Ylianst/MeshCentral
1
0
Fork 0
mirror of https://github.com/Ylianst/MeshCentral.git synced 2024-09-11 08:55:32 +03:00
Code Issues Packages Projects Releases Wiki Activity

Improved MeshCmd error messages.

Browse Source
This commit is contained in:
Ylian Saint-Hilaire 2021-05-25 22:30:33 -07:00
parent 17437467a1
commit f73c5d2a12
4 changed files with 99 additions and 80 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

BIN
agents/MeshCmd-signed.exe
View File

Binary file not shown.

BIN
agents/MeshCmd64-signed.exe
View File

Binary file not shown.

8
agents/meshcmd.js
View File

@ -2034,7 +2034,13 @@ function OnServerWebSocket(msg, s, head) {
} else {
console.log("Login token required, use --token [token].");
}
} else { console.log("Invalid username or password."); }
} else if (command.msg == 'badtlscert') {
console.log("Invalid TLS certificate detected.");
} else if (command.msg == 'badargs') {
console.log("Invalid protocol arguments.");
} else {
console.log("Invalid username/password.");
}
} else { console.log("Server disconnected: " + command.msg); }
process.exit(1);
return;

21
webserver.js
View File

@ -6048,12 +6048,20 @@ module.exports.CreateWebServer = function (parent, db, args, certificates) {
switch (command.action) {
case 'serverAuth': { // This command is used to perform server "inner" authentication.
if (obj.common.validateString(command.cnonce, 1, 256) == false) break; // Check the client nonce
if (obj.common.validateString(command.tlshash, 1, 512) == false) break; // Check the TLS hash
// Check the client nonce and TLS hash
if ((obj.common.validateString(command.cnonce, 1, 256) == false) || (obj.common.validateString(command.tlshash, 1, 512) == false)) {
try { ws.send(JSON.stringify({ action: 'close', cause: 'noauth', msg: 'badargs' })); } catch (ex) { }
try { ws.close(); } catch (ex) { }
break;
}
// Check that the TLS hash is an acceptable one.
var h = Buffer.from(command.tlshash, 'hex').toString('binary');
if ((obj.webCertificateHashs[domain.id] != h) && (obj.webCertificateFullHashs[domain.id] != h) && (obj.defaultWebCertificateHash != h) && (obj.defaultWebCertificateFullHash != h)) { try { ws.close(); } catch (ex) { } return; }
if ((obj.webCertificateHashs[domain.id] != h) && (obj.webCertificateFullHashs[domain.id] != h) && (obj.defaultWebCertificateHash != h) && (obj.defaultWebCertificateFullHash != h)) {
try { ws.send(JSON.stringify({ action: 'close', cause: 'noauth', msg: 'badtlscert' })); } catch (ex) { }
try { ws.close(); } catch (ex) { }
return;
}
// TLS hash check is a success, sign the request.
// Perform the hash signature using the server agent certificate
@ -6069,6 +6077,11 @@ module.exports.CreateWebServer = function (parent, db, args, certificates) {
// Check username and password authentication
if ((typeof command.username == 'string') && (typeof command.password == 'string')) {
obj.authenticate(Buffer.from(command.username, 'base64').toString(), Buffer.from(command.password, 'base64').toString(), domain, function (err, userid, passhint, loginOptions) {
if ((err != null) || (userid == null)) {
// Invalid authentication
try { ws.send(JSON.stringify({ action: 'close', cause: 'noauth', msg: 'noauth-2c' })); } catch (ex) { }
try { ws.close(); } catch (ex) { }
} else {
var user = obj.users[userid];
if ((err == null) && (user)) {
// Check if a 2nd factor is needed
@ -6151,7 +6164,7 @@ module.exports.CreateWebServer = function (parent, db, args, certificates) {
func(ws, req, domain, user);
}
}
}
}
});
} else {