add insecure flag to allow self-signed certs to work

This commit is contained in:
wh1te909 2023-08-24 12:17:52 -07:00
parent 0777195423
commit 90d0bbf020
8 changed files with 112 additions and 40 deletions

View File

@ -14,6 +14,7 @@ package agent
import ( import (
"bytes" "bytes"
"context" "context"
"crypto/tls"
"errors" "errors"
"fmt" "fmt"
"math" "math"
@ -73,6 +74,7 @@ type Agent struct {
NatsProxyPort string NatsProxyPort string
NatsPingInterval int NatsPingInterval int
NatsWSCompression bool NatsWSCompression bool
Insecure bool
} }
const ( const (
@ -125,12 +127,20 @@ func New(logger *logrus.Logger, version string) *Agent {
headers["Authorization"] = fmt.Sprintf("Token %s", ac.Token) headers["Authorization"] = fmt.Sprintf("Token %s", ac.Token)
} }
insecure := ac.Insecure == "true"
restyC := resty.New() restyC := resty.New()
restyC.SetBaseURL(ac.BaseURL) restyC.SetBaseURL(ac.BaseURL)
restyC.SetCloseConnection(true) restyC.SetCloseConnection(true)
restyC.SetHeaders(headers) restyC.SetHeaders(headers)
restyC.SetTimeout(15 * time.Second) restyC.SetTimeout(15 * time.Second)
restyC.SetDebug(logger.IsLevelEnabled(logrus.DebugLevel)) restyC.SetDebug(logger.IsLevelEnabled(logrus.DebugLevel))
if insecure {
insecureConf := &tls.Config{
InsecureSkipVerify: true,
}
restyC.SetTLSClientConfig(insecureConf)
}
if len(ac.Proxy) > 0 { if len(ac.Proxy) > 0 {
restyC.SetProxy(ac.Proxy) restyC.SetProxy(ac.Proxy)
@ -236,6 +246,7 @@ func New(logger *logrus.Logger, version string) *Agent {
NatsProxyPort: natsProxyPort, NatsProxyPort: natsProxyPort,
NatsPingInterval: natsPingInterval, NatsPingInterval: natsPingInterval,
NatsWSCompression: natsWsCompression, NatsWSCompression: natsWsCompression,
Insecure: insecure,
} }
} }
@ -477,6 +488,12 @@ func (a *Agent) setupNatsOptions() []nats.Option {
a.Logger.Errorln("NATS error:", err) a.Logger.Errorln("NATS error:", err)
a.Logger.Errorf("%+v\n", sub) a.Logger.Errorf("%+v\n", sub)
})) }))
if a.Insecure {
insecureConf := &tls.Config{
InsecureSkipVerify: true,
}
opts = append(opts, nats.Secure(insecureConf))
}
return opts return opts
} }

View File

@ -16,6 +16,7 @@ package agent
import ( import (
"bufio" "bufio"
"crypto/tls"
"errors" "errors"
"fmt" "fmt"
"os" "os"
@ -160,6 +161,7 @@ func NewAgentConfig() *rmm.AgentConfig {
NatsProxyPort: viper.GetString("natsproxyport"), NatsProxyPort: viper.GetString("natsproxyport"),
NatsStandardPort: viper.GetString("natsstandardport"), NatsStandardPort: viper.GetString("natsstandardport"),
NatsPingInterval: viper.GetInt("natspinginterval"), NatsPingInterval: viper.GetInt("natspinginterval"),
Insecure: viper.GetString("insecure"),
} }
return ret return ret
} }
@ -248,6 +250,12 @@ func (a *Agent) AgentUpdate(url, inno, version string) error {
if len(a.Proxy) > 0 { if len(a.Proxy) > 0 {
rClient.SetProxy(a.Proxy) rClient.SetProxy(a.Proxy)
} }
if a.Insecure {
insecureConf := &tls.Config{
InsecureSkipVerify: true,
}
rClient.SetTLSClientConfig(insecureConf)
}
r, err := rClient.R().SetOutput(f.Name()).Get(url) r, err := rClient.R().SetOutput(f.Name()).Get(url)
if err != nil { if err != nil {

View File

@ -14,6 +14,7 @@ package agent
import ( import (
"bytes" "bytes"
"context" "context"
"crypto/tls"
"errors" "errors"
"fmt" "fmt"
"os" "os"
@ -68,6 +69,7 @@ func NewAgentConfig() *rmm.AgentConfig {
natsStandardPort, _, _ := k.GetStringValue("NatsStandardPort") natsStandardPort, _, _ := k.GetStringValue("NatsStandardPort")
natsPingInterval, _, _ := k.GetStringValue("NatsPingInterval") natsPingInterval, _, _ := k.GetStringValue("NatsPingInterval")
npi, _ := strconv.Atoi(natsPingInterval) npi, _ := strconv.Atoi(natsPingInterval)
insecure, _, _ := k.GetStringValue("Insecure")
return &rmm.AgentConfig{ return &rmm.AgentConfig{
BaseURL: baseurl, BaseURL: baseurl,
@ -85,6 +87,7 @@ func NewAgentConfig() *rmm.AgentConfig {
NatsProxyPort: natsProxyPort, NatsProxyPort: natsProxyPort,
NatsStandardPort: natsStandardPort, NatsStandardPort: natsStandardPort,
NatsPingInterval: npi, NatsPingInterval: npi,
Insecure: insecure,
} }
} }
@ -615,6 +618,12 @@ func (a *Agent) AgentUpdate(url, inno, version string) error {
if len(a.Proxy) > 0 { if len(a.Proxy) > 0 {
rClient.SetProxy(a.Proxy) rClient.SetProxy(a.Proxy)
} }
if a.Insecure {
insecureConf := &tls.Config{
InsecureSkipVerify: true,
}
rClient.SetTLSClientConfig(insecureConf)
}
r, err := rClient.R().SetOutput(updater).Get(url) r, err := rClient.R().SetOutput(updater).Get(url)
if err != nil { if err != nil {
a.Logger.Errorln(err) a.Logger.Errorln(err)

View File

@ -12,6 +12,7 @@ https://license.tacticalrmm.com
package agent package agent
import ( import (
"crypto/tls"
"fmt" "fmt"
"io" "io"
"net/url" "net/url"
@ -28,25 +29,27 @@ import (
) )
type Installer struct { type Installer struct {
Headers map[string]string Headers map[string]string
RMM string RMM string
ClientID int ClientID int
SiteID int SiteID int
Description string Description string
AgentType string AgentType string
Power bool Power bool
RDP bool RDP bool
Ping bool Ping bool
Token string Token string
LocalMesh string LocalMesh string
Cert string Cert string
Proxy string Proxy string
Timeout time.Duration Timeout time.Duration
SaltMaster string SaltMaster string
Silent bool Silent bool
NoMesh bool NoMesh bool
MeshDir string MeshDir string
MeshNodeID string MeshNodeID string
Insecure bool
NatsStandardPort string
} }
func (a *Agent) Install(i *Installer) { func (a *Agent) Install(i *Installer) {
@ -97,6 +100,14 @@ func (a *Agent) Install(i *Installer) {
iClient.SetProxy(i.Proxy) iClient.SetProxy(i.Proxy)
} }
insecureConf := &tls.Config{
InsecureSkipVerify: true,
}
if i.Insecure {
iClient.SetTLSClientConfig(insecureConf)
}
creds, cerr := iClient.R().Get(fmt.Sprintf("%s/api/v3/installer/", baseURL)) creds, cerr := iClient.R().Get(fmt.Sprintf("%s/api/v3/installer/", baseURL))
if cerr != nil { if cerr != nil {
a.installerMsg(cerr.Error(), "error", i.Silent) a.installerMsg(cerr.Error(), "error", i.Silent)
@ -133,6 +144,10 @@ func (a *Agent) Install(i *Installer) {
rClient.SetProxy(i.Proxy) rClient.SetProxy(i.Proxy)
} }
if i.Insecure {
rClient.SetTLSClientConfig(insecureConf)
}
var installerMeshSystemEXE string var installerMeshSystemEXE string
if len(i.MeshDir) > 0 { if len(i.MeshDir) > 0 {
installerMeshSystemEXE = filepath.Join(i.MeshDir, "MeshAgent.exe") installerMeshSystemEXE = filepath.Join(i.MeshDir, "MeshAgent.exe")
@ -230,7 +245,7 @@ func (a *Agent) Install(i *Installer) {
a.Logger.Debugln("Agent token:", agentToken) a.Logger.Debugln("Agent token:", agentToken)
a.Logger.Debugln("Agent PK:", agentPK) a.Logger.Debugln("Agent PK:", agentPK)
createAgentConfig(baseURL, a.AgentID, i.SaltMaster, agentToken, strconv.Itoa(agentPK), i.Cert, i.Proxy, i.MeshDir) createAgentConfig(baseURL, a.AgentID, i.SaltMaster, agentToken, strconv.Itoa(agentPK), i.Cert, i.Proxy, i.MeshDir, i.NatsStandardPort, i.Insecure)
time.Sleep(1 * time.Second) time.Sleep(1 * time.Second)
// refresh our agent with new values // refresh our agent with new values
a = New(a.Logger, a.Version) a = New(a.Logger, a.Version)

View File

@ -33,7 +33,7 @@ func (a *Agent) installerMsg(msg, alert string, silent bool) {
} }
} }
func createAgentConfig(baseurl, agentid, apiurl, token, agentpk, cert, proxy, meshdir string) { func createAgentConfig(baseurl, agentid, apiurl, token, agentpk, cert, proxy, meshdir, natsport string, insecure bool) {
viper.SetConfigType("json") viper.SetConfigType("json")
viper.Set("baseurl", baseurl) viper.Set("baseurl", baseurl)
viper.Set("agentid", agentid) viper.Set("agentid", agentid)
@ -43,6 +43,10 @@ func createAgentConfig(baseurl, agentid, apiurl, token, agentpk, cert, proxy, me
viper.Set("cert", cert) viper.Set("cert", cert)
viper.Set("proxy", proxy) viper.Set("proxy", proxy)
viper.Set("meshdir", meshdir) viper.Set("meshdir", meshdir)
viper.Set("natsstandardport", natsport)
if insecure {
viper.Set("insecure", "true")
}
viper.SetConfigPermissions(0660) viper.SetConfigPermissions(0660)
err := viper.SafeWriteConfigAs(etcConfig) err := viper.SafeWriteConfigAs(etcConfig)
if err != nil { if err != nil {

View File

@ -21,7 +21,7 @@ import (
"golang.org/x/sys/windows/registry" "golang.org/x/sys/windows/registry"
) )
func createAgentConfig(baseurl, agentid, apiurl, token, agentpk, cert, proxy, meshdir string) { func createAgentConfig(baseurl, agentid, apiurl, token, agentpk, cert, proxy, meshdir, natsport string, insecure bool) {
k, _, err := registry.CreateKey(registry.LOCAL_MACHINE, `SOFTWARE\TacticalRMM`, registry.ALL_ACCESS) k, _, err := registry.CreateKey(registry.LOCAL_MACHINE, `SOFTWARE\TacticalRMM`, registry.ALL_ACCESS)
if err != nil { if err != nil {
log.Fatalln("Error creating registry key:", err) log.Fatalln("Error creating registry key:", err)
@ -73,6 +73,20 @@ func createAgentConfig(baseurl, agentid, apiurl, token, agentpk, cert, proxy, me
log.Fatalln("Error creating MeshDir registry key:", err) log.Fatalln("Error creating MeshDir registry key:", err)
} }
} }
if len(natsport) > 0 {
err = k.SetStringValue("NatsStandardPort", natsport)
if err != nil {
log.Fatalln("Error creating NatsStandardPort registry key:", err)
}
}
if insecure {
err = k.SetStringValue("Insecure", "true")
if err != nil {
log.Fatalln("Error creating Insecure registry key:", err)
}
}
} }
func (a *Agent) checkExistingAndRemove(silent bool) { func (a *Agent) checkExistingAndRemove(silent bool) {

40
main.go
View File

@ -25,7 +25,7 @@ import (
) )
var ( var (
version = "2.4.11" version = "2.4.12-dev"
log = logrus.New() log = logrus.New()
logFile *os.File logFile *os.File
) )
@ -53,6 +53,8 @@ func main() {
cert := flag.String("cert", "", "Path to domain CA .pem") cert := flag.String("cert", "", "Path to domain CA .pem")
silent := flag.Bool("silent", false, "Do not popup any message boxes during installation") silent := flag.Bool("silent", false, "Do not popup any message boxes during installation")
proxy := flag.String("proxy", "", "Use a http proxy") proxy := flag.String("proxy", "", "Use a http proxy")
insecure := flag.Bool("insecure", false, "Insecure for testing only")
natsport := flag.String("natsport", "", "nats standard port")
flag.Parse() flag.Parse()
if *ver { if *ver {
@ -141,23 +143,25 @@ func main() {
return return
} }
a.Install(&agent.Installer{ a.Install(&agent.Installer{
RMM: *api, RMM: *api,
ClientID: *clientID, ClientID: *clientID,
SiteID: *siteID, SiteID: *siteID,
Description: *desc, Description: *desc,
AgentType: *atype, AgentType: *atype,
Power: *power, Power: *power,
RDP: *rdp, RDP: *rdp,
Ping: *ping, Ping: *ping,
Token: *token, Token: *token,
LocalMesh: *localMesh, LocalMesh: *localMesh,
Cert: *cert, Cert: *cert,
Proxy: *proxy, Proxy: *proxy,
Timeout: *timeout, Timeout: *timeout,
Silent: *silent, Silent: *silent,
NoMesh: *noMesh, NoMesh: *noMesh,
MeshDir: *meshDir, MeshDir: *meshDir,
MeshNodeID: *meshNodeID, MeshNodeID: *meshNodeID,
Insecure: *insecure,
NatsStandardPort: *natsport,
}) })
default: default:
agent.ShowStatus(version) agent.ShowStatus(version)

View File

@ -48,6 +48,7 @@ type AgentConfig struct {
NatsProxyPort string NatsProxyPort string
NatsStandardPort string NatsStandardPort string
NatsPingInterval int NatsPingInterval int
Insecure string
} }
type RunScriptResp struct { type RunScriptResp struct {