mirror of
https://github.com/vanhoefm/fragattacks.git
synced 2025-01-18 10:54:03 -05:00
0f27c20d8d
This is meant mainly for testing purposes and as a reference implementation showing how OSU SPP server could be implemented. This is not suitable for any real production use in its current form. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
350 lines
9.2 KiB
PHP
350 lines
9.2 KiB
PHP
<?php
|
|
|
|
require('config.php');
|
|
|
|
$db = new PDO($osu_db);
|
|
if (!$db) {
|
|
die($sqliteerror);
|
|
}
|
|
|
|
if (isset($_GET["id"])) {
|
|
$id = $_GET["id"];
|
|
if (!is_numeric($id))
|
|
$id = 0;
|
|
} else
|
|
$id = 0;
|
|
if (isset($_GET["cmd"]))
|
|
$cmd = $_GET["cmd"];
|
|
else
|
|
$cmd = '';
|
|
|
|
if ($cmd == 'eventlog' && $id > 0) {
|
|
$row = $db->query("SELECT dump FROM eventlog WHERE rowid=$id")->fetch();
|
|
$dump = $row['dump'];
|
|
if ($dump[0] == '<') {
|
|
header("Content-type: text/xml");
|
|
echo "<?xml version=\"1.0\"?>\n";
|
|
echo $dump;
|
|
} else {
|
|
header("Content-type: text/plain");
|
|
echo $dump;
|
|
}
|
|
exit;
|
|
}
|
|
|
|
if ($cmd == 'mo' && $id > 0) {
|
|
$mo = $_GET["mo"];
|
|
if (!isset($mo))
|
|
exit;
|
|
if ($mo != "devinfo" && $mo != "devdetail" && $mo != "pps")
|
|
exit;
|
|
$row = $db->query("SELECT $mo FROM users WHERE rowid=$id")->fetch();
|
|
header("Content-type: text/xml");
|
|
echo "<?xml version=\"1.0\"?>\n";
|
|
echo $row[$mo];
|
|
exit;
|
|
}
|
|
|
|
if ($cmd == 'cert' && $id > 0) {
|
|
$row = $db->query("SELECT cert_pem FROM users WHERE rowid=$id")->fetch();
|
|
header("Content-type: text/plain");
|
|
echo $row['cert_pem'];
|
|
exit;
|
|
}
|
|
|
|
?>
|
|
|
|
<html>
|
|
<head><title>HS 2.0 users</title></head>
|
|
<body>
|
|
|
|
<?php
|
|
|
|
if ($cmd == 'subrem-clear' && $id > 0) {
|
|
$db->exec("UPDATE users SET remediation='' WHERE rowid=$id");
|
|
}
|
|
if ($cmd == 'subrem-add-user' && $id > 0) {
|
|
$db->exec("UPDATE users SET remediation='user' WHERE rowid=$id");
|
|
}
|
|
if ($cmd == 'subrem-add-machine' && $id > 0) {
|
|
$db->exec("UPDATE users SET remediation='machine' WHERE rowid=$id");
|
|
}
|
|
if ($cmd == 'subrem-add-policy' && $id > 0) {
|
|
$db->exec("UPDATE users SET remediation='policy' WHERE rowid=$id");
|
|
}
|
|
if ($cmd == 'subrem-add-free' && $id > 0) {
|
|
$db->exec("UPDATE users SET remediation='free' WHERE rowid=$id");
|
|
}
|
|
if ($cmd == 'fetch-pps-on' && $id > 0) {
|
|
$db->exec("UPDATE users SET fetch_pps=1 WHERE rowid=$id");
|
|
}
|
|
if ($cmd == 'fetch-pps-off' && $id > 0) {
|
|
$db->exec("UPDATE users SET fetch_pps=0 WHERE rowid=$id");
|
|
}
|
|
if ($cmd == 'reset-pw' && $id > 0) {
|
|
$db->exec("UPDATE users SET password='ChangeMe' WHERE rowid=$id");
|
|
}
|
|
if ($cmd == "policy" && $id > 0 && isset($_GET["policy"])) {
|
|
$policy = $_GET["policy"];
|
|
if ($policy == "no-policy" ||
|
|
is_readable("$osu_root/spp/policy/$policy.xml")) {
|
|
$db->exec("UPDATE users SET policy='$policy' WHERE rowid=$id");
|
|
}
|
|
}
|
|
if ($cmd == "account-type" && $id > 0 && isset($_GET["type"])) {
|
|
$type = $_GET["type"];
|
|
if ($type == "shared")
|
|
$db->exec("UPDATE users SET shared=1 WHERE rowid=$id");
|
|
if ($type == "default")
|
|
$db->exec("UPDATE users SET shared=0 WHERE rowid=$id");
|
|
}
|
|
|
|
if ($cmd == "set-osu-cred" && $id > 0) {
|
|
$osu_user = $_POST["osu_user"];
|
|
$osu_password = $_POST["osu_password"];
|
|
if (strlen($osu_user) == 0)
|
|
$osu_password = "";
|
|
$db->exec("UPDATE users SET osu_user='$osu_user', osu_password='$osu_password' WHERE rowid=$id");
|
|
}
|
|
|
|
$dump = 0;
|
|
|
|
if ($id > 0) {
|
|
|
|
if (isset($_GET["dump"])) {
|
|
$dump = $_GET["dump"];
|
|
if (!is_numeric($dump))
|
|
$dump = 0;
|
|
} else
|
|
$dump = 0;
|
|
|
|
echo "[<a href=\"users.php\">All users</a>] ";
|
|
if ($dump == 0)
|
|
echo "[<a href=\"users.php?id=$id&dump=1\">Include debug dump</a>] ";
|
|
else
|
|
echo "[<a href=\"users.php?id=$id\">Without debug dump</a>] ";
|
|
echo "<br>\n";
|
|
|
|
$row = $db->query("SELECT rowid,* FROM users WHERE rowid=$id")->fetch();
|
|
|
|
echo "<H3>" . $row['identity'] . "@" . $row['realm'] . "</H3>\n";
|
|
|
|
echo "MO: ";
|
|
if (strlen($row['devinfo']) > 0) {
|
|
echo "[<a href=\"users.php?cmd=mo&id=$id&mo=devinfo\">DevInfo</a>]\n";
|
|
}
|
|
if (strlen($row['devdetail']) > 0) {
|
|
echo "[<a href=\"users.php?cmd=mo&id=$id&mo=devdetail\">DevDetail</a>]\n";
|
|
}
|
|
if (strlen($row['pps']) > 0) {
|
|
echo "[<a href=\"users.php?cmd=mo&id=$id&mo=pps\">PPS</a>]\n";
|
|
}
|
|
if (strlen($row['cert_pem']) > 0) {
|
|
echo "[<a href=\"users.php?cmd=cert&id=$id\">Certificate</a>]\n";
|
|
}
|
|
echo "<BR>\n";
|
|
|
|
echo "Fetch PPS MO: ";
|
|
if ($row['fetch_pps'] == "1") {
|
|
echo "On next connection " .
|
|
"[<a href=\"users.php?cmd=fetch-pps-off&id=$id\">" .
|
|
"do not fetch</a>]<br>\n";
|
|
} else {
|
|
echo "Do not fetch " .
|
|
"[<a href=\"users.php?cmd=fetch-pps-on&id=$id\">" .
|
|
"request fetch</a>]<br>\n";
|
|
}
|
|
|
|
$cert = $row['cert'];
|
|
if (strlen($cert) > 0) {
|
|
echo "Certificate fingerprint: $cert<br>\n";
|
|
}
|
|
|
|
echo "Remediation: ";
|
|
$rem = $row['remediation'];
|
|
if ($rem == "") {
|
|
echo "Not required";
|
|
echo " [<a href=\"users.php?cmd=subrem-add-user&id=" .
|
|
$row['rowid'] . "\">add:user</a>]";
|
|
echo " [<a href=\"users.php?cmd=subrem-add-machine&id=" .
|
|
$row['rowid'] . "\">add:machine</a>]";
|
|
echo " [<a href=\"users.php?cmd=subrem-add-policy&id=" .
|
|
$row['rowid'] . "\">add:policy</a>]";
|
|
echo " [<a href=\"users.php?cmd=subrem-add-free&id=" .
|
|
$row['rowid'] . "\">add:free</a>]";
|
|
} else if ($rem == "user") {
|
|
echo "User [<a href=\"users.php?cmd=subrem-clear&id=" .
|
|
$row['rowid'] . "\">clear</a>]";
|
|
} else if ($rem == "policy") {
|
|
echo "Policy [<a href=\"users.php?cmd=subrem-clear&id=" .
|
|
$row['rowid'] . "\">clear</a>]";
|
|
} else if ($rem == "free") {
|
|
echo "Free [<a href=\"users.php?cmd=subrem-clear&id=" .
|
|
$row['rowid'] . "\">clear</a>]";
|
|
} else {
|
|
echo "Machine [<a href=\"users.php?cmd=subrem-clear&id=" .
|
|
$row['rowid'] . "\">clear</a>]";
|
|
}
|
|
echo "<br>\n";
|
|
|
|
echo "<form>Policy: <select name=\"policy\" " .
|
|
"onChange=\"window.location='users.php?cmd=policy&id=" .
|
|
$row['rowid'] . "&policy=' + this.value;\">\n";
|
|
echo "<option value=\"" . $row['policy'] . "\" selected>" . $row['policy'] .
|
|
"</option>\n";
|
|
$files = scandir("$osu_root/spp/policy");
|
|
foreach ($files as $file) {
|
|
if (!preg_match("/.xml$/", $file))
|
|
continue;
|
|
if ($file == $row['policy'] . ".xml")
|
|
continue;
|
|
$p = substr($file, 0, -4);
|
|
echo "<option value=\"$p\">$p</option>\n";
|
|
}
|
|
echo "<option value=\"no-policy\">no policy</option>\n";
|
|
echo "</select></form>\n";
|
|
|
|
echo "<form>Account type: <select name=\"type\" " .
|
|
"onChange=\"window.location='users.php?cmd=account-type&id=" .
|
|
$row['rowid'] . "&type=' + this.value;\">\n";
|
|
if ($row['shared'] > 0) {
|
|
$default_sel = "";
|
|
$shared_sel = " selected";
|
|
} else {
|
|
$default_sel = " selected";
|
|
$shared_sel = "";
|
|
}
|
|
echo "<option value=\"default\"$default_sel>default</option>\n";
|
|
echo "<option value=\"shared\"$shared_sel>shared</option>\n";
|
|
echo "</select></form>\n";
|
|
|
|
echo "Phase 2 method(s): " . $row['methods'] . "<br>\n";
|
|
|
|
echo "<br>\n";
|
|
echo "<a href=\"users.php?cmd=reset-pw&id=" .
|
|
$row['rowid'] . "\">Reset AAA password</a><br>\n";
|
|
|
|
echo "<br>\n";
|
|
echo "<form action=\"users.php?cmd=set-osu-cred&id=" . $row['rowid'] .
|
|
"\" method=\"POST\">\n";
|
|
echo "OSU credentials (if username empty, AAA credentials are used):<br>\n";
|
|
echo "username: <input type=\"text\" name=\"osu_user\" value=\"" .
|
|
$row['osu_user'] . "\">\n";
|
|
echo "password: <input type=\"password\" name=\"osu_password\">\n";
|
|
echo "<input type=\"submit\" value=\"Set OSU credentials\">\n";
|
|
echo "</form>\n";
|
|
|
|
echo "<hr>\n";
|
|
|
|
$user = $row['identity'];
|
|
$osu_user = $row['osu_user'];
|
|
$realm = $row['realm'];
|
|
}
|
|
|
|
if ($id > 0 || ($id == 0 && $cmd == 'eventlog')) {
|
|
|
|
if ($id == 0) {
|
|
echo "[<a href=\"users.php\">All users</a>] ";
|
|
echo "<br>\n";
|
|
}
|
|
|
|
echo "<table border=1>\n";
|
|
echo "<tr>";
|
|
if ($id == 0) {
|
|
echo "<th>user<th>realm";
|
|
}
|
|
echo "<th>time<th>address<th>sessionID<th>notes";
|
|
if ($dump > 0)
|
|
echo "<th>dump";
|
|
echo "\n";
|
|
if (isset($_GET["limit"])) {
|
|
$limit = $_GET["limit"];
|
|
if (!is_numeric($limit))
|
|
$limit = 20;
|
|
} else
|
|
$limit = 20;
|
|
if ($id == 0)
|
|
$res = $db->query("SELECT rowid,* FROM eventlog ORDER BY timestamp DESC LIMIT $limit");
|
|
else if (strlen($osu_user) > 0)
|
|
$res = $db->query("SELECT rowid,* FROM eventlog WHERE (user='$user' OR user='$osu_user') AND realm='$realm' ORDER BY timestamp DESC LIMIT $limit");
|
|
else
|
|
$res = $db->query("SELECT rowid,* FROM eventlog WHERE user='$user' AND realm='$realm' ORDER BY timestamp DESC LIMIT $limit");
|
|
foreach ($res as $row) {
|
|
echo "<tr>";
|
|
if ($id == 0) {
|
|
echo "<td>" . $row['user'] . "\n";
|
|
echo "<td>" . $row['realm'] . "\n";
|
|
}
|
|
echo "<td>" . $row['timestamp'] . "\n";
|
|
echo "<td>" . $row['addr'] . "\n";
|
|
echo "<td>" . $row['sessionid'] . "\n";
|
|
echo "<td>" . $row['notes'] . "\n";
|
|
$d = $row['dump'];
|
|
if (strlen($d) > 0) {
|
|
echo "[<a href=\"users.php?cmd=eventlog&id=" . $row['rowid'] .
|
|
"\">";
|
|
if ($d[0] == '<')
|
|
echo "XML";
|
|
else
|
|
echo "txt";
|
|
echo "</a>]\n";
|
|
if ($dump > 0)
|
|
echo "<td>" . htmlspecialchars($d) . "\n";
|
|
}
|
|
}
|
|
echo "</table>\n";
|
|
|
|
}
|
|
|
|
|
|
if ($id == 0 && $cmd != 'eventlog') {
|
|
|
|
echo "[<a href=\"users.php?cmd=eventlog&limit=50\">Eventlog</a>] ";
|
|
echo "<br>\n";
|
|
|
|
echo "<table border=1>\n";
|
|
echo "<tr><th>User<th>Realm<th>Remediation<th>Policy<th>Account type<th>Phase 2 method(s)<th>DevId\n";
|
|
|
|
$res = $db->query('SELECT rowid,* FROM users WHERE phase2=1');
|
|
foreach ($res as $row) {
|
|
echo "<tr><td><a href=\"users.php?id=" . $row['rowid'] . "\"> " .
|
|
$row['identity'] . " </a>";
|
|
echo "<td>" . $row['realm'];
|
|
$rem = $row['remediation'];
|
|
echo "<td>";
|
|
if ($rem == "") {
|
|
echo "Not required";
|
|
} else if ($rem == "user") {
|
|
echo "User";
|
|
} else if ($rem == "policy") {
|
|
echo "Policy";
|
|
} else if ($rem == "free") {
|
|
echo "Free";
|
|
} else {
|
|
echo "Machine";
|
|
}
|
|
echo "<td>" . $row['policy'];
|
|
if ($row['shared'] > 0)
|
|
echo "<td>shared";
|
|
else
|
|
echo "<td>default";
|
|
echo "<td>" . $row['methods'];
|
|
echo "<td>";
|
|
$xml = xml_parser_create();
|
|
xml_parse_into_struct($xml, $row['devinfo'], $devinfo);
|
|
foreach($devinfo as $k) {
|
|
if ($k['tag'] == 'DEVID') {
|
|
echo $k['value'];
|
|
break;
|
|
}
|
|
}
|
|
echo "\n";
|
|
}
|
|
echo "</table>\n";
|
|
|
|
}
|
|
|
|
?>
|
|
|
|
</html>
|