GEANT /
CAT
@@ -51,7 +51,7 @@ |
||
| 51 | 51 | " . $Tou['title'] . " |
| 52 | 52 | </h1> |
| 53 | 53 | <div id='tou_1'>" . $Tou['subtitle'] . |
| 54 | - '<div style="direction:ltr">' . $Tou['short'] . "</div> |
|
| 54 | + '<div style="direction:ltr">' . $Tou['short'] . "</div> |
|
| 55 | 55 | </div> |
| 56 | 56 | <div id='all_tou_link'><a href='javascript:showTOU()'>Click here to see the full terms</a></div> |
| 57 | 57 | <div id='tou_2' style='display:none; padding-top:20px; direction:ltr'>" . |
@@ -2,12 +2,12 @@ |
||
| 2 | 2 | define('SOCKET', '/opt/Socket/CAT_requests/queue'); |
| 3 | 3 | |
| 4 | 4 | function cat_socket($obj) { |
| 5 | - $sock = socket_create(AF_UNIX, SOCK_STREAM, 0); |
|
| 6 | - $conn = socket_connect($sock, SOCKET); |
|
| 7 | - if ( $conn ) { |
|
| 8 | - socket_write ($sock, $obj, strlen($obj)); |
|
| 9 | - $out = socket_read ($sock, 2048); |
|
| 10 | - return $out; |
|
| 11 | - } |
|
| 12 | - return 'FAILURE'; |
|
| 5 | + $sock = socket_create(AF_UNIX, SOCK_STREAM, 0); |
|
| 6 | + $conn = socket_connect($sock, SOCKET); |
|
| 7 | + if ( $conn ) { |
|
| 8 | + socket_write ($sock, $obj, strlen($obj)); |
|
| 9 | + $out = socket_read ($sock, 2048); |
|
| 10 | + return $out; |
|
| 11 | + } |
|
| 12 | + return 'FAILURE'; |
|
| 13 | 13 | } |
@@ -367,7 +367,7 @@ discard block |
||
| 367 | 367 | if (\config\Master::MAILSETTINGS['notify_nro']) { |
| 368 | 368 | foreach ($admins as $id) { |
| 369 | 369 | $user = new User($id); |
| 370 | - /// organisation |
|
| 370 | + /// organisation |
|
| 371 | 371 | $retval = $user->sendMailToUser(sprintf(_("%s in your federation was created"), common\Entity::$nomenclature_participant), $message); |
| 372 | 372 | if ($retval === FALSE) { |
| 373 | 373 | $this->loggerInstance->debug(2, "Mail to federation admin was NOT sent!\n"); |
@@ -434,7 +434,7 @@ discard block |
||
| 434 | 434 | $newReq = new CertificationAuthorityEduPkiServer(); |
| 435 | 435 | $reqserial = $newReq->sendRequestToCa($csr, $revocationPin, $expiryDays); |
| 436 | 436 | if ($reqserial > 0) { |
| 437 | - $this->loggerInstance->writeAudit($user, "NEW", "Certificate request - NRO: ".$this->tld." - serial: ".$reqserial." - subject: ".$csr['SUBJECT']); |
|
| 437 | + $this->loggerInstance->writeAudit($user, "NEW", "Certificate request - NRO: ".$this->tld." - serial: ".$reqserial." - subject: ".$csr['SUBJECT']); |
|
| 438 | 438 | $reqQuery = "INSERT INTO federation_servercerts " |
| 439 | 439 | ."(federation_id, ca_name, request_serial, distinguished_name, status, revocation_pin) " |
| 440 | 440 | ."VALUES (?, 'eduPKI', ?, ?, 'REQUESTED', ?)"; |
@@ -494,7 +494,7 @@ discard block |
||
| 494 | 494 | $result = $this->databaseHandle->exec($query); |
| 495 | 495 | $rows = $result->fetch_all(); |
| 496 | 496 | foreach ($rows as $row) { |
| 497 | - $activeProfiles[] = $row[0]; |
|
| 497 | + $activeProfiles[] = $row[0]; |
|
| 498 | 498 | } |
| 499 | 499 | $query = "SELECT institution.inst_id AS inst_id, profile.profile_id AS profile_id, profile_option.option_value AS cert FROM profile_option JOIN profile ON profile_option.profile_id=profile.profile_id JOIN institution ON profile.inst_id=institution.inst_id WHERE profile_option.option_name='eap:ca_file' and institution.country='".$this->tld."'"; |
| 500 | 500 | $result = $this->databaseHandle->exec($query); |
@@ -579,7 +579,7 @@ discard block |
||
| 579 | 579 | 'country' => strtoupper($idp->federation), |
| 580 | 580 | 'instance' => $idp, |
| 581 | 581 | 'realms' => $idpQuery->realms] |
| 582 | - ; |
|
| 582 | + ; |
|
| 583 | 583 | $returnarray[$idp->identifier] = $idpInfo; |
| 584 | 584 | } |
| 585 | 585 | if ($activeOnly != 0) { // we're only doing this once. |
@@ -159,17 +159,17 @@ |
||
| 159 | 159 | } |
| 160 | 160 | } |
| 161 | 161 | |
| 162 | - /** |
|
| 163 | - * Writes an audit log entry to the audit log file - static version. These audits are semantic logs; they don't record every single modification |
|
| 164 | - * in the database, but provide a logical "who did what" overview. The exact modification SQL statements are logged |
|
| 165 | - * automatically with writeSQLAudit() instead. The log file path is configurable in _config.php. |
|
| 166 | - * |
|
| 167 | - * @param string $user persistent identifier of the user who triggered the action |
|
| 168 | - * @param string $category type of modification, from the fixed vocabulary: "NEW", "OWN", "MOD", "DEL" |
|
| 169 | - * @param string $message message to log into the audit log |
|
| 170 | - * @return boolean TRUE if successful. Will terminate script execution on failure. |
|
| 171 | - * @throws Exception |
|
| 172 | - */ |
|
| 162 | + /** |
|
| 163 | + * Writes an audit log entry to the audit log file - static version. These audits are semantic logs; they don't record every single modification |
|
| 164 | + * in the database, but provide a logical "who did what" overview. The exact modification SQL statements are logged |
|
| 165 | + * automatically with writeSQLAudit() instead. The log file path is configurable in _config.php. |
|
| 166 | + * |
|
| 167 | + * @param string $user persistent identifier of the user who triggered the action |
|
| 168 | + * @param string $category type of modification, from the fixed vocabulary: "NEW", "OWN", "MOD", "DEL" |
|
| 169 | + * @param string $message message to log into the audit log |
|
| 170 | + * @return boolean TRUE if successful. Will terminate script execution on failure. |
|
| 171 | + * @throws Exception |
|
| 172 | + */ |
|
| 173 | 173 | public static function writeAudit_s($user, $category, $message) |
| 174 | 174 | { |
| 175 | 175 | switch ($category) { |
@@ -109,7 +109,7 @@ discard block |
||
| 109 | 109 | $deployment->deactivate(); |
| 110 | 110 | } |
| 111 | 111 | header("Location: overview_org.php?inst_id=" . $my_inst->identifier . '&' . urldecode(http_build_query($response)) . '#profilebox_' . |
| 112 | - $deployment->identifier); |
|
| 112 | + $deployment->identifier); |
|
| 113 | 113 | exit(0); |
| 114 | 114 | case web\lib\common\FormElements::BUTTON_REMOVESP: |
| 115 | 115 | $deployment->remove(); |
@@ -140,9 +140,9 @@ discard block |
||
| 140 | 140 | // valid signature |
| 141 | 141 | $data = openssl_x509_parse($deployment->radsec_cert); |
| 142 | 142 | $certdata = array( |
| 143 | - $data['serialNumberHex'], |
|
| 144 | - date_create_from_format('ymdGis', substr($data['validTo'], 0, -1))->format('YmdHis') |
|
| 145 | - ); |
|
| 143 | + $data['serialNumberHex'], |
|
| 144 | + date_create_from_format('ymdGis', substr($data['validTo'], 0, -1))->format('YmdHis') |
|
| 145 | + ); |
|
| 146 | 146 | $torevoke = implode('#', $certdata); |
| 147 | 147 | $response = $deployment->setRADIUSconfig(0, 0, $torevoke); |
| 148 | 148 | $deployment->tlsfromcsr($csr); |
@@ -194,7 +194,7 @@ discard block |
||
| 194 | 194 | } |
| 195 | 195 | header("Location: overview_org.php?inst_id=" . $my_inst->identifier . '&' . urldecode(http_build_query($response)) . '#profilebox_' . $deployment->identifier); |
| 196 | 196 | exit(0); |
| 197 | - default: |
|
| 197 | + default: |
|
| 198 | 198 | throw new Exception("Unknown button action requested!"); |
| 199 | 199 | } |
| 200 | 200 | } |
@@ -372,20 +372,20 @@ discard block |
||
| 372 | 372 | ); |
| 373 | 373 | // Generate a new private (and public) key pair |
| 374 | 374 | $privkey = openssl_pkey_new(array( |
| 375 | - "private_key_bits" => 4096, |
|
| 376 | - "private_key_type" => OPENSSL_KEYTYPE_RSA)); |
|
| 375 | + "private_key_bits" => 4096, |
|
| 376 | + "private_key_type" => OPENSSL_KEYTYPE_RSA)); |
|
| 377 | 377 | // export private key to $clientprivateKey (as string) |
| 378 | 378 | openssl_pkey_export($privkey, $this->radsec_priv); |
| 379 | 379 | // Generate a certificate signing request |
| 380 | 380 | $csr = openssl_csr_new($dn, $privkey, |
| 381 | - array('digest_alg' => 'sha256', 'config' => ROOT . "/config/ManagedSPCerts/openssl.cnf")); |
|
| 381 | + array('digest_alg' => 'sha256', 'config' => ROOT . "/config/ManagedSPCerts/openssl.cnf")); |
|
| 382 | 382 | // get CA certificate and private key |
| 383 | 383 | $caprivkey = array(file_get_contents(ROOT . "/config/ManagedSPCerts/eduroamSP-CA.key"), |
| 384 | 384 | \config\Master::MANAGEDSP['capass']); |
| 385 | 385 | $cacert = file_get_contents(ROOT . "/config/ManagedSPCerts/eduroamSP-CA.pem"); |
| 386 | 386 | $this->setTLSSerialNumber(); |
| 387 | 387 | $clientcert = openssl_csr_sign($csr, $cacert, $caprivkey, \config\Master::MANAGEDSP['daystoexpiry'], |
| 388 | - array('digest_alg'=>'sha512', 'config' => ROOT . "/config/ManagedSPCerts/openssl.cnf"), $this->radsec_cert_serial_no); |
|
| 388 | + array('digest_alg'=>'sha512', 'config' => ROOT . "/config/ManagedSPCerts/openssl.cnf"), $this->radsec_cert_serial_no); |
|
| 389 | 389 | openssl_x509_export($clientcert, $this->radsec_cert); |
| 390 | 390 | } |
| 391 | 391 | /** |
@@ -506,9 +506,9 @@ discard block |
||
| 506 | 506 | */ |
| 507 | 507 | public function renewtls() |
| 508 | 508 | { |
| 509 | - $id = $this->identifier; |
|
| 510 | - $futureTlsClient = $this->createTLScredentials(); |
|
| 511 | - $this->databaseHandle->exec("UPDATE deployment SET radsec_priv = ?, radsec_cert = ?, radsec_cert_serial_number = ? WHERE deployment_id = ?", "ssii", $this->radsec_priv, $this->radsec_cert, $this->radsec_cert_serial_no, $id); |
|
| 509 | + $id = $this->identifier; |
|
| 510 | + $futureTlsClient = $this->createTLScredentials(); |
|
| 511 | + $this->databaseHandle->exec("UPDATE deployment SET radsec_priv = ?, radsec_cert = ?, radsec_cert_serial_number = ? WHERE deployment_id = ?", "ssii", $this->radsec_priv, $this->radsec_cert, $this->radsec_cert_serial_no, $id); |
|
| 512 | 512 | } |
| 513 | 513 | |
| 514 | 514 | /** |
@@ -518,38 +518,38 @@ discard block |
||
| 518 | 518 | */ |
| 519 | 519 | public function tlsfromcsr($csr) |
| 520 | 520 | { |
| 521 | - $id = $this->identifier; |
|
| 522 | - $dn = array(); |
|
| 523 | - $dn['rdnSequence'] = array(); |
|
| 524 | - $dn['rdnSequence'][0] = array(); |
|
| 525 | - $dn['rdnSequence'][0][] = array('type' => 'id-at-organizationName', 'value' => array()); |
|
| 526 | - $dn['rdnSequence'][0][0]['value']['utf8String'] = 'eduroam'; |
|
| 527 | - $dn['rdnSequence'][1] = array(); |
|
| 528 | - $dn['rdnSequence'][1][] = array('type' => 'id-at-organizationalUnitName', 'value' => array()); |
|
| 529 | - $dn['rdnSequence'][1][0]['value']['utf8String'] = 'eduroam Managed SP'; |
|
| 530 | - $dn['rdnSequence'][2] = array(); |
|
| 531 | - $dn['rdnSequence'][2][] = array('type' => 'id-at-commonName', 'value' => array()); |
|
| 532 | - $dn['rdnSequence'][2][0]['value']['utf8String'] = 'SP' . $this->identifier . "-" . $this->institution; |
|
| 533 | - $csr->setDN($dn); |
|
| 534 | - $pemcakey = file_get_contents(ROOT . "/config/ManagedSPCerts/eduroamSP-CA.key"); |
|
| 535 | - $cakey = \phpseclib3\Crypt\PublicKeyLoader::loadPrivateKey($pemcakey, \config\Master::MANAGEDSP['capass'] ); |
|
| 536 | - $pemca = file_get_contents(ROOT . "/config/ManagedSPCerts/eduroamSP-CA.pem"); |
|
| 537 | - $ca = new \phpseclib3\File\X509(); |
|
| 538 | - $ca->loadX509($pemca); |
|
| 539 | - $ca->setPrivateKey($cakey); |
|
| 540 | - // Sign the updated request, producing the certificate. |
|
| 541 | - $x509 = new \phpseclib3\File\X509(); |
|
| 542 | - $csr->setExtension('id-ce-keyUsage', ['digitalSignature', 'nonRepudiation', 'keyEncipherment']); |
|
| 543 | - $csr->setExtension('id-ce-extKeyUsage', ['id-kp-clientAuth']); |
|
| 544 | - $csr->setExtension('id-ce-basicConstraints', ['cA' => false], false); |
|
| 545 | - $x509->setEndDate('+' . \config\Master::MANAGEDSP['daystoexpiry'] . ' days'); |
|
| 546 | - $this->setTLSSerialNumber(999999999999999999); |
|
| 547 | - $x509->setSerialNumber($this->radsec_cert_serial_no, 10); |
|
| 548 | - $cert = $x509->loadX509($x509->saveX509($x509->sign($ca, $csr))); |
|
| 549 | - $this->radsec_cert = $x509->saveX509($cert); |
|
| 550 | - $this->radsec_priv = NULL; |
|
| 551 | - //$futureTlsClient = $this->createTLScredentials(); |
|
| 552 | - $this->databaseHandle->exec("UPDATE deployment SET radsec_priv = NULL, radsec_cert = ?, radsec_cert_serial_number = ? WHERE deployment_id = ?", "sii", $this->radsec_cert, $this->radsec_cert_serial_no, $id); |
|
| 521 | + $id = $this->identifier; |
|
| 522 | + $dn = array(); |
|
| 523 | + $dn['rdnSequence'] = array(); |
|
| 524 | + $dn['rdnSequence'][0] = array(); |
|
| 525 | + $dn['rdnSequence'][0][] = array('type' => 'id-at-organizationName', 'value' => array()); |
|
| 526 | + $dn['rdnSequence'][0][0]['value']['utf8String'] = 'eduroam'; |
|
| 527 | + $dn['rdnSequence'][1] = array(); |
|
| 528 | + $dn['rdnSequence'][1][] = array('type' => 'id-at-organizationalUnitName', 'value' => array()); |
|
| 529 | + $dn['rdnSequence'][1][0]['value']['utf8String'] = 'eduroam Managed SP'; |
|
| 530 | + $dn['rdnSequence'][2] = array(); |
|
| 531 | + $dn['rdnSequence'][2][] = array('type' => 'id-at-commonName', 'value' => array()); |
|
| 532 | + $dn['rdnSequence'][2][0]['value']['utf8String'] = 'SP' . $this->identifier . "-" . $this->institution; |
|
| 533 | + $csr->setDN($dn); |
|
| 534 | + $pemcakey = file_get_contents(ROOT . "/config/ManagedSPCerts/eduroamSP-CA.key"); |
|
| 535 | + $cakey = \phpseclib3\Crypt\PublicKeyLoader::loadPrivateKey($pemcakey, \config\Master::MANAGEDSP['capass'] ); |
|
| 536 | + $pemca = file_get_contents(ROOT . "/config/ManagedSPCerts/eduroamSP-CA.pem"); |
|
| 537 | + $ca = new \phpseclib3\File\X509(); |
|
| 538 | + $ca->loadX509($pemca); |
|
| 539 | + $ca->setPrivateKey($cakey); |
|
| 540 | + // Sign the updated request, producing the certificate. |
|
| 541 | + $x509 = new \phpseclib3\File\X509(); |
|
| 542 | + $csr->setExtension('id-ce-keyUsage', ['digitalSignature', 'nonRepudiation', 'keyEncipherment']); |
|
| 543 | + $csr->setExtension('id-ce-extKeyUsage', ['id-kp-clientAuth']); |
|
| 544 | + $csr->setExtension('id-ce-basicConstraints', ['cA' => false], false); |
|
| 545 | + $x509->setEndDate('+' . \config\Master::MANAGEDSP['daystoexpiry'] . ' days'); |
|
| 546 | + $this->setTLSSerialNumber(999999999999999999); |
|
| 547 | + $x509->setSerialNumber($this->radsec_cert_serial_no, 10); |
|
| 548 | + $cert = $x509->loadX509($x509->saveX509($x509->sign($ca, $csr))); |
|
| 549 | + $this->radsec_cert = $x509->saveX509($cert); |
|
| 550 | + $this->radsec_priv = NULL; |
|
| 551 | + //$futureTlsClient = $this->createTLScredentials(); |
|
| 552 | + $this->databaseHandle->exec("UPDATE deployment SET radsec_priv = NULL, radsec_cert = ?, radsec_cert_serial_number = ? WHERE deployment_id = ?", "sii", $this->radsec_cert, $this->radsec_cert_serial_no, $id); |
|
| 553 | 553 | } |
| 554 | 554 | /** |
| 555 | 555 | * marks the deployment as deactivated |
@@ -883,11 +883,11 @@ discard block |
||
| 883 | 883 | unlink("$zipdir/$key/detail.zip"); |
| 884 | 884 | $files = scandir("$zipdir/$key/"); |
| 885 | 885 | foreach($files as $file) { |
| 886 | - if ($file == '.' || $file == '..') continue; |
|
| 887 | - $data = file_get_contents("$zipdir/$key/$file"); |
|
| 888 | - $zipt->addFromString("radius-$key/$file", $data); |
|
| 889 | - $cnt += 1; |
|
| 890 | - unlink("$zipdir/$key/$file"); |
|
| 886 | + if ($file == '.' || $file == '..') continue; |
|
| 887 | + $data = file_get_contents("$zipdir/$key/$file"); |
|
| 888 | + $zipt->addFromString("radius-$key/$file", $data); |
|
| 889 | + $cnt += 1; |
|
| 890 | + unlink("$zipdir/$key/$file"); |
|
| 891 | 891 | } |
| 892 | 892 | if (file_exists("$zipdir/$key")) { |
| 893 | 893 | rmdir("$zipdir/$key"); |
@@ -20,7 +20,7 @@ discard block |
||
| 20 | 20 | $deployment = $validator->existingDeploymentManaged($_GET['deployment_id'], $inst); |
| 21 | 21 | $format = ''; |
| 22 | 22 | if (isset($_GET['as']) && $_GET['as']=='csv') { |
| 23 | - $format = 'csv'; |
|
| 23 | + $format = 'csv'; |
|
| 24 | 24 | } |
| 25 | 25 | if (!isset($_POST['stats'])) { |
| 26 | 26 | $backlog = $_GET['backlog']; |
@@ -47,25 +47,25 @@ discard block |
||
| 47 | 47 | |
| 48 | 48 | $userAuthData = $deployment->retrieveStatistics($backlogTime); |
| 49 | 49 | if ($format == 'csv') { |
| 50 | - header('Content-Type: text/csv'); |
|
| 50 | + header('Content-Type: text/csv'); |
|
| 51 | 51 | header('Content-Disposition: attachment; filename="backlog_'.$deployment->identifier.'_'.$backlog.'.csv"'); |
| 52 | - $fp = fopen('php://output', 'w'); |
|
| 53 | - fputcsv($fp, [_("Timestamp (UTC)"), _("Outer-Identity"), _("Result"), _("MAC Address"), |
|
| 54 | - _("Chargeable-User-Identity"), _("AP Identifier"), _("Protocol")], ';', '"', ''); |
|
| 55 | - foreach ($userAuthData as $oneRecord) { |
|
| 56 | - fputcsv($fp, [$oneRecord['activity_time'], $oneRecord['outer_user'], |
|
| 57 | - ($oneRecord['result'] == "OK" ? _("Success") : _("Failure")), |
|
| 58 | - $oneRecord['mac'], $oneRecord['cui'], |
|
| 59 | - $oneRecord['ap_id'], $oneRecord['prot']], ';', '"', ''); |
|
| 52 | + $fp = fopen('php://output', 'w'); |
|
| 53 | + fputcsv($fp, [_("Timestamp (UTC)"), _("Outer-Identity"), _("Result"), _("MAC Address"), |
|
| 54 | + _("Chargeable-User-Identity"), _("AP Identifier"), _("Protocol")], ';', '"', ''); |
|
| 55 | + foreach ($userAuthData as $oneRecord) { |
|
| 56 | + fputcsv($fp, [$oneRecord['activity_time'], $oneRecord['outer_user'], |
|
| 57 | + ($oneRecord['result'] == "OK" ? _("Success") : _("Failure")), |
|
| 58 | + $oneRecord['mac'], $oneRecord['cui'], |
|
| 59 | + $oneRecord['ap_id'], $oneRecord['prot']], ';', '"', ''); |
|
| 60 | 60 | } |
| 61 | - fclose($fp); |
|
| 61 | + fclose($fp); |
|
| 62 | 62 | } else { |
| 63 | 63 | ?> |
| 64 | 64 | |
| 65 | 65 | <h1><?php $tablecaption = _("Deployment Usage Records"); echo $tablecaption; ?></h1> |
| 66 | 66 | <p><?php echo _("(AP Identifier is a /-separated tuple of NAS-Identifier/NAS-IP-Address/NAS-IPv6-Address/Called-Station-Id)"); |
| 67 | - echo _("Protocol is a protocol used between a client and RADIUS server, for TLS it is a /-separated tuple TLS/TLS-Client-Cert-Serial"); |
|
| 68 | - ?></p> |
|
| 67 | + echo _("Protocol is a protocol used between a client and RADIUS server, for TLS it is a /-separated tuple TLS/TLS-Client-Cert-Serial"); |
|
| 68 | + ?></p> |
|
| 69 | 69 | <table class='authrecord'> |
| 70 | 70 | <caption><?php echo $tablecaption;?></caption> |
| 71 | 71 | <tr> |
@@ -20,11 +20,11 @@ discard block |
||
| 20 | 20 | * <base_url>/copyright.php after deploying the software |
| 21 | 21 | * */ |
| 22 | 22 | |
| 23 | - /** |
|
| 24 | - * This file is used to display a deployment. |
|
| 25 | - * |
|
| 26 | - * @author Maja Gorecka-Wolniewicz <[email protected]> |
|
| 27 | - */ |
|
| 23 | + /** |
|
| 24 | + * This file is used to display a deployment. |
|
| 25 | + * |
|
| 26 | + * @author Maja Gorecka-Wolniewicz <[email protected]> |
|
| 27 | + */ |
|
| 28 | 28 | ?> |
| 29 | 29 | <?php |
| 30 | 30 | |
@@ -342,7 +342,7 @@ discard block |
||
| 342 | 342 | if ($deploymentObject->radsec_cert != NULL) { |
| 343 | 343 | echo "<i>"; |
| 344 | 344 | echo _('If your certificate is close to expiry or you need to create new RADIUS over TLS credentials') . '<br>' . |
| 345 | - _('click on "Renew RADIUS over TLS credentials" button') . '<br>'; |
|
| 345 | + _('click on "Renew RADIUS over TLS credentials" button') . '<br>'; |
|
| 346 | 346 | |
| 347 | 347 | echo '<br/>' . _('You can upload your own CSR to replace default TLS credentials.') . '<br>' . |
| 348 | 348 | _('Click on "Upload CSR to sign my own TLS credentials"'); |
@@ -361,7 +361,7 @@ discard block |
||
| 361 | 361 | <td> |
| 362 | 362 | <?php printf(_("PSK Identity: %s"), "<span id='pskid_data_$depId'>SP".$depId.'-'.$deploymentObject->institution.'</span>'); |
| 363 | 363 | echo copyIcon("pskid_icon_$depId"); |
| 364 | - ?> |
|
| 364 | + ?> |
|
| 365 | 365 | <br> |
| 366 | 366 | <?php printf(_("PSK hexphrase: %s"), "<span id='pskkey_data_$depId'>".$deploymentObject->pskkey."</span>"); |
| 367 | 367 | echo copyIcon("pskkey_icon_$depId"); |
@@ -564,7 +564,7 @@ discard block |
||
| 564 | 564 | <h1><?php echo $tablecaption; ?></h1> |
| 565 | 565 | <h2><?php echo _("5 most recent authentications");?></h2> |
| 566 | 566 | <p><?php echo _("<b>AP Identifier</b> is a /-separated tuple of NAS-Identifier/NAS-IP-Address/NAS-IPv6-Address/Called-Station-Id") .'<br>'; |
| 567 | - echo _("<b>Protocol</b> is a protocol used between a client and RADIUS server, for TLS it is a /-separated tuple TLS/<i>TLS-Client-Cert-Serial</i>"); ?></p> |
|
| 567 | + echo _("<b>Protocol</b> is a protocol used between a client and RADIUS server, for TLS it is a /-separated tuple TLS/<i>TLS-Client-Cert-Serial</i>"); ?></p> |
|
| 568 | 568 | <table class='authrecord'> |
| 569 | 569 | <caption><?php echo $tablecaption;?></caption> |
| 570 | 570 | <tr style='text-align: left;'> |
@@ -585,9 +585,9 @@ discard block |
||
| 585 | 585 | . "<td>".$oneRecord['outer_user']."</td>" |
| 586 | 586 | . "<td>".($oneRecord['result'] == "OK" ? _("Success") : _("Failure"))."</td>" |
| 587 | 587 | . "<td>".$oneRecord['mac']."</td>" |
| 588 | - . "<td>".substr($oneRecord['cui'], 0, 18) |
|
| 589 | - . ($oneRecord['cui']=='' ? "" : "... " . copyIcon("cui_icon_".$deploymentObject->identifier."_$i") |
|
| 590 | - . "<span style='display: none;' id='cui_data_".$deploymentObject->identifier."_$i'>".$oneRecord['cui'].'</span>')."</td>" |
|
| 588 | + . "<td>".substr($oneRecord['cui'], 0, 18) |
|
| 589 | + . ($oneRecord['cui']=='' ? "" : "... " . copyIcon("cui_icon_".$deploymentObject->identifier."_$i") |
|
| 590 | + . "<span style='display: none;' id='cui_data_".$deploymentObject->identifier."_$i'>".$oneRecord['cui'].'</span>')."</td>" |
|
| 591 | 591 | . "<td>".$oneRecord['ap_id']."</td>" |
| 592 | 592 | . "<td>".$oneRecord['prot']."</td>" |
| 593 | 593 | . "</tr>"; |
@@ -627,7 +627,7 @@ discard block |
||
| 627 | 627 | $query = 'inc/deploymentLogs.inc.php?inst_id='.$deploymentObject->institution."&deployment_id=$depId&backlog="; |
| 628 | 628 | ?></h2> |
| 629 | 629 | <?php echo _('You will receive zip file with logs from both RADIUS servers: primary (folder named radius-1) and secondary (folder named radius-2).') . '<br>' . |
| 630 | - _('If no logs are available an empty zip file is provided.');?> |
|
| 630 | + _('If no logs are available an empty zip file is provided.');?> |
|
| 631 | 631 | <div style='height:3px'></div> |
| 632 | 632 | <button name="logs" type="button" onclick="location.href='<?php echo $query;?>1';"><?php echo _('Today');?> |
| 633 | 633 | </button> |
@@ -659,9 +659,9 @@ discard block |
||
| 659 | 659 | foreach (array($dsp->host1_v4, $dsp->host2_v4) as $host) { |
| 660 | 660 | $connection = @fsockopen($host, \config\Master::MANAGEDSP['radiusconfigport']); |
| 661 | 661 | if (is_resource($connection)) { |
| 662 | - fclose($connection); |
|
| 662 | + fclose($connection); |
|
| 663 | 663 | } else { |
| 664 | - return false; |
|
| 664 | + return false; |
|
| 665 | 665 | } |
| 666 | 666 | } |
| 667 | 667 | return true; |
@@ -683,7 +683,7 @@ discard block |
||
| 683 | 683 | </button> |
| 684 | 684 | <span style='color: red;'> |
| 685 | 685 | <?php if ($hasMail == 0) { |
| 686 | - echo _("Helpdesk mail address is required but missing!"); |
|
| 686 | + echo _("Helpdesk mail address is required but missing!"); |
|
| 687 | 687 | } |
| 688 | 688 | ?> |
| 689 | 689 | </span> |
@@ -5,37 +5,37 @@ discard block |
||
| 5 | 5 | $opn = $vlans = ''; |
| 6 | 6 | $guest_vlan = 0; |
| 7 | 7 | if ( isset($_POST['enc']) && $_POST['enc'] != '' && ($enc=base64_decode($_POST['enc'], true)) !== false ) { |
| 8 | - $decrypted = openssl_decrypt($enc, "CHACHA20", SERVER_SECRET, 0, SERVER_IV); |
|
| 9 | - if ($decrypted === false) { |
|
| 10 | - echo "FAILURE"; |
|
| 11 | - exit; |
|
| 12 | - } else { |
|
| 13 | - parse_str($decrypted, $darr); |
|
| 14 | - if (!isset($darr['token']) || $darr['token'] != SERVER_TOKEN) { |
|
| 15 | - echo "FAILURE"; |
|
| 16 | - exit; |
|
| 17 | - } |
|
| 18 | - } |
|
| 8 | + $decrypted = openssl_decrypt($enc, "CHACHA20", SERVER_SECRET, 0, SERVER_IV); |
|
| 9 | + if ($decrypted === false) { |
|
| 10 | + echo "FAILURE"; |
|
| 11 | + exit; |
|
| 12 | + } else { |
|
| 13 | + parse_str($decrypted, $darr); |
|
| 14 | + if (!isset($darr['token']) || $darr['token'] != SERVER_TOKEN) { |
|
| 15 | + echo "FAILURE"; |
|
| 16 | + exit; |
|
| 17 | + } |
|
| 18 | + } |
|
| 19 | 19 | } |
| 20 | 20 | # when a request contains logid and backlog ";s:11:"DEBUG-11-52";s:7:"backlog";s:1:"7";} |
| 21 | 21 | if ( isset($darr['logid']) && isset($darr['backlog']) && isset($darr['iv']) ) { |
| 22 | - if (substr($darr['logid'], 0, 5) == 'DEBUG') { |
|
| 23 | - $logid = substr($darr['logid'], 6); |
|
| 22 | + if (substr($darr['logid'], 0, 5) == 'DEBUG') { |
|
| 23 | + $logid = substr($darr['logid'], 6); |
|
| 24 | 24 | } |
| 25 | - $iv = $darr['iv']; |
|
| 26 | - $res = cat_socket(implode(':', array($logid, $darr['backlog']))); |
|
| 27 | - $cnt = 0; |
|
| 28 | - if (substr($res, 0, strlen(ZIPDIR)) == ZIPDIR) { |
|
| 29 | - $content = file_get_contents($res); |
|
| 25 | + $iv = $darr['iv']; |
|
| 26 | + $res = cat_socket(implode(':', array($logid, $darr['backlog']))); |
|
| 27 | + $cnt = 0; |
|
| 28 | + if (substr($res, 0, strlen(ZIPDIR)) == ZIPDIR) { |
|
| 29 | + $content = file_get_contents($res); |
|
| 30 | 30 | $encrypted = openssl_encrypt(SERVER_TOKEN . $content, "CHACHA20", SERVER_SECRET, 0, $iv); |
| 31 | - header('Content-Type: application/octet-stream'); |
|
| 31 | + header('Content-Type: application/octet-stream'); |
|
| 32 | 32 | header("Content-Transfer-Encoding: binary"); |
| 33 | - echo "ZIPDATA:$encrypted"; |
|
| 34 | - } |
|
| 35 | - if (file_exists($res)) { |
|
| 36 | - unlink($res); |
|
| 37 | - } |
|
| 38 | - exit; |
|
| 33 | + echo "ZIPDATA:$encrypted"; |
|
| 34 | + } |
|
| 35 | + if (file_exists($res)) { |
|
| 36 | + unlink($res); |
|
| 37 | + } |
|
| 38 | + exit; |
|
| 39 | 39 | } |
| 40 | 40 | # MUST provide: deployment_id, inst_id |
| 41 | 41 | # and port, secret, pskkey, country or torevoke |
@@ -44,33 +44,33 @@ discard block |
||
| 44 | 44 | isset($darr['instid']) && isset($darr['deploymentid']) && |
| 45 | 45 | (isset($darr['port']) && isset($darr['secret']) && isset($darr['pskkey']) && isset($darr['country']) || |
| 46 | 46 | isset($darr['torevoke']))) { |
| 47 | - if (isset($darr['remove'])) { |
|
| 47 | + if (isset($darr['remove'])) { |
|
| 48 | 48 | $remove = 1; |
| 49 | - } else { |
|
| 49 | + } else { |
|
| 50 | 50 | if (isset($darr['operatorname'])) { |
| 51 | - $opn = trim($darr['operatorname']); |
|
| 51 | + $opn = trim($darr['operatorname']); |
|
| 52 | 52 | } |
| 53 | 53 | if (isset($darr['vlan']) && isset($darr['realmforvlan']) && |
| 54 | 54 | is_array($darr['realmforvlan'])) { |
| 55 | - $vlans = $darr['vlan'] . '#' . implode('#', $darr['realmforvlan']); |
|
| 55 | + $vlans = $darr['vlan'] . '#' . implode('#', $darr['realmforvlan']); |
|
| 56 | 56 | } |
| 57 | 57 | if (isset($darr['guest_vlan'])) { |
| 58 | - $guest_vlan = $darr['guest_vlan']; |
|
| 58 | + $guest_vlan = $darr['guest_vlan']; |
|
| 59 | + } |
|
| 60 | + } |
|
| 61 | + if (isset($darr['torevoke'])) { |
|
| 62 | + $el = explode('#', $darr['torevoke']); |
|
| 63 | + $res = cat_socket(implode(':', array($darr['instid'], $darr['deploymentid'], $el[0], $el[1]))); |
|
| 64 | + } else { |
|
| 65 | + # arguments 5-7 are Base64 encoded |
|
| 66 | + $res = cat_socket(implode(':', array($darr['country'], |
|
| 67 | + $darr['instid'], $darr['deploymentid'], |
|
| 68 | + $darr['port'], |
|
| 69 | + base64_encode($darr['secret']), |
|
| 70 | + base64_encode($opn), |
|
| 71 | + base64_encode($vlans), base64_encode($darr['pskkey']), $guest_vlan, $remove))); |
|
| 59 | 72 | } |
| 60 | - } |
|
| 61 | - if (isset($darr['torevoke'])) { |
|
| 62 | - $el = explode('#', $darr['torevoke']); |
|
| 63 | - $res = cat_socket(implode(':', array($darr['instid'], $darr['deploymentid'], $el[0], $el[1]))); |
|
| 64 | - } else { |
|
| 65 | - # arguments 5-7 are Base64 encoded |
|
| 66 | - $res = cat_socket(implode(':', array($darr['country'], |
|
| 67 | - $darr['instid'], $darr['deploymentid'], |
|
| 68 | - $darr['port'], |
|
| 69 | - base64_encode($darr['secret']), |
|
| 70 | - base64_encode($opn), |
|
| 71 | - base64_encode($vlans), base64_encode($darr['pskkey']), $guest_vlan, $remove))); |
|
| 72 | - } |
|
| 73 | - echo $res; |
|
| 73 | + echo $res; |
|
| 74 | 74 | } else { |
| 75 | - echo "FAILURE"; |
|
| 75 | + echo "FAILURE"; |
|
| 76 | 76 | } |
