Home | History | Annotate | Download | only in www 
      1 <?php
      2 
      3 require('config.php');
      4 
      5 $db = new PDO($osu_db);
      6 if (!$db) {
      7    die($sqliteerror);
      8 }
      9 
     10 if (isset($_GET["id"])) {
     11 	$id = $_GET["id"];
     12 	if (!is_numeric($id))
     13 		$id = 0;
     14 } else
     15 	$id = 0;
     16 if (isset($_GET["cmd"]))
     17 	$cmd = $_GET["cmd"];
     18 else
     19 	$cmd = '';
     20 
     21 if ($cmd == 'eventlog' && $id > 0) {
     22 	$row = $db->query("SELECT dump FROM eventlog WHERE rowid=$id")->fetch();
     23 	$dump = $row['dump'];
     24 	if ($dump[0] == '<') {
     25 	  header("Content-type: text/xml");
     26 	  echo "<?xml version=\"1.0\"?>\n";
     27 	  echo $dump;
     28 	} else {
     29 	  header("Content-type: text/plain");
     30 	  echo $dump;
     31 	}
     32 	exit;
     33 }
     34 
     35 if ($cmd == 'mo' && $id > 0) {
     36 	$mo = $_GET["mo"];
     37 	if (!isset($mo))
     38 		exit;
     39 	if ($mo != "devinfo" && $mo != "devdetail" && $mo != "pps")
     40 		exit;
     41 	$row = $db->query("SELECT $mo FROM users WHERE rowid=$id")->fetch();
     42 	header("Content-type: text/xml");
     43 	echo "<?xml version=\"1.0\"?>\n";
     44 	echo $row[$mo];
     45 	exit;
     46 }
     47 
     48 if ($cmd == 'cert' && $id > 0) {
     49 	$row = $db->query("SELECT cert_pem FROM users WHERE rowid=$id")->fetch();
     50 	header("Content-type: text/plain");
     51 	echo $row['cert_pem'];
     52 	exit;
     53 }
     54 
     55 ?>
     56 
     57 <html>
     58 <head><title>HS 2.0 users</title></head>
     59 <body>
     60 
     61 <?php
     62 
     63 if ($cmd == 'subrem-clear' && $id > 0) {
     64 	$db->exec("UPDATE users SET remediation='' WHERE rowid=$id");
     65 }
     66 if ($cmd == 'subrem-add-user' && $id > 0) {
     67 	$db->exec("UPDATE users SET remediation='user' WHERE rowid=$id");
     68 }
     69 if ($cmd == 'subrem-add-machine' && $id > 0) {
     70 	$db->exec("UPDATE users SET remediation='machine' WHERE rowid=$id");
     71 }
     72 if ($cmd == 'subrem-add-reenroll' && $id > 0) {
     73 	$db->exec("UPDATE users SET remediation='reenroll' WHERE rowid=$id");
     74 }
     75 if ($cmd == 'subrem-add-policy' && $id > 0) {
     76 	$db->exec("UPDATE users SET remediation='policy' WHERE rowid=$id");
     77 }
     78 if ($cmd == 'subrem-add-free' && $id > 0) {
     79 	$db->exec("UPDATE users SET remediation='free' WHERE rowid=$id");
     80 }
     81 if ($cmd == 'fetch-pps-on' && $id > 0) {
     82 	$db->exec("UPDATE users SET fetch_pps=1 WHERE rowid=$id");
     83 }
     84 if ($cmd == 'fetch-pps-off' && $id > 0) {
     85 	$db->exec("UPDATE users SET fetch_pps=0 WHERE rowid=$id");
     86 }
     87 if ($cmd == 'reset-pw' && $id > 0) {
     88 	$db->exec("UPDATE users SET password='ChangeMe' WHERE rowid=$id");
     89 }
     90 if ($cmd == "policy" && $id > 0 && isset($_GET["policy"])) {
     91 	$policy = $_GET["policy"];
     92 	if ($policy == "no-policy" ||
     93 	    is_readable("$osu_root/spp/policy/$policy.xml")) {
     94 		$db->exec("UPDATE users SET policy='$policy' WHERE rowid=$id");
     95 	}
     96 }
     97 if ($cmd == "account-type" && $id > 0 && isset($_GET["type"])) {
     98 	$type = $_GET["type"];
     99 	if ($type == "shared")
    100 		$db->exec("UPDATE users SET shared=1 WHERE rowid=$id");
    101 	if ($type == "default")
    102 		$db->exec("UPDATE users SET shared=0 WHERE rowid=$id");
    103 }
    104 
    105 if ($cmd == "set-osu-cred" && $id > 0) {
    106   $osu_user = $_POST["osu_user"];
    107   $osu_password = $_POST["osu_password"];
    108   if (strlen($osu_user) == 0)
    109     $osu_password = "";
    110   $db->exec("UPDATE users SET osu_user='$osu_user', osu_password='$osu_password' WHERE rowid=$id");
    111 }
    112 
    113 if ($cmd == 'clear-t-c' && $id > 0) {
    114 	$db->exec("UPDATE users SET t_c_timestamp=NULL WHERE rowid=$id");
    115 }
    116 
    117 $dump = 0;
    118 
    119 if ($id > 0) {
    120 
    121 if (isset($_GET["dump"])) {
    122 	$dump = $_GET["dump"];
    123 	if (!is_numeric($dump))
    124 		$dump = 0;
    125 } else
    126 	$dump = 0;
    127 
    128 echo "[<a href=\"users.php\">All users</a>] ";
    129 if ($dump == 0)
    130 	echo "[<a href=\"users.php?id=$id&dump=1\">Include debug dump</a>] ";
    131 else
    132 	echo "[<a href=\"users.php?id=$id\">Without debug dump</a>] ";
    133 echo "<br>\n";
    134 
    135 $row = $db->query("SELECT rowid,* FROM users WHERE rowid=$id")->fetch();
    136 
    137 echo "<H3>" . $row['identity'] . "@" . $row['realm'] . "</H3>\n";
    138 
    139 echo "MO: ";
    140 if (strlen($row['devinfo']) > 0) {
    141 	echo "[<a href=\"users.php?cmd=mo&id=$id&mo=devinfo\">DevInfo</a>]\n";
    142 }
    143 if (strlen($row['devdetail']) > 0) {
    144 	echo "[<a href=\"users.php?cmd=mo&id=$id&mo=devdetail\">DevDetail</a>]\n";
    145 }
    146 if (strlen($row['pps']) > 0) {
    147 	echo "[<a href=\"users.php?cmd=mo&id=$id&mo=pps\">PPS</a>]\n";
    148 }
    149 if (strlen($row['cert_pem']) > 0) {
    150 	echo "[<a href=\"users.php?cmd=cert&id=$id\">Certificate</a>]\n";
    151 }
    152 echo "<BR>\n";
    153 
    154 echo "Fetch PPS MO: ";
    155 if ($row['fetch_pps'] == "1") {
    156 	echo "On next connection " .
    157 		"[<a href=\"users.php?cmd=fetch-pps-off&id=$id\">" .
    158 		"do not fetch</a>]<br>\n";
    159 } else {
    160 	echo "Do not fetch " .
    161 		"[<a href=\"users.php?cmd=fetch-pps-on&id=$id\">" .
    162 		"request fetch</a>]<br>\n";
    163 }
    164 
    165 $cert = $row['cert'];
    166 if (strlen($cert) > 0) {
    167   echo "Certificate fingerprint: $cert<br>\n";
    168 }
    169 
    170 echo "Remediation: ";
    171 $rem = $row['remediation'];
    172 if ($rem == "") {
    173 	echo "Not required";
    174 	echo " [<a href=\"users.php?cmd=subrem-add-user&id=" .
    175 		   $row['rowid'] . "\">add:user</a>]";
    176 	echo " [<a href=\"users.php?cmd=subrem-add-machine&id=" .
    177 		   $row['rowid'] . "\">add:machine</a>]";
    178 	if ($row['methods'] == 'TLS') {
    179 		echo " [<a href=\"users.php?cmd=subrem-add-reenroll&id=" .
    180 			   $row['rowid'] . "\">add:reenroll</a>]";
    181 	}
    182 	echo " [<a href=\"users.php?cmd=subrem-add-policy&id=" .
    183 		   $row['rowid'] . "\">add:policy</a>]";
    184 	echo " [<a href=\"users.php?cmd=subrem-add-free&id=" .
    185 		   $row['rowid'] . "\">add:free</a>]";
    186 } else if ($rem == "user") {
    187 	echo "User [<a href=\"users.php?cmd=subrem-clear&id=" .
    188 		       $row['rowid'] . "\">clear</a>]";
    189 } else if ($rem == "policy") {
    190 	echo "Policy [<a href=\"users.php?cmd=subrem-clear&id=" .
    191 		       $row['rowid'] . "\">clear</a>]";
    192 } else if ($rem == "free") {
    193 	echo "Free [<a href=\"users.php?cmd=subrem-clear&id=" .
    194 		       $row['rowid'] . "\">clear</a>]";
    195 } else if ($rem == "reenroll") {
    196 	echo "Reenroll [<a href=\"users.php?cmd=subrem-clear&id=" .
    197 		       $row['rowid'] . "\">clear</a>]";
    198 } else  {
    199 	echo "Machine [<a href=\"users.php?cmd=subrem-clear&id=" .
    200 			  $row['rowid'] . "\">clear</a>]";
    201 }
    202 echo "<br>\n";
    203 
    204 if (strncmp($row['identity'], "cert-", 5) != 0)
    205    echo "Machine managed: " . ($row['machine_managed'] == "1" ? "TRUE" : "FALSE") . "<br>\n";
    206 
    207 echo "<form>Policy: <select name=\"policy\" " .
    208 	"onChange=\"window.location='users.php?cmd=policy&id=" .
    209 	$row['rowid'] . "&policy=' + this.value;\">\n";
    210 echo "<option value=\"" . $row['policy'] . "\" selected>" . $row['policy'] .
    211       "</option>\n";
    212 $files = scandir("$osu_root/spp/policy");
    213 foreach ($files as $file) {
    214 	if (!preg_match("/.xml$/", $file))
    215 		continue;
    216 	if ($file == $row['policy'] . ".xml")
    217 		continue;
    218 	$p = substr($file, 0, -4);
    219 	echo "<option value=\"$p\">$p</option>\n";
    220 }
    221 echo "<option value=\"no-policy\">no policy</option>\n";
    222 echo "</select></form>\n";
    223 
    224 echo "<form>Account type: <select name=\"type\" " .
    225 	"onChange=\"window.location='users.php?cmd=account-type&id=" .
    226 	$row['rowid'] . "&type=' + this.value;\">\n";
    227 if ($row['shared'] > 0) {
    228   $default_sel = "";
    229   $shared_sel = " selected";
    230 } else {
    231   $default_sel = " selected";
    232   $shared_sel = "";
    233 }
    234 echo "<option value=\"default\"$default_sel>default</option>\n";
    235 echo "<option value=\"shared\"$shared_sel>shared</option>\n";
    236 echo "</select></form>\n";
    237 
    238 echo "Phase 2 method(s): " . $row['methods'] . "<br>\n";
    239 
    240 echo "<br>\n";
    241 echo "<a href=\"users.php?cmd=reset-pw&id=" .
    242 	 $row['rowid'] . "\">Reset AAA password</a><br>\n";
    243 
    244 echo "<br>\n";
    245 echo "<form action=\"users.php?cmd=set-osu-cred&id=" . $row['rowid'] .
    246   "\" method=\"POST\">\n";
    247 echo "OSU credentials (if username empty, AAA credentials are used):<br>\n";
    248 echo "username: <input type=\"text\" name=\"osu_user\" value=\"" .
    249   $row['osu_user'] . "\">\n";
    250 echo "password: <input type=\"password\" name=\"osu_password\">\n";
    251 echo "<input type=\"submit\" value=\"Set OSU credentials\">\n";
    252 echo "</form>\n";
    253 
    254 if (strlen($row['t_c_timestamp']) > 0) {
    255 	echo "<br>\n";
    256 	echo "<a href=\"users.php?cmd=clear-t-c&id=" .
    257 		$row['rowid'] .
    258 		"\">Clear Terms and Conditions acceptance</a><br>\n";
    259 }
    260 
    261 echo "<hr>\n";
    262 
    263 $user = $row['identity'];
    264 $osu_user = $row['osu_user'];
    265 $realm = $row['realm'];
    266 }
    267 
    268 if ($id > 0 || ($id == 0 && $cmd == 'eventlog')) {
    269 
    270   if ($id == 0) {
    271     echo "[<a href=\"users.php\">All users</a>] ";
    272     echo "<br>\n";
    273   }
    274 
    275 echo "<table border=1>\n";
    276 echo "<tr>";
    277 if ($id == 0) {
    278   echo "<th>user<th>realm";
    279 }
    280 echo "<th>time<th>address<th>sessionID<th>notes";
    281 if ($dump > 0)
    282 	echo "<th>dump";
    283 echo "\n";
    284 if (isset($_GET["limit"])) {
    285 	$limit = $_GET["limit"];
    286 	if (!is_numeric($limit))
    287 		$limit = 20;
    288 } else
    289 	$limit = 20;
    290 if ($id == 0)
    291   $res = $db->query("SELECT rowid,* FROM eventlog ORDER BY timestamp DESC LIMIT $limit");
    292 else if (strlen($osu_user) > 0)
    293   $res = $db->query("SELECT rowid,* FROM eventlog WHERE (user='$user' OR user='$osu_user') AND realm='$realm' ORDER BY timestamp DESC LIMIT $limit");
    294 else
    295   $res = $db->query("SELECT rowid,* FROM eventlog WHERE user='$user' AND realm='$realm' ORDER BY timestamp DESC LIMIT $limit");
    296 foreach ($res as $row) {
    297 	echo "<tr>";
    298 	if ($id == 0) {
    299 	  echo "<td>" . $row['user'] . "\n";
    300 	  echo "<td>" . $row['realm'] . "\n";
    301 	}
    302 	echo "<td>" . $row['timestamp'] . "\n";
    303 	echo "<td>" . $row['addr'] . "\n";
    304 	echo "<td>" . $row['sessionid'] . "\n";
    305 	echo "<td>" . $row['notes'] . "\n";
    306 	$d = $row['dump'];
    307 	if (strlen($d) > 0) {
    308 		echo "[<a href=\"users.php?cmd=eventlog&id=" . $row['rowid'] .
    309 		  "\">";
    310 		if ($d[0] == '<')
    311 		  echo "XML";
    312 		else
    313 		  echo "txt";
    314 		echo "</a>]\n";
    315 		if ($dump > 0)
    316 			echo "<td>" . htmlspecialchars($d) . "\n";
    317 	}
    318 }
    319 echo "</table>\n";
    320 
    321 }
    322 
    323 
    324 if ($id == 0 && $cmd != 'eventlog') {
    325 
    326 echo "[<a href=\"users.php?cmd=eventlog&limit=50\">Eventlog</a>] ";
    327 echo "<br>\n";
    328 
    329 echo "<table border=1 cellspacing=0 cellpadding=0>\n";
    330 echo "<tr><th>User<th>Realm<th><small>Remediation</small><th>Policy<th><small>Account type</small><th><small>Phase 2 method(s)</small><th>DevId<th>MAC Address<th>T&C\n";
    331 
    332 $res = $db->query('SELECT rowid,* FROM users WHERE (phase2=1 OR methods=\'TLS\') ORDER BY identity');
    333 foreach ($res as $row) {
    334 	echo "<tr><td><a href=\"users.php?id=" . $row['rowid'] . "\"> " .
    335 	    $row['identity'] . " </a>";
    336 	echo "<td>" . $row['realm'];
    337 	$rem = $row['remediation'];
    338 	echo "<td>";
    339 	if ($rem == "") {
    340 		echo "-";
    341 	} else if ($rem == "user") {
    342 		echo "User";
    343 	} else if ($rem == "policy") {
    344 		echo "Policy";
    345 	} else if ($rem == "free") {
    346 		echo "Free";
    347 	} else if ($rem == "reenroll") {
    348 		echo "Reenroll";
    349 	} else  {
    350 		echo "Machine";
    351 	}
    352 	echo "<td>" . $row['policy'];
    353 	if ($row['shared'] > 0)
    354 	  echo "<td>shared";
    355 	else
    356 	  echo "<td>default";
    357 	echo "<td><small>" . $row['methods'] . "</small>";
    358 	echo "<td>";
    359 	$xml = xml_parser_create();
    360 	xml_parse_into_struct($xml, $row['devinfo'], $devinfo);
    361 	foreach($devinfo as $k) {
    362 	  if ($k['tag'] == 'DEVID') {
    363 	    echo "<small>" . $k['value'] . "</small>";
    364 	    break;
    365 	  }
    366 	}
    367 	echo "<td><small>" . $row['mac_addr'] . "</small>";
    368 	echo "<td><small>" . $row['t_c_timestamp'] . "</small>";
    369 	echo "\n";
    370 }
    371 echo "</table>\n";
    372 
    373 }
    374 
    375 ?>
    376 
    377 </html>
    378