diff --git a/docs/Contributing/product-groups/mdm/mdm-overview.md b/docs/Contributing/product-groups/mdm/mdm-overview.md index d8f1a34563..77599b2eed 100644 --- a/docs/Contributing/product-groups/mdm/mdm-overview.md +++ b/docs/Contributing/product-groups/mdm/mdm-overview.md @@ -33,6 +33,8 @@ - CSPs: https://learn.microsoft.com/en-us/windows/client-management/mdm/policy-configuration-service-provider +- Initial PoC PR's: [MDM Server](https://github.com/fleetdm/fleet/pull/9178) [Programmatic Enrollment](https://github.com/fleetdm/fleet/pull/9500) + ### Android See the [Android MDM documentation](./android-mdm.md) diff --git a/server/mdm/microsoft/wstep_csr.go b/server/mdm/microsoft/wstep_csr.go index 8d6064a684..b8d26bc8c4 100644 --- a/server/mdm/microsoft/wstep_csr.go +++ b/server/mdm/microsoft/wstep_csr.go @@ -42,16 +42,14 @@ import ( // The certificates generated by a Windows device during MDM enrollment were not being parsed correctly // by the standard x509 package. To work around this issue, we used a modified version of the isPrintable // function from the ASN.1 package that allows invalid characters. -// You can find the implementation of isPrintable here: +// You can find the original implementation of isPrintable here: // https://github.com/golang/go/blob/e126572f8a91d42b86242012012d0cad4507dca8/src/encoding/asn1/asn1.go#L433 -// The modification to the standard library requires applying the following patch to the x509 package: -// https://github.com/fleetdm/fleet/blob/main/tools/mdm/windows/poc-mdm-server/patch/patch.go // Since this solution is not ideal and does not scale, we have wrapped a custom version of // ParseCertificateRequest with the necessary changes in ParseCertificateRequestFromWindowsDevice(). // The invalid characters are: '!' and 0x00. // Here's an example of a certificate with invalid characters in the CommonName field: // Common Name: F717C0F0-5F68-4AC3-A341-01B254!4219DFB0A902F747A9C4FD43C8CE36CE -// The new characters have been added to the isPrintable() function below. +// The patched isPrintable method that allows these new characters, can be found below in this file. func ParseCertificateRequestFromWindowsDevice(asn1Data []byte) (*x509.CertificateRequest, error) { var csr certificateRequest diff --git a/third_party/vuln-check/README.md b/third_party/vuln-check/README.md index e680adbbcd..93aea490da 100644 --- a/third_party/vuln-check/README.md +++ b/third_party/vuln-check/README.md @@ -34,7 +34,6 @@ This directory solves that problem by creating "dummy" manifest files that list | josharian/impl | server/mock/mockimpl/ | v1.4.0 | | mitchellh/gon | orbit/pkg/packaging/macos_notarize.go | v0.2.3 | | sassoftware/relic | pkg/file/xar.go | v7.2.1+incompatible | -| oscartbeaumont/windows_mdm | tools/mdm/windows/poc-mdm-server/ | v0.0.0-20210615145659-e52e28e50db7 | ### npm dependencies (package.json) diff --git a/third_party/vuln-check/go.mod b/third_party/vuln-check/go.mod index 56b93e7ec0..bf20f61fba 100644 --- a/third_party/vuln-check/go.mod +++ b/third_party/vuln-check/go.mod @@ -49,8 +49,4 @@ require ( // relic - XAR file parsing (pkg/file/xar.go) // Copied: April 2023 github.com/sassoftware/relic v7.2.1+incompatible - - // poc-mdm-server - Windows MDM demo (tools/mdm/windows/poc-mdm-server/) - // Forked from oscartbeaumont/windows_mdm - github.com/oscartbeaumont/windows_mdm v0.0.0-20210615145659-e52e28e50db7 ) diff --git a/tools/README.md b/tools/README.md index 1e308f8dfc..c1694c3cd3 100644 --- a/tools/README.md +++ b/tools/README.md @@ -262,7 +262,6 @@ go run ./tools/run-scripts -scripts-disabled -content 'echo "Test"' | `mdm/migration/micromdm/` | MicroMDM migration tools | See [mdm/migration/micromdm/README.md](mdm/migration/micromdm/README.md) | | `mdm/migration/simplemdm/` | SimpleMDM migration tools | `go run ./tools/mdm/migration/simplemdm` | | `mdm/windows/bitlocker/` | BitLocker key management | Go utilities for BitLocker | -| `mdm/windows/poc-mdm-server/` | PoC Windows MDM server | See [mdm/windows/poc-mdm-server/README.md](mdm/windows/poc-mdm-server/README.md) | | `mdm/windows/programmatic-enrollment/` | Windows MDM enrollment | `go run ./tools/mdm/windows/programmatic-enrollment` | | `windows-mdm-enroll/` | Windows MDM enrollment | Enrollment utilities for Windows | | **Other Utilities** | | | diff --git a/tools/mdm/windows/poc-mdm-server/.gitignore b/tools/mdm/windows/poc-mdm-server/.gitignore deleted file mode 100644 index ac75f32b7b..0000000000 --- a/tools/mdm/windows/poc-mdm-server/.gitignore +++ /dev/null @@ -1,18 +0,0 @@ -# Binaries for programs and plugins -*.exe -*.exe~ -*.dll -*.so -*.dylib - -# Test binary, build with `go test -c` -*.test - -# Output of the go coverage tool, specifically when used with LiteIDE -*.out - -# Mac System Files -.DS_Store - -# Ignore The Folder With My HTTPS Certifciates -certs/ diff --git a/tools/mdm/windows/poc-mdm-server/LICENSE b/tools/mdm/windows/poc-mdm-server/LICENSE deleted file mode 100644 index 13db870aac..0000000000 --- a/tools/mdm/windows/poc-mdm-server/LICENSE +++ /dev/null @@ -1,21 +0,0 @@ -MIT License - -Copyright (c) 2021 Oscar Beaumont - -Permission is hereby granted, free of charge, to any person obtaining a copy -of this software and associated documentation files (the "Software"), to deal -in the Software without restriction, including without limitation the rights -to use, copy, modify, merge, publish, distribute, sublicense, and/or sell -copies of the Software, and to permit persons to whom the Software is -furnished to do so, subject to the following conditions: - -The above copyright notice and this permission notice shall be included in all -copies or substantial portions of the Software. - -THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, -FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE -AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER -LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, -OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE -SOFTWARE. diff --git a/tools/mdm/windows/poc-mdm-server/README.md b/tools/mdm/windows/poc-mdm-server/README.md deleted file mode 100644 index d2e2086e68..0000000000 --- a/tools/mdm/windows/poc-mdm-server/README.md +++ /dev/null @@ -1,648 +0,0 @@ - -# Windows MDM Server Demo - -This project is a working and minimal implementation of the Windows device enrollment and management protocols. It was based on an initial implementation of the MS-MDE enrollment protocols from [`oscartbeaumont/windows_mdm`](https://github.com/oscartbeaumont/windows_mdm). - -This project uses the protocols: - -- [MS-MDE](https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-mde/d9e18701-cd4c-4fdb-8a3e-c1ddd33b1307) -- [MS-MDM](https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-mdm/33769a92-ac31-47ef-ae7b-dc8501f7104f) -- [MS-WSTEP](https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-wstep/4766a85d-0d18-4fa1-a51f-e5cb98b752ea) -- [MS-XCEP](https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-xcep/08ec4475-32c2-457d-8c27-5a176660a210) -- [OMA Device Management Protocol](https://www.openmobilealliance.org/release/DM/V1_2_1-20080617-A/OMA-TS-DM_Protocol-V1_2_1-20080617-A.pdf) - - -The steps for MDE device enrollment correspond to five phases as shown in the following diagram: - -![Microsoft MDM enrollment workflow diagram](https://learn.microsoft.com/en-us/openspecs/windows_protocols/ms-mde/ms-mde_files/image002.png) - -## License - -This code is MIT licensed and it was forked from [`oscartbeaumont/windows_mdm`](https://github.com/oscartbeaumont/windows_mdm). Initial implementation credit goes to [Oscar Beaumont](https://github.com/oscartbeaumont). - -## Usage - -On the server side, you just need to run the project using the already provided cert and keys. The certificate is in `.pfx` file format, so you need to extract the certificate and key first, see https://stackoverflow.com/a/59120388/1094941. -The "Import password" is "testpassword", and the names of the output files matter, on Linux something like this works (assuming you are in the certs/ directory): - -``` -# for the cert -$ openssl pkcs12 -in dev_cert_mdmwindows_com.pfx -clcerts -nokeys -out dev_cert_mdmwindows_com_cert.pem - -# for the key -$ openssl pkcs12 -in dev_cert_mdmwindows_com.pfx -out dev_cert_mdmwindows_com.key -nocerts -nodes -``` - -Note that an asn1 error might occur when running the server, if that's the case you need to patch your local Go toolchain by running `$ go run ./patch/patch.go` (`GOROOT` env var must be set to point to your `go env GOROOT` directory). It may require `sudo` depending on where your `go` installation is (due to https://github.com/golang/go/issues/14017). - -Next go to the project folder and run. - -```bash -go run . -``` - -Note that the server binds to the standard and usually firewall-protected `443` port, so you may need to configure your firewall to allow connections to it for the duration of your test. - -On the Windows client side, you need to import the custom CA certificate to the certificate store, and populate the `hosts` file before running the Windows Enrollment. The certificate to import is on the certs directory and it is called `dev_cert_mdmwindows_com.pfx`. You need to copy this certificate to the client machine and run the powershell command below (in the console, not in a powershell terminal). This is required because the project uses a local dev https endpoint. - - 1) Import certificate to Trusted CAs repository (be sure to update the path to the pfx certificate) - - powershell -ep bypass "$mypwd = ConvertTo-SecureString -String 'testpassword' -Force -AsPlainText ; Import-PfxCertificate -FilePath c:\path\to\dev_cert_mdmwindows_com.pfx -CertStoreLocation Cert:\LocalMachine\Root -Password $mypwd" - - 2) Add mdmwindows.com to the list of static DNS - - echo mdmwindows.com >> %SystemRoot%\System32\drivers\etc\hosts - echo autodiscovery.mdmwindows.com >> %SystemRoot%\System32\drivers\etc\hosts - echo enterpriseenrollment.mdmwindows.com >> %SystemRoot%\System32\drivers\etc\hosts - -To enroll the device into this MDM server, go to `Settings > Accounts > Access work or school` and click the connect button, enter the email provided to the server when you ran `go run .` (default: `demo@mdmwindows.com`) and it should automatically detect the server and proceed with enrollment. This is why the server must run on port `:443`, because it uses automatic discovery and will not attempt a custom port. - -## Protocol Details - -Below is the raw https exchange of the MS-MDE and MS-MDM protocols when run using the -verbose mode: - - -### MDM Server HTTP Endpoints Auto Discovery Flow - - - ============================= Input Request ============================= - ----------- Input Header ----------- - GET /EnrollmentServer/Discovery.svc HTTP/2.0 - Host: enterpriseenrollment.mdmwindows.com - Cache-Control: no-cache - Pragma: no-cache - User-Agent: ENROLLClient - - - ----------- Empty Input Body ----------- - ========================================================================= - - - - ============================= Output Response ============================= - ----------- Response Header ----------- - HTTP/1.1 200 OK - Connection: close - - - ----------- Empty Response Body ----------- - ========================================================================= - - ============================= Input Request ============================= - ----------- Input Header ----------- - POST /EnrollmentServer/Discovery.svc HTTP/2.0 - Host: enterpriseenrollment.mdmwindows.com - Content-Length: 1042 - Content-Type: application/soap+xml; charset=utf-8 - User-Agent: ENROLLClient - - - ----------- Input Body ----------- - - - - http://schemas.microsoft.com/windows/management/2012/01/enrollment/IDiscoveryService/Discover - urn:uuid:748132ec-a575-4329-b01b-6171a9cf8478 - - http://www.w3.org/2005/08/addressing/anonymous - - https://EnterpriseEnrollment.mdmwindows.com:443/EnrollmentServer/Discovery.svc - - - - - demo@mdmwindows.com - 4.0 - CIMClient_Windows - 10.0.19043.2364 - 72 - - OnPremise - Federated - - - - - - ========================================================================= - - - - - ============================= Output Response ============================= - ----------- Response Header ----------- - HTTP/1.1 200 OK - Content-Length: 1107 - Content-Type: application/soap+xml; charset=utf-8 - - - ----------- Response Body ----------- - - - - - http://schemas.microsoft.com/windows/management/2012/01/enrollment/IDiscoveryService/DiscoverResponse - 8c6060c4-3d78-4d73-ae17-e8bce88426ee - - urn:uuid:748132ec-a575-4329-b01b-6171a9cf8478 - - - - - OnPremise - 4.0 - https://mdmwindows.com/EnrollmentServer/Policy.svc - https://mdmwindows.com/EnrollmentServer/Enrollment.svc - - - - - ========================================================================= - -## MDM Certificate Enrollment Policy Flow (MS-XCEP) - - -============================= Input Request ============================= ------------ Input Header ----------- - POST /EnrollmentServer/Policy.svc HTTP/2.0 -Host: mdmwindows.com -Content-Length: 1495 -Content-Type: application/soap+xml; charset=utf-8 -User-Agent: ENROLLClient - - ------------ Input Body ----------- - - - - http://schemas.microsoft.com/windows/pki/2009/01/enrollmentpolicy/IPolicy/GetPolicies - urn:uuid:72048B64-0F19-448F-8C2E-B4C661860AA0 - - http://www.w3.org/2005/08/addressing/anonymous - - https://mdmwindows.com/EnrollmentServer/Policy.svc - - - demo@mdmwindows.com - demo - - - - - - - - - - - - - -========================================================================= - - - - -============================= Output Response ============================= ------------ Response Header ----------- - HTTP/1.1 200 OK -Content-Length: 1378 -Content-Type: application/soap+xml; charset=utf-8 - - ------------ Response Body ----------- - - - - - http://schemas.microsoft.com/windows/pki/2009/01/enrollmentpolicy/IPolicy/GetPoliciesResponse - urn:uuid:72048B64-0F19-448F-8C2E-B4C661860AA0 - - - - - - - - 3 - - 2048 - - - - - - - - - - 1.3.6.1.4.1.311.20.2 - 1 - 5 - Certificate Template Name - - - - - -========================================================================= - - - -### MDM Certificate Enrollment Extensions Flow (MS-WSTEP) - - - ============================= Input Request ============================= - ----------- Input Header ----------- - POST /EnrollmentServer/Enrollment.svc HTTP/2.0 - Host: mdmwindows.com - Content-Length: 4295 - Content-Type: application/soap+xml; charset=utf-8 - User-Agent: ENROLLClient - - - ----------- Input Body ----------- - - - - http://schemas.microsoft.com/windows/pki/2009/01/enrollment/RST/wstep - urn:uuid:0d5a1441-5891-453b-becf-a2e5f6ea3749 - - http://www.w3.org/2005/08/addressing/anonymous - - https://mdmwindows.com/EnrollmentServer/Enrollment.svc - - - demo@mdmwindows.com - demo - - - - - - http://schemas.microsoft.com/5.0.0.0/ConfigurationManager/Enrollment/DeviceEnrollmentToken - http://docs.oasis-open.org/ws-sx/ws-trust/200512/Issue - MIICzjCCAboCAQAwSzFJMEcGA1UEAxNAQkE0MDVBNUQtQjFDNy00NzM3LTgxQzgtOEYzNzlBITFFMDhDNkU5NUQ4QkI4NDNCMTI3OEZGNDVCQzYwQ0M2ADCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJiaMezO2srqSMWGm702z0XoaScezbTDbC7oLEFRTBe20cXUduHZXyR2UJvrbztQQhuzy8Fie/Y8FNOvBfs6qb+/S/iYGvK9Ju0SJaz5KLthuUK0BLj5GtAvHnEIKk1RkYZPBTMVwS8n+iJTged8C0XhOAVWk8pDsthlrLuUlURSOMji5ftN+dsygDfAWLbJc2imikdKx1sWwDNdSNDph+RjhZHWroABKBrLbmGatRMyxt+xdV/GYvd1rLl9HWZt+IIYPtMBWlnSjVnEMs6UdU7spK7FOr6lhkuQ5wXN1uelLdpj7Zl2pKL1iJgOMLn7N23dzjDzTRfjpUNL/rNvlg0CAwEAAaBCMEAGCSqGSIb3DQEJDjEzMDEwLwYKKwYBBAGCN0IBAAQhMUUwOEM2RTk1RDhCQjg0M0IxMjc4RkY0NUJDNjBDQzYAMAkGBSsOAwIdBQADggEBADYVlS6XuWXSBFjRSGQmKJmVe1a+8TQfRUVpakKKkMDlH7aqyOKZB00nL1vNNXO6xdaWb5ViyKdsTNwnXz/BhSmZaLYGS8Qi2N5HPo1XQOdAGj+Nee0R4Nun+q9b+zfNFXo8fJuNiUaOCaDrKX5pOcALRSJBF2Kv1mBxkixJNJQgWj/JPiCr76llqH06ODf9zbmofOdEYwa2XpT43mWD7gecI8zIi+N3KxJue6hL1sLHDa5nIJR1QLjr0BddJLSm5DKiHDyIGQqPFfQXgjlyPZC9X48noxizgwv8/pwkjoRCM/dvR0QyZb3jm0Ah4MWyTlnWZp6Kl9LAUWSJoJXBMK0= - - - true - - - 3B3ED6D0EA88CBFCF37D36F90F22FE61172348C0162FC3840D6703149870CE76 - - - en-US - - - true - - - 72 - - - DESKTOP-28FGAI6 - - - 00-0C-29-51-60-9D - - - 1A-77-20-52-41-53 - - - 1A-77-20-52-41-53 - - - 00-0C-29-51-60-A7 - - - 18-14-20-52-41-53 - - - 00-0C-29-51-60-93 - - - 1E08C6E95D8BB843B1278FF45BC60CC6 - - - Full - - - CIMClient_Windows - - - 10.0.19043.2364 - - - 10.0.19043.2364 - - - false - - - - - - ========================================================================= - - - - - ============================= Output Response ============================= - ----------- Response Header ----------- - HTTP/1.1 200 OK - Content-Length: 8598 - Content-Type: application/soap+xml; charset=utf-8 - - - ----------- Response Body ----------- - - - - - http://schemas.microsoft.com/windows/pki/2009/01/enrollment/RSTRC/wstep - urn:uuid:0d5a1441-5891-453b-becf-a2e5f6ea3749 - - - 2018-11-30T00:32:59.420Z - 2018-12-30T00:37:59.420Z - - - - - - - http://schemas.microsoft.com/5.0.0.0/ConfigurationManager/Enrollment/DeviceEnrollmentToken - - - PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48d2FwLXByb3Zpc2lvbmluZ2RvYyB2ZXJzaW9uPSIxLjEiPjxjaGFyYWN0ZXJpc3RpYyB0eXBlPSJDZXJ0aWZpY2F0ZVN0b3JlIj48Y2hhcmFjdGVyaXN0aWMgdHlwZT0iUm9vdCI+PGNoYXJhY3RlcmlzdGljIHR5cGU9IlN5c3RlbSI+PGNoYXJhY3RlcmlzdGljIHR5cGU9IkQ5QTg4RTA0QUYxOEE0RDM5OUNFRTYyRjJDNzE0NjlDM0FFMUU2NzUiPjxwYXJtIG5hbWU9IkVuY29kZWRDZXJ0aWZpY2F0ZSIgdmFsdWU9Ik1JSUZUakNDQXphZ0F3SUJBZ0lVQU1sQkJEYjU2bUZGVVpPaDM1TW1QVHVWNkpjd0RRWUpLb1pJaHZjTkFRRUxCUUF3UHpFWk1CY0dBMVVFQ2d3UVRXRjBkSEpoZUNCSlpHVnVkR2wwZVRFaU1DQUdBMVVFQXd3WlYybHVaRzkzY3lCTlJFMGdSR1Z0YnlCSlpHVnVkR2wwZVRBZUZ3MHlNVEF4TURNd01qUTBNREphRncweU5EQXhNRE13TWpRME1ESmFNRDh4R1RBWEJnTlZCQW9NRUUxaGRIUnlZWGdnU1dSbGJuUnBkSGt4SWpBZ0JnTlZCQU1NR1ZkcGJtUnZkM01nVFVSTklFUmxiVzhnU1dSbGJuUnBkSGt3Z2dJaU1BMEdDU3FHU0liM0RRRUJBUVVBQTRJQ0R3QXdnZ0lLQW9JQ0FRQytnNjJHaHNFR2U0WGYvNWw4MG1POEZDOHNNWTZxR0MwZEI4YXZjSlhQdVIxTjREUVpBRkhIS2pnTTFMcFk0NVB6eHhTbUQxWTBSZFF3YUpMejAvV1F6c0RBRmhQRTdCeEI1SjBSVU1ZaVg5Yk01cCsyZmlmMFhua2xCUjE2RG5vNi9aeHdsdnZtMW1TN1RQUkZNcUhGZFB5WW0wZVc4RzAxUXBkMWVhVDdKQVhEcjN1a25yeXpmTjUxN3hzaGxJSmhVYUJtTTZRWng2L3UrS3ZhWkRGWmk1akdTekVJVHFFcy8zcFU4UFcvQm1OR1pYUkNWd2NHVGJwSG9IejczVlg3VlNEb1poWTVQNXp0VzUvZ29wOVJEQ0dxU0lJck5rNGJhOTlGd1liTnJPWDVnYktQOHJJN3VEdXBLRVlTaE5xQ250VC9ETjZXTUVSVWhkYkgzVExXeWhMSzhrbmxQTWVOSG9QTjFXK0pSZUowZVk4d0JWUVBHUENxdmJnZ3lYZ1drOTRHT3ExdDhiTmljSkRXVFpaQy9nTzRlV2FyU0RlVEJoRS80TlhWTDF5YVpkVEY0TUdBa1VLN24xYkJWT0MzTFQ4dzFEWWJIc290NmRvUTNEQ1M3NGVia1d6aHNKbjRxLyswUXFZTkREaG5FRWxRYWhvSmtCNEgrWGxLNktIeE9WNlpQQlpaTVRMVHNLTDZXRjgxb1k5N2lEc3hhNTd0d1J5a04raXoyYkxwQlBTa1I4ajU2Nnhhb3U4VGo4T2t5ODZCeG42V25MWUxvWFpld0M0VkhQRFYwUDRHQXVBeXZhWXpyM3owV20ydW9FZDBBT1Eyb3dteTAwNnduWW1yWVF4NGtqUGZVakF0UExjZE9iallvTWszTzNZaE5iUWU0TUtOWDdXL1R3SURBUUFCbzBJd1FEQU9CZ05WSFE4QkFmOEVCQU1DQVFZd0R3WURWUjBUQVFIL0JBVXdBd0VCL3pBZEJnTlZIUTRFRmdRVWNsME15cjlpNjAzKytXM3BPMm5WVlZXdmNZc3dEUVlKS29aSWh2Y05BUUVMQlFBRGdnSUJBR01GQXByVmgrK3dXU0NOakl0RkF6bW5qcFRwRmZuVnpQbHZrNXJyU2xrajVTMHlYbk9hU3VOQ25kekhwdURhYzZLd1IwY0NEUVVXNjdnWEgxdUZ3ZTE0MGtOTy92ajkycFFqcUgzTmR4ek51YkE5cXBsRzFqRXN2NXVyNEpWY1NjT002RzlxY2FHUEhTbTRkRFNBazdBUWFDQnV2RUV6Qno3L2o2QTlqS0Y4RHJ4bzU2MkYxb0xIWHVjdTJIU0VuSXJxZWdadDAwbjg3WEpnUXNVTGxoMHB1ejFkRk9FYWNMZHdvM1oxTnpOOUxEamt2Q01NUi9wbFJZVUx1cGhiaEdaL3JkME0wYzdIT0k5MGMyaS82dFlXeDM2TjZiWC9LMTlzQTE1N2ZjY1piQzhFb05iYVI2RlJzUlpQN25RSGtRR204M29kT0cza2tQelJ4b3lTbStIL1ZhM0YyRVZ6VlhRUk9vRHArMktRSThJUmpRMjVwTWxDSCs1Qm5OVmpSMkZ3cHZFU0FKZ0tWZGQ4RkVPQkJPV0dKZ2xaamx3Rm1ZQnVETWE4UnZmeStEU2NMNGxCYTFPMEx1N0xwRjBpNkRyYUZHajBxS3k5SjRkc1FOaXB5elRsR3dpczF1M0E4RFNSbXphNWxzMEtlalQzaXQ5OWQva1A4L2lVam5XOVdvSDRYcVZMMHlCaDUzMExCV1F3QktBck5zenRSNzAvT01mQ0ZnbWFVOEN3VGdrU0dQNFdyK0UzVXd1QWxhQThnWERTYndmM2x4OGlnTUpmRGtPVDVxNWNrb3BNcHpCMGJrbVhVVk9YcUVCRjVwOTA2c3o1UmNzdTRkNnMwZDQ1MnVPSTJnQTBGOXVrWEFKd1A4UTVlUS9PSnBwanF1S1ByQzJnSzhRTDB1THIiIC8+PC9jaGFyYWN0ZXJpc3RpYz48L2NoYXJhY3RlcmlzdGljPjwvY2hhcmFjdGVyaXN0aWM+PGNoYXJhY3RlcmlzdGljIHR5cGU9Ik15Ij48Y2hhcmFjdGVyaXN0aWMgdHlwZT0iVXNlciI+PGNoYXJhY3RlcmlzdGljIHR5cGU9IkFEQTdCMzVBMzBGOTg2NDY1Q0U0QzE3NkQ1MjdENEI4MDg0OEVFRjQiPjxwYXJtIG5hbWU9IkVuY29kZWRDZXJ0aWZpY2F0ZSIgdmFsdWU9Ik1JSUVMVENDQWhXZ0F3SUJBZ0lCQWpBTkJna3Foa2lHOXcwQkFRVUZBREEvTVJrd0Z3WURWUVFLREJCTllYUjBjbUY0SUVsa1pXNTBhWFI1TVNJd0lBWURWUVFEREJsWGFXNWtiM2R6SUUxRVRTQkVaVzF2SUVsa1pXNTBhWFI1TUI0WERUSXlNVEl6TURFNU1UZzBNMW9YRFRJek1USXpNREU1TVRnME0xb3dLekVwTUNjR0ExVUVBeE1nTVVVd09FTTJSVGsxUkRoQ1FqZzBNMEl4TWpjNFJrWTBOVUpETmpCRFF6WXdnZ0VpTUEwR0NTcUdTSWIzRFFFQkFRVUFBNElCRHdBd2dnRUtBb0lCQVFDWW1qSHN6dHJLNmtqRmhwdTlOczlGNkdrbkhzMjB3Mnd1NkN4QlVVd1h0dEhGMUhiaDJWOGtkbENiNjI4N1VFSWJzOHZCWW52MlBCVFRyd1g3T3FtL3YwdjRtQnJ5dlNidEVpV3MrU2k3WWJsQ3RBUzQrUnJRTHg1eENDcE5VWkdHVHdVekZjRXZKL29pVTRIbmZBdEY0VGdGVnBQS1E3TFlaYXk3bEpWRVVqakk0dVg3VGZuYk1vQTN3RmkyeVhOb3BvcEhTc2RiRnNBelhValE2WWZrWTRXUjFxNkFBU2dheTI1aG1yVVRNc2Jmc1hWZnhtTDNkYXk1ZlIxbWJmaUNHRDdUQVZwWjBvMVp4RExPbEhWTzdLU3V4VHErcFlaTGtPY0Z6ZGJucFMzYVkrMlpkcVNpOVlpWURqQzUremR0M2M0dzgwMFg0NlZEUy82emI1WU5BZ01CQUFHalNEQkdNQTRHQTFVZER3RUIvd1FFQXdJSGdEQVRCZ05WSFNVRUREQUtCZ2dyQmdFRkJRY0RBakFmQmdOVkhTTUVHREFXZ0JSeVhRekt2MkxyVGY3NWJlazdhZFZWVmE5eGl6QU5CZ2txaGtpRzl3MEJBUVVGQUFPQ0FnRUFWOFlRNHErL2xXVUJVVHdEOVIwMXhmcEphQW5FUm4wSmxIdUMzU2tRY05XN3I4cC83L2tDdENjVDY5VFR2QlVzRENNZy9PdXVCODQxTGdraFhRRWtQdHZqa3l4aUVYaytkRzZiUXQ1QWpLSWtIWUtjZEY0TzA5M0NZTm9xWElpZTg4SnduRzNzUDl3S3kyQWZwNXhYTXlJRVFqdkdNYVlneUxQUDAyd21uMmp2QU5PTlpDUHVFbTV4VnlLRzltTU1ZWWFFNXVIenB5TU5JK3BzUnVKMU8zbFlBSFhMMjkwTlBiSjl2QzRnMDRDUWRhWUZzRjl6M3F2dGlEOWVCNE9PRHRabnNrZFpsVURQSE1RYWMrRjdVMVhPdHJuU3VmN0tYOXo2U3U2VEllOWFVa3hobVgxeCtmNW9QczdVSzREWHB1NWJzTGZUMDVFN1RpclA4OTErWHR1Q3BCUnJOOFVDTlZOV2J3aFFGOE1IUXkrRk5oQm43OGJLcnhpT1FDZGM1ZWVtdVlhaVBaTHNhYnFhNExadGlIODlOeEJpVmVtbDA3aDY3RjdXNE9VeVpGWUlpdVFxUzAvdjcxaWdmd3dQVUkyd0RhWGo2b3J5K3NxV3grV3JJdFVyNWxSMTdPVU4xVUpMVkNmcCtXaldCSlhEYnRueVcvWFdzd29UcHVDMXI5bHhDWEZpaFJJSGZGV2p0OWprbHJCRFF6dDYvMmphVWprR2V2SFhieWlsd3B6djlYcUczMDBjdG9mUHdwb2RjaVVFVmZtaHFzeG1NRHhabzNpODZiMGZuS3dhN3JUSmlVZWFpTkRuSFJoMzlKcVpGVVNOZElVLzFJVzlUall1NXZQOEovV2l1akFnTnNyZ1AyN2xBYTBzZUFDNFJqWUQyN0Y3S0o1WjhBTT0iIC8+PC9jaGFyYWN0ZXJpc3RpYz48Y2hhcmFjdGVyaXN0aWMgdHlwZT0iUHJpdmF0ZUtleUNvbnRhaW5lciIgLz48L2NoYXJhY3RlcmlzdGljPjwvY2hhcmFjdGVyaXN0aWM+PC9jaGFyYWN0ZXJpc3RpYz48Y2hhcmFjdGVyaXN0aWMgdHlwZT0iQVBQTElDQVRJT04iPjxwYXJtIG5hbWU9IkFQUElEIiB2YWx1ZT0idzciIC8+PHBhcm0gbmFtZT0iUFJPVklERVItSUQiIHZhbHVlPSJERU1PIE1ETSIgLz48cGFybSBuYW1lPSJOQU1FIiB2YWx1ZT0iRmxlZXRETSBEZW1vIFNlcnZlciAtIFdpbmRvd3MiIC8+PHBhcm0gbmFtZT0iQUREUiIgdmFsdWU9Imh0dHBzOi8vbWRtd2luZG93cy5jb20vTWFuYWdlbWVudFNlcnZlci9NRE0uc3ZjIiAvPjxwYXJtIG5hbWU9IlNlcnZlckxpc3QiIHZhbHVlPSJodHRwczovL21kbXdpbmRvd3MuY29tL01hbmFnZW1lbnRTZXJ2ZXIvU2VydmVyTGlzdC5zdmMiIC8+PHBhcm0gbmFtZT0iUk9MRSIgdmFsdWU9IjQyOTQ5NjcyOTUiIC8+PHBhcm0gbmFtZT0iQkFDS0NPTVBBVFJFVFJZRElTQUJMRUQiIC8+PHBhcm0gbmFtZT0iREVGQVVMVEVOQ09ESU5HIiB2YWx1ZT0iYXBwbGljYXRpb24vdm5kLnN5bmNtbC5kbSt4bWwiIC8+PGNoYXJhY3RlcmlzdGljIHR5cGU9IkFQUEFVVEgiPjxwYXJtIG5hbWU9IkFBVVRITEVWRUwiIHZhbHVlPSJDTElFTlQiIC8+PHBhcm0gbmFtZT0iQUFVVEhUWVBFIiB2YWx1ZT0iRElHRVNUIiAvPjxwYXJtIG5hbWU9IkFBVVRIU0VDUkVUIiB2YWx1ZT0iZHVtbXkiIC8+PHBhcm0gbmFtZT0iQUFVVEhEQVRBIiB2YWx1ZT0ibm9uY2UiIC8+PC9jaGFyYWN0ZXJpc3RpYz48Y2hhcmFjdGVyaXN0aWMgdHlwZT0iQVBQQVVUSCI+PHBhcm0gbmFtZT0iQUFVVEhMRVZFTCIgdmFsdWU9IkFQUFNSViIgLz48cGFybSBuYW1lPSJBQVVUSFRZUEUiIHZhbHVlPSJESUdFU1QiIC8+PHBhcm0gbmFtZT0iQUFVVEhOQU1FIiB2YWx1ZT0iZHVtbXkiIC8+PHBhcm0gbmFtZT0iQUFVVEhTRUNSRVQiIHZhbHVlPSJkdW1teSIgLz48cGFybSBuYW1lPSJBQVVUSERBVEEiIHZhbHVlPSJub25jZSIgLz48L2NoYXJhY3RlcmlzdGljPjwvY2hhcmFjdGVyaXN0aWM+PGNoYXJhY3RlcmlzdGljIHR5cGU9IkRNQ2xpZW50Ij48Y2hhcmFjdGVyaXN0aWMgdHlwZT0iUHJvdmlkZXIiPjxjaGFyYWN0ZXJpc3RpYyB0eXBlPSJERU1PIE1ETSI+PGNoYXJhY3RlcmlzdGljIHR5cGU9IlBvbGwiPjxwYXJtIG5hbWU9Ik51bWJlck9mRmlyc3RSZXRyaWVzIiB2YWx1ZT0iOCIgZGF0YXR5cGU9ImludGVnZXIiIC8+PC9jaGFyYWN0ZXJpc3RpYz48L2NoYXJhY3RlcmlzdGljPjwvY2hhcmFjdGVyaXN0aWM+PC9jaGFyYWN0ZXJpc3RpYz48L3dhcC1wcm92aXNpb25pbmdkb2M+ - - - 0 - - - - - - ========================================================================= - - - - -### MDM - Device Management Flow (MS-MDM) - - ============================= Input Request ============================= - ----------- Input Header ----------- - POST /ManagementServer/MDM.svc?mode=Maintenance&Platform=WoA HTTP/2.0 - Host: mdmwindows.com - Accept: application/vnd.syncml.dm+xml, application/vnd.syncml.dm+wbxml, application/octet-stream - Accept-Charset: UTF-8 - Client-Request-Id: 0 - Content-Length: 991 - Content-Type: application/vnd.syncml.dm+xml - Ms-Cv: a/tCeBgffEqA5408.0.0.0 - User-Agent: MSFT OMA DM Client/1.2.0.1 - - - ----------- Input Body ----------- - - - - 1.2 - DM/1.2 - 1 - 1 - - https://mdmwindows.com/ManagementServer/MDM.svc - - - 1E08C6E95D8BB843B1278FF45BC60CC6 - - - - - 2 - 1201 - - - 3 - 1224 - - - com.microsoft/MDM/LoginStatus - - user - - - - 4 - - - ./DevInfo/DevId - - 1E08C6E95D8BB843B1278FF45BC60CC6 - - - - ./DevInfo/Man - - VMware, Inc. - - - - ./DevInfo/Mod - - VMware7,1 - - - - ./DevInfo/DmV - - 1.3 - - - - ./DevInfo/Lang - - en-US - - - - - - ========================================================================= - - - - - ============================= Output Response ============================= - ----------- Response Header ----------- - HTTP/1.1 200 OK - Content-Length: 1736 - Content-Type: application/vnd.syncml.dm+xml - - - ----------- Response Body ----------- - - - - - 1.2 - DM/1.2 - 1 - 1 - - 1E08C6E95D8BB843B1278FF45BC60CC6 - - - https://mdmwindows.com/ManagementServer/MDM.svc - - - - - 1 - 1 - 0 - SyncHdr - 200 - - - 2 - 1 - 2 - Alert - 200 - - - 3 - 1 - 3 - Alert - 200 - - - 4 - 1 - 4 - Replace - 200 - - - 5 - - - ./Vendor/MSFT/Personalization/DesktopImageUrl - - - chr - text/plain - - https://fleetdm.com/images/articles/fleet-4.24.0-cover-1600x900@2x.jpg - - - - 6 - - - ./Vendor/MSFT/Personalization/LockScreenImageUrl - - - chr - text/plain - - https://fleetdm.com/images/articles/fleet-4.24.0-cover-1600x900@2x.jpg - - - - - - ========================================================================= - - - 192.168.8.10 - - [30/Dec/2022:16:59:44 -0300] "POST /ManagementServer/MDM.svc?mode=Maintenance&Platform=WoA HTTP/2.0" 200 1400 - - - ============================= Input Request ============================= - ----------- Input Header ----------- - POST /ManagementServer/MDM.svc?mode=Maintenance&Platform=WoA HTTP/2.0 - Host: mdmwindows.com - Accept: application/vnd.syncml.dm+xml, application/vnd.syncml.dm+wbxml, application/octet-stream - Accept-Charset: UTF-8 - Client-Request-Id: 0 - Content-Length: 633 - Content-Type: application/vnd.syncml.dm+xml - Ms-Cv: a/tCeBgffEqA5408.0.0.0 - User-Agent: MSFT OMA DM Client/1.2.0.1 - - - ----------- Input Body ----------- - - - - 1.2 - DM/1.2 - 1 - 2 - - https://mdmwindows.com/ManagementServer/MDM.svc - - - 1E08C6E95D8BB843B1278FF45BC60CC6 - - - - - 1 - 1 - 0 - SyncHdr - 200 - - - 2 - 1 - 5 - Replace - 202 - - - 3 - 1 - 6 - Replace - 202 - - - - - ========================================================================= - - - - - ============================= Output Response ============================= - ----------- Response Header ----------- - HTTP/1.1 200 OK - Content-Type: application/vnd.syncml.dm+xml - Content-Length: 0 - - - ----------- Response Body ----------- - - ========================================================================= - - diff --git a/tools/mdm/windows/poc-mdm-server/certs/dev_cert_mdmwindows_com.pfx b/tools/mdm/windows/poc-mdm-server/certs/dev_cert_mdmwindows_com.pfx deleted file mode 100644 index ec91c8cc01..0000000000 Binary files a/tools/mdm/windows/poc-mdm-server/certs/dev_cert_mdmwindows_com.pfx and /dev/null differ diff --git a/tools/mdm/windows/poc-mdm-server/go.mod b/tools/mdm/windows/poc-mdm-server/go.mod deleted file mode 100644 index eec8c9df4a..0000000000 --- a/tools/mdm/windows/poc-mdm-server/go.mod +++ /dev/null @@ -1,10 +0,0 @@ -module github.com/oscartbeaumont/windows_mdm - -go 1.12 - -require ( - github.com/ernesto-jimenez/httplogger v0.0.0-20220128121225-117514c3f345 - github.com/go-xmlfmt/xmlfmt v1.1.2 - github.com/gorilla/handlers v1.4.2 - github.com/gorilla/mux v1.7.3 -) diff --git a/tools/mdm/windows/poc-mdm-server/go.sum b/tools/mdm/windows/poc-mdm-server/go.sum deleted file mode 100644 index 20420b983e..0000000000 --- a/tools/mdm/windows/poc-mdm-server/go.sum +++ /dev/null @@ -1,8 +0,0 @@ -github.com/ernesto-jimenez/httplogger v0.0.0-20220128121225-117514c3f345 h1:AZLrCR38RDhsyCQakz1UxCx72As18Ai5mObrKvT8DK8= -github.com/ernesto-jimenez/httplogger v0.0.0-20220128121225-117514c3f345/go.mod h1:pw+gaKQ52Cl/SrERU62yQAiWauPpLgKpuR1hkxwL4tM= -github.com/go-xmlfmt/xmlfmt v1.1.2 h1:Nea7b4icn8s57fTx1M5AI4qQT5HEM3rVUO8MuE6g80U= -github.com/go-xmlfmt/xmlfmt v1.1.2/go.mod h1:aUCEOzzezBEjDBbFBoSiya/gduyIiWYRP6CnSFIV8AM= -github.com/gorilla/handlers v1.4.2 h1:0QniY0USkHQ1RGCLfKxeNHK9bkDHGRYGNDFBCS+YARg= -github.com/gorilla/handlers v1.4.2/go.mod h1:Qkdc/uu4tH4g6mTK6auzZ766c4CA0Ng8+o/OAirnOIQ= -github.com/gorilla/mux v1.7.3 h1:gnP5JzjVOuiZD07fKKToCAOjS0yOpj/qPETTXCCS6hw= -github.com/gorilla/mux v1.7.3/go.mod h1:1lud6UwP+6orDFRuTfBEV8e9/aOM/c4fVVCaMa2zaAs= diff --git a/tools/mdm/windows/poc-mdm-server/identity/identity.crt b/tools/mdm/windows/poc-mdm-server/identity/identity.crt deleted file mode 100644 index 7a596cb359..0000000000 Binary files a/tools/mdm/windows/poc-mdm-server/identity/identity.crt and /dev/null differ diff --git a/tools/mdm/windows/poc-mdm-server/identity/identity.key b/tools/mdm/windows/poc-mdm-server/identity/identity.key deleted file mode 100644 index 0c01e31f61..0000000000 Binary files a/tools/mdm/windows/poc-mdm-server/identity/identity.key and /dev/null differ diff --git a/tools/mdm/windows/poc-mdm-server/main.go b/tools/mdm/windows/poc-mdm-server/main.go deleted file mode 100644 index 5da8596790..0000000000 --- a/tools/mdm/windows/poc-mdm-server/main.go +++ /dev/null @@ -1,180 +0,0 @@ -package main - -import ( - "bytes" - "flag" - "fmt" - "io" - "net/http" - "net/http/httptest" - "net/http/httputil" - "os" - - "github.com/go-xmlfmt/xmlfmt" - "github.com/gorilla/mux" -) - -// Code forked from https://github.com/oscartbeaumont/windows_mdm -// Global config, populated via Command line flags -var ( - domain string - deepLinkUserEmail string - authPolicy string - profileDir string - staticDir string - verbose bool -) - -func main() { - fmt.Println("Starting Windows MDM Demo Server") - - // Parse CMD flags. This populates the varibles defined above - flag.StringVar(&domain, "domain", "mdmwindows.com", "Your servers primary domain") - flag.StringVar(&deepLinkUserEmail, "dl-user-email", "demo@mdmwindows.com", "An email of the enrolling user when using the Deeplink ('/deeplink')") - flag.StringVar(&authPolicy, "auth-policy", "OnPremise", "An email of the enrolling user when using the Deeplink ('/deeplink')") - flag.StringVar(&profileDir, "mdm-profile-dir", "./profile", "The MDM policy directory contains the SyncML MDM profile commmands to enforce to enrolled devices") - flag.StringVar(&staticDir, "static-dir", "./static", "The directory to serve static files") - flag.BoolVar(&verbose, "verbose", false, "HTTP traffic dump") - flag.Parse() - - // Verify authPolicy is valid - if authPolicy != "Federated" && authPolicy != "OnPremise" { - panic("unsupported authpolicy") - } - - // Checking if profile directory exists - _, err := os.Stat(profileDir) - if err != nil { - if os.IsNotExist(err) { - panic("profile directory does not exists") - } else { - panic(err) - } - } - - // Checking if static directory exists - _, err = os.Stat(staticDir) - if err != nil { - if os.IsNotExist(err) { - panic("static directory does not exists") - } else { - panic(err) - } - } - - // Create HTTP request router - r := mux.NewRouter() - - // MS-MDE and MS-MDM endpoints - r.Path("/EnrollmentServer/Discovery.svc").Methods("GET", "POST").HandlerFunc(DiscoveryHandler) - r.Path("/EnrollmentServer/Policy.svc").Methods("POST").HandlerFunc(PolicyHandler) - r.Path("/EnrollmentServer/Enrollment.svc").Methods("POST").HandlerFunc(EnrollHandler) - r.Path("/ManagementServer/MDM.svc").Methods("POST").HandlerFunc(ManageHandler) - - // Static root endpoint - r.Path("/").Methods("GET").HandlerFunc(func(w http.ResponseWriter, r *http.Request) { - w.Header().Set("Content-Type", "text/html; charset=UTF-8") - w.Write([]byte(`

FleetDM Windows MDM Demo Server

.
`)) - w.Write([]byte(`
`)) - }) - - // Static file serve - fileServer := http.FileServer(http.Dir(staticDir)) - r.PathPrefix("/").Handler(http.StripPrefix("/static", fileServer)) - - // Start HTTPS Server - fmt.Println("HTTPS server listening on port 443") - err = http.ListenAndServeTLS(":443", "./certs/dev_cert_mdmwindows_com_cert.pem", "./certs/dev_cert_mdmwindows_com.key", globalHandler(r)) - if err != nil { - panic(err) - } -} - -// drainBody reads all of bytes to memory and then returns two equivalent -// ReadClosers yielding the same bytes. -// -// It returns an error if the initial slurp of all bytes fails. It does not attempt -// to make the returned ReadClosers have identical error-matching behavior. -func drainBody(b io.ReadCloser) (r1, r2 io.ReadCloser, body []byte, err error) { - if b == nil || b == http.NoBody { - // No copying needed. Preserve the magic sentinel meaning of NoBody. - return http.NoBody, http.NoBody, nil, nil - } - var buf bytes.Buffer - if _, err = buf.ReadFrom(b); err != nil { - return nil, b, nil, err - } - if err = b.Close(); err != nil { - return nil, b, nil, err - } - return io.NopCloser(&buf), io.NopCloser(bytes.NewReader(buf.Bytes())), buf.Bytes(), nil -} - -// global HTTP handler to log input and output https traffic -func globalHandler(h http.Handler) http.Handler { - return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { - if verbose { - // grabbing Input Header and Body - reqHeader, err := httputil.DumpRequest(r, false) - if err != nil { - panic(err) - } - - var bodyBytes []byte - reqBodySave := r.Body - if r.Body != nil { - reqBodySave, r.Body, bodyBytes, err = drainBody(r.Body) - if err != nil { - panic(err) - } - } - r.Body = reqBodySave - - var beautifiedReqBody string - if len(bodyBytes) > 0 { - beautifiedReqBody = xmlfmt.FormatXML(string(bodyBytes), " ", " ") - } - - fmt.Printf("\n\n============================= Input Request =============================\n") - fmt.Println("----------- Input Header -----------\n", string(reqHeader)) - if len(beautifiedReqBody) > 0 { - fmt.Println("----------- Input Body -----------\n", string(beautifiedReqBody)) - } else { - fmt.Printf("----------- Empty Input Body -----------\n") - } - fmt.Printf("=========================================================================\n\n\n") - } - - rec := httptest.NewRecorder() - h.ServeHTTP(rec, r) - - if verbose { - // grabbing Output Header and Body - var beautifiedResponseBody string - responseBody := rec.Body.Bytes() - if len(responseBody) > 0 { - beautifiedResponseBody = xmlfmt.FormatXML(string(responseBody), " ", " ") - } - - responseHeader, err := httputil.DumpResponse(rec.Result(), false) - if err != nil { - panic(err) - } - - fmt.Printf("\n\n============================= Output Response =============================\n") - fmt.Println("----------- Response Header -----------\n", string(responseHeader)) - if len(beautifiedResponseBody) > 0 { - fmt.Println("----------- Response Body -----------\n", string(beautifiedResponseBody)) - } else { - fmt.Printf("----------- Empty Response Body -----------\n") - } - fmt.Printf("=========================================================================\n\n\n") - } - - // we copy the captured response headers to our new response - for k, v := range rec.Header() { - w.Header()[k] = v - } - w.Write(rec.Body.Bytes()) - }) -} diff --git a/tools/mdm/windows/poc-mdm-server/mde_discovery.go b/tools/mdm/windows/poc-mdm-server/mde_discovery.go deleted file mode 100644 index e7730378d9..0000000000 --- a/tools/mdm/windows/poc-mdm-server/mde_discovery.go +++ /dev/null @@ -1,65 +0,0 @@ -package main - -import ( - "io/ioutil" - "net/http" - "regexp" - "strconv" - "strings" -) - -// DiscoveryHandler is the HTTP handler assosiated with the enrollment protocol's discovery endpoint. -func DiscoveryHandler(w http.ResponseWriter, r *http.Request) { - // Return HTTP Status 200 Ok when a HTTP GET request is received. - if r.Method == http.MethodGet { - w.WriteHeader(http.StatusOK) - return - } - - // Read The HTTP Request body - bodyRaw, err := ioutil.ReadAll(r.Body) - if err != nil { - panic(err) - } - body := string(bodyRaw) - - // Retrieve the MessageID From The Body For The Response - messageID := strings.Replace(strings.Replace(regexp.MustCompile(`[\s\S]*?<\/a:MessageID>`).FindStringSubmatch(body)[0], "", "", -1), "", "", -1) - - var extraParams = "" - if authPolicy == "Federated" { - extraParams += "https://" + domain + "/EnrollmentServer/Auth" - } - - // Create response payload - response := []byte(` - - - http://schemas.microsoft.com/windows/management/2012/01/enrollment/IDiscoveryService/DiscoverResponse - 8c6060c4-3d78-4d73-ae17-e8bce88426ee - - ` + messageID + ` - - - - - ` + authPolicy + ` - 4.0 - https://` + domain + `/EnrollmentServer/Policy.svc - https://` + domain + `/EnrollmentServer/Enrollment.svc - ` + extraParams + ` - - - - - `) - - // Return response body - w.Header().Set("Content-Type", "application/soap+xml; charset=utf-8") - w.Header().Set("Content-Length", strconv.Itoa(len(response))) - w.Write(response) -} diff --git a/tools/mdm/windows/poc-mdm-server/mde_enrollment.go b/tools/mdm/windows/poc-mdm-server/mde_enrollment.go deleted file mode 100644 index 5a34da80d0..0000000000 --- a/tools/mdm/windows/poc-mdm-server/mde_enrollment.go +++ /dev/null @@ -1,237 +0,0 @@ -package main - -import ( - "crypto/rand" - "crypto/sha1" - "crypto/x509" - "crypto/x509/pkix" - "encoding/base64" - "fmt" - "io/ioutil" - "math/big" - mathrand "math/rand" - "net/http" - "regexp" - "strconv" - "strings" - "time" -) - -// EnrollHandler is the HTTP handler assosiated with the enrollment protocol's enrollment endpoint. -func EnrollHandler(w http.ResponseWriter, r *http.Request) { - // Read The HTTP Request body - bodyRaw, err := ioutil.ReadAll(r.Body) - if err != nil { - panic(err) - } - body := string(bodyRaw) - - // Retrieve the MessageID From The Body For The Response - messageID := strings.Replace(strings.Replace(regexp.MustCompile(`[\s\S]*?<\/a:MessageID>`).FindStringSubmatch(body)[0], "", "", -1), "", "", -1) - - // Retrieve the BinarySecurityToken (which contains a Certificate Signing Request) From The Body For The Response - binarySecurityToken := strings.Replace(strings.Replace(regexp.MustCompile(`[\s\S]*?<\/wsse:BinarySecurityToken>`).FindStringSubmatch(body)[0], ``, "", -1), "", "", -1) - - // Retrieve the DeviceID From The Body For The Response - deviceID := strings.Replace(strings.Replace(regexp.MustCompile(`[\s\S]*?<\/ac:Value><\/ac:ContextItem>`).FindStringSubmatch(body)[0], ``, "", -1), "", "", -1) - - // Retrieve the EnrollmentType From The Body For The Response - enrollmentType := strings.Replace(strings.Replace(regexp.MustCompile(`[\s\S]*?<\/ac:Value><\/ac:ContextItem>`).FindStringSubmatch(body)[0], ``, "", -1), "", "", -1) - - /* Sign binary security token */ - // Load raw Root CA - rootCertificateDer, err := ioutil.ReadFile("./identity/identity.crt") - if err != nil { - panic(err) - } - rootPrivateKeyDer, err := ioutil.ReadFile("./identity/identity.key") - if err != nil { - panic(err) - } - - // Convert the raw Root CA cert & key to parsed version - rootCert, err := x509.ParseCertificate(rootCertificateDer) - if err != nil { - panic(err) - } - - rootPrivateKey, err := x509.ParsePKCS1PrivateKey(rootPrivateKeyDer) - if err != nil { - panic(err) - } - - // Decode Base64 - csrRaw, err := base64.StdEncoding.DecodeString(binarySecurityToken) - if err != nil { - panic(err) - } - - // Decode and verify CSR - csr, err := x509.ParseCertificateRequest(csrRaw) - if err != nil { - panic(err) - } - if err = csr.CheckSignature(); err != nil { - panic(err) - } - - // Create client identity certificate - NotBefore1 := time.Now().Add(time.Duration(mathrand.Int31n(120)) * -time.Minute) // This randomises the creation time a bit for added security (Recommended by x509 signing article not the MDM spec) - clientCertificate := &x509.Certificate{ - Signature: csr.Signature, - SignatureAlgorithm: csr.SignatureAlgorithm, - PublicKeyAlgorithm: csr.PublicKeyAlgorithm, - PublicKey: csr.PublicKey, - SerialNumber: big.NewInt(2), - Issuer: rootCert.Issuer, - Subject: pkix.Name{ - CommonName: deviceID, - }, // The Subject is not used from the CSR because the characters in it are causing issues. - NotBefore: NotBefore1, - NotAfter: NotBefore1.Add(365 * 24 * time.Hour), - KeyUsage: x509.KeyUsageDigitalSignature, - ExtKeyUsage: []x509.ExtKeyUsage{x509.ExtKeyUsageClientAuth}, - } - - // Sign certificate with the identity - clientCRTRaw, err := x509.CreateCertificate(rand.Reader, clientCertificate, rootCert, csr.PublicKey, rootPrivateKey) - if err != nil { - panic(err) - } - - // Note: SHA-1 Hash OID is deprecated - - // Fingerprint (SHA-1 hash) of client certificate - h := sha1.New() - h.Write(clientCRTRaw) - signedClientCertFingerprint := strings.ToUpper(fmt.Sprintf("%x", h.Sum(nil))) // TODO: Cleanup -> This line is probally messer than it needs to be - - // Fingerprint (SHA-1 hash) of client certificate - h2 := sha1.New() - h2.Write(rootCertificateDer) - identityCertFingerprint := strings.ToUpper(fmt.Sprintf("%x", h2.Sum(nil))) // TODO: Cleanup -> This line is probally messer than it needs to be - - // Determain Certstore - certStore := "User" - if enrollmentType == "Device" { - certStore = "System" - } - - // End Sign binary security token - - // Generate WAP provisioning profile for inside the payload - wapProvisionProfile := ` - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - ` - - wapProvisionProfileRaw := []byte(strings.ReplaceAll(strings.ReplaceAll(wapProvisionProfile, "\n", ""), "\t", "")) - - // Create response payload - response := []byte(` - - - http://schemas.microsoft.com/windows/pki/2009/01/enrollment/RSTRC/wstep - ` + messageID + ` - - - 2018-11-30T00:32:59.420Z - 2018-12-30T00:37:59.420Z - - - - - - - http://schemas.microsoft.com/5.0.0.0/ConfigurationManager/Enrollment/DeviceEnrollmentToken - - - - ` + base64.StdEncoding.EncodeToString(wapProvisionProfileRaw) + ` - - - 0 - - - - - `) - - // Return response body - w.Header().Set("Content-Type", "application/soap+xml; charset=utf-8") - w.Header().Set("Content-Length", strconv.Itoa(len(response))) - w.Write(response) -} diff --git a/tools/mdm/windows/poc-mdm-server/mde_policy.go b/tools/mdm/windows/poc-mdm-server/mde_policy.go deleted file mode 100644 index 6f323cc049..0000000000 --- a/tools/mdm/windows/poc-mdm-server/mde_policy.go +++ /dev/null @@ -1,94 +0,0 @@ -package main - -import ( - "io/ioutil" - "net/http" - "regexp" - "strconv" - "strings" -) - -// PolicyHandler is the HTTP handler assosiated with the enrollment protocol's policy endpoint. -func PolicyHandler(w http.ResponseWriter, r *http.Request) { - // Read The HTTP Request body - bodyRaw, err := ioutil.ReadAll(r.Body) - if err != nil { - panic(err) - } - body := string(bodyRaw) - - // Retrieve the MessageID From The Body For The Response - messageID := strings.Replace(strings.Replace(regexp.MustCompile(`[\s\S]*?<\/a:MessageID>`).FindStringSubmatch(body)[0], "", "", -1), "", "", -1) - - response := []byte(` - - - http://schemas.microsoft.com/windows/pki/2009/01/enrollmentpolicy/IPolicy/GetPoliciesResponse - ` + messageID + ` - - - - - - - - - - - 0 - - - CEPUnitTest - 3 - - 1209600 - 172800 - - - true - false - - - 2048 - - - - - - - - 101 - 0 - - - - - - - 0 - - - - - - - - - - 1.3.14.3.2.29 - 1 - 0 - szOID_NIST_sha256 - - - - - `) - - // Return response body - w.Header().Set("Content-Type", "application/soap+xml; charset=utf-8") - w.Header().Set("Content-Length", strconv.Itoa(len(response))) - w.Write(response) -} diff --git a/tools/mdm/windows/poc-mdm-server/mdm_manage.go b/tools/mdm/windows/poc-mdm-server/mdm_manage.go deleted file mode 100644 index 63edf18c10..0000000000 --- a/tools/mdm/windows/poc-mdm-server/mdm_manage.go +++ /dev/null @@ -1,311 +0,0 @@ -package main - -import ( - "encoding/xml" - "fmt" - "io/ioutil" - "net" - "net/http" - "os" - "strconv" - "strings" -) - -// SyncML XML Parsing Types - This needs to be improved -type SyncMLHeader struct { - DTD string `xml:"VerDTD"` - Version string `xml:"VerProto"` - SessionID int `xml:"SessionID"` - MsgID int `xml:"MsgID"` - Target string `xml:"Target>LocURI"` - Source string `xml:"Source>LocURI"` - MaxMsgSize int `xml:"Meta>A:MaxMsgSize"` -} - -type SyncMLCommandMeta struct { - XMLinfo string `xml:"xmlns,attr"` - Type string `xml:"Type"` -} - -type SyncMLCommandItem struct { - Meta SyncMLCommandMeta `xml:"Meta"` - Source string `xml:"Source>LocURI"` - Data string `xml:"Data"` -} - -type SyncMLCommand struct { - XMLName xml.Name - CmdID int `xml:",omitempty"` - MsgRef string `xml:",omitempty"` - CmdRef string `xml:",omitempty"` - Cmd string `xml:",omitempty"` - Target string `xml:"Target>LocURI"` - Source string `xml:"Source>LocURI"` - Data string `xml:",omitempty"` - Item []SyncMLCommandItem `xml:",any"` -} - -type SyncMLBody struct { - Item []SyncMLCommand `xml:",any"` -} - -type SyncMLMessage struct { - XMLinfo string `xml:"xmlns,attr"` - Header SyncMLHeader `xml:"SyncHdr"` - Body SyncMLBody `xml:"SyncBody"` -} - -// Returns the MDM configuration profile SyncML content from profile dir -func getConfigurationProfiles(cmdIDstart int) string { - - files, err := ioutil.ReadDir(profileDir) - if err != nil { - panic(err) - } - - var syncmlCommands string - var tokenCmdID string = "xxcmdidxx" - - for _, file := range files { - fileContent, err := os.ReadFile(profileDir + "/" + file.Name()) - if err != nil { - panic(err) - } - - fileContentStr := string(fileContent) - nrTokenOcurrences := strings.Count(fileContentStr, tokenCmdID) - for i := 0; i < nrTokenOcurrences; i++ { - cmdIDstart++ - - fmt.Printf("\n--------- Command Request %d ---------\n", cmdIDstart) - fmt.Printf("Command payload retrieved from file %s\n", file.Name()) - - fileContentStr = strings.Replace(fileContentStr, tokenCmdID, strconv.Itoa(cmdIDstart), 1) - } - - if len(fileContentStr) > 0 { - syncmlCommands += fileContentStr - syncmlCommands += "\n" - } - } - - //input sanitization - sanitizedSyncmlOutput := strings.ReplaceAll(syncmlCommands, "\r\n", "\n") - if len(sanitizedSyncmlOutput) > 0 { - fmt.Print("\n") - } - return sanitizedSyncmlOutput -} - -// Alert Command IDs -const DeviceUnenrollmentID = "1226" -const HostInitMessageID = "1201" - -// Checks if body contains a DM device unrollment SyncML message -func isDeviceUnenrollmentMessage(body SyncMLBody) bool { - for _, element := range body.Item { - if element.Data == DeviceUnenrollmentID { - return true - } - } - - return false -} - -// Checks if body contains a DM session initialization SyncML message sent by device -func isSessionInitializationMessage(body SyncMLBody) bool { - isUnenrollMessage := isDeviceUnenrollmentMessage(body) - - for _, element := range body.Item { - if element.Data == HostInitMessageID && !isUnenrollMessage { - return true - } - } - - return false -} - -// Get IP address from HTTP Request -func getIP(r *http.Request) (string, error) { - - //Get IP from the X-REAL-IP header - ip := r.Header.Get("X-REAL-IP") - netIP := net.ParseIP(ip) - if netIP != nil { - return ip, nil - } - - //Get IP from X-FORWARDED-FOR header - ips := r.Header.Get("X-FORWARDED-FOR") - splitIps := strings.Split(ips, ",") - for _, ip := range splitIps { - netIP := net.ParseIP(ip) - if netIP != nil { - return ip, nil - } - } - - //Get IP from RemoteAddr - ip, _, err := net.SplitHostPort(r.RemoteAddr) - if err != nil { - return "", err - } - netIP = net.ParseIP(ip) - if netIP != nil { - return ip, nil - } - return "", fmt.Errorf("no valid ip found") -} - -// ManageHandler is the HTTP handler assosiated with the mdm management service. This is what constantly pushes configuration profiles to the device. -func ManageHandler(w http.ResponseWriter, r *http.Request) { - // Read The HTTP Request body - bodyRaw, err := ioutil.ReadAll(r.Body) - if err != nil { - panic(err) - } - - var responseRaw []byte - var response string - var message SyncMLMessage - - //Parsing input SyncML message - if err := xml.Unmarshal(bodyRaw, &message); err != nil { - panic(err) - } - - // Cmd ID variable with getNextCmdID() increment statement hack - CmdID := 0 - getNextCmdID := func(i *int) string { *i++; return strconv.Itoa(*i) } - - // Retrieve the MessageID From The Body For The Response - DeviceID := message.Header.Source - - // Retrieve the SessionID From The Body For The Response - SessionID := message.Header.SessionID - - // Retrieve the MsgID From The Body For The Response - MsgID := message.Header.MsgID - - //Only handle DM session initialization SyncML message sent by device - - // Retrieve the IP Address from calling device - ipAddressBytes, err := getIP(r) - if err != nil { - panic(err) - } - - //Checking the SyncML message types - if isSessionInitializationMessage(message.Body) { - - fmt.Printf("\n========= New OMA-DM session from Windows Host %s (%s) =========\n", string(ipAddressBytes), r.UserAgent()) - - // Create response payload - MDM syncml configuration profiles commands will be enforced here - response = ` - - - - 1.2 - DM/1.2 - ` + strconv.Itoa(SessionID) + ` - ` + strconv.Itoa(MsgID) + ` - - ` + DeviceID + ` - - - https://` + domain + `/ManagementServer/MDM.svc - - - - - ` + getNextCmdID(&CmdID) + ` - ` + strconv.Itoa(MsgID) + ` - 0 - SyncHdr - 200 - - - ` + getNextCmdID(&CmdID) + ` - ` + strconv.Itoa(MsgID) + ` - 2 - Alert - 200 - - - ` + getNextCmdID(&CmdID) + ` - ` + strconv.Itoa(MsgID) + ` - 3 - Alert - 200 - - - ` + getNextCmdID(&CmdID) + ` - ` + strconv.Itoa(MsgID) + ` - 4 - Replace - 200 - - ` + getConfigurationProfiles(CmdID) + ` - - - ` - - // Return response - responseRaw = []byte(strings.ReplaceAll(strings.ReplaceAll(response, "\n", ""), "\t", "")) - w.Header().Set("Content-Type", "application/vnd.syncml.dm+xml") - w.Header().Set("Content-Length", strconv.Itoa(len(response))) - w.Write(responseRaw) - } else { - - //Log if this is a device unrollment message - if isDeviceUnenrollmentMessage(message.Body) { - fmt.Printf("\nWindows Device at %s was removed from MDM!\n\n", string(ipAddressBytes)) - } - - //Acknowledge the HTTP request sent by device - response = ` - - - - 1.2 - DM/1.2 - ` + strconv.Itoa(SessionID) + ` - ` + strconv.Itoa(MsgID) + ` - - ` + DeviceID + ` - - - https://` + domain + `/ManagementServer/MDM.svc - - - - - ` + getNextCmdID(&CmdID) + ` - ` + strconv.Itoa(MsgID) + ` - 0 - SyncHdr - 200 - - - - ` - - // Dump Response Payload - for _, element := range message.Body.Item { - if element.XMLName.Local != "Final" && element.Cmd != "SyncHdr" { - commandStr, _ := xml.MarshalIndent(element, "", " ") - if element.XMLName.Local == "Status" { - fmt.Printf("\n--------- Command Response %s - Return Code: %s ---------\n", element.CmdRef, element.Data) - } else { - fmt.Printf("%s\n", commandStr) - } - } - } - - // Return response body - responseRaw = []byte(strings.ReplaceAll(strings.ReplaceAll(response, "\n", ""), "\t", "")) - w.Header().Set("Content-Type", "application/vnd.syncml.dm+xml") - w.Header().Set("Content-Length", strconv.Itoa(len(response))) - w.Write(responseRaw) - } -} diff --git a/tools/mdm/windows/poc-mdm-server/misc/mdm_ngrok_comm_dump.txt b/tools/mdm/windows/poc-mdm-server/misc/mdm_ngrok_comm_dump.txt deleted file mode 100644 index c47c1753e1..0000000000 --- a/tools/mdm/windows/poc-mdm-server/misc/mdm_ngrok_comm_dump.txt +++ /dev/null @@ -1,744 +0,0 @@ -Starting Windows MDM Demo Server -HTTPS server listening on port 443 - - -============================= Input Request ============================= ------------ Input Header ----------- - GET /EnrollmentServer/Discovery.svc HTTP/1.1 -Host: enterpriseenrollment.fleetdm.ngrok.io -Accept-Encoding: gzip -Cache-Control: no-cache -Pragma: no-cache -User-Agent: ENROLLClient -X-Forwarded-For: 186.12.187.37 -X-Forwarded-Proto: https - - ------------ Empty Input Body ----------- -========================================================================= - - - - -============================= Output Response ============================= ------------ Response Header ----------- - HTTP/1.1 200 OK -Connection: close - - ------------ Empty Response Body ----------- -========================================================================= - - - - -============================= Input Request ============================= ------------ Input Header ----------- - POST /EnrollmentServer/Discovery.svc HTTP/1.1 -Host: enterpriseenrollment.fleetdm.ngrok.io -Accept-Encoding: gzip -Content-Length: 1046 -Content-Type: application/soap+xml; charset=utf-8 -User-Agent: ENROLLClient -X-Forwarded-For: 186.12.187.37 -X-Forwarded-Proto: https - - ------------ Input Body ----------- - - - - http://schemas.microsoft.com/windows/management/2012/01/enrollment/IDiscoveryService/Discover - urn:uuid:748132ec-a575-4329-b01b-6171a9cf8478 - - http://www.w3.org/2005/08/addressing/anonymous - - https://EnterpriseEnrollment.fleetdm.ngrok.io:443/EnrollmentServer/Discovery.svc - - - - - demo@fleetdm.ngrok.io - 4.0 - CIMClient_Windows - 10.0.19043.2364 - 72 - - OnPremise - Federated - - - - - -========================================================================= - - - - -============================= Output Response ============================= ------------ Response Header ----------- - HTTP/1.1 200 OK -Content-Length: 1127 -Content-Type: application/soap+xml; charset=utf-8 - - ------------ Response Body ----------- - - - - - http://schemas.microsoft.com/windows/management/2012/01/enrollment/IDiscoveryService/DiscoverResponse - 8c6060c4-3d78-4d73-ae17-e8bce88426ee - - urn:uuid:748132ec-a575-4329-b01b-6171a9cf8478 - - - - - OnPremise - 4.0 - https://windows.fleetdm.ngrok.io/EnrollmentServer/Policy.svc - https://windows.fleetdm.ngrok.io/EnrollmentServer/Enrollment.svc - - - - -========================================================================= - - - - -============================= Input Request ============================= ------------ Input Header ----------- - POST /EnrollmentServer/Policy.svc HTTP/1.1 -Host: windows.fleetdm.ngrok.io -Accept-Encoding: gzip -Content-Length: 1491 -Content-Type: application/soap+xml; charset=utf-8 -User-Agent: ENROLLClient -X-Forwarded-For: 186.12.187.37 -X-Forwarded-Proto: https - - ------------ Input Body ----------- - - - - http://schemas.microsoft.com/windows/pki/2009/01/enrollmentpolicy/IPolicy/GetPolicies - urn:uuid:72048B64-0F19-448F-8C2E-B4C661860AA0 - - http://www.w3.org/2005/08/addressing/anonymous - - https://windows.fleetdm.ngrok.io/EnrollmentServer/Policy.svc - - - demio - demo - - - - - - - - - - - - - -========================================================================= - - - - -============================= Output Response ============================= ------------ Response Header ----------- - HTTP/1.1 200 OK -Content-Length: 1378 -Content-Type: application/soap+xml; charset=utf-8 - - ------------ Response Body ----------- - - - - - http://schemas.microsoft.com/windows/pki/2009/01/enrollmentpolicy/IPolicy/GetPoliciesResponse - urn:uuid:72048B64-0F19-448F-8C2E-B4C661860AA0 - - - - - - - - 3 - - 2048 - - - - - - - - - - 1.3.6.1.4.1.311.20.2 - 1 - 5 - Certificate Template Name - - - - - -========================================================================= - - - - -============================= Input Request ============================= ------------ Input Header ----------- - POST /EnrollmentServer/Enrollment.svc HTTP/1.1 -Host: windows.fleetdm.ngrok.io -Accept-Encoding: gzip -Content-Length: 4291 -Content-Type: application/soap+xml; charset=utf-8 -User-Agent: ENROLLClient -X-Forwarded-For: 186.12.187.37 -X-Forwarded-Proto: https - - ------------ Input Body ----------- - - - - http://schemas.microsoft.com/windows/pki/2009/01/enrollment/RST/wstep - urn:uuid:0d5a1441-5891-453b-becf-a2e5f6ea3749 - - http://www.w3.org/2005/08/addressing/anonymous - - https://windows.fleetdm.ngrok.io/EnrollmentServer/Enrollment.svc - - - demio - demo - - - - - - http://schemas.microsoft.com/5.0.0.0/ConfigurationManager/Enrollment/DeviceEnrollmentToken - http://docs.oasis-open.org/ws-sx/ws-trust/200512/Issue - MIICzjCCAboCAQAwSzFJMEcGA1UEAxNANTYyQTdGOUEtNkNEOC00MEIwLTlFN0UtMERCREQ4IUI1Qjk1NEU4MUZCQ0I5NEVCNzlCRDA4QkU2MjVGNEVFADCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMvnEuvyyF83tC62/ieHRcvwpOQIY3Kb25QeKF+rdipV+D2v7DkSYTKeM/2fThvr/5ul9c68UF9OOjQoaTrX5n83lzfeWMFeU2BHrl7KyxMzlLQtoD0+CNpfn9VKJRpPy0T34QfUpf1n65rzdSxsLAST/aCN4Yx/cAiy0Q2QC4DmumjemVY19gAMFkhSET+axgwij+XS9IQvkxyiZu56uKuRmOGnvhhQO5xfLmI+40FUEB8xwvYYVxxPsqIJ/s26hVtVzHpV32G5fGvfMqcK1oJFm8r2uGhEtnFoJg9SKKhseDbFRJd2yMBC+XlUhF6AQEnmXa+eZQ/drpE1QV7CTJkCAwEAAaBCMEAGCSqGSIb3DQEJDjEzMDEwLwYKKwYBBAGCN0IBAAQhQjVCOTU0RTgxRkJDQjk0RUI3OUJEMDhCRTYyNUY0RUUAMAkGBSsOAwIdBQADggEBABhELIKSCCrNS9BP9cd7EVLjevQooRvbxAC+SnDV9kUJTqascPJR+U5zZVc8eac7jmvCHoE69CYDvdKe9au/Zftq1vRAxFpj8PKpv0ZmaIFiwkjb2VTXKKqCzAGaiQg9ysLbQ8j+3l2CPMYDN0JPTl+nC8GxUSRMfCisyIEcQS3TtYC8p9PnfZJzUEr0SPIV1FBYAO9+FcGpSZXSm4CN6byZORYE0FgEaPoLHQkI2h1PXkYzalJh6Grv/Lc0+6QpbfWVnjjaCm8CATQHuFcL5FuhvlsggRfAtgTYCk69p705y8EINxUJYQRX4npQbPNekZLfbZnRp7hThYvB61iDrkU= - - - true - - - 3B3ED6D0EA88CBFCF37D36F90F22FE61172348C0162FC3840D6703149870CE76 - - - en-US - - - true - - - 72 - - - DESKTOP-28FGAI6 - - - 00-0C-29-51-60-9D - - - 1A-77-20-52-41-53 - - - 1A-77-20-52-41-53 - - - 00-0C-29-51-60-A7 - - - 18-14-20-52-41-53 - - - 00-0C-29-51-60-93 - - - B5B954E81FBCB94EB79BD08BE625F4EE - - - Full - - - CIMClient_Windows - - - 10.0.19043.2364 - - - 10.0.19043.2364 - - - false - - - - - -========================================================================= - - - - -============================= Output Response ============================= ------------ Response Header ----------- - HTTP/1.1 200 OK -Content-Length: 8626 -Content-Type: application/soap+xml; charset=utf-8 - - ------------ Response Body ----------- - - - - - http://schemas.microsoft.com/windows/pki/2009/01/enrollment/RSTRC/wstep - urn:uuid:0d5a1441-5891-453b-becf-a2e5f6ea3749 - - - 2018-11-30T00:32:59.420Z - 2018-12-30T00:37:59.420Z - - - - - - - http://schemas.microsoft.com/5.0.0.0/ConfigurationManager/Enrollment/DeviceEnrollmentToken - - - PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48d2FwLXByb3Zpc2lvbmluZ2RvYyB2ZXJzaW9uPSIxLjEiPjxjaGFyYWN0ZXJpc3RpYyB0eXBlPSJDZXJ0aWZpY2F0ZVN0b3JlIj48Y2hhcmFjdGVyaXN0aWMgdHlwZT0iUm9vdCI+PGNoYXJhY3RlcmlzdGljIHR5cGU9IlN5c3RlbSI+PGNoYXJhY3RlcmlzdGljIHR5cGU9IkQ5QTg4RTA0QUYxOEE0RDM5OUNFRTYyRjJDNzE0NjlDM0FFMUU2NzUiPjxwYXJtIG5hbWU9IkVuY29kZWRDZXJ0aWZpY2F0ZSIgdmFsdWU9Ik1JSUZUakNDQXphZ0F3SUJBZ0lVQU1sQkJEYjU2bUZGVVpPaDM1TW1QVHVWNkpjd0RRWUpLb1pJaHZjTkFRRUxCUUF3UHpFWk1CY0dBMVVFQ2d3UVRXRjBkSEpoZUNCSlpHVnVkR2wwZVRFaU1DQUdBMVVFQXd3WlYybHVaRzkzY3lCTlJFMGdSR1Z0YnlCSlpHVnVkR2wwZVRBZUZ3MHlNVEF4TURNd01qUTBNREphRncweU5EQXhNRE13TWpRME1ESmFNRDh4R1RBWEJnTlZCQW9NRUUxaGRIUnlZWGdnU1dSbGJuUnBkSGt4SWpBZ0JnTlZCQU1NR1ZkcGJtUnZkM01nVFVSTklFUmxiVzhnU1dSbGJuUnBkSGt3Z2dJaU1BMEdDU3FHU0liM0RRRUJBUVVBQTRJQ0R3QXdnZ0lLQW9JQ0FRQytnNjJHaHNFR2U0WGYvNWw4MG1POEZDOHNNWTZxR0MwZEI4YXZjSlhQdVIxTjREUVpBRkhIS2pnTTFMcFk0NVB6eHhTbUQxWTBSZFF3YUpMejAvV1F6c0RBRmhQRTdCeEI1SjBSVU1ZaVg5Yk01cCsyZmlmMFhua2xCUjE2RG5vNi9aeHdsdnZtMW1TN1RQUkZNcUhGZFB5WW0wZVc4RzAxUXBkMWVhVDdKQVhEcjN1a25yeXpmTjUxN3hzaGxJSmhVYUJtTTZRWng2L3UrS3ZhWkRGWmk1akdTekVJVHFFcy8zcFU4UFcvQm1OR1pYUkNWd2NHVGJwSG9IejczVlg3VlNEb1poWTVQNXp0VzUvZ29wOVJEQ0dxU0lJck5rNGJhOTlGd1liTnJPWDVnYktQOHJJN3VEdXBLRVlTaE5xQ250VC9ETjZXTUVSVWhkYkgzVExXeWhMSzhrbmxQTWVOSG9QTjFXK0pSZUowZVk4d0JWUVBHUENxdmJnZ3lYZ1drOTRHT3ExdDhiTmljSkRXVFpaQy9nTzRlV2FyU0RlVEJoRS80TlhWTDF5YVpkVEY0TUdBa1VLN24xYkJWT0MzTFQ4dzFEWWJIc290NmRvUTNEQ1M3NGVia1d6aHNKbjRxLyswUXFZTkREaG5FRWxRYWhvSmtCNEgrWGxLNktIeE9WNlpQQlpaTVRMVHNLTDZXRjgxb1k5N2lEc3hhNTd0d1J5a04raXoyYkxwQlBTa1I4ajU2Nnhhb3U4VGo4T2t5ODZCeG42V25MWUxvWFpld0M0VkhQRFYwUDRHQXVBeXZhWXpyM3owV20ydW9FZDBBT1Eyb3dteTAwNnduWW1yWVF4NGtqUGZVakF0UExjZE9iallvTWszTzNZaE5iUWU0TUtOWDdXL1R3SURBUUFCbzBJd1FEQU9CZ05WSFE4QkFmOEVCQU1DQVFZd0R3WURWUjBUQVFIL0JBVXdBd0VCL3pBZEJnTlZIUTRFRmdRVWNsME15cjlpNjAzKytXM3BPMm5WVlZXdmNZc3dEUVlKS29aSWh2Y05BUUVMQlFBRGdnSUJBR01GQXByVmgrK3dXU0NOakl0RkF6bW5qcFRwRmZuVnpQbHZrNXJyU2xrajVTMHlYbk9hU3VOQ25kekhwdURhYzZLd1IwY0NEUVVXNjdnWEgxdUZ3ZTE0MGtOTy92ajkycFFqcUgzTmR4ek51YkE5cXBsRzFqRXN2NXVyNEpWY1NjT002RzlxY2FHUEhTbTRkRFNBazdBUWFDQnV2RUV6Qno3L2o2QTlqS0Y4RHJ4bzU2MkYxb0xIWHVjdTJIU0VuSXJxZWdadDAwbjg3WEpnUXNVTGxoMHB1ejFkRk9FYWNMZHdvM1oxTnpOOUxEamt2Q01NUi9wbFJZVUx1cGhiaEdaL3JkME0wYzdIT0k5MGMyaS82dFlXeDM2TjZiWC9LMTlzQTE1N2ZjY1piQzhFb05iYVI2RlJzUlpQN25RSGtRR204M29kT0cza2tQelJ4b3lTbStIL1ZhM0YyRVZ6VlhRUk9vRHArMktRSThJUmpRMjVwTWxDSCs1Qm5OVmpSMkZ3cHZFU0FKZ0tWZGQ4RkVPQkJPV0dKZ2xaamx3Rm1ZQnVETWE4UnZmeStEU2NMNGxCYTFPMEx1N0xwRjBpNkRyYUZHajBxS3k5SjRkc1FOaXB5elRsR3dpczF1M0E4RFNSbXphNWxzMEtlalQzaXQ5OWQva1A4L2lVam5XOVdvSDRYcVZMMHlCaDUzMExCV1F3QktBck5zenRSNzAvT01mQ0ZnbWFVOEN3VGdrU0dQNFdyK0UzVXd1QWxhQThnWERTYndmM2x4OGlnTUpmRGtPVDVxNWNrb3BNcHpCMGJrbVhVVk9YcUVCRjVwOTA2c3o1UmNzdTRkNnMwZDQ1MnVPSTJnQTBGOXVrWEFKd1A4UTVlUS9PSnBwanF1S1ByQzJnSzhRTDB1THIiIC8+PC9jaGFyYWN0ZXJpc3RpYz48L2NoYXJhY3RlcmlzdGljPjwvY2hhcmFjdGVyaXN0aWM+PGNoYXJhY3RlcmlzdGljIHR5cGU9Ik15Ij48Y2hhcmFjdGVyaXN0aWMgdHlwZT0iVXNlciI+PGNoYXJhY3RlcmlzdGljIHR5cGU9IjhGMkVCRDEzRjM2MTJEN0M0OEMzMEUyNENDNzNBODg0OTI2MTM4NDkiPjxwYXJtIG5hbWU9IkVuY29kZWRDZXJ0aWZpY2F0ZSIgdmFsdWU9Ik1JSUVMVENDQWhXZ0F3SUJBZ0lCQWpBTkJna3Foa2lHOXcwQkFRVUZBREEvTVJrd0Z3WURWUVFLREJCTllYUjBjbUY0SUVsa1pXNTBhWFI1TVNJd0lBWURWUVFEREJsWGFXNWtiM2R6SUUxRVRTQkVaVzF2SUVsa1pXNTBhWFI1TUI0WERUSXpNREV5TXpJeE1EYzBObG9YRFRJME1ERXlNekl4TURjME5sb3dLekVwTUNjR0ExVUVBeE1nUWpWQ09UVTBSVGd4UmtKRFFqazBSVUkzT1VKRU1EaENSVFl5TlVZMFJVVXdnZ0VpTUEwR0NTcUdTSWIzRFFFQkFRVUFBNElCRHdBd2dnRUtBb0lCQVFETDV4THI4c2hmTjdRdXR2NG5oMFhMOEtUa0NHTnltOXVVSGloZnEzWXFWZmc5cit3NUVtRXlualA5bjA0YjYvK2JwZlhPdkZCZlRqbzBLR2s2MStaL041YzMzbGpCWGxOZ1I2NWV5c3NUTTVTMExhQTlQZ2phWDUvVlNpVWFUOHRFOStFSDFLWDlaK3VhODNVc2JDd0VrLzJnamVHTWYzQUlzdEVOa0F1QTVycG8zcGxXTmZZQURCWklVaEUvbXNZTUlvL2wwdlNFTDVNY29tYnVlcmlya1pqaHA3NFlVRHVjWHk1aVB1TkJWQkFmTWNMMkdGY2NUN0tpQ2Y3TnVvVmJWY3g2VmQ5aHVYeHIzektuQ3RhQ1Jadks5cmhvUkxaeGFDWVBVaWlvYkhnMnhVU1hkc2pBUXZsNVZJUmVnRUJKNWwydm5tVVAzYTZSTlVGZXdreVpBZ01CQUFHalNEQkdNQTRHQTFVZER3RUIvd1FFQXdJSGdEQVRCZ05WSFNVRUREQUtCZ2dyQmdFRkJRY0RBakFmQmdOVkhTTUVHREFXZ0JSeVhRekt2MkxyVGY3NWJlazdhZFZWVmE5eGl6QU5CZ2txaGtpRzl3MEJBUVVGQUFPQ0FnRUFpbE5JSXd1VnNlQWI2ZmJ3VnE2NDUyK1JZbWlFU2p5ZVppbWY0cjB6WDZNL2l5L0NzQXc1a1hUdmt2elh6MGtzOVJTdkZuMGtPR2xxSzZZYUQ4VUhmY3pRVmNmYjh3ZjhmTXBUNjhUUlNrTVY5UHFNZmh0TnFrZExGV3VOb1hTYUdYdWRWb1UyOFJpb01VVTFuZzV1TE1UaE5OUGg3c1J1SG9aSjlTYldQU09IZGVVQm0vempacFUyNmxncFgwTDBCN2RQNlN1ajBiemdqVEpENzZmK1ltcUJLR0orM3N2ZW1oY1J2TGNaZ3lCWjJwUEwvVW8xSTl3bEhpS1h4cWpBRVdxU3dibVh6blJoSnFmb1VoeC80WW5FSEZ6R25BTVB5RlNRL21kS1RvMzVJWTJZZWgvMy9hYXpuRWFOZ292K0QxWWhuc2N5Vk04bXhKV2lOUjJkTFZMWklIWWFlbFZVNmZKa0pZeDNyaHdGaVRrVzhhM3kzeml1Y3JOYVRFcGQzYURNSjZLMUM4bzIrdjI0STZYeVE2Nkk1cWpWRVZkclZmK2tCQm5zd3BOd3BxM0NoN2VDZHZIVytXTWU5M2R0S1Y0YjFxNkY3WVFkeXA2ampqNTJsUzM2NnRBQjhjMERGSVhvRnZ4MHhCYVdRbHpnc3FkL2VKbjcxNHpaVG96VUI1anhqcUJEUnZjQXVEdkkzZTN5eUlxRHVsN2lGME1jbklSWXZpVWorSUxZUTZiKysxT2pDWGxwZU5pZXhWQTZqS0RPNEdMdlE4TkZjSllKa0FLQ3NJQXZDTmV5eGpuWlBpcElrYm1Vcjg4NDI3WWdMbjh5ajdqbDFFNEdBRzdGOFFCa2FuRDUwdlp6QjZGdnVDOWdnY29DY21NYVhYZ2tzdmwxWjRBVVZrdz0iIC8+PC9jaGFyYWN0ZXJpc3RpYz48Y2hhcmFjdGVyaXN0aWMgdHlwZT0iUHJpdmF0ZUtleUNvbnRhaW5lciIgLz48L2NoYXJhY3RlcmlzdGljPjwvY2hhcmFjdGVyaXN0aWM+PC9jaGFyYWN0ZXJpc3RpYz48Y2hhcmFjdGVyaXN0aWMgdHlwZT0iQVBQTElDQVRJT04iPjxwYXJtIG5hbWU9IkFQUElEIiB2YWx1ZT0idzciIC8+PHBhcm0gbmFtZT0iUFJPVklERVItSUQiIHZhbHVlPSJERU1PIE1ETSIgLz48cGFybSBuYW1lPSJOQU1FIiB2YWx1ZT0iRmxlZXRETSBEZW1vIFNlcnZlciAtIFdpbmRvd3MiIC8+PHBhcm0gbmFtZT0iQUREUiIgdmFsdWU9Imh0dHBzOi8vd2luZG93cy5mbGVldGRtLm5ncm9rLmlvL01hbmFnZW1lbnRTZXJ2ZXIvTURNLnN2YyIgLz48cGFybSBuYW1lPSJTZXJ2ZXJMaXN0IiB2YWx1ZT0iaHR0cHM6Ly93aW5kb3dzLmZsZWV0ZG0ubmdyb2suaW8vTWFuYWdlbWVudFNlcnZlci9TZXJ2ZXJMaXN0LnN2YyIgLz48cGFybSBuYW1lPSJST0xFIiB2YWx1ZT0iNDI5NDk2NzI5NSIgLz48cGFybSBuYW1lPSJCQUNLQ09NUEFUUkVUUllESVNBQkxFRCIgLz48cGFybSBuYW1lPSJERUZBVUxURU5DT0RJTkciIHZhbHVlPSJhcHBsaWNhdGlvbi92bmQuc3luY21sLmRtK3htbCIgLz48Y2hhcmFjdGVyaXN0aWMgdHlwZT0iQVBQQVVUSCI+PHBhcm0gbmFtZT0iQUFVVEhMRVZFTCIgdmFsdWU9IkNMSUVOVCIgLz48cGFybSBuYW1lPSJBQVVUSFRZUEUiIHZhbHVlPSJESUdFU1QiIC8+PHBhcm0gbmFtZT0iQUFVVEhTRUNSRVQiIHZhbHVlPSJkdW1teSIgLz48cGFybSBuYW1lPSJBQVVUSERBVEEiIHZhbHVlPSJub25jZSIgLz48L2NoYXJhY3RlcmlzdGljPjxjaGFyYWN0ZXJpc3RpYyB0eXBlPSJBUFBBVVRIIj48cGFybSBuYW1lPSJBQVVUSExFVkVMIiB2YWx1ZT0iQVBQU1JWIiAvPjxwYXJtIG5hbWU9IkFBVVRIVFlQRSIgdmFsdWU9IkRJR0VTVCIgLz48cGFybSBuYW1lPSJBQVVUSE5BTUUiIHZhbHVlPSJkdW1teSIgLz48cGFybSBuYW1lPSJBQVVUSFNFQ1JFVCIgdmFsdWU9ImR1bW15IiAvPjxwYXJtIG5hbWU9IkFBVVRIREFUQSIgdmFsdWU9Im5vbmNlIiAvPjwvY2hhcmFjdGVyaXN0aWM+PC9jaGFyYWN0ZXJpc3RpYz48Y2hhcmFjdGVyaXN0aWMgdHlwZT0iRE1DbGllbnQiPjxjaGFyYWN0ZXJpc3RpYyB0eXBlPSJQcm92aWRlciI+PGNoYXJhY3RlcmlzdGljIHR5cGU9IkRFTU8gTURNIj48Y2hhcmFjdGVyaXN0aWMgdHlwZT0iUG9sbCI+PHBhcm0gbmFtZT0iTnVtYmVyT2ZGaXJzdFJldHJpZXMiIHZhbHVlPSI4IiBkYXRhdHlwZT0iaW50ZWdlciIgLz48L2NoYXJhY3RlcmlzdGljPjwvY2hhcmFjdGVyaXN0aWM+PC9jaGFyYWN0ZXJpc3RpYz48L2NoYXJhY3RlcmlzdGljPjwvd2FwLXByb3Zpc2lvbmluZ2RvYz4= - - - 0 - - - - - -========================================================================= - - - - -============================= Input Request ============================= ------------ Input Header ----------- - POST /ManagementServer/MDM.svc?mode=Maintenance&Platform=WoA HTTP/1.1 -Host: windows.fleetdm.ngrok.io -Accept: application/vnd.syncml.dm+xml, application/vnd.syncml.dm+wbxml, application/octet-stream -Accept-Charset: UTF-8 -Accept-Encoding: gzip -Client-Request-Id: 0 -Content-Length: 1001 -Content-Type: application/vnd.syncml.dm+xml -Ms-Cv: OTrP9+n7GU+OcSEg.0.0.0 -User-Agent: MSFT OMA DM Client/1.2.0.1 -X-Forwarded-For: 186.12.187.37 -X-Forwarded-Proto: https - - ------------ Input Body ----------- - - - - 1.2 - DM/1.2 - 1 - 1 - - https://windows.fleetdm.ngrok.io/ManagementServer/MDM.svc - - - B5B954E81FBCB94EB79BD08BE625F4EE - - - - - 2 - 1201 - - - 3 - 1224 - - - com.microsoft/MDM/LoginStatus - - user - - - - 4 - - - ./DevInfo/DevId - - B5B954E81FBCB94EB79BD08BE625F4EE - - - - ./DevInfo/Man - - VMware, Inc. - - - - ./DevInfo/Mod - - VMware7,1 - - - - ./DevInfo/DmV - - 1.3 - - - - ./DevInfo/Lang - - en-US - - - - - -========================================================================= - - - -========= New OMA-DM session from Windows Host 186.12.187.37 (MSFT OMA DM Client/1.2.0.1) ========= - - -============================= Output Response ============================= ------------ Response Header ----------- - HTTP/1.1 200 OK -Content-Length: 1075 -Content-Type: application/vnd.syncml.dm+xml - - ------------ Response Body ----------- - - - - - 1.2 - DM/1.2 - 1 - 1 - - B5B954E81FBCB94EB79BD08BE625F4EE - - - https://windows.fleetdm.ngrok.io/ManagementServer/MDM.svc - - - - - 1 - 1 - 0 - SyncHdr - 200 - - - 2 - 1 - 2 - Alert - 200 - - - 3 - 1 - 3 - Alert - 200 - - - 4 - 1 - 4 - Replace - 200 - - - - -========================================================================= - - - - -============================= Input Request ============================= ------------ Input Header ----------- - POST /ManagementServer/MDM.svc?mode=Maintenance&Platform=WoA HTTP/1.1 -Host: windows.fleetdm.ngrok.io -Accept: application/vnd.syncml.dm+xml, application/vnd.syncml.dm+wbxml, application/octet-stream -Accept-Charset: UTF-8 -Accept-Encoding: gzip -Content-Length: 1208 -Content-Type: application/vnd.syncml.dm+xml -Ms-Cv: OTrP9+n7GU+OcSEg.0.0.1 -User-Agent: MSFT OMA DM Client/1.2.0.1 -X-Forwarded-For: 186.12.187.37 -X-Forwarded-Proto: https - - ------------ Input Body ----------- - - - - 1.2 - DM/1.2 - 2 - 1 - - https://windows.fleetdm.ngrok.io/ManagementServer/MDM.svc - - - B5B954E81FBCB94EB79BD08BE625F4EE - - - - - 2 - 1201 - - - 3 - 1224 - - - com.microsoft/MDM/LoginStatus - - user - - - - 4 - 1226 - - - com.microsoft:mdm.unenrollment.userrequest - int - - 1 - - - - 5 - - - ./DevInfo/DevId - - B5B954E81FBCB94EB79BD08BE625F4EE - - - - ./DevInfo/Man - - VMware, Inc. - - - - ./DevInfo/Mod - - VMware7,1 - - - - ./DevInfo/DmV - - 1.3 - - - - ./DevInfo/Lang - - en-US - - - - - -========================================================================= - - - -Windows Device at 186.12.187.37 was removed from MDM! - - - 2 - - - - - - - 1201 - - - 3 - - - - - - - 1224 - - - com.microsoft/MDM/LoginStatus - - - - - user - - - - 4 - - - - - - - 1226 - - - com.microsoft:mdm.unenrollment.userrequest - - - - - 1 - - - - 5 - - - - - - - - - - - - ./DevInfo/DevId - - B5B954E81FBCB94EB79BD08BE625F4EE - - - - - - - ./DevInfo/Man - - VMware, Inc. - - - - - - - ./DevInfo/Mod - - VMware7,1 - - - - - - - ./DevInfo/DmV - - 1.3 - - - - - - - ./DevInfo/Lang - - en-US - - - - -============================= Output Response ============================= ------------ Response Header ----------- - HTTP/1.1 200 OK -Content-Length: 623 -Content-Type: application/vnd.syncml.dm+xml - - ------------ Response Body ----------- - - - - - 1.2 - DM/1.2 - 2 - 1 - - B5B954E81FBCB94EB79BD08BE625F4EE - - - https://windows.fleetdm.ngrok.io/ManagementServer/MDM.svc - - - - - 1 - 1 - 0 - SyncHdr - 200 - - - - -========================================================================= - - diff --git a/tools/mdm/windows/poc-mdm-server/patch/patch.go b/tools/mdm/windows/poc-mdm-server/patch/patch.go deleted file mode 100644 index a4a5258ae5..0000000000 --- a/tools/mdm/windows/poc-mdm-server/patch/patch.go +++ /dev/null @@ -1,62 +0,0 @@ -package main - -import ( - "bufio" - "fmt" - "os" - "path" -) - -var ( - sourceFilePath = path.Join(os.Getenv("GOROOT"), "src", "encoding", "asn1", "asn1.go") - patchedFilePath = path.Join(os.Getenv("GOROOT"), "src", "encoding", "asn1", "asn1-patched.go") -) - -func main() { - // Check for the GOROOT env varible. Should be set by Go automatically - if os.Getenv("GOROOT") == "" { - panic("Plese set your GOROOT path") - } - - // Load The file and create a scanner - file, err := os.Open(sourceFilePath) - if err != nil { - panic(err) - } - scanner := bufio.NewScanner(file) - - // Open Output File - out, err2 := os.Create(patchedFilePath) - if err2 != nil { - panic(err2) - } - - // Loop of each line of the file checking it - for scanner.Scan() { - out.Write(scanner.Bytes()) - out.Write([]byte("\n")) - - if scanner.Text() == " b == '?' ||" { - scanner.Scan() - if scanner.Text() != " b == '!' || // Windows MDM Certificate Parsing Patch" { - out.Write([]byte(" b == '!' || // Windows MDM Certificate Parsing Patch\n")) - out.Write([]byte(" b == 0 || // Windows MDM Certificate Parsing Patch\n")) - } - - out.Write(scanner.Bytes()) - out.Write([]byte("\n")) - } - } - - // Close writters - file.Close() - out.Close() - - // Replace the main file with the patched one - if err := os.Rename(patchedFilePath, sourceFilePath); err != nil { - panic(err) - } - - // Success - fmt.Println("Patch Applied To Your Go Sources! Please be carefull with the certs you are loading as they could cause undesired outcomes in the future.") -} diff --git a/tools/mdm/windows/poc-mdm-server/profile/replace_personalization_desktop_image_url.xml b/tools/mdm/windows/poc-mdm-server/profile/replace_personalization_desktop_image_url.xml deleted file mode 100644 index 8cf6d4d389..0000000000 --- a/tools/mdm/windows/poc-mdm-server/profile/replace_personalization_desktop_image_url.xml +++ /dev/null @@ -1,13 +0,0 @@ - - xxcmdidxx - - - ./Vendor/MSFT/Personalization/DesktopImageUrl - - - chr - text/plain - - https://fleetdm.com/images/articles/fleet-4.24.0-cover-1600x900@2x.jpg - - \ No newline at end of file diff --git a/tools/mdm/windows/poc-mdm-server/sample_syncml_commands/atomic_install_msi.xml b/tools/mdm/windows/poc-mdm-server/sample_syncml_commands/atomic_install_msi.xml deleted file mode 100644 index 6c38750699..0000000000 --- a/tools/mdm/windows/poc-mdm-server/sample_syncml_commands/atomic_install_msi.xml +++ /dev/null @@ -1,24 +0,0 @@ - - 7 - - 5 - - - ./Device/Vendor/MSFT/EnterpriseDesktopAppManagement/MSI/%7B90413BF7-7D99-482E-A7FB-C6616CC871FC%7D/DownloadInstall - - - - - 6 - - - ./Device/Vendor/MSFT/EnterpriseDesktopAppManagement/MSI/%7B90413BF7-7D99-482E-A7FB-C6616CC871FC%7D/DownloadInstall - - - xml - text/plain - - <MsiInstallJob id="{90413BF7-7D99-482E-A7FB-C6616CC871FC}"><Product Version="1.4.0"><Download><ContentURLList><ContentURL>https://mdmwindows.com/static/fleet-osquery.msi</ContentURL></ContentURLList></Download><Validation><FileHash>3B9FD63248465A51500D41DECC794D1149506EB48EEF9D7A733516B482D16ABB</FileHash></Validation><Enforcement><CommandLine>/quiet</CommandLine><RetryCount>5</RetryCount><RetryInterval>3</RetryInterval></Enforcement></Product></MsiInstallJob> - - - \ No newline at end of file diff --git a/tools/mdm/windows/poc-mdm-server/sample_syncml_commands/disable_date_time.xml b/tools/mdm/windows/poc-mdm-server/sample_syncml_commands/disable_date_time.xml deleted file mode 100644 index eed2a02c1e..0000000000 --- a/tools/mdm/windows/poc-mdm-server/sample_syncml_commands/disable_date_time.xml +++ /dev/null @@ -1,13 +0,0 @@ - - xxcmdidxx - - - ./Device/Vendor/MSFT/Policy/Config/Settings/AllowDateTime - - - int - text/plain - - 0 - - \ No newline at end of file diff --git a/tools/mdm/windows/poc-mdm-server/sample_syncml_commands/disable_defender_realtime_scanning.xml b/tools/mdm/windows/poc-mdm-server/sample_syncml_commands/disable_defender_realtime_scanning.xml deleted file mode 100644 index bcc1d35ea1..0000000000 --- a/tools/mdm/windows/poc-mdm-server/sample_syncml_commands/disable_defender_realtime_scanning.xml +++ /dev/null @@ -1,13 +0,0 @@ - - xxcmdidxx - - - ./Device/Vendor/MSFT/Policy/Config/Defender/AllowRealtimeMonitoring - - - int - text/plain - - 0 - - \ No newline at end of file diff --git a/tools/mdm/windows/poc-mdm-server/sample_syncml_commands/disable_firewall.xml b/tools/mdm/windows/poc-mdm-server/sample_syncml_commands/disable_firewall.xml deleted file mode 100644 index 606804e859..0000000000 --- a/tools/mdm/windows/poc-mdm-server/sample_syncml_commands/disable_firewall.xml +++ /dev/null @@ -1,13 +0,0 @@ - - xxcmdidxx - - - ./Vendor/MSFT/Firewall/MdmStore/PrivateProfile/EnableFirewall - - - bool - text/plain - - false - - \ No newline at end of file diff --git a/tools/mdm/windows/poc-mdm-server/sample_syncml_commands/get_all_installed_certificates.xml b/tools/mdm/windows/poc-mdm-server/sample_syncml_commands/get_all_installed_certificates.xml deleted file mode 100644 index ffda20da09..0000000000 --- a/tools/mdm/windows/poc-mdm-server/sample_syncml_commands/get_all_installed_certificates.xml +++ /dev/null @@ -1,8 +0,0 @@ - - xxcmdidxx - - - ./Vendor/MSFT/CertificateStore/Root/System?list=StructData - - - \ No newline at end of file diff --git a/tools/mdm/windows/poc-mdm-server/sample_syncml_commands/get_csp_versions.xml b/tools/mdm/windows/poc-mdm-server/sample_syncml_commands/get_csp_versions.xml deleted file mode 100644 index a2eb7ac169..0000000000 --- a/tools/mdm/windows/poc-mdm-server/sample_syncml_commands/get_csp_versions.xml +++ /dev/null @@ -1,8 +0,0 @@ - - xxcmdidxx - - - ./Device/Vendor/MSFT/DeviceManageability/Capabilities/CSPVersions - - - \ No newline at end of file diff --git a/tools/mdm/windows/poc-mdm-server/sample_syncml_commands/get_device_name.xml b/tools/mdm/windows/poc-mdm-server/sample_syncml_commands/get_device_name.xml deleted file mode 100644 index d08a026e15..0000000000 --- a/tools/mdm/windows/poc-mdm-server/sample_syncml_commands/get_device_name.xml +++ /dev/null @@ -1,8 +0,0 @@ - - xxcmdidxx - - - ./DevDetail/Ext/Microsoft/DeviceName - - - \ No newline at end of file diff --git a/tools/mdm/windows/poc-mdm-server/sample_syncml_commands/get_hardware_version.xml b/tools/mdm/windows/poc-mdm-server/sample_syncml_commands/get_hardware_version.xml deleted file mode 100644 index d83fdfe44d..0000000000 --- a/tools/mdm/windows/poc-mdm-server/sample_syncml_commands/get_hardware_version.xml +++ /dev/null @@ -1,8 +0,0 @@ - - xxcmdidxx - - - ./DevDetail/HwV - - - \ No newline at end of file diff --git a/tools/mdm/windows/poc-mdm-server/sample_syncml_commands/get_local_time.xml b/tools/mdm/windows/poc-mdm-server/sample_syncml_commands/get_local_time.xml deleted file mode 100644 index b0ca903df5..0000000000 --- a/tools/mdm/windows/poc-mdm-server/sample_syncml_commands/get_local_time.xml +++ /dev/null @@ -1,8 +0,0 @@ - - xxcmdidxx - - - ./DevDetail/Ext/Microsoft/LocalTime - - - \ No newline at end of file diff --git a/tools/mdm/windows/poc-mdm-server/sample_syncml_commands/get_os_platform.xml b/tools/mdm/windows/poc-mdm-server/sample_syncml_commands/get_os_platform.xml deleted file mode 100644 index 70da07b6b6..0000000000 --- a/tools/mdm/windows/poc-mdm-server/sample_syncml_commands/get_os_platform.xml +++ /dev/null @@ -1,8 +0,0 @@ - - xxcmdidxx - - - ./DevDetail/Ext/Microsoft/OSPlatform - - - \ No newline at end of file diff --git a/tools/mdm/windows/poc-mdm-server/sample_syncml_commands/get_software_version.xml b/tools/mdm/windows/poc-mdm-server/sample_syncml_commands/get_software_version.xml deleted file mode 100644 index 5ed47c5407..0000000000 --- a/tools/mdm/windows/poc-mdm-server/sample_syncml_commands/get_software_version.xml +++ /dev/null @@ -1,8 +0,0 @@ - - xxcmdidxx - - - ./DevDetail/SwV - - - \ No newline at end of file diff --git a/tools/mdm/windows/poc-mdm-server/sample_syncml_commands/get_total_storage.xml b/tools/mdm/windows/poc-mdm-server/sample_syncml_commands/get_total_storage.xml deleted file mode 100644 index 1220774e36..0000000000 --- a/tools/mdm/windows/poc-mdm-server/sample_syncml_commands/get_total_storage.xml +++ /dev/null @@ -1,8 +0,0 @@ - - xxcmdidxx - - - ./DevDetail/Ext/Microsoft/TotalStorage - - - \ No newline at end of file diff --git a/tools/mdm/windows/poc-mdm-server/sample_syncml_commands/install_orbit.xml b/tools/mdm/windows/poc-mdm-server/sample_syncml_commands/install_orbit.xml deleted file mode 100644 index 1598df900e..0000000000 --- a/tools/mdm/windows/poc-mdm-server/sample_syncml_commands/install_orbit.xml +++ /dev/null @@ -1,38 +0,0 @@ - - xxcmdidxx - - - ./Device/Vendor/MSFT/EnterpriseDesktopAppManagement/MSI/%7B90413bf7-7d99-482e-a7fb-c6616cc871fc%7D/DownloadInstall - - - - - xxcmdidxx - - - ./Device/Vendor/MSFT/EnterpriseDesktopAppManagement/MSI/%7B90413bf7-7d99-482e-a7fb-c6616cc871fc%7D/DownloadInstall - - <MsiInstallJob id="{90413bf7-7d99-482e-a7fb-c6616cc871fc}"> - <Product Version="1.0.0.0"> - <Download> - <ContentURLList> - <ContentURL>https://mdmwindows.com/static/fleet-osquery.msi</ContentURL> - </ContentURLList> - </Download> - <Validation> - <FileHash>3B9FD63248465A51500D41DECC794D1149506EB48EEF9D7A733516B482D16ABB</FileHash> - </Validation> - <Enforcement> - <CommandLine>/quiet</CommandLine> - <TimeOut>10</TimeOut> - <RetryCount>1</RetryCount> - <RetryInterval>5</RetryInterval> - </Enforcement> - </Product> - </MsiInstallJob> - - text/plain - xml - - - \ No newline at end of file diff --git a/tools/mdm/windows/poc-mdm-server/sample_syncml_commands/replace_personalization_desktop_image_url.xml b/tools/mdm/windows/poc-mdm-server/sample_syncml_commands/replace_personalization_desktop_image_url.xml deleted file mode 100644 index 8cf6d4d389..0000000000 --- a/tools/mdm/windows/poc-mdm-server/sample_syncml_commands/replace_personalization_desktop_image_url.xml +++ /dev/null @@ -1,13 +0,0 @@ - - xxcmdidxx - - - ./Vendor/MSFT/Personalization/DesktopImageUrl - - - chr - text/plain - - https://fleetdm.com/images/articles/fleet-4.24.0-cover-1600x900@2x.jpg - - \ No newline at end of file diff --git a/tools/mdm/windows/poc-mdm-server/sample_syncml_commands/replace_personalization_lock_screen_image_url.xml b/tools/mdm/windows/poc-mdm-server/sample_syncml_commands/replace_personalization_lock_screen_image_url.xml deleted file mode 100644 index 3ea18697bc..0000000000 --- a/tools/mdm/windows/poc-mdm-server/sample_syncml_commands/replace_personalization_lock_screen_image_url.xml +++ /dev/null @@ -1,13 +0,0 @@ - - xxcmdidxx - - - ./Vendor/MSFT/Personalization/LockScreenImageUrl - - - chr - text/plain - - https://fleetdm.com/images/articles/fleet-4.24.0-cover-1600x900@2x.jpg - - \ No newline at end of file diff --git a/tools/mdm/windows/poc-mdm-server/static/hello.txt b/tools/mdm/windows/poc-mdm-server/static/hello.txt deleted file mode 100644 index 7bd2398d95..0000000000 --- a/tools/mdm/windows/poc-mdm-server/static/hello.txt +++ /dev/null @@ -1 +0,0 @@ -world \ No newline at end of file