From 459540f7427e734d0d283793d1b333ff920abe06 Mon Sep 17 00:00:00 2001
From: Ylian Saint-Hilaire <ysainthilaire@hotmail.com>
Date: Fri, 3 Apr 2020 16:06:38 -0700
Subject: [PATCH] Added 2FA support in MeshCMD.

---
 agents/MeshCmd-signed.exe       | Bin 4630928 -> 4634192 bytes
 agents/MeshCmd64-signed.exe     | Bin 4247440 -> 4250704 bytes
 agents/MeshService-signed.exe   | Bin 3625632 -> 3625632 bytes
 agents/MeshService64-signed.exe | Bin 3242144 -> 3242144 bytes
 agents/meshcmd.js               |  91 +++++++++++++++++++++++++++-----
 package.json                    |   2 +-
 webserver.js                    |   6 +--
 7 files changed, 81 insertions(+), 18 deletions(-)

diff --git a/agents/MeshCmd-signed.exe b/agents/MeshCmd-signed.exe
index 9e30bdd88fa035afe9727d7e4e741cf0f1ee3050..bebc660103786e0344430919ba170173816543c3 100644
GIT binary patch
delta 3339
zcma);3se->8OK>f5O9%)ycSk3OJHGv<sqQ*@Wsxc27?NT9?|NsJFo-0Gh}8KM1!cL
z=+USlsMlJ>P_=4IE5=&HcnlER8eh?RjPDxisn66$d_|;bznR?yjJD03^E=Gm`M!I<
z$N%2Thi5msp8js5Ys+GVYgb|8QpFh8_APatie;S&30GhM;06o?+yM_@5a0=T0p7r1
zKneH&LjYgE5AX*9fT2Jj5CjARAwVdg0>XfBKn)B7h64zQ05m`(@CFbCL<3qN28ac8
zKpYScBmjCK5l8}(ffQf_kP4&$>A*-}6fhdd05X9rAR8D1j0MI4<ADi4PHU&a(3$MU
zmD4OflVDK!iP9^|MigHv=%pXHOJ`8wx)FxM5ww+JEV4l?T8IQ%6d4w*`i60HnjxSy
zE7kC2H=dG6Bx7{Y;D)(aVh|2ZB!<K-M50CDDny231-(EUZ9F}d=S0rPSzt+RVO~LH
z@?0w|nmH4mcGD1w=Oq!ot*aA>oLf4j7lJ1-5fz9OFQVdV#MAHEXhDhrQOLrTGAxpV
z!%Iezp|xBIN+HK1iZvmlnKqUq(M*Y`ibiItl14_3=V_yej67|kS&^YE0xID-D_GG;
zkXEp-S4r{65pbq`MC7Z{Li?)}kYr%vrSN;}A<%p!J%)!-y-;Cc#2BrW7R)?tp{n(i
zV4kmy)t7M$8>2OHtjKc~#~_MB+Oalp&eozhJng9=08a=fhq-1d@w6}^D5kH>QuU=Z
z<Dh2Ia?05{o%~s+(`Mq9uMB}B<zW<&jaZw-@)`$Nqc39FI1|+<z3_uD5_!Pnv5+oa
zoIwu9`3a;Kj#iT+@w6gh)*xq^_=uW}$#VYESJA}+XDp{hy{)2@r%W_dB%dviO2N;d
ziwop$nQ{-EK6u_Ra+byUtKSSXYl?}@^s4dlDzULfNiDBV6=M}j<B<@L%rs?!{Old+
zKbg@?u`Dfj#?d+fH_Rb|IPmOsaJJCMS*?;(veD#%{I~QK6fe-y5>go?8|e|M7}01(
zF%DZjC5QIXRFavI5@@6~S~!8$W<X$gyqXA9JDrRav>0VW=U9%iiDs?jkCXQqLN!hk
zSXMTWyCR940g>A6x&jDwgwsy$cuEN@$BN*PjYQr?%hUO3h}dvVUf-5LvMn^674;g(
z2`6_NRO`<Y?h#B$Uqa3aU!5%PrOBKz#Um+~gao_RisV0Y;t|Kgm^_#LLn$r729@7m
zTHHgS#8RY*KY#K*fAH;~2{k^LO!`DlVk;>NW0Jz*S;|UFAyiO;P{r{k$pw^+BS<1t
zw$|H4iA;<D8<2%lfHq|y4eSSJVdcI{yFqFv_VFY_Ym@s6K^m4Go)&F9+fO0Vpu<gi
zl^(kqATHPk3|qp<lIWF`-3Fwkui_bzj?pZft+C5$wk88!K_EtsD`!T~vo$qRB5?kV
z7s^oyB*@u#RKoBA6c@~-L(E9Ydqwu3mH6S;L~u%<e5JKs8(i-yeR>@hK-p)Jgy=Xy
zWR(Wu4~q#;Rqxl{n%T`IW$iQAjly{66um}{k^WY`Jk8QoIZ~2zA!DU^Y`rsDZGFu~
z{y!yhR;VT(r6)<x%hiHKAPi|0L_;g8QF0QpGOSIc1xL)Ib)>gDF&|DIyI4SBy}A6X
zg!TU;;a55iij?{j_Fwx02J1Cs6waSR_^LDx%{l}torpBgbG%-I{U(uW%uOLY6asGf
znh3*9^NGR3dmW@>$RyuteZCH_@SmKq^0haegOc#Xe0(yP{M4)OuESyoITr5;fr#oi
z82oT|qQM8>4<S9FOkHy!giWDjI?fFx<6xlqmLag;xFEgXGH9`0MMmN&Dl!$<s7UQ#
zS&@#7g_{o(;dtD1!dq3$z(Fi>aHSh53o6W+iYhp`@nMJJjwoX2z&NCV3?kMVg0LZm
z9NKzFMd}pF{x`K3{y3Uc;UB`t#864y(v8}8+d0JBIxn0oa>pyeNccZPLk`AcBS~+3
zPeaD`jkUtq9?sSH34ZVqxg_b*O84BBD;b+^Tu~nL&7Cl+rOSQkiN?uo^_BINNxJ-w
z+rrVbyL+y!34c83+PP7wS*^{Dq|!f0c}34%CbU)T^T+Le+jEuPzr8ZM>96y9dTviV
zIc}{tvwzru6$?J|(X5K{t{alr5{dt|ovf?fdXL)qY-i4nfK_!_yN+Ht6x~>}xq7O_
zYHKfhw)5e7zG$BR@54hr{hizU=Eb@$>tKd%oE1GA|K;tDmht|dr=vIbPX0$$L;8!Z
z_&*=_z8c3Jn{c4*c*rARe}2REFU&pP{@wVive4<P7c^~|d3N8TXIK3Txs<s21D{?0
z9zEeMZ>-I1dB<yX!OFMREbD2EVWw7}Ir_*;|9;5w6I~^LQ1}ME-TtIrc)sBiP1gO~
zqJJ4eZ)OCzbJ3-l(U;!1UbaMe_iDo*&+R>a>78%By}T}b|LTlHm*#hWeWRqKSwC*k
z%t_}jwoba3zwDb0&6`ggxp*;s@1A*;rk>h+@lE;H^vAzox(i(cYcaKh{AX=SN?Lkq
z`mCf#cTZjY#QJASg{NC`klWB*d0%R0b~3Zte|%Q9cFb<U^RaP7lCsxGp&01mwp8KL
z(w>)aZenoT)*HCI{QL;@oqvDst6mbmD5{A#Ubvt_lh^hrV(F^$mel5^fz8<|^@M81
z@^b#vh`Gk@Aj9_Eezm)=pFY+dT(>Rz7ex=t(|n>%`HedK;?m5Uzd8Npj3YOR#@l5f
zwilbOyC2+f<NC6p_bSvYl$#A6{(HCHz1H)z;m)>_4O@0Uxv}?wQv8!zXj}Y&&zA2~
z1{D6NYP7X|wB`a{9^8G3TmJl)8$42)4^3Su&eg8_;JrHogqB^8AEZufIBD2r`JuXP
zPVP?g=~ZX%huzv{E4X~jx~`$)<1;T3c7|L~`@H933qQMdx96^L#kpTyIGIwkreV`}
TIZbJP*$?hBAy1FFxVZcWHKnv^

delta 1256
zcmX}iX-w0190u_I%T+9u0;L=xl&hs!>4gP4+M=}oIRrt0MnQrI9k>BSsfZkwLqsT>
z3X`9L0X0mSg@rM+(}_w^>WsS>Tc{9_0E-+d3n)0E?z<QI;*&hjljpbjCgQ0-nuuLx
z7;#R~P=QH_goa8ZR&B)oM+6qY5?BFiU;{|N7OVkeU<W8*EwBev-~b$f6QBWSKnE_s
z6}SO+unu^D^}rK&0S52}KEN0F0e`>*ED!+LAP{T-9Iz1t0WRPHJ`eyQ2nL&g2!w!8
z5C+8HBM=TGKni3a0&E6bK%~Kl$&GyUi%{NcxECzH{cm)>D*ezwRop?fMxCzC7Bd0@
z4y*R19n8!R(q!lJ)w$V67!nDC&t}LNtc2+J0)A?aN|U9|U@^oDR(yPPfk60vVWTpx
zLWrIS6jXx`PZ9YPE&Af^=&BzsMo;~4Z{*e}r=SuxPD5sq+z#c<DJ;>2SlHtH@x3VH
zwA}MU-GtnkxC9Ma!I><TlaZE*`=ZNCoQEDm!b;Hu2X{8;SU3kmSwh?qjRoLbl;Vbm
z8JKK5+1er}KNFR6@!jtO&#;Dvx2cKBS=7~vm-84$pZACA<^)eG`v<QpC#oIRNKNsb
z`B5Y0`%bgV!OcT;&76+PD<;A47b8X6Y%dzpF5nbL-Zjyd;&*#K8&=dBXH6psE2`{{
zwb$>q#8@QIygI*3v|AawSh8|5(Rw1TplDHgRfk%-@k*`xPba)$Cp%s_v43bU?$XNY
zXEdgTZ_oGr%0~_1;wi;^JJ!*2qlI3j2s=D?w7TH$8&z3>7IE*i<{cN~XnC%z1LMWh
z(xv$b)+DE}RjH22ppoYuateE}O9RvTp`>`Ro6YyX)A@TyIkpRDZ1T1}`c&LF>N#_H
zFKelcTB8j)HGMxZRx)wkdg`{T+4K!Htc3C1>oHYkhy`amE|qBFHS^v_*p&SX+S893
z7%sY?@J`<t&$a)QDshQ^WVEhh=j!u;$@G+0lJ*{t+3-63gYjGaV$|kT@$g#J1XDjL
zGkY-n7OY0kG!I?5K{61Mc4vz2yuEdk+|j#on0Rs;dH3MYv^+jv$O}p0`C8is9^ZO=
znS$9`^68c|rmbRjHFkZE;lzs<-MS`P9c9XoNBMBVFe`#(1xE1KQ=c^-Q{{GP_V$%;
z*drSq+cnx4x+OJ~J{aNG%@qo)_*L1?J|?H!yLVbDsgJ#fYSGsD1(&nKn|BCYN*A?3
zufoo7)9dkKQq=@~HZr-$d{g&TdDGS~?9%H{$D{y!{?O8&xiXuE^N|-eCY9}@N$X`_
zzhzPS-1#16Ql7Hp9yL((#Q)<@YNm`uwcBVV+^TaK-E?Kef#M=&^ozpIbKz~lENjyn
zl75#Xd0?IT0dsZda?AC<dPw(%`pEK`dX`Ds7Cm76F)g-cyU4zNrsU`S%c+OXzI3O)
sZpzko>RKJv$5y{-8!z;%nevJf<z{|<;$^bU<^w6c%E2i65dwkm9{^DftpET3

diff --git a/agents/MeshCmd64-signed.exe b/agents/MeshCmd64-signed.exe
index 4f7786797add75981d19d5e1480c34ae10ca8e49..17e62c898aaba3d53a066205e433f6ca34fd4361 100644
GIT binary patch
delta 3315
zcma);2~-qE8pjy~fe{cyh@2Lqakv~V1reEUL?ap$SRf`GLfg~8=u9{1?%@y-l|)yv
zx?Zs`L{~QYqOMnB6cHarjcYa@tE@-VU5~u*G-eZZjZx!9_p6>62BW*1e((3_ss6sI
z@Ay|0%m2{ie0pD#^RD?S=cR?K7OJK>e|og3TeY}bMQ{fC0WN?m&>wIE+yM_j4GaK0
z0WZKC7zp?PzQ7>B4;T#i0|CHGzz`r12m*qE5Fiu?1BL<!2nRI4Fkm?FGB5(r0uewY
z5Cud7F~CSb2gCw#Ks=BDBm$#=(LfTA42%I%fU!U-Fb+s-?^fwQp6(*d=6HN2Paotf
zlUJ067_maqkstVajy?!Cy`k?4=gf@Jq!>h^dL(hOY~;bpF^t=a^nUH*3iU^R!cz;V
zc#N*;U9gZ%x#PeBYG8Cdl1-9OB^w1^(n%a^5xE>ukOfvS!IIkiti0;@QZpx43I?3(
zMFrxr*C?O%Wd&5m%_uK5f+sc><;jdFqnUL`<leM!5{UsZ$Rt!4d87n~7nIO}jY2s}
zcqJV%yaBP596KAym5hvPI8@10bBGm0kz-}VikyMtWg}yfP`N0W!HPo?S;4wqH6tQh
zz^T>|S*%0#)>je`F|ddv{N8#<oLJ52MHtmdRVJexp*3?-rO26>Ivpcb)@mblvjig_
zp=AYL76p@S5Je*`WdY|jEsDmuA(S5;Kb{VAPW8gM=~O_3qs*lGWX))(*$5@&w5TZM
zb5xWz74N#O_fJ-aQFt2SEhf_o9AFJc#ENk$YVcCyJLxoXgUKTyT|B>x9*VQ`Xf+;@
zK_}zf1yrHCJx%;s1|2cZ{!3TG&6EUoHYe*WRTUy*;GiPed>$!<IGvlBr+iCQdT95-
zWfSN^ll@np893e$5t*uPP^-%=JWJH_{8SNUsUikRF{qMb43M9-BYh`hD;b{Wl+M^%
zC*c)MRDb}Uy$<#kvVz%6q>_fF<YiCORWYK(ktIkOhz)t98l%isq6nL<j!{B;W-4OF
zG7^WhtVxhK?N|s5r)N<9p>`*hffl1Q=o~LF7P(SO{Bit6eW1o}0?R4}N>_-;jUZC1
z-SreIG~8~dbUdLPmg8k`NJFw{;gsooGpWcBO_pOzAjK9M&dWLt<b>mI>VwuiqWXs$
z%N+^XCwzXgtY;>(#}tD|E+a=;wN|A3DTzUX2xH1z)(;h&3>#E=e`awvl@}(F#{T-r
z9sb~Z=p8B)@1IV451Y(aGbW>fgd_5dnIj=oF_Kgxhz8;U%EsX)I8TVR&MHb|FiNli
zc{l|)!&sz&{a`Pw(s!~ONIS82EEU)o-&Y7^m^>mUTSUH(Ldc-ajl7b_ss@M)_JNTv
z7ZgeKO3G>j($dw4MwyGy)E8^4vMSb$g;x*=D+sfViCnR!fg}RwU%E6Kl|zDpMMULB
zQG()v89BsQM%gQh2j_+F-ltwlaLAXe^}^tKS8?by%#X3oLWF2LK@^qx<K@4lJc4?^
z_SVd5PLy>~Z#4=Q?Njs`*+%+W`G_3P)nt$)xqPFU6S3K6RH*p{8~Oi~$X=m_7?c!8
zo@c8Ci$EA;6~sX+>QH<fG8=h|%t^MGQ*!75{U_GK$zv4@D6BV^UzM=#e<b`|$3c;#
zKf(XCKVYyXlYSXzH&H%88k=Tqf+Z&+CyIio(_mkL4#k2*xv3<)>pm5X*RQ8MhxR&<
zW5}S~Y7SqUSI95USmoOLjQ}MPC)VPVY4kR=<F3Q9o~H0lJw&vqOYe(+D$sl5+j`mq
z%5?p02;qH-PQsHYIvNJryea=a;}UuIrnFc`)5GvonjVE4Xj<#3DAKmEaNE~Z2&QYP
z0YNj3a1hG^T<I)hLirgvs7invA9g4{^eQ#jH5zFkgYf<O06bwDJ-Gb<O-HG``rg!P
zydjGY!VlBw*g&Fga-%wKJDYgh%f{11{c&?T4gY6k(w>-_Ob@`{XVQ_5v33~SDLAuR
z@tuA2g1C~zkX?n1`7Sq{z6<-oZ@K4(-;8$Z{IsjnZvlHsBdgnzl6<@$pTBV6$aK0H
zukE_s-qt~T4T|$?sW^9*z2uVlc2e$0*G;$H-8M;RJg9Pclr?|v5-y}A{}KMjEcUI|
zf1e3h|Eg>57<}b8-P9PdILNi@UpIejNe@1={gch|2Q^3M<z?SJeQfw%v7p1LzQv<k
z6Oxi$)YLpE;rv|p%#|I*_uX3N9Ou2MHv^8BhOQOA44DyM@uykr%G|BtrFV+HEiKSo
ztGKuA?&i}?oju>K-cq;w@xpWUXLqdJdx_b7b?HX)(Vp}_Z%q5yy>(T^gGS#czCB`F
z^pJ2(^y$NcT1F4>UVEguHR*1|z?{xybGKAYzf=C;)|7u<nsj!`x+yaR^R2F@U+n(d
z<gIH$&!1o3`r7cnpD23&vbMa^v-Ei6_0LcJ^_#?n>fPB7#_juTR%h7Zv#y)w1kF6-
zmlalS+Iq+33c{^_WY(=;@y6BoJpU7@x!QT6jG2@4cZ~@NqmxFZ6vhqf?-8{qbI}7Y
zm4{1wfXm=VzxyPoY51jCxi|5>#T_N*M&#eP5$Dxwq*A#$xhzyU4Vzl}xF`8%bxhnr
z&5V|?3eVct4_&)b+k7(cnEQ@(lRhlm=3&@vlHT$&hfZ0O@XqCZBU4v@u;-!fqv85_
zahV6A8{HC*B@5miH;#6cNVyYxo^oF=**<E=7bp5X-Z=NH?3)}jv@UqV<(5s0PW_OA
zR&P0!{vaTwZ09YiWrK!4eBokQ-mUsqmVK3YMko$^vU1te6?DUvJ@1`NE?o7|jsr<i
z_e^D37yQ0#di;4or1~#=PJev$-7$2uYe09;Qd4K`oNZ$#v})grTq$TK`*-_&KXC25
z8>ZCjk4okZS=_Jqt7R!Qn;VNtdNyx=IB-+cg{g%p`+r~f<C52X7DW2yKH1T7aJhzc
J(l|Le{RgnftQP<P

delta 1232
zcmX}ido-JO90u_BjbK5P%%#)_DRC=_yCh!kEZf0?w!~<ouBo;Y=@FN+juWE8Xor>k
zTD0A%u}#kz!&zD>TD@<o6Kz-5En2N!%&aY1)V}+p{o`}a^E~JI{Y)vP=42_QqZp?s
zl8&hGXbN_=REw8u@&8eP9-sn!U;qrkJAej^fH5!ubYKcL05f0?7~oxC0W5(Pum&4}
z4X_29fE{=b*aHW^1dhN7u)t>E3|s&kxB@re4m^M-*aEzOH{bv+@BzNS5BP%s5D0=m
zFyH|`5P%T17AHDCK|_f|ulmvsqVJVRAx+QAk#5bA=gQONSv;nzYk@Q^H78Tym7AsD
z%CoaRV}^t<xo*r*COb|Po6k*_NptteGuTWXlN}o?%J=bov$&yRai}l)D<RZO?GzvS
z!7O?fLH>Z+B1s;ajU*kB%{hXO3S&qMG%6uX(0+50ioVT*ZR^Km3d&Fu_HU~{vK5gb
zNb3P-;|#(WDMcg;wTeg%8iRxvA>DS;Qe72Adg5qLBFR8g(WEy@3MGTpE-~az13j4{
z6P1X`#5aMXHi{>|lT+d!qmIjD31?uR*86rto?>O)cK^QBvuvSlj$|U{%s_psKzC!g
z>mOxgGUaibq^Z+Vb@OFKqfDK8g`_h$9G#)g;uT+eBA+d3#jBkMTBJ?)OJ<&5<cwRf
zMv5!8v&(6p+TEdEojl>t#pY<xiMwQ}GXCJ17f1MZX|0O}EW!9a+7-%t$ZP%K+{;c&
z6|zS5q(bo}t*z|zbwu|Ih}iW-vr#P5xT?bZ>1FTF6GERjPU{DTW!9{QTV$Hnb?z8E
z$!n=yu?p!H=ne_T|44{(@G!a7-|yS(%*vrIb04axZP`q1WqV(RWMSnVf2n;;d2!V|
zW#Hfz;_z)Zogjax(k%E_&04jmUPA8rlYoxHO(!GN8jozvx#=~_`*Ar}#ZhUMH%^%~
zhm8;yj-`Lk>&cFn@ukoFiIN&D=|OoMbEEyTse6Ms@qCI9`|v`StNi_5QNN$oM4}KI
zt&|*ncyaNPooS0C@~b6mZg!h1MHPb_$H+M)hs*Wla&~Z71~m7w@UkU3PNQ<Is1{4v
zOKU~W^|6y-olm_MMT~0;{J%N$w<jFe$EYeClM%oCSoOSyaAG98*R~(`3~HhG<77ed
z=x#%CaoWg40Rt=ebGXBu;WXdZQ`fN=WEAyLMqu65%86<lanJTU%A|#SmzkNuo2R9o
zkGgjk)@%5ZZBYTYh6b>n+ox2=64urZUCC%&r@gGi{`D&rZ-{d^u&goIYn!%GYkIzD
zx^C~(9qU^=tyjMu)b++R2W<*>Yu|S6wV$^n_2<gbN7KLgG#p@A$=0mA(AHfI_QL4Y
zaM?URah|H2oE2(b3<wSThx@vZiXyS*<JZ4YW#-5BNCbiIy`Gd8b}fN-<<UQt*t#|n
ijKWd>&Xvvd!Dz|@H({}$+h%Ic@A+(Llyet`VgCWqO%VhD

diff --git a/agents/MeshService-signed.exe b/agents/MeshService-signed.exe
index a060f346b990aaa71cd73bf05a1b80a3ded6ab83..3da3e59e6da8a775ee274b0bd2a87f91f86204f9 100644
GIT binary patch
delta 518
zcmZ3m^e*E9Al}fx$gJ_#yt$dNy_pe&nShuXh*^M`6^Pk@m>q~YfS41Axqz4(h<SjR
z7l`?Qm>-A*fLIWSg@9NXh(&-{6o|!uSR9BYfLIcUrGQu(h-H9S7Kr75SRRNKfLIZT
zm4H|oh*f}C6^PY<SRIHpfLIfVwSZU~h;@Ki7l`$MSRaTDfY=a-jeyt~h)sal6o}2X
zH#3@F_h&OQGBGi+n4S=5ZdtFkdZ*^D>1W>_oV<Akqenu@v7>&gLf0$3)aahN@A|2<
zzZ#;lMQRDJ%imb;KL4!8W#!$dD{oJ1+IOYk*7MuU&Hkq@-RZejqRi~HGG$NasvGRO
zix?v+X57sG@YQO|IoYzJ^fMyCYQpO!eK~S!Spy{B)^B66_Bx?$$o#6_^p|;OYCVIV
zRWZ|j@gnXlhtr?!_jE~q&{3XYZT8_;$Z5Y%?fFd%0=wJNgqKF1%vrgDU*_)QKO40A
z9K-x{?q2v;Xr9r|z}4b0b)REFd-}9zO>>tYns@W}-^AqR<7G2;HgTFhDbwYVyV8(d
kY{<USpfNx-|48IJZtlwWr~h|EyZu>}^o*aAO@{#j0P04`p8x;=

delta 518
zcmZ3m^e*E9Al}fx$lM`o(cH|~-pmNXOhC*G#4JF}3dC$c%nrmHK+FlmTtLhX#5_RE
z3&eat%n!r@Kr9HvLO?7G#3Dc}3dCYSEDppHKr9KwQa~&X#4<oE3&e6jEDyvAK&%MF
zN<gd(#413n3dCwatPaE)K&%PGT0pD~#5zE%3&eUrtPjKnKx_!aMnG%~#3n#&3dCmH
zn;Ffo`?DDs8XB1xO-~3kx2$ijI?#K=n&)`tdIt5?3zdG~F4|or`rEHZzva)PZZ6aK
z?|tPb@=xry?Aq4P>zt^_vuNU`&mG=#Og8`D$L5~7s8Px;`Ljt>NLEeDjcqNKk!6lo
z;^bm{&t<Yrjjs4@I4@7U?w`_pLEXegZ}o`XF?S|j(rWk^eJSVLwF_+=^9?xbchs)Q
zE3Td)DYIBjd5s8%fyJiR{uNdk8@1(kFLPTf$ahA<Ay`!Cr(sOv{}oe<n3^)9uKzl`
z>8r!?ChqO0Pc0QF%92;UQ1Z!P!|e3g53X)^KY8V8+V2LpZtKV4{>&53`t5k!wBSm;
kIAhn@Tk2Y(Og<@pa-8p!Pc{)d`u_L)S#g}6p$rfJ0NCZnq5uE@

diff --git a/agents/MeshService64-signed.exe b/agents/MeshService64-signed.exe
index b743709157c2cb815bdf92e5bac7a69e751796f1..981ba47f43c8e096b1764f588f21f04ad1026256 100644
GIT binary patch
delta 494
zcmZ4R@hIa0Al}fx$ozJ>VRJKMdov>lGXXI(5VHU=D-g2*F*^`*05K;Ja{)0o5c2>r
zFA(zqF+UIs0I?tt3jwh(5Q_k@C=iPQu{aP*0I?(xO98Po5X%6uED*~9u{;nf0I?zv
zD*>@G5UT*ODiEsyu{scI0I?<zYXPw~5bFT3E)eShu|5zRY;R^Xyk5#?WMpDuYB)Wi
z+|aV#K`>57e9|;mVVg}HFGMG3mhsM?*?Rczf~#_C!hYz)wr;zcDQEk@^>@b^u~|uS
z4PSH@yp_|{4V_o1R(_(WA*P|Dp6lq}c^Y$nMx4~opRxU+-|X(D13Oit*3O>4A%NpF
z=ZxdZwim8V7x6OstEH?Q?)^utyy@^iStawv-*J3vCe<_d7z?+$sejybwD#fhZ{PbZ
zOBDAPSVwLM{ix@@&%h)7uiVP)$wdODlVZ4Do(R7ushb_Np!VNh2A(9Hx{k!=^*4={
zpNqVZBUQ9<g5J{5_m_U8F(0=-A-X~`jzffrq0MRClh+le*&PeFe>a_9z<GS(PnJH5
VAc^G(;kry;ewi9_x@9py005E-y;T4J

delta 494
zcmZ4R@hIa0Al}fx$SiJS)ZEP2-pmNXOhC*G#4JF}3dC$c%nrmHK+FlmTtLhX#5_RE
z3&eat%n!r@Kr9HvLO?7G#3Dc}3dCYSEDppHKr9KwQa~&X#4<oE3&e6jEDyvAK&%MF
zN<gd(#413n3dCwatPaE)K&%PGT0pD~#5zE%3&eUrtPjKn+nX5;ua~kJ7#bRxm`+b9
zH?*ve*dNQmpt8~|w9RmS#$(~{OxkRR)mY_<Be~S$t`uEO&=b3qS(a3;=;VJj>+jF5
z)w1@<j%Vg>@OgDSWL|E!o&Os3-`j0D3;6Hv@hiT+e5G<26JN}aA8Q`iG>g0JS)mqf
zT%P^x#PVWkp`^r#aTa-AnR7q2@8&Yke9EJCS^V9kdY%R6Q>QYwJ-oDKqw?2I55?SM
z>HmvjVixpr*et)r-`*<o;mCC>UGtjH(KlC`BrO+ndbVLLS6bfZWNWTF6+VH@m(43a
zD)!x<GOv|!c6xo2|M5E;X8f3O^7g^fdvULA+O<N;&3DdslUtOv;lZQ}zwab-+TJiM
Vk5pyyxs>zwmQfPtcN+!>003MSzR>^x

diff --git a/agents/meshcmd.js b/agents/meshcmd.js
index 753fcdea..17f04751 100644
--- a/agents/meshcmd.js
+++ b/agents/meshcmd.js
@@ -153,8 +153,10 @@ function run(argv) {
     if ((typeof args.cdrom) == 'string') { settings.cdrom = args.cdrom; }
     if ((typeof args.tag) == 'string') { settings.tag = args.tag; }
     if ((typeof args.scan) == 'string') { settings.scan = args.scan; }
+    if ((typeof args.token) == 'string') { settings.token = args.token; }
     if ((typeof args.timeout) == 'string') { settings.timeout = parseInt(args.timeout); }
     if ((typeof args.uuidoutput) == 'string' || args.uuidoutput) { settings.uuidoutput = args.uuidoutput; }
+    if (args.emailtoken) { settings.emailtoken = true; }
     if (args.debug === true) { settings.debuglevel = 1; }
     if (args.debug) { try { waitForDebugger(); } catch (e) { } }
     if (args.noconsole) { settings.noconsole = true; }
@@ -2048,20 +2050,80 @@ function processLmsControlData(data) {
 //
 
 function startRouter() {
+    // Start by requesting a login token, this is needed because of 2FA and check that we have correct credentials from the start
+    var options;
+    try {
+        var url = settings.serverurl.split('meshrelay.ashx').join('control.ashx') + '?user=' + settings.username + '&pass=' + settings.password;
+        if (settings.emailtoken) { url += '&token=**email**'; } else if (settings.token != null) { url += '&token=' + settings.token; }
+        options = http.parseUri(url);
+    } catch (e) { console.log("Unable to parse \"serverUrl\"."); process.exit(1); return; }
+    options.checkServerIdentity = onVerifyServer;
+    options.rejectUnauthorized = false;
+    settings.websocket = http.request(options);
+    settings.websocket.upgrade = OnServerWebSocket;
+    settings.websocket.on('error', function (e) { console.log("ERROR: " + JSON.stringify(e)); });
+    settings.websocket.end();
+}
+
+function OnServerWebSocket(msg, s, head) {
+    settings.webchannel = s;
+    s.on('data', function (msg) {
+        var command = JSON.parse(msg);
+        switch (command.action) {
+            case 'close': {
+                if (command.cause == 'noauth') {
+                    if (command.msg == 'tokenrequired') {
+                        if (command.email2fasent === true) {
+                            console.log("Login token email sent.");
+                        } else if (command.email2fa === true) {
+                            console.log("Login token required, use --token [token], or --emailtoken get a token.");
+                        } else {
+                            console.log("Login token required, use --token [token].");
+                        }
+                    } else { console.log("Invalid username or password."); }
+                } else { console.log("Server disconnected: " + command.msg); }
+                process.exit(1);
+                return;
+            }
+            case 'serverinfo': {
+                s.write("{\"action\":\"authcookie\"}"); // Ask for our first authentication cookie
+                break;
+            }
+            case 'authcookie': {
+                if (settings.acookie == null) {
+                    settings.acookie = command.cookie;
+                    settings.rcookie = command.rcookie;
+                    settings.renewCookieTimer = setInterval(function () { settings.webchannel.write("{\"action\":\"authcookie\"}"); }, 600000); // Ask for new cookie every 10 minutes
+                    startRouterEx();
+                } else {
+                    settings.acookie = command.cookie;
+                    settings.rcookie = command.rcookie;
+                }
+                break;
+            }
+        }
+    });
+    s.on('error', function () { console.log("Server connection error."); process.exit(1); return; });
+    s.on('close', function () { console.log("Server closed the connection."); process.exit(1); return; });
+}
+
+function startRouterEx() {
     tcpserver = net.createServer(OnTcpClientConnected);
     tcpserver.on('error', function (e) { console.log("ERROR: " + JSON.stringify(e)); exit(0); return; });
-    tcpserver.listen(settings.localport, function () {
-        // We started listening.
-        if (settings.remotetarget == null) {
-            console.log('Redirecting local port ' + settings.localport + ' to remote port ' + settings.remoteport + '.');
-        } else {
-            console.log('Redirecting local port ' + settings.localport + ' to ' + settings.remotetarget + ':' + settings.remoteport + '.');
-        }
-        console.log("Press ctrl-c to exit.");
+    try {
+        tcpserver.listen(settings.localport, function () {
+            // We started listening.
+            if (settings.remotetarget == null) {
+                console.log('Redirecting local port ' + settings.localport + ' to remote port ' + settings.remoteport + '.');
+            } else {
+                console.log('Redirecting local port ' + settings.localport + ' to ' + settings.remotetarget + ':' + settings.remoteport + '.');
+            }
+            console.log("Press ctrl-c to exit.");
 
-        // If settings has a "cmd", run it now.
-        //process.exec("notepad.exe");
-    });
+            // If settings has a "cmd", run it now.
+            //process.exec("notepad.exe");
+        });
+    } catch (ex) { console.log("Unable to bind to local TCP port " + settings.localport + "."); exit(1); return; }
 }
 
 // Called when a TCP connect is received on the local port. Launch a tunnel.
@@ -2071,8 +2133,9 @@ function OnTcpClientConnected(c) {
         debug(1, "Client connected");
         c.on('end', function () { disconnectTunnel(this, this.websocket, "Client closed"); });
         c.pause();
+        var options;
         try {
-            options = http.parseUri(settings.serverurl + '?user=' + settings.username + '&pass=' + settings.password + '&nodeid=' + settings.remotenodeid + '&tcpport=' + settings.remoteport + (settings.remotetarget == null ? '' : '&tcpaddr=' + settings.remotetarget));
+            options = http.parseUri(settings.serverurl + '?auth=' + settings.acookie + '&nodeid=' + settings.remotenodeid + '&tcpport=' + settings.remoteport + (settings.remotetarget == null ? '' : '&tcpaddr=' + settings.remotetarget));
         } catch (e) { console.log("Unable to parse \"serverUrl\"."); process.exit(1); return; }
         options.checkServerIdentity = onVerifyServer;
         options.rejectUnauthorized = false;
@@ -2106,8 +2169,8 @@ function OnWebSocket(msg, s, head) {
             }
         }
     });
-    s.on('error', function (msg) { disconnectTunnel(this.tcp, this, 'Websocket error'); });
-    s.on('close', function (msg) { disconnectTunnel(this.tcp, this, 'Websocket closed'); });
+    s.on('error', function () { disconnectTunnel(this.tcp, this, 'Websocket error'); });
+    s.on('close', function () { disconnectTunnel(this.tcp, this, 'Websocket closed'); });
     s.parent = this;
 }
 
diff --git a/package.json b/package.json
index 04bc41d4..1dc7f058 100644
--- a/package.json
+++ b/package.json
@@ -1,6 +1,6 @@
 {
   "name": "meshcentral",
-  "version": "0.5.1-b",
+  "version": "0.5.1-c",
   "keywords": [
     "Remote Management",
     "Intel AMT",
diff --git a/webserver.js b/webserver.js
index be635567..2f4aed50 100644
--- a/webserver.js
+++ b/webserver.js
@@ -3352,9 +3352,9 @@ module.exports.CreateWebServer = function (parent, db, args, certificates) {
                         localPort: 1234,
                         remoteName: node.name,
                         remoteNodeId: node._id,
-                        remoteTarget: '',
+                        remoteTarget: null,
                         remotePort: 3389,
-                        username: '',
+                        username: user.name,
                         password: '',
                         serverId: obj.agentCertificateHashHex.toUpperCase(), // SHA384 of server HTTPS public key
                         serverHttpsHash: Buffer.from(obj.webCertificateHashs[domain.id], 'binary').toString('hex').toUpperCase(), // SHA384 of server HTTPS certificate
@@ -3368,7 +3368,7 @@ module.exports.CreateWebServer = function (parent, db, args, certificates) {
                 });
             } else if (req.query.meshaction == 'generic') {
                 var meshaction = {
-                    username: '',
+                    username: user.name,
                     password: '',
                     serverId: obj.agentCertificateHashHex.toUpperCase(), // SHA384 of server HTTPS public key
                     serverHttpsHash: Buffer.from(obj.webCertificateHashs[domain.id], 'binary').toString('hex').toUpperCase(), // SHA384 of server HTTPS certificate