HS 2.0R2: Add example OSU SPP server implementation
This is meant mainly for testing purposes and as a reference implementation showing how OSU SPP server could be implemented. This is not suitable for any real production use in its current form. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
This commit is contained in:
parent
1e03c6cb7d
commit
0f27c20d8d
19 changed files with 3760 additions and 0 deletions
45
hs20/server/Makefile
Normal file
45
hs20/server/Makefile
Normal file
|
@ -0,0 +1,45 @@
|
||||||
|
all: hs20_spp_server
|
||||||
|
|
||||||
|
ifndef CC
|
||||||
|
CC=gcc
|
||||||
|
endif
|
||||||
|
|
||||||
|
ifndef LDO
|
||||||
|
LDO=$(CC)
|
||||||
|
endif
|
||||||
|
|
||||||
|
ifndef CFLAGS
|
||||||
|
CFLAGS = -MMD -O2 -Wall -g
|
||||||
|
endif
|
||||||
|
|
||||||
|
CFLAGS += -I../../src/utils
|
||||||
|
CFLAGS += -I../../src/crypto
|
||||||
|
|
||||||
|
LIBS += -lsqlite3
|
||||||
|
|
||||||
|
# Using glibc < 2.17 requires -lrt for clock_gettime()
|
||||||
|
LIBS += -lrt
|
||||||
|
|
||||||
|
OBJS=spp_server.o
|
||||||
|
OBJS += hs20_spp_server.o
|
||||||
|
OBJS += ../../src/utils/xml-utils.o
|
||||||
|
OBJS += ../../src/utils/base64.o
|
||||||
|
OBJS += ../../src/utils/common.o
|
||||||
|
OBJS += ../../src/utils/os_unix.o
|
||||||
|
OBJS += ../../src/utils/wpa_debug.o
|
||||||
|
OBJS += ../../src/crypto/md5-internal.o
|
||||||
|
CFLAGS += $(shell xml2-config --cflags)
|
||||||
|
LIBS += $(shell xml2-config --libs)
|
||||||
|
OBJS += ../../src/utils/xml_libxml2.o
|
||||||
|
|
||||||
|
hs20_spp_server: $(OBJS)
|
||||||
|
$(LDO) $(LDFLAGS) -o hs20_spp_server $(OBJS) $(LIBS)
|
||||||
|
|
||||||
|
clean:
|
||||||
|
rm -f core *~ *.o *.d hs20_spp_server
|
||||||
|
rm -f ../../src/utils/*.o
|
||||||
|
rm -f ../../src/utils/*.d
|
||||||
|
rm -f ../../src/crypto/*.o
|
||||||
|
rm -f ../../src/crypto/*.d
|
||||||
|
|
||||||
|
-include $(OBJS:%.o=%.d)
|
196
hs20/server/hs20-osu-server.txt
Normal file
196
hs20/server/hs20-osu-server.txt
Normal file
|
@ -0,0 +1,196 @@
|
||||||
|
Hotspot 2.0 OSU server
|
||||||
|
======================
|
||||||
|
|
||||||
|
The information in this document is based on the assumption that Ubuntu
|
||||||
|
12.04 server (64-bit) distribution is used and the web server is
|
||||||
|
Apache2. Neither of these are requirements for the installation, but if
|
||||||
|
other combinations are used, the package names and configuration
|
||||||
|
parameters may need to be adjusted.
|
||||||
|
|
||||||
|
NOTE: This implementation and the example configuration here is meant
|
||||||
|
only for testing purposes in a lab environment. This design is not
|
||||||
|
secure to be installed in a publicly available Internet server without
|
||||||
|
considerable amount of modification and review for security issues.
|
||||||
|
|
||||||
|
NOTE: While this describes use on Ubuntu 12.04, the version of Apache2
|
||||||
|
included in that distribution is not new enough to support all OSU
|
||||||
|
server validation steps. In other words, it may be most adapt the steps
|
||||||
|
described here to Ubuntu 13.10.
|
||||||
|
|
||||||
|
|
||||||
|
Build dependencies
|
||||||
|
------------------
|
||||||
|
|
||||||
|
Ubuntu 12.04 server
|
||||||
|
- default installation
|
||||||
|
- upgraded to latest package versions
|
||||||
|
sudo apt-get update
|
||||||
|
sudo apt-get upgrade
|
||||||
|
|
||||||
|
Packages needed for running the service:
|
||||||
|
sudo apt-get install sqlite3
|
||||||
|
sudo apt-get install apache2
|
||||||
|
sudo apt-get install php5-sqlite libapache2-mod-php5
|
||||||
|
|
||||||
|
Additional packages needed for building the components:
|
||||||
|
sudo apt-get install build-essential
|
||||||
|
sudo apt-get install libsqlite3-dev
|
||||||
|
sudo apt-get install libssl-dev
|
||||||
|
sudo apt-get install libxml2-dev
|
||||||
|
|
||||||
|
|
||||||
|
Installation location
|
||||||
|
---------------------
|
||||||
|
|
||||||
|
Select a location for the installation root directory. The example here
|
||||||
|
assumes /home/user/hs20-server to be used, but this can be changed by
|
||||||
|
editing couple of files as indicated below.
|
||||||
|
|
||||||
|
sudo mkdir -p /home/user/hs20-server
|
||||||
|
sudo chown $USER /home/user/hs20-server
|
||||||
|
mkdir -p /home/user/hs20-server/spp
|
||||||
|
mkdir -p /home/user/hs20-server/AS
|
||||||
|
|
||||||
|
|
||||||
|
Build
|
||||||
|
-----
|
||||||
|
|
||||||
|
# hostapd as RADIUS server
|
||||||
|
cd hostapd
|
||||||
|
|
||||||
|
#example build configuration
|
||||||
|
cat > .config <<EOF
|
||||||
|
CONFIG_DRIVER_NONE=y
|
||||||
|
CONFIG_PKCS12=y
|
||||||
|
CONFIG_RADIUS_SERVER=y
|
||||||
|
CONFIG_EAP=y
|
||||||
|
CONFIG_EAP_TLS=y
|
||||||
|
CONFIG_EAP_MSCHAPV2=y
|
||||||
|
CONFIG_EAP_PEAP=y
|
||||||
|
CONFIG_EAP_GTC=y
|
||||||
|
CONFIG_EAP_TTLS=y
|
||||||
|
CONFIG_EAP_SIM=y
|
||||||
|
CONFIG_EAP_AKA=y
|
||||||
|
CONFIG_EAP_AKA_PRIME=y
|
||||||
|
CONFIG_SQLITE=y
|
||||||
|
CONFIG_HS20=y
|
||||||
|
EOF
|
||||||
|
|
||||||
|
make hostapd hlr_auc_gw
|
||||||
|
cp hostapd hlr_auc_gw /home/user/hs20-server/AS
|
||||||
|
|
||||||
|
# build hs20_spp_server
|
||||||
|
cd ../hs20/server
|
||||||
|
make clean
|
||||||
|
make
|
||||||
|
cp hs20_spp_server /home/user/hs20-server/spp
|
||||||
|
# prepare database (web server user/group needs to have write access)
|
||||||
|
mkdir -p /home/user/hs20-server/AS/DB
|
||||||
|
sudo chgrp www-data /home/user/hs20-server/AS/DB
|
||||||
|
sudo chmod g+w /home/user/hs20-server/AS/DB
|
||||||
|
sqlite3 /home/user/hs20-server/AS/DB/eap_user.db < sql.txt
|
||||||
|
sudo chgrp www-data /home/user/hs20-server/AS/DB/eap_user.db
|
||||||
|
sudo chmod g+w /home/user/hs20-server/AS/DB/eap_user.db
|
||||||
|
# add example configuration (note: need to update URLs to match the system)
|
||||||
|
sqlite3 /home/user/hs20-server/AS/DB/eap_user.db < sql-example.txt
|
||||||
|
|
||||||
|
# copy PHP scripts
|
||||||
|
# Modify config.php if different installation directory is used.
|
||||||
|
# Modify PHP scripts to get the desired behavior for user interaction (or use
|
||||||
|
# the examples as-is for initial testing).
|
||||||
|
cp -r www /home/user/hs20-server
|
||||||
|
|
||||||
|
|
||||||
|
# Configure subscription policies
|
||||||
|
mkdir -p /home/user/hs20-server/spp/policy
|
||||||
|
cat > /home/user/hs20-server/spp/policy/default.xml <<EOF
|
||||||
|
<Policy>
|
||||||
|
<PolicyUpdate>
|
||||||
|
<UpdateInterval>30</UpdateInterval>
|
||||||
|
<UpdateMethod>ClientInitiated</UpdateMethod>
|
||||||
|
<Restriction>Unrestricted</Restriction>
|
||||||
|
<URI>https://policy-server.osu.example.com/hs20/spp.php</URI>
|
||||||
|
</PolicyUpdate>
|
||||||
|
</Policy>
|
||||||
|
EOF
|
||||||
|
|
||||||
|
|
||||||
|
# Install Hotspot 2.0 SPP and OMA DM XML schema/DTD files
|
||||||
|
|
||||||
|
# XML schema for SPP
|
||||||
|
# Copy the latest XML schema into /home/user/hs20-server/spp/spp.xsd
|
||||||
|
|
||||||
|
# OMA DM Device Description Framework DTD
|
||||||
|
# Copy into /home/user/hs20-server/spp/dm_ddf-v1_2.dtd
|
||||||
|
# http://www.openmobilealliance.org/tech/DTD/dm_ddf-v1_2.dtd
|
||||||
|
|
||||||
|
|
||||||
|
# Configure RADIUS authentication service
|
||||||
|
# Note: Change the URL to match the setup
|
||||||
|
# Note: Install AAA server key/certificate and root CA in Key directory
|
||||||
|
|
||||||
|
cat > /home/user/hs20-server/AS/as-sql.conf <<EOF
|
||||||
|
driver=none
|
||||||
|
radius_server_clients=as.radius_clients
|
||||||
|
eap_server=1
|
||||||
|
eap_user_file=sqlite:DB/eap_user.db
|
||||||
|
ca_cert=Key/ca.pem
|
||||||
|
server_cert=Key/server.pem
|
||||||
|
private_key=Key/server.key
|
||||||
|
private_key_passwd=passphrase
|
||||||
|
eap_sim_db=unix:/tmp/hlr_auc_gw.sock db=eap_sim.db
|
||||||
|
subscr_remediation_url=https://subscription-server.osu.example.com/hs20/spp.php
|
||||||
|
EOF
|
||||||
|
|
||||||
|
# Set RADIUS passphrase for the APs
|
||||||
|
# Note: Modify to match the setup
|
||||||
|
cat > /home/user/hs20-server/AS/as.radius_clients <<EOF
|
||||||
|
0.0.0.0/0 radius
|
||||||
|
EOF
|
||||||
|
|
||||||
|
|
||||||
|
Start RADIUS authentication server
|
||||||
|
----------------------------------
|
||||||
|
|
||||||
|
cd /home/user/hs20-server/AS
|
||||||
|
./hostapd -B as-sql.conf
|
||||||
|
|
||||||
|
|
||||||
|
Configure web server
|
||||||
|
--------------------
|
||||||
|
|
||||||
|
Edit /etc/apache2/sites-available/default-ssl
|
||||||
|
|
||||||
|
Add following block just before "SSL Engine Switch" line":
|
||||||
|
|
||||||
|
Alias /hs20/ "/home/user/hs20-server/www/"
|
||||||
|
<Directory "/home/user/hs20-server/www/">
|
||||||
|
Options Indexes MultiViews FollowSymLinks
|
||||||
|
AllowOverride None
|
||||||
|
Order allow,deny
|
||||||
|
Allow from all
|
||||||
|
</Directory>
|
||||||
|
|
||||||
|
Update SSL configuration to use the OSU server certificate/key.
|
||||||
|
|
||||||
|
Enable default-ssl site and restart Apache2:
|
||||||
|
sudo a2ensite default-ssl
|
||||||
|
sudo a2enmod ssl
|
||||||
|
sudo service apache2 restart
|
||||||
|
|
||||||
|
|
||||||
|
Management UI
|
||||||
|
-------------
|
||||||
|
|
||||||
|
The sample PHP scripts include a management UI for testing
|
||||||
|
purposes. That is available at https://<server>/hs20/users.php
|
||||||
|
|
||||||
|
|
||||||
|
AP configuration
|
||||||
|
----------------
|
||||||
|
|
||||||
|
APs can now be configured to use the OSU server as the RADIUS
|
||||||
|
authentication server. In addition, the OSU Provider List ANQP element
|
||||||
|
should be configured to use the SPP (SOAP+XML) option and with the
|
||||||
|
following Server URL:
|
||||||
|
https://<server>/hs20/spp.php/signup?realm=example.com
|
187
hs20/server/hs20_spp_server.c
Normal file
187
hs20/server/hs20_spp_server.c
Normal file
|
@ -0,0 +1,187 @@
|
||||||
|
/*
|
||||||
|
* Hotspot 2.0 SPP server - standalone version
|
||||||
|
* Copyright (c) 2012-2013, Qualcomm Atheros, Inc.
|
||||||
|
*
|
||||||
|
* This software may be distributed under the terms of the BSD license.
|
||||||
|
* See README for more details.
|
||||||
|
*/
|
||||||
|
|
||||||
|
#include "includes.h"
|
||||||
|
#include <time.h>
|
||||||
|
#include <sqlite3.h>
|
||||||
|
|
||||||
|
#include "common.h"
|
||||||
|
#include "xml-utils.h"
|
||||||
|
#include "spp_server.h"
|
||||||
|
|
||||||
|
|
||||||
|
static void write_timestamp(FILE *f)
|
||||||
|
{
|
||||||
|
time_t t;
|
||||||
|
struct tm *tm;
|
||||||
|
|
||||||
|
time(&t);
|
||||||
|
tm = localtime(&t);
|
||||||
|
|
||||||
|
fprintf(f, "%04u-%02u-%02u %02u:%02u:%02u ",
|
||||||
|
tm->tm_year + 1900, tm->tm_mon + 1, tm->tm_mday,
|
||||||
|
tm->tm_hour, tm->tm_min, tm->tm_sec);
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
void debug_print(struct hs20_svc *ctx, int print, const char *fmt, ...)
|
||||||
|
{
|
||||||
|
va_list ap;
|
||||||
|
|
||||||
|
if (ctx->debug_log == NULL)
|
||||||
|
return;
|
||||||
|
|
||||||
|
write_timestamp(ctx->debug_log);
|
||||||
|
va_start(ap, fmt);
|
||||||
|
vfprintf(ctx->debug_log, fmt, ap);
|
||||||
|
va_end(ap);
|
||||||
|
|
||||||
|
fprintf(ctx->debug_log, "\n");
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
void debug_dump_node(struct hs20_svc *ctx, const char *title, xml_node_t *node)
|
||||||
|
{
|
||||||
|
char *str;
|
||||||
|
|
||||||
|
if (ctx->debug_log == NULL)
|
||||||
|
return;
|
||||||
|
str = xml_node_to_str(ctx->xml, node);
|
||||||
|
if (str == NULL)
|
||||||
|
return;
|
||||||
|
|
||||||
|
write_timestamp(ctx->debug_log);
|
||||||
|
fprintf(ctx->debug_log, "%s: '%s'\n", title, str);
|
||||||
|
os_free(str);
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
static int process(struct hs20_svc *ctx)
|
||||||
|
{
|
||||||
|
int dmacc = 0;
|
||||||
|
xml_node_t *soap, *spp, *resp;
|
||||||
|
char *user, *realm, *post, *str;
|
||||||
|
|
||||||
|
ctx->addr = getenv("HS20ADDR");
|
||||||
|
if (ctx->addr)
|
||||||
|
debug_print(ctx, 1, "Connection from %s", ctx->addr);
|
||||||
|
|
||||||
|
user = getenv("HS20USER");
|
||||||
|
if (user && strlen(user) == 0)
|
||||||
|
user = NULL;
|
||||||
|
realm = getenv("HS20REALM");
|
||||||
|
if (realm == NULL) {
|
||||||
|
debug_print(ctx, 1, "HS20REALM not set");
|
||||||
|
return -1;
|
||||||
|
}
|
||||||
|
post = getenv("HS20POST");
|
||||||
|
if (post == NULL) {
|
||||||
|
debug_print(ctx, 1, "HS20POST not set");
|
||||||
|
return -1;
|
||||||
|
}
|
||||||
|
|
||||||
|
soap = xml_node_from_buf(ctx->xml, post);
|
||||||
|
if (soap == NULL) {
|
||||||
|
debug_print(ctx, 1, "Could not parse SOAP data");
|
||||||
|
return -1;
|
||||||
|
}
|
||||||
|
debug_dump_node(ctx, "Received SOAP message", soap);
|
||||||
|
spp = soap_get_body(ctx->xml, soap);
|
||||||
|
if (spp == NULL) {
|
||||||
|
debug_print(ctx, 1, "Could not get SPP message");
|
||||||
|
xml_node_free(ctx->xml, soap);
|
||||||
|
return -1;
|
||||||
|
}
|
||||||
|
debug_dump_node(ctx, "Received SPP message", spp);
|
||||||
|
|
||||||
|
resp = hs20_spp_server_process(ctx, spp, user, realm, dmacc);
|
||||||
|
xml_node_free(ctx->xml, soap);
|
||||||
|
if (resp == NULL && user == NULL) {
|
||||||
|
debug_print(ctx, 1, "Request HTTP authentication");
|
||||||
|
return 2; /* Request authentication */
|
||||||
|
}
|
||||||
|
if (resp == NULL) {
|
||||||
|
debug_print(ctx, 1, "No response");
|
||||||
|
return -1;
|
||||||
|
}
|
||||||
|
|
||||||
|
soap = soap_build_envelope(ctx->xml, resp);
|
||||||
|
if (soap == NULL) {
|
||||||
|
debug_print(ctx, 1, "SOAP envelope building failed");
|
||||||
|
return -1;
|
||||||
|
}
|
||||||
|
str = xml_node_to_str(ctx->xml, soap);
|
||||||
|
xml_node_free(ctx->xml, soap);
|
||||||
|
if (str == NULL) {
|
||||||
|
debug_print(ctx, 1, "Could not get node string");
|
||||||
|
return -1;
|
||||||
|
}
|
||||||
|
printf("%s", str);
|
||||||
|
free(str);
|
||||||
|
|
||||||
|
return 0;
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
static void usage(void)
|
||||||
|
{
|
||||||
|
printf("usage:\n"
|
||||||
|
"hs20_spp_server -r<root directory> [-f<debug log>]\n");
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
int main(int argc, char *argv[])
|
||||||
|
{
|
||||||
|
struct hs20_svc ctx;
|
||||||
|
int ret;
|
||||||
|
|
||||||
|
os_memset(&ctx, 0, sizeof(ctx));
|
||||||
|
for (;;) {
|
||||||
|
int c = getopt(argc, argv, "f:r:");
|
||||||
|
if (c < 0)
|
||||||
|
break;
|
||||||
|
switch (c) {
|
||||||
|
case 'f':
|
||||||
|
if (ctx.debug_log)
|
||||||
|
break;
|
||||||
|
ctx.debug_log = fopen(optarg, "a");
|
||||||
|
if (ctx.debug_log == NULL) {
|
||||||
|
printf("Could not write to %s\n", optarg);
|
||||||
|
return -1;
|
||||||
|
}
|
||||||
|
break;
|
||||||
|
case 'r':
|
||||||
|
ctx.root_dir = optarg;
|
||||||
|
break;
|
||||||
|
default:
|
||||||
|
usage();
|
||||||
|
return -1;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
if (ctx.root_dir == NULL) {
|
||||||
|
usage();
|
||||||
|
return -1;
|
||||||
|
}
|
||||||
|
ctx.xml = xml_node_init_ctx(&ctx, NULL);
|
||||||
|
if (ctx.xml == NULL)
|
||||||
|
return -1;
|
||||||
|
if (hs20_spp_server_init(&ctx) < 0) {
|
||||||
|
xml_node_deinit_ctx(ctx.xml);
|
||||||
|
return -1;
|
||||||
|
}
|
||||||
|
|
||||||
|
ret = process(&ctx);
|
||||||
|
debug_print(&ctx, 1, "process() --> %d", ret);
|
||||||
|
|
||||||
|
xml_node_deinit_ctx(ctx.xml);
|
||||||
|
hs20_spp_server_deinit(&ctx);
|
||||||
|
if (ctx.debug_log)
|
||||||
|
fclose(ctx.debug_log);
|
||||||
|
|
||||||
|
return ret;
|
||||||
|
}
|
2263
hs20/server/spp_server.c
Normal file
2263
hs20/server/spp_server.c
Normal file
File diff suppressed because it is too large
Load diff
32
hs20/server/spp_server.h
Normal file
32
hs20/server/spp_server.h
Normal file
|
@ -0,0 +1,32 @@
|
||||||
|
/*
|
||||||
|
* Hotspot 2.0 SPP server
|
||||||
|
* Copyright (c) 2012-2013, Qualcomm Atheros, Inc.
|
||||||
|
*
|
||||||
|
* This software may be distributed under the terms of the BSD license.
|
||||||
|
* See README for more details.
|
||||||
|
*/
|
||||||
|
|
||||||
|
#ifndef SPP_SERVER_H
|
||||||
|
#define SPP_SERVER_H
|
||||||
|
|
||||||
|
struct hs20_svc {
|
||||||
|
const void *ctx;
|
||||||
|
struct xml_node_ctx *xml;
|
||||||
|
char *root_dir;
|
||||||
|
FILE *debug_log;
|
||||||
|
sqlite3 *db;
|
||||||
|
const char *addr;
|
||||||
|
};
|
||||||
|
|
||||||
|
|
||||||
|
void debug_print(struct hs20_svc *ctx, int print, const char *fmt, ...)
|
||||||
|
__attribute__ ((format (printf, 3, 4)));
|
||||||
|
void debug_dump_node(struct hs20_svc *ctx, const char *title, xml_node_t *node);
|
||||||
|
|
||||||
|
xml_node_t * hs20_spp_server_process(struct hs20_svc *ctx, xml_node_t *node,
|
||||||
|
const char *auth_user,
|
||||||
|
const char *auth_realm, int dmacc);
|
||||||
|
int hs20_spp_server_init(struct hs20_svc *ctx);
|
||||||
|
void hs20_spp_server_deinit(struct hs20_svc *ctx);
|
||||||
|
|
||||||
|
#endif /* SPP_SERVER_H */
|
17
hs20/server/sql-example.txt
Normal file
17
hs20/server/sql-example.txt
Normal file
|
@ -0,0 +1,17 @@
|
||||||
|
INSERT INTO osu_config(realm,field,value) VALUES('example.com','fqdn','example.com');
|
||||||
|
INSERT INTO osu_config(realm,field,value) VALUES('example.com','friendly_name','Example Operator');
|
||||||
|
INSERT INTO osu_config(realm,field,value) VALUES('example.com','spp_http_auth_url','https://subscription-server.osu.example.com/hs20/spp.php?realm=example.com');
|
||||||
|
INSERT INTO osu_config(realm,field,value) VALUES('example.com','trust_root_cert_url','https://osu-server.osu.example.com/hs20/files/spp-root-ca.der');
|
||||||
|
INSERT INTO osu_config(realm,field,value) VALUES('example.com','trust_root_cert_fingerprint','5b393a9246865569485c2605c3304e48212b449367858299beba9384c4cf4647');
|
||||||
|
INSERT INTO osu_config(realm,field,value) VALUES('example.com','aaa_trust_root_cert_url','https://osu-server.osu.example.com/hs20/files/aaa-root-ca.pem');
|
||||||
|
INSERT INTO osu_config(realm,field,value) VALUES('example.com','aaa_trust_root_cert_fingerprint','5b393a9246865569485c2605c3304e48212b449367858299beba9384c4cf4647');
|
||||||
|
INSERT INTO osu_config(realm,field,value) VALUES('example.com','free_account','free');
|
||||||
|
INSERT INTO osu_config(realm,field,value) VALUES('example.com','policy_url','https://subscription-server.osu.example.com/hs20/spp.php?realm=example.com');
|
||||||
|
INSERT INTO osu_config(realm,field,value) VALUES('example.com','remediation_url','https://subscription-server.osu.example.com/hs20/remediation.php?session_id=');
|
||||||
|
INSERT INTO osu_config(realm,field,value) VALUES('example.com','free_remediation_url','https://subscription-server.osu.example.com/hs20/free-remediation.php?session_id=');
|
||||||
|
INSERT INTO osu_config(realm,field,value) VALUES('example.com','signup_url','https://subscription-server.osu.example.com/hs20/signup.php?session_id=');
|
||||||
|
|
||||||
|
|
||||||
|
INSERT INTO users(identity,realm,methods,password,phase2,shared) VALUES('free','example.com','TTLS-MSCHAPV2','free',1,1);
|
||||||
|
|
||||||
|
INSERT INTO wildcards(identity,methods) VALUES('','TTLS,TLS');
|
59
hs20/server/sql.txt
Normal file
59
hs20/server/sql.txt
Normal file
|
@ -0,0 +1,59 @@
|
||||||
|
CREATE TABLE eventlog(
|
||||||
|
user TEXT,
|
||||||
|
realm TEXT,
|
||||||
|
sessionid TEXT COLLATE NOCASE,
|
||||||
|
timestamp TEXT,
|
||||||
|
notes TEXT,
|
||||||
|
dump TEXT,
|
||||||
|
addr TEXT
|
||||||
|
);
|
||||||
|
|
||||||
|
CREATE TABLE sessions(
|
||||||
|
timestamp TEXT,
|
||||||
|
id TEXT COLLATE NOCASE,
|
||||||
|
user TEXT,
|
||||||
|
realm TEXT,
|
||||||
|
password TEXT,
|
||||||
|
machine_managed BOOLEAN,
|
||||||
|
operation INTEGER,
|
||||||
|
type TEXT,
|
||||||
|
pps TEXT,
|
||||||
|
redirect_uri TEXT,
|
||||||
|
devinfo TEXT,
|
||||||
|
devdetail TEXT,
|
||||||
|
cert TEXT,
|
||||||
|
cert_pem TEXT
|
||||||
|
);
|
||||||
|
|
||||||
|
CREATE index sessions_id_index ON sessions(id);
|
||||||
|
|
||||||
|
CREATE TABLE osu_config(
|
||||||
|
realm TEXT,
|
||||||
|
field TEXT,
|
||||||
|
value TEXT
|
||||||
|
);
|
||||||
|
|
||||||
|
CREATE TABLE users(
|
||||||
|
identity TEXT PRIMARY KEY,
|
||||||
|
methods TEXT,
|
||||||
|
password TEXT,
|
||||||
|
machine_managed BOOLEAN,
|
||||||
|
remediation TEXT,
|
||||||
|
phase2 INTEGER,
|
||||||
|
realm TEXT,
|
||||||
|
policy TEXT,
|
||||||
|
devinfo TEXT,
|
||||||
|
devdetail TEXT,
|
||||||
|
pps TEXT,
|
||||||
|
fetch_pps INTEGER,
|
||||||
|
osu_user TEXT,
|
||||||
|
osu_password TEXT,
|
||||||
|
shared INTEGER,
|
||||||
|
cert TEXT,
|
||||||
|
cert_pem TEXT
|
||||||
|
);
|
||||||
|
|
||||||
|
CREATE TABLE wildcards(
|
||||||
|
identity TEXT PRIMARY KEY,
|
||||||
|
methods TEXT
|
||||||
|
);
|
50
hs20/server/www/add-free.php
Normal file
50
hs20/server/www/add-free.php
Normal file
|
@ -0,0 +1,50 @@
|
||||||
|
<?php
|
||||||
|
|
||||||
|
require('config.php');
|
||||||
|
|
||||||
|
$db = new PDO($osu_db);
|
||||||
|
if (!$db) {
|
||||||
|
die($sqliteerror);
|
||||||
|
}
|
||||||
|
|
||||||
|
if (isset($_POST["id"]))
|
||||||
|
$id = preg_replace("/[^a-fA-F0-9]/", "", $_POST["id"]);
|
||||||
|
else
|
||||||
|
die("Missing session id");
|
||||||
|
if (strlen($id) < 32)
|
||||||
|
die("Invalid session id");
|
||||||
|
|
||||||
|
$row = $db->query("SELECT rowid,* FROM sessions WHERE id='$id'")->fetch();
|
||||||
|
if ($row == false) {
|
||||||
|
die("Session not found");
|
||||||
|
}
|
||||||
|
|
||||||
|
$uri = $row['redirect_uri'];
|
||||||
|
$rowid = $row['rowid'];
|
||||||
|
$realm = $row['realm'];
|
||||||
|
|
||||||
|
$row = $db->query("SELECT value FROM osu_config WHERE realm='$realm' AND field='free_account'")->fetch();
|
||||||
|
if (!$row || strlen($row['value']) == 0) {
|
||||||
|
die("Free account disabled");
|
||||||
|
}
|
||||||
|
|
||||||
|
$user = $row['value'];
|
||||||
|
|
||||||
|
$row = $db->query("SELECT password FROM users WHERE identity='$user' AND realm='$realm'")->fetch();
|
||||||
|
if (!$row)
|
||||||
|
die("Free account not found");
|
||||||
|
|
||||||
|
$pw = $row['password'];
|
||||||
|
|
||||||
|
if (!$db->exec("UPDATE sessions SET user='$user', password='$pw', realm='$realm', machine_managed='1' WHERE rowid=$rowid")) {
|
||||||
|
die("Failed to update session database");
|
||||||
|
}
|
||||||
|
|
||||||
|
$db->exec("INSERT INTO eventlog(user,realm,sessionid,timestamp,notes) " .
|
||||||
|
"VALUES ('$user', '$realm', '$id', " .
|
||||||
|
"strftime('%Y-%m-%d %H:%M:%f','now'), " .
|
||||||
|
"'completed user input response for a new PPS MO')");
|
||||||
|
|
||||||
|
header("Location: $uri", true, 302);
|
||||||
|
|
||||||
|
?>
|
56
hs20/server/www/add-mo.php
Normal file
56
hs20/server/www/add-mo.php
Normal file
|
@ -0,0 +1,56 @@
|
||||||
|
<?php
|
||||||
|
|
||||||
|
require('config.php');
|
||||||
|
|
||||||
|
$db = new PDO($osu_db);
|
||||||
|
if (!$db) {
|
||||||
|
die($sqliteerror);
|
||||||
|
}
|
||||||
|
|
||||||
|
if (isset($_POST["id"]))
|
||||||
|
$id = preg_replace("/[^a-fA-F0-9]/", "", $_POST["id"]);
|
||||||
|
else
|
||||||
|
die("Missing session id");
|
||||||
|
|
||||||
|
$user = $_POST["user"];
|
||||||
|
$pw = $_POST["password"];
|
||||||
|
if (strlen($id) < 32 || !isset($user) || !isset($pw)) {
|
||||||
|
die("Invalid POST data");
|
||||||
|
}
|
||||||
|
|
||||||
|
if (strlen($user) < 1 || strncasecmp($user, "cert-", 5) == 0) {
|
||||||
|
echo "<html><body><p><red>Invalid username</red></p>\n";
|
||||||
|
echo "<a href=\"signup.php?session_id=$id\">Try again</a>\n";
|
||||||
|
echo "</body></html>\n";
|
||||||
|
exit;
|
||||||
|
}
|
||||||
|
|
||||||
|
$row = $db->query("SELECT rowid,* FROM sessions WHERE id='$id'")->fetch();
|
||||||
|
if ($row == false) {
|
||||||
|
die("Session not found");
|
||||||
|
}
|
||||||
|
$realm = $row['realm'];
|
||||||
|
|
||||||
|
$userrow = $db->query("SELECT identity FROM users WHERE identity='$user' AND realm='$realm'")->fetch();
|
||||||
|
if ($userrow) {
|
||||||
|
echo "<html><body><p><red>Selected username is not available</red></p>\n";
|
||||||
|
echo "<a href=\"signup.php?session_id=$id\">Try again</a>\n";
|
||||||
|
echo "</body></html>\n";
|
||||||
|
exit;
|
||||||
|
}
|
||||||
|
|
||||||
|
$uri = $row['redirect_uri'];
|
||||||
|
$rowid = $row['rowid'];
|
||||||
|
|
||||||
|
if (!$db->exec("UPDATE sessions SET user='$user', password='$pw', realm='$realm', type='password' WHERE rowid=$rowid")) {
|
||||||
|
die("Failed to update session database");
|
||||||
|
}
|
||||||
|
|
||||||
|
$db->exec("INSERT INTO eventlog(user,realm,sessionid,timestamp,notes) " .
|
||||||
|
"VALUES ('$user', '$realm', '$id', " .
|
||||||
|
"strftime('%Y-%m-%d %H:%M:%f','now'), " .
|
||||||
|
"'completed user input response for a new PPS MO')");
|
||||||
|
|
||||||
|
header("Location: $uri", true, 302);
|
||||||
|
|
||||||
|
?>
|
39
hs20/server/www/cert-enroll.php
Normal file
39
hs20/server/www/cert-enroll.php
Normal file
|
@ -0,0 +1,39 @@
|
||||||
|
<?php
|
||||||
|
|
||||||
|
require('config.php');
|
||||||
|
|
||||||
|
$db = new PDO($osu_db);
|
||||||
|
if (!$db) {
|
||||||
|
die($sqliteerror);
|
||||||
|
}
|
||||||
|
|
||||||
|
if (isset($_GET["id"]))
|
||||||
|
$id = preg_replace("/[^a-fA-F0-9]/", "", $_GET["id"]);
|
||||||
|
else
|
||||||
|
die("Missing session id");
|
||||||
|
if (strlen($id) < 32)
|
||||||
|
die("Invalid session id");
|
||||||
|
|
||||||
|
$row = $db->query("SELECT rowid,* FROM sessions WHERE id='$id'")->fetch();
|
||||||
|
if ($row == false) {
|
||||||
|
die("Session not found");
|
||||||
|
}
|
||||||
|
|
||||||
|
$uri = $row['redirect_uri'];
|
||||||
|
$rowid = $row['rowid'];
|
||||||
|
$realm = $row['realm'];
|
||||||
|
|
||||||
|
$user = sha1(mt_rand());
|
||||||
|
|
||||||
|
if (!$db->exec("UPDATE sessions SET user='$user', type='cert' WHERE rowid=$rowid")) {
|
||||||
|
die("Failed to update session database");
|
||||||
|
}
|
||||||
|
|
||||||
|
$db->exec("INSERT INTO eventlog(user,realm,sessionid,timestamp,notes) " .
|
||||||
|
"VALUES ('', '$realm', '$id', " .
|
||||||
|
"strftime('%Y-%m-%d %H:%M:%f','now'), " .
|
||||||
|
"'completed user input response for client certificate enrollment')");
|
||||||
|
|
||||||
|
header("Location: $uri", true, 302);
|
||||||
|
|
||||||
|
?>
|
4
hs20/server/www/config.php
Normal file
4
hs20/server/www/config.php
Normal file
|
@ -0,0 +1,4 @@
|
||||||
|
<?php
|
||||||
|
$osu_root = "/home/user/hs20-server";
|
||||||
|
$osu_db = "sqlite:$osu_root/AS/DB/eap_user.db";
|
||||||
|
?>
|
198
hs20/server/www/est.php
Normal file
198
hs20/server/www/est.php
Normal file
|
@ -0,0 +1,198 @@
|
||||||
|
<?php
|
||||||
|
|
||||||
|
require('config.php');
|
||||||
|
|
||||||
|
$params = split("/", $_SERVER["PATH_INFO"], 3);
|
||||||
|
$realm = $params[1];
|
||||||
|
$cmd = $params[2];
|
||||||
|
$method = $_SERVER["REQUEST_METHOD"];
|
||||||
|
|
||||||
|
unset($user);
|
||||||
|
unset($rowid);
|
||||||
|
|
||||||
|
if (!empty($_SERVER['PHP_AUTH_DIGEST'])) {
|
||||||
|
$needed = array('nonce'=>1, 'nc'=>1, 'cnonce'=>1, 'qop'=>1, 'username'=>1,
|
||||||
|
'uri'=>1, 'response'=>1);
|
||||||
|
$data = array();
|
||||||
|
$keys = implode('|', array_keys($needed));
|
||||||
|
preg_match_all('@(' . $keys . ')=(?:([\'"])([^\2]+?)\2|([^\s,]+))@',
|
||||||
|
$_SERVER['PHP_AUTH_DIGEST'], $matches, PREG_SET_ORDER);
|
||||||
|
foreach ($matches as $m) {
|
||||||
|
$data[$m[1]] = $m[3] ? $m[3] : $m[4];
|
||||||
|
unset($needed[$m[1]]);
|
||||||
|
}
|
||||||
|
if ($needed) {
|
||||||
|
error_log("EST: Missing auth parameter");
|
||||||
|
die('Authentication failed');
|
||||||
|
}
|
||||||
|
$user = $data['username'];
|
||||||
|
if (strlen($user) < 1) {
|
||||||
|
error_log("EST: Empty username");
|
||||||
|
die('Authentication failed');
|
||||||
|
}
|
||||||
|
|
||||||
|
$db = new PDO($osu_db);
|
||||||
|
if (!$db) {
|
||||||
|
error_log("EST: Could not access database");
|
||||||
|
die("Could not access database");
|
||||||
|
}
|
||||||
|
|
||||||
|
$sql = "SELECT rowid,password,operation FROM sessions " .
|
||||||
|
"WHERE user='$user' AND realm='$realm'";
|
||||||
|
$q = $db->query($sql);
|
||||||
|
if (!$q) {
|
||||||
|
error_log("EST: Session not found for user=$user realm=$realm");
|
||||||
|
die("Session not found");
|
||||||
|
}
|
||||||
|
$row = $q->fetch();
|
||||||
|
if (!$row) {
|
||||||
|
error_log("EST: Session fetch failed for user=$user realm=$realm");
|
||||||
|
die('Session not found');
|
||||||
|
}
|
||||||
|
$rowid = $row['rowid'];
|
||||||
|
|
||||||
|
$oper = $row['operation'];
|
||||||
|
if ($oper != '5') {
|
||||||
|
error_log("EST: Unexpected operation $oper for user=$user realm=$realm");
|
||||||
|
die("Session not found");
|
||||||
|
}
|
||||||
|
$pw = $row['password'];
|
||||||
|
if (strlen($pw) < 1) {
|
||||||
|
error_log("EST: Empty password for user=$user realm=$realm");
|
||||||
|
die('Authentication failed');
|
||||||
|
}
|
||||||
|
|
||||||
|
$A1 = md5($user . ':' . $realm . ':' . $pw);
|
||||||
|
$A2 = md5($method . ':' . $data['uri']);
|
||||||
|
$resp = md5($A1 . ':' . $data['nonce'] . ':' . $data['nc'] . ':' .
|
||||||
|
$data['cnonce'] . ':' . $data['qop'] . ':' . $A2);
|
||||||
|
if ($data['response'] != $resp) {
|
||||||
|
error_log("EST: Incorrect authentication response for user=$user realm=$realm");
|
||||||
|
die('Authentication failed');
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
if ($method == "GET" && $cmd == "cacerts") {
|
||||||
|
$fname = "$osu_root/est/$realm-cacerts.pkcs7";
|
||||||
|
if (!file_exists($fname)) {
|
||||||
|
error_log("EST: cacerts - unknown realm $realm");
|
||||||
|
die("Unknown realm");
|
||||||
|
}
|
||||||
|
|
||||||
|
header("Content-Transfer-Encoding: base64");
|
||||||
|
header("Content-Type: application/pkcs7-mime");
|
||||||
|
|
||||||
|
$data = file_get_contents($fname);
|
||||||
|
echo wordwrap(base64_encode($data), 72, "\n", true);
|
||||||
|
echo "\n";
|
||||||
|
error_log("EST: cacerts");
|
||||||
|
} else if ($method == "GET" && $cmd == "csrattrs") {
|
||||||
|
header("Content-Transfer-Encoding: base64");
|
||||||
|
header("Content-Type: application/csrattrs");
|
||||||
|
readfile("$osu_root/est/est-attrs.b64");
|
||||||
|
error_log("EST: csrattrs");
|
||||||
|
} else if ($method == "POST" && $cmd == "simpleenroll") {
|
||||||
|
if (!isset($user) || strlen($user) == 0) {
|
||||||
|
header('HTTP/1.1 401 Unauthorized');
|
||||||
|
header('WWW-Authenticate: Digest realm="'.$realm.
|
||||||
|
'",qop="auth",nonce="'.uniqid().'",opaque="'.md5($realm).'"');
|
||||||
|
error_log("EST: simpleenroll - require authentication");
|
||||||
|
die('Authentication required');
|
||||||
|
}
|
||||||
|
if (!isset($_SERVER["CONTENT_TYPE"])) {
|
||||||
|
error_log("EST: simpleenroll without Content-Type");
|
||||||
|
die("Missing Content-Type");
|
||||||
|
}
|
||||||
|
if (!stristr($_SERVER["CONTENT_TYPE"], "application/pkcs10")) {
|
||||||
|
error_log("EST: simpleenroll - unexpected Content-Type: " .
|
||||||
|
$_SERVER["CONTENT_TYPE"]);
|
||||||
|
die("Unexpected Content-Type");
|
||||||
|
}
|
||||||
|
|
||||||
|
$data = file_get_contents("php://input");
|
||||||
|
error_log("EST: simpleenroll - POST data from php://input: " . $data);
|
||||||
|
$req = base64_decode($data);
|
||||||
|
if ($req == FALSE) {
|
||||||
|
error_log("EST: simpleenroll - Invalid base64-encoded PKCS#10 data");
|
||||||
|
die("Invalid base64-encoded PKCS#10 data");
|
||||||
|
}
|
||||||
|
$cadir = "$osu_root/est";
|
||||||
|
$reqfile = "$cadir/tmp/cert-req.pkcs10";
|
||||||
|
$f = fopen($reqfile, "wb");
|
||||||
|
fwrite($f, $req);
|
||||||
|
fclose($f);
|
||||||
|
|
||||||
|
$req_pem = "$reqfile.pem";
|
||||||
|
if (file_exists($req_pem))
|
||||||
|
unlink($req_pem);
|
||||||
|
exec("openssl req -in $reqfile -inform DER -out $req_pem -outform PEM");
|
||||||
|
if (!file_exists($req_pem)) {
|
||||||
|
error_log("EST: simpleenroll - Failed to parse certificate request");
|
||||||
|
die("Failed to parse certificate request");
|
||||||
|
}
|
||||||
|
|
||||||
|
/* FIX: validate request and add HS 2.0 extensions to cert */
|
||||||
|
$cert_pem = "$cadir/tmp/req-signed.pem";
|
||||||
|
if (file_exists($cert_pem))
|
||||||
|
unlink($cert_pem);
|
||||||
|
exec("openssl x509 -req -in $req_pem -CAkey $cadir/cakey.pem -out $cert_pem -CA $cadir/cacert.pem -CAserial $cadir/serial -days 365 -text");
|
||||||
|
if (!file_exists($cert_pem)) {
|
||||||
|
error_log("EST: simpleenroll - Failed to sign certificate");
|
||||||
|
die("Failed to sign certificate");
|
||||||
|
}
|
||||||
|
|
||||||
|
$cert = file_get_contents($cert_pem);
|
||||||
|
$handle = popen("openssl x509 -in $cert_pem -serial -noout", "r");
|
||||||
|
$serial = fread($handle, 200);
|
||||||
|
pclose($handle);
|
||||||
|
$pattern = "/serial=(?P<snhex>[0-9a-fA-F:]*)/m";
|
||||||
|
preg_match($pattern, $serial, $matches);
|
||||||
|
if (!isset($matches['snhex']) || strlen($matches['snhex']) < 1) {
|
||||||
|
error_log("EST: simpleenroll - Could not get serial number");
|
||||||
|
die("Could not get serial number");
|
||||||
|
}
|
||||||
|
$sn = str_replace(":", "", strtoupper($matches['snhex']));
|
||||||
|
|
||||||
|
$user = "cert-$sn";
|
||||||
|
error_log("EST: user = $user");
|
||||||
|
|
||||||
|
$cert_der = "$cadir/tmp/req-signed.der";
|
||||||
|
if (file_exists($cert_der))
|
||||||
|
unlink($cert_der);
|
||||||
|
exec("openssl x509 -in $cert_pem -inform PEM -out $cert_der -outform DER");
|
||||||
|
if (!file_exists($cert_der)) {
|
||||||
|
error_log("EST: simpleenroll - Failed to convert certificate");
|
||||||
|
die("Failed to convert certificate");
|
||||||
|
}
|
||||||
|
$der = file_get_contents($cert_der);
|
||||||
|
$fingerprint = hash("sha256", $der);
|
||||||
|
|
||||||
|
$pkcs7 = "$cadir/tmp/est-client.pkcs7";
|
||||||
|
if (file_exists($pkcs7))
|
||||||
|
unlink($pkcs7);
|
||||||
|
exec("openssl crl2pkcs7 -nocrl -certfile $cert_pem -out $pkcs7 -outform DER");
|
||||||
|
if (!file_exists($pkcs7)) {
|
||||||
|
error_log("EST: simpleenroll - Failed to prepare PKCS#7 file");
|
||||||
|
die("Failed to prepare PKCS#7 file");
|
||||||
|
}
|
||||||
|
|
||||||
|
if (!$db->exec("UPDATE sessions SET user='$user', cert='$fingerprint', cert_pem='$cert' WHERE rowid=$rowid")) {
|
||||||
|
error_log("EST: simpleenroll - Failed to update session database");
|
||||||
|
die("Failed to update session database");
|
||||||
|
}
|
||||||
|
|
||||||
|
header("Content-Transfer-Encoding: base64");
|
||||||
|
header("Content-Type: application/pkcs7-mime");
|
||||||
|
|
||||||
|
$data = file_get_contents($pkcs7);
|
||||||
|
$resp = wordwrap(base64_encode($data), 72, "\n", true);
|
||||||
|
echo $resp . "\n";
|
||||||
|
error_log("EST: simpleenroll - PKCS#7 response: " . $resp);
|
||||||
|
} else {
|
||||||
|
header("HTTP/1.0 404 Not Found");
|
||||||
|
error_log("EST: Unexpected method or path");
|
||||||
|
die("Unexpected method or path");
|
||||||
|
}
|
||||||
|
|
||||||
|
?>
|
19
hs20/server/www/free-remediation.php
Normal file
19
hs20/server/www/free-remediation.php
Normal file
|
@ -0,0 +1,19 @@
|
||||||
|
<html>
|
||||||
|
<head>
|
||||||
|
<title>Hotspot 2.0 - public and free hotspot - remediation</title>
|
||||||
|
</head>
|
||||||
|
<body>
|
||||||
|
|
||||||
|
<h3>Hotspot 2.0 - public and free hotspot</h3>
|
||||||
|
|
||||||
|
<p>Terms and conditions have changed. You need to accept the new terms
|
||||||
|
to continue using this network.</p>
|
||||||
|
|
||||||
|
<p>Terms and conditions..</p>
|
||||||
|
|
||||||
|
<?php
|
||||||
|
echo "<a href=\"redirect.php?id=" . $_GET["session_id"] . "\">Accept</a><br>\n";
|
||||||
|
?>
|
||||||
|
|
||||||
|
</body>
|
||||||
|
</html>
|
23
hs20/server/www/free.php
Normal file
23
hs20/server/www/free.php
Normal file
|
@ -0,0 +1,23 @@
|
||||||
|
<html>
|
||||||
|
<head>
|
||||||
|
<title>Hotspot 2.0 - public and free hotspot</title>
|
||||||
|
</head>
|
||||||
|
<body>
|
||||||
|
|
||||||
|
<?php
|
||||||
|
|
||||||
|
$id = $_GET["session_id"];
|
||||||
|
|
||||||
|
echo "<h3>Hotspot 2.0 - public and free hotspot</h3>\n";
|
||||||
|
|
||||||
|
echo "<form action=\"add-free.php\" method=\"POST\">\n";
|
||||||
|
echo "<input type=\"hidden\" name=\"id\" value=\"$id\">\n";
|
||||||
|
|
||||||
|
?>
|
||||||
|
|
||||||
|
<p>Terms and conditions..</p>
|
||||||
|
<input type="submit" value="Accept">
|
||||||
|
</form>
|
||||||
|
|
||||||
|
</body>
|
||||||
|
</html>
|
32
hs20/server/www/redirect.php
Normal file
32
hs20/server/www/redirect.php
Normal file
|
@ -0,0 +1,32 @@
|
||||||
|
<?php
|
||||||
|
|
||||||
|
require('config.php');
|
||||||
|
|
||||||
|
$db = new PDO($osu_db);
|
||||||
|
if (!$db) {
|
||||||
|
die($sqliteerror);
|
||||||
|
}
|
||||||
|
|
||||||
|
if (isset($_GET["id"]))
|
||||||
|
$id = preg_replace("/[^a-fA-F0-9]/", "", $_GET["id"]);
|
||||||
|
else
|
||||||
|
$id = 0;
|
||||||
|
|
||||||
|
$row = $db->query("SELECT rowid,* FROM sessions WHERE id='$id'")->fetch();
|
||||||
|
if ($row == false) {
|
||||||
|
die("Session not found");
|
||||||
|
}
|
||||||
|
|
||||||
|
$uri = $row['redirect_uri'];
|
||||||
|
|
||||||
|
header("Location: $uri", true, 302);
|
||||||
|
|
||||||
|
$user = $row['user'];
|
||||||
|
$realm = $row['realm'];
|
||||||
|
|
||||||
|
$db->exec("INSERT INTO eventlog(user,realm,sessionid,timestamp,notes) " .
|
||||||
|
"VALUES ('$user', '$realm', '$id', " .
|
||||||
|
"strftime('%Y-%m-%d %H:%M:%f','now'), " .
|
||||||
|
"'redirected after user input')");
|
||||||
|
|
||||||
|
?>
|
18
hs20/server/www/remediation.php
Normal file
18
hs20/server/www/remediation.php
Normal file
|
@ -0,0 +1,18 @@
|
||||||
|
<html>
|
||||||
|
<head>
|
||||||
|
<title>Hotspot 2.0 subscription remediation</title>
|
||||||
|
</head>
|
||||||
|
<body>
|
||||||
|
|
||||||
|
<?php
|
||||||
|
|
||||||
|
echo "SessionID: " . $_GET["session_id"] . "<br>\n";
|
||||||
|
|
||||||
|
echo "<a href=\"redirect.php?id=" . $_GET["session_id"] . "\">Complete user subscription remediation</a><br>\n";
|
||||||
|
|
||||||
|
?>
|
||||||
|
|
||||||
|
This will provide a new machine-generated password.
|
||||||
|
|
||||||
|
</body>
|
||||||
|
</html>
|
46
hs20/server/www/signup.php
Normal file
46
hs20/server/www/signup.php
Normal file
|
@ -0,0 +1,46 @@
|
||||||
|
<html>
|
||||||
|
<head>
|
||||||
|
<title>Hotspot 2.0 signup</title>
|
||||||
|
</head>
|
||||||
|
<body>
|
||||||
|
|
||||||
|
<?php
|
||||||
|
|
||||||
|
$id = $_GET["session_id"];
|
||||||
|
|
||||||
|
require('config.php');
|
||||||
|
|
||||||
|
$db = new PDO($osu_db);
|
||||||
|
if (!$db) {
|
||||||
|
die($sqliteerror);
|
||||||
|
}
|
||||||
|
|
||||||
|
$row = $db->query("SELECT realm FROM sessions WHERE id='$id'")->fetch();
|
||||||
|
if ($row == false) {
|
||||||
|
die("Session not found");
|
||||||
|
}
|
||||||
|
$realm = $row['realm'];
|
||||||
|
|
||||||
|
echo "<h3>Sign up for a subscription - $realm</h3>\n";
|
||||||
|
|
||||||
|
$row = $db->query("SELECT value FROM osu_config WHERE realm='$realm' AND field='free_account'")->fetch();
|
||||||
|
if ($row && strlen($row['value']) > 0) {
|
||||||
|
echo "<p><a href=\"free.php?session_id=$id\">Sign up for free access</a></p>\n";
|
||||||
|
}
|
||||||
|
|
||||||
|
echo "<form action=\"add-mo.php\" method=\"POST\">\n";
|
||||||
|
echo "<input type=\"hidden\" name=\"id\" value=\"$id\">\n";
|
||||||
|
?>
|
||||||
|
Select a username and password. Leave password empty to get automatically
|
||||||
|
generated and machine managed password.<br>
|
||||||
|
Username: <input type="text" name="user"><br>
|
||||||
|
Password: <input type="password" name="password"><br>
|
||||||
|
<input type="submit" value="Complete subscription registration">
|
||||||
|
</form>
|
||||||
|
|
||||||
|
<?php
|
||||||
|
echo "<p><a href=\"cert-enroll.php?id=$id\">Enroll a client certificate</a></p>\n"
|
||||||
|
?>
|
||||||
|
|
||||||
|
</body>
|
||||||
|
</html>
|
127
hs20/server/www/spp.php
Normal file
127
hs20/server/www/spp.php
Normal file
|
@ -0,0 +1,127 @@
|
||||||
|
<?php
|
||||||
|
|
||||||
|
require('config.php');
|
||||||
|
|
||||||
|
if (!stristr($_SERVER["CONTENT_TYPE"], "application/soap+xml")) {
|
||||||
|
error_log("spp.php - Unexpected Content-Type " . $_SERVER["CONTENT_TYPE"]);
|
||||||
|
die("Unexpected Content-Type");
|
||||||
|
}
|
||||||
|
|
||||||
|
if ($_SERVER["REQUEST_METHOD"] != "POST") {
|
||||||
|
error_log("spp.php - Unexpected method " . $_SERVER["REQUEST_METHOD"]);
|
||||||
|
die("Unexpected method");
|
||||||
|
}
|
||||||
|
|
||||||
|
if (isset($_GET["realm"])) {
|
||||||
|
$realm = $_GET["realm"];
|
||||||
|
$realm = PREG_REPLACE("/[^0-9a-zA-Z\.\-]/i", '', $realm);
|
||||||
|
} else {
|
||||||
|
error_log("spp.php - Realm not specified");
|
||||||
|
die("Realm not specified");
|
||||||
|
}
|
||||||
|
|
||||||
|
unset($user);
|
||||||
|
putenv("HS20CERT");
|
||||||
|
|
||||||
|
if (!empty($_SERVER['PHP_AUTH_DIGEST'])) {
|
||||||
|
$needed = array('nonce'=>1, 'nc'=>1, 'cnonce'=>1, 'qop'=>1, 'username'=>1,
|
||||||
|
'uri'=>1, 'response'=>1);
|
||||||
|
$data = array();
|
||||||
|
$keys = implode('|', array_keys($needed));
|
||||||
|
preg_match_all('@(' . $keys . ')=(?:([\'"])([^\2]+?)\2|([^\s,]+))@',
|
||||||
|
$_SERVER['PHP_AUTH_DIGEST'], $matches, PREG_SET_ORDER);
|
||||||
|
foreach ($matches as $m) {
|
||||||
|
$data[$m[1]] = $m[3] ? $m[3] : $m[4];
|
||||||
|
unset($needed[$m[1]]);
|
||||||
|
}
|
||||||
|
if ($needed) {
|
||||||
|
error_log("spp.php - Authentication failed - missing: " . print_r($needed));
|
||||||
|
die('Authentication failed');
|
||||||
|
}
|
||||||
|
$user = $data['username'];
|
||||||
|
if (strlen($user) < 1) {
|
||||||
|
error_log("spp.php - Authentication failed - empty username");
|
||||||
|
die('Authentication failed');
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
$db = new PDO($osu_db);
|
||||||
|
if (!$db) {
|
||||||
|
error_log("spp.php - Could not access database");
|
||||||
|
die("Could not access database");
|
||||||
|
}
|
||||||
|
$row = $db->query("SELECT password FROM users " .
|
||||||
|
"WHERE identity='$user' AND realm='$realm'")->fetch();
|
||||||
|
if (!$row) {
|
||||||
|
$row = $db->query("SELECT osu_password FROM users " .
|
||||||
|
"WHERE osu_user='$user' AND realm='$realm'")->fetch();
|
||||||
|
$pw = $row['osu_password'];
|
||||||
|
} else
|
||||||
|
$pw = $row['password'];
|
||||||
|
if (!$row) {
|
||||||
|
error_log("spp.php - Authentication failed - user '$user' not found");
|
||||||
|
die('Authentication failed');
|
||||||
|
}
|
||||||
|
if (strlen($pw) < 1) {
|
||||||
|
error_log("spp.php - Authentication failed - empty password");
|
||||||
|
die('Authentication failed');
|
||||||
|
}
|
||||||
|
|
||||||
|
$A1 = md5($user . ':' . $realm . ':' . $pw);
|
||||||
|
$A2 = md5($_SERVER['REQUEST_METHOD'] . ':' . $data['uri']);
|
||||||
|
$resp = md5($A1 . ':' . $data['nonce'] . ':' . $data['nc'] . ':' .
|
||||||
|
$data['cnonce'] . ':' . $data['qop'] . ':' . $A2);
|
||||||
|
if ($data['response'] != $resp) {
|
||||||
|
error_log("Authentication failure - response mismatch");
|
||||||
|
die('Authentication failed');
|
||||||
|
}
|
||||||
|
} else if (isset($_SERVER["SSL_CLIENT_VERIFY"]) &&
|
||||||
|
$_SERVER["SSL_CLIENT_VERIFY"] == "SUCCESS" &&
|
||||||
|
isset($_SERVER["SSL_CLIENT_M_SERIAL"])) {
|
||||||
|
$user = "cert-" . $_SERVER["SSL_CLIENT_M_SERIAL"];
|
||||||
|
putenv("HS20CERT=yes");
|
||||||
|
} else if (!isset($_SERVER["PATH_INFO"]) ||
|
||||||
|
$_SERVER["PATH_INFO"] != "/signup") {
|
||||||
|
header('HTTP/1.1 401 Unauthorized');
|
||||||
|
header('WWW-Authenticate: Digest realm="'.$realm.
|
||||||
|
'",qop="auth",nonce="'.uniqid().'",opaque="'.md5($realm).'"');
|
||||||
|
error_log("spp.php - Authentication required (not signup)");
|
||||||
|
die('Authentication required (not signup)');
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
if (isset($user) && strlen($user) > 0)
|
||||||
|
putenv("HS20USER=$user");
|
||||||
|
else
|
||||||
|
putenv("HS20USER");
|
||||||
|
|
||||||
|
putenv("HS20REALM=$realm");
|
||||||
|
putenv("HS20POST=$HTTP_RAW_POST_DATA");
|
||||||
|
$addr = $_SERVER["REMOTE_ADDR"];
|
||||||
|
putenv("HS20ADDR=$addr");
|
||||||
|
|
||||||
|
$last = exec("$osu_root/spp/hs20_spp_server -r$osu_root -f/tmp/hs20_spp_server.log", $output, $ret);
|
||||||
|
|
||||||
|
if ($ret == 2) {
|
||||||
|
if (empty($_SERVER['PHP_AUTH_DIGEST'])) {
|
||||||
|
header('HTTP/1.1 401 Unauthorized');
|
||||||
|
header('WWW-Authenticate: Digest realm="'.$realm.
|
||||||
|
'",qop="auth",nonce="'.uniqid().'",opaque="'.md5($realm).'"');
|
||||||
|
error_log("spp.php - Authentication required (ret 2)");
|
||||||
|
die('Authentication required');
|
||||||
|
} else {
|
||||||
|
error_log("spp.php - Unexpected authentication error");
|
||||||
|
die("Unexpected authentication error");
|
||||||
|
}
|
||||||
|
}
|
||||||
|
if ($ret != 0) {
|
||||||
|
error_log("spp.php - Failed to process SPP request");
|
||||||
|
die("Failed to process SPP request");
|
||||||
|
}
|
||||||
|
//error_log("spp.php: Response: " . implode($output));
|
||||||
|
|
||||||
|
header("Content-Type: application/soap+xml");
|
||||||
|
|
||||||
|
echo implode($output);
|
||||||
|
|
||||||
|
?>
|
349
hs20/server/www/users.php
Normal file
349
hs20/server/www/users.php
Normal file
|
@ -0,0 +1,349 @@
|
||||||
|
<?php
|
||||||
|
|
||||||
|
require('config.php');
|
||||||
|
|
||||||
|
$db = new PDO($osu_db);
|
||||||
|
if (!$db) {
|
||||||
|
die($sqliteerror);
|
||||||
|
}
|
||||||
|
|
||||||
|
if (isset($_GET["id"])) {
|
||||||
|
$id = $_GET["id"];
|
||||||
|
if (!is_numeric($id))
|
||||||
|
$id = 0;
|
||||||
|
} else
|
||||||
|
$id = 0;
|
||||||
|
if (isset($_GET["cmd"]))
|
||||||
|
$cmd = $_GET["cmd"];
|
||||||
|
else
|
||||||
|
$cmd = '';
|
||||||
|
|
||||||
|
if ($cmd == 'eventlog' && $id > 0) {
|
||||||
|
$row = $db->query("SELECT dump FROM eventlog WHERE rowid=$id")->fetch();
|
||||||
|
$dump = $row['dump'];
|
||||||
|
if ($dump[0] == '<') {
|
||||||
|
header("Content-type: text/xml");
|
||||||
|
echo "<?xml version=\"1.0\"?>\n";
|
||||||
|
echo $dump;
|
||||||
|
} else {
|
||||||
|
header("Content-type: text/plain");
|
||||||
|
echo $dump;
|
||||||
|
}
|
||||||
|
exit;
|
||||||
|
}
|
||||||
|
|
||||||
|
if ($cmd == 'mo' && $id > 0) {
|
||||||
|
$mo = $_GET["mo"];
|
||||||
|
if (!isset($mo))
|
||||||
|
exit;
|
||||||
|
if ($mo != "devinfo" && $mo != "devdetail" && $mo != "pps")
|
||||||
|
exit;
|
||||||
|
$row = $db->query("SELECT $mo FROM users WHERE rowid=$id")->fetch();
|
||||||
|
header("Content-type: text/xml");
|
||||||
|
echo "<?xml version=\"1.0\"?>\n";
|
||||||
|
echo $row[$mo];
|
||||||
|
exit;
|
||||||
|
}
|
||||||
|
|
||||||
|
if ($cmd == 'cert' && $id > 0) {
|
||||||
|
$row = $db->query("SELECT cert_pem FROM users WHERE rowid=$id")->fetch();
|
||||||
|
header("Content-type: text/plain");
|
||||||
|
echo $row['cert_pem'];
|
||||||
|
exit;
|
||||||
|
}
|
||||||
|
|
||||||
|
?>
|
||||||
|
|
||||||
|
<html>
|
||||||
|
<head><title>HS 2.0 users</title></head>
|
||||||
|
<body>
|
||||||
|
|
||||||
|
<?php
|
||||||
|
|
||||||
|
if ($cmd == 'subrem-clear' && $id > 0) {
|
||||||
|
$db->exec("UPDATE users SET remediation='' WHERE rowid=$id");
|
||||||
|
}
|
||||||
|
if ($cmd == 'subrem-add-user' && $id > 0) {
|
||||||
|
$db->exec("UPDATE users SET remediation='user' WHERE rowid=$id");
|
||||||
|
}
|
||||||
|
if ($cmd == 'subrem-add-machine' && $id > 0) {
|
||||||
|
$db->exec("UPDATE users SET remediation='machine' WHERE rowid=$id");
|
||||||
|
}
|
||||||
|
if ($cmd == 'subrem-add-policy' && $id > 0) {
|
||||||
|
$db->exec("UPDATE users SET remediation='policy' WHERE rowid=$id");
|
||||||
|
}
|
||||||
|
if ($cmd == 'subrem-add-free' && $id > 0) {
|
||||||
|
$db->exec("UPDATE users SET remediation='free' WHERE rowid=$id");
|
||||||
|
}
|
||||||
|
if ($cmd == 'fetch-pps-on' && $id > 0) {
|
||||||
|
$db->exec("UPDATE users SET fetch_pps=1 WHERE rowid=$id");
|
||||||
|
}
|
||||||
|
if ($cmd == 'fetch-pps-off' && $id > 0) {
|
||||||
|
$db->exec("UPDATE users SET fetch_pps=0 WHERE rowid=$id");
|
||||||
|
}
|
||||||
|
if ($cmd == 'reset-pw' && $id > 0) {
|
||||||
|
$db->exec("UPDATE users SET password='ChangeMe' WHERE rowid=$id");
|
||||||
|
}
|
||||||
|
if ($cmd == "policy" && $id > 0 && isset($_GET["policy"])) {
|
||||||
|
$policy = $_GET["policy"];
|
||||||
|
if ($policy == "no-policy" ||
|
||||||
|
is_readable("$osu_root/spp/policy/$policy.xml")) {
|
||||||
|
$db->exec("UPDATE users SET policy='$policy' WHERE rowid=$id");
|
||||||
|
}
|
||||||
|
}
|
||||||
|
if ($cmd == "account-type" && $id > 0 && isset($_GET["type"])) {
|
||||||
|
$type = $_GET["type"];
|
||||||
|
if ($type == "shared")
|
||||||
|
$db->exec("UPDATE users SET shared=1 WHERE rowid=$id");
|
||||||
|
if ($type == "default")
|
||||||
|
$db->exec("UPDATE users SET shared=0 WHERE rowid=$id");
|
||||||
|
}
|
||||||
|
|
||||||
|
if ($cmd == "set-osu-cred" && $id > 0) {
|
||||||
|
$osu_user = $_POST["osu_user"];
|
||||||
|
$osu_password = $_POST["osu_password"];
|
||||||
|
if (strlen($osu_user) == 0)
|
||||||
|
$osu_password = "";
|
||||||
|
$db->exec("UPDATE users SET osu_user='$osu_user', osu_password='$osu_password' WHERE rowid=$id");
|
||||||
|
}
|
||||||
|
|
||||||
|
$dump = 0;
|
||||||
|
|
||||||
|
if ($id > 0) {
|
||||||
|
|
||||||
|
if (isset($_GET["dump"])) {
|
||||||
|
$dump = $_GET["dump"];
|
||||||
|
if (!is_numeric($dump))
|
||||||
|
$dump = 0;
|
||||||
|
} else
|
||||||
|
$dump = 0;
|
||||||
|
|
||||||
|
echo "[<a href=\"users.php\">All users</a>] ";
|
||||||
|
if ($dump == 0)
|
||||||
|
echo "[<a href=\"users.php?id=$id&dump=1\">Include debug dump</a>] ";
|
||||||
|
else
|
||||||
|
echo "[<a href=\"users.php?id=$id\">Without debug dump</a>] ";
|
||||||
|
echo "<br>\n";
|
||||||
|
|
||||||
|
$row = $db->query("SELECT rowid,* FROM users WHERE rowid=$id")->fetch();
|
||||||
|
|
||||||
|
echo "<H3>" . $row['identity'] . "@" . $row['realm'] . "</H3>\n";
|
||||||
|
|
||||||
|
echo "MO: ";
|
||||||
|
if (strlen($row['devinfo']) > 0) {
|
||||||
|
echo "[<a href=\"users.php?cmd=mo&id=$id&mo=devinfo\">DevInfo</a>]\n";
|
||||||
|
}
|
||||||
|
if (strlen($row['devdetail']) > 0) {
|
||||||
|
echo "[<a href=\"users.php?cmd=mo&id=$id&mo=devdetail\">DevDetail</a>]\n";
|
||||||
|
}
|
||||||
|
if (strlen($row['pps']) > 0) {
|
||||||
|
echo "[<a href=\"users.php?cmd=mo&id=$id&mo=pps\">PPS</a>]\n";
|
||||||
|
}
|
||||||
|
if (strlen($row['cert_pem']) > 0) {
|
||||||
|
echo "[<a href=\"users.php?cmd=cert&id=$id\">Certificate</a>]\n";
|
||||||
|
}
|
||||||
|
echo "<BR>\n";
|
||||||
|
|
||||||
|
echo "Fetch PPS MO: ";
|
||||||
|
if ($row['fetch_pps'] == "1") {
|
||||||
|
echo "On next connection " .
|
||||||
|
"[<a href=\"users.php?cmd=fetch-pps-off&id=$id\">" .
|
||||||
|
"do not fetch</a>]<br>\n";
|
||||||
|
} else {
|
||||||
|
echo "Do not fetch " .
|
||||||
|
"[<a href=\"users.php?cmd=fetch-pps-on&id=$id\">" .
|
||||||
|
"request fetch</a>]<br>\n";
|
||||||
|
}
|
||||||
|
|
||||||
|
$cert = $row['cert'];
|
||||||
|
if (strlen($cert) > 0) {
|
||||||
|
echo "Certificate fingerprint: $cert<br>\n";
|
||||||
|
}
|
||||||
|
|
||||||
|
echo "Remediation: ";
|
||||||
|
$rem = $row['remediation'];
|
||||||
|
if ($rem == "") {
|
||||||
|
echo "Not required";
|
||||||
|
echo " [<a href=\"users.php?cmd=subrem-add-user&id=" .
|
||||||
|
$row['rowid'] . "\">add:user</a>]";
|
||||||
|
echo " [<a href=\"users.php?cmd=subrem-add-machine&id=" .
|
||||||
|
$row['rowid'] . "\">add:machine</a>]";
|
||||||
|
echo " [<a href=\"users.php?cmd=subrem-add-policy&id=" .
|
||||||
|
$row['rowid'] . "\">add:policy</a>]";
|
||||||
|
echo " [<a href=\"users.php?cmd=subrem-add-free&id=" .
|
||||||
|
$row['rowid'] . "\">add:free</a>]";
|
||||||
|
} else if ($rem == "user") {
|
||||||
|
echo "User [<a href=\"users.php?cmd=subrem-clear&id=" .
|
||||||
|
$row['rowid'] . "\">clear</a>]";
|
||||||
|
} else if ($rem == "policy") {
|
||||||
|
echo "Policy [<a href=\"users.php?cmd=subrem-clear&id=" .
|
||||||
|
$row['rowid'] . "\">clear</a>]";
|
||||||
|
} else if ($rem == "free") {
|
||||||
|
echo "Free [<a href=\"users.php?cmd=subrem-clear&id=" .
|
||||||
|
$row['rowid'] . "\">clear</a>]";
|
||||||
|
} else {
|
||||||
|
echo "Machine [<a href=\"users.php?cmd=subrem-clear&id=" .
|
||||||
|
$row['rowid'] . "\">clear</a>]";
|
||||||
|
}
|
||||||
|
echo "<br>\n";
|
||||||
|
|
||||||
|
echo "<form>Policy: <select name=\"policy\" " .
|
||||||
|
"onChange=\"window.location='users.php?cmd=policy&id=" .
|
||||||
|
$row['rowid'] . "&policy=' + this.value;\">\n";
|
||||||
|
echo "<option value=\"" . $row['policy'] . "\" selected>" . $row['policy'] .
|
||||||
|
"</option>\n";
|
||||||
|
$files = scandir("$osu_root/spp/policy");
|
||||||
|
foreach ($files as $file) {
|
||||||
|
if (!preg_match("/.xml$/", $file))
|
||||||
|
continue;
|
||||||
|
if ($file == $row['policy'] . ".xml")
|
||||||
|
continue;
|
||||||
|
$p = substr($file, 0, -4);
|
||||||
|
echo "<option value=\"$p\">$p</option>\n";
|
||||||
|
}
|
||||||
|
echo "<option value=\"no-policy\">no policy</option>\n";
|
||||||
|
echo "</select></form>\n";
|
||||||
|
|
||||||
|
echo "<form>Account type: <select name=\"type\" " .
|
||||||
|
"onChange=\"window.location='users.php?cmd=account-type&id=" .
|
||||||
|
$row['rowid'] . "&type=' + this.value;\">\n";
|
||||||
|
if ($row['shared'] > 0) {
|
||||||
|
$default_sel = "";
|
||||||
|
$shared_sel = " selected";
|
||||||
|
} else {
|
||||||
|
$default_sel = " selected";
|
||||||
|
$shared_sel = "";
|
||||||
|
}
|
||||||
|
echo "<option value=\"default\"$default_sel>default</option>\n";
|
||||||
|
echo "<option value=\"shared\"$shared_sel>shared</option>\n";
|
||||||
|
echo "</select></form>\n";
|
||||||
|
|
||||||
|
echo "Phase 2 method(s): " . $row['methods'] . "<br>\n";
|
||||||
|
|
||||||
|
echo "<br>\n";
|
||||||
|
echo "<a href=\"users.php?cmd=reset-pw&id=" .
|
||||||
|
$row['rowid'] . "\">Reset AAA password</a><br>\n";
|
||||||
|
|
||||||
|
echo "<br>\n";
|
||||||
|
echo "<form action=\"users.php?cmd=set-osu-cred&id=" . $row['rowid'] .
|
||||||
|
"\" method=\"POST\">\n";
|
||||||
|
echo "OSU credentials (if username empty, AAA credentials are used):<br>\n";
|
||||||
|
echo "username: <input type=\"text\" name=\"osu_user\" value=\"" .
|
||||||
|
$row['osu_user'] . "\">\n";
|
||||||
|
echo "password: <input type=\"password\" name=\"osu_password\">\n";
|
||||||
|
echo "<input type=\"submit\" value=\"Set OSU credentials\">\n";
|
||||||
|
echo "</form>\n";
|
||||||
|
|
||||||
|
echo "<hr>\n";
|
||||||
|
|
||||||
|
$user = $row['identity'];
|
||||||
|
$osu_user = $row['osu_user'];
|
||||||
|
$realm = $row['realm'];
|
||||||
|
}
|
||||||
|
|
||||||
|
if ($id > 0 || ($id == 0 && $cmd == 'eventlog')) {
|
||||||
|
|
||||||
|
if ($id == 0) {
|
||||||
|
echo "[<a href=\"users.php\">All users</a>] ";
|
||||||
|
echo "<br>\n";
|
||||||
|
}
|
||||||
|
|
||||||
|
echo "<table border=1>\n";
|
||||||
|
echo "<tr>";
|
||||||
|
if ($id == 0) {
|
||||||
|
echo "<th>user<th>realm";
|
||||||
|
}
|
||||||
|
echo "<th>time<th>address<th>sessionID<th>notes";
|
||||||
|
if ($dump > 0)
|
||||||
|
echo "<th>dump";
|
||||||
|
echo "\n";
|
||||||
|
if (isset($_GET["limit"])) {
|
||||||
|
$limit = $_GET["limit"];
|
||||||
|
if (!is_numeric($limit))
|
||||||
|
$limit = 20;
|
||||||
|
} else
|
||||||
|
$limit = 20;
|
||||||
|
if ($id == 0)
|
||||||
|
$res = $db->query("SELECT rowid,* FROM eventlog ORDER BY timestamp DESC LIMIT $limit");
|
||||||
|
else if (strlen($osu_user) > 0)
|
||||||
|
$res = $db->query("SELECT rowid,* FROM eventlog WHERE (user='$user' OR user='$osu_user') AND realm='$realm' ORDER BY timestamp DESC LIMIT $limit");
|
||||||
|
else
|
||||||
|
$res = $db->query("SELECT rowid,* FROM eventlog WHERE user='$user' AND realm='$realm' ORDER BY timestamp DESC LIMIT $limit");
|
||||||
|
foreach ($res as $row) {
|
||||||
|
echo "<tr>";
|
||||||
|
if ($id == 0) {
|
||||||
|
echo "<td>" . $row['user'] . "\n";
|
||||||
|
echo "<td>" . $row['realm'] . "\n";
|
||||||
|
}
|
||||||
|
echo "<td>" . $row['timestamp'] . "\n";
|
||||||
|
echo "<td>" . $row['addr'] . "\n";
|
||||||
|
echo "<td>" . $row['sessionid'] . "\n";
|
||||||
|
echo "<td>" . $row['notes'] . "\n";
|
||||||
|
$d = $row['dump'];
|
||||||
|
if (strlen($d) > 0) {
|
||||||
|
echo "[<a href=\"users.php?cmd=eventlog&id=" . $row['rowid'] .
|
||||||
|
"\">";
|
||||||
|
if ($d[0] == '<')
|
||||||
|
echo "XML";
|
||||||
|
else
|
||||||
|
echo "txt";
|
||||||
|
echo "</a>]\n";
|
||||||
|
if ($dump > 0)
|
||||||
|
echo "<td>" . htmlspecialchars($d) . "\n";
|
||||||
|
}
|
||||||
|
}
|
||||||
|
echo "</table>\n";
|
||||||
|
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
if ($id == 0 && $cmd != 'eventlog') {
|
||||||
|
|
||||||
|
echo "[<a href=\"users.php?cmd=eventlog&limit=50\">Eventlog</a>] ";
|
||||||
|
echo "<br>\n";
|
||||||
|
|
||||||
|
echo "<table border=1>\n";
|
||||||
|
echo "<tr><th>User<th>Realm<th>Remediation<th>Policy<th>Account type<th>Phase 2 method(s)<th>DevId\n";
|
||||||
|
|
||||||
|
$res = $db->query('SELECT rowid,* FROM users WHERE phase2=1');
|
||||||
|
foreach ($res as $row) {
|
||||||
|
echo "<tr><td><a href=\"users.php?id=" . $row['rowid'] . "\"> " .
|
||||||
|
$row['identity'] . " </a>";
|
||||||
|
echo "<td>" . $row['realm'];
|
||||||
|
$rem = $row['remediation'];
|
||||||
|
echo "<td>";
|
||||||
|
if ($rem == "") {
|
||||||
|
echo "Not required";
|
||||||
|
} else if ($rem == "user") {
|
||||||
|
echo "User";
|
||||||
|
} else if ($rem == "policy") {
|
||||||
|
echo "Policy";
|
||||||
|
} else if ($rem == "free") {
|
||||||
|
echo "Free";
|
||||||
|
} else {
|
||||||
|
echo "Machine";
|
||||||
|
}
|
||||||
|
echo "<td>" . $row['policy'];
|
||||||
|
if ($row['shared'] > 0)
|
||||||
|
echo "<td>shared";
|
||||||
|
else
|
||||||
|
echo "<td>default";
|
||||||
|
echo "<td>" . $row['methods'];
|
||||||
|
echo "<td>";
|
||||||
|
$xml = xml_parser_create();
|
||||||
|
xml_parse_into_struct($xml, $row['devinfo'], $devinfo);
|
||||||
|
foreach($devinfo as $k) {
|
||||||
|
if ($k['tag'] == 'DEVID') {
|
||||||
|
echo $k['value'];
|
||||||
|
break;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
echo "\n";
|
||||||
|
}
|
||||||
|
echo "</table>\n";
|
||||||
|
|
||||||
|
}
|
||||||
|
|
||||||
|
?>
|
||||||
|
|
||||||
|
</html>
|
Loading…
Reference in a new issue