diff --git a/amtmanager.js b/amtmanager.js index ec819ee6..d2a11e2d 100644 --- a/amtmanager.js +++ b/amtmanager.js @@ -77,13 +77,13 @@ module.exports.CreateAmtManager = function (parent) { if (typeof wifiProfile.authentication == 'string') { wifiProfile.authentication = wifiProfile.authentication.toLowerCase(); } if (wifiProfile.authentication == 'wpa-psk') { wifiProfile.authentication = 4; } if (wifiProfile.authentication == 'wpa2-psk') { wifiProfile.authentication = 6; } - if (typeof wifiProfile.authentication != 'number') { wifiProfile.authentication = 4; } // Default to CCMP-AES + if (typeof wifiProfile.authentication != 'number') { wifiProfile.authentication = 6; } // Default to WPA2-PSK // Encyption if (typeof wifiProfile.encryption == 'string') { wifiProfile.encryption = wifiProfile.encryption.toLowerCase(); } if ((wifiProfile.encryption == 'ccmp-aes') || (wifiProfile.encryption == 'ccmp')) { wifiProfile.encryption = 4; } if ((wifiProfile.encryption == 'tkip-rc4') || (wifiProfile.encryption == 'tkip')) { wifiProfile.encryption = 3; } - if (typeof wifiProfile.encryption != 'number') { wifiProfile.encryption = 6; } // Default to WPA2-PSK + if (typeof wifiProfile.encryption != 'number') { wifiProfile.encryption = 4; } // Default to CCMP-AES // Type wifiProfile.type = 3; // Infrastructure diff --git a/meshcentral-config-schema.json b/meshcentral-config-schema.json index 64abf05c..9a2a59b3 100644 --- a/meshcentral-config-schema.json +++ b/meshcentral-config-schema.json @@ -305,6 +305,43 @@ "maxItems": 4, "uniqueItems": true } + }, + "WifiProfiles": { + "description": "List of WIFI profiles to setup in any managed Intel AMT device with a WIFI network interface.", + "type": "array", + "items": { + "type": "object", + "additionalProperties": false, + "required": [ "ssid", "password" ], + "properties": { + "name": { + "description": "WIFI profile name, if not specified the SSID is used.", + "type": "string" + }, + "ssid": { + "description": "SSID of the WIFI station.", + "type": "string" + }, + "authentication": { + "description": "WIFI authentication.", + "type": "string", + "enum": [ "wpa2-psk", "wpa-psk" ], + "default": "wpa2-psk" + }, + "encryption": { + "description": "WIFI encryption.", + "type": "string", + "enum": [ "ccmp-aes", "tkip-rc4" ], + "default": "ccmp-aes" + }, + "password": { + "description": "Password on the WIFI station", + "type": "string", + "minLength": 8, + "maxLength": 63 + } + } + } } } }, diff --git a/mqttbroker.js b/mqttbroker.js index baebf21b..435bd5d0 100644 --- a/mqttbroker.js +++ b/mqttbroker.js @@ -31,16 +31,16 @@ module.exports.CreateMQTTBroker = function (parent, db, args) { // Connection Authentication aedes.authenticate = function (client, username, password, callback) { - obj.parent.debug("mqtt", "Authentication User:" + username + ", Pass:" + password.toString() + ", ClientID:" + client.id + ", " + client.conn.xtransport + "://" + cleanRemoteAddr(client.conn.xip)); + obj.parent.debug('mqtt', "Authentication User:" + username + ", Pass:" + password.toString() + ", ClientID:" + client.id + ", " + client.conn.xtransport + "://" + cleanRemoteAddr(client.conn.xip)); // Parse the username and password var usersplit = username.split(':'); var passsplit = password.toString().split(':'); - if ((usersplit.length !== 4) || (passsplit.length !== 3)) { obj.parent.debug("mqtt", "Invalid user/pass format, " + client.conn.xtransport + "://" + cleanRemoteAddr(client.conn.xip)); callback(authError, null); return; } - if (usersplit[0] !== 'MCAuth1') { obj.parent.debug("mqtt", "Invalid auth method, " + client.conn.xtransport + "://" + cleanRemoteAddr(client.conn.xip)); callback(authError, null); return; } + if ((usersplit.length !== 4) || (passsplit.length !== 3)) { obj.parent.debug('mqtt', "Invalid user/pass format, " + client.conn.xtransport + "://" + cleanRemoteAddr(client.conn.xip)); callback(authError, null); return; } + if (usersplit[0] !== 'MCAuth1') { obj.parent.debug('mqtt', "Invalid auth method, " + client.conn.xtransport + "://" + cleanRemoteAddr(client.conn.xip)); callback(authError, null); return; } // Check authentication - if (passsplit[0] !== parent.config.settings.mqtt.auth.keyid) { obj.parent.debug("mqtt", "Invalid auth keyid, " + client.conn.xtransport + "://" + cleanRemoteAddr(client.conn.xip)); callback(authError, null); return; } + if (passsplit[0] !== parent.config.settings.mqtt.auth.keyid) { obj.parent.debug('mqtt', "Invalid auth keyid, " + client.conn.xtransport + "://" + cleanRemoteAddr(client.conn.xip)); callback(authError, null); return; } if (parent.crypto.createHash('sha384').update(username + ':' + passsplit[1] + ':' + parent.config.settings.mqtt.auth.key).digest("base64") !== passsplit[2]) { obj.parent.debug("mqtt", "Invalid password, " + client.conn.xtransport + "://" + cleanRemoteAddr(client.conn.xip)); callback(authError, null); return; } // Setup the identifiers @@ -49,7 +49,7 @@ module.exports.CreateMQTTBroker = function (parent, db, args) { const xdomainid = usersplit[3]; // Check the domain - if ((typeof client.conn.xdomain == 'object') && (xdomainid != client.conn.xdomain.id)) { obj.parent.debug("mqtt", "Invalid domain connection, " + client.conn.xtransport + "://" + cleanRemoteAddr(client.conn.xip)); callback(null, false); return; } + if ((typeof client.conn.xdomain == 'object') && (xdomainid != client.conn.xdomain.id)) { obj.parent.debug('mqtt', "Invalid domain connection, " + client.conn.xtransport + "://" + cleanRemoteAddr(client.conn.xip)); callback(null, false); return; } // Convert meshid from HEX to Base64 if needed if (xmeshid.length === 96) { xmeshid = Buffer.from(xmeshid, 'hex').toString('base64'); } @@ -77,7 +77,7 @@ module.exports.CreateMQTTBroker = function (parent, db, args) { client.conn.parent = client; client.conn.on('end', function () { // client is "this.parent" - obj.parent.debug("mqtt", "Connection closed, " + this.parent.conn.xtransport + "://" + cleanRemoteAddr(this.parent.conn.xip)); + obj.parent.debug('mqtt', "Connection closed, " + this.parent.conn.xtransport + '://' + cleanRemoteAddr(this.parent.conn.xip)); // Remove this client from the connections list if ((this.parent.xdbNodeKey != null) && (obj.connections[this.parent.xdbNodeKey] != null)) { @@ -99,7 +99,7 @@ module.exports.CreateMQTTBroker = function (parent, db, args) { // Check if a client can publish a packet aedes.authorizeSubscribe = function (client, sub, callback) { // Subscription control - obj.parent.debug("mqtt", "AuthorizeSubscribe \"" + sub.topic + "\", " + client.conn.xtransport + "://" + cleanRemoteAddr(client.conn.xip)); + obj.parent.debug('mqtt', "AuthorizeSubscribe \"" + sub.topic + '", ' + client.conn.xtransport + '://' + cleanRemoteAddr(client.conn.xip)); if (allowedSubscriptionTopics.indexOf(sub.topic) === -1) { sub = null; } // If not a supported subscription, deny it. callback(null, sub); // We authorize supported topics, but will not allow agents to publish anything to other agents. } @@ -107,7 +107,7 @@ module.exports.CreateMQTTBroker = function (parent, db, args) { // Check if a client can publish a packet aedes.authorizePublish = function (client, packet, callback) { // Handle a published message - obj.parent.debug("mqtt", "AuthorizePublish, " + client.conn.xtransport + "://" + cleanRemoteAddr(client.conn.xip)); + obj.parent.debug('mqtt', "AuthorizePublish, " + client.conn.xtransport + '://' + cleanRemoteAddr(client.conn.xip)); handleMessage(client.xdbNodeKey, client.xdbMeshKey, client.xdomainid, packet.topic, packet.payload); // We don't accept that any client message be published, so don't call the callback. }