external/MeshCentral
1
0
Fork 0
mirror of https://github.com/Ylianst/MeshCentral.git synced 2025-02-12 11:01:52 +00:00
Code Issues Releases Wiki Activity

Fixed 2FA when in LAN mode.

Browse source
This commit is contained in:
Ylian Saint-Hilaire 2019-08-22 17:05:21 -07:00
parent f1b5ae6cad
commit 9e4b21bb60
4 changed files with 11 additions and 144 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

128
agents/modules_meshcore/linux-dbus.js
View file

@ -1,128 +0,0 @@
/*
Copyright 2018-2019 Intel Corporation
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
try { Object.defineProperty(Array.prototype, "peek", { value: function () { return (this.length > 0 ? this[this.length - 1] : undefined); } }); } catch (e) { }
function dbus(address, uid)
{
this._ObjectID = 'linux-dbus';
require('events').EventEmitter.call(this, true)
.createEvent('signal');
Object.defineProperty(this, "uid", { value: uid });
this._child = require('child_process').execFile("/bin/sh", ["sh"], { type: require('child_process').SpawnTypes.TERM, uid: uid == null ? -1 : uid });
this._child.stdin.write('dbus-monitor --session "type=\'signal\', interface=\'' + address + '\'" | ( while read X; do echo "$X"; done )\n');
this._child.stdout.dbus = this;
this._child.stdout.on('data', function (chunk)
{
// Parse DBUS Data
if (!this.ready) { this.ready = true; return; }
var lines = [];
var tokens = chunk.toString().split('\r\n');
for (var i in tokens)
{
if (tokens[i] == '')
{
// End of record
this.dbus.preParseRecords(lines);
lines = [];
}
else
{
lines.push(tokens[i]);
}
}
});
this.preParseRecords = function (lines)
{
var record = [];
for (var i in lines)
{
if(lines[i].startsWith('signal '))
{
if(record.length>0)
{
this.parseRecords(record);
}
record = [];
}
record.push(lines[i]);
}
if (record.length > 0)
{
this.parseRecords(record);
}
}
this.parseRecords = function (lines)
{
if (lines[0].startsWith('signal '))
{
var signal = {};
var sigtokens = lines[0].split(' ');
sigtokens.shift();
for (var i in sigtokens) {
var sigitems = sigtokens[i].split('=');
if (sigitems.length == 2) {
signal[sigitems[0]] = sigitems[1];
}
}
lines.shift();
signal.data = lines;
this.parseSignal(signal);
}
}
this.parseSignal = function(signal)
{
var data = signal.data;
signal.data = [];
for(var i=0; i<data.length; ++i)
{
if (data[i].startsWith('array '))
{
signal.data.push([]);
for(i=i+1; i<data.length; ++i)
{
this.parseSignal2(data[i], signal.data.peek());
}
}
else
{
this.parseSignal2(data[i], signal.data);
}
}
this.emit('signal', signal);
}
this.parseSignal2 = function (inputStr, outArray)
{
if(inputStr.startsWith('string '))
{
outArray.push(JSON.parse(inputStr.slice(7)));
}
else if(inputStr.startsWith('boolean '))
{
outArray.push(JSON.parse(inputStr.slice(8)));
}
}
}
module.exports = dbus;

1
agents/modules_meshcore_min/linux-dbus.min.js vendored
View file

@ -1 +0,0 @@
try{Object.defineProperty(Array.prototype,"peek",{value:function(){return(this.length>0?this[this.length-1]:undefined)}})}catch(e){}function dbus(a,b){this._ObjectID="linux-dbus";require("events").EventEmitter.call(this,true).createEvent("signal");Object.defineProperty(this,"uid",{value:b});this._child=require("child_process").execFile("/bin/sh",["sh"],{type:require("child_process").SpawnTypes.TERM,uid:b==null?-1:b});this._child.stdin.write("dbus-monitor --session \"type='signal', interface='"+a+'\'" | ( while read X; do echo "$X"; done )\n');this._child.stdout.dbus=this;this._child.stdout.on("data",function(c){if(!this.ready){this.ready=true;return}var f=[];var g=c.toString().split("\r\n");for(var d in g){if(g[d]==""){this.dbus.preParseRecords(f);f=[]}else{f.push(g[d])}}});this.preParseRecords=function(d){var f=[];for(var c in d){if(d[c].startsWith("signal ")){if(f.length>0){this.parseRecords(f)}f=[]}f.push(d[c])}if(f.length>0){this.parseRecords(f)}};this.parseRecords=function(d){if(d[0].startsWith("signal ")){var g={};var h=d[0].split(" ");h.shift();for(var c in h){var f=h[c].split("=");if(f.length==2){g[f[0]]=f[1]}}d.shift();g.data=d;this.parseSignal(g)}};this.parseSignal=function(f){var c=f.data;f.data=[];for(var d=0;d<c.length;++d){if(c[d].startsWith("array ")){f.data.push([]);for(d=d+1;d<c.length;++d){this.parseSignal2(c[d],f.data.peek())}}else{this.parseSignal2(c[d],f.data)}}this.emit("signal",f)};this.parseSignal2=function(c,d){if(c.startsWith("string ")){d.push(JSON.parse(c.slice(7)))}else{if(c.startsWith("boolean ")){d.push(JSON.parse(c.slice(8)))}}}}module.exports=dbus;

24
meshuser.js
View file

@ -2376,7 +2376,7 @@ module.exports.CreateMeshUser = function (parent, db, ws, req, args, domain, use
case 'otpauth-request': case 'otpauth-request':
{ {
// Check is 2-step login is supported // Check is 2-step login is supported
const twoStepLoginSupported = ((domain.auth != 'sspi') && (parent.parent.certificates.CommonName.indexOf('.') != -1) && (args.lanonly !== true) && (args.nousers !== true)); const twoStepLoginSupported = ((parent.parent.config.settings.no2factorauth !== true) && (domain.auth != 'sspi') && (parent.parent.certificates.CommonName.indexOf('.') != -1) && (args.nousers !== true));
if (twoStepLoginSupported) { if (twoStepLoginSupported) {
// Request a one time password to be setup // Request a one time password to be setup
var otplib = null; var otplib = null;
@ -2390,7 +2390,7 @@ module.exports.CreateMeshUser = function (parent, db, ws, req, args, domain, use
case 'otpauth-setup': case 'otpauth-setup':
{ {
// Check is 2-step login is supported // Check is 2-step login is supported
const twoStepLoginSupported = ((domain.auth != 'sspi') && (parent.parent.certificates.CommonName.indexOf('.') != -1) && (args.lanonly !== true) && (args.nousers !== true)); const twoStepLoginSupported = ((parent.parent.config.settings.no2factorauth !== true) && (domain.auth != 'sspi') && (parent.parent.certificates.CommonName.indexOf('.') != -1) && (args.nousers !== true));
if (twoStepLoginSupported) { if (twoStepLoginSupported) {
// Perform the one time password setup // Perform the one time password setup
var otplib = null; var otplib = null;
@ -2418,7 +2418,7 @@ module.exports.CreateMeshUser = function (parent, db, ws, req, args, domain, use
case 'otpauth-clear': case 'otpauth-clear':
{ {
// Check is 2-step login is supported // Check is 2-step login is supported
const twoStepLoginSupported = ((domain.auth != 'sspi') && (parent.parent.certificates.CommonName.indexOf('.') != -1) && (args.lanonly !== true) && (args.nousers !== true)); const twoStepLoginSupported = ((parent.parent.config.settings.no2factorauth !== true) && (domain.auth != 'sspi') && (parent.parent.certificates.CommonName.indexOf('.') != -1) && (args.nousers !== true));
if (twoStepLoginSupported) { if (twoStepLoginSupported) {
// Clear the one time password secret // Clear the one time password secret
if (user.otpsecret) { if (user.otpsecret) {
@ -2441,7 +2441,7 @@ module.exports.CreateMeshUser = function (parent, db, ws, req, args, domain, use
case 'otpauth-getpasswords': case 'otpauth-getpasswords':
{ {
// Check is 2-step login is supported // Check is 2-step login is supported
const twoStepLoginSupported = ((domain.auth != 'sspi') && (parent.parent.certificates.CommonName.indexOf('.') != -1) && (args.lanonly !== true) && (args.nousers !== true)); const twoStepLoginSupported = ((parent.parent.config.settings.no2factorauth !== true) && (domain.auth != 'sspi') && (parent.parent.certificates.CommonName.indexOf('.') != -1) && (args.nousers !== true));
if (twoStepLoginSupported == false) break; if (twoStepLoginSupported == false) break;
// Perform a sub-action // Perform a sub-action
@ -2476,7 +2476,7 @@ module.exports.CreateMeshUser = function (parent, db, ws, req, args, domain, use
case 'otp-hkey-get': case 'otp-hkey-get':
{ {
// Check is 2-step login is supported // Check is 2-step login is supported
const twoStepLoginSupported = ((domain.auth != 'sspi') && (parent.parent.certificates.CommonName.indexOf('.') != -1) && (args.lanonly !== true) && (args.nousers !== true)); const twoStepLoginSupported = ((parent.parent.config.settings.no2factorauth !== true) && (domain.auth != 'sspi') && (parent.parent.certificates.CommonName.indexOf('.') != -1) && (args.nousers !== true));
if (twoStepLoginSupported == false) break; if (twoStepLoginSupported == false) break;
// Send back the list of keys we have, just send the list of names and index // Send back the list of keys we have, just send the list of names and index
@ -2489,7 +2489,7 @@ module.exports.CreateMeshUser = function (parent, db, ws, req, args, domain, use
case 'otp-hkey-remove': case 'otp-hkey-remove':
{ {
// Check is 2-step login is supported // Check is 2-step login is supported
const twoStepLoginSupported = ((domain.auth != 'sspi') && (parent.parent.certificates.CommonName.indexOf('.') != -1) && (args.lanonly !== true) && (args.nousers !== true)); const twoStepLoginSupported = ((parent.parent.config.settings.no2factorauth !== true) && (domain.auth != 'sspi') && (parent.parent.certificates.CommonName.indexOf('.') != -1) && (args.nousers !== true));
if (twoStepLoginSupported == false || command.index == null) break; if (twoStepLoginSupported == false || command.index == null) break;
// Remove a key // Remove a key
@ -2510,14 +2510,12 @@ module.exports.CreateMeshUser = function (parent, db, ws, req, args, domain, use
} }
case 'otp-hkey-yubikey-add': case 'otp-hkey-yubikey-add':
{ {
if (parent.parent.config.settings.no2factorauth === true) return;
// Yubico API id and signature key can be requested from https://upgrade.yubico.com/getapikey/ // Yubico API id and signature key can be requested from https://upgrade.yubico.com/getapikey/
var yubikeyotp = null; var yubikeyotp = null;
try { yubikeyotp = require('yubikeyotp'); } catch (ex) { } try { yubikeyotp = require('yubikeyotp'); } catch (ex) { }
// Check is 2-step login is supported // Check is 2-step login is supported
const twoStepLoginSupported = ((domain.auth != 'sspi') && (parent.parent.certificates.CommonName.indexOf('.') != -1) && (args.lanonly !== true) && (args.nousers !== true)); const twoStepLoginSupported = ((parent.parent.config.settings.no2factorauth !== true) && (domain.auth != 'sspi') && (parent.parent.certificates.CommonName.indexOf('.') != -1) && (args.nousers !== true));
if ((yubikeyotp == null) || (twoStepLoginSupported == false) || (typeof command.otp != 'string')) { if ((yubikeyotp == null) || (twoStepLoginSupported == false) || (typeof command.otp != 'string')) {
ws.send(JSON.stringify({ action: 'otp-hkey-yubikey-add', result: false, name: command.name })); ws.send(JSON.stringify({ action: 'otp-hkey-yubikey-add', result: false, name: command.name }));
break; break;
@ -2565,10 +2563,8 @@ module.exports.CreateMeshUser = function (parent, db, ws, req, args, domain, use
} }
case 'webauthn-startregister': case 'webauthn-startregister':
{ {
if (parent.parent.config.settings.no2factorauth === true) return;
// Check is 2-step login is supported // Check is 2-step login is supported
const twoStepLoginSupported = ((domain.auth != 'sspi') && (parent.parent.certificates.CommonName.indexOf('.') != -1) && (args.lanonly !== true) && (args.nousers !== true)); const twoStepLoginSupported = ((parent.parent.config.settings.no2factorauth !== true) && (domain.auth != 'sspi') && (parent.parent.certificates.CommonName.indexOf('.') != -1) && (args.nousers !== true));
if ((twoStepLoginSupported == false) || (command.name == null)) break; if ((twoStepLoginSupported == false) || (command.name == null)) break;
// Send the registration request // Send the registration request
@ -2579,8 +2575,8 @@ module.exports.CreateMeshUser = function (parent, db, ws, req, args, domain, use
} }
case 'webauthn-endregister': case 'webauthn-endregister':
{ {
if (parent.parent.config.settings.no2factorauth === true) return; const twoStepLoginSupported = ((parent.parent.config.settings.no2factorauth !== true) && (domain.auth != 'sspi') && (parent.parent.certificates.CommonName.indexOf('.') != -1) && (args.nousers !== true));
if (obj.webAuthnReqistrationRequest == null) return; if ((twoStepLoginSupported == false) || (obj.webAuthnReqistrationRequest == null)) return;
// Figure out the origin // Figure out the origin
var httpport = ((args.aliasport != null) ? args.aliasport : args.port); var httpport = ((args.aliasport != null) ? args.aliasport : args.port);

2
package.json
View file

@ -1,6 +1,6 @@
{ {
"name": "meshcentral", "name": "meshcentral",
"version": "0.4.0-e", "version": "0.4.0-f",
"keywords": [ "keywords": [
"Remote Management", "Remote Management",
"Intel AMT", "Intel AMT",