add insecure flag to allow self-signed certs to work

This commit is contained in:
wh1te909 2023-08-24 12:17:52 -07:00
parent 0777195423
commit 90d0bbf020
8 changed files with 112 additions and 40 deletions

View File

@ -14,6 +14,7 @@ package agent
import ( import (
"bytes" "bytes"
"context" "context"
"crypto/tls"
"errors" "errors"
"fmt" "fmt"
"math" "math"
@ -73,6 +74,7 @@ type Agent struct {
NatsProxyPort string NatsProxyPort string
NatsPingInterval int NatsPingInterval int
NatsWSCompression bool NatsWSCompression bool
Insecure bool
} }
const ( const (
@ -125,12 +127,20 @@ func New(logger *logrus.Logger, version string) *Agent {
headers["Authorization"] = fmt.Sprintf("Token %s", ac.Token) headers["Authorization"] = fmt.Sprintf("Token %s", ac.Token)
} }
insecure := ac.Insecure == "true"
restyC := resty.New() restyC := resty.New()
restyC.SetBaseURL(ac.BaseURL) restyC.SetBaseURL(ac.BaseURL)
restyC.SetCloseConnection(true) restyC.SetCloseConnection(true)
restyC.SetHeaders(headers) restyC.SetHeaders(headers)
restyC.SetTimeout(15 * time.Second) restyC.SetTimeout(15 * time.Second)
restyC.SetDebug(logger.IsLevelEnabled(logrus.DebugLevel)) restyC.SetDebug(logger.IsLevelEnabled(logrus.DebugLevel))
if insecure {
insecureConf := &tls.Config{
InsecureSkipVerify: true,
}
restyC.SetTLSClientConfig(insecureConf)
}
if len(ac.Proxy) > 0 { if len(ac.Proxy) > 0 {
restyC.SetProxy(ac.Proxy) restyC.SetProxy(ac.Proxy)
@ -236,6 +246,7 @@ func New(logger *logrus.Logger, version string) *Agent {
NatsProxyPort: natsProxyPort, NatsProxyPort: natsProxyPort,
NatsPingInterval: natsPingInterval, NatsPingInterval: natsPingInterval,
NatsWSCompression: natsWsCompression, NatsWSCompression: natsWsCompression,
Insecure: insecure,
} }
} }
@ -477,6 +488,12 @@ func (a *Agent) setupNatsOptions() []nats.Option {
a.Logger.Errorln("NATS error:", err) a.Logger.Errorln("NATS error:", err)
a.Logger.Errorf("%+v\n", sub) a.Logger.Errorf("%+v\n", sub)
})) }))
if a.Insecure {
insecureConf := &tls.Config{
InsecureSkipVerify: true,
}
opts = append(opts, nats.Secure(insecureConf))
}
return opts return opts
} }

View File

@ -16,6 +16,7 @@ package agent
import ( import (
"bufio" "bufio"
"crypto/tls"
"errors" "errors"
"fmt" "fmt"
"os" "os"
@ -160,6 +161,7 @@ func NewAgentConfig() *rmm.AgentConfig {
NatsProxyPort: viper.GetString("natsproxyport"), NatsProxyPort: viper.GetString("natsproxyport"),
NatsStandardPort: viper.GetString("natsstandardport"), NatsStandardPort: viper.GetString("natsstandardport"),
NatsPingInterval: viper.GetInt("natspinginterval"), NatsPingInterval: viper.GetInt("natspinginterval"),
Insecure: viper.GetString("insecure"),
} }
return ret return ret
} }
@ -248,6 +250,12 @@ func (a *Agent) AgentUpdate(url, inno, version string) error {
if len(a.Proxy) > 0 { if len(a.Proxy) > 0 {
rClient.SetProxy(a.Proxy) rClient.SetProxy(a.Proxy)
} }
if a.Insecure {
insecureConf := &tls.Config{
InsecureSkipVerify: true,
}
rClient.SetTLSClientConfig(insecureConf)
}
r, err := rClient.R().SetOutput(f.Name()).Get(url) r, err := rClient.R().SetOutput(f.Name()).Get(url)
if err != nil { if err != nil {

View File

@ -14,6 +14,7 @@ package agent
import ( import (
"bytes" "bytes"
"context" "context"
"crypto/tls"
"errors" "errors"
"fmt" "fmt"
"os" "os"
@ -68,6 +69,7 @@ func NewAgentConfig() *rmm.AgentConfig {
natsStandardPort, _, _ := k.GetStringValue("NatsStandardPort") natsStandardPort, _, _ := k.GetStringValue("NatsStandardPort")
natsPingInterval, _, _ := k.GetStringValue("NatsPingInterval") natsPingInterval, _, _ := k.GetStringValue("NatsPingInterval")
npi, _ := strconv.Atoi(natsPingInterval) npi, _ := strconv.Atoi(natsPingInterval)
insecure, _, _ := k.GetStringValue("Insecure")
return &rmm.AgentConfig{ return &rmm.AgentConfig{
BaseURL: baseurl, BaseURL: baseurl,
@ -85,6 +87,7 @@ func NewAgentConfig() *rmm.AgentConfig {
NatsProxyPort: natsProxyPort, NatsProxyPort: natsProxyPort,
NatsStandardPort: natsStandardPort, NatsStandardPort: natsStandardPort,
NatsPingInterval: npi, NatsPingInterval: npi,
Insecure: insecure,
} }
} }
@ -615,6 +618,12 @@ func (a *Agent) AgentUpdate(url, inno, version string) error {
if len(a.Proxy) > 0 { if len(a.Proxy) > 0 {
rClient.SetProxy(a.Proxy) rClient.SetProxy(a.Proxy)
} }
if a.Insecure {
insecureConf := &tls.Config{
InsecureSkipVerify: true,
}
rClient.SetTLSClientConfig(insecureConf)
}
r, err := rClient.R().SetOutput(updater).Get(url) r, err := rClient.R().SetOutput(updater).Get(url)
if err != nil { if err != nil {
a.Logger.Errorln(err) a.Logger.Errorln(err)

View File

@ -12,6 +12,7 @@ https://license.tacticalrmm.com
package agent package agent
import ( import (
"crypto/tls"
"fmt" "fmt"
"io" "io"
"net/url" "net/url"
@ -47,6 +48,8 @@ type Installer struct {
NoMesh bool NoMesh bool
MeshDir string MeshDir string
MeshNodeID string MeshNodeID string
Insecure bool
NatsStandardPort string
} }
func (a *Agent) Install(i *Installer) { func (a *Agent) Install(i *Installer) {
@ -97,6 +100,14 @@ func (a *Agent) Install(i *Installer) {
iClient.SetProxy(i.Proxy) iClient.SetProxy(i.Proxy)
} }
insecureConf := &tls.Config{
InsecureSkipVerify: true,
}
if i.Insecure {
iClient.SetTLSClientConfig(insecureConf)
}
creds, cerr := iClient.R().Get(fmt.Sprintf("%s/api/v3/installer/", baseURL)) creds, cerr := iClient.R().Get(fmt.Sprintf("%s/api/v3/installer/", baseURL))
if cerr != nil { if cerr != nil {
a.installerMsg(cerr.Error(), "error", i.Silent) a.installerMsg(cerr.Error(), "error", i.Silent)
@ -133,6 +144,10 @@ func (a *Agent) Install(i *Installer) {
rClient.SetProxy(i.Proxy) rClient.SetProxy(i.Proxy)
} }
if i.Insecure {
rClient.SetTLSClientConfig(insecureConf)
}
var installerMeshSystemEXE string var installerMeshSystemEXE string
if len(i.MeshDir) > 0 { if len(i.MeshDir) > 0 {
installerMeshSystemEXE = filepath.Join(i.MeshDir, "MeshAgent.exe") installerMeshSystemEXE = filepath.Join(i.MeshDir, "MeshAgent.exe")
@ -230,7 +245,7 @@ func (a *Agent) Install(i *Installer) {
a.Logger.Debugln("Agent token:", agentToken) a.Logger.Debugln("Agent token:", agentToken)
a.Logger.Debugln("Agent PK:", agentPK) a.Logger.Debugln("Agent PK:", agentPK)
createAgentConfig(baseURL, a.AgentID, i.SaltMaster, agentToken, strconv.Itoa(agentPK), i.Cert, i.Proxy, i.MeshDir) createAgentConfig(baseURL, a.AgentID, i.SaltMaster, agentToken, strconv.Itoa(agentPK), i.Cert, i.Proxy, i.MeshDir, i.NatsStandardPort, i.Insecure)
time.Sleep(1 * time.Second) time.Sleep(1 * time.Second)
// refresh our agent with new values // refresh our agent with new values
a = New(a.Logger, a.Version) a = New(a.Logger, a.Version)

View File

@ -33,7 +33,7 @@ func (a *Agent) installerMsg(msg, alert string, silent bool) {
} }
} }
func createAgentConfig(baseurl, agentid, apiurl, token, agentpk, cert, proxy, meshdir string) { func createAgentConfig(baseurl, agentid, apiurl, token, agentpk, cert, proxy, meshdir, natsport string, insecure bool) {
viper.SetConfigType("json") viper.SetConfigType("json")
viper.Set("baseurl", baseurl) viper.Set("baseurl", baseurl)
viper.Set("agentid", agentid) viper.Set("agentid", agentid)
@ -43,6 +43,10 @@ func createAgentConfig(baseurl, agentid, apiurl, token, agentpk, cert, proxy, me
viper.Set("cert", cert) viper.Set("cert", cert)
viper.Set("proxy", proxy) viper.Set("proxy", proxy)
viper.Set("meshdir", meshdir) viper.Set("meshdir", meshdir)
viper.Set("natsstandardport", natsport)
if insecure {
viper.Set("insecure", "true")
}
viper.SetConfigPermissions(0660) viper.SetConfigPermissions(0660)
err := viper.SafeWriteConfigAs(etcConfig) err := viper.SafeWriteConfigAs(etcConfig)
if err != nil { if err != nil {

View File

@ -21,7 +21,7 @@ import (
"golang.org/x/sys/windows/registry" "golang.org/x/sys/windows/registry"
) )
func createAgentConfig(baseurl, agentid, apiurl, token, agentpk, cert, proxy, meshdir string) { func createAgentConfig(baseurl, agentid, apiurl, token, agentpk, cert, proxy, meshdir, natsport string, insecure bool) {
k, _, err := registry.CreateKey(registry.LOCAL_MACHINE, `SOFTWARE\TacticalRMM`, registry.ALL_ACCESS) k, _, err := registry.CreateKey(registry.LOCAL_MACHINE, `SOFTWARE\TacticalRMM`, registry.ALL_ACCESS)
if err != nil { if err != nil {
log.Fatalln("Error creating registry key:", err) log.Fatalln("Error creating registry key:", err)
@ -73,6 +73,20 @@ func createAgentConfig(baseurl, agentid, apiurl, token, agentpk, cert, proxy, me
log.Fatalln("Error creating MeshDir registry key:", err) log.Fatalln("Error creating MeshDir registry key:", err)
} }
} }
if len(natsport) > 0 {
err = k.SetStringValue("NatsStandardPort", natsport)
if err != nil {
log.Fatalln("Error creating NatsStandardPort registry key:", err)
}
}
if insecure {
err = k.SetStringValue("Insecure", "true")
if err != nil {
log.Fatalln("Error creating Insecure registry key:", err)
}
}
} }
func (a *Agent) checkExistingAndRemove(silent bool) { func (a *Agent) checkExistingAndRemove(silent bool) {

View File

@ -25,7 +25,7 @@ import (
) )
var ( var (
version = "2.4.11" version = "2.4.12-dev"
log = logrus.New() log = logrus.New()
logFile *os.File logFile *os.File
) )
@ -53,6 +53,8 @@ func main() {
cert := flag.String("cert", "", "Path to domain CA .pem") cert := flag.String("cert", "", "Path to domain CA .pem")
silent := flag.Bool("silent", false, "Do not popup any message boxes during installation") silent := flag.Bool("silent", false, "Do not popup any message boxes during installation")
proxy := flag.String("proxy", "", "Use a http proxy") proxy := flag.String("proxy", "", "Use a http proxy")
insecure := flag.Bool("insecure", false, "Insecure for testing only")
natsport := flag.String("natsport", "", "nats standard port")
flag.Parse() flag.Parse()
if *ver { if *ver {
@ -158,6 +160,8 @@ func main() {
NoMesh: *noMesh, NoMesh: *noMesh,
MeshDir: *meshDir, MeshDir: *meshDir,
MeshNodeID: *meshNodeID, MeshNodeID: *meshNodeID,
Insecure: *insecure,
NatsStandardPort: *natsport,
}) })
default: default:
agent.ShowStatus(version) agent.ShowStatus(version)

View File

@ -48,6 +48,7 @@ type AgentConfig struct {
NatsProxyPort string NatsProxyPort string
NatsStandardPort string NatsStandardPort string
NatsPingInterval int NatsPingInterval int
Insecure string
} }
type RunScriptResp struct { type RunScriptResp struct {