<?php require('config.php'); $db = new PDO($osu_db); if (!$db) { die($sqliteerror); } if (isset($_GET["id"])) { $id = $_GET["id"]; if (!is_numeric($id)) $id = 0; } else $id = 0; if (isset($_GET["cmd"])) $cmd = $_GET["cmd"]; else $cmd = ''; if ($cmd == 'eventlog' && $id > 0) { $row = $db->query("SELECT dump FROM eventlog WHERE rowid=$id")->fetch(); $dump = $row['dump']; if ($dump[0] == '<') { header("Content-type: text/xml"); echo "<?xml version=\"1.0\"?>\n"; echo $dump; } else { header("Content-type: text/plain"); echo $dump; } exit; } if ($cmd == 'mo' && $id > 0) { $mo = $_GET["mo"]; if (!isset($mo)) exit; if ($mo != "devinfo" && $mo != "devdetail" && $mo != "pps") exit; $row = $db->query("SELECT $mo FROM users WHERE rowid=$id")->fetch(); header("Content-type: text/xml"); echo "<?xml version=\"1.0\"?>\n"; echo $row[$mo]; exit; } if ($cmd == 'cert' && $id > 0) { $row = $db->query("SELECT cert_pem FROM users WHERE rowid=$id")->fetch(); header("Content-type: text/plain"); echo $row['cert_pem']; exit; } ?> <html> <head><title>HS 2.0 users</title></head> <body> <?php if ($cmd == 'subrem-clear' && $id > 0) { $db->exec("UPDATE users SET remediation='' WHERE rowid=$id"); } if ($cmd == 'subrem-add-user' && $id > 0) { $db->exec("UPDATE users SET remediation='user' WHERE rowid=$id"); } if ($cmd == 'subrem-add-machine' && $id > 0) { $db->exec("UPDATE users SET remediation='machine' WHERE rowid=$id"); } if ($cmd == 'subrem-add-policy' && $id > 0) { $db->exec("UPDATE users SET remediation='policy' WHERE rowid=$id"); } if ($cmd == 'subrem-add-free' && $id > 0) { $db->exec("UPDATE users SET remediation='free' WHERE rowid=$id"); } if ($cmd == 'fetch-pps-on' && $id > 0) { $db->exec("UPDATE users SET fetch_pps=1 WHERE rowid=$id"); } if ($cmd == 'fetch-pps-off' && $id > 0) { $db->exec("UPDATE users SET fetch_pps=0 WHERE rowid=$id"); } if ($cmd == 'reset-pw' && $id > 0) { $db->exec("UPDATE users SET password='ChangeMe' WHERE rowid=$id"); } if ($cmd == "policy" && $id > 0 && isset($_GET["policy"])) { $policy = $_GET["policy"]; if ($policy == "no-policy" || is_readable("$osu_root/spp/policy/$policy.xml")) { $db->exec("UPDATE users SET policy='$policy' WHERE rowid=$id"); } } if ($cmd == "account-type" && $id > 0 && isset($_GET["type"])) { $type = $_GET["type"]; if ($type == "shared") $db->exec("UPDATE users SET shared=1 WHERE rowid=$id"); if ($type == "default") $db->exec("UPDATE users SET shared=0 WHERE rowid=$id"); } if ($cmd == "set-osu-cred" && $id > 0) { $osu_user = $_POST["osu_user"]; $osu_password = $_POST["osu_password"]; if (strlen($osu_user) == 0) $osu_password = ""; $db->exec("UPDATE users SET osu_user='$osu_user', osu_password='$osu_password' WHERE rowid=$id"); } $dump = 0; if ($id > 0) { if (isset($_GET["dump"])) { $dump = $_GET["dump"]; if (!is_numeric($dump)) $dump = 0; } else $dump = 0; echo "[<a href=\"users.php\">All users</a>] "; if ($dump == 0) echo "[<a href=\"users.php?id=$id&dump=1\">Include debug dump</a>] "; else echo "[<a href=\"users.php?id=$id\">Without debug dump</a>] "; echo "<br>\n"; $row = $db->query("SELECT rowid,* FROM users WHERE rowid=$id")->fetch(); echo "<H3>" . $row['identity'] . "@" . $row['realm'] . "</H3>\n"; echo "MO: "; if (strlen($row['devinfo']) > 0) { echo "[<a href=\"users.php?cmd=mo&id=$id&mo=devinfo\">DevInfo</a>]\n"; } if (strlen($row['devdetail']) > 0) { echo "[<a href=\"users.php?cmd=mo&id=$id&mo=devdetail\">DevDetail</a>]\n"; } if (strlen($row['pps']) > 0) { echo "[<a href=\"users.php?cmd=mo&id=$id&mo=pps\">PPS</a>]\n"; } if (strlen($row['cert_pem']) > 0) { echo "[<a href=\"users.php?cmd=cert&id=$id\">Certificate</a>]\n"; } echo "<BR>\n"; echo "Fetch PPS MO: "; if ($row['fetch_pps'] == "1") { echo "On next connection " . "[<a href=\"users.php?cmd=fetch-pps-off&id=$id\">" . "do not fetch</a>]<br>\n"; } else { echo "Do not fetch " . "[<a href=\"users.php?cmd=fetch-pps-on&id=$id\">" . "request fetch</a>]<br>\n"; } $cert = $row['cert']; if (strlen($cert) > 0) { echo "Certificate fingerprint: $cert<br>\n"; } echo "Remediation: "; $rem = $row['remediation']; if ($rem == "") { echo "Not required"; echo " [<a href=\"users.php?cmd=subrem-add-user&id=" . $row['rowid'] . "\">add:user</a>]"; echo " [<a href=\"users.php?cmd=subrem-add-machine&id=" . $row['rowid'] . "\">add:machine</a>]"; echo " [<a href=\"users.php?cmd=subrem-add-policy&id=" . $row['rowid'] . "\">add:policy</a>]"; echo " [<a href=\"users.php?cmd=subrem-add-free&id=" . $row['rowid'] . "\">add:free</a>]"; } else if ($rem == "user") { echo "User [<a href=\"users.php?cmd=subrem-clear&id=" . $row['rowid'] . "\">clear</a>]"; } else if ($rem == "policy") { echo "Policy [<a href=\"users.php?cmd=subrem-clear&id=" . $row['rowid'] . "\">clear</a>]"; } else if ($rem == "free") { echo "Free [<a href=\"users.php?cmd=subrem-clear&id=" . $row['rowid'] . "\">clear</a>]"; } else { echo "Machine [<a href=\"users.php?cmd=subrem-clear&id=" . $row['rowid'] . "\">clear</a>]"; } echo "<br>\n"; echo "<form>Policy: <select name=\"policy\" " . "onChange=\"window.location='users.php?cmd=policy&id=" . $row['rowid'] . "&policy=' + this.value;\">\n"; echo "<option value=\"" . $row['policy'] . "\" selected>" . $row['policy'] . "</option>\n"; $files = scandir("$osu_root/spp/policy"); foreach ($files as $file) { if (!preg_match("/.xml$/", $file)) continue; if ($file == $row['policy'] . ".xml") continue; $p = substr($file, 0, -4); echo "<option value=\"$p\">$p</option>\n"; } echo "<option value=\"no-policy\">no policy</option>\n"; echo "</select></form>\n"; echo "<form>Account type: <select name=\"type\" " . "onChange=\"window.location='users.php?cmd=account-type&id=" . $row['rowid'] . "&type=' + this.value;\">\n"; if ($row['shared'] > 0) { $default_sel = ""; $shared_sel = " selected"; } else { $default_sel = " selected"; $shared_sel = ""; } echo "<option value=\"default\"$default_sel>default</option>\n"; echo "<option value=\"shared\"$shared_sel>shared</option>\n"; echo "</select></form>\n"; echo "Phase 2 method(s): " . $row['methods'] . "<br>\n"; echo "<br>\n"; echo "<a href=\"users.php?cmd=reset-pw&id=" . $row['rowid'] . "\">Reset AAA password</a><br>\n"; echo "<br>\n"; echo "<form action=\"users.php?cmd=set-osu-cred&id=" . $row['rowid'] . "\" method=\"POST\">\n"; echo "OSU credentials (if username empty, AAA credentials are used):<br>\n"; echo "username: <input type=\"text\" name=\"osu_user\" value=\"" . $row['osu_user'] . "\">\n"; echo "password: <input type=\"password\" name=\"osu_password\">\n"; echo "<input type=\"submit\" value=\"Set OSU credentials\">\n"; echo "</form>\n"; echo "<hr>\n"; $user = $row['identity']; $osu_user = $row['osu_user']; $realm = $row['realm']; } if ($id > 0 || ($id == 0 && $cmd == 'eventlog')) { if ($id == 0) { echo "[<a href=\"users.php\">All users</a>] "; echo "<br>\n"; } echo "<table border=1>\n"; echo "<tr>"; if ($id == 0) { echo "<th>user<th>realm"; } echo "<th>time<th>address<th>sessionID<th>notes"; if ($dump > 0) echo "<th>dump"; echo "\n"; if (isset($_GET["limit"])) { $limit = $_GET["limit"]; if (!is_numeric($limit)) $limit = 20; } else $limit = 20; if ($id == 0) $res = $db->query("SELECT rowid,* FROM eventlog ORDER BY timestamp DESC LIMIT $limit"); else if (strlen($osu_user) > 0) $res = $db->query("SELECT rowid,* FROM eventlog WHERE (user='$user' OR user='$osu_user') AND realm='$realm' ORDER BY timestamp DESC LIMIT $limit"); else $res = $db->query("SELECT rowid,* FROM eventlog WHERE user='$user' AND realm='$realm' ORDER BY timestamp DESC LIMIT $limit"); foreach ($res as $row) { echo "<tr>"; if ($id == 0) { echo "<td>" . $row['user'] . "\n"; echo "<td>" . $row['realm'] . "\n"; } echo "<td>" . $row['timestamp'] . "\n"; echo "<td>" . $row['addr'] . "\n"; echo "<td>" . $row['sessionid'] . "\n"; echo "<td>" . $row['notes'] . "\n"; $d = $row['dump']; if (strlen($d) > 0) { echo "[<a href=\"users.php?cmd=eventlog&id=" . $row['rowid'] . "\">"; if ($d[0] == '<') echo "XML"; else echo "txt"; echo "</a>]\n"; if ($dump > 0) echo "<td>" . htmlspecialchars($d) . "\n"; } } echo "</table>\n"; } if ($id == 0 && $cmd != 'eventlog') { echo "[<a href=\"users.php?cmd=eventlog&limit=50\">Eventlog</a>] "; echo "<br>\n"; echo "<table border=1>\n"; echo "<tr><th>User<th>Realm<th>Remediation<th>Policy<th>Account type<th>Phase 2 method(s)<th>DevId\n"; $res = $db->query('SELECT rowid,* FROM users WHERE phase2=1'); foreach ($res as $row) { echo "<tr><td><a href=\"users.php?id=" . $row['rowid'] . "\"> " . $row['identity'] . " </a>"; echo "<td>" . $row['realm']; $rem = $row['remediation']; echo "<td>"; if ($rem == "") { echo "Not required"; } else if ($rem == "user") { echo "User"; } else if ($rem == "policy") { echo "Policy"; } else if ($rem == "free") { echo "Free"; } else { echo "Machine"; } echo "<td>" . $row['policy']; if ($row['shared'] > 0) echo "<td>shared"; else echo "<td>default"; echo "<td>" . $row['methods']; echo "<td>"; $xml = xml_parser_create(); xml_parse_into_struct($xml, $row['devinfo'], $devinfo); foreach($devinfo as $k) { if ($k['tag'] == 'DEVID') { echo $k['value']; break; } } echo "\n"; } echo "</table>\n"; } ?> </html>