add insecure flag to allow self-signed certs to work

This commit is contained in:
wh1te909 2023-08-24 12:17:52 -07:00
parent 0777195423
commit 90d0bbf020
8 changed files with 112 additions and 40 deletions

View File

@ -14,6 +14,7 @@ package agent
import (
"bytes"
"context"
"crypto/tls"
"errors"
"fmt"
"math"
@ -73,6 +74,7 @@ type Agent struct {
NatsProxyPort string
NatsPingInterval int
NatsWSCompression bool
Insecure bool
}
const (
@ -125,12 +127,20 @@ func New(logger *logrus.Logger, version string) *Agent {
headers["Authorization"] = fmt.Sprintf("Token %s", ac.Token)
}
insecure := ac.Insecure == "true"
restyC := resty.New()
restyC.SetBaseURL(ac.BaseURL)
restyC.SetCloseConnection(true)
restyC.SetHeaders(headers)
restyC.SetTimeout(15 * time.Second)
restyC.SetDebug(logger.IsLevelEnabled(logrus.DebugLevel))
if insecure {
insecureConf := &tls.Config{
InsecureSkipVerify: true,
}
restyC.SetTLSClientConfig(insecureConf)
}
if len(ac.Proxy) > 0 {
restyC.SetProxy(ac.Proxy)
@ -236,6 +246,7 @@ func New(logger *logrus.Logger, version string) *Agent {
NatsProxyPort: natsProxyPort,
NatsPingInterval: natsPingInterval,
NatsWSCompression: natsWsCompression,
Insecure: insecure,
}
}
@ -477,6 +488,12 @@ func (a *Agent) setupNatsOptions() []nats.Option {
a.Logger.Errorln("NATS error:", err)
a.Logger.Errorf("%+v\n", sub)
}))
if a.Insecure {
insecureConf := &tls.Config{
InsecureSkipVerify: true,
}
opts = append(opts, nats.Secure(insecureConf))
}
return opts
}

View File

@ -16,6 +16,7 @@ package agent
import (
"bufio"
"crypto/tls"
"errors"
"fmt"
"os"
@ -160,6 +161,7 @@ func NewAgentConfig() *rmm.AgentConfig {
NatsProxyPort: viper.GetString("natsproxyport"),
NatsStandardPort: viper.GetString("natsstandardport"),
NatsPingInterval: viper.GetInt("natspinginterval"),
Insecure: viper.GetString("insecure"),
}
return ret
}
@ -248,6 +250,12 @@ func (a *Agent) AgentUpdate(url, inno, version string) error {
if len(a.Proxy) > 0 {
rClient.SetProxy(a.Proxy)
}
if a.Insecure {
insecureConf := &tls.Config{
InsecureSkipVerify: true,
}
rClient.SetTLSClientConfig(insecureConf)
}
r, err := rClient.R().SetOutput(f.Name()).Get(url)
if err != nil {

View File

@ -14,6 +14,7 @@ package agent
import (
"bytes"
"context"
"crypto/tls"
"errors"
"fmt"
"os"
@ -68,6 +69,7 @@ func NewAgentConfig() *rmm.AgentConfig {
natsStandardPort, _, _ := k.GetStringValue("NatsStandardPort")
natsPingInterval, _, _ := k.GetStringValue("NatsPingInterval")
npi, _ := strconv.Atoi(natsPingInterval)
insecure, _, _ := k.GetStringValue("Insecure")
return &rmm.AgentConfig{
BaseURL: baseurl,
@ -85,6 +87,7 @@ func NewAgentConfig() *rmm.AgentConfig {
NatsProxyPort: natsProxyPort,
NatsStandardPort: natsStandardPort,
NatsPingInterval: npi,
Insecure: insecure,
}
}
@ -615,6 +618,12 @@ func (a *Agent) AgentUpdate(url, inno, version string) error {
if len(a.Proxy) > 0 {
rClient.SetProxy(a.Proxy)
}
if a.Insecure {
insecureConf := &tls.Config{
InsecureSkipVerify: true,
}
rClient.SetTLSClientConfig(insecureConf)
}
r, err := rClient.R().SetOutput(updater).Get(url)
if err != nil {
a.Logger.Errorln(err)

View File

@ -12,6 +12,7 @@ https://license.tacticalrmm.com
package agent
import (
"crypto/tls"
"fmt"
"io"
"net/url"
@ -28,25 +29,27 @@ import (
)
type Installer struct {
Headers map[string]string
RMM string
ClientID int
SiteID int
Description string
AgentType string
Power bool
RDP bool
Ping bool
Token string
LocalMesh string
Cert string
Proxy string
Timeout time.Duration
SaltMaster string
Silent bool
NoMesh bool
MeshDir string
MeshNodeID string
Headers map[string]string
RMM string
ClientID int
SiteID int
Description string
AgentType string
Power bool
RDP bool
Ping bool
Token string
LocalMesh string
Cert string
Proxy string
Timeout time.Duration
SaltMaster string
Silent bool
NoMesh bool
MeshDir string
MeshNodeID string
Insecure bool
NatsStandardPort string
}
func (a *Agent) Install(i *Installer) {
@ -97,6 +100,14 @@ func (a *Agent) Install(i *Installer) {
iClient.SetProxy(i.Proxy)
}
insecureConf := &tls.Config{
InsecureSkipVerify: true,
}
if i.Insecure {
iClient.SetTLSClientConfig(insecureConf)
}
creds, cerr := iClient.R().Get(fmt.Sprintf("%s/api/v3/installer/", baseURL))
if cerr != nil {
a.installerMsg(cerr.Error(), "error", i.Silent)
@ -133,6 +144,10 @@ func (a *Agent) Install(i *Installer) {
rClient.SetProxy(i.Proxy)
}
if i.Insecure {
rClient.SetTLSClientConfig(insecureConf)
}
var installerMeshSystemEXE string
if len(i.MeshDir) > 0 {
installerMeshSystemEXE = filepath.Join(i.MeshDir, "MeshAgent.exe")
@ -230,7 +245,7 @@ func (a *Agent) Install(i *Installer) {
a.Logger.Debugln("Agent token:", agentToken)
a.Logger.Debugln("Agent PK:", agentPK)
createAgentConfig(baseURL, a.AgentID, i.SaltMaster, agentToken, strconv.Itoa(agentPK), i.Cert, i.Proxy, i.MeshDir)
createAgentConfig(baseURL, a.AgentID, i.SaltMaster, agentToken, strconv.Itoa(agentPK), i.Cert, i.Proxy, i.MeshDir, i.NatsStandardPort, i.Insecure)
time.Sleep(1 * time.Second)
// refresh our agent with new values
a = New(a.Logger, a.Version)

View File

@ -33,7 +33,7 @@ func (a *Agent) installerMsg(msg, alert string, silent bool) {
}
}
func createAgentConfig(baseurl, agentid, apiurl, token, agentpk, cert, proxy, meshdir string) {
func createAgentConfig(baseurl, agentid, apiurl, token, agentpk, cert, proxy, meshdir, natsport string, insecure bool) {
viper.SetConfigType("json")
viper.Set("baseurl", baseurl)
viper.Set("agentid", agentid)
@ -43,6 +43,10 @@ func createAgentConfig(baseurl, agentid, apiurl, token, agentpk, cert, proxy, me
viper.Set("cert", cert)
viper.Set("proxy", proxy)
viper.Set("meshdir", meshdir)
viper.Set("natsstandardport", natsport)
if insecure {
viper.Set("insecure", "true")
}
viper.SetConfigPermissions(0660)
err := viper.SafeWriteConfigAs(etcConfig)
if err != nil {

View File

@ -21,7 +21,7 @@ import (
"golang.org/x/sys/windows/registry"
)
func createAgentConfig(baseurl, agentid, apiurl, token, agentpk, cert, proxy, meshdir string) {
func createAgentConfig(baseurl, agentid, apiurl, token, agentpk, cert, proxy, meshdir, natsport string, insecure bool) {
k, _, err := registry.CreateKey(registry.LOCAL_MACHINE, `SOFTWARE\TacticalRMM`, registry.ALL_ACCESS)
if err != nil {
log.Fatalln("Error creating registry key:", err)
@ -73,6 +73,20 @@ func createAgentConfig(baseurl, agentid, apiurl, token, agentpk, cert, proxy, me
log.Fatalln("Error creating MeshDir registry key:", err)
}
}
if len(natsport) > 0 {
err = k.SetStringValue("NatsStandardPort", natsport)
if err != nil {
log.Fatalln("Error creating NatsStandardPort registry key:", err)
}
}
if insecure {
err = k.SetStringValue("Insecure", "true")
if err != nil {
log.Fatalln("Error creating Insecure registry key:", err)
}
}
}
func (a *Agent) checkExistingAndRemove(silent bool) {

40
main.go
View File

@ -25,7 +25,7 @@ import (
)
var (
version = "2.4.11"
version = "2.4.12-dev"
log = logrus.New()
logFile *os.File
)
@ -53,6 +53,8 @@ func main() {
cert := flag.String("cert", "", "Path to domain CA .pem")
silent := flag.Bool("silent", false, "Do not popup any message boxes during installation")
proxy := flag.String("proxy", "", "Use a http proxy")
insecure := flag.Bool("insecure", false, "Insecure for testing only")
natsport := flag.String("natsport", "", "nats standard port")
flag.Parse()
if *ver {
@ -141,23 +143,25 @@ func main() {
return
}
a.Install(&agent.Installer{
RMM: *api,
ClientID: *clientID,
SiteID: *siteID,
Description: *desc,
AgentType: *atype,
Power: *power,
RDP: *rdp,
Ping: *ping,
Token: *token,
LocalMesh: *localMesh,
Cert: *cert,
Proxy: *proxy,
Timeout: *timeout,
Silent: *silent,
NoMesh: *noMesh,
MeshDir: *meshDir,
MeshNodeID: *meshNodeID,
RMM: *api,
ClientID: *clientID,
SiteID: *siteID,
Description: *desc,
AgentType: *atype,
Power: *power,
RDP: *rdp,
Ping: *ping,
Token: *token,
LocalMesh: *localMesh,
Cert: *cert,
Proxy: *proxy,
Timeout: *timeout,
Silent: *silent,
NoMesh: *noMesh,
MeshDir: *meshDir,
MeshNodeID: *meshNodeID,
Insecure: *insecure,
NatsStandardPort: *natsport,
})
default:
agent.ShowStatus(version)

View File

@ -48,6 +48,7 @@ type AgentConfig struct {
NatsProxyPort string
NatsStandardPort string
NatsPingInterval int
Insecure string
}
type RunScriptResp struct {