MyFavMirrors/MeshCentral
1
0
Fork 0
mirror of https://github.com/Ylianst/MeshCentral.git synced 2024-12-25 22:55:52 -05:00
Code Issues Packages Projects Releases Wiki Activity

Version 1.0.3

Browse Source
This commit is contained in:
Ylian Saint-Hilaire 2022-04-09 09:33:02 -07:00
parent a8992f6a09
commit ee2e1057d2
4 changed files with 39 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

28
amtmanager.js
View File

@ -1407,6 +1407,7 @@ module.exports.CreateAmtManager = function (parent) {
var newNetAuthProfileRequested = false; var newNetAuthProfileRequested = false;
var srvNetAuthProfile = domain.amtmanager['802.1x']; var srvNetAuthProfile = domain.amtmanager['802.1x'];
var devNetAuthProfile = null; var devNetAuthProfile = null;
var netAuthClientCertInstanceId = null;
if (wiredConfig) { if (wiredConfig) {
var wiredMatch = 0; var wiredMatch = 0;
@ -1429,6 +1430,8 @@ module.exports.CreateAmtManager = function (parent) {
if (devNetAuthProfile.Username != srvNetAuthProfile.username) { wiredMatch = 2; } if (devNetAuthProfile.Username != srvNetAuthProfile.username) { wiredMatch = 2; }
if (devNetAuthProfile.Domain != srvNetAuthProfile.domain) { wiredMatch = 2; } if (devNetAuthProfile.Domain != srvNetAuthProfile.domain) { wiredMatch = 2; }
} }
// If the existing 802.1x profile has a certificate, remember the client certificate instance id for later checking
if (devNetAuthProfile.ClientCertificate) { netAuthClientCertInstanceId = devNetAuthProfile.ClientCertificate.ReferenceParameters.SelectorSet.Selector.Value; }
} }
if (wiredMatch == 2) { newNetAuthProfileRequested = true; } if (wiredMatch == 2) { newNetAuthProfileRequested = true; }
} }
@ -1472,6 +1475,9 @@ module.exports.CreateAmtManager = function (parent) {
if (srvNetAuthProfile.domain != netAuthProfile['Domain']) { netAuthMatch = false; } if (srvNetAuthProfile.domain != netAuthProfile['Domain']) { netAuthMatch = false; }
} }
} }
// TODO: If the existing 802.1x profile has a certificate, remember the client certificate instance id for later checking
if (netAuthMatch == true) { if (netAuthMatch == true) {
// The 802.1x profile seems to match what we want, keep it. // The 802.1x profile seems to match what we want, keep it.
wirelessMatch = true; wirelessMatch = true;
@ -1519,6 +1525,23 @@ module.exports.CreateAmtManager = function (parent) {
} }
} }
// Check the 802.1x client certificate expiration time
// TODO: We are only getting the client cert from the wired 802.1x profile, need to get it for wireless too.
var netAuthClientCert = null;
if (netAuthClientCertInstanceId != null) {
netAuthClientCert = getInstance(responses['AMT_PublicKeyCertificate'].responses, netAuthClientCertInstanceId);
if (netAuthClientCert) {
var cert = null;
try { cert = obj.parent.certificateOperations.forge.pki.certificateFromAsn1(obj.parent.certificateOperations.forge.asn1.fromDer(obj.parent.certificateOperations.forge.util.decode64(netAuthClientCert.X509Certificate))); } catch (ex) { }
if (cert != null) {
const certStart = new Date(cert.validity.notBefore).getTime();
const certEnd = new Date(cert.validity.notAfter).getTime();
const certMidPoint = certStart + ((certEnd - certStart) / 2);
if (Date.now() > certMidPoint) { newNetAuthProfileRequested = true; } // Past mid-point or expired, request a new 802.1x certificate & profile
}
}
}
// Figure out is there are no changes to 802.1x wired configuration // Figure out is there are no changes to 802.1x wired configuration
if ((wiredMatch == 0) && (newNetAuthProfileRequested == false)) { wiredConfig = false; } if ((wiredMatch == 0) && (newNetAuthProfileRequested == false)) { wiredConfig = false; }
@ -1529,7 +1552,9 @@ module.exports.CreateAmtManager = function (parent) {
dev.consoleMsg("Requesting 802.1x credentials for " + netAuthStrings[srvNetAuthProfile.authenticationprotocol] + " from MeshCentral Satellite..."); dev.consoleMsg("Requesting 802.1x credentials for " + netAuthStrings[srvNetAuthProfile.authenticationprotocol] + " from MeshCentral Satellite...");
dev.netAuthSatReqId = Buffer.from(parent.crypto.randomBytes(16), 'binary').toString('base64'); // Generate a crypto-secure request id. dev.netAuthSatReqId = Buffer.from(parent.crypto.randomBytes(16), 'binary').toString('base64'); // Generate a crypto-secure request id.
dev.netAuthSatReqData = { domain: domain, wiredConfig: wiredConfig, wirelessConfig: wirelessConfig, devNetAuthProfile: devNetAuthProfile, srvNetAuthProfile: srvNetAuthProfile, profilesToAdd: profilesToAdd, prioritiesInUse: prioritiesInUse, responses: responses, xxCertificates: xxCertificates, xxCertPrivateKeys: xxCertPrivateKeys } dev.netAuthSatReqData = { domain: domain, wiredConfig: wiredConfig, wirelessConfig: wirelessConfig, devNetAuthProfile: devNetAuthProfile, srvNetAuthProfile: srvNetAuthProfile, profilesToAdd: profilesToAdd, prioritiesInUse: prioritiesInUse, responses: responses, xxCertificates: xxCertificates, xxCertPrivateKeys: xxCertPrivateKeys }
parent.DispatchEvent([srvNetAuthProfile.satellitecredentials], obj, { action: 'satellite', subaction: '802.1x-ProFile-Request', satelliteFlags: 2, nodeid: dev.nodeid, icon: dev.icon, domain: dev.nodeid.split('/')[1], nolog: 1, reqid: dev.netAuthSatReqId, authProtocol: srvNetAuthProfile.authenticationprotocol, devname: dev.name, osname: dev.rname }); const request = { action: 'satellite', subaction: '802.1x-ProFile-Request', satelliteFlags: 2, nodeid: dev.nodeid, icon: dev.icon, domain: dev.nodeid.split('/')[1], nolog: 1, reqid: dev.netAuthSatReqId, authProtocol: srvNetAuthProfile.authenticationprotocol, devname: dev.name, osname: dev.rname };
if (netAuthClientCert != null) { request.cert = netAuthClientCert.X509Certificate; request.certid = netAuthClientCertInstanceId; }
parent.DispatchEvent([srvNetAuthProfile.satellitecredentials], obj, request);
// Set a response timeout // Set a response timeout
const netAuthTimeoutFunc = function netAuthTimeout() { const netAuthTimeoutFunc = function netAuthTimeout() {
@ -1621,6 +1646,7 @@ module.exports.CreateAmtManager = function (parent) {
dev.consoleMsg("Setting MeshCentral Satellite 802.1x profile..."); dev.consoleMsg("Setting MeshCentral Satellite 802.1x profile...");
const netAuthSatReqData = dev.netAuthSatReqData; const netAuthSatReqData = dev.netAuthSatReqData;
delete dev.netAuthSatReqData; delete dev.netAuthSatReqData;
if (dev.netAuthCredentials.certid) { netAuthSatReqData.certInstanceId = dev.netAuthCredentials.certid; } // If we are reusing an existing certificate, set that now.
attempt8021xSyncEx(dev, netAuthSatReqData); attempt8021xSyncEx(dev, netAuthSatReqData);
} }
} }

2
package.json
View File

@ -1,6 +1,6 @@
{ {
"name": "meshcentral", "name": "meshcentral",
"version": "1.0.2", "version": "1.0.3",
"keywords": [ "keywords": [
"Remote Device Management", "Remote Device Management",
"Remote Device Monitoring", "Remote Device Monitoring",

2
public/scripts/amt-0.2.0-min.js vendored
View File

File diff suppressed because one or more lines are too long

8
translate/translate.json
View File

@ -57569,6 +57569,14 @@
"login2.handlebars->centralTable->1->0->logincell->loginpanel->loginpanelform->authStrategies->auth-jumpcloud" "login2.handlebars->centralTable->1->0->logincell->loginpanel->loginpanelform->authStrategies->auth-jumpcloud"
] ]
}, },
{
"en": "Sign-in using OpenID Connect",
"xloc": [
"login-mobile.handlebars->container->page_content->column_l->1->1->0->1->loginpanel->1->authStrategies->auth-oidc",
"login.handlebars->container->column_l->centralTable->1->0->logincell->loginpanel->1->authStrategies->auth-oidc",
"login2.handlebars->centralTable->1->0->logincell->loginpanel->loginpanelform->authStrategies->auth-oidc"
]
},
{ {
"cs": "Přihlaste se pomocí Redditu", "cs": "Přihlaste se pomocí Redditu",
"da": "Log ind med Reddit", "da": "Log ind med Reddit",