add insecure flag to allow self-signed certs to work

2023-08-24 12:17:52 -07:00 · 2023-08-24 12:17:52 -07:00 · 90d0bbf020
commit 90d0bbf020
parent 0777195423
8 changed files with 112 additions and 40 deletions
--- a/agent/agent.go
+++ b/agent/agent.go
@ -14,6 +14,7 @@ package agent
 import (
 	"bytes"
 	"context"
+	"crypto/tls"
 	"errors"
 	"fmt"
 	"math"
@ -73,6 +74,7 @@ type Agent struct {
 	NatsProxyPort      string
 	NatsPingInterval   int
 	NatsWSCompression  bool
+	Insecure           bool
 }

 const (
@ -125,12 +127,20 @@ func New(logger *logrus.Logger, version string) *Agent {
 		headers["Authorization"] = fmt.Sprintf("Token %s", ac.Token)
 	}

+	insecure := ac.Insecure == "true"
+
 	restyC := resty.New()
 	restyC.SetBaseURL(ac.BaseURL)
 	restyC.SetCloseConnection(true)
 	restyC.SetHeaders(headers)
 	restyC.SetTimeout(15 * time.Second)
 	restyC.SetDebug(logger.IsLevelEnabled(logrus.DebugLevel))
+	if insecure {
+		insecureConf := &tls.Config{
+			InsecureSkipVerify: true,
+		}
+		restyC.SetTLSClientConfig(insecureConf)
+	}

 	if len(ac.Proxy) > 0 {
 		restyC.SetProxy(ac.Proxy)
@ -236,6 +246,7 @@ func New(logger *logrus.Logger, version string) *Agent {
 		NatsProxyPort:      natsProxyPort,
 		NatsPingInterval:   natsPingInterval,
 		NatsWSCompression:  natsWsCompression,
+		Insecure:           insecure,
 	}
 }

@ -477,6 +488,12 @@ func (a *Agent) setupNatsOptions() []nats.Option {
 		a.Logger.Errorln("NATS error:", err)
 		a.Logger.Errorf("%+v\n", sub)
 	}))
+	if a.Insecure {
+		insecureConf := &tls.Config{
+			InsecureSkipVerify: true,
+		}
+		opts = append(opts, nats.Secure(insecureConf))
+	}
 	return opts
 }

--- a/agent/agent_unix.go
+++ b/agent/agent_unix.go
@ -16,6 +16,7 @@ package agent

 import (
 	"bufio"
+	"crypto/tls"
 	"errors"
 	"fmt"
 	"os"
@ -160,6 +161,7 @@ func NewAgentConfig() *rmm.AgentConfig {
 		NatsProxyPort:    viper.GetString("natsproxyport"),
 		NatsStandardPort: viper.GetString("natsstandardport"),
 		NatsPingInterval: viper.GetInt("natspinginterval"),
+		Insecure:         viper.GetString("insecure"),
 	}
 	return ret
 }
@ -248,6 +250,12 @@ func (a *Agent) AgentUpdate(url, inno, version string) error {
 	if len(a.Proxy) > 0 {
 		rClient.SetProxy(a.Proxy)
 	}
+	if a.Insecure {
+		insecureConf := &tls.Config{
+			InsecureSkipVerify: true,
+		}
+		rClient.SetTLSClientConfig(insecureConf)
+	}

 	r, err := rClient.R().SetOutput(f.Name()).Get(url)
 	if err != nil {
--- a/agent/agent_windows.go
+++ b/agent/agent_windows.go
@ -14,6 +14,7 @@ package agent
 import (
 	"bytes"
 	"context"
+	"crypto/tls"
 	"errors"
 	"fmt"
 	"os"
@ -68,6 +69,7 @@ func NewAgentConfig() *rmm.AgentConfig {
 	natsStandardPort, _, _ := k.GetStringValue("NatsStandardPort")
 	natsPingInterval, _, _ := k.GetStringValue("NatsPingInterval")
 	npi, _ := strconv.Atoi(natsPingInterval)
+	insecure, _, _ := k.GetStringValue("Insecure")

 	return &rmm.AgentConfig{
 		BaseURL:            baseurl,
@ -85,6 +87,7 @@ func NewAgentConfig() *rmm.AgentConfig {
 		NatsProxyPort:      natsProxyPort,
 		NatsStandardPort:   natsStandardPort,
 		NatsPingInterval:   npi,
+		Insecure:           insecure,
 	}
 }

@ -615,6 +618,12 @@ func (a *Agent) AgentUpdate(url, inno, version string) error {
 	if len(a.Proxy) > 0 {
 		rClient.SetProxy(a.Proxy)
 	}
+	if a.Insecure {
+		insecureConf := &tls.Config{
+			InsecureSkipVerify: true,
+		}
+		rClient.SetTLSClientConfig(insecureConf)
+	}
 	r, err := rClient.R().SetOutput(updater).Get(url)
 	if err != nil {
 		a.Logger.Errorln(err)
--- a/agent/install.go
+++ b/agent/install.go
@ -12,6 +12,7 @@ https://license.tacticalrmm.com
 package agent

 import (
+	"crypto/tls"
 	"fmt"
 	"io"
 	"net/url"
@ -47,6 +48,8 @@ type Installer struct {
 	NoMesh           bool
 	MeshDir          string
 	MeshNodeID       string
+	Insecure         bool
+	NatsStandardPort string
 }

 func (a *Agent) Install(i *Installer) {
@ -97,6 +100,14 @@ func (a *Agent) Install(i *Installer) {
 		iClient.SetProxy(i.Proxy)
 	}

+	insecureConf := &tls.Config{
+		InsecureSkipVerify: true,
+	}
+
+	if i.Insecure {
+		iClient.SetTLSClientConfig(insecureConf)
+	}
+
 	creds, cerr := iClient.R().Get(fmt.Sprintf("%s/api/v3/installer/", baseURL))
 	if cerr != nil {
 		a.installerMsg(cerr.Error(), "error", i.Silent)
@ -133,6 +144,10 @@ func (a *Agent) Install(i *Installer) {
 		rClient.SetProxy(i.Proxy)
 	}

+	if i.Insecure {
+		rClient.SetTLSClientConfig(insecureConf)
+	}
+
 	var installerMeshSystemEXE string
 	if len(i.MeshDir) > 0 {
 		installerMeshSystemEXE = filepath.Join(i.MeshDir, "MeshAgent.exe")
@ -230,7 +245,7 @@ func (a *Agent) Install(i *Installer) {
 	a.Logger.Debugln("Agent token:", agentToken)
 	a.Logger.Debugln("Agent PK:", agentPK)

-	createAgentConfig(baseURL, a.AgentID, i.SaltMaster, agentToken, strconv.Itoa(agentPK), i.Cert, i.Proxy, i.MeshDir)
+	createAgentConfig(baseURL, a.AgentID, i.SaltMaster, agentToken, strconv.Itoa(agentPK), i.Cert, i.Proxy, i.MeshDir, i.NatsStandardPort, i.Insecure)
 	time.Sleep(1 * time.Second)
 	// refresh our agent with new values
 	a = New(a.Logger, a.Version)
--- a/agent/install_unix.go
+++ b/agent/install_unix.go
@ -33,7 +33,7 @@ func (a *Agent) installerMsg(msg, alert string, silent bool) {
 	}
 }

-func createAgentConfig(baseurl, agentid, apiurl, token, agentpk, cert, proxy, meshdir string) {
+func createAgentConfig(baseurl, agentid, apiurl, token, agentpk, cert, proxy, meshdir, natsport string, insecure bool) {
 	viper.SetConfigType("json")
 	viper.Set("baseurl", baseurl)
 	viper.Set("agentid", agentid)
@ -43,6 +43,10 @@ func createAgentConfig(baseurl, agentid, apiurl, token, agentpk, cert, proxy, me
 	viper.Set("cert", cert)
 	viper.Set("proxy", proxy)
 	viper.Set("meshdir", meshdir)
+	viper.Set("natsstandardport", natsport)
+	if insecure {
+		viper.Set("insecure", "true")
+	}
 	viper.SetConfigPermissions(0660)
 	err := viper.SafeWriteConfigAs(etcConfig)
 	if err != nil {
--- a/agent/install_windows.go
+++ b/agent/install_windows.go
@ -21,7 +21,7 @@ import (
 	"golang.org/x/sys/windows/registry"
 )

-func createAgentConfig(baseurl, agentid, apiurl, token, agentpk, cert, proxy, meshdir string) {
+func createAgentConfig(baseurl, agentid, apiurl, token, agentpk, cert, proxy, meshdir, natsport string, insecure bool) {
 	k, _, err := registry.CreateKey(registry.LOCAL_MACHINE, `SOFTWARE\TacticalRMM`, registry.ALL_ACCESS)
 	if err != nil {
 		log.Fatalln("Error creating registry key:", err)
@ -73,6 +73,20 @@ func createAgentConfig(baseurl, agentid, apiurl, token, agentpk, cert, proxy, me
 			log.Fatalln("Error creating MeshDir registry key:", err)
 		}
 	}
+
+	if len(natsport) > 0 {
+		err = k.SetStringValue("NatsStandardPort", natsport)
+		if err != nil {
+			log.Fatalln("Error creating NatsStandardPort registry key:", err)
+		}
+	}
+
+	if insecure {
+		err = k.SetStringValue("Insecure", "true")
+		if err != nil {
+			log.Fatalln("Error creating Insecure registry key:", err)
+		}
+	}
 }

 func (a *Agent) checkExistingAndRemove(silent bool) {
--- a/main.go
+++ b/main.go
@ -25,7 +25,7 @@ import (
 )

 var (
-	version = "2.4.11"
+	version = "2.4.12-dev"
 	log     = logrus.New()
 	logFile *os.File
 )
@ -53,6 +53,8 @@ func main() {
 	cert := flag.String("cert", "", "Path to domain CA .pem")
 	silent := flag.Bool("silent", false, "Do not popup any message boxes during installation")
 	proxy := flag.String("proxy", "", "Use a http proxy")
+	insecure := flag.Bool("insecure", false, "Insecure for testing only")
+	natsport := flag.String("natsport", "", "nats standard port")
 	flag.Parse()

 	if *ver {
@ -158,6 +160,8 @@ func main() {
 			NoMesh:           *noMesh,
 			MeshDir:          *meshDir,
 			MeshNodeID:       *meshNodeID,
+			Insecure:         *insecure,
+			NatsStandardPort: *natsport,
 		})
 	default:
 		agent.ShowStatus(version)
--- a/shared/types.go
+++ b/shared/types.go
@ -48,6 +48,7 @@ type AgentConfig struct {
 	NatsProxyPort      string
 	NatsStandardPort   string
 	NatsPingInterval   int
+	Insecure           string
 }

 type RunScriptResp struct {