jessikitty/Disco
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feature: Bootstrapper secure server discovery

Browse Source
This commit is contained in:
Gary Sharp
2026-01-22 15:26:23 +11:00
parent 71fa53bfb2
commit e1f1973520
40 changed files with 2094 additions and 460 deletions
Download Patch File Download Diff File Expand all files Collapse all files
Disco.Web/Areas/API/Controllers/EnrolmentController.cs
+16
View File
@@ -88,5 +88,21 @@ namespace Disco.Web.Areas.API.Controllers
return BadRequest(ex.Message);
}
}
[DiscoAuthorize(Claims.Config.Enrolment.Configure)]
[HttpPost, ValidateAntiForgeryToken]
public virtual ActionResult LegacyDiscovery(bool enabled)
{
try
{
Database.DiscoConfiguration.Devices.EnrollmentLegacyDiscoveryDisabled = !enabled;
Database.SaveChanges();
return Ok();
}
catch (Exception ex)
{
return BadRequest(ex.Message);
}
}
}
}
Disco.Web/Areas/Config/Controllers/EnrolmentController.cs
+26
View File
@@ -1,7 +1,13 @@
using Disco.Models.UI.Config.Enrolment;
using Disco.Services.Authorization;
using Disco.Services.Devices.Enrolment;
using Disco.Services.Interop.ActiveDirectory;
using Disco.Services.Interop.DNS;
using Disco.Services.Interop.VicEduDept;
using Disco.Services.Plugins;
using Disco.Services.Plugins.Features.UIExtension;
using Disco.Services.Web;
using System;
using System.Linq;
using System.Web.Mvc;
@@ -12,10 +18,30 @@ namespace Disco.Web.Areas.Config.Controllers
[DiscoAuthorize(Claims.Config.Enrolment.Show)]
public virtual ActionResult Index()
{
var serverUrl = Request.Url;
if ((serverUrl.HostNameType == UriHostNameType.Dns && serverUrl.Host.Equals("localhost", StringComparison.OrdinalIgnoreCase)) ||
serverUrl.HostNameType == UriHostNameType.IPv4 || serverUrl.HostNameType == UriHostNameType.IPv6)
{
serverUrl = new UriBuilder(serverUrl)
{
Host = Environment.MachineName
}.Uri;
}
var srvRecord = DnsService.Query<SrvDnsRecord>(WindowsDeviceEnrolment.GetDnsServiceLocationRecordName(), true).FirstOrDefault();
var srvValue = srvRecord == null ? null : (srvRecord.Port == 443 ? srvRecord.Target : $"{srvRecord.Target}:{srvRecord.Port}");
var m = new Models.Enrolment.IndexModel()
{
MacSshUsername = Database.DiscoConfiguration.Bootstrapper.MacSshUsername,
PendingTimeoutMinutes = (int)Database.DiscoConfiguration.Bootstrapper.PendingTimeout.TotalMinutes,
MacEnrolUrl = new Uri(serverUrl, Url.Action(MVC.Services.Client.Unauthenticated("MacSecureEnrol"))),
HostingPluginInstalled = Plugins.PluginInstalled("Hosting"),
IsServicesEducationVicGovAuDomain = ActiveDirectory.Context.PrimaryDomain.Name.Equals("services.education.vic.gov.au", StringComparison.OrdinalIgnoreCase),
IsVicSmartDeployment = VicSmart.IsVicSmartDeployment(),
DnsSrvRecordName = WindowsDeviceEnrolment.GetDnsServiceLocationRecordName(),
DnsSrvRecordValue = srvValue,
LegacyDiscoveryEnabled = !Database.DiscoConfiguration.Devices.EnrollmentLegacyDiscoveryDisabled,
};
// UI Extensions
Disco.Web/Areas/Config/Models/Enrolment/IndexModel.cs
+8
View File
@@ -1,4 +1,5 @@
using Disco.Models.UI.Config.Enrolment;
using System;
namespace Disco.Web.Areas.Config.Models.Enrolment
{
@@ -6,5 +7,12 @@ namespace Disco.Web.Areas.Config.Models.Enrolment
{
public string MacSshUsername { get; set; }
public int PendingTimeoutMinutes { get; set; }
public Uri MacEnrolUrl { get; set; }
public bool HostingPluginInstalled { get; set; }
public bool IsVicSmartDeployment { get; set; }
public bool IsServicesEducationVicGovAuDomain { get; set; }
public string DnsSrvRecordName { get; set; }
public string DnsSrvRecordValue { get; set; }
public bool LegacyDiscoveryEnabled { get; set; }
}
}
Disco.Web/Areas/Config/Views/Enrolment/Index.cshtml
+162 -1
View File
@@ -121,7 +121,7 @@
able to connect to the requesting Apple Mac client via <a target="_blank" href="http://en.wikipedia.org/wiki/Secure_Shell">SSH</a>. Enter/Script the following command:
</span>
<div class="code">
curl&nbsp;<a target="_blank" href="http://disco:9292/Services/Client/Unauthenticated/MacSecureEnrol">http://disco:9292/Services/Client/Unauthenticated/MacSecureEnrol</a>
curl&nbsp;<a target="_blank" href="@Model.MacEnrolUrl">@Model.MacEnrolUrl</a>
</div>
<span class="smallText">This url will return a <a target="_blank" href="http://json.org/">JSON</a> response containing basic information about the enrolment.</span><br />
<span class="smallMessage">
@@ -133,6 +133,167 @@
</tr>
</table>
</div>
<div class="form" style="width: 530px; margin-top: 15px">
<h2>Bootstrapper Server Discovery</h2>
<table>
<tr>
<td>
<div>
The Disco ICT
@if (Authorization.Has(Claims.Config.Enrolment.DownloadBootstrapper))
{
@Html.ActionLink("Bootstrapper", MVC.Services.Client.Bootstrapper())
}
else
{
<text>Bootstrapper</text>
}
is used to enrol devices. It is strongly recommended that HTTPS be used for all communication.
the
The @Html.ActionLink("Hosting", Model.HostingPluginInstalled ? MVC.Config.Plugins.Configure("Hosting") : MVC.Config.Plugins.Install())
plugin can be used to automate deployment of HTTPS certificates.
</div>
<div>
The Bootstrapper discovers the server using the first successful method (in order):
</div>
<ol>
<li>
<h5>Manually Specified</h5>
<div>
The server url can be specified at the command line. The url must use HTTPS. For example:
</div>
<div class="code">Disco.ClientBootstrapper.exe https://@Request.Url.Authority</div>
</li>
<li>
<h5>DNS Service Location (SRV) Record</h5>
Expected Record Name: <strong><code>@Model.DnsSrvRecordName</code></strong>
@if (Model.IsServicesEducationVicGovAuDomain)
{
<div class="smallText">
This mechanism is not supported in the shared education.vic.gov.au domain and can be ignored.
</div>
}
else
{
if (Model.DnsSrvRecordValue == null)
{
<div class="info-box">
<span class="error">
No Service Location (SRV) record found.
</span>
@if (Request.IsSecureConnection)
{
<span>
Please create a DNS Service Location (SRV) record:
</span>
<table class="none">
<tr>
<th>Service:</th>
<td><code>_discoict</code></td>
</tr>
<tr>
<th>Protocol:</th>
<td><code>_tcp</code></td>
</tr>
<tr>
<th>Priority:</th>
<td><code>0</code></td>
</tr>
<tr>
<th>Weight:</th>
<td><code>0</code></td>
</tr>
<tr>
<th>Port:</th>
<td><code>@Request.Url.Port</code></td>
</tr>
<tr>
<th>Host offering this service:</th>
<td><code>@Request.Url.Host</code></td>
</tr>
</table>
}
else
{
<div>
Please configure and connect with HTTPS.
<span>
You can enable HTTPS automation using the
@Html.ActionLink("Hosting", Model.HostingPluginInstalled ? MVC.Config.Plugins.Configure("Hosting") : MVC.Config.Plugins.Install())
plugin.
</span>
</div>
}
</div>
}
else
{
<div>
Value: <strong><code>https://@Model.DnsSrvRecordValue</code></strong>
@if (Request.IsSecureConnection && !string.Equals(Model.DnsSrvRecordValue, Request.Url.Authority, StringComparison.OrdinalIgnoreCase))
{
<div class="info-box error">
<i class="fa fa-exclamation"></i> The Service Location (SRV) record does not match the way you are currently accessing the server: <code>@Request.Url.Authority</code>.
</div>
}
</div>
}
}
</li>
@if (Model.IsVicSmartDeployment)
{
<li>
<h5>Victorian Government Schools VicSmart Discovery</h5>
If the Bootstrapper detects it is running inside the VicSmart network, it will query Online Services for the Disco ICT server address based on the subnets assigned to each school.
This is configured in the @Html.ActionLink("Hosting", Model.HostingPluginInstalled ? MVC.Config.Plugins.Configure("Hosting") : MVC.Config.Plugins.Install())
plugin.
</li>
}
<li>
<h5>Legacy Discovery</h5>
<div>
The Bootstrapper will attempt to send an ICMP ping to &quot;<code>disco</code>&quot;. If the ping is successful, it will attempt to connect to <code>http://disco:9292/</code>.
</div>
<div>
@if (canConfig)
{
<input id="Enrolment_LegacyDiscovery" type="checkbox" @(Model.LegacyDiscoveryEnabled ? "checked" : null) />
<script type="text/javascript">
$(function () {
document.DiscoFunctions.PropertyChangeHelper(
$('#Enrolment_LegacyDiscovery'),
null,
'@Url.Action(MVC.API.Enrolment.LegacyDiscovery())',
'enabled'
);
});
</script>
}
else
{
<input id="Enrolment_LegacyDiscovery" type="checkbox" @(Model.LegacyDiscoveryEnabled ? "checked" : null) disabled="disabled" />
}
<label for="Enrolment_LegacyDiscovery">
Legacy Discovery Enabled
</label>
@AjaxHelpers.AjaxLoader()
</div>
@if ((Model.IsServicesEducationVicGovAuDomain || Model.DnsSrvRecordValue != null) && Model.LegacyDiscoveryEnabled)
{
<div class="info-box error">
<i class="fa fa-exclamation-triangle"></i>
It is not recommended to have Legacy Discovery enabled. Please use the latest Bootstrapper and disable this option.
</div>
}
<div>
This method is not secure and is only provided for backwards compatibility. In time this method will be removed.
</div>
</li>
</ol>
</td>
</tr>
</table>
</div>
@if (canShowStatus && Authorization.Has(Claims.Config.Logging.Show))
{
<h2>Live Enrolment Logging</h2>
Disco.Web/Areas/Config/Views/Enrolment/Index.generated.cs
+542 -15
View File
@@ -451,10 +451,26 @@ WriteLiteral(">\r\n curl&nbsp;<a");
WriteLiteral(" target=\"_blank\"");
WriteLiteral(" href=\"http://disco:9292/Services/Client/Unauthenticated/MacSecureEnrol\"");
WriteAttribute("href", Tuple.Create(" href=\"", 4881), Tuple.Create("\"", 4906)
#line 124 "..\..\Areas\Config\Views\Enrolment\Index.cshtml"
, Tuple.Create(Tuple.Create("", 4888), Tuple.Create<System.Object, System.Int32>(Model.MacEnrolUrl
#line default
#line hidden
, 4888), false)
);
WriteLiteral(">http://disco:9292/Services/Client/Unauthenticated/MacSecureEnrol</a>\r\n " +
" </div>\r\n <span");
WriteLiteral(">");
#line 124 "..\..\Areas\Config\Views\Enrolment\Index.cshtml"
Write(Model.MacEnrolUrl);
#line default
#line hidden
WriteLiteral("</a>\r\n </div>\r\n <span");
WriteLiteral(" class=\"smallText\"");
@@ -486,10 +502,521 @@ WriteLiteral(" class=\"code\"");
WriteLiteral(">&lt;script&gt;</span>\r\n tag embedded on the organisation\'s in" +
"tranet.\r\n </span>\r\n </td>\r\n </tr>\r\n </table>" +
"\r\n</div>\r\n");
"\r\n</div>\r\n<div");
WriteLiteral(" class=\"form\"");
WriteLiteral(" style=\"width: 530px; margin-top: 15px\"");
WriteLiteral(">\r\n <h2>Bootstrapper Server Discovery</h2>\r\n <table>\r\n <tr>\r\n " +
" <td>\r\n <div>\r\n The Disco ICT\r\n");
#line 136 "..\..\Areas\Config\Views\Enrolment\Index.cshtml"
#line 143 "..\..\Areas\Config\Views\Enrolment\Index.cshtml"
#line default
#line hidden
#line 143 "..\..\Areas\Config\Views\Enrolment\Index.cshtml"
if (Authorization.Has(Claims.Config.Enrolment.DownloadBootstrapper))
{
#line default
#line hidden
#line 145 "..\..\Areas\Config\Views\Enrolment\Index.cshtml"
Write(Html.ActionLink("Bootstrapper", MVC.Services.Client.Bootstrapper()));
#line default
#line hidden
#line 145 "..\..\Areas\Config\Views\Enrolment\Index.cshtml"
}
else
{
#line default
#line hidden
WriteLiteral(" ");
WriteLiteral("Bootstrapper");
WriteLiteral("\r\n");
#line 150 "..\..\Areas\Config\Views\Enrolment\Index.cshtml"
}
#line default
#line hidden
WriteLiteral(" is used to enrol devices. It is strongly recommended that HTT" +
"PS be used for all communication.\r\n the\r\n " +
"The ");
#line 153 "..\..\Areas\Config\Views\Enrolment\Index.cshtml"
Write(Html.ActionLink("Hosting", Model.HostingPluginInstalled ? MVC.Config.Plugins.Configure("Hosting") : MVC.Config.Plugins.Install()));
#line default
#line hidden
WriteLiteral(@"
plugin can be used to automate deployment of HTTPS certificates.
</div>
<div>
The Bootstrapper discovers the server using the first successful method (in order):
</div>
<ol>
<li>
<h5>Manually Specified</h5>
<div>
The server url can be specified at the command line. The url must use HTTPS. For example:
</div>
<div");
WriteLiteral(" class=\"code\"");
WriteLiteral(">Disco.ClientBootstrapper.exe https://");
#line 165 "..\..\Areas\Config\Views\Enrolment\Index.cshtml"
Write(Request.Url.Authority);
#line default
#line hidden
WriteLiteral("</div>\r\n </li>\r\n <li>\r\n " +
" <h5>DNS Service Location (SRV) Record</h5>\r\n Expected" +
" Record Name: <strong><code>");
#line 169 "..\..\Areas\Config\Views\Enrolment\Index.cshtml"
Write(Model.DnsSrvRecordName);
#line default
#line hidden
WriteLiteral("</code></strong>\r\n");
#line 170 "..\..\Areas\Config\Views\Enrolment\Index.cshtml"
#line default
#line hidden
#line 170 "..\..\Areas\Config\Views\Enrolment\Index.cshtml"
if (Model.IsServicesEducationVicGovAuDomain)
{
#line default
#line hidden
WriteLiteral(" <div");
WriteLiteral(" class=\"smallText\"");
WriteLiteral(">\r\n This mechanism is not supported in the shared " +
"education.vic.gov.au domain and can be ignored.\r\n </d" +
"iv>\r\n");
#line 175 "..\..\Areas\Config\Views\Enrolment\Index.cshtml"
}
else
{
if (Model.DnsSrvRecordValue == null)
{
#line default
#line hidden
WriteLiteral(" <div");
WriteLiteral(" class=\"info-box\"");
WriteLiteral(">\r\n <span");
WriteLiteral(" class=\"error\"");
WriteLiteral(">\r\n No Service Location (SRV) record found" +
".\r\n </span>\r\n");
#line 184 "..\..\Areas\Config\Views\Enrolment\Index.cshtml"
#line default
#line hidden
#line 184 "..\..\Areas\Config\Views\Enrolment\Index.cshtml"
if (Request.IsSecureConnection)
{
#line default
#line hidden
WriteLiteral(" <span>\r\n " +
" Please create a DNS Service Location (SRV) record:\r\n " +
" </span>\r\n");
WriteLiteral(" <table");
WriteLiteral(" class=\"none\"");
WriteLiteral(@">
<tr>
<th>Service:</th>
<td><code>_discoict</code></td>
</tr>
<tr>
<th>Protocol:</th>
<td><code>_tcp</code></td>
</tr>
<tr>
<th>Priority:</th>
<td><code>0</code></td>
</tr>
<tr>
<th>Weight:</th>
<td><code>0</code></td>
</tr>
<tr>
<th>Port:</th>
<td><code>");
#line 208 "..\..\Areas\Config\Views\Enrolment\Index.cshtml"
Write(Request.Url.Port);
#line default
#line hidden
WriteLiteral(@"</code></td>
</tr>
<tr>
<th>Host offering this service:</th>
<td><code>");
#line 212 "..\..\Areas\Config\Views\Enrolment\Index.cshtml"
Write(Request.Url.Host);
#line default
#line hidden
WriteLiteral("</code></td>\r\n </tr>\r\n " +
" </table>\r\n");
#line 215 "..\..\Areas\Config\Views\Enrolment\Index.cshtml"
}
else
{
#line default
#line hidden
WriteLiteral(@" <div>
Please configure and connect with HTTPS.
<span>
You can enable HTTPS automation using the
");
WriteLiteral(" ");
#line 222 "..\..\Areas\Config\Views\Enrolment\Index.cshtml"
Write(Html.ActionLink("Hosting", Model.HostingPluginInstalled ? MVC.Config.Plugins.Configure("Hosting") : MVC.Config.Plugins.Install()));
#line default
#line hidden
WriteLiteral("\r\n plugin.\r\n " +
" </span>\r\n </div>\r\n");
#line 226 "..\..\Areas\Config\Views\Enrolment\Index.cshtml"
}
#line default
#line hidden
WriteLiteral(" </div>\r\n");
#line 228 "..\..\Areas\Config\Views\Enrolment\Index.cshtml"
}
else
{
#line default
#line hidden
WriteLiteral(" <div>\r\n Value:" +
" <strong><code>https://");
#line 232 "..\..\Areas\Config\Views\Enrolment\Index.cshtml"
Write(Model.DnsSrvRecordValue);
#line default
#line hidden
WriteLiteral("</code></strong>\r\n");
#line 233 "..\..\Areas\Config\Views\Enrolment\Index.cshtml"
#line default
#line hidden
#line 233 "..\..\Areas\Config\Views\Enrolment\Index.cshtml"
if (Request.IsSecureConnection && !string.Equals(Model.DnsSrvRecordValue, Request.Url.Authority, StringComparison.OrdinalIgnoreCase))
{
#line default
#line hidden
WriteLiteral(" <div");
WriteLiteral(" class=\"info-box error\"");
WriteLiteral(">\r\n <i");
WriteLiteral(" class=\"fa fa-exclamation\"");
WriteLiteral("></i> The Service Location (SRV) record does not match the way you are currently " +
"accessing the server: <code>");
#line 236 "..\..\Areas\Config\Views\Enrolment\Index.cshtml"
Write(Request.Url.Authority);
#line default
#line hidden
WriteLiteral("</code>.\r\n </div>\r\n");
#line 238 "..\..\Areas\Config\Views\Enrolment\Index.cshtml"
}
#line default
#line hidden
WriteLiteral(" </div>\r\n");
#line 240 "..\..\Areas\Config\Views\Enrolment\Index.cshtml"
}
}
#line default
#line hidden
WriteLiteral(" </li>\r\n");
#line 243 "..\..\Areas\Config\Views\Enrolment\Index.cshtml"
#line default
#line hidden
#line 243 "..\..\Areas\Config\Views\Enrolment\Index.cshtml"
if (Model.IsVicSmartDeployment)
{
#line default
#line hidden
WriteLiteral(@" <li>
<h5>Victorian Government Schools VicSmart Discovery</h5>
If the Bootstrapper detects it is running inside the VicSmart network, it will query Online Services for the Disco ICT server address based on the subnets assigned to each school.
This is configured in the ");
#line 248 "..\..\Areas\Config\Views\Enrolment\Index.cshtml"
Write(Html.ActionLink("Hosting", Model.HostingPluginInstalled ? MVC.Config.Plugins.Configure("Hosting") : MVC.Config.Plugins.Install()));
#line default
#line hidden
WriteLiteral("\r\n plugin.\r\n </li>\r\n");
#line 251 "..\..\Areas\Config\Views\Enrolment\Index.cshtml"
}
#line default
#line hidden
WriteLiteral(@" <li>
<h5>Legacy Discovery</h5>
<div>
The Bootstrapper will attempt to send an ICMP ping to &quot;<code>disco</code>&quot;. If the ping is successful, it will attempt to connect to <code>http://disco:9292/</code>.
</div>
<div>
");
#line 258 "..\..\Areas\Config\Views\Enrolment\Index.cshtml"
#line default
#line hidden
#line 258 "..\..\Areas\Config\Views\Enrolment\Index.cshtml"
if (canConfig)
{
#line default
#line hidden
WriteLiteral(" <input");
WriteLiteral(" id=\"Enrolment_LegacyDiscovery\"");
WriteLiteral(" type=\"checkbox\"");
WriteLiteral(" ");
#line 260 "..\..\Areas\Config\Views\Enrolment\Index.cshtml"
Write(Model.LegacyDiscoveryEnabled ? "checked" : null);
#line default
#line hidden
WriteLiteral(" />\r\n");
WriteLiteral(" <script");
WriteLiteral(" type=\"text/javascript\"");
WriteLiteral(@">
$(function () {
document.DiscoFunctions.PropertyChangeHelper(
$('#Enrolment_LegacyDiscovery'),
null,
'");
#line 266 "..\..\Areas\Config\Views\Enrolment\Index.cshtml"
Write(Url.Action(MVC.API.Enrolment.LegacyDiscovery()));
#line default
#line hidden
WriteLiteral("\',\r\n \'enabled\'\r\n " +
" );\r\n });\r\n " +
" </script>\r\n");
#line 271 "..\..\Areas\Config\Views\Enrolment\Index.cshtml"
}
else
{
#line default
#line hidden
WriteLiteral(" <input");
WriteLiteral(" id=\"Enrolment_LegacyDiscovery\"");
WriteLiteral(" type=\"checkbox\"");
WriteLiteral(" ");
#line 274 "..\..\Areas\Config\Views\Enrolment\Index.cshtml"
Write(Model.LegacyDiscoveryEnabled ? "checked" : null);
#line default
#line hidden
WriteLiteral(" disabled=\"disabled\" />\r\n");
#line 275 "..\..\Areas\Config\Views\Enrolment\Index.cshtml"
}
#line default
#line hidden
WriteLiteral(" <label");
WriteLiteral(" for=\"Enrolment_LegacyDiscovery\"");
WriteLiteral(">\r\n Legacy Discovery Enabled\r\n " +
" </label>\r\n");
WriteLiteral(" ");
#line 279 "..\..\Areas\Config\Views\Enrolment\Index.cshtml"
Write(AjaxHelpers.AjaxLoader());
#line default
#line hidden
WriteLiteral("\r\n </div>\r\n");
#line 281 "..\..\Areas\Config\Views\Enrolment\Index.cshtml"
#line default
#line hidden
#line 281 "..\..\Areas\Config\Views\Enrolment\Index.cshtml"
if ((Model.IsServicesEducationVicGovAuDomain || Model.DnsSrvRecordValue != null) && Model.LegacyDiscoveryEnabled)
{
#line default
#line hidden
WriteLiteral(" <div");
WriteLiteral(" class=\"info-box error\"");
WriteLiteral(">\r\n <i");
WriteLiteral(" class=\"fa fa-exclamation-triangle\"");
WriteLiteral("></i>\r\n It is not recommended to have Legacy Disco" +
"very enabled. Please use the latest Bootstrapper and disable this option.\r\n " +
" </div>\r\n");
#line 287 "..\..\Areas\Config\Views\Enrolment\Index.cshtml"
}
#line default
#line hidden
WriteLiteral(@" <div>
This method is not secure and is only provided for backwards compatibility. In time this method will be removed.
</div>
</li>
</ol>
</td>
</tr>
</table>
</div>
");
#line 297 "..\..\Areas\Config\Views\Enrolment\Index.cshtml"
if (canShowStatus && Authorization.Has(Claims.Config.Logging.Show))
{
@@ -499,13 +1026,13 @@ WriteLiteral(">&lt;script&gt;</span>\r\n tag embedded on the
WriteLiteral(" <h2>Live Enrolment Logging</h2>\r\n");
#line 139 "..\..\Areas\Config\Views\Enrolment\Index.cshtml"
#line 300 "..\..\Areas\Config\Views\Enrolment\Index.cshtml"
#line default
#line hidden
#line 139 "..\..\Areas\Config\Views\Enrolment\Index.cshtml"
#line 300 "..\..\Areas\Config\Views\Enrolment\Index.cshtml"
Write(Html.Partial(MVC.Config.Shared.Views.LogEvents, new Disco.Web.Areas.Config.Models.Shared.LogEventsModel()
{
IsLive = true,
@@ -519,7 +1046,7 @@ Write(Html.Partial(MVC.Config.Shared.Views.LogEvents, new Disco.Web.Areas.Config
#line default
#line hidden
#line 146 "..\..\Areas\Config\Views\Enrolment\Index.cshtml"
#line 307 "..\..\Areas\Config\Views\Enrolment\Index.cshtml"
}
@@ -533,13 +1060,13 @@ WriteLiteral(" class=\"actionBar\"");
WriteLiteral(">\r\n");
#line 149 "..\..\Areas\Config\Views\Enrolment\Index.cshtml"
#line 310 "..\..\Areas\Config\Views\Enrolment\Index.cshtml"
#line default
#line hidden
#line 149 "..\..\Areas\Config\Views\Enrolment\Index.cshtml"
#line 310 "..\..\Areas\Config\Views\Enrolment\Index.cshtml"
if (Authorization.Has(Claims.Config.Enrolment.DownloadBootstrapper))
{
@@ -547,14 +1074,14 @@ WriteLiteral(">\r\n");
#line default
#line hidden
#line 151 "..\..\Areas\Config\Views\Enrolment\Index.cshtml"
#line 312 "..\..\Areas\Config\Views\Enrolment\Index.cshtml"
Write(Html.ActionLinkButton("Download Bootstrapper", MVC.Services.Client.Bootstrapper()));
#line default
#line hidden
#line 151 "..\..\Areas\Config\Views\Enrolment\Index.cshtml"
#line 312 "..\..\Areas\Config\Views\Enrolment\Index.cshtml"
}
@@ -564,7 +1091,7 @@ WriteLiteral(">\r\n");
WriteLiteral(" ");
#line 153 "..\..\Areas\Config\Views\Enrolment\Index.cshtml"
#line 314 "..\..\Areas\Config\Views\Enrolment\Index.cshtml"
if (canShowStatus)
{
@@ -572,14 +1099,14 @@ WriteLiteral(" ");
#line default
#line hidden
#line 155 "..\..\Areas\Config\Views\Enrolment\Index.cshtml"
#line 316 "..\..\Areas\Config\Views\Enrolment\Index.cshtml"
Write(Html.ActionLinkButton("Enrolment Status", MVC.Config.Enrolment.Status()));
#line default
#line hidden
#line 155 "..\..\Areas\Config\Views\Enrolment\Index.cshtml"
#line 316 "..\..\Areas\Config\Views\Enrolment\Index.cshtml"
}
Disco.Web/Areas/Services/Controllers/ClientController.cs
+32
View File
@@ -1,5 +1,6 @@
using Disco.Data.Repository;
using Disco.Models.ClientServices;
using Disco.Models.Services.Devices;
using Disco.Services;
using Disco.Services.Authorization;
using Disco.Services.Devices.Enrolment;
@@ -22,11 +23,21 @@ namespace Disco.Web.Areas.Services.Controllers
public virtual ActionResult PreparationClient()
{
var discoveryMethodHeader = Request.Headers["X-DiscoICT-Discovery"];
if (!string.IsNullOrEmpty(discoveryMethodHeader) && Enum.TryParse<DeviceEnrolmentServerDiscoveryMethod>(discoveryMethodHeader, out var discoveryMethod))
WindowsDeviceEnrolment.IncrementDiscoveryMethod(discoveryMethod);
if (!CheckLegacyEnrollmentDiscovery())
return BadRequest("Enrollment Legacy Discovery is disabled. Please use secure connection (HTTPS) for device enrollment.");
return File(Links.ClientBin.PreparationClient_zip, "application/x-msdownload", "PreparationClient.zip");
}
public virtual ActionResult Unauthenticated(string feature)
{
if (!CheckLegacyEnrollmentDiscovery())
return BadRequest("Enrollment Legacy Discovery is disabled. Please use secure connection (HTTPS) for device enrollment.");
if (string.IsNullOrEmpty(feature))
{
return Json(null);
@@ -64,6 +75,7 @@ namespace Disco.Web.Areas.Services.Controllers
}
case "macenrol":
{
WindowsDeviceEnrolment.IncrementDiscoveryMethod(DeviceEnrolmentServerDiscoveryMethod.Mac);
var Binder = ModelBinders.Binders.GetBinder(typeof(MacEnrol));
var BinderContext = new ModelBindingContext()
{
@@ -78,6 +90,7 @@ namespace Disco.Web.Areas.Services.Controllers
}
case "macsecureenrol":
{
WindowsDeviceEnrolment.IncrementDiscoveryMethod(DeviceEnrolmentServerDiscoveryMethod.MacSecure);
using (var database = new DiscoDataContext())
{
var host = HttpContext.Request.UserHostAddress;
@@ -93,6 +106,9 @@ namespace Disco.Web.Areas.Services.Controllers
[Authorize]
public virtual ActionResult Authenticated(string feature)
{
if (!CheckLegacyEnrollmentDiscovery())
return BadRequest("Enrollment Legacy Discovery is disabled. Please use secure connection (HTTPS) for device enrollment.");
if (string.IsNullOrEmpty(feature))
{
WhoAmIResponse whoAmIResponse = new WhoAmI().BuildResponse();
@@ -171,5 +187,21 @@ namespace Disco.Web.Areas.Services.Controllers
return Content("Error Message Logged");
}
private bool CheckLegacyEnrollmentDiscovery()
{
if (!Request.IsSecureConnection)
{
using (DiscoDataContext database = new DiscoDataContext())
{
if (database.DiscoConfiguration.Devices.EnrollmentLegacyDiscoveryDisabled)
{
EnrolmentLog.LogClientError(Request.UserHostAddress, Request.UserHostName, string.Empty, "Enrollment Legacy Discovery is disabled. Please use secure connection (HTTPS) for device enrollment.", string.Empty);
return false;
}
}
}
return true;
}
}
}