Blame - hs20/server/www/users.php - android_external_wpa_supplicant_8

blob: c340a33e73af507e6a5c75f056dabc6bdcf519c5 [file] [log] [blame]

Dmitry Shmidt	df5a7e4	2014-04-02 12:59:59 -0700	[diff] [blame]	1	<?php
				2
				3	require('config.php');
				4
				5	$db = new PDO($osu_db);
				6	if (!$db) {
				7	die($sqliteerror);
				8	}
				9
				10	if (isset($_GET["id"])) {
				11	$id = $_GET["id"];
				12	if (!is_numeric($id))
				13	$id = 0;
				14	} else
				15	$id = 0;
				16	if (isset($_GET["cmd"]))
				17	$cmd = $_GET["cmd"];
				18	else
				19	$cmd = '';
				20
				21	if ($cmd == 'eventlog' && $id > 0) {
				22	$row = $db->query("SELECT dump FROM eventlog WHERE rowid=$id")->fetch();
				23	$dump = $row['dump'];
				24	if ($dump[0] == '<') {
				25	header("Content-type: text/xml");
				26	echo "<?xml version=\"1.0\"?>\n";
				27	echo $dump;
				28	} else {
				29	header("Content-type: text/plain");
				30	echo $dump;
				31	}
				32	exit;
				33	}
				34
				35	if ($cmd == 'mo' && $id > 0) {
				36	$mo = $_GET["mo"];
				37	if (!isset($mo))
				38	exit;
				39	if ($mo != "devinfo" && $mo != "devdetail" && $mo != "pps")
				40	exit;
				41	$row = $db->query("SELECT $mo FROM users WHERE rowid=$id")->fetch();
				42	header("Content-type: text/xml");
				43	echo "<?xml version=\"1.0\"?>\n";
				44	echo $row[$mo];
				45	exit;
				46	}
				47
				48	if ($cmd == 'cert' && $id > 0) {
				49	$row = $db->query("SELECT cert_pem FROM users WHERE rowid=$id")->fetch();
				50	header("Content-type: text/plain");
				51	echo $row['cert_pem'];
				52	exit;
				53	}
				54
				55	?>
				56
				57	<html>
				58	<head><title>HS 2.0 users</title></head>
				59	<body>
				60
				61	<?php
				62
				63	if ($cmd == 'subrem-clear' && $id > 0) {
				64	$db->exec("UPDATE users SET remediation='' WHERE rowid=$id");
				65	}
				66	if ($cmd == 'subrem-add-user' && $id > 0) {
				67	$db->exec("UPDATE users SET remediation='user' WHERE rowid=$id");
				68	}
				69	if ($cmd == 'subrem-add-machine' && $id > 0) {
				70	$db->exec("UPDATE users SET remediation='machine' WHERE rowid=$id");
				71	}
				72	if ($cmd == 'subrem-add-policy' && $id > 0) {
				73	$db->exec("UPDATE users SET remediation='policy' WHERE rowid=$id");
				74	}
				75	if ($cmd == 'subrem-add-free' && $id > 0) {
				76	$db->exec("UPDATE users SET remediation='free' WHERE rowid=$id");
				77	}
				78	if ($cmd == 'fetch-pps-on' && $id > 0) {
				79	$db->exec("UPDATE users SET fetch_pps=1 WHERE rowid=$id");
				80	}
				81	if ($cmd == 'fetch-pps-off' && $id > 0) {
				82	$db->exec("UPDATE users SET fetch_pps=0 WHERE rowid=$id");
				83	}
				84	if ($cmd == 'reset-pw' && $id > 0) {
				85	$db->exec("UPDATE users SET password='ChangeMe' WHERE rowid=$id");
				86	}
				87	if ($cmd == "policy" && $id > 0 && isset($_GET["policy"])) {
				88	$policy = $_GET["policy"];
				89	if ($policy == "no-policy" \|\|
				90	is_readable("$osu_root/spp/policy/$policy.xml")) {
				91	$db->exec("UPDATE users SET policy='$policy' WHERE rowid=$id");
				92	}
				93	}
				94	if ($cmd == "account-type" && $id > 0 && isset($_GET["type"])) {
				95	$type = $_GET["type"];
				96	if ($type == "shared")
				97	$db->exec("UPDATE users SET shared=1 WHERE rowid=$id");
				98	if ($type == "default")
				99	$db->exec("UPDATE users SET shared=0 WHERE rowid=$id");
				100	}
				101
				102	if ($cmd == "set-osu-cred" && $id > 0) {
				103	$osu_user = $_POST["osu_user"];
				104	$osu_password = $_POST["osu_password"];
				105	if (strlen($osu_user) == 0)
				106	$osu_password = "";
				107	$db->exec("UPDATE users SET osu_user='$osu_user', osu_password='$osu_password' WHERE rowid=$id");
				108	}
				109
				110	$dump = 0;
				111
				112	if ($id > 0) {
				113
				114	if (isset($_GET["dump"])) {
				115	$dump = $_GET["dump"];
				116	if (!is_numeric($dump))
				117	$dump = 0;
				118	} else
				119	$dump = 0;
				120
				121	echo "[<a href=\"users.php\">All users</a>] ";
				122	if ($dump == 0)
				123	echo "[<a href=\"users.php?id=$id&dump=1\">Include debug dump</a>] ";
				124	else
				125	echo "[<a href=\"users.php?id=$id\">Without debug dump</a>] ";
				126	echo "<br>\n";
				127
				128	$row = $db->query("SELECT rowid,* FROM users WHERE rowid=$id")->fetch();
				129
				130	echo "<H3>" . $row['identity'] . "@" . $row['realm'] . "</H3>\n";
				131
				132	echo "MO: ";
				133	if (strlen($row['devinfo']) > 0) {
				134	echo "[<a href=\"users.php?cmd=mo&id=$id&mo=devinfo\">DevInfo</a>]\n";
				135	}
				136	if (strlen($row['devdetail']) > 0) {
				137	echo "[<a href=\"users.php?cmd=mo&id=$id&mo=devdetail\">DevDetail</a>]\n";
				138	}
				139	if (strlen($row['pps']) > 0) {
				140	echo "[<a href=\"users.php?cmd=mo&id=$id&mo=pps\">PPS</a>]\n";
				141	}
				142	if (strlen($row['cert_pem']) > 0) {
				143	echo "[<a href=\"users.php?cmd=cert&id=$id\">Certificate</a>]\n";
				144	}
				145	echo "<BR>\n";
				146
				147	echo "Fetch PPS MO: ";
				148	if ($row['fetch_pps'] == "1") {
				149	echo "On next connection " .
				150	"[<a href=\"users.php?cmd=fetch-pps-off&id=$id\">" .
				151	"do not fetch</a>]<br>\n";
				152	} else {
				153	echo "Do not fetch " .
				154	"[<a href=\"users.php?cmd=fetch-pps-on&id=$id\">" .
				155	"request fetch</a>]<br>\n";
				156	}
				157
				158	$cert = $row['cert'];
				159	if (strlen($cert) > 0) {
				160	echo "Certificate fingerprint: $cert<br>\n";
				161	}
				162
				163	echo "Remediation: ";
				164	$rem = $row['remediation'];
				165	if ($rem == "") {
				166	echo "Not required";
				167	echo " [<a href=\"users.php?cmd=subrem-add-user&id=" .
				168	$row['rowid'] . "\">add:user</a>]";
				169	echo " [<a href=\"users.php?cmd=subrem-add-machine&id=" .
				170	$row['rowid'] . "\">add:machine</a>]";
				171	echo " [<a href=\"users.php?cmd=subrem-add-policy&id=" .
				172	$row['rowid'] . "\">add:policy</a>]";
				173	echo " [<a href=\"users.php?cmd=subrem-add-free&id=" .
				174	$row['rowid'] . "\">add:free</a>]";
				175	} else if ($rem == "user") {
				176	echo "User [<a href=\"users.php?cmd=subrem-clear&id=" .
				177	$row['rowid'] . "\">clear</a>]";
				178	} else if ($rem == "policy") {
				179	echo "Policy [<a href=\"users.php?cmd=subrem-clear&id=" .
				180	$row['rowid'] . "\">clear</a>]";
				181	} else if ($rem == "free") {
				182	echo "Free [<a href=\"users.php?cmd=subrem-clear&id=" .
				183	$row['rowid'] . "\">clear</a>]";
				184	} else {
				185	echo "Machine [<a href=\"users.php?cmd=subrem-clear&id=" .
				186	$row['rowid'] . "\">clear</a>]";
				187	}
				188	echo "<br>\n";
				189
				190	echo "<form>Policy: <select name=\"policy\" " .
				191	"onChange=\"window.location='users.php?cmd=policy&id=" .
				192	$row['rowid'] . "&policy=' + this.value;\">\n";
				193	echo "<option value=\"" . $row['policy'] . "\" selected>" . $row['policy'] .
				194	"</option>\n";
				195	$files = scandir("$osu_root/spp/policy");
				196	foreach ($files as $file) {
				197	if (!preg_match("/.xml$/", $file))
				198	continue;
				199	if ($file == $row['policy'] . ".xml")
				200	continue;
				201	$p = substr($file, 0, -4);
				202	echo "<option value=\"$p\">$p</option>\n";
				203	}
				204	echo "<option value=\"no-policy\">no policy</option>\n";
				205	echo "</select></form>\n";
				206
				207	echo "<form>Account type: <select name=\"type\" " .
				208	"onChange=\"window.location='users.php?cmd=account-type&id=" .
				209	$row['rowid'] . "&type=' + this.value;\">\n";
				210	if ($row['shared'] > 0) {
				211	$default_sel = "";
				212	$shared_sel = " selected";
				213	} else {
				214	$default_sel = " selected";
				215	$shared_sel = "";
				216	}
				217	echo "<option value=\"default\"$default_sel>default</option>\n";
				218	echo "<option value=\"shared\"$shared_sel>shared</option>\n";
				219	echo "</select></form>\n";
				220
				221	echo "Phase 2 method(s): " . $row['methods'] . "<br>\n";
				222
				223	echo "<br>\n";
				224	echo "<a href=\"users.php?cmd=reset-pw&id=" .
				225	$row['rowid'] . "\">Reset AAA password</a><br>\n";
				226
				227	echo "<br>\n";
				228	echo "<form action=\"users.php?cmd=set-osu-cred&id=" . $row['rowid'] .
				229	"\" method=\"POST\">\n";
				230	echo "OSU credentials (if username empty, AAA credentials are used):<br>\n";
				231	echo "username: <input type=\"text\" name=\"osu_user\" value=\"" .
				232	$row['osu_user'] . "\">\n";
				233	echo "password: <input type=\"password\" name=\"osu_password\">\n";
				234	echo "<input type=\"submit\" value=\"Set OSU credentials\">\n";
				235	echo "</form>\n";
				236
				237	echo "<hr>\n";
				238
				239	$user = $row['identity'];
				240	$osu_user = $row['osu_user'];
				241	$realm = $row['realm'];
				242	}
				243
				244	if ($id > 0 \|\| ($id == 0 && $cmd == 'eventlog')) {
				245
				246	if ($id == 0) {
				247	echo "[<a href=\"users.php\">All users</a>] ";
				248	echo "<br>\n";
				249	}
				250
				251	echo "<table border=1>\n";
				252	echo "<tr>";
				253	if ($id == 0) {
				254	echo "<th>user<th>realm";
				255	}
				256	echo "<th>time<th>address<th>sessionID<th>notes";
				257	if ($dump > 0)
				258	echo "<th>dump";
				259	echo "\n";
				260	if (isset($_GET["limit"])) {
				261	$limit = $_GET["limit"];
				262	if (!is_numeric($limit))
				263	$limit = 20;
				264	} else
				265	$limit = 20;
				266	if ($id == 0)
				267	$res = $db->query("SELECT rowid,* FROM eventlog ORDER BY timestamp DESC LIMIT $limit");
				268	else if (strlen($osu_user) > 0)
				269	$res = $db->query("SELECT rowid,* FROM eventlog WHERE (user='$user' OR user='$osu_user') AND realm='$realm' ORDER BY timestamp DESC LIMIT $limit");
				270	else
				271	$res = $db->query("SELECT rowid,* FROM eventlog WHERE user='$user' AND realm='$realm' ORDER BY timestamp DESC LIMIT $limit");
				272	foreach ($res as $row) {
				273	echo "<tr>";
				274	if ($id == 0) {
				275	echo "<td>" . $row['user'] . "\n";
				276	echo "<td>" . $row['realm'] . "\n";
				277	}
				278	echo "<td>" . $row['timestamp'] . "\n";
				279	echo "<td>" . $row['addr'] . "\n";
				280	echo "<td>" . $row['sessionid'] . "\n";
				281	echo "<td>" . $row['notes'] . "\n";
				282	$d = $row['dump'];
				283	if (strlen($d) > 0) {
				284	echo "[<a href=\"users.php?cmd=eventlog&id=" . $row['rowid'] .
				285	"\">";
				286	if ($d[0] == '<')
				287	echo "XML";
				288	else
				289	echo "txt";
				290	echo "</a>]\n";
				291	if ($dump > 0)
				292	echo "<td>" . htmlspecialchars($d) . "\n";
				293	}
				294	}
				295	echo "</table>\n";
				296
				297	}
				298
				299
				300	if ($id == 0 && $cmd != 'eventlog') {
				301
				302	echo "[<a href=\"users.php?cmd=eventlog&limit=50\">Eventlog</a>] ";
				303	echo "<br>\n";
				304
				305	echo "<table border=1>\n";
				306	echo "<tr><th>User<th>Realm<th>Remediation<th>Policy<th>Account type<th>Phase 2 method(s)<th>DevId\n";
				307
				308	$res = $db->query('SELECT rowid,* FROM users WHERE phase2=1');
				309	foreach ($res as $row) {
				310	echo "<tr><td><a href=\"users.php?id=" . $row['rowid'] . "\"> " .
				311	$row['identity'] . " </a>";
				312	echo "<td>" . $row['realm'];
				313	$rem = $row['remediation'];
				314	echo "<td>";
				315	if ($rem == "") {
				316	echo "Not required";
				317	} else if ($rem == "user") {
				318	echo "User";
				319	} else if ($rem == "policy") {
				320	echo "Policy";
				321	} else if ($rem == "free") {
				322	echo "Free";
				323	} else {
				324	echo "Machine";
				325	}
				326	echo "<td>" . $row['policy'];
				327	if ($row['shared'] > 0)
				328	echo "<td>shared";
				329	else
				330	echo "<td>default";
				331	echo "<td>" . $row['methods'];
				332	echo "<td>";
				333	$xml = xml_parser_create();
				334	xml_parse_into_struct($xml, $row['devinfo'], $devinfo);
				335	foreach($devinfo as $k) {
				336	if ($k['tag'] == 'DEVID') {
				337	echo $k['value'];
				338	break;
				339	}
				340	}
				341	echo "\n";
				342	}
				343	echo "</table>\n";
				344
				345	}
				346
				347	?>
				348
				349	</html>