mirror of
https://github.com/Ylianst/MeshCentral.git
synced 2024-12-24 06:05:53 -05:00
Added Intel AMT WIFI to config.json schema.
This commit is contained in:
parent
f9e64aeb3f
commit
cc652d8e33
@ -77,13 +77,13 @@ module.exports.CreateAmtManager = function (parent) {
|
||||
if (typeof wifiProfile.authentication == 'string') { wifiProfile.authentication = wifiProfile.authentication.toLowerCase(); }
|
||||
if (wifiProfile.authentication == 'wpa-psk') { wifiProfile.authentication = 4; }
|
||||
if (wifiProfile.authentication == 'wpa2-psk') { wifiProfile.authentication = 6; }
|
||||
if (typeof wifiProfile.authentication != 'number') { wifiProfile.authentication = 4; } // Default to CCMP-AES
|
||||
if (typeof wifiProfile.authentication != 'number') { wifiProfile.authentication = 6; } // Default to WPA2-PSK
|
||||
|
||||
// Encyption
|
||||
if (typeof wifiProfile.encryption == 'string') { wifiProfile.encryption = wifiProfile.encryption.toLowerCase(); }
|
||||
if ((wifiProfile.encryption == 'ccmp-aes') || (wifiProfile.encryption == 'ccmp')) { wifiProfile.encryption = 4; }
|
||||
if ((wifiProfile.encryption == 'tkip-rc4') || (wifiProfile.encryption == 'tkip')) { wifiProfile.encryption = 3; }
|
||||
if (typeof wifiProfile.encryption != 'number') { wifiProfile.encryption = 6; } // Default to WPA2-PSK
|
||||
if (typeof wifiProfile.encryption != 'number') { wifiProfile.encryption = 4; } // Default to CCMP-AES
|
||||
|
||||
// Type
|
||||
wifiProfile.type = 3; // Infrastructure
|
||||
|
@ -305,6 +305,43 @@
|
||||
"maxItems": 4,
|
||||
"uniqueItems": true
|
||||
}
|
||||
},
|
||||
"WifiProfiles": {
|
||||
"description": "List of WIFI profiles to setup in any managed Intel AMT device with a WIFI network interface.",
|
||||
"type": "array",
|
||||
"items": {
|
||||
"type": "object",
|
||||
"additionalProperties": false,
|
||||
"required": [ "ssid", "password" ],
|
||||
"properties": {
|
||||
"name": {
|
||||
"description": "WIFI profile name, if not specified the SSID is used.",
|
||||
"type": "string"
|
||||
},
|
||||
"ssid": {
|
||||
"description": "SSID of the WIFI station.",
|
||||
"type": "string"
|
||||
},
|
||||
"authentication": {
|
||||
"description": "WIFI authentication.",
|
||||
"type": "string",
|
||||
"enum": [ "wpa2-psk", "wpa-psk" ],
|
||||
"default": "wpa2-psk"
|
||||
},
|
||||
"encryption": {
|
||||
"description": "WIFI encryption.",
|
||||
"type": "string",
|
||||
"enum": [ "ccmp-aes", "tkip-rc4" ],
|
||||
"default": "ccmp-aes"
|
||||
},
|
||||
"password": {
|
||||
"description": "Password on the WIFI station",
|
||||
"type": "string",
|
||||
"minLength": 8,
|
||||
"maxLength": 63
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
},
|
||||
|
@ -31,16 +31,16 @@ module.exports.CreateMQTTBroker = function (parent, db, args) {
|
||||
|
||||
// Connection Authentication
|
||||
aedes.authenticate = function (client, username, password, callback) {
|
||||
obj.parent.debug("mqtt", "Authentication User:" + username + ", Pass:" + password.toString() + ", ClientID:" + client.id + ", " + client.conn.xtransport + "://" + cleanRemoteAddr(client.conn.xip));
|
||||
obj.parent.debug('mqtt', "Authentication User:" + username + ", Pass:" + password.toString() + ", ClientID:" + client.id + ", " + client.conn.xtransport + "://" + cleanRemoteAddr(client.conn.xip));
|
||||
|
||||
// Parse the username and password
|
||||
var usersplit = username.split(':');
|
||||
var passsplit = password.toString().split(':');
|
||||
if ((usersplit.length !== 4) || (passsplit.length !== 3)) { obj.parent.debug("mqtt", "Invalid user/pass format, " + client.conn.xtransport + "://" + cleanRemoteAddr(client.conn.xip)); callback(authError, null); return; }
|
||||
if (usersplit[0] !== 'MCAuth1') { obj.parent.debug("mqtt", "Invalid auth method, " + client.conn.xtransport + "://" + cleanRemoteAddr(client.conn.xip)); callback(authError, null); return; }
|
||||
if ((usersplit.length !== 4) || (passsplit.length !== 3)) { obj.parent.debug('mqtt', "Invalid user/pass format, " + client.conn.xtransport + "://" + cleanRemoteAddr(client.conn.xip)); callback(authError, null); return; }
|
||||
if (usersplit[0] !== 'MCAuth1') { obj.parent.debug('mqtt', "Invalid auth method, " + client.conn.xtransport + "://" + cleanRemoteAddr(client.conn.xip)); callback(authError, null); return; }
|
||||
|
||||
// Check authentication
|
||||
if (passsplit[0] !== parent.config.settings.mqtt.auth.keyid) { obj.parent.debug("mqtt", "Invalid auth keyid, " + client.conn.xtransport + "://" + cleanRemoteAddr(client.conn.xip)); callback(authError, null); return; }
|
||||
if (passsplit[0] !== parent.config.settings.mqtt.auth.keyid) { obj.parent.debug('mqtt', "Invalid auth keyid, " + client.conn.xtransport + "://" + cleanRemoteAddr(client.conn.xip)); callback(authError, null); return; }
|
||||
if (parent.crypto.createHash('sha384').update(username + ':' + passsplit[1] + ':' + parent.config.settings.mqtt.auth.key).digest("base64") !== passsplit[2]) { obj.parent.debug("mqtt", "Invalid password, " + client.conn.xtransport + "://" + cleanRemoteAddr(client.conn.xip)); callback(authError, null); return; }
|
||||
|
||||
// Setup the identifiers
|
||||
@ -49,7 +49,7 @@ module.exports.CreateMQTTBroker = function (parent, db, args) {
|
||||
const xdomainid = usersplit[3];
|
||||
|
||||
// Check the domain
|
||||
if ((typeof client.conn.xdomain == 'object') && (xdomainid != client.conn.xdomain.id)) { obj.parent.debug("mqtt", "Invalid domain connection, " + client.conn.xtransport + "://" + cleanRemoteAddr(client.conn.xip)); callback(null, false); return; }
|
||||
if ((typeof client.conn.xdomain == 'object') && (xdomainid != client.conn.xdomain.id)) { obj.parent.debug('mqtt', "Invalid domain connection, " + client.conn.xtransport + "://" + cleanRemoteAddr(client.conn.xip)); callback(null, false); return; }
|
||||
|
||||
// Convert meshid from HEX to Base64 if needed
|
||||
if (xmeshid.length === 96) { xmeshid = Buffer.from(xmeshid, 'hex').toString('base64'); }
|
||||
@ -77,7 +77,7 @@ module.exports.CreateMQTTBroker = function (parent, db, args) {
|
||||
client.conn.parent = client;
|
||||
client.conn.on('end', function () {
|
||||
// client is "this.parent"
|
||||
obj.parent.debug("mqtt", "Connection closed, " + this.parent.conn.xtransport + "://" + cleanRemoteAddr(this.parent.conn.xip));
|
||||
obj.parent.debug('mqtt', "Connection closed, " + this.parent.conn.xtransport + '://' + cleanRemoteAddr(this.parent.conn.xip));
|
||||
|
||||
// Remove this client from the connections list
|
||||
if ((this.parent.xdbNodeKey != null) && (obj.connections[this.parent.xdbNodeKey] != null)) {
|
||||
@ -99,7 +99,7 @@ module.exports.CreateMQTTBroker = function (parent, db, args) {
|
||||
// Check if a client can publish a packet
|
||||
aedes.authorizeSubscribe = function (client, sub, callback) {
|
||||
// Subscription control
|
||||
obj.parent.debug("mqtt", "AuthorizeSubscribe \"" + sub.topic + "\", " + client.conn.xtransport + "://" + cleanRemoteAddr(client.conn.xip));
|
||||
obj.parent.debug('mqtt', "AuthorizeSubscribe \"" + sub.topic + '", ' + client.conn.xtransport + '://' + cleanRemoteAddr(client.conn.xip));
|
||||
if (allowedSubscriptionTopics.indexOf(sub.topic) === -1) { sub = null; } // If not a supported subscription, deny it.
|
||||
callback(null, sub); // We authorize supported topics, but will not allow agents to publish anything to other agents.
|
||||
}
|
||||
@ -107,7 +107,7 @@ module.exports.CreateMQTTBroker = function (parent, db, args) {
|
||||
// Check if a client can publish a packet
|
||||
aedes.authorizePublish = function (client, packet, callback) {
|
||||
// Handle a published message
|
||||
obj.parent.debug("mqtt", "AuthorizePublish, " + client.conn.xtransport + "://" + cleanRemoteAddr(client.conn.xip));
|
||||
obj.parent.debug('mqtt', "AuthorizePublish, " + client.conn.xtransport + '://' + cleanRemoteAddr(client.conn.xip));
|
||||
handleMessage(client.xdbNodeKey, client.xdbMeshKey, client.xdomainid, packet.topic, packet.payload);
|
||||
// We don't accept that any client message be published, so don't call the callback.
|
||||
}
|
||||
|
Loading…
Reference in New Issue
Block a user