1<?php 2 3require('config.php'); 4 5$db = new PDO($osu_db); 6if (!$db) { 7 die($sqliteerror); 8} 9 10if (isset($_GET["id"])) { 11 $id = $_GET["id"]; 12 if (!is_numeric($id)) 13 $id = 0; 14} else 15 $id = 0; 16if (isset($_GET["cmd"])) 17 $cmd = $_GET["cmd"]; 18else 19 $cmd = ''; 20 21if ($cmd == 'eventlog' && $id > 0) { 22 $row = $db->query("SELECT dump FROM eventlog WHERE rowid=$id")->fetch(); 23 $dump = $row['dump']; 24 if ($dump[0] == '<') { 25 header("Content-type: text/xml"); 26 echo "<?xml version=\"1.0\"?>\n"; 27 echo $dump; 28 } else { 29 header("Content-type: text/plain"); 30 echo $dump; 31 } 32 exit; 33} 34 35if ($cmd == 'mo' && $id > 0) { 36 $mo = $_GET["mo"]; 37 if (!isset($mo)) 38 exit; 39 if ($mo != "devinfo" && $mo != "devdetail" && $mo != "pps") 40 exit; 41 $row = $db->query("SELECT $mo FROM users WHERE rowid=$id")->fetch(); 42 header("Content-type: text/xml"); 43 echo "<?xml version=\"1.0\"?>\n"; 44 echo $row[$mo]; 45 exit; 46} 47 48if ($cmd == 'cert' && $id > 0) { 49 $row = $db->query("SELECT cert_pem FROM users WHERE rowid=$id")->fetch(); 50 header("Content-type: text/plain"); 51 echo $row['cert_pem']; 52 exit; 53} 54 55?> 56 57<html> 58<head><title>HS 2.0 users</title></head> 59<body> 60 61<?php 62 63if ($cmd == 'subrem-clear' && $id > 0) { 64 $db->exec("UPDATE users SET remediation='' WHERE rowid=$id"); 65} 66if ($cmd == 'subrem-add-user' && $id > 0) { 67 $db->exec("UPDATE users SET remediation='user' WHERE rowid=$id"); 68} 69if ($cmd == 'subrem-add-machine' && $id > 0) { 70 $db->exec("UPDATE users SET remediation='machine' WHERE rowid=$id"); 71} 72if ($cmd == 'subrem-add-policy' && $id > 0) { 73 $db->exec("UPDATE users SET remediation='policy' WHERE rowid=$id"); 74} 75if ($cmd == 'subrem-add-free' && $id > 0) { 76 $db->exec("UPDATE users SET remediation='free' WHERE rowid=$id"); 77} 78if ($cmd == 'fetch-pps-on' && $id > 0) { 79 $db->exec("UPDATE users SET fetch_pps=1 WHERE rowid=$id"); 80} 81if ($cmd == 'fetch-pps-off' && $id > 0) { 82 $db->exec("UPDATE users SET fetch_pps=0 WHERE rowid=$id"); 83} 84if ($cmd == 'reset-pw' && $id > 0) { 85 $db->exec("UPDATE users SET password='ChangeMe' WHERE rowid=$id"); 86} 87if ($cmd == "policy" && $id > 0 && isset($_GET["policy"])) { 88 $policy = $_GET["policy"]; 89 if ($policy == "no-policy" || 90 is_readable("$osu_root/spp/policy/$policy.xml")) { 91 $db->exec("UPDATE users SET policy='$policy' WHERE rowid=$id"); 92 } 93} 94if ($cmd == "account-type" && $id > 0 && isset($_GET["type"])) { 95 $type = $_GET["type"]; 96 if ($type == "shared") 97 $db->exec("UPDATE users SET shared=1 WHERE rowid=$id"); 98 if ($type == "default") 99 $db->exec("UPDATE users SET shared=0 WHERE rowid=$id"); 100} 101 102if ($cmd == "set-osu-cred" && $id > 0) { 103 $osu_user = $_POST["osu_user"]; 104 $osu_password = $_POST["osu_password"]; 105 if (strlen($osu_user) == 0) 106 $osu_password = ""; 107 $db->exec("UPDATE users SET osu_user='$osu_user', osu_password='$osu_password' WHERE rowid=$id"); 108} 109 110$dump = 0; 111 112if ($id > 0) { 113 114if (isset($_GET["dump"])) { 115 $dump = $_GET["dump"]; 116 if (!is_numeric($dump)) 117 $dump = 0; 118} else 119 $dump = 0; 120 121echo "[<a href=\"users.php\">All users</a>] "; 122if ($dump == 0) 123 echo "[<a href=\"users.php?id=$id&dump=1\">Include debug dump</a>] "; 124else 125 echo "[<a href=\"users.php?id=$id\">Without debug dump</a>] "; 126echo "<br>\n"; 127 128$row = $db->query("SELECT rowid,* FROM users WHERE rowid=$id")->fetch(); 129 130echo "<H3>" . $row['identity'] . "@" . $row['realm'] . "</H3>\n"; 131 132echo "MO: "; 133if (strlen($row['devinfo']) > 0) { 134 echo "[<a href=\"users.php?cmd=mo&id=$id&mo=devinfo\">DevInfo</a>]\n"; 135} 136if (strlen($row['devdetail']) > 0) { 137 echo "[<a href=\"users.php?cmd=mo&id=$id&mo=devdetail\">DevDetail</a>]\n"; 138} 139if (strlen($row['pps']) > 0) { 140 echo "[<a href=\"users.php?cmd=mo&id=$id&mo=pps\">PPS</a>]\n"; 141} 142if (strlen($row['cert_pem']) > 0) { 143 echo "[<a href=\"users.php?cmd=cert&id=$id\">Certificate</a>]\n"; 144} 145echo "<BR>\n"; 146 147echo "Fetch PPS MO: "; 148if ($row['fetch_pps'] == "1") { 149 echo "On next connection " . 150 "[<a href=\"users.php?cmd=fetch-pps-off&id=$id\">" . 151 "do not fetch</a>]<br>\n"; 152} else { 153 echo "Do not fetch " . 154 "[<a href=\"users.php?cmd=fetch-pps-on&id=$id\">" . 155 "request fetch</a>]<br>\n"; 156} 157 158$cert = $row['cert']; 159if (strlen($cert) > 0) { 160 echo "Certificate fingerprint: $cert<br>\n"; 161} 162 163echo "Remediation: "; 164$rem = $row['remediation']; 165if ($rem == "") { 166 echo "Not required"; 167 echo " [<a href=\"users.php?cmd=subrem-add-user&id=" . 168 $row['rowid'] . "\">add:user</a>]"; 169 echo " [<a href=\"users.php?cmd=subrem-add-machine&id=" . 170 $row['rowid'] . "\">add:machine</a>]"; 171 echo " [<a href=\"users.php?cmd=subrem-add-policy&id=" . 172 $row['rowid'] . "\">add:policy</a>]"; 173 echo " [<a href=\"users.php?cmd=subrem-add-free&id=" . 174 $row['rowid'] . "\">add:free</a>]"; 175} else if ($rem == "user") { 176 echo "User [<a href=\"users.php?cmd=subrem-clear&id=" . 177 $row['rowid'] . "\">clear</a>]"; 178} else if ($rem == "policy") { 179 echo "Policy [<a href=\"users.php?cmd=subrem-clear&id=" . 180 $row['rowid'] . "\">clear</a>]"; 181} else if ($rem == "free") { 182 echo "Free [<a href=\"users.php?cmd=subrem-clear&id=" . 183 $row['rowid'] . "\">clear</a>]"; 184} else { 185 echo "Machine [<a href=\"users.php?cmd=subrem-clear&id=" . 186 $row['rowid'] . "\">clear</a>]"; 187} 188echo "<br>\n"; 189 190echo "<form>Policy: <select name=\"policy\" " . 191 "onChange=\"window.location='users.php?cmd=policy&id=" . 192 $row['rowid'] . "&policy=' + this.value;\">\n"; 193echo "<option value=\"" . $row['policy'] . "\" selected>" . $row['policy'] . 194 "</option>\n"; 195$files = scandir("$osu_root/spp/policy"); 196foreach ($files as $file) { 197 if (!preg_match("/.xml$/", $file)) 198 continue; 199 if ($file == $row['policy'] . ".xml") 200 continue; 201 $p = substr($file, 0, -4); 202 echo "<option value=\"$p\">$p</option>\n"; 203} 204echo "<option value=\"no-policy\">no policy</option>\n"; 205echo "</select></form>\n"; 206 207echo "<form>Account type: <select name=\"type\" " . 208 "onChange=\"window.location='users.php?cmd=account-type&id=" . 209 $row['rowid'] . "&type=' + this.value;\">\n"; 210if ($row['shared'] > 0) { 211 $default_sel = ""; 212 $shared_sel = " selected"; 213} else { 214 $default_sel = " selected"; 215 $shared_sel = ""; 216} 217echo "<option value=\"default\"$default_sel>default</option>\n"; 218echo "<option value=\"shared\"$shared_sel>shared</option>\n"; 219echo "</select></form>\n"; 220 221echo "Phase 2 method(s): " . $row['methods'] . "<br>\n"; 222 223echo "<br>\n"; 224echo "<a href=\"users.php?cmd=reset-pw&id=" . 225 $row['rowid'] . "\">Reset AAA password</a><br>\n"; 226 227echo "<br>\n"; 228echo "<form action=\"users.php?cmd=set-osu-cred&id=" . $row['rowid'] . 229 "\" method=\"POST\">\n"; 230echo "OSU credentials (if username empty, AAA credentials are used):<br>\n"; 231echo "username: <input type=\"text\" name=\"osu_user\" value=\"" . 232 $row['osu_user'] . "\">\n"; 233echo "password: <input type=\"password\" name=\"osu_password\">\n"; 234echo "<input type=\"submit\" value=\"Set OSU credentials\">\n"; 235echo "</form>\n"; 236 237echo "<hr>\n"; 238 239$user = $row['identity']; 240$osu_user = $row['osu_user']; 241$realm = $row['realm']; 242} 243 244if ($id > 0 || ($id == 0 && $cmd == 'eventlog')) { 245 246 if ($id == 0) { 247 echo "[<a href=\"users.php\">All users</a>] "; 248 echo "<br>\n"; 249 } 250 251echo "<table border=1>\n"; 252echo "<tr>"; 253if ($id == 0) { 254 echo "<th>user<th>realm"; 255} 256echo "<th>time<th>address<th>sessionID<th>notes"; 257if ($dump > 0) 258 echo "<th>dump"; 259echo "\n"; 260if (isset($_GET["limit"])) { 261 $limit = $_GET["limit"]; 262 if (!is_numeric($limit)) 263 $limit = 20; 264} else 265 $limit = 20; 266if ($id == 0) 267 $res = $db->query("SELECT rowid,* FROM eventlog ORDER BY timestamp DESC LIMIT $limit"); 268else if (strlen($osu_user) > 0) 269 $res = $db->query("SELECT rowid,* FROM eventlog WHERE (user='$user' OR user='$osu_user') AND realm='$realm' ORDER BY timestamp DESC LIMIT $limit"); 270else 271 $res = $db->query("SELECT rowid,* FROM eventlog WHERE user='$user' AND realm='$realm' ORDER BY timestamp DESC LIMIT $limit"); 272foreach ($res as $row) { 273 echo "<tr>"; 274 if ($id == 0) { 275 echo "<td>" . $row['user'] . "\n"; 276 echo "<td>" . $row['realm'] . "\n"; 277 } 278 echo "<td>" . $row['timestamp'] . "\n"; 279 echo "<td>" . $row['addr'] . "\n"; 280 echo "<td>" . $row['sessionid'] . "\n"; 281 echo "<td>" . $row['notes'] . "\n"; 282 $d = $row['dump']; 283 if (strlen($d) > 0) { 284 echo "[<a href=\"users.php?cmd=eventlog&id=" . $row['rowid'] . 285 "\">"; 286 if ($d[0] == '<') 287 echo "XML"; 288 else 289 echo "txt"; 290 echo "</a>]\n"; 291 if ($dump > 0) 292 echo "<td>" . htmlspecialchars($d) . "\n"; 293 } 294} 295echo "</table>\n"; 296 297} 298 299 300if ($id == 0 && $cmd != 'eventlog') { 301 302echo "[<a href=\"users.php?cmd=eventlog&limit=50\">Eventlog</a>] "; 303echo "<br>\n"; 304 305echo "<table border=1>\n"; 306echo "<tr><th>User<th>Realm<th>Remediation<th>Policy<th>Account type<th>Phase 2 method(s)<th>DevId\n"; 307 308$res = $db->query('SELECT rowid,* FROM users WHERE phase2=1'); 309foreach ($res as $row) { 310 echo "<tr><td><a href=\"users.php?id=" . $row['rowid'] . "\"> " . 311 $row['identity'] . " </a>"; 312 echo "<td>" . $row['realm']; 313 $rem = $row['remediation']; 314 echo "<td>"; 315 if ($rem == "") { 316 echo "Not required"; 317 } else if ($rem == "user") { 318 echo "User"; 319 } else if ($rem == "policy") { 320 echo "Policy"; 321 } else if ($rem == "free") { 322 echo "Free"; 323 } else { 324 echo "Machine"; 325 } 326 echo "<td>" . $row['policy']; 327 if ($row['shared'] > 0) 328 echo "<td>shared"; 329 else 330 echo "<td>default"; 331 echo "<td>" . $row['methods']; 332 echo "<td>"; 333 $xml = xml_parser_create(); 334 xml_parse_into_struct($xml, $row['devinfo'], $devinfo); 335 foreach($devinfo as $k) { 336 if ($k['tag'] == 'DEVID') { 337 echo $k['value']; 338 break; 339 } 340 } 341 echo "\n"; 342} 343echo "</table>\n"; 344 345} 346 347?> 348 349</html> 350