mirror of
https://github.com/Ylianst/MeshCentral.git
synced 2025-01-12 15:33:20 -05:00
Version 1.0.3
This commit is contained in:
parent
a8992f6a09
commit
ee2e1057d2
@ -1407,6 +1407,7 @@ module.exports.CreateAmtManager = function (parent) {
|
|||||||
var newNetAuthProfileRequested = false;
|
var newNetAuthProfileRequested = false;
|
||||||
var srvNetAuthProfile = domain.amtmanager['802.1x'];
|
var srvNetAuthProfile = domain.amtmanager['802.1x'];
|
||||||
var devNetAuthProfile = null;
|
var devNetAuthProfile = null;
|
||||||
|
var netAuthClientCertInstanceId = null;
|
||||||
|
|
||||||
if (wiredConfig) {
|
if (wiredConfig) {
|
||||||
var wiredMatch = 0;
|
var wiredMatch = 0;
|
||||||
@ -1429,6 +1430,8 @@ module.exports.CreateAmtManager = function (parent) {
|
|||||||
if (devNetAuthProfile.Username != srvNetAuthProfile.username) { wiredMatch = 2; }
|
if (devNetAuthProfile.Username != srvNetAuthProfile.username) { wiredMatch = 2; }
|
||||||
if (devNetAuthProfile.Domain != srvNetAuthProfile.domain) { wiredMatch = 2; }
|
if (devNetAuthProfile.Domain != srvNetAuthProfile.domain) { wiredMatch = 2; }
|
||||||
}
|
}
|
||||||
|
// If the existing 802.1x profile has a certificate, remember the client certificate instance id for later checking
|
||||||
|
if (devNetAuthProfile.ClientCertificate) { netAuthClientCertInstanceId = devNetAuthProfile.ClientCertificate.ReferenceParameters.SelectorSet.Selector.Value; }
|
||||||
}
|
}
|
||||||
if (wiredMatch == 2) { newNetAuthProfileRequested = true; }
|
if (wiredMatch == 2) { newNetAuthProfileRequested = true; }
|
||||||
}
|
}
|
||||||
@ -1472,6 +1475,9 @@ module.exports.CreateAmtManager = function (parent) {
|
|||||||
if (srvNetAuthProfile.domain != netAuthProfile['Domain']) { netAuthMatch = false; }
|
if (srvNetAuthProfile.domain != netAuthProfile['Domain']) { netAuthMatch = false; }
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// TODO: If the existing 802.1x profile has a certificate, remember the client certificate instance id for later checking
|
||||||
|
|
||||||
if (netAuthMatch == true) {
|
if (netAuthMatch == true) {
|
||||||
// The 802.1x profile seems to match what we want, keep it.
|
// The 802.1x profile seems to match what we want, keep it.
|
||||||
wirelessMatch = true;
|
wirelessMatch = true;
|
||||||
@ -1519,6 +1525,23 @@ module.exports.CreateAmtManager = function (parent) {
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// Check the 802.1x client certificate expiration time
|
||||||
|
// TODO: We are only getting the client cert from the wired 802.1x profile, need to get it for wireless too.
|
||||||
|
var netAuthClientCert = null;
|
||||||
|
if (netAuthClientCertInstanceId != null) {
|
||||||
|
netAuthClientCert = getInstance(responses['AMT_PublicKeyCertificate'].responses, netAuthClientCertInstanceId);
|
||||||
|
if (netAuthClientCert) {
|
||||||
|
var cert = null;
|
||||||
|
try { cert = obj.parent.certificateOperations.forge.pki.certificateFromAsn1(obj.parent.certificateOperations.forge.asn1.fromDer(obj.parent.certificateOperations.forge.util.decode64(netAuthClientCert.X509Certificate))); } catch (ex) { }
|
||||||
|
if (cert != null) {
|
||||||
|
const certStart = new Date(cert.validity.notBefore).getTime();
|
||||||
|
const certEnd = new Date(cert.validity.notAfter).getTime();
|
||||||
|
const certMidPoint = certStart + ((certEnd - certStart) / 2);
|
||||||
|
if (Date.now() > certMidPoint) { newNetAuthProfileRequested = true; } // Past mid-point or expired, request a new 802.1x certificate & profile
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
// Figure out is there are no changes to 802.1x wired configuration
|
// Figure out is there are no changes to 802.1x wired configuration
|
||||||
if ((wiredMatch == 0) && (newNetAuthProfileRequested == false)) { wiredConfig = false; }
|
if ((wiredMatch == 0) && (newNetAuthProfileRequested == false)) { wiredConfig = false; }
|
||||||
|
|
||||||
@ -1529,7 +1552,9 @@ module.exports.CreateAmtManager = function (parent) {
|
|||||||
dev.consoleMsg("Requesting 802.1x credentials for " + netAuthStrings[srvNetAuthProfile.authenticationprotocol] + " from MeshCentral Satellite...");
|
dev.consoleMsg("Requesting 802.1x credentials for " + netAuthStrings[srvNetAuthProfile.authenticationprotocol] + " from MeshCentral Satellite...");
|
||||||
dev.netAuthSatReqId = Buffer.from(parent.crypto.randomBytes(16), 'binary').toString('base64'); // Generate a crypto-secure request id.
|
dev.netAuthSatReqId = Buffer.from(parent.crypto.randomBytes(16), 'binary').toString('base64'); // Generate a crypto-secure request id.
|
||||||
dev.netAuthSatReqData = { domain: domain, wiredConfig: wiredConfig, wirelessConfig: wirelessConfig, devNetAuthProfile: devNetAuthProfile, srvNetAuthProfile: srvNetAuthProfile, profilesToAdd: profilesToAdd, prioritiesInUse: prioritiesInUse, responses: responses, xxCertificates: xxCertificates, xxCertPrivateKeys: xxCertPrivateKeys }
|
dev.netAuthSatReqData = { domain: domain, wiredConfig: wiredConfig, wirelessConfig: wirelessConfig, devNetAuthProfile: devNetAuthProfile, srvNetAuthProfile: srvNetAuthProfile, profilesToAdd: profilesToAdd, prioritiesInUse: prioritiesInUse, responses: responses, xxCertificates: xxCertificates, xxCertPrivateKeys: xxCertPrivateKeys }
|
||||||
parent.DispatchEvent([srvNetAuthProfile.satellitecredentials], obj, { action: 'satellite', subaction: '802.1x-ProFile-Request', satelliteFlags: 2, nodeid: dev.nodeid, icon: dev.icon, domain: dev.nodeid.split('/')[1], nolog: 1, reqid: dev.netAuthSatReqId, authProtocol: srvNetAuthProfile.authenticationprotocol, devname: dev.name, osname: dev.rname });
|
const request = { action: 'satellite', subaction: '802.1x-ProFile-Request', satelliteFlags: 2, nodeid: dev.nodeid, icon: dev.icon, domain: dev.nodeid.split('/')[1], nolog: 1, reqid: dev.netAuthSatReqId, authProtocol: srvNetAuthProfile.authenticationprotocol, devname: dev.name, osname: dev.rname };
|
||||||
|
if (netAuthClientCert != null) { request.cert = netAuthClientCert.X509Certificate; request.certid = netAuthClientCertInstanceId; }
|
||||||
|
parent.DispatchEvent([srvNetAuthProfile.satellitecredentials], obj, request);
|
||||||
|
|
||||||
// Set a response timeout
|
// Set a response timeout
|
||||||
const netAuthTimeoutFunc = function netAuthTimeout() {
|
const netAuthTimeoutFunc = function netAuthTimeout() {
|
||||||
@ -1621,6 +1646,7 @@ module.exports.CreateAmtManager = function (parent) {
|
|||||||
dev.consoleMsg("Setting MeshCentral Satellite 802.1x profile...");
|
dev.consoleMsg("Setting MeshCentral Satellite 802.1x profile...");
|
||||||
const netAuthSatReqData = dev.netAuthSatReqData;
|
const netAuthSatReqData = dev.netAuthSatReqData;
|
||||||
delete dev.netAuthSatReqData;
|
delete dev.netAuthSatReqData;
|
||||||
|
if (dev.netAuthCredentials.certid) { netAuthSatReqData.certInstanceId = dev.netAuthCredentials.certid; } // If we are reusing an existing certificate, set that now.
|
||||||
attempt8021xSyncEx(dev, netAuthSatReqData);
|
attempt8021xSyncEx(dev, netAuthSatReqData);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
@ -1,6 +1,6 @@
|
|||||||
{
|
{
|
||||||
"name": "meshcentral",
|
"name": "meshcentral",
|
||||||
"version": "1.0.2",
|
"version": "1.0.3",
|
||||||
"keywords": [
|
"keywords": [
|
||||||
"Remote Device Management",
|
"Remote Device Management",
|
||||||
"Remote Device Monitoring",
|
"Remote Device Monitoring",
|
||||||
|
2
public/scripts/amt-0.2.0-min.js
vendored
2
public/scripts/amt-0.2.0-min.js
vendored
File diff suppressed because one or more lines are too long
@ -57569,6 +57569,14 @@
|
|||||||
"login2.handlebars->centralTable->1->0->logincell->loginpanel->loginpanelform->authStrategies->auth-jumpcloud"
|
"login2.handlebars->centralTable->1->0->logincell->loginpanel->loginpanelform->authStrategies->auth-jumpcloud"
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
|
{
|
||||||
|
"en": "Sign-in using OpenID Connect",
|
||||||
|
"xloc": [
|
||||||
|
"login-mobile.handlebars->container->page_content->column_l->1->1->0->1->loginpanel->1->authStrategies->auth-oidc",
|
||||||
|
"login.handlebars->container->column_l->centralTable->1->0->logincell->loginpanel->1->authStrategies->auth-oidc",
|
||||||
|
"login2.handlebars->centralTable->1->0->logincell->loginpanel->loginpanelform->authStrategies->auth-oidc"
|
||||||
|
]
|
||||||
|
},
|
||||||
{
|
{
|
||||||
"cs": "Přihlaste se pomocí Redditu",
|
"cs": "Přihlaste se pomocí Redditu",
|
||||||
"da": "Log ind med Reddit",
|
"da": "Log ind med Reddit",
|
||||||
@ -71576,7 +71584,7 @@
|
|||||||
{
|
{
|
||||||
"en": "id, name, email, creation, lastlogin, groups, authfactors, siteadmin, useradmin, locked",
|
"en": "id, name, email, creation, lastlogin, groups, authfactors, siteadmin, useradmin, locked",
|
||||||
"nl": "id, naam, email, aangemaakt, laaste login, groeps, authfactors, siteadmin, useradmin, geblokkeerd",
|
"nl": "id, naam, email, aangemaakt, laaste login, groeps, authfactors, siteadmin, useradmin, geblokkeerd",
|
||||||
"pl": "id, nazwa, e-mail, tworzenie, ostatnie logowanie, grupy, opcje autentykacji, administrator, uużytkownik, blokada",
|
"pl": "id, nazwa, e-mail, tworzenie, ostatnie logowanie, grupy, opcje autentykacji, administrator, uużytkownik, blokada",
|
||||||
"xloc": [
|
"xloc": [
|
||||||
"default.handlebars->39->2394"
|
"default.handlebars->39->2394"
|
||||||
]
|
]
|
||||||
@ -74660,4 +74668,4 @@
|
|||||||
]
|
]
|
||||||
}
|
}
|
||||||
]
|
]
|
||||||
}
|
}
|
Loading…
Reference in New Issue
Block a user