Exemple #1
0
        private Hashtable HandleHttpStartSession(Hashtable request)
        {
            DoExpire();

            Hashtable post = DecodePostString(request["body"].ToString());
            Hashtable reply = new Hashtable();

            reply["str_response_string"] = "";
            reply["int_response_code"] = 401;
            reply["content_type"] = "text/plain";

            string username = post["USER"].ToString();
            string password = post["PASS"].ToString();
            
            // Validate the username/password pair
            if (Util.AuthenicateAsSystemUser(username, password) == false)
                return reply;

            ConsoleConnection c = new ConsoleConnection();
            c.last = System.Environment.TickCount;
            c.lastLineSeen = 0;

            UUID sessionID = UUID.Random();

            lock (m_Connections)
            {
                m_Connections[sessionID] = c;
            }

            string uri = "/ReadResponses/" + sessionID.ToString() + "/";
            IRequestHandler handler = new AsyncRequestHandler("POST", uri, AsyncReadResponses);
            m_Server.AddStreamHandler(handler);

            XmlDocument xmldoc = new XmlDocument();
            XmlNode xmlnode = xmldoc.CreateNode(XmlNodeType.XmlDeclaration, "", "");

            xmldoc.AppendChild(xmlnode);
            XmlElement rootElement = xmldoc.CreateElement("", "ConsoleSession", "");

            xmldoc.AppendChild(rootElement);

            XmlElement id = xmldoc.CreateElement("", "SessionID", "");
            id.AppendChild(xmldoc.CreateTextNode(sessionID.ToString()));

            rootElement.AppendChild(id);

            XmlElement prompt = xmldoc.CreateElement("", "Prompt", "");
            prompt.AppendChild(xmldoc.CreateTextNode(DefaultPrompt));

            rootElement.AppendChild(prompt);

            rootElement.AppendChild(MainConsole.Instance.Commands.GetXml(xmldoc));

            reply["str_response_string"] = xmldoc.InnerXml;
            reply["int_response_code"] = 200;
            reply["content_type"] = "text/xml";
            reply = CheckOrigin(reply);

            return reply;
        }
Exemple #2
0
        private Hashtable HandleHttpStartSession(Hashtable request)
        {
            DoExpire();

            Hashtable post = DecodePostString(request["body"].ToString());
            Hashtable reply = new Hashtable();

            reply["str_response_string"] = String.Empty;
            reply["int_response_code"] = 401;
            reply["content_type"] = "text/plain";

            var headers = (Hashtable)request["headers"];
            if (headers.ContainsKey("Authorization"))
            {
                var authHeader = headers["Authorization"].ToString();
                if (!authHeader.StartsWith("Bearer ", StringComparison.InvariantCultureIgnoreCase))
                {
                    m_log.Warn($"[REMOTECONSOLE] StartSession JWT Authorization header format failure from '{headers["remote_addr"]}'.");
                    return reply;
                }

                try
                {
                    var token = new JWToken(authHeader.Substring(7), m_sigUtil);

                    // TODO: Make the scope strings come from some central list that can be registered into?
                    if (!(token.HasValidSignature && token.IsNotExpired && token.Payload.Scope == "remote-console"))
                    {
                        m_log.Warn($"[REMOTECONSOLE] StartSession invalid/expired/wrong scope JWToken from '{headers["remote_addr"]}'.");
                        return reply;
                    }

                    m_log.Info($"[REMOTECONSOLE] StartSession access granted via JWT to '{token.Payload.Username}' from '{headers["remote_addr"]}'.");
                }
                catch (JWTokenException jte)
                {
                    m_log.Error($"[REMOTECONSOLE] Failure with JWToken in StartSession from '{headers["remote_addr"]}': {jte}");
                    return reply;
                }
            }
            else if (request.ContainsKey("USER") && request.ContainsKey("PASS"))
            {
                string username = post["USER"].ToString();
                string password = post["PASS"].ToString();

                // Validate the username/password pair
                if (Util.AuthenticateAsSystemUser(username, password) == false)
                    return reply;

                m_log.Warn($"[REMOTECONSOLE] StartSession access granted via legacy system username and password to '{username}' from '{headers["remote_addr"]}'.");
            }
            else
            {
                return reply;
            }

            ConsoleConnection c = new ConsoleConnection();
            c.last = System.Environment.TickCount;
            c.lastLineSeen = 0;

            UUID sessionID = UUID.Random();

            lock (m_Connections)
            {
                m_Connections[sessionID] = c;
            }

            string uri = "/ReadResponses/" + sessionID.ToString() + "/";
            IRequestHandler handler = new AsyncRequestHandler("POST", uri, AsyncReadResponses);
            m_Server.AddStreamHandler(handler);

            XmlDocument xmldoc = new XmlDocument();
            XmlNode xmlnode = xmldoc.CreateNode(XmlNodeType.XmlDeclaration, String.Empty, String.Empty);

            xmldoc.AppendChild(xmlnode);
            XmlElement rootElement = xmldoc.CreateElement(String.Empty, "ConsoleSession", String.Empty);

            xmldoc.AppendChild(rootElement);

            XmlElement id = xmldoc.CreateElement(String.Empty, "SessionID", String.Empty);
            id.AppendChild(xmldoc.CreateTextNode(sessionID.ToString()));

            rootElement.AppendChild(id);

            XmlElement prompt = xmldoc.CreateElement(String.Empty, "Prompt", String.Empty);
            prompt.AppendChild(xmldoc.CreateTextNode(DefaultPrompt));

            rootElement.AppendChild(prompt);

            rootElement.AppendChild(MainConsole.Instance.Commands.GetXml(xmldoc));

            reply["str_response_string"] = xmldoc.InnerXml;
            reply["int_response_code"] = 200;
            reply["content_type"] = "text/xml";
            reply = CheckOrigin(reply);

            return reply;
        }
            /// <summary>
            /// Register a bunch of CAPS http service handlers
            /// </summary>
            public void RegisterHandlers()
            {
                try
                {
                    IRequestHandler requestHandler;

                    requestHandler = new RestStreamHandler("POST", m_Caps.CapsBase + m_notecardTaskUpdatePath, ScriptTaskInventory);
                    m_Caps.RegisterHandler("UpdateScriptTaskInventory", requestHandler);
                    m_Caps.RegisterHandler("UpdateScriptTask", requestHandler);

                    requestHandler = new RestStreamHandler("POST", m_Caps.CapsBase + m_notecardUpdatePath, NoteCardAgentInventory);
                    m_Caps.RegisterHandler("UpdateNotecardAgentInventory", requestHandler);
                    m_Caps.RegisterHandler("UpdateScriptAgentInventory", requestHandler);
                    m_Caps.RegisterHandler("UpdateScriptAgent", requestHandler);

                    requestHandler = new RestStreamHandler("POST", m_Caps.CapsBase + "/NewFileAgentInventory/", NewAgentInventoryRequest);
                    m_Caps.RegisterHandler("NewFileAgentInventory", requestHandler);
                    //requestHandler = new RestStreamHandler("POST", m_Caps.CapsBase + "/NewFileAgentInventoryVariablePrice/", NewAgentInventoryRequestVariablePrice);
                    //m_Caps.RegisterHandler("NewFileAgentInventoryVariablePrice", requestHandler);

                    requestHandler = new AsyncRequestHandler("POST", m_Caps.CapsBase + m_fetchInventoryPath, AsyncFetchInventoryDescendents);
                    m_Caps.RegisterHandler("FetchInventoryDescendents", requestHandler);
                    m_Caps.RegisterHandler("WebFetchInventoryDescendents", requestHandler); 
                    m_Caps.RegisterHandler("FetchInventoryDescendents2", requestHandler);
                    m_Caps.RegisterHandler("FetchLibDescendents", requestHandler);
                    m_Caps.RegisterHandler("FetchLibDescendents2", requestHandler);

                    requestHandler = new RestStreamHandler("POST", "/CAPS/" + UUID.Random(), FetchInventoryRequest);
                    m_Caps.RegisterHandler("FetchInventory", requestHandler);
                    m_Caps.RegisterHandler("FetchInventory2", requestHandler);

                    requestHandler = new RestStreamHandler("POST", "/CAPS/" + UUID.Random(), FetchLibraryRequest);
                    m_Caps.RegisterHandler("FetchLib", requestHandler);
                    m_Caps.RegisterHandler("FetchLib2", requestHandler);

                    requestHandler = new RestStreamHandler("POST", "/CAPS/" + UUID.Random(), CopyInventoryFromNotecard);
                    m_Caps.RegisterHandler("CopyInventoryFromNotecard", requestHandler);

                    //requestHandler = new RestStreamHandler("POST", m_Caps.CapsBase + UUID.Random(), CreateInventoryCategory);
                    //m_Caps.RegisterHandler("CreateInventoryCategory", requestHandler);
                }
                catch (Exception e)
                {
                    m_log.Error("[CAPS]: " + e.ToString());
                }
            }