Skip to content

Commit

Permalink
Store UserAuthenticate messages
Browse files Browse the repository at this point in the history
  • Loading branch information
@jessepeterson
jessepeterson committed Jul 3, 2021
1 parent 1406f5c commit 4a54502
Show file tree
Hide file tree
Showing 7 changed files with 72 additions and 1 deletion.
3 changes: 3 additions & 0 deletions service/nanomdm/service.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -150,6 +150,9 @@ func (s *Service) UserAuthenticate(r *mdm.Request, message *mdm.UserAuthenticate
if err := s.updateEnrollID(r, &message.Enrollment); err != nil {
return nil, err
}
if err := s.store.StoreUserAuthenticate(r, message); err != nil {
return nil, err
}
// if the DigestResponse is empty then this is the first (of two)
// UserAuthenticate messages depending on our response
if message.DigestResponse == "" {
Expand Down
7 changes: 7 additions & 0 deletions storage/allmulti/allmulti.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -70,6 +70,13 @@ func (ms *MultiAllStorage) StoreTokenUpdate(r *mdm.Request, msg *mdm.TokenUpdate
return err
}

func (ms *MultiAllStorage) StoreUserAuthenticate(r *mdm.Request, msg *mdm.UserAuthenticate) error {
_, err := ms.execStores(func(s storage.AllStorage) (interface{}, error) {
return nil, s.StoreUserAuthenticate(r, msg)
})
return err
}

func (ms *MultiAllStorage) Disable(r *mdm.Request) error {
_, err := ms.execStores(func(s storage.AllStorage) (interface{}, error) {
return nil, s.Disable(r)
Expand Down
14 changes: 14 additions & 0 deletions storage/file/file.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -20,6 +20,9 @@ const (
DisabledFilename = "Disabled"
BootstrapTokenFile = "BootstrapToken.dat"

UserAuthFilename = "UserAuthenticate.plist"
UserAuthDigestFilename = "UserAuthenticate.Digest.plist"

CertAuthFilename = "CertAuth.sha256.txt"
CertAuthAssociationsFilename = "CertAuth.txt"

Expand Down Expand Up @@ -166,6 +169,17 @@ func (s *FileStorage) StoreTokenUpdate(r *mdm.Request, msg *mdm.TokenUpdate) err
return nil
}

func (s *FileStorage) StoreUserAuthenticate(r *mdm.Request, msg *mdm.UserAuthenticate) error {
e := s.newEnrollment(r.ID)
filename := UserAuthFilename
// if the DigestResponse is empty then this is the first (of two)
// UserAuthenticate messages depending on our response
if msg.DigestResponse != "" {
filename = UserAuthDigestFilename
}
return e.writeFile(filename, msg.Raw)
}

func (s *FileStorage) Disable(r *mdm.Request) error {
if r.ParentID != "" {
return errors.New("can only disable a device channel")
Expand Down
31 changes: 31 additions & 0 deletions storage/mysql/mysql.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -147,6 +147,37 @@ UPDATE
return err
}

func (s *MySQLStorage) StoreUserAuthenticate(r *mdm.Request, msg *mdm.UserAuthenticate) error {
colName := "user_authenticate"
colAtName := "user_authenticate_at"
// if the DigestResponse is empty then this is the first (of two)
// UserAuthenticate messages depending on our response
if msg.DigestResponse != "" {
colName = "user_authenticate_digest"
colAtName = "user_authenticate_digest_at"
}
_, err := s.db.ExecContext(
r.Context, `
INSERT INTO users
(id, device_id, user_short_name, user_long_name, `+colName+`, `+colAtName+`)
VALUES
(?, ?, ?, ?, ?, CURRENT_TIMESTAMP) AS new
ON DUPLICATE KEY
UPDATE
device_id = new.device_id,
user_short_name = new.user_short_name,
user_long_name = new.user_long_name,
`+colName+` = new.`+colName+`,
`+colAtName+` = new.`+colAtName+`;`,
r.ID,
r.ParentID,
nullEmptyString(msg.UserShortName),
nullEmptyString(msg.UserLongName),
msg.Raw,
)
return err
}

func (s *MySQLStorage) Disable(r *mdm.Request) error {
if r.ParentID != "" {
return errors.New("can only disable a device channel")
Expand Down
6 changes: 6 additions & 0 deletions storage/mysql/schema.00002.sql
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,6 @@
ALTER TABLE users ADD COLUMN user_authenticate TEXT NULL;
ALTER TABLE users ADD COLUMN user_authenticate_at TIMESTAMP NULL;
ALTER TABLE users ADD CONSTRAINT CHECK (user_authenticate IS NULL OR user_authenticate != '');
ALTER TABLE users ADD COLUMN user_authenticate_digest TEXT NULL;
ALTER TABLE users ADD COLUMN user_authenticate_digest_at TIMESTAMP NULL;
ALTER TABLE users ADD CONSTRAINT CHECK (user_authenticate_digest IS NULL OR user_authenticate_digest != '');
11 changes: 10 additions & 1 deletion storage/mysql/schema.sql
View file
Original file line number Diff line number Diff line change
Expand Up @@ -51,6 +51,12 @@ CREATE TABLE users (
token_update TEXT NULL,
token_update_at TIMESTAMP NULL,

-- The last raw UserAuthenticate (and optional digest) for this user
user_authenticate TEXT NULL,
user_authenticate_at TIMESTAMP NULL,
user_authenticate_digest TEXT NULL,
user_authenticate_digest_at TIMESTAMP NULL,

created_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP,
updated_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP ON UPDATE CURRENT_TIMESTAMP,

Expand All @@ -63,7 +69,10 @@ CREATE TABLE users (
CHECK (user_short_name IS NULL OR user_short_name != ''),
CHECK (user_long_name IS NULL OR user_long_name != ''),

CHECK (token_update IS NULL OR token_update != '')
CHECK (token_update IS NULL OR token_update != ''),

CHECK (user_authenticate IS NULL OR user_authenticate != ''),
CHECK (user_authenticate_digest IS NULL OR user_authenticate_digest != '')
);


Expand Down
1 change: 1 addition & 0 deletions storage/storage.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -13,6 +13,7 @@ import (
type CheckinStore interface {
StoreAuthenticate(r *mdm.Request, msg *mdm.Authenticate) error
StoreTokenUpdate(r *mdm.Request, msg *mdm.TokenUpdate) error
StoreUserAuthenticate(r *mdm.Request, msg *mdm.UserAuthenticate) error
Disable(r *mdm.Request) error
}

Expand Down

0 comments on commit 4a54502

Please sign in to comment.