = $_GET["id"]; 12 if (!is_numeric($id)) 13 $id = 0; 14} else 15 $id = 0; 16if (isset($_GET["cmd"])) 17 $cmd = $_GET["cmd"]; 18else 19 $cmd = ''; 20 21if ($cmd == 'eventlog' && $id > 0) { 22 $row = $db->query("SELECT dump FROM eventlog WHERE rowid=$id")->fetch(); 23 $dump = $row['dump']; 24 if ($dump[0] == '<') { 25 header("Content-type: text/xml"); 26 echo "<?xml version=\"1.0\"?>\n"; 27 echo $dump; 28 } else { 29 header("Content-type: text/plain"); 30 echo $dump; 31 } 32 exit; 33} 34 35if ($cmd == 'mo' && $id > 0) { 36 $mo = $_GET["mo"]; 37 if (!isset($mo)) 38 exit; 39 if ($mo != "devinfo" && $mo != "devdetail" && $mo != "pps") 40 exit; 41 $row = $db->query("SELECT $mo FROM users WHERE rowid=$id")->fetch(); 42 header("Content-type: text/xml"); 43 echo "<?xml version=\"1.0\"?>\n"; 44 echo $row[$mo]; 45 exit; 46} 47 48if ($cmd == 'cert' && $id > 0) { 49 $row = $db->query("SELECT cert_pem FROM users WHERE rowid=$id")->fetch(); 50 header("Content-type: text/plain"); 51 echo $row['cert_pem']; 52 exit; 53} 54 55?> 56 57<html> 58<head><title>HS 2.0 users</title></head> 59<body> 60 61<?php 62 63if ($cmd == 'subrem-clear' && $id > 0) { 64 $db->exec("UPDATE users SET remediation='' WHERE rowid=$id"); 65} 66if ($cmd == 'subrem-add-user' && $id > 0) { 67 $db->exec("UPDATE users SET remediation='user' WHERE rowid=$id"); 68} 69if ($cmd == 'subrem-add-machine' && $id > 0) { 70 $db->exec("UPDATE users SET remediation='machine' WHERE rowid=$id"); 71} 72if ($cmd == 'subrem-add-reenroll' && $id > 0) { 73 $db->exec("UPDATE users SET remediation='reenroll' WHERE rowid=$id"); 74} 75if ($cmd == 'subrem-add-policy' && $id > 0) { 76 $db->exec("UPDATE users SET remediation='policy' WHERE rowid=$id"); 77} 78if ($cmd == 'subrem-add-free' && $id > 0) { 79 $db->exec("UPDATE users SET remediation='free' WHERE rowid=$id"); 80} 81if ($cmd == 'fetch-pps-on' && $id > 0) { 82 $db->exec("UPDATE users SET fetch_pps=1 WHERE rowid=$id"); 83} 84if ($cmd == 'fetch-pps-off' && $id > 0) { 85 $db->exec("UPDATE users SET fetch_pps=0 WHERE rowid=$id"); 86} 87if ($cmd == 'reset-pw' && $id > 0) { 88 $db->exec("UPDATE users SET password='ChangeMe' WHERE rowid=$id"); 89} 90if ($cmd == "policy" && $id > 0 && isset($_GET["policy"])) { 91 $policy = $_GET["policy"]; 92 if ($policy == "no-policy" || 93 is_readable("$osu_root/spp/policy/$policy.xml")) { 94 $db->exec("UPDATE users SET policy='$policy' WHERE rowid=$id"); 95 } 96} 97if ($cmd == "account-type" && $id > 0 && isset($_GET["type"])) { 98 $type = $_GET["type"]; 99 if ($type == "shared") 100 $db->exec("UPDATE users SET shared=1 WHERE rowid=$id"); 101 if ($type == "default") 102 $db->exec("UPDATE users SET shared=0 WHERE rowid=$id"); 103} 104 105if ($cmd == "set-osu-cred" && $id > 0) { 106 $osu_user = $_POST["osu_user"]; 107 $osu_password = $_POST["osu_password"]; 108 if (strlen($osu_user) == 0) 109 $osu_password = ""; 110 $db->exec("UPDATE users SET osu_user='$osu_user', osu_password='$osu_password' WHERE rowid=$id"); 111} 112 113if ($cmd == 'clear-t-c' && $id > 0) { 114 $db->exec("UPDATE users SET t_c_timestamp=NULL WHERE rowid=$id"); 115} 116 117$dump = 0; 118 119if ($id > 0) { 120 121if (isset($_GET["dump"])) { 122 $dump = $_GET["dump"]; 123 if (!is_numeric($dump)) 124 $dump = 0; 125} else 126 $dump = 0; 127 128echo "[<a href=\"users.php\">All users</a>] "; 129if ($dump == 0) 130 echo "[<a href=\"users.php?id=$id&dump=1\">Include debug dump</a>] "; 131else 132 echo "[<a href=\"users.php?id=$id\">Without debug dump</a>] "; 133echo "<br>\n"; 134 135$row = $db->query("SELECT rowid,* FROM users WHERE rowid=$id")->fetch(); 136 137echo "<H3>" . $row['identity'] . "@" . $row['realm'] . "</H3>\n"; 138 139echo "MO: "; 140if (strlen($row['devinfo']) > 0) { 141 echo "[<a href=\"users.php?cmd=mo&id=$id&mo=devinfo\">DevInfo</a>]\n"; 142} 143if (strlen($row['devdetail']) > 0) { 144 echo "[<a href=\"users.php?cmd=mo&id=$id&mo=devdetail\">DevDetail</a>]\n"; 145} 146if (strlen($row['pps']) > 0) { 147 echo "[<a href=\"users.php?cmd=mo&id=$id&mo=pps\">PPS</a>]\n"; 148} 149if (strlen($row['cert_pem']) > 0) { 150 echo "[<a href=\"users.php?cmd=cert&id=$id\">Certificate</a>]\n"; 151} 152echo "<BR>\n"; 153 154echo "Fetch PPS MO: "; 155if ($row['fetch_pps'] == "1") { 156 echo "On next connection " . 157 "[<a href=\"users.php?cmd=fetch-pps-off&id=$id\">" . 158 "do not fetch</a>]<br>\n"; 159} else { 160 echo "Do not fetch " . 161 "[<a href=\"users.php?cmd=fetch-pps-on&id=$id\">" . 162 "request fetch</a>]<br>\n"; 163} 164 165$cert = $row['cert']; 166if (strlen($cert) > 0) { 167 echo "Certificate fingerprint: $cert<br>\n"; 168} 169 170echo "Remediation: "; 171$rem = $row['remediation']; 172if ($rem == "") { 173 echo "Not required"; 174 echo " [<a href=\"users.php?cmd=subrem-add-user&id=" . 175 $row['rowid'] . "\">add:user</a>]"; 176 echo " [<a href=\"users.php?cmd=subrem-add-machine&id=" . 177 $row['rowid'] . "\">add:machine</a>]"; 178 if ($row['methods'] == 'TLS') { 179 echo " [<a href=\"users.php?cmd=subrem-add-reenroll&id=" . 180 $row['rowid'] . "\">add:reenroll</a>]"; 181 } 182 echo " [<a href=\"users.php?cmd=subrem-add-policy&id=" . 183 $row['rowid'] . "\">add:policy</a>]"; 184 echo " [<a href=\"users.php?cmd=subrem-add-free&id=" . 185 $row['rowid'] . "\">add:free</a>]"; 186} else if ($rem == "user") { 187 echo "User [<a href=\"users.php?cmd=subrem-clear&id=" . 188 $row['rowid'] . "\">clear</a>]"; 189} else if ($rem == "policy") { 190 echo "Policy [<a href=\"users.php?cmd=subrem-clear&id=" . 191 $row['rowid'] . "\">clear</a>]"; 192} else if ($rem == "free") { 193 echo "Free [<a href=\"users.php?cmd=subrem-clear&id=" . 194 $row['rowid'] . "\">clear</a>]"; 195} else if ($rem == "reenroll") { 196 echo "Reenroll [<a href=\"users.php?cmd=subrem-clear&id=" . 197 $row['rowid'] . "\">clear</a>]"; 198} else { 199 echo "Machine [<a href=\"users.php?cmd=subrem-clear&id=" . 200 $row['rowid'] . "\">clear</a>]"; 201} 202echo "<br>\n"; 203 204if (strncmp($row['identity'], "cert-", 5) != 0) 205 echo "Machine managed: " . ($row['machine_managed'] == "1" ? "TRUE" : "FALSE") . "<br>\n"; 206 207echo "<form>Policy: <select name=\"policy\" " . 208 "onChange=\"window.location='users.php?cmd=policy&id=" . 209 $row['rowid'] . "&policy=' + this.value;\">\n"; 210echo "<option value=\"" . $row['policy'] . "\" selected>" . $row['policy'] . 211 "</option>\n"; 212$files = scandir("$osu_root/spp/policy"); 213foreach ($files as $file) { 214 if (!preg_match("/.xml$/", $file)) 215 continue; 216 if ($file == $row['policy'] . ".xml") 217 continue; 218 $p = substr($file, 0, -4); 219 echo "<option value=\"$p\">$p</option>\n"; 220} 221echo "<option value=\"no-policy\">no policy</option>\n"; 222echo "</select></form>\n"; 223 224echo "<form>Account type: <select name=\"type\" " . 225 "onChange=\"window.location='users.php?cmd=account-type&id=" . 226 $row['rowid'] . "&type=' + this.value;\">\n"; 227if ($row['shared'] > 0) { 228 $default_sel = ""; 229 $shared_sel = " selected"; 230} else { 231 $default_sel = " selected"; 232 $shared_sel = ""; 233} 234echo "<option value=\"default\"$default_sel>default</option>\n"; 235echo "<option value=\"shared\"$shared_sel>shared</option>\n"; 236echo "</select></form>\n"; 237 238echo "Phase 2 method(s): " . $row['methods'] . "<br>\n"; 239 240echo "<br>\n"; 241echo "<a href=\"users.php?cmd=reset-pw&id=" . 242 $row['rowid'] . "\">Reset AAA password</a><br>\n"; 243 244echo "<br>\n"; 245echo "<form action=\"users.php?cmd=set-osu-cred&id=" . $row['rowid'] . 246 "\" method=\"POST\">\n"; 247echo "OSU credentials (if username empty, AAA credentials are used):<br>\n"; 248echo "username: <input type=\"text\" name=\"osu_user\" value=\"" . 249 $row['osu_user'] . "\">\n"; 250echo "password: <input type=\"password\" name=\"osu_password\">\n"; 251echo "<input type=\"submit\" value=\"Set OSU credentials\">\n"; 252echo "</form>\n"; 253 254if (strlen($row['t_c_timestamp']) > 0) { 255 echo "<br>\n"; 256 echo "<a href=\"users.php?cmd=clear-t-c&id=" . 257 $row['rowid'] . 258 "\">Clear Terms and Conditions acceptance</a><br>\n"; 259} 260 261echo "<hr>\n"; 262 263$user = $row['identity']; 264$osu_user = $row['osu_user']; 265$realm = $row['realm']; 266} 267 268if ($id > 0 || ($id == 0 && $cmd == 'eventlog')) { 269 270 if ($id == 0) { 271 echo "[<a href=\"users.php\">All users</a>] "; 272 echo "<br>\n"; 273 } 274 275echo "<table border=1>\n"; 276echo "<tr>"; 277if ($id == 0) { 278 echo "<th>user<th>realm"; 279} 280echo "<th>time<th>address<th>sessionID<th>notes"; 281if ($dump > 0) 282 echo "<th>dump"; 283echo "\n"; 284if (isset($_GET["limit"])) { 285 $limit = $_GET["limit"]; 286 if (!is_numeric($limit)) 287 $limit = 20; 288} else 289 $limit = 20; 290if ($id == 0) 291 $res = $db->query("SELECT rowid,* FROM eventlog ORDER BY timestamp DESC LIMIT $limit"); 292else if (strlen($osu_user) > 0) 293 $res = $db->query("SELECT rowid,* FROM eventlog WHERE (user='$user' OR user='$osu_user') AND realm='$realm' ORDER BY timestamp DESC LIMIT $limit"); 294else 295 $res = $db->query("SELECT rowid,* FROM eventlog WHERE user='$user' AND realm='$realm' ORDER BY timestamp DESC LIMIT $limit"); 296foreach ($res as $row) { 297 echo "<tr>"; 298 if ($id == 0) { 299 echo "<td>" . $row['user'] . "\n"; 300 echo "<td>" . $row['realm'] . "\n"; 301 } 302 echo "<td>" . $row['timestamp'] . "\n"; 303 echo "<td>" . $row['addr'] . "\n"; 304 echo "<td>" . $row['sessionid'] . "\n"; 305 echo "<td>" . $row['notes'] . "\n"; 306 $d = $row['dump']; 307 if (strlen($d) > 0) { 308 echo "[<a href=\"users.php?cmd=eventlog&id=" . $row['rowid'] . 309 "\">"; 310 if ($d[0] == '<') 311 echo "XML"; 312 else 313 echo "txt"; 314 echo "</a>]\n"; 315 if ($dump > 0) 316 echo "<td>" . htmlspecialchars($d) . "\n"; 317 } 318} 319echo "</table>\n"; 320 321} 322 323 324if ($id == 0 && $cmd != 'eventlog') { 325 326echo "[<a href=\"users.php?cmd=eventlog&limit=50\">Eventlog</a>] "; 327echo "<br>\n"; 328 329echo "<table border=1 cellspacing=0 cellpadding=0>\n"; 330echo "<tr><th>User<th>Realm<th><small>Remediation</small><th>Policy<th><small>Account type</small><th><small>Phase 2 method(s)</small><th>DevId<th>MAC Address<th>T&C\n"; 331 332$res = $db->query('SELECT rowid,* FROM users WHERE (phase2=1 OR methods=\'TLS\') ORDER BY identity'); 333foreach ($res as $row) { 334 echo "<tr><td><a href=\"users.php?id=" . $row['rowid'] . "\"> " . 335 $row['identity'] . " </a>"; 336 echo "<td>" . $row['realm']; 337 $rem = $row['remediation']; 338 echo "<td>"; 339 if ($rem == "") { 340 echo "-"; 341 } else if ($rem == "user") { 342 echo "User"; 343 } else if ($rem == "policy") { 344 echo "Policy"; 345 } else if ($rem == "free") { 346 echo "Free"; 347 } else if ($rem == "reenroll") { 348 echo "Reenroll"; 349 } else { 350 echo "Machine"; 351 } 352 echo "<td>" . $row['policy']; 353 if ($row['shared'] > 0) 354 echo "<td>shared"; 355 else 356 echo "<td>default"; 357 echo "<td><small>" . $row['methods'] . "</small>"; 358 echo "<td>"; 359 $xml = xml_parser_create(); 360 xml_parse_into_struct($xml, $row['devinfo'], $devinfo); 361 foreach($devinfo as $k) { 362 if ($k['tag'] == 'DEVID') { 363 echo "<small>" . $k['value'] . "</small>"; 364 break; 365 } 366 } 367 echo "<td><small>" . $row['mac_addr'] . "</small>"; 368 echo "<td><small>" . $row['t_c_timestamp'] . "</small>"; 369 echo "\n"; 370} 371echo "</table>\n"; 372 373} 374 375?> 376 377</html> 378