mirror of
https://github.com/Ylianst/MeshCentral.git
synced 2025-02-03 09:55:57 -05:00
Fixed 2FA when in LAN mode.
This commit is contained in:
Ylian Saint-Hilaire
parent
f1b5ae6cad
commit
9e4b21bb60
@ -1,128 +0,0 @@
|
||||
/*
|
||||
Copyright 2018-2019 Intel Corporation
|
||||
|
||||
Licensed under the Apache License, Version 2.0 (the "License");
|
||||
you may not use this file except in compliance with the License.
|
||||
You may obtain a copy of the License at
|
||||
|
||||
http://www.apache.org/licenses/LICENSE-2.0
|
||||
|
||||
Unless required by applicable law or agreed to in writing, software
|
||||
distributed under the License is distributed on an "AS IS" BASIS,
|
||||
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
See the License for the specific language governing permissions and
|
||||
limitations under the License.
|
||||
*/
|
||||
|
||||
try { Object.defineProperty(Array.prototype, "peek", { value: function () { return (this.length > 0 ? this[this.length - 1] : undefined); } }); } catch (e) { }
|
||||
|
||||
|
||||
|
||||
function dbus(address, uid)
|
||||
{
|
||||
this._ObjectID = 'linux-dbus';
|
||||
require('events').EventEmitter.call(this, true)
|
||||
.createEvent('signal');
|
||||
Object.defineProperty(this, "uid", { value: uid });
|
||||
this._child = require('child_process').execFile("/bin/sh", ["sh"], { type: require('child_process').SpawnTypes.TERM, uid: uid == null ? -1 : uid });
|
||||
this._child.stdin.write('dbus-monitor --session "type=\'signal\', interface=\'' + address + '\'" | ( while read X; do echo "$X"; done )\n');
|
||||
this._child.stdout.dbus = this;
|
||||
this._child.stdout.on('data', function (chunk)
|
||||
{
|
||||
// Parse DBUS Data
|
||||
if (!this.ready) { this.ready = true; return; }
|
||||
|
||||
var lines = [];
|
||||
var tokens = chunk.toString().split('\r\n');
|
||||
for (var i in tokens)
|
||||
{
|
||||
if (tokens[i] == '')
|
||||
{
|
||||
// End of record
|
||||
this.dbus.preParseRecords(lines);
|
||||
lines = [];
|
||||
}
|
||||
else
|
||||
{
|
||||
lines.push(tokens[i]);
|
||||
}
|
||||
}
|
||||
});
|
||||
this.preParseRecords = function (lines)
|
||||
{
|
||||
var record = [];
|
||||
for (var i in lines)
|
||||
{
|
||||
if(lines[i].startsWith('signal '))
|
||||
{
|
||||
if(record.length>0)
|
||||
{
|
||||
this.parseRecords(record);
|
||||
}
|
||||
record = [];
|
||||
}
|
||||
record.push(lines[i]);
|
||||
}
|
||||
if (record.length > 0)
|
||||
{
|
||||
this.parseRecords(record);
|
||||
}
|
||||
}
|
||||
this.parseRecords = function (lines)
|
||||
{
|
||||
if (lines[0].startsWith('signal '))
|
||||
{
|
||||
var signal = {};
|
||||
var sigtokens = lines[0].split(' ');
|
||||
sigtokens.shift();
|
||||
|
||||
for (var i in sigtokens) {
|
||||
var sigitems = sigtokens[i].split('=');
|
||||
if (sigitems.length == 2) {
|
||||
signal[sigitems[0]] = sigitems[1];
|
||||
}
|
||||
}
|
||||
|
||||
lines.shift();
|
||||
signal.data = lines;
|
||||
|
||||
this.parseSignal(signal);
|
||||
}
|
||||
}
|
||||
this.parseSignal = function(signal)
|
||||
{
|
||||
var data = signal.data;
|
||||
signal.data = [];
|
||||
|
||||
for(var i=0; i<data.length; ++i)
|
||||
{
|
||||
if (data[i].startsWith('array '))
|
||||
{
|
||||
signal.data.push([]);
|
||||
for(i=i+1; i<data.length; ++i)
|
||||
{
|
||||
this.parseSignal2(data[i], signal.data.peek());
|
||||
}
|
||||
}
|
||||
else
|
||||
{
|
||||
this.parseSignal2(data[i], signal.data);
|
||||
}
|
||||
}
|
||||
|
||||
this.emit('signal', signal);
|
||||
}
|
||||
this.parseSignal2 = function (inputStr, outArray)
|
||||
{
|
||||
if(inputStr.startsWith('string '))
|
||||
{
|
||||
outArray.push(JSON.parse(inputStr.slice(7)));
|
||||
}
|
||||
else if(inputStr.startsWith('boolean '))
|
||||
{
|
||||
outArray.push(JSON.parse(inputStr.slice(8)));
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
module.exports = dbus;
|
||||
@ -1 +0,0 @@
|
||||
try{Object.defineProperty(Array.prototype,"peek",{value:function(){return(this.length>0?this[this.length-1]:undefined)}})}catch(e){}function dbus(a,b){this._ObjectID="linux-dbus";require("events").EventEmitter.call(this,true).createEvent("signal");Object.defineProperty(this,"uid",{value:b});this._child=require("child_process").execFile("/bin/sh",["sh"],{type:require("child_process").SpawnTypes.TERM,uid:b==null?-1:b});this._child.stdin.write("dbus-monitor --session \"type='signal', interface='"+a+'\'" | ( while read X; do echo "$X"; done )\n');this._child.stdout.dbus=this;this._child.stdout.on("data",function(c){if(!this.ready){this.ready=true;return}var f=[];var g=c.toString().split("\r\n");for(var d in g){if(g[d]==""){this.dbus.preParseRecords(f);f=[]}else{f.push(g[d])}}});this.preParseRecords=function(d){var f=[];for(var c in d){if(d[c].startsWith("signal ")){if(f.length>0){this.parseRecords(f)}f=[]}f.push(d[c])}if(f.length>0){this.parseRecords(f)}};this.parseRecords=function(d){if(d[0].startsWith("signal ")){var g={};var h=d[0].split(" ");h.shift();for(var c in h){var f=h[c].split("=");if(f.length==2){g[f[0]]=f[1]}}d.shift();g.data=d;this.parseSignal(g)}};this.parseSignal=function(f){var c=f.data;f.data=[];for(var d=0;d<c.length;++d){if(c[d].startsWith("array ")){f.data.push([]);for(d=d+1;d<c.length;++d){this.parseSignal2(c[d],f.data.peek())}}else{this.parseSignal2(c[d],f.data)}}this.emit("signal",f)};this.parseSignal2=function(c,d){if(c.startsWith("string ")){d.push(JSON.parse(c.slice(7)))}else{if(c.startsWith("boolean ")){d.push(JSON.parse(c.slice(8)))}}}}module.exports=dbus;
|
||||
24
meshuser.js
24
meshuser.js
@ -2376,7 +2376,7 @@ module.exports.CreateMeshUser = function (parent, db, ws, req, args, domain, use
|
||||
case 'otpauth-request':
|
||||
{
|
||||
// Check is 2-step login is supported
|
||||
const twoStepLoginSupported = ((domain.auth != 'sspi') && (parent.parent.certificates.CommonName.indexOf('.') != -1) && (args.lanonly !== true) && (args.nousers !== true));
|
||||
const twoStepLoginSupported = ((parent.parent.config.settings.no2factorauth !== true) && (domain.auth != 'sspi') && (parent.parent.certificates.CommonName.indexOf('.') != -1) && (args.nousers !== true));
|
||||
if (twoStepLoginSupported) {
|
||||
// Request a one time password to be setup
|
||||
var otplib = null;
|
||||
@ -2390,7 +2390,7 @@ module.exports.CreateMeshUser = function (parent, db, ws, req, args, domain, use
|
||||
case 'otpauth-setup':
|
||||
{
|
||||
// Check is 2-step login is supported
|
||||
const twoStepLoginSupported = ((domain.auth != 'sspi') && (parent.parent.certificates.CommonName.indexOf('.') != -1) && (args.lanonly !== true) && (args.nousers !== true));
|
||||
const twoStepLoginSupported = ((parent.parent.config.settings.no2factorauth !== true) && (domain.auth != 'sspi') && (parent.parent.certificates.CommonName.indexOf('.') != -1) && (args.nousers !== true));
|
||||
if (twoStepLoginSupported) {
|
||||
// Perform the one time password setup
|
||||
var otplib = null;
|
||||
@ -2418,7 +2418,7 @@ module.exports.CreateMeshUser = function (parent, db, ws, req, args, domain, use
|
||||
case 'otpauth-clear':
|
||||
{
|
||||
// Check is 2-step login is supported
|
||||
const twoStepLoginSupported = ((domain.auth != 'sspi') && (parent.parent.certificates.CommonName.indexOf('.') != -1) && (args.lanonly !== true) && (args.nousers !== true));
|
||||
const twoStepLoginSupported = ((parent.parent.config.settings.no2factorauth !== true) && (domain.auth != 'sspi') && (parent.parent.certificates.CommonName.indexOf('.') != -1) && (args.nousers !== true));
|
||||
if (twoStepLoginSupported) {
|
||||
// Clear the one time password secret
|
||||
if (user.otpsecret) {
|
||||
@ -2441,7 +2441,7 @@ module.exports.CreateMeshUser = function (parent, db, ws, req, args, domain, use
|
||||
case 'otpauth-getpasswords':
|
||||
{
|
||||
// Check is 2-step login is supported
|
||||
const twoStepLoginSupported = ((domain.auth != 'sspi') && (parent.parent.certificates.CommonName.indexOf('.') != -1) && (args.lanonly !== true) && (args.nousers !== true));
|
||||
const twoStepLoginSupported = ((parent.parent.config.settings.no2factorauth !== true) && (domain.auth != 'sspi') && (parent.parent.certificates.CommonName.indexOf('.') != -1) && (args.nousers !== true));
|
||||
if (twoStepLoginSupported == false) break;
|
||||
|
||||
// Perform a sub-action
|
||||
@ -2476,7 +2476,7 @@ module.exports.CreateMeshUser = function (parent, db, ws, req, args, domain, use
|
||||
case 'otp-hkey-get':
|
||||
{
|
||||
// Check is 2-step login is supported
|
||||
const twoStepLoginSupported = ((domain.auth != 'sspi') && (parent.parent.certificates.CommonName.indexOf('.') != -1) && (args.lanonly !== true) && (args.nousers !== true));
|
||||
const twoStepLoginSupported = ((parent.parent.config.settings.no2factorauth !== true) && (domain.auth != 'sspi') && (parent.parent.certificates.CommonName.indexOf('.') != -1) && (args.nousers !== true));
|
||||
if (twoStepLoginSupported == false) break;
|
||||
|
||||
// Send back the list of keys we have, just send the list of names and index
|
||||
@ -2489,7 +2489,7 @@ module.exports.CreateMeshUser = function (parent, db, ws, req, args, domain, use
|
||||
case 'otp-hkey-remove':
|
||||
{
|
||||
// Check is 2-step login is supported
|
||||
const twoStepLoginSupported = ((domain.auth != 'sspi') && (parent.parent.certificates.CommonName.indexOf('.') != -1) && (args.lanonly !== true) && (args.nousers !== true));
|
||||
const twoStepLoginSupported = ((parent.parent.config.settings.no2factorauth !== true) && (domain.auth != 'sspi') && (parent.parent.certificates.CommonName.indexOf('.') != -1) && (args.nousers !== true));
|
||||
if (twoStepLoginSupported == false || command.index == null) break;
|
||||
|
||||
// Remove a key
|
||||
@ -2510,14 +2510,12 @@ module.exports.CreateMeshUser = function (parent, db, ws, req, args, domain, use
|
||||
}
|
||||
case 'otp-hkey-yubikey-add':
|
||||
{
|
||||
if (parent.parent.config.settings.no2factorauth === true) return;
|
||||
|
||||
// Yubico API id and signature key can be requested from https://upgrade.yubico.com/getapikey/
|
||||
var yubikeyotp = null;
|
||||
try { yubikeyotp = require('yubikeyotp'); } catch (ex) { }
|
||||
|
||||
// Check is 2-step login is supported
|
||||
const twoStepLoginSupported = ((domain.auth != 'sspi') && (parent.parent.certificates.CommonName.indexOf('.') != -1) && (args.lanonly !== true) && (args.nousers !== true));
|
||||
const twoStepLoginSupported = ((parent.parent.config.settings.no2factorauth !== true) && (domain.auth != 'sspi') && (parent.parent.certificates.CommonName.indexOf('.') != -1) && (args.nousers !== true));
|
||||
if ((yubikeyotp == null) || (twoStepLoginSupported == false) || (typeof command.otp != 'string')) {
|
||||
ws.send(JSON.stringify({ action: 'otp-hkey-yubikey-add', result: false, name: command.name }));
|
||||
break;
|
||||
@ -2565,10 +2563,8 @@ module.exports.CreateMeshUser = function (parent, db, ws, req, args, domain, use
|
||||
}
|
||||
case 'webauthn-startregister':
|
||||
{
|
||||
if (parent.parent.config.settings.no2factorauth === true) return;
|
||||
|
||||
// Check is 2-step login is supported
|
||||
const twoStepLoginSupported = ((domain.auth != 'sspi') && (parent.parent.certificates.CommonName.indexOf('.') != -1) && (args.lanonly !== true) && (args.nousers !== true));
|
||||
const twoStepLoginSupported = ((parent.parent.config.settings.no2factorauth !== true) && (domain.auth != 'sspi') && (parent.parent.certificates.CommonName.indexOf('.') != -1) && (args.nousers !== true));
|
||||
if ((twoStepLoginSupported == false) || (command.name == null)) break;
|
||||
|
||||
// Send the registration request
|
||||
@ -2579,8 +2575,8 @@ module.exports.CreateMeshUser = function (parent, db, ws, req, args, domain, use
|
||||
}
|
||||
case 'webauthn-endregister':
|
||||
{
|
||||
if (parent.parent.config.settings.no2factorauth === true) return;
|
||||
if (obj.webAuthnReqistrationRequest == null) return;
|
||||
const twoStepLoginSupported = ((parent.parent.config.settings.no2factorauth !== true) && (domain.auth != 'sspi') && (parent.parent.certificates.CommonName.indexOf('.') != -1) && (args.nousers !== true));
|
||||
if ((twoStepLoginSupported == false) || (obj.webAuthnReqistrationRequest == null)) return;
|
||||
|
||||
// Figure out the origin
|
||||
var httpport = ((args.aliasport != null) ? args.aliasport : args.port);
|
||||
|
||||
@ -1,6 +1,6 @@
|
||||
{
|
||||
"name": "meshcentral",
|
||||
"version": "0.4.0-e",
|
||||
"version": "0.4.0-f",
|
||||
"keywords": [
|
||||
"Remote Management",
|
||||
"Intel AMT",
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user